diff options
author | Markus Kusano <mukusano@gmail.com> | 2018-12-19 10:56:47 -0500 |
---|---|---|
committer | Abhishek Arya <inferno@chromium.org> | 2018-12-19 07:56:47 -0800 |
commit | b793e9a7c749e204a7fcec79c2e6ad3657f8e48d (patch) | |
tree | 5fae3286d3435fc83f6bb564108c9480dacadcf1 /projects/freeimage | |
parent | 261e7f2972422761d56cbdb356b1e73740915d47 (diff) | |
download | oss-fuzz-b793e9a7c749e204a7fcec79c2e6ad3657f8e48d.tar.gz |
Integrate FreeImage and add a fuzz target. (#2035)
* Integrate FreeImage and add a fuzz target.
* Initialize FreeImage within LLVMFuzzerTestOneInput.
* Return 0 and not EXIT_SUCCESS.
* Use https when downloading FreeImage source.
Diffstat (limited to 'projects/freeimage')
-rw-r--r-- | projects/freeimage/Dockerfile | 25 | ||||
-rwxr-xr-x | projects/freeimage/build.sh | 29 | ||||
-rw-r--r-- | projects/freeimage/load_from_memory_fuzzer.cc | 41 | ||||
-rw-r--r-- | projects/freeimage/project.yaml | 13 |
4 files changed, 108 insertions, 0 deletions
diff --git a/projects/freeimage/Dockerfile b/projects/freeimage/Dockerfile new file mode 100644 index 000000000..86ab661ac --- /dev/null +++ b/projects/freeimage/Dockerfile @@ -0,0 +1,25 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get update && apt-get install -y make autoconf automake libtool wget +# This downloads the latest version at the time of writing. There does not +# appear to be a head version of FreeImage. +RUN wget https://downloads.sourceforge.net/freeimage/FreeImage3180.zip +RUN unzip FreeImage3180.zip +WORKDIR $SRC +COPY build.sh $SRC/ +COPY load_from_memory_fuzzer.cc $SRC/ diff --git a/projects/freeimage/build.sh b/projects/freeimage/build.sh new file mode 100755 index 000000000..793b61128 --- /dev/null +++ b/projects/freeimage/build.sh @@ -0,0 +1,29 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +pushd FreeImage + +# b44ExpLogTable.cpp only contains a definition of main(). +sed -i 's/Source\/OpenEXR\/IlmImf\/b44ExpLogTable.cpp//' Makefile.srcs +make LIBRARIES=-lc++ -j$(nproc) + +popd + +INSTALL_DIR=$SRC/FreeImage/Dist + +$CXX $CXXFLAGS -I${INSTALL_DIR}/ load_from_memory_fuzzer.cc \ + ${INSTALL_DIR}/libfreeimage.a -lFuzzingEngine -o $OUT/load_from_memory_fuzzer diff --git a/projects/freeimage/load_from_memory_fuzzer.cc b/projects/freeimage/load_from_memory_fuzzer.cc new file mode 100644 index 000000000..146e3dfe1 --- /dev/null +++ b/projects/freeimage/load_from_memory_fuzzer.cc @@ -0,0 +1,41 @@ +#include <cstddef> +#include <cstdint> +#include <cstdlib> +#include <vector> +#include <FreeImage.h> + +namespace { + +// Returns true if the format should be attempted to loaded from memory. +bool SafeToLoadFromMemory(FREE_IMAGE_FORMAT fif) { + // For now, just load if it is a BMP. Future heuristics may need to be based + // on the expected size in different formats for memory regions to avoid OOMs. + return fif == FIF_BMP; +} + +} // namespace + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + static bool initialized = false; + if (!initialized) { + FreeImage_Initialise(); + } + + if (size > 100 * 1000) { + return 0; + } + + std::vector<uint8_t> fuzzer_data_vector(data, data + size); + FIMEMORY* fiMem = FreeImage_OpenMemory( + reinterpret_cast<unsigned char*>(fuzzer_data_vector.data()), + fuzzer_data_vector.size()); + + FREE_IMAGE_FORMAT fif = FreeImage_GetFileTypeFromMemory(fiMem, 0); + if (SafeToLoadFromMemory(fif)) { + FIBITMAP* fiBitmap = FreeImage_LoadFromMemory(fif, fiMem); + FreeImage_Unload(fiBitmap); + } + FreeImage_CloseMemory(fiMem); + + return 0; +} diff --git a/projects/freeimage/project.yaml b/projects/freeimage/project.yaml new file mode 100644 index 000000000..621f741a6 --- /dev/null +++ b/projects/freeimage/project.yaml @@ -0,0 +1,13 @@ +homepage: "http://freeimage.sourceforge.net/" +primary_contact: "kusano@google.com" + +experimental: true + +sanitizers: + - address + - memory + - undefined + +labels: + load_from_memory_fuzzer: + - sundew |