Enhance fuzzing

2017-06-13 22:16:14 +02:00 · 2017-06-13 22:16:14 +02:00 · 896a5e299a
parent e8f083e867
commit 896a5e299a
6 changed files with 41 additions and 7 deletions
--- a/fuzz/README.md
+++ b/fuzz/README.md
@ -9,6 +9,10 @@ are taken from the $NAME.in directory.
 Crash reproducers from OSS-Fuzz are put into $NAME.repro directory for
 regression testing with top dir 'make check' or 'make check-valgrind'.

+The ./configure runs below are for libidn2.
+To test libicu replace 'libidn2' with 'libicu', to test with
+libidn replace 'libidn2' by 'libidn'.
+

 # Running a fuzzer using clang

@ -33,7 +37,7 @@ cd fuzz
 Use the following commands on top dir:

 ```
-$ CC=afl-clang-fast ./configure --disable-gtk-doc
+$ CC=afl-clang-fast ./configure --disable-gtk-doc --enable-runtime=libidn2 --enable-builtin=libidn2
 $ make -j$(nproc) clean all
 $ cd fuzz
 $ ./run-afl.sh libpsl_fuzzer
@ -45,7 +49,7 @@ Code coverage reports currently work best with gcc+lcov+genhtml.

 In the top directory:
 ```
-CC=gcc CFLAGS="-O0 -g" ./configure --disable-gtk-doc
+CC=gcc CFLAGS="-O0 -g" ./configure --disable-gtk-doc --enable-runtime=libidn2 --enable-builtin=libidn2
 make fuzz-coverage
 xdg-open lcov/index.html
 ```
--- a/fuzz/libpsl_fuzzer.c
+++ b/fuzz/libpsl_fuzzer.c
@ -50,15 +50,29 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	psl_is_public_suffix(psl, domain);
 	psl_is_public_suffix2(psl, domain, PSL_TYPE_PRIVATE);
 	psl_is_public_suffix2(psl, domain, PSL_TYPE_ICANN);
+	psl_unregistrable_domain(psl, domain);
+	psl_registrable_domain(psl, domain);

 	psl_is_cookie_domain_acceptable(psl, "", NULL);
 	psl_is_cookie_domain_acceptable(psl, "a.b.c.e.com", domain);

 	if ((rc = psl_str_to_utf8lower(domain, "utf-8", NULL, &res)) == PSL_SUCCESS)
 		free(res);
+	if ((rc = psl_str_to_utf8lower(domain, "iso-8859-1", NULL, &res)) == PSL_SUCCESS)
+		free(res);
+	if ((rc = psl_str_to_utf8lower(domain, NULL, NULL, &res)) == PSL_SUCCESS)
+		free(res);

 	psl_free(psl);

+	psl_check_version_number(1);
+	psl_get_version();
+	psl_dist_filename();
+	psl_builtin_outdated();
+	psl_builtin_filename();
+	psl_builtin_sha1sum();
+	psl_builtin_file_time();
+
 	free(domain);

 	return 0;
--- a/fuzz/libpsl_fuzzer.in/com
+++ b/fuzz/libpsl_fuzzer.in/com
@ -1 +1 @@
-x.com
+X.com
--- a/fuzz/libpsl_load_dafsa_fuzzer.c
+++ b/fuzz/libpsl_load_dafsa_fuzzer.c
@ -50,9 +50,24 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)

 	psl_is_public_suffix(NULL, NULL);
 	psl_is_public_suffix(psl, ".ü.com");
+	psl_suffix_wildcard_count(psl);
+	psl_suffix_exception_count(psl);
+	psl_suffix_count(psl);
+
+	psl_free(psl);
+	fclose(fp);
+
+	// non-DAFSA load
+	fp = fmemopen(in + 16, size, "r");
+	assert(fp != NULL);
+
+	psl = psl_load_fp(fp);
+	psl_free(psl);
+	fclose(fp);
+
+	psl = psl_latest(NULL);
 	psl_free(psl);

-	fclose(fp);
 	free(in);

 	return 0;
--- a/fuzz/libpsl_load_dafsa_fuzzer.in/empty
+++ b/fuzz/libpsl_load_dafsa_fuzzer.in/empty
--- a/fuzz/run-clang.sh
+++ b/fuzz/run-clang.sh
@ -29,7 +29,8 @@ if test -z "$1"; then
 fi

 fuzzer=$1
-workers=4
+workers=$(($(nproc) - 1))
+jobs=$workers

 clang-5.0 \
 $CFLAGS -I../include -I.. \
@ -41,9 +42,9 @@ clang-5.0 \
 mkdir -p ${fuzzer}.new

 if test -f ${fuzzer}.dict; then
-  ./${fuzzer} -workers=$workers -dict=${fuzzer}.dict ${fuzzer}.new ${fuzzer}.in
+  ./${fuzzer} -dict=${fuzzer}.dict ${fuzzer}.new ${fuzzer}.in -jobs=$jobs -workers=$workers
 else
-  ./${fuzzer} -workers=$workers ${fuzzer}.new ${fuzzer}.in
+  ./${fuzzer} ${fuzzer}.new ${fuzzer}.in -jobs=$jobs -workers=$workers
 fi

 exit 0