diff options
author | Max Dymond <cmeister2@gmail.com> | 2019-06-28 13:22:51 +0100 |
---|---|---|
committer | Max Dymond <cmeister2@gmail.com> | 2019-06-28 14:05:39 +0100 |
commit | 100e5549b6e27bc48d6133be0941ea6bfd4b75ac (patch) | |
tree | b04a3d57fae599a837dee3ac4c802853a411b610 | |
parent | b333f3656d6a408fe38737982d854b80ea870803 (diff) | |
download | jansson-100e5549b6e27bc48d6133be0941ea6bfd4b75ac.zip jansson-100e5549b6e27bc48d6133be0941ea6bfd4b75ac.tar.gz jansson-100e5549b6e27bc48d6133be0941ea6bfd4b75ac.tar.bz2 |
Create a fuzzing target for jansson
-rw-r--r-- | .travis.yml | 2 | ||||
-rw-r--r-- | Makefile.am | 12 | ||||
-rw-r--r-- | ossfuzz/json_load_fuzzer.cc | 11 | ||||
-rwxr-xr-x | ossfuzz/ossfuzz.sh | 28 | ||||
-rw-r--r-- | ossfuzz/standaloneengine.cc | 74 | ||||
-rw-r--r-- | ossfuzz/testinput.h | 3 | ||||
-rwxr-xr-x | ossfuzz/travisoss.sh | 26 |
7 files changed, 156 insertions, 0 deletions
diff --git a/.travis.yml b/.travis.yml index 5b23c94..449e9bb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,6 +3,7 @@ env: - JANSSON_BUILD_METHOD=cmake JANSSON_CMAKE_OPTIONS="-DJANSSON_TEST_WITH_VALGRIND=ON" JANSSON_EXTRA_INSTALL="valgrind" - JANSSON_BUILD_METHOD=autotools - JANSSON_BUILD_METHOD=coverage JANSSON_CMAKE_OPTIONS="-DJANSSON_COVERAGE=ON -DJANSSON_COVERALLS=ON -DCMAKE_BUILD_TYPE=Debug" JANSSON_EXTRA_INSTALL="lcov curl" + - JANSSON_BUILD_METHOD=fuzzer language: c compiler: - gcc @@ -20,3 +21,4 @@ script: - if [ "$JANSSON_BUILD_METHOD" = "autotools" ]; then autoreconf -f -i && CFLAGS=-Werror ./configure && make check; fi - if [ "$JANSSON_BUILD_METHOD" = "cmake" ]; then mkdir build && cd build && cmake $JANSSON_CMAKE_OPTIONS .. && cmake --build . && ctest --output-on-failure; fi - if [ "$JANSSON_BUILD_METHOD" = "coverage" ]; then mkdir build && cd build && cmake $JANSSON_CMAKE_OPTIONS .. && cmake --build . && cmake --build . --target coveralls; fi + - if [ "$JANSSON_BUILD_METHOD" = "fuzzer" ]; then ./ossfuzz/travisoss.sh; fi diff --git a/Makefile.am b/Makefile.am index 0de2ac1..3e3dc09 100644 --- a/Makefile.am +++ b/Makefile.am @@ -8,3 +8,15 @@ dvi: pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = jansson.pc + + +# Add fuzzing support +LIB_FUZZING_ENGINE ?= standaloneengine.o + +ossfuzz/%.o: ossfuzz/%.cc + $(CXX) -c -Isrc $(CXXFLAGS) $< -o $@ + +.PHONY: json_load_fuzzer +json_load_fuzzer: ossfuzz/json_load_fuzzer.o src/.libs/libjansson.a + $(CXX) -c $(CXXFLAGS) ossfuzz/standaloneengine.cc -o standaloneengine.o + $(CXX) $(CXXFLAGS) $(LIB_FUZZING_ENGINE) $^ -o $@$(EXT) diff --git a/ossfuzz/json_load_fuzzer.cc b/ossfuzz/json_load_fuzzer.cc new file mode 100644 index 0000000..09e7da5 --- /dev/null +++ b/ossfuzz/json_load_fuzzer.cc @@ -0,0 +1,11 @@ +#include <stdint.h> + +#include "jansson.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + json_error_t error; + auto jobj = json_loadb(reinterpret_cast<const char *>(data), size, 0, &error); + if (jobj) + json_decref(jobj); + return 0; +} diff --git a/ossfuzz/ossfuzz.sh b/ossfuzz/ossfuzz.sh new file mode 100755 index 0000000..897e5a6 --- /dev/null +++ b/ossfuzz/ossfuzz.sh @@ -0,0 +1,28 @@ +#!