[cmake] add fuzzer tests

tests imported from https://github.com/ergnoorr/fuzzrdp reported by Evgeny Legerov of Kaspersky Lab.
2024-04-16 11:18:51 +02:00 · 2024-04-16 11:18:51 +02:00 · f3b2aea781
commit f3b2aea781
parent 0a0df77c39
5 changed files with 509 additions and 24 deletions
--- a/cmake/AddFuzzerTest.cmake
+++ b/cmake/AddFuzzerTest.cmake
@ -0,0 +1,15 @@
 macro(add_fuzzer_test FILES LINK_LIBS)
    if (BUILD_FUZZERS)
        string(REPLACE " " ";" LOCAL_LINK_LIBS ${LINK_LIBS})
        list(APPEND LOCAL_LINK_LIBS fuzzer_config)
        foreach(test ${FILES})
            get_filename_component(TestName ${test} NAME_WE)
            add_executable(${TestName} ${test})
            # Use PUBLIC to force 'fuzzer_config' for all dependent targets.
            target_link_libraries(${TestName} PUBLIC ${LOCAL_LINK_LIBS})
            add_test(${TestName} ${TESTING_OUTPUT_DIRECTORY}/${MODULE_NAME} ${TestName})
            set_target_properties(${TestName} PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${TESTING_OUTPUT_DIRECTORY}")
            add_dependencies(fuzzers ${TestName})
        endforeach()
    endif (BUILD_FUZZERS)
 endmacro()
--- a/libfreerdp/codec/test/CMakeLists.txt
+++ b/libfreerdp/codec/test/CMakeLists.txt
@ -35,3 +35,9 @@ endforeach()
 set_property(TARGET ${MODULE_NAME} PROPERTY FOLDER "FreeRDP/Test")
 set(FUZZERS
 	TestFuzzCodecs.c
 )
 include (AddFuzzerTest)
 add_fuzzer_test("${FUZZERS}" "freerdp winpr")
--- a/libfreerdp/codec/test/TestFuzzCodecs.c
+++ b/libfreerdp/codec/test/TestFuzzCodecs.c
@ -0,0 +1,480 @@
 /* https://github.com/ergnoorr/fuzzrdp
 *
 * MIT License
 *
 * Copyright (c) 2024 ergnoorr
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */
 #include <freerdp/assistance.h>
 #include <winpr/crt.h>
 #include <winpr/print.h>
 #include <winpr/platform.h>
 #include <freerdp/codec/interleaved.h>
 #include <freerdp/codec/planar.h>
 #include <freerdp/codec/bulk.h>
 #include <freerdp/codec/clear.h>
 #include <freerdp/codec/zgfx.h>
 #include <freerdp/log.h>
 #include <winpr/bitstream.h>
 #include <freerdp/codec/rfx.h>
 #include <freerdp/codec/progressive.h>
 #include <freerdp/freerdp.h>
 #include <freerdp/gdi/gdi.h>
 #include "../progressive.h"
 #include "../mppc.h"
 #include "../xcrush.h"
 #include "../ncrush.h"
 static BOOL test_ClearDecompressExample(UINT32 nr, UINT32 width, UINT32 height,
                                        const BYTE* pSrcData, const UINT32 SrcSize)
 {
 	BOOL rc = FALSE;
 	int status = 0;
 	BYTE* pDstData = calloc(1ull * width * height, 4);
 	CLEAR_CONTEXT* clear = clear_context_new(FALSE);
 	WINPR_UNUSED(nr);
 	if (!clear || !pDstData)
 		goto fail;
 	status = clear_decompress(clear, pSrcData, SrcSize, width, height, pDstData,
 	                          PIXEL_FORMAT_XRGB32, 0, 0, 0, width, height, NULL);
 	// printf("clear_decompress example %" PRIu32 " status: %d\n", nr, status);
 	// fflush(stdout);
 	rc = (status == 0);
 fail:
 	clear_context_free(clear);
 	free(pDstData);
 	return rc;
 }
 static int TestFreeRDPCodecClear(const uint8_t* Data, size_t Size)
 {
