summaryrefslogtreecommitdiffstats
path: root/fuzz
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2017-04-25 14:54:59 +0200
committerGravatar Nikias Bassen2017-04-25 14:54:59 +0200
commit5c6e695ca942f9a417d24e58f14d51f3e8e1885d (patch)
tree7eef70ace704c440baea74fff06cc623f800d303 /fuzz
parent62ec804736435fa34e37e66e228e17e2aacee1d7 (diff)
downloadlibplist-5c6e695ca942f9a417d24e58f14d51f3e8e1885d.tar.gz
libplist-5c6e695ca942f9a417d24e58f14d51f3e8e1885d.tar.bz2
Add fuzzing targets for libFuzzer used by Google's OSS-Fuzz
Diffstat (limited to 'fuzz')
-rw-r--r--fuzz/bplist.dict1
-rw-r--r--fuzz/bplist_fuzzer.cc32
-rw-r--r--fuzz/bplist_fuzzer.options3
-rw-r--r--fuzz/xplist.dict51
-rw-r--r--fuzz/xplist_fuzzer.cc32
-rw-r--r--fuzz/xplist_fuzzer.options3
6 files changed, 122 insertions, 0 deletions
diff --git a/fuzz/bplist.dict b/fuzz/bplist.dict
new file mode 100644
index 0000000..bb0ea5d
--- /dev/null
+++ b/fuzz/bplist.dict
@@ -0,0 +1 @@
+header_bplist = "bplist00"
diff --git a/fuzz/bplist_fuzzer.cc b/fuzz/bplist_fuzzer.cc
new file mode 100644
index 0000000..17d0649
--- /dev/null
+++ b/fuzz/bplist_fuzzer.cc
@@ -0,0 +1,32 @@
+/*
+ * bplist_fuzzer.cc
+ * binary plist fuzz target for libFuzzer
+ *
+ * Copyright (c) 2017 Nikias Bassen All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <plist/plist.h>
+#include <stdio.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size)
+{
+ plist_t root_node = NULL;
+ plist_from_bin(reinterpret_cast<const char*>(data), size, &root_node);
+ plist_free(root_node);
+
+ return 0;
+}
diff --git a/fuzz/bplist_fuzzer.options b/fuzz/bplist_fuzzer.options
new file mode 100644
index 0000000..c0689b2
--- /dev/null
+++ b/fuzz/bplist_fuzzer.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 4096
+dict = bplist.dict
diff --git a/fuzz/xplist.dict b/fuzz/xplist.dict
new file mode 100644
index 0000000..48b0367
--- /dev/null
+++ b/fuzz/xplist.dict
@@ -0,0 +1,51 @@
+################################################################################
+#
+# AFL dictionary for XML Property Lists
+# ----------------------
+#
+# Several basic syntax elements and attributes for libplist.
+#
+# Created by Nikias Bassen <nikias@gmx.li>
+# Adapted from libxml2's dict file (created by Michal Zalewski <lcamtuf@google.com>)
+#
+
+attr_encoding=" encoding=\"1\""
+attr_generic=" a=\"1\""
+attr_version=" version=\"1\""
+
+entity_builtin="&lt;"
+entity_decimal="&#1;"
+entity_external="&a;"
+entity_hex="&#x1;"
+
+string_cdata="CDATA"
+string_dashes="--"
+string_empty="EMPTY"
+string_empty_dblquotes="\"\""
+string_empty_quotes="''"
+string_parentheses="()"
+string_pcdata="#PCDATA"
+string_percent="%a"
+string_public="PUBLIC"
+string_utf8="UTF-8"
+
+tag_cdata="<![CDATA["
+tag_close="</plist>"
+tag_doctype="<!DOCTYPE"
+tag_open="<plist>"
+tag_open_close="<plist />"
+tag_open_exclamation="<!"
+tag_open_q="<?"
+tag_sq2_close="]]>"
+tag_xml_q="<?xml?>"
+tag_array="<array>"
+tag_data="<data>"
+tag_date="<date>"
+tag_dict="<dict>"
+tag_false="<false/>"
+tag_integer="<integer>"
+tag_key="<key>"
+tag_plist="<plist>"
+tag_real="<real>"
+tag_string="<string>"
+tag_true="<true/>"
diff --git a/fuzz/xplist_fuzzer.cc b/fuzz/xplist_fuzzer.cc
new file mode 100644
index 0000000..c477c4d
--- /dev/null
+++ b/fuzz/xplist_fuzzer.cc
@@ -0,0 +1,32 @@
+/*
+ * xplist_fuzzer.cc
+ * XML plist fuzz target for libFuzzer
+ *
+ * Copyright (c) 2017 Nikias Bassen All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <plist/plist.h>
+#include <stdio.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size)
+{
+ plist_t root_node = NULL;
+ plist_from_xml(reinterpret_cast<const char*>(data), size, &root_node);
+ plist_free(root_node);
+
+ return 0;
+}
diff --git a/fuzz/xplist_fuzzer.options b/fuzz/xplist_fuzzer.options
new file mode 100644
index 0000000..bad5dac
--- /dev/null
+++ b/fuzz/xplist_fuzzer.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 4096
+dict = xplist.dict