Change Summary:
Add differential checking for fuzz_xmlnode and add a fuzzer for markup_strip_html :)
Commit: |
|
||||
---|---|---|---|---|---|
Diff: |
Revision 2 (+787) |
Review Request #760 — Created June 17, 2021 and submitted
Add fuzzing support for some libpurple features
Hi!
I built and tested all of these fuzzers for libpurple.
You can build them by first building pidgin/libpurple with
--enable-fuzzing
then going intolibpurple/tests
and runmake check
. After that you can run these fuzzers. With a dictionary if you want :)for example:
$ ./fuzz_markup_strip_html -dict=dictionaries/html.dict Dictionary: 465 entries INFO: Seed: 2274862685 INFO: Loaded 1 modules (3 inline 8-bit counters): 3 [0x5a4ec0, 0x5a4ec3), INFO: Loaded 1 PC tables (3 PCs): 3 [0x568ee8,0x568f18), INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes INFO: A corpus is not provided, starting from an empty corpus #2 INITED cov: 2 ft: 2 corp: 1/1b exec/s: 0 rss: 30Mb #1048576 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 524288 rss: 789Mb #2097152 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 524288 rss: 792Mb
Best Regards,
Jordy Zomer
Description | From | Last Updated |
---|---|---|
My comment apply to all the new source files, I believe. |
QuLogic | |
I tested this as a patch before landing it and have some issues.. There's a compiler warnings per fuzzer because … |
grim | |
Probably should sort these. |
QuLogic | |
Add license header comment. |
QuLogic | |
I assume that data is not NULL-terminated, which is why you need this copy? Should use GLib functions for consistency; … |
QuLogic | |
Default should be NULL. |
QuLogic | |
I'm still confused on how this works? I assume we need clang for this but there's no check of clang? |
grim | |
Instead of just setting this, we should be checking if it's set to clang and if not then erroring out. |
grim | |
g_new aborts on failure, and only returns NULL for 0 count, so you don't need to check this. |
QuLogic |
Add differential checking for fuzz_xmlnode and add a fuzzer for markup_strip_html :)
Commit: |
|
||||
---|---|---|---|---|---|
Diff: |
Revision 2 (+787) |
Remove spurious g_free() of str if str == NULL
Commit: |
|
||||
---|---|---|---|---|---|
Diff: |
Revision 3 (+786) |
Testing Done: |
|
---|
libpurple/tests/fuzz_html_to_xhtml.c (Diff revision 3) |
---|
I assume that
data
is notNULL
-terminated, which is why you need this copy?Should use GLib functions for consistency;
g_new
or similar.
Added licenses, used default NULL in fuzz_html_to_xhtml and used glib functions for allocating and freeing memory.
Commit: |
|
||||
---|---|---|---|---|---|
Diff: |
Revision 4 (+906) |
Fix consistency of newlines between license and headers
Commit: |
|
||||
---|---|---|---|---|---|
Diff: |
Revision 5 (+911) |
libpurple/tests/fuzz_html_to_xhtml.c (Diff revision 5) |
---|
I'm still confused on how this works? I assume we need clang for this but there's no check of clang?
Add configure --enable-fuzzing check, if you enable this it will set CC to clang which supports libfuzzer :)
Testing Done: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Commit: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Diff: |
Revision 6 (+927) |
configure.ac (Diff revision 6) |
---|
Instead of just setting this, we should be checking if it's set to
clang
and if not then erroring out.
Added check if CC is clang with --enable-fuzzing instead of setting it.
Commit: |
|
||||
---|---|---|---|---|---|
Diff: |
Revision 7 (+929) |
libpurple/tests/fuzz_html_to_xhtml.c (Diff revision 7) |
---|
g_new
aborts on failure, and only returnsNULL
for 0 count, so you don't need to check this.
Removed unneeded if NULL check with g_new
Commit: |
|
||||
---|---|---|---|---|---|
Diff: |
Revision 8 (+906) |
I tested this as a patch before landing it and have some issues..
There's a compiler warnings per fuzzer because
LLVMFuzzerTestOneInput
doesn't have a prototype. This isn't in a header file anywhere even as an extern, so I'm not sure what we want to do here.Also the first line of every fuzzer's
LLVMFuzzerTestOneInput
implementation has 8 spaces instead of a tab.
fuzz_jabber_caps
andfuzz_xmlnode
just spamg_assert
messages.These aren't tied into
make check
itself and have to be manually run. That's probably fine as it looks like the intent is to run these until their default 20 minute time out kicks in?
Add prototype to remove the error messages, also satisfy fuzzers to don't get all these asserts. Next to that change the spaces into tabs
Commit: |
|
||||
---|---|---|---|---|---|
Diff: |
Revision 9 (+930) |
Add a little documentation of how to fuzz/how to add new fuzzers in pidgin/libpurple :)
Commit: |
|
||||
---|---|---|---|---|---|
Diff: |
Revision 10 (+1038) |