HGKeeper

pidgin/pidgin

Add fuzzing support for some libpurple features
release-2.x.y
2021-06-24, Jordy Zomer <>

97c51d97d375

Parents 2ed8b00673a0
Children aabad5c7d76c

Add fuzzing support for some libpurple features

Testing Done:
Hi!

I built and tested all of these fuzzers for libpurple.

You can build them by first building pidgin/libpurple with `--enable-fuzzing` then going into `libpurple/tests` and run `make check`. After that you can run these fuzzers. With a dictionary if you want :)

for example:
```bash
$ ./fuzz_markup_strip_html -dict=dictionaries/html.dict
Dictionary: 465 entries
INFO: Seed: 2274862685
INFO: Loaded 1 modules (3 inline 8-bit counters): 3 [0x5a4ec0, 0x5a4ec3),
INFO: Loaded 1 PC tables (3 PCs): 3 [0x568ee8,0x568f18),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
#2 INITED cov: 2 ft: 2 corp: 1/1b exec/s: 0 rss: 30Mb
#1048576 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 524288 rss: 789Mb
#2097152 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 524288 rss: 792Mb
```

Best Regards,

Jordy Zomer

Reviewed at https://reviews.imfreedom.org/r/760/

11 files changed, 1038 insertions(+), 0 deletions(-)

+108 -0

FUZZING

+12 -0

configure.ac

+40 -0

libpurple/tests/Makefile.am

+478 -0

libpurple/tests/dictionaries/html.dict

+82 -0

libpurple/tests/dictionaries/xml.dict

+49 -0

libpurple/tests/fuzz_html_to_xhtml.c

+59 -0

libpurple/tests/fuzz_jabber_caps.c

+48 -0

libpurple/tests/fuzz_jabber_id_new.c

+47 -0

libpurple/tests/fuzz_markup_strip_html.c

+46 -0

libpurple/tests/fuzz_mime.c

+69 -0

libpurple/tests/fuzz_xmlnode.c

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/FUZZING Thu Jun 24 21:44:39 2021 -0500

@@ -0,0 +1,108 @@

+# Introduction and setup

+Pidgin has fuzzing support for libpurple. Libfuzzer (https://llvm.org/docs/LibFuzzer.html) is used for this.

+There are currently a few fuzzers mentioned in libpurple/tests/fuzz *.c. You can build the fuzzers by following the usual build process and adding `--enable-fuzzing` to `./configure`, for this you'll need to set CC to `clang`, once you've done this you can go to `libpurple/tests` and run `make check` this will build the fuzzers for you.

+Example:

+```bash

+$ CC=clang ./configure --enable-fuzzing --disable-cyrus-sasl --disable-gtkui --disable-gstreamer --disable-vv --disable-idn --disable-meanwhile --disable-avahi --disable-libgadu --disable-dbus --disable-libsecret --disable-gnome-keyring --disable-kwallet --disable-plugin

+# This will configure build system

+# The next step would be actually building pidgin and it's libraries.

+# -j $(nproc) is optional, this build it with all available cores

+$ make -j $(nproc)

+# Now pidgin is actually built, we can build the fuzzers

+$ cd libpurple/tests

+$ make check

+# Now the fuzzers should be built and can be run

+# The -dict= paramater can be used to define a dictionary to be used by fuzzing

+# For fuzzing common formats like xml you could for example use the xml dict, this is optional

+$ ./fuzz_xmlnode -dict=dictionaries/xml.dict

+```

+# Useful options

+Because Libfuzzer is a sophisticated program, here are some handy options:

+```

+help -> Print help.

+jobs -> Number of jobs to run. If jobs >= 1 we spawn this number of jobs in separate worker processes with stdout/stderr redirected to fuzz-JOB.log.

+workers -> Number of simultaneous worker processes to run the jobs. If zero, "min(jobs,NumberOfCpuCores()/2)" is used.

+max_len -> Maximum length of the test input. If 0, libFuzzer tries to guess a good value based on the corpus and reports it.

+```

+You can also show the help with:

+`./fuzz_html_to_xhtml -help=1`

+This will show you all the options you can give to your fuzzer.

