boost: add new fuzzers

projects/boost/Dockerfile

@@ -20,7 +20,7 @@ RUN apt-get update && apt-get install -y g++ python
 RUN git clone --recursive https://github.com/boostorg/boost.git
 WORKDIR boost
 # Preferably, move boost_regex_fuzzer.cc to the boost repository.
-COPY build.sh *.cc $SRC/
+COPY build.sh *.zip *.cc $SRC/
 # This is to fix Fuzz Introspector build by using LLVM old pass manager
 # re https://github.com/ossf/fuzz-introspector/issues/305
 ENV OLD_LLVMPASS 1

projects/boost/boost_datetime_fuzzer.cc

@@ -0,0 +1,38 @@
+/* Copyright 2024 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+      http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// The ideal place for this fuzz target is the boost repository.
+#include <boost/date_time/gregorian/gregorian.hpp>
+#include <string>
+#include <fuzzer/FuzzedDataProvider.h>
+
+using namespace boost::gregorian;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    FuzzedDataProvider fdp(data, size);
+
+    try {
+        std::string s(fdp.ConsumeRandomLengthString(15));
+        date d(from_simple_string(s));
+        to_simple_string(d);
+
+        date d1(from_undelimited_string(s));
+        to_iso_extended_string(d1);
+
+        date::ymd_type ymd = d1.year_month_day();
+        greg_weekday wd = d1.day_of_week();
+        wd.as_long_string();
+        ymd.month.as_long_string();
+    } catch(...) {
+    }
+    return 0;
+}

projects/boost/boost_filesystem_fuzzer.cc

@@ -0,0 +1,49 @@
+/* Copyright 2024 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+      http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// The ideal place for this fuzz target is the boost repository.
+#include <boost/filesystem.hpp>
+#include <boost/filesystem/fstream.hpp>
+#include <string>
+#include <fuzzer/FuzzedDataProvider.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    FuzzedDataProvider fdp(data, size);
+    try {
+        boost::filesystem::path p(fdp.ConsumeRandomLengthString(5));
+
+        p.replace_filename(fdp.ConsumeRandomLengthString(5));
+
+        p.has_extension();
+        p.extension();
+        p.replace_extension(fdp.ConsumeRandomLengthString(3));
+
+        boost::filesystem::path p1(fdp.ConsumeRandomLengthString(5));
+        p.concat(p1);
+        p.append(p1);
+        p.remove_filename_and_trailing_separators();
+        p /= (p1);
+        p += (p1);
+
+        p.lexically_relative(p1);
+        p.filename_is_dot();
+        p.remove_filename();
+
+        p.swap(p1);
+        p.root_directory();
+        p.relative_path();
+        p.parent_path();
+        p.has_stem();
+    } catch(...) {
+    }
+    return 0;
+}

projects/boost/boost_graph_graphml_fuzzer.cc

@@ -0,0 +1,49 @@
+/* Copyright 2024 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+      http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// The ideal place for this fuzz target is the boost repository.
+#include <boost/graph/adjacency_list.hpp>
+#include <boost/graph/graphml.hpp>
+#include <boost/range/irange.hpp>
+#ifdef DEBUG
+#include <iostream>
+#endif
+#include <string>
+#include <sstream>
+#include <fuzzer/FuzzedDataProvider.h>
+
+typedef boost::adjacency_list<
+    boost::vecS, boost::vecS, boost::directedS,
+    boost::property<boost::vertex_name_t, std::string>,
+    boost::property<boost::edge_weight_t, double>
+> Graph;
+
+using namespace boost;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    FuzzedDataProvider fdp(data, size);
+    try
+    {
+        Graph g;
+        boost::dynamic_properties dp(boost::ignore_other_properties);
+        std::stringstream input(fdp.ConsumeRemainingBytesAsString());
+        read_graphml(input, g, dp);
+        auto viter = make_iterator_range(vertices(g));
+#ifdef DEBUG
+        for (auto v : viter) {
+            std::cout << v << " ";
+        }
+#endif
+    } catch(...) {
+    }
+    return 0;
+}

projects/boost/boost_graph_graphviz_fuzzer.cc

@@ -0,0 +1,57 @@
+/* Copyright 2024 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+      http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// The ideal place for this fuzz target is the boost repository.
+#include <boost/graph/adjacency_list.hpp>
+#include <boost/graph/graphviz.hpp>
+#include <boost/property_map/dynamic_property_map.hpp>
+#include <boost/exception/exception.hpp>
+#include <boost/exception/diagnostic_information.hpp>
+#ifdef DEBUG
+#include <iostream>
+#endif
+#include <string>
+#include <fuzzer/FuzzedDataProvider.h>
+
+struct DotVertex {
+    std::string name;
+    std::string label;
+    int peripheries;
+};
+
+struct DotEdge {
+    std::string label;
+};
+
+typedef boost::adjacency_list<boost::vecS, boost::vecS, boost::directedS,
+        DotVertex, DotEdge> graph_t;
+
+using namespace boost;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    FuzzedDataProvider fdp(data, size);
+    try
+    {
+        graph_t graphviz;
+        boost::dynamic_properties dp(boost::ignore_other_properties);
+        dp.property("node_id", boost::get(&DotVertex::name, graphviz));
+        read_graphviz(fdp.ConsumeRemainingBytesAsString(), graphviz, dp);
+        auto viter = make_iterator_range(vertices(graphviz));
+#ifdef DEBUG
+        for (auto v : viter) {
+            std::cout << v << " ";
+        }
+#endif
+    } catch(...) {
+    }
+    return 0;
+}

