diff options
-rw-r--r-- | .travis.yml | 9 | ||||
-rw-r--r-- | Android.bp | 17 | ||||
-rw-r--r-- | CMakeLists.txt | 5 | ||||
-rw-r--r-- | METADATA | 6 | ||||
-rw-r--r-- | NOTICE | 202 | ||||
-rw-r--r-- | README.md | 15 | ||||
-rw-r--r-- | cmake/external/googletest.cmake | 3 | ||||
-rw-r--r-- | cmake/external/protobuf.cmake | 3 | ||||
-rw-r--r-- | examples/libfuzzer/libfuzzer_bin_example.cc | 47 | ||||
-rw-r--r-- | examples/libfuzzer/libfuzzer_example.cc | 47 | ||||
-rw-r--r-- | libprotobuf-mutator.pc.in | 3 | ||||
-rw-r--r-- | libprotobuf-mutatorConfig.cmake.in | 5 | ||||
-rw-r--r-- | port/gtest.h | 1 | ||||
-rw-r--r-- | src/CMakeLists.txt | 4 | ||||
-rw-r--r-- | src/libfuzzer/CMakeLists.txt | 4 | ||||
-rw-r--r-- | src/libfuzzer/libfuzzer_macro.cc | 42 | ||||
-rw-r--r-- | src/libfuzzer/libfuzzer_mutator.cc | 5 | ||||
-rw-r--r-- | src/libfuzzer/libfuzzer_test.cc | 79 | ||||
-rw-r--r-- | src/mutator.cc | 12 | ||||
-rw-r--r-- | src/mutator.h | 3 | ||||
-rw-r--r-- | src/mutator_test.cc | 14 | ||||
-rw-r--r-- | src/text_format.cc | 1 |
22 files changed, 276 insertions, 251 deletions
diff --git a/.travis.yml b/.travis.yml index 92a1ebe..731b74a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -43,12 +43,6 @@ matrix: - env: BUILD_TYPE=Debug CC_COMPILER=gcc-${GCC_VERSION} CXX_COMPILER=g++-${GCC_VERSION} addons: *gcc - - env: - install: - before_script: - script: - - travis_retry wget --quiet -O - https://raw.githubusercontent.com/cpplint/cpplint/master/cpplint.py | python - --recursive src examples - install: - mkdir -p deps && cd deps - travis_retry wget --no-check-certificate --quiet -O - https://cmake.org/files/v3.12/cmake-3.12.3-Linux-x86_64.tar.gz | tar --strip-components=1 -xz @@ -56,6 +50,7 @@ install: - cd - before_script: + - travis_retry wget --quiet -O - https://raw.githubusercontent.com/cpplint/cpplint/master/cpplint.py | python - --recursive src examples - mkdir -p build && cd build - rm -rf * - cmake .. -GNinja -DLIB_PROTO_MUTATOR_WITH_ASAN=ON -DLIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON -DCMAKE_C_COMPILER=${CC_COMPILER} -DCMAKE_CXX_COMPILER=${CXX_COMPILER} -DCMAKE_BUILD_TYPE=${BUILD_TYPE} -DCMAKE_INSTALL_PREFIX=/usr @@ -64,4 +59,4 @@ script: - export ASAN_OPTIONS=detect_leaks=0 - ninja - ninja check - - DESTDIR="/tmp/testing/" ninja install
\ No newline at end of file + - DESTDIR="/tmp/testing/" ninja install @@ -14,23 +14,6 @@ * limitations under the License. */ -package { - default_applicable_licenses: ["external_libprotobuf-mutator_license"], -} - -// Added automatically by a large-scale-change -// See: http://go/android-license-faq -license { - name: "external_libprotobuf-mutator_license", - visibility: [":__subpackages__"], - license_kinds: [ - "SPDX-license-identifier-Apache-2.0", - ], - license_text: [ - "LICENSE", - ], -} - cc_library { name: "libprotobuf-mutator", host_supported: true, diff --git a/CMakeLists.txt b/CMakeLists.txt index a8fe9e6..d9be154 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -150,11 +150,6 @@ if (NOT "${LIB_PROTO_MUTATOR_FUZZER_LIBRARIES}" STREQUAL "" OR add_subdirectory(examples EXCLUDE_FROM_ALL) endif() -install(EXPORT libprotobuf-mutatorTargets FILE libprotobuf-mutatorTargets.cmake - NAMESPACE libprotobuf-mutator:: DESTINATION lib/cmake/libprotobuf-mutator) -configure_file(libprotobuf-mutatorConfig.cmake.in libprotobuf-mutatorConfig.cmake @ONLY) -install(FILES "${CMAKE_CURRENT_BINARY_DIR}/libprotobuf-mutatorConfig.cmake" - DESTINATION lib/cmake/libprotobuf-mutator) configure_file("libprotobuf-mutator.pc.in" "libprotobuf-mutator.pc" @ONLY) install(FILES "${CMAKE_BINARY_DIR}/libprotobuf-mutator.pc" DESTINATION ${PKG_CONFIG_PATH}) @@ -5,11 +5,11 @@ third_party { type: GIT value: "https://github.com/google/libprotobuf-mutator" } - version: "e5869dd9690c3f4dfb842fb90bd07a5a9ee32172" + version: "3521f47a2828da9ace403e4ecc4aece1a84feb36" license_type: NOTICE last_upgrade_date { year: 2020 - month: 12 - day: 2 + month: 2 + day: 7 } } @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. @@ -98,23 +98,18 @@ PostProcessorRegistration can be used to avoid such issue and guide your fuzzer code. It registers callback which will be called for each message of particular type after each mutation. ``` -static protobuf_mutator::libfuzzer::PostProcessorRegistration<MyMessageType> reg = { - [](MyMessageType* message, unsigned int seed) { - TweakMyMessage(message, seed); - }}; - DEFINE_PROTO_FUZZER(const MyMessageType& input) { + static PostProcessorRegistration reg = { + [](MyMessageType* message, unsigned int seed) { + TweakMyMessage(message, seed); + }}; + // Code which needs to be fuzzed. ConsumeMyMessageType(input); } ``` Optional: Use seed if callback uses random numbers. It may help later with debugging. -Important: Callbacks should be deterministic and avoid modifying good messages. -Callbacks are called for both: mutator generated and user provided inputs, like -corpus or bug reproducer. So if callback performs unnecessary transformation it -may corrupt the reproducer so it stops triggering the bug. - Note: You can add callback for any nested message and you can add multiple callbacks for the same message type. ``` diff --git a/cmake/external/googletest.cmake b/cmake/external/googletest.cmake index 825ff9a..fe71115 100644 --- a/cmake/external/googletest.cmake +++ b/cmake/external/googletest.cmake @@ -18,7 +18,7 @@ set(GTEST_INSTALL_DIR ${CMAKE_CURRENT_BINARY_DIR}/${GTEST_TARGET}) set(GTEST_INCLUDE_DIRS ${GTEST_INSTALL_DIR}/include) include_directories(${GTEST_INCLUDE_DIRS}) -set(GTEST_LIBRARIES gtest gmock) +set(GTEST_LIBRARIES gtest) set(GTEST_MAIN_LIBRARIES gtest_main) set(GTEST_BOTH_LIBRARIES ${GTEST_LIBRARIES} ${GTEST_MAIN_LIBRARIES}) @@ -50,6 +50,5 @@ ExternalProject_Add(${GTEST_TARGET} -DCMAKE_CXX_COMPILER:FILEPATH=${CMAKE_CXX_COMPILER} CMAKE_ARGS ${CMAKE_ARGS} -DCMAKE_INSTALL_PREFIX=${GTEST_INSTALL_DIR} - -DCMAKE_INSTALL_LIBDIR=lib BUILD_BYPRODUCTS ${GTEST_BUILD_BYPRODUCTS} ) diff --git a/cmake/external/protobuf.cmake b/cmake/external/protobuf.cmake index 0b64519..50277b6 100644 --- a/cmake/external/protobuf.cmake +++ b/cmake/external/protobuf.cmake @@ -63,12 +63,11 @@ include (ExternalProject) ExternalProject_Add(${PROTOBUF_TARGET} PREFIX ${PROTOBUF_TARGET} GIT_REPOSITORY https://github.com/google/protobuf.git - GIT_TAG 214c77e1b76e63e512bd675d1c300c80438642b6 + GIT_TAG 1363bf9c051af36c555c23d734a204246c215697 