diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/Dockerfile b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/Dockerfile new file mode 100644 index 000000000..c5d22a343 --- /dev/null +++ b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/Dockerfile @@ -0,0 +1,35 @@ +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +ENV DEBIAN_FRONTEND noninteractive +RUN apt-get update && \ + apt-get install -y -q --no-install-recommends \ + bison \ + build-essential \ + cmake \ + flex \ + libboost-all-dev \ + ninja-build \ + python3 + +RUN git clone \ + --recurse-submodules \ + https://github.com/apache/arrow.git \ + $SRC/arrow + +COPY build.sh thrift.patch $SRC/ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/benchmark.yaml b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/benchmark.yaml new file mode 100644 index 000000000..914506926 --- /dev/null +++ b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/benchmark.yaml @@ -0,0 +1,57 @@ +# 4846902008479744 +commit: eee13b0acc3397d132051dcf47e6f5813436bf91 +commit_date: 2022-08-19T03:19:28+0000 +fuzz_target: arrow-ipc-stream-fuzz +project: arrow +type: bug +unsupported_fuzzers: + - honggfuzz # To Be Fixed. + - aflcc + - afl_qemu + - aflplusplus_qemu + - aflplusplus_qemu_tracepc + - aflplusplus_frida + - honggfuzz_qemu + - klee + - weizz_qemu + - lafintel + - neuzz + - aflplusplus_qemu_tracepc + - aflplusplus_qemu_cmplog + - aflplusplus_qemu_cmplog_inmem + - aflplusplus_qemu_inmem + - aflplusplus_classic_ctx + - aflplusplus_classic_ctx_18 + - aflplusplus_classic_ctx_20 + - aflplusplus_classic_ctx_21 + - aflplusplus_classic_ctx_23 + - aflplusplus_pcguard + - cfctx_basic + - cfctx_bottom + - cfctx_dataflow_seadsa + - cfctx_dataflow_svf + - cfctx_params + - cfctx_plain + - cfctx_randomic + - cfctx_bottom_llc + - cfctx_dataflow_seadsa_llc + - cfctx_dataflow_svf_llc + - cfctx_randomic_llc + - cfctx_params_llc + - cfctx_params_1mb + - cfctx_params_2mb + - cfctx_params_4mb + - cfctx_params_512kb + - cfctx_params_768kb + - cfctx_full + - aflplusplus_cmplog_double + - symcc_aflplusplus_single + - eclipser_aflplusplus + - aflplusplus_qemu_double + - fuzzolic_aflplusplus_z3 + - symqemu_aflplusplus + - fuzzolic_aflplusplus_fuzzy + - fuzzolic_aflplusplus_z3dict + - aflplusplus_gcc + - aflplusplus_classic + - tortoisefuzz diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/build.sh b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/build.sh new file mode 100755 index 000000000..31e12b625 --- /dev/null +++ b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/build.sh @@ -0,0 +1,72 @@ +#!/bin/bash -eu +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +set -ex + +# Fix thrift download. +# This needs to be done in build.sh because the checkout happens after the +# builder.Dockerfile completes. +cd $SRC/arrow +git apply ../thrift.patch || true +cd - +ARROW=${SRC}/arrow/cpp + +cd ${WORK} + +# The CMake build setup compiles and runs the Thrift compiler, but ASAN +# would report leaks and error out. +export ASAN_OPTIONS="detect_leaks=0" + +cmake ${ARROW} -GNinja \ + -DCMAKE_BUILD_TYPE=Release \ + -DARROW_DEPENDENCY_SOURCE=BUNDLED \ + -DBOOST_SOURCE=SYSTEM \ + -DCMAKE_C_FLAGS="${CFLAGS}" \ + -DCMAKE_CXX_FLAGS="${CXXFLAGS}" \ + -DARROW_EXTRA_ERROR_CONTEXT=off \ + -DARROW_JEMALLOC=off \ + -DARROW_MIMALLOC=off \ + -DARROW_FILESYSTEM=off \ + -DARROW_PARQUET=on \ + -DARROW_BUILD_SHARED=off \ + -DARROW_BUILD_STATIC=on \ + -DARROW_BUILD_TESTS=off \ + -DARROW_BUILD_INTEGRATION=off \ + -DARROW_BUILD_BENCHMARKS=off \ + -DARROW_BUILD_EXAMPLES=off \ + -DARROW_BUILD_UTILITIES=off \ + -DARROW_TEST_LINKAGE=static \ + -DPARQUET_BUILD_EXAMPLES=off \ + -DPARQUET_BUILD_EXECUTABLES=off \ + -DPARQUET_REQUIRE_ENCRYPTION=off \ + -DARROW_WITH_BROTLI=on \ + -DARROW_WITH_BZ2=off \ + -DARROW_WITH_LZ4=off \ + -DARROW_WITH_SNAPPY=off \ + -DARROW_WITH_ZLIB=off \ + -DARROW_WITH_ZSTD=off \ + -DARROW_USE_GLOG=off \ + -DARROW_USE_ASAN=off \ + -DARROW_USE_UBSAN=off \ + -DARROW_USE_TSAN=off \ + -DARROW_FUZZING=on \ + +cmake --build . + +cp -a release/* ${OUT} + +${ARROW}/build-support/fuzzing/generate_corpuses.sh ${OUT} diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20665 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20665 new file mode 100644 index 000000000..1434f1fa7 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20665 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20666 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20666 new file mode 100644 index 000000000..e32f56158 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20666 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20669 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20669 new file mode 100644 index 000000000..a56194a21 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20669 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20670 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20670 new file mode 100644 index 000000000..e92ea4356 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20670 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20675 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20675 new file mode 100644 index 000000000..7419df89a Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20675 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20681 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20681 new file mode 100644 index 000000000..fe94e1c4e --- /dev/null +++ b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20681 @@ -0,0 +1 @@ +’’’’PAR1 \ No newline at end of file diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20682 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20682 new file mode 100644 index 000000000..b36e17ba5 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20682 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20683 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20683 new file mode 100644 index 000000000..c91539def Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20683 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20685 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20685 