├── .gitignore
├── CONTRIBUTING
├── LICENSE
├── README.md
├── docs
├── clusterfuzz.md
├── debugging.md
├── faq.md
├── fuzzer_environment.md
├── glossary.md
├── ideal_integration.md
├── images
│ ├── freetype_coverage_1.png
│ ├── freetype_coverage_2.png
│ ├── freetype_stats.png
│ └── pcre2_testcase.png
├── installing_docker.md
├── new_project_guide.md
└── reproducing.md
├── infra
├── README.md
├── auto-setup
│ ├── build_status.py
│ ├── jenkins_config
│ │ └── base_job.xml
│ ├── requirements.txt
│ ├── sync.py
│ └── templates
│ │ └── status_template.html
├── base-images
│ ├── Jenkinsfile
│ ├── README.md
│ ├── all.sh
│ ├── base-clang
│ │ ├── Dockerfile
│ │ └── checkout_build_install_llvm.sh
│ ├── base-libfuzzer
│ │ ├── Dockerfile
│ │ ├── README.md
│ │ ├── compile
│ │ ├── coverage_report
│ │ ├── just_run
│ │ ├── reproduce
│ │ ├── run
│ │ └── srcmap
│ ├── base-runner
│ │ ├── Dockerfile
│ │ ├── README.md
│ │ ├── llvm-symbolizer
│ │ ├── run_fuzzer
│ │ └── test_all
│ ├── base
│ │ └── Dockerfile
│ └── libfuzzer-runner
│ │ └── Dockerfile
├── docker-cleanup
│ └── Jenkinsfile
├── helper.py
├── jenkins-cluster
│ ├── Dockerfile
│ ├── build-images.sh
│ ├── jenkins.yaml
│ ├── service-jenkins-http.yaml
│ └── service-jenkins-master.yaml
├── libfuzzer-pipeline.groovy
├── push-images
│ └── Jenkinsfile
└── templates.py
├── projects
├── all.sh
├── boringssl
│ ├── Dockerfile
│ ├── build.sh
│ └── project.yaml
├── c-ares
│ ├── Dockerfile
│ ├── build.sh
│ ├── c_ares_ares_create_query_fuzzer.cc
│ └── project.yaml
├── curl
│ ├── Dockerfile
│ ├── build.sh
│ ├── curl_fuzzer.cc
│ ├── curl_fuzzer.options
│ ├── http.dict
│ └── project.yaml
├── expat
│ ├── Dockerfile
│ ├── Jenkinsfile
│ ├── build.sh
│ ├── parse_fuzzer.cc
│ ├── parse_fuzzer.options
│ ├── project.yaml
│ └── xml.dict
├── ffmpeg
│ ├── Dockerfile
│ ├── build.sh
│ ├── group_seed_corpus.py
│ └── project.yaml
├── file
│ ├── Dockerfile
│ ├── build.sh
│ ├── magic_fuzzer.cc
│ └── project.yaml
├── freetype2
│ ├── Dockerfile
│ ├── build.sh
│ └── project.yaml
├── harfbuzz
│ ├── Dockerfile
│ ├── build.sh
│ ├── harfbuzz_fuzzer.cc
│ └── project.yaml
├── icu
│ ├── Dockerfile
│ ├── break_iterator_fuzzer.cc
│ ├── break_iterator_utf32_fuzzer.cc
│ ├── build.sh
│ ├── converter_fuzzer.cc
│ ├── fuzzer_utils.h
│ ├── number_format_fuzzer.cc
│ ├── project.yaml
│ ├── regex.dict
│ ├── ucasemap_fuzzer.cc
│ ├── unicode_string_codepage_create_fuzzer.cc
│ ├── uregex_open_fuzzer.cc
│ └── uregex_open_fuzzer.options
├── json
│ ├── Dockerfile
│ ├── build.sh
│ ├── parse_fuzzer.cc
│ ├── parse_fuzzer.options
│ └── project.yaml
├── lcms
│ ├── Dockerfile
│ ├── build.sh
│ ├── cmsIT8_load_fuzzer.c
│ ├── cmsIT8_load_fuzzer.options
│ ├── cms_transform_fuzzer.c
│ ├── cms_transform_fuzzer.options
│ ├── icc.dict
│ └── project.yaml
├── libarchive
│ ├── Dockerfile
│ ├── build.sh
│ ├── libarchive_fuzzer.cc
│ └── project.yaml
├── libass
│ ├── Dockerfile
│ ├── ass.dict
│ ├── build.sh
│ ├── libass_fuzzer.cc
│ ├── libass_fuzzer.options
│ └── project.yaml
├── libchewing
│ ├── Dockerfile
│ ├── build.sh
│ ├── chewing_default_fuzzer.c
│ ├── chewing_dynamic_config_fuzzer.c
│ ├── chewing_fuzzer_common.c
│ ├── chewing_fuzzer_common.h
│ ├── chewing_random_init_fuzzer.c
│ └── project.yaml
├── libjpeg-turbo
│ ├── Dockerfile
│ ├── build.sh
│ ├── libjpeg_turbo_fuzzer.cc
│ └── project.yaml
├── libpng
│ ├── Dockerfile
│ ├── build.sh
│ ├── libpng_read_fuzzer.cc
│ ├── libpng_read_fuzzer.options
│ ├── png.dict
│ └── project.yaml
├── libteken
│ ├── Dockerfile
│ ├── build.sh
│ ├── libteken_fuzzer.c
│ └── project.yaml
├── libtsm
│ ├── Dockerfile
│ ├── build.sh
│ ├── libtsm_fuzzer.c
│ └── project.yaml
├── libxml2
│ ├── Dockerfile
│ ├── build.sh
│ ├── libxml2_xml_read_memory_fuzzer.cc
│ ├── libxml2_xml_read_memory_fuzzer.options
│ ├── libxml2_xml_regexp_compile_fuzzer.cc
│ ├── libxml2_xml_regexp_compile_fuzzer.options
│ ├── project.yaml
│ └── xml.dict
├── nss
│ ├── Dockerfile
│ ├── build.sh
│ ├── fuzzers
│ │ ├── asn1_algorithmid_fuzzer.cc
│ │ ├── asn1_any_fuzzer.cc
│ │ ├── asn1_bitstring_fuzzer.cc
│ │ ├── asn1_bmpstring_fuzzer.cc
│ │ ├── asn1_boolean_fuzzer.cc
│ │ ├── asn1_fuzzer_template.h
│ │ ├── asn1_generalizedtime_fuzzer.cc
│ │ ├── asn1_ia5string_fuzzer.cc
│ │ ├── asn1_integer_fuzzer.cc
│ │ ├── asn1_null_fuzzer.cc
│ │ ├── asn1_objectid_fuzzer.cc
│ │ ├── asn1_octetstring_fuzzer.cc
│ │ ├── asn1_utctime_fuzzer.cc
│ │ ├── asn1_utf8string_fuzzer.cc
│ │ ├── cert_certificate_fuzzer.cc
│ │ └── seckey_privatekeyinfo_fuzzer.cc
│ └── project.yaml
├── openssl
│ ├── Dockerfile
│ ├── build.sh
│ └── project.yaml
├── ots
│ ├── Dockerfile
│ ├── build.sh
│ ├── ots_fuzzer.cc
│ ├── ots_fuzzer.options
│ ├── project.yaml
│ └── seed_corpus
│ │ ├── 0509e80afb379d16560e9e47bdd7d888bebdebc6.ttf
│ │ ├── 051d92f8bc6ff724511b296c27623f824de256e9.ttf
│ │ ├── 07f054357ff8638bac3711b422a1e31180bba863.ttf
│ │ ├── 191826b9643e3f124d865d617ae609db6a2ce203.ttf
│ │ ├── 1a6f1687b7a221f9f2c834b0b360d3c8463b6daf.ttf
│ │ ├── 1c04a16f32a39c26c851b7fc014d2e8d298ba2b8.ttf
│ │ ├── 1c2c3fc37b2d4c3cb2ef726c6cdaaabd4b7f3eb9.ttf
│ │ ├── 1c2fb74c1b2aa173262734c1f616148f1648cfd6.ttf
│ │ ├── 205edd09bd3d141cc9580f650109556cc28b22cb.ttf
│ │ ├── 226bc2deab3846f1a682085f70c67d0421014144.ttf
│ │ ├── 270b89df543a7e48e206a2d830c0e10e5265c630.ttf
│ │ ├── 298c9e1d955f10f6f72c6915c3c6ff9bf9695cec.ttf
│ │ ├── 3511ff5c1647150595846ac414c595cccac34f18.ttf
│ │ ├── 37033cc5cf37bb223d7355153016b6ccece93b28.ttf
│ │ ├── 375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf
│ │ ├── 43979b90b2dd929723cf4fe1715990bcb9c9a56b.ttf
│ │ ├── 43ef465752be9af900745f72fe29cb853a1401a5.ttf
│ │ ├── 45855bc8d46332b39c4ab9e2ee1a26b1f896da6b.ttf
│ │ ├── 49c9f7485c1392fa09a1b801bc2ffea79275f22e.ttf
│ │ ├── 4cce528e99f600ed9c25a2b69e32eb94a03b4ae8.ttf
│ │ ├── 5028afb650b1bb718ed2131e872fbcce57828fff.ttf
│ │ ├── 56cfd0e18d07f41c38e9598545a6d369127fc6f9.ttf
│ │ ├── 57a9d9f83020155cbb1d2be1f43d82388cbecc88.ttf
│ │ ├── 5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf
│ │ ├── 641bd9db850193064d17575053ae2bf8ec149ddc.ttf
│ │ ├── 6466d38c62e73a39202435a4f73bf5d6acbb73c0.ttf
│ │ ├── 6ff0fbead4462d9f229167b4e6839eceb8465058.ttf
│ │ ├── 706c5d7b625f207bc0d874c67237aad6f1e9cd6f.ttf
│ │ ├── 757ebd573617a24aa9dfbf0b885c54875c6fe06b.ttf
│ │ ├── 7a37dc4d5bf018456aea291cee06daf004c0221c.ttf
│ │ ├── 7e14e7883ed152baa158b80e207b66114c823a8b.ttf
│ │ ├── 7ef276fc886ea502a03b9b0e5c8b547d5dc2b61c.ttf
│ │ ├── 8099955657a54e9ee38a6ba1d6f950ce58e3cc25.ttf
│ │ ├── 813c2f8e5512187fd982417a7fb4286728e6f4a8.ttf
│ │ ├── 8240789f6d12d4cfc4b5e8e6f246c3701bcf861f.ttf
│ │ ├── 8454d22037f892e76614e1645d066689a0200e61.ttf
│ │ ├── 8a9fea2a7384f2116e5b84a9b31f83be7850ce21.ttf
│ │ ├── a34a7b00f22ffb5fd7eef6933b81c7e71bc2cdfb.ttf
│ │ ├── a919b33197965846f21074b24e30250d67277bce.ttf
│ │ ├── a98e908e2ed21b22228ea59ebcc0f05034c86f2e.ttf
│ │ ├── b9e2aaa0d75fcef6971ec3a96d806ba4a6b31fe2.ttf
│ │ ├── bb0c53752e85c3d28973ebc913287b8987d3dfe8.ttf
│ │ ├── bb9473d2403488714043bcfb946c9f78b86ad627.ttf
│ │ ├── c4e48b0886ef460f532fb49f00047ec92c432ec0.ttf
│ │ ├── cc5f3d2d717fb6bd4dfae1c16d48a2cb8e12233b.ttf
│ │ ├── d629e7fedc0b350222d7987345fe61613fa3929a.ttf
│ │ ├── df768b9c257e0c9c35786c47cae15c46571d56be.ttf
│ │ ├── e207635780b42f898d58654b65098763e340f5c7.ttf
│ │ ├── ef86fe710cfea877bbe0dbb6946a1f88d0661031.ttf
│ │ ├── f22416c692720a7d46fadf4af99f4c9e094f00b9.ttf
│ │ ├── f499fbc23865022234775c43503bba2e63978fe1.ttf
│ │ ├── f518eb6f6b5eec2946c9fbbbde44e45d46f5e2ac.ttf
│ │ ├── fab39d60d758cb586db5a504f218442cd1395725.ttf
│ │ ├── fbb6c84c9e1fe0c39e152fbe845e51fd81f6748e.ttf
│ │ ├── fcdcffbdf1c4c97c05308d7600e4c283eb47dbca.ttf
│ │ └── ffa0f5d2d9025486d8469d8b1fdd983e7632499b.ttf
├── pcre2
│ ├── Dockerfile
│ ├── build.sh
│ └── project.yaml
├── re2
│ ├── Dockerfile
│ ├── build.sh
│ ├── project.yaml
│ ├── re2_fuzzer.cc
│ └── re2_fuzzer.options
├── sqlite3
│ ├── Dockerfile
│ ├── build.sh
│ ├── ossfuzz.options
│ ├── project.yaml
│ └── sql.dict
├── tpm2
│ ├── Jenkinsfile
│ └── project.yaml
├── woff2
│ ├── Dockerfile
│ ├── build.sh
│ ├── convert_woff2ttf_fuzzer.cc
│ ├── convert_woff2ttf_fuzzer.options
│ └── project.yaml
└── zlib
│ ├── Dockerfile
│ ├── build.sh
│ ├── project.yaml
│ └── zlib_uncompress_fuzzer.cc
└── targets
└── README.md
/.gitignore:
--------------------------------------------------------------------------------
1 | .vscode/
2 | *.pyc
3 | /build
4 |
--------------------------------------------------------------------------------
/CONTRIBUTING:
--------------------------------------------------------------------------------
1 | Want to contribute? Great! First, read this page (including the small print at the end).
2 |
3 | ### Before you contribute
4 | Before we can use your code, you must sign the
5 | [Google Individual Contributor License Agreement]
6 | (https://cla.developers.google.com/about/google-individual)
7 | (CLA), which you can do online. The CLA is necessary mainly because you own the
8 | copyright to your changes, even after your contribution becomes part of our
9 | codebase, so we need your permission to use and distribute your code. We also
10 | need to be sure of various other things—for instance that you'll tell us if you
11 | know that your code infringes on other people's patents. You don't have to sign
12 | the CLA until after you've submitted your code for review and a member has
13 | approved it, but you must do it before we can put your code into our codebase.
14 | Before you start working on a larger contribution, you should get in touch with
15 | us first through the issue tracker with your idea so that we can help out and
16 | possibly guide you. Coordinating up front makes it much easier to avoid
17 | frustration later on.
18 |
19 | ### Code reviews
20 | All submissions, including submissions by project members, require review. We
21 | use Github pull requests for this purpose.
22 |
23 | ### The small print
24 | Contributions made by corporations are covered by a different agreement than
25 | the one above, the
26 | [Software Grant and Corporate Contributor License Agreement]
27 | (https://cla.developers.google.com/about/google-corporate).
28 |
--------------------------------------------------------------------------------
/docs/clusterfuzz.md:
--------------------------------------------------------------------------------
1 | # ClusterFuzz
2 |
3 | [ClusterFuzz](https://blog.chromium.org/2012/04/fuzzing-for-security.html) is the distributed fuzzing infrastructure behind OSS-Fuzz. It was initially built
4 | for fuzzing Chrome at scale.
5 |
6 | ## Web interface
7 |
8 | ClusterFuzz also provides a [web interface](https://clusterfuzz-external.appspot.com/v2)
9 | to view statistics about your fuzz targets, as well as current crashes.
10 |
11 | *Note*: This is a work in progress. Access is restricted to project developers who we auto CC on new bug
12 | reports.
13 |
14 | ## Fuzzer stats
15 |
16 | You can view statistics about your fuzz targets (e.g. speed, coverage information,
17 | memory usage) on our fuzzer statistics dashboard.
18 |
19 | ![stats]
20 | (https://raw.githubusercontent.com/google/oss-fuzz/master/docs/images/freetype_stats.png)
21 |
22 | ## Coverage reports
23 |
24 | We also provide coverage reports, where we highlight the parts of source code that are being
25 | reached by your fuzz target.
26 |
27 | ![coverage_1]
28 | (https://raw.githubusercontent.com/google/oss-fuzz/master/docs/images/freetype_coverage_1.png)
29 |
30 | ![coverage_2]
31 | (https://raw.githubusercontent.com/google/oss-fuzz/master/docs/images/freetype_coverage_2.png)
32 |
33 | ## Testcase reports
34 |
35 | ClusterFuzz will automatically de-duplicate and file reproducible crashes into
36 | our [bug tracker](https://bugs.chromium.org/p/monorail). We provide a crash
37 | report page that gives you the stack trace, a link to the crashing testcase, and
38 | regression ranges where the bug was most likely introduced.
39 |
40 | ![report]
41 | (https://raw.githubusercontent.com/google/oss-fuzz/master/docs/images/pcre2_testcase.png)
42 |
43 |
--------------------------------------------------------------------------------
/docs/debugging.md:
--------------------------------------------------------------------------------
1 | ## Debugging Build Scripts
2 |
3 | While developing your build script, it may be useful to run bash within the
4 | container:
5 |
6 | ```bash
7 | $ python infra/helper.py shell $PROJECT_NAME # runs /bin/bash within container
8 | $ compile # run compilation manually
9 | ```
10 |
11 | ## Debugging Fuzzers with GDB
12 |
13 | If you decide to debug a fuzzer with gdb (which is already installed in libfuzzer-runner image),
14 | you will need to start a container in privileged mode:
15 |
16 | ```bash
17 | docker run -ti --privileged -v /tmp/out:/out ossfuzz/libfuzzer-runner gdb /out/fuzzer_name
18 | ```
19 |
--------------------------------------------------------------------------------
/docs/faq.md:
--------------------------------------------------------------------------------
1 | # Frequently Asked Questions
2 |
3 | ## Why do you use a [different issue tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list) for reporting bugs in OSS projects?
4 |
5 | Security access control is important for the kind of issues that OSS-Fuzz detects.
6 | We will reconsider github issue tracker once the
7 | [access control feature](https://github.com/isaacs/github/issues/37) is available.
8 |
9 | ## Why do you use Docker?
10 |
11 | Building fuzzers requires building your project with a fresh Clang compiler and special compiler flags.
12 | An easy-to-use Docker image is provided to simplify toolchain distribution. This also limits our exposure
13 | to a multitude of Linux varieties and provides a reproducible and secure environment for fuzzer
14 | building and execution.
15 |
--------------------------------------------------------------------------------
/docs/fuzzer_environment.md:
--------------------------------------------------------------------------------
1 | # Fuzzer environment on ClusterFuzz
2 |
3 | Your fuzzers will be run on a [Google Compute Engine](https://cloud.google.com/compute/) VM (Linux) with some security restrictions.
4 |
5 | ## Current working directory
6 |
7 | You should not make any assumptions about the current working directory of your
8 | fuzzer. If you need to load data files, please use `argv[0]` to get the
9 | directory where your fuzzer executable is located.
10 |
11 | ## File system
12 |
13 | Everything except `/tmp` is read-only, including the directory that your fuzzer
14 | executable lives in. Note that `/tmp` is limited in size (64MB).
15 |
16 | ## Network access
17 |
18 | There will be no network interfaces available (not even loopback).
19 |
--------------------------------------------------------------------------------
/docs/images/freetype_coverage_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/docs/images/freetype_coverage_1.png
--------------------------------------------------------------------------------
/docs/images/freetype_coverage_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/docs/images/freetype_coverage_2.png
--------------------------------------------------------------------------------
/docs/images/freetype_stats.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/docs/images/freetype_stats.png
--------------------------------------------------------------------------------
/docs/images/pcre2_testcase.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/docs/images/pcre2_testcase.png
--------------------------------------------------------------------------------
/docs/installing_docker.md:
--------------------------------------------------------------------------------
1 | # Installing Docker
2 |
3 | Follow the [Official Guide](https://docs.docker.com/engine/installation).
4 |
5 | Googlers: [go/installdocker](https://goto.google.com/installdocker).
6 |
7 | [Why Docker?](faq.md#why-do-you-use-docker)
8 |
9 | *NOTE: (Optional) If you want to run `docker` without `sudo`, follow the [Create a docker group](https://docs.docker.com/engine/installation/linux/ubuntulinux/#/create-a-docker-group) section.*
10 |
11 | *NOTE: Docker images can consume significant disk space. Run*
12 | *[docker-cleanup](https://gist.github.com/mikea/d23a839cba68778d94e0302e8a2c200f)*
13 | *periodically to garbage collect unused images.*
14 |
15 |
--------------------------------------------------------------------------------
/docs/reproducing.md:
--------------------------------------------------------------------------------
1 | # Reproducing OSS-Fuzz issues
2 |
3 | You've been CC'ed on an OSS-Fuzz issue
4 | ([examples](https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=Type%3ABug%2CBug-Security)), now what?
