fuzzshark: integrate oss-fuzz targets in CMake

The current fuzzshark target built by CMake is not usable for fuzzing.
Address this by adding a new ENABLE_FUZZER option that enables mandatory
instrumentation and libFuzzer linking options for the fuzzshark binary.

Create more CMake targets for specific fuzzing targets such as
fuzzshark_ip and fuzzshark_ip_proto-udp. These targets are not built by
default, either build individual targets or use the all-fuzzers target.

Now these binaries are not specific to oss-fuzz, so move them to a new
directory (perhaps the corpora can be added here in the future).
oss-fuzz build.sh is simplified and reuses the CMake targets.

When OSS_FUZZ is set, it will force static linking with external
libraries and limit parallel linker jobs (maybe not necessary for
Google's oss-fuzz builders, but my 8G/6c VM ran out of memory).

Change-Id: If3ba8f60ea1f5c3bd2131223050a81f9acbce05d
Reviewed-on: https://code.wireshark.org/review/30228
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>

4 files changed, 809 insertions, 0 deletions

diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
new file mode 100644
index 0000000000..c572f90c52
--- /dev/null
+++ b/fuzz/CMakeLists.txt
@@ -0,0 +1,142 @@
+# CMakeLists.txt
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+
+# List of dissectors compiled below, which should be turned off.
+# This is done to avoid single fuzzer (like IP) to call UDP protocols, which can go back to IP, and so on..
+# While doing so might find some bugs, but it's likely to be the problem for too big corpus in oss-fuzzer
+# (see: https://github.com/google/oss-fuzz/issues/1087).
+# + udplite - it's sharing most of code with UDP.
+set(FUZZ_DISABLED_DISSECTORS ip udp udplite ospf bgp dhcp json)
+
+set(FUZZ_DISSECTORS ip)
+set(FUZZ_IP_PROTO_DISSECTORS udp ospf)
+
+set(FUZZ_TCP_PORT_DISSECTORS bgp)
+# list(APPEND FUZZ_TCP_PORT_DISSECTORS bzr)     # disabled, cause of known problem.
+# list(APPEND FUZZ_TCP_PORT_DISSECTORS echo)    # disabled, too simple.
+
+set(FUZZ_UDP_PORT_DISSECTORS dns dhcp)
+# list(FUZZ_UDP_PORT_DISSECTORS bfd)            # disabled, too simple.
+
+set(FUZZ_MEDIA_TYPE_DISSECTORS json)
+
+set(fuzzshark_LIBS
+	wiretap
+	${LIBEPAN_LIBS}
+)
+if(OSS_FUZZ)
+	if("$ENV{LIB_FUZZING_ENGINE}" STREQUAL "")
+		message(FATAL_ERROR "LIB_FUZZING_ENGINE is not set!")
+	endif()
+	list(APPEND fuzzshark_LIBS $ENV{LIB_FUZZING_ENGINE})
+endif()
+set(fuzzshark_FILES
+	fuzzshark.c
+	${CMAKE_SOURCE_DIR}/version_info.c
+)
+set(FUZZ_LINK_FLAGS "${WS_LINK_FLAGS}")
+if(ENABLE_FUZZER)
+	set(FUZZ_LINK_FLAGS "${FUZZ_LINK_FLAGS} -fsanitize=fuzzer")
+endif()
+if(OSS_FUZZ)
+	# libFuzzingEngine.a is not position independent, so cannot use -pie.
+	set(FUZZ_LINK_FLAGS "${FUZZ_LINK_FLAGS} -no-pie")
+endif()
+
+# Convert the list of disabled dissectors from a;b;c -> "a", "b", "c"
+# for use in fuzzshark.c (macro)
+string(REGEX REPLACE "([^;]+)" "\"\\1\"" FUZZ_DISABLED_DISSECTORS_MACRO "${FUZZ_DISABLED_DISSECTORS}")
+string(REPLACE ";" ", " FUZZ_DISABLED_DISSECTORS_MACRO "${FUZZ_DISABLED_DISSECTORS_MACRO}")
+
+# Targets that are build via all-fuzzers:
+# - fuzzshark: a non-specific fuzz target, configurable through env vars (requires BUILD_fuzzshark)
+# - fuzzshark_<target>: fuzz target for a specific dissector target.
