'libpng16] Imported more files into the contrib/oss-fuzz directory

This commit is contained in:
Glenn Randers-Pehrson 2017-08-22 13:58:59 -05:00
parent 735fde494a
commit b0d14c7d13
6 changed files with 131 additions and 6 deletions

View File

@ -1,6 +1,33 @@
Files in this directory are used by the oss-fuzz target for
"fuzzing libpng. They were originally licensed by google inc,
using the BSD-like Chromium license, which may be found at
https://cs.chromium.org/chromium/src/LICENSE
Last changed in libpng 1.6.32 [(PENDING RELEASE)]
Copyright (c) 2017 Glenn Randers-Pehrson
This code is released under the libpng license.
For conditions of distribution and use, see the disclaimer
and license in png.h
Files in this directory are used by the oss-fuzz project
(https://github.com/google/oss-fuzz/tree/master/projects/libpng).
for "fuzzing" libpng.
They were licensed by google inc, using the BSD-like Chromium license,
which may be found at https://cs.chromium.org/chromium/src/LICENSE, or, if
noted in the source, under the Apache-2.0 license, which may
be found at http://www.apache.org/licenses/LICENSE-2.0 .
If they have been modified, the deritives are copyright Glenn Randers-Pehson
and are released under the same licenses as the originals. Several of
the original files (libpng_read_fuzzer.options, png.dict, project.yaml)
had no licensing information; we assumed that these were under the Chromium
license. Any new files are released under the libpng license (see png.h).
The files are
Original
Filename or derived Copyright License
========================= ========== ================ ==========
build.sh derived 2017, Glenn R-P Apache 2.0
libpng_read_fuzzer.cc derived 2017, Glenn R-P Chromium
libpng_read_fuzzer.options original 2015, Chrome Devs Chromium
png.dict original 2015, Chrome Devs Chromium
project.yaml original 2015, Chrome Devs Chromium
README.txt (this file) original 2017, GLenn R-P libpng
To do: exercise the progressive reader.

47
contrib/oss-fuzz/build.sh Executable file
View File

@ -0,0 +1,47 @@
#!/bin/bash -eu
# Copyright 2017 Glenn Randers-Pehrson
# Copyright 2016 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Last changed in libpng 1.6.32 [(PENDING RELEASE)]
#
# Revisions by Glenn Randers-Pehson, 2017:
# 1. Build only the library, not the tools (changed "make -j$(nproc) all" to
# "make -j$(nproc) libpng16.la").
# 2. Disabled WARNING and WRITE options in pnglibconf.dfa.
################################################################################
# Disable logging via library build configuration control.
cat scripts/pnglibconf.dfa | \
sed -e "s/option STDIO/option STDIO disabled/" \
-e "s/option WARNING /option WARNING disabled/" \
-e "s/option WRITE enables WRITE_INT_FUNCTIONS/option WRITE disabled/" \
> scripts/pnglibconf.dfa.temp
mv scripts/pnglibconf.dfa.temp scripts/pnglibconf.dfa
# build the library.
autoreconf -f -i
./configure
make -j$(nproc) clean
make -j$(nproc) libpng16.la
# build libpng_read_fuzzer.
$CXX $CXXFLAGS -std=c++11 -I. \
$SRC/libpng_read_fuzzer.cc -o $OUT/libpng_read_fuzzer \
-lFuzzingEngine .libs/libpng16.a -lz
# add seed corpus.
find $SRC/libpng/contrib/pngsuite -name "*.png" | xargs zip $OUT/libpng_read_fuzzer_seed_corpus.zip
cp $SRC/*.dict $SRC/*.options $OUT/

View File

@ -5,9 +5,12 @@
// Use of this source code is governed by a BSD-style license that may
// be found in the LICENSE file https://cs.chromium.org/chromium/src/LICENSE
// The modifications by Glenn Randers-Pehrson include the addition of a
// PNG_CLEANUP macro and setting the option to ignore ADLER32 checksums.
// Last changed in libpng 1.6.32 [(PENDING RELEASE)]
// The modifications in 2017 by Glenn Randers-Pehrson include
// 1. addition of a PNG_CLEANUP macro,
// 2. setting the option to ignore ADLER32 checksums,
// 3. adding "#include <string.h>" which is needed on some platforms.
#include <stddef.h>
#include <stdint.h>

View File

@ -0,0 +1,2 @@
[libfuzzer]
dict = png.dict

39
contrib/oss-fuzz/png.dict Normal file
View File

@ -0,0 +1,39 @@
#
# AFL dictionary for PNG images
# -----------------------------
#
# Just the basic, standard-originating sections; does not include vendor
# extensions.
#
# Created by Michal Zalewski <lcamtuf@google.com>
#
header_png="\x89PNG\x0d\x0a\x1a\x0a"
section_IDAT="IDAT"
section_IEND="IEND"
section_IHDR="IHDR"
section_PLTE="PLTE"
section_bKGD="bKGD"
section_cHRM="cHRM"
section_eXIf="eXIf"
section_fRAc="fRAc"
section_gAMA="gAMA"
section_gIFg="gIFg"
section_gIFt="gIFt"
section_gIFx="gIFx"
section_hIST="hIST"
section_iCCP="iCCP"
section_iTXt="iTXt"
section_oFFs="oFFs"
section_pCAL="pCAL"
section_pHYs="pHYs"
section_sBIT="sBIT"
section_sCAL="sCAL"
section_sPLT="sPLT"
section_sRGB="sRGB"
section_sTER="sTER"
section_tEXt="tEXt"
section_tIME="tIME"
section_tRNS="tRNS"
section_zTXt="zTXt"

View File

@ -0,0 +1,7 @@
homepage: "http://www.libpng.org/pub/png/libpng.html"
primary_contact: "glennrp@gmail.com"
sanitizers:
- address
- memory:
experimental: True
- undefined