5 | Before attempting to fix the bug, you should be able to reliably reproduce it.
6 |
7 | Every issue has a [reproducer](glossary.md#reproducer) (aka "testcase") file attached.
8 | Download it. If the issue is not public, you will need to login using your
9 | [Google account](https://support.google.com/accounts/answer/176347?hl=en)
10 | that the bug report CCs.
11 | This file contains the bytes that were fed to the [Fuzz Target](http://libfuzzer.info/#fuzz-target).
12 |
13 | If you have already [integrated](ideal_integration.md) the fuzz target with your build and test system,
14 | all you do is run:
15 |
16 | ./fuzz_target_binary $testcase_file_absolute_path
17 |
18 | Depending on the nature of the bug, the fuzz target binary needs to be built with the appropriate [sanitizer](https://github.com/google/sanitizers)
19 | (e.g. if this is a buffer overflow, with [AddressSanitizer](http://clang.llvm.org/docs/AddressSanitizer.html)).
20 |
21 | If you are not sure how to build the fuzzer using the project's build system,
22 | you may also use Docker ([how?](installing_docker.md), [why?](faq.md#why-do-you-use-docker)) commands
23 | to replicate the exact build steps used by OSS-Fuzz and then feed the reproducer input to the fuzz target.
24 |
25 | - *Reproduce using latest OSS-Fuzz build:*
26 |
27 |
28 | docker run --rm -ti -v $testcase_file_absolute_path:/testcase ossfuzz/$project reproduce $fuzzer
29 |
30 |
31 | It builds the fuzzer from the most recent successful OSS-Fuzz build (usually last night's sources)
32 | and feeds the testcase file to the target function.
33 |
34 | E.g. for [libxml2](../projects/libxml2) project with fuzzer named `libxml2_xml_read_memory_fuzzer`, it will be:
35 |
36 |
37 | docker run --rm -ti -v ~/Downloads/testcase:/testcase ossfuzz/libxml2 reproduce libxml2_xml_read_memory_fuzzer
38 |
39 | - *Reproduce using local source checkout:*
40 |
41 |
42 | docker run --rm -ti -v $local_source_checkout_dir:/src/$project \
43 | -v $testcase_file_absolute_path:/testcase ossfuzz/$project reproduce $fuzzer
44 |
45 |
46 | This is essentially the previous command that additionally mounts local sources into the running container.
47 | - *Fix issue*. Write a patch to fix the issue in your local checkout and then use the previous command to verify the fix (i.e. no crash occurred).
48 | [Use gdb](debugging.md#debugging-fuzzers-with-gdb) if needed.
49 | - *Submit fix*. Submit the fix in the project's repository. ClusterFuzz will automatically pick up the changes, recheck the testcase and will close the issue (in < 1 day).
50 | - *Improve fuzzing support*. Consider [improving fuzzing support](ideal_integration.md) in your project's build and test system.
51 |
--------------------------------------------------------------------------------
/infra/README.md:
--------------------------------------------------------------------------------
1 | # infra
2 | > OSS-Fuzz project infrastructure
3 |
4 | Core infrastructure:
5 | * [`base-images`](base-images/) - docker images for building fuzz targets & corresponding jenkins
6 | pipeline.
7 |
8 | Continuous Integration infrastracture:
9 |
10 | * [`libfuzzer-pipeline.groovy`](libfuzzer-pipeline.groovy/) - jenkins pipeline that runs for each OSS-Fuzz
11 | project.
12 | * [`docker-cleanup`](docker-cleanup/) - jenkins pipeline to clean stale docker images & processes.
13 | * [`push-images`](push-images/) - jenkins pipeline to push built base images.
14 | * [`jenkins-cluster`](jenkins-cluster/) - kubernetes cluster definition for our jenkins-based build (not operational yet,
15 | [#10](https://github.com/google/oss-fuzz/issues/10)).
16 |
17 | ## helper.py
18 | > script to automate common docker operations
19 |
20 | | Command | Description |
21 | |---------|-------------
22 | | `generate` | Generates skeleton files for a new project |
23 | | `build_image` | Builds a docker image for a given project |
24 | | `build_fuzzers` | Builds fuzz targets for a given project |
25 | | `run_fuzzer` | Runs a fuzz target in a docker container |
26 | | `coverage` | Runs a fuzz target in a docker container and computes a coverage report |
27 | | `shell` | Starts a shell inside the docker image for a project |
28 |
--------------------------------------------------------------------------------
/infra/auto-setup/build_status.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | import codecs
4 | import datetime
5 | import os
6 | import subprocess
7 |
8 | import jenkins
9 | import jinja2
10 | from jinja2 import Environment, FileSystemLoader
11 |
12 | JENKINS_SERVER = ('localhost', 8080)
13 | LOGS_BUCKET = 'oss-fuzz-build-logs'
14 |
15 | SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
16 |
17 |
18 | class Result(object):
19 | """Result."""
20 |
21 | def __init__(self, name, output):
22 | self.name = name
23 | self.output = output
24 |
25 |
26 | def get_build_results(server):
27 | """Return successes, failures."""
28 | successes = []
29 | failures = []
30 |
31 | for job in server.get_jobs(1):
32 | try:
33 | name = job['fullname']
34 | if not name.startswith('projects/'):
35 | continue
36 |
37 | print name
38 | project = name[len('projects/'):]
39 |
40 | info = server.get_job_info(name)
41 | last_build_number = info['lastCompletedBuild']['number']
42 | last_failed_builder_number = info['lastFailedBuild']['number']
43 |
44 | if last_build_number == last_failed_builder_number:
45 | failures.append(Result(
46 | project,
47 | server.get_build_console_output(name, last_build_number)))
48 | else:
49 | successes.append(Result(
50 | project,
51 | server.get_build_console_output(name, last_build_number)))
52 | except Exception:
53 | pass
54 |
55 | return successes, failures
56 |
57 |
58 | def upload_status(successes, failures):
59 | """Upload main status page."""
60 | env = Environment(loader=FileSystemLoader(os.path.join(SCRIPT_DIR,
61 | 'templates')))
62 | with open('status.html', 'w') as f:
63 | f.write(
64 | env.get_template('status_template.html').render(
65 | failures=failures, successes=successes,
66 | last_updated=datetime.datetime.utcnow().ctime()))
67 |
68 | subprocess.check_output(['gsutil', 'cp', 'status.html', 'gs://' +
69 | LOGS_BUCKET], stderr=subprocess.STDOUT)
70 |
71 |
72 | def upload_build_logs(successes, failures):
73 | """Upload individual build logs."""
74 | for result in failures + successes:
75 | with codecs.open('latest.txt', 'w', encoding='utf-8') as f:
76 | f.write(result.output)
77 |
78 | subprocess.check_output(['gsutil', 'cp', 'latest.txt',
79 | 'gs://%s/build_logs/%s/' %
80 | (LOGS_BUCKET, result.name)],
81 | stderr=subprocess.STDOUT)
82 |
83 |
84 | def main():
85 | jenkins_login = get_jenkins_login()
86 | server = jenkins.Jenkins('http://%s:%d' % JENKINS_SERVER,
87 | username=jenkins_login[0], password=jenkins_login[1])
88 |
89 | successes, failures = get_build_results(server)
90 | upload_status(successes, failures)
91 | upload_build_logs(successes, failures)
92 |
93 |
94 | def get_jenkins_login():
95 | """Returns (username, password) for jenkins."""
96 | username = os.getenv('JENKINS_USER')
97 | password = os.getenv('JENKINS_PASS')
98 | return username, password
99 |
100 |
101 | if __name__ == '__main__':
102 | main()
103 |
--------------------------------------------------------------------------------
/infra/auto-setup/jenkins_config/base_job.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | false
6 |
7 |
8 |
9 |
10 |
11 |
12 | infra/base-images
13 |
14 | SUCCESS
15 | 0
16 | BLUE
17 | true
18 |
19 |
20 |
21 | H/15 * * * *
22 | false
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
--------------------------------------------------------------------------------
/infra/auto-setup/requirements.txt:
--------------------------------------------------------------------------------
1 | python-jenkins
2 | jinja2
3 | PyYAML
4 |
--------------------------------------------------------------------------------
/infra/auto-setup/sync.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """Script to sync CF and Jenkins jobs."""
3 |
4 | import json
5 | import os
6 | import sys
7 | import urllib2
8 | import yaml
9 | import xml.etree.ElementTree as ET
10 |
11 | import jenkins
12 |
13 | JENKINS_SERVER = ('localhost', 8080)
14 |
15 | SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
16 | OSSFUZZ_DIR = os.path.dirname(os.path.dirname(SCRIPT_DIR))
17 |
18 | SCRIPT_TEMPLATE = """
19 | def libfuzzerBuild = fileLoader.fromGit('infra/libfuzzer-pipeline.groovy', 'https://github.com/google/oss-fuzz.git')
20 | libfuzzerBuild { project_json = %(project_json)s }
21 | """
22 |
23 | def main():
24 | # Connect to jenkins server.
25 | jenkins_login = get_jenkins_login()
26 | server = jenkins.Jenkins('http://%s:%d' % JENKINS_SERVER,
27 | username=jenkins_login[0], password=jenkins_login[1])
28 |
29 | for project in get_projects():
30 | print 'syncing configs for', project
31 | try:
32 | # Create/update jenkins build job.
33 | sync_jenkins_job(server, project)
34 |
35 | except Exception as e:
36 | print >>sys.stderr, 'Failed to setup job with exception', e
37 |
38 |
39 | def get_projects():
40 | """Return list of projects for oss-fuzz."""
41 | projects = []
42 | projects_dir = os.path.join(OSSFUZZ_DIR, 'projects')
43 | for name in os.listdir(projects_dir):
44 | if os.path.isdir(os.path.join(projects_dir, name)):
45 | projects.append(name)
46 |
47 | if not projects:
48 | print >>sys.stderr, 'No projects found.'
49 |
50 | return projects
51 |
52 |
53 | def get_jenkins_login():
54 | """Returns (username, password) for jenkins."""
55 | username = os.getenv('JENKINS_USER')
56 | password = os.getenv('JENKINS_PASS')
57 |
58 | return username, password
59 |
60 |
61 | def sync_jenkins_job(server, project):
62 | """Sync the config with jenkins."""
63 | project_yaml = os.path.join(OSSFUZZ_DIR, 'projects', project, 'project.yaml')
64 | with open(project_yaml, 'r') as f:
65 | project_json_string = json.dumps(json.dumps(yaml.safe_load(f)))
66 |
67 | job_name = 'projects/' + project
68 | job_definition = ET.parse(os.path.join(SCRIPT_DIR, 'jenkins_config',
69 | 'base_job.xml'))
70 | script = job_definition.findall('.//definition/script')[0]
71 | script.text = SCRIPT_TEMPLATE % { "project_json": project_json_string}
72 | job_config_xml = ET.tostring(job_definition.getroot())
73 |
74 | if server.job_exists(job_name):
75 | server.reconfig_job(job_name, job_config_xml)
76 | else:
77 | server.create_job(job_name, job_config_xml)
78 | server.build_job(job_name)
79 |
80 |
81 | if __name__ == '__main__':
82 | main()
83 |
--------------------------------------------------------------------------------
/infra/auto-setup/templates/status_template.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | OSS Fuzz Build Status
5 |
6 |
7 | Failing builds
8 |
13 | Healthy builds
14 |
19 | Last updated {{ last_updated }} (UTC)
20 |
21 |
--------------------------------------------------------------------------------
/infra/base-images/Jenkinsfile:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 | //
15 | ////////////////////////////////////////////////////////////////////////////////
16 |
17 | // Jenkins build script for base images.
18 |
19 | def dockerOptions="--no-cache"
20 |
21 | node {
22 | git url: 'https://github.com/google/oss-fuzz/'
23 |
24 |
25 | dir ("infra/base-images") {
26 | stage name: 'ossfuzz/base', concurrency: 1
27 | sh "docker build $dockerOptions --pull -t ossfuzz/base base"
28 |
29 | stage name: 'ossfuzz/base-clang', concurrency: 1
30 | sh "docker build $dockerOptions -t ossfuzz/base-clang base-clang"
31 |
32 | stage name: 'ossfuzz/base-libfuzzer', concurrency: 1
33 | sh "docker build $dockerOptions -t ossfuzz/base-libfuzzer base-libfuzzer"
34 |
35 | stage name: 'ossfuzz/base-runner', concurrency: 1
36 | sh "docker build $dockerOptions -t ossfuzz/base-runner base-runner"
37 |
38 | stage name: 'ossfuzz/libfuzzer-runner', concurrency: 1
39 | sh "docker build $dockerOptions -t ossfuzz/libfuzzer-runner libfuzzer-runner"
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/infra/base-images/README.md:
--------------------------------------------------------------------------------
1 | Building all infra images:
2 |
3 | ```bash
4 | # run from project root
5 | infra/base-images/all.sh
6 | ```
7 |
--------------------------------------------------------------------------------
/infra/base-images/all.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eux
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | docker build --pull -t ossfuzz/base $@ infra/base-images/base
19 | docker build -t ossfuzz/base-clang $@ infra/base-images/base-clang
20 | docker build -t ossfuzz/base-libfuzzer $@ infra/base-images/base-libfuzzer
21 | docker build -t ossfuzz/base-runner $@ infra/base-images/base-runner
22 | docker build -t ossfuzz/libfuzzer-runner $@ infra/base-images/libfuzzer-runner
23 |
--------------------------------------------------------------------------------
/infra/base-images/base-clang/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | # Docker image with head clang installed.
18 |
19 | FROM ossfuzz/base
20 | MAINTAINER mike.aizatsky@gmail.com
21 |
22 | RUN apt-get install -y libc6-dev binutils libgcc-5-dev
23 |
24 | COPY checkout_build_install_llvm.sh /root/
25 | # Keep all steps in the same script to decrease the number of intermediate
26 | # layes in docker file.
27 | RUN /root/checkout_build_install_llvm.sh
28 | RUN rm /root/checkout_build_install_llvm.sh
29 |
30 | # Setup the environment.
31 | ENV CC "clang"
32 | ENV CXX "clang++"
33 | ENV CCC "clang++"
34 |
35 | ENV CFLAGS "-g"
36 | ENV CXXFLAGS_EXTRA "-stdlib=libc++"
37 | ENV CXXFLAGS "$CFLAGS $CXXFLAGS_EXTRA"
38 |
--------------------------------------------------------------------------------
/infra/base-images/base-clang/checkout_build_install_llvm.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eux
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | LLVM_DEP_PACKAGES="build-essential make cmake ninja-build git python2.7"
19 | apt-get install -y $LLVM_DEP_PACKAGES
20 |
21 | # Checkout
22 | cd $SRC && git clone --depth 1 http://llvm.org/git/llvm.git
23 | cd $SRC/llvm/tools && git clone --depth 1 http://llvm.org/git/clang.git
24 | cd $SRC/llvm/projects && git clone --depth 1 http://llvm.org/git/compiler-rt.git
25 | cd $SRC/llvm/projects && git clone --depth 1 http://llvm.org/git/libcxx.git
26 | cd $SRC/llvm/projects && git clone --depth 1 http://llvm.org/git/libcxxabi.git
27 |
28 | # Build & Install
29 | mkdir -p $WORK/llvm
30 | cd $WORK/llvm
31 | cmake -G "Ninja" \
32 | -DLIBCXX_ENABLE_SHARED=OFF -DLIBCXX_ENABLE_STATIC_ABI_LIBRARY=ON \
33 | -DCMAKE_BUILD_TYPE=Release -DLLVM_TARGETS_TO_BUILD="X86" \
34 | $SRC/llvm
35 | ninja
36 | ninja install
37 | rm -rf $WORK/llvm
38 |
39 | # Copy libfuzzer sources
40 | mkdir $SRC/libfuzzer
41 | cp -r $SRC/llvm/lib/Fuzzer/* $SRC/libfuzzer/
42 |
43 | cp $SRC/llvm/tools/sancov/coverage-report-server.py /usr/local/bin/
44 |
45 | # Cleanup
46 | rm -rf $SRC/llvm
47 | apt-get remove --purge -y $LLVM_DEP_PACKAGES
48 | apt-get autoremove -y
49 |
--------------------------------------------------------------------------------
/infra/base-images/base-libfuzzer/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-clang
18 | MAINTAINER mike.aizatsky@gmail.com
19 | RUN apt-get install -y git subversion jq python3 zip
20 |
21 | ENV SANITIZER_FLAGS="-fsanitize=address"
22 | ENV COV_FLAGS="-fsanitize-coverage=edge,indirect-calls,8bit-counters"
23 | ENV ASAN_OPTIONS="symbolize=1:detect_leaks=0"
24 | ENV FUZZER_LDFLAGS ""
25 |
26 | COPY coverage_report compile srcmap reproduce run just_run \
27 | /usr/local/bin/
28 |
29 | WORKDIR $SRC
30 | CMD ["compile"]
31 |
32 |
--------------------------------------------------------------------------------
/infra/base-images/base-libfuzzer/README.md:
--------------------------------------------------------------------------------
1 | # base-libfuzzer
2 | > Abstract base image for libfuzzer builders.
3 |
4 | Every project image supports multiple commands that can be invoked through docker after the image is built:
5 |
6 |
7 | docker run --rm -ti ossfuzz/$project <command> <arguments...>
8 |
9 |
10 | # Supported Commands
11 |
12 | | Command | Description |
13 | |---------|-------------|
14 | | `compile` (default) | build all fuzz targets
15 | | `reproduce ` | build all fuzz targets and run specified one with testcase `/testcase` and given options.
16 | | `run ` | build all fuzz targets and run specified one with given options.
17 | | `/bin/bash` | drop into shell, execute `compile` script to start build.
18 |
19 | # Examples
20 |
21 | - *Reproduce using latest OSS-Fuzz build:*
22 |
23 |
24 | docker run --rm -ti -v $testcase_file:/testcase ossfuzz/$project reproduce $fuzzer
25 |
26 |
27 | - *Reproduce using local source checkout:*
28 |
29 |
30 | docker run --rm -ti -v $local_source_checkout_dir:/src/$project \
31 | -v $testcase_file:/testcase ossfuzz/$project reproduce $fuzzer
32 |
33 |
34 |
35 | # Image Files Layout
36 |
37 | | Location | Description |
38 | | -------- | ---------- |
39 | | `/out/` (`$OUT`) | Directory to store build artifacts (fuzz targets, dictionaries, options files, seed corpus archives). |
40 | | `/src/` (`$SRC`) | Directory to checkout source files |
41 | | `/work/`(`$WORK`) | Directory for storing intermediate files |
42 | | `/usr/lib/libfuzzer.a` | Location of prebuilt libFuzzer library that needs to be linked into all fuzz targets (`-lfuzzer`). |
43 |
44 | While files layout is fixed within a container, `$SRC`, `$OUT`, `$WORK` are
45 | provided to be able to write retargetable scripts.
46 |
47 |
48 | ## Compiler Flags
49 |
50 | You *must* use special compiler flags to build your project and fuzz targets.
51 | These flags are provided in following environment variables:
52 |
53 | | Env Variable | Description
54 | | ------------- | --------
55 | | `$CC` | The C compiler binary.
56 | | `$CXX`, `$CCC` | The C++ compiler binary.
57 | | `$CFLAGS` | C compiler flags.
58 | | `$CXXFLAGS` | C++ compiler flags.
59 |
60 | Most well-crafted build scripts will automatically use these variables. If not,
61 | pass them manually to the build tool.
62 |
63 |
64 | # Child Image Interface
65 |
66 | ## Sources
67 |
68 | Child image has to checkout all sources that it needs to compile fuzz targets into
69 | `$SRC` directory. When the image is executed, a directory could be mounted on top
70 | of these with local checkouts using
71 | `docker run -v $HOME/my_project:/src/my_project ...`.
72 |
73 | ## Other Required Files
74 |
75 | Following files have to be added by child images:
76 |
77 | | File Location | Description |
78 | | ------------- | ----------- |
79 | | `$SRC/build.sh` | build script to build the project and its fuzz targets |
80 |
--------------------------------------------------------------------------------
/infra/base-images/base-libfuzzer/compile:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | echo "---------------------------------------------------------------"
19 |
20 | pushd . > /dev/null 2>&1
21 |
22 | echo -n "Compiling libFuzzer into /usr/lib/libfuzzer.a ..."
23 | mkdir -p $WORK/libfuzzer
24 | cd $WORK/libfuzzer
25 | $CXX $CXXFLAGS -std=c++11 $SANITIZER_FLAGS -c $SRC/libfuzzer/*.cpp -I$SRC/libfuzzer
26 | ar ruv /usr/lib/libfuzzer.a $WORK/libfuzzer/*.o > /dev/null 2>&1
27 | echo " done."
