From 03ca78438b65baa237f4fc03ca478ac155d1fe48 Mon Sep 17 00:00:00 2001 From: Bhargava Shastry Date: Mon, 8 Oct 2018 17:15:18 +0200 Subject: [PATCH 01/11] lzo: Add lzo out-of-source --- projects/lzo/Dockerfile | 22 +++++++ projects/lzo/build.sh | 30 +++++++++ projects/lzo/lzo_compress_target.c | 78 ++++++++++++++++++++++++ projects/lzo/lzo_compress_target.options | 2 + projects/lzo/project.yaml | 8 +++ 5 files changed, 140 insertions(+) create mode 100644 projects/lzo/Dockerfile create mode 100755 projects/lzo/build.sh create mode 100644 projects/lzo/lzo_compress_target.c create mode 100644 projects/lzo/lzo_compress_target.options create mode 100644 projects/lzo/project.yaml diff --git a/projects/lzo/Dockerfile b/projects/lzo/Dockerfile new file mode 100644 index 000000000000..c3f974aae168 --- /dev/null +++ b/projects/lzo/Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER your@email.com +RUN apt-get update && apt-get install -y make autoconf automake libtool wget +RUN wget -O lzo.tar.gz \ + http://www.oberhumer.com/opensource/lzo/download/lzo-2.10.tar.gz +COPY *.c *.options build.sh $SRC/ diff --git a/projects/lzo/build.sh b/projects/lzo/build.sh new file mode 100755 index 000000000000..1abf449945e8 --- /dev/null +++ b/projects/lzo/build.sh @@ -0,0 +1,30 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build project +cd $SRC +tar xzf lzo.tar.gz +cd lzo-* +./configure && make -j$(nproc) + +# build fuzzers +$CC -c -I include/lzo -I minilzo/ $SRC/lzo_compress_target.c +$CXX $CXXFLAGS -std=c++11 -I include/lzo -I minilzo lzo_compress_target.o \ + -o $OUT/lzo_compress_target -lFuzzingEngine src/.libs/liblzo2.a + +# copy fuzzer options +cp $SRC/*.options $OUT/ diff --git a/projects/lzo/lzo_compress_target.c b/projects/lzo/lzo_compress_target.c new file mode 100644 index 000000000000..e1620e158960 --- /dev/null +++ b/projects/lzo/lzo_compress_target.c @@ -0,0 +1,78 @@ +/* +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include +#include +#include +#include +#include +#include "minilzo.h" + +/* Work-memory needed for compression. Allocate memory in units + * of 'lzo_align_t' (instead of 'char') to make sure it is properly aligned. + */ +#define HEAP_ALLOC(var,size) \ + lzo_align_t __LZO_MMODEL var [ ((size) + (sizeof(lzo_align_t) - 1)) / sizeof(lzo_align_t) ] + +static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS); + +extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + int r; + lzo_uint out_len; + lzo_uint new_len; + /* We want to compress the data block at 'in' with length 'IN_LEN' to + * the block at 'out'. Because the input block may be incompressible, + * we must provide a little more output space in case that compression + * is not possible. + */ + unsigned char __LZO_MMODEL in[size]; + unsigned char __LZO_MMODEL out[size + size/16 + 64 + 3]; + + static bool isInit = false; + if (!isInit) + { + if (lzo_init() != LZO_E_OK) + { + printf("internal error - lzo_init() failed !!!\n"); + return 0; + } + isInit = true; + } + + /* Compress with LZO1X-1. */ + r = lzo1x_1_compress(data,size,out,&out_len,wrkmem); + assert(r == LZO_E_OK); + printf("compressed %lu bytes into %lu bytes\n", + (unsigned long) size, (unsigned long) out_len); + + /* check for an incompressible block */ + if (out_len >= size) + { + printf("This block contains incompressible data.