google · oliverchang · Oct 30, 2017 · Oct 14, 2017 · Oct 20, 2017 · Oct 20, 2017
diff --git a/projects/gstreamer/Dockerfile b/projects/gstreamer/Dockerfile
@@ -0,0 +1,41 @@
+# Copyright 2017 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+MAINTAINER bilboed@bilboed.com
+# Install the build dependencies
+
+# install the minimum
+
+RUN sed -i '/^#\sdeb-src /s/^#//' "/etc/apt/sources.list" && \
+   apt-get update && \
+   apt-get install -y make autoconf automake libtool build-essential \
+    autopoint pkg-config bison flex gettext libglib2.0-dev libffi-dev liblzma-dev \
+    libvorbis-dev libtheora-dev libogg-dev git-annex
+
+# Checkout all development repositories
+#RUN for i in orc  gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav; do git clone --depth 1 --recursive https://anongit.freedesktop.org/git/gstreamer/$i $i; done  
+RUN \
+  git clone --depth 1 --recursive https://anongit.freedesktop.org/git/gstreamer/orc orc && \
+  git clone --depth 1 --recursive https://anongit.freedesktop.org/git/gstreamer/gstreamer gstreamer && \
+  git clone --depth 1 --recursive https://anongit.freedesktop.org/git/gstreamer/gst-plugins-base gst-plugins-base
+
+ADD https://people.freedesktop.org/~bilboed/gst-discoverer_seed_corpus.zip $SRC
+
+WORKDIR gstreamer
+COPY build.sh $SRC/
+COPY gst-discoverer.c $SRC/
+
diff --git a/projects/gstreamer/build.sh b/projects/gstreamer/build.sh
@@ -0,0 +1,110 @@
+#!/bin/bash -eu
+# Copyright 2017 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+echo "CFLAGS" $CFLAGS
+echo "CXXFLAGS" $CXXFLAGS
+export LDFLAGS="$SANITIZER_FLAGS $COVERAGE_FLAGS"
+PREFIX=$WORK/prefix
+PLUGIN_DIR=$PREFIX/lib/gstreamer-1.0
+export PKG_CONFIG_PATH=$PREFIX/lib/pkgconfig
+mkdir -p $PREFIX
+cd $WORK
+
+# Minimize gst-debug level/code
+export CFLAGS="$CFLAGS -DGST_LEVEL_MAX=2"
+
+for i in orc gstreamer gst-plugins-base;
+do
+    mkdir -p $i
+    cd $i
+    $SRC/$i/autogen.sh --prefix=$PREFIX --disable-shared --enable-static --disable-examples --disable-gtk-doc --disable-introspection --enable-static-plugins --disable-gst-tracer-hooks
+    make -j$(nproc)
+    make install
+    cd ..
+done
+
+#finally build the binary \o/
+BUILD_CFLAGS="$CFLAGS `pkg-config --static --cflags glib-2.0 gstreamer-1.0 gstreamer-pbutils-1.0 gstreamer-video-1.0 gstreamer-audio-1.0 gstreamer-app-1.0 orc-0.4`"
+
+# List of dependencies libraries we grab from pkg-config
+# Should also include dependencies of dependencies (ex: libvorbis depends on libogg)
+
+PKG_DEPS="glib-2.0 gstreamer-1.0 gstreamer-pbutils-1.0 gstreamer-video-1.0 gstreamer-audio-1.0 orc-0.4 \
+  gstreamer-riff-1.0 gstreamer-tag-1.0 gstreamer-app-1.0 zlib \
+  ogg vorbis vorbisenc theoraenc theoradec theora"
+
+# List of all plugins to include
+PLUGINS="$PLUGIN_DIR/libgstcoreelements.a \
+       $PLUGIN_DIR/libgsttypefindfunctions.a \
+       $PLUGIN_DIR/libgstplayback.a \
+       $PLUGIN_DIR/libgstapp.a \
+       $PLUGIN_DIR/libgstvorbis.a \
+       $PLUGIN_DIR/libgsttheora.a \
+       $PLUGIN_DIR/libgstogg.a"
+
+# We want to statically link everything, except for shared libraries that are present on
+# the base image. Those need to be specified beforehad and explicitely linked dynamically
+# If any of the static dependencies require a pre-installed shared library, you need
+# to add that library to the following list
+PREDEPS_LDFLAGS="-Wl,-Bdynamic -ldl -lm -pthread -lrt -lpthread"
+
+# The libraries we want to statically link to
+# This includes dependencies of the gst plugins
+#BUILD_LDFLAGS="$LDFLAGS `pkg-config --static --libs $PKG_DEPS` -Wl,-static -lpcre "
+BUILD_LDFLAGS="$LDFLAGS -Wl,-static `pkg-config --static --libs $PKG_DEPS`"
+
+echo
+echo "PREDEPS_LDFLAGS" $PREDEPS_LDFLAGS
+echo
+echo "BUILD_LDFLAGS" $BUILD_LDFLAGS
+echo
+
+echo $CXX $CXXFLAGS $BUILD_CFLAGS \
+      -v -Wl,--verbose \
+      $SRC//gst-discoverer.c \
+      $PLUGINS \
+      $LIB_FUZZING_ENGINE \
+      -o gst-discoverer \
+      $PREDEPS_LDFLAGS \
+      $BUILD_LDFLAGS \
+      -Wl,-Bdynamic
+
+echo
+echo ">>>> BUILDING gst-discoverer.o"
+echo
+
+$CC $CFLAGS $BUILD_CFLAGS -c $SRC/gst-discoverer.c -o $SRC/gst-discoverer.o
+
+echo
+echo ">>>> LINKING"
+echo
+
+$CXX $CXXFLAGS \
+      -v -Wl,--verbose \
+      -o $OUT/gst-discoverer \
+      $PREDEPS_LDFLAGS \
+      $SRC/gst-discoverer.o \
+      $PLUGINS \
+      $BUILD_LDFLAGS \
+      $LIB_FUZZING_ENGINE \
+      -Wl,-Bdynamic
+
+echo
+echo ">>>> Installing OGG corpus"
+echo
+
+cp $SRC/*_seed_corpus.zip $OUT
diff --git a/projects/gstreamer/gst-discoverer.c b/projects/gstreamer/gst-discoverer.c
@@ -0,0 +1,152 @@
+/*
+ * Copyright 2016 Google Inc.
