diff options
-rw-r--r-- | projects/matio/Dockerfile | 23 | ||||
-rwxr-xr-x | projects/matio/build.sh | 30 | ||||
-rw-r--r-- | projects/matio/fuzzer_temp_file.h | 81 | ||||
-rw-r--r-- | projects/matio/matio_fuzzer.cc | 39 | ||||
-rw-r--r-- | projects/matio/project.yaml | 9 |
5 files changed, 182 insertions, 0 deletions
diff --git a/projects/matio/Dockerfile b/projects/matio/Dockerfile new file mode 100644 index 00000000..cc727f55 --- /dev/null +++ b/projects/matio/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER t-beu@users.sourceforge.net +RUN apt-get update && apt-get install -y make autoconf automake libtool +RUN git clone --depth 1 git://git.code.sf.net/p/matio/matio matio +WORKDIR matio +COPY build.sh $SRC/ +COPY *.cc *.h $SRC/ diff --git a/projects/matio/build.sh b/projects/matio/build.sh new file mode 100755 index 00000000..34638656 --- /dev/null +++ b/projects/matio/build.sh @@ -0,0 +1,30 @@ +#!/bin/bash -eu +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build project +./autogen.sh +./configure +make -j$(nproc) +make install + +# build fuzzers +for fuzzers in $(find $SRC -name '*_fuzzer.cc'); do + base=$(basename -s .cc $fuzzers) + $CXX $CXXFLAGS -std=c++11 -Iinclude \ + $fuzzers ./getopt/.libs/libgetopt.a \ + ./src/.libs/libmatio.a -o $OUT/$base $LIB_FUZZING_ENGINE +done diff --git a/projects/matio/fuzzer_temp_file.h b/projects/matio/fuzzer_temp_file.h new file mode 100644 index 00000000..da6f11f9 --- /dev/null +++ b/projects/matio/fuzzer_temp_file.h @@ -0,0 +1,81 @@ +// Copyright 2019 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Adapter utility from fuzzer input to a temporary file, for fuzzing APIs that +// require a file instead of an input buffer. + +#ifndef FUZZER_TEMP_FILE_H_ +#define FUZZER_TEMP_FILE_H_ + +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +// Pure-C interface for creating and cleaning up temporary files. + +static char* fuzzer_get_tmpfile(const uint8_t* data, size_t size) { + char* filename_buffer = strdup("/tmp/generate_temporary_file.XXXXXX"); + if (!filename_buffer) { + perror("Failed to allocate file name buffer."); + abort(); + } + const int file_descriptor = mkstemp(filename_buffer); + if (file_descriptor < 0) { + perror("Failed to make temporary file."); + abort(); + } + FILE* file = fdopen(file_descriptor, "wb"); + if (!file) { + perror("Failed to open file descriptor."); + close(file_descriptor); + abort(); + } + const size_t bytes_written = fwrite(data, sizeof(uint8_t), size, file); + if (bytes_written < size) { + close(file_descriptor); + fprintf(stderr, "Failed to write all bytes to file (%zu out of %zu)", + bytes_written, size); + abort(); + } + fclose(file); + return filename_buffer; +} + +static void fuzzer_release_tmpfile(char* filename) { + if (unlink(filename) != 0) { + perror("WARNING: Failed to delete temporary file."); + } + free(filename); +} + +// C++ RAII object for creating temporary files. + +#ifdef __cplusplus +class FuzzerTemporaryFile { + public: + FuzzerTemporaryFile(const uint8_t* data, size_t size) + : filename_(fuzzer_get_tmpfile(data, size)) {} + + ~FuzzerTemporaryFile() { fuzzer_release_tmpfile(filename_); } + + const char* filename() const { return filename_; } + + private: + char* filename_; +}; +#endif + +#endif // FUZZER_TEMP_FILE_H_ diff --git a/projects/matio/matio_fuzzer.cc b/projects/matio/matio_fuzzer.cc new file mode 100644 index 00000000..c97b8c89 --- /dev/null +++ b/projects/matio/matio_fuzzer.cc @@ -0,0 +1,39 @@ +// Copyright 2019 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Adapter utility from fuzzer input to a temporary file, for fuzzing APIs that +// require a file instead of an input buffer. + +#include <cstddef> +#include <cstdint> +#include <cstdlib> +#include <string> +#include <vector> + +#include "fuzzer_temp_file.h" +#include "matio.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + FuzzerTemporaryFile temp_file(data, size); + + mat_t* matfd = Mat_Open(temp_file.filename(), MAT_ACC_RDONLY); + if (matfd == nullptr) { + return 0; + } + // TODO(https://github.com/google/oss-fuzz/pull/2761): use more complicated APIs + // such as Mat_VarReadDataAll, Mat_VarReadDataLinear, Mat_VarReadNext, etc. + Mat_Close(matfd); + + return 0; +} diff --git a/projects/matio/project.yaml b/projects/matio/project.yaml new file mode 100644 index 00000000..5f1bb530 --- /dev/null +++ b/projects/matio/project.yaml @@ -0,0 +1,9 @@ +homepage: "https://github.com/tbeu/matio" +primary_contact: "t-beu@users.sourceforge.net" +sanitizers: + - address + - memory + - undefined +architectures: + - x86_64 + - i386 |