Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a fuzzer to fribidi #154

Merged
merged 1 commit into from
Aug 21, 2020
Merged

Add a fuzzer to fribidi #154

merged 1 commit into from
Aug 21, 2020

Conversation

ebraminio
Copy link
Contributor

@ebraminio ebraminio commented Aug 14, 2020
edited
Loading

This adds a fuzzer to the project in hope to be added to oss-fuzz later, here is how to use it, first make sure a fairly updated version of clang and lld packages are installed, the second maybe is included in llvm package in your distribution, better to make sure llvm is also installed as llvm-symbolizer is needed for better crash log reports, then run these

CC=clang CC_LD=lld CFLAGS="-fsanitize=address,fuzzer-no-link" meson fuzzbuild --default-library=static -Dfuzzer_ldflags="-fsanitize=address,fuzzer" -Ddocs=false
ninja -Cfuzzbuild
fuzzbuild/bin/fribidi-fuzzer

After a case is found one should put the case in test/fuzzing folder, meson will run those tests using touch meson.build && meson test -C fuzzbuild --print-errorlogs (or one can only trig a case using e.g. fuzzbuild/bin/fribidi-fuzzer test/fuzzing/crash-69ebdb74927bd63911e9af32e7da3b0216279461) making sure there won't be regression with the found cases.

Things can be improved in the fuzzer integration so feedback is welcome as some interesting cases are already found with this (as already added to test/fuzzing) but I can consider those API call issue.

@ebraminio ebraminio force-pushed the fuzzer branch 2 times, most recently from 473b2aa to 5150211 Compare August 15, 2020 19:45
@dov dov merged commit c75a94c into fribidi:master Aug 21, 2020
@ebraminio ebraminio mentioned this pull request May 25, 2021
Merged
@ebraminio
Copy link
Contributor Author

ebraminio commented May 27, 2021
edited
Loading

Now that the integration is complete you should be able to use oss-fuzz found cases like this, first download the test cases from https://crbug.com/oss-fuzz/34695 and https://crbug.com/oss-fuzz/34696 (you should log in using the email you've put in readme) then for example run:

CC=clang CC_LD=lld CFLAGS="-fsanitize=memory,fuzzer-no-link" meson msanbuild --default-library=static -Dfuzzer_ldflags="-fsanitize=memory,fuzzer" -Ddocs=false
ninja -Cmsanbuild
msanbuild/bin/fribidi-fuzzer clusterfuzz-testcase-minimized-fribidi-fuzzer-5361146803650560

CC=clang CC_LD=lld CFLAGS="-fsanitize=address,fuzzer-no-link" meson asanbuild --default-library=static -Dfuzzer_ldflags="-fsanitize=address,fuzzer" -Ddocs=false
ninja -Casanbuild
asanbuild/bin/fribidi-fuzzer clusterfuzz-testcase-minimized-fribidi-fuzzer-5372192033472512

After fixing the case you can put the fix case in test/fuzzing.

Just reproduced them on a machine, feel free to ask if you got any issue. I will try to see if I can come with a fix. Thanks!

@ebraminio ebraminio deleted the fuzzer branch February 17, 2022 23:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ebraminio @dov