diff --git a/benchmarks/arduinojson_json_fuzzer/Dockerfile b/benchmarks/arduinojson_json_fuzzer/Dockerfile new file mode 100644 index 000000000..08758c607 --- /dev/null +++ b/benchmarks/arduinojson_json_fuzzer/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y make zip git +RUN git clone https://github.com/bblanchon/ArduinoJson.git arduinojson +WORKDIR arduinojson +COPY build.sh $SRC/ diff --git a/benchmarks/arduinojson_json_fuzzer/benchmark.yaml b/benchmarks/arduinojson_json_fuzzer/benchmark.yaml new file mode 100644 index 000000000..164426fb9 --- /dev/null +++ b/benchmarks/arduinojson_json_fuzzer/benchmark.yaml @@ -0,0 +1,3 @@ +commit: b33966c7551ea7585010a901a1d54118294dbaac +fuzz_target: json_fuzzer +project: arduinojson diff --git a/benchmarks/arduinojson_json_fuzzer/build.sh b/benchmarks/arduinojson_json_fuzzer/build.sh new file mode 100644 index 000000000..c5ebc245f --- /dev/null +++ b/benchmarks/arduinojson_json_fuzzer/build.sh @@ -0,0 +1,19 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cd extras/fuzzing +make diff --git a/benchmarks/assimp_assimp_fuzzer/Dockerfile b/benchmarks/assimp_assimp_fuzzer/Dockerfile new file mode 100644 index 000000000..6fca7685b --- /dev/null +++ b/benchmarks/assimp_assimp_fuzzer/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y cmake ninja-build +RUN git clone --recursive https://github.com/assimp/assimp.git +WORKDIR assimp +COPY build.sh $SRC/ + diff --git a/benchmarks/assimp_assimp_fuzzer/benchmark.yaml b/benchmarks/assimp_assimp_fuzzer/benchmark.yaml new file mode 100644 index 000000000..a444f551d --- /dev/null +++ b/benchmarks/assimp_assimp_fuzzer/benchmark.yaml @@ -0,0 +1,3 @@ +commit: 46ae8534f7be93d05bff009a76881c42b3204f24 +fuzz_target: assimp_fuzzer +project: assimp diff --git a/benchmarks/assimp_assimp_fuzzer/build.sh b/benchmarks/assimp_assimp_fuzzer/build.sh new file mode 100644 index 000000000..4cb8bea37 --- /dev/null +++ b/benchmarks/assimp_assimp_fuzzer/build.sh @@ -0,0 +1,27 @@ +#!/bin/bash -eu +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# generate build env and build assimp +cmake CMakeLists.txt -G "Ninja" -DBUILD_SHARED_LIBS=OFF -DASSIMP_BUILD_ZLIB=ON \ + -DASSIMP_BUILD_TESTS=OFF -DASSIMP_BUILD_ASSIMP_TOOLS=OFF \ + -DASSIMP_BUILD_SAMPLES=OFF +cmake --build . + +# Build the fuzzer +$CXX $CXXFLAGS $LIB_FUZZING_ENGINE -std=c++11 -I$SRC/assimp/include \ + fuzz/assimp_fuzzer.cc -o $OUT/assimp_fuzzer \ + ./lib/libassimp.a ./contrib/zlib/libzlibstatic.a diff --git a/benchmarks/astc-encoder_fuzz_astc_physical_to_symbolic/Dockerfile b/benchmarks/astc-encoder_fuzz_astc_physical_to_symbolic/Dockerfile new file mode 100644 index 000000000..c195e37c3 --- /dev/null +++ b/benchmarks/astc-encoder_fuzz_astc_physical_to_symbolic/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y make autoconf automake libtool +RUN git clone https://github.com/ARM-software/astc-encoder +WORKDIR astc-encoder/Source +COPY build.sh $SRC/ diff --git a/benchmarks/astc-encoder_fuzz_astc_physical_to_symbolic/benchmark.yaml b/benchmarks/astc-encoder_fuzz_astc_physical_to_symbolic/benchmark.yaml new file mode 100644 index 000000000..c46a836cc --- /dev/null +++ b/benchmarks/astc-encoder_fuzz_astc_physical_to_symbolic/benchmark.yaml @@ -0,0 +1,3 @@ +commit: 8a256ad2e499fe6e6d19c2d0a6086ac111e7e3b5 +fuzz_target: fuzz_astc_physical_to_symbolic +project: astc-encoder diff --git a/benchmarks/astc-encoder_fuzz_astc_physical_to_symbolic/build.sh b/benchmarks/astc-encoder_fuzz_astc_physical_to_symbolic/build.sh new file mode 100755 index 000000000..e34e5b096 --- /dev/null +++ b/benchmarks/astc-encoder_fuzz_astc_physical_to_symbolic/build.sh @@ -0,0 +1,19 @@ +# !/bin/bash -eu +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build project and project-hosted fuzzers +$SRC/astc-encoder/Source/Fuzzers/build.sh diff --git a/benchmarks/botan_tls_server/Dockerfile b/benchmarks/botan_tls_server/Dockerfile new file mode 100644 index 000000000..cc6caea67 --- /dev/null +++ b/benchmarks/botan_tls_server/Dockerfile @@ -0,0 +1,27 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y make python +RUN git clone https://github.com/randombit/botan.git botan +RUN git clone https://github.com/randombit/crypto-corpus.git fuzzer_corpus && \ + git -C fuzzer_corpus checkout 103c8e63517bb0603d312a6ee12e49d5f49fcc66 +WORKDIR