From a143b9b39a51412d133f846688194d68fe4197ba Mon Sep 17 00:00:00 2001 From: Mike Aizatsky Date: Tue, 29 Nov 2016 10:55:25 -0800 Subject: [infra] renaming targets/ to projects/ --- projects/all.sh | 39 +++ projects/boringssl/Dockerfile | 22 ++ projects/boringssl/build.sh | 43 +++ projects/boringssl/target.yaml | 1 + projects/c-ares/Dockerfile | 22 ++ projects/c-ares/build.sh | 28 ++ projects/c-ares/c_ares_ares_create_query_fuzzer.cc | 31 +++ projects/c-ares/target.yaml | 1 + projects/curl/Dockerfile | 24 ++ projects/curl/build.sh | 28 ++ projects/curl/curl_fuzzer.cc | 117 +++++++++ projects/curl/curl_fuzzer.options | 3 + projects/curl/http.dict | 41 +++ projects/curl/target.yaml | 1 + projects/expat/Dockerfile | 23 ++ projects/expat/Jenkinsfile | 23 ++ projects/expat/build.sh | 27 ++ projects/expat/parse_fuzzer.cc | 23 ++ projects/expat/parse_fuzzer.options | 3 + projects/expat/target.yaml | 4 + projects/expat/xml.dict | 125 +++++++++ projects/ffmpeg/Dockerfile | 43 +++ projects/ffmpeg/build.sh | 291 +++++++++++++++++++++ projects/ffmpeg/group_seed_corpus.py | 138 ++++++++++ projects/ffmpeg/target.yaml | 1 + projects/file/Dockerfile | 22 ++ projects/file/build.sh | 27 ++ projects/file/magic_fuzzer.cc | 51 ++++ projects/file/target.yaml | 2 + projects/freetype2/Dockerfile | 23 ++ projects/freetype2/build.sh | 28 ++ projects/freetype2/target.yaml | 1 + projects/harfbuzz/Dockerfile | 23 ++ projects/harfbuzz/build.sh | 25 ++ projects/harfbuzz/harfbuzz_fuzzer.cc | 46 ++++ projects/harfbuzz/target.yaml | 1 + projects/icu/Dockerfile | 22 ++ projects/icu/break_iterator_fuzzer.cc | 46 ++++ projects/icu/break_iterator_utf32_fuzzer.cc | 47 ++++ projects/icu/build.sh | 48 ++++ projects/icu/converter_fuzzer.cc | 45 ++++ projects/icu/fuzzer_utils.h | 53 ++++ projects/icu/number_format_fuzzer.cc | 30 +++ projects/icu/regex.dict | 103 ++++++++ projects/icu/target.yaml | 1 + projects/icu/ucasemap_fuzzer.cc | 53 ++++ .../icu/unicode_string_codepage_create_fuzzer.cc | 73 ++++++ projects/icu/uregex_open_fuzzer.cc | 23 ++ projects/icu/uregex_open_fuzzer.options | 2 + projects/json/Dockerfile | 23 ++ projects/json/build.sh | 22 ++ projects/json/parse_fuzzer.cc | 36 +++ projects/json/parse_fuzzer.options | 3 + projects/json/target.yaml | 1 + projects/lcms/Dockerfile | 22 ++ projects/lcms/build.sh | 32 +++ projects/lcms/cmsIT8_load_fuzzer.c | 31 +++ projects/lcms/cmsIT8_load_fuzzer.options | 2 + projects/lcms/cms_transform_fuzzer.c | 50 ++++ projects/lcms/cms_transform_fuzzer.options | 2 + projects/lcms/icc.dict | 251 ++++++++++++++++++ projects/lcms/target.yaml | 1 + projects/libarchive/Dockerfile | 27 ++ projects/libarchive/build.sh | 28 ++ projects/libarchive/libarchive_fuzzer.cc | 54 ++++ projects/libarchive/target.yaml | 1 + projects/libass/Dockerfile | 24 ++ projects/libass/ass.dict | 112 ++++++++ projects/libass/build.sh | 36 +++ projects/libass/libass_fuzzer.cc | 49 ++++ projects/libass/libass_fuzzer.options | 2 + projects/libass/target.yaml | 1 + projects/libchewing/Dockerfile | 23 ++ projects/libchewing/build.sh | 39 +++ projects/libchewing/chewing_default_fuzzer.c | 15 ++ .../libchewing/chewing_dynamic_config_fuzzer.c | 15 ++ projects/libchewing/chewing_fuzzer_common.c | 26 ++ projects/libchewing/chewing_fuzzer_common.h | 13 + projects/libchewing/chewing_random_init_fuzzer.c | 15 ++ projects/libchewing/target.yaml | 1 + projects/libjpeg-turbo/Dockerfile | 28 ++ projects/libjpeg-turbo/build.sh | 26 ++ projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc | 48 ++++ projects/libjpeg-turbo/target.yaml | 1 + projects/libpng/Dockerfile | 23 ++ projects/libpng/build.sh | 33 +++ projects/libpng/libpng_read_fuzzer.cc | 123 +++++++++ projects/libpng/libpng_read_fuzzer.options | 2 + projects/libpng/png.dict | 38 +++ projects/libpng/target.yaml | 1 + projects/libteken/Dockerfile | 22 ++ projects/libteken/build.sh | 25 ++ projects/libteken/libteken_fuzzer.c | 31 +++ projects/libteken/target.yaml | 1 + projects/libtsm/Dockerfile | 23 ++ projects/libtsm/build.sh | 28 ++ projects/libtsm/libtsm_fuzzer.c | 50 ++++ projects/libtsm/target.yaml | 1 + projects/libxml2/Dockerfile | 27 ++ projects/libxml2/build.sh | 29 ++ projects/libxml2/libxml2_xml_read_memory_fuzzer.cc | 23 ++ .../libxml2/libxml2_xml_read_memory_fuzzer.options | 2 + .../libxml2/libxml2_xml_regexp_compile_fuzzer.cc | 34 +++ .../libxml2_xml_regexp_compile_fuzzer.options | 2 + projects/libxml2/target.yaml | 1 + projects/libxml2/xml.dict | 87 ++++++ projects/nss/Dockerfile | 26 ++ projects/nss/build.sh | 68 +++++ projects/nss/fuzzers/asn1_algorithmid_fuzzer.cc | 19 ++ projects/nss/fuzzers/asn1_any_fuzzer.cc | 18 ++ projects/nss/fuzzers/asn1_bitstring_fuzzer.cc | 18 ++ projects/nss/fuzzers/asn1_bmpstring_fuzzer.cc | 18 ++ projects/nss/fuzzers/asn1_boolean_fuzzer.cc | 18 ++ projects/nss/fuzzers/asn1_fuzzer_template.h | 45 ++++ .../nss/fuzzers/asn1_generalizedtime_fuzzer.cc | 18 ++ projects/nss/fuzzers/asn1_ia5string_fuzzer.cc | 18 ++ projects/nss/fuzzers/asn1_integer_fuzzer.cc | 18 ++ projects/nss/fuzzers/asn1_null_fuzzer.cc | 18 ++ projects/nss/fuzzers/asn1_objectid_fuzzer.cc | 18 ++ projects/nss/fuzzers/asn1_octetstring_fuzzer.cc | 18 ++ projects/nss/fuzzers/asn1_utctime_fuzzer.cc | 18 ++ projects/nss/fuzzers/asn1_utf8string_fuzzer.cc | 18 ++ projects/nss/fuzzers/cert_certificate_fuzzer.cc | 19 ++ .../nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc | 19 ++ projects/nss/target.yaml | 1 + projects/openssl/Dockerfile | 22 ++ projects/openssl/build.sh | 27 ++ projects/openssl/target.yaml | 1 + projects/ots/Dockerfile | 23 ++ projects/ots/build.sh | 30 +++ projects/ots/ots_fuzzer.cc | 19 ++ projects/ots/ots_fuzzer.options | 2 + .../0509e80afb379d16560e9e47bdd7d888bebdebc6.ttf | Bin 0 -> 61 bytes .../051d92f8bc6ff724511b296c27623f824de256e9.ttf | Bin 0 -> 2028 bytes .../07f054357ff8638bac3711b422a1e31180bba863.ttf | Bin 0 -> 848 bytes .../191826b9643e3f124d865d617ae609db6a2ce203.ttf | Bin 0 -> 2140 bytes .../1a6f1687b7a221f9f2c834b0b360d3c8463b6daf.ttf | Bin 0 -> 64 bytes .../1c04a16f32a39c26c851b7fc014d2e8d298ba2b8.ttf | Bin 0 -> 820 bytes .../1c2c3fc37b2d4c3cb2ef726c6cdaaabd4b7f3eb9.ttf | Bin 0 -> 316 bytes .../1c2fb74c1b2aa173262734c1f616148f1648cfd6.ttf | Bin 0 -> 4064 bytes .../205edd09bd3d141cc9580f650109556cc28b22cb.ttf | Bin 0 -> 1966 bytes .../226bc2deab3846f1a682085f70c67d0421014144.ttf | Bin 0 -> 2828 bytes .../270b89df543a7e48e206a2d830c0e10e5265c630.ttf | Bin 0 -> 3428 bytes .../298c9e1d955f10f6f72c6915c3c6ff9bf9695cec.ttf | Bin 0 -> 2520 bytes .../3511ff5c1647150595846ac414c595cccac34f18.ttf | Bin 0 -> 1483 bytes .../37033cc5cf37bb223d7355153016b6ccece93b28.ttf | Bin 0 -> 2780 bytes .../375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf | Bin 0 -> 1024 bytes .../43979b90b2dd929723cf4fe1715990bcb9c9a56b.ttf | Bin 0 -> 1804 bytes .../43ef465752be9af900745f72fe29cb853a1401a5.ttf | Bin 0 -> 4272 bytes .../45855bc8d46332b39c4ab9e2ee1a26b1f896da6b.ttf | Bin 0 -> 1088 bytes .../49c9f7485c1392fa09a1b801bc2ffea79275f22e.ttf | Bin 0 -> 1496 bytes .../4cce528e99f600ed9c25a2b69e32eb94a03b4ae8.ttf | Bin 0 -> 1320 bytes .../5028afb650b1bb718ed2131e872fbcce57828fff.ttf | Bin 0 -> 4720 bytes .../56cfd0e18d07f41c38e9598545a6d369127fc6f9.ttf | Bin 0 -> 1412 bytes .../57a9d9f83020155cbb1d2be1f43d82388cbecc88.ttf | Bin 0 -> 2272 bytes .../5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf | Bin 0 -> 61 bytes .../641bd9db850193064d17575053ae2bf8ec149ddc.ttf | Bin 0 -> 305 bytes .../6466d38c62e73a39202435a4f73bf5d6acbb73c0.ttf | Bin 0 -> 824 bytes .../6ff0fbead4462d9f229167b4e6839eceb8465058.ttf | Bin 0 -> 1148 bytes .../706c5d7b625f207bc0d874c67237aad6f1e9cd6f.ttf | Bin 0 -> 3868 bytes .../757ebd573617a24aa9dfbf0b885c54875c6fe06b.ttf | Bin 0 -> 1804 bytes .../7a37dc4d5bf018456aea291cee06daf004c0221c.ttf | Bin 0 -> 1080 bytes .../7e14e7883ed152baa158b80e207b66114c823a8b.ttf | Bin 0 -> 1644 bytes .../7ef276fc886ea502a03b9b0e5c8b547d5dc2b61c.ttf | Bin 0 -> 784 bytes .../8099955657a54e9ee38a6ba1d6f950ce58e3cc25.ttf | Bin 0 -> 1024 bytes .../813c2f8e5512187fd982417a7fb4286728e6f4a8.ttf | Bin 0 -> 3428 bytes .../8240789f6d12d4cfc4b5e8e6f246c3701bcf861f.ttf | Bin 0 -> 633 bytes .../8454d22037f892e76614e1645d066689a0200e61.ttf | Bin 0 -> 6068 bytes .../8a9fea2a7384f2116e5b84a9b31f83be7850ce21.ttf | Bin 0 -> 3428 bytes .../a34a7b00f22ffb5fd7eef6933b81c7e71bc2cdfb.ttf | Bin 0 -> 3700 bytes .../a919b33197965846f21074b24e30250d67277bce.ttf | Bin 0 -> 12560 bytes .../a98e908e2ed21b22228ea59ebcc0f05034c86f2e.ttf | Bin 0 -> 1016 bytes .../b9e2aaa0d75fcef6971ec3a96d806ba4a6b31fe2.ttf | Bin 0 -> 1804 bytes .../bb0c53752e85c3d28973ebc913287b8987d3dfe8.ttf | Bin 0 -> 976 bytes .../bb9473d2403488714043bcfb946c9f78b86ad627.ttf | Bin 0 -> 3440 bytes .../c4e48b0886ef460f532fb49f00047ec92c432ec0.ttf | Bin 0 -> 2512 bytes .../cc5f3d2d717fb6bd4dfae1c16d48a2cb8e12233b.ttf | Bin 0 -> 1448 bytes .../d629e7fedc0b350222d7987345fe61613fa3929a.ttf | Bin 0 -> 1768 bytes .../df768b9c257e0c9c35786c47cae15c46571d56be.ttf | Bin 0 -> 6332 bytes .../e207635780b42f898d58654b65098763e340f5c7.ttf | Bin 0 -> 3000 bytes .../ef86fe710cfea877bbe0dbb6946a1f88d0661031.ttf | Bin 0 -> 2748 bytes .../f22416c692720a7d46fadf4af99f4c9e094f00b9.ttf | Bin 0 -> 16736 bytes .../f499fbc23865022234775c43503bba2e63978fe1.ttf | Bin 0 -> 3564 bytes .../f518eb6f6b5eec2946c9fbbbde44e45d46f5e2ac.ttf | Bin 0 -> 1356 bytes .../fab39d60d758cb586db5a504f218442cd1395725.ttf | Bin 0 -> 1894 bytes .../fbb6c84c9e1fe0c39e152fbe845e51fd81f6748e.ttf | Bin 0 -> 2616 bytes .../fcdcffbdf1c4c97c05308d7600e4c283eb47dbca.ttf | Bin 0 -> 1344 bytes .../ffa0f5d2d9025486d8469d8b1fdd983e7632499b.ttf | Bin 0 -> 1448 bytes projects/ots/target.yaml | 1 + projects/pcre2/Dockerfile | 22 ++ projects/pcre2/build.sh | 27 ++ projects/pcre2/target.yaml | 2 + projects/re2/Dockerfile | 23 ++ projects/re2/build.sh | 35 +++ projects/re2/re2_fuzzer.cc | 87 ++++++ projects/re2/re2_fuzzer.options | 2 + projects/re2/target.yaml | 1 + projects/sqlite3/Dockerfile | 31 +++ projects/sqlite3/build.sh | 38 +++ projects/sqlite3/ossfuzz.options | 2 + projects/sqlite3/sql.dict | 282 ++++++++++++++++++++ projects/sqlite3/target.yaml | 5 + projects/tpm2/Jenkinsfile | 26 ++ projects/tpm2/target.yaml | 4 + projects/woff2/Dockerfile | 23 ++ projects/woff2/build.sh | 40 +++ projects/woff2/convert_woff2ttf_fuzzer.cc | 17 ++ projects/woff2/convert_woff2ttf_fuzzer.options | 2 + projects/woff2/target.yaml | 1 + projects/zlib/Dockerfile | 23 ++ projects/zlib/build.sh | 8 + projects/zlib/target.yaml | 1 + projects/zlib/zlib_uncompress_fuzzer.cc | 21 ++ targets/README.md | 1 + targets/all.sh | 39 --- targets/boringssl/Dockerfile | 22 -- targets/boringssl/build.sh | 43 --- targets/boringssl/target.yaml | 1 - targets/c-ares/Dockerfile | 22 -- targets/c-ares/build.sh | 28 -- targets/c-ares/c_ares_ares_create_query_fuzzer.cc | 31 --- targets/c-ares/target.yaml | 1 - targets/curl/Dockerfile | 24 -- targets/curl/build.sh | 28 -- targets/curl/curl_fuzzer.cc | 117 --------- targets/curl/curl_fuzzer.options | 3 - targets/curl/http.dict | 41 --- targets/curl/target.yaml | 1 - targets/expat/Dockerfile | 23 -- targets/expat/Jenkinsfile | 23 -- targets/expat/build.sh | 27 -- targets/expat/parse_fuzzer.cc | 23 -- targets/expat/parse_fuzzer.options | 3 - targets/expat/target.yaml | 4 - targets/expat/xml.dict | 125 --------- targets/ffmpeg/Dockerfile | 43 --- targets/ffmpeg/build.sh | 291 --------------------- targets/ffmpeg/group_seed_corpus.py | 138 ---------- targets/ffmpeg/target.yaml | 1 - targets/file/Dockerfile | 22 -- targets/file/build.sh | 27 -- targets/file/magic_fuzzer.cc | 51 ---- targets/file/target.yaml | 2 - targets/freetype2/Dockerfile | 23 -- targets/freetype2/build.sh | 28 -- targets/freetype2/target.yaml | 1 - targets/harfbuzz/Dockerfile | 23 -- targets/harfbuzz/build.sh | 25 -- targets/harfbuzz/harfbuzz_fuzzer.cc | 46 ---- targets/harfbuzz/target.yaml | 1 - targets/icu/Dockerfile | 22 -- targets/icu/break_iterator_fuzzer.cc | 46 ---- targets/icu/break_iterator_utf32_fuzzer.cc | 47 ---- targets/icu/build.sh | 48 ---- targets/icu/converter_fuzzer.cc | 45 ---- targets/icu/fuzzer_utils.h | 53 ---- targets/icu/number_format_fuzzer.cc | 30 --- targets/icu/regex.dict | 103 -------- targets/icu/target.yaml | 1 - targets/icu/ucasemap_fuzzer.cc | 53 ---- .../icu/unicode_string_codepage_create_fuzzer.cc | 73 ------ targets/icu/uregex_open_fuzzer.cc | 23 -- targets/icu/uregex_open_fuzzer.options | 2 - targets/json/Dockerfile | 23 -- targets/json/build.sh | 22 -- targets/json/parse_fuzzer.cc | 36 --- targets/json/parse_fuzzer.options | 3 - targets/json/target.yaml | 1 - targets/lcms/Dockerfile | 22 -- targets/lcms/build.sh | 32 --- targets/lcms/cmsIT8_load_fuzzer.c | 31 --- targets/lcms/cmsIT8_load_fuzzer.options | 2 - targets/lcms/cms_transform_fuzzer.c | 50 ---- targets/lcms/cms_transform_fuzzer.options | 2 - targets/lcms/icc.dict | 251 ------------------ targets/lcms/target.yaml | 1 - targets/libarchive/Dockerfile | 27 -- targets/libarchive/build.sh | 28 -- targets/libarchive/libarchive_fuzzer.cc | 54 ---- targets/libarchive/target.yaml | 1 - targets/libass/Dockerfile | 24 -- targets/libass/ass.dict | 112 -------- targets/libass/build.sh | 36 --- targets/libass/libass_fuzzer.cc | 49 ---- targets/libass/libass_fuzzer.options | 2 - targets/libass/target.yaml | 1 - targets/libchewing/Dockerfile | 23 -- targets/libchewing/build.sh | 39 --- targets/libchewing/chewing_default_fuzzer.c | 15 -- targets/libchewing/chewing_dynamic_config_fuzzer.c | 15 -- targets/libchewing/chewing_fuzzer_common.c | 26 -- targets/libchewing/chewing_fuzzer_common.h | 13 - targets/libchewing/chewing_random_init_fuzzer.c | 15 -- targets/libchewing/target.yaml | 1 - targets/libjpeg-turbo/Dockerfile | 28 -- targets/libjpeg-turbo/build.sh | 26 -- targets/libjpeg-turbo/libjpeg_turbo_fuzzer.cc | 48 ---- targets/libjpeg-turbo/target.yaml | 1 - targets/libpng/Dockerfile | 23 -- targets/libpng/build.sh | 33 --- targets/libpng/libpng_read_fuzzer.cc | 123 --------- targets/libpng/libpng_read_fuzzer.options | 2 - targets/libpng/png.dict | 38 --- targets/libpng/target.yaml | 1 - targets/libteken/Dockerfile | 22 -- targets/libteken/build.sh | 25 -- targets/libteken/libteken_fuzzer.c | 31 --- targets/libteken/target.yaml | 1 - targets/libtsm/Dockerfile | 23 -- targets/libtsm/build.sh | 28 -- targets/libtsm/libtsm_fuzzer.c | 50 ---- targets/libtsm/target.yaml | 1 - targets/libxml2/Dockerfile | 27 -- targets/libxml2/build.sh | 29 -- targets/libxml2/libxml2_xml_read_memory_fuzzer.cc | 23 -- .../libxml2/libxml2_xml_read_memory_fuzzer.options | 2 - .../libxml2/libxml2_xml_regexp_compile_fuzzer.cc | 34 --- .../libxml2_xml_regexp_compile_fuzzer.options | 2 - targets/libxml2/target.yaml | 1 - targets/libxml2/xml.dict | 87 ------ targets/nss/Dockerfile | 26 -- targets/nss/build.sh | 68 ----- targets/nss/fuzzers/asn1_algorithmid_fuzzer.cc | 19 -- targets/nss/fuzzers/asn1_any_fuzzer.cc | 18 -- targets/nss/fuzzers/asn1_bitstring_fuzzer.cc | 18 -- targets/nss/fuzzers/asn1_bmpstring_fuzzer.cc | 18 -- targets/nss/fuzzers/asn1_boolean_fuzzer.cc | 18 -- targets/nss/fuzzers/asn1_fuzzer_template.h | 45 ---- targets/nss/fuzzers/asn1_generalizedtime_fuzzer.cc | 18 -- targets/nss/fuzzers/asn1_ia5string_fuzzer.cc | 18 -- targets/nss/fuzzers/asn1_integer_fuzzer.cc | 18 -- targets/nss/fuzzers/asn1_null_fuzzer.cc | 18 -- targets/nss/fuzzers/asn1_objectid_fuzzer.cc | 18 -- targets/nss/fuzzers/asn1_octetstring_fuzzer.cc | 18 -- targets/nss/fuzzers/asn1_utctime_fuzzer.cc | 18 -- targets/nss/fuzzers/asn1_utf8string_fuzzer.cc | 18 -- targets/nss/fuzzers/cert_certificate_fuzzer.cc | 19 -- .../nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc | 19 -- targets/nss/target.yaml | 1 - targets/openssl/Dockerfile | 22 -- targets/openssl/build.sh | 27 -- targets/openssl/target.yaml | 1 - targets/ots/Dockerfile | 23 -- targets/ots/build.sh | 30 --- targets/ots/ots_fuzzer.cc | 19 -- targets/ots/ots_fuzzer.options | 2 - .../0509e80afb379d16560e9e47bdd7d888bebdebc6.ttf | Bin 61 -> 0 bytes .../051d92f8bc6ff724511b296c27623f824de256e9.ttf | Bin 2028 -> 0 bytes .../07f054357ff8638bac3711b422a1e31180bba863.ttf | Bin 848 -> 0 bytes .../191826b9643e3f124d865d617ae609db6a2ce203.ttf | Bin 2140 -> 0 bytes .../1a6f1687b7a221f9f2c834b0b360d3c8463b6daf.ttf | Bin 64 -> 0 bytes .../1c04a16f32a39c26c851b7fc014d2e8d298ba2b8.ttf | Bin 820 -> 0 bytes .../1c2c3fc37b2d4c3cb2ef726c6cdaaabd4b7f3eb9.ttf | Bin 316 -> 0 bytes .../1c2fb74c1b2aa173262734c1f616148f1648cfd6.ttf | Bin 4064 -> 0 bytes .../205edd09bd3d141cc9580f650109556cc28b22cb.ttf | Bin 1966 -> 0 bytes .../226bc2deab3846f1a682085f70c67d0421014144.ttf | Bin 2828 -> 0 bytes .../270b89df543a7e48e206a2d830c0e10e5265c630.ttf | Bin 3428 -> 0 bytes .../298c9e1d955f10f6f72c6915c3c6ff9bf9695cec.ttf | Bin 2520 -> 0 bytes .../3511ff5c1647150595846ac414c595cccac34f18.ttf | Bin 1483 -> 0 bytes .../37033cc5cf37bb223d7355153016b6ccece93b28.ttf | Bin 2780 -> 0 bytes .../375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf | Bin 1024 -> 0 bytes .../43979b90b2dd929723cf4fe1715990bcb9c9a56b.ttf | Bin 1804 -> 0 bytes .../43ef465752be9af900745f72fe29cb853a1401a5.ttf | Bin 4272 -> 0 bytes .../45855bc8d46332b39c4ab9e2ee1a26b1f896da6b.ttf | Bin 1088 -> 0 bytes .../49c9f7485c1392fa09a1b801bc2ffea79275f22e.ttf | Bin 1496 -> 0 bytes .../4cce528e99f600ed9c25a2b69e32eb94a03b4ae8.ttf | Bin 1320 -> 0 bytes .../5028afb650b1bb718ed2131e872fbcce57828fff.ttf | Bin 4720 -> 0 bytes .../56cfd0e18d07f41c38e9598545a6d369127fc6f9.ttf | Bin 1412 -> 0 bytes .../57a9d9f83020155cbb1d2be1f43d82388cbecc88.ttf | Bin 2272 -> 0 bytes .../5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf | Bin 61 -> 0 bytes .../641bd9db850193064d17575053ae2bf8ec149ddc.ttf | Bin 305 -> 0 bytes .../6466d38c62e73a39202435a4f73bf5d6acbb73c0.ttf | Bin 824 -> 0 bytes .../6ff0fbead4462d9f229167b4e6839eceb8465058.ttf | Bin 1148 -> 0 bytes .../706c5d7b625f207bc0d874c67237aad6f1e9cd6f.ttf | Bin 3868 -> 0 bytes .../757ebd573617a24aa9dfbf0b885c54875c6fe06b.ttf | Bin 1804 -> 0 bytes .../7a37dc4d5bf018456aea291cee06daf004c0221c.ttf | Bin 1080 -> 0 bytes .../7e14e7883ed152baa158b80e207b66114c823a8b.ttf | Bin 1644 -> 0 bytes .../7ef276fc886ea502a03b9b0e5c8b547d5dc2b61c.ttf | Bin 784 -> 0 bytes .../8099955657a54e9ee38a6ba1d6f950ce58e3cc25.ttf | Bin 1024 -> 0 bytes .../813c2f8e5512187fd982417a7fb4286728e6f4a8.ttf | Bin 3428 -> 0 bytes .../8240789f6d12d4cfc4b5e8e6f246c3701bcf861f.ttf | Bin 633 -> 0 bytes .../8454d22037f892e76614e1645d066689a0200e61.ttf | Bin 6068 -> 0 bytes .../8a9fea2a7384f2116e5b84a9b31f83be7850ce21.ttf | Bin 3428 -> 0 bytes .../a34a7b00f22ffb5fd7eef6933b81c7e71bc2cdfb.ttf | Bin 3700 -> 0 bytes .../a919b33197965846f21074b24e30250d67277bce.ttf | Bin 12560 -> 0 bytes .../a98e908e2ed21b22228ea59ebcc0f05034c86f2e.ttf | Bin 1016 -> 0 bytes .../b9e2aaa0d75fcef6971ec3a96d806ba4a6b31fe2.ttf | Bin 1804 -> 0 bytes .../bb0c53752e85c3d28973ebc913287b8987d3dfe8.ttf | Bin 976 -> 0 bytes .../bb9473d2403488714043bcfb946c9f78b86ad627.ttf | Bin 3440 -> 0 bytes .../c4e48b0886ef460f532fb49f00047ec92c432ec0.ttf | Bin 2512 -> 0 bytes .../cc5f3d2d717fb6bd4dfae1c16d48a2cb8e12233b.ttf | Bin 1448 -> 0 bytes .../d629e7fedc0b350222d7987345fe61613fa3929a.ttf | Bin 1768 -> 0 bytes .../df768b9c257e0c9c35786c47cae15c46571d56be.ttf | Bin 6332 -> 0 bytes .../e207635780b42f898d58654b65098763e340f5c7.ttf | Bin 3000 -> 0 bytes .../ef86fe710cfea877bbe0dbb6946a1f88d0661031.ttf | Bin 2748 -> 0 bytes .../f22416c692720a7d46fadf4af99f4c9e094f00b9.ttf | Bin 16736 -> 0 bytes .../f499fbc23865022234775c43503bba2e63978fe1.ttf | Bin 3564 -> 0 bytes .../f518eb6f6b5eec2946c9fbbbde44e45d46f5e2ac.ttf | Bin 1356 -> 0 bytes .../fab39d60d758cb586db5a504f218442cd1395725.ttf | Bin 1894 -> 0 bytes .../fbb6c84c9e1fe0c39e152fbe845e51fd81f6748e.ttf | Bin 2616 -> 0 bytes .../fcdcffbdf1c4c97c05308d7600e4c283eb47dbca.ttf | Bin 1344 -> 0 bytes .../ffa0f5d2d9025486d8469d8b1fdd983e7632499b.ttf | Bin 1448 -> 0 bytes targets/ots/target.yaml | 1 - targets/pcre2/Dockerfile | 22 -- targets/pcre2/build.sh | 27 -- targets/pcre2/target.yaml | 2 - targets/re2/Dockerfile | 23 -- targets/re2/build.sh | 35 --- targets/re2/re2_fuzzer.cc | 87 ------ targets/re2/re2_fuzzer.options | 2 - targets/re2/target.yaml | 1 - targets/sqlite3/Dockerfile | 31 --- targets/sqlite3/build.sh | 38 --- targets/sqlite3/ossfuzz.options | 2 - targets/sqlite3/sql.dict | 282 -------------------- targets/sqlite3/target.yaml | 5 - targets/tpm2/Jenkinsfile | 26 -- targets/tpm2/target.yaml | 4 - targets/woff2/Dockerfile | 23 -- targets/woff2/build.sh | 40 --- targets/woff2/convert_woff2ttf_fuzzer.cc | 17 -- targets/woff2/convert_woff2ttf_fuzzer.options | 2 - targets/woff2/target.yaml | 1 - targets/zlib/Dockerfile | 23 -- targets/zlib/build.sh | 8 - targets/zlib/target.yaml | 1 - targets/zlib/zlib_uncompress_fuzzer.cc | 21 -- 427 files changed, 4825 insertions(+), 4824 deletions(-) create mode 100755 projects/all.sh create mode 100644 projects/boringssl/Dockerfile create mode 100755 projects/boringssl/build.sh create mode 100644 projects/boringssl/target.yaml create mode 100644 projects/c-ares/Dockerfile create mode 100755 projects/c-ares/build.sh create mode 100644 projects/c-ares/c_ares_ares_create_query_fuzzer.cc create mode 100644 projects/c-ares/target.yaml create mode 100644 projects/curl/Dockerfile create mode 100755 projects/curl/build.sh create mode 100644 projects/curl/curl_fuzzer.cc create mode 100644 projects/curl/curl_fuzzer.options create mode 100644 projects/curl/http.dict create mode 100644 projects/curl/target.yaml create mode 100644 projects/expat/Dockerfile create mode 100644 projects/expat/Jenkinsfile create mode 100755 projects/expat/build.sh create mode 100644 projects/expat/parse_fuzzer.cc create mode 100644 projects/expat/parse_fuzzer.options create mode 100644 projects/expat/target.yaml create mode 100644 projects/expat/xml.dict create mode 100644 projects/ffmpeg/Dockerfile create mode 100755 projects/ffmpeg/build.sh create mode 100755 projects/ffmpeg/group_seed_corpus.py create mode 100644 projects/ffmpeg/target.yaml create mode 100644 projects/file/Dockerfile create mode 100755 projects/file/build.sh create mode 100644 projects/file/magic_fuzzer.cc create mode 100644 projects/file/target.yaml create mode 100644 projects/freetype2/Dockerfile create mode 100755 projects/freetype2/build.sh create mode 100644 projects/freetype2/target.yaml create mode 100644 projects/harfbuzz/Dockerfile create mode 100755 projects/harfbuzz/build.sh create mode 100644 projects/harfbuzz/harfbuzz_fuzzer.cc create mode 100644 projects/harfbuzz/target.yaml create mode 100644 projects/icu/Dockerfile create mode 100644 projects/icu/break_iterator_fuzzer.cc create mode 100644 projects/icu/break_iterator_utf32_fuzzer.cc create mode 100755 projects/icu/build.sh create mode 100644 projects/icu/converter_fuzzer.cc create mode 100644 projects/icu/fuzzer_utils.h create mode 100644 projects/icu/number_format_fuzzer.cc create mode 100644 projects/icu/regex.dict create mode 100644 projects/icu/target.yaml create mode 100644 projects/icu/ucasemap_fuzzer.cc create mode 100644 projects/icu/unicode_string_codepage_create_fuzzer.cc create mode 100644 projects/icu/uregex_open_fuzzer.cc create mode 100644 projects/icu/uregex_open_fuzzer.options create mode 100644 projects/json/Dockerfile create mode 100755 projects/json/build.sh create mode 100644 projects/json/parse_fuzzer.cc create mode 100644 projects/json/parse_fuzzer.options create mode 100644 projects/json/target.yaml create mode 100644 projects/lcms/Dockerfile create mode 100755 projects/lcms/build.sh create mode 100644 projects/lcms/cmsIT8_load_fuzzer.c create mode 100644 projects/lcms/cmsIT8_load_fuzzer.options create mode 100644 projects/lcms/cms_transform_fuzzer.c create mode 100644 projects/lcms/cms_transform_fuzzer.options create mode 100644 projects/lcms/icc.dict create mode 100644 projects/lcms/target.yaml create mode 100644 projects/libarchive/Dockerfile create mode 100755 projects/libarchive/build.sh create mode 100644 projects/libarchive/libarchive_fuzzer.cc create mode 100644 projects/libarchive/target.yaml create mode 100644 projects/libass/Dockerfile create mode 100644 projects/libass/ass.dict create mode 100755 projects/libass/build.sh create mode 100644 projects/libass/libass_fuzzer.cc create mode 100644 projects/libass/libass_fuzzer.options create mode 100644 projects/libass/target.yaml create mode 100644 projects/libchewing/Dockerfile create mode 100755 projects/libchewing/build.sh create mode 100644 projects/libchewing/chewing_default_fuzzer.c create mode 100644 projects/libchewing/chewing_dynamic_config_fuzzer.c create mode 100644 projects/libchewing/chewing_fuzzer_common.c create mode 100644 projects/libchewing/chewing_fuzzer_common.h create mode 100644 projects/libchewing/chewing_random_init_fuzzer.c create mode 100644 projects/libchewing/target.yaml create mode 100644 projects/libjpeg-turbo/Dockerfile create mode 100755 projects/libjpeg-turbo/build.sh create mode 100644 projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc create mode 100644 projects/libjpeg-turbo/target.yaml create mode 100644 projects/libpng/Dockerfile create mode 100755 projects/libpng/build.sh create mode 100644 projects/libpng/libpng_read_fuzzer.cc create mode 100644 projects/libpng/libpng_read_fuzzer.options create mode 100644 projects/libpng/png.dict create mode 100644 projects/libpng/target.yaml create mode 100644 projects/libteken/Dockerfile create mode 100755 projects/libteken/build.sh create mode 100644 projects/libteken/libteken_fuzzer.c create mode 100644 projects/libteken/target.yaml create mode 100644 projects/libtsm/Dockerfile create mode 100755 projects/libtsm/build.sh create mode 100644 projects/libtsm/libtsm_fuzzer.c create mode 100644 projects/libtsm/target.yaml create mode 100644 projects/libxml2/Dockerfile create mode 100755 projects/libxml2/build.sh create mode 100644 projects/libxml2/libxml2_xml_read_memory_fuzzer.cc create mode 100644 projects/libxml2/libxml2_xml_read_memory_fuzzer.options create mode 100644 projects/libxml2/libxml2_xml_regexp_compile_fuzzer.cc create mode 100644 projects/libxml2/libxml2_xml_regexp_compile_fuzzer.options create mode 100644 projects/libxml2/target.yaml create mode 100644 projects/libxml2/xml.dict create mode 100644 projects/nss/Dockerfile create mode 100755 projects/nss/build.sh create mode 100644 projects/nss/fuzzers/asn1_algorithmid_fuzzer.cc create mode 100644 projects/nss/fuzzers/asn1_any_fuzzer.cc create mode 100644 projects/nss/fuzzers/asn1_bitstring_fuzzer.cc create mode 100644 projects/nss/fuzzers/asn1_bmpstring_fuzzer.cc create mode 100644 projects/nss/fuzzers/asn1_boolean_fuzzer.cc create mode 100644 projects/nss/fuzzers/asn1_fuzzer_template.h create mode 100644 projects/nss/fuzzers/asn1_generalizedtime_fuzzer.cc create mode 100644 projects/nss/fuzzers/asn1_ia5string_fuzzer.cc create mode 100644 projects/nss/fuzzers/asn1_integer_fuzzer.cc create mode 100644 projects/nss/fuzzers/asn1_null_fuzzer.cc create mode 100644 projects/nss/fuzzers/asn1_objectid_fuzzer.cc create mode 100644 projects/nss/fuzzers/asn1_octetstring_fuzzer.cc create mode 100644 projects/nss/fuzzers/asn1_utctime_fuzzer.cc create mode 100644 projects/nss/fuzzers/asn1_utf8string_fuzzer.cc create mode 100644 projects/nss/fuzzers/cert_certificate_fuzzer.cc create mode 100644 projects/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc create mode 100644 projects/nss/target.yaml create mode 100644 projects/openssl/Dockerfile create mode 100755 projects/openssl/build.sh create mode 100644 projects/openssl/target.yaml create mode 100644 projects/ots/Dockerfile create mode 100755 projects/ots/build.sh create mode 100644 projects/ots/ots_fuzzer.cc create mode 100644 projects/ots/ots_fuzzer.options create mode 100644 projects/ots/seed_corpus/0509e80afb379d16560e9e47bdd7d888bebdebc6.ttf create mode 100644 projects/ots/seed_corpus/051d92f8bc6ff724511b296c27623f824de256e9.ttf create mode 100644 projects/ots/seed_corpus/07f054357ff8638bac3711b422a1e31180bba863.ttf create mode 100644 projects/ots/seed_corpus/191826b9643e3f124d865d617ae609db6a2ce203.ttf create mode 100644 projects/ots/seed_corpus/1a6f1687b7a221f9f2c834b0b360d3c8463b6daf.ttf create mode 100644 projects/ots/seed_corpus/1c04a16f32a39c26c851b7fc014d2e8d298ba2b8.ttf create mode 100644 projects/ots/seed_corpus/1c2c3fc37b2d4c3cb2ef726c6cdaaabd4b7f3eb9.ttf create mode 100644 projects/ots/seed_corpus/1c2fb74c1b2aa173262734c1f616148f1648cfd6.ttf create mode 100644 projects/ots/seed_corpus/205edd09bd3d141cc9580f650109556cc28b22cb.ttf create mode 100644 projects/ots/seed_corpus/226bc2deab3846f1a682085f70c67d0421014144.ttf create mode 100644 projects/ots/seed_corpus/270b89df543a7e48e206a2d830c0e10e5265c630.ttf create mode 100644 projects/ots/seed_corpus/298c9e1d955f10f6f72c6915c3c6ff9bf9695cec.ttf create mode 100644 projects/ots/seed_corpus/3511ff5c1647150595846ac414c595cccac34f18.ttf create mode 100644 projects/ots/seed_corpus/37033cc5cf37bb223d7355153016b6ccece93b28.ttf create mode 100644 projects/ots/seed_corpus/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf create mode 100644 projects/ots/seed_corpus/43979b90b2dd929723cf4fe1715990bcb9c9a56b.ttf create mode 100644 projects/ots/seed_corpus/43ef465752be9af900745f72fe29cb853a1401a5.ttf create mode 100644 projects/ots/seed_corpus/45855bc8d46332b39c4ab9e2ee1a26b1f896da6b.ttf create mode 100644 projects/ots/seed_corpus/49c9f7485c1392fa09a1b801bc2ffea79275f22e.ttf create mode 100644 projects/ots/seed_corpus/4cce528e99f600ed9c25a2b69e32eb94a03b4ae8.ttf create mode 100644 projects/ots/seed_corpus/5028afb650b1bb718ed2131e872fbcce57828fff.ttf create mode 100644 projects/ots/seed_corpus/56cfd0e18d07f41c38e9598545a6d369127fc6f9.ttf create mode 100644 projects/ots/seed_corpus/57a9d9f83020155cbb1d2be1f43d82388cbecc88.ttf create mode 100644 projects/ots/seed_corpus/5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf create mode 100644 projects/ots/seed_corpus/641bd9db850193064d17575053ae2bf8ec149ddc.ttf create mode 100644 projects/ots/seed_corpus/6466d38c62e73a39202435a4f73bf5d6acbb73c0.ttf create mode 100644 projects/ots/seed_corpus/6ff0fbead4462d9f229167b4e6839eceb8465058.ttf create mode 100644 projects/ots/seed_corpus/706c5d7b625f207bc0d874c67237aad6f1e9cd6f.ttf create mode 100644 projects/ots/seed_corpus/757ebd573617a24aa9dfbf0b885c54875c6fe06b.ttf create mode 100644 projects/ots/seed_corpus/7a37dc4d5bf018456aea291cee06daf004c0221c.ttf create mode 100644 projects/ots/seed_corpus/7e14e7883ed152baa158b80e207b66114c823a8b.ttf create mode 100644 projects/ots/seed_corpus/7ef276fc886ea502a03b9b0e5c8b547d5dc2b61c.ttf create mode 100644 projects/ots/seed_corpus/8099955657a54e9ee38a6ba1d6f950ce58e3cc25.ttf create mode 100644 projects/ots/seed_corpus/813c2f8e5512187fd982417a7fb4286728e6f4a8.ttf create mode 100644 projects/ots/seed_corpus/8240789f6d12d4cfc4b5e8e6f246c3701bcf861f.ttf create mode 100644 projects/ots/seed_corpus/8454d22037f892e76614e1645d066689a0200e61.ttf create mode 100644 projects/ots/seed_corpus/8a9fea2a7384f2116e5b84a9b31f83be7850ce21.ttf create mode 100644 projects/ots/seed_corpus/a34a7b00f22ffb5fd7eef6933b81c7e71bc2cdfb.ttf create mode 100644 projects/ots/seed_corpus/a919b33197965846f21074b24e30250d67277bce.ttf create mode 100644 projects/ots/seed_corpus/a98e908e2ed21b22228ea59ebcc0f05034c86f2e.ttf create mode 100644 projects/ots/seed_corpus/b9e2aaa0d75fcef6971ec3a96d806ba4a6b31fe2.ttf create mode 100644 projects/ots/seed_corpus/bb0c53752e85c3d28973ebc913287b8987d3dfe8.ttf create mode 100644 projects/ots/seed_corpus/bb9473d2403488714043bcfb946c9f78b86ad627.ttf create mode 100644 projects/ots/seed_corpus/c4e48b0886ef460f532fb49f00047ec92c432ec0.ttf create mode 100644 projects/ots/seed_corpus/cc5f3d2d717fb6bd4dfae1c16d48a2cb8e12233b.ttf create mode 100644 projects/ots/seed_corpus/d629e7fedc0b350222d7987345fe61613fa3929a.ttf create mode 100644 projects/ots/seed_corpus/df768b9c257e0c9c35786c47cae15c46571d56be.ttf create mode 100644 projects/ots/seed_corpus/e207635780b42f898d58654b65098763e340f5c7.ttf create mode 100644 projects/ots/seed_corpus/ef86fe710cfea877bbe0dbb6946a1f88d0661031.ttf create mode 100644 projects/ots/seed_corpus/f22416c692720a7d46fadf4af99f4c9e094f00b9.ttf create mode 100644 projects/ots/seed_corpus/f499fbc23865022234775c43503bba2e63978fe1.ttf create mode 100644 projects/ots/seed_corpus/f518eb6f6b5eec2946c9fbbbde44e45d46f5e2ac.ttf create mode 100644 projects/ots/seed_corpus/fab39d60d758cb586db5a504f218442cd1395725.ttf create mode 100644 projects/ots/seed_corpus/fbb6c84c9e1fe0c39e152fbe845e51fd81f6748e.ttf create mode 100644 projects/ots/seed_corpus/fcdcffbdf1c4c97c05308d7600e4c283eb47dbca.ttf create mode 100644 projects/ots/seed_corpus/ffa0f5d2d9025486d8469d8b1fdd983e7632499b.ttf create mode 100644 projects/ots/target.yaml create mode 100644 projects/pcre2/Dockerfile create mode 100755 projects/pcre2/build.sh create mode 100644 projects/pcre2/target.yaml create mode 100644 projects/re2/Dockerfile create mode 100755 projects/re2/build.sh create mode 100644 projects/re2/re2_fuzzer.cc create mode 100644 projects/re2/re2_fuzzer.options create mode 100644 projects/re2/target.yaml create mode 100644 projects/sqlite3/Dockerfile create mode 100755 projects/sqlite3/build.sh create mode 100644 projects/sqlite3/ossfuzz.options create mode 100644 projects/sqlite3/sql.dict create mode 100644 projects/sqlite3/target.yaml create mode 100644 projects/tpm2/Jenkinsfile create mode 100644 projects/tpm2/target.yaml create mode 100644 projects/woff2/Dockerfile create mode 100755 projects/woff2/build.sh create mode 100644 projects/woff2/convert_woff2ttf_fuzzer.cc create mode 100644 projects/woff2/convert_woff2ttf_fuzzer.options create mode 100644 projects/woff2/target.yaml create mode 100644 projects/zlib/Dockerfile create mode 100755 projects/zlib/build.sh create mode 100644 projects/zlib/target.yaml create mode 100644 projects/zlib/zlib_uncompress_fuzzer.cc create mode 100644 targets/README.md delete mode 100755 targets/all.sh delete mode 100644 targets/boringssl/Dockerfile delete mode 100755 targets/boringssl/build.sh delete mode 100644 targets/boringssl/target.yaml delete mode 100644 targets/c-ares/Dockerfile delete mode 100755 targets/c-ares/build.sh delete mode 100644 targets/c-ares/c_ares_ares_create_query_fuzzer.cc delete mode 100644 targets/c-ares/target.yaml delete mode 100644 targets/curl/Dockerfile delete mode 100755 targets/curl/build.sh delete mode 100644 targets/curl/curl_fuzzer.cc delete mode 100644 targets/curl/curl_fuzzer.options delete mode 100644 targets/curl/http.dict delete mode 100644 targets/curl/target.yaml delete mode 100644 targets/expat/Dockerfile delete mode 100644 targets/expat/Jenkinsfile delete mode 100755 targets/expat/build.sh delete mode 100644 targets/expat/parse_fuzzer.cc delete mode 100644 targets/expat/parse_fuzzer.options delete mode 100644 targets/expat/target.yaml delete mode 100644 targets/expat/xml.dict delete mode 100644 targets/ffmpeg/Dockerfile delete mode 100755 targets/ffmpeg/build.sh delete mode 100755 targets/ffmpeg/group_seed_corpus.py delete mode 100644 targets/ffmpeg/target.yaml delete mode 100644 targets/file/Dockerfile delete mode 100755 targets/file/build.sh delete mode 100644 targets/file/magic_fuzzer.cc delete mode 100644 targets/file/target.yaml delete mode 100644 targets/freetype2/Dockerfile delete mode 100755 targets/freetype2/build.sh delete mode 100644 targets/freetype2/target.yaml delete mode 100644 targets/harfbuzz/Dockerfile delete mode 100755 targets/harfbuzz/build.sh delete mode 100644 targets/harfbuzz/harfbuzz_fuzzer.cc delete mode 100644 targets/harfbuzz/target.yaml delete mode 100644 targets/icu/Dockerfile delete mode 100644 targets/icu/break_iterator_fuzzer.cc delete mode 100644 targets/icu/break_iterator_utf32_fuzzer.cc delete mode 100755 targets/icu/build.sh delete mode 100644 targets/icu/converter_fuzzer.cc delete mode 100644 targets/icu/fuzzer_utils.h delete mode 100644 targets/icu/number_format_fuzzer.cc delete mode 100644 targets/icu/regex.dict delete mode 100644 targets/icu/target.yaml delete mode 100644 targets/icu/ucasemap_fuzzer.cc delete mode 100644 targets/icu/unicode_string_codepage_create_fuzzer.cc delete mode 100644 targets/icu/uregex_open_fuzzer.cc delete mode 100644 targets/icu/uregex_open_fuzzer.options delete mode 100644 targets/json/Dockerfile delete mode 100755 targets/json/build.sh delete mode 100644 targets/json/parse_fuzzer.cc delete mode 100644 targets/json/parse_fuzzer.options delete mode 100644 targets/json/target.yaml delete mode 100644 targets/lcms/Dockerfile delete mode 100755 targets/lcms/build.sh delete mode 100644 targets/lcms/cmsIT8_load_fuzzer.c delete mode 100644 targets/lcms/cmsIT8_load_fuzzer.options delete mode 100644 targets/lcms/cms_transform_fuzzer.c delete mode 100644 targets/lcms/cms_transform_fuzzer.options delete mode 100644 targets/lcms/icc.dict delete mode 100644 targets/lcms/target.yaml delete mode 100644 targets/libarchive/Dockerfile delete mode 100755 targets/libarchive/build.sh delete mode 100644 targets/libarchive/libarchive_fuzzer.cc delete mode 100644 targets/libarchive/target.yaml delete mode 100644 targets/libass/Dockerfile delete mode 100644 targets/libass/ass.dict delete mode 100755 targets/libass/build.sh delete mode 100644 targets/libass/libass_fuzzer.cc delete mode 100644 targets/libass/libass_fuzzer.options delete mode 100644 targets/libass/target.yaml delete mode 100644 targets/libchewing/Dockerfile delete mode 100755 targets/libchewing/build.sh delete mode 100644 targets/libchewing/chewing_default_fuzzer.c delete mode 100644 targets/libchewing/chewing_dynamic_config_fuzzer.c delete mode 100644 targets/libchewing/chewing_fuzzer_common.c delete mode 100644 targets/libchewing/chewing_fuzzer_common.h delete mode 100644 targets/libchewing/chewing_random_init_fuzzer.c delete mode 100644 targets/libchewing/target.yaml delete mode 100644 targets/libjpeg-turbo/Dockerfile delete mode 100755 targets/libjpeg-turbo/build.sh delete mode 100644 targets/libjpeg-turbo/libjpeg_turbo_fuzzer.cc delete mode 100644 targets/libjpeg-turbo/target.yaml delete mode 100644 targets/libpng/Dockerfile delete mode 100755 targets/libpng/build.sh delete mode 100644 targets/libpng/libpng_read_fuzzer.cc delete mode 100644 targets/libpng/libpng_read_fuzzer.options delete mode 100644 targets/libpng/png.dict delete mode 100644 targets/libpng/target.yaml delete mode 100644 targets/libteken/Dockerfile delete mode 100755 targets/libteken/build.sh delete mode 100644 targets/libteken/libteken_fuzzer.c delete mode 100644 targets/libteken/target.yaml delete mode 100644 targets/libtsm/Dockerfile delete mode 100755 targets/libtsm/build.sh delete mode 100644 targets/libtsm/libtsm_fuzzer.c delete mode 100644 targets/libtsm/target.yaml delete mode 100644 