1*a03ca8b9SKrzysztof Kosiński# Copyright 2018 The Chromium Authors. All rights reserved. 2*a03ca8b9SKrzysztof Kosiński# Use of this source code is governed by a BSD-style license that can be 3*a03ca8b9SKrzysztof Kosiński# found in the LICENSE file. 4*a03ca8b9SKrzysztof Kosiński 5*a03ca8b9SKrzysztof Kosińskiimport("//testing/libfuzzer/fuzzer_test.gni") 6*a03ca8b9SKrzysztof Kosińskiimport("//third_party/protobuf/proto_library.gni") 7*a03ca8b9SKrzysztof Kosiński 8*a03ca8b9SKrzysztof Kosińskistatic_library("zucchini_fuzz_utils") { 9*a03ca8b9SKrzysztof Kosiński sources = [ 10*a03ca8b9SKrzysztof Kosiński "fuzz_utils.cc", 11*a03ca8b9SKrzysztof Kosiński "fuzz_utils.h", 12*a03ca8b9SKrzysztof Kosiński ] 13*a03ca8b9SKrzysztof Kosiński deps = [ 14*a03ca8b9SKrzysztof Kosiński "//base", 15*a03ca8b9SKrzysztof Kosiński "//components/zucchini:zucchini_lib", 16*a03ca8b9SKrzysztof Kosiński ] 17*a03ca8b9SKrzysztof Kosiński} 18*a03ca8b9SKrzysztof Kosiński 19*a03ca8b9SKrzysztof Kosiński# To download the corpus for local fuzzing use: 20*a03ca8b9SKrzysztof Kosiński# gsutil -m rsync \ 21*a03ca8b9SKrzysztof Kosiński# gs://clusterfuzz-corpus/libfuzzer/zucchini_disassembler_dex_fuzzer \ 22*a03ca8b9SKrzysztof Kosiński# components/zucchini/fuzzing/testdata/disassembler_dex_fuzzer/ 23*a03ca8b9SKrzysztof Kosińskifuzzer_test("zucchini_disassembler_dex_fuzzer") { 24*a03ca8b9SKrzysztof Kosiński sources = [ "disassembler_dex_fuzzer.cc" ] 25*a03ca8b9SKrzysztof Kosiński deps = [ 26*a03ca8b9SKrzysztof Kosiński "//base", 27*a03ca8b9SKrzysztof Kosiński "//components/zucchini:zucchini_lib", 28*a03ca8b9SKrzysztof Kosiński ] 29*a03ca8b9SKrzysztof Kosiński} 30*a03ca8b9SKrzysztof Kosiński 31*a03ca8b9SKrzysztof Kosiński# To download the corpus for local fuzzing use: 32*a03ca8b9SKrzysztof Kosiński# gsutil -m rsync \ 33*a03ca8b9SKrzysztof Kosiński# gs://clusterfuzz-corpus/libfuzzer/zucchini_disassembler_win32_fuzzer \ 34*a03ca8b9SKrzysztof Kosiński# components/zucchini/fuzzing/testdata/disassembler_win32_fuzzer/ 35*a03ca8b9SKrzysztof Kosińskifuzzer_test("zucchini_disassembler_win32_fuzzer") { 36*a03ca8b9SKrzysztof Kosiński sources = [ "disassembler_win32_fuzzer.cc" ] 37*a03ca8b9SKrzysztof Kosiński deps = [ 38*a03ca8b9SKrzysztof Kosiński ":zucchini_fuzz_utils", 39*a03ca8b9SKrzysztof Kosiński "//base", 40*a03ca8b9SKrzysztof Kosiński "//components/zucchini:zucchini_lib", 41*a03ca8b9SKrzysztof Kosiński ] 42*a03ca8b9SKrzysztof Kosiński} 43*a03ca8b9SKrzysztof Kosiński 44*a03ca8b9SKrzysztof Kosiński# To download the corpus for local fuzzing use: 45*a03ca8b9SKrzysztof Kosiński# gsutil -m rsync \ 46*a03ca8b9SKrzysztof Kosiński# gs://clusterfuzz-corpus/libfuzzer/zucchini_disassembler_elf_fuzzer \ 47*a03ca8b9SKrzysztof Kosiński# components/zucchini/fuzzing/testdata/disassembler_elf_fuzzer/ 48*a03ca8b9SKrzysztof Kosińskifuzzer_test("zucchini_disassembler_elf_fuzzer") { 49*a03ca8b9SKrzysztof Kosiński sources = [ "disassembler_elf_fuzzer.cc" ] 50*a03ca8b9SKrzysztof Kosiński deps = [ 51*a03ca8b9SKrzysztof Kosiński ":zucchini_fuzz_utils", 52*a03ca8b9SKrzysztof Kosiński "//base", 53*a03ca8b9SKrzysztof Kosiński "//components/zucchini:zucchini_lib", 54*a03ca8b9SKrzysztof Kosiński ] 55*a03ca8b9SKrzysztof Kosiński} 56*a03ca8b9SKrzysztof Kosiński 57*a03ca8b9SKrzysztof Kosińskifuzzer_test("zucchini_patch_fuzzer") { 58*a03ca8b9SKrzysztof Kosiński sources = [ "patch_fuzzer.cc" ] 59*a03ca8b9SKrzysztof Kosiński deps = [ 60*a03ca8b9SKrzysztof Kosiński "//base", 61*a03ca8b9SKrzysztof Kosiński "//components/zucchini:zucchini_lib", 62*a03ca8b9SKrzysztof Kosiński ] 63*a03ca8b9SKrzysztof Kosiński seed_corpus = "testdata/patch_fuzzer" 64*a03ca8b9SKrzysztof Kosiński} 65*a03ca8b9SKrzysztof Kosiński 66*a03ca8b9SKrzysztof Kosińskiproto_library("zucchini_file_pair_proto") { 67*a03ca8b9SKrzysztof Kosiński sources = [ "file_pair.proto" ] 68*a03ca8b9SKrzysztof Kosiński} 69*a03ca8b9SKrzysztof Kosiński 70*a03ca8b9SKrzysztof Kosiński# Ensure protoc is available. 71*a03ca8b9SKrzysztof Kosiński# Disabled on Windows due to crbug/844826. 72*a03ca8b9SKrzysztof Kosińskiif (current_toolchain == host_toolchain && !is_win) { 73*a03ca8b9SKrzysztof Kosiński # Raw Apply Fuzzer Seed: 74*a03ca8b9SKrzysztof Kosiński action("zucchini_raw_apply_seed") { 75*a03ca8b9SKrzysztof Kosiński script = "generate_fuzzer_data.py" 76*a03ca8b9SKrzysztof Kosiński 77*a03ca8b9SKrzysztof Kosiński args = [ 78*a03ca8b9SKrzysztof Kosiński "--raw", 79*a03ca8b9SKrzysztof Kosiński "old_eventlog_provider.dll", # <old_file> 80*a03ca8b9SKrzysztof Kosiński "new_eventlog_provider.dll", # <new_file> 81*a03ca8b9SKrzysztof Kosiński 82*a03ca8b9SKrzysztof Kosiński # <patch_file> (temporary) 83*a03ca8b9SKrzysztof Kosiński rebase_path( 84*a03ca8b9SKrzysztof Kosiński "$target_gen_dir/testdata/apply_fuzzer/eventlog_provider.patch", 85*a03ca8b9SKrzysztof Kosiński root_build_dir), 86*a03ca8b9SKrzysztof Kosiński 87*a03ca8b9SKrzysztof Kosiński # <output_file> 88*a03ca8b9SKrzysztof Kosiński rebase_path( 89*a03ca8b9SKrzysztof Kosiński "$target_gen_dir/testdata/apply_fuzzer/raw_apply_seed_proto.bin", 90*a03ca8b9SKrzysztof Kosiński root_build_dir), 91*a03ca8b9SKrzysztof Kosiński ] 92*a03ca8b9SKrzysztof Kosiński 93*a03ca8b9SKrzysztof Kosiński # Files depended upon. 94*a03ca8b9SKrzysztof Kosiński sources = [ 95*a03ca8b9SKrzysztof Kosiński "create_seed_file_pair.py", 96*a03ca8b9SKrzysztof Kosiński "testdata/new_eventlog_provider.dll", 97*a03ca8b9SKrzysztof Kosiński "testdata/old_eventlog_provider.dll", 98*a03ca8b9SKrzysztof Kosiński ] 99*a03ca8b9SKrzysztof Kosiński 100*a03ca8b9SKrzysztof Kosiński # Outputs: necessary for validation. 