From 5c6e695ca942f9a417d24e58f14d51f3e8e1885d Mon Sep 17 00:00:00 2001 From: Nikias Bassen Date: Tue, 25 Apr 2017 14:54:59 +0200 Subject: Add fuzzing targets for libFuzzer used by Google's OSS-Fuzz --- fuzz/bplist.dict | 1 + fuzz/bplist_fuzzer.cc | 32 +++++++++++++++++++++++++++++ fuzz/bplist_fuzzer.options | 3 +++ fuzz/xplist.dict | 51 ++++++++++++++++++++++++++++++++++++++++++++++ fuzz/xplist_fuzzer.cc | 32 +++++++++++++++++++++++++++++ fuzz/xplist_fuzzer.options | 3 +++ 6 files changed, 122 insertions(+) create mode 100644 fuzz/bplist.dict create mode 100644 fuzz/bplist_fuzzer.cc create mode 100644 fuzz/bplist_fuzzer.options create mode 100644 fuzz/xplist.dict create mode 100644 fuzz/xplist_fuzzer.cc create mode 100644 fuzz/xplist_fuzzer.options diff --git a/fuzz/bplist.dict b/fuzz/bplist.dict new file mode 100644 index 0000000..bb0ea5d --- /dev/null +++ b/fuzz/bplist.dict @@ -0,0 +1 @@ +header_bplist = "bplist00" diff --git a/fuzz/bplist_fuzzer.cc b/fuzz/bplist_fuzzer.cc new file mode 100644 index 0000000..17d0649 --- /dev/null +++ b/fuzz/bplist_fuzzer.cc @@ -0,0 +1,32 @@ +/* + * bplist_fuzzer.cc + * binary plist fuzz target for libFuzzer + * + * Copyright (c) 2017 Nikias Bassen All Rights Reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include +#include + +extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size) +{ + plist_t root_node = NULL; + plist_from_bin(reinterpret_cast(data), size, &root_node); + plist_free(root_node); + + return 0; +} diff --git a/fuzz/bplist_fuzzer.options b/fuzz/bplist_fuzzer.options new file mode 100644 index 0000000..c0689b2 --- /dev/null +++ b/fuzz/bplist_fuzzer.options @@ -0,0 +1,3 @@ +[libfuzzer] +max_len = 4096 +dict = bplist.dict diff --git a/fuzz/xplist.dict b/fuzz/xplist.dict new file mode 100644 index 0000000..48b0367 --- /dev/null +++ b/fuzz/xplist.dict @@ -0,0 +1,51 @@ +################################################################################ +# +# AFL dictionary for XML Property Lists +# ---------------------- +# +# Several basic syntax elements and attributes for libplist. +# +# Created by Nikias Bassen +# Adapted from libxml2's dict file (created by Michal Zalewski ) +# + +attr_encoding=" encoding=\"1\"" +attr_generic=" a=\"1\"" +attr_version=" version=\"1\"" + +entity_builtin="<" +entity_decimal="" +entity_external="&a;" +entity_hex="" + +string_cdata="CDATA" +string_dashes="--" +string_empty="EMPTY" +string_empty_dblquotes="\"\"" +string_empty_quotes="''" +string_parentheses="()" +string_pcdata="#PCDATA" +string_percent="%a" +string_public="PUBLIC" +string_utf8="UTF-8" + +tag_cdata="" +tag_doctype="" +tag_open_close="" +tag_open_exclamation="" +tag_xml_q="" +tag_array="" +tag_data="" +tag_date="" +tag_dict="" +tag_false="" +tag_integer="" +tag_key="" +tag_plist="" +tag_real="" +tag_string="" +tag_true="" diff --git a/fuzz/xplist_fuzzer.cc b/fuzz/xplist_fuzzer.cc new file mode 100644 index 0000000..c477c4d --- /dev/null +++ b/fuzz/xplist_fuzzer.cc @@ -0,0 +1,32 @@ +/* + * xplist_fuzzer.cc + * XML plist fuzz target for libFuzzer + * + * Copyright (c) 2017 Nikias Bassen All Rights Reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include +#include + +extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size) +{ + plist_t root_node = NULL; + plist_from_xml(reinterpret_cast(data), size, &root_node); + plist_free(root_node); + + return 0; +} diff --git a/fuzz/xplist_fuzzer.options b/fuzz/xplist_fuzzer.options new file mode 100644 index 0000000..bad5dac --- /dev/null +++ b/fuzz/xplist_fuzzer.options @@ -0,0 +1,3 @@ +[libfuzzer] +max_len = 4096 +dict = xplist.dict -- cgit v1.1-32-gdbae