diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2020-02-03 00:25:58 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2020-02-03 00:25:58 +0000 |
| commit | 91ab89dc871b905e5bb00d8247e9ffd0b2c8e162 (patch) | |
| tree | 06d9c76fcd1e50965e3f13ae2830af0aa8fdbf79 /projects | |
| parent | 580206a8c05a50f52ceec39c4b3e309855d2997a (diff) | |
| parent | fc25fcf0519e5da3d5acfea27eadaa9ccffaef55 (diff) | |
| download | oss-fuzz-android11-platform-release.tar.gz | |
Snap for 6176706 from fc25fcf0519e5da3d5acfea27eadaa9ccffaef55 to rvc-releaseandroid-vts-11.0_r9android-vts-11.0_r8android-vts-11.0_r7android-vts-11.0_r6android-vts-11.0_r5android-vts-11.0_r4android-vts-11.0_r3android-vts-11.0_r2android-vts-11.0_r16android-vts-11.0_r15android-vts-11.0_r14android-vts-11.0_r13android-vts-11.0_r12android-vts-11.0_r11android-vts-11.0_r10android-vts-11.0_r1android-security-11.0.0_r76android-security-11.0.0_r75android-security-11.0.0_r74android-security-11.0.0_r73android-security-11.0.0_r72android-security-11.0.0_r71android-security-11.0.0_r70android-security-11.0.0_r69android-security-11.0.0_r68android-security-11.0.0_r67android-security-11.0.0_r66android-security-11.0.0_r65android-security-11.0.0_r64android-security-11.0.0_r63android-security-11.0.0_r62android-security-11.0.0_r61android-security-11.0.0_r60android-security-11.0.0_r59android-security-11.0.0_r58android-security-11.0.0_r57android-security-11.0.0_r56android-security-11.0.0_r55android-security-11.0.0_r54android-security-11.0.0_r53android-security-11.0.0_r52android-security-11.0.0_r51android-security-11.0.0_r50android-security-11.0.0_r49android-security-11.0.0_r1android-platform-11.0.0_r9android-platform-11.0.0_r8android-platform-11.0.0_r7android-platform-11.0.0_r6android-platform-11.0.0_r5android-platform-11.0.0_r40android-platform-11.0.0_r4android-platform-11.0.0_r39android-platform-11.0.0_r38android-platform-11.0.0_r37android-platform-11.0.0_r36android-platform-11.0.0_r35android-platform-11.0.0_r34android-platform-11.0.0_r33android-platform-11.0.0_r32android-platform-11.0.0_r31android-platform-11.0.0_r30android-platform-11.0.0_r3android-platform-11.0.0_r29android-platform-11.0.0_r28android-platform-11.0.0_r27android-platform-11.0.0_r26android-platform-11.0.0_r25android-platform-11.0.0_r24android-platform-11.0.0_r23android-platform-11.0.0_r22android-platform-11.0.0_r21android-platform-11.0.0_r20android-platform-11.0.0_r2android-platform-11.0.0_r19android-platform-11.0.0_r18android-platform-11.0.0_r17android-platform-11.0.0_r16android-platform-11.0.0_r15android-platform-11.0.0_r14android-platform-11.0.0_r13android-platform-11.0.0_r12android-platform-11.0.0_r11android-platform-11.0.0_r10android-platform-11.0.0_r1android-cts-11.0_r9android-cts-11.0_r8android-cts-11.0_r7android-cts-11.0_r6android-cts-11.0_r5android-cts-11.0_r4android-cts-11.0_r3android-cts-11.0_r2android-cts-11.0_r16android-cts-11.0_r15android-cts-11.0_r14android-cts-11.0_r13android-cts-11.0_r12android-cts-11.0_r11android-cts-11.0_r10android-cts-11.0_r1android-11.0.0_r6android-11.0.0_r5android-11.0.0_r4android-11.0.0_r3android-11.0.0_r25android-11.0.0_r2android-11.0.0_r17android-11.0.0_r1android11-tests-releaseandroid11-security-releaseandroid11-s1-releaseandroid11-releaseandroid11-platform-releaseandroid11-gsi
Change-Id: If51f7e2f73df599e130e06b179c360fd2941ec8a
Diffstat (limited to 'projects')
89 files changed, 1242 insertions, 143 deletions
diff --git a/projects/proj4/build.sh b/projects/arrow/Dockerfile index 37c65f77f..110056d96 100755..100644 --- a/projects/proj4/build.sh +++ b/projects/arrow/Dockerfile @@ -1,5 +1,4 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. +# Copyright 2020 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,10 +14,16 @@ # ################################################################################ -./autogen.sh -./configure --disable-shared -make clean -s -make -j$(nproc) -s +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER dev@arrow.apache.org -./test/fuzzers/build_google_oss_fuzzers.sh -./test/fuzzers/build_seed_corpus.sh +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update -y -q && \ + apt-get update -y -q && \ + apt-get install -y -q --no-install-recommends \ + cmake \ + ninja-build \ + python3 + +RUN git clone --depth=1 https://github.com/apache/arrow.git $SRC/arrow +COPY build.sh $SRC/ diff --git a/projects/arrow/build.sh b/projects/arrow/build.sh new file mode 100755 index 000000000..dad1c0d83 --- /dev/null +++ b/projects/arrow/build.sh @@ -0,0 +1,61 @@ +#!/bin/bash -eu +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +set -ex + +ARROW=${SRC}/arrow/cpp + +cd ${WORK} + +cmake ${ARROW} -GNinja \ + -DCMAKE_BUILD_TYPE=Release \ + -DARROW_DEPENDENCY_SOURCE=BUNDLED \ + -DCMAKE_C_FLAGS="${CFLAGS}" \ + -DCMAKE_CXX_FLAGS="${CXXFLAGS}" \ + -DARROW_EXTRA_ERROR_CONTEXT=off \ + -DARROW_JEMALLOC=off \ + -DARROW_MIMALLOC=off \ + -DARROW_FILESYSTEM=off \ + -DARROW_PARQUET=off \ + -DARROW_BUILD_SHARED=off \ + -DARROW_BUILD_STATIC=on \ + -DARROW_BUILD_TESTS=off \ + -DARROW_BUILD_INTEGRATION=off \ + -DARROW_BUILD_BENCHMARKS=off \ + -DARROW_BUILD_EXAMPLES=off \ + -DARROW_BUILD_UTILITIES=off \ + -DARROW_TEST_LINKAGE=static \ + -DPARQUET_BUILD_EXAMPLES=off \ + -DPARQUET_BUILD_EXECUTABLES=off \ + -DPARQUET_REQUIRE_ENCRYPTION=off \ + -DARROW_WITH_BROTLI=off \ + -DARROW_WITH_BZ2=off \ + -DARROW_WITH_LZ4=off \ + -DARROW_WITH_SNAPPY=off \ + -DARROW_WITH_ZLIB=off \ + -DARROW_WITH_ZSTD=off \ + -DARROW_USE_GLOG=off \ + -DARROW_USE_ASAN=off \ + -DARROW_USE_UBSAN=off \ + -DARROW_USE_TSAN=off \ + -DARROW_FUZZING=on \ + +cmake --build . + +cp -a release/* ${OUT} + +${ARROW}/build-support/fuzzing/generate_corpuses.sh ${OUT} diff --git a/projects/arrow/project.yaml b/projects/arrow/project.yaml new file mode 100644 index 000000000..27a14563c --- /dev/null +++ b/projects/arrow/project.yaml @@ -0,0 +1,10 @@ +homepage: "https://arrow.apache.org/" +primary_contact: "antoine@python.org" +auto_ccs: + - "bengilgit@gmail.com" + - "emkornfield@gmail.com" + - "fsaintjacques@gmail.com" + - "micahk@google.com" + - "neal@rstudio.com" + - "szucs.krisztian@gmail.com" + - "wesmckinn@gmail.com" diff --git a/projects/assimp/#project.yaml# b/projects/assimp/#project.yaml# new file mode 100644 index 000000000..612e75b98 --- /dev/null +++ b/projects/assimp/#project.yaml# @@ -0,0 +1,10 @@ +homepage: "https://github.com/assimp/assimp" +primary_contact: "kim.kulling@googlemail.com" +auto_ccs: + - "kientzle@gmail.com" + - "martin@matuska.org" +sanitizers: + - address + - memory: + experimental: True + - undefined diff --git a/projects/binutils/build.sh b/projects/binutils/build.sh index c5476fda5..0c6fcc498 100755 --- a/projects/binutils/build.sh +++ b/projects/binutils/build.sh @@ -16,6 +16,10 @@ ################################################################################ # build project +if [ "$SANITIZER" = undefined ]; then + export CFLAGS="$CFLAGS -fno-sanitize=unsigned-integer-overflow" + export CXXFLAGS="$CXXFLAGS -fno-sanitize=unsigned-integer-overflow" +fi cd binutils-gdb ./configure --disable-gdb --enable-targets=all make MAKEINFO=true && true diff --git a/projects/capstone/project.yaml b/projects/capstone/project.yaml index 2c07cbb5c..ea91d827d 100644 --- a/projects/capstone/project.yaml +++ b/projects/capstone/project.yaml @@ -1,8 +1,14 @@ homepage: "https://www.capstone-engine.org" primary_contact: "capstone.engine@gmail.com" -auto_ccs : "p.antoine@catenacyber.fr" - +auto_ccs : + - "p.antoine@catenacyber.fr" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz + - dataflow sanitizers: -- address -- memory -- undefined + - address + - memory + - undefined + - dataflow diff --git a/projects/clamav/build.sh b/projects/clamav/build.sh index c383ab61e..716bc8a68 100755 --- a/projects/clamav/build.sh +++ b/projects/clamav/build.sh @@ -21,7 +21,7 @@ rm -rf ${WORK}/build mkdir -p ${WORK}/build cd ${WORK}/build -${SRC}/clamav-devel/configure --enable-fuzz=yes --with-libjson=no --with-pcre=no --enable-static=yes --enable-shared=no --disable-llvm --host=x86_64-unknown-linux-gnu +ac_cv_c_mmap_anonymous=no ${SRC}/clamav-devel/configure --disable-mempool --enable-fuzz=yes --with-libjson=no --with-pcre=no --enable-static=yes --enable-shared=no --disable-llvm --host=x86_64-unknown-linux-gnu make clean make -j"$(nproc)" diff --git a/projects/cmark/project.yaml b/projects/cmark/project.yaml index 2f23d1e6e..06a0be9cb 100644 --- a/projects/cmark/project.yaml +++ b/projects/cmark/project.yaml @@ -2,10 +2,17 @@ homepage: "http://commonmark.org" primary_contact: "jgm@berkeley.edu" auto_ccs: - "kivikakk@github.com" + - "wellnhofer@aevum.de" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz + - dataflow sanitizers: - address - memory - undefined + - dataflow architectures: - x86_64 - i386 diff --git a/projects/cryptofuzz/project.yaml b/projects/cryptofuzz/project.yaml index f6e036148..9ac4f6a4f 100644 --- a/projects/cryptofuzz/project.yaml +++ b/projects/cryptofuzz/project.yaml @@ -25,6 +25,7 @@ auto_ccs: - "jjones@mozilla.com" - "sledru@mozilla.com" - "kjacobs@mozilla.com" + - "matthias.st.pierre@gmail.com" sanitizers: - address - undefined diff --git a/projects/django/build.sh b/projects/django/build.sh index 4c5180409..25d7594df 100755 --- a/projects/django/build.sh +++ b/projects/django/build.sh @@ -41,7 +41,7 @@ case $SANITIZER in ;; esac -export CPYTHON_INSTALL_PATH=$OUT/cpython-install +export CPYTHON_INSTALL_PATH=$SRC/cpython-install rm -rf $CPYTHON_INSTALL_PATH mkdir $CPYTHON_INSTALL_PATH @@ -57,6 +57,8 @@ sed -i 's/case TARGET\(.