Google Git
Sign in
chromium / chromium / src / ae160bfabf93b51da1877351da1abd0677b41db8 / . / testing / libfuzzer / fuzzers / BUILD.gn
blob: caaccb1893764cfb7e8a0cc23cff9f12e4e3e750 [file] [log] [blame]
# Copyright 2015 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Individual libfuzzer tests that didn't find their home yet.
import("//build/config/features.gni")
import("//testing/libfuzzer/fuzzer_test.gni")
import("//third_party/protobuf/proto_library.gni")
import("//ui/gl/features.gni")
import("//v8/gni/v8.gni")
# root BUILD depends on this target. Needed for package discovery
group("fuzzers") {
}
fuzzer_test("empty_fuzzer") {
sources = [ "empty_fuzzer.cc" ]
additional_configs = [ "//testing/libfuzzer:no_clusterfuzz" ]
}
fuzzer_test("courgette_fuzzer") {
sources = [ "courgette_fuzzer.cc" ]
deps = [
"//base",
"//courgette:courgette_lib",
]
}
fuzzer_test("language_detection_fuzzer") {
sources = [ "language_detection_fuzzer.cc" ]
deps = [
"//base",
"//components/translate/core/language_detection:language_detection",
]
}
fuzzer_test("snappy_compress_fuzzer") {
sources = [ "snappy_compress_fuzzer.cc" ]
deps = [ "//third_party/snappy:snappy" ]
seed_corpus = "//third_party/snappy/src/testdata"
}
fuzzer_test("snappy_uncompress_fuzzer") {
sources = [ "snappy_uncompress_fuzzer.cc" ]
deps = [ "//third_party/snappy:snappy" ]
seed_corpus = "//third_party/snappy/src/testdata"
}
fuzzer_test("template_url_parser_fuzzer") {
sources = [ "template_url_parser_fuzzer.cc" ]
deps = [
"//base",
"//base:i18n",
"//components/search_engines",
"//mojo/core/embedder",
"//services/data_decoder/public/cpp",
"//services/data_decoder/public/cpp:test_support",
"//third_party/libxml:libxml",
]
dict = "//third_party/libxml/fuzz/xml.dict"
libfuzzer_options = [ "max_len=4096" ]
}
fuzzer_test("url_parse_proto_fuzzer") {
sources = [ "url_parse_proto_fuzzer.cc" ]
deps = [
"//base",
"//base:i18n",
"//testing/libfuzzer/proto:url_proto",
"//third_party/libprotobuf-mutator",
"//url:url",
]
}
fuzzer_test("libsrtp_fuzzer") {
sources = [ "libsrtp_fuzzer.cc" ]
deps = [ "//third_party/libsrtp" ]
libfuzzer_options = [ "max_len=1500" ]
}
libpng_seed_corpuses = [
"//components/test/data/viz",
"//third_party/blink/web_tests/images/png-suite/samples",
"//third_party/blink/web_tests/images/resources/pngfuzz",
]
fuzzer_test("gfx_png_image_fuzzer") {
sources = [ "gfx_png_image_fuzzer.cc" ]
deps = [
"//base",
"//ui/gfx",
]
dict = "dicts/png.dict"
seed_corpuses = libpng_seed_corpuses
}
fuzzer_test("libxml_xml_read_memory_fuzzer") {
sources = [ "libxml_xml_read_memory_fuzzer.cc" ]
deps = [ "//third_party/libxml:libxml" ]
dict = "//third_party/libxml/fuzz/xml.dict"
seed_corpus = "//third_party/libxml/fuzz/seed_corpus"
}
fuzzer_test("libpng_progressive_read_fuzzer") {
sources = [ "libpng_read_fuzzer.cc" ]
deps = [
"//base",
"//third_party/libpng",
]
dict = "dicts/png.dict"
seed_corpuses = libpng_seed_corpuses
}
fuzzer_test("v8_script_parser_fuzzer") {
sources = []
deps = [ "//v8:parser_fuzzer" ]
asan_options = [
"allow_user_segv_handler=1",
"handle_sigtrap=1",
]
msan_options = [ "handle_sigtrap=1" ]
ubsan_options = [
"handle_sigtrap=1",
"handle_segv=1",
]
dict = "dicts/generated/javascript.dict"
seed_corpus = "//v8/test/mjsunit/regress/"
libfuzzer_options = [ "only_ascii=1" ]
environment_variables = [ "AFL_DRIVER_DONT_DEFER=1" ]
}
v8_inspector_fuzzer_corpus_dir = "$target_gen_dir/v8_inspector_fuzzer_corpus"
action("generate_v8_inspector_fuzzer_corpus") {
script = "generate_v8_inspector_fuzzer_corpus.py"
sources = [ "generate_v8_inspector_fuzzer_corpus.py" ]
args = [
rebase_path("//v8/test/inspector/", root_build_dir),
rebase_path(v8_inspector_fuzzer_corpus_dir, root_build_dir),
]
outputs = [ v8_inspector_fuzzer_corpus_dir ]
}
fuzzer_test("v8_inspector_fuzzer") {
sources = []
deps = [ "//v8:inspector_fuzzer" ]
asan_options = [
"allow_user_segv_handler=1",
"handle_sigtrap=1",
]
msan_options = [ "handle_sigtrap=1" ]
ubsan_options = [
"handle_sigtrap=1",
"handle_segv=1",
]
dict = "dicts/generated/javascript.dict"
seed_corpus = v8_inspector_fuzzer_corpus_dir
seed_corpus_deps = [ ":generate_v8_inspector_fuzzer_corpus" ]
# The fuzzer is able to handle any input, but since the input is interpreted
# as JS code, restricting to ascii only will increase fuzzing efficiency.
libfuzzer_options = [ "only_ascii=1" ]
environment_variables = [ "AFL_DRIVER_DONT_DEFER=1" ]
}
fuzzer_test("v8_json_parser_fuzzer") {
sources = []
deps = [ "//v8:json_fuzzer" ]
asan_options = [
"allow_user_segv_handler=1",
"handle_sigtrap=1",
]
msan_options = [ "handle_sigtrap=1" ]
ubsan_options = [
"handle_sigtrap=1",
"handle_segv=1",
]
dict = "dicts/json.dict"
environment_variables = [ "AFL_DRIVER_DONT_DEFER=1" ]
}
fuzzer_test("v8_regexp_parser_fuzzer") {
sources = []
deps = [ "//v8:regexp_fuzzer" ]
asan_options = [
"allow_user_segv_handler=1",
"handle_sigtrap=1",
]
msan_options = [ "handle_sigtrap=1" ]
ubsan_options = [
"handle_sigtrap=1",
"handle_segv=1",
]
dict = "dicts/regexp.dict"
seed_corpus = "//v8/test/fuzzer/regexp/"
libfuzzer_options = [ "max_len=64" ]
environment_variables = [ "AFL_DRIVER_DONT_DEFER=1" ]
}
fuzzer_test("v8_regexp_builtins_fuzzer") {
sources = []
deps = [ "//v8:regexp_builtins_fuzzer" ]
asan_options = [
"allow_user_segv_handler=1",
"handle_sigtrap=1",
]
msan_options = [ "handle_sigtrap=1" ]
ubsan_options = [
"handle_sigtrap=1",
"handle_segv=1",
]
environment_variables = [ "AFL_DRIVER_DONT_DEFER=1" ]
}
if (v8_enable_webassembly) {
fuzzer_test("v8_multi_return_fuzzer") {
sources = []
deps = [ "//v8:multi_return_fuzzer" ]
asan_options = [
"allow_user_segv_handler=1",
"handle_sigtrap=1",
]
msan_options = [ "handle_sigtrap=1" ]
ubsan_options = [
"handle_sigtrap=1",
"handle_segv=1",
]
environment_variables = [ "AFL_DRIVER_DONT_DEFER=1" ]
}
fuzzer_test("v8_wasm_code_fuzzer") {
sources = []
deps = [ "//v8:wasm_code_fuzzer" ]
libfuzzer_options = [ "max_len=500" ]
asan_options = [
"allow_user_segv_handler=1",
"handle_sigtrap=1",
]
msan_options = [ "handle_sigtrap=1" ]
ubsan_options = [
"handle_sigtrap=1",
"handle_segv=1",
]
environment_variables = [ "AFL_DRIVER_DONT_DEFER=1" ]
}
fuzzer_test("v8_wasm_compile_fuzzer") {
sources = []
deps = [ "//v8:wasm_compile_fuzzer" ]
libfuzzer_options = [ "max_len=500" ]
asan_options = [
"allow_user_segv_handler=1",
"handle_sigtrap=1",
]
msan_options = [ "handle_sigtrap=1" ]
ubsan_options = [
"handle_sigtrap=1",
"handle_segv=1",
]
environment_variables = [ "AFL_DRIVER_DONT_DEFER=1" ]
}
fuzzer_test("v8_wasm_fuzzer") {
sources = []
deps = [ "//v8:wasm_fuzzer" ]
dict = "dicts/v8_wasm.dict"
seed_corpus = "//v8/test/fuzzer/wasm_corpus/"
libfuzzer_options = [ "max_len=500" ]
asan_options = [
"allow_user_segv_handler=1",
"handle_sigtrap=1",
]
msan_options = [ "handle_sigtrap=1" ]
