Integrate opencv and add two fuzz targets. (#2034)

projects/opencv/Dockerfile

@@ -0,0 +1,23 @@
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y build-essential cmake pkg-config
+RUN git clone --depth 1 https://github.com/opencv/opencv.git opencv
+WORKDIR $SRC/
+
+COPY build.sh $SRC/
+COPY *.cc *.h $SRC/

projects/opencv/build.sh

@@ -0,0 +1,31 @@
+#!/bin/bash -eu
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+mkdir opencv/build
+pushd opencv/build
+cmake -D CMAKE_BUILD_TYPE=Release -D CMAKE_INSTALL_PREFIX=$WORK \
+  -DBUILD_SHARED_LIBS=OFF -DOPENCV_GENERATE_PKGCONFIG=ON \
+  -DOPENCV_GENERATE_PKGCONFIG=ON -DOPENCV_FORCE_3RDPARTY_BUILD=ON ..
+make -j$(nproc)
+make install
+popd
+
+for fuzzer in imdecode_fuzzer imread_fuzzer; do
+$CXX $CXXFLAGS -lFuzzingEngine $fuzzer.cc -std=c++11 \
+  $(pkg-config --static --libs --cflags $WORK/lib/pkgconfig/opencv4.pc) \
+  -o $OUT/$fuzzer
+done

projects/opencv/fuzzer_temp_file.h

@@ -0,0 +1,81 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Adapter utility from fuzzer input to a temporary file, for fuzzing APIs that
+// require a file instead of an input buffer.
+
+#ifndef FUZZER_TEMP_FILE_H_
+#define FUZZER_TEMP_FILE_H_
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+// Pure-C interface for creating and cleaning up temporary files.
+
+static char* fuzzer_get_tmpfile(const uint8_t* data, size_t size) {
+  char* filename_buffer = strdup("/tmp/generate_temporary_file.XXXXXX");
+  if (!filename_buffer) {
+    perror("Failed to allocate file name buffer.");
+    abort();
+  }
+  const int file_descriptor = mkstemp(filename_buffer);
+  if (file_descriptor < 0) {
+    perror("Failed to make temporary file.");
+    abort();
+  }
+  FILE* file = fdopen(file_descriptor, "wb");
+  if (!file) {
+    perror("Failed to open file descriptor.");
+    close(file_descriptor);
+    abort();
+  }
+  const size_t bytes_written = fwrite(data, sizeof(uint8_t), size, file);
+  if (bytes_written < size) {
+    close(file_descriptor);
+    fprintf(stderr, "Failed to write all bytes to file (%zu out of %zu)",
+            bytes_written, size);
+    abort();
+  }
+  fclose(file);
+  return filename_buffer;
+}
+
+static void fuzzer_release_tmpfile(char* filename) {
+  if (unlink(filename) != 0) {
+    perror("WARNING: Failed to delete temporary file.");
+  }
+  free(filename);
+}
+
+// C++ RAII object for creating temporary files.
+
+#ifdef __cplusplus
+class FuzzerTemporaryFile {
+ public:
+  FuzzerTemporaryFile(const uint8_t* data, size_t size)
+      : filename_(fuzzer_get_tmpfile(data, size)) {}
+
+  ~FuzzerTemporaryFile() { fuzzer_release_tmpfile(filename_); }
+
+  const char* filename() const { return filename_; }
+
+ private:
+  char* filename_;
+};
+#endif
+
+#endif  // FUZZER_TEMP_FILE_H_

projects/opencv/imdecode_fuzzer.cc

@@ -0,0 +1,16 @@
+#include <opencv2/opencv.hpp>
+#include <opencv2/imgcodecs/legacy/constants_c.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  std::vector<uint8_t> image_data = {data, data + size};
+  // TODO: Try other image types than CV_8UC1.
+  cv::Mat data_matrix =
+      cv::Mat(1, image_data.size(), CV_8UC1, image_data.data());
+  try {
+    cv::Mat decoded_matrix = cv::imdecode(data_matrix, CV_LOAD_IMAGE_UNCHANGED);
+  } catch (cv::Exception e) {
+    // Do nothing.
+  }
+  return 0;
+}
+

projects/opencv/imread_fuzzer.cc

@@ -0,0 +1,17 @@
+#include <cstddef>
+#include <cstdint>
+#include <unistd.h>
+
+#include <opencv2/opencv.hpp>
+#include "fuzzer_temp_file.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  const FuzzerTemporaryFile file(data, size);
+  try {
+    cv::Mat matrix = cv::imread(file.filename());
+  } catch (cv::Exception e) {
+    // Do nothing.
+  }
+  return 0;
+}
+

projects/opencv/project.yaml

@@ -0,0 +1,15 @@
+homepage: "https://opencv.org/"
+primary_contact: "kusano@google.com"
+
+experimental: true
+
+sanitizers:
+  - address
+  - undefined
+  - memory
+
+labels:
+  imdecode_fuzzer:
+    - sundew
+  imread_fuzzer:
+    - sundew