diff --git a/projects/goipp/fuzzer/fuzz_collections.go b/projects/goipp/fuzzer/fuzz_collections.go new file mode 100644 index 0000000..2530b74 --- /dev/null +++ b/projects/goipp/fuzzer/fuzz_collections.go @@ -0,0 +1,32 @@ +/* + * Fuzz target for goipp's handling of Collection attributes. + */ + + +package fuzzer + +import ( + "testing" + "github.com/OpenPrinting/goipp" +) + + +func FuzzCollections(f *testing.F) { + f.Fuzz(func(t *testing.T, data []byte) { + var m goipp.Message + if err := m.DecodeBytes(data); err != nil { + t.Skip() + } + + // Test that collections can be accessed without panics + for _, group := range m.AttrGroups() { + for _, attr := range group.Attrs { + for _, val := range attr.Values { + if collection, ok := val.V.(goipp.Collection); ok { + _ = collection.String() + } + } + } + } + }) +} \ No newline at end of file diff --git a/projects/goipp/oss_fuzz_build.sh b/projects/goipp/oss_fuzz_build.sh index 694309a..7e066e8 100644 --- a/projects/goipp/oss_fuzz_build.sh +++ b/projects/goipp/oss_fuzz_build.sh @@ -4,23 +4,21 @@ mkdir -p $SRC/goipp/fuzzer cp $SRC/fuzzing/projects/goipp/fuzzer/fuzz_decode_bytes.go $SRC/goipp/fuzzer/ cp $SRC/fuzzing/projects/goipp/fuzzer/fuzz_decode_bytes_ex.go $SRC/goipp/fuzzer/ cp $SRC/fuzzing/projects/goipp/fuzzer/fuzz_round_trip.go $SRC/goipp/fuzzer/ +cp $SRC/fuzzing/projects/goipp/fuzzer/fuzz_collections.go $SRC/goipp/fuzzer/ -# seed corpus for FuzzDecodeBytes -mkdir -p $WORK/fuzz_decode_bytes_corpus -cp $SRC/fuzzing/projects/goipp/seeds/fuzz_decode_bytes_seed_corpus/* $WORK/fuzz_decode_bytes_corpus/ +# Corpus for fuzzers that accept good AND bad messages +mkdir -p $WORK/good_and_bad_ipp_messages_seed_corpus +cp $SRC/fuzzing/projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/* $WORK/good_and_bad_ipp_messages_seed_corpus/ cd $WORK -zip -r $OUT/fuzz_decode_bytes_seed_corpus.zip fuzz_decode_bytes_corpus/ +zip -r $OUT/fuzz_decode_bytes_seed_corpus.zip good_and_bad_ipp_messages_seed_corpus/ +zip -r $OUT/fuzz_decode_bytes_ex_seed_corpus.zip good_and_bad_ipp_messages_seed_corpus/ +zip -r $OUT/fuzz_collections_seed_corpus.zip good_and_bad_ipp_messages_seed_corpus/ -# seed corpus for FuzzDecodeBytesEx -mkdir -p $WORK/fuzz_decode_bytes_ex_corpus -cp $SRC/fuzzing/projects/goipp/seeds/fuzz_decode_bytes_ex_seed_corpus/* $WORK/fuzz_decode_bytes_ex_corpus/ -zip -r $OUT/fuzz_decode_bytes_ex_seed_corpus.zip fuzz_decode_bytes_ex_corpus/ - -# seed corpus for FuzzRoundTrip -mkdir -p $WORK/fuzz_round_trip_corpus -cp $SRC/fuzzing/projects/goipp/seeds/fuzz_round_trip_seed_corpus/* $WORK/fuzz_round_trip_corpus/ -zip -r $OUT/fuzz_round_trip_seed_corpus.zip fuzz_round_trip_corpus/ +# Corpus for fuzzers that expect only valid (good) IPP messages +mkdir -p $WORK/good_ipp_messages_seed_corpus +cp $SRC/fuzzing/projects/goipp/seeds/good_ipp_messages_seed_corpus/* $WORK/good_ipp_messages_seed_corpus/ +zip -r $OUT/fuzz_round_trip_seed_corpus.zip good_ipp_messages_seed_corpus/ # build dependencies and fiuzzers cd $SRC/goipp @@ -30,4 +28,5 @@ go get github.com/AdamKorcz/go-118-fuzz-build/testing compile_native_go_fuzzer github.com/OpenPrinting/goipp/fuzzer FuzzDecodeBytes fuzz_decode_bytes compile_native_go_fuzzer github.com/OpenPrinting/goipp/fuzzer FuzzDecodeBytesEx fuzz_decode_bytes_ex -compile_native_go_fuzzer github.com/OpenPrinting/goipp/fuzzer FuzzRoundTrip fuzz_round_trip \ No newline at end of file +compile_native_go_fuzzer github.com/OpenPrinting/goipp/fuzzer FuzzRoundTrip fuzz_round_trip +compile_native_go_fuzzer github.com/OpenPrinting/goipp/fuzzer FuzzCollections fuzz_collections diff --git a/projects/goipp/seeds/fuzz_round_trip_seed_corpus/goodMessage1.ipp b/projects/goipp/seeds/fuzz_round_trip_seed_corpus/goodMessage1.ipp deleted file mode 100644 index adbff08..0000000 Binary files a/projects/goipp/seeds/fuzz_round_trip_seed_corpus/goodMessage1.ipp and /dev/null differ diff --git a/projects/goipp/seeds/fuzz_round_trip_seed_corpus/goodMessage2.ipp b/projects/goipp/seeds/fuzz_round_trip_seed_corpus/goodMessage2.ipp deleted file mode 100644 index f07cc15..0000000 Binary files a/projects/goipp/seeds/fuzz_round_trip_seed_corpus/goodMessage2.ipp and /dev/null differ diff --git a/projects/goipp/seeds/fuzz_decode_bytes_ex_seed_corpus/badmessage1.ipp b/projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/badmessage1.ipp similarity index 100% rename from projects/goipp/seeds/fuzz_decode_bytes_ex_seed_corpus/badmessage1.ipp rename to projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/badmessage1.ipp diff --git a/projects/goipp/seeds/fuzz_decode_bytes_ex_seed_corpus/goodMessage1.ipp b/projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/goodMessage1.ipp similarity index 100% rename from projects/goipp/seeds/fuzz_decode_bytes_ex_seed_corpus/goodMessage1.ipp rename to projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/goodMessage1.ipp diff --git a/projects/goipp/seeds/fuzz_decode_bytes_ex_seed_corpus/goodMessage2.ipp b/projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/goodMessage2.ipp similarity index 100% rename from projects/goipp/seeds/fuzz_decode_bytes_ex_seed_corpus/goodMessage2.ipp rename to projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/goodMessage2.ipp diff --git a/projects/goipp/seeds/fuzz_decode_bytes_seed_corpus/goodMessage1.ipp b/projects/goipp/seeds/good_ipp_messages_seed_corpus/goodMessage1.ipp similarity index 100% rename from projects/goipp/seeds/fuzz_decode_bytes_seed_corpus/goodMessage1.ipp rename to projects/goipp/seeds/good_ipp_messages_seed_corpus/goodMessage1.ipp diff --git a/projects/goipp/seeds/fuzz_decode_bytes_seed_corpus/goodMessage2.ipp b/projects/goipp/seeds/good_ipp_messages_seed_corpus/goodMessage2.ipp similarity index 100% rename from projects/goipp/seeds/fuzz_decode_bytes_seed_corpus/goodMessage2.ipp rename to projects/goipp/seeds/good_ipp_messages_seed_corpus/goodMessage2.ipp