+# - fuzzshark_<table>-<target>: fuzz target for a specific dissector via a dissector table.
+add_custom_target(all-fuzzers)
+
+function(fuzzshark_set_common_options fuzzer_name)
+	add_dependencies(${fuzzer_name} version)
+	# Sanitizers require a C++ runtime, so use a C++ linker.
+	set_target_properties(${fuzzer_name} PROPERTIES
+		FOLDER "Fuzzers"
+		LINK_FLAGS "${FUZZ_LINK_FLAGS}"
+		LINKER_LANGUAGE "CXX"
+	)
+	target_link_libraries(${fuzzer_name} ${fuzzshark_LIBS})
+	add_dependencies(all-fuzzers ${fuzzer_name})
+endfunction()
+
+if(BUILD_fuzzshark)
+	if(NOT (ENABLE_FUZZER OR OSS_FUZZ))
+		# libFuzzer includes a main routine that enables fuzzing. If
+		# support for fuzzing was not enabled, add a small standalone
+		# target that can be used to test-compile fuzzshark.c.
+		list(APPEND fuzzshark_FILES StandaloneFuzzTargetMain.c)
+	endif()
+	add_executable(fuzzshark ${fuzzshark_FILES})
+	fuzzshark_set_common_options(fuzzshark)
+endif()
+
+# Create a new dissector fuzzer target.
+# If <dissector_table> is empty, <name> will be called directly.
+# If <dissector_table> is non-empty, a dissector with filter name <name> will be
+# looked up in dissector table <dissector_table>.
+function(generate_fuzzer dissector_table name)
+	if(NOT (ENABLE_FUZZER OR OSS_FUZZ))
+		return()
+	endif()
+
+	if(dissector_table STREQUAL "")
+		set(fuzzer_name fuzzshark_${name})
+	else()
+		# "ip.proto" and "udp" -> "ip_proto-udp"
+		set(fuzzer_name fuzzshark_${dissector_table}-${name})
+		string(REPLACE "." "_" fuzzer_name ${fuzzer_name})
+	endif()
+
+	add_executable(${fuzzer_name} EXCLUDE_FROM_ALL ${fuzzshark_FILES})
+	fuzzshark_set_common_options(${fuzzer_name})
+	target_compile_definitions(${fuzzer_name} PRIVATE
+		FUZZ_DISSECTOR_LIST=${FUZZ_DISABLED_DISSECTORS_MACRO}
+		FUZZ_DISSECTOR_TABLE="${dissector_table}"
+		FUZZ_DISSECTOR_TARGET="${name}"
+	)
+endfunction()
+
+# Add fuzzer targets for every dissector in list FUZZ_<table-var>_DISSECTORS,
+# where <table-var> changes a <table> such as "ip.proto" into "IP_PROTO".
+function(add_table_fuzzers table)
+	string(REPLACE "." "_" table_var ${table})
+	string(TOUPPER "${table_var}" table_var)
+	foreach(dissector IN LISTS FUZZ_${table_var}_DISSECTORS)
+		generate_fuzzer(${table} ${dissector})
+	endforeach()
+endfunction()
+
+foreach(dissector IN LISTS FUZZ_DISSECTORS)
+	generate_fuzzer("" ${dissector})
+endforeach()
+
+add_table_fuzzers("ip.proto")
+add_table_fuzzers("tcp.port")
+add_table_fuzzers("udp.port")
+add_table_fuzzers("media_type")
+
+#
+# Editor modelines  -  http://www.wireshark.org/tools/modelines.html
+#
+# Local variables:
+# c-basic-offset: 8
+# tab-width: 8
+# indent-tabs-mode: t
+# End:
+#
+# vi: set shiftwidth=8 tabstop=8 noexpandtab:
+# :indentSize=8:tabSize=8:noTabs=false:
+#
diff --git a/fuzz/FuzzerInterface.h b/fuzz/FuzzerInterface.h
new file mode 100644
index 0000000000..2208675e33
--- /dev/null
+++ b/fuzz/FuzzerInterface.h
@@ -0,0 +1,147 @@
+/* based on http://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerInterface.h r321218 (20 Dec 2017) */
+
+/* http://llvm.org/svn/llvm-project/compiler-rt/trunk/LICENSE.TXT follows */
+
+/*
+==============================================================================
+compiler_rt License
+==============================================================================
+
+The compiler_rt library is dual licensed under both the University of Illinois
+"BSD-Like" license and the MIT license.  As a user of this code you may choose
+to use it under either license.  As a contributor, you agree to allow your code
+to be used under both.
