Fuzz corpora #75

Shnatsel · 2023-02-01T22:54:54Z

Shnatsel
Feb 1, 2023

Fuzzing on CI will be much more effective if it starts from a corpus generated by the fuzzer earlier instead of from scratch.

I have combined the generated corpora from three different libraries I've fuzzed, used that to fuzz zune-png (specifically the decode_buffer target) for a while, and then ran cargo fuzz cmin. The result should be a good starting point for fuzzing on CI:
zune_png_decode_buffer.tar.gz

I'll see if I can prepare the same for JPEG next.

etemesi254 · 2023-02-02T13:12:22Z

etemesi254
Feb 2, 2023
Maintainer

Hi, we need a better solution for this, it will just get worse with time.

The repo is already 103 MB in size with only two decoders.

We should separate code with tests as much as possible.

3 replies

Shnatsel Feb 2, 2023
Author

This corpus is only 170KB, so it's actually viable to keep the fuzzing data in-tree. But I agree about all the test images.

etemesi254 Feb 2, 2023
Maintainer

I'm open to suggestions

We can keep fuzzers in the repo

Hopefully one directory and then we should probably move test files away

Shnatsel Feb 2, 2023
Author

Git LFS has very low file transfer caps, so it's not really useful here.

There's S3 but you have to pay for bandwidth if it exceeds 100GB, it might be possible to mount a denial-of-savings attack by downloading it a lot so you'd rack up a large AWS bill. There doesn't seem to be a way to limit bandwidth.

The best idea I got is (ab)using the Github releases mechanism, tagging a snapshot and attaching the new archive with the test files every time. Then CI can download and extract it.

etemesi254 · 2023-02-02T16:54:37Z

etemesi254
Feb 2, 2023
Maintainer

Initially setup the fuzzer and updated CI.

There is a new directory fuzz-corpus, and there is a sub-directory for png that contains the corpus you shared. The CI fuzzer for png will use those files as seed runs

0 replies

Shnatsel · 2023-02-02T22:30:23Z

Shnatsel
Feb 2, 2023
Author

Here's the corpus for zune-inflate, seeded with my previous fuzzing attempts and then ran for 50 million executions:
zune-inflate-corpus-ac4a162d.tar.gz

1 reply

etemesi254 Feb 3, 2023
Maintainer

83c11db

Shnatsel · 2023-02-24T18:45:52Z

Shnatsel
Feb 24, 2023
Author

Here's the corpus for zune-jpeg seeded with my previous corpora and then ran for 250 million executions with no issues (plus more up until then that were finding panics): zune-jpeg-fuzz-seeds.tar.gz

1 reply

etemesi254 Feb 25, 2023
Maintainer

1cbc0aa and d427e42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fuzz corpora #75

{{title}}

Replies: 4 comments 5 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Fuzz corpora #75

Shnatsel Feb 1, 2023

Replies: 4 comments · 5 replies

etemesi254 Feb 2, 2023 Maintainer

Shnatsel Feb 2, 2023 Author

etemesi254 Feb 2, 2023 Maintainer

Shnatsel Feb 2, 2023 Author

etemesi254 Feb 2, 2023 Maintainer

Shnatsel Feb 2, 2023 Author

etemesi254 Feb 3, 2023 Maintainer

Shnatsel Feb 24, 2023 Author

etemesi254 Feb 25, 2023 Maintainer

Shnatsel
Feb 1, 2023

Replies: 4 comments 5 replies

etemesi254
Feb 2, 2023
Maintainer

Shnatsel Feb 2, 2023
Author

etemesi254 Feb 2, 2023
Maintainer

Shnatsel Feb 2, 2023
Author

etemesi254
Feb 2, 2023
Maintainer

Shnatsel
Feb 2, 2023
Author

etemesi254 Feb 3, 2023
Maintainer

Shnatsel
Feb 24, 2023
Author

etemesi254 Feb 25, 2023
Maintainer