botan +COPY build.sh $SRC/ +# This is to fix Fuzz Introspector build by using LLVM old pass manager +# re https://github.com/ossf/fuzz-introspector/issues/305 +ENV OLD_LLVMPASS 1 diff --git a/benchmarks/botan_tls_server/benchmark.yaml b/benchmarks/botan_tls_server/benchmark.yaml new file mode 100644 index 000000000..6834eb569 --- /dev/null +++ b/benchmarks/botan_tls_server/benchmark.yaml @@ -0,0 +1,3 @@ +commit: 8a256ad2e499fe6e6d19c2d0a6086ac111e7e3b5 +fuzz_target: tls_server +project: botan diff --git a/benchmarks/botan_tls_server/build.sh b/benchmarks/botan_tls_server/build.sh new file mode 100755 index 000000000..b88e78599 --- /dev/null +++ b/benchmarks/botan_tls_server/build.sh @@ -0,0 +1,32 @@ +#!/bin/bash -eu +# Copyright 2016,2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cd $SRC/botan + +ln -s $SRC/fuzzer_corpus . + +./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" \ + --disable-shared --disable-modules=locking_allocator \ + --unsafe-fuzzer-mode --build-fuzzers=libfuzzer \ + --without-os-features=getrandom,getentropy --with-fuzzer-lib='FuzzingEngine' + +make -j$(nproc) libs +make -j$(nproc) fuzzers +make fuzzer_corpus_zip + +# the seed corpus zips will also be in this directory +cp build/fuzzer/* $OUT diff --git a/benchmarks/brotli_decode_fuzzer/Dockerfile b/benchmarks/brotli_decode_fuzzer/Dockerfile new file mode 100644 index 000000000..5c07be5f9 --- /dev/null +++ b/benchmarks/brotli_decode_fuzzer/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y cmake libtool make + +RUN git clone https://github.com/google/brotli.git +WORKDIR brotli +COPY build.sh $SRC/ diff --git a/benchmarks/brotli_decode_fuzzer/benchmark.yaml b/benchmarks/brotli_decode_fuzzer/benchmark.yaml new file mode 100644 index 000000000..67f4a9a96 --- /dev/null +++ b/benchmarks/brotli_decode_fuzzer/benchmark.yaml @@ -0,0 +1,3 @@ +commit: ed1995b6bda19244070ab5d331111f16f67c8054 +fuzz_target: decode_fuzzer +project: brotli diff --git a/benchmarks/brotli_decode_fuzzer/build.sh b/benchmarks/brotli_decode_fuzzer/build.sh new file mode 100755 index 000000000..dd1da64ab --- /dev/null +++ b/benchmarks/brotli_decode_fuzzer/build.sh @@ -0,0 +1,28 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cmake . -DBUILD_TESTING=OFF -DBUILD_SHARED_LIBS=OFF +make clean +make -j$(nproc) brotlidec + +$CC $CFLAGS -c -std=c99 -I. -I./c/include c/fuzz/decode_fuzzer.c + +$CXX $CXXFLAGS ./decode_fuzzer.o -o $OUT/decode_fuzzer \ + $LIB_FUZZING_ENGINE ./libbrotlidec.a ./libbrotlicommon.a + +cp java/org/brotli/integration/fuzz_data.zip $OUT/decode_fuzzer_seed_corpus.zip +chmod a-x $OUT/decode_fuzzer_seed_corpus.zip # we will try to run it otherwise diff --git a/benchmarks/double-conversion_string_to_double_fuzzer/Dockerfile b/benchmarks/double-conversion_string_to_double_fuzzer/Dockerfile new file mode 100644 index 000000000..1f5c99383 --- /dev/null +++ b/benchmarks/double-conversion_string_to_double_fuzzer/Dockerfile @@ -0,0 +1,27 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + cmake ninja-build && \ + apt-get clean + +RUN git clone https://github.com/google/double-conversion.git double-conversion +WORKDIR double-conversion +COPY build.sh $SRC/ +COPY *.cc $SRC/ diff --git a/benchmarks/double-conversion_string_to_double_fuzzer/benchmark.yaml b/benchmarks/double-conversion_string_to_double_fuzzer/benchmark.yaml new file mode 100644 index 000000000..d57bf492f --- /dev/null +++ b/benchmarks/double-conversion_string_to_double_fuzzer/benchmark.yaml @@ -0,0 +1,3 @@ +commit: 256ac809561b756645e73ab7127c2aaaeabaa427 +fuzz_target: string_to_double_fuzzer +project: double-conversion diff --git a/benchmarks/double-conversion_string_to_double_fuzzer/build.sh b/benchmarks/double-conversion_string_to_double_fuzzer/build.sh new file mode 100644 index 000000000..68d07a1eb --- /dev/null +++ b/benchmarks/double-conversion_string_to_double_fuzzer/build.sh @@ -0,0 +1,31 @@ +#!