diff options
author | Calder Kitagawa <ckitagawa@chromium.org> | 2018-05-28 14:30:21 +0000 |
---|---|---|
committer | Edward Lesmes <ehmaldonado@google.com> | 2021-07-23 22:43:11 +0000 |
commit | 806fa630e61962fc2093be31eb3fad5fa745a27c (patch) | |
tree | 748f363f9ade33e7c598587e3e6ae5b98a61d079 /zucchini_apply.cc | |
parent | 75569ad9940020e9730359c52bad857be7690025 (diff) | |
download | zucchini-806fa630e61962fc2093be31eb3fad5fa745a27c.tar.gz |
[Zucchini] ZTF Apply Fuzzer
This is part of a series of Fuzzers to be added to Zucchini for
security review. This tests the full patch application logic
exercising the patch reader and apply process. It covers ~33% of code
in 1000000 runs. The bulk of remaining code ~40% is covered by ZTF Gen
Fuzzer. With the remainder (~30%) being for DEX Disassembly (not in
launch scope), patch serialization (trusted input), and other
testing/debugging/error handling code which isn't triggered.
This already found a couple bugs fixed in
https://chromium-review.googlesource.com/c/chromium/src/+/1072272
With the supplied seed corpus the fuzzer reaches approximately 12000
execs/s.
The file format for the seed is a FilePair proto of a ZTF base file
and a patch file as used in Raw Apply. This reuses the same generator
and fuzzer as Raw Apply as the type of application is encoded in the
patch itself.
Bug: 835341
Change-Id: I00f28c768a6e1c7b8c5e95979b279d64785ef515
Reviewed-on: https://chromium-review.googlesource.com/1072231
Commit-Queue: Calder Kitagawa <ckitagawa@chromium.org>
Reviewed-by: Samuel Huang <huangs@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#562260}
NOKEYCHECK=True
GitOrigin-RevId: 7206487ebd05fd4f30226ec59b730bb41c5013f2
Diffstat (limited to 'zucchini_apply.cc')
0 files changed, 0 insertions, 0 deletions