Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[libgd] Add another fuzzer to libgd (#3892)

This commit is contained in:
Google AutoFuzz Team 2020-05-29 12:01:23 +02:00 committed by GitHub
parent 5b114cdc02
commit 8284b6bbdd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 61 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
projects/libgd/Dockerfile
View File

@ -21,4 +21,4 @@ RUN apt-get update && \
RUN git clone --depth 1 https://github.com/libgd/libgd RUN git clone --depth 1 https://github.com/libgd/libgd
ADD https://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz $SRC/afl_testcases.tgz ADD https://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz $SRC/afl_testcases.tgz
WORKDIR libgd WORKDIR libgd
COPY build.sh parser_target.cc $SRC/ COPY build.sh *.cc $SRC/

7
projects/libgd/build.sh
View File

@ -32,6 +32,13 @@ for target in Bmp Gd Gd2 Gif Jpeg Png Tga Tiff WBMP Webp; do
$LIB_FUZZING_ENGINE -lgd -Wl,-Bstatic -lz -Wl,-Bdynamic $LIB_FUZZING_ENGINE -lgd -Wl,-Bstatic -lz -Wl,-Bdynamic
done done
for fuzzers in $(find $SRC -name '*_fuzzer.cc'); do
fuzz_basename=$(basename -s .cc $fuzzers)
$CXX $CXXFLAGS -std=c++11 -I"$WORK/include" -L"$WORK/lib" \
$fuzzers -o $OUT/$fuzz_basename \
$LIB_FUZZING_ENGINE -lgd -Wl,-Bstatic -lz -Wl,-Bdynamic
done
mkdir afl_testcases mkdir afl_testcases
(cd afl_testcases; tar xvf "$SRC/afl_testcases.tgz") (cd afl_testcases; tar xvf "$SRC/afl_testcases.tgz")
for format in bmp gif png webp; do for format in bmp gif png webp; do

53
projects/libgd/gd_image_string_fuzzer.cc Normal file
View File

@ -0,0 +1,53 @@
// Copyright 2020 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
/////////////////////////////////////////////////////////////////////////////
#include <fuzzer/FuzzedDataProvider.h>
#include <cstddef>
#include <cstdint>
#include <cstdlib>
#include <string>
#include "gd.h"
#include "gdfontg.h"
#include "gdfontl.h"
#include "gdfontmb.h"
#include "gdfonts.h"
#include "gdfontt.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
FuzzedDataProvider stream(data, size);
const uint8_t slate_width = stream.ConsumeIntegral<uint8_t>();
const uint8_t slate_height = stream.ConsumeIntegral<uint8_t>();
gdImagePtr slate_image = gdImageCreateTrueColor(slate_width, slate_height);
if (slate_image == nullptr) {
return 0;
}
const int x_position = stream.ConsumeIntegral<int>();
const int y_position = stream.ConsumeIntegral<int>();
const int text_color = stream.ConsumeIntegral<int>();
const gdFontPtr font_ptr = stream.PickValueInArray(
{gdFontGetGiant(), gdFontGetLarge(), gdFontGetMediumBold(),
gdFontGetSmall(), gdFontGetTiny()});
const std::string text = stream.ConsumeRemainingBytesAsString();
gdImageString(slate_image, font_ptr, x_position, y_position,
reinterpret_cast<uint8_t*>(const_cast<char*>(text.c_str())),
text_color);
gdImageDestroy(slate_image);
return 0;
}