diff --git a/fuzzer/runner.py b/fuzzer/runner.py new file mode 100644 index 0000000..0c06d4b --- /dev/null +++ b/fuzzer/runner.py @@ -0,0 +1,20 @@ +import os, sys +import glob +import subprocess + +def main(): + for g in glob.glob("../tests/afl/id*"): + print(g) + + cmd = ["../a.out", g] + + proc = subprocess.Popen(cmd) + try: + outs, errs = proc.communicate(timeout=15) + print(outs) + except TimeoutExpired: + proc.kill() + outs, errs = proc.communicate() + + +main() diff --git a/tests/afl/README.txt b/tests/afl/README.txt new file mode 100644 index 0000000..b557d9b --- /dev/null +++ b/tests/afl/README.txt @@ -0,0 +1,17 @@ +Command line used to find this crash: + +afl-fuzz -i in -o out ./test_loader @@ + +If you can't reproduce a bug outside of afl-fuzz, be sure to set the same +memory limit. The limit used for this fuzzing session was 50.0 MB. + +Need a tool to minimize test cases before investigating the crashes or sending +them to a vendor? Check out the afl-tmin that comes with the fuzzer! + +Found any cool bugs in open-source tools using afl-fuzz? If yes, please drop +me a mail at once the issues are fixed - I'd love to +add your finds to the gallery at: + + http://lcamtuf.coredump.cx/afl/ + +Thanks :-) diff --git a/tests/afl/id:000000,sig:11,src:000000,op:havoc,rep:128 b/tests/afl/id:000000,sig:11,src:000000,op:havoc,rep:128 new file mode 100644 index 0000000..55cc9af Binary files /dev/null and b/tests/afl/id:000000,sig:11,src:000000,op:havoc,rep:128 differ diff --git a/tests/afl/id:000001,sig:11,src:000000,op:havoc,rep:64 b/tests/afl/id:000001,sig:11,src:000000,op:havoc,rep:64 new file mode 100644 index 0000000..859bbf1 Binary files /dev/null and b/tests/afl/id:000001,sig:11,src:000000,op:havoc,rep:64 differ diff --git a/tests/afl/id:000002,sig:11,src:000000,op:havoc,rep:4 b/tests/afl/id:000002,sig:11,src:000000,op:havoc,rep:4 new file mode 100644 index 0000000..ba3835a --- /dev/null +++ b/tests/afl/id:000002,sig:11,src:000000,op:havoc,rep:4 @@ -0,0 +1,33 @@ +# cube.obj +# + +} cube + +v d.0 0.0 0.0 +v 0.0 0.0 1.0 +v 0.0 1.0 0.0 +v 0.0 1.0 1.0 +v 1.0 0.0 0.0 +v 1.0 0.0 1.0 +v 1.0 1.0 0.0 +v 1.0 1.0 1.0 + +vn 0.0 0.0 1.0 +vn 0.0 0.0 -1.0 +vn 0.0 1.0 0.0 +vn 0.0 -1.0 0.0 +vn 1.0 0.0 0.0 +vn -1.0 0.0 0.0 + +f 1//2 7//2 5//2 +f 1//2 3//2 7//2 +f 1/6 4//6 3//6 +f 1//6 2//6 4//6 +f 3//3 8//3 7//3 +f 3//3 4//3 8//3 +f 5//5 7//5 8//5 +f 5//5 8//5 6//5 +f 1//4 5//4 55555555555555 6//4 +f 1//4 6//4 2//4 +f 2//1 6//1 8//1 +f 2//1 8//1 4//1 diff --git a/tests/afl/id:000003,sig:11,src:000000,op:havoc,rep:4 b/tests/afl/id:000003,sig:11,src:000000,op:havoc,rep:4 new file mode 100644 index 0000000..9b18387 --- /dev/null +++ b/tests/afl/id:000003,sig:11,src:000000,op:havoc,rep:4 @@ -0,0 +1,35 @@ +# cube.obj +# + 4 +f 1//4 6//4 2//4 +f +g cube + +v 0.0 0.0 +v 0.0 0.0 1.0 +v 0.0 1.0 0.0 +v 0.0 1.0 1.0 +v 1.0 0.0 0.0 +v 1.0 0.0 1.0 +v 1.0 1.0 0.0 +v 1.0 1.0 1.0 + +n 0.0 0.0 1.0 +vn 0.0 0.0 -1.0 +vn 0.0 1.0 0.0 +vn 0.0 -1.0 0.0 +vn 1.0 0.0 0.0 +vn -1.0 0.0 0.0 + +f 1//2 7//2 5//2 +f 1//2 3//2 7//2 +f 1//6 4//6 3//6 +f 1//6 2//6 4//6 +f 3//3 8//3 7//3 +f 3//3 4//3 8//3 +f 5//5 7//5 //5 +f 5//5 8//5 6//5 +f 1//4 5//4 6//4 +f 1//4 6//4 2//4 +f 2//1 6//1 8//1 +f 2//1 8//1 4//1 diff --git a/tests/afl/id:000004,sig:11,src:000000,op:havoc,rep:2 b/tests/afl/id:000004,sig:11,src:000000,op:havoc,rep:2 new file mode 100644 index 0000000..a3303f9 --- /dev/null +++ b/tests/afl/id:000004,sig:11,src:000000,op:havoc,rep:2 @@ -0,0 +1,34 @@ +# cube.ob7//3 +f 3//3 4//3 8//3j +# + +g cube + +v 0.0 0.0 0.0 +v 0.0 0.0 1.0 +v 0.0 1ÿ0 0.0 +v 0.0 1.0 1.0 +v 1.0 0.0 0.0 +v 1.0 0.0 1.0 +v 1.0 1.0 0.0 +v 1.0 1.0 1.0 + +vn 0.0 0.0 1.0 +vn 0.0 0.0 -1.0 +vn 0.0 1.0 0.0 +vn 0.0 -1.0 0.0 +vn 1.0 0.0 0.0 +vn -1.0 0.0 0.0 + +f 1//2 7//2 5//2 +f 1//2 3//2 7//2 +f 1//6 4//6 3//6 +f 1//6 2//6 4//6 +f 3//3 8//3 7//3 +f 3//3 4//3 8//3 +f 5//5 7//5 8//5 +f 5//5 8//5 6//5 +f 1//4 5//4 6//4 +f 1//4 6//4 2//4 +f 2//1 6//1 8//1 +f 2//1 8//1 