Snap for 6183524 from 4e3858817648ea6648fd327584dc571933401e22 to r-keystone-qcom-release
Change-Id: I615e68c296068980e84b7470a1cf13955cf91473
diff --git a/METADATA b/METADATA
index f33e0a4..35c3966 100644
--- a/METADATA
+++ b/METADATA
@@ -9,11 +9,11 @@
type: GIT
value: "https://github.com/google/oss-fuzz.git"
}
- version: "0ca53f3c94f36276fa53fb0cdd62ec87677ae6be"
+ version: "65956add1114508bb8b482b6abf9ad2240130c24"
license_type: NOTICE
last_upgrade_date {
year: 2019
- month: 11
- day: 25
+ month: 12
+ day: 26
}
}
diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile
index a960e2d..702f105 100644
--- a/infra/base-images/base-builder/Dockerfile
+++ b/infra/base-images/base-builder/Dockerfile
@@ -15,7 +15,6 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-clang
-MAINTAINER mike.aizatsky@gmail.com
RUN apt-get install -y git \
subversion \
jq \
@@ -48,7 +47,7 @@
ENV SANITIZER_FLAGS_address "-fsanitize=address -fsanitize-address-use-after-scope"
# Set of '-fsanitize' flags matches '-fno-sanitize-recover' + 'unsigned-integer-overflow'.
-ENV SANITIZER_FLAGS_undefined "-fsanitize=array-bounds,bool,builtin,float-divide-by-zero,function,integer-divide-by-zero,null,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr -fno-sanitize-recover=array-bounds,bool,builtin,float-divide-by-zero,function,integer-divide-by-zero,null,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr"
+ENV SANITIZER_FLAGS_undefined "-fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr -fno-sanitize-recover=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr"
ENV SANITIZER_FLAGS_memory "-fsanitize=memory -fsanitize-memory-track-origins"
diff --git a/infra/base-images/base-clang/Dockerfile b/infra/base-images/base-clang/Dockerfile
index 94f99b1..df8376d 100644
--- a/infra/base-images/base-clang/Dockerfile
+++ b/infra/base-images/base-clang/Dockerfile
@@ -17,7 +17,6 @@
# Docker image with head clang installed.
FROM gcr.io/oss-fuzz-base/base-image
-MAINTAINER mike.aizatsky@gmail.com
COPY checkout_build_install_llvm.sh /root/
# Keep all steps in the same script to decrease the number of intermediate
diff --git a/infra/base-images/base-image/Dockerfile b/infra/base-images/base-image/Dockerfile
index 17344d9..2099ffd 100644
--- a/infra/base-images/base-image/Dockerfile
+++ b/infra/base-images/base-image/Dockerfile
@@ -17,7 +17,6 @@
# Base image for all other images.
FROM ubuntu:16.04
-MAINTAINER mike.aizatsky@gmail.com
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && \
apt-get upgrade -y && \
diff --git a/infra/base-images/base-msan-builder/Dockerfile b/infra/base-images/base-msan-builder/Dockerfile
index e611757..315730b 100644
--- a/infra/base-images/base-msan-builder/Dockerfile
+++ b/infra/base-images/base-msan-builder/Dockerfile
@@ -15,7 +15,6 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-clang
-MAINTAINER ochang@google.com
RUN sed -i -r 's/#\s*deb-src/deb-src/g' /etc/apt/sources.list
RUN apt-get update && apt-get install -y python dpkg-dev patchelf python-apt zip
diff --git a/infra/base-images/base-runner-debug/Dockerfile b/infra/base-images/base-runner-debug/Dockerfile
index d71b1ea..3d22bd7 100644
--- a/infra/base-images/base-runner-debug/Dockerfile
+++ b/infra/base-images/base-runner-debug/Dockerfile
@@ -15,6 +15,4 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-runner
-MAINTAINER mike.aizatsky@gmail.com
RUN apt-get install -y gdb valgrind zip
-
diff --git a/infra/base-images/base-runner/Dockerfile b/infra/base-images/base-runner/Dockerfile
index 980e137..0be5810 100644
--- a/infra/base-images/base-runner/Dockerfile
+++ b/infra/base-images/base-runner/Dockerfile
@@ -14,8 +14,16 @@
#
################################################################################
+# Using multi-stage build to copy some LLVM binaries needed in the runner image.
+FROM gcr.io/oss-fuzz-base/base-clang AS base-clang
+
FROM gcr.io/oss-fuzz-base/base-image
-MAINTAINER mike.aizatsky@gmail.com
+
+# Copy the binaries needed for code coverage and crash symbolization.
+COPY --from=base-clang /usr/local/bin/llvm-cov /usr/local/bin/
+COPY --from=base-clang /usr/local/bin/llvm-profdata /usr/local/bin/
+COPY --from=base-clang /usr/local/bin/llvm-symbolizer /usr/local/bin/
+
RUN apt-get install -y \
binutils \
file \
@@ -35,9 +43,6 @@
coverage \
coverage_helper \
download_corpus \
- llvm-cov \
- llvm-profdata \
- llvm-symbolizer \
minijail0 \
reproduce \
run_fuzzer \
diff --git a/infra/base-images/base-runner/llvm-cov b/infra/base-images/base-runner/llvm-cov
deleted file mode 100755
index 9fb734d..0000000
--- a/infra/base-images/base-runner/llvm-cov
+++ /dev/null
Binary files differ
diff --git a/infra/base-images/base-runner/llvm-profdata b/infra/base-images/base-runner/llvm-profdata
deleted file mode 100755
index 2dc6ead..0000000
--- a/infra/base-images/base-runner/llvm-profdata
+++ /dev/null
Binary files differ
diff --git a/infra/base-images/base-runner/llvm-symbolizer b/infra/base-images/base-runner/llvm-symbolizer
deleted file mode 100755
index 7934206..0000000
--- a/infra/base-images/base-runner/llvm-symbolizer
+++ /dev/null
Binary files differ
diff --git a/infra/base-images/msan-builder/Dockerfile b/infra/base-images/msan-builder/Dockerfile
index 4fe7eaa..5f6091a 100644
--- a/infra/base-images/msan-builder/Dockerfile
+++ b/infra/base-images/msan-builder/Dockerfile
@@ -15,7 +15,6 @@
################################################################################
FROM gcr.io/oss-fuzz-base/base-msan-builder
-MAINTAINER ochang@google.com
ENV PYTHONUNBUFFERED 1
RUN msan_build.py --work-dir=$WORK \
libarchive13 \
diff --git a/infra/bisector.py b/infra/bisector.py
new file mode 100644
index 0000000..8771105
--- /dev/null
+++ b/infra/bisector.py
@@ -0,0 +1,153 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Uses bisection to determine which commit a bug was introduced and fixed.
+This module takes a high and a low commit SHA, a repo name, and a bug.
+The module bisects the high and low commit SHA searching for the location
+where the bug was introduced. It also looks for where the bug was fixed.
+This is done with the following steps:
+
+
+ NOTE: NEEDS TO BE RUN FROM THE OSS-Fuzz HOME directory
+
+ Typical usage example:
+ python3 infra/bisector.py
+ --commit_old 1e403e9259a1abedf108ab86f711ba52c907226d
+ --commit_new f79be4f2330f4b89ea2f42e1c44ca998c59a0c0f
+ --fuzz_target rules_fuzzer
+ --project_name yara
+ --testcase infra/yara_testcase
+ --sanitizer address
+"""
+
+import argparse
+from dataclasses import dataclass
+import os
+import tempfile
+
+import build_specified_commit
+import helper
+import repo_manager
+
+
+@dataclass
+class BuildData():
+ """List of data requried for bisection of errors in OSS-Fuzz projects.
+
+ Attributes:
+ project_name: The name of the OSS-Fuzz project that is being checked
+ engine: The fuzzing engine to be used
+ sanitizer: The fuzzing sanitizer to be used
+ architecture: The system architecture being fuzzed
+ """
+ project_name: str
+ engine: str
+ sanitizer: str
+ architecture: str
+
+
+def main():
+ """Finds the commit SHA where an error was initally introduced."""
+ parser = argparse.ArgumentParser(
+ description='git bisection for finding introduction of bugs')
+
+ parser.add_argument(
+ '--project_name',
+ help='The name of the project where the bug occured',
+ required=True)
+ parser.add_argument(
+ '--commit_new',
+ help='The newest commit SHA to be bisected',
+ required=True)
+ parser.add_argument(
+ '--commit_old',
+ help='The oldest commit SHA to be bisected',
+ required=True)
+ parser.add_argument(
+ '--fuzz_target', help='the name of the fuzzer to be built', required=True)
+ parser.add_argument(
+ '--testcase', help='the testcase to be reproduced', required=True)
+ parser.add_argument('--engine', default='libfuzzer')
+ parser.add_argument(
+ '--sanitizer',
+ default='address',
+ help='the default is "address"; "dataflow" for "dataflow" engine')
+ parser.add_argument('--architecture', default='x86_64')
+ args = parser.parse_args()
+ build_data = BuildData(args.project_name, args.engine, args.sanitizer,
+ args.architecture)
+ if os.getcwd() != os.path.dirname(
+ os.path.dirname(os.path.realpath(__file__))):
+ print("Error: bisector.py needs to be run from the OSS-Fuzz home directory")
+ return 1
+ error_sha = bisect(args.commit_old, args.commit_new, args.testcase,
+ args.fuzz_target, build_data)
+ if not error_sha:
+ print('No error was found in commit range %s:%s' %
+ (args.commit_old, args.commit_new))
+ return 1
+ print('Error was introduced at commit %s' % error_sha)
+ return 0
+
+
+def bisect(commit_old, commit_new, testcase, fuzz_target, build_data):
+ """From a commit range, this function caluclates which introduced a
+ specific error from a fuzz testcase.
+
+ Args:
+ commit_old: The oldest commit in the error regression range
+ commit_new: The newest commit in the error regression range
+ testcase: The file path of the test case that triggers the error
+ fuzz_target: The name of the fuzzer to be tested
+ build_data: a class holding all of the input parameters for bisection
+
+ Returns:
+ The commit SHA that introduced the error or None
+ """
+ local_store_path = tempfile.mkdtemp()
+ repo_url = build_specified_commit.infer_main_repo(build_data.project_name,
+ local_store_path,
+ commit_old)
+ bisect_repo_manager = repo_manager.RepoManager(repo_url, local_store_path)
+ commit_list = bisect_repo_manager.get_commit_list(commit_old, commit_new)
+ build_specified_commit.build_fuzzer_from_commit(
+ build_data.project_name, commit_list[0], bisect_repo_manager.repo_dir,
+ build_data.engine, build_data.sanitizer, build_data.architecture,
+ bisect_repo_manager)
+ error_code = helper.reproduce_impl(build_data.project_name, fuzz_target,
+ False, [], [], testcase)
+ old_idx = len(commit_list) - 1
+ new_idx = 0
+ if len(commit_list) == 1:
+ if not error_code:
+ return None
+ return commit_list[0]
+
+ while old_idx - new_idx != 1:
+ curr_idx = (old_idx + new_idx) // 2
+ build_specified_commit.build_fuzzer_from_commit(
+ build_data.project_name, commit_list[curr_idx],
+ bisect_repo_manager.repo_dir, build_data.engine, build_data.sanitizer,
+ build_data.architecture, bisect_repo_manager)
+ error_exists = (
+ helper.reproduce_impl(build_data.project_name, fuzz_target, False, [],
+ [], testcase) == error_code)
+ if error_exists == error_code:
+ new_idx = curr_idx
+ else:
+ old_idx = curr_idx
+ return commit_list[new_idx]
+
+
+if __name__ == '__main__':
+ main()
diff --git a/infra/build_specified_commit.py b/infra/build_specified_commit.py
new file mode 100755
index 0000000..c7a4c63
--- /dev/null
+++ b/infra/build_specified_commit.py
@@ -0,0 +1,95 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Module to build a image from a specific commit, branch or pull request
+
+This module is allows each of the OSS Fuzz projects fuzzers to be built
+from a specific point in time. This feature can be used for implementations
+like continuious integration fuzzing and bisection to find errors
+"""
+import re
+
+import helper
+import repo_manager
+
+
+def build_fuzzer_from_commit(project_name,
+ commit,
+ local_store_path,
+ engine='libfuzzer',
+ sanitizer='address',
+ architecture='x86_64',
+ old_repo_manager=None):
+ """Builds a OSS-Fuzz fuzzer at a specific commit SHA.
+
+ Args:
+ project_name: The OSS-Fuzz project name
+ commit: The commit SHA to build the fuzzers at
+ local_store_path: The full file path of a place where a temp git repo is stored
+ engine: The fuzzing engine to be used
+ sanitizer: The fuzzing sanitizer to be used
+ architecture: The system architiecture to be used for fuzzing
+
+ Returns:
+ 0 on successful build 1 on failure
+ """
+ if not old_repo_manager:
+ inferred_url = infer_main_repo(project_name, local_store_path, commit)
+ old_repo_manager = repo_manager.RepoManager(inferred_url, local_store_path)
+ old_repo_manager.checkout_commit(commit)
+ return helper.build_fuzzers_impl(
+ project_name=project_name,
+ clean=True,
+ engine=engine,
+ sanitizer=sanitizer,
+ architecture=architecture,
+ env_to_add=None,
+ source_path=old_repo_manager.repo_dir)
+
+
+def infer_main_repo(project_name, local_store_path, example_commit=None):
+ """Tries to guess the main repo a project based on the Dockerfile.
+
+ NOTE: This is a fragile implementation and only works for git
+ Args:
+ project_name: The OSS-Fuzz project that you are checking the repo of
+ example_commit: A commit that is in the main repos tree
+ Returns:
+ The guessed repo url path or None on failue
+ """
+ if not helper.check_project_exists(project_name):
+ return None
+ docker_path = helper.get_dockerfile_path(project_name)
+ with open(docker_path, 'r') as file_path:
+ lines = file_path.read()
+ # Use generic git format and project name to guess main repo
+ if example_commit is None:
+ repo_url = re.search(
+ r'\b(?:http|https|git)://[^ ]*' + re.escape(project_name) +
+ r'(.git)?', lines)
+ if repo_url:
+ return repo_url.group(0)
+ else:
+ # Use example commit SHA to guess main repo
+ for clone_command in re.findall('.*clone.*', lines):
+ repo_url = re.search(r'\b(?:https|http|git)://[^ ]*',
+ clone_command).group(0)
+ print(repo_url)
+ try:
+ test_repo_manager = repo_manager.RepoManager(repo_url.rstrip(),
+ local_store_path)
+ if test_repo_manager.commit_exists(example_commit):
+ return repo_url
+ except:
+ pass
+ return None
diff --git a/infra/build_specified_commit_test.py b/infra/build_specified_commit_test.py
new file mode 100644
index 0000000..77a0698
--- /dev/null
+++ b/infra/build_specified_commit_test.py
@@ -0,0 +1,75 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Test the functionality of the build image from state module.
+NOTE: THIS TEST NEEDS TO BE RUN FROM THE OSS-FUZZ BASE DIR
+The will consist of the following functional tests
+ 1. The inferance of the main repo for a specific project
+"""
+import unittest
+
+import build_specified_commit
+import helper
+
+
+class BuildImageUnitTests(unittest.TestCase):
+ """Class to test the functionality of the build image from state module."""
+
+ def test_infer_main_repo(self):
+ """Tests that the main repo can be infered based on an example commit."""
+ infered_repo = build_specified_commit.infer_main_repo(
+ 'curl', 'tmp', 'bc5d22c3dede2f04870c37aec9a50474c4b888ad')
+ self.assertEqual(infered_repo, 'https://github.com/curl/curl.git')
+ infered_repo = build_specified_commit.infer_main_repo('curl', 'tmp')
+ self.assertEqual(infered_repo, 'https://github.com/curl/curl.git')
+
+ infered_repo = build_specified_commit.infer_main_repo('usrsctp', 'tmp')
+ self.assertEqual(infered_repo, 'https://github.com/weinrank/usrsctp')
+ infered_repo = build_specified_commit.infer_main_repo(
+ 'usrsctp', 'tmp', '4886aaa49fb90e479226fcfc3241d74208908232')
+ self.assertEqual(infered_repo, 'https://github.com/weinrank/usrsctp',
+ '4886aaa49fb90e479226fcfc3241d74208908232')
+
+ infered_repo = build_specified_commit.infer_main_repo(
+ 'not_a_project', 'tmp')
+ self.assertEqual(infered_repo, None)
+
+
+class BuildImageIntegrationTests(unittest.TestCase):
+ """Testing if an image can be built from different states e.g. a commit"""
+
+ def test_build_fuzzers_from_commit(self):
+ """Tests if the fuzzers can build at a proper commit.
+
+ This is done by using a known regression range for a specific test case.
+ The old commit should show the error when its fuzzers run and the new one
+ should not.
+ """
+ project_name = 'yara'
+ old_commit = 'f79be4f2330f4b89ea2f42e1c44ca998c59a0c0f'
+ new_commit = 'f50a39051ea8c7f10d6d8db9656658b49601caef'
+ fuzzer = 'rules_fuzzer'
+ test_data = 'infra/yara_test_data'
+ build_specified_commit.build_fuzzer_from_commit(
+ project_name, old_commit, 'tmp', sanitizer='address')
+ old_error_code = helper.reproduce_impl(project_name, fuzzer, False, [], [],
+ test_data)
+ build_specified_commit.build_fuzzer_from_commit(
+ project_name, new_commit, 'tmp', sanitizer='address')
+ new_error_code = helper.reproduce_impl(project_name, fuzzer, False, [], [],
+ test_data)
+ self.assertNotEqual(new_error_code, old_error_code)
+
+
+if __name__ == '__main__':
+ unittest.main()
diff --git a/infra/helper.py b/infra/helper.py
index 71652a3..f09c0c1 100755
--- a/infra/helper.py
+++ b/infra/helper.py
@@ -193,12 +193,12 @@
return 0
-def _is_base_image(image_name):
+def is_base_image(image_name):
"""Checks if the image name is a base image."""
return os.path.exists(os.path.join('infra', 'base-images', image_name))
-def _check_project_exists(project_name):
+def check_project_exists(project_name):
"""Checks if a project exists."""
if not os.path.exists(_get_project_dir(project_name)):
print(project_name, 'does not exist', file=sys.stderr)
@@ -241,7 +241,7 @@
return os.path.join(OSSFUZZ_DIR, 'projects', project_name)
-def _get_dockerfile_path(project_name):
+def get_dockerfile_path(project_name):
"""Returns path to the project Dockerfile."""
return os.path.join(_get_project_dir(project_name), 'Dockerfile')
@@ -290,16 +290,16 @@
help="set environment variable e.g. VAR=value")
-def _build_image(image_name, no_cache=False, pull=False):
+def build_image_impl(image_name, no_cache=False, pull=False):
"""Build image."""
- is_base_image = _is_base_image(image_name)
- if is_base_image:
+ proj_is_base_image = is_base_image(image_name)
+ if proj_is_base_image:
image_project = 'oss-fuzz-base'
dockerfile_dir = os.path.join('infra', 'base-images', image_name)
else:
image_project = 'oss-fuzz'
- if not _check_project_exists(image_name):
+ if not check_project_exists(image_name):
return False
dockerfile_dir = os.path.join('projects', image_name)
@@ -321,7 +321,7 @@
def _workdir_from_dockerfile(project_name):
"""Parse WORKDIR from the Dockerfile for the given project."""
WORKDIR_REGEX = re.compile(r'\s*WORKDIR\s*([^\s]+)')
- dockerfile_path = _get_dockerfile_path(project_name)
+ dockerfile_path = get_dockerfile_path(project_name)
with open(dockerfile_path) as f:
lines = f.readlines()
@@ -410,20 +410,20 @@
print('Using cached base images...')
# If build_image is called explicitly, don't use cache.
- if _build_image(args.project_name, no_cache=True, pull=pull):
+ if build_image_impl(args.project_name, no_cache=True, pull=pull):
return 0
return 1
-def build_fuzzers(args):
+def build_fuzzers_impl(project_name, clean, engine, sanitizer, architecture,
+ env_to_add, source_path, no_cache=False):
"""Build fuzzers."""
- project_name = args.project_name
- if not _build_image(args.project_name):
+ if not build_image_impl(project_name, no_cache=no_cache):
return 1
project_out_dir = _get_output_dir(project_name)
- if args.clean:
+ if clean:
print('Cleaning existing build artifacts.')
# Clean old and possibly conflicting artifacts in project's out directory.
@@ -432,21 +432,21 @@
'-t', 'gcr.io/oss-fuzz/%s' % project_name,
'/bin/bash', '-c', 'rm -rf /out/*'
])
+
else:
print('Keeping existing build artifacts as-is (if any).')
-
env = [
- 'FUZZING_ENGINE=' + args.engine,
- 'SANITIZER=' + args.sanitizer,
- 'ARCHITECTURE=' + args.architecture,
+ 'FUZZING_ENGINE=' + engine,
+ 'SANITIZER=' + sanitizer,
+ 'ARCHITECTURE=' + architecture,
]
- if args.e:
- env += args.e
+ if env_to_add:
+ env += env_to_add
project_work_dir = _get_work_dir(project_name)
# Copy instrumented libraries.
- if args.sanitizer == 'memory':
+ if sanitizer == 'memory':
docker_run([
'-v', '%s:/work' % project_work_dir,
'gcr.io/oss-fuzz-base/msan-builder',
@@ -456,15 +456,15 @@
command = (
['docker', 'run', '--rm', '-i', '--cap-add', 'SYS_PTRACE'] +
_env_to_docker_args(env))
- if args.source_path:
- workdir = _workdir_from_dockerfile(args.project_name)
+ if source_path:
+ workdir = _workdir_from_dockerfile(project_name)
if workdir == '/src':
print('Cannot use local checkout with "WORKDIR /src".', file=sys.stderr)
return 1
command += [
'-v',
- '%s:%s' % (_get_absolute_path(args.source_path), workdir),
+ '%s:%s' % (_get_absolute_path(source_path), workdir),
]
command += [
'-v', '%s:/out' % project_out_dir,
@@ -481,7 +481,7 @@
return 1
# Patch MSan builds to use instrumented shared libraries.
- if args.sanitizer == 'memory':
+ if sanitizer == 'memory':
docker_run([
'-v', '%s:/out' % project_out_dir,
'-v', '%s:/work' % project_work_dir
@@ -493,9 +493,16 @@
return 0
+def build_fuzzers(args):
+ """Build fuzzers."""
+ return build_fuzzers_impl(args.project_name, args.clean, args.engine,
+ args.sanitizer, args.architecture,
+ args.e, args.source_path)
+
+
def check_build(args):
"""Checks that fuzzers in the container execute without errors."""
- if not _check_project_exists(args.project_name):
+ if not check_project_exists(args.project_name):
return 1
if (args.fuzzer_name and
@@ -613,7 +620,7 @@
def download_corpora(args):
"""Download most recent corpora from GCS for the given project."""
