Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OSSFuzz Integration #365

Merged
merged 4 commits into from
Dec 23, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions .github/workflows/cifuzz.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: CIFuzz
on:
push:
branches:
- master
pull_request:
permissions: {}
jobs:
Fuzzing:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Build Fuzzers
id: build
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
oss-fuzz-project-name: 'zip'
language: c
- name: Run Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
with:
oss-fuzz-project-name: 'zip'
language: c
fuzz-seconds: 800
output-sarif: true
- name: Upload Crash
uses: actions/upload-artifact@v3
if: failure() && steps.build.outcome == 'success'
with:
name: artifacts
path: ./out/artifacts
- name: Upload Sarif
if: always() && steps.build.outcome == 'success'
uses: github/codeql-action/upload-sarif@v2
with:
# Path to SARIF file relative to the root of the repository
sarif_file: cifuzz-sarif/results.sarif
checkout_path: cifuzz-sarif
11 changes: 11 additions & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ endif ()
option(CMAKE_ENABLE_SANITIZERS "Enable zip sanitizers" OFF)
option(ZIP_STATIC_PIC "Build static zip with PIC" ON)
option(ZIP_BUILD_DOCS "Generate API documentation with Doxygen" OFF)
option(ZIP_BUILD_FUZZ "Build fuzz targets" OFF)

if(ZIP_ENABLE_SHARABLE_FILE_OPEN)
add_definitions(-DZIP_ENABLE_SHARABLE_FILE_OPEN)
Expand Down Expand Up @@ -73,6 +74,16 @@ elseif ("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU" OR
endif (MSVC)

####

# fuzz
if (ZIP_BUILD_FUZZ)
if (NOT DEFINED ENV{LIB_FUZZING_ENGINE})
message(FATAL_ERROR "LIB_FUZZING_ENGINE is not defined")
endif()
add_subdirectory(fuzz)
endif()
###

set(CONFIG_INSTALL_DIR "lib/cmake/${PROJECT_NAME}")
set(INCLUDE_INSTALL_DIR "include")

Expand Down
24 changes: 24 additions & 0 deletions fuzz/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Utilized by OSSFuzz to build the harness(es) for continuous fuzz-testing
# OSSFuzz defines the following environment variables, that this target relies upon:
# CXX, CFLAGS, LIB_FUZZING_ENGINE, OUT

set(CMAKE_C_STANDARD 23)

add_definitions(-DNDEBUG) # Do not want assertions

if (DEFINED ENV{CFLAGS})
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} $ENV{CFLAGS}")
endif ()

add_executable(read_entry_fuzzer read_entry_fuzzer.c)
target_link_libraries(read_entry_fuzzer PRIVATE ${PROJECT_NAME} $ENV{LIB_FUZZING_ENGINE})

add_executable(create_zip_fuzzer create_zip_fuzzer.c)
target_link_libraries(create_zip_fuzzer PRIVATE ${PROJECT_NAME} $ENV{LIB_FUZZING_ENGINE})

if (DEFINED ENV{OUT})
install(TARGETS read_entry_fuzzer DESTINATION $ENV{OUT})
install(TARGETS create_zip_fuzzer DESTINATION $ENV{OUT})
else ()
message(WARNING "Cannot install if $OUT is not defined!")
endif ()
8 changes: 8 additions & 0 deletions fuzz/build.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
cd $SRC/zip

mkdir -p build
cmake -S . -B build -DCMAKE_C_COMPILER_WORKS=1 -DZIP_BUILD_FUZZ=ON && cmake --build build --target install

# Prepare corpora
zip -q $OUT/read_entry_fuzzer_seed_corpus.zip fuzz/corpus/*
cp $OUT/read_entry_fuzzer_seed_corpus.zip $OUT/create_zip_fuzzer_seed_corpus.zip
Binary file added fuzz/corpus/seed.zip
Binary file not shown.
19 changes: 19 additions & 0 deletions fuzz/create_zip_fuzzer.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#include "zip.h"
#include <stdint.h>
#include <stdlib.h>

int LLVMFuzzerTestOneInput(const uint8_t *data, const size_t size)
{
char *outbuf = NULL;
size_t outbufsize = 0;

struct zip_t *zip = zip_stream_open(NULL, 0, ZIP_DEFAULT_COMPRESSION_LEVEL, 'w');

zip_entry_open(zip, "test");
zip_entry_write(zip, data, size);
zip_entry_close(zip);
zip_stream_copy(zip, (void **) &outbuf, &outbufsize);
zip_stream_close(zip);
free(outbuf);
return 0;
}
38 changes: 38 additions & 0 deletions fuzz/read_entry_fuzzer.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
#include "zip.h"
#include <stdint.h>
#include <stdlib.h>

int LLVMFuzzerTestOneInput(const uint8_t *data, const size_t size)
{
void *buf = NULL;
size_t bufsize = 0;

struct zip_t *zip = zip_stream_open((const char *)data, size, 0, 'r');
if (NULL == zip)
{
goto end;
}

const ssize_t zip_entries_count = zip_entries_total(zip);

if (zip_entries_count <= 0)
{
goto end;
}

if (0 != zip_entry_openbyindex(zip, 0))
{
goto end;
}

zip_entry_read(zip, &buf, &bufsize);

end:
zip_entry_close(zip);
if (NULL != zip)
{
zip_close(zip);
}
free(buf);
return 0;
}