From e212eb6ed1b1a6fb4d71c1ac8a687ea017d60ad5 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Sun, 8 Jan 2023 21:29:57 +0100
Subject: fuzz: Add OpenStep plist fuzzer

---
 fuzz/Makefile.am           |  8 +++++++-
 fuzz/init-fuzzers.sh       |  7 +++++++
 fuzz/oplist.dict           | 51 ++++++++++++++++++++++++++++++++++++++++++++++
 fuzz/oplist_fuzzer.cc      | 32 +++++++++++++++++++++++++++++
 fuzz/oplist_fuzzer.options |  3 +++
 fuzz/test-fuzzers.sh       | 10 +++++++--
 6 files changed, 108 insertions(+), 3 deletions(-)
 create mode 100644 fuzz/oplist.dict
 create mode 100644 fuzz/oplist_fuzzer.cc
 create mode 100644 fuzz/oplist_fuzzer.options

(limited to 'fuzz')

diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am
index da6c8ae..8ea3fb0 100644
--- a/fuzz/Makefile.am
+++ b/fuzz/Makefile.am
@@ -22,7 +22,8 @@ CLEANFILES = libFuzzer.a
 noinst_PROGRAMS = \
 	xplist_fuzzer \
 	bplist_fuzzer \
-	jplist_fuzzer
+	jplist_fuzzer \
+	oplist_fuzzer
 
 xplist_fuzzer_SOURCES = xplist_fuzzer.cc
 xplist_fuzzer_LDFLAGS = -static
@@ -36,12 +37,17 @@ jplist_fuzzer_SOURCES = jplist_fuzzer.cc
 jplist_fuzzer_LDFLAGS = -static
 jplist_fuzzer_LDADD = $(top_builddir)/src/libplist-2.0.la libFuzzer.a
 
+oplist_fuzzer_SOURCES = oplist_fuzzer.cc
+oplist_fuzzer_LDFLAGS = -static
+oplist_fuzzer_LDADD = $(top_builddir)/src/libplist-2.0.la libFuzzer.a
+
 TESTS = fuzzers.test
 
 EXTRA_DIST = \
 	bplist.dict \
 	xplist.dict \
 	jplist.dict \
+	oplist.dict \
 	init-fuzzers.sh \
 	test-fuzzers.sh \
 	fuzzers.test
diff --git a/fuzz/init-fuzzers.sh b/fuzz/init-fuzzers.sh
index ea2c8cc..c9b1955 100755
--- a/fuzz/init-fuzzers.sh
+++ b/fuzz/init-fuzzers.sh
@@ -26,5 +26,12 @@ cp ../test/data/j1.plist jplist-input/
 cp ../test/data/j2.plist jplist-input/
 ./jplist_fuzzer -merge=1 jplist-input jplist-crashes jplist-leaks -dict=jplist.dict
 
+mkdir -p oplist-input
+mkdir -p oplist-crashes
+mkdir -p oplist-leaks
+cp ../test/data/*.ostep oplist-input/
+cp ../test/data/test.strings oplist-input/
+./oplist_fuzzer -merge=1 oplist-input oplist-crashes oplist-leaks -dict=oplist.dict
+
 cd ${CURDIR}
 exit 0
diff --git a/fuzz/oplist.dict b/fuzz/oplist.dict
new file mode 100644
index 0000000..1408c4a
--- /dev/null
+++ b/fuzz/oplist.dict
@@ -0,0 +1,51 @@
+#
+# AFL dictionary for OpenStep plist format
+# ----------------------------------------
+
+"0"
+",0"
+"=0"
+"0="
+
+"\"\""
+",\"\""
+"=\"\""
+"\"\"="
+
+"="
+";"
+
+"{}"
+",{}"
+"={}"
+"{\"\"=0}"
+"{{}}"
+
+"()"
+",()"
+"=()"
+"(0)"
+"(())"
+
+"''"
+"\\"
+"\\b"
+"\\f"
+"\\n"
+"\\r"
+"\\t"
+"\\U0000"
+"\\a"
+"\\b"
+"\\f"
+"\\n"
+"\\r"
+"\\t"
+"\\v"
+"\\0"
+"\\uD800\\uDC00"
+"\\uDBFF\\uDFFF"
+
+"\"\"=0"
+"//"
+"/**/"
diff --git a/fuzz/oplist_fuzzer.cc b/fuzz/oplist_fuzzer.cc
new file mode 100644
index 0000000..0fabed8
--- /dev/null
+++ b/fuzz/oplist_fuzzer.cc
@@ -0,0 +1,32 @@
+/*
+ * oplist_fuzzer.cc
+ * OpenStep plist fuzz target for libFuzzer
+ *
+ * Copyright (c) 2023 Nikias Bassen All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#include <plist/plist.h>
+#include <stdio.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size)
+{
+	plist_t root_node = NULL;
+	plist_from_openstep(reinterpret_cast<const char*>(data), size, &root_node);
+	plist_free(root_node);
+
+	return 0;
+}
diff --git a/fuzz/oplist_fuzzer.options b/fuzz/oplist_fuzzer.options
new file mode 100644
index 0000000..69a63d9
--- /dev/null
+++ b/fuzz/oplist_fuzzer.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 4096
+dict = oplist.dict
diff --git a/fuzz/test-fuzzers.sh b/fuzz/test-fuzzers.sh
index 40be74f..4fdf82b 100755
--- a/fuzz/test-fuzzers.sh
+++ b/fuzz/test-fuzzers.sh
@@ -5,13 +5,13 @@ FUZZDIR=`dirname $0`
 
 cd ${FUZZDIR}
 
-if ! test -x xplist_fuzzer || ! test -x bplist_fuzzer || ! test -x jplist_fuzzer; then
+if ! test -x xplist_fuzzer || ! test -x bplist_fuzzer || ! test -x jplist_fuzzer || ! test -x oplist_fuzzer; then
 	echo "ERROR: you need to build the fuzzers first."
 	cd ${CURDIR}
 	exit 1
 fi
 
-if ! test -d xplist-input || ! test -d bplist-input || ! test -d jplist-input; then
+if ! test -d xplist-input || ! test -d bplist-input || ! test -d jplist-input || ! test -d oplist-input; then
 	echo "ERROR: fuzzer corpora directories are not present. Did you run init-fuzzers.sh ?"
 	cd ${CURDIR}
 	exit 1
@@ -35,5 +35,11 @@ if ! ./jplist_fuzzer jplist-input -dict=jplist.dict -max_len=65536 -runs=10000;
 	exit 1
 fi
 
+echo "### TESTING oplist_fuzzer ###"
+if ! ./oplist_fuzzer oplist-input -dict=oplist.dict -max_len=65536 -runs=10000; then
+	cd ${CURDIR}
+	exit 1
+fi
+
 cd ${CURDIR}
 exit 0
-- 
cgit v1.1-32-gdbae