ref: f8e918a9f15c2971ab01b7cb511bb5f808c2b479
parent: a7bc6b8f2e9779ce46b61768b6dfaccc8eb7bbcb
author: Janne Grunau <[email protected]>
date: Tue Oct 23 14:46:46 EDT 2018
fuzzer: add a standalone fuzzing engine 'none' Replaces the boolean 'build_libfuzzer' meson option with 'fuzzing_engine'. This allows reproducing fuzzing test cases on systems without libfuzzer. Also prevents regressions in the fuzzing test target since it will be build by default.
--- a/meson.build
+++ b/meson.build
@@ -66,11 +66,8 @@
host_machine.cpu_family().startswith('arm'))
cdata.set10('HAVE_ASM', is_asm_enabled)
-# libFuzzer target
-is_libfuzzer_enabled = (get_option('build_libfuzzer'))
-
#
# OS/Compiler checks and defines
#
@@ -162,9 +159,10 @@
add_project_arguments(cc.get_supported_arguments(optional_arguments), language : 'c')
# libFuzzer related things
-if is_libfuzzer_enabled
+fuzzing_engine = get_option('fuzzing_engine')
+if fuzzing_engine == 'libfuzzer'
if not cc.has_argument('-fsanitize=fuzzer')
- error('build_libfuzzer requires "-fsanitize=fuzzer"')
+ error('fuzzing_engine libfuzzer requires "-fsanitize=fuzzer"')
endif
fuzzer_args = ['-fsanitize=fuzzer-no-link', '-fsanitize=fuzzer']
add_project_arguments(cc.first_supported_argument(fuzzer_args), language : 'c')
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -20,7 +20,8 @@
value: true,
description: 'Build dav1d tests')
-option('build_libfuzzer',
- type: 'boolean',
- value: false,
- description: 'Build dav1d libFuzzer target')
+option('fuzzing_engine',
+ type: 'combo',
+ choices : ['none', 'libfuzzer', 'oss-fuzz'],
+ value: 'none',
+ description: 'Select the fuzzing engine')
--- /dev/null
+++ b/tests/libfuzzer/main.c
@@ -1,0 +1,93 @@
+/*
+ * Copyright © 2018, VideoLAN and dav1d authors
+ * Copyright © 2018, Janne Grunau
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <errno.h>
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+// expects ivf input
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+int main(const int argc, char *const *const argv) {
+ int ret = -1;
+ FILE *f = NULL;
+ long fsize;
+ const char *filename = NULL;
+ uint8_t *data = NULL;
+ size_t size = 0;
+
+ if (argc != 2) {
+ fprintf(stdout, "Usage:\n%s fuzzing_testcase.ivf\n", argv[0]);
+ return -1;
+ }
+ filename = argv[1];
+
+ if (!(f = fopen(filename, "rb"))) {
+ fprintf(stderr, "failed to open %s: %s\n", filename, strerror(errno));
+ goto error;
+ }
+
+ if (fseek(f, 0L, SEEK_END) == -1) {
+ fprintf(stderr, "fseek(%s, 0, SEEK_END) failed: %s\n", filename,
+ strerror(errno));
+ goto error;
+ }
+ if ((fsize = ftell(f)) == -1) {
+ fprintf(stderr, "ftell(%s) failed: %s\n", filename, strerror(errno));
+ goto error;
+ }
+ rewind(f);
+
+ if (fsize < 0 || fsize > INT_MAX) {
+ fprintf(stderr, "%s is too large: %ld\n", filename, fsize);
+ goto error;
+ }
+ size = fsize;
+
+ if (!(data = malloc(size))) {
+ fprintf(stderr, "failed to allocate: %zu bytes\n", size);
+ goto error;
+ }
+
+ if (fread(data, size, 1, f) == size) {
+ fprintf(stderr, "failed to read %zu bytes from %s: %s\n", fsize,
+ filename, strerror(errno));
+ goto error;
+ }
+
+ ret = LLVMFuzzerTestOneInput(data, size);
+
+error:
+ free(data);
+ if (f) fclose(f);
+ return ret;
+}
--- a/tests/meson.build
+++ b/tests/meson.build
@@ -85,16 +85,21 @@
test('checkasm test', checkasm)
endif
-if is_libfuzzer_enabled
- dav1d_fuzzer_sources = files('libfuzzer/dav1d_fuzzer.c')
+dav1d_fuzzer_sources = files('libfuzzer/dav1d_fuzzer.c')
+fuzzer_flags = []
- dav1d_fuzzer = executable('dav1d_fuzzer',
- dav1d_fuzzer_sources,
- include_directories: dav1d_inc_dirs,
- c_args: [stackalign_flag, stackrealign_flag, '-fsanitize=fuzzer'],
- link_args: ['-fsanitize=fuzzer'],
- link_with : libdav1d,
- build_by_default: true,
- dependencies : [thread_dependency],
- )
+if fuzzing_engine == 'none'
+ dav1d_fuzzer_sources += files('libfuzzer/main.c')
+elif fuzzing_engine == 'libfuzzer'
+ fuzzer_flags += ['-fsanitize=fuzzer']
endif
+
+dav1d_fuzzer = executable('dav1d_fuzzer',
+ dav1d_fuzzer_sources,
+ include_directories: dav1d_inc_dirs,
+ c_args: [stackalign_flag, stackrealign_flag] + fuzzer_flags,
+ link_args: fuzzer_flags,
+ link_with : libdav1d,
+ build_by_default: true,
+ dependencies : [thread_dependency],
+ )