Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Test fuzzers against seed corpus under CI ASan build

Browse source
This commit is contained in:
Jon Siwek 2020-04-28 15:28:45 -07:00
parent f1d21fa489
commit db5248ad85
6 changed files with 50 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.cirrus.yml
View file

@ -4,7 +4,7 @@ btest_retries: &BTEST_RETRIES 2
memory: &MEMORY 6GB memory: &MEMORY 6GB
config: &CONFIG --build-type=release --enable-cpp-tests config: &CONFIG --build-type=release --enable-cpp-tests
memcheck_config: &MEMCHECK_CONFIG --build-type=debug --enable-cpp-tests --sanitizers=address memcheck_config: &MEMCHECK_CONFIG --build-type=debug --enable-cpp-tests --sanitizers=address --enable-fuzzers
resources_template: &RESOURCES_TEMPLATE resources_template: &RESOURCES_TEMPLATE
cpu: *CPUS cpu: *CPUS
@ -133,5 +133,6 @@ memcheck_task:
# AddressSanitizer uses a lot more memory than a typical config. # AddressSanitizer uses a lot more memory than a typical config.
memory: 16GB memory: 16GB
<< : *CI_TEMPLATE << : *CI_TEMPLATE
test_fuzzers_script: ./ci/test-fuzzers.sh
env: env:
ZEEK_CI_CONFIGURE_FLAGS: *MEMCHECK_CONFIG ZEEK_CI_CONFIGURE_FLAGS: *MEMCHECK_CONFIG

40
ci/test-fuzzers.sh Executable file
View file

@ -0,0 +1,40 @@
#! /usr/bin/env bash
result=0
echo "Testing fuzzers against their seed corpus"
echo "-----------------------------------------"
cd build || result=1
. ./zeek-path-dev.sh
fuzzers=$(find ./src/fuzzers -name 'zeek-*-fuzzer')
for fuzzer_path in ${fuzzers}; do
fuzzer_exe=$(basename ${fuzzer_path})
fuzzer_name=$(echo ${fuzzer_exe} | sed 's/zeek-\(.*\)-fuzzer/\1/g')
corpus="../src/fuzzers/${fuzzer_name}-corpus.zip"
if [[ -e ${corpus} ]]; then
echo "Fuzzer: ${fuzzer_exe} ${corpus}"
( rm -rf corpus && mkdir corpus ) || result=1
( cd corpus && unzip ../${corpus} >/dev/null ) || result=1
${fuzzer_path} corpus/* >${fuzzer_exe}.out 2>${fuzzer_exe}.err
if [[ $? -eq 0 ]]; then
tail -n 1 ${fuzzer_exe}.out
else
result=1
cat ${fuzzer_exe}.out
echo " FAILED"
cat ${fuzzer_exe}.err
fi
else
echo "Skipping Fuzzer (no corpus): ${fuzzer_exe}"
fi
echo "-----------------------------------------"
done
exit ${result}

1
ci/ubuntu-18.04/Dockerfile
View file

@ -20,6 +20,7 @@ RUN apt-get update && apt-get -y install \
sqlite3 \ sqlite3 \
curl \ curl \
wget \ wget \
unzip \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
# Many distros adhere to PEP 394's recommendation for `python` = `python2` so # Many distros adhere to PEP 394's recommendation for `python` = `python2` so

2
src/analyzer/protocol/pop3/POP3.cc
View file

@ -864,7 +864,7 @@ int POP3_Analyzer::ParseCmd(std::string cmd)
if ( cmd.size() == 0 ) if ( cmd.size() == 0 )
return -1; return -1;
for ( int code = POP3_CMD_OK; code <= POP3_CMD_END; ++code ) for ( int code = POP3_CMD_OK; code < POP3_CMD_END; ++code )
{ {
char c = cmd.c_str()[0]; char c = cmd.c_str()[0];
if ( c == '+' || c == '-' ) if ( c == '+' || c == '-' )

2
src/fuzzers/FuzzBuffer.cc
View file

@ -59,7 +59,7 @@ std::optional<zeek::FuzzBuffer::Chunk> zeek::FuzzBuffer::Next()
// for each chunk. // for each chunk.
rval.data = std::make_unique<unsigned char[]>(rval.size); rval.data = std::make_unique<unsigned char[]>(rval.size);
memcpy(rval.data.get(), chunk_begin, rval.size); memcpy(rval.data.get(), chunk_begin, rval.size);
return rval; return {std::move(rval)};
} }
return {}; return {};

4
src/fuzzers/standalone-driver.cc
View file

@ -20,6 +20,10 @@ int main(int argc, char** argv)
{ {
auto input_file_name = argv[i + 1]; auto input_file_name = argv[i + 1];
printf(" %s:", input_file_name); printf(" %s:", input_file_name);
// If ASan ends up aborting, the previous stdout output may not
// be flushed, so make sure to that and make it easier to see
// what input caused the crash.
fflush(stdout);
auto f = fopen(input_file_name, "r"); auto f = fopen(input_file_name, "r");
assert(f); assert(f);