[libexif] Add new fuzzer (#4045)

* added draco integration files

* wrote build file and Dockerfile for Draco

* added new fuzzer, placed license header in existing fuzzer

4 files changed, 93 insertions, 3 deletions

diff --git a/projects/libexif/Dockerfile b/projects/libexif/Dockerfile
index 4b6c132a..465fd020 100644
--- a/projects/libexif/Dockerfile
+++ b/projects/libexif/Dockerfile
@@ -19,4 +19,4 @@ RUN apt-get update && apt-get install -y make autoconf automake libtool gettext
 RUN git clone --depth 1 https://github.com/libexif/libexif
 RUN git clone --depth 1 https://github.com/ianare/exif-samples
 WORKDIR libexif
-COPY exif_loader_fuzzer.cc build.sh $SRC/
+COPY exif_loader_fuzzer.cc exif_from_data_fuzzer.cc build.sh $SRC/
diff --git a/projects/libexif/build.sh b/projects/libexif/build.sh
index a533bff7..790e5110 100755
--- a/projects/libexif/build.sh
+++ b/projects/libexif/build.sh
@@ -24,7 +24,17 @@ pushd $SRC
 mkdir -p exif_corpus
 find exif-samples -type f -name '*.jpg' -exec mv -n {} exif_corpus/ \; -o -name '*.tiff' -exec mv -n {} exif_corpus/ \;
 cp libexif/test/testdata/*.jpg exif_corpus
-zip -r "$OUT/exif_loader_fuzzer_seed_corpus.zip" exif_corpus/
+zip -r "$WORK/exif_seed_corpus.zip" exif_corpus/
 popd
 
-$CXX $CXXFLAGS -std=c++11 -I"$WORK/include" "$SRC/exif_loader_fuzzer.cc" -o $OUT/exif_loader_fuzzer $LIB_FUZZING_ENGINE "$WORK/lib/libexif.a"
+for fuzzer in $(find $SRC/ -name '*_fuzzer.cc'); do
+  fuzzer_basename=$(basename -s .cc $fuzzer)
+  $CXX $CXXFLAGS \
+      -std=c++11 \
+      -I"$WORK/include" \
+      $fuzzer \
+      -o $OUT/$fuzzer_basename \
+      $LIB_FUZZING_ENGINE \
+      "$WORK/lib/libexif.a"
+  cp $WORK/exif_seed_corpus.zip "${OUT}/${fuzzer_basename}_seed_corpus.zip"
+done
diff --git a/projects/libexif/exif_from_data_fuzzer.cc b/projects/libexif/exif_from_data_fuzzer.cc
new file mode 100644
index 00000000..2289328e
--- /dev/null
+++ b/projects/libexif/exif_from_data_fuzzer.cc
@@ -0,0 +1,66 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <libexif/exif-data.h>
+#include <libexif/exif-loader.h>
+#include <stddef.h>
+#include <stdlib.h>
+
+/* Extract all MakerNote tags */
+static void mnote_dump(ExifData *data) {
+    ExifMnoteData *mn = exif_data_get_mnote_data(data);
+    if (mn) {
+        int num = exif_mnote_data_count(mn);
+
+        /* Loop through all MakerNote tags */
+        for (int i=0; i < num; ++i) {
+            char buf[1024];
+            exif_mnote_data_get_value(mn, i, buf, sizeof(buf));
+        }
+    }
+}
+
+static void dump_value(ExifEntry *entry, void *user_data) {
+  char buf[1024];
+  exif_entry_get_value(entry, buf, sizeof(buf));
+}
+
+static void data_func(ExifContent *content, void *user_data) {
+  exif_content_foreach_entry(content, dump_value, NULL);
+}
+
+/* This is like exif_data_dump but without writing to stdout */
+static void data_dump(ExifData *data) {
+  exif_data_foreach_content(data, data_func, NULL);
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+
+  // Parse tags using (ultimately) exif_data_load_data()
+  auto image = exif_data_new_from_data(data, size);
+  if (image) {
+    // Exercise the EXIF tag manipulation code
+    exif_data_get_mnote_data(image);
+    data_dump(image);
+    mnote_dump(image);
+    unsigned char *buf;
+    unsigned int sz;
+    exif_data_save_data(image, &buf, &sz);
+    free(buf);
+    exif_data_fix(image);
+    exif_data_unref(image);
+  }
+
+  return 0;
+}
diff --git a/projects/libexif/exif_loader_fuzzer.cc b/projects/libexif/exif_loader_fuzzer.cc
index 98365b7b..63898206 100644
--- a/projects/libexif/exif_loader_fuzzer.cc
+++ b/projects/libexif/exif_loader_fuzzer.cc
@@ -1,3 +1,17 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 #include <stdio.h>
 #include <stdint.h>
 #include <libexif/exif-loader.h>