- Change Summary:
-
Add differential checking for fuzz_xmlnode and add a fuzzer for markup_strip_html :)
- Commit:
-
47ac84c1c77233398db3f060
- Diff:
-
Revision 2 (+787)
Add fuzzing support for some libpurple features
Review Request #760 — Created June 17, 2021 and submitted
Add fuzzing support for some libpurple features
Hi!
I built and tested all of these fuzzers for libpurple.
You can build them by first building pidgin/libpurple with
--enable-fuzzingthen going intolibpurple/testsand runmake check. After that you can run these fuzzers. With a dictionary if you want :)for example:
$ ./fuzz_markup_strip_html -dict=dictionaries/html.dict Dictionary: 465 entries INFO: Seed: 2274862685 INFO: Loaded 1 modules (3 inline 8-bit counters): 3 [0x5a4ec0, 0x5a4ec3), INFO: Loaded 1 PC tables (3 PCs): 3 [0x568ee8,0x568f18), INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes INFO: A corpus is not provided, starting from an empty corpus #2 INITED cov: 2 ft: 2 corp: 1/1b exec/s: 0 rss: 30Mb #1048576 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 524288 rss: 789Mb #2097152 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 524288 rss: 792MbBest Regards,
Jordy Zomer
| Description | From | Last Updated |
|---|---|---|
|
My comment apply to all the new source files, I believe. |
 QuLogic
|
|
|
I tested this as a patch before landing it and have some issues.. There's a compiler warnings per fuzzer because … |
 grim
|
|
|
Probably should sort these. |
QuLogic
|
|
|
Add license header comment. |
QuLogic
|
|
|
I assume that data is not NULL-terminated, which is why you need this copy? Should use GLib functions for consistency; … |
QuLogic
|
|
|
Default should be NULL. |
QuLogic
|
|
|
I'm still confused on how this works? I assume we need clang for this but there's no check of clang? |
grim
|
|
|
Instead of just setting this, we should be checking if it's set to clang and if not then erroring out. |
grim
|
|
|
g_new aborts on failure, and only returns NULL for 0 count, so you don't need to check this. |
QuLogic
|
JO
JO
- Change Summary:
-
Remove spurious g_free() of str if str == NULL
- Commit:
-
33398db3f0601667aa89f1fa
- Diff:
-
Revision 3 (+786)
JO
- Testing Done:
-
+ Hi!
+ + I built and tested all of these fuzzers for libpurple.
+ + You can build them by first building pidgin/libpurple then going into
libpurple/testsand runmake check. After that you can run these fuzzers. With a dictionary if you want :)+ + for example:
+ + $ ./fuzz_markup_strip_html -dict=dictionaries/html.dict+ Dictionary: 465 entries
+ INFO: Seed: 2274862685
+ INFO: Loaded 1 modules (3 inline 8-bit counters): 3 [0x5a4ec0, 0x5a4ec3),
+ INFO: Loaded 1 PC tables (3 PCs): 3 [0x568ee8,0x568f18),
+ INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
+ INFO: A corpus is not provided, starting from an empty corpus
+ #2 INITED cov: 2 ft: 2 corp: 1/1b exec/s: 0 rss: 30Mb+ #1048576 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 524288 rss: 789Mb+ #2097152 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 524288 rss: 792Mb+ + + + + Best Regards,
+ + Jordy Zomer
JO
- Change Summary:
-
Added licenses, used default NULL in fuzz_html_to_xhtml and used glib functions for allocating and freeing memory.
- Commit:
-
1667aa89f1fa3f70bfc41d40
- Diff:
-
Revision 4 (+906)
JO
- Change Summary:
-
Fix consistency of newlines between license and headers
- Commit:
-
3f70bfc41d40bff421efd8f6
- Diff:
-
Revision 5 (+911)
JO
- Change Summary:
-
Add configure --enable-fuzzing check, if you enable this it will set CC to clang which supports libfuzzer :)
- Testing Done:
-
Hi!
I built and tested all of these fuzzers for libpurple.
~ You can build them by first building pidgin/libpurple then going into
libpurple/testsand runmake check. After that you can run these fuzzers. With a dictionary if you want :)~ You can build them by first building pidgin/libpurple with
--enable-fuzzingthen going intolibpurple/testsand runmake check. After that you can run these fuzzers. With a dictionary if you want :)for example:
$ ./fuzz_markup_strip_html -dict=dictionaries/html.dictDictionary: 465 entries
INFO: Seed: 2274862685
INFO: Loaded 1 modules (3 inline 8-bit counters): 3 [0x5a4ec0, 0x5a4ec3),
INFO: Loaded 1 PC tables (3 PCs): 3 [0x568ee8,0x568f18),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
#2 INITED cov: 2 ft: 2 corp: 1/1b exec/s: 0 rss: 30Mb#1048576 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 524288 rss: 789Mb#2097152 pulse cov: 2 ft: 2 corp: 1/1b lim: 4096 exec/s: 524288 rss: 792MbBest Regards,
Jordy Zomer
- Commit:
-
bff421efd8f63a1ad62f223c
JO
- Change Summary:
-
Added check if CC is clang with --enable-fuzzing instead of setting it.
- Commit:
-
3a1ad62f223c351900a245b8
-
-
I tested this as a patch before landing it and have some issues..
There's a compiler warnings per fuzzer because
LLVMFuzzerTestOneInputdoesn't have a prototype. This isn't in a header file anywhere even as an extern, so I'm not sure what we want to do here.Also the first line of every fuzzer's
LLVMFuzzerTestOneInputimplementation has 8 spaces instead of a tab.fuzz_jabber_capsandfuzz_xmlnodejust spamg_assertmessages.These aren't tied into
make checkitself and have to be manually run. That's probably fine as it looks like the intent is to run these until their default 20 minute time out kicks in?
JO
- Change Summary:
-
Add prototype to remove the error messages, also satisfy fuzzers to don't get all these asserts. Next to that change the spaces into tabs
- Commit:
-
9170343d1305ada395b7a93a