From a598a4fd340aa81afdb5837500a831b746edfbe5 Mon Sep 17 00:00:00 2001 From: Jamie Pinheiro Date: Fri, 12 Jun 2020 15:14:30 -0400 Subject: [PATCH] Increase coverage of libraw fuzzing (#3962) * Increase coverage * Respond to PR feedback * Move corpuses to cloud Co-authored-by: Jamie Pinheiro --- projects/libraw/Dockerfile | 5 +++++ projects/libraw/build.sh | 20 +++++++++++++++++++- projects/libraw/libraw_fuzzer.cc | 26 +++++++++++++++++++++----- 3 files changed, 45 insertions(+), 6 deletions(-) diff --git a/projects/libraw/Dockerfile b/projects/libraw/Dockerfile index 96826595a..0cb5d7d24 100644 --- a/projects/libraw/Dockerfile +++ b/projects/libraw/Dockerfile @@ -19,4 +19,9 @@ MAINTAINER jesteele@google.com RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config RUN git clone --depth 1 https://github.com/libraw/libraw WORKDIR libraw + +ADD http://oss-fuzz-corpus.storage.googleapis.com/libraw/libraw_cr2_fuzzer_seed_corpus.zip $SRC/ +ADD http://oss-fuzz-corpus.storage.googleapis.com/libraw/libraw_nef_fuzzer_seed_corpus.zip $SRC/ +ADD http://oss-fuzz-corpus.storage.googleapis.com/libraw/libraw_raf_fuzzer_seed_corpus.zip $SRC/ + COPY build.sh libraw_fuzzer.cc $SRC/ diff --git a/projects/libraw/build.sh b/projects/libraw/build.sh index 20dbc4562..6c46d3f01 100755 --- a/projects/libraw/build.sh +++ b/projects/libraw/build.sh @@ -15,8 +15,14 @@ # ################################################################################ +# copy corpuses +cp $SRC/libraw_cr2_fuzzer_seed_corpus.zip \ + $SRC/libraw_nef_fuzzer_seed_corpus.zip \ + $SRC/libraw_raf_fuzzer_seed_corpus.zip \ + $OUT/ + # build project -./mkdist.sh +autoreconf --install ./configure --disable-examples make @@ -24,3 +30,15 @@ make $CXX $CXXFLAGS -std=c++11 -Ilibraw \ $SRC/libraw_fuzzer.cc -o $OUT/libraw_fuzzer \ $LIB_FUZZING_ENGINE lib/.libs/libraw.a + +$CXX $CXXFLAGS -std=c++11 -Ilibraw \ + $SRC/libraw_fuzzer.cc -o $OUT/libraw_cr2_fuzzer \ + $LIB_FUZZING_ENGINE lib/.libs/libraw.a + +$CXX $CXXFLAGS -std=c++11 -Ilibraw \ + $SRC/libraw_fuzzer.cc -o $OUT/libraw_nef_fuzzer \ + $LIB_FUZZING_ENGINE lib/.libs/libraw.a + +$CXX $CXXFLAGS -std=c++11 -Ilibraw \ + $SRC/libraw_fuzzer.cc -o $OUT/libraw_raf_fuzzer \ + $LIB_FUZZING_ENGINE lib/.libs/libraw.a diff --git a/projects/libraw/libraw_fuzzer.cc b/projects/libraw/libraw_fuzzer.cc index 25c101f59..416802b6f 100644 --- a/projects/libraw/libraw_fuzzer.cc +++ b/projects/libraw/libraw_fuzzer.cc @@ -20,9 +20,19 @@ limitations under the License. #include +enum InterpolationOptions { + Linear = 0, + Vng = 1, + Ppg = 2, + Ahd = 3, + Dcb = 4, + Dht = 11, + AhdModified = 12 +}; + extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - // Input less than 10mb - if (size > 10000000) { + // Input less than 15mb + if (size > 15000000) { return 0; } @@ -39,9 +49,15 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { return 0; } - result = lib_raw.dcraw_process(); - if (result != LIBRAW_SUCCESS) { - return 0; + InterpolationOptions options[] = {Linear, Vng, Ppg, Ahd, Dcb, Dht, AhdModified}; + + for (int i = 0; i < sizeof(options); i++) { + lib_raw.output_params_ptr()->user_qual = static_cast(options[i]); + + result = lib_raw.dcraw_process(); + if (result != LIBRAW_SUCCESS) { + return 0; + } } return 0;