Sekoia/softsec-submission
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: changes to scripts, add some diffs

Browse source
This commit is contained in:
SekoiaTree 2025-05-15 16:41:28 +02:00
parent 51a83f7ac8
commit 04dc8e765c
32 changed files with 1256 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
part1/oss-fuzz.diff
View file

@ -1,5 +1,18 @@
diff --git a/infra/helper.py b/infra/helper.py
index edf073458..a595dbfbb 100755
--- a/infra/helper.py
+++ b/infra/helper.py
@@ -1448,6 +1448,8 @@ def run_fuzzer(args):
'%s:/out' % args.project.out,
'-t',
BASE_RUNNER_IMAGE,
+ 'timeout',
+ '14400',
'run_fuzzer',
args.fuzzer_name,
] + args.fuzzer_args)
diff --git a/projects/libpng/Dockerfile b/projects/libpng/Dockerfile
index 6f281cd55..aecae58ac 100644
index 6f281cd55..3017d4404 100644
--- a/projects/libpng/Dockerfile
+++ b/projects/libpng/Dockerfile
@@ -19,6 +19,7 @@ RUN apt-get update && \
@ -7,7 +20,7 @@ index 6f281cd55..aecae58ac 100644
RUN git clone --depth 1 https://github.com/madler/zlib.git
-RUN git clone --depth 1 https://github.com/pnggroup/libpng.git
+RUN git clone --depth 1 --branch v1.6.48 https://github.com/pnggroup/libpng.git
+RUN git clone --depth 1 --branch BRANCH_TO_CHECKOUT https://github.com/SekoiaTree/libpng.git
+#FUZZ_SEED_DISABLE RUN sed -i 's/libpng_read_fuzzer_seed_corpus\.zip/libpng_read_fuzzer_seed_corpus.zip.disabled/g' $SRC/build.sh
RUN cp libpng/contrib/oss-fuzz/build.sh $SRC
+RUN sed -i 's/libpng_read_fuzzer_seed_corpus\.zip/libpng_read_fuzzer_seed_corpus.zip.disabled/g' $SRC/build.sh
WORKDIR libpng

8
part1/report/w_corpus/directory_view_index.html Normal file
View file

@ -0,0 +1,8 @@
<!DOCTYPE html>
<html>
<head>
<!-- HTML meta refresh URL redirection -->
<meta http-equiv="refresh" content="0; url=report.html">
</head>
</html>

