build: add ClusterFuzzLite setup

.clusterfuzzlite/Dockerfile

@@ -0,0 +1,6 @@
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf automake libtool
+
+COPY . $SRC/libuv
+COPY .clusterfuzzlite/build.sh $SRC/build.sh
+WORKDIR $SRC/libuv

.clusterfuzzlite/README.md

@@ -0,0 +1,16 @@
+# ClusterFuzzLite set up
+This folder contains a fuzzing set for [ClusterFuzzLite](https://google.github.io/clusterfuzzlite).
+
+To reproduce this set up the way ClusterFuzzLite does it (by way of [OSS-Fuzz](https://github.com/google/oss-fuzz)) you can do:
+
+```sh
+git clone https://github.com/google/oss-fuzz
+git clone https://github.com/libuv/libuv
+cd libuv
+
+# Build the fuzzers in .clusterfuzzlite
+python3 ../oss-fuzz/infra/helper.py build_fuzzers --external $PWD
+
+# Run the fuzzer for 10 seconds
+python3 ../oss-fuzz/infra/helper.py run_fuzzer --external $PWD libuv_fuzzer -- -max_total_time=10
+``` 

.clusterfuzzlite/build.sh

@@ -0,0 +1,25 @@
+#!/bin/bash -eu
+# Supply build instructions
+# Use the following environment variables to build the code
+# $CXX: c++ compiler
+# $CC: c compiler
+# CFLAGS: compiler flags for C files
+# CXXFLAGS: compiler flags for CPP files
+# LIB_FUZZING_ENGINE: linker flag for fuzzing harnesses
+
+# When run multiple times locally leftover files may be present in shared
+# OUT folder. Clear these in case.
+rm -f $OUT/test_file*
+
+sh autogen.sh
+./configure
+make -j2
+make install
+find . -name "*.a"
+
+# Copy all fuzzer executables to $OUT/
+$CC $CFLAGS $LIB_FUZZING_ENGINE \
+ $SRC/libuv/.clusterfuzzlite/libuv_fuzzer.c \
+ -o $OUT/libuv_fuzzer \
+ -I$SRC/libuv/include \
+ $SRC/libuv/.libs/libuv.a