UPDATE_COMMAND "" CONFIGURE_COMMAND ${CMAKE_COMMAND} ${PROTOBUF_INSTALL_DIR}/src/${PROTOBUF_TARGET}/cmake -G${CMAKE_GENERATOR} -DCMAKE_INSTALL_PREFIX=${PROTOBUF_INSTALL_DIR} - -DCMAKE_INSTALL_LIBDIR=lib -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_C_COMPILER:FILEPATH=${CMAKE_C_COMPILER} diff --git a/examples/libfuzzer/libfuzzer_bin_example.cc b/examples/libfuzzer/libfuzzer_bin_example.cc index 963b522..560bcb3 100644 --- a/examples/libfuzzer/libfuzzer_bin_example.cc +++ b/examples/libfuzzer/libfuzzer_bin_example.cc @@ -13,7 +13,6 @@ // limitations under the License. #include <cmath> -#include <iostream> #include "examples/libfuzzer/libfuzzer_example.pb.h" #include "port/protobuf.h" @@ -21,30 +20,32 @@ protobuf_mutator::protobuf::LogSilencer log_silincer; -protobuf_mutator::libfuzzer::PostProcessorRegistration<libfuzzer_example::Msg> - reg = {[](libfuzzer_example::Msg* message, unsigned int seed) { - message->set_optional_uint64( - std::hash<std::string>{}(message->optional_string())); - - if (message->has_any()) { - auto* any = message->mutable_any(); - - // Guide mutator to usefull 'Any' types. - static const char* const expected_types[] = { - "type.googleapis.com/google.protobuf.DescriptorProto", - "type.googleapis.com/google.protobuf.FileDescriptorProto", - }; - - if (!std::count(std::begin(expected_types), std::end(expected_types), - any->type_url())) { - const size_t num = - (std::end(expected_types) - std::begin(expected_types)); - any->set_type_url(expected_types[seed % num]); +DEFINE_BINARY_PROTO_FUZZER(const libfuzzer_example::Msg& message) { + static PostProcessorRegistration reg = { + [](libfuzzer_example::Msg* message, unsigned int seed) { + if (seed % 2) { + message->set_optional_uint64( + std::hash<std::string>{}(message->optional_string())); } - } - }}; -DEFINE_BINARY_PROTO_FUZZER(const libfuzzer_example::Msg& message) { + if (message->has_any()) { + auto* any = message->mutable_any(); + + // Guide mutator to usefull 'Any' types. + static const char* const expected_types[] = { + "type.googleapis.com/google.protobuf.DescriptorProto", + "type.googleapis.com/google.protobuf.FileDescriptorProto", + }; + + if (!std::count(std::begin(expected_types), std::end(expected_types), + any->type_url())) { + const size_t num = + (std::end(expected_types) - std::begin(expected_types)); + any->set_type_url(expected_types[seed % num]); + } + } + }}; + protobuf_mutator::protobuf::FileDescriptorProto file; // Emulate a bug. diff --git a/examples/libfuzzer/libfuzzer_example.cc b/examples/libfuzzer/libfuzzer_example.cc index aa65125..6eab362 100644 --- a/examples/libfuzzer/libfuzzer_example.cc +++ b/examples/libfuzzer/libfuzzer_example.cc @@ -13,7 +13,6 @@ // limitations under the License. #include <cmath> -#include <iostream> #include "examples/libfuzzer/libfuzzer_example.pb.h" #include "port/protobuf.h" @@ -21,30 +20,32 @@ protobuf_mutator::protobuf::LogSilencer log_silincer; -protobuf_mutator::libfuzzer::PostProcessorRegistration<libfuzzer_example::Msg> - reg = {[](libfuzzer_example::Msg* message, unsigned int seed) { - message->set_optional_uint64( - std::hash<std::string>{}(message->optional_string())); - - if (message->has_any()) { - auto* any = message->mutable_any(); - - // Guide mutator to usefull 'Any' types. - static const char* const expected_types[] = { - "type.googleapis.com/google.protobuf.DescriptorProto", - "type.googleapis.com/google.protobuf.FileDescriptorProto", - }; - - if (!std::count(std::begin(expected_types), std::end(expected_types), - any->type_url())) { - const size_t num = - (std::end(expected_types) - std::begin(expected_types)); - any->set_type_url(expected_types[seed % num]); +DEFINE_PROTO_FUZZER(const libfuzzer_example::Msg& message) { + static PostProcessorRegistration reg = { + [](libfuzzer_example::Msg* message, unsigned int seed) { + if (seed % 2) { + message->set_optional_uint64( + std::hash<std::string>{}(message->optional_string())); } - } - }}; -DEFINE_PROTO_FUZZER(const libfuzzer_example::Msg& message) { + if (message->has_any()) { + auto* any = message->mutable_any(); + + // Guide mutator to usefull 'Any' types. + static const char* const expected_types[] = { + "type.googleapis.com/google.protobuf.DescriptorProto", + "type.googleapis.com/google.protobuf.FileDescriptorProto", + }; + + if (!std::count(std::begin(expected_types), std::end(expected_types), + any->type_url())) { + const size_t num = + (std::end(expected_types) - std::begin(expected_types)); + any->set_type_url(expected_types[seed % num]); + } + } + }}; + protobuf_mutator::protobuf::FileDescriptorProto file; // Emulate a bug. diff --git a/libprotobuf-mutator.pc.in b/libprotobuf-mutator.pc.in index 551dc72..ac5224e 100644 --- a/libprotobuf-mutator.pc.in +++ b/libprotobuf-mutator.pc.in @@ -1,9 +1,8 @@ prefix=@CMAKE_INSTALL_PREFIX@ -libdir=${prefix}/lib includedir=${prefix}/include/libprotobuf-mutator Name: libprotobuf-mutator Description: randomly mutate protobuffers for fuzzing Version: 0 Cflags: -I${includedir} -I${includedir}/src -Libs: -L${libdir} -lprotobuf-mutator-libfuzzer -lprotobuf-mutator +Libs: -lprotobuf-mutator-libfuzzer -lprotobuf-mutator diff --git a/libprotobuf-mutatorConfig.cmake.in b/libprotobuf-mutatorConfig.cmake.in deleted file mode 100644 index f62a501..0000000 --- a/libprotobuf-mutatorConfig.cmake.in +++ /dev/null @@ -1,5 +0,0 @@ -include(CMakeFindDependencyMacro) - -find_dependency(Protobuf REQUIRED) - -include("${CMAKE_CURRENT_LIST_DIR}/libprotobuf-mutatorTargets.cmake") diff --git a/port/gtest.h b/port/gtest.h index 60d50b8..485aa98 100644 --- a/port/gtest.h +++ b/port/gtest.h @@ -15,7 +15,6 @@ #ifndef PORT_GTEST_H_ #define PORT_GTEST_H_ -#include "gmock/gmock.h" #include "gtest/gtest.h" #endif // PORT_GTEST_H_ diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index d0af1b6..19f4406 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -60,7 +60,5 @@ if (LIB_PROTO_MUTATOR_TESTING) endif() install(TARGETS protobuf-mutator - EXPORT libprotobuf-mutatorTargets ARCHIVE DESTINATION ${LIB_DIR} - LIBRARY DESTINATION ${LIB_DIR} - INCLUDES DESTINATION include/libprotobuf-mutator include/libprotobuf-mutator/src) + LIBRARY DESTINATION ${LIB_DIR}) diff --git a/src/libfuzzer/CMakeLists.txt b/src/libfuzzer/CMakeLists.txt index 85e9f4d..8fc78e6 100644 --- a/src/libfuzzer/CMakeLists.txt +++ b/src/libfuzzer/CMakeLists.txt @@ -23,10 +23,8 @@ set_target_properties(protobuf-mutator-libfuzzer PROPERTIES SOVERSION 0) install(TARGETS protobuf-mutator-libfuzzer - EXPORT libprotobuf-mutatorTargets ARCHIVE DESTINATION ${LIB_DIR} - LIBRARY DESTINATION ${LIB_DIR} - INCLUDES DESTINATION include/libprotobuf-mutator include/libprotobuf-mutator/src) + LIBRARY DESTINATION ${LIB_DIR}) if (LIB_PROTO_MUTATOR_TESTING) add_executable(libfuzzer_test diff --git a/src/libfuzzer/libfuzzer_macro.cc b/src/libfuzzer/libfuzzer_macro.cc index 4e506cb..b2a5302 100644 --- a/src/libfuzzer/libfuzzer_macro.cc +++ b/src/libfuzzer/libfuzzer_macro.cc @@ -15,8 +15,6 @@ #include "src/libfuzzer/libfuzzer_macro.h" #include <algorithm> -#include <memory> -#include <vector> #include "src/binary_format.h" #include "src/libfuzzer/libfuzzer_mutator.h" @@ -93,35 +91,6 @@ class BinaryOutputWriter : public OutputWriter { } }; -class LastMutationCache { - public: - void Store(const uint8_t* data, size_t size, protobuf::Message* message) { - if (!message_) message_.reset(message->New()); - message->GetReflection()->Swap(message, message_.get()); - data_.assign(data, data + size); - } - - bool LoadIfSame(const uint8_t* data, size_t size, - protobuf::Message* message) { - if (!message_ || size != data_.size() || - !std::equal(data_.begin(), data_.end(), data)) - return false; - - message->GetReflection()->Swap(message, message_.get()); - message_.reset(); - return true; - } - - private: - std::vector<uint8_t> data_; - std::unique_ptr<protobuf::Message> message_; -}; - -LastMutationCache* GetCache() { - static LastMutationCache cache; - return &cache; -} - Mutator* GetMutator() { static Mutator mutator; return &mutator; @@ -142,7 +111,6 @@ size_t MutateMessage(unsigned int seed, const InputReader& input, GetMutator()->Mutate(message, max_size); if (size_t new_size = output->Write(*message)) { assert(new_size <= output->size()); - GetCache()->Store(output->data(), new_size, message); return new_size; } return 0; @@ -159,7 +127,6 @@ size_t CrossOverMessages(unsigned int seed, const InputReader& input1, GetMutator()->CrossOver(*message2, message1, max_size); if (size_t new_size = output->Write(*message1)) { assert(new_size <= output->size()); - GetCache()->Store(output->data(), new_size, message1); return new_size; } return 0; @@ -222,13 +189,8 @@ size_t CustomProtoCrossOver(bool binary, const uint8_t* data1, size_t size1, bool LoadProtoInput(bool binary, const uint8_t* data, size_t size, protobuf::Message* input) { - if (GetCache()->LoadIfSame(data, size, input)) return true; - auto result = binary ? ParseBinaryMessage(data, size, input) - : ParseTextMessage(data, size, input); - if (!result) return false; - GetMutator()->Seed(size); - GetMutator()->Fix(input); - return true; + return binary ? ParseBinaryMessage(data, size, input) + : ParseTextMessage(data, size, input); } void RegisterPostProcessor( diff --git a/src/libfuzzer/libfuzzer_mutator.cc b/src/libfuzzer/libfuzzer_mutator.cc index 34d144c..c8bca64 100644 --- a/src/libfuzzer/libfuzzer_mutator.cc +++ b/src/libfuzzer/libfuzzer_mutator.cc @@ -89,8 +89,9 @@ std::string Mutator::MutateString(const std::string& value, // any 8 bit types. if (!std::uniform_int_distribution<uint16_t>(0, 20)(*random())) return {}; std::string result = value; - int new_size = value.size() + size_increase_hint; - result.resize(std::max(1, new_size)); + result.resize(value.size() + + std::max<int>(-value.size(), size_increase_hint)); + if (result.empty()) result.push_back(0); result.resize(LLVMFuzzerMutate(reinterpret_cast<uint8_t*>(&result[0]), value.size(), result.size())); return result; diff --git a/src/libfuzzer/libfuzzer_test.cc b/src/libfuzzer/libfuzzer_test.cc index f19eb12..180a02c 100644 --- a/src/libfuzzer/libfuzzer_test.cc +++ b/src/libfuzzer/libfuzzer_test.cc @@ -13,85 +13,16 @@ // limitations under the License. #include "port/gtest.h" -#include "port/protobuf.h" #include "src/libfuzzer/libfuzzer_macro.h" #include "src/mutator_test_proto2.pb.h" -using protobuf_mutator::protobuf::util::MessageDifferencer; -using ::testing::_; -using ::testing::AllOf; -using ::testing::DoAll; -using ::testing::Ref; -using ::testing::SaveArg; -using ::testing::SaveArgPointee; -using ::testing::StrictMock; +static bool reached = false; -static class MockFuzzer* mock_fuzzer; - -class MockFuzzer { - public: - MockFuzzer() { mock_fuzzer = this; } - ~MockFuzzer() { mock_fuzzer = nullptr; } - MOCK_METHOD(void, PostProcess, - (protobuf_mutator::Msg * message, unsigned int seed)); - MOCK_METHOD(void, TestOneInput, (const protobuf_mutator::Msg& message)); -}; - -protobuf_mutator::libfuzzer::PostProcessorRegistration<protobuf_mutator::Msg> - reg = {[](protobuf_mutator::Msg* message, unsigned int seed) { - mock_fuzzer->PostProcess(message, seed); - }}; - -DEFINE_TEXT_PROTO_FUZZER(const protobuf_mutator::Msg& message) { - mock_fuzzer->TestOneInput(message); +DEFINE_PROTO_FUZZER(const protobuf_mutator::Msg::EmptyMessage& message) { + reached = true; } -MATCHER_P(IsMessageEq, msg, "") { - return MessageDifferencer::Equals(arg, msg.get()); -} -MATCHER(IsInitialized, "") { return arg.IsInitialized(); } - -TEST(LibFuzzerTest, LLVMFuzzerTestOneInput) { - unsigned int seed = 0; - testing::StrictMock<MockFuzzer> mock; - protobuf_mutator::Msg msg; - EXPECT_CALL(mock, PostProcess(_, _)) - .WillOnce(DoAll(SaveArgPointee<0>(&msg), SaveArg<1>(&seed))); - EXPECT_CALL( - mock, TestOneInput(AllOf(IsMessageEq(std::cref(msg)), IsInitialized()))); - LLVMFuzzerTestOneInput((const uint8_t*)"", 0); - - EXPECT_CALL(mock, PostProcess(_, seed)).WillOnce(SaveArgPointee<0>(&msg)); - EXPECT_CALL( - mock, TestOneInput(AllOf(IsMessageEq(std::cref(msg)), IsInitialized()))); +TEST(LibFuzzerTest, Basic) { LLVMFuzzerTestOneInput((const uint8_t*)"", 0); -} - -TEST(LibFuzzerTest, LLVMFuzzerCustomMutator) { - testing::StrictMock<MockFuzzer> mock; - protobuf_mutator::Msg msg; - EXPECT_CALL(mock, PostProcess(_, _)).WillOnce(SaveArgPointee<0>(&msg)); - EXPECT_CALL( - mock, TestOneInput(AllOf(IsMessageEq(std::cref(msg)), IsInitialized()))); - - uint8_t buff[1024] = {}; - size_t size = LLVMFuzzerCustomMutator(buff, 0, sizeof(buff), 5); - ASSERT_GT(size, 0U); - LLVMFuzzerTestOneInput(buff, size); -} - -TEST(LibFuzzerTest, LLVMFuzzerCustomCrossOver) { - testing::StrictMock<MockFuzzer> mock; - protobuf_mutator::Msg msg; - EXPECT_CALL(mock, PostProcess(_, _)).WillOnce(SaveArgPointee<0>(&msg)); - EXPECT_CALL( - mock, TestOneInput(AllOf(IsMessageEq(std::cref(msg)), IsInitialized()))); - - uint8_t