targets/libxml2/Dockerfile delete mode 100755 targets/libxml2/build.sh delete mode 100644 targets/libxml2/libxml2_xml_read_memory_fuzzer.cc delete mode 100644 targets/libxml2/libxml2_xml_read_memory_fuzzer.options delete mode 100644 targets/libxml2/libxml2_xml_regexp_compile_fuzzer.cc delete mode 100644 targets/libxml2/libxml2_xml_regexp_compile_fuzzer.options delete mode 100644 targets/libxml2/target.yaml delete mode 100644 targets/libxml2/xml.dict delete mode 100644 targets/nss/Dockerfile delete mode 100755 targets/nss/build.sh delete mode 100644 targets/nss/fuzzers/asn1_algorithmid_fuzzer.cc delete mode 100644 targets/nss/fuzzers/asn1_any_fuzzer.cc delete mode 100644 targets/nss/fuzzers/asn1_bitstring_fuzzer.cc delete mode 100644 targets/nss/fuzzers/asn1_bmpstring_fuzzer.cc delete mode 100644 targets/nss/fuzzers/asn1_boolean_fuzzer.cc delete mode 100644 targets/nss/fuzzers/asn1_fuzzer_template.h delete mode 100644 targets/nss/fuzzers/asn1_generalizedtime_fuzzer.cc delete mode 100644 targets/nss/fuzzers/asn1_ia5string_fuzzer.cc delete mode 100644 targets/nss/fuzzers/asn1_integer_fuzzer.cc delete mode 100644 targets/nss/fuzzers/asn1_null_fuzzer.cc delete mode 100644 targets/nss/fuzzers/asn1_objectid_fuzzer.cc delete mode 100644 targets/nss/fuzzers/asn1_octetstring_fuzzer.cc delete mode 100644 targets/nss/fuzzers/asn1_utctime_fuzzer.cc delete mode 100644 targets/nss/fuzzers/asn1_utf8string_fuzzer.cc delete mode 100644 targets/nss/fuzzers/cert_certificate_fuzzer.cc delete mode 100644 targets/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc delete mode 100644 targets/nss/target.yaml delete mode 100644 targets/openssl/Dockerfile delete mode 100755 targets/openssl/build.sh delete mode 100644 targets/openssl/target.yaml delete mode 100644 targets/ots/Dockerfile delete mode 100755 targets/ots/build.sh delete mode 100644 targets/ots/ots_fuzzer.cc delete mode 100644 targets/ots/ots_fuzzer.options delete mode 100644 targets/ots/seed_corpus/0509e80afb379d16560e9e47bdd7d888bebdebc6.ttf delete mode 100644 targets/ots/seed_corpus/051d92f8bc6ff724511b296c27623f824de256e9.ttf delete mode 100644 targets/ots/seed_corpus/07f054357ff8638bac3711b422a1e31180bba863.ttf delete mode 100644 targets/ots/seed_corpus/191826b9643e3f124d865d617ae609db6a2ce203.ttf delete mode 100644 targets/ots/seed_corpus/1a6f1687b7a221f9f2c834b0b360d3c8463b6daf.ttf delete mode 100644 targets/ots/seed_corpus/1c04a16f32a39c26c851b7fc014d2e8d298ba2b8.ttf delete mode 100644 targets/ots/seed_corpus/1c2c3fc37b2d4c3cb2ef726c6cdaaabd4b7f3eb9.ttf delete mode 100644 targets/ots/seed_corpus/1c2fb74c1b2aa173262734c1f616148f1648cfd6.ttf delete mode 100644 targets/ots/seed_corpus/205edd09bd3d141cc9580f650109556cc28b22cb.ttf delete mode 100644 targets/ots/seed_corpus/226bc2deab3846f1a682085f70c67d0421014144.ttf delete mode 100644 targets/ots/seed_corpus/270b89df543a7e48e206a2d830c0e10e5265c630.ttf delete mode 100644 targets/ots/seed_corpus/298c9e1d955f10f6f72c6915c3c6ff9bf9695cec.ttf delete mode 100644 targets/ots/seed_corpus/3511ff5c1647150595846ac414c595cccac34f18.ttf delete mode 100644 targets/ots/seed_corpus/37033cc5cf37bb223d7355153016b6ccece93b28.ttf delete mode 100644 targets/ots/seed_corpus/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf delete mode 100644 targets/ots/seed_corpus/43979b90b2dd929723cf4fe1715990bcb9c9a56b.ttf delete mode 100644 targets/ots/seed_corpus/43ef465752be9af900745f72fe29cb853a1401a5.ttf delete mode 100644 targets/ots/seed_corpus/45855bc8d46332b39c4ab9e2ee1a26b1f896da6b.ttf delete mode 100644 targets/ots/seed_corpus/49c9f7485c1392fa09a1b801bc2ffea79275f22e.ttf delete mode 100644 targets/ots/seed_corpus/4cce528e99f600ed9c25a2b69e32eb94a03b4ae8.ttf delete mode 100644 targets/ots/seed_corpus/5028afb650b1bb718ed2131e872fbcce57828fff.ttf delete mode 100644 targets/ots/seed_corpus/56cfd0e18d07f41c38e9598545a6d369127fc6f9.ttf delete mode 100644 targets/ots/seed_corpus/57a9d9f83020155cbb1d2be1f43d82388cbecc88.ttf delete mode 100644 targets/ots/seed_corpus/5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf delete mode 100644 targets/ots/seed_corpus/641bd9db850193064d17575053ae2bf8ec149ddc.ttf delete mode 100644 targets/ots/seed_corpus/6466d38c62e73a39202435a4f73bf5d6acbb73c0.ttf delete mode 100644 targets/ots/seed_corpus/6ff0fbead4462d9f229167b4e6839eceb8465058.ttf delete mode 100644 targets/ots/seed_corpus/706c5d7b625f207bc0d874c67237aad6f1e9cd6f.ttf delete mode 100644 targets/ots/seed_corpus/757ebd573617a24aa9dfbf0b885c54875c6fe06b.ttf delete mode 100644 targets/ots/seed_corpus/7a37dc4d5bf018456aea291cee06daf004c0221c.ttf delete mode 100644 targets/ots/seed_corpus/7e14e7883ed152baa158b80e207b66114c823a8b.ttf delete mode 100644 targets/ots/seed_corpus/7ef276fc886ea502a03b9b0e5c8b547d5dc2b61c.ttf delete mode 100644 targets/ots/seed_corpus/8099955657a54e9ee38a6ba1d6f950ce58e3cc25.ttf delete mode 100644 targets/ots/seed_corpus/813c2f8e5512187fd982417a7fb4286728e6f4a8.ttf delete mode 100644 targets/ots/seed_corpus/8240789f6d12d4cfc4b5e8e6f246c3701bcf861f.ttf delete mode 100644 targets/ots/seed_corpus/8454d22037f892e76614e1645d066689a0200e61.ttf delete mode 100644 targets/ots/seed_corpus/8a9fea2a7384f2116e5b84a9b31f83be7850ce21.ttf delete mode 100644 targets/ots/seed_corpus/a34a7b00f22ffb5fd7eef6933b81c7e71bc2cdfb.ttf delete mode 100644 targets/ots/seed_corpus/a919b33197965846f21074b24e30250d67277bce.ttf delete mode 100644 targets/ots/seed_corpus/a98e908e2ed21b22228ea59ebcc0f05034c86f2e.ttf delete mode 100644 targets/ots/seed_corpus/b9e2aaa0d75fcef6971ec3a96d806ba4a6b31fe2.ttf delete mode 100644 targets/ots/seed_corpus/bb0c53752e85c3d28973ebc913287b8987d3dfe8.ttf delete mode 100644 targets/ots/seed_corpus/bb9473d2403488714043bcfb946c9f78b86ad627.ttf delete mode 100644 targets/ots/seed_corpus/c4e48b0886ef460f532fb49f00047ec92c432ec0.ttf delete mode 100644 targets/ots/seed_corpus/cc5f3d2d717fb6bd4dfae1c16d48a2cb8e12233b.ttf delete mode 100644 targets/ots/seed_corpus/d629e7fedc0b350222d7987345fe61613fa3929a.ttf delete mode 100644 targets/ots/seed_corpus/df768b9c257e0c9c35786c47cae15c46571d56be.ttf delete mode 100644 targets/ots/seed_corpus/e207635780b42f898d58654b65098763e340f5c7.ttf delete mode 100644 targets/ots/seed_corpus/ef86fe710cfea877bbe0dbb6946a1f88d0661031.ttf delete mode 100644 targets/ots/seed_corpus/f22416c692720a7d46fadf4af99f4c9e094f00b9.ttf delete mode 100644 targets/ots/seed_corpus/f499fbc23865022234775c43503bba2e63978fe1.ttf delete mode 100644 targets/ots/seed_corpus/f518eb6f6b5eec2946c9fbbbde44e45d46f5e2ac.ttf delete mode 100644 targets/ots/seed_corpus/fab39d60d758cb586db5a504f218442cd1395725.ttf delete mode 100644 targets/ots/seed_corpus/fbb6c84c9e1fe0c39e152fbe845e51fd81f6748e.ttf delete mode 100644 targets/ots/seed_corpus/fcdcffbdf1c4c97c05308d7600e4c283eb47dbca.ttf delete mode 100644 targets/ots/seed_corpus/ffa0f5d2d9025486d8469d8b1fdd983e7632499b.ttf delete mode 100644 targets/ots/target.yaml delete mode 100644 targets/pcre2/Dockerfile delete mode 100755 targets/pcre2/build.sh delete mode 100644 targets/pcre2/target.yaml delete mode 100644 targets/re2/Dockerfile delete mode 100755 targets/re2/build.sh delete mode 100644 targets/re2/re2_fuzzer.cc delete mode 100644 targets/re2/re2_fuzzer.options delete mode 100644 targets/re2/target.yaml delete mode 100644 targets/sqlite3/Dockerfile delete mode 100755 targets/sqlite3/build.sh delete mode 100644 targets/sqlite3/ossfuzz.options delete mode 100644 targets/sqlite3/sql.dict delete mode 100644 targets/sqlite3/target.yaml delete mode 100644 targets/tpm2/Jenkinsfile delete mode 100644 targets/tpm2/target.yaml delete mode 100644 targets/woff2/Dockerfile delete mode 100755 targets/woff2/build.sh delete mode 100644 targets/woff2/convert_woff2ttf_fuzzer.cc delete mode 100644 targets/woff2/convert_woff2ttf_fuzzer.options delete mode 100644 targets/woff2/target.yaml delete mode 100644 targets/zlib/Dockerfile delete mode 100755 targets/zlib/build.sh delete mode 100644 targets/zlib/target.yaml delete mode 100644 targets/zlib/zlib_uncompress_fuzzer.cc diff --git a/projects/all.sh b/projects/all.sh new file mode 100755 index 00000000..7e34cc21 --- /dev/null +++ b/projects/all.sh @@ -0,0 +1,39 @@ +#!/bin/bash -eu +# +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Development script to build all images. +IGNORE="build:docs:infra:tpm2:scripts" + +for target in targets/*; do + if [[ -f $target || ":${IGNORE}:" == *":$target:"* ]]; then continue; fi + echo "@ Building $target" + docker build -t ossfuzz/$target $target/ + + # Execute command ($1) if any + case ${1-} in + "") + ;; + compile|test) + docker run --rm -ti ossfuzz/$target $@ + ;; + *) + echo $"Usage: $0 {|compile}" + exit 1 + esac + +done diff --git a/projects/boringssl/Dockerfile b/projects/boringssl/Dockerfile new file mode 100644 index 00000000..0368f816 --- /dev/null +++ b/projects/boringssl/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER mike.aizatsky@gmail.com +RUN apt-get install -y cmake ninja-build golang + +RUN git clone https://boringssl.googlesource.com/boringssl +COPY build.sh $SRC/ diff --git a/projects/boringssl/build.sh b/projects/boringssl/build.sh new file mode 100755 index 00000000..832b9665 --- /dev/null +++ b/projects/boringssl/build.sh @@ -0,0 +1,43 @@ +#!/bin/bash -eux +# +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +mkdir -p $WORK/boringssl +cd $WORK/boringssl + +CFLAGS="$CFLAGS -DBORINGSSL_UNSAFE_FUZZER_MODE" +CXXFLAGS="$CXXFLAGS -DBORINGSSL_UNSAFE_FUZZER_MODE" + +cmake -GNinja -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \ + -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ + $SRC/boringssl/ +ninja + +fuzzerFiles=$(find $SRC/boringssl/fuzz/ -name "*.cc") + +find . -name "*.a" + +for F in $fuzzerFiles; do + fuzzerName=$(basename $F .cc) + echo "Building fuzzer $fuzzerName" + $CXX $CXXFLAGS -std=c++11 \ + -o $OUT/${fuzzerName} -lfuzzer $F \ + -I $SRC/boringssl/include ./ssl/libssl.a ./crypto/libcrypto.a + + if [ -d "$SRC/boringssl/fuzz/${fuzzerName}_corpus" ]; then + zip -j $OUT/${fuzzerName}_seed_corpus.zip $SRC/boringssl/fuzz/${fuzzerName}_corpus/* + fi +done diff --git a/projects/boringssl/target.yaml b/projects/boringssl/target.yaml new file mode 100644 index 00000000..e57f1846 --- /dev/null +++ b/projects/boringssl/target.yaml @@ -0,0 +1 @@ +homepage: "https://boringssl.googlesource.com/boringssl/" diff --git a/projects/c-ares/Dockerfile b/projects/c-ares/Dockerfile new file mode 100644 index 00000000..56e50dcf --- /dev/null +++ b/projects/c-ares/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER mmoroz@chromium.org +RUN apt-get install -y make autoconf automake libtool +RUN git clone https://github.com/c-ares/c-ares.git +WORKDIR c-ares +COPY build.sh *_fuzzer.cc $SRC/ diff --git a/projects/c-ares/build.sh b/projects/c-ares/build.sh new file mode 100755 index 00000000..41fbf3bb --- /dev/null +++ b/projects/c-ares/build.sh @@ -0,0 +1,28 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Build the target. +./buildconf +./configure --enable-debug +make clean +make -j$(nproc) V=1 all + +# Build the fuzzer. +$CXX $CXXFLAGS -std=c++11 -I. \ + $SRC/c_ares_ares_create_query_fuzzer.cc \ + -o $OUT/c_ares_ares_create_query_fuzzer \ + -lfuzzer $SRC/c-ares/.libs/libcares.a diff --git a/projects/c-ares/c_ares_ares_create_query_fuzzer.cc b/projects/c-ares/c_ares_ares_create_query_fuzzer.cc new file mode 100644 index 00000000..fc12938e --- /dev/null +++ b/projects/c-ares/c_ares_ares_create_query_fuzzer.cc @@ -0,0 +1,31 @@ +// Copyright 2016 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include +#include + +#include + +#include + +#include + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + unsigned char *buf; + int buflen; + std::string s(reinterpret_cast(data), size); + ares_create_query(s.c_str(), ns_c_in, ns_t_a, 0x1234, 0, &buf, &buflen, 0); + ares_free_string(buf); + return 0; +} diff --git a/projects/c-ares/target.yaml b/projects/c-ares/target.yaml new file mode 100644 index 00000000..58790408 --- /dev/null +++ b/projects/c-ares/target.yaml @@ -0,0 +1 @@ +homepage: "https://c-ares.haxx.se/" diff --git a/projects/curl/Dockerfile b/projects/curl/Dockerfile new file mode 100644 index 00000000..d8df622d --- /dev/null +++ b/projects/curl/Dockerfile @@ -0,0 +1,24 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER dvyukov@google.com +RUN apt-get install -y make autoconf automake libtool libssl-dev zlib1g-dev + +RUN git clone https://github.com/curl/curl.git +WORKDIR curl +COPY build.sh curl_fuzzer.cc *.options *.dict $SRC/ + diff --git a/projects/curl/build.sh b/projects/curl/build.sh new file mode 100755 index 00000000..35deec89 --- /dev/null +++ b/projects/curl/build.sh @@ -0,0 +1,28 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +./buildconf +./configure --disable-shared --enable-debug --enable-maintainer-mode --disable-symbol-hiding --disable-threaded-resolver --enable-ipv6 --with-random=/dev/null +make -j$(nproc) +$CXX $CXXFLAGS $SRC/curl_fuzzer.cc -Iinclude lib/.libs/libcurl.a \ + -o $OUT/curl_fuzzer \ + -Wl,-Bstatic -lssl -lcrypto -lz -lfuzzer -Wl,-Bdynamic + +# /usr/lib/x86_64-linux-gnu/libssl.a \ +# /usr/lib/x86_64-linux-gnu/libcrypto.a \ + +cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/projects/curl/curl_fuzzer.cc b/projects/curl/curl_fuzzer.cc new file mode 100644 index 00000000..b292e346 --- /dev/null +++ b/projects/curl/curl_fuzzer.cc @@ -0,0 +1,117 @@ +/* +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +static const void *cur_data; +static int cur_size = -1; +static int server_fd = -1; +static int client_fd = -1; +static bool wrote = false; + +static void fail(const char *why) { + perror(why); + exit(1); +} + +static curl_socket_t open_sock(void *ctx, curlsocktype purpose, + struct curl_sockaddr *address) { + if (cur_size == -1) fail("not fuzzing"); + if (server_fd != -1 || client_fd != -1) fail("already connected"); + int fds[2]; + if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds)) fail("socketpair"); + server_fd = fds[0]; + client_fd = fds[1]; + if (write(server_fd, cur_data, cur_size) != cur_size) fail("write"); + if (shutdown(server_fd, SHUT_WR)) fail("shutdown"); + return client_fd; +} + +static int set_opt(void *ctx, curl_socket_t curlfd, curlsocktype purpose) { + return CURL_SOCKOPT_ALREADY_CONNECTED; +} + +static size_t write_callback(char *ptr, size_t size, size_t n, void *ctx) { + return size * n; +} + +static size_t read_callback(char *buf, size_t size, size_t n, void *ctx) { + if (wrote || size * n == 0) return 0; + wrote = true; + buf[0] = 'a'; + return 1; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + cur_data = Data; + cur_size = Size; + wrote = false; + CURL *curl = curl_easy_init(); + curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback); + curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback); + curl_easy_setopt(curl, CURLOPT_OPENSOCKETFUNCTION, open_sock); + curl_easy_setopt(curl, CURLOPT_SOCKOPTFUNCTION, set_opt); +#if defined(FUZZER_FTP) + curl_easy_setopt(curl, CURLOPT_URL, "ftp://user@localhost/file.txt"); +#elif defined(FUZZER_IMAP) + curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); + curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); + curl_easy_setopt(curl, CURLOPT_URL, "imap://localhost"); +#elif defined(FUZZER_POP3) + curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); + curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); + curl_easy_setopt(curl, CURLOPT_URL, "pop3://localhost"); +#elif defined(FUZZER_HTTP_UPLOAD) + curl_easy_setopt(curl, CURLOPT_URL, "http://localhost/"); + curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); + curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); +#elif defined(FUZZER_HTTP2) + curl_easy_setopt(curl, CURLOPT_URL, "http://localhost/"); + curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 0L); +#else + curl_easy_setopt(curl, CURLOPT_URL, "http://localhost/"); + curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); +#endif + curl_easy_perform(curl); + curl_easy_cleanup(curl); + close(server_fd); + close(client_fd); + server_fd = -1; + client_fd = -1; + cur_data = NULL; + cur_size = -1; + return 0; +} diff --git a/projects/curl/curl_fuzzer.options b/projects/curl/curl_fuzzer.options new file mode 100644 index 00000000..e8e81518 --- /dev/null +++ b/projects/curl/curl_fuzzer.options @@ -0,0 +1,3 @@ +[libfuzzer] +max_len = 1000 +dict = http.dict diff --git a/projects/curl/http.dict b/projects/curl/http.dict new file mode 100644 index 00000000..57b7b437 --- /dev/null +++ b/projects/curl/http.dict @@ -0,0 +1,41 @@ +"\x0a\x0d" +"HTTP/1.0" +"HTTP/1.1" +"100" +"200" +"301" +"400" +"Server:" +"Last-Modified:" +"Content-Type:" +"text/html" +"charset=UTF-8" +"Accept-Ranges:" +"bytes" +"Content-Length:" +"Transfer-Encoding:" +"compress" +"exi" +"gzip" +"identity" +"pack200-gzip" +"br" +"deflate" +"bzip2" +"lzma" +"xz" +"Content-Encoding:" +"chunked" +"Connection:" +"close" +"Date:" +"Expires:" +"Fri, 31 Dec 1999 23:59:59 GMT" +"Cache-Control:" +"no-cache" +"no-store" +"must-revalidate" +"Pragma:" +"no-cache" +"Host:" + diff --git a/projects/curl/target.yaml b/projects/curl/target.yaml new file mode 100644 index 00000000..30580bab --- /dev/null +++ b/projects/curl/target.yaml @@ -0,0 +1 @@ +homepage: "https://curl.haxx.se/" diff --git a/projects/expat/Dockerfile b/projects/expat/Dockerfile new file mode 100644 index 00000000..83302cd7 --- /dev/null +++ b/projects/expat/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER mike.aizatsky@gmail.com +RUN apt-get install -y make autoconf automake libtool docbook2x + +RUN git clone git://git.code.sf.net/p/expat/code_git expat +WORKDIR expat/expat +COPY build.sh parse_fuzzer.* xml.dict $SRC/ diff --git a/projects/expat/Jenkinsfile b/projects/expat/Jenkinsfile new file mode 100644 index 00000000..8dde3da7 --- /dev/null +++ b/projects/expat/Jenkinsfile @@ -0,0 +1,23 @@ +// Copyright 2016 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +def libfuzzerBuild = fileLoader.fromGit('infra/libfuzzer-pipeline.groovy', + 'https://github.com/google/oss-fuzz.git') + +libfuzzerBuild { + git = "git://git.code.sf.net/p/expat/code_git" + sanitizers = ["address", "undefined"] +} diff --git a/projects/expat/build.sh b/projects/expat/build.sh new file mode 100755 index 00000000..06e03612 --- /dev/null +++ b/projects/expat/build.sh @@ -0,0 +1,27 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +./buildconf.sh +./configure +make clean +make -j$(nproc) all + +$CXX $CXXFLAGS -std=c++11 -Ilib/ \ + $SRC/parse_fuzzer.cc -o $OUT/parse_fuzzer \ + -lfuzzer .libs/libexpat.a + +cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/projects/expat/parse_fuzzer.cc b/projects/expat/parse_fuzzer.cc new file mode 100644 index 00000000..da464095 --- /dev/null +++ b/projects/expat/parse_fuzzer.cc @@ -0,0 +1,23 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include "expat.h" + +std::vector kEncodings = {{"UTF-16", "UTF-8", "ISO-8859-1", + "US-ASCII", "UTF-16BE", "UTF-16LE", + "INVALIDENCODING"}}; +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + const char* dataPtr = reinterpret_cast(data); + for (int use_ns = 0; use_ns <= 1; ++use_ns) { + for (auto enc : kEncodings) { + XML_Parser parser = + use_ns ? XML_ParserCreateNS(enc, '\n') : XML_ParserCreate(enc); + XML_Parse(parser, dataPtr, size, true); + XML_ParserFree(parser); + } + } + return 0; +} diff --git a/projects/expat/parse_fuzzer.options b/projects/expat/parse_fuzzer.options new file mode 100644 index 00000000..46f3f567 --- /dev/null +++ b/projects/expat/parse_fuzzer.options @@ -0,0 +1,3 @@ +[libfuzzer] +dict = xml.dict +max_len = 1024 diff --git a/projects/expat/target.yaml b/projects/expat/target.yaml new file mode 100644 index 00000000..b183ac20 --- /dev/null +++ b/projects/expat/target.yaml @@ -0,0 +1,4 @@ +homepage: "http://expat.sourceforge.net/" +sanitizers: + - address + - undefined diff --git a/projects/expat/xml.dict b/projects/expat/xml.dict new file mode 100644 index 00000000..8449cb08 --- /dev/null +++ b/projects/expat/xml.dict @@ -0,0 +1,125 @@ +# +# AFL dictionary for XML +# ---------------------- +# +# Several basic syntax elements and attributes, modeled on libxml2. +# +# Created by Michal Zalewski +# + +attr_encoding=" encoding=\"1\"" +attr_generic=" a=\"1\"" +attr_href=" href=\"1\"" +attr_standalone=" standalone=\"no\"" +attr_version=" version=\"1\"" +attr_xml_base=" xml:base=\"1\"" +attr_xml_id=" xml:id=\"1\"" +attr_xml_lang=" xml:lang=\"1\"" +attr_xml_space=" xml:space=\"1\"" +attr_xmlns=" xmlns=\"1\"" + +entity_builtin="<" +entity_decimal="" +entity_external="&a;" +entity_hex="" + +# keywords +"ANY" +"ATTLIST" +"CDATA" +"DOCTYPE" +"ELEMENT" +"EMPTY" +"ENTITIES" +"ENTITY" +"FIXED" +"ID" +"IDREF" +"IDREFS" +"IGNORE" +"IMPLIED" +"INCLUDE" +"NDATA" +"NMTOKEN" +"NMTOKENS" +"NOTATION" +"PCDATA" +"PUBLIC" +"REQUIRED" +"SYSTEM" + +# Various tag parts +"<" +">" +"/>" +"" +"" +"[]" +"]]" +"" +"\"\"" +"''" +"=\"\"" +"=''" + +# DTD +"" +tag_open="" +tag_open_close="" + + +"" +"http://docboo" +"http://www.w" +"he30" +"he2" +"IET" +"FDF-10" +"aDUCS-4OPveb:" +"a>" +"UT" +"xMl" +"/usr/share/sg" +"ha07" +"http://www.oa" +"cle" diff --git a/projects/ffmpeg/Dockerfile b/projects/ffmpeg/Dockerfile new file mode 100644 index 00000000..6543bc8e --- /dev/null +++ b/projects/ffmpeg/Dockerfile @@ -0,0 +1,43 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER mmoroz@chromium.org +RUN apt-get install -y make autoconf automake libtool build-essential \ + libass-dev libfreetype6-dev libsdl1.2-dev \ + libvdpau-dev libxcb1-dev libxcb-shm0-dev \ + pkg-config texinfo libbz2-dev zlib1g-dev nasm yasm cmake mercurial wget \ + xutils-dev libpciaccess-dev + +RUN git clone https://git.ffmpeg.org/ffmpeg.git ffmpeg + +RUN wget ftp://ftp.alsa-project.org/pub/lib/alsa-lib-1.1.0.tar.bz2 +RUN git clone git://anongit.freedesktop.org/mesa/drm +RUN git clone https://github.com/mstorsjo/fdk-aac.git +RUN wget https://sourceforge.net/projects/lame/files/latest/download -O lame.tar.gz +RUN git clone git://anongit.freedesktop.org/xorg/lib/libXext +RUN git clone git://anongit.freedesktop.org/git/xorg/lib/libXfixes +RUN git clone git://anongit.freedesktop.org/git/libva +RUN git clone git://people.freedesktop.org/~aplattner/libvdpau +RUN git clone https://chromium.googlesource.com/webm/libvpx +RUN svn co http://svn.xiph.org/trunk/ogg +RUN git clone git://git.xiph.org/opus.git +RUN git clone git://git.xiph.org/theora.git +RUN git clone git://git.xiph.org/vorbis.git +RUN git clone git://git.videolan.org/git/x264.git +RUN hg clone https://bitbucket.org/multicoreware/x265 + +COPY build.sh group_seed_corpus.py $SRC/ diff --git a/projects/ffmpeg/build.sh b/projects/ffmpeg/build.sh new file mode 100755 index 00000000..87e589dc --- /dev/null +++ b/projects/ffmpeg/build.sh @@ -0,0 +1,291 @@ +#!/bin/bash -eux +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Build dependencies. +export FFMPEG_DEPS_PATH=$SRC/ffmpeg_deps +mkdir -p $FFMPEG_DEPS_PATH + +cd $SRC +bzip2 -f -d alsa-lib-* +tar xf alsa-lib-* +cd alsa-lib-* +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared +make clean +make -j$(nproc) all +make install + +cd $SRC/drm +# Requires xutils-dev libpciaccess-dev +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static +make clean +make -j$(nproc) +make install + +cd $SRC/fdk-aac +autoreconf -fiv +./configure --prefix="$FFMPEG_DEPS_PATH" --disable-shared +make clean +make -j$(nproc) all +make install + +cd $SRC +tar xzf lame.tar.gz +cd lame-* +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static +make clean +make -j$(nproc) +make install + +cd $SRC/libXext +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static +make clean +make -j$(nproc) +make install + +cd $SRC/libXfixes +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static +make clean +make -j$(nproc) +make install + +cd $SRC/libva +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared +make clean +make -j$(nproc) all +make install + +cd $SRC/libvdpau +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared +make clean +make -j$(nproc) all +make install + +cd $SRC/libvpx +LDFLAGS="$CXXFLAGS $LDFLAGS" ./configure --prefix="$FFMPEG_DEPS_PATH" \ + --disable-examples --disable-unit-tests +make clean +make -j$(nproc) all +make install + +cd $SRC/ogg +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static +make clean +make -j$(nproc) +make install + +cd $SRC/opus +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static +make clean +make -j$(nproc) all +make install + +cd $SRC/theora +# theora requires ogg, need to pass its location to the "configure" script. +CFLAGS="$CFLAGS -fPIC" LDFLAGS="$LDFLAGS -L$FFMPEG_DEPS_PATH/lib/" \ + CPPFLAGS="$CXXFLAGS -I$FFMPEG_DEPS_PATH/include/" \ + LD_LIBRARY_PATH="$FFMPEG_DEPS_PATH/lib/" \ + ./autogen.sh --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-examples +make clean +make -j$(nproc) +make install + +cd $SRC/vorbis +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static +make clean +make -j$(nproc) +make install + +cd $SRC/x264 +LDFLAGS="$CXXFLAGS $LDFLAGS" ./configure --prefix="$FFMPEG_DEPS_PATH" \ + --enable-static +make clean +make -j$(nproc) +make install + +cd $SRC/x265/build/linux +cmake -G "Unix Makefiles" \ + -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \ + -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ + -DCMAKE_INSTALL_PREFIX="$FFMPEG_DEPS_PATH" -DENABLE_SHARED:bool=off \ + ../../source +make clean +make -j$(nproc) x265-static +make install + +# Remove shared libraries to avoid accidental linking against them. +rm $FFMPEG_DEPS_PATH/lib/*.so +rm $FFMPEG_DEPS_PATH/lib/*.so.* + +# Build the target. +cd $SRC/ffmpeg +PKG_CONFIG_PATH="$FFMPEG_DEPS_PATH/lib/pkgconfig" ./configure \ + --cc=$CC --cxx=$CXX --ld="$CXX $CXXFLAGS -std=c++11" \ + --extra-cflags="-I$FFMPEG_DEPS_PATH/include" \ + --extra-ldflags="-L$FFMPEG_DEPS_PATH/lib" \ + --prefix="$FFMPEG_DEPS_PATH" \ + --pkg-config-flags="--static" \ + --enable-gpl \ + --enable-libass \ + --enable-libfdk-aac \ + --enable-libfreetype \ + --enable-libmp3lame \ + --enable-libopus \ + --enable-libtheora \ + --enable-libvorbis \ + --enable-libvpx \ + --enable-libx264 \ + --enable-libx265 \ + --enable-nonfree \ + --disable-shared +make clean +make -j$(nproc) install + +# Download test sampes, will be used as seed corpus. +export TEST_SAMPLES_PATH=$SRC/ffmpeg/fate-suite/ +make fate-rsync SAMPLES=$TEST_SAMPLES_PATH + +# Build the fuzzers. +cd $SRC/ffmpeg + +export TEMP_VAR_CODEC="AV_CODEC_ID_H264" +export TEMP_VAR_CODEC_TYPE="VIDEO" + +FFMPEG_FUZZERS_COMMON_FLAGS="-lfuzzer /usr/local/lib/libc++.a \ + -L$FFMPEG_DEPS_PATH/lib \ + -Llibavcodec -Llibavdevice -Llibavfilter -Llibavformat -Llibavresample \ + -Llibavutil -Llibpostproc -Llibswscale -Llibswresample \ + -Wl,--as-needed -Wl,-z,noexecstack -Wl,--warn-common \ + -Wl,-rpath-link=libpostproc:libswresample:libswscale:libavfilter:libavdevice:libavformat:libavcodec:libavutil:libavresample \ + -lavdevice -lavfilter -lavformat -lavcodec -lswresample -lswscale \ + -lavutil -ldl -lxcb -lxcb-shm -lxcb -lxcb-xfixes -lxcb -lxcb-shape -lxcb \ + -lX11 -lasound -lm -lbz2 -lz -pthread -lva-x11 -lXext -lXfixes \ + -lx264 -lx265 -lvpx -lva -lvorbis -logg -lvorbisenc -lopus -lmp3lame \ + -lfdk-aac -ltheora -ltheoraenc -ltheoradec -lvdpau -lva-drm -ldrm" + +# Build fuzzers for audio formats. +CODEC_TYPE="AUDIO" +CODEC_NAMES="AV_CODEC_ID_AAC \ + AV_CODEC_ID_AC3 \ + AV_CODEC_ID_ADPCM_ADX \ + AV_CODEC_ID_AMR_NB \ + AV_CODEC_ID_AMR_WB \ + AV_CODEC_ID_DTS \ + AV_CODEC_ID_EAC3 \ + AV_CODEC_ID_FLAC \ + AV_CODEC_ID_GSM_MS \ + AV_CODEC_ID_MP2 \ + AV_CODEC_ID_MP3 \ + AV_CODEC_ID_QCELP \ + AV_CODEC_ID_SIPR \ + AV_CODEC_ID_WAVPACK" + +for codec in $CODEC_NAMES; do + fuzzer_name=ffmpeg_${CODEC_TYPE}_${codec}_fuzzer + + $CC $CFLAGS -I${FFMPEG_DEPS_PATH}/include \ + $SRC/ffmpeg/doc/examples/decoder_targeted.c \ + -o $OUT/${fuzzer_name} \ + -DFFMPEG_CODEC=${codec} -DFUZZ_FFMPEG_${CODEC_TYPE}= \ + ${FFMPEG_FUZZERS_COMMON_FLAGS} + + echo -en "[libfuzzer]\nmax_len = 1000000\n" > $OUT/${fuzzer_name}.options +done + +# Build fuzzers for subtitles formats. +CODEC_TYPE="SUBTITLE" +CODEC_NAMES="AV_CODEC_ID_DVD_SUBTITLE \ + AV_CODEC_ID_MOV_TEXT \ + AV_CODEC_ID_SUBRIP" + +for codec in $CODEC_NAMES; do + fuzzer_name=ffmpeg_${CODEC_TYPE}_${codec}_fuzzer + + $CC $CFLAGS -I${FFMPEG_DEPS_PATH}/include \ + $SRC/ffmpeg/doc/examples/decoder_targeted.c \ + -o $OUT/${fuzzer_name} \ + -DFFMPEG_CODEC=${codec} -DFUZZ_FFMPEG_${CODEC_TYPE}= \ + ${FFMPEG_FUZZERS_COMMON_FLAGS} +done + +# Build fuzzers for video formats. +CODEC_TYPE="VIDEO" +CODEC_NAMES="AV_CODEC_ID_AMV \ + AV_CODEC_ID_BINTEXT \ + AV_CODEC_ID_BMP \ + AV_CODEC_ID_CINEPAK \ + AV_CODEC_ID_DVVIDEO \ + AV_CODEC_ID_ESCAPE130 \ + AV_CODEC_ID_FLIC \ + AV_CODEC_ID_FLV1 \ + AV_CODEC_ID_FRAPS \ + AV_CODEC_ID_GIF \ + AV_CODEC_ID_H263 \ + AV_CODEC_ID_H263I \ + AV_CODEC_ID_H264 \ + AV_CODEC_ID_INDEO2 \ + AV_CODEC_ID_INTERPLAY_VIDEO \ + AV_CODEC_ID_JPEGLS \ + AV_CODEC_ID_KMVC \ + AV_CODEC_ID_MDEC \ + AV_CODEC_ID_MJPEG \ + AV_CODEC_ID_MPEG1VIDEO \ + AV_CODEC_ID_MPEG2VIDEO \ + AV_CODEC_ID_MPEG4 \ + AV_CODEC_ID_MSVIDEO1 \ + AV_CODEC_ID_PCX \ + AV_CODEC_ID_PGM \ + AV_CODEC_ID_PICTOR \ + AV_CODEC_ID_PNG \ + AV_CODEC_ID_RPZA \ + AV_CODEC_ID_RV40 \ + AV_CODEC_ID_SANM \ + AV_CODEC_ID_SMC \ + AV_CODEC_ID_SUNRAST \ + AV_CODEC_ID_SVQ1 \ + AV_CODEC_ID_SVQ3 \ + AV_CODEC_ID_TARGA \ + AV_CODEC_ID_TIFF \ + AV_CODEC_ID_VP3 \ + AV_CODEC_ID_VP5 \ + AV_CODEC_ID_VP6 \ + AV_CODEC_ID_VP6F \ + AV_CODEC_ID_VP8 \ + AV_CODEC_ID_ZMBV" + +for codec in $CODEC_NAMES; do + fuzzer_name=ffmpeg_${CODEC_TYPE}_${codec}_fuzzer + + $CC $CFLAGS -I${FFMPEG_DEPS_PATH}/include \ + $SRC/ffmpeg/doc/examples/decoder_targeted.c \ + -o $OUT/${fuzzer_name} \ + -DFFMPEG_CODEC=${codec} -DFUZZ_FFMPEG_${CODEC_TYPE}= \ + ${FFMPEG_FUZZERS_COMMON_FLAGS} + + echo -en "[libfuzzer]\nmax_len = 1000000\n" > $OUT/${fuzzer_name}.options +done + +# Find relevant corpus in test samples and archive them for every fuzzer. +cd $SRC +python group_seed_corpus.py $TEST_SAMPLES_PATH $OUT/ diff --git a/projects/ffmpeg/group_seed_corpus.py b/projects/ffmpeg/group_seed_corpus.py new file mode 100755 index 00000000..1e1d51cd --- /dev/null +++ b/projects/ffmpeg/group_seed_corpus.py @@ -0,0 +1,138 @@ +#!/usr/bin/env python +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +from __future__ import print_function +import logging +import os +import re +import sys +import zipfile + + +logging.basicConfig(level=logging.INFO, format='INFO: %(message)s') +CODEC_NAME_REGEXP = re.compile(r'codec_id_(.+?)_fuzzer') + + +def get_fuzzer_tags(fuzzer_name): + """Extract tags (are used to filter samples) from the given fuzzer name.""" + tags = [] + fuzzer_name = fuzzer_name.lower() + # All subtitle samples are in 'sub' directory, need to add 'sub' tag manually. + if 'subtitle' in fuzzer_name: + tags.append('sub') + m = CODEC_NAME_REGEXP.search(fuzzer_name) + if m: + codec_name = m.group(1) + # Some names are complex, need to split them and filter common strings. + codec_name_parts = codec_name.split('_') + for codec in codec_name_parts: + # Remove common strings from codec names like 'mpeg1video' or 'msvideo1'. + codec = codec.split('video')[0] + codec = codec.split('audio')[0] + codec = codec.split('subtitle')[0] + codec = codec.split('text')[0] + if codec: + # Some codec names have trailing characters: 'VP6F','FLV1', 'JPEGLS'. + # Use only first 3 characters for long enough codec names. + if len(codec) > 3: + tags.append(codec[:3]) + else: + tags.append(codec) + + return tags + + +def parse_corpus(corpus_directory): + """Recursively list all files in the given directory and ignore checksums.""" + all_corpus_files = [] + for root, dirs, files in os.walk(corpus_directory): + for filename in files: + # Skip checksum files, they are useless in corpus. + if 'md5sum' in filename: + continue + path = os.path.join(root, filename) + all_corpus_files.append(path) + + logging.info('Parsed %d corpus files from %s' % (len(all_corpus_files), + corpus_directory)) + return all_corpus_files + + +def parse_fuzzers(fuzzers_directory): + """Recursively list all fuzzers in the given directory.""" + all_fuzzers = [] + for filename in os.listdir(fuzzers_directory): + # Skip non-ffmpeg and non-fuzzer files in the given directory, + if not filename.startswith('ffmpeg_') or not filename.endswith('_fuzzer'): + continue + fuzzer_path = os.path.join(fuzzers_directory, filename) + all_fuzzers.append(fuzzer_path) + + logging.info('Parsed %d fuzzers from %s' % (len(all_fuzzers), + fuzzers_directory)) + return all_fuzzers + + +def zip_relevant_corpus(corpus_files, fuzzers): + """Find relevant corpus files and archive them for every fuzzer given.""" + for fuzzer in fuzzers: + fuzzer_name = os.path.basename(fuzzer) + fuzzer_directory = os.path.dirname(fuzzer) + fuzzer_tags = get_fuzzer_tags(fuzzer_name) + relevant_corpus_files = set() + for filename in corpus_files: + # Remove 'ffmpeg' substring to do not use everything for 'MPEG' codec. + sanitized_filename = filename.replace('ffmpeg', '').lower() + for tag in fuzzer_tags: + if tag in sanitized_filename: + relevant_corpus_files.add(filename) + + if not relevant_corpus_files: + # Strip last symbol from tags if we haven't found relevant corpus. + # It helps for such codecs as 'RV40' ('RV4' -> 'RV') or 'PCX' (-> 'PC'). + for tag in fuzzer_tags: + if tag[:-1] in sanitized_filename: + relevant_corpus_files.add(filename) + + logging.info( + 'Found %d relevant samples for %s' % (len(relevant_corpus_files), + fuzzer_name)) + + if not relevant_corpus_files: + continue + + zip_archive_name = fuzzer + "_seed_corpus.zip" + with zipfile.ZipFile(zip_archive_name, 'w') as archive: + for filename in relevant_corpus_files: + archive.write(filename) + + +def main(): + if len(sys.argv) < 3: + print('Usage: %s ' % __file__) + sys.exit(1) + + seed_corpus_directory = sys.argv[1] + fuzzers_directory = sys.argv[2] + + corpus_files = parse_corpus(seed_corpus_directory) + fuzzers = parse_fuzzers(fuzzers_directory) + zip_relevant_corpus(corpus_files, fuzzers) + + +if __name__ == '__main__': + sys.exit(main()) diff --git a/projects/ffmpeg/target.yaml b/projects/ffmpeg/target.yaml new file mode 100644 index 00000000..1a0131c9 --- /dev/null +++ b/projects/ffmpeg/target.yaml @@ -0,0 +1 @@ +homepage: "https://www.ffmpeg.org/" diff --git a/projects/file/Dockerfile b/projects/file/Dockerfile new file mode 100644 index 00000000..663f9874 --- /dev/null +++ b/projects/file/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER mike.aizatsky@gmail.com +RUN apt-get install -y make autoconf automake libtool shtool +RUN git clone https://github.com/file/file.git +WORKDIR file +COPY build.sh magic_fuzzer.cc $SRC/ diff --git a/projects/file/build.sh b/projects/file/build.sh new file mode 100755 index 00000000..6a5867a5 --- /dev/null +++ b/projects/file/build.sh @@ -0,0 +1,27 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +autoreconf -i +./configure --enable-static +make V=1 all + +$CXX $CXXFLAGS -std=c++11 -Isrc/ \ + $SRC/magic_fuzzer.cc -o $OUT/magic_fuzzer \ + -lfuzzer ./src/.libs/libmagic.a + +cp ./magic/magic.mgc $OUT/ + diff --git a/projects/file/magic_fuzzer.cc b/projects/file/magic_fuzzer.cc new file mode 100644 index 00000000..1f5b5f09 --- /dev/null +++ b/projects/file/magic_fuzzer.cc @@ -0,0 +1,51 @@ +// Copyright 2016 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include +#include +#include +#include +#include +#include + +#include + +struct Environment { + Environment(std::string data_dir) { + magic = magic_open(MAGIC_NONE); + std::string magic_path = data_dir + "/magic"; + if (magic_load(magic, magic_path.c_str())) { + fprintf(stderr, "error loading magic file: %s\n", magic_error(magic)); + exit(1); + } + } + + magic_t magic; +}; + +static Environment* env; + +extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) { + char* exe_path = (*argv)[0]; + char* dir = dirname(exe_path); + env = new Environment(dir); + return 0; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + if (size < 1) + return 0; + magic_buffer(env->magic, data, size); + return 0; +} diff --git a/projects/file/target.yaml b/projects/file/target.yaml new file mode 100644 index 00000000..a7ee8e58 --- /dev/null +++ b/projects/file/target.yaml @@ -0,0 +1,2 @@ +homepage: "http://www.darwinsys.com/file/" +primary_contact: "emaste@freebsd.org" diff --git a/projects/freetype2/Dockerfile b/projects/freetype2/Dockerfile new file mode 100644 index 00000000..d324066d --- /dev/null +++ b/projects/freetype2/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER mike.aizatsky@gmail.com +RUN apt-get install -y make autoconf libtool libarchive-dev + +RUN git clone git://git.sv.nongnu.org/freetype/freetype2.git +WORKDIR freetype2 +COPY build.sh $SRC/ diff --git a/projects/freetype2/build.sh b/projects/freetype2/build.sh new file mode 100755 index 00000000..710f533d --- /dev/null +++ b/projects/freetype2/build.sh @@ -0,0 +1,28 @@ +#!/bin/bash -eux +# +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +./autogen.sh +./configure +make -j$(nproc) clean all + +$CXX $CXXFLAGS -std=c++11 \ + -I./include -I. \ + ./src/tools/ftfuzzer/ftfuzzer.cc -o $OUT/ftfuzzer \ + ./objs/*.o -lfuzzer \ + /usr/lib/x86_64-linux-gnu/libarchive.a \ + ./objs/.libs/libfreetype.a diff --git a/projects/freetype2/target.yaml b/projects/freetype2/target.yaml new file mode 100644 index 00000000..46400ddf --- /dev/null +++ b/projects/freetype2/target.yaml @@ -0,0 +1 @@ +homepage: "https://www.freetype.org/" diff --git a/projects/harfbuzz/Dockerfile b/projects/harfbuzz/Dockerfile new file mode 100644 index 00000000..19bbb9d9 --- /dev/null +++ b/projects/harfbuzz/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER mmoroz@chromium.org +RUN apt-get install -y make autoconf automake libtool ragel pkg-config + +RUN git clone https://anongit.freedesktop.org/git/harfbuzz.git +WORKDIR harfbuzz +COPY build.sh harfbuzz_fuzzer.cc $SRC/ diff --git a/projects/harfbuzz/build.sh b/projects/harfbuzz/build.sh new file mode 100755 index 00000000..463234a0 --- /dev/null +++ b/projects/harfbuzz/build.sh @@ -0,0 +1,25 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Build the library. +./autogen.sh +./configure +make -j$(nproc) clean all + +$CXX $CXXFLAGS -std=c++11 -Isrc \ + $SRC/harfbuzz_fuzzer.cc -o $OUT/harfbuzz_fuzzer \ + -lfuzzer src/.libs/*.o src/hb-ucdn/.libs/*.o diff --git a/projects/harfbuzz/harfbuzz_fuzzer.cc b/projects/harfbuzz/harfbuzz_fuzzer.cc new file mode 100644 index 00000000..771c9b2c --- /dev/null +++ b/projects/harfbuzz/harfbuzz_fuzzer.cc @@ -0,0 +1,46 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include +#include + +#include +#include + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + const char* dataPtr = reinterpret_cast(data); + hb_blob_t* blob = hb_blob_create(dataPtr, size, HB_MEMORY_MODE_READONLY, NULL, + NULL); + hb_face_t* face = hb_face_create(blob, 0); + hb_font_t* font = hb_font_create(face); + hb_ot_font_set_funcs(font); + hb_font_set_scale(font, 12, 12); + + { + const char text[] = "ABCDEXYZ123@_%&)*$!"; + hb_buffer_t* buffer = hb_buffer_create(); + hb_buffer_add_utf8(buffer, text, -1, 0, -1); + hb_buffer_guess_segment_properties(buffer); + hb_shape(font, buffer, NULL, 0); + hb_buffer_destroy(buffer); + } + + uint32_t text32[16] = { 0 }; + if (size > sizeof(text32)) { + memcpy(text32, data + size - sizeof(text32), sizeof(text32)); + hb_buffer_t* buffer = hb_buffer_create(); + size_t text32len = sizeof(text32) / sizeof(text32[0]); + hb_buffer_add_utf32(buffer, text32, text32len, 0, -1); + hb_buffer_guess_segment_properties(buffer); + hb_shape(font, buffer, NULL, 0); + hb_buffer_destroy(buffer); + } + + hb_font_destroy(font); + hb_face_destroy(face); + hb_blob_destroy(blob); + return 0; +} diff --git a/projects/harfbuzz/target.yaml b/projects/harfbuzz/target.yaml new file mode 100644 index 00000000..6af32a01 --- /dev/null +++ b/projects/harfbuzz/target.yaml @@ -0,0 +1 @@ +homepage: "http://www.harfbuzz.org/" diff --git a/projects/icu/Dockerfile b/projects/icu/Dockerfile new file mode 100644 index 00000000..e420bc5b --- /dev/null +++ b/projects/icu/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER mike.aizatsky@gmail.com +RUN apt-get install -y make + +RUN svn co http://source.icu-project.org/repos/icu/trunk/icu4c/ icu +COPY build.sh *.cc *.h *.dict *.options $SRC/ diff --git a/projects/icu/break_iterator_fuzzer.cc b/projects/icu/break_iterator_fuzzer.cc new file mode 100644 index 00000000..143a74da --- /dev/null +++ b/projects/icu/break_iterator_fuzzer.cc @@ -0,0 +1,46 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include +#include +#include "fuzzer_utils.h" +#include "unicode/brkiter.h" + +IcuEnvironment* env = new IcuEnvironment(); + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + UErrorCode status = U_ZERO_ERROR; + icu::UnicodeString str(UnicodeStringFromUtf8(data, size)); + + auto rng = CreateRng(data, size); + const icu::Locale& locale = GetRandomLocale(&rng); + + std::unique_ptr bi; + + switch (rng() % 5) { + case 0: + bi.reset(icu::BreakIterator::createWordInstance(locale, status)); + break; + case 1: + bi.reset(icu::BreakIterator::createLineInstance(locale, status)); + break; + case 2: + bi.reset(icu::BreakIterator::createCharacterInstance(locale, status)); + break; + case 3: + bi.reset(icu::BreakIterator::createSentenceInstance(locale, status)); + break; + case 4: + bi.reset(icu::BreakIterator::createTitleInstance(locale, status)); + break; + } + if (U_FAILURE(status)) return 0; + + for (int32_t p = bi->first(); p != icu::BreakIterator::DONE; p = bi->next()) + if (U_FAILURE(status)) return 0; + + return 0; +} + diff --git a/projects/icu/break_iterator_utf32_fuzzer.cc b/projects/icu/break_iterator_utf32_fuzzer.cc new file mode 100644 index 00000000..544e5f6d --- /dev/null +++ b/projects/icu/break_iterator_utf32_fuzzer.cc @@ -0,0 +1,47 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include +#include +#include "fuzzer_utils.h" +#include "unicode/brkiter.h" + +IcuEnvironment* env = new IcuEnvironment(); + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + UErrorCode status = U_ZERO_ERROR; + icu::UnicodeString str(UnicodeStringFromUtf32(data, size)); + + auto rng = CreateRng(data, size); + const icu::Locale& locale = GetRandomLocale(&rng); + + std::unique_ptr bi; + + switch (rng() % 5) { + case 0: + bi.reset(icu::BreakIterator::createWordInstance(locale, status)); + break; + case 1: + bi.reset(icu::BreakIterator::createLineInstance(locale, status)); + break; + case 2: + bi.reset(icu::BreakIterator::createCharacterInstance(locale, status)); + break; + case 3: + bi.reset(icu::BreakIterator::createSentenceInstance(locale, status)); + break; + case 4: + bi.reset(icu::BreakIterator::createTitleInstance(locale, status)); + break; + } + if (U_FAILURE(status)) + return 0; + + for (int32_t p = bi->first(); p != icu::BreakIterator::DONE; p = bi->next()) + if (U_FAILURE(status)) + return 0; + + return 0; +} diff --git a/projects/icu/build.sh b/projects/icu/build.sh new file mode 100755 index 00000000..9cca5484 --- /dev/null +++ b/projects/icu/build.sh @@ -0,0 +1,48 @@ +#!/bin/bash -eux +# +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +mkdir $WORK/icu +cd $WORK/icu + +# TODO: icu build failes without -DU_USE_STRTOD_L=0 +DEFINES="-DU_CHARSET_IS_UTF8=1 -DU_USING_ICU_NAMESPACE=0 -DU_ENABLE_DYLOAD=0 -DU_USE_STRTOD_L=0" +CFLAGS="$CFLAGS $DEFINES" +CXXFLAGS="$CXXFLAGS $DEFINES" + +CFLAGS=$CFLAGS CXXFLAGS=$CXXFLAGS CC=$CC CXX=$CXX \ + /bin/bash $SRC/icu/source/runConfigureICU Linux \ + --with-library-bits=64 --with-data-packaging=static --enable-static --disable-shared + +make -j$(nproc) + +FUZZERS="break_iterator_fuzzer \ + break_iterator_utf32_fuzzer \ + converter_fuzzer \ + number_format_fuzzer \ + ucasemap_fuzzer \ + unicode_string_codepage_create_fuzzer \ + uregex_open_fuzzer + " +for fuzzer in $FUZZERS; do + $CXX $CXXFLAGS -std=c++11 \ + $SRC/$fuzzer.cc -o $OUT/$fuzzer \ + -I$SRC/icu/source/common -I$SRC/icu/source/i18n -L$WORK/icu/lib \ + -lfuzzer -licui18n -licuuc -licutu -licudata +done + +cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/projects/icu/converter_fuzzer.cc b/projects/icu/converter_fuzzer.cc new file mode 100644 index 00000000..cfbdebf6 --- /dev/null +++ b/projects/icu/converter_fuzzer.cc @@ -0,0 +1,45 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include +#include +#include +#include + +#include "fuzzer_utils.h" +#include "unicode/unistr.h" +#include "unicode/ucnv.h" + +IcuEnvironment* env = new IcuEnvironment(); + +template +using deleted_unique_ptr = std::unique_ptr>; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + UErrorCode status = U_ZERO_ERROR; + auto rng = CreateRng(data, size); + icu::UnicodeString str(UnicodeStringFromUtf8(data, size)); + + const char* converter_name = + ucnv_getAvailableName(rng() % ucnv_countAvailable()); + + deleted_unique_ptr converter(ucnv_open(converter_name, &status), + &ucnv_close); + + if (U_FAILURE(status)) + return 0; + + static const size_t dest_buffer_size = 1024 * 1204; + static const std::unique_ptr dest_buffer(new char[dest_buffer_size]); + + str.extract(dest_buffer.get(), dest_buffer_size, converter.get(), status); + + if (U_FAILURE(status)) + return 0; + + return 0; +} diff --git a/projects/icu/fuzzer_utils.h b/projects/icu/fuzzer_utils.h new file mode 100644 index 00000000..d879bc39 --- /dev/null +++ b/projects/icu/fuzzer_utils.h @@ -0,0 +1,53 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef FUZZER_UTILS_H_ +#define FUZZER_UTILS_H_ + +#include +#include +#include + +#include "unicode/locid.h" +#include "unicode/uchar.h" + +struct IcuEnvironment { + IcuEnvironment() { + // nothing to initialize yet; + } +}; + +// Create RNG and seed it from data. +std::mt19937_64 CreateRng(const uint8_t* data, size_t size) { + std::mt19937_64 rng; + std::string str = std::string(reinterpret_cast(data), size); + std::size_t data_hash = std::hash()(str); + rng.seed(data_hash); + return rng; +} + +const icu::Locale& GetRandomLocale(std::mt19937_64* rng) { + int32_t num_locales = 0; + const icu::Locale* locales = icu::Locale::getAvailableLocales(num_locales); + assert(num_locales > 0); + return locales[(*rng)() % num_locales]; +} + +icu::UnicodeString UnicodeStringFromUtf8(const uint8_t* data, size_t size) { + return icu::UnicodeString::fromUTF8( + icu::StringPiece(reinterpret_cast(data), size)); +} + +icu::UnicodeString UnicodeStringFromUtf32(const uint8_t* data, size_t size) { + std::vector uchars; + uchars.resize(size * sizeof(uint8_t) / (sizeof(UChar32))); + memcpy(uchars.data(), data, uchars.size() * sizeof(UChar32)); + for (size_t i = 0; i < uchars.size(); ++i) { + uchars[i] = std::min(uchars[i], UCHAR_MAX_VALUE); + } + + return icu::UnicodeString::fromUTF32(uchars.data(), uchars.size()); +} + +#endif // FUZZER_UTILS_H_ diff --git a/projects/icu/number_format_fuzzer.cc b/projects/icu/number_format_fuzzer.cc new file mode 100644 index 00000000..88df77b7 --- /dev/null +++ b/projects/icu/number_format_fuzzer.cc @@ -0,0 +1,30 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +// Fuzzer for NumberFormat::parse. + +#include +#include +#include +#include "fuzzer_utils.h" +#include "unicode/numfmt.h" + +IcuEnvironment* env = new IcuEnvironment(); + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + UErrorCode status = U_ZERO_ERROR; + + auto rng = CreateRng(data, size); + const icu::Locale& locale = GetRandomLocale(&rng); + + std::unique_ptr fmt( + icu::NumberFormat::createInstance(locale, status)); + if (U_FAILURE(status)) return 0; + + icu::UnicodeString str(UnicodeStringFromUtf8(data, size)); + icu::Formattable result; + fmt->parse(str, result, status); + + return 0; +} diff --git a/projects/icu/regex.dict b/projects/icu/regex.dict new file mode 100644 index 00000000..b0456e6d --- /dev/null +++ b/projects/icu/regex.dict @@ -0,0 +1,103 @@ +# Copyright 2016 The Chromium Authors. All rights reserved. +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. + +"\\a" +"\\A" +"\\b" +"\\B" +"\\cX" +"\\cC" +"\\cZ" +"\\d" +"\\D" +"\\e" +"\\u001B" +"\\E" +"\\f" +"\\u000C" +"\\G" +"\\h" +"\\u0009" +"\\H" +"\\k" +"\\n" +"\\N" +"\\p" +"\\P" +"{" +"}" +"\\Q" +"\\r" +"\\u000D" +"\\R" +"\\u000a" +"\\u000b" +"\\u000c" +"\\u000d" +"\\u0085" +"\\u2028" +"\\u2029" +"\\s" +"[\\t\\n\\f\\r\\p{Z}]" +"\\S" +"\\t" +"\\u0009" +"\\u" +"\\uf0ff" +"\\U" +"\\U0010ffff." +"\\v" +"\\V" +"\\w" +"\\W" +"\\x" +"\\xhh" +"\\X" +"\\Z" +"\\z" +"\\n" +"\\0" +"\\0ooo" +"." +"^" +"$" +"\\" +"|" +"*" +"+" +"?" +"," +"*?" +"+?" +"??" +"*+" +"++" +"?+" +"(" +"(?:" +"(?>" +"(?#" +"(?=" +"(?!" +"(?<=" +"(? +#include +#include +#include "fuzzer_utils.h" +#include "unicode/ucasemap.h" + +IcuEnvironment* env = new IcuEnvironment(); + +template +using deleted_unique_ptr = std::unique_ptr>; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + UErrorCode status = U_ZERO_ERROR; + + auto rng = CreateRng(data, size); + const icu::Locale& locale = GetRandomLocale(&rng); + uint32_t open_flags = static_cast(rng()); + + deleted_unique_ptr csm( + ucasemap_open(locale.getName(), open_flags, &status), + [](UCaseMap* map) { ucasemap_close(map); }); + + if (U_FAILURE(status)) + return 0; + + int32_t dst_size = size * 2; + std::unique_ptr dst(new char[dst_size]); + auto src = reinterpret_cast(data); + + switch (rng() % 4) { + case 0: ucasemap_utf8ToLower(csm.get(), dst.get(), dst_size, src, size, + &status); + break; + case 1: ucasemap_utf8ToUpper(csm.get(), dst.get(), dst_size, src, size, + &status); + break; + case 2: ucasemap_utf8ToTitle(csm.get(), dst.get(), dst_size, src, size, + &status); + break; + case 3: ucasemap_utf8FoldCase(csm.get(), dst.get(), dst_size, src, size, + &status); + break; + } + + return 0; +} + diff --git a/projects/icu/unicode_string_codepage_create_fuzzer.cc b/projects/icu/unicode_string_codepage_create_fuzzer.cc new file mode 100644 index 00000000..bb0489ca --- /dev/null +++ b/projects/icu/unicode_string_codepage_create_fuzzer.cc @@ -0,0 +1,73 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include +#include +#include + +#include "fuzzer_utils.h" +#include "unicode/unistr.h" + +// Taken from third_party/icu/source/data/mappings/convrtrs.txt file. +static const std::array kConverters = { + { + "UTF-8", + "utf-16be", + "utf-16le", + "UTF-32", + "UTF-32BE", + "UTF-32LE", + "ibm866-html", + "iso-8859-2-html", + "iso-8859-3-html", + "iso-8859-4-html", + "iso-8859-5-html", + "iso-8859-6-html", + "iso-8859-7-html", + "iso-8859-8-html", + "ISO-8859-8-I", + "iso-8859-10-html", + "iso-8859-13-html", + "iso-8859-14-html", + "iso-8859-15-html", + "iso-8859-16-html", + "koi8-r-html", + "koi8-u-html", + "macintosh-html", + "windows-874-html", + "windows-1250-html", + "windows-1251-html", + "windows-1252-html", + "windows-1253-html", + "windows-1254-html", + "windows-1255-html", + "windows-1256-html", + "windows-1257-html", + "windows-1258-html", + "x-mac-cyrillic-html", + "windows-936-2000", + "gb18030", + "big5-html", + "euc-jp-html", + "ISO_2022,locale=ja,version=0", + "shift_jis-html", + "euc-kr-html", + "ISO-2022-KR", + "ISO-2022-CN", + "ISO-2022-CN-EXT", + "HZ-GB-2312" + } +}; + +IcuEnvironment* env = new IcuEnvironment(); + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + auto rng = CreateRng(data, size); + icu::UnicodeString str(reinterpret_cast(data), size, + kConverters[rng() % kConverters.size()]); + return 0; +} diff --git a/projects/icu/uregex_open_fuzzer.cc b/projects/icu/uregex_open_fuzzer.cc new file mode 100644 index 00000000..7e2744c6 --- /dev/null +++ b/projects/icu/uregex_open_fuzzer.cc @@ -0,0 +1,23 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "fuzzer_utils.h" +#include "unicode/regex.h" + +IcuEnvironment* env = new IcuEnvironment(); + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + UParseError pe = { 0 }; + UErrorCode status = U_ZERO_ERROR; + URegularExpression* re = uregex_open(reinterpret_cast(data), + static_cast(size) / sizeof(UChar), + 0, &pe, &status); + if (re) + uregex_close(re); + + return 0; +} diff --git a/projects/icu/uregex_open_fuzzer.options b/projects/icu/uregex_open_fuzzer.options new file mode 100644 index 00000000..0e5d596d --- /dev/null +++ b/projects/icu/uregex_open_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = regex.dict diff --git a/projects/json/Dockerfile b/projects/json/Dockerfile new file mode 100644 index 00000000..3d5c6c1a --- /dev/null +++ b/projects/json/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER vitalybuka@gmail.com +RUN apt-get install -y binutils gcc + +RUN git clone https://github.com/nlohmann/json.git +WORKDIR json/ +COPY build.sh parse_fuzzer.* $SRC/ diff --git a/projects/json/build.sh b/projects/json/build.sh new file mode 100755 index 00000000..304b7320 --- /dev/null +++ b/projects/json/build.sh @@ -0,0 +1,22 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +$CXX $CXXFLAGS -std=c++11 -Isrc/ \ + $SRC/parse_fuzzer.cc -o $OUT/parse_fuzzer \ + -lfuzzer + +cp $SRC/*.options $OUT/ diff --git a/projects/json/parse_fuzzer.cc b/projects/json/parse_fuzzer.cc new file mode 100644 index 00000000..bb8b3d37 --- /dev/null +++ b/projects/json/parse_fuzzer.cc @@ -0,0 +1,36 @@ +// Copyright 2016 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include +#include +#include + +using json = nlohmann::json; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + try { + std::stringstream s; + s << json::parse(data, data + size); + try { + auto j = json::parse(s.str()); + std::stringstream s2; + s2 << j; + assert(s.str() == s2.str()); + assert(j == json::parse(s.str())); + } catch (const std::invalid_argument&) { + assert(0); + } + } catch (const std::invalid_argument&) { } + return 0; +} diff --git a/projects/json/parse_fuzzer.options b/projects/json/parse_fuzzer.options new file mode 100644 index 00000000..393dd174 --- /dev/null +++ b/projects/json/parse_fuzzer.options @@ -0,0 +1,3 @@ +[libfuzzer] +max_len = 456 +timeout = 10 diff --git a/projects/json/target.yaml b/projects/json/target.yaml new file mode 100644 index 00000000..e5c6f8c3 --- /dev/null +++ b/projects/json/target.yaml @@ -0,0 +1 @@ +homepage: "https://github.com/nlohmann/json" diff --git a/projects/lcms/Dockerfile b/projects/lcms/Dockerfile new file mode 100644 index 00000000..85d94ee5 --- /dev/null +++ b/projects/lcms/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER kcwu@google.com +RUN apt-get install -y make autoconf automake libtool +RUN git clone https://github.com/mm2/Little-CMS.git lcms +WORKDIR lcms +COPY build.sh cmsIT8_load_fuzzer.* cms_transform_fuzzer.* icc.dict $SRC/ diff --git a/projects/lcms/build.sh b/projects/lcms/build.sh new file mode 100755 index 00000000..6591267b --- /dev/null +++ b/projects/lcms/build.sh @@ -0,0 +1,32 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build the target. +./configure +make -j$(nproc) all + +# build your fuzzer(s) +FUZZERS="cmsIT8_load_fuzzer cms_transform_fuzzer" +for F in $FUZZERS; do + $CC $CFLAGS -c -Iinclude \ + $SRC/$F.c -o $SRC/$F.o + $CXX $CXXFLAGS \ + $SRC/$F.o -o $OUT/$F \ + -lfuzzer src/.libs/liblcms2.a +done + +cp $SRC/icc.dict $SRC/*.options $OUT/ diff --git a/projects/lcms/cmsIT8_load_fuzzer.c b/projects/lcms/cmsIT8_load_fuzzer.c new file mode 100644 index 00000000..b336eaff --- /dev/null +++ b/projects/lcms/cmsIT8_load_fuzzer.c @@ -0,0 +1,31 @@ +// Copyright 2016 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +#include + +#include "lcms2.h" + +// The main sink +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size == 0) + return 0; + + cmsHANDLE handle = cmsIT8LoadFromMem(0, (void *)data, size); + if (handle) + cmsIT8Free(handle); + + return 0; +} diff --git a/projects/lcms/cmsIT8_load_fuzzer.options b/projects/lcms/cmsIT8_load_fuzzer.options new file mode 100644 index 00000000..beabdc2b --- /dev/null +++ b/projects/lcms/cmsIT8_load_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = icc.dict diff --git a/projects/lcms/cms_transform_fuzzer.c b/projects/lcms/cms_transform_fuzzer.c new file mode 100644 index 00000000..6653f61d --- /dev/null +++ b/projects/lcms/cms_transform_fuzzer.c @@ -0,0 +1,50 @@ +// Copyright 2016 The PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. +#include + +#include "lcms2.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + cmsHPROFILE srcProfile = cmsOpenProfileFromMem(data, size); + if (!srcProfile) return 0; + + cmsHPROFILE dstProfile = cmsCreate_sRGBProfile(); + if (!dstProfile) { + cmsCloseProfile(srcProfile); + return 0; + } + + cmsColorSpaceSignature srcCS = cmsGetColorSpace(srcProfile); + cmsUInt32Number nSrcComponents = cmsChannelsOf(srcCS); + cmsUInt32Number srcFormat; + if (srcCS == cmsSigLabData) { + srcFormat = + COLORSPACE_SH(PT_Lab) | CHANNELS_SH(nSrcComponents) | BYTES_SH(0); + } else { + srcFormat = + COLORSPACE_SH(PT_ANY) | CHANNELS_SH(nSrcComponents) | BYTES_SH(1); + } + + cmsUInt32Number intent = 0; + cmsUInt32Number flags = 0; + cmsHTRANSFORM hTransform = cmsCreateTransform( + srcProfile, srcFormat, dstProfile, TYPE_BGR_8, intent, flags); + cmsCloseProfile(srcProfile); + cmsCloseProfile(dstProfile); + if (!hTransform) return 0; + + uint8_t output[4]; + if (T_BYTES(srcFormat) == 0) { // 0 means double + double input[nSrcComponents]; + for (uint32_t i = 0; i < nSrcComponents; i++) input[i] = 0.5f; + cmsDoTransform(hTransform, input, output, 1); + } else { + uint8_t input[nSrcComponents]; + for (uint32_t i = 0; i < nSrcComponents; i++) input[i] = 128; + cmsDoTransform(hTransform, input, output, 1); + } + cmsDeleteTransform(hTransform); + + return 0; +} diff --git a/projects/lcms/cms_transform_fuzzer.options b/projects/lcms/cms_transform_fuzzer.options new file mode 100644 index 00000000..beabdc2b --- /dev/null +++ b/projects/lcms/cms_transform_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = icc.dict diff --git a/projects/lcms/icc.dict b/projects/lcms/icc.dict new file mode 100644 index 00000000..f21711ce --- /dev/null +++ b/projects/lcms/icc.dict @@ -0,0 +1,251 @@ +# Fuzzing dictionary for icc +# Extracted from lcms2.h of Little-CMS project 2.8. + +magic="acsp" +sig="lcms" + +# Base ICC type definitions +"chrm" +"clro" +"clrt" +"crdi" +"curv" +"data" +"dict" +"dtim" +"devs" +"mft2" +"mft1" +"mAB " +"mBA " +"meas" +"mluc" +"mpet" +"ncol" +"ncl2" +"para" +"pseq" +"psid" +"rcs2" +"sf32" +"scrn" +"sig " +"text" +"desc" +"uf32" +"bfd " +"ui16" +"ui32" +"ui64" +"ui08" +"vcgt" +"view" +"XYZ " + +# Base ICC tag definitions +"A2B0" +"A2B1" +"A2B2" +"bXYZ" +"bXYZ" +"bTRC" +"B2A0" +"B2A1" +"B2A2" +"calt" +"targ" +"chad" +"chrm" +"clro" +"clrt" +"clot" +"ciis" +"cprt" +"crdi" +"data" +"dtim" +"dmnd" +"dmdd" +"devs" +"D2B0" +"D2B1" +"D2B2" +"D2B3" +"B2D0" +"B2D1" +"B2D2" +"B2D3" +"gamt" +"kTRC" +"gXYZ" +"gXYZ" +"gTRC" +"lumi" +"meas" +"bkpt" +"wtpt" +"ncol" +"ncl2" +"resp" +"rig0" +"pre0" +"pre1" +"pre2" +"desc" +"dscm" +"pseq" +"psid" +"psd0" +"psd1" +"psd2" +"psd3" +"ps2s" +"ps2i" +"rXYZ" +"rXYZ" +"rTRC" +"rig2" +"scrd" +"scrn" +"tech" +"bfd " +"vued" +"view" +"vcgt" +"meta" +"arts" + +# ICC Technology tag +"dcam" +"fscn" +"rscn" +"ijet" +"twax" +"epho" +"esta" +"dsub" +"rpho" +"fprn" +"vidm" +"vidc" +"pjtv" +"CRT " +"PMD " +"AMD " +"KPCD" +"imgs" +"grav" +"offs" +"silk" +"flex" +"mpfs" +"mpfr" +"dmpc" +"dcpj" + +# ICC Color spaces +"XYZ " +"Lab " +"Luv " +"YCbr" +"Yxy " +"RGB " +"GRAY" +"HSV " +"HLS " +"CMYK" +"CMY " +"MCH1" +"MCH2" +"MCH3" +"MCH4" +"MCH5" +"MCH6" +"MCH7" +"MCH8" +"MCH9" +"MCHA" +"MCHB" +"MCHC" +"MCHD" +"MCHE" +"MCHF" +"nmcl" +"1CLR" +"2CLR" +"3CLR" +"4CLR" +"5CLR" +"6CLR" +"7CLR" +"8CLR" +"9CLR" +"ACLR" +"BCLR" +"CCLR" +"DCLR" +"ECLR" +"FCLR" +"LuvK" + +# ICC Profile Class +"scnr" +"mntr" +"prtr" +"link" +"abst" +"spac" +"nmcl" + +# ICC Platforms +"APPL" +"MSFT" +"SUNW" +"SGI " +"TGNT" +"*nix" + +# Reference gamut +"prmg" + +# For cmsSigColorimetricIntentImageStateTag +"scoe" +"sape" +"fpce" +"rhoc" +"rpoc" + +# Multi process elements types +"cvst" +"matf" +"clut" +"bACS" +"eACS" +"l2x " +"x2l " +"ncl " +"2 4 " +"4 2 " +"idn " +"d2l " +"l2d " +"d2x " +"x2d " +"clp " + +# Types of CurveElements +"parf" +"samf" +"curf" + +# Used in ResponseCurveType +"StaA" +"StaE" +"StaI" +"StaT" +"StaM" +"DN " +"DN P" +"DNN " +"DNNP" + diff --git a/projects/lcms/target.yaml b/projects/lcms/target.yaml new file mode 100644 index 00000000..a30635b3 --- /dev/null +++ b/projects/lcms/target.yaml @@ -0,0 +1 @@ +homepage: "https://github.com/mm2/Little-CMS" diff --git a/projects/libarchive/Dockerfile b/projects/libarchive/Dockerfile new file mode 100644 index 00000000..d10fa0fd --- /dev/null +++ b/projects/libarchive/Dockerfile @@ -0,0 +1,27 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER kcwu@google.com + +# Installing optional libraries can utilize more code path and/or improve +# performance (avoid calling external programs). +RUN apt-get install -y make autoconf automake libtool pkg-config \ + libbz2-dev liblzo2-dev liblzma-dev liblz4-dev libz-dev \ + libxml2-dev libssl-dev +RUN git clone https://github.com/libarchive/libarchive.git +WORKDIR libarchive +COPY build.sh libarchive_fuzzer.cc $SRC/ diff --git a/projects/libarchive/build.sh b/projects/libarchive/build.sh new file mode 100755 index 00000000..275fd68a --- /dev/null +++ b/projects/libarchive/build.sh @@ -0,0 +1,28 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build the target. +./build/autogen.sh +./configure +make -j$(nproc) all + +# build your fuzzer(s) +$CXX $CXXFLAGS -Ilibarchive \ + $SRC/libarchive_fuzzer.cc -o $OUT/libarchive_fuzzer \ + -lfuzzer .libs/libarchive.a \ + -Wl,-Bstatic -lbz2 -llzo2 -lxml2 -llzma -lz -lcrypto -llz4 -licuuc \ + -licudata -Wl,-Bdynamic diff --git a/projects/libarchive/libarchive_fuzzer.cc b/projects/libarchive/libarchive_fuzzer.cc new file mode 100644 index 00000000..fb6fb5a5 --- /dev/null +++ b/projects/libarchive/libarchive_fuzzer.cc @@ -0,0 +1,54 @@ +// Copyright 2016 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// +#include +#include +#include + +#include "archive.h" + +struct Buffer { + const uint8_t *buf; + size_t len; +}; + +ssize_t reader_callback(struct archive *a, void *client_data, + const void **block) { + Buffer *buffer = reinterpret_cast(client_data); + *block = buffer->buf; + ssize_t len = buffer->len; + buffer->len = 0; + return len; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + struct archive *a = archive_read_new(); + + archive_read_support_filter_all(a); + archive_read_support_format_all(a); + + Buffer buffer = {buf, len}; + archive_read_open(a, &buffer, NULL, reader_callback, NULL); + + std::vector data_buffer(getpagesize(), 0); + struct archive_entry *entry; + while (archive_read_next_header(a, &entry) == ARCHIVE_OK) { + while (archive_read_data(a, data_buffer.data(), data_buffer.size()) > 0) + ; + } + + archive_read_free(a); + return 0; +} diff --git a/projects/libarchive/target.yaml b/projects/libarchive/target.yaml new file mode 100644 index 00000000..7b0161ba --- /dev/null +++ b/projects/libarchive/target.yaml @@ -0,0 +1 @@ +homepage: "https://github.com/libarchive/libarchive" diff --git a/projects/libass/Dockerfile b/projects/libass/Dockerfile new file mode 100644 index 00000000..1fd7c92e --- /dev/null +++ b/projects/libass/Dockerfile @@ -0,0 +1,24 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER eugeni.stepanov@gmail.com +RUN apt-get install -y make autoconf automake libtool pkg-config libfreetype6-dev libfontconfig1-dev + +RUN git clone https://github.com/libass/libass.git +RUN git clone https://github.com/behdad/fribidi.git + +COPY build.sh libass_fuzzer.cc *.dict *.options $SRC/ diff --git a/projects/libass/ass.dict b/projects/libass/ass.dict new file mode 100644 index 00000000..aa4f9b43 --- /dev/null +++ b/projects/libass/ass.dict @@ -0,0 +1,112 @@ +"0x" +"\\1a" +"\\2a" +"\\2c" +"\\3a" +"\\3c" +"\\4a" +"\\4c" +"\\a" +"\\alpha" +"\\an" +"Arial" +"\\b" +"Banner;" +"\\be" +"\\blur" +"\\bord" +"\\c" +"CFF" +"CID Type 1" +"\\clip" +"clip" +"Courier" +"Courier New" +"Default" +"Dialogue:" +"[Events]" +"\\fade" +"\\fax" +"\\fay" +"\\fe" +"\\fn" +"fontname:" +"[Fonts]" +"Format:" +"\\frx" +"\\fry" +"\\frz" +"\\fs" +"\\fsc" +"\\fscx" +"\\fscy" +"\\fsp" +"&h" +"Helvetica" +"\\i" +"\\iclip" +"iclip" +"\\k" +"Kerning:" +"Kerning" +"\\kf" +"\\ko" +"Language:" +"monospace" +"\\move" +"move" +"none" +"\\org" +"org" +"OverrideStyle" +"\\p" +"p" +"\\pbo" +"pbo" +"pc.240m" +"pc.601" +"pc.709" +"pc.fcc" +"PlayResX:" +"PlayResX" +"PlayResY:" +"PlayResY" +"\\pos" +"pos" +"\\q" +"\\r" +"\\s" +"sans-serif" +"ScaledBorderAndShadow:" +"ScaledBorderAndShadow" +"[Script Info]" +"Scroll down;" +"Scroll up;" +"serif" +"\\shad" +"Style:" +"\\t" +"Text" +"Timer:" +"Timer" +"Times" +"Times New Roman" +"tv.240m" +"tv.601" +"tv.709" +"tv.fcc" +"Type 1" +"Type 42" +"\\u" +"UTF-8" +"[V4 Styles]" +"[V4+ Styles]" +"WrapStyle:" +"WrapStyle" +"\\xbord" +"\\xshad" +"\\ybord" +"YCbCr Matrix:" +"YCbCr Matrix" +"yes" +"\\yshad" diff --git a/projects/libass/build.sh b/projects/libass/build.sh new file mode 100755 index 00000000..07db7d05 --- /dev/null +++ b/projects/libass/build.sh @@ -0,0 +1,36 @@ +#!/bin/bash -eux +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cd $SRC/fribidi +./bootstrap +./configure --enable-static=yes --enable-shared=no --with-pic=yes +# Don't run "make": it's broken. Run "make install". +make install + +cd $SRC/libass + +./autogen.sh +./configure --disable-asm +make -j$(nproc) + +$CXX $CXXFLAGS -std=c++11 -I$SRC/libass \ + $SRC/libass_fuzzer.cc -o $OUT/libass_fuzzer \ + -lfuzzer libass/.libs/libass.a \ + -Wl,-Bstatic -lfontconfig -lfribidi -lfreetype -lz -lpng12 \ + -lexpat -Wl,-Bdynamic + +cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/projects/libass/libass_fuzzer.cc b/projects/libass/libass_fuzzer.cc new file mode 100644 index 00000000..5254faff --- /dev/null +++ b/projects/libass/libass_fuzzer.cc @@ -0,0 +1,49 @@ +#include +#include + +#include + +static ASS_Library *ass_library; +static ASS_Renderer *ass_renderer; + +void msg_callback(int level, const char *fmt, va_list va, void *data) { +} + +static const int kFrameWidth = 1280; +static const int kFrameHeight = 720; + +static bool init(int frame_w, int frame_h) { + ass_library = ass_library_init(); + if (!ass_library) { + printf("ass_library_init failed!\n"); + exit(1); + } + + ass_set_message_cb(ass_library, msg_callback, NULL); + + ass_renderer = ass_renderer_init(ass_library); + if (!ass_renderer) { + printf("ass_renderer_init failed!\n"); + exit(1); + } + + ass_set_frame_size(ass_renderer, frame_w, frame_h); + ass_set_fonts(ass_renderer, nullptr, "sans-serif", + ASS_FONTPROVIDER_AUTODETECT, nullptr, 1); + return true; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + static bool initialized = init(kFrameWidth, kFrameHeight); + + ASS_Track *track = ass_read_memory(ass_library, (char *)data, size, nullptr); + if (!track) return 0; + + for (int i = 0; i < track->n_events; ++i) { + ASS_Event &ev = track->events[i]; + long long tm = ev.Start + ev.Duration / 2; + ass_render_frame(ass_renderer, track, tm, nullptr); + } + ass_free_track(track); + return 0; +} diff --git a/projects/libass/libass_fuzzer.options b/projects/libass/libass_fuzzer.options new file mode 100644 index 00000000..6a3e33bc --- /dev/null +++ b/projects/libass/libass_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = ass.dict diff --git a/projects/libass/target.yaml b/projects/libass/target.yaml new file mode 100644 index 00000000..6289bce1 --- /dev/null +++ b/projects/libass/target.yaml @@ -0,0 +1 @@ +homepage: "https://github.com/libass/libass" diff --git a/projects/libchewing/Dockerfile b/projects/libchewing/Dockerfile new file mode 100644 index 00000000..50fb6939 --- /dev/null +++ b/projects/libchewing/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER kcwu@csie.org +RUN apt-get install -y make autoconf automake libtool texinfo + +RUN git clone https://github.com/chewing/libchewing.git +WORKDIR libchewing +COPY build.sh chewing_fuzzer_common.[ch] chewing_*_fuzzer.c $SRC/ diff --git a/projects/libchewing/build.sh b/projects/libchewing/build.sh new file mode 100755 index 00000000..96f295ff --- /dev/null +++ b/projects/libchewing/build.sh @@ -0,0 +1,39 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build the library. +./autogen.sh +./configure --disable-shared --enable-static --without-sqlite3 +make clean +make -j$(nproc) all + +# build your fuzzer(s) +make -C test CFLAGS="$CFLAGS -Dmain=stress_main -Drand=get_fuzz_input" stress.o + +$CC $CFLAGS -c $SRC/chewing_fuzzer_common.c -o $WORK/chewing_fuzzer_common.o + +for variant in default random_init dynamic_config; do + $CC $CFLAGS -c $SRC/chewing_${variant}_fuzzer.c -o $WORK/chewing_${variant}_fuzzer.o + $CXX $CXXFLAGS \ + -o $OUT/chewing_${variant}_fuzzer \ + $WORK/chewing_${variant}_fuzzer.o $WORK/chewing_fuzzer_common.o \ + test/stress.o test/.libs/libtesthelper.a src/.libs/libchewing.a \ + -lfuzzer +done + +# install data files +make -j$(nproc) -C data pkgdatadir=$OUT install diff --git a/projects/libchewing/chewing_default_fuzzer.c b/projects/libchewing/chewing_default_fuzzer.c new file mode 100644 index 00000000..dd6fc7a8 --- /dev/null +++ b/projects/libchewing/chewing_default_fuzzer.c @@ -0,0 +1,15 @@ +#include + +#include "chewing_fuzzer_common.h" + +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + fuzz_input = fuzz_ptr = data; + fuzz_size = size; + + const char* stress_argv[] = { + "./chewing_fuzzer", "-loop", "1", NULL, + }; + stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1, + (char**)stress_argv); + return 0; +} diff --git a/projects/libchewing/chewing_dynamic_config_fuzzer.c b/projects/libchewing/chewing_dynamic_config_fuzzer.c new file mode 100644 index 00000000..5479c1ee --- /dev/null +++ b/projects/libchewing/chewing_dynamic_config_fuzzer.c @@ -0,0 +1,15 @@ +#include + +#include "chewing_fuzzer_common.h" + +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + fuzz_input = fuzz_ptr = data; + fuzz_size = size; + + const char* stress_argv[] = { + "./chewing_fuzzer", "-loop", "1", "-extra", NULL, + }; + stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1, + (char**)stress_argv); + return 0; +} diff --git a/projects/libchewing/chewing_fuzzer_common.c b/projects/libchewing/chewing_fuzzer_common.c new file mode 100644 index 00000000..de249df6 --- /dev/null +++ b/projects/libchewing/chewing_fuzzer_common.c @@ -0,0 +1,26 @@ +#include "chewing_fuzzer_common.h" + +#include +#include +#include + +static char userphrase_path[] = "/tmp/chewing_userphrase.db.XXXXXX"; + +int LLVMFuzzerInitialize(int* argc, char*** argv) { + char* exe_path = (*argv)[0]; + char* dir = dirname(exe_path); + // Assume data files are at the same location as executable. + setenv("CHEWING_PATH", dir, 0); + + // Specify user db of this process. So we can run multiple fuzzers at the + // same time. + mktemp(userphrase_path); + setenv("TEST_USERPHRASE_PATH", userphrase_path, 0); + return 0; +} + +int get_fuzz_input() { + if (fuzz_ptr - fuzz_input >= fuzz_size) + return EOF; + return *fuzz_ptr++; +} diff --git a/projects/libchewing/chewing_fuzzer_common.h b/projects/libchewing/chewing_fuzzer_common.h new file mode 100644 index 00000000..5032d655 --- /dev/null +++ b/projects/libchewing/chewing_fuzzer_common.h @@ -0,0 +1,13 @@ +#ifndef CHEWING_FUZZER_COMMON_H +#define CHEWING_FUZZER_COMMON_H + +#include +#include + +const uint8_t* fuzz_ptr; +const uint8_t* fuzz_input; +size_t fuzz_size; + +int stress_main(int argc, char** argv); + +#endif diff --git a/projects/libchewing/chewing_random_init_fuzzer.c b/projects/libchewing/chewing_random_init_fuzzer.c new file mode 100644 index 00000000..e0d755f7 --- /dev/null +++ b/projects/libchewing/chewing_random_init_fuzzer.c @@ -0,0 +1,15 @@ +#include + +#include "chewing_fuzzer_common.h" + +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + fuzz_input = fuzz_ptr = data; + fuzz_size = size; + + const char* stress_argv[] = { + "./chewing_fuzzer", "-loop", "1", "-init", NULL, + }; + stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1, + (char**)stress_argv); + return 0; +} diff --git a/projects/libchewing/target.yaml b/projects/libchewing/target.yaml new file mode 100644 index 00000000..ef62bfe3 --- /dev/null +++ b/projects/libchewing/target.yaml @@ -0,0 +1 @@ +homepage: "http://chewing.im/" diff --git a/projects/libjpeg-turbo/Dockerfile b/projects/libjpeg-turbo/Dockerfile new file mode 100644 index 00000000..94a4c349 --- /dev/null +++ b/projects/libjpeg-turbo/Dockerfile @@ -0,0 +1,28 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER alex.gaynor@gmail.com +RUN apt-get install -y make autoconf automake libtool nasm curl +RUN git clone https://github.com/libjpeg-turbo/libjpeg-turbo + +RUN mkdir afl-testcases +RUN curl -o afl-testcases/afl_testcases.tgz http://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz +RUN cd afl-testcases/ && tar -xf afl_testcases.tgz +RUN zip libjpeg_turbo_fuzzer_seed_corpus.zip afl-testcases/jpeg/full/images/* + +WORKDIR libjpeg-turbo +COPY build.sh libjpeg_turbo_fuzzer.cc $SRC/ diff --git a/projects/libjpeg-turbo/build.sh b/projects/libjpeg-turbo/build.sh new file mode 100755 index 00000000..99213429 --- /dev/null +++ b/projects/libjpeg-turbo/build.sh @@ -0,0 +1,26 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +autoreconf -fiv +./configure +make "-j$(nproc)" + +$CXX $CXXFLAGS -std=c++11 -I. \ + $SRC/libjpeg_turbo_fuzzer.cc -o $OUT/libjpeg_turbo_fuzzer \ + -lfuzzer ./.libs/libturbojpeg.a + +cp $SRC/libjpeg_turbo_fuzzer_seed_corpus.zip $OUT/ diff --git a/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc b/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc new file mode 100644 index 00000000..1cee173d --- /dev/null +++ b/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc @@ -0,0 +1,48 @@ +/* +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include +#include + +#include + +#include + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + tjhandle jpegDecompressor = tjInitDecompress(); + + int width, height, subsamp, colorspace; + int res = tjDecompressHeader3( + jpegDecompressor, data, size, &width, &height, &subsamp, &colorspace); + + // Bail out if decompressing the headers failed, the width or height is 0, + // or the image is too large (avoids slowing down too much) + if (res != 0 || width == 0 || height == 0 || (width * height > (1024 * 1024))) { + tjDestroy(jpegDecompressor); + return 0; + } + + std::unique_ptr buf(new unsigned char[width * height * 3]); + tjDecompress2( + jpegDecompressor, data, size, buf.get(), width, 0, height, TJPF_RGB, 0); + + tjDestroy(jpegDecompressor); + + return 0; +} diff --git a/projects/libjpeg-turbo/target.yaml b/projects/libjpeg-turbo/target.yaml new file mode 100644 index 00000000..d75b6589 --- /dev/null +++ b/projects/libjpeg-turbo/target.yaml @@ -0,0 +1 @@ +homepage: "https://github.com/libjpeg-turbo/libjpeg-turbo" diff --git a/projects/libpng/Dockerfile b/projects/libpng/Dockerfile new file mode 100644 index 00000000..04a73b8a --- /dev/null +++ b/projects/libpng/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER mmoroz@chromium.org +RUN apt-get install -y make autoconf automake libtool zlib1g-dev + +RUN git clone git://git.code.sf.net/p/libpng/code libpng +WORKDIR libpng +COPY build.sh libpng_read_fuzzer.