diff options
author | Nikias Bassen | 2017-04-25 14:54:59 +0200 |
---|---|---|
committer | Nikias Bassen | 2017-04-25 14:54:59 +0200 |
commit | 5c6e695ca942f9a417d24e58f14d51f3e8e1885d (patch) | |
tree | 7eef70ace704c440baea74fff06cc623f800d303 /fuzz | |
parent | 62ec804736435fa34e37e66e228e17e2aacee1d7 (diff) | |
download | libplist-5c6e695ca942f9a417d24e58f14d51f3e8e1885d.tar.gz libplist-5c6e695ca942f9a417d24e58f14d51f3e8e1885d.tar.bz2 |
Add fuzzing targets for libFuzzer used by Google's OSS-Fuzz
Diffstat (limited to 'fuzz')
-rw-r--r-- | fuzz/bplist.dict | 1 | ||||
-rw-r--r-- | fuzz/bplist_fuzzer.cc | 32 | ||||
-rw-r--r-- | fuzz/bplist_fuzzer.options | 3 | ||||
-rw-r--r-- | fuzz/xplist.dict | 51 | ||||
-rw-r--r-- | fuzz/xplist_fuzzer.cc | 32 | ||||
-rw-r--r-- | fuzz/xplist_fuzzer.options | 3 |
6 files changed, 122 insertions, 0 deletions
diff --git a/fuzz/bplist.dict b/fuzz/bplist.dict new file mode 100644 index 0000000..bb0ea5d --- /dev/null +++ b/fuzz/bplist.dict @@ -0,0 +1 @@ +header_bplist = "bplist00" diff --git a/fuzz/bplist_fuzzer.cc b/fuzz/bplist_fuzzer.cc new file mode 100644 index 0000000..17d0649 --- /dev/null +++ b/fuzz/bplist_fuzzer.cc @@ -0,0 +1,32 @@ +/* + * bplist_fuzzer.cc + * binary plist fuzz target for libFuzzer + * + * Copyright (c) 2017 Nikias Bassen All Rights Reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include <plist/plist.h> +#include <stdio.h> + +extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size) +{ + plist_t root_node = NULL; + plist_from_bin(reinterpret_cast<const char*>(data), size, &root_node); + plist_free(root_node); + + return 0; +} diff --git a/fuzz/bplist_fuzzer.options b/fuzz/bplist_fuzzer.options new file mode 100644 index 0000000..c0689b2 --- /dev/null +++ b/fuzz/bplist_fuzzer.options @@ -0,0 +1,3 @@ +[libfuzzer] +max_len = 4096 +dict = bplist.dict diff --git a/fuzz/xplist.dict b/fuzz/xplist.dict new file mode 100644 index 0000000..48b0367 --- /dev/null +++ b/fuzz/xplist.dict @@ -0,0 +1,51 @@ +################################################################################ +# +# AFL dictionary for XML Property Lists +# ---------------------- +# +# Several basic syntax elements and attributes for libplist. +# +# Created by Nikias Bassen <nikias@gmx.li> +# Adapted from libxml2's dict file (created by Michal Zalewski <lcamtuf@google.com>) +# + +attr_encoding=" encoding=\"1\"" +attr_generic=" a=\"1\"" +attr_version=" version=\"1\"" + +entity_builtin="<" +entity_decimal="" +entity_external="&a;" +entity_hex="" + +string_cdata="CDATA" +string_dashes="--" +string_empty="EMPTY" +string_empty_dblquotes="\"\"" +string_empty_quotes="''" +string_parentheses="()" +string_pcdata="#PCDATA" +string_percent="%a" +string_public="PUBLIC" +string_utf8="UTF-8" + +tag_cdata="<![CDATA[" +tag_close="</plist>" +tag_doctype="<!DOCTYPE" +tag_open="<plist>" +tag_open_close="<plist />" +tag_open_exclamation="<!" +tag_open_q="<?" +tag_sq2_close="]]>" +tag_xml_q="<?xml?>" +tag_array="<array>" +tag_data="<data>" +tag_date="<date>" +tag_dict="<dict>" +tag_false="<false/>" +tag_integer="<integer>" +tag_key="<key>" +tag_plist="<plist>" +tag_real="<real>" +tag_string="<string>" +tag_true="<true/>" diff --git a/fuzz/xplist_fuzzer.cc b/fuzz/xplist_fuzzer.cc new file mode 100644 index 0000000..c477c4d --- /dev/null +++ b/fuzz/xplist_fuzzer.cc @@ -0,0 +1,32 @@ +/* + * xplist_fuzzer.cc + * XML plist fuzz target for libFuzzer + * + * Copyright (c) 2017 Nikias Bassen All Rights Reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include <plist/plist.h> +#include <stdio.h> + +extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size) +{ + plist_t root_node = NULL; + plist_from_xml(reinterpret_cast<const char*>(data), size, &root_node); + plist_free(root_node); + + return 0; +} diff --git a/fuzz/xplist_fuzzer.options b/fuzz/xplist_fuzzer.options new file mode 100644 index 0000000..bad5dac --- /dev/null +++ b/fuzz/xplist_fuzzer.options @@ -0,0 +1,3 @@ +[libfuzzer] +max_len = 4096 +dict = xplist.dict |