maddeleine
commented
2 months ago Here's the command I used to run a single test. The only dependency I needed was libfuzzer. Couldn't get it to run successfully on my machine due to memory constraints.
LIBFUZZER_ROOT=/home/ubuntu/s2n/test-deps/libfuzzer S2N_UNSAFE_FUZZING_MODE=1 FUZZ_TESTS="s2n_deserialize_resumption_state_test" make fuzz
Security issue notifications
If you discover a potential security issue in s2n we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public github issue.
Problem:
The fuzz test s2n_deserialize_resumption_state_test needs corpus files in order to get good results. For some reason when we added that test we didn't add any corresponding corpus files.
Solution:
Run s2n_deserialize_resumption_state_test for a while and commit the corpus that it generates. This is made more difficult by the fact that the fuzz tests use a lot of memory. I found that on my computer with 50GB the fuzz tests were running out of memory. I recommend using an instance with at least 150GB, as that's what we use to run the scheduled fuzz tests.
Requirements / Acceptance Criteria:
corpus for s2n_deserialize_resumption_state_test exists.
Out of scope: