[openexr] Additional fuzzers (#4173)

* added two fuzzers from patch files, stripped unnecessary code from exrenvmap_fuzzer, build currently failing

* exrheader build working

* checking coverage for exrheader_fuzzer

* removed writes to cout for exrheader_fuzzer

* exrheader_fuzzer and exrenvmap_fuzzer working

* added license to exrheader_fuzzer

* remove namespaceAlias.h

* changed function names in exrheader_fuzzer, wrote files to /tmp in exrenvmap_fuzzer, included style fixes

4 files changed, 335 insertions, 2 deletions

diff --git a/projects/openexr/Dockerfile b/projects/openexr/Dockerfile
index d8c4d5e13..529b9b1e4 100644
--- a/projects/openexr/Dockerfile
+++ b/projects/openexr/Dockerfile
@@ -18,4 +18,4 @@ FROM gcr.io/oss-fuzz-base/base-builder
 RUN apt-get update && apt-get install -y make autoconf automake libtool zlib1g-dev
 RUN git clone --depth 1 https://github.com/AcademySoftwareFoundation/openexr openexr
 WORKDIR openexr
-COPY build.sh openexr_deepscanlines_fuzzer.cc openexr_deeptiles_fuzzer.cc openexr_scanlines_fuzzer.cc openexr_tiles_fuzzer.cc $SRC/
+COPY build.sh *_fuzzer.cc $SRC/
diff --git a/projects/openexr/build.sh b/projects/openexr/build.sh
index fa63c2a4e..990f1559f 100755
--- a/projects/openexr/build.sh
+++ b/projects/openexr/build.sh
@@ -21,7 +21,6 @@ CMAKE_SETTINGS=(
   "-D BUILD_SHARED_LIBS=OFF"         # Build static libraries only
   "-D PYILMBASE_ENABLE=OFF"          # Don't build Python support
   "-D BUILD_TESTING=OFF"             # Or tests
-  "-D OPENEXR_BUILD_UTILS=OFF"       # Or utilities
   "-D INSTALL_OPENEXR_EXAMPLES=OFF"  # Or examples
   "-D OPENEXR_LIB_SUFFIX="           # Don't append the version number to library files
   "-D ILMBASE_LIB_SUFFIX="
@@ -29,8 +28,11 @@ CMAKE_SETTINGS=(
 cmake $SRC/openexr ${CMAKE_SETTINGS[@]}
 make -j$(nproc)
 
+ar -qc $WORK/OpenEXR/libOpenexrUtils.a $(find $WORK/ -name "*.o")
+
 INCLUDES=(
   "-I $SRC/openexr/OpenEXR/IlmImf"
+  "-I $SRC/openexr/OpenEXR/exrenvmap"
   "-I $SRC/openexr/IlmBase/Imath"
   "-I $SRC/openexr/IlmBase/Iex"
   "-I $SRC/openexr/IlmBase/Half"
@@ -44,6 +46,7 @@ LIBS=(
   "$WORK/IlmBase/Half/libHalf.a"
   "$WORK/IlmBase/IlmThread/libIlmThread.a"
   "$WORK/IlmBase/Imath/libImath.a"
+  "$WORK/OpenEXR/libOpenexrUtils.a"
 )
 
