Import Upstream version 2.72.4

fuzzing/README.md

@@ -0,0 +1,51 @@
+Fuzz targets used by [oss-fuzz](https://github.com/google/oss-fuzz/).
+
+Useful links: [Dashboard](https://oss-fuzz.com/) _(requires access)_, [Build logs](https://oss-fuzz-build-logs.storage.googleapis.com/index.html), [Coverage](https://oss-fuzz.com/coverage-report/job/libfuzzer_asan_glib/latest)
+
+## How to add new targets
+
+Add **fuzz_target_name.c** and edit `meson.build` accordingly.
+
+New targets are picked up by oss-fuzz automatically within a day. Targets must not be renamed once added.
+
+Add (optional) **fuzz_target_name.dict** containing keywords and magic bytes.
+
+Add (optional) **fuzz_target_name.corpus** with file names on separate lines. Wildcards `?`, `*` and `**` are supported. Examples below.
+
+```bash
+glib/*  # all files in directory glib
+glib/** # all files in directory glib and sub-directories
+**.xbel # all files ending with .xbel in the repository
+```
+
+Recommended reading: [Fuzz Target](https://llvm.org/docs/LibFuzzer.html#fuzz-target), [Dictionaries](https://llvm.org/docs/LibFuzzer.html#dictionaries), [Corpus](https://llvm.org/docs/LibFuzzer.html#corpus)
+
+## How to reproduce oss-fuzz bugs locally
+
+Build with at least the following flags, choosing a sanitizer as needed. A somewhat recent version of [clang](http://clang.llvm.org/) is recommended.
+
+```bash
+$ CC=clang CXX=clang++ meson DIR -Db_sanitize=<address|undefined> -Db_lundef=false
+```
+
+Afterwards run the affected target against the provided test case.
+
+```bash
+$ DIR/fuzzing/fuzz_target_name FILE
+```
+
+#### FAQs
+
+###### What about Memory Sanitizer (MSAN)?
+
+Correct MSAN instrumentation is [difficult to achieve](https://clang.llvm.org/docs/MemorySanitizer.html#handling-external-code) locally, so false positives are very likely to mask the actual bug.
+
+If need be, [you can still reproduce](https://google.github.io/oss-fuzz/advanced-topics/reproducing/#building-using-docker) those bugs with the oss-fuzz provided docker images.
+
+###### There are no file/function names in the stack trace.
+
+`llvm-symbolizer` must be in `PATH`.
+
+###### UndefinedBehavior Sanitizer (UBSAN) doesn't provide a stack trace.
+
+Set environment variable `UBSAN_OPTIONS` to `print_stacktrace=1` prior to running the target.

fuzzing/driver.c

@@ -0,0 +1,36 @@
+/* Simpler gnu89 version of StandaloneFuzzTargetMain.c from LLVM */
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+extern int LLVMFuzzerTestOneInput (const unsigned char *data, size_t size);
+
+int
+main (int argc, char **argv)
+{
+  FILE *f;
+  long tell_result;
+  size_t n_read, len;
+  unsigned char *buf;
+
+  if (argc < 2)
+    return 1;
+
+  f = fopen (argv[1], "r");
+  assert (f);
+  fseek (f, 0, SEEK_END);
+  tell_result = ftell (f);
+  assert (tell_result >= 0);
+  len = (size_t) tell_result;
+  fseek (f, 0, SEEK_SET);
+  buf = (unsigned char*) malloc (len);
+  n_read = fread (buf, 1, len, f);
+  assert (n_read == len);
+  LLVMFuzzerTestOneInput (buf, len);
+
+  free (buf);
+  fclose (f);
+  printf ("Done!\n");
+  return 0;
+}

fuzzing/fuzz.h

@@ -0,0 +1,22 @@
+#include "gio/gio.h"
+#include "glib/glib.h"
+
+int LLVMFuzzerTestOneInput (const unsigned char *data, size_t size);
+
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+static GLogWriterOutput
+empty_logging_func (GLogLevelFlags log_level, const GLogField *fields,
+                    gsize n_fields, gpointer user_data)
+{
+  return G_LOG_WRITER_HANDLED;
+}
+#endif
+
+/* Disables logging for oss-fuzz. Must be used with each target. */
+static void
+fuzz_set_logging_func (void)
+{
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+  g_log_set_writer_func (empty_logging_func, NULL, NULL);
+#endif
+}