+In addition, if you're new to fuzzing with libfuzzer, https://github.com/google/fuzzing/blob/master/tutorial/libFuzzerTutorial.md is a fantastic place to start.

+# Adding more fuzzers

+Of course, having more fuzzers and covering more areas of the code used in libpurple is always a good thing. It's simple to incorporate a fuzzer into the current build system!

+If you open the `Makefile.am` file in `libpurple/tests` you'll see a `fuzz_programs` variable, you have to add the name to your new fuzzing harness in there.

+Example:

+```

+fuzz_programs=\

+ fuzz_html_to_xhtml \

+ fuzz_jabber_caps \

+ fuzz_jabber_id_new \

+ fuzz_markup_strip_html \

+ fuzz_mime \

+ fuzz_xmlnode \

+ fuzz_newfuzzer # This is the newly added fuzzer

+```

+We'll also need to define the sources, which we can do by copying and changing the lines from an existing fuzzer.

+For example we have a `fuzz_xmlnode.c` fuzzer, these are the lines that define the sources and the flags:

+```

+fuzz_xmlnode_SOURCES=fuzz_xmlnode.c

+fuzz_xmlnode_LDADD=$(check_libpurple_LDADD)

+fuzz_xmlnode_CFLAGS=-fsanitize=fuzzer,address $(check_libpurple_CFLAGS)

+```

+We'll need to change the names of these to match the name of our new fuzzer and add any necessary flags:

+```

+fuzz_new_SOURCES=fuzz_new.c

+fuzz_new_LDADD=$(check_libpurple_LDADD)

+fuzz_new_CFLAGS=-fsanitize=fuzzer,address $(check_libpurple_CFLAGS)

+```

+Now you must include your harness in `fuzz_new.c`, an example of a new harness could be as follows:

+```C

+#include <glib.h>

+#include <stdlib.h>

+#include <stdint.h>

+#include <stdio.h>

+#include <string.h>

+#include <purple.h>

+#include "../util.h"

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

+ char *malicious_input = g_new0(char, size + 1);

+ memcpy(malicious_input, data, size);

+ malicious_input[size] = '\0';

+ function_you_want_to_fuzz(malicious_input);

+ g_free(malicious_input);

+ return 0;

+```

+Make sure to include the relevant includes, and then run `./configure` again in the repository's root directory, after that run `make check` in `libpurple/tests` to create your new fuzzer. Then, by executing this binary, you can run it.

~~--- a/configure.ac Tue Jun 22 19:50:58 2021 -0500~~

+++ b/configure.ac Thu Jun 24 21:44:39 2021 -0500

@@ -2532,6 +2532,18 @@

AM_CONDITIONAL(HAVE_DOXYGEN, test "x$enable_doxygen" = "xyes")

AM_CONDITIONAL(HAVE_XSLTPROC, test "x$enable_devhelp" = "xyes")

+AC_ARG_ENABLE([fuzzing], [--enable-fuzzing Turn on fuzzing],

+ [case "${enableval}" in yes) fuzzing=true ;; no) fuzzing=false ;; *) AC_MSG_ERROR([bad value ${enableval} for --enable-fuzzing]) ;; esac],[fuzzing=false])

+AM_CONDITIONAL([FUZZ], [test x$fuzzing = xtrue])

+if test "x$enable_fuzzing" = "xyes" ; then

+ if ! test "x$CC" = "xclang" ; then

+ AC_MSG_ERROR(["You need to set CC=clang to use --enable-fuzzing, used $CC"])

+ fi

+fi

AC_ARG_ENABLE(debug, [AC_HELP_STRING([--enable-debug],

[compile with debugging support])], , enable_debug=no)

~~--- a/libpurple/tests/Makefile.am Tue Jun 22 19:50:58 2021 -0500~~

+++ b/libpurple/tests/Makefile.am Thu Jun 24 21:44:39 2021 -0500

@@ -4,8 +4,21 @@

clean-local:

-rm -rf libpurple..