101*a03ca8b9SKrzysztof Kosiński outputs = 102*a03ca8b9SKrzysztof Kosiński [ "$target_gen_dir/testdata/apply_fuzzer/raw_apply_seed_proto.bin" ] 103*a03ca8b9SKrzysztof Kosiński deps = [ 104*a03ca8b9SKrzysztof Kosiński "//components/zucchini:zucchini", 105*a03ca8b9SKrzysztof Kosiński "//third_party/protobuf:protoc", 106*a03ca8b9SKrzysztof Kosiński ] 107*a03ca8b9SKrzysztof Kosiński } 108*a03ca8b9SKrzysztof Kosiński 109*a03ca8b9SKrzysztof Kosiński # ZTF Apply Fuzzer Seed: 110*a03ca8b9SKrzysztof Kosiński action("zucchini_ztf_apply_seed") { 111*a03ca8b9SKrzysztof Kosiński script = "generate_fuzzer_data.py" 112*a03ca8b9SKrzysztof Kosiński 113*a03ca8b9SKrzysztof Kosiński # *.ztf files are expected to be valid ZTF format. 114*a03ca8b9SKrzysztof Kosiński args = [ 115*a03ca8b9SKrzysztof Kosiński "old.ztf", # <old_file> 116*a03ca8b9SKrzysztof Kosiński "new.ztf", # <new_file> 117*a03ca8b9SKrzysztof Kosiński 118*a03ca8b9SKrzysztof Kosiński # <patch_file> (temporary) 119*a03ca8b9SKrzysztof Kosiński rebase_path("$target_gen_dir/testdata/apply_fuzzer/ztf.patch", 120*a03ca8b9SKrzysztof Kosiński root_build_dir), 121*a03ca8b9SKrzysztof Kosiński 122*a03ca8b9SKrzysztof Kosiński # <output_file> 123*a03ca8b9SKrzysztof Kosiński rebase_path( 124*a03ca8b9SKrzysztof Kosiński "$target_gen_dir/testdata/apply_fuzzer/ztf_apply_seed_proto.bin", 125*a03ca8b9SKrzysztof Kosiński root_build_dir), 126*a03ca8b9SKrzysztof Kosiński ] 127*a03ca8b9SKrzysztof Kosiński 128*a03ca8b9SKrzysztof Kosiński # Files depended upon. 129*a03ca8b9SKrzysztof Kosiński sources = [ 130*a03ca8b9SKrzysztof Kosiński "create_seed_file_pair.py", 131*a03ca8b9SKrzysztof Kosiński "testdata/new.ztf", 132*a03ca8b9SKrzysztof Kosiński "testdata/old.ztf", 133*a03ca8b9SKrzysztof Kosiński ] 134*a03ca8b9SKrzysztof Kosiński 135*a03ca8b9SKrzysztof Kosiński # Outputs: necessary for validation. 136*a03ca8b9SKrzysztof Kosiński outputs = 137*a03ca8b9SKrzysztof Kosiński [ "$target_gen_dir/testdata/apply_fuzzer/ztf_apply_seed_proto.bin" ] 138*a03ca8b9SKrzysztof Kosiński deps = [ 139*a03ca8b9SKrzysztof Kosiński "//components/zucchini:zucchini", 140*a03ca8b9SKrzysztof Kosiński "//third_party/protobuf:protoc", 141*a03ca8b9SKrzysztof Kosiński ] 142*a03ca8b9SKrzysztof Kosiński } 143*a03ca8b9SKrzysztof Kosiński 144*a03ca8b9SKrzysztof Kosiński # Apply Fuzzer: 145*a03ca8b9SKrzysztof Kosiński fuzzer_test("zucchini_apply_fuzzer") { 146*a03ca8b9SKrzysztof Kosiński sources = [ "apply_fuzzer.cc" ] 147*a03ca8b9SKrzysztof Kosiński deps = [ 148*a03ca8b9SKrzysztof Kosiński ":zucchini_file_pair_proto", 149*a03ca8b9SKrzysztof Kosiński "//base", 150*a03ca8b9SKrzysztof Kosiński "//components/zucchini:zucchini_lib", 151*a03ca8b9SKrzysztof Kosiński "//third_party/libprotobuf-mutator", 152*a03ca8b9SKrzysztof Kosiński ] 153*a03ca8b9SKrzysztof Kosiński seed_corpus = "$target_gen_dir/testdata/apply_fuzzer" 154*a03ca8b9SKrzysztof Kosiński seed_corpus_deps = [ 155*a03ca8b9SKrzysztof Kosiński ":zucchini_raw_apply_seed", 156*a03ca8b9SKrzysztof Kosiński ":zucchini_ztf_apply_seed", 157*a03ca8b9SKrzysztof Kosiński ] 158*a03ca8b9SKrzysztof Kosiński } 159*a03ca8b9SKrzysztof Kosiński 160*a03ca8b9SKrzysztof Kosiński # For Gen fuzzers seeds can be created from this directory with: 161*a03ca8b9SKrzysztof Kosiński # python create_seed_file_pair.py <protoc> <old file> <new file> <out file> 