1 // Copyright 2018 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include <stdint.h> 6 7 #include <iostream> 8 #include <memory> 9 10 #include "base/environment.h" 11 #include "base/logging.h" 12 #include "components/zucchini/buffer_sink.h" 13 #include "components/zucchini/buffer_view.h" 14 #include "components/zucchini/fuzzers/file_pair.pb.h" 15 #include "components/zucchini/patch_writer.h" 16 #include "components/zucchini/zucchini.h" 17 #include "testing/libfuzzer/proto/lpm_interface.h" 18 19 namespace { 20 21 constexpr size_t kMinImageSize = 16; 22 constexpr size_t kMaxImageSize = 1024; 23 24 } // namespace 25 26 struct Environment { EnvironmentEnvironment27 Environment() { 28 logging::SetMinLogLevel(logging::LOG_FATAL); // Disable console spamming. 29 } 30 }; 31 DEFINE_BINARY_PROTO_FUZZER(const zucchini::fuzzers::FilePair & file_pair)32DEFINE_BINARY_PROTO_FUZZER(const zucchini::fuzzers::FilePair& file_pair) { 33 static Environment env; 34 // Dump code for debugging. 35 if (base::Environment::Create()->HasVar("LPM_DUMP_NATIVE_INPUT")) { 36 std::cout << "Imposed Matches: " << file_pair.imposed_matches() << std::endl 37 << "Old File: " << file_pair.old_file() << std::endl 38 << "New File: " << file_pair.new_or_patch_file() << std::endl; 39 } 40 41 // Prepare data. 42 zucchini::ConstBufferView old_image( 43 reinterpret_cast<const uint8_t*>(file_pair.old_file().data()), 44 file_pair.old_file().size()); 45 zucchini::ConstBufferView new_image( 46 reinterpret_cast<const uint8_t*>(file_pair.new_or_patch_file().data()), 47 file_pair.new_or_patch_file().size()); 48 49 // Restrict image sizes to speed up fuzzing. 50 if (old_image.size() < kMinImageSize || old_image.size() > kMaxImageSize || 51 new_image.size() < kMinImageSize || new_image.size() > kMaxImageSize) { 52 return; 53 } 54 55 // Generate a patch writer. 56 zucchini::EnsemblePatchWriter patch_writer(old_image, new_image); 57 58 // Fuzz Target. 59 zucchini::GenerateBufferImposed(old_image, new_image, 60 file_pair.imposed_matches(), &patch_writer); 61 62 // Write to buffer to avoid IO. 63 size_t patch_size = patch_writer.SerializedSize(); 64 std::unique_ptr<uint8_t[]> patch_data(new uint8_t[patch_size]); 65 zucchini::BufferSink patch(patch_data.get(), patch_size); 66 patch_writer.SerializeInto(patch); 67 } 68