- if not _check_project_exists(args.project_name):
+ if not check_project_exists(args.project_name):
return 1
try:
@@ -656,7 +663,7 @@
file=sys.stderr)
return 1
- if not _check_project_exists(args.project_name):
+ if not check_project_exists(args.project_name):
return 1
if not args.no_corpus_download and not args.corpus_dir:
@@ -704,7 +711,7 @@
def run_fuzzer(args):
"""Runs a fuzzer in the container."""
- if not _check_project_exists(args.project_name):
+ if not check_project_exists(args.project_name):
return 1
if not _check_fuzzer_exists(args.project_name, args.fuzzer_name):
@@ -730,35 +737,41 @@
def reproduce(args):
+ """Reproduce a specific test case from a specific project."""
+ return reproduce_impl(args.project_name, args.fuzzer_name, args.valgrind, args.env_to_add,
+ fuzzer_args, args.testcase_path)
+
+
+def reproduce_impl(project_name, fuzzer_name, valgrind, env_to_add, fuzzer_args, testcase_path):
"""Reproduces a testcase in the container."""
- if not _check_project_exists(args.project_name):
+ if not check_project_exists(project_name):
return 1
- if not _check_fuzzer_exists(args.project_name, args.fuzzer_name):
+ if not _check_fuzzer_exists(project_name, fuzzer_name):
return 1
debugger = ''
env = []
image_name = 'base-runner'
- if args.valgrind:
+ if valgrind:
debugger = 'valgrind --tool=memcheck --track-origins=yes --leak-check=full'
if debugger:
image_name = 'base-runner-debug'
env += ['DEBUGGER=' + debugger]
- if args.e:
- env += args.e
+ if env_to_add:
+ env += env_to_add
run_args = _env_to_docker_args(env) + [
- '-v', '%s:/out' % _get_output_dir(args.project_name),
- '-v', '%s:/testcase' % _get_absolute_path(args.testcase_path),
+ '-v', '%s:/out' % _get_output_dir(project_name),
+ '-v', '%s:/testcase' % _get_absolute_path(testcase_path),
'-t', 'gcr.io/oss-fuzz-base/%s' % image_name,
'reproduce',
- args.fuzzer_name,
+ fuzzer_name,
'-runs=100',
- ] + args.fuzzer_args
+ ] + fuzzer_args
return docker_run(run_args)
@@ -806,7 +819,7 @@
def shell(args):
"""Runs a shell within a docker image."""
- if not _build_image(args.project_name):
+ if not build_image_impl(args.project_name):
return 1
env = [
@@ -818,7 +831,7 @@
if args.e:
env += args.e
- if _is_base_image(args.project_name):
+ if is_base_image(args.project_name):
image_project = 'oss-fuzz-base'
out_dir = _get_output_dir()
else:
diff --git a/infra/repo_manager.py b/infra/repo_manager.py
new file mode 100644
index 0000000..9a93df9
--- /dev/null
+++ b/infra/repo_manager.py
@@ -0,0 +1,200 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Class to manage a git repository via python.
+
+This class is to be used to implement git commands over
+a python API and manage the current state of the git repo.
+
+ Typical usage example:
+
+ r_man = RepoManager('https://github.com/google/oss-fuzz.git')
+ r_man.checkout('5668cc422c2c92d38a370545d3591039fb5bb8d4')
+"""
+import os
+import shutil
+import subprocess
+
+
+class RepoManagerError(Exception):
+ """Class to describe the exceptions in RepoManager."""
+
+
+class RepoManager(object):
+ """Class to manage git repos from python.
+
+ Attributes:
+ repo_url: The location of the git repo
+ base_dir: The location of where the repo clone is stored locally
+ repo_name: The name of the github project
+ repo_dir: The location of the main repo
+ """
+
+ def __init__(self, repo_url, base_dir):
+ """Constructs a repo manager class.
+
+ Args:
+ repo_url: The github url needed to clone
+ base_dir: The full filepath where the git repo is located
+ """
+
+ self.repo_url = repo_url
+ self.base_dir = base_dir
+ self.repo_name = self.repo_url.split('/')[-1].strip('.git')
+ self.repo_dir = os.path.join(self.base_dir, self.repo_name)
+ self._clone()
+
+ def _clone(self):
+ """Creates a clone of the repo in the specified directory.
+
+ Raises:
+ RepoManagerError if the repo was not able to be cloned
+ """
+ if not os.path.exists(self.base_dir):
+ os.makedirs(self.base_dir)
+ self.remove_repo()
+ self._run_command(['git', 'clone', self.repo_url],
+ self.base_dir,
+ check_result=True)
+ if not self._is_git_repo():
+ raise RepoManagerError('%s is not a git repo' % self.repo_url)
+
+ def _run_command(self, command, location='.', check_result=False):
+ """ Runs a shell command in the specified directory location.
+
+ Args:
+ command: The command as a list to be run
+ location: The directory the command is run in
+ check_result: Should an exception be thrown on failed command
+
+ Returns:
+ The stdout of the command, the error code
+
+ Raises:
+ RepoManagerError: running a command resulted in an error
+ """
+ process = subprocess.Popen(command, stdout=subprocess.PIPE, cwd=location)
+ out, err = process.communicate()
+ if check_result and (process.returncode or err):
+ raise RepoManagerError(
+ 'Error: %s running command: %s with return code: %s' %
+ (err, command, process.returncode))
+ if out is not None:
+ out = out.decode('ascii')
+ return out, process.returncode
+
+ def _is_git_repo(self):
+ """Test if the current repo dir is a git repo or not.
+
+ Returns:
+ True if the current repo_dir is a valid git repo
+ """
+ git_path = os.path.join(self.repo_dir, '.git')
+ return os.path.isdir(git_path)
+
+ def commit_exists(self, commit):
+ """Checks to see if a commit exists in the project repo.
+
+ Args:
+ commit: The commit SHA you are checking
+
+ Returns:
+ True if the commit exits in the project
+
+ Raises:
+ ValueException: an empty string was passed in as a commit
+ """
+
+ # Handle the exception case, if empty string is passed _run_command will
+ # raise a ValueError
+ if not commit.rstrip():
+ raise ValueError('An empty string is not a valid commit SHA')
+
+ _, err_code = self._run_command(['git', 'cat-file', '-e', commit],
+ self.repo_dir)
+ return not err_code
+
+ def get_current_commit(self):
+ """Gets the current commit SHA of the repo.
+
+ Returns:
+ The current active commit SHA
+ """
+ out, _ = self._run_command(['git', 'rev-parse', 'HEAD'],
+ self.repo_dir,
+ check_result=True)
+ return out.strip('\n')
+
+ def get_commit_list(self, old_commit, new_commit):
+ """Gets the list of commits(inclusive) between the old and new commits.
+
+ Args:
+ old_commit: The oldest commit to be in the list
+ new_commit: The newest commit to be in the list
+
+ Returns:
+ The list of commit SHAs from newest to oldest
+
+ Raises:
+ RepoManagerError when commits dont exist
+ """
+
+ if not self.commit_exists(old_commit):
+ raise RepoManagerError('The old commit %s does not exist' % old_commit)
+ if not self.commit_exists(new_commit):
+ raise RepoManagerError('The new commit %s does not exist' % new_commit)
+ if old_commit == new_commit:
+ return [old_commit]
+ out, err_code = self._run_command(
+ ['git', 'rev-list', old_commit + '..' + new_commit], self.repo_dir)
+ commits = out.split('\n')
+ commits = [commit for commit in commits if commit]
+ if err_code or not commits:
+ raise RepoManagerError('Error getting commit list between %s and %s ' %
+ (old_commit, new_commit))
+
+ # Make sure result is inclusive
+ commits.append(old_commit)
+ return commits
+
+ def checkout_commit(self, commit):
+ """Checks out a specific commit from the repo.
+
+ Args:
+ commit: The commit SHA to be checked out
+
+ Raises:
+ RepoManagerError when checkout is not successful
+ """
+ if not self.commit_exists(commit):
+ raise RepoManagerError('Commit %s does not exist in current branch' %
+ commit)
+
+ git_path = os.path.join(self.repo_dir, '.git', 'shallow')
+ if os.path.exists(git_path):
+ self._run_command(['git', 'fetch', '--unshallow'],
+ self.repo_dir,
+ check_result=True)
+ self._run_command(['git', 'checkout', '-f', commit],
+ self.repo_dir,
+ check_result=True)
+ self._run_command(['git', 'clean', '-fxd'],
+ self.repo_dir,
+ check_result=True)
+ if self.get_current_commit() != commit:
+ raise RepoManagerError('Error checking out commit %s' % commit)
+
+ def remove_repo(self):
+ """Attempts to remove the git repo. """
+ if os.path.isdir(self.repo_dir):
+ shutil.rmtree(self.repo_dir)
diff --git a/infra/repo_manager_test.py b/infra/repo_manager_test.py
new file mode 100644
index 0000000..c8627f6
--- /dev/null
+++ b/infra/repo_manager_test.py
@@ -0,0 +1,78 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing perepo_managerissions and
+# limitations under the License.
+"""Test the functionality of the RepoManager class
+The will consist of the following functional tests
+ 1. Cloning of directory in desired location
+ 2. Checking out a specific commit
+ 3. Can get a list of commits between two SHAs
+"""
+
+import os
+import unittest
+
+import repo_manager
+
+
+class TestRepoManager(unittest.TestCase):
+ """Class to test the functionality of the RepoManager class."""
+
+ curl_repo = 'https://github.com/curl/curl'
+
+ def test_clone_correctly(self):
+ """Tests the correct location of the git repo."""
+ test_repo_manager = repo_manager.RepoManager(self.curl_repo, 'tmp')
+ git_path = os.path.join(test_repo_manager.base_dir,
+ test_repo_manager.repo_name, '.git')
+ self.assertTrue(os.path.isdir(git_path))
+ test_repo_manager.remove_repo()
+ with self.assertRaises(repo_manager.RepoManagerError):
+ test_repo_manager = repo_manager.RepoManager(' ', 'tmp')
+
+ def test_checkout_commit(self):
+ """Tests that the git checkout command works."""
+ test_repo_manager = repo_manager.RepoManager(self.curl_repo, 'tmp')
+ commit_to_test = '036ebac0134de3b72052a46f734e4ca81bb96055'
+ test_repo_manager.checkout_commit(commit_to_test)
+ self.assertEqual(commit_to_test, test_repo_manager.get_current_commit())
+ with self.assertRaises(ValueError):
+ test_repo_manager.checkout_commit(' ')
+ with self.assertRaises(repo_manager.RepoManagerError):
+ test_repo_manager.checkout_commit(
+ 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa')
+ test_repo_manager.remove_repo()
+
+ def test_get_commit_list(self):
+ """Tests an accurate commit list can be retrived from the repo manager."""
+ test_repo_manager = repo_manager.RepoManager(self.curl_repo, 'tmp')
+ old_commit = '7cf18b05e04bbb0f08c74d2567b0648f6c31a952'
+ new_commit = '113db127ee2b2f874dfcce406103ffe666e11953'
+ commit_list = [
+ '113db127ee2b2f874dfcce406103ffe666e11953',
+ '793e37767581aec7102d2ecafa34fc1316b1b31f',
+ '9a2cbf30b81a2b57149bb20e78e2e4cb5c2ff389',
+ '7cf18b05e04bbb0f08c74d2567b0648f6c31a952'
+ ]
+ result_list = test_repo_manager.get_commit_list(old_commit, new_commit)
+ self.assertListEqual(commit_list, result_list)
+ with self.assertRaises(repo_manager.RepoManagerError):
+ test_repo_manager.get_commit_list('asafd', new_commit)
+ with self.assertRaises(repo_manager.RepoManagerError):
+ test_repo_manager.get_commit_list(new_commit, 'asdfasdf')
+ with self.assertRaises(repo_manager.RepoManagerError):
+ # Testing commits out of order
+ test_repo_manager.get_commit_list(new_commit, old_commit)
+
+
+if __name__ == '__main__':
+ unittest.main()
diff --git a/infra/yara_test_data b/infra/yara_test_data
new file mode 100644
index 0000000..e2a0b94
--- /dev/null
+++ b/infra/yara_test_data
@@ -0,0 +1 @@
+rule N{condition:for 1r in r(r
\ No newline at end of file
diff --git a/projects/avahi/Dockerfile b/projects/avahi/Dockerfile
new file mode 100644
index 0000000..91f0b5f
--- /dev/null
+++ b/projects/avahi/Dockerfile
@@ -0,0 +1,24 @@
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER alex.gaynor@gmail.com
+RUN dpkg --add-architecture i386 && \
+ apt-get update && \
+ apt-get install -y autoconf gettext libtool m4 automake pkg-config libexpat-dev libexpat-dev:i386
+RUN git clone --depth 1 https://github.com/lathiat/avahi
+WORKDIR avahi
+COPY build.sh avahi_packet_consume_record_fuzzer.cc avahi_packet_consume_key_fuzzer.cc $SRC/
diff --git a/projects/avahi/avahi_packet_consume_key_fuzzer.cc b/projects/avahi/avahi_packet_consume_key_fuzzer.cc
new file mode 100644
index 0000000..cb631fd
--- /dev/null
+++ b/projects/avahi/avahi_packet_consume_key_fuzzer.cc
@@ -0,0 +1,34 @@
+#include <stdint.h>
+#include <string.h>
+
+extern "C" {
+#include <avahi-common/malloc.h>
+#include <avahi-core/dns.h>
+#include <avahi-core/log.h>
+}
+
+void log_function(AvahiLogLevel level, const char *txt) {}
+
+struct AvahiState {
+ AvahiState() {
+ avahi_set_log_function(log_function);
+ }
+};
+
+AvahiState kGlobalSate;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ AvahiDnsPacket* packet = avahi_dns_packet_new(size + AVAHI_DNS_PACKET_EXTRA_SIZE);
+ memcpy(AVAHI_DNS_PACKET_DATA(packet), data, size);
+ packet->size = size;
+ AvahiKey* key = avahi_dns_packet_consume_key(packet, nullptr);
+ if (key) {
+ avahi_key_is_valid(key);
+ char *s = avahi_key_to_string(key);
+ avahi_free(s);
+ avahi_key_unref(key);
+ }
+ avahi_dns_packet_free(packet);
+
+ return 0;
+}
\ No newline at end of file
diff --git a/projects/avahi/avahi_packet_consume_record_fuzzer.cc b/projects/avahi/avahi_packet_consume_record_fuzzer.cc
new file mode 100644
index 0000000..a1a17d7
--- /dev/null
+++ b/projects/avahi/avahi_packet_consume_record_fuzzer.cc
@@ -0,0 +1,34 @@
+#include <stdint.h>
+#include <string.h>
+
+extern "C" {
+#include <avahi-common/malloc.h>
+#include <avahi-core/dns.h>
+#include <avahi-core/log.h>
+}
+
+void log_function(AvahiLogLevel level, const char *txt) {}
+
+struct AvahiState {
+ AvahiState() {
+ avahi_set_log_function(log_function);
+ }
+};
+
+AvahiState kGlobalSate;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ AvahiDnsPacket* packet = avahi_dns_packet_new(size + AVAHI_DNS_PACKET_EXTRA_SIZE);
+ memcpy(AVAHI_DNS_PACKET_DATA(packet), data, size);
+ packet->size = size;
+ AvahiRecord* rec = avahi_dns_packet_consume_record(packet, nullptr);
+ if (rec) {
+ avahi_record_is_valid(rec);
+ char *s = avahi_record_to_string(rec);
+ avahi_free(s);
+ avahi_record_unref(rec);
+ }
+ avahi_dns_packet_free(packet);
+
+ return 0;
+}
\ No newline at end of file
diff --git a/projects/avahi/build.sh b/projects/avahi/build.sh
new file mode 100755
index 0000000..e0676de
--- /dev/null
+++ b/projects/avahi/build.sh
@@ -0,0 +1,36 @@
+#!/bin/bash -eu
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+
+sed -i 's/check_inconsistencies=yes/check_inconsistencies=no/' common/acx_pthread.m4
+sed -i 's/avahiinclude_HEADERS =/avahiinclude_HEADERS = dns.h hashmap.h/' avahi-core/Makefile.am
+
+./autogen.sh --disable-stack-protector --disable-qt3 --disable-qt4 --disable-qt5 --disable-gtk --disable-gtk3 --disable-dbus --disable-gdbm --disable-libdaemon --disable-python --disable-manpages --disable-mono --disable-monodoc --disable-glib --disable-gobject --disable-libevent --prefix="$WORK"
+make -j "$(nproc)"
+make install
+
+$CXX $CXXFLAGS -std=c++11 "-I$WORK/include/" \
+ "$SRC/avahi_packet_consume_record_fuzzer.cc" \
+ -o "$OUT/avahi_packet_consume_record_fuzzer" \
+ $LIB_FUZZING_ENGINE \
+ "$WORK/lib/libavahi-core.a" "$WORK/lib/libavahi-common.a"
+
+$CXX $CXXFLAGS -std=c++11 "-I$WORK/include/" \
+ "$SRC/avahi_packet_consume_key_fuzzer.cc" \
+ -o "$OUT/avahi_packet_consume_key_fuzzer" \
+ $LIB_FUZZING_ENGINE \
+ "$WORK/lib/libavahi-core.a" "$WORK/lib/libavahi-common.a"
diff --git a/projects/avahi/project.yaml b/projects/avahi/project.yaml
new file mode 100644
index 0000000..bd85af7
--- /dev/null
+++ b/projects/avahi/project.yaml
@@ -0,0 +1,12 @@
+homepage: "https://avahi.org/"
+primary_contact: trent@lloyd.id.au
+auto_ccs:
+ - alex.gaynor@gmail.com
+sanitizers:
+ - address
+ - memory
+ - undefined
+architectures:
+ - x86_64
+ - i386
+
diff --git a/projects/binutils/Dockerfile b/projects/binutils/Dockerfile
index a39b8a6..9d0b590 100644
--- a/projects/binutils/Dockerfile
+++ b/projects/binutils/Dockerfile
@@ -21,5 +21,4 @@
RUN git clone --recursive --depth 1 git://sourceware.org/git/binutils-gdb.git binutils-gdb
WORKDIR $SRC
COPY build.sh $SRC/
-COPY patch.diff $SRC/
-COPY fuzz_disassemble.c $SRC/
+COPY fuzz_*.c $SRC/
diff --git a/projects/binutils/build.sh b/projects/binutils/build.sh
index d492f93..c5476fd 100755
--- a/projects/binutils/build.sh
+++ b/projects/binutils/build.sh
@@ -17,13 +17,15 @@
# build project
cd binutils-gdb
-git apply ../patch.diff
./configure --disable-gdb --enable-targets=all
make MAKEINFO=true && true
mkdir fuzz
-cp ../fuzz_disassemble.c fuzz/
+cp ../fuzz_*.c fuzz/
-$CC $CFLAGS -I include -I bfd -I opcodes -c fuzz/fuzz_disassemble.c -o fuzz/fuzz_disassemble.o
-$CXX $CXXFLAGS fuzz/fuzz_disassemble.o -o $OUT/fuzz_disassemble -lFuzzingEngine opcodes/libopcodes.a bfd/libbfd.a libiberty/libiberty.a zlib/libz.a
+cd fuzz
+ls fuzz_*.c | cut -d. -f1 | while read i; do
+ $CC $CFLAGS -I ../include -I ../bfd -I ../opcodes -c $i.c -o $i.o
+ $CXX $CXXFLAGS $i.o -o $OUT/$i $LIB_FUZZING_ENGINE ../opcodes/libopcodes.a ../bfd/libbfd.a ../libiberty/libiberty.a ../zlib/libz.a
+done
# TODO build corpuses
diff --git a/projects/binutils/fuzz_bfd.c b/projects/binutils/fuzz_bfd.c
new file mode 100644
index 0000000..0afe728
--- /dev/null
+++ b/projects/binutils/fuzz_bfd.c
@@ -0,0 +1,54 @@
+#include "sysdep.h"
+#include "bfd.h"
+
+#include <stdint.h>
+#include <stdio.h>
+
+
+static int bufferToFile(const char * name, const uint8_t *Data, size_t Size) {
+ FILE * fd;
+ if (remove(name) != 0) {
+ if (errno != ENOENT) {
+ printf("failed remove, errno=%d\n", errno);
+ return -1;
+ }
+ }
+ fd = fopen(name, "wb");
+ if (fd == NULL) {
+ printf("failed open, errno=%d\n", errno);
+ return -2;
+ }
+ if (fwrite (Data, 1, Size, fd) != Size) {
+ fclose(fd);
+ return -3;
+ }
+ fclose(fd);
+ return 0;
+}
+
+static int initialized = 0;
+//TODO? part of fuzzing
+char *target = NULL;
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ if (initialized == 0) {
+ if (bfd_init () != BFD_INIT_MAGIC) {
+ abort();
+ }
+ initialized = 1;
+ }
+
+ if (bufferToFile("/tmp/fuzz.bfd", Data, Size) < 0) {
+ abort();
+ }
+ bfd *file = bfd_openr ("/tmp/fuzz.bfd", target);
+ if (file == NULL)
+ {
+ return 0;
+ }
+ bfd_check_format (file, bfd_archive);
+ //TODO loop over subfiles and more processing
+ bfd_close (file);
+
+ return 0;
+}
diff --git a/projects/binutils/fuzz_disassemble.c b/projects/binutils/fuzz_disassemble.c
index 108280c..09e08bb 100644
--- a/projects/binutils/fuzz_disassemble.c
+++ b/projects/binutils/fuzz_disassemble.c
@@ -69,7 +69,7 @@
if (disasfunc != NULL) {
disassemble_init_for_target(&disasm_info);
disasfunc(0x1000, &disasm_info);
- disassemble_release(&disasm_info);
+ disassemble_free_target(&disasm_info);
}
}
diff --git a/projects/binutils/patch.diff b/projects/binutils/patch.diff
deleted file mode 100644
index 0bf56e0..0000000
--- a/projects/binutils/patch.diff
+++ /dev/null
@@ -1,159 +0,0 @@
-diff --git a/include/cgen/bitset.h b/include/cgen/bitset.h
-index 07ef003c..bb4fe12e 100644
---- a/include/cgen/bitset.h
-+++ b/include/cgen/bitset.h
-@@ -48,6 +48,7 @@ extern void cgen_bitset_union (CGEN_BITSET *, CGEN_BITSET *, CGEN_BITSET *);
- extern int cgen_bitset_intersect_p (CGEN_BITSET *, CGEN_BITSET *);
- extern int cgen_bitset_contains (CGEN_BITSET *, unsigned);
- extern CGEN_BITSET *cgen_bitset_copy (CGEN_BITSET *);
-+extern void cgen_bitset_release (CGEN_BITSET *);
-
- #ifdef __cplusplus
- } // extern "C"
-diff --git a/include/dis-asm.h b/include/dis-asm.h
-index b4d50258..7f6ae367 100644
---- a/include/dis-asm.h
-+++ b/include/dis-asm.h
-@@ -121,6 +121,8 @@ typedef struct disassemble_info
-
- /* Use internally by the target specific disassembly code. */
- void *private_data;
-+ /* Status of private_data and wether we should free it */
-+ int priv_status;
-
- /* Function used to get bytes to disassemble. MEMADDR is the
- address of the stuff to be disassembled, MYADDR is the address to
-@@ -332,6 +334,9 @@ extern disassembler_ftype disassembler (enum bfd_architecture arc,
- Should only be called after initialising the info->arch field. */
- extern void disassemble_init_for_target (struct disassemble_info * dinfo);
-
-+/* Releases the resources allocated by disassemble_init_for_target */
-+extern void disassemble_release (struct disassemble_info * dinfo);
-+
- /* Document any target specific options available from the disassembler. */
- extern void disassembler_usage (FILE *);
-
-diff --git a/opcodes/arc-dis.c b/opcodes/arc-dis.c
-index 3c88c334..cfcee11e 100644
---- a/opcodes/arc-dis.c
-+++ b/opcodes/arc-dis.c
-@@ -154,6 +154,7 @@ init_arc_disasm_info (struct disassemble_info *info)
- return FALSE;
-
- info->private_data = arc_infop;
-+ info->priv_status = 1;
- return TRUE;
- }
-
-diff --git a/opcodes/cgen-bitset.c b/opcodes/cgen-bitset.c
-index 668dcb40..4baa6ef9 100644
---- a/opcodes/cgen-bitset.c
-+++ b/opcodes/cgen-bitset.c
-@@ -22,6 +22,7 @@
- #include "libiberty.h"
- #include "cgen/bitset.h"
- #include <string.h>
-+#include <stdlib.h>
-
- /* Create a bit mask. */
-
-@@ -45,6 +46,16 @@ cgen_bitset_init (CGEN_BITSET * mask, unsigned bit_count)
- cgen_bitset_clear (mask);
- }
-
-+void
-+cgen_bitset_release (CGEN_BITSET * mask)
-+{
-+ if (! mask)
-+ return;
-+ free (mask->bits);
-+ free (mask);
-+}
-+
-+
- /* Clear the bits of a bit mask. */
-
- void
-diff --git a/opcodes/cris-dis.c b/opcodes/cris-dis.c
-index 793549d2..9d16a82f 100644
---- a/opcodes/cris-dis.c
-+++ b/opcodes/cris-dis.c
-@@ -106,6 +106,7 @@ cris_parse_disassembler_options (disassemble_info *info,
- struct cris_disasm_data *disdata;
-
- info->private_data = calloc (1, sizeof (struct cris_disasm_data));
-+ info->priv_status = 1;
- disdata = (struct cris_disasm_data *) info->private_data;
- if (disdata == NULL)
- return FALSE;
-diff --git a/opcodes/disassemble.c b/opcodes/disassemble.c
-index aef2fd86..4999e34c 100644
---- a/opcodes/disassemble.c
-+++ b/opcodes/disassemble.c
-@@ -716,6 +716,17 @@ disassemble_init_for_target (struct disassemble_info * info)
- }
- }
-
-+void
-+disassemble_release (struct disassemble_info * info)
-+{
-+ if (info->insn_sets) {
-+ cgen_bitset_release(info->insn_sets);
-+ }
-+ if (info->priv_status) {
-+ free (info->private_data);
-+ }
-+}
-+
- /* Remove whitespace and consecutive commas from OPTIONS. */
-
- char *
-diff --git a/opcodes/mmix-dis.c b/opcodes/mmix-dis.c
-index 93688d3c..9c8f1251 100644
---- a/opcodes/mmix-dis.c
-+++ b/opcodes/mmix-dis.c
-@@ -133,6 +133,7 @@ initialize_mmix_dis_info (struct disassemble_info *info)
- minfop->spec_reg_name[mmix_spec_regs[i].number] = mmix_spec_regs[i].name;
-
- info->private_data = (void *) minfop;
-+ info->priv_status = 1;
- return TRUE;
- }
-
-diff --git a/opcodes/nfp-dis.c b/opcodes/nfp-dis.c
-index 3644b4b2..305c600e 100644
---- a/opcodes/nfp-dis.c
-+++ b/opcodes/nfp-dis.c
-@@ -2786,6 +2786,7 @@ init_nfp_priv (struct disassemble_info *dinfo)
- }
-
- dinfo->private_data = priv;
-+ dinfo->priv_status = 1;
- return priv;
- }
-
-diff --git a/opcodes/ppc-dis.c b/opcodes/ppc-dis.c
-index 2f5756b6..eb6a98b8 100644
---- a/opcodes/ppc-dis.c
-+++ b/opcodes/ppc-dis.c
-@@ -309,6 +309,8 @@ powerpc_init_dialect (struct disassemble_info *info)
-
- if (priv == NULL)
- priv = &private;
-+ else
-+ info->priv_status = 1;
-
- switch (info->mach)
- {
-diff --git a/opcodes/riscv-dis.c b/opcodes/riscv-dis.c
-index 40893c3d..e544feee 100644
---- a/opcodes/riscv-dis.c
-+++ b/opcodes/riscv-dis.c
-@@ -381,6 +381,7 @@ riscv_disassemble_insn (bfd_vma memaddr, insn_t word, disassemble_info *info)
- int i;
-
- pd = info->private_data = xcalloc (1, sizeof (struct riscv_private_data));
-+ info->priv_status = 1;
- pd->gp = -1;
- pd->print_addr = -1;
- for (i = 0; i < (int)ARRAY_SIZE (pd->hi_addr); i++)
diff --git a/projects/binutils/project.yaml b/projects/binutils/project.yaml
index 5d44310..44a487f 100644
--- a/projects/binutils/project.yaml
+++ b/projects/binutils/project.yaml
@@ -3,3 +3,4 @@
auto_ccs :
- "p.antoine@catenacyber.fr"
- "nickc@redhat.com"
+ - "amodra@gmail.com"
diff --git a/projects/boost/Dockerfile b/projects/boost/Dockerfile
index 6134c22..ac2fe37 100644
--- a/projects/boost/Dockerfile
+++ b/projects/boost/Dockerfile
@@ -19,8 +19,5 @@
RUN git clone --recursive https://github.com/boostorg/boost.git
WORKDIR boost
-# This bootstrap boost with the g++ toolchain.
