mirror of https://github.com/google/oss-fuzz.git
projects: Add GStreamer (#905)
* projects: Add GStreamer This is an initial fuzzer which goes over ogg/theora/vorbis files using the discoverer process * gstreamer/build.sh: Cleanup file * gstreamer/Dockerfile: Update copyright date * gstreamer: Update project.yaml Use the security mailing list as the primary contact Remove explicit sanitizer listing * gstreamer: Simplify base fuzzer Removed almost all outputting I am the original author of the code this is taken for, relicensing an ultra-simplified version of my original code to Apache. * gstreamer: Cleanup of build file and dockerfile * gstreamer: Code minimization and avoid leaks Data provided by the fuzzer shouldn't be freed (but the wrapping GstBuffer should). Avoid logging by default * gstreamer: Download corpus in Dockerfile And extract in build.sh * gstreamer: Move code to repository and more cleanups Remove custom LDFLAGS (not needed) Use fuzzing target code from upstream repository
This commit is contained in:
Edward Hervey
Oliver Chang
parent
a345e1a46a
commit
5a748a122c
|
|
@ -0,0 +1,40 @@
|
|||
# Copyright 2017 Google Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
################################################################################
|
||||
|
||||
FROM gcr.io/oss-fuzz-base/base-builder
|
||||
MAINTAINER bilboed@bilboed.com
|
||||
# Install the build dependencies
|
||||
|
||||
# install the minimum
|
||||
|
||||
RUN sed -i '/^#\sdeb-src /s/^#//' "/etc/apt/sources.list" && \
|
||||
apt-get update && \
|
||||
apt-get install -y make autoconf automake libtool build-essential \
|
||||
autopoint pkg-config bison flex gettext libglib2.0-dev libffi-dev liblzma-dev \
|
||||
libvorbis-dev libtheora-dev libogg-dev git-annex
|
||||
|
||||
# Checkout all development repositories
|
||||
#RUN for i in orc gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav; do git clone --depth 1 --recursive https://anongit.freedesktop.org/git/gstreamer/$i $i; done
|
||||
RUN \
|
||||
git clone --depth 1 --recursive https://anongit.freedesktop.org/git/gstreamer/orc orc && \
|
||||
git clone --depth 1 --recursive https://anongit.freedesktop.org/git/gstreamer/gstreamer gstreamer && \
|
||||
git clone --depth 1 --recursive https://anongit.freedesktop.org/git/gstreamer/gst-plugins-base gst-plugins-base && \
|
||||
git clone --depth 1 --recursive https://anongit.freedesktop.org/git/gstreamer/gst-ci gst-ci
|
||||
|
||||
ADD https://people.freedesktop.org/~bilboed/gst-discoverer_seed_corpus.zip $SRC
|
||||
|
||||
WORKDIR gstreamer
|
||||
COPY build.sh $SRC/
|
||||
|
|
@ -0,0 +1,97 @@
|
|||
#!/bin/bash -eu
|
||||
# Copyright 2017 Google Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
################################################################################
|
||||
|
||||
echo "CFLAGS" $CFLAGS
|
||||
echo "CXXFLAGS" $CXXFLAGS
|
||||
PREFIX=$WORK/prefix
|
||||
PLUGIN_DIR=$PREFIX/lib/gstreamer-1.0
|
||||
export PKG_CONFIG_PATH=$PREFIX/lib/pkgconfig
|
||||
mkdir -p $PREFIX
|
||||
cd $WORK
|
||||
|
||||
# Minimize gst-debug level/code
|
||||
export CFLAGS="$CFLAGS -DGST_LEVEL_MAX=2"
|
||||
|
||||
for i in orc gstreamer gst-plugins-base;
|
||||
do
|
||||
mkdir -p $i
|
||||
cd $i
|
||||
$SRC/$i/autogen.sh --prefix=$PREFIX --disable-shared --enable-static --disable-examples \
|
||||
--disable-gtk-doc --disable-introspection --enable-static-plugins \
|
||||
--disable-gst-tracer-hooks --disable-registry
|
||||
make -j$(nproc)
|
||||
make install
|
||||
cd ..
