shithub: dav1d

Download patch

ref: f8e918a9f15c2971ab01b7cb511bb5f808c2b479
parent: a7bc6b8f2e9779ce46b61768b6dfaccc8eb7bbcb
author: Janne Grunau <[email protected]>
date: Tue Oct 23 14:46:46 EDT 2018

fuzzer: add a standalone fuzzing engine 'none'

Replaces the boolean 'build_libfuzzer' meson option with 'fuzzing_engine'.
This allows reproducing fuzzing test cases on systems without libfuzzer.
Also prevents regressions in the fuzzing test target since it will be
build by default.

--- a/meson.build
+++ b/meson.build
@@ -66,11 +66,8 @@
      host_machine.cpu_family().startswith('arm'))
 cdata.set10('HAVE_ASM', is_asm_enabled)
 
-# libFuzzer target
-is_libfuzzer_enabled = (get_option('build_libfuzzer'))
 
 
-
 #
 # OS/Compiler checks and defines
 #
@@ -162,9 +159,10 @@
 add_project_arguments(cc.get_supported_arguments(optional_arguments), language : 'c')
 
 # libFuzzer related things
-if is_libfuzzer_enabled
+fuzzing_engine = get_option('fuzzing_engine')
+if fuzzing_engine == 'libfuzzer'
     if not cc.has_argument('-fsanitize=fuzzer')
-        error('build_libfuzzer requires "-fsanitize=fuzzer"')
+        error('fuzzing_engine libfuzzer requires "-fsanitize=fuzzer"')
     endif
     fuzzer_args = ['-fsanitize=fuzzer-no-link', '-fsanitize=fuzzer']
     add_project_arguments(cc.first_supported_argument(fuzzer_args), language : 'c')
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -20,7 +20,8 @@
     value: true,
     description: 'Build dav1d tests')
 
-option('build_libfuzzer',
-    type: 'boolean',
-    value: false,
-    description: 'Build dav1d libFuzzer target')
+option('fuzzing_engine',
+    type: 'combo',
+    choices : ['none', 'libfuzzer', 'oss-fuzz'],
+    value: 'none',
+    description: 'Select the fuzzing engine')
--- /dev/null
+++ b/tests/libfuzzer/main.c
@@ -1,0 +1,93 @@
+/*
+ * Copyright © 2018, VideoLAN and dav1d authors
+ * Copyright © 2018, Janne Grunau
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this
+ *    list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <errno.h>
+#include <limits.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+// expects ivf input
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+int main(const int argc, char *const *const argv) {
+    int ret = -1;
+    FILE *f = NULL;
+    long fsize;
+    const char *filename = NULL;
+    uint8_t *data = NULL;
+    size_t size = 0;
+
+    if (argc != 2) {
+        fprintf(stdout, "Usage:\n%s fuzzing_testcase.ivf\n", argv[0]);
+        return -1;
+    }
+    filename = argv[1];
+
+    if (!(f = fopen(filename, "rb"))) {
+        fprintf(stderr, "failed to open %s: %s\n", filename, strerror(errno));
+        goto error;
+    }
+
+    if (fseek(f, 0L, SEEK_END) == -1) {
+        fprintf(stderr, "fseek(%s, 0, SEEK_END) failed: %s\n", filename,
+                strerror(errno));
+        goto error;
+    }
+    if ((fsize = ftell(f)) == -1) {
+        fprintf(stderr, "ftell(%s) failed: %s\n", filename, strerror(errno));
+        goto error;
+    }
+    rewind(f);
+
+    if (fsize < 0 || fsize > INT_MAX) {
+        fprintf(stderr, "%s is too large: %ld\n", filename, fsize);
+        goto error;
+    }
+    size = fsize;
+
+    if (!(data = malloc(size))) {
+        fprintf(stderr, "failed to allocate: %zu bytes\n", size);
+        goto error;
+    }
+
+    if (fread(data, size, 1, f) == size) {
+        fprintf(stderr, "failed to read %zu bytes from %s: %s\n", fsize,
+                filename, strerror(errno));
+        goto error;
+    }
+        
+    ret = LLVMFuzzerTestOneInput(data, size);
+
+error:
+    free(data);
+    if (f) fclose(f);
+    return ret;
+}
--- a/tests/meson.build
+++ b/tests/meson.build
@@ -85,16 +85,21 @@
     test('checkasm test', checkasm)
 endif
 
-if is_libfuzzer_enabled
-    dav1d_fuzzer_sources =  files('libfuzzer/dav1d_fuzzer.c')
+dav1d_fuzzer_sources =  files('libfuzzer/dav1d_fuzzer.c')
+fuzzer_flags = []
 
-    dav1d_fuzzer = executable('dav1d_fuzzer',
-        dav1d_fuzzer_sources,
-        include_directories: dav1d_inc_dirs,
-        c_args: [stackalign_flag, stackrealign_flag, '-fsanitize=fuzzer'],
-        link_args: ['-fsanitize=fuzzer'],
-        link_with : libdav1d,
-        build_by_default: true,
-        dependencies : [thread_dependency],
-        )
+if fuzzing_engine == 'none'
+    dav1d_fuzzer_sources += files('libfuzzer/main.c')
+elif fuzzing_engine == 'libfuzzer'
+    fuzzer_flags += ['-fsanitize=fuzzer']
 endif
+
+dav1d_fuzzer = executable('dav1d_fuzzer',
+    dav1d_fuzzer_sources,
+    include_directories: dav1d_inc_dirs,
+    c_args: [stackalign_flag, stackrealign_flag] + fuzzer_flags,
+    link_args: fuzzer_flags,
+    link_with : libdav1d,
+    build_by_default: true,
+    dependencies : [thread_dependency],
+    )