-
Notifications
You must be signed in to change notification settings - Fork 53
FuzzingPlugins
Evan Nemerson edited this page Nov 17, 2015
·
8 revisions
I'm trying to make sure all plugins receive at least some attention from a fuzzer before 1.0. What follows in an overview of the current status.
I'm using AFL with ASAN, the goal is to complete at least 1 cycle for each codec.
m^2 has written a good guide for how to do this, the process is similar for Squash. Some additional notes:
- Use a tmpfs directory. AFL can be rough on hard drives, and given how small test cases are there isn't usually a problem with running out of RAM.
- You can set the SQUASH_FUZZ_MODE=yes environment variable before calling the squash CLI to ask it to always succeed (unless it crashes).
- On 64-bit Linux systems you'll probably want to use the limit_memory.sh script distributed with AFL (see the notes_for_asan.txt document, also distributed with AFL, for details).
<tr>
<td>brotli</td>
<td></td>
<td></td>
</tr>
<tr>
<td>bsc</td>
<td></td>
<td>Needs a patch to disable checksums</td>
</tr>
<tr>
<td>bzip2</td>
<td>OK</td>
<td>Fuzzed by others</td>
</tr>
<tr>
<td>crush</td>
<td></td>
<td></td>
</tr>
<tr>
<td>csc</td>
<td>Vulnerable</td>
<td>Lots of issues found and reported, awaiting fixes.</td>
</tr>
<tr>
<td>density</td>
<td></td>
<td></td>
</tr>
<tr>
<td>fari</td>
<td></td>
<td></td>
</tr>
<tr>
<td>fastlz</td>
<td></td>
<td></td>
</tr>
<tr>
<td>gipfeli</td>
<td></td>
<td></td>
</tr>
<tr>
<td>heatshrink</td>
<td></td>
<td></td>
</tr>
<tr>
<td>lz4</td>
<td>OK</td>
<td>Fuzzed by others</td>
</tr>
<tr>
<td>lzf</td>
<td></td>
<td></td>
</tr>
<tr>
<td>lzg</td>
<td></td>
<td></td>
</tr>
<tr>
<td>lzham</td>
<td></td>
<td></td>
</tr>
<tr>
<td>lzjb</td>
<td></td>
<td></td>
</tr>
<tr>
<td>lzma</td>
<td></td>
<td></td>
</tr>
<tr>
<td>lzo</td>
<td></td>
<td></td>
</tr>
<tr>
<td>ms-compress</td>
<td></td>
<td></td>
</tr>
<tr>
<td>ncompress</td>
<td></td>
<td></td>
</tr>
<tr>
<td>pithy</td>
<td></td>
<td></td>
</tr>
<tr>
<td>quicklz</td>
<td></td>
<td></td>
</tr>
<tr>
<td>snappy</td>
<td></td>
<td></td>
</tr>
<tr>
<td>wflz</td>
<td></td>
<td></td>
</tr>
<tr>
<td>yalz77</td>
<td>OK</td>
<td>Several issues found, <a href="https://bitbucket.org/tkatchev/yalz77/commits/07b5d3df427e981ee5cfb25094af1b731b14ed44">fixed</a>.</td>
</tr>
<tr>
<td>zlib</td>
<td>OK</td>
<td>Fuzzed by others</td>
</tr>
<tr>
<td>zlib-ng</td>
<td></td>
<td>Should be okay as it's a fork of zlib</td>
</tr>
<tr>
<td>zling</td>
<td></td>
<td></td>
</tr>
<tr>
<td>zpaq</td>
<td>OK</td>
<td>Several issues found, <a href="https://github.com/zpaq/zpaq/commit/176df1f453a9bcebc794bb928e5aff1c9e9d5585">fix released</a>.</td>
</tr>
<tr>
<td>zstd</td>
<td></td>
<td>Several issues found and <a href="https://github.com/Cyan4973/zstd/commit/8f86c700cdb9190901613124100c9be4c6e69827">fixed</a></td>
</tr>
| Plugin | Status | Notes |
| brieflz | OK | |