From 1edc2572842c41e06b7796b69e740799c7ea9b91 Mon Sep 17 00:00:00 2001 From: Rishav Tarway Date: Thu, 19 Feb 2026 15:17:55 +0530 Subject: [PATCH 1/4] projects/go-avahi: Add README --- projects/go-avahi/README.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 projects/go-avahi/README.md diff --git a/projects/go-avahi/README.md b/projects/go-avahi/README.md new file mode 100644 index 0000000..05b650d --- /dev/null +++ b/projects/go-avahi/README.md @@ -0,0 +1,30 @@ +# Fuzzing Harness for go-avahi + +This directory contains fuzzers for the [`go-avahi`](https://github.com/OpenPrinting/go-avahi) project. + +## Fuzzers + +- `fuzz_domain.go`: Fuzzes the `DomainNormalize` function to validate the CGo boundary and `unsafe.Pointer` usage. + +## Build with OSS-Fuzz locally: +1. Clone the OSS-Fuzz repo: + +```bash +git clone https://github.com/google/oss-fuzz +``` + +2. Navigate into oss-fuzz directory: + +```bash +cd oss-fuzz +``` + +3. Build the fuzzers: +```bash +python3 infra/helper.py build_fuzzers go-avahi +``` + +4. Run the fuzzer: +```bash +python3 infra/helper.py run_fuzzer go-avahi fuzz_domain_normalize +``` From a25d22557aa178ebfe565dabd6b54b91bbcb24af Mon Sep 17 00:00:00 2001 From: Rishav Tarway Date: Thu, 19 Feb 2026 15:17:55 +0530 Subject: [PATCH 2/4] projects/go-avahi: Add OSS-Fuzz build script --- projects/go-avahi/oss_fuzz_build.sh | 43 +++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100755 projects/go-avahi/oss_fuzz_build.sh diff --git a/projects/go-avahi/oss_fuzz_build.sh b/projects/go-avahi/oss_fuzz_build.sh new file mode 100755 index 0000000..020301d --- /dev/null +++ b/projects/go-avahi/oss_fuzz_build.sh @@ -0,0 +1,43 @@ +#!/bin/bash -eu +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Copy fuzzer source into the target library tree +mkdir -p $SRC/go-avahi/fuzzer +cp $SRC/fuzzing/projects/go-avahi/fuzzer/fuzz_domain.go $SRC/go-avahi/fuzzer/ + +# Package seed corpus +mkdir -p $WORK/domain_seed_corpus +cp $SRC/fuzzing/projects/go-avahi/seeds/domain_seed_corpus/* $WORK/domain_seed_corpus/ +cd $WORK +zip -r $OUT/fuzz_domain_normalize_seed_corpus.zip domain_seed_corpus/ + +# CGo environment: use pkg-config for architecture-agnostic library resolution +export CGO_ENABLED=1 +export CGO_CFLAGS="-D_REENTRANT" +export CGO_LDFLAGS="$(pkg-config --libs avahi-client) -lpthread -lresolv" + +# Append avahi libs to CXXFLAGS so compile_native_go_fuzzer's final +# clang++ link step can resolve the C symbols from the .a archive. +export CXXFLAGS="${CXXFLAGS:-} $(pkg-config --libs avahi-client) -lpthread -lresolv" + +# Build dependencies and fuzzers +cd $SRC/go-avahi +go mod tidy +go install github.com/AdamKorcz/go-118-fuzz-build@latest +go get github.com/AdamKorcz/go-118-fuzz-build/testing + +compile_native_go_fuzzer ./fuzzer FuzzDomainNormalize fuzz_domain_normalize From 01d853067428911f0ed5ed5e8b52ea74e0d6961e Mon Sep 17 00:00:00 2001 From: Rishav Tarway Date: Thu, 19 Feb 2026 15:17:55 +0530 Subject: [PATCH 3/4] projects/go-avahi: Add FuzzDomainNormalize harness --- projects/go-avahi/fuzzer/fuzz_domain.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 projects/go-avahi/fuzzer/fuzz_domain.go diff --git a/projects/go-avahi/fuzzer/fuzz_domain.go b/projects/go-avahi/fuzzer/fuzz_domain.go new file mode 100644 index 0000000..6b9331a --- /dev/null +++ b/projects/go-avahi/fuzzer/fuzz_domain.go @@ -0,0 +1,20 @@ +/* + * Fuzz target for go-avahi's DomainNormalize function. + */ + +package fuzzer + +import ( + "testing" + + "github.com/OpenPrinting/go-avahi" +) + +func FuzzDomainNormalize(f *testing.F) { + f.Add("example.local") + f.Add("printer._ipp._tcp.local") + f.Add("My\\.Printer._ipp._tcp.local") + f.Fuzz(func(t *testing.T, data string) { + _ = avahi.DomainNormalize(data) + }) +} From bc84087ba4da93b9d433b6a72d7b9b8a194bca38 Mon Sep 17 00:00:00 2001 From: Rishav Tarway Date: Thu, 19 Feb 2026 15:17:55 +0530 Subject: [PATCH 4/4] projects/go-avahi: Add seed corpus --- projects/go-avahi/seeds/domain_seed_corpus/valid_domain | 1 + 1 file changed, 1 insertion(+) create mode 100644 projects/go-avahi/seeds/domain_seed_corpus/valid_domain diff --git a/projects/go-avahi/seeds/domain_seed_corpus/valid_domain b/projects/go-avahi/seeds/domain_seed_corpus/valid_domain new file mode 100644 index 0000000..37a6c67 --- /dev/null +++ b/projects/go-avahi/seeds/domain_seed_corpus/valid_domain @@ -0,0 +1 @@ +printer._ipp._tcp.local