\n"); + return 0; + } + + /* Decompress. */ + new_len = size; + r = lzo1x_decompress(out,out_len,in,&new_len,NULL); + assert(r == LZO_E_OK && new_len == size); + printf("decompressed %lu bytes back into %lu bytes\n", + (unsigned long) out_len, (unsigned long) size); + return 0; +} diff --git a/projects/lzo/lzo_compress_target.options b/projects/lzo/lzo_compress_target.options new file mode 100644 index 000000000000..329a6e27bab1 --- /dev/null +++ b/projects/lzo/lzo_compress_target.options @@ -0,0 +1,2 @@ +[libfuzzer] +close_fd_mask = 3 diff --git a/projects/lzo/project.yaml b/projects/lzo/project.yaml new file mode 100644 index 000000000000..ab698ac34ae0 --- /dev/null +++ b/projects/lzo/project.yaml @@ -0,0 +1,8 @@ +homepage: "http://www.oberhumer.com" +primary_contact: "info@oberhumer.com" +auto_ccs: + - "bshas3@gmail.com" +sanitizers: + - address + - memory + - undefined From 2fb96b37088b1044a76035d5a80f34968523a4c0 Mon Sep 17 00:00:00 2001 From: Bhargava Shastry Date: Mon, 8 Oct 2018 17:24:26 +0200 Subject: [PATCH 02/11] lzo: Change maintainer of Docker image --- projects/lzo/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/lzo/Dockerfile b/projects/lzo/Dockerfile index c3f974aae168..851981efc2f1 100644 --- a/projects/lzo/Dockerfile +++ b/projects/lzo/Dockerfile @@ -15,7 +15,7 @@ ################################################################################ FROM gcr.io/oss-fuzz-base/base-builder -MAINTAINER your@email.com +MAINTAINER info@oberhumer.com RUN apt-get update && apt-get install -y make autoconf automake libtool wget RUN wget -O lzo.tar.gz \ http://www.oberhumer.com/opensource/lzo/download/lzo-2.10.tar.gz From 74fb88af1e458caddcd08353e05d6dd2d4407503 Mon Sep 17 00:00:00 2001 From: Bhargava Shastry Date: Wed, 10 Oct 2018 14:22:51 +0200 Subject: [PATCH 03/11] lzo: Add decompress target --- projects/lzo/lzo_compress_target.c | 4 +- projects/lzo/lzo_decompress_target.c | 63 ++++++++++++++++++++++ projects/lzo/lzo_decompress_target.options | 2 + projects/openvswitch/Dockerfile | 2 +- 4 files changed, 68 insertions(+), 3 deletions(-) create mode 100644 projects/lzo/lzo_decompress_target.c create mode 100644 projects/lzo/lzo_decompress_target.options diff --git a/projects/lzo/lzo_compress_target.c b/projects/lzo/lzo_compress_target.c index e1620e158960..61f110f8cb9a 100644 --- a/projects/lzo/lzo_compress_target.c +++ b/projects/lzo/lzo_compress_target.c @@ -49,8 +49,8 @@ extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (lzo_init() != LZO_E_OK) { - printf("internal error - lzo_init() failed !!!\n"); - return 0; + printf("internal error - lzo_init() failed !!!\n"); + return 0; } isInit = true; } diff --git a/projects/lzo/lzo_decompress_target.c b/projects/lzo/lzo_decompress_target.c new file mode 100644 index 000000000000..9b464b277178 --- /dev/null +++ b/projects/lzo/lzo_decompress_target.c @@ -0,0 +1,63 @@ +/* +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include +#include +#include +#include +#include +#include "minilzo.h" + +/* Work-memory needed for compression. Allocate memory in units + * of 'lzo_align_t' (instead of 'char') to make sure it is properly aligned. + */ +#define HEAP_ALLOC(var,size) \ + lzo_align_t __LZO_MMODEL var [ ((size) + (sizeof(lzo_align_t) - 1)) / sizeof(lzo_align_t) ] + +static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS); + +extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + int r; + lzo_uint new_len; + /* We want to compress the data block at 'in' with length 'IN_LEN' to + * the block at 'out'. Because the input block may be incompressible, + * we must provide a little more output space in case that compression + * is not possible. + */ + unsigned char __LZO_MMODEL in[size]; + + static bool isInit = false; + if (!isInit) + { + if (lzo_init() != LZO_E_OK) + { + printf("internal error - lzo_init() failed !!!\n"); + return 0; + } + isInit = true; + } + + /* Decompress. */ + new_len = size; + r = lzo1x_decompress(data,size,in,&new_len,NULL); + assert(r == LZO_E_OK && new_len == size); + printf("decompressed %lu bytes back into %lu bytes\n", + (unsigned long) size, (unsigned long) new_len); + return 0; +} diff --git a/projects/lzo/lzo_decompress_target.options b/projects/lzo/lzo_decompress_target.options new file mode 100644 index 000000000000..329a6e27bab1 --- /dev/null +++ b/projects/lzo/lzo_decompress_target.options @@ -0,0 +1,2 @@ +[libfuzzer] +close_fd_mask = 3 diff --git a/projects/openvswitch/Dockerfile b/projects/openvswitch/Dockerfile index 27c8911a89de..ebd3aebbbe12 100644 --- a/projects/openvswitch/Dockerfile +++ b/projects/openvswitch/Dockerfile @@ -20,7 +20,7 @@ RUN apt-get update && apt-get install -y make autoconf automake \ libtool python python-pip \ libz-dev libssl-dev libssl1.0.0 wget RUN pip install six -RUN git clone --depth 1 https://github.com/openvswitch/ovs.git openvswitch +RUN git clone -b ossfuzz-add-ofctl --depth 1 https://github.com/bshastry/ovs.git openvswitch RUN git clone --depth 1 https://github.com/openvswitch/ovs-fuzzing-corpus.git \ ovs-fuzzing-corpus WORKDIR openvswitch From 6b9c79e79de5a9b95c02681e20bd586e9a6d6fd1 Mon Sep 17 00:00:00 2001 From: Bhargava Shastry Date: Wed, 10 Oct 2018 14:43:24 +0200 Subject: [PATCH 04/11] lzo: Update build script --- projects/lzo/build.sh | 10 +++++++--- projects/lzo/lzo_compress_target.c | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/projects/lzo/build.sh b/projects/lzo/build.sh index 1abf449945e8..fbdc3db16976 100755 --- a/projects/lzo/build.sh +++ b/projects/lzo/build.sh @@ -22,9 +22,13 @@ cd lzo-* ./configure && make -j$(nproc) # build fuzzers -$CC -c -I include/lzo -I minilzo/ $SRC/lzo_compress_target.c -$CXX $CXXFLAGS -std=c++11 -I include/lzo -I minilzo lzo_compress_target.o \ - -o $OUT/lzo_compress_target -lFuzzingEngine src/.libs/liblzo2.a +for file in $SRC/*.c; +do + name=$(basename $file) + $CC -c -I include/lzo -I minilzo/ ${file} -o ${name}.o + $CXX $CXXFLAGS -std=c++11 -I include/lzo -I minilzo ${name}.o \ + -o $OUT/${name} -lFuzzingEngine src/.libs/liblzo2.a +done # copy fuzzer options cp $SRC/*.options $OUT/ diff --git a/projects/lzo/lzo_compress_target.c b/projects/lzo/lzo_compress_target.c index 61f110f8cb9a..897fcfef90b8 100644 --- a/projects/lzo/lzo_compress_target.c +++ b/projects/lzo/lzo_compress_target.c @@ -52,7 +52,7 @@ extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) printf("internal error - lzo_init() failed !!!