 	if (Size > UINT32_MAX)
 		return -1;
 	test_ClearDecompressExample(2, 78, 17, Data, (UINT32)Size);
 	test_ClearDecompressExample(3, 64, 24, Data, (UINT32)Size);
 	test_ClearDecompressExample(4, 7, 15, Data, (UINT32)Size);
 	return 0;
 }
 static int TestFreeRDPCodecXCrush(const uint8_t* Data, size_t Size)
 {
 	if (Size > UINT32_MAX)
 		return -1;
 	const BYTE* OutputBuffer = NULL;
 	UINT32 DstSize = 0;
 	XCRUSH_CONTEXT* xcrush = xcrush_context_new(TRUE);
 	if (!xcrush)
 		return 0;
 	xcrush_decompress(xcrush, Data, (UINT32)Size, &OutputBuffer, &DstSize, 0);
 	xcrush_context_free(xcrush);
 	return 0;
 }
 static int test_ZGfxDecompressFoxSingle(const uint8_t* Data, size_t Size)
 {
 	if (Size > UINT32_MAX)
 		return -1;
 	int rc = -1;
 	int status = 0;
 	UINT32 Flags = 0;
 	const BYTE* pSrcData = (const BYTE*)Data;
 	UINT32 SrcSize = (UINT32)Size;
 	UINT32 DstSize = 0;
 	BYTE* pDstData = NULL;
 	ZGFX_CONTEXT* zgfx = zgfx_context_new(TRUE);
 	if (!zgfx)
 		return -1;
 	status = zgfx_decompress(zgfx, pSrcData, SrcSize, &pDstData, &DstSize, Flags);
 	if (status < 0)
 		goto fail;
 	rc = 0;
 fail:
 	free(pDstData);
 	zgfx_context_free(zgfx);
 	return rc;
 }
 static int TestFreeRDPCodecZGfx(const uint8_t* Data, size_t Size)
 {
 	test_ZGfxDecompressFoxSingle(Data, Size);
 	return 0;
 }
 static BOOL test_NCrushDecompressBells(const uint8_t* Data, size_t Size)
 {
 	if (Size > UINT32_MAX)
 		return FALSE;
 	BOOL rc = FALSE;
 	int status = 0;
 	UINT32 Flags = PACKET_COMPRESSED | 2;
 	const BYTE* pSrcData = (const BYTE*)Data;
 	UINT32 SrcSize = (UINT32)Size;
 	UINT32 DstSize = 0;
 	const BYTE* pDstData = NULL;
 	NCRUSH_CONTEXT* ncrush = ncrush_context_new(FALSE);
 	if (!ncrush)
 		return rc;
 	status = ncrush_decompress(ncrush, pSrcData, SrcSize, &pDstData, &DstSize, Flags);
 	if (status < 0)
 		goto fail;
 	rc = TRUE;
 fail:
 	ncrush_context_free(ncrush);
 	return rc;
 }
 static int TestFreeRDPCodecNCrush(const uint8_t* Data, size_t Size)
 {
 	test_NCrushDecompressBells(Data, Size);
 	return 0;
 }
 static const size_t IMG_WIDTH = 64;
 static const size_t IMG_HEIGHT = 64;
 static const size_t FORMAT_SIZE = 4;
 static const UINT32 FORMAT = PIXEL_FORMAT_XRGB32;
 static int TestFreeRDPCodecRemoteFX(const uint8_t* Data, size_t Size)
 {
 	int rc = -1;
 	REGION16 region = { 0 };
 	RFX_CONTEXT* context = rfx_context_new(FALSE);
 	BYTE* dest = calloc(IMG_WIDTH * IMG_HEIGHT, FORMAT_SIZE);
 	size_t stride = FORMAT_SIZE * IMG_WIDTH;
 	if (!context)
 		goto fail;
 	if (Size > UINT32_MAX)
 		goto fail;
 	if (stride > UINT32_MAX)
 		goto fail;
 	if (!dest)
 		goto fail;
 	region16_init(&region);
 	if (!rfx_process_message(context, Data, (UINT32)Size, 0, 0, dest, FORMAT, (UINT32)stride,
 	                         IMG_HEIGHT, &region))
 		goto fail;
 	region16_clear(&region);
 	if (!rfx_process_message(context, Data, (UINT32)Size, 0, 0, dest, FORMAT, (UINT32)stride,
 	                         IMG_HEIGHT, &region))
 		goto fail;
 	region16_print(&region);
 	rc = 0;
 fail:
 	region16_uninit(&region);
 	rfx_context_free(context);
 	free(dest);
 	return rc;