286
part1/report/w_corpus/file_view_index.html Normal file
View file

@ -0,0 +1,286 @@
<!doctype html>
<html>
<head>
<meta name='viewport' content='width=device-width,initial-scale=1'>
<meta charset='UTF-8'>
<link rel='stylesheet' type='text/css' href='../style.css'>
<!-- Custom style overrides -->
<style>
/* Copyright 2018 The Chromium Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file. */
th, td {
padding: 5px 16px;
}
tbody td, tfoot td {
font-size: 14px;
}
thead th {
font-size: 16px;
}
thead th, tfoot td {
background-color: #f5f5f5;
border-left: 1px solid #e4e4e4;
border-right: 1px solid #e4e4e4;
color: #484848;
text-transform: uppercase;
}
tbody tr:hover td, tfoot tr:hover td {
background-color: #f5f5f5;
border-color: #e4e4e4 !important;
}
</style>
</head>
<body>
<h2>Coverage Report</h2>
<p>
View results by:
<a href='directory_view_index.html'>Directories</a>
| <a href='file_view_index.html'>Files</a>
</p>
<div class='centered'><table>
<thead>
<tr>
<th class="column-entry-bold">Path</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.LINE)" title=
"Line coverage is the percentage of code lines which have been executed at least once. Only executable lines within function bodies are considered to be code lines.">
Line Coverage
</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.FUNCTION)" title=
"Function coverage is the percentage of functions which have been executed at least once. A function is considered to be executed if any of its instantiations are executed.">
Function Coverage
</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.REGION)" title=
"Region coverage is the percentage of code regions which have been executed at least once. A code region may span multiple lines (e.g in a large function body with no control flow). However, it's also possible for a single line to contain multiple code regions (e.g in 'return x || y &amp;&amp; z').">
Region Coverage
</th>
</tr>
</thead>
<tbody>
<tr class="light-row">
<td>
<pre><a href='src/libpng/contrib/oss-fuzz/libpng_read_fuzzer.cc.html'>src/libpng/contrib/oss-fuzz/libpng_read_fuzzer.cc</a></pre>
</td>
<td class='column-entry-yellow'>
<pre> 87.93% (102/116)</pre>
</td>
<td class='column-entry-green'>
<pre>100.00% (5/5)</pre>
</td>
<td class='column-entry-red'>
<pre> 59.33% (124/209)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='src/libpng/png.c.html'>src/libpng/png.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 42.74% (727/1701)</pre>
</td>
<td class='column-entry-red'>
<pre> 57.58% (38/66)</pre>
</td>
<td class='column-entry-red'>
<pre> 42.13% (610/1448)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='src/libpng/pngerror.c.html'>src/libpng/pngerror.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 55.26% (210/380)</pre>
</td>
<td class='column-entry-red'>
<pre> 70.37% (19/27)</pre>
</td>
<td class='column-entry-red'>
<pre> 51.13% (158/309)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='src/libpng/pngget.c.html'>src/libpng/pngget.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 3.50% (26/742)</pre>
</td>
<td class='column-entry-red'>
<pre> 2.78% (2/72)</pre>
</td>
<td class='column-entry-red'>
<pre> 3.00% (26/866)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='src/libpng/pngmem.c.html'>src/libpng/pngmem.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 79.28% (88/111)</pre>
</td>
<td class='column-entry-yellow'>
<pre> 84.62% (11/13)</pre>
</td>
<td class='column-entry-red'>
<pre> 75.96% (79/104)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='src/libpng/pngread.c.html'>src/libpng/pngread.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 28.36% (638/2250)</pre>
</td>
<td class='column-entry-red'>
<pre> 47.37% (18/38)</pre>
</td>
<td class='column-entry-red'>
<pre> 27.80% (609/2191)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='src/libpng/pngrio.c.html'>src/libpng/pngrio.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 78.57% (11/14)</pre>
</td>
<td class='column-entry-green'>
<pre>100.00% (2/2)</pre>
</td>
<td class='column-entry-red'>
<pre> 70.00% (7/10)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='src/libpng/pngrtran.c.html'>src/libpng/pngrtran.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 30.17% (1025/3397)</pre>
</td>
<td class='column-entry-red'>
<pre> 52.08% (25/48)</pre>
</td>
<td class='column-entry-red'>
<pre> 32.38% (694/2143)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='src/libpng/pngrutil.c.html'>src/libpng/pngrutil.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 73.31% (1912/2608)</pre>
</td>
<td class='column-entry-yellow'>
<pre> 93.22% (55/59)</pre>
</td>
<td class='column-entry-red'>
<pre> 29.12% (1953/6707)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='src/libpng/pngset.c.html'>src/libpng/pngset.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 53.03% (587/1107)</pre>
</td>
<td class='column-entry-red'>
<pre> 48.98% (24/49)</pre>
</td>
<td class='column-entry-red'>
<pre> 54.13% (511/944)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='src/libpng/pngtrans.c.html'>src/libpng/pngtrans.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 8.67% (36/415)</pre>
</td>
<td class='column-entry-red'>
<pre> 19.05% (4/21)</pre>
</td>
<td class='column-entry-red'>
<pre> 12.01% (37/308)</pre>
</td>
</tr>
</tbody>
<tfoot>
<tr class="light-row-bold">
<td>
<pre>Totals</pre>
</td>
<td class='column-entry-red'>
<pre> 41.76% (5362/12841)</pre>
</td>
<td class='column-entry-red'>
<pre> 50.75% (203/400)</pre>
</td>
<td class='column-entry-red'>
<pre> 31.55% (4808/15239)</pre>
</td>
</tr>
</tfoot>
</table>
<script>
const SORT_COLUMN = {
LINE: 2,
FUNCTION: 3,
REGION: 4,
}
const SORT_TYPES = {
UNSET: -1,
PERCENT: 0,
AGGREGATE: 1,
}
var SORT_ORDER = {
[SORT_COLUMN.LINE]: [SORT_TYPES.UNSET],
[SORT_COLUMN.FUNCTION]: [SORT_TYPES.UNSET],
[SORT_COLUMN.REGION]: [SORT_TYPES.UNSET],
}
function sortTable(columnNumber) {
SORT_ORDER[columnNumber] = ++SORT_ORDER[columnNumber] % 2;
let columnSortOrder = SORT_ORDER[columnNumber];
let tbody = document.getElementsByTagName("tbody")[0];
[].slice.call(tbody.rows).sort(function(a, b) {
let aColumn = a.cells[columnNumber-1].textContent;
let bColumn = b.cells[columnNumber-1].textContent;
let aColumnCompare, bColumnCompare;
if (columnSortOrder == SORT_TYPES.PERCENT) {
aColumnCompare = parseFloat(/([0-9.]+)%/.exec(aColumn)[1]);
bColumnCompare = parseFloat(/([0-9.]+)%/.exec(bColumn)[1]);
} else {
aColumnCompare = parseInt(/\/(\d+)/.exec(aColumn)[1]);
bColumnCompare = parseInt(/\/(\d+)/.exec(bColumn)[1]);
}
return (
aColumnCompare < bColumnCompare ? -1:
aColumnCompare > bColumnCompare ? 1 : 0);
}).forEach(function(value, index) {
tbody.appendChild(value);
});
}
</script> </div>
</body>
</html>

8
part1/report/w_corpus/index.html Normal file
View file

@ -0,0 +1,8 @@
<!DOCTYPE html>
<html>
<head>
<!-- HTML meta refresh URL redirection -->
<meta http-equiv="refresh" content="0; url=directory_view_index.html">
</head>
</html>

