Фаззинг usbredir

Материал из ALT Linux Wiki

Для запуска фаззинг тестов usbredir [1] используется оснастка проекта oss-fuzz [2]

На хосте:

cd ~

git clone https://github.com/google/oss-fuzz.git

cd ./oss-fuzz/projects/spice-usbredir/

podman build --force-rm=true --tag "usbredir-oss-fuzz-img:latest" . 2>&1 | tee imgbuild.log

podman run --rm -it localhost/usbredir-oss-fuzz-img:latest /bin/bash


В запущенном контейнере сборка целей:

export CC='clang -fsanitize=fuzzer-no-link -fsanitize=address'

export CXX='clang++ -fsanitize=fuzzer-no-link -fsanitize=address'

export LIB_FUZZING_ENGINE=-fsanitize=fuzzer

export OUT=/tmp/fuzzer

./build-aux/oss-fuzz.sh

Запуск исполнения:

cd /tmp/fuzzer/

./usbredirparserfuzz 2>&1 |tee log.usbredirparserfuzz

или

./usbredirfilterfuzz 2>&1 |tee log.usbredirfilterfuzz

Пример вывода фаззера:

  1. 15955820 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5157 rss: 173Mb L: 317/3856 MS: 4 ChangeByte-ChangeByte-InsertByte-EraseBytes-
  2. 15956397 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5157 rss: 173Mb L: 95/3856 MS: 2 PersAutoDict-EraseBytes- DE: "\377\013"-
  3. 15971663 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5157 rss: 173Mb L: 1225/3856 MS: 1 EraseBytes-
  4. 15981720 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5157 rss: 173Mb L: 381/3856 MS: 2 ChangeBit-EraseBytes-
  5. 15986559 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5156 rss: 173Mb L: 1608/3856 MS: 4 ChangeBit-EraseBytes-ChangeByte-InsertRepeatedBytes-
  6. 15991610 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5155 rss: 173Mb L: 166/3856 MS: 1 EraseBytes-
  7. 15995096 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5156 rss: 173Mb L: 98/3856 MS: 1 EraseBytes-
  8. 16000627 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5154 rss: 173Mb L: 707/3856 MS: 1 EraseBytes-
  9. 16000844 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5154 rss: 173Mb L: 418/3856 MS: 2 ChangeBit-EraseBytes-
  10. 16007160 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5155 rss: 173Mb L: 73/3856 MS: 1 EraseBytes-
  11. 16010027 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5154 rss: 173Mb L: 177/3856 MS: 2 ChangeByte-EraseBytes-
  12. 16010163 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5154 rss: 173Mb L: 612/3856 MS: 1 EraseBytes-
  13. 16018900 REDUCE cov: 466 ft: 2080 corp: 991/262Kb lim: 4096 exec/s: 5152 rss: 173Mb L: 783/3856 MS: 2 InsertByte-EraseBytes-

Ссылки:

[1] https://gitlab.freedesktop.org/spice/usbredir/-/tree/main/fuzzing?ref_type=heads

[2] https://github.com/google/oss-fuzz/tree/master/projects/spice-usbredir