Google Git
Sign in
android / platform / external / libprotobuf-mutator / 17789d1039f1cd5fb6c72ee715192c8c8d630fd0
commit17789d1039f1cd5fb6c72ee715192c8c8d630fd0[log] [tgz]
authorTomáš Popela <tomas.popela@gmail.com>Tue Aug 15 13:41:59 2017 +0200
committerVitaly Buka <vitalybuka@gmail.com>Tue Aug 15 15:59:45 2017 -0700
tree795a80a7efd82f9b779ca28f0bbb3a109b841f5e
parent428ad7100534c2a5906149dd724129e97cbdac6b [diff]
Fix compilation with GCC 7

The build with GCC 7 fails with:

FAILED: obj/third_party/libprotobuf-mutator/libprotobuf-mutator/mutator.o
g++ -MMD -MF obj/third_party/libprotobuf-mutator/libprotobuf-mutator/mutator.o.d -DV8_DEPRECATION_WARNINGS -DUSE_UDEV -DUSE_AURA=1 -DUSE_PANGO=1 -DUSE_CAIRO=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD -DSAFE_BROWSING_DB_LOCAL -DCHROMIUM_BUILD -DFIELDTRIAL_TESTING_ENABLED -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D_FORTIFY_SOURCE=2 -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DGOOGLE_PROTOBUF_NO_RTTI -DGOOGLE_PROTOBUF_NO_STATIC_INITIALIZER -DHAVE_PTHREAD -I../.. -Igen -I../../third_party/libprotobuf-mutator/src -I../../third_party/protobuf/src -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -Wno-builtin-macro-redefined -D__DATE__= -D__TIME__= -D__TIMESTAMP__= -funwind-tables -fPIC -pipe -pthread -m64 -march=x86-64 -Wall -Wno-unused-local-typedefs -Wno-maybe-uninitialized -Wno-missing-field-initializers -Wno-unused-parameter -O2 -fno-ident -fdata-sections -ffunction-sections -fomit-frame-pointer -g0 -fvisibility=hidden -std=gnu++14 -Wno-narrowing -fno-rtti -fno-exceptions -fvisibility-inlines-hidden -c ../../third_party/libprotobuf-mutator/src/src/mutator.cc -o obj/third_party/libprotobuf-mutator/libprotobuf-mutator/mutator.o
../../third_party/libprotobuf-mutator/src/src/mutator.cc:35:12: error: ‘std::placeholders’ has not been declared
 using std::placeholders::_1;
            ^~~~~~~~~~~~
../../third_party/libprotobuf-mutator/src/src/mutator.cc: In member function ‘void protobuf_mutator::FieldMutator::Mutate(int32_t*) const’:
../../third_party/libprotobuf-mutator/src/src/mutator.cc:342:30: error: ‘bind’ is not a member of ‘std’
     RepeatMutate(value, std::bind(&Mutator::MutateInt32, mutator_, _1));
                              ^~~~
../../third_party/libprotobuf-mutator/src/src/mutator.cc:342:30: note: suggested alternative: ‘find’
     RepeatMutate(value, std::bind(&Mutator::MutateInt32, mutator_, _1));
                              ^~~~
                              find
... truncated for simplicity.

Including functional fixes the build.
1 file changed
tree: 795a80a7efd82f9b779ca28f0bbb3a109b841f5e
  1. cmake/
  2. examples/
  3. port/
  4. src/
  5. .clang-format
  6. .gitignore
  7. .travis.yml
  8. AUTHORS
  9. CMakeLists.txt
  10. CONTRIBUTING
  11. LICENSE
  12. README.md
README.md

libprotobuf-mutator

Overview

libprotobuf-mutator is a library to randomly mutate protobuffers.
It could be used together with guided fuzzing engines, such as libFuzzer.

Quick start on Debian/Ubuntu

Install prerequisites:

sudo apt-get update
sudo apt-get install binutils cmake ninja-build liblzma-dev libz-dev pkg-config

Compile and test everything:

mkdir build
cd build
cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_BUILD_TYPE=Debug
ninja check

Clang is only needed for libFuzzer integration.
By default, the system-installed version of protobuf is used. However, on some systems, the system version is too old. You can pass LIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON to cmake to automatically download and build a working version of protobuf.

Usage

To use libprotobuf-mutator simply include protobuf_mutator.h and protobuf_mutator.cc into your build files.

The ProtobufMutator class implements mutations of the protobuf tree structure and mutations of individual fields. The field mutation logic is very basic -- for better results you should override the ProtobufMutator::Mutate* methods with more sophisticated logic, e.g. using libFuzzer's mutators.

To apply one mutation to a protobuf object do the following:

class MyProtobufMutator : public protobuf_mutator::Mutator {
 public:
  MyProtobufMutator(uint32_t seed) : protobuf_mutator::Mutator(seed) {}
  // Optionally redefine the Mutate* methods to perform more sophisticated mutations.
}
void Mutate(MyMessage* message) {
  MyProtobufMutator mutator(my_random_seed);
  mutator.Mutate(message, 200);
}

See also the ProtobufMutatorMessagesTest.UsageExample test from protobuf_mutator_test.cc.

Integrating with libFuzzer

LibFuzzerProtobufMutator can help to integrate with libFuzzer. For example

#include "src/libfuzzer/libfuzzer_macro.h"

DEFINE_PROTO_FUZZER(const MyMessageType& input) {
  // Code which needs to be fuzzed.
  ConsumeMyMessageType(input);
}

Please see libfuzzer_example.cc as an example.