components/zucchini/fuzzers/raw_gen_fuzzer.cc - chromium/src - Git at Google

 // Copyright 2018 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include <stdint.h>

 #include <iostream>
 #include <memory>

 #include "base/environment.h"
 #include "base/logging.h"
 #include "components/zucchini/buffer_sink.h"
 #include "components/zucchini/buffer_view.h"
 #include "components/zucchini/fuzzers/file_pair.pb.h"
 #include "components/zucchini/patch_writer.h"
 #include "components/zucchini/zucchini_gen.h"
 #include "testing/libfuzzer/proto/lpm_interface.h"

 namespace {

 constexpr size_t kMinImageSize = 16;
 constexpr size_t kMaxImageSize = 1024;

 }  // namespace

 struct Environment {
   Environment() {
     logging::SetMinLogLevel(logging::LOG_FATAL);  // Disable console spamming.
   }
 };

 Environment* env = new Environment();

 DEFINE_BINARY_PROTO_FUZZER(const zucchini::fuzzers::FilePair& file_pair) {
   // Dump code for debugging.
   if (base::Environment::Create()->HasVar("LPM_DUMP_NATIVE_INPUT")) {
     std::cout << "Old File: " << file_pair.old_file() << std::endl
               << "New File: " << file_pair.new_or_patch_file() << std::endl;
   }

   // Prepare data.
   zucchini::ConstBufferView old_image(
       reinterpret_cast<const uint8_t*>(file_pair.old_file().data()),
       file_pair.old_file().size());
   zucchini::ConstBufferView new_image(
       reinterpret_cast<const uint8_t*>(file_pair.new_or_patch_file().data()),
       file_pair.new_or_patch_file().size());

   // Restrict image sizes to speed up fuzzing.
   if (old_image.size() < kMinImageSize || old_image.size() > kMaxImageSize ||
       new_image.size() < kMinImageSize || new_image.size() > kMaxImageSize) {
     return;
   }

   // Generate a patch writer.
   zucchini::EnsemblePatchWriter patch_writer(old_image, new_image);

   // Fuzz Target.
   zucchini::GenerateBufferRaw(old_image, new_image, &patch_writer);

   // Check that the patch size is sane. Crash the fuzzer if this isn't the case
   // as it is a failure in Zucchini's patch performance that is worth
   // investigating.
   size_t patch_size = patch_writer.SerializedSize();
   CHECK_LE(patch_size, kMaxImageSize * 2);

   // Write to buffer to avoid IO.
   std::unique_ptr<uint8_t[]> patch_data(new uint8_t[patch_size]);
   zucchini::BufferSink patch(patch_data.get(), patch_size);
   patch_writer.SerializeInto(patch);
 }
	// Copyright 2018 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include <stdint.h>

	#include <iostream>
	#include <memory>

	#include "base/environment.h"
	#include "base/logging.h"
	#include "components/zucchini/buffer_sink.h"
	#include "components/zucchini/buffer_view.h"
	#include "components/zucchini/fuzzers/file_pair.pb.h"
	#include "components/zucchini/patch_writer.h"
	#include "components/zucchini/zucchini_gen.h"
	#include "testing/libfuzzer/proto/lpm_interface.h"

	namespace {

	constexpr size_t kMinImageSize = 16;
	constexpr size_t kMaxImageSize = 1024;

	} // namespace

	struct Environment {
	Environment() {
	logging::SetMinLogLevel(logging::LOG_FATAL); // Disable console spamming.
	}
	};

	Environment* env = new Environment();

	DEFINE_BINARY_PROTO_FUZZER(const zucchini::fuzzers::FilePair& file_pair) {
	// Dump code for debugging.
	if (base::Environment::Create()->HasVar("LPM_DUMP_NATIVE_INPUT")) {
	std::cout << "Old File: " << file_pair.old_file() << std::endl
	<< "New File: " << file_pair.new_or_patch_file() << std::endl;
	}

	// Prepare data.
	zucchini::ConstBufferView old_image(
	reinterpret_cast<const uint8_t*>(file_pair.old_file().data()),
	file_pair.old_file().size());
	zucchini::ConstBufferView new_image(
	reinterpret_cast<const uint8_t*>(file_pair.new_or_patch_file().data()),
	file_pair.new_or_patch_file().size());

	// Restrict image sizes to speed up fuzzing.
	if (old_image.size() < kMinImageSize \|\| old_image.size() > kMaxImageSize \|\|
	new_image.size() < kMinImageSize \|\| new_image.size() > kMaxImageSize) {
	return;
	}

	// Generate a patch writer.
	zucchini::EnsemblePatchWriter patch_writer(old_image, new_image);

	// Fuzz Target.
	zucchini::GenerateBufferRaw(old_image, new_image, &patch_writer);

	// Check that the patch size is sane. Crash the fuzzer if this isn't the case
	// as it is a failure in Zucchini's patch performance that is worth
	// investigating.
	size_t patch_size = patch_writer.SerializedSize();
	CHECK_LE(patch_size, kMaxImageSize * 2);

	// Write to buffer to avoid IO.
	std::unique_ptr<uint8_t[]> patch_data(new uint8_t[patch_size]);
	zucchini::BufferSink patch(patch_data.get(), patch_size);
	patch_writer.SerializeInto(patch);
	}