146
part1/report/w_corpus/report.html Normal file
View file

@ -0,0 +1,146 @@
<!doctype html>
<html>
<head>
<meta name='viewport' content='width=device-width,initial-scale=1'>
<meta charset='UTF-8'>
<link rel='stylesheet' type='text/css' href='../style.css'>
<!-- Custom style overrides -->
<style>
/* Copyright 2018 The Chromium Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file. */
th, td {
padding: 5px 16px;
}
tbody td, tfoot td {
font-size: 14px;
}
thead th {
font-size: 16px;
}
thead th, tfoot td {
background-color: #f5f5f5;
border-left: 1px solid #e4e4e4;
border-right: 1px solid #e4e4e4;
color: #484848;
text-transform: uppercase;
}
tbody tr:hover td, tfoot tr:hover td {
background-color: #f5f5f5;
border-color: #e4e4e4 !important;
}
</style>
</head>
<body>
<h2>Coverage Report</h2>
<p>
View results by:
<a href='directory_view_index.html'>Directories</a>
| <a href='file_view_index.html'>Files</a>
</p>
<div class='centered'><table>
<thead>
<tr>
<th class="column-entry-bold">Path</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.LINE)" title=
"Line coverage is the percentage of code lines which have been executed at least once. Only executable lines within function bodies are considered to be code lines.">
Line Coverage
</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.FUNCTION)" title=
"Function coverage is the percentage of functions which have been executed at least once. A function is considered to be executed if any of its instantiations are executed.">
Function Coverage
</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.REGION)" title=
"Region coverage is the percentage of code regions which have been executed at least once. A code region may span multiple lines (e.g in a large function body with no control flow). However, it's also possible for a single line to contain multiple code regions (e.g in 'return x || y &amp;&amp; z').">
Region Coverage
</th>
</tr>
</thead>
<tbody>
<tr class="light-row">
<td>
<pre><a href='src/report.html'>src/</a></pre>
</td>
<td class='column-entry-red'>
<pre> 41.76% (5362/12841)</pre>
</td>
<td class='column-entry-red'>
<pre> 50.75% (203/400)</pre>
</td>
<td class='column-entry-red'>
<pre> 31.55% (4808/15239)</pre>
</td>
</tr>
</tbody>
<tfoot>
<tr class="light-row-bold">
<td>
<pre>Totals</pre>
</td>
<td class='column-entry-red'>
<pre> 41.76% (5362/12841)</pre>
</td>
<td class='column-entry-red'>
<pre> 50.75% (203/400)</pre>
</td>
<td class='column-entry-red'>
<pre> 31.55% (4808/15239)</pre>
</td>
</tr>
</tfoot>
</table>
<script>
const SORT_COLUMN = {
LINE: 2,
FUNCTION: 3,
REGION: 4,
}
const SORT_TYPES = {
UNSET: -1,
PERCENT: 0,
AGGREGATE: 1,
}
var SORT_ORDER = {
[SORT_COLUMN.LINE]: [SORT_TYPES.UNSET],
[SORT_COLUMN.FUNCTION]: [SORT_TYPES.UNSET],
[SORT_COLUMN.REGION]: [SORT_TYPES.UNSET],
}
function sortTable(columnNumber) {
SORT_ORDER[columnNumber] = ++SORT_ORDER[columnNumber] % 2;
let columnSortOrder = SORT_ORDER[columnNumber];
let tbody = document.getElementsByTagName("tbody")[0];
[].slice.call(tbody.rows).sort(function(a, b) {
let aColumn = a.cells[columnNumber-1].textContent;
let bColumn = b.cells[columnNumber-1].textContent;
let aColumnCompare, bColumnCompare;
if (columnSortOrder == SORT_TYPES.PERCENT) {
aColumnCompare = parseFloat(/([0-9.]+)%/.exec(aColumn)[1]);
bColumnCompare = parseFloat(/([0-9.]+)%/.exec(bColumn)[1]);
} else {
aColumnCompare = parseInt(/\/(\d+)/.exec(aColumn)[1]);
bColumnCompare = parseInt(/\/(\d+)/.exec(bColumn)[1]);
}
return (
aColumnCompare < bColumnCompare ? -1:
aColumnCompare > bColumnCompare ? 1 : 0);
}).forEach(function(value, index) {
tbody.appendChild(value);
});
}
</script> </div>
</body>
</html>

1
part1/report/w_corpus/src/libpng/contrib/oss-fuzz/libpng_read_fuzzer.cc.html Normal file
View file

File diff suppressed because one or more lines are too long

146
part1/report/w_corpus/src/libpng/contrib/oss-fuzz/report.html Normal file
View file

@ -0,0 +1,146 @@
<!doctype html>
<html>
<head>
<meta name='viewport' content='width=device-width,initial-scale=1'>
<meta charset='UTF-8'>
<link rel='stylesheet' type='text/css' href='../../../../../style.css'>
<!-- Custom style overrides -->
<style>
/* Copyright 2018 The Chromium Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file. */
th, td {
padding: 5px 16px;
}
tbody td, tfoot td {
font-size: 14px;
}
thead th {
font-size: 16px;
}
thead th, tfoot td {
background-color: #f5f5f5;
border-left: 1px solid #e4e4e4;
border-right: 1px solid #e4e4e4;
color: #484848;
text-transform: uppercase;
}
tbody tr:hover td, tfoot tr:hover td {
background-color: #f5f5f5;
border-color: #e4e4e4 !important;
}
</style>
</head>
<body>
<h2>Coverage Report</h2>
<p>
View results by:
<a href='../../../../directory_view_index.html'>Directories</a>
| <a href='../../../../file_view_index.html'>Files</a>
</p>
<div class='centered'><table>
<thead>
<tr>
<th class="column-entry-bold">Path</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.LINE)" title=
"Line coverage is the percentage of code lines which have been executed at least once. Only executable lines within function bodies are considered to be code lines.">
Line Coverage
</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.FUNCTION)" title=
"Function coverage is the percentage of functions which have been executed at least once. A function is considered to be executed if any of its instantiations are executed.">
Function Coverage
</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.REGION)" title=
"Region coverage is the percentage of code regions which have been executed at least once. A code region may span multiple lines (e.g in a large function body with no control flow). However, it's also possible for a single line to contain multiple code regions (e.g in 'return x || y &amp;&amp; z').">
Region Coverage
</th>
</tr>
</thead>
<tbody>
<tr class="light-row">
<td>
<pre><a href='libpng_read_fuzzer.cc.html'>libpng_read_fuzzer.cc</a></pre>
</td>
<td class='column-entry-yellow'>
<pre> 87.93% (102/116)</pre>
</td>
<td class='column-entry-green'>
<pre>100.00% (5/5)</pre>
</td>
<td class='column-entry-red'>
<pre> 59.33% (124/209)</pre>
</td>
</tr>
</tbody>
<tfoot>
<tr class="light-row-bold">
<td>
<pre>Totals</pre>
</td>
<td class='column-entry-yellow'>
<pre> 87.93% (102/116)</pre>
</td>
<td class='column-entry-green'>
<pre>100.00% (5/5)</pre>
</td>
<td class='column-entry-red'>
<pre> 59.33% (124/209)</pre>
</td>
</tr>
</tfoot>
</table>
<script>
const SORT_COLUMN = {
LINE: 2,
FUNCTION: 3,
REGION: 4,
}
const SORT_TYPES = {
UNSET: -1,
PERCENT: 0,
AGGREGATE: 1,
}
var SORT_ORDER = {
[SORT_COLUMN.LINE]: [SORT_TYPES.UNSET],
[SORT_COLUMN.FUNCTION]: [SORT_TYPES.UNSET],
[SORT_COLUMN.REGION]: [SORT_TYPES.UNSET],
}
function sortTable(columnNumber) {
SORT_ORDER[columnNumber] = ++SORT_ORDER[columnNumber] % 2;
let columnSortOrder = SORT_ORDER[columnNumber];
let tbody = document.getElementsByTagName("tbody")[0];
[].slice.call(tbody.rows).sort(function(a, b) {
let aColumn = a.cells[columnNumber-1].textContent;
let bColumn = b.cells[columnNumber-1].textContent;
let aColumnCompare, bColumnCompare;
if (columnSortOrder == SORT_TYPES.PERCENT) {
aColumnCompare = parseFloat(/([0-9.]+)%/.exec(aColumn)[1]);
bColumnCompare = parseFloat(/([0-9.]+)%/.exec(bColumn)[1]);
} else {
aColumnCompare = parseInt(/\/(\d+)/.exec(aColumn)[1]);
bColumnCompare = parseInt(/\/(\d+)/.exec(bColumn)[1]);
}
return (
aColumnCompare < bColumnCompare ? -1:
aColumnCompare > bColumnCompare ? 1 : 0);
}).forEach(function(value, index) {
tbody.appendChild(value);
});
}
</script> </div>
</body>
</html>

