From 48f902ff17346e985a1b49779030cc70feb1b499 Mon Sep 17 00:00:00 2001 From: Ravi Jotwani Date: Mon, 15 Jun 2020 14:44:52 -0700 Subject: [PATCH 1/3] added Draco fuzzers --- .../tools/fuzz/draco_databuffer_fuzzer.cc | 21 ++++ .../tools/fuzz/draco_mesh_decoder_fuzzer.cc | 29 +++++ ...h_decoder_without_dequantization_fuzzer.cc | 30 +++++ .../tools/fuzz/draco_mesh_encoder_fuzzer.cc | 116 ++++++++++++++++++ .../tools/fuzz/draco_pc_decoder_fuzzer.cc | 29 +++++ ...c_decoder_without_dequantization_fuzzer.cc | 30 +++++ 6 files changed, 255 insertions(+) create mode 100644 src/draco/tools/fuzz/draco_databuffer_fuzzer.cc create mode 100644 src/draco/tools/fuzz/draco_mesh_decoder_fuzzer.cc create mode 100644 src/draco/tools/fuzz/draco_mesh_decoder_without_dequantization_fuzzer.cc create mode 100644 src/draco/tools/fuzz/draco_mesh_encoder_fuzzer.cc create mode 100644 src/draco/tools/fuzz/draco_pc_decoder_fuzzer.cc create mode 100644 src/draco/tools/fuzz/draco_pc_decoder_without_dequantization_fuzzer.cc diff --git a/src/draco/tools/fuzz/draco_databuffer_fuzzer.cc b/src/draco/tools/fuzz/draco_databuffer_fuzzer.cc new file mode 100644 index 0000000..4a1ec30 --- /dev/null +++ b/src/draco/tools/fuzz/draco_databuffer_fuzzer.cc @@ -0,0 +1,21 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include "draco/src/draco/core/data_buffer.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + draco::DataBuffer buffer; + buffer.Update(reinterpret_cast(data), static_cast(size)); + return 0; +} diff --git a/src/draco/tools/fuzz/draco_mesh_decoder_fuzzer.cc b/src/draco/tools/fuzz/draco_mesh_decoder_fuzzer.cc new file mode 100644 index 0000000..9a50836 --- /dev/null +++ b/src/draco/tools/fuzz/draco_mesh_decoder_fuzzer.cc @@ -0,0 +1,29 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include + +#include "draco/src/draco/compression/decode.h" +#include "draco/src/draco/core/decoder_buffer.h" +#include "draco/src/draco/mesh/mesh.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + draco::DecoderBuffer buffer; + buffer.Init(reinterpret_cast(data), size); + + draco::Decoder decoder; + decoder.DecodeMeshFromBuffer(&buffer); + + return 0; +} diff --git a/src/draco/tools/fuzz/draco_mesh_decoder_without_dequantization_fuzzer.cc b/src/draco/tools/fuzz/draco_mesh_decoder_without_dequantization_fuzzer.cc new file mode 100644 index 0000000..4c612cc --- /dev/null +++ b/src/draco/tools/fuzz/draco_mesh_decoder_without_dequantization_fuzzer.cc @@ -0,0 +1,30 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include + +#include "draco/src/draco/compression/decode.h" +#include "draco/src/draco/core/decoder_buffer.h" +#include "draco/src/draco/mesh/mesh.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + draco::DecoderBuffer buffer; + buffer.Init(reinterpret_cast(data), size); + + draco::Decoder decoder; + decoder.SetSkipAttributeTransform(draco::GeometryAttribute::POSITION); + decoder.DecodeMeshFromBuffer(&buffer); + + return 0; +} diff --git a/src/draco/tools/fuzz/draco_mesh_encoder_fuzzer.cc b/src/draco/tools/fuzz/draco_mesh_encoder_fuzzer.cc new file mode 100644 index 0000000..04b4f79 --- /dev/null +++ b/src/draco/tools/fuzz/draco_mesh_encoder_fuzzer.cc @@ -0,0 +1,116 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include + +#include "draco/src/draco/mesh/mesh.h" +#include "draco/src/draco/mesh/triangle_soup_mesh_builder.h" +#include "draco/src/draco/compression/encode.h" +#include "draco/src/draco/compression/expert_encode.h" +#include "draco/src/draco/core/encoder_buffer.