ubsan_options = [
"handle_sigtrap=1",
"handle_segv=1",
]
environment_variables = [ "AFL_DRIVER_DONT_DEFER=1" ]
}
fuzzer_test("v8_wasm_async_fuzzer") {
sources = []
deps = [ "//v8:wasm_async_fuzzer" ]
dict = "dicts/v8_wasm.dict"
seed_corpus = "//v8/test/fuzzer/wasm_corpus/"
libfuzzer_options = [ "max_len=500" ]
asan_options = [
"allow_user_segv_handler=1",
"handle_sigtrap=1",
]
msan_options = [ "handle_sigtrap=1" ]
ubsan_options = [
"handle_sigtrap=1",
"handle_segv=1",
]
environment_variables = [ "AFL_DRIVER_DONT_DEFER=1" ]
}
fuzzer_test("v8_wasm_streaming_fuzzer") {
sources = []
deps = [ "//v8:wasm_streaming_fuzzer" ]
libfuzzer_options = [ "max_len=500" ]
asan_options = [
"allow_user_segv_handler=1",
"handle_sigtrap=1",
]
msan_options = [ "handle_sigtrap=1" ]
ubsan_options = [
"handle_sigtrap=1",
"handle_segv=1",
]
environment_variables = [ "AFL_DRIVER_DONT_DEFER=1" ]
}
}
fuzzer_test("convert_woff2ttf_fuzzer") {
sources = [ "convert_woff2ttf_fuzzer.cc" ]
deps = [ "//third_party/woff2:woff2_dec" ]
seed_corpus = "//testing/libfuzzer/fuzzers/woff2_corpus"
libfuzzer_options = [ "max_len=803500" ]
}
fuzzer_test("flatbuffers_verifier_fuzzer") {
sources = [ "flatbuffers_verifier_fuzzer.cc" ]
deps = [
"//third_party/flatbuffers",
"//third_party/flatbuffers:flatbuffers_samplebuffer",
]
libfuzzer_options = [ "max_len=1024" ]
seed_corpus = "//testing/libfuzzer/fuzzers/flatbuffers_corpus"
}
fuzzer_test("skia_path_fuzzer") {
sources = [
"skia_path_common.cc",
"skia_path_common.h",
"skia_path_fuzzer.cc",
]
deps = [
"//base",
"//skia",
]
libfuzzer_options = [ "max_len=256" ]
if (is_debug) {
# Disabled due to crashing on SkASSERT (crbug.com/642750, crbug.com/643275).
additional_configs = [ "//testing/libfuzzer:no_clusterfuzz" ]
}
}
fuzzer_test("skia_pathop_fuzzer") {
sources = [
"skia_path_common.cc",
"skia_path_common.h",
"skia_pathop_fuzzer.cc",
]
deps = [
"//base",
"//skia",
]
libfuzzer_options = [ "max_len=512" ]
if (is_debug) {
# Disabled due to crashing on SkASSERT (crbug.com/642750, crbug.com/643275).
additional_configs = [ "//testing/libfuzzer:no_clusterfuzz" ]
}
}
fuzzer_test("prtime_fuzzer") {
sources = [ "prtime_fuzzer.cc" ]
deps = [ "//base" ]
dict = "dicts/prtime.dict"
libfuzzer_options = [ "max_len=1024" ]
}
fuzzer_test("angle_translator_fuzzer") {
sources = []
deps = [ "//third_party/angle:translator_fuzzer" ]
libfuzzer_options = [ "max_len=1000" ]
dict = "dicts/webgl-glsl.dict"
}
fuzzer_test("sha1_fuzzer") {
sources = [ "sha1_fuzzer.cc" ]
deps = [ "//base" ]
}
fuzzer_test("hash_fuzzer") {
sources = [ "hash_fuzzer.cc" ]
deps = [ "//base" ]