28 |
29 | export CFLAGS="$CFLAGS $SANITIZER_FLAGS $COV_FLAGS"
30 | export CXXFLAGS="$CFLAGS $CXXFLAGS_EXTRA"
31 |
32 | echo "CC=$CC"
33 | echo "CXX=$CXX"
34 | echo "CFLAGS=$CFLAGS"
35 | echo "CXXFLAGS=$CXXFLAGS"
36 |
37 | echo "---------------------------------------------------------------"
38 |
39 | popd >/dev/null 2>&1
40 | bash -x $SRC/build.sh
41 |
--------------------------------------------------------------------------------
/infra/base-images/base-libfuzzer/coverage_report:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | BINARY=$1
19 |
20 | sancov -symbolize *.sancov -strip_path_prefix=/ $BINARY > cov.symcov
21 |
22 | (sleep 3; echo ; echo "Navigate to see coverage: http://127.0.0.1:8001/"; echo) &
23 | /usr/local/bin/coverage-report-server.py --host 0.0.0.0 --symcov cov.symcov --srcpath /
24 |
25 |
--------------------------------------------------------------------------------
/infra/base-images/base-libfuzzer/just_run:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # Fuzzer runner. Appends .options arguments and seed corpus to users args.
19 | # Usage: $0
20 |
21 | cd $OUT
22 | export PATH="$OUT:$PATH"
23 |
24 | FUZZER=$1
25 | shift
26 | CMD_LINE="$FUZZER $@"
27 |
28 | OPTIONS_FILE="${FUZZER}.options"
29 | if [ -f $OPTIONS_FILE ]; then
30 | OPTIONS_ARGS=$(grep "=" $OPTIONS_FILE | sed 's/\(\w*\)\W*=\W*\(.*\)/-\1=\2 /g' | tr '\n' ' ')
31 | CMD_LINE="$CMD_LINE $OPTIONS_ARGS"
32 | fi
33 |
34 | SEED_CORPUS="${FUZZER}_seed_corpus.zip"
35 | if [ -f $SEED_CORPUS ]; then
36 | rm -rf /tmp/seed_corpus/ && mkdir /tmp/seed_corpus/
37 | unzip -d /tmp/seed_corpus/ $SEED_CORPUS
38 | CMD_LINE="$CMD_LINE /tmp/seed_corpus/"
39 | fi
40 |
41 | echo $CMD_LINE
42 | bash -c "$CMD_LINE"
43 |
--------------------------------------------------------------------------------
/infra/base-images/base-libfuzzer/reproduce:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eux
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | FUZZER=$1
19 | shift
20 | TESTCASE="/testcase"
21 |
22 | if [ ! -f $TESTCASE ]; then
23 | echo "Error: $TESTCASE not found, use: docker run -v :$TESTCASE ..."
24 | exit 1
25 | fi
26 |
27 |
28 | compile
29 | export PATH=/out:$PATH
30 | cd /out
31 |
32 | $FUZZER $@ $TESTCASE
33 |
34 |
--------------------------------------------------------------------------------
/infra/base-images/base-libfuzzer/run:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eux
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | compile
19 | just_run $@
20 |
--------------------------------------------------------------------------------
/infra/base-images/base-libfuzzer/srcmap:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # Deterimine srcmap of checked out source code
19 |
20 | SRCMAP=$(tempfile)
21 | echo "{}" > $SRCMAP
22 |
23 | # $1 - json file, $2 - jq program
24 | function jq_inplace() {
25 | F=$(tempfile) && cat $1 | jq "$2" > $F && mv $F $1
26 | }
27 |
28 | # Git
29 | for DOT_GIT_DIR in $(find $SRC -name ".git" -type d); do
30 | GIT_DIR=$(dirname $DOT_GIT_DIR)
31 | cd $GIT_DIR
32 | GIT_URL=$(git config --get remote.origin.url)
33 | GIT_REV=$(git rev-parse HEAD)
34 | jq_inplace $SRCMAP ".\"$GIT_DIR\" = { type: \"git\", url: \"$GIT_URL\", rev: \"$GIT_REV\" }"
35 | done
36 |
37 | # Subversion
38 | for DOT_SVN_DIR in $(find $SRC -name ".svn" -type d); do
39 | SVN_DIR=$(dirname $DOT_SVN_DIR)
40 | cd $SVN_DIR
41 | SVN_URL=$(svn info | grep "^URL:" | sed 's/URL: //g')
42 | SVN_REV=$(svn info -r HEAD | grep "^Revision:" | sed 's/Revision: //g')
43 | jq_inplace $SRCMAP ".\"$SVN_DIR\" = { type: \"svn\", url: \"$SVN_URL\", rev: \"$SVN_REV\" }"
44 | done
45 |
46 | # Mercurial
47 | for DOT_HG_DIR in $(find $SRC -name ".hg" -type d); do
48 | HG_DIR=$(dirname $DOT_HG_DIR)
49 | cd $HG_DIR
50 | HG_URL=$(hg paths default)
51 | HG_REV=$(hg --debug id -i)
52 | jq_inplace $SRCMAP ".\"$HG_DIR\" = { type: \"hg\", url: \"$HG_URL\", rev: \"$HG_REV\" }"
53 | done
54 |
55 | cat $SRCMAP
56 | rm $SRCMAP
57 |
--------------------------------------------------------------------------------
/infra/base-images/base-runner/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base
18 | MAINTAINER mike.aizatsky@gmail.com
19 | RUN apt-get install -y zip
20 | COPY llvm-symbolizer test_all run_fuzzer /usr/local/bin/
21 | ENV ASAN_OPTIONS="symbolize=1:detect_leaks=0"
22 |
23 |
--------------------------------------------------------------------------------
/infra/base-images/base-runner/README.md:
--------------------------------------------------------------------------------
1 | # base-runner
2 | > Base image for fuzzer runners.
3 |
4 | ```bash
5 | docker run -ti ossfuzz/base-runner
6 | ```
7 |
8 | ## Commands
9 |
10 | | Command | Description |
11 | |---------|-------------|
12 | | `run_fuzzer ` | runs specified fuzzer combining options with `.options` file |
13 | | `test_all` | runs every binary in `/out` as a fuzzer for a while to ensure it works. |
14 |
15 |
--------------------------------------------------------------------------------
/infra/base-images/base-runner/llvm-symbolizer:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/infra/base-images/base-runner/llvm-symbolizer
--------------------------------------------------------------------------------
/infra/base-images/base-runner/run_fuzzer:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # Fuzzer runner. Appends .options arguments and seed corpus to users args.
19 | # Usage: $0
20 |
21 | cd $OUT
22 |
23 | FUZZER=$1
24 | shift
25 | CMD_LINE="$FUZZER $@"
26 |
27 | OPTIONS_FILE="${FUZZER}.options"
28 | if [ -f $OPTIONS_FILE ]; then
29 | OPTIONS_ARGS=$(grep "=" $OPTIONS_FILE | sed 's/\(\w*\)\W*=\W*\(.*\)/-\1=\2 /g' | tr '\n' ' ')
30 | CMD_LINE="$CMD_LINE $OPTIONS_ARGS"
31 | fi
32 |
33 | SEED_CORPUS="${FUZZER}_seed_corpus.zip"
34 | if [ -f $SEED_CORPUS ]; then
35 | rm -rf /tmp/seed_corpus/ && mkdir /tmp/seed_corpus/
36 | unzip -d /tmp/seed_corpus/ $SEED_CORPUS
37 | CMD_LINE="$CMD_LINE /tmp/seed_corpus/"
38 | fi
39 |
40 | echo $CMD_LINE
41 | bash -c "$CMD_LINE"
42 |
--------------------------------------------------------------------------------
/infra/base-images/base-runner/test_all:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # Test fuzzers
19 |
20 | REPORT_DIR="/junit_reports"
21 | mkdir -p $REPORT_DIR
22 |
23 | set -o pipefail
24 |
25 | N=0
26 | for FUZZER_BINARY in $(find $OUT/ -executable -type f); do
27 | FUZZER=$(basename $FUZZER_BINARY)
28 | echo "testing $FUZZER"
29 | out=$(tempfile)
30 | run_fuzzer $FUZZER -runs=32 | tee $out
31 | N=$[$N+1]
32 |
33 | REPORT_TEXT=$(cat <<-EOF
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 | EOF
42 | )
43 | echo $REPORT_TEXT > /junit_reports/$FUZZER.xml
44 | done
45 |
46 | if [ "$N" -eq "0" ]; then
47 | echo "ERROR: no fuzzers found in $OUT/"
48 | ls -al $OUT
49 | exit 1
50 | fi
51 |
52 | echo "$N fuzzers total"
53 |
54 |
--------------------------------------------------------------------------------
/infra/base-images/base/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | # Base image for all other images.
18 |
19 | FROM ubuntu:16.04
20 | MAINTAINER mike.aizatsky@gmail.com
21 | ENV DEBIAN_FRONTEND noninteractive
22 | RUN apt-get update
23 | RUN apt-get upgrade -y
24 | RUN apt-get autoremove -y
25 |
26 | ENV OUT=/out
27 | ENV SRC=/src
28 | ENV WORK=/work
29 |
30 | RUN mkdir -p $OUT $SRC $WORK && chmod a+rwx $OUT $SRC $WORK
31 | ENV PATH="$PATH:/out"
32 |
33 |
--------------------------------------------------------------------------------
/infra/base-images/libfuzzer-runner/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-runner
18 | MAINTAINER mike.aizatsky@gmail.com
19 | RUN apt-get install -y gdb zip
20 |
21 |
--------------------------------------------------------------------------------
/infra/docker-cleanup/Jenkinsfile:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 | //
15 | ////////////////////////////////////////////////////////////////////////////////
16 |
17 | // Jenkins build script for periodic docker images cleanup.
18 |
19 | node {
20 | stage name: 'processes', concurrency: 1
21 | sh "docker rm \$(docker ps -a -q) || true"
22 |
23 | stage name: 'images', concurrency: 1
24 | sh "docker rmi \$(docker images -q -f dangling=true) || true"
25 |
26 | stage name: 'volumes', concurrency: 1
27 | sh "docker volume rm \$(docker volume ls -qf dangling=true) || true"
28 |
29 | stage name: 'info', concurrency: 1
30 | sh "docker info"
31 | sh "df -h"
32 |
33 | // Show docker images tree
34 | // sh "docker run --rm -v /var/run/docker.sock:/var/run/docker.sock nate/dockviz images -t"
35 | }
36 |
--------------------------------------------------------------------------------
/infra/jenkins-cluster/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM jenkins
18 | MAINTAINER mike.aizatsky@gmail.com
19 | USER root
20 |
21 | ENV DEBIAN_FRONTEND noninteractive
22 | RUN apt-get update && apt-get upgrade -y
23 |
24 | # should not be newer than container's.
25 | ENV DOCKER_ENGINE_VERSION="1.11.2-0~jessie"
26 |
27 | # Install docker
28 | # /var/run/docker.sock will be mounted to a host.
29 | RUN apt-get install -y apt-transport-https ca-certificates
30 | RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
31 | RUN echo "deb https://apt.dockerproject.org/repo debian-jessie main" > /etc/apt/sources.list.d/docker.list
32 | RUN apt-get update
33 | RUN apt-cache policy docker-engine
34 | RUN apt-get install -y docker-engine=$DOCKER_ENGINE_VERSION
35 |
--------------------------------------------------------------------------------
/infra/jenkins-cluster/build-images.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eux
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | PROJECT="gcr.io/meta-iterator-105109"
19 | DIR=$(dirname $0)
20 |
21 | docker build --pull -t $PROJECT/jenkins $DIR/
22 | gcloud docker -- push $PROJECT/jenkins
23 |
--------------------------------------------------------------------------------
/infra/jenkins-cluster/jenkins.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: extensions/v1beta1
2 | kind: Deployment
3 | metadata:
4 | name: jenkins
5 | spec:
6 | replicas: 1
7 | template:
8 | metadata:
9 | name: jenkins-master
10 | labels:
11 | app: jenkins-master
12 | spec:
13 | containers:
14 | - name: jenkins
15 | image: gcr.io/meta-iterator-105109/jenkins
16 | env:
17 | - name: KUB_POD_NAME
18 | valueFrom:
19 | fieldRef:
20 | fieldPath: metadata.name
21 | - name: KUB_POD_IP
22 | valueFrom:
23 | fieldRef:
24 | fieldPath: status.podIP
25 | - name: JAVA_OPTS
26 | value: "-Duser.timezone=America/Los_Angeles"
27 | ports:
28 | - containerPort: 8080
29 | - containerPort: 50000
30 | volumeMounts:
31 | - name: jenkins-home
32 | mountPath: "/var/jenkins_home"
33 | - name: docker-sock
34 | mountPath: "/var/run/docker.sock"
35 | # - name: dockerhub-login-secret
36 | # mountPath: "/var/secrets/dockerhub-login"
37 | livenessProbe:
38 | httpGet:
39 | path: "/login"
40 | port: 8080
41 | initialDelaySeconds: 60
42 | timeoutSeconds: 15
43 | resources:
44 | requests:
45 | memory: "4Gi"
46 | securityContext:
47 | privileged: true
48 | volumes:
49 | - name: jenkins-home
50 | gcePersistentDisk:
51 | pdName: oss-cluster-jenkins-work
52 | fsType: ext4
53 | - name: docker-sock
54 | hostPath:
55 | path: /var/run/docker.sock
56 | # - name: dockerhub-login-secret
57 | # secret:
58 | # secretName: dockerhub-login
59 |
--------------------------------------------------------------------------------
/infra/jenkins-cluster/service-jenkins-http.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: jenkins-http
5 | spec:
6 | type: LoadBalancer
7 | selector:
8 | app: jenkins-master
9 | ports:
10 | - port: 80
11 | targetPort: 8080
12 |
--------------------------------------------------------------------------------
/infra/jenkins-cluster/service-jenkins-master.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: jenkins-master
5 | labels:
6 | app: jenkins-master
7 | spec:
8 | type: NodePort
9 | selector:
10 | app: jenkins-master
11 | ports:
12 | - port: 50000
13 | targetPort: 50000
14 | nodePort: 31001
15 | protocol: TCP
16 |
--------------------------------------------------------------------------------
/infra/push-images/Jenkinsfile:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 | //
15 | ////////////////////////////////////////////////////////////////////////////////
16 |
17 | // Jenkins build script to push docker images to docker repository.
18 |
19 | def images = ['ossfuzz/base', 'ossfuzz/base-clang', 'ossfuzz/base-libfuzzer',
20 | 'ossfuzz/base-runner', 'ossfuzz/libfuzzer-runner']
21 |
22 | node() {
23 | docker.withRegistry('', 'docker-login') {
24 | for (int i = 0; i < images.size(); i++) {
25 | def image = images[i]
26 | stage name: "$image"
27 | docker.image(image).push()
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/infra/templates.py:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | PROJECT_YAML_TEMPLATE = """\
18 | homepage: ""
19 | primary_contact: ""
20 | """
21 |
22 | DOCKER_TEMPLATE = """\
23 | # Copyright 2016 Google Inc.
24 | #
25 | # Licensed under the Apache License, Version 2.0 (the "License");
26 | # you may not use this file except in compliance with the License.
27 | # You may obtain a copy of the License at
28 | #
29 | # http://www.apache.org/licenses/LICENSE-2.0
30 | #
31 | # Unless required by applicable law or agreed to in writing, software
32 | # distributed under the License is distributed on an "AS IS" BASIS,
33 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
34 | # See the License for the specific language governing permissions and
35 | # limitations under the License.
36 | #
37 | ################################################################################
38 |
39 | FROM ossfuzz/base-libfuzzer
40 | MAINTAINER your@email.com
41 | RUN apt-get install -y make autoconf automake libtool
42 | RUN git clone --depth 1 %(project_name)s # or use other version control
43 | WORKDIR %(project_name)s
44 | COPY build.sh $src/
45 | """
46 |
47 | BUILD_TEMPLATE = """\
48 | #!/bin/bash -eu
49 | # Copyright 2016 Google Inc.
50 | #
51 | # Licensed under the Apache License, Version 2.0 (the "License");
52 | # you may not use this file except in compliance with the License.
53 | # You may obtain a copy of the License at
54 | #
55 | # http://www.apache.org/licenses/LICENSE-2.0
56 | #
57 | # Unless required by applicable law or agreed to in writing, software
58 | # distributed under the License is distributed on an "AS IS" BASIS,
59 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
60 | # See the License for the specific language governing permissions and
61 | # limitations under the License.
62 | #
63 | ################################################################################
64 |
65 | # build project
66 | # e.g.
67 | # ./autogen.sh
68 | # ./configure
69 | # make -j$(nproc) all
70 |
71 | # build fuzzers
72 | # e.g.
73 | # $CXX $CXXFLAGS -std=c++11 -Iinclude \\
74 | # /path/to/name_of_fuzzer.cc -o /out/name_of_fuzzer \\
75 | # -lfuzzer /path/to/library.a
76 | """
77 |
--------------------------------------------------------------------------------
/projects/all.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | #
3 | # Copyright 2016 Google Inc.
4 | #
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 | ################################################################################
18 |
19 | for project in projects/*; do
20 | if [[ -f $project ]]; then continue; fi
21 | echo "@ Building $project"
22 | docker build -t ossfuzz/$project $project/
23 |
24 | # Execute command ($1) if any
25 | case ${1-} in
26 | "")
27 | ;;
28 | compile)
29 | docker run --rm -ti ossfuzz/$project $@
30 | ;;
31 | *)
32 | echo $"Usage: $0 {|compile}"
33 | exit 1
34 | esac
35 |
36 | done
37 |
--------------------------------------------------------------------------------
/projects/boringssl/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER mike.aizatsky@gmail.com
19 | RUN apt-get install -y cmake ninja-build golang
20 |
21 | RUN git clone --depth 1 https://boringssl.googlesource.com/boringssl
22 | COPY build.sh $SRC/
23 |
--------------------------------------------------------------------------------
/projects/boringssl/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eux
2 | #
3 | # Copyright 2016 Google Inc.
4 | #
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 | ################################################################################
18 | mkdir -p $WORK/boringssl
19 | cd $WORK/boringssl
20 |
21 | CFLAGS="$CFLAGS -DBORINGSSL_UNSAFE_FUZZER_MODE"
22 | CXXFLAGS="$CXXFLAGS -DBORINGSSL_UNSAFE_FUZZER_MODE"
23 |
24 | cmake -GNinja -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \
25 | -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS" \
26 | $SRC/boringssl/
27 | ninja
28 |
29 | fuzzerFiles=$(find $SRC/boringssl/fuzz/ -name "*.cc")
30 |
31 | find . -name "*.a"
32 |
33 | for F in $fuzzerFiles; do
34 | fuzzerName=$(basename $F .cc)
35 | echo "Building fuzzer $fuzzerName"
36 | $CXX $CXXFLAGS -std=c++11 \
37 | -o $OUT/${fuzzerName} -lfuzzer $F \
38 | -I $SRC/boringssl/include ./ssl/libssl.a ./crypto/libcrypto.a
39 |
40 | if [ -d "$SRC/boringssl/fuzz/${fuzzerName}_corpus" ]; then
41 | zip -j $OUT/${fuzzerName}_seed_corpus.zip $SRC/boringssl/fuzz/${fuzzerName}_corpus/*
42 | fi
43 | done
44 |
--------------------------------------------------------------------------------
/projects/boringssl/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://boringssl.googlesource.com/boringssl/"
2 |
--------------------------------------------------------------------------------
/projects/c-ares/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER mmoroz@chromium.org
19 | RUN apt-get install -y make autoconf automake libtool
20 | RUN git clone --depth 1 https://github.com/c-ares/c-ares.git
21 | WORKDIR c-ares
22 | COPY build.sh *_fuzzer.cc $SRC/
23 |
--------------------------------------------------------------------------------
/projects/c-ares/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # Build the project.
19 | ./buildconf
20 | ./configure --enable-debug
21 | make clean
22 | make -j$(nproc) V=1 all
23 |
24 | # Build the fuzzer.