new file mode 100644 index 000000000..e256e8418 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20685 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20686 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20686 new file mode 100644 index 000000000..28c1eacf7 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20686 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20695 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20695 new file mode 100644 index 000000000..2bced3be4 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20695 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20696 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20696 new file mode 100644 index 000000000..1d36f9fca Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20696 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20697 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20697 new file mode 100644 index 000000000..5477f4924 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20697 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20698 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20698 new file mode 100644 index 000000000..e9ba96eb7 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20698 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20711 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20711 new file mode 100644 index 000000000..3199a8279 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20711 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20721 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20721 new file mode 100644 index 000000000..5c5b90060 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20721 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20733 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20733 new file mode 100644 index 000000000..1635d2e47 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20733 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20735 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20735 new file mode 100644 index 000000000..87277d139 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20735 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20837 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20837 new file mode 100644 index 000000000..0958fbd3a Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20837 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20849 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20849 new file mode 100644 index 000000000..e1225b59b Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20849 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20897 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20897 new file mode 100644 index 000000000..e5b7879c4 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20897 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20937 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20937 new file mode 100644 index 000000000..6a92b5e4a Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20937 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20940 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20940 new file mode 100644 index 000000000..afd253701 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20940 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20989 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20989 new file mode 100644 index 000000000..db45789a7 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/20989 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21009 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21009 new file mode 100644 index 000000000..e3f29e42d Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21009 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21010 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21010 new file mode 100644 index 000000000..37e61e0a1 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21010 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21101 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21101 new file mode 100644 index 000000000..245a18b3b Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21101 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21106 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21106 new file mode 100644 index 000000000..5cefec65e Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21106 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21147 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21147 new file mode 100644 index 000000000..1dd7f46c6 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21147 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21166 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21166 new file mode 100644 index 000000000..23f479e45 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21166 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21251 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21251 new file mode 100644 index 000000000..7ce1254b2 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21251 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21453 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21453 new file mode 100644 index 000000000..3255e1d29 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21453 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21567 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21567 new file mode 100644 index 000000000..d3127f838 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/21567 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/26064 b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/26064 new file mode 100644 index 000000000..b2bbf5e55 Binary files /dev/null and b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/testcases/26064 differ diff --git a/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/thrift.patch b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/thrift.patch new file mode 100644 index 000000000..abdbf6255 --- /dev/null +++ b/benchmarks/arrow_arrow-ipc-stream-fuzz_eee13b/thrift.patch @@ -0,0 +1,22 @@ +diff --git