projects/boost/boost_programoptions_fuzzer.cc

@@ -0,0 +1,81 @@
+/* Copyright 2024 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+      http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// The ideal place for this fuzz target is the boost repository.
+#include <boost/program_options.hpp>
+namespace po = boost::program_options;
+
+#include <sstream>
+#include <fuzzer/FuzzedDataProvider.h>
+
+using namespace std;
+
+po::options_description set_options()
+{
+    po::options_description opts;
+    opts.add_options()
+        ("global_string", po::value<string>())
+
+        ("strings.word", po::value<string>())
+        ("strings.phrase", po::value<string>())
+        ("strings.quoted", po::value<string>())
+
+        ("ints.positive", po::value<int>())
+        ("ints.negative", po::value<int>())
+        ("ints.hex", po::value<int>())
+        ("ints.oct", po::value<int>())
+        ("ints.bin", po::value<int>())
+
+        ("floats.positive", po::value<float>())
+        ("floats.negative", po::value<float>())
+        ("floats.double", po::value<double>())
+        ("floats.int", po::value<float>())
+        ("floats.int_dot", po::value<float>())
+        ("floats.dot", po::value<float>())
+        ("floats.exp_lower", po::value<float>())
+        ("floats.exp_upper", po::value<float>())
+        ("floats.exp_decimal", po::value<float>())
+        ("floats.exp_negative", po::value<float>())
+        ("floats.exp_negative_val", po::value<float>())
+        ("floats.exp_negative_negative_val", po::value<float>())
+
+        ("booleans.number_true", po::bool_switch())
+        ("booleans.number_false", po::bool_switch())
+        ("booleans.yn_true", po::bool_switch())
+        ("booleans.yn_false", po::bool_switch())
+        ("booleans.tf_true", po::bool_switch())
+        ("booleans.tf_false", po::bool_switch())
+        ("booleans.onoff_true", po::bool_switch())
+        ("booleans.onoff_false", po::bool_switch())
+        ("booleans.present_equal_true", po::bool_switch())
+       ("booleans.present_no_equal_true", po::bool_switch())
+       ;
+    return opts;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    try {
+        FuzzedDataProvider fdp(data, size);
+        auto opts = set_options();
+        po::variables_map vars;
+        stringstream st(fdp.ConsumeRemainingBytesAsString());
+
+        const bool ALLOW_UNREGISTERED = true;
+
+        po::parsed_options parsed = parse_config_file(st, opts, ALLOW_UNREGISTERED);
+        store(parsed, vars);
+        vector<string> unregistered = po::collect_unrecognized(parsed.options, po::exclude_positional);
+        notify(vars);
+    } catch(...) {
+    }
+    return 0;
+}

projects/boost/boost_regex_pattern_fuzzer.cc

@@ -0,0 +1,47 @@
+/* Copyright 2024 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+      http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+// The ideal place for this fuzz target is the boost repository.
+#include <boost/regex.hpp>
+#ifdef DEBUG
+#include <iostream>
+#endif
+#include <string>
+#include <vector>
+#include <fuzzer/FuzzedDataProvider.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+    FuzzedDataProvider fdp(Data, Size);
+    // Currently, we just consume all the fuzzed corpus into the regex pattern
+    std::string regex_string = fdp.ConsumeRemainingBytesAsString();
+    const uint8_t where_array[] = {0x48,0x48,0x48,0x48,0x48,0x48,0x48,0x48,0x48,0x48,0x48,0x48,0x48,0x48,0x48};
+    std::string random(where_array, where_array + sizeof(where_array)); 
+    std::string empty("");
+    std::string spaces("                         ");
+    try {
+        std::vector<std::string> wheres;
+        wheres.push_back(random);
+        wheres.push_back(empty);
+        wheres.push_back(spaces);
+        boost::regex e(regex_string);
+        // We're using multiple texts to be matched.
+#ifdef DEBUG
+        std::cout << "Regexp string: " << regex_string << "Size: " << regex_string.size() << std::endl;
+#endif
+
+        for (const auto& where : wheres) {
+            boost::match_results<std::string::const_iterator> what;
+            bool match = boost::regex_match(where, what, e, boost::match_default | boost::match_partial | boost::match_perl | boost::match_posix | boost::match_any);
+        }
+    } catch(...) {
+    }
+    return 0;
+}