diff options
author | Mike Aizatsky <mike.aizatsky@gmail.com> | 2016-11-29 10:55:25 -0800 |
---|---|---|
committer | Mike Aizatsky <mike.aizatsky@gmail.com> | 2016-11-29 10:55:25 -0800 |
commit | a143b9b39a51412d133f846688194d68fe4197ba (patch) | |
tree | 936eb7e6c320fb7066f0da416727ebab8ce4668c /projects/libxml2 | |
parent | 330c900781b1a8abde12e5478bb85854da48afc2 (diff) | |
download | oss-fuzz-a143b9b39a51412d133f846688194d68fe4197ba.tar.gz |
[infra] renaming targets/ to projects/
Diffstat (limited to 'projects/libxml2')
-rw-r--r-- | projects/libxml2/Dockerfile | 27 | ||||
-rwxr-xr-x | projects/libxml2/build.sh | 29 | ||||
-rw-r--r-- | projects/libxml2/libxml2_xml_read_memory_fuzzer.cc | 23 | ||||
-rw-r--r-- | projects/libxml2/libxml2_xml_read_memory_fuzzer.options | 2 | ||||
-rw-r--r-- | projects/libxml2/libxml2_xml_regexp_compile_fuzzer.cc | 34 | ||||
-rw-r--r-- | projects/libxml2/libxml2_xml_regexp_compile_fuzzer.options | 2 | ||||
-rw-r--r-- | projects/libxml2/target.yaml | 1 | ||||
-rw-r--r-- | projects/libxml2/xml.dict | 87 |
8 files changed, 205 insertions, 0 deletions
diff --git a/projects/libxml2/Dockerfile b/projects/libxml2/Dockerfile new file mode 100644 index 000000000..078379b49 --- /dev/null +++ b/projects/libxml2/Dockerfile @@ -0,0 +1,27 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER ochang@chromium.org +RUN apt-get install -y make autoconf automake libtool pkg-config + +RUN git clone git://git.gnome.org/libxml2 +WORKDIR libxml2 + +COPY build.sh $SRC/ +COPY libxml2_xml_read_memory_fuzzer.* \ + libxml2_xml_regexp_compile_fuzzer.* \ + xml.dict $SRC/ diff --git a/projects/libxml2/build.sh b/projects/libxml2/build.sh new file mode 100755 index 000000000..12cb3ad19 --- /dev/null +++ b/projects/libxml2/build.sh @@ -0,0 +1,29 @@ +#!/bin/bash -eu +# +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +./autogen.sh +./configure +make -j$(nproc) clean all + +for fuzzer in libxml2_xml_read_memory_fuzzer libxml2_xml_regexp_compile_fuzzer; do + $CXX $CXXFLAGS -std=c++11 -Iinclude/ \ + $SRC/$fuzzer.cc -o $OUT/$fuzzer \ + -lfuzzer .libs/libxml2.a +done + +cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc b/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc new file mode 100644 index 000000000..464a6e95d --- /dev/null +++ b/projects/libxml2/libxml2_xml_read_memory_fuzzer.cc @@ -0,0 +1,23 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include "libxml/parser.h" + +void ignore (void* ctx, const char* msg, ...) { + // Error handler to avoid spam of error messages from libxml parser. +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + xmlSetGenericErrorFunc(NULL, &ignore); + + if (auto doc = xmlReadMemory(reinterpret_cast<const char*>(data), + static_cast<int>(size), "noname.xml", NULL, 0)) { + xmlFreeDoc(doc); + } + + return 0; +} diff --git a/projects/libxml2/libxml2_xml_read_memory_fuzzer.options b/projects/libxml2/libxml2_xml_read_memory_fuzzer.options new file mode 100644 index 000000000..6335e163b --- /dev/null +++ b/projects/libxml2/libxml2_xml_read_memory_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = xml.dict diff --git a/projects/libxml2/libxml2_xml_regexp_compile_fuzzer.cc b/projects/libxml2/libxml2_xml_regexp_compile_fuzzer.cc