Setup simple fuzzing for unrar. (#951)

* Get the shared library to build for unrar * Fuzz by writing temp file and calling CmdExtract::DoExtract() * Incorporate review feedback * Incorporate review feedback
google · Nov 13, 2017 · 44ac124 · 44ac124
1 parent 5830f0d
commit 44ac124
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 0 deletions.
diff --git a/projects/unrar/Dockerfile b/projects/unrar/Dockerfile
@@ -0,0 +1,25 @@
+# Copyright 2017 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER vakh@chromium.org
+RUN apt-get update && apt-get install -y make autoconf automake build-essential libtool wget
+
+RUN wget https://www.rarlab.com/rar/unrarsrc-5.5.8.tar.gz && tar xf unrarsrc-5.5.8.tar.gz
+
+WORKDIR unrar
+COPY build.sh $SRC/
+COPY unrar_fuzzer.cc $SRC/unrar/
diff --git a/projects/unrar/build.sh b/projects/unrar/build.sh
@@ -0,0 +1,30 @@
+#!/bin/bash -eu
+# Copyright 2017 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+UNRAR_SRC_DIR="$SRC/unrar"
+
+# build 'lib'. This builds libunrar.a and libunrar.so
+# -fPIC is required for successful compilation.
+make CXX=$CXX CXXFLAGS="$CXXFLAGS -fPIC" -C $UNRAR_SRC_DIR lib
+
+# remove the .so file so that the linker links unrar statically.
+rm -v $UNRAR_SRC_DIR/libunrar.so
+
+# build fuzzer
+$CXX $CXXFLAGS -I. $UNRAR_SRC_DIR/unrar_fuzzer.cc -o $OUT/unrar_fuzzer \
+     -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -DRAR_SMP -DRARDLL \
+     -lFuzzingEngine -L$UNRAR_SRC_DIR -lunrar
diff --git a/projects/unrar/unrar_fuzzer.cc b/projects/unrar/unrar_fuzzer.cc
@@ -0,0 +1,30 @@
+#include <memory>
+#include <stddef.h>
+#include <string>
+#include <unistd.h>
+
+#include "rar.hpp"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  char filename[] = "mytemp.XXXXXX";
+  int fd = mkstemp(filename);
+  write(fd, data, size);
+
+  std::unique_ptr<CommandData> cmd_data(new CommandData);
+  cmd_data->ParseArg(const_cast<wchar_t *>(L"-p"));
+  cmd_data->ParseArg(const_cast<wchar_t *>(L"x"));
+  cmd_data->ParseDone();
+  std::wstring wide_filename(filename, filename + strlen(filename));
+  cmd_data->AddArcName(wide_filename.c_str());
+
+  try {
+    CmdExtract extractor(cmd_data.get());
+    extractor.DoExtract();
+  } catch (...) {
+  }
+
+  close(fd);
+  unlink(filename);
+
+  return 0;
+}