diff options
| author | Calder Kitagawa <ckitagawa@google.com> | 2018-05-09 14:58:50 +0000 |
|---|---|---|
| committer | Edward Lesmes <ehmaldonado@google.com> | 2021-07-23 22:33:50 +0000 |
| commit | d00cef1273e6a91ec391987464367046091f7c47 (patch) | |
| tree | b66503c657c5f262074b1660b48963a90b3fef1c /BUILD.gn | |
| parent | f1724ddc48fd67154e33f1cfdb1bd8338213753a (diff) | |
| download | zucchini-d00cef1273e6a91ec391987464367046091f7c47.tar.gz | |
[Zucchini] (raw) Apply fuzzer
This is part of a series of Fuzzers to be added to Zucchini for
security review. This tests the raw data patch application logic
exercising the patch reader and apply process. It only covers ~20%
of code in 100000 executions as the bulk of the remaining code is
associated with the much more complex and expensive to fuzz reference
related code.
With the supplied seed corpus the fuzzer reaches approximately 11000
execs/s.
This found a couple bugs which are fixed in:
https://chromium-review.googlesource.com/c/chromium/src/+/1028575
Bug: 835341
Change-Id: Idc1d862bfaa6eb6313f39e10536f4750c05ab863
Reviewed-on: https://chromium-review.googlesource.com/1028570
Commit-Queue: Calder Kitagawa <ckitagawa@google.com>
Reviewed-by: Samuel Huang <huangs@chromium.org>
Reviewed-by: Greg Thompson <grt@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Jonathan Metzman <metzman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#557185}
NOKEYCHECK=True
GitOrigin-RevId: f4a598ff5adfe27f8153bd36984ee9cb549f99e9
Diffstat (limited to 'BUILD.gn')
| -rw-r--r-- | BUILD.gn | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -209,4 +209,9 @@ group("zucchini_fuzzers") { "//components/zucchini/fuzzers:zucchini_disassembler_win32_fuzzer", "//components/zucchini/fuzzers:zucchini_patch_fuzzer", ] + + # Ensure protoc is available. + if (current_toolchain == host_toolchain) { + deps += [ "//components/zucchini/fuzzers:zucchini_raw_apply_fuzzer" ] + } } |