From d52d09b5b4593c1759f4ca812e95b4c6b4537959 Mon Sep 17 00:00:00 2001 From: Yunshu Ouyang Date: Fri, 19 Jun 2020 13:41:24 +0200 Subject: [PATCH] Added Fuzzers --- fuzz/backtrace_fuzzer.cc | 43 ++++++++++++++++++++++ fuzz/format_fuzzer.cc | 72 +++++++++++++++++++++++++++++++++++++ fuzz/format_fuzzer.options | 2 ++ fuzz/levels_fuzzer.cc | 56 +++++++++++++++++++++++++++++ fuzz/levels_fuzzer.options | 2 ++ fuzz/log_fuzzer.cc | 56 +++++++++++++++++++++++++++++ fuzz/log_fuzzer.options | 2 ++ fuzz/pattern_fuzzer.cc | 38 ++++++++++++++++++++ fuzz/pattern_fuzzer.options | 2 ++ fuzz/spdlog_fuzzer.dict | 20 +++++++++++ 10 files changed, 293 insertions(+) create mode 100644 fuzz/backtrace_fuzzer.cc create mode 100644 fuzz/format_fuzzer.cc create mode 100644 fuzz/format_fuzzer.options create mode 100644 fuzz/levels_fuzzer.cc create mode 100644 fuzz/levels_fuzzer.options create mode 100644 fuzz/log_fuzzer.cc create mode 100644 fuzz/log_fuzzer.options create mode 100644 fuzz/pattern_fuzzer.cc create mode 100644 fuzz/pattern_fuzzer.options create mode 100644 fuzz/spdlog_fuzzer.dict diff --git a/fuzz/backtrace_fuzzer.cc b/fuzz/backtrace_fuzzer.cc new file mode 100644 index 00000000..cde3121e --- /dev/null +++ b/fuzz/backtrace_fuzzer.cc @@ -0,0 +1,43 @@ +// Copyright 2019 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include + +#include + +#include "spdlog/spdlog.h" +#include "spdlog/sinks/basic_file_sink.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + static std::shared_ptr my_logger; + if (!my_logger.get()) { + my_logger = spdlog::basic_logger_mt("basic_logger", "/dev/null"); + spdlog::set_default_logger(my_logger); + } + + if (size == 0) { + return 0; + } + + FuzzedDataProvider stream(data, size); + + const uint16_t size_arg = stream.ConsumeIntegral(); + + spdlog::enable_backtrace(size_arg); + for(int i=0; i + +#include + +#include "spdlog/spdlog.h" +#include "spdlog/sinks/basic_file_sink.h" +#include "spdlog/pattern_formatter.h" + + +std::string my_formatter_txt = "custom-flag"; + +class my_formatter_flag : public spdlog::custom_flag_formatter +{ + +public: + void format(const spdlog::details::log_msg &, const std::tm &, spdlog::memory_buf_t &dest) override + { + dest.append(my_formatter_txt.data(), my_formatter_txt.data() + my_formatter_txt.size()); + } + + std::unique_ptr clone() const override + { + return spdlog::details::make_unique(); + } +}; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + static std::shared_ptr my_logger; + if (!my_logger.get()) { + my_logger = spdlog::basic_logger_mt("basic_logger", "/dev/null"); + spdlog::set_default_logger(my_logger); + } + + if (size == 0) { + return 0; + } + + + FuzzedDataProvider stream(data, size); + + const unsigned long size_arg = stream.ConsumeIntegral(); + const unsigned long int_arg = stream.ConsumeIntegral(); + const char flag = (char)(stream.ConsumeIntegral()); + const std::string pattern = stream.ConsumeRandomLengthString(); + my_formatter_txt = stream.ConsumeRandomLengthString(); + const std::string string_arg = stream.ConsumeRandomLengthString(); + const std::string format_string = stream.ConsumeRemainingBytesAsString(); + // const std::string format_string = stream.ConsumeRandomLengthString(size); + + using spdlog::details::make_unique; + auto formatter = make_unique(); + formatter->add_flag(flag).set_pattern(pattern); + spdlog::set_formatter(std::move(formatter)); + + spdlog::info(format_string.c_str(), size_arg, int_arg, string_arg); + + return 0; +} diff --git a/fuzz/format_fuzzer.options b/fuzz/format_fuzzer.options new file mode 100644 index 00000000..a1728afa --- /dev/null +++ b/fuzz/format_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = spdlog_fuzzer.dict \ No newline at end of file diff --git a/fuzz/levels_fuzzer.cc b/fuzz/levels_fuzzer.cc new file mode 100644 index 00000000..91d52686 --- /dev/null +++ b/fuzz/levels_fuzzer.cc @@ -0,0 +1,56 @@ +// Copyright 2019 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include + +#include + +#include "spdlog/spdlog.h" +#include "spdlog/sinks/basic_file_sink.h" +#include "spdlog/cfg/argv.h" +#include "spdlog/cfg/env.