diff options
author | Google AutoFuzz Team <security-tps@google.com> | 2020-05-07 23:57:43 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-07 14:57:43 -0700 |
commit | c20f507e579495fa56995c82b3b828bd602ad3a5 (patch) | |
tree | 256d38b8ec300eaaafba3559e37fb50c5d120193 /projects/libusb | |
parent | e32cca0579d19412f2099dfc07dab8e21f87d65a (diff) | |
download | oss-fuzz-c20f507e579495fa56995c82b3b828bd602ad3a5.tar.gz |
[libusb] Initial Integration (#3773)
* add libusb files
* add fuzzer
* add fuzzer and modify build
* modified the fuzzer for initial integration
* modified project.yaml file
* modified the build and fuzzer files
Diffstat (limited to 'projects/libusb')
-rw-r--r-- | projects/libusb/Dockerfile | 22 | ||||
-rwxr-xr-x | projects/libusb/build.sh | 30 | ||||
-rw-r--r-- | projects/libusb/libusb_fuzzer.cc | 49 | ||||
-rw-r--r-- | projects/libusb/project.yaml | 11 |
4 files changed, 112 insertions, 0 deletions
diff --git a/projects/libusb/Dockerfile b/projects/libusb/Dockerfile new file mode 100644 index 000000000..71d03ab5c --- /dev/null +++ b/projects/libusb/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER christopher.a.dickens@gmail.com +RUN apt-get update && apt-get install -y make autoconf automake libtool libudev-dev +RUN git clone --depth 1 https://github.com/libusb/libusb libusb +WORKDIR libusb +COPY build.sh *.cc $SRC/ diff --git a/projects/libusb/build.sh b/projects/libusb/build.sh new file mode 100755 index 000000000..281aa6ee4 --- /dev/null +++ b/projects/libusb/build.sh @@ -0,0 +1,30 @@ +#!/bin/bash -eu +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build project +./autogen.sh +./configure +make -j$(nproc) all + +# build fuzzer +for fuzzer in $(find $SRC -name '*_fuzzer.cc'); do + fuzzer_basename=$(basename -s .cc $fuzzer) + $CXX $CXXFLAGS -std=c++11 -I. \ + $fuzzer $LIB_FUZZING_ENGINE ./libusb/.libs/libusb-1.0.a \ + -lpthread -ludev \ + -o $OUT/$fuzzer_basename +done diff --git a/projects/libusb/libusb_fuzzer.cc b/projects/libusb/libusb_fuzzer.cc new file mode 100644 index 000000000..8e543a725 --- /dev/null +++ b/projects/libusb/libusb_fuzzer.cc @@ -0,0 +1,49 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +#include <fuzzer/FuzzedDataProvider.h> + +#include <algorithm> +#include <cstddef> +#include <cstdint> + +#include "libusb/libusb.h" +#include "libusb/libusbi.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + struct libusb_transfer *transfer; + FuzzedDataProvider stream(data, size); + uint8_t bmRequestType = stream.ConsumeIntegral<uint8_t>(); + uint8_t bRequest = stream.ConsumeIntegral<uint8_t>(); + uint16_t wValue = stream.ConsumeIntegral<uint16_t>(); + uint16_t wIndex = stream.ConsumeIntegral<uint16_t>(); + uint16_t wLength = stream.ConsumeIntegral<uint16_t>(); + std::vector<char> data_ = stream.ConsumeRemainingBytes<char>(); + unsigned char* buffer = reinterpret_cast<unsigned char*>(data_.data()); + + transfer = libusb_alloc_transfer(0); + if (!transfer) { + return LIBUSB_ERROR_NO_MEM; + } + + if (!buffer) { + libusb_free_transfer(transfer); + return LIBUSB_ERROR_NO_MEM; + } + + libusb_fill_control_setup( + buffer, bmRequestType, bRequest, wValue, wIndex, wLength); + + libusb_free_transfer(transfer); + return 0; +} diff --git a/projects/libusb/project.yaml b/projects/libusb/project.yaml new file mode 100644 index 000000000..fa5cba79d --- /dev/null +++ b/projects/libusb/project.yaml @@ -0,0 +1,11 @@ +homepage: "http://libusb.info/" +language: c++ +primary_contact: "christopher.a.dickens@gmail.com" +auto_ccs: + - "hjelmn@gmail.com" +sanitizers: + - address + - memory + - undefined +architectures: + - x86_64 |