4//1 diff --git a/tests/afl/id:000005,sig:11,src:000000,op:havoc,rep:4 b/tests/afl/id:000005,sig:11,src:000000,op:havoc,rep:4 new file mode 100644 index 0000000..d7ea3a3 Binary files /dev/null and b/tests/afl/id:000005,sig:11,src:000000,op:havoc,rep:4 differ diff --git a/tests/afl/id:000006,sig:11,src:000000,op:havoc,rep:128 b/tests/afl/id:000006,sig:11,src:000000,op:havoc,rep:128 new file mode 100644 index 0000000..7468dd9 Binary files /dev/null and b/tests/afl/id:000006,sig:11,src:000000,op:havoc,rep:128 differ diff --git a/tests/afl/id:000007,sig:11,src:000000,op:havoc,rep:32 b/tests/afl/id:000007,sig:11,src:000000,op:havoc,rep:32 new file mode 100644 index 0000000..911d321 Binary files /dev/null and b/tests/afl/id:000007,sig:11,src:000000,op:havoc,rep:32 differ diff --git a/tests/afl/id:000008,sig:11,src:000000,op:havoc,rep:8 b/tests/afl/id:000008,sig:11,src:000000,op:havoc,rep:8 new file mode 100644 index 0000000..28b34dd Binary files /dev/null and b/tests/afl/id:000008,sig:11,src:000000,op:havoc,rep:8 differ diff --git a/tests/afl/id:000009,sig:11,src:000000,op:havoc,rep:128 b/tests/afl/id:000009,sig:11,src:000000,op:havoc,rep:128 new file mode 100644 index 0000000..797b865 Binary files /dev/null and b/tests/afl/id:000009,sig:11,src:000000,op:havoc,rep:128 differ diff --git a/tests/afl/id:000010,sig:11,src:000000,op:havoc,rep:16 b/tests/afl/id:000010,sig:11,src:000000,op:havoc,rep:16 new file mode 100644 index 0000000..f74ccdd --- /dev/null +++ b/tests/afl/id:000010,sig:11,src:000000,op:havoc,rep:16 @@ -0,0 +1,29 @@ +# cube.obj +# + +g +v 0.0 0.0 0.0 +v 0.0 0.0 1,0 +T 0.0 1.0 0.0 +v 4.0 1c0 1.0 +v 1.0 0.0 0.0 +v 1.0 0.0 1.0 +v 1.0 1.0 0.0 +v 1.0 1.0 /////////////////////////////.0 0.0 -1.0 +vn 0.0 1.0 0.0 +vÿ 0.0 -1.0 0.0 +vn 1.0 0.0 0.0 +vn -1.0 0.0 0.0 + +f 1//2 7//2 5//2 +f 1//2 3//2 7//2 +f 1//6 4//6 3//6 +f 1//6 2//6 4//6 +f 3//3 8//3 7//3 +f 3//3 4//3 8K/31 +f/6 4//6 3//6 +f 1//6 2 5//5 7//5 8//5 +f 5//5 8//5 6//5" +f 1//4 5//4 2222222222224f 1//2 7//2 5 6//4 2//4 +f 3//1 6//1 8//1 +f 2//1 8//1 4//1 diff --git a/tests/afl/id:000011,sig:11,src:000000,op:havoc,rep:8 b/tests/afl/id:000011,sig:11,src:000000,op:havoc,rep:8 new file mode 100644 index 0000000..721700d --- /dev/null +++ b/tests/afl/id:000011,sig:11,src:000000,op:havoc,rep:8 @@ -0,0 +1,33 @@ +# cube.obj +# + +g cube + +v 0.0 0.0 0.0 +v 0.0 0.0 1.0 +v 0.0 1.0 0.0 +v 0.0 1.0 1.0 +v 1.0 0.0 0.0 +v 1.0 0.0 1.0 +v 1.0 1.0 0.0 +v 1.0 1.0 1.0 + +vn 0.0 0.0 1.0 +vn 0ƒ0 0.0 -1.0 +vn 0.0 1.0 00 +vn 0.0 -Ê.0 0.0 +vn 1. 0.0 0.0 +vn -1.0 0.0 0.0 + +f 1//2 7//2 5//2 +f 1//2 3//2 7//2 +f 1//6 40000000000000000vvvvvvvvvvvvvvvv00000080000000//6 3//6 +f 1//6 2//6 4//6 +f 3//3 8//3 7//3 +f 3//3 4//3 8//3 +f 5//5 7//5 8//5 +f 5//5 8//5 6//5 +f 1//4 56//4 +f 1//4 6//4 2//4 +f 2//1 6//1 8//1 +f 2//1 8//1 4//1 diff --git a/tests/afl/id:000012,sig:06,src:000000,op:havoc,rep:32 b/tests/afl/id:000012,sig:06,src:000000,op:havoc,rep:32 new file mode 100644 index 0000000..3cd82af Binary files /dev/null and b/tests/afl/id:000012,sig:06,src:000000,op:havoc,rep:32 differ diff --git a/tests/afl/id:000013,sig:11,src:000093,op:havoc,rep:4 b/tests/afl/id:000013,sig:11,src:000093,op:havoc,rep:4 new file mode 100644 index 0000000..d7a8d48 --- /dev/null +++ b/tests/afl/id:000013,sig:11,src:000093,op:havoc,rep:4 @@ -0,0 +1,32 @@ +# cube.obj +# + +g cube + +v 0.0 0.0 0.0 +v 0.0 0.0 1.0 +v 0.0 1.0 0.0 +v 0.0 1.0 1.0 +v 1.0 0.0 0.0 +v 1.0 0.0 1.0 +v 1.0 1.0 0.0 +v 1.0 1.0 1.0 + +vn 0.0 0.0 1.0 +vn 0.0 0.0 -1.0 +vn 0.0 1.0 0.0 +vn 0.0 -1.0 0.0 +vn 1.0 0.0 0. +vn -1.0 0.0 0.0 + +f 1//2 7//2 5//2 +f 1//2 3//2 7//2 +f 1//6 4//6 3//6 +f 1//6 2//6 4//6 +f 3//3 8//3 7//3 +f 3//3 4//3 08//3 +f 5//5 7//5 8//5!