check_PROGRAMS=check_libpurple

+if FUZZ

+fuzz_programs=\

+ fuzz_html_to_xhtml \

+ fuzz_jabber_caps \

+ fuzz_jabber_id_new \

+ fuzz_markup_strip_html \

+ fuzz_mime \

+ fuzz_xmlnode

+check_PROGRAMS+=$(fuzz_programs)

+endif

check_libpurple_SOURCES=\

check_libpurple.c \

tests.h \

@@ -33,4 +46,31 @@

@CHECK_LIBS@ \

$(GLIB_LIBS)

+if FUZZ

+fuzz_xmlnode_SOURCES=fuzz_xmlnode.c

+fuzz_xmlnode_LDADD=$(check_libpurple_LDADD)

+fuzz_xmlnode_CFLAGS=-fsanitize=fuzzer,address $(check_libpurple_CFLAGS)

+fuzz_jabber_id_new_SOURCES=fuzz_jabber_id_new.c

+fuzz_jabber_id_new_LDADD=$(check_libpurple_LDADD)

+fuzz_jabber_id_new_CFLAGS=-fsanitize=fuzzer,address $(check_libpurple_CFLAGS)

+fuzz_jabber_caps_SOURCES=fuzz_jabber_caps.c

+fuzz_jabber_caps_LDADD=$(check_libpurple_LDADD)

+fuzz_jabber_caps_CFLAGS=-fsanitize=fuzzer,address $(check_libpurple_CFLAGS)

+fuzz_mime_SOURCES=fuzz_mime.c

+fuzz_mime_LDADD=$(check_libpurple_LDADD)

+fuzz_mime_CFLAGS=-fsanitize=fuzzer,address $(check_libpurple_CFLAGS)

+fuzz_html_to_xhtml_SOURCES=fuzz_html_to_xhtml.c

+fuzz_html_to_xhtml_LDADD=$(check_libpurple_LDADD)

+fuzz_html_to_xhtml_CFLAGS=-fsanitize=fuzzer,address $(check_libpurple_CFLAGS)

+fuzz_markup_strip_html_SOURCES=fuzz_markup_strip_html.c

+fuzz_markup_strip_html_LDADD=$(check_libpurple_LDADD)

+fuzz_markup_strip_html_CFLAGS=-fsanitize=fuzzer,address $(check_libpurple_CFLAGS)

endif

+endif

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/libpurple/tests/dictionaries/html.dict Thu Jun 24 21:44:39 2021 -0500

@@ -0,0 +1,478 @@

+# AFL dictionary for HTML parsers

+# -------------------------------

+# A basic collection of HTML string likely to matter to HTML parsers.

+# Created by Michal Zalewski <lcamtuf@google.com>

+tag_a="<a>"

+tag_abbr="<abbr>"

+tag_acronym="<acronym>"

+tag_address="<address>"

+tag_annotation_xml="<annotation-xml>"

+tag_applet="<applet>"

+tag_area="<area>"

+tag_article="<article>"

+tag_aside="<aside>"

+tag_audio="<audio>"

+tag_b="<b>"

+tag_base="<base>"

+tag_basefont="<basefont>"

+tag_bdi="<bdi>"

+tag_bdo="<bdo>"

+tag_bgsound="<bgsound>"

+tag_big="<big>"

+tag_blink="<blink>"

+tag_blockquote="<blockquote>"

+tag_body="<body>"

+tag_br="<br>"

+tag_button="<button>"

+tag_canvas="<canvas>"

+tag_caption="<caption>"

+tag_center="<center>"

+tag_cite="<cite>"

+tag_code="<code>"

+tag_col="<col>"

+tag_colgroup="<colgroup>"

+tag_data="<data>"

+tag_datalist="<datalist>"

+tag_dd="<dd>"

+tag_del="<del>"

+tag_desc="<desc>"

+tag_details="<details>"

+tag_dfn="<dfn>"

+tag_dir="<dir>"

+tag_div="<div>"

+tag_dl="<dl>"

+tag_dt="<dt>"

+tag_em="<em>"

+tag_embed="<embed>"

+tag_fieldset="<fieldset>"

+tag_figcaption="<figcaption>"

+tag_figure="<figure>"