fuzzing/fuzz_bookmark.c

@@ -0,0 +1,15 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  GBookmarkFile *bookmark = NULL;
+
+  fuzz_set_logging_func ();
+
+  bookmark = g_bookmark_file_new ();
+  g_bookmark_file_load_from_data (bookmark, (const gchar*) data, size, NULL);
+
+  g_bookmark_file_free (bookmark);
+  return 0;
+}

fuzzing/fuzz_bookmark.corpus

@@ -0,0 +1 @@
+glib/tests/**.xbel

fuzzing/fuzz_canonicalize_filename.c

@@ -0,0 +1,19 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  gchar *canonicalized = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (g_canonicalize_filename() doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  canonicalized = g_canonicalize_filename ((const gchar *) nul_terminated_data, "/");
+  g_free (nul_terminated_data);
+
+  g_free (canonicalized);
+
+  return 0;
+}

fuzzing/fuzz_date_parse.c

@@ -0,0 +1,19 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  GDate *date = g_date_new ();
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (g_date_set_parse() doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  g_date_set_parse (date, (const gchar *) nul_terminated_data);
+  g_free (nul_terminated_data);
+
+  g_date_free (date);
+
+  return 0;
+}

fuzzing/fuzz_date_time_new_from_iso8601.c

@@ -0,0 +1,25 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  GDateTime *dt = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (the function doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  dt = g_date_time_new_from_iso8601 ((const gchar *) nul_terminated_data, NULL);
+  g_free (nul_terminated_data);
+
+  if (dt != NULL)
+    {
+      gchar *text = g_date_time_format_iso8601 (dt);
+      g_free (text);
+    }
+
+  g_clear_pointer (&dt, g_date_time_unref);
+
+  return 0;
+}

fuzzing/fuzz_dbus_message.c

@@ -0,0 +1,28 @@
+#include "fuzz.h"
+
+static const GDBusCapabilityFlags flags = G_DBUS_CAPABILITY_FLAGS_UNIX_FD_PASSING;
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  gssize bytes;
+  GDBusMessage *msg = NULL;
+  guchar *blob = NULL;
+  gsize msg_size;
+
+  fuzz_set_logging_func ();
+
+  bytes = g_dbus_message_bytes_needed ((guchar*) data, size, NULL);
+  if (bytes <= 0)
+    return 0;
+
+  msg = g_dbus_message_new_from_blob ((guchar*) data, size, flags, NULL);
+  if (msg == NULL)
+    return 0;
+
+  blob = g_dbus_message_to_blob (msg, &msg_size, flags, NULL);
+
+  g_free (blob);
+  g_object_unref (msg);
+  return 0;
+}

fuzzing/fuzz_inet_address_mask_new_from_string.c

@@ -0,0 +1,25 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  GInetAddressMask *mask = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (the function doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  mask = g_inet_address_mask_new_from_string ((const gchar *) nul_terminated_data, NULL);
+  g_free (nul_terminated_data);
+
+  if (mask != NULL)
+    {
+      gchar *text = g_inet_address_mask_to_string (mask);
+      g_free (text);
+    }
+
+  g_clear_object (&mask);
+
+  return 0;
+}

fuzzing/fuzz_inet_address_new_from_string.c

@@ -0,0 +1,25 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  GInetAddress *addr = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (the function doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  addr = g_inet_address_new_from_string ((const gchar *) nul_terminated_data);
+  g_free (nul_terminated_data);
+
+  if (addr != NULL)
+    {
+      gchar *text = g_inet_address_to_string (addr);
+      g_free (text);
+    }
+
+  g_clear_object (&addr);
+
+  return 0;
+}

fuzzing/fuzz_inet_socket_address_new_from_string.c

@@ -0,0 +1,25 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  GSocketAddress *addr = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (the function doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  addr = g_inet_socket_address_new_from_string ((const gchar *) nul_terminated_data, 1);
+  g_free (nul_terminated_data);
+
+  if (addr != NULL)
+    {
+      gchar *text = g_socket_connectable_to_string (G_SOCKET_CONNECTABLE (addr));
+      g_free (text);
+    }
+
+  g_clear_object (&addr);
+
+  return 0;
+}

