oss-fuzz/projects/bad_example/bad_example_fuzzer.cc

// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
/* Copyright 2022 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#include <stddef.h>
#include <stdint.h>
#include <string.h>

#include <signal.h>
#include <unistd.h>

#include "zlib.h"

static Bytef buffer[256 * 1024] = { 0 };


#ifdef INTENTIONAL_STARTUP_CRASH
void bad_term_handler(int signum) {
  _exit(0);
}
#endif

// Entry point for LibFuzzer.
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
#ifdef INTENTIONAL_STARTUP_CRASH
  // Simulates the worst case, fuzz target silently dies without any error.
  struct sigaction action = { 0 };
  action.sa_handler = bad_term_handler;
  sigaction(SIGTERM, &action, NULL);

  // Cannot call _exit(0) directly, as it's even worse -- sancov does not print
  // any coverage information in that case.
  kill(getpid(), SIGTERM);
#endif

  uLongf buffer_length = static_cast<uLongf>(sizeof(buffer));
  if (Z_OK != uncompress(buffer, &buffer_length, data,
                         static_cast<uLong>(size))) {
    return 0;
  }
  return 0;
}
[infra] Add post build checks for catching and reporting bad builds + add test projects. (#754) * [WIP] Add post build checks for catching and reporting bad builds + test projects. * Move all type of issues into a single project. Tested all sanitizers. * First version of the script for performing bad build checks. Still not ready to commit.\ * Added a valid example that should pass all the checks + fixed instrumentation check. * Use SIGTERM and the handler calling _exit(0) for the startup crash case. * Small fixes. * Ignore startup_crash check_for fuzzing engines other than libFuzzer. * Use "local" for local variables in the script, fix container name. * Add COPY step for bad_build_check into base-runner Dockerfile. * Make bad_build_check temporary noop unless EXPERIMENTAL_BAD_BUILD_CHECK is set to 1. * Temporary remove test binaries step. * Remove empty line. * Remove unnecessary env variable. 2017-08-08 17:54:53 +00:00			`// Copyright 2017 The Chromium Authors. All rights reserved.`
			`// Use of this source code is governed by a BSD-style license that can be`
			`// found in the LICENSE file.`
bad_example: make fuzz-introspector work and fix build (#7706) * bad_example: make fuzz-introspector work and fix build Makes fuzz-introspector work with the bad_example project. This was brought up as an issue on the fuzz-introspector repo. Ref: https://github.com/ossf/fuzz-introspector/issues/257 * Add license to satisfy OSS-Fuzz * add license to build.sh 2022-05-19 09:12:54 +00:00			`/* Copyright 2022 Google LLC`
			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`
			`http://www.apache.org/licenses/LICENSE-2.0`
			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`
[infra] Add post build checks for catching and reporting bad builds + add test projects. (#754) * [WIP] Add post build checks for catching and reporting bad builds + test projects. * Move all type of issues into a single project. Tested all sanitizers. * First version of the script for performing bad build checks. Still not ready to commit.\ * Added a valid example that should pass all the checks + fixed instrumentation check. * Use SIGTERM and the handler calling _exit(0) for the startup crash case. * Small fixes. * Ignore startup_crash check_for fuzzing engines other than libFuzzer. * Use "local" for local variables in the script, fix container name. * Add COPY step for bad_build_check into base-runner Dockerfile. * Make bad_build_check temporary noop unless EXPERIMENTAL_BAD_BUILD_CHECK is set to 1. * Temporary remove test binaries step. * Remove empty line. * Remove unnecessary env variable. 2017-08-08 17:54:53 +00:00
			`#include <stddef.h>`
			`#include <stdint.h>`
			`#include <string.h>`

			`#include <signal.h>`
			`#include <unistd.h>`

			`#include "zlib.h"`

			`static Bytef buffer[256 * 1024] = { 0 };`


			`#ifdef INTENTIONAL_STARTUP_CRASH`
			`void bad_term_handler(int signum) {`
			`_exit(0);`
			`}`
			`#endif`

			`// Entry point for LibFuzzer.`
			`extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {`
			`#ifdef INTENTIONAL_STARTUP_CRASH`
			`// Simulates the worst case, fuzz target silently dies without any error.`
			`struct sigaction action = { 0 };`
			`action.sa_handler = bad_term_handler;`
			`sigaction(SIGTERM, &action, NULL);`

			`// Cannot call _exit(0) directly, as it's even worse -- sancov does not print`
			`// any coverage information in that case.`
			`kill(getpid(), SIGTERM);`
			`#endif`

			`uLongf buffer_length = static_cast<uLongf>(sizeof(buffer));`
			`if (Z_OK != uncompress(buffer, &buffer_length, data,`
			`static_cast<uLong>(size))) {`
			`return 0;`
			`}`
			`return 0;`
			`}`