+tag_font="<font>"

+tag_footer="<footer>"

+tag_foreignobject="<foreignobject>"

+tag_form="<form>"

+tag_frame="<frame>"

+tag_frameset="<frameset>"

+tag_h1="<h1>"

+tag_h2="<h2>"

+tag_h3="<h3>"

+tag_h4="<h4>"

+tag_h5="<h5>"

+tag_h6="<h6>"

+tag_head="<head>"

+tag_header="<header>"

+tag_hgroup="<hgroup>"

+tag_hr="<hr>"

+tag_html="<html>"

+tag_i="<i>"

+tag_iframe="<iframe>"

+tag_image="<image>"

+tag_img="<img>"

+tag_input="<input>"

+tag_ins="<ins>"

+tag_isindex="<isindex>"

+tag_kbd="<kbd>"

+tag_keygen="<keygen>"

+tag_label="<label>"

+tag_legend="<legend>"

+tag_li="<li>"

+tag_link="<link>"

+tag_listing="<listing>"

+tag_main="<main>"

+tag_malignmark="<malignmark>"

+tag_map="<map>"

+tag_mark="<mark>"

+tag_marquee="<marquee>"

+tag_math="<math>"

+tag_menu="<menu>"

+tag_menuitem="<menuitem>"

+tag_meta="<meta>"

+tag_meter="<meter>"

+tag_mglyph="<mglyph>"

+tag_mi="<mi>"

+tag_mn="<mn>"

+tag_mo="<mo>"

+tag_ms="<ms>"

+tag_mtext="<mtext>"

+tag_multicol="<multicol>"

+tag_nav="<nav>"

+tag_nextid="<nextid>"

+tag_nobr="<nobr>"

+tag_noembed="<noembed>"

+tag_noframes="<noframes>"

+tag_noscript="<noscript>"

+tag_object="<object>"

+tag_ol="<ol>"

+tag_optgroup="<optgroup>"

+tag_option="<option>"

+tag_output="<output>"

+tag_p="<p>"

+tag_param="<param>"

+tag_plaintext="<plaintext>"

+tag_pre="<pre>"

+tag_progress="<progress>"

+tag_q="<q>"

+tag_rb="<rb>"

+tag_rp="<rp>"

+tag_rt="<rt>"

+tag_rtc="<rtc>"

+tag_ruby="<ruby>"

+tag_s="<s>"

+tag_samp="<samp>"

+tag_script="<script>"

+tag_section="<section>"

+tag_select="<select>"

+tag_small="<small>"

+tag_source="<source>"

+tag_spacer="<spacer>"

+tag_span="<span>"

+tag_strike="<strike>"

+tag_strong="<strong>"

+tag_style="<style>"

+tag_sub="<sub>"

+tag_summary="<summary>"

+tag_sup="<sup>"

+tag_svg="<svg>"

+tag_table="<table>"

+tag_tbody="<tbody>"

+tag_td="<td>"

+tag_template="<template>"

+tag_textarea="<textarea>"

+tag_tfoot="<tfoot>"

+tag_th="<th>"

+tag_thead="<thead>"

+tag_time="<time>"

+tag_title="<title>"

+tag_tr="<tr>"

+tag_track="<track>"

+tag_tt="<tt>"

+tag_u="<u>"

+tag_ul="<ul>"

+tag_var="<var>"

+tag_video="<video>"

+tag_wbr="<wbr>"

+tag_xmp="<xmp>"

+# attributes

+"accept"

+"accept-charset"

+"accesskey"

+"action"

+"align"

+"allow"

+"alt"

+"async"

+"autocapitalize"

+"autocomplete"

+"autofocus"

+"autoplay"

+"background"

+"bgcolor"

+"border"

+"capture"

+"challenge"

+"charset"

+"checked"

+"cite"

+"class"

+"code"

+"codebase"

+"color"

+"cols"

+"colspan"

+"content"

+"contenteditable"

+"contextmenu"

+"controls"

+"coords"

+"crossorigin"

+"csp"

+"data"

+"data-"

+"datetime"

+"decoding"

+"default"

+"defer"

+"dir"

