Merge pull request #1247 from jluebbe/fuzzing

prepare fuzzing build configuration for oss-fuzz
rauc · Sep 12, 2023 · 45e4810 · 45e4810
2 parents 53f4dfc + be5c14e
commit 45e4810
Show file tree

Hide file tree

Showing 3 changed files with 127 additions and 6 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -22,7 +22,7 @@ jobs:
     - name: Test with service and gpt
       run: |
         rm -rf build/
-        meson setup -Dservice=true -Dgpt=enabled -Dfuzz=true -Db_coverage=true -Dwerror=true build
+        meson setup -Dservice=true -Dgpt=enabled -Db_coverage=true -Dwerror=true build
         meson configure build
         meson compile -C build
         ./qemu-test
@@ -37,6 +37,14 @@ jobs:
         ./qemu-test
         lcov --directory . --capture --output-file "noservice.info"
 
+    - name: Test fuzzers
+      run: |
+        rm -rf build/
+        meson setup -Dservice=false -Dwerror=true -Dfuzzing=true -Db_lundef=false -Db_sanitize=address build
+        meson configure build
+        meson compile -C build
+        meson test -C build --suite rauc:fuzzing
+        
     - uses: codecov/codecov-action@v3
       with:
         files: service.info,noservice.info

diff --git a/fuzz/localfuzzer.c b/fuzz/localfuzzer.c
@@ -0,0 +1,78 @@
+/* GStreamer
+ * Copyright (C) 2017 Edward Hervey <bilboed@bilboed.com>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ */
+
+/* Local fuzzer runner */
+#include <glib.h>
+
+extern int LLVMFuzzerTestOneInput(const guint8 * data, size_t size);
+
+static void
+test_file(gchar * filename)
+{
+	GDir *dir;
+	gchar *path;
+	gchar *contents;
+	gsize length;
+
+	/* if filename is a directory, process the contents */
+	if ((dir = g_dir_open(filename, 0, NULL))) {
+		const gchar *entry;
+
+		while ((entry = g_dir_read_name(dir))) {
+			gchar *spath;
+
+			spath = g_strconcat(filename, G_DIR_SEPARATOR_S, entry, NULL);
+			test_file(spath);
+			g_free(spath);
+		}
+
+		g_dir_close(dir);
+		return;
+	}
+
+	/* Make sure path is absolute */
+	if (!g_path_is_absolute(filename)) {
+		gchar *curdir;
+
+		curdir = g_get_current_dir();
+		path = g_build_filename(curdir, filename, NULL);
+		g_free(curdir);
+	} else
+		path = g_strdup(filename);
+
+	/* Check if path exists */
+	if (g_file_get_contents(path, &contents, &length, NULL)) {
+		g_print(">>> %s (%" G_GSIZE_FORMAT " bytes)\n", path, length);
+		LLVMFuzzerTestOneInput((const guint8 *) contents, length);
+		g_free(contents);
+	}
+
+	g_free(path);
+}
+
+int
+main(int argc, gchar ** argv)
+{
+	gint i;
+
+	for (i = 1; i < argc; i++)
+		test_file(argv[i]);
+
+	return 0;
+}
diff --git a/fuzz/meson.build b/fuzz/meson.build
@@ -7,16 +7,51 @@ fuzzers = [
   'bundle',
 ]
 
-fuzzer_c_args = cc.get_supported_arguments('-Wno-missing-prototypes')
+fuzzer_c_args = [cc.get_supported_arguments('-Wno-missing-prototypes', '-Wno-unused-result')]
+fuzzer_link_args = []
+fuzzer_extra_sources = []
+
+have_cxx = add_languages('cpp', required : true)
+cxx = meson.get_compiler('cpp')
+fuzzing_engine = cxx.find_library('FuzzingEngine', required: false)
+fuzzer_as_test = false
+if not fuzzing_engine.found()
+  if cxx.has_argument('-fsanitize=fuzzer')
+    # clang has a built-in fuzzer
+    fuzzer_c_args += '-fsanitize=fuzzer'
+    fuzzer_link_args += '-fsanitize=fuzzer'
+  else
+    # otherwise we need to link our own
+    fuzzer_extra_sources += 'localfuzzer.c'
+    fuzzer_as_test = true
+  endif
+endif
 
 foreach fuzzer_name : fuzzers
   exe = executable(
     fuzzer_name + '_fuzzer',
     fuzzer_name + '.c',
-    extra_test_sources,
-    c_args : ['-fsanitize=fuzzer,address'] + fuzzer_c_args,
-    link_args : ['-fsanitize=fuzzer,address'],
+    fuzzer_extra_sources,
+    c_args : fuzzer_c_args,
+    link_args : fuzzer_link_args,
     link_with : librauc,
     include_directories : incdir,
-    dependencies : rauc_deps)
+    dependencies : [rauc_deps, fuzzing_engine])
+
+  if fuzzer_as_test
+    test(
+      fuzzer_name + '_fuzzer',
+      exe,
+      args : files('manifest_fuzzer.dict'), # just to have some input
+      suite : 'fuzzing',
+    )
+  endif
 endforeach
+
+summary({
+  'cpp compiler': cxx.get_id(),
+  'fuzzer_c_args' : fuzzer_c_args,
+  'fuzzer_link_args' : fuzzer_link_args,
+  'fuzzer_extra_sources' : fuzzer_extra_sources,
+  'fuzzer_as_test' : fuzzer_as_test,
+}, section: 'Fuzzing')