/bin/bash -eu +# +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +mkdir -p ${WORK}/double-conversion +cd ${WORK}/double-conversion + +cmake -GNinja ${SRC}/double-conversion/ +ninja + +fuzzer="string_to_double_fuzzer" + +${CXX} ${CXXFLAGS} -std=c++11 -I${SRC}/double-conversion/double-conversion \ + -c ${SRC}/${fuzzer}.cc \ + -o ${fuzzer}.o +${CXX} ${CXXFLAGS} -std=c++11 ${fuzzer}.o \ + -o ${OUT}/${fuzzer} "${LIB_FUZZING_ENGINE}" libdouble-conversion.a diff --git a/benchmarks/double-conversion_string_to_double_fuzzer/project.yaml b/benchmarks/double-conversion_string_to_double_fuzzer/project.yaml new file mode 100644 index 000000000..23cc9e2fe --- /dev/null +++ b/benchmarks/double-conversion_string_to_double_fuzzer/project.yaml @@ -0,0 +1,22 @@ +homepage: "https://github.com/google/double-conversion" +language: c++ +primary_contact: "florian@loitsch.com" +auto_ccs: + - "sbucur@google.com" +sanitizers: + - address + - memory + - undefined +labels: + string_to_double_fuzzer: + - sundew +architectures: + - x86_64 + - i386 +main_repo: 'https://github.com/google/double-conversion.git' +file_github_issue: True +fuzzing_engines: + - afl + - honggfuzz + - libfuzzer + - centipede diff --git a/benchmarks/double-conversion_string_to_double_fuzzer/string_to_double_fuzzer.cc b/benchmarks/double-conversion_string_to_double_fuzzer/string_to_double_fuzzer.cc new file mode 100644 index 000000000..4e0ca5169 --- /dev/null +++ b/benchmarks/double-conversion_string_to_double_fuzzer/string_to_double_fuzzer.cc @@ -0,0 +1,39 @@ +// Copyright 2019 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include +#include +#include + +#include "double-conversion.h" + +using double_conversion::StringToDoubleConverter; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + StringToDoubleConverter converter( + StringToDoubleConverter::ALLOW_HEX | + StringToDoubleConverter::ALLOW_OCTALS | + StringToDoubleConverter::ALLOW_TRAILING_JUNK | + StringToDoubleConverter::ALLOW_LEADING_SPACES | + StringToDoubleConverter::ALLOW_TRAILING_SPACES | + StringToDoubleConverter::ALLOW_SPACES_AFTER_SIGN | + StringToDoubleConverter::ALLOW_CASE_INSENSIBILITY | + StringToDoubleConverter::ALLOW_HEX_FLOATS, + /*empty_string_value=*/0.0, + /*junk_string_value=*/0.0, "inf", "nan"); + int num_digits_unused; + converter.StringToDouble(reinterpret_cast(data), size, + &num_digits_unused); + return 0; +} diff --git a/benchmarks/draco_draco_pc_decoder_fuzzer/Dockerfile b/benchmarks/draco_draco_pc_decoder_fuzzer/Dockerfile new file mode 100644 index 000000000..406f1912f --- /dev/null +++ b/benchmarks/draco_draco_pc_decoder_fuzzer/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y git cmake make pkg-config +RUN git clone https://github.com/google/draco draco +COPY build.sh $SRC/ +WORKDIR $WORK/ diff --git a/benchmarks/draco_draco_pc_decoder_fuzzer/benchmark.yaml b/benchmarks/draco_draco_pc_decoder_fuzzer/benchmark.yaml new file mode 100644 index 000000000..7366ee321 --- /dev/null +++ b/benchmarks/draco_draco_pc_decoder_fuzzer/benchmark.yaml @@ -0,0 +1,3 @@ +commit: 9f856abaafb4b39f1f013763ff061522e0261c6f +fuzz_target: draco_pc_decoder_fuzzer +project: draco diff --git a/benchmarks/draco_draco_pc_decoder_fuzzer/build.sh b/benchmarks/draco_draco_pc_decoder_fuzzer/build.sh new file mode 100755 index 000000000..1ebc8988b --- /dev/null +++ b/benchmarks/draco_draco_pc_decoder_fuzzer/build.sh @@ -0,0 +1,18 @@ +#!/bin/bash -eu +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +sh $SRC/draco/src/draco/tools/fuzz/build.sh diff --git a/benchmarks/dropbear_fuzzer-postauth_nomaths/Dockerfile b/benchmarks/dropbear_fuzzer-postauth_nomaths/Dockerfile new file mode 100644 index 000000000..0942d001f --- /dev/null +++ b/benchmarks/dropbear_fuzzer-postauth_nomaths/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y libz-dev autoconf mercurial +RUN git clone https://github.com/mkj/dropbear dropbear +WORKDIR dropbear +COPY build.sh *.options $SRC/ + diff --git a/benchmarks/dropbear_fuzzer-postauth_nomaths/benchmark.yaml b/benchmarks/dropbear_fuzzer-postauth_nomaths/benchmark.yaml new file mode 100644 index 000000000..328c829fe --- /dev/null +++ b/benchmarks/dropbear_fuzzer-postauth_nomaths/benchmark.yaml @@ -0,0 +1,3 @@ +commit: 3292b8c6f1e5fcc405fa0f7a20e90a60f74037b2 +fuzz_target: fuzzer-postauth_nomaths +project: dropbear diff --git a/benchmarks/dropbear_fuzzer-postauth_nomaths/build.sh b/benchmarks/dropbear_fuzzer-postauth_nomaths/build.sh new file mode 100644 index 000000000..61c9db6fb --- /dev/null +++ b/benchmarks/dropbear_fuzzer-postauth_nomaths/build.