*\): {/\0\nfuzzer_record_code_coverage(f->f_code, f->f_l make -j$(nproc) make install +cp -R $CPYTHON_INSTALL_PATH $OUT/ + rm -rf $OUT/django-dependencies mkdir $OUT/django-dependencies $CPYTHON_INSTALL_PATH/bin/pip3 install asgiref pytz sqlparse -t $OUT/django-dependencies diff --git a/projects/ecc-diff-fuzzer/build.sh b/projects/ecc-diff-fuzzer/build.sh index 71e05ba04..248941cd9 100755 --- a/projects/ecc-diff-fuzzer/build.sh +++ b/projects/ecc-diff-fuzzer/build.sh @@ -106,6 +106,7 @@ cp fuzz_ec_seed_corpus.zip $OUT/ cp fuzz_ec.dict $OUT/ $CC $CFLAGS -I. -c fuzz_ec.c -o fuzz_ec.o +$CC $CFLAGS -I. -c fail.c -o fail.o $CC $CFLAGS -I. -I../mbedtls/include -I../mbedtls/crypto/include -c modules/mbedtls.c -o mbedtls.o $CC $CFLAGS -I. -I../openssl/include -c modules/openssl.c -o openssl.o $CC $CFLAGS -DWITH_STDLIB -I. -I../libecc/src -c modules/libecc.c -o libecc.o @@ -114,4 +115,4 @@ $CXX $CXXFLAGS -I. -I../ -c modules/cryptopp.cpp -o cryptopp.o $CC $CFLAGS -I. -I../ -c modules/nettle.c -o nettle.o $CXX $CXXFLAGS -std=c++11 -I. -I../ -I../botan/build/include -c modules/botan.cpp -o botan.o -$CXX $CXXFLAGS fuzz_ec.o mbedtls.o libecc.o openssl.o gcrypt.o cryptopp.o nettle.o botan.o -o $OUT/fuzz_ec ../mbedtls/crypto/library/libmbedcrypto.a ../libecc/build/libec.a ../libecc/src/external_deps/rand.o ../openssl/libcrypto.a ../nettle/libhogweed.a ../nettle/libnettle.a ../nettle/gmp-6.1.2/.libs/libgmp.a ../gcrypt/src/.libs/libgcrypt.a ../cryptopp/libcryptopp.a ../botan/libbotan-2.a -lgpg-error $LIB_FUZZING_ENGINE +$CXX $CXXFLAGS fuzz_ec.o fail.o mbedtls.o libecc.o openssl.o gcrypt.o cryptopp.o nettle.o botan.o -o $OUT/fuzz_ec ../mbedtls/crypto/library/libmbedcrypto.a ../libecc/build/libec.a ../libecc/src/external_deps/rand.o ../openssl/libcrypto.a ../nettle/libhogweed.a ../nettle/libnettle.a ../nettle/gmp-6.1.2/.libs/libgmp.a ../gcrypt/src/.libs/libgcrypt.a ../cryptopp/libcryptopp.a ../botan/libbotan-2.a -lgpg-error $LIB_FUZZING_ENGINE diff --git a/projects/envoy/build.sh b/projects/envoy/build.sh index 934211ded..39ef1b26f 100755 --- a/projects/envoy/build.sh +++ b/projects/envoy/build.sh @@ -119,6 +119,8 @@ do mkdir -p "${CORPUS_UNTAR_PATH}" tar -C "${CORPUS_UNTAR_PATH}" -xvf bazel-bin/"${t}"_corpus_tar.tar TARGET_BASE="$(expr "$t" : '.*/\(.*\)_fuzz_test')" + # There may be *.dict files in this folder that need to be moved into the OUT dir. + find "${CORPUS_UNTAR_PATH}" -type f -name *.dict -exec mv -n {} "${OUT}"/ \; zip "${OUT}/${TARGET_BASE}"_fuzz_test_seed_corpus.zip \ "${CORPUS_UNTAR_PATH}"/* done diff --git a/projects/freetype2/project.yaml b/projects/freetype2/project.yaml index 3756cd3b2..e55e3d9b0 100644 --- a/projects/freetype2/project.yaml +++ b/projects/freetype2/project.yaml @@ -7,6 +7,7 @@ auto_ccs: - "ewaldhew@gmail.com" - "apodtele@gmail.com" - "prince.cherusker@gmail.com" + - "drott@chromium.org" vendor_ccs: - "jkew@mozilla.com" - "jmuizelaar@mozilla.com" diff --git a/projects/gdal/Dockerfile b/projects/gdal/Dockerfile index f04859e62..649fe3f43 100644 --- a/projects/gdal/Dockerfile +++ b/projects/gdal/Dockerfile @@ -28,7 +28,7 @@ RUN git clone --depth 1 https://github.com/curl/curl.git gdal/curl COPY NC4_put_propattr_leak_fix.patch libnetcdf_fix_undefined_left_shift_in_ncx_get_size_t.patch $SRC/ -RUN curl ftp://ftp.unidata.ucar.edu/pub/netcdf/netcdf-4.4.1.1.tar.gz > gdal/netcdf-4.4.1.1.tar.gz && \ +RUN curl https://www.gfd-dennou.org/arch/netcdf/unidata-mirror/netcdf-4.4.1.1.tar.gz > gdal/netcdf-4.4.1.1.tar.gz && \ cd gdal && \ tar xzf netcdf-4.4.1.1.tar.gz && \ rm -f netcdf-4.4.1.1.tar.gz && \ diff --git a/projects/ghostscript/Dockerfile b/projects/ghostscript/Dockerfile index 21dadb540..c4cdbd9dd 100644 --- a/projects/ghostscript/Dockerfile +++ b/projects/ghostscript/Dockerfile @@ -17,8 +17,9 @@ FROM gcr.io/oss-fuzz-base/base-builder MAINTAINER skau@google.com -RUN apt-get update && apt-get install -y autoconf zlibc liblcms2-dev libfreetype6-dev libpng-dev libtiff-dev +RUN apt-get update && apt-get install -y autoconf zlibc libtool liblcms2-dev libpng-dev libtiff-dev RUN git clone --branch branch-2.2 --single-branch --depth 1 https://github.com/apple/cups.git cups +RUN git clone --branch VER-2-10-1 --single-branch --depth 1 https://git.savannah.nongnu.org/git/freetype/freetype2.git freetype RUN git clone --single-branch --depth 1 git://git.ghostscript.com/ghostpdl.git ghostpdl RUN mkdir ghostpdl/fuzz diff --git a/projects/ghostscript/build.sh b/projects/ghostscript/build.sh index b6f9a827f..11ca104f8 100755 --- a/projects/ghostscript/build.sh +++ b/projects/ghostscript/build.sh @@ -36,14 +36,16 @@ rm -rf libpng || die rm -rf tiff || die rm -rf zlib || die -export CUPSCONFIG="$WORK/cups-config" +mv ../freetype freetype + +CUPSCONFIG="$WORK/cups-config" CUPS_CFLAGS=$($CUPSCONFIG --cflags) CUPS_LDFLAGS=$($CUPSCONFIG --ldflags) CUPS_LIBS=$($CUPSCONFIG --image --libs) export CXXFLAGS="$CXXFLAGS $CUPS_CFLAGS" -./autogen.sh -CPPFLAGS="${CPPFLAGS:-} $CUPS_CFLAGS" ./configure \ +CPPFLAGS="${CPPFLAGS:-} $CUPS_CFLAGS" ./autogen.sh \ + CUPSCONFIG=$CUPSCONFIG \ --enable-freetype --enable-fontconfig \ --enable-cups --with-ijs --with-jbig2dec \ --with-drivers=cups,ljet4,laserjet,pxlmono,pxlcolor,pcl3,uniprint diff --git a/projects/gnutls/build.sh b/projects/gnutls/build.sh index 83a23b592..a44282784 100755 --- a/projects/gnutls/build.sh +++ b/projects/gnutls/build.sh @@ -77,7 +77,8 @@ cd $SRC/gnutls ./bootstrap ASAN_OPTIONS=detect_leaks=0 LIBS="-lunistring" CXXFLAGS="$CXXFLAGS -L$DEPS_PATH/lib" \ ./configure --enable-fuzzer-target --disable-gcc-warnings --enable-static --disable-shared --disable-doc --disable-tests \ - --disable-tools --disable-cxx --disable-maintainer-mode --disable-libdane --without-p11-kit $GNUTLS_CONFIGURE_FLAGS + --disable-tools --disable-cxx --disable-maintainer-mode --disable-libdane --without-p11-kit \ + --disable-full-test-suite $GNUTLS_CONFIGURE_FLAGS # Do not use the syscall interface for randomness in oss-fuzz, it seems # to confuse memory sanitizer. diff --git a/projects/gnutls/project.yaml b/projects/gnutls/project.yaml index 34d15bbcd..87928f771 100644 --- a/projects/gnutls/project.yaml +++ b/projects/gnutls/project.yaml @@ -1,11 +1,11 @@ homepage: "https://www.gnutls.org" primary_contact: "n.mavrogiannopoulos@gmail.com" auto_ccs: - - "alex.gaynor@gmail.com" - "daiki.ueno@gmail.com" - "rockdaboot@gmail.com" - "nisse@google.com" - "anderjuaristi.cictg@gmail.com" + - "dbaryshkov@gmail.com" sanitizers: - address diff --git a/projects/go-attestation/project.yaml b/projects/go-attestation/project.yaml index ac3f56bf2..3dd47d8c1 100644 --- a/projects/go-attestation/project.yaml +++ b/projects/go-attestation/project.yaml @@ -7,3 +7,4 @@ fuzzing_engines: - libfuzzer sanitizers: - address +language: go diff --git a/projects/go-json-iterator/project.yaml b/projects/go-json-iterator/project.yaml index 2fc93ba65..101f0d44b 100644 --- a/projects/go-json-iterator/project.yaml +++ b/projects/go-json-iterator/project.yaml @@ -1,7 +1,7 @@ homepage: "https://jsoniter.com" primary_contact: "taowen@gmail.com" auto_ccs : "p.antoine@catenacyber.fr" - +language: go fuzzing_engines: - libfuzzer sanitizers: diff --git a/projects/golang-protobuf/project.yaml b/projects/golang-protobuf/project.yaml index 7c49f77e6..71ee2df12 100644 --- a/projects/golang-protobuf/project.yaml +++ b/projects/golang-protobuf/project.yaml @@ -6,3 +6,4 @@ sanitizers: - address fuzzing_engines: - libfuzzer +language: go diff --git a/projects/golang/project.yaml b/projects/golang/project.yaml index 2fe5b28dc..939f457ae 100644 --- a/projects/golang/project.yaml +++ b/projects/golang/project.yaml @@ -4,6 +4,7 @@ auto_ccs: - "golang-fuzz@googlegroups.com" - "mmoroz@chromium.org" - "josharian@gmail.com" +language: go sanitizers: - address fuzzing_engines: diff --git a/projects/gonids/project.yaml b/projects/gonids/project.yaml index 19e44019c..2b360887c 100644 --- a/projects/gonids/project.yaml +++ b/projects/gonids/project.yaml @@ -1,7 +1,7 @@ homepage: "https://github.com/google/gonids" primary_contact: "duane.security@gmail.com" auto_ccs : "p.antoine@catenacyber.fr" - +language: go fuzzing_engines: - libfuzzer sanitizers: diff --git a/projects/grpc/build.sh b/projects/grpc/build.sh index 0942b075a..85831535a 100755 --- a/projects/grpc/build.sh +++ b/projects/grpc/build.sh @@ -19,7 +19,6 @@ set -o errexit set -o nounset readonly FUZZER_DICTIONARIES=( - test/core/end2end/fuzzers/api_fuzzer.dictionary test/core/end2end/fuzzers/hpack.dictionary ) @@ -33,7 +32,6 @@ readonly FUZZER_TARGETS=( test/core/slice:percent_decode_fuzzer test/core/slice:percent_encode_fuzzer test/core/transport/chttp2:hpack_parser_fuzzer - test/core/end2end/fuzzers:api_fuzzer test/core/end2end/fuzzers:client_fuzzer test/core/end2end/fuzzers:server_fuzzer test/core/security:ssl_server_fuzzer @@ -139,7 +137,6 @@ zip "${OUT}/fuzzer_serverlist_seed_corpus.zip" test/core/nanopb/corpus_serverlis zip "${OUT}/percent_decode_fuzzer_seed_corpus.zip" test/core/slice/percent_decode_corpus/* zip "${OUT}/percent_encode_fuzzer_seed_corpus.zip" test/core/slice/percent_encode_corpus/* zip "${OUT}/hpack_parser_fuzzer_seed_corpus.zip" test/core/transport/chttp2/hpack_parser_corpus/* -zip "${OUT}/api_fuzzer_seed_corpus.zip" test/core/end2end/fuzzers/api_fuzzer_corpus/* zip "${OUT}/client_fuzzer_seed_corpus.zip" test/core/end2end/fuzzers/client_fuzzer_corpus/* zip "${OUT}/server_fuzzer_seed_corpus.zip" test/core/end2end/fuzzers/server_fuzzer_corpus/* zip "${OUT}/ssl_server_fuzzer_seed_corpus.zip" test/core/security/corpus/ssl_server_corpus/* diff --git a/projects/grpc/project.yaml b/projects/grpc/project.yaml index 34468a40d..3807e7c85 100644 --- a/projects/grpc/project.yaml +++ b/projects/grpc/project.yaml @@ -1,15 +1,12 @@ homepage: "http://www.grpc.io/" -primary_contact: "yangg@google.com" +primary_contact: "nnoble@google.com" auto_ccs: - - "guantaol@google.com" - - "hcaseyal@google.com" - - "juanlishen@google.com" - - "mhaidry@google.com" + - "donnadionne@google.com" + - "veblush@google.com" - "roth@google.com" - - "nnoble@google.com" - - "sheenaqotj@google.com" - - "vpai@google.com" + - "karthikrs@google.com" - "yashkt@google.com" + - "jiangtao@google.com" fuzzing_engines: - libfuzzer coverage_extra_args: -ignore-filename-regex=.*\.cache.