146
part1/report/w_corpus/src/libpng/contrib/report.html Normal file
View file

@ -0,0 +1,146 @@
<!doctype html>
<html>
<head>
<meta name='viewport' content='width=device-width,initial-scale=1'>
<meta charset='UTF-8'>
<link rel='stylesheet' type='text/css' href='../../../../style.css'>
<!-- Custom style overrides -->
<style>
/* Copyright 2018 The Chromium Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file. */
th, td {
padding: 5px 16px;
}
tbody td, tfoot td {
font-size: 14px;
}
thead th {
font-size: 16px;
}
thead th, tfoot td {
background-color: #f5f5f5;
border-left: 1px solid #e4e4e4;
border-right: 1px solid #e4e4e4;
color: #484848;
text-transform: uppercase;
}
tbody tr:hover td, tfoot tr:hover td {
background-color: #f5f5f5;
border-color: #e4e4e4 !important;
}
</style>
</head>
<body>
<h2>Coverage Report</h2>
<p>
View results by:
<a href='../../../directory_view_index.html'>Directories</a>
| <a href='../../../file_view_index.html'>Files</a>
</p>
<div class='centered'><table>
<thead>
<tr>
<th class="column-entry-bold">Path</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.LINE)" title=
"Line coverage is the percentage of code lines which have been executed at least once. Only executable lines within function bodies are considered to be code lines.">
Line Coverage
</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.FUNCTION)" title=
"Function coverage is the percentage of functions which have been executed at least once. A function is considered to be executed if any of its instantiations are executed.">
Function Coverage
</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.REGION)" title=
"Region coverage is the percentage of code regions which have been executed at least once. A code region may span multiple lines (e.g in a large function body with no control flow). However, it's also possible for a single line to contain multiple code regions (e.g in 'return x || y &amp;&amp; z').">
Region Coverage
</th>
</tr>
</thead>
<tbody>
<tr class="light-row">
<td>
<pre><a href='oss-fuzz/report.html'>oss-fuzz/</a></pre>
</td>
<td class='column-entry-yellow'>
<pre> 87.93% (102/116)</pre>
</td>
<td class='column-entry-green'>
<pre>100.00% (5/5)</pre>
</td>
<td class='column-entry-red'>
<pre> 59.33% (124/209)</pre>
</td>
</tr>
</tbody>
<tfoot>
<tr class="light-row-bold">
<td>
<pre>Totals</pre>
</td>
<td class='column-entry-yellow'>
<pre> 87.93% (102/116)</pre>
</td>
<td class='column-entry-green'>
<pre>100.00% (5/5)</pre>
</td>
<td class='column-entry-red'>
<pre> 59.33% (124/209)</pre>
</td>
</tr>
</tfoot>
</table>
<script>
const SORT_COLUMN = {
LINE: 2,
FUNCTION: 3,
REGION: 4,
}
const SORT_TYPES = {
UNSET: -1,
PERCENT: 0,
AGGREGATE: 1,
}
var SORT_ORDER = {
[SORT_COLUMN.LINE]: [SORT_TYPES.UNSET],
[SORT_COLUMN.FUNCTION]: [SORT_TYPES.UNSET],
[SORT_COLUMN.REGION]: [SORT_TYPES.UNSET],
}
function sortTable(columnNumber) {
SORT_ORDER[columnNumber] = ++SORT_ORDER[columnNumber] % 2;
let columnSortOrder = SORT_ORDER[columnNumber];
let tbody = document.getElementsByTagName("tbody")[0];
[].slice.call(tbody.rows).sort(function(a, b) {
let aColumn = a.cells[columnNumber-1].textContent;
let bColumn = b.cells[columnNumber-1].textContent;
let aColumnCompare, bColumnCompare;
if (columnSortOrder == SORT_TYPES.PERCENT) {
aColumnCompare = parseFloat(/([0-9.]+)%/.exec(aColumn)[1]);
bColumnCompare = parseFloat(/([0-9.]+)%/.exec(bColumn)[1]);
} else {
aColumnCompare = parseInt(/\/(\d+)/.exec(aColumn)[1]);
bColumnCompare = parseInt(/\/(\d+)/.exec(bColumn)[1]);
}
return (
aColumnCompare < bColumnCompare ? -1:
aColumnCompare > bColumnCompare ? 1 : 0);
}).forEach(function(value, index) {
tbody.appendChild(value);
});
}
</script> </div>
</body>
</html>

1
part1/report/w_corpus/src/libpng/png.c.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/png.h.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/pngdebug.h.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/pngerror.c.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/pngget.c.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/pnglibconf.h.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/pngmem.c.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/pngprefix.h.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/pngpriv.h.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/pngread.c.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/pngrio.c.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/pngrtran.c.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/pngrutil.c.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/pngset.c.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/pngstruct.h.html Normal file
View file

