Add fuzz testing drivers for all parameters
This commit is contained in:
Daniel J. Hofmann
Patrick Niklaus
parent
3a0eed2ee5
commit
06b74c1f08
@ -13,13 +13,30 @@
|
||||
# ar ruv libFuzzer.a Fuzzer*.o
|
||||
|
||||
if (ENABLE_FUZZING)
|
||||
add_executable(driver driver.cc $<TARGET_OBJECTS:UTIL> $<TARGET_OBJECTS:SERVER>)
|
||||
target_link_libraries(driver Fuzzer osrm)
|
||||
|
||||
add_custom_target(fuzz
|
||||
DEPENDS driver
|
||||
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
|
||||
COMMAND ${CMAKE_COMMAND} -E make_directory corpus
|
||||
COMMAND driver -jobs=4 -workers=4 -max_len=4096 corpus
|
||||
COMMENT "Fuzzing libosrm" VERBATIM)
|
||||
macro(add_fuzz_target binary)
|
||||
add_executable(${binary} ${binary}.cc $<TARGET_OBJECTS:UTIL> $<TARGET_OBJECTS:SERVER>)
|
||||
target_link_libraries(${binary} Fuzzer osrm)
|
||||
target_include_directories(${binary} PUBLIC ${CMAKE_CURRENT_SOURCE_DIR})
|
||||
|
||||
add_custom_target(fuzz-${binary}
|
||||
DEPENDS ${binary}
|
||||
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
|
||||
COMMAND ${CMAKE_COMMAND} -E make_directory "corpus/${binary}"
|
||||
COMMAND ${binary} -jobs=1 -max_len=4096 "corpus/${binary}"
|
||||
COMMENT "Fuzzing ${binary}" VERBATIM)
|
||||
endmacro ()
|
||||
|
||||
set(targets
|
||||
"match_parameters"
|
||||
"nearest_parameters"
|
||||
"route_parameters"
|
||||
"table_parameters"
|
||||
"tile_parameters"
|
||||
"trip_parameters")
|
||||
|
||||
foreach (target ${targets})
|
||||
add_fuzz_target(${target})
|
||||
endforeach ()
|
||||
|
||||
endif ()
|
||||
|
||||
@ -1,32 +0,0 @@
|
||||
#include "server/api/parameters_parser.hpp"
|
||||
|
||||
#include "engine/api/base_parameters.hpp"
|
||||
#include "engine/api/match_parameters.hpp"
|
||||
#include "engine/api/nearest_parameters.hpp"
|
||||
#include "engine/api/route_parameters.hpp"
|
||||
#include "engine/api/table_parameters.hpp"
|
||||
#include "engine/api/tile_parameters.hpp"
|
||||
#include "engine/api/trip_parameters.hpp"
|
||||
|
||||
#include <iterator>
|
||||
#include <string>
|
||||
|
||||
/*
|
||||
* First pass at fuzzing the server, without any libosrm setup.
|
||||
* Later we want keep state across fuzz testing invocations via:
|
||||
*
|
||||
* struct State { State() { setup_osrm(); } };
|
||||
* static State state;
|
||||
*/
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
|
||||
{
|
||||
std::string in(reinterpret_cast<const char *>(data), size);
|
||||
|
||||
auto first = begin(in);
|
||||
const auto last = end(in);
|
||||
|
||||
(void)osrm::server::api::parseParameters<osrm::engine::api::RouteParameters>(first, last);
|
||||
|
||||
return 0; /* Always return zero, sanitizers hard-abort */
|
||||
}
|
||||
23
fuzz/match_parameters.cc
Normal file
23
fuzz/match_parameters.cc
Normal file
@ -0,0 +1,23 @@
|
||||
#include "engine/api/match_parameters.hpp"
|
||||
#include "server/api/parameters_parser.hpp"
|
||||
|
||||
#include "util.hpp"
|
||||
|
||||
#include <iterator>
|
||||
#include <string>
|
||||
|
||||
using osrm::server::api::parseParameters;
|
||||
using osrm::engine::api::MatchParameters;
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
|
||||
{
|
||||
std::string in(reinterpret_cast<const char *>(data), size);
|
||||
|
||||
auto first = begin(in);
|
||||
const auto last = end(in);
|
||||
|
||||
const auto param = parseParameters<MatchParameters>(first, last);
|
||||
escape(¶m);
|
||||
|
||||
return 0;
|
||||
}
|
||||
23
fuzz/nearest_parameters.cc
Normal file
23
fuzz/nearest_parameters.cc
Normal file
@ -0,0 +1,23 @@
|
||||
#include "engine/api/nearest_parameters.hpp"
|
||||
#include "server/api/parameters_parser.hpp"
|
||||
|
||||
#include "util.hpp"
|
||||
|
||||
#include <iterator>
|
||||
#include <string>
|
||||
|
||||
using osrm::server::api::parseParameters;
|
||||
using osrm::engine::api::NearestParameters;
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
