Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Race condition in fuzz tests #432

Closed
mmmds opened this issue Jan 19, 2022 · 0 comments · Fixed by #434
Closed

Race condition in fuzz tests #432

mmmds opened this issue Jan 19, 2022 · 0 comments · Fixed by #434
Labels

Comments

@mmmds
Copy link

mmmds commented Jan 19, 2022

Fuzz tests clamav_dbload_fuzzer.cpp and clamav_scanfile_fuzzer.cpp create a fixed-name input file. If the tests are running in parallel mode, many threads are accessing the same file. Filenames should be unique per process to make parallel fuzzing effective.

fuzzdb = fopen(kClamAVState.tmp_db_name, "w");

fuzzfile = fopen(kClamAVState.tmp_file_name, "w");

micahsnyder added a commit to micahsnyder/clamav-micah that referenced this issue Jan 21, 2022
The fuzz targets that write a temp file currently use the same filename
every time. One of the users identified that if the tests are running
in parallel mode, many threads are accessing the same file.
This results in unstable input to the API being tested, where the file
may be overwritten as the function is being tested.

This commit fixes it by putting a random number in the filenames for the
scanfile and dbload fuzz targets.

Resolves: Cisco-Talos#432

Also fixed a CMake bug that built an extra fuzz target file that doesn't
serve any purpose.

Resolves: Cisco-Talos#431
micahsnyder added a commit to micahsnyder/clamav-micah that referenced this issue Jan 21, 2022
The fuzz targets that write a temp file currently use the same filename
every time. One of the users identified that if the tests are running
in parallel mode, many threads are accessing the same file.
This results in unstable input to the API being tested, where the file
may be overwritten as the function is being tested.

This commit fixes it by putting a random number in the filenames for the
scanfile and dbload fuzz targets.

Resolves: Cisco-Talos#432

Also fixed a CMake bug that built an extra fuzz target file that doesn't
serve any purpose.

Resolves: Cisco-Talos#431
micahsnyder added a commit to micahsnyder/clamav-micah that referenced this issue Mar 27, 2022
The fuzz targets that write a temp file currently use the same filename
every time. One of the users identified that if the tests are running
in parallel mode, many processes are accessing the same file.
This results in unstable input to the API being tested, where the file
may be overwritten as the function is being tested.

This commit fixes it by putting the fuzz process PID in the filenames
for the scanfile and dbload fuzz targets.

Resolves: Cisco-Talos#432

Also fixed a CMake bug that built an extra fuzz target file that doesn't
serve any purpose.

Resolves: Cisco-Talos#431
micahsnyder added a commit that referenced this issue Mar 30, 2022
The fuzz targets that write a temp file currently use the same filename
every time. One of the users identified that if the tests are running
in parallel mode, many processes are accessing the same file.
This results in unstable input to the API being tested, where the file
may be overwritten as the function is being tested.

This commit fixes it by putting the fuzz process PID in the filenames
for the scanfile and dbload fuzz targets.

Resolves: #432

Also fixed a CMake bug that built an extra fuzz target file that doesn't
serve any purpose.

Resolves: #431
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants