Add fuzz testing drivers for all parameters

geofabrik · Aug 19, 2016 · 06b74c1 · 06b74c1
1 parent 3a0eed2
commit 06b74c1
Show file tree

Hide file tree

Showing 9 changed files with 179 additions and 40 deletions.
diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
@@ -13,13 +13,30 @@
 # ar ruv libFuzzer.a Fuzzer*.o
 
 if (ENABLE_FUZZING)
-  add_executable(driver driver.cc $<TARGET_OBJECTS:UTIL> $<TARGET_OBJECTS:SERVER>)
-  target_link_libraries(driver Fuzzer osrm)
 
-  add_custom_target(fuzz
-	  DEPENDS driver
-	  WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
-	  COMMAND ${CMAKE_COMMAND} -E make_directory corpus
-	  COMMAND driver -jobs=4 -workers=4 -max_len=4096 corpus
-	  COMMENT "Fuzzing libosrm" VERBATIM)
+  macro(add_fuzz_target binary)
+    add_executable(${binary} ${binary}.cc $<TARGET_OBJECTS:UTIL> $<TARGET_OBJECTS:SERVER>)
+    target_link_libraries(${binary} Fuzzer osrm)
+    target_include_directories(${binary} PUBLIC ${CMAKE_CURRENT_SOURCE_DIR})
+
+    add_custom_target(fuzz-${binary}
+	    DEPENDS ${binary}
+	    WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+	    COMMAND ${CMAKE_COMMAND} -E make_directory "corpus/${binary}"
+	    COMMAND ${binary} -jobs=1 -max_len=4096 "corpus/${binary}"
+	    COMMENT "Fuzzing ${binary}" VERBATIM)
+  endmacro ()
+
+  set(targets
+	  "match_parameters"
+	  "nearest_parameters"
+	  "route_parameters"
+	  "table_parameters"
+	  "tile_parameters"
+	  "trip_parameters")
+
+  foreach (target ${targets})
+    add_fuzz_target(${target})
+  endforeach ()
+
 endif ()
diff --git a/fuzz/driver.cc b/fuzz/driver.cc
diff --git a/fuzz/match_parameters.cc b/fuzz/match_parameters.cc
@@ -0,0 +1,23 @@
+#include "engine/api/match_parameters.hpp"
+#include "server/api/parameters_parser.hpp"
+
+#include "util.hpp"
+
+#include <iterator>
+#include <string>
+
+using osrm::server::api::parseParameters;
+using osrm::engine::api::MatchParameters;
+
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
+{
+    std::string in(reinterpret_cast<const char *>(data), size);
+
+    auto first = begin(in);
+    const auto last = end(in);
+
+    const auto param = parseParameters<MatchParameters>(first, last);
+    escape(&param);
+
+    return 0;
+}
diff --git a/fuzz/nearest_parameters.cc b/fuzz/nearest_parameters.cc
@@ -0,0 +1,23 @@
+#include "engine/api/nearest_parameters.hpp"
+#include "server/api/parameters_parser.hpp"
+
+#include "util.hpp"
+
+#include <iterator>
+#include <string>
+
+using osrm::server::api::parseParameters;
+using osrm::engine::api::NearestParameters;
+
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
+{
+    std::string in(reinterpret_cast<const char *>(data), size);
+
+    auto first = begin(in);
+    const auto last = end(in);
+
+    const auto param = parseParameters<NearestParameters>(first, last);
+    escape(&param);
+
+    return 0;
+}
diff --git a/fuzz/route_parameters.cc b/fuzz/route_parameters.cc
@@ -0,0 +1,23 @@
+#include "engine/api/route_parameters.hpp"
+#include "server/api/parameters_parser.hpp"
+
+#include "util.hpp"
+
+#include <iterator>
+#include <string>
+
+using osrm::server::api::parseParameters;
+using osrm::engine::api::RouteParameters;
+
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
+{
+    std::string in(reinterpret_cast<const char *>(data), size);
+
+    auto first = begin(in);
+    const auto last = end(in);
+
+    const auto param = parseParameters<RouteParameters>(first, last);
+    escape(&param);
+
+    return 0;
+}
diff --git a/fuzz/table_parameters.cc b/fuzz/table_parameters.cc
@@ -0,0 +1,23 @@
+#include "engine/api/table_parameters.hpp"
+#include "server/api/parameters_parser.hpp"
+
+#include "util.hpp"
+
+#include <iterator>
+#include <string>
+
+using osrm::server::api::parseParameters;
+using osrm::engine::api::TableParameters;
+
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
+{
+    std::string in(reinterpret_cast<const char *>(data), size);
+
+    auto first = begin(in);
+    const auto last = end(in);
+
+    const auto param = parseParameters<TableParameters>(first, last);
+    escape(&param);
+
+    return 0;
+}
diff --git a/fuzz/tile_parameters.cc b/fuzz/tile_parameters.cc
@@ -0,0 +1,23 @@
+#include "engine/api/tile_parameters.hpp"
+#include "server/api/parameters_parser.hpp"
+
+#include "util.hpp"
+
+#include <iterator>
+#include <string>
+
+using osrm::server::api::parseParameters;
+using osrm::engine::api::TileParameters;
+
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
+{
+    std::string in(reinterpret_cast<const char *>(data), size);
+
+    auto first = begin(in);
+    const auto last = end(in);
+
+    const auto param = parseParameters<TileParameters>(first, last);
+    escape(&param);
+
+    return 0;
+}
diff --git a/fuzz/trip_parameters.cc b/fuzz/trip_parameters.cc
@@ -0,0 +1,23 @@
+#include "engine/api/trip_parameters.hpp"
+#include "server/api/parameters_parser.hpp"
+
+#include "util.hpp"
+
+#include <iterator>
+#include <string>
+
+using osrm::server::api::parseParameters;
+using osrm::engine::api::TripParameters;
+
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
+{
+    std::string in(reinterpret_cast<const char *>(data), size);
+
+    auto first = begin(in);
+    const auto last = end(in);
+
+    const auto param = parseParameters<TripParameters>(first, last);
+    escape(&param);
+
+    return 0;
+}
diff --git a/fuzz/util.hpp b/fuzz/util.hpp
@@ -0,0 +1,16 @@
+#ifndef OSRM_FUZZ_UTIL_HPP
+#define OSRM_FUZZ_UTIL_HPP
+
+#include <type_traits>
+
+// Fakes observable side effects the compiler can not optimize away
+template <typename T> inline void escape(T p)
+{
+    static_assert(std::is_pointer<T>::value, "");
+    asm volatile("" : : "g"((void *)p) : "memory");
+}
+
+// Possibly reads and writes all the memory in your system
+inline void clobber() { asm volatile("" : : : "memory"); }
+
+#endif