|
||||
{
|
||||
std::string in(reinterpret_cast<const char *>(data), size);
|
||||
|
||||
auto first = begin(in);
|
||||
const auto last = end(in);
|
||||
|
||||
const auto param = parseParameters<NearestParameters>(first, last);
|
||||
escape(¶m);
|
||||
|
||||
return 0;
|
||||
}
|
||||
23
fuzz/route_parameters.cc
Normal file
23
fuzz/route_parameters.cc
Normal file
@ -0,0 +1,23 @@
|
||||
#include "engine/api/route_parameters.hpp"
|
||||
#include "server/api/parameters_parser.hpp"
|
||||
|
||||
#include "util.hpp"
|
||||
|
||||
#include <iterator>
|
||||
#include <string>
|
||||
|
||||
using osrm::server::api::parseParameters;
|
||||
using osrm::engine::api::RouteParameters;
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
|
||||
{
|
||||
std::string in(reinterpret_cast<const char *>(data), size);
|
||||
|
||||
auto first = begin(in);
|
||||
const auto last = end(in);
|
||||
|
||||
const auto param = parseParameters<RouteParameters>(first, last);
|
||||
escape(¶m);
|
||||
|
||||
return 0;
|
||||
}
|
||||
23
fuzz/table_parameters.cc
Normal file
23
fuzz/table_parameters.cc
Normal file
@ -0,0 +1,23 @@
|
||||
#include "engine/api/table_parameters.hpp"
|
||||
#include "server/api/parameters_parser.hpp"
|
||||
|
||||
#include "util.hpp"
|
||||
|
||||
#include <iterator>
|
||||
#include <string>
|
||||
|
||||
using osrm::server::api::parseParameters;
|
||||
using osrm::engine::api::TableParameters;
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
|
||||
{
|
||||
std::string in(reinterpret_cast<const char *>(data), size);
|
||||
|
||||
auto first = begin(in);
|
||||
const auto last = end(in);
|
||||
|
||||
const auto param = parseParameters<TableParameters>(first, last);
|
||||
escape(¶m);
|
||||
|
||||
return 0;
|
||||
}
|
||||
23
fuzz/tile_parameters.cc
Normal file
23
fuzz/tile_parameters.cc
Normal file
@ -0,0 +1,23 @@
|
||||
#include "engine/api/tile_parameters.hpp"
|
||||
#include "server/api/parameters_parser.hpp"
|
||||
|
||||
#include "util.hpp"
|
||||
|
||||
#include <iterator>
|
||||
#include <string>
|
||||
|
||||
using osrm::server::api::parseParameters;
|
||||
using osrm::engine::api::TileParameters;
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
|
||||
{
|
||||
std::string in(reinterpret_cast<const char *>(data), size);
|
||||
|
||||
auto first = begin(in);
|
||||
const auto last = end(in);
|
||||
|
||||
const auto param = parseParameters<TileParameters>(first, last);
|
||||
escape(¶m);
|
||||
|
||||
return 0;
|
||||
}
|
||||
23
fuzz/trip_parameters.cc
Normal file
23
fuzz/trip_parameters.cc
Normal file
@ -0,0 +1,23 @@
|
||||
#include "engine/api/trip_parameters.hpp"
|
||||
#include "server/api/parameters_parser.hpp"
|
||||
|
||||
#include "util.hpp"
|
||||
|
||||
#include <iterator>
|
||||
#include <string>
|
||||
|
||||
using osrm::server::api::parseParameters;
|
||||
using osrm::engine::api::TripParameters;
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
|
||||
{
|
||||
std::string in(reinterpret_cast<const char *>(data), size);
|
||||
|
||||
auto first = begin(in);
|
||||
const auto last = end(in);
|
||||
|
||||
const auto param = parseParameters<TripParameters>(first, last);
|
||||
escape(¶m);
|
||||
|
||||
return 0;
|
||||
}
|
||||
16
fuzz/util.hpp
Normal file
16
fuzz/util.hpp
Normal file
@ -0,0 +1,16 @@
|
||||
#ifndef OSRM_FUZZ_UTIL_HPP
|
||||
#define OSRM_FUZZ_UTIL_HPP
|
||||
|
||||
#include <type_traits>
|
||||
|
||||
// Fakes observable side effects the compiler can not optimize away
|
||||
template <typename T> inline void escape(T p)
|
||||
{
|
||||
static_assert(std::is_pointer<T>::value, "");
|
||||
asm volatile("" : : "g"((void *)p) : "memory");
|
||||
}
|
||||
|
||||
// Possibly reads and writes all the memory in your system
|
||||
inline void clobber() { asm volatile("" : : : "memory"); }
|
||||
|
||||
#endif
|
||||
Loading…
Reference in New Issue
Block a user