Browse Source

ossfuzz: Move to C++ for curl_fuzzer.

Automake gets confused if you want to use C++ static libraries with C
code - basically we need to involve the clang++ linker. The easiest way
of achieving this is to rename the C code as C++ code. This gets us a
bit further along the path and ought to be compatible with Google's
version of clang.
pull/1839/merge
Max Dymond 1 year ago
parent
commit
57001ce3bb

+ 1
- 0
.gitignore View File

@@ -55,3 +55,4 @@ test-driver
55 55
 scripts/_curl
56 56
 curl_fuzzer
57 57
 curl_fuzzer_seed_corpus.zip
58
+libstandaloneengine.a

+ 5
- 0
.travis.yml View File

@@ -145,7 +145,12 @@ script:
145 145
     - |
146 146
         if [ "$T" = "fuzzer" ]; then
147 147
           export CC=clang
148
+          export CXX=clang++
148 149
           export CFLAGS="-fsanitize=address"
150
+
151
+          # Specifically use libstdc++ for travis as libc++ is not installed.
152
+          # This is ok because we're not compiling against libFuzzer.
153
+          export CXXFLAGS="-fsanitize=address -stdlib=libstdc++"
149 154
           ./configure --disable-shared --enable-debug --enable-maintainer-mode
150 155
           make
151 156
           cd tests/fuzz

+ 1
- 0
configure.ac View File

@@ -52,6 +52,7 @@ CURL_CHECK_OPTION_RT
52 52
 
53 53
 XC_CHECK_PATH_SEPARATOR
54 54
 AX_CODE_COVERAGE
55
+AC_PROG_CXX
55 56
 
56 57
 #
57 58
 # save the configure arguments

+ 6
- 6
tests/fuzz/Makefile.am View File

@@ -30,12 +30,12 @@ AUTOMAKE_OPTIONS = foreign nostdinc
30 30
 # $(top_builddir)/lib is for libcurl's generated lib/curl_config.h file
31 31
 # $(top_srcdir)/lib for libcurl's lib/curl_setup.h and other "borrowed" files
32 32
 
33
-AM_CFLAGS = -I$(top_srcdir)/include        \
34
-            -I$(top_builddir)/lib          \
35
-            -I$(top_srcdir)/lib            \
36
-            -I$(top_srcdir)/tests/fuzz
33
+AM_CXXFLAGS = -I$(top_srcdir)/include        \
34
+              -I$(top_builddir)/lib          \
35
+              -I$(top_srcdir)/lib            \
36
+              -I$(top_srcdir)/tests/fuzz
37 37
 
38
-LIBS = -lpthread -lstdc++ -lm
38
+LIBS = -lpthread -lm
39 39
 
40 40
 # Run e.g. "make all LIB_FUZZING_ENGINE=/path/to/libFuzzer.a"
41 41
 # to link the fuzzer(s) against a real fuzzing engine.
@@ -53,4 +53,4 @@ checksrc:
53 53
 	@PERL@ $(top_srcdir)/lib/checksrc.pl $(srcdir)/*.c
54 54
 
55 55
 noinst_PROGRAMS = $(FUZZPROGS)
56
-noinst_LIBRARIES = $(FUZZLIBS)
56
+noinst_LIBRARIES = $(FUZZLIBS)

+ 5
- 5
tests/fuzz/Makefile.inc View File

@@ -1,15 +1,15 @@
1 1
 FUZZPROGS = curl_fuzzer
2 2
 FUZZLIBS = libstandaloneengine.a
3 3
 
4
-curl_fuzzer_SOURCES = curl_fuzzer.c
5
-curl_fuzzer_CFLAGS = $(AM_CFLAGS)
4
+curl_fuzzer_SOURCES = curl_fuzzer.cc
5
+curl_fuzzer_CXXFLAGS = $(AM_CXXFLAGS)
6 6
 
