-
Notifications
You must be signed in to change notification settings - Fork 697
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tools: initial fuzzers #179
Conversation
580c1ca
to
50f0456
Compare
This should be good to go now. |
failing CI. Is this a Rust version problem or should cfg fuzzing be cfg feature fuzzing? |
f1f0a39
to
fee9901
Compare
No, the build command was wrong (can't pass |
given the number of file additions, I wonder how this will affect the build times for Docker on Mac |
🤷♂️ though all those files can probably be left out in that case. |
I understand this is focused on fuzzing the transport right now. But it seems not too hard to extend it to HTTP/3. For example, packet_server.rs
inside http3::with_transport
|
This adds a couple of fuzzers based on honggfuzz that can be used to fuzz incoming packet processing from both the server and client side.
This way more of the packet processing code can be fuzzed (e.g. including frame parsing).
So, I renamed the fuzzers and made the server fuzzer accept cert and key paths from environment. This is needed to run the fuzzers on Mayhem (also added configuration for that). @LPardue yeah, we can add more fuzzers, though I'd like to concentrate on these two until we have the whole infrastructure properly setup. |
Totally agree, after gaining a bit more context I realise there are complexities for HTTP/3. Let's avoid this this PR getting bogged down by that. |
Just curious where those corpus come from? Is it from actual packet dumps? |
@junhochoi they were generated randomly by honggfuzz. |
But also, I managed to generate a few test cases manually, which seem to increase the coverage, so I'll add those as well. |
Too bad honggfuz doesn't support minimizing inputs... |
In retrospect going with honggfuzz might have been a mistake, as the lack of corpus minimization is pretty annoying and it's generally not as well supported as libfuzzer in general. So i'll try to put something together based on libfuzzer/cargo-fuzz to see if that's better (and also see how it fares on Mayhem). |
Closing in favor of #186. |
This adds a couple of fuzzers based on honggfuzz that can be used to
fuzz incoming packet processing from both the server and client side.