From 36a6c45c525570687e5f4074abbdaac42d3ebe0d Mon Sep 17 00:00:00 2001 From: Adrian Taylor Date: Thu, 30 Jun 2022 18:38:42 -0700 Subject: [PATCH] Submit itoa and ryu. (#7928) * Submit itoa and ryu. These two libraries are used by serde_json which, in turn, is used as the standard JSON parser in various higher level projects. Both itoa and ryu contain unsafe code, which this fuzzes. * Update project.yaml * Update project.yaml * Update Dockerfile * Update Dockerfile * Rejigging ryu/itoa Dockerfiles. Previously I was following the example of image-png, but that appears not to be the modern standard. Now following the example of zip-rs instead. * Fix Dockerfile error * Further Dockerfile fix. Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com> --- projects/itoa/Dockerfile | 22 ++++++++++++++++++++++ projects/itoa/build.sh | 21 +++++++++++++++++++++ projects/itoa/project.yaml | 10 ++++++++++ projects/ryu/Dockerfile | 22 ++++++++++++++++++++++ projects/ryu/build.sh | 21 +++++++++++++++++++++ projects/ryu/project.yaml | 10 ++++++++++ 6 files changed, 106 insertions(+) create mode 100644 projects/itoa/Dockerfile create mode 100755 projects/itoa/build.sh create mode 100644 projects/itoa/project.yaml create mode 100644 projects/ryu/Dockerfile create mode 100755 projects/ryu/build.sh create mode 100644 projects/ryu/project.yaml diff --git a/projects/itoa/Dockerfile b/projects/itoa/Dockerfile new file mode 100644 index 000000000..dee3ddd47 --- /dev/null +++ b/projects/itoa/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder-rust + +RUN git clone --depth 1 https://github.com/dtolnay/itoa +WORKDIR $SRC + +COPY build.sh $SRC/ diff --git a/projects/itoa/build.sh b/projects/itoa/build.sh new file mode 100755 index 000000000..9fcf864ca --- /dev/null +++ b/projects/itoa/build.sh @@ -0,0 +1,21 @@ +#!/bin/bash -eu +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cd $SRC +cd itoa +cargo fuzz build -O +cp fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_itoa $OUT/ diff --git a/projects/itoa/project.yaml b/projects/itoa/project.yaml new file mode 100644 index 000000000..8a18b769e --- /dev/null +++ b/projects/itoa/project.yaml @@ -0,0 +1,10 @@ +homepage: "https://github.com/dtolnay/itoa" +primary_contact: "dtolnay@gmail.com" +main_repo: "https://github.com/dtolnay/itoa" +sanitizers: + - address +fuzzing_engines: + - libfuzzer +language: rust +auto_ccs: + - "adetaylor@chromium.org" diff --git a/projects/ryu/Dockerfile b/projects/ryu/Dockerfile new file mode 100644 index 000000000..64516ee8b --- /dev/null +++ b/projects/ryu/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder-rust + +RUN git clone --depth 1 https://github.com/dtolnay/ryu +WORKDIR $SRC + +COPY build.sh $SRC/ diff --git a/projects/ryu/build.sh b/projects/ryu/build.sh new file mode 100755 index 000000000..249719b46 --- /dev/null +++ b/projects/ryu/build.sh @@ -0,0 +1,21 @@ +#!/bin/bash -eu +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cd $SRC +cd ryu +cargo fuzz build -O +cp fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_ryu $OUT/ diff --git a/projects/ryu/project.yaml b/projects/ryu/project.yaml new file mode 100644 index 000000000..f4a1833ed --- /dev/null +++ b/projects/ryu/project.yaml @@ -0,0 +1,10 @@ +homepage: "https://github.com/dtolnay/ryu" +main_repo: "https://github.com/dtolnay/ryu" +primary_contact: "dtolnay@gmail.com" +sanitizers: + - address +fuzzing_engines: + - libfuzzer +language: rust +auto_ccs: + - "adetaylor@chromium.org"