[binutils] Add libsframe decode fuzzer

Add a new fuzz target for libsframe's sframe_decode() function.
This covers SFrame section parsing which was previously unfuzzed.

Includes seed corpus with valid V2/V3 headers and edge cases.

Author: TristanInSec

projects/binutils/build.sh

@@ -54,6 +54,13 @@ for i in fuzz_disassemble fuzz_bfd fuzz_bfd_ext; do
     $CXX $CXXFLAGS $i.o -o $OUT/$i $LIB_FUZZING_ENGINE -Wl,--start-group ${LIBS} -Wl,--end-group
 done
 
+# Build sframe fuzzer
+$CC $CFLAGS -I ../include -I ../libsframe -c fuzz_sframe.c -o fuzz_sframe.o
+$CXX $CXXFLAGS fuzz_sframe.o -o $OUT/fuzz_sframe $LIB_FUZZING_ENGINE \
+  ../libsframe/.libs/libsframe.a ../libiberty/libiberty.a
+echo "[libfuzzer]" > $OUT/fuzz_sframe.options
+echo "detect_leaks=0" >> $OUT/fuzz_sframe.options
+
 # Build targeted disassembly fuzzers
 if [ -n "${OSS_FUZZ_CI-}" ]
 then

projects/binutils/fuzz_sframe.c

@@ -0,0 +1,29 @@
+/* Copyright 2026 Google Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include <stdint.h>
+#include <stdlib.h>
+#include "sframe-api.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  int err = 0;
+  sframe_decoder_ctx *dctx;
+
+  dctx = sframe_decode((const char *)data, size, &err);
+  if (dctx != NULL)
+    sframe_decoder_free(&dctx);
+
+  return 0;
+}