[lzo] Add lzo (#1862)

* lzo: Add lzo out-of-source * lzo: Change maintainer of Docker image * lzo: Add decompress target * lzo: Update build script * lzo: Fix build script * lzo: Bail out if size==0 in decompress test * Adding a seed file to lzo_decompress_target_seed This commit adds a minimal lzo seed as a seed for the lzo_decompress_target. Still results in a heap-buffer-overflow at the moment. * lzo: Switch to safer decompressor (HT @viniul) that does not crash and remove assertion * lzo: Remove buggy addition (from OvS) to this PR * Add more decompression targets to decompress_target This commit adds more decompression targets to decompress_target.c. The target function is chosen based on the first byte of the data given by libfuzzer. * Make decomp func ptr static, fix minor bug in func ptr init, and fix include paths in build script
author: Bhargava Shastry <bshas3@gmail.com> 2018-10-23 16:22:41 +0200
committer: Max Moroz <dor3s1@gmail.com> 2018-10-23 07:22:41 -0700
commit: 754db9eb6cb46ba148346cffc8410b718f31b8c0 (patch)
tree: ebbc2a11b5e73dd2b699e8b8eaf023211f339732 /projects/lzo
parent: f2b4a02601d7439e3546e5ce9655d5c581f35f4f (diff)
download: oss-fuzz-754db9eb6cb46ba148346cffc8410b718f31b8c0.tar.gz
8 files changed, 241 insertions, 0 deletions
diff --git a/projects/lzo/Dockerfile b/projects/lzo/Dockerfile
new file mode 100644
index 000000000..d6971e6ff
--- /dev/null
+++ b/projects/lzo/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER info@oberhumer.com
+RUN apt-get update && apt-get install -y make autoconf automake libtool wget
+RUN wget -O lzo.tar.gz \
+    http://www.oberhumer.com/opensource/lzo/download/lzo-2.10.tar.gz
+COPY *.c *.options build.sh $SRC/
+COPY lzo_decompress_target_seeds $SRC/lzo_decompress_target_seeds
diff --git a/projects/lzo/build.sh b/projects/lzo/build.sh
new file mode 100755
index 000000000..40a9a04be
--- /dev/null
+++ b/projects/lzo/build.sh
@@ -0,0 +1,35 @@
+#!/bin/bash -eu
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# build project
+cd $SRC
+tar xzf lzo.tar.gz
+cd lzo-*
+./configure && make -j$(nproc)
+
+# build fuzzers
+for file in $SRC/*.c;
+do
+    name=$(basename $file .c)
+    $CC -c -I include -I minilzo -I include/lzo ${file} -o ${name}.o
+    $CXX $CXXFLAGS -std=c++11 -I include -I minilzo -I include/lzo ${name}.o \
+        -o $OUT/${name} -lFuzzingEngine src/.libs/liblzo2.a
+done
+
+# copy fuzzer options
+cp $SRC/*.options $OUT/
+zip -j $OUT/lzo_decompress_target_seed_corpus.zip $SRC/lzo_decompress_target_seeds/*
diff --git a/projects/lzo/lzo_compress_target.c b/projects/lzo/lzo_compress_target.c
new file mode 100644
index 000000000..897fcfef9
--- /dev/null
+++ b/projects/lzo/lzo_compress_target.c
@@ -0,0 +1,78 @@
+/*
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <assert.h>
+#include "minilzo.h"
+
+/* Work-memory needed for compression. Allocate memory in units
+ * of 'lzo_align_t' (instead of 'char') to make sure it is properly aligned.
+ */
+#define HEAP_ALLOC(var,size) \
+    lzo_align_t __LZO_MMODEL var [ ((size) + (sizeof(lzo_align_t) - 1)) / sizeof(lzo_align_t) ]
+
+static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS);
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    int r;
+    lzo_uint out_len;
+    lzo_uint new_len;
+    /* We want to compress the data block at 'in' with length 'IN_LEN' to
+     * the block at 'out'. Because the input block may be incompressible,
+     * we must provide a little more output space in case that compression
+     * is not possible.
+    */
+    unsigned char __LZO_MMODEL in[size];
+    unsigned char __LZO_MMODEL out[size + size/16 + 64 + 3];
+
+    static bool isInit = false;
+    if (!isInit)
+    {
+        if (lzo_init() != LZO_E_OK)
+        {
+            printf("internal error - lzo_init() failed !!!\n");
+            return 0;
+        }
+        isInit = true;
+    }
+
+    /* Compress with LZO1X-1. */
+    r = lzo1x_1_compress(data,size,out,&out_len,wrkmem);
+    assert(r == LZO_E_OK);
+    printf("compressed %lu bytes into %lu bytes\n",
+            (unsigned long) size, (unsigned long) out_len);
+    
+    /* check for an incompressible block */
+    if (out_len >= size)
+    {
+        printf("This block contains incompressible data.\n");
+        return 0;
+    }
+
+    /* Decompress. */
+    new_len = size;
+    r = lzo1x_decompress(out,out_len,in,&new_len,NULL);
+    assert(r == LZO_E_OK && new_len == size);
+    printf("decompressed %lu bytes back into %lu bytes\n",
+            (unsigned long) out_len, (unsigned long) size);
+    return 0;
+}
diff --git a/projects/lzo/lzo_compress_target.options b/projects/lzo/lzo_compress_target.options
new file mode 100644
index 000000000..329a6e27b
--- /dev/null
+++ b/projects/lzo/lzo_compress_target.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+close_fd_mask = 3
diff --git a/projects/lzo/lzo_decompress_target.c b/projects/lzo/lzo_decompress_target.c
new file mode 100644
index 000000000..92b289b5a
--- /dev/null
+++ b/projects/lzo/lzo_decompress_target.c
@@ -0,0 +1,93 @@
+/*
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <assert.h>
+#include "lzo1b.h"
+#include "lzo1c.h"
+#include "lzo1f.h"
+#include "lzo1x.h"
+#include "lzo1y.h"
+#include "lzo1z.h"
+#include "lzo2a.h"
+
+/* Work-memory needed for compression. Allocate memory in units
+ * of 'lzo_align_t' (instead of 'char') to make sure it is properly aligned.
+ */
+#define HEAP_ALLOC(var,size) \
+    lzo_align_t __LZO_MMODEL var [ ((size) + (sizeof(lzo_align_t) - 1)) / sizeof(lzo_align_t) ]
+
+static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS);
+
+typedef int (*decompress_function)( const lzo_bytep, lzo_uint  ,
+                                lzo_bytep, lzo_uintp,
+                                lzo_voidp  );
+
+#define NUM_DECOMP   7
+
+static decompress_function funcArr[NUM_DECOMP] =
+{
+        &lzo1b_decompress_safe,
+        &lzo1c_decompress_safe,
+        &lzo1f_decompress_safe,
+        &lzo1x_decompress_safe,
+        &lzo1y_decompress_safe,
+        &lzo1z_decompress_safe,
+        &lzo2a_decompress_safe
+};
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    int r;
+    lzo_uint new_len;
+    if (size < 2){
+        return 0;
+    }
+    /* We want to compress the data block at 'in' with length 'IN_LEN' to
+     * the block at 'out'. Because the input block may be incompressible,
+     * we must provide a little more output space in case that compression
+     * is not possible.
+    */
+    unsigned char __LZO_MMODEL out[size];
+
+    static bool isInit = false;
+    if (!isInit)
+    {
+        if (lzo_init() != LZO_E_OK)
+        {
+            printf("internal error - lzo_init() failed !!!\n");
+            return 0;
+        }
+        isInit = true;
+    }
+
+    /* Decompress. */
+    int idx = data[0] % NUM_DECOMP;
+    new_len = size;
+    r = (*funcArr[idx])(&data[1],size-1,out,&new_len,NULL);
+    if (r != LZO_E_OK)
+    {
+        printf("error thrown by lzo1x_decompress_safe: %d\n", r);
+    }
+    printf("decompressed %lu bytes back into %lu bytes\n",
+            (unsigned long) size, (unsigned long) new_len);
+    return 0;
+}
diff --git a/projects/lzo/lzo_decompress_target.options b/projects/lzo/lzo_decompress_target.options
new file mode 100644
index 000000000..329a6e27b
--- /dev/null
+++ b/projects/lzo/lzo_decompress_target.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+close_fd_mask = 3
diff --git a/projects/lzo/lzo_decompress_target_seeds/seed.lzo b/projects/lzo/lzo_decompress_target_seeds/seed.lzo
new file mode 100755
index 000000000..bf310368e
--- /dev/null
+++ b/projects/lzo/lzo_decompress_target_seeds/seed.lzo
diff --git a/projects/lzo/project.yaml b/projects/lzo/project.yaml
new file mode 100644
index 000000000..ab698ac34
--- /dev/null
+++ b/projects/lzo/project.yaml
@@ -0,0 +1,8 @@
+homepage: "http://www.oberhumer.com"
+primary_contact: "info@oberhumer.com"
+auto_ccs:
+  - "bshas3@gmail.com"
+sanitizers:
+  - address
+  - memory
+  - undefined
author	Bhargava Shastry <bshas3@gmail.com>	2018-10-23 16:22:41 +0200
committer	Max Moroz <dor3s1@gmail.com>	2018-10-23 07:22:41 -0700
commit	754db9eb6cb46ba148346cffc8410b718f31b8c0 (patch)
tree	ebbc2a11b5e73dd2b699e8b8eaf023211f339732 /projects/lzo
parent	f2b4a02601d7439e3546e5ce9655d5c581f35f4f (diff)
download	oss-fuzz-754db9eb6cb46ba148346cffc8410b718f31b8c0.tar.gz