diff options
author | Catena cyber <35799796+catenacyber@users.noreply.github.com> | 2021-03-31 18:34:58 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-01 01:34:58 +0900 |
commit | 15bc2685b51612748bcfdb820bb4d42087a7dce1 (patch) | |
tree | 40b061d68e27054b4eae11fdfd36d85032c6bbcf | |
parent | 79d44219e74836e9151898de8debb2b26e8e7c29 (diff) | |
download | tinyobjloader-15bc2685b51612748bcfdb820bb4d42087a7dce1.tar.gz |
Fuzz target for oss-fuzz integration (#302)
* Fuzz target for oss-fuzz integration
* README for fuzzing
-rw-r--r-- | CMakeLists.txt | 5 | ||||
-rw-r--r-- | fuzzer/README.md | 47 | ||||
-rw-r--r-- | fuzzer/fuzz_ParseFromString.cc | 26 |
3 files changed, 78 insertions, 0 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 4a82c92..8f1eb79 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -109,6 +109,11 @@ write_basic_package_version_file(${PROJECT_NAME}-config-version.cmake #pkg-config file configure_file(${PROJECT_NAME}.pc.in ${LIBRARY_NAME}.pc @ONLY) +if(DEFINED ENV{LIB_FUZZING_ENGINE}) + add_executable(fuzz_ParseFromString fuzzer/fuzz_ParseFromString.cc) + target_link_libraries(fuzz_ParseFromString ${LIBRARY_NAME} $ENV{LIB_FUZZING_ENGINE}) +endif() + #Installation install(TARGETS ${LIBRARY_NAME} diff --git a/fuzzer/README.md b/fuzzer/README.md new file mode 100644 index 0000000..a30cd67 --- /dev/null +++ b/fuzzer/README.md @@ -0,0 +1,47 @@ +# Fuzzing test + +Do fuzzing test for tinyobjloader + +## Supported API + +* [x] ParseFromString + +## Requirements + +* clang with fuzzer support(`-fsanitize=fuzzer`. at least clang 8.0 should work) + +## Setup + +### Ubuntu 18.04 + +``` +$ sudo apt install clang++-8 +$ sudo apt install libfuzzer-8-dev +``` + +Optionally, if you didn't set `update-alternatives` you can set `clang++` to point to `clang++8` + +``` +$ sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-8 10 +$ sudo update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-8 10 +``` + +## How to compile + +Fuzz target is compiled with the rest of the project when environment variable `LIB_FUZZING_ENGINE` is defined when running cmake +With clang, you can compile with +``` +$ export LIB_FUZZING_ENGINE=-fsanitize=fuzzer +$ mkdir build && cd build +$ cmake .. -DBUILD_SHARED_LIBS=OFF +$ make -j $(nproc) +``` + +## How to run + +Increase memory limit. e.g. `-rss_limit_mb=2000` +cf libfuzzer.info for all options + +``` +$ ./fuzz_ParseFromString -rss_limit_mb=2000 +``` diff --git a/fuzzer/fuzz_ParseFromString.cc b/fuzzer/fuzz_ParseFromString.cc new file mode 100644 index 0000000..aa45f89 --- /dev/null +++ b/fuzzer/fuzz_ParseFromString.cc @@ -0,0 +1,26 @@ +#include <stdio.h> +#include <stdlib.h> +#include <stdint.h> +#include <stdarg.h> +#include <string.h> + +#define TINYOBJLOADER_IMPLEMENTATION // define this in only *one* .cc +#include "tiny_obj_loader.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + tinyobj::ObjReaderConfig reader_config; + tinyobj::ObjReader reader; + if (Size < 2) { + return 0; + } + for (size_t i = 0; i < Size-1; i++) { + if (Data[i] == 0) { + std::string obj_text (reinterpret_cast<const char*>(Data), i); + std::string mtl_text (reinterpret_cast<const char*>(Data+i+1), Size-i-1); + reader.ParseFromString(obj_text, mtl_text,reader_config); + return 0; + } + } + return 0; +} + |