mirror of https://github.com/google/oss-fuzz.git
Revise chewing fuzzer (#48)
1. Specify unique name for temp userdb. So we can run multiple fuzzers at the same time. 2. Reorganized as three fuzzers for different variants. So we can prioritize easily (default first, dynamic config last)
This commit is contained in:
parent
c55adb50d1
commit
56bfac7e42
|
@ -19,4 +19,4 @@ MAINTAINER kcwu@csie.org
|
|||
RUN apt-get install -y make autoconf automake libtool texinfo
|
||||
|
||||
RUN git clone https://github.com/chewing/libchewing.git
|
||||
COPY build.sh chewing_fuzzer.c /src/
|
||||
COPY build.sh chewing_fuzzer_common.[ch] chewing_*_fuzzer.c /src/
|
||||
|
|
|
@ -25,11 +25,13 @@ make clean all
|
|||
# build your fuzzer(s)
|
||||
make -C test CFLAGS="$CFLAGS -Dmain=stress_main -Drand=get_fuzz_input" stress.o
|
||||
|
||||
$CC $CFLAGS \
|
||||
-o /out/chewing_fuzzer \
|
||||
/src/chewing_fuzzer.c \
|
||||
for variant in default random_init dynamic_config; do
|
||||
$CC $CFLAGS \
|
||||
-o /out/chewing_${variant}_fuzzer \
|
||||
/src/chewing_${variant}_fuzzer.c /src/chewing_fuzzer_common.c \
|
||||
test/stress.o test/.libs/libtesthelper.a src/.libs/libchewing.a \
|
||||
-lfuzzer $FUZZER_LDFLAGS
|
||||
done
|
||||
|
||||
# install data files
|
||||
make -C data pkgdatadir=/out install
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
#include <stdio.h>
|
||||
|
||||
#include "chewing_fuzzer_common.h"
|
||||
|
||||
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
fuzz_input = fuzz_ptr = data;
|
||||
fuzz_size = size;
|
||||
|
||||
const char* stress_argv[] = {
|
||||
"./chewing_fuzzer", "-loop", "1", NULL,
|
||||
};
|
||||
stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1,
|
||||
(char**)stress_argv);
|
||||
return 0;
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
#include <stdio.h>
|
||||
|
||||
#include "chewing_fuzzer_common.h"
|
||||
|
||||
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
fuzz_input = fuzz_ptr = data;
|
||||
fuzz_size = size;
|
||||
|
||||
const char* stress_argv[] = {
|
||||
"./chewing_fuzzer", "-loop", "1", "-extra", NULL,
|
||||
};
|
||||
stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1,
|
||||
(char**)stress_argv);
|
||||
return 0;
|
||||
}
|
|
@ -1,40 +0,0 @@
|
|||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <libgen.h>
|
||||
|
||||
static const uint8_t* fuzz_ptr;
|
||||
static const uint8_t* fuzz_input;
|
||||
static size_t fuzz_size;
|
||||
|
||||
int stress_main(int argc, char** argv);
|
||||
|
||||
int LLVMFuzzerInitialize(int* argc, char*** argv) {
|
||||
char* exe_path = (*argv)[0];
|
||||
char* dir = dirname(exe_path);
|
||||
// Assume data files are at the same location as executable.
|
||||
setenv("CHEWING_PATH", dir, 0);
|
||||
setenv("CHEWING_USER_PATH", "/tmp", 0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int get_fuzz_input() {
|
||||
if (fuzz_ptr - fuzz_input >= fuzz_size)
|
||||
return EOF;
|
||||
return *fuzz_ptr++;
|
||||
}
|
||||
|
||||
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
fuzz_input = fuzz_ptr = data;
|
||||
fuzz_size = size;
|
||||
|
||||
const char *stress_argv[] = {
|
||||
"./chewing_fuzzer",
|
||||
"-extra",
|
||||
"-loop", "1",
|
||||
NULL,
|
||||
};
|
||||
stress_main(4, (char**)stress_argv);
|
||||
return 0;
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
#include "chewing_fuzzer_common.h"
|
||||
|
||||
#include <libgen.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
static char userphrase_path[] = "/tmp/chewing_userphrase.db.XXXXXX";
|
||||
|
||||
int LLVMFuzzerInitialize(int* argc, char*** argv) {
|
||||
char* exe_path = (*argv)[0];
|
||||
char* dir = dirname(exe_path);
|
||||
// Assume data files are at the same location as executable.
|
||||
setenv("CHEWING_PATH", dir, 0);
|
||||
|
||||
// Specify user db of this process. So we can run multiple fuzzers at the
|
||||
// same time.
|
||||
mktemp(userphrase_path);
|
||||
setenv("TEST_USERPHRASE_PATH", userphrase_path, 0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int get_fuzz_input() {
|
||||
if (fuzz_ptr - fuzz_input >= fuzz_size)
|
||||
return EOF;
|
||||
return *fuzz_ptr++;
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
#ifndef CHEWING_FUZZER_COMMON_H
|
||||
#define CHEWING_FUZZER_COMMON_H
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
const uint8_t* fuzz_ptr;
|
||||
const uint8_t* fuzz_input;
|
||||
size_t fuzz_size;
|
||||
|
||||
int stress_main(int argc, char** argv);
|
||||
|
||||
#endif
|
|
@ -0,0 +1,15 @@
|
|||
#include <stdio.h>
|
||||
|
||||
#include "chewing_fuzzer_common.h"
|
||||
|
||||
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
fuzz_input = fuzz_ptr = data;
|
||||
fuzz_size = size;
|
||||
|
||||
const char* stress_argv[] = {
|
||||
"./chewing_fuzzer", "-loop", "1", "-init", "-extra", NULL,
|
||||
};
|
||||
stress_main(sizeof(stress_argv) / sizeof(stress_argv[0]) - 1,
|
||||
(char**)stress_argv);
|
||||
return 0;
|
||||
}
|
Loading…
Reference in New Issue