Skip to content

Commit 9053611

Browse files
dbrgndbrgn
committed
Add afl fuzz target
1 parent 83368db commit 9053611

File tree

11 files changed

+77
-0
lines changed

11 files changed

+77
-0
lines changed

fuzz-afl/.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
out/

fuzz-afl/Cargo.toml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
[package]
2+
name = "fuzz-target-jpeg-decoder"
3+
version = "0.1.0"
4+
authors = ["jpeg-decoder developers"]
5+
edition = "2018"
6+
7+
[[bin]]
8+
name = "fuzz_decode"
9+
path = "src/fuzz_decode.rs"
10+
11+
[[bin]]
12+
name = "reproduce_decode"
13+
path = "src/reproduce_decode.rs"
14+
15+
[dependencies]
16+
afl = "0.4"
17+
jpeg-decoder = { path = "../" }

fuzz-afl/README.md

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
# Fuzzing harnesses
2+
3+
## Using the fuzzer
4+
5+
Install afl:
6+
7+
$ cargo install afl
8+
9+
Build fuzz target:
10+
11+
$ cargo afl build --release --bin fuzz_<format>
12+
13+
Run afl:
14+
15+
$ mkdir out/
16+
$ cargo afl fuzz -i in/ -o out/ target/release/fuzz_<target>
17+
18+
To reproduce a crash:
19+
20+
$ cargo run --bin reproduce_<target>
21+
22+
Note: You should also try fuzzing in debug mode, since things like overflow
23+
checks don't happen in release mode. (Release mode is much faster though.)

fuzz-afl/in/4x4.jpg

1.4 KB
Loading

fuzz-afl/in/grass.jpg

6.5 KB
Loading

fuzz-afl/in/relax-jpeg.jpg

16.1 KB
Loading

fuzz-afl/in/relax-jpeg2000.jp2

15.9 KB
Binary file not shown.

fuzz-afl/in/window-q0.jpg

13.2 KB
Loading

fuzz-afl/in/window-q20.jpg

12.4 KB
Loading

fuzz-afl/src/fuzz_decode.rs

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
use afl::fuzz;
2+
3+
use jpeg_decoder::{Decoder, Error};
4+
5+
#[inline(always)]
6+
fn decode(data: &[u8]) -> Result<Vec<u8>, Error> {
7+
let mut decoder = Decoder::new(data);
8+
decoder.decode()
9+
}
10+
11+
fn main() {
12+
fuzz!(|data: &[u8]| {
13+
let _ = decode(data);
14+
});
15+
}

0 commit comments

Comments
 (0)