From 0248ec7d050fcb625af410064d294752ec2b964b Mon Sep 17 00:00:00 2001
From: madamantis-leviathan
 <94181631+madamantis-leviathan@users.noreply.github.com>
Date: Mon, 27 Feb 2023 15:55:02 +0100
Subject: [PATCH] libdwarf: switch to fuzzers and corpora maintained by the
 project owner (#9786)

This pull request updates the Dockerfile and the build script to use the
new [fuzzers](https://github.com/davea42/libdwarf-code/tree/master/fuzz)
and [corpora](https://github.com/davea42/libdwarf-binary-samples)
maintained by the owner of libdwarf-code.

---------

Co-authored-by: Maksym Adamantis <maksym.adamantis@leviathan.corp-partner.google.com>
---
 projects/libdwarf/Dockerfile         |  7 ++--
 projects/libdwarf/build.sh           | 45 ++++++++++++++--------
 projects/libdwarf/fuzz_init_binary.c | 57 ----------------------------
 projects/libdwarf/fuzz_init_path.c   | 51 -------------------------
 projects/libdwarf/project.yaml       |  2 +-
 5 files changed, 33 insertions(+), 129 deletions(-)
 delete mode 100644 projects/libdwarf/fuzz_init_binary.c
 delete mode 100644 projects/libdwarf/fuzz_init_path.c

diff --git a/projects/libdwarf/Dockerfile b/projects/libdwarf/Dockerfile
index 6cd5a0b69..1424caae0 100644
--- a/projects/libdwarf/Dockerfile
+++ b/projects/libdwarf/Dockerfile
@@ -15,9 +15,8 @@
 ################################################################################
 
 FROM gcr.io/oss-fuzz-base/base-builder
-RUN apt-get update && apt-get install -y make autoconf automake libtool zlib1g-dev
-RUN git clone --depth 1 https://github.com/davea42/libdwarf-code libdwarf
-RUN git clone --depth=1 https://github.com/DavidKorczynski/binary-samples $SRC/binary-samples
+RUN apt-get -qq update && apt-get install -qq -y make autoconf automake libtool zlib1g-dev
+RUN git clone --depth=1 https://github.com/davea42/libdwarf-code $SRC/libdwarf
+RUN git clone --depth=1 https://github.com/davea42/libdwarf-binary-samples $SRC/libdwarf-binary-samples
 WORKDIR libdwarf
 COPY build.sh $SRC/
-COPY fuzz*.c $SRC/
diff --git a/projects/libdwarf/build.sh b/projects/libdwarf/build.sh
index d542abb5a..74ed83bc3 100755
--- a/projects/libdwarf/build.sh
+++ b/projects/libdwarf/build.sh
@@ -15,26 +15,39 @@
 #
 ################################################################################
 
-export CFLAGS="${CFLAGS} -g -Werror"
-export CXXFLAGS="${CXXFLAGS} -g -Werror"
+# Build corpus for fuzzing
+export BINARY_SAMPLES_DIR="$SRC/libdwarf-binary-samples"
+export BINARY_SAMPLES_V1="$BINARY_SAMPLES_DIR/binary-samples"
+export BINARY_SAMPLES_V2="$BINARY_SAMPLES_DIR/binary-samples-v2"
+export FUZZER_DIR="$SRC/libdwarf/fuzz"
 
+mkdir $SRC/corp
+cp $BINARY_SAMPLES_V1/elf* $SRC/corp
+cp $BINARY_SAMPLES_V1/Mach* $SRC/corp
+cp $BINARY_SAMPLES_V1/pe* $SRC/corp
+cp $BINARY_SAMPLES_V1/lib* $SRC/corp
+for file in $BINARY_SAMPLES_V2/{linux,windows}/*_DWARF*/* $BINARY_SAMPLES_V2/macOS-arm/*/*; do 
+ export newfile=$(echo $file | sed 's/ /_/g')
+ # e.g. cp "..." /out/windows_gcc11_DWARF2_cross-platform.exe
+ cp "$file" $SRC/corp/$(echo "$newfile" | cut -d/ -f5,6 | sed 's/\//_/g')_$(basename "$newfile")
+done
+
+zip -r -j $OUT/fuzz_seed_corpus.zip $SRC/corp
+for fuzzFile in $FUZZER_DIR/fuzz*.c; do
+  fuzzName=$(basename "$fuzzFile" '.c')
+  cp $OUT/fuzz_seed_corpus.zip $OUT/${fuzzName}_seed_corpus.zip
+done
+rm $OUT/fuzz_seed_corpus.zip
+
+
+# Build fuzzers
 mkdir build
 cd build
 cmake ../
 make
 