+
+Full text of the relevant licenses is included below.
+
+==============================================================================
+
+University of Illinois/NCSA
+Open Source License
+
+Copyright (c) 2009-2016 by the contributors listed in CREDITS.TXT
+
+All rights reserved.
+
+Developed by:
+
+    LLVM Team
+
+    University of Illinois at Urbana-Champaign
+
+    http://llvm.org
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal with
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimers.
+
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimers in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the names of the LLVM Team, University of Illinois at
+      Urbana-Champaign, nor the names of its contributors may be used to
+      endorse or promote products derived from this Software without specific
+      prior written permission.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE
+SOFTWARE.
+
+==============================================================================
+
+Copyright (c) 2009-2015 by the contributors listed in CREDITS.TXT
+
+SPDX-License-Identifier: MIT
+
+==============================================================================
+Copyrights and Licenses for Third Party Software Distributed with LLVM:
+==============================================================================
+The LLVM software contains code written by third parties.  Such software will
+have its own individual LICENSE.TXT file in the directory in which it appears.
+This file will describe the copyrights, license, and restrictions which apply
+to that code.
+
+The disclaimer of warranty in the University of Illinois Open Source License
+applies to all code in the LLVM Distribution, and nothing in any of the
+other licenses gives permission to use the names of the LLVM Team or the
+University of Illinois to endorse or promote products derived from this
+Software.
+*/
+//===- FuzzerInterface.h - Interface header for the Fuzzer ------*- C++ -* ===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+// Define the interface between libFuzzer and the library being tested.
+//===----------------------------------------------------------------------===//
+
+// NOTE: the libFuzzer interface is thin and in the majority of cases
+// you should not include this file into your target. In 95% of cases
+// all you need is to define the following function in your file:
+// extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+
+// WARNING: keep the interface in C.
+
+#ifndef LLVM_FUZZER_INTERFACE_H
+#define LLVM_FUZZER_INTERFACE_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif  // __cplusplus
+
+// Mandatory user-provided target function.
+// Executes the code under test with [Data, Data+Size) as the input.
+// libFuzzer will invoke this function *many* times with different inputs.
+// Must return 0.
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+
+// Optional user-provided initialization function.
+// If provided, this function will be called by libFuzzer once at startup.
+// It may read and modify argc/argv.
+// Must return 0.
+int LLVMFuzzerInitialize(int *argc, char ***argv);
+
+// Optional user-provided custom mutator.
+// Mutates raw data in [Data, Data+Size) inplace.
+// Returns the new size, which is not greater than MaxSize.
+// Given the same Seed produces the same mutation.
+size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, size_t MaxSize,
+                               unsigned int Seed);
+
+// Optional user-provided custom cross-over function.
+// Combines pieces of Data1 & Data2 together into Out.
+// Returns the new size, which is not greater than MaxOutSize.
+// Should produce the same mutation given the same Seed.
+size_t LLVMFuzzerCustomCrossOver(const uint8_t *Data1, size_t Size1,
+                                 const uint8_t *Data2, size_t Size2,
+                                 uint8_t *Out, size_t MaxOutSize,
+                                 unsigned int Seed);
+
+// Experimental, may go away in future.
+// libFuzzer-provided function to be used inside LLVMFuzzerCustomMutator.
+// Mutates raw data in [Data, Data+Size) inplace.
+// Returns the new size, which is not greater than MaxSize.
+size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize);
+
+#ifdef __cplusplus
+}  // extern "C"
+#endif  // __cplusplus
+
+#endif  // LLVM_FUZZER_INTERFACE_H
diff --git a/fuzz/StandaloneFuzzTargetMain.c b/fuzz/StandaloneFuzzTargetMain.c
new file mode 100644
index 0000000000..cf29561cf5
--- /dev/null
+++ b/fuzz/StandaloneFuzzTargetMain.c
@@ -0,0 +1,126 @@
+/* based on http://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c r311407 (22 Aug 2017) */
+
+/* http://llvm.org/svn/llvm-project/compiler-rt/trunk/LICENSE.TXT follows */
+
+/*
+==============================================================================
+compiler_rt License
+==============================================================================
+
+The compiler_rt library is dual licensed under both the University of Illinois
+"BSD-Like" license and the MIT license.  As a user of this code you may choose
+to use it under either license.  As a contributor, you agree to allow your code
+to be used under both.
