Increase coverage of libraw fuzzing (#3962)

* Increase coverage * Respond to PR feedback * Move corpuses to cloud Co-authored-by: Jamie Pinheiro <pinheirojamie@google.com>
2020-06-12 15:14:30 -04:00 · 2020-06-12 15:14:30 -04:00 · a598a4fd34
parent 6c21d442e1
commit a598a4fd34
3 changed files with 45 additions and 6 deletions
--- a/projects/libraw/Dockerfile
+++ b/projects/libraw/Dockerfile
@ -19,4 +19,9 @@ MAINTAINER jesteele@google.com
 RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config
 RUN git clone --depth 1 https://github.com/libraw/libraw
 WORKDIR libraw
+
+ADD http://oss-fuzz-corpus.storage.googleapis.com/libraw/libraw_cr2_fuzzer_seed_corpus.zip $SRC/
+ADD http://oss-fuzz-corpus.storage.googleapis.com/libraw/libraw_nef_fuzzer_seed_corpus.zip $SRC/
+ADD http://oss-fuzz-corpus.storage.googleapis.com/libraw/libraw_raf_fuzzer_seed_corpus.zip $SRC/
+
 COPY build.sh libraw_fuzzer.cc $SRC/
--- a/projects/libraw/build.sh
+++ b/projects/libraw/build.sh
@ -15,8 +15,14 @@
 #
 ################################################################################

+# copy corpuses
+cp $SRC/libraw_cr2_fuzzer_seed_corpus.zip \
+    $SRC/libraw_nef_fuzzer_seed_corpus.zip \
+    $SRC/libraw_raf_fuzzer_seed_corpus.zip \
+    $OUT/
+
 # build project
-./mkdist.sh
+autoreconf --install
 ./configure --disable-examples
 make

@ -24,3 +30,15 @@ make
 $CXX $CXXFLAGS -std=c++11 -Ilibraw \
    $SRC/libraw_fuzzer.cc -o $OUT/libraw_fuzzer \
    $LIB_FUZZING_ENGINE lib/.libs/libraw.a
+
+$CXX $CXXFLAGS -std=c++11 -Ilibraw \
+    $SRC/libraw_fuzzer.cc -o $OUT/libraw_cr2_fuzzer \
+    $LIB_FUZZING_ENGINE lib/.libs/libraw.a
+
+$CXX $CXXFLAGS -std=c++11 -Ilibraw \
+    $SRC/libraw_fuzzer.cc -o $OUT/libraw_nef_fuzzer \
+    $LIB_FUZZING_ENGINE lib/.libs/libraw.a
+
+$CXX $CXXFLAGS -std=c++11 -Ilibraw \
+    $SRC/libraw_fuzzer.cc -o $OUT/libraw_raf_fuzzer \
+    $LIB_FUZZING_ENGINE lib/.libs/libraw.a
--- a/projects/libraw/libraw_fuzzer.cc
+++ b/projects/libraw/libraw_fuzzer.cc
@ -20,9 +20,19 @@ limitations under the License.

 #include <libraw.h>

+enum InterpolationOptions {
+  Linear = 0,
+  Vng = 1, 
+  Ppg = 2,
+  Ahd = 3,
+  Dcb = 4,
+  Dht = 11,
+  AhdModified = 12
+};
+
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  // Input less than 10mb
-  if (size > 10000000) {
+  // Input less than 15mb
+  if (size > 15000000) {
    return 0;
  }

@ -39,9 +49,15 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
    return 0;
  }

-  result = lib_raw.dcraw_process();
-  if (result != LIBRAW_SUCCESS) {
-    return 0;
+  InterpolationOptions options[] = {Linear, Vng, Ppg, Ahd, Dcb, Dht, AhdModified};
+
+  for (int i = 0; i < sizeof(options); i++) {
+    lib_raw.output_params_ptr()->user_qual = static_cast<int>(options[i]);
+
+    result = lib_raw.dcraw_process();
+    if (result != LIBRAW_SUCCESS) {
+      return 0;
+    }
  }

  return 0;