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + + +pushd $SRC/dropbear +autoconf +autoheader +popd + +$SRC/dropbear/configure --enable-fuzz --disable-harden --disable-zlib + +make -j$(nproc) fuzz-targets FUZZLIB=$LIB_FUZZING_ENGINE + +TARGETS="$(make list-fuzz-targets)" + + +cp -v $TARGETS $OUT/ +cp -v *.options $OUT/ diff --git a/benchmarks/firestore_firestore_serializer_fuzzer/Dockerfile b/benchmarks/firestore_firestore_serializer_fuzzer/Dockerfile new file mode 100644 index 000000000..a22bd0290 --- /dev/null +++ b/benchmarks/firestore_firestore_serializer_fuzzer/Dockerfile @@ -0,0 +1,24 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y make autoconf automake libtool wget golang python python-protobuf python-six +RUN git clone https://github.com/firebase/firebase-ios-sdk.git +COPY build.sh $SRC/ +# This is to fix Fuzz Introspector build by using LLVM old pass manager +# re https://github.com/ossf/fuzz-introspector/issues/305 +ENV OLD_LLVMPASS 1 diff --git a/benchmarks/firestore_firestore_serializer_fuzzer/benchmark.yaml b/benchmarks/firestore_firestore_serializer_fuzzer/benchmark.yaml new file mode 100644 index 000000000..d6bd6eec2 --- /dev/null +++ b/benchmarks/firestore_firestore_serializer_fuzzer/benchmark.yaml @@ -0,0 +1,3 @@ +commit: 60f9a33e7084482df67b48e16f315f4f7a6f5da9 +fuzz_target: firestore_serializer_fuzzer +project: firestore diff --git a/benchmarks/firestore_firestore_serializer_fuzzer/build.sh b/benchmarks/firestore_firestore_serializer_fuzzer/build.sh new file mode 100755 index 000000000..53926f54c --- /dev/null +++ b/benchmarks/firestore_firestore_serializer_fuzzer/build.sh @@ -0,0 +1,48 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cd $WORK + +# Disable UBSan vptr since Firestore depends on other libraries that are built +# with -fno-rtti. +export CFLAGS="$CFLAGS -fno-sanitize=vptr" +export CXXFLAGS="$CXXFLAGS -fno-sanitize=vptr" + +# Build the project using cmake with FUZZING option enabled to link to OSS Fuzz +# fuzzing library defined in ${LIB_FUZZING_ENGINE}. +cd $SRC/firebase-ios-sdk + +# Do not use Werror anywhere +sed -i 's/-Werror=reorder//g' ./cmake/compiler_setup.cmake +sed -i 's/-Werror=return-type//g' ./cmake/compiler_setup.cmake +sed -i 's/-Wall -Wextra -Werror//g' ./cmake/compiler_setup.cmake +sed -i 's/-Wuninitialized/#-Wu/g' ./cmake/compiler_setup.cmake +sed -i 's/-Wfno-common/#-Wu/g' ./cmake/compiler_setup.cmake +sed -i 's/-Werror//g' ./scripts/sync_project.rb +sed -i 's/-Werror=reorder//g' ./FirebaseFirestore.podspec +sed -i 's/ReadContext context/\/\/ReadContext/g' ./Firestore/fuzzing/serializer_fuzzer.cc +sed -i 's/serializer.Dec/\/\/serializer/g' ./Firestore/fuzzing/serializer_fuzzer.cc + +mkdir build && cd build +cmake -DFIREBASE_IOS_BUILD_TESTS=OFF -DFIREBASE_IOS_BUILD_BENCHMARKS=OFF -DFUZZING=ON .. +make -j$(nproc) + +# Copy fuzzing targets, dictionaries, and zipped corpora to $OUT. +FUZZERS_DIR=Firestore/fuzzing +find ${FUZZERS_DIR} -name '*_fuzzer' -exec cp -v '{}' $OUT ';' +find ${FUZZERS_DIR} -name '*_fuzzer.dict' -exec cp -v '{}' $OUT ';' +find ${FUZZERS_DIR} -name "*_fuzzer_seed_corpus" -type d -execdir zip -r ${OUT}/{}.zip {} ';' diff --git a/benchmarks/fmt_chrono-duration-fuzzer/Dockerfile b/benchmarks/fmt_chrono-duration-fuzzer/Dockerfile new file mode 100644 index 000000000..8b9d77d65 --- /dev/null +++ b/benchmarks/fmt_chrono-duration-fuzzer/Dockerfile @@ -0,0 +1,26 @@ +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN echo "CXX=$CXX" +RUN echo "CXXFLAGS=$CXXFLAGS" +RUN apt-get update && apt-get install -y cmake ninja-build + +RUN git clone --branch master https://github.com/fmtlib/fmt.git + +WORKDIR fmt +COPY build.sh $SRC/ diff --git a/benchmarks/fmt_chrono-duration-fuzzer/benchmark.yaml b/benchmarks/fmt_chrono-duration-fuzzer/benchmark.yaml new file mode 100644 index 000000000..c7359c62e --- /dev/null +++ b/benchmarks/fmt_chrono-duration-fuzzer/benchmark.yaml @@ -0,0 +1,3 @@ +commit: 8a256ad2e499fe6e6d19c2d0a6086ac111e7e3b5 +fuzz_target: chrono-duration-fuzzer +project: fmt diff --git a/benchmarks/fmt_chrono-duration-fuzzer/build.sh b/benchmarks/fmt_chrono-duration-fuzzer/build.sh new file mode 100755 index 000000000..7da75c91e --- /dev/null +++ b/benchmarks/fmt_chrono-duration-fuzzer/build.sh @@ -0,0 +1,42 @@ +#!