162*a03ca8b9SKrzysztof Kosiński # [--imposed=<imposed>] 163*a03ca8b9SKrzysztof Kosiński 164*a03ca8b9SKrzysztof Kosiński # Raw Gen Fuzzer: 165*a03ca8b9SKrzysztof Kosiński # <old file>: testdata/old.ztf 166*a03ca8b9SKrzysztof Kosiński # <new file>: testdata/new.ztf 167*a03ca8b9SKrzysztof Kosiński # <out file>: testdata/raw_or_ztf_gen_fuzzer/seed.asciipb 168*a03ca8b9SKrzysztof Kosiński fuzzer_test("zucchini_raw_gen_fuzzer") { 169*a03ca8b9SKrzysztof Kosiński sources = [ "raw_gen_fuzzer.cc" ] 170*a03ca8b9SKrzysztof Kosiński deps = [ 171*a03ca8b9SKrzysztof Kosiński ":zucchini_file_pair_proto", 172*a03ca8b9SKrzysztof Kosiński "//base", 173*a03ca8b9SKrzysztof Kosiński "//components/zucchini:zucchini_lib", 174*a03ca8b9SKrzysztof Kosiński "//third_party/libprotobuf-mutator", 175*a03ca8b9SKrzysztof Kosiński ] 176*a03ca8b9SKrzysztof Kosiński seed_corpus = "testdata/raw_or_ztf_gen_fuzzer" 177*a03ca8b9SKrzysztof Kosiński } 178*a03ca8b9SKrzysztof Kosiński 179*a03ca8b9SKrzysztof Kosiński # ZTF Gen Fuzzer: 180*a03ca8b9SKrzysztof Kosiński # <old file>: testdata/old.ztf 181*a03ca8b9SKrzysztof Kosiński # <new file>: testdata/new.ztf 182*a03ca8b9SKrzysztof Kosiński # <out file>: testdata/raw_or_ztf_gen_fuzzer/seed.asciipb 183*a03ca8b9SKrzysztof Kosiński fuzzer_test("zucchini_ztf_gen_fuzzer") { 184*a03ca8b9SKrzysztof Kosiński sources = [ "ztf_gen_fuzzer.cc" ] 185*a03ca8b9SKrzysztof Kosiński deps = [ 186*a03ca8b9SKrzysztof Kosiński ":zucchini_file_pair_proto", 187*a03ca8b9SKrzysztof Kosiński "//base", 188*a03ca8b9SKrzysztof Kosiński "//components/zucchini:zucchini_lib", 189*a03ca8b9SKrzysztof Kosiński "//third_party/libprotobuf-mutator", 190*a03ca8b9SKrzysztof Kosiński ] 191*a03ca8b9SKrzysztof Kosiński seed_corpus = "testdata/raw_or_ztf_gen_fuzzer" 192*a03ca8b9SKrzysztof Kosiński } 193*a03ca8b9SKrzysztof Kosiński 194*a03ca8b9SKrzysztof Kosiński # Imposed Ensemble Match Fuzzer: 195*a03ca8b9SKrzysztof Kosiński # <old file>: testdata/old_imposed_archive.txt 196*a03ca8b9SKrzysztof Kosiński # <new file>: testdata/new_imposed_archive.txt 197*a03ca8b9SKrzysztof Kosiński # <out file>: testdata/imposed_ensemble_matcher_fuzzer/seed.asciipb 198*a03ca8b9SKrzysztof Kosiński # <imposed>: 17+420=388+347,452+420=27+347 199*a03ca8b9SKrzysztof Kosiński # This is a mapping of regions old_offset+old_size=new_offset+new_size,... 200*a03ca8b9SKrzysztof Kosiński fuzzer_test("zucchini_imposed_ensemble_matcher_fuzzer") { 201*a03ca8b9SKrzysztof Kosiński sources = [ "imposed_ensemble_matcher_fuzzer.cc" ] 202*a03ca8b9SKrzysztof Kosiński deps = [ 203*a03ca8b9SKrzysztof Kosiński ":zucchini_file_pair_proto", 204*a03ca8b9SKrzysztof Kosiński "//base", 205*a03ca8b9SKrzysztof Kosiński "//components/zucchini:zucchini_lib", 206*a03ca8b9SKrzysztof Kosiński "//third_party/libprotobuf-mutator", 207*a03ca8b9SKrzysztof Kosiński ] 208*a03ca8b9SKrzysztof Kosiński seed_corpus = "testdata/imposed_ensemble_matcher_fuzzer" 209*a03ca8b9SKrzysztof Kosiński } 210*a03ca8b9SKrzysztof Kosiński} 211