diff --git a/.github/workflows/fuzzers.yml b/.github/workflows/fuzzers.yml index 2feb8028f..f3acd7e51 100644 --- a/.github/workflows/fuzzers.yml +++ b/.github/workflows/fuzzers.yml @@ -17,93 +17,98 @@ jobs: fail-fast: false matrix: fuzzer: + # Default fuzzers general comparison evaluation. - afl - aflfast - - afl_um_prioritize - - afl_um_random - - afl_um_parallel - aflplusplus - - aflplusplus_optimal - - aflplusplus_tracepc - - aflplusplus_um_prioritize - - aflplusplus_um_prioritize_75 - - aflplusplus_um_random - - aflplusplus_um_random_75 - - aflplusplus_um_random_3 - - aflplusplus_um_random_6 - - aflplusplus_um_parallel - aflsmart - centipede - - entropic + - eclipser - fairfuzz - honggfuzz - - honggfuzz_um_random - - honggfuzz_um_random_75 - - honggfuzz_um_prioritize - - honggfuzz_um_prioritize_75 - - honggfuzz_um_parallel - - lafintel - - klee + - libafl - libfuzzer - - libfuzzer_um_random - - libfuzzer_um_random_75 - - libfuzzer_um_prioritize - - libfuzzer_um_prioritize_75 - - libfuzzer_um_parallel - - libfuzzer_dataflow - - libfuzzer_dataflow_load - - libfuzzer_dataflow_store - - libfuzzer_dataflow_pre - mopt - - neuzz - - libafl - - libafl_text - - pythia_effect_bb - - pythia_bb - - fafuzz - - tortoisefuzz - wingfuzz - # Binary-only (greybox) fuzzers. - - eclipser - - eclipser_um_prioritize - - eclipser_um_prioritize_75 - - eclipser_um_random - - eclipser_um_random_75 - - eclipser_um_parallel - - afl_qemu - - honggfuzz_qemu - - weizz_qemu - - aflplusplus_qemu - - aflplusplus_frida + # - klee # To Be Fixed. + # - tortoisefuzz # To Be Fixed. # Concolic execution - - fuzzolic_aflplusplus_z3 - - fuzzolic_aflplusplus_fuzzy - - eclipser_aflplusplus - - symqemu_aflplusplus - - symcc_aflplusplus - - symcc_aflplusplus_single - - symcc_afl - - symcc_afl_single + # - symcc_aflplusplus # To Be Fixed. # Grammar fuzzers - - nautilus - - gramatron - - token_level - - grimoire + # - nautilus # To Be Fixed. + # - gramatron # To Be Fixed. + # - token_level # To Be Fixed. + # - grimoire # To Be Fixed. # Temporary variants. - - aflplusplus_dict2file - - afl_2_52_b - - aflplusplus_cmplog - - afl_random_favored - - entropic_execute_final - - libfuzzer_exeute_final - - introspector_driven_focus - - libfuzzer_fork_parallel - - centipede_function_filter + # - introspector_driven_focus + # - centipede_function_filter + # - aflplusplus_dict2file + # - afl_2_52_b + # - aflplusplus_cmplog + # - afl_random_favored + # - entropic_execute_final + # - libfuzzer_exeute_final + # - libfuzzer_fork_parallel + # - afl_um_prioritize + # - afl_um_random + # - afl_um_parallel + # - aflplusplus_optimal + # - aflplusplus_tracepc + # - aflplusplus_um_prioritize + # - aflplusplus_um_prioritize_75 + # - aflplusplus_um_random + # - aflplusplus_um_random_75 + # - aflplusplus_um_random_3 + # - aflplusplus_um_random_6 + # - aflplusplus_um_parallel + # - honggfuzz_um_random + # - honggfuzz_um_random_75 + # - honggfuzz_um_prioritize + # - honggfuzz_um_prioritize_75 + # - honggfuzz_um_parallel + # - libfuzzer_um_random + # - libfuzzer_um_random_75 + # - libfuzzer_um_prioritize + # - libfuzzer_um_prioritize_75 + # - libfuzzer_um_parallel + # - libfuzzer_dataflow + # - libfuzzer_dataflow_load + # - libfuzzer_dataflow_store + # - libfuzzer_dataflow_pre + # - libafl_text + # - pythia_effect_bb + ## Binary-only (greybox) fuzzers. + # - eclipser_um_prioritize + # - eclipser_um_prioritize_75 + # - eclipser_um_random + # - eclipser_um_random_75 + # - eclipser_um_parallel + ## Binary-only (greybox) fuzzers. + # - afl_qemu + # - honggfuzz_qemu + # - weizz_qemu + # - aflplusplus_qemu + # - aflplusplus_frida + ## Concolic fuzzers. + # - fuzzolic_aflplusplus_z3 + # - fuzzolic_aflplusplus_fuzzy + # - eclipser_aflplusplus + # - symqemu_aflplusplus + # - symcc_aflplusplus_single + # - symcc_afl + ## Concolic execution + # - symcc_afl_single + ## Deprecated. + # - entropic + # - lafintel + # - neuzz + # - pythia_bb + # - fafuzz benchmark_type: - oss-fuzz - standard - - bug + # - bug steps: - uses: actions/checkout@v2 diff --git a/benchmarks/arrow_parquet-arrow-fuzz/Dockerfile b/benchmarks/arrow_parquet-arrow-fuzz/Dockerfile index ac460c194..ed0ea59ec 100644 --- a/benchmarks/arrow_parquet-arrow-fuzz/Dockerfile +++ b/benchmarks/arrow_parquet-arrow-fuzz/Dockerfile @@ -17,8 +17,7 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c ENV DEBIAN_FRONTEND noninteractive -RUN apt-get update -y -q && \ - apt-get upgrade -y -q && \ +RUN apt-get update && \ apt-get install -y -q --no-install-recommends \ bison \ build-essential \ @@ -28,6 +27,11 @@ RUN apt-get update -y -q && \ ninja-build \ python3 -RUN git clone --depth=1 https://github.com/apache/arrow.git $SRC/arrow +RUN git clone \ + --depth=1 \ + --branch apache-arrow-10.0.0 \ + --recurse-submodules \ + https://github.com/apache/arrow.git \ + $SRC/arrow COPY build.sh thrift.patch $SRC/ diff --git a/benchmarks/arrow_parquet-arrow-fuzz/benchmark.yaml b/benchmarks/arrow_parquet-arrow-fuzz/benchmark.yaml index 3509f6ab3..dd902d883 100644 --- a/benchmarks/arrow_parquet-arrow-fuzz/benchmark.yaml +++ b/benchmarks/arrow_parquet-arrow-fuzz/benchmark.yaml @@ -1,9 +1,8 @@ -commit: fb8868d25570234f0f18e8bcdb6ccb0c3b63d0f0 -commit_date: 2020-02-25 02:36:00+00:00 fuzz_target: parquet-arrow-fuzz project: arrow -type: bug unsupported_fuzzers: + - honggfuzz # To Be Fixed. + - libafl # To Be Fixed. - aflcc - afl_qemu - aflplusplus_qemu diff --git a/benchmarks/arrow_parquet-arrow-fuzz/build.sh b/benchmarks/arrow_parquet-arrow-fuzz/build.sh index 8c377a604..31e12b625 100755 --- a/benchmarks/arrow_parquet-arrow-fuzz/build.sh +++ b/benchmarks/arrow_parquet-arrow-fuzz/build.sh @@ -53,7 +53,7 @@ cmake ${ARROW} -GNinja \ -DPARQUET_BUILD_EXAMPLES=off \ -DPARQUET_BUILD_EXECUTABLES=off \ -DPARQUET_REQUIRE_ENCRYPTION=off \ - -DARROW_WITH_BROTLI=off \ + -DARROW_WITH_BROTLI=on \ -DARROW_WITH_BZ2=off \ -DARROW_WITH_LZ4=off \ -DARROW_WITH_SNAPPY=off \ diff --git a/benchmarks/aspell_aspell_fuzzer/Dockerfile b/benchmarks/aspell_aspell_fuzzer/Dockerfile index 0a1b9ce9e..75f40119d 100644 --- a/benchmarks/aspell_aspell_fuzzer/Dockerfile +++ b/benchmarks/aspell_aspell_fuzzer/Dockerfile @@ -18,8 +18,15 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1 RUN apt-get update && apt-get upgrade -y && apt-get install -y pkg-config wget -RUN git clone https://github.com/gnuaspell/aspell.git $SRC/aspell -RUN git clone --depth 1 -b master https://github.com/gnuaspell/aspell-fuzz.git $SRC/aspell-fuzz +RUN git clone \ + --depth 1 \ + --branch rel-0.60.8 \ + https://github.com/gnuaspell/aspell.git \ + $SRC/aspell + +RUN git clone \ + https://github.com/gnuaspell/aspell-fuzz.git \ + $SRC/aspell-fuzz # Suppress an immediate UBSan violation that prevents fuzzing RUN wget https://github.com/GNUAspell/aspell/commit/a2cd7ffd25e6213f36139cda4a911e2e03ed417c.patch -O $SRC/aspell/fix_aspell_ub.patch diff --git a/benchmarks/aspell_aspell_fuzzer/benchmark.yaml b/benchmarks/aspell_aspell_fuzzer/benchmark.yaml index ba25ed4f8..ce42d61d8 100644 --- a/benchmarks/aspell_aspell_fuzzer/benchmark.yaml +++ b/benchmarks/aspell_aspell_fuzzer/benchmark.yaml @@ -1,8 +1,5 @@ -commit: b503ec3e3e134dbc28bf129c012e5d6245a39472 -commit_date: 2019-08-05 23:54:02+00:00 fuzz_target: aspell_fuzzer project: aspell -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/bloaty_fuzz_target/Dockerfile b/benchmarks/bloaty_fuzz_target/Dockerfile index 3b27a27ea..f64e085d8 100644 --- a/benchmarks/bloaty_fuzz_target/Dockerfile +++ b/benchmarks/bloaty_fuzz_target/Dockerfile @@ -15,7 +15,18 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c -RUN apt-get update && apt-get upgrade -y && apt-get install -y cmake ninja-build g++ -RUN git clone --depth 1 https://github.com/google/bloaty.git bloaty + +RUN apt-get update && \ + apt-get install -y \ + cmake \ + ninja-build \ + g++ \ + libz-dev + +RUN git clone \ + --depth 1 \ + --branch v1.1\ + https://github.com/google/bloaty.git + WORKDIR bloaty COPY build.sh $SRC/ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer/Dockerfile b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer/Dockerfile index 9b67837cb..1148f8968 100644 --- a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer/Dockerfile +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer/Dockerfile @@ -15,36 +15,97 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c -ADD bionic.list /etc/apt/sources.list.d/bionic.list -ADD nasm_apt.pin /etc/apt/preferences -RUN apt-get update && apt-get upgrade -y && apt-get install -y make autoconf automake libtool build-essential \ - libass-dev libfreetype6-dev libsdl1.2-dev \ - libvdpau-dev libxcb1-dev libxcb-shm0-dev \ - pkg-config texinfo libbz2-dev zlib1g-dev yasm cmake mercurial wget \ - xutils-dev libpciaccess-dev nasm - -RUN git clone https://git.ffmpeg.org/ffmpeg.git ffmpeg - -RUN wget https://www.alsa-project.org/files/pub/lib/alsa-lib-1.1.0.tar.bz2 -RUN git clone -n https://gitlab.freedesktop.org/mesa/drm.git -RUN cd drm; git checkout 5db0f7692d1fdf05f9f6c0c02ffa5a5f4379c1f3 -RUN git clone --depth 1 https://github.com/mstorsjo/fdk-aac.git -ADD https://sourceforge.net/projects/lame/files/latest/download lame.tar.gz -RUN git clone git://anongit.freedesktop.org/xorg/lib/libXext && \ - cd /src/libXext && \ - git checkout d965a1a8ce9331d2aaf1c697a29455ad55171b36 - -RUN git clone -n git://anongit.freedesktop.org/git/xorg/lib/libXfixes -RUN cd libXfixes; git checkout 174a94975af710247719310cfc53bd13e1f3b44d -RUN git clone --depth 1 https://github.com/intel/libva -RUN git clone --depth 1 -b libvdpau-1.2 git://people.freedesktop.org/~aplattner/libvdpau -RUN git clone --depth 1 https://chromium.googlesource.com/webm/libvpx -RUN git clone --depth 1 https://github.com/xiph/ogg -RUN git clone --depth 1 https://github.com/xiph/opus -RUN git clone --depth 1 https://github.com/xiph/theora -RUN git clone --depth 1 https://github.com/xiph/vorbis -RUN git clone --depth 1 https://code.videolan.org/videolan/x264.git -RUN git clone --depth 1 https://bitbucket.org/multicoreware/x265_git.git -RUN mv x265_git x265 + +RUN apt-get update && \ + apt-get install -y \ + make \ + autoconf \ + libtool \ + build-essential \ + libass-dev \ + libfreetype6-dev \ + libsdl1.2-dev \ + libvdpau-dev \ + libxcb1-dev \ + libxcb-shm0-dev \ + libdrm-dev \ + pkg-config \ + texinfo \ + libbz2-dev \ + zlib1g-dev \ + yasm \ + cmake \ + mercurial \ + wget \ + xutils-dev \ + libpciaccess-dev \ + nasm \ + meson \ + rsync && \ + curl \ + -LO \ + http://mirrors.kernel.org/ubuntu/pool/main/a/automake-1.16/automake_1.16.5-1.3_all.deb && \ + apt install ./automake_1.16.5-1.3_all.deb && \ + rm automake_1.16.5-1.3_all.deb + +RUN git clone \ + --branch v1.2.8 \ + --depth 1 \ + https://github.com/alsa-project/alsa-lib.git + +RUN git clone \ + --branch v2.0.2 \ + --depth 1 \ + https://github.com/mstorsjo/fdk-aac.git + +RUN git clone \ + --branch libXext-1.3.5 \ + --depth 1 \ + https://gitlab.freedesktop.org/xorg/lib/libxext.git + +RUN git clone \ + --depth 1 \ + --branch 2.16.0 \ + https://github.com/intel/libva + +RUN git clone \ + --depth 1 \ + --branch libvdpau-1.2 \ + https://gitlab.freedesktop.org/vdpau/libvdpau.git + +RUN git clone \ + --depth 1 \ + --branch v1.12.0 \ + https://chromium.googlesource.com/webm/libvpx + +RUN git clone \ + --depth 1 \ + --branch v1.3.5 \ + https://github.com/xiph/ogg + +RUN git clone \ + --depth 1 \ + --branch v1.3.1 \ + https://github.com/xiph/opus + +RUN git clone \ + --depth 1 \ + --branch v1.1.1 \ + https://github.com/xiph/theora + +RUN git clone \ + --depth 1 \ + --branch v1.3.7 \ + https://github.com/xiph/vorbis + +RUN git clone \ + --depth 1 \ + --branch v2.10.3 \ + https://gitlab.gnome.org/GNOME/libxml2.git + +RUN git clone \ + --branch n5.1.2 \ + --depth 1 \ + https://git.ffmpeg.org/ffmpeg.git COPY build.sh group_seed_corpus.py $SRC/ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer/benchmark.yaml b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer/benchmark.yaml index 5c52edf4c..3040df087 100644 --- a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer/benchmark.yaml +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer/benchmark.yaml @@ -1,9 +1,7 @@ -commit: 6473a5d35c16b1e673c07f0927ec5d2e10433e79 -commit_date: 2019-06-14 01:51:00+00:00 fuzz_target: ffmpeg_DEMUXER_fuzzer project: ffmpeg -type: bug unsupported_fuzzers: + - libafl - aflcc - afl_qemu - aflplusplus_qemu diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer/build.sh b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer/build.sh index 21dceb802..d45d543c2 100755 --- a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer/build.sh +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer/build.sh @@ -20,97 +20,74 @@ export CFLAGS="$CFLAGS -fno-sanitize=vptr" export CXXFLAGS="$CXXFLAGS -fno-sanitize=vptr" # Build dependencies. -export FFMPEG_DEPS_PATH=$SRC/ffmpeg_deps +export FFMPEG_DEPS_PATH="$SRC/ffmpeg_deps" mkdir -p $FFMPEG_DEPS_PATH export PATH="$FFMPEG_DEPS_PATH/bin:$PATH" export LD_LIBRARY_PATH="$FFMPEG_DEPS_PATH/lib" +export PKG_CONFIG_PATH="$LD_LIBRARY_PATH/pkgconfig:$LD_LIBRARY_PATH/x86_64-linux-gnu/pkgconfig" -cd $SRC -bzip2 -f -d alsa-lib-* -tar xf alsa-lib-* -cd alsa-lib-1.1.0 +(cd $SRC/alsa-lib +./gitcompile ./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared make clean make -j$(nproc) all -make install +make install) -cd $SRC/drm -# Requires xutils-dev libpciaccess-dev -./autogen.sh -./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static -make clean -make -j$(nproc) -make install - -cd $SRC/fdk-aac +(cd $SRC/fdk-aac autoreconf -fiv CXXFLAGS="$CXXFLAGS -fno-sanitize=shift-base" \ ./configure --prefix="$FFMPEG_DEPS_PATH" --disable-shared make clean make -j$(nproc) all -make install - -cd $SRC -tar xzf lame.tar.gz -cd lame-* -./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static -make clean -make -j$(nproc) -make install - -cd $SRC/libXext -./autogen.sh -./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static -make clean -make -j$(nproc) -make install +make install) -cd $SRC/libXfixes +(cd $SRC/libxext ./autogen.sh ./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static make clean make -j$(nproc) -make install +make install) -cd $SRC/libva +(cd $SRC/libva ./autogen.sh ./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared make clean make -j$(nproc) all -make install +make install) -cd $SRC/libvdpau +(cd $SRC/libvdpau +# Requires libpciaccess-dev ./autogen.sh ./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared make clean make -j$(nproc) all -make install +make install) -cd $SRC/libvpx +(cd $SRC/libvpx LDFLAGS="$CXXFLAGS" ./configure --prefix="$FFMPEG_DEPS_PATH" \ --disable-examples --disable-unit-tests \ --size-limit=12288x12288 \ --extra-cflags="-DVPX_MAX_ALLOCABLE_MEMORY=1073741824" make clean make -j$(nproc) all -make install +make install) -cd $SRC/ogg +(cd $SRC/ogg ./autogen.sh ./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-crc make clean make -j$(nproc) -make install +make install) -cd $SRC/opus +(cd $SRC/opus ./autogen.sh ./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static make clean make -j$(nproc) all -make install +make install) -cd $SRC/theora +(cd $SRC/theora # theora requires ogg, need to pass its location to the "configure" script. CFLAGS="$CFLAGS -fPIC" LDFLAGS="-L$FFMPEG_DEPS_PATH/lib/" \ CPPFLAGS="$CXXFLAGS -I$FFMPEG_DEPS_PATH/include/" \ @@ -120,31 +97,22 @@ CFLAGS="$CFLAGS -fPIC" LDFLAGS="-L$FFMPEG_DEPS_PATH/lib/" \ --enable-static --disable-examples make clean make -j$(nproc) -make install +make install) -cd $SRC/vorbis +(cd $SRC/vorbis ./autogen.sh ./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static make clean make -j$(nproc) -make install +make install) -cd $SRC/x264 -LDFLAGS="$CXXFLAGS" ./configure --prefix="$FFMPEG_DEPS_PATH" \ - --enable-static +(cd $SRC/libxml2 +./autogen.sh --prefix="$FFMPEG_DEPS_PATH" --enable-static \ + --without-debug --without-ftp --without-http \ + --without-legacy --without-python make clean make -j$(nproc) -make install - -cd $SRC/x265/build/linux -cmake -G "Unix Makefiles" \ - -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \ - -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ - -DCMAKE_INSTALL_PREFIX="$FFMPEG_DEPS_PATH" -DENABLE_SHARED:bool=off \ - ../../source -make clean -make -j$(nproc) x265-static -make install +make install) # Remove shared libraries to avoid accidental linking against them. rm $FFMPEG_DEPS_PATH/lib/*.so @@ -165,14 +133,16 @@ PKG_CONFIG_PATH="$FFMPEG_DEPS_PATH/lib/pkgconfig" ./configure \ --enable-libass \ --enable-libfdk-aac \ --enable-libfreetype \ - --enable-libmp3lame \ --enable-libopus \ --enable-libtheora \ --enable-libvorbis \ --enable-libvpx \ - --enable-libx264 \ - --enable-libx265 \ + --enable-libxml2 \ --enable-nonfree \ + --disable-muxers \ + --disable-protocols \ + --disable-demuxer=rtp,rtsp,sdp \ + --disable-devices \ --disable-shared make clean make -j$(nproc) install diff --git a/benchmarks/file_magic_fuzzer/Dockerfile b/benchmarks/file_magic_fuzzer/Dockerfile index 2674570c0..d05b3852e 100644 --- a/benchmarks/file_magic_fuzzer/Dockerfile +++ b/benchmarks/file_magic_fuzzer/Dockerfile @@ -17,6 +17,9 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c MAINTAINER mike.aizatsky@gmail.com RUN apt-get update && apt-get install -y make autoconf automake libtool shtool zlib1g-dev -RUN git clone --depth 1 https://github.com/file/file.git +RUN git clone \ + --depth 1 \ + --branch FILE5_43 \ + https://github.com/file/file.git WORKDIR file COPY build.sh magic_fuzzer.cc $SRC/ diff --git a/benchmarks/file_magic_fuzzer/benchmark.yaml b/benchmarks/file_magic_fuzzer/benchmark.yaml index 8b70c8548..aa1f8eeb9 100644 --- a/benchmarks/file_magic_fuzzer/benchmark.yaml +++ b/benchmarks/file_magic_fuzzer/benchmark.yaml @@ -1,9 +1,7 @@ -commit: d1ff3af7a2c6b38bdbdde7af26b59e3c50a48fff -commit_date: 2018-10-18 23:35:42+00:00 fuzz_target: magic_fuzzer project: file -type: bug unsupported_fuzzers: - aflcc - klee - lafintel + - honggfuzz diff --git a/benchmarks/grok_grk_decompress_fuzzer/Dockerfile b/benchmarks/grok_grk_decompress_fuzzer/Dockerfile index dc2776a15..7d66be178 100644 --- a/benchmarks/grok_grk_decompress_fuzzer/Dockerfile +++ b/benchmarks/grok_grk_decompress_fuzzer/Dockerfile @@ -16,8 +16,14 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c -RUN git clone https://github.com/GrokImageCompression/grok.git grok -RUN git clone https://github.com/GrokImageCompression/grok-test-data.git grok/data +RUN git clone \ + --depth 1 \ + --branch v10.0.4 \ + https://github.com/GrokImageCompression/grok.git \ + grok +RUN git clone https://github.com/GrokImageCompression/grok-test-data.git \ + grok-data + WORKDIR grok COPY build.sh $SRC/ diff --git a/benchmarks/grok_grk_decompress_fuzzer/benchmark.yaml b/benchmarks/grok_grk_decompress_fuzzer/benchmark.yaml index 154fc829b..c3cb521b9 100644 --- a/benchmarks/grok_grk_decompress_fuzzer/benchmark.yaml +++ b/benchmarks/grok_grk_decompress_fuzzer/benchmark.yaml @@ -1,9 +1,7 @@ -commit: c007abeb226caef9c23bd786a36614b94703ff87 -commit_date: 2020-11-09 02:44:57+00:00 fuzz_target: grk_decompress_fuzzer project: grok -type: bug unsupported_fuzzers: + - centipede - aflcc - afl_qemu - aflplusplus_qemu diff --git a/benchmarks/grok_grk_decompress_fuzzer/build.sh b/benchmarks/grok_grk_decompress_fuzzer/build.sh index 4ec01fbf3..21ee2269b 100755 --- a/benchmarks/grok_grk_decompress_fuzzer/build.sh +++ b/benchmarks/grok_grk_decompress_fuzzer/build.sh @@ -17,7 +17,7 @@ mkdir build cd build -cmake .. +cmake .. -DGRK_BUILD_CODEC=OFF -DBUILD_SHARED_LIBS=OFF -DGRK_BUILD_THIRDPARY=ON make clean -s make -j$(nproc) -s cd .. diff --git a/benchmarks/libarchive_libarchive_fuzzer/Dockerfile b/benchmarks/libarchive_libarchive_fuzzer/Dockerfile index caebf2323..6f0990e99 100644 --- a/benchmarks/libarchive_libarchive_fuzzer/Dockerfile +++ b/benchmarks/libarchive_libarchive_fuzzer/Dockerfile @@ -21,6 +21,9 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1 RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config \ libbz2-dev liblzo2-dev liblzma-dev liblz4-dev libz-dev \ libxml2-dev libssl-dev libacl1-dev libattr1-dev -RUN git clone --depth 1 https://github.com/libarchive/libarchive.git +RUN git clone \ + --depth 1 \ + --branch v3.6.1 \ + https://github.com/libarchive/libarchive.git WORKDIR libarchive COPY build.sh libarchive_fuzzer.cc $SRC/ diff --git a/benchmarks/libarchive_libarchive_fuzzer/benchmark.yaml b/benchmarks/libarchive_libarchive_fuzzer/benchmark.yaml index 67fc11dc6..bb2852f70 100644 --- a/benchmarks/libarchive_libarchive_fuzzer/benchmark.yaml +++ b/benchmarks/libarchive_libarchive_fuzzer/benchmark.yaml @@ -1,8 +1,5 @@ -commit: 94ca3f0734f71a0d9389ceaa237ce5a4ed8a21cd -commit_date: 2019-05-03 02:15:00+00:00 fuzz_target: libarchive_fuzzer project: libarchive -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/libarchive_libarchive_fuzzer/build.sh b/benchmarks/libarchive_libarchive_fuzzer/build.sh index 84c5f9c13..149a74384 100755 --- a/benchmarks/libarchive_libarchive_fuzzer/build.sh +++ b/benchmarks/libarchive_libarchive_fuzzer/build.sh @@ -23,6 +23,7 @@ make -j$(nproc) all # build fuzzer(s) $CXX $CXXFLAGS -Ilibarchive \ $SRC/libarchive_fuzzer.cc -o $OUT/libarchive_fuzzer \ + -stdlib=libstdc++ \ $LIB_FUZZING_ENGINE .libs/libarchive.a \ -Wl,-Bstatic -lbz2 -llzo2 -lxml2 -llzma -lz -lcrypto -llz4 -licuuc \ - -licudata -Wl,-Bdynamic -ldl + -licudata -Wl,-Bdynamic -ldl -lc++ diff --git a/benchmarks/libgit2_objects_fuzzer/Dockerfile b/benchmarks/libgit2_objects_fuzzer/Dockerfile index 31c702ade..e96cc53f7 100644 --- a/benchmarks/libgit2_objects_fuzzer/Dockerfile +++ b/benchmarks/libgit2_objects_fuzzer/Dockerfile @@ -16,8 +16,20 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c -RUN apt-get update && apt-get install -y make autoconf automake libtool cmake -RUN git clone https://github.com/libgit2/libgit2 libgit2 +RUN apt-get update && \ + apt-get install -y \ + make \ + autoconf \ + automake \ + libtool \ + cmake + +RUN git clone \ + --depth 1 \ + --branch v1.5.0 \ + https://github.com/libgit2/libgit2 \ + libgit2 + WORKDIR libgit2 COPY build.sh $SRC/ diff --git a/benchmarks/libgit2_objects_fuzzer/benchmark.yaml b/benchmarks/libgit2_objects_fuzzer/benchmark.yaml index dc849c1f7..50a72ed86 100644 --- a/benchmarks/libgit2_objects_fuzzer/benchmark.yaml +++ b/benchmarks/libgit2_objects_fuzzer/benchmark.yaml @@ -1,9 +1,7 @@ -commit: 20cb30b6b8e269d2ce3474523562b2739a8efea2 -commit_date: 2018-11-13 12:40:17+00:00 fuzz_target: objects_fuzzer project: libgit2 -type: bug unsupported_fuzzers: + - libafl - aflcc - afl_qemu - aflplusplus_qemu diff --git a/benchmarks/libgit2_objects_fuzzer/build.sh b/benchmarks/libgit2_objects_fuzzer/build.sh index 87067ec3f..9e72ca70e 100755 --- a/benchmarks/libgit2_objects_fuzzer/build.sh +++ b/benchmarks/libgit2_objects_fuzzer/build.sh @@ -27,17 +27,14 @@ cmake .. -DCMAKE_INSTALL_PREFIX="$WORK" \ make -j$(nproc) make install - -for fuzzer in "../fuzzers/objects_fuzzer.c" +for fuzzer in ../fuzzers/*_fuzzer.c do fuzzer_name=$(basename "${fuzzer%.c}") - $CC $CFLAGS -c -I"$WORK/include" -I"$SRC/libgit2/src" \ - -DLIBGIT2_NO_FEATURES_H \ + $CC $CFLAGS -c -I./src -I../src/libgit2 -I../src/util -I../include \ "$fuzzer" -o "$WORK/$fuzzer_name.o" $CXX $CXXFLAGS -std=c++11 -o "$OUT/$fuzzer_name" \ - -lFuzzingEngine "$WORK/$fuzzer_name.o" "$WORK/lib/libgit2.a" \ - -pthread -ldl + $LIB_FUZZING_ENGINE "$WORK/$fuzzer_name.o" "$WORK/lib/libgit2.a" zip -j "$OUT/${fuzzer_name}_seed_corpus.zip" \ ../fuzzers/corpora/${fuzzer_name%_fuzzer}/* diff --git a/benchmarks/libhevc_hevc_dec_fuzzer/Dockerfile b/benchmarks/libhevc_hevc_dec_fuzzer/Dockerfile index 460ea5435..491ed22a4 100644 --- a/benchmarks/libhevc_hevc_dec_fuzzer/Dockerfile +++ b/benchmarks/libhevc_hevc_dec_fuzzer/Dockerfile @@ -17,6 +17,9 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c MAINTAINER harish.mahendrakar@ittiam.com RUN apt-get update && apt-get install -y wget cmake -RUN git clone https://android.googlesource.com/platform/external/libhevc +RUN git clone \ + --depth 1 \ + --branch android-vts-13.0_r2 \ + https://android.googlesource.com/platform/external/libhevc COPY build.sh $SRC/ WORKDIR libhevc diff --git a/benchmarks/libhevc_hevc_dec_fuzzer/benchmark.yaml b/benchmarks/libhevc_hevc_dec_fuzzer/benchmark.yaml index 74779f9c6..746f9be46 100644 --- a/benchmarks/libhevc_hevc_dec_fuzzer/benchmark.yaml +++ b/benchmarks/libhevc_hevc_dec_fuzzer/benchmark.yaml @@ -1,8 +1,5 @@ -commit: d28f2210ee8e65afdfb07a1fd6582285d3d178e0 -commit_date: 2019-09-06 01:29:00+00:00 fuzz_target: hevc_dec_fuzzer project: libhevc -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/libhtp_fuzz_htp/Dockerfile b/benchmarks/libhtp_fuzz_htp/Dockerfile index 8c34bc73c..5ca143447 100644 --- a/benchmarks/libhtp_fuzz_htp/Dockerfile +++ b/benchmarks/libhtp_fuzz_htp/Dockerfile @@ -17,7 +17,12 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c RUN apt-get update && apt-get install -y make autoconf automake libtool zlib1g-dev liblzma-dev -RUN git clone https://github.com/OISF/libhtp.git libhtp +RUN git clone \ + --depth 1 \ + --branch 0.5.41 \ + https://github.com/OISF/libhtp.git \ + libhtp + WORKDIR $SRC COPY build.sh $SRC/ diff --git a/benchmarks/libhtp_fuzz_htp/benchmark.yaml b/benchmarks/libhtp_fuzz_htp/benchmark.yaml index de933dc10..adc08c159 100644 --- a/benchmarks/libhtp_fuzz_htp/benchmark.yaml +++ b/benchmarks/libhtp_fuzz_htp/benchmark.yaml @@ -1,8 +1,5 @@ -commit: 75cbbbd405695e97567931655fd5a441f86e5836 -commit_date: 2019-09-14 08:28:41+00:00 fuzz_target: fuzz_htp project: libhtp -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/libpcap_fuzz_both/Dockerfile b/benchmarks/libpcap_fuzz_both/Dockerfile index 28f800101..61fe44522 100644 --- a/benchmarks/libpcap_fuzz_both/Dockerfile +++ b/benchmarks/libpcap_fuzz_both/Dockerfile @@ -15,10 +15,20 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c -RUN apt-get update && apt-get install -y make cmake flex bison -RUN git clone --depth 1 https://github.com/the-tcpdump-group/libpcap.git libpcap -# for corpus as wireshark -RUN git clone --depth=1 https://github.com/the-tcpdump-group/tcpdump.git tcpdump +RUN apt-get update && \ + apt-get install -y make cmake flex bison + +RUN git clone \ + --depth 1 \ + --branch libpcap-1.10.1 \ + https://github.com/the-tcpdump-group/libpcap.git libpcap + +# For corpus as wireshark. +RUN git clone \ + --depth=1 \ + --branch tcpdump-4.99.1 \ + https://github.com/the-tcpdump-group/tcpdump.git tcpdump + WORKDIR $SRC COPY build.sh $SRC/ COPY patch.diff $SRC/ diff --git a/benchmarks/libpcap_fuzz_both/build.sh b/benchmarks/libpcap_fuzz_both/build.sh index e44f8b83f..694833b79 100755 --- a/benchmarks/libpcap_fuzz_both/build.sh +++ b/benchmarks/libpcap_fuzz_both/build.sh @@ -23,12 +23,12 @@ cd build cmake .. make - # build fuzz targets for target in pcap filter both do $CC $CFLAGS -I.. -c ../testprogs/fuzz/fuzz_$target.c -o fuzz_$target.o - $CXX $CXXFLAGS fuzz_$target.o -o $OUT/fuzz_$target libpcap.a $LIB_FUZZING_ENGINE + $CXX $CXXFLAGS fuzz_$target.o -o $OUT/fuzz_$target \ + libpcap.a $LIB_FUZZING_ENGINE $EXTRA_LIBS done # export other associated stuff diff --git a/benchmarks/libpng-1.2.56/build.sh b/benchmarks/libpng-1.2.56/build.sh deleted file mode 100755 index 533226b4c..000000000 --- a/benchmarks/libpng-1.2.56/build.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -ex -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -tar xf libpng-1.2.56.tar.gz - -cd libpng-1.2.56 -./configure -make -j $(nproc) - -$CXX $CXXFLAGS -std=c++11 $SRC/target.cc .libs/libpng12.a $FUZZER_LIB -I . -lz \ - -o $OUT/libpng_read_fuzzer -cp -r /opt/seeds $OUT/ diff --git a/benchmarks/libpng-1.2.56/png_mutator.h b/benchmarks/libpng-1.2.56/png_mutator.h deleted file mode 100644 index a16d28270..000000000 --- a/benchmarks/libpng-1.2.56/png_mutator.h +++ /dev/null @@ -1,331 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -// A simple class for parsing, serializing, and mutating an PNG file. -// https://en.wikipedia.org/wiki/Portable_Network_Graphics -// It is an example of a custom mutator for libFuzzer -// (https://llvm.org/docs/LibFuzzer.html) used for -// "structure-aware coverage-guided fuzzing". -// -// If you have a non structure-aware fuzz target for any API that handles -// PNG inputs, you can turn that fuzz target into a structure-aware one -// by defining PNG_MUTATOR_DEFINE_LIBFUZZER_CUSTOM_MUTATOR and then -// including this file. -class PngMutator { - using V = std::vector; - - public: - - // Parse the input stream as a PNG file, - // put every chunk into its own vector, - // uncompress chunk data when needed, - // merge the IDAT chunks into one vector. - PngMutator(std::istream &in) { - ihdr_.resize(13); - Read4(in); - Read4(in); // Skip the 8-byte magic value. - // read IHDR. - if (ReadInteger(in) != 13) return; - if (Read4(in) != Type("IHDR")) return; - // Read 13 values. - in.read((char*)ihdr_.data(), ihdr_.size()); - Read4(in); // ignore CRC - ssize_t idat_idx = -1; - - while (in) { - uint32_t len = ReadInteger(in); - uint32_t type = Read4(in); - if (type == Type("IEND")) break; // do nothing - char chunk_name[5]; - memcpy(chunk_name, &type, 4); - chunk_name[4] = 0; - if (len > (1 << 20)) return; - V v(len); - in.read((char *)v.data(), len); - Read4(in); // ignore CRC - - if (type == Type("IDAT")) { - if (idat_idx != -1) - Append(&chunks_[idat_idx].v, v); - else { - idat_idx = chunks_.size(); - chunks_.push_back({type, v}); - } - } else if (type == Type("iCCP")) { - auto it = v.begin(); - while (it < v.end() && isprint(*it)) it++; - if (it < v.end() && !*it) it++; - if (it < v.end() && !*it) it++; - v = V(it, v.end()); - auto uncompressed = Uncompress(v); - chunks_.push_back({type, uncompressed}); - auto compressed = Compress(uncompressed); - } else { - chunks_.push_back({type, v}); - } - // std::cerr << "CHUNK: " << chunk_name << std::endl; - } - if (idat_idx != -1) - chunks_[idat_idx].v = Uncompress(chunks_[idat_idx].v); - } - - // Write back the PNG file. - void Serialize(std::ostream &out) { - const unsigned char header[] = {0x89, 0x50, 0x4e, 0x47, - 0x0d, 0x0a, 0x1a, 0x0a}; - out.write((const char*)header, sizeof(header)); - WriteChunk(out, "IHDR", ihdr_); - for (auto &ch : chunks_) { - if (ch.type == Type("iCCP")) { - V v; - v.push_back('x'); // assuming the iCCP name doesn't matter. - v.push_back(0); - v.push_back(0); - auto compressed = Compress(ch.v); - Append(&v, compressed); - WriteChunk(out, ch.type, v); - } else { - WriteChunk(out, ch.type, ch.v); - } - } - - WriteChunk(out, "IEND", {}); - } - - // Raw byte array mutator, like that provided by libFuzzer. - using Mutator = size_t (*)(uint8_t *Data, size_t Size, size_t MaxSize); - - // Mutate the in-memory representation of a PNG file. - // Given the same Seed, the same mutation is performed. - void Mutate(Mutator m, unsigned int Seed) { - std::minstd_rand rnd(Seed); - auto M = [&](V *v) { - if (v->empty()) - v->resize(v->size() + 1 + rnd() % 256); - v->resize(m(v->data(), v->size(), v->size())); - }; - switch (rnd() % 6) { - // Mutate IHDR. - case 0: - m(ihdr_.data(), ihdr_.size(), ihdr_.size()); - break; - // Mutate some other chunk. - case 1: - if (!chunks_.empty()) M(&chunks_[rnd() % chunks_.size()].v); - break; - // Shuffle the chunks. - case 2: - std::shuffle(chunks_.begin(), chunks_.end(), rnd); - break; - // Delete a random chunk. - case 3: - if (!chunks_.empty()) - chunks_.erase(chunks_.begin() + rnd() % chunks_.size()); - break; - // Insert a random chunk with one of the known types, or a random type. - case 4: { - static const char *types[] = { - "IATx", "sTER", "hIST", "sPLT", "mkBF", "mkBS", "mkTS", "prVW", - "oFFs", "iDOT", "zTXt", "mkBT", "acTL", "iTXt", "sBIT", "tIME", - "iCCP", "vpAg", "tRNS", "cHRM", "PLTE", "bKGD", "gAMA", "sRGB", - "pHYs", "fdAT", "fcTL", "tEXt", "IDAT", - "pCAL", "sCAL", "eXIf", - "fUZz", // special chunk for extra fuzzing hints. - }; - static const size_t n_types = sizeof(types) / sizeof(types[0]); - uint32_t type = - (rnd() % 10 <= 8) ? Type(types[rnd() % n_types]) : (uint32_t)rnd(); - size_t len = rnd() % 256; - if (type == Type("fUZz")) - len = 16; - V v(len); - for (auto &b : v) b = rnd(); - size_t pos = rnd() % (chunks_.size() + 1); - chunks_.insert(chunks_.begin() + pos, {type, v}); - } break; - // Any more interesting mutations with a PNG file? - case 5: { - auto it = std::find_if( - chunks_.begin(), chunks_.end(), - [](const Chunk &ch) { return ch.type == Type("fUZz"); }); - if (it != chunks_.end()) - m(it->v.data(), it->v.size(), it->v.size()); - } - - } - } - - // Takes a random chunk from p and inserts into *this. - void CrossOver(const PngMutator &p, unsigned int Seed) { - if (p.chunks_.empty()) return; - std::minstd_rand rnd(Seed); - size_t idx = rnd() % p.chunks_.size(); - auto &ch = p.chunks_[idx]; - size_t pos = rnd() % (chunks_.size() + 1); - chunks_.insert(chunks_.begin() + pos, ch); - } - - private: - void Append(V *to, const V &from) { - to->insert(to->end(), from.begin(), from.end()); - } - - uint32_t Read4(std::istream &in) { - uint32_t res = 0; - in.read((char *)&res, sizeof(res)); - return res; - } - uint32_t ReadInteger(std::istream &in) { - return __builtin_bswap32(Read4(in)); - } - static uint32_t Type(const char *tagname) { - uint32_t res; - assert(strlen(tagname) == 4); - memcpy(&res, tagname, 4); - return res; - } - - void WriteInt(std::ostream &out, uint32_t x) { - x = __builtin_bswap32(x); - out.write((char *)&x, sizeof(x)); - } - - // Chunk is written as: - // * 4-byte length - // * 4-byte type - // * the data itself - // * 4-byte crc (of type and data) - void WriteChunk(std::ostream &out, const char *type, const V &chunk, - bool compress = false) { - V compressed; - const V *v = &chunk; - if (compress) { - compressed = Compress(chunk); - v = &compressed; - } - uint32_t len = v->size(); - uint32_t crc = crc32(0, (const unsigned char *)type, 4); - if (v->size()) - crc = crc32(crc, (const unsigned char *)v->data(), v->size()); - WriteInt(out, len); - out.write(type, 4); - out.write((const char*)v->data(), v->size()); - WriteInt(out, crc); - } - - void WriteChunk(std::ostream &out, uint32_t type, const V &chunk) { - char type_s[5]; - memcpy(type_s, &type, 4); - type_s[4] = 0; - WriteChunk(out, type_s, chunk); - } - - V Uncompress(const V &compressed) { - V v; - static const size_t kMaxBuffer = 1 << 28; - for (size_t sz = compressed.size() * 4; sz < kMaxBuffer; sz *= 2) { - v.resize(sz); - size_t len = sz; - auto res = - uncompress(v.data(), &len, compressed.data(), compressed.size()); - if (res == Z_BUF_ERROR) continue; - if (res != Z_OK) return {}; - v.resize(len); - break; - } - return v; - } - - V Compress(const V &uncompressed) { - V v; - static const size_t kMaxBuffer = 1 << 28; - for (size_t sz = uncompressed.size(); sz < kMaxBuffer; sz *= 2) { - v.resize(sz); - size_t len = sz; - auto res = - compress(v.data(), &len, uncompressed.data(), uncompressed.size()); - if (res == Z_BUF_ERROR) continue; - if (res != Z_OK) return {}; - v.resize(len); - break; - } - return v; - } - - void PrintHex(const V &v, size_t max_n) { - for (size_t i = 0; i < max_n && i < v.size(); i++) { - std::cerr << "0x" << std::hex << (unsigned)v[i] << " " << std::dec; - } - std::cerr << std::endl; - } - - V ihdr_; - - struct Chunk { - uint32_t type; - V v; - }; - std::vector chunks_; -}; - - -#ifdef PNG_MUTATOR_DEFINE_LIBFUZZER_CUSTOM_MUTATOR - -extern "C" size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize); - -extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, - size_t MaxSize, unsigned int Seed) { - std::string s(reinterpret_cast(Data), Size); - std::stringstream in(s); - std::stringstream out; - PngMutator p(in); - p.Mutate(LLVMFuzzerMutate, Seed); - p.Serialize(out); - const auto &str = out.str(); - if (str.size() > MaxSize) return Size; - memcpy(Data, str.data(), str.size()); - return str.size(); -} - -extern "C" size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1, - const uint8_t *Data2, size_t Size2, - uint8_t *Out, size_t MaxOutSize, - unsigned int Seed) { - std::stringstream in1( - std::string(reinterpret_cast(Data1), Size1)); - std::stringstream in2( - std::string(reinterpret_cast(Data2), Size2)); - PngMutator p1(in1); - PngMutator p2(in2); - p1.CrossOver(p2, Seed); - std::stringstream out; - p1.Serialize(out); - const auto &str = out.str(); - if (str.size() > MaxOutSize) return 0; - memcpy(Out, str.data(), str.size()); - return str.size(); -} - -#endif // PNG_MUTATOR_DEFINE_LIBFUZZER_CUSTOM_MUTATOR diff --git a/benchmarks/libpng-1.2.56/target.cc b/benchmarks/libpng-1.2.56/target.cc deleted file mode 100644 index 95867c62a..000000000 --- a/benchmarks/libpng-1.2.56/target.cc +++ /dev/null @@ -1,143 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include -#include -#include -#include - -#define PNG_INTERNAL // For PNG_FLAG_CRC_CRITICAL_MASK, etc. -#include "png.h" - -struct BufState { - const uint8_t* data; - size_t bytes_left; -}; - -void user_read_data(png_structp png_ptr, png_bytep data, png_size_t length) { - BufState* buf_state = static_cast(png_get_io_ptr(png_ptr)); - if (length > buf_state->bytes_left) { - png_error(png_ptr, "read error"); - } - memcpy(data, buf_state->data, length); - buf_state->bytes_left -= length; - buf_state->data += length; -} - -static const int kPngHeaderSize = 8; - -struct ScopedPngObject { - ~ScopedPngObject() { - if (row && png_ptr) { - png_free(png_ptr, row); - } - if (png_ptr && info_ptr) { - png_destroy_read_struct(&png_ptr, &info_ptr, nullptr); - } - delete buf_state; - } - png_infop info_ptr = nullptr; - png_voidp row = 0; - png_structp png_ptr = nullptr; - BufState *buf_state = nullptr; -}; - -bool DetectLargeSize(const uint8_t *data, size_t size) { - uint8_t *ihdr = reinterpret_cast(memmem(data, size, "IHDR", 4)); - if (!ihdr) return false; - if (ihdr + 12 > data + size) return false; - uint32_t W = *(uint32_t*)(ihdr + 4); - uint32_t H = *(uint32_t*)(ihdr + 8); - W = __builtin_bswap32(W); - H = __builtin_bswap32(H); - uint64_t WxH = static_cast(W) * H; - if (WxH > 100000ULL) { - // fprintf(stderr, "ZZZ %zu %u %u\n", WxH, W, H); - return true; - } - return false; -} - -// Fuzzing entry point. Roughly follows the libpng book example: -// http://www.libpng.org/pub/png/book/chapter13.html -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - if (size < kPngHeaderSize) { - return 0; - } - ScopedPngObject O; - if (png_sig_cmp(const_cast(data), 0, kPngHeaderSize)) { - // not a PNG. - return 0; - } - - // if (DetectLargeSize(data, size)) return 0; - - auto &png_ptr = O.png_ptr; - png_ptr = png_create_read_struct - (PNG_LIBPNG_VER_STRING, nullptr, nullptr, nullptr); - assert(png_ptr); - - png_ptr->flags &= ~PNG_FLAG_CRC_CRITICAL_MASK; - png_ptr->flags |= PNG_FLAG_CRC_CRITICAL_IGNORE; - - png_ptr->flags &= ~PNG_FLAG_CRC_ANCILLARY_MASK; - png_ptr->flags |= PNG_FLAG_CRC_ANCILLARY_NOWARN; - - auto &info_ptr = O.info_ptr; - info_ptr = png_create_info_struct(png_ptr); - assert(info_ptr); - - // Setting up reading from buffer. - auto &buf_state = O.buf_state; - buf_state = new BufState(); - buf_state->data = data + kPngHeaderSize; - buf_state->bytes_left = size - kPngHeaderSize; - png_set_read_fn(png_ptr, buf_state, user_read_data); - png_set_sig_bytes(png_ptr, kPngHeaderSize); - int passes = 0; - - // libpng error handling. - if (setjmp(png_ptr->jmpbuf)) { - return 0; - } - - // png_ptr->mode & PNG_HAVE_IDAT - // Reading - png_read_info(png_ptr, info_ptr); - - png_uint_32 width, height; - int bit_depth, color_type, interlace_type, compression_type; - int filter_type; - - if (!png_get_IHDR(png_ptr, info_ptr, &width, &height, - &bit_depth, &color_type, &interlace_type, - &compression_type, &filter_type)) { - return 0; - } - - if (height * width > 2000000) return 0; // This is going to be too slow. - - - passes = png_set_interlace_handling(png_ptr); - png_start_read_image(png_ptr); - - O.row = png_malloc(png_ptr, png_get_rowbytes(png_ptr, info_ptr)); - - for (int pass = 0; pass < passes; ++pass) { - for (png_uint_32 y = 0; y < height; ++y) { - png_read_row(png_ptr, static_cast(O.row), NULL); - } - } - return 0; -} diff --git a/benchmarks/libpng-1.2.56/Dockerfile b/benchmarks/libpng-1.6.38/Dockerfile similarity index 79% rename from benchmarks/libpng-1.2.56/Dockerfile rename to benchmarks/libpng-1.6.38/Dockerfile index 47defe41a..b655ee6be 100644 --- a/benchmarks/libpng-1.2.56/Dockerfile +++ b/benchmarks/libpng-1.6.38/Dockerfile @@ -22,13 +22,23 @@ RUN apt-get update && \ autoconf \ automake \ libtool \ - wget \ zlib1g-dev -RUN wget --no-check-certificate \ - https://downloads.sourceforge.net/project/libpng/libpng12/older-releases/1.2.56/libpng-1.2.56.tar.gz +RUN git clone \ + --depth 1 \ + --branch v1.2.13 \ + https://github.com/madler/zlib.git + +RUN git clone \ + --depth 1 \ + --branch v1.6.38 \ + https://github.com/glennrp/libpng.git +RUN cp libpng/contrib/oss-fuzz/build.sh $SRC + +WORKDIR libpng RUN wget --no-check-certificate -qO $OUT/libpng_read_fuzzer.dict \ https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/png.dict + ADD seeds /opt/seeds COPY * $SRC/ diff --git a/benchmarks/libpng-1.2.56/benchmark.yaml b/benchmarks/libpng-1.6.38/benchmark.yaml similarity index 100% rename from benchmarks/libpng-1.2.56/benchmark.yaml rename to benchmarks/libpng-1.6.38/benchmark.yaml diff --git a/benchmarks/libpng-1.2.56/seeds/seed.png b/benchmarks/libpng-1.6.38/seeds/seed.png similarity index 100% rename from benchmarks/libpng-1.2.56/seeds/seed.png rename to benchmarks/libpng-1.6.38/seeds/seed.png diff --git a/benchmarks/libxml2_libxml2_xml_reader_for_file_fuzzer/Dockerfile b/benchmarks/libxml2_libxml2_xml_reader_for_file_fuzzer/Dockerfile index 5586c3f7c..bf425a005 100644 --- a/benchmarks/libxml2_libxml2_xml_reader_for_file_fuzzer/Dockerfile +++ b/benchmarks/libxml2_libxml2_xml_reader_for_file_fuzzer/Dockerfile @@ -17,11 +17,20 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c # Upgrade to avoid certs errors -RUN apt-get update && apt-get upgrade -y && \ - apt-get install -y make autoconf automake libtool pkg-config python-dev python3-dev +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + make autoconf libtool pkg-config \ + zlib1g-dev zlib1g-dev:i386 liblzma-dev liblzma-dev:i386 -RUN git clone https://gitlab.gnome.org/GNOME/libxml2.git +# Build requires automake 1.16.3 +RUN curl -LO \ + http://mirrors.kernel.org/ubuntu/pool/main/a/automake-1.16/automake_1.16.5-1.3_all.deb && \ + apt install ./automake_1.16.5-1.3_all.deb + +RUN git clone \ + --depth 1 \ + --branch v2.10.3 \ + https://gitlab.gnome.org/GNOME/libxml2.git WORKDIR libxml2 COPY build.sh $SRC/ -COPY *.cc *.h *.dict $SRC/ diff --git a/benchmarks/libxml2_libxml2_xml_reader_for_file_fuzzer/benchmark.yaml b/benchmarks/libxml2_libxml2_xml_reader_for_file_fuzzer/benchmark.yaml index 988efed5b..774302df6 100644 --- a/benchmarks/libxml2_libxml2_xml_reader_for_file_fuzzer/benchmark.yaml +++ b/benchmarks/libxml2_libxml2_xml_reader_for_file_fuzzer/benchmark.yaml @@ -1,8 +1,5 @@ -commit: 99a864a1f7a9cb59865f803770d7d62fb47cad69 -commit_date: 2019-09-25 13:27:45+00:00 fuzz_target: libxml2_xml_reader_for_file_fuzzer project: libxml2 -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/libxml2_libxml2_xml_reader_for_file_fuzzer/build.sh b/benchmarks/libxml2_libxml2_xml_reader_for_file_fuzzer/build.sh index 771f30d1c..efe429e38 100755 --- a/benchmarks/libxml2_libxml2_xml_reader_for_file_fuzzer/build.sh +++ b/benchmarks/libxml2_libxml2_xml_reader_for_file_fuzzer/build.sh @@ -16,15 +16,37 @@ # ################################################################################ -./autogen.sh -./configure --without-python --with-threads=no --with-zlib=no --with-lzma=no -make -j$(nproc) clean -make -j$(nproc) all +if [ "$SANITIZER" = undefined ]; then + export CFLAGS="$CFLAGS -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=unsigned-integer-overflow" + export CXXFLAGS="$CXXFLAGS -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=unsigned-integer-overflow" +fi -$CXX $CXXFLAGS -std=c++11 -Iinclude/ \ - $SRC/libxml2_xml_reader_for_file_fuzzer.cc \ - -o $OUT/libxml2_xml_reader_for_file_fuzzer \ - $LIB_FUZZING_ENGINE .libs/libxml2.a +export V=1 -cp $SRC/xml.dict $OUT/libxml2_xml_reader_for_file_fuzzer.dict -zip -r $OUT/libxml2_xml_reader_for_file_fuzzer_seed_corpus.zip $SRC/libxml2/test +./autogen.sh \ + --disable-shared \ + --without-debug \ + --without-ftp \ + --without-http \ + --without-legacy \ + --without-python +make -j$(nproc) + +cd fuzz +make clean-corpus +make fuzz.o + +for fuzzer in html regexp schema uri xml xpath; do + make $fuzzer.o + # Link with $CXX + $CXX $CXXFLAGS \ + $fuzzer.o fuzz.o \ + -o $OUT/libxml2_xml_reader_for_file_fuzzer \ + $LIB_FUZZING_ENGINE \ + ../.libs/libxml2.a -Wl,-Bstatic -lz -llzma -Wl,-Bdynamic + + [ -e seed/$fuzzer ] || make seed/$fuzzer.stamp + zip -j $OUT/${fuzzer}_seed_corpus.zip seed/$fuzzer/* +done + +cp *.dict *.options $OUT/ diff --git a/benchmarks/matio_matio_fuzzer/Dockerfile b/benchmarks/matio_matio_fuzzer/Dockerfile index ecc135991..31e495409 100644 --- a/benchmarks/matio_matio_fuzzer/Dockerfile +++ b/benchmarks/matio_matio_fuzzer/Dockerfile @@ -16,9 +16,20 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c MAINTAINER t-beu@users.sourceforge.net -RUN apt-get update && apt-get install -y make autoconf automake libhdf5-dev libtool zlib1g-dev -ENV HDF5_DIR /usr/lib/x86_64-linux-gnu/hdf5/serial -RUN git clone --depth 1 git://git.code.sf.net/p/matio/matio matio +RUN apt-get update && \ + apt-get install -y \ + make autoconf automake libtool + +RUN git clone \ + --depth 1 \ + --branch v1.2.13 \ + https://github.com/madler/zlib +RUN git clone \ + --depth 1 \ + --branch v1.5.23 \ + https://github.com/tbeu/matio.git matio +ADD https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.12/hdf5-1.12.1/src/hdf5-1.12.1.tar.gz \ + hdf5-1.12.1.tar.gz + WORKDIR matio -ADD