Merge pull request #610 from josephbisch/fe-fuzz

Add frontend for fuzzing

6 files changed, 273 insertions, 1 deletions

diff --git a/.gitignore b/.gitignore
index 945b6cf6..9af0c4b1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -32,6 +32,7 @@ docs/help/[a-z]*
 docs/help/in/Makefile.am
 
 src/fe-text/irssi
+src/fe-fuzz/irssi-fuzz
 
 src/fe-common/irc/irc-modules.c
 src/irc/irc.c
@@ -46,6 +47,9 @@ src/perl/ui/*.c
 src/perl/*/MYMETA.*
 src/perl/*/Makefile.old
 
+src/fe-fuzz/crash-*
+src/fe-fuzz/oom-*
+
 *.a
 *.bs
 *.la
diff --git a/configure.ac b/configure.ac
index 15ae74b1..8d1ba706 100644
--- a/configure.ac
+++ b/configure.ac
@@ -52,6 +52,19 @@ AC_ARG_WITH(bot,
 	fi,
 	want_irssibot=no)
 
+AC_ARG_WITH(fuzzer,
+[  --with-fuzzer           Build irssi-fuzzer],
+	if test x$withval = xno; then
+		want_irssifuzzer=no
+	else
+		want_irssifuzzer=yes
+	fi,
+	want_irssifuzzer=no)
+
+AC_ARG_WITH(fuzzer-lib,
+[  --with-fuzzer-lib       Specify path to fuzzer library],
+	fuzzerlibpath="$withval")
+
 AC_ARG_WITH(proxy,
 [  --with-proxy            Build irssi-proxy],
 	if test x$withval = xno; then
@@ -298,6 +311,30 @@ if test "x$want_textui" != "xno"; then
 fi
 
 dnl **
+dnl ** irssifuzzer checks
+dnl **
+
+if test "$want_irssifuzzer" != "no"; then
+	dnl * we need to build with -fsanitize-coverage=trace-pc-guard
+	dnl * otherwise fuzzer won't be very successful at finding bugs :)
+	if test -z "$SANFLAGS"; then
+		SANFLAGS="-g -fsanitize=address -fsanitize-coverage=trace-pc-guard"
+	fi
+	CFLAGS="$CFLAGS $SANFLAGS"
+	CXXFLAGS="$CXXFLAGS $SANFLAGS"
+
+	AC_MSG_CHECKING(for fuzzer library)
+
+	if test -z "$fuzzerlibpath"; then
+		AC_MSG_RESULT([not found, building without fuzzer front end])
+		want_irssifuzzer=no
+	else
+		FUZZER_LIBS="$fuzzerlibpath"
+		AC_SUBST(FUZZER_LIBS)
+	fi
+fi
+
+dnl **
 dnl ** perl checks
 dnl **
 
@@ -456,6 +493,7 @@ fi
 dnl ** check what we want to build
 AM_CONDITIONAL(BUILD_TEXTUI, test "$want_textui" = "yes")
 AM_CONDITIONAL(BUILD_IRSSIBOT, test "$want_irssibot" = "yes")
+AM_CONDITIONAL(BUILD_IRSSIFUZZER, test "$want_irssifuzzer" = "yes")
 AM_CONDITIONAL(BUILD_IRSSIPROXY, test "$want_irssiproxy" = "yes")
 AM_CONDITIONAL(HAVE_PERL, test "$want_perl" != "no")
 
@@ -572,6 +610,7 @@ src/fe-common/core/Makefile
 src/fe-common/irc/Makefile
 src/fe-common/irc/dcc/Makefile
 src/fe-common/irc/notifylist/Makefile
+src/fe-fuzz/Makefile
 src/fe-none/Makefile
 src/fe-text/Makefile
 src/lib-config/Makefile
diff --git a/src/Makefile.am b/src/Makefile.am
index 76a4af4f..a7fb2ee2 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -6,6 +6,10 @@ if BUILD_IRSSIBOT
 BOTUI=fe-none
 endif
 
+if BUILD_IRSSIFUZZER
+FUZZERUI=fe-fuzz
+endif
+
 if HAVE_PERL
 PERLDIR=perl
 endif
@@ -14,4 +18,4 @@ pkginc_srcdir=$(pkgincludedir)/src
 pkginc_src_HEADERS = \
 	common.h
 