File diff suppressed because one or more lines are too long

1
part1/report/w_corpus/src/libpng/pngtrans.c.html Normal file
View file

File diff suppressed because one or more lines are too long

286
part1/report/w_corpus/src/libpng/report.html Normal file
View file

@ -0,0 +1,286 @@
<!doctype html>
<html>
<head>
<meta name='viewport' content='width=device-width,initial-scale=1'>
<meta charset='UTF-8'>
<link rel='stylesheet' type='text/css' href='../../../style.css'>
<!-- Custom style overrides -->
<style>
/* Copyright 2018 The Chromium Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file. */
th, td {
padding: 5px 16px;
}
tbody td, tfoot td {
font-size: 14px;
}
thead th {
font-size: 16px;
}
thead th, tfoot td {
background-color: #f5f5f5;
border-left: 1px solid #e4e4e4;
border-right: 1px solid #e4e4e4;
color: #484848;
text-transform: uppercase;
}
tbody tr:hover td, tfoot tr:hover td {
background-color: #f5f5f5;
border-color: #e4e4e4 !important;
}
</style>
</head>
<body>
<h2>Coverage Report</h2>
<p>
View results by:
<a href='../../directory_view_index.html'>Directories</a>
| <a href='../../file_view_index.html'>Files</a>
</p>
<div class='centered'><table>
<thead>
<tr>
<th class="column-entry-bold">Path</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.LINE)" title=
"Line coverage is the percentage of code lines which have been executed at least once. Only executable lines within function bodies are considered to be code lines.">
Line Coverage
</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.FUNCTION)" title=
"Function coverage is the percentage of functions which have been executed at least once. A function is considered to be executed if any of its instantiations are executed.">
Function Coverage
</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.REGION)" title=
"Region coverage is the percentage of code regions which have been executed at least once. A code region may span multiple lines (e.g in a large function body with no control flow). However, it's also possible for a single line to contain multiple code regions (e.g in 'return x || y &amp;&amp; z').">
Region Coverage
</th>
</tr>
</thead>
<tbody>
<tr class="light-row">
<td>
<pre><a href='contrib/report.html'>contrib/</a></pre>
</td>
<td class='column-entry-yellow'>
<pre> 87.93% (102/116)</pre>
</td>
<td class='column-entry-green'>
<pre>100.00% (5/5)</pre>
</td>
<td class='column-entry-red'>
<pre> 59.33% (124/209)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='png.c.html'>png.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 42.74% (727/1701)</pre>
</td>
<td class='column-entry-red'>
<pre> 57.58% (38/66)</pre>
</td>
<td class='column-entry-red'>
<pre> 42.13% (610/1448)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='pngerror.c.html'>pngerror.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 55.26% (210/380)</pre>
</td>
<td class='column-entry-red'>
<pre> 70.37% (19/27)</pre>
</td>
<td class='column-entry-red'>
<pre> 51.13% (158/309)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='pngget.c.html'>pngget.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 3.50% (26/742)</pre>
</td>
<td class='column-entry-red'>
<pre> 2.78% (2/72)</pre>
</td>
<td class='column-entry-red'>
<pre> 3.00% (26/866)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='pngmem.c.html'>pngmem.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 79.28% (88/111)</pre>
</td>
<td class='column-entry-yellow'>
<pre> 84.62% (11/13)</pre>
</td>
<td class='column-entry-red'>
<pre> 75.96% (79/104)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='pngread.c.html'>pngread.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 28.36% (638/2250)</pre>
</td>
<td class='column-entry-red'>
<pre> 47.37% (18/38)</pre>
</td>
<td class='column-entry-red'>
<pre> 27.80% (609/2191)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='pngrio.c.html'>pngrio.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 78.57% (11/14)</pre>
</td>
<td class='column-entry-green'>
<pre>100.00% (2/2)</pre>
</td>
<td class='column-entry-red'>
<pre> 70.00% (7/10)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='pngrtran.c.html'>pngrtran.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 30.17% (1025/3397)</pre>
</td>
<td class='column-entry-red'>
<pre> 52.08% (25/48)</pre>
</td>
<td class='column-entry-red'>
<pre> 32.38% (694/2143)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='pngrutil.c.html'>pngrutil.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 73.31% (1912/2608)</pre>
</td>
<td class='column-entry-yellow'>
<pre> 93.22% (55/59)</pre>
</td>
<td class='column-entry-red'>
<pre> 29.12% (1953/6707)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='pngset.c.html'>pngset.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 53.03% (587/1107)</pre>
</td>
<td class='column-entry-red'>
<pre> 48.98% (24/49)</pre>
</td>
<td class='column-entry-red'>
<pre> 54.13% (511/944)</pre>
</td>
</tr>
<tr class="light-row">
<td>
<pre><a href='pngtrans.c.html'>pngtrans.c</a></pre>
</td>
<td class='column-entry-red'>
<pre> 8.67% (36/415)</pre>
</td>
<td class='column-entry-red'>
<pre> 19.05% (4/21)</pre>
</td>
<td class='column-entry-red'>
<pre> 12.01% (37/308)</pre>
</td>
</tr>
</tbody>
<tfoot>
<tr class="light-row-bold">
<td>
<pre>Totals</pre>
</td>
<td class='column-entry-red'>
<pre> 41.76% (5362/12841)</pre>
</td>
<td class='column-entry-red'>
<pre> 50.75% (203/400)</pre>
</td>
<td class='column-entry-red'>
<pre> 31.55% (4808/15239)</pre>
</td>
</tr>
</tfoot>
</table>
<script>
const SORT_COLUMN = {
LINE: 2,
FUNCTION: 3,
REGION: 4,
}
const SORT_TYPES = {
UNSET: -1,
PERCENT: 0,
AGGREGATE: 1,
}
var SORT_ORDER = {
[SORT_COLUMN.LINE]: [SORT_TYPES.UNSET],
[SORT_COLUMN.FUNCTION]: [SORT_TYPES.UNSET],
[SORT_COLUMN.REGION]: [SORT_TYPES.UNSET],
}
function sortTable(columnNumber) {
SORT_ORDER[columnNumber] = ++SORT_ORDER[columnNumber] % 2;
let columnSortOrder = SORT_ORDER[columnNumber];
let tbody = document.getElementsByTagName("tbody")[0];
[].slice.call(tbody.rows).sort(function(a, b) {
let aColumn = a.cells[columnNumber-1].textContent;
let bColumn = b.cells[columnNumber-1].textContent;
let aColumnCompare, bColumnCompare;
if (columnSortOrder == SORT_TYPES.PERCENT) {
aColumnCompare = parseFloat(/([0-9.]+)%/.exec(aColumn)[1]);
bColumnCompare = parseFloat(/([0-9.]+)%/.exec(bColumn)[1]);
} else {
aColumnCompare = parseInt(/\/(\d+)/.exec(aColumn)[1]);
bColumnCompare = parseInt(/\/(\d+)/.exec(bColumn)[1]);
}
return (
aColumnCompare < bColumnCompare ? -1:
aColumnCompare > bColumnCompare ? 1 : 0);
}).forEach(function(value, index) {
tbody.appendChild(value);
});
}
</script> </div>
</body>
</html>

