From 07fbdfb29b1d0cd345674e4690260c712f1e491c Mon Sep 17 00:00:00 2001 From: Ravi Jotwani Date: Fri, 10 Jul 2020 19:26:12 -0700 Subject: [PATCH] [lcms] Add new fuzzer (#4109) * added new cms_transform_fuzzer, getting code instrumentation error * build working, renamed new fuzzer --- projects/lcms/Dockerfile | 2 +- projects/lcms/build.sh | 2 +- .../lcms/cms_overwrite_transform_fuzzer.c | 39 +++++++++++++++++++ .../cms_overwrite_transform_fuzzer.options | 2 + 4 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 projects/lcms/cms_overwrite_transform_fuzzer.c create mode 100644 projects/lcms/cms_overwrite_transform_fuzzer.options diff --git a/projects/lcms/Dockerfile b/projects/lcms/Dockerfile index 4b954fe8a..ed6532851 100644 --- a/projects/lcms/Dockerfile +++ b/projects/lcms/Dockerfile @@ -18,4 +18,4 @@ FROM gcr.io/oss-fuzz-base/base-builder RUN apt-get update && apt-get install -y make autoconf automake libtool RUN git clone --depth 1 https://github.com/mm2/Little-CMS.git lcms WORKDIR lcms -COPY build.sh cmsIT8_load_fuzzer.* cms_transform_fuzzer.* icc.dict $SRC/ +COPY build.sh cmsIT8_load_fuzzer.* cms_transform_fuzzer.* cms_overwrite_transform_fuzzer.* icc.dict $SRC/ diff --git a/projects/lcms/build.sh b/projects/lcms/build.sh index 4015b1ba1..9a79b2cee 100755 --- a/projects/lcms/build.sh +++ b/projects/lcms/build.sh @@ -20,7 +20,7 @@ make -j$(nproc) all # build your fuzzer(s) -FUZZERS="cmsIT8_load_fuzzer cms_transform_fuzzer" +FUZZERS="cmsIT8_load_fuzzer cms_transform_fuzzer cms_overwrite_transform_fuzzer" for F in $FUZZERS; do $CC $CFLAGS -c -Iinclude \ $SRC/$F.c -o $SRC/$F.o diff --git a/projects/lcms/cms_overwrite_transform_fuzzer.c b/projects/lcms/cms_overwrite_transform_fuzzer.c new file mode 100644 index 000000000..df077ee26 --- /dev/null +++ b/projects/lcms/cms_overwrite_transform_fuzzer.c @@ -0,0 +1,39 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include +#include "lcms2.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size < 2) { + return 0; + } + + size_t mid = size / 2; + + cmsHPROFILE hInProfile, hOutProfile; + cmsHTRANSFORM hTransform; + + hInProfile = cmsOpenProfileFromMem(data, mid); + hOutProfile = cmsOpenProfileFromMem(data + mid, size - mid); + hTransform = cmsCreateTransform(hInProfile, TYPE_BGR_8, hOutProfile, + TYPE_BGR_8, INTENT_PERCEPTUAL, 0); + cmsCloseProfile(hInProfile); + cmsCloseProfile(hOutProfile); + + if (hTransform) { + cmsDeleteTransform(hTransform); + } + return 0; +} diff --git a/projects/lcms/cms_overwrite_transform_fuzzer.options b/projects/lcms/cms_overwrite_transform_fuzzer.options new file mode 100644 index 000000000..beabdc2bd --- /dev/null +++ b/projects/lcms/cms_overwrite_transform_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = icc.dict