\n"); return 0; } - isInit = true; + isInit = true; } /* Compress with LZO1X-1. */ From e0f387a6edaa74cc8e0f9f7f33f1f73d2fdd3665 Mon Sep 17 00:00:00 2001 From: Bhargava Shastry Date: Wed, 10 Oct 2018 14:57:57 +0200 Subject: [PATCH 05/11] lzo: Fix build script --- projects/lzo/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/lzo/build.sh b/projects/lzo/build.sh index fbdc3db16976..d1a7df400b79 100755 --- a/projects/lzo/build.sh +++ b/projects/lzo/build.sh @@ -24,7 +24,7 @@ cd lzo-* # build fuzzers for file in $SRC/*.c; do - name=$(basename $file) + name=$(basename $file .c) $CC -c -I include/lzo -I minilzo/ ${file} -o ${name}.o $CXX $CXXFLAGS -std=c++11 -I include/lzo -I minilzo ${name}.o \ -o $OUT/${name} -lFuzzingEngine src/.libs/liblzo2.a From d563bbf88cb655690e57c1cbb8ac4825537b21bb Mon Sep 17 00:00:00 2001 From: Bhargava Shastry Date: Wed, 10 Oct 2018 15:14:16 +0200 Subject: [PATCH 06/11] lzo: Bail out if size==0 in decompress test --- projects/lzo/lzo_decompress_target.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/projects/lzo/lzo_decompress_target.c b/projects/lzo/lzo_decompress_target.c index 9b464b277178..40862dc805c2 100644 --- a/projects/lzo/lzo_decompress_target.c +++ b/projects/lzo/lzo_decompress_target.c @@ -35,6 +35,12 @@ extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int r; lzo_uint new_len; + + if (size == 0) + { + return 0; + } + /* We want to compress the data block at 'in' with length 'IN_LEN' to * the block at 'out'. Because the input block may be incompressible, * we must provide a little more output space in case that compression From 665ac86ba2e049255db5b10467cd74567581e70e Mon Sep 17 00:00:00 2001 From: Vincent Ulitzsch Date: Wed, 10 Oct 2018 20:44:40 +0200 Subject: [PATCH 07/11] Adding a seed file to lzo_decompress_target_seed This commit adds a minimal lzo seed as a seed for the lzo_decompress_target. Still results in a heap-buffer-overflow at the moment. --- projects/lzo/Dockerfile | 1 + projects/lzo/build.sh | 1 + projects/lzo/lzo_decompress_target_seeds/seed.lzo | Bin 0 -> 217 bytes 3 files changed, 2 insertions(+) create mode 100755 projects/lzo/lzo_decompress_target_seeds/seed.lzo diff --git a/projects/lzo/Dockerfile b/projects/lzo/Dockerfile index 851981efc2f1..d6971e6ffc66 100644 --- a/projects/lzo/Dockerfile +++ b/projects/lzo/Dockerfile @@ -20,3 +20,4 @@ RUN apt-get update && apt-get install -y make autoconf automake libtool wget RUN wget -O lzo.tar.gz \ http://www.oberhumer.com/opensource/lzo/download/lzo-2.10.tar.gz COPY *.c *.options build.sh $SRC/ +COPY lzo_decompress_target_seeds $SRC/lzo_decompress_target_seeds diff --git a/projects/lzo/build.sh b/projects/lzo/build.sh index d1a7df400b79..3d92eaf09bca 100755 --- a/projects/lzo/build.sh +++ b/projects/lzo/build.sh @@ -32,3 +32,4 @@ done # copy fuzzer options cp $SRC/*.options $OUT/ +zip -j $OUT/lzo_decompress_target_seed_corpus.zip $SRC/lzo_decompress_target_seeds/* diff --git a/projects/lzo/lzo_decompress_target_seeds/seed.lzo b/projects/lzo/lzo_decompress_target_seeds/seed.lzo new file mode 100755 index 0000000000000000000000000000000000000000..bf310368e9c46ed701596f11bfe642d383cb03db GIT binary patch literal 217 zcmW;GPf7zZ6oB!x6S1b&&}~v=qd z78f7C?I(U7*2~|S5MnSm5^}E)yM5n}D@&1}M+Sr(I{yX@dU%bYfd#hc)sqcOP`ier zGg}5v9~7YvU0nei^cOdh645~&@XTo&SRUZyjK4H@j1R0&x3 zm>E)hJ}3g1h|TrL>AV=nN)4TV876zDk<(gxGO~nLo)+vjb%u96SJVH0ar=4o^#>Hm BJ^BCu literal 0 HcmV?d00001 From 39db92a8bac1c960e93660a6ee29a6fe7b01da1d Mon Sep 17 00:00:00 2001 From: Bhargava Shastry Date: Wed, 10 Oct 2018 21:44:40 +0200 Subject: [PATCH 08/11] lzo: Switch to safer decompressor (HT @viniul) that does not crash and remove assertion --- projects/lzo/lzo_decompress_target.