* diff --git a/projects/harfbuzz/build.sh b/projects/harfbuzz/build.sh index 74c4f7d6b..c3d052052 100755 --- a/projects/harfbuzz/build.sh +++ b/projects/harfbuzz/build.sh @@ -43,6 +43,7 @@ for d in \ test/shaping/data/text-rendering-tests/fonts \ test/api/fonts \ test/fuzzing/fonts \ + perf/fonts \ ; do cp $d/* all-fonts/ done diff --git a/projects/harfbuzz/project.yaml b/projects/harfbuzz/project.yaml index 8b3dd2c0f..005daa5c2 100644 --- a/projects/harfbuzz/project.yaml +++ b/projects/harfbuzz/project.yaml @@ -12,14 +12,21 @@ auto_ccs: - "cchapman@adobe.com" - "ariza@typekit.com" - "qxliu@google.com" + - "ckitagawa@google.com" vendor_ccs: - "jmuizelaar@mozilla.com" - "lsalzman@mozilla.com" - "twsmith@mozilla.com" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz + - dataflow sanitizers: - address - undefined - memory + - dataflow architectures: - x86_64 - i386 diff --git a/projects/json-c/project.yaml b/projects/json-c/project.yaml index af56702d7..435a8036e 100644 --- a/projects/json-c/project.yaml +++ b/projects/json-c/project.yaml @@ -2,6 +2,15 @@ homepage: "https://json-c.github.io/json-c/" primary_contact: "erh+git@nimenees.com" auto_ccs: - "chriswwolfe@gmail.com" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz + - dataflow +sanitizers: + - address + - undefined + - dataflow architectures: - x86_64 - i386 diff --git a/projects/knot-dns/Dockerfile b/projects/knot-dns/Dockerfile index 22b103968..497718131 100644 --- a/projects/knot-dns/Dockerfile +++ b/projects/knot-dns/Dockerfile @@ -28,7 +28,9 @@ RUN apt-get update && apt-get install -y \ make \ pkg-config \ texinfo \ - wget + wget \ + libev4 \ + libev-dev ENV GNULIB_TOOL $SRC/gnulib/gnulib-tool RUN git clone git://git.savannah.gnu.org/gnulib.git diff --git a/projects/kubernetes/project.yaml b/projects/kubernetes/project.yaml index 695a571ec..e834026f9 100644 --- a/projects/kubernetes/project.yaml +++ b/projects/kubernetes/project.yaml @@ -4,3 +4,4 @@ fuzzing_engines: - libfuzzer sanitizers: - address +language: go diff --git a/projects/libavif/Dockerfile b/projects/libavif/Dockerfile new file mode 100644 index 000000000..a5e48a955 --- /dev/null +++ b/projects/libavif/Dockerfile @@ -0,0 +1,29 @@ +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER joedrago@gmail.com + +ADD bionic.list /etc/apt/sources.list.d/bionic.list +ADD nasm_apt.pin /etc/apt/preferences + +RUN apt-get update && \ + apt-get install --no-install-recommends -y curl python3-pip python3-setuptools python3-wheel cmake nasm git && \ + pip3 install meson ninja + +RUN git clone --depth 1 https://github.com/AOMediaCodec/libavif.git libavif +WORKDIR libavif +COPY build.sh avif_decode_fuzzer.cc avif_decode_seed_corpus.zip $SRC/ diff --git a/projects/libavif/avif_decode_fuzzer.cc b/projects/libavif/avif_decode_fuzzer.cc new file mode 100644 index 000000000..57473674d --- /dev/null +++ b/projects/libavif/avif_decode_fuzzer.cc @@ -0,0 +1,65 @@ +// Copyright 2020 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//############################################################################### + +#include "avif/avif.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + avifROData raw; + raw.data = Data; + raw.size = Size; + + avifDecoder *decoder = avifDecoderCreate(); + // avifDecoderSetSource(decoder, AVIF_DECODER_SOURCE_PRIMARY_ITEM); + avifResult result = avifDecoderParse(decoder, &raw); + if (result == AVIF_RESULT_OK) { + // printf("AVIF container reports dimensions: %ux%u (@ %u bpc)\n", + // decoder->containerWidth, decoder->containerHeight, + // decoder->containerDepth); + for (int loop = 0; loop < 2; ++loop) { + // printf("Image decoded: %s\n", inputFilename); + // printf(" * %2.2f seconds, %d images\n", decoder->duration, + // decoder->imageCount); + int frameIndex = 0; + while (avifDecoderNextImage(decoder) == AVIF_RESULT_OK) { + // printf(" * Decoded frame [%d] [pts %2.2f] [duration %2.2f] " + // "[keyframe:%s nearest:%u]: %dx%d\n", + // frameIndex, decoder->imageTiming.pts, + // decoder->imageTiming.duration, + // avifDecoderIsKeyframe(decoder, frameIndex) ? "true" : "false", + // avifDecoderNearestKeyframe(decoder, frameIndex), + // decoder->image->width, decoder->image->height); + ++frameIndex; + } + + if (loop != 1) { + result = avifDecoderReset(decoder); + if (result == AVIF_RESULT_OK) { + // printf("Decoder reset! Decoding one more time.\n"); + } else { + // printf("ERROR: Failed to reset decode: %s\n", + // avifResultToString(result)); + break; + } + } + } + } else { + // printf("ERROR: Failed to decode image: %s\n", + // avifResultToString(result)); + } + + avifDecoderDestroy(decoder); + return 0; // Non-zero return values are reserved for future use. +} diff --git a/projects/libavif/avif_decode_seed_corpus.zip b/projects/libavif/avif_decode_seed_corpus.zip Binary files differnew file mode 100644 index 000000000..eb04c208a --- /dev/null +++ b/projects/libavif/avif_decode_seed_corpus.zip diff --git a/projects/libavif/bionic.list b/projects/libavif/bionic.list new file mode 100644 index 000000000..8621803a7 --- /dev/null +++ b/projects/libavif/bionic.list @@ -0,0 +1,2 @@ +# use nasm 2.13.02 from bionic +deb http://archive.ubuntu.com/ubuntu/ bionic universe diff --git a/projects/libavif/build.sh b/projects/libavif/build.sh new file mode 100755 index 000000000..bf2bf4cf6 --- /dev/null +++ b/projects/libavif/build.sh @@ -0,0 +1,36 @@ +#!/bin/bash -eu +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build dav1d +cd ext && bash dav1d.cmd && cd .. + +# build libavif +mkdir build +cd build +cmake -G Ninja -DBUILD_SHARED_LIBS=0 -DAVIF_CODEC_DAV1D=1 -DAVIF_LOCAL_DAV1D=1 .. +ninja + +# build fuzzer +$CXX $CXXFLAGS -std=c++11 -I../include \ + $SRC/avif_decode_fuzzer.cc -o $OUT/avif_decode_fuzzer \ + $LIB_FUZZING_ENGINE libavif.a ../ext/dav1d/build/src/libdav1d.a + +# copy seed corpus +cp $SRC/avif_decode_seed_corpus.zip $OUT/ + +# show contents of $OUT/ for sanity checking +find $OUT/ diff --git a/projects/libavif/nasm_apt.pin b/projects/libavif/nasm_apt.pin new file mode 100644 index 000000000..69099026b --- /dev/null +++ b/projects/libavif/nasm_apt.pin @@ -0,0 +1,7 @@ +Package: * +Pin: release n=bionic +Pin-Priority: 1 + +Package: nasm +Pin: release n=bionic +Pin-Priority: 555 diff --git a/projects/libavif/project.yaml b/projects/libavif/project.yaml new file mode 100644 index 000000000..60816faf5 --- /dev/null +++ b/projects/libavif/project.yaml @@ -0,0 +1,2 @@ +homepage: "https://github.com/AOMediaCodec/libavif" +primary_contact: "joedrago@gmail.com" diff --git a/projects/libexif/exif_loader_fuzzer.cc b/projects/libexif/exif_loader_fuzzer.cc index 7c32c9c51..98365b7b5 100644 --- a/projects/libexif/exif_loader_fuzzer.cc +++ b/projects/libexif/exif_loader_fuzzer.cc @@ -12,6 +12,33 @@ void data_func(ExifContent *content, void *user_data) { exif_content_foreach_entry(content, content_func, NULL); } +static void +test_exif_data (ExifData *d) { + unsigned int i, c; + char v[1024], *p; + ExifMnoteData *md; + + md = exif_data_get_mnote_data (d); + if (!md) { + return; + } + + exif_mnote_data_ref (md); + exif_mnote_data_unref (md); + + c = exif_mnote_data_count (md); + for (i = 0; i < c; i++) { + const char *name = exif_mnote_data_get_name (md, i); + if (!name) { + break; + } + exif_mnote_data_get_title (md, i); + exif_mnote_data_get_description (md, i); + exif_mnote_data_get_value (md, i, v, sizeof (v)); + } +} + + extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ExifLoader *loader = exif_loader_new(); ExifData *exif_data; @@ -25,6 +52,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { return 0; } exif_data_foreach_content(exif_data, data_func, NULL); + test_exif_data (exif_data); exif_loader_unref(loader); exif_data_unref(exif_data); return 0; diff --git a/projects/libexif/project.yaml b/projects/libexif/project.yaml index 4ccd24cf9..72f2d93df 100644 --- a/projects/libexif/project.yaml +++ b/projects/libexif/project.yaml @@ -2,6 +2,7 @@ homepage: "https://libexif.github.io" primary_contact: "dan@coneharvesters.com" auto_ccs: - paul.l.kehrer@gmail.com + - marcus@jet.franken.de fuzzing_engines: - libfuzzer - afl diff --git a/projects/libpcap/project.yaml b/projects/libpcap/project.yaml index b0a25ee8a..c7af8df98 100644 --- a/projects/libpcap/project.yaml +++ b/projects/libpcap/project.yaml @@ -1,11 +1,16 @@ homepage: "https://www.tcpdump.org" primary_contact: "security@tcpdump.org" auto_ccs : -- "p.antoine@catenacyber.fr" -- "infra.station@gmail.com" -- "guy@alum.mit.edu" - + - "p.antoine@catenacyber.fr" + - "infra.station@gmail.com" + - "guy@alum.mit.edu" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz + - dataflow sanitizers: -- address -- memory -- undefined + - address + - memory + - undefined + - dataflow diff --git a/projects/libplist/project.yaml b/projects/libplist/project.yaml index 9fa0e1f37..6bbfd7607 100644 --- a/projects/libplist/project.yaml +++ b/projects/libplist/project.yaml @@ -2,7 +2,13 @@ homepage: "https://github.com/libimobiledevice/libplist" primary_contact: "nikias.bassen@gmail.com" auto_ccs: - "nikias@gmx.li" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz + - dataflow sanitizers: - address - memory - undefined + - dataflow diff --git a/projects/libwebp/project.yaml b/projects/libwebp/project.yaml index 1a3c38378..16c58b3b7 100644 --- a/projects/libwebp/project.yaml +++ b/projects/libwebp/project.yaml @@ -1,14 +1,20 @@ homepage: "https://developers.google.com/speed/webp/" primary_contact: "jzern@google.com" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz + - dataflow sanitizers: -- address -- undefined -- memory + - address + - undefined + - memory + - dataflow auto_ccs: -- pascal.massimino@gmail.com -- vrabaud@google.com -- yguyon@google.com + - pascal.massimino@gmail.com + - vrabaud@google.com + - yguyon@google.com vendor_ccs: -- aosmond@mozilla.com -- tnikkel@mozilla.com -- twsmith@mozilla.com + - aosmond@mozilla.com + - tnikkel@mozilla.com + - twsmith@mozilla.com diff --git a/projects/mtail/project.yaml b/projects/mtail/project.yaml index 3878cca55..af7d2d4fe 100644 --- a/projects/mtail/project.yaml +++ b/projects/mtail/project.yaml @@ -4,3 +4,4 @@ fuzzing_engines: - libfuzzer sanitizers: - address +language: go diff --git a/projects/mupdf/project.yaml b/projects/mupdf/project.yaml index 7cc9ab3dc..a68aec1fc 100644 --- a/projects/mupdf/project.yaml +++ b/projects/mupdf/project.yaml @@ -1,8 +1,14 @@ homepage: "https://www.mupdf.com" primary_contact: tor.andersson@artifex.com +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz + - dataflow sanitizers: - address - memory + - dataflow auto_ccs: - jonathan@titanous.com - sebastian.rasmussen@artifex.com diff --git a/projects/myanmar-tools/Dockerfile b/projects/myanmar-tools/Dockerfile index 42d1adc5c..90f94c627 100644 --- a/projects/myanmar-tools/Dockerfile +++ b/projects/myanmar-tools/Dockerfile @@ -17,7 +17,8 @@ MAINTAINER sffc@google.com RUN apt-get update && apt-get -y install \ build-essential \ - cmake + cmake \ + libunwind-dev RUN git clone https://github.com/google/myanmar-tools.git WORKDIR $SRC/myanmar-tools/clients/cpp/ COPY build.sh $SRC/ diff --git a/projects/mysql-server/fix.diff b/projects/mysql-server/fix.diff index 562d1b38b..7e3e171a7 100644 --- a/projects/mysql-server/fix.diff +++ b/projects/mysql-server/fix.diff @@ -1,8 +1,8 @@ diff --git a/CMakeLists.txt b/CMakeLists.txt -index 17939f7c6f4..e05deb5911e 100644 +index ce1d1bb05b5..d1d0b04f202 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -517,6 +517,7 @@ IF(WITH_JEMALLOC) +@@ -528,6 +528,7 @@ IF(WITH_JEMALLOC) STRING_APPEND(CMAKE_CXX_FLAGS " -fno-builtin-realloc -fno-builtin-free") ENDIF() @@ -10,8 +10,8 @@ index 17939f7c6f4..e05deb5911e 100644 OPTION(ENABLED_PROFILING "Enable profiling" ON) OPTION(WITHOUT_SERVER OFF) IF(UNIX) -@@ -1324,6 +1325,10 @@ IF(NOT WITHOUT_SERVER) - ADD_SUBDIRECTORY(sql) +@@ -1348,6 +1349,10 @@ IF(NOT WITHOUT_SERVER AND WITH_UNIT_TESTS) + TARGET_LINK_LIBRARIES(server_unittest_library ${ICU_LIBRARIES}) ENDIF() +IF (FUZZING) @@ -36,10 +36,10 @@ index 1f499e9d9e5..a85c181ae78 100644 enum mysql_ssl_mode { diff --git a/include/violite.h b/include/violite.h -index 9f9d6e62e2e..32bed2eeb30 100644 +index 76f2ed2017a..56900e11349 100644 --- a/include/violite.h +++ b/include/violite.h -@@ -106,12 +106,14 @@ enum enum_vio_type : int { +@@ -108,12 +108,14 @@ enum enum_vio_type : int { */ VIO_TYPE_PLUGIN = 7, @@ -55,7 +55,7 @@ index 9f9d6e62e2e..32bed2eeb30 100644 }; /** -@@ -449,4 +451,20 @@ struct Vio { +@@ -450,4 +452,20 @@ struct Vio { #define SSL_handle void * #endif @@ -77,11 +77,11 @@ index 9f9d6e62e2e..32bed2eeb30 100644 + #endif /* vio_violite_h_ */ diff --git a/libmysql/CMakeLists.txt b/libmysql/CMakeLists.txt -index 52b9b61271f..e452fc202a5 100644 +index 0979a2b7b8c..0c896297a9f 100644 --- a/libmysql/CMakeLists.txt +++ b/libmysql/CMakeLists.txt -@@ -320,7 +320,7 @@ IF(UNIX) - ENDIF() +@@ -324,7 +324,7 @@ IF(UNIX) + ADD_INSTALL_RPATH_FOR_OPENSSL(libmysql) GET_TARGET_PROPERTY(libmysql_link_flags libmysql LINK_FLAGS) - IF(LINK_FLAG_NO_UNDEFINED) @@ -127,10 +127,10 @@ index fa96e35eb02..e03ee47c220 100644 *failed = true; return 0; diff --git a/sql-common/client.cc b/sql-common/client.cc -index f5e760cc37d..09037a9e236 100644 +index fd36e9950cf..c8cae8c3cbf 100644 --- a/sql-common/client.cc +++ b/sql-common/client.cc -@@ -5850,6 +5850,12 @@ static mysql_state_machine_status csm_begin_connect(mysql_async_connect *ctx) { +@@ -5852,6 +5852,12 @@ static mysql_state_machine_status csm_begin_connect(mysql_async_connect *ctx) { } } #endif /* _WIN32 */ @@ -144,10 +144,10 @@ index f5e760cc37d..09037a9e236 100644 if (!net->vio && (!mysql->options.protocol || diff --git a/sql/mysqld.cc b/sql/mysqld.cc -index 178a572a5aa..03b9d6346f9 100644 +index c30315d4702..4413d95915d 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc -@@ -6353,7 +6353,9 @@ int mysqld_main(int argc, char **argv) +@@ -6395,7 +6395,9 @@ int mysqld_main(int argc, char **argv) unireg_abort(MYSQLD_ABORT_EXIT); // Will do exit } @@ -157,7 +157,7 @@ index 178a572a5aa..03b9d6346f9 100644 size_t guardize = 0; #ifndef _WIN32 -@@ -6837,8 +6839,10 @@ int mysqld_main(int argc, char **argv) +@@ -6879,8 +6881,10 @@ int mysqld_main(int argc, char **argv) unireg_abort(MYSQLD_ABORT_EXIT); #ifndef _WIN32 @@ -168,7 +168,7 @@ index 178a572a5aa..03b9d6346f9 100644 #endif /* set all persistent options */ -@@ -6980,8 +6984,9 @@ int mysqld_main(int argc, char **argv) +@@ -7022,8 +7026,9 @@ int mysqld_main(int argc, char **argv) } start_handle_manager(); @@ -179,7 +179,7 @@ index 178a572a5aa..03b9d6346f9 100644 LogEvent() .type(LOG_TYPE_ERROR) -@@ -7028,6 +7033,10 @@ int mysqld_main(int argc, char **argv) +@@ -7070,6 +7075,10 @@ int mysqld_main(int argc, char **argv) (void)RUN_HOOK(server_state, before_handle_connection, (NULL)); @@ -190,7 +190,7 @@ index 178a572a5aa..03b9d6346f9 100644 #if defined(_WIN32) setup_conn_event_handler_threads(); #else -@@ -9850,6 +9859,9 @@ static int get_options(int *argc_ptr, char ***argv_ptr) { +@@ -9895,6 +9904,9 @@ static int get_options(int *argc_ptr, char ***argv_ptr) { if (opt_short_log_format) opt_specialflag |= SPECIAL_SHORT_LOG_FORMAT; @@ -226,10 +226,10 @@ index 983603eb58c..d577c6fcc05 100644 err = errs[id]; } diff --git a/vio/CMakeLists.txt b/vio/CMakeLists.txt -index 497ab98396c..a6cf2a647a6 100644 +index d44eebce63a..975bc878e17 100644 --- a/vio/CMakeLists.txt +++ b/vio/CMakeLists.txt -@@ -25,6 +25,7 @@ SET(VIO_SOURCES +@@ -27,6 +27,7 @@ SET(VIO_SOURCES viosocket.cc viossl.cc viosslfactories.cc @@ -238,10 +238,10 @@ index 497ab98396c..a6cf2a647a6 100644 IF(WIN32) diff --git a/vio/vio.cc b/vio/vio.cc -index 85cc77df645..03ed154dcee 100644 +index f2007bbc928..3b2ca196ec5 100644 --- a/vio/vio.cc +++ b/vio/vio.cc -@@ -300,6 +300,27 @@ static bool vio_init(Vio *vio, enum enum_vio_type type, my_socket sd, +@@ -301,6 +301,27 @@ static bool vio_init(Vio *vio, enum enum_vio_type type, my_socket sd, return false; } #endif /* HAVE_OPENSSL */ @@ -269,7 +269,7 @@ index 85cc77df645..03ed154dcee 100644 vio->viodelete = vio_delete; vio->vioerrno = vio_errno; vio->read = vio->read_buffer ? vio_read_buff : vio_read; -@@ -575,7 +596,8 @@ static const vio_string vio_type_names[] = {{"", 0}, +@@ -576,7 +597,8 @@ static const vio_string vio_type_names[] = {{"", 0}, {STRING_WITH_LEN("SSL/TLS")}, {STRING_WITH_LEN("Shared Memory")}, {STRING_WITH_LEN("Internal")}, @@ -281,10 +281,10 @@ index 85cc77df645..03ed154dcee 100644 int *len) { diff --git a/vio/viofuzz.cc b/vio/viofuzz.cc new file mode 100644 -index 00000000000..73f29662b96 +index 00000000000..83f22a5dbb9 --- /dev/null +++ b/vio/viofuzz.cc -@@ -0,0 +1,127 @@ +@@ -0,0 +1,124 @@ + +#include "my_config.h" + @@ -331,16 +331,13 @@ index 00000000000..73f29662b96 + +bool vio_connect_fuzz(Vio *vio, struct sockaddr *addr, socklen_t len, + int timeout) { -+ int ret; + DBUG_ENTER("vio_socket_connect"); + + /* Only for socket-based transport types. */ + DBUG_ASSERT(vio->type == VIO_TYPE_SOCKET || vio->type == VIO_TYPE_TCPIP); + + /* Initiate the connection. */ -+ ret=0; -+ -+ DBUG_RETURN(MY_TEST(ret)); ++ return 0; +} + + diff --git a/projects/openssh/build.sh b/projects/openssh/build.sh index 0b39dbdb9..6c7e9e20f 100755 --- a/projects/openssh/build.sh +++ b/projects/openssh/build.sh @@ -27,24 +27,32 @@ make -j$(nproc) all # Build fuzzers STATIC_CRYPTO="-Wl,-Bstatic -lcrypto -Wl,-Bdynamic" +COMMON=ssh-sk-null.o + +$CXX $CXXFLAGS -std=c++11 -I. -L. -Lopenbsd-compat -g \ + regress/misc/fuzz-harness/ssh-sk-null.cc -c -o ssh-sk-null.o + $CXX $CXXFLAGS -std=c++11 -I. -L. -Lopenbsd-compat -g \ regress/misc/fuzz-harness/pubkey_fuzz.cc -o $OUT/pubkey_fuzz \ - -lssh -lopenbsd-compat $STATIC_CRYPTO $LIB_FUZZING_ENGINE + -lssh -lopenbsd-compat $COMMON $STATIC_CRYPTO $LIB_FUZZING_ENGINE $CXX $CXXFLAGS -std=c++11 -I. -L. -Lopenbsd-compat -g \ regress/misc/fuzz-harness/privkey_fuzz.cc -o $OUT/privkey_fuzz \ - -lssh -lopenbsd-compat $STATIC_CRYPTO $LIB_FUZZING_ENGINE + -lssh -lopenbsd-compat $COMMON $STATIC_CRYPTO $LIB_FUZZING_ENGINE $CXX $CXXFLAGS -std=c++11 -I. -L. -Lopenbsd-compat -g \ regress/misc/fuzz-harness/sig_fuzz.cc -o $OUT/sig_fuzz \ - -lssh -lopenbsd-compat $STATIC_CRYPTO $LIB_FUZZING_ENGINE + -lssh -lopenbsd-compat $COMMON $STATIC_CRYPTO $LIB_FUZZING_ENGINE $CXX $CXXFLAGS -std=c++11 -I. -L. -Lopenbsd-compat -g \ regress/misc/fuzz-harness/authopt_fuzz.cc -o $OUT/authopt_fuzz \ - auth-options.o -lssh -lopenbsd-compat $STATIC_CRYPTO $LIB_FUZZING_ENGINE + auth-options.o -lssh -lopenbsd-compat $COMMON $STATIC_CRYPTO \ + $LIB_FUZZING_ENGINE $CXX $CXXFLAGS -std=c++11 -I. -L. -Lopenbsd-compat -g \ regress/misc/fuzz-harness/sshsig_fuzz.cc -o $OUT/sshsig_fuzz \ - sshsig.o -lssh -lopenbsd-compat $STATIC_CRYPTO $LIB_FUZZING_ENGINE + sshsig.o -lssh -lopenbsd-compat $COMMON $STATIC_CRYPTO \ + $LIB_FUZZING_ENGINE $CXX $CXXFLAGS -std=c++11 -I. -L. -Lopenbsd-compat -g \ regress/misc/fuzz-harness/sshsigopt_fuzz.cc -o $OUT/sshsigopt_fuzz \ - sshsig.o -lssh -lopenbsd-compat $STATIC_CRYPTO $LIB_FUZZING_ENGINE + sshsig.o -lssh -lopenbsd-compat $COMMON $STATIC_CRYPTO \ + $LIB_FUZZING_ENGINE # Prepare seed corpora CASES="$SRC/openssh-fuzz-cases" diff --git a/projects/openthread/project.yaml b/projects/openthread/project.yaml index 48ba90c16..5709f4be8 100644 --- a/projects/openthread/project.yaml +++ b/projects/openthread/project.yaml @@ -1,2 +1,11 @@ homepage: "https://github.com/openthread/openthread" primary_contact: "jonhui@google.com" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz + - dataflow +sanitizers: + - address + - undefined + - dataflow diff --git a/projects/openvswitch/build.sh b/projects/openvswitch/build.sh index 6cd1b2b93..350f018a6 100755 --- a/projects/openvswitch/build.sh +++ b/projects/openvswitch/build.sh @@ -15,7 +15,7 @@ # ################################################################################ -./boot.sh && ./configure && make -j$(nproc) && make oss-fuzz-targets +./boot.sh && HAVE_UNWIND=no ./configure --enable-ndebug && make -j$(nproc) && make oss-fuzz-targets cp $SRC/openvswitch/tests/oss-fuzz/config/*.options $OUT/ cp $SRC/openvswitch/tests/oss-fuzz/config/*.dict $OUT/ diff --git a/projects/osquery/Dockerfile b/projects/osquery/Dockerfile index 35ae8a30a..58e73df89 100755 --- a/projects/osquery/Dockerfile +++ b/projects/osquery/Dockerfile @@ -17,7 +17,7 @@ FROM gcr.io/oss-fuzz-base/base-builder MAINTAINER theopolis@osquery.io RUN apt-get update -RUN apt-get install -y --no-install-recommends python python3 bison flex make wget xz-utils +RUN apt-get install -y --no-install-recommends python python3 bison flex make wget xz-utils libunwind-dev # Install specific git version. RUN export GIT_VER=2.21.0 \ @@ -36,11 +36,6 @@ RUN wget -q https://github.com/Kitware/CMake/releases/download/v3.14.6/cmake-3.1 && tar xf cmake-3.14.6-Linux-x86_64.tar.gz -C /usr/local --strip 1 \ && rm cmake-3.14.6-Linux-x86_64.tar.gz -# Install build toolchain -RUN wget https://github.com/osquery/osquery-toolchain/releases/download/1.0.0/osquery-toolchain-1.0.0.tar.xz \ - && tar xf osquery-toolchain-1.0.0.tar.xz -C /usr/local \ - && rm osquery-toolchain-1.0.0.tar.xz - RUN git clone --depth 1 https://github.com/osquery/osquery osquery WORKDIR osquery diff --git a/projects/osquery/build.sh b/projects/osquery/build.sh index 3815a6d46..b5b31d635 100755 --- a/projects/osquery/build.sh +++ b/projects/osquery/build.sh @@ -24,19 +24,20 @@ PROJECT=osquery mv "${SRC}/${PROJECT}-dev" "${SRC}/${PROJECT}" ) pushd "${SRC}/${PROJECT}" -mkdir build && pushd build -export CXXFLAGS="${CXXFLAGS} -Wl,-lunwind -Wl,-lc++abi" -export CFLAGS="${CFLAGS} -Wl,-lunwind" +# Prefer shared libs +sed -i 's/CMAKE_LINK_SEARCH_START_STATIC ON/CMAKE_LINK_SEARCH_START_STATIC OFF/g' cmake/flags.cmake +sed -i 's/CMAKE_LINK_SEARCH_END_STATIC ON/CMAKE_LINK_SEARCH_END_STATIC OFF/g' cmake/flags.cmake + +mkdir build && pushd build cmake \ -DOSQUERY_VERSION:string=0.0.0-fuzz \ -DOSQUERY_ENABLE_ADDRESS_SANITIZER:BOOL=ON \ -DOSQUERY_ENABLE_FUZZER_SANITIZERS:BOOL=ON \ - -DOSQUERY_TOOLCHAIN_SYSROOT=/usr/local/osquery-toolchain \ .. cmake \ - -DCMAKE_EXE_LINKER_FLAGS=${LIB_FUZZING_ENGINE} \ + "-DCMAKE_EXE_LINKER_FLAGS=${LIB_FUZZING_ENGINE} -Wl,-rpath,'\$ORIGIN/lib'" \ .. # Build harnesses @@ -48,6 +49,10 @@ find . -type f -name '*.o' -delete rm -rf "${SRC}/${PROJECT}/libraries/cmake/source/libudev/src/test" rm -rf libs/src/patched-source/libudev/src/test +# Move libunwind to output path +mkdir -p "${OUT}/lib" +cp /usr/lib/x86_64-linux-gnu/libunwind.so.8 "${OUT}/lib" + # Move harnesses to output path cp osquery/main/harnesses/osqueryfuzz-config "${OUT}/osqueryfuzz-config" cp osquery/main/harnesses/osqueryfuzz-sqlquery "${OUT}/osqueryfuzz-sqlquery" @@ -57,4 +62,4 @@ popd tools/harnesses/osqueryfuzz_config_corpus.sh "${OUT}/osqueryfuzz-config_seed_corpus.zip" tools/harnesses/osqueryfuzz_config_dict.sh "${OUT}/osqueryfuzz-config.dict" tools/harnesses/osqueryfuzz_sqlquery_corpus.sh "${OUT}/osqueryfuzz-sqlquery_seed_corpus.zip" -cp tools/harnesses/osqueryfuzz_sqlquery.dict "${OUT}/osqueryfuzz-sqlquery.dict"
\ No newline at end of file +cp tools/harnesses/osqueryfuzz_sqlquery.dict "${OUT}/osqueryfuzz-sqlquery.dict" diff --git a/projects/ots/Dockerfile b/projects/ots/Dockerfile index c94408a62..d86342c7a 100644 --- a/projects/ots/Dockerfile +++ b/projects/ots/Dockerfile @@ -17,7 +17,7 @@ FROM gcr.io/oss-fuzz-base/base-builder MAINTAINER mmoroz@chromium.org RUN apt-get update && apt-get install -y python3-pip pkg-config zlib1g-dev && \ - pip3 install meson ninja + pip3 install meson==0.52.0 ninja RUN git clone --depth 1 https://github.com/khaledhosny/ots.git WORKDIR ots RUN git submodule update --init --recursive diff --git a/projects/pcre2/project.yaml b/projects/pcre2/project.yaml index 18fcf64d1..fbe4a4cd4 100644 --- a/projects/pcre2/project.yaml +++ b/projects/pcre2/project.yaml @@ -1,9 +1,15 @@ homepage: "http://www.pcre.org/" primary_contact: "philip.hazel@gmail.com" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz + - dataflow sanitizers: - address - memory - undefined + - dataflow architectures: - x86_64 - i386 diff --git a/projects/pillow/Dockerfile b/projects/pillow/Dockerfile new file mode 100644 index 000000000..aa67d850c --- /dev/null +++ b/projects/pillow/Dockerfile @@ -0,0 +1,24 @@ +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER guidovranken@gmail.com +RUN apt-get update && apt-get install -y make autoconf automake build-essential libbz2-dev libc6-dev libffi-dev libfreetype6-dev libgdbm-dev libjpeg-turbo8-dev liblcms2-dev libncursesw5-dev libreadline-dev libsqlite3-dev libssl-dev libtiff5-dev libtool libwebp-dev make python python-dev python-setuptools tk-dev wget zlib1g-dev libwebp-dev +RUN wget https://github.com/python/cpython/archive/v3.8.1.tar.gz +RUN git clone --depth 1 https://github.com/python-pillow/Pillow.git pillow +RUN git clone --depth 1 https://github.com/guidovranken/oss-fuzz-fuzzers +WORKDIR pillow +COPY build.sh $SRC/ diff --git a/projects/pillow/build.sh b/projects/pillow/build.sh new file mode 100755 index 000000000..1bee1d7ab --- /dev/null +++ b/projects/pillow/build.sh @@ -0,0 +1,112 @@ +#!/bin/bash -eu +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Because Pillow's "./setup.py build_ext --inplace" does not work with custom CC and CFLAGS, +# it is necessary to build in the following manner: +# +# Build CPython without instrumentation/sanitization +# Build Pillow in a virtualenv based on uninstrumented and unsanitized CPython. Log the build steps to build.sh +# Build CPython with instrumentation/sanitization +# Rewrite build.sh to compile Pillow based on CPython with instrumentation/sanitization +# +# Why not build Pillow directly with a virtualenv based on instrumented CPython? +# Because the virtualenv will inherit CC and CFLAGS of the instrumented CPython, and that will fail. + +cd $SRC/ +tar zxf v3.8.1.tar.gz +cd cpython-3.8.1/ + +# Ignore memory leaks from python scripts invoked in the build +export ASAN_OPTIONS="detect_leaks=0" +export MSAN_OPTIONS="halt_on_error=0:exitcode=0:report_umrs=0" + +# Remove -pthread from CFLAGS, this trips up ./configure +# which thinks pthreads are available without any CLI flags +CFLAGS=${CFLAGS//"-pthread"/} + +FLAGS=() +case $SANITIZER in + address) + FLAGS+=("--with-address-sanitizer") + ;; + memory) + FLAGS+=("--with-memory-sanitizer") + # installing ensurepip takes a while with MSAN instrumentation, so + # we disable it here + FLAGS+=("--without-ensurepip") + # -msan-keep-going is needed to allow MSAN's halt_on_error to function + FLAGS+=("CFLAGS=-mllvm -msan-keep-going=1") + ;; + undefined) + FLAGS+=("--with-undefined-behavior-sanitizer") + ;; +esac + +export CPYTHON_INSTALL_PATH=$OUT/cpython-install +rm -rf $CPYTHON_INSTALL_PATH +mkdir $CPYTHON_INSTALL_PATH + +export CPYTHON_UNINSTRUMENTED_INSTALL_PATH=$OUT/cpython-install +rm -rf $CPYTHON_UNINSTRUMENTED_INSTALL_PATH +mkdir $CPYTHON_UNINSTRUMENTED_INSTALL_PATH + +cd $SRC/ +tar zxf v3.8.1.tar.gz + +# Compile uninstrumented CPython +cp -R $SRC/cpython-3.8.1/ $SRC/cpython-3.8.1-uninstrumented +cd $SRC/cpython-3.8.1-uninstrumented +CFLAGS="" CXXFLAGS="" ./configure --prefix=$CPYTHON_UNINSTRUMENTED_INSTALL_PATH +CFLAGS="" CXXFLAGS="" make -j$(nproc) +CFLAGS="" CXXFLAGS="" make install + +# Compile instrumented CPython +cd $SRC/cpython-3.8.1/ +cp $SRC/oss-fuzz-fuzzers/pillow/python_coverage.h Python/ + +# Patch the interpreter to record code coverage +sed -i '1 s/^.*$/#include "python_coverage.h"/g' Python/ceval.c +sed -i 's/case TARGET\(.*\): {/\0\nfuzzer_record_code_coverage(f->f_code, f->f_lasti);/g' Python/ceval.c + +./configure "${FLAGS[@]}" --prefix=$CPYTHON_INSTALL_PATH +make -j$(nproc) +make install + +# Compile Pillow fuzzers +cd $SRC/oss-fuzz-fuzzers/pillow +rm $CPYTHON_INSTALL_PATH/lib/python3.8/lib-dynload/_tkinter*.so +make +cp $SRC/oss-fuzz-fuzzers/pillow/fuzzer-loadimg $OUT/ +cp $SRC/oss-fuzz-fuzzers/pillow/loadimg.py $OUT/ + +# Create venv for Pillow compilation +$CPYTHON_UNINSTRUMENTED_INSTALL_PATH/bin/python3 -m venv $SRC/venv +source $SRC/venv/bin/activate + +# Compile Pillow +cd $SRC/pillow +CFLAGS="" CXXFLAGS="" ./setup.py build_ext --inplace >build.sh +grep "^\(gcc\|x86_64-linux-gnu-gcc\|clang\) " build.sh | sed 's/^\(gcc\|x86_64-linux-gnu-gcc\|clang\) /$CC $CFLAGS /g' | sed 's/-DPILLOW_VERSION="\([^"]\+\)"/-DPILLOW_VERSION="\\"\1\\""/g' >build2.sh +bash build2.sh +cp -R $SRC/pillow $OUT/ +cp /usr/lib/x86_64-linux-gnu/libjpeg.so.8 $OUT/ +cp /usr/lib/x86_64-linux-gnu/libtiff.so.5 $OUT/ +cp /usr/lib/x86_64-linux-gnu/libjbig.so.0 $OUT/ +cp /usr/lib/x86_64-linux-gnu/libwebp.so.5 $OUT/ +cp /usr/lib/x86_64-linux-gnu/libwebpmux.so.1 $OUT/ +cp /usr/lib/x86_64-linux-gnu/libwebpdemux.so.1 $OUT/ +cp $SRC/oss-fuzz-fuzzers/pillow/corpus.zip $OUT/fuzzer-loadimg_seed_corpus.zip diff --git a/projects/pillow/project.yaml b/projects/pillow/project.yaml new file mode 100644 index 000000000..f6041e904 --- /dev/null +++ b/projects/pillow/project.yaml @@ -0,0 +1,11 @@ +homepage: "https://python-pillow.org/" +primary_contact: "guidovranken@gmail.com" +auto_ccs: + - "security@python-pillow.org" +sanitizers: + - address + - undefined +architectures: + - x86_64 +fuzzing_engines: + - libfuzzer diff --git a/projects/proj4/Dockerfile b/projects/proj4/Dockerfile index 12235d23c..6e9ca2c22 100644 --- a/projects/proj4/Dockerfile +++ b/projects/proj4/Dockerfile @@ -16,7 +16,16 @@ FROM gcr.io/oss-fuzz-base/base-builder MAINTAINER even.rouault@spatialys.com -RUN apt-get update && apt-get install -y make autoconf automake libtool g++ sqlite3 libsqlite3-dev pkg-config -RUN git clone --depth 1 https://github.com/OSGeo/proj.4 proj.4 -WORKDIR proj.4 -COPY build.sh $SRC/ +RUN dpkg --add-architecture i386 && \ + apt-get update && \ + apt-get install -y make autoconf automake libtool g++ sqlite3 pkg-config + +RUN git clone --depth 1 https://github.com/OSGeo/proj proj + +RUN git clone --depth 1 https://github.com/curl/curl.git proj/curl + +RUN git clone --depth 1 https://gitlab.com/libtiff/libtiff.git proj/libtiff + +WORKDIR proj + +RUN cp test/fuzzers/build.sh $SRC/ diff --git a/projects/proj4/project.yaml b/projects/proj4/project.yaml index 91e991a65..71bdcf8cd 100644 --- a/projects/proj4/project.yaml +++ b/projects/proj4/project.yaml @@ -1,6 +1,9 @@ -homepage: "http://proj4.org/" +homepage: "https://proj.org/" primary_contact: "even.rouault@gmail.com" auto_ccs: - "hobu.inc@gmail.com" - "kristianevers@gmail.com" - "knudsen.thomas@gmail.com" +architectures: + - x86_64 + - i386 diff --git a/projects/proxygen/Dockerfile b/projects/proxygen/Dockerfile index feb12fc79..14c3da592 100644 --- a/projects/proxygen/Dockerfile +++ b/projects/proxygen/Dockerfile @@ -147,7 +147,8 @@ RUN apt-get install -y \ zlib1g-dev \ binutils-dev \ libsodium-dev \ - libdouble-conversion-dev + libdouble-conversion-dev \ + libunwind8-dev # Install patchelf so we can fix path to libunwind RUN apt-get install patchelf diff --git a/projects/qt/Dockerfile b/projects/qt/Dockerfile new file mode 100644 index 000000000..7d325ca91 --- /dev/null +++ b/projects/qt/Dockerfile @@ -0,0 +1,26 @@ +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER rlohningqt@gmail.com +RUN apt-get update && apt-get install -y build-essential python libxcb-xinerama0-dev && apt-get install --no-install-recommends afl-doc +RUN git clone --branch 5.15 --depth 1 git://code.qt.io/qt/qt5.git qt +WORKDIR qt +RUN perl init-repository --module-subset=qtbase + +WORKDIR $SRC +RUN git clone --depth 1 git://code.qt.io/qt/qtqa.git +COPY build.sh $SRC/ diff --git a/projects/qt/build.sh b/projects/qt/build.sh new file mode 100755 index 000000000..619cdcd18 --- /dev/null +++ b/projects/qt/build.sh @@ -0,0 +1,65 @@ +#!/bin/bash -eu +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# add the flags to Qt build, gratefully borrowed from karchive +cd $SRC/qt/qtbase/mkspecs +sed -i -e "s/QMAKE_CXXFLAGS += -stdlib=libc++/QMAKE_CXXFLAGS += -stdlib=libc++ $CXXFLAGS\nQMAKE_CFLAGS += $CFLAGS/g" linux-clang-libc++/qmake.conf +sed -i -e "s/QMAKE_LFLAGS += -stdlib=libc++/QMAKE_LFLAGS += -stdlib=libc++ -lpthread $CXXFLAGS/g" linux-clang-libc++/qmake.conf + +# set optimization to O1 +sed -i -e "s/QMAKE_CFLAGS_OPTIMIZE = -O2/QMAKE_CFLAGS_OPTIMIZE = -O1/g" common/gcc-base.conf +sed -i -e "s/QMAKE_CFLAGS_OPTIMIZE_FULL = -O3/QMAKE_CFLAGS_OPTIMIZE_FULL = -O1/g" common/gcc-base.conf + +# build project +cd $WORK +MAKEFLAGS=-j$(nproc) $SRC/qt/configure -platform linux-clang-libc++ -static -opensource -confirm-license -no-opengl -nomake tests -nomake examples -prefix $OUT +make -j$(nproc) +make install + +# prepare corpus files +zip -j $WORK/html $SRC/qtqa/fuzzing/testcases/html/* +zip -j $WORK/markdown $SRC/qtqa/fuzzing/testcases/markdown/* +zip -j $WORK/xml $SRC/qtqa/fuzzing/testcases/xml/* /usr/share/afl/testcases/others/xml/* + +# build fuzzers + +build_fuzzer() { + local module=$1 + local proFilePath=$2 + local format=${3-""} + local dictionary=${4-""} + local proFileName=${proFilePath##*/} + local exeName=${proFileName%%.