Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: add a fuzzer for catalog_import_file #10885

Merged
merged 1 commit into from Nov 22, 2018
Merged

tests: add a fuzzer for catalog_import_file #10885

merged 1 commit into from Nov 22, 2018

Conversation

evverx
Copy link
Member

@evverx evverx commented Nov 22, 2018

No description provided.

@evverx evverx added the tests label Nov 22, 2018
@evverx
Copy link
Member Author

evverx commented Nov 22, 2018
edited

The fuzzer has found a place where an assertion is used to check whether the input is valid, which means that it's going to crash with

==12==ERROR: AddressSanitizer: ABRT on unknown address 0x00000000000c (pc 0x7fd6d4788428 bp 0x7fffad5fe1d0 sp 0x7fffad5fe068 T0)
SCARINESS: 10 (signal)
    #0 0x7fd6d4788427 in gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x35427)
    #1 0x7fd6d478a029 in abort (/lib/x86_64-linux-gnu/libc.so.6+0x37029)
    #2 0x7fd6d5a2aeaa in log_assert_failed_realm /work/build/../../src/systemd/src/basic/log.c:795:9
    #3 0x7fd6d5bb6d47 in finish_item /work/build/../../src/systemd/src/journal/catalog.c:164:17
    #4 0x7fd6d5bb5f74 in catalog_import_file /work/build/../../src/systemd/src/journal/catalog.c:313:45
    #5 0x530a89 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-catalog.c:23:16
    #6 0x55be35 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:571:15
    #7 0x559d07 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:480:3
    #8 0x55db12 in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:708:19
    #9 0x560aa6 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:839:5
    #10 0x53dc21 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:764:6
    #11 0x530cdc in main /src/libfuzzer/FuzzerMain.cpp:20:10
    #12 0x7fd6d477382f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #13 0x41d078 in _start (/out/fuzz-catalog+0x41d078)

but it can be fixed later in a separate PR.

@evverx evverx force-pushed the fuzz-catalog branch 3 times, most recently from 188a76f to 18c9856 Compare November 22, 2018 18:29
@evverx evverx mentioned this pull request Nov 22, 2018
Closed
@poettering poettering added good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed fuzzing Implementation of fuzzers and fixes for stuff found through fuzzing labels Nov 22, 2018
@keszybz
Copy link
Member

keszybz commented Nov 22, 2018

Ubuntu CI does not checks the fuzzers (except running them on the corpus), so let's merge without waiting.

@keszybz keszybz removed the good-to-merge/waiting-for-ci 👍 PR is good to merge, but CI hasn't passed at time of review. Please merge if you see CI has passed label Nov 22, 2018
@keszybz keszybz merged commit 4928e8a into systemd:master Nov 22, 2018
@evverx evverx deleted the fuzz-catalog branch November 22, 2018 20:05
@evverx
Copy link
Member Author

evverx commented Nov 22, 2018

As far as I know, nobody has added -Dslow-tests to debian/rules so Ubuntu CI doesn't even try to compile the fuzzers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
fuzzing Implementation of fuzzers and fixes for stuff found through fuzzing tests
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@evverx @keszybz @poettering