Summary

Clean up all of the fuzzers and add a corpus for all of them

Review Request #920 — Created Sept. 13, 2021 and submitted Sept. 16, 2021, 9:13 p.m.

Information

Owner

grim

Repository

pidgin/pidgin

Branch

release-2.x.y

Bugs

Depends On

Reviewers

Groups

pidgin

People

Description

Clean up all of the fuzzers and add a corpus for all of them

Testing Done

Ran all of the fuzzers, made sure they were able to add new corpra.

Commits

Summary	ID
Clean up all of the fuzzers and add a corpus for all of them	3000daa52b63ffb14bda06b89d2ab9c5cbeeb2fb

Issues

Description	From	Last Updated
Should we wrap some in g_utf8_validate?	QuLogic	Sept. 16, 2021, 4:40 a.m.
This is the LLVM fuzzer's prototype, so I'm not sure we should change types on it.	QuLogic	Sept. 14, 2021, 7:19 p.m.
This needs to check input length like the downstream fuzzer, or else you'll get assert bugs like https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34999 (the downstream …	QuLogic	Sept. 14, 2021, 7:19 p.m.
Extra semicolon	QuLogic	Sept. 14, 2021, 7:20 p.m.
You could put this back since the fuzzer doesn't check round-tripping any more?	QuLogic	Sept. 16, 2021, 8:59 p.m.
Didn't you want to change the type here?	QuLogic	Sept. 16, 2021, 9:04 p.m.
Extra blank line, compared to the others.	QuLogic	Sept. 16, 2021, 9:05 p.m.
Change types?	QuLogic	Sept. 16, 2021, 9:06 p.m.
Extra blank line.	QuLogic	Sept. 16, 2021, 9:06 p.m.
Change types?	QuLogic	Sept. 16, 2021, 9:07 p.m.
Change types.	QuLogic	Sept. 16, 2021, 9:07 p.m.

Change Summary:

add some more to the corpus for str_to_time

Commits:

	Summary	ID
	Clean up all of the fuzzers and add a corpus for all of them	85e23798ff8715a38ab6d0b68d5a1d7f8234441c
	Clean up all of the fuzzers and add a corpus for all of them	ac2099711fc8835f28626cf59467a47591870e2e

Diff:

Revision 2 (+782 -72)

Show changes

	.hgignore
	FUZZING
	libpurple/fuzzers/Makefile.am
	libpurple/fuzzers/fuzz_base16_decode.c
	libpurple/fuzzers/fuzz_jabber_id_new.c
	libpurple/fuzzers/fuzz_markup_is_rtl.c
	libpurple/fuzzers/fuzz_markup_linkify.c
	libpurple/fuzzers/fuzz_mime.c
	152 more

FUZZING (Diff revision 2)

The issue has been dropped. Show all issues

This is the LLVM fuzzer's prototype, so I'm not sure we should change types on it.

grim Sept. 14, 2021, 4:46 p.m.

But then we need to include additional files...

libpurple/fuzzers/fuzz_base16_decode.c (Diff revision 2)

The issue has been resolved. Show all issues

This needs to check input length like the downstream fuzzer, or else you'll get assert bugs like https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34999 (the downstream checks are buggy or they wouldn't hit this.)

This may apply to other expected constraints in other tested functions.

QuLogic Sept. 14, 2021, 12:26 a.m.

Note, the actual full trace on https://oss-fuzz.com/testcase-detail/5640002393473024 is actually about a memory leak, so not sure if the assert is really a problem or just something that gets auto-reported when any other issues arise.

libpurple/fuzzers/fuzz_markup_linkify.c (Diff revision 2)
The issue has been resolved. Show all issues
```
Extra semicolon
```
1. grim Sept. 14, 2021, 4:46 p.m.
  *backslash

Commits:

	Summary	ID
	Clean up all of the fuzzers and add a corpus for all of them	ac2099711fc8835f28626cf59467a47591870e2e
	Clean up all of the fuzzers and add a corpus for all of them	98741e1e3d764a64abf58c1f18e2b3df6025f468

Diff:

Revision 3 (+788 -72)

Show changes

	.hgignore
	FUZZING
	libpurple/fuzzers/Makefile.am
	libpurple/fuzzers/fuzz_base16_decode.c
	libpurple/fuzzers/fuzz_jabber_id_new.c
	libpurple/fuzzers/fuzz_markup_is_rtl.c
	libpurple/fuzzers/fuzz_markup_linkify.c
	libpurple/fuzzers/fuzz_mime.c
	153 more

The issue has been resolved. Show all issues
```
Should we wrap some in g_utf8_validate?
```
1. grim Sept. 15, 2021, 1:21 p.m.
  the fuzzer or the function?
2. QuLogic Sept. 15, 2021, 2:03 p.m.
  Just the fuzzers that need it.

