diff --git a/projects/vorbis/Dockerfile b/projects/vorbis/Dockerfile new file mode 100644 index 000000000..778931a8b --- /dev/null +++ b/projects/vorbis/Dockerfile @@ -0,0 +1,25 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER paul.l.kehrer@mail.com +RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config +RUN git clone https://git.xiph.org/ogg.git +RUN git clone https://git.xiph.org/vorbis.git +ADD decode_fuzzer.cc $SRC/ +ADD https://upload.wikimedia.org/wikipedia/commons/f/f9/Beep_example.ogg $SRC/sample.ogg +WORKDIR vorbis +COPY build.sh $SRC/ diff --git a/projects/vorbis/build.sh b/projects/vorbis/build.sh new file mode 100755 index 000000000..b0a49dca3 --- /dev/null +++ b/projects/vorbis/build.sh @@ -0,0 +1,39 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cd $SRC + +mkdir decode_corpus +mv sample.ogg decode_corpus/ +zip -r "$OUT/decode_fuzzer_seed_corpus.zip" decode_corpus/ + +cd $SRC/ogg +./autogen.sh +./configure --prefix="$WORK" --enable-static --disable-shared --disable-crc +make clean +make -j$(nproc) +make install + + +cd $SRC/vorbis +./autogen.sh +./configure --prefix="$WORK" --enable-static --disable-shared +make clean +make -j$(nproc) +make install + +$CXX $CXXFLAGS $SRC/decode_fuzzer.cc -o $OUT/decode_fuzzer -L"$WORK/lib" -I"$WORK/include" -lFuzzingEngine -lvorbisfile -lvorbis -logg diff --git a/projects/vorbis/decode_fuzzer.cc b/projects/vorbis/decode_fuzzer.cc new file mode 100644 index 000000000..b8840c145 --- /dev/null +++ b/projects/vorbis/decode_fuzzer.cc @@ -0,0 +1,48 @@ +#include +#include +#include +#include + +struct vorbis_data { + const uint8_t *current; + const uint8_t *data; + size_t size; +}; + +size_t read_func(void *ptr, size_t size1, size_t size2, void *datasource) { + vorbis_data* vd = (vorbis_data *)(datasource); + size_t len = size1 * size2; + if (vd->current + len > vd->data + vd->size) { + len = vd->data + vd->size - vd->current; + } + memcpy(ptr, vd->current, len); + vd->current += len; + return len; +} + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + ov_callbacks memory_callbacks = {0}; + memory_callbacks.read_func = read_func; + vorbis_data data_st; + data_st.size = Size; + data_st.current = Data; + data_st.data = Data; + OggVorbis_File vf; + int result = ov_open_callbacks(&data_st, &vf, NULL, 0, memory_callbacks); + if (result < 0) { + return 0; + } + int current_section = 0; + int eof = 0; + char buf[4096]; + int read_result; + while (!eof) { + read_result = ov_read(&vf, buf, sizeof(buf), 0, 2, 1, ¤t_section); + if (read_result != OV_HOLE && read_result <= 0) { + eof = 1; + } + } + ov_clear(&vf); + return 0; +} diff --git a/projects/vorbis/project.yaml b/projects/vorbis/project.yaml new file mode 100644 index 000000000..2cc1d00c2 --- /dev/null +++ b/projects/vorbis/project.yaml @@ -0,0 +1,8 @@ +homepage: "https://xiph.org/vorbis/" +primary_contact: "daede003@umn.edu" +auto_ccs: + - paul.l.kehrer@gmail.com + - agaynor@mozilla.com +sanitizers: + - address + - memory