From c1dea4ee507ef62b121051e34e36a9b24459ea39 Mon Sep 17 00:00:00 2001 From: Phil Turnbull Date: Mon, 26 Jun 2017 15:05:30 -0400 Subject: Add Makefile target and harness to fuzz with libFuzzer This can be run locally with `make libFuzzer` but the harness will be integrated into oss-fuzz for large-scale fuzzing. --- src/CMakeLists.txt | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'src') diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index f52ded6..3197196 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -186,3 +186,14 @@ endif() if(CMAKE_BUILD_TYPE STREQUAL "Ubsan") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=undefined") endif() + +if(CMARK_LIB_FUZZER) + set(FUZZ_HARNESS "cmark-fuzz") + add_executable(${FUZZ_HARNESS} ../test/cmark-fuzz.c ${LIBRARY_SOURCES}) + target_link_libraries(${FUZZ_HARNESS} "${CMAKE_LIB_FUZZER_PATH}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize-coverage=trace-pc-guard") + + # cmark is written in C but the libFuzzer runtime is written in C++ which + # needs to link against the C++ runtime. Explicitly link it into cmark-fuzz + set_target_properties(${FUZZ_HARNESS} PROPERTIES LINK_FLAGS "-lstdc++") +endif() -- cgit v1.2.3 From a2f1f76dc38a34d0e3d97f75d1fee527931b6e8a Mon Sep 17 00:00:00 2001 From: Phil Turnbull Date: Mon, 26 Jun 2017 15:26:56 -0400 Subject: Check for NULL pointer in get_link_type echo '[](xx:)' | ./build/src/cmark -t latex Segmentation fault: 11 --- src/latex.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/latex.c b/src/latex.c index 9bd6444..22052d7 100644 --- a/src/latex.c +++ b/src/latex.c @@ -179,6 +179,10 @@ static link_type get_link_type(cmark_node *node) { link_text = node->first_child; cmark_consolidate_text_nodes(link_text); + + if (!link_text) + return NO_LINK; + realurl = (char *)url; realurllen = (int)url_len; if (strncmp(realurl, "mailto:", 7) == 0) { -- cgit v1.2.3