New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for fuzzing #29

Merged
merged 2 commits into from Jun 28, 2018

Conversation

Projects
None yet
2 participants
@Shnatsel
Copy link
Contributor

Shnatsel commented Jun 28, 2018

  • Bypass crc32 and adler32 checks via conditional compilation when lodepng is compiled with fuzzing instrumentation. This lets random input from fuzzers actually reach interesting decoding code instead of being rejected early on due to checksum mismatch.
  • Add fuzzing harness for cargo-fuzz that was used to discover #28

If you do not wish to have "fuzz" folder within the project, I can put it in https://github.com/rust-fuzz/targets repository instead.

@kornelski kornelski merged commit 1852515 into kornelski:master Jun 28, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
@kornelski

This comment has been minimized.

Copy link
Owner

kornelski commented Jun 28, 2018

Thank you.

@kornelski

This comment has been minimized.

Copy link
Owner

kornelski commented Jul 18, 2018

The fix for it was trivial — deletion of one line: 37a7bcc

And the leak existed there only because this crate keeps ABI compatibility with its C version, so it has to malloc strings. I'll probably drop the ABI compatibility, because Vec<String> would make things so much simpler.

@Shnatsel

This comment has been minimized.

Copy link
Contributor

Shnatsel commented Jul 18, 2018

I feel C ABI compatibility is a major selling point of this crate compared to something Rust-only, such as png crate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment