diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-04-03 08:35:55 -0500 |
|---|---|---|
| committer | Thomas Daede <daede003@umn.edu> | 2018-05-23 14:16:45 -0700 |
| commit | 9982122d98d50c1649160b7c7d5ce54d8b00c340 (patch) | |
| tree | f0879629bb7091fa85083328595494530443f3af | |
| parent | 112d3bd0aaacad51305e1464d4b381dabad0e88b (diff) | |
| download | libvorbis-git-9982122d98d50c1649160b7c7d5ce54d8b00c340.tar.gz | |
add fuzzers and build script from OSS-Fuzz
| -rwxr-xr-x | contrib/oss-fuzz/build.sh | 23 | ||||
| -rw-r--r-- | contrib/oss-fuzz/decode_fuzzer.cc | 48 |
2 files changed, 71 insertions, 0 deletions
diff --git a/contrib/oss-fuzz/build.sh b/contrib/oss-fuzz/build.sh new file mode 100755 index 00000000..29e7f38b --- /dev/null +++ b/contrib/oss-fuzz/build.sh @@ -0,0 +1,23 @@ +#!/bin/bash -eu + +pushd $SRC +mv people.xiph.org/*.ogg decode_corpus/ +zip -r "$OUT/decode_fuzzer_seed_corpus.zip" decode_corpus/ +popd + +pushd $SRC/ogg +./autogen.sh +./configure --prefix="$WORK" --enable-static --disable-shared --disable-crc +make clean +make -j$(nproc) +make install +popd + + +./autogen.sh +./configure --prefix="$WORK" --enable-static --disable-shared +make clean +make -j$(nproc) +make install + +$CXX $CXXFLAGS $SRC/vorbis/contrib/oss-fuzz/decode_fuzzer.cc -o $OUT/decode_fuzzer -L"$WORK/lib" -I"$WORK/include" -lFuzzingEngine -lvorbisfile -lvorbis -logg diff --git a/contrib/oss-fuzz/decode_fuzzer.cc b/contrib/oss-fuzz/decode_fuzzer.cc new file mode 100644 index 00000000..b8840c14 --- /dev/null +++ b/contrib/oss-fuzz/decode_fuzzer.cc @@ -0,0 +1,48 @@ +#include <stdio.h> +#include <string.h> +#include <cstdint> +#include <vorbis/vorbisfile.h> + +struct vorbis_data { + const uint8_t *current; + const uint8_t *data; + size_t size; +}; + +size_t read_func(void *ptr, size_t size1, size_t size2, void *datasource) { + vorbis_data* vd = (vorbis_data *)(datasource); + size_t len = size1 * size2; + if (vd->current + len > vd->data + vd->size) { + len = vd->data + vd->size - vd->current; + } + memcpy(ptr, vd->current, len); + vd->current += len; + return len; +} + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + ov_callbacks memory_callbacks = {0}; + memory_callbacks.read_func = read_func; + vorbis_data data_st; + data_st.size = Size; + data_st.current = Data; + data_st.data = Data; + OggVorbis_File vf; + int result = ov_open_callbacks(&data_st, &vf, NULL, 0, memory_callbacks); + if (result < 0) { + return 0; + } + int current_section = 0; + int eof = 0; + char buf[4096]; + int read_result; + while (!eof) { + read_result = ov_read(&vf, buf, sizeof(buf), 0, 2, 1, ¤t_section); + if (read_result != OV_HOLE && read_result <= 0) { + eof = 1; + } + } + ov_clear(&vf); + return 0; +} |