.clusterfuzzlite/libuv_fuzzer.c

@@ -0,0 +1,149 @@
+/* Copyright libuv contributors. All rights reserved.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "../src/idna.c"
+#include "uv.h"
+
+static uv_loop_t* loop;
+
+static void dummy_cb(uv_fs_t* req) { (void)req; }
+
+void test_idna(char *payload, size_t size) {
+ char de[256];
+ uv__idna_toascii(payload, payload + size, de, de + 256);
+
+ uv_wtf8_length_as_utf16(payload);
+}
+
+void test_file_ops_1(const uint8_t* data, size_t size) {
+ char read_buf[256];
+ uv_fs_t open_req1;
+ uv_fs_t write_req;
+ uv_buf_t iov;
+ uv_fs_t close_req;
+ uv_fs_t read_req;
+
+ unlink("test_file");
+ uv_fs_open(NULL, &open_req1, "test_file", UV_FS_O_WRONLY | UV_FS_O_CREAT,
+ S_IWUSR | S_IRUSR, NULL);
+ uv_fs_req_cleanup(&open_req1);
+
+ iov = uv_buf_init((char*)data, size);
+ uv_fs_write(NULL, &write_req, open_req1.result, &iov, 1, -1, NULL);
+ uv_fs_req_cleanup(&write_req);
+
+ /* Close after writing */
+ uv_fs_close(NULL, &close_req, open_req1.result, NULL);
+ uv_fs_req_cleanup(&close_req);
+
+ /* Open again to read */
+ uv_fs_open(NULL, &open_req1, "test_file", UV_FS_O_WRONLY | UV_FS_O_CREAT,
+ S_IWUSR | S_IRUSR, NULL);
+ uv_fs_req_cleanup(&open_req1);
+
+ iov = uv_buf_init(read_buf, sizeof(read_buf));
+ uv_fs_read(NULL, &read_req, open_req1.result, &iov, 1, -1, NULL);
+ uv_fs_req_cleanup(&read_req);
+
+ uv_fs_close(NULL, &close_req, open_req1.result, NULL);
+ uv_fs_req_cleanup(&close_req);
+ unlink("test_file");
+}
+
+void test_file_ops_2(const uint8_t* data, size_t size) {
+ uv_buf_t iov;
+ uv_fs_t open_req1;
+ uv_fs_t write_req;
+ uv_fs_t copy_req;
+ uv_fs_t close_req;
+
+ uv_fs_open(NULL, &open_req1, "test_file", UV_FS_O_WRONLY | UV_FS_O_CREAT,
+ S_IWUSR | S_IRUSR, NULL);
+ uv_fs_req_cleanup(&open_req1);
+
+ iov = uv_buf_init(data, size);
+ uv_fs_write(NULL, &write_req, open_req1.result, &iov, 1, -1, NULL);
+ uv_fs_req_cleanup(&write_req);
+
+ uv_fs_copyfile(NULL, &copy_req, "test_file", "test_file2", 0, NULL);
+ uv_fs_req_cleanup(&copy_req);
+
+ uv_fs_close(NULL, &close_req, open_req1.result, NULL);
+ uv_fs_req_cleanup(&close_req);
+
+ uv_fs_req_cleanup(&copy_req);
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ if (size == 0)
+ return 0;
+
+ uint8_t decider = data[0] % 7;
+ data++;
+ size--;
+
+ /* Allocate a null-terminated string that can be used in various fuzz
+ * operations.
+ */
+ char* new_str = malloc(size + 1);
+ if (new_str == NULL)
+ return 0;
+
+ memcpy(new_str, data, size);
+ new_str[size] = '\0';
+
+ /* Perform a single fuzz operation and use the fuzz data to decide
+ * which it should be.
+ */
+ if (decider == 0) {
+ uv_fs_t req;
+ loop = uv_default_loop();
+ uv_fs_realpath(loop, &req, new_str, dummy_cb);
+ uv_run(loop, UV_RUN_DEFAULT);
+ uv_fs_req_cleanup(&req);
+ } else if (decider == 1) {
+ struct sockaddr_in addr;
+ uv_ip4_addr(new_str, 9123, &addr);
+ } else if (decider == 2) {
+ struct sockaddr_in6 addr;
+ uv_ip6_addr(new_str, 9123, &addr);
+ } else if (decider == 3) {
+ test_file_ops_1(data, size);
+ } else if (decider == 4) {
+ test_file_ops_2(data, size);
+ } else if (decider == 5) {
+ test_idna(new_str, size);
+ } else {
+ uv_fs_t req;
+ loop = uv_default_loop();
+ uv_fs_open(NULL, &req, new_str, UV_FS_O_RDONLY, 0, NULL);
+ uv_run(loop, UV_RUN_DEFAULT);
+ uv_fs_req_cleanup(&req);
+ }
+
+ free(new_str);
+ return 0;
+}

.clusterfuzzlite/project.yaml

@@ -0,0 +1 @@
+language: c

.github/workflows/cflite_pr.yml

@@ -0,0 +1,30 @@
+name: ClusterFuzzLite PR fuzzing
+on:
+ workflow_dispatch:
+ pull_request:
+ branches: [ v1.x ]
+permissions: read-all
+jobs:
+ PR:
+ runs-on: ubuntu-latest
+ strategy:
+ fail-fast: false
+ matrix:
+ sanitizer: [address]
+ steps:
+ - name: Build Fuzzers (${{ matrix.sanitizer }})
+ id: build
+ uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+ with:
+ sanitizer: ${{ matrix.sanitizer }}
+ language: c
+ bad-build-check: false
+ - name: Run Fuzzers (${{ matrix.sanitizer }})
+ id: run
+ uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+ with:
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+ fuzz-seconds: 100
+ mode: 'code-change'
+ report-unreproducible-crashes: false
+ sanitizer: ${{ matrix.sanitizer }}