 }
 static int test_MppcDecompressBellsRdp5(const uint8_t* Data, size_t Size)
 {
 	int rc = -1;
 	int status = 0;
 	UINT32 Flags = PACKET_AT_FRONT | PACKET_COMPRESSED | 1;
 	const BYTE* pSrcData = Data;
 	UINT32 SrcSize = (UINT32)Size;
 	UINT32 DstSize = 0;
 	const BYTE* pDstData = NULL;
 	MPPC_CONTEXT* mppc = mppc_context_new(1, FALSE);
 	if (!mppc)
 		return -1;
 	status = mppc_decompress(mppc, pSrcData, SrcSize, &pDstData, &DstSize, Flags);
 	if (status < 0)
 		goto fail;
 	rc = 0;
 fail:
 	mppc_context_free(mppc);
 	return rc;
 }
 static int test_MppcDecompressBellsRdp4(const uint8_t* Data, size_t Size)
 {
 	if (Size > UINT32_MAX)
 		return -1;
 	int rc = -1;
 	int status = 0;
 	UINT32 Flags = PACKET_AT_FRONT | PACKET_COMPRESSED | 0;
 	const BYTE* pSrcData = (const BYTE*)Data;
 	UINT32 SrcSize = (UINT32)Size;
 	UINT32 DstSize = 0;
 	const BYTE* pDstData = NULL;
 	MPPC_CONTEXT* mppc = mppc_context_new(0, FALSE);
 	if (!mppc)
 		return -1;
 	status = mppc_decompress(mppc, pSrcData, SrcSize, &pDstData, &DstSize, Flags);
 	if (status < 0)
 		goto fail;
 	rc = 0;
 fail:
 	mppc_context_free(mppc);
 	return rc;
 }
 static int test_MppcDecompressBufferRdp5(const uint8_t* Data, size_t Size)
 {
 	if (Size > UINT32_MAX)
 		return -1;
 	int rc = -1;
 	int status = 0;
 	UINT32 Flags = PACKET_AT_FRONT | PACKET_COMPRESSED | 1;
 	const BYTE* pSrcData = (const BYTE*)Data;
 	UINT32 SrcSize = (UINT32)Size;
 	UINT32 DstSize = 0;
 	const BYTE* pDstData = NULL;
 	MPPC_CONTEXT* mppc = mppc_context_new(1, FALSE);
 	if (!mppc)
 		return -1;
 	status = mppc_decompress(mppc, pSrcData, SrcSize, &pDstData, &DstSize, Flags);
 	if (status < 0)
 		goto fail;
 	rc = 0;
 fail:
 	mppc_context_free(mppc);
 	return rc;
 }
 static int TestFreeRDPCodecMppc(const uint8_t* Data, size_t Size)
 {
 	test_MppcDecompressBellsRdp5(Data, Size);
 	test_MppcDecompressBellsRdp4(Data, Size);
 	test_MppcDecompressBufferRdp5(Data, Size);
 	return 0;
 }
 static BOOL progressive_decode(const uint8_t* Data, size_t Size)
 {
 	BOOL res = FALSE;
 	int rc = 0;
 	BYTE* resultData = NULL;
 	UINT32 ColorFormat = PIXEL_FORMAT_BGRX32;
 	REGION16 invalidRegion = { 0 };
 	UINT32 scanline = 4240;
 	UINT32 width = 1060;
 	UINT32 height = 827;
 	if (Size > UINT32_MAX)
 		return FALSE;
 	PROGRESSIVE_CONTEXT* progressiveDec = progressive_context_new(FALSE);
 	region16_init(&invalidRegion);
 	if (!progressiveDec)
 		goto fail;
 	resultData = calloc(scanline, height);
 	if (!resultData)
 		goto fail;
 	rc = progressive_create_surface_context(progressiveDec, 0, width, height);
 	if (rc <= 0)
 		goto fail;
 	rc = progressive_decompress(progressiveDec, Data, (UINT32)Size, resultData, ColorFormat,
 	                            scanline, 0, 0, &invalidRegion, 0, 0);
 	if (rc < 0)
 		goto fail;
 	res = TRUE;
 fail:
 	region16_uninit(&invalidRegion);
 	progressive_context_free(progressiveDec);
 	free(resultData);
 	return res;
 }
 static int TestFreeRDPCodecProgressive(const uint8_t* Data, size_t Size)
 {
 	progressive_decode(Data, Size);
 	return 0;
 }
 static BOOL i_run_encode_decode(UINT16 bpp, BITMAP_INTERLEAVED_CONTEXT* encoder,
                                BITMAP_INTERLEAVED_CONTEXT* decoder, const uint8_t* Data,
                                size_t Size)
 {
 	BOOL rc2 = FALSE;
 	BOOL rc = 0;
 	const UINT32 w = 64;
 	const UINT32 h = 64;
 	const UINT32 x = 0;
 	const UINT32 y = 0;
 	const UINT32 format = PIXEL_FORMAT_RGBX32;
 	const size_t step = (w + 13ull) * 4ull;
 	const size_t SrcSize = step * h;
 	BYTE* pSrcData = calloc(1, SrcSize);
 	BYTE* pDstData = calloc(1, SrcSize);
 	BYTE* tmp = calloc(1, SrcSize);
 	WINPR_UNUSED(encoder);
 	if (!pSrcData || !pDstData || !tmp)
 		goto fail;
 	if (Size > UINT32_MAX)
 		goto fail;
 	winpr_RAND(pSrcData, SrcSize);
 	if (!bitmap_interleaved_context_reset(decoder))
 		goto fail;
 	rc = interleaved_decompress(decoder, Data, (UINT32)Size, w, h, bpp, pDstData, format, step, x,
 	                            y, w, h, NULL);
 	if (!rc)
 		goto fail;
 	rc2 = TRUE;
 fail:
 	free(pSrcData);
 	free(pDstData);
 	free(tmp);
 	return rc2;
 }
 static int TestFreeRDPCodecInterleaved(const uint8_t* Data, size_t Size)
 {
 	int rc = -1;
 	BITMAP_INTERLEAVED_CONTEXT* decoder = bitmap_interleaved_context_new(FALSE);
 	if (!decoder)
 		goto fail;
 	i_run_encode_decode(24, NULL, decoder, Data, Size);
 	i_run_encode_decode(16, NULL, decoder, Data, Size);
 	i_run_encode_decode(15, NULL, decoder, Data, Size);
 	rc = 0;
 fail:
 	bitmap_interleaved_context_free(decoder);
 	return rc;
 }
 static BOOL RunTestPlanar(BITMAP_PLANAR_CONTEXT* planar, const BYTE* srcBitmap,
                          const UINT32 srcFormat, const UINT32 dstFormat, const UINT32 width,
                          const UINT32 height, const uint8_t* Data, size_t Size)
 {
 	BOOL rc = FALSE;
 	WINPR_UNUSED(srcBitmap);
 	WINPR_UNUSED(srcFormat);
 	if (Size > UINT32_MAX)
 		return FALSE;
 	UINT32 dstSize = (UINT32)Size;
 	const BYTE* compressedBitmap = Data;
 	BYTE* decompressedBitmap =
 	    (BYTE*)calloc(height, 1ull * width * FreeRDPGetBytesPerPixel(dstFormat));
 	rc = TRUE;
 	if (!decompressedBitmap)
 		goto fail;
 	if (!planar_decompress(planar, compressedBitmap, dstSize, width, height, decompressedBitmap,
 	                       dstFormat, 0, 0, 0, width, height, FALSE))
 	{
 		goto fail;
 	}
 	rc = TRUE;
 fail:
 	free(decompressedBitmap);
 	return rc;
 }
 static BOOL TestPlanar(const UINT32 format, const uint8_t* Data, size_t Size)
 {
 	BOOL rc = FALSE;
 	const DWORD planarFlags = PLANAR_FORMAT_HEADER_NA | PLANAR_FORMAT_HEADER_RLE;
 	BITMAP_PLANAR_CONTEXT* planar = freerdp_bitmap_planar_context_new(planarFlags, 64, 64);
 	if (!planar)
 		goto fail;
 	RunTestPlanar(planar, NULL, PIXEL_FORMAT_RGBX32, format, 64, 64, Data, Size);
 	RunTestPlanar(planar, NULL, PIXEL_FORMAT_RGB16, format, 32, 32, Data, Size);
 	rc = TRUE;
 fail:
 	freerdp_bitmap_planar_context_free(planar);
 	return rc;
 }
 static int TestFreeRDPCodecPlanar(const uint8_t* Data, size_t Size)
 {
 	TestPlanar(0, Data, Size);
 	return 0;
 }
 int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size)
 {
 	if (Size < 4)
 		return 0;
 	int i = 0;
