[libFuzzer] add fuzzer test for libxml2, finds https://bugzilla.gnome.org/show_bug.cgi?id=751631

llvm-svn: 283024
author: Kostya Serebryany <kcc@google.com> 2016-10-01 07:37:40 +0000
committer: Kostya Serebryany <kcc@google.com> 2016-10-01 07:37:40 +0000
commit: a5f1adab5608d43411bf925c530333545edd333f (patch)
tree: 2633da97c2bc3fed9664a2107f62e27ac866736e
parent: 96f7f624c98a327e6135c880c6ae81358e068022 (diff)
download: bcm5719-llvm-a5f1adab5608d43411bf925c530333545edd333f.tar.gz
bcm5719-llvm-a5f1adab5608d43411bf925c530333545edd333f.zip
3 files changed, 38 insertions, 0 deletions
diff --git a/llvm/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/build.sh b/llvm/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/build.sh
new file mode 100755
index 00000000000..5693579e861
--- /dev/null
+++ b/llvm/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/build.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+. $(dirname $0)/../common.sh
+
+build_lib() {
+  rm -rf BUILD
+  cp -rf SRC BUILD
+  (cd BUILD && ./autogen.sh && CXX="clang++ $FUZZ_CXXFLAGS" CC="clang $FUZZ_CXXFLAGS" CCLD="clang++ $FUZZ_CXXFLAGS"  ./configure && make -j $JOBS)
+}
+
+get_git_tag git://git.gnome.org/libxml2  v2.9.2 SRC
+build_lib
+build_libfuzzer
+clang++ -std=c++11  $SCRIPT_DIR/target.cc  $FUZZ_CXXFLAGS  -I BUILD/include BUILD/.libs/libxml2.a libFuzzer.a  -lz -o $EXECUTABLE_NAME_BASE
diff --git a/llvm/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/target.cc b/llvm/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/target.cc
new file mode 100644
index 00000000000..3fdcb6fbb07
--- /dev/null
+++ b/llvm/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/target.cc
@@ -0,0 +1,16 @@
+#include <string>
+#include <vector>
+#include "libxml/xmlversion.h"
+#include "libxml/parser.h"
+#include "libxml/HTMLparser.h"
+#include "libxml/tree.h"
+
+void ignore (void * ctx, const char * msg, ...) {}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  xmlSetGenericErrorFunc(NULL, &ignore);
+  if (auto doc = xmlReadMemory(reinterpret_cast<const char *>(data), size,
+                               "noname.xml", NULL, 0))
+    xmlFreeDoc(doc);
+  return 0;
+}
diff --git a/llvm/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/test.sh b/llvm/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/test.sh
new file mode 100755
index 00000000000..d645e1dd973
--- /dev/null
+++ b/llvm/lib/Fuzzer/fuzzer-test-suite/libxml2-v2.9.2/test.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+set -x
+. $(dirname $0)/../common.sh
+
+get_git_revision https://github.com/mcarpenter/afl be3e88d639da5350603f6c0fee06970128504342 afl
+rm -rf $CORPUS
+mkdir $CORPUS
+[ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -artifact_prefix=$CORPUS/ -jobs=$JOBS -dict=afl/dictionaries/xml.dict -workers=$JOBS $CORPUS
+grep "AddressSanitizer: heap-buffer-overflow" fuzz-0.log
author	Kostya Serebryany <kcc@google.com>	2016-10-01 07:37:40 +0000
committer	Kostya Serebryany <kcc@google.com>	2016-10-01 07:37:40 +0000
commit	a5f1adab5608d43411bf925c530333545edd333f (patch)
tree	2633da97c2bc3fed9664a2107f62e27ac866736e
parent	96f7f624c98a327e6135c880c6ae81358e068022 (diff)
download	bcm5719-llvm-a5f1adab5608d43411bf925c530333545edd333f.tar.gz bcm5719-llvm-a5f1adab5608d43411bf925c530333545edd333f.zip