diff options
| author |  DavidKorczynski <david@adalogics.com> | 2022-07-14 23:59:09 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-07-14 23:59:09 +0100 |
| commit | a5352add98f844a556bf7ecf8ec6b6de12f8461a (patch) | |
| tree | 896311249aaa6915897c43e319182e1e37211931 | |
| parent | 4f4b411359bbc54039017bfad687269cadd841ca (diff) | |
ghostscript: add tiff fuzzer (#8012)
* ghostscript: add tiff fuzzer
Similar to all other devices with exception it writes to file instead of
/dev/null. This is needed because tiff writing requires seek abilities.
| -rwxr-xr-x | projects/ghostscript/build.sh | 5 | ||||
| -rw-r--r-- | projects/ghostscript/gs_device_pdfwrite_fuzzer.cc | 2 | ||||
| -rw-r--r-- | projects/ghostscript/gs_device_pgmraw_fuzzer.cc | 2 | ||||
| -rw-r--r-- | projects/ghostscript/gs_device_png16m_fuzzer.cc | 2 | ||||
| -rw-r--r-- | projects/ghostscript/gs_device_ps2write_fuzzer.cc | 2 | ||||
| -rw-r--r-- | projects/ghostscript/gs_device_pxlmono_fuzzer.cc | 2 | ||||
| -rw-r--r-- | projects/ghostscript/gs_device_tiffsep1_fuzzer.cc | 26 | ||||
| -rw-r--r-- | projects/ghostscript/gs_fuzzlib.h | 13 |
8 files changed, 42 insertions, 12 deletions
diff --git a/projects/ghostscript/build.sh b/projects/ghostscript/build.sh index 18325d8e..23fa7a6a 100755 --- a/projects/ghostscript/build.sh +++ b/projects/ghostscript/build.sh @@ -45,7 +45,7 @@ CPPFLAGS="${CPPFLAGS:-} $CUPS_CFLAGS -DPACIFY_VALGRIND" ./autogen.sh \ CUPSCONFIG=$CUPSCONFIG \ --enable-freetype --enable-fontconfig \ --enable-cups --with-ijs --with-jbig2dec \ - --with-drivers=pdfwrite,cups,ljet4,laserjet,pxlmono,pxlcolor,pcl3,uniprint,pgmraw,ps2write,png16m + --with-drivers=pdfwrite,cups,ljet4,laserjet,pxlmono,pxlcolor,pcl3,uniprint,pgmraw,ps2write,png16m,tiffsep1 make -j$(nproc) libgs fuzzers="gstoraster_fuzzer \ @@ -56,7 +56,8 @@ fuzzers="gstoraster_fuzzer \ gs_device_pxlmono_fuzzer \ gs_device_pgmraw_fuzzer \ gs_device_ps2write_fuzzer \ - gs_device_png16m_fuzzer" + gs_device_png16m_fuzzer \ + gs_device_tiffsep1_fuzzer" for fuzzer in $fuzzers; do $CXX $CXXFLAGS $CUPS_LDFLAGS -std=c++11 -I. -I$SRC \ diff --git a/projects/ghostscript/gs_device_pdfwrite_fuzzer.cc b/projects/ghostscript/gs_device_pdfwrite_fuzzer.cc index 6e01c542..3f116c3c 100644 --- a/projects/ghostscript/gs_device_pdfwrite_fuzzer.cc +++ b/projects/ghostscript/gs_device_pdfwrite_fuzzer.cc @@ -15,6 +15,6 @@ limitations under the License. #include "gs_fuzzlib.h" extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - fuzz_gs_device(data, size, 1, "pdfwrite"); + fuzz_gs_device(data, size, 1, "pdfwrite", "/dev/null"); return 0; } diff --git a/projects/ghostscript/gs_device_pgmraw_fuzzer.cc b/projects/ghostscript/gs_device_pgmraw_fuzzer.cc index 30e51c5b..b9725059 100644 --- a/projects/ghostscript/gs_device_pgmraw_fuzzer.cc +++ b/projects/ghostscript/gs_device_pgmraw_fuzzer.cc @@ -15,6 +15,6 @@ limitations under the License. #include "gs_fuzzlib.h" extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - fuzz_gs_device(data, size, 1, "pgmraw"); + fuzz_gs_device(data, size, 1, "pgmraw", "/dev/null"); return 0; } diff --git a/projects/ghostscript/gs_device_png16m_fuzzer.cc b/projects/ghostscript/gs_device_png16m_fuzzer.cc index 0d522ce3..645e300d 100644 --- a/projects/ghostscript/gs_device_png16m_fuzzer.cc +++ b/projects/ghostscript/gs_device_png16m_fuzzer.cc @@ -15,6 +15,6 @@ limitations under the License. #include "gs_fuzzlib.h" extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - fuzz_gs_device(data, size, 1, "png16m"); + fuzz_gs_device(data, size, 1, "png16m", "/dev/null"); return 0; } diff --git a/projects/ghostscript/gs_device_ps2write_fuzzer.cc b/projects/ghostscript/gs_device_ps2write_fuzzer.cc index d551e2d3..eb62c813 100644 --- a/projects/ghostscript/gs_device_ps2write_fuzzer.cc +++ b/projects/ghostscript/gs_device_ps2write_fuzzer.cc @@ -15,6 +15,6 @@ limitations under the License. #include "gs_fuzzlib.h" extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - fuzz_gs_device(data, size, 1, "ps2write"); + fuzz_gs_device(data, size, 1, "ps2write", "/dev/null"); return 0; } diff --git a/projects/ghostscript/gs_device_pxlmono_fuzzer.cc b/projects/ghostscript/gs_device_pxlmono_fuzzer.cc index bdae304a..5869fe23 100644 --- a/projects/ghostscript/gs_device_pxlmono_fuzzer.cc +++ b/projects/ghostscript/gs_device_pxlmono_fuzzer.cc @@ -15,6 +15,6 @@ limitations under the License. #include "gs_fuzzlib.h" extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - fuzz_gs_device(data, size, 1, "pxlmono"); + fuzz_gs_device(data, size, 1, "pxlmono", "/dev/null"); return 0; } diff --git a/projects/ghostscript/gs_device_tiffsep1_fuzzer.cc b/projects/ghostscript/gs_device_tiffsep1_fuzzer.cc new file mode 100644 index 00000000..b42edbae --- /dev/null +++ b/projects/ghostscript/gs_device_tiffsep1_fuzzer.cc @@ -0,0 +1,26 @@ +/* Copyright 2022 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +#include <sys/types.h> +#include <unistd.h> +#include <stdio.h> + +#include "gs_fuzzlib.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + char filename[256]; + sprintf(filename, "/tmp/libfuzzer.%d.tiff", getpid()); + fuzz_gs_device(data, size, 1, "tiffsep1", filename); + return 0; +} diff --git a/projects/ghostscript/gs_fuzzlib.h b/projects/ghostscript/gs_fuzzlib.h index 1a77a8ea..1ee6078d 100644 --- a/projects/ghostscript/gs_fuzzlib.h +++ b/projects/ghostscript/gs_fuzzlib.h @@ -31,7 +31,8 @@ int fuzz_gs_device( const unsigned char *buf, size_t size, int color_scheme, - const char *device_target + const char *device_target, + const char *output_file ); #define min(x, y) ((x) < (y) ? (x) : (y)) @@ -61,28 +62,30 @@ int gs_to_raster_fuzz( int color_scheme ) { - return fuzz_gs_device(buf, size, color_scheme, "cups"); + return fuzz_gs_device(buf, size, color_scheme, "cups", "/dev/null"); } int fuzz_gs_device( const unsigned char *buf, size_t size, int color_scheme, - const char *device_target + const char *device_target, + const char *output_file ) { int ret; void *gs = NULL; char color_space[50]; char gs_device[50]; + char gs_o[100]; /* * We are expecting color_scheme to be in the [0:62] interval. * This corresponds to the color schemes defined here: * https://github.com/ArtifexSoftware/ghostpdl/blob/8c97d5adce0040ac38a1fb4d7954499c65f582ff/cups/libs/cups/raster.h#L102 */ sprintf(color_space, "-dcupsColorSpace=%d", color_scheme); - sprintf(gs_device, "-sDEVICE=%s", device_target); + sprintf(gs_o, "-sOutputFile=%s", output_file); /* Mostly stolen from cups-filters gstoraster. */ char *args[] = { "gs", @@ -100,7 +103,7 @@ int fuzz_gs_device( "-dNOINTERPOLATE", "-dNOMEDIAATTRS", "-sstdout=%%stderr", - "-sOutputFile=/dev/null", + gs_o, gs_device, "-_", }; |