summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2023-01-08 21:29:57 +0100
committerGravatar Nikias Bassen2023-01-08 21:29:57 +0100
commite212eb6ed1b1a6fb4d71c1ac8a687ea017d60ad5 (patch)
treea14e66ad7e24f7382cfbc0eedc95ef6ef22c396b
parent395ecda5679a0cce253e64d1ada3ce1936a02ac8 (diff)
downloadlibplist-e212eb6ed1b1a6fb4d71c1ac8a687ea017d60ad5.tar.gz
libplist-e212eb6ed1b1a6fb4d71c1ac8a687ea017d60ad5.tar.bz2
fuzz: Add OpenStep plist fuzzer
-rw-r--r--fuzz/Makefile.am8
-rwxr-xr-xfuzz/init-fuzzers.sh7
-rw-r--r--fuzz/oplist.dict51
-rw-r--r--fuzz/oplist_fuzzer.cc32
-rw-r--r--fuzz/oplist_fuzzer.options3
-rwxr-xr-xfuzz/test-fuzzers.sh10
6 files changed, 108 insertions, 3 deletions
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am
index da6c8ae..8ea3fb0 100644
--- a/fuzz/Makefile.am
+++ b/fuzz/Makefile.am
@@ -22,7 +22,8 @@ CLEANFILES = libFuzzer.a
noinst_PROGRAMS = \
xplist_fuzzer \
bplist_fuzzer \
- jplist_fuzzer
+ jplist_fuzzer \
+ oplist_fuzzer
xplist_fuzzer_SOURCES = xplist_fuzzer.cc
xplist_fuzzer_LDFLAGS = -static
@@ -36,12 +37,17 @@ jplist_fuzzer_SOURCES = jplist_fuzzer.cc
jplist_fuzzer_LDFLAGS = -static
jplist_fuzzer_LDADD = $(top_builddir)/src/libplist-2.0.la libFuzzer.a
+oplist_fuzzer_SOURCES = oplist_fuzzer.cc
+oplist_fuzzer_LDFLAGS = -static
+oplist_fuzzer_LDADD = $(top_builddir)/src/libplist-2.0.la libFuzzer.a
+
TESTS = fuzzers.test
EXTRA_DIST = \
bplist.dict \
xplist.dict \
jplist.dict \
+ oplist.dict \
init-fuzzers.sh \
test-fuzzers.sh \
fuzzers.test
diff --git a/fuzz/init-fuzzers.sh b/fuzz/init-fuzzers.sh
index ea2c8cc..c9b1955 100755
--- a/fuzz/init-fuzzers.sh
+++ b/fuzz/init-fuzzers.sh
@@ -26,5 +26,12 @@ cp ../test/data/j1.plist jplist-input/
cp ../test/data/j2.plist jplist-input/
./jplist_fuzzer -merge=1 jplist-input jplist-crashes jplist-leaks -dict=jplist.dict
+mkdir -p oplist-input
+mkdir -p oplist-crashes
+mkdir -p oplist-leaks
+cp ../test/data/*.ostep oplist-input/
+cp ../test/data/test.strings oplist-input/
+./oplist_fuzzer -merge=1 oplist-input oplist-crashes oplist-leaks -dict=oplist.dict
+
cd ${CURDIR}
exit 0
diff --git a/fuzz/oplist.dict b/fuzz/oplist.dict
new file mode 100644
index 0000000..1408c4a
--- /dev/null
+++ b/fuzz/oplist.dict
@@ -0,0 +1,51 @@
+#
+# AFL dictionary for OpenStep plist format
+# ----------------------------------------
+
+"0"
+",0"
+"=0"
+"0="
+
+"\"\""
+",\"\""
+"=\"\""
+"\"\"="
+
+"="
+";"
+
+"{}"
+",{}"
+"={}"
+"{\"\"=0}"
+"{{}}"
+
+"()"
+",()"
+"=()"
+"(0)"
+"(())"
+
+"''"
+"\\"
+"\\b"
+"\\f"
+"\\n"
+"\\r"
+"\\t"
+"\\U0000"
+"\\a"
+"\\b"
+"\\f"
+"\\n"
+"\\r"
+"\\t"
+"\\v"
+"\\0"
+"\\uD800\\uDC00"
+"\\uDBFF\\uDFFF"
+
+"\"\"=0"
+"//"
+"/**/"
diff --git a/fuzz/oplist_fuzzer.cc b/fuzz/oplist_fuzzer.cc
new file mode 100644
index 0000000..0fabed8
--- /dev/null
+++ b/fuzz/oplist_fuzzer.cc
@@ -0,0 +1,32 @@
+/*
+ * oplist_fuzzer.cc
+ * OpenStep plist fuzz target for libFuzzer
+ *
+ * Copyright (c) 2023 Nikias Bassen All Rights Reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include <plist/plist.h>
+#include <stdio.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size)
+{
+ plist_t root_node = NULL;
+ plist_from_openstep(reinterpret_cast<const char*>(data), size, &root_node);
+ plist_free(root_node);
+
+ return 0;
+}
diff --git a/fuzz/oplist_fuzzer.options b/fuzz/oplist_fuzzer.options
new file mode 100644
index 0000000..69a63d9
--- /dev/null
+++ b/fuzz/oplist_fuzzer.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 4096
+dict = oplist.dict
diff --git a/fuzz/test-fuzzers.sh b/fuzz/test-fuzzers.sh
index 40be74f..4fdf82b 100755
--- a/fuzz/test-fuzzers.sh
+++ b/fuzz/test-fuzzers.sh
@@ -5,13 +5,13 @@ FUZZDIR=`dirname $0`
cd ${FUZZDIR}
-if ! test -x xplist_fuzzer || ! test -x bplist_fuzzer || ! test -x jplist_fuzzer; then
+if ! test -x xplist_fuzzer || ! test -x bplist_fuzzer || ! test -x jplist_fuzzer || ! test -x oplist_fuzzer; then
echo "ERROR: you need to build the fuzzers first."
cd ${CURDIR}
exit 1
fi
-if ! test -d xplist-input || ! test -d bplist-input || ! test -d jplist-input; then
+if ! test -d xplist-input || ! test -d bplist-input || ! test -d jplist-input || ! test -d oplist-input; then
echo "ERROR: fuzzer corpora directories are not present. Did you run init-fuzzers.sh ?"
cd ${CURDIR}
exit 1
@@ -35,5 +35,11 @@ if ! ./jplist_fuzzer jplist-input -dict=jplist.dict -max_len=65536 -runs=10000;
exit 1
fi
+echo "### TESTING oplist_fuzzer ###"
+if ! ./oplist_fuzzer oplist-input -dict=oplist.dict -max_len=65536 -runs=10000; then
+ cd ${CURDIR}
+ exit 1
+fi
+
cd ${CURDIR}
exit 0