From 31b00466ffc676d208c67426936a75a8d611103e Mon Sep 17 00:00:00 2001 From: Chris Wolfe Date: Thu, 1 Feb 2018 09:19:28 -0600 Subject: [PATCH] [json-c] Add project (#1123) * Add a fuzzer for json_tokener_parse_ex. detect_leaks=0 * remove comments, add email * remove options file * free the object; the fuzzer was responsible for the leak * remove control characters * make the dict match the fuzzer for the convention to load the dict * decl and use * fix signature, reinterpret * add hawicz's email --- projects/json-c/Dockerfile | 22 ++++++++++++++ projects/json-c/build.sh | 30 ++++++++++++++++++++ projects/json-c/project.yaml | 4 +++ projects/json-c/tokener_parse_ex_fuzzer.cc | 13 +++++++++ projects/json-c/tokener_parse_ex_fuzzer.dict | 18 ++++++++++++ 5 files changed, 87 insertions(+) create mode 100644 projects/json-c/Dockerfile create mode 100755 projects/json-c/build.sh create mode 100644 projects/json-c/project.yaml create mode 100644 projects/json-c/tokener_parse_ex_fuzzer.cc create mode 100644 projects/json-c/tokener_parse_ex_fuzzer.dict diff --git a/projects/json-c/Dockerfile b/projects/json-c/Dockerfile new file mode 100644 index 000000000..c63d6b7ab --- /dev/null +++ b/projects/json-c/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER chriswwolfe@gmail.com +RUN apt-get update && apt-get install -y make autoconf automake libtool +RUN git clone --depth 1 https://github.com/json-c/json-c.git json-c +WORKDIR json-c +COPY build.sh *.cc *.dict $SRC/ diff --git a/projects/json-c/build.sh b/projects/json-c/build.sh new file mode 100755 index 000000000..30c3f779e --- /dev/null +++ b/projects/json-c/build.sh @@ -0,0 +1,30 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +./autogen.sh +./configure --enable-static --disable-shared +make -j$(nproc) all +ar rc json_c.a *.o + +cp $SRC/*.dict $OUT/ + +for f in $SRC/*_fuzzer.cc; do + fuzzer=$(basename "$f" _fuzzer.cc) + $CXX $CXXFLAGS -std=c++11 -I$SRC/json-c \ + $SRC/${fuzzer}_fuzzer.cc -o $OUT/${fuzzer}_fuzzer \ + -lFuzzingEngine $SRC/json-c/json_c.a +done diff --git a/projects/json-c/project.yaml b/projects/json-c/project.yaml new file mode 100644 index 000000000..9c91993dd --- /dev/null +++ b/projects/json-c/project.yaml @@ -0,0 +1,4 @@ +homepage: "https://json-c.github.io/json-c/" +primary_contact: "erh+git@nimenees.com" +auto_ccs: + - "chriswwolfe@gmail.com" diff --git a/projects/json-c/tokener_parse_ex_fuzzer.cc b/projects/json-c/tokener_parse_ex_fuzzer.cc new file mode 100644 index 000000000..c0a1c3d84 --- /dev/null +++ b/projects/json-c/tokener_parse_ex_fuzzer.cc @@ -0,0 +1,13 @@ +#include + +#include + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + const char *data1 = reinterpret_cast(data); + json_tokener *tok = json_tokener_new(); + json_object *obj = json_tokener_parse_ex(tok, data1, size); + + json_object_put(obj); + json_tokener_free(tok); + return 0; +} diff --git a/projects/json-c/tokener_parse_ex_fuzzer.dict b/projects/json-c/tokener_parse_ex_fuzzer.dict new file mode 100644 index 000000000..23c6fa2c1 --- /dev/null +++ b/projects/json-c/tokener_parse_ex_fuzzer.dict @@ -0,0 +1,18 @@ +"{" +"}" +"," +"[" +"]" +"," +":" +"e" +"e+" +"e-" +"E" +"E+" +"E-" +"\"" +"null" +"1" +"1.234" +"3e4"