Change Summary:

rebased

Commits:

	Summary	ID
	Clean up all of the fuzzers and add a corpus for all of them	98741e1e3d764a64abf58c1f18e2b3df6025f468
	Clean up all of the fuzzers and add a corpus for all of them	066c702a212339a4c4aab95d2a167dab976d402b

Diff:

Revision 4 (+788 -72)

Show changes

	.hgignore
	FUZZING
	libpurple/fuzzers/Makefile.am
	libpurple/fuzzers/fuzz_base16_decode.c
	libpurple/fuzzers/fuzz_jabber_id_new.c
	libpurple/fuzzers/fuzz_markup_is_rtl.c
	libpurple/fuzzers/fuzz_markup_linkify.c
	libpurple/fuzzers/fuzz_mime.c
	153 more

Change Summary:

call purple_util_init and purple_util_uninit in the str_to_time fuzzer

Commits:

	Summary	ID
	Clean up all of the fuzzers and add a corpus for all of them	066c702a212339a4c4aab95d2a167dab976d402b
	Clean up all of the fuzzers and add a corpus for all of them	6fc73aea5c47cdab05e3de31d40ca73c64306987

Diff:

Revision 5 (+796 -72)

Show changes

	.hgignore
	FUZZING
	libpurple/fuzzers/Makefile.am
	libpurple/fuzzers/fuzz_base16_decode.c
	libpurple/fuzzers/fuzz_jabber_id_new.c
	libpurple/fuzzers/fuzz_markup_is_rtl.c
	libpurple/fuzzers/fuzz_markup_linkify.c
	libpurple/fuzzers/fuzz_mime.c
	153 more

Change Summary:

add g_utf8_validate_len to the functions that need it and add some new corpus from running the fuzzers with that code change.

Also skipped the xmlnode equality check because the fuzzer was putting white space in that was screwing stuff up.

Commits:

	Summary	ID
	Clean up all of the fuzzers and add a corpus for all of them	6fc73aea5c47cdab05e3de31d40ca73c64306987
	Clean up all of the fuzzers and add a corpus for all of them	d585a3547eefe290891257d5f8f7702f5ed9176a

Diff:

Revision 6 (+936 -96)

Show changes

	.hgignore
	FUZZING
	libpurple/fuzzers/Makefile.am
	libpurple/fuzzers/fuzz_base16_decode.c
	libpurple/fuzzers/fuzz_html_to_xhtml.c
	libpurple/fuzzers/fuzz_jabber_caps.c
	libpurple/fuzzers/fuzz_jabber_id_new.c
	libpurple/fuzzers/fuzz_markup_is_rtl.c
	176 more

libpurple/fuzzers/corpus/xmlnode/b9f27c892298045dcb9d56b30d19cf51994fc7de (Diff revisions 5 - 6)
The issue has been resolved. Show all issues
```
You could put this back since the fuzzer doesn't check round-tripping any more?
```
libpurple/fuzzers/fuzz_html_to_xhtml.c (Diff revision 6)
The issue has been resolved. Show all issues
```
Didn't you want to change the type here?
```
libpurple/fuzzers/fuzz_html_to_xhtml.c (Diff revision 6)
The issue has been resolved. Show all issues
```
Extra blank line, compared to the others.
```
libpurple/fuzzers/fuzz_jabber_caps.c (Diff revision 6)
The issue has been resolved. Show all issues
```
Change types?
```
libpurple/fuzzers/fuzz_jabber_caps.c (Diff revision 6)
The issue has been resolved. Show all issues
```
Extra blank line.
```
libpurple/fuzzers/fuzz_markup_strip_html.c (Diff revision 6)
The issue has been resolved. Show all issues
```
Change types?
```
libpurple/fuzzers/fuzz_xmlnode.c (Diff revision 6)
The issue has been resolved. Show all issues
```
Change types.
```

Commits:

	Summary	ID
	Clean up all of the fuzzers and add a corpus for all of them	d585a3547eefe290891257d5f8f7702f5ed9176a
	Clean up all of the fuzzers and add a corpus for all of them	3aba6eca58063ff5405470153a57ac69629cc794

Diff:

Revision 7 (+964 -124)

Show changes

	.hgignore
	FUZZING
	libpurple/fuzzers/Makefile.am
	libpurple/fuzzers/fuzz_base16_decode.c
	libpurple/fuzzers/fuzz_html_to_xhtml.c
	libpurple/fuzzers/fuzz_jabber_caps.c
	libpurple/fuzzers/fuzz_jabber_id_new.c
	libpurple/fuzzers/fuzz_markup_is_rtl.c
	177 more

Commits:

	Summary	ID
	Clean up all of the fuzzers and add a corpus for all of them	3aba6eca58063ff5405470153a57ac69629cc794
	Clean up all of the fuzzers and add a corpus for all of them	3000daa52b63ffb14bda06b89d2ab9c5cbeeb2fb

Diff:

Revision 8 (+994 -170)

Show changes

	.hgignore
	FUZZING
	libpurple/fuzzers/Makefile.am
	libpurple/fuzzers/fuzz_base16_decode.c
	libpurple/fuzzers/fuzz_html_to_xhtml.c
	libpurple/fuzzers/fuzz_jabber_caps.c
	libpurple/fuzzers/fuzz_jabber_id_new.c
	libpurple/fuzzers/fuzz_markup_is_rtl.c
	177 more

Ship it!

```
Ship It!
```

Ship it!

```
Ship It!
```

Ship it!

```
Ship It!
```

Status:: Completed