Differential fuzzing for libhtp-rs (#9359)

We are transitioning from libhtp C to libhtp in rust

So, here is the update of the project to fuzz the coming rust version,
and also do differential fuzzing between them to check that they have
the same behavior...

projects/libhtp/Dockerfile

@@ -14,8 +14,10 @@
 #
 ################################################################################
 
-FROM gcr.io/oss-fuzz-base/base-builder
+FROM gcr.io/oss-fuzz-base/base-builder-rust
 RUN apt-get update && apt-get install -y make autoconf automake libtool zlib1g-dev liblzma-dev
 RUN git clone --depth 1 https://github.com/OISF/libhtp.git libhtp
+RUN git clone --depth 1 https://github.com/cccs-rtmorti/libhtp-rs.git libhtp-rs
 WORKDIR $SRC
 COPY build.sh $SRC/
+COPY multiple.txt $SRC/

projects/libhtp/build.sh

@@ -16,14 +16,37 @@
 ################################################################################
 
 # build project
+(
+cd libhtp-rs
+export CARGO_BUILD_TARGET="x86_64-unknown-linux-gnu"
+cargo fuzz build -O
+cargo fuzz list | while read i; do
+    # debug for coverage build
+    cp fuzz/target/x86_64-unknown-linux-gnu/release/$i $OUT/ || cp fuzz/target/x86_64-unknown-linux-gnu/debug/$i $OUT/
+done
+if [ "$SANITIZER" = "address" ]
+then
+    export RUSTFLAGS="$RUSTFLAGS -Cpasses=sancov-module -Cllvm-args=-sanitizer-coverage-level=4 -Cllvm-args=-sanitizer-coverage-trace-compares -Cllvm-args=-sanitizer-coverage-inline-8bit-counters -Cllvm-args=-sanitizer-coverage-trace-geps -Cllvm-args=-sanitizer-coverage-prune-blocks=0 -Cllvm-args=-sanitizer-coverage-pc-table -Clink-dead-code -Cllvm-args=-sanitizer-coverage-stack-depth"
+fi
+cat $SRC/multiple.txt | while read i; do
+    git grep $i | cut -d: -f1 | uniq | xargs sed -i -e s/$i/"$i"_rs/;
+done
+cargo build
+cp ./target/x86_64-unknown-linux-gnu/debug/libhtp.a ../libhtp-rs.a
+)
+
 cd libhtp
 sh autogen.sh
 ./configure
-make
+make -j$(nproc)
 
 $CC $CFLAGS -I. -c test/fuzz/fuzz_htp.c -o fuzz_htp.o
 $CC $CFLAGS -I. -c test/test.c -o test.o
-$CXX $CXXFLAGS fuzz_htp.o test.o -o $OUT/fuzz_htp ./htp/.libs/libhtp.a $LIB_FUZZING_ENGINE -lz -llzma
+$CXX $CXXFLAGS fuzz_htp.o test.o -o $OUT/fuzz_htp_c ./htp/.libs/libhtp.a $LIB_FUZZING_ENGINE -lz -llzma
+
+$CC $CFLAGS -I. -c test/fuzz/fuzz_diff.c -o fuzz_diff.o
+$CXX $CXXFLAGS fuzz_diff.o test.o -o $OUT/fuzz_diff ./htp/.libs/libhtp.a ../libhtp-rs.a $LIB_FUZZING_ENGINE -lz -llzma
 
 # builds corpus
 zip -r $OUT/fuzz_htp_seed_corpus.zip test/files/*.t
+zip -r $OUT/fuzz_diff_seed_corpus.zip test/files/*.t

projects/libhtp/multiple.txt

@@ -0,0 +1,11 @@
+bstr_alloc
+bstr_free
+bstr_cmp_c
+bstr_dup_c
+bstr_util_strdup_to_c
+bstr_len
+bstr_ptr
+htp_connp_
+htp_tx_destroy
+htp_tx_set_user_data
+htp_tx_register_response_body_data

projects/libhtp/project.yaml

@@ -1,5 +1,5 @@
 homepage: "https://github.com/OISF/libhtp"
-language: c++
+language: rust
 primary_contact: "vjulien@openinfosecfoundation.org"
 auto_ccs :
 - "p.antoine@catenacyber.fr"
@@ -9,5 +9,6 @@ sanitizers:
 - address
 # Disabled MSAN because of https://github.com/google/oss-fuzz/issues/6294
 #  - memory
-- undefined
-main_repo: 'https://github.com/OISF/libhtp.git'
+fuzzing_engines:
+  - libfuzzer
+main_repo: 'https://github.com/OISF/libhtp.git'