25 | $CXX $CXXFLAGS -std=c++11 -I. \
26 | $SRC/c_ares_ares_create_query_fuzzer.cc \
27 | -o $OUT/c_ares_ares_create_query_fuzzer \
28 | -lfuzzer $SRC/c-ares/.libs/libcares.a
29 |
--------------------------------------------------------------------------------
/projects/c-ares/c_ares_ares_create_query_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | #include
16 | #include
17 |
18 | #include
19 |
20 | #include
21 |
22 | #include
23 |
24 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
25 | unsigned char *buf;
26 | int buflen;
27 | std::string s(reinterpret_cast(data), size);
28 | ares_create_query(s.c_str(), ns_c_in, ns_t_a, 0x1234, 0, &buf, &buflen, 0);
29 | ares_free_string(buf);
30 | return 0;
31 | }
32 |
--------------------------------------------------------------------------------
/projects/c-ares/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://c-ares.haxx.se/"
2 |
--------------------------------------------------------------------------------
/projects/curl/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER dvyukov@google.com
19 | RUN apt-get install -y make autoconf automake libtool libssl-dev zlib1g-dev
20 |
21 | RUN git clone --depth 1 https://github.com/curl/curl.git
22 | WORKDIR curl
23 | COPY build.sh curl_fuzzer.cc *.options *.dict $SRC/
24 |
25 |
--------------------------------------------------------------------------------
/projects/curl/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | ./buildconf
19 | ./configure --disable-shared --enable-debug --enable-maintainer-mode --disable-symbol-hiding --disable-threaded-resolver --enable-ipv6 --with-random=/dev/null
20 | make -j$(nproc)
21 | $CXX $CXXFLAGS $SRC/curl_fuzzer.cc -Iinclude lib/.libs/libcurl.a \
22 | -o $OUT/curl_fuzzer \
23 | -Wl,-Bstatic -lssl -lcrypto -lz -lfuzzer -Wl,-Bdynamic
24 |
25 | # /usr/lib/x86_64-linux-gnu/libssl.a \
26 | # /usr/lib/x86_64-linux-gnu/libcrypto.a \
27 |
28 | cp $SRC/*.dict $SRC/*.options $OUT/
29 |
--------------------------------------------------------------------------------
/projects/curl/curl_fuzzer.options:
--------------------------------------------------------------------------------
1 | [libfuzzer]
2 | max_len = 1000
3 | dict = http.dict
4 |
--------------------------------------------------------------------------------
/projects/curl/http.dict:
--------------------------------------------------------------------------------
1 | "\x0a\x0d"
2 | "HTTP/1.0"
3 | "HTTP/1.1"
4 | "100"
5 | "200"
6 | "301"
7 | "400"
8 | "Server:"
9 | "Last-Modified:"
10 | "Content-Type:"
11 | "text/html"
12 | "charset=UTF-8"
13 | "Accept-Ranges:"
14 | "bytes"
15 | "Content-Length:"
16 | "Transfer-Encoding:"
17 | "compress"
18 | "exi"
19 | "gzip"
20 | "identity"
21 | "pack200-gzip"
22 | "br"
23 | "deflate"
24 | "bzip2"
25 | "lzma"
26 | "xz"
27 | "Content-Encoding:"
28 | "chunked"
29 | "Connection:"
30 | "close"
31 | "Date:"
32 | "Expires:"
33 | "Fri, 31 Dec 1999 23:59:59 GMT"
34 | "Cache-Control:"
35 | "no-cache"
36 | "no-store"
37 | "must-revalidate"
38 | "Pragma:"
39 | "no-cache"
40 | "Host:"
41 |
42 |
--------------------------------------------------------------------------------
/projects/curl/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://curl.haxx.se/"
2 |
--------------------------------------------------------------------------------
/projects/expat/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER mike.aizatsky@gmail.com
19 | RUN apt-get install -y make autoconf automake libtool docbook2x
20 |
21 | RUN git clone --depth 1 git://git.code.sf.net/p/expat/code_git expat
22 | WORKDIR expat/expat
23 | COPY build.sh parse_fuzzer.* xml.dict $SRC/
24 |
--------------------------------------------------------------------------------
/projects/expat/Jenkinsfile:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 | //
15 | ////////////////////////////////////////////////////////////////////////////////
16 |
17 | def libfuzzerBuild = fileLoader.fromGit('infra/libfuzzer-pipeline.groovy',
18 | 'https://github.com/google/oss-fuzz.git')
19 |
20 | libfuzzerBuild {
21 | git = "git://git.code.sf.net/p/expat/code_git"
22 | sanitizers = ["address", "undefined"]
23 | }
24 |
--------------------------------------------------------------------------------
/projects/expat/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | ./buildconf.sh
19 | ./configure
20 | make clean
21 | make -j$(nproc) all
22 |
23 | $CXX $CXXFLAGS -std=c++11 -Ilib/ \
24 | $SRC/parse_fuzzer.cc -o $OUT/parse_fuzzer \
25 | -lfuzzer .libs/libexpat.a
26 |
27 | cp $SRC/*.dict $SRC/*.options $OUT/
28 |
--------------------------------------------------------------------------------
/projects/expat/parse_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include "expat.h"
7 |
8 | std::vector kEncodings = {{"UTF-16", "UTF-8", "ISO-8859-1",
9 | "US-ASCII", "UTF-16BE", "UTF-16LE",
10 | "INVALIDENCODING"}};
11 | // Entry point for LibFuzzer.
12 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
13 | const char* dataPtr = reinterpret_cast(data);
14 | for (int use_ns = 0; use_ns <= 1; ++use_ns) {
15 | for (auto enc : kEncodings) {
16 | XML_Parser parser =
17 | use_ns ? XML_ParserCreateNS(enc, '\n') : XML_ParserCreate(enc);
18 | XML_Parse(parser, dataPtr, size, true);
19 | XML_ParserFree(parser);
20 | }
21 | }
22 | return 0;
23 | }
24 |
--------------------------------------------------------------------------------
/projects/expat/parse_fuzzer.options:
--------------------------------------------------------------------------------
1 | [libfuzzer]
2 | dict = xml.dict
3 | max_len = 1024
4 |
--------------------------------------------------------------------------------
/projects/expat/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "http://expat.sourceforge.net/"
2 | sanitizers:
3 | - address
4 | - undefined
5 |
--------------------------------------------------------------------------------
/projects/expat/xml.dict:
--------------------------------------------------------------------------------
1 | #
2 | # AFL dictionary for XML
3 | # ----------------------
4 | #
5 | # Several basic syntax elements and attributes, modeled on libxml2.
6 | #
7 | # Created by Michal Zalewski
8 | #
9 |
10 | attr_encoding=" encoding=\"1\""
11 | attr_generic=" a=\"1\""
12 | attr_href=" href=\"1\""
13 | attr_standalone=" standalone=\"no\""
14 | attr_version=" version=\"1\""
15 | attr_xml_base=" xml:base=\"1\""
16 | attr_xml_id=" xml:id=\"1\""
17 | attr_xml_lang=" xml:lang=\"1\""
18 | attr_xml_space=" xml:space=\"1\""
19 | attr_xmlns=" xmlns=\"1\""
20 |
21 | entity_builtin="<"
22 | entity_decimal="�"
23 | entity_external="&a;"
24 | entity_hex="�"
25 |
26 | # keywords
27 | "ANY"
28 | "ATTLIST"
29 | "CDATA"
30 | "DOCTYPE"
31 | "ELEMENT"
32 | "EMPTY"
33 | "ENTITIES"
34 | "ENTITY"
35 | "FIXED"
36 | "ID"
37 | "IDREF"
38 | "IDREFS"
39 | "IGNORE"
40 | "IMPLIED"
41 | "INCLUDE"
42 | "NDATA"
43 | "NMTOKEN"
44 | "NMTOKENS"
45 | "NOTATION"
46 | "PCDATA"
47 | "PUBLIC"
48 | "REQUIRED"
49 | "SYSTEM"
50 |
51 | # Various tag parts
52 | "<"
53 | ">"
54 | "/>"
55 | ""
58 | ""
60 | "[]"
61 | "]]"
62 | ""
64 | "\"\""
65 | "''"
66 | "=\"\""
67 | "=''"
68 |
69 | # DTD
70 | ""
107 | tag_open=""
108 | tag_open_close=""
109 |
110 |
111 | ""
112 | "http://docboo"
113 | "http://www.w"
114 | "he30"
115 | "he2"
116 | "IET"
117 | "FDF-10"
118 | "aDUCS-4OPveb:"
119 | "a>"
120 | "UT"
121 | "xMl"
122 | "/usr/share/sg"
123 | "ha07"
124 | "http://www.oa"
125 | "cle"
126 |
--------------------------------------------------------------------------------
/projects/ffmpeg/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER mmoroz@chromium.org
19 | RUN apt-get install -y make autoconf automake libtool build-essential \
20 | libass-dev libfreetype6-dev libsdl1.2-dev \
21 | libvdpau-dev libxcb1-dev libxcb-shm0-dev \
22 | pkg-config texinfo libbz2-dev zlib1g-dev nasm yasm cmake mercurial wget \
23 | xutils-dev libpciaccess-dev
24 |
25 | RUN git clone https://git.ffmpeg.org/ffmpeg.git ffmpeg
26 |
27 | RUN wget ftp://ftp.alsa-project.org/pub/lib/alsa-lib-1.1.0.tar.bz2
28 | RUN git clone git://anongit.freedesktop.org/mesa/drm
29 | RUN git clone https://github.com/mstorsjo/fdk-aac.git
30 | RUN wget https://sourceforge.net/projects/lame/files/latest/download -O lame.tar.gz
31 | RUN git clone git://anongit.freedesktop.org/xorg/lib/libXext
32 | RUN git clone git://anongit.freedesktop.org/git/xorg/lib/libXfixes
33 | RUN git clone git://anongit.freedesktop.org/git/libva
34 | RUN git clone git://people.freedesktop.org/~aplattner/libvdpau
35 | RUN git clone https://chromium.googlesource.com/webm/libvpx
36 | RUN svn co http://svn.xiph.org/trunk/ogg
37 | RUN git clone git://git.xiph.org/opus.git
38 | RUN git clone git://git.xiph.org/theora.git
39 | RUN git clone git://git.xiph.org/vorbis.git
40 | RUN git clone git://git.videolan.org/git/x264.git
41 | RUN hg clone https://bitbucket.org/multicoreware/x265
42 |
43 | COPY build.sh group_seed_corpus.py $SRC/
44 |
--------------------------------------------------------------------------------
/projects/ffmpeg/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://www.ffmpeg.org/"
2 |
--------------------------------------------------------------------------------
/projects/file/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER mike.aizatsky@gmail.com
19 | RUN apt-get install -y make autoconf automake libtool shtool
20 | RUN git clone --depth 1 https://github.com/file/file.git
21 | WORKDIR file
22 | COPY build.sh magic_fuzzer.cc $SRC/
23 |
--------------------------------------------------------------------------------
/projects/file/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | autoreconf -i
19 | ./configure --enable-static
20 | make V=1 all
21 |
22 | $CXX $CXXFLAGS -std=c++11 -Isrc/ \
23 | $SRC/magic_fuzzer.cc -o $OUT/magic_fuzzer \
24 | -lfuzzer ./src/.libs/libmagic.a
25 |
26 | cp ./magic/magic.mgc $OUT/
27 |
28 |
--------------------------------------------------------------------------------
/projects/file/magic_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | #include
16 | #include
17 | #include
18 | #include
19 | #include
20 | #include
21 |
22 | #include
23 |
24 | struct Environment {
25 | Environment(std::string data_dir) {
26 | magic = magic_open(MAGIC_NONE);
27 | std::string magic_path = data_dir + "/magic";
28 | if (magic_load(magic, magic_path.c_str())) {
29 | fprintf(stderr, "error loading magic file: %s\n", magic_error(magic));
30 | exit(1);
31 | }
32 | }
33 |
34 | magic_t magic;
35 | };
36 |
37 | static Environment* env;
38 |
39 | extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {
40 | char* exe_path = (*argv)[0];
41 | char* dir = dirname(exe_path);
42 | env = new Environment(dir);
43 | return 0;
44 | }
45 |
46 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
47 | if (size < 1)
48 | return 0;
49 | magic_buffer(env->magic, data, size);
50 | return 0;
51 | }
52 |
--------------------------------------------------------------------------------
/projects/file/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "http://www.darwinsys.com/file/"
2 | primary_contact: "emaste@freebsd.org"
3 |
--------------------------------------------------------------------------------
/projects/freetype2/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER mike.aizatsky@gmail.com
19 | RUN apt-get install -y make autoconf libtool libarchive-dev
20 |
21 | RUN git clone --depth 1 git://git.sv.nongnu.org/freetype/freetype2.git
22 | WORKDIR freetype2
23 | COPY build.sh $SRC/
24 |
--------------------------------------------------------------------------------
/projects/freetype2/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eux
2 | #
3 | # Copyright 2016 Google Inc.
4 | #
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 | ################################################################################
18 |
19 | ./autogen.sh
20 | ./configure
21 | make -j$(nproc) clean all
22 |
23 | $CXX $CXXFLAGS -std=c++11 \
24 | -I./include -I. \
25 | ./src/tools/ftfuzzer/ftfuzzer.cc -o $OUT/ftfuzzer \
26 | ./objs/*.o -lfuzzer \
27 | /usr/lib/x86_64-linux-gnu/libarchive.a \
28 | ./objs/.libs/libfreetype.a
29 |
--------------------------------------------------------------------------------
/projects/freetype2/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://www.freetype.org/"
2 |
--------------------------------------------------------------------------------
/projects/harfbuzz/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER mmoroz@chromium.org
19 | RUN apt-get install -y make autoconf automake libtool ragel pkg-config
20 |
21 | RUN git clone --depth 1 https://anongit.freedesktop.org/git/harfbuzz.git
22 | WORKDIR harfbuzz
23 | COPY build.sh harfbuzz_fuzzer.cc $SRC/
24 |
--------------------------------------------------------------------------------
/projects/harfbuzz/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # Build the library.
19 | ./autogen.sh
20 | ./configure
21 | make -j$(nproc) clean all
22 |
23 | $CXX $CXXFLAGS -std=c++11 -Isrc \
24 | $SRC/harfbuzz_fuzzer.cc -o $OUT/harfbuzz_fuzzer \
25 | -lfuzzer src/.libs/*.o src/hb-ucdn/.libs/*.o
26 |
--------------------------------------------------------------------------------
/projects/harfbuzz/harfbuzz_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 | #include
8 |
9 | #include
10 | #include
11 |
12 | // Entry point for LibFuzzer.
13 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
14 | const char* dataPtr = reinterpret_cast(data);
15 | hb_blob_t* blob = hb_blob_create(dataPtr, size, HB_MEMORY_MODE_READONLY, NULL,
16 | NULL);
17 | hb_face_t* face = hb_face_create(blob, 0);
18 | hb_font_t* font = hb_font_create(face);
19 | hb_ot_font_set_funcs(font);
20 | hb_font_set_scale(font, 12, 12);
21 |
22 | {
23 | const char text[] = "ABCDEXYZ123@_%&)*$!";
24 | hb_buffer_t* buffer = hb_buffer_create();
25 | hb_buffer_add_utf8(buffer, text, -1, 0, -1);
26 | hb_buffer_guess_segment_properties(buffer);
27 | hb_shape(font, buffer, NULL, 0);
28 | hb_buffer_destroy(buffer);
29 | }
30 |
31 | uint32_t text32[16] = { 0 };
32 | if (size > sizeof(text32)) {
33 | memcpy(text32, data + size - sizeof(text32), sizeof(text32));
34 | hb_buffer_t* buffer = hb_buffer_create();
35 | size_t text32len = sizeof(text32) / sizeof(text32[0]);
36 | hb_buffer_add_utf32(buffer, text32, text32len, 0, -1);
37 | hb_buffer_guess_segment_properties(buffer);
38 | hb_shape(font, buffer, NULL, 0);
39 | hb_buffer_destroy(buffer);
40 | }
41 |
42 | hb_font_destroy(font);
43 | hb_face_destroy(face);
44 | hb_blob_destroy(blob);
45 | return 0;
46 | }
47 |
--------------------------------------------------------------------------------
/projects/harfbuzz/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "http://www.harfbuzz.org/"
2 |
--------------------------------------------------------------------------------
/projects/icu/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER mike.aizatsky@gmail.com
19 | RUN apt-get install -y make
20 |
21 | RUN svn co http://source.icu-project.org/repos/icu/trunk/icu4c/ icu
22 | COPY build.sh *.cc *.h *.dict *.options $SRC/
23 |
--------------------------------------------------------------------------------
/projects/icu/break_iterator_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 | #include
8 | #include "fuzzer_utils.h"
9 | #include "unicode/brkiter.h"
10 |
11 | IcuEnvironment* env = new IcuEnvironment();
12 |
13 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
14 | UErrorCode status = U_ZERO_ERROR;
15 | icu::UnicodeString str(UnicodeStringFromUtf8(data, size));
16 |
17 | auto rng = CreateRng(data, size);
18 | const icu::Locale& locale = GetRandomLocale(&rng);
19 |
20 | std::unique_ptr bi;
21 |
22 | switch (rng() % 5) {
23 | case 0:
24 | bi.reset(icu::BreakIterator::createWordInstance(locale, status));
25 | break;
26 | case 1:
27 | bi.reset(icu::BreakIterator::createLineInstance(locale, status));
28 | break;
29 | case 2:
30 | bi.reset(icu::BreakIterator::createCharacterInstance(locale, status));
31 | break;
32 | case 3:
33 | bi.reset(icu::BreakIterator::createSentenceInstance(locale, status));
34 | break;
35 | case 4:
36 | bi.reset(icu::BreakIterator::createTitleInstance(locale, status));
37 | break;
38 | }
39 | if (U_FAILURE(status)) return 0;
40 |
41 | for (int32_t p = bi->first(); p != icu::BreakIterator::DONE; p = bi->next())
42 | if (U_FAILURE(status)) return 0;
43 |
44 | return 0;
45 | }
46 |
47 |
--------------------------------------------------------------------------------
/projects/icu/break_iterator_utf32_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 | #include
8 | #include "fuzzer_utils.h"
9 | #include "unicode/brkiter.h"
10 |
11 | IcuEnvironment* env = new IcuEnvironment();
12 |
13 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
14 | UErrorCode status = U_ZERO_ERROR;
15 | icu::UnicodeString str(UnicodeStringFromUtf32(data, size));
16 |
17 | auto rng = CreateRng(data, size);
18 | const icu::Locale& locale = GetRandomLocale(&rng);
19 |
20 | std::unique_ptr bi;
21 |
22 | switch (rng() % 5) {
23 | case 0:
24 | bi.reset(icu::BreakIterator::createWordInstance(locale, status));
25 | break;
26 | case 1:
27 | bi.reset(icu::BreakIterator::createLineInstance(locale, status));
28 | break;
29 | case 2:
30 | bi.reset(icu::BreakIterator::createCharacterInstance(locale, status));
31 | break;
32 | case 3:
33 | bi.reset(icu::BreakIterator::createSentenceInstance(locale, status));
34 | break;
35 | case 4:
36 | bi.reset(icu::BreakIterator::createTitleInstance(locale, status));
37 | break;
38 | }
39 | if (U_FAILURE(status))
40 | return 0;
41 |
42 | for (int32_t p = bi->first(); p != icu::BreakIterator::DONE; p = bi->next())
43 | if (U_FAILURE(status))
44 | return 0;
45 |
46 | return 0;
47 | }
48 |
--------------------------------------------------------------------------------
/projects/icu/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eux
2 | #
3 | # Copyright 2016 Google Inc.