a/cpp/cmake_modules/ThirdpartyToolchain.cmake b/cpp/cmake_modules/ThirdpartyToolchain.cmake +index 9c062f86a..5d04ef92c 100644 +--- a/cpp/cmake_modules/ThirdpartyToolchain.cmake ++++ b/cpp/cmake_modules/ThirdpartyToolchain.cmake +@@ -39,7 +39,7 @@ endif() + # ---------------------------------------------------------------------- + # We should not use the Apache dist server for build dependencies + +-set(APACHE_MIRROR "") ++set(APACHE_MIRROR "https://archive.apache.org") + + macro(get_apache_mirror) + if(APACHE_MIRROR STREQUAL "") +@@ -1129,7 +1129,7 @@ macro(build_thrift) + get_apache_mirror() + set( + THRIFT_SOURCE_URL +- "${APACHE_MIRROR}/thrift/${ARROW_THRIFT_BUILD_VERSION}/thrift-${ARROW_THRIFT_BUILD_VERSION}.tar.gz" ++ "${APACHE_MIRROR}/dist/thrift/${ARROW_THRIFT_BUILD_VERSION}/thrift-${ARROW_THRIFT_BUILD_VERSION}.tar.gz" + ) + endif() + diff --git a/benchmarks/aspell_aspell_fuzzer_aed7cd/Dockerfile b/benchmarks/aspell_aspell_fuzzer_aed7cd/Dockerfile new file mode 100644 index 000000000..262954263 --- /dev/null +++ b/benchmarks/aspell_aspell_fuzzer_aed7cd/Dockerfile @@ -0,0 +1,31 @@ +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN git clone \ + https://github.com/gnuaspell/aspell.git \ + $SRC/aspell + +RUN git clone \ + https://github.com/gnuaspell/aspell-fuzz.git \ + $SRC/aspell-fuzz && \ + git -C $SRC/aspell-fuzz checkout fa4aa32c6bf9573801a7675137e1c31b9f13247f + + +WORKDIR $SRC/aspell-fuzz +COPY build.sh $SRC/ + diff --git a/benchmarks/aspell_aspell_fuzzer_aed7cd/benchmark.yaml b/benchmarks/aspell_aspell_fuzzer_aed7cd/benchmark.yaml new file mode 100644 index 000000000..62c42bdb2 --- /dev/null +++ b/benchmarks/aspell_aspell_fuzzer_aed7cd/benchmark.yaml @@ -0,0 +1,50 @@ +# 4546146634170368 +commit: aed7cd364b2f50f3f01b9a6eec79f7289ede2bed +commit_date : 2022-06-01T23:38:41+0000 +fuzz_target: aspell_fuzzer +project: aspell +type: bug +unsupported_fuzzers: + - aflcc + - afl_qemu + - aflplusplus_qemu + - aflplusplus_qemu_tracepc + - aflplusplus_frida + - honggfuzz_qemu + - klee + - lafintel + - weizz_qemu + - aflplusplus_classic_ctx + - aflplusplus_classic_ctx_18 + - aflplusplus_classic_ctx_20 + - aflplusplus_classic_ctx_21 + - aflplusplus_classic_ctx_23 + - aflplusplus_pcguard + - aflplusplus_classic + - cfctx_basic + - cfctx_bottom + - cfctx_dataflow_seadsa + - cfctx_dataflow_svf + - cfctx_params + - cfctx_plain + - cfctx_randomic + - cfctx_bottom_llc + - cfctx_dataflow_seadsa_llc + - cfctx_dataflow_svf_llc + - cfctx_randomic_llc + - cfctx_params_llc + - cfctx_params_1mb + - cfctx_params_2mb + - cfctx_params_4mb + - cfctx_params_512kb + - cfctx_params_768kb + - cfctx_full + - aflplusplus_cmplog_double + - symcc_aflplusplus_single + - eclipser_aflplusplus + - aflplusplus_qemu_double + - fuzzolic_aflplusplus_z3 + - symqemu_aflplusplus + - fuzzolic_aflplusplus_fuzzy + - fuzzolic_aflplusplus_z3dict + - tortoisefuzz diff --git a/benchmarks/aspell_aspell_fuzzer_aed7cd/build.sh b/benchmarks/aspell_aspell_fuzzer_aed7cd/build.sh new file mode 100755 index 000000000..e77ebd3e6 --- /dev/null +++ b/benchmarks/aspell_aspell_fuzzer_aed7cd/build.sh @@ -0,0 +1,21 @@ +#!/bin/bash -eu +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Run the OSS-Fuzz script in the fuzzer project. +pushd $SRC/aspell-fuzz +./ossfuzz.sh +popd diff --git a/benchmarks/assimp_assimp_fuzzer_bdee65/Dockerfile b/benchmarks/assimp_assimp_fuzzer_bdee65/Dockerfile new file mode 100644 index 000000000..6fca7685b --- /dev/null +++ b/benchmarks/assimp_assimp_fuzzer_bdee65/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && apt-get install -y cmake ninja-build +RUN git clone --recursive https://github.com/assimp/assimp.git +WORKDIR assimp +COPY build.sh $SRC/ + diff --git a/benchmarks/assimp_assimp_fuzzer_bdee65/benchmark.yaml b/benchmarks/assimp_assimp_fuzzer_bdee65/benchmark.yaml new file mode 100644 index 000000000..6207adb20 --- /dev/null +++ b/benchmarks/assimp_assimp_fuzzer_bdee65/benchmark.yaml @@ -0,0 +1,5 @@ +# 4515118433566720 +commit: bdee65e577caa6f2eea8e6e22d2175407cde5de3 +fuzz_target: assimp_fuzzer +project: assimp +type: bug diff --git a/benchmarks/assimp_assimp_fuzzer_bdee65/build.sh b/benchmarks/assimp_assimp_fuzzer_bdee65/build.sh new file mode 100644 index 000000000..4cb8bea37 --- /dev/null +++ b/benchmarks/assimp_assimp_fuzzer_bdee65/build.sh @@ -0,0 +1,27 @@ +#!/bin/bash -eu +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# generate build env and build assimp +cmake CMakeLists.txt -G "Ninja" -DBUILD_SHARED_LIBS=OFF -DASSIMP_BUILD_ZLIB=ON \ + -DASSIMP_BUILD_TESTS=OFF -DASSIMP_BUILD_ASSIMP_TOOLS=OFF \ + -DASSIMP_BUILD_SAMPLES=OFF +cmake --build . + +# Build the fuzzer +$CXX $CXXFLAGS $LIB_FUZZING_ENGINE -std=c++11 -I$SRC/assimp/include \ + fuzz/assimp_fuzzer.cc -o $OUT/assimp_fuzzer \ + ./lib/libassimp.a ./contrib/zlib/libzlibstatic.a diff --git a/benchmarks/bloaty_fuzz_target_f01ea5/Dockerfile b/benchmarks/bloaty_fuzz_target_f01ea5/Dockerfile new file mode 100644 index 000000000..28055243a --- /dev/null +++ b/benchmarks/bloaty_fuzz_target_f01ea5/Dockerfile @@ -0,0 +1,30 @@ +# Copyright 2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && \ + apt-get install -y \ + cmake \ + ninja-build \ + g++ \ + libz-dev + +RUN git clone \ + https://github.com/google/bloaty.git + +WORKDIR bloaty +COPY build.sh $SRC/ diff --git a/benchmarks/bloaty_fuzz_target_f01ea5/benchmark.yaml b/benchmarks/bloaty_fuzz_target_f01ea5/benchmark.yaml new file mode 100644 index 000000000..26f43a9e5 --- /dev/null +++ b/benchmarks/bloaty_fuzz_target_f01ea5/benchmark.yaml @@ -0,0 +1,30 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# 6440215450877952 +commit: f01ea59bdda11708d74a3826c23d6e2db6c996f0 +commit_date: 2022-11-11T17:41:21+00:00 +fuzz_target: fuzz_target +project: bloaty +type: bug +unsupported_fuzzers: + - klee + - aflplusplus_cmplog_double + - symcc_aflplusplus_single + - eclipser_aflplusplus + - aflplusplus_qemu_double + - fuzzolic_aflplusplus_z3 + - symqemu_aflplusplus + - fuzzolic_aflplusplus_fuzzy + - fuzzolic_aflplusplus_z3dict diff --git a/benchmarks/bloaty_fuzz_target_f01ea5/build.sh b/benchmarks/bloaty_fuzz_target_f01ea5/build.sh new file mode 100644 index 000000000..8adf40690 --- /dev/null +++ b/benchmarks/bloaty_fuzz_target_f01ea5/build.sh @@ -0,0 +1,22 @@ +#!