Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Instrumentation of c-ares fuzzers #815

Closed
Dor1s opened this issue Sep 6, 2017 · 8 comments
Closed

Instrumentation of c-ares fuzzers #815

Dor1s opened this issue Sep 6, 2017 · 8 comments

Comments

@Dor1s
Copy link
Contributor

Dor1s commented Sep 6, 2017

The build is failing (https://oss-fuzz-build-logs.storage.googleapis.com/index.html) since ares_create_query_fuzzer has only 42 coverage edges... It might be true, but another fuzz target (c-ares_ares_parse_reply_fuzzer) has 697 of them. Need to take a closer look.
@Dor1s Dor1s mentioned this issue Sep 6, 2017
Merged
Dor1s added a commit that referenced this issue Sep 6, 2017
@Dor1s
[infra] Temporary revert bad_build_check until most of the targets ge…
fa78fa9 
…t fixed.

Need to take a closer look at the following issues:
- #815
- #816
- #817
- #818
- #819
- #820
- #821
- #822
- #823
- #824
- #825
- #826
- #827
- #828
- #829
- #830
@Dor1s Dor1s mentioned this issue Sep 6, 2017
Merged
oliverchang pushed a commit that referenced this issue Sep 7, 2017
@Dor1s @oliverchang
[infra] Temporary revert bad_build_check until most of the targets ge…
718db91 
…t fixed. (#831)

Need to take a closer look at the following issues:
- #815
- #816
- #817
- #818
- #819
- #820
- #821
- #822
- #823
- #824
- #825
- #826
- #827
- #828
- #829
- #830
@Dor1s
Copy link
Contributor Author

Dor1s commented Sep 8, 2017

Looks legit. https://github.com/c-ares/c-ares/blob/master/test/ares-test-fuzz-name.c target is simply too small.

@Dor1s Dor1s mentioned this issue Sep 8, 2017
Merged
@kcc
Copy link
Contributor

kcc commented Sep 8, 2017

But: https://github.com/google/fuzzer-test-suite/tree/master/c-ares-CVE-2016-5180

@Dor1s
Copy link
Contributor Author

Dor1s commented Sep 8, 2017

Yeah :( Should we revisit sancov -print-coverage-pcs ./fuzzer | wc -l threshold (currently 90) or find another workaround for tiny but legit fuzz targets?

@kcc
Copy link
Contributor

kcc commented Sep 8, 2017

Maybe require a smaller number of PCs but at least two source files? (one for fuzz target, one for the library itself)

@morehouse
Copy link
Contributor

@kcc @Dor1s Can this be closed? c-ares build has been green for a while, but do we still want to change our instrumentation check?

@Dor1s
Copy link
Contributor Author

Dor1s commented Mar 1, 2018

Let me check that and consider re-enabling #838.

@Dor1s
Copy link
Contributor Author

Dor1s commented Mar 1, 2018

Yes, we need to change our instrumentation check now. sancov -print-coverage-pcs ./fuzzer | wc -l doesn't seem to make sense anymore.

@Dor1s Dor1s closed this as completed Mar 1, 2018
@Dor1s
Copy link
Contributor Author

Dor1s commented Mar 1, 2018 

root@f19d4d77eabd:/out# objdump -t ares_create_query_fuzzer | egrep -c '__sancov'
21
root@f19d4d77eabd:/out# objdump -t ares_parse_reply_fuzzer | egrep -c '__sancov'
23

tmatth pushed a commit to tmatth/oss-fuzz that referenced this issue Oct 22, 2018
@Dor1s @tmatth
[infra] Temporary revert bad_build_check until most of the targets ge…
ab8e417 
…t fixed. (google#831)

Need to take a closer look at the following issues:
- google#815
- google#816
- google#817
- google#818
- google#819
- google#820
- google#821
- google#822
- google#823
- google#824
- google#825
- google#826
- google#827
- google#828
- google#829
- google#830
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kcc @Dor1s @inferno-chromium @morehouse