diff options
Diffstat (limited to 'fuzzer')
| -rw-r--r-- | fuzzer/README.md | 82 | ||||
| -rw-r--r-- | fuzzer/hevc_dec_fuzzer.cmake | 2 | ||||
| -rw-r--r-- | fuzzer/hevc_enc_fuzzer.cmake | 2 | ||||
| -rw-r--r-- | fuzzer/hevc_enc_fuzzer.cpp | 1 | ||||
| -rwxr-xr-x | fuzzer/ossfuzz.sh | 19 |
5 files changed, 43 insertions, 63 deletions
diff --git a/fuzzer/README.md b/fuzzer/README.md index 49353da..0df4e6e 100644 --- a/fuzzer/README.md +++ b/fuzzer/README.md @@ -1,11 +1,11 @@ -# Fuzzer for libhevc decoder +# Fuzzer for libhevc decoder and encoder -This describes steps to build hevc_dec_fuzzer binary. +This describes steps to build hevc_dec_fuzzer and hevc_enc_fuzzer binary. ## Linux x86/x64 ### Requirements -- cmake (3.5 or above) +- cmake (3.9.1 or above) - make - clang (6.0 or above) needs to support -fsanitize=fuzzer, -fsanitize=fuzzer-no-link @@ -21,51 +21,62 @@ Create a directory inside libhevc and change directory $ mkdir build $ cd build ``` -Build libhevc using cmake +Build fuzzer with required sanitizers (-DSANITIZE=fuzzer-no-link is mandatory + to enable fuzzers) ``` - $ CC=clang CXX=clang++ cmake ../ \ - -DSANITIZE=fuzzer-no-link,address,signed-integer-overflow + $ cmake .. -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \ + -DCMAKE_BUILD_TYPE=Debug -DSANITIZE=fuzzer-no-link,address $ make ``` -Build the fuzzer -``` - $ clang++ -std=c++11 -fsanitize=fuzzer,address -I. -I../ -I../common \ - -I../decoder -Wl,--start-group ../fuzzer/hevc_dec_fuzzer.cpp \ - -o ./hevc_dec_fuzzer ./libhevcdec.a -Wl,--end-group -``` ### Steps to run -Create a directory CORPUS_DIR and copy some elementary hevc files to that folder -To run the fuzzer +Create a directory CORPUS_DIR and copy some elementary hevc files +(for hevc_dec_fuzzer) or yuv files (for hevc_enc_fuzzer) to that directory + +To run the fuzzers ``` $ ./hevc_dec_fuzzer CORPUS_DIR +$ ./hevc_enc_fuzzer CORPUS_DIR ``` ## Android ### Steps to build -Build the fuzzer +Build the fuzzers ``` - $ SANITIZE_TARGET=address SANITIZE_HOST=address mmma -j$(nproc) \ - external/libhevc/fuzzer + $ mm -j$(nproc) hevc_dec_fuzzer + $ mm -j$(nproc) hevc_enc_fuzzer ``` ### Steps to run -Create a directory CORPUS_DIR and copy some elementary hevc files to that folder -Push this directory to device. +Create a directory CORPUS_DIR and copy some elementary hevc files +(for hevc_dec_fuzzer) or yuv files (for hevc_enc_fuzzer) to that folder +Push this directory to device -To run on device +To run hevc_dec_fuzzer on device ``` $ adb sync data $ adb shell /data/fuzz/hevc_dec_fuzzer CORPUS_DIR ``` -To run on host +To run hevc_enc_fuzzer on device +``` + $ adb sync data + $ adb shell /data/fuzz/arm64/hevc_enc_fuzzer/hevc_enc_fuzzer CORPUS_DIR +``` + +To run hevc_dec_fuzzer on host ``` - $ $ANDROID_HOST_OUT/fuzz/hevc_dec_fuzzer CORPUS_DIR + $ $ANDROID_HOST_OUT/fuzz/x86_64/hevc_dec_fuzzer/hevc_dec_fuzzer