sysmocom
/
pjproject
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

oss-fuzz ideal integration (#3430)

This commit is contained in:
Arjun 2023-03-16 13:59:59 +05:30 committed by GitHub
parent 1d4705b0f6
commit 3fd4726d7f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 580 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
.github/workflows/cifuzz.yml vendored Normal file
View File

@ -0,0 +1,32 @@
name: CIFuzz
on: [pull_request]
jobs:
Fuzzing:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
sanitizer: [address, undefined, memory]
steps:
- name: Build Fuzzers (${{ matrix.sanitizer }})
id: build
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
oss-fuzz-project-name: 'pjsip'
dry-run: false
language: c
sanitizer: ${{ matrix.sanitizer }}
- name: Run Fuzzers (${{ matrix.sanitizer }})
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
with:
oss-fuzz-project-name: 'pjsip'
dry-run: false
language: c
fuzz-seconds: 300
sanitizer: ${{ matrix.sanitizer }}
- name: Upload Crash
uses: actions/upload-artifact@v1
if: failure() && steps.build.outcome == 'success'
with:
name: ${{ matrix.sanitizer }}-artifacts
path: ./out/artifacts

14
tests/fuzz/Makefile
View File

@ -16,6 +16,10 @@ RTCP=fuzz-rtcp
DNS=fuzz-dns
H264=fuzz-h264
VPX=fuzz-vpx
HTTP=fuzz-http
URL=fuzz-url
URI=fuzz-uri
CRYPTO=fuzz-crypto
EXTFLAGS=-Wall -Werror
@ -31,6 +35,10 @@ $(TARGET):
$(CC) $(PJ_CFLAGS) $(EXTFLAGS) -c $(DNS).c
$(CC) $(PJ_CFLAGS) $(EXTFLAGS) -c $(H264).c
$(CC) $(PJ_CFLAGS) $(EXTFLAGS) -c $(VPX).c
$(CC) $(PJ_CFLAGS) $(EXTFLAGS) -c $(HTTP).c
$(CC) $(PJ_CFLAGS) $(EXTFLAGS) -c $(URL).c
$(CC) $(PJ_CFLAGS) $(EXTFLAGS) -c $(URI).c
$(CC) $(PJ_CFLAGS) $(EXTFLAGS) -c $(CRYPTO).c
$(CXX) $(PJ_CFLAGS) -o $(JSON) $(JSON).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
$(CXX) $(PJ_CFLAGS) -o $(XML) $(XML).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
@ -41,6 +49,10 @@ $(TARGET):
$(CXX) $(PJ_CFLAGS) -o $(DNS) $(DNS).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
$(CXX) $(PJ_CFLAGS) -o $(H264) $(H264).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
$(CXX) $(PJ_CFLAGS) -o $(VPX) $(VPX).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
$(CXX) $(PJ_CFLAGS) -o $(HTTP) $(HTTP).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
$(CXX) $(PJ_CFLAGS) -o $(URL) $(URL).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
$(CXX) $(PJ_CFLAGS) -o $(URI) $(URI).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE)
$(CXX) $(PJ_CFLAGS) -o $(CRYPTO) $(CRYPTO).o $(PJ_LDFLAGS) $(PJ_LDLIBS) $(LDFLAGS) $(LIB_FUZZING_ENGINE) -lssl -lcrypto -lz
clean:
rm $(JSON) $(XML) $(SDP) $(STUN) $(SIP) $(RTCP) $(DNS) $(H264) ($VPX) *.o
rm $(JSON) $(XML) $(SDP) $(STUN) $(SIP) $(RTCP) $(DNS) $(H264) $(VPX) $(HTTP) $(URL) $(URI) $(CRYPTO) *.o

