diff options
Diffstat (limited to 'c/fuzz')
-rw-r--r-- | c/fuzz/decode_fuzzer.c (renamed from c/fuzz/decode_fuzzer.cc) | 11 | ||||
-rw-r--r-- | c/fuzz/run_decode_fuzzer.c (renamed from c/fuzz/run_decode_fuzzer.cc) | 2 | ||||
-rwxr-xr-x | c/fuzz/test_fuzzer.sh | 20 |
3 files changed, 21 insertions, 12 deletions
diff --git a/c/fuzz/decode_fuzzer.cc b/c/fuzz/decode_fuzzer.c index 60c6f8e..46144e0 100644 --- a/c/fuzz/decode_fuzzer.cc +++ b/c/fuzz/decode_fuzzer.c @@ -4,18 +4,23 @@ #include <stddef.h> #include <stdint.h> +#include <stdlib.h> #include <brotli/decode.h> // Entry point for LibFuzzer. -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { +int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { size_t addend = 0; if (size > 0) addend = data[size - 1] & 7; const uint8_t* next_in = data; const int kBufferSize = 1024; - uint8_t* buffer = new uint8_t[kBufferSize]; + uint8_t* buffer = (uint8_t*) malloc(kBufferSize); + if (!buffer) { + // OOM is out-of-scope here. + return 0; + } /* The biggest "magic number" in brotli is 16MiB - 16, so no need to check the cases with much longer output. */ const size_t total_out_limit = (addend == 0) ? (1 << 26) : (1 << 24); @@ -48,6 +53,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { } BrotliDecoderDestroyInstance(state); - delete[] buffer; + free(buffer); return 0; } diff --git a/c/fuzz/run_decode_fuzzer.cc b/c/fuzz/run_decode_fuzzer.c index 8fd4189..c84f98a 100644 --- a/c/fuzz/run_decode_fuzzer.cc +++ b/c/fuzz/run_decode_fuzzer.c @@ -11,7 +11,7 @@ #include <stdlib.h> #include <stdint.h> -extern "C" void LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); +void LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); int main(int argc, char* *argv) { if (argc != 2) { diff --git a/c/fuzz/test_fuzzer.sh b/c/fuzz/test_fuzzer.sh index 8266fde..9985194 100755 --- a/c/fuzz/test_fuzzer.sh +++ b/c/fuzz/test_fuzzer.sh @@ -1,6 +1,10 @@ #!/usr/bin/env bash +set -e -BROTLI="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" +export CC=${CC:-cc} + +BROTLI="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../.." && pwd )" +SRC=$BROTLI/c cd $BROTLI @@ -8,16 +12,16 @@ rm -rf bin mkdir bin cd bin -cmake .. -B./ -DBUILD_SHARED_LIBS=OFF -DBUILD_TESTING=OFF -DENABLE_SANITIZER=address -make clean -make -j$(nproc) brotlidec +cmake $BROTLI -DCMAKE_C_COMPILER="$CC" \ + -DBUILD_TESTING=OFF -DENABLE_SANITIZER=address +make -j$(nproc) brotlidec-static -c++ -c -std=c++11 ../fuzz/decode_fuzzer.cc -I./include -ar rvs decode_fuzzer.a decode_fuzzer.o -c++ ../fuzz/run_decode_fuzzer.cc -o run_decode_fuzzer -lasan decode_fuzzer.a ./libbrotlidec.a ./libbrotlicommon.a +${CC} -o run_decode_fuzzer -std=c99 -fsanitize=address -I$SRC/include \ + $SRC/fuzz/decode_fuzzer.c $SRC/fuzz/run_decode_fuzzer.c \ + ./libbrotlidec-static.a ./libbrotlicommon-static.a mkdir decode_corpora -unzip ../java/org/brotli/integration/fuzz_data.zip -d decode_corpora +unzip $BROTLI/java/org/brotli/integration/fuzz_data.zip -d decode_corpora for f in `ls decode_corpora` do |