New fuzz harness + refactoring into fuzz/ (#2273)

* - Added `fuzz_XMLProfiles harness`
- Appended `uncrustify.cfg` pattern into `.gitignore`
- Moved all harnesses into `fuzz/`
- Refactored make files

I sent a PR to google/oss-fuzz with these commits to conclude integration of refactored fuzzers. Will keep an eye on the build process and fix it if something will go wrong.

https://github.com/google/oss-fuzz/compare/master...phretor:fast-dds/refactor?expand=1
Signed-off-by: Federico Maggi <fede@maggi.cc>

* Removing old fuzzer

Signed-off-by: Federico Maggi <federico@maggi.cc>

* Setting `MIN_SIZE` to `RTPSMESSAGE_HEADER_SIZE`

Signed-off-by: Federico Maggi <federico@maggi.cc>

.gitignore

@@ -444,3 +444,6 @@ compile_commands.json
 
 # Visual Studio Code
 .vscode
+
+# Uncrustify
+uncrustify.cfg

fuzz/C++/fuzz_XMLProfiles/CMakeLists.txt

@@ -0,0 +1,40 @@
+# Copyright 2016 Proyectos y Sistemas de Mantenimiento SL (eProsima).
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+cmake_minimum_required(VERSION 2.8.12)
+
+if(NOT CMAKE_VERSION VERSION_LESS 3.0)
+    cmake_policy(SET CMP0048 NEW)
+endif()
+
+project(fuzz_XMLProfiles)
+
+# Find requirements
+if(NOT fastcdr_FOUND)
+    find_package(fastcdr REQUIRED)
+endif()
+
+if(NOT foonathan_memory_FOUND)
+    find_package(foonathan_memory REQUIRED)
+endif()
+
+if(NOT fastrtps_FOUND)
+    find_package(fastrtps REQUIRED)
+endif()
+
+message(STATUS "Configuring fuzz_XMLProfiles...")
+file(GLOB SOURCES_CXX "*.cxx")
+
+add_executable(fuzz_XMLProfiles ${SOURCES_CXX} ${SOURCES_CPP})
+target_link_libraries(fuzz_XMLProfiles fastrtps fastcdr foonathan_memory $ENV{LIB_FUZZING_ENGINE})

fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles.cxx

@@ -0,0 +1,43 @@
+#include <fastrtps/Domain.h>
+#include <fastrtps/xmlparser/XMLProfileManager.h>
+
+#include "fuzz_utils.h"
+
+using namespace eprosima;
+using namespace eprosima::fastrtps;
+
+static bool initialized = false;
+
+extern "C" int LLVMFuzzerTestOneInput(
+        const uint8_t* data,
+        size_t size)
+{
+    if (!initialized)
+    {
+        ignore_stdout();
+        initialized = true;
+    }
+
+    if (!size)
+    {
+        return EXIT_FAILURE;
+    }
+
+    const char* filename = buf_to_file(data, size);
+
+    if (filename == NULL)
+    {
+        return EXIT_FAILURE;
+    }
+
+    // TODO change this to a func. taking buf + len (or C string)
+    // to avoid using `buf_to_file`
+    xmlparser::XMLProfileManager::loadXMLFile(filename);
+
+    if (delete_file(filename) != 0)
+    {
+        return EXIT_FAILURE;
+    }
+
+    return 0;
+}

fuzz/C++/fuzz_XMLProfiles/fuzz_XMLProfiles_seed_corpus/1c82a2c60044985396a5dbbe58ad7fcc5d852d38

