Add expat fuzzer

author: Vitaly Buka <vitalybuka@chromium.org> 2017-02-06 18:39:21 -0800
committer: Vitaly Buka <vitalybuka@gmail.com> 2017-02-06 18:59:16 -0800
commit: 944e45ed0edede1ce0ad79d2c2e73e34bf90e605 (patch)
tree: 7dc662268ab4e551e6c9e1371114fb2340a3a579 /examples
parent: 40f881f0d1ee043b85931908e9b8c85891aa4b8a (diff)
download: libprotobuf-mutator-944e45ed0edede1ce0ad79d2c2e73e34bf90e605.tar.gz
3 files changed, 105 insertions, 1 deletions
diff --git a/examples/expat/expat_example.cc b/examples/expat/expat_example.cc
new file mode 100644
index 0000000..f07a564
--- /dev/null
+++ b/examples/expat/expat_example.cc
@@ -0,0 +1,53 @@
+// Copyright 2017 Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "expat.h"  // NOLINT
+
+#include "google/protobuf/stubs/logging.h"
+#include "src/xml/libfuzzer_xml_mutator.h"
+
+namespace {
+google::protobuf::LogSilencer log_silincer;
+std::vector<const char*> kEncodings = {{"UTF-16", "UTF-8", "ISO-8859-1",
+                                        "US-ASCII", "UTF-16BE", "UTF-16LE",
+                                        "INVALIDENCODING"}};
+}
+
+extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size,
+                                          size_t max_size, unsigned int seed) {
+// Experimental
+#ifdef LIB_PROTO_MUTATOR_XML2_NO_FLATTENING
+  if (seed % 33 == 0) {
+    ++seed;
+  }
+#endif  // LIB_PROTO_MUTATOR_XML2_NO_FLATTENING
+
+  return protobuf_mutator::xml::MutateTextMessage(data, size, max_size, seed);
+}
+
+// Entry point for LibFuzzer.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  int options = 0;
+  std::string xml;
+  protobuf_mutator::xml::ParseTextMessage(data, size, &xml, &options);
+
+  int use_ns = options % 2;
+  options /= 2;
+  auto enc = kEncodings[options % kEncodings.size()];
+  XML_Parser parser =
+      use_ns ? XML_ParserCreateNS(enc, '\n') : XML_ParserCreate(enc);
+  XML_Parse(parser, xml.data(), xml.size(), true);
+  XML_ParserFree(parser);
+  return 0;
+}
diff --git a/examples/expat/expat_example_test.cc b/examples/expat/expat_example_test.cc
new file mode 100644
index 0000000..e6a78b5
--- /dev/null
+++ b/examples/expat/expat_example_test.cc
@@ -0,0 +1,52 @@
+// Copyright 2017 Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <dirent.h>
+#include <memory>
+#include "gtest/gtest.h"
+
+namespace {
+
+size_t CountFilesInDir(const std::string& path) {
+  size_t res = 0;
+  std::unique_ptr<DIR, decltype(&closedir)> dir(opendir(path.c_str()),
+                                                &closedir);
+  if (!dir) return 0;
+  while (readdir(dir.get())) {
+    ++res;
+  }
+  if (res <= 2) return 0;
+  res -= 2;  // . and ..
+  return res;
+}
+
+}  // namespace
+
+TEST(ExpatExampleTest, Crash) {
+  char dir_template[] = "/tmp/libxml2_example_test_XXXXXX";
+  auto dir = mkdtemp(dir_template);
+  ASSERT_TRUE(dir);
+
+  EXPECT_EQ(0, CountFilesInDir(dir));
+
+  std::string cmd =
+      "./expat_example -max_len=500 -runs=10000 -artifact_prefix=" +
+      std::string(dir) + "/ " + dir + "/";
+  EXPECT_EQ(0, std::system(cmd.c_str()));
+
+  EXPECT_GT(CountFilesInDir(dir), 100);
+
+  // Cleanup.
+  EXPECT_EQ(0, std::system((std::string("rm -rf ") + dir).c_str()));
+}
diff --git a/examples/libxml2/libxml2_example.cc b/examples/libxml2/libxml2_example.cc
index 891b694..1b30771 100644
--- a/examples/libxml2/libxml2_example.cc
+++ b/examples/libxml2/libxml2_example.cc
@@ -35,7 +35,6 @@ extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size,
   return protobuf_mutator::xml::MutateTextMessage(data, size, max_size, seed);
 }
 
-
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   int options = 0;
   std::string xml;
author	Vitaly Buka <vitalybuka@chromium.org>	2017-02-06 18:39:21 -0800
committer	Vitaly Buka <vitalybuka@gmail.com>	2017-02-06 18:59:16 -0800
commit	944e45ed0edede1ce0ad79d2c2e73e34bf90e605 (patch)
tree	7dc662268ab4e551e6c9e1371114fb2340a3a579 /examples
parent	40f881f0d1ee043b85931908e9b8c85891aa4b8a (diff)
download	libprotobuf-mutator-944e45ed0edede1ce0ad79d2c2e73e34bf90e605.tar.gz