+"dirname"

+"disabled"

+"download"

+"draggable"

+"dropzone"

+"enctype"

+"enterkeyhint"

+"for"

+"form"

+"formaction"

+"formenctype"

+"formmethod"

+"formnovalidate"

+"formtarget"

+"headers"

+"height"

+"hidden"

+"high"

+"href"

+"hreflang"

+"http-equiv"

+"icon"

+"id"

+"importance"

+"integrity"

+"inputmode"

+"ismap"

+"itemprop"

+"keytype"

+"kind"

+"label"

+"lang"

+"language"

+"loading"

+"list"

+"loop"

+"low"

+"manifest"

+"max"

+"maxlength"

+"minlength"

+"media"

+"method"

+"min"

+"multiple"

+"muted"

+"name"

+"novalidate"

+"onabort"

+"onactivate"

+"onafterprint"

+"onafterupdate"

+"onanimationend"

+"onanimationiteration"

+"onanimationstart"

+"onautocomplete"

+"onautocompleteerror"

+"onbeforeactivate"

+"onbeforecopy"

+"onbeforecut"

+"onbeforedeactivate"

+"onbeforeeditfocus"

+"onbeforepaste"

+"onbeforeprint"

+"onbeforeunload"

+"onbeforeupdate"

+"onbegin"

+"onblur"

+"onbounce"

+"oncancel"

+"oncanplay"

+"oncanplaythrough"

+"oncellchange"

+"onchange"

+"onclick"

+"onclose"

+"oncompassneedscalibration"

+"oncontextmenu"

+"oncontrolselect"

+"oncopy"

+"oncuechange"

+"oncut"

+"ondataavailable"

+"ondatasetchanged"

+"ondatasetcomplete"

+"ondblclick"

+"ondeactivate"

+"ondevicelight"

+"ondevicemotion"

+"ondeviceorientation"

+"ondeviceproximity"

+"ondrag"

+"ondragdrop"

+"ondragend"

+"ondragenter"

+"ondragexit"

+"ondragleave"

+"ondragover"

+"ondragstart"

+"ondrop"

+"ondurationchange"

+"onemptied"

+"onend"

+"onended"

+"onerror"

+"onerrorupdate"

+"onexit"

+"onfilterchange"

+"onfinish"

+"onfocus"

+"onfocusin"

+"onfocusout"

+"onformchange "

+"onforminput "

+"ongesturechange"

+"ongestureend"

+"ongesturestart"

+"onhashchange"

+"onhelp"

+"oninput"

+"oninvalid"

+"onkeydown"

+"onkeypress"

+"onkeyup"

+"onlanguagechange"

+"onlayoutcomplete"

+"onload"

+"onloadeddata"

+"onloadedmetadata"

+"onloadstart"

+"onlosecapture"

+"onmediacomplete"

+"onmediaerror"

+"onmessage"

+"onmousedown"

+"onmouseenter"

+"onmouseleave"

+"onmousemove"

+"onmouseout"

+"onmouseover"

+"onmouseup"

+"onmousewheel"

+"onmove"

+"onmoveend"

+"onmovestart"

+"onmozfullscreenchange"

+"onmozfullscreenerror"

+"onmozpointerlockchange"

+"onmozpointerlockerror"

+"onmsgesturechange"

+"onmsgesturedoubletap"

+"onmsgesturehold"

+"onmsgesturerestart"

+"onmsinertiastart"

+"onmspointercancel"

+"onmspointerdown"

+"onmspointerenter"

+"onmspointerhover"

+"onmspointerleave"

+"onmspointermove"

+"onmspointerout"

+"onmspointerover"

+"onmspointerup"

+"onoffline"

+"ononline"

+"onorientationchange"

+"onoutofsync"

+"onpagehide"

+"onpageshow"

+"onpaste"

+"onpause"

+"onplay"

+"onplaying"

+"onpopstate"

+"onprogress"

+"onpropertychange"

+"onratechange"

+"onreadystatechange"

+"onreceived"

+"onrepeat"

+"onreset"

+"onresize"

+"onresizeend"

+"onresizestart"

+"onresume"