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/projects/lzo/lzo_decompress_target.c b/projects/lzo/lzo_decompress_target.c index 40862dc805c2..e87e17e412dc 100644 --- a/projects/lzo/lzo_decompress_target.c +++ b/projects/lzo/lzo_decompress_target.c @@ -61,8 +61,11 @@ extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) /* Decompress. */ new_len = size; - r = lzo1x_decompress(data,size,in,&new_len,NULL); - assert(r == LZO_E_OK && new_len == size); + r = lzo1x_decompress_safe(data,size,in,&new_len,NULL); + if (r != LZO_E_OK) + { + printf("error thrown by lzo1x_decompress_safe: %d\n", r); + } printf("decompressed %lu bytes back into %lu bytes\n", (unsigned long) size, (unsigned long) new_len); return 0; From d0143540b97841bc63bec75b61c97411b16f7740 Mon Sep 17 00:00:00 2001 From: Bhargava Shastry Date: Wed, 10 Oct 2018 22:17:57 +0200 Subject: [PATCH 09/11] lzo: Remove buggy addition (from OvS) to this PR --- projects/openvswitch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/openvswitch/Dockerfile b/projects/openvswitch/Dockerfile index ebd3aebbbe12..27c8911a89de 100644 --- a/projects/openvswitch/Dockerfile +++ b/projects/openvswitch/Dockerfile @@ -20,7 +20,7 @@ RUN apt-get update && apt-get install -y make autoconf automake \ libtool python python-pip \ libz-dev libssl-dev libssl1.0.0 wget RUN pip install six -RUN git clone -b ossfuzz-add-ofctl --depth 1 https://github.com/bshastry/ovs.git openvswitch +RUN git clone --depth 1 https://github.com/openvswitch/ovs.git openvswitch RUN git clone --depth 1 https://github.com/openvswitch/ovs-fuzzing-corpus.git \ ovs-fuzzing-corpus WORKDIR openvswitch From da5ea52dcca6adf3b12e0c9a6c68a124e424fdd6 Mon Sep 17 00:00:00 2001 From: Vincent Ulitzsch Date: Thu, 11 Oct 2018 01:02:21 +0200 Subject: [PATCH 10/11] Add more decompression targets to decompress_target This commit adds more decompression targets to decompress_target.c. The target function is chosen based on the first byte of the data given by libfuzzer. --- projects/lzo/lzo_decompress_target.c | 35 +++++++++++++++++++++------- 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/projects/lzo/lzo_decompress_target.c b/projects/lzo/lzo_decompress_target.c index 40862dc805c2..a9fa533d0c5a 100644 --- a/projects/lzo/lzo_decompress_target.c +++ b/projects/lzo/lzo_decompress_target.c @@ -22,6 +22,13 @@ #include #include #include "minilzo.h" +#include "lzo1b.h" +#include "lzo1c.h" +#include "lzo1f.h" +#include "lzo1x.h" +#include "lzo1y.h" +#include "lzo1z.h" +#include "lzo2a.h" /* Work-memory needed for compression. Allocate memory in units * of 'lzo_align_t' (instead of 'char') to make sure it is properly aligned. @@ -31,22 +38,34 @@ static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS); +typedef int (*decompress_function)( const lzo_bytep, lzo_uint , + lzo_bytep, lzo_uintp, + lzo_voidp ); + extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int r; lzo_uint new_len; - - if (size == 0) - { - return 0; + if (size < 2){ + return 0; } - /* We want to compress the data block at 'in' with length 'IN_LEN' to * the block at 'out'. Because the input block may be incompressible, * we must provide a little more output space in case that compression * is not possible. */ - unsigned char __LZO_MMODEL in[size]; + unsigned