clusterfuzzlite support

.clusterfuzzlite/Dockerfile

@@ -0,0 +1,5 @@
+FROM gcr.io/oss-fuzz-base/base-builder:v1
+COPY . $SRC/app-boilerplate
+COPY ./.clusterfuzzlite/build.sh $SRC/
+RUN git clone https://github.com/LedgerHQ/ledger-secure-sdk.git $SRC/app-boilerplate/BOLOS_SDK
+WORKDIR $SRC/app-boilerplate

.clusterfuzzlite/build.sh

@@ -0,0 +1,9 @@
+#!/bin/bash -eu
+
+# build fuzzers
+
+pushd fuzzing
+cmake -DBOLOS_SDK=../BOLOS_SDK -Bbuild -H.
+make -C build
+mv ./build/fuzz_tx_parser $OUT
+popd

.clusterfuzzlite/project.yaml

@@ -0,0 +1 @@
+language: c

.github/workflows/cflite_batch.yml

@@ -0,0 +1,35 @@
+name: ClusterFuzzLite batch fuzzing
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master  # Use your actual default branch here.
+  schedule:
+    - cron: '0 12 * * 6'  # At 12:00 PM, only on Saturday
+permissions: read-all
+jobs:
+  BatchFuzzing:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer: [address, undefined, memory] # Override this with the sanitizers you want.
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        language: c # Change this to the language you are fuzzing.
+        sanitizer: ${{ matrix.sanitizer }}
+    - name: Run Fuzzers (${{ matrix.sanitizer }})
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 300 # 5 minutes
+        mode: 'batch'
+        sanitizer: ${{ matrix.sanitizer }}
+        # Optional but recommended: For storing certain artifacts from fuzzing.
+        storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/app-boilerplate-fuzz-storage.git
+        storage-repo-branch: main   # Optional. Defaults to "main"
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".

.github/workflows/cflite_cron.yml

@@ -0,0 +1,47 @@
+name: ClusterFuzzLite cron tasks
+on:
+  schedule:
+    - cron: '0 13 * * 6'  # At 01:00 PM, only on Saturday
+permissions: read-all
+jobs:
+  Pruning:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Build Fuzzers
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        language: c # Change this to the language you are fuzzing
+    - name: Run Fuzzers
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 300 # 5 minutes
+        mode: 'prune'
+        # Optional but recommended.
+        storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/app-boilerplate-fuzz-storage.git
+        storage-repo-branch: main   # Optional. Defaults to "main"
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+  Coverage:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Build Fuzzers
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        language: c # Change this to the language you are fuzzing.
+        sanitizer: coverage
+    - name: Run Fuzzers
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 300 # 5 minutes
+        mode: 'coverage'
+        sanitizer: 'coverage'
+        # Optional but recommended.
+        storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/app-boilerplate-fuzz-storage.git
+        storage-repo-branch: main   # Optional. Defaults to "main"
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+

.github/workflows/cflite_pr.yml

@@ -0,0 +1,42 @@
+name: ClusterFuzzLite PR fuzzing
+on:
+  pull_request:
+    paths:
+      - '**'
+permissions: read-all
+jobs:
+  PR:
+    runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
+      cancel-in-progress: true
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer: [address, undefined, memory] # Override this with the sanitizers you want.
+    steps:
+    - name: Build Fuzzers (${{ matrix.sanitizer }})
+      id: build
+      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+      with:
+        language: c # Change this to the language you are fuzzing.
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        sanitizer: ${{ matrix.sanitizer }}
+        # Optional but recommended: used to only run fuzzers that are affected
+        # by the PR.
+        storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/app-boilerplate-fuzz-storage.git
+        storage-repo-branch: main   # Optional. Defaults to "main"
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+    - name: Run Fuzzers (${{ matrix.sanitizer }})
+      id: run
+      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        fuzz-seconds: 300 # 5 minutes
+        mode: 'code-change'
+        sanitizer: ${{ matrix.sanitizer }}
+        # Optional but recommended: used to download the corpus produced by
+        # batch fuzzing.
+        storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/app-boilerplate-fuzz-storage.git
+        storage-repo-branch: main   # Optional. Defaults to "main"
+        storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".

fuzzing/CMakeLists.txt

@@ -8,29 +8,41 @@ endif()
 project(FuzzTxParser
         VERSION 1.0
 	      DESCRIPTION "Fuzzing of transaction parser"
-        LANGUAGES CXX)
+        LANGUAGES C)
 