new file mode 100644 index 000000000..65aba2962 --- /dev/null +++ b/projects/libxml2/libxml2_xml_regexp_compile_fuzzer.cc @@ -0,0 +1,34 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <stddef.h> +#include <stdint.h> + +#include <algorithm> +#include <string> +#include <vector> + +#include "libxml/parser.h" +#include "libxml/tree.h" +#include "libxml/xmlversion.h" + + +void ignore (void * ctx, const char * msg, ...) { + // Error handler to avoid spam of error messages from libxml parser. +} + + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + xmlSetGenericErrorFunc(NULL, &ignore); + + std::vector<uint8_t> buffer(size + 1, 0); + std::copy(data, data + size, buffer.data()); + + xmlRegexpPtr x = xmlRegexpCompile(buffer.data()); + if (x) + xmlRegFreeRegexp(x); + + return 0; +} diff --git a/projects/libxml2/libxml2_xml_regexp_compile_fuzzer.options b/projects/libxml2/libxml2_xml_regexp_compile_fuzzer.options new file mode 100644 index 000000000..6335e163b --- /dev/null +++ b/projects/libxml2/libxml2_xml_regexp_compile_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = xml.dict diff --git a/projects/libxml2/target.yaml b/projects/libxml2/target.yaml new file mode 100644 index 000000000..3ac2e3236 --- /dev/null +++ b/projects/libxml2/target.yaml @@ -0,0 +1 @@ +homepage: "http://www.xmlsoft.org/" diff --git a/projects/libxml2/xml.dict b/projects/libxml2/xml.dict new file mode 100644 index 000000000..4ffa6c80b --- /dev/null +++ b/projects/libxml2/xml.dict @@ -0,0 +1,87 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +# +# AFL dictionary for XML +# ---------------------- +# +# Several basic syntax elements and attributes, modeled on libxml2. +# +# Created by Michal Zalewski <lcamtuf@google.com> +# + +attr_encoding=" encoding=\"1\"" +attr_generic=" a=\"1\"" +attr_href=" href=\"1\"" +attr_standalone=" standalone=\"no\"" +attr_version=" version=\"1\"" +attr_xml_base=" xml:base=\"1\"" +attr_xml_id=" xml:id=\"1\"" +attr_xml_lang=" xml:lang=\"1\"" +attr_xml_space=" xml:space=\"1\"" +attr_xmlns=" xmlns=\"1\"" + +entity_builtin="<" +entity_decimal="" +entity_external="&a;" +entity_hex="" + +string_any="ANY" +string_brackets="[]" +string_cdata="CDATA" +string_col_fallback=":fallback" +string_col_generic=":a" +string_col_include=":include" +string_dashes="--" +string_empty="EMPTY" +string_empty_dblquotes="\"\"" +string_empty_quotes="''" +string_entities="ENTITIES" +string_entity="ENTITY" +string_fixed="#FIXED" +string_id="ID" +string_idref="IDREF" +string_idrefs="IDREFS" +string_implied="#IMPLIED" +string_nmtoken="NMTOKEN" +string_nmtokens="NMTOKENS" +string_notation="NOTATION" +string_parentheses="()" +string_pcdata="#PCDATA" +string_percent="%a" +string_public="PUBLIC" +string_required="#REQUIRED" +string_schema=":schema" +string_system="SYSTEM" +string_ucs4="UCS-4" +string_utf16="UTF-16" +string_utf8="UTF-8" +string_xmlns="xmlns:" + +tag_attlist="<!ATTLIST" +tag_cdata="<![CDATA[" +tag_close="</a>" +tag_doctype="<!DOCTYPE" +tag_element="<!ELEMENT" +tag_entity="<!ENTITY" +tag_ignore="<![IGNORE[" +tag_include="<![INCLUDE[" +tag_notation="<!NOTATION" +tag_open="<a>" +tag_open_close="<a />" +tag_open_exclamation="<!" +tag_open_q="<?" +tag_sq2_close="]]>" +tag_xml_q="<?xml?>" |