From ac9815e835c62ba3c3be05ab4eec35c33d1b3b77 Mon Sep 17 00:00:00 2001
From: Dmitriy Nikiforov <d.nikiforov@partner.samsung.com>
Date: Mon, 3 Jul 2017 17:11:06 +0300
Subject: [PATCH] Add fuzzing target function for 'bundle' project

Currently it only tests 'bundle_decode' function.

Added files:
  * targets/bundle/build.sh - build script for target function
  * targets/bundle/bundle-fuzz.cpp - target function implementation
---
 targets/bundle/build.sh        | 17 +++++++++++++++++
 targets/bundle/bundle-fuzz.cpp | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100755 targets/bundle/build.sh
 create mode 100644 targets/bundle/bundle-fuzz.cpp

diff --git a/targets/bundle/build.sh b/targets/bundle/build.sh
new file mode 100755
index 0000000..040ba39
--- /dev/null
+++ b/targets/bundle/build.sh
@@ -0,0 +1,17 @@
+#!/bin/bash -e
+
+BUILD_HOME=/home/abuild/rpmbuild/BUILD/bundle-0.2.0
+CXX=g++
+SOURCE=bundle-fuzz.cpp
+LIBS=glib-2.0
+CFLAGS="-g -I${BUILD_HOME}/include/ $(pkg-config --cflags $LIBS)"
+LDFLAGS="-L${BUILD_HOME} -lbundle -lpthread $(pkg-config --libs $LIBS)"
+OUT=bundle-fuzz.out
+LIBFUZZER=$(rpm -ql libFuzzer 2>/dev/null | grep libFuzzer.a)
+
+if [[ -z $LIBFUZZER ]]; then
+   echo "libFuzzer is not installed!"
+   exit 1
+fi
+
+${CXX} ${CFLAGS} ${SOURCE} ${LIBFUZZER} ${LDFLAGS} -o ${OUT}
diff --git a/targets/bundle/bundle-fuzz.cpp b/targets/bundle/bundle-fuzz.cpp
new file mode 100644
index 0000000..725f69b
--- /dev/null
+++ b/targets/bundle/bundle-fuzz.cpp
@@ -0,0 +1,35 @@
+#include <stdint.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <glib.h>
+#include <bundle.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  const char *bundle_data = reinterpret_cast<const char*>(data);
+
+  // compute checksum
+  gchar *chksum = g_compute_checksum_for_string(G_CHECKSUM_MD5, bundle_data, size);
+  // defined in bundle.c
+  const size_t chksum_len = 32;
+
+  // append data to checksum
+  unsigned char *bundle_with_chk = (unsigned char *)calloc(size + chksum_len, sizeof(unsigned char));
+  memcpy(bundle_with_chk, chksum, chksum_len);
+  memcpy(bundle_with_chk + chksum_len, bundle_data, size);
+
+  // encode data
+  gchar *bundle_encoded = g_base64_encode(bundle_with_chk, size + chksum_len);
+  size_t encoded_len = strlen((char *)bundle_encoded);
+
+  // decode data
+  bundle *b = bundle_decode((unsigned char *)bundle_encoded, (int)encoded_len);
+
+  // cleanup
+  bundle_free(b);
+  free(bundle_with_chk);
+  g_free(bundle_encoded);
+  g_free(chksum);
+
+  return 0;
+}
-- 
2.7.4