diff options
author | Bhargava Shastry <bshas3@gmail.com> | 2018-10-25 16:07:38 +0200 |
---|---|---|
committer | Abhishek Arya <inferno@chromium.org> | 2018-10-25 07:07:38 -0700 |
commit | 830189c3c7e6c0580d341a188ba128a257317752 (patch) | |
tree | 714bf50d4b0f44c2522fc0336ff240a9bc4bc71b /projects/lzo | |
parent | 03420429573141e3428f05d849b07c399eab3a09 (diff) |
lzo: Fixes problems with google/oss-fuzz#1900 (#1905)
Diffstat (limited to 'projects/lzo')
-rw-r--r-- | projects/lzo/Dockerfile | 23 | ||||
-rwxr-xr-x | projects/lzo/build.sh | 35 | ||||
-rw-r--r-- | projects/lzo/lzo_compress_target.c | 86 | ||||
-rw-r--r-- | projects/lzo/lzo_compress_target.options | 2 | ||||
-rw-r--r-- | projects/lzo/lzo_decompress_target.c | 95 | ||||
-rw-r--r-- | projects/lzo/lzo_decompress_target.options | 2 | ||||
-rwxr-xr-x | projects/lzo/lzo_decompress_target_seeds/seed.lzo | bin | 0 -> 217 bytes | |||
-rw-r--r-- | projects/lzo/project.yaml | 7 |
8 files changed, 250 insertions, 0 deletions
diff --git a/projects/lzo/Dockerfile b/projects/lzo/Dockerfile new file mode 100644 index 00000000..d6971e6f --- /dev/null +++ b/projects/lzo/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER info@oberhumer.com +RUN apt-get update && apt-get install -y make autoconf automake libtool wget +RUN wget -O lzo.tar.gz \ + http://www.oberhumer.com/opensource/lzo/download/lzo-2.10.tar.gz +COPY *.c *.options build.sh $SRC/ +COPY lzo_decompress_target_seeds $SRC/lzo_decompress_target_seeds diff --git a/projects/lzo/build.sh b/projects/lzo/build.sh new file mode 100755 index 00000000..25b84d57 --- /dev/null +++ b/projects/lzo/build.sh @@ -0,0 +1,35 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build project +cd $SRC +tar xzf lzo.tar.gz +cd lzo-* +./configure && make -j$(nproc) + +# build fuzzers +for file in $SRC/*.c; +do + name=$(basename $file .c) + $CC $CFLAGS -c -I include -I minilzo -I include/lzo ${file} -o ${name}.o + $CXX $CXXFLAGS -std=c++11 -I include -I minilzo -I include/lzo ${name}.o \ + -o $OUT/${name} -lFuzzingEngine src/.libs/liblzo2.a +done + +# copy fuzzer options +cp $SRC/*.options $OUT/ +zip -j $OUT/lzo_decompress_target_seed_corpus.zip $SRC/lzo_decompress_target_seeds/* diff --git a/projects/lzo/lzo_compress_target.c b/projects/lzo/lzo_compress_target.c new file mode 100644 index 00000000..455972ab --- /dev/null +++ b/projects/lzo/lzo_compress_target.c @@ -0,0 +1,86 @@ +/* +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include <stdio.h> +#include <stdlib.h> +#include <stdint.h> +#include <stdbool.h> +#include <assert.h> +#include "lzo1x.h" + +/* Work-memory needed for compression. Allocate memory in units + * of 'lzo_align_t' (instead of 'char') to make sure it is properly aligned. + */ +#define HEAP_ALLOC(var,size) \ + lzo_align_t __LZO_MMODEL var [ ((size) + (sizeof(lzo_align_t) - 1)) / sizeof(lzo_align_t) ] + +static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS); + +extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + int r; + lzo_uint out_len; + lzo_uint new_len; + /* We want to compress the data block at 'in' with length 'IN_LEN' to + * the block at 'out'. Because the input block may be incompressible, + * we must provide a little more output space in case that compression + * is not possible. + */ + unsigned char __LZO_MMODEL in[size]; + unsigned char __LZO_MMODEL out[size + size/16 + 64 + 3]; + + static bool isInit = false; + if (!isInit) + { + if (lzo_init() != LZO_E_OK) + { +#ifdef __DEBUG__ + printf("internal error - lzo_init() failed !!!