diff --git a/fuzz/README.md b/fuzz/README.md index fa2fa5b..91c3472 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -9,6 +9,10 @@ are taken from the $NAME.in directory. Crash reproducers from OSS-Fuzz are put into $NAME.repro directory for regression testing with top dir 'make check' or 'make check-valgrind'. +The ./configure runs below are for libidn2. +To test libicu replace 'libidn2' with 'libicu', to test with +libidn replace 'libidn2' by 'libidn'. + # Running a fuzzer using clang @@ -33,7 +37,7 @@ cd fuzz Use the following commands on top dir: ``` -$ CC=afl-clang-fast ./configure --disable-gtk-doc +$ CC=afl-clang-fast ./configure --disable-gtk-doc --enable-runtime=libidn2 --enable-builtin=libidn2 $ make -j$(nproc) clean all $ cd fuzz $ ./run-afl.sh libpsl_fuzzer @@ -45,7 +49,7 @@ Code coverage reports currently work best with gcc+lcov+genhtml. In the top directory: ``` -CC=gcc CFLAGS="-O0 -g" ./configure --disable-gtk-doc +CC=gcc CFLAGS="-O0 -g" ./configure --disable-gtk-doc --enable-runtime=libidn2 --enable-builtin=libidn2 make fuzz-coverage xdg-open lcov/index.html ``` diff --git a/fuzz/libpsl_fuzzer.c b/fuzz/libpsl_fuzzer.c index c98ff8c..bbe70d6 100644 --- a/fuzz/libpsl_fuzzer.c +++ b/fuzz/libpsl_fuzzer.c @@ -50,15 +50,29 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) psl_is_public_suffix(psl, domain); psl_is_public_suffix2(psl, domain, PSL_TYPE_PRIVATE); psl_is_public_suffix2(psl, domain, PSL_TYPE_ICANN); + psl_unregistrable_domain(psl, domain); + psl_registrable_domain(psl, domain); psl_is_cookie_domain_acceptable(psl, "", NULL); psl_is_cookie_domain_acceptable(psl, "a.b.c.e.com", domain); if ((rc = psl_str_to_utf8lower(domain, "utf-8", NULL, &res)) == PSL_SUCCESS) free(res); + if ((rc = psl_str_to_utf8lower(domain, "iso-8859-1", NULL, &res)) == PSL_SUCCESS) + free(res); + if ((rc = psl_str_to_utf8lower(domain, NULL, NULL, &res)) == PSL_SUCCESS) + free(res); psl_free(psl); + psl_check_version_number(1); + psl_get_version(); + psl_dist_filename(); + psl_builtin_outdated(); + psl_builtin_filename(); + psl_builtin_sha1sum(); + psl_builtin_file_time(); + free(domain); return 0; diff --git a/fuzz/libpsl_fuzzer.in/com b/fuzz/libpsl_fuzzer.in/com index 4b9c176..3b664e1 100644 --- a/fuzz/libpsl_fuzzer.in/com +++ b/fuzz/libpsl_fuzzer.in/com @@ -1 +1 @@ -x.com +X.com diff --git a/fuzz/libpsl_load_dafsa_fuzzer.c b/fuzz/libpsl_load_dafsa_fuzzer.c index 9bf0080..ee6cce6 100644 --- a/fuzz/libpsl_load_dafsa_fuzzer.c +++ b/fuzz/libpsl_load_dafsa_fuzzer.c @@ -50,9 +50,24 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) psl_is_public_suffix(NULL, NULL); psl_is_public_suffix(psl, ".ΓΌ.com"); + psl_suffix_wildcard_count(psl); + psl_suffix_exception_count(psl); + psl_suffix_count(psl); + + psl_free(psl); + fclose(fp); + + // non-DAFSA load + fp = fmemopen(in + 16, size, "r"); + assert(fp != NULL); + + psl = psl_load_fp(fp); + psl_free(psl); + fclose(fp); + + psl = psl_latest(NULL); psl_free(psl); - fclose(fp); free(in); return 0; diff --git a/fuzz/libpsl_load_dafsa_fuzzer.in/empty b/fuzz/libpsl_load_dafsa_fuzzer.in/empty new file mode 100644 index 0000000..e69de29 diff --git a/fuzz/run-clang.sh b/fuzz/run-clang.sh index 70c9122..1cdf335 100755 --- a/fuzz/run-clang.sh +++ b/fuzz/run-clang.sh @@ -29,7 +29,8 @@ if test -z "$1"; then fi fuzzer=$1 -workers=4 +workers=$(($(nproc) - 1)) +jobs=$workers clang-5.0 \ $CFLAGS -I../include -I.. \ @@ -41,9 +42,9 @@ clang-5.0 \ mkdir -p ${fuzzer}.new if test -f ${fuzzer}.dict; then - ./${fuzzer} -workers=$workers -dict=${fuzzer}.dict ${fuzzer}.new ${fuzzer}.in + ./${fuzzer} -dict=${fuzzer}.dict ${fuzzer}.new ${fuzzer}.in -jobs=$jobs -workers=$workers else - ./${fuzzer} -workers=$workers ${fuzzer}.new ${fuzzer}.in + ./${fuzzer} ${fuzzer}.new ${fuzzer}.in -jobs=$jobs -workers=$workers fi exit 0