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<dds xmlns="http://www.eprosima.com/XMLSchemas/fastRTPS_Profiles" >
+    <profiles>
+        <participant profile_name="participant_profile">
+            <domainId>80</domainId>
+            <rtps>
+                <builtin>
+                    <discovery_config>
+                        <leaseDuration>
+                            <sec>DURATION_INFINITY</sec>
+                        </leaseDuration>
+                    </discovery_config>
+                </builtin>
+            </rtps>
+        </participant>
+
+        <publisher profile_name="publisher_profile">
+            <topic>
+                <name>xml_profiles_topic</name>
+                <dataType>XMLProfilesExample</dataType>
+                <kind>NO_KEY</kind>
+                <historyQos>
+                    <kind>KEEP_LAST</kind>
+                    <depth>20</depth>
+                </historyQos>
+            </topic>
+            <qos>
+                <reliability>
+                    <kind>RELIABLE</kind>
+                </reliability>
+            </qos>
+            <historyMemoryPolicy>PREALLOCATED</historyMemoryPolicy>
+        </publisher>
+
+        <subscriber profile_name="subscriber_profile">
+            <topic>
+                <name>xml_profiles_topic</name>
+                <dataType>XMLProfilesExample</dataType>
+                <kind>NO_KEY</kind>
+                <historyQos>
+                    <kind>KEEP_LAST</kind>
+                    <depth>20</depth>
+                </historyQos>
+            </topic>
+            <qos>
+                <reliability>
+                    <kind>RELIABLE</kind>
+                </reliability>
+            </qos>
+            <historyMemoryPolicy>PREALLOCATED</historyMemoryPolicy>
+        </subscriber>
+
+    </profiles>
+</dds>

fuzz/C++/fuzz_XMLProfiles/fuzz_utils.cxx

@@ -0,0 +1,95 @@
+#include "fuzz_utils.h"
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+extern "C" int ignore_stdout(
+        void)
+{
+    int fd = open("/dev/null", O_WRONLY);
+    if (fd == -1)
+    {
+        warn("open(\"/dev/null\") failed");
+        return -1;
+    }
+
+    int ret = 0;
+    if (dup2(fd, STDOUT_FILENO) == -1)
+    {
+        warn("failed to redirect stdout to /dev/null\n");
+        ret = -1;
+    }
+
+    if (close(fd) == -1)
+    {
+        warn("close");
+        ret = -1;
+    }
+
+    return ret;
+}
+
+extern "C" int delete_file(
+        const char* pathname)
+{
+    int ret = unlink(pathname);
+    if (ret == -1)
+    {
+        warn("failed to delete \"%s\"", pathname);
+    }
+
+    free((void*)pathname);
+
+    return ret;
+}
+
+extern "C" char* buf_to_file(
+        const uint8_t* buf,
+        size_t size)
+{
+    char* pathname = strdup("/dev/shm/fuzz-XXXXXX");
+    if (pathname == NULL)
+    {
+        return NULL;
+    }
+
+    int fd = mkstemp(pathname);
+    if (fd == -1)
+    {
+        warn("mkstemp(\"%s\")", pathname);
+        free(pathname);
+        return NULL;
+    }
+
+    size_t pos = 0;
+    while (pos < size)
+    {
+        int nbytes = write(fd, &buf[pos], size - pos);
+        if (nbytes <= 0)
+        {
+            if (nbytes == -1 && errno == EINTR)
+            {
+                continue;
+            }
+            warn("write");
+            goto err;
+        }
+        pos += nbytes;
+    }
+
+    if (close(fd) == -1)
+    {
+        warn("close");
+        goto err;
+    }
+
+    return pathname;
+
+err:
+    delete_file(pathname);
+    return NULL;
+}

fuzz/C++/fuzz_XMLProfiles/fuzz_utils.h

@@ -0,0 +1,33 @@
+// Helpers functions for fuzz targets.
+
+#ifndef FUZZ_UTILS_H_
+#define FUZZ_UTILS_H_
+
+#include <stddef.h>
+#include <stdint.h>
+
+// Redirect stdout to /dev/null. Useful to ignore output from verbose fuzz
+// target functions.
+//
+// Return 0 on success, -1 otherwise.
+extern "C" int ignore_stdout(
+        void);
+
+// Delete the file passed as argument and free the associated buffer. This
+// function is meant to be called on buf_to_file return value.
+//
+// Return 0 on success, -1 otherwise.
+extern "C" int delete_file(
+        const char* pathname);
+
+// Write the data provided in buf to a new temporary file. This function is
+// meant to be called by LLVMFuzzerTestOneInput() for fuzz targets that only
+// take file names (and not data) as input.
+//
+// Return the path of the newly created file or NULL on error. The caller should
+// eventually free the returned buffer (see delete_file).
+extern "C" char* buf_to_file(
+        const uint8_t* buf,
+        size_t size);
+
+#endif  // FUZZ_UTILS_H_

