[libpng] Add PNG_CLEANUP to libpng target, don't build libpng tools (#772)

* Identify clone * Add PNG_CLEANUP macro * Dockerfile: changed MAINTAINER to glennrp * build.sh: suppress libpng WARNING; only "make libpng.la" instead of "make all" * NOTES.glennrp.txt: Initial commit * Mention PNG_CLEANUP macro * .... * .... * .... * .... * .... * .... * .... * Added "#include <string.h>" for memcpy * Disable WRITE support in libpng build, don't build standalone libpng tools * .... * Restore README.md and remove NOTES.glennrp.txt
2017-08-14 10:24:05 -04:00 · 2017-08-14 10:24:05 -04:00 · 044e550b2e
parent c94d5e44a3
commit 044e550b2e
3 changed files with 18 additions and 8 deletions
--- a/projects/libpng/Dockerfile
+++ b/projects/libpng/Dockerfile
@ -15,7 +15,7 @@
 ################################################################################

 FROM gcr.io/oss-fuzz-base/base-builder
-MAINTAINER mmoroz@chromium.org
+MAINTAINER glennrp@gmail.com
 RUN apt-get update && apt-get install -y make autoconf automake libtool zlib1g-dev

 RUN git clone --depth 1 https://github.com/glennrp/libpng.git
--- a/projects/libpng/build.sh
+++ b/projects/libpng/build.sh
@ -16,7 +16,10 @@
 ################################################################################

 # Disable logging via library build configuration control.
-cat scripts/pnglibconf.dfa | sed -e "s/option STDIO/option STDIO disabled/" \
+cat scripts/pnglibconf.dfa | \
+  sed -e "s/option STDIO/option STDIO disabled/" \
+      -e "s/option WARNING /option WARNING disabled/" \
+      -e "s/option WRITE enables WRITE_INT_FUNCTIONS/option WRITE disabled/" \
 > scripts/pnglibconf.dfa.temp
 mv scripts/pnglibconf.dfa.temp scripts/pnglibconf.dfa

@ -24,14 +27,14 @@ mv scripts/pnglibconf.dfa.temp scripts/pnglibconf.dfa
 autoreconf -f -i
 ./configure
 make -j$(nproc) clean
-make -j$(nproc) all
+make -j$(nproc) libpng16.la

 # build libpng_read_fuzzer.
-$CXX $CXXFLAGS -std=c++11 -I. -lz \
+$CXX $CXXFLAGS -std=c++11 -I. \
     $SRC/libpng_read_fuzzer.cc -o $OUT/libpng_read_fuzzer \
-     -lFuzzingEngine .libs/libpng16.a
+     -lFuzzingEngine .libs/libpng16.a -lz

 # add seed corpus.
-find $SRC/libpng -name "*.png" | xargs zip $OUT/libpng_read_fuzzer_seed_corpus.zip
+find $SRC/libpng/contrib/pngsuite -name "*.png" | xargs zip $OUT/libpng_read_fuzzer_seed_corpus.zip

 cp $SRC/*.dict $SRC/*.options $OUT/
--- a/projects/libpng/libpng_read_fuzzer.cc
+++ b/projects/libpng/libpng_read_fuzzer.cc
@ -4,12 +4,17 @@

 #include <stddef.h>
 #include <stdint.h>
+#include <string.h>

 #include <vector>

 #define PNG_INTERNAL
 #include "png.h"

+#define PNG_CLEANUP \
+    png_destroy_read_struct(&png_handler.png_ptr, &png_handler.info_ptr,\
+      nullptr);
+
 struct BufState {
  const uint8_t* data;
  size_t bytes_left;
@ -79,8 +84,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  png_set_read_fn(png_handler.png_ptr, png_handler.buf_state, user_read_data);
  png_set_sig_bytes(png_handler.png_ptr, kPngHeaderSize);

-  // libpng error handling.
  if (setjmp(png_jmpbuf(png_handler.png_ptr))) {
+    PNG_CLEANUP
    return 0;
  }

@ -92,6 +97,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

  // reset error handler to put png_deleter into scope.
  if (setjmp(png_jmpbuf(png_handler.png_ptr))) {
+    PNG_CLEANUP
    return 0;
  }

@ -115,9 +121,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  for (int pass = 0; pass < passes; ++pass) {
    for (png_uint_32 y = 0; y < height; ++y) {
      png_read_row(png_handler.png_ptr,
-                   static_cast<png_bytep>(png_handler.row_ptr), NULL);
+                   static_cast<png_bytep>(png_handler.row_ptr), nullptr);
    }
  }

+  PNG_CLEANUP
  return 0;
 }