fuzzing/fuzz_key.c

@@ -0,0 +1,27 @@
+#include "fuzz.h"
+
+static void
+test_parse (const gchar   *data,
+            size_t         size,
+            GKeyFileFlags  flags)
+{
+  GKeyFile *key = NULL;
+
+  key = g_key_file_new ();
+  g_key_file_load_from_data (key, (const gchar*) data, size, G_KEY_FILE_NONE,
+                             NULL);
+
+  g_key_file_free (key);
+}
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  fuzz_set_logging_func ();
+
+  test_parse ((const gchar *) data, size, G_KEY_FILE_NONE);
+  test_parse ((const gchar *) data, size, G_KEY_FILE_KEEP_COMMENTS);
+  test_parse ((const gchar *) data, size, G_KEY_FILE_KEEP_TRANSLATIONS);
+
+  return 0;
+}

fuzzing/fuzz_key.corpus

@@ -0,0 +1,2 @@
+glib/tests/**.ini
+gio/tests/**.desktop

fuzzing/fuzz_network_address_parse.c

@@ -0,0 +1,25 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  GSocketConnectable *connectable = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (g_network_address_parse() doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  connectable = g_network_address_parse ((const gchar *) nul_terminated_data, 1, NULL);
+  g_free (nul_terminated_data);
+
+  if (connectable != NULL)
+    {
+      gchar *text = g_socket_connectable_to_string (connectable);
+      g_free (text);
+    }
+
+  g_clear_object (&connectable);
+
+  return 0;
+}

fuzzing/fuzz_network_address_parse_uri.c

@@ -0,0 +1,25 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  GSocketConnectable *connectable = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (g_network_address_parse_uri() doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  connectable = g_network_address_parse_uri ((const gchar *) nul_terminated_data, 1, NULL);
+  g_free (nul_terminated_data);
+
+  if (connectable != NULL)
+    {
+      gchar *text = g_socket_connectable_to_string (connectable);
+      g_free (text);
+    }
+
+  g_clear_object (&connectable);
+
+  return 0;
+}

fuzzing/fuzz_paths.c

@@ -0,0 +1,32 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+  const gchar *skipped_root G_GNUC_UNUSED  /* when compiling with G_DISABLE_ASSERT */;
+  gchar *basename = NULL, *dirname = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (none of the functions support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+
+  g_path_is_absolute ((const gchar *) nul_terminated_data);
+
+  skipped_root = g_path_skip_root ((const gchar *) nul_terminated_data);
+  g_assert (skipped_root == NULL || skipped_root >= (const gchar *) nul_terminated_data);
+  g_assert (skipped_root == NULL || skipped_root <= (const gchar *) nul_terminated_data + size);
+
+  basename = g_path_get_basename ((const gchar *) nul_terminated_data);
+  g_assert (strcmp (basename, ".") == 0 || strlen (basename) <= size);
+
+  dirname = g_path_get_dirname ((const gchar *) nul_terminated_data);
+  g_assert (strcmp (dirname, ".") == 0 || strlen (dirname) <= size);
+
+  g_free (nul_terminated_data);
+  g_free (dirname);
+  g_free (basename);
+
+  return 0;
+}

fuzzing/fuzz_resolver.c

@@ -0,0 +1,53 @@
+#include "fuzz.h"
+#include "gio/gnetworking.h"
+
+#include "../gio/gthreadedresolver.h"
+
+static void
+test_for_rrtype (const guint8 *data,
+                 gsize         data_len,
+                 gint          rrtype)
+{
+  /* g_resolver_records_from_res_query() is only available on Unix */
+#ifdef G_OS_UNIX
+  GList *record_list = NULL;
+
+  /* Data too long? */
+  if (data_len > G_MAXSSIZE)
+    return;
+
+  /* rrname is only used in error messages, so doesn’t need to vary.
+   * herr is used similarly, so is just set to zero. */
+  record_list = g_resolver_records_from_res_query ("rrname",
+                                                   rrtype,
+                                                   data,
+                                                   data_len,
+                                                   0,
+                                                   NULL);
+
+  g_list_free_full (record_list, (GDestroyNotify) g_variant_unref);
+#endif  /* G_OS_UNIX */
+}
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  const gint rrtypes_to_test[] =
+    {
+      /* See https://en.wikipedia.org/wiki/List_of_DNS_record_types */
+      33  /* SRV */,
+      15  /* MX */,
+      6  /* SOA */,
+      2  /* NS */,
+      16  /* TXT */,
+      999,  /* not currently a valid rrtype, to test the ‘unknown’ code path */
+    };
+  gsize i;
+
+  fuzz_set_logging_func ();
+
+  for (i = 0; i < G_N_ELEMENTS (rrtypes_to_test); i++)
+    test_for_rrtype (data, size, rrtypes_to_test[i]);
+
+  return 0;
+}