/bin/bash -eu +# Copyright 2017 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cd $WORK +cmake -G Ninja -DBUILD_TESTING=false $SRC/bloaty +ninja -j$(nproc) +cp fuzz_target $OUT +zip -j $OUT/fuzz_target_seed_corpus.zip $SRC/bloaty/tests/testdata/fuzz_corpus/* diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/Dockerfile b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/Dockerfile new file mode 100644 index 000000000..a5b6390f1 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/Dockerfile @@ -0,0 +1,111 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && \ + apt-get install -y \ + make \ + autoconf \ + libtool \ + build-essential \ + libass-dev \ + libfreetype6-dev \ + libsdl1.2-dev \ + libvdpau-dev \ + libxcb1-dev \ + libxcb-shm0-dev \ + libdrm-dev \ + pkg-config \ + texinfo \ + libbz2-dev \ + zlib1g-dev \ + yasm \ + cmake \ + mercurial \ + wget \ + xutils-dev \ + libpciaccess-dev \ + nasm \ + meson \ + rsync && \ + curl \ + -LO \ + http://mirrors.kernel.org/ubuntu/pool/main/a/automake-1.16/automake_1.16.5-1.3_all.deb && \ + apt install ./automake_1.16.5-1.3_all.deb && \ + rm automake_1.16.5-1.3_all.deb + +RUN git clone \ + --branch v1.2.8 \ + --depth 1 \ + https://github.com/alsa-project/alsa-lib.git + +RUN git clone \ + --branch v2.0.2 \ + --depth 1 \ + https://github.com/mstorsjo/fdk-aac.git + +RUN git clone \ + --branch libXext-1.3.5 \ + --depth 1 \ + https://gitlab.freedesktop.org/xorg/lib/libxext.git + +RUN git clone \ + --depth 1 \ + --branch 2.16.0 \ + https://github.com/intel/libva + +RUN git clone \ + --depth 1 \ + --branch libvdpau-1.2 \ + https://gitlab.freedesktop.org/vdpau/libvdpau.git + +RUN git clone \ + --depth 1 \ + --branch v1.12.0 \ + https://chromium.googlesource.com/webm/libvpx + +RUN git clone \ + --depth 1 \ + --branch v1.3.5 \ + https://github.com/xiph/ogg + +RUN git clone \ + --depth 1 \ + --branch v1.3.1 \ + https://github.com/xiph/opus + +RUN git clone \ + --depth 1 \ + --branch v1.1.1 \ + https://github.com/xiph/theora + +RUN git clone \ + --depth 1 \ + --branch v1.3.7 \ + https://github.com/xiph/vorbis + +RUN git clone \ + --depth 1 \ + --branch v2.10.3 \ + https://gitlab.gnome.org/GNOME/libxml2.git + +RUN git clone \ + --branch n5.1.2 \ + --depth 1 \ + https://git.ffmpeg.org/ffmpeg.git + +COPY build.sh group_seed_corpus.py $SRC/ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/benchmark.yaml b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/benchmark.yaml new file mode 100644 index 000000000..c7541fe45 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/benchmark.yaml @@ -0,0 +1,47 @@ +# 5706852010164224 +commit: fe85afbf8cb2b9cf8cb28cb13bff654949b43823 +fuzz_target: ffmpeg_DEMUXER_fuzzer +project: ffmpeg +type: bug +unsupported_fuzzers: + - aflcc + - afl_qemu + - aflplusplus_qemu + - aflplusplus_qemu_tracepc + - aflplusplus_zafl + - aflplusplus_frida + - honggfuzz_qemu + - klee + - weizz_qemu + - lafintel + - eclipser + - eclipser_aflplusplus + - aflplusplus_qemu_inmem + - symcc_afl + - symcc_afl_single + - symcc_aflplusplus + - symcc_aflplusplus_single + - aflplusplus_unusual_enabled + - aflplusplus_unusual_disabled + - aflplusplus_cmplog_double + - symcc_aflplusplus_single + - eclipser_aflplusplus + - aflplusplus_qemu_double + - fuzzolic_aflplusplus_z3 + - symqemu_aflplusplus + - fuzzolic_aflplusplus_fuzzy + - fuzzolic_aflplusplus_z3dict + - cfctx_bottom + - cfctx_dataflow_seadsa + - cfctx_dataflow_svf + - cfctx_randomic + - cfctx_params + - cfctx_params_512kb + - afldd + - aflpp_vs_dd + - aflplusplus_gcc + - libfuzzer_dataflow + - libfuzzer_dataflow_load + - libfuzzer_dataflow_store + - libfuzzer_dataflow_pre + - wingfuzz diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/bionic.list b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/bionic.list new file mode 100644 index 000000000..8621803a7 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/bionic.list @@ -0,0 +1,2 @@ +# use nasm 2.13.02 from bionic +deb http://archive.ubuntu.com/ubuntu/ bionic universe diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/build.sh b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/build.sh new file mode 100755 index 000000000..d45d543c2 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/build.sh @@ -0,0 +1,175 @@ +#!/bin/bash -eux +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Disable UBSan vptr since several targets built with -fno-rtti. +export CFLAGS="$CFLAGS -fno-sanitize=vptr" +export CXXFLAGS="$CXXFLAGS -fno-sanitize=vptr" + +# Build dependencies. +export FFMPEG_DEPS_PATH="$SRC/ffmpeg_deps" +mkdir -p $FFMPEG_DEPS_PATH + +export PATH="$FFMPEG_DEPS_PATH/bin:$PATH" +export LD_LIBRARY_PATH="$FFMPEG_DEPS_PATH/lib" +export PKG_CONFIG_PATH="$LD_LIBRARY_PATH/pkgconfig:$LD_LIBRARY_PATH/x86_64-linux-gnu/pkgconfig" + +(cd $SRC/alsa-lib +./gitcompile +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared +make clean +make -j$(nproc) all +make install) + +(cd $SRC/fdk-aac +autoreconf -fiv +CXXFLAGS="$CXXFLAGS -fno-sanitize=shift-base" \ +./configure --prefix="$FFMPEG_DEPS_PATH" --disable-shared +make clean +make -j$(nproc) all +make install) + +(cd $SRC/libxext +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static +make clean +make -j$(nproc) +make install) + +(cd $SRC/libva +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared +make clean +make -j$(nproc) all +make install) + +(cd $SRC/libvdpau +# Requires libpciaccess-dev +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-shared +make clean +make -j$(nproc) all +make install) + +(cd $SRC/libvpx +LDFLAGS="$CXXFLAGS" ./configure --prefix="$FFMPEG_DEPS_PATH" \ + --disable-examples --disable-unit-tests \ + --size-limit=12288x12288 \ + --extra-cflags="-DVPX_MAX_ALLOCABLE_MEMORY=1073741824" +make clean +make -j$(nproc) all +make install) + +(cd $SRC/ogg +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static --disable-crc +make clean +make -j$(nproc) +make