diff options
| author | Calder Kitagawa <ckitagawa@chromium.org> | 2018-06-01 16:12:01 +0000 |
|---|---|---|
| committer | Edward Lesmes <ehmaldonado@google.com> | 2021-07-23 22:48:18 +0000 |
| commit | d29431970cf0221c9eb2e5d41f424d12c675ceda (patch) | |
| tree | cd12e50af526f68bc5a2f1ca02a40451430e6329 /fuzzers | |
| parent | 16f8ef6432c0b1f3c668921aa120be7a4b16a701 (diff) | |
| download | zucchini-d29431970cf0221c9eb2e5d41f424d12c675ceda.tar.gz | |
[Zucchini]: Disable CHECK for ZTF Gen Fuzzer patch size
The fuzzer is really smart; it discovered the worst case patch scenario
of alternating 16 byte regions of ZTF and Raw regions. This resulted in
a 310 B testcase (17 B source file) generating a 2.5 ~kB patch
(uncompressed) (470 B compressed). This is the absolute worst case
behavior which requires an intentionally badly designed archive/input.
In reality this would never occur with valid binaries. It is good to
know that this case exists but there isn't much that can be done to
prevent it in Zucchini so we can just disable this check.
Two solutions to this could be:
1. Make Zucchini smart enough to try multiple patches, compare the
compressed size and choose the best option.
2. Ignore it and in infra compare:
- Compressed ensemble patch
- Compressed raw patch
- Compressed image
Then just ship the smallest.
Option 1 adds a lot of complexity. Ideally, Zucchini should remain
naive with regards to generating compressed patches so that the infra
can choose the preferred compression and keep Zucchini fast.
The case for making the infra smarter is compelling and probably the
solution to pursue. However, because we have control over the input
binaries and this case will realistically not occur it isn't a
priority.
Bug: 848503
Change-Id: Ic505db49fd89f12dbd1eb5b100a59832f6054b2e
Reviewed-on: https://chromium-review.googlesource.com/1082008
Reviewed-by: Samuel Huang <huangs@chromium.org>
Commit-Queue: Calder Kitagawa <ckitagawa@chromium.org>
Cr-Commit-Position: refs/heads/master@{#563662}
NOKEYCHECK=True
GitOrigin-RevId: 54bf0d1da91c3db9a3682b840f7c76faa93c0072
Diffstat (limited to 'fuzzers')
| -rw-r--r-- | fuzzers/ztf_gen_fuzzer.cc | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/fuzzers/ztf_gen_fuzzer.cc b/fuzzers/ztf_gen_fuzzer.cc index 76ae44f..785aed4 100644 --- a/fuzzers/ztf_gen_fuzzer.cc +++ b/fuzzers/ztf_gen_fuzzer.cc @@ -59,13 +59,8 @@ DEFINE_BINARY_PROTO_FUZZER(const zucchini::fuzzers::FilePair& file_pair) { // Fuzz Target. zucchini::GenerateEnsemble(old_image, new_image, &patch_writer); - // Check that the patch size is sane. Crash the fuzzer if this isn't the case - // as it is a failure in Zucchini's patch performance that is worth - // investigating. - size_t patch_size = patch_writer.SerializedSize(); - CHECK_LE(patch_size, kMaxImageSize * 2); - // Write to buffer to avoid IO. + size_t patch_size = patch_writer.SerializedSize(); std::unique_ptr<uint8_t[]> patch_data(new uint8_t[patch_size]); zucchini::BufferSink patch(patch_data.get(), patch_size); patch_writer.SerializeInto(patch); |