178
tests/fuzz/fuzz-crypto.c Normal file
View File

@ -0,0 +1,178 @@
/*
* Copyright (C) 2023 Teluu Inc. (http://www.teluu.com)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <pjlib.h>
#include <pjlib-util.h>
#define OPENSSL_SUPPRESS_DEPRECATED 1
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/sha.h>
#include <openssl/md5.h>
#include <zlib.h>
#define kMinInputLength 10
#define kMaxInputLength 1024
#define MAXSIZE 5120
void encode_base64_differential(const uint8_t *Data, size_t Size) {
//PJSIP
char pj_output[MAXSIZE];
int pj_output_len = MAXSIZE;
memset(pj_output, 0, MAXSIZE);
pj_base64_encode(Data, Size, pj_output, &pj_output_len);
//OPENSSL
BIO *bio, *bio_mem;
char *ssl_output;
int ssl_output_len;
bio = BIO_new(BIO_f_base64());
BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
bio_mem = BIO_new(BIO_s_mem());
BIO_push(bio, bio_mem);
BIO_write(bio, Data, Size);
BIO_flush(bio);
ssl_output_len = BIO_get_mem_data(bio_mem, &ssl_output);
//Differential
int result = memcmp(pj_output, ssl_output, ssl_output_len);
if(result != 0){
abort();
}
BIO_free_all(bio);
//PJSIP Decode After encode.
pj_str_t pj_input;
uint8_t pj_output_dec[MAXSIZE];
int pj_output_dec_len = MAXSIZE;
pj_input.ptr = pj_output;
pj_input.slen = ssl_output_len;
memset(pj_output_dec, 0, MAXSIZE);
pj_base64_decode(&pj_input, pj_output_dec, &pj_output_dec_len);
//Differential
int result_dec = memcmp(pj_output_dec, Data, Size);
if(result_dec != 0) {
abort();
}
}
void decode_base64_differential(const uint8_t *Data, size_t Size) {
//PJSIP
pj_str_t pj_input;
uint8_t pj_output[MAXSIZE];
int pj_output_len = MAXSIZE;
pj_input.ptr = (char *)Data;
pj_input.slen = Size;
memset(pj_output, 0, MAXSIZE);
pj_base64_decode(&pj_input, pj_output, &pj_output_len);
}
void md5_differential(const uint8_t *Data, size_t Size) {
//PJSIP
pj_md5_context ctx;
pj_uint8_t pj_md5_hash[MD5_DIGEST_LENGTH];
pj_md5_init(&ctx);
pj_md5_update(&ctx, Data,Size);
pj_md5_final(&ctx, pj_md5_hash);
//OPENSSL
uint8_t ssl_md5_hash[MD5_DIGEST_LENGTH] = {};
MD5(Data, Size, ssl_md5_hash);
//Differential
int result = memcmp(pj_md5_hash, ssl_md5_hash, MD5_DIGEST_LENGTH);
if(result != 0){
abort();
}
}
void sha1_differential(const uint8_t *Data, size_t Size) {
//PJSIP
pj_sha1_context pj_sha;
pj_uint8_t pj_sha_hash[SHA_DIGEST_LENGTH];
pj_sha1_init(&pj_sha);
pj_sha1_update(&pj_sha,Data,Size);
pj_sha1_final(&pj_sha,pj_sha_hash);
//OPENSSL
uint8_t ssl_sha_hash[SHA_DIGEST_LENGTH] = {};
SHA_CTX ctx;
SHA1_Init(&ctx);
SHA1_Update(&ctx,Data,Size);
SHA1_Final(ssl_sha_hash, &ctx);
//Differential
int result = memcmp(pj_sha_hash, ssl_sha_hash, SHA_DIGEST_LENGTH);
if(result != 0){
abort();
}
}
void crc32_differential(const uint8_t *Data, size_t Size) {
//PJSIP
pj_uint32_t pj_crc;
pj_crc = pj_crc32_calc(Data, Size);
//zlib
uint32_t zlib_crc;
zlib_crc = crc32(0L, Data, Size);
//Differential
if (pj_crc != zlib_crc) {
abort();
}
}
extern int
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
if (Size < kMinInputLength || Size > kMaxInputLength) {
return 1;
}
encode_base64_differential(Data, Size);
decode_base64_differential(Data, Size);
md5_differential(Data, Size);
sha1_differential(Data, Size);
crc32_differential(Data, Size);
return 0;
}

77
tests/fuzz/fuzz-http.c Normal file
View File

@ -0,0 +1,77 @@
/*
* Copyright (C) 2023 Teluu Inc. (http://www.teluu.com)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <pjlib.h>
#include <pjlib-util.h>
#include "../../pjlib-util/src/pjlib-util/http_client.c"
#define kMinInputLength 10
#define kMaxInputLength 1024
pj_pool_factory *mem;
int http_parse(uint8_t *data, size_t Size) {
int ret;
pj_pool_t *pool;
pj_size_t rem;
pj_http_resp response;
pool = pj_pool_create(mem, "http", 1000, 1000, NULL);
ret = http_response_parse(pool, &response, data, Size, &rem);
pj_pool_release(pool);
return ret;
}
extern int
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
if (Size < kMinInputLength || Size > kMaxInputLength) {
return 1;
}
int ret = 0;
uint8_t *data;
pj_caching_pool caching_pool;
/* Add NULL byte */
data = (uint8_t *)calloc((Size+1), sizeof(uint8_t));
memcpy((void *)data, (void *)Data, Size);
/* init Calls */
pj_init();
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0);
pj_log_set_level(0);
mem = &caching_pool.factory;
/* Call fuzzer */
ret = http_parse(data, Size);
free(data);
pj_caching_pool_destroy(&caching_pool);
return ret;
}

