From d967b71245c6aab9a32fb808338281206ea3a101 Mon Sep 17 00:00:00 2001 From: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com> Date: Fri, 24 Apr 2020 05:05:38 +0100 Subject: [PATCH] [Leptonica] Added fuzzer with seed corpus (#3702) * Added fuzzer with seed corpus * Removed flag * Added license header --- projects/leptonica/Dockerfile | 2 +- projects/leptonica/build.sh | 14 +++++ projects/leptonica/pixa_recog_fuzzer.cc | 79 +++++++++++++++++++++++++ 3 files changed, 94 insertions(+), 1 deletion(-) create mode 100644 projects/leptonica/pixa_recog_fuzzer.cc diff --git a/projects/leptonica/Dockerfile b/projects/leptonica/Dockerfile index a40efc3af..64fe26bee 100644 --- a/projects/leptonica/Dockerfile +++ b/projects/leptonica/Dockerfile @@ -27,4 +27,4 @@ RUN git clone https://www.cl.cam.ac.uk/~mgk25/git/jbigkit jbigkit RUN git clone --depth 1 https://github.com/libjpeg-turbo/libjpeg-turbo libjpeg-turbo RUN git clone --depth 1 https://github.com/facebook/zstd zstd WORKDIR leptonica -COPY build.sh pix_rotate_shear_fuzzer.cc $SRC/ +COPY build.sh pixa_recog_fuzzer.cc pix_rotate_shear_fuzzer.cc $SRC/ diff --git a/projects/leptonica/build.sh b/projects/leptonica/build.sh index 991c0cb42..2f55342dd 100755 --- a/projects/leptonica/build.sh +++ b/projects/leptonica/build.sh @@ -117,3 +117,17 @@ $CXX $CXXFLAGS -std=c++11 -I"$WORK/include" \ "$WORK/lib/libz.a" \ $LIB_FUZZING_ENGINE +$CXX $CXXFLAGS -std=c++11 -I"$WORK/include" \ + "$SRC/pixa_recog_fuzzer.cc" -o "$OUT/pixa_recog_fuzzer" \ + -Isrc/ \ + "$WORK/lib/liblept.a" \ + "$WORK/lib/libtiff.a" \ + "$WORK/lib/libwebp.a" \ + "$WORK/lib/libpng.a" \ + "$WORK/lib/libjpeg.a" \ + "$WORK/lib/libjbig.a" \ + "$WORK/lib/libzstd.a" \ + "$WORK/lib/libz.a" \ + $LIB_FUZZING_ENGINE + +cd $SRC/leptonica/prog/recog/sets && zip pixa_recog_fuzzer_seed_corpus.zip test01.pa && mv pixa_recog_fuzzer_seed_corpus.zip /out/ diff --git a/projects/leptonica/pixa_recog_fuzzer.cc b/projects/leptonica/pixa_recog_fuzzer.cc new file mode 100644 index 000000000..ae4d44ebd --- /dev/null +++ b/projects/leptonica/pixa_recog_fuzzer.cc @@ -0,0 +1,79 @@ +/* +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include "string.h" +#include "allheaders.h" +#include +#include +#include +#include + + +extern "C" int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + if(size<20) return 0; + + char filename[256]; + sprintf(filename, "/tmp/libfuzzer.pa"); + + FILE *fp = fopen(filename, "wb"); + if (!fp) + return 0; + fwrite(data, size, 1, fp); + fclose(fp); + + char *text; + l_int32 histo[10]; + PIXA *pixa1, *pixa2, *pixa3, *pixa4; + L_RECOG *recog1; + l_int32 i, n, ival; + PIX *pix1; + + pixa1 = pixaRead(filename); + pixa2 = pixaCreate(0); + pixa3 = pixaCreate(0); + + n = pixaGetCount(pixa1); + for (i = 0; i < 10; i++) + histo[i] = 0; + for (i = 0; i < n; i++) { + pix1 = pixaGetPix(pixa1, i, L_COPY); + text = pixGetText(pix1); + ival = text[0] - '0'; + if (ival == 4 || (ival == 7 && histo[7] == 2) || + (ival == 9 && histo[9] == 2)) { + pixaAddPix(pixa3, pix1, L_INSERT); + } else { + pixaAddPix(pixa2, pix1, L_INSERT); + histo[ival]++; + } + } + + recog1 = recogCreateFromPixa(pixa2, 0, 40, 1, 128, 1); + pixa4 = recogTrainFromBoot(recog1, pixa3, 0.75, 128, 1); + + recogDestroy(&recog1); + pixaDestroy(&pixa1); + pixaDestroy(&pixa2); + pixaDestroy(&pixa3); + pixaDestroy(&pixa4); + unlink(filename); + + return 0; +}