https://support.hdfgroup.org/ftp/lib-external/szip/2.1.1/src/szip-2.1.1.tar.gz szip.tar.gz COPY build.sh $SRC/ diff --git a/benchmarks/matio_matio_fuzzer/benchmark.yaml b/benchmarks/matio_matio_fuzzer/benchmark.yaml index 88ec4e66a..83388cc6f 100644 --- a/benchmarks/matio_matio_fuzzer/benchmark.yaml +++ b/benchmarks/matio_matio_fuzzer/benchmark.yaml @@ -1,8 +1,5 @@ -commit: aefd09e9d20aebb4a0b0a5e5c619f46038dba3bc -commit_date: 2019-09-11 02:28:00+00:00 fuzz_target: matio_fuzzer project: matio -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/mruby-2018-05-23/Dockerfile b/benchmarks/mruby-2018-05-23/Dockerfile index bd2e32835..85c0ed04b 100644 --- a/benchmarks/mruby-2018-05-23/Dockerfile +++ b/benchmarks/mruby-2018-05-23/Dockerfile @@ -17,7 +17,10 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c RUN apt-get update && apt-get install -y build-essential ruby bison ninja-build \ cmake zlib1g-dev libbz2-dev liblzma-dev -RUN git clone --depth 1 https://github.com/mruby/mruby mruby +RUN git clone \ + --depth 1 \ + --branch 3.1.0 \ + https://github.com/mruby/mruby RUN git clone --depth 1 https://github.com/bshastry/mruby_seeds.git mruby_seeds WORKDIR mruby COPY build.sh *.c *.options *.dict $SRC/ diff --git a/benchmarks/mruby-2018-05-23/benchmark.yaml b/benchmarks/mruby-2018-05-23/benchmark.yaml index ef3d80de9..a9f18ff06 100644 --- a/benchmarks/mruby-2018-05-23/benchmark.yaml +++ b/benchmarks/mruby-2018-05-23/benchmark.yaml @@ -1,6 +1,4 @@ -commit: 14c21793a01e4caa802e600540628fe9ae622d54 -commit_date: 2018-05-23 08:30:50+09:00 fuzz_target: mruby_fuzzer project: mruby -type: bug unsupported_fuzzers: + - libafl diff --git a/benchmarks/mruby-2018-05-23/build.sh b/benchmarks/mruby-2018-05-23/build.sh index 0f4ee4fc7..dfaabe407 100755 --- a/benchmarks/mruby-2018-05-23/build.sh +++ b/benchmarks/mruby-2018-05-23/build.sh @@ -19,8 +19,9 @@ ( cd $SRC/mruby export LD=$CC -export LDFLAGS="$CFLAGS" -rake -m || true +export LDFLAGS="$CFLAGS -fPIE" + +LD=/usr/local/bin/clang CC=/usr/local/bin/clang CXX=/usr/local/bin/clang++ rake -m || true test -f $SRC/mruby/build/host/lib/libmruby.a diff --git a/benchmarks/muparser_set_eval_fuzzer/Dockerfile b/benchmarks/muparser_set_eval_fuzzer/Dockerfile index 255b2be45..a848b9a58 100644 --- a/benchmarks/muparser_set_eval_fuzzer/Dockerfile +++ b/benchmarks/muparser_set_eval_fuzzer/Dockerfile @@ -17,6 +17,10 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c RUN apt-get update && apt-get install -y make autoconf automake libtool RUN apt-get install -y build-essential cmake pkg-config -RUN git clone https://github.com/beltoforion/muparser.git muparser +RUN git clone \ + --depth 1 \ + --branch v2.3.4 \ + https://github.com/beltoforion/muparser.git \ + muparser WORKDIR muparser COPY build.sh set_eval_fuzzer.cc $SRC/ diff --git a/benchmarks/muparser_set_eval_fuzzer/benchmark.yaml b/benchmarks/muparser_set_eval_fuzzer/benchmark.yaml index 8d8b9d0c0..c7c0bc466 100644 --- a/benchmarks/muparser_set_eval_fuzzer/benchmark.yaml +++ b/benchmarks/muparser_set_eval_fuzzer/benchmark.yaml @@ -1,8 +1,5 @@ -commit: dd0efc8aee586eb3370025677f6ec9dee1da4729 -commit_date: 2020-08-19 20:10:49+00:00 fuzz_target: set_eval_fuzzer project: muparser -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/njs_njs_process_script_fuzzer/Dockerfile b/benchmarks/njs_njs_process_script_fuzzer/Dockerfile index 49728a0c8..3c980dabd 100644 --- a/benchmarks/njs_njs_process_script_fuzzer/Dockerfile +++ b/benchmarks/njs_njs_process_script_fuzzer/Dockerfile @@ -15,10 +15,17 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c -RUN apt-get update && apt-get install -y make autoconf automake libtool \ - mercurial libpcre3-dev subversion -RUN hg clone http://hg.nginx.org/njs -RUN git clone --branch pcre2-10.39 https://github.com/PCRE2Project/pcre2 pcre +RUN apt-get update && \ + apt-get install -y \ + make autoconf automake libtool \ + mercurial libpcre2-dev +RUN hg clone \ + --updaterev 0.7.8 \ + http://hg.nginx.org/njs +RUN git clone \ + --depth 1 \ + --branch pcre2-10.40 \ + https://github.com/PCRE2Project/pcre2 pcre WORKDIR njs COPY build.sh $SRC/ diff --git a/benchmarks/njs_njs_process_script_fuzzer/benchmark.yaml b/benchmarks/njs_njs_process_script_fuzzer/benchmark.yaml index 2896128b0..7bbaf9e12 100644 --- a/benchmarks/njs_njs_process_script_fuzzer/benchmark.yaml +++ b/benchmarks/njs_njs_process_script_fuzzer/benchmark.yaml @@ -1,8 +1,5 @@ -commit: d2877d602d3923cb2ce84a04ab14f1b48567426e -commit_date: 2020-02-18 04:02:00+00:00 fuzz_target: njs_process_script_fuzzer project: njs -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/njs_njs_process_script_fuzzer/build.sh b/benchmarks/njs_njs_process_script_fuzzer/build.sh index 229a35385..ffb1c550b 100755 --- a/benchmarks/njs_njs_process_script_fuzzer/build.sh +++ b/benchmarks/njs_njs_process_script_fuzzer/build.sh @@ -21,6 +21,8 @@ pushd $SRC/pcre CFLAGS="$CFLAGS -fno-use-cxa-atexit" CXXFLAGS="$CXXFLAGS -fno-use-cxa-atexit" ./configure make -j$(nproc) clean make -j$(nproc) all +make install +sed -i "s/\$libS\$libR \(-lpcre2-8$\)/\$libS\$libR -Wl,-Bstatic \1 -Wl,-Bdynamic/" /usr/local/bin/pcre2-config popd # build project @@ -35,14 +37,17 @@ SEED_CORPUS_PATH=$OUT/njs_process_script_fuzzer_seed_corpus mkdir -p $SEED_CORPUS_PATH set +x -cat src/test/njs_interactive_test.c src/test/njs_unit_test.c \ +cat src/test/njs_unit_test.c \ | egrep -o '".*"' | awk '{print substr($0,2,length($0)-2)}' | sort | uniq \ | while IFS= read -r line; do echo $line > $SEED_CORPUS_PATH/$(echo $line | sha1sum | awk '{ print $1 }'); done -set -x -cp -r test/fs test/module $SEED_CORPUS_PATH +find test/ -name *.t.js \ + | while IFS= read -r testname; do + cp $testname $SEED_CORPUS_PATH/$(echo $testname | sha1sum | awk '{ print $1 }'); + done +set -x zip -q $SEED_CORPUS_PATH.zip $SEED_CORPUS_PATH rm -rf $SEED_CORPUS_PATH diff --git a/benchmarks/openh264_decoder_fuzzer/Dockerfile b/benchmarks/openh264_decoder_fuzzer/Dockerfile index b1478fdaa..d124f7b43 100644 --- a/benchmarks/openh264_decoder_fuzzer/Dockerfile +++ b/benchmarks/openh264_decoder_fuzzer/Dockerfile @@ -16,9 +16,16 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c MAINTAINER twsmith@mozilla.com + RUN dpkg --add-architecture i386 && \ apt-get update && \ - apt-get install -y libstdc++-9-dev libstdc++-9-dev:i386 nasm subversion -RUN git clone https://github.com/cisco/openh264.git openh264 + apt-get install -y \ + libstdc++-9-dev libstdc++-9-dev:i386 nasm subversion + +RUN git clone \ + --branch v2.3.1 \ + --depth 1 \ + https://github.com/cisco/openh264.git + WORKDIR openh264 COPY build.sh decoder_fuzzer.cpp $SRC/ diff --git a/benchmarks/openh264_decoder_fuzzer/benchmark.yaml b/benchmarks/openh264_decoder_fuzzer/benchmark.yaml index 2e157ab59..3593ff4b1 100644 --- a/benchmarks/openh264_decoder_fuzzer/benchmark.yaml +++ b/benchmarks/openh264_decoder_fuzzer/benchmark.yaml @@ -1,8 +1,5 @@ -commit: c185ac351eff0ae277bfe14a3b2ad52e9ed8ab81 -commit_date: 2019-10-22 04:51:00+00:00 fuzz_target: decoder_fuzzer project: openh264 -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/openh264_decoder_fuzzer/build.sh b/benchmarks/openh264_decoder_fuzzer/build.sh index b0352aecd..814113860 100755 --- a/benchmarks/openh264_decoder_fuzzer/build.sh +++ b/benchmarks/openh264_decoder_fuzzer/build.sh @@ -20,11 +20,11 @@ svn export https://github.com/mozillasecurity/fuzzdata.git/trunk/samples/h264 co mv ./res/*.264 ./corpus/ zip -j0r ${OUT}/decoder_fuzzer_seed_corpus.zip ./corpus/ -# build +# build if [[ $CXXFLAGS = *sanitize=memory* ]]; then ASM_BUILD=No else ASM_BUILD=Yes fi make -j$(nproc) ARCH=$ARCHITECTURE USE_ASM=$ASM_BUILD BUILDTYPE=Debug libraries -$CXX $CXXFLAGS -o $OUT/decoder_fuzzer -I./codec/api/svc -I./codec/console/common/inc -I./codec/common/inc -L. $LIB_FUZZING_ENGINE $SRC/decoder_fuzzer.cpp libopenh264.a +$CXX $CXXFLAGS -o $OUT/decoder_fuzzer -I./codec/api/wels -I./codec/console/common/inc -I./codec/common/inc -L. $LIB_FUZZING_ENGINE $SRC/decoder_fuzzer.cpp libopenh264.a diff --git a/benchmarks/openssl_x509/Dockerfile b/benchmarks/openssl_x509/Dockerfile index ff13ed542..01937f43b 100644 --- a/benchmarks/openssl_x509/Dockerfile +++ b/benchmarks/openssl_x509/Dockerfile @@ -16,6 +16,9 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c RUN apt-get update && apt-get install -y make -RUN git clone --depth 1 https://github.com/openssl/openssl.git +RUN git clone \ + --depth 1 \ + --branch openssl-3.0.7 \ + https://github.com/openssl/openssl.git WORKDIR openssl COPY build.sh $SRC/ diff --git a/benchmarks/php_php-fuzz-execute/Dockerfile b/benchmarks/php_php-fuzz-execute/Dockerfile index 1edacfaab..8945430b5 100644 --- a/benchmarks/php_php-fuzz-execute/Dockerfile +++ b/benchmarks/php_php-fuzz-execute/Dockerfile @@ -15,9 +15,15 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c + RUN apt-get update && \ - apt-get install -y autoconf automake libtool bison re2c pkg-config -RUN git clone --depth 1 --branch master https://github.com/php/php-src.git php-src -RUN git clone https://github.com/kkos/oniguruma.git php-src/oniguruma + apt-get install -y \ + autoconf automake libtool bison re2c pkg-config + +RUN git clone \ + --depth 1 \ + --branch php-8.2.0RC6 \ + https://github.com/php/php-src.git + WORKDIR php-src COPY build.sh *.options $SRC/ diff --git a/benchmarks/php_php-fuzz-execute/benchmark.yaml b/benchmarks/php_php-fuzz-execute/benchmark.yaml index 2e94e9664..b1193628c 100644 --- a/benchmarks/php_php-fuzz-execute/benchmark.yaml +++ b/benchmarks/php_php-fuzz-execute/benchmark.yaml @@ -1,8 +1,5 @@ -commit: 1902f730ee2bda60552f34c0643e2d7b47e4fb64 -commit_date: 2020-08-29 05:28:00+00:00 fuzz_target: php-fuzz-execute project: php -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/php_php-fuzz-execute/build.sh b/benchmarks/php_php-fuzz-execute/build.sh index c85f9b106..bb3046bb2 100755 --- a/benchmarks/php_php-fuzz-execute/build.sh +++ b/benchmarks/php_php-fuzz-execute/build.sh @@ -15,28 +15,28 @@ # ################################################################################ -# build oniguruma and link statically -pushd oniguruma -autoreconf -vfi -./configure -make -j$(nproc) -popd -export ONIG_CFLAGS="-I$PWD/oniguruma/src" -export ONIG_LIBS="-L$PWD/oniguruma/src/.libs -l:libonig.a" - # PHP's zend_function union is incompatible with the object-size sanitizer export CFLAGS="$CFLAGS -fno-sanitize=object-size" export CXXFLAGS="$CXXFLAGS -fno-sanitize=object-size" +# Disable JIT profitability checks. +export CFLAGS="$CFLAGS -DPROFITABILITY_CHECKS=0" + +# Make sure the right assembly files are picked +BUILD_FLAG="" +if [ "$ARCHITECTURE" = "i386" ]; then + BUILD_FLAG="--build=i686-pc-linux-gnu" +fi + # build project -./buildconf -./configure \ +./buildconf --force +./configure $BUILD_FLAG \ --disable-all \ --enable-debug-assertions \ --enable-option-checking=fatal \ --enable-fuzzer \ --enable-exif \ - --enable-mbstring \ + --enable-opcache \ --without-pcre-jit \ --disable-phpdbg \ --disable-cgi \ @@ -46,12 +46,34 @@ make -j$(nproc) # Generate corpuses and dictionaries. sapi/cli/php sapi/fuzzer/generate_all.php -FUZZERS="php-fuzz-execute" +# Copy dictionaries to expected locations. +cp sapi/fuzzer/dict/unserialize $OUT/php-fuzz-unserialize.dict +cp sapi/fuzzer/dict/parser $OUT/php-fuzz-parser.dict +cp sapi/fuzzer/json.dict $OUT/php-fuzz-json.dict + +FUZZERS="php-fuzz-json +php-fuzz-exif +php-fuzz-unserialize +php-fuzz-unserializehash +php-fuzz-parser +php-fuzz-execute" for fuzzerName in $FUZZERS; do - cp sapi/fuzzer/$fuzzerName $OUT/ + cp sapi/fuzzer/$fuzzerName $OUT/ done + +# The JIT fuzzer is fundamentally incompatible with memory sanitizer, +# as that would require the JIT to emit msan instrumentation itself. +# In practice it is currently also incompatible with ubsan. +if [ "$SANITIZER" != "memory" ] && [ "$SANITIZER" != "undefined" ]; then + cp sapi/fuzzer/php-fuzz-function-jit $OUT/ + cp sapi/fuzzer/php-fuzz-tracing-jit $OUT/ + + # Copy opcache.so extension, which does not support static linking. + mkdir -p $OUT/modules + cp modules/opcache.so $OUT/modules +fi + # copy corpora from source for fuzzerName in `ls sapi/fuzzer/corpus`; do - zip -j $OUT/php-fuzz-${fuzzerName}_seed_corpus.zip sapi/fuzzer/corpus/${fuzzerName}/* + zip -j $OUT/php-fuzz-${fuzzerName}_seed_corpus.zip sapi/fuzzer/corpus/${fuzzerName}/* done - diff --git a/benchmarks/php_php-fuzz-parser-2020-07-25/Dockerfile b/benchmarks/php_php-fuzz-parser-2020-07-25/Dockerfile index 1edacfaab..8945430b5 100644 --- a/benchmarks/php_php-fuzz-parser-2020-07-25/Dockerfile +++ b/benchmarks/php_php-fuzz-parser-2020-07-25/Dockerfile @@ -15,9 +15,15 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c + RUN apt-get update && \ - apt-get install -y autoconf automake libtool bison re2c pkg-config -RUN git clone --depth 1 --branch master https://github.com/php/php-src.git php-src -RUN git clone https://github.com/kkos/oniguruma.git php-src/oniguruma + apt-get install -y \ + autoconf automake libtool bison re2c pkg-config + +RUN git clone \ + --depth 1 \ + --branch php-8.2.0RC6 \ + https://github.com/php/php-src.git + WORKDIR php-src COPY build.sh *.options $SRC/ diff --git a/benchmarks/php_php-fuzz-parser-2020-07-25/benchmark.yaml b/benchmarks/php_php-fuzz-parser-2020-07-25/benchmark.yaml index 875800592..5e0d12b93 100644 --- a/benchmarks/php_php-fuzz-parser-2020-07-25/benchmark.yaml +++ b/benchmarks/php_php-fuzz-parser-2020-07-25/benchmark.yaml @@ -1,8 +1,5 @@ -commit: 8664ff7ae174c610769c36a712eeea80cc3ad933 -commit_date: 2020-07-25 01:16:00+00:00 fuzz_target: php-fuzz-parser project: php -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/php_php-fuzz-parser-2020-07-25/build.sh b/benchmarks/php_php-fuzz-parser-2020-07-25/build.sh index fd11356a1..bb3046bb2 100755 --- a/benchmarks/php_php-fuzz-parser-2020-07-25/build.sh +++ b/benchmarks/php_php-fuzz-parser-2020-07-25/build.sh @@ -15,27 +15,28 @@ # ################################################################################ -# build oniguruma and link statically -pushd oniguruma -autoreconf -vfi -./configure -make -j$(nproc) -popd -export ONIG_CFLAGS="-I$PWD/oniguruma/src" -export ONIG_LIBS="-L$PWD/oniguruma/src/.libs -l:libonig.a" - # PHP's zend_function union is incompatible with the object-size sanitizer export CFLAGS="$CFLAGS -fno-sanitize=object-size" export CXXFLAGS="$CXXFLAGS -fno-sanitize=object-size" +# Disable JIT profitability checks. +export CFLAGS="$CFLAGS -DPROFITABILITY_CHECKS=0" + +# Make sure the right assembly files are picked +BUILD_FLAG="" +if [ "$ARCHITECTURE" = "i386" ]; then + BUILD_FLAG="--build=i686-pc-linux-gnu" +fi + # build project -./buildconf -./configure \ +./buildconf --force +./configure $BUILD_FLAG \ --disable-all \ + --enable-debug-assertions \ --enable-option-checking=fatal \ --enable-fuzzer \ --enable-exif \ - --enable-mbstring \ + --enable-opcache \ --without-pcre-jit \ --disable-phpdbg \ --disable-cgi \ @@ -52,15 +53,27 @@ cp sapi/fuzzer/json.dict $OUT/php-fuzz-json.dict FUZZERS="php-fuzz-json php-fuzz-exif -php-fuzz-mbstring php-fuzz-unserialize php-fuzz-unserializehash -php-fuzz-parser" +php-fuzz-parser +php-fuzz-execute" for fuzzerName in $FUZZERS; do - cp sapi/fuzzer/$fuzzerName $OUT/ + cp sapi/fuzzer/$fuzzerName $OUT/ done + +# The JIT fuzzer is fundamentally incompatible with memory sanitizer, +# as that would require the JIT to emit msan instrumentation itself. +# In practice it is currently also incompatible with ubsan. +if [ "$SANITIZER" != "memory" ] && [ "$SANITIZER" != "undefined" ]; then + cp sapi/fuzzer/php-fuzz-function-jit $OUT/ + cp sapi/fuzzer/php-fuzz-tracing-jit $OUT/ + + # Copy opcache.so extension, which does not support static linking. + mkdir -p $OUT/modules + cp modules/opcache.so $OUT/modules +fi + # copy corpora from source for fuzzerName in `ls sapi/fuzzer/corpus`; do - zip -j $OUT/php-fuzz-${fuzzerName}_seed_corpus.zip sapi/fuzzer/corpus/${fuzzerName}/* + zip -j $OUT/php-fuzz-${fuzzerName}_seed_corpus.zip sapi/fuzzer/corpus/${fuzzerName}/* done - diff --git a/benchmarks/poppler_pdf_fuzzer/Dockerfile b/benchmarks/poppler_pdf_fuzzer/Dockerfile index 624c023bc..bf1ab0990 100644 --- a/benchmarks/poppler_pdf_fuzzer/Dockerfile +++ b/benchmarks/poppler_pdf_fuzzer/Dockerfile @@ -16,13 +16,67 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c MAINTAINER jonathan@titanous.com -RUN apt-get update && apt-get upgrade -y && apt-get install -y make autoconf libz-dev lib32z1-dev zlib1g-dev automake libtool pkg-config cmake -RUN git clone --depth 1 https://anongit.freedesktop.org/git/poppler/poppler.git -RUN git clone --depth 1 git://git.sv.nongnu.org/freetype/freetype2.git -RUN git clone --depth 1 https://github.com/mozilla/pdf.js pdf.js && \ + +RUN apt-get update && \ + apt-get install -y \ + wget autoconf automake libtool pkg-config gperf +RUN pip3 install \ + meson ninja gyp-next + +RUN git clone \ + --depth 1 \ + --branch v1.2.13 \ + https://github.com/madler/zlib.git +RUN git clone \ + --depth 1 \ + --branch VER-2-12-1 \ + https://gitlab.freedesktop.org/freetype/freetype.git +RUN git clone \ + --depth 1 \ + --branch lcms2.14 \ + https://github.com/mm2/Little-CMS.git +RUN git clone \ + --depth 1 \ + --branch v2.5.0 \ + https://github.com/uclouvain/openjpeg +RUN git clone \ + --depth 1 \ + --branch v1.6.38 \ + https://github.com/glennrp/libpng.git +RUN git clone \ + --depth 1 \ + --branch 2.14.1 \ + https://gitlab.freedesktop.org/fontconfig/fontconfig.git +RUN git clone \ + --depth 1 \ + --branch 1.17.6 \ + https://gitlab.freedesktop.org/cairo/cairo.git +RUN git clone \ + --depth 1 \ + --branch=5.15 \ + git://code.qt.io/qt/qtbase.git +RUN git clone \ + --depth 1 \ + --branch 1.50.11 \ + https://gitlab.gnome.org/GNOME/pango.git + +ADD https://ftp.gnome.org/pub/gnome/sources/glib/2.70/glib-2.70.0.tar.xz $SRC +RUN tar xvJf $SRC/glib-2.70.0.tar.xz +RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.76.0/source/boost_1_76_0.tar.bz2 +RUN wget https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_75_RTM/src/nss-3.75-with-nspr-4.32.tar.gz + +RUN git clone \ + --depth 1 \ + --branch poppler-22.02.0 \ + https://github.com/freedesktop/poppler.git + +RUN git clone \ + --depth 1 \ + --branch v3.0.279 \ + https://github.com/mozilla/pdf.js pdf.js && \ zip -q $SRC/pdf_fuzzer_seed_corpus.zip pdf.js/test/pdfs/*.pdf && \ rm -rf pdf.js -ADD https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/pdf.dict $SRC/pdf_fuzzer.dict -WORKDIR $SRC -COPY *.cc poppler/fuzz/ + +ADD https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/pdf.dict $SRC/poppler.dict +WORKDIR $SRC/poppler COPY build.sh $SRC/ diff --git a/benchmarks/poppler_pdf_fuzzer/benchmark.yaml b/benchmarks/poppler_pdf_fuzzer/benchmark.yaml index b9d34d7da..77d1826c4 100644 --- a/benchmarks/poppler_pdf_fuzzer/benchmark.yaml +++ b/benchmarks/poppler_pdf_fuzzer/benchmark.yaml @@ -1,8 +1,5 @@ -commit: 987bbb684e688651e3d06502e2ff9b6f08130538 -commit_date: 2018-08-31 03:01:00+00:00 fuzz_target: pdf_fuzzer project: poppler -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/poppler_pdf_fuzzer/build.sh b/benchmarks/poppler_pdf_fuzzer/build.sh index fa4f5b4ac..4863f3820 100755 --- a/benchmarks/poppler_pdf_fuzzer/build.sh +++ b/benchmarks/poppler_pdf_fuzzer/build.sh @@ -15,50 +15,278 @@ # ################################################################################ -pushd $SRC/freetype2 +PREFIX=$WORK/prefix +mkdir -p $PREFIX + +export PKG_CONFIG="`which pkg-config` --static" +export PKG_CONFIG_PATH=$PREFIX/lib/pkgconfig +export PATH=$PREFIX/bin:$PATH + +BUILD=$WORK/build + +rm -rf $WORK/* +rm -rf $BUILD +mkdir -p $BUILD + +# Install Boost headers +cd $SRC/ +tar jxf boost_1_76_0.tar.bz2 +cd boost_1_76_0/ +CFLAGS="" CXXFLAGS="" ./bootstrap.sh +CFLAGS="" CXXFLAGS="" ./b2 headers +cp -R boost/ /usr/include/ + +pushd $SRC/zlib +CFLAGS=-fPIC ./configure --static --prefix=$PREFIX +make install -j$(nproc) + +pushd $SRC +tar zxf nss-3.75-with-nspr-4.32.tar.gz +cd nss-3.75 +nss_flag="" +SAVE_CFLAGS="$CFLAGS" +SAVE_CXXFLAGS="$CXXFLAGS" +if [ "$SANITIZER" = "memory" ]; then + nss_flag="--msan" +elif [ "$SANITIZER" = "address" ]; then + nss_flag="--asan" +elif [ "$SANITIZER" = "undefined" ]; then + nss_flag="--ubsan" +elif [ "$SANITIZER" = "coverage" ]; then + # some parts of nss don't like -fcoverage-mapping nor -fprofile-instr-generate :/ + CFLAGS="${CFLAGS/"-fcoverage-mapping"/" "}" + CFLAGS="${CFLAGS/"-fprofile-instr-generate"/" "}" + CXXFLAGS="${CXXFLAGS/"-fcoverage-mapping"/" "}" + CXXFLAGS="${CXXFLAGS/"-fprofile-instr-generate"/" "}" +fi + +./nss/build.sh $nss_flag --disable-tests --static -v -Dmozilla_client=1 -Dzlib_libs=$PREFIX/lib/libz.a + +CFLAGS="$SAVE_CFLAGS" +CXXFLAGS="$SAVE_CXXFLAGS" + +# NSS has a .pc.in file but doesn't do anything with it +cp nss/pkg/pkg-config/nss.pc.in $PREFIX/lib/pkgconfig/nss.pc +sed -i "s#\${libdir}#${SRC}/nss-3.75/dist/Debug/lib#g" $PREFIX/lib/pkgconfig/nss.pc +sed -i "s#\${includedir}#${SRC}/nss-3.75/dist/public/nss#g" $PREFIX/lib/pkgconfig/nss.pc +sed -i "s#%NSS_VERSION%#3.75#g" $PREFIX/lib/pkgconfig/nss.pc +cp dist/Debug/lib/pkgconfig/nspr.pc $PREFIX/lib/pkgconfig/ + +pushd $SRC/freetype ./autogen.sh -./configure --prefix="$WORK" --disable-shared PKG_CONFIG_PATH="$WORK/lib/pkgconfig" +./configure --prefix="$PREFIX" --disable-shared PKG_CONFIG_PATH="$PKG_CONFIG_PATH" +make -j$(nproc) +make install + +pushd $SRC/Little-CMS +./autogen.sh --prefix="$PREFIX" --disable-shared PKG_CONFIG_PATH="$PKG_CONFIG_PATH" +make -j$(nproc) +make install + +mkdir -p $SRC/openjpeg/build +pushd $SRC/openjpeg/build +cmake .. -DBUILD_SHARED_LIBS=OFF -DCMAKE_INSTALL_PREFIX=$PREFIX +make -j$(nproc) install + +if [ "$SANITIZER" != "memory" ]; then + + pushd $SRC/fontconfig + meson \ + --prefix=$PREFIX \ + --libdir=lib \ + --default-library=static \ + _builddir + ninja -C _builddir + ninja -C _builddir install + popd + + pushd $SRC/glib-2.70.0 + # remove once there's a released glib that contains https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2324 + sed -i s#https://ftp.pcre.org/pub/pcre/pcre-8.37.tar.bz2#https://sourceforge.net/projects/pcre/files/pcre/8.37/pcre-8.37.tar.bz2# subprojects/libpcre.wrap + meson \ + --prefix=$PREFIX \ + --libdir=lib \ + --default-library=static \ + -Db_lundef=false \ + -Doss_fuzz=enabled \ + -Dlibmount=disabled \ + _builddir + ninja -C _builddir + ninja -C _builddir install + popd + + pushd $SRC/libpng + autoreconf -fi + CPPFLAGS=-I$PREFIX/include LDFLAGS=-L$PREFIX/lib ./configure --prefix="$PREFIX" --disable-shared --disable-dependency-tracking + make -j$(nproc) + make install + + pushd $SRC/cairo + meson \ + --prefix=$PREFIX \ + --libdir=lib \ + --default-library=static \ + _builddir + ninja -C _builddir + ninja -C _builddir install + popd + + pushd $SRC/pango + meson \ + -Ddefault_library=static \ + --prefix=$PREFIX \ + --libdir=lib \ + _builddir + sed -i -e 's/ -Werror=implicit-fallthrough//g' _builddir/build.ninja + ninja -C _builddir + ninja -C _builddir install + popd +fi + +pushd $SRC/qtbase +# add the flags to Qt build too +sed -i -e "s/QMAKE_CXXFLAGS += -stdlib=libc++/QMAKE_CXXFLAGS += -stdlib=libc++ $CXXFLAGS\nQMAKE_CFLAGS += $CFLAGS/g" mkspecs/linux-clang-libc++/qmake.conf +sed -i -e "s/QMAKE_LFLAGS += -stdlib=libc++/QMAKE_LFLAGS += -stdlib=libc++ -lpthread $CXXFLAGS/g" mkspecs/linux-clang-libc++/qmake.conf +# disable sanitize=vptr for harfbuzz since it compiles without rtti +sed -i -e "s/TARGET = qtharfbuzz/TARGET = qtharfbuzz\nQMAKE_CXXFLAGS += -fno-sanitize=vptr/g" src/3rdparty/harfbuzz-ng/harfbuzz-ng.pro +# make qmake compile faster +sed -i -e "s/MAKE\")/MAKE\" -j$(nproc))/g" configure +./configure --glib=no --libpng=qt -opensource -confirm-license -static -no-opengl -no-icu -no-pkg-config -platform linux-clang-libc++ -nomake tests -nomake examples -prefix $PREFIX -D QT_NO_DEPRECATED_WARNINGS make -j$(nproc) make install +popd + +# Poppler complains when PKG_CONFIG is set to `which pkg-config --static` so +# temporarily removing it +export PKG_CONFIG="`which pkg-config`" -mkdir -p $WORK/poppler -pushd $WORK/poppler -cmake $SRC/poppler \ +if [ "$SANITIZER" != "memory" ]; then + POPPLER_ENABLE_GLIB=ON + POPPLER_FONT_CONFIGURATION=fontconfig +else + POPPLER_ENABLE_GLIB=OFF + POPPLER_FONT_CONFIGURATION=generic +fi + +mkdir -p $SRC/poppler/build +pushd $SRC/poppler/build +cmake .. \ -DCMAKE_BUILD_TYPE=debug \ -DBUILD_SHARED_LIBS=OFF \ - -DFONT_CONFIGURATION=generic \ + -DENABLE_FUZZER=OFF \ + -DFONT_CONFIGURATION=$POPPLER_FONT_CONFIGURATION \ -DENABLE_DCTDECODER=none \ - -DENABLE_LIBOPENJPEG=none \ - -DENABLE_CMS=none \ + -DENABLE_GOBJECT_INTROSPECTION=OFF \ -DENABLE_LIBPNG=OFF \ -DENABLE_ZLIB=OFF \ -DENABLE_LIBTIFF=OFF \ -DENABLE_LIBJPEG=OFF \ - -DENABLE_GLIB=OFF \ + -DENABLE_GLIB=$POPPLER_ENABLE_GLIB \ -DENABLE_LIBCURL=OFF \ - -DENABLE_QT5=OFF \ + -DENABLE_QT5=ON \ -DENABLE_UTILS=OFF \ - -DWITH_Cairo=OFF \ - -DWITH_NSS3=OFF \ - -DFREETYPE_INCLUDE_DIRS=$WORK/include/freetype2 \ - -DFREETYPE_LIBRARY=$WORK/lib -make -j$(nproc) poppler poppler-cpp + -DWITH_Cairo=$POPPLER_ENABLE_GLIB \ + -DCMAKE_INSTALL_PREFIX=$PREFIX + +export PKG_CONFIG="`which pkg-config` --static" +make -j$(nproc) poppler poppler-cpp poppler-qt5 +if [ "$SANITIZER" != "memory" ]; then + make -j$(nproc) poppler-glib +fi + +PREDEPS_LDFLAGS="-Wl,-Bdynamic -ldl -lm -lc -lz -pthread -lrt -lpthread" +DEPS="freetype2 lcms2 libopenjp2" +if [ "$SANITIZER" != "memory" ]; then + DEPS="$DEPS fontconfig libpng" +fi +BUILD_CFLAGS="$CFLAGS `pkg-config --static --cflags $DEPS`" +BUILD_LDFLAGS="-Wl,-static `pkg-config --static --libs $DEPS`" +# static linking is hard ^_^ +NSS_STATIC_LIBS=`ls $SRC/nss-3.75/dist/Debug/lib/lib*.a` +NSS_STATIC_LIBS="$NSS_STATIC_LIBS $NSS_STATIC_LIBS $NSS_STATIC_LIBS" +BUILD_LDFLAGS="$BUILD_LDFLAGS $NSS_STATIC_LIBS" -fuzz_target=pdf_fuzzer +fuzzers=$(find $SRC/poppler/cpp/tests/fuzzing/ -name "*_fuzzer.cc") -pushd $SRC/poppler -$CXX $CXXFLAGS -std=c++11 -Icpp \ - fuzz/pdf_fuzzer.cc -lz -o $OUT/$fuzz_target \ - -lFuzzingEngine $WORK/poppler/cpp/libpoppler-cpp.a $WORK/poppler/libpoppler.a $WORK/lib/libfreetype.a +for f in $fuzzers; do + fuzzer_name=$(basename $f .cc) + + $CXX $CXXFLAGS -std=c++11 -I$SRC/poppler/cpp -I$SRC/poppler/build/cpp \ + $BUILD_CFLAGS \ + $f -o $OUT/$fuzzer_name \ + $PREDEPS_LDFLAGS \ + $SRC/poppler/build/cpp/libpoppler-cpp.a \ + $SRC/poppler/build/libpoppler.a \ + $BUILD_LDFLAGS \ + $LIB_FUZZING_ENGINE \ + $LIB_FUZZING_ENGINE \ + -Wl,-Bdynamic +done + +if [ "$SANITIZER" != "memory" ]; then + DEPS="gmodule-2.0 glib-2.0 gio-2.0 gobject-2.0 freetype2 lcms2 libopenjp2 cairo cairo-gobject pango fontconfig libpng" + BUILD_CFLAGS="$CFLAGS `pkg-config --static --cflags $DEPS`" + BUILD_LDFLAGS="-Wl,-static `pkg-config --static --libs $DEPS`" + BUILD_LDFLAGS="$BUILD_LDFLAGS $NSS_STATIC_LIBS" + + fuzzers=$(find $SRC/poppler/glib/tests/fuzzing/ -name "*_fuzzer.cc") + for f in $fuzzers; do + fuzzer_name=$(basename $f .cc) + + $CXX $CXXFLAGS -std=c++11 -I$SRC/poppler/glib -I$SRC/poppler/build/glib \ + $BUILD_CFLAGS \ + $f -o $OUT/$fuzzer_name \ + $PREDEPS_LDFLAGS \ + $SRC/poppler/build/glib/libpoppler-glib.a \ + $SRC/poppler/build/cpp/libpoppler-cpp.a \ + $SRC/poppler/build/libpoppler.a \ + $BUILD_LDFLAGS \ + $LIB_FUZZING_ENGINE \ + -Wl,-Bdynamic + done +fi + +PREDEPS_LDFLAGS="-Wl,-Bdynamic -ldl -lm -lc -lz -pthread -lrt -lpthread" +DEPS="freetype2 lcms2 libopenjp2 Qt5Core Qt5Gui Qt5Xml" +if [ "$SANITIZER" != "memory" ]; then + DEPS="$DEPS fontconfig libpng" +fi +BUILD_CFLAGS="$CFLAGS `pkg-config --static --cflags $DEPS`" +BUILD_LDFLAGS="-Wl,-static `pkg-config --static --libs $DEPS`" +BUILD_LDFLAGS="$BUILD_LDFLAGS $NSS_STATIC_LIBS" + +fuzzers=$(find $SRC/poppler/qt5/tests/fuzzing/ -name "*_fuzzer.cc") +for f in $fuzzers; do + fuzzer_name=$(basename $f .cc) + + $CXX $CXXFLAGS -std=c++11 -fPIC \ + -I$SRC/poppler/qt5/src -I$SRC/poppler/build/qt5/src \ + $BUILD_CFLAGS \ + $f -o $OUT/$fuzzer_name \ + $PREDEPS_LDFLAGS \ + $SRC/poppler/build/qt5/src/libpoppler-qt5.a \ + $SRC/poppler/build/cpp/libpoppler-cpp.a \ + $SRC/poppler/build/libpoppler.a \ + $BUILD_LDFLAGS \ + $LIB_FUZZING_ENGINE \ + -Wl,-Bdynamic +done mv $SRC/{*.zip,*.dict} $OUT -if [ ! -f "${OUT}/${fuzz_target}_seed_corpus.zip" ]; then - echo "missing seed corpus" - exit 1 +if [ ! -f "${OUT}/poppler_seed_corpus.zip" ]; then + echo "missing seed corpus" + exit 1 fi -if [ ! -f "${OUT}/${fuzz_target}.dict" ]; then - echo "missing dictionary" - exit 1 +if [ ! -f "${OUT}/poppler.dict" ]; then + echo "missing dictionary" + exit 1 fi + +fuzzers=$(find $OUT -name "*_fuzzer") +for f in $fuzzers; do + fuzzer_name=$(basename $f) + ln -sf $OUT/poppler_seed_corpus.zip $OUT/${fuzzer_name}_seed_corpus.zip + ln -sf $OUT/poppler.dict $OUT/${fuzzer_name}.dict +done diff --git a/benchmarks/proj4_standard_fuzzer/Dockerfile b/benchmarks/proj4_standard_fuzzer/Dockerfile index 39ea90596..701d0c298 100644 --- a/benchmarks/proj4_standard_fuzzer/Dockerfile +++ b/benchmarks/proj4_standard_fuzzer/Dockerfile @@ -15,7 +15,34 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c -RUN apt-get update && apt-get install -y make autoconf automake libtool g++ sqlite3 libsqlite3-dev pkg-config -RUN git clone --depth 1 https://github.com/OSGeo/proj.4 proj.4 -WORKDIR proj.4 -COPY build.sh $SRC/ + +RUN apt-get update && \ + apt-get install -y \ + make autoconf automake libtool g++ sqlite3 pkg-config wget + +RUN git clone \ + --depth 1 \ + --branch 9.1.0 \ + https://github.com/OSGeo/PROJ \ + PROJ +RUN git clone \ + --depth 1 \ + --branch curl-7_86_0 \ + https://github.com/curl/curl.git \ + PROJ/curl +# Use a commit hash instead of the latest release of libtiff because the latter +# does not use autogen.sh, which is required in the lateest build.sh. +# Feel free to change back to release tag in the next update. +RUN git clone \ + https://gitlab.com/libtiff/libtiff.git \ + PROJ/libtiff && \ + (cd PROJ/libtiff && \ + git checkout 31d9e9f73dc8b6fa599c931d9ff058d8ea32795c) + +WORKDIR PROJ + +RUN cp test/fuzzers/build.sh $SRC/ +# This is to fix Fuzz Introspector build by using LLVM old pass manager +# re https://github.com/ossf/fuzz-introspector/issues/305 +ENV OLD_LLVMPASS 1 +ENV fuzzerName=standard_fuzzer diff --git a/benchmarks/proj4_standard_fuzzer/benchmark.yaml b/benchmarks/proj4_standard_fuzzer/benchmark.yaml index fbcd21a81..e090cb27b 100644 --- a/benchmarks/proj4_standard_fuzzer/benchmark.yaml +++ b/benchmarks/proj4_standard_fuzzer/benchmark.yaml @@ -1,8 +1,5 @@ -commit: c288debe029667515656213b0ba81956c3ede26d -commit_date: 2019-03-15 01:51:00+00:00 fuzz_target: standard_fuzzer project: proj4 -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/proj4_standard_fuzzer/build.sh b/benchmarks/proj4_standard_fuzzer/build.sh deleted file mode 100755 index 4dc9c6741..000000000 --- a/benchmarks/proj4_standard_fuzzer/build.