Skip to content

Upload fuzz_ppd harness #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 27, 2025
Merged

Upload fuzz_ppd harness #6

merged 3 commits into from
Mar 27, 2025

Conversation

@k-furman
Copy link
Contributor

@k-furman k-furman commented Feb 25, 2025

Add fuzz_ppd harness for fuzzing,
add build rules and seed corpus files.
This harness has been tested on the aflplusplus/aflplusplus docker container with these specifications:

/ # cat /etc/debian_version 
bookworm/sid
/ # clang --version
Ubuntu clang version 16.0.6 (++20231112100510+7cbf1a259152-1~exp1~20231112100554.106)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin

Project was built this way:

CC=afl-clang-lto
CXX=afl-clang-lto++
AFL_USE_ASAN=1
./configure --enable-static --disable-shared --host=x86_64
make -C cups/
make -C fuzzer/

Fuzzing runs like this:

afl-fuzz -i in/ -o out/ ./fuzz_ppd @@

Works well for afl-fuzz.

@k-furman
Upload fuzz_ppd harness
a3f8124 
Add fuzz_ppd harness for fuzzing,
add build rules and seed corpus files.
@fish98
Copy link
Collaborator

fish98 commented Feb 26, 2025

Thank you for your contribution. The code looks good to me but please allow some time for testing the availability of the harness before merging, so it can be adopted into the OSS-Fuzz testing loop.

Meanwhile, In line with the Open Source principles upheld by OpenPrinting, could you provide either the script (not the binary) or a description of how to generate the newly added three fuzz corpora located in projects/cups/seeds/fuzz_ppd_seed_corpus/*? It will enable everyone to reproduce the generated binary seed :)

@fish98 fish98 self-assigned this Feb 26, 2025
@k-furman
Copy link
Contributor Author

k-furman commented Feb 26, 2025

The seed files for this harness can be generated this way, where cups/test.ppd and cups/test2.ppd - are original ppd files from the cups project:

echo -n -e "Letter\0na-letter\0roll_max_36.1025x3622.0472in\0 4x6\0Foo\0foo=buz option=option Foo=Buz tag=fooz\0datanum1920\0datanum1080\0" > 1
cat cups/test.ppd >> 1

echo -n -e "A4\0Letter\0iso_a4_210x297mm\0 2x8\0Option\0Option=Bar Foo=Buz AL=666 Astra=Aspera\0datanum1337\0datanum4242\0 " > 2
cat cups/test2.ppd >> 2

echo -n -e "A4\0A4\0iso_a4_210x297mm\0 2x8\0Astra\0Per=Aspera Ad=Astra\0datanum2048\0datanum2048\0 " > 3
cat cups/test2.ppd >> 3

Arguments separated by '\0' because of the use of the strdup() function, which can guarantee that the string is null-terminated to prevent overflows and incorrect function calls.

@fish98
Copy link
Collaborator

fish98 commented Mar 4, 2025

The seed files for this harness can be generated this way, where cups/test.ppd and cups/test2.ppd - are original ppd files from the cups project:

echo -n -e "Letter\0na-letter\0roll_max_36.1025x3622.0472in\0 4x6\0Foo\0foo=buz option=option Foo=Buz tag=fooz\0datanum1920\0datanum1080\0" > 1
cat cups/test.ppd >> 1

echo -n -e "A4\0Letter\0iso_a4_210x297mm\0 2x8\0Option\0Option=Bar Foo=Buz AL=666 Astra=Aspera\0datanum1337\0datanum4242\0 " > 2
cat cups/test2.ppd >> 2

echo -n -e "A4\0A4\0iso_a4_210x297mm\0 2x8\0Astra\0Per=Aspera Ad=Astra\0datanum2048\0datanum2048\0 " > 3
cat cups/test2.ppd >> 3

Arguments separated by '\0' because of the use of the strdup() function, which can guarantee that the string is null-terminated to prevent overflows and incorrect function calls.

Thank you for the detailed documentation regarding the fuzzing corpora. I will update the corresponding README.

The local building for fuzz_ppd pops direct memory leak caused by unhandled variables such as ppdsize and cups_options (similar types). I will take some free time to address these false positives before finally merging them into the productive main branch :)

@k-furman
Copy link
Contributor Author

k-furman commented Mar 5, 2025

Ok! Thank you so much!

@k-furman
Copy link
Contributor Author

k-furman commented Mar 25, 2025

Just a friendly reminder.

fish98 and others added 2 commits March 27, 2025 23:45
@fish98 @k-furman
update README to guide local building
282a0d1 
Signed-off-by: TTFISH <jiongchiyu@gmail.com>
Co-authored-by: k-furman <k-furman@users.noreply.github.com>
@fish98
Temporarily disable libppd for OSS-Fuzz
1aa1db3 
Direct leak exist in fuzzing harness, need refine and fix the issue first, then enable for production OSS-Fuzz.

Signed-off-by: TTFISH <jiongchiyu@gmail.com>
@fish98 fish98 merged commit e06ad8a into OpenPrinting:main Mar 27, 2025
@fish98
Copy link
Collaborator

fish98 commented Mar 27, 2025

Many thanks for your contribution! Currently the harness still exhibits memory-related issues within the OSS-Fuzz framework. The memory allocation within the harness requires revisions to properly manage the memory lifecycle. We will enable the harness after fixing this problem :)

@fish98 fish98 mentioned this pull request Apr 13, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@fish98 fish98

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@k-furman @fish98