CORPUS_DIR +``` + +To run hevc_enc_fuzzer on host +``` + $ $ANDROID_HOST_OUT/fuzz/x86_64/hevc_enc_fuzzer/hevc_enc_fuzzer CORPUS_DIR ``` -# Fuzzer for libhevc encoder +# Appendix +## libhevc encoder fuzzer ## Plugin Design Considerations The fuzzer plugin for HEVC is designed based on the understanding of the @@ -142,31 +153,6 @@ This ensures that the plugin tolerates any kind of input (empty, huge, malformed, etc) and doesnt `exit()` on any input and thereby increasing the chance of identifying vulnerabilities. -## Build - -This describes steps to build hevc_enc_fuzzer binary. - -### Android - -#### Steps to build -Build the fuzzer -``` - $ mm -j$(nproc) hevc_enc_fuzzer -``` - -#### Steps to run -Create a directory CORPUS_DIR and copy some yuv files to that folder -Push this directory to device. - -To run on device -``` - $ adb sync data - $ adb shell /data/fuzz/arm64/hevc_enc_fuzzer/hevc_enc_fuzzer CORPUS_DIR -``` -To run on host -``` - $ $ANDROID_HOST_OUT/fuzz/x86_64/hevc_enc_fuzzer/hevc_enc_fuzzer CORPUS_DIR -``` ## References: * http://llvm.org/docs/LibFuzzer.html diff --git a/fuzzer/hevc_dec_fuzzer.cmake b/fuzzer/hevc_dec_fuzzer.cmake new file mode 100644 index 0000000..28e89fd --- /dev/null +++ b/fuzzer/hevc_dec_fuzzer.cmake @@ -0,0 +1,2 @@ +libhevc_add_fuzzer(hevc_dec_fuzzer libhevcdec SOURCES + ${HEVC_ROOT}/fuzzer/hevc_dec_fuzzer.cpp) diff --git a/fuzzer/hevc_enc_fuzzer.cmake b/fuzzer/hevc_enc_fuzzer.cmake new file mode 100644 index 0000000..908b2f1 --- /dev/null +++ b/fuzzer/hevc_enc_fuzzer.cmake @@ -0,0 +1,2 @@ +libhevc_add_fuzzer(hevc_enc_fuzzer libhevcenc SOURCES + ${HEVC_ROOT}/fuzzer/hevc_enc_fuzzer.cpp) diff --git a/fuzzer/hevc_enc_fuzzer.cpp b/fuzzer/hevc_enc_fuzzer.cpp index 9d0d370..c92d67e 100644 --- a/fuzzer/hevc_enc_fuzzer.cpp +++ b/fuzzer/hevc_enc_fuzzer.cpp @@ -19,6 +19,7 @@ */ #include <algorithm> #include <memory> +#include <string.h> #include "ihevc_typedefs.h" #include "itt_video_api.h" diff --git a/fuzzer/ossfuzz.sh b/fuzzer/ossfuzz.sh index dc5683c..2b0f0f9 100755 --- a/fuzzer/ossfuzz.sh +++ b/fuzzer/ossfuzz.sh @@ -22,23 +22,12 @@ test "${OUT}" != "" || exit 1 build_dir=$WORK/build rm -rf ${build_dir} mkdir -p ${build_dir} -pushd ${build_dir} -cmake $SRC/libhevc -make -j$(nproc) +pushd ${build_dir} +cmake ${SRC}/libhevc +make -j$(nproc) hevc_dec_fuzzer +cp ${build_dir}/hevc_dec_fuzzer $OUT/hevc_dec_fuzzer popd -# build fuzzers -$CXX $CXXFLAGS -std=c++11 \ --I$SRC/libhevc \ --I$SRC/libhevc/common \ --I$SRC/libhevc/decoder \ --I${build_dir} \ --Wl,--start-group \ -$LIB_FUZZING_ENGINE \ -$SRC/libhevc/fuzzer/hevc_dec_fuzzer.cpp -o $OUT/hevc_dec_fuzzer \ -${build_dir}/libhevcdec.a \ --Wl,--end-group - cp $SRC/hevc_dec_fuzzer_seed_corpus.zip $OUT/hevc_dec_fuzzer_seed_corpus.zip cp $SRC/libhevc/fuzzer/hevc_dec_fuzzer.dict $OUT/hevc_dec_fuzzer.dict |