+ * author: Edward Hervey <bilboed@bilboed.com>
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <locale.h>
+
+#include <stdlib.h>
+#include <glib.h>
+#include <gst/gst.h>
+#include <gst/pbutils/pbutils.h>
+
+GST_PLUGIN_STATIC_DECLARE(coreelements);
+GST_PLUGIN_STATIC_DECLARE(playback);
+GST_PLUGIN_STATIC_DECLARE(typefindfunctions);
+GST_PLUGIN_STATIC_DECLARE(app);
+GST_PLUGIN_STATIC_DECLARE(ogg);
+GST_PLUGIN_STATIC_DECLARE(theora);
+GST_PLUGIN_STATIC_DECLARE(vorbis);
+
+#undef DEBUG_OSS_GST
+static void
+print_info (GstDiscovererInfo * info, GError * err)
+{
+#ifdef DEBUG_OSS_GST
+  GstDiscovererResult result;
+
+  if (!info) {
+    g_print ("Could not discover URI\n");
+    g_print (" %s\n", err->message);
+    return;
+  }
+
+  result = gst_discoverer_info_get_result (info);
+  g_print ("Done discovering %s\n", gst_discoverer_info_get_uri (info));
+  switch (result) {
+  case GST_DISCOVERER_OK:
+    {
+      g_print ("All good\n");
+      break;
+    }
+  case GST_DISCOVERER_URI_INVALID:
+    {
+      g_print ("URI is not valid\n");
+      break;
+    }
+  case GST_DISCOVERER_ERROR:
+    {
+      g_print ("An error was encountered while discovering the file\n");
+      g_print (" %s\n", err->message);
+      break;
+    }
+  case GST_DISCOVERER_TIMEOUT:
+    {
+      g_print ("Analyzing URI timed out\n");
+      break;
+    }
+  case GST_DISCOVERER_BUSY:
+    {
+      g_print ("Discoverer was busy\n");
+      break;
+    }
+  case GST_DISCOVERER_MISSING_PLUGINS:
+    {
+      g_print ("Missing plugins\n");
+      break;
+    }
+  }
+
+  g_print ("\n");
+#endif
+}
+
+const guint8 *fuzztesting_data;
+size_t fuzztesting_size;
+
+static void
+appsrc_configuration (GstDiscoverer *dc, GstElement *source, gpointer data)
+{
+  GstBuffer *buf;
+  GstFlowReturn ret;
+
+  /* Create buffer from fuzztesting_data which shouldn't be freed */
+  buf = gst_buffer_new_wrapped_full (0, (gpointer) fuzztesting_data, fuzztesting_size,
+				     0, fuzztesting_size, NULL, NULL);
+  g_object_set (G_OBJECT (source), "size", fuzztesting_size, NULL);
+  g_signal_emit_by_name (G_OBJECT(source), "push-buffer", buf, &ret);
+  gst_buffer_unref (buf);
+}
+
+int LLVMFuzzerTestOneInput(const guint8 *data, size_t size)
+{
+  GError *err = NULL;
+  GstDiscoverer *dc;
+  gint timeout = 10;
+  GstDiscovererInfo *info;
+  static gboolean initialized = 0;
+
+  if (!initialized) {
+    /* Only initialize and register plugins once */
+    gst_init (NULL, NULL);
+
+    GST_PLUGIN_STATIC_REGISTER(coreelements);
+    GST_PLUGIN_STATIC_REGISTER(playback);
+    GST_PLUGIN_STATIC_REGISTER(typefindfunctions);
+    GST_PLUGIN_STATIC_REGISTER(app);
+    GST_PLUGIN_STATIC_REGISTER(ogg);
+    GST_PLUGIN_STATIC_REGISTER(theora);
+    GST_PLUGIN_STATIC_REGISTER(vorbis);
+  }
+
+  dc = gst_discoverer_new (timeout * GST_SECOND, &err);
+  if (G_UNLIKELY (dc == NULL)) {
+    g_print ("Error initializing: %s\n", err->message);
+    g_clear_error (&err);
+    exit (1);
+  }
+
+  fuzztesting_data = data;
+  fuzztesting_size = size;
+
+  /* Connect to source-setup signal to give the data */
+  g_signal_connect (dc, "source-setup", (GCallback) appsrc_configuration, NULL);
+
+  info = gst_discoverer_discover_uri (dc, "appsrc://", &err);
+  print_info (info, err);
+  g_clear_error (&err);
+  if (info)
+    gst_discoverer_info_unref (info);
+
+  g_object_unref (dc);
+
+  return 0;
+ }
+
diff --git a/projects/gstreamer/project.yaml b/projects/gstreamer/project.yaml
@@ -0,0 +1,6 @@
+homepage: "https://gstreamer.freedesktop.org/"
+primary_contact: "gstreamer-security@lists.freedesktop.org"
+auto_ccs:
+ - "bilboed@bilboed.com"
+
+