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + static std::shared_ptr my_logger; + if (!my_logger.get()) { + my_logger = spdlog::basic_logger_mt("basic_logger", "/dev/null"); + spdlog::set_default_logger(my_logger); + } + + if (size == 0) { + return 0; + } + + FuzzedDataProvider stream(data, size); + + + std::vector strings; + const unsigned char strsize = stream.ConsumeIntegral(); + for(unsigned char i=0; i argvv; argvv.reserve(strsize); + for(unsigned char i=0; i< strsize; ++i) + argvv.push_back(const_cast(strings[i].c_str())); + + const unsigned char int_arg = strsize; + if(int_arg==0) return 0; + + const char** argv = (const char**) &argvv[0]; + spdlog::cfg::load_env_levels(); + spdlog::cfg::load_argv_levels(int_arg, argv); + spdlog::info(stream.ConsumeRemainingBytesAsString()); + + return 0; +} diff --git a/fuzz/levels_fuzzer.options b/fuzz/levels_fuzzer.options new file mode 100644 index 00000000..a1728afa --- /dev/null +++ b/fuzz/levels_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = spdlog_fuzzer.dict \ No newline at end of file diff --git a/fuzz/log_fuzzer.cc b/fuzz/log_fuzzer.cc new file mode 100644 index 00000000..6b9aa061 --- /dev/null +++ b/fuzz/log_fuzzer.cc @@ -0,0 +1,56 @@ +// Copyright 2019 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include + +#include + +#include "spdlog/spdlog.h" +#include "spdlog/sinks/basic_file_sink.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + static std::shared_ptr my_logger; + if (!my_logger.get()) { + my_logger = spdlog::basic_logger_mt("basic_logger", "/dev/null"); + spdlog::set_default_logger(my_logger); + } + + if (size == 0) { + return 0; + } + + + FuzzedDataProvider stream(data, size); + + const unsigned long size_arg = stream.ConsumeIntegral(); + const unsigned long int_arg = stream.ConsumeIntegral(); + const std::string string_arg = stream.ConsumeRandomLengthString(size); + const std::string format_string = stream.ConsumeRemainingBytesAsString(); + + spdlog::info(format_string.c_str(), size_arg, int_arg, string_arg); + spdlog::trace(format_string.c_str(), size_arg, int_arg, string_arg); + spdlog::debug(format_string.c_str(), size_arg, int_arg, string_arg); + spdlog::error(format_string.c_str(), size_arg, int_arg, string_arg); + spdlog::warn(format_string.c_str(), size_arg, int_arg, string_arg); + spdlog::critical(format_string.c_str(), size_arg, int_arg, string_arg); + + SPDLOG_INFO(format_string.c_str(), size_arg, int_arg, string_arg); + SPDLOG_TRACE(format_string.c_str(), size_arg, int_arg, string_arg); + SPDLOG_DEBUG(format_string.c_str(), size_arg, int_arg, string_arg); + SPDLOG_ERROR(format_string.c_str(), size_arg, int_arg, string_arg); + SPDLOG_WARN(format_string.c_str(), size_arg, int_arg, string_arg); + SPDLOG_CRITICAL(format_string.c_str(), size_arg, int_arg, string_arg); + + return 0; +} diff --git a/fuzz/log_fuzzer.options b/fuzz/log_fuzzer.options new file mode 100644 index 00000000..a1728afa --- /dev/null +++ b/fuzz/log_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = spdlog_fuzzer.dict \ No newline at end of file diff --git a/fuzz/pattern_fuzzer.cc b/fuzz/pattern_fuzzer.cc new file mode 100644 index 00000000..95d04c0d --- /dev/null +++ b/fuzz/pattern_fuzzer.cc @@ -0,0 +1,38 @@ +// Copyright 2019 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include + +#include + +#include "spdlog/spdlog.h" +#include "spdlog/sinks/basic_file_sink.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + static std::shared_ptr my_logger; + if (!my_logger.get()) { + my_logger = spdlog::basic_logger_mt("basic_logger", "/dev/null"); + spdlog::set_default_logger(my_logger); + } + + if (size == 0) { + return 0; + } + + FuzzedDataProvider stream(data, size); + const std::string str = stream.ConsumeRemainingBytesAsString(); + spdlog::set_pattern(str); + + return 0; +} diff --git a/fuzz/pattern_fuzzer.options b/fuzz/pattern_fuzzer.options new file mode 100644 index 00000000..a1728afa --- /dev/null +++ b/fuzz/pattern_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = spdlog_fuzzer.dict \ No newline at end of file diff --git a/fuzz/spdlog_fuzzer.dict b/fuzz/spdlog_fuzzer.dict new file mode 100644 index 00000000..dc7d1ebb --- /dev/null +++ b/fuzz/spdlog_fuzzer.dict @@ -0,0 +1,20 @@ +"{}" +"{:08d}" +"{0:d}" +"{0:x}" +"{0:o}" +"{0:b}" +"{:03.2f}" +"{1}" +"{0}" +"{:<8}" +"{:<999999999999999999999999}" +"[%H:%M:%S %z]" +"[%^%L%$]" +"[thread %t]" +"%v" +"%+" +"{:X}" +"{:s}" +"{:p}" +"{:n}" \ No newline at end of file