*} + mkdir build_fuzzer + cd build_fuzzer + $OUT/bin/qmake $SRC/qt/$module/tests/libfuzzer/$proFilePath + make -j$(nproc) + mv $exeName $OUT + if [ -n "$format" ]; then + cp $WORK/$format.zip $OUT/"$exeName"_seed_corpus.zip + fi + if [ -n "$dictionary" ]; then + cp $dictionary $OUT/$exeName.dict + fi + cd .. + rm -r build_fuzzer +} + +build_fuzzer "qtbase" "corelib/serialization/qxmlstream/qxmlstreamreader/readnext/readnext.pro" "xml" "/usr/share/afl/testcases/_extras/xml.dict" +# build_fuzzer "qtbase" "gui/text/qtextdocument/setHtml/setHtml.pro" "html" "/usr/share/afl/testcases/_extras/html_tags.dict" +build_fuzzer "qtbase" "gui/text/qtextdocument/setMarkdown/setMarkdown.pro" "markdown" +build_fuzzer "qtbase" "gui/text/qtextlayout/beginLayout/beginLayout.pro" diff --git a/projects/qt/project.yaml b/projects/qt/project.yaml index 48b81a13f..960b3bf44 100644 --- a/projects/qt/project.yaml +++ b/projects/qt/project.yaml @@ -1,2 +1,4 @@ homepage: "http://qt-project.org" primary_contact: "rlohningqt@gmail.com" +sanitizers: + - address diff --git a/projects/rapidjson/project.yaml b/projects/rapidjson/project.yaml index d86329c9d..573235a24 100644 --- a/projects/rapidjson/project.yaml +++ b/projects/rapidjson/project.yaml @@ -3,8 +3,8 @@ primary_contact: "guidovranken@gmail.com" sanitizers: - address - undefined - - memory -experimental: True + - memory: + experimental: True architectures: - x86_64 - i386 diff --git a/projects/syzkaller/project.yaml b/projects/syzkaller/project.yaml index b208801a9..ee6cd841d 100644 --- a/projects/syzkaller/project.yaml +++ b/projects/syzkaller/project.yaml @@ -4,6 +4,7 @@ auto_ccs: - "andreyknvl@google.com" - "mmoroz@chromium.org" - "syzkaller@googlegroups.com" +language: go fuzzing_engines: - libfuzzer sanitizers: diff --git a/projects/tesseract-ocr/Dockerfile b/projects/tesseract-ocr/Dockerfile index e22232d89..daf607032 100644 --- a/projects/tesseract-ocr/Dockerfile +++ b/projects/tesseract-ocr/Dockerfile @@ -20,5 +20,4 @@ RUN apt-get update && apt-get install -y autoconf automake libtool pkg-config li RUN git clone --depth 1 https://github.com/danbloomberg/leptonica RUN git clone --depth 1 https://github.com/tesseract-ocr/tesseract RUN git clone --depth 1 https://github.com/tesseract-ocr/tessdata -RUN git clone https://github.com/guidovranken/tesseract-ocr-fuzzers COPY build.sh $SRC/ diff --git a/projects/tesseract-ocr/build.sh b/projects/tesseract-ocr/build.sh index e64539fe8..1847668f4 100755 --- a/projects/tesseract-ocr/build.sh +++ b/projects/tesseract-ocr/build.sh @@ -27,17 +27,12 @@ cd $SRC/tesseract CXXFLAGS="$CXXFLAGS -D_GLIBCXX_DEBUG" ./configure --disable-graphics --disable-shared make -j$(nproc) -cd $SRC/tesseract-ocr-fuzzers - cp -R $SRC/tessdata $OUT $CXX $CXXFLAGS \ - -I $SRC/tesseract/src/api \ - -I $SRC/tesseract/src/ccstruct \ - -I $SRC/tesseract/src/ccmain \ - -I $SRC/tesseract/src/ccutil \ - $SRC/tesseract-ocr-fuzzers/fuzzer-api.cpp -o $OUT/fuzzer-api \ - $SRC/tesseract/src/api/.libs/libtesseract.a \ + -I $SRC/tesseract/include \ + $SRC/tesseract/unittest/fuzzers/fuzzer-api.cpp -o $OUT/fuzzer-api \ + $SRC/tesseract/.libs/libtesseract.a \ /usr/local/lib/liblept.a \ /usr/lib/x86_64-linux-gnu/libtiff.a \ /usr/lib/x86_64-linux-gnu/libpng.a \ @@ -49,13 +44,10 @@ $CXX $CXXFLAGS \ $CXX $CXXFLAGS \ -DTESSERACT_FUZZER_WIDTH=512 \ - -DTESSERACT_FUZZER_HEIGHT=512 \ - -I $SRC/tesseract/src/api \ - -I $SRC/tesseract/src/ccstruct \ - -I $SRC/tesseract/src/ccmain \ - -I $SRC/tesseract/src/ccutil \ - $SRC/tesseract-ocr-fuzzers/fuzzer-api.cpp -o $OUT/fuzzer-api-512x512 \ - $SRC/tesseract/src/api/.libs/libtesseract.a \ + -DTESSERACT_FUZZER_HEIGHT=256 \ + -I $SRC/tesseract/include \ + $SRC/tesseract/unittest/fuzzers/fuzzer-api.cpp -o $OUT/fuzzer-api-512x256 \ + $SRC/tesseract/.libs/libtesseract.a \ /usr/local/lib/liblept.a \ /usr/lib/x86_64-linux-gnu/libtiff.a \ /usr/lib/x86_64-linux-gnu/libpng.a \ diff --git a/projects/tesseract-ocr/project.yaml b/projects/tesseract-ocr/project.yaml index 70b8e3a51..6e6983be3 100644 --- a/projects/tesseract-ocr/project.yaml +++ b/projects/tesseract-ocr/project.yaml @@ -1,2 +1,4 @@ homepage: "https://github.com/tesseract-ocr/tesseract" primary_contact: "stjoweil@googlemail.com" +fuzzing_engines: + - libfuzzer diff --git a/projects/tor/build.sh b/projects/tor/build.sh index 9f0b3db2c..1c5154a91 100644 --- a/projects/tor/build.sh +++ b/projects/tor/build.sh @@ -22,7 +22,7 @@ mkdir -p $TOR_DEPS # Build libevent with proper instrumentation. cd ${SRC}/libevent sh autogen.sh -./configure --prefix=${TOR_DEPS} +./configure --prefix=${TOR_DEPS} --disable-openssl make -j$(nproc) clean make -j$(nproc) all make install @@ -79,6 +79,8 @@ for fuzzer in src/test/fuzz/*.a; do corpus_dir="${SRC}/tor-fuzz-corpora/${output#oss-fuzz-}" if [ -d "${corpus_dir}" ]; then - zip -j ${OUT}/${output}_seed_corpus.zip ${corpus_dir}/* + set +x + zip -q -j ${OUT}/${output}_seed_corpus.zip ${corpus_dir}/* + set -x fi done diff --git a/projects/tpm2-tss/build.sh b/projects/tpm2-tss/build.sh index 242787c79..9e7788367 100644 --- a/projects/tpm2-tss/build.sh +++ b/projects/tpm2-tss/build.sh @@ -31,7 +31,8 @@ export GEN_FUZZ=1 --enable-tcti-device=no \ --enable-tcti-mssim=no \ --disable-doxygen-doc \ - --disable-shared + --disable-shared \ + --disable-fapi sed -i 's/@DX_RULES@/# @DX_RULES@/g' Makefile make -j $(nproc) fuzz-targets diff --git a/projects/unbound/Dockerfile b/projects/unbound/Dockerfile index fe4a0159d..0bd77437c 100644 --- a/projects/unbound/Dockerfile +++ b/projects/unbound/Dockerfile @@ -20,4 +20,8 @@ RUN apt-get install -y make libtool libssl-dev libexpat-dev wget RUN git clone --depth=1 https://github.com/NLnetLabs/unbound unbound WORKDIR unbound COPY parse_packet_fuzzer.c . +COPY fuzz_1.c . +COPY fuzz_2.c . +COPY fuzz_3.c . +COPY fuzz_4.c . COPY build.sh $SRC/ diff --git a/projects/unbound/build.sh b/projects/unbound/build.sh index 509b69452..68cda38c9 100755 --- a/projects/unbound/build.sh +++ b/projects/unbound/build.sh @@ -22,6 +22,10 @@ CFLAGS="${CFLAGS} -DVALGRIND=1" make -j6 all $CC $CFLAGS -I. -DSRCDIR=. -c -o parse_packet_fuzzer.o parse_packet_fuzzer.c +$CC $CFLAGS -I. -DSRCDIR=. -c -o fuzz_1.o fuzz_1.c +$CC $CFLAGS -I. -DSRCDIR=. -c -o fuzz_2.o fuzz_2.c +$CC $CFLAGS -I. -DSRCDIR=. -c -o fuzz_3.o fuzz_3.c +$CC $CFLAGS -I. -DSRCDIR=. -c -o fuzz_4.o fuzz_4.c # get the LIBOBJS with the replaced functions needed for linking. LIBOBJS=`make --eval 'echolibobjs: ; @echo "$(LIBOBJS)"' echolibobjs` @@ -46,4 +50,88 @@ $CXX $CXXFLAGS -std=c++11 \ libworker.o context.o \ $LIBOBJS +$CXX $CXXFLAGS -std=c++11 \ + $LIB_FUZZING_ENGINE \ + -lssl -lcrypto -pthread \ + -o $OUT/fuzz_1_fuzzer \ + fuzz_1.o \ + dns.o infra.o rrset.o dname.o \ + msgencode.o as112.o msgparse.o msgreply.o packed_rrset.o iterator.o \ + iter_delegpt.o iter_donotq.o iter_fwd.o iter_hints.o iter_priv.o \ + iter_resptype.o iter_scrub.o iter_utils.o localzone.o mesh.o modstack.o view.o \ + outbound_list.o alloc.o config_file.o configlexer.o configparser.o \ + fptr_wlist.o edns.o locks.o log.o mini_event.o module.o net_help.o random.o \ + rbtree.o regional.o rtt.o dnstree.o lookup3.o lruhash.o slabhash.o \ + tcp_conn_limit.o timehist.o tube.o winsock_event.o autotrust.o val_anchor.o \ + validator.o val_kcache.o val_kentry.o val_neg.o val_nsec3.o val_nsec.o \ + val_secalgo.o val_sigcrypt.o val_utils.o dns64.o cachedb.o redis.o authzone.o \ + respip.o netevent.o listen_dnsport.o outside_network.o ub_event.o keyraw.o \ + sbuffer.o wire2str.o parse.o parseutil.o rrdef.o str2wire.o libunbound.o \ + libworker.o context.o \ + $LIBOBJS + +$CXX $CXXFLAGS -std=c++11 \ + $LIB_FUZZING_ENGINE \ + -lssl -lcrypto -pthread \ + -o $OUT/fuzz_2_fuzzer \ + fuzz_2.o \ + dns.o infra.o rrset.o dname.o \ + msgencode.o as112.o msgparse.o msgreply.o packed_rrset.o iterator.o \ + iter_delegpt.o iter_donotq.o iter_fwd.o iter_hints.o iter_priv.o \ + iter_resptype.o iter_scrub.o iter_utils.o localzone.o mesh.o modstack.o view.o \ + outbound_list.o alloc.o config_file.o configlexer.o configparser.o \ + fptr_wlist.o edns.o locks.o log.o mini_event.o module.o net_help.o random.o \ + rbtree.o regional.o rtt.o dnstree.o lookup3.o lruhash.o slabhash.o \ + tcp_conn_limit.o timehist.o tube.o winsock_event.o autotrust.o val_anchor.o \ + validator.o val_kcache.o val_kentry.o val_neg.o val_nsec3.o val_nsec.o \ + val_secalgo.o val_sigcrypt.o val_utils.o dns64.o cachedb.o redis.o authzone.o \ + respip.o netevent.o listen_dnsport.o outside_network.o ub_event.o keyraw.o \ + sbuffer.o wire2str.o parse.o parseutil.o rrdef.o str2wire.o libunbound.o \ + libworker.o context.o \ + $LIBOBJS + +$CXX $CXXFLAGS -std=c++11 \ + $LIB_FUZZING_ENGINE \ + -lssl -lcrypto -pthread \ + -o $OUT/fuzz_3_fuzzer \ + fuzz_3.o \ + dns.o infra.o rrset.o dname.o \ + msgencode.o as112.o msgparse.o msgreply.o packed_rrset.o iterator.o \ + iter_delegpt.o iter_donotq.o iter_fwd.o iter_hints.o iter_priv.o \ + iter_resptype.o iter_scrub.o iter_utils.o localzone.o mesh.o modstack.o view.o \ + outbound_list.o alloc.o config_file.o configlexer.o configparser.o \ + fptr_wlist.o edns.o locks.o log.o mini_event.o module.o net_help.o random.o \ + rbtree.o regional.o rtt.o dnstree.o lookup3.o lruhash.o slabhash.o \ + tcp_conn_limit.o timehist.o tube.o winsock_event.o autotrust.o val_anchor.o \ + validator.o val_kcache.o val_kentry.o val_neg.o val_nsec3.o val_nsec.o \ + val_secalgo.o val_sigcrypt.o val_utils.o dns64.o cachedb.o redis.o authzone.o \ + respip.o netevent.o listen_dnsport.o outside_network.o ub_event.o keyraw.o \ + sbuffer.o wire2str.o parse.o parseutil.o rrdef.o str2wire.o libunbound.o \ + libworker.o context.o \ + $LIBOBJS + +$CXX $CXXFLAGS -std=c++11 \ + $LIB_FUZZING_ENGINE \ + -lssl -lcrypto -pthread \ + -o $OUT/fuzz_4_fuzzer \ + fuzz_4.o \ + dns.o infra.o rrset.o dname.o \ + msgencode.o as112.o msgparse.o msgreply.o packed_rrset.o iterator.o \ + iter_delegpt.o iter_donotq.o iter_fwd.o iter_hints.o iter_priv.o \ + iter_resptype.o iter_scrub.o iter_utils.o localzone.o mesh.o modstack.o view.o \ + outbound_list.o alloc.o config_file.o configlexer.o configparser.o \ + fptr_wlist.o edns.o locks.o log.o mini_event.o module.o net_help.o random.o \ + rbtree.o regional.o rtt.o dnstree.o lookup3.o lruhash.o slabhash.o \ + tcp_conn_limit.o timehist.o tube.o winsock_event.o autotrust.o val_anchor.o \ + validator.o val_kcache.o val_kentry.o val_neg.o val_nsec3.o val_nsec.o \ + val_secalgo.o val_sigcrypt.o val_utils.o dns64.o cachedb.o redis.o authzone.o \ + respip.o netevent.o listen_dnsport.o outside_network.o