From 7a3a36ce7ea2d6c83dc44cebda1dfa8cac05a917 Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Mon, 13 Jun 2022 10:16:29 +0200 Subject: [PATCH 1/9] add clusterfuzzlite support --- .clusterfuzzlite/Dockerfile | 5 ++++ .clusterfuzzlite/build.sh | 14 ++++++++++ .clusterfuzzlite/project.yaml | 1 + .github/workflows/cflite_batch.yml | 33 ++++++++++++++++++++++ .github/workflows/cflite_pr.yml | 45 ++++++++++++++++++++++++++++++ tests/CMakeLists.txt | 21 ++++++++++++-- 6 files changed, 117 insertions(+), 2 deletions(-) create mode 100644 .clusterfuzzlite/Dockerfile create mode 100755 .clusterfuzzlite/build.sh create mode 100644 .clusterfuzzlite/project.yaml create mode 100644 .github/workflows/cflite_batch.yml create mode 100644 .github/workflows/cflite_pr.yml diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile new file mode 100644 index 00000000..17628373 --- /dev/null +++ b/.clusterfuzzlite/Dockerfile @@ -0,0 +1,5 @@ +FROM gcr.io/oss-fuzz-base/base-builder:v1 +RUN apt-get update && apt-get install -y make libssl-dev libbsd-dev +COPY . $SRC/app-stellar +WORKDIR $SRC/app-stellar +COPY .clusterfuzzlite/build.sh $SRC/ diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh new file mode 100755 index 00000000..d2f91e0e --- /dev/null +++ b/.clusterfuzzlite/build.sh @@ -0,0 +1,14 @@ +#!/bin/bash -eu + +# build fuzzers + +pushd fuzz +./build.sh +#pwd +#ls +#ls ./cmake-build-fuzz +#ldd ./cmake-build-fuzz/fuzz_tx +#ls -lah /lib/x86_64-linux-gnu/libbsd.so.0 +mv ./cmake-build-fuzz/fuzz_tx $OUT/app-stellar-fuzz-tx +popd + diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml new file mode 100644 index 00000000..b4788012 --- /dev/null +++ b/.clusterfuzzlite/project.yaml @@ -0,0 +1 @@ +language: c++ diff --git a/.github/workflows/cflite_batch.yml b/.github/workflows/cflite_batch.yml new file mode 100644 index 00000000..af20b6d2 --- /dev/null +++ b/.github/workflows/cflite_batch.yml @@ -0,0 +1,33 @@ +name: ClusterFuzzLite batch fuzzing +on: + schedule: + - cron: '0 21 * * *' # Every day 21.00 +permissions: read-all +jobs: + BatchFuzzing: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + sanitizer: [address, undefined, memory] + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + with: + language: c++ + sanitizer: ${{ matrix.sanitizer }} + - name: Run Fuzzers (${{ matrix.sanitizer }}) + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 3600 # 1 hours + mode: 'batch' + sanitizer: ${{ matrix.sanitizer }} + # Optional but recommended: For storing certain artifacts from fuzzing. + # See later section on "Git repo for storage". + #storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/fuzzers-corpus.git + #storage-repo-branch: main # Optional. Defaults to "main" + #storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". + diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml new file mode 100644 index 00000000..03873f48 --- /dev/null +++ b/.github/workflows/cflite_pr.yml @@ -0,0 +1,45 @@ +name: ClusterFuzzLite PR fuzzing +on: + pull_request: + paths: + - '**' +permissions: read-all +jobs: + PR: + runs-on: ubuntu-latest + concurrency: + group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} + cancel-in-progress: true + strategy: + fail-fast: false + matrix: + sanitizer: [address, undefined, memory] + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + with: + language: c++ + github-token: ${{ secrets.GITHUB_TOKEN }} + sanitizer: ${{ matrix.sanitizer }} + # Optional but recommended: used to only run fuzzers that are affected + # by the PR. + # See later section on "Git repo for storage". + #storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/fuzzers-corpus.git + #storage-repo-branch: main # Optional. Defaults to "main" + #storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". + - name: Run Fuzzers (${{ matrix.sanitizer }}) + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 600 # 10 minutes + mode: 'code-change' + sanitizer: ${{ matrix.sanitizer }} + # Optional but recommended: used to download the corpus produced by + # batch fuzzing. + # See later section on "Git repo for storage". + #storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/fuzzers-corpus.git + #storage-repo-branch: main # Optional. Defaults to "main" + #storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". + diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 6a3571fd..4b447e33 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -17,6 +17,13 @@ add_library(stellar ../src/stellar_parser.c ) +if (FUZZ) + add_library(bsd STATIC IMPORTED) + set_property(TARGET bsd PROPERTY IMPORTED_LOCATION /lib/x86_64-linux-gnu/libbsd.a) +else() + add_library(bsd) +endif() + target_include_directories(stellar PUBLIC ../src include) target_link_libraries(stellar PRIVATE bsd) @@ -41,8 +48,18 @@ if (FUZZ) message(FATAL_ERROR "Fuzzer needs to be built with Clang") endif() + # compatible with ClusterFuzzLite + if (NOT DEFINED ENV{LIB_FUZZING_ENGINE}) + set(COMPILATION_FLAGS_ "-fsanitize=address,fuzzer -g") + else() + set(COMPILATION_FLAGS_ "$ENV{LIB_FUZZING_ENGINE} $ENV{CXXFLAGS}") + endif() + + string(REPLACE " " ";" COMPILATION_FLAGS ${COMPILATION_FLAGS_}) + message(${COMPILATION_FLAGS}) + add_executable(fuzz_tx src/fuzz_tx.c) - target_compile_options(fuzz_tx PRIVATE -fsanitize=address,fuzzer -g -ggdb2) - target_link_options(fuzz_tx PRIVATE -fsanitize=address,fuzzer) + target_compile_options(fuzz_tx PRIVATE ${COMPILATION_FLAGS}) + target_link_options(fuzz_tx PRIVATE ${COMPILATION_FLAGS}) target_link_libraries(fuzz_tx PRIVATE stellar bsd crypto) endif() From 3da5353eabd8af7fa848c4b4ed32a24efb971472 Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Mon, 13 Jun 2022 10:18:07 +0200 Subject: [PATCH 2/9] fix build.sh --- .clusterfuzzlite/build.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh index d2f91e0e..65568903 100755 --- a/.clusterfuzzlite/build.sh +++ b/.clusterfuzzlite/build.sh @@ -4,11 +4,6 @@ pushd fuzz ./build.sh -#pwd -#ls -#ls ./cmake-build-fuzz -#ldd ./cmake-build-fuzz/fuzz_tx -#ls -lah /lib/x86_64-linux-gnu/libbsd.so.0 mv ./cmake-build-fuzz/fuzz_tx $OUT/app-stellar-fuzz-tx popd From 4967e33b4a017e9a5242965df46dadd2dab384f3 Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Mon, 13 Jun 2022 10:26:05 +0200 Subject: [PATCH 3/9] fix cmakelists --- tests/CMakeLists.txt | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 4b447e33..caa06206 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -20,8 +20,6 @@ add_library(stellar if (FUZZ) add_library(bsd STATIC IMPORTED) set_property(TARGET bsd PROPERTY IMPORTED_LOCATION /lib/x86_64-linux-gnu/libbsd.a) -else() - add_library(bsd) endif() target_include_directories(stellar PUBLIC ../src include) From a95776bb5c0d5ae26db3989530d389eb52f89bbc Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Mon, 13 Jun 2022 11:35:16 +0200 Subject: [PATCH 4/9] fix undefined behaviours --- src/stellar_parser.c | 6 +++--- src/stellar_utils.c | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/stellar_parser.c b/src/stellar_parser.c index cbc9dbe4..604ffd43 100644 --- a/src/stellar_parser.c +++ b/src/stellar_parser.c @@ -46,7 +46,7 @@ static bool buffer_read32(buffer_t *buffer, uint32_t *n) { } const uint8_t *ptr = buffer->ptr + buffer->offset; - *n = ptr[3] + (ptr[2] << 8u) + (ptr[1] << 16u) + (ptr[0] << 24u); + *n = ptr[3] + (ptr[2] << 8u) + (ptr[1] << 16u) + ((uint32_t)(ptr[0]) << 24u); buffer_advance(buffer, 4); return true; } @@ -58,8 +58,8 @@ bool buffer_read64(buffer_t *buffer, uint64_t *n) { } const uint8_t *ptr = buffer->ptr + buffer->offset; - uint32_t i1 = ptr[3] + (ptr[2] << 8u) + (ptr[1] << 16u) + (ptr[0] << 24u); - uint32_t i2 = ptr[7] + (ptr[6] << 8u) + (ptr[5] << 16u) + (ptr[4] << 24u); + uint32_t i1 = ptr[3] + (ptr[2] << 8u) + (ptr[1] << 16u) + ((uint32_t)(ptr[0]) << 24u); + uint32_t i2 = ptr[7] + (ptr[6] << 8u) + (ptr[5] << 16u) + ((uint32_t)(ptr[4]) << 24u); *n = i2 | ((uint64_t) i1 << 32u); buffer->offset += 8; return true; diff --git a/src/stellar_utils.c b/src/stellar_utils.c index fbc924e7..e539b8d8 100644 --- a/src/stellar_utils.c +++ b/src/stellar_utils.c @@ -40,7 +40,7 @@ bool parse_bip32_path(uint8_t *path, } for (size_t i = 0; i < path_length; i++) { - path_parsed[i] = (path[0] << 24u) | (path[1] << 16u) | (path[2] << 8u) | (path[3]); + path_parsed[i] = ((uint32_t)(path[0]) << 24u) | (path[1] << 16u) | (path[2] << 8u) | (path[3]); path += 4; } @@ -48,10 +48,10 @@ bool parse_bip32_path(uint8_t *path, } unsigned short crc16(char *ptr, int count) { - int crc; + uint32_t crc; crc = 0; while (--count >= 0) { - crc = crc ^ (int) *ptr++ << 8; + crc = crc ^ (uint32_t) *ptr++ << 8; int i = 8; do { if (crc & 0x8000) @@ -75,7 +75,7 @@ int base32_encode(const uint8_t *data, int length, char *result, int bufSize) { } if (length > 0) { - int buffer = data[0]; + uint32_t buffer = data[0]; int next = 1; int bitsLeft = 8; int quantum = 8; From 8711f23ee7702988d1419ea9ad828de5b11865cf Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Mon, 13 Jun 2022 11:39:56 +0200 Subject: [PATCH 5/9] fix code style --- src/stellar_utils.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/stellar_utils.c b/src/stellar_utils.c index e539b8d8..46612526 100644 --- a/src/stellar_utils.c +++ b/src/stellar_utils.c @@ -40,7 +40,8 @@ bool parse_bip32_path(uint8_t *path, } for (size_t i = 0; i < path_length; i++) { - path_parsed[i] = ((uint32_t)(path[0]) << 24u) | (path[1] << 16u) | (path[2] << 8u) | (path[3]); + path_parsed[i] = + ((uint32_t)(path[0]) << 24u) | (path[1] << 16u) | (path[2] << 8u) | (path[3]); path += 4; } From a074fc7b545358004dc5a8e78aee31bd07f9a52f Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Mon, 13 Jun 2022 14:33:40 +0200 Subject: [PATCH 6/9] fix negation of int64_min --- src/stellar_utils.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/stellar_utils.c b/src/stellar_utils.c index 46612526..2e9b2eff 100644 --- a/src/stellar_utils.c +++ b/src/stellar_utils.c @@ -347,8 +347,15 @@ int print_int(int64_t l, char *out, size_t out_len) { return -1; } if (l < 0) { + uint64_t n; + out[0] = '-'; - return print_uint(-l, out + 1, out_len - 1); + if (l == INT64_MIN) { + n = (uint64_t)l; + } else { + n = -l; + } + return print_uint(n, out + 1, out_len - 1); } return print_uint(l, out, out_len); } From b6927f2a76ca3c854ce4440e0f3e605eafd8fe53 Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Mon, 13 Jun 2022 15:26:26 +0200 Subject: [PATCH 7/9] apply clang-format --- src/stellar_utils.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/stellar_utils.c b/src/stellar_utils.c index 2e9b2eff..edeffa43 100644 --- a/src/stellar_utils.c +++ b/src/stellar_utils.c @@ -40,7 +40,7 @@ bool parse_bip32_path(uint8_t *path, } for (size_t i = 0; i < path_length; i++) { - path_parsed[i] = + path_parsed[i] = ((uint32_t)(path[0]) << 24u) | (path[1] << 16u) | (path[2] << 8u) | (path[3]); path += 4; } @@ -351,8 +351,8 @@ int print_int(int64_t l, char *out, size_t out_len) { out[0] = '-'; if (l == INT64_MIN) { - n = (uint64_t)l; - } else { + n = (uint64_t) l; + } else { n = -l; } return print_uint(n, out + 1, out_len - 1); From b8158ab473e712785e9f995d7c2e36d95c9e425d Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Mon, 13 Jun 2022 16:42:40 +0200 Subject: [PATCH 8/9] Fix functional tests issue. ERROR functional_test.py - TypeError: Descriptors cannot not be created direc... --- tests/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/requirements.txt b/tests/requirements.txt index 7b572249..620d452e 100644 --- a/tests/requirements.txt +++ b/tests/requirements.txt @@ -1,3 +1,4 @@ construct==2.10.61 pytest>=6.1.1,<7.0.0 ledgerwallet>=0.1.2 +protobuf~=3.19 From fd92c3173d9db3ebb587b506c74d65df64f6f751 Mon Sep 17 00:00:00 2001 From: Jorge Martins Date: Mon, 20 Jun 2022 09:35:42 +0200 Subject: [PATCH 9/9] Run fuzzer once a week for one hour -fix typo --- .github/workflows/cflite_batch.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cflite_batch.yml b/.github/workflows/cflite_batch.yml index af20b6d2..b1c7861b 100644 --- a/.github/workflows/cflite_batch.yml +++ b/.github/workflows/cflite_batch.yml @@ -1,7 +1,7 @@ name: ClusterFuzzLite batch fuzzing on: schedule: - - cron: '0 21 * * *' # Every day 21.00 + - cron: '1 * * * 0' # Every sunday permissions: read-all jobs: BatchFuzzing: @@ -22,7 +22,7 @@ jobs: uses: google/clusterfuzzlite/actions/run_fuzzers@v1 with: github-token: ${{ secrets.GITHUB_TOKEN }} - fuzz-seconds: 3600 # 1 hours + fuzz-seconds: 3600 # 1 hour mode: 'batch' sanitizer: ${{ matrix.sanitizer }} # Optional but recommended: For storing certain artifacts from fuzzing.