diff --git a/projects/giflib/build.sh b/projects/giflib/build.sh index fdd20056d..dc382faf9 100755 --- a/projects/giflib/build.sh +++ b/projects/giflib/build.sh @@ -1,14 +1,19 @@ +SOURCES=(dgif_lib.c egif_lib.c getarg.c gifalloc.c gif_err.c gif_font.c \ + gif_hash.c openbsd-reallocarray.c qprintf.c quantize.c) cd $SRC/giflib-code -./autogen.sh -make -cd .. -for file in $SRC/*.c; +rm -f *.o +for file in ${SOURCES[@]}; do name=$(basename $file .c) - $CC $CFLAGS -c -I giflib-code/lib ${file} -o ${name}.o - $CXX $CXXFLAGS -std=c++11 -I giflib-code/lib ${name}.o \ - -o $OUT/${name} -lFuzzingEngine giflib-code/lib/.libs/libgif.a + $CC -c -I . $CFLAGS $file -o $name.o done +ar rc libgif.a *.o + +cd $SRC +$CC $CFLAGS -c -I giflib-code dgif_target.c -o dgif_target.o +$CXX $CXXFLAGS -std=c++11 -I giflib-code dgif_target.o \ + -o $OUT/dgif_target -lFuzzingEngine giflib-code/libgif.a + # Place dict and config in OUT wget -O $OUT/gif.dict \ https://raw.githubusercontent.com/mirrorer/afl/master/dictionaries/gif.dict \ diff --git a/projects/giflib/dgif_target.c b/projects/giflib/dgif_target.c index 5fb5c0d6c..f01a3ba01 100644 --- a/projects/giflib/dgif_target.c +++ b/projects/giflib/dgif_target.c @@ -1,25 +1,3 @@ -/***************************************************************************** - -gif2rgb - convert GIF to 24-bit RGB pixel triples or vice-versa - -*****************************************************************************/ - -/*************************************************************************** - -Toshio Kuratomi had written this in a comment about the rgb2gif code: - - Besides fixing bugs, what's really needed is for someone to work out how to - calculate a colormap for writing GIFs from rgb sources. Right now, an rgb - source that has only two colors (b/w) is being converted into an 8 bit GIF.... - Which is horrendously wasteful without compression. - -I (ESR) took this off the main to-do list in 2012 because I don't think -the GIFLIB project actually needs to be in the converters-and-tools business. -Plenty of hackers do that; our job is to supply stable library capability -with our utilities mainly interesting as test tools. - -***************************************************************************/ - #include #include #include @@ -28,43 +6,71 @@ with our utilities mainly interesting as test tools. #include #include -#ifdef _WIN32 -#include -#endif /* _WIN32 */ - #include "gif_lib.h" -#define PROGRAM_NAME "gif2rgb" +struct gifUserData { + size_t gifLen; + void *gifData; +}; -/* =========================================================================== - * Display error message and exit - */ -void fuzz_error(const char *msg) -{ - fprintf(stderr, "%s: %s\n", "gif2rgb_fuzzer", msg); - exit(1); +int stub_input_reader (GifFileType *gifFileType, GifByteType *gifByteType, int len) { + struct gifUserData *gud = gifFileType->UserData; + int read_len = (len > gud->gifLen ? gud->gifLen : len); + memcpy(gifByteType, gud->gifData, read_len); + return read_len; +} + +void sponge(GifFileType *GifFileIn, int *ErrorCode) { + GifFileType *GifFileOut = (GifFileType *)NULL; + if ((GifFileOut = EGifOpenFileHandle(1, ErrorCode)) == NULL) { + return; + } + + /* + * Your operations on in-core structures go here. + * This code just copies the header and each image from the incoming file. + */ + GifFileOut->SWidth = GifFileIn->SWidth; + GifFileOut->SHeight = GifFileIn->SHeight; + GifFileOut->SColorResolution = GifFileIn->SColorResolution; + GifFileOut->SBackGroundColor = GifFileIn->SBackGroundColor; + if (GifFileIn->SColorMap) { + GifFileOut->SColorMap = GifMakeMapObject( + GifFileIn->SColorMap->ColorCount, + GifFileIn->SColorMap->Colors); + } else { + GifFileOut->SColorMap = NULL; + } + + for (int i = 0; i < GifFileIn->ImageCount; i++) + (void) GifMakeSavedImage(GifFileOut, &GifFileIn->SavedImages[i]); + + // We ignore error since it is irrelevant in the context of this + // test harness. + EGifSpew(GifFileOut); + return; } -/* end */ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - char *inFileName = "/tmp/gif.gif"; - FILE *in = fopen(inFileName, "w"); - if(in==NULL){ - fuzz_error("failed fopen"); - } - int Error = 0; - if (fwrite(Data, 1, (unsigned)Size, in) != Size) - fuzz_error("failed fwrite"); - if (fclose(in)) - fuzz_error("failed fclose"); GifFileType *GifFile; - GifFile = DGifOpenFileName(inFileName, &Error); - if (GifFile == NULL){ - return 0; - } - DGifSlurp(GifFile); + int Error; + void *gifData = malloc(Size); + memcpy(gifData, (void *)Data, Size); + struct gifUserData gUData = {Size, gifData}; + GifFile = DGifOpen((void *)&gUData, stub_input_reader, &Error); + if (GifFile == NULL){ + goto freebuf; + } + if (DGifSlurp(GifFile) == GIF_ERROR) { + goto cleanup; + } + sponge(GifFile, &Error); + +cleanup: DGifCloseFile(GifFile, &Error); +freebuf: + free(gifData); return 0; -} +} \ No newline at end of file diff --git a/projects/giflib/gif.dict b/projects/giflib/gif.dict deleted file mode 100644 index e69aa75dc..000000000 --- a/projects/giflib/gif.dict +++ /dev/null @@ -1,19 +0,0 @@ -# -# AFL dictionary for GIF images -# ----------------------------- -# -# Created by Michal Zalewski -# - -header_87a="87a" -header_89a="89a" -header_gif="GIF" - -marker_2c="," -marker_3b=";" - -section_2101="!\x01\x12" -section_21f9="!\xf9\x04" -section_21fe="!\xfe" -section_21ff="!\xff\x11" -