146
part1/report/w_corpus/src/report.html Normal file
View file

@ -0,0 +1,146 @@
<!doctype html>
<html>
<head>
<meta name='viewport' content='width=device-width,initial-scale=1'>
<meta charset='UTF-8'>
<link rel='stylesheet' type='text/css' href='../../style.css'>
<!-- Custom style overrides -->
<style>
/* Copyright 2018 The Chromium Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file. */
th, td {
padding: 5px 16px;
}
tbody td, tfoot td {
font-size: 14px;
}
thead th {
font-size: 16px;
}
thead th, tfoot td {
background-color: #f5f5f5;
border-left: 1px solid #e4e4e4;
border-right: 1px solid #e4e4e4;
color: #484848;
text-transform: uppercase;
}
tbody tr:hover td, tfoot tr:hover td {
background-color: #f5f5f5;
border-color: #e4e4e4 !important;
}
</style>
</head>
<body>
<h2>Coverage Report</h2>
<p>
View results by:
<a href='../directory_view_index.html'>Directories</a>
| <a href='../file_view_index.html'>Files</a>
</p>
<div class='centered'><table>
<thead>
<tr>
<th class="column-entry-bold">Path</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.LINE)" title=
"Line coverage is the percentage of code lines which have been executed at least once. Only executable lines within function bodies are considered to be code lines.">
Line Coverage
</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.FUNCTION)" title=
"Function coverage is the percentage of functions which have been executed at least once. A function is considered to be executed if any of its instantiations are executed.">
Function Coverage
</th>
<th class="column-entry-bold" onclick="sortTable(SORT_COLUMN.REGION)" title=
"Region coverage is the percentage of code regions which have been executed at least once. A code region may span multiple lines (e.g in a large function body with no control flow). However, it's also possible for a single line to contain multiple code regions (e.g in 'return x || y &amp;&amp; z').">
Region Coverage
</th>
</tr>
</thead>
<tbody>
<tr class="light-row">
<td>
<pre><a href='libpng/report.html'>libpng/</a></pre>
</td>
<td class='column-entry-red'>
<pre> 41.76% (5362/12841)</pre>
</td>
<td class='column-entry-red'>
<pre> 50.75% (203/400)</pre>
</td>
<td class='column-entry-red'>
<pre> 31.55% (4808/15239)</pre>
</td>
</tr>
</tbody>
<tfoot>
<tr class="light-row-bold">
<td>
<pre>Totals</pre>
</td>
<td class='column-entry-red'>
<pre> 41.76% (5362/12841)</pre>
</td>
<td class='column-entry-red'>
<pre> 50.75% (203/400)</pre>
</td>
<td class='column-entry-red'>
<pre> 31.55% (4808/15239)</pre>
</td>
</tr>
</tfoot>
</table>
<script>
const SORT_COLUMN = {
LINE: 2,
FUNCTION: 3,
REGION: 4,
}
const SORT_TYPES = {
UNSET: -1,
PERCENT: 0,
AGGREGATE: 1,
}
var SORT_ORDER = {
[SORT_COLUMN.LINE]: [SORT_TYPES.UNSET],
[SORT_COLUMN.FUNCTION]: [SORT_TYPES.UNSET],
[SORT_COLUMN.REGION]: [SORT_TYPES.UNSET],
}
function sortTable(columnNumber) {
SORT_ORDER[columnNumber] = ++SORT_ORDER[columnNumber] % 2;
let columnSortOrder = SORT_ORDER[columnNumber];
let tbody = document.getElementsByTagName("tbody")[0];
[].slice.call(tbody.rows).sort(function(a, b) {
let aColumn = a.cells[columnNumber-1].textContent;
let bColumn = b.cells[columnNumber-1].textContent;
let aColumnCompare, bColumnCompare;
if (columnSortOrder == SORT_TYPES.PERCENT) {
aColumnCompare = parseFloat(/([0-9.]+)%/.exec(aColumn)[1]);
bColumnCompare = parseFloat(/([0-9.]+)%/.exec(bColumn)[1]);
} else {
aColumnCompare = parseInt(/\/(\d+)/.exec(aColumn)[1]);
bColumnCompare = parseInt(/\/(\d+)/.exec(bColumn)[1]);
}
return (
aColumnCompare < bColumnCompare ? -1:
aColumnCompare > bColumnCompare ? 1 : 0);
}).forEach(function(value, index) {
tbody.appendChild(value);
});
}
</script> </div>
</body>
</html>