 for fuzzer in $SRC/*_fuzzer.cc; do
diff --git a/projects/openexr/openexr_exrenvmap_fuzzer.cc b/projects/openexr/openexr_exrenvmap_fuzzer.cc
new file mode 100644
index 000000000..bb1b81717
--- /dev/null
+++ b/projects/openexr/openexr_exrenvmap_fuzzer.cc
@@ -0,0 +1,98 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <makeCubeMap.h>
+#include <makeLatLongMap.h>
+#include <blurImage.h>
+#include <EnvmapImage.h>
+#include <ImfEnvmap.h>
+#include <ImfHeader.h>
+
+#include <iostream>
+#include <exception>
+#include <string>
+#include <string.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+using namespace OPENEXR_IMF_NAMESPACE;
+using namespace std;
+
+static char *buf_to_file(const char *buf, size_t size) {
+  char *name = strdup("/tmp/fuzz-XXXXXX");
+  int fd = mkstemp(name);
+  if (fd < 0) {
+    perror("open");
+    exit(1);
+  }
+  size_t pos = 0;
+  while (pos < size) {
+    int nbytes = write(fd, &buf[pos], size - pos);
+    if (nbytes <= 0) {
+      perror("write");
+      exit(1);
+    }
+    pos += nbytes;
+  }
+  if (close(fd) != 0) {
+    perror("close");
+    exit(1);
+  }
+  return name;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+
+  char *file = buf_to_file((const char *)data, size);
+  if (!file) return 0;
+
+  Envmap overrideInputType = NUM_ENVMAPTYPES;
+  LevelMode levelMode = ONE_LEVEL;
+  LevelRoundingMode roundingMode = ROUND_DOWN;
+  Compression compression = ZIP_COMPRESSION;
+  int mapWidth = 256;
+  int tileWidth = 64;
+  int tileHeight = 64;
+  int numSamples = 5;
+  float filterRadius = 1;
+
+  EnvmapImage image;
+  Header header;
+  RgbaChannels channels;
+
+  try {
+    readInputImage (file, 0, 0,
+                    overrideInputType, false,
+                    image, header, channels);
+
+    makeCubeMap (image, header, channels,
+                 "/dev/null",
+                 tileWidth, tileHeight,
+                 levelMode, roundingMode,
+                 compression, mapWidth,
+                 filterRadius, numSamples,
+                 false);
+  } catch (IEX_NAMESPACE::InputExc& e) {
+    ;
+  } catch (IEX_NAMESPACE::ArgExc& e) {
+    ;
+  }
+
+  unlink(file);
+  free(file);
+
+  return 0;
+}
diff --git a/projects/openexr/openexr_exrheader_fuzzer.cc b/projects/openexr/openexr_exrheader_fuzzer.cc
new file mode 100644
index 000000000..45cec2d37
--- /dev/null
+++ b/projects/openexr/openexr_exrheader_fuzzer.cc
@@ -0,0 +1,232 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "ImfNamespace.h"
+#include <ImfMultiPartInputFile.h>
+#include <ImfBoxAttribute.h>
+#include <ImfChannelListAttribute.h>
+#include <ImfChromaticitiesAttribute.h>
+#include <ImfCompressionAttribute.h>
+#include <ImfDoubleAttribute.h>
+#include <ImfEnvmapAttribute.h>
+#include <ImfFloatAttribute.h>
+#include <ImfIntAttribute.h>
+#include <ImfKeyCodeAttribute.h>
+#include <ImfLineOrderAttribute.h>
+#include <ImfMatrixAttribute.h>
+#include <ImfPreviewImageAttribute.h>
+#include <ImfRationalAttribute.h>
+#include <ImfStringAttribute.h>
+#include <ImfStringVectorAttribute.h>
+#include <ImfTileDescriptionAttribute.h>
+#include <ImfTimeCodeAttribute.h>
+#include <ImfVecAttribute.h>
+#include <ImfVersion.h>
+#include <ImfHeader.h>
+#include <ImfStdIO.h>
+
+#include <iostream>
+#include <iomanip>
+
+using namespace OPENEXR_IMF_NAMESPACE;
+using namespace std;
+
+void
+dumpTimeCode (TimeCode tc)
+{
+    tc.hours();
+    tc.minutes();
+    tc.seconds();
+    tc.frame();
+
+    tc.dropFrame();
+    tc.colorFrame();
+    tc.fieldPhase();
+    tc.bgf0();
+    tc.bgf1();
+    tc.bgf2();
+    tc.userData();
+}
+
+void
+dumpChannelList (const ChannelList &cl)
+{
+    for (ChannelList::ConstIterator i = cl.begin(); i != cl.end(); ++i)
+    {
+        i.name();
+        i.channel();
+    }
+}
+
+
+void
+dumpInfo (IStream &is)
+{
+    MultiPartInputFile in(is, 0);
+    int parts = in.parts();
+
+    getVersion(in.version());
+    getFlags(in.version());
+
+    for (int p = 0; p < parts ; ++p)
+    {
+        const Header & h = in.header (p);
+
+        if (parts != 1)
+        {
+            in.partComplete(p);
+        }
+
+        for (Header::ConstIterator i = h.begin(); i != h.end(); ++i)
+        {
+            const Attribute *a = &i.attribute();
+            i.name();
+            a->typeName();
+
+            if (const Box2iAttribute *ta =
+                            dynamic_cast <const Box2iAttribute *> (a))
+            {
+                ta->value();
+            }
+
+            else if (const Box2fAttribute *ta =
+                            dynamic_cast <const Box2fAttribute *> (a))
+            {
+                ta->value();
+            }
+            else if (const ChannelListAttribute *ta =
+                            dynamic_cast <const ChannelListAttribute *> (a))
+            {
+                dumpChannelList(ta->value());
+            }
+            else if (const ChromaticitiesAttribute *ta =
+                            dynamic_cast <const ChromaticitiesAttribute *> (a))
+            {
+                ta->value();
+            }
+            else if (const DoubleAttribute *ta =
+                            dynamic_cast <const DoubleAttribute *> (a))
+            {
+                ta->value();
+            }
+            else if (const FloatAttribute *ta =
+                            dynamic_cast <const FloatAttribute *> (a))
+            {
+                ta->value();
+            }
+            else if (const IntAttribute *ta =
+                            dynamic_cast <const IntAttribute *> (a))
+            {
+                ta->value();
+            }
+            else if (const KeyCodeAttribute *ta =
+                            dynamic_cast <const KeyCodeAttribute *> (a))
+            {
+                ta->value().filmMfcCode();
+                ta->value().filmType();
+                ta->value().prefix();
+                ta->value().count();
+                ta->value().perfOffset();
+                ta->value().perfsPerFrame();
+                ta->value().perfsPerCount();
+            }
+            else if (const M33fAttribute *ta =
+                            dynamic_cast <const M33fAttribute *> (a))
+            {
+                ta->value();
+            }
+            else if (const M44fAttribute *ta =
+                            dynamic_cast <const M44fAttribute *> (a))
+            {
+                ta->value();
+            }
+            else if (const PreviewImageAttribute *ta =
+                            dynamic_cast <const PreviewImageAttribute *> (a))
+            {
+                ta->value().width();
+                ta->value().height();
+            }
+            else if (const StringAttribute *ta =
+                            dynamic_cast <const StringAttribute *> (a))
+            {
+                ta->value();
+            }
+            else if (const StringVectorAttribute * ta =
+                            dynamic_cast<const StringVectorAttribute *>(a))
+            {
+                for (StringVector::const_iterator i = ta->value().begin();
+                                i != ta->value().end();
+                                ++i)
+                {
+                    *i;
+                }
+            }
+            else if (const RationalAttribute *ta =
+                            dynamic_cast <const RationalAttribute *> (a))
+            {
+                ta->value();
+            }
+            else if (const TileDescriptionAttribute *ta =
+                            dynamic_cast <const TileDescriptionAttribute *> (a))
+            {
+                ta->value();
+
+            }
+            else if (const TimeCodeAttribute *ta =
+                            dynamic_cast <const TimeCodeAttribute *> (a))
+            {
+                dumpTimeCode (ta->value());
+            }
+            else if (const V2iAttribute *ta =
+                            dynamic_cast <const V2iAttribute *> (a))
+            {
+                ta->value();
+            }
+            else if (const V2fAttribute *ta =
+                            dynamic_cast <const V2fAttribute *> (a))
+            {
+                ta->value();
+            }
+            else if (const V3iAttribute *ta =
+                            dynamic_cast <const V3iAttribute *> (a))
+            {
+                ta->value();
+            }
+            else if (const V3fAttribute *ta =
+                            dynamic_cast <const V3fAttribute *> (a))
+            {
+                ta->value();
+            }
+
+        }
+    }
+
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+
+  const std::string s(reinterpret_cast<const char*>(data), size);
+  StdISStream is;
+  is.str(s);
+
+  try {
+    dumpInfo(is);
+  } catch (IEX_NAMESPACE::InputExc& e) {
+    ;
+  } catch (IEX_NAMESPACE::ArgExc& e) {
+    ;
+  }
+
+  return 0;
+}