/bin/bash -eu +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +#create zip files with initial corpus, taken from version control. +#for f in $(ls fuzzers/initial_corpus/) ;do +# zip -j -r $OUT/fuzzer_${f}_seed_corpus.zip fuzzers/initial_corpus/$f +#done + +mkdir build +cd build + +# use C++ 14 instead of 17, because even if clang is +# bleeding edge, cmake is old in the oss fuzz image. + +cmake .. \ +-GNinja \ +-DCMAKE_BUILD_TYPE=Debug \ +-DCMAKE_CXX_STANDARD=14 \ +-DFMT_DOC=Off \ +-DFMT_TEST=Off \ +-DFMT_SAFE_DURATION_CAST=On \ +-DFMT_FUZZ=On \ +-DFMT_FUZZ_LINKMAIN=Off \ +-DFMT_FUZZ_LDFLAGS=$LIB_FUZZING_ENGINE + +cmake --build . + +cp bin/*fuzzer $OUT diff --git a/benchmarks/guetzli_guetzli_fuzzer/Dockerfile b/benchmarks/guetzli_guetzli_fuzzer/Dockerfile new file mode 100644 index 000000000..8082b6ee7 --- /dev/null +++ b/benchmarks/guetzli_guetzli_fuzzer/Dockerfile @@ -0,0 +1,27 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y make autoconf automake libtool libpng-dev pkg-config curl + +RUN mkdir afl-testcases +RUN cd afl-testcases/ && curl https://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz | tar -xz +RUN zip guetzli_fuzzer_seed_corpus.zip afl-testcases/jpeg/full/images/* afl-testcases/jpeg_turbo/full/images/* $SRC/libjpeg-turbo/testimages/ + +RUN git clone https://github.com/google/guetzli guetzli +WORKDIR guetzli +COPY build.sh $SRC/ diff --git a/benchmarks/guetzli_guetzli_fuzzer/benchmark.yaml b/benchmarks/guetzli_guetzli_fuzzer/benchmark.yaml new file mode 100644 index 000000000..1f6eb6f99 --- /dev/null +++ b/benchmarks/guetzli_guetzli_fuzzer/benchmark.yaml @@ -0,0 +1,3 @@ +commit: 214f2bb42abf5a577c079d00add5d6cc470620d3 +fuzz_target: guetzli_fuzzer +project: guetzli diff --git a/benchmarks/guetzli_guetzli_fuzzer/build.sh b/benchmarks/guetzli_guetzli_fuzzer/build.sh new file mode 100755 index 000000000..03a401510 --- /dev/null +++ b/benchmarks/guetzli_guetzli_fuzzer/build.sh @@ -0,0 +1,22 @@ +#!/bin/bash -eu +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +make guetzli_static +$CXX $CXXFLAGS -std=c++11 -I. fuzz_target.cc $LIB_FUZZING_ENGINE \ + -o $OUT/guetzli_fuzzer bin/Release/libguetzli_static.a + +cp $SRC/guetzli_fuzzer_seed_corpus.zip $OUT/ diff --git a/benchmarks/icu_unicode_string_codepage_create_fuzzer/Dockerfile b/benchmarks/icu_unicode_string_codepage_create_fuzzer/Dockerfile new file mode 100644 index 000000000..fe3263b47 --- /dev/null +++ b/benchmarks/icu_unicode_string_codepage_create_fuzzer/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y make + +RUN git clone https://github.com/unicode-org/icu.git icu +COPY build.sh $SRC/ diff --git a/benchmarks/icu_unicode_string_codepage_create_fuzzer/benchmark.yaml b/benchmarks/icu_unicode_string_codepage_create_fuzzer/benchmark.yaml new file mode 100644 index 000000000..7ae0cbb09 --- /dev/null +++ b/benchmarks/icu_unicode_string_codepage_create_fuzzer/benchmark.yaml @@ -0,0 +1,3 @@ +commit: d86b1cebe192004759b6c875b0f831b97ccdae34 +fuzz_target: unicode_string_codepage_create_fuzzer +project: icu diff --git a/benchmarks/icu_unicode_string_codepage_create_fuzzer/build.sh b/benchmarks/icu_unicode_string_codepage_create_fuzzer/build.sh new file mode 100755 index 000000000..2d8e35323 --- /dev/null +++ b/benchmarks/icu_unicode_string_codepage_create_fuzzer/build.sh @@ -0,0 +1,58 @@ +#!/bin/bash -eux +# +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +mkdir $WORK/icu +cd $WORK/icu + +# TODO: icu build failes without -DU_USE_STRTOD_L=0 +DEFINES="-DU_CHARSET_IS_UTF8=1 -DU_USING_ICU_NAMESPACE=0 -DU_ENABLE_DYLOAD=0 -DU_USE_STRTOD_L=0" +CFLAGS="$CFLAGS $DEFINES" +CXXFLAGS="$CXXFLAGS $DEFINES" + +CFLAGS=$CFLAGS CXXFLAGS=$CXXFLAGS CC=$CC CXX=$CXX \ + /bin/bash $SRC/icu/icu4c/source/runConfigureICU Linux \ + --with-library-bits=64 --with-data-packaging=static --enable-static --disable-shared + +export ASAN_OPTIONS="detect_leaks=0" +export UBSAN_OPTIONS="detect_leaks=0" + +make -j$(nproc) + +$CXX $CXXFLAGS -std=c++11 -c $SRC/icu/icu4c/source/test/fuzzer/locale_util.cpp \ + -I$SRC/icu4c/source/test/fuzzer + +FUZZER_PATH=$SRC/icu/icu4c/source/test/fuzzer +# Assumes that all fuzzers files end with'_fuzzer.cpp'. +FUZZERS=$FUZZER_PATH/*_fuzzer.cpp + +for fuzzer in $FUZZERS; do + file=${fuzzer:${#FUZZER_PATH}+1} + $CXX $CXXFLAGS -std=c++11 \ + $fuzzer -o $OUT/${file/.cpp/} locale_util.o \ + -I$SRC/icu/icu4c/source/common -I$SRC/icu/icu4c/source/i18n -L$WORK/icu/lib \ + $LIB_FUZZING_ENGINE -licui18n -licuuc -licutu -licudata +done + +# Assumes that all seed files end