+"onreverse"

+"onrowdelete"

+"onrowenter"

+"onrowexit"

+"onrowinserted"

+"onrowsdelete"

+"onrowsinserted"

+"onscroll"

+"onsearch"

+"onseek"

+"onseeked"

+"onseeking"

+"onselect"

+"onselectionchange"

+"onselectstart"

+"onshow"

+"onstalled"

+"onstart"

+"onstop"

+"onstorage"

+"onsubmit"

+"onsuspend"

+"onsynchrestored"

+"ontimeerror"

+"ontimeupdate"

+"ontoggle"

+"ontouchcancel"

+"ontouchend"

+"ontouchmove"

+"ontouchstart"

+"ontrackchange"

+"ontransitionend"

+"onunload"

+"onurlflip"

+"onuserproximity"

+"onvolumechange"

+"onwaiting"

+"onwebkitanimationend"

+"onwebkitanimationiteration"

+"onwebkitanimationstart"

+"onwebkitmouseforcechanged"

+"onwebkitmouseforcedown"

+"onwebkitmouseforceup"

+"onwebkitmouseforcewillbegin"

+"onwebkittransitionend"

+"onwebkitwillrevealbottom"

+"onwheel"

+"onzoom"

+"open"

+"optimum"

+"pattern"

+"ping"

+"placeholder"

+"poster"

+"preload"

+"radiogroup"

+"readonly"

+"referrerpolicy"

+"rel"

+"required"

+"reversed"

+"rows"

+"rowspan"

+"sandbox"

+"scope"

+"scoped"

+"selected"

+"shape"

+"size"

+"sizes"

+"slot"

+"span"

+"spellcheck"

+"src"

+"srcdoc"

+"srclang"

+"srcset"

+"start"

+"step"

+"style"

+"summary"

+"tabindex"

+"target"

+"title"

+"translate"

+"type"

+"usemap"

+"value"

+"width"

+"wrap"

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/libpurple/tests/dictionaries/xml.dict Thu Jun 24 21:44:39 2021 -0500

@@ -0,0 +1,82 @@

+# AFL dictionary for XML

+# ----------------------

+# Several basic syntax elements and attributes, modeled on libxml2.

+# Created by Michal Zalewski <lcamtuf@google.com>

+attr_encoding=" encoding=\"1\""

+attr_generic=" a=\"1\""

+attr_href=" href=\"1\""

+attr_standalone=" standalone=\"no\""

+attr_version=" version=\"1\""

+attr_xml_base=" xml:base=\"1\""

+attr_xml_id=" xml:id=\"1\""

+attr_xml_lang=" xml:lang=\"1\""

+attr_xml_space=" xml:space=\"1\""

+attr_xmlns=" xmlns=\"1\""

+entity_builtin="<"

+entity_decimal=""

+entity_external="&a;"

+entity_hex=""

+string_any="ANY"

+string_brackets="[]"

+string_cdata="CDATA"

+string_col_fallback=":fallback"

+string_col_generic=":a"

+string_col_include=":include"

+string_dashes="--"

+string_empty="EMPTY"

+string_empty_dblquotes="\"\""

+string_empty_quotes="''"

+string_entities="ENTITIES"

+string_entity="ENTITY"

+string_fixed="#FIXED"

+string_id="ID"

+string_idref="IDREF"

+string_idrefs="IDREFS"

+string_implied="#IMPLIED"

+string_nmtoken="NMTOKEN"

+string_nmtokens="NMTOKENS"

+string_notation="NOTATION"

+string_parentheses="()"

+string_pcdata="#PCDATA"

+string_percent="%a"

+string_public="PUBLIC"

+string_required="#REQUIRED"

+string_schema=":schema"

+string_system="SYSTEM"

+string_ucs4="UCS-4"

+string_utf16="UTF-16"

+string_utf8="UTF-8"

+string_xmlns="xmlns:"

+tag_attlist="<!ATTLIST"

+tag_cdata="<![CDATA["

+tag_close="</a>"

+tag_doctype="<!DOCTYPE"

+tag_element="<!ELEMENT"

+tag_entity="<!ENTITY"

+tag_ignore="<![IGNORE["

+tag_include="<![INCLUDE["

+tag_notation="<!NOTATION"

+tag_open="<a>"

+tag_open_close="<a />"

+tag_open_exclamation="<!"

