YGGverse
/
xash3d-fwgs
mirror of https://github.com/YGGverse/xash3d-fwgs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

engine: first attempts on fuzzing the engine

pull/2/head
Alibek Omarov 3 years ago
parent
204544f50f
commit
5aa6bfee85
7 changed files with 143 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      engine/common/imagelib/img_main.c
  2. 22
      engine/common/soundlib/snd_main.c
  3. 17
      engine/common/tests.h
  4. 7
      engine/wscript
  5. 34
      utils/run-fuzzer/run-fuzzer.c
  6. 40
      utils/run-fuzzer/wscript
  7. 13
      wscript

21
engine/common/imagelib/img_main.c
Unescape View File

@ -566,4 +566,25 @@ void Test_RunImagelib( void ) @@ -566,4 +566,25 @@ void Test_RunImagelib( void )
Z_Free( rgb.buffer );
}
#define IMPLEMENT_IMAGELIB_FUZZ_TARGET( export, target ) \
int EXPORT export( const uint8_t *Data, size_t Size ) \
{ \
rgbdata_t *rgb; \
host.type = HOST_NORMAL; \
Memory_Init(); \
Image_Init(); \
if( target( "#internal", Data, Size )) \
{ \
rgb = ImagePack(); \
FS_FreeImage( rgb ); \
} \
Image_Shutdown(); \
return 0; \
} \
IMPLEMENT_IMAGELIB_FUZZ_TARGET( Fuzz_Image_LoadBMP, Image_LoadBMP )
IMPLEMENT_IMAGELIB_FUZZ_TARGET( Fuzz_Image_LoadPNG, Image_LoadPNG )
IMPLEMENT_IMAGELIB_FUZZ_TARGET( Fuzz_Image_LoadDDS, Image_LoadDDS )
IMPLEMENT_IMAGELIB_FUZZ_TARGET( Fuzz_Image_LoadTGA, Image_LoadTGA )
#endif /* XASH_ENGINE_TESTS */

22
engine/common/soundlib/snd_main.c
Unescape View File

@ -278,3 +278,25 @@ void FS_FreeStream( stream_t *stream ) @@ -278,3 +278,25 @@ void FS_FreeStream( stream_t *stream )
stream->format->freefunc( stream );
}
#if XASH_ENGINE_TESTS
#define IMPLEMENT_SOUNDLIB_FUZZ_TARGET( export, target ) \
int EXPORT export( const uint8_t *Data, size_t Size ) \
{ \
wavdata_t *wav; \
host.type = HOST_NORMAL; \
Memory_Init(); \
Sound_Init(); \
if( target( "#internal", Data, Size )) \
{ \
wav = SoundPack(); \
FS_FreeSound( wav ); \
} \
Sound_Shutdown(); \
return 0; \
} \
IMPLEMENT_SOUNDLIB_FUZZ_TARGET( Fuzz_Sound_LoadMPG, Sound_LoadMPG )
IMPLEMENT_SOUNDLIB_FUZZ_TARGET( Fuzz_Sound_LoadWAV, Sound_LoadWAV )
#endif

17
engine/common/tests.h
Unescape View File

@ -15,21 +15,20 @@ extern struct tests_stats_s tests_stats; @@ -15,21 +15,20 @@ extern struct tests_stats_s tests_stats;
x; \
Msg( "Finished " #x "\n" )
#define TASSERT( exp ) \
if(!( exp )) \
#define _TASSERT( exp, msg ) \
if( exp ) \
{ \
tests_stats.failed++; \
Msg( S_ERROR "assert failed at %s:%i\n", __FILE__, __LINE__ ); \
msg; \
} \
else tests_stats.passed++;
#define TASSERT( exp ) \
_TASSERT( !(exp), Msg( S_ERROR "assert failed at %s:%i\n", __FILE__, __LINE__ ) )
#define TASSERT_EQi( val1, val2 ) \
_TASSERT( ( val1 ) != ( val2 ), Msg( S_ERROR "assert failed at %s:%i, \"%d\" != \"%d\"\n", __FILE__, __LINE__, #val1, #val2 ))
#define TASSERT_STR( str1, str2 ) \
if( Q_strcmp(( str1 ), ( str2 ))) \
{ \
tests_stats.failed++; \
Msg( S_ERROR "assert failed at %s:%i, \"%s\" != \"%s\"\n", __FILE__, __LINE__, ( str1 ), ( str2 )); \
} \
else tests_stats.passed++;
_TASSERT( Q_strcmp(( str1 ), ( str2 )), Msg( S_ERROR "assert failed at %s:%i, \"%s\" != \"%s\"\n", __FILE__, __LINE__, ( str1 ), ( str2 )))
void Test_RunImagelib( void );
void Test_RunLibCommon( void );

7
engine/wscript
Unescape View File

@ -32,6 +32,9 @@ def options(opt): @@ -32,6 +32,9 @@ def options(opt):
grp.add_option('--enable-engine-tests', action = 'store_true', dest = 'ENGINE_TESTS', default = False,
help = 'embed tests into the engine, jump into them by -runtests command line switch [default: %default]')
grp.add_option('--enable-engine-fuzz', action = 'store_true', dest = 'ENGINE_FUZZ', default = False,
help = 'add LLVM libFuzzer [default: %default]' )
opt.load('sdl2')
def configure(conf):
@ -87,6 +90,10 @@ def configure(conf): @@ -87,6 +90,10 @@ def configure(conf):
conf.env.ENGINE_TESTS = conf.options.ENGINE_TESTS
if conf.options.ENGINE_FUZZ:
conf.env.append_unique('CFLAGS', '-fsanitize=fuzzer-no-link')
conf.env.append_unique('LINKFLAGS', '-fsanitize=fuzzer')
conf.define_cond('XASH_ENGINE_TESTS', conf.env.ENGINE_TESTS)
conf.define_cond('XASH_STATIC_LIBS', conf.env.STATIC_LINKING)
conf.define_cond('XASH_CUSTOM_SWAP', conf.options.CUSTOM_SWAP)

