cubetastic33
commented
5 years ago What is this PR? Why is there no activity here?
Closed Shnatsel closed 5 years ago
cubetastic33
commented
5 years ago What is this PR? Why is there no activity here?
ruuda
commented
5 years ago Sorry for the late response.
What is this PR?
A set of fuzzing seeds is a set of files that triggers many different code paths in the decoder. They can be used to kick-start the fuzzing process, as the fuzzer does not need to discover inputs that trigger these paths from scratch.
The repository already includes a suite of regression tests for issues discovered through fuzzing (in testsamples/fuzz), and a few other small samples in testsamples, and these together already provide similar coverage as the seeds that this PR adds. It only takes a few minutes of fuzzing to build up good coverage (running a few fuzzers in release mode with leak sanitizer speeds things up a lot — these can do two orders of magnitude more execs/sec than debug mode with address sanitizer, and that helps fuzzers in debug mode to discover variations). Therefore I don't think adding seeds is worth the repository size hit; you can easily generate a corpus yourself.
This adds ~5,7Mb of small files triggering different execution paths, according to cargo-fuzz. It has been run through
cargo fuzz cmin.The coverage metrics are:
This was generated with checksum verification disabled, as if #11 was merged.