4 | #
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 | ################################################################################
18 |
19 | mkdir $WORK/icu
20 | cd $WORK/icu
21 |
22 | # TODO: icu build failes without -DU_USE_STRTOD_L=0
23 | DEFINES="-DU_CHARSET_IS_UTF8=1 -DU_USING_ICU_NAMESPACE=0 -DU_ENABLE_DYLOAD=0 -DU_USE_STRTOD_L=0"
24 | CFLAGS="$CFLAGS $DEFINES"
25 | CXXFLAGS="$CXXFLAGS $DEFINES"
26 |
27 | CFLAGS=$CFLAGS CXXFLAGS=$CXXFLAGS CC=$CC CXX=$CXX \
28 | /bin/bash $SRC/icu/source/runConfigureICU Linux \
29 | --with-library-bits=64 --with-data-packaging=static --enable-static --disable-shared
30 |
31 | make -j$(nproc)
32 |
33 | FUZZERS="break_iterator_fuzzer \
34 | break_iterator_utf32_fuzzer \
35 | converter_fuzzer \
36 | number_format_fuzzer \
37 | ucasemap_fuzzer \
38 | unicode_string_codepage_create_fuzzer \
39 | uregex_open_fuzzer
40 | "
41 | for fuzzer in $FUZZERS; do
42 | $CXX $CXXFLAGS -std=c++11 \
43 | $SRC/$fuzzer.cc -o $OUT/$fuzzer \
44 | -I$SRC/icu/source/common -I$SRC/icu/source/i18n -L$WORK/icu/lib \
45 | -lfuzzer -licui18n -licuuc -licutu -licudata
46 | done
47 |
48 | cp $SRC/*.dict $SRC/*.options $OUT/
49 |
--------------------------------------------------------------------------------
/projects/icu/converter_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include
9 | #include
10 | #include
11 | #include
12 |
13 | #include "fuzzer_utils.h"
14 | #include "unicode/unistr.h"
15 | #include "unicode/ucnv.h"
16 |
17 | IcuEnvironment* env = new IcuEnvironment();
18 |
19 | template
20 | using deleted_unique_ptr = std::unique_ptr>;
21 |
22 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
23 | UErrorCode status = U_ZERO_ERROR;
24 | auto rng = CreateRng(data, size);
25 | icu::UnicodeString str(UnicodeStringFromUtf8(data, size));
26 |
27 | const char* converter_name =
28 | ucnv_getAvailableName(rng() % ucnv_countAvailable());
29 |
30 | deleted_unique_ptr converter(ucnv_open(converter_name, &status),
31 | &ucnv_close);
32 |
33 | if (U_FAILURE(status))
34 | return 0;
35 |
36 | static const size_t dest_buffer_size = 1024 * 1204;
37 | static const std::unique_ptr dest_buffer(new char[dest_buffer_size]);
38 |
39 | str.extract(dest_buffer.get(), dest_buffer_size, converter.get(), status);
40 |
41 | if (U_FAILURE(status))
42 | return 0;
43 |
44 | return 0;
45 | }
46 |
--------------------------------------------------------------------------------
/projects/icu/fuzzer_utils.h:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #ifndef FUZZER_UTILS_H_
6 | #define FUZZER_UTILS_H_
7 |
8 | #include
9 | #include
10 | #include
11 |
12 | #include "unicode/locid.h"
13 | #include "unicode/uchar.h"
14 |
15 | struct IcuEnvironment {
16 | IcuEnvironment() {
17 | // nothing to initialize yet;
18 | }
19 | };
20 |
21 | // Create RNG and seed it from data.
22 | std::mt19937_64 CreateRng(const uint8_t* data, size_t size) {
23 | std::mt19937_64 rng;
24 | std::string str = std::string(reinterpret_cast(data), size);
25 | std::size_t data_hash = std::hash()(str);
26 | rng.seed(data_hash);
27 | return rng;
28 | }
29 |
30 | const icu::Locale& GetRandomLocale(std::mt19937_64* rng) {
31 | int32_t num_locales = 0;
32 | const icu::Locale* locales = icu::Locale::getAvailableLocales(num_locales);
33 | assert(num_locales > 0);
34 | return locales[(*rng)() % num_locales];
35 | }
36 |
37 | icu::UnicodeString UnicodeStringFromUtf8(const uint8_t* data, size_t size) {
38 | return icu::UnicodeString::fromUTF8(
39 | icu::StringPiece(reinterpret_cast(data), size));
40 | }
41 |
42 | icu::UnicodeString UnicodeStringFromUtf32(const uint8_t* data, size_t size) {
43 | std::vector uchars;
44 | uchars.resize(size * sizeof(uint8_t) / (sizeof(UChar32)));
45 | memcpy(uchars.data(), data, uchars.size() * sizeof(UChar32));
46 | for (size_t i = 0; i < uchars.size(); ++i) {
47 | uchars[i] = std::min(uchars[i], UCHAR_MAX_VALUE);
48 | }
49 |
50 | return icu::UnicodeString::fromUTF32(uchars.data(), uchars.size());
51 | }
52 |
53 | #endif // FUZZER_UTILS_H_
54 |
--------------------------------------------------------------------------------
/projects/icu/number_format_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | // Fuzzer for NumberFormat::parse.
6 |
7 | #include
8 | #include
9 | #include
10 | #include "fuzzer_utils.h"
11 | #include "unicode/numfmt.h"
12 |
13 | IcuEnvironment* env = new IcuEnvironment();
14 |
15 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
16 | UErrorCode status = U_ZERO_ERROR;
17 |
18 | auto rng = CreateRng(data, size);
19 | const icu::Locale& locale = GetRandomLocale(&rng);
20 |
21 | std::unique_ptr fmt(
22 | icu::NumberFormat::createInstance(locale, status));
23 | if (U_FAILURE(status)) return 0;
24 |
25 | icu::UnicodeString str(UnicodeStringFromUtf8(data, size));
26 | icu::Formattable result;
27 | fmt->parse(str, result, status);
28 |
29 | return 0;
30 | }
31 |
--------------------------------------------------------------------------------
/projects/icu/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "http://site.icu-project.org/"
2 |
--------------------------------------------------------------------------------
/projects/icu/regex.dict:
--------------------------------------------------------------------------------
1 | # Copyright 2016 The Chromium Authors. All rights reserved.
2 | # Use of this source code is governed by a BSD-style license that can be
3 | # found in the LICENSE file.
4 |
5 | "\\a"
6 | "\\A"
7 | "\\b"
8 | "\\B"
9 | "\\cX"
10 | "\\cC"
11 | "\\cZ"
12 | "\\d"
13 | "\\D"
14 | "\\e"
15 | "\\u001B"
16 | "\\E"
17 | "\\f"
18 | "\\u000C"
19 | "\\G"
20 | "\\h"
21 | "\\u0009"
22 | "\\H"
23 | "\\k"
24 | "\\n"
25 | "\\N"
26 | "\\p"
27 | "\\P"
28 | "{"
29 | "}"
30 | "\\Q"
31 | "\\r"
32 | "\\u000D"
33 | "\\R"
34 | "\\u000a"
35 | "\\u000b"
36 | "\\u000c"
37 | "\\u000d"
38 | "\\u0085"
39 | "\\u2028"
40 | "\\u2029"
41 | "\\s"
42 | "[\\t\\n\\f\\r\\p{Z}]"
43 | "\\S"
44 | "\\t"
45 | "\\u0009"
46 | "\\u"
47 | "\\uf0ff"
48 | "\\U"
49 | "\\U0010ffff."
50 | "\\v"
51 | "\\V"
52 | "\\w"
53 | "\\W"
54 | "\\x"
55 | "\\xhh"
56 | "\\X"
57 | "\\Z"
58 | "\\z"
59 | "\\n"
60 | "\\0"
61 | "\\0ooo"
62 | "."
63 | "^"
64 | "$"
65 | "\\"
66 | "|"
67 | "*"
68 | "+"
69 | "?"
70 | ","
71 | "*?"
72 | "+?"
73 | "??"
74 | "*+"
75 | "++"
76 | "?+"
77 | "("
78 | "(?:"
79 | "(?>"
80 | "(?#"
81 | "(?="
82 | "(?!"
83 | "(?<="
84 | "(?
8 | #include
9 | #include
10 | #include "fuzzer_utils.h"
11 | #include "unicode/ucasemap.h"
12 |
13 | IcuEnvironment* env = new IcuEnvironment();
14 |
15 | template
16 | using deleted_unique_ptr = std::unique_ptr>;
17 |
18 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
19 | UErrorCode status = U_ZERO_ERROR;
20 |
21 | auto rng = CreateRng(data, size);
22 | const icu::Locale& locale = GetRandomLocale(&rng);
23 | uint32_t open_flags = static_cast(rng());
24 |
25 | deleted_unique_ptr csm(
26 | ucasemap_open(locale.getName(), open_flags, &status),
27 | [](UCaseMap* map) { ucasemap_close(map); });
28 |
29 | if (U_FAILURE(status))
30 | return 0;
31 |
32 | int32_t dst_size = size * 2;
33 | std::unique_ptr dst(new char[dst_size]);
34 | auto src = reinterpret_cast(data);
35 |
36 | switch (rng() % 4) {
37 | case 0: ucasemap_utf8ToLower(csm.get(), dst.get(), dst_size, src, size,
38 | &status);
39 | break;
40 | case 1: ucasemap_utf8ToUpper(csm.get(), dst.get(), dst_size, src, size,
41 | &status);
42 | break;
43 | case 2: ucasemap_utf8ToTitle(csm.get(), dst.get(), dst_size, src, size,
44 | &status);
45 | break;
46 | case 3: ucasemap_utf8FoldCase(csm.get(), dst.get(), dst_size, src, size,
47 | &status);
48 | break;
49 | }
50 |
51 | return 0;
52 | }
53 |
54 |
--------------------------------------------------------------------------------
/projects/icu/unicode_string_codepage_create_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2015 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include
9 | #include
10 | #include
11 |
12 | #include "fuzzer_utils.h"
13 | #include "unicode/unistr.h"
14 |
15 | // Taken from third_party/icu/source/data/mappings/convrtrs.txt file.
16 | static const std::array kConverters = {
17 | {
18 | "UTF-8",
19 | "utf-16be",
20 | "utf-16le",
21 | "UTF-32",
22 | "UTF-32BE",
23 | "UTF-32LE",
24 | "ibm866-html",
25 | "iso-8859-2-html",
26 | "iso-8859-3-html",
27 | "iso-8859-4-html",
28 | "iso-8859-5-html",
29 | "iso-8859-6-html",
30 | "iso-8859-7-html",
31 | "iso-8859-8-html",
32 | "ISO-8859-8-I",
33 | "iso-8859-10-html",
34 | "iso-8859-13-html",
35 | "iso-8859-14-html",
36 | "iso-8859-15-html",
37 | "iso-8859-16-html",
38 | "koi8-r-html",
39 | "koi8-u-html",
40 | "macintosh-html",
41 | "windows-874-html",
42 | "windows-1250-html",
43 | "windows-1251-html",
44 | "windows-1252-html",
45 | "windows-1253-html",
46 | "windows-1254-html",
47 | "windows-1255-html",
48 | "windows-1256-html",
49 | "windows-1257-html",
50 | "windows-1258-html",
51 | "x-mac-cyrillic-html",
52 | "windows-936-2000",
53 | "gb18030",
54 | "big5-html",
55 | "euc-jp-html",
56 | "ISO_2022,locale=ja,version=0",
57 | "shift_jis-html",
58 | "euc-kr-html",
59 | "ISO-2022-KR",
60 | "ISO-2022-CN",
61 | "ISO-2022-CN-EXT",
62 | "HZ-GB-2312"
63 | }
64 | };
65 |
66 | IcuEnvironment* env = new IcuEnvironment();
67 |
68 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
69 | auto rng = CreateRng(data, size);
70 | icu::UnicodeString str(reinterpret_cast(data), size,
71 | kConverters[rng() % kConverters.size()]);
72 | return 0;
73 | }
74 |
--------------------------------------------------------------------------------
/projects/icu/uregex_open_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "fuzzer_utils.h"
9 | #include "unicode/regex.h"
10 |
11 | IcuEnvironment* env = new IcuEnvironment();
12 |
13 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
14 | UParseError pe = { 0 };
15 | UErrorCode status = U_ZERO_ERROR;
16 | URegularExpression* re = uregex_open(reinterpret_cast(data),
17 | static_cast(size) / sizeof(UChar),
18 | 0, &pe, &status);
19 | if (re)
20 | uregex_close(re);
21 |
22 | return 0;
23 | }
24 |
--------------------------------------------------------------------------------
/projects/icu/uregex_open_fuzzer.options:
--------------------------------------------------------------------------------
1 | [libfuzzer]
2 | dict = regex.dict
3 |
--------------------------------------------------------------------------------
/projects/json/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER vitalybuka@gmail.com
19 | RUN apt-get install -y binutils gcc
20 |
21 | RUN git clone --depth 1 https://github.com/nlohmann/json.git
22 | WORKDIR json/
23 | COPY build.sh parse_fuzzer.* $SRC/
24 |
--------------------------------------------------------------------------------
/projects/json/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | $CXX $CXXFLAGS -std=c++11 -Isrc/ \
19 | $SRC/parse_fuzzer.cc -o $OUT/parse_fuzzer \
20 | -lfuzzer
21 |
22 | cp $SRC/*.options $OUT/
23 |
--------------------------------------------------------------------------------
/projects/json/parse_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 |
15 | #include
16 | #include
17 | #include
18 |
19 | using json = nlohmann::json;
20 |
21 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
22 | try {
23 | std::stringstream s;
24 | s << json::parse(data, data + size);
25 | try {
26 | auto j = json::parse(s.str());
27 | std::stringstream s2;
28 | s2 << j;
29 | assert(s.str() == s2.str());
30 | assert(j == json::parse(s.str()));
31 | } catch (const std::invalid_argument&) {
32 | assert(0);
33 | }
34 | } catch (const std::invalid_argument&) { }
35 | return 0;
36 | }
37 |
--------------------------------------------------------------------------------
/projects/json/parse_fuzzer.options:
--------------------------------------------------------------------------------
1 | [libfuzzer]
2 | max_len = 456
3 | timeout = 10
4 |
--------------------------------------------------------------------------------
/projects/json/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://github.com/nlohmann/json"
2 |
--------------------------------------------------------------------------------
/projects/lcms/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER kcwu@google.com
19 | RUN apt-get install -y make autoconf automake libtool
20 | RUN git clone --depth 1 https://github.com/mm2/Little-CMS.git lcms
21 | WORKDIR lcms
22 | COPY build.sh cmsIT8_load_fuzzer.* cms_transform_fuzzer.* icc.dict $SRC/
23 |
--------------------------------------------------------------------------------
/projects/lcms/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # build the target.
19 | ./configure
20 | make -j$(nproc) all
21 |
22 | # build your fuzzer(s)
23 | FUZZERS="cmsIT8_load_fuzzer cms_transform_fuzzer"
24 | for F in $FUZZERS; do
25 | $CC $CFLAGS -c -Iinclude \
26 | $SRC/$F.c -o $SRC/$F.o
27 | $CXX $CXXFLAGS \
28 | $SRC/$F.o -o $OUT/$F \
29 | -lfuzzer src/.libs/liblcms2.a
30 | done
31 |
32 | cp $SRC/icc.dict $SRC/*.options $OUT/
33 |
--------------------------------------------------------------------------------
/projects/lcms/cmsIT8_load_fuzzer.c:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 | //
15 | ////////////////////////////////////////////////////////////////////////////////
16 |
17 | #include
18 |
19 | #include "lcms2.h"
20 |
21 | // The main sink
22 | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
23 | if (size == 0)
24 | return 0;
25 |
26 | cmsHANDLE handle = cmsIT8LoadFromMem(0, (void *)data, size);
27 | if (handle)
28 | cmsIT8Free(handle);
29 |
30 | return 0;
31 | }
32 |
--------------------------------------------------------------------------------
/projects/lcms/cmsIT8_load_fuzzer.options:
--------------------------------------------------------------------------------
1 | [libfuzzer]
2 | dict = icc.dict
3 |
--------------------------------------------------------------------------------
/projects/lcms/cms_transform_fuzzer.c:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The PDFium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 | #include
5 |
6 | #include "lcms2.h"
7 |
8 | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
9 | cmsHPROFILE srcProfile = cmsOpenProfileFromMem(data, size);
10 | if (!srcProfile) return 0;
11 |
12 | cmsHPROFILE dstProfile = cmsCreate_sRGBProfile();
13 | if (!dstProfile) {
14 | cmsCloseProfile(srcProfile);
15 | return 0;
16 | }
17 |
18 | cmsColorSpaceSignature srcCS = cmsGetColorSpace(srcProfile);
19 | cmsUInt32Number nSrcComponents = cmsChannelsOf(srcCS);
20 | cmsUInt32Number srcFormat;
21 | if (srcCS == cmsSigLabData) {
22 | srcFormat =
23 | COLORSPACE_SH(PT_Lab) | CHANNELS_SH(nSrcComponents) | BYTES_SH(0);
24 | } else {
25 | srcFormat =
26 | COLORSPACE_SH(PT_ANY) | CHANNELS_SH(nSrcComponents) | BYTES_SH(1);
27 | }
28 |
29 | cmsUInt32Number intent = 0;
30 | cmsUInt32Number flags = 0;
31 | cmsHTRANSFORM hTransform = cmsCreateTransform(
32 | srcProfile, srcFormat, dstProfile, TYPE_BGR_8, intent, flags);
33 | cmsCloseProfile(srcProfile);
34 | cmsCloseProfile(dstProfile);
35 | if (!hTransform) return 0;
36 |
37 | uint8_t output[4];
38 | if (T_BYTES(srcFormat) == 0) { // 0 means double
39 | double input[nSrcComponents];
40 | for (uint32_t i = 0; i < nSrcComponents; i++) input[i] = 0.5f;
41 | cmsDoTransform(hTransform, input, output, 1);
42 | } else {
43 | uint8_t input[nSrcComponents];
44 | for (uint32_t i = 0; i < nSrcComponents; i++) input[i] = 128;
45 | cmsDoTransform(hTransform, input, output, 1);
46 | }
47 | cmsDeleteTransform(hTransform);
48 |
49 | return 0;
50 | }
51 |
--------------------------------------------------------------------------------
/projects/lcms/cms_transform_fuzzer.options:
--------------------------------------------------------------------------------
1 | [libfuzzer]
2 | dict = icc.dict
3 |
--------------------------------------------------------------------------------
/projects/lcms/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://github.com/mm2/Little-CMS"
2 |
--------------------------------------------------------------------------------
/projects/libarchive/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER kcwu@google.com
19 |
20 | # Installing optional libraries can utilize more code path and/or improve
21 | # performance (avoid calling external programs).
22 | RUN apt-get install -y make autoconf automake libtool pkg-config \
23 | libbz2-dev liblzo2-dev liblzma-dev liblz4-dev libz-dev \
24 | libxml2-dev libssl-dev
25 | RUN git clone --depth 1 https://github.com/libarchive/libarchive.git
26 | WORKDIR libarchive
27 | COPY build.sh libarchive_fuzzer.cc $SRC/
28 |
--------------------------------------------------------------------------------
/projects/libarchive/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # build the project
19 | ./build/autogen.sh
20 | ./configure
21 | make -j$(nproc) all
22 |
23 | # build fuzzer(s)
24 | $CXX $CXXFLAGS -Ilibarchive \
25 | $SRC/libarchive_fuzzer.cc -o $OUT/libarchive_fuzzer \
26 | -lfuzzer .libs/libarchive.a \
27 | -Wl,-Bstatic -lbz2 -llzo2 -lxml2 -llzma -lz -lcrypto -llz4 -licuuc \
28 | -licudata -Wl,-Bdynamic
29 |
--------------------------------------------------------------------------------
/projects/libarchive/libarchive_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 | //
15 | ////////////////////////////////////////////////////////////////////////////////
16 | #include
17 | #include
18 | #include
19 |
20 | #include "archive.h"
21 |
22 | struct Buffer {
23 | const uint8_t *buf;
24 | size_t len;
25 | };
26 |
27 | ssize_t reader_callback(struct archive *a, void *client_data,
28 | const void **block) {
29 | Buffer *buffer = reinterpret_cast(client_data);
30 | *block = buffer->buf;
31 | ssize_t len = buffer->len;
32 | buffer->len = 0;
33 | return len;
34 | }
35 |
36 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
37 | struct archive *a = archive_read_new();
38 |
39 | archive_read_support_filter_all(a);
40 | archive_read_support_format_all(a);
41 |
42 | Buffer buffer = {buf, len};
43 | archive_read_open(a, &buffer, NULL, reader_callback, NULL);
44 |
45 | std::vector data_buffer(getpagesize(), 0);
46 | struct archive_entry *entry;
47 | while (archive_read_next_header(a, &entry) == ARCHIVE_OK) {
48 | while (archive_read_data(a, data_buffer.data(), data_buffer.size()) > 0)
49 | ;
50 | }
51 |
52 | archive_read_free(a);
53 | return 0;
54 | }
55 |
--------------------------------------------------------------------------------
/projects/libarchive/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://github.com/libarchive/libarchive"
2 | primary_contact: "joerg.sonnenberger@googlemail.com"
3 | auto_ccs:
4 | - "kientzle@acm.org"
5 | - "martin@matuska.org"
6 |
--------------------------------------------------------------------------------
/projects/libass/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER eugeni.stepanov@gmail.com
19 | RUN apt-get install -y make autoconf automake libtool pkg-config libfreetype6-dev libfontconfig1-dev
20 |
21 | RUN git clone --depth 1 https://github.com/libass/libass.git
22 | RUN git clone --depth 1 https://github.com/behdad/fribidi.git
23 |
24 | COPY build.sh libass_fuzzer.cc *.dict *.options $SRC/
25 |
--------------------------------------------------------------------------------
/projects/libass/ass.dict:
--------------------------------------------------------------------------------
1 | "0x"
2 | "\\1a"
3 | "\\2a"
4 | "\\2c"
5 | "\\3a"
6 | "\\3c"
7 | "\\4a"
8 | "\\4c"
9 | "\\a"
10 | "\\alpha"
11 | "\\an"
12 | "Arial"
13 | "\\b"
14 | "Banner;"
15 | "\\be"
16 | "\\blur"
17 | "\\bord"
18 | "\\c"
19 | "CFF"
20 | "CID Type 1"
21 | "\\clip"
22 | "clip"
23 | "Courier"
24 | "Courier New"
25 | "Default"
26 | "Dialogue:"
27 | "[Events]"
28 | "\\fade"
29 | "\\fax"
30 | "\\fay"
31 | "\\fe"
32 | "\\fn"
33 | "fontname:"
34 | "[Fonts]"
35 | "Format:"
36 | "\\frx"
37 | "\\fry"
38 | "\\frz"
39 | "\\fs"
40 | "\\fsc"
41 | "\\fscx"
42 | "\\fscy"
43 | "\\fsp"
44 | "&h"
45 | "Helvetica"
46 | "\\i"
47 | "\\iclip"
48 | "iclip"
49 | "\\k"
50 | "Kerning:"
51 | "Kerning"
52 | "\\kf"
53 | "\\ko"
54 | "Language:"
55 | "monospace"
56 | "\\move"
57 | "move"
58 | "none"
59 | "\\org"
60 | "org"
61 | "OverrideStyle"
62 | "\\p"
63 | "p"
64 | "\\pbo"
65 | "pbo"
66 | "pc.240m"
67 | "pc.601"
68 | "pc.709"
69 | "pc.fcc"
70 | "PlayResX:"
71 | "PlayResX"
72 | "PlayResY:"
73 | "PlayResY"
74 | "\\pos"
75 | "pos"
76 | "\\q"
77 | "\\r"
78 | "\\s"
79 | "sans-serif"
80 | "ScaledBorderAndShadow:"
81 | "ScaledBorderAndShadow"
82 | "[Script Info]"
83 | "Scroll down;"
84 | "Scroll up;"
85 | "serif"
86 | "\\shad"
87 | "Style:"
88 | "\\t"
89 | "Text"
90 | "Timer:"
91 | "Timer"
92 | "Times"
93 | "Times New Roman"
94 | "tv.240m"
95 | "tv.601"
96 | "tv.709"
97 | "tv.fcc"
98 | "Type 1"
99 | "Type 42"
100 | "\\u"
101 | "UTF-8"
102 | "[V4 Styles]"
103 | "[V4+ Styles]"
104 | "WrapStyle:"
105 | "WrapStyle"
106 | "\\xbord"
107 | "\\xshad"
108 | "\\ybord"
109 | "YCbCr Matrix:"
110 | "YCbCr Matrix"
111 | "yes"
112 | "\\yshad"
113 |
--------------------------------------------------------------------------------
/projects/libass/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eux
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | cd $SRC/fribidi
19 | ./bootstrap
20 | ./configure --enable-static=yes --enable-shared=no --with-pic=yes
21 | # Don't run "make": it's broken. Run "make install".