+
+Full text of the relevant licenses is included below.
+
+==============================================================================
+
+University of Illinois/NCSA
+Open Source License
+
+Copyright (c) 2009-2016 by the contributors listed in CREDITS.TXT
+
+All rights reserved.
+
+Developed by:
+
+    LLVM Team
+
+    University of Illinois at Urbana-Champaign
+
+    http://llvm.org
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal with
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimers.
+
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimers in the
+      documentation and/or other materials provided with the distribution.
+
+    * Neither the names of the LLVM Team, University of Illinois at
+      Urbana-Champaign, nor the names of its contributors may be used to
+      endorse or promote products derived from this Software without specific
+      prior written permission.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE
+SOFTWARE.
+
+==============================================================================
+
+Copyright (c) 2009-2015 by the contributors listed in CREDITS.TXT
+
+SPDX-License-Identifier: MIT
+
+==============================================================================
+Copyrights and Licenses for Third Party Software Distributed with LLVM:
+==============================================================================
+The LLVM software contains code written by third parties.  Such software will
+have its own individual LICENSE.TXT file in the directory in which it appears.
+This file will describe the copyrights, license, and restrictions which apply
+to that code.
+
+The disclaimer of warranty in the University of Illinois Open Source License
+applies to all code in the LLVM Distribution, and nothing in any of the
+other licenses gives permission to use the names of the LLVM Team or the
+University of Illinois to endorse or promote products derived from this
+Software.
+*/
+
+/*===- StandaloneFuzzTargetMain.c - standalone main() for fuzz targets. ---===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+// This main() function can be linked to a fuzz target (i.e. a library
+// that exports LLVMFuzzerTestOneInput() and possibly LLVMFuzzerInitialize())
+// instead of libFuzzer. This main() function will not perform any fuzzing
+// but will simply feed all input files one by one to the fuzz target.
+//
+// Use this file to provide reproducers for bugs when linking against libFuzzer
+// or other fuzzing engine is undesirable.
+//===----------------------------------------------------------------------===*/
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <glib.h>
+#include <wsutil/file_util.h>
+
+#include "FuzzerInterface.h"
+
+int main(int argc, char **argv) {
+  fprintf(stderr, "StandaloneFuzzTargetMain: running %d inputs\n", argc - 1);
+  LLVMFuzzerInitialize(&argc, &argv);
+  for (int i = 1; i < argc; i++) {
+    fprintf(stderr, "Running: %s\n", argv[i]);
+    FILE *f = ws_fopen(argv[i], "r");
+    assert(f);
+    fseek(f, 0, SEEK_END);
+    long len = ftell(f);
+    assert(len >= 0);
+    fseek(f, 0, SEEK_SET);
+    unsigned char *buf = (unsigned char*)g_malloc((size_t)len);
+    size_t n_read = fread(buf, 1, len, f);
+    assert(n_read == (size_t)len);
+    fclose(f);
+    LLVMFuzzerTestOneInput(buf, len);
+    g_free(buf);
+    fprintf(stderr, "Done:    %s: (%zd bytes)\n", argv[i], n_read);
+  }
+}
diff --git a/fuzz/fuzzshark.c b/fuzz/fuzzshark.c
new file mode 100644
index 0000000000..e31d8219a5
--- /dev/null
+++ b/fuzz/fuzzshark.c
@@ -0,0 +1,394 @@
+/* oss-fuzzshark.c
+ *
+ * Fuzzer variant of Wireshark for oss-fuzz
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <limits.h>
+
+#include <glib.h>
+
+#include <epan/epan.h>
+
+#include <wsutil/cmdarg_err.h>
+#include <wsutil/crash_info.h>
+#include <wsutil/filesystem.h>
+#include <wsutil/privileges.h>
+#include <wsutil/report_message.h>
+#include <version_info.h>
+
+#include <wiretap/wtap.h>
+
+#include <epan/color_filters.h>
+#include <epan/timestamp.h>
+#include <epan/prefs.h>
+#include <epan/column.h>
+#include <epan/print.h>
+#include <epan/epan_dissect.h>
+#include <epan/disabled_protos.h>
+
+#ifdef HAVE_PLUGINS
+#include <wsutil/plugins.h>
+#endif
+
+#include "FuzzerInterface.h"
+
+#define EPAN_INIT_FAIL 2
+
+static column_info fuzz_cinfo;
+static epan_t *fuzz_epan;
+static epan_dissect_t *fuzz_edt;
+
+/*
+ * General errors and warnings are reported with an console message
+ * in oss-fuzzshark.