install) + +(cd $SRC/opus +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static +make clean +make -j$(nproc) all +make install) + +(cd $SRC/theora +# theora requires ogg, need to pass its location to the "configure" script. +CFLAGS="$CFLAGS -fPIC" LDFLAGS="-L$FFMPEG_DEPS_PATH/lib/" \ + CPPFLAGS="$CXXFLAGS -I$FFMPEG_DEPS_PATH/include/" \ + LD_LIBRARY_PATH="$FFMPEG_DEPS_PATH/lib/" \ + ./autogen.sh +./configure --with-ogg="$FFMPEG_DEPS_PATH" --prefix="$FFMPEG_DEPS_PATH" \ + --enable-static --disable-examples +make clean +make -j$(nproc) +make install) + +(cd $SRC/vorbis +./autogen.sh +./configure --prefix="$FFMPEG_DEPS_PATH" --enable-static +make clean +make -j$(nproc) +make install) + +(cd $SRC/libxml2 +./autogen.sh --prefix="$FFMPEG_DEPS_PATH" --enable-static \ + --without-debug --without-ftp --without-http \ + --without-legacy --without-python +make clean +make -j$(nproc) +make install) + +# Remove shared libraries to avoid accidental linking against them. +rm $FFMPEG_DEPS_PATH/lib/*.so +rm $FFMPEG_DEPS_PATH/lib/*.so.* + +# Build ffmpeg. +cd $SRC/ffmpeg +PKG_CONFIG_PATH="$FFMPEG_DEPS_PATH/lib/pkgconfig" ./configure \ + --cc=$CC --cxx=$CXX --ld="$CXX $CXXFLAGS -std=c++11" \ + --extra-cflags="-I$FFMPEG_DEPS_PATH/include" \ + --extra-ldflags="-L$FFMPEG_DEPS_PATH/lib" \ + --prefix="$FFMPEG_DEPS_PATH" \ + --pkg-config-flags="--static" \ + --enable-ossfuzz \ + --libfuzzer=$LIB_FUZZING_ENGINE \ + --optflags=-O1 \ + --enable-gpl \ + --enable-libass \ + --enable-libfdk-aac \ + --enable-libfreetype \ + --enable-libopus \ + --enable-libtheora \ + --enable-libvorbis \ + --enable-libvpx \ + --enable-libxml2 \ + --enable-nonfree \ + --disable-muxers \ + --disable-protocols \ + --disable-demuxer=rtp,rtsp,sdp \ + --disable-devices \ + --disable-shared +make clean +make -j$(nproc) install + +# Download test sampes, will be used as seed corpus. +# DISABLED. +# TODO: implement a better way to maintain a minimized seed corpora +# for all targets. As of 2017-05-04 now the combined size of corpora +# is too big for ClusterFuzz (over 10Gb compressed data). +# export TEST_SAMPLES_PATH=$SRC/ffmpeg/fate-suite/ +# make fate-rsync SAMPLES=$TEST_SAMPLES_PATH + +# Build the fuzzers. +cd $SRC/ffmpeg + +FUZZ_TARGET_SOURCE=$SRC/ffmpeg/tools/target_dec_fuzzer.c + +export TEMP_VAR_CODEC="AV_CODEC_ID_H264" +export TEMP_VAR_CODEC_TYPE="VIDEO" + + +# Build fuzzer for demuxer +fuzzer_name=ffmpeg_DEMUXER_fuzzer +echo -en "[libfuzzer]\nmax_len = 1000000\n" > $OUT/${fuzzer_name}.options +make tools/target_dem_fuzzer +mv tools/target_dem_fuzzer $OUT/${fuzzer_name} + +# Find relevant corpus in test samples and archive them for every fuzzer. +#cd $SRC +#python group_seed_corpus.py $TEST_SAMPLES_PATH $OUT/ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/group_seed_corpus.py b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/group_seed_corpus.py new file mode 100755 index 000000000..1e1d51cd6 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/group_seed_corpus.py @@ -0,0 +1,138 @@ +#!/usr/bin/env python +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +from __future__ import print_function +import logging +import os +import re +import sys +import zipfile + + +logging.basicConfig(level=logging.INFO, format='INFO: %(message)s') +CODEC_NAME_REGEXP = re.compile(r'codec_id_(.+?)_fuzzer') + + +def get_fuzzer_tags(fuzzer_name): + """Extract tags (are used to filter samples) from the given fuzzer name.""" + tags = [] + fuzzer_name = fuzzer_name.lower() + # All subtitle samples are in 'sub' directory, need to add 'sub' tag manually. + if 'subtitle' in fuzzer_name: + tags.append('sub') + m = CODEC_NAME_REGEXP.search(fuzzer_name) + if m: + codec_name = m.group(1) + # Some names are complex, need to split them and filter common strings. + codec_name_parts = codec_name.split('_') + for codec in codec_name_parts: + # Remove common strings from codec names like 'mpeg1video' or 'msvideo1'. + codec = codec.split('video')[0] + codec = codec.split('audio')[0] + codec = codec.split('subtitle')[0] + codec = codec.split('text')[0] + if codec: + # Some codec names have trailing characters: 'VP6F','FLV1', 'JPEGLS'. + # Use only first 3 characters for long enough codec names. + if len(codec) > 3: + tags.append(codec[:3]) + else: + tags.append(codec) + + return tags + + +def parse_corpus(corpus_directory): + """Recursively list all files in the given directory and ignore checksums.""" + all_corpus_files = [] + for root, dirs, files in os.walk(corpus_directory): + for filename in files: + # Skip checksum files, they are useless in corpus. + if 'md5sum' in filename: + continue + path = os.path.join(root, filename) + all_corpus_files.append(path) + + logging.info('Parsed %d corpus files from %s' % (len(all_corpus_files), + corpus_directory)) + return all_corpus_files + + +def parse_fuzzers(fuzzers_directory): + """Recursively list all fuzzers in the given directory.""" + all_fuzzers = [] + for filename in os.listdir(fuzzers_directory): + # Skip non-ffmpeg and non-fuzzer files in the given directory, + if not filename.startswith('ffmpeg_') or not filename.endswith('_fuzzer'): + continue + fuzzer_path = os.path.join(fuzzers_directory, filename) + all_fuzzers.append(fuzzer_path) + + logging.info('Parsed %d fuzzers from %s' % (len(all_fuzzers), + fuzzers_directory)) + return all_fuzzers + + +def zip_relevant_corpus(corpus_files, fuzzers): + """Find relevant corpus files and archive them for every fuzzer given.""" + for fuzzer in fuzzers: + fuzzer_name = os.path.basename(fuzzer) + fuzzer_directory = os.path.dirname(fuzzer) + fuzzer_tags = get_fuzzer_tags(fuzzer_name) + relevant_corpus_files = set() + for filename in corpus_files: + # Remove 'ffmpeg' substring to do not use everything for 'MPEG' codec. + sanitized_filename = filename.replace('ffmpeg', '').lower() + for tag in fuzzer_tags: + if tag in sanitized_filename: + relevant_corpus_files.add(filename) + + if not relevant_corpus_files: + # Strip last symbol from tags if we haven't found relevant corpus. + # It helps for such codecs as 'RV40' ('RV4' -> 'RV') or 'PCX' (-> 'PC'). + for tag