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -eu -# Copyright 2016 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -./autogen.sh -./configure --disable-shared -make clean -s -(cd src && make -j$(nproc) -s) - -./test/fuzzers/build_google_oss_fuzzers.sh -./test/fuzzers/build_seed_corpus.sh diff --git a/benchmarks/proj4_standard_fuzzer/testcases/11697 b/benchmarks/proj4_standard_fuzzer/testcases/11697 deleted file mode 100644 index 8dac58f55..000000000 Binary files a/benchmarks/proj4_standard_fuzzer/testcases/11697 and /dev/null differ diff --git a/benchmarks/proj4_standard_fuzzer/testcases/11893 b/benchmarks/proj4_standard_fuzzer/testcases/11893 deleted file mode 100644 index 5794d954b..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/11893 +++ /dev/null @@ -1,3 +0,0 @@ -+o_lat_p +proj=ob_tran +o_proj=helmert -+proj=cc -BINARY_3D: ˙˙˙ \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/12799 b/benchmarks/proj4_standard_fuzzer/testcases/12799 deleted file mode 100644 index a014a73a8..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/12799 +++ /dev/null @@ -1,3 +0,0 @@ -+proj=cc -+proj=hammer +W=9 -BINARY_3D: ˙ ˙˙˙˙ \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/12909 b/benchmarks/proj4_standard_fuzzer/testcases/12909 deleted file mode 100644 index d10b1aa2d..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/12909 +++ /dev/null @@ -1,2 +0,0 @@ -+proj=wag3 +R_a +a=2 +f=2 - diff --git a/benchmarks/proj4_standard_fuzzer/testcases/13028 b/benchmarks/proj4_standard_fuzzer/testcases/13028 deleted file mode 100644 index 9ce2f4f95..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/13028 +++ /dev/null @@ -1,2 +0,0 @@ -+proj=aea +lat_1=900 - diff --git a/benchmarks/proj4_standard_fuzzer/testcases/13069 b/benchmarks/proj4_standard_fuzzer/testcases/13069 deleted file mode 100644 index fc8cbd2a6..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/13069 +++ /dev/null @@ -1,3 +0,0 @@ -+proj=poly -+proj=pipeline +R=2 da=2 dy dz proj=molodensky dx df +step +step -BINARY_3D:˙ ˙˙ \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/13790 b/benchmarks/proj4_standard_fuzzer/testcases/13790 deleted file mode 100644 index f792737c7..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/13790 +++ /dev/null @@ -1,3 +0,0 @@ -+proj=sterea -+proj=sterea -BINARY_3D: ˙ \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/13828 b/benchmarks/proj4_standard_fuzzer/testcases/13828 deleted file mode 100644 index 5047496d9..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/13828 +++ /dev/null @@ -1,4 +0,0 @@ -+o_lat_p=0000000000000001@ups000 +proj=ob_tran +o_proj +o_p00+o_+stp +s +lat_1=1J +lat_2 +proj=imw_p +9GGGGGCGw -+proj=ups +nadgrids -3 -00+proj>”8”””””” \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/13829 b/benchmarks/proj4_standard_fuzzer/testcases/13829 deleted file mode 100644 index 298349fac..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/13829 +++ /dev/null @@ -1,2 +0,0 @@ -+proj=pipeline +lat_0=9090 proj=laea +step - diff --git a/benchmarks/proj4_standard_fuzzer/testcases/13830 b/benchmarks/proj4_standard_fuzzer/testcases/13830 deleted file mode 100644 index 907d3ef7a..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/13830 +++ /dev/null @@ -1,2 +0,0 @@ -+proj=pipeline +f=1 +step - diff --git a/benchmarks/proj4_standard_fuzzer/testcases/13893 b/benchmarks/proj4_standard_fuzzer/testcases/13893 deleted file mode 100644 index 2a49549f2..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/13893 +++ /dev/null @@ -1,3 +0,0 @@ -+a=6 +proj=tmerc -+proj=aeqd -BINARY_3D: ˙ \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/13894 b/benchmarks/proj4_standard_fuzzer/testcases/13894 deleted file mode 100644 index 1a55fdf7d..000000000 Binary files a/benchmarks/proj4_standard_fuzzer/testcases/13894 and /dev/null differ diff --git a/benchmarks/proj4_standard_fuzzer/testcases/13895 b/benchmarks/proj4_standard_fuzzer/testcases/13895 deleted file mode 100644 index ea4b4984e..000000000 Binary files a/benchmarks/proj4_standard_fuzzer/testcases/13895 and /dev/null differ diff --git a/benchmarks/proj4_standard_fuzzer/testcases/13947 b/benchmarks/proj4_standard_fuzzer/testcases/13947 deleted file mode 100644 index ffd0ba979..000000000 Binary files a/benchmarks/proj4_standard_fuzzer/testcases/13947 and /dev/null differ diff --git a/benchmarks/proj4_standard_fuzzer/testcases/13948 b/benchmarks/proj4_standard_fuzzer/testcases/13948 deleted file mode 100644 index a42feb284..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/13948 +++ /dev/null @@ -1,3 +0,0 @@ - +proj=pipeline +˙˙F +proj=tpeqd +lon_2=1=j +lat_1=90 +sa +step +q +lat_2=90 +sts+š -==aaaa -aaa== \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14010 b/benchmarks/proj4_standard_fuzzer/testcases/14010 deleted file mode 100644 index 91f35b6da..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/14010 +++ /dev/null @@ -1,3 +0,0 @@ -+proj=bonne +lat_1=90 -+proj=bonne +lat_1=90 -BINARY_3D: \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14015 b/benchmarks/proj4_standard_fuzzer/testcases/14015 deleted file mode 100644 index 02e481571..000000000 Binary files a/benchmarks/proj4_standard_fuzzer/testcases/14015 and /dev/null differ diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14061 b/benchmarks/proj4_standard_fuzzer/testcases/14061 deleted file mode 100644 index 693015383..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/14061 +++ /dev/null @@ -1,2 +0,0 @@ -+proj=pipeline +lat_0=-90 proj=krovak +step - diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14135 b/benchmarks/proj4_standard_fuzzer/testcases/14135 deleted file mode 100644 index e05313198..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/14135 +++ /dev/null @@ -1,3 +0,0 @@ -+path=1 +lsat=5 +proj=lsat +init=IGNF:="˙ proj=webmerc type=crs "˙ -+proj=stere -BINARY_3D: ˙ \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14136 b/benchmarks/proj4_standard_fuzzer/testcases/14136 deleted file mode 100644 index 4e5601c98..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/14136 +++ /dev/null @@ -1,2 +0,0 @@ -+++proj=omerc +alpha +proj=ob_tran +o_proj= +lat_0=90s. - diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14211 b/benchmarks/proj4_standard_fuzzer/testcases/14211 deleted file mode 100644 index 4c2d0d547..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/14211 +++ /dev/null @@ -1,2 +0,0 @@ - +proj=eqc -+proj=pipeline +lat_2=90e3 +proj=eqdc +step diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14248 b/benchmarks/proj4_standard_fuzzer/testcases/14248 deleted file mode 100644 index f83adb2c3..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/14248 +++ /dev/null @@ -1,3 +0,0 @@ -+proj=pipeline +lat_1=5 lat_2 proj=imw_p +step -+proj=aeqd -BINARY_3D: @ + \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14286 b/benchmarks/proj4_standard_fuzzer/testcases/14286 deleted file mode 100644 index c0cf8fac6..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/14286 +++ /dev/null @@ -1,3 +0,0 @@ -+proj=ups -+mode=hex +proj=isea +resolution=31 -2 2 \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14342 b/benchmarks/proj4_standard_fuzzer/testcases/14342 deleted file mode 100644 index ec6eadc57..000000000 Binary files a/benchmarks/proj4_standard_fuzzer/testcases/14342 and /dev/null differ diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14410 b/benchmarks/proj4_standard_fuzzer/testcases/14410 deleted file mode 100644 index ce3b2f3f2..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/14410 +++ /dev/null @@ -1,3 +0,0 @@ -+proj=geocent -+proj=pipeline +no_cut proj=airy +step -BINARY_3D: Ô \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14421 b/benchmarks/proj4_standard_fuzzer/testcases/14421 deleted file mode 100644 index 733815414..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/14421 +++ /dev/null @@ -1,3 +0,0 @@ -+proj=pipeline +proj=gs50 towgs84 +inv +step +step +inv -+proj=aeqd -BINARY_3D: ˙ ˙ \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14477 b/benchmarks/proj4_standard_fuzzer/testcases/14477 deleted file mode 100644 index c599ee420..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/14477 +++ /dev/null @@ -1,3 +0,0 @@ -+proj=ups -+proj=pipeline +proj=pipeline proj=lagrng step +inv +step lat_1=89 +step +step +step +step +step -BINARY_3D: \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14602 b/benchmarks/proj4_standard_fuzzer/testcases/14602 deleted file mode 100644 index d1c8a9985..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/14602 +++ /dev/null @@ -1,3 +0,0 @@ -+proj=ups -+proj=pipeline +inv +proj=geos h=5e71 +step -BINARY_3D: \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14666 b/benchmarks/proj4_standard_fuzzer/testcases/14666 deleted file mode 100644 index ed1f9535e..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/14666 +++ /dev/null @@ -1,3 +0,0 @@ -+proj=pipeline +proj=geos h=5 a=66666666666666666 +step -+proj=aeqd -BINARY_3D: ˙˙ \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/14766 b/benchmarks/proj4_standard_fuzzer/testcases/14766 deleted file mode 100644 index 39cbf2d07..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/14766 +++ /dev/null @@ -1,3 +0,0 @@ -+b=2 +init=epsg:4376 -+proj=vandg -BINARY_3D: Ô \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/15009 b/benchmarks/proj4_standard_fuzzer/testcases/15009 deleted file mode 100644 index 4214d562f..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/15009 +++ /dev/null @@ -1,3 +0,0 @@ -+proj=ups -+mode=hex +proj=isea +resolution=2684354706 +aperture -BINARY_3D: ˙NA \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/15148 b/benchmarks/proj4_standard_fuzzer/testcases/15148 deleted file mode 100644 index 49ad20f8e..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/15148 +++ /dev/null @@ -1,3 +0,0 @@ -+proj=cc -+proj=pipeline +proj=pipeline proj=sch plon_0=90 plat_0 phdg_0 step step inv plon_0=222 +step -BINARY_3D: a \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/15336 b/benchmarks/proj4_standard_fuzzer/testcases/15336 deleted file mode 100644 index 70bad4ce0..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/15336 +++ /dev/null @@ -1,3 +0,0 @@ -+proj=ups -+proj=pipeline +a=1 proj=leac rf=2e98 +step +inv +step +step +inv +step +proj=aeqd -BINARY_3D: ˙ ˙˙˙˙ \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/16130 b/benchmarks/proj4_standard_fuzzer/testcases/16130 deleted file mode 100644 index 0cb249bee..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/16130 +++ /dev/null @@ -1,2 +0,0 @@ -+a=1E77 +R_lat_a=90 +proj=aeqd +b=1 - diff --git a/benchmarks/proj4_standard_fuzzer/testcases/17575 b/benchmarks/proj4_standard_fuzzer/testcases/17575 deleted file mode 100644 index 6ca8e90cd..000000000 --- a/benchmarks/proj4_standard_fuzzer/testcases/17575 +++ /dev/null @@ -1,3 +0,0 @@ - +proj=aeqd - +proj=pipeline +proj=pipeline ˙ +proj=murd3 +lat_2 lat_1=3e249˙˙˙˙ step ˙˙ +˙ step ++ step inv step ++ step inv step step inv step ++ step inv ˙ ˙ ˙ ˙ ˙ ˙ ˙ ˙ ˙ +step + -BINARY_3D: ˙ \ No newline at end of file diff --git a/benchmarks/proj4_standard_fuzzer/testcases/2241 b/benchmarks/proj4_standard_fuzzer/testcases/2241 deleted file mode 100644 index 032e090cf..000000000 Binary files a/benchmarks/proj4_standard_fuzzer/testcases/2241 and /dev/null differ diff --git a/benchmarks/quickjs_eval-2020-01-05/Dockerfile b/benchmarks/quickjs_eval-2020-01-05/Dockerfile index e26818eed..ab84d1fbb 100644 --- a/benchmarks/quickjs_eval-2020-01-05/Dockerfile +++ b/benchmarks/quickjs_eval-2020-01-05/Dockerfile @@ -17,7 +17,14 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c RUN apt-get update && \ apt-get install -y autoconf automake libtool bison pkg-config -RUN git clone --depth 1 --branch master https://github.com/bellard/quickjs quickjs + +# This project does not have any release/tag. +RUN git clone \ + --depth 1 \ + --branch master \ + https://github.com/bellard/quickjs \ + quickjs + WORKDIR quickjs COPY build.sh $SRC/ COPY *.c *.h *.dict $SRC/ diff --git a/benchmarks/quickjs_eval-2020-01-05/benchmark.yaml b/benchmarks/quickjs_eval-2020-01-05/benchmark.yaml index f6d82ca1c..f7d721d23 100644 --- a/benchmarks/quickjs_eval-2020-01-05/benchmark.yaml +++ b/benchmarks/quickjs_eval-2020-01-05/benchmark.yaml @@ -1,6 +1,3 @@ -commit: 91459fb6723e29e923380cec0023af93819ae69d -commit_date: 2020-09-06 18:47:30+00:00 fuzz_target: fuzz_eval project: quickjs -type: bug unsupported_fuzzers: diff --git a/benchmarks/stb_stbi_read_fuzzer/Dockerfile b/benchmarks/stb_stbi_read_fuzzer/Dockerfile index 33ae29bd1..dd6d94caa 100644 --- a/benchmarks/stb_stbi_read_fuzzer/Dockerfile +++ b/benchmarks/stb_stbi_read_fuzzer/Dockerfile @@ -17,12 +17,36 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c RUN apt-get update && \ - apt-get install -y wget tar + apt-get install -y \ + wget tar -RUN git clone --depth 1 https://github.com/nothings/stb.git +# This project does not have any release/tag. +RUN git clone \ + --depth 1 \ + --branch master \ + https://github.com/nothings/stb.git -RUN wget -O $SRC/stb/gif.tar.gz https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/imagetestsuite/imagetestsuite-gif-1.00.tar.gz -RUN wget -O $SRC/stb/jpg.tar.gz https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/imagetestsuite/imagetestsuite-jpg-1.00.tar.gz -RUN wget -O $SRC/stb/tests/gif.dict https://raw.githubusercontent.com/mirrorer/afl/master/dictionaries/gif.dict &> /dev/null +RUN mkdir $SRC/stbi # CIFuzz workaround +RUN wget -O \ + $SRC/stbi/gif.tar.gz https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/imagetestsuite/imagetestsuite-gif-1.00.tar.gz +RUN wget -O \ + $SRC/stbi/jpg.tar.gz https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/imagetestsuite/imagetestsuite-jpg-1.00.tar.gz +RUN wget -O \ + $SRC/stbi/bmp.zip http://entropymine.com/jason/bmpsuite/releases/bmpsuite-2.6.zip +RUN wget -O \ + $SRC/stbi/tga.zip https://github.com/richgel999/tga_test_files/archive/master.zip + +RUN wget -O \ + $SRC/stbi/gif.dict https://raw.githubusercontent.com/mirrorer/afl/master/dictionaries/gif.dict + +# Maintain compatibility with master branch until a new release +RUN cp \ + $SRC/stbi/gif.tar.gz \ + $SRC/stbi/jpg.tar.gz \ + $SRC/stbi/bmp.zip \ + $SRC/stbi/gif.dict \ + $SRC/stb + +WORKDIR stb COPY build.sh $SRC/ diff --git a/benchmarks/stb_stbi_read_fuzzer/benchmark.yaml b/benchmarks/stb_stbi_read_fuzzer/benchmark.yaml index ad1947df8..9239229d9 100644 --- a/benchmarks/stb_stbi_read_fuzzer/benchmark.yaml +++ b/benchmarks/stb_stbi_read_fuzzer/benchmark.yaml @@ -1,8 +1,5 @@ -commit: f54acd4e13430c5122cab4ca657705c84aa61b08 -commit_date: 2020-05-27 02:31:00+00:00 fuzz_target: stbi_read_fuzzer project: stb -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/stb_stbi_read_fuzzer/build.sh b/benchmarks/stb_stbi_read_fuzzer/build.sh index 6cad52718..e32e0e64b 100644 --- a/benchmarks/stb_stbi_read_fuzzer/build.sh +++ b/benchmarks/stb_stbi_read_fuzzer/build.sh @@ -14,22 +14,5 @@ # limitations under the License. # ################################################################################ -sed '2d' $SRC/stb/tests/stb_png_read_fuzzer.cpp > $SRC/stb/tests/stbi_read_fuzzer.c - -$CXX $CXXFLAGS -std=c++11 -I. \ - $SRC/stb/tests/stbi_read_fuzzer.c \ - -o $OUT/stbi_read_fuzzer $LIB_FUZZING_ENGINE - -find $SRC/stb/tests/pngsuite -name "*.png" | \ - xargs zip $OUT/stb_png_read_fuzzer_seed_corpus.zip - -cp $SRC/stb/tests/stb_png.dict $OUT/stb_png_read_fuzzer.dict - -tar xvzf $SRC/stb/jpg.tar.gz --directory $SRC/stb/tests -tar xvzf $SRC/stb/gif.tar.gz --directory $SRC/stb/tests - -find $SRC/stb/tests -name "*.png" -o -name "*.jpg" -o -name ".gif" | \ - xargs zip $OUT/stbi_read_fuzzer_seed_corpus.zip - -echo "" >> $SRC/stb/tests/gif.dict -cat $SRC/stb/tests/gif.dict $SRC/stb/tests/stb_png.dict > $OUT/stbi_read_fuzzer.dict +# Run the OSS-Fuzz script in the project +$SRC/stb/tests/ossfuzz.sh diff --git a/benchmarks/systemd_fuzz-link-parser/Dockerfile b/benchmarks/systemd_fuzz-link-parser/Dockerfile index ec767dec9..c2c21ed38 100644 --- a/benchmarks/systemd_fuzz-link-parser/Dockerfile +++ b/benchmarks/systemd_fuzz-link-parser/Dockerfile @@ -15,6 +15,16 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c -RUN git clone --depth 1 https://github.com/systemd/systemd systemd + +RUN apt-get update && \ + apt-get install -y libcap-dev + +RUN git clone \ + --depth 1 \ + --branch v252 \ + https://github.com/systemd/systemd && \ + cp $SRC/systemd/tools/oss-fuzz.sh $SRC/build.sh && \ + # Move shared libraries and tweak rpath for all $ARCHITECTURE. + sed -i '119d;126d' $SRC/build.sh + WORKDIR systemd -COPY build.sh $SRC/ diff --git a/benchmarks/systemd_fuzz-link-parser/benchmark.yaml b/benchmarks/systemd_fuzz-link-parser/benchmark.yaml index cb604c95e..48fb65d01 100644 --- a/benchmarks/systemd_fuzz-link-parser/benchmark.yaml +++ b/benchmarks/systemd_fuzz-link-parser/benchmark.yaml @@ -2,3 +2,5 @@ commit: 07faa4990fcc1e80c9ef63c09eb91bb73dab19cb commit_date: 2022-09-28 12:03:03+00:00 fuzz_target: fuzz-link-parser project: systemd +unsupported_fuzzers: + - centipede diff --git a/benchmarks/systemd_fuzz-link-parser/build.sh b/benchmarks/systemd_fuzz-link-parser/build.sh deleted file mode 100755 index 379920c9f..000000000 --- a/benchmarks/systemd_fuzz-link-parser/build.