1
part1/report/w_corpus/summary.json Normal file
View file

File diff suppressed because one or more lines are too long

2
part1/run.w_corpus.sh
View file

@ -11,4 +11,4 @@ python3 infra/helper.py build_fuzzers --clean libpng
mkdir -p build/out/corpus
python3 infra/helper.py run_fuzzer libpng libpng_read_fuzzer --corpus-dir build/out/corpus
python3 infra/helper.py build_fuzzers --sanitizer coverage libpng
python3 infra/helper.py coverage libpng --corpus-dir build/out/corpus --fuzz-target libpng_read_fuzzer
python3 infra/helper.py coverage libpng --corpus-dir build/out/corpus --fuzz-target libpng_read_fuzzer --no-serve

2
part1/run.w_o_corpus.sh
View file

@ -12,4 +12,4 @@ python3 infra/helper.py build_fuzzers --clean libpng
mkdir -p build/out/corpus
python3 infra/helper.py run_fuzzer libpng libpng_read_fuzzer --corpus-dir build/out/corpus
python3 infra/helper.py build_fuzzers --sanitizer coverage libpng
python3 infra/helper.py coverage libpng --corpus-dir build/out/corpus --fuzz-target libpng_read_fuzzer
python3 infra/helper.py coverage libpng --corpus-dir build/out/corpus --fuzz-target libpng_read_fuzzer --no-serve

26
part3/improve1/oss-fuzz.diff Normal file
View file

@ -0,0 +1,26 @@
diff --git a/infra/helper.py b/infra/helper.py
index edf073458..a595dbfbb 100755
--- a/infra/helper.py
+++ b/infra/helper.py
@@ -1448,6 +1448,8 @@ def run_fuzzer(args):
'%s:/out' % args.project.out,
'-t',
BASE_RUNNER_IMAGE,
+ 'timeout',
+ '14400',
'run_fuzzer',
args.fuzzer_name,
] + args.fuzzer_args)
diff --git a/projects/libpng/Dockerfile b/projects/libpng/Dockerfile
index 6f281cd55..3017d4404 100644
--- a/projects/libpng/Dockerfile
+++ b/projects/libpng/Dockerfile
@@ -19,6 +19,7 @@ RUN apt-get update && \
apt-get install -y make autoconf automake libtool zlib1g-dev
RUN git clone --depth 1 https://github.com/madler/zlib.git
-RUN git clone --depth 1 https://github.com/pnggroup/libpng.git
+RUN git clone --depth 1 --branch BRANCH_TO_CHECKOUT https://github.com/SekoiaTree/libpng.git
+#FUZZ_SEED_DISABLE RUN sed -i 's/libpng_read_fuzzer_seed_corpus\.zip/libpng_read_fuzzer_seed_corpus.zip.disabled/g' $SRC/build.sh
RUN cp libpng/contrib/oss-fuzz/build.sh $SRC
WORKDIR libpng

21
part3/improve1/project.diff Normal file
View file

@ -0,0 +1,21 @@
diff --git a/contrib/oss-fuzz/libpng_read_fuzzer.cc b/contrib/oss-fuzz/libpng_read_fuzzer.cc
index 96ed42c8c..bfb5d9d3d 100644
--- a/contrib/oss-fuzz/libpng_read_fuzzer.cc
+++ b/contrib/oss-fuzz/libpng_read_fuzzer.cc
@@ -216,15 +216,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
image.format = PNG_FORMAT_RGBA;
std::vector<png_byte> buffer(PNG_IMAGE_SIZE(image));
-
- // Background color (white):
- png_color background = {255, 255, 255};
-
- // Colormap (empty, but needs to have enough space for 256 entries (each of 4 uint16_t)):
- // Allocated in the stack, so no need to free it.
- png_uint_16 colormap[256*4] = {};
-
- png_image_finish_read(&image, &background, buffer.data(), 0, colormap);
+ png_image_finish_read(&image, NULL, buffer.data(), 0, NULL);
#endif
return 0;

2
part3/improve1/run.improve1.sh
View file

@ -11,4 +11,4 @@ python3 infra/helper.py build_fuzzers --clean libpng
mkdir -p build/out/corpus
python3 infra/helper.py run_fuzzer libpng libpng_read_fuzzer --corpus-dir build/out/corpus
python3 infra/helper.py build_fuzzers --sanitizer coverage libpng
python3 infra/helper.py coverage libpng --corpus-dir build/out/corpus --fuzz-target libpng_read_fuzzer
python3 infra/helper.py coverage libpng --corpus-dir build/out/corpus --fuzz-target libpng_read_fuzzer --no-serve