with '*_fuzzer_seed_corpus.txt'. +CORPUS=$SRC/icu/icu4c/source/test/fuzzer/*_fuzzer_seed_corpus.txt +for corpus in $CORPUS; do + zipfile=${corpus:${#FUZZER_PATH}+1} + zip $OUT/${zipfile/.txt/.zip} $corpus +done + +cp $SRC/icu/icu4c/source/test/fuzzer/*.dict $OUT/ diff --git a/benchmarks/jansson_json_load_dump_fuzzer/Dockerfile b/benchmarks/jansson_json_load_dump_fuzzer/Dockerfile new file mode 100644 index 000000000..7a7734724 --- /dev/null +++ b/benchmarks/jansson_json_load_dump_fuzzer/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN git clone https://github.com/akheron/jansson.git /src/jansson + +WORKDIR $SRC/jansson +COPY build.sh $SRC/ diff --git a/benchmarks/jansson_json_load_dump_fuzzer/benchmark.yaml b/benchmarks/jansson_json_load_dump_fuzzer/benchmark.yaml new file mode 100644 index 000000000..59ad3c4d7 --- /dev/null +++ b/benchmarks/jansson_json_load_dump_fuzzer/benchmark.yaml @@ -0,0 +1,3 @@ +commit: a7d04c855450ccfdb4e772905a531d2a4e752adf +fuzz_target: json_load_dump_fuzzer +project: jansson diff --git a/benchmarks/jansson_json_load_dump_fuzzer/build.sh b/benchmarks/jansson_json_load_dump_fuzzer/build.sh new file mode 100755 index 000000000..0676b91da --- /dev/null +++ b/benchmarks/jansson_json_load_dump_fuzzer/build.sh @@ -0,0 +1,23 @@ +#!/bin/bash -eu +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# --default-symver does not work with lto, which fuzz introspector uses. +if [ "$SANITIZER" == "introspector" ]; then + sed -i 's/--default-symver/-flto/g' ./configure.ac +fi +# Run the OSS-Fuzz script in the project. +./test/ossfuzz/ossfuzz.sh diff --git a/benchmarks/libaom_av1_dec_fuzzer/Dockerfile b/benchmarks/libaom_av1_dec_fuzzer/Dockerfile new file mode 100644 index 000000000..17658fab1 --- /dev/null +++ b/benchmarks/libaom_av1_dec_fuzzer/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y cmake yasm wget +RUN git clone https://aomedia.googlesource.com/aom +ADD https://storage.googleapis.com/aom-test-data/fuzzer/dec_fuzzer_seed_corpus.zip $SRC/ +COPY build.sh $SRC/ +WORKDIR aom diff --git a/benchmarks/libaom_av1_dec_fuzzer/README.md b/benchmarks/libaom_av1_dec_fuzzer/README.md new file mode 100644 index 000000000..5d90b688c --- /dev/null +++ b/benchmarks/libaom_av1_dec_fuzzer/README.md @@ -0,0 +1,52 @@ +# Submit a Patch to oss-fuzz repo + +## One-time Setup + +1. Create github account if needed (with @google.com email address, preferably) + and log in. +1. To allow “git push” to work, you’ll have to add an SSH key: + https://help.github.com/articles/connecting-to-github-with-ssh/ +1. Go to https://github.com/google/oss-fuzz and click on “Fork”. +1. Go to your own fork of the repo, which will be at + https://github.com/\/oss-fuzz +1. Click on “clone or download” and pick “Clone with SSH” method (I found that + easier to use for “git push”). Then copy that URL and run “git clone \” + in terminal. Now you have a local repo, and **your fork** of the remote repo + will be called “**origin**” in your git config. +1. Configure a remote repo pointing to the **upstream repo** + (https://github.com/google/oss-fuzz) so that it’s called “**upstream**”: + * cd \/oss-fuzz + * git remote add upstream git@github.com:google/oss-fuzz.git + * git remote -v + +NOTE: For trivial changes it's possible to edit the files in the web UI on the +main project and create a commit + pull request from that. + +## Workflow for a Pull Request (Patch) + +1. Go to your repo: + * cd \/oss-fuzz +1. Create a new branch: + * git checkout master + * git checkout -b new_feature_xyz +1. Make your changes and commit them locally with “git commit” +1. Push your changes to your fork on github + * git push -u origin HEAD + * (This will create a branch of the same name “new_feature_xyz” on your + fork “origin”). +1. Open your fork in browser and click on “Compare & pull request” and follow + the prompts. +1. If changes are requested to the patch: + * make changes to the same local branch + * commit them locally with “git commit” (but DO NOT amend!) + * git push -u origin HEAD +1. Once pull request is closed: + * Delete “new_feature_xyz” branch on your fork using the “Delete branch” + button on the pull request + * Delete local “new_feature_xyz” branch locally with “git checkout master + && git branch -D new_feature_xyz” + * Sync your local repo and your