 # guard against bad build-type strings
 if (NOT CMAKE_BUILD_TYPE)
   set(CMAKE_BUILD_TYPE "Debug")
 endif()
 
+if (NOT CMAKE_C_COMPILER_ID MATCHES "Clang")
+    message(FATAL_ERROR "Fuzzer needs to be built with Clang")
+endif()
+
+if (NOT DEFINED BOLOS_SDK)
+  message(FATAL_ERROR "BOLOS_SDK environment variable not found.")
+endif()
+
 # guard against in-source builds
 if(${CMAKE_SOURCE_DIR} STREQUAL ${CMAKE_BINARY_DIR})
   message(FATAL_ERROR "In-source builds not allowed. Please make a new directory (called a build directory) and run CMake from there. You may need to remove CMakeCache.txt. ")
 endif()
 
+# compatible with ClusterFuzzLite
+if (NOT DEFINED ENV{LIB_FUZZING_ENGINE})
+	set(COMPILATION_FLAGS_ "-g -Wall -fsanitize=fuzzer,address,undefined")
+else()
+	set(COMPILATION_FLAGS_ "$ENV{LIB_FUZZING_ENGINE} $ENV{CXXFLAGS}")
+endif()
+
 set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
 
-include(extra/TxParser.cmake)
+string(REPLACE " " ";" COMPILATION_FLAGS ${COMPILATION_FLAGS_})
 
-add_executable(fuzz_tx_parser fuzz_tx_parser.cc)
+include(extra/TxParser.cmake)
 
-target_compile_options(fuzz_tx_parser
-    PRIVATE $<$<C_COMPILER_ID:Clang>:-g -O2 -fsanitize=fuzzer,address,undefined>
-)
+add_executable(fuzz_tx_parser fuzz_tx_parser.c)
 
-target_link_libraries(fuzz_tx_parser
-    PRIVATE $<$<C_COMPILER_ID:Clang>:-fsanitize=fuzzer,address,undefined>
-    PUBLIC txparser
-)
+target_compile_options(fuzz_tx_parser PUBLIC ${COMPILATION_FLAGS})
+target_link_options(fuzz_tx_parser PUBLIC ${COMPILATION_FLAGS})
+target_link_libraries(fuzz_tx_parser PUBLIC txparser)

fuzzing/README.md

@@ -5,7 +5,7 @@
 In `fuzzing` folder
 
 ```
-cmake -DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -Bbuild -H.
+cmake -DBOLOS_SDK=/path/to/sdk -DCMAKE_C_COMPILER=/usr/bin/clang -Bbuild -H.
 ```
 
 then

fuzzing/extra/TxParser.cmake

@@ -8,20 +8,23 @@ project(TxParser
 set(CMAKE_C_STANDARD 11)
 set(CMAKE_C_STANDARD_REQUIRED True)
 set(CMAKE_C_FLAGS_DEBUG
-    "${CMAKE_C_FLAGS_DEBUG} -Werror -Wall -Wextra -Wno-unused-function -DFUZZ -pedantic -g -O0"
+    "${CMAKE_C_FLAGS_DEBUG} -Wall -Wextra -Wno-unused-function -DFUZZ -pedantic -g -O0"
 )
 
-add_library(txparser SHARED
-    ${CMAKE_CURRENT_SOURCE_DIR}/../src/common/bip32.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/../src/common/varint.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/../src/common/read.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/../src/common/write.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/../src/common/buffer.c
-    ${CMAKE_CURRENT_SOURCE_DIR}/../src/common/format.c
+add_library(txparser
+    ${BOLOS_SDK}/lib_standard_app/format.c
+    ${BOLOS_SDK}/lib_standard_app/buffer.c
+    ${BOLOS_SDK}/lib_standard_app/read.c
+    ${BOLOS_SDK}/lib_standard_app/varint.c
+    ${BOLOS_SDK}/lib_standard_app/bip32.c
+    ${BOLOS_SDK}/lib_standard_app/write.c
     ${CMAKE_CURRENT_SOURCE_DIR}/../src/transaction/utils.c
     ${CMAKE_CURRENT_SOURCE_DIR}/../src/transaction/deserialize.c
 )
 
 set_target_properties(txparser PROPERTIES SOVERSION 1)
 
-target_include_directories(txparser PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../src)
+target_include_directories(txparser PUBLIC
+    ${CMAKE_CURRENT_SOURCE_DIR}/../src
+    ${BOLOS_SDK}/lib_standard_app
+)

fuzzing/fuzz_tx_parser.cc → fuzzing/fuzz_tx_parser.c

@@ -3,15 +3,12 @@
 #include <string.h>
 #include <sys/types.h>
 
-extern "C" {
-#include "common/buffer.h"
-#include "common/format.h"
 #include "transaction/deserialize.h"
 #include "transaction/utils.h"
 #include "transaction/types.h"
-}
+#include "format.h"
 
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     buffer_t buf = {.ptr = data, .size = size, .offset = 0};
     transaction_t tx;
     parser_status_e status;