bsdiffpatch-test.c: New file suitable for AFL fuzzing #10
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TL;DR: Fuzzing passed. See http://lcamtuf.coredump.cx/afl/ The basic idea is we take an arbitary input file, split it in half. The first half is the original, the second is the modified. Then do a roundtrip diff->patch and verify that it worked. I ran this for 1.5 days on one core, and didn't find any crashes, and the hangs appeared to be false positives. Usage: ``` $ afl-fuzz -i input -o findings -- ./bsdiffpatch-test ``` The `input` directory contained a two byte file with `NUL`s - afl rapidly found other inputs. This code should hopefully be useful if we ever decide to change the code in the future, or for anyone who wants to try variants of fuzzing now.
|
(A variant of this would be to fuzz test patches only, but I'm not as interested in that - we only apply patches which have known integrity, i.e. covered by a GPG signature or TLS) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
TL;DR: Fuzzing passed.
See http://lcamtuf.coredump.cx/afl/
The basic idea is we take an arbitary input file, split it in half.
The first half is the original, the second is the modified. Then do a
roundtrip diff->patch and verify that it worked.
I ran this for 1.5 days on one core, and didn't find any crashes, and
the hangs appeared to be false positives.
Usage:
The
inputdirectory contained a two byte file withNULs - aflrapidly found other inputs.
This code should hopefully be useful if we ever decide to change the
code in the future, or for anyone who wants to try variants of fuzzing
now.