* png.dict $SRC/ diff --git a/projects/libpng/build.sh b/projects/libpng/build.sh new file mode 100755 index 00000000..a5d4760f --- /dev/null +++ b/projects/libpng/build.sh @@ -0,0 +1,33 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Disable logging via library build configuration control. +cat scripts/pnglibconf.dfa | sed -e "s/option STDIO/option STDIO disabled/" \ +> scripts/pnglibconf.dfa.temp +mv scripts/pnglibconf.dfa.temp scripts/pnglibconf.dfa + +# build the library. +autoreconf -f -i +./configure +make -j$(nproc) clean all + +# build libpng_read_fuzzer +$CXX $CXXFLAGS -std=c++11 -I. -lz \ + $SRC/libpng_read_fuzzer.cc -o $OUT/libpng_read_fuzzer \ + -lfuzzer .libs/libpng16.a + +cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/projects/libpng/libpng_read_fuzzer.cc b/projects/libpng/libpng_read_fuzzer.cc new file mode 100644 index 00000000..ca489b09 --- /dev/null +++ b/projects/libpng/libpng_read_fuzzer.cc @@ -0,0 +1,123 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include + +#define PNG_INTERNAL +#include "png.h" + +struct BufState { + const uint8_t* data; + size_t bytes_left; +}; + +struct PngObjectHandler { + png_infop info_ptr = nullptr; + png_structp png_ptr = nullptr; + png_voidp row_ptr = nullptr; + BufState* buf_state = nullptr; + + ~PngObjectHandler() { + if (row_ptr && png_ptr) { + png_free(png_ptr, row_ptr); + } + if (png_ptr && info_ptr) { + png_destroy_read_struct(&png_ptr, &info_ptr, nullptr); + } + delete buf_state; + } +}; + +void user_read_data(png_structp png_ptr, png_bytep data, png_size_t length) { + BufState* buf_state = static_cast(png_get_io_ptr(png_ptr)); + if (length > buf_state->bytes_left) { + png_error(png_ptr, "read error"); + } + memcpy(data, buf_state->data, length); + buf_state->bytes_left -= length; + buf_state->data += length; +} + +static const int kPngHeaderSize = 8; + +// Entry point for LibFuzzer. +// Roughly follows the libpng book example: +// http://www.libpng.org/pub/png/book/chapter13.html +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + if (size < kPngHeaderSize) { + return 0; + } + + std::vector v(data, data + size); + if (png_sig_cmp(v.data(), 0, kPngHeaderSize)) { + // not a PNG. + return 0; + } + + PngObjectHandler png_handler; + png_handler.png_ptr = png_create_read_struct + (PNG_LIBPNG_VER_STRING, nullptr, nullptr, nullptr); + if (!png_handler.png_ptr) { + return 0; + } + + png_set_crc_action(png_handler.png_ptr, PNG_CRC_QUIET_USE, PNG_CRC_QUIET_USE); + + png_handler.info_ptr = png_create_info_struct(png_handler.png_ptr); + if (!png_handler.info_ptr) { + return 0; + } + + // Setting up reading from buffer. + png_handler.buf_state = new BufState(); + png_handler.buf_state->data = data + kPngHeaderSize; + png_handler.buf_state->bytes_left = size - kPngHeaderSize; + png_set_read_fn(png_handler.png_ptr, png_handler.buf_state, user_read_data); + png_set_sig_bytes(png_handler.png_ptr, kPngHeaderSize); + + // libpng error handling. + if (setjmp(png_jmpbuf(png_handler.png_ptr))) { + return 0; + } + + // Reading. + png_read_info(png_handler.png_ptr, png_handler.info_ptr); + png_handler.row_ptr = png_malloc( + png_handler.png_ptr, png_get_rowbytes(png_handler.png_ptr, + png_handler.info_ptr)); + + // reset error handler to put png_deleter into scope. + if (setjmp(png_jmpbuf(png_handler.png_ptr))) { + return 0; + } + + png_uint_32 width, height; + int bit_depth, color_type, interlace_type, compression_type; + int filter_type; + + if (!png_get_IHDR(png_handler.png_ptr, png_handler.info_ptr, &width, + &height, &bit_depth, &color_type, &interlace_type, + &compression_type, &filter_type)) { + return 0; + } + + // This is going to be too slow. + if (width && height > 100000000 / width) + return 0; + + int passes = png_set_interlace_handling(png_handler.png_ptr); + png_start_read_image(png_handler.png_ptr); + + for (int pass = 0; pass < passes; ++pass) { + for (png_uint_32 y = 0; y < height; ++y) { + png_read_row(png_handler.png_ptr, + static_cast(png_handler.row_ptr), NULL); + } + } + + return 0; +} diff --git a/projects/libpng/libpng_read_fuzzer.options b/projects/libpng/libpng_read_fuzzer.options new file mode 100644 index 00000000..2005291a --- /dev/null +++ b/projects/libpng/libpng_read_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = png.dict diff --git a/projects/libpng/png.dict b/projects/libpng/png.dict new file mode 100644 index 00000000..ea12d19e --- /dev/null +++ b/projects/libpng/png.dict @@ -0,0 +1,38 @@ +# +# AFL dictionary for PNG images +# ----------------------------- +# +# Just the basic, standard-originating sections; does not include vendor +# extensions. +# +# Created by Michal Zalewski +# + +header_png="\x89PNG\x0d\x0a\x1a\x0a" + +section_IDAT="IDAT" +section_IEND="IEND" +section_IHDR="IHDR" +section_PLTE="PLTE" +section_bKGD="bKGD" +section_cHRM="cHRM" +section_fRAc="fRAc" +section_gAMA="gAMA" +section_gIFg="gIFg" +section_gIFt="gIFt" +section_gIFx="gIFx" +section_hIST="hIST" +section_iCCP="iCCP" +section_iTXt="iTXt" +section_oFFs="oFFs" +section_pCAL="pCAL" +section_pHYs="pHYs" +section_sBIT="sBIT" +section_sCAL="sCAL" +section_sPLT="sPLT" +section_sRGB="sRGB" +section_sTER="sTER" +section_tEXt="tEXt" +section_tIME="tIME" +section_tRNS="tRNS" +section_zTXt="zTXt" diff --git a/projects/libpng/target.yaml b/projects/libpng/target.yaml new file mode 100644 index 00000000..2f64de3a --- /dev/null +++ b/projects/libpng/target.yaml @@ -0,0 +1 @@ +homepage: "http://www.libpng.org/pub/png/libpng.html" diff --git a/projects/libteken/Dockerfile b/projects/libteken/Dockerfile new file mode 100644 index 00000000..82d5a97e --- /dev/null +++ b/projects/libteken/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER kcwu@csie.org +RUN apt-get install -y pmake +RUN svn co https://svn.freebsd.org/base/head/sys/teken +WORKDIR teken +COPY build.sh libteken_fuzzer.c $SRC/ diff --git a/projects/libteken/build.sh b/projects/libteken/build.sh new file mode 100755 index 00000000..c5f4a00c --- /dev/null +++ b/projects/libteken/build.sh @@ -0,0 +1,25 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build the library. +pmake -C libteken teken_state.h +CFLAGS="$CFLAGS -D__unused=" pmake -C libteken libteken.a + +$CC $CFLAGS -c $SRC/libteken_fuzzer.c -o $SRC/libteken_fuzzer.o -I. +$CXX $CXXFLAGS $SRC/libteken_fuzzer.o \ + -o $OUT/libteken_fuzzer \ + -lfuzzer libteken/libteken.a diff --git a/projects/libteken/libteken_fuzzer.c b/projects/libteken/libteken_fuzzer.c new file mode 100644 index 00000000..9335003b --- /dev/null +++ b/projects/libteken/libteken_fuzzer.c @@ -0,0 +1,31 @@ +#include +#include + +#include + +static void dummy_bell(void *s) {} +static void dummy_cursor(void *s, const teken_pos_t *p) {} +static void dummy_putchar(void *s, const teken_pos_t *p, teken_char_t c, + const teken_attr_t *a) {} +static void dummy_fill(void *s, const teken_rect_t *r, teken_char_t c, + const teken_attr_t *a) {} +static void dummy_copy(void *s, const teken_rect_t *r, const teken_pos_t *p) {} +static void dummy_param(void *s, int cmd, unsigned int value) {} +static void dummy_respond(void *s, const void *buf, size_t len) {} + +static teken_funcs_t tf = { + .tf_bell = dummy_bell, + .tf_cursor = dummy_cursor, + .tf_putchar = dummy_putchar, + .tf_fill = dummy_fill, + .tf_copy = dummy_copy, + .tf_param = dummy_param, + .tf_respond = dummy_respond, +}; + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + teken_t t; + teken_init(&t, &tf, NULL); + teken_input(&t, data, size); + return 0; +} diff --git a/projects/libteken/target.yaml b/projects/libteken/target.yaml new file mode 100644 index 00000000..d3438309 --- /dev/null +++ b/projects/libteken/target.yaml @@ -0,0 +1 @@ +homepage: "http://80386.nl/projects/libteken/" diff --git a/projects/libtsm/Dockerfile b/projects/libtsm/Dockerfile new file mode 100644 index 00000000..c69cb1a8 --- /dev/null +++ b/projects/libtsm/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER kcwu@csie.org +RUN apt-get install -y make autoconf automake libtool pkg-config + +RUN git clone git://people.freedesktop.org/~dvdhrm/libtsm +WORKDIR libtsm +COPY build.sh libtsm_fuzzer.c $SRC/ diff --git a/projects/libtsm/build.sh b/projects/libtsm/build.sh new file mode 100755 index 00000000..0369dd48 --- /dev/null +++ b/projects/libtsm/build.sh @@ -0,0 +1,28 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build the library. +./autogen.sh +make -j$(nproc) clean all + +# build your fuzzer(s) +$CC $CCFLAGS -c $SRC/libtsm_fuzzer.c -Isrc/tsm -o $SRC/libtsm_fuzzer.o +$CXX $CXXFLAGS \ + -o $OUT/libtsm_fuzzer \ + $SRC/libtsm_fuzzer.o \ + .libs/libtsm.a \ + -lfuzzer diff --git a/projects/libtsm/libtsm_fuzzer.c b/projects/libtsm/libtsm_fuzzer.c new file mode 100644 index 00000000..dd5f63b0 --- /dev/null +++ b/projects/libtsm/libtsm_fuzzer.c @@ -0,0 +1,50 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "libtsm.h" + +#define WIDTH 80 +#define HEIGHT 24 + +static void terminal_write_fn(struct tsm_vte *vte, + const char *u8, + size_t len, + void *data) +{ + // try to access the written data + static char out[4096]; + while (len--) + out[len % sizeof(out)] = u8[len]; +} + +static int term_draw_cell(struct tsm_screen *screen, uint32_t id, + const uint32_t *ch, size_t len, + unsigned int cwidth, unsigned int posx, + unsigned int posy, + const struct tsm_screen_attr *attr, + tsm_age_t age, void *data) +{ + if (posx >= WIDTH || posy >= HEIGHT) + abort(); + return 0; +} + +// Entry point for LibFuzzer. +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + struct tsm_screen *screen; + struct tsm_vte *vte; + const int scrollback_size = 200; // frecon use 200 + + tsm_screen_new(&screen, NULL, NULL); + tsm_screen_set_max_sb(screen, scrollback_size); + tsm_vte_new(&vte, screen, terminal_write_fn, NULL, NULL, NULL); + tsm_screen_resize(screen, WIDTH, HEIGHT); + + tsm_vte_input(vte, (const char*) data, size); + tsm_screen_draw(screen, term_draw_cell, NULL); + + tsm_vte_unref(vte); + tsm_screen_unref(screen); + return 0; +} diff --git a/projects/libtsm/target.yaml b/projects/libtsm/target.yaml new file mode 100644 index 00000000..a1eb5dca --- /dev/null +++ b/projects/libtsm/target.yaml @@ -0,0 +1 @@ +homepage: "https://www.freedesktop.org/wiki/Software/kmscon/libtsm/" diff --git a/projects/libxml2/Dockerfile b/projects/libxml2/Dockerfile new file mode 100644 index 00000000..078379b4 --- /dev/null +++ b/projects/libxml2/Dockerfile @@ -0,0 +1,27 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER ochang@chromium.org +RUN apt-get install -y make autoconf automake libtool pkg-config + +RUN git clone git://git.gnome.org/libxml2 +WORKDIR libxml2 + +COPY build.sh $SRC/ +COPY libxml2_xml_read_memory_fuzzer.* \ + libxml2_xml_regexp_compile_fuzzer.* \ + xml.dict $SRC/ diff --git a/projects/libxml2/build.sh b/projects/libxml2/build.sh new file mode 100755 index 00000000..12cb3ad1 --- /dev/null +++ b/projects/libxml2/build.sh @@ -0,0 +1,29 @@ +#!/bin/bash -eu +# +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +./autogen.sh +./configure +make -j$(nproc) clean all + +for fuzzer in libxml2_xml_read_memory_fuzzer libxml2_xml_regexp_compile_fuzzer; do + $CXX $CXXFLAGS -std=c++11 -Iinclude/ \ + $SRC/$fuzzer.cc -o $OUT/$fuzzer \ + -lfuzzer .libs/libxml2.a +done + +cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc b/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc new file mode 100644 index 00000000..464a6e95 --- /dev/null +++ b/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc @@ -0,0 +1,23 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "libxml/parser.h" + +void ignore (void* ctx, const char* msg, ...) { + // Error handler to avoid spam of error messages from libxml parser. +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + xmlSetGenericErrorFunc(NULL, &ignore); + + if (auto doc = xmlReadMemory(reinterpret_cast(data), + static_cast(size), "noname.xml", NULL, 0)) { + xmlFreeDoc(doc); + } + + return 0; +} diff --git a/projects/libxml2/libxml2_xml_read_memory_fuzzer.options b/projects/libxml2/libxml2_xml_read_memory_fuzzer.options new file mode 100644 index 00000000..6335e163 --- /dev/null +++ b/projects/libxml2/libxml2_xml_read_memory_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = xml.dict diff --git a/projects/libxml2/libxml2_xml_regexp_compile_fuzzer.cc b/projects/libxml2/libxml2_xml_regexp_compile_fuzzer.cc new file mode 100644 index 00000000..65aba296 --- /dev/null +++ b/projects/libxml2/libxml2_xml_regexp_compile_fuzzer.cc @@ -0,0 +1,34 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include +#include +#include + +#include "libxml/parser.h" +#include "libxml/tree.h" +#include "libxml/xmlversion.h" + + +void ignore (void * ctx, const char * msg, ...) { + // Error handler to avoid spam of error messages from libxml parser. +} + + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + xmlSetGenericErrorFunc(NULL, &ignore); + + std::vector buffer(size + 1, 0); + std::copy(data, data + size, buffer.data()); + + xmlRegexpPtr x = xmlRegexpCompile(buffer.data()); + if (x) + xmlRegFreeRegexp(x); + + return 0; +} diff --git a/projects/libxml2/libxml2_xml_regexp_compile_fuzzer.options b/projects/libxml2/libxml2_xml_regexp_compile_fuzzer.options new file mode 100644 index 00000000..6335e163 --- /dev/null +++ b/projects/libxml2/libxml2_xml_regexp_compile_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = xml.dict diff --git a/projects/libxml2/target.yaml b/projects/libxml2/target.yaml new file mode 100644 index 00000000..3ac2e323 --- /dev/null +++ b/projects/libxml2/target.yaml @@ -0,0 +1 @@ +homepage: "http://www.xmlsoft.org/" diff --git a/projects/libxml2/xml.dict b/projects/libxml2/xml.dict new file mode 100644 index 00000000..4ffa6c80 --- /dev/null +++ b/projects/libxml2/xml.dict @@ -0,0 +1,87 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +# +# AFL dictionary for XML +# ---------------------- +# +# Several basic syntax elements and attributes, modeled on libxml2. +# +# Created by Michal Zalewski +# + +attr_encoding=" encoding=\"1\"" +attr_generic=" a=\"1\"" +attr_href=" href=\"1\"" +attr_standalone=" standalone=\"no\"" +attr_version=" version=\"1\"" +attr_xml_base=" xml:base=\"1\"" +attr_xml_id=" xml:id=\"1\"" +attr_xml_lang=" xml:lang=\"1\"" +attr_xml_space=" xml:space=\"1\"" +attr_xmlns=" xmlns=\"1\"" + +entity_builtin="<" +entity_decimal="" +entity_external="&a;" +entity_hex="" + +string_any="ANY" +string_brackets="[]" +string_cdata="CDATA" +string_col_fallback=":fallback" +string_col_generic=":a" +string_col_include=":include" +string_dashes="--" +string_empty="EMPTY" +string_empty_dblquotes="\"\"" +string_empty_quotes="''" +string_entities="ENTITIES" +string_entity="ENTITY" +string_fixed="#FIXED" +string_id="ID" +string_idref="IDREF" +string_idrefs="IDREFS" +string_implied="#IMPLIED" +string_nmtoken="NMTOKEN" +string_nmtokens="NMTOKENS" +string_notation="NOTATION" +string_parentheses="()" +string_pcdata="#PCDATA" +string_percent="%a" +string_public="PUBLIC" +string_required="#REQUIRED" +string_schema=":schema" +string_system="SYSTEM" +string_ucs4="UCS-4" +string_utf16="UTF-16" +string_utf8="UTF-8" +string_xmlns="xmlns:" + +tag_attlist="" +tag_doctype="" +tag_open_close="" +tag_open_exclamation="" +tag_xml_q="" diff --git a/projects/nss/Dockerfile b/projects/nss/Dockerfile new file mode 100644 index 00000000..e3a621ec --- /dev/null +++ b/projects/nss/Dockerfile @@ -0,0 +1,26 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER mmoroz@chromium.org +RUN apt-get install -y make autoconf automake libtool mercurial zlib1g-dev + +RUN hg clone https://hg.mozilla.org/projects/nspr nspr +RUN hg clone https://hg.mozilla.org/projects/nss nss +RUN git clone https://github.com/mozilla/nss-fuzzing-corpus.git nss-corpus + +WORKDIR nss +COPY build.sh fuzzers/* $SRC/ diff --git a/projects/nss/build.sh b/projects/nss/build.sh new file mode 100755 index 00000000..d2a126ed --- /dev/null +++ b/projects/nss/build.sh @@ -0,0 +1,68 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Build the library. +make CCC="$CXX" XCFLAGS="$CXXFLAGS" SANITIZER_CFLAGS="$CXXFLAGS" \ + BUILD_OPT=1 USE_64=1 NSS_DISABLE_GTESTS=1 ZDEFS_FLAG= \ + nss_clean_all nss_build_all +cd .. + +# Copy libraries and some objects to $WORK/nss/lib. +mkdir -p $WORK/nss/lib +cp dist/Linux*/lib/*.a $WORK/nss/lib +cp nspr/Linux*/pr/src/misc/prlog2.o $WORK/nss/lib + +# Copy includes to $WORK/nss/include. +mkdir -p $WORK/nss/include +cp -rL dist/Linux*/include/* $WORK/nss/include +cp -rL dist/{public,private}/nss/* $WORK/nss/include + + +# Build the fuzzers. +FUZZERS="asn1_algorithmid_fuzzer \ + asn1_any_fuzzer \ + asn1_bitstring_fuzzer \ + asn1_bmpstring_fuzzer \ + asn1_boolean_fuzzer \ + asn1_generalizedtime_fuzzer \ + asn1_ia5string_fuzzer \ + asn1_integer_fuzzer \ + asn1_null_fuzzer \ + asn1_objectid_fuzzer \ + asn1_octetstring_fuzzer \ + asn1_utctime_fuzzer \ + asn1_utf8string_fuzzer" + +# The following fuzzers are currently disabled due to linking issues: +# cert_certificate_fuzzer, seckey_privatekeyinfo_fuzzer + + +for fuzzer in $FUZZERS; do + $CXX $CXXFLAGS -std=c++11 $SRC/$fuzzer.cc \ + -I$WORK/nss/include \ + -lfuzzer \ + $WORK/nss/lib/libnss.a $WORK/nss/lib/libnssutil.a \ + $WORK/nss/lib/libnspr4.a $WORK/nss/lib/libplc4.a $WORK/nss/lib/libplds4.a \ + $WORK/nss/lib/prlog2.o -o $OUT/$fuzzer +done + +# Archive and copy to $OUT seed corpus if the build succeeded. +zip $WORK/nss/all_nss_seed_corpus.zip $SRC/nss-corpus/*/* + +for fuzzer in $FUZZERS; do + cp $WORK/nss/all_nss_seed_corpus.zip $OUT/${fuzzer}_seed_corpus.zip +done diff --git a/projects/nss/fuzzers/asn1_algorithmid_fuzzer.cc b/projects/nss/fuzzers/asn1_algorithmid_fuzzer.cc new file mode 100644 index 00000000..ec244184 --- /dev/null +++ b/projects/nss/fuzzers/asn1_algorithmid_fuzzer.cc @@ -0,0 +1,19 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_any_fuzzer.cc b/projects/nss/fuzzers/asn1_any_fuzzer.cc new file mode 100644 index 00000000..06a0c090 --- /dev/null +++ b/projects/nss/fuzzers/asn1_any_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_AnyTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_AnyTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_bitstring_fuzzer.cc b/projects/nss/fuzzers/asn1_bitstring_fuzzer.cc new file mode 100644 index 00000000..26543c10 --- /dev/null +++ b/projects/nss/fuzzers/asn1_bitstring_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_BitStringTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_BitStringTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_bmpstring_fuzzer.cc b/projects/nss/fuzzers/asn1_bmpstring_fuzzer.cc new file mode 100644 index 00000000..a3776409 --- /dev/null +++ b/projects/nss/fuzzers/asn1_bmpstring_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_BMPStringTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_BMPStringTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_boolean_fuzzer.cc b/projects/nss/fuzzers/asn1_boolean_fuzzer.cc new file mode 100644 index 00000000..6e178ee0 --- /dev/null +++ b/projects/nss/fuzzers/asn1_boolean_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_BooleanTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_BooleanTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_fuzzer_template.h b/projects/nss/fuzzers/asn1_fuzzer_template.h new file mode 100644 index 00000000..416b707e --- /dev/null +++ b/projects/nss/fuzzers/asn1_fuzzer_template.h @@ -0,0 +1,45 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef ASN1_FUZZER_TEMPLATE_H_ +#define ASN1_FUZZER_TEMPLATE_H_ + +#include +#include +#include +#include +#include +#include +#include +#include + +template +void NSSFuzzOneInput(const SEC_ASN1Template* the_template, + const uint8_t* data, + size_t size) { + DestinationType* destination = new DestinationType(); + memset(destination, 0, sizeof(DestinationType)); + + PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (!arena) { + delete destination; + return; + } + + SECItem source; + source.type = siBuffer; + source.data = static_cast(const_cast(data)); + source.len = static_cast(size); + + DecodeFunction(arena, destination, the_template, &source); + + PORT_FreeArena(arena, PR_FALSE); + delete destination; +} + +#endif // ASN1_FUZZER_TEMPLATE_H_ diff --git a/projects/nss/fuzzers/asn1_generalizedtime_fuzzer.cc b/projects/nss/fuzzers/asn1_generalizedtime_fuzzer.cc new file mode 100644 index 00000000..1faf586f --- /dev/null +++ b/projects/nss/fuzzers/asn1_generalizedtime_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_ia5string_fuzzer.cc b/projects/nss/fuzzers/asn1_ia5string_fuzzer.cc new file mode 100644 index 00000000..2a33255a --- /dev/null +++ b/projects/nss/fuzzers/asn1_ia5string_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_IA5StringTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_IA5StringTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_integer_fuzzer.cc b/projects/nss/fuzzers/asn1_integer_fuzzer.cc new file mode 100644 index 00000000..4e08fec0 --- /dev/null +++ b/projects/nss/fuzzers/asn1_integer_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_IntegerTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_IntegerTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_null_fuzzer.cc b/projects/nss/fuzzers/asn1_null_fuzzer.cc new file mode 100644 index 00000000..4af7afb7 --- /dev/null +++ b/projects/nss/fuzzers/asn1_null_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_NullTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_NullTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_objectid_fuzzer.cc b/projects/nss/fuzzers/asn1_objectid_fuzzer.cc new file mode 100644 index 00000000..bdc8288b --- /dev/null +++ b/projects/nss/fuzzers/asn1_objectid_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_ObjectIDTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_ObjectIDTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_octetstring_fuzzer.cc b/projects/nss/fuzzers/asn1_octetstring_fuzzer.cc new file mode 100644 index 00000000..71b25776 --- /dev/null +++ b/projects/nss/fuzzers/asn1_octetstring_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_OctetStringTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_OctetStringTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_utctime_fuzzer.cc b/projects/nss/fuzzers/asn1_utctime_fuzzer.cc new file mode 100644 index 00000000..604e2609 --- /dev/null +++ b/projects/nss/fuzzers/asn1_utctime_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_UTCTimeTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_UTCTimeTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/asn1_utf8string_fuzzer.cc b/projects/nss/fuzzers/asn1_utf8string_fuzzer.cc new file mode 100644 index 00000000..f4a3a6ac --- /dev/null +++ b/projects/nss/fuzzers/asn1_utf8string_fuzzer.cc @@ -0,0 +1,18 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_UTF8StringTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(SEC_UTF8StringTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/cert_certificate_fuzzer.cc b/projects/nss/fuzzers/cert_certificate_fuzzer.cc new file mode 100644 index 00000000..ce1efc73 --- /dev/null +++ b/projects/nss/fuzzers/cert_certificate_fuzzer.cc @@ -0,0 +1,19 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(CERT_CertificateTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(CERT_CertificateTemplate), data, size); + + return 0; +} diff --git a/projects/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc b/projects/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc new file mode 100644 index 00000000..a6dd802e --- /dev/null +++ b/projects/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc @@ -0,0 +1,19 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include +#include + +#include "asn1_fuzzer_template.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + NSSFuzzOneInput( + SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate), data, size); + NSSFuzzOneInput( + SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate), data, size); + + return 0; +} diff --git a/projects/nss/target.yaml b/projects/nss/target.yaml new file mode 100644 index 00000000..1a0af5d7 --- /dev/null +++ b/projects/nss/target.yaml @@ -0,0 +1 @@ +homepage: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS" diff --git a/projects/openssl/Dockerfile b/projects/openssl/Dockerfile new file mode 100644 index 00000000..0487f13c --- /dev/null +++ b/projects/openssl/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER kurt@roeckx.be +RUN apt-get install -y make +RUN git clone https://github.com/openssl/openssl.git +WORKDIR openssl +COPY build.sh $SRC/ diff --git a/projects/openssl/build.sh b/projects/openssl/build.sh new file mode 100755 index 00000000..73ee3ede --- /dev/null +++ b/projects/openssl/build.sh @@ -0,0 +1,27 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +./config enable-fuzz-libfuzzer -DPEDANTIC no-shared --with-fuzzer-lib=/usr/lib/libfuzzer $CFLAGS +make -j$(nproc) EX_LIBS="-ldl /usr/local/lib/libc++.a" + +fuzzers=$(find fuzz -executable -type f '!' -name \*.py '!' -name \*-test) +for f in $fuzzers; do + fuzzer=$(basename $f) + cp $f $OUT/ + zip -j $OUT/${fuzzer}_seed_corpus.zip fuzz/corpora/${fuzzer}/* +done + diff --git a/projects/openssl/target.yaml b/projects/openssl/target.yaml new file mode 100644 index 00000000..b38c82b2 --- /dev/null +++ b/projects/openssl/target.yaml @@ -0,0 +1 @@ +homepage: "https://www.openssl.org/" diff --git a/projects/ots/Dockerfile b/projects/ots/Dockerfile new file mode 100644 index 00000000..8d33b582 --- /dev/null +++ b/projects/ots/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER mmoroz@chromium.org +RUN apt-get install -y make autoconf automake libtool pkg-config zlib1g-dev +RUN git clone https://github.com/khaledhosny/ots.git +WORKDIR ots +COPY build.sh ots_fuzzer.* $SRC/ +COPY seed_corpus $SRC/seed_corpus diff --git a/projects/ots/build.sh b/projects/ots/build.sh new file mode 100755 index 00000000..9b516f89 --- /dev/null +++ b/projects/ots/build.sh @@ -0,0 +1,30 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Build the target. +./autogen.sh +./configure + +make libots.a libwoff2.a libbrotli.a + +# Build the fuzzer. +$CXX $CXXFLAGS -std=c++11 -Iinclude \ + $SRC/ots_fuzzer.cc -o $OUT/ots_fuzzer \ + -lfuzzer -lz $SRC/ots/libots.a $SRC/ots/libwoff2.a $SRC/ots/libbrotli.a + +cp $SRC/ots_fuzzer.options $OUT/ +zip $OUT/ots_fuzzer_seed_corpus.zip $SRC/seed_corpus/* diff --git a/projects/ots/ots_fuzzer.cc b/projects/ots/ots_fuzzer.cc new file mode 100644 index 00000000..3d4bd254 --- /dev/null +++ b/projects/ots/ots_fuzzer.cc @@ -0,0 +1,19 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "opentype-sanitiser.h" +#include "ots-memory-stream.h" + +static uint8_t buffer[256 * 1024] = { 0 }; + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + ots::OTSContext context; + ots::MemoryStream stream(static_cast(buffer), sizeof(buffer)); + context.Process(&stream, data, size); + return 0; +} diff --git a/projects/ots/ots_fuzzer.options b/projects/ots/ots_fuzzer.options new file mode 100644 index 00000000..dc3492cb --- /dev/null +++ b/projects/ots/ots_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +max_len = 16800 diff --git a/projects/ots/seed_corpus/0509e80afb379d16560e9e47bdd7d888bebdebc6.ttf b/projects/ots/seed_corpus/0509e80afb379d16560e9e47bdd7d888bebdebc6.ttf new file mode 100644 index 00000000..20360311 Binary files /dev/null and b/projects/ots/seed_corpus/0509e80afb379d16560e9e47bdd7d888bebdebc6.ttf differ diff --git a/projects/ots/seed_corpus/051d92f8bc6ff724511b296c27623f824de256e9.ttf b/projects/ots/seed_corpus/051d92f8bc6ff724511b296c27623f824de256e9.ttf new file mode 100644 index 00000000..419f8f3d Binary files /dev/null and b/projects/ots/seed_corpus/051d92f8bc6ff724511b296c27623f824de256e9.ttf differ diff --git a/projects/ots/seed_corpus/07f054357ff8638bac3711b422a1e31180bba863.ttf b/projects/ots/seed_corpus/07f054357ff8638bac3711b422a1e31180bba863.ttf new file mode 100644 index 00000000..fcd4f323 Binary files /dev/null and b/projects/ots/seed_corpus/07f054357ff8638bac3711b422a1e31180bba863.ttf differ diff --git a/projects/ots/seed_corpus/191826b9643e3f124d865d617ae609db6a2ce203.ttf b/projects/ots/seed_corpus/191826b9643e3f124d865d617ae609db6a2ce203.ttf new file mode 100644 index 00000000..dbc6e268 Binary files /dev/null and b/projects/ots/seed_corpus/191826b9643e3f124d865d617ae609db6a2ce203.ttf differ diff --git a/projects/ots/seed_corpus/1a6f1687b7a221f9f2c834b0b360d3c8463b6daf.ttf b/projects/ots/seed_corpus/1a6f1687b7a221f9f2c834b0b360d3c8463b6daf.ttf new file mode 100644 index 00000000..c71e85a8 Binary files /dev/null and b/projects/ots/seed_corpus/1a6f1687b7a221f9f2c834b0b360d3c8463b6daf.ttf differ diff --git a/projects/ots/seed_corpus/1c04a16f32a39c26c851b7fc014d2e8d298ba2b8.ttf b/projects/ots/seed_corpus/1c04a16f32a39c26c851b7fc014d2e8d298ba2b8.ttf new file mode 100644 index 00000000..26d19ade Binary files /dev/null and b/projects/ots/seed_corpus/1c04a16f32a39c26c851b7fc014d2e8d298ba2b8.ttf differ diff --git a/projects/ots/seed_corpus/1c2c3fc37b2d4c3cb2ef726c6cdaaabd4b7f3eb9.ttf b/projects/ots/seed_corpus/1c2c3fc37b2d4c3cb2ef726c6cdaaabd4b7f3eb9.ttf new file mode 100644 index 00000000..213e7ced Binary files /dev/null and b/projects/ots/seed_corpus/1c2c3fc37b2d4c3cb2ef726c6cdaaabd4b7f3eb9.ttf differ diff --git a/projects/ots/seed_corpus/1c2fb74c1b2aa173262734c1f616148f1648cfd6.ttf b/projects/ots/seed_corpus/1c2fb74c1b2aa173262734c1f616148f1648cfd6.ttf new file mode 100644 index 00000000..72106585 Binary files /dev/null and b/projects/ots/seed_corpus/1c2fb74c1b2aa173262734c1f616148f1648cfd6.ttf differ diff --git a/projects/ots/seed_corpus/205edd09bd3d141cc9580f650109556cc28b22cb.ttf b/projects/ots/seed_corpus/205edd09bd3d141cc9580f650109556cc28b22cb.ttf new file mode 100644 index 00000000..4e0ce0a4 Binary files /dev/null and b/projects/ots/seed_corpus/205edd09bd3d141cc9580f650109556cc28b22cb.ttf differ diff --git a/projects/ots/seed_corpus/226bc2deab3846f1a682085f70c67d0421014144.ttf b/projects/ots/seed_corpus/226bc2deab3846f1a682085f70c67d0421014144.ttf new file mode 100644 index 00000000..70c0c0a8 Binary files /dev/null and b/projects/ots/seed_corpus/226bc2deab3846f1a682085f70c67d0421014144.ttf differ diff --git a/projects/ots/seed_corpus/270b89df543a7e48e206a2d830c0e10e5265c630.ttf b/projects/ots/seed_corpus/270b89df543a7e48e206a2d830c0e10e5265c630.ttf new file mode 100644 index 00000000..fc226491 Binary files /dev/null and b/projects/ots/seed_corpus/270b89df543a7e48e206a2d830c0e10e5265c630.ttf differ diff --git a/projects/ots/seed_corpus/298c9e1d955f10f6f72c6915c3c6ff9bf9695cec.ttf b/projects/ots/seed_corpus/298c9e1d955f10f6f72c6915c3c6ff9bf9695cec.ttf new file mode 100644 index 00000000..0d677a87 Binary files /dev/null and b/projects/ots/seed_corpus/298c9e1d955f10f6f72c6915c3c6ff9bf9695cec.ttf differ diff --git a/projects/ots/seed_corpus/3511ff5c1647150595846ac414c595cccac34f18.ttf b/projects/ots/seed_corpus/3511ff5c1647150595846ac414c595cccac34f18.ttf new file mode 100644 index 00000000..789abf7a Binary files /dev/null and b/projects/ots/seed_corpus/3511ff5c1647150595846ac414c595cccac34f18.ttf differ diff --git a/projects/ots/seed_corpus/37033cc5cf37bb223d7355153016b6ccece93b28.ttf b/projects/ots/seed_corpus/37033cc5cf37bb223d7355153016b6ccece93b28.ttf new file mode 100644 index 00000000..14defeb7 Binary files /dev/null and b/projects/ots/seed_corpus/37033cc5cf37bb223d7355153016b6ccece93b28.ttf differ diff --git a/projects/ots/seed_corpus/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf b/projects/ots/seed_corpus/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf new file mode 100644 index 00000000..b284c986 Binary files /dev/null and b/projects/ots/seed_corpus/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf differ diff --git a/projects/ots/seed_corpus/43979b90b2dd929723cf4fe1715990bcb9c9a56b.ttf b/projects/ots/seed_corpus/43979b90b2dd929723cf4fe1715990bcb9c9a56b.ttf new file mode 100644 index 00000000..a5c0156c Binary files /dev/null and b/projects/ots/seed_corpus/43979b90b2dd929723cf4fe1715990bcb9c9a56b.ttf differ diff --git a/projects/ots/seed_corpus/43ef465752be9af900745f72fe29cb853a1401a5.ttf b/projects/ots/seed_corpus/43ef465752be9af900745f72fe29cb853a1401a5.ttf new file mode 100644 index 00000000..649c156a Binary files /dev/null and b/projects/ots/seed_corpus/43ef465752be9af900745f72fe29cb853a1401a5.ttf differ diff --git a/projects/ots/seed_corpus/45855bc8d46332b39c4ab9e2ee1a26b1f896da6b.ttf b/projects/ots/seed_corpus/45855bc8d46332b39c4ab9e2ee1a26b1f896da6b.ttf new file mode 100644 index 00000000..6ef470c8 Binary files /dev/null and b/projects/ots/seed_corpus/45855bc8d46332b39c4ab9e2ee1a26b1f896da6b.ttf differ diff --git a/projects/ots/seed_corpus/49c9f7485c1392fa09a1b801bc2ffea79275f22e.ttf b/projects/ots/seed_corpus/49c9f7485c1392fa09a1b801bc2ffea79275f22e.ttf new file mode 100644 index 00000000..ea1326d2 Binary files /dev/null and b/projects/ots/seed_corpus/49c9f7485c1392fa09a1b801bc2ffea79275f22e.ttf differ diff --git a/projects/ots/seed_corpus/4cce528e99f600ed9c25a2b69e32eb94a03b4ae8.ttf b/projects/ots/seed_corpus/4cce528e99f600ed9c25a2b69e32eb94a03b4ae8.ttf new file mode 100644 index 00000000..dfaead72 Binary files /dev/null and b/projects/ots/seed_corpus/4cce528e99f600ed9c25a2b69e32eb94a03b4ae8.ttf differ diff --git a/projects/ots/seed_corpus/5028afb650b1bb718ed2131e872fbcce57828fff.ttf b/projects/ots/seed_corpus/5028afb650b1bb718ed2131e872fbcce57828fff.ttf new file mode 100644 index 00000000..8fb2f162 Binary files /dev/null and b/projects/ots/seed_corpus/5028afb650b1bb718ed2131e872fbcce57828fff.ttf differ diff --git a/projects/ots/seed_corpus/56cfd0e18d07f41c38e9598545a6d369127fc6f9.ttf b/projects/ots/seed_corpus/56cfd0e18d07f41c38e9598545a6d369127fc6f9.ttf new file mode 100644 index 00000000..4795238b Binary files /dev/null and b/projects/ots/seed_corpus/56cfd0e18d07f41c38e9598545a6d369127fc6f9.ttf differ diff --git a/projects/ots/seed_corpus/57a9d9f83020155cbb1d2be1f43d82388cbecc88.ttf b/projects/ots/seed_corpus/57a9d9f83020155cbb1d2be1f43d82388cbecc88.ttf new file mode 100644 index 00000000..746fc603 Binary files /dev/null and b/projects/ots/seed_corpus/57a9d9f83020155cbb1d2be1f43d82388cbecc88.ttf differ diff --git a/projects/ots/seed_corpus/5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf b/projects/ots/seed_corpus/5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf new file mode 100644 index 00000000..9b4d23f5 Binary files /dev/null and b/projects/ots/seed_corpus/5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf differ diff --git a/projects/ots/seed_corpus/641bd9db850193064d17575053ae2bf8ec149ddc.ttf b/projects/ots/seed_corpus/641bd9db850193064d17575053ae2bf8ec149ddc.ttf new file mode 100644 index 00000000..66cefd4d Binary files /dev/null and b/projects/ots/seed_corpus/641bd9db850193064d17575053ae2bf8ec149ddc.ttf differ diff --git a/projects/ots/seed_corpus/6466d38c62e73a39202435a4f73bf5d6acbb73c0.ttf b/projects/ots/seed_corpus/6466d38c62e73a39202435a4f73bf5d6acbb73c0.ttf new file mode 100644 index 00000000..33c4229c Binary files /dev/null and b/projects/ots/seed_corpus/6466d38c62e73a39202435a4f73bf5d6acbb73c0.ttf differ diff --git a/projects/ots/seed_corpus/6ff0fbead4462d9f229167b4e6839eceb8465058.ttf b/projects/ots/seed_corpus/6ff0fbead4462d9f229167b4e6839eceb8465058.ttf new file mode 100644 index 00000000..67be5258 Binary files /dev/null and b/projects/ots/seed_corpus/6ff0fbead4462d9f229167b4e6839eceb8465058.ttf differ diff --git a/projects/ots/seed_corpus/706c5d7b625f207bc0d874c67237aad6f1e9cd6f.ttf b/projects/ots/seed_corpus/706c5d7b625f207bc0d874c67237aad6f1e9cd6f.ttf new file mode 100644 index 00000000..eb5c50c6 Binary files /dev/null and b/projects/ots/seed_corpus/706c5d7b625f207bc0d874c67237aad6f1e9cd6f.ttf differ diff --git a/projects/ots/seed_corpus/757ebd573617a24aa9dfbf0b885c54875c6fe06b.ttf b/projects/ots/seed_corpus/757ebd573617a24aa9dfbf0b885c54875c6fe06b.ttf new file mode 100644 index 00000000..bbe22370 Binary files /dev/null and b/projects/ots/seed_corpus/757ebd573617a24aa9dfbf0b885c54875c6fe06b.ttf differ diff --git a/projects/ots/seed_corpus/7a37dc4d5bf018456aea291cee06daf004c0221c.ttf b/projects/ots/seed_corpus/7a37dc4d5bf018456aea291cee06daf004c0221c.ttf new file mode 100644 index 00000000..a5787a8c Binary files /dev/null and b/projects/ots/seed_corpus/7a37dc4d5bf018456aea291cee06daf004c0221c.ttf differ diff --git a/projects/ots/seed_corpus/7e14e7883ed152baa158b80e207b66114c823a8b.ttf b/projects/ots/seed_corpus/7e14e7883ed152baa158b80e207b66114c823a8b.ttf new file mode 100644 index 00000000..27efd7c9 Binary files /dev/null and b/projects/ots/seed_corpus/7e14e7883ed152baa158b80e207b66114c823a8b.ttf differ diff --git a/projects/ots/seed_corpus/7ef276fc886ea502a03b9b0e5c8b547d5dc2b61c.ttf b/projects/ots/seed_corpus/7ef276fc886ea502a03b9b0e5c8b547d5dc2b61c.ttf new file mode 100644 index 00000000..fb4534ab Binary files /dev/null and b/projects/ots/seed_corpus/7ef276fc886ea502a03b9b0e5c8b547d5dc2b61c.ttf differ diff --git a/projects/ots/seed_corpus/8099955657a54e9ee38a6ba1d6f950ce58e3cc25.ttf b/projects/ots/seed_corpus/8099955657a54e9ee38a6ba1d6f950ce58e3cc25.ttf new file mode 100644 index 00000000..6bb13bd5 Binary files /dev/null and b/projects/ots/seed_corpus/8099955657a54e9ee38a6ba1d6f950ce58e3cc25.ttf differ diff --git a/projects/ots/seed_corpus/813c2f8e5512187fd982417a7fb4286728e6f4a8.ttf b/projects/ots/seed_corpus/813c2f8e5512187fd982417a7fb4286728e6f4a8.ttf new file mode 100644 index 00000000..b728b277 Binary files /dev/null and b/projects/ots/seed_corpus/813c2f8e5512187fd982417a7fb4286728e6f4a8.ttf differ diff --git a/projects/ots/seed_corpus/8240789f6d12d4cfc4b5e8e6f246c3701bcf861f.ttf b/projects/ots/seed_corpus/8240789f6d12d4cfc4b5e8e6f246c3701bcf861f.ttf new file mode 100644 index 00000000..8eed14d9 Binary files /dev/null and b/projects/ots/seed_corpus/8240789f6d12d4cfc4b5e8e6f246c3701bcf861f.ttf differ diff --git a/projects/ots/seed_corpus/8454d22037f892e76614e1645d066689a0200e61.ttf b/projects/ots/seed_corpus/8454d22037f892e76614e1645d066689a0200e61.ttf new file mode 100644 index 00000000..2cbb67a4 Binary files /dev/null and b/projects/ots/seed_corpus/8454d22037f892e76614e1645d066689a0200e61.ttf differ diff --git a/projects/ots/seed_corpus/8a9fea2a7384f2116e5b84a9b31f83be7850ce21.ttf b/projects/ots/seed_corpus/8a9fea2a7384f2116e5b84a9b31f83be7850ce21.ttf new file mode 100644 index 00000000..875c6998 Binary files /dev/null and b/projects/ots/seed_corpus/8a9fea2a7384f2116e5b84a9b31f83be7850ce21.ttf differ diff --git a/projects/ots/seed_corpus/a34a7b00f22ffb5fd7eef6933b81c7e71bc2cdfb.ttf b/projects/ots/seed_corpus/a34a7b00f22ffb5fd7eef6933b81c7e71bc2cdfb.ttf new file mode 100644 index 00000000..74fceec8 Binary files /dev/null and b/projects/ots/seed_corpus/a34a7b00f22ffb5fd7eef6933b81c7e71bc2cdfb.ttf differ diff --git a/projects/ots/seed_corpus/a919b33197965846f21074b24e30250d67277bce.ttf b/projects/ots/seed_corpus/a919b33197965846f21074b24e30250d67277bce.ttf new file mode 100644 index 00000000..d2f116ef Binary files /dev/null and b/projects/ots/seed_corpus/a919b33197965846f21074b24e30250d67277bce.ttf differ diff --git a/projects/ots/seed_corpus/a98e908e2ed21b22228ea59ebcc0f05034c86f2e.ttf b/projects/ots/seed_corpus/a98e908e2ed21b22228ea59ebcc0f05034c86f2e.ttf new file mode 100644 index 00000000..8bbddb12 Binary files /dev/null and b/projects/ots/seed_corpus/a98e908e2ed21b22228ea59ebcc0f05034c86f2e.ttf differ diff --git a/projects/ots/seed_corpus/b9e2aaa0d75fcef6971ec3a96d806ba4a6b31fe2.ttf b/projects/ots/seed_corpus/b9e2aaa0d75fcef6971ec3a96d806ba4a6b31fe2.ttf new file mode 100644 index 00000000..500276df Binary files /dev/null and b/projects/ots/seed_corpus/b9e2aaa0d75fcef6971ec3a96d806ba4a6b31fe2.ttf differ diff --git a/projects/ots/seed_corpus/bb0c53752e85c3d28973ebc913287b8987d3dfe8.ttf b/projects/ots/seed_corpus/bb0c53752e85c3d28973ebc913287b8987d3dfe8.ttf new file mode 100644 index 00000000..3b7c4707 Binary files /dev/null and b/projects/ots/seed_corpus/bb0c53752e85c3d28973ebc913287b8987d3dfe8.ttf differ diff --git a/projects/ots/seed_corpus/bb9473d2403488714043bcfb946c9f78b86ad627.ttf b/projects/ots/seed_corpus/bb9473d2403488714043bcfb946c9f78b86ad627.ttf new file mode 100644 index 00000000..b16dae6c Binary files /dev/null and b/projects/ots/seed_corpus/bb9473d2403488714043bcfb946c9f78b86ad627.ttf differ diff --git a/projects/ots/seed_corpus/c4e48b0886ef460f532fb49f00047ec92c432ec0.ttf b/projects/ots/seed_corpus/c4e48b0886ef460f532fb49f00047ec92c432ec0.ttf new file mode 100644 index 00000000..99cda169 Binary files /dev/null and b/projects/ots/seed_corpus/c4e48b0886ef460f532fb49f00047ec92c432ec0.ttf differ diff --git a/projects/ots/seed_corpus/cc5f3d2d717fb6bd4dfae1c16d48a2cb8e12233b.ttf b/projects/ots/seed_corpus/cc5f3d2d717fb6bd4dfae1c16d48a2cb8e12233b.ttf new file mode 100644 index 00000000..a48d2a68 Binary files /dev/null and b/projects/ots/seed_corpus/cc5f3d2d717fb6bd4dfae1c16d48a2cb8e12233b.ttf differ diff --git a/projects/ots/seed_corpus/d629e7fedc0b350222d7987345fe61613fa3929a.ttf b/projects/ots/seed_corpus/d629e7fedc0b350222d7987345fe61613fa3929a.ttf new file mode 100644 index 00000000..e674a78b Binary files /dev/null and b/projects/ots/seed_corpus/d629e7fedc0b350222d7987345fe61613fa3929a.ttf differ diff --git a/projects/ots/seed_corpus/df768b9c257e0c9c35786c47cae15c46571d56be.ttf b/projects/ots/seed_corpus/df768b9c257e0c9c35786c47cae15c46571d56be.ttf new file mode 100644 index 00000000..c6d8b18e Binary files /dev/null and b/projects/ots/seed_corpus/df768b9c257e0c9c35786c47cae15c46571d56be.ttf differ diff --git a/projects/ots/seed_corpus/e207635780b42f898d58654b65098763e340f5c7.ttf b/projects/ots/seed_corpus/e207635780b42f898d58654b65098763e340f5c7.ttf new file mode 100644 index 00000000..d91df572 Binary files /dev/null and b/projects/ots/seed_corpus/e207635780b42f898d58654b65098763e340f5c7.ttf differ diff --git a/projects/ots/seed_corpus/ef86fe710cfea877bbe0dbb6946a1f88d0661031.ttf b/projects/ots/seed_corpus/ef86fe710cfea877bbe0dbb6946a1f88d0661031.ttf new file mode 100644 index 00000000..629c470c Binary files /dev/null and b/projects/ots/seed_corpus/ef86fe710cfea877bbe0dbb6946a1f88d0661031.ttf differ diff --git a/projects/ots/seed_corpus/f22416c692720a7d46fadf4af99f4c9e094f00b9.ttf b/projects/ots/seed_corpus/f22416c692720a7d46fadf4af99f4c9e094f00b9.ttf new file mode 100644 index 00000000..1dbadde4 Binary files /dev/null and b/projects/ots/seed_corpus/f22416c692720a7d46fadf4af99f4c9e094f00b9.ttf differ diff --git a/projects/ots/seed_corpus/f499fbc23865022234775c43503bba2e63978fe1.ttf b/projects/ots/seed_corpus/f499fbc23865022234775c43503bba2e63978fe1.ttf new file mode 100644 index 00000000..3c605934 Binary files /dev/null and b/projects/ots/seed_corpus/f499fbc23865022234775c43503bba2e63978fe1.ttf differ diff --git a/projects/ots/seed_corpus/f518eb6f6b5eec2946c9fbbbde44e45d46f5e2ac.ttf b/projects/ots/seed_corpus/f518eb6f6b5eec2946c9fbbbde44e45d46f5e2ac.ttf new file mode 100644 index 00000000..039f5e8a Binary files /dev/null and b/projects/ots/seed_corpus/f518eb6f6b5eec2946c9fbbbde44e45d46f5e2ac.ttf differ diff --git a/projects/ots/seed_corpus/fab39d60d758cb586db5a504f218442cd1395725.ttf b/projects/ots/seed_corpus/fab39d60d758cb586db5a504f218442cd1395725.ttf new file mode 100644 index 00000000..451ed047 Binary files /dev/null and b/projects/ots/seed_corpus/fab39d60d758cb586db5a504f218442cd1395725.ttf differ diff --git a/projects/ots/seed_corpus/fbb6c84c9e1fe0c39e152fbe845e51fd81f6748e.ttf b/projects/ots/seed_corpus/fbb6c84c9e1fe0c39e152fbe845e51fd81f6748e.ttf new file mode 100644 index 00000000..d49432dd Binary files /dev/null and b/projects/ots/seed_corpus/fbb6c84c9e1fe0c39e152fbe845e51fd81f6748e.ttf differ diff --git a/projects/ots/seed_corpus/fcdcffbdf1c4c97c05308d7600e4c283eb47dbca.ttf b/projects/ots/seed_corpus/fcdcffbdf1c4c97c05308d7600e4c283eb47dbca.ttf new file mode 100644 index 00000000..c4e0253c Binary files /dev/null and b/projects/ots/seed_corpus/fcdcffbdf1c4c97c05308d7600e4c283eb47dbca.ttf differ diff --git a/projects/ots/seed_corpus/ffa0f5d2d9025486d8469d8b1fdd983e7632499b.ttf b/projects/ots/seed_corpus/ffa0f5d2d9025486d8469d8b1fdd983e7632499b.ttf new file mode 100644 index 00000000..224dbc63 Binary files /dev/null and b/projects/ots/seed_corpus/ffa0f5d2d9025486d8469d8b1fdd983e7632499b.ttf differ diff --git a/projects/ots/target.yaml b/projects/ots/target.yaml new file mode 100644 index 00000000..0a12f123 --- /dev/null +++ b/projects/ots/target.yaml @@ -0,0 +1 @@ +homepage: "https://github.com/khaledhosny/ots" diff --git a/projects/pcre2/Dockerfile b/projects/pcre2/Dockerfile new file mode 100644 index 00000000..a9fb74de --- /dev/null +++ b/projects/pcre2/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER kcc@google.com +RUN apt-get install -y make autoconf automake libtool subversion + +RUN svn co svn://vcs.exim.org/pcre2/code/trunk pcre2 +COPY build.sh $SRC/ diff --git a/projects/pcre2/build.sh b/projects/pcre2/build.sh new file mode 100755 index 00000000..fdcec503 --- /dev/null +++ b/projects/pcre2/build.sh @@ -0,0 +1,27 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cd pcre2 + +# build the library. +./autogen.sh +./configure --enable-fuzz-support --enable-never-backslash-C --with-match-limit=1000 --with-match-limit-recursion=1000 +make -j$(nproc) clean all + +# Build the target. +$CXX $CXXFLAGS -o $OUT/pcre2_fuzzer \ + -lfuzzer .libs/libpcre2-fuzzsupport.a .libs/libpcre2-8.a diff --git a/projects/pcre2/target.yaml b/projects/pcre2/target.yaml new file mode 100644 index 00000000..fa9c01a0 --- /dev/null +++ b/projects/pcre2/target.yaml @@ -0,0 +1,2 @@ +homepage: "http://www.pcre.org/" +primary_contact: "philip.hazel@gmail.com" diff --git a/projects/re2/Dockerfile b/projects/re2/Dockerfile new file mode 100644 index 00000000..13893cb3 --- /dev/null +++ b/projects/re2/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER wrengr@chromium.org +RUN apt-get install -y make autoconf automake libtool + +RUN git clone https://code.googlesource.com/re2 +WORKDIR re2 +COPY build.sh re2_fuzzer.