1# Copyright 2018 The Chromium Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5import("//testing/libfuzzer/fuzzer_test.gni") 6import("//third_party/protobuf/proto_library.gni") 7 8static_library("zucchini_fuzz_utils") { 9 sources = [ 10 "fuzz_utils.cc", 11 "fuzz_utils.h", 12 ] 13 deps = [ 14 "//base", 15 "//components/zucchini:zucchini_lib", 16 ] 17} 18 19# To download the corpus for local fuzzing use: 20# gsutil -m rsync \ 21# gs://clusterfuzz-corpus/libfuzzer/zucchini_disassembler_dex_fuzzer \ 22# components/zucchini/fuzzing/testdata/disassembler_dex_fuzzer/ 23fuzzer_test("zucchini_disassembler_dex_fuzzer") { 24 sources = [ "disassembler_dex_fuzzer.cc" ] 25 deps = [ 26 "//base", 27 "//components/zucchini:zucchini_lib", 28 ] 29} 30 31# To download the corpus for local fuzzing use: 32# gsutil -m rsync \ 33# gs://clusterfuzz-corpus/libfuzzer/zucchini_disassembler_win32_fuzzer \ 34# components/zucchini/fuzzing/testdata/disassembler_win32_fuzzer/ 35fuzzer_test("zucchini_disassembler_win32_fuzzer") { 36 sources = [ "disassembler_win32_fuzzer.cc" ] 37 deps = [ 38 ":zucchini_fuzz_utils", 39 "//base", 40 "//components/zucchini:zucchini_lib", 41 ] 42} 43 44# To download the corpus for local fuzzing use: 45# gsutil -m rsync \ 46# gs://clusterfuzz-corpus/libfuzzer/zucchini_disassembler_elf_fuzzer \ 47# components/zucchini/fuzzing/testdata/disassembler_elf_fuzzer/ 48fuzzer_test("zucchini_disassembler_elf_fuzzer") { 49 sources = [ "disassembler_elf_fuzzer.cc" ] 50 deps = [ 51 ":zucchini_fuzz_utils", 52 "//base", 53 "//components/zucchini:zucchini_lib", 54 ] 55} 56 57fuzzer_test("zucchini_patch_fuzzer") { 58 sources = [ "patch_fuzzer.cc" ] 59 deps = [ 60 "//base", 61 "//components/zucchini:zucchini_lib", 62 ] 63 seed_corpus = "testdata/patch_fuzzer" 64} 65 66proto_library("zucchini_file_pair_proto") { 67 sources = [ "file_pair.proto" ] 68} 69 70# Ensure protoc is available. 71# Disabled on Windows due to crbug/844826. 72if (current_toolchain == host_toolchain && !is_win) { 73 # Raw Apply Fuzzer Seed: 74 action("zucchini_raw_apply_seed") { 75 script = "generate_fuzzer_data.py" 76 77 args = [ 78 "--raw", 79 "old_eventlog_provider.dll", # <old_file> 80 "new_eventlog_provider.dll", # <new_file> 81 82 # <patch_file> (temporary) 83 rebase_path( 84 "$target_gen_dir/testdata/apply_fuzzer/eventlog_provider.patch", 85 root_build_dir), 86 87 # <output_file> 88 rebase_path( 89 "$target_gen_dir/testdata/apply_fuzzer/raw_apply_seed_proto.bin", 90 root_build_dir), 91 ] 92 93 # Files depended upon. 94 sources = [ 95 "create_seed_file_pair.py", 96 "testdata/new_eventlog_provider.dll", 97 "testdata/old_eventlog_provider.dll", 98 ] 99 100 # Outputs: necessary for validation. 101 outputs = 102 [ "$target_gen_dir/testdata/apply_fuzzer/raw_apply_seed_proto.bin" ] 103 deps = [ 104 "//components/zucchini:zucchini", 105 "//third_party/protobuf:protoc", 106 ] 107 } 108 109 # ZTF Apply Fuzzer Seed: 110 action("zucchini_ztf_apply_seed") { 111 script = "generate_fuzzer_data.py" 112 113 # *.ztf files are expected to be valid ZTF format. 