34
utils/run-fuzzer/run-fuzzer.c
Unescape View File

@ -0,0 +1,34 @@ @@ -0,0 +1,34 @@
#include <dlfcn.h>
#include <stdio.h>
#include <stdlib.h>
#if !defined LIB || !defined FUNC
#error
#endif
typedef int (*FuzzFunc)(const char *Data, size_t Size);
void *handle = NULL;
FuzzFunc f = NULL;
int LLVMFuzzerTestOneInput( const char *Data, size_t Size )
{
if( !handle )
handle = dlopen( LIB, RTLD_NOW );
if( handle )
{
if( !f )
f = dlsym( handle, FUNC );
if( f )
{
return f( Data, Size );
}
}
fprintf( stderr, "Fail: %s\n", dlerror() );
abort();
return 0;
}

40
utils/run-fuzzer/wscript
Unescape View File

@ -0,0 +1,40 @@ @@ -0,0 +1,40 @@
#! /usr/bin/env python
# encoding: utf-8
# a1batross, mittorn, 2018
def options(opt):
pass
def configure(conf):
if conf.options.BUILD_TYPE != 'sanitize':
conf.fatal('useless without -T sanitize')
if conf.env.COMPILER_CC != 'clang':
conf.fatal('only clang is supported')
conf.env.append_unique('CFLAGS', '-fsanitize=fuzzer')
conf.env.append_unique('LINKFLAGS', '-fsanitize=fuzzer')
def add_runner_target(bld, lib, func):
source = bld.path.ant_glob('*.c')
includes = '.'
libs = [ 'DL' ]
bld(
source = source,
target = 'run-fuzzer-' + func,
features = 'c cprogram',
includes = includes,
use = libs,
defines = ['FUNC="Fuzz_' + func + '"', 'LIB="' + lib + '"'],
install_path = bld.env.BINDIR,
subsystem = bld.env.CONSOLE_SUBSYSTEM
)
def build(bld):
add_runner_target(bld, 'libxash.so', 'Sound_LoadMPG')
add_runner_target(bld, 'libxash.so', 'Sound_LoadWAV')
add_runner_target(bld, 'libxash.so', 'Image_LoadBMP')
add_runner_target(bld, 'libxash.so', 'Image_LoadPNG')
add_runner_target(bld, 'libxash.so', 'Image_LoadDDS')
add_runner_target(bld, 'libxash.so', 'Image_LoadTGA')

13
wscript
Unescape View File

@ -20,12 +20,13 @@ class Subproject: @@ -20,12 +20,13 @@ class Subproject:
ignore = False # if true will be ignored, set by user request
mandatory = False
def __init__(self, name, dedicated=True, singlebin=False, mandatory = False, utility = False):
def __init__(self, name, dedicated=True, singlebin=False, mandatory = False, utility = False, fuzzer = False):
self.name = name
self.dedicated = dedicated
self.singlebin = singlebin
self.mandatory = mandatory
self.utility = utility
self.fuzzer = fuzzer
def is_enabled(self, ctx):
if not self.mandatory:
@ -47,6 +48,9 @@ class Subproject: @@ -47,6 +48,9 @@ class Subproject:
if self.utility and not ctx.env.ENABLE_UTILS:
return False
if self.fuzzer and not ctx.env.ENABLE_FUZZER:
return False
return True
SUBDIRS = [
@ -60,7 +64,8 @@ SUBDIRS = [ @@ -60,7 +64,8 @@ SUBDIRS = [
Subproject('stub/client'),
Subproject('dllemu'),
Subproject('engine', dedicated=False),
Subproject('utils/mdldec', utility=True)
Subproject('utils/mdldec', utility=True),
Subproject('utils/run-fuzzer', fuzzer=True)
]
def subdirs():
@ -98,6 +103,9 @@ def options(opt): @@ -98,6 +103,9 @@ def options(opt):
grp.add_option('--enable-utils', action = 'store_true', dest = 'ENABLE_UTILS', default = False,
help = 'enable building various development utilities [default: %default]')
grp.add_option('--enable-fuzzer', action = 'store_true', dest = 'ENABLE_FUZZER', default = False,
help = 'enable building libFuzzer runner [default: %default]' )
opt.load('compiler_optimizations subproject')
for i in SUBDIRS:
@ -245,6 +253,7 @@ def configure(conf): @@ -245,6 +253,7 @@ def configure(conf):
conf.define('STDINT_H', 'pstdint.h')
conf.env.ENABLE_UTILS = conf.options.ENABLE_UTILS
conf.env.ENABLE_FUZZER = conf.options.ENABLE_FUZZER
conf.env.DEDICATED = conf.options.DEDICATED
conf.env.SINGLE_BINARY = conf.options.SINGLE_BINARY or conf.env.DEDICATED

Write Preview
Loading…
Cancel
Save