* $SRC/ diff --git a/projects/re2/build.sh b/projects/re2/build.sh new file mode 100755 index 00000000..066049dc --- /dev/null +++ b/projects/re2/build.sh @@ -0,0 +1,35 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# First, build the re2 library. +# N.B., we don't follow the standard incantation for building re2 +# (i.e., `make && make test && make install && make testinstall`), +# because some of the targets doesn't use $CXXFLAGS properly, which +# causes compilation to fail. The obj/libre2.a target is all we +# really need for our fuzzer, so that's all we build. Hopefully +# this won't cause the fuzzer to fail erroneously due to not running +# upstream's tests first to be sure things compiled correctly. +make clean +make -j$(nproc) obj/libre2.a + + +# Second, build our fuzzers. +$CXX $CXXFLAGS -std=c++11 -I. \ + $SRC/re2_fuzzer.cc -o $OUT/re2_fuzzer \ + -lfuzzer ./obj/libre2.a + +cp $SRC/*.options $OUT/ diff --git a/projects/re2/re2_fuzzer.cc b/projects/re2/re2_fuzzer.cc new file mode 100644 index 00000000..9c16462a --- /dev/null +++ b/projects/re2/re2_fuzzer.cc @@ -0,0 +1,87 @@ +// Copyright (c) 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include + +#include "re2/re2.h" +#include "util/logging.h" + +using std::string; + +void Test(const string& buffer, const string& pattern, + const RE2::Options& options) { + RE2 re(pattern, options); + if (!re.ok()) + return; + + string m1, m2; + int i1, i2; + double d1; + + if (re.NumberOfCapturingGroups() == 0) { + RE2::FullMatch(buffer, re); + RE2::PartialMatch(buffer, re); + } else if (re.NumberOfCapturingGroups() == 1) { + RE2::FullMatch(buffer, re, &m1); + RE2::PartialMatch(buffer, re, &i1); + } else if (re.NumberOfCapturingGroups() == 2) { + RE2::FullMatch(buffer, re, &i1, &i2); + RE2::PartialMatch(buffer, re, &m1, &m2); + } + + re2::StringPiece input(buffer); + RE2::Consume(&input, re, &m1); + RE2::FindAndConsume(&input, re, &d1); + string tmp1(buffer); + RE2::Replace(&tmp1, re, "zz"); + string tmp2(buffer); + RE2::GlobalReplace(&tmp2, re, "xx"); + RE2::QuoteMeta(re2::StringPiece(pattern)); +} + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + if (size < 1) + return 0; + + RE2::Options options; + + size_t options_randomizer = 0; + for (size_t i = 0; i < size; i++) + options_randomizer += data[i]; + + if (options_randomizer & 1) + options.set_encoding(RE2::Options::EncodingLatin1); + + options.set_posix_syntax(options_randomizer & 2); + options.set_longest_match(options_randomizer & 4); + options.set_literal(options_randomizer & 8); + options.set_never_nl(options_randomizer & 16); + options.set_dot_nl(options_randomizer & 32); + options.set_never_capture(options_randomizer & 64); + options.set_case_sensitive(options_randomizer & 128); + options.set_perl_classes(options_randomizer & 256); + options.set_word_boundary(options_randomizer & 512); + options.set_one_line(options_randomizer & 1024); + + options.set_log_errors(false); + + const char* data_input = reinterpret_cast(data); + { + string pattern(data_input, size); + string buffer(data_input, size); + Test(buffer, pattern, options); + } + + if (size >= 3) { + string pattern(data_input, size / 3); + string buffer(data_input + size / 3, size - size / 3); + Test(buffer, pattern, options); + } + + return 0; +} diff --git a/projects/re2/re2_fuzzer.options b/projects/re2/re2_fuzzer.options new file mode 100644 index 00000000..ea2785e1 --- /dev/null +++ b/projects/re2/re2_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +max_len = 32 diff --git a/projects/re2/target.yaml b/projects/re2/target.yaml new file mode 100644 index 00000000..e35d7154 --- /dev/null +++ b/projects/re2/target.yaml @@ -0,0 +1 @@ +homepage: "https://code.googlesource.com/re2" diff --git a/projects/sqlite3/Dockerfile b/projects/sqlite3/Dockerfile new file mode 100644 index 00000000..32a74419 --- /dev/null +++ b/projects/sqlite3/Dockerfile @@ -0,0 +1,31 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER tanin@google.com +RUN apt-get install -y make autoconf automake libtool fossil tcl + +# We won't be able to poll fossil for changes, so this will build +# only once a day. +RUN mkdir $SRC/sqlite3 && \ + cd $SRC/sqlite3 && \ + fossil clone https://www.sqlite.org/src sqlite --user `whoami` && \ + fossil open sqlite + +RUN find $SRC/sqlite3 -name "*.test" | xargs zip $SRC/ossfuzz_seed_corpus.zip + +WORKDIR sqlite3 +COPY build.sh *.dict *.options $SRC/ diff --git a/projects/sqlite3/build.sh b/projects/sqlite3/build.sh new file mode 100755 index 00000000..5a0bbbf1 --- /dev/null +++ b/projects/sqlite3/build.sh @@ -0,0 +1,38 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +mkdir bld +cd bld + +export ASAN_OPTIONS=detect_leaks=0 +# Limit max length of data blobs and sql queries to prevent irrelevant OOMs. +export CFLAGS="$CFLAGS -DSQLITE_MAX_LENGTH=128000000 \ + -DSQLITE_MAX_SQL_LENGTH=128000000 \ + -DSQLITE_PRINTF_PRECISION_LIMIT=128000000" +../configure +make -j$(nproc) +make sqlite3.c + +$CC $CCFLAGS -I. -c \ + $SRC/sqlite3/test/ossfuzz.c -o $SRC/sqlite3/test/ossfuzz.o + +$CXX $CXXFLAGS \ + $SRC/sqlite3/test/ossfuzz.o -o $OUT/ossfuzz \ + -lfuzzer ./sqlite3.o + +cp $SRC/*.options $SRC/*.dict $SRC/*.zip $OUT/ + diff --git a/projects/sqlite3/ossfuzz.options b/projects/sqlite3/ossfuzz.options new file mode 100644 index 00000000..c1b50658 --- /dev/null +++ b/projects/sqlite3/ossfuzz.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = sql.dict diff --git a/projects/sqlite3/sql.dict b/projects/sqlite3/sql.dict new file mode 100644 index 00000000..bf522cc4 --- /dev/null +++ b/projects/sqlite3/sql.dict @@ -0,0 +1,282 @@ +# +# AFL dictionary for SQL +# ---------------------- +# +# Modeled based on SQLite documentation, contains some number of SQLite +# extensions. Other dialects of SQL may benefit from customized dictionaries. +# +# If you append @1 to the file name when loading this dictionary, afl-fuzz +# will also additionally load a selection of pragma keywords that are very +# specific to SQLite (and are probably less interesting from the security +# standpoint, because they are usually not allowed in non-privileged +# contexts). +# +# Created by Michal Zalewski +# + +function_abs=" abs(1)" +function_avg=" avg(1)" +function_changes=" changes()" +function_char=" char(1)" +function_coalesce=" coalesce(1,1)" +function_count=" count(1)" +function_date=" date(1,1,1)" +function_datetime=" datetime(1,1,1)" +function_decimal=" decimal(1,1)" +function_glob=" glob(1,1)" +function_group_concat=" group_concat(1,1)" +function_hex=" hex(1)" +function_ifnull=" ifnull(1,1)" +function_instr=" instr(1,1)" +function_julianday=" julianday(1,1,1)" +function_last_insert_rowid=" last_insert_rowid()" +function_length=" length(1)" +function_like=" like(1,1)" +function_likelihood=" likelihood(1,1)" +function_likely=" likely(1)" +function_load_extension=" load_extension(1,1)" +function_lower=" lower(1)" +function_ltrim=" ltrim(1,1)" +function_max=" max(1,1)" +function_min=" min(1,1)" +function_nullif=" nullif(1,1)" +function_printf=" printf(1,1)" +function_quote=" quote(1)" +function_random=" random()" +function_randomblob=" randomblob(1)" +function_replace=" replace(1,1,1)" +function_round=" round(1,1)" +function_rtrim=" rtrim(1,1)" +function_soundex=" soundex(1)" +function_sqlite_compileoption_get=" sqlite_compileoption_get(1)" +function_sqlite_compileoption_used=" sqlite_compileoption_used(1)" +function_sqlite_source_id=" sqlite_source_id()" +function_sqlite_version=" sqlite_version()" +function_strftime=" strftime(1,1,1,1)" +function_substr=" substr(1,1,1)" +function_sum=" sum(1)" +function_time=" time(1,1,1)" +function_total=" total(1)" +function_total_changes=" total_changes()" +function_trim=" trim(1,1)" +function_typeof=" typeof(1)" +function_unicode=" unicode(1)" +function_unlikely=" unlikely(1)" +function_upper=" upper(1)" +function_varchar=" varchar(1)" +function_zeroblob=" zeroblob(1)" + +keyword_ABORT="ABORT" +keyword_ACTION="ACTION" +keyword_ADD="ADD" +keyword_AFTER="AFTER" +keyword_ALL="ALL" +keyword_ALTER="ALTER" +keyword_ANALYZE="ANALYZE" +keyword_AND="AND" +keyword_AS="AS" +keyword_ASC="ASC" +keyword_ATTACH="ATTACH" +keyword_AUTOINCREMENT="AUTOINCREMENT" +keyword_BEFORE="BEFORE" +keyword_BEGIN="BEGIN" +keyword_BETWEEN="BETWEEN" +keyword_BY="BY" +keyword_CASCADE="CASCADE" +keyword_CASE="CASE" +keyword_CAST="CAST" +keyword_CHECK="CHECK" +keyword_COLLATE="COLLATE" +keyword_COLUMN="COLUMN" +keyword_COMMIT="COMMIT" +keyword_CONFLICT="CONFLICT" +keyword_CONSTRAINT="CONSTRAINT" +keyword_CREATE="CREATE" +keyword_CROSS="CROSS" +keyword_CURRENT_DATE="CURRENT_DATE" +keyword_CURRENT_TIME="CURRENT_TIME" +keyword_CURRENT_TIMESTAMP="CURRENT_TIMESTAMP" +keyword_DATABASE="DATABASE" +keyword_DEFAULT="DEFAULT" +keyword_DEFERRABLE="DEFERRABLE" +keyword_DEFERRED="DEFERRED" +keyword_DELETE="DELETE" +keyword_DESC="DESC" +keyword_DETACH="DETACH" +keyword_DISTINCT="DISTINCT" +keyword_DROP="DROP" +keyword_EACH="EACH" +keyword_ELSE="ELSE" +keyword_END="END" +keyword_ESCAPE="ESCAPE" +keyword_EXCEPT="EXCEPT" +keyword_EXCLUSIVE="EXCLUSIVE" +keyword_EXISTS="EXISTS" +keyword_EXPLAIN="EXPLAIN" +keyword_FAIL="FAIL" +keyword_FOR="FOR" +keyword_FOREIGN="FOREIGN" +keyword_FROM="FROM" +keyword_FULL="FULL" +keyword_GLOB="GLOB" +keyword_GROUP="GROUP" +keyword_HAVING="HAVING" +keyword_IF="IF" +keyword_IGNORE="IGNORE" +keyword_IMMEDIATE="IMMEDIATE" +keyword_IN="IN" +keyword_INDEX="INDEX" +keyword_INDEXED="INDEXED" +keyword_INITIALLY="INITIALLY" +keyword_INNER="INNER" +keyword_INSERT="INSERT" +keyword_INSTEAD="INSTEAD" +keyword_INTERSECT="INTERSECT" +keyword_INTO="INTO" +keyword_IS="IS" +keyword_ISNULL="ISNULL" +keyword_JOIN="JOIN" +keyword_KEY="KEY" +keyword_LEFT="LEFT" +keyword_LIKE="LIKE" +keyword_LIMIT="LIMIT" +keyword_MATCH="MATCH" +keyword_NATURAL="NATURAL" +keyword_NO="NO" +keyword_NOT="NOT" +keyword_NOTNULL="NOTNULL" +keyword_NULL="NULL" +keyword_OF="OF" +keyword_OFFSET="OFFSET" +keyword_ON="ON" +keyword_OR="OR" +keyword_ORDER="ORDER" +keyword_OUTER="OUTER" +keyword_PLAN="PLAN" +keyword_PRAGMA="PRAGMA" +keyword_PRIMARY="PRIMARY" +keyword_QUERY="QUERY" +keyword_RAISE="RAISE" +keyword_RECURSIVE="RECURSIVE" +keyword_REFERENCES="REFERENCES" +#keyword_REGEXP="REGEXP" +keyword_REINDEX="REINDEX" +keyword_RELEASE="RELEASE" +keyword_RENAME="RENAME" +keyword_REPLACE="REPLACE" +keyword_RESTRICT="RESTRICT" +keyword_RIGHT="RIGHT" +keyword_ROLLBACK="ROLLBACK" +keyword_ROW="ROW" +keyword_SAVEPOINT="SAVEPOINT" +keyword_SELECT="SELECT" +keyword_SET="SET" +keyword_TABLE="TABLE" +keyword_TEMP="TEMP" +keyword_TEMPORARY="TEMPORARY" +keyword_THEN="THEN" +keyword_TO="TO" +keyword_TRANSACTION="TRANSACTION" +keyword_TRIGGER="TRIGGER" +keyword_UNION="UNION" +keyword_UNIQUE="UNIQUE" +keyword_UPDATE="UPDATE" +keyword_USING="USING" +keyword_VACUUM="VACUUM" +keyword_VALUES="VALUES" +keyword_VIEW="VIEW" +keyword_VIRTUAL="VIRTUAL" +keyword_WHEN="WHEN" +keyword_WHERE="WHERE" +keyword_WITH="WITH" +keyword_WITHOUT="WITHOUT" + +operator_concat=" || " +operator_ebove_eq=" >=" + +snippet_1eq1=" 1=1" +snippet_at=" @1" +snippet_backticks=" `a`" +snippet_blob=" blob" +snippet_brackets=" [a]" +snippet_colon=" :1" +snippet_comment=" /* */" +snippet_date="2001-01-01" +snippet_dollar=" $1" +snippet_dotref=" a.b" +snippet_fmtY="%Y" +snippet_int=" int" +snippet_neg1=" -1" +snippet_pair=" a,b" +snippet_parentheses=" (1)" +snippet_plus2days="+2 days" +snippet_qmark=" ?1" +snippet_semicolon=" ;" +snippet_star=" *" +snippet_string_pair=" \"a\",\"b\"" + +string_dbl_q=" \"a\"" +string_escaped_q=" 'a''b'" +string_single_q=" 'a'" + +pragma_application_id@1=" application_id" +pragma_auto_vacuum@1=" auto_vacuum" +pragma_automatic_index@1=" automatic_index" +pragma_busy_timeout@1=" busy_timeout" +pragma_cache_size@1=" cache_size" +pragma_cache_spill@1=" cache_spill" +pragma_case_sensitive_like@1=" case_sensitive_like" +pragma_checkpoint_fullfsync@1=" checkpoint_fullfsync" +pragma_collation_list@1=" collation_list" +pragma_compile_options@1=" compile_options" +pragma_count_changes@1=" count_changes" +pragma_data_store_directory@1=" data_store_directory" +pragma_database_list@1=" database_list" +pragma_default_cache_size@1=" default_cache_size" +pragma_defer_foreign_keys@1=" defer_foreign_keys" +pragma_empty_result_callbacks@1=" empty_result_callbacks" +pragma_encoding@1=" encoding" +pragma_foreign_key_check@1=" foreign_key_check" +pragma_foreign_key_list@1=" foreign_key_list" +pragma_foreign_keys@1=" foreign_keys" +pragma_freelist_count@1=" freelist_count" +pragma_full_column_names@1=" full_column_names" +pragma_fullfsync@1=" fullfsync" +pragma_ignore_check_constraints@1=" ignore_check_constraints" +pragma_incremental_vacuum@1=" incremental_vacuum" +pragma_index_info@1=" index_info" +pragma_index_list@1=" index_list" +pragma_integrity_check@1=" integrity_check" +pragma_journal_mode@1=" journal_mode" +pragma_journal_size_limit@1=" journal_size_limit" +pragma_legacy_file_format@1=" legacy_file_format" +pragma_locking_mode@1=" locking_mode" +pragma_max_page_count@1=" max_page_count" +pragma_mmap_size@1=" mmap_size" +pragma_page_count@1=" page_count" +pragma_page_size@1=" page_size" +pragma_parser_trace@1=" parser_trace" +pragma_query_only@1=" query_only" +pragma_quick_check@1=" quick_check" +pragma_read_uncommitted@1=" read_uncommitted" +pragma_recursive_triggers@1=" recursive_triggers" +pragma_reverse_unordered_selects@1=" reverse_unordered_selects" +pragma_schema_version@1=" schema_version" +pragma_secure_delete@1=" secure_delete" +pragma_short_column_names@1=" short_column_names" +pragma_shrink_memory@1=" shrink_memory" +pragma_soft_heap_limit@1=" soft_heap_limit" +pragma_stats@1=" stats" +pragma_synchronous@1=" synchronous" +pragma_table_info@1=" table_info" +pragma_temp_store@1=" temp_store" +pragma_temp_store_directory@1=" temp_store_directory" +pragma_threads@1=" threads" +pragma_user_version@1=" user_version" +pragma_vdbe_addoptrace@1=" vdbe_addoptrace" +pragma_vdbe_debug@1=" vdbe_debug" +pragma_vdbe_listing@1=" vdbe_listing" +pragma_vdbe_trace@1=" vdbe_trace" +pragma_wal_autocheckpoint@1=" wal_autocheckpoint" +pragma_wal_checkpoint@1=" wal_checkpoint" +pragma_writable_schema@1=" writable_schema" diff --git a/projects/sqlite3/target.yaml b/projects/sqlite3/target.yaml new file mode 100644 index 00000000..ee53bbe4 --- /dev/null +++ b/projects/sqlite3/target.yaml @@ -0,0 +1,5 @@ +homepage: "https://sqlite.org/" +sanitizers: + - address + - undefined + diff --git a/projects/tpm2/Jenkinsfile b/projects/tpm2/Jenkinsfile new file mode 100644 index 00000000..deb8716a --- /dev/null +++ b/projects/tpm2/Jenkinsfile @@ -0,0 +1,26 @@ +// Copyright 2016 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +def libfuzzerBuild = fileLoader.fromGit( + 'infra/libfuzzer-pipeline.groovy', + 'https://github.com/google/oss-fuzz.git') + +libfuzzerBuild { + git = "https://chromium.googlesource.com/chromiumos/third_party/tpm2/" + // tpm2/ will contain checkout + dockerfile = "tpm2/fuzz/Dockerfile" + dockerContextDir = "tpm2/" +} diff --git a/projects/tpm2/target.yaml b/projects/tpm2/target.yaml new file mode 100644 index 00000000..d3be9026 --- /dev/null +++ b/projects/tpm2/target.yaml @@ -0,0 +1,4 @@ +homepage: "https://chromium.googlesource.com/chromiumos/third_party/tpm2" +dockerfile: + git: "https://chromium.googlesource.com/chromiumos/third_party/tpm2/" + path: "fuzz/Dockerfile" diff --git a/projects/woff2/Dockerfile b/projects/woff2/Dockerfile new file mode 100644 index 00000000..cf7066fd --- /dev/null +++ b/projects/woff2/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER mmoroz@chromium.org +RUN apt-get install -y make autoconf automake libtool + +RUN git clone --recursive https://github.com/google/woff2 +WORKDIR woff2 +COPY build.sh convert_woff2ttf_fuzzer.* $SRC/ diff --git a/projects/woff2/build.sh b/projects/woff2/build.sh new file mode 100755 index 00000000..6d113559 --- /dev/null +++ b/projects/woff2/build.sh @@ -0,0 +1,40 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Build the library. Actually there is no 'library' target, so we use .o files. +# '-no-canonical-prefixes' flag makes clang crazy. Need to avoid it. +cat brotli/shared.mk | sed -e "s/-no-canonical-prefixes//" \ +> brotli/shared.mk.temp +mv brotli/shared.mk.temp brotli/shared.mk + +cat Makefile | sed -e "s/-no-canonical-prefixes//" \ +> Makefile.temp +mv Makefile.temp Makefile + +# woff2 uses LFLAGS instead of LDFLAGS. +make -j$(nproc) CC="$CC $CFLAGS" CXX="$CXX $CXXFLAGS" clean all + +# To avoid multiple main() definitions. +rm src/woff2_compress.o src/woff2_decompress.o + +# Build the fuzzer. +fuzzer=convert_woff2ttf_fuzzer +$CXX $CXXFLAGS -std=c++11 -Isrc \ + $SRC/$fuzzer.cc -o $OUT/$fuzzer \ + -lfuzzer src/*.o brotli/dec/*.o brotli/enc/*.o + +cp $SRC/*.options $OUT/ diff --git a/projects/woff2/convert_woff2ttf_fuzzer.cc b/projects/woff2/convert_woff2ttf_fuzzer.cc new file mode 100644 index 00000000..1c81e32e --- /dev/null +++ b/projects/woff2/convert_woff2ttf_fuzzer.cc @@ -0,0 +1,17 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "woff2_dec.h" + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + std::string buf; + woff2::WOFF2StringOut out(&buf); + out.SetMaxSize(30 * 1024 * 1024); + woff2::ConvertWOFF2ToTTF(data, size, &out); + return 0; +} diff --git a/projects/woff2/convert_woff2ttf_fuzzer.options b/projects/woff2/convert_woff2ttf_fuzzer.options new file mode 100644 index 00000000..e5ae71b9 --- /dev/null +++ b/projects/woff2/convert_woff2ttf_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +max_len = 1000000 diff --git a/projects/woff2/target.yaml b/projects/woff2/target.yaml new file mode 100644 index 00000000..403d2536 --- /dev/null +++ b/projects/woff2/target.yaml @@ -0,0 +1 @@ +homepage: "https://github.com/google/woff2" diff --git a/projects/zlib/Dockerfile b/projects/zlib/Dockerfile new file mode 100644 index 00000000..ee844922 --- /dev/null +++ b/projects/zlib/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER inferno@chromium.org +RUN apt-get install -y make autoconf automake libtool + +RUN git clone https://github.com/madler/zlib.git +WORKDIR zlib +COPY build.sh zlib_uncompress_fuzzer.cc $SRC/ diff --git a/projects/zlib/build.sh b/projects/zlib/build.sh new file mode 100755 index 00000000..50f5cbd9 --- /dev/null +++ b/projects/zlib/build.sh @@ -0,0 +1,8 @@ +#!/bin/bash -eu + +./configure +make -j$(nproc) clean all + +$CXX $CXXFLAGS -std=c++11 -I. \ + $SRC/zlib_uncompress_fuzzer.cc -o $OUT/zlib_uncompress_fuzzer \ + -lfuzzer ./libz.a diff --git a/projects/zlib/target.yaml b/projects/zlib/target.yaml new file mode 100644 index 00000000..df8c92fe --- /dev/null +++ b/projects/zlib/target.yaml @@ -0,0 +1 @@ +homepage: "http://www.zlib.net/" diff --git a/projects/zlib/zlib_uncompress_fuzzer.cc b/projects/zlib/zlib_uncompress_fuzzer.cc new file mode 100644 index 00000000..808793b8 --- /dev/null +++ b/projects/zlib/zlib_uncompress_fuzzer.cc @@ -0,0 +1,21 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include +#include + +#include "zlib.h" + +static Bytef buffer[256 * 1024] = { 0 }; + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + uLongf buffer_length = static_cast(sizeof(buffer)); + if (Z_OK != uncompress(buffer, &buffer_length, data, + static_cast(size))) { + return 0; + } + return 0; +} diff --git a/targets/README.md b/targets/README.md new file mode 100644 index 00000000..967ebc65 --- /dev/null +++ b/targets/README.md @@ -0,0 +1 @@ +Content of this directory has been moved to [`../projects/`](../projects/). diff --git a/targets/all.sh b/targets/all.sh deleted file mode 100755 index 7e34cc21..00000000 --- a/targets/all.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -eu -# -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Development script to build all images. -IGNORE="build:docs:infra:tpm2:scripts" - -for target in targets/*; do - if [[ -f $target || ":${IGNORE}:" == *":$target:"* ]]; then continue; fi - echo "@ Building $target" - docker build -t ossfuzz/$target $target/ - - # Execute command ($1) if any - case ${1-} in - "") - ;; - compile|test) - docker run --rm -ti ossfuzz/$target $@ - ;; - *) - echo $"Usage: $0 {|compile}" - exit 1 - esac - -done diff --git a/targets/boringssl/Dockerfile b/targets/boringssl/Dockerfile deleted file mode 100644 index 0368f816..00000000 --- a/targets/boringssl/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER mike.aizatsky@gmail.com -RUN apt-get install -y cmake ninja-build golang - -RUN git clone https://boringssl.googlesource.com/boringssl -COPY build.sh $SRC/ diff --git a/targets/boringssl/build.sh b/targets/boringssl/build.sh deleted file mode 100755 index 832b9665..00000000 --- a/targets/boringssl/build.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -eux -# -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -mkdir -p $WORK/boringssl -cd $WORK/boringssl - -CFLAGS="$CFLAGS -DBORINGSSL_UNSAFE_FUZZER_MODE" -CXXFLAGS="$CXXFLAGS -DBORINGSSL_UNSAFE_FUZZER_MODE" - -cmake -GNinja -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \ - -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ - $SRC/boringssl/ -ninja - -fuzzerFiles=$(find $SRC/boringssl/fuzz/ -name "*.cc") - -find . -name "*.a" - -for F in $fuzzerFiles; do - fuzzerName=$(basename $F .cc) - echo "Building fuzzer $fuzzerName" - $CXX $CXXFLAGS -std=c++11 \ - -o $OUT/${fuzzerName} -lfuzzer $F \ - -I $SRC/boringssl/include ./ssl/libssl.a ./crypto/libcrypto.a - - if [ -d "$SRC/boringssl/fuzz/${fuzzerName}_corpus" ]; then - zip -j $OUT/${fuzzerName}_seed_corpus.zip $SRC/boringssl/fuzz/${fuzzerName}_corpus/* - fi -done diff --git a/targets/boringssl/target.yaml b/targets/boringssl/target.yaml deleted file mode 100644 index e57f1846..00000000 --- a/targets/boringssl/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://boringssl.googlesource.com/boringssl/" diff --git a/targets/c-ares/Dockerfile b/targets/c-ares/Dockerfile deleted file mode 100644 index 56e50dcf..00000000 --- a/targets/c-ares/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER mmoroz@chromium.org -RUN apt-get install -y make autoconf automake libtool -RUN git clone https://github.com/c-ares/c-ares.git -WORKDIR c-ares -COPY build.sh *_fuzzer.cc $SRC/ diff --git a/targets/c-ares/build.sh b/targets/c-ares/build.sh deleted file mode 100755 index 41fbf3bb..00000000 --- a/targets/c-ares/build.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Build the target. -./buildconf -./configure --enable-debug -make clean -make -j$(nproc) V=1 all - -# Build the fuzzer. -$CXX $CXXFLAGS -std=c++11 -I. \ - $SRC/c_ares_ares_create_query_fuzzer.cc \ - -o $OUT/c_ares_ares_create_query_fuzzer \ - -lfuzzer $SRC/c-ares/.libs/libcares.a diff --git a/targets/c-ares/c_ares_ares_create_query_fuzzer.cc b/targets/c-ares/c_ares_ares_create_query_fuzzer.cc deleted file mode 100644 index fc12938e..00000000 --- a/targets/c-ares/c_ares_ares_create_query_fuzzer.cc +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright 2016 Google Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include -#include - -#include - -#include - -#include - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - unsigned char *buf; - int buflen; - std::string s(reinterpret_cast(data), size); - ares_create_query(s.c_str(), ns_c_in, ns_t_a, 0x1234, 0, &buf, &buflen, 0); - ares_free_string(buf); - return 0; -} diff --git a/targets/c-ares/target.yaml b/targets/c-ares/target.yaml deleted file mode 100644 index 58790408..00000000 --- a/targets/c-ares/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://c-ares.haxx.se/" diff --git a/targets/curl/Dockerfile b/targets/curl/Dockerfile deleted file mode 100644 index d8df622d..00000000 --- a/targets/curl/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER dvyukov@google.com -RUN apt-get install -y make autoconf automake libtool libssl-dev zlib1g-dev - -RUN git clone https://github.com/curl/curl.git -WORKDIR curl -COPY build.sh curl_fuzzer.cc *.options *.dict $SRC/ - diff --git a/targets/curl/build.sh b/targets/curl/build.sh deleted file mode 100755 index 35deec89..00000000 --- a/targets/curl/build.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -./buildconf -./configure --disable-shared --enable-debug --enable-maintainer-mode --disable-symbol-hiding --disable-threaded-resolver --enable-ipv6 --with-random=/dev/null -make -j$(nproc) -$CXX $CXXFLAGS $SRC/curl_fuzzer.cc -Iinclude lib/.libs/libcurl.a \ - -o $OUT/curl_fuzzer \ - -Wl,-Bstatic -lssl -lcrypto -lz -lfuzzer -Wl,-Bdynamic - -# /usr/lib/x86_64-linux-gnu/libssl.a \ -# /usr/lib/x86_64-linux-gnu/libcrypto.a \ - -cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/targets/curl/curl_fuzzer.cc b/targets/curl/curl_fuzzer.cc deleted file mode 100644 index b292e346..00000000 --- a/targets/curl/curl_fuzzer.cc +++ /dev/null @@ -1,117 +0,0 @@ -/* -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -*/ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -static const void *cur_data; -static int cur_size = -1; -static int server_fd = -1; -static int client_fd = -1; -static bool wrote = false; - -static void fail(const char *why) { - perror(why); - exit(1); -} - -static curl_socket_t open_sock(void *ctx, curlsocktype purpose, - struct curl_sockaddr *address) { - if (cur_size == -1) fail("not fuzzing"); - if (server_fd != -1 || client_fd != -1) fail("already connected"); - int fds[2]; - if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds)) fail("socketpair"); - server_fd = fds[0]; - client_fd = fds[1]; - if (write(server_fd, cur_data, cur_size) != cur_size) fail("write"); - if (shutdown(server_fd, SHUT_WR)) fail("shutdown"); - return client_fd; -} - -static int set_opt(void *ctx, curl_socket_t curlfd, curlsocktype purpose) { - return CURL_SOCKOPT_ALREADY_CONNECTED; -} - -static size_t write_callback(char *ptr, size_t size, size_t n, void *ctx) { - return size * n; -} - -static size_t read_callback(char *buf, size_t size, size_t n, void *ctx) { - if (wrote || size * n == 0) return 0; - wrote = true; - buf[0] = 'a'; - return 1; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - cur_data = Data; - cur_size = Size; - wrote = false; - CURL *curl = curl_easy_init(); - curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback); - curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback); - curl_easy_setopt(curl, CURLOPT_OPENSOCKETFUNCTION, open_sock); - curl_easy_setopt(curl, CURLOPT_SOCKOPTFUNCTION, set_opt); -#if defined(FUZZER_FTP) - curl_easy_setopt(curl, CURLOPT_URL, "ftp://user@localhost/file.txt"); -#elif defined(FUZZER_IMAP) - curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); - curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); - curl_easy_setopt(curl, CURLOPT_URL, "imap://localhost"); -#elif defined(FUZZER_POP3) - curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); - curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); - curl_easy_setopt(curl, CURLOPT_URL, "pop3://localhost"); -#elif defined(FUZZER_HTTP_UPLOAD) - curl_easy_setopt(curl, CURLOPT_URL, "http://localhost/"); - curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); - curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); -#elif defined(FUZZER_HTTP2) - curl_easy_setopt(curl, CURLOPT_URL, "http://localhost/"); - curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 0L); -#else - curl_easy_setopt(curl, CURLOPT_URL, "http://localhost/"); - curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); -#endif - curl_easy_perform(curl); - curl_easy_cleanup(curl); - close(server_fd); - close(client_fd); - server_fd = -1; - client_fd = -1; - cur_data = NULL; - cur_size = -1; - return 0; -} diff --git a/targets/curl/curl_fuzzer.options b/targets/curl/curl_fuzzer.options deleted file mode 100644 index e8e81518..00000000 --- a/targets/curl/curl_fuzzer.options +++ /dev/null @@ -1,3 +0,0 @@ -[libfuzzer] -max_len = 1000 -dict = http.dict diff --git a/targets/curl/http.dict b/targets/curl/http.dict deleted file mode 100644 index 57b7b437..00000000 --- a/targets/curl/http.dict +++ /dev/null @@ -1,41 +0,0 @@ -"\x0a\x0d" -"HTTP/1.0" -"HTTP/1.1" -"100" -"200" -"301" -"400" -"Server:" -"Last-Modified:" -"Content-Type:" -"text/html" -"charset=UTF-8" -"Accept-Ranges:" -"bytes" -"Content-Length:" -"Transfer-Encoding:" -"compress" -"exi" -"gzip" -"identity" -"pack200-gzip" -"br" -"deflate" -"bzip2" -"lzma" -"xz" -"Content-Encoding:" -"chunked" -"Connection:" -"close" -"Date:" -"Expires:" -"Fri, 31 Dec 1999 23:59:59 GMT" -"Cache-Control:" -"no-cache" -"no-store" -"must-revalidate" -"Pragma:" -"no-cache" -"Host:" - diff --git a/targets/curl/target.yaml b/targets/curl/target.yaml deleted file mode 100644 index 30580bab..00000000 --- a/targets/curl/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://curl.haxx.se/" diff --git a/targets/expat/Dockerfile b/targets/expat/Dockerfile deleted file mode 100644 index 83302cd7..00000000 --- a/targets/expat/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER mike.aizatsky@gmail.com -RUN apt-get install -y make autoconf automake libtool docbook2x - -RUN git clone git://git.code.sf.net/p/expat/code_git expat -WORKDIR expat/expat -COPY build.sh parse_fuzzer.* xml.dict $SRC/ diff --git a/targets/expat/Jenkinsfile b/targets/expat/Jenkinsfile deleted file mode 100644 index 8dde3da7..00000000 --- a/targets/expat/Jenkinsfile +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright 2016 Google Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -def libfuzzerBuild = fileLoader.fromGit('infra/libfuzzer-pipeline.groovy', - 'https://github.com/google/oss-fuzz.git') - -libfuzzerBuild { - git = "git://git.code.sf.net/p/expat/code_git" - sanitizers = ["address", "undefined"] -} diff --git a/targets/expat/build.sh b/targets/expat/build.sh deleted file mode 100755 index 06e03612..00000000 --- a/targets/expat/build.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -./buildconf.sh -./configure -make clean -make -j$(nproc) all - -$CXX $CXXFLAGS -std=c++11 -Ilib/ \ - $SRC/parse_fuzzer.cc -o $OUT/parse_fuzzer \ - -lfuzzer .libs/libexpat.a - -cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/targets/expat/parse_fuzzer.cc b/targets/expat/parse_fuzzer.cc deleted file mode 100644 index da464095..00000000 --- a/targets/expat/parse_fuzzer.cc +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include "expat.h" - -std::vector kEncodings = {{"UTF-16", "UTF-8", "ISO-8859-1", - "US-ASCII", "UTF-16BE", "UTF-16LE", - "INVALIDENCODING"}}; -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - const char* dataPtr = reinterpret_cast(data); - for (int use_ns = 0; use_ns <= 1; ++use_ns) { - for (auto enc : kEncodings) { - XML_Parser parser = - use_ns ? XML_ParserCreateNS(enc, '\n') : XML_ParserCreate(enc); - XML_Parse(parser, dataPtr, size, true); - XML_ParserFree(parser); - } - } - return 0; -} diff --git a/targets/expat/parse_fuzzer.options b/targets/expat/parse_fuzzer.options deleted file mode 100644 index 46f3f567..00000000 --- a/targets/expat/parse_fuzzer.options +++ /dev/null @@ -1,3 +0,0 @@ -[libfuzzer] -dict = xml.dict -max_len = 1024 diff --git a/targets/expat/target.yaml b/targets/expat/target.yaml deleted file mode 100644 index b183ac20..00000000 --- a/targets/expat/target.yaml +++ /dev/null @@ -1,4 +0,0 @@ -homepage: "http://expat.sourceforge.net/" -sanitizers: - - address - - undefined diff --git a/targets/expat/xml.dict b/targets/expat/xml.dict deleted file mode 100644 index 8449cb08..00000000 --- a/targets/expat/xml.dict +++ /dev/null @@ -1,125 +0,0 @@ -# -# AFL dictionary for XML -# ---------------------- -# -# Several basic syntax elements and attributes, modeled on libxml2. -# -# Created by Michal Zalewski -# - -attr_encoding=" encoding=\"1\"" -attr_generic=" a=\"1\"" -attr_href=" href=\"1\"" -attr_standalone=" standalone=\"no\"" -attr_version=" version=\"1\"" -attr_xml_base=" xml:base=\"1\"" -attr_xml_id=" xml:id=\"1\"" -attr_xml_lang=" xml:lang=\"1\"" -attr_xml_space=" xml:space=\"1\"" -attr_xmlns=" xmlns=\"1\"" - -entity_builtin="<" -entity_decimal="" -entity_external="&a;" -entity_hex="" - -# keywords -"ANY" -"ATTLIST" -"CDATA" -"DOCTYPE" -"ELEMENT" -"EMPTY" -"ENTITIES" -"ENTITY" -"FIXED" -"ID" -"IDREF" -"IDREFS" -"IGNORE" -"IMPLIED" -"INCLUDE" -"NDATA" -"NMTOKEN" -"NMTOKENS" -"NOTATION" -"PCDATA" -"PUBLIC" -"REQUIRED" -"SYSTEM" - -# Various tag parts -"<" -">" -"/>" -"" -"" -"[]" -"]]" -"" -"\"\"" -"''" -"=\"\"" -"=''" - -# DTD -"" -tag_open="" -tag_open_close="" - - -"" -"http://docboo" -"http://www.w" -"he30" -"he2" -"IET" -"FDF-10" -"aDUCS-4OPveb:" -"a>" -"UT" -"xMl" -"/usr/share/sg" -"ha07" -"http://www.oa" -"cle" diff --git a/targets/ffmpeg/Dockerfile b/targets/ffmpeg/Dockerfile deleted file mode 100644 index 6543bc8e..00000000 --- a/targets/ffmpeg/Dockerfile +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER mmoroz@chromium.org -RUN apt-get install -y make autoconf automake libtool build-essential \ - libass-dev libfreetype6-dev libsdl1.2-dev \ - libvdpau-dev libxcb1-dev libxcb-shm0-dev \ - pkg-config texinfo libbz2-dev zlib1g-dev nasm yasm cmake mercurial wget \ - xutils-dev libpciaccess-dev - -RUN git clone https://git.ffmpeg.org/ffmpeg.git ffmpeg - -RUN wget ftp://ftp.alsa-project.org/pub/lib/alsa-lib-1.1.0.tar.bz2 -RUN git clone git://anongit.freedesktop.org/mesa/drm -RUN git clone https://github.com/mstorsjo/fdk-aac.git -RUN wget https://sourceforge.net/projects/lame/files/latest/download -O lame.tar.gz -RUN git clone git://anongit.freedesktop.org/xorg/lib/libXext -RUN git clone git://anongit.freedesktop.org/git/xorg/lib/libXfixes -RUN git clone git://anongit.freedesktop.org/git/libva -RUN git clone git://people.freedesktop.org/~aplattner/libvdpau -RUN git clone https://chromium.googlesource.com/webm/libvpx -RUN svn co http://svn.xiph.org/trunk/ogg -RUN git clone git://git.xiph.org/opus.git -RUN git clone git://git.xiph.org/theora.git -RUN git clone git://git.xiph.org/vorbis.git -RUN git clone git://git.videolan.org/git/x264.git -RUN hg clone https://bitbucket.org/multicoreware/x265 - -COPY build.sh group_seed_corpus.py $SRC/ diff --git a/targets/ffmpeg/build.sh b/targets/ffmpeg/build.sh deleted file mode 100755 index 87e589dc..00000000 --- a/targets/ffmpeg/build.sh +++ /dev/null @@ -1,291 +0,0 @@ -#!/bin/bash -eux -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Build dependencies. -export FFMPEG_DEPS_PATH=$SRC/ffmpeg_deps -mkdir -p $FFMPEG_DEPS_PATH - -cd $SRC -bzip2 -f -d alsa-lib-* -tar xf alsa-lib-* -cd alsa-lib-* -./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared -make clean -make -j$(nproc) all -make install - -cd $SRC/drm -# Requires xutils-dev libpciaccess-dev -./autogen.sh -./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static -make clean -make -j$(nproc) -make install - -cd $SRC/fdk-aac -autoreconf -fiv -./configure --prefix="$FFMPEG_DEPS_PATH" --disable-shared -make clean -make -j$(nproc) all -make install - -cd $SRC -tar xzf lame.tar.gz -cd lame-* -./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static -make clean -make -j$(nproc) -make install - -cd $SRC/libXext -./autogen.sh -./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static -make clean -make -j$(nproc) -make install - -cd $SRC/libXfixes -./autogen.sh -./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static -make clean -make -j$(nproc) -make install - -cd $SRC/libva -./autogen.sh -./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared -make clean -make -j$(nproc) all -make install - -cd $SRC/libvdpau -./autogen.sh -./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared -make clean -make -j$(nproc) all -make install - -cd $SRC/libvpx -LDFLAGS="$CXXFLAGS $LDFLAGS" ./configure --prefix="$FFMPEG_DEPS_PATH" \ - --disable-examples --disable-unit-tests -make clean -make -j$(nproc) all -make install - -cd $SRC/ogg -./autogen.sh -./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static -make clean -make -j$(nproc) -make install - -cd $SRC/opus -./autogen.sh -./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static -make clean -make -j$(nproc) all -make install - -cd $SRC/theora -# theora requires ogg, need to pass its location to the "configure" script. -CFLAGS="$CFLAGS -fPIC" LDFLAGS="$LDFLAGS -L$FFMPEG_DEPS_PATH/lib/" \ - CPPFLAGS="$CXXFLAGS -I$FFMPEG_DEPS_PATH/include/" \ - LD_LIBRARY_PATH="$FFMPEG_DEPS_PATH/lib/" \ - ./autogen.sh --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-examples -make clean -make -j$(nproc) -make install - -cd $SRC/vorbis -./autogen.sh -./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static -make clean -make -j$(nproc) -make install - -cd $SRC/x264 -LDFLAGS="$CXXFLAGS $LDFLAGS" ./configure --prefix="$FFMPEG_DEPS_PATH" \ - --enable-static -make clean -make -j$(nproc) -make install - -cd $SRC/x265/build/linux -cmake -G "Unix Makefiles" \ - -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \ - -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ - -DCMAKE_INSTALL_PREFIX="$FFMPEG_DEPS_PATH" -DENABLE_SHARED:bool=off \ - ../../source -make clean -make -j$(nproc) x265-static -make install - -# Remove shared libraries to avoid accidental linking against them. -rm $FFMPEG_DEPS_PATH/lib/*.so -rm $FFMPEG_DEPS_PATH/lib/*.so.* - -# Build the target. -cd $SRC/ffmpeg -PKG_CONFIG_PATH="$FFMPEG_DEPS_PATH/lib/pkgconfig" ./configure \ - --cc=$CC --cxx=$CXX --ld="$CXX $CXXFLAGS -std=c++11" \ - --extra-cflags="-I$FFMPEG_DEPS_PATH/include" \ - --extra-ldflags="-L$FFMPEG_DEPS_PATH/lib" \ - --prefix="$FFMPEG_DEPS_PATH" \ - --pkg-config-flags="--static" \ - --enable-gpl \ - --enable-libass \ - --enable-libfdk-aac \ - --enable-libfreetype \ - --enable-libmp3lame \ - --enable-libopus \ - --enable-libtheora \ - --enable-libvorbis \ - --enable-libvpx \ - --enable-libx264 \ - --enable-libx265 \ - --enable-nonfree \ - --disable-shared -make clean -make -j$(nproc) install - -# Download test sampes, will be used as seed corpus. -export TEST_SAMPLES_PATH=$SRC/ffmpeg/fate-suite/ -make fate-rsync SAMPLES=$TEST_SAMPLES_PATH - -# Build the fuzzers. -cd $SRC/ffmpeg - -export TEMP_VAR_CODEC="AV_CODEC_ID_H264" -export TEMP_VAR_CODEC_TYPE="VIDEO" - -FFMPEG_FUZZERS_COMMON_FLAGS="-lfuzzer /usr/local/lib/libc++.a \ - -L$FFMPEG_DEPS_PATH/lib \ - -Llibavcodec -Llibavdevice -Llibavfilter -Llibavformat -Llibavresample \ - -Llibavutil -Llibpostproc -Llibswscale -Llibswresample \ - -Wl,--as-needed -Wl,-z,noexecstack -Wl,--warn-common \ - -Wl,-rpath-link=libpostproc:libswresample:libswscale:libavfilter:libavdevice:libavformat:libavcodec:libavutil:libavresample \ - -lavdevice -lavfilter -lavformat -lavcodec -lswresample -lswscale \ - -lavutil -ldl -lxcb -lxcb-shm -lxcb -lxcb-xfixes -lxcb -lxcb-shape -lxcb \ - -lX11 -lasound -lm -lbz2 -lz -pthread -lva-x11 -lXext -lXfixes \ - -lx264 -lx265 -lvpx -lva -lvorbis -logg -lvorbisenc -lopus -lmp3lame \ - -lfdk-aac -ltheora -ltheoraenc -ltheoradec -lvdpau -lva-drm -ldrm" - -# Build fuzzers for audio formats. -CODEC_TYPE="AUDIO" -CODEC_NAMES="AV_CODEC_ID_AAC \ - AV_CODEC_ID_AC3 \ - AV_CODEC_ID_ADPCM_ADX \ - AV_CODEC_ID_AMR_NB \ - AV_CODEC_ID_AMR_WB \ - AV_CODEC_ID_DTS \ - AV_CODEC_ID_EAC3 \ - AV_CODEC_ID_FLAC \ - AV_CODEC_ID_GSM_MS \ - AV_CODEC_ID_MP2 \ - AV_CODEC_ID_MP3 \ - AV_CODEC_ID_QCELP \ - AV_CODEC_ID_SIPR \ - AV_CODEC_ID_WAVPACK" - -for codec in $CODEC_NAMES; do - fuzzer_name=ffmpeg_${CODEC_TYPE}_${codec}_fuzzer - - $CC $CFLAGS -I${FFMPEG_DEPS_PATH}/include \ - $SRC/ffmpeg/doc/examples/decoder_targeted.c \ - -o $OUT/${fuzzer_name} \ - -DFFMPEG_CODEC=${codec} -DFUZZ_FFMPEG_${CODEC_TYPE}= \ - ${FFMPEG_FUZZERS_COMMON_FLAGS} - - echo -en "[libfuzzer]\nmax_len = 1000000\n" > $OUT/${fuzzer_name}.options -done - -# Build fuzzers for subtitles formats. -CODEC_TYPE="SUBTITLE" -CODEC_NAMES="AV_CODEC_ID_DVD_SUBTITLE \ - AV_CODEC_ID_MOV_TEXT \ - AV_CODEC_ID_SUBRIP" - -for codec in $CODEC_NAMES; do - fuzzer_name=ffmpeg_${CODEC_TYPE}_${codec}_fuzzer - - $CC $CFLAGS -I${FFMPEG_DEPS_PATH}/include \ - $SRC/ffmpeg/doc/examples/decoder_targeted.c \ - -o $OUT/${fuzzer_name} \ - -DFFMPEG_CODEC=${codec} -DFUZZ_FFMPEG_${CODEC_TYPE}= \ - ${FFMPEG_FUZZERS_COMMON_FLAGS} -done - -# Build fuzzers for video formats. -CODEC_TYPE="VIDEO" -CODEC_NAMES="AV_CODEC_ID_AMV \ - AV_CODEC_ID_BINTEXT \ - AV_CODEC_ID_BMP \ - AV_CODEC_ID_CINEPAK \ - AV_CODEC_ID_DVVIDEO \ - AV_CODEC_ID_ESCAPE130 \ - AV_CODEC_ID_FLIC \ - AV_CODEC_ID_FLV1 \ - AV_CODEC_ID_FRAPS \ - AV_CODEC_ID_GIF \ - AV_CODEC_ID_H263 \ - AV_CODEC_ID_H263I \ - AV_CODEC_ID_H264 \ - AV_CODEC_ID_INDEO2 \ - AV_CODEC_ID_INTERPLAY_VIDEO \ - AV_CODEC_ID_JPEGLS \ - AV_CODEC_ID_KMVC \ - AV_CODEC_ID_MDEC \ - AV_CODEC_ID_MJPEG \ - AV_CODEC_ID_MPEG1VIDEO \ - AV_CODEC_ID_MPEG2VIDEO \ - AV_CODEC_ID_MPEG4 \ - AV_CODEC_ID_MSVIDEO1 \ - AV_CODEC_ID_PCX \ - AV_CODEC_ID_PGM \ - AV_CODEC_ID_PICTOR \ - AV_CODEC_ID_PNG \ - AV_CODEC_ID_RPZA \ - AV_CODEC_ID_RV40 \ - AV_CODEC_ID_SANM \ - AV_CODEC_ID_SMC \ - AV_CODEC_ID_SUNRAST \ - AV_CODEC_ID_SVQ1 \ - AV_CODEC_ID_SVQ3 \ - AV_CODEC_ID_TARGA \ - AV_CODEC_ID_TIFF \ - AV_CODEC_ID_VP3 \ - AV_CODEC_ID_VP5 \ - AV_CODEC_ID_VP6 \ - AV_CODEC_ID_VP6F \ - AV_CODEC_ID_VP8 \ - AV_CODEC_ID_ZMBV" - -for codec in $CODEC_NAMES; do - fuzzer_name=ffmpeg_${CODEC_TYPE}_${codec}_fuzzer - - $CC $CFLAGS -I${FFMPEG_DEPS_PATH}/include \ - $SRC/ffmpeg/doc/examples/decoder_targeted.c \ - -o $OUT/${fuzzer_name} \ - -DFFMPEG_CODEC=${codec} -DFUZZ_FFMPEG_${CODEC_TYPE}= \ - ${FFMPEG_FUZZERS_COMMON_FLAGS} - - echo -en "[libfuzzer]\nmax_len = 1000000\n" > $OUT/${fuzzer_name}.options -done - -# Find relevant corpus in test samples and archive them for every fuzzer. -cd $SRC -python group_seed_corpus.py $TEST_SAMPLES_PATH $OUT/ diff --git a/targets/ffmpeg/group_seed_corpus.py b/targets/ffmpeg/group_seed_corpus.py deleted file mode 100755 index 1e1d51cd..00000000 --- a/targets/ffmpeg/group_seed_corpus.py +++ /dev/null @@ -1,138 +0,0 @@ -#!/usr/bin/env python -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -from __future__ import print_function -import logging -import os -import re -import sys -import zipfile - - -logging.basicConfig(level=logging.INFO, format='INFO: %(message)s') -CODEC_NAME_REGEXP = re.compile(r'codec_id_(.+?)_fuzzer') - - -def get_fuzzer_tags(fuzzer_name): - """Extract tags (are used to filter samples) from the given fuzzer name.""" - tags = [] - fuzzer_name = fuzzer_name.lower() - # All subtitle samples are in 'sub' directory, need to add 'sub' tag manually. - if 'subtitle' in fuzzer_name: - tags.append('sub') - m = CODEC_NAME_REGEXP.search(fuzzer_name) - if m: - codec_name = m.group(1) - # Some names are complex, need to split them and filter common strings. - codec_name_parts = codec_name.split('_') - for codec in codec_name_parts: - # Remove common strings from codec names like 'mpeg1video' or 'msvideo1'. - codec = codec.split('video')[0] - codec = codec.split('audio')[0] - codec = codec.split('subtitle')[0] - codec = codec.split('text')[0] - if codec: - # Some codec names have trailing characters: 'VP6F','FLV1', 'JPEGLS'. - # Use only first 3 characters for long enough codec names. - if len(codec) > 3: - tags.append(codec[:3]) - else: - tags.append(codec) - - return tags - - -def parse_corpus(corpus_directory): - """Recursively list all files in the given directory and ignore checksums.""" - all_corpus_files = [] - for root, dirs, files in os.walk(corpus_directory): - for filename in files: - # Skip checksum files, they are useless in corpus. - if 'md5sum' in filename: - continue - path = os.path.join(root, filename) - all_corpus_files.append(path) - - logging.info('Parsed %d corpus files from %s' % (len(all_corpus_files), - corpus_directory)) - return all_corpus_files - - -def parse_fuzzers(fuzzers_directory): - """Recursively list all fuzzers in the given directory.""" - all_fuzzers = [] - for filename in os.listdir(fuzzers_directory): - # Skip non-ffmpeg and non-fuzzer files in the given directory, - if not filename.startswith('ffmpeg_') or not filename.endswith('_fuzzer'): - continue - fuzzer_path = os.path.join(fuzzers_directory, filename) - all_fuzzers.append(fuzzer_path) - - logging.info('Parsed %d fuzzers from %s' % (len(all_fuzzers), - fuzzers_directory)) - return all_fuzzers - - -def zip_relevant_corpus(corpus_files, fuzzers): - """Find relevant corpus files and archive them for every fuzzer given.""" - for fuzzer in fuzzers: - fuzzer_name = os.path.basename(fuzzer) - fuzzer_directory = os.path.dirname(fuzzer) - fuzzer_tags = get_fuzzer_tags(fuzzer_name) - relevant_corpus_files = set() - for filename in corpus_files: - # Remove 'ffmpeg' substring to do not use everything for 'MPEG' codec. - sanitized_filename = filename.replace('ffmpeg', '').lower() - for tag in fuzzer_tags: - if tag in sanitized_filename: - relevant_corpus_files.add(filename) - - if not relevant_corpus_files: - # Strip last symbol from tags if we haven't found relevant corpus. - # It helps for such codecs as 'RV40' ('RV4' -> 'RV') or 'PCX' (-> 'PC'). - for tag in fuzzer_tags: - if tag[:-1] in sanitized_filename: - relevant_corpus_files.add(filename) - - logging.info( - 'Found %d relevant samples for %s' % (len(relevant_corpus_files), - fuzzer_name)) - - if not relevant_corpus_files: - continue - - zip_archive_name = fuzzer + "_seed_corpus.zip" - with zipfile.ZipFile(zip_archive_name, 'w') as archive: - for filename in relevant_corpus_files: - archive.write(filename) - - -def main(): - if len(sys.argv) < 3: - print('Usage: %s ' % __file__) - sys.exit(1) - - seed_corpus_directory = sys.argv[1] - fuzzers_directory = sys.argv[2] - - corpus_files = parse_corpus(seed_corpus_directory) - fuzzers = parse_fuzzers(fuzzers_directory) - zip_relevant_corpus(corpus_files, fuzzers) - - -if __name__ == '__main__': - sys.exit(main()) diff --git a/targets/ffmpeg/target.yaml b/targets/ffmpeg/target.yaml deleted file mode 100644 index 1a0131c9..00000000 --- a/targets/ffmpeg/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://www.ffmpeg.org/" diff --git a/targets/file/Dockerfile b/targets/file/Dockerfile deleted file mode 100644 index 663f9874..00000000 --- a/targets/file/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER mike.aizatsky@gmail.com -RUN apt-get install -y make autoconf automake libtool shtool -RUN git clone https://github.com/file/file.git -WORKDIR file -COPY build.sh magic_fuzzer.cc $SRC/ diff --git a/targets/file/build.sh b/targets/file/build.sh deleted file mode 100755 index 6a5867a5..00000000 --- a/targets/file/build.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -autoreconf -i -./configure --enable-static -make V=1 all - -$CXX $CXXFLAGS -std=c++11 -Isrc/ \ - $SRC/magic_fuzzer.cc -o $OUT/magic_fuzzer \ - -lfuzzer ./src/.libs/libmagic.a - -cp ./magic/magic.mgc $OUT/ - diff --git a/targets/file/magic_fuzzer.cc b/targets/file/magic_fuzzer.cc deleted file mode 100644 index 1f5b5f09..00000000 --- a/targets/file/magic_fuzzer.cc +++ /dev/null @@ -1,51 +0,0 @@ -// Copyright 2016 Google Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include -#include -#include -#include -#include -#include - -#include - -struct Environment { - Environment(std::string data_dir) { - magic = magic_open(MAGIC_NONE); - std::string magic_path = data_dir + "/magic"; - if (magic_load(magic, magic_path.c_str())) { - fprintf(stderr, "error loading magic file: %s\n", magic_error(magic)); - exit(1); - } - } - - magic_t magic; -}; - -static Environment* env; - -extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) { - char* exe_path = (*argv)[0]; - char* dir = dirname(exe_path); - env = new Environment(dir); - return 0; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - if (size < 1) - return 0; - magic_buffer(env->magic, data, size); - return 0; -} diff --git a/targets/file/target.yaml b/targets/file/target.yaml deleted file mode 100644 index a7ee8e58..00000000 --- a/targets/file/target.yaml +++ /dev/null @@ -1,2 +0,0 @@ -homepage: "http://www.darwinsys.com/file/" -primary_contact: "emaste@freebsd.org" diff --git a/targets/freetype2/Dockerfile b/targets/freetype2/Dockerfile deleted file mode 100644 index d324066d..00000000 --- a/targets/freetype2/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER mike.aizatsky@gmail.com -RUN apt-get install -y make autoconf libtool libarchive-dev - -RUN git clone git://git.sv.nongnu.org/freetype/freetype2.git -WORKDIR freetype2 -COPY build.sh $SRC/ diff --git a/targets/freetype2/build.sh b/targets/freetype2/build.sh deleted file mode 100755 index 710f533d..00000000 --- a/targets/freetype2/build.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -eux -# -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -./autogen.sh -./configure -make -j$(nproc) clean all - -$CXX $CXXFLAGS -std=c++11 \ - -I./include -I. \ - ./src/tools/ftfuzzer/ftfuzzer.cc -o $OUT/ftfuzzer \ - ./objs/*.o -lfuzzer \ - /usr/lib/x86_64-linux-gnu/libarchive.a \ - ./objs/.libs/libfreetype.a diff --git a/targets/freetype2/target.yaml b/targets/freetype2/target.yaml deleted file mode 100644 index 46400ddf..00000000 --- a/targets/freetype2/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://www.freetype.org/" diff --git a/targets/harfbuzz/Dockerfile b/targets/harfbuzz/Dockerfile deleted file mode 100644 index 19bbb9d9..00000000 --- a/targets/harfbuzz/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER mmoroz@chromium.org -RUN apt-get install -y make autoconf automake libtool ragel pkg-config - -RUN git clone https://anongit.freedesktop.org/git/harfbuzz.git -WORKDIR harfbuzz -COPY build.sh harfbuzz_fuzzer.cc $SRC/ diff --git a/targets/harfbuzz/build.sh b/targets/harfbuzz/build.sh deleted file mode 100755 index 463234a0..00000000 --- a/targets/harfbuzz/build.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Build the library. -./autogen.sh -./configure -make -j$(nproc) clean all - -$CXX $CXXFLAGS -std=c++11 -Isrc \ - $SRC/harfbuzz_fuzzer.cc -o $OUT/harfbuzz_fuzzer \ - -lfuzzer src/.libs/*.o src/hb-ucdn/.libs/*.o diff --git a/targets/harfbuzz/harfbuzz_fuzzer.cc b/targets/harfbuzz/harfbuzz_fuzzer.cc deleted file mode 100644 index 771c9b2c..00000000 --- a/targets/harfbuzz/harfbuzz_fuzzer.cc +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include -#include - -#include -#include - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - const char* dataPtr = reinterpret_cast(data); - hb_blob_t* blob = hb_blob_create(dataPtr, size, HB_MEMORY_MODE_READONLY, NULL, - NULL); - hb_face_t* face = hb_face_create(blob, 0); - hb_font_t* font = hb_font_create(face); - hb_ot_font_set_funcs(font); - hb_font_set_scale(font, 12, 12); - - { - const char text[] = "ABCDEXYZ123@_%&)*$!"; - hb_buffer_t* buffer = hb_buffer_create(); - hb_buffer_add_utf8(buffer, text, -1, 0, -1); - hb_buffer_guess_segment_properties(buffer); - hb_shape(font, buffer, NULL, 0); - hb_buffer_destroy(buffer); - } - - uint32_t text32[16] = { 0 }; - if (size > sizeof(text32)) { - memcpy(text32, data + size - sizeof(text32), sizeof(text32)); - hb_buffer_t* buffer = hb_buffer_create(); - size_t text32len = sizeof(text32) / sizeof(text32[0]); - hb_buffer_add_utf32(buffer, text32, text32len, 0, -1); - hb_buffer_guess_segment_properties(buffer); - hb_shape(font, buffer, NULL, 0); - hb_buffer_destroy(buffer); - } - - hb_font_destroy(font); - hb_face_destroy(face); - hb_blob_destroy(blob); - return 0; -} diff --git a/targets/harfbuzz/target.yaml b/targets/harfbuzz/target.yaml deleted file mode 100644 index 6af32a01..00000000 --- a/targets/harfbuzz/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "http://www.harfbuzz.org/" diff --git a/targets/icu/Dockerfile b/targets/icu/Dockerfile deleted file mode 100644 index e420bc5b..00000000 --- a/targets/icu/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER mike.aizatsky@gmail.com -RUN apt-get install -y make - -RUN svn co http://source.icu-project.org/repos/icu/trunk/icu4c/ icu -COPY build.sh *.cc *.h *.dict *.options $SRC/ diff --git a/targets/icu/break_iterator_fuzzer.cc b/targets/icu/break_iterator_fuzzer.cc deleted file mode 100644 index 143a74da..00000000 --- a/targets/icu/break_iterator_fuzzer.cc +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include -#include -#include "fuzzer_utils.h" -#include "unicode/brkiter.h" - -IcuEnvironment* env = new IcuEnvironment(); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - UErrorCode status = U_ZERO_ERROR; - icu::UnicodeString str(UnicodeStringFromUtf8(data, size)); - - auto rng = CreateRng(data, size); - const icu::Locale& locale = GetRandomLocale(&rng); - - std::unique_ptr bi; - - switch (rng() % 5) { - case 0: - bi.reset(icu::BreakIterator::createWordInstance(locale, status)); - break; - case 1: - bi.reset(icu::BreakIterator::createLineInstance(locale, status)); - break; - case 2: - bi.reset(icu::BreakIterator::createCharacterInstance(locale, status)); - break; - case 3: - bi.reset(icu::BreakIterator::createSentenceInstance(locale, status)); - break; - case 4: - bi.reset(icu::BreakIterator::createTitleInstance(locale, status)); - break; - } - if (U_FAILURE(status)) return 0; - - for (int32_t p = bi->first(); p != icu::BreakIterator::DONE; p = bi->next()) - if (U_FAILURE(status)) return 0; - - return 0; -} - diff --git a/targets/icu/break_iterator_utf32_fuzzer.cc b/targets/icu/break_iterator_utf32_fuzzer.cc deleted file mode 100644 index 544e5f6d..00000000 --- a/targets/icu/break_iterator_utf32_fuzzer.cc +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include -#include -#include "fuzzer_utils.h" -#include "unicode/brkiter.h" - -IcuEnvironment* env = new IcuEnvironment(); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - UErrorCode status = U_ZERO_ERROR; - icu::UnicodeString str(UnicodeStringFromUtf32(data, size)); - - auto rng = CreateRng(data, size); - const icu::Locale& locale = GetRandomLocale(&rng); - - std::unique_ptr bi; - - switch (rng() % 5) { - case 0: - bi.reset(icu::BreakIterator::createWordInstance(locale, status)); - break; - case 1: - bi.reset(icu::BreakIterator::createLineInstance(locale, status)); - break; - case 2: - bi.reset(icu::BreakIterator::createCharacterInstance(locale, status)); - break; - case 3: - bi.reset(icu::BreakIterator::createSentenceInstance(locale, status)); - break; - case 4: - bi.reset(icu::BreakIterator::createTitleInstance(locale, status)); - break; - } - if (U_FAILURE(status)) - return 0; - - for (int32_t p = bi->first(); p != icu::BreakIterator::DONE; p = bi->next()) - if (U_FAILURE(status)) - return 0; - - return 0; -} diff --git a/targets/icu/build.sh b/targets/icu/build.sh deleted file mode 100755 index 9cca5484..00000000 --- a/targets/icu/build.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -eux -# -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -mkdir $WORK/icu -cd $WORK/icu - -# TODO: icu build failes without -DU_USE_STRTOD_L=0 -DEFINES="-DU_CHARSET_IS_UTF8=1 -DU_USING_ICU_NAMESPACE=0 -DU_ENABLE_DYLOAD=0 -DU_USE_STRTOD_L=0" -CFLAGS="$CFLAGS $DEFINES" -CXXFLAGS="$CXXFLAGS $DEFINES" - -CFLAGS=$CFLAGS CXXFLAGS=$CXXFLAGS CC=$CC CXX=$CXX \ - /bin/bash $SRC/icu/source/runConfigureICU Linux \ - --with-library-bits=64 --with-data-packaging=static --enable-static --disable-shared - -make -j$(nproc) - -FUZZERS="break_iterator_fuzzer \ - break_iterator_utf32_fuzzer \ - converter_fuzzer \ - number_format_fuzzer \ - ucasemap_fuzzer \ - unicode_string_codepage_create_fuzzer \ - uregex_open_fuzzer - " -for fuzzer in $FUZZERS; do - $CXX $CXXFLAGS -std=c++11 \ - $SRC/$fuzzer.cc -o $OUT/$fuzzer \ - -I$SRC/icu/source/common -I$SRC/icu/source/i18n -L$WORK/icu/lib \ - -lfuzzer -licui18n -licuuc -licutu -licudata -done - -cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/targets/icu/converter_fuzzer.cc b/targets/icu/converter_fuzzer.cc deleted file mode 100644 index cfbdebf6..00000000 --- a/targets/icu/converter_fuzzer.cc +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include -#include -#include -#include - -#include "fuzzer_utils.h" -#include "unicode/unistr.h" -#include "unicode/ucnv.h" - -IcuEnvironment* env = new IcuEnvironment(); - -template -using deleted_unique_ptr = std::unique_ptr>; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - UErrorCode status = U_ZERO_ERROR; - auto rng = CreateRng(data, size); - icu::UnicodeString str(UnicodeStringFromUtf8(data, size)); - - const char* converter_name = - ucnv_getAvailableName(rng() % ucnv_countAvailable()); - - deleted_unique_ptr converter(ucnv_open(converter_name, &status), - &ucnv_close); - - if (U_FAILURE(status)) - return 0; - - static const size_t dest_buffer_size = 1024 * 1204; - static const std::unique_ptr dest_buffer(new char[dest_buffer_size]); - - str.extract(dest_buffer.get(), dest_buffer_size, converter.get(), status); - - if (U_FAILURE(status)) - return 0; - - return 0; -} diff --git a/targets/icu/fuzzer_utils.h b/targets/icu/fuzzer_utils.h deleted file mode 100644 index d879bc39..00000000 --- a/targets/icu/fuzzer_utils.h +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef FUZZER_UTILS_H_ -#define FUZZER_UTILS_H_ - -#include -#include -#include - -#include "unicode/locid.h" -#include "unicode/uchar.h" - -struct IcuEnvironment { - IcuEnvironment() { - // nothing to initialize yet; - } -}; - -// Create RNG and seed it from data. -std::mt19937_64 CreateRng(const uint8_t* data, size_t size) { - std::mt19937_64 rng; - std::string str = std::string(reinterpret_cast(data), size); - std::size_t data_hash = std::hash()(str); - rng.seed(data_hash); - return rng; -} - -const icu::Locale& GetRandomLocale(std::mt19937_64* rng) { - int32_t num_locales = 0; - const icu::Locale* locales = icu::Locale::getAvailableLocales(num_locales); - assert(num_locales > 0); - return locales[(*rng)() % num_locales]; -} - -icu::UnicodeString UnicodeStringFromUtf8(const uint8_t* data, size_t size) { - return icu::UnicodeString::fromUTF8( - icu::StringPiece(reinterpret_cast(data), size)); -} - -icu::UnicodeString UnicodeStringFromUtf32(const uint8_t* data, size_t size) { - std::vector uchars; - uchars.resize(size * sizeof(uint8_t) / (sizeof(UChar32))); - memcpy(uchars.data(), data, uchars.size() * sizeof(UChar32)); - for (size_t i = 0; i < uchars.size(); ++i) { - uchars[i] = std::min(uchars[i], UCHAR_MAX_VALUE); - } - - return icu::UnicodeString::fromUTF32(uchars.data(), uchars.size()); -} - -#endif // FUZZER_UTILS_H_ diff --git a/targets/icu/number_format_fuzzer.cc b/targets/icu/number_format_fuzzer.cc deleted file mode 100644 index 88df77b7..00000000 --- a/targets/icu/number_format_fuzzer.cc +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -// Fuzzer for NumberFormat::parse. - -#include -#include -#include -#include "fuzzer_utils.h" -#include "unicode/numfmt.h" - -IcuEnvironment* env = new IcuEnvironment(); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - UErrorCode status = U_ZERO_ERROR; - - auto rng = CreateRng(data, size); - const icu::Locale& locale = GetRandomLocale(&rng); - - std::unique_ptr fmt( - icu::NumberFormat::createInstance(locale, status)); - if (U_FAILURE(status)) return 0; - - icu::UnicodeString str(UnicodeStringFromUtf8(data, size)); - icu::Formattable result; - fmt->parse(str, result, status); - - return 0; -} diff --git a/targets/icu/regex.dict b/targets/icu/regex.dict deleted file mode 100644 index b0456e6d..00000000 --- a/targets/icu/regex.dict +++ /dev/null @@ -1,103 +0,0 @@ -# Copyright 2016 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -"\\a" -"\\A" -"\\b" -"\\B" -"\\cX" -"\\cC" -"\\cZ" -"\\d" -"\\D" -"\\e" -"\\u001B" -"\\E" -"\\f" -"\\u000C" -"\\G" -"\\h" -"\\u0009" -"\\H" -"\\k" -"\\n" -"\\N" -"\\p" -"\\P" -"{" -"}" -"\\Q" -"\\r" -"\\u000D" -"\\R" -"\\u000a" -"\\u000b" -"\\u000c" -"\\u000d" -"\\u0085" -"\\u2028" -"\\u2029" -"\\s" -"[\\t\\n\\f\\r\\p{Z}]" -"\\S" -"\\t" -"\\u0009" -"\\u" -"\\uf0ff" -"\\U" -"\\U0010ffff." -"\\v" -"\\V" -"\\w" -"\\W" -"\\x" -"\\xhh" -"\\X" -"\\Z" -"\\z" -"\\n" -"\\0" -"\\0ooo" -"." -"^" -"$" -"\\" -"|" -"*" -"+" -"?" -"," -"*?" -"+?" -"??" -"*+" -"++" -"?+" -"(" -"(?:" -"(?>" -"(?#" -"(?=" -"(?!" -"(?<=" -"(? -#include -#include -#include "fuzzer_utils.h" -#include "unicode/ucasemap.h" - -IcuEnvironment* env = new IcuEnvironment(); - -template -using deleted_unique_ptr = std::unique_ptr>; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - UErrorCode status = U_ZERO_ERROR; - - auto rng = CreateRng(data, size); - const icu::Locale& locale = GetRandomLocale(&rng); - uint32_t open_flags = static_cast(rng()); - - deleted_unique_ptr csm( - ucasemap_open(locale.getName(), open_flags, &status), - [](UCaseMap* map) { ucasemap_close(map); }); - - if (U_FAILURE(status)) - return 0; - - int32_t dst_size = size * 2; - std::unique_ptr dst(new char[dst_size]); - auto src = reinterpret_cast(data); - - switch (rng() % 4) { - case 0: ucasemap_utf8ToLower(csm.get(), dst.get(), dst_size, src, size, - &status); - break; - case 1: ucasemap_utf8ToUpper(csm.get(), dst.get(), dst_size, src, size, - &status); - break; - case 2: ucasemap_utf8ToTitle(csm.get(), dst.get(), dst_size, src, size, - &status); - break; - case 3: ucasemap_utf8FoldCase(csm.get(), dst.get(), dst_size, src, size, - &status); - break; - } - - return 0; -} - diff --git a/targets/icu/unicode_string_codepage_create_fuzzer.cc b/targets/icu/unicode_string_codepage_create_fuzzer.cc deleted file mode 100644 index bb0489ca..00000000 --- a/targets/icu/unicode_string_codepage_create_fuzzer.cc +++ /dev/null @@ -1,73 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include -#include -#include - -#include "fuzzer_utils.h" -#include "unicode/unistr.h" - -// Taken from third_party/icu/source/data/mappings/convrtrs.txt file. -static const std::array kConverters = { - { - "UTF-8", - "utf-16be", - "utf-16le", - "UTF-32", - "UTF-32BE", - "UTF-32LE", - "ibm866-html", - "iso-8859-2-html", - "iso-8859-3-html", - "iso-8859-4-html", - "iso-8859-5-html", - "iso-8859-6-html", - "iso-8859-7-html", - "iso-8859-8-html", - "ISO-8859-8-I", - "iso-8859-10-html", - "iso-8859-13-html", - "iso-8859-14-html", - "iso-8859-15-html", - "iso-8859-16-html", - "koi8-r-html", - "koi8-u-html", - "macintosh-html", - "windows-874-html", - "windows-1250-html", - "windows-1251-html", - "windows-1252-html", - "windows-1253-html", - "windows-1254-html", - "windows-1255-html", - "windows-1256-html", - "windows-1257-html", - "windows-1258-html", - "x-mac-cyrillic-html", - "windows-936-2000", - "gb18030", - "big5-html", - "euc-jp-html", - "ISO_2022,locale=ja,version=0", - "shift_jis-html", - "euc-kr-html", - "ISO-2022-KR", - "ISO-2022-CN", - "ISO-2022-CN-EXT", - "HZ-GB-2312" - } -}; - -IcuEnvironment* env = new IcuEnvironment(); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - auto rng = CreateRng(data, size); - icu::UnicodeString str(reinterpret_cast(data), size, - kConverters[rng() % kConverters.size()]); - return 0; -} diff --git a/targets/icu/uregex_open_fuzzer.cc b/targets/icu/uregex_open_fuzzer.cc deleted file mode 100644 index 7e2744c6..00000000 --- a/targets/icu/uregex_open_fuzzer.cc +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "fuzzer_utils.h" -#include "unicode/regex.h" - -IcuEnvironment* env = new IcuEnvironment(); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - UParseError pe = { 0 }; - UErrorCode status = U_ZERO_ERROR; - URegularExpression* re = uregex_open(reinterpret_cast(data), - static_cast(size) / sizeof(UChar), - 0, &pe, &status); - if (re) - uregex_close(re); - - return 0; -} diff --git a/targets/icu/uregex_open_fuzzer.options b/targets/icu/uregex_open_fuzzer.options deleted file mode 100644 index 0e5d596d..00000000 --- a/targets/icu/uregex_open_fuzzer.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -dict = regex.dict diff --git a/targets/json/Dockerfile b/targets/json/Dockerfile deleted file mode 100644 index 3d5c6c1a..00000000 --- a/targets/json/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER vitalybuka@gmail.com -RUN apt-get install -y binutils gcc - -RUN git clone https://github.com/nlohmann/json.git -WORKDIR json/ -COPY build.sh parse_fuzzer.* $SRC/ diff --git a/targets/json/build.sh b/targets/json/build.sh deleted file mode 100755 index 304b7320..00000000 --- a/targets/json/build.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -$CXX $CXXFLAGS -std=c++11 -Isrc/ \ - $SRC/parse_fuzzer.cc -o $OUT/parse_fuzzer \ - -lfuzzer - -cp $SRC/*.options $OUT/ diff --git a/targets/json/parse_fuzzer.cc b/targets/json/parse_fuzzer.cc deleted file mode 100644 index bb8b3d37..00000000 --- a/targets/json/parse_fuzzer.cc +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright 2016 Google Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include -#include -#include - -using json = nlohmann::json; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - try { - std::stringstream s; - s << json::parse(data, data + size); - try { - auto j = json::parse(s.str()); - std::stringstream s2; - s2 << j; - assert(s.str() == s2.str()); - assert(j == json::parse(s.str())); - } catch (const std::invalid_argument&) { - assert(0); - } - } catch (const std::invalid_argument&) { } - return 0; -} diff --git a/targets/json/parse_fuzzer.options b/targets/json/parse_fuzzer.options deleted file mode 100644 index 393dd174..00000000 --- a/targets/json/parse_fuzzer.options +++ /dev/null @@ -1,3 +0,0 @@ -[libfuzzer] -max_len = 456 -timeout = 10 diff --git a/targets/json/target.yaml b/targets/json/target.yaml deleted file mode 100644 index e5c6f8c3..00000000 --- a/targets/json/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://github.com/nlohmann/json" diff --git a/targets/lcms/Dockerfile b/targets/lcms/Dockerfile deleted file mode 100644 index 85d94ee5..00000000 --- a/targets/lcms/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER kcwu@google.com -RUN apt-get install -y make autoconf automake libtool -RUN git clone https://github.com/mm2/Little-CMS.git lcms -WORKDIR lcms -COPY build.sh cmsIT8_load_fuzzer.* cms_transform_fuzzer.* icc.dict $SRC/ diff --git a/targets/lcms/build.sh b/targets/lcms/build.sh deleted file mode 100755 index 6591267b..00000000 --- a/targets/lcms/build.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# build the target. -./configure -make -j$(nproc) all - -# build your fuzzer(s) -FUZZERS="cmsIT8_load_fuzzer cms_transform_fuzzer" -for F in $FUZZERS; do - $CC $CFLAGS -c -Iinclude \ - $SRC/$F.c -o $SRC/$F.o - $CXX $CXXFLAGS \ - $SRC/$F.o -o $OUT/$F \ - -lfuzzer src/.libs/liblcms2.a -done - -cp $SRC/icc.dict $SRC/*.options $OUT/ diff --git a/targets/lcms/cmsIT8_load_fuzzer.c b/targets/lcms/cmsIT8_load_fuzzer.c deleted file mode 100644 index b336eaff..00000000 --- a/targets/lcms/cmsIT8_load_fuzzer.c +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright 2016 Google Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -#include - -#include "lcms2.h" - -// The main sink -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - if (size == 0) - return 0; - - cmsHANDLE handle = cmsIT8LoadFromMem(0, (void *)data, size); - if (handle) - cmsIT8Free(handle); - - return 0; -} diff --git a/targets/lcms/cmsIT8_load_fuzzer.options b/targets/lcms/cmsIT8_load_fuzzer.options deleted file mode 100644 index beabdc2b..00000000 --- a/targets/lcms/cmsIT8_load_fuzzer.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -dict = icc.dict diff --git a/targets/lcms/cms_transform_fuzzer.c b/targets/lcms/cms_transform_fuzzer.c deleted file mode 100644 index 6653f61d..00000000 --- a/targets/lcms/cms_transform_fuzzer.c +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -#include - -#include "lcms2.h" - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - cmsHPROFILE srcProfile = cmsOpenProfileFromMem(data, size); - if (!srcProfile) return 0; - - cmsHPROFILE dstProfile = cmsCreate_sRGBProfile(); - if (!dstProfile) { - cmsCloseProfile(srcProfile); - return 0; - } - - cmsColorSpaceSignature srcCS = cmsGetColorSpace(srcProfile); - cmsUInt32Number nSrcComponents = cmsChannelsOf(srcCS); - cmsUInt32Number srcFormat; - if (srcCS == cmsSigLabData) { - srcFormat = - COLORSPACE_SH(PT_Lab) | CHANNELS_SH(nSrcComponents) | BYTES_SH(0); - } else { - srcFormat = - COLORSPACE_SH(PT_ANY) | CHANNELS_SH(nSrcComponents) | BYTES_SH(1); - } - - cmsUInt32Number intent = 0; - cmsUInt32Number flags = 0; - cmsHTRANSFORM hTransform = cmsCreateTransform( - srcProfile, srcFormat, dstProfile, TYPE_BGR_8, intent, flags); - cmsCloseProfile(srcProfile); - cmsCloseProfile(dstProfile); - if (!hTransform) return 0; - - uint8_t output[4]; - if (T_BYTES(srcFormat) == 0) { // 0 means double - double input[nSrcComponents]; - for (uint32_t i = 0; i < nSrcComponents; i++) input[i] = 0.5f; - cmsDoTransform(hTransform, input, output, 1); - } else { - uint8_t input[nSrcComponents]; - for (uint32_t i = 0; i < nSrcComponents; i++) input[i] = 128; - cmsDoTransform(hTransform, input, output, 1); - } - cmsDeleteTransform(hTransform); - - return 0; -} diff --git a/targets/lcms/cms_transform_fuzzer.options b/targets/lcms/cms_transform_fuzzer.options deleted file mode 100644 index beabdc2b..00000000 --- a/targets/lcms/cms_transform_fuzzer.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -dict = icc.dict diff --git a/targets/lcms/icc.dict b/targets/lcms/icc.dict deleted file mode 100644 index f21711ce..00000000 --- a/targets/lcms/icc.dict +++ /dev/null @@ -1,251 +0,0 @@ -# Fuzzing dictionary for icc -# Extracted from lcms2.h of Little-CMS project 2.8. - -magic="acsp" -sig="lcms" - -# Base ICC type definitions -"chrm" -"clro" -"clrt" -"crdi" -"curv" -"data" -"dict" -"dtim" -"devs" -"mft2" -"mft1" -"mAB " -"mBA " -"meas" -"mluc" -"mpet" -"ncol" -"ncl2" -"para" -"pseq" -"psid" -"rcs2" -"sf32" -"scrn" -"sig " -"text" -"desc" -"uf32" -"bfd " -"ui16" -"ui32" -"ui64" -"ui08" -"vcgt" -"view" -"XYZ " - -# Base ICC tag definitions -"A2B0" -"A2B1" -"A2B2" -"bXYZ" -"bXYZ" -"bTRC" -"B2A0" -"B2A1" -"B2A2" -"calt" -"targ" -"chad" -"chrm" -"clro" -"clrt" -"clot" -"ciis" -"cprt" -"crdi" -"data" -"dtim" -"dmnd" -"dmdd" -"devs" -"D2B0" -"D2B1" -"D2B2" -"D2B3" -"B2D0" -"B2D1" -"B2D2" -"B2D3" -"gamt" -"kTRC" -"gXYZ" -"gXYZ" -"gTRC" -"lumi" -"meas" -"bkpt" -"wtpt" -"ncol" -"ncl2" -"resp" -"rig0" -"pre0" -"pre1" -"pre2" -"desc" -"dscm" -"pseq" -"psid" -"psd0" -"psd1" -"psd2" -"psd3" -"ps2s" -"ps2i" -"rXYZ" -"rXYZ" -"rTRC" -"rig2" -"scrd" -"scrn" -"tech" -"bfd " -"vued" -"view" -"vcgt" -"meta" -"arts" - -# ICC Technology tag -"dcam" -"fscn" -"rscn" -"ijet" -"twax" -"epho" -"esta" -"dsub" -"rpho" -"fprn" -"vidm" -"vidc" -"pjtv" -"CRT " -"PMD " -"AMD " -"KPCD" -"imgs" -"grav" -"offs" -"silk" -"flex" -"mpfs" -"mpfr" -"dmpc" -"dcpj" - -# ICC Color spaces -"XYZ " -"Lab " -"Luv " -"YCbr" -"Yxy " -"RGB " -"GRAY" -"HSV " -"HLS " -"CMYK" -"CMY " -"MCH1" -"MCH2" -"MCH3" -"MCH4" -"MCH5" -"MCH6" -"MCH7" -"MCH8" -"MCH9" -"MCHA" -"MCHB" -"MCHC" -"MCHD" -"MCHE" -"MCHF" -"nmcl" -"1CLR" -"2CLR" -"3CLR" -"4CLR" -"5CLR" -"6CLR" -"7CLR" -"8CLR" -"9CLR" -"ACLR" -"BCLR" -"CCLR" -"DCLR" -"ECLR" -"FCLR" -"LuvK" - -# ICC Profile Class -"scnr" -"mntr" -"prtr" -"link" -"abst" -"spac" -"nmcl" - -# ICC Platforms -"APPL" -"MSFT" -"SUNW" -"SGI " -"TGNT" -"*nix" - -# Reference gamut -"prmg" - -# For cmsSigColorimetricIntentImageStateTag -"scoe" -"sape" -"fpce" -"rhoc" -"rpoc" - -# Multi process elements types -"cvst" -"matf" -"clut" -"bACS" -"eACS" -"l2x " -"x2l " -"ncl " -"2 4 " -"4 2 " -"idn " -"d2l " -"l2d " -"d2x " -"x2d " -"clp " - -# Types of CurveElements -"parf" -"samf" -"curf" - -# Used in ResponseCurveType -"StaA" -"StaE" -"StaI" -"StaT" -"StaM" -"DN " -"DN P" -"DNN " -"DNNP" - diff --git a/targets/lcms/target.yaml b/targets/lcms/target.yaml deleted file mode 100644 index a30635b3..00000000 --- a/targets/lcms/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://github.com/mm2/Little-CMS" diff --git a/targets/libarchive/Dockerfile b/targets/libarchive/Dockerfile deleted file mode 100644 index d10fa0fd..00000000 --- a/targets/libarchive/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER kcwu@google.com - -# Installing optional libraries can utilize more code path and/or improve -# performance (avoid calling external programs). -RUN apt-get install -y make autoconf automake libtool pkg-config \ - libbz2-dev liblzo2-dev liblzma-dev liblz4-dev libz-dev \ - libxml2-dev libssl-dev -RUN git clone https://github.com/libarchive/libarchive.git -WORKDIR libarchive -COPY build.sh libarchive_fuzzer.cc $SRC/ diff --git a/targets/libarchive/build.sh b/targets/libarchive/build.sh deleted file mode 100755 index 275fd68a..00000000 --- a/targets/libarchive/build.