diff --git a/libxml2/Dockerfile b/libxml2/Dockerfile new file mode 100644 index 000000000..766db699b --- /dev/null +++ b/libxml2/Dockerfile @@ -0,0 +1,21 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER ochang@chromium.org +RUN apt-get install -y make autoconf automake libtool + +CMD /src/oss-fuzz/libxml2/build.sh diff --git a/libxml2/Jenkinsfile b/libxml2/Jenkinsfile new file mode 100644 index 000000000..832b0e7b3 --- /dev/null +++ b/libxml2/Jenkinsfile @@ -0,0 +1,22 @@ +// Copyright 2016 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +def libfuzzerBuild = fileLoader.fromGit('infra/libfuzzer-pipeline.groovy', + 'https://github.com/google/oss-fuzz.git', 'master', null, '') + +libfuzzerBuild { + git = "git://git.gnome.org/libxml2" +} diff --git a/libxml2/build.sh b/libxml2/build.sh new file mode 100755 index 000000000..2867f9775 --- /dev/null +++ b/libxml2/build.sh @@ -0,0 +1,11 @@ +#!/bin/bash -eu +cd /src/libxml2 + +./configure +make clean all + +for fuzzer in libxml2_xml_read_memory_fuzzer libxml2_xml_regexp_compile_fuzzer; do + $CXX $CXXFLAGS -std=c++11 -Iinclude/ \ + /src/oss-fuzz/libxml2/$fuzzer.cc -o /out/$fuzzer \ + /work/libfuzzer/*.o .libs/libxml2.a $LDFLAGS +done diff --git a/libxml2/libxml2_xml_read_memory_fuzzer.cc b/libxml2/libxml2_xml_read_memory_fuzzer.cc new file mode 100644 index 000000000..464a6e95d --- /dev/null +++ b/libxml2/libxml2_xml_read_memory_fuzzer.cc @@ -0,0 +1,23 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include "libxml/parser.h" + +void ignore (void* ctx, const char* msg, ...) { + // Error handler to avoid spam of error messages from libxml parser. +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + xmlSetGenericErrorFunc(NULL, &ignore); + + if (auto doc = xmlReadMemory(reinterpret_cast(data), + static_cast(size), "noname.xml", NULL, 0)) { + xmlFreeDoc(doc); + } + + return 0; +} diff --git a/libxml2/libxml2_xml_read_memory_fuzzer.options b/libxml2/libxml2_xml_read_memory_fuzzer.options new file mode 100644 index 000000000..6335e163b --- /dev/null +++ b/libxml2/libxml2_xml_read_memory_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = xml.dict diff --git a/libxml2/libxml2_xml_regexp_compile_fuzzer.cc b/libxml2/libxml2_xml_regexp_compile_fuzzer.cc new file mode 100644 index 000000000..65aba2962 --- /dev/null +++ b/libxml2/libxml2_xml_regexp_compile_fuzzer.cc @@ -0,0 +1,34 @@ +// Copyright 2016 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include + +#include +#include +#include + +#include "libxml/parser.h" +#include "libxml/tree.h" +#include "libxml/xmlversion.h" + + +void ignore (void * ctx, const char * msg, ...) { + // Error handler to avoid spam of error messages from libxml parser. +} + + +// Entry point for LibFuzzer. +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + xmlSetGenericErrorFunc(NULL, &ignore); + + std::vector buffer(size + 1, 0); + std::copy(data, data + size, buffer.data()); + + xmlRegexpPtr x = xmlRegexpCompile(buffer.data()); + if (x) + xmlRegFreeRegexp(x); + + return 0; +} diff --git a/libxml2/libxml2_xml_regexp_compile_fuzzer.options b/libxml2/libxml2_xml_regexp_compile_fuzzer.options new file mode 100644 index 000000000..6335e163b --- /dev/null +++ b/libxml2/libxml2_xml_regexp_compile_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = xml.dict diff --git a/libxml2/xml.dict b/libxml2/xml.dict new file mode 100644 index 000000000..4ffa6c80b --- /dev/null +++ b/libxml2/xml.dict @@ -0,0 +1,87 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +# +# AFL dictionary for XML +# ---------------------- +# +# Several basic syntax elements and attributes, modeled on libxml2. +# +# Created by Michal Zalewski +# + +attr_encoding=" encoding=\"1\"" +attr_generic=" a=\"1\"" +attr_href=" href=\"1\"" +attr_standalone=" standalone=\"no\"" +attr_version=" version=\"1\"" +attr_xml_base=" xml:base=\"1\"" +attr_xml_id=" xml:id=\"1\"" +attr_xml_lang=" xml:lang=\"1\"" +attr_xml_space=" xml:space=\"1\"" +attr_xmlns=" xmlns=\"1\"" + +entity_builtin="<" +entity_decimal="" +entity_external="&a;" +entity_hex="" + +string_any="ANY" +string_brackets="[]" +string_cdata="CDATA" +string_col_fallback=":fallback" +string_col_generic=":a" +string_col_include=":include" +string_dashes="--" +string_empty="EMPTY" +string_empty_dblquotes="\"\"" +string_empty_quotes="''" +string_entities="ENTITIES" +string_entity="ENTITY" +string_fixed="#FIXED" +string_id="ID" +string_idref="IDREF" +string_idrefs="IDREFS" +string_implied="#IMPLIED" +string_nmtoken="NMTOKEN" +string_nmtokens="NMTOKENS" +string_notation="NOTATION" +string_parentheses="()" +string_pcdata="#PCDATA" +string_percent="%a" +string_public="PUBLIC" +string_required="#REQUIRED" +string_schema=":schema" +string_system="SYSTEM" +string_ucs4="UCS-4" +string_utf16="UTF-16" +string_utf8="UTF-8" +string_xmlns="xmlns:" + +tag_attlist="" +tag_doctype="" +tag_open_close="" +tag_open_exclamation="" +tag_xml_q=""