From 8934ff6f8b3dd61dee9f94b6b6a584afdc49ad30 Mon Sep 17 00:00:00 2001 From: Benjamin Gordon Date: Tue, 2 Jul 2019 08:38:50 -0600 Subject: [PATCH] Two fixes for ghostcript (#2562) * [ghostscript] Fix ininitialized pointer Passing an invalid pointer causes a crash in gs_new_instance. * [ghostscript] Add seed corpus Use the examples distributed with ghostcript as a seed corpus. --- projects/ghostscript/build.sh | 7 +++++++ projects/ghostscript/gstoraster_fuzzer.cc | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/projects/ghostscript/build.sh b/projects/ghostscript/build.sh index 9abc8be1a..cc44e63f8 100755 --- a/projects/ghostscript/build.sh +++ b/projects/ghostscript/build.sh @@ -54,3 +54,10 @@ $CXX $CXXFLAGS $CUPS_LDFLAGS -std=c++11 -I. \ -o "$OUT/gstoraster_fuzzer" \ $CUPS_LIBS \ $LIB_FUZZING_ENGINE bin/gs.a + +mkdir -p "$WORK/seeds" +for f in examples/*.{ps,pdf}; do + s=$(sha1sum "$f" | awk '{print $1}') + cp "$f" "$WORK/seeds/$s" +done +zip -j "$OUT/gstoraster_fuzzer_seed_corpus.zip" "$WORK"/seeds/* diff --git a/projects/ghostscript/gstoraster_fuzzer.cc b/projects/ghostscript/gstoraster_fuzzer.cc index b128b7475..3ffb0d283 100644 --- a/projects/ghostscript/gstoraster_fuzzer.cc +++ b/projects/ghostscript/gstoraster_fuzzer.cc @@ -37,7 +37,7 @@ static int gs_stdout(void *inst, const char *buf, int len) static int gs_to_raster_fuzz(const unsigned char *buf, size_t size) { int ret; - void *gs; + void *gs = NULL; /* Mostly stolen from cups-filters gstoraster. */ char *args[] = {