 	winpr_RAND(&i, sizeof(i));
 	i = i % 18;
 	if (i < 2)
 		TestFreeRDPCodecClear(Data, Size);
 	else if (i < 4)
 		TestFreeRDPCodecXCrush(Data, Size);
 	else if (i < 6)
 		TestFreeRDPCodecZGfx(Data, Size);
 	else if (i < 8)
 		TestFreeRDPCodecNCrush(Data, Size);
 	else if (i < 10)
 		TestFreeRDPCodecRemoteFX(Data, Size);
 	else if (i < 12)
 		TestFreeRDPCodecMppc(Data, Size);
 	else if (i < 14)
 		TestFreeRDPCodecProgressive(Data, Size);
 	else if (i < 16)
 		TestFreeRDPCodecInterleaved(Data, Size);
 	else if (i < 18)
 		TestFreeRDPCodecPlanar(Data, Size);
 	return 0;
 }
--- a/libfreerdp/common/test/CMakeLists.txt
+++ b/libfreerdp/common/test/CMakeLists.txt
@ -8,7 +8,7 @@ set(${MODULE_PREFIX}_TESTS
    TestAddinArgv.c
 	TestCommonAssistance.c)
-set(${MODULE_PREFIX}_FUZZERS
+set(FUZZERS
 	TestFuzzCommonAssistanceParseFileBuffer.c
 	TestFuzzCommonAssistanceBinToHexString.c
 	TestFuzzCommonAssistanceHexStringToBin.c)
@ -21,17 +21,8 @@ add_executable(${MODULE_NAME} ${${MODULE_PREFIX}_SRCS})
 target_link_libraries(${MODULE_NAME} freerdp winpr)
-if (BUILD_FUZZERS)
+include (AddFuzzerTest)
-	foreach(test ${${MODULE_PREFIX}_FUZZERS})
+add_fuzzer_test("${FUZZERS}" "freerdp winpr")
 		get_filename_component(TestName ${test} NAME_WE)
 		add_executable(${TestName} ${test})
 		# Use PUBLIC to force 'fuzzer_config' for all dependent targets.
 		target_link_libraries(${TestName} PUBLIC freerdp winpr fuzzer_config)
 		add_test(${TestName} ${TESTING_OUTPUT_DIRECTORY}/${MODULE_NAME} ${TestName})
 		set_target_properties(${TestName} PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${TESTING_OUTPUT_DIRECTORY}")
 		add_dependencies(fuzzers ${TestName})
 	endforeach()
 endif (BUILD_FUZZERS)
 set_target_properties(${MODULE_NAME} PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${TESTING_OUTPUT_DIRECTORY}")
--- a/libfreerdp/core/test/CMakeLists.txt
+++ b/libfreerdp/core/test/CMakeLists.txt
@ -9,8 +9,9 @@ set(${MODULE_PREFIX}_TESTS
 	TestStreamDump.c
 	TestSettings.c)
-set(${MODULE_PREFIX}_FUZZERS
+set(FUZZERS
-	TestFuzzCryptoCertificateDataSetPEM.c)
+	TestFuzzCryptoCertificateDataSetPEM.c
 )
 if(WITH_SAMPLE AND WITH_SERVER AND NOT WIN32)
 	add_definitions(-DCMAKE_EXECUTABLE_SUFFIX="${CMAKE_EXECUTABLE_SUFFIX}")
@ -32,16 +33,8 @@ add_definitions(-DTESTING_SRC_DIRECTORY="${PROJECT_SOURCE_DIR}")
 target_link_libraries(${MODULE_NAME} freerdp winpr freerdp-client)
-if (BUILD_FUZZERS)
+include (AddFuzzerTest)
-	foreach(test ${${MODULE_PREFIX}_FUZZERS})
+add_fuzzer_test("${FUZZERS}" "freerdp winpr")
 		get_filename_component(TestName ${test} NAME_WE)
 		add_executable(${TestName} ${test})
 		target_link_libraries(${TestName} freerdp winpr freerdp-client fuzzer_config)
 		add_test(${TestName} ${TESTING_OUTPUT_DIRECTORY}/${MODULE_NAME} ${TestName})
 		set_target_properties(${TestName} PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${TESTING_OUTPUT_DIRECTORY}")
 		add_dependencies(fuzzers ${TestName})
 	endforeach()
 endif (BUILD_FUZZERS)
 set_target_properties(${MODULE_NAME} PROPERTIES RUNTIME_OUTPUT_DIRECTORY "${TESTING_OUTPUT_DIRECTORY}")