}
action("gen_javascript_parser_proto") {
# Only targets in this file and the top-level visibility target can
# depend on this.
visibility = [ ":*" ]
script = "generate_javascript_parser_proto.py"
sources = [ "dicts/javascript_parser_proto.dict" ]
outputs = [
"$target_gen_dir/javascript_parser.proto",
"$target_gen_dir/javascript_parser_proto_to_string.cc",
]
args = rebase_path(outputs, root_build_dir) +
rebase_path(sources, root_build_dir)
}
proto_library("javascript_parser_proto") {
sources = [ "$target_gen_dir/javascript_parser.proto" ]
proto_deps = [ ":gen_javascript_parser_proto" ]
proto_out_dir = ""
}
fuzzer_test("javascript_parser_proto_fuzzer") {
generated_sources = [ "$target_gen_dir/javascript_parser_proto_to_string.cc" ]
sources = [
"javascript_parser_proto_fuzzer.cc",
"javascript_parser_proto_to_string.h",
]
deps = [
":gen_javascript_parser_proto",
":javascript_parser_proto",
"//third_party/libprotobuf-mutator",
"//v8:v8",
"//v8:v8_libplatform",
]
}
fuzzer_test("v8_fully_instrumented_fuzzer") {
sources = [ "v8_fuzzer.cc" ]
deps = [
"//base",
"//v8:v8",
"//v8:v8_libplatform",
]
dict = "dicts/generated/javascript.dict"
asan_options = [
"allow_user_segv_handler=1",
"handle_sigtrap=1",
]
msan_options = [ "handle_sigtrap=1" ]
ubsan_options = [
"handle_sigtrap=1",
"handle_segv=1",
]
libfuzzer_options = [ "only_ascii=1" ]
}
fuzzer_test("skia_image_filter_proto_fuzzer") {
sources = [ "skia_image_filter_proto_fuzzer.cc" ]
deps = [
"//base",
"//base/test:test_support",
"//skia",
"//testing/libfuzzer/proto:skia_image_filter_converter",
"//testing/libfuzzer/proto:skia_image_filter_proto",
"//third_party/libprotobuf-mutator",
]
}
fuzzer_test("libyuv_scale_fuzzer") {
sources = [ "libyuv_scale_fuzzer.cc" ]
deps = [ "//third_party/libyuv" ]
}
proto_library("command_buffer_lpm_fuzzer_proto") {
sources = [ "command_buffer_lpm_fuzzer/cmd_buf_lpm_fuzz.proto" ]
use_protobuf_full = true
deps = [ "//third_party/protobuf:protobuf_full" ]
}
fuzzer_test("command_buffer_lpm_fuzzer") {
sources = [
"command_buffer_lpm_fuzzer/cmd_buf_lpm_fuzz.cc",
"command_buffer_lpm_fuzzer/cmd_buf_lpm_fuzz.h",
"command_buffer_lpm_fuzzer/webgpu_support.cc",
"command_buffer_lpm_fuzzer/webgpu_support.h",
]
# This is a hack. These files should be pulled in as a result of the
# dependency on //gpu:webgpu which has a public dependency on
# //gpu/command_buffer/client:webgpu_sources, but for some reason these files
# get dropped in component builds, so manually add them to the sources here.
if (is_component_build) {
sources += [
"//gpu/command_buffer/client/webgpu_implementation.cc",
"//gpu/command_buffer/client/webgpu_implementation.h",
]
if (use_dawn) {
sources += [
"//gpu/command_buffer/client/dawn_client_memory_transfer_service.cc",
"//gpu/command_buffer/client/dawn_client_memory_transfer_service.h",
"//gpu/command_buffer/client/dawn_client_serializer.cc",
"//gpu/command_buffer/client/dawn_client_serializer.h",
]
}
}
deps = [
":command_buffer_lpm_fuzzer_proto",
"//base",
"//base/test:test_support",
"//base/third_party/dynamic_annotations",
"//build:chromeos_buildflags",
"//components/viz/common:resource_format",
"//components/viz/test:test_support", # TODO: huge; is there something more
# targeted?
"//content/public/common:static_switches",
"//gpu:gles2",
"//gpu:gpu",
"//gpu:test_support",
"//gpu:webgpu",
"//gpu/command_buffer/client",
"//gpu/command_buffer/client:gles2_c_lib",
"//gpu/command_buffer/client:gles2_implementation",
"//gpu/command_buffer/common",
"//gpu/command_buffer/common:gles2_utils",
"//gpu/command_buffer/service",
"//gpu/config",
"//gpu/ipc:gl_in_process_context",
"//gpu/ipc/client",
"//gpu/ipc/common",
"//gpu/ipc/host",
"//gpu/ipc/service:service",
"//gpu/webgpu:common",
"//mojo/core/embedder",
"//mojo/core/embedder",
"//mojo/public/cpp/bindings",
"//testing/gmock",
"//testing/gtest:gtest",
"//third_party/libprotobuf-mutator",
"//ui/gfx:gfx",
"//ui/gl:gl",
"//ui/gl:test_support",
"//ui/gl/init:init",
"//url",
]
if (use_dawn) {
deps += [
"//third_party/dawn/src/dawn:cpp",
"//third_party/dawn/src/dawn:proc",
"//third_party/dawn/src/dawn/native",
]
}
libfuzzer_options = [ "max_len=16384" ]
}