+ */
+static void
+failure_warning_message(const char *msg_format, va_list ap)
+{
+	fprintf(stderr, "oss-fuzzshark: ");
+	vfprintf(stderr, msg_format, ap);
+	fprintf(stderr, "\n");
+}
+
+/*
+ * Open/create errors are reported with an console message in oss-fuzzshark.
+ */
+static void
+open_failure_message(const char *filename, int err, gboolean for_writing)
+{
+	fprintf(stderr, "oss-fuzzshark: ");
+	fprintf(stderr, file_open_error_message(err, for_writing), filename);
+	fprintf(stderr, "\n");
+}
+
+/*
+ * Read errors are reported with an console message in oss-fuzzshark.
+ */
+static void
+read_failure_message(const char *filename, int err)
+{
+	cmdarg_err("An error occurred while reading from the file \"%s\": %s.", filename, g_strerror(err));
+}
+
+/*
+ * Write errors are reported with an console message in oss-fuzzshark.
+ */
+static void
+write_failure_message(const char *filename, int err)
+{
+	cmdarg_err("An error occurred while writing to the file \"%s\": %s.", filename, g_strerror(err));
+}
+
+/*
+ * Report additional information for an error in command-line arguments.
+ */
+static void
+failure_message_cont(const char *msg_format, va_list ap)
+{
+	vfprintf(stderr, msg_format, ap);
+	fprintf(stderr, "\n");
+}
+
+static int
+fuzzshark_pref_set(const char *name, const char *value)
+{
+	char pref[4096];
+	char *errmsg = NULL;
+
+	prefs_set_pref_e ret;
+
+	g_snprintf(pref, sizeof(pref), "%s:%s", name, value);
+
+	ret = prefs_set_pref(pref, &errmsg);
+	g_free(errmsg);
+
+	return (ret == PREFS_SET_OK);
+}
+
+static const nstime_t *
+fuzzshark_get_frame_ts(struct packet_provider_data *prov _U_, guint32 frame_num _U_)
+{
+	static nstime_t empty;
+
+	return &empty;
+}
+
+static epan_t *
+fuzzshark_epan_new(void)
+{
+	static const struct packet_provider_funcs funcs = {
+		fuzzshark_get_frame_ts,
+		NULL,
+		NULL,
+		NULL
+	};
+
+	return epan_new(NULL, &funcs);
+}
+
+static dissector_handle_t
+get_dissector_handle(const char *table, const char *target)
+{
+	dissector_handle_t fuzz_handle = NULL;
+
+	if (table != NULL && target != NULL)
+	{
+		/* search for handle, cannot use dissector_table_get_dissector_handle() cause it's using short-name, and I already used filter name in samples ;/ */
+		GSList *handle_list = dissector_table_get_dissector_handles(find_dissector_table(table));
+		while (handle_list)
+		{
+			dissector_handle_t handle = (dissector_handle_t) handle_list->data;
+			const char *handle_filter_name = proto_get_protocol_filter_name(dissector_handle_get_protocol_index(handle));
+
+			if (!strcmp(handle_filter_name, target))
+				fuzz_handle = handle;
+			handle_list = handle_list->next;
+		}
+	}
+	else if (target != NULL)
+	{
+		fuzz_handle = find_dissector(target);
+	}
+
+	return fuzz_handle;
+}
+
+static void
+fuzz_prefs_apply(void)
+{
+	/* Turn off fragmentation for some protocols */
+	fuzzshark_pref_set("ip.defragment", "FALSE");
+	fuzzshark_pref_set("ipv6.defragment", "FALSE");
+	fuzzshark_pref_set("wlan.defragment", "FALSE");
+	fuzzshark_pref_set("tcp.desegment_tcp_streams", "FALSE");
+
+	/* Notify all registered modules that have had any of their preferences changed. */
+	prefs_apply_all();
+}
+
+static int
+fuzz_init(int argc _U_, char **argv)
+{
+	GString             *comp_info_str;
+	GString             *runtime_info_str;
+	char                *init_progfile_dir_error;
+
+	char                *err_msg = NULL;
+	e_prefs             *prefs_p;
+	int                  ret = EXIT_SUCCESS;
+	size_t               i;
+
+	const char *fuzz_target =
+#if defined(FUZZ_DISSECTOR_TARGET)
+		FUZZ_DISSECTOR_TARGET;
+#else
+		getenv("FUZZSHARK_TARGET");
+#endif
+
+	const char *disabled_dissector_list[] =
+	{
+#ifdef FUZZ_DISSECTOR_LIST
+		FUZZ_DISSECTOR_LIST ,
+#endif
+		"snort"
+	};
+
+	dissector_handle_t fuzz_handle = NULL;
+
+	/* In oss-fuzz running environment g_get_home_dir() fails:
+	 * (process:1): GLib-WARNING **: getpwuid_r(): failed due to unknown user id (0)
+	 * (process:1): GLib-CRITICAL **: g_once_init_leave: assertion 'result != 0' failed
+	 *
+	 * Avoid GLib-CRITICAL by setting some XDG environment variables.