22 | make install
23 |
24 | cd $SRC/libass
25 |
26 | ./autogen.sh
27 | ./configure --disable-asm
28 | make -j$(nproc)
29 |
30 | $CXX $CXXFLAGS -std=c++11 -I$SRC/libass \
31 | $SRC/libass_fuzzer.cc -o $OUT/libass_fuzzer \
32 | -lfuzzer libass/.libs/libass.a \
33 | -Wl,-Bstatic -lfontconfig -lfribidi -lfreetype -lz -lpng12 \
34 | -lexpat -Wl,-Bdynamic
35 |
36 | cp $SRC/*.dict $SRC/*.options $OUT/
37 |
--------------------------------------------------------------------------------
/projects/libass/libass_fuzzer.cc:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | #include
5 |
6 | static ASS_Library *ass_library;
7 | static ASS_Renderer *ass_renderer;
8 |
9 | void msg_callback(int level, const char *fmt, va_list va, void *data) {
10 | }
11 |
12 | static const int kFrameWidth = 1280;
13 | static const int kFrameHeight = 720;
14 |
15 | static bool init(int frame_w, int frame_h) {
16 | ass_library = ass_library_init();
17 | if (!ass_library) {
18 | printf("ass_library_init failed!\n");
19 | exit(1);
20 | }
21 |
22 | ass_set_message_cb(ass_library, msg_callback, NULL);
23 |
24 | ass_renderer = ass_renderer_init(ass_library);
25 | if (!ass_renderer) {
26 | printf("ass_renderer_init failed!\n");
27 | exit(1);
28 | }
29 |
30 | ass_set_frame_size(ass_renderer, frame_w, frame_h);
31 | ass_set_fonts(ass_renderer, nullptr, "sans-serif",
32 | ASS_FONTPROVIDER_AUTODETECT, nullptr, 1);
33 | return true;
34 | }
35 |
36 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
37 | static bool initialized = init(kFrameWidth, kFrameHeight);
38 |
39 | ASS_Track *track = ass_read_memory(ass_library, (char *)data, size, nullptr);
40 | if (!track) return 0;
41 |
42 | for (int i = 0; i < track->n_events; ++i) {
43 | ASS_Event &ev = track->events[i];
44 | long long tm = ev.Start + ev.Duration / 2;
45 | ass_render_frame(ass_renderer, track, tm, nullptr);
46 | }
47 | ass_free_track(track);
48 | return 0;
49 | }
50 |
--------------------------------------------------------------------------------
/projects/libass/libass_fuzzer.options:
--------------------------------------------------------------------------------
1 | [libfuzzer]
2 | dict = ass.dict
3 |
--------------------------------------------------------------------------------
/projects/libass/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://github.com/libass/libass"
2 |
--------------------------------------------------------------------------------
/projects/libchewing/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER kcwu@csie.org
19 | RUN apt-get install -y make autoconf automake libtool texinfo
20 |
21 | RUN git clone --depth 1 https://github.com/chewing/libchewing.git
22 | WORKDIR libchewing
23 | COPY build.sh chewing_fuzzer_common.[ch] chewing_*_fuzzer.c $SRC/
24 |
--------------------------------------------------------------------------------
/projects/libchewing/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # build the library.
19 | ./autogen.sh
20 | ./configure --disable-shared --enable-static --without-sqlite3
21 | make clean
22 | make -j$(nproc) all
23 |
24 | # build your fuzzer(s)
25 | make -C test CFLAGS="$CFLAGS -Dmain=stress_main -Drand=get_fuzz_input" stress.o
26 |
27 | $CC $CFLAGS -c $SRC/chewing_fuzzer_common.c -o $WORK/chewing_fuzzer_common.o
28 |
29 | for variant in default random_init dynamic_config; do
30 | $CC $CFLAGS -c $SRC/chewing_${variant}_fuzzer.c -o $WORK/chewing_${variant}_fuzzer.o
31 | $CXX $CXXFLAGS \
32 | -o $OUT/chewing_${variant}_fuzzer \
33 | $WORK/chewing_${variant}_fuzzer.o $WORK/chewing_fuzzer_common.o \
34 | test/stress.o test/.libs/libtesthelper.a src/.libs/libchewing.a \
35 | -lfuzzer
36 | done
37 |
38 | # install data files
39 | make -j$(nproc) -C data pkgdatadir=$OUT install
40 |
--------------------------------------------------------------------------------
/projects/libchewing/chewing_default_fuzzer.c:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | #include "chewing_fuzzer_common.h"
4 |
5 | int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
6 | fuzz_input = fuzz_ptr = data;
7 | fuzz_size = size;
8 |
9 | const char* stress_argv[] = {
10 | "./chewing_fuzzer", "-loop", "1", NULL,
11 | };
12 | stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1,
13 | (char**)stress_argv);
14 | return 0;
15 | }
16 |
--------------------------------------------------------------------------------
/projects/libchewing/chewing_dynamic_config_fuzzer.c:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | #include "chewing_fuzzer_common.h"
4 |
5 | int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
6 | fuzz_input = fuzz_ptr = data;
7 | fuzz_size = size;
8 |
9 | const char* stress_argv[] = {
10 | "./chewing_fuzzer", "-loop", "1", "-extra", NULL,
11 | };
12 | stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1,
13 | (char**)stress_argv);
14 | return 0;
15 | }
16 |
--------------------------------------------------------------------------------
/projects/libchewing/chewing_fuzzer_common.c:
--------------------------------------------------------------------------------
1 | #include "chewing_fuzzer_common.h"
2 |
3 | #include
4 | #include
5 | #include
6 |
7 | static char userphrase_path[] = "/tmp/chewing_userphrase.db.XXXXXX";
8 |
9 | int LLVMFuzzerInitialize(int* argc, char*** argv) {
10 | char* exe_path = (*argv)[0];
11 | char* dir = dirname(exe_path);
12 | // Assume data files are at the same location as executable.
13 | setenv("CHEWING_PATH", dir, 0);
14 |
15 | // Specify user db of this process. So we can run multiple fuzzers at the
16 | // same time.
17 | mktemp(userphrase_path);
18 | setenv("TEST_USERPHRASE_PATH", userphrase_path, 0);
19 | return 0;
20 | }
21 |
22 | int get_fuzz_input() {
23 | if (fuzz_ptr - fuzz_input >= fuzz_size)
24 | return EOF;
25 | return *fuzz_ptr++;
26 | }
27 |
--------------------------------------------------------------------------------
/projects/libchewing/chewing_fuzzer_common.h:
--------------------------------------------------------------------------------
1 | #ifndef CHEWING_FUZZER_COMMON_H
2 | #define CHEWING_FUZZER_COMMON_H
3 |
4 | #include
5 | #include
6 |
7 | const uint8_t* fuzz_ptr;
8 | const uint8_t* fuzz_input;
9 | size_t fuzz_size;
10 |
11 | int stress_main(int argc, char** argv);
12 |
13 | #endif
14 |
--------------------------------------------------------------------------------
/projects/libchewing/chewing_random_init_fuzzer.c:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | #include "chewing_fuzzer_common.h"
4 |
5 | int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
6 | fuzz_input = fuzz_ptr = data;
7 | fuzz_size = size;
8 |
9 | const char* stress_argv[] = {
10 | "./chewing_fuzzer", "-loop", "1", "-init", NULL,
11 | };
12 | stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1,
13 | (char**)stress_argv);
14 | return 0;
15 | }
16 |
--------------------------------------------------------------------------------
/projects/libchewing/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "http://chewing.im/"
2 |
--------------------------------------------------------------------------------
/projects/libjpeg-turbo/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER alex.gaynor@gmail.com
19 | RUN apt-get install -y make autoconf automake libtool nasm curl
20 | RUN git clone --depth 1 https://github.com/libjpeg-turbo/libjpeg-turbo
21 |
22 | RUN mkdir afl-testcases
23 | RUN curl -o afl-testcases/afl_testcases.tgz http://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz
24 | RUN cd afl-testcases/ && tar -xf afl_testcases.tgz
25 | RUN zip libjpeg_turbo_fuzzer_seed_corpus.zip afl-testcases/jpeg/full/images/* afl-testcases/jpeg_turbo/full/images/*
26 |
27 | WORKDIR libjpeg-turbo
28 | COPY build.sh libjpeg_turbo_fuzzer.cc $SRC/
29 |
--------------------------------------------------------------------------------
/projects/libjpeg-turbo/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | autoreconf -fiv
19 | ./configure
20 | make "-j$(nproc)"
21 |
22 | $CXX $CXXFLAGS -std=c++11 -I. \
23 | $SRC/libjpeg_turbo_fuzzer.cc -o $OUT/libjpeg_turbo_fuzzer \
24 | -lfuzzer ./.libs/libturbojpeg.a
25 |
26 | cp $SRC/libjpeg_turbo_fuzzer_seed_corpus.zip $OUT/
27 |
--------------------------------------------------------------------------------
/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc:
--------------------------------------------------------------------------------
1 | /*
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 | */
18 |
19 | #include
20 | #include
21 |
22 | #include
23 |
24 | #include
25 |
26 |
27 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
28 | tjhandle jpegDecompressor = tjInitDecompress();
29 |
30 | int width, height, subsamp, colorspace;
31 | int res = tjDecompressHeader3(
32 | jpegDecompressor, data, size, &width, &height, &subsamp, &colorspace);
33 |
34 | // Bail out if decompressing the headers failed, the width or height is 0,
35 | // or the image is too large (avoids slowing down too much)
36 | if (res != 0 || width == 0 || height == 0 || (width * height > (1024 * 1024))) {
37 | tjDestroy(jpegDecompressor);
38 | return 0;
39 | }
40 |
41 | std::unique_ptr buf(new unsigned char[width * height * 3]);
42 | tjDecompress2(
43 | jpegDecompressor, data, size, buf.get(), width, 0, height, TJPF_RGB, 0);
44 |
45 | tjDestroy(jpegDecompressor);
46 |
47 | return 0;
48 | }
49 |
--------------------------------------------------------------------------------
/projects/libjpeg-turbo/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://github.com/libjpeg-turbo/libjpeg-turbo"
2 |
--------------------------------------------------------------------------------
/projects/libpng/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER mmoroz@chromium.org
19 | RUN apt-get install -y make autoconf automake libtool zlib1g-dev
20 |
21 | RUN git clone --depth 1 git://git.code.sf.net/p/libpng/code libpng
22 | WORKDIR libpng
23 | COPY build.sh libpng_read_fuzzer.* png.dict $SRC/
24 |
--------------------------------------------------------------------------------
/projects/libpng/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # Disable logging via library build configuration control.
19 | cat scripts/pnglibconf.dfa | sed -e "s/option STDIO/option STDIO disabled/" \
20 | > scripts/pnglibconf.dfa.temp
21 | mv scripts/pnglibconf.dfa.temp scripts/pnglibconf.dfa
22 |
23 | # build the library.
24 | autoreconf -f -i
25 | ./configure
26 | make -j$(nproc) clean all
27 |
28 | # build libpng_read_fuzzer
29 | $CXX $CXXFLAGS -std=c++11 -I. -lz \
30 | $SRC/libpng_read_fuzzer.cc -o $OUT/libpng_read_fuzzer \
31 | -lfuzzer .libs/libpng16.a
32 |
33 | cp $SRC/*.dict $SRC/*.options $OUT/
34 |
--------------------------------------------------------------------------------
/projects/libpng/libpng_read_fuzzer.options:
--------------------------------------------------------------------------------
1 | [libfuzzer]
2 | dict = png.dict
3 |
--------------------------------------------------------------------------------
/projects/libpng/png.dict:
--------------------------------------------------------------------------------
1 | #
2 | # AFL dictionary for PNG images
3 | # -----------------------------
4 | #
5 | # Just the basic, standard-originating sections; does not include vendor
6 | # extensions.
7 | #
8 | # Created by Michal Zalewski
9 | #
10 |
11 | header_png="\x89PNG\x0d\x0a\x1a\x0a"
12 |
13 | section_IDAT="IDAT"
14 | section_IEND="IEND"
15 | section_IHDR="IHDR"
16 | section_PLTE="PLTE"
17 | section_bKGD="bKGD"
18 | section_cHRM="cHRM"
19 | section_fRAc="fRAc"
20 | section_gAMA="gAMA"
21 | section_gIFg="gIFg"
22 | section_gIFt="gIFt"
23 | section_gIFx="gIFx"
24 | section_hIST="hIST"
25 | section_iCCP="iCCP"
26 | section_iTXt="iTXt"
27 | section_oFFs="oFFs"
28 | section_pCAL="pCAL"
29 | section_pHYs="pHYs"
30 | section_sBIT="sBIT"
31 | section_sCAL="sCAL"
32 | section_sPLT="sPLT"
33 | section_sRGB="sRGB"
34 | section_sTER="sTER"
35 | section_tEXt="tEXt"
36 | section_tIME="tIME"
37 | section_tRNS="tRNS"
38 | section_zTXt="zTXt"
39 |
--------------------------------------------------------------------------------
/projects/libpng/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "http://www.libpng.org/pub/png/libpng.html"
2 |
--------------------------------------------------------------------------------
/projects/libteken/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER kcwu@csie.org
19 | RUN apt-get install -y pmake
20 | RUN svn co https://svn.freebsd.org/base/head/sys/teken
21 | WORKDIR teken
22 | COPY build.sh libteken_fuzzer.c $SRC/
23 |
--------------------------------------------------------------------------------
/projects/libteken/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # build the library.
19 | pmake -C libteken teken_state.h
20 | CFLAGS="$CFLAGS -D__unused=" pmake -C libteken libteken.a
21 |
22 | $CC $CFLAGS -c $SRC/libteken_fuzzer.c -o $SRC/libteken_fuzzer.o -I.
23 | $CXX $CXXFLAGS $SRC/libteken_fuzzer.o \
24 | -o $OUT/libteken_fuzzer \
25 | -lfuzzer libteken/libteken.a
26 |
--------------------------------------------------------------------------------
/projects/libteken/libteken_fuzzer.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | #include
5 |
6 | static void dummy_bell(void *s) {}
7 | static void dummy_cursor(void *s, const teken_pos_t *p) {}
8 | static void dummy_putchar(void *s, const teken_pos_t *p, teken_char_t c,
9 | const teken_attr_t *a) {}
10 | static void dummy_fill(void *s, const teken_rect_t *r, teken_char_t c,
11 | const teken_attr_t *a) {}
12 | static void dummy_copy(void *s, const teken_rect_t *r, const teken_pos_t *p) {}
13 | static void dummy_param(void *s, int cmd, unsigned int value) {}
14 | static void dummy_respond(void *s, const void *buf, size_t len) {}
15 |
16 | static teken_funcs_t tf = {
17 | .tf_bell = dummy_bell,
18 | .tf_cursor = dummy_cursor,
19 | .tf_putchar = dummy_putchar,
20 | .tf_fill = dummy_fill,
21 | .tf_copy = dummy_copy,
22 | .tf_param = dummy_param,
23 | .tf_respond = dummy_respond,
24 | };
25 |
26 | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
27 | teken_t t;
28 | teken_init(&t, &tf, NULL);
29 | teken_input(&t, data, size);
30 | return 0;
31 | }
32 |
--------------------------------------------------------------------------------
/projects/libteken/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "http://80386.nl/projects/libteken/"
2 |
--------------------------------------------------------------------------------
/projects/libtsm/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER kcwu@csie.org
19 | RUN apt-get install -y make autoconf automake libtool pkg-config
20 |
21 | RUN git clone --depth 1 git://people.freedesktop.org/~dvdhrm/libtsm
22 | WORKDIR libtsm
23 | COPY build.sh libtsm_fuzzer.c $SRC/
24 |
--------------------------------------------------------------------------------
/projects/libtsm/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # build the library.
19 | ./autogen.sh
20 | make -j$(nproc) clean all
21 |
22 | # build your fuzzer(s)
23 | $CC $CCFLAGS -c $SRC/libtsm_fuzzer.c -Isrc/tsm -o $SRC/libtsm_fuzzer.o
24 | $CXX $CXXFLAGS \
25 | -o $OUT/libtsm_fuzzer \
26 | $SRC/libtsm_fuzzer.o \
27 | .libs/libtsm.a \
28 | -lfuzzer
29 |
--------------------------------------------------------------------------------
/projects/libtsm/libtsm_fuzzer.c:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include "libtsm.h"
6 |
7 | #define WIDTH 80
8 | #define HEIGHT 24
9 |
10 | static void terminal_write_fn(struct tsm_vte *vte,
11 | const char *u8,
12 | size_t len,
13 | void *data)
14 | {
15 | // try to access the written data
16 | static char out[4096];
17 | while (len--)
18 | out[len % sizeof(out)] = u8[len];
19 | }
20 |
21 | static int term_draw_cell(struct tsm_screen *screen, uint32_t id,
22 | const uint32_t *ch, size_t len,
23 | unsigned int cwidth, unsigned int posx,
24 | unsigned int posy,
25 | const struct tsm_screen_attr *attr,
26 | tsm_age_t age, void *data)
27 | {
28 | if (posx >= WIDTH || posy >= HEIGHT)
29 | abort();
30 | return 0;
31 | }
32 |
33 | // Entry point for LibFuzzer.