Šf 5//5 8//5 6//5 +f 1//4 5//4 65555//4 +f 1//4 6//4 2//4 +f 2//1 6//1 8//1 +f 2//1 8//1 4//1 diff --git a/tests/afl/id:000014,sig:11,src:000093,op:havoc,rep:64 b/tests/afl/id:000014,sig:11,src:000093,op:havoc,rep:64 new file mode 100644 index 0000000..64a3643 Binary files /dev/null and b/tests/afl/id:000014,sig:11,src:000093,op:havoc,rep:64 differ diff --git a/tests/afl/id:000015,sig:11,src:000093,op:havoc,rep:2 b/tests/afl/id:000015,sig:11,src:000093,op:havoc,rep:2 new file mode 100644 index 0000000..ef6c3f4 --- /dev/null +++ b/tests/afl/id:000015,sig:11,src:000093,op:havoc,rep:2 @@ -0,0 +1,33 @@ +# cube.7//3 +f 3//3 4//3 8//3 +obj +# + +g cube + +v 0.0 0.0 0.0 +v 0.0 0.0 1.0 +v .0 1.0 +v 1.0 0.0 0.0 +v 1.0 0.0 1.0 +v 1.0 1.0 0.0 +v 1.0 1.0 1.0 + +vn 0.0 0.0 1.0 +vn 0.0 0.0 -1.0 +vn 0.0 1.0 0.0 +vn 0.0 -1.0 0.0 +vn 1.0 0.0 0.0 +vn -1.0 0.0 0.0 + +f 1//2 7//2 5//2 +f 1//2 3//2 7//2 +f 1//6 4//6 3//6 +f 1//6 2//6 4//6 +f 3//3 8//3 7//3 +f 3//3 4//3 8//3 +f 5//5 7//5 8//5!Šf 5//5 8//5 6//5 +f 1//4 5//4 6//4 +f 1//4 6//4 2//4 +f 2//1 6//1 8//1 +f 2//1 8//1 4//1 diff --git a/tests/afl/id:000016,sig:11,src:000093,op:havoc,rep:8 b/tests/afl/id:000016,sig:11,src:000093,op:havoc,rep:8 new file mode 100644 index 0000000..d91402f Binary files /dev/null and b/tests/afl/id:000016,sig:11,src:000093,op:havoc,rep:8 differ diff --git a/tests/afl/id:000017,sig:11,src:000093,op:havoc,rep:4 b/tests/afl/id:000017,sig:11,src:000093,op:havoc,rep:4 new file mode 100644 index 0000000..27853f1 --- /dev/null +++ b/tests/afl/id:000017,sig:11,src:000093,op:havoc,rep:4 @@ -0,0 +1,30 @@ +# cube.obj +# + +g cuvP 0.0 0.0 .0 +v 0.0 0.0 1.0 +v 0.0 1.0 0.0 +v 0.0 1.0 1.0 +v 1.0 0.0 0.0 +v 1.0 0.0 1.0 +v 1.0 1.0 0.0 +v 1.0 1.0 1.0 + +vn 0.0 0.0 1.0 +vn 0.0 0.0 -1.0 +vn 0.0 1.0 0.0 +vn 0.0 -1.0 0.0 +vn 1.0 0.0 0.0 +vn -1.0 0.0 0.0 + +f 1//2 7//2 5//2 +f 1//2 3//2 7//2 +f 1//6 4//6 3//6 +f 1//6 2//6 4//6 +f 3//3 8//3 7//3 +f 3//3 4//3 8//3 +f 5//5 7//5 8//5!Šf 5//5 8//5 6//5 +f 1//4 5//4 6//4 +f 1//4 6666666666666666//4 2//4 +f 2//1 6//1 8//1 +f 2//1 8//1 4//1 diff --git a/tests/afl/id:000018,sig:06,src:000141,op:flip1,pos:449 b/tests/afl/id:000018,sig:06,src:000141,op:flip1,pos:449 new file mode 100644 index 0000000..97dd9b6 --- /dev/null +++ b/tests/afl/id:000018,sig:06,src:000141,op:flip1,pos:449 @@ -0,0 +1,33 @@ +# cube.obj +# + +g cube + +v 0.0 0.0 0.0 +v 0.0 0.0 1.0 +v 0.0 1.0 0.0 +v 0.0 1.0 1.0 +v 1.0 0.0 0.0 +v 1.0 0.0 1.0 +v 1.0 1.0 0.0 +v 1.0 1.0 1.0 + +vn 0.0 0.0 1.0 +vn 0.0 0.0 -1.0 +vn 0.0 1.0 0.0 +vn 0.0 -1.0 0.0 +vn 1.0 0.0 0.0 +vn -1.0 0.0 0.0 + +f 1//2 7//2 5//2 +f 1//2 3//2 7//2 +f 1//6 4//6 3//6 +f 1//6 2//6 4//6 +f 3//3 8//3 7//3 +f 3//3 4//3 8//3 +f 5//5 7//5 8//5 +f 5//5 8//5 6//5 +t 1//4 5/-4 6//4 +f 1//4 6//4 2//4 +f 2//1 6//1 8//1 +f 2//1 8//1 4//1 diff --git a/tests/afl/id:000019,sig:06,src:000141,op:arith8,pos:446,val:+13 b/tests/afl/id:000019,sig:06,src:000141,op:arith8,pos:446,val:+13 new file mode 100644 index 0000000..36d1a9a --- /dev/null +++ b/tests/afl/id:000019,sig:06,src:000141,op:arith8,pos:446,val:+13 @@ -0,0 +1,33 @@ +# cube.obj +# + +g cube + +v 0.0 0.0 0.0 +v 0.0 0.0 1.0 +v 0.0 1.0 0.0 +v 0.0 1.0 1.0 +v 1.0 0.0 0.0 +v 1.0 0.0 1.0 +v 1.0 1.0 0.0 +v 1.0 1.0 1.0 + +vn 0.0 0.0 1.0 +vn 0.0 0.0 -1.0 +vn 0.0 1.0 0.0 +vn 0.0 -1.0 0.0 +vn 1.0 0.0 0.0 +vn -1.0 0.0 0.0 + +f 1//2 7//2 5//2 +f 1//2 3//2 7//2 +f 1//6 4//6 3//6 +f 1//6 2//6 4//6 +f 3//3 8//3 7//3 +f 3//3 4//3 8//3 +f 5//5 7//5 8//5 +f 5//5 8//5 6//5 +t 1//4 -5//4 6//4 +f 1//4 6//4 2//4 +f 2//1 6//1 8//1 +f 2//1 8//1 4//1 diff --git a/tests/afl/id:000020,sig:06,src:000141,op:havoc,rep:128 b/tests/afl/id:000020,sig:06,src:000141,op:havoc,rep:128 new file mode 100644 index 0000000..dd76e6b Binary files /dev/null and b/tests/afl/id:000020,sig:06,src:000141,op:havoc,rep:128 differ diff --git a/tests/afl/id:000021,sig:06,src:000141,op:havoc,rep:4 b/tests/afl/id:000021,sig:06,src:000141,op:havoc,rep:4 new file mode 100644 index 0000000..363002a --- /dev/null +++ b/tests/afl/id:000021,sig:06,src:000141,op:havoc,rep:4 @@ -0,0 +1,35 @@ +# cube.obj +# + +g cube + +v 0.0 0.0 0.0 +v 0.0 0.0 1.0 +v 0.0 1.0 0.0 +v 0.0 1.0 1.0 +v 1.0 0.0 0.0 +v 1.0 0.0 1.0 +v 1.0 1.0 0.0 +v 1.0 1.0 1.0 + +vn 0.0 0.0 !.0 +vn 0.0 0.0 -1.0 +vn 0.0 1.0 0.0 +vn 0.0 8//5 6//5 +t 1//4 -1.0 0.0 +vn 1.0 0.0 0.0 +f 3//3 8//3 7//3 +f 3//3 +vn -1.0 0.0 0.0 + +f 1//2 7//2 5//2 +f 1//2 3//2 7//2 +f 1//6 4//6 3//6 +f 1//6 2//6 4//6 +f 3//3 8//3 7//3 +f 3//3 4//3 8//3 +f 5//5 7//5 8//5 +f 5//5 8//5 6//5 +t 1//4 5//4 6//4 +f 1//4 6//4 2//4 f 2//1 6//1 8//1 +f 2//1 8//1 4//1 diff --git a/tests/afl/id:000022,sig:11,src:000141,op:havoc,rep:128 b/tests/afl/id:000022,sig:11,src:000141,op:havoc,rep:128 new file mode 100644 index 0000000..7516f64 Binary files /dev/null and b/tests/afl/id:000022,sig:11,src:000141,op:havoc,rep:128 differ diff --git a/tests/afl/id:000023,sig:11,src:000141,op:havoc,rep:128 b/tests/afl/id:000023,sig:11,src:000141,op:havoc,rep:128 new file mode 100644 index 0000000..0de93b1 Binary files /dev/null and b/tests/afl/id:000023,sig:11,src:000141,op:havoc,rep:128 differ diff --git a/tests/afl/id:000024,sig:11,src:000141,op:havoc,rep:128 b/tests/afl/id:000024,sig:11,src:000141,op:havoc,rep:128 new file mode 100644 index 0000000..46505e4 Binary files /dev/null and b/tests/afl/id:000024,sig:11,src:000141,op:havoc,rep:128 differ diff --git a/tests/afl/id:000025,sig:11,src:000141,op:havoc,rep:4 b/tests/afl/id:000025,sig:11,src:000141,op:havoc,rep:4 new file mode 100644 index 0000000..e981347 --- /dev/null +++ b/tests/afl/id:000025,sig:11,src:000141,op:havoc,rep:4 @@ -0,0 +1,32 @@ +# cube.obj +# + +g cube + +v 0.0 0.0 0.0 +v 0.0 0.0 1.0 +v 0.0 1.0 0.0 +v 0.0 1.0 1.0 +v Ï1.0 0.0 0.0 +v 1.0 0.0 1.0 +v 1.0 1.0 0.0 +v 1.0 1.0 1.0 + +vn 0.0 0.0 1.0 +vn 0.0 0.0 -1.0 +vn 0.0 1.0 +vn 1.0 0.0 0.0 +vn -1.0 0.0 0.0 + +f 1//2 7//2 5//2 +f 1//2 3//2 7//2 +f 1//6 4//6 3//6 +f 1//6 2//6 4//6 +f 3//3 8//3 7//3 +f 3//3 4//3 811111//3 +f 5//5 7//5 8//5 +f 5//5 8//5 6//5 +t 1//4 5//4 6//4 +f 1//4 6//4 2//4 +f 2B/1 6//1 8//1 +f 2//1 8//1 4//1 diff --git a/tests/afl/id:000026,sig:11,src:000141,op:havoc,rep:128 b/tests/afl/id:000026,sig:11,src:000141,op:havoc,rep:128 new file mode 100644 index 0000000..51f9db9 Binary files /dev/null and b/tests/afl/id:000026,sig:11,src:000141,op:havoc,rep:128 differ diff --git a/tests/afl/id:000027,sig:11,src:000141,op:havoc,rep:128 b/tests/afl/id:000027,sig:11,src:000141,op:havoc,rep:128 new file mode 100644 index 0000000..0efd81d Binary files /dev/null and b/tests/afl/id:000027,sig:11,src:000141,op:havoc,rep:128 differ diff --git a/tests/afl/id:000028,sig:06,src:000253,op:havoc,rep:32 b/tests/afl/id:000028,sig:06,src:000253,op:havoc,rep:32 new file mode 100644 index 0000000..f16231f Binary files /dev/null and b/tests/afl/id:000028,sig:06,src:000253,op:havoc,rep:32 differ diff --git a/tests/afl/id:000029,sig:11,src:000263,op:havoc,rep:64 b/tests/afl/id:000029,sig:11,src:000263,op:havoc,rep:64 new file mode 100644 index 0000000..c4f2265 Binary files /dev/null and b/tests/afl/id:000029,sig:11,src:000263,op:havoc,rep:64 differ diff --git a/tests/afl/id:000030,sig:11,src:000263,op:havoc,rep:64 b/tests/afl/id:000030,sig:11,src:000263,op:havoc,rep:64 new file mode 100644 index 0000000..8754c72 Binary files /dev/null and b/tests/afl/id:000030,sig:11,src:000263,op:havoc,rep:64 differ diff --git a/tests/afl/id:000031,sig:11,src:000263,op:havoc,rep:32 b/tests/afl/id:000031,sig:11,src:000263,op:havoc,rep:32 new file mode 100644 index 0000000..b5d815e Binary files /dev/null and b/tests/afl/id:000031,sig:11,src:000263,op:havoc,rep:32 differ diff --git a/tests/afl/id:000032,sig:11,src:000263,op:havoc,rep:32 b/tests/afl/id:000032,sig:11,src:000263,op:havoc,rep:32 new file mode 100644 index 0000000..6560430 Binary files /dev/null and b/tests/afl/id:000032,sig:11,src:000263,op:havoc,rep:32 differ diff --git a/tests/afl/id:000033,sig:06,src:000266,op:havoc,rep:32 b/tests/afl/id:000033,sig:06,src:000266,op:havoc,rep:32 new file mode 100644 index 0000000..9d54632 Binary files /dev/null and b/tests/afl/id:000033,sig:06,src:000266,op:havoc,rep:32 differ diff --git a/tests/afl/id:000034,sig:06,src:000266,op:havoc,rep:32 