fuzzing/fuzz_uri_escape.c

@@ -0,0 +1,65 @@
+#include "fuzz.h"
+
+static void
+test_bytes (const guint8 *data,
+            gsize         size)
+{
+  GError *error = NULL;
+  GBytes *unescaped_bytes = NULL;
+  gchar *escaped_string = NULL;
+
+  if (size > G_MAXSSIZE)
+    return;
+
+  unescaped_bytes = g_uri_unescape_bytes ((const gchar *) data, (gssize) size, NULL, &error);
+  if (unescaped_bytes == NULL)
+    {
+      g_assert_nonnull (error);
+      g_clear_error (&error);
+      return;
+    }
+
+  escaped_string = g_uri_escape_bytes (g_bytes_get_data (unescaped_bytes, NULL),
+                                       g_bytes_get_size (unescaped_bytes),
+                                       NULL);
+  g_bytes_unref (unescaped_bytes);
+
+  if (escaped_string == NULL)
+    return;
+
+  g_free (escaped_string);
+}
+
+static void
+test_string (const guint8 *data,
+             gsize         size)
+{
+  gchar *unescaped_string = NULL;
+  gchar *escaped_string = NULL;
+
+  unescaped_string = g_uri_unescape_segment ((const gchar *) data, (const gchar *) data + size, NULL);
+  if (unescaped_string == NULL)
+    return;
+
+  escaped_string = g_uri_escape_string (unescaped_string, NULL, TRUE);
+  g_free (unescaped_string);
+
+  if (escaped_string == NULL)
+    return;
+
+  g_free (escaped_string);
+}
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  fuzz_set_logging_func ();
+
+  /* Bytes form */
+  test_bytes (data, size);
+
+  /* String form (doesn’t do %-decoding) */
+  test_string (data, size);
+
+  return 0;
+}

fuzzing/fuzz_uri_parse.c

@@ -0,0 +1,44 @@
+#include "fuzz.h"
+
+static void
+test_with_flags (const gchar *data,
+                 GUriFlags    flags)
+{
+  GUri *uri = NULL;
+  gchar *uri_string = NULL;
+
+  uri = g_uri_parse (data, flags, NULL);
+
+  if (uri == NULL)
+    return;
+
+  uri_string = g_uri_to_string (uri);
+  g_uri_unref (uri);
+
+  if (uri_string == NULL)
+    return;
+
+  g_free (uri_string);
+}
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  unsigned char *nul_terminated_data = NULL;
+
+  fuzz_set_logging_func ();
+
+  /* ignore @size (g_uri_parse() doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
+  test_with_flags ((const gchar *) nul_terminated_data, G_URI_FLAGS_NONE);
+  test_with_flags ((const gchar *) nul_terminated_data, G_URI_FLAGS_PARSE_RELAXED);
+  test_with_flags ((const gchar *) nul_terminated_data, G_URI_FLAGS_NON_DNS);
+  test_with_flags ((const gchar *) nul_terminated_data, G_URI_FLAGS_HAS_AUTH_PARAMS);
+  test_with_flags ((const gchar *) nul_terminated_data, G_URI_FLAGS_HAS_PASSWORD);
+  test_with_flags ((const gchar *) nul_terminated_data, G_URI_FLAGS_ENCODED_QUERY);
+  test_with_flags ((const gchar *) nul_terminated_data, G_URI_FLAGS_ENCODED_PATH);
+  test_with_flags ((const gchar *) nul_terminated_data, G_URI_FLAGS_SCHEME_NORMALIZE);
+  g_free (nul_terminated_data);
+
+  return 0;
+}