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# build the target. -./build/autogen.sh -./configure -make -j$(nproc) all - -# build your fuzzer(s) -$CXX $CXXFLAGS -Ilibarchive \ - $SRC/libarchive_fuzzer.cc -o $OUT/libarchive_fuzzer \ - -lfuzzer .libs/libarchive.a \ - -Wl,-Bstatic -lbz2 -llzo2 -lxml2 -llzma -lz -lcrypto -llz4 -licuuc \ - -licudata -Wl,-Bdynamic diff --git a/targets/libarchive/libarchive_fuzzer.cc b/targets/libarchive/libarchive_fuzzer.cc deleted file mode 100644 index fb6fb5a5..00000000 --- a/targets/libarchive/libarchive_fuzzer.cc +++ /dev/null @@ -1,54 +0,0 @@ -// Copyright 2016 Google Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// -#include -#include -#include - -#include "archive.h" - -struct Buffer { - const uint8_t *buf; - size_t len; -}; - -ssize_t reader_callback(struct archive *a, void *client_data, - const void **block) { - Buffer *buffer = reinterpret_cast(client_data); - *block = buffer->buf; - ssize_t len = buffer->len; - buffer->len = 0; - return len; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { - struct archive *a = archive_read_new(); - - archive_read_support_filter_all(a); - archive_read_support_format_all(a); - - Buffer buffer = {buf, len}; - archive_read_open(a, &buffer, NULL, reader_callback, NULL); - - std::vector data_buffer(getpagesize(), 0); - struct archive_entry *entry; - while (archive_read_next_header(a, &entry) == ARCHIVE_OK) { - while (archive_read_data(a, data_buffer.data(), data_buffer.size()) > 0) - ; - } - - archive_read_free(a); - return 0; -} diff --git a/targets/libarchive/target.yaml b/targets/libarchive/target.yaml deleted file mode 100644 index 7b0161ba..00000000 --- a/targets/libarchive/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://github.com/libarchive/libarchive" diff --git a/targets/libass/Dockerfile b/targets/libass/Dockerfile deleted file mode 100644 index 1fd7c92e..00000000 --- a/targets/libass/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER eugeni.stepanov@gmail.com -RUN apt-get install -y make autoconf automake libtool pkg-config libfreetype6-dev libfontconfig1-dev - -RUN git clone https://github.com/libass/libass.git -RUN git clone https://github.com/behdad/fribidi.git - -COPY build.sh libass_fuzzer.cc *.dict *.options $SRC/ diff --git a/targets/libass/ass.dict b/targets/libass/ass.dict deleted file mode 100644 index aa4f9b43..00000000 --- a/targets/libass/ass.dict +++ /dev/null @@ -1,112 +0,0 @@ -"0x" -"\\1a" -"\\2a" -"\\2c" -"\\3a" -"\\3c" -"\\4a" -"\\4c" -"\\a" -"\\alpha" -"\\an" -"Arial" -"\\b" -"Banner;" -"\\be" -"\\blur" -"\\bord" -"\\c" -"CFF" -"CID Type 1" -"\\clip" -"clip" -"Courier" -"Courier New" -"Default" -"Dialogue:" -"[Events]" -"\\fade" -"\\fax" -"\\fay" -"\\fe" -"\\fn" -"fontname:" -"[Fonts]" -"Format:" -"\\frx" -"\\fry" -"\\frz" -"\\fs" -"\\fsc" -"\\fscx" -"\\fscy" -"\\fsp" -"&h" -"Helvetica" -"\\i" -"\\iclip" -"iclip" -"\\k" -"Kerning:" -"Kerning" -"\\kf" -"\\ko" -"Language:" -"monospace" -"\\move" -"move" -"none" -"\\org" -"org" -"OverrideStyle" -"\\p" -"p" -"\\pbo" -"pbo" -"pc.240m" -"pc.601" -"pc.709" -"pc.fcc" -"PlayResX:" -"PlayResX" -"PlayResY:" -"PlayResY" -"\\pos" -"pos" -"\\q" -"\\r" -"\\s" -"sans-serif" -"ScaledBorderAndShadow:" -"ScaledBorderAndShadow" -"[Script Info]" -"Scroll down;" -"Scroll up;" -"serif" -"\\shad" -"Style:" -"\\t" -"Text" -"Timer:" -"Timer" -"Times" -"Times New Roman" -"tv.240m" -"tv.601" -"tv.709" -"tv.fcc" -"Type 1" -"Type 42" -"\\u" -"UTF-8" -"[V4 Styles]" -"[V4+ Styles]" -"WrapStyle:" -"WrapStyle" -"\\xbord" -"\\xshad" -"\\ybord" -"YCbCr Matrix:" -"YCbCr Matrix" -"yes" -"\\yshad" diff --git a/targets/libass/build.sh b/targets/libass/build.sh deleted file mode 100755 index 07db7d05..00000000 --- a/targets/libass/build.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -eux -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cd $SRC/fribidi -./bootstrap -./configure --enable-static=yes --enable-shared=no --with-pic=yes -# Don't run "make": it's broken. Run "make install". -make install - -cd $SRC/libass - -./autogen.sh -./configure --disable-asm -make -j$(nproc) - -$CXX $CXXFLAGS -std=c++11 -I$SRC/libass \ - $SRC/libass_fuzzer.cc -o $OUT/libass_fuzzer \ - -lfuzzer libass/.libs/libass.a \ - -Wl,-Bstatic -lfontconfig -lfribidi -lfreetype -lz -lpng12 \ - -lexpat -Wl,-Bdynamic - -cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/targets/libass/libass_fuzzer.cc b/targets/libass/libass_fuzzer.cc deleted file mode 100644 index 5254faff..00000000 --- a/targets/libass/libass_fuzzer.cc +++ /dev/null @@ -1,49 +0,0 @@ -#include -#include - -#include - -static ASS_Library *ass_library; -static ASS_Renderer *ass_renderer; - -void msg_callback(int level, const char *fmt, va_list va, void *data) { -} - -static const int kFrameWidth = 1280; -static const int kFrameHeight = 720; - -static bool init(int frame_w, int frame_h) { - ass_library = ass_library_init(); - if (!ass_library) { - printf("ass_library_init failed!\n"); - exit(1); - } - - ass_set_message_cb(ass_library, msg_callback, NULL); - - ass_renderer = ass_renderer_init(ass_library); - if (!ass_renderer) { - printf("ass_renderer_init failed!\n"); - exit(1); - } - - ass_set_frame_size(ass_renderer, frame_w, frame_h); - ass_set_fonts(ass_renderer, nullptr, "sans-serif", - ASS_FONTPROVIDER_AUTODETECT, nullptr, 1); - return true; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - static bool initialized = init(kFrameWidth, kFrameHeight); - - ASS_Track *track = ass_read_memory(ass_library, (char *)data, size, nullptr); - if (!track) return 0; - - for (int i = 0; i < track->n_events; ++i) { - ASS_Event &ev = track->events[i]; - long long tm = ev.Start + ev.Duration / 2; - ass_render_frame(ass_renderer, track, tm, nullptr); - } - ass_free_track(track); - return 0; -} diff --git a/targets/libass/libass_fuzzer.options b/targets/libass/libass_fuzzer.options deleted file mode 100644 index 6a3e33bc..00000000 --- a/targets/libass/libass_fuzzer.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -dict = ass.dict diff --git a/targets/libass/target.yaml b/targets/libass/target.yaml deleted file mode 100644 index 6289bce1..00000000 --- a/targets/libass/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://github.com/libass/libass" diff --git a/targets/libchewing/Dockerfile b/targets/libchewing/Dockerfile deleted file mode 100644 index 50fb6939..00000000 --- a/targets/libchewing/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER kcwu@csie.org -RUN apt-get install -y make autoconf automake libtool texinfo - -RUN git clone https://github.com/chewing/libchewing.git -WORKDIR libchewing -COPY build.sh chewing_fuzzer_common.[ch] chewing_*_fuzzer.c $SRC/ diff --git a/targets/libchewing/build.sh b/targets/libchewing/build.sh deleted file mode 100755 index 96f295ff..00000000 --- a/targets/libchewing/build.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# build the library. -./autogen.sh -./configure --disable-shared --enable-static --without-sqlite3 -make clean -make -j$(nproc) all - -# build your fuzzer(s) -make -C test CFLAGS="$CFLAGS -Dmain=stress_main -Drand=get_fuzz_input" stress.o - -$CC $CFLAGS -c $SRC/chewing_fuzzer_common.c -o $WORK/chewing_fuzzer_common.o - -for variant in default random_init dynamic_config; do - $CC $CFLAGS -c $SRC/chewing_${variant}_fuzzer.c -o $WORK/chewing_${variant}_fuzzer.o - $CXX $CXXFLAGS \ - -o $OUT/chewing_${variant}_fuzzer \ - $WORK/chewing_${variant}_fuzzer.o $WORK/chewing_fuzzer_common.o \ - test/stress.o test/.libs/libtesthelper.a src/.libs/libchewing.a \ - -lfuzzer -done - -# install data files -make -j$(nproc) -C data pkgdatadir=$OUT install diff --git a/targets/libchewing/chewing_default_fuzzer.c b/targets/libchewing/chewing_default_fuzzer.c deleted file mode 100644 index dd6fc7a8..00000000 --- a/targets/libchewing/chewing_default_fuzzer.c +++ /dev/null @@ -1,15 +0,0 @@ -#include - -#include "chewing_fuzzer_common.h" - -int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - fuzz_input = fuzz_ptr = data; - fuzz_size = size; - - const char* stress_argv[] = { - "./chewing_fuzzer", "-loop", "1", NULL, - }; - stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1, - (char**)stress_argv); - return 0; -} diff --git a/targets/libchewing/chewing_dynamic_config_fuzzer.c b/targets/libchewing/chewing_dynamic_config_fuzzer.c deleted file mode 100644 index 5479c1ee..00000000 --- a/targets/libchewing/chewing_dynamic_config_fuzzer.c +++ /dev/null @@ -1,15 +0,0 @@ -#include - -#include "chewing_fuzzer_common.h" - -int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - fuzz_input = fuzz_ptr = data; - fuzz_size = size; - - const char* stress_argv[] = { - "./chewing_fuzzer", "-loop", "1", "-extra", NULL, - }; - stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1, - (char**)stress_argv); - return 0; -} diff --git a/targets/libchewing/chewing_fuzzer_common.c b/targets/libchewing/chewing_fuzzer_common.c deleted file mode 100644 index de249df6..00000000 --- a/targets/libchewing/chewing_fuzzer_common.c +++ /dev/null @@ -1,26 +0,0 @@ -#include "chewing_fuzzer_common.h" - -#include -#include -#include - -static char userphrase_path[] = "/tmp/chewing_userphrase.db.XXXXXX"; - -int LLVMFuzzerInitialize(int* argc, char*** argv) { - char* exe_path = (*argv)[0]; - char* dir = dirname(exe_path); - // Assume data files are at the same location as executable. - setenv("CHEWING_PATH", dir, 0); - - // Specify user db of this process. So we can run multiple fuzzers at the - // same time. - mktemp(userphrase_path); - setenv("TEST_USERPHRASE_PATH", userphrase_path, 0); - return 0; -} - -int get_fuzz_input() { - if (fuzz_ptr - fuzz_input >= fuzz_size) - return EOF; - return *fuzz_ptr++; -} diff --git a/targets/libchewing/chewing_fuzzer_common.h b/targets/libchewing/chewing_fuzzer_common.h deleted file mode 100644 index 5032d655..00000000 --- a/targets/libchewing/chewing_fuzzer_common.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef CHEWING_FUZZER_COMMON_H -#define CHEWING_FUZZER_COMMON_H - -#include -#include - -const uint8_t* fuzz_ptr; -const uint8_t* fuzz_input; -size_t fuzz_size; - -int stress_main(int argc, char** argv); - -#endif diff --git a/targets/libchewing/chewing_random_init_fuzzer.c b/targets/libchewing/chewing_random_init_fuzzer.c deleted file mode 100644 index e0d755f7..00000000 --- a/targets/libchewing/chewing_random_init_fuzzer.c +++ /dev/null @@ -1,15 +0,0 @@ -#include - -#include "chewing_fuzzer_common.h" - -int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - fuzz_input = fuzz_ptr = data; - fuzz_size = size; - - const char* stress_argv[] = { - "./chewing_fuzzer", "-loop", "1", "-init", NULL, - }; - stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1, - (char**)stress_argv); - return 0; -} diff --git a/targets/libchewing/target.yaml b/targets/libchewing/target.yaml deleted file mode 100644 index ef62bfe3..00000000 --- a/targets/libchewing/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "http://chewing.im/" diff --git a/targets/libjpeg-turbo/Dockerfile b/targets/libjpeg-turbo/Dockerfile deleted file mode 100644 index 94a4c349..00000000 --- a/targets/libjpeg-turbo/Dockerfile +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER alex.gaynor@gmail.com -RUN apt-get install -y make autoconf automake libtool nasm curl -RUN git clone https://github.com/libjpeg-turbo/libjpeg-turbo - -RUN mkdir afl-testcases -RUN curl -o afl-testcases/afl_testcases.tgz http://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz -RUN cd afl-testcases/ && tar -xf afl_testcases.tgz -RUN zip libjpeg_turbo_fuzzer_seed_corpus.zip afl-testcases/jpeg/full/images/* - -WORKDIR libjpeg-turbo -COPY build.sh libjpeg_turbo_fuzzer.cc $SRC/ diff --git a/targets/libjpeg-turbo/build.sh b/targets/libjpeg-turbo/build.sh deleted file mode 100755 index 99213429..00000000 --- a/targets/libjpeg-turbo/build.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -autoreconf -fiv -./configure -make "-j$(nproc)" - -$CXX $CXXFLAGS -std=c++11 -I. \ - $SRC/libjpeg_turbo_fuzzer.cc -o $OUT/libjpeg_turbo_fuzzer \ - -lfuzzer ./.libs/libturbojpeg.a - -cp $SRC/libjpeg_turbo_fuzzer_seed_corpus.zip $OUT/ diff --git a/targets/libjpeg-turbo/libjpeg_turbo_fuzzer.cc b/targets/libjpeg-turbo/libjpeg_turbo_fuzzer.cc deleted file mode 100644 index 1cee173d..00000000 --- a/targets/libjpeg-turbo/libjpeg_turbo_fuzzer.cc +++ /dev/null @@ -1,48 +0,0 @@ -/* -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -*/ - -#include -#include - -#include - -#include - - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - tjhandle jpegDecompressor = tjInitDecompress(); - - int width, height, subsamp, colorspace; - int res = tjDecompressHeader3( - jpegDecompressor, data, size, &width, &height, &subsamp, &colorspace); - - // Bail out if decompressing the headers failed, the width or height is 0, - // or the image is too large (avoids slowing down too much) - if (res != 0 || width == 0 || height == 0 || (width * height > (1024 * 1024))) { - tjDestroy(jpegDecompressor); - return 0; - } - - std::unique_ptr buf(new unsigned char[width * height * 3]); - tjDecompress2( - jpegDecompressor, data, size, buf.get(), width, 0, height, TJPF_RGB, 0); - - tjDestroy(jpegDecompressor); - - return 0; -} diff --git a/targets/libjpeg-turbo/target.yaml b/targets/libjpeg-turbo/target.yaml deleted file mode 100644 index d75b6589..00000000 --- a/targets/libjpeg-turbo/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://github.com/libjpeg-turbo/libjpeg-turbo" diff --git a/targets/libpng/Dockerfile b/targets/libpng/Dockerfile deleted file mode 100644 index 04a73b8a..00000000 --- a/targets/libpng/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER mmoroz@chromium.org -RUN apt-get install -y make autoconf automake libtool zlib1g-dev - -RUN git clone git://git.code.sf.net/p/libpng/code libpng -WORKDIR libpng -COPY build.sh libpng_read_fuzzer.* png.dict $SRC/ diff --git a/targets/libpng/build.sh b/targets/libpng/build.sh deleted file mode 100755 index a5d4760f..00000000 --- a/targets/libpng/build.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Disable logging via library build configuration control. -cat scripts/pnglibconf.dfa | sed -e "s/option STDIO/option STDIO disabled/" \ -> scripts/pnglibconf.dfa.temp -mv scripts/pnglibconf.dfa.temp scripts/pnglibconf.dfa - -# build the library. -autoreconf -f -i -./configure -make -j$(nproc) clean all - -# build libpng_read_fuzzer -$CXX $CXXFLAGS -std=c++11 -I. -lz \ - $SRC/libpng_read_fuzzer.cc -o $OUT/libpng_read_fuzzer \ - -lfuzzer .libs/libpng16.a - -cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/targets/libpng/libpng_read_fuzzer.cc b/targets/libpng/libpng_read_fuzzer.cc deleted file mode 100644 index ca489b09..00000000 --- a/targets/libpng/libpng_read_fuzzer.cc +++ /dev/null @@ -1,123 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include - -#define PNG_INTERNAL -#include "png.h" - -struct BufState { - const uint8_t* data; - size_t bytes_left; -}; - -struct PngObjectHandler { - png_infop info_ptr = nullptr; - png_structp png_ptr = nullptr; - png_voidp row_ptr = nullptr; - BufState* buf_state = nullptr; - - ~PngObjectHandler() { - if (row_ptr && png_ptr) { - png_free(png_ptr, row_ptr); - } - if (png_ptr && info_ptr) { - png_destroy_read_struct(&png_ptr, &info_ptr, nullptr); - } - delete buf_state; - } -}; - -void user_read_data(png_structp png_ptr, png_bytep data, png_size_t length) { - BufState* buf_state = static_cast(png_get_io_ptr(png_ptr)); - if (length > buf_state->bytes_left) { - png_error(png_ptr, "read error"); - } - memcpy(data, buf_state->data, length); - buf_state->bytes_left -= length; - buf_state->data += length; -} - -static const int kPngHeaderSize = 8; - -// Entry point for LibFuzzer. -// Roughly follows the libpng book example: -// http://www.libpng.org/pub/png/book/chapter13.html -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - if (size < kPngHeaderSize) { - return 0; - } - - std::vector v(data, data + size); - if (png_sig_cmp(v.data(), 0, kPngHeaderSize)) { - // not a PNG. - return 0; - } - - PngObjectHandler png_handler; - png_handler.png_ptr = png_create_read_struct - (PNG_LIBPNG_VER_STRING, nullptr, nullptr, nullptr); - if (!png_handler.png_ptr) { - return 0; - } - - png_set_crc_action(png_handler.png_ptr, PNG_CRC_QUIET_USE, PNG_CRC_QUIET_USE); - - png_handler.info_ptr = png_create_info_struct(png_handler.png_ptr); - if (!png_handler.info_ptr) { - return 0; - } - - // Setting up reading from buffer. - png_handler.buf_state = new BufState(); - png_handler.buf_state->data = data + kPngHeaderSize; - png_handler.buf_state->bytes_left = size - kPngHeaderSize; - png_set_read_fn(png_handler.png_ptr, png_handler.buf_state, user_read_data); - png_set_sig_bytes(png_handler.png_ptr, kPngHeaderSize); - - // libpng error handling. - if (setjmp(png_jmpbuf(png_handler.png_ptr))) { - return 0; - } - - // Reading. - png_read_info(png_handler.png_ptr, png_handler.info_ptr); - png_handler.row_ptr = png_malloc( - png_handler.png_ptr, png_get_rowbytes(png_handler.png_ptr, - png_handler.info_ptr)); - - // reset error handler to put png_deleter into scope. - if (setjmp(png_jmpbuf(png_handler.png_ptr))) { - return 0; - } - - png_uint_32 width, height; - int bit_depth, color_type, interlace_type, compression_type; - int filter_type; - - if (!png_get_IHDR(png_handler.png_ptr, png_handler.info_ptr, &width, - &height, &bit_depth, &color_type, &interlace_type, - &compression_type, &filter_type)) { - return 0; - } - - // This is going to be too slow. - if (width && height > 100000000 / width) - return 0; - - int passes = png_set_interlace_handling(png_handler.png_ptr); - png_start_read_image(png_handler.png_ptr); - - for (int pass = 0; pass < passes; ++pass) { - for (png_uint_32 y = 0; y < height; ++y) { - png_read_row(png_handler.png_ptr, - static_cast(png_handler.row_ptr), NULL); - } - } - - return 0; -} diff --git a/targets/libpng/libpng_read_fuzzer.options b/targets/libpng/libpng_read_fuzzer.options deleted file mode 100644 index 2005291a..00000000 --- a/targets/libpng/libpng_read_fuzzer.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -dict = png.dict diff --git a/targets/libpng/png.dict b/targets/libpng/png.dict deleted file mode 100644 index ea12d19e..00000000 --- a/targets/libpng/png.dict +++ /dev/null @@ -1,38 +0,0 @@ -# -# AFL dictionary for PNG images -# ----------------------------- -# -# Just the basic, standard-originating sections; does not include vendor -# extensions. -# -# Created by Michal Zalewski -# - -header_png="\x89PNG\x0d\x0a\x1a\x0a" - -section_IDAT="IDAT" -section_IEND="IEND" -section_IHDR="IHDR" -section_PLTE="PLTE" -section_bKGD="bKGD" -section_cHRM="cHRM" -section_fRAc="fRAc" -section_gAMA="gAMA" -section_gIFg="gIFg" -section_gIFt="gIFt" -section_gIFx="gIFx" -section_hIST="hIST" -section_iCCP="iCCP" -section_iTXt="iTXt" -section_oFFs="oFFs" -section_pCAL="pCAL" -section_pHYs="pHYs" -section_sBIT="sBIT" -section_sCAL="sCAL" -section_sPLT="sPLT" -section_sRGB="sRGB" -section_sTER="sTER" -section_tEXt="tEXt" -section_tIME="tIME" -section_tRNS="tRNS" -section_zTXt="zTXt" diff --git a/targets/libpng/target.yaml b/targets/libpng/target.yaml deleted file mode 100644 index 2f64de3a..00000000 --- a/targets/libpng/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "http://www.libpng.org/pub/png/libpng.html" diff --git a/targets/libteken/Dockerfile b/targets/libteken/Dockerfile deleted file mode 100644 index 82d5a97e..00000000 --- a/targets/libteken/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER kcwu@csie.org -RUN apt-get install -y pmake -RUN svn co https://svn.freebsd.org/base/head/sys/teken -WORKDIR teken -COPY build.sh libteken_fuzzer.c $SRC/ diff --git a/targets/libteken/build.sh b/targets/libteken/build.sh deleted file mode 100755 index c5f4a00c..00000000 --- a/targets/libteken/build.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# build the library. -pmake -C libteken teken_state.h -CFLAGS="$CFLAGS -D__unused=" pmake -C libteken libteken.a - -$CC $CFLAGS -c $SRC/libteken_fuzzer.c -o $SRC/libteken_fuzzer.o -I. -$CXX $CXXFLAGS $SRC/libteken_fuzzer.o \ - -o $OUT/libteken_fuzzer \ - -lfuzzer libteken/libteken.a diff --git a/targets/libteken/libteken_fuzzer.c b/targets/libteken/libteken_fuzzer.c deleted file mode 100644 index 9335003b..00000000 --- a/targets/libteken/libteken_fuzzer.c +++ /dev/null @@ -1,31 +0,0 @@ -#include -#include - -#include - -static void dummy_bell(void *s) {} -static void dummy_cursor(void *s, const teken_pos_t *p) {} -static void dummy_putchar(void *s, const teken_pos_t *p, teken_char_t c, - const teken_attr_t *a) {} -static void dummy_fill(void *s, const teken_rect_t *r, teken_char_t c, - const teken_attr_t *a) {} -static void dummy_copy(void *s, const teken_rect_t *r, const teken_pos_t *p) {} -static void dummy_param(void *s, int cmd, unsigned int value) {} -static void dummy_respond(void *s, const void *buf, size_t len) {} - -static teken_funcs_t tf = { - .tf_bell = dummy_bell, - .tf_cursor = dummy_cursor, - .tf_putchar = dummy_putchar, - .tf_fill = dummy_fill, - .tf_copy = dummy_copy, - .tf_param = dummy_param, - .tf_respond = dummy_respond, -}; - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - teken_t t; - teken_init(&t, &tf, NULL); - teken_input(&t, data, size); - return 0; -} diff --git a/targets/libteken/target.yaml b/targets/libteken/target.yaml deleted file mode 100644 index d3438309..00000000 --- a/targets/libteken/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "http://80386.nl/projects/libteken/" diff --git a/targets/libtsm/Dockerfile b/targets/libtsm/Dockerfile deleted file mode 100644 index c69cb1a8..00000000 --- a/targets/libtsm/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER kcwu@csie.org -RUN apt-get install -y make autoconf automake libtool pkg-config - -RUN git clone git://people.freedesktop.org/~dvdhrm/libtsm -WORKDIR libtsm -COPY build.sh libtsm_fuzzer.c $SRC/ diff --git a/targets/libtsm/build.sh b/targets/libtsm/build.sh deleted file mode 100755 index 0369dd48..00000000 --- a/targets/libtsm/build.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# build the library. -./autogen.sh -make -j$(nproc) clean all - -# build your fuzzer(s) -$CC $CCFLAGS -c $SRC/libtsm_fuzzer.c -Isrc/tsm -o $SRC/libtsm_fuzzer.o -$CXX $CXXFLAGS \ - -o $OUT/libtsm_fuzzer \ - $SRC/libtsm_fuzzer.o \ - .libs/libtsm.a \ - -lfuzzer diff --git a/targets/libtsm/libtsm_fuzzer.c b/targets/libtsm/libtsm_fuzzer.c deleted file mode 100644 index dd5f63b0..00000000 --- a/targets/libtsm/libtsm_fuzzer.c +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "libtsm.h" - -#define WIDTH 80 -#define HEIGHT 24 - -static void terminal_write_fn(struct tsm_vte *vte, - const char *u8, - size_t len, - void *data) -{ - // try to access the written data - static char out[4096]; - while (len--) - out[len % sizeof(out)] = u8[len]; -} - -static int term_draw_cell(struct tsm_screen *screen, uint32_t id, - const uint32_t *ch, size_t len, - unsigned int cwidth, unsigned int posx, - unsigned int posy, - const struct tsm_screen_attr *attr, - tsm_age_t age, void *data) -{ - if (posx >= WIDTH || posy >= HEIGHT) - abort(); - return 0; -} - -// Entry point for LibFuzzer. -int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - struct tsm_screen *screen; - struct tsm_vte *vte; - const int scrollback_size = 200; // frecon use 200 - - tsm_screen_new(&screen, NULL, NULL); - tsm_screen_set_max_sb(screen, scrollback_size); - tsm_vte_new(&vte, screen, terminal_write_fn, NULL, NULL, NULL); - tsm_screen_resize(screen, WIDTH, HEIGHT); - - tsm_vte_input(vte, (const char*) data, size); - tsm_screen_draw(screen, term_draw_cell, NULL); - - tsm_vte_unref(vte); - tsm_screen_unref(screen); - return 0; -} diff --git a/targets/libtsm/target.yaml b/targets/libtsm/target.yaml deleted file mode 100644 index a1eb5dca..00000000 --- a/targets/libtsm/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://www.freedesktop.org/wiki/Software/kmscon/libtsm/" diff --git a/targets/libxml2/Dockerfile b/targets/libxml2/Dockerfile deleted file mode 100644 index 078379b4..00000000 --- a/targets/libxml2/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER ochang@chromium.org -RUN apt-get install -y make autoconf automake libtool pkg-config - -RUN git clone git://git.gnome.org/libxml2 -WORKDIR libxml2 - -COPY build.sh $SRC/ -COPY libxml2_xml_read_memory_fuzzer.* \ - libxml2_xml_regexp_compile_fuzzer.* \ - xml.dict $SRC/ diff --git a/targets/libxml2/build.sh b/targets/libxml2/build.sh deleted file mode 100755 index 12cb3ad1..00000000 --- a/targets/libxml2/build.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -eu -# -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -./autogen.sh -./configure -make -j$(nproc) clean all - -for fuzzer in libxml2_xml_read_memory_fuzzer libxml2_xml_regexp_compile_fuzzer; do - $CXX $CXXFLAGS -std=c++11 -Iinclude/ \ - $SRC/$fuzzer.cc -o $OUT/$fuzzer \ - -lfuzzer .libs/libxml2.a -done - -cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/targets/libxml2/libxml2_xml_read_memory_fuzzer.cc b/targets/libxml2/libxml2_xml_read_memory_fuzzer.cc deleted file mode 100644 index 464a6e95..00000000 --- a/targets/libxml2/libxml2_xml_read_memory_fuzzer.cc +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "libxml/parser.h" - -void ignore (void* ctx, const char* msg, ...) { - // Error handler to avoid spam of error messages from libxml parser. -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - xmlSetGenericErrorFunc(NULL, &ignore); - - if (auto doc = xmlReadMemory(reinterpret_cast(data), - static_cast(size), "noname.xml", NULL, 0)) { - xmlFreeDoc(doc); - } - - return 0; -} diff --git a/targets/libxml2/libxml2_xml_read_memory_fuzzer.options b/targets/libxml2/libxml2_xml_read_memory_fuzzer.options deleted file mode 100644 index 6335e163..00000000 --- a/targets/libxml2/libxml2_xml_read_memory_fuzzer.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -dict = xml.dict diff --git a/targets/libxml2/libxml2_xml_regexp_compile_fuzzer.cc b/targets/libxml2/libxml2_xml_regexp_compile_fuzzer.cc deleted file mode 100644 index 65aba296..00000000 --- a/targets/libxml2/libxml2_xml_regexp_compile_fuzzer.cc +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include -#include -#include - -#include "libxml/parser.h" -#include "libxml/tree.h" -#include "libxml/xmlversion.h" - - -void ignore (void * ctx, const char * msg, ...) { - // Error handler to avoid spam of error messages from libxml parser. -} - - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - xmlSetGenericErrorFunc(NULL, &ignore); - - std::vector buffer(size + 1, 0); - std::copy(data, data + size, buffer.data()); - - xmlRegexpPtr x = xmlRegexpCompile(buffer.data()); - if (x) - xmlRegFreeRegexp(x); - - return 0; -} diff --git a/targets/libxml2/libxml2_xml_regexp_compile_fuzzer.options b/targets/libxml2/libxml2_xml_regexp_compile_fuzzer.options deleted file mode 100644 index 6335e163..00000000 --- a/targets/libxml2/libxml2_xml_regexp_compile_fuzzer.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -dict = xml.dict diff --git a/targets/libxml2/target.yaml b/targets/libxml2/target.yaml deleted file mode 100644 index 3ac2e323..00000000 --- a/targets/libxml2/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "http://www.xmlsoft.org/" diff --git a/targets/libxml2/xml.dict b/targets/libxml2/xml.dict deleted file mode 100644 index 4ffa6c80..00000000 --- a/targets/libxml2/xml.dict +++ /dev/null @@ -1,87 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ -# -# AFL dictionary for XML -# ---------------------- -# -# Several basic syntax elements and attributes, modeled on libxml2. -# -# Created by Michal Zalewski -# - -attr_encoding=" encoding=\"1\"" -attr_generic=" a=\"1\"" -attr_href=" href=\"1\"" -attr_standalone=" standalone=\"no\"" -attr_version=" version=\"1\"" -attr_xml_base=" xml:base=\"1\"" -attr_xml_id=" xml:id=\"1\"" -attr_xml_lang=" xml:lang=\"1\"" -attr_xml_space=" xml:space=\"1\"" -attr_xmlns=" xmlns=\"1\"" - -entity_builtin="<" -entity_decimal="" -entity_external="&a;" -entity_hex="" - -string_any="ANY" -string_brackets="[]" -string_cdata="CDATA" -string_col_fallback=":fallback" -string_col_generic=":a" -string_col_include=":include" -string_dashes="--" -string_empty="EMPTY" -string_empty_dblquotes="\"\"" -string_empty_quotes="''" -string_entities="ENTITIES" -string_entity="ENTITY" -string_fixed="#FIXED" -string_id="ID" -string_idref="IDREF" -string_idrefs="IDREFS" -string_implied="#IMPLIED" -string_nmtoken="NMTOKEN" -string_nmtokens="NMTOKENS" -string_notation="NOTATION" -string_parentheses="()" -string_pcdata="#PCDATA" -string_percent="%a" -string_public="PUBLIC" -string_required="#REQUIRED" -string_schema=":schema" -string_system="SYSTEM" -string_ucs4="UCS-4" -string_utf16="UTF-16" -string_utf8="UTF-8" -string_xmlns="xmlns:" - -tag_attlist="" -tag_doctype="" -tag_open_close="" -tag_open_exclamation="" -tag_xml_q="" diff --git a/targets/nss/Dockerfile b/targets/nss/Dockerfile deleted file mode 100644 index e3a621ec..00000000 --- a/targets/nss/Dockerfile +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER mmoroz@chromium.org -RUN apt-get install -y make autoconf automake libtool mercurial zlib1g-dev - -RUN hg clone https://hg.mozilla.org/projects/nspr nspr -RUN hg clone https://hg.mozilla.org/projects/nss nss -RUN git clone https://github.com/mozilla/nss-fuzzing-corpus.git nss-corpus - -WORKDIR nss -COPY build.sh fuzzers/* $SRC/ diff --git a/targets/nss/build.sh b/targets/nss/build.sh deleted file mode 100755 index d2a126ed..00000000 --- a/targets/nss/build.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Build the library. -make CCC="$CXX" XCFLAGS="$CXXFLAGS" SANITIZER_CFLAGS="$CXXFLAGS" \ - BUILD_OPT=1 USE_64=1 NSS_DISABLE_GTESTS=1 ZDEFS_FLAG= \ - nss_clean_all nss_build_all -cd .. - -# Copy libraries and some objects to $WORK/nss/lib. -mkdir -p $WORK/nss/lib -cp dist/Linux*/lib/*.a $WORK/nss/lib -cp nspr/Linux*/pr/src/misc/prlog2.o $WORK/nss/lib - -# Copy includes to $WORK/nss/include. -mkdir -p $WORK/nss/include -cp -rL dist/Linux*/include/* $WORK/nss/include -cp -rL dist/{public,private}/nss/* $WORK/nss/include - - -# Build the fuzzers. -FUZZERS="asn1_algorithmid_fuzzer \ - asn1_any_fuzzer \ - asn1_bitstring_fuzzer \ - asn1_bmpstring_fuzzer \ - asn1_boolean_fuzzer \ - asn1_generalizedtime_fuzzer \ - asn1_ia5string_fuzzer \ - asn1_integer_fuzzer \ - asn1_null_fuzzer \ - asn1_objectid_fuzzer \ - asn1_octetstring_fuzzer \ - asn1_utctime_fuzzer \ - asn1_utf8string_fuzzer" - -# The following fuzzers are currently disabled due to linking issues: -# cert_certificate_fuzzer, seckey_privatekeyinfo_fuzzer - - -for fuzzer in $FUZZERS; do - $CXX $CXXFLAGS -std=c++11 $SRC/$fuzzer.cc \ - -I$WORK/nss/include \ - -lfuzzer \ - $WORK/nss/lib/libnss.a $WORK/nss/lib/libnssutil.a \ - $WORK/nss/lib/libnspr4.a $WORK/nss/lib/libplc4.a $WORK/nss/lib/libplds4.a \ - $WORK/nss/lib/prlog2.o -o $OUT/$fuzzer -done - -# Archive and copy to $OUT seed corpus if the build succeeded. -zip $WORK/nss/all_nss_seed_corpus.zip $SRC/nss-corpus/*/* - -for fuzzer in $FUZZERS; do - cp $WORK/nss/all_nss_seed_corpus.zip $OUT/${fuzzer}_seed_corpus.zip -done diff --git a/targets/nss/fuzzers/asn1_algorithmid_fuzzer.cc b/targets/nss/fuzzers/asn1_algorithmid_fuzzer.cc deleted file mode 100644 index ec244184..00000000 --- a/targets/nss/fuzzers/asn1_algorithmid_fuzzer.cc +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), data, size); - - return 0; -} diff --git a/targets/nss/fuzzers/asn1_any_fuzzer.cc b/targets/nss/fuzzers/asn1_any_fuzzer.cc deleted file mode 100644 index 06a0c090..00000000 --- a/targets/nss/fuzzers/asn1_any_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_AnyTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_AnyTemplate), data, size); - - return 0; -} diff --git a/targets/nss/fuzzers/asn1_bitstring_fuzzer.cc b/targets/nss/fuzzers/asn1_bitstring_fuzzer.cc deleted file mode 100644 index 26543c10..00000000 --- a/targets/nss/fuzzers/asn1_bitstring_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_BitStringTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_BitStringTemplate), data, size); - - return 0; -} diff --git a/targets/nss/fuzzers/asn1_bmpstring_fuzzer.cc b/targets/nss/fuzzers/asn1_bmpstring_fuzzer.cc deleted file mode 100644 index a3776409..00000000 --- a/targets/nss/fuzzers/asn1_bmpstring_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_BMPStringTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_BMPStringTemplate), data, size); - - return 0; -} diff --git a/targets/nss/fuzzers/asn1_boolean_fuzzer.cc b/targets/nss/fuzzers/asn1_boolean_fuzzer.cc deleted file mode 100644 index 6e178ee0..00000000 --- a/targets/nss/fuzzers/asn1_boolean_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_BooleanTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_BooleanTemplate), data, size); - - return 0; -} diff --git a/targets/nss/fuzzers/asn1_fuzzer_template.h b/targets/nss/fuzzers/asn1_fuzzer_template.h deleted file mode 100644 index 416b707e..00000000 --- a/targets/nss/fuzzers/asn1_fuzzer_template.h +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef ASN1_FUZZER_TEMPLATE_H_ -#define ASN1_FUZZER_TEMPLATE_H_ - -#include -#include -#include -#include -#include -#include -#include -#include - -template -void NSSFuzzOneInput(const SEC_ASN1Template* the_template, - const uint8_t* data, - size_t size) { - DestinationType* destination = new DestinationType(); - memset(destination, 0, sizeof(DestinationType)); - - PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (!arena) { - delete destination; - return; - } - - SECItem source; - source.type = siBuffer; - source.data = static_cast(const_cast(data)); - source.len = static_cast(size); - - DecodeFunction(arena, destination, the_template, &source); - - PORT_FreeArena(arena, PR_FALSE); - delete destination; -} - -#endif // ASN1_FUZZER_TEMPLATE_H_ diff --git a/targets/nss/fuzzers/asn1_generalizedtime_fuzzer.cc b/targets/nss/fuzzers/asn1_generalizedtime_fuzzer.cc deleted file mode 100644 index 1faf586f..00000000 --- a/targets/nss/fuzzers/asn1_generalizedtime_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), data, size); - - return 0; -} diff --git a/targets/nss/fuzzers/asn1_ia5string_fuzzer.cc b/targets/nss/fuzzers/asn1_ia5string_fuzzer.cc deleted file mode 100644 index 2a33255a..00000000 --- a/targets/nss/fuzzers/asn1_ia5string_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_IA5StringTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_IA5StringTemplate), data, size); - - return 0; -} diff --git a/targets/nss/fuzzers/asn1_integer_fuzzer.cc b/targets/nss/fuzzers/asn1_integer_fuzzer.cc deleted file mode 100644 index 4e08fec0..00000000 --- a/targets/nss/fuzzers/asn1_integer_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_IntegerTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_IntegerTemplate), data, size); - - return 0; -} diff --git a/targets/nss/fuzzers/asn1_null_fuzzer.cc b/targets/nss/fuzzers/asn1_null_fuzzer.cc deleted file mode 100644 index 4af7afb7..00000000 --- a/targets/nss/fuzzers/asn1_null_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_NullTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_NullTemplate), data, size); - - return 0; -} diff --git a/targets/nss/fuzzers/asn1_objectid_fuzzer.cc b/targets/nss/fuzzers/asn1_objectid_fuzzer.cc deleted file mode 100644 index bdc8288b..00000000 --- a/targets/nss/fuzzers/asn1_objectid_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_ObjectIDTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_ObjectIDTemplate), data, size); - - return 0; -} diff --git a/targets/nss/fuzzers/asn1_octetstring_fuzzer.cc b/targets/nss/fuzzers/asn1_octetstring_fuzzer.cc deleted file mode 100644 index 71b25776..00000000 --- a/targets/nss/fuzzers/asn1_octetstring_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_OctetStringTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_OctetStringTemplate), data, size); - - return 0; -} diff --git a/targets/nss/fuzzers/asn1_utctime_fuzzer.cc b/targets/nss/fuzzers/asn1_utctime_fuzzer.cc deleted file mode 100644 index 604e2609..00000000 --- a/targets/nss/fuzzers/asn1_utctime_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_UTCTimeTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_UTCTimeTemplate), data, size); - - return 0; -} diff --git a/targets/nss/fuzzers/asn1_utf8string_fuzzer.cc b/targets/nss/fuzzers/asn1_utf8string_fuzzer.cc deleted file mode 100644 index f4a3a6ac..00000000 --- a/targets/nss/fuzzers/asn1_utf8string_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_UTF8StringTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(SEC_UTF8StringTemplate), data, size); - - return 0; -} diff --git a/targets/nss/fuzzers/cert_certificate_fuzzer.cc b/targets/nss/fuzzers/cert_certificate_fuzzer.cc deleted file mode 100644 index ce1efc73..00000000 --- a/targets/nss/fuzzers/cert_certificate_fuzzer.cc +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(CERT_CertificateTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(CERT_CertificateTemplate), data, size); - - return 0; -} diff --git a/targets/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc b/targets/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc deleted file mode 100644 index a6dd802e..00000000 --- a/targets/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include -#include - -#include "asn1_fuzzer_template.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - NSSFuzzOneInput( - SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate), data, size); - NSSFuzzOneInput( - SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate), data, size); - - return 0; -} diff --git a/targets/nss/target.yaml b/targets/nss/target.yaml deleted file mode 100644 index 1a0af5d7..00000000 --- a/targets/nss/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS" diff --git a/targets/openssl/Dockerfile b/targets/openssl/Dockerfile deleted file mode 100644 index 0487f13c..00000000 --- a/targets/openssl/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER kurt@roeckx.be -RUN apt-get install -y make -RUN git clone https://github.com/openssl/openssl.git -WORKDIR openssl -COPY build.sh $SRC/ diff --git a/targets/openssl/build.sh b/targets/openssl/build.sh deleted file mode 100755 index 73ee3ede..00000000 --- a/targets/openssl/build.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -./config enable-fuzz-libfuzzer -DPEDANTIC no-shared --with-fuzzer-lib=/usr/lib/libfuzzer $CFLAGS -make -j$(nproc) EX_LIBS="-ldl /usr/local/lib/libc++.a" - -fuzzers=$(find fuzz -executable -type f '!' -name \*.py '!' -name \*-test) -for f in $fuzzers; do - fuzzer=$(basename $f) - cp $f $OUT/ - zip -j $OUT/${fuzzer}_seed_corpus.zip fuzz/corpora/${fuzzer}/* -done - diff --git a/targets/openssl/target.yaml b/targets/openssl/target.yaml deleted file mode 100644 index b38c82b2..00000000 --- a/targets/openssl/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://www.openssl.org/" diff --git a/targets/ots/Dockerfile b/targets/ots/Dockerfile deleted file mode 100644 index 8d33b582..00000000 --- a/targets/ots/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER mmoroz@chromium.org -RUN apt-get install -y make autoconf automake libtool pkg-config zlib1g-dev -RUN git clone https://github.com/khaledhosny/ots.git -WORKDIR ots -COPY build.sh ots_fuzzer.* $SRC/ -COPY seed_corpus $SRC/seed_corpus diff --git a/targets/ots/build.sh b/targets/ots/build.sh deleted file mode 100755 index 9b516f89..00000000 --- a/targets/ots/build.