-SUBDIRS = lib-config core irc fe-common $(PERLDIR) $(TEXTUI) $(BOTUI)
+SUBDIRS = lib-config core irc fe-common $(PERLDIR) $(TEXTUI) $(BOTUI) $(FUZZERUI)
diff --git a/src/fe-fuzz/Makefile.am b/src/fe-fuzz/Makefile.am
new file mode 100644
index 00000000..3a547c66
--- /dev/null
+++ b/src/fe-fuzz/Makefile.am
@@ -0,0 +1,25 @@
+bin_PROGRAMS = irssi-fuzz
+
+# Force link with clang++ for libfuzzer support
+CCLD=clang++ $(CXXFLAGS)
+
+AM_CPPFLAGS = \
+	-I$(top_srcdir)/src \
+	-I$(top_srcdir)/src/core/ \
+	-I$(top_srcdir)/src/irc/core/ \
+	-I$(top_srcdir)/src/fe-common/core/ \
+	$(GLIB_CFLAGS)
+
+irssi_fuzz_DEPENDENCIES = @COMMON_LIBS@
+
+irssi_fuzz_LDADD = \
+	@COMMON_LIBS@ \
+	@PROG_LIBS@ \
+	$(FUZZER_LIBS)
+
+irssi_fuzz_SOURCES = \
+        irssi.c \
+	$(top_srcdir)/src/fe-text/module-formats.c
+
+noinst_HEADERS = \
+	$(top_srcdir)/src/fe-text/module-formats.h
diff --git a/src/fe-fuzz/irssi.c b/src/fe-fuzz/irssi.c
new file mode 100644
index 00000000..77892aaf
--- /dev/null
+++ b/src/fe-fuzz/irssi.c
@@ -0,0 +1,57 @@
+/*
+ irssi.c : irssi
+
+    Copyright (C) 2017 Joseph Bisch
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#include "module.h"
+#include "modules-load.h"
+#include "levels.h"
+#include "../fe-text/module-formats.h" // need to explicitly grab from fe-text
+#include "themes.h"
+#include "core.h"
+#include "fe-common-core.h"
+#include "args.h"
+#include "printtext.h"
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+int LLVMFuzzerInitialize(int *argc, char ***argv) {
+	core_register_options();
+	fe_common_core_register_options();
+	/* no args */
+	args_execute(0, NULL);
+	core_preinit((*argv)[0]);
+	core_init();
+	fe_common_core_init();
+	theme_register(gui_text_formats);
+	module_register("core", "fe-fuzz");
+	printtext_string(NULL, NULL, MSGLEVEL_CLIENTCRAP, "init");
+	return 0;
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+	char *copy = (char *)malloc(sizeof(char)*(size+1));
+	memcpy(copy, data, size);
+	copy[size] = '\0';
+	printtext_string(NULL, NULL, MSGLEVEL_CLIENTCRAP, copy);
+	free(copy);
+	return 0;
+}
diff --git a/src/fe-fuzz/tokens.txt b/src/fe-fuzz/tokens.txt
new file mode 100644
index 00000000..e337b6e9
--- /dev/null
+++ b/src/fe-fuzz/tokens.txt
@@ -0,0 +1,143 @@
+"@%+"
+"*@*!*"
+"001"
+"002"
+"003"
+"004"
+"005"
+"221"
+"254"
+"271"
+"272"
+"281"
+"301"
+"302"
+"303"
+"305"
+"306"
+"311"
+"312"
+"313"
+"314"
+"315"
+"317"
+"318"
+"319"
+"324"
+"326"
+"327"
+"328"
+"329"
+"330"
+"332"
+"333"
+"338"
+"341"
+"344"
+"345"
+"346"
+"347"
+"348"
+"349"
+"352"
+"353"
+"364"
+"365"
+"366"
+"367"
+"368"
+"369"
+"372"
+"375"
+"376"
+"377"
+"378"
+"379"
+"381"
+"386"
+"387"
+"388"
+"389"
+"396"
+"401"
+"403"
+"404"
+"405"
+"407"
+"408"
+"410"
+"421"
+"422"
+"433"
+"436"
+"437"
+"438"
+"439"
+"442"
+"465"
+"470"
+"471"
+"472"
+"473"
+"474"
+"475"
+"476"
+"477"
+"478"
+"479"
+"482"
+"486"
+"489"
+"494"
+"506"
+"707"
+"716"
+"717"
+"728"
+"729"
+"902"
+"903"
+"904"
+"905"
+"906"
+"907"
+":a"
+"+a"
+"ACK"
+"authenticate"
+"away"
+"-b"
+"+b"
+"cap"
+"#chan"
+"connected"
+"empty"
+"error"
+"invite"
+"join"
+"kick"
+"kill"
+"LS"
+"mode"
+"multi-prefix"
+"NAK"
+"network"
+"nick"
+"nicklen"
+"notice"
+"-o"
+"+o"
+"part"
+"ping"
+"pong"
+"prefix"
+"privmsg"
+"quit"
+"sasl"
+"topic"
+"wallops"
+"watch"
+":\x01"
+":\x01ACTION"
+":\x01PING"
+":\x01VERSION"