+	 */
+	g_setenv("XDG_CACHE_HOME", "/not/existing/directory", 0);  /* g_get_user_cache_dir() */
+	g_setenv("XDG_CONFIG_HOME", "/not/existing/directory", 0); /* g_get_user_config_dir() */
+	g_setenv("XDG_DATA_HOME", "/not/existing/directory", 0);   /* g_get_user_data_dir() */
+
+	g_setenv("WIRESHARK_DEBUG_WMEM_OVERRIDE", "simple", 0);
+	g_setenv("G_SLICE", "always-malloc", 0);
+
+	cmdarg_err_init(failure_warning_message, failure_message_cont);
+
+	/*
+	 * Get credential information for later use, and drop privileges
+	 * before doing anything else.
+	 * Let the user know if anything happened.
+	 */
+	init_process_policies();
+#if 0 /* disable setresgid(), it fails with -EINVAL https://github.com/google/oss-fuzz/pull/532#issuecomment-294515463 */
+	relinquish_special_privs_perm();
+#endif
+
+	/*
+	 * Attempt to get the pathname of the executable file.
+	 */
+	init_progfile_dir_error = init_progfile_dir(argv[0]);
+	if (init_progfile_dir_error != NULL)
+		fprintf(stderr, "fuzzshark: Can't get pathname of oss-fuzzshark program: %s.\n", init_progfile_dir_error);
+
+	/* Get the compile-time version information string */
+	comp_info_str = get_compiled_version_info(NULL, epan_get_compiled_version_info);
+
+	/* Get the run-time version information string */
+	runtime_info_str = get_runtime_version_info(epan_get_runtime_version_info);
+
+	/* Add it to the information to be reported on a crash. */
+	ws_add_crash_info("OSS Fuzzshark (Wireshark) %s\n"
+	     "\n"
+	     "%s"
+	     "\n"
+	     "%s",
+	     get_ws_vcs_version_info(),
+	     comp_info_str->str,
+	     runtime_info_str->str);
+	g_string_free(comp_info_str, TRUE);
+	g_string_free(runtime_info_str, TRUE);
+
+	init_report_message(failure_warning_message, failure_warning_message,
+	     open_failure_message, read_failure_message, write_failure_message);
+
+	timestamp_set_type(TS_RELATIVE);
+	timestamp_set_precision(TS_PREC_AUTO);
+	timestamp_set_seconds_type(TS_SECONDS_DEFAULT);
+
+	wtap_init(TRUE);
+
+	/* Register all dissectors; we must do this before checking for the
+	   "-G" flag, as the "-G" flag dumps information registered by the
+	   dissectors, and we must do it before we read the preferences, in
+	   case any dissectors register preferences. */
+	if (!epan_init(NULL, NULL, FALSE))
+	{
+		ret = EPAN_INIT_FAIL;
+		goto clean_exit;
+	}
+
+	/* Load libwireshark settings from the current profile. */
+	prefs_p = epan_load_settings();
+
+	if (!color_filters_init(&err_msg, NULL))
+	{
+		fprintf(stderr, "%s\n", err_msg);
+		g_free(err_msg);
+	}
+
+	for (i = 0; i < G_N_ELEMENTS(disabled_dissector_list); i++)
+	{
+		const char *item = disabled_dissector_list[i];
+
+		/* XXX, need to think how to disallow chains like: IP -> .... -> IP,
