diff options
Diffstat (limited to 'src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers')
5 files changed, 208 insertions, 0 deletions
diff --git a/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/.gitignore b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/.gitignore new file mode 100644 index 000000000..ee48ae07b --- /dev/null +++ b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/.gitignore @@ -0,0 +1 @@ +fuzz_regex diff --git a/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/Makefile b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/Makefile new file mode 100644 index 000000000..dc3e78bf3 --- /dev/null +++ b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/Makefile @@ -0,0 +1,12 @@ +PROGRAMS?=fuzz_regex + +all: $(PROGRAMS) + + +fuzz_%: + $(CC) -fsanitize=address -D WITH_MAIN -g -Wall \ + -I../../src $@.c -o $@ ../../src/librdkafka.a + + +clean: + rm -f $(PROGRAMS) diff --git a/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/README.md b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/README.md new file mode 100644 index 000000000..b5a0333b1 --- /dev/null +++ b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/README.md @@ -0,0 +1,31 @@ +# Fuzzing +librdkafka supports fuzzing by way of Libfuzzer and OSS-Fuzz. This is ongoing work. + +## Launching the fuzzers +The easiest way to launch the fuzzers are to go through OSS-Fuzz. The only prerequisite to this is having Docker installed. + +With Docker installed, the following commands will build and run the fuzzers in this directory: + +``` +git clone https://github.com/google/oss-fuzz +cd oss-fuzz +python3 infra/helper.py build_image librdkafka +python3 infra/helper.py build_fuzzers librdkafka +python3 infra/helper.py run_fuzzer librdkafka FUZZ_NAME +``` +where FUZZ_NAME references the name of the fuzzer. Currently the only fuzzer we have is fuzz_regex + +Notice that the OSS-Fuzz `helper.py` script above will create a Docker image in which the code of librdkafka will be built. As such, depending on how you installed Docker, you may be asked to have root access (i.e. run with `sudo`). + + +## Running a single reproducer + +Download the reproducer file from the OSS-Fuzz issue tracker, then build +the failed test case by running `make` in this directory, and then +run the test case and pass it the reproducer files, e.g: + + $ make + $ ./fuzz_regex ~/Downloads/clusterfuzz-testcase-... + +**Note:** Some test cases, such as fuzz_regex, requires specific librdkafka + build configuration. See the test case source for details. diff --git a/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/fuzz_regex.c b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/fuzz_regex.c new file mode 100644 index 000000000..2facc19f0 --- /dev/null +++ b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/fuzz_regex.c @@ -0,0 +1,74 @@ +/* + * librdkafka - Apache Kafka C library + * + * Copyright (c) 2020, Magnus Edenhill + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + + +/** + * Fuzzer test case for the builtin regexp engine in src/regexp.c + * + * librdkafka must be built with --disable-regex-ext + */ + +#include "rd.h" + +#include <stdlib.h> +#include <string.h> +#include <stdio.h> + +#include "regexp.h" + +int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) { + /* wrap random data in a null-terminated string */ + char *null_terminated = malloc(size + 1); + memcpy(null_terminated, data, size); + null_terminated[size] = '\0'; + + const char *error; + Reprog *p = re_regcomp(null_terminated, 0, &error); + if (p != NULL) { + re_regfree(p); + } + + /* cleanup */ + free(null_terminated); + + return 0; +} + +#if WITH_MAIN +#include "helpers.h" + +int main(int argc, char **argv) { + int i; + for (i = 1; i < argc; i++) { + size_t size; + uint8_t *buf = read_file(argv[i], &size); + LLVMFuzzerTestOneInput(buf, size); + free(buf); + } +} +#endif diff --git a/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/helpers.h b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/helpers.h new file mode 100644 index 000000000..cfab03777 --- /dev/null +++ b/src/fluent-bit/lib/librdkafka-2.1.0/tests/fuzzers/helpers.h @@ -0,0 +1,90 @@ +/* + * librdkafka - Apache Kafka C library + * + * Copyright (c) 2020, Magnus Edenhill + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _HELPERS_H_ +#define _HELPERS_H_ + +#include <stdio.h> +#include <sys/stat.h> +#include <unistd.h> +#include <string.h> +#include <errno.h> + + +/** + * Fuzz program helpers + */ + +static __attribute__((unused)) uint8_t *read_file(const char *path, + size_t *sizep) { + int fd; + uint8_t *buf; + struct stat st; + + if ((fd = open(path, O_RDONLY)) == -1) { + fprintf(stderr, "Failed to open %s: %s\n", path, + strerror(errno)); + exit(2); + return NULL; /* NOTREACHED */ + } + + if (fstat(fd, &st) == -1) { + fprintf(stderr, "Failed to stat %s: %s\n", path, + strerror(errno)); + close(fd); + exit(2); + return NULL; /* NOTREACHED */ + } + + + buf = malloc(st.st_size + 1); + if (!buf) { + fprintf(stderr, "Failed to malloc %d bytes for %s\n", + (int)st.st_size, path); + close(fd); + exit(2); + return NULL; /* NOTREACHED */ + } + + buf[st.st_size] = '\0'; + + *sizep = read(fd, buf, st.st_size); + if (*sizep != st.st_size) { + fprintf(stderr, "Could only read %d/%d bytes from %s\n", + (int)*sizep, (int)st.st_size, path); + free(buf); + close(fd); + exit(2); + return NULL; /* NOTREACHED */ + } + + return buf; +} + + +#endif /* _HELPERS_H_ */ |