mirror of https://github.com/google/oss-fuzz.git
[lzo] Add lzo (#1862)
* lzo: Add lzo out-of-source * lzo: Change maintainer of Docker image * lzo: Add decompress target * lzo: Update build script * lzo: Fix build script * lzo: Bail out if size==0 in decompress test * Adding a seed file to lzo_decompress_target_seed This commit adds a minimal lzo seed as a seed for the lzo_decompress_target. Still results in a heap-buffer-overflow at the moment. * lzo: Switch to safer decompressor (HT @viniul) that does not crash and remove assertion * lzo: Remove buggy addition (from OvS) to this PR * Add more decompression targets to decompress_target This commit adds more decompression targets to decompress_target.c. The target function is chosen based on the first byte of the data given by libfuzzer. * Make decomp func ptr static, fix minor bug in func ptr init, and fix include paths in build script
This commit is contained in:
parent
f2b4a02601
commit
754db9eb6c
|
@ -0,0 +1,23 @@
|
|||
# Copyright 2018 Google Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
################################################################################
|
||||
|
||||
FROM gcr.io/oss-fuzz-base/base-builder
|
||||
MAINTAINER info@oberhumer.com
|
||||
RUN apt-get update && apt-get install -y make autoconf automake libtool wget
|
||||
RUN wget -O lzo.tar.gz \
|
||||
http://www.oberhumer.com/opensource/lzo/download/lzo-2.10.tar.gz
|
||||
COPY *.c *.options build.sh $SRC/
|
||||
COPY lzo_decompress_target_seeds $SRC/lzo_decompress_target_seeds
|
|
@ -0,0 +1,35 @@
|
|||
#!/bin/bash -eu
|
||||
# Copyright 2018 Google Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
################################################################################
|
||||
|
||||
# build project
|
||||
cd $SRC
|
||||
tar xzf lzo.tar.gz
|
||||
cd lzo-*
|
||||
./configure && make -j$(nproc)
|
||||
|
||||
# build fuzzers
|
||||
for file in $SRC/*.c;
|
||||
do
|
||||
name=$(basename $file .c)
|
||||
$CC -c -I include -I minilzo -I include/lzo ${file} -o ${name}.o
|
||||
$CXX $CXXFLAGS -std=c++11 -I include -I minilzo -I include/lzo ${name}.o \
|
||||
-o $OUT/${name} -lFuzzingEngine src/.libs/liblzo2.a
|
||||
done
|
||||
|
||||
# copy fuzzer options
|
||||
cp $SRC/*.options $OUT/
|
||||
zip -j $OUT/lzo_decompress_target_seed_corpus.zip $SRC/lzo_decompress_target_seeds/*
|
|
@ -0,0 +1,78 @@
|
|||
/*
|
||||
# Copyright 2018 Google Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
################################################################################
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdint.h>
|
||||
#include <stdbool.h>
|
||||
#include <assert.h>
|
||||
#include "minilzo.h"
|
||||
|
||||
/* Work-memory needed for compression. Allocate memory in units
|
||||
* of 'lzo_align_t' (instead of 'char') to make sure it is properly aligned.
|
||||
*/
|
||||
#define HEAP_ALLOC(var,size) \
|
||||
lzo_align_t __LZO_MMODEL var [ ((size) + (sizeof(lzo_align_t) - 1)) / sizeof(lzo_align_t) ]
|
||||
|
||||
static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS);
|
||||
|
||||
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
||||
{
|
||||
int r;
|
||||
lzo_uint out_len;
|
||||
lzo_uint new_len;
|
||||
/* We want to compress the data block at 'in' with length 'IN_LEN' to
|
||||
* the block at 'out'. Because the input block may be incompressible,
|
||||
* we must provide a little more output space in case that compression
|
||||
* is not possible.