/bin/bash -eu + +# This script is called by the oss-fuzz main project when compiling the fuzz +# targets. This script is regression tested by travisoss.sh. + +# Save off the current folder as the build root. +export BUILD_ROOT=$PWD + +echo "CC: $CC" +echo "CXX: $CXX" +echo "LIB_FUZZING_ENGINE: $LIB_FUZZING_ENGINE" +echo "CFLAGS: $CFLAGS" +echo "CXXFLAGS: $CXXFLAGS" +echo "OUT: $OUT" + +export MAKEFLAGS+="-j$(nproc)" + +# Install dependencies +apt-get -y install automake libtool + +# Compile the fuzzer. +autoreconf -i +./configure +make +make json_load_fuzzer + +# Copy the fuzzer to the output directory. +cp -v json_load_fuzzer $OUT/ diff --git a/ossfuzz/standaloneengine.cc b/ossfuzz/standaloneengine.cc new file mode 100644 index 0000000..175360e --- /dev/null +++ b/ossfuzz/standaloneengine.cc @@ -0,0 +1,74 @@ +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> + +#include "testinput.h" + +/** + * Main procedure for standalone fuzzing engine. + * + * Reads filenames from the argument array. For each filename, read the file + * into memory and then call the fuzzing interface with the data. + */ +int main(int argc, char **argv) +{ + int ii; + for(ii = 1; ii < argc; ii++) + { + FILE *infile; + printf("[%s] ", argv[ii]); + + /* Try and open the file. */ + infile = fopen(argv[ii], "rb"); + if(infile) + { + uint8_t *buffer = NULL; + size_t buffer_len; + + printf("Opened.. "); + + /* Get the length of the file. */ + fseek(infile, 0L, SEEK_END); + buffer_len = ftell(infile); + + /* Reset the file indicator to the beginning of the file. */ + fseek(infile, 0L, SEEK_SET); + + /* Allocate a buffer for the file contents. */ + buffer = (uint8_t *)calloc(buffer_len, sizeof(uint8_t)); + if(buffer) + { + /* Read all the text from the file into the buffer. */ + fread(buffer, sizeof(uint8_t), buffer_len, infile); + printf("Read %zu bytes, fuzzing.. ", buffer_len); + + /* Call the fuzzer with the data. */ + LLVMFuzzerTestOneInput(buffer, buffer_len); + + printf("complete !!"); + + /* Free the buffer as it's no longer needed. */ + free(buffer); + buffer = NULL; + } + else + { + fprintf(stderr, + "[%s] Failed to allocate %zu bytes \n", + argv[ii], + buffer_len); + } + + /* Close the file as it's no longer needed. */ + fclose(infile); + infile = NULL; + } + else + { + /* Failed to open the file. Maybe wrong name or wrong permissions? */ + fprintf(stderr, "[%s] Open failed. \n", argv[ii]); + } + + printf("\n"); + } +} diff --git a/ossfuzz/testinput.h b/ossfuzz/testinput.h new file mode 100644 index 0000000..6ab9b51 --- /dev/null +++ b/ossfuzz/testinput.h @@ -0,0 +1,3 @@ +#include <inttypes.h> + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); diff --git a/ossfuzz/travisoss.sh b/ossfuzz/travisoss.sh new file mode 100755 index 0000000..e99cc6e --- /dev/null +++ b/ossfuzz/travisoss.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +set -ex + +PROJECT_NAME=jansson + +# Clone the oss-fuzz repository +git clone https://github.com/google/oss-fuzz.git /tmp/ossfuzz + +if [[ ! -d /tmp/ossfuzz/projects/${PROJECT_NAME} ]] +then + echo "Could not find the ${PROJECT_NAME} project in ossfuzz" + + # Exit with a success code while the jansson project is not expected to exist + # on oss-fuzz. + exit 0 +fi + +# Modify the oss-fuzz Dockerfile so that we're checking out the current branch on travis. +sed -i "s@https://github.com/akheron/jansson.git@-b $TRAVIS_BRANCH https://github.com/akheron/jansson.git@" /tmp/ossfuzz/projects/${PROJECT_NAME}/Dockerfile + +# Try and build the fuzzers +pushd /tmp/ossfuzz +python infra/helper.py build_image --pull ${PROJECT_NAME} +python infra/helper.py build_fuzzers ${PROJECT_NAME} +popd |