\n"); +#endif + return 0; + } + isInit = true; + } + + /* Compress with LZO1X-1. */ + r = lzo1x_1_compress(data, size, out, &out_len, wrkmem); + assert(r == LZO_E_OK); +#ifdef __DEBUG__ + printf("compressed %lu bytes into %lu bytes\n", + (unsigned long) size, (unsigned long) out_len); +#endif + + /* check for an incompressible block */ + if (out_len >= size) + { +#ifdef __DEBUG__ + printf("This block contains incompressible data.\n"); +#endif + return 0; + } + + // Decompress + new_len = size; + r = lzo1x_decompress(out, out_len, in, &new_len,/*wrkmem=*/NULL); + assert(r == LZO_E_OK && new_len == size); +#ifdef __DEBUG__ + printf("decompressed %lu bytes back into %lu bytes\n", + (unsigned long) out_len, (unsigned long) size); +#endif + return 0; +} diff --git a/projects/lzo/lzo_compress_target.options b/projects/lzo/lzo_compress_target.options new file mode 100644 index 00000000..329a6e27 --- /dev/null +++ b/projects/lzo/lzo_compress_target.options @@ -0,0 +1,2 @@ +[libfuzzer] +close_fd_mask = 3 diff --git a/projects/lzo/lzo_decompress_target.c b/projects/lzo/lzo_decompress_target.c new file mode 100644 index 00000000..5b742c1c --- /dev/null +++ b/projects/lzo/lzo_decompress_target.c @@ -0,0 +1,95 @@ +/* +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include <stdio.h> +#include <stdlib.h> +#include <stdint.h> +#include <stdbool.h> +#include <assert.h> +#include "lzo1b.h" +#include "lzo1c.h" +#include "lzo1f.h" +#include "lzo1x.h" +#include "lzo1y.h" +#include "lzo1z.h" +#include "lzo2a.h" + +typedef int (*decompress_function)( const lzo_bytep, lzo_uint , + lzo_bytep, lzo_uintp, + lzo_voidp ); + +#define NUM_DECOMP 7 + +static decompress_function funcArr[NUM_DECOMP] = +{ + &lzo1b_decompress_safe, + &lzo1c_decompress_safe, + &lzo1f_decompress_safe, + &lzo1x_decompress_safe, + &lzo1y_decompress_safe, + &lzo1z_decompress_safe, + &lzo2a_decompress_safe +}; + +/* lzo (de)compresses data in blocks. Block size is the + * size of one such block. This size has a default value of 256KB. + */ +static const size_t bufSize = 256 * 1024L; + +extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + int r; + lzo_uint new_len; + if (size < 1){ + return 0; + } + /* Buffer into which compressed data provided by the fuzzer + * is going to be decompressed. The buffer size is chosen + * to be equal to the default block size (256KB) for + * (de)compression. + */ + unsigned char __LZO_MMODEL out[bufSize]; + + static bool isInit = false; + if (!isInit) + { + if (lzo_init() != LZO_E_OK) + { +#ifdef __DEBUG__ + printf("internal error - lzo_init() failed !!!\n"); +#endif + return 0; + } + isInit = true; + } + + // Decompress. + int idx = size % NUM_DECOMP; + new_len = bufSize; + // Work memory not necessary for decompression + r = (*funcArr[idx])(data, size, out, &new_len, /*wrkmem=*/NULL); +#ifdef __DEBUG__ + if (r != LZO_E_OK) + { + printf("error thrown by lzo1x_decompress_safe: %d\n", r); + } + printf("decompressed %lu bytes back into %lu bytes\n", + (unsigned long) size, (unsigned long) new_len); +#endif + return 0; +} diff --git a/projects/lzo/lzo_decompress_target.options b/projects/lzo/lzo_decompress_target.options new file mode 100644 index 00000000..329a6e27 --- /dev/null +++ b/projects/lzo/lzo_decompress_target.options @@ -0,0 +1,2 @@ +[libfuzzer] +close_fd_mask = 3 diff --git a/projects/lzo/lzo_decompress_target_seeds/seed.lzo b/projects/lzo/lzo_decompress_target_seeds/seed.lzo Binary files differnew file mode 100755 index 00000000..bf310368 --- /dev/null +++ b/projects/lzo/lzo_decompress_target_seeds/seed.lzo diff --git a/projects/lzo/project.yaml b/projects/lzo/project.yaml new file mode 100644 index 00000000..b8a91c29 --- /dev/null +++ b/projects/lzo/project.yaml @@ -0,0 +1,7 @@ +homepage: "http://www.oberhumer.com" +primary_contact: "info@oberhumer.com" +auto_ccs: + - "bshas3@gmail.com" +sanitizers: + - address + - memory |