[glib] GLib: more targets (google#1695)

* better seed corpus for fuzz_key * new target: fuzz_variant_text * new target: fuzz_dbus_message * get ninja from pip * remove target: fuzz_markup * new target: fuzz_variant_binary
minafarid · Aug 9, 2018 · c0e1e46 · c0e1e46
1 parent 18234a5
commit c0e1e46
Show file tree

Hide file tree

Showing 7 changed files with 101 additions and 45 deletions.
diff --git a/projects/glib/Dockerfile b/projects/glib/Dockerfile
@@ -17,8 +17,8 @@
 FROM gcr.io/oss-fuzz-base/base-builder
 MAINTAINER pdknsk@gmail.com
 RUN apt-get update && \
-    apt-get install -y autoconf libtool ninja-build python3-pip
-RUN pip3 install -U meson
+    apt-get install -y autoconf libtool python3-pip
+RUN pip3 install -U meson ninja
 RUN git clone https://gitlab.gnome.org/GNOME/glib
 WORKDIR glib
-COPY build.sh fuzz.options fuzz_bookmark.c fuzz_markup.c fuzz_key.c $SRC/
+COPY build.sh fuzz* $SRC/
diff --git a/projects/glib/build.sh b/projects/glib/build.sh
@@ -27,14 +27,6 @@ meson $BUILD \
 
 ninja -C $BUILD
 
-$CC $CFLAGS -I. -Iglib -I$BUILD/glib -c $SRC/fuzz_markup.c
-$CXX $CXXFLAGS -lFuzzingEngine \
-  fuzz_markup.o -o $OUT/fuzz_markup \
-  $BUILD/glib/libglib-2.0.a $BUILD/glib/libcharset/libcharset.a
-cp $SRC/fuzz.options $OUT/fuzz_markup.options
-find glib/tests -type f -size -32k -name "*.gmarkup" \
-  -exec zip -qju $OUT/fuzz_markup_seed_corpus.zip "{}" \;
-
 $CC $CFLAGS -I. -Iglib -I$BUILD/glib -c $SRC/fuzz_bookmark.c
 $CXX $CXXFLAGS -lFuzzingEngine \
   fuzz_bookmark.o -o $OUT/fuzz_bookmark \
@@ -48,5 +40,30 @@ $CXX $CXXFLAGS -lFuzzingEngine \
   fuzz_key.o -o $OUT/fuzz_key \
   $BUILD/glib/libglib-2.0.a $BUILD/glib/libcharset/libcharset.a
 cp $SRC/fuzz.options $OUT/fuzz_key.options
-find glib/tests -type f -size -32k -name "*.ini" \
+find gio/tests -type f -size -32k -name "*.desktop" \
   -exec zip -qju $OUT/fuzz_key_seed_corpus.zip "{}" \;
+
+$CC $CFLAGS -I. -Iglib -I$BUILD/glib -c $SRC/fuzz_variant_text.c
+$CXX $CXXFLAGS -lFuzzingEngine \
+  fuzz_variant_text.o -o $OUT/fuzz_variant_text \
+  $BUILD/glib/libglib-2.0.a $BUILD/glib/libcharset/libcharset.a
+cp $SRC/fuzz.options $OUT/fuzz_variant_text.options
+cp $SRC/fuzz_variant_text.dict $OUT
+
+$CC $CFLAGS -I. -Iglib -I$BUILD/glib -c $SRC/fuzz_variant_binary.c
+$CXX $CXXFLAGS -lFuzzingEngine \
+  fuzz_variant_binary.o -o $OUT/fuzz_variant_binary \
+  $BUILD/glib/libglib-2.0.a $BUILD/glib/libcharset/libcharset.a
+cp $SRC/fuzz.options $OUT/fuzz_variant_binary.options
+
+$CC $CFLAGS -I. -Iglib -Igmodule -I$BUILD -I$BUILD/glib \
+  -c $SRC/fuzz_dbus_message.c
+$CXX $CXXFLAGS -lFuzzingEngine \
+  fuzz_dbus_message.o -o $OUT/fuzz_dbus_message \
+  $BUILD/gio/libgio-2.0.a $BUILD/gmodule/libgmodule-2.0.a \
+  $BUILD/gobject/libgobject-2.0.a $BUILD/glib/libglib-2.0.a \
+  $BUILD/glib/libcharset/libcharset.a $BUILD/glib/pcre/libpcre.a \
+  $BUILD/gio/xdgmime/libxdgmime.a $BUILD/gio/inotify/libinotify.a \
+  $BUILD/subprojects/zlib*/libz.a $BUILD/subprojects/libffi/src/libffi.a \
+  -Bstatic -lresolv
+cp $SRC/fuzz.options $OUT/fuzz_dbus_message.options
diff --git a/projects/glib/fuzz_dbus_message.c b/projects/glib/fuzz_dbus_message.c
@@ -0,0 +1,19 @@
+#include "gio/gio.h"
+#include <stdint.h>
+
+static GDBusCapabilityFlags flags = G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING;
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  gssize bytes = g_dbus_message_bytes_needed((guchar*)data, size, NULL);
+  if (bytes <= 0 || bytes > (100 << 20))
+    return 0;
+
+  g_autoptr(GDBusMessage) msg =
+      g_dbus_message_new_from_blob((guchar*)data, size, flags, NULL);
+  if (!msg)
+    return 0;
+
+  gsize msg_size;
+  g_autofree guchar* blob = g_dbus_message_to_blob(msg, &msg_size, flags, NULL);
+  return 0;
+}
diff --git a/projects/glib/fuzz_markup.c b/projects/glib/fuzz_markup.c
diff --git a/projects/glib/fuzz_variant_binary.c b/projects/glib/fuzz_variant_binary.c
@@ -0,0 +1,12 @@
+#include "glib/glib.h"
+#include <stdint.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  g_autoptr(GVariant) variant = g_variant_new_from_data(
+      G_VARIANT_TYPE_VARIANT, data, size, FALSE, NULL, NULL);
+  if (variant) {
+    g_variant_get_normal_form(variant);
+    g_variant_get_data(variant);
+  }
+  return 0;
+}
diff --git a/projects/glib/fuzz_variant_text.c b/projects/glib/fuzz_variant_text.c
@@ -0,0 +1,12 @@
+#include "glib/glib.h"
+#include <stdint.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  const gchar* gdata = (const gchar*)data;
+  g_autoptr(GVariant) variant =
+      g_variant_parse(NULL, gdata, gdata + size, NULL, NULL);
+  if (variant) { // g_autofree requires {}
+    g_autofree gchar* text = g_variant_print(variant, TRUE);
+  }
+  return 0;
+}
diff --git a/projects/glib/fuzz_variant_text.dict b/projects/glib/fuzz_variant_text.dict
@@ -0,0 +1,29 @@
+value="'"
+value="("
+value=")"
+value="<"
+value=">"
+value="["
+value="]"
+value="{"
+value="}"
+value="*"
+value="?"
+value="@"
+value="boolean"
+value="byte"
+value="double"
+value="false"
+value="handle"
+value="int16"
+value="int32"
+value="int64"
+value="just"
+value="nothing"
+value="objectpath"
+value="signature"
+value="string"
+value="true"
+value="uint16"
+value="uint32"
+value="uint64"