-# The actual build will need to use CXX/CXXFLAGS provided by OSS-Fuzz.
-RUN ./bootstrap.sh && ./b2 headers
# Preferably, move boost_regex_fuzzer.cc to the boost repository.
COPY build.sh *.cc $SRC/
diff --git a/projects/boost/boost_regex_fuzzer.cc b/projects/boost/boost_regex_fuzzer.cc
index c238379..018a04b 100644
--- a/projects/boost/boost_regex_fuzzer.cc
+++ b/projects/boost/boost_regex_fuzzer.cc
@@ -1,16 +1,47 @@
// From https://svn.boost.org/trac10/ticket/12818
// This fuzz target can likely be enhanced to exercise more code.
// The ideal place for this fuzz target is the boost repository.
-#include <boost/regex.hpp>
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
- try {
- std::string str((char *)Data, Size);
- boost::regex e(str);
- boost::match_results<std::string::const_iterator> what;
- boost::regex_match(str, what, e,
- boost::match_default | boost::match_partial);
+#ifdef DEBUG
+#include <iostream>
+#endif
- } catch (const std::exception &) {
+#include <boost/regex.hpp>
+#include <fuzzer/FuzzedDataProvider.h>
+
+namespace {
+ void assertPostConditions(boost::match_results<std::string::const_iterator> const& match, boost::regex const& e)
+ {
+ // See https://www.boost.org/doc/libs/1_71_0/libs/regex/doc/html/boost_regex/ref/regex_match.html
+ assert(match.size() == e.mark_count() + 1);
+ assert(!match.empty());
+ assert(!match.prefix().matched);
+ assert(!match.suffix().matched);
+ }
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ FuzzedDataProvider fuzzed_data(Data, Size);
+ // First value is length of the regex string
+ size_t regex_length = fuzzed_data.ConsumeIntegral<uint8_t>();
+ // Second value is regexp string whose length is `regex_length`
+ std::string regex_string = fuzzed_data.ConsumeBytesAsString(regex_length);
+ boost::regex e(regex_string);
+ // Last value is the text to be matched
+ std::string text = fuzzed_data.ConsumeRemainingBytesAsString();
+
+#ifdef DEBUG
+ std::cout << "Regexp string: " << regex_string << "Size: " << regex_string.size() << std::endl;
+ std::cout << "Text: " << text << "Size: " << text.size() << std::endl;
+#endif
+
+ try {
+ boost::match_results<std::string::const_iterator> what;
+ bool match = boost::regex_match(text, what, e,
+ boost::match_default | boost::match_partial);
+ if (match)
+ assertPostConditions(what, e);
+ }
+ catch (const std::runtime_error &) {
}
return 0;
}
diff --git a/projects/boost/build.sh b/projects/boost/build.sh
index abd7a3c..b34d55f 100755
--- a/projects/boost/build.sh
+++ b/projects/boost/build.sh
@@ -15,9 +15,10 @@
#
################################################################################
+# Build boost
+./bootstrap.sh && ./b2 headers
# Very simple build rule, but sufficient here.
-
#boost regexp
$CXX $CXXFLAGS -I . ../boost_regex_fuzzer.cc libs/regex/src/*.cpp $LIB_FUZZING_ENGINE -o boost_regex_fuzzer
diff --git a/projects/boost/project.yaml b/projects/boost/project.yaml
index 7ea1b58..e46f5a4 100644
--- a/projects/boost/project.yaml
+++ b/projects/boost/project.yaml
@@ -5,4 +5,5 @@
auto_ccs:
- "jz.maddock@googlemail.com"
- "mclow@boost.org"
+ - "bshas3@gmail.com"
# - "someone-else@boost.org"
diff --git a/projects/brotli/project.yaml b/projects/brotli/project.yaml
index 043ad7a..67be80d 100644
--- a/projects/brotli/project.yaml
+++ b/projects/brotli/project.yaml
@@ -1,7 +1,8 @@
homepage: "https://github.com/google/brotli"
primary_contact: "eustas@chromium.org"
vendor_ccs:
- - cdiehl@mozilla.com
+ - "jkew@mozilla.com"
+ - "twsmith@mozilla.com"
fuzzing_engines:
- libfuzzer
- afl
diff --git a/projects/cryptofuzz/Dockerfile b/projects/cryptofuzz/Dockerfile
index 6cac8b0..1629cec 100644
--- a/projects/cryptofuzz/Dockerfile
+++ b/projects/cryptofuzz/Dockerfile
@@ -17,7 +17,7 @@
FROM gcr.io/oss-fuzz-base/base-builder
MAINTAINER guidovranken@gmail.com
-RUN apt-get update && apt-get install -y software-properties-common python-software-properties make autoconf automake libtool build-essential cmake libboost-all-dev wget
+RUN apt-get update && apt-get install -y software-properties-common python-software-properties make autoconf automake libtool build-essential cmake libboost-all-dev wget mercurial gyp ninja-build zlib1g-dev libsqlite3-dev
# BoringSSL needs Go to build
RUN add-apt-repository -y ppa:gophers/archive && apt-get update && apt-get install -y golang-1.9-go
@@ -34,13 +34,13 @@
RUN git clone --depth 1 https://dev.gnupg.org/source/libgcrypt.git
RUN wget https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.36.tar.bz2
RUN git clone --depth 1 -b oss-fuzz https://github.com/project-everest/hacl-star evercrypt
-RUN wget https://github.com/openssl/openssl/archive/OpenSSL_1_1_0-stable.zip
-RUN wget https://github.com/openssl/openssl/archive/OpenSSL_1_0_2-stable.zip
RUN git clone --depth 1 https://github.com/google/cityhash.git
RUN git clone --depth 1 https://github.com/golang/go
RUN git clone --depth 1 https://github.com/randombit/botan.git
RUN git clone --depth 1 https://github.com/wolfSSL/wolfssl.git
RUN git clone --depth 1 https://github.com/ARMmbed/mbed-crypto.git
+RUN hg clone https://hg.mozilla.org/projects/nspr
+RUN hg clone https://hg.mozilla.org/projects/nss
RUN apt-get remove -y libunwind8
COPY build.sh $SRC/
diff --git a/projects/cryptofuzz/build.sh b/projects/cryptofuzz/build.sh
index 9f40274..f2c0501 100755
--- a/projects/cryptofuzz/build.sh
+++ b/projects/cryptofuzz/build.sh
@@ -60,6 +60,31 @@
export CXXFLAGS="$CXXFLAGS -DMSAN"
fi
+# Compile NSS
+if [[ $CFLAGS != *-m32* ]]
+then
+ mkdir $SRC/nss-nspr
+ mv $SRC/nss $SRC/nss-nspr/
+ mv $SRC/nspr $SRC/nss-nspr/
+ cd $SRC/nss-nspr/
+ if [[ $CFLAGS = *sanitize=address* ]]
+ then
+ CFLAGS="" CXXFLAGS="" nss/build.sh --asan --static
+ elif [[ $CFLAGS = *sanitize=memory* ]]
+ then
+ CFLAGS="" CXXFLAGS="" nss/build.sh --msan --static
+ else
+ CFLAGS="" CXXFLAGS="" nss/build.sh --ubsan --static
+ fi
+ export NSS_NSPR_PATH=$(realpath $SRC/nss-nspr/)
+ export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NSS"
+ export LINK_FLAGS="$LINK_FLAGS -lsqlite3"
+
+ # Compile Cryptofuzz NSS module
+ cd $SRC/cryptofuzz/modules/nss
+ make -B
+fi
+
# Compile Cityhash
cd $SRC/cityhash
if [[ $CFLAGS != *-m32* ]]
@@ -111,34 +136,6 @@
make -B
##############################################################################
-# Compile wolfCrypt
-cd $SRC/wolfssl
-autoreconf -ivf
-
-export WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-rabbit --enable-aesccm --enable-aesctr --enable-hc128 --enable-xts --enable-des3 --enable-idea --enable-x963kdf --enable-harden"
-
-if [[ $CFLAGS = *sanitize=memory* ]]
-then
- export WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS -disable-asm"
-fi
-
-if [[ $CFLAGS = *-m32* ]]
-then
- export WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS -disable-fastmath"
-fi
-
-./configure $WOLFCRYPT_CONFIGURE_PARAMS
-make -j$(nproc) >/dev/null 2>&1
-
-export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_WOLFCRYPT"
-export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl/src/.libs/libwolfssl.a"
-export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl"
-
-# Compile Cryptofuzz wolfcrypt (without assembly) module
-cd $SRC/cryptofuzz/modules/wolfcrypt
-make -B
-
-##############################################################################
# Compile Botan
cd $SRC/botan
if [[ $CFLAGS != *-m32* ]]
@@ -263,6 +260,57 @@
make -B
fi
+if [[ $CFLAGS != *-m32* ]]
+then
+ # Compile Cryptofuzz (NSS-based)
+ cd $SRC/cryptofuzz
+ LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL $INCLUDE_PATH_FLAGS" make -B -j$(nproc)
+
+ # Generate dictionary
+ ./generate_dict
+
+ # Copy fuzzer
+ cp $SRC/cryptofuzz/cryptofuzz $OUT/cryptofuzz-nss
+ # Copy dictionary
+ cp $SRC/cryptofuzz/cryptofuzz-dict.txt $OUT/cryptofuzz-nss.dict
+ # Copy seed corpus
+ cp $SRC/cryptofuzz-corpora/libressl_latest.zip $OUT/cryptofuzz-nss_seed_corpus.zip
+
+ rm $SRC/cryptofuzz/modules/nss/module.a
+
+ CXXFLAGS=${CXXFLAGS//"-DCRYPTOFUZZ_NSS"/}
+ LINK_FLAGS=${LINK_FLAGS//"-lsqlite3"/}
+fi
+
+##############################################################################
+# Compile wolfCrypt
+cd $SRC/wolfssl
+autoreconf -ivf
+
+export WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-rabbit --enable-aesccm --enable-aesctr --enable-hc128 --enable-xts --enable-des3 --enable-idea --enable-x963kdf --enable-harden"
+
+if [[ $CFLAGS = *sanitize=memory* ]]
+then
+ export WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS -disable-asm"
+fi
+
+if [[ $CFLAGS = *-m32* ]]
+then
+ export WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS -disable-fastmath"
+fi
+
+./configure $WOLFCRYPT_CONFIGURE_PARAMS
+make -j$(nproc) >/dev/null 2>&1
+
+export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_WOLFCRYPT"
+export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl/src/.libs/libwolfssl.a"
+export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl"
+
+# Compile Cryptofuzz wolfcrypt (without assembly) module
+cd $SRC/cryptofuzz/modules/wolfcrypt
+make -B
+
+
##############################################################################
if [[ $CFLAGS != *sanitize=memory* && $CFLAGS != *-m32* ]]
then
@@ -442,145 +490,3 @@
cp $SRC/cryptofuzz/cryptofuzz-dict.txt $OUT/cryptofuzz-boringssl-noasm.dict
# Copy seed corpus
cp $SRC/cryptofuzz-corpora/boringssl_latest.zip $OUT/cryptofuzz-boringssl-noasm_seed_corpus.zip
-
-
-# OpenSSL 1.1.0 can currently not be used together with wolfCrypt due to symbol collisions
-export SAVE_CXXFLAGS="$CXXFLAGS"
-export CXXFLAGS=${CXXFLAGS/-DCRYPTOFUZZ_WOLFCRYPT/}
-
-##############################################################################
-cd $SRC;
-unzip OpenSSL_1_1_0-stable.zip
-
-if [[ $CFLAGS != *sanitize=memory* ]]
-then
- # Compile Openssl 1.1.0 (with assembly)
- cd $SRC/openssl-OpenSSL_1_1_0-stable/
- if [[ $CFLAGS != *-m32* ]]
- then
- ./config --debug enable-md2 enable-rc5 $CFLAGS
- else
- setarch i386 ./config --debug enable-md2 enable-rc5 $CFLAGS
- fi
- make depend
- make -j$(nproc) >/dev/null 2>&1
-
- # Compile Cryptofuzz OpenSSL 1.1.0 (with assembly) module
- cd $SRC/cryptofuzz/modules/openssl
- OPENSSL_INCLUDE_PATH="$SRC/openssl-OpenSSL_1_1_0-stable/include" OPENSSL_LIBCRYPTO_A_PATH="$SRC/openssl-OpenSSL_1_1_0-stable/libcrypto.a" CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_OPENSSL_110" make -B
-
- # Compile Cryptofuzz
- cd $SRC/cryptofuzz
- LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" CXXFLAGS="$CXXFLAGS -I $SRC/openssl-OpenSSL_1_1_0-stable/include $INCLUDE_PATH_FLAGS -DCRYPTOFUZZ_OPENSSL_110" make -B -j$(nproc) >/dev/null 2>&1
-
- # Generate dictionary
- ./generate_dict
-
- # Copy fuzzer
- cp $SRC/cryptofuzz/cryptofuzz $OUT/cryptofuzz-openssl-110
- # Copy dictionary
- cp $SRC/cryptofuzz/cryptofuzz-dict.txt $OUT/cryptofuzz-openssl-110.dict
- # Copy seed corpus
- cp $SRC/cryptofuzz-corpora/openssl_latest.zip $OUT/cryptofuzz-openssl_seed_corpus.zip
-fi
-
-##############################################################################
-# Compile Openssl 1.1.0 (without assembly)
-cd $SRC/openssl-OpenSSL_1_1_0-stable/
-make clean || true
-if [[ $CFLAGS != *-m32* ]]
-then
- ./config --debug no-asm enable-md2 enable-rc5 $CFLAGS
-else
- setarch i386 ./config --debug no-asm enable-md2 enable-rc5 $CFLAGS
-fi
-make depend
-make -j$(nproc) >/dev/null 2>&1
-
-# Compile Cryptofuzz OpenSSL 1.1.0 (without assembly) module
-cd $SRC/cryptofuzz/modules/openssl
-OPENSSL_INCLUDE_PATH="$SRC/openssl-OpenSSL_1_1_0-stable/include" OPENSSL_LIBCRYPTO_A_PATH="$SRC/openssl-OpenSSL_1_1_0-stable/libcrypto.a" CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_OPENSSL_110" make -B
-
-# Compile Cryptofuzz
-cd $SRC/cryptofuzz
-LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" CXXFLAGS="$CXXFLAGS -I $SRC/openssl-OpenSSL_1_1_0-stable/include $INCLUDE_PATH_FLAGS -DCRYPTOFUZZ_OPENSSL_110" make -B -j$(nproc) >/dev/null 2>&1
-
-# Generate dictionary
-./generate_dict
-
-
-# Copy fuzzer
-cp $SRC/cryptofuzz/cryptofuzz $OUT/cryptofuzz-openssl-110-noasm
-# Copy dictionary
-cp $SRC/cryptofuzz/cryptofuzz-dict.txt $OUT/cryptofuzz-openssl-110-noasm.dict
-# Copy seed corpus
-cp $SRC/cryptofuzz-corpora/openssl_latest.zip $OUT/cryptofuzz-openssl-110-noasm_seed_corpus.zip
-
-export CXXFLAGS="$SAVE_CXXFLAGS"
-##############################################################################
-cd $SRC;
-unzip OpenSSL_1_0_2-stable.zip
-
-if [[ $CFLAGS != *sanitize=memory* ]]
-then
- # Compile Openssl 1.0.2 (with assembly)
- cd $SRC/openssl-OpenSSL_1_0_2-stable/
- if [[ $CFLAGS != *-m32* ]]
- then
- ./config --debug enable-md2 enable-rc5 $CFLAGS
- else
- setarch i386 ./config --debug enable-md2 enable-rc5 $CFLAGS
- fi
- make depend
- make -j$(nproc) >/dev/null 2>&1
-
- # Compile Cryptofuzz OpenSSL 1.0.2 (with assembly) module
- cd $SRC/cryptofuzz/modules/openssl
- OPENSSL_INCLUDE_PATH="$SRC/openssl-OpenSSL_1_0_2-stable/include" OPENSSL_LIBCRYPTO_A_PATH="$SRC/openssl-OpenSSL_1_0_2-stable/libcrypto.a" CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_OPENSSL_102" make -B
-
- # Compile Cryptofuzz
- cd $SRC/cryptofuzz
- LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" CXXFLAGS="$CXXFLAGS -I $SRC/openssl-OpenSSL_1_0_2-stable/include $INCLUDE_PATH_FLAGS -DCRYPTOFUZZ_OPENSSL_102" make -B -j$(nproc) >/dev/null 2>&1
-
- # Generate dictionary
- ./generate_dict
-
- # Copy fuzzer
- cp $SRC/cryptofuzz/cryptofuzz $OUT/cryptofuzz-openssl-102
- # Copy dictionary
- cp $SRC/cryptofuzz/cryptofuzz-dict.txt $OUT/cryptofuzz-openssl-102.dict
- # Copy seed corpus
- cp $SRC/cryptofuzz-corpora/openssl_latest.zip $OUT/cryptofuzz-openssl_seed_corpus.zip
-fi
-
-##############################################################################
-# Compile Openssl 1.0.2 (without assembly)
-cd $SRC/openssl-OpenSSL_1_0_2-stable/
-make clean || true
-if [[ $CFLAGS != *-m32* ]]
-then
- ./config --debug no-asm enable-md2 enable-rc5 $CFLAGS -DPURIFY
-else
- setarch i386 ./config --debug no-asm enable-md2 enable-rc5 $CFLAGS
-fi
-make depend
-make -j$(nproc) >/dev/null 2>&1
-
-# Compile Cryptofuzz OpenSSL 1.0.2 (without assembly) module
-cd $SRC/cryptofuzz/modules/openssl
-OPENSSL_INCLUDE_PATH="$SRC/openssl-OpenSSL_1_0_2-stable/include" OPENSSL_LIBCRYPTO_A_PATH="$SRC/openssl-OpenSSL_1_0_2-stable/libcrypto.a" CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_OPENSSL_102" make -B
-
-# Compile Cryptofuzz
-cd $SRC/cryptofuzz
-LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" CXXFLAGS="$CXXFLAGS -I $SRC/openssl-OpenSSL_1_0_2-stable/include $INCLUDE_PATH_FLAGS -DCRYPTOFUZZ_OPENSSL_102" make -B -j$(nproc) >/dev/null 2>&1
-
-# Generate dictionary
-./generate_dict
-
-# Copy fuzzer
-cp $SRC/cryptofuzz/cryptofuzz $OUT/cryptofuzz-openssl-102-noasm
-# Copy dictionary
-cp $SRC/cryptofuzz/cryptofuzz-dict.txt $OUT/cryptofuzz-openssl-102-noasm.dict
-# Copy seed corpus
-cp $SRC/cryptofuzz-corpora/openssl_latest.zip $OUT/cryptofuzz-openssl-102-noasm_seed_corpus.zip
-
diff --git a/projects/cryptofuzz/project.yaml b/projects/cryptofuzz/project.yaml
index e435dcb..f6e0361 100644
--- a/projects/cryptofuzz/project.yaml
+++ b/projects/cryptofuzz/project.yaml
@@ -22,6 +22,9 @@
- "david@wolfssl.com"
- "kaleb@wolfssl.com"
- "jacob@wolfssl.com"
+ - "jjones@mozilla.com"
+ - "sledru@mozilla.com"
+ - "kjacobs@mozilla.com"
sanitizers:
- address
- undefined
diff --git a/projects/easywsclient/Dockerfile b/projects/easywsclient/Dockerfile
new file mode 100644
index 0000000..44678f0
--- /dev/null
+++ b/projects/easywsclient/Dockerfile
@@ -0,0 +1,22 @@
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER dhbaird@gmail.com
+RUN apt-get update && apt-get install -y make autoconf automake libtool
+RUN git clone --depth 1 https://github.com/dhbaird/easywsclient easywsclient
+WORKDIR easywsclient
+COPY build.sh *.cpp $SRC/
diff --git a/projects/easywsclient/build.sh b/projects/easywsclient/build.sh
new file mode 100755
index 0000000..5fa3704
--- /dev/null
+++ b/projects/easywsclient/build.sh
@@ -0,0 +1,22 @@
+#!/bin/bash -eu
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+for f in $(find $SRC -name '*_fuzzer.cpp'); do
+ b=$(basename -s .cpp $f)
+ $CXX $CXXFLAGS -std=c++11 -g easywsclient.cpp -I. \
+ $f -o $OUT/$b $LIB_FUZZING_ENGINE
+done
diff --git a/projects/easywsclient/easyws_fuzzer.cpp b/projects/easywsclient/easyws_fuzzer.cpp
new file mode 100644
index 0000000..8720879
--- /dev/null
+++ b/projects/easywsclient/easyws_fuzzer.cpp
@@ -0,0 +1,26 @@
+// Copyright 2019 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <stddef.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "easywsclient.hpp"
+#include <fuzzer/FuzzedDataProvider.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ std::string str(reinterpret_cast<const char*>(data), size);
+ easywsclient::WebSocket::from_url(str);
+ return 0;
+}
diff --git a/projects/easywsclient/project.yaml b/projects/easywsclient/project.yaml
new file mode 100644
index 0000000..1bab7b7
--- /dev/null
+++ b/projects/easywsclient/project.yaml
@@ -0,0 +1,9 @@
+homepage: "https://github.com/dhbaird/easywsclient"
+primary_contact: "dhbaird@gmail.com"
+sanitizers:
+ - address
+ - memory
+ - undefined
+architectures:
+ - x86_64
+ - i386
diff --git a/projects/envoy/Dockerfile b/projects/envoy/Dockerfile
index e507358..0be1677 100644
--- a/projects/envoy/Dockerfile
+++ b/projects/envoy/Dockerfile
@@ -14,7 +14,9 @@
#
################################################################################
-FROM gcr.io/oss-fuzz-base/base-builder
+# TODO(https://github.com/google/oss-fuzz/issues/3093): Stop specifying the
+# image SHA once the bug is fixed.
