util/fuzz-tests: Add fuzzer for jpeg decoder
Mostly a proof of concept for adding fuzzing to our tree. Change-Id: I10e5ef3a426b9c74c288d7232a6d11a1ca59833b Signed-off-by: Patrick Georgi <patrick@georgi-clan.de> Reviewed-on: http://review.coreboot.org/12183 Tested-by: build bot (Jenkins) Reviewed-by: Martin Roth <martinroth@google.com>
This commit is contained in:
parent
5907eb8f5a
commit
8f5053c626
|
@ -0,0 +1,5 @@
|
||||||
|
all:
|
||||||
|
afl-gcc -g -m32 -I ../../src/lib -o jpeg-test jpeg-test.c ../../src/lib/jpeg.c
|
||||||
|
|
||||||
|
run:
|
||||||
|
afl-fuzz -i jpeg-test-cases -o jpeg-results ./jpeg-test @@
|
|
@ -0,0 +1,11 @@
|
||||||
|
Fuzz tests
|
||||||
|
==========
|
||||||
|
make run (with afl-fuzz installed) takes a real long time and creates test
|
||||||
|
cases in jpeg-results/ that crash the jpeg code.
|
||||||
|
|
||||||
|
These test cases can then be used to gdb the test app and dig into the
|
||||||
|
decoder to fix the issues.
|
||||||
|
|
||||||
|
This is mostly a proof of concept because the jpeg code isn't used very often
|
||||||
|
(only for splash screens). However there are other regions in coreboot that
|
||||||
|
could benefit from similar treatment.
|
Binary file not shown.
After Width: | Height: | Size: 711 B |
Binary file not shown.
After Width: | Height: | Size: 285 B |
|
@ -0,0 +1,53 @@
|
||||||
|
/*
|
||||||
|
* This file is part of the coreboot project.
|
||||||
|
*
|
||||||
|
* Copyright 2015 Google Inc.
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; version 2 of the License.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, write to the Free Software
|
||||||
|
* Foundation, Inc.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#include "jpeg.h"
|
||||||
|
|
||||||
|
const int depth = 16;
|
||||||
|
|
||||||
|
int main(int argc, char **argv)
|
||||||
|
{
|
||||||
|
FILE *f = fopen(argv[1], "rb");
|
||||||
|
unsigned long len;
|
||||||
|
|
||||||
|
if (!f)
|
||||||
|
return 1;
|
||||||
|
if (fseek(f, 0, SEEK_END) != 0)
|
||||||
|
return 1;
|
||||||
|
len = ftell(f);
|
||||||
|
if (fseek(f, 0, SEEK_SET) != 0)
|
||||||
|
return 1;
|
||||||
|
|
||||||
|
char *buf = malloc(len);
|
||||||
|
struct jpeg_decdata *decdata = malloc(sizeof(*decdata));
|
||||||
|
if (fread(buf, len, 1, f) != 1)
|
||||||
|
return 1;
|
||||||
|
fclose(f);
|
||||||
|
|
||||||
|
int width;
|
||||||
|
int height;
|
||||||
|
jpeg_fetch_size(buf, &width, &height);
|
||||||
|
//printf("width: %d, height: %d\n", width, height);
|
||||||
|
char *pic = malloc(depth / 8 * width * height);
|
||||||
|
int ret = jpeg_decode(buf, pic, width, height, depth, decdata);
|
||||||
|
//printf("ret: %x\n", ret);
|
||||||
|
return ret;
|
||||||
|
}
|
Loading…
Reference in New Issue