66
tests/fuzz/fuzz-json.c
View File

@ -1,6 +1,5 @@
/*
* Copyright (C) 2008-2011 Teluu Inc. (http://www.teluu.com)
* Copyright (C) 2003-2008 Benny Prijono <benny@prijono.org>
* Copyright (C) 2023 Teluu Inc. (http://www.teluu.com)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -19,69 +18,74 @@
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>
#include <pjlib.h>
#include <pjlib-util.h>
#include <pjlib-util/json.h>
#include <pj/log.h>
#include <pj/string.h>
#define kMinInputLength 10
#define kMaxInputLength 5120
pj_pool_factory *mem;
int Json_parse(char *DataFx,size_t Size){
int ret = 0;
int Json_parse(uint8_t *data, size_t Size) {
pj_pool_t *pool;
pj_json_elem *elem;
pj_json_err_info err;
char *output;
unsigned int output_size;
pool = pj_pool_create(mem, "json", 1000, 1000, NULL);
elem = pj_json_parse(pool, DataFx,(unsigned *)&Size, &err);
elem = pj_json_parse(pool, (char *)data, (unsigned *)&Size, &err);
if (!elem) {
goto on_error;
}
if (!elem)
ret = 1;
output_size = Size * 2;
output = pj_pool_alloc(pool, output_size);
if (pj_json_write(elem, output, &output_size)) {
goto on_error;
}
pj_pool_release(pool);
return 0;
return ret;
on_error:
pj_pool_release(pool);
return 1;
}
extern int
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{/*pjproject/pjlib-util/src/pjlib-util-test/json_test.c*/
{
if (Size < kMinInputLength || Size > kMaxInputLength){
if (Size < kMinInputLength || Size > kMaxInputLength) {
return 1;
}
/*Add Extra byte */
char *DataFx;
DataFx = (char *)calloc((Size+1),sizeof(char));
memcpy((void *)DataFx,(void *)Data,Size);
/*init*/
int ret = 0;
uint8_t *data;
pj_caching_pool caching_pool;
mem = &caching_pool.factory;
/* Add NULL byte */
data = (uint8_t *)calloc((Size+1), sizeof(uint8_t));
memcpy((void *)data, (void *)Data, Size);
/* init Calls */
pj_init();
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0);
pj_log_set_level(0);
ret = pj_init();
ret = pjlib_util_init();
mem = &caching_pool.factory;
pj_dump_config();
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0);
/* Call fuzzer */
ret = Json_parse(data, Size);
/*Calls*/
ret = Json_parse(DataFx,Size);
free(DataFx);
free(data);
pj_caching_pool_destroy(&caching_pool);
return ret;
}

4
tests/fuzz/fuzz-rtcp.c
View File

@ -35,6 +35,8 @@ int rtcp_parser(char *data, size_t size)
pjmedia_rtcp_session session;
pjmedia_rtcp_session_setting_default(&setting);
setting.clock_rate = 8000;
setting.samples_per_frame = 160;
pjmedia_rtcp_init2(&session, &setting);
pjmedia_rtcp_rx_rtcp(&session, data, size);
@ -70,6 +72,8 @@ extern int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
free(data);
pjmedia_event_mgr_destroy(pjmedia_event_mgr_instance());
pj_pool_release(pool);
pj_caching_pool_destroy(&caching_pool);
return ret;
}

75
tests/fuzz/fuzz-stun.c
View File

@ -1,6 +1,5 @@
/*
* Copyright (C) 2008-2011 Teluu Inc. (http://www.teluu.com)
* Copyright (C) 2003-2008 Benny Prijono <benny@prijono.org>
* Copyright (C) 2023 Teluu Inc. (http://www.teluu.com)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -20,11 +19,9 @@
#include <stdint.h>
#include <stdlib.h>
#include <pjlib.h>
#include <pj/compat/socket.h>
#include <pjlib.h>
#include <pjlib-util.h>
#include <pjnath.h>
#define kMinInputLength 10
@ -32,58 +29,68 @@
pj_pool_factory *mem;
int stun_parse(char *DataFx,size_t Size){
int ret = 0;
int stun_parse(uint8_t *data,size_t Size) {
pj_status_t status;
pj_pool_t *pool;
pj_stun_msg *msg;
pj_status_t status;
pj_stun_auth_cred cred;
const pj_str_t USERNAME = {"A", 1};
const pj_str_t PASSWORD = {"A", 1};
pool = pj_pool_create(mem, "decode_test", 1024, 1024, NULL);
status = pj_stun_msg_decode(pool, (pj_uint8_t*)DataFx,Size,
PJ_STUN_IS_DATAGRAM | PJ_STUN_CHECK_PACKET,
&msg, NULL, NULL);
status = pj_stun_msg_decode(pool, data, Size, PJ_STUN_IS_DATAGRAM | PJ_STUN_CHECK_PACKET, &msg, NULL, NULL);
if(status != PJ_SUCCESS){
goto ret_error;
}
if(status)
ret = 1;
pj_bzero(&cred, sizeof(cred));
cred.type = PJ_STUN_AUTH_CRED_STATIC;
cred.data.static_cred.username = USERNAME;
cred.data.static_cred.data_type = PJ_STUN_PASSWD_PLAIN;
cred.data.static_cred.data = PASSWORD;
pj_stun_authenticate_request(data, (unsigned)Size, msg, &cred, pool, NULL, NULL);
pj_pool_release(pool);
return status;
return ret;
ret_error:
pj_pool_release(pool);
return status;
}
extern int
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{/*pjproject/pjnath/src/pjnath-test/stun.c*/
{
if (Size < kMinInputLength || Size > kMaxInputLength){
if (Size < kMinInputLength || Size > kMaxInputLength) {
return 1;
}
/*Add Extra byte */
char *DataFx;
DataFx = (char *)calloc((Size+1),sizeof(char));
memcpy((void *)DataFx,(void *)Data,Size);
/*init*/
int ret = 0;
uint8_t *data;
pj_caching_pool caching_pool;
/* Add NULL byte */
data = (uint8_t *)calloc((Size+1), sizeof(uint8_t));
memcpy((void *)data, (void *)Data, Size);
/* init Calls */
pj_init();
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0);
pj_log_set_level(0);
mem = &caching_pool.factory;
pj_log_set_level(0);
/* Call fuzzer */
ret = stun_parse(data, Size);
pj_init();
free(data);
pj_caching_pool_destroy(&caching_pool);
pj_dump_config();
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0 );
pjlib_util_init();
pjnath_init();
/*call*/
ret = stun_parse(DataFx,Size);
free(DataFx);
return ret;
}

96
tests/fuzz/fuzz-uri.c Normal file
View File

@ -0,0 +1,96 @@
/*
* Copyright (C) 2023 Teluu Inc. (http://www.teluu.com)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <pjlib.h>
#include <pjlib-util.h>
//#include <sip_uri.h>
#include <pjlib.h>
#include <pjlib-util.h>
#include <pjsip.h>
#include <pjsip/sip_types.h>
#include <pjsip.h>
#include <pjlib.h>
#define kMinInputLength 10
#define kMaxInputLength 1024
/* Defined in sip_parser.c */
void init_sip_parser(void);
void deinit_sip_parser(void);
pj_pool_factory *mem;
int uri_parse(uint8_t *data, size_t Size) {
pj_status_t status = 0 ;
pj_pool_t *pool;
pjsip_uri *uri;
pool = pj_pool_create(mem, "uri", 1000, 1000, NULL);
uri = pjsip_parse_uri(pool, (char *)data, Size, 0);
if (!uri) {
status = 1;
}
pj_pool_release(pool);
return status;
}
extern int
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
if (Size < kMinInputLength || Size > kMaxInputLength) {
return 1;
}
int ret = 0;
uint8_t *data;
pj_caching_pool caching_pool;
/* Add NULL byte */
data = (uint8_t *)calloc((Size+1), sizeof(uint8_t));
memcpy((void *)data, (void *)Data, Size);
/* init Calls */
pj_init();
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0);
pj_log_set_level(0);
mem = &caching_pool.factory;
init_sip_parser();
/* Call fuzzer */
ret = uri_parse(data, Size);
free(data);
deinit_sip_parser();
pj_caching_pool_destroy(&caching_pool);
return ret;
}

