diff options
| author | Calder Kitagawa <ckitagawa@chromium.org> | 2018-05-17 21:07:49 +0000 |
|---|---|---|
| committer | Edward Lesmes <ehmaldonado@google.com> | 2021-07-23 22:36:08 +0000 |
| commit | 1bed19c017ffd98c6448e352d564b8583b4862b1 (patch) | |
| tree | 954da0e96c0077da447ffd6cd513c9a3e6ebbb88 /BUILD.gn | |
| parent | 11c1b2a45984f0f16a3e043bdc55bc9532227056 (diff) | |
| download | zucchini-1bed19c017ffd98c6448e352d564b8583b4862b1.tar.gz | |
[Zucchini] (raw) Gen Fuzzer
This is part of a series of Fuzzers to be added to Zucchini for security
review. This tests the raw data patch generation logic exercising the
patch writer and gen process. It only covers ~20% of code in 100000
executions as the bulk of the remaining code is associated with the much
more complex and expensive to fuzz reference related code.
With the supplied seed corpus the fuzzer reaches approximately 5000
execs/s. There were no bug/stability issues found in raw gen.
The file format for the seed is a FilePair proto as used in raw Apply;
however, it is static so doesn't need regeneration. The files within
the FilePair seed are ZTF (Zucchini Text Format) files based on the code
that will be landed in:
https://chromium-review.googlesource.com/c/chromium/src/+/1056147
This way the source files can be reused in the ZTF gen and apply
fuzzers which will be used to more efficiently fuzz the reference
handling code in Zucchini.
Remaining Security Review Fuzzers (For Windows Launch)
- ZTF Gen
- ZTF Apply
(ZTF = Zucchini text format)
Note that suffix array while originally discussed is already implictly
fuzzed by this fuzzer and as such shouldn't require a standalone
fuzzer.
Other remaining fuzzers (Not shipped so non-blocking of Windows Launch)
- Disassembler DEX
- Disassembler ELF (when merged from Trunk)
To create the seed file pair run the following from
components/zucchini/fuzzers/
./create_seed_file_pair.py ../../../out/Release/protoc \
testdata/old.ztxt testdata/new.ztxt testdata/seed_proto.bin
Note: you need to first build protoc in out/Release/
Bug: 835341
Change-Id: I1bf5c2a4251093bbf5bfc92904afc376a2832dbd
Reviewed-on: https://chromium-review.googlesource.com/1062412
Commit-Queue: Calder Kitagawa <ckitagawa@chromium.org>
Reviewed-by: Samuel Huang <huangs@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#559676}
NOKEYCHECK=True
GitOrigin-RevId: 133fb1221e6c293dc43ff438567b2834b2e5c798
Diffstat (limited to 'BUILD.gn')
| -rw-r--r-- | BUILD.gn | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -212,6 +212,9 @@ group("zucchini_fuzzers") { # Ensure protoc is available. if (current_toolchain == host_toolchain) { - deps += [ "//components/zucchini/fuzzers:zucchini_raw_apply_fuzzer" ] + deps += [ + "//components/zucchini/fuzzers:zucchini_raw_apply_fuzzer", + "//components/zucchini/fuzzers:zucchini_raw_gen_fuzzer", + ] } } |