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Build the target. -./autogen.sh -./configure - -make libots.a libwoff2.a libbrotli.a - -# Build the fuzzer. -$CXX $CXXFLAGS -std=c++11 -Iinclude \ - $SRC/ots_fuzzer.cc -o $OUT/ots_fuzzer \ - -lfuzzer -lz $SRC/ots/libots.a $SRC/ots/libwoff2.a $SRC/ots/libbrotli.a - -cp $SRC/ots_fuzzer.options $OUT/ -zip $OUT/ots_fuzzer_seed_corpus.zip $SRC/seed_corpus/* diff --git a/targets/ots/ots_fuzzer.cc b/targets/ots/ots_fuzzer.cc deleted file mode 100644 index 3d4bd254..00000000 --- a/targets/ots/ots_fuzzer.cc +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "opentype-sanitiser.h" -#include "ots-memory-stream.h" - -static uint8_t buffer[256 * 1024] = { 0 }; - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - ots::OTSContext context; - ots::MemoryStream stream(static_cast(buffer), sizeof(buffer)); - context.Process(&stream, data, size); - return 0; -} diff --git a/targets/ots/ots_fuzzer.options b/targets/ots/ots_fuzzer.options deleted file mode 100644 index dc3492cb..00000000 --- a/targets/ots/ots_fuzzer.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 16800 diff --git a/targets/ots/seed_corpus/0509e80afb379d16560e9e47bdd7d888bebdebc6.ttf b/targets/ots/seed_corpus/0509e80afb379d16560e9e47bdd7d888bebdebc6.ttf deleted file mode 100644 index 20360311..00000000 Binary files a/targets/ots/seed_corpus/0509e80afb379d16560e9e47bdd7d888bebdebc6.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/051d92f8bc6ff724511b296c27623f824de256e9.ttf b/targets/ots/seed_corpus/051d92f8bc6ff724511b296c27623f824de256e9.ttf deleted file mode 100644 index 419f8f3d..00000000 Binary files a/targets/ots/seed_corpus/051d92f8bc6ff724511b296c27623f824de256e9.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/07f054357ff8638bac3711b422a1e31180bba863.ttf b/targets/ots/seed_corpus/07f054357ff8638bac3711b422a1e31180bba863.ttf deleted file mode 100644 index fcd4f323..00000000 Binary files a/targets/ots/seed_corpus/07f054357ff8638bac3711b422a1e31180bba863.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/191826b9643e3f124d865d617ae609db6a2ce203.ttf b/targets/ots/seed_corpus/191826b9643e3f124d865d617ae609db6a2ce203.ttf deleted file mode 100644 index dbc6e268..00000000 Binary files a/targets/ots/seed_corpus/191826b9643e3f124d865d617ae609db6a2ce203.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/1a6f1687b7a221f9f2c834b0b360d3c8463b6daf.ttf b/targets/ots/seed_corpus/1a6f1687b7a221f9f2c834b0b360d3c8463b6daf.ttf deleted file mode 100644 index c71e85a8..00000000 Binary files a/targets/ots/seed_corpus/1a6f1687b7a221f9f2c834b0b360d3c8463b6daf.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/1c04a16f32a39c26c851b7fc014d2e8d298ba2b8.ttf b/targets/ots/seed_corpus/1c04a16f32a39c26c851b7fc014d2e8d298ba2b8.ttf deleted file mode 100644 index 26d19ade..00000000 Binary files a/targets/ots/seed_corpus/1c04a16f32a39c26c851b7fc014d2e8d298ba2b8.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/1c2c3fc37b2d4c3cb2ef726c6cdaaabd4b7f3eb9.ttf b/targets/ots/seed_corpus/1c2c3fc37b2d4c3cb2ef726c6cdaaabd4b7f3eb9.ttf deleted file mode 100644 index 213e7ced..00000000 Binary files a/targets/ots/seed_corpus/1c2c3fc37b2d4c3cb2ef726c6cdaaabd4b7f3eb9.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/1c2fb74c1b2aa173262734c1f616148f1648cfd6.ttf b/targets/ots/seed_corpus/1c2fb74c1b2aa173262734c1f616148f1648cfd6.ttf deleted file mode 100644 index 72106585..00000000 Binary files a/targets/ots/seed_corpus/1c2fb74c1b2aa173262734c1f616148f1648cfd6.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/205edd09bd3d141cc9580f650109556cc28b22cb.ttf b/targets/ots/seed_corpus/205edd09bd3d141cc9580f650109556cc28b22cb.ttf deleted file mode 100644 index 4e0ce0a4..00000000 Binary files a/targets/ots/seed_corpus/205edd09bd3d141cc9580f650109556cc28b22cb.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/226bc2deab3846f1a682085f70c67d0421014144.ttf b/targets/ots/seed_corpus/226bc2deab3846f1a682085f70c67d0421014144.ttf deleted file mode 100644 index 70c0c0a8..00000000 Binary files a/targets/ots/seed_corpus/226bc2deab3846f1a682085f70c67d0421014144.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/270b89df543a7e48e206a2d830c0e10e5265c630.ttf b/targets/ots/seed_corpus/270b89df543a7e48e206a2d830c0e10e5265c630.ttf deleted file mode 100644 index fc226491..00000000 Binary files a/targets/ots/seed_corpus/270b89df543a7e48e206a2d830c0e10e5265c630.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/298c9e1d955f10f6f72c6915c3c6ff9bf9695cec.ttf b/targets/ots/seed_corpus/298c9e1d955f10f6f72c6915c3c6ff9bf9695cec.ttf deleted file mode 100644 index 0d677a87..00000000 Binary files a/targets/ots/seed_corpus/298c9e1d955f10f6f72c6915c3c6ff9bf9695cec.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/3511ff5c1647150595846ac414c595cccac34f18.ttf b/targets/ots/seed_corpus/3511ff5c1647150595846ac414c595cccac34f18.ttf deleted file mode 100644 index 789abf7a..00000000 Binary files a/targets/ots/seed_corpus/3511ff5c1647150595846ac414c595cccac34f18.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/37033cc5cf37bb223d7355153016b6ccece93b28.ttf b/targets/ots/seed_corpus/37033cc5cf37bb223d7355153016b6ccece93b28.ttf deleted file mode 100644 index 14defeb7..00000000 Binary files a/targets/ots/seed_corpus/37033cc5cf37bb223d7355153016b6ccece93b28.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf b/targets/ots/seed_corpus/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf deleted file mode 100644 index b284c986..00000000 Binary files a/targets/ots/seed_corpus/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/43979b90b2dd929723cf4fe1715990bcb9c9a56b.ttf b/targets/ots/seed_corpus/43979b90b2dd929723cf4fe1715990bcb9c9a56b.ttf deleted file mode 100644 index a5c0156c..00000000 Binary files a/targets/ots/seed_corpus/43979b90b2dd929723cf4fe1715990bcb9c9a56b.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/43ef465752be9af900745f72fe29cb853a1401a5.ttf b/targets/ots/seed_corpus/43ef465752be9af900745f72fe29cb853a1401a5.ttf deleted file mode 100644 index 649c156a..00000000 Binary files a/targets/ots/seed_corpus/43ef465752be9af900745f72fe29cb853a1401a5.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/45855bc8d46332b39c4ab9e2ee1a26b1f896da6b.ttf b/targets/ots/seed_corpus/45855bc8d46332b39c4ab9e2ee1a26b1f896da6b.ttf deleted file mode 100644 index 6ef470c8..00000000 Binary files a/targets/ots/seed_corpus/45855bc8d46332b39c4ab9e2ee1a26b1f896da6b.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/49c9f7485c1392fa09a1b801bc2ffea79275f22e.ttf b/targets/ots/seed_corpus/49c9f7485c1392fa09a1b801bc2ffea79275f22e.ttf deleted file mode 100644 index ea1326d2..00000000 Binary files a/targets/ots/seed_corpus/49c9f7485c1392fa09a1b801bc2ffea79275f22e.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/4cce528e99f600ed9c25a2b69e32eb94a03b4ae8.ttf b/targets/ots/seed_corpus/4cce528e99f600ed9c25a2b69e32eb94a03b4ae8.ttf deleted file mode 100644 index dfaead72..00000000 Binary files a/targets/ots/seed_corpus/4cce528e99f600ed9c25a2b69e32eb94a03b4ae8.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/5028afb650b1bb718ed2131e872fbcce57828fff.ttf b/targets/ots/seed_corpus/5028afb650b1bb718ed2131e872fbcce57828fff.ttf deleted file mode 100644 index 8fb2f162..00000000 Binary files a/targets/ots/seed_corpus/5028afb650b1bb718ed2131e872fbcce57828fff.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/56cfd0e18d07f41c38e9598545a6d369127fc6f9.ttf b/targets/ots/seed_corpus/56cfd0e18d07f41c38e9598545a6d369127fc6f9.ttf deleted file mode 100644 index 4795238b..00000000 Binary files a/targets/ots/seed_corpus/56cfd0e18d07f41c38e9598545a6d369127fc6f9.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/57a9d9f83020155cbb1d2be1f43d82388cbecc88.ttf b/targets/ots/seed_corpus/57a9d9f83020155cbb1d2be1f43d82388cbecc88.ttf deleted file mode 100644 index 746fc603..00000000 Binary files a/targets/ots/seed_corpus/57a9d9f83020155cbb1d2be1f43d82388cbecc88.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf b/targets/ots/seed_corpus/5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf deleted file mode 100644 index 9b4d23f5..00000000 Binary files a/targets/ots/seed_corpus/5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/641bd9db850193064d17575053ae2bf8ec149ddc.ttf b/targets/ots/seed_corpus/641bd9db850193064d17575053ae2bf8ec149ddc.ttf deleted file mode 100644 index 66cefd4d..00000000 Binary files a/targets/ots/seed_corpus/641bd9db850193064d17575053ae2bf8ec149ddc.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/6466d38c62e73a39202435a4f73bf5d6acbb73c0.ttf b/targets/ots/seed_corpus/6466d38c62e73a39202435a4f73bf5d6acbb73c0.ttf deleted file mode 100644 index 33c4229c..00000000 Binary files a/targets/ots/seed_corpus/6466d38c62e73a39202435a4f73bf5d6acbb73c0.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/6ff0fbead4462d9f229167b4e6839eceb8465058.ttf b/targets/ots/seed_corpus/6ff0fbead4462d9f229167b4e6839eceb8465058.ttf deleted file mode 100644 index 67be5258..00000000 Binary files a/targets/ots/seed_corpus/6ff0fbead4462d9f229167b4e6839eceb8465058.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/706c5d7b625f207bc0d874c67237aad6f1e9cd6f.ttf b/targets/ots/seed_corpus/706c5d7b625f207bc0d874c67237aad6f1e9cd6f.ttf deleted file mode 100644 index eb5c50c6..00000000 Binary files a/targets/ots/seed_corpus/706c5d7b625f207bc0d874c67237aad6f1e9cd6f.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/757ebd573617a24aa9dfbf0b885c54875c6fe06b.ttf b/targets/ots/seed_corpus/757ebd573617a24aa9dfbf0b885c54875c6fe06b.ttf deleted file mode 100644 index bbe22370..00000000 Binary files a/targets/ots/seed_corpus/757ebd573617a24aa9dfbf0b885c54875c6fe06b.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/7a37dc4d5bf018456aea291cee06daf004c0221c.ttf b/targets/ots/seed_corpus/7a37dc4d5bf018456aea291cee06daf004c0221c.ttf deleted file mode 100644 index a5787a8c..00000000 Binary files a/targets/ots/seed_corpus/7a37dc4d5bf018456aea291cee06daf004c0221c.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/7e14e7883ed152baa158b80e207b66114c823a8b.ttf b/targets/ots/seed_corpus/7e14e7883ed152baa158b80e207b66114c823a8b.ttf deleted file mode 100644 index 27efd7c9..00000000 Binary files a/targets/ots/seed_corpus/7e14e7883ed152baa158b80e207b66114c823a8b.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/7ef276fc886ea502a03b9b0e5c8b547d5dc2b61c.ttf b/targets/ots/seed_corpus/7ef276fc886ea502a03b9b0e5c8b547d5dc2b61c.ttf deleted file mode 100644 index fb4534ab..00000000 Binary files a/targets/ots/seed_corpus/7ef276fc886ea502a03b9b0e5c8b547d5dc2b61c.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/8099955657a54e9ee38a6ba1d6f950ce58e3cc25.ttf b/targets/ots/seed_corpus/8099955657a54e9ee38a6ba1d6f950ce58e3cc25.ttf deleted file mode 100644 index 6bb13bd5..00000000 Binary files a/targets/ots/seed_corpus/8099955657a54e9ee38a6ba1d6f950ce58e3cc25.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/813c2f8e5512187fd982417a7fb4286728e6f4a8.ttf b/targets/ots/seed_corpus/813c2f8e5512187fd982417a7fb4286728e6f4a8.ttf deleted file mode 100644 index b728b277..00000000 Binary files a/targets/ots/seed_corpus/813c2f8e5512187fd982417a7fb4286728e6f4a8.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/8240789f6d12d4cfc4b5e8e6f246c3701bcf861f.ttf b/targets/ots/seed_corpus/8240789f6d12d4cfc4b5e8e6f246c3701bcf861f.ttf deleted file mode 100644 index 8eed14d9..00000000 Binary files a/targets/ots/seed_corpus/8240789f6d12d4cfc4b5e8e6f246c3701bcf861f.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/8454d22037f892e76614e1645d066689a0200e61.ttf b/targets/ots/seed_corpus/8454d22037f892e76614e1645d066689a0200e61.ttf deleted file mode 100644 index 2cbb67a4..00000000 Binary files a/targets/ots/seed_corpus/8454d22037f892e76614e1645d066689a0200e61.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/8a9fea2a7384f2116e5b84a9b31f83be7850ce21.ttf b/targets/ots/seed_corpus/8a9fea2a7384f2116e5b84a9b31f83be7850ce21.ttf deleted file mode 100644 index 875c6998..00000000 Binary files a/targets/ots/seed_corpus/8a9fea2a7384f2116e5b84a9b31f83be7850ce21.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/a34a7b00f22ffb5fd7eef6933b81c7e71bc2cdfb.ttf b/targets/ots/seed_corpus/a34a7b00f22ffb5fd7eef6933b81c7e71bc2cdfb.ttf deleted file mode 100644 index 74fceec8..00000000 Binary files a/targets/ots/seed_corpus/a34a7b00f22ffb5fd7eef6933b81c7e71bc2cdfb.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/a919b33197965846f21074b24e30250d67277bce.ttf b/targets/ots/seed_corpus/a919b33197965846f21074b24e30250d67277bce.ttf deleted file mode 100644 index d2f116ef..00000000 Binary files a/targets/ots/seed_corpus/a919b33197965846f21074b24e30250d67277bce.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/a98e908e2ed21b22228ea59ebcc0f05034c86f2e.ttf b/targets/ots/seed_corpus/a98e908e2ed21b22228ea59ebcc0f05034c86f2e.ttf deleted file mode 100644 index 8bbddb12..00000000 Binary files a/targets/ots/seed_corpus/a98e908e2ed21b22228ea59ebcc0f05034c86f2e.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/b9e2aaa0d75fcef6971ec3a96d806ba4a6b31fe2.ttf b/targets/ots/seed_corpus/b9e2aaa0d75fcef6971ec3a96d806ba4a6b31fe2.ttf deleted file mode 100644 index 500276df..00000000 Binary files a/targets/ots/seed_corpus/b9e2aaa0d75fcef6971ec3a96d806ba4a6b31fe2.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/bb0c53752e85c3d28973ebc913287b8987d3dfe8.ttf b/targets/ots/seed_corpus/bb0c53752e85c3d28973ebc913287b8987d3dfe8.ttf deleted file mode 100644 index 3b7c4707..00000000 Binary files a/targets/ots/seed_corpus/bb0c53752e85c3d28973ebc913287b8987d3dfe8.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/bb9473d2403488714043bcfb946c9f78b86ad627.ttf b/targets/ots/seed_corpus/bb9473d2403488714043bcfb946c9f78b86ad627.ttf deleted file mode 100644 index b16dae6c..00000000 Binary files a/targets/ots/seed_corpus/bb9473d2403488714043bcfb946c9f78b86ad627.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/c4e48b0886ef460f532fb49f00047ec92c432ec0.ttf b/targets/ots/seed_corpus/c4e48b0886ef460f532fb49f00047ec92c432ec0.ttf deleted file mode 100644 index 99cda169..00000000 Binary files a/targets/ots/seed_corpus/c4e48b0886ef460f532fb49f00047ec92c432ec0.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/cc5f3d2d717fb6bd4dfae1c16d48a2cb8e12233b.ttf b/targets/ots/seed_corpus/cc5f3d2d717fb6bd4dfae1c16d48a2cb8e12233b.ttf deleted file mode 100644 index a48d2a68..00000000 Binary files a/targets/ots/seed_corpus/cc5f3d2d717fb6bd4dfae1c16d48a2cb8e12233b.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/d629e7fedc0b350222d7987345fe61613fa3929a.ttf b/targets/ots/seed_corpus/d629e7fedc0b350222d7987345fe61613fa3929a.ttf deleted file mode 100644 index e674a78b..00000000 Binary files a/targets/ots/seed_corpus/d629e7fedc0b350222d7987345fe61613fa3929a.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/df768b9c257e0c9c35786c47cae15c46571d56be.ttf b/targets/ots/seed_corpus/df768b9c257e0c9c35786c47cae15c46571d56be.ttf deleted file mode 100644 index c6d8b18e..00000000 Binary files a/targets/ots/seed_corpus/df768b9c257e0c9c35786c47cae15c46571d56be.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/e207635780b42f898d58654b65098763e340f5c7.ttf b/targets/ots/seed_corpus/e207635780b42f898d58654b65098763e340f5c7.ttf deleted file mode 100644 index d91df572..00000000 Binary files a/targets/ots/seed_corpus/e207635780b42f898d58654b65098763e340f5c7.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/ef86fe710cfea877bbe0dbb6946a1f88d0661031.ttf b/targets/ots/seed_corpus/ef86fe710cfea877bbe0dbb6946a1f88d0661031.ttf deleted file mode 100644 index 629c470c..00000000 Binary files a/targets/ots/seed_corpus/ef86fe710cfea877bbe0dbb6946a1f88d0661031.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/f22416c692720a7d46fadf4af99f4c9e094f00b9.ttf b/targets/ots/seed_corpus/f22416c692720a7d46fadf4af99f4c9e094f00b9.ttf deleted file mode 100644 index 1dbadde4..00000000 Binary files a/targets/ots/seed_corpus/f22416c692720a7d46fadf4af99f4c9e094f00b9.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/f499fbc23865022234775c43503bba2e63978fe1.ttf b/targets/ots/seed_corpus/f499fbc23865022234775c43503bba2e63978fe1.ttf deleted file mode 100644 index 3c605934..00000000 Binary files a/targets/ots/seed_corpus/f499fbc23865022234775c43503bba2e63978fe1.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/f518eb6f6b5eec2946c9fbbbde44e45d46f5e2ac.ttf b/targets/ots/seed_corpus/f518eb6f6b5eec2946c9fbbbde44e45d46f5e2ac.ttf deleted file mode 100644 index 039f5e8a..00000000 Binary files a/targets/ots/seed_corpus/f518eb6f6b5eec2946c9fbbbde44e45d46f5e2ac.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/fab39d60d758cb586db5a504f218442cd1395725.ttf b/targets/ots/seed_corpus/fab39d60d758cb586db5a504f218442cd1395725.ttf deleted file mode 100644 index 451ed047..00000000 Binary files a/targets/ots/seed_corpus/fab39d60d758cb586db5a504f218442cd1395725.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/fbb6c84c9e1fe0c39e152fbe845e51fd81f6748e.ttf b/targets/ots/seed_corpus/fbb6c84c9e1fe0c39e152fbe845e51fd81f6748e.ttf deleted file mode 100644 index d49432dd..00000000 Binary files a/targets/ots/seed_corpus/fbb6c84c9e1fe0c39e152fbe845e51fd81f6748e.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/fcdcffbdf1c4c97c05308d7600e4c283eb47dbca.ttf b/targets/ots/seed_corpus/fcdcffbdf1c4c97c05308d7600e4c283eb47dbca.ttf deleted file mode 100644 index c4e0253c..00000000 Binary files a/targets/ots/seed_corpus/fcdcffbdf1c4c97c05308d7600e4c283eb47dbca.ttf and /dev/null differ diff --git a/targets/ots/seed_corpus/ffa0f5d2d9025486d8469d8b1fdd983e7632499b.ttf b/targets/ots/seed_corpus/ffa0f5d2d9025486d8469d8b1fdd983e7632499b.ttf deleted file mode 100644 index 224dbc63..00000000 Binary files a/targets/ots/seed_corpus/ffa0f5d2d9025486d8469d8b1fdd983e7632499b.ttf and /dev/null differ diff --git a/targets/ots/target.yaml b/targets/ots/target.yaml deleted file mode 100644 index 0a12f123..00000000 --- a/targets/ots/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://github.com/khaledhosny/ots" diff --git a/targets/pcre2/Dockerfile b/targets/pcre2/Dockerfile deleted file mode 100644 index a9fb74de..00000000 --- a/targets/pcre2/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER kcc@google.com -RUN apt-get install -y make autoconf automake libtool subversion - -RUN svn co svn://vcs.exim.org/pcre2/code/trunk pcre2 -COPY build.sh $SRC/ diff --git a/targets/pcre2/build.sh b/targets/pcre2/build.sh deleted file mode 100755 index fdcec503..00000000 --- a/targets/pcre2/build.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -cd pcre2 - -# build the library. -./autogen.sh -./configure --enable-fuzz-support --enable-never-backslash-C --with-match-limit=1000 --with-match-limit-recursion=1000 -make -j$(nproc) clean all - -# Build the target. -$CXX $CXXFLAGS -o $OUT/pcre2_fuzzer \ - -lfuzzer .libs/libpcre2-fuzzsupport.a .libs/libpcre2-8.a diff --git a/targets/pcre2/target.yaml b/targets/pcre2/target.yaml deleted file mode 100644 index fa9c01a0..00000000 --- a/targets/pcre2/target.yaml +++ /dev/null @@ -1,2 +0,0 @@ -homepage: "http://www.pcre.org/" -primary_contact: "philip.hazel@gmail.com" diff --git a/targets/re2/Dockerfile b/targets/re2/Dockerfile deleted file mode 100644 index 13893cb3..00000000 --- a/targets/re2/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER wrengr@chromium.org -RUN apt-get install -y make autoconf automake libtool - -RUN git clone https://code.googlesource.com/re2 -WORKDIR re2 -COPY build.sh re2_fuzzer.* $SRC/ diff --git a/targets/re2/build.sh b/targets/re2/build.sh deleted file mode 100755 index 066049dc..00000000 --- a/targets/re2/build.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# First, build the re2 library. -# N.B., we don't follow the standard incantation for building re2 -# (i.e., `make && make test && make install && make testinstall`), -# because some of the targets doesn't use $CXXFLAGS properly, which -# causes compilation to fail. The obj/libre2.a target is all we -# really need for our fuzzer, so that's all we build. Hopefully -# this won't cause the fuzzer to fail erroneously due to not running -# upstream's tests first to be sure things compiled correctly. -make clean -make -j$(nproc) obj/libre2.a - - -# Second, build our fuzzers. -$CXX $CXXFLAGS -std=c++11 -I. \ - $SRC/re2_fuzzer.cc -o $OUT/re2_fuzzer \ - -lfuzzer ./obj/libre2.a - -cp $SRC/*.options $OUT/ diff --git a/targets/re2/re2_fuzzer.cc b/targets/re2/re2_fuzzer.cc deleted file mode 100644 index 9c16462a..00000000 --- a/targets/re2/re2_fuzzer.cc +++ /dev/null @@ -1,87 +0,0 @@ -// Copyright (c) 2016 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include - -#include "re2/re2.h" -#include "util/logging.h" - -using std::string; - -void Test(const string& buffer, const string& pattern, - const RE2::Options& options) { - RE2 re(pattern, options); - if (!re.ok()) - return; - - string m1, m2; - int i1, i2; - double d1; - - if (re.NumberOfCapturingGroups() == 0) { - RE2::FullMatch(buffer, re); - RE2::PartialMatch(buffer, re); - } else if (re.NumberOfCapturingGroups() == 1) { - RE2::FullMatch(buffer, re, &m1); - RE2::PartialMatch(buffer, re, &i1); - } else if (re.NumberOfCapturingGroups() == 2) { - RE2::FullMatch(buffer, re, &i1, &i2); - RE2::PartialMatch(buffer, re, &m1, &m2); - } - - re2::StringPiece input(buffer); - RE2::Consume(&input, re, &m1); - RE2::FindAndConsume(&input, re, &d1); - string tmp1(buffer); - RE2::Replace(&tmp1, re, "zz"); - string tmp2(buffer); - RE2::GlobalReplace(&tmp2, re, "xx"); - RE2::QuoteMeta(re2::StringPiece(pattern)); -} - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - if (size < 1) - return 0; - - RE2::Options options; - - size_t options_randomizer = 0; - for (size_t i = 0; i < size; i++) - options_randomizer += data[i]; - - if (options_randomizer & 1) - options.set_encoding(RE2::Options::EncodingLatin1); - - options.set_posix_syntax(options_randomizer & 2); - options.set_longest_match(options_randomizer & 4); - options.set_literal(options_randomizer & 8); - options.set_never_nl(options_randomizer & 16); - options.set_dot_nl(options_randomizer & 32); - options.set_never_capture(options_randomizer & 64); - options.set_case_sensitive(options_randomizer & 128); - options.set_perl_classes(options_randomizer & 256); - options.set_word_boundary(options_randomizer & 512); - options.set_one_line(options_randomizer & 1024); - - options.set_log_errors(false); - - const char* data_input = reinterpret_cast(data); - { - string pattern(data_input, size); - string buffer(data_input, size); - Test(buffer, pattern, options); - } - - if (size >= 3) { - string pattern(data_input, size / 3); - string buffer(data_input + size / 3, size - size / 3); - Test(buffer, pattern, options); - } - - return 0; -} diff --git a/targets/re2/re2_fuzzer.options b/targets/re2/re2_fuzzer.options deleted file mode 100644 index ea2785e1..00000000 --- a/targets/re2/re2_fuzzer.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 32 diff --git a/targets/re2/target.yaml b/targets/re2/target.yaml deleted file mode 100644 index e35d7154..00000000 --- a/targets/re2/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://code.googlesource.com/re2" diff --git a/targets/sqlite3/Dockerfile b/targets/sqlite3/Dockerfile deleted file mode 100644 index 32a74419..00000000 --- a/targets/sqlite3/Dockerfile +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER tanin@google.com -RUN apt-get install -y make autoconf automake libtool fossil tcl - -# We won't be able to poll fossil for changes, so this will build -# only once a day. -RUN mkdir $SRC/sqlite3 && \ - cd $SRC/sqlite3 && \ - fossil clone https://www.sqlite.org/src sqlite --user `whoami` && \ - fossil open sqlite - -RUN find $SRC/sqlite3 -name "*.test" | xargs zip $SRC/ossfuzz_seed_corpus.zip - -WORKDIR sqlite3 -COPY build.sh *.dict *.options $SRC/ diff --git a/targets/sqlite3/build.sh b/targets/sqlite3/build.sh deleted file mode 100755 index 5a0bbbf1..00000000 --- a/targets/sqlite3/build.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -mkdir bld -cd bld - -export ASAN_OPTIONS=detect_leaks=0 -# Limit max length of data blobs and sql queries to prevent irrelevant OOMs. -export CFLAGS="$CFLAGS -DSQLITE_MAX_LENGTH=128000000 \ - -DSQLITE_MAX_SQL_LENGTH=128000000 \ - -DSQLITE_PRINTF_PRECISION_LIMIT=128000000" -../configure -make -j$(nproc) -make sqlite3.c - -$CC $CCFLAGS -I. -c \ - $SRC/sqlite3/test/ossfuzz.c -o $SRC/sqlite3/test/ossfuzz.o - -$CXX $CXXFLAGS \ - $SRC/sqlite3/test/ossfuzz.o -o $OUT/ossfuzz \ - -lfuzzer ./sqlite3.o - -cp $SRC/*.options $SRC/*.dict $SRC/*.zip $OUT/ - diff --git a/targets/sqlite3/ossfuzz.options b/targets/sqlite3/ossfuzz.options deleted file mode 100644 index c1b50658..00000000 --- a/targets/sqlite3/ossfuzz.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -dict = sql.dict diff --git a/targets/sqlite3/sql.dict b/targets/sqlite3/sql.dict deleted file mode 100644 index bf522cc4..00000000 --- a/targets/sqlite3/sql.dict +++ /dev/null @@ -1,282 +0,0 @@ -# -# AFL dictionary for SQL -# ---------------------- -# -# Modeled based on SQLite documentation, contains some number of SQLite -# extensions. Other dialects of SQL may benefit from customized dictionaries. -# -# If you append @1 to the file name when loading this dictionary, afl-fuzz -# will also additionally load a selection of pragma keywords that are very -# specific to SQLite (and are probably less interesting from the security -# standpoint, because they are usually not allowed in non-privileged -# contexts). -# -# Created by Michal Zalewski -# - -function_abs=" abs(1)" -function_avg=" avg(1)" -function_changes=" changes()" -function_char=" char(1)" -function_coalesce=" coalesce(1,1)" -function_count=" count(1)" -function_date=" date(1,1,1)" -function_datetime=" datetime(1,1,1)" -function_decimal=" decimal(1,1)" -function_glob=" glob(1,1)" -function_group_concat=" group_concat(1,1)" -function_hex=" hex(1)" -function_ifnull=" ifnull(1,1)" -function_instr=" instr(1,1)" -function_julianday=" julianday(1,1,1)" -function_last_insert_rowid=" last_insert_rowid()" -function_length=" length(1)" -function_like=" like(1,1)" -function_likelihood=" likelihood(1,1)" -function_likely=" likely(1)" -function_load_extension=" load_extension(1,1)" -function_lower=" lower(1)" -function_ltrim=" ltrim(1,1)" -function_max=" max(1,1)" -function_min=" min(1,1)" -function_nullif=" nullif(1,1)" -function_printf=" printf(1,1)" -function_quote=" quote(1)" -function_random=" random()" -function_randomblob=" randomblob(1)" -function_replace=" replace(1,1,1)" -function_round=" round(1,1)" -function_rtrim=" rtrim(1,1)" -function_soundex=" soundex(1)" -function_sqlite_compileoption_get=" sqlite_compileoption_get(1)" -function_sqlite_compileoption_used=" sqlite_compileoption_used(1)" -function_sqlite_source_id=" sqlite_source_id()" -function_sqlite_version=" sqlite_version()" -function_strftime=" strftime(1,1,1,1)" -function_substr=" substr(1,1,1)" -function_sum=" sum(1)" -function_time=" time(1,1,1)" -function_total=" total(1)" -function_total_changes=" total_changes()" -function_trim=" trim(1,1)" -function_typeof=" typeof(1)" -function_unicode=" unicode(1)" -function_unlikely=" unlikely(1)" -function_upper=" upper(1)" -function_varchar=" varchar(1)" -function_zeroblob=" zeroblob(1)" - -keyword_ABORT="ABORT" -keyword_ACTION="ACTION" -keyword_ADD="ADD" -keyword_AFTER="AFTER" -keyword_ALL="ALL" -keyword_ALTER="ALTER" -keyword_ANALYZE="ANALYZE" -keyword_AND="AND" -keyword_AS="AS" -keyword_ASC="ASC" -keyword_ATTACH="ATTACH" -keyword_AUTOINCREMENT="AUTOINCREMENT" -keyword_BEFORE="BEFORE" -keyword_BEGIN="BEGIN" -keyword_BETWEEN="BETWEEN" -keyword_BY="BY" -keyword_CASCADE="CASCADE" -keyword_CASE="CASE" -keyword_CAST="CAST" -keyword_CHECK="CHECK" -keyword_COLLATE="COLLATE" -keyword_COLUMN="COLUMN" -keyword_COMMIT="COMMIT" -keyword_CONFLICT="CONFLICT" -keyword_CONSTRAINT="CONSTRAINT" -keyword_CREATE="CREATE" -keyword_CROSS="CROSS" -keyword_CURRENT_DATE="CURRENT_DATE" -keyword_CURRENT_TIME="CURRENT_TIME" -keyword_CURRENT_TIMESTAMP="CURRENT_TIMESTAMP" -keyword_DATABASE="DATABASE" -keyword_DEFAULT="DEFAULT" -keyword_DEFERRABLE="DEFERRABLE" -keyword_DEFERRED="DEFERRED" -keyword_DELETE="DELETE" -keyword_DESC="DESC" -keyword_DETACH="DETACH" -keyword_DISTINCT="DISTINCT" -keyword_DROP="DROP" -keyword_EACH="EACH" -keyword_ELSE="ELSE" -keyword_END="END" -keyword_ESCAPE="ESCAPE" -keyword_EXCEPT="EXCEPT" -keyword_EXCLUSIVE="EXCLUSIVE" -keyword_EXISTS="EXISTS" -keyword_EXPLAIN="EXPLAIN" -keyword_FAIL="FAIL" -keyword_FOR="FOR" -keyword_FOREIGN="FOREIGN" -keyword_FROM="FROM" -keyword_FULL="FULL" -keyword_GLOB="GLOB" -keyword_GROUP="GROUP" -keyword_HAVING="HAVING" -keyword_IF="IF" -keyword_IGNORE="IGNORE" -keyword_IMMEDIATE="IMMEDIATE" -keyword_IN="IN" -keyword_INDEX="INDEX" -keyword_INDEXED="INDEXED" -keyword_INITIALLY="INITIALLY" -keyword_INNER="INNER" -keyword_INSERT="INSERT" -keyword_INSTEAD="INSTEAD" -keyword_INTERSECT="INTERSECT" -keyword_INTO="INTO" -keyword_IS="IS" -keyword_ISNULL="ISNULL" -keyword_JOIN="JOIN" -keyword_KEY="KEY" -keyword_LEFT="LEFT" -keyword_LIKE="LIKE" -keyword_LIMIT="LIMIT" -keyword_MATCH="MATCH" -keyword_NATURAL="NATURAL" -keyword_NO="NO" -keyword_NOT="NOT" -keyword_NOTNULL="NOTNULL" -keyword_NULL="NULL" -keyword_OF="OF" -keyword_OFFSET="OFFSET" -keyword_ON="ON" -keyword_OR="OR" -keyword_ORDER="ORDER" -keyword_OUTER="OUTER" -keyword_PLAN="PLAN" -keyword_PRAGMA="PRAGMA" -keyword_PRIMARY="PRIMARY" -keyword_QUERY="QUERY" -keyword_RAISE="RAISE" -keyword_RECURSIVE="RECURSIVE" -keyword_REFERENCES="REFERENCES" -#keyword_REGEXP="REGEXP" -keyword_REINDEX="REINDEX" -keyword_RELEASE="RELEASE" -keyword_RENAME="RENAME" -keyword_REPLACE="REPLACE" -keyword_RESTRICT="RESTRICT" -keyword_RIGHT="RIGHT" -keyword_ROLLBACK="ROLLBACK" -keyword_ROW="ROW" -keyword_SAVEPOINT="SAVEPOINT" -keyword_SELECT="SELECT" -keyword_SET="SET" -keyword_TABLE="TABLE" -keyword_TEMP="TEMP" -keyword_TEMPORARY="TEMPORARY" -keyword_THEN="THEN" -keyword_TO="TO" -keyword_TRANSACTION="TRANSACTION" -keyword_TRIGGER="TRIGGER" -keyword_UNION="UNION" -keyword_UNIQUE="UNIQUE" -keyword_UPDATE="UPDATE" -keyword_USING="USING" -keyword_VACUUM="VACUUM" -keyword_VALUES="VALUES" -keyword_VIEW="VIEW" -keyword_VIRTUAL="VIRTUAL" -keyword_WHEN="WHEN" -keyword_WHERE="WHERE" -keyword_WITH="WITH" -keyword_WITHOUT="WITHOUT" - -operator_concat=" || " -operator_ebove_eq=" >=" - -snippet_1eq1=" 1=1" -snippet_at=" @1" -snippet_backticks=" `a`" -snippet_blob=" blob" -snippet_brackets=" [a]" -snippet_colon=" :1" -snippet_comment=" /* */" -snippet_date="2001-01-01" -snippet_dollar=" $1" -snippet_dotref=" a.b" -snippet_fmtY="%Y" -snippet_int=" int" -snippet_neg1=" -1" -snippet_pair=" a,b" -snippet_parentheses=" (1)" -snippet_plus2days="+2 days" -snippet_qmark=" ?1" -snippet_semicolon=" ;" -snippet_star=" *" -snippet_string_pair=" \"a\",\"b\"" - -string_dbl_q=" \"a\"" -string_escaped_q=" 'a''b'" -string_single_q=" 'a'" - -pragma_application_id@1=" application_id" -pragma_auto_vacuum@1=" auto_vacuum" -pragma_automatic_index@1=" automatic_index" -pragma_busy_timeout@1=" busy_timeout" -pragma_cache_size@1=" cache_size" -pragma_cache_spill@1=" cache_spill" -pragma_case_sensitive_like@1=" case_sensitive_like" -pragma_checkpoint_fullfsync@1=" checkpoint_fullfsync" -pragma_collation_list@1=" collation_list" -pragma_compile_options@1=" compile_options" -pragma_count_changes@1=" count_changes" -pragma_data_store_directory@1=" data_store_directory" -pragma_database_list@1=" database_list" -pragma_default_cache_size@1=" default_cache_size" -pragma_defer_foreign_keys@1=" defer_foreign_keys" -pragma_empty_result_callbacks@1=" empty_result_callbacks" -pragma_encoding@1=" encoding" -pragma_foreign_key_check@1=" foreign_key_check" -pragma_foreign_key_list@1=" foreign_key_list" -pragma_foreign_keys@1=" foreign_keys" -pragma_freelist_count@1=" freelist_count" -pragma_full_column_names@1=" full_column_names" -pragma_fullfsync@1=" fullfsync" -pragma_ignore_check_constraints@1=" ignore_check_constraints" -pragma_incremental_vacuum@1=" incremental_vacuum" -pragma_index_info@1=" index_info" -pragma_index_list@1=" index_list" -pragma_integrity_check@1=" integrity_check" -pragma_journal_mode@1=" journal_mode" -pragma_journal_size_limit@1=" journal_size_limit" -pragma_legacy_file_format@1=" legacy_file_format" -pragma_locking_mode@1=" locking_mode" -pragma_max_page_count@1=" max_page_count" -pragma_mmap_size@1=" mmap_size" -pragma_page_count@1=" page_count" -pragma_page_size@1=" page_size" -pragma_parser_trace@1=" parser_trace" -pragma_query_only@1=" query_only" -pragma_quick_check@1=" quick_check" -pragma_read_uncommitted@1=" read_uncommitted" -pragma_recursive_triggers@1=" recursive_triggers" -pragma_reverse_unordered_selects@1=" reverse_unordered_selects" -pragma_schema_version@1=" schema_version" -pragma_secure_delete@1=" secure_delete" -pragma_short_column_names@1=" short_column_names" -pragma_shrink_memory@1=" shrink_memory" -pragma_soft_heap_limit@1=" soft_heap_limit" -pragma_stats@1=" stats" -pragma_synchronous@1=" synchronous" -pragma_table_info@1=" table_info" -pragma_temp_store@1=" temp_store" -pragma_temp_store_directory@1=" temp_store_directory" -pragma_threads@1=" threads" -pragma_user_version@1=" user_version" -pragma_vdbe_addoptrace@1=" vdbe_addoptrace" -pragma_vdbe_debug@1=" vdbe_debug" -pragma_vdbe_listing@1=" vdbe_listing" -pragma_vdbe_trace@1=" vdbe_trace" -pragma_wal_autocheckpoint@1=" wal_autocheckpoint" -pragma_wal_checkpoint@1=" wal_checkpoint" -pragma_writable_schema@1=" writable_schema" diff --git a/targets/sqlite3/target.yaml b/targets/sqlite3/target.yaml deleted file mode 100644 index ee53bbe4..00000000 --- a/targets/sqlite3/target.yaml +++ /dev/null @@ -1,5 +0,0 @@ -homepage: "https://sqlite.org/" -sanitizers: - - address - - undefined - diff --git a/targets/tpm2/Jenkinsfile b/targets/tpm2/Jenkinsfile deleted file mode 100644 index deb8716a..00000000 --- a/targets/tpm2/Jenkinsfile +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright 2016 Google Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -def libfuzzerBuild = fileLoader.fromGit( - 'infra/libfuzzer-pipeline.groovy', - 'https://github.com/google/oss-fuzz.git') - -libfuzzerBuild { - git = "https://chromium.googlesource.com/chromiumos/third_party/tpm2/" - // tpm2/ will contain checkout - dockerfile = "tpm2/fuzz/Dockerfile" - dockerContextDir = "tpm2/" -} diff --git a/targets/tpm2/target.yaml b/targets/tpm2/target.yaml deleted file mode 100644 index d3be9026..00000000 --- a/targets/tpm2/target.yaml +++ /dev/null @@ -1,4 +0,0 @@ -homepage: "https://chromium.googlesource.com/chromiumos/third_party/tpm2" -dockerfile: - git: "https://chromium.googlesource.com/chromiumos/third_party/tpm2/" - path: "fuzz/Dockerfile" diff --git a/targets/woff2/Dockerfile b/targets/woff2/Dockerfile deleted file mode 100644 index cf7066fd..00000000 --- a/targets/woff2/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER mmoroz@chromium.org -RUN apt-get install -y make autoconf automake libtool - -RUN git clone --recursive https://github.com/google/woff2 -WORKDIR woff2 -COPY build.sh convert_woff2ttf_fuzzer.* $SRC/ diff --git a/targets/woff2/build.sh b/targets/woff2/build.sh deleted file mode 100755 index 6d113559..00000000 --- a/targets/woff2/build.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# Build the library. Actually there is no 'library' target, so we use .o files. -# '-no-canonical-prefixes' flag makes clang crazy. Need to avoid it. -cat brotli/shared.mk | sed -e "s/-no-canonical-prefixes//" \ -> brotli/shared.mk.temp -mv brotli/shared.mk.temp brotli/shared.mk - -cat Makefile | sed -e "s/-no-canonical-prefixes//" \ -> Makefile.temp -mv Makefile.temp Makefile - -# woff2 uses LFLAGS instead of LDFLAGS. -make -j$(nproc) CC="$CC $CFLAGS" CXX="$CXX $CXXFLAGS" clean all - -# To avoid multiple main() definitions. -rm src/woff2_compress.o src/woff2_decompress.o - -# Build the fuzzer. -fuzzer=convert_woff2ttf_fuzzer -$CXX $CXXFLAGS -std=c++11 -Isrc \ - $SRC/$fuzzer.cc -o $OUT/$fuzzer \ - -lfuzzer src/*.o brotli/dec/*.o brotli/enc/*.o - -cp $SRC/*.options $OUT/ diff --git a/targets/woff2/convert_woff2ttf_fuzzer.cc b/targets/woff2/convert_woff2ttf_fuzzer.cc deleted file mode 100644 index 1c81e32e..00000000 --- a/targets/woff2/convert_woff2ttf_fuzzer.cc +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include - -#include "woff2_dec.h" - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - std::string buf; - woff2::WOFF2StringOut out(&buf); - out.SetMaxSize(30 * 1024 * 1024); - woff2::ConvertWOFF2ToTTF(data, size, &out); - return 0; -} diff --git a/targets/woff2/convert_woff2ttf_fuzzer.options b/targets/woff2/convert_woff2ttf_fuzzer.options deleted file mode 100644 index e5ae71b9..00000000 --- a/targets/woff2/convert_woff2ttf_fuzzer.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 1000000 diff --git a/targets/woff2/target.yaml b/targets/woff2/target.yaml deleted file mode 100644 index 403d2536..00000000 --- a/targets/woff2/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "https://github.com/google/woff2" diff --git a/targets/zlib/Dockerfile b/targets/zlib/Dockerfile deleted file mode 100644 index ee844922..00000000 --- a/targets/zlib/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -FROM ossfuzz/base-libfuzzer -MAINTAINER inferno@chromium.org -RUN apt-get install -y make autoconf automake libtool - -RUN git clone https://github.com/madler/zlib.git -WORKDIR zlib -COPY build.sh zlib_uncompress_fuzzer.cc $SRC/ diff --git a/targets/zlib/build.sh b/targets/zlib/build.sh deleted file mode 100755 index 50f5cbd9..00000000 --- a/targets/zlib/build.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -eu - -./configure -make -j$(nproc) clean all - -$CXX $CXXFLAGS -std=c++11 -I. \ - $SRC/zlib_uncompress_fuzzer.cc -o $OUT/zlib_uncompress_fuzzer \ - -lfuzzer ./libz.a diff --git a/targets/zlib/target.yaml b/targets/zlib/target.yaml deleted file mode 100644 index df8c92fe..00000000 --- a/targets/zlib/target.yaml +++ /dev/null @@ -1 +0,0 @@ -homepage: "http://www.zlib.net/" diff --git a/targets/zlib/zlib_uncompress_fuzzer.cc b/targets/zlib/zlib_uncompress_fuzzer.cc deleted file mode 100644 index 808793b8..00000000 --- a/targets/zlib/zlib_uncompress_fuzzer.cc +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include -#include -#include - -#include "zlib.h" - -static Bytef buffer[256 * 1024] = { 0 }; - -// Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - uLongf buffer_length = static_cast(sizeof(buffer)); - if (Z_OK != uncompress(buffer, &buffer_length, data, - static_cast(size))) { - return 0; - } - return 0; -} -- cgit v1.2.3 From ef765503cb3bbf7d2f82cdf01ccc033f6008ac91 Mon Sep 17 00:00:00 2001 From: Mike Aizatsky Date: Tue, 29 Nov 2016 10:56:39 -0800 Subject: Update README.md --- targets/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/targets/README.md b/targets/README.md index 967ebc65..553ca124 100644 --- a/targets/README.md +++ b/targets/README.md @@ -1 +1 @@ -Content of this directory has been moved to [`../projects/`](../projects/). +This directory was renamed to [`../projects/`](../projects/) -- cgit v1.2.3