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + + // Build the mesh + draco::TriangleSoupMeshBuilder mesh_builder; + FuzzedDataProvider stream(data, size); + + const uint num_faces = 5; + mesh_builder.Start(num_faces); + + const int32_t pos_att_id = mesh_builder.AddAttribute( + draco::GeometryAttribute::POSITION, + stream.ConsumeFloatingPoint(), + draco::DT_FLOAT32 + ); + const int32_t tex_att_id_0 = mesh_builder.AddAttribute( + draco::GeometryAttribute::TEX_COORD, + stream.ConsumeFloatingPoint(), + draco::DT_FLOAT32 + ); + const int32_t tex_att_id_1 = mesh_builder.AddAttribute( + draco::GeometryAttribute::TEX_COORD, + stream.ConsumeFloatingPoint(), + draco::DT_FLOAT32 + ); + + uint i; + for (i = 0; i < num_faces; i++) { + mesh_builder.SetAttributeValuesForFace( + pos_att_id, + draco::FaceIndex(i), + draco::Vector3f( + stream.ConsumeFloatingPoint(), + stream.ConsumeFloatingPoint(), + stream.ConsumeFloatingPoint() + ).data(), + draco::Vector3f( + stream.ConsumeFloatingPoint(), + stream.ConsumeFloatingPoint(), + stream.ConsumeFloatingPoint() + ).data(), + draco::Vector3f( + stream.ConsumeFloatingPoint(), + stream.ConsumeFloatingPoint(), + stream.ConsumeFloatingPoint() + ).data() + ); + mesh_builder.SetAttributeValuesForFace( + tex_att_id_0, + draco::FaceIndex(i), + draco::Vector2f( + stream.ConsumeFloatingPoint(), + stream.ConsumeFloatingPoint() + ).data(), + draco::Vector2f( + stream.ConsumeFloatingPoint(), + stream.ConsumeFloatingPoint() + ).data(), + draco::Vector2f( + stream.ConsumeFloatingPoint(), + stream.ConsumeFloatingPoint() + ).data()); + mesh_builder.SetAttributeValuesForFace( + tex_att_id_1, + draco::FaceIndex(i), + draco::Vector2f( + stream.ConsumeFloatingPoint(), + stream.ConsumeFloatingPoint() + ).data(), + draco::Vector2f( + stream.ConsumeFloatingPoint(), + stream.ConsumeFloatingPoint() + ).data(), + draco::Vector2f( + stream.ConsumeFloatingPoint(), + stream.ConsumeFloatingPoint() + ).data()); + } + + auto mesh = mesh_builder.Finalize(); + if (mesh == NULL) + return 0; + + // Encode the mesh + draco::Encoder encoder; + encoder.SetAttributeQuantization(draco::GeometryAttribute::POSITION, + stream.ConsumeIntegral()); + encoder.SetAttributeQuantization(draco::GeometryAttribute::TEX_COORD, + stream.ConsumeIntegral()); + + draco::EncoderBuffer buffer; + encoder.EncodeMeshToBuffer(*mesh.get(), &buffer); + + return 0; +} diff --git a/src/draco/tools/fuzz/draco_pc_decoder_fuzzer.cc b/src/draco/tools/fuzz/draco_pc_decoder_fuzzer.cc new file mode 100644 index 0000000..3a764f1 --- /dev/null +++ b/src/draco/tools/fuzz/draco_pc_decoder_fuzzer.cc @@ -0,0 +1,29 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include + +#include "draco/src/draco/compression/decode.h" +#include "draco/src/draco/core/decoder_buffer.h" +#include "draco/src/draco/point_cloud/point_cloud.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + draco::DecoderBuffer buffer; + buffer.Init(reinterpret_cast(data), size); + + draco::Decoder decoder; + decoder.DecodePointCloudFromBuffer(&buffer); + + return 0; +} diff --git a/src/draco/tools/fuzz/draco_pc_decoder_without_dequantization_fuzzer.cc b/src/draco/tools/fuzz/draco_pc_decoder_without_dequantization_fuzzer.cc new file mode 100644 index 0000000..1d0c539 --- /dev/null +++ b/src/draco/tools/fuzz/draco_pc_decoder_without_dequantization_fuzzer.cc @@ -0,0 +1,30 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#include + +#include "draco/src/draco/compression/decode.h" +#include "draco/src/draco/core/decoder_buffer.h" +#include "draco/src/draco/point_cloud/point_cloud.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + draco::DecoderBuffer buffer; + buffer.Init(reinterpret_cast(data), size); + + draco::Decoder decoder; + decoder.SetSkipAttributeTransform(draco::GeometryAttribute::POSITION); + decoder.DecodePointCloudFromBuffer(&buffer); + + return 0; +} From 968c2104cadb0f79134244895aefabe4591ebfc4 Mon Sep 17 00:00:00 2001 From: Ravi Jotwani Date: Thu, 18 Jun 2020 15:20:43 -0700 Subject: [PATCH 2/3] updated fuzzers in accordance with style guide and removed mesh encoder fuzzer --- .../tools/fuzz/draco_mesh_encoder_fuzzer.cc | 116 ------------------ 1 file changed, 116 deletions(-) delete mode 100644 src/draco/tools/fuzz/draco_mesh_encoder_fuzzer.cc diff --git a/src/draco/tools/fuzz/draco_mesh_encoder_fuzzer.cc b/src/draco/tools/fuzz/draco_mesh_encoder_fuzzer.cc deleted file mode 100644 index 04b4f79..0000000 --- a/src/draco/tools/fuzz/draco_mesh_encoder_fuzzer.cc +++ /dev/null @@ -1,116 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include - -#include "draco/src/draco/mesh/mesh.h" -#include "draco/src/draco/mesh/triangle_soup_mesh_builder.h" -#include "draco/src/draco/compression/encode.h" -#include "draco/src/draco/compression/expert_encode.h" -#include "draco/src/draco/core/encoder_buffer.