From c848b5acde4d79f3ce6b80011ec21ce8e3d37aa9 Mon Sep 17 00:00:00 2001
From: Evgeniy Stepanov <eugeni.stepanov@gmail.com>
Date: Thu, 13 Oct 2016 17:02:20 -0700
Subject: [PATCH] Add libass fuzzer (#34)

---
 libass/Dockerfile            |  23 +++++++
 libass/Jenkinsfile           |  22 +++++++
 libass/ass.dict              | 112 +++++++++++++++++++++++++++++++++++
 libass/build.sh              |  40 +++++++++++++
 libass/libass_fuzzer.cc      |  49 +++++++++++++++
 libass/libass_fuzzer.options |   2 +
 6 files changed, 248 insertions(+)
 create mode 100644 libass/Dockerfile
 create mode 100644 libass/Jenkinsfile
 create mode 100644 libass/ass.dict
 create mode 100755 libass/build.sh
 create mode 100644 libass/libass_fuzzer.cc
 create mode 100644 libass/libass_fuzzer.options

diff --git a/libass/Dockerfile b/libass/Dockerfile
new file mode 100644
index 000000000..25b04be6f
--- /dev/null
+++ b/libass/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM ossfuzz/base-libfuzzer
+MAINTAINER eugeni.stepanov@gmail.com
+RUN apt-get install -y make autoconf automake libtool pkg-config libfreetype6-dev libfontconfig1-dev
+
+ENV GIT_URL="https://github.com/libass/libass.git"
+
+COPY build.sh libass_fuzzer.cc *.dict *.options /src/
diff --git a/libass/Jenkinsfile b/libass/Jenkinsfile
new file mode 100644
index 000000000..6bcd07dda
--- /dev/null
+++ b/libass/Jenkinsfile
@@ -0,0 +1,22 @@
+// Copyright 2016 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+def libfuzzerBuild = fileLoader.fromGit('infra/libfuzzer-pipeline.groovy',
+                                        'https://github.com/google/oss-fuzz.git')
+
+libfuzzerBuild {
+  git = "https://github.com/libass/libass.git"
+}
diff --git a/libass/ass.dict b/libass/ass.dict
new file mode 100644
index 000000000..aa4f9b43f
--- /dev/null
+++ b/libass/ass.dict
@@ -0,0 +1,112 @@
+"0x"
+"\\1a"
+"\\2a"
+"\\2c"
+"\\3a"
+"\\3c"
+"\\4a"
+"\\4c"
+"\\a"
+"\\alpha"
+"\\an"
+"Arial"
+"\\b"
+"Banner;"
+"\\be"
+"\\blur"
+"\\bord"
+"\\c"
+"CFF"
+"CID Type 1"
+"\\clip"
+"clip"
+"Courier"
+"Courier New"
+"Default"
+"Dialogue:"
+"[Events]"
+"\\fade"
+"\\fax"
+"\\fay"
+"\\fe"
+"\\fn"
+"fontname:"
+"[Fonts]"
+"Format:"
+"\\frx"
+"\\fry"
+"\\frz"
+"\\fs"
+"\\fsc"
+"\\fscx"
+"\\fscy"
+"\\fsp"
+"&h"
+"Helvetica"
+"\\i"
+"\\iclip"
+"iclip"
+"\\k"
+"Kerning:"
+"Kerning"
+"\\kf"
+"\\ko"
+"Language:"
+"monospace"
+"\\move"
+"move"
+"none"
+"\\org"
+"org"
+"OverrideStyle"
+"\\p"
+"p"
+"\\pbo"
+"pbo"
+"pc.240m"
+"pc.601"
+"pc.709"
+"pc.fcc"
+"PlayResX:"
+"PlayResX"
+"PlayResY:"
+"PlayResY"
+"\\pos"
+"pos"
+"\\q"
+"\\r"
+"\\s"
+"sans-serif"
+"ScaledBorderAndShadow:"
+"ScaledBorderAndShadow"
+"[Script Info]"
+"Scroll down;"
+"Scroll up;"
+"serif"
+"\\shad"
+"Style:"
+"\\t"
+"Text"
+"Timer:"
+"Timer"
+"Times"
+"Times New Roman"
+"tv.240m"
+"tv.601"
+"tv.709"
+"tv.fcc"
+"Type 1"
+"Type 42"
+"\\u"
+"UTF-8"
+"[V4 Styles]"
+"[V4+ Styles]"
+"WrapStyle:"
+"WrapStyle"
+"\\xbord"
+"\\xshad"
+"\\ybord"
+"YCbCr Matrix:"
+"YCbCr Matrix"
+"yes"
+"\\yshad"
diff --git a/libass/build.sh b/libass/build.sh
new file mode 100755
index 000000000..eaf5259fb
--- /dev/null
+++ b/libass/build.sh
@@ -0,0 +1,40 @@
+#!/bin/bash -eux
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd /src
+
+rm -rf fribidi
+git clone https://github.com/behdad/fribidi.git
+cd fribidi
+./bootstrap
+./configure --enable-static=yes --enable-shared=no --with-pic=yes
+# Don't run "make": it's broken. Run "make install".
+make install
+
+cd /src/libass
+
+./autogen.sh
+./configure --disable-asm
+make
+
+$CXX $CXXFLAGS -std=c++11 -I/src/libass \
+    /src/libass_fuzzer.cc -o /out/libass_fuzzer \
+    /work/libfuzzer/*.o libass/.libs/libass.a \
+    -Wl,-Bstatic -lfontconfig  -lfribidi -lfreetype -lz -lpng12 -lexpat -Wl,-Bdynamic \
+    $FUZZER_LDFLAGS
+
+cp /src/*.dict /src/*.options /out/
diff --git a/libass/libass_fuzzer.cc b/libass/libass_fuzzer.cc
new file mode 100644
index 000000000..5254faff4
--- /dev/null
+++ b/libass/libass_fuzzer.cc
@@ -0,0 +1,49 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <libass/ass.h>
+
+static ASS_Library *ass_library;
+static ASS_Renderer *ass_renderer;
+
+void msg_callback(int level, const char *fmt, va_list va, void *data) {
+}
+
+static const int kFrameWidth = 1280;
+static const int kFrameHeight = 720;
+
+static bool init(int frame_w, int frame_h) {
+  ass_library = ass_library_init();
+  if (!ass_library) {
+    printf("ass_library_init failed!\n");
+    exit(1);
+  }
+
+  ass_set_message_cb(ass_library, msg_callback, NULL);
+
+  ass_renderer = ass_renderer_init(ass_library);
+  if (!ass_renderer) {
+    printf("ass_renderer_init failed!\n");
+    exit(1);
+  }
+
+  ass_set_frame_size(ass_renderer, frame_w, frame_h);
+  ass_set_fonts(ass_renderer, nullptr, "sans-serif",
+                ASS_FONTPROVIDER_AUTODETECT, nullptr, 1);
+  return true;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  static bool initialized = init(kFrameWidth, kFrameHeight);
+
+  ASS_Track *track = ass_read_memory(ass_library, (char *)data, size, nullptr);
+  if (!track) return 0;
+
+  for (int i = 0; i < track->n_events; ++i) {
+    ASS_Event &ev = track->events[i];
+    long long tm = ev.Start + ev.Duration / 2;
+    ass_render_frame(ass_renderer, track, tm, nullptr);
+  }
+  ass_free_track(track);
+  return 0;
+}
diff --git a/libass/libass_fuzzer.options b/libass/libass_fuzzer.options
new file mode 100644
index 000000000..6a3e33bc3
--- /dev/null
+++ b/libass/libass_fuzzer.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+dict = ass.dict