diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 04:52:27 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 04:52:27 +0000 |
commit | 639315bb3b036edca1522ef1be44d74d8158adab (patch) | |
tree | 5f36135893467fd65bb194de56cb9d579cec6dd2 | |
parent | 1c450ee6364fa44de38a715855d4350a7d7ca325 (diff) | |
parent | 7e7a774e315426f7eabfebd3d2b394ec3cb81808 (diff) | |
download | libprotobuf-mutator-android14-mainline-media-swcodec-release.tar.gz |
Snap for 10453563 from 7e7a774e315426f7eabfebd3d2b394ec3cb81808 to mainline-media-swcodec-releaseaml_swc_341619000aml_swc_341513600aml_swc_341312300aml_swc_341312020aml_swc_341111000aml_swc_341011020aml_swc_340922010android14-mainline-media-swcodec-release
Change-Id: Ic483ad1f0068c7031463445028eee91230826057
-rw-r--r-- | .travis.yml | 67 | ||||
-rw-r--r-- | METADATA | 8 | ||||
-rw-r--r-- | README.md | 34 | ||||
-rw-r--r-- | cmake/external/googletest.cmake | 2 | ||||
-rw-r--r-- | cmake/external/libxml2.cmake | 14 | ||||
-rw-r--r-- | cmake/external/protobuf.cmake | 2 | ||||
-rw-r--r-- | examples/libfuzzer/libfuzzer_bin_example.cc | 37 | ||||
-rw-r--r-- | examples/libfuzzer/libfuzzer_example.cc | 37 | ||||
-rw-r--r-- | src/binary_format.cc | 3 | ||||
-rw-r--r-- | src/libfuzzer/libfuzzer_macro.h | 30 | ||||
-rw-r--r-- | src/text_format.cc | 2 |
11 files changed, 98 insertions, 138 deletions
diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 92a1ebe..0000000 --- a/.travis.yml +++ /dev/null @@ -1,67 +0,0 @@ -os: linux -dist: xenial -sudo: true - -language: cpp - -addons: - apt: - packages: &common_packages - - ninja-build - - liblzma-dev - - libz-dev - sources: &common_sources - - ubuntu-toolchain-r-test - -env: - global: GCC_VERSION=7 - -matrix: - include: - - env: BUILD_TYPE=Release CC_COMPILER=clang CXX_COMPILER=clang++ - addons: &clang - apt: - packages: - - *common_packages - - clang - sources: - - *common_sources - - - env: BUILD_TYPE=Debug CC_COMPILER=clang CXX_COMPILER=clang++ - addons: *clang - - - env: BUILD_TYPE=Release CC_COMPILER=gcc-${GCC_VERSION} CXX_COMPILER=g++-${GCC_VERSION} - addons: &gcc - apt: - packages: - - *common_packages - - g++-7 - - gcc-7 - sources: - - *common_sources - - - env: BUILD_TYPE=Debug CC_COMPILER=gcc-${GCC_VERSION} CXX_COMPILER=g++-${GCC_VERSION} - addons: *gcc - - - env: - install: - before_script: - script: - - travis_retry wget --quiet -O - https://raw.githubusercontent.com/cpplint/cpplint/master/cpplint.py | python - --recursive src examples - -install: - - mkdir -p deps && cd deps - - travis_retry wget --no-check-certificate --quiet -O - https://cmake.org/files/v3.12/cmake-3.12.3-Linux-x86_64.tar.gz | tar --strip-components=1 -xz - - export PATH=${TRAVIS_BUILD_DIR}/deps/bin:${PATH} - - cd - - -before_script: - - mkdir -p build && cd build - - rm -rf * - - cmake .. -GNinja -DLIB_PROTO_MUTATOR_WITH_ASAN=ON -DLIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON -DCMAKE_C_COMPILER=${CC_COMPILER} -DCMAKE_CXX_COMPILER=${CXX_COMPILER} -DCMAKE_BUILD_TYPE=${BUILD_TYPE} -DCMAKE_INSTALL_PREFIX=/usr - -script: - - export ASAN_OPTIONS=detect_leaks=0 - - ninja - - ninja check - - DESTDIR="/tmp/testing/" ninja install
