walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

more OSS-Fuzz client work (#2581) 

* cleaned up oss-fuzz targets / use LIB_FUZZING_ENGINE for actual client

* fixed some compiler warnings in oss-fuzz sources

* only build the fuzz-client in Travis

* make fuzz-client CMake target work with CMake < 3
This commit is contained in:
Oliver Stöneberg 2020-04-01 18:02:25 +02:00 committed by GitHub
parent 3ff171e157
commit b59f49e286
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 17 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.travis.yml
View File

@ -164,8 +164,8 @@ matrix:
- ./testrunner TestSymbolDatabase
# check .json files
- find . -name '*.json' -not -path '*/\.*' | xargs jsonlint -s
# build OSS-Fuzz clients
- make -j2 CXXFLAGS="-fsanitize=address" -C oss-fuzz
# build fuzz client
- make -j2 CXXFLAGS="-fsanitize=address" -C oss-fuzz fuzz-client
# check if dmake needs to be rerun (this job may fail)
- name: "rerun dmake?"

4
oss-fuzz/CMakeLists.txt
View File

@ -5,7 +5,9 @@ if (CMAKE_CXX_COMPILER_ID MATCHES "Clang")
target_include_directories(fuzz-client PRIVATE ${CMAKE_SOURCE_DIR}/lib ${CMAKE_SOURCE_DIR}/externals/simplecpp ${CMAKE_SOURCE_DIR}/externals/tinyxml ${CMAKE_SOURCE_DIR}/externals)
target_compile_options(fuzz-client PRIVATE -fsanitize=fuzzer)
target_link_libraries(fuzz-client PRIVATE simplecpp_objs_sanitized tinyxml_objs_sanitized lib_objs_sanitized)
target_link_options(fuzz-client PRIVATE -fsanitize=address -fsanitize=fuzzer)
# requires CMake >= 3.13
#target_link_options(fuzz-client PRIVATE -fsanitize=address -fsanitize=fuzzer)
target_link_libraries(fuzz-client PRIVATE -fsanitize=address -fsanitize=fuzzer)
add_executable(translate
translate.cpp

6
oss-fuzz/Makefile
View File

@ -12,13 +12,13 @@ SRC_FILES=main.cpp type2.cpp ${CPPCHECK_DIR}/externals/simplecpp/simplecpp.cpp $
all: oss-fuzz-client translate
oss-fuzz-client: main.cpp type2.cpp type2.h
${CXX} -std=c++11 -g ${CXXFLAGS} -o oss-fuzz-client ${INCLUDE_DIR} ${SRC_FILES} -lFuzzingEngine
${CXX} -std=c++11 -g ${CXXFLAGS} -o oss-fuzz-client ${INCLUDE_DIR} ${SRC_FILES} ${LIB_FUZZING_ENGINE}
fuzz-client: main.cpp type2.cpp type2.h
${CXX} -std=c++11 -g -O1 ${CXXFLAGS} -fsanitize=fuzzer -o fuzz-client ${INCLUDE_DIR} ${SRC_FILES}
${CXX} -std=c++11 -g ${CXXFLAGS} -o fuzz-client ${INCLUDE_DIR} ${SRC_FILES} -fsanitize=fuzzer
translate: translate.cpp type2.cpp type2.h
g++ -std=c++11 -o translate type2.cpp translate.cpp
${CXX} -std=c++11 -g ${CXXFLAGS} -o translate type2.cpp translate.cpp
clean:
rm -f oss-fuzz-client fuzz-client translate

2
oss-fuzz/translate.cpp
View File

@ -22,7 +22,7 @@ int main(int argc, char **argv)
std::string str((std::istreambuf_iterator<char>(f)),
std::istreambuf_iterator<char>());
std::cout << generateCode2((const uint8_t *)str.data(), str.size()) << std::endl;
std::cout << generateCode2(reinterpret_cast<const uint8_t *>(str.data()), str.size()) << std::endl;
return 0;
}

16
oss-fuzz/type2.cpp
View File

@ -35,7 +35,7 @@ static std::string generateExpression2_lvalue(const uint8_t *data, size_t dataSi
return "var" + std::to_string(1 + getValue(data, dataSize, 5));
}
static std::string generateExpression2_Op(const uint8_t *data, size_t dataSize, int numberOfGlobalConstants)
static std::string generateExpression2_Op(const uint8_t *data, size_t dataSize, uint8_t numberOfGlobalConstants)
{
std::ostringstream code;
switch (getValue(data, dataSize, 3)) {
@ -48,14 +48,14 @@ static std::string generateExpression2_Op(const uint8_t *data, size_t dataSize,
case 2:
code << (getValue(data, dataSize, 0x80) * 0x80 + getValue(data, dataSize, 0x80));
break;
};
}
return code.str();
}
static std::string generateExpression2_Expr(const uint8_t *data, size_t dataSize, int numberOfGlobalConstants, int depth=0)
static std::string generateExpression2_Expr(const uint8_t *data, size_t dataSize, uint8_t numberOfGlobalConstants, int depth=0)
{
++depth;
const unsigned int type = (depth > 3) ? 0 : getValue(data, dataSize, 3);
const int type = (depth > 3) ? 0 : getValue(data, dataSize, 3);
const char binop[] = "=<>+-*/%&|^";
const char *unop[] = {"++","--","()","~"};
@ -85,13 +85,13 @@ static std::string generateExpression2_Expr(const uint8_t *data, size_t dataSize
}
default:
break;
};
}
return "0";
}
static std::string generateExpression2_Cond(const uint8_t *data, size_t dataSize, int numberOfGlobalConstants)
static std::string generateExpression2_Cond(const uint8_t *data, size_t dataSize, uint8_t numberOfGlobalConstants)
{
const char *comp[] = {"==", "!=", "<", "<=", ">", ">="};
const int i = getValue(data, dataSize, 6);
@ -111,7 +111,7 @@ static std::string functionStart()
static std::string generateExpression2_conditionalCode(const std::string &indent,
const uint8_t *data,
size_t dataSize,
int numberOfGlobalConstants)
uint8_t numberOfGlobalConstants)
{
std::ostringstream code;
@ -166,7 +166,7 @@ std::string generateCode2(const uint8_t *data, size_t dataSize)
std::ostringstream code;
// create global constants
constexpr int numberOfGlobalConstants = 0;
constexpr uint8_t numberOfGlobalConstants = 0;
/*
const int numberOfGlobalConstants = getValue(data, dataSize, 5);
for (int nr = 1; nr <= numberOfGlobalConstants; nr++) {