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - - // Build the mesh - draco::TriangleSoupMeshBuilder mesh_builder; - FuzzedDataProvider stream(data, size); - - const uint num_faces = 5; - mesh_builder.Start(num_faces); - - const int32_t pos_att_id = mesh_builder.AddAttribute( - draco::GeometryAttribute::POSITION, - stream.ConsumeFloatingPoint(), - draco::DT_FLOAT32 - ); - const int32_t tex_att_id_0 = mesh_builder.AddAttribute( - draco::GeometryAttribute::TEX_COORD, - stream.ConsumeFloatingPoint(), - draco::DT_FLOAT32 - ); - const int32_t tex_att_id_1 = mesh_builder.AddAttribute( - draco::GeometryAttribute::TEX_COORD, - stream.ConsumeFloatingPoint(), - draco::DT_FLOAT32 - ); - - uint i; - for (i = 0; i < num_faces; i++) { - mesh_builder.SetAttributeValuesForFace( - pos_att_id, - draco::FaceIndex(i), - draco::Vector3f( - stream.ConsumeFloatingPoint(), - stream.ConsumeFloatingPoint(), - stream.ConsumeFloatingPoint() - ).data(), - draco::Vector3f( - stream.ConsumeFloatingPoint(), - stream.ConsumeFloatingPoint(), - stream.ConsumeFloatingPoint() - ).data(), - draco::Vector3f( - stream.ConsumeFloatingPoint(), - stream.ConsumeFloatingPoint(), - stream.ConsumeFloatingPoint() - ).data() - ); - mesh_builder.SetAttributeValuesForFace( - tex_att_id_0, - draco::FaceIndex(i), - draco::Vector2f( - stream.ConsumeFloatingPoint(), - stream.ConsumeFloatingPoint() - ).data(), - draco::Vector2f( - stream.ConsumeFloatingPoint(), - stream.ConsumeFloatingPoint() - ).data(), - draco::Vector2f( - stream.ConsumeFloatingPoint(), - stream.ConsumeFloatingPoint() - ).data()); - mesh_builder.SetAttributeValuesForFace( - tex_att_id_1, - draco::FaceIndex(i), - draco::Vector2f( - stream.ConsumeFloatingPoint(), - stream.ConsumeFloatingPoint() - ).data(), - draco::Vector2f( - stream.ConsumeFloatingPoint(), - stream.ConsumeFloatingPoint() - ).data(), - draco::Vector2f( - stream.ConsumeFloatingPoint(), - stream.ConsumeFloatingPoint() - ).data()); - } - - auto mesh = mesh_builder.Finalize(); - if (mesh == NULL) - return 0; - - // Encode the mesh - draco::Encoder encoder; - encoder.SetAttributeQuantization(draco::GeometryAttribute::POSITION, - stream.ConsumeIntegral()); - encoder.SetAttributeQuantization(draco::GeometryAttribute::TEX_COORD, - stream.ConsumeIntegral()); - - draco::EncoderBuffer buffer; - encoder.EncodeMeshToBuffer(*mesh.get(), &buffer); - - return 0; -} From 2d433b5779a31ddb5e196843a6bc49777be339a0 Mon Sep 17 00:00:00 2001 From: Ravi Jotwani Date: Thu, 18 Jun 2020 15:34:35 -0700 Subject: [PATCH 3/3] added build script for fuzzing --- src/draco/tools/fuzz/build.sh | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 src/draco/tools/fuzz/build.sh diff --git a/src/draco/tools/fuzz/build.sh b/src/draco/tools/fuzz/build.sh new file mode 100644 index 0000000..bbeb105 --- /dev/null +++ b/src/draco/tools/fuzz/build.sh @@ -0,0 +1,35 @@ +#!/bin/bash -eu +# Copyright 2020 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# build project +cmake $SRC/draco +# The draco_decoder and draco_encoder binaries don't build nicely with OSS-Fuzz +# options, so just build the Draco shared libraries. +make -j$(nproc) draco + +# build fuzzers +for fuzzer in $(find $SRC/draco/src/draco/tools/fuzz -name '*.cc'); do + fuzzer_basename=$(basename -s .cc $fuzzer) + $CXX $CXXFLAGS \ + -I $SRC/ \ + -I $SRC/draco/src \ + -I $WORK/ \ + $LIB_FUZZING_ENGINE \ + $fuzzer \ + $WORK/libdraco.a \ + -o $OUT/$fuzzer_basename +done