+		 * best would be to disable dissector always, but allow it during initial call. */
+		if (fuzz_target == NULL || strcmp(fuzz_target, item))
+		{
+			fprintf(stderr, "oss-fuzzshark: disabling: %s\n", item);
+			proto_disable_proto_by_name(item);
+		}
+	}
+
+	fuzz_prefs_apply();
+
+	/* Build the column format array */
+	build_column_format_array(&fuzz_cinfo, prefs_p->num_cols, TRUE);
+
+#if defined(FUZZ_DISSECTOR_TABLE) && defined(FUZZ_DISSECTOR_TARGET)
+# define FUZZ_EPAN 1
+	fprintf(stderr, "oss-fuzzshark: configured for dissector: %s in table: %s\n", fuzz_target, FUZZ_DISSECTOR_TABLE);
+	fuzz_handle = get_dissector_handle(FUZZ_DISSECTOR_TABLE, fuzz_target);
+
+#elif defined(FUZZ_DISSECTOR_TARGET)
+# define FUZZ_EPAN 2
+	fprintf(stderr, "oss-fuzzshark: configured for dissector: %s\n", fuzz_target);
+	fuzz_handle = get_dissector_handle(NULL, fuzz_target);
+
+#else
+# define FUZZ_EPAN 3
+	fprintf(stderr, "oss-fuzzshark: env for dissector: %s\n", fuzz_target);
+	fuzz_handle = get_dissector_handle(getenv("FUZZSHARK_TABLE"), fuzz_target);
+#endif
+
+#ifdef FUZZ_EPAN
+	g_assert(fuzz_handle != NULL);
+	register_postdissector(fuzz_handle);
+#endif
+
+	fuzz_epan = fuzzshark_epan_new();
+	fuzz_edt = epan_dissect_new(fuzz_epan, TRUE, FALSE);
+
+	return 0;
+clean_exit:
+	wtap_cleanup();
+	free_progdirs();
+	return ret;
+}
+
+#ifdef FUZZ_EPAN
+int
+LLVMFuzzerTestOneInput(const guint8 *buf, size_t real_len)
+{
+	static guint32 framenum = 0;
+	epan_dissect_t *edt = fuzz_edt;
+
+	guint32 len = (guint32) real_len;
+
+	wtap_rec rec;
+	frame_data fdlocal;
+
+	memset(&rec, 0, sizeof(rec));
+
+	rec.rec_type = REC_TYPE_PACKET;
+	rec.rec_header.packet_header.caplen = len;
+	rec.rec_header.packet_header.len = len;
+
+	/* whdr.pkt_encap = WTAP_ENCAP_ETHERNET; */
+	rec.rec_header.packet_header.pkt_encap = G_MAXINT16;
+	rec.presence_flags = WTAP_HAS_TS | WTAP_HAS_CAP_LEN; /* most common flags... */
+
+	frame_data_init(&fdlocal, ++framenum, &rec, /* offset */ 0, /* cum_bytes */ 0);
+	/* frame_data_set_before_dissect() not needed */
+	epan_dissect_run(edt, WTAP_FILE_TYPE_SUBTYPE_UNKNOWN, &rec, tvb_new_real_data(buf, len, len), &fdlocal, NULL /* &fuzz_cinfo */);
+	frame_data_destroy(&fdlocal);
+
+	epan_dissect_reset(edt);
+	return 0;
+}
+
+#else
+# error "Missing fuzz target."
+#endif
+
+int
+LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+	int ret;
+
+	ret = fuzz_init(*argc, *argv);
+	if (ret != 0)
+		exit(ret);
+
+	return 0;
+}
+
+/*
+ * Editor modelines  -  http://www.wireshark.org/tools/modelines.html
+ *
+ * Local variables:
+ * c-basic-offset: 8
+ * tab-width: 8
+ * indent-tabs-mode: t
+ * End:
+ *
+ * vi: set shiftwidth=8 tabstop=8 noexpandtab:
+ * :indentSize=8:tabSize=8:noTabs=false:
+ */