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -eu -# Copyright 2018 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -tools/oss-fuzz.sh diff --git a/benchmarks/systemd_fuzz-varlink/Dockerfile b/benchmarks/systemd_fuzz-varlink/Dockerfile index 64d0009fc..6bf7a0c35 100644 --- a/benchmarks/systemd_fuzz-varlink/Dockerfile +++ b/benchmarks/systemd_fuzz-varlink/Dockerfile @@ -1,3 +1,4 @@ +# syntax=docker/dockerfile:1.3-labs # Copyright 2018 Google Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,11 +18,29 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c RUN apt-get update && \ - apt-get install -y \ - gperf m4 gettext libcap-dev libmount-dev libkmod-dev \ - pkg-config wget && \ - pip3 install meson==0.55.3 ninja==1.10.0 -RUN git clone https://github.com/systemd/systemd systemd -WORKDIR systemd -COPY build.sh $SRC/ + apt-get install -y libcap-dev \ + gperf m4 gettext libmount-dev libkmod-dev pkg-config wget \ + ninja-build=1.10.0-1build1 && \ + pip3 install meson==0.55.3 + +RUN git clone https://github.com/systemd/systemd && \ + git -C "$SRC/systemd" checkout cb367b17853d215ebcf2816118c1f53d003e5088 && \ + cp $SRC/systemd/tools/oss-fuzz.sh $SRC/build.sh +# Some fixes to make the old version build & run. +# Fix ninja version compatibility error. +ENV PATH='/usr/bin':$PATH +# Remove a buggy lines that zip corpus files that do not exist. +RUN sed -i '37,42d' $SRC/build.sh && \ + # Copy shared lib and patch rpath so that they can be found in the runner. + cat >> "$SRC/build.sh" <<'EOF' +for lib_path in $(ldd "$OUT"/src/shared/libsystemd-shared-*.so \ + | perl -lne 'print $1 if m{=>\s+(/lib\S+)}'); do + lib_name=$(basename "$lib_path") + cp "$lib_path" "$OUT/src/shared" + patchelf --set-rpath \$ORIGIN "$OUT/src/shared/$lib_name" +done +patchelf --set-rpath \$ORIGIN "$OUT"/src/shared/libsystemd-shared-*.so +EOF + +WORKDIR systemd diff --git a/benchmarks/systemd_fuzz-varlink/benchmark.yaml b/benchmarks/systemd_fuzz-varlink/benchmark.yaml index 3fcf482f4..2a2b86f3f 100644 --- a/benchmarks/systemd_fuzz-varlink/benchmark.yaml +++ b/benchmarks/systemd_fuzz-varlink/benchmark.yaml @@ -1,9 +1,7 @@ -commit: cb367b17853d215ebcf2816118c1f53d003e5088 -commit_date: 2019-05-10 19:14:59+00:00 fuzz_target: fuzz-varlink project: systemd -type: bug unsupported_fuzzers: + - centipede - aflcc - afl_qemu - aflplusplus_qemu diff --git a/benchmarks/systemd_fuzz-varlink/build.sh b/benchmarks/systemd_fuzz-varlink/build.sh deleted file mode 100755 index 379920c9f..000000000 --- a/benchmarks/systemd_fuzz-varlink/build.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -eu -# Copyright 2018 Google Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -tools/oss-fuzz.sh diff --git a/benchmarks/usrsctp_fuzzer_connect/Dockerfile b/benchmarks/usrsctp_fuzzer_connect/Dockerfile index 3ef7db986..200eb972b 100644 --- a/benchmarks/usrsctp_fuzzer_connect/Dockerfile +++ b/benchmarks/usrsctp_fuzzer_connect/Dockerfile @@ -17,6 +17,10 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c MAINTAINER weinrank@fh-muenster.de RUN apt-get update && apt-get install -y make cmake pkg-config -RUN git clone --branch oss-fuzz https://github.com/weinrank/usrsctp usrsctp +RUN git clone \ + --depth 1 \ + --branch 0.9.5.0 \ + https://github.com/sctplab/usrsctp.git \ + usrsctp WORKDIR usrsctp COPY build.sh $SRC/ diff --git a/benchmarks/usrsctp_fuzzer_connect/benchmark.yaml b/benchmarks/usrsctp_fuzzer_connect/benchmark.yaml index 8c90ef270..944ed0d0d 100644 --- a/benchmarks/usrsctp_fuzzer_connect/benchmark.yaml +++ b/benchmarks/usrsctp_fuzzer_connect/benchmark.yaml @@ -1,8 +1,5 @@ -commit: e08eacffd438cb0760c926fbe60ccda011f6ce70 -commit_date: 2019-10-06 10:51:51+00:00 fuzz_target: fuzzer_connect project: usrsctp -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/wireshark_fuzzshark_ip/Dockerfile b/benchmarks/wireshark_fuzzshark_ip/Dockerfile index 40ebc7558..dc03fabe6 100644 --- a/benchmarks/wireshark_fuzzshark_ip/Dockerfile +++ b/benchmarks/wireshark_fuzzshark_ip/Dockerfile @@ -16,12 +16,25 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1e062e2e40f7e8a23e86b63ff3dad7c -RUN apt-get update && apt-get install -y make cmake \ - flex bison \ - libglib2.0-dev libgcrypt20-dev +RUN apt-get update && \ + apt-get install -y \ + ninja-build \ + cmake \ + flex \ + bison \ + libc-ares-dev \ + libglib2.0-dev \ + libgcrypt20-dev -RUN git clone --depth=1 https://gitlab.com/wireshark/wireshark.git -RUN git clone --depth=1 https://bitbucket.org/jwzawadzki/wireshark-fuzzdb.git +RUN git clone \ + --depth 1 \ + --branch wireshark-3.6.9 \ + https://gitlab.com/wireshark/wireshark.git + +RUN git clone \ + --depth=1 \ + --branch master \ + https://bitbucket.org/jwzawadzki/wireshark-fuzzdb.git WORKDIR wireshark COPY build.sh $SRC/ diff --git a/benchmarks/wireshark_fuzzshark_ip/benchmark.yaml b/benchmarks/wireshark_fuzzshark_ip/benchmark.yaml index f45fc6288..5901a71d8 100644 --- a/benchmarks/wireshark_fuzzshark_ip/benchmark.yaml +++ b/benchmarks/wireshark_fuzzshark_ip/benchmark.yaml @@ -1,8 +1,5 @@ -commit: bc4d7c46f391971f0e2c875c9b2d63c1b9152f6d -commit_date: 2018-10-07 01:19:00+00:00 fuzz_target: fuzzshark_ip project: wireshark -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/benchmarks/wireshark_fuzzshark_ip/build.sh b/benchmarks/wireshark_fuzzshark_ip/build.sh index 0a56a3af7..82a0279ab 100755 --- a/benchmarks/wireshark_fuzzshark_ip/build.sh +++ b/benchmarks/wireshark_fuzzshark_ip/build.sh @@ -18,47 +18,34 @@ WIRESHARK_BUILD_PATH="$WORK/build" mkdir -p "$WIRESHARK_BUILD_PATH" -export WIRESHARK_INSTALL_PATH="$WORK/install" -mkdir -p "$WIRESHARK_INSTALL_PATH" - # Prepare Samples directory export SAMPLES_DIR="$WORK/samples" mkdir -p "$SAMPLES_DIR" cp -a $SRC/wireshark-fuzzdb/samples/* "$SAMPLES_DIR" +# Make sure we build fuzzshark. +CMAKE_DEFINES="-DBUILD_fuzzshark=ON" + # compile static version of libs -# XXX, with static wireshark linking each fuzzer binary is ~338 MB (just libwireshark.a is 623 MBs). +# XXX, with static wireshark linking each fuzzer binary is ~346 MB (just libwireshark.a is 761 MB). # XXX, wireshark is not ready for including static plugins into binaries. -CMAKE_DEFINES="-DENABLE_STATIC=ON -DENABLE_PLUGINS=OFF" +CMAKE_DEFINES="$CMAKE_DEFINES -DENABLE_STATIC=ON -DENABLE_PLUGINS=OFF" # disable optional dependencies CMAKE_DEFINES="$CMAKE_DEFINES -DENABLE_PCAP=OFF -DENABLE_GNUTLS=OFF" -# need only libs, disable programs -# TODO, add something like --without-extcap, which would disable all extcap binaries -CMAKE_DEFINES="$CMAKE_DEFINES -DBUILD_wireshark=OFF -DBUILD_tshark=OFF -DBUILD_sharkd=OFF \ - -DBUILD_dumpcap=OFF -DBUILD_capinfos=OFF -DBUILD_captype=OFF -DBUILD_randpkt=OFF -DBUILD_dftest=OFF \ - -DBUILD_editcap=OFF -DBUILD_mergecap=OFF -DBUILD_reordercap=OFF -DBUILD_text2pcap=OFF \ - -DBUILD_fuzzshark=OFF \ - -DBUILD_androiddump=OFF -DBUILD_randpktdump=OFF -DBUILD_udpdump=OFF \ - " - -# Fortify and asan don't like each other ... :( -# TODO, right now -D_FORTIFY_SOURCE=2 is not added in cmake builds. -# sed -i '/AC_WIRESHARK_GCC_FORTIFY_SOURCE_CHECK/d' configure.ac +# There is no need to manually disable programs via BUILD_xxx=OFF since the +# all-fuzzers targets builds the minimum required binaries. However we do have +# to disable the Qt GUI or else the cmake step will fail. +CMAKE_DEFINES="$CMAKE_DEFINES -DBUILD_wireshark=OFF" cd "$WIRESHARK_BUILD_PATH" -cmake -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \ +cmake -GNinja \ + -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \ -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ - -DCMAKE_INSTALL_PREFIX="$WIRESHARK_INSTALL_PATH" $CMAKE_DEFINES -DDISABLE_WERROR=ON $SRC/wireshark/ - -# disable leak checks, lemon is build with ASAN, and it leaks memory during building. -export ASAN_OPTIONS="detect_leaks=0" -make "-j$(nproc)" -make install + -DDISABLE_WERROR=ON -DOSS_FUZZ=ON $CMAKE_DEFINES $SRC/wireshark/ -# make install didn't install config.h, install it manually -cp "$WIRESHARK_BUILD_PATH/config.h" "$WIRESHARK_INSTALL_PATH/include/wireshark/" +ninja all-fuzzers $SRC/wireshark/tools/oss-fuzzshark/build.sh all diff --git a/benchmarks/zstd_stream_decompress/Dockerfile b/benchmarks/zstd_stream_decompress/Dockerfile index 921974dc3..fc6f27442 100644 --- a/benchmarks/zstd_stream_decompress/Dockerfile +++ b/benchmarks/zstd_stream_decompress/Dockerfile @@ -18,7 +18,10 @@ FROM gcr.io/oss-fuzz-base/base-builder@sha256:fb1a9a49752c9e504687448d1f1a048ec1 RUN apt-get update && apt-get upgrade -y && apt-get install -y make python wget # Clone source -RUN git clone https://github.com/facebook/zstd +RUN git clone \ + --depth 1 \ + --branch v1.5.2 \ + https://github.com/facebook/zstd WORKDIR zstd COPY build.sh $SRC/ diff --git a/benchmarks/zstd_stream_decompress/benchmark.yaml b/benchmarks/zstd_stream_decompress/benchmark.yaml index 9cb111812..4d291f02a 100644 --- a/benchmarks/zstd_stream_decompress/benchmark.yaml +++ b/benchmarks/zstd_stream_decompress/benchmark.yaml @@ -1,8 +1,5 @@ -commit: 9ad7ea44ec9644c618c2e82be5960d868e48745d -commit_date: 2019-04-19 00:29:32+00:00 fuzz_target: stream_decompress project: zstd -type: bug unsupported_fuzzers: - aflcc - afl_qemu diff --git a/fuzzers/afl/builder.Dockerfile b/fuzzers/afl/builder.Dockerfile index 0b382b81e..94d7f5076 100644 --- a/fuzzers/afl/builder.Dockerfile +++ b/fuzzers/afl/builder.Dockerfile @@ -17,9 +17,11 @@ FROM $parent_image # Download and compile AFL v2.57b. # Set AFL_NO_X86 to skip flaky tests. -RUN git clone https://github.com/google/AFL.git /afl && \ +RUN git clone \ + --depth 1 \ + --branch v2.57b \ + https://github.com/google/AFL.git /afl && \ cd /afl && \ - git checkout 61037103ae3722c8060ff7082994836a794f978e && \ CFLAGS= CXXFLAGS= AFL_NO_X86=1 make # Use afl_driver.cpp from LLVM as our fuzzing library. diff --git a/fuzzers/aflfast/builder.Dockerfile b/fuzzers/aflfast/builder.Dockerfile index f4761372e..b38039810 100644 --- a/fuzzers/aflfast/builder.Dockerfile +++ b/fuzzers/aflfast/builder.Dockerfile @@ -19,7 +19,7 @@ FROM $parent_image # Set AFL_NO_X86 to skip flaky tests. RUN git clone https://github.com/mboehme/aflfast.git /afl && \ cd /afl && \ - git checkout 11ec1828448d27bdcc54fdeb91bf3215d4d8c583 && \ + git checkout d1d54caf9850ca4afe2ac634a2a212aa6bb40032 && \ AFL_NO_X86=1 make # Use afl_driver.cpp from LLVM as our fuzzing library. diff --git a/fuzzers/aflplusplus/builder.Dockerfile b/fuzzers/aflplusplus/builder.Dockerfile index 60501c2e0..ee5c4389e 100644 --- a/fuzzers/aflplusplus/builder.Dockerfile +++ b/fuzzers/aflplusplus/builder.Dockerfile @@ -15,21 +15,36 @@ ARG parent_image FROM $parent_image -# Install libstdc++ to use llvm_mode. RUN apt-get update && \ - apt-get install -y wget libstdc++-10-dev libtool-bin automake flex bison \ - libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ - apt-utils apt-transport-https ca-certificates + apt-get install -y \ + build-essential \ + python3-dev \ + python3-setuptools \ + automake \ + cmake \ + git \ + flex \ + bison \ + libglib2.0-dev \ + libpixman-1-dev \ + cargo \ + libgtk-3-dev \ + # for QEMU mode + ninja-build \ + gcc-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-plugin-dev \ + libstdc++-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-dev -# Download and compile afl++. -RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ - cd /afl && \ - git checkout 0c122aeee65c5e91b6ecc465dcdf740aa67943d1 +# Download afl++. +RUN git clone \ + --depth 1 \ + --branch 4.04c \ + https://github.com/AFLplusplus/AFLplusplus /afl # Build without Python support as we don't need it. # Set AFL_NO_X86 to skip flaky tests. -RUN cd /afl && unset CFLAGS && unset CXXFLAGS && \ - export CC=clang && export AFL_NO_X86=1 && \ - PYTHON_INCLUDE=/ make && make install && \ - make -C utils/aflpp_driver && \ +RUN cd /afl && \ + unset CFLAGS CXXFLAGS && \ + export CC=clang AFL_NO_X86=1 && \ + PYTHON_INCLUDE=/ make distrib && \ + make install && \ cp utils/aflpp_driver/libAFLDriver.a / diff --git a/fuzzers/aflplusplus/fuzzer.py b/fuzzers/aflplusplus/fuzzer.py index b77b86ad8..7fc4a41e2 100755 --- a/fuzzers/aflplusplus/fuzzer.py +++ b/fuzzers/aflplusplus/fuzzer.py @@ -36,6 +36,12 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements # BUILD_MODES is not already supported by fuzzbench, meanwhile we provide # a default configuration. + # Add required libs for libpcap_fuzz_both. + os.environ['EXTRA_LIBS'] = ( + '/usr/lib/x86_64-linux-gnu/libdbus-1.a ' + '/lib/x86_64-linux-gnu/libsystemd.so.0' + ) + build_modes = list(args) if 'BUILD_MODES' in os.environ: build_modes = os.environ['BUILD_MODES'].split(',') diff --git a/fuzzers/aflsmart/builder.Dockerfile b/fuzzers/aflsmart/builder.Dockerfile index a2b4f5e86..dcb8eb7a9 100644 --- a/fuzzers/aflsmart/builder.Dockerfile +++ b/fuzzers/aflsmart/builder.Dockerfile @@ -15,44 +15,39 @@ ARG parent_image FROM $parent_image -# Install Python2 and Pip2 on Ubuntu:20.04. -RUN apt-get install -y software-properties-common && \ +# Install gcc-4.4 & g++-4.4 required by Peach while running on Ubuntu 16.04. +# Install Python2 and Pip2 required by AFLSmart on Ubuntu:20.04. +RUN echo 'deb http://dk.archive.ubuntu.com/ubuntu/ trusty main' >> \ + /etc/apt/sources.list && \ + echo 'deb http://dk.archive.ubuntu.com/ubuntu/ trusty universe' >> \ + /etc/apt/sources.list && \ apt-get update && \ - add-apt-repository universe && \ - apt-get install -y python2 && \ + apt-get install -y \ + gcc-4.4 \ + g++-4.4 \ + unzip \ + wget \ + tzdata \ + python2 && \ curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py && \ python2 get-pip.py && \ rm /usr/bin/python && \ ln -s /usr/bin/python2.7 /usr/bin/python -# RUN apt-get install --unstable gnupg-curl - -# install AFLSmart dependencies +# Install AFLSmart dependencies. RUN dpkg --add-architecture i386 && \ - apt-get update -y && apt-get install -y \ + apt-get update && \ + apt-get install -y \ apt-utils \ libc6-dev-i386 \ g++-multilib \ mono-complete \ software-properties-common -# install gcc-4.4 & g++-4.4 required by Peach while running on Ubuntu 16.04 -RUN apt-get update -y && \ - apt-get upgrade -y && \ - add-apt-repository --keyserver hkps://keyserver.ubuntu.com:443 ppa:ubuntu-toolchain-r/test -y && \ - echo 'deb http://dk.archive.ubuntu.com/ubuntu/ trusty main' >> /etc/apt/sources.list && \ - echo 'deb http://dk.archive.ubuntu.com/ubuntu/ trusty universe' >> /etc/apt/sources.list && \ - apt-get update -y && apt-get install -y \ - gcc-4.4 \ - g++-4.4 \ - unzip \ - wget \ - tzdata - -# Download and compile AFLSmart +# Download and compile AFLSmart. RUN git clone https://github.com/aflsmart/aflsmart /afl && \ cd /afl && \ - git checkout a9d60257a6b5a7df2e177bddc6982376723bfd90 && \ + git checkout 4286ae47e0e5d8c412f91aae94ef9d11fb97dfd8 && \ AFL_NO_X86=1 make # Setup Peach. diff --git a/fuzzers/klee/builder.Dockerfile b/fuzzers/klee/builder.Dockerfile index 0b7ea1ad9..30036824e 100644 --- a/fuzzers/klee/builder.Dockerfile +++ b/fuzzers/klee/builder.Dockerfile @@ -15,89 +15,249 @@ ARG parent_image FROM $parent_image -# Install Clang/LLVM 6.0. -RUN apt-get update -y && \ - apt-get -y install llvm-6.0 \ - clang-6.0 llvm-6.0-dev llvm-6.0-tools \ - wget +# The following installation Steps 1-8 are from KLEE's recommended build guide: +# https://klee.github.io/build-llvm11/ +# We should merge some of them to minimise Dockerfile / docker image. + +# Step 1: Install dependencies. +# Install dependencies for KLEE. +RUN apt-get update && \ + apt-get install -y \ + build-essential \ + cmake \ + curl \ + file \ + g++-multilib \ + gcc-multilib \ + git \ + libcap-dev \ + libgoogle-perftools-dev \ + libncurses5-dev \ + libsqlite3-dev \ + libtcmalloc-minimal4 \ + python3-pip \ + unzip \ + graphviz \ + doxygen + +# Install dependencies for testing and additional features. +RUN pip3 install lit wllvm && \ + apt-get install -y python3-tabulate +ENV PATH=$PATH:'~/.local/bin' + +# Step 2: Install LLVM 11. +RUN apt-get install -y clang-11 llvm-11 llvm-11-dev llvm-11-tools +ENV PATH='/usr/lib/llvm-11/bin':$PATH +ENV LD_LIBRARY_PATH='/usr/lib/llvm-11/lib':$LD_LIBRARY_PATH +# ENV LD_LIBRARY_PATH='/usr/lib/clang/11.0.0/lib/linux':$LD_LIBRARY_PATH +# ENV LDFLAGS="$LDFLAGS -pthread" -# Install KLEE dependencies. +# Step 3: Install constraint solver (STP). +# Install STP dependencies. RUN apt-get install -y \ - cmake-data build-essential curl libcap-dev \ - git cmake libncurses5-dev unzip libtcmalloc-minimal4 \ - libgoogle-perftools-dev bison flex libboost-all-dev \ - perl zlib1g-dev libsqlite3-dev doxygen + cmake \ + bison \ + flex \ + libboost-all-dev \ + python \ + perl \ + zlib1g-dev \ + minisat \ + libboost-all-dev \ + perl \ + zlib1g-dev ENV INSTALL_DIR=/out # Install minisat. -RUN git clone https://github.com/stp/minisat.git /minisat && \ - cd /minisat && mkdir build && cd build && \ +RUN git clone https://github.com/stp/minisat.git /src/minisat && \ + mkdir /src/minisat/build && \ + (cd /src/minisat/build && \ CXXFLAGS= cmake -DSTATIC_BINARIES=ON \ -DCMAKE_INSTALL_PREFIX=$INSTALL_DIR -DCMAKE_BUILD_TYPE=Release ../ && \ - make -j`nproc` && make install + make -j`nproc` && make install) # Install STP solver. -RUN git clone https://github.com/stp/stp.git /stp && \ - cd /stp && git checkout tags/2.1.2 && \ - mkdir build && cd build && \ - CXXFLAGS= cmake -DBUILD_SHARED_LIBS:BOOL=OFF \ - -DENABLE_PYTHON_INTERFACE:BOOL=OFF \ - -DMINISAT_LIBRARY=$INSTALL_DIR/lib/libminisat.so \ - -DMINISAT_INCLUDE_DIR=$INSTALL_DIR/include \ - -DCMAKE_INSTALL_PREFIX=/user/local/ -DCMAKE_BUILD_TYPE=Release .. && \ - make -j`nproc` && make install - -RUN git clone https://github.com/klee/klee-uclibc.git /klee-uclibc && \ - cd /klee-uclibc && \ - CC=`which clang-6.0` CXX=`which clang++-6.0` \ - ./configure --make-llvm-lib --with-llvm-config=`which llvm-config-6.0` && \ - make -j`nproc` && make install - -# Install KLEE. Use my personal repo containing seed conversion scripts for now. -# TODO: Include seed conversion scripts in fuzzbench repo. -# Note: don't use the 'debug' branch because it has checks for non-initialized values -# that need to be fixed for certain syscalls. -# When we use it, be sure to also use klee-uclibc from https://github.com/lmrs2/klee-uclibc.git. -RUN git clone https://github.com/lmrs2/klee.git /klee && \ - cd /klee && \ - git checkout 3810917841c1cb58587719c1d3d47181a2401324 && \ - wget -O tools/ktest-tool/ktest-tool https://raw.githubusercontent.com/lmrs2/klee/debug/tools/ktest-tool/ktest-tool - -# The libcxx build script in the KLEE repo depends on wllvm: -RUN pip3 install wllvm - -# Before building KLEE, build libcxx. -RUN cd /klee && \ - LLVM_VERSION=6.0 SANITIZER_BUILD= ENABLE_OPTIMIZED=0 ENABLE_DEBUG=1 \ - DISABLE_ASSERTIONS=1 REQUIRES_RTTI=1 \ - BASE=/out \ - ./scripts/build/build.sh libcxx - -RUN cd /klee && \ - mkdir build && cd build && \ - CXXFLAGS= cmake -DENABLE_SOLVER_STP=ON -DENABLE_POSIX_RUNTIME=ON \ - -DENABLE_KLEE_LIBCXX=ON -DKLEE_LIBCXX_DIR=/out/libc++-install-60/ \ - -DKLEE_LIBCXX_INCLUDE_DIR=/out/libc++-install-60/include/c++/v1/ \ - -DENABLE_KLEE_UCLIBC=ON -DKLEE_UCLIBC_PATH=/klee-uclibc/ \ - -DENABLE_SYSTEM_TESTS=OFF -DENABLE_UNIT_TESTS=OFF \ - -DLLVM_CONFIG_BINARY=`which llvm-config-6.0` -DLLVMCC=`which clang-6.0` \ - -DLLVMCXX=`which clang++-6.0` -DCMAKE_INSTALL_PREFIX=$INSTALL_DIR ../ \ - -DCMAKE_BUILD_TYPE=Release && \ - make -j`nproc` && make install - -ENV LLVM_CC_NAME=clang-6.0 -ENV LLVM_CXX_NAME=clang++-6.0 -ENV LLVM_AR_NAME=llvm-ar-6.0 -ENV LLVM_LINK_NAME=llvm-link-6.0 -ENV LLVM_COMPILER=clang -ENV CC=wllvm -ENV CXX=wllvm++ - -# Compile the harness klee_driver.cpp. -COPY klee_driver.cpp /klee_driver.cpp -COPY klee_mock.c /klee_mock.c -RUN $CXX -stdlib=libc++ -std=c++11 -O2 -c /klee_driver.cpp -o /klee_driver.o && \ - ar r /libAFL.a /klee_driver.o && \ - $LLVM_CC_NAME -O2 -c -fPIC /klee_mock.c -o /klee_mock.o && \ - $LLVM_CC_NAME -shared -o /libKleeMock.so /klee_mock.o +RUN git clone \ + --depth 1 \ + --branch 2.3.3\ + https://github.com/stp/stp.git /src/stp && \ + mkdir /src/stp/build && \ + (cd /src/stp/build && \ + CXXFLAGS= cmake -DBUILD_SHARED_LIBS:BOOL=ON \ + -DENABLE_PYTHON_INTERFACE:BOOL=OFF \ + -DMINISAT_LIBRARY=$INSTALL_DIR/lib/libminisat.so.2.1.0 \ + -DMINISAT_INCLUDE_DIR=$INSTALL_DIR/include \ + -DCMAKE_INSTALL_PREFIX=/user/local/ -DCMAKE_BUILD_TYPE=Release .. && \ + make -j`nproc` && make install) + +# Step 4 (Optional): Get Google test sources. +RUN curl \ + -o /src/release-1.11.0.zip \ + -L https://github.com/google/googletest/archive/release-1.11.0.zip && \ + unzip /src/release-1.11.0.zip -d /src && \ + rm /src/release-1.11.0.zip + +# Step 5(Optional): Build uClibc and the POSIX environment model. +# Enable the KLEE POSIX runtime to run on real programs. +ENV KLEE_UCLIBC='/src/klee-uclibc' +RUN git clone https://github.com/klee/klee-uclibc.git $KLEE_UCLIBC && \ + (cd $KLEE_UCLIBC && \ + ./configure --make-llvm-lib && \ +# --make-llvm-lib \ +# --with-cc clang-11 \ +# --with-llvm-config llvm-config-11 && \ + make -j`nproc`) + +# Step 6: Get KLEE source. +ENV KLEE_DIR=/src/klee +RUN git clone https://github.com/klee/klee.git $KLEE_DIR + +# Step 7 (Optional): Build libc++. +ENV LIBCXX_DIR=/src/libcxx +RUN mkdir $LIBCXX_DIR && \ + (cd $KLEE_DIR && \ + LLVM_VERSION=11 BASE=$LIBCXX_DIR ./scripts/build/build.sh libcxx) + +# Step 8: Configure KLEE. +RUN mkdir $KLEE_DIR/build && \ + (cd $KLEE_DIR/build && \ + cmake \ + -DENABLE_SOLVER_STP=ON \ + -DENABLE_POSIX_RUNTIME=ON \ + -DKLEE_UCLIBC_PATH=/src/klee-uclibc \ + -DENABLE_UNIT_TESTS=ON \ + -DLLVM_CONFIG_BINARY=/usr/bin/llvm-config-11 \ + -DGTEST_SRC_DIR=/src/googletest-release-1.11.0/ \ + -DENABLE_KLEE_LIBCXX=ON \ + -DKLEE_LIBCXX_DIR=/src/libcxx/libc++-install-110/ \ + -DKLEE_LIBCXX_INCLUDE_DIR=/src/libcxx/libc++-install-110/include/c++/v1/ \ + -DENABLE_KLEE_EH_CXX=ON \ + -DKLEE_LIBCXXABI_SRC_DIR=/src/libcxx/llvm-110/libcxxabi/ \ + ..) + +# Step 9: Build KLEE. +RUN (cd $KLEE_DIR/build && \ + make) + + +# Install Clang/LLVM 6.0. +# RUN apt-get update -y && \ +# apt-get -y install llvm-11.0 \ +# clang-6.0 llvm-6.0-dev llvm-6.0-tools \ +# wget + +# # Install KLEE. +# ENV LIBCXX_DIR=/src/libcxx +# RUN mkdir $LIBCXX_DIR && \ +# git clone https://github.com/klee/klee.git && \ +# cd klee && \ +# LLVM_VERSION=11 BASE=$LIBCXX_DIR \ +# ./scripts/build/build.sh libcxx \ +# mkdir build && \ +# cd build && \ +# cmake \ +# -DENABLE_SOLVER_STP=ON \ +# -DENABLE_POSIX_RUNTIME=ON \ +# -DKLEE_UCLIBC_PATH=/src/klee-uclibc \ +# -DENABLE_UNIT_TESTS=ON \ +# -DLLVM_CONFIG_BINARY=/usr/bin/llvm-config-11 \ +# -DGTEST_SRC_DIR=/src/googletest-release-1.11.0/ \ +# -DENABLE_KLEE_LIBCXX=ON \ +# -DKLEE_LIBCXX_DIR=/src/libcxx/libc++-install-110/ \ +# -DKLEE_LIBCXX_INCLUDE_DIR=/src/libcxx/libc++-install-110/include/c++/v1/ \ +# -DENABLE_KLEE_EH_CXX=ON \ +# -DKLEE_LIBCXXABI_SRC_DIR=/src/libcxx/llvm-110/libcxxabi/ \ +# .. && \ +# make && \ +# make systemtests && \ +# lit test/ && \ +# make unittests + + +# # Install libstdc++-4.8. +# RUN echo 'deb http://dk.archive.ubuntu.com/ubuntu/ trusty main' >> /etc/apt/sources.list && \ +# echo 'deb http://dk.archive.ubuntu.com/ubuntu/ trusty universe' >> /etc/apt/sources && \ +# apt-get update && \ +# apt-get install -y libstdc++-4.8-dev +# +# # Install KLEE dependencies. +# RUN apt-get install -y \ +# cmake-data build-essential curl libcap-dev \ +# git cmake libncurses5-dev unzip libtcmalloc-minimal4 \ +# libgoogle-perftools-dev bison flex libboost-all-dev \ +# perl zlib1g-dev libsqlite3-dev doxygen +# +# ENV INSTALL_DIR=/out +# +# # Install minisat. +# RUN git clone https://github.com/stp/minisat.git /minisat && \ +# cd /minisat && mkdir build && cd build && \ +# CXXFLAGS= cmake -DSTATIC_BINARIES=ON \ +# -DCMAKE_INSTALL_PREFIX=$INSTALL_DIR -DCMAKE_BUILD_TYPE=Release ../ && \ +# make -j`nproc` && make install +# +# # Install STP solver. +# RUN git clone https://github.com/stp/stp.git /stp && \ +# cd /stp && git checkout tags/2.1.2 && \ +# mkdir build && cd build && \ +# CXXFLAGS= cmake -DBUILD_SHARED_LIBS:BOOL=OFF \ +# -DENABLE_PYTHON_INTERFACE:BOOL=OFF \ +# -DMINISAT_LIBRARY=$INSTALL_DIR/lib/libminisat.so \ +# -DMINISAT_INCLUDE_DIR=$INSTALL_DIR/include \ +# -DCMAKE_INSTALL_PREFIX=/user/local/ -DCMAKE_BUILD_TYPE=Release .. && \ +# make -j`nproc` && make install +# +# RUN git clone https://github.com/klee/klee-uclibc.git /klee-uclibc && \ +# cd /klee-uclibc && \ +# CC=`which clang-6.0` CXX=`which clang++-6.0` \ +# ./configure --make-llvm-lib --with-llvm-config=`which llvm-config-6.0` && \ +# make -j`nproc` && make install +# +# # Install KLEE. Use my personal repo containing seed conversion scripts for now. +# # TODO: Include seed conversion scripts in fuzzbench repo. +# # Note: don't use the 'debug' branch because it has checks for non-initialized values +# # that need to be fixed for certain syscalls. +# # When we use it, be sure to also use klee-uclibc from https://github.com/lmrs2/klee-uclibc.git. +# RUN git clone https://github.com/lmrs2/klee.git /klee && \ +# cd /klee && \ +# git checkout 3810917841c1cb58587719c1d3d47181a2401324 && \ +# wget -O tools/ktest-tool/ktest-tool https://raw.githubusercontent.com/lmrs2/klee/debug/tools/ktest-tool/ktest-tool +# +# # The libcxx build script in the KLEE repo depends on wllvm: +# RUN pip3 install wllvm + +# # Before building KLEE, build libcxx. +# RUN cd /klee && \ +# LLVM_VERSION=6.0 SANITIZER_BUILD= ENABLE_OPTIMIZED=0 ENABLE_DEBUG=1 \ +# DISABLE_ASSERTIONS=1 REQUIRES_RTTI=1 \ +# BASE=/out \ +# ./scripts/build/build.sh libcxx +# +# RUN cd /klee && \ +# mkdir build && cd build && \ +# CXXFLAGS= cmake -DENABLE_SOLVER_STP=ON -DENABLE_POSIX_RUNTIME=ON \ +# -DENABLE_KLEE_LIBCXX=ON -DKLEE_LIBCXX_DIR=/out/libc++-install-60/ \ +# -DKLEE_LIBCXX_INCLUDE_DIR=/out/libc++-install-60/include/c++/v1/ \ +# -DENABLE_KLEE_UCLIBC=ON -DKLEE_UCLIBC_PATH=/klee-uclibc/ \ +# -DENABLE_SYSTEM_TESTS=OFF -DENABLE_UNIT_TESTS=OFF \ +# -DLLVM_CONFIG_BINARY=`which llvm-config-6.0` -DLLVMCC=`which clang-6.0` \ +# -DLLVMCXX=`which clang++-6.0` -DCMAKE_INSTALL_PREFIX=$INSTALL_DIR ../ \ +# -DCMAKE_BUILD_TYPE=Release && \ +# make -j`nproc` && make install +# +# ENV LLVM_CC_NAME=clang-6.0 +# ENV LLVM_CXX_NAME=clang++-6.0 +# ENV LLVM_AR_NAME=llvm-ar-6.0 +# ENV LLVM_LINK_NAME=llvm-link-6.0 +# ENV LLVM_COMPILER=clang +# ENV CC=wllvm +# ENV CXX=wllvm++ +# +# # Compile the harness klee_driver.cpp. +# COPY klee_driver.cpp /klee_driver.cpp +# COPY klee_mock.c /klee_mock.c +# RUN $CXX -stdlib=libc++ -std=c++11 -O2 -c /klee_driver.cpp -o /klee_driver.o && \ +# ar r /libAFL.a /klee_driver.o && \ +# $LLVM_CC_NAME -O2 -c -fPIC /klee_mock.c -o /klee_mock.o && \ +# $LLVM_CC_NAME -shared -o /libKleeMock.so /klee_mock.o diff --git a/fuzzers/libafl/builder.Dockerfile b/fuzzers/libafl/builder.Dockerfile index 322c73378..ba8945840 100644 --- a/fuzzers/libafl/builder.Dockerfile +++ b/fuzzers/libafl/builder.Dockerfile @@ -15,34 +15,39 @@ ARG parent_image FROM $parent_image -# Install libstdc++ to use llvm_mode. -RUN apt-get update && \ - apt-get install -y wget libstdc++-5-dev libtool-bin automake flex bison \ - libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ - apt-utils apt-transport-https ca-certificates joe curl - -# Uninstall old Rust -RUN if which rustup; then rustup self uninstall -y; fi - -# Install latest Rust -RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh -y +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh -y && \ + rm /rustup.sh -# Switch to nightly -RUN PATH="$PATH:/root/.cargo/bin/" rustup default nightly - -# Download libafl -RUN git clone https://github.com/AFLplusplus/libafl /libafl && \ - cd /libafl && \ - git checkout ebdab32b36fd2e22025a3d47dc996b5bc8121c95 - -# Compile libafl -RUN cd /libafl && unset CFLAGS && unset CXXFLAGS && \ - export CC=clang && export CXX=clang++ && \ +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 \ + cargo && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl && \ + PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + +# Download libafl. +RUN git clone \ + --depth 1 \ + --branch 0.8.2 \ + https://github.com/AFLplusplus/libafl /libafl + +# Compile libafl. +RUN cd /libafl && \ + unset CFLAGS CXXFLAGS && \ export LIBAFL_EDGES_MAP_SIZE=2621440 && \ cd ./fuzzers/fuzzbench && \ - PATH="$PATH:/root/.cargo/bin/" cargo build --release + PATH="/root/.cargo/bin/:$PATH" cargo build --release +# Auxiliary weak references. RUN wget https://gist.githubusercontent.com/andreafioraldi/e5f60d68c98b31665a274207cfd05541/raw/4da351a321f1408df566a9cf2ce7cde6eeab3904/empty_fuzzer_lib.c -O /empty_fuzzer_lib.c && \ clang -c /empty_fuzzer_lib.c && \ ar r /emptylib.a *.o