fork with upstream repo: + * git checkout master + * git fetch upstream + * git merge upstream/master + * git push origin master diff --git a/benchmarks/libaom_av1_dec_fuzzer/benchmark.yaml b/benchmarks/libaom_av1_dec_fuzzer/benchmark.yaml new file mode 100644 index 000000000..0641b2c62 --- /dev/null +++ b/benchmarks/libaom_av1_dec_fuzzer/benchmark.yaml @@ -0,0 +1,3 @@ +commit: b7ebfe88286aa60c33c3618494ad82b480df678b +fuzz_target: av1_dec_fuzzer +project: libaom diff --git a/benchmarks/libaom_av1_dec_fuzzer/build.sh b/benchmarks/libaom_av1_dec_fuzzer/build.sh new file mode 100755 index 000000000..53c87ebfc --- /dev/null +++ b/benchmarks/libaom_av1_dec_fuzzer/build.sh @@ -0,0 +1,69 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Build libaom +build_dir=$WORK/build +mkdir -p ${build_dir} +pushd ${build_dir} +# Remove files generated by the previous build. +rm -rf ./* + +# oss-fuzz has 2 GB total memory allocation limit. So, we limit per-allocation +# limit in libaom to 1 GB to avoid OOM errors. A smaller per-allocation is +# needed for MemorySanitizer (see bug oss-fuzz:9497 and bug oss-fuzz:9499). +if [[ $CFLAGS = *sanitize=memory* ]]; then + extra_c_flags='-DAOM_MAX_ALLOCABLE_MEMORY=536870912' +else + extra_c_flags='-DAOM_MAX_ALLOCABLE_MEMORY=1073741824' +fi +# Also, enable DO_RANGE_CHECK_CLAMP to suppress the noise of integer overflows +# in the transform functions. +extra_c_flags+=' -DDO_RANGE_CHECK_CLAMP=1' + +extra_cmake_flags= +# MemorySanitizer requires that all program code is instrumented. Therefore we +# need to replace all inline assembly code that writes to memory with pure C +# code. Disable all assembly code for MemorySanitizer. +if [[ $CFLAGS = *sanitize=memory* ]]; then + extra_cmake_flags+="-DAOM_TARGET_CPU=generic" +fi + +cmake $SRC/aom -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS_RELEASE='-O3 -g' \ + -DCMAKE_CXX_FLAGS_RELEASE='-O3 -g' -DCONFIG_PIC=1 -DCONFIG_LOWBITDEPTH=1 \ + -DCONFIG_AV1_ENCODER=0 -DENABLE_EXAMPLES=0 -DENABLE_DOCS=0 -DENABLE_TESTS=0 \ + -DCONFIG_SIZE_LIMIT=1 -DDECODE_HEIGHT_LIMIT=12288 -DDECODE_WIDTH_LIMIT=12288 \ + -DAOM_EXTRA_C_FLAGS="${extra_c_flags}" -DENABLE_TOOLS=0 \ + -DAOM_EXTRA_CXX_FLAGS="${extra_c_flags}" ${extra_cmake_flags} +make -j$(nproc) +popd + +# build fuzzers +fuzzer_src_name=av1_dec_fuzzer +fuzzer_name=${fuzzer_src_name} + +$CXX $CXXFLAGS -std=c++11 \ + -I$SRC/aom \ + -I${build_dir} \ + -Wl,--start-group \ + $LIB_FUZZING_ENGINE \ + $SRC/aom/examples/${fuzzer_src_name}.cc -o $OUT/${fuzzer_name} \ + ${build_dir}/libaom.a -Wl,--end-group + +# copy seed corpus. +cp $SRC/dec_fuzzer_seed_corpus.zip $OUT/${fuzzer_name}_seed_corpus.zip +cp $SRC/aom/examples/av1_dec_fuzzer.dict $OUT/${fuzzer_name}.dict + diff --git a/benchmarks/libcoap_pdu_parse_fuzzer/Dockerfile b/benchmarks/libcoap_pdu_parse_fuzzer/Dockerfile new file mode 100644 index 000000000..e628459d7 --- /dev/null +++ b/benchmarks/libcoap_pdu_parse_fuzzer/Dockerfile @@ -0,0 +1,26 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y make autoconf automake libtool \ + pkg-config +RUN git clone https://github.com/obgm/libcoap.git libcoap +WORKDIR libcoap +COPY build.sh $SRC/ +# This is to fix Fuzz Introspector build by using LLVM old pass manager +# re https://github.com/ossf/fuzz-introspector/issues/305 +ENV OLD_LLVMPASS 1 diff --git a/benchmarks/libcoap_pdu_parse_fuzzer/benchmark.yaml b/benchmarks/libcoap_pdu_parse_fuzzer/benchmark.yaml new file mode 100644 index 000000000..ba9a1db05 --- /dev/null +++ b/benchmarks/libcoap_pdu_parse_fuzzer/benchmark.yaml @@ -0,0 +1,3 @@ +commit: 54652664fb2b1585645ce4e24ecd3ad599ae1026 +fuzz_target: pdu_parse_fuzzer +project: libcoap diff --git a/benchmarks/libcoap_pdu_parse_fuzzer/build.sh b/benchmarks/libcoap_pdu_parse_fuzzer/build.sh new file mode 100755 index 000000000..1871b467f --- /dev/null +++ b/benchmarks/libcoap_pdu_parse_fuzzer/build.sh @@ -0,0 +1,23 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +./autogen.sh && ./configure --disable-doxygen --disable-manpages \ + --disable-dtls \ + && make -j$(nproc) + +# build all fuzzer targets +make -C tests/oss-fuzz -f Makefile.oss-fuzz diff --git a/benchmarks/libcoap_pdu_parse_fuzzer/project.yaml b/benchmarks/libcoap_pdu_parse_fuzzer/project.yaml new file mode 100644 index 000000000..c601290d3 --- /dev/null +++ b/benchmarks/libcoap_pdu_parse_fuzzer/project.yaml @@ -0,0 +1,11 @@ +homepage: "https://libcoap.net/" +language: c++ +primary_contact: "bergmann@tzi.org" +auto_ccs: + - "libcoap@gmail.com" +main_repo: 'https://github.com/obgm/libcoap.git' +fuzzing_engines: + - afl + - honggfuzz + - libfuzzer + - centipede diff --git a/benchmarks/libhevc_hevc_dec_fuzzer/Dockerfile b/benchmarks/libhevc_hevc_dec_fuzzer/Dockerfile new file mode 100644 index 000000000..b12c87e02 --- /dev/null +++ b/benchmarks/libhevc_hevc_dec_fuzzer/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y wget cmake +RUN git clone https://github.com/ittiam-systems/libhevc.git +ADD https://storage.googleapis.com/android_media/external/libhevc/fuzzer/hevc_dec_fuzzer_seed_corpus.zip $SRC/ +COPY build.sh $SRC/ +WORKDIR libhevc diff --git a/benchmarks/libhevc_hevc_dec_fuzzer/benchmark.yaml b/benchmarks/libhevc_hevc_dec_fuzzer/benchmark.yaml new file mode 100644 index 000000000..ee194a721 --- /dev/null +++ b/benchmarks/libhevc_hevc_dec_fuzzer/benchmark.yaml @@ -0,0 +1,3 @@ +commit: a3cac8c9d79968772272fff97a98d4edaf3132c1 +fuzz_target: hevc_dec_fuzzer +project: libhevc diff --git a/benchmarks/libhevc_hevc_dec_fuzzer/build.sh b/benchmarks/libhevc_hevc_dec_fuzzer/build.sh new file mode 100755 index 000000000..d8a526db7 --- /dev/null +++ b/benchmarks/libhevc_hevc_dec_fuzzer/build.sh @@ -0,0 +1,18 @@ +#!/bin/bash -eu +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +# Run the OSS-Fuzz script in the project. +$SRC/libhevc/fuzzer/ossfuzz.sh diff --git a/benchmarks/librdkafka_fuzz_regex/Dockerfile b/benchmarks/librdkafka_fuzz_regex/Dockerfile new file mode 100755 index 000000000..88121eaac --- /dev/null +++ b/benchmarks/librdkafka_fuzz_regex/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y make cmake flex bison zlib1g-dev +RUN git clone https://github.com/edenhill/librdkafka + +WORKDIR $SRC +COPY build.sh $SRC/ diff --git a/benchmarks/librdkafka_fuzz_regex/benchmark.yaml b/benchmarks/librdkafka_fuzz_regex/benchmark.yaml new file mode 100644 index 000000000..818eb8de8 --- /dev/null +++ b/benchmarks/librdkafka_fuzz_regex/benchmark.yaml @@ -0,0 +1,3 @@ +commit: c75eae84846b1023422b75798c41d4b6b1f8b0b7 +fuzz_target: fuzz_regex +project: librdkafka diff --git a/benchmarks/librdkafka_fuzz_regex/build.sh b/benchmarks/librdkafka_fuzz_regex/build.sh new file mode 100755 index 000000000..ec157f6f2 --- /dev/null +++ b/benchmarks/librdkafka_fuzz_regex/build.sh @@ -0,0 +1,29 @@ +#!/bin/bash -eu +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +cd librdkafka +./configure --install-deps --disable-regex-ext +make + +export LIBZSTD=$PWD/mklove/deps/dest/usr/lib/libzstd.a + +cd tests +$CC -g -fPIC $CFLAGS -I../src -c ./fuzzers/fuzz_regex.c -o fuzz_regex.o +$CXX $CXXFLAGS $LIB_FUZZING_ENGINE -rdynamic fuzz_regex.o -o fuzzer \ + ../src/librdkafka.a -lm ${LIBZSTD} -lsasl2 -lssl -lcrypto \ + -lcrypto -lz -ldl -lpthread -lrt + +cp fuzzer $OUT/fuzz_regex diff --git a/service/test_automatic_run_experiment.py b/service/test_automatic_run_experiment.py index 363a3e356..3d9ecd5df 100644 --- a/service/test_automatic_run_experiment.py +++ b/service/test_automatic_run_experiment.py @@ -72,8 +72,21 @@ def test_run_requested_experiment(mocked_get_requested_experiments, 'experiment-config.yaml') expected_benchmarks = sorted([ + 'arduinojson_json_fuzzer', + 'assimp_assimp_fuzzer', + 'astc-encoder_fuzz_astc_physical_to_symbolic', 'bloaty_fuzz_target', + 'botan_tls_server', + 'brotli_decode_fuzzer', 'curl_curl_fuzzer_http', + 'double-conversion_string_to_double_fuzzer', + 'draco_draco_pc_decoder_fuzzer', + 'dropbear_fuzzer-postauth_nomaths', + 'firestore_firestore_serializer_fuzzer', + 'fmt_chrono-duration-fuzzer', + 'guetzli_guetzli_fuzzer', + 'icu_unicode_string_codepage_create_fuzzer', + 'jansson_json_load_dump_fuzzer', 'jsoncpp_jsoncpp_fuzzer', 'libpcap_fuzz_both', 'libpcap_fuzz_filter_98b0a2', @@ -88,8 +101,12 @@ def test_run_requested_experiment(mocked_get_requested_experiments, 'harfbuzz_hb-shape-fuzzer', 'lcms_cms_transform_fuzzer', 'lcms_cms_transform_all_fuzzer_97d37d', + 'libaom_av1_dec_fuzzer', + 'libcoap_pdu_parse_fuzzer', + 'libhevc_hevc_dec_fuzzer', 'libjpeg-turbo_libjpeg_turbo_fuzzer', 'libpng_libpng_read_fuzzer', + 'librdkafka_fuzz_regex', 'libxml2_xml', 'openh264_decoder_fuzzer', 'openthread_ot-ip6-send-fuzzer',