diff options
author | Calder Kitagawa <ckitagawa@chromium.org> | 2018-05-25 19:49:43 +0000 |
---|---|---|
committer | Edward Lesmes <ehmaldonado@google.com> | 2021-07-23 22:41:30 +0000 |
commit | 75569ad9940020e9730359c52bad857be7690025 (patch) | |
tree | efe0253fa585f04a18a2b0a2f0b8b31ca538e314 /fuzzers/testdata/raw_or_ztf_gen_fuzzer/seed_proto.bin | |
parent | 984b1815afc913c3021ce6a83a1fafd9da61c802 (diff) | |
download | zucchini-75569ad9940020e9730359c52bad857be7690025.tar.gz |
[Zucchini] ZTF Gen Fuzzer
This is part of a series of Fuzzers to be added to Zucchini for
security review. This tests the full patch generation logic
exercising the patch writer and gen process. It covers ~44% of code in
100000 runs. The remaining code is split between ZTF Apply Fuzzer
(~30%) and the aggregate of DEX Disassembly (not in launch scope),
patch serialization (trusted input), and other testing/debugging/error
handling code which isn't triggered.
With the supplied seed corpus the fuzzer reaches approximately 4000
execs/s.
The file format for the seed is a FilePair proto of a ZTF base file
and a ZTF updated file as used in Raw Gen.
Also fix bug where wrong fuzzer was running for apply.
Bug: 835341
Change-Id: Ib99dd70ba01820b874d72fecb2b543ea7082f649
Reviewed-on: https://chromium-review.googlesource.com/1072229
Commit-Queue: Calder Kitagawa <ckitagawa@chromium.org>
Reviewed-by: Samuel Huang <huangs@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Greg Thompson <grt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#561978}
NOKEYCHECK=True
GitOrigin-RevId: 8b5e3a4b59cfc86fc888726e29dea5d9cb1c1a09
Diffstat (limited to 'fuzzers/testdata/raw_or_ztf_gen_fuzzer/seed_proto.bin')
-rw-r--r-- | fuzzers/testdata/raw_or_ztf_gen_fuzzer/seed_proto.bin | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/fuzzers/testdata/raw_or_ztf_gen_fuzzer/seed_proto.bin b/fuzzers/testdata/raw_or_ztf_gen_fuzzer/seed_proto.bin new file mode 100644 index 0000000..5939c72 --- /dev/null +++ b/fuzzers/testdata/raw_or_ztf_gen_fuzzer/seed_proto.bin @@ -0,0 +1,42 @@ + +¤ZTxt +ZucZucZucZucZucZucZucZucZuc +ZucZucZucZucZucZucZucZucZuc +ZucZucZucZucZucZucZucZucZuc +ZucZucZucZucZucZucZucZucZuc +BLOCK1 +Lorem Ipsum, Ipsum Lorem, Alpha Beta Gamma <1,1> +{3,4} [4,5] (90,08) +(1,4) +[+001, +001] +References {-004,-003}, <001,001>, [98,78] +(+01,+00) +AAAAAAAAA + +BLOCK2 +{06,01} Another block. Lorem Ipsum, Ipsum, Ipsum +<><><><><>{}{}{}{}[][][]()()()() +[4,1] + +Old bytes live here as this is reasonable. +txTZ +ÛZTxt +BLOCK2 +{20,01} Another block. Lorem Ipsum, Ipsum, Ipsum +<><><><><>{}{}{}{}[][][]()()()() +[4,1] + +BLOCK1 +Lorem Ipsum, Ipsum Lorem, Alpha Beta Gamma <1,1> +{4,4} [5,8] (90,08) +(1,4) +[+001, +001] +References {-005,-006}, <001,002>, [98,78] +(+01,+04) +AAAAAAAAA + +Other new bytes. + +Old bytes live here as this is reasonable. +New bytes live here. +txTZ |