|
||||
done
|
||||
|
||||
#finally build the binary \o/
|
||||
BUILD_CFLAGS="$CFLAGS `pkg-config --static --cflags glib-2.0 gstreamer-1.0 gstreamer-pbutils-1.0 gstreamer-video-1.0 gstreamer-audio-1.0 gstreamer-app-1.0 orc-0.4`"
|
||||
|
||||
# List of dependencies libraries we grab from pkg-config
|
||||
# Should also include dependencies of dependencies (ex: libvorbis depends on libogg)
|
||||
|
||||
PKG_DEPS="glib-2.0 gstreamer-1.0 gstreamer-pbutils-1.0 gstreamer-video-1.0 gstreamer-audio-1.0 orc-0.4 \
|
||||
gstreamer-riff-1.0 gstreamer-tag-1.0 gstreamer-app-1.0 zlib \
|
||||
ogg vorbis vorbisenc theoraenc theoradec theora"
|
||||
|
||||
# List of all plugins to include
|
||||
PLUGINS="$PLUGIN_DIR/libgstcoreelements.a \
|
||||
$PLUGIN_DIR/libgsttypefindfunctions.a \
|
||||
$PLUGIN_DIR/libgstplayback.a \
|
||||
$PLUGIN_DIR/libgstapp.a \
|
||||
$PLUGIN_DIR/libgstvorbis.a \
|
||||
$PLUGIN_DIR/libgsttheora.a \
|
||||
$PLUGIN_DIR/libgstogg.a"
|
||||
|
||||
# We want to statically link everything, except for shared libraries that are present on
|
||||
# the base image. Those need to be specified beforehad and explicitely linked dynamically
|
||||
# If any of the static dependencies require a pre-installed shared library, you need
|
||||
# to add that library to the following list
|
||||
PREDEPS_LDFLAGS="-Wl,-Bdynamic -ldl -lm -pthread -lrt -lpthread"
|
||||
|
||||
# The libraries we want to statically link to
|
||||
# This includes dependencies of the gst plugins
|
||||
BUILD_LDFLAGS="-Wl,-static `pkg-config --static --libs $PKG_DEPS`"
|
||||
|
||||
echo
|
||||
echo "PREDEPS_LDFLAGS" $PREDEPS_LDFLAGS
|
||||
echo
|
||||
echo "BUILD_LDFLAGS" $BUILD_LDFLAGS
|
||||
echo
|
||||
echo ">>>> BUILDING gst-discoverer.o"
|
||||
echo
|
||||
|
||||
$CC $CFLAGS $BUILD_CFLAGS -c $SRC/gst-ci/fuzzing/gst-discoverer.c -o $SRC/gst-ci/fuzzing/gst-discoverer.o
|
||||
|
||||
echo
|
||||
echo ">>>> LINKING"
|
||||
echo
|
||||
|
||||
$CXX $CXXFLAGS \
|
||||
-o $OUT/gst-discoverer \
|
||||
$PREDEPS_LDFLAGS \
|
||||
$SRC/gst-ci/fuzzing/gst-discoverer.o \
|
||||
$PLUGINS \
|
||||
$BUILD_LDFLAGS \
|
||||
$LIB_FUZZING_ENGINE \
|
||||
-Wl,-Bdynamic
|
||||
|
||||
echo
|
||||
echo ">>>> Installing OGG corpus"
|
||||
echo
|
||||
|
||||
cp $SRC/*_seed_corpus.zip $OUT
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
homepage: "https://gstreamer.freedesktop.org/"
|
||||
primary_contact: "gstreamer-security@lists.freedesktop.org"
|
||||
auto_ccs:
|
||||
- "bilboed@bilboed.com"
|
||||
|
||||
|
||||
Loading…
Reference in New Issue