diff options
| -rw-r--r-- | projects/opencv/Dockerfile | 23 | ||||
| -rwxr-xr-x | projects/opencv/build.sh | 31 | ||||
| -rw-r--r-- | projects/opencv/fuzzer_temp_file.h | 81 | ||||
| -rw-r--r-- | projects/opencv/imdecode_fuzzer.cc | 16 | ||||
| -rw-r--r-- | projects/opencv/imread_fuzzer.cc | 17 | ||||
| -rw-r--r-- | projects/opencv/project.yaml | 15 |
6 files changed, 183 insertions, 0 deletions
diff --git a/projects/opencv/Dockerfile b/projects/opencv/Dockerfile new file mode 100644 index 000000000..c7fe849ce --- /dev/null +++ b/projects/opencv/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get update && apt-get install -y build-essential cmake pkg-config +RUN git clone --depth 1 https://github.com/opencv/opencv.git opencv +WORKDIR $SRC/ + +COPY build.sh $SRC/ +COPY *.cc *.h $SRC/ diff --git a/projects/opencv/build.sh b/projects/opencv/build.sh new file mode 100755 index 000000000..e9003b430 --- /dev/null +++ b/projects/opencv/build.sh @@ -0,0 +1,31 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +mkdir opencv/build +pushd opencv/build +cmake -D CMAKE_BUILD_TYPE=Release -D CMAKE_INSTALL_PREFIX=$WORK \ + -DBUILD_SHARED_LIBS=OFF -DOPENCV_GENERATE_PKGCONFIG=ON \ + -DOPENCV_GENERATE_PKGCONFIG=ON -DOPENCV_FORCE_3RDPARTY_BUILD=ON .. +make -j$(nproc) +make install +popd + +for fuzzer in imdecode_fuzzer imread_fuzzer; do +$CXX $CXXFLAGS -lFuzzingEngine $fuzzer.cc -std=c++11 \ + $(pkg-config --static --libs --cflags $WORK/lib/pkgconfig/opencv4.pc) \ + -o $OUT/$fuzzer +done diff --git a/projects/opencv/fuzzer_temp_file.h b/projects/opencv/fuzzer_temp_file.h new file mode 100644 index 000000000..fe25cabae --- /dev/null +++ b/projects/opencv/fuzzer_temp_file.h @@ -0,0 +1,81 @@ +// Copyright 2018 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Adapter utility from fuzzer input to a temporary file, for fuzzing APIs that +// require a file instead of an input buffer. + +#ifndef FUZZER_TEMP_FILE_H_ +#define FUZZER_TEMP_FILE_H_ + +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +// Pure-C interface for creating and cleaning up temporary files. + +static char* fuzzer_get_tmpfile(const uint8_t* data, size_t size) { + char* filename_buffer = strdup("/tmp/generate_temporary_file.XXXXXX"); + if (!filename_buffer) { + perror("Failed to allocate file name buffer."); + abort(); + } + const int file_descriptor = mkstemp(filename_buffer); + if (file_descriptor < 0) { + perror("Failed to make temporary file."); + abort(); + } + FILE* file = fdopen(file_descriptor, "wb"); + if (!file) { + perror("Failed to open file descriptor."); + close(file_descriptor); + abort(); + } + const size_t bytes_written = fwrite(data, sizeof(uint8_t), size, file); + if (bytes_written < size) { + close(file_descriptor); + fprintf(stderr, "Failed to write all bytes to file (%zu out of %zu)", + bytes_written, size); + abort(); + } + fclose(file); + return filename_buffer; +} + +static void fuzzer_release_tmpfile(char* filename) { + if (unlink(filename) != 0) { + perror("WARNING: Failed to delete temporary file."); + } + free(filename); +} + +// C++ RAII object for creating temporary files. + +#ifdef __cplusplus +class FuzzerTemporaryFile { + public: + FuzzerTemporaryFile(const uint8_t* data, size_t size) + : filename_(fuzzer_get_tmpfile(data, size)) {} + + ~FuzzerTemporaryFile() { fuzzer_release_tmpfile(filename_); } + + const char* filename() const { return filename_; } + + private: + char* filename_; +}; +#endif + +#endif // FUZZER_TEMP_FILE_H_ diff --git a/projects/opencv/imdecode_fuzzer.cc b/projects/opencv/imdecode_fuzzer.cc new file mode 100644 index 000000000..3315214cf --- /dev/null +++ b/projects/opencv/imdecode_fuzzer.cc @@ -0,0 +1,16 @@ +#include <opencv2/opencv.hpp> +#include <opencv2/imgcodecs/legacy/constants_c.h> + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + std::vector<uint8_t> image_data = {data, data + size}; + // TODO: Try other image types than CV_8UC1. + cv::Mat data_matrix = + cv::Mat(1, image_data.size(), CV_8UC1, image_data.data()); + try { + cv::Mat decoded_matrix = cv::imdecode(data_matrix, CV_LOAD_IMAGE_UNCHANGED); + } catch (cv::Exception e) { + // Do nothing. + } + return 0; +} + diff --git a/projects/opencv/imread_fuzzer.cc b/projects/opencv/imread_fuzzer.cc new file mode 100644 index 000000000..8756d8ce3 --- /dev/null +++ b/projects/opencv/imread_fuzzer.cc @@ -0,0 +1,17 @@ +#include <cstddef> +#include <cstdint> +#include <unistd.h> + +#include <opencv2/opencv.hpp> +#include "fuzzer_temp_file.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + const FuzzerTemporaryFile file(data, size); + try { + cv::Mat matrix = cv::imread(file.filename()); + } catch (cv::Exception e) { + // Do nothing. + } + return 0; +} + diff --git a/projects/opencv/project.yaml b/projects/opencv/project.yaml new file mode 100644 index 000000000..e138634fe --- /dev/null +++ b/projects/opencv/project.yaml @@ -0,0 +1,15 @@ +homepage: "https://opencv.org/" +primary_contact: "kusano@google.com" + +experimental: true + +sanitizers: + - address + - undefined + - memory + +labels: + imdecode_fuzzer: + - sundew + imread_fuzzer: + - sundew |