[coreboot-gerrit] New patch to review for coreboot: util/fuzz-tests: Add jpeg.c fuzzer

Tue Oct 27 22:21:23 CET 2015

Patrick Georgi (pgeorgi at google.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/12183

-gerrit

commit 3855cd7b447d422d06f19640f2d5115e106c40ca
Author: Patrick Georgi <patrick at georgi-clan.de>
Date:   Sun Aug 9 18:30:44 2015 +0200

    util/fuzz-tests: Add jpeg.c fuzzer
    
    Change-Id: I10e5ef3a426b9c74c288d7232a6d11a1ca59833b
    Signed-off-by: Patrick Georgi <patrick at georgi-clan.de>
---
 util/fuzz-tests/Makefile                       |   5 +++++
 util/fuzz-tests/jpeg-test-cases/coreboot.jpg   | Bin 0 -> 711 bytes
 util/fuzz-tests/jpeg-test-cases/coreboot_2.jpg | Bin 0 -> 285 bytes
 util/fuzz-tests/jpeg-test.c                    |  30 +++++++++++++++++++++++++
 4 files changed, 35 insertions(+)

diff --git a/util/fuzz-tests/Makefile b/util/fuzz-tests/Makefile
new file mode 100644
index 0000000..e97643f
--- /dev/null
+++ b/util/fuzz-tests/Makefile
@@ -0,0 +1,5 @@
+all:
+	afl-gcc -g -m32 -I ../../src/lib -o jpeg-test jpeg-test.c ../../src/lib/jpeg.c
+
+run:
+	afl-fuzz -i jpeg-test-cases -o jpeg-results ./jpeg-test @@
diff --git a/util/fuzz-tests/jpeg-test-cases/coreboot.jpg b/util/fuzz-tests/jpeg-test-cases/coreboot.jpg
new file mode 100644
index 0000000..018a3f0
Binary files /dev/null and b/util/fuzz-tests/jpeg-test-cases/coreboot.jpg differ
diff --git a/util/fuzz-tests/jpeg-test-cases/coreboot_2.jpg b/util/fuzz-tests/jpeg-test-cases/coreboot_2.jpg
new file mode 100644
index 0000000..8f57a22
Binary files /dev/null and b/util/fuzz-tests/jpeg-test-cases/coreboot_2.jpg differ
diff --git a/util/fuzz-tests/jpeg-test.c b/util/fuzz-tests/jpeg-test.c
new file mode 100644
index 0000000..928055f
--- /dev/null
+++ b/util/fuzz-tests/jpeg-test.c
@@ -0,0 +1,30 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include "jpeg.h"
+
+const int depth = 16;
+
+int main(int argc, char** argv)
+{
+	FILE *f = fopen(argv[1], "rb");
+	unsigned long len;
+
+	if (!f) return 1;
+	if (fseek(f, 0, SEEK_END) != 0) return 1;
+	len = ftell(f);
+	if (fseek(f, 0, SEEK_SET) != 0) return 1;
+
+	char *buf = malloc(len);
+	struct jpeg_decdata *decdata= malloc(sizeof(*decdata));
+	if (fread(buf, len, 1, f) != 1) return 1;
+	fclose(f);
+
+	int width;
+	int height;
+	jpeg_fetch_size(buf, &width, &height);
+	//printf("width: %d, height: %d\n", width, height);
+	char *pic = malloc(depth/8*width*height);
+	int ret = jpeg_decode(buf, pic, width, height, depth, decdata);
+	//printf("ret: %x\n", ret);
+	return ret;
+}