7
-libstandaloneengine_a_SOURCES = standalone_fuzz_target_runner.c
8
-libstandaloneengine_a_CFLAGS = $(AM_CFLAGS)
7
+libstandaloneengine_a_SOURCES = standalone_fuzz_target_runner.cc
8
+libstandaloneengine_a_CXXFLAGS = $(AM_CXXFLAGS)
9 9
 
10 10
 # Some more targets.
11 11
 zip:
12 12
 	zip -q -r curl_fuzzer_seed_corpus.zip curl_fuzz_data
13 13
 
14 14
 check: all
15
-	./curl_fuzzer curl_fuzz_data/*
15
+	./curl_fuzzer curl_fuzz_data/*

+ 2
- 0
tests/fuzz/README View File

@@ -8,7 +8,9 @@ Building the fuzz target
8 8
 From the CURL root directory:
9 9
 
10 10
 export CC=clang-5.0
11
+export CXX=clang++-5.0
11 12
 export CFLAGS="-fsanitize=address -fsanitize-address-use-after-scope -fsanitize-coverage=trace-pc-guard,trace-cmp"
13
+export CXXFLAGS="-fsanitize=address -fsanitize-address-use-after-scope -fsanitize-coverage=trace-pc-guard,trace-cmp -stdlib=libc++"
12 14
 ./configure --disable-shared --enable-debug --enable-maintainer-mode
13 15
 make -sj
14 16
 

tests/fuzz/curl_fuzzer.c → tests/fuzz/curl_fuzzer.cc View File

@@ -32,15 +32,18 @@
32 32
  * Fuzzing entry point. This function is passed a buffer containing a test
33 33
  * case.  This test case should drive the CURL API into making a request.
34 34
  */
35
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
35
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
36 36
 {
37 37
   int rc = 0;
38 38
   int tlv_rc;
39 39
   FUZZ_DATA fuzz;
40 40
   TLV tlv;
41 41
 
42
+  /* Have to set all fields to zero before getting to the terminate function */
43
+  memset(&fuzz, 0, sizeof(FUZZ_DATA));
44
+
42 45
   if(size < sizeof(TLV_RAW)) {
43
-    /* Not enough data */
46
+    /* Not enough data for a single TLV - don't continue */
44 47
     goto EXIT_LABEL;
45 48
   }
46 49
 
@@ -329,7 +332,7 @@ char *fuzz_tlv_to_string(TLV *tlv)
329 332
   char *tlvstr;
330 333
 
331 334
   /* Allocate enough space, plus a null terminator */
332
-  tlvstr = malloc(tlv->length + 1);
335
+  tlvstr = (char *)malloc(tlv->length + 1);
333 336
 
334 337
   if(tlvstr != NULL) {
335 338
     memcpy(tlvstr, tlv->value, tlv->length);

+ 1
- 1
tests/fuzz/curl_fuzzer.h View File

@@ -21,6 +21,7 @@
21 21
  ***************************************************************************/
22 22
 
23 23
 #include <curl/curl.h>
24
+#include <testinput.h>
24 25
 
25 26
 /**
26 27
  * TLV types.
@@ -107,7 +108,6 @@ typedef struct fuzz_data
107 108
 } FUZZ_DATA;
108 109
 
109 110
 /* Function prototypes */
110
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
111 111
 uint32_t to_u32(uint8_t b[4]);
112 112
 uint16_t to_u16(uint8_t b[2]);
113 113
 int fuzz_initialize_fuzz_data(FUZZ_DATA *fuzz,

tests/fuzz/standalone_fuzz_target_runner.c → tests/fuzz/standalone_fuzz_target_runner.cc View File

@@ -24,7 +24,7 @@
24 24
 #include <stdio.h>
25 25
 #include <stdlib.h>
26 26
 
27
-#include "standalone_fuzz_target_runner.h"
27
+#include "testinput.h"
28 28
 
29 29
 /**
30 30
  * Main procedure for standalone fuzzing engine.

tests/fuzz/standalone_fuzz_target_runner.h → tests/fuzz/testinput.h View File

@@ -20,4 +20,4 @@
20 20
  *
21 21
  ***************************************************************************/
22 22
 
23
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
23
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

Loading…
Cancel
Save