From 044e550b2e5a079933a6b0f020b4d0e6af9485a8 Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Mon, 14 Aug 2017 10:24:05 -0400 Subject: [PATCH] [libpng] Add PNG_CLEANUP to libpng target, don't build libpng tools (#772) * Identify clone * Add PNG_CLEANUP macro * Dockerfile: changed MAINTAINER to glennrp * build.sh: suppress libpng WARNING; only "make libpng.la" instead of "make all" * NOTES.glennrp.txt: Initial commit * Mention PNG_CLEANUP macro * .... * .... * .... * .... * .... * .... * .... * Added "#include " for memcpy * Disable WRITE support in libpng build, don't build standalone libpng tools * .... * Restore README.md and remove NOTES.glennrp.txt --- projects/libpng/Dockerfile | 2 +- projects/libpng/build.sh | 13 ++++++++----- projects/libpng/libpng_read_fuzzer.cc | 11 +++++++++-- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/projects/libpng/Dockerfile b/projects/libpng/Dockerfile index 796b05b8b..1b132dead 100644 --- a/projects/libpng/Dockerfile +++ b/projects/libpng/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -MAINTAINER mmoroz@chromium.org +MAINTAINER glennrp@gmail.com RUN apt-get update && apt-get install -y make autoconf automake libtool zlib1g-dev RUN git clone --depth 1 https://github.com/glennrp/libpng.git diff --git a/projects/libpng/build.sh b/projects/libpng/build.sh index 7a80da597..acc3778fb 100755 --- a/projects/libpng/build.sh +++ b/projects/libpng/build.sh @@ -16,7 +16,10 @@ ################################################################################ # Disable logging via library build configuration control. -cat scripts/pnglibconf.dfa | sed -e "s/option STDIO/option STDIO disabled/" \ +cat scripts/pnglibconf.dfa | \ + sed -e "s/option STDIO/option STDIO disabled/" \ + -e "s/option WARNING /option WARNING disabled/" \ + -e "s/option WRITE enables WRITE_INT_FUNCTIONS/option WRITE disabled/" \ > scripts/pnglibconf.dfa.temp mv scripts/pnglibconf.dfa.temp scripts/pnglibconf.dfa @@ -24,14 +27,14 @@ mv scripts/pnglibconf.dfa.temp scripts/pnglibconf.dfa autoreconf -f -i ./configure make -j$(nproc) clean -make -j$(nproc) all +make -j$(nproc) libpng16.la # build libpng_read_fuzzer. -$CXX $CXXFLAGS -std=c++11 -I. -lz \ +$CXX $CXXFLAGS -std=c++11 -I. \ $SRC/libpng_read_fuzzer.cc -o $OUT/libpng_read_fuzzer \ - -lFuzzingEngine .libs/libpng16.a + -lFuzzingEngine .libs/libpng16.a -lz # add seed corpus. -find $SRC/libpng -name "*.png" | xargs zip $OUT/libpng_read_fuzzer_seed_corpus.zip +find $SRC/libpng/contrib/pngsuite -name "*.png" | xargs zip $OUT/libpng_read_fuzzer_seed_corpus.zip cp $SRC/*.dict $SRC/*.options $OUT/ diff --git a/projects/libpng/libpng_read_fuzzer.cc b/projects/libpng/libpng_read_fuzzer.cc index ca489b090..2b39202a0 100644 --- a/projects/libpng/libpng_read_fuzzer.cc +++ b/projects/libpng/libpng_read_fuzzer.cc @@ -4,12 +4,17 @@ #include #include +#include #include #define PNG_INTERNAL #include "png.h" +#define PNG_CLEANUP \ + png_destroy_read_struct(&png_handler.png_ptr, &png_handler.info_ptr,\ + nullptr); + struct BufState { const uint8_t* data; size_t bytes_left; @@ -79,8 +84,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { png_set_read_fn(png_handler.png_ptr, png_handler.buf_state, user_read_data); png_set_sig_bytes(png_handler.png_ptr, kPngHeaderSize); - // libpng error handling. if (setjmp(png_jmpbuf(png_handler.png_ptr))) { + PNG_CLEANUP return 0; } @@ -92,6 +97,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // reset error handler to put png_deleter into scope. if (setjmp(png_jmpbuf(png_handler.png_ptr))) { + PNG_CLEANUP return 0; } @@ -115,9 +121,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { for (int pass = 0; pass < passes; ++pass) { for (png_uint_32 y = 0; y < height; ++y) { png_read_row(png_handler.png_ptr, - static_cast(png_handler.row_ptr), NULL); + static_cast(png_handler.row_ptr), nullptr); } } + PNG_CLEANUP return 0; }