114 args = [ 115 "old.ztf", # <old_file> 116 "new.ztf", # <new_file> 117 118 # <patch_file> (temporary) 119 rebase_path("$target_gen_dir/testdata/apply_fuzzer/ztf.patch", 120 root_build_dir), 121 122 # <output_file> 123 rebase_path( 124 "$target_gen_dir/testdata/apply_fuzzer/ztf_apply_seed_proto.bin", 125 root_build_dir), 126 ] 127 128 # Files depended upon. 129 sources = [ 130 "create_seed_file_pair.py", 131 "testdata/new.ztf", 132 "testdata/old.ztf", 133 ] 134 135 # Outputs: necessary for validation. 136 outputs = 137 [ "$target_gen_dir/testdata/apply_fuzzer/ztf_apply_seed_proto.bin" ] 138 deps = [ 139 "//components/zucchini:zucchini", 140 "//third_party/protobuf:protoc", 141 ] 142 } 143 144 # Apply Fuzzer: 145 fuzzer_test("zucchini_apply_fuzzer") { 146 sources = [ "apply_fuzzer.cc" ] 147 deps = [ 148 ":zucchini_file_pair_proto", 149 "//base", 150 "//components/zucchini:zucchini_lib", 151 "//third_party/libprotobuf-mutator", 152 ] 153 seed_corpus = "$target_gen_dir/testdata/apply_fuzzer" 154 seed_corpus_deps = [ 155 ":zucchini_raw_apply_seed", 156 ":zucchini_ztf_apply_seed", 157 ] 158 } 159 160 # For Gen fuzzers seeds can be created from this directory with: 161 # python create_seed_file_pair.py <protoc> <old file> <new file> <out file> 162 # [--imposed=<imposed>] 163 164 # Raw Gen Fuzzer: 165 # <old file>: testdata/old.ztf 166 # <new file>: testdata/new.ztf 167 # <out file>: testdata/raw_or_ztf_gen_fuzzer/seed.asciipb 168 fuzzer_test("zucchini_raw_gen_fuzzer") { 169 sources = [ "raw_gen_fuzzer.cc" ] 170 deps = [ 171 ":zucchini_file_pair_proto", 172 "//base", 173 "//components/zucchini:zucchini_lib", 174 "//third_party/libprotobuf-mutator", 175 ] 176 seed_corpus = "testdata/raw_or_ztf_gen_fuzzer" 177 } 178 179 # ZTF Gen Fuzzer: 180 # <old file>: testdata/old.ztf 181 # <new file>: testdata/new.ztf 182 # <out file>: testdata/raw_or_ztf_gen_fuzzer/seed.asciipb 183 fuzzer_test("zucchini_ztf_gen_fuzzer") { 184 sources = [ "ztf_gen_fuzzer.cc" ] 185 deps = [ 186 ":zucchini_file_pair_proto", 187 "//base", 188 "//components/zucchini:zucchini_lib", 189 "//third_party/libprotobuf-mutator", 190 ] 191 seed_corpus = "testdata/raw_or_ztf_gen_fuzzer" 192 } 193 194 # Imposed Ensemble Match Fuzzer: 195 # <old file>: testdata/old_imposed_archive.txt 196 # <new file>: testdata/new_imposed_archive.txt 197 # <out file>: testdata/imposed_ensemble_matcher_fuzzer/seed.asciipb 198 # <imposed>: 17+420=388+347,452+420=27+347 199 # This is a mapping of regions old_offset+old_size=new_offset+new_size,... 200 fuzzer_test("zucchini_imposed_ensemble_matcher_fuzzer") { 201 sources = [ "imposed_ensemble_matcher_fuzzer.cc" ] 202 deps = [ 203 ":zucchini_file_pair_proto", 204 "//base", 205 "//components/zucchini:zucchini_lib", 206 "//third_party/libprotobuf-mutator", 207 ] 208 seed_corpus = "testdata/imposed_ensemble_matcher_fuzzer" 209 } 210} 211