b/tests/afl/id:000034,sig:06,src:000266,op:havoc,rep:32 new file mode 100644 index 0000000..1f2b334 Binary files /dev/null and b/tests/afl/id:000034,sig:06,src:000266,op:havoc,rep:32 differ diff --git a/tests/afl/id:000035,sig:11,src:000271,op:havoc,rep:16 b/tests/afl/id:000035,sig:11,src:000271,op:havoc,rep:16 new file mode 100644 index 0000000..13f97fe Binary files /dev/null and b/tests/afl/id:000035,sig:11,src:000271,op:havoc,rep:16 differ diff --git a/tests/afl/id:000036,sig:11,src:000271,op:havoc,rep:32 b/tests/afl/id:000036,sig:11,src:000271,op:havoc,rep:32 new file mode 100644 index 0000000..752cb5b Binary files /dev/null and b/tests/afl/id:000036,sig:11,src:000271,op:havoc,rep:32 differ diff --git a/tests/afl/id:000037,sig:11,src:000271,op:havoc,rep:8 b/tests/afl/id:000037,sig:11,src:000271,op:havoc,rep:8 new file mode 100644 index 0000000..02535c2 Binary files /dev/null and b/tests/afl/id:000037,sig:11,src:000271,op:havoc,rep:8 differ diff --git a/tests/afl/id:000038,sig:11,src:000271,op:havoc,rep:32 b/tests/afl/id:000038,sig:11,src:000271,op:havoc,rep:32 new file mode 100644 index 0000000..9303330 Binary files /dev/null and b/tests/afl/id:000038,sig:11,src:000271,op:havoc,rep:32 differ diff --git a/tests/afl/id:000039,sig:11,src:000271,op:havoc,rep:8 b/tests/afl/id:000039,sig:11,src:000271,op:havoc,rep:8 new file mode 100644 index 0000000..95fcb6d Binary files /dev/null and b/tests/afl/id:000039,sig:11,src:000271,op:havoc,rep:8 differ diff --git a/tests/afl/id:000040,sig:11,src:000271,op:havoc,rep:64 b/tests/afl/id:000040,sig:11,src:000271,op:havoc,rep:64 new file mode 100644 index 0000000..b94a2ef Binary files /dev/null and b/tests/afl/id:000040,sig:11,src:000271,op:havoc,rep:64 differ diff --git a/tests/afl/id:000041,sig:11,src:000271,op:havoc,rep:32 b/tests/afl/id:000041,sig:11,src:000271,op:havoc,rep:32 new file mode 100644 index 0000000..4198c8a Binary files /dev/null and b/tests/afl/id:000041,sig:11,src:000271,op:havoc,rep:32 differ diff --git a/tests/afl/id:000042,sig:11,src:000271,op:havoc,rep:16 b/tests/afl/id:000042,sig:11,src:000271,op:havoc,rep:16 new file mode 100644 index 0000000..d88a631 Binary files /dev/null and b/tests/afl/id:000042,sig:11,src:000271,op:havoc,rep:16 differ diff --git a/tests/afl/id:000043,sig:11,src:000308,op:havoc,rep:32 b/tests/afl/id:000043,sig:11,src:000308,op:havoc,rep:32 new file mode 100644 index 0000000..cc82093 Binary files /dev/null and b/tests/afl/id:000043,sig:11,src:000308,op:havoc,rep:32 differ diff --git a/tests/afl/id:000044,sig:11,src:000308,op:havoc,rep:16 b/tests/afl/id:000044,sig:11,src:000308,op:havoc,rep:16 new file mode 100644 index 0000000..4fd833a Binary files /dev/null and b/tests/afl/id:000044,sig:11,src:000308,op:havoc,rep:16 differ diff --git a/tests/afl/id:000045,sig:06,src:000352,op:flip1,pos:334 b/tests/afl/id:000045,sig:06,src:000352,op:flip1,pos:334 new file mode 100644 index 0000000..d4d0c08 Binary files /dev/null and b/tests/afl/id:000045,sig:06,src:000352,op:flip1,pos:334 differ diff --git a/tests/afl/id:000046,sig:11,src:000352,op:flip2,pos:299 b/tests/afl/id:000046,sig:11,src:000352,op:flip2,pos:299 new file mode 100644 index 0000000..51fc6d3 Binary files /dev/null and b/tests/afl/id:000046,sig:11,src:000352,op:flip2,pos:299 differ diff --git a/tests/afl/id:000047,sig:06,src:000352,op:havoc,rep:16 b/tests/afl/id:000047,sig:06,src:000352,op:havoc,rep:16 new file mode 100644 index 0000000..561bd72 Binary files /dev/null and b/tests/afl/id:000047,sig:06,src:000352,op:havoc,rep:16 differ diff --git a/tests/afl/id:000048,sig:11,src:000352,op:havoc,rep:4 b/tests/afl/id:000048,sig:11,src:000352,op:havoc,rep:4 new file mode 100644 index 0000000..0c65a40 Binary files /dev/null and b/tests/afl/id:000048,sig:11,src:000352,op:havoc,rep:4 differ diff --git a/tests/afl/id:000049,sig:11,src:000352,op:havoc,rep:16 b/tests/afl/id:000049,sig:11,src:000352,op:havoc,rep:16 new file mode 100644 index 