+tag_open_q="<?"

+tag_sq2_close="]]>"

+tag_xml_q="<?xml?>"

+encoding_utf="UTF-"

+encoding_iso1="ISO-8859"

+encoding_iso3="ISO-10646-UCS"

+encoding_iso5="ISO-LATIN-1"

+encoding_jis="SHIFT_JIS"

+encoding_utf7="UTF-7"

+encoding_utf16le="UTF-16BE"

+encoding_utf16le="UTF-16LE"

+encoding_ascii="US-ASCII"

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/libpurple/tests/fuzz_html_to_xhtml.c Thu Jun 24 21:44:39 2021 -0500

@@ -0,0 +1,49 @@

+/* purple

+ *

+ * Purple is the legal property of its developers, whose names are too numerous

+ * to list here. Please refer to the COPYRIGHT file distributed with this

+ * source distribution.

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ *

+ * This program is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+ * GNU General Public License for more details.

+ *

+ * You should have received a copy of the GNU General Public License

+ * along with this program; if not, write to the Free Software

+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA

+ */

+#include <glib.h>

+#include <stdlib.h>

+#include <stdint.h>

+#include <stdio.h>

+#include <string.h>

+#include <purple.h>

+#include "../util.h"

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

+ char *malicious_html = g_new0(char, size + 1);

+ memcpy(malicious_html, data, size);

+ malicious_html[size] = '\0';

+ gchar *xhtml = NULL, *plaintext = NULL;

+ purple_markup_html_to_xhtml(malicious_html, &xhtml, &plaintext);

+ g_free(xhtml);

+ g_free(plaintext);

+ g_free(malicious_html);

+ return 0;

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/libpurple/tests/fuzz_jabber_caps.c Thu Jun 24 21:44:39 2021 -0500

@@ -0,0 +1,59 @@

+/* purple

+ *

+ * Purple is the legal property of its developers, whose names are too numerous

+ * to list here. Please refer to the COPYRIGHT file distributed with this

+ * source distribution.

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ *

+ * This program is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+ * GNU General Public License for more details.

+ *

+ * You should have received a copy of the GNU General Public License

+ * along with this program; if not, write to the Free Software

+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA

+ */

+#include <stdlib.h>

+#include <stdint.h>

+#include <stdio.h>

+#include <string.h>

+#include <glib.h>

+#include "../xmlnode.h"

+#include "../protocols/jabber/caps.h"

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

+ char *malicious_xml = g_new0(char, size + 1);

+ xmlnode *query;

+ memcpy(malicious_xml, data, size);

+ malicious_xml[size] = '\0';

+ if (*malicious_xml == '\0') {

+ g_free(malicious_xml);

+ return 0;

+ }

+ query = xmlnode_new(malicious_xml);

+ if (query == NULL) {

+ g_free(malicious_xml);

+ return 0;

+ }

+ jabber_caps_parse_client_info(query);

+ xmlnode_free(query);

+ g_free(malicious_xml);

+ return 0;

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/libpurple/tests/fuzz_jabber_id_new.c Thu Jun 24 21:44:39 2021 -0500

@@ -0,0 +1,48 @@

+/* purple

+ *

+ * Purple is the legal property of its developers, whose names are too numerous

+ * to list here. Please refer to the COPYRIGHT file distributed with this

+ * source distribution.

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ *

+ * This program is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+ * GNU General Public License for more details.

