Add msgpack-c (#1313)

Add fuzzer for pack and unpack functions

4 files changed, 79 insertions, 0 deletions

diff --git a/projects/msgpack-c/Dockerfile b/projects/msgpack-c/Dockerfile
new file mode 100644
index 000000000..d92f00fdb
--- /dev/null
+++ b/projects/msgpack-c/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER chriswwolfe@gmail.com
+RUN apt-get update && apt-get install -y cmake
+RUN git clone --depth 1 https://github.com/msgpack/msgpack-c.git msgpack-c
+RUN git clone --depth 1 https://github.com/derwolfe/msgpack-corpora.git msgpack-corpora
+WORKDIR msgpack-c
+COPY build.sh unpack_pack_fuzzer.cc $SRC/
diff --git a/projects/msgpack-c/build.sh b/projects/msgpack-c/build.sh
new file mode 100755
index 000000000..3a28125f1
--- /dev/null
+++ b/projects/msgpack-c/build.sh
@@ -0,0 +1,27 @@
+#!/bin/bash -eu
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cmake -DCMAKE_C_COMPILER="$CC" -DCMAKE_CXX_COMPILER="$CXX" \
+      -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS" \
+      -DMSGPACK_CXX11=ON .
+make -j$(nproc) all
+
+$CXX $CXXFLAGS -std=c++11 -Iinclude -I"$SRC/msgpack-c/include" \
+     "$SRC/unpack_pack_fuzzer.cc" -o "$OUT/unpack_pack_fuzzer" \
+     -lFuzzingEngine "$SRC/msgpack-c/libmsgpackc.a"
+
+zip -rj "$OUT/unpack_pack_fuzzer_seed_corpus.zip" "$SRC/msgpack-corpora/packed/"
diff --git a/projects/msgpack-c/project.yaml b/projects/msgpack-c/project.yaml
new file mode 100644
index 000000000..de292c53e
--- /dev/null
+++ b/projects/msgpack-c/project.yaml
@@ -0,0 +1,8 @@
+homepage: "https://msgpack.org/"
+primary_contact: "redboltz@gmail.com"
+auto_ccs:
+  - chriswwolfe@gmail.com
+sanitizers:
+  - address
+  - memory
+  - undefined
diff --git a/projects/msgpack-c/unpack_pack_fuzzer.cc b/projects/msgpack-c/unpack_pack_fuzzer.cc
new file mode 100644
index 000000000..7f967331d
--- /dev/null
+++ b/projects/msgpack-c/unpack_pack_fuzzer.cc
@@ -0,0 +1,21 @@
+#include <msgpack.hpp>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  try {
+    // NOTE(derwolfe): by default the limits are set at 2^32-1 length. I'm
+    // setting these at far smaller values to avoid OOMs
+    const int test_limit = 10000;
+    msgpack::object_handle unpacked = msgpack::unpack(reinterpret_cast<const char *>(data),
+                                                      size,
+                                                      nullptr,
+                                                      nullptr,
+                                                      msgpack::unpack_limit(test_limit,
+                                                                            test_limit,
+                                                                            test_limit,
+                                                                            test_limit));
+    msgpack::sbuffer sbuf;
+    msgpack::pack(sbuf, unpacked.get());
+  } catch (...) {
+  }
+  return 0;
+}