From 5e8ae45c4df558747ae45ee42396bab6da2b3710 Mon Sep 17 00:00:00 2001
From: mayhem-bot <servicebots@forallsecure.com>
Date: Fri, 3 Jun 2022 10:34:52 -0400
Subject: [PATCH] Mayhem support

---
 .../vlc-demux-dec-libfuzzer-mayhem.yml        | 55 +++++++++++++++++++
 mayhem/Dockerfile                             | 25 +++++++++
 mayhem/Dockerfile.dockerignore                |  0
 mayhem/build.sh                               | 53 ++++++++++++++++++
 mayhem/vlc-demux-dec-libfuzzer.mayhemfile     |  4 ++
 5 files changed, 137 insertions(+)
 create mode 100644 .github/workflows/vlc-demux-dec-libfuzzer-mayhem.yml
 create mode 100644 mayhem/Dockerfile
 create mode 100644 mayhem/Dockerfile.dockerignore
 create mode 100755 mayhem/build.sh
 create mode 100644 mayhem/vlc-demux-dec-libfuzzer.mayhemfile

diff --git a/.github/workflows/vlc-demux-dec-libfuzzer-mayhem.yml b/.github/workflows/vlc-demux-dec-libfuzzer-mayhem.yml
new file mode 100644
index 000000000000..f6e867e730cd
--- /dev/null
+++ b/.github/workflows/vlc-demux-dec-libfuzzer-mayhem.yml
@@ -0,0 +1,55 @@
+name: Mayhem
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+  workflow_call:
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+jobs:
+  build:
+    name: ${{ matrix.os }} shared=${{ matrix.shared }} ${{ matrix.build_type }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        shared: [false]
+        build_type: [Release]
+        include:
+        - os: ubuntu-latest
+          triplet: x64-linux
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        submodules: recursive
+    - name: Log in to the Container registry
+      uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+    - name: Build and push Docker image
+      uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+      with:
+        context: .
+        file: mayhem/Dockerfile
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+    - name: Start analysis
+      uses: forallsecure/mcode-action@v1
+      with:
+        mayhem-token: ${{ secrets.MAYHEM_TOKEN }}
+        args: --image ${{ steps.meta.outputs.tags }} --cmd /out/vlc-demux-dec-libfuzzer
+          --target vlc-demux-dec-libfuzzer --file mayhem/vlc-demux-dec-libfuzzer.mayhemfile
+        sarif-output: sarif
+    - name: Upload SARIF file(s)
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: sarif
diff --git a/mayhem/Dockerfile b/mayhem/Dockerfile
new file mode 100644
index 000000000000..dd972342a8b3
--- /dev/null
+++ b/mayhem/Dockerfile
@@ -0,0 +1,25 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config cmake flex bison gettext libglu1-mesa-dev
+COPY . vlc
+RUN rm -rf vlc/mayhem
+WORKDIR vlc
+COPY mayhem/build.sh $SRC/
+
+ENV FUZZING_LANGUAGE=c SANITIZER=address
+RUN compile
\ No newline at end of file
diff --git a/mayhem/Dockerfile.dockerignore b/mayhem/Dockerfile.dockerignore
new file mode 100644
index 000000000000..e69de29bb2d1
diff --git a/mayhem/build.sh b/mayhem/build.sh
new file mode 100755
index 000000000000..8eb7053a1d62
--- /dev/null
+++ b/mayhem/build.sh
@@ -0,0 +1,53 @@
+#!/bin/bash -eu
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Use OSS-Fuzz environment rather than hardcoded setup.
+sed -i 's/-fsanitize-coverage=trace-pc-guard//g' ./configure.ac
+sed -i 's/-fsanitize-coverage=trace-cmp//g' ./configure.ac
+sed -i 's/-fsanitize-coverage=trace-pc//g' ./configure.ac
+sed -i 's/-lFuzzer//g'  ./configure.ac
+
+# In order to build statically we avoid libxml and ogg plugins.
+sed -i 's/..\/..\/lib\/libvlc_internal.h/lib\/libvlc_internal.h/g' ./test/src/input/decoder.c
+sed -i 's/..\/modules\/libxml_plugin.la//g' ./test/Makefile.am
+sed -i 's/..\/modules\/libogg_plugin.la//g' ./test/Makefile.am
+sed -i 's/f(misc_xml_xml)//g' ./test/src/input/demux-run.c
+sed -i 's/f(demux_ogg)//g' ./test/src/input/demux-run.c
+
+# Ensure that we compile with the correct link flags.
+RULE="vlc_demux_libfuzzer_LDADD"
+FUZZ_LDFLAGS="vlc_demux_libfuzzer_LDFLAGS=\${LIB_FUZZING_ENGINE}"
+sed -i "s/${RULE}/${FUZZ_LDFLAGS}\n${RULE}/g" ./test/Makefile.am
+
+RULE="vlc_demux_dec_libfuzzer_LDADD"
+FUZZ_LDFLAGS="vlc_demux_dec_libfuzzer_LDFLAGS=\${LIB_FUZZING_ENGINE}"
+sed -i "s/${RULE}/${FUZZ_LDFLAGS}\n${RULE}/g" ./test/Makefile.am
+
+./bootstrap
+./configure --disable-ogg --disable-oggspots --disable-libxml2 --disable-lua \
+            --disable-shared \
+            --enable-static \
+            --enable-vlc=no \
+            --disable-avcodec \
+            --disable-swscale \
+            --disable-a52 \
+            --disable-xcb \
+            --disable-alsa \
+            --with-libfuzzer
+make V=1 -j$(nproc)
+cp ./test/vlc-demux-dec-libfuzzer $OUT/
+cp ./test/vlc-demux-libfuzzer $OUT/
diff --git a/mayhem/vlc-demux-dec-libfuzzer.mayhemfile b/mayhem/vlc-demux-dec-libfuzzer.mayhemfile
new file mode 100644
index 000000000000..bf244d895cd2
--- /dev/null
+++ b/mayhem/vlc-demux-dec-libfuzzer.mayhemfile
@@ -0,0 +1,4 @@
+project: PROJECT
+target: vlc-demux-dec-libfuzzer
+cmds:
+- cmd: /out/vlc-demux-dec-libfuzzer