+FROM gcr.io/oss-fuzz-base/base-builder@sha256:276813aef0ce5972db43c0230f96162003994fa742fb1b2f4e66c67498575c65
MAINTAINER htuch@google.com
RUN apt-get update && apt-get -y install \
@@ -29,10 +31,9 @@
golang \
python
-# Install Bazel
-RUN echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.list.d/bazel.list
-RUN curl https://bazel.build/bazel-release.pub.gpg | apt-key add -
-RUN apt-get update && apt-get install -y bazel
+# Install Bazelisk
+RUN wget -O /usr/local/bin/bazel https://github.com/bazelbuild/bazelisk/releases/download/v0.0.8/bazelisk-linux-amd64
+RUN chmod +x /usr/local/bin/bazel
# Install cmake
RUN wget https://github.com/Kitware/CMake/releases/download/v3.14.5/cmake-3.14.5-Linux-x86_64.sh; \
diff --git a/projects/ffmpeg/build.sh b/projects/ffmpeg/build.sh
index ac9b66d..50a4354 100755
--- a/projects/ffmpeg/build.sh
+++ b/projects/ffmpeg/build.sh
@@ -160,6 +160,15 @@
export TEMP_VAR_CODEC="AV_CODEC_ID_H264"
export TEMP_VAR_CODEC_TYPE="VIDEO"
+CONDITIONALS=`grep 'BSF 1$' config.h | sed 's/#define CONFIG_\(.*\)_BSF 1/\1/'`
+for c in $CONDITIONALS ; do
+ fuzzer_name=ffmpeg_BSF_${c}_fuzzer
+ symbol=`echo $c | sed "s/.*/\L\0/"`
+ echo -en "[libfuzzer]\nmax_len = 1000000\n" > $OUT/${fuzzer_name}.options
+ make tools/target_bsf_${symbol}_fuzzer
+ mv tools/target_bsf_${symbol}_fuzzer $OUT/${fuzzer_name}
+done
+
# Build fuzzers for decoders.
CONDITIONALS=`grep 'DECODER 1$' config.h | sed 's/#define CONFIG_\(.*\)_DECODER 1/\1/'`
for c in $CONDITIONALS ; do
diff --git a/projects/freetype2/project.yaml b/projects/freetype2/project.yaml
index 519830f..3756cd3 100644
--- a/projects/freetype2/project.yaml
+++ b/projects/freetype2/project.yaml
@@ -8,7 +8,10 @@
- "apodtele@gmail.com"
- "prince.cherusker@gmail.com"
vendor_ccs:
- - "cdiehl@mozilla.com"
+ - "jkew@mozilla.com"
+ - "jmuizelaar@mozilla.com"
+ - "lsalzman@mozilla.com"
+ - "twsmith@mozilla.com"
sanitizers:
- address
- undefined
diff --git a/projects/go-attestation/build.sh b/projects/go-attestation/build.sh
index bf1eb52..1aec572 100755
--- a/projects/go-attestation/build.sh
+++ b/projects/go-attestation/build.sh
@@ -28,4 +28,7 @@
$CXX $CXXFLAGS $LIB_FUZZING_ENGINE $fuzzer.a -lpthread -o $OUT/$fuzzer
}
-compile_fuzzer github.com/google/go-attestation/attest FuzzParseEventLog parse_event_log_fuzzer
\ No newline at end of file
+compile_fuzzer github.com/google/go-attestation/attest FuzzParseEventLog parse_event_log_fuzzer
+compile_fuzzer github.com/google/go-attestation/attest FuzzParseAKPublic12 parse_ak_public12_fuzzer
+compile_fuzzer github.com/google/go-attestation/attest FuzzParseAKPublic20 parse_ak_public20_fuzzer
+compile_fuzzer github.com/google/go-attestation/attest FuzzParseEKCertificate parse_ek_certificate_fuzzer
diff --git a/projects/golang-protobuf/build.sh b/projects/golang-protobuf/build.sh
index 67774ab..bd1da14 100755
--- a/projects/golang-protobuf/build.sh
+++ b/projects/golang-protobuf/build.sh
@@ -11,7 +11,9 @@
}
for x in internal/fuzz/*; do
- if [ -d $x ]; then
- compile_fuzzer ./$x Fuzz $(basename $x)_fuzzer
+ if [ -d $x/corpus ]; then
+ name=$(basename $x)
+ compile_fuzzer ./$x Fuzz $name
+ zip -jr $OUT/${name}_seed_corpus.zip $x/corpus
fi
done
diff --git a/projects/gonids/Dockerfile b/projects/gonids/Dockerfile
index d14b366..6ca5bd5 100644
--- a/projects/gonids/Dockerfile
+++ b/projects/gonids/Dockerfile
@@ -20,7 +20,5 @@
ADD https://rules.emergingthreats.net/open/suricata/emerging.rules.zip emerging.rules.zip
-RUN mkdir fuzz
-COPY fuzz_*.go fuzz/
COPY build.sh $SRC/
-WORKDIR fuzz
+WORKDIR $SRC/
diff --git a/projects/gonids/build.sh b/projects/gonids/build.sh
index 142348a..e98d54c 100755
--- a/projects/gonids/build.sh
+++ b/projects/gonids/build.sh
@@ -28,9 +28,9 @@
$CXX $CXXFLAGS $LIB_FUZZING_ENGINE $fuzzer.a -lpthread -o $OUT/$fuzzer
}
-compile_fuzzer . Fuzz fuzz_parserule
+compile_fuzzer /root/go/src/github.com/google/gonids/ FuzzParseRule fuzz_parserule
-unzip ../emerging.rules.zip
+unzip emerging.rules.zip
cd rules
i=0
mkdir corpus
diff --git a/projects/gonids/fuzz_parserule.go b/projects/gonids/fuzz_parserule.go
deleted file mode 100644
index ce8aabb..0000000
--- a/projects/gonids/fuzz_parserule.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package gonidsfuzz
-
-import (
- "github.com/google/gonids"
-)
-
-func Fuzz(data []byte) int {
- r, err := gonids.ParseRule(string(data))
- if err != nil {
- // Handle parse error
- return 0
- }
- r.OptimizeHTTP()
- return 1
-}
diff --git a/projects/graphicsfuzz-spirv/Dockerfile b/projects/graphicsfuzz-spirv/Dockerfile
index 68407fe..3793191 100644
--- a/projects/graphicsfuzz-spirv/Dockerfile
+++ b/projects/graphicsfuzz-spirv/Dockerfile
@@ -27,8 +27,6 @@
RUN git clone --depth=1 https://github.com/google/effcee graphicsfuzz-spirv/SPIRV-Tools/external/effcee
RUN git clone --depth=1 https://github.com/google/re2 graphicsfuzz-spirv/SPIRV-Tools/external/re2
-# TODO(metzman): Build GraphicsFuzz and bundle it so that the blackbox fuzzer is always using the latest version.
-
COPY build.sh $SRC/
WORKDIR graphicsfuzz-spirv
\ No newline at end of file
diff --git a/projects/graphicsfuzz-spirv/project.yaml b/projects/graphicsfuzz-spirv/project.yaml
index b16ff46..add495c 100644
--- a/projects/graphicsfuzz-spirv/project.yaml
+++ b/projects/graphicsfuzz-spirv/project.yaml
@@ -15,5 +15,3 @@
architectures:
- x86_64
- i386
-
-disabled: True
diff --git a/projects/graphicsmagick/project.yaml b/projects/graphicsmagick/project.yaml
index a750dd9..fc74038 100644
--- a/projects/graphicsmagick/project.yaml
+++ b/projects/graphicsmagick/project.yaml
@@ -11,3 +11,7 @@
architectures:
- x86_64
- i386
+fuzzing_engines:
+ - libfuzzer
+ - honggfuzz
+ - afl
diff --git a/projects/grpc/Dockerfile b/projects/grpc/Dockerfile
index aeac4c1..8f004bf 100644
--- a/projects/grpc/Dockerfile
+++ b/projects/grpc/Dockerfile
@@ -14,7 +14,9 @@
#
################################################################################
-FROM gcr.io/oss-fuzz-base/base-builder
+# TODO(https://github.com/google/oss-fuzz/issues/3093): Stop specifying the
+# image SHA once the bug is fixed.
+FROM gcr.io/oss-fuzz-base/base-builder@sha256:276813aef0ce5972db43c0230f96162003994fa742fb1b2f4e66c67498575c65
MAINTAINER yangg@google.com
RUN apt-get update && apt-get install -y software-properties-common python-software-properties
diff --git a/projects/harfbuzz/project.yaml b/projects/harfbuzz/project.yaml
index e1bfbe9..8b3dd2c 100644
--- a/projects/harfbuzz/project.yaml
+++ b/projects/harfbuzz/project.yaml
@@ -13,7 +13,8 @@
- "ariza@typekit.com"
- "qxliu@google.com"
vendor_ccs:
- - "cdiehl@mozilla.com"
+ - "jmuizelaar@mozilla.com"
+ - "lsalzman@mozilla.com"
- "twsmith@mozilla.com"
sanitizers:
- address
diff --git a/projects/karchive/build.sh b/projects/karchive/build.sh
index a554a48..b695ef7 100644
--- a/projects/karchive/build.sh
+++ b/projects/karchive/build.sh
@@ -69,7 +69,7 @@
./configure --glib=no --libpng=qt -opensource -confirm-license -static -no-opengl -no-icu -platform linux-clang-libc++ -v
cd src
../bin/qmake -o Makefile src.pro
-make sub-corelib -j$(nproc)
+make sub-corelib sub-rcc -j$(nproc)
# Build karchive
cd $SRC
diff --git a/projects/kcodecs/build.sh b/projects/kcodecs/build.sh
index 7fc1e17..2f8c857 100644
--- a/projects/kcodecs/build.sh
+++ b/projects/kcodecs/build.sh
@@ -30,7 +30,7 @@
./configure --glib=no --libpng=qt -opensource -confirm-license -static -no-opengl -no-icu -platform linux-clang-libc++ -v
cd src
../bin/qmake -o Makefile src.pro
-make sub-corelib -j$(nproc)
+make sub-corelib sub-rcc -j$(nproc)
cd $SRC
cd kcodecs
diff --git a/projects/kubernetes/build.sh b/projects/kubernetes/build.sh
index 41d9469..539631b 100755
--- a/projects/kubernetes/build.sh
+++ b/projects/kubernetes/build.sh
@@ -33,7 +33,10 @@
$CXX $CXXFLAGS $LIB_FUZZING_ENGINE "${fuzzer}.a" -lpthread -o "${OUT}/${fuzzer}"
}
+compile_fuzzer "yaml" "FuzzDurationStrict"
+compile_fuzzer "yaml" "FuzzMicroTimeStrict"
compile_fuzzer "yaml" "FuzzSigYaml"
+compile_fuzzer "yaml" "FuzzTimeStrict"
compile_fuzzer "yaml" "FuzzYamlV2"
compile_fuzzer "json" "FuzzStrictDecode"
compile_fuzzer "json" "FuzzNonStrictDecode"
diff --git a/projects/libfido2/Dockerfile b/projects/libfido2/Dockerfile
new file mode 100644
index 0000000..0b6a1c7
--- /dev/null
+++ b/projects/libfido2/Dockerfile
@@ -0,0 +1,25 @@
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER g.kihlman@yubico.com
+RUN apt-get update && apt-get install -y make autoconf automake libtool
+RUN apt-get install -y cmake libudev-dev pkg-config chrpath
+RUN git clone --branch v0.5.0 https://github.com/PJK/libcbor
+RUN git clone --branch OpenSSL_1_1_1-stable https://github.com/openssl/openssl
+RUN git clone https://github.com/Yubico/libfido2
+WORKDIR libfido2
+COPY build.sh $SRC/
diff --git a/projects/libfido2/build.sh b/projects/libfido2/build.sh
new file mode 100755
index 0000000..3f00058
--- /dev/null
+++ b/projects/libfido2/build.sh
@@ -0,0 +1,69 @@
+#!/bin/bash -eu
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Build libcbor, taken from oss-fuzz/projects/libcbor/build.sh
+# Note SANITIZE=OFF since it gets taken care of by $CFLAGS set by oss-fuzz
+cd ${SRC}/libcbor
+patch -l -p0 < ${SRC}/libfido2/fuzz/README
+mkdir build && cd build
+cmake -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${WORK} -DSANITIZE=OFF ..
+make -j$(nproc) VERBOSE=1
+make install
+
+# Build OpenSSL, taken from oss-fuzz/projects/openssl/build.sh
+cd ${SRC}/openssl
+CONFIGURE_FLAGS=""
+if [[ ${SANITIZER} = memory ]]
+then
+ CONFIGURE_FLAGS="no-asm"
+fi
+./config --debug no-tests ${CFLAGS} --prefix=${WORK} \
+ --openssldir=${WORK}/openssl ${CONFIGURE_FLAGS}
+make -j$(nproc) LDCMD="${CXX} ${CXXFLAGS}"
+make install_sw
+
+# Building libfido2 with ${LIB_FUZZING_ENGINE} and chosen sanitizer
+cd ${SRC}/libfido2
+mkdir build && cd build
+cmake -DFUZZ=1 -DFUZZ_LDFLAGS=${LIB_FUZZING_ENGINE} \
+ -DPKG_CONFIG_USE_CMAKE_PREFIX_PATH=1 \
+ -DCMAKE_PREFIX_PATH=${WORK} \
+ -DCMAKE_INSTALL_PREFIX=${WORK} \
+ -DCMAKE_BUILD_TYPE=Debug ..
+make -j$(nproc)
+make install
+
+# Prepare ${OUT} with instrumented libs
+mkdir -p ${OUT}/lib
+for lib in `ls ${WORK}/lib/lib*.so*`; do
+ cp ${lib} ${OUT}/lib;
+done
+
+# Fixup rpath in the fuzzers so they use our libs
+for f in `ls fuzz/fuzz_*`; do
+ cp ${f} ${OUT}/
+ fuzzer=$(basename $f)
+ chrpath -r '$ORIGIN/lib' ${OUT}/${fuzzer}
+done
+
+ # Prepare seed corpora
+tar xzf ${SRC}/libfido2/fuzz/corpus.tgz
+(set -e ; cd fuzz_assert/corpus ; zip -r ${OUT}/fuzz_assert_seed_corpus.zip .)
+(set -e ; cd fuzz_bio/corpus ; zip -r ${OUT}/fuzz_bio_seed_corpus.zip .)
+(set -e ; cd fuzz_cred/corpus ; zip -r ${OUT}/fuzz_cred_seed_corpus.zip .)
+(set -e ; cd fuzz_credman/corpus ; zip -r ${OUT}/fuzz_credman_seed_corpus.zip .)