in fuzzer_tags: + if tag[:-1] in sanitized_filename: + relevant_corpus_files.add(filename) + + logging.info( + 'Found %d relevant samples for %s' % (len(relevant_corpus_files), + fuzzer_name)) + + if not relevant_corpus_files: + continue + + zip_archive_name = fuzzer + "_seed_corpus.zip" + with zipfile.ZipFile(zip_archive_name, 'w') as archive: + for filename in relevant_corpus_files: + archive.write(filename) + + +def main(): + if len(sys.argv) < 3: + print('Usage: %s ' % __file__) + sys.exit(1) + + seed_corpus_directory = sys.argv[1] + fuzzers_directory = sys.argv[2] + + corpus_files = parse_corpus(seed_corpus_directory) + fuzzers = parse_fuzzers(fuzzers_directory) + zip_relevant_corpus(corpus_files, fuzzers) + + +if __name__ == '__main__': + sys.exit(main()) diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/nasm_apt.pin b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/nasm_apt.pin new file mode 100644 index 000000000..69099026b --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/nasm_apt.pin @@ -0,0 +1,7 @@ +Package: * +Pin: release n=bionic +Pin-Priority: 1 + +Package: nasm +Pin: release n=bionic +Pin-Priority: 555 diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15111 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15111 new file mode 100644 index 000000000..7f006e05e --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15111 @@ -0,0 +1 @@ + KPV ’’ K  \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15113 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15113 new file mode 100644 index 000000000..f4f504dff --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15113 @@ -0,0 +1 @@ +904444:4 \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15117 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15117 new file mode 100644 index 000000000..def776441 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15117 @@ -0,0 +1 @@ +@5@44444442’ \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15118 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15118 new file mode 100644 index 000000000..beab19b9b Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15118 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15123 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15123 new file mode 100644 index 000000000..165f81ed6 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15123 @@ -0,0 +1 @@ +1bit ’’ ’’ ’ \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15151 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15151 new file mode 100644 index 000000000..8ac930ba2 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15151 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15166 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15166 new file mode 100644 index 000000000..0a64b8a80 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15166 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15174 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15174 new file mode 100644 index 000000000..f0e491a57 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15174 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15205 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15205 new file mode 100644 index 000000000..b439058e6 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15205 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15271 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15271 new file mode 100644 index 000000000..5d920d8d2 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15271 @@ -0,0 +1 @@ +TWIN € \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15286 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15286 new file mode 100644 index 000000000..84b860b07 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15286 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15365 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15365 new file mode 100644 index 000000000..0444728fb Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15365 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15480 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15480 new file mode 100644 index 000000000..686c5c70f Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15480 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15496 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15496 new file mode 100644 index 000000000..c87568078 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15496 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15604 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15604 new file mode 100644 index 000000000..24dbf1dac Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15604 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15633 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15633 new file mode 100644 index 000000000..a0f6047f3 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15633 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15922 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15922 new file mode 100644 index 000000000..bb81c9566 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/15922 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16022 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16022 new file mode 100644 index 000000000..7a30b6e85 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16022 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16057 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16057 new file mode 100644 index 000000000..1e533e002 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16057 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16079 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16079 new file mode 100644 index 000000000..700349f19 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16079 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16127 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16127 new file mode 100644 index 000000000..3dcad9405 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16127 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16430 