Enhance fuzzing

2017-06-13 22:16:14 +02:00 · 2017-06-13 22:16:14 +02:00 · 896a5e299a
parent e8f083e867
commit 896a5e299a
6 changed files with 41 additions and 7 deletions
--- a/fuzz/README.md
+++ b/fuzz/README.md
@ -9,6 +9,10 @@ are taken from the $NAME.in directory.
 Crash reproducers from OSS-Fuzz are put into $NAME.repro directory for
 regression testing with top dir 'make check' or 'make check-valgrind'.
 The ./configure runs below are for libidn2.
 To test libicu replace 'libidn2' with 'libicu', to test with
 libidn replace 'libidn2' by 'libidn'.
 # Running a fuzzer using clang
@ -33,7 +37,7 @@ cd fuzz
 Use the following commands on top dir:
 ```
-$ CC=afl-clang-fast ./configure --disable-gtk-doc
+$ CC=afl-clang-fast ./configure --disable-gtk-doc --enable-runtime=libidn2 --enable-builtin=libidn2
 $ make -j$(nproc) clean all
 $ cd fuzz
 $ ./run-afl.sh libpsl_fuzzer
@ -45,7 +49,7 @@ Code coverage reports currently work best with gcc+lcov+genhtml.
 In the top directory:
 ```
-CC=gcc CFLAGS="-O0 -g" ./configure --disable-gtk-doc
+CC=gcc CFLAGS="-O0 -g" ./configure --disable-gtk-doc --enable-runtime=libidn2 --enable-builtin=libidn2
 make fuzz-coverage
 xdg-open lcov/index.html
 ```
--- a/fuzz/libpsl_fuzzer.c
+++ b/fuzz/libpsl_fuzzer.c
@ -50,15 +50,29 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	psl_is_public_suffix(psl, domain);
 	psl_is_public_suffix2(psl, domain, PSL_TYPE_PRIVATE);
 	psl_is_public_suffix2(psl, domain, PSL_TYPE_ICANN);
 	psl_unregistrable_domain(psl, domain);
 	psl_registrable_domain(psl, domain);
 	psl_is_cookie_domain_acceptable(psl, "", NULL);
 	psl_is_cookie_domain_acceptable(psl, "a.b.c.e.com", domain);
 	if ((rc = psl_str_to_utf8lower(domain, "utf-8", NULL, &res)) == PSL_SUCCESS)
 		free(res);
 	if ((rc = psl_str_to_utf8lower(domain, "iso-8859-1", NULL, &res)) == PSL_SUCCESS)
 		free(res);
 	if ((rc = psl_str_to_utf8lower(domain, NULL, NULL, &res)) == PSL_SUCCESS)
 		free(res);
 	psl_free(psl);
 	psl_check_version_number(1);
 	psl_get_version();
 	psl_dist_filename();
 	psl_builtin_outdated();
 	psl_builtin_filename();
 	psl_builtin_sha1sum();
 	psl_builtin_file_time();
 	free(domain);
 	return 0;
--- a/fuzz/libpsl_fuzzer.in/com
+++ b/fuzz/libpsl_fuzzer.in/com
@ -1 +1 @@
-x.com
+X.com
--- a/fuzz/libpsl_load_dafsa_fuzzer.c
+++ b/fuzz/libpsl_load_dafsa_fuzzer.c
@ -50,9 +50,24 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	psl_is_public_suffix(NULL, NULL);
 	psl_is_public_suffix(psl, ".ü.com");
 	psl_suffix_wildcard_count(psl);
 	psl_suffix_exception_count(psl);
 	psl_suffix_count(psl);
 	psl_free(psl);
 	fclose(fp);
 	// non-DAFSA load
 	fp = fmemopen(in + 16, size, "r");
 	assert(fp != NULL);
 	psl = psl_load_fp(fp);
 	psl_free(psl);
 	fclose(fp);
 	psl = psl_latest(NULL);
 	psl_free(psl);
 	fclose(fp);
 	free(in);
 	return 0;
--- a/fuzz/libpsl_load_dafsa_fuzzer.in/empty
+++ b/fuzz/libpsl_load_dafsa_fuzzer.in/empty
--- a/fuzz/run-clang.sh
+++ b/fuzz/run-clang.sh
@ -29,7 +29,8 @@ if test -z "$1"; then
 fi
 fuzzer=$1
-workers=4
+workers=$(($(nproc) - 1))
 jobs=$workers
 clang-5.0 \
 $CFLAGS -I../include -I.. \
@ -41,9 +42,9 @@ clang-5.0 \
 mkdir -p ${fuzzer}.new
 if test -f ${fuzzer}.dict; then
-  ./${fuzzer} -workers=$workers -dict=${fuzzer}.dict ${fuzzer}.new ${fuzzer}.in
+  ./${fuzzer} -dict=${fuzzer}.dict ${fuzzer}.new ${fuzzer}.in -jobs=$jobs -workers=$workers
 else
-  ./${fuzzer} -workers=$workers ${fuzzer}.new ${fuzzer}.in
+  ./${fuzzer} ${fuzzer}.new ${fuzzer}.in -jobs=$jobs -workers=$workers
 fi
 exit 0