|
||||
*/
|
||||
unsigned char __LZO_MMODEL in[size];
|
||||
unsigned char __LZO_MMODEL out[size + size/16 + 64 + 3];
|
||||
|
||||
static bool isInit = false;
|
||||
if (!isInit)
|
||||
{
|
||||
if (lzo_init() != LZO_E_OK)
|
||||
{
|
||||
printf("internal error - lzo_init() failed !!!\n");
|
||||
return 0;
|
||||
}
|
||||
isInit = true;
|
||||
}
|
||||
|
||||
/* Compress with LZO1X-1. */
|
||||
r = lzo1x_1_compress(data,size,out,&out_len,wrkmem);
|
||||
assert(r == LZO_E_OK);
|
||||
printf("compressed %lu bytes into %lu bytes\n",
|
||||
(unsigned long) size, (unsigned long) out_len);
|
||||
|
||||
/* check for an incompressible block */
|
||||
if (out_len >= size)
|
||||
{
|
||||
printf("This block contains incompressible data.\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Decompress. */
|
||||
new_len = size;
|
||||
r = lzo1x_decompress(out,out_len,in,&new_len,NULL);
|
||||
assert(r == LZO_E_OK && new_len == size);
|
||||
printf("decompressed %lu bytes back into %lu bytes\n",
|
||||
(unsigned long) out_len, (unsigned long) size);
|
||||
return 0;
|
||||
}
|
|
@ -0,0 +1,2 @@
|
|||
[libfuzzer]
|
||||
close_fd_mask = 3
|
|
@ -0,0 +1,93 @@
|
|||
/*
|
||||
# Copyright 2018 Google Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
################################################################################
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdint.h>
|
||||
#include <stdbool.h>
|
||||
#include <assert.h>
|
||||
#include "lzo1b.h"
|
||||
#include "lzo1c.h"
|
||||
#include "lzo1f.h"
|
||||
#include "lzo1x.h"
|
||||
#include "lzo1y.h"
|
||||
#include "lzo1z.h"
|
||||
#include "lzo2a.h"
|
||||
|
||||
/* Work-memory needed for compression. Allocate memory in units
|
||||
* of 'lzo_align_t' (instead of 'char') to make sure it is properly aligned.
|
||||
*/
|
||||
#define HEAP_ALLOC(var,size) \
|
||||
lzo_align_t __LZO_MMODEL var [ ((size) + (sizeof(lzo_align_t) - 1)) / sizeof(lzo_align_t) ]
|
||||
|
||||
static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS);
|
||||
|
||||
typedef int (*decompress_function)( const lzo_bytep, lzo_uint ,
|
||||
lzo_bytep, lzo_uintp,
|
||||
lzo_voidp );
|
||||
|
||||
#define NUM_DECOMP 7
|
||||
|
||||
static decompress_function funcArr[NUM_DECOMP] =
|
||||
{
|
||||
&lzo1b_decompress_safe,
|
||||
&lzo1c_decompress_safe,
|
||||
&lzo1f_decompress_safe,
|
||||
&lzo1x_decompress_safe,
|
||||
&lzo1y_decompress_safe,
|
||||
&lzo1z_decompress_safe,
|
||||
&lzo2a_decompress_safe
|
||||
};
|
||||
|
||||
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
||||
{
|
||||
int r;
|
||||
lzo_uint new_len;
|
||||
if (size < 2){
|
||||
return 0;
|
||||
}
|
||||
/* We want to compress the data block at 'in' with length 'IN_LEN' to
|
||||
* the block at 'out'. Because the input block may be incompressible,
|
||||
* we must provide a little more output space in case that compression
|
||||
* is not possible.
|
||||
*/
|
||||
unsigned char __LZO_MMODEL out[size];
|
||||
|
||||
static bool isInit = false;
|
||||
if (!isInit)
|
||||
{
|
||||
if (lzo_init() != LZO_E_OK)
|
||||
{
|
||||
printf("internal error - lzo_init() failed !!!\n");
|
||||
return 0;
|
||||
}
|
||||
isInit = true;
|
||||
}
|
||||
|
||||
/* Decompress. */
|
||||
int idx = data[0] % NUM_DECOMP;
|
||||
new_len = size;
|
||||
r = (*funcArr[idx])(&data[1],size-1,out,&new_len,NULL);
|
||||
if (r != LZO_E_OK)
|
||||
{
|
||||
printf("error thrown by lzo1x_decompress_safe: %d\n", r);
|
||||
}
|
||||
printf("decompressed %lu bytes back into %lu bytes\n",
|
||||
(unsigned long) size, (unsigned long) new_len);
|
||||
return 0;
|
||||
}
|
|
@ -0,0 +1,2 @@
|
|||
[libfuzzer]
|
||||
close_fd_mask = 3
|
Binary file not shown.
|
@ -0,0 +1,8 @@
|
|||
homepage: "http://www.oberhumer.com"
|
||||
primary_contact: "info@oberhumer.com"
|
||||
auto_ccs:
|
||||
- "bshas3@gmail.com"
|
||||
sanitizers:
|
||||
- address
|
||||
- memory
|
||||
- undefined
|
Loading…
Reference in New Issue