fuzz/C++/fuzz_processCDRMsg/CMakeLists.txt

@@ -0,0 +1,26 @@
+cmake_minimum_required(VERSION 2.8.12)
+
+if(NOT CMAKE_VERSION VERSION_LESS 3.0)
+    cmake_policy(SET CMP0048 NEW)
+endif()
+
+project(fuzz_processCDRMsg)
+
+# Find requirements
+if(NOT fastcdr_FOUND)
+    find_package(fastcdr REQUIRED)
+endif()
+
+if(NOT foonathan_memory_FOUND)
+    find_package(foonathan_memory REQUIRED)
+endif()
+
+if(NOT fastrtps_FOUND)
+    find_package(fastrtps REQUIRED)
+endif()
+
+message(STATUS "Configuring fuzz_processCDRMsg...")
+file(GLOB SOURCES_CXX "fuzz_*.cxx")
+
+add_executable(fuzz_processCDRMsg ${SOURCES_CXX})
+target_link_libraries(fuzz_processCDRMsg fastrtps fastcdr foonathan_memory $ENV{LIB_FUZZING_ENGINE})

src/cpp/rtps/messages/fuzz_processCDRMsg.cpp → fuzz/C++/fuzz_processCDRMsg/fuzz_processCDRMsg.cxx

@@ -7,23 +7,36 @@
 #include <fastrtps/rtps/messages/MessageReceiver.h>
 #include <fastdds/rtps/attributes/RTPSParticipantAttributes.h>
 
+#define MIN_SIZE RTPSMESSAGE_HEADER_SIZE
+#define MAX_SIZE 64000
+
+using namespace eprosima::fastrtps;
+using namespace eprosima::fastrtps::rtps;
+
+static const Locator_t remoteLocator;
+static const Locator_t recvLocator;
+
 extern "C" int LLVMFuzzerTestOneInput(
         const uint8_t* data,
         size_t size)
 {
-    const eprosima::fastrtps::rtps::Locator_t remoteLocator;
-    const eprosima::fastrtps::rtps::Locator_t recvLocator;
-    eprosima::fastrtps::rtps::MessageReceiver* rcv = new eprosima::fastrtps::rtps::MessageReceiver(NULL, 4096);
+    if (size < MIN_SIZE || size > MAX_SIZE)
+    {
+        return 0;
+    }
 
-    eprosima::fastrtps::rtps::CDRMessage_t msg(0);
+    MessageReceiver* rcv = new MessageReceiver(NULL, MAX_SIZE);
+
+    CDRMessage_t msg(0);
     msg.wraps = true;
-    msg.buffer = const_cast<eprosima::fastrtps::rtps::octet*>(data);
+    msg.buffer = const_cast<octet*>(data);
     msg.length = size;
     msg.max_size = size;
     msg.reserved_size = size;
 
     // TODO: Should we unlock in case UnregisterReceiver is called from callback ?
     rcv->processCDRMsg(remoteLocator, recvLocator, &msg);
     delete rcv;
+
     return 0;
 }

fuzz/C++/fuzz_processCDRMsg/fuzz_processCDRMsg_seed_corpus/a5b7e41f1ff7485751c09f6c0f325edf1feef9cd

@@ -0,0 +1 @@
+RTPS


NDDSPING

fuzz/CMakeLists.txt

@@ -0,0 +1,18 @@
+# Copyright 2016 Proyectos y Sistemas de Mantenimiento SL (eProsima).
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set(fastrtps_FOUND TRUE)
+
+add_subdirectory(C++/fuzz_XMLProfiles)
+add_subdirectory(C++/fuzz_processCDRMsg)