diff options
author | Adrian Johnson <ajohnson@redneon.com> | 2022-06-19 16:48:39 +0930 |
---|---|---|
committer | Adrian Johnson <ajohnson@redneon.com> | 2022-12-28 13:22:00 +1030 |
commit | 063f9db67e2adc83c1be981de5fc2a6c78d101c2 (patch) | |
tree | d9475a7481b83e3cd4ba17130009a4493f62ef31 | |
parent | 8233c6362bbe2ca2ac4d3ef3cfc79f15ee79bc40 (diff) | |
download | cairo-063f9db67e2adc83c1be981de5fc2a6c78d101c2.tar.gz |
Fuzzer
-rw-r--r-- | meson-cc-tests/fuzzer.c | 7 | ||||
-rw-r--r-- | test/svg/fuzzer/README | 19 | ||||
-rw-r--r-- | test/svg/fuzzer/meson.build | 14 | ||||
-rw-r--r-- | test/svg/fuzzer/svg-render-fuzzer.c | 57 | ||||
-rw-r--r-- | test/svg/meson.build | 4 |
5 files changed, 101 insertions, 0 deletions
diff --git a/meson-cc-tests/fuzzer.c b/meson-cc-tests/fuzzer.c new file mode 100644 index 000000000..0ae4a3101 --- /dev/null +++ b/meson-cc-tests/fuzzer.c @@ -0,0 +1,7 @@ +#include <stddef.h> +#include <stdint.h> + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + return 0; +} diff --git a/test/svg/fuzzer/README b/test/svg/fuzzer/README new file mode 100644 index 000000000..4bb8d9654 --- /dev/null +++ b/test/svg/fuzzer/README @@ -0,0 +1,19 @@ +libFuzzer based fuzzing for cairo-svg-glyph-render.c +==================================================== + +Build +----- +CC=clang CFLAGS="-DDEBUG_SVG_RENDER -g -fsanitize=fuzzer-no-link,address" meson -Db_lundef=false bld-fuzzer +ninja -C bld-fuzzer + + +Test +---- + ./bld-fuzzer/test/svg/fuzzer/svg-render-fuzzer <CORPUS DIR> + +where <CORPUS DIR> is a directory containing SVG files. + +If the fuzzer crashes, a crash-* file will be written. Run the +fuzzer with the crash file to reproduce the crash. + + ./bld-fuzzer/test/svg/fuzzer/svg-render-fuzzer <crash-file> diff --git a/test/svg/fuzzer/meson.build b/test/svg/fuzzer/meson.build new file mode 100644 index 000000000..37e23a474 --- /dev/null +++ b/test/svg/fuzzer/meson.build @@ -0,0 +1,14 @@ +fuzz_targets = [ + 'svg-render-fuzzer' +] + +fuzz_args = ['-fsanitize=fuzzer,address'] + +foreach target_name : fuzz_targets + exe = executable(target_name, [target_name + '.c'], + include_directories: [incbase, incsrc], + c_args: [fuzz_args, '-DHAVE_CONFIG_H'], + link_with: [libcairo], + link_args: [fuzz_args, extra_link_args], + dependencies: [deps, test_deps]) +endforeach diff --git a/test/svg/fuzzer/svg-render-fuzzer.c b/test/svg/fuzzer/svg-render-fuzzer.c new file mode 100644 index 000000000..08eb79dd8 --- /dev/null +++ b/test/svg/fuzzer/svg-render-fuzzer.c @@ -0,0 +1,57 @@ +/* + * Copyright © 2022 Uli Schlachter + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation + * files (the "Software"), to deal in the Software without + * restriction, including without limitation the rights to use, copy, + * modify, merge, publish, distribute, sublicense, and/or sell copies + * of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * + * Author: Uli Schlachter <psychon@znc.in> + */ + +#include <cairo.h> +#include <stddef.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> + +cairo_bool_t +_cairo_debug_svg_render (cairo_t *cr, + const char *svg_document, + const char *element, + double units_per_em, + int debug_level); + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + cairo_surface_t *s = cairo_image_surface_create (CAIRO_FORMAT_ARGB32, 1, 1); + cairo_t *cr = cairo_create(s); + + /* Get us a zero terminated string */ + const char *svg_document = strndup ((const char *) data, size); + + _cairo_debug_svg_render (cr, + svg_document, + NULL, + 1000, + 0); + free (svg_document); + cairo_destroy (cr); + cairo_surface_destroy (s); + return 0; +} diff --git a/test/svg/meson.build b/test/svg/meson.build index b2b017d79..858e9d9cc 100644 --- a/test/svg/meson.build +++ b/test/svg/meson.build @@ -3,3 +3,7 @@ if librsvg_dep.found() 'svg-render.c', dependencies: [libcairo_dep, librsvg_dep]) endif + +if cc.links(files(meson.project_source_root() / 'meson-cc-tests/fuzzer.c'), args: '-fsanitize=fuzzer,address') + subdir('fuzzer') +endif |