+ *

+ * You should have received a copy of the GNU General Public License

+ * along with this program; if not, write to the Free Software

+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA

+ */

+#include <stdlib.h>

+#include <stdint.h>

+#include <stdio.h>

+#include <string.h>

+#include <glib.h>

+#include "../account.h"

+#include "../conversation.h"

+#include "../xmlnode.h"

+#include "../protocols/jabber/jutil.h"

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

+ char *malicious_jid = g_new0(char, size + 1);

+ memcpy(malicious_jid, data, size);

+ malicious_jid[size] = '\0';

+ JabberID *jid = jabber_id_new(malicious_jid);

+ jabber_id_free(jid);

+ g_free(malicious_jid);

+ return 0;

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/libpurple/tests/fuzz_markup_strip_html.c Thu Jun 24 21:44:39 2021 -0500

@@ -0,0 +1,47 @@

+/* purple

+ *

+ * Purple is the legal property of its developers, whose names are too numerous

+ * to list here. Please refer to the COPYRIGHT file distributed with this

+ * source distribution.

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ *

+ * This program is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+ * GNU General Public License for more details.

+ *

+ * You should have received a copy of the GNU General Public License

+ * along with this program; if not, write to the Free Software

+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA

+ */

+#include <glib.h>

+#include <stdlib.h>

+#include <stdint.h>

+#include <stdio.h>

+#include <string.h>

+#include <purple.h>

+#include "../util.h"

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

+ char *malicious_html = g_new0(char, size + 1);

+ char *stripped;

+ memcpy(malicious_html, data, size);

+ malicious_html[size] = '\0';

+ stripped = purple_markup_strip_html(malicious_html);

+ g_free(stripped);

+ g_free(malicious_html);

+ return 0;

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/libpurple/tests/fuzz_mime.c Thu Jun 24 21:44:39 2021 -0500

@@ -0,0 +1,46 @@

+/* purple

+ *

+ * Purple is the legal property of its developers, whose names are too numerous

+ * to list here. Please refer to the COPYRIGHT file distributed with this

+ * source distribution.

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ *

+ * This program is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+ * GNU General Public License for more details.

+ *

+ * You should have received a copy of the GNU General Public License

+ * along with this program; if not, write to the Free Software

+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA

+ */

+#include <glib.h>

+#include <stdlib.h>

+#include <stdint.h>

+#include <stdio.h>

+#include <string.h>

+#include <purple.h>

+#include "../util.h"

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

+ char *malicious_mime = g_new0(char, size + 1);

+ memcpy(malicious_mime, data, size);

+ malicious_mime[size] = '\0';

+ gchar *result = purple_mime_decode_field(malicious_mime);

+ g_free(result);

+ g_free(malicious_mime);

+ return 0;

~~--- /dev/null Thu Jan 01 00:00:00 1970 +0000~~

+++ b/libpurple/tests/fuzz_xmlnode.c Thu Jun 24 21:44:39 2021 -0500

@@ -0,0 +1,69 @@

+/* purple

+ *

+ * Purple is the legal property of its developers, whose names are too numerous

+ * to list here. Please refer to the COPYRIGHT file distributed with this

+ * source distribution.

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License as published by

+ * the Free Software Foundation; either version 2 of the License, or

+ * (at your option) any later version.

+ *

+ * This program is distributed in the hope that it will be useful,

+ * but WITHOUT ANY WARRANTY; without even the implied warranty of

+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

+ * GNU General Public License for more details.

+ *

+ * You should have received a copy of the GNU General Public License

+ * along with this program; if not, write to the Free Software

+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA

+ */

+#include <stdlib.h>

+#include <stdint.h>

+#include <stdio.h>

+#include <string.h>

+#include <glib.h>

+#include "../xmlnode.h"

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

+ char *malicious_xml = g_new0(char, size + 1);

+ char *str;

+ xmlnode *xml;

+ memcpy(malicious_xml, data, size);

+ malicious_xml[size] = '\0';

+ xml = xmlnode_from_str(malicious_xml, -1);

+ if (xml == NULL) {

+ g_free(malicious_xml);

+ return 0;

+ }

+ str = xmlnode_to_str(xml, NULL);

+ if (str == NULL) {

+ xmlnode_free(xml);

+ free(malicious_xml);

+ return 0;

+ }

+ if (strcmp(malicious_xml, str) != 0) {

+ g_free(str);

+ xmlnode_free(xml);

+ free(malicious_xml);

+ __builtin_trap();

+ }

+ g_free(str);

+ xmlnode_free(xml);

+ g_free(malicious_xml);

+ return 0;