From 90282ba003c0b2f7ae51593c1a385b6c5e802aff Mon Sep 17 00:00:00 2001 From: Sergey Bronnikov Date: Thu, 11 Jan 2024 12:41:43 +0300 Subject: [PATCH] Update README (#230) * Add syntax highlight to snippets in README * Add a section with grammars in protobuf format to the README --- README.md | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 50081f1..29b00b4 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ It could be used together with guided fuzzing engines, such as [libFuzzer](http: Install prerequisites: -``` +```sh sudo apt-get update sudo apt-get install protobuf-compiler libprotobuf-dev binutils cmake \ ninja-build liblzma-dev libz-dev pkg-config autoconf libtool @@ -20,7 +20,7 @@ sudo apt-get install protobuf-compiler libprotobuf-dev binutils cmake \ Compile and test everything: -``` +```sh mkdir build cd build cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_BUILD_TYPE=Debug @@ -36,7 +36,7 @@ build a working version of protobuf. Installation: -``` +```sh ninja sudo ninja install ``` @@ -59,7 +59,7 @@ using [libFuzzer](http://libfuzzer.info)'s mutators. To apply one mutation to a protobuf object do the following: -``` +```c++ class MyProtobufMutator : public protobuf_mutator::Mutator { public: // Optionally redefine the Mutate* methods to perform more sophisticated mutations. @@ -77,7 +77,7 @@ See also the `ProtobufMutatorMessagesTest.UsageExample` test from ## Integrating with libFuzzer LibFuzzerProtobufMutator can help to integrate with libFuzzer. For example -``` +```c++ #include "src/libfuzzer/libfuzzer_macro.h" DEFINE_PROTO_FUZZER(const MyMessageType& input) { @@ -97,7 +97,7 @@ for fuzzer even if it's capable of inserting acceptable values with time. PostProcessorRegistration can be used to avoid such issue and guide your fuzzer towards interesting code. It registers callback which will be called for each message of particular type after each mutation. -``` +```c++ static protobuf_mutator::libfuzzer::PostProcessorRegistration reg = { [](MyMessageType* message, unsigned int seed) { TweakMyMessage(message, seed); @@ -117,7 +117,7 @@ may corrupt the reproducer so it stops triggering the bug. Note: You can add callback for any nested message and you can add multiple callbacks for the same message type. -``` +```c++ static PostProcessorRegistration reg1 = { [](MyMessageType* message, unsigned int seed) { TweakMyMessage(message, seed); @@ -155,6 +155,24 @@ cleanup/initialize the message as workaround. * [Envoy](https://github.com/envoyproxy/envoy/search?q=DEFINE_TEXT_PROTO_FUZZER+OR+DEFINE_PROTO_FUZZER+OR+DEFINE_BINARY_PROTO_FUZZER&unscoped_q=DEFINE_TEXT_PROTO_FUZZER+OR+DEFINE_PROTO_FUZZER+OR+DEFINE_BINARY_PROTO_FUZZER&type=Code) * [LLVM](https://github.com/llvm-mirror/clang/search?q=DEFINE_TEXT_PROTO_FUZZER+OR+DEFINE_PROTO_FUZZER+OR+DEFINE_BINARY_PROTO_FUZZER&unscoped_q=DEFINE_TEXT_PROTO_FUZZER+OR+DEFINE_PROTO_FUZZER+OR+DEFINE_BINARY_PROTO_FUZZER&type=Code) +## Grammars +* GIF, https://github.com/google/oss-fuzz/tree/master/projects/giflib +* JSON + * https://github.com/google/oss-fuzz/tree/master/projects/jsoncpp + * https://github.com/officialcjunior/fuzzrtos/tree/c72e6670e566672ccf8023265cbfad616e75790d/protobufv2 +* Lua 5.1 Language, + * https://github.com/ligurio/lua-c-api-tests/tree/master/tests/luaL_loadbuffer_proto + * https://github.com/Spoookyyy/luaj/tree/main/fuzz +* PNG, https://github.com/google/oss-fuzz/tree/master/projects/libpng-proto +* SQL + * https://github.com/tarantool/tarantool/tree/master/test/fuzz/sql_fuzzer + * https://chromium.googlesource.com/chromium/src/third_party/+/refs/heads/main/sqlite/fuzz +* Solidity Language, https://github.com/ethereum/solidity/tree/develop/test/tools/ossfuzz +* XML + * https://github.com/google/oss-fuzz/tree/master/projects/xerces-c + * https://github.com/google/libprotobuf-mutator/tree/master/examples/xml +* JPEG, https://source.chromium.org/chromium/chromium/src/+/main:media/gpu/vaapi/fuzzers/jpeg_decoder/ + ## Bugs found with help of the library ### Chromium