buff1[1024] = {}; - uint8_t buff2[1024] = {}; - uint8_t buff3[1024] = {}; - size_t size = - LLVMFuzzerCustomCrossOver(buff1, 0, buff2, 0, buff3, sizeof(buff3), 6); - ASSERT_GT(size, 0U); - LLVMFuzzerTestOneInput(buff3, size); + EXPECT_TRUE(reached); } diff --git a/src/mutator.cc b/src/mutator.cc index fb5542b..45acd48 100644 --- a/src/mutator.cc +++ b/src/mutator.cc @@ -16,7 +16,6 @@ #include <algorithm> #include <bitset> -#include <iostream> #include <map> #include <memory> #include <random> @@ -56,7 +55,7 @@ enum class Mutation : uint8_t { Last = Clone, }; -using MutationBitset = std::bitset<static_cast<size_t>(Mutation::Last) + 1>; +using MutationBitset = std::bitset<static_cast<size_t>(Mutation::Last)>; using Messages = std::vector<Message*>; using ConstMessages = std::vector<const Message*>; @@ -625,15 +624,6 @@ struct CreateField : public FieldFunction<CreateField> { void Mutator::Seed(uint32_t value) { random_.seed(value); } -void Mutator::Fix(Message* message) { - UnpackedAny any; - UnpackAny(*message, &any); - - PostProcessing(keep_initialized_, post_processors_, any, &random_) - .Run(message, kMaxInitializeDepth); - assert(IsInitialized(*message)); -} - void Mutator::Mutate(Message* message, size_t max_size_hint) { UnpackedAny any; UnpackAny(*message, &any); diff --git a/src/mutator.h b/src/mutator.h index afb6940..57c7c47 100644 --- a/src/mutator.h +++ b/src/mutator.h @@ -60,9 +60,6 @@ class Mutator { void CrossOver(const protobuf::Message& message1, protobuf::Message* message2, size_t max_size_hint); - // Makes message initialized and calls post processors to make it valid. - void Fix(protobuf::Message* message); - // Callback to postprocess mutations. // Implementation should use seed to initialize random number generators. using PostProcess = diff --git a/src/mutator_test.cc b/src/mutator_test.cc index 312b2d9..fe93181 100644 --- a/src/mutator_test.cc +++ b/src/mutator_test.cc @@ -293,14 +293,6 @@ const char kOptionalInDeepAnyFields[] = R"( } )"; -const char kUnknownFieldInput[] = R"( - optional_bool: true - unknown_field: "test unknown field" -)"; - -const char kUnknownFieldExpected[] = R"(optional_bool: true -)"; - class TestMutator : public Mutator { public: explicit TestMutator(bool keep_initialized, @@ -676,12 +668,6 @@ TYPED_TEST(MutatorTypedTest, Serialization) { } } -TYPED_TEST(MutatorTypedTest, UnknownFieldTextFormat) { - typename TestFixture::Message parsed; - EXPECT_TRUE(ParseTextMessage(kUnknownFieldInput, &parsed)); - EXPECT_EQ(SaveMessageAsText(parsed), kUnknownFieldExpected); -} - TYPED_TEST(MutatorTypedTest, DeepRecursion) { typename TestFixture::Message message; typename TestFixture::Message* last = &message; diff --git a/src/text_format.cc b/src/text_format.cc index 4479229..94e6a79 100644 --- a/src/text_format.cc +++ b/src/text_format.cc @@ -30,7 +30,6 @@ bool ParseTextMessage(const std::string& data, protobuf::Message* output) { TextFormat::Parser parser; parser.SetRecursionLimit(100); parser.AllowPartialMessage(true); - parser.AllowUnknownField(true); if (!parser.ParseFromString(data, output)) { output->Clear(); return false; |