Фаззинг usbredir: различия между версиями

Материал из ALT Linux Wiki
(Новая страница: «Для запуска фаззинг тестов usbredir [1] используется оснастка проекта oss-fuzz [2] '''На хосте:''' cd ~ git clone https://github.com/google/oss-fuzz.git cd ./oss-fuzz/projects/spice-usbredir/ podman build --force-rm=true --tag "usbredir-oss-fuzz-img:latest" . 2>&1 | tee imgbuild.log podman run --rm -it localhost/usbredir-oss-fuzz-img:latest /bin/bash '''В запущенном контейне...»)
 
Нет описания правки
Строка 17: Строка 17:
   
   
export CC='clang -fsanitize=fuzzer-no-link -fsanitize=address'
export CC='clang -fsanitize=fuzzer-no-link -fsanitize=address'
export CXX='clang++ -fsanitize=fuzzer-no-link -fsanitize=address'
export CXX='clang++ -fsanitize=fuzzer-no-link -fsanitize=address'
export LIB_FUZZING_ENGINE=-fsanitize=fuzzer  
 
export OUT=/tmp/fuzzer  
export LIB_FUZZING_ENGINE=-fsanitize=fuzzer
 
export OUT=/tmp/fuzzer
./build-aux/oss-fuzz.sh
./build-aux/oss-fuzz.sh


Строка 51: Строка 55:


[1] https://gitlab.freedesktop.org/spice/usbredir/-/tree/main/fuzzing?ref_type=heads
[1] https://gitlab.freedesktop.org/spice/usbredir/-/tree/main/fuzzing?ref_type=heads
[2] https://github.com/google/oss-fuzz/tree/master/projects/spice-usbredir
[2] https://github.com/google/oss-fuzz/tree/master/projects/spice-usbredir

Версия от 13:30, 19 октября 2023

Для запуска фаззинг тестов usbredir [1] используется оснастка проекта oss-fuzz [2]

На хосте:

cd ~

git clone https://github.com/google/oss-fuzz.git

cd ./oss-fuzz/projects/spice-usbredir/

podman build --force-rm=true --tag "usbredir-oss-fuzz-img:latest" . 2>&1 | tee imgbuild.log

podman run --rm -it localhost/usbredir-oss-fuzz-img:latest /bin/bash


В запущенном контейнере сборка целей:

export CC='clang -fsanitize=fuzzer-no-link -fsanitize=address'

export CXX='clang++ -fsanitize=fuzzer-no-link -fsanitize=address'

export LIB_FUZZING_ENGINE=-fsanitize=fuzzer

export OUT=/tmp/fuzzer

./build-aux/oss-fuzz.sh

Запуск исполнения:

cd /tmp/fuzzer/

./usbredirparserfuzz 2>&1 |tee log.usbredirparserfuzz

или

./usbredirfilterfuzz 2>&1 |tee log.usbredirparserfuzz

Пример вывода фаззера:

  1. 15955820 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5157 rss: 173Mb L: 317/3856 MS: 4 ChangeByte-ChangeByte-InsertByte-EraseBytes-
  2. 15956397 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5157 rss: 173Mb L: 95/3856 MS: 2 PersAutoDict-EraseBytes- DE: "\377\013"-
  3. 15971663 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5157 rss: 173Mb L: 1225/3856 MS: 1 EraseBytes-
  4. 15981720 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5157 rss: 173Mb L: 381/3856 MS: 2 ChangeBit-EraseBytes-
  5. 15986559 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5156 rss: 173Mb L: 1608/3856 MS: 4 ChangeBit-EraseBytes-ChangeByte-InsertRepeatedBytes-
  6. 15991610 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5155 rss: 173Mb L: 166/3856 MS: 1 EraseBytes-
  7. 15995096 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5156 rss: 173Mb L: 98/3856 MS: 1 EraseBytes-
  8. 16000627 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5154 rss: 173Mb L: 707/3856 MS: 1 EraseBytes-
  9. 16000844 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5154 rss: 173Mb L: 418/3856 MS: 2 ChangeBit-EraseBytes-
  10. 16007160 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5155 rss: 173Mb L: 73/3856 MS: 1 EraseBytes-
  11. 16010027 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5154 rss: 173Mb L: 177/3856 MS: 2 ChangeByte-EraseBytes-
  12. 16010163 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5154 rss: 173Mb L: 612/3856 MS: 1 EraseBytes-
  13. 16018900 REDUCE cov: 466 ft: 2080 corp: 991/262Kb lim: 4096 exec/s: 5152 rss: 173Mb L: 783/3856 MS: 2 InsertByte-EraseBytes-

Ссылки:

[1] https://gitlab.freedesktop.org/spice/usbredir/-/tree/main/fuzzing?ref_type=heads

[2] https://github.com/google/oss-fuzz/tree/master/projects/spice-usbredir