+(set -e ; cd fuzz_mgmt/corpus ; zip -r ${OUT}/fuzz_mgmt_seed_corpus.zip .)
diff --git a/projects/libfido2/project.yaml b/projects/libfido2/project.yaml
new file mode 100644
index 0000000..e3f28c1
--- /dev/null
+++ b/projects/libfido2/project.yaml
@@ -0,0 +1,12 @@
+homepage: https://github.com/Yubico/libfido2
+primary_contact: "g.kihlman@yubico.com"
+auto_ccs:
+ - "pedro@ambientworks.net"
+ - "marissa.nishimoto@yubico.com"
+ - "pedro.ossfuzz@gmail.com"
+sanitizers:
+ - address
+ - undefined
+ - memory
+fuzzing_engines:
+ - libfuzzer
diff --git a/projects/libjpeg-turbo/project.yaml b/projects/libjpeg-turbo/project.yaml
index fb4f1e3..b77303b 100644
--- a/projects/libjpeg-turbo/project.yaml
+++ b/projects/libjpeg-turbo/project.yaml
@@ -1,6 +1,8 @@
homepage: "https://github.com/libjpeg-turbo/libjpeg-turbo"
vendor_ccs:
- - "cdiehl@mozilla.com"
+ - "aosmond@mozilla.com"
+ - "tnikkel@mozilla.com"
+ - "twsmith@mozilla.com"
sanitizers:
- address
- memory
diff --git a/projects/libpng/project.yaml b/projects/libpng/project.yaml
index 4edfdad..0497bb3 100644
--- a/projects/libpng/project.yaml
+++ b/projects/libpng/project.yaml
@@ -1,5 +1,9 @@
homepage: "http://www.libpng.org/pub/png/libpng.html"
primary_contact: "glennrp@gmail.com"
+vendor_ccs:
+ - "aosmond@mozilla.com"
+ - "tnikkel@mozilla.com"
+ - "twsmith@mozilla.com"
sanitizers:
- address
- memory
diff --git a/projects/libspectre/Dockerfile b/projects/libspectre/Dockerfile
new file mode 100755
index 0000000..1653685
--- /dev/null
+++ b/projects/libspectre/Dockerfile
@@ -0,0 +1,27 @@
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+
+MAINTAINER randy408@protonmail.com
+
+RUN apt-get update && \
+ apt-get install -y pkg-config make automake libtool wget
+
+RUN git clone --depth 1 https://gitlab.freedesktop.org/libspectre/libspectre.git
+
+WORKDIR libspectre
+COPY build.sh $SRC/
diff --git a/projects/libspectre/build.sh b/projects/libspectre/build.sh
new file mode 100755
index 0000000..0afa753
--- /dev/null
+++ b/projects/libspectre/build.sh
@@ -0,0 +1,18 @@
+#!/bin/bash -eu
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+# Run the OSS-Fuzz script in the project
+$SRC/libspectre/test/ossfuzz.sh
diff --git a/projects/libspectre/project.yaml b/projects/libspectre/project.yaml
new file mode 100755
index 0000000..1a53de1
--- /dev/null
+++ b/projects/libspectre/project.yaml
@@ -0,0 +1,4 @@
+homepage: "https://www.freedesktop.org/wiki/Software/libspectre/"
+primary_contact: "tsdgeos@gmail.com"
+auto_ccs:
+ - "randy440088@gmail.com"
diff --git a/projects/libwebp/project.yaml b/projects/libwebp/project.yaml
index 34a8b65..1a3c383 100644
--- a/projects/libwebp/project.yaml
+++ b/projects/libwebp/project.yaml
@@ -9,4 +9,6 @@
- vrabaud@google.com
- yguyon@google.com
vendor_ccs:
-- cdiehl@mozilla.com
+- aosmond@mozilla.com
+- tnikkel@mozilla.com
+- twsmith@mozilla.com
diff --git a/projects/libxml2/project.yaml b/projects/libxml2/project.yaml
index 3cd4e8e..39fdb71 100644
--- a/projects/libxml2/project.yaml
+++ b/projects/libxml2/project.yaml
@@ -14,3 +14,7 @@
architectures:
- x86_64
- i386
+fuzzing_engines:
+ - libfuzzer
+ - honggfuzz
+ - afl
diff --git a/projects/libzip/Dockerfile b/projects/libzip/Dockerfile
index 97f8240..fb19311 100644
--- a/projects/libzip/Dockerfile
+++ b/projects/libzip/Dockerfile
@@ -19,7 +19,7 @@
MAINTAINER randy408@protonmail.com
-RUN apt-get update && apt-get install -y cmake pkg-config zlib1g-dev
+RUN apt-get update && apt-get install -y cmake pkg-config zlib1g-dev liblzma-dev
RUN git clone --depth 1 https://github.com/nih-at/libzip.git
diff --git a/projects/llvm/Dockerfile b/projects/llvm/Dockerfile
index 76d6809..f6cc0c8 100644
--- a/projects/llvm/Dockerfile
+++ b/projects/llvm/Dockerfile
@@ -22,9 +22,6 @@
pkg-config
# Get LLVM
-RUN svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm > svn.log 2>&1
-RUN cd llvm/tools && svn co http://llvm.org/svn/llvm-project/cfe/trunk clang -r $(cd ../ && svn info | grep Revision | awk '{print $2}') >> svn.log 2>&1
-RUN cd llvm/projects && svn co http://llvm.org/svn/llvm-project/compiler-rt/trunk compiler-rt -r $(cd ../ && svn info | grep Revision | awk '{print $2}') >> svn.log 2>&1
-RUN cd llvm/tools/clang/tools && svn co http://llvm.org/svn/llvm-project/clang-tools-extra/trunk extra -r $(cd ../ && svn info | grep Revision | awk '{print $2}') >> svn.log 2>&1
+RUN git clone --depth 1 https://github.com/llvm/llvm-project.git
COPY build.sh $SRC/
diff --git a/projects/llvm/build.sh b/projects/llvm/build.sh
index 0e6385a..4bb9619 100644
--- a/projects/llvm/build.sh
+++ b/projects/llvm/build.sh
@@ -39,9 +39,13 @@
*) CMAKE_FUZZING_CONFIG="-DLLVM_LIB_FUZZING_ENGINE=${LIB_FUZZING_ENGINE}" ;;
esac
+LLVM=llvm-project/llvm
+
mkdir build
cd build
-cmake -GNinja -DCMAKE_BUILD_TYPE=Release ../llvm \
+
+cmake -GNinja -DCMAKE_BUILD_TYPE=Release ../$LLVM \
+ -DLLVM_ENABLE_PROJECTS="clang;libcxx;libcxxabi;compiler-rt;lld;clang-tools-extra" \
-DLLVM_ENABLE_ASSERTIONS=ON \
-DCMAKE_C_COMPILER="${CC}" \
-DCMAKE_CXX_COMPILER="${CXX}" \
@@ -110,24 +114,24 @@
echo -e "[libfuzzer]\nmax_len = 0" > "${OUT}"/"${fuzzer_name}".options
}
-build_corpus "llvm/test/Transforms/InstCombine/" "llvm-opt-fuzzer--x86_64-instcombine"
-build_corpus "llvm/test/Transforms/EarlyCSE/" "llvm-opt-fuzzer--x86_64-earlycse"
-build_corpus "llvm/test/Transforms/SimplifyCFG/" "llvm-opt-fuzzer--x86_64-simplifycfg"
-build_corpus "llvm/test/Transforms/GVN/" "llvm-opt-fuzzer--x86_64-gvn"
-build_corpus "llvm/test/Transforms/SCCP/" "llvm-opt-fuzzer--x86_64-sccp"
+build_corpus "$LLVM/test/Transforms/InstCombine/" "llvm-opt-fuzzer--x86_64-instcombine"
+build_corpus "$LLVM/test/Transforms/EarlyCSE/" "llvm-opt-fuzzer--x86_64-earlycse"
+build_corpus "$LLVM/test/Transforms/SimplifyCFG/" "llvm-opt-fuzzer--x86_64-simplifycfg"
+build_corpus "$LLVM/test/Transforms/GVN/" "llvm-opt-fuzzer--x86_64-gvn"
+build_corpus "$LLVM/test/Transforms/SCCP/" "llvm-opt-fuzzer--x86_64-sccp"
-build_corpus "llvm/test/Transforms/LoopPredication/" "llvm-opt-fuzzer--x86_64-loop_predication"
-build_corpus "llvm/test/Transforms/GuardWidening/" "llvm-opt-fuzzer--x86_64-guard_widening"
-build_corpus "llvm/test/Transforms/LoopVectorize/" "llvm-opt-fuzzer--x86_64-loop_vectorize"
+build_corpus "$LLVM/test/Transforms/LoopPredication/" "llvm-opt-fuzzer--x86_64-loop_predication"
+build_corpus "$LLVM/test/Transforms/GuardWidening/" "llvm-opt-fuzzer--x86_64-guard_widening"
+build_corpus "$LLVM/test/Transforms/LoopVectorize/" "llvm-opt-fuzzer--x86_64-loop_vectorize"
-build_corpus "llvm/test/Transforms/LoopRotate/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-loop_rotate"
-build_corpus "llvm/test/Transforms/LoopUnswitch/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-loop_unswitch"
-build_corpus "llvm/test/Transforms/LoopUnroll/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-loop_unroll"
-build_corpus "llvm/test/Transforms/LICM/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-licm"
-build_corpus "llvm/test/Transforms/IndVarSimplify/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-indvars"
-build_corpus "llvm/test/Transforms/LoopStrengthReduce/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-strength_reduce"
+build_corpus "$LLVM/test/Transforms/LoopRotate/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-loop_rotate"
+build_corpus "$LLVM/test/Transforms/LoopUnswitch/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-loop_unswitch"
+build_corpus "$LLVM/test/Transforms/LoopUnroll/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-loop_unroll"
+build_corpus "$LLVM/test/Transforms/LICM/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-licm"
+build_corpus "$LLVM/test/Transforms/IndVarSimplify/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-indvars"
+build_corpus "$LLVM/test/Transforms/LoopStrengthReduce/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-strength_reduce"
-build_corpus "llvm/test/Transforms/IRCE/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-irce"
+build_corpus "$LLVM/test/Transforms/IRCE/" "llvm-opt-fuzzer--x86_64-llvm-opt-fuzzer--x86_64-irce"
-zip -j "${OUT}/clang-objc-fuzzer_seed_corpus.zip" llvm/tools/clang/tools/clang-fuzzer/corpus_examples/objc/*
-zip -j "${OUT}/clangd-fuzzer_seed_corpus.zip" llvm/tools/clang/tools/extra/clangd/test/*
+zip -j "${OUT}/clang-objc-fuzzer_seed_corpus.zip" $SRC/$LLVM/../clang/tools/clang-fuzzer/corpus_examples/objc/*
+zip -j "${OUT}/clangd-fuzzer_seed_corpus.zip" $SRC/$LLVM/../clang-tools-extra/clangd/test/*
diff --git a/projects/llvm_libcxx/Dockerfile b/projects/llvm_libcxx/Dockerfile
index 5777a4c..389b365 100644
--- a/projects/llvm_libcxx/Dockerfile
+++ b/projects/llvm_libcxx/Dockerfile
@@ -14,6 +14,5 @@
#
################################################################################
FROM gcr.io/oss-fuzz-base/base-builder
-RUN svn co http://llvm.org/svn/llvm-project/libcxxabi/trunk libcxxabi
-RUN svn co http://llvm.org/svn/llvm-project/libcxx/trunk libcxx
+RUN git clone --depth 1 https://github.com/llvm/llvm-project.git
COPY build.sh $SRC/
diff --git a/projects/llvm_libcxx/build.sh b/projects/llvm_libcxx/build.sh
index 961a912..56130d3 100755
--- a/projects/llvm_libcxx/build.sh
+++ b/projects/llvm_libcxx/build.sh
@@ -15,6 +15,8 @@
#
################################################################################
+cd llvm-project
+
if [[ $SANITIZER = *undefined* ]]; then
CXXFLAGS="$CXXFLAGS -fsanitize=unsigned-integer-overflow -fsanitize-trap=unsigned-integer-overflow"
fi
@@ -28,5 +30,7 @@
assert(result == 0); return 0;
}
EOF
- $CXX $CXXFLAGS -std=c++11 ${f}_fuzzer.cc ./libcxx/fuzzing/fuzzing.cpp -I ./libcxx -o $OUT/$f $LIB_FUZZING_ENGINE
+ $CXX $CXXFLAGS -std=c++11 ${f}_fuzzer.cc ./libcxx/fuzzing/fuzzing.cpp \
+ -nostdinc++ -cxx-isystem ./libcxx/include -iquote ./libcxx \
+ -o $OUT/$f $LIB_FUZZING_ENGINE
done
diff --git a/projects/llvm_libcxx/project.yaml b/projects/llvm_libcxx/project.yaml
index 2cbcaff..06b10f3 100644
--- a/projects/llvm_libcxx/project.yaml
+++ b/projects/llvm_libcxx/project.yaml
@@ -4,3 +4,5 @@
- "timshen91@gmail.com"
- "jfb@chromium.org"
- "bigcheesegs@gmail.com"
+ - "eric@efcs.ca"
+ - "ldionne.2@gmail.com"
diff --git a/projects/llvm_libcxxabi/Dockerfile b/projects/llvm_libcxxabi/Dockerfile
index fcba44f..15ca3e1 100644
--- a/projects/llvm_libcxxabi/Dockerfile
+++ b/projects/llvm_libcxxabi/Dockerfile
@@ -18,6 +18,6 @@
MAINTAINER kcc@google.com
RUN apt-get update && apt-get install -y subversion
-RUN svn co https://llvm.org/svn/llvm-project/libcxxabi/trunk llvm_libcxxabi
-WORKDIR llvm_libcxxabi
+RUN git clone --depth 1 https://github.com/llvm/llvm-project.git
+WORKDIR llvm-project/libcxxabi
COPY build.sh $SRC/
diff --git a/projects/llvm_libcxxabi/project.yaml b/projects/llvm_libcxxabi/project.yaml
index 505f623..3a2e46f 100644
--- a/projects/llvm_libcxxabi/project.yaml
+++ b/projects/llvm_libcxxabi/project.yaml
@@ -4,6 +4,7 @@
- "Erik.Pilkington@gmail.com"
- "akilsrin@apple.com"
- "bigcheesegs@gmail.com"
+ - "eric@efcs.ca"
sanitizers:
- address
- memory
diff --git a/projects/mtail/Dockerfile b/projects/mtail/Dockerfile
new file mode 100644
index 0000000..42b94f5
--- /dev/null
+++ b/projects/mtail/Dockerfile
@@ -0,0 +1,22 @@
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER jaq@spacepants.org
+RUN mkdir -p github.com/google
+RUN git clone --depth 1 https://github.com/google/mtail github.com/google/mtail
+WORKDIR github.com/google/mtail
+COPY build.sh $SRC/
diff --git a/projects/mtail/build.sh b/projects/mtail/build.sh
new file mode 100755
index 0000000..58c6cf7
--- /dev/null
+++ b/projects/mtail/build.sh
@@ -0,0 +1,26 @@
+#!/bin/bash -eu
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# We've used git checkout, not go get to fetch the source so set up the GOPATH to find our source.
+export GOPATH=$GOPATH:/
+
+# go-fuzz-build doesn't like modules until https://github.com/dvyukov/go-fuzz/issues/195 is fixed
+# fetch and vendor all the dependencies so go-fuzz-build can find them
+make GO111MODULE=off --debug install_deps
+go mod vendor
+
+make GO111MODULE=off --debug $OUT/vm-fuzzer.dict $OUT/vm-fuzzer_seed_corpus.zip $OUT/vm-fuzzer
diff --git a/projects/mtail/project.yaml b/projects/mtail/project.yaml
new file mode 100644
index 0000000..3878cca
--- /dev/null
+++ b/projects/mtail/project.yaml
@@ -0,0 +1,6 @@
+homepage: https://github.com/google/mtail
+primary_contact: jaq@spacepants.org
+fuzzing_engines:
+ - libfuzzer
+sanitizers:
+ - address
diff --git a/projects/mysql-server/build.sh b/projects/mysql-server/build.sh
index 4cfc3b4..9f9afe6 100644
--- a/projects/mysql-server/build.sh
+++ b/projects/mysql-server/build.sh
@@ -20,7 +20,11 @@
git apply ../fix.diff
mkdir build
cd build
-cmake .. -Dprotobuf_BUILD_SHARED_LIBS=OFF -DDOWNLOAD_BOOST=1 -DWITH_BOOST=. -DWITH_SSL=system -DFUZZING=1 -DCMAKE_INSTALL_PREFIX=$OUT/mysql
+if [[ $SANITIZER = *undefined* ]]; then
+ cmake .. -Dprotobuf_BUILD_SHARED_LIBS=OFF -DDOWNLOAD_BOOST=1 -DWITH_BOOST=. -DWITH_SSL=system -DFUZZING=1 -DCMAKE_INSTALL_PREFIX=$OUT/mysql -DWITH_UBSAN=1
+else
+ cmake .. -Dprotobuf_BUILD_SHARED_LIBS=OFF -DDOWNLOAD_BOOST=1 -DWITH_BOOST=. -DWITH_SSL=system -DFUZZING=1 -DCMAKE_INSTALL_PREFIX=$OUT/mysql
+fi
make install
cp $OUT/mysql/bin/fuzz* $OUT/
cp ../fuzz/fuzz*.options $OUT/
diff --git a/projects/mysql-server/targets/fuzz_real_query.cc b/projects/mysql-server/targets/fuzz_real_query.cc
index 15a72e7..913b01b 100644
--- a/projects/mysql-server/targets/fuzz_real_query.cc
+++ b/projects/mysql-server/targets/fuzz_real_query.cc
@@ -24,7 +24,7 @@
if (logfile == NULL) {
logfile = fopen("/dev/null", "w");
}
- flags = * ((unsigned long *) (Data + Size - sizeof(unsigned long)));
+ memcpy(&flags, Data + Size - sizeof(unsigned long), sizeof(unsigned long));
mysql_init(&mysql);
mysql_options(&mysql, MYSQL_ENABLE_CLEARTEXT_PLUGIN, &opt_cleartext);
mysql_options(&mysql, MYSQL_OPT_SSL_MODE, &opt_ssl);
diff --git a/projects/nanopb/Dockerfile b/projects/nanopb/Dockerfile
new file mode 100644
index 0000000..5ddb2ff
--- /dev/null
+++ b/projects/nanopb/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER jpa@npb.mail.kapsi.fi
+RUN apt-get update && apt-get install -y python-pip git scons
+RUN pip install protobuf grpcio-tools
+RUN git clone --depth 1 https://github.com/nanopb/nanopb $SRC/nanopb
+COPY build.sh $SRC/
+
diff --git a/projects/nanopb/build.sh b/projects/nanopb/build.sh
new file mode 100755
index 0000000..f9fc81c
--- /dev/null
+++ b/projects/nanopb/build.sh
@@ -0,0 +1,46 @@
+#!/bin/bash -eu
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd $SRC/nanopb/tests
+
+# Build seed corpus.
+# Generating it here ensures it will contain all of the fields in the AllTypes
+# test case. The generators are built without fuzzing instrumentation.
+rm -rf build
+scons build/alltypes/encode_alltypes build/fuzztest/generate_message
+mkdir fuzztest_seed_corpus
+build/alltypes/encode_alltypes 0 > fuzztest_seed_corpus/alltypes0
+build/alltypes/encode_alltypes 1 > fuzztest_seed_corpus/alltypes1
+build/alltypes/encode_alltypes 2 > fuzztest_seed_corpus/alltypes2
+build/fuzztest/generate_message $(date +%s) > fuzztest_seed_corpus/rndmsg 2>/dev/null
+for f in fuzztest_seed_corpus/*; do
+ mv $f fuzztest_seed_corpus/$(sha1sum $f | cut -f 1 -d ' ')
+done
+zip -r "$OUT/fuzztest_seed_corpus.zip" fuzztest_seed_corpus
+
+# Build the fuzz testing stub with instrumentation
+rm -rf build
+scons CC="$CC" CXX="$CXX" LINK="$CXX" \
+ CCFLAGS="-Wall -Wextra -g -DLLVMFUZZER $CFLAGS" \
+ CXXFLAGS="-Wall -Wextra -g -DLLVMFUZZER $CXXFLAGS" \
+ NODEFARGS="1" \
+ LINKFLAGS="-std=c++11 $CXXFLAGS" \
+ LINKLIBS="$LIB_FUZZING_ENGINE" build/fuzztest/fuzztest
+
+cp build/fuzztest/fuzztest "$OUT/fuzztest"
+
+
diff --git a/projects/nanopb/project.yaml b/projects/nanopb/project.yaml
new file mode 100644
index 0000000..53aab2e
--- /dev/null
+++ b/projects/nanopb/project.yaml
@@ -0,0 +1,7 @@
+homepage: "https://jpa.kapsi.fi/nanopb/"
+primary_contact: "jpa@npb.mail.kapsi.fi"
+sanitizers:
+ - address
+ - memory
+ - undefined
+
diff --git a/projects/ndpi/project.yaml b/projects/ndpi/project.yaml
index f4255e6..21c6d4f 100644
--- a/projects/ndpi/project.yaml
+++ b/projects/ndpi/project.yaml
@@ -1,4 +1,4 @@
homepage: "https://www.ntop.org/products/deep-packet-inspection/ndpi/"
-primary_contact: "deri@ntop.org"
+primary_contact: "luca.deri@gmail.com"
auto_ccs :
- "p.antoine@catenacyber.fr"
diff --git a/projects/nss/project.yaml b/projects/nss/project.yaml
index 1d4bb2a..f3daae3 100644
--- a/projects/nss/project.yaml
+++ b/projects/nss/project.yaml
@@ -4,6 +4,7 @@
- "jjones@mozilla.com"
- "cdiehl@mozilla.com"
- "sledru@mozilla.com"
+ - "kjacobs@mozilla.com"
fuzzing_engines:
- libfuzzer
- afl
diff --git a/projects/oak/Dockerfile b/projects/oak/Dockerfile
index 380dba0..9d74398 100644
--- a/projects/oak/Dockerfile
+++ b/projects/oak/Dockerfile
@@ -14,15 +14,26 @@
#
################################################################################
-FROM gcr.io/oss-fuzz-base/base-builder
+# TODO(https://github.com/google/oss-fuzz/issues/3093): Stop specifying the
+# image SHA once the bug is fixed.
+FROM gcr.io/oss-fuzz-base/base-builder@sha256:276813aef0ce5972db43c0230f96162003994fa742fb1b2f4e66c67498575c65
MAINTAINER tzn@google.com
-RUN apt-get update && apt-get install -y \
- curl
+
+# Use a fixed Bazel version.