fuzzing/fuzz_uri_parse_params.c

@@ -0,0 +1,28 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  GError *error = NULL;
+  GHashTable *parsed_params = NULL;
+
+  fuzz_set_logging_func ();
+
+  if (size > G_MAXSSIZE)
+    return 0;
+
+  parsed_params = g_uri_parse_params ((const gchar *) data, (gssize) size,
+                                      "&", G_URI_PARAMS_NONE, &error);
+  if (parsed_params == NULL)
+    {
+      g_assert (error);
+      g_clear_error (&error);
+      return 0;
+    }
+
+
+  g_assert_no_error (error);
+  g_hash_table_unref (parsed_params);
+
+  return 0;
+}

fuzzing/fuzz_variant_binary.c

@@ -0,0 +1,21 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  GVariant *variant = NULL, *normal_variant = NULL;
+
+  fuzz_set_logging_func ();
+
+  variant = g_variant_new_from_data (G_VARIANT_TYPE_VARIANT, data, size, FALSE,
+                                     NULL, NULL);
+  if (variant == NULL)
+    return 0;
+
+  normal_variant = g_variant_take_ref (g_variant_get_normal_form (variant));
+  g_variant_get_data (variant);
+
+  g_variant_unref (normal_variant);
+  g_variant_unref (variant);
+  return 0;
+}

fuzzing/fuzz_variant_text.c

@@ -0,0 +1,21 @@
+#include "fuzz.h"
+
+int
+LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
+{
+  const gchar *gdata = (const gchar*) data;
+  GVariant *variant = NULL;
+  gchar *text = NULL;
+
+  fuzz_set_logging_func ();
+
+  variant = g_variant_parse (NULL, gdata, gdata + size, NULL, NULL);
+  if (variant == NULL)
+    return 0;
+
+  text = g_variant_print (variant, TRUE);
+
+  g_free (text);
+  g_variant_unref (variant);
+  return 0;
+}

fuzzing/fuzz_variant_text.dict

@@ -0,0 +1,32 @@
+"'"
+"\""
+"("
+")"
+"<"
+">"
+"["
+"]"
+"{"
+"}"
+"*"
+"?"
+"@"
+"b'"
+"b\""
+"boolean"
+"byte"
+"double"
+"false"
+"handle"
+"int16"
+"int32"
+"int64"
+"just"
+"nothing"
+"objectpath"
+"signature"
+"string"
+"true"
+"uint16"
+"uint32"
+"uint64"

fuzzing/meson.build

@@ -0,0 +1,45 @@
+fuzz_targets = [
+  'fuzz_bookmark',
+  'fuzz_canonicalize_filename',
+  'fuzz_date_parse',
+  'fuzz_date_time_new_from_iso8601',
+  'fuzz_dbus_message',
+  'fuzz_inet_address_mask_new_from_string',
+  'fuzz_inet_address_new_from_string',
+  'fuzz_inet_socket_address_new_from_string',
+  'fuzz_key',
+  'fuzz_network_address_parse',
+  'fuzz_network_address_parse_uri',
+  'fuzz_paths',
+  'fuzz_resolver',
+  'fuzz_uri_escape',
+  'fuzz_uri_parse',
+  'fuzz_uri_parse_params',
+  'fuzz_variant_binary',
+  'fuzz_variant_text',
+]
+
+deps = [libgmodule_dep, libgio_dep, libglib_dep, libgobject_dep]
+
+extra_sources = []
+extra_c_args = cc.get_supported_arguments('-Werror=unused-function')
+
+# Links in a static library provided by oss-fuzz, else a standalone driver.
+# https://google.github.io/oss-fuzz/getting-started/new-project-guide/#buildsh-script-environment
+have_fuzzing_engine = false
+if have_cxx
+  fuzzing_engine = cxx.find_library('FuzzingEngine', required : get_option('oss_fuzz'))
+  have_fuzzing_engine = fuzzing_engine.found()
+endif
+if have_fuzzing_engine
+  deps += fuzzing_engine
+else
+  extra_sources += 'driver.c'
+endif
+
+foreach target_name : fuzz_targets
+  exe = executable(target_name, [extra_sources, target_name + '.c'],
+    c_args : extra_c_args,
+    dependencies : deps,
+  )
+endforeach