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16430 new file mode 100644 index 000000000..58be0c688 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16430 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16624 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16624 new file mode 100644 index 000000000..0bb4cfc7b Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/16624 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/17640 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/17640 new file mode 100644 index 000000000..4ed5f7858 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/17640 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/17828 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/17828 new file mode 100644 index 000000000..d0856031d --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/17828 @@ -0,0 +1 @@ +18446744073709574852,-3,"" \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/18768 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/18768 new file mode 100644 index 000000000..a77e0ef6b Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/18768 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/20873 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/20873 new file mode 100644 index 000000000..caa2b6ebb Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/20873 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/22520 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/22520 new file mode 100644 index 000000000..144039b56 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/22520 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23162 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23162 new file mode 100644 index 000000000..74be838b1 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23162 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23167 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23167 new file mode 100644 index 000000000..c9cffe2c7 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23167 @@ -0,0 +1,3 @@ +[2][] +[-1][18632997793934840606] + \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23490 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23490 new file mode 100644 index 000000000..978fb7372 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23490 @@ -0,0 +1,4 @@ +{0}{} +{1}{} +{0}{} +}} \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23491 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23491 new file mode 100644 index 000000000..b4eb78c2d Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/23491 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24193 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24193 new file mode 100644 index 000000000..64222f1fe --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24193 @@ -0,0 +1,3 @@ + +0:0:0.1,0:0:1.1 + \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24457 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24457 new file mode 100644 index 000000000..d45dd1fb0 Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24457 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24708 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24708 new file mode 100644 index 000000000..64898df5e Binary files /dev/null and b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24708 differ diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24793 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24793 new file mode 100644 index 000000000..8af873008 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24793 @@ -0,0 +1 @@ +.raż ’ Int4 \ No newline at end of file diff --git a/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24908 b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24908 new file mode 100644 index 000000000..b86c2ca06 --- /dev/null +++ b/benchmarks/ffmpeg_ffmpeg_demuxer_fuzzer_fe85af/testcases/24908 @@ -0,0 +1 @@ +DEXA a ’’  \ No newline at end of file diff --git a/benchmarks/grok_grk_decompress_fuzzer_d9ff920/Dockerfile b/benchmarks/grok_grk_decompress_fuzzer_d9ff920/Dockerfile new file mode 100644 index 000000000..a87646f8b --- /dev/null +++ b/benchmarks/grok_grk_decompress_fuzzer_d9ff920/Dockerfile @@ -0,0 +1,27 @@ +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN git clone \ + https://github.com/GrokImageCompression/grok.git \ + grok +RUN git clone https://github.com/GrokImageCompression/grok-test-data.git \ + grok-data + +WORKDIR grok +COPY build.sh $SRC/ + diff --git a/benchmarks/grok_grk_decompress_fuzzer_d9ff920/benchmark.yaml b/benchmarks/grok_grk_decompress_fuzzer_d9ff920/benchmark.yaml new file mode 100644 index 000000000..0c156fb63 --- /dev/null +++ b/benchmarks/grok_grk_decompress_fuzzer_d9ff920/benchmark.yaml @@ -0,0 +1,27 @@ + +commit: d9ff9204d64880960afa4e26643a61e265c5e2b2 +commit_date: 2022-12-07T16:22:50+0000 +fuzz_target: grk_decompress_fuzzer +project: grok +type: bug +unsupported_fuzzers: + - centipede + - aflcc + - afl_qemu + - aflplusplus_qemu + - aflplusplus_qemu_tracepc + - aflplusplus_frida + - honggfuzz_qemu + - klee + - lafintel + - weizz_qemu + - cfctx_dataflow_seadsa + - cfctx_dataflow_seadsa_llc + - aflplusplus_cmplog_double + - symcc_aflplusplus_single + - eclipser_aflplusplus + - aflplusplus_qemu_double + - fuzzolic_aflplusplus_z3 + - symqemu_aflplusplus + - fuzzolic_aflplusplus_fuzzy + - fuzzolic_aflplusplus_z3dict diff --git a/benchmarks/grok_grk_decompress_fuzzer_d9ff920/build.sh b/benchmarks/grok_grk_decompress_fuzzer_d9ff920/build.sh new file mode 100755 index 000000000..21ee2269b --- /dev/null +++ b/benchmarks/grok_grk_decompress_fuzzer_d9ff920/build.sh @@ -0,0 +1,26 @@ +#!