New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fuzzer #1174

Merged
merged 14 commits into from Jan 23, 2017

Conversation

Projects
None yet
4 participants
@deweerdt
Member

deweerdt commented Jan 20, 2017

This PR adds two fuzzers (one that accepts HTTP/1, another that accepts HTTP/2), using http://llvm.org/docs/LibFuzzer.html. They use a seed corpus (found under fuzz/http{1,2}-corpus) that was collected by running the unit tests.

The fuzzer consists of a client thread that accepts input from libFuzzer and uses it to communicate with h2o.

We use the BUILD_FUZZER cmake directive in order to compile it (it's off by default). fuzz/README.md file contains the detailed instructions for compiling and running the fuzzer.

The intent is to submit this for use with https://github.com/google/oss-fuzz

deweerdt and others added some commits Dec 6, 2016

Add a fuzzer driver
This is activated when H2O is build with `cmake -DBUILD_FUZZER=ON`, it
also needs `clang` as compiler.
HTTP1 and HTTP2 corpuses
Those were generated with the unit tests and `fuzz/gather-data.patch`
set.
Add `-fno-omit-frame-pointer` to CFLAGS when compiling the fuzzer in so
that we don't get in the way of the backtracer.
Have a dedicated thread for read/writes to h2o
Instead of spawning a thread for each client request, instantiate one at
the start of the fuzzer, then feed the client via `job_queue`.
- Fix leak of the socket pair fd
- Add a 10s timeout for proxy IO
- Have epoll timeout every 10ms to inspect the fd sooner
I'm having issues compiling the latest HEAD of libFuzzer, let's use
a fixed version (29d1659edabe4ba2396f9697915bb7a0880cbd2f) for now
@hbowden

This comment has been minimized.

Show comment
Hide comment
@hbowden

hbowden Jan 20, 2017

Collaborator

Awesome pull request! I have a FreeBSD box that sits around mostly Idle for continuous integration. Il try and get this running on that later this weekend, might as well use those cores for something useful.

Collaborator

hbowden commented Jan 20, 2017

Awesome pull request! I have a FreeBSD box that sits around mostly Idle for continuous integration. Il try and get this running on that later this weekend, might as well use those cores for something useful.

@deweerdt

This comment has been minimized.

Show comment
Hide comment
@deweerdt

deweerdt Jan 21, 2017

Member

@hbowden thanks! Please note that I haven't tested a wide variety of compilers. We've been using clang-3.9.

Member

deweerdt commented Jan 21, 2017

@hbowden thanks! Please note that I haven't tested a wide variety of compilers. We've been using clang-3.9.

@kazuho kazuho merged commit 33591fa into h2o:master Jan 23, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
@kazuho

This comment has been minimized.

Show comment
Hide comment
@kazuho

kazuho Jan 23, 2017

Member

Thank you for the great PR!

Member

kazuho commented Jan 23, 2017

Thank you for the great PR!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment