Initial fuzzing support with libfuzzer

CMakeLists.txt

@@ -91,6 +91,14 @@ if (USE_STATIC_LIBRARIES)
     list(REVERSE CMAKE_FIND_LIBRARY_SUFFIXES)
 endif ()
 
+option (ENABLE_FUZZING "Enables fuzzing instrumentation" OFF)
+
+if (ENABLE_FUZZING)
+    message (STATUS "Fuzzing instrumentation enabled")
+    set (WITH_COVERAGE ON)
+    set (SANITIZE "libfuzzer")
+endif()
+
 include (cmake/sanitize.cmake)
 
 

cmake/sanitize.cmake

@@ -42,6 +42,17 @@ if (SANITIZE)
         if (MAKE_STATIC_LIBRARIES AND CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
             set (CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -static-libubsan")
         endif ()
+
+    elseif (SANITIZE STREQUAL "libfuzzer")
+        set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${SAN_FLAGS} -fsanitize=fuzzer-no-link,address,signed-integer-overflow -fsanitize-address-use-after-scope")
+        set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${SAN_FLAGS} -fsanitize=fuzzer-no-link,address,signed-integer-overflow -fsanitize-address-use-after-scope")
+        if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
+            set (CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=fuzzer-no-link,address,signed-integer-overflow -fsanitize-address-use-after-scope")
+        endif()
+        if (MAKE_STATIC_LIBRARIES AND CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
+            set (CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -static-libasan")
+        endif ()
+        set (LIBFUZZER_CMAKE_CXX_FLAGS "-fsanitize=fuzzer,address,signed-integer-overflow -fsanitize-address-use-after-scope")
     else ()
         message (FATAL_ERROR "Unknown sanitizer type: ${SANITIZE}")
     endif ()

dbms/src/Compression/tests/CMakeLists.txt

@@ -3,3 +3,9 @@ target_link_libraries (compressed_buffer PRIVATE dbms)
 
 add_executable (cached_compressed_read_buffer cached_compressed_read_buffer.cpp)
 target_link_libraries (cached_compressed_read_buffer PRIVATE dbms)
+
+if (ENABLE_FUZZING)
+    add_executable (compressed_buffer_fuzz compressed_buffer_fuzz.cpp)
+    target_link_libraries (compressed_buffer_fuzz PRIVATE dbms)
+    set_target_properties(compressed_buffer_fuzz PROPERTIES LINK_FLAGS ${LIBFUZZER_CMAKE_CXX_FLAGS})
+endif ()

dbms/src/Compression/tests/compressed_buffer_fuzz.cpp

@@ -0,0 +1,32 @@
+#include <string>
+
+#include <iostream>
+#include <sstream>
+#include <fstream>
+#include <iomanip>
+
+#include <Core/Types.h>
+#include <Common/Stopwatch.h>
+#include <IO/WriteBufferFromFile.h>
+#include <IO/ReadBufferFromFile.h>
+#include <IO/ReadBufferFromString.h>
+#include <Compression/CompressedWriteBuffer.h>
+#include <Compression/CompressedReadBuffer.h>
+#include <IO/WriteHelpers.h>
+#include <IO/ReadHelpers.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    try {
+        std::string Str(reinterpret_cast<const char *>(data), size);
+
+        DB::ReadBufferFromString from(Str);
+        DB::CompressedReadBuffer in{from};
+    }
+    catch (const DB::Exception & e)
+    {
+        std::cerr << e.what() << ", " << e.displayText() << std::endl;
+        return 1;
+    }
+
+    return 0;
+}

release

@@ -87,6 +87,9 @@ then
     elif [[ "$SANITIZER" == "thread" ]]; then VERSION_POSTFIX+="+tsan"
     elif [[ "$SANITIZER" == "memory" ]]; then VERSION_POSTFIX+="+msan"
     elif [[ "$SANITIZER" == "undefined" ]]; then VERSION_POSTFIX+="+ubsan"
+    elif [[ "$SANITIZER" == "libfuzzer" ]]; then
+        VERSION_POSTFIX+="+libfuzzer"
+        MALLOC_OPTS="-DENABLE_TCMALLOC=0 -DENABLE_JEMALLOC=0"
     else
         echo "Unknown value of SANITIZER variable: $SANITIZER"
         exit 3