From 15fba1debca5498989048677ffda38758b2df984 Mon Sep 17 00:00:00 2001 From: Arseny Kapoulkine Date: Fri, 13 Mar 2015 00:18:30 -0700 Subject: [PATCH] tests: Add support for afl-fuzz With the current setup it successfully finds the (fixed) DOCTYPE buffer overrun in ~50 minutes (on a single core). --- Makefile | 11 ++++++++--- tests/data_fuzz_parse/basic.xml | 1 + tests/data_fuzz_parse/doctype.xml | 1 + tests/data_fuzz_parse/refs.xml | 1 + tests/data_fuzz_parse/types.xml | 1 + tests/data_fuzz_parse/utf16.xml | Bin 0 -> 700 bytes tests/data_fuzz_parse/utf32.xml | Bin 0 -> 652 bytes tests/fuzz_parse.cpp | 16 ++++++++++++++++ 8 files changed, 28 insertions(+), 3 deletions(-) create mode 100644 tests/data_fuzz_parse/basic.xml create mode 100644 tests/data_fuzz_parse/doctype.xml create mode 100644 tests/data_fuzz_parse/refs.xml create mode 100644 tests/data_fuzz_parse/types.xml create mode 100644 tests/data_fuzz_parse/utf16.xml create mode 100644 tests/data_fuzz_parse/utf32.xml create mode 100644 tests/fuzz_parse.cpp diff --git a/Makefile b/Makefile index 897bcbb..b50ff69 100644 --- a/Makefile +++ b/Makefile @@ -3,10 +3,10 @@ defines=standard BUILD=build/make-$(CXX)-$(config)-$(defines) -SOURCES=src/pugixml.cpp $(wildcard tests/*.cpp) +SOURCES=src/pugixml.cpp tests/main.cpp tests/allocator.cpp tests/test.cpp tests/writer_string.cpp $(wildcard tests/test_*.cpp) EXECUTABLE=$(BUILD)/test -CXXFLAGS=-c -g -Wall -Wextra -Werror -pedantic +CXXFLAGS=-g -Wall -Wextra -Werror -pedantic LDFLAGS= ifeq ($(config),release) @@ -39,6 +39,11 @@ test: $(EXECUTABLE) ./$(EXECUTABLE) endif +fuzz: + @mkdir -p $(BUILD) + $(AFL)/afl-clang++ tests/fuzz_parse.cpp tests/allocator.cpp src/pugixml.cpp $(CXXFLAGS) -o $(BUILD)/fuzz_parse + $(AFL)/afl-fuzz -i tests/data_fuzz_parse -o $(BUILD)/fuzz_parse_out -x $(AFL)/testcases/_extras/xml/ -- $(BUILD)/fuzz_parse @@ + clean: rm -rf $(BUILD) @@ -47,7 +52,7 @@ $(EXECUTABLE): $(OBJECTS) $(BUILD)/%.o: % @mkdir -p $(dir $@) - $(CXX) $< $(CXXFLAGS) -MMD -MP -o $@ + $(CXX) $< $(CXXFLAGS) -c -MMD -MP -o $@ -include $(OBJECTS:.o=.d) diff --git a/tests/data_fuzz_parse/basic.xml b/tests/data_fuzz_parse/basic.xml new file mode 100644 index 0000000..a8eaa09 --- /dev/null +++ b/tests/data_fuzz_parse/basic.xml @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/tests/data_fuzz_parse/doctype.xml b/tests/data_fuzz_parse/doctype.xml new file mode 100644 index 0000000..dd1831d --- /dev/null +++ b/tests/data_fuzz_parse/doctype.xml @@ -0,0 +1 @@ + ]> ]]> ]> ]> \ No newline at end of file diff --git a/tests/data_fuzz_parse/refs.xml b/tests/data_fuzz_parse/refs.xml new file mode 100644 index 0000000..e42df5f --- /dev/null +++ b/tests/data_fuzz_parse/refs.xml @@ -0,0 +1 @@ + pcdata < > & " ' « &unknown; %entity; \ No newline at end of file diff --git a/tests/data_fuzz_parse/types.xml b/tests/data_fuzz_parse/types.xml new file mode 100644 index 0000000..dc6369a --- /dev/null +++ b/tests/data_fuzz_parse/types.xml @@ -0,0 +1 @@ + pcdata \ No newline at end of file diff --git a/tests/data_fuzz_parse/utf16.xml b/tests/data_fuzz_parse/utf16.xml new file mode 100644 index 0000000000000000000000000000000000000000..3847a93954c31d41bfd07448bbacb669a247cf9d GIT binary patch literal 700 zcma)4Jx>Bb6r5rkO=vBw779D$Fd?GeK?E_H0209{u`p*qyoewID*wPp{L!9WK#?#trJYMi(C1Xu&}QaV*2)o<<5G%riTT zE$ktS3aTg}2mKg7inF%NbD7>83Oq${ORPFBh&wRP1o8c57>0?h8Ifg^%cJTm;(J8)$W^1Nb6PFhU4ELD%bdF0q!KzlB&XcbWlewL zEq<14QBqv!=Noe;_tnMW_yI(Z{R2OsNNJT-n_TNEsn(#Cqb#+mR`_@5Ntk~ADWVd! ztrCnlD#em`63q!} Tl0n|BMLemNoXPaX{8{(`!{K>3 literal 0 HcmV?d00001 diff --git a/tests/data_fuzz_parse/utf32.xml b/tests/data_fuzz_parse/utf32.xml new file mode 100644 index 0000000000000000000000000000000000000000..51b8a89a2cba2383642768bd0b9d7c71222ed152 GIT binary patch literal 652 zcmaLTJBk895XSKimxZ}QYp(7@D)