71
tests/fuzz/fuzz-url.c Normal file
View File

@ -0,0 +1,71 @@
/*
* Copyright (C) 2023 Teluu Inc. (http://www.teluu.com)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <pjlib.h>
#include <pjlib-util.h>
#define kMinInputLength 10
#define kMaxInputLength 1024
pj_pool_factory *mem;
int url_parse(uint8_t *data, size_t Size) {
pj_str_t surl;
pj_http_url hurl;
surl.ptr = (char *)data;
surl.slen = Size;
return pj_http_req_parse_url(&surl, &hurl);
}
extern int
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
if (Size < kMinInputLength || Size > kMaxInputLength) {
return 1;
}
int ret = 0;
uint8_t *data;
pj_caching_pool caching_pool;
/* Add NULL byte */
data = (uint8_t *)calloc((Size+1), sizeof(uint8_t));
memcpy((void *)data, (void *)Data, Size);
/* init Calls */
pj_init();
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0);
pj_log_set_level(0);
mem = &caching_pool.factory;
/* Call fuzzer */
ret = url_parse(data, Size);
free(data);
pj_caching_pool_destroy(&caching_pool);
return ret;
}

62
tests/fuzz/fuzz-xml.c
View File

@ -1,6 +1,5 @@
/*
* Copyright (C) 2008-2011 Teluu Inc. (http://www.teluu.com)
* Copyright (C) 2003-2008 Benny Prijono <benny@prijono.org>
* Copyright (C) 2023 Teluu Inc. (http://www.teluu.com)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -19,66 +18,71 @@
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>
#include <pjlib.h>
#include <pjlib-util.h>
#include <pjlib-util/xml.h>
#define kMinInputLength 10
#define kMaxInputLength 5120
pj_pool_factory *mem;
int XML_parse(char *DataFx,size_t Size){
int XML_parse(uint8_t *data, size_t Size) {
int ret = 0;
pj_pool_t *pool;
pj_xml_node *root;
char *output;
size_t output_size;
pool = pj_pool_create(mem, "xml", 4096, 1024, NULL);
root = pj_xml_parse(pool, (char *)data, Size);
if (!root) {
goto on_error;
}
root = pj_xml_parse(pool, DataFx, Size);
if (!root)
ret += 1;
output = (char*)pj_pool_zalloc(pool, Size + 512);
output_size = pj_xml_print(root, output, Size + 512, PJ_TRUE);
if (output_size < 1) {
goto on_error;
}
pj_pool_release(pool);
return 0;
return ret;
on_error:
pj_pool_release(pool);
return 1;
}
extern int
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{/*pjproject/pjlib-util/src/pjlib-util-test/xml.c*/
{
if (Size < kMinInputLength || Size > kMaxInputLength){
if (Size < kMinInputLength || Size > kMaxInputLength) {
return 1;
}
/*Add Extra byte */
char *DataFx;
DataFx = (char *)calloc((Size+1),sizeof(char));
memcpy((void *)DataFx,(void *)Data,Size);
/*init*/
int ret = 0;
uint8_t *data;
pj_caching_pool caching_pool;
mem = &caching_pool.factory;
/* Add NULL byte */
data = (uint8_t *)calloc((Size+1), sizeof(uint8_t));
memcpy((void *)data, (void *)Data, Size);
/* init Calls */
pj_init();
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0);
pj_log_set_level(0);
ret = pj_init();
ret = pjlib_util_init();
mem = &caching_pool.factory;
pj_dump_config();
pj_caching_pool_init( &caching_pool, &pj_pool_factory_default_policy, 0 );
/*Calls fuzzer*/
ret = XML_parse(data, Size);
/*Call*/
ret = XML_parse(DataFx,Size);
free(DataFx);
free(data);
pj_caching_pool_destroy(&caching_pool);
return ret;
}

BIN
tests/fuzz/seed/fuzz-crypto_seed_corpus.zip Normal file
View File

Binary file not shown.

BIN
tests/fuzz/seed/fuzz-http_seed_corpus.zip Normal file
View File

Binary file not shown.

BIN
tests/fuzz/seed/fuzz-uri_seed_corpus.zip Normal file
View File

Binary file not shown.

BIN
tests/fuzz/seed/fuzz-url_seed_corpus.zip Normal file
View File

Binary file not shown.