glib/fuzzing
Philip Withnall 0e0421cfe2
fuzzing: Fix buffer overread error in the fuzz test itself
valgrind spotted this one: a read off the end of the `stop_chars` buffer
when `stop_chars_len == -1`, due to the fuzzing test not sticking to the
requirement from `g_data_input_stream_read_upto()` that `stop_chars`
must be nul-terminated if `stop_chars_len < 0`.

This can happen when reading `fuzzing/README.md`, which is done as a
smoketest when the fuzzing tests are run without the fuzzer, as normal
unit tests. In this case, it made smoke.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>
2024-10-22 13:18:59 +01:00
..
driver.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_bookmark.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_bookmark.corpus Integrate oss-fuzz targets 2018-10-11 00:02:03 +00:00
fuzz_canonicalize_filename.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_data_input_stream_read_line_utf8.c fuzzing: Add fuzz tests for GDataInputStream’s complex read methods 2024-10-10 12:15:30 +01:00
fuzz_data_input_stream_read_line.c fuzzing: Add fuzz tests for GDataInputStream’s complex read methods 2024-10-10 12:15:30 +01:00
fuzz_data_input_stream_read_upto.c fuzzing: Fix buffer overread error in the fuzz test itself 2024-10-22 13:18:59 +01:00
fuzz_date_parse.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_date_time_new_from_iso8601.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_dbus_message.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_inet_address_mask_new_from_string.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_inet_address_new_from_string.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_inet_socket_address_new_from_string.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_key.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_key.corpus Integrate oss-fuzz targets 2018-10-11 00:02:03 +00:00
fuzz_network_address_parse_uri.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_network_address_parse.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_paths.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_resolver.c gthreadedresolver: Move private testing symbols to a private header 2024-02-09 10:05:56 +00:00
fuzz_string.c fuzzing: Add input length limits on g_string_replace() test 2024-10-05 23:01:58 +01:00
fuzz_uri_escape.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_uri_parse_params.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_uri_parse.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_utf8_normalize.c Add fuzzing harness for g_utf8_normalize() 2023-04-14 15:50:47 +00:00
fuzz_utf8_validate.c fuzzing: Add a fuzz test for g_utf8_validate() 2022-11-07 13:20:32 +00:00
fuzz_uuid_string_is_valid.c fuzzing: Add fuzz test for g_uuid_string_is_valid() 2022-06-10 16:12:48 +01:00
fuzz_variant_binary_byteswap.c fuzzing: Add a new fuzz test for g_variant_byteswap() 2022-10-27 12:13:13 +01:00
fuzz_variant_binary.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_variant_text.c fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
fuzz_variant_text.dict Integrate oss-fuzz targets 2018-10-11 00:02:03 +00:00
fuzz.h fuzzing: Add copyright/licensing headers to fuzzing files 2022-05-18 09:49:26 +01:00
meson.build fuzzing: Add fuzz tests for GDataInputStream’s complex read methods 2024-10-10 12:15:30 +01:00
README.md docs: Update various external links to use HEAD instead of master 2021-06-07 14:03:48 +01:00

Fuzz targets used by oss-fuzz.

Useful links: Dashboard (requires access), Build logs, Coverage

How to add new targets

Add fuzz_target_name.c and edit meson.build accordingly.

New targets are picked up by oss-fuzz automatically within a day. Targets must not be renamed once added.

Add (optional) fuzz_target_name.dict containing keywords and magic bytes.

Add (optional) fuzz_target_name.corpus with file names on separate lines. Wildcards ?, * and ** are supported. Examples below.

glib/*  # all files in directory glib
glib/** # all files in directory glib and sub-directories
**.xbel # all files ending with .xbel in the repository

Recommended reading: Fuzz Target, Dictionaries, Corpus

How to reproduce oss-fuzz bugs locally

Build with at least the following flags, choosing a sanitizer as needed. A somewhat recent version of clang is recommended.

$ CC=clang CXX=clang++ meson DIR -Db_sanitize=<address|undefined> -Db_lundef=false

Afterwards run the affected target against the provided test case.

$ DIR/fuzzing/fuzz_target_name FILE

FAQs

What about Memory Sanitizer (MSAN)?

Correct MSAN instrumentation is difficult to achieve locally, so false positives are very likely to mask the actual bug.

If need be, you can still reproduce those bugs with the oss-fuzz provided docker images.

There are no file/function names in the stack trace.

llvm-symbolizer must be in PATH.

UndefinedBehavior Sanitizer (UBSAN) doesn't provide a stack trace.

Set environment variable UBSAN_OPTIONS to print_stacktrace=1 prior to running the target.