blob: edc7ef2a8e28aa2cb5d2c4d2eaa4fe1c977b71ce (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
# Fuzzing DNG SDK
This fuzzer is intented to do a varian analysis of the issue reported
in b/156261521.
Here is a list of some CVEs previously discovered in DNG SDK:
* CVE-2020-9589
* CVE-2020-9590
* CVE-2020-9620
* CVE-2020-9621
* CVE-2020-9622
* CVE-2020-9623
* CVE-2020-9624
* CVE-2020-9625
* CVE-2020-9626
* CVE-2020-9627
* CVE-2020-9628
* CVE-2020-9629
## Building & running the fuzz target: Android device
It is recommended to set rss limit to higher values (such as 4096) when running
the fuzzer to avoid frequent OOM libFuzzer crashes.
```sh
$ source build/envsetup.sh
$ lunch aosp_arm64-eng
$ SANITIZE_TARGET=hwaddress make dng_parser_fuzzer
$ adb sync data
$ adb shell /data/fuzz/arm64/dng_parser_fuzzer/dng_parser_fuzzer \
$ -rss_limit=4096 \
$ /data/fuzz/arm64/dng_parser_fuzzer/corpus
```
## Building & running the fuzz target: Host
```sh
$ source build/envsetup.sh
$ lunch aosp_x86_64-eng
$ SANITIZE_HOST=address make dng_parser_fuzzer
$ LD_LIBRARY_PATH=$ANDROID_HOST_OUT/fuzz/x86_64/lib/ \
$ $ANDROID_HOST_OUT/fuzz/x86_64/dng_parser_fuzzer/dng_parser_fuzzer \
$ -rss_limit_mb=4096 \
$ $ANDROID_HOST_OUT/fuzz/x86_64/dng_parser_fuzzer/corpus/
```
|