ub_event.o keyraw.o \ + sbuffer.o wire2str.o parse.o parseutil.o rrdef.o str2wire.o libunbound.o \ + libworker.o context.o \ + $LIBOBJS + wget --directory-prefix $OUT https://github.com/jsha/unbound/raw/fuzzing-corpora/testdata/parse_packet_fuzzer_seed_corpus.zip +wget --directory-prefix $OUT https://github.com/luisx41/fuzzing-corpus/raw/master/projects/unbound/fuzz_1_fuzzer_seed_corpus.zip +wget --directory-prefix $OUT https://github.com/luisx41/fuzzing-corpus/raw/master/projects/unbound/fuzz_2_fuzzer_seed_corpus.zip +wget --directory-prefix $OUT https://github.com/luisx41/fuzzing-corpus/raw/master/projects/unbound/fuzz_3_fuzzer_seed_corpus.zip +wget --directory-prefix $OUT https://github.com/luisx41/fuzzing-corpus/raw/master/projects/unbound/fuzz_4_fuzzer_seed_corpus.zip diff --git a/projects/unbound/fuzz_1.c b/projects/unbound/fuzz_1.c new file mode 100644 index 000000000..7fbdcc533 --- /dev/null +++ b/projects/unbound/fuzz_1.c @@ -0,0 +1,59 @@ +/* + * unbound-fuzzme.c - parse a packet provided on stdin (for fuzzing). + * + */ +#include "config.h" +#include "util/regional.h" +#include "util/module.h" +#include "util/config_file.h" +#include "iterator/iterator.h" +#include "iterator/iter_priv.h" +#include "iterator/iter_scrub.h" +#include "util/log.h" +#include "sldns/sbuffer.h" + +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + log_init("/tmp/foo", 0, NULL); + char *bin = buf; + struct regional* reg; + + struct sldns_buffer *pkt = sldns_buffer_new(1); + sldns_buffer_new_frm_data(pkt, bin, len); + + reg = regional_create(); + + struct msg_parse msg; + struct edns_data edns; + memset(&msg, 0, sizeof(struct msg_parse)); + memset(&edns, 0, sizeof(edns)); + if (parse_packet(pkt, &msg, reg) != LDNS_RCODE_NOERROR) { + goto out; + } + if (parse_extract_edns(&msg, &edns, reg) != LDNS_RCODE_NOERROR) { + goto out; + } + + + struct query_info qinfo_out; + memset(&qinfo_out, 0, sizeof(struct query_info)); + qinfo_out.qname = (unsigned char *) "\03nic\02de"; + uint8_t *peter = (unsigned char *) "\02de"; // zonename + struct module_env env; + memset(&env, 0, sizeof(struct module_env)); + struct config_file cfg; + memset(&cfg, 0, sizeof(struct config_file)); + cfg.harden_glue = 1; // crashes now, want to remove that later + env.cfg = &cfg; + + struct iter_env ie; + memset(&ie, 0, sizeof(struct iter_env)); + + struct iter_priv priv; + memset(&priv, 0, sizeof(struct iter_priv)); + ie.priv = &priv; + scrub_message(pkt, &msg, &qinfo_out, peter, reg, &env, &ie); +out: + regional_destroy(reg); + sldns_buffer_free(pkt); + return 0; +} diff --git a/projects/unbound/fuzz_2.c b/projects/unbound/fuzz_2.c new file mode 100644 index 000000000..baf0fee74 --- /dev/null +++ b/projects/unbound/fuzz_2.c @@ -0,0 +1,51 @@ +#include "config.h" +#include "sldns/sbuffer.h" +#include "sldns/wire2str.h" +#include "util/data/dname.h" + +int LLVMFuzzerTestOneInput(const uint8_t *bin, size_t nr) { + char *bout; + uint8_t *a; + char *b; + size_t bl; + size_t al; + size_t len; + + if (nr > 2) { + len = bin[0] & 0xff; // want random sized output buf + bout = malloc(len); + nr--; + bin++; + b = bout; bl = len; sldns_wire2str_edns_subnet_print(&b, &bl, bin, nr); + b = bout; bl = len; sldns_wire2str_edns_n3u_print(&b, &bl, bin, nr); + b = bout; bl = len; sldns_wire2str_edns_dhu_print(&b, &bl, bin, nr); + b = bout; bl = len; sldns_wire2str_edns_dau_print(&b, &bl, bin, nr); + b = bout; bl = len; sldns_wire2str_edns_nsid_print(&b, &bl, bin, nr); + b = bout; bl = len; sldns_wire2str_edns_ul_print(&b, &bl, bin, nr); + b = bout; bl = len; sldns_wire2str_edns_llq_print(&b, &bl, bin, nr); + + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_tsigerror_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_long_str_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_tag_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_eui64_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_int16_data_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_hip_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_wks_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_loc_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_cert_alg_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_nsec3_salt_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_nsec_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_b32_ext_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_apl_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_str_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_rdata_unknown_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_header_scan(&a, &al, &b, &bl); + a = bin; al = nr; b = bout; bl = len; sldns_wire2str_pkt_scan(&a, &al, &b, &bl); + + bin--; + free(bout); + } + +out: + return 0; +} diff --git a/projects/unbound/fuzz_3.c b/projects/unbound/fuzz_3.c new file mode 100644 index 000000000..237a543c1 --- /dev/null +++ b/projects/unbound/fuzz_3.c @@ -0,0 +1,67 @@ +#include "config.h" +#include "sldns/sbuffer.h" +#include "sldns/wire2str.h" +#include "sldns/str2wire.h" +#include "util/data/dname.h" + +#define SZ 1000 +#define SZ2 100 + + +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t nr) { + char *bin = malloc(nr); + uint8_t *bout; + size_t len, len2; + + memset(bin, 0, nr); + memcpy(bin, buf, nr); + + if (nr > 2) { + bin[nr-1] = 0x00; // null terminate + len = bin[0] & 0xff; // want random sized output buf + bout = malloc(len); + nr--; + bin++; + + // call the targets + len2 = len; sldns_str2wire_dname_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_int8_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_int16_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_int32_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_a_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_aaaa_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_str_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_apl_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_b64_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_b32_ext_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_hex_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_nsec_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_type_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_class_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_cert_alg_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_alg_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_tsigerror_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_time_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_tsigtime_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_period_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_loc_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_wks_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_nsap_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_atma_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_ipseckey_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_nsec3_salt_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_ilnp64_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_eui48_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_eui64_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_tag_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_long_str_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_hip_buf(bin, bout, &len2); + len2 = len; sldns_str2wire_int16_data_buf(bin, bout, &len2); + + bin--; + free(bout); + } + +out: + free(bin); +} diff --git a/projects/unbound/fuzz_4.c b/projects/unbound/fuzz_4.c new file mode 100644 index 000000000..14fea4971 --- /dev/null +++ b/projects/unbound/fuzz_4.c @@ -0,0 +1,81 @@ +/* + * unbound-fuzzme.c - parse a packet provided on stdin (for fuzzing). + * + */ +#include "config.h" +#include "util/regional.h" +#include "util/module.h" +#include "util/config_file.h" +#include "iterator/iterator.h" +#include "iterator/iter_priv.h" +#include "iterator/iter_scrub.h" +#include "util/log.h" +#include "util/netevent.h" +#include "util/alloc.h" +#include "sldns/sbuffer.h" +#include "services/cache/rrset.h" + +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t nr) { + log_init("/tmp/foo", 0, NULL); + struct regional* reg; + + struct sldns_buffer *pkt = sldns_buffer_new(1); + sldns_buffer_new_frm_data(pkt, buf, nr); + + reg = regional_create(); + + struct msg_parse msg; + struct edns_data edns; + memset(&msg, 0, sizeof(struct msg_parse)); + memset(&edns, 0, sizeof(edns)); + + struct query_info qinfo_out; + memset(&qinfo_out, 0, sizeof(struct query_info)); + qinfo_out.qname = (unsigned char *) "\03nic\02de"; + uint8_t *peter = (unsigned char *) "\02de"; // zonename + struct module_env env; + memset(&env, 0, sizeof(struct module_env)); + struct config_file cfg; + memset(&cfg, 0, sizeof(struct config_file)); + + cfg.harden_glue = 0; // crashes now, want to remove that later + env.cfg = &cfg; + cfg.rrset_cache_slabs = HASH_DEFAULT_SLABS; + cfg.rrset_cache_size = HASH_DEFAULT_MAXMEM; + + struct comm_base* base = comm_base_create(0); + comm_base_timept(base, &env.now, &env.now_tv); + + env.alloc = malloc(sizeof(struct alloc_cache)); + alloc_init(env.alloc, NULL, 0); + + env.rrset_cache = rrset_cache_create(env.cfg, env.alloc); + + + struct iter_env ie; + memset(&ie, 0, sizeof(struct iter_env)); + + struct iter_priv priv; + memset(&priv, 0, sizeof(struct iter_priv)); + ie.priv = &priv; + + + if (parse_packet(pkt, &msg, reg) != LDNS_RCODE_NOERROR) { + goto out; + } + if (parse_extract_edns(&msg, &edns, reg) != LDNS_RCODE_NOERROR) { + goto out; + } + + + scrub_message(pkt, &msg, &qinfo_out, peter, reg, &env, &ie); + +out: + rrset_cache_delete(env.rrset_cache); + alloc_clear(env.alloc); + free(env.alloc); + comm_base_delete(base); + regional_destroy(reg); + sldns_buffer_free(pkt); + return 0; +} diff --git a/projects/vorbis/Dockerfile b/projects/vorbis/Dockerfile index 229481311..464555df2 100644 --- a/projects/vorbis/Dockerfile +++ b/projects/vorbis/Dockerfile @@ -20,6 +20,7 @@ RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-conf RUN git clone https://git.xiph.org/ogg.git RUN git clone https://git.xiph.org/vorbis.git RUN svn export https://github.com/mozillasecurity/fuzzdata.git/trunk/samples/ogg decode_corpus +RUN svn export --force https://github.com/mozillasecurity/fuzzdata.git/trunk/samples/vorbis decode_corpus RUN wget --cut-dirs 3 --recursive --level=1 -A ".ogg" https://people.xiph.org/~xiphmont/test-vectors/vorbis/ WORKDIR vorbis COPY build.sh $SRC/ diff --git a/projects/wabt/Dockerfile b/projects/wabt/Dockerfile index 97a96d3e5..86caa3184 100644 --- a/projects/wabt/Dockerfile +++ b/projects/wabt/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -MAINTAINER wasm-waterfall@grotations.appspotmail.com +MAINTAINER binji@chromium.org RUN apt-get update && apt-get install -y cmake libtool make python RUN git clone --recursive https://github.com/WebAssembly/wabt WORKDIR wabt diff --git a/projects/wabt/project.yaml b/projects/wabt/project.yaml index f99caa867..933f9f295 100644 --- a/projects/wabt/project.yaml +++ b/projects/wabt/project.yaml @@ -1,5 +1,5 @@ homepage: "https://github.com/WebAssembly/wabt" -primary_contact: "dschuff@chromium.org" +primary_contact: "binji@chromium.org" sanitizers: - address - memory diff --git a/projects/wasmtime/Dockerfile b/projects/wasmtime/Dockerfile new file mode 100644 index 000000000..a70765b01 --- /dev/null +++ b/projects/wasmtime/Dockerfile @@ -0,0 +1,31 @@ +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER foote@fastly.com +RUN apt-get update && apt-get install -y make autoconf automake libtool curl cmake python llvm-dev libclang-dev clang + +ENV CARGO_HOME=/rust RUSTUP_HOME=/rust/rustup PATH=$PATH:/rust/bin +RUN curl https://sh.rustup.rs | sh -s -- -y --default-toolchain=nightly +RUN cargo install cargo-fuzz + +RUN git clone --depth 1 https://github.com/bytecodealliance/wasmtime wasmtime +WORKDIR wasmtime +RUN git submodule update --init --recursive + +RUN git clone --depth 1 https://github.com/bytecodealliance/wasmtime-libfuzzer-corpus wasmtime-libfuzzer-corpus + +COPY build.sh $SRC/ diff --git a/projects/wasmtime/build.sh b/projects/wasmtime/build.sh new file mode 100755 index 000000000..82fbaace2 --- /dev/null +++ b/projects/wasmtime/build.sh @@ -0,0 +1,40 @@ +#!/bin/bash -eu +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Note: This project creates Rust fuzz targets exclusively + +export CUSTOM_LIBFUZZER_PATH="$LIB_FUZZING_ENGINE_DEPRECATED" +export CUSTOM_LIBFUZZER_STD_CXX=c++ +PROJECT_DIR=$SRC/wasmtime + +# Because Rust does not support sanitizers via CFLAGS/CXXFLAGS, the environment +# variables are overridden with values from base-images/base-clang only + +export CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" +export CXXFLAGS_EXTRA="-stdlib=libc++" +export CXXFLAGS="$CFLAGS $CXXFLAGS_EXTRA" +export RUSTFLAGS="-Cdebuginfo=1 -Cforce-frame-pointers" + +cd $PROJECT_DIR/fuzz && cargo fuzz build -O --debug-assertions + +FUZZ_TARGET_OUTPUT_DIR=$PROJECT_DIR/target/x86_64-unknown-linux-gnu/release +for f in $SRC/wasmtime/fuzz/fuzz_targets/*.rs +do + FUZZ_TARGET_NAME=$(basename ${f%.*}) + cp $FUZZ_TARGET_OUTPUT_DIR/$FUZZ_TARGET_NAME $OUT/ + zip -jr $OUT/${FUZZ_TARGET_NAME}_seed_corpus.zip $PROJECT_DIR/wasmtime-libfuzzer-corpus/$FUZZ_TARGET_NAME/ +done diff --git a/projects/wasmtime/project.yaml b/projects/wasmtime/project.yaml new file mode 100644 index 000000000..508523f57 --- /dev/null +++ b/projects/wasmtime/project.yaml @@ -0,0 +1,11 @@ +homepage: "https://wasmtime.dev/" +primary_contact: "jonathan.foote@gmail.com" +auto_ccs: + - "security@bytecodealliance.org" + - "fitzgen@gmail.com" + - "alex@alexcrichton.com" +sanitizers: + - address +fuzzing_engines: + - libfuzzer +language: rust diff --git a/projects/wavpack/project.yaml b/projects/wavpack/project.yaml index ecc8140d4..5e334e8bf 100644 --- a/projects/wavpack/project.yaml +++ b/projects/wavpack/project.yaml @@ -5,3 +5,5 @@ auto_ccs: - thuanpv.nus@gmail.com sanitizers: - address +- memory +- undefined diff --git a/projects/wget/build.sh b/projects/wget/build.sh index 3d9c27757..840977d73 100755 --- a/projects/wget/build.sh +++ b/projects/wget/build.sh @@ -67,7 +67,8 @@ LIBS="-lunistring" \ CFLAGS="$GNUTLS_CFLAGS" \ ./configure --with-nettle-mini --enable-gcc-warnings --enable-static --disable-shared --with-included-libtasn1 \ --with-included-unistring --without-p11-kit --disable-doc --disable-tests --disable-tools --disable-cxx \ - --disable-maintainer-mode --disable-libdane --disable-gcc-warnings --prefix=$WGET_DEPS_PATH $GNUTLS_CONFIGURE_FLAGS + --disable-maintainer-mode --disable-libdane --disable-gcc-warnings --disable-full-test-suite \ + --prefix=$WGET_DEPS_PATH $GNUTLS_CONFIGURE_FLAGS make -j$(nproc) make install diff --git a/projects/wget2/build.sh b/projects/wget2/build.sh index 4646bcb2d..3ad4e04bd 100755 --- a/projects/wget2/build.sh +++ b/projects/wget2/build.sh @@ -67,7 +67,8 @@ LIBS="-lunistring" \ CFLAGS="$GNUTLS_CFLAGS" \ ./configure --with-nettle-mini --enable-gcc-warnings --enable-static --disable-shared --with-included-libtasn1 \ --with-included-unistring --without-p11-kit --disable-doc --disable-tests --disable-tools --disable-cxx \ - --disable-maintainer-mode --disable-libdane --disable-gcc-warnings --prefix=$WGET2_DEPS_PATH $GNUTLS_CONFIGURE_FLAGS + --disable-maintainer-mode --disable-libdane --disable-gcc-warnings --disable-full-test-suite \ + --prefix=$WGET2_DEPS_PATH $GNUTLS_CONFIGURE_FLAGS make -j$(nproc) make install diff --git a/projects/wolfssl/project.yaml b/projects/wolfssl/project.yaml index f0ac195b6..cc75e089d 100644 --- a/projects/wolfssl/project.yaml +++ b/projects/wolfssl/project.yaml @@ -1,12 +1,18 @@ homepage: "https://www.wolfssl.com/" primary_contact: "jacob@wolfssl.com" auto_ccs: - - "david@wolfssl.com" - - "kaleb@wolfssl.com" - - "levi@wolfssl.com" - - "testing@wolfssl.com" + - "david@wolfssl.com" + - "kaleb@wolfssl.com" + - "levi@wolfssl.com" + - "testing@wolfssl.com" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz + - dataflow sanitizers: - - address - - memory: - experimental: True - - undefined + - address + - memory: + experimental: True + - undefined + - dataflow diff --git a/projects/wuffs/project.yaml b/projects/wuffs/project.yaml index 92516bfca..5b09d296f 100644 --- a/projects/wuffs/project.yaml +++ b/projects/wuffs/project.yaml @@ -1,5 +1,14 @@ homepage: "https://github.com/google/wuffs" primary_contact: "nigeltao@golang.org" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz + - dataflow +sanitizers: + - address + - undefined + - dataflow architectures: - x86_64 - i386 diff --git a/projects/xerces-c/xmlProtoConverter.cpp b/projects/xerces-c/xmlProtoConverter.cpp index b2caf67a2..f8a47dee2 100644 --- a/projects/xerces-c/xmlProtoConverter.cpp +++ b/projects/xerces-c/xmlProtoConverter.cpp @@ -56,6 +56,9 @@ void ProtoConverter::visit(Prolog const& _x) void ProtoConverter::visit(KeyValue const& _x) { + if (!KeyValue::XmlNamespace_IsValid(_x.type())) + return; + switch (_x.type()) { case KeyValue::ATTRIBUTES: @@ -127,6 +130,9 @@ void ProtoConverter::visit(Content const& _x) void ProtoConverter::visit(ElementDecl const& _x) { + if (!ElementDecl::ContentSpec_IsValid(_x.spec())) + return; + m_output << "<!ELEMENT " << _x.name() << " "; switch (_x.spec()) { @@ -167,6 +173,9 @@ void ProtoConverter::visit(ElementDecl const& _x) void ProtoConverter::visit(AttValue const& _x) { + if (!isValid(_x)) + return; + m_output << "\""; string prefix; switch (_x.type()) @@ -196,6 +205,9 @@ void ProtoConverter::visit(AttValue const& _x) void ProtoConverter::visit(DefaultDecl const& _x) { + if (!isValid(_x)) + return; + switch (_x.type()) { case DefaultDecl::REQUIRED: @@ -219,6 +231,9 @@ void ProtoConverter::visit(DefaultDecl const& _x) void ProtoConverter::visit(AttDef const& _x) { + if (!isValid(_x)) + return; + m_output << " " << removeNonAscii(_x.name()) << " "; switch (_x.type()) { @@ -323,6 +338,9 @@ void ProtoConverter::visit(PEDef const& _x) void ProtoConverter::visit(EntityValue const& _x) { + if (!isValid(_x)) + return; + m_output << "\""; string prefix; switch (_x.type()) @@ -353,6 +371,9 @@ void ProtoConverter::visit(EntityValue const& _x) void ProtoConverter::visit(EntityDecl const& _x) { + if (!isValid(_x)) + return; + m_output << "<!ENTITY "; switch (_x.type()) { @@ -373,6 +394,9 @@ void ProtoConverter::visit(EntityDecl const& _x) void ProtoConverter::visit(ConditionalSect const& _x) { + if (!isValid(_x)) + return; + switch (_x.type()) { case ConditionalSect::INCLUDE: @@ -486,6 +510,9 @@ string ProtoConverter::getPredefined(Element_Id _x, string const& _prop) /// Returns uri string for a given Element_Id type string ProtoConverter::getUri(Element_Id _x) { + if (!Element::Id_IsValid(_x)) + return s_XInclude; + switch (_x) { case Element::XIINCLUDE: @@ -504,6 +531,9 @@ string ProtoConverter::getUri(Element_Id _x) void ProtoConverter::visit(Element const& _x) { + if (!isValid(_x)) + return; + // Predefined child node string child = {}; // Predefined uri for child node @@ -550,6 +580,9 @@ void ProtoConverter::visit(Element const& _x) void ProtoConverter::visit(ExternalId const& _x) { + if (!isValid(_x)) + return; + switch (_x.type()) { case ExternalId::SYSTEM: @@ -581,6 +614,9 @@ void ProtoConverter::visit(DocTypeDecl const& _x) void ProtoConverter::visit(VersionNum const& _x) { + if (!isValid(_x)) + return; + switch (_x.type()) { case VersionNum::STANDARD: @@ -596,6 +632,9 @@ void ProtoConverter::visit(VersionNum const& _x) void ProtoConverter::visit(Encodings const& _x) { + if (!Encodings::Enc_IsValid(_x.name())) + return; + m_output << " encoding=\""; switch (_x.name()) { @@ -699,6 +738,7 @@ void ProtoConverter::visit(XmlDeclaration const& _x) break; case XmlDeclaration_Standalone_XmlDeclaration_Standalone_INT_MIN_SENTINEL_DO_NOT_USE_: case XmlDeclaration_Standalone_XmlDeclaration_Standalone_INT_MAX_SENTINEL_DO_NOT_USE_: + default: break; } m_output << "?>\n"; @@ -715,4 +755,4 @@ string ProtoConverter::protoToString(XmlDocument const& _x) { visit(_x); return m_output.str(); -}
\ No newline at end of file +} diff --git a/projects/xerces-c/xmlProtoConverter.h b/projects/xerces-c/xmlProtoConverter.h index a6333f1b3..501dde36c 100644 --- a/projects/xerces-c/xmlProtoConverter.h +++ b/projects/xerces-c/xmlProtoConverter.h @@ -89,6 +89,11 @@ private: void visit(XmlDocument const&); + template <typename T> + bool isValid(T const& messageType) { + return T::Type_IsValid(messageType.type()); + } + std::string removeNonAscii(std::string const&); std::string getUri(Element_Id _x); std::string getPredefined(Element_Id _x, std::string const&); diff --git a/projects/zlib-ng/project.yaml b/projects/zlib-ng/project.yaml index b2aa5cd60..26cdaa65b 100644 --- a/projects/zlib-ng/project.yaml +++ b/projects/zlib-ng/project.yaml @@ -18,10 +18,16 @@ homepage: "https://github.com/Dead2/zlib-ng" primary_contact: "zlib-ng@circlestorm.org" auto_ccs: - "sebpop@gmail.com" +fuzzing_engines: + - libfuzzer + - afl + - honggfuzz + - dataflow sanitizers: - address - memory - undefined + - dataflow architectures: - x86_64 - i386 |