From e212eb6ed1b1a6fb4d71c1ac8a687ea017d60ad5 Mon Sep 17 00:00:00 2001 From: Nikias Bassen Date: Sun, 8 Jan 2023 21:29:57 +0100 Subject: fuzz: Add OpenStep plist fuzzer --- fuzz/Makefile.am | 8 +++++++- fuzz/init-fuzzers.sh | 7 +++++++ fuzz/oplist.dict | 51 ++++++++++++++++++++++++++++++++++++++++++++++ fuzz/oplist_fuzzer.cc | 32 +++++++++++++++++++++++++++++ fuzz/oplist_fuzzer.options | 3 +++ fuzz/test-fuzzers.sh | 10 +++++++-- 6 files changed, 108 insertions(+), 3 deletions(-) create mode 100644 fuzz/oplist.dict create mode 100644 fuzz/oplist_fuzzer.cc create mode 100644 fuzz/oplist_fuzzer.options (limited to 'fuzz') diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index da6c8ae..8ea3fb0 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -22,7 +22,8 @@ CLEANFILES = libFuzzer.a noinst_PROGRAMS = \ xplist_fuzzer \ bplist_fuzzer \ - jplist_fuzzer + jplist_fuzzer \ + oplist_fuzzer xplist_fuzzer_SOURCES = xplist_fuzzer.cc xplist_fuzzer_LDFLAGS = -static @@ -36,12 +37,17 @@ jplist_fuzzer_SOURCES = jplist_fuzzer.cc jplist_fuzzer_LDFLAGS = -static jplist_fuzzer_LDADD = $(top_builddir)/src/libplist-2.0.la libFuzzer.a +oplist_fuzzer_SOURCES = oplist_fuzzer.cc +oplist_fuzzer_LDFLAGS = -static +oplist_fuzzer_LDADD = $(top_builddir)/src/libplist-2.0.la libFuzzer.a + TESTS = fuzzers.test EXTRA_DIST = \ bplist.dict \ xplist.dict \ jplist.dict \ + oplist.dict \ init-fuzzers.sh \ test-fuzzers.sh \ fuzzers.test diff --git a/fuzz/init-fuzzers.sh b/fuzz/init-fuzzers.sh index ea2c8cc..c9b1955 100755 --- a/fuzz/init-fuzzers.sh +++ b/fuzz/init-fuzzers.sh @@ -26,5 +26,12 @@ cp ../test/data/j1.plist jplist-input/ cp ../test/data/j2.plist jplist-input/ ./jplist_fuzzer -merge=1 jplist-input jplist-crashes jplist-leaks -dict=jplist.dict +mkdir -p oplist-input +mkdir -p oplist-crashes +mkdir -p oplist-leaks +cp ../test/data/*.ostep oplist-input/ +cp ../test/data/test.strings oplist-input/ +./oplist_fuzzer -merge=1 oplist-input oplist-crashes oplist-leaks -dict=oplist.dict + cd ${CURDIR} exit 0 diff --git a/fuzz/oplist.dict b/fuzz/oplist.dict new file mode 100644 index 0000000..1408c4a --- /dev/null +++ b/fuzz/oplist.dict @@ -0,0 +1,51 @@ +# +# AFL dictionary for OpenStep plist format +# ---------------------------------------- + +"0" +",0" +"=0" +"0=" + +"\"\"" +",\"\"" +"=\"\"" +"\"\"=" + +"=" +";" + +"{}" +",{}" +"={}" +"{\"\"=0}" +"{{}}" + +"()" +",()" +"=()" +"(0)" +"(())" + +"''" +"\\" +"\\b" +"\\f" +"\\n" +"\\r" +"\\t" +"\\U0000" +"\\a" +"\\b" +"\\f" +"\\n" +"\\r" +"\\t" +"\\v" +"\\0" +"\\uD800\\uDC00" +"\\uDBFF\\uDFFF" + +"\"\"=0" +"//" +"/**/" diff --git a/fuzz/oplist_fuzzer.cc b/fuzz/oplist_fuzzer.cc new file mode 100644 index 0000000..0fabed8 --- /dev/null +++ b/fuzz/oplist_fuzzer.cc @@ -0,0 +1,32 @@ +/* + * oplist_fuzzer.cc + * OpenStep plist fuzz target for libFuzzer + * + * Copyright (c) 2023 Nikias Bassen All Rights Reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include +#include + +extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size) +{ + plist_t root_node = NULL; + plist_from_openstep(reinterpret_cast(data), size, &root_node); + plist_free(root_node); + + return 0; +} diff --git a/fuzz/oplist_fuzzer.options b/fuzz/oplist_fuzzer.options new file mode 100644 index 0000000..69a63d9 --- /dev/null +++ b/fuzz/oplist_fuzzer.options @@ -0,0 +1,3 @@ +[libfuzzer] +max_len = 4096 +dict = oplist.dict diff --git a/fuzz/test-fuzzers.sh b/fuzz/test-fuzzers.sh index 40be74f..4fdf82b 100755 --- a/fuzz/test-fuzzers.sh +++ b/fuzz/test-fuzzers.sh @@ -5,13 +5,13 @@ FUZZDIR=`dirname $0` cd ${FUZZDIR} -if ! test -x xplist_fuzzer || ! test -x bplist_fuzzer || ! test -x jplist_fuzzer; then +if ! test -x xplist_fuzzer || ! test -x bplist_fuzzer || ! test -x jplist_fuzzer || ! test -x oplist_fuzzer; then echo "ERROR: you need to build the fuzzers first." cd ${CURDIR} exit 1 fi -if ! test -d xplist-input || ! test -d bplist-input || ! test -d jplist-input; then +if ! test -d xplist-input || ! test -d bplist-input || ! test -d jplist-input || ! test -d oplist-input; then echo "ERROR: fuzzer corpora directories are not present. Did you run init-fuzzers.sh ?" cd ${CURDIR} exit 1 @@ -35,5 +35,11 @@ if ! ./jplist_fuzzer jplist-input -dict=jplist.dict -max_len=65536 -runs=10000; exit 1 fi +echo "### TESTING oplist_fuzzer ###" +if ! ./oplist_fuzzer oplist-input -dict=oplist.dict -max_len=65536 -runs=10000; then + cd ${CURDIR} + exit 1 +fi + cd ${CURDIR} exit 0 -- cgit v1.1-32-gdbae