Add AFL fuzzing to test compression with miniz decompression #40
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks. Could maybe merge this and add more paths later? (and speaking of miniz_oxide, that librarly could also use some more extensive fuzzing.) |
This could decompress with two libraries ( |
Merged
|
I've had to terminate the fuzzing temporarily, and this should restart with the changes from #41, so for my reference here was the status of the first run: american fuzzy lop 2.52b (deflate-fuzz-target)
┌─ process timing ─────────────────────────────────────┬─ overall results ─────┐
│ run time : 72 days, 2 hrs, 21 min, 47 sec │ cycles done : 3 │
│ last new path : 2 days, 2 hrs, 55 min, 16 sec │ total paths : 1021 │
│ last uniq crash : 12 days, 19 hrs, 58 min, 0 sec │ uniq crashes : 46 │
│ last uniq hang : none seen yet │ uniq hangs : 0 │
├─ cycle progress ────────────────────┬─ map coverage ─┴───────────────────────┤
│ now processing : 651* (63.76%) │ map density : 2.96% / 3.59% │
│ paths timed out : 0 (0.00%) │ count coverage : 4.69 bits/tuple │
├─ stage progress ────────────────────┼─ findings in depth ────────────────────┤
│ now trying : interest 16/8 │ favored paths : 28 (2.74%) │
│ stage execs : 688k/1.33M (51.68%) │ new edges on : 53 (5.19%) │
│ total execs : 529M │ total crashes : 976k (46 unique) │
│ exec speed : 85.74/sec (slow!) │ total tmouts : 617 (62 unique) │
├─ fuzzing strategy yields ───────────┴───────────────┬─ path geometry ────────┤
│ bit flips : 167/19.6M, 21/19.6M, 13/19.6M │ levels : 8 │
│ byte flips : 1/2.44M, 3/2.41M, 9/2.41M │ pending : 915 │
│ arithmetics : 21/133M, 2/24.2M, 1/1.17M │ pend fav : 0 │
│ known ints : 5/15.6M, 12/65.0M, 48/104M │ own finds : 1018 │
│ dictionary : 0/0, 0/0, 25/118M │ imported : n/a │
│ havoc : 736/522k, 0/0 │ stability : 99.92% │
│ trim : 0.00%/69.1k, 1.67% ├────────────────────────┘
^C────────────────────────────────────────────────────┘ [cpu000: 10%]
|
Closed
|
Adding this now, can add further stuff later. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
AFL fuzzer started in #37 with roundtrip errors reported in #39. This differs from the fuzzer binary I'm currently running in that it was only testing
CompressionOptions::default(), but since::fast()was used in the original motivating bugs it should be used here too to exercise more code paths.Draft PR for now, since the found code paths from the current fuzz should probably be added as seeds.