34 | int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
35 | struct tsm_screen *screen;
36 | struct tsm_vte *vte;
37 | const int scrollback_size = 200; // frecon use 200
38 |
39 | tsm_screen_new(&screen, NULL, NULL);
40 | tsm_screen_set_max_sb(screen, scrollback_size);
41 | tsm_vte_new(&vte, screen, terminal_write_fn, NULL, NULL, NULL);
42 | tsm_screen_resize(screen, WIDTH, HEIGHT);
43 |
44 | tsm_vte_input(vte, (const char*) data, size);
45 | tsm_screen_draw(screen, term_draw_cell, NULL);
46 |
47 | tsm_vte_unref(vte);
48 | tsm_screen_unref(screen);
49 | return 0;
50 | }
51 |
--------------------------------------------------------------------------------
/projects/libtsm/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://www.freedesktop.org/wiki/Software/kmscon/libtsm/"
2 |
--------------------------------------------------------------------------------
/projects/libxml2/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER ochang@chromium.org
19 | RUN apt-get install -y make autoconf automake libtool pkg-config
20 |
21 | RUN git clone --depth 1 git://git.gnome.org/libxml2
22 | WORKDIR libxml2
23 |
24 | COPY build.sh $SRC/
25 | COPY libxml2_xml_read_memory_fuzzer.* \
26 | libxml2_xml_regexp_compile_fuzzer.* \
27 | xml.dict $SRC/
28 |
--------------------------------------------------------------------------------
/projects/libxml2/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | #
3 | # Copyright 2016 Google Inc.
4 | #
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 | #
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 | #
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 | #
17 | ################################################################################
18 |
19 | ./autogen.sh
20 | ./configure
21 | make -j$(nproc) clean all
22 |
23 | for fuzzer in libxml2_xml_read_memory_fuzzer libxml2_xml_regexp_compile_fuzzer; do
24 | $CXX $CXXFLAGS -std=c++11 -Iinclude/ \
25 | $SRC/$fuzzer.cc -o $OUT/$fuzzer \
26 | -lfuzzer .libs/libxml2.a
27 | done
28 |
29 | cp $SRC/*.dict $SRC/*.options $OUT/
30 |
--------------------------------------------------------------------------------
/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2015 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "libxml/parser.h"
9 |
10 | void ignore (void* ctx, const char* msg, ...) {
11 | // Error handler to avoid spam of error messages from libxml parser.
12 | }
13 |
14 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
15 | xmlSetGenericErrorFunc(NULL, &ignore);
16 |
17 | if (auto doc = xmlReadMemory(reinterpret_cast(data),
18 | static_cast(size), "noname.xml", NULL, 0)) {
19 | xmlFreeDoc(doc);
20 | }
21 |
22 | return 0;
23 | }
24 |
--------------------------------------------------------------------------------
/projects/libxml2/libxml2_xml_read_memory_fuzzer.options:
--------------------------------------------------------------------------------
1 | [libfuzzer]
2 | dict = xml.dict
3 |
--------------------------------------------------------------------------------
/projects/libxml2/libxml2_xml_regexp_compile_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include
9 | #include
10 | #include
11 |
12 | #include "libxml/parser.h"
13 | #include "libxml/tree.h"
14 | #include "libxml/xmlversion.h"
15 |
16 |
17 | void ignore (void * ctx, const char * msg, ...) {
18 | // Error handler to avoid spam of error messages from libxml parser.
19 | }
20 |
21 |
22 | // Entry point for LibFuzzer.
23 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
24 | xmlSetGenericErrorFunc(NULL, &ignore);
25 |
26 | std::vector buffer(size + 1, 0);
27 | std::copy(data, data + size, buffer.data());
28 |
29 | xmlRegexpPtr x = xmlRegexpCompile(buffer.data());
30 | if (x)
31 | xmlRegFreeRegexp(x);
32 |
33 | return 0;
34 | }
35 |
--------------------------------------------------------------------------------
/projects/libxml2/libxml2_xml_regexp_compile_fuzzer.options:
--------------------------------------------------------------------------------
1 | [libfuzzer]
2 | dict = xml.dict
3 |
--------------------------------------------------------------------------------
/projects/libxml2/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "http://www.xmlsoft.org/"
2 |
--------------------------------------------------------------------------------
/projects/libxml2/xml.dict:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 | #
17 | # AFL dictionary for XML
18 | # ----------------------
19 | #
20 | # Several basic syntax elements and attributes, modeled on libxml2.
21 | #
22 | # Created by Michal Zalewski
23 | #
24 |
25 | attr_encoding=" encoding=\"1\""
26 | attr_generic=" a=\"1\""
27 | attr_href=" href=\"1\""
28 | attr_standalone=" standalone=\"no\""
29 | attr_version=" version=\"1\""
30 | attr_xml_base=" xml:base=\"1\""
31 | attr_xml_id=" xml:id=\"1\""
32 | attr_xml_lang=" xml:lang=\"1\""
33 | attr_xml_space=" xml:space=\"1\""
34 | attr_xmlns=" xmlns=\"1\""
35 |
36 | entity_builtin="<"
37 | entity_decimal="�"
38 | entity_external="&a;"
39 | entity_hex="�"
40 |
41 | string_any="ANY"
42 | string_brackets="[]"
43 | string_cdata="CDATA"
44 | string_col_fallback=":fallback"
45 | string_col_generic=":a"
46 | string_col_include=":include"
47 | string_dashes="--"
48 | string_empty="EMPTY"
49 | string_empty_dblquotes="\"\""
50 | string_empty_quotes="''"
51 | string_entities="ENTITIES"
52 | string_entity="ENTITY"
53 | string_fixed="#FIXED"
54 | string_id="ID"
55 | string_idref="IDREF"
56 | string_idrefs="IDREFS"
57 | string_implied="#IMPLIED"
58 | string_nmtoken="NMTOKEN"
59 | string_nmtokens="NMTOKENS"
60 | string_notation="NOTATION"
61 | string_parentheses="()"
62 | string_pcdata="#PCDATA"
63 | string_percent="%a"
64 | string_public="PUBLIC"
65 | string_required="#REQUIRED"
66 | string_schema=":schema"
67 | string_system="SYSTEM"
68 | string_ucs4="UCS-4"
69 | string_utf16="UTF-16"
70 | string_utf8="UTF-8"
71 | string_xmlns="xmlns:"
72 |
73 | tag_attlist=""
76 | tag_doctype=""
83 | tag_open_close=""
84 | tag_open_exclamation=""
87 | tag_xml_q=""
88 |
--------------------------------------------------------------------------------
/projects/nss/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER mmoroz@chromium.org
19 | RUN apt-get install -y make autoconf automake libtool mercurial zlib1g-dev
20 |
21 | RUN hg clone https://hg.mozilla.org/projects/nspr nspr
22 | RUN hg clone https://hg.mozilla.org/projects/nss nss
23 | RUN git clone --depth 1 https://github.com/mozilla/nss-fuzzing-corpus.git nss-corpus
24 |
25 | WORKDIR nss
26 | COPY build.sh fuzzers/* $SRC/
27 |
--------------------------------------------------------------------------------
/projects/nss/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # Build the library.
19 | make CCC="$CXX" XCFLAGS="$CXXFLAGS" SANITIZER_CFLAGS="$CXXFLAGS" \
20 | BUILD_OPT=1 USE_64=1 NSS_DISABLE_GTESTS=1 ZDEFS_FLAG= \
21 | nss_clean_all nss_build_all
22 | cd ..
23 |
24 | # Copy libraries and some objects to $WORK/nss/lib.
25 | mkdir -p $WORK/nss/lib
26 | cp dist/Linux*/lib/*.a $WORK/nss/lib
27 | cp nspr/Linux*/pr/src/misc/prlog2.o $WORK/nss/lib
28 |
29 | # Copy includes to $WORK/nss/include.
30 | mkdir -p $WORK/nss/include
31 | cp -rL dist/Linux*/include/* $WORK/nss/include
32 | cp -rL dist/{public,private}/nss/* $WORK/nss/include
33 |
34 |
35 | # Build the fuzzers.
36 | FUZZERS="asn1_algorithmid_fuzzer \
37 | asn1_any_fuzzer \
38 | asn1_bitstring_fuzzer \
39 | asn1_bmpstring_fuzzer \
40 | asn1_boolean_fuzzer \
41 | asn1_generalizedtime_fuzzer \
42 | asn1_ia5string_fuzzer \
43 | asn1_integer_fuzzer \
44 | asn1_null_fuzzer \
45 | asn1_objectid_fuzzer \
46 | asn1_octetstring_fuzzer \
47 | asn1_utctime_fuzzer \
48 | asn1_utf8string_fuzzer"
49 |
50 | # The following fuzzers are currently disabled due to linking issues:
51 | # cert_certificate_fuzzer, seckey_privatekeyinfo_fuzzer
52 |
53 |
54 | for fuzzer in $FUZZERS; do
55 | $CXX $CXXFLAGS -std=c++11 $SRC/$fuzzer.cc \
56 | -I$WORK/nss/include \
57 | -lfuzzer \
58 | $WORK/nss/lib/libnss.a $WORK/nss/lib/libnssutil.a \
59 | $WORK/nss/lib/libnspr4.a $WORK/nss/lib/libplc4.a $WORK/nss/lib/libplds4.a \
60 | $WORK/nss/lib/prlog2.o -o $OUT/$fuzzer
61 | done
62 |
63 | # Archive and copy to $OUT seed corpus if the build succeeded.
64 | zip $WORK/nss/all_nss_seed_corpus.zip $SRC/nss-corpus/*/*
65 |
66 | for fuzzer in $FUZZERS; do
67 | cp $WORK/nss/all_nss_seed_corpus.zip $OUT/${fuzzer}_seed_corpus.zip
68 | done
69 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/asn1_algorithmid_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 | #include
8 |
9 | #include "asn1_fuzzer_template.h"
10 |
11 | // Entry point for LibFuzzer.
12 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
13 | NSSFuzzOneInput(
14 | SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), data, size);
15 | NSSFuzzOneInput(
16 | SEC_ASN1_GET(SECOID_AlgorithmIDTemplate), data, size);
17 |
18 | return 0;
19 | }
20 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/asn1_any_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "asn1_fuzzer_template.h"
9 |
10 | // Entry point for LibFuzzer.
11 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12 | NSSFuzzOneInput(
13 | SEC_ASN1_GET(SEC_AnyTemplate), data, size);
14 | NSSFuzzOneInput(
15 | SEC_ASN1_GET(SEC_AnyTemplate), data, size);
16 |
17 | return 0;
18 | }
19 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/asn1_bitstring_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "asn1_fuzzer_template.h"
9 |
10 | // Entry point for LibFuzzer.
11 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12 | NSSFuzzOneInput(
13 | SEC_ASN1_GET(SEC_BitStringTemplate), data, size);
14 | NSSFuzzOneInput(
15 | SEC_ASN1_GET(SEC_BitStringTemplate), data, size);
16 |
17 | return 0;
18 | }
19 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/asn1_bmpstring_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "asn1_fuzzer_template.h"
9 |
10 | // Entry point for LibFuzzer.
11 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12 | NSSFuzzOneInput(
13 | SEC_ASN1_GET(SEC_BMPStringTemplate), data, size);
14 | NSSFuzzOneInput(
15 | SEC_ASN1_GET(SEC_BMPStringTemplate), data, size);
16 |
17 | return 0;
18 | }
19 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/asn1_boolean_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "asn1_fuzzer_template.h"
9 |
10 | // Entry point for LibFuzzer.
11 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12 | NSSFuzzOneInput(
13 | SEC_ASN1_GET(SEC_BooleanTemplate), data, size);
14 | NSSFuzzOneInput(
15 | SEC_ASN1_GET(SEC_BooleanTemplate), data, size);
16 |
17 | return 0;
18 | }
19 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/asn1_fuzzer_template.h:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #ifndef ASN1_FUZZER_TEMPLATE_H_
6 | #define ASN1_FUZZER_TEMPLATE_H_
7 |
8 | #include
9 | #include
10 | #include
11 | #include
12 | #include
13 | #include
14 | #include
15 | #include
16 |
17 | template
22 | void NSSFuzzOneInput(const SEC_ASN1Template* the_template,
23 | const uint8_t* data,
24 | size_t size) {
25 | DestinationType* destination = new DestinationType();
26 | memset(destination, 0, sizeof(DestinationType));
27 |
28 | PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
29 | if (!arena) {
30 | delete destination;
31 | return;
32 | }
33 |
34 | SECItem source;
35 | source.type = siBuffer;
36 | source.data = static_cast(const_cast(data));
37 | source.len = static_cast(size);
38 |
39 | DecodeFunction(arena, destination, the_template, &source);
40 |
41 | PORT_FreeArena(arena, PR_FALSE);
42 | delete destination;
43 | }
44 |
45 | #endif // ASN1_FUZZER_TEMPLATE_H_
46 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/asn1_generalizedtime_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "asn1_fuzzer_template.h"
9 |
10 | // Entry point for LibFuzzer.
11 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12 | NSSFuzzOneInput(
13 | SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), data, size);
14 | NSSFuzzOneInput(
15 | SEC_ASN1_GET(SEC_GeneralizedTimeTemplate), data, size);
16 |
17 | return 0;
18 | }
19 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/asn1_ia5string_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "asn1_fuzzer_template.h"
9 |
10 | // Entry point for LibFuzzer.
11 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12 | NSSFuzzOneInput(
13 | SEC_ASN1_GET(SEC_IA5StringTemplate), data, size);
14 | NSSFuzzOneInput(
15 | SEC_ASN1_GET(SEC_IA5StringTemplate), data, size);
16 |
17 | return 0;
18 | }
19 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/asn1_integer_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "asn1_fuzzer_template.h"
9 |
10 | // Entry point for LibFuzzer.
11 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12 | NSSFuzzOneInput(
13 | SEC_ASN1_GET(SEC_IntegerTemplate), data, size);
14 | NSSFuzzOneInput(
15 | SEC_ASN1_GET(SEC_IntegerTemplate), data, size);
16 |
17 | return 0;
18 | }
19 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/asn1_null_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "asn1_fuzzer_template.h"
9 |
10 | // Entry point for LibFuzzer.
11 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12 | NSSFuzzOneInput(
13 | SEC_ASN1_GET(SEC_NullTemplate), data, size);
14 | NSSFuzzOneInput(
15 | SEC_ASN1_GET(SEC_NullTemplate), data, size);
16 |
17 | return 0;
18 | }
19 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/asn1_objectid_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "asn1_fuzzer_template.h"
9 |
10 | // Entry point for LibFuzzer.
11 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12 | NSSFuzzOneInput(
13 | SEC_ASN1_GET(SEC_ObjectIDTemplate), data, size);
14 | NSSFuzzOneInput(
15 | SEC_ASN1_GET(SEC_ObjectIDTemplate), data, size);
16 |
17 | return 0;
18 | }
19 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/asn1_octetstring_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "asn1_fuzzer_template.h"
9 |
10 | // Entry point for LibFuzzer.
11 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12 | NSSFuzzOneInput(
13 | SEC_ASN1_GET(SEC_OctetStringTemplate), data, size);
14 | NSSFuzzOneInput(
15 | SEC_ASN1_GET(SEC_OctetStringTemplate), data, size);
16 |
17 | return 0;
18 | }
19 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/asn1_utctime_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "asn1_fuzzer_template.h"
9 |
10 | // Entry point for LibFuzzer.
11 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12 | NSSFuzzOneInput(
13 | SEC_ASN1_GET(SEC_UTCTimeTemplate), data, size);
14 | NSSFuzzOneInput(
15 | SEC_ASN1_GET(SEC_UTCTimeTemplate), data, size);
16 |
17 | return 0;
18 | }
19 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/asn1_utf8string_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "asn1_fuzzer_template.h"
9 |
10 | // Entry point for LibFuzzer.
11 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12 | NSSFuzzOneInput(
13 | SEC_ASN1_GET(SEC_UTF8StringTemplate), data, size);
14 | NSSFuzzOneInput(
15 | SEC_ASN1_GET(SEC_UTF8StringTemplate), data, size);
16 |
17 | return 0;
18 | }
19 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/cert_certificate_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 | #include
8 |
9 | #include "asn1_fuzzer_template.h"
10 |
11 | // Entry point for LibFuzzer.
12 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
13 | NSSFuzzOneInput(
14 | SEC_ASN1_GET(CERT_CertificateTemplate), data, size);
15 | NSSFuzzOneInput(
16 | SEC_ASN1_GET(CERT_CertificateTemplate), data, size);
17 |
18 | return 0;
19 | }
20 |
--------------------------------------------------------------------------------
/projects/nss/fuzzers/seckey_privatekeyinfo_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 | #include
8 |
9 | #include "asn1_fuzzer_template.h"
10 |
11 | // Entry point for LibFuzzer.
12 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
13 | NSSFuzzOneInput(
14 | SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate), data, size);
15 | NSSFuzzOneInput(
16 | SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate), data, size);
17 |
18 | return 0;
19 | }
20 |
--------------------------------------------------------------------------------
/projects/nss/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
2 |
--------------------------------------------------------------------------------
/projects/openssl/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER kurt@roeckx.be
19 | RUN apt-get install -y make
20 | RUN git clone --depth 1 https://github.com/openssl/openssl.git
21 | WORKDIR openssl
22 | COPY build.sh $SRC/
23 |
--------------------------------------------------------------------------------
/projects/openssl/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | ./config enable-fuzz-libfuzzer -DPEDANTIC no-shared --with-fuzzer-lib=/usr/lib/libfuzzer $CFLAGS
19 | make -j$(nproc) EX_LIBS="-ldl /usr/local/lib/libc++.a"
20 |
21 | fuzzers=$(find fuzz -executable -type f '!' -name \*.py '!' -name \*-test)
22 | for f in $fuzzers; do
23 | fuzzer=$(basename $f)
24 | cp $f $OUT/
25 | zip -j $OUT/${fuzzer}_seed_corpus.zip fuzz/corpora/${fuzzer}/*
26 | done
27 |
28 |
--------------------------------------------------------------------------------
/projects/openssl/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://www.openssl.org/"
2 |
--------------------------------------------------------------------------------
/projects/ots/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER mmoroz@chromium.org
19 | RUN apt-get install -y make autoconf automake libtool pkg-config zlib1g-dev
20 | RUN git clone --depth 1 https://github.com/khaledhosny/ots.git
21 | WORKDIR ots
22 | COPY build.sh ots_fuzzer.* $SRC/
23 | COPY seed_corpus $SRC/seed_corpus
24 |
--------------------------------------------------------------------------------
/projects/ots/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # Build the project.
19 | ./autogen.sh
20 | ./configure
21 |
22 | make libots.a libwoff2.a libbrotli.a
23 |
24 | # Build the fuzzer.
25 | $CXX $CXXFLAGS -std=c++11 -Iinclude \
26 | $SRC/ots_fuzzer.cc -o $OUT/ots_fuzzer \
27 | -lfuzzer -lz $SRC/ots/libots.a $SRC/ots/libwoff2.a $SRC/ots/libbrotli.a
28 |
29 | cp $SRC/ots_fuzzer.options $OUT/
30 | zip $OUT/ots_fuzzer_seed_corpus.zip $SRC/seed_corpus/*
31 |
--------------------------------------------------------------------------------
/projects/ots/ots_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "opentype-sanitiser.h"
9 | #include "ots-memory-stream.h"
10 |
11 | static uint8_t buffer[256 * 1024] = { 0 };
12 |
13 | // Entry point for LibFuzzer.
