diff --git a/projects/golang/Dockerfile b/projects/golang/Dockerfile index ff5cd2fc1..8b9b970f6 100644 --- a/projects/golang/Dockerfile +++ b/projects/golang/Dockerfile @@ -17,6 +17,11 @@ FROM gcr.io/oss-fuzz-base/base-builder-go RUN git clone --depth 1 https://github.com/dvyukov/go-fuzz-corpus golang -COPY build.sh text_fuzzer.go math_big_fuzzer.go $SRC/ +RUN git clone --depth 1 https://github.com/golang/go +COPY build.sh text_fuzzer.go \ + math_big_fuzzer.go \ + fuzz_tar_reader.go \ + fuzz_tar_reader.options \ + elf_fuzzer.go $SRC/ WORKDIR $SRC/golang diff --git a/projects/golang/build.sh b/projects/golang/build.sh index b60bb20b6..d549cdef1 100755 --- a/projects/golang/build.sh +++ b/projects/golang/build.sh @@ -46,3 +46,28 @@ compile_go_fuzzer $FUZZ_ROOT/time Fuzz time_fuzzer compile_go_fuzzer $FUZZ_ROOT/xml Fuzz xml_fuzzer compile_go_fuzzer $FUZZ_ROOT/zip Fuzz zip_fuzzer compile_go_fuzzer $FUZZ_ROOT/zlib Fuzz zlib_fuzzer + +cd $SRC && git clone https://github.com/AdamKorcz/instrumentation +cd instrumentation +go run main.go $SRC/go/src/archive/tar + +cd $SRC/go/src/archive/tar +cp $SRC/fuzz_tar_reader.go ./ +go mod init tarPackage +rm ./*_test.go + +compile_go_fuzzer tarPackage FuzzTarReader fuzz_tar_reader + +cd $SRC/go/src/internal/saferio +go mod init saferioPackage +go mod tidy + +cd $SRC/go/src/debug/elf +go mod init elfPackage +go mod tidy +go mod edit -replace internal/saferio=../../internal/saferio +go get internal/saferio +cp $SRC/elf_fuzzer.go ./ +rm ./*_test.go +compile_go_fuzzer elfPackage FuzzElfOpen fuzz_elf_open +zip $OUT/fuzz_elf_open_seed_corpus.zip ./testdata/* \ No newline at end of file diff --git a/projects/golang/elf_fuzzer.go b/projects/golang/elf_fuzzer.go new file mode 100644 index 000000000..dc3c4da01 --- /dev/null +++ b/projects/golang/elf_fuzzer.go @@ -0,0 +1,40 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package elf + +import ( + "os" +) + +func FuzzElfOpen(data []byte) int { + defer os.Remove("tmpFile") + f, err := os.Create("tmpFile") + if err != nil { + return 0 + } + defer f.Close() + _, err = f.Write(data) + if err != nil { + return 0 + } + + _, err = Open("tmpFile") + if err != nil { + return 0 + } + + return 1 +} diff --git a/projects/golang/fuzz_tar_reader.go b/projects/golang/fuzz_tar_reader.go new file mode 100644 index 000000000..c6fde7b95 --- /dev/null +++ b/projects/golang/fuzz_tar_reader.go @@ -0,0 +1,36 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +package tar + +import ( + "bytes" + "io" +) + +func FuzzTarReader(data []byte) int { + r := bytes.NewReader(data) + tarReader := NewReader(r) + for { + _, err := tarReader.Next() + if err == io.EOF { + break + } + if err != nil { + return 0 + } + } + return 1 +} diff --git a/projects/golang/fuzz_tar_reader.options b/projects/golang/fuzz_tar_reader.options new file mode 100644 index 000000000..6ccf0d403 --- /dev/null +++ b/projects/golang/fuzz_tar_reader.options @@ -0,0 +1,3 @@ +[libfuzzer] +max_len = 1500000 +len_control = 0