0000000..e526848 Binary files /dev/null and b/tests/afl/id:000049,sig:11,src:000352,op:havoc,rep:16 differ diff --git a/tests/afl/id:000050,sig:11,src:000352,op:havoc,rep:8 b/tests/afl/id:000050,sig:11,src:000352,op:havoc,rep:8 new file mode 100644 index 0000000..0c19516 Binary files /dev/null and b/tests/afl/id:000050,sig:11,src:000352,op:havoc,rep:8 differ diff --git a/tests/afl/id:000051,sig:11,src:000352,op:havoc,rep:64 b/tests/afl/id:000051,sig:11,src:000352,op:havoc,rep:64 new file mode 100644 index 0000000..0435b49 Binary files /dev/null and b/tests/afl/id:000051,sig:11,src:000352,op:havoc,rep:64 differ diff --git a/tests/afl/id:000052,sig:11,src:000352,op:havoc,rep:16 b/tests/afl/id:000052,sig:11,src:000352,op:havoc,rep:16 new file mode 100644 index 0000000..8628a0b Binary files /dev/null and b/tests/afl/id:000052,sig:11,src:000352,op:havoc,rep:16 differ diff --git a/tests/afl/id:000053,sig:11,src:000352,op:havoc,rep:16 b/tests/afl/id:000053,sig:11,src:000352,op:havoc,rep:16 new file mode 100644 index 0000000..90da4b1 Binary files /dev/null and b/tests/afl/id:000053,sig:11,src:000352,op:havoc,rep:16 differ diff --git a/tests/afl/id:000054,sig:06,src:000352,op:havoc,rep:64 b/tests/afl/id:000054,sig:06,src:000352,op:havoc,rep:64 new file mode 100644 index 0000000..63ab32a Binary files /dev/null and b/tests/afl/id:000054,sig:06,src:000352,op:havoc,rep:64 differ diff --git a/tests/afl/id:000055,sig:11,src:000352,op:havoc,rep:32 b/tests/afl/id:000055,sig:11,src:000352,op:havoc,rep:32 new file mode 100644 index 0000000..285ff73 Binary files /dev/null and b/tests/afl/id:000055,sig:11,src:000352,op:havoc,rep:32 differ diff --git a/tests/afl/id:000056,sig:06,src:000352,op:havoc,rep:64 b/tests/afl/id:000056,sig:06,src:000352,op:havoc,rep:64 new file mode 100644 index 0000000..329f32a Binary files /dev/null and b/tests/afl/id:000056,sig:06,src:000352,op:havoc,rep:64 differ diff --git a/tests/afl/id:000057,sig:11,src:000382,op:havoc,rep:32 b/tests/afl/id:000057,sig:11,src:000382,op:havoc,rep:32 new file mode 100644 index 0000000..d8f6433 Binary files /dev/null and b/tests/afl/id:000057,sig:11,src:000382,op:havoc,rep:32 differ diff --git a/tests/afl/id:000058,sig:11,src:000382,op:havoc,rep:32 b/tests/afl/id:000058,sig:11,src:000382,op:havoc,rep:32 new file mode 100644 index 0000000..730b4c5 Binary files /dev/null and b/tests/afl/id:000058,sig:11,src:000382,op:havoc,rep:32 differ diff --git a/tests/afl/id:000059,sig:06,src:000406,op:havoc,rep:8 b/tests/afl/id:000059,sig:06,src:000406,op:havoc,rep:8 new file mode 100644 index 0000000..8e775c2 Binary files /dev/null and b/tests/afl/id:000059,sig:06,src:000406,op:havoc,rep:8 differ diff --git a/tests/afl/id:000060,sig:11,src:000408,op:havoc,rep:32 b/tests/afl/id:000060,sig:11,src:000408,op:havoc,rep:32 new file mode 100644 index 0000000..c392671 Binary files /dev/null and b/tests/afl/id:000060,sig:11,src:000408,op:havoc,rep:32 differ diff --git a/tests/afl/id:000061,sig:11,src:000449,op:havoc,rep:64 b/tests/afl/id:000061,sig:11,src:000449,op:havoc,rep:64 new file mode 100644 index 0000000..cf5dddc Binary files /dev/null and b/tests/afl/id:000061,sig:11,src:000449,op:havoc,rep:64 differ diff --git a/tests/afl/id:000062,sig:06,src:000465,op:havoc,rep:16 b/tests/afl/id:000062,sig:06,src:000465,op:havoc,rep:16 new file mode 100644 index 0000000..09ca5fc Binary files /dev/null and b/tests/afl/id:000062,sig:06,src:000465,op:havoc,rep:16 differ diff --git a/tests/afl/id:000063,sig:06,src:000465,op:havoc,rep:64 b/tests/afl/id:000063,sig:06,src:000465,op:havoc,rep:64 new file mode 100644 index 0000000..9601f4b Binary files /dev/null and b/tests/afl/id:000063,sig:06,src:000465,op:havoc,rep:64 differ diff --git a/tests/afl/id:000064,sig:06,src:000478,op:havoc,rep:64 b/tests/afl/id:000064,sig:06,src:000478,op:havoc,rep:64 new file mode 100644 index 0000000..d08b6cf Binary files /dev/null and b/tests/afl/id:000064,sig:06,src:000478,op:havoc,rep:64 differ diff --git a/tests/afl/id:000065,sig:06,src:000478,op:havoc,rep:32 b/tests/afl/id:000065,sig:06,src:000478,op:havoc,rep:32 new file mode 100644 index 0000000..c264642 Binary files /dev/null and b/tests/afl/id:000065,sig:06,src:000478,op:havoc,rep:32 differ diff --git a/tests/afl/id:000066,sig:11,src:000515,op:havoc,rep:4 b/tests/afl/id:000066,sig:11,src:000515,op:havoc,rep:4 new file mode 100644 index 0000000..9e3b2ce Binary files /dev/null and b/tests/afl/id:000066,sig:11,src:000515,op:havoc,rep:4 differ diff --git a/tests/afl/id:000067,sig:11,src:000518,op:havoc,rep:8 b/tests/afl/id:000067,sig:11,src:000518,op:havoc,rep:8 new file mode 100644 index 0000000..411ab4f Binary files /dev/null and b/tests/afl/id:000067,sig:11,src:000518,op:havoc,rep:8 differ diff --git a/tests/afl/id:000068,sig:06,src:000532,op:havoc,rep:8 b/tests/afl/id:000068,sig:06,src:000532,op:havoc,rep:8 new file mode 100644 index 0000000..731f5e6 Binary files /dev/null and b/tests/afl/id:000068,sig:06,src:000532,op:havoc,rep:8 differ diff --git a/tests/afl/id:000069,sig:06,src:000532,op:havoc,rep:64 b/tests/afl/id:000069,sig:06,src:000532,op:havoc,rep:64 new file mode 100644 index 0000000..4f76f88 Binary files /dev/null and b/tests/afl/id:000069,sig:06,src:000532,op:havoc,rep:64 differ diff --git a/tests/afl/id:000070,sig:06,src:000557,op:havoc,rep:16 b/tests/afl/id:000070,sig:06,src:000557,op:havoc,rep:16 new file mode 100644 index 0000000..7e97b7e Binary files /dev/null and b/tests/afl/id:000070,sig:06,src:000557,op:havoc,rep:16 differ diff --git a/tests/afl/id:000071,sig:11,src:000570,op:havoc,rep:32 b/tests/afl/id:000071,sig:11,src:000570,op:havoc,rep:32 new file mode 100644 index 0000000..c90f1c1 Binary files /dev/null and b/tests/afl/id:000071,sig:11,src:000570,op:havoc,rep:32 differ diff --git a/tests/afl/id:000072,sig:06,src:000584,op:havoc,rep:16 b/tests/afl/id:000072,sig:06,src:000584,op:havoc,rep:16 new file mode 100644 index 0000000..ee3843a Binary files /dev/null and b/tests/afl/id:000072,sig:06,src:000584,op:havoc,rep:16 differ diff --git a/tests/afl/id:000073,sig:06,src:000584,op:havoc,rep:32 b/tests/afl/id:000073,sig:06,src:000584,op:havoc,rep:32 new file mode 100644 index 0000000..489001f Binary files /dev/null and b/tests/afl/id:000073,sig:06,src:000584,op:havoc,rep:32 differ diff --git a/tests/afl/id:000074,sig:06,src:000584,op:havoc,rep:32 b/tests/afl/id:000074,sig:06,src:000584,op:havoc,rep:32 new file mode 100644 index 0000000..55f8912 Binary files /dev/null and b/tests/afl/id:000074,sig:06,src:000584,op:havoc,rep:32 differ diff --git a/tests/afl/id:000075,sig:06,src:000584,op:havoc,rep:2 b/tests/afl/id:000075,sig:06,src:000584,op:havoc,rep:2 new file mode 100644 index 0000000..de302ca Binary files /dev/null and b/tests/afl/id:000075,sig:06,src:000584,op:havoc,rep:2 differ diff --git a/tests/afl/id:000076,sig:06,src:000602,op:ext_AO,pos:117 b/tests/afl/id:000076,sig:06,src:000602,op:ext_AO,pos:117 new file mode 100644 index 0000000..151e314 Binary files /dev/null and b/tests/afl/id:000076,sig:06,src:000602,op:ext_AO,pos:117 differ diff --git a/tests/afl/id:000077,sig:06,src:000602,op:havoc,rep:64 b/tests/afl/id:000077,sig:06,src:000602,op:havoc,rep:64 new file mode 100644 index 0000000..971e950 Binary files /dev/null and b/tests/afl/id:000077,sig:06,src:000602,op:havoc,rep:64 differ diff --git a/tests/afl/id:000078,sig:06,src:000602,op:havoc,rep:16 b/tests/afl/id:000078,sig:06,src:000602,op:havoc,rep:16 new file mode 100644 index 0000000..0ede1fd Binary files /dev/null and b/tests/afl/id:000078,sig:06,src:000602,op:havoc,rep:16 differ diff --git a/tests/tester.cc b/tests/tester.cc index d5d83c6..fd5a90f 100644 --- a/tests/tester.cc +++ b/tests/tester.cc @@ -751,6 +751,31 @@ TEST_CASE("smoothing-group", "[Issue162]") { } +// Fuzzer test. +// Just check if it does not crash. + +TEST_CASE("afl000000", "[AFL]") { + tinyobj::attrib_t attrib; + std::vector shapes; + std::vector materials; + + std::string err; + bool ret = tinyobj::LoadObj(&attrib, &shapes, &materials, &err, "./afl/id:000000,sig:11,src:000000,op:havoc,rep:128", gMtlBasePath); + + REQUIRE(true == ret); +} + +TEST_CASE("afl000001", "[AFL]") { + tinyobj::attrib_t attrib; + std::vector shapes; + std::vector materials; + + std::string err; + bool ret = tinyobj::LoadObj(&attrib, &shapes, &materials, &err, "./afl/id:000001,sig:11,src:000000,op:havoc,rep:64", gMtlBasePath); + + REQUIRE(true == ret); +} + #if 0 int main( diff --git a/tiny_obj_loader.h b/tiny_obj_loader.h index ac1421e..f1e14eb 100644 --- a/tiny_obj_loader.h +++ b/tiny_obj_loader.h @@ -23,6 +23,7 @@ THE SOFTWARE. */ // +// version 1.2.0 : Hardened implementation(#xxx) // version 1.1.1 : Support smoothing groups(#162) // version 1.1.0 : Support parsing vertex color(#144) // version 1.0.8 : Fix parsing `g` tag just after `usemtl`(#138) @@ -1023,12 +1024,17 @@ static bool exportFaceGroupToShape(shape_t *shape, for (size_t i = 0; i < faceGroup.size(); i++) { const face_t &face = faceGroup[i]; + size_t npolys = face.vertex_indices.size(); + + if (npolys < 3) { + // ??? Invalid face definition. + continue; + } + vertex_index_t i0 = face.vertex_indices[0]; vertex_index_t i1(-1); vertex_index_t i2 = face.vertex_indices[1]; - size_t npolys = face.vertex_indices.size(); - if (triangulate) { // find the two axes to work in size_t axes[2] = {1, 2}; @@ -1039,6 +1045,14 @@ static bool exportFaceGroupToShape(shape_t *shape, size_t vi0 = size_t(i0.v_idx); size_t vi1 = size_t(i1.v_idx); size_t vi2 = size_t(i2.v_idx); + + if (((3 * vi0 + 2) >= v.size()) || + ((3 * vi1 + 2) >= v.size()) || + ((3 * vi2 + 2) >= v.size())) { + // Invalid triangle. + // FIXME(syoyo): Is it ok to simply skip this invalid triangle? + continue; + } real_t v0x = v[vi0 * 3 + 0]; real_t v0y = v[vi0 * 3 + 1]; real_t v0z = v[vi0 * 3 + 2]; @@ -1075,6 +1089,13 @@ static bool exportFaceGroupToShape(shape_t *shape, i1 = face.vertex_indices[(k + 1) % npolys]; size_t vi0 = size_t(i0.v_idx); size_t vi1 = size_t(i1.v_idx); + if (((vi0 * 3 + axes[0]) >= v.size()) || + ((vi0 * 3 + axes[1]) >= v.size()) || + ((vi1 * 3 + axes[0]) >= v.size()) || + ((vi1 * 3 + axes[1]) >= v.size())) { + // Invalid index. + continue; + } real_t v0x = v[vi0 * 3 + axes[0]]; real_t v0y = v[vi0 * 3 + axes[1]]; real_t v1x = v[vi1 * 3 + axes[0]]; @@ -1099,8 +1120,15 @@ static bool exportFaceGroupToShape(shape_t *shape, for (size_t k = 0; k < 3; k++) { ind[k] = remainingFace.vertex_indices[(guess_vert + k) % npolys]; size_t vi = size_t(ind[k].v_idx); - vx[k] = v[vi * 3 + axes[0]]; - vy[k] = v[vi * 3 + axes[1]]; + if (((vi * 3 + axes[0]) >= v.size()) || + ((vi * 3 + axes[1]) >= v.size())) { + // ??? + vx[k] = static_cast(0.0); + vy[k] = static_cast(0.0); + } else { + vx[k] = v[vi * 3 + axes[0]]; + vy[k] = v[vi * 3 + axes[1]]; + } } real_t e0x = vx[1] - vx[0]; real_t e0y = vy[1] - vy[0]; @@ -1116,9 +1144,22 @@ static bool exportFaceGroupToShape(shape_t *shape, // check all other verts in case they are inside this triangle bool overlap = false; for (size_t otherVert = 3; otherVert < npolys; ++otherVert) { + size_t idx = (guess_vert + otherVert) % npolys; + + if (idx >= remainingFace.vertex_indices.size()) { + // ??? + continue; + } + size_t ovi = size_t( - remainingFace.vertex_indices[(guess_vert + otherVert) % npolys] + remainingFace.vertex_indices[idx] .v_idx); + + if (((ovi * 3 + axes[0]) >= v.size()) || + ((ovi * 3 + axes[1]) >= v.size())) { + // ??? + continue; + } real_t tx = v[ovi * 3 + axes[0]]; real_t ty = v[ovi * 3 + axes[1]]; if (pnpoly(3, vx, vy, tx, ty)) { @@ -1959,6 +2000,18 @@ bool LoadObj(attrib_t *attrib, std::vector *shapes, tag_sizes ts = parseTagTriple(&token); + if (ts.num_ints < 0) { + ts.num_ints = 0; + } + + if (ts.num_reals < 0) { + ts.num_reals = 0; + } + + if (ts.num_strings < 0) { + ts.num_strings = 0; + } + tag.intValues.resize(static_cast(ts.num_ints)); for (size_t i = 0; i < static_cast(ts.num_ints); ++i) {