From 75569ad9940020e9730359c52bad857be7690025 Mon Sep 17 00:00:00 2001
From: Calder Kitagawa <ckitagawa@chromium.org>
Date: Fri, 25 May 2018 19:49:43 +0000
Subject: [Zucchini] ZTF Gen Fuzzer

This is part of a series of Fuzzers to be added to Zucchini for
security review. This tests the full patch generation logic
exercising the patch writer and gen process. It covers ~44% of code in
100000 runs. The remaining code is split between ZTF Apply Fuzzer
(~30%) and the aggregate of DEX Disassembly (not in launch scope),
patch serialization (trusted input), and other testing/debugging/error
handling code which isn't triggered.

With the supplied seed corpus the fuzzer reaches approximately 4000
execs/s.

The file format for the seed is a FilePair proto of a ZTF base file
and a ZTF updated file as used in Raw Gen.

Also fix bug where wrong fuzzer was running for apply.

Bug: 835341
Change-Id: Ib99dd70ba01820b874d72fecb2b543ea7082f649
Reviewed-on: https://chromium-review.googlesource.com/1072229
Commit-Queue: Calder Kitagawa <ckitagawa@chromium.org>
Reviewed-by: Samuel Huang <huangs@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Greg Thompson <grt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#561978}
NOKEYCHECK=True
GitOrigin-RevId: 8b5e3a4b59cfc86fc888726e29dea5d9cb1c1a09
---
 BUILD.gn | 1 +
 1 file changed, 1 insertion(+)

(limited to 'BUILD.gn')

diff --git a/BUILD.gn b/BUILD.gn
index 7083127..7eb9c74 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -223,6 +223,7 @@ group("zucchini_fuzzers") {
     deps += [
       "//components/zucchini/fuzzers:zucchini_raw_apply_fuzzer",
       "//components/zucchini/fuzzers:zucchini_raw_gen_fuzzer",
+      "//components/zucchini/fuzzers:zucchini_ztf_gen_fuzzer",
     ]
   }
 }
-- 
cgit v1.2.3