14 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
15 | ots::OTSContext context;
16 | ots::MemoryStream stream(static_cast(buffer), sizeof(buffer));
17 | context.Process(&stream, data, size);
18 | return 0;
19 | }
20 |
--------------------------------------------------------------------------------
/projects/ots/ots_fuzzer.options:
--------------------------------------------------------------------------------
1 | [libfuzzer]
2 | max_len = 16800
3 |
--------------------------------------------------------------------------------
/projects/ots/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://github.com/khaledhosny/ots"
2 |
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/0509e80afb379d16560e9e47bdd7d888bebdebc6.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/0509e80afb379d16560e9e47bdd7d888bebdebc6.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/051d92f8bc6ff724511b296c27623f824de256e9.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/051d92f8bc6ff724511b296c27623f824de256e9.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/07f054357ff8638bac3711b422a1e31180bba863.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/07f054357ff8638bac3711b422a1e31180bba863.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/191826b9643e3f124d865d617ae609db6a2ce203.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/191826b9643e3f124d865d617ae609db6a2ce203.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/1a6f1687b7a221f9f2c834b0b360d3c8463b6daf.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/1a6f1687b7a221f9f2c834b0b360d3c8463b6daf.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/1c04a16f32a39c26c851b7fc014d2e8d298ba2b8.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/1c04a16f32a39c26c851b7fc014d2e8d298ba2b8.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/1c2c3fc37b2d4c3cb2ef726c6cdaaabd4b7f3eb9.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/1c2c3fc37b2d4c3cb2ef726c6cdaaabd4b7f3eb9.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/1c2fb74c1b2aa173262734c1f616148f1648cfd6.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/1c2fb74c1b2aa173262734c1f616148f1648cfd6.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/205edd09bd3d141cc9580f650109556cc28b22cb.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/205edd09bd3d141cc9580f650109556cc28b22cb.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/226bc2deab3846f1a682085f70c67d0421014144.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/226bc2deab3846f1a682085f70c67d0421014144.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/270b89df543a7e48e206a2d830c0e10e5265c630.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/270b89df543a7e48e206a2d830c0e10e5265c630.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/298c9e1d955f10f6f72c6915c3c6ff9bf9695cec.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/298c9e1d955f10f6f72c6915c3c6ff9bf9695cec.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/3511ff5c1647150595846ac414c595cccac34f18.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/3511ff5c1647150595846ac414c595cccac34f18.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/37033cc5cf37bb223d7355153016b6ccece93b28.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/37033cc5cf37bb223d7355153016b6ccece93b28.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/375d6ae32a3cbe52fbf81a4e5777e3377675d5a3.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/43979b90b2dd929723cf4fe1715990bcb9c9a56b.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/43979b90b2dd929723cf4fe1715990bcb9c9a56b.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/43ef465752be9af900745f72fe29cb853a1401a5.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/43ef465752be9af900745f72fe29cb853a1401a5.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/45855bc8d46332b39c4ab9e2ee1a26b1f896da6b.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/45855bc8d46332b39c4ab9e2ee1a26b1f896da6b.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/49c9f7485c1392fa09a1b801bc2ffea79275f22e.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/49c9f7485c1392fa09a1b801bc2ffea79275f22e.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/4cce528e99f600ed9c25a2b69e32eb94a03b4ae8.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/4cce528e99f600ed9c25a2b69e32eb94a03b4ae8.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/5028afb650b1bb718ed2131e872fbcce57828fff.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/5028afb650b1bb718ed2131e872fbcce57828fff.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/56cfd0e18d07f41c38e9598545a6d369127fc6f9.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/56cfd0e18d07f41c38e9598545a6d369127fc6f9.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/57a9d9f83020155cbb1d2be1f43d82388cbecc88.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/57a9d9f83020155cbb1d2be1f43d82388cbecc88.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/5a5daf5eb5a4db77a2baa3ad9c7a6ed6e0655fa8.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/641bd9db850193064d17575053ae2bf8ec149ddc.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/641bd9db850193064d17575053ae2bf8ec149ddc.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/6466d38c62e73a39202435a4f73bf5d6acbb73c0.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/6466d38c62e73a39202435a4f73bf5d6acbb73c0.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/6ff0fbead4462d9f229167b4e6839eceb8465058.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/6ff0fbead4462d9f229167b4e6839eceb8465058.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/706c5d7b625f207bc0d874c67237aad6f1e9cd6f.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/706c5d7b625f207bc0d874c67237aad6f1e9cd6f.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/757ebd573617a24aa9dfbf0b885c54875c6fe06b.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/757ebd573617a24aa9dfbf0b885c54875c6fe06b.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/7a37dc4d5bf018456aea291cee06daf004c0221c.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/7a37dc4d5bf018456aea291cee06daf004c0221c.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/7e14e7883ed152baa158b80e207b66114c823a8b.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/7e14e7883ed152baa158b80e207b66114c823a8b.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/7ef276fc886ea502a03b9b0e5c8b547d5dc2b61c.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/7ef276fc886ea502a03b9b0e5c8b547d5dc2b61c.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/8099955657a54e9ee38a6ba1d6f950ce58e3cc25.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/8099955657a54e9ee38a6ba1d6f950ce58e3cc25.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/813c2f8e5512187fd982417a7fb4286728e6f4a8.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/813c2f8e5512187fd982417a7fb4286728e6f4a8.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/8240789f6d12d4cfc4b5e8e6f246c3701bcf861f.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/8240789f6d12d4cfc4b5e8e6f246c3701bcf861f.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/8454d22037f892e76614e1645d066689a0200e61.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/8454d22037f892e76614e1645d066689a0200e61.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/8a9fea2a7384f2116e5b84a9b31f83be7850ce21.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/8a9fea2a7384f2116e5b84a9b31f83be7850ce21.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/a34a7b00f22ffb5fd7eef6933b81c7e71bc2cdfb.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/a34a7b00f22ffb5fd7eef6933b81c7e71bc2cdfb.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/a919b33197965846f21074b24e30250d67277bce.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/a919b33197965846f21074b24e30250d67277bce.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/a98e908e2ed21b22228ea59ebcc0f05034c86f2e.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/a98e908e2ed21b22228ea59ebcc0f05034c86f2e.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/b9e2aaa0d75fcef6971ec3a96d806ba4a6b31fe2.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/b9e2aaa0d75fcef6971ec3a96d806ba4a6b31fe2.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/bb0c53752e85c3d28973ebc913287b8987d3dfe8.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/bb0c53752e85c3d28973ebc913287b8987d3dfe8.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/bb9473d2403488714043bcfb946c9f78b86ad627.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/bb9473d2403488714043bcfb946c9f78b86ad627.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/c4e48b0886ef460f532fb49f00047ec92c432ec0.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/c4e48b0886ef460f532fb49f00047ec92c432ec0.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/cc5f3d2d717fb6bd4dfae1c16d48a2cb8e12233b.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/cc5f3d2d717fb6bd4dfae1c16d48a2cb8e12233b.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/d629e7fedc0b350222d7987345fe61613fa3929a.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/d629e7fedc0b350222d7987345fe61613fa3929a.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/df768b9c257e0c9c35786c47cae15c46571d56be.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/df768b9c257e0c9c35786c47cae15c46571d56be.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/e207635780b42f898d58654b65098763e340f5c7.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/e207635780b42f898d58654b65098763e340f5c7.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/ef86fe710cfea877bbe0dbb6946a1f88d0661031.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/ef86fe710cfea877bbe0dbb6946a1f88d0661031.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/f22416c692720a7d46fadf4af99f4c9e094f00b9.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/f22416c692720a7d46fadf4af99f4c9e094f00b9.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/f499fbc23865022234775c43503bba2e63978fe1.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/f499fbc23865022234775c43503bba2e63978fe1.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/f518eb6f6b5eec2946c9fbbbde44e45d46f5e2ac.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/f518eb6f6b5eec2946c9fbbbde44e45d46f5e2ac.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/fab39d60d758cb586db5a504f218442cd1395725.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/fab39d60d758cb586db5a504f218442cd1395725.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/fbb6c84c9e1fe0c39e152fbe845e51fd81f6748e.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/fbb6c84c9e1fe0c39e152fbe845e51fd81f6748e.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/fcdcffbdf1c4c97c05308d7600e4c283eb47dbca.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/fcdcffbdf1c4c97c05308d7600e4c283eb47dbca.ttf
--------------------------------------------------------------------------------
/projects/ots/seed_corpus/ffa0f5d2d9025486d8469d8b1fdd983e7632499b.ttf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/coreutils/oss-fuzz/d37a62b8658e630dc9ffacf8ab1a8b67ed9477fd/projects/ots/seed_corpus/ffa0f5d2d9025486d8469d8b1fdd983e7632499b.ttf
--------------------------------------------------------------------------------
/projects/pcre2/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER kcc@google.com
19 | RUN apt-get install -y make autoconf automake libtool subversion
20 |
21 | RUN svn co svn://vcs.exim.org/pcre2/code/trunk pcre2
22 | COPY build.sh $SRC/
23 |
--------------------------------------------------------------------------------
/projects/pcre2/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | cd pcre2
19 |
20 | # build project
21 | ./autogen.sh
22 | ./configure --enable-fuzz-support --enable-never-backslash-C --with-match-limit=1000 --with-match-limit-recursion=1000
23 | make -j$(nproc) clean all
24 |
25 | # build fuzzer
26 | $CXX $CXXFLAGS -o $OUT/pcre2_fuzzer \
27 | -lfuzzer .libs/libpcre2-fuzzsupport.a .libs/libpcre2-8.a
28 |
--------------------------------------------------------------------------------
/projects/pcre2/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "http://www.pcre.org/"
2 | primary_contact: "philip.hazel@gmail.com"
3 |
--------------------------------------------------------------------------------
/projects/re2/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER wrengr@chromium.org
19 | RUN apt-get install -y make autoconf automake libtool
20 |
21 | RUN git clone --depth 1 https://code.googlesource.com/re2
22 | WORKDIR re2
23 | COPY build.sh re2_fuzzer.* $SRC/
24 |
--------------------------------------------------------------------------------
/projects/re2/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # First, build the re2 library.
19 | # N.B., we don't follow the standard incantation for building re2
20 | # (i.e., `make && make test && make install && make testinstall`),
21 | # because some of the targets doesn't use $CXXFLAGS properly, which
22 | # causes compilation to fail. The obj/libre2.a target is all we
23 | # really need for our fuzzer, so that's all we build. Hopefully
24 | # this won't cause the fuzzer to fail erroneously due to not running
25 | # upstream's tests first to be sure things compiled correctly.
26 | make clean
27 | make -j$(nproc) obj/libre2.a
28 |
29 |
30 | # Second, build our fuzzers.
31 | $CXX $CXXFLAGS -std=c++11 -I. \
32 | $SRC/re2_fuzzer.cc -o $OUT/re2_fuzzer \
33 | -lfuzzer ./obj/libre2.a
34 |
35 | cp $SRC/*.options $OUT/
36 |
--------------------------------------------------------------------------------
/projects/re2/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://code.googlesource.com/re2"
2 |
--------------------------------------------------------------------------------
/projects/re2/re2_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright (c) 2016 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include
9 |
10 | #include "re2/re2.h"
11 | #include "util/logging.h"
12 |
13 | using std::string;
14 |
15 | void Test(const string& buffer, const string& pattern,
16 | const RE2::Options& options) {
17 | RE2 re(pattern, options);
18 | if (!re.ok())
19 | return;
20 |
21 | string m1, m2;
22 | int i1, i2;
23 | double d1;
24 |
25 | if (re.NumberOfCapturingGroups() == 0) {
26 | RE2::FullMatch(buffer, re);
27 | RE2::PartialMatch(buffer, re);
28 | } else if (re.NumberOfCapturingGroups() == 1) {
29 | RE2::FullMatch(buffer, re, &m1);
30 | RE2::PartialMatch(buffer, re, &i1);
31 | } else if (re.NumberOfCapturingGroups() == 2) {
32 | RE2::FullMatch(buffer, re, &i1, &i2);
33 | RE2::PartialMatch(buffer, re, &m1, &m2);
34 | }
35 |
36 | re2::StringPiece input(buffer);
37 | RE2::Consume(&input, re, &m1);
38 | RE2::FindAndConsume(&input, re, &d1);
39 | string tmp1(buffer);
40 | RE2::Replace(&tmp1, re, "zz");
41 | string tmp2(buffer);
42 | RE2::GlobalReplace(&tmp2, re, "xx");
43 | RE2::QuoteMeta(re2::StringPiece(pattern));
44 | }
45 |
46 | // Entry point for LibFuzzer.
47 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
48 | if (size < 1)
49 | return 0;
50 |
51 | RE2::Options options;
52 |
53 | size_t options_randomizer = 0;
54 | for (size_t i = 0; i < size; i++)
55 | options_randomizer += data[i];
56 |
57 | if (options_randomizer & 1)
58 | options.set_encoding(RE2::Options::EncodingLatin1);
59 |
60 | options.set_posix_syntax(options_randomizer & 2);
61 | options.set_longest_match(options_randomizer & 4);
62 | options.set_literal(options_randomizer & 8);
63 | options.set_never_nl(options_randomizer & 16);
64 | options.set_dot_nl(options_randomizer & 32);
65 | options.set_never_capture(options_randomizer & 64);
66 | options.set_case_sensitive(options_randomizer & 128);
67 | options.set_perl_classes(options_randomizer & 256);
68 | options.set_word_boundary(options_randomizer & 512);
69 | options.set_one_line(options_randomizer & 1024);
70 |
71 | options.set_log_errors(false);
72 |
73 | const char* data_input = reinterpret_cast(data);
74 | {
75 | string pattern(data_input, size);
76 | string buffer(data_input, size);
77 | Test(buffer, pattern, options);
78 | }
79 |
80 | if (size >= 3) {
81 | string pattern(data_input, size / 3);
82 | string buffer(data_input + size / 3, size - size / 3);
83 | Test(buffer, pattern, options);
84 | }
85 |
86 | return 0;
87 | }
88 |
--------------------------------------------------------------------------------
/projects/re2/re2_fuzzer.options:
--------------------------------------------------------------------------------
1 | [libfuzzer]
2 | max_len = 32
3 |
--------------------------------------------------------------------------------
/projects/sqlite3/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER tanin@google.com
19 | RUN apt-get install -y make autoconf automake libtool fossil tcl
20 |
21 | # We won't be able to poll fossil for changes, so this will build
22 | # only once a day.
23 | RUN mkdir $SRC/sqlite3 && \
24 | cd $SRC/sqlite3 && \
25 | fossil clone https://www.sqlite.org/src sqlite --user `whoami` && \
26 | fossil open sqlite
27 |
28 | RUN find $SRC/sqlite3 -name "*.test" | xargs zip $SRC/ossfuzz_seed_corpus.zip
29 |
30 | WORKDIR sqlite3
31 | COPY build.sh *.dict *.options $SRC/
32 |
--------------------------------------------------------------------------------
/projects/sqlite3/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | mkdir bld
19 | cd bld
20 |
21 | export ASAN_OPTIONS=detect_leaks=0
22 | # Limit max length of data blobs and sql queries to prevent irrelevant OOMs.
23 | export CFLAGS="$CFLAGS -DSQLITE_MAX_LENGTH=128000000 \
24 | -DSQLITE_MAX_SQL_LENGTH=128000000 \
25 | -DSQLITE_PRINTF_PRECISION_LIMIT=128000000"
26 | ../configure
27 | make -j$(nproc)
28 | make sqlite3.c
29 |
30 | $CC $CCFLAGS -I. -c \
31 | $SRC/sqlite3/test/ossfuzz.c -o $SRC/sqlite3/test/ossfuzz.o
32 |
33 | $CXX $CXXFLAGS \
34 | $SRC/sqlite3/test/ossfuzz.o -o $OUT/ossfuzz \
35 | -lfuzzer ./sqlite3.o
36 |
37 | cp $SRC/*.options $SRC/*.dict $SRC/*.zip $OUT/
38 |
39 |
--------------------------------------------------------------------------------
/projects/sqlite3/ossfuzz.options:
--------------------------------------------------------------------------------
1 | [libfuzzer]
2 | dict = sql.dict
3 |
--------------------------------------------------------------------------------
/projects/sqlite3/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://sqlite.org/"
2 | sanitizers:
3 | - address
4 | - undefined
5 |
6 |
--------------------------------------------------------------------------------
/projects/tpm2/Jenkinsfile:
--------------------------------------------------------------------------------
1 | // Copyright 2016 Google Inc.
2 | //
3 | // Licensed under the Apache License, Version 2.0 (the "License");
4 | // you may not use this file except in compliance with the License.
5 | // You may obtain a copy of the License at
6 | //
7 | // http://www.apache.org/licenses/LICENSE-2.0
8 | //
9 | // Unless required by applicable law or agreed to in writing, software
10 | // distributed under the License is distributed on an "AS IS" BASIS,
11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | // See the License for the specific language governing permissions and
13 | // limitations under the License.
14 | //
15 | ////////////////////////////////////////////////////////////////////////////////
16 |
17 | def libfuzzerBuild = fileLoader.fromGit(
18 | 'infra/libfuzzer-pipeline.groovy',
19 | 'https://github.com/google/oss-fuzz.git')
20 |
21 | libfuzzerBuild {
22 | git = "https://chromium.googlesource.com/chromiumos/third_party/tpm2/"
23 | // tpm2/ will contain checkout
24 | dockerfile = "tpm2/fuzz/Dockerfile"
25 | dockerContextDir = "tpm2/"
26 | }
27 |
--------------------------------------------------------------------------------
/projects/tpm2/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://chromium.googlesource.com/chromiumos/third_party/tpm2"
2 | dockerfile:
3 | git: "https://chromium.googlesource.com/chromiumos/third_party/tpm2/"
4 | path: "fuzz/Dockerfile"
5 |
--------------------------------------------------------------------------------
/projects/woff2/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER mmoroz@chromium.org
19 | RUN apt-get install -y make autoconf automake libtool
20 |
21 | RUN git clone --depth 1 --recursive https://github.com/google/woff2
22 | WORKDIR woff2
23 | COPY build.sh convert_woff2ttf_fuzzer.* $SRC/
24 |
--------------------------------------------------------------------------------
/projects/woff2/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | # Copyright 2016 Google Inc.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | ################################################################################
17 |
18 | # Build the library. Actually there is no 'library' target, so we use .o files.
19 | # '-no-canonical-prefixes' flag makes clang crazy. Need to avoid it.
20 | cat brotli/shared.mk | sed -e "s/-no-canonical-prefixes//" \
21 | > brotli/shared.mk.temp
22 | mv brotli/shared.mk.temp brotli/shared.mk
23 |
24 | cat Makefile | sed -e "s/-no-canonical-prefixes//" \
25 | > Makefile.temp
26 | mv Makefile.temp Makefile
27 |
28 | # woff2 uses LFLAGS instead of LDFLAGS.
29 | make -j$(nproc) CC="$CC $CFLAGS" CXX="$CXX $CXXFLAGS" clean all
30 |
31 | # To avoid multiple main() definitions.
32 | rm src/woff2_compress.o src/woff2_decompress.o
33 |
34 | # Build the fuzzer.
35 | fuzzer=convert_woff2ttf_fuzzer
36 | $CXX $CXXFLAGS -std=c++11 -Isrc \
37 | $SRC/$fuzzer.cc -o $OUT/$fuzzer \
38 | -lfuzzer src/*.o brotli/dec/*.o brotli/enc/*.o
39 |
40 | cp $SRC/*.options $OUT/
41 |
--------------------------------------------------------------------------------
/projects/woff2/convert_woff2ttf_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2015 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 |
8 | #include "woff2_dec.h"
9 |
10 | // Entry point for LibFuzzer.
11 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
12 | std::string buf;
13 | woff2::WOFF2StringOut out(&buf);
14 | out.SetMaxSize(30 * 1024 * 1024);
15 | woff2::ConvertWOFF2ToTTF(data, size, &out);
16 | return 0;
17 | }
18 |
--------------------------------------------------------------------------------
/projects/woff2/convert_woff2ttf_fuzzer.options:
--------------------------------------------------------------------------------
1 | [libfuzzer]
2 | max_len = 1000000
3 |
--------------------------------------------------------------------------------
/projects/woff2/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "https://github.com/google/woff2"
2 |
--------------------------------------------------------------------------------
/projects/zlib/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright 2016 Google Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 | #
15 | ################################################################################
16 |
17 | FROM ossfuzz/base-libfuzzer
18 | MAINTAINER inferno@chromium.org
19 | RUN apt-get install -y make autoconf automake libtool
20 |
21 | RUN git clone --depth 1 https://github.com/madler/zlib.git
22 | WORKDIR zlib
23 | COPY build.sh zlib_uncompress_fuzzer.cc $SRC/
24 |
--------------------------------------------------------------------------------
/projects/zlib/build.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 |
3 | ./configure
4 | make -j$(nproc) clean all
5 |
6 | $CXX $CXXFLAGS -std=c++11 -I. \
7 | $SRC/zlib_uncompress_fuzzer.cc -o $OUT/zlib_uncompress_fuzzer \
8 | -lfuzzer ./libz.a
9 |
--------------------------------------------------------------------------------
/projects/zlib/project.yaml:
--------------------------------------------------------------------------------
1 | homepage: "http://www.zlib.net/"
2 |
--------------------------------------------------------------------------------
/projects/zlib/zlib_uncompress_fuzzer.cc:
--------------------------------------------------------------------------------
1 | // Copyright 2015 The Chromium Authors. All rights reserved.
2 | // Use of this source code is governed by a BSD-style license that can be
3 | // found in the LICENSE file.
4 |
5 | #include
6 | #include
7 | #include
8 |
9 | #include "zlib.h"
10 |
11 | static Bytef buffer[256 * 1024] = { 0 };
12 |
13 | // Entry point for LibFuzzer.
14 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
15 | uLongf buffer_length = static_cast(sizeof(buffer));
16 | if (Z_OK != uncompress(buffer, &buffer_length, data,
17 | static_cast(size))) {
18 | return 0;
19 | }
20 | return 0;
21 | }
22 |
--------------------------------------------------------------------------------
/targets/README.md:
--------------------------------------------------------------------------------
1 | This directory was renamed to [`../projects/`](../projects/)
2 |
--------------------------------------------------------------------------------