+# https://github.com/google/asylo/blob/088ea3490dd4579655bd5b65b0e31fe18de7f6dd/asylo/distrib/toolchain/Dockerfile#L48-L71
+ARG bazel_version=1.1.0
+ARG bazel_sha=138b47ffd54924e3c0264c65d31d3927803fb9025db4d5b18107df79ee3bda95
+ARG bazel_url=https://storage.googleapis.com/bazel-apt/pool/jdk1.8/b/bazel/bazel_${bazel_version}_amd64.deb
# Install Bazel.
-RUN echo "deb [arch=amd64] http://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.list.d/bazel.list
-RUN curl https://bazel.build/bazel-release.pub.gpg | apt-key add -
-RUN apt-get update && apt-get install -y bazel
+RUN apt-get update && \
+ apt-get install -y wget && \
+ wget "${bazel_url}" -nv -o- -O bazel.deb && \
+ echo "${bazel_sha} bazel.deb" > bazel.sha256 && \
+ sha256sum --check bazel.sha256 && \
+ apt-get install -y ./bazel.deb && \
+ rm bazel.deb bazel.sha256 && \
+ apt-get clean
RUN git clone --depth 1 https://github.com/project-oak/oak oak
WORKDIR oak
diff --git a/projects/oak/project.yaml b/projects/oak/project.yaml
index 75f8ee8..b336dcc 100644
--- a/projects/oak/project.yaml
+++ b/projects/oak/project.yaml
@@ -2,8 +2,11 @@
primary_contact: "tzn@google.com"
auto_ccs:
- "project-oak-team@google.com"
- - "iovi@google.com"
+ - "benblaxill@google.com"
- "drysdale@google.com"
+ - "grobler@google.com"
+ - "iovi@google.com"
+ - "ivanpetrov@google.com"
- "mks@google.com"
fuzzing_engines:
- libfuzzer
diff --git a/projects/openh264/project.yaml b/projects/openh264/project.yaml
index 9c6b7a7..b963a4b 100644
--- a/projects/openh264/project.yaml
+++ b/projects/openh264/project.yaml
@@ -4,9 +4,10 @@
- "guangwwa@cisco.com"
- "sijchen@cisco.com"
- "yanqian@cisco.com"
+ - "xiaotianshimail@gmail.com"
vendor_ccs:
+ - "dminor@mozilla.com"
- "twsmith@mozilla.com"
- - "cdiehl@mozilla.com"
sanitizers:
- address
- memory
diff --git a/projects/opus/project.yaml b/projects/opus/project.yaml
index 15fd940..bfadfe3 100644
--- a/projects/opus/project.yaml
+++ b/projects/opus/project.yaml
@@ -3,7 +3,7 @@
auto_ccs:
- "flim@google.com"
vendor_ccs:
- - "cdiehl@mozilla.com"
+ - "twsmith@mozilla.com"
sanitizers:
- address
- memory
diff --git a/projects/osquery/project.yaml b/projects/osquery/project.yaml
index ad7ab06..db5f8bb 100644
--- a/projects/osquery/project.yaml
+++ b/projects/osquery/project.yaml
@@ -7,6 +7,9 @@
- "alessandro.gario@gmail.com"
- "tom@ritter.vg"
- "mhl@fb.com"
+ - "sharvil@sharvilshah.com"
+ - "gellerbedoya@gmail.com"
+ - "stefano.bonicatti@gmail.com"
sanitizers:
- address
fuzzing_engines:
diff --git a/projects/ots/project.yaml b/projects/ots/project.yaml
index 37a8deb..b70de65 100644
--- a/projects/ots/project.yaml
+++ b/projects/ots/project.yaml
@@ -4,4 +4,6 @@
- "kevin899@gmail.com"
- "jfkthame@gmail.com"
vendor_ccs:
- - "cdiehl@mozilla.com"
+ - "jmuizelaar@mozilla.com"
+ - "lsalzman@mozilla.com"
+ - "twsmith@mozilla.com"
diff --git a/projects/php/build.sh b/projects/php/build.sh
index 7dd53e6..0dd2a79 100755
--- a/projects/php/build.sh
+++ b/projects/php/build.sh
@@ -24,6 +24,10 @@
export ONIG_CFLAGS="-I$PWD/oniguruma/src"
export ONIG_LIBS="-L$PWD/oniguruma/src/.libs -l:libonig.a"
+# PHP's zend_function union is incompatible with the object-size sanitizer
+export CFLAGS="$CFLAGS -fno-sanitize=object-size"
+export CXXFLAGS="$CXXFLAGS -fno-sanitize=object-size"
+
# build project
./buildconf
./configure \
@@ -33,6 +37,7 @@
--enable-json \
--enable-exif \
--enable-mbstring \
+ --without-pcre-jit \
--disable-phpdbg \
--disable-cgi \
--with-pic
diff --git a/projects/php/project.yaml b/projects/php/project.yaml
index bccd56b..5520029 100644
--- a/projects/php/project.yaml
+++ b/projects/php/project.yaml
@@ -6,6 +6,7 @@
sanitizers:
- address
- undefined
+ - memory
architectures:
- x86_64
- i386
diff --git a/projects/qpid-proton/Dockerfile b/projects/qpid-proton/Dockerfile
index 492adf0..956a659 100644
--- a/projects/qpid-proton/Dockerfile
+++ b/projects/qpid-proton/Dockerfile
@@ -24,4 +24,3 @@
WORKDIR qpid-proton
COPY build.sh $SRC/
-COPY c_tests_fuzz_CMakeLists.patch $SRC/
diff --git a/projects/qpid-proton/build.sh b/projects/qpid-proton/build.sh
index 62e51e4..610a6f5 100755
--- a/projects/qpid-proton/build.sh
+++ b/projects/qpid-proton/build.sh
@@ -15,7 +15,6 @@
#
################################################################################
-patch -p1 < $SRC/c_tests_fuzz_CMakeLists.patch || (cat c/tests/fuzz/CMakeLists.txt.rej && false)
mkdir build
pushd build
cmake .. -DCMAKE_BUILD_TYPE=Release -DBUILD_STATIC_LIBS=ON -DENABLE_FUZZ_TESTING=ON -DFUZZ_REGRESSION_TESTS=OFF
diff --git a/projects/qpid-proton/c_tests_fuzz_CMakeLists.patch b/projects/qpid-proton/c_tests_fuzz_CMakeLists.patch
deleted file mode 100644
index 0673175..0000000
--- a/projects/qpid-proton/c_tests_fuzz_CMakeLists.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From a0d2345bec4e7538ad7df535323a8acd8bec2d36 Mon Sep 17 00:00:00 2001
-From: Jiri Danek <jdanek@redhat.com>
-Date: Thu, 13 Dec 2018 14:52:09 +0100
-Subject: [PATCH] NO-JIRA: c/test/fuzz patches from oss-fuzz
-
-* NO-JIRA: [c] prefer linking with static library in fuzz tests
-* NO-JIRA: [c] link fuzzing binaries using CXX linker
----
- c/tests/fuzz/CMakeLists.txt | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/c/tests/fuzz/CMakeLists.txt b/c/tests/fuzz/CMakeLists.txt
-index b4470d59..211252c4 100644
---- a/c/tests/fuzz/CMakeLists.txt
-+++ b/c/tests/fuzz/CMakeLists.txt
-@@ -32,7 +32,16 @@ add_library (StandaloneFuzzTargetMain STATIC StandaloneFuzzTargetMain.c Standalo
-
- macro (pn_add_fuzz_test test)
- add_executable (${test} ${ARGN})
-- target_link_libraries (${test} qpid-proton-core ${FUZZING_LIBRARY})
-+ # prefer static lib for the fuzzer, if available
-+ if (BUILD_STATIC_LIBS)
-+ set(FUZZING_QPID_PROTON_CORE_LIBRARY qpid-proton-core-static)
-+ else()
-+ set(FUZZING_QPID_PROTON_CORE_LIBRARY qpid-proton-core)
-+ endif()
-+ target_link_libraries (${test} ${FUZZING_QPID_PROTON_CORE_LIBRARY} ${FUZZING_LIBRARY})
-+ # -lFuzzingEngine is a C++ library, which needs c++ std lib
-+ set_target_properties(${test} PROPERTIES LINKER_LANGUAGE CXX)
-+
- list(APPEND fuzz_test_src ${ARGN})
-
- if (FUZZ_REGRESSION_TESTS)
---
-2.16.5
diff --git a/projects/samba/Dockerfile b/projects/samba/Dockerfile
new file mode 100644
index 0000000..3d3ee35
--- /dev/null
+++ b/projects/samba/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+
+RUN git clone https://gitlab.com/samba-team/samba samba
+RUN samba/lib/fuzzing/oss-fuzz/build_image.sh
+
+WORKDIR samba
+COPY build.sh $SRC/
diff --git a/projects/samba/build.sh b/projects/samba/build.sh
new file mode 100755
index 0000000..b809e4c
--- /dev/null
+++ b/projects/samba/build.sh
@@ -0,0 +1,19 @@
+#!/bin/bash -eu
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# The real script is maintained in the Samba repo
+exec lib/fuzzing/oss-fuzz/build_samba.sh
diff --git a/projects/samba/project.yaml b/projects/samba/project.yaml
new file mode 100644
index 0000000..0d20a2a
--- /dev/null
+++ b/projects/samba/project.yaml
@@ -0,0 +1,15 @@
+homepage: "https://samba.org"
+primary_contact: "douglas.bagnall@catalyst.net.nz"
+auto_ccs:
+ - "abartlet+google@catalyst.net.nz"
+ - "cryptomilk@gmail.com"
+ - "lockyergw@gmail.com"
+ - "jra@google.com"
+ - "sloowfranklin@gmail.com"
+ - "gdeschner@gmail.com"
+fuzzing_engines:
+ - libfuzzer
+sanitizers:
+ - address
+ - undefined
+help_url: "https://wiki.samba.org/index.php/Fuzzing"
diff --git a/projects/skcms/project.yaml b/projects/skcms/project.yaml
index 2423a36..8401165 100644
--- a/projects/skcms/project.yaml
+++ b/projects/skcms/project.yaml
@@ -1,7 +1,7 @@
homepage: "https://skia.googlesource.com/skcms/+/master"
primary_contact: "kjlubick@chromium.org"
auto_ccs:
- - "mtklein@chromium.org"
+ - "mtklein@google.com"
- "brianosman@google.com"
sanitizers:
- address
diff --git a/projects/skia/BUILD.gn.diff b/projects/skia/BUILD.gn.diff
index 991c41b..ffa088c 100644
--- a/projects/skia/BUILD.gn.diff
+++ b/projects/skia/BUILD.gn.diff
@@ -155,6 +155,7 @@
"fuzz/oss_fuzz/FuzzAPIImageFilter.cpp",
"tools/UrlDataManager.cpp",
"tools/debugger/DebugCanvas.cpp",
+ "tools/debugger/DebugLayerManager.cpp",
"tools/debugger/DrawCommand.cpp",
"tools/debugger/JsonWriteBuffer.cpp",
]
@@ -206,6 +207,7 @@
"tools/Resources.cpp",
"tools/UrlDataManager.cpp",
"tools/debugger/DebugCanvas.cpp",
+ "tools/debugger/DebugLayerManager.cpp",
"tools/debugger/DrawCommand.cpp",
"tools/debugger/JsonWriteBuffer.cpp",
"tools/fonts/TestFontMgr.cpp",
@@ -236,6 +238,7 @@
"tools/Resources.cpp",
"tools/UrlDataManager.cpp",
"tools/debugger/DebugCanvas.cpp",
+ "tools/debugger/DebugLayerManager.cpp",
"tools/debugger/DrawCommand.cpp",
"tools/debugger/JsonWriteBuffer.cpp",
"tools/fonts/TestFontMgr.cpp",
@@ -265,6 +268,7 @@
"tools/Resources.cpp",
"tools/UrlDataManager.cpp",
"tools/debugger/DebugCanvas.cpp",
+ "tools/debugger/DebugLayerManager.cpp",
"tools/debugger/DrawCommand.cpp",
"tools/debugger/JsonWriteBuffer.cpp",
"tools/fonts/TestFontMgr.cpp",
diff --git a/projects/skia/project.yaml b/projects/skia/project.yaml
index 5f94ab0..c1aa459 100644
--- a/projects/skia/project.yaml
+++ b/projects/skia/project.yaml
@@ -5,6 +5,9 @@
- "mtklein@google.com"
- "reed@google.com"
- "bsalomon@google.com"
+vendor_ccs:
+ - "lsalzman@mozilla.com"
+ - "twsmith@mozilla.com"
sanitizers:
- address
- undefined
diff --git a/projects/skia/skia.diff b/projects/skia/skia.diff
index 5899bf5..4e0c269 100644
--- a/projects/skia/skia.diff
+++ b/projects/skia/skia.diff
@@ -1,5 +1,5 @@
diff --git a/fuzz/FuzzPathMeasure.cpp b/fuzz/FuzzPathMeasure.cpp
-index 62e7b7434c..f64faab8be 100644
+index 8526ff8cc6..116302f5fe 100644
--- a/fuzz/FuzzPathMeasure.cpp
+++ b/fuzz/FuzzPathMeasure.cpp
@@ -22,6 +22,9 @@ DEF_FUZZ(PathMeasure, fuzz) {
@@ -13,10 +13,10 @@
SkPathMeasure measure(path, bits & 1, resScale);
SkPoint position;
diff --git a/src/core/SkAAClip.cpp b/src/core/SkAAClip.cpp
-index baf8277e03..7480e0ea9e 100644
+index c33ea9510d..a4d09c265d 100644
--- a/src/core/SkAAClip.cpp
+++ b/src/core/SkAAClip.cpp
-@@ -1548,6 +1548,12 @@ static void operateY(SkAAClip::Builder& builder, const SkAAClip& A,
+@@ -1547,6 +1547,12 @@ static void operateY(SkAAClip::Builder& builder, const SkAAClip& A,
int topB = iterB.top();
int botB = iterB.bottom();
@@ -30,7 +30,7 @@
const uint8_t* rowA = nullptr;
const uint8_t* rowB = nullptr;
diff --git a/src/core/SkDraw.cpp b/src/core/SkDraw.cpp
-index 90bdf4772d..48ffbdfb79 100644
+index 296329a52d..9b74d50146 100644
--- a/src/core/SkDraw.cpp
+++ b/src/core/SkDraw.cpp
@@ -959,6 +959,12 @@ void SkDraw::drawPath(const SkPath& origSrcPath, const SkPaint& origPaint,
@@ -47,10 +47,10 @@
}
diff --git a/src/core/SkImageFilter.cpp b/src/core/SkImageFilter.cpp
-index 01767c8618..18305a4f4f 100644
+index 107566459b..bac5263e47 100644
--- a/src/core/SkImageFilter.cpp
+++ b/src/core/SkImageFilter.cpp
-@@ -91,6 +91,12 @@ bool SkImageFilter::Common::unflatten(SkReadBuffer& buffer, int expectedCount) {
+@@ -176,6 +176,12 @@ bool SkImageFilter_Base::Common::unflatten(SkReadBuffer& buffer, int expectedCou
return false;
}
@@ -64,10 +64,10 @@
for (int i = 0; i < count; i++) {
fInputs.push_back(buffer.readBool() ? buffer.readImageFilter() : nullptr);
diff --git a/src/core/SkMallocPixelRef.cpp b/src/core/SkMallocPixelRef.cpp
-index 7f625cf466..c90a9c99bd 100644
+index d998029a2b..8807c1fc4d 100644
--- a/src/core/SkMallocPixelRef.cpp
+++ b/src/core/SkMallocPixelRef.cpp
-@@ -70,6 +70,11 @@ sk_sp<SkPixelRef> SkMallocPixelRef::MakeAllocate(const SkImageInfo& info, size_t
+@@ -37,6 +37,11 @@ sk_sp<SkPixelRef> SkMallocPixelRef::MakeAllocate(const SkImageInfo& info, size_t
return nullptr;
}
}
@@ -80,10 +80,10 @@
if (nullptr == addr) {
return nullptr;
diff --git a/src/core/SkMaskFilter.cpp b/src/core/SkMaskFilter.cpp
-index 766be2bedf..32ec8184cb 100644
+index 573fe3cabb..cae96b00cc 100644
--- a/src/core/SkMaskFilter.cpp
+++ b/src/core/SkMaskFilter.cpp
-@@ -261,6 +261,11 @@ bool SkMaskFilterBase::filterPath(const SkPath& devPath, const SkMatrix& matrix,
+@@ -262,6 +262,11 @@ bool SkMaskFilterBase::filterPath(const SkPath& devPath, const SkMatrix& matrix,
SkMask srcM, dstM;
@@ -96,10 +96,10 @@
SkMask::kComputeBoundsAndRenderImage_CreateMode,
style)) {
diff --git a/src/core/SkPaint.cpp b/src/core/SkPaint.cpp
-index 919e49f31d..0a90eec722 100644
+index f294dbe4a0..12100e1624 100644
--- a/src/core/SkPaint.cpp
+++ b/src/core/SkPaint.cpp
-@@ -452,6 +452,13 @@ bool SkPaint::getFillPath(const SkPath& src, SkPath* dst, const SkRect* cullRect
+@@ -449,6 +449,13 @@ bool SkPaint::getFillPath(const SkPath& src, SkPath* dst, const SkRect* cullRect
SkStrokeRec rec(*this, resScale);
@@ -114,10 +114,10 @@
SkPath tmpPath;
diff --git a/src/core/SkPath.cpp b/src/core/SkPath.cpp
-index 35939679c6..95312d4864 100644
+index 5679a9d182..104523a6af 100644
--- a/src/core/SkPath.cpp
+++ b/src/core/SkPath.cpp
-@@ -3791,7 +3791,11 @@ void SkPathPriv::CreateDrawArcPath(SkPath* path, const SkRect& oval, SkScalar st
+@@ -3120,7 +3120,11 @@ void SkPathPriv::CreateDrawArcPath(SkPath* path, const SkRect& oval, SkScalar st
SkScalar sweepAngle, bool useCenter, bool isFillNoPathEffect) {
SkASSERT(!oval.isEmpty());
SkASSERT(sweepAngle);
@@ -129,9 +129,9 @@
+#endif
path->reset();
path->setIsVolatile(true);
- path->setFillType(SkPath::kWinding_FillType);
+ path->setFillType(SkPathFillType::kWinding);
diff --git a/src/core/SkReadBuffer.cpp b/src/core/SkReadBuffer.cpp
-index 9febf01bfa..d1b701fe62 100644
+index ff78b74a34..ce846799a4 100644
--- a/src/core/SkReadBuffer.cpp
+++ b/src/core/SkReadBuffer.cpp
@@ -277,7 +277,12 @@ sk_sp<SkData> SkReadBuffer::readByteArrayAsData() {
@@ -148,7 +148,7 @@
/* Format:
diff --git a/src/core/SkScan_Hairline.cpp b/src/core/SkScan_Hairline.cpp
-index d9c0408b34..8f44cba5f3 100644
+index f9365cecb2..7b77341e06 100644
--- a/src/core/SkScan_Hairline.cpp
+++ b/src/core/SkScan_Hairline.cpp
@@ -121,7 +121,11 @@ void SkScan::HairLineRgn(const SkPoint array[], int arrayCount, const SkRegion*
@@ -178,7 +178,7 @@
SkFixed startX = SkFDot6ToFixed(x0) + (slope * ((32 - y0) & 63) >> 6);
diff --git a/src/effects/Sk1DPathEffect.cpp b/src/effects/Sk1DPathEffect.cpp
-index fbb73f5959..3cafd47f65 100644
+index 360179d663..04df451f2a 100644
--- a/src/effects/Sk1DPathEffect.cpp
+++ b/src/effects/Sk1DPathEffect.cpp
@@ -19,6 +19,11 @@
@@ -194,7 +194,7 @@
int governor = MAX_REASONABLE_ITERATIONS;
SkScalar length = meas.getLength();
diff --git a/src/effects/Sk2DPathEffect.cpp b/src/effects/Sk2DPathEffect.cpp
-index fb6a88e0fb..8253a1284d 100644
+index fa19bb96b8..005daff13b 100644
--- a/src/effects/Sk2DPathEffect.cpp
+++ b/src/effects/Sk2DPathEffect.cpp
@@ -51,6 +51,11 @@ void Sk2DPathEffect::nextSpan(int x, int y, int count, SkPath* path) const {
@@ -210,7 +210,7 @@
const SkMatrix& mat = this->getMatrix();
SkPoint src, dst;
diff --git a/src/effects/SkDashPathEffect.cpp b/src/effects/SkDashPathEffect.cpp
-index ebcc683dca..753310f4c1 100644
+index 913d851c04..bd4ea876c0 100644
--- a/src/effects/SkDashPathEffect.cpp
+++ b/src/effects/SkDashPathEffect.cpp
@@ -381,6 +381,12 @@ sk_sp<SkFlattenable> SkDashImpl::CreateProc(SkReadBuffer& buffer) {
@@ -227,7 +227,7 @@
if (buffer.readScalarArray(intervals.get(), count)) {
return SkDashPathEffect::Make(intervals.get(), SkToInt(count), phase);
diff --git a/src/effects/SkDiscretePathEffect.cpp b/src/effects/SkDiscretePathEffect.cpp
-index 2c913d8d9e..61b9629766 100644
+index 93ea43fa29..69527725a6 100644
--- a/src/effects/SkDiscretePathEffect.cpp
+++ b/src/effects/SkDiscretePathEffect.cpp
@@ -97,6 +97,11 @@ bool SkDiscretePathEffect::onFilterPath(SkPath* dst, const SkPath& src,
@@ -243,10 +243,10 @@
if (fSegLength * (2 + doFill) > length) {
meas.getSegment(0, length, dst, true); // to short for us to mangle
diff --git a/src/effects/SkLayerDrawLooper.cpp b/src/effects/SkLayerDrawLooper.cpp
-index cd3f51bac3..d2b5050f0c 100644
+index 42592211a9..3b46f632cf 100644
--- a/src/effects/SkLayerDrawLooper.cpp
+++ b/src/effects/SkLayerDrawLooper.cpp
-@@ -228,6 +228,11 @@ void SkLayerDrawLooper::flatten(SkWriteBuffer& buffer) const {
+@@ -213,6 +213,11 @@ void SkLayerDrawLooper::flatten(SkWriteBuffer& buffer) const {
sk_sp<SkFlattenable> SkLayerDrawLooper::CreateProc(SkReadBuffer& buffer) {
int count = buffer.readInt();
@@ -259,7 +259,7 @@
for (int i = 0; i < count; i++) {
LayerInfo info;
diff --git a/src/ports/SkDebug_stdio.cpp b/src/ports/SkDebug_stdio.cpp
-index ec4e3fec77..4bc01d5d51 100644
+index 1bba63cc0a..e569514902 100644
--- a/src/ports/SkDebug_stdio.cpp
+++ b/src/ports/SkDebug_stdio.cpp
@@ -12,9 +12,13 @@
diff --git a/projects/solidity/Dockerfile b/projects/solidity/Dockerfile
index e8181ee..9bf5413 100644
--- a/projects/solidity/Dockerfile
+++ b/projects/solidity/Dockerfile
@@ -27,9 +27,9 @@
RUN git clone --recursive -b boost-1.69.0 https://github.com/boostorg/boost.git \
boost
RUN git clone --depth 1 https://github.com/google/libprotobuf-mutator.git
-RUN git clone --branch="v0.3.0" --recurse-submodules \
+RUN git clone --branch="v0.4.0" --recurse-submodules \
https://github.com/ethereum/evmone.git
-RUN git clone --branch="Z3-4.8.5" https://github.com/Z3Prover/z3.git
+RUN git clone --branch="z3-4.8.7" https://github.com/Z3Prover/z3.git
# Install statically built dependencies in "/usr" directory
# Install boost
@@ -66,7 +66,7 @@
RUN cd $SRC/z3; \
mkdir -p build; \
cd build; \
- LDFLAGS=$CXXFLAGS cmake -DBUILD_LIBZ3_SHARED=OFF -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release ..; \
+ LDFLAGS=$CXXFLAGS cmake -DZ3_BUILD_LIBZ3_SHARED=OFF -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release ..; \
make libz3 -j; \
make install;
diff --git a/projects/tremor/Dockerfile b/projects/tremor/Dockerfile
new file mode 100644
index 0000000..852b99c
--- /dev/null
+++ b/projects/tremor/Dockerfile
@@ -0,0 +1,25 @@
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER twsmith@mozilla.com
+RUN apt-get update && apt-get install -y make autoconf automake libogg-dev libtool pkg-config wget
+RUN git clone https://git.xiph.org/ogg.git
+RUN git clone https://git.xiph.org/tremor.git
+RUN svn export https://github.com/mozillasecurity/fuzzdata.git/trunk/samples/vorbis decode_corpus
+WORKDIR tremor
+COPY decode_fuzzer.cc $SRC/tremor/
+COPY build.sh $SRC/
diff --git a/projects/tremor/build.sh b/projects/tremor/build.sh
new file mode 100755
index 0000000..bb0b739
--- /dev/null
+++ b/projects/tremor/build.sh
@@ -0,0 +1,31 @@
+#!/bin/bash -eu
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+pushd $SRC/ogg
+./autogen.sh
+./configure --prefix="$WORK" --enable-static --disable-shared --disable-crc
+make clean
+make -j$(nproc)
+make install
+popd
+
+./autogen.sh --prefix="$WORK" --enable-static --disable-shared
+make clean
+make -j$(nproc)
+make install
+
+$CXX $CXXFLAGS decode_fuzzer.cc -o $OUT/decode_fuzzer -L"$WORK/lib" -I"$WORK/include" $LIB_FUZZING_ENGINE -lvorbisidec -logg
diff --git a/projects/tremor/decode_fuzzer.cc b/projects/tremor/decode_fuzzer.cc
new file mode 100644
index 0000000..c2fb2cb
--- /dev/null
+++ b/projects/tremor/decode_fuzzer.cc
@@ -0,0 +1,82 @@
+/* Copyright (C) 2019 Mozilla Foundation.
+ File: decode_fuzzer.cc
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+
+ - Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ - Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ - Neither the name of the Xiph.org Foundation nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR
+ CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+/* This based on decode_fuzzer.cc used with Vorbis.
+ https://git.xiph.org/?p=vorbis.git;a=blob;f=contrib/oss-fuzz/decode_fuzzer.cc;hb=HEAD
+*/
+
+#include <stdio.h>
+#include <string.h>
+#include <cstdint>
+#include "ivorbisfile.h"
+
+#define INPUT_LIMIT 16384
+
+struct vorbis_data {
+ const uint8_t *current;
+ const uint8_t *data;
+ size_t size;
+};
+
+size_t read_func(void *ptr, size_t size1, size_t size2, void *datasource) {
+ vorbis_data* vd = (vorbis_data *)(datasource);
+ size_t len = size1 * size2;
+ if (vd->current + len > vd->data + vd->size) {
+ len = vd->data + vd->size - vd->current;
+ }
+ memcpy(ptr, vd->current, len);
+ vd->current += len;
+ return len;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ ov_callbacks memory_callbacks = {0};
+ memory_callbacks.read_func = read_func;
+ vorbis_data data_st;
+ data_st.size = Size > INPUT_LIMIT ? INPUT_LIMIT : Size;
+ data_st.current = Data;
+ data_st.data = Data;
+ OggVorbis_File vf;
+ int result = ov_open_callbacks(&data_st, &vf, NULL, 0, memory_callbacks);
+ if (result < 0) {
+ return 0;
+ }
+ int current_section = 0;
+ char pcm[4096];
+ long read_result;
+ while (true) {
+ read_result = ov_read(&vf, pcm, sizeof(pcm), ¤t_section);
+ if (read_result <= 0 && read_result != OV_HOLE) {
+ break;
+ }
+ }
+ ov_clear(&vf);
+ return 0;
+}
diff --git a/projects/tremor/project.yaml b/projects/tremor/project.yaml
new file mode 100644
index 0000000..f9b796c
--- /dev/null
+++ b/projects/tremor/project.yaml
@@ -0,0 +1,10 @@
+homepage: "https://xiph.org/vorbis/"
+primary_contact: "daede003@umn.edu"
+auto_ccs:
+ - "paul.l.kehrer@gmail.com"
+vendor_ccs:
+ - "twsmith@mozilla.com"
+sanitizers:
+ - address
+ - memory
+ - undefined
diff --git a/projects/wavpack/Dockerfile b/projects/wavpack/Dockerfile
new file mode 100644
index 0000000..05e342c
--- /dev/null
+++ b/projects/wavpack/Dockerfile
@@ -0,0 +1,22 @@
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER david@wavpack.com
+RUN apt-get update && apt-get install -y make autoconf automake libtool
+RUN git clone --depth 1 https://github.com/dbry/WavPack.git wavpack
+RUN cp wavpack/fuzzing/build.sh $SRC
+WORKDIR wavpack
diff --git a/projects/wavpack/project.yaml b/projects/wavpack/project.yaml
index 0e98405..ecc8140 100644
--- a/projects/wavpack/project.yaml
+++ b/projects/wavpack/project.yaml
@@ -5,5 +5,3 @@
- thuanpv.nus@gmail.com
sanitizers:
- address
-- memory
-- undefined
diff --git a/projects/wireshark/project.yaml b/projects/wireshark/project.yaml
index 96359e2..466a69d 100644
--- a/projects/wireshark/project.yaml
+++ b/projects/wireshark/project.yaml
@@ -9,3 +9,7 @@
- "rknall@gmail.com"
- "jbwzawadzki@gmail.com"
- "gerald.combs@gmail.com"
+fuzzing_engines:
+ - libfuzzer
+ - honggfuzz
+ - afl
diff --git a/projects/woff2/project.yaml b/projects/woff2/project.yaml
index 48910a0..df78da9 100644
--- a/projects/woff2/project.yaml
+++ b/projects/woff2/project.yaml
@@ -6,7 +6,10 @@
- "ewa@google.com"
- "williamsnathan@google.com"
vendor_ccs:
- - "cdiehl@mozilla.com"
+ - "jkew@mozilla.com"
+ - "jmuizelaar@mozilla.com"
+ - "lsalzman@mozilla.com"
+ - "twsmith@mozilla.com"
sanitizers:
- address
- memory
diff --git a/projects/wxwidgets/build.sh b/projects/wxwidgets/build.sh
index bb45c4e..e90bd39 100755
--- a/projects/wxwidgets/build.sh
+++ b/projects/wxwidgets/build.sh
@@ -15,13 +15,6 @@
#
################################################################################
-# build project
-./configure --without-subdirs --disable-shared --disable-sys-libs --disable-gui LDFLAGS="$CXXFLAGS"
-make -j$(nproc)
-
-# build fuzzers
-$CXX $CXXFLAGS -o $OUT/zip ./tests/fuzz/zip.cpp \
- $LIB_FUZZING_ENGINE `./wx-config --cxxflags --libs base`
-
-# and copy their corpora
-zip -j $OUT/zip_seed_corpus.zip $SRC/wxwidgets/tests/fuzz/corpus/zip/*
+pushd $SRC/wxwidgets
+./tests/fuzz/ossfuzz.sh
+popd
diff --git a/projects/xerces-c/Dockerfile b/projects/xerces-c/Dockerfile
new file mode 100755
index 0000000..9df098e
--- /dev/null
+++ b/projects/xerces-c/Dockerfile
@@ -0,0 +1,21 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER vincent.ulitzsch@live.de
+RUN apt-get update && apt-get install -y make autoconf automake libtool wget zlib1g-dev libtool ninja-build cmake subversion
+RUN svn co https://svn.apache.org/repos/asf/xerces/c/trunk $SRC/xerces-c
+RUN git clone --depth 1 https://github.com/google/libprotobuf-mutator.git
+RUN (mkdir LPM && cd LPM && cmake ../libprotobuf-mutator -GNinja -DLIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON -DLIB_PROTO_MUTATOR_TESTING=OFF -DCMAKE_BUILD_TYPE=Release && ninja)
+COPY *.c *.options build.sh *.h *.cc *.cpp *.proto $SRC/
diff --git a/projects/xerces-c/build.sh b/projects/xerces-c/build.sh
new file mode 100755
index 0000000..992fc3f
--- /dev/null
+++ b/projects/xerces-c/build.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+#https://github.com/linux-on-ibm-z/docs/wiki/Building-Xerces
+set -e
+cd $SRC/xerces-c
+./reconf
+./configure --disable-shared
+make -j
+
+cd $SRC
+$CXX $CXXFLAGS $LIB_FUZZING_ENGINE -std=c++11 \
+ -I. -Ixerces-c/src \
+ xerces_fuzz_common.cpp parse_target.cpp -o $OUT/parse_target \
+ xerces-c/src/.libs/libxerces-c.a
+
+if [[ $CFLAGS != *sanitize=memory* ]]; then
+ rm -rf genfiles && mkdir genfiles && LPM/external.protobuf/bin/protoc xml.proto --cpp_out=genfiles
+
+ $CXX $CXXFLAGS $LIB_FUZZING_ENGINE -std=c++11 \
+ -I. -I xerces-c/src -Ixerces-c/build/src genfiles/xml.pb.cc xmlProtoConverter.cpp xerces_fuzz_common.cpp parse_target_proto.cpp \
+ -I libprotobuf-mutator/ \
+ -I genfiles \
+ -I LPM/external.protobuf/include \
+ -o $OUT/parse_target_proto xerces-c/src/.libs/libxerces-c.a \
+ LPM/src/libfuzzer/libprotobuf-mutator-libfuzzer.a \
+ LPM/src/libprotobuf-mutator.a \
+ LPM/external.protobuf/lib/libprotobuf.a
+fi
diff --git a/projects/xerces-c/parse_target.cpp b/projects/xerces-c/parse_target.cpp
new file mode 100755
index 0000000..5e97676
--- /dev/null
+++ b/projects/xerces-c/parse_target.cpp
@@ -0,0 +1,28 @@
+/*
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+#include "xerces_fuzz_common.h"
+
+#include "xercesc/framework/MemBufInputSource.hpp"
+#include "xercesc/parsers/SAXParser.hpp"
+#include "xercesc/util/OutOfMemoryException.hpp"
+
+using namespace xercesc_3_2;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ parseInMemory(Data, Size);
+ return 0;
+}
diff --git a/projects/xerces-c/parse_target_proto.cpp b/projects/xerces-c/parse_target_proto.cpp
new file mode 100644
index 0000000..b1fd33c
--- /dev/null
+++ b/projects/xerces-c/parse_target_proto.cpp
@@ -0,0 +1,45 @@
+/*
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+#include "xerces_fuzz_common.h"
+#include "xmlProtoConverter.h"
+
+#include "xercesc/framework/MemBufInputSource.hpp"
+#include "xercesc/parsers/SAXParser.hpp"
+#include "xercesc/util/OutOfMemoryException.hpp"
+
+#include "genfiles/xml.pb.h"
+
+#include "src/libfuzzer/libfuzzer_macro.h"
+
+#include <iostream>
+
+namespace {
+ protobuf_mutator::protobuf::LogSilencer log_silincer;
+ void ignore(void* ctx, const char* msg, ...) {}
+
+ template <class T, class D>
+ std::unique_ptr<T, D> MakeUnique(T* obj, D del) {
+ return {obj, del};
+ }
+}
+
+using namespace xercesc_3_2;
+
+DEFINE_PROTO_FUZZER(const xmlProtoFuzzer::XmlDocument& xmlDocument) {
+ std::string xmlData = xmlProtoFuzzer::ProtoConverter().protoToString(xmlDocument);
+ parseInMemory((const uint8_t *)xmlData.c_str(), xmlData.size());
+}
diff --git a/projects/xerces-c/project.yaml b/projects/xerces-c/project.yaml
new file mode 100755
index 0000000..41da7a7
--- /dev/null
+++ b/projects/xerces-c/project.yaml
@@ -0,0 +1,9 @@
+homepage: "https://xerces.apache.org/"
+primary_contact: "vincent.ulitzsch@live.de"
+auto_ccs:
+ - "vincent.ulitzsch@live.de"
+ - "bshas3@gmail.com"
+sanitizers:
+ - address
+ - memory
+ - undefined
diff --git a/projects/xerces-c/xerces_fuzz_common.cpp b/projects/xerces-c/xerces_fuzz_common.cpp
new file mode 100755
index 0000000..a76b383
--- /dev/null
+++ b/projects/xerces-c/xerces_fuzz_common.cpp
@@ -0,0 +1,47 @@
+/*
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+#include "xerces_fuzz_common.h"
+
+using namespace xercesc_3_2;
+static bool initialized = false;
+
+void parseInMemory(const uint8_t *Data, size_t Size)
+{
+ if (!initialized)
+ {
+ XMLPlatformUtils::Initialize();
+ initialized = true;
+ }
+ SAXParser::ValSchemes valScheme = SAXParser::Val_Auto;
+ bool doNamespaces = false;
+ bool doSchema = false;
+ bool schemaFullChecking = false;
+ SAXParser *parser = new SAXParser;
+ parser->setValidationScheme(valScheme);
+ parser->setDoNamespaces(doNamespaces);
+ parser->setDoSchema(doSchema);
+ parser->setHandleMultipleImports(true);
+ parser->setValidationSchemaFullChecking(schemaFullChecking);
+ static const char *gMemBufId = "prodInfo";
+
+ MemBufInputSource *memBufIS = new MemBufInputSource(
+ (const XMLByte *)Data, Size, gMemBufId, false);
+ parser->parse(*memBufIS);
+ delete parser;
+ delete memBufIS;
+ //XMLPlatformUtils::Terminate();
+}
diff --git a/projects/xerces-c/xerces_fuzz_common.h b/projects/xerces-c/xerces_fuzz_common.h
new file mode 100644
index 0000000..9eaf88b
--- /dev/null
+++ b/projects/xerces-c/xerces_fuzz_common.h
@@ -0,0 +1,23 @@
+/*
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+#pragma once
+
+#include "xercesc/parsers/SAXParser.hpp"
+#include "xercesc/framework/MemBufInputSource.hpp"
+#include "xercesc/util/OutOfMemoryException.hpp"
+
+void parseInMemory(const uint8_t *Data, size_t Size);
\ No newline at end of file
diff --git a/projects/xerces-c/xml.proto b/projects/xerces-c/xml.proto
new file mode 100755
index 0000000..75e54b6
--- /dev/null
+++ b/projects/xerces-c/xml.proto
@@ -0,0 +1,339 @@
+/*
+ * Copyright (C) 2019 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+syntax = "proto3";
+
+message Misc {
+ oneof misc_oneof {
+ string comment = 1;
+ ProcessingInstruction inst = 2;
+ }
+}
+
+message PEReference {
+ string name = 1;
+}
+
+message ElementDecl {
+ enum ContentSpec {
+ EMPTY = 0;
+ ANY = 1;
+ FUZZ = 2;
+ MIXED = 3;
+ CHILDREN = 4;
+ }
+ string name = 1;
+ ContentSpec spec = 2;
+ repeated string cdata = 3;
+}
+
+message AttrType {
+ enum Type {
+ CDATA = 0;
+ ID = 1;
+ IDREF = 2;
+ IDREFS = 3;
+ ENTITY = 4;
+ ENTITIES = 5;
+ NMTOKEN = 6;
+ NMTOKENS = 7;
+ }
+ Type ty = 1;
+}
+
+message EnumeratedType {
+ repeated string names = 1;
+}
+
+message AttrListDecl {
+ string name = 1;
+ AttrType atype = 2;
+ EnumeratedType etype = 3;
+ DefaultDecl def = 4;
+}
+
+message ExternalId {
+ enum Type {
+ SYSTEM = 0;
+ PUBLIC = 1;
+ FUZZ = 2;
+ }
+ Type type = 1;
+ string system = 2;
+ string pub = 3;
+}
+
+message AttValue {
+ enum Type {
+ ENTITY = 0;
+ CHAR = 1;
+ FUZZ = 2;
+ }
+ Type type = 1;
+ repeated string value = 2;
+}
+
+message DefaultDecl {
+ enum Type {
+ REQUIRED = 0;
+ IMPLIED = 1;
+ FIXED = 2;
+ FUZZ = 3;
+ }
+ Type type = 1;
+ AttValue att = 2;
+}
+
+message AttDef {
+ // TODO: Add enumerated type
+ enum Type {
+ CDATA = 0;
+ ID = 1;
+ IDREF = 2;
+ IDREFS = 3;
+ ENTITY = 4;
+ ENTITIES = 5;
+ NMTOKEN = 6;
+ NMTOKENS = 7;
+ FUZZ = 8;
+ }
+ string name = 1;
+ Type type = 2;
+ DefaultDecl def = 3;
+}
+
+message AttListDecl {
+ string name = 1;
+ repeated AttDef attdefs = 2;
+}
+
+message NotationDecl {
+ string name = 1;
+ oneof notation_oneof {
+ ExternalId ext = 2;
+ string pub = 3;
+ string fuzz = 4;
+ }
+}
+
+message EntityValue {
+ enum Type {
+ ENTITY = 0;
+ CHAR = 1;
+ PEREF = 2;
+ FUZZ = 3;
+ }
+ Type type = 1;
+ repeated string name = 2;
+}
+
+message NDataDecl {
+ string name = 1;
+}
+
+message EntityDef {
+ oneof entity_oneof {
+ ExternalId ext = 1;
+ EntityValue val = 2;
+ }
+ NDataDecl ndata = 3;
+}
+
+message PEDef {
+ oneof pedef_oneof {
+ EntityValue val = 1;
+ ExternalId id = 2;
+ }
+}
+
+message EntityDecl {
+ enum Type {
+ GEDECL = 0;
+ PEDECL = 1;
+ }
+ Type type = 1;
+ string name = 2;
+ EntityDef ent = 3;
+ PEDef pedef = 4;
+}
+
+message ConditionalSect {
+ enum Type {
+ INCLUDE = 0;
+ IGNORE = 1;
+ FUZZ = 2;
+ }
+ Type type = 1;
+ ExtSubsetDecl ext = 2;
+ // TODO: Make this recursive
+ // See https://www.w3.org/TR/xml/#NT-conditionalSect
+ repeated string ignores = 3;
+}
+
+message OneExtSubsetDecl {
+ oneof extsubset_oneof {
+ MarkupDecl m = 1;
+ ConditionalSect c = 2;
+ }
+}
+
+message ExtSubsetDecl {
+ repeated OneExtSubsetDecl decls = 1;
+}
+
+message MarkupDecl {
+ oneof markup_oneof {
+ ElementDecl e = 1;
+ AttListDecl a = 2;
+ NotationDecl n = 3;
+ Misc m = 4;
+ EntityDecl entity = 5;
+ ExtSubsetDecl ext = 6;
+ }
+}
+
+message DocTypeDecl {
+ string name = 1;
+ ExternalId ext = 2;
+ repeated MarkupDecl mdecl = 3;
+}
+
+message Prolog {
+ XmlDeclaration decl = 1;
+ DocTypeDecl doctype = 2;
+ repeated Misc misc = 3;
+}
+
+message KeyValue {
+ enum XmlNamespace {
+ ATTRIBUTES = 0;
+ BASE = 1;
+ CATALOG = 2;
+ ID = 3;
+ LANG = 4;
+ LINK = 5;
+ SPACE = 6;
+ SPECIAL = 7;
+ TEST = 8;
+ FUZZ = 9;
+ }
+ XmlNamespace type = 1;
+ string key = 2;
+ string value = 3;
+}
+
+message ProcessingInstruction {
+ string name = 1;
+ repeated KeyValue kv = 2;
+}
+
+message CData {
+ string data = 1;
+}
+
+message Content {
+ // TODO: Add other content types
+ oneof content_oneof {
+ string str = 1;
+ Element e = 2;
+ CData c = 3;
+ }
+}
+
+message Element {
+ enum Type {
+ PREDEFINED = 0;
+ FUZZ = 1;
+ }
+ enum Id {
+ XIINCLUDE = 0;
+ XIFALLBACK = 1;
+ // Attributes of xinclude
+ XIHREF = 2;
+ XIPARSE = 3;
+ XIXPOINTER = 4;
+ XIENCODING = 5;
+ XIACCEPT = 6;
+ XIACCEPTLANG = 7;
+ }
+ Type type = 1;
+ Id id = 2;
+ string name = 3;
+ repeated KeyValue kv = 4;
+ Content content = 5;
+ string childprop = 6;
+}
+
+message VersionNum {
+ enum Type {
+ STANDARD = 0;
+ FUZZ = 1;
+ }
+ Type type = 1;
+ uint64 major = 2;
+ uint64 minor = 3;
+}
+
+message Encodings {
+ enum Enc {
+ BIG5 = 0;
+ EUCJP = 1;
+ EUCKR = 2;
+ GB18030 = 3;
+ ISO2022JP = 4;
+ ISO2022KR = 5;
+ ISO88591 = 6;
+ ISO88592 = 7;
+ ISO88593 = 8;
+ ISO88594 = 9;
+ ISO88595 = 10;
+ ISO88596 = 11;
+ ISO88597 = 12;
+ ISO88598 = 13;
+ ISO88599 = 14;
+ SHIFTJIS = 15;
+ TIS620 = 16;
+ USASCII = 17;
+ UTF8 = 18;
+ UTF16 = 19;
+ UTF16BE = 20;
+ UTF16LE = 21;
+ WINDOWS31J = 22;
+ WINDOWS1255 = 23;
+ WINDOWS1256 = 24;
+ FUZZ = 25;
+ }
+ Enc name = 1;
+ string fuzz = 2;
+}
+
+message XmlDeclaration {
+ VersionNum ver = 1;
+ Encodings enc = 2;
+ enum Standalone {
+ YES = 0;
+ NO = 1;
+ }
+ Standalone standalone = 3;
+ string fuzz = 4;
+}
+
+message XmlDocument {
+ Prolog p = 1;
+ repeated Element e = 2;
+}
+
+package xmlProtoFuzzer;
\ No newline at end of file
diff --git a/projects/xerces-c/xmlProtoConverter.cpp b/projects/xerces-c/xmlProtoConverter.cpp
new file mode 100644
index 0000000..b2caf67
--- /dev/null
+++ b/projects/xerces-c/xmlProtoConverter.cpp
@@ -0,0 +1,718 @@
+/*
+ * Copyright (C) 2019 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "xmlProtoConverter.h"
+
+#include <algorithm>
+
+using namespace std;
+using namespace xmlProtoFuzzer;
+
+string ProtoConverter::removeNonAscii(string const& _utf8)
+{
+ string asciiStr{_utf8};
+ asciiStr.erase(remove_if(asciiStr.begin(), asciiStr.end(), [=](char c) -> bool {
+ return !(std::isalpha(c) || std::isdigit(c));
+ }), asciiStr.end());
+ return asciiStr.empty() ? "fuzz" : asciiStr;
+}
+
+
+void ProtoConverter::visit(Misc const& _x)
+{
+ switch (_x.misc_oneof_case())
+ {
+ case Misc::kComment:
+ m_output << "<!--" << _x.comment() << "-->\n";
+ break;
+ case Misc::kInst:
+ visit(_x.inst());
+ break;
+ case Misc::MISC_ONEOF_NOT_SET:
+ break;
+ }
+}
+
+void ProtoConverter::visit(Prolog const& _x)
+{
+ visit(_x.decl());
+ visit(_x.doctype());
+ for (auto const& misc: _x.misc())
+ visit(misc);
+}
+
+void ProtoConverter::visit(KeyValue const& _x)
+{
+ switch (_x.type())
+ {
+ case KeyValue::ATTRIBUTES:
+ m_output << "xml:attributes=\"" << removeNonAscii(_x.value()) << "\" ";
+ break;
+ case KeyValue::BASE:
+ m_output << "xml:base=\"" << removeNonAscii(_x.value()) << "\" ";
+ break;
+ case KeyValue::CATALOG:
+ m_output << "xml:catalog=\"" << removeNonAscii(_x.value()) << "\" ";
+ break;
+ case KeyValue::ID:
+ m_output << "xml:id=\"" << removeNonAscii(_x.value()) << "\" ";
+ break;
+ case KeyValue::LANG:
+ m_output << "xml:lang=\"" << removeNonAscii(_x.value()) << "\" ";
+ break;
+ case KeyValue::LINK:
+ m_output << "xml:link=\"" << removeNonAscii(_x.value()) << "\" ";
+ break;
+ case KeyValue::SPACE:
+ m_output << "xml:space=\"" << removeNonAscii(_x.value()) << "\" ";
+ break;
+ case KeyValue::SPECIAL:
+ m_output << "xml:special=\"" << removeNonAscii(_x.value()) << "\" ";
+ break;
+ case KeyValue::TEST:
+ m_output << "xml:test=\"" << removeNonAscii(_x.value()) << "\" ";
+ break;
+ case KeyValue::FUZZ:
+ if (_x.ByteSizeLong() % 2)
+ m_output << "xmlns:" << removeNonAscii(_x.key()) << "=\"" << removeNonAscii(_x.value()) << "\" ";
+ else
+ m_output << removeNonAscii(_x.key()) << "=\"" << removeNonAscii(_x.value()) << "\" ";
+ break;
+ case KeyValue_XmlNamespace_KeyValue_XmlNamespace_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case KeyValue_XmlNamespace_KeyValue_XmlNamespace_INT_MAX_SENTINEL_DO_NOT_USE_:
+ break;
+ }
+}
+
+void ProtoConverter::visit(ProcessingInstruction const& _x)
+{
+ m_output << "<?" << removeNonAscii(_x.name()) << " ";
+ for (auto const& prop: _x.kv())
+ visit(prop);
+ m_output << "?>\n";
+}
+
+void ProtoConverter::visit(Content const& _x)
+{
+ switch (_x.content_oneof_case())
+ {
+ case Content::kStr:
+ m_output << _x.str() << "\n";
+ break;
+ case Content::kE:
+ visit(_x.e());
+ m_output << "\n";
+ break;
+ case Content::kC:
+ visit(_x.c());
+ m_output << "\n";
+ break;
+ case Content::CONTENT_ONEOF_NOT_SET:
+ break;
+ }
+}
+
+void ProtoConverter::visit(ElementDecl const& _x)
+{
+ m_output << "<!ELEMENT " << _x.name() << " ";
+ switch (_x.spec())
+ {
+ case ElementDecl::EMPTY:
+ m_output << "EMPTY>";
+ break;
+ case ElementDecl::ANY:
+ m_output << "ANY>";
+ break;
+ case ElementDecl::FUZZ:
+ m_output << "FUZZ>";
+ break;
+ case ElementDecl::MIXED:
+ m_output << "(#PCDATA";
+ for (auto const& pcdata: _x.cdata())
+ m_output << "|" << pcdata;
+ m_output << ")";
+ if (_x.cdata_size() > 0)
+ m_output << "*";
+ m_output << ">";
+ break;
+ case ElementDecl::CHILDREN:
+ {
+ m_output << "(";
+ string delim = "";
+ for (auto const& str: _x.cdata()) {
+ m_output << delim << removeNonAscii(str);
+ delim = ", ";
+ }
+ m_output << ")>";
+ break;
+ }
+ case ElementDecl_ContentSpec_ElementDecl_ContentSpec_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case ElementDecl_ContentSpec_ElementDecl_ContentSpec_INT_MAX_SENTINEL_DO_NOT_USE_:
+ break;
+ }
+}
+
+void ProtoConverter::visit(AttValue const& _x)
+{
+ m_output << "\"";
+ string prefix;
+ switch (_x.type())
+ {
+ case AttValue::ENTITY:
+ prefix = "&";
+ break;
+ case AttValue::CHAR:
+ if (_x.ByteSizeLong() % 2)
+ prefix = "&#";
+ else
+ // TODO: Value that follows this must be a
+ // sequence of hex digits.