/bin/bash -eu +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +mkdir build +cd build +cmake .. -DGRK_BUILD_CODEC=OFF -DBUILD_SHARED_LIBS=OFF -DGRK_BUILD_THIRDPARY=ON +make clean -s +make -j$(nproc) -s +cd .. + +./tests/fuzzers/build_google_oss_fuzzers.sh +./tests/fuzzers/build_seed_corpus.sh diff --git a/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/Dockerfile b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/Dockerfile new file mode 100644 index 000000000..a62ded5df --- /dev/null +++ b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/Dockerfile @@ -0,0 +1,31 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd + +RUN apt-get update && \ + apt-get install -y \ + make \ + automake \ + libtool \ + wget + +RUN git clone https://github.com/mm2/Little-CMS.git + +RUN wget -qO $OUT/cms_transform_all_fuzzer.dict \ + https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/icc.dict +COPY cms_transform_all_fuzzer.c build.sh $SRC/ +ADD seeds /opt/seeds diff --git a/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/benchmark.yaml b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/benchmark.yaml new file mode 100644 index 000000000..05942d426 --- /dev/null +++ b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/benchmark.yaml @@ -0,0 +1,26 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# 5883733894365184 +commit: a9796f61c682f5320ff572c888062ee34315b836 +commit_date: 2022-07-26T14:34:48+0000 +fuzz_target: cms_transform_all_fuzzer +project: lcms +type: bug +unsupported_fuzzers: + - symcc_afl + - symcc_afl_single + - symcc_aflplusplus + - afldd + - aflpp_vs_dd diff --git a/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/build.sh b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/build.sh new file mode 100755 index 000000000..283d68df0 --- /dev/null +++ b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/build.sh @@ -0,0 +1,32 @@ +#!/bin/bash -ex +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +cd Little-CMS +./autogen.sh +./configure +make -j $(nproc) + +# build your fuzzer(s) +FUZZERS="cms_transform_all_fuzzer" + +for F in $FUZZERS; do + $CC $CFLAGS -c -Iinclude \ + $SRC/$F.c -o $SRC/$F.o + $CXX $CXXFLAGS \ + $SRC/$F.o -o $OUT/$F \ + $LIB_FUZZING_ENGINE src/.libs/liblcms2.a +done + +cp -r /opt/seeds $OUT/ diff --git a/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/cms_transform_all_fuzzer.c b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/cms_transform_all_fuzzer.c new file mode 100644 index 000000000..0684505ee --- /dev/null +++ b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/cms_transform_all_fuzzer.c @@ -0,0 +1,59 @@ +/* Copyright 2022 Google LLC +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include +#include "lcms2.h" + +void +run_test(const uint8_t *data, + size_t size, + uint32_t intent_id, + uint32_t input_format, + uint32_t output_format, + uint32_t flags) { + if (size < 2) { + return; + } + + size_t mid = size / 2; + + cmsHPROFILE hInProfile, hOutProfile; + cmsHTRANSFORM hTransform; + + hInProfile = cmsOpenProfileFromMem(data, mid); + hOutProfile = cmsOpenProfileFromMem(data + mid, size - mid); + hTransform = cmsCreateTransform(hInProfile, input_format, hOutProfile, + output_format, intent_id, flags); + cmsCloseProfile(hInProfile); + cmsCloseProfile(hOutProfile); + + if (hTransform) { + cmsDeleteTransform(hTransform); + } +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size < 16) { + return 0; + } + + // Generate a random set of args for cmsCreateTransform + uint32_t input_format = *((const uint32_t *)data); + uint32_t output_format = *((const uint32_t *)data+1); + uint32_t flags = *((const uint32_t *)data+2); + uint32_t intent = *((const uint32_t *)data+3) % 16; + data += 16; + size -= 16; + + run_test(data, size, intent, input_format, output_format, flags); + return 0; +} diff --git a/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/seeds/seed b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/seeds/seed new file mode 100644 index 000000000..84618ba47 Binary files /dev/null and b/benchmarks/lcms_cms_transform_all_fuzzer_a9796f/seeds/seed differ diff --git a/benchmarks/libpcap_fuzz_filter_bc594f/Dockerfile b/benchmarks/libpcap_fuzz_filter_bc594f/Dockerfile new file mode 100644 index 000000000..338edfedd --- /dev/null +++ b/benchmarks/libpcap_fuzz_filter_bc594f/Dockerfile @@ -0,0 +1,29 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder@sha256:87ca1e9e19235e731fac8de8d1892ebe8d55caf18e7aa131346fc582a2034fdd +RUN apt-get update && \ + apt-get install -y make cmake flex bison + +RUN git clone https://github.com/the-tcpdump-group/libpcap.git libpcap + +# For corpus as wireshark. +RUN git clone https://github.com/the-tcpdump-group/tcpdump.git tcpdump && \ + git -C tcpdump checkout 032e4923e5202ea4d5a6d1cead83ed1927135874 + +WORKDIR $SRC +COPY build.sh $SRC/ + diff --git a/benchmarks/libpcap_fuzz_filter_bc594f/benchmark.yaml b/benchmarks/libpcap_fuzz_filter_bc594f/benchmark.yaml new file mode 100644 index 000000000..d63b93b8b --- /dev/null +++ b/benchmarks/libpcap_fuzz_filter_bc594f/benchmark.yaml @@ -0,0 +1,35 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# 4503656338161664 +commit: bc594f185299d9d4e3b39ba94e91a5b9ca8a938d +commit_date: 2023-02-25T22:56:01+0000 +fuzz_target: fuzz_filter +project: libpcap +type: bug +unsupported_fuzzers: + - klee + - symcc_afl + - symcc_afl_single + - symcc_aflplusplus + - symcc_aflplusplus_single + - aflplusplus_cmplog_double + - eclipser_aflplusplus + - aflplusplus_qemu_double + - fuzzolic_aflplusplus_z3 + - symqemu_aflplusplus + - fuzzolic_aflplusplus_fuzzy + - fuzzolic_aflplusplus_z3dict + - afldd + - aflpp_vs_dd diff --git a/benchmarks/libpcap_fuzz_filter_bc594f/build.sh b/benchmarks/libpcap_fuzz_filter_bc594f/build.sh new file mode 100644 index 000000000..f99be06e5 --- /dev/null +++ b/benchmarks/libpcap_fuzz_filter_bc594f/build.sh @@ -0,0 +1,40 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +cd libpcap +# build project +mkdir build +cd build +cmake -DDISABLE_DBUS=1 .. +make + +# build fuzz targets +$CC $CFLAGS -I.. -c ../testprogs/fuzz/fuzz_filter.c -o fuzz_filter.o +$CXX $CXXFLAGS fuzz_filter.o -o $OUT/fuzz_filter libpcap.a $LIB_FUZZING_ENGINE + +# export other associated stuff +cd .. +cp testprogs/fuzz/fuzz_*.options $OUT/ +# builds corpus +cd $SRC/tcpdump/ +zip -r fuzz_pcap_seed_corpus.zip tests/ +cp fuzz_pcap_seed_corpus.zip $OUT/ +cd $SRC/libpcap/testprogs/BPF +mkdir corpus +ls *.txt | while read i; do tail -1 $i > corpus/$i; done +zip -r fuzz_filter_seed_corpus.zip corpus/ +cp fuzz_filter_seed_corpus.zip $OUT/