fuzzing: add fuzzing infrastructure in build system

Signed-off-by: Arjun <[email protected]> Reviewed-by: Andrew Clayton <[email protected]> Signed-off-by: Andrew Clayton <[email protected]>
nginx · Jun 14, 2024 · 965fc94 · 965fc94
1 parent 04a24f6
commit 965fc94
Show file tree

Hide file tree

Showing 9 changed files with 144 additions and 1 deletion.
diff --git a/auto/fuzzing b/auto/fuzzing
@@ -0,0 +1,75 @@
+# Copyright (C) NGINX, Inc.
+
+
+if [ -n "$NXT_FUZZ" ]; then
+
+	# Fuzz-Test object files list.
+
+	$echo "NXT_FUZZ_OBJS = \\" >> $NXT_MAKEFILE
+
+	for nxt_src in $NXT_FUZZ_SRCS
+	do
+		nxt_obj=${nxt_src%.c}.o
+		$echo "	$NXT_BUILD_DIR/$nxt_obj \\" >> $NXT_MAKEFILE
+	done
+
+
+	# Fuzz-Test executables.
+
+	cat << END >> $NXT_MAKEFILE
+
+.PHONY: fuzz
+fuzz:		$NXT_BUILD_DIR/fuzz_basic \\
+			$NXT_BUILD_DIR/fuzz_http_controller \\
+			$NXT_BUILD_DIR/fuzz_http_h1p \\
+			$NXT_BUILD_DIR/fuzz_http_h1p_peer \\
+			$NXT_BUILD_DIR/fuzz_json
+
+$NXT_BUILD_DIR/fuzz_basic: \$(NXT_FUZZ_OBJS) \\
+			$NXT_BUILD_DIR/lib/$NXT_LIB_STATIC
+	\$(PP_LD) \$@
+	\$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_basic \\
+		\$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_basic_fuzz.o \\
+		$NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\
+		$NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\
+		$NXT_FUZZ
+
+$NXT_BUILD_DIR/fuzz_http_controller: \$(NXT_FUZZ_OBJS) \\
+			$NXT_BUILD_DIR/lib/$NXT_LIB_STATIC
+	\$(PP_LD) \$@
+	\$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_http_controller \\
+		\$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_http_controller_fuzz.o \\
+		$NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\
+		$NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\
+		$NXT_FUZZ
+
+$NXT_BUILD_DIR/fuzz_http_h1p: \$(NXT_FUZZ_OBJS) \\
+			$NXT_BUILD_DIR/lib/$NXT_LIB_STATIC
+	\$(PP_LD) \$@
+	\$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_http_h1p \\
+		\$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_http_h1p_fuzz.o \\
+		$NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\
+		$NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\
+		$NXT_FUZZ
+
+$NXT_BUILD_DIR/fuzz_http_h1p_peer: \$(NXT_FUZZ_OBJS) \\
+			$NXT_BUILD_DIR/lib/$NXT_LIB_STATIC
+	\$(PP_LD) \$@
+	\$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_http_h1p_peer \\
+		\$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_http_h1p_peer_fuzz.o \\
+		$NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\
+		$NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\
+		$NXT_FUZZ
+
+$NXT_BUILD_DIR/fuzz_json: \$(NXT_FUZZ_OBJS) \\
+			$NXT_BUILD_DIR/lib/$NXT_LIB_STATIC
+	\$(PP_LD) \$@
+	\$(v)\$(NXT_EXEC_LINK) -o $NXT_BUILD_DIR/fuzz_json \\
+		\$(CFLAGS) $NXT_BUILD_DIR/fuzzing/nxt_json_fuzz.o \\
+		$NXT_BUILD_DIR/lib/$NXT_LIB_STATIC \\
+		$NXT_LD_OPT $NXT_LIBM $NXT_LIBS $NXT_LIB_AUX_LIBS \\
+		$NXT_FUZZ
+
+END
+
+fi
diff --git a/auto/help b/auto/help
@@ -54,6 +54,8 @@ cat << END
 
   --debug              enable debug logging
 
+  --fuzz=ENGINE        enable fuzz testing
+
 
   python OPTIONS       configure Python module
                        run "./configure python --help" to see available options

diff --git a/auto/make b/auto/make
@@ -158,7 +158,7 @@ END
 
 # Object files.
 
-for nxt_src in $NXT_LIB_SRCS $NXT_TEST_SRCS $NXT_LIB_UNIT_SRCS \
+for nxt_src in $NXT_LIB_SRCS $NXT_TEST_SRCS $NXT_FUZZ_SRCS $NXT_LIB_UNIT_SRCS \
                src/test/nxt_unit_app_test.c \
                src/test/nxt_unit_websocket_chat.c \
                src/test/nxt_unit_websocket_echo.c

diff --git a/auto/options b/auto/options
@@ -42,6 +42,8 @@ NXT_TEST_BUILD_HPUX_SENDFILE=NO
 