\ No newline at end of file @@ -5,11 +5,11 @@ third_party { type: GIT value: "https://github.com/google/libprotobuf-mutator" } - version: "e5869dd9690c3f4dfb842fb90bd07a5a9ee32172" + version: "dbe588bfb6922060e557fe5b8ee27d2923000c1a" license_type: NOTICE last_upgrade_date { - year: 2020 - month: 12 - day: 2 + year: 2022 + month: 10 + day: 19 } } @@ -118,20 +118,20 @@ may corrupt the reproducer so it stops triggering the bug. Note: You can add callback for any nested message and you can add multiple callbacks for the same message type. ``` -DEFINE_PROTO_FUZZER(const MyMessageType& input) { - static PostProcessorRegistration reg1 = { - [](MyMessageType* message, unsigned int seed) { - TweakMyMessage(message, seed); - }}; - static PostProcessorRegistration reg2 = { - [](MyMessageType* message, unsigned int seed) { - DifferentTweakMyMessage(message, seed); - }}; - static PostProcessorRegistration reg_nested = { - [](MyMessageType::Nested* message, unsigned int seed) { - TweakMyNestedMessage(message, seed); - }}; +static PostProcessorRegistration<MyMessageType> reg1 = { + [](MyMessageType* message, unsigned int seed) { + TweakMyMessage(message, seed); + }}; +static PostProcessorRegistration<MyMessageType> reg2 = { + [](MyMessageType* message, unsigned int seed) { + DifferentTweakMyMessage(message, seed); + }}; +static PostProcessorRegistration<MyMessageType::Nested> reg_nested = { + [](MyMessageType::Nested* message, unsigned int seed) { + TweakMyNestedMessage(message, seed); + }}; +DEFINE_PROTO_FUZZER(const MyMessageType& input) { // Code which needs to be fuzzed. ConsumeMyMessageType(input); } @@ -142,6 +142,14 @@ string should be UTF-8, however only "proto3" enforces that. So if fuzzer is applied to "proto2" type libprotobuf-mutator will generate any strings including invalid UTF-8. If it's a "proto3" message type, only valid UTF-8 will be used. +## Extensions +Currently the library does not mutate +[extensions](https://developers.google.com/protocol-buffers/docs/proto#extensions). +This can be a problem if extension contains required fields so the library will not +be able to change the message into valid initialized state. +You can use [post processing hooks](#mutation-post-processing-experimental) to +cleanup/initialize the message as workaround. + ## Users of the library * [Chromium](https://cs.chromium.org/search/?q=DEFINE_.*._PROTO_FUZZER%5C\() * [Envoy](https://github.com/envoyproxy/envoy/search?q=DEFINE_TEXT_PROTO_FUZZER+OR+DEFINE_PROTO_FUZZER+OR+DEFINE_BINARY_PROTO_FUZZER&unscoped_q=DEFINE_TEXT_PROTO_FUZZER+OR+DEFINE_PROTO_FUZZER+OR+DEFINE_BINARY_PROTO_FUZZER&type=Code) diff --git a/cmake/external/googletest.cmake b/cmake/external/googletest.cmake index 825ff9a..ad0fe4a 100644 --- a/cmake/external/googletest.cmake +++ b/cmake/external/googletest.cmake @@ -44,7 +44,7 @@ include (ExternalProject) ExternalProject_Add(${GTEST_TARGET} PREFIX ${GTEST_TARGET} GIT_REPOSITORY https://github.com/google/googletest.git - GIT_TAG 3f05f651ae3621db58468153e32016bc1397800b + GIT_TAG release-1.12.0 UPDATE_COMMAND "" CMAKE_CACHE_ARGS -DCMAKE_C_COMPILER:FILEPATH=${CMAKE_C_COMPILER} -DCMAKE_CXX_COMPILER:FILEPATH=${CMAKE_CXX_COMPILER} diff --git a/cmake/external/libxml2.cmake b/cmake/external/libxml2.cmake index c00ace2..8918ee0 100644 --- a/cmake/external/libxml2.cmake +++ b/cmake/external/libxml2.cmake @@ -36,13 +36,11 @@ ExternalProject_Add(${LIBXML2_TARGET} GIT_REPOSITORY GIT_REPOSITORY https://gitlab.gnome.org/GNOME/libxml2 GIT_TAG master UPDATE_COMMAND "" - CONFIGURE_COMMAND ${LIBXML2_SRC_DIR}/autogen.sh --without-python - --prefix=${LIBXML2_INSTALL_DIR} - CC=${CMAKE_C_COMPILER} - CXX=${CMAKE_CXX_COMPILER} - CFLAGS=${LIBXML2_CFLAGS} - CXXFLAGS=${LIBXML2_CXXFLAGS} - BUILD_COMMAND make -j ${CPU_COUNT} all - INSTALL_COMMAND make install + CMAKE_CACHE_ARGS -DCMAKE_C_COMPILER:FILEPATH=${CMAKE_C_COMPILER} + -DCMAKE_CXX_COMPILER:FILEPATH=${CMAKE_CXX_COMPILER} + CMAKE_ARGS -DCMAKE_C_FLAGS=${LIBXML2_CFLAGS} -DCMAKE_CXX_FLAGS=${LIBXML2_CXXFLAGS} + -DCMAKE_INSTALL_PREFIX=${LIBXML2_INSTALL_DIR} + -DCMAKE_INSTALL_LIBDIR=lib + -DBUILD_SHARED_LIBS=OFF BUILD_BYPRODUCTS ${LIBXML2_BUILD_BYPRODUCTS} ) diff --git a/cmake/external/protobuf.cmake b/cmake/external/protobuf.cmake index 0b64519..3dc930c 100644 --- a/cmake/external/protobuf.cmake +++ b/cmake/external/protobuf.cmake @@ -63,7 +63,7 @@ include (ExternalProject) ExternalProject_Add(${PROTOBUF_TARGET} PREFIX ${PROTOBUF_TARGET} GIT_REPOSITORY https://github.com/google/protobuf.git - GIT_TAG 214c77e1b76e63e512bd675d1c300c80438642b6 + GIT_TAG v21.7 UPDATE_COMMAND "" CONFIGURE_COMMAND ${CMAKE_COMMAND} ${PROTOBUF_INSTALL_DIR}/src/${PROTOBUF_TARGET}/cmake -G${CMAKE_GENERATOR} diff --git a/examples/libfuzzer/libfuzzer_bin_example.cc b/examples/libfuzzer/libfuzzer_bin_example.cc index 963b522..246f279 100644 --- a/examples/libfuzzer/libfuzzer_bin_example.cc +++ b/examples/libfuzzer/libfuzzer_bin_example.cc @@ -21,26 +21,29 @@ protobuf_mutator::protobuf::LogSilencer log_silincer; -protobuf_mutator::libfuzzer::PostProcessorRegistration<libfuzzer_example::Msg> - reg = {[](libfuzzer_example::Msg* message, unsigned int seed) { +template <class Proto> +using PostProcessor = + protobuf_mutator::libfuzzer::PostProcessorRegistration<Proto>; + +static PostProcessor<libfuzzer_example::Msg> reg1 = { + [](libfuzzer_example::Msg* message, unsigned int seed) { message->set_optional_uint64( std::hash<std::string>{}(message->optional_string())); + }}; - if (message->has_any()) { - auto* any = message->mutable_any(); - - // Guide mutator to usefull 'Any' types. - static const char* const expected_types[] = { - "type.googleapis.com/google.protobuf.DescriptorProto", - "type.googleapis.com/google.protobuf.FileDescriptorProto", - }; - - if (!std::count(std::begin(expected_types), std::end(expected_types), - any->type_url())) { - const size_t num = - (std::end(expected_types) - std::begin(expected_types)); - any->set_type_url(expected_types[seed % num]); - } +static PostProcessor<google::protobuf::Any> reg2 = { + [](google::protobuf::Any* any, unsigned int seed) { + // Guide mutator to usefull 'Any' types. + static const char* const expected_types[] = { + "type.googleapis.com/google.protobuf.DescriptorProto", + "type.googleapis.com/google.protobuf.FileDescriptorProto", + }; + + if (!std::count(std::begin(expected_types), std::end(expected_types), + any->type_url())) { + const size_t num = + (std::end(expected_types) - std::begin(expected_types)); + any->set_type_url(expected_types[seed % num]); } }}; diff --git a/examples/libfuzzer/libfuzzer_example.cc b/examples/libfuzzer/libfuzzer_example.cc index aa65125..a852e98 100644 --- a/examples/libfuzzer/libfuzzer_example.cc +++ b/examples/libfuzzer/libfuzzer_example.cc @@ -21,26 +21,29 @@ protobuf_mutator::protobuf::LogSilencer log_silincer; -protobuf_mutator::libfuzzer::PostProcessorRegistration<libfuzzer_example::Msg> - reg = {[](libfuzzer_example::Msg* message, unsigned int seed) { +template <class Proto> +using PostProcessor = + protobuf_mutator::libfuzzer::PostProcessorRegistration<Proto>; + +static PostProcessor<libfuzzer_example::Msg> reg1 = { + [](libfuzzer_example::Msg* message, unsigned int seed) { message->set_optional_uint64( std::hash<std::string>{}(message->optional_string())); + }}; - if (message->has_any()) { - auto* any = message->mutable_any(); - - // Guide mutator to usefull 'Any' types. - static const char* const expected_types[] = { - "type.googleapis.com/google.protobuf.DescriptorProto", - "type.googleapis.com/google.protobuf.FileDescriptorProto", - }; - - if (!std::count(std::begin(expected_types), std::end(expected_types), - any->type_url())) { - const size_t num = - (std::end(expected_types) - std::begin(expected_types)); - any->set_type_url(expected_types[seed % num]); - } +static PostProcessor<google::protobuf::Any> reg2 = { + [](google::protobuf::Any* any, unsigned int seed) { + // Guide mutator to usefull 'Any' types. + static const char* const expected_types[] = { + "type.googleapis.com/google.protobuf.DescriptorProto", + "type.googleapis.com/google.protobuf.FileDescriptorProto", + }; + + if (!std::count(std::begin(expected_types), std::end(expected_types), + any->type_url())) { + const size_t num = + (std::end(expected_types) - std::begin(expected_types)); + any->set_type_url(expected_types[seed % num]); } }}; diff --git a/src/binary_format.cc b/src/binary_format.cc index 2e9a8c7..3455788 100644 --- a/src/binary_format.cc +++ b/src/binary_format.cc @@ -19,7 +19,8 @@ namespace protobuf_mutator { using protobuf::Message; bool ParseBinaryMessage(const uint8_t* data, size_t size, Message* output) { - return ParseBinaryMessage({data, data + size}, output); + return ParseBinaryMessage({reinterpret_cast<const char*>(data), size}, + output); } bool ParseBinaryMessage(const std::string& data, protobuf::Message* output) { diff --git a/src/libfuzzer/libfuzzer_macro.h b/src/libfuzzer/libfuzzer_macro.h index 1a1fe0a..b5cb201 100644 --- a/src/libfuzzer/libfuzzer_macro.h +++ b/src/libfuzzer/libfuzzer_macro.h @@ -82,14 +82,15 @@ using PostProcessorRegistration = \ protobuf_mutator::libfuzzer::PostProcessorRegistration<Proto>; -#define DEFINE_PROTO_FUZZER_IMPL(use_binary, arg) \ - static void TestOneProtoInput(arg); \ - using FuzzerProtoType = std::remove_const<std::remove_reference< \ - std::function<decltype(TestOneProtoInput)>::argument_type>::type>::type; \ - DEFINE_CUSTOM_PROTO_MUTATOR_IMPL(use_binary, FuzzerProtoType) \ - DEFINE_CUSTOM_PROTO_CROSSOVER_IMPL(use_binary, FuzzerProtoType) \ - DEFINE_TEST_ONE_PROTO_INPUT_IMPL(use_binary, FuzzerProtoType) \ - DEFINE_POST_PROCESS_PROTO_MUTATION_IMPL(FuzzerProtoType) \ +#define DEFINE_PROTO_FUZZER_IMPL(use_binary, arg) \ + static void TestOneProtoInput(arg); \ + using FuzzerProtoType = \ + protobuf_mutator::libfuzzer::macro_internal::GetFirstParam< \ + decltype(&TestOneProtoInput)>::type; \ + DEFINE_CUSTOM_PROTO_MUTATOR_IMPL(use_binary, FuzzerProtoType) \ + DEFINE_CUSTOM_PROTO_CROSSOVER_IMPL(use_binary, FuzzerProtoType) \ + DEFINE_TEST_ONE_PROTO_INPUT_IMPL(use_binary, FuzzerProtoType) \ + DEFINE_POST_PROCESS_PROTO_MUTATION_IMPL(FuzzerProtoType) \ static void TestOneProtoInput(arg) namespace protobuf_mutator { @@ -123,6 +124,19 @@ struct PostProcessorRegistration { } }; +namespace macro_internal { + +template <typename T> +struct GetFirstParam; + +template <class Arg> +struct GetFirstParam<void (*)(Arg)> { + using type = typename std::remove_const< + typename std::remove_reference<Arg>::type>::type; +}; + +} // namespace macro_internal + } // namespace libfuzzer } // namespace protobuf_mutator diff --git a/src/text_format.cc b/src/text_format.cc index 4479229..39b2fdb 100644 --- a/src/text_format.cc +++ b/src/text_format.cc @@ -22,7 +22,7 @@ using protobuf::Message; using protobuf::TextFormat; bool ParseTextMessage(const uint8_t* data, size_t size, Message* output) { - return ParseTextMessage({data, data + size}, output); + return ParseTextMessage({reinterpret_cast<const char*>(data), size}, output); } bool ParseTextMessage(const std::string& data, protobuf::Message* output) { |