From dd4c39a395b3167c7fdd8472a45a729c105b7ba9 Mon Sep 17 00:00:00 2001 From: David Korczynski Date: Fri, 10 May 2024 17:26:52 -0700 Subject: [PATCH 1/2] Add ClusterFuzzLite integration Signed-off-by: David Korczynski --- .clusterfuzzlite/Dockerfile | 8 ++++++++ .clusterfuzzlite/build.sh | 9 +++++++++ .clusterfuzzlite/fuzzer.c | 26 ++++++++++++++++++++++++++ .clusterfuzzlite/project.yaml | 1 + .github/workflows/cflite_pr.yml | 30 ++++++++++++++++++++++++++++++ 5 files changed, 74 insertions(+) create mode 100644 .clusterfuzzlite/Dockerfile create mode 100644 .clusterfuzzlite/build.sh create mode 100644 .clusterfuzzlite/fuzzer.c create mode 100644 .clusterfuzzlite/project.yaml create mode 100644 .github/workflows/cflite_pr.yml diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile new file mode 100644 index 0000000..97915c8 --- /dev/null +++ b/.clusterfuzzlite/Dockerfile @@ -0,0 +1,8 @@ +FROM gcr.io/oss-fuzz-base/base-builder +RUN apt-get update && apt-get install -y make autoconf automake libtool cmake \ + pkg-config curl check +COPY . $SRC/http-parser +COPY .clusterfuzzlite/build.sh $SRC/build.sh +COPY .clusterfuzzlite/*.cpp $SRC/ +COPY .clusterfuzzlite/*.c $SRC/ +WORKDIR http-parser diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh new file mode 100644 index 0000000..62d2203 --- /dev/null +++ b/.clusterfuzzlite/build.sh @@ -0,0 +1,9 @@ +#!/bin/bash +find . -name "*.c" -exec $CC $CFLAGS -I./src -c {} \; +find . -name "*.o" -exec cp {} . \; + +rm -f ./test*.o +llvm-ar rcs libfuzz.a *.o + + +$CC $CFLAGS $LIB_FUZZING_ENGINE $SRC/fuzzer.c -Wl,--whole-archive $SRC/http-parser/libfuzz.a -Wl,--allow-multiple-definition -I$SRC/http-parser/http_parser -o $OUT/fuzzer \ No newline at end of file diff --git a/.clusterfuzzlite/fuzzer.c b/.clusterfuzzlite/fuzzer.c new file mode 100644 index 0000000..25a3113 --- /dev/null +++ b/.clusterfuzzlite/fuzzer.c @@ -0,0 +1,26 @@ +// Heuristic: FuzzerGenHeuristic6 :: Target: http_parser_parse_url +#include +#include +#include +#include + +#include "http_parser.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + const char *buf = (const char *)data; + + // Ensure buf is null-terminated + char *buf_cpy = (char *)malloc(size + 1); + memcpy(buf_cpy, buf, size); + buf_cpy[size] = '\0'; + + int is_connect = 0; // Set to 0 for now + struct http_parser_url u; + + http_parser_parse_url(buf_cpy, size, is_connect, &u); + + free(buf_cpy); + + return 0; +} + \ No newline at end of file diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml new file mode 100644 index 0000000..b455aa3 --- /dev/null +++ b/.clusterfuzzlite/project.yaml @@ -0,0 +1 @@ +language: c diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml new file mode 100644 index 0000000..a6ddd01 --- /dev/null +++ b/.github/workflows/cflite_pr.yml @@ -0,0 +1,30 @@ +name: ClusterFuzzLite PR fuzzing +on: + workflow_dispatch: + pull_request: + branches: [ master ] +permissions: read-all +jobs: + PR: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + sanitizer: [address] + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + with: + sanitizer: ${{ matrix.sanitizer }} + language: c++ + bad-build-check: false + - name: Run Fuzzers (${{ matrix.sanitizer }}) + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 100 + mode: 'code-change' + report-unreproducible-crashes: false + sanitizer: ${{ matrix.sanitizer }} From c11a0faa9debf48d8acf556e3de3e5b4f5ed8e4d Mon Sep 17 00:00:00 2001 From: David Korczynski Date: Fri, 10 May 2024 17:29:29 -0700 Subject: [PATCH 2/2] cleanup CFLite integration Signed-off-by: David Korczynski --- .clusterfuzzlite/Dockerfile | 4 +--- .clusterfuzzlite/build.sh | 7 ++----- .clusterfuzzlite/fuzzer.c | 3 +-- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile index 97915c8..787e4f3 100644 --- a/.clusterfuzzlite/Dockerfile +++ b/.clusterfuzzlite/Dockerfile @@ -1,8 +1,6 @@ FROM gcr.io/oss-fuzz-base/base-builder -RUN apt-get update && apt-get install -y make autoconf automake libtool cmake \ - pkg-config curl check +RUN apt-get update && apt-get install -y make autoconf automake libtool COPY . $SRC/http-parser COPY .clusterfuzzlite/build.sh $SRC/build.sh -COPY .clusterfuzzlite/*.cpp $SRC/ COPY .clusterfuzzlite/*.c $SRC/ WORKDIR http-parser diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh index 62d2203..5005be9 100644 --- a/.clusterfuzzlite/build.sh +++ b/.clusterfuzzlite/build.sh @@ -1,9 +1,6 @@ #!/bin/bash -find . -name "*.c" -exec $CC $CFLAGS -I./src -c {} \; -find . -name "*.o" -exec cp {} . \; - -rm -f ./test*.o +$CC $CFLAGS -c ./http_parser/http_parser.c llvm-ar rcs libfuzz.a *.o -$CC $CFLAGS $LIB_FUZZING_ENGINE $SRC/fuzzer.c -Wl,--whole-archive $SRC/http-parser/libfuzz.a -Wl,--allow-multiple-definition -I$SRC/http-parser/http_parser -o $OUT/fuzzer \ No newline at end of file +$CC $CFLAGS $LIB_FUZZING_ENGINE $SRC/fuzzer.c -Wl,--whole-archive $SRC/http-parser/libfuzz.a -Wl,--allow-multiple-definition -I$SRC/http-parser/http_parser -o $OUT/fuzzer diff --git a/.clusterfuzzlite/fuzzer.c b/.clusterfuzzlite/fuzzer.c index 25a3113..c29dfe3 100644 --- a/.clusterfuzzlite/fuzzer.c +++ b/.clusterfuzzlite/fuzzer.c @@ -1,4 +1,3 @@ -// Heuristic: FuzzerGenHeuristic6 :: Target: http_parser_parse_url #include #include #include @@ -23,4 +22,4 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { return 0; } - \ No newline at end of file +