-# Build corpus for fuzzing
-mkdir $SRC/corp
-cp $SRC/binary-samples/elf* $SRC/corp
-cp $SRC/binary-samples/Mach* $SRC/corp
-cp $SRC/binary-samples/pe* $SRC/corp
-cp $SRC/binary-samples/lib* $SRC/corp
-
-zip -r -j $OUT/fuzz_init_path_seed_corpus.zip $SRC/corp
-cp $OUT/fuzz_init_path_seed_corpus.zip $OUT/fuzz_init_binary_seed_corpus.zip
-
-for fuzzName in init_path init_binary; do
-  $CC $CFLAGS -I../src/lib/libdwarf/ $SRC/fuzz_${fuzzName}.c -c
-  $CXX $CXXFLAGS $LIB_FUZZING_ENGINE -o $OUT/fuzz_${fuzzName} fuzz_${fuzzName}.o \
-    ./src/lib/libdwarf/libdwarf.a -lz
+for fuzzFile in $FUZZER_DIR/fuzz*.c; do
+  fuzzName=$(basename "$fuzzFile" '.c')
+  $CC $CFLAGS $LIB_FUZZING_ENGINE -I../src/lib/libdwarf/ \
+    "$FUZZER_DIR/${fuzzName}.c" -o "$OUT/${fuzzName}" ./src/lib/libdwarf/libdwarf.a -lz
 done
diff --git a/projects/libdwarf/fuzz_init_binary.c b/projects/libdwarf/fuzz_init_binary.c
deleted file mode 100644
index 0ab6491fd..000000000
--- a/projects/libdwarf/fuzz_init_binary.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/* Copyright 2021 Google LLC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-      http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <unistd.h>
-
-/*
- * Libdwarf library callers can only use these headers.
- */
-#include "dwarf.h"
-#include "libdwarf.h"
-
-/*
- * A fuzzer that simulates a small part of the simplereader.c example.
- * This fuzzer targets dwarf_init_b.
- */
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-  char filename[256];
-  sprintf(filename, "/tmp/libfuzzer.%d", getpid());
-
-  FILE *fp = fopen(filename, "wb");
-  if (!fp) {
-    return 0;
-  }
-  fwrite(data, size, 1, fp);
-  fclose(fp);
-
-  int my_init_fd = 0;
-  Dwarf_Ptr errarg = 0;
-  Dwarf_Handler errhand = 0;
-  Dwarf_Error *errp = NULL;
-  Dwarf_Debug dbg = 0;
-
-  my_init_fd = open(filename, O_RDONLY);
-  if (my_init_fd != -1) {
-    dwarf_init_b(my_init_fd,DW_GROUPNUMBER_ANY,errhand,errarg,&dbg,errp);
-    dwarf_finish(dbg);
-    close(my_init_fd);
-  }
-
-  unlink(filename);
-  return 0;
-}
diff --git a/projects/libdwarf/fuzz_init_path.c b/projects/libdwarf/fuzz_init_path.c
deleted file mode 100644
index 2f72122d8..000000000
--- a/projects/libdwarf/fuzz_init_path.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/* Copyright 2021 Google LLC
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-      http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-/*
- * Libdwarf library callers can only use these headers.
- */
-#include "dwarf.h"
-#include "libdwarf.h"
-
-/*
- * A fuzzer that simulates a small part of the simplereader.c example.
- */
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-  char filename[256];
-  sprintf(filename, "/tmp/libfuzzer.%d", getpid());
-
-  FILE *fp = fopen(filename, "wb");
-  if (!fp) {
-    return 0;
-  }
-  fwrite(data, size, 1, fp);
-  fclose(fp);
-  Dwarf_Ptr errarg = 0;
-  Dwarf_Handler errhand = 0;
-  Dwarf_Debug dbg = 0;
-  Dwarf_Error *errp = NULL;
-#define MACHO_PATH_LEN 2000
-  char macho_real_path[2000];
-  dwarf_init_path(filename, macho_real_path, MACHO_PATH_LEN,
-                  DW_GROUPNUMBER_ANY, errhand, errarg, &dbg, errp);
-
-  dwarf_finish(dbg);
-
-  unlink(filename);
-  return 0;
-}
diff --git a/projects/libdwarf/project.yaml b/projects/libdwarf/project.yaml
index 6f055ea52..6b99eb8aa 100644
--- a/projects/libdwarf/project.yaml
+++ b/projects/libdwarf/project.yaml
@@ -8,4 +8,4 @@ fuzzing_engines:
  - afl
  - honggfuzz
  - libfuzzer
- - centipede
+