+ prefix = "&#x";
+ break;
+ case AttValue::FUZZ:
+ prefix = "fuzz";
+ break;
+ case AttValue_Type_AttValue_Type_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case AttValue_Type_AttValue_Type_INT_MAX_SENTINEL_DO_NOT_USE_:
+ break;
+ }
+ for (auto const& name: _x.value())
+ m_output << prefix << removeNonAscii(name) << ";";
+ m_output << "\"";
+}
+
+void ProtoConverter::visit(DefaultDecl const& _x)
+{
+ switch (_x.type())
+ {
+ case DefaultDecl::REQUIRED:
+ m_output << "#REQUIRED";
+ break;
+ case DefaultDecl::IMPLIED:
+ m_output << "#IMPLIED";
+ break;
+ case DefaultDecl::FIXED:
+ m_output << "#FIXED ";
+ visit(_x.att());
+ break;
+ case DefaultDecl::FUZZ:
+ m_output << "#FUZZ";
+ break;
+ case DefaultDecl_Type_DefaultDecl_Type_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case DefaultDecl_Type_DefaultDecl_Type_INT_MAX_SENTINEL_DO_NOT_USE_:
+ break;
+ }
+}
+
+void ProtoConverter::visit(AttDef const& _x)
+{
+ m_output << " " << removeNonAscii(_x.name()) << " ";
+ switch (_x.type())
+ {
+ case AttDef::CDATA:
+ m_output << "CDATA ";
+ break;
+ case AttDef::ID:
+ m_output << "ID ";
+ break;
+ case AttDef::IDREF:
+ m_output << "IDREF ";
+ break;
+ case AttDef::IDREFS:
+ m_output << "IDREFS ";
+ break;
+ case AttDef::ENTITY:
+ m_output << "ENTITY ";
+ break;
+ case AttDef::ENTITIES:
+ m_output << "ENTITIES ";
+ break;
+ case AttDef::NMTOKEN:
+ m_output << "NMTOKEN ";
+ break;
+ case AttDef::NMTOKENS:
+ m_output << "NMTOKENS ";
+ break;
+ case AttDef::FUZZ:
+ m_output << "FUZZ ";
+ break;
+ case AttDef_Type_AttDef_Type_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case AttDef_Type_AttDef_Type_INT_MAX_SENTINEL_DO_NOT_USE_:
+ break;
+ }
+ visit(_x.def());
+}
+
+void ProtoConverter::visit(AttListDecl const& _x)
+{
+ m_output << "<!ATTLIST " << removeNonAscii(_x.name());
+ for (auto const& att: _x.attdefs())
+ visit(att);
+ m_output << ">";
+}
+
+void ProtoConverter::visit(NotationDecl const& _x)
+{
+ m_output << "<!NOTATION " << removeNonAscii(_x.name()) << " ";
+ switch (_x.notation_oneof_case())
+ {
+ case NotationDecl::kExt:
+ visit(_x.ext());
+ break;
+ case NotationDecl::kPub:
+ m_output << "PUBLIC " << _x.pub();
+ break;
+ case NotationDecl::kFuzz:
+ m_output << "FUZZ " << _x.fuzz();
+ break;
+ case NotationDecl::NOTATION_ONEOF_NOT_SET:
+ break;
+ }
+ m_output << ">";
+}
+
+void ProtoConverter::visit(NDataDecl const& _x)
+{
+ m_output << " NDATA " << _x.name();
+}
+
+void ProtoConverter::visit(EntityDef const& _x)
+{
+ switch (_x.entity_oneof_case())
+ {
+ case EntityDef::kExt:
+ visit(_x.ext());
+ if (_x.ByteSizeLong() % 2)
+ visit(_x.ndata());
+ break;
+ case EntityDef::kVal:
+ visit(_x.val());
+ break;
+ case EntityDef::ENTITY_ONEOF_NOT_SET:
+ break;
+ }
+}
+
+void ProtoConverter::visit(PEDef const& _x)
+{
+ switch (_x.pedef_oneof_case())
+ {
+ case PEDef::kVal:
+ visit(_x.val());
+ break;
+ case PEDef::kId:
+ visit(_x.id());
+ break;
+ case PEDef::PEDEF_ONEOF_NOT_SET:
+ break;
+ }
+}
+
+void ProtoConverter::visit(EntityValue const& _x)
+{
+ m_output << "\"";
+ string prefix;
+ switch (_x.type())
+ {
+ case EntityValue::ENTITY:
+ prefix = "&";
+ break;
+ case EntityValue::CHAR:
+ if (_x.ByteSizeLong() % 2)
+ prefix = "&#";
+ else
+ prefix = "&#x";
+ break;
+ case EntityValue::PEREF:
+ prefix = "%";
+ break;
+ case EntityValue::FUZZ:
+ prefix = "fuzz";
+ break;
+ case EntityValue_Type_EntityValue_Type_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case EntityValue_Type_EntityValue_Type_INT_MAX_SENTINEL_DO_NOT_USE_:
+ break;
+ }
+ for (auto const& ref: _x.name())
+ m_output << prefix << ref << ";";
+ m_output << "\"";
+}
+
+void ProtoConverter::visit(EntityDecl const& _x)
+{
+ m_output << "<!ENTITY ";
+ switch (_x.type())
+ {
+ case EntityDecl::GEDECL:
+ m_output << _x.name() << " ";
+ visit(_x.ent());
+ break;
+ case EntityDecl::PEDECL:
+ m_output << "% " << _x.name() << " ";
+ visit(_x.pedef());
+ break;
+ case EntityDecl_Type_EntityDecl_Type_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case EntityDecl_Type_EntityDecl_Type_INT_MAX_SENTINEL_DO_NOT_USE_:
+ break;
+ }
+ m_output << ">";
+}
+
+void ProtoConverter::visit(ConditionalSect const& _x)
+{
+ switch (_x.type())
+ {
+ case ConditionalSect::INCLUDE:
+ m_output << "<![ INCLUDE [";
+ visit(_x.ext());
+ m_output << "]]>";
+ break;
+ case ConditionalSect::IGNORE:
+ m_output << "<![ IGNORE [";
+ for (auto const& str: _x.ignores())
+ m_output << "<![" << removeNonAscii(str) << "]]>";
+ m_output << "]]>";
+ break;
+ case ConditionalSect::FUZZ:
+ m_output << "<![ FUZZ [";
+ visit(_x.ext());
+ m_output << "]]>";
+ break;
+ case ConditionalSect_Type_ConditionalSect_Type_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case ConditionalSect_Type_ConditionalSect_Type_INT_MAX_SENTINEL_DO_NOT_USE_:
+ break;
+ }
+}
+
+
+void ProtoConverter::visit(OneExtSubsetDecl const& _x)
+{
+ switch (_x.extsubset_oneof_case())
+ {
+ case OneExtSubsetDecl::kM:
+ visit(_x.m());
+ break;
+ case OneExtSubsetDecl::kC:
+ visit(_x.c());
+ break;
+ case OneExtSubsetDecl::EXTSUBSET_ONEOF_NOT_SET:
+ break;
+ }
+}
+
+
+void ProtoConverter::visit(ExtSubsetDecl const& _x)
+{
+ for (auto const& decl: _x.decls())
+ visit(decl);
+}
+
+void ProtoConverter::visit(CData const& _x)
+{
+ m_output << "<![CDATA[" << removeNonAscii(_x.data()) << "]]>";
+}
+
+void ProtoConverter::visit(MarkupDecl const& _x)
+{
+ switch (_x.markup_oneof_case())
+ {
+ case MarkupDecl::kE:
+ visit(_x.e());
+ break;
+ case MarkupDecl::kA:
+ visit(_x.a());
+ break;
+ case MarkupDecl::kN:
+ visit(_x.n());
+ break;
+ case MarkupDecl::kM:
+ visit(_x.m());
+ break;
+ case MarkupDecl::kEntity:
+ visit(_x.entity());
+ break;
+ case MarkupDecl::kExt:
+ visit(_x.ext());
+ break;
+ case MarkupDecl::MARKUP_ONEOF_NOT_SET:
+ break;
+ }
+}
+
+/// Returns predefined element from an Element_Id enum
+/// @param _x is an enum that holds the desired type of predefined value
+/// @param _prop is a string that holds the value of the desired type
+/// @return string holding the predefined value of the form
+/// name attribute=\"value\"
+string ProtoConverter::getPredefined(Element_Id _x, string const& _prop)
+{
+ string output{};
+ switch (_x)
+ {
+ case Element::XIINCLUDE:
+ case Element::XIFALLBACK:
+ case Element::XIHREF:
+ output = "xi:include href=\"fuzz.xml\"";
+ case Element::XIPARSE:
+ output = "xi:include parse=\"xml\"";
+ case Element::XIXPOINTER:
+ output = "xi:include xpointer=\"" + removeNonAscii(_prop) + "\"";
+ case Element::XIENCODING:
+ output = "xi:include encoding=\"" + removeNonAscii(_prop) + "\"";
+ case Element::XIACCEPT:
+ output = "xi:include accept=\"" + removeNonAscii(_prop) + "\"";
+ case Element::XIACCEPTLANG:
+ output = "xi:include accept-language=\"" + removeNonAscii(_prop) + "\"";
+ case Element_Id_Element_Id_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case Element_Id_Element_Id_INT_MAX_SENTINEL_DO_NOT_USE_:
+ output = "xi:fuzz xifuzz=\"fuzz\"";
+ }
+ return output;
+}
+
+/// Returns uri string for a given Element_Id type
+string ProtoConverter::getUri(Element_Id _x)
+{
+ switch (_x)
+ {
+ case Element::XIINCLUDE:
+ case Element::XIFALLBACK:
+ case Element::XIHREF:
+ case Element::XIPARSE:
+ case Element::XIXPOINTER:
+ case Element::XIENCODING:
+ case Element::XIACCEPT:
+ case Element::XIACCEPTLANG:
+ case Element_Id_Element_Id_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case Element_Id_Element_Id_INT_MAX_SENTINEL_DO_NOT_USE_:
+ return s_XInclude;
+ }
+}
+
+void ProtoConverter::visit(Element const& _x)
+{
+ // Predefined child node
+ string child = {};
+ // Predefined uri for child node
+ string pUri = {};
+ // Element name
+ string name = removeNonAscii(_x.name());
+
+ switch (_x.type())
+ {
+ case Element::PREDEFINED:
+ child = getPredefined(_x.id(), _x.childprop());
+ pUri = getUri(_x.id());
+ break;
+ case Element::FUZZ:
+ case Element_Type_Element_Type_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case Element_Type_Element_Type_INT_MAX_SENTINEL_DO_NOT_USE_:
+ break;
+ }
+
+ // <name k1=v1 k2=v2 k3=v3>
+ // <content>
+ // </name>
+
+ // Start name tag: Must be Ascii?
+ m_output << "<" << name << " ";
+
+ // Add uri to name tag
+ if (!pUri.empty())
+ m_output << pUri << " ";
+ for (auto const& prop: _x.kv())
+ visit(prop);
+ m_output << ">\n";
+
+ // Add attribute
+ if (!child.empty())
+ m_output << "<" << child << "/>\n";
+
+ // Add content
+ visit(_x.content());
+
+ // Close name tag
+ m_output << "</" << name << ">\n";
+}
+
+void ProtoConverter::visit(ExternalId const& _x)
+{
+ switch (_x.type())
+ {
+ case ExternalId::SYSTEM:
+ m_output << "SYSTEM " << "\"" << removeNonAscii(_x.system()) << "\"";
+ break;
+ case ExternalId::PUBLIC:
+ m_output << "PUBLIC " << "\"" << removeNonAscii(_x.pub()) << "\""
+ << " " << "\"" << removeNonAscii(_x.system()) << "\"";
+ break;
+ case ExternalId::FUZZ:
+ m_output << "FUZZ " << "\"" << removeNonAscii(_x.pub()) << "\"";
+ break;
+ case ExternalId_Type_ExternalId_Type_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case ExternalId_Type_ExternalId_Type_INT_MAX_SENTINEL_DO_NOT_USE_:
+ break;
+ }
+}
+
+void ProtoConverter::visit(DocTypeDecl const& _x)
+{
+ m_output << "<!DOCTYPE " << removeNonAscii(_x.name()) << " ";
+ visit(_x.ext());
+ m_output << "[";
+ for (auto const& m: _x.mdecl())
+ visit(m);
+ m_output << "]";
+ m_output << ">\n";
+}
+
+void ProtoConverter::visit(VersionNum const& _x)
+{
+ switch (_x.type())
+ {
+ case VersionNum::STANDARD:
+ m_output << "\"1.0\"";
+ break;
+ case VersionNum::FUZZ:
+ case VersionNum_Type_VersionNum_Type_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case VersionNum_Type_VersionNum_Type_INT_MAX_SENTINEL_DO_NOT_USE_:
+ m_output << "\"" << _x.major() << "." << _x.minor() << "\"";
+ break;
+ }
+}
+
+void ProtoConverter::visit(Encodings const& _x)
+{
+ m_output << " encoding=\"";
+ switch (_x.name())
+ {
+ case Encodings::BIG5:
+ m_output << "BIG5";
+ break;
+ case Encodings::EUCJP:
+ m_output << "EUC-JP";
+ break;
+ case Encodings::EUCKR:
+ m_output << "EUC-KR";
+ break;
+ case Encodings::GB18030:
+ m_output << "GB18030";
+ break;
+ case Encodings::ISO2022JP:
+ m_output << "ISO-2022-JP";
+ break;
+ case Encodings::ISO2022KR:
+ m_output << "ISO-2022-KR";
+ break;
+ case Encodings::ISO88591:
+ m_output << "ISO-8859-1";
+ break;
+ case Encodings::ISO88592:
+ m_output << "ISO-8859-2";
+ break;
+ case Encodings::ISO88593:
+ m_output << "ISO-8859-3";
+ break;
+ case Encodings::ISO88594:
+ m_output << "ISO-8859-4";
+ break;
+ case Encodings::ISO88595:
+ m_output << "ISO-8859-5";
+ break;
+ case Encodings::ISO88596:
+ m_output << "ISO-8859-6";
+ break;
+ case Encodings::ISO88597:
+ m_output << "ISO-8859-7";
+ break;
+ case Encodings::ISO88598:
+ m_output << "ISO-8859-8";
+ break;
+ case Encodings::ISO88599:
+ m_output << "ISO-8859-9";
+ break;
+ case Encodings::SHIFTJIS:
+ m_output << "SHIFT_JIS";
+ break;
+ case Encodings::TIS620:
+ m_output << "TIS-620";
+ break;
+ case Encodings::USASCII:
+ m_output << "US-ASCII";
+ break;
+ case Encodings::UTF8:
+ m_output << "UTF-8";
+ break;
+ case Encodings::UTF16:
+ m_output << "UTF-16";
+ break;
+ case Encodings::UTF16BE:
+ m_output << "UTF-16BE";
+ break;
+ case Encodings::UTF16LE:
+ m_output << "UTF-16LE";
+ break;
+ case Encodings::WINDOWS31J:
+ m_output << "WINDOWS-31J";
+ break;
+ case Encodings::WINDOWS1255:
+ m_output << "WINDOWS-1255";
+ break;
+ case Encodings::WINDOWS1256:
+ m_output << "WINDOWS-1256";
+ break;
+ case Encodings::FUZZ:
+ m_output << removeNonAscii(_x.fuzz());
+ break;
+ case Encodings_Enc_Encodings_Enc_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case Encodings_Enc_Encodings_Enc_INT_MAX_SENTINEL_DO_NOT_USE_:
+ break;
+ }
+ m_output << "\"";
+}
+
+void ProtoConverter::visit(XmlDeclaration const& _x)
+{
+ m_output << R"(<?xml version=)";
+ visit(_x.ver());
+ visit(_x.enc());
+ switch (_x.standalone())
+ {
+ case XmlDeclaration::YES:
+ m_output << " standalone=\'yes\'";
+ break;
+ case XmlDeclaration::NO:
+ m_output << " standalone=\'no\'";
+ break;
+ case XmlDeclaration_Standalone_XmlDeclaration_Standalone_INT_MIN_SENTINEL_DO_NOT_USE_:
+ case XmlDeclaration_Standalone_XmlDeclaration_Standalone_INT_MAX_SENTINEL_DO_NOT_USE_:
+ break;
+ }
+ m_output << "?>\n";
+}
+
+void ProtoConverter::visit(XmlDocument const& _x)
+{
+ visit(_x.p());
+ for (auto const& element: _x.e())
+ visit(element);
+}
+
+string ProtoConverter::protoToString(XmlDocument const& _x)
+{
+ visit(_x);
+ return m_output.str();
+}
\ No newline at end of file
diff --git a/projects/xerces-c/xmlProtoConverter.h b/projects/xerces-c/xmlProtoConverter.h
new file mode 100644
index 0000000..a6333f1
--- /dev/null
+++ b/projects/xerces-c/xmlProtoConverter.h
@@ -0,0 +1,101 @@
+/*
+ * Copyright (C) 2019 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <sstream>
+
+#include "xml.pb.h"
+
+namespace xmlProtoFuzzer {
+class ProtoConverter
+{
+public:
+ ProtoConverter() = default;
+
+ ProtoConverter(ProtoConverter const&) = delete;
+
+ ProtoConverter(ProtoConverter&&) = delete;
+
+ std::string protoToString(XmlDocument const&);
+
+private:
+ void visit(Prolog const&);
+
+ void visit(ProcessingInstruction const&);
+
+ void visit(ExternalId const&);
+
+ void visit(DocTypeDecl const&);
+
+ void visit(VersionNum const&);
+
+ void visit(Encodings const&);
+
+ void visit(Misc const&);
+
+ void visit(KeyValue const&);
+
+ void visit(Element const&);
+
+ void visit(ElementDecl const&);
+
+ void visit(AttValue const&);
+
+ void visit(DefaultDecl const&);
+
+ void visit(AttDef const&);
+
+ void visit(AttListDecl const&);
+
+ void visit(NotationDecl const&);
+
+ void visit(EntityDecl const&);
+
+ void visit(EntityValue const&);
+
+ void visit(EntityDef const&);
+
+ void visit(PEDef const&);
+
+ void visit(NDataDecl const&);
+
+ void visit(ConditionalSect const&);
+
+ void visit(OneExtSubsetDecl const&);
+
+ void visit(ExtSubsetDecl const&);
+
+ void visit(MarkupDecl const&);
+
+ void visit(CData const&);
+
+ void visit(Content const&);
+
+ void visit(XmlDeclaration const&);
+
+ void visit(XmlDocument const&);
+
+ std::string removeNonAscii(std::string const&);
+ std::string getUri(Element_Id _x);
+ std::string getPredefined(Element_Id _x, std::string const&);
+
+ std::ostringstream m_output;
+
+ static constexpr auto s_XInclude = "xmlns:xi=\"http://www.w3.org/2001/XInclude\"";
+};
+}
+
diff --git a/projects/yara/Dockerfile b/projects/yara/Dockerfile
index 67d266c..ab71c69 100644
--- a/projects/yara/Dockerfile
+++ b/projects/yara/Dockerfile
@@ -21,7 +21,8 @@
automake \
autoconf \
make \
- libtool
+ libtool \
+ pkg-config
RUN git clone --depth 1 https://github.com/VirusTotal/yara.git
COPY build.sh $SRC/
diff --git a/projects/zstd/project.yaml b/projects/zstd/project.yaml
index 4de9f1d..082d8d0 100644
--- a/projects/zstd/project.yaml
+++ b/projects/zstd/project.yaml
@@ -13,6 +13,7 @@
- libfuzzer
- afl
- dataflow
+ - honggfuzz
sanitizers:
- address
- dataflow