char __LZO_MMODEL out[size]; + + decompress_function funcArr[7] = {NULL}; + funcArr[0] = &lzo1x_decompress_safe; + funcArr[1] = &lzo1b_decompress_safe; + funcArr[2] = &lzo1c_decompress_safe; + funcArr[2] = &lzo1f_decompress_safe; + funcArr[3] = &lzo1x_decompress_safe; + funcArr[4] = &lzo1y_decompress_safe; + funcArr[5] = &lzo1z_decompress_safe; + funcArr[6] = &lzo2a_decompress_safe; + static bool isInit = false; if (!isInit) @@ -60,9 +79,9 @@ extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) } /* Decompress. */ + int idx = data[0] % 7; new_len = size; - r = lzo1x_decompress(data,size,in,&new_len,NULL); - assert(r == LZO_E_OK && new_len == size); + r = (*funcArr[idx])(&data[1],size-1,out,&new_len,NULL); printf("decompressed %lu bytes back into %lu bytes\n", (unsigned long) size, (unsigned long) new_len); return 0; From e4a51ca38b723db3084f8f77288e1a259dcb2a4a Mon Sep 17 00:00:00 2001 From: Bhargava Shastry Date: Thu, 11 Oct 2018 11:23:31 +0200 Subject: [PATCH 11/11] Make decomp func ptr static, fix minor bug in func ptr init, and fix include paths in build script --- projects/lzo/build.sh | 4 ++-- projects/lzo/lzo_decompress_target.c | 27 ++++++++++++++------------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/projects/lzo/build.sh b/projects/lzo/build.sh index 3d92eaf09bca..40a9a04be556 100755 --- a/projects/lzo/build.sh +++ b/projects/lzo/build.sh @@ -25,8 +25,8 @@ cd lzo-* for file in $SRC/*.c; do name=$(basename $file .c) - $CC -c -I include/lzo -I minilzo/ ${file} -o ${name}.o - $CXX $CXXFLAGS -std=c++11 -I include/lzo -I minilzo ${name}.o \ + $CC -c -I include -I minilzo -I include/lzo ${file} -o ${name}.o + $CXX $CXXFLAGS -std=c++11 -I include -I minilzo -I include/lzo ${name}.o \ -o $OUT/${name} -lFuzzingEngine src/.libs/liblzo2.a done diff --git a/projects/lzo/lzo_decompress_target.c b/projects/lzo/lzo_decompress_target.c index dc6e2c7e3cf4..92b289b5aa6a 100644 --- a/projects/lzo/lzo_decompress_target.c +++ b/projects/lzo/lzo_decompress_target.c @@ -21,7 +21,6 @@ #include #include #include -#include "minilzo.h" #include "lzo1b.h" #include "lzo1c.h" #include "lzo1f.h" @@ -42,6 +41,19 @@ typedef int (*decompress_function)( const lzo_bytep, lzo_uint , lzo_bytep, lzo_uintp, lzo_voidp ); +#define NUM_DECOMP 7 + +static decompress_function funcArr[NUM_DECOMP] = +{ + &lzo1b_decompress_safe, + &lzo1c_decompress_safe, + &lzo1f_decompress_safe, + &lzo1x_decompress_safe, + &lzo1y_decompress_safe, + &lzo1z_decompress_safe, + &lzo2a_decompress_safe +}; + extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int r; @@ -56,17 +68,6 @@ extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) */ unsigned char __LZO_MMODEL out[size]; - decompress_function funcArr[7] = {NULL}; - funcArr[0] = &lzo1x_decompress_safe; - funcArr[1] = &lzo1b_decompress_safe; - funcArr[2] = &lzo1c_decompress_safe; - funcArr[2] = &lzo1f_decompress_safe; - funcArr[3] = &lzo1x_decompress_safe; - funcArr[4] = &lzo1y_decompress_safe; - funcArr[5] = &lzo1z_decompress_safe; - funcArr[6] = &lzo2a_decompress_safe; - - static bool isInit = false; if (!isInit) { @@ -79,7 +80,7 @@ extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) } /* Decompress. */ - int idx = data[0] % 7; + int idx = data[0] % NUM_DECOMP; new_len = size; r = (*funcArr[idx])(&data[1],size-1,out,&new_len,NULL); if (r != LZO_E_OK)