From da812b19f2014bc5f6b429ab6e229814eb4f1891 Mon Sep 17 00:00:00 2001
From: DRC <information@virtualgl.org>
Date: Fri, 2 Apr 2021 13:14:06 -0500
Subject: [PATCH] [libjpeg-turbo] Use new fuzzers in project repo (#5537)

- Eliminate unnecessary packages from Docker image (Autotools has not
  been required since libjpeg-turbo 1.5.x.)

- Obtain seed corpora from a new Git repository maintained by The
  libjpeg-turbo Project.  (This new repo contains the old corpora from
  https://lcamtuf.coredump.cx, with duplicates removed, and some new
  corpora curated from historical libjpeg-turbo bug reports.)

- Remove build.sh.  (The libjpeg-turbo Project is now maintaining its
  own build script in order to facilitate the future creation of new
  fuzz targets.)

- Remove fuzz target source code.  (The libjpeg-turbo Project is now
  maintaining its own fuzz targets with better code coverage.)

- Update the project home page in project.yaml.

- Change the project language to C in project.yaml.  (The new fuzz
  targets are written in pure C rather than C++, since libjpeg-turbo is
  a C-only project.)
---
 projects/libjpeg-turbo/Dockerfile             | 11 +--
 projects/libjpeg-turbo/build.sh               | 26 -------
 .../libjpeg-turbo/libjpeg_turbo_fuzzer.cc     | 67 -------------------
 projects/libjpeg-turbo/project.yaml           |  4 +-
 4 files changed, 8 insertions(+), 100 deletions(-)
 delete mode 100755 projects/libjpeg-turbo/build.sh
 delete mode 100644 projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc

diff --git a/projects/libjpeg-turbo/Dockerfile b/projects/libjpeg-turbo/Dockerfile
index 40c8f49f6..49d8c7be1 100644
--- a/projects/libjpeg-turbo/Dockerfile
+++ b/projects/libjpeg-turbo/Dockerfile
@@ -15,12 +15,13 @@
 ################################################################################
 
 FROM gcr.io/oss-fuzz-base/base-builder
-RUN apt-get update && apt-get install -y make autoconf automake libtool yasm curl cmake
+RUN apt-get update && apt-get install -y make yasm cmake libstdc++-5-dev:i386
 RUN git clone --depth 1 https://github.com/libjpeg-turbo/libjpeg-turbo
 
-RUN mkdir afl-testcases
-RUN cd afl-testcases/ && curl https://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz | tar -xz
-RUN zip libjpeg_turbo_fuzzer_seed_corpus.zip afl-testcases/jpeg/full/images/* afl-testcases/jpeg_turbo/full/images/* $SRC/libjpeg-turbo/testimages/*
+RUN git clone --depth 1 https://github.com/libjpeg-turbo/seed-corpora
+RUN cd seed-corpora && zip -r ../decompress_fuzzer_seed_corpus.zip afl-testcases/jpeg* bugs/decompress* $SRC/libjpeg-turbo/testimages/*.jpg
+RUN cd seed-corpora && zip -r ../compress_fuzzer_seed_corpus.zip afl-testcases/bmp afl-testcases/gif* bugs/compress* $SRC/libjpeg-turbo/testimages/*.bmp $SRC/libjpeg-turbo/testimages/*.ppm
+RUN rm -rf seed-corpora
 
 WORKDIR libjpeg-turbo
-COPY build.sh libjpeg_turbo_fuzzer.cc $SRC/
+RUN cp fuzz/build.sh $SRC/
diff --git a/projects/libjpeg-turbo/build.sh b/projects/libjpeg-turbo/build.sh
deleted file mode 100755
index e500e20bc..000000000
--- a/projects/libjpeg-turbo/build.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash -eu
-# Copyright 2016 Google Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-cmake . -DCMAKE_INSTALL_PREFIX=$WORK -DENABLE_STATIC:bool=on
-make "-j$(nproc)"
-make install
-
-$CXX $CXXFLAGS -std=c++11 -I. \
-    $SRC/libjpeg_turbo_fuzzer.cc -o $OUT/libjpeg_turbo_fuzzer \
-    $LIB_FUZZING_ENGINE "$WORK/lib/libturbojpeg.a"
-
-cp $SRC/libjpeg_turbo_fuzzer_seed_corpus.zip $OUT/
diff --git a/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc b/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc
deleted file mode 100644
index 1b9ffd62f..000000000
--- a/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
-# Copyright 2016 Google Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-*/
-
-#include <stdint.h>
-#include <stdlib.h>
-
-#include <memory>
-
-#include <turbojpeg.h>
-
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-    tjhandle jpegDecompressor = tjInitDecompress();
-
-    int width, height, subsamp, colorspace;
-    int res = tjDecompressHeader3(
-        jpegDecompressor, data, size, &width, &height, &subsamp, &colorspace);
-
-    // Bail out if decompressing the headers failed, the width or height is 0,
-    // or the image is too large (avoids slowing down too much). Cast to size_t to
-    // avoid overflows on the multiplication
-    if (res != 0 || width == 0 || height == 0 || ((size_t)width * height > (1024 * 1024))) {
-        tjDestroy(jpegDecompressor);
-        return 0;
-    }
-
-    const int buffer_size = width * height * 3;
-    std::unique_ptr<unsigned char[]> buf(new unsigned char[buffer_size]);
-    tjDecompress2(
-        jpegDecompressor, data, size, buf.get(), width, 0, height, TJPF_RGB, 0);
-
-    // For memory sanitizer, test each output byte
-    const unsigned char* raw_buf = buf.get();
-    int count = 0;
-    for( int i = 0; i < buffer_size; i++ )
-    {
-        if (raw_buf[i])
-        {
-            count ++;
-        }
-    }
-    if (count == buffer_size)
-    {
-        // Do something with side effect, so that all the above tests don't
-        // get removed by the optimizer.
-        free(malloc(1));
-    }
-
-    tjDestroy(jpegDecompressor);
-
-    return 0;
-}
diff --git a/projects/libjpeg-turbo/project.yaml b/projects/libjpeg-turbo/project.yaml
index 4ed2d5567..88d56ec28 100644
--- a/projects/libjpeg-turbo/project.yaml
+++ b/projects/libjpeg-turbo/project.yaml
@@ -1,5 +1,5 @@
-homepage: "https://github.com/libjpeg-turbo/libjpeg-turbo"
-language: c++
+homepage: "https://libjpeg-turbo.org"
+language: c
 primary_contact: "drc@virtualgl.org"
 vendor_ccs:
   - "aosmond@mozilla.com"