Fuzz target for oss-fuzz integration (tinyobjloader#302)

catenacyber · web-flow · commit 15bc2685b516 · 2021-04-01T01:34:58.000+09:00
* Fuzz target for oss-fuzz integration

* README for fuzzing
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -109,6 +109,11 @@ write_basic_package_version_file(${PROJECT_NAME}-config-version.cmake
 #pkg-config file
 configure_file(${PROJECT_NAME}.pc.in ${LIBRARY_NAME}.pc @ONLY)
 
+if(DEFINED ENV{LIB_FUZZING_ENGINE})
+  add_executable(fuzz_ParseFromString fuzzer/fuzz_ParseFromString.cc)
+  target_link_libraries(fuzz_ParseFromString ${LIBRARY_NAME} $ENV{LIB_FUZZING_ENGINE})
+endif()
+
 #Installation
 install(TARGETS
   ${LIBRARY_NAME}
diff --git a/fuzzer/README.md b/fuzzer/README.md
@@ -0,0 +1,47 @@
+# Fuzzing test
+
+Do fuzzing test for tinyobjloader
+
+## Supported API
+
+* [x] ParseFromString
+
+## Requirements
+
+* clang with fuzzer support(`-fsanitize=fuzzer`. at least clang 8.0 should work)
+
+## Setup
+
+### Ubuntu 18.04
+
+```
+$ sudo apt install clang++-8
+$ sudo apt install libfuzzer-8-dev
+```
+
+Optionally, if you didn't set `update-alternatives` you can set `clang++` to point to `clang++8`
+
+```
+$ sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-8 10
+$ sudo update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-8 10
+```
+
+## How to compile
+
+Fuzz target is compiled with the rest of the project when environment variable `LIB_FUZZING_ENGINE` is defined when running cmake
+With clang, you can compile with 
+```
+$ export LIB_FUZZING_ENGINE=-fsanitize=fuzzer
+$ mkdir build && cd build
+$ cmake .. -DBUILD_SHARED_LIBS=OFF
+$ make -j $(nproc)
+```
+
+## How to run
+
+Increase memory limit. e.g. `-rss_limit_mb=2000`
+cf libfuzzer.info for all options
+
+```
+$ ./fuzz_ParseFromString -rss_limit_mb=2000
+```
diff --git a/fuzzer/fuzz_ParseFromString.cc b/fuzzer/fuzz_ParseFromString.cc
@@ -0,0 +1,26 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdarg.h>
+#include <string.h>
+
+#define TINYOBJLOADER_IMPLEMENTATION // define this in only *one* .cc
+#include "tiny_obj_loader.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+    tinyobj::ObjReaderConfig reader_config;
+    tinyobj::ObjReader reader;
+    if (Size < 2) {
+        return 0;
+    }
+    for (size_t i = 0; i < Size-1; i++) {
+        if (Data[i] == 0) {
+            std::string obj_text (reinterpret_cast<const char*>(Data), i);
+            std::string mtl_text (reinterpret_cast<const char*>(Data+i+1), Size-i-1);
+            reader.ParseFromString(obj_text, mtl_text,reader_config);
+            return 0;
+        }
+    }
+    return 0;
+}
+