 NXT_TESTS=NO
 
+NXT_FUZZ=
+
 NXT_HELP=NO
 
 for nxt_option
@@ -125,6 +127,8 @@ do
 
         --tests)                         NXT_TESTS=YES                       ;;
 
+        --fuzz=*)                        NXT_FUZZ="$value"                   ;;
+
         --help)
             . auto/help
             exit 0

diff --git a/auto/sources b/auto/sources
@@ -307,6 +307,15 @@ if [ $NXT_TESTS = YES ]; then
 fi
 
 
+NXT_FUZZ_SRCS=" \
+    fuzzing/nxt_basic_fuzz.c \
+    fuzzing/nxt_http_controller_fuzz.c \
+    fuzzing/nxt_http_h1p_fuzz.c \
+    fuzzing/nxt_http_h1p_peer_fuzz.c \
+    fuzzing/nxt_json_fuzz.c \
+"
+
+
 NXT_SRCS=" \
     src/nxt_main.c \
 "
diff --git a/auto/summary b/auto/summary
@@ -36,4 +36,6 @@ Unit configuration summary:
 
   debug logging: ............. $NXT_DEBUG
 
+  fuzz engine: ............... "$NXT_FUZZ"
+
 END
diff --git a/configure b/configure
@@ -57,6 +57,7 @@ esac
 
 mkdir -p $NXT_BUILD_DIR
 mkdir -p $NXT_BUILD_DIR/bin
+mkdir -p $NXT_BUILD_DIR/fuzzing
 mkdir -p $NXT_BUILD_DIR/include
 mkdir -p $NXT_BUILD_DIR/lib
 mkdir -p $NXT_BUILD_DIR/lib/unit/modules
@@ -179,4 +180,5 @@ if [ $NXT_NJS != NO ]; then
 fi
 
 . auto/make
+. auto/fuzzing
 . auto/summary
diff --git a/fuzzing/build-fuzz.sh b/fuzzing/build-fuzz.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+export CC=clang
+export CXX=clang++
+export CFLAGS="-g -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address,undefined -fsanitize=fuzzer-no-link"
+export CXXFLAGS="-g -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address,undefined -fsanitize=fuzzer-no-link"
+export LIB_FUZZING_ENGINE="-fsanitize=fuzzer"
+
+./configure --no-regex --no-pcre2 --fuzz=$LIB_FUZZING_ENGINE
+make fuzz -j$(nproc)
+
+mkdir -p build/fuzz_basic_seed
+mkdir -p build/fuzz_http_controller_seed
+mkdir -p build/fuzz_http_h1p_seed
+mkdir -p build/fuzz_http_h1p_peer_seed
+mkdir -p build/fuzz_json_seed
+
+echo ""
+echo "Run: ./build/\${fuzzer} build/\${fuzzer}_seed src/fuzz/\${fuzzer}_seed_corpus"
+echo ""
diff --git a/fuzzing/oss-fuzz.sh b/fuzzing/oss-fuzz.sh
@@ -0,0 +1,29 @@
+#!/bin/bash -eu
+
+# Build unit
+./configure --no-regex --no-pcre2 --fuzz="$LIB_FUZZING_ENGINE"
+make fuzz -j"$(nproc)"
+
+# Copy all fuzzers.
+cp build/fuzz_* $OUT/
+
+# cd into fuzzing dir
+pushd fuzzing/
+cp fuzz_http.dict $OUT/fuzz_http_controller.dict
+cp fuzz_http.dict $OUT/fuzz_http_h1p.dict
+cp fuzz_http.dict $OUT/fuzz_http_h1p_peer.dict
+
+# Create temporary directories.
+cp -r fuzz_http_seed_corpus/ fuzz_http_controller_seed_corpus/
+cp -r fuzz_http_seed_corpus/ fuzz_http_h1p_seed_corpus/
+cp -r fuzz_http_seed_corpus/ fuzz_http_h1p_peer_seed_corpus/
+
+zip -r $OUT/fuzz_basic_seed_corpus.zip fuzz_basic_seed_corpus/
+zip -r $OUT/fuzz_http_controller_seed_corpus.zip  fuzz_http_controller_seed_corpus/
+zip -r $OUT/fuzz_http_h1p_seed_corpus.zip  fuzz_http_h1p_seed_corpus/
+zip -r $OUT/fuzz_http_h1p_peer_seed_corpus.zip  fuzz_http_h1p_peer_seed_corpus/
+zip -r $OUT/fuzz_json_seed_corpus.zip fuzz_json_seed_corpus/
+
+# Delete temporary directories.
+rm -r fuzz_http_controller_seed_corpus/ fuzz_http_h1p_seed_corpus/ fuzz_http_h1p_peer_seed_corpus/
+popd
Original file line number	Diff line number	Diff line change
Expand Up		@@ -36,4 +36,6 @@ Unit configuration summary:

		debug logging: ............. $NXT_DEBUG

		fuzz engine: ............... "$NXT_FUZZ"

		END