Фаззинг usbredir
Для запуска фаззинг тестов usbredir [1] используется оснастка проекта oss-fuzz [2]
На хосте:
cd ~
git clone https://github.com/google/oss-fuzz.git
cd ./oss-fuzz/projects/spice-usbredir/
podman build --force-rm=true --tag "usbredir-oss-fuzz-img:latest" . 2>&1 | tee imgbuild.log
podman run --rm -it localhost/usbredir-oss-fuzz-img:latest /bin/bash
В запущенном контейнере сборка целей:
export CC='clang -fsanitize=fuzzer-no-link -fsanitize=address'
export CXX='clang++ -fsanitize=fuzzer-no-link -fsanitize=address'
export LIB_FUZZING_ENGINE=-fsanitize=fuzzer
export OUT=/tmp/fuzzer
./build-aux/oss-fuzz.sh
Запуск исполнения:
cd /tmp/fuzzer/
./usbredirparserfuzz 2>&1 |tee log.usbredirparserfuzz
или
./usbredirfilterfuzz 2>&1 |tee log.usbredirfilterfuzz
Пример вывода фаззера:
- 15955820 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5157 rss: 173Mb L: 317/3856 MS: 4 ChangeByte-ChangeByte-InsertByte-EraseBytes-
- 15956397 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5157 rss: 173Mb L: 95/3856 MS: 2 PersAutoDict-EraseBytes- DE: "\377\013"-
- 15971663 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5157 rss: 173Mb L: 1225/3856 MS: 1 EraseBytes-
- 15981720 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5157 rss: 173Mb L: 381/3856 MS: 2 ChangeBit-EraseBytes-
- 15986559 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5156 rss: 173Mb L: 1608/3856 MS: 4 ChangeBit-EraseBytes-ChangeByte-InsertRepeatedBytes-
- 15991610 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5155 rss: 173Mb L: 166/3856 MS: 1 EraseBytes-
- 15995096 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5156 rss: 173Mb L: 98/3856 MS: 1 EraseBytes-
- 16000627 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5154 rss: 173Mb L: 707/3856 MS: 1 EraseBytes-
- 16000844 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5154 rss: 173Mb L: 418/3856 MS: 2 ChangeBit-EraseBytes-
- 16007160 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5155 rss: 173Mb L: 73/3856 MS: 1 EraseBytes-
- 16010027 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5154 rss: 173Mb L: 177/3856 MS: 2 ChangeByte-EraseBytes-
- 16010163 REDUCE cov: 466 ft: 2080 corp: 991/263Kb lim: 4096 exec/s: 5154 rss: 173Mb L: 612/3856 MS: 1 EraseBytes-
- 16018900 REDUCE cov: 466 ft: 2080 corp: 991/262Kb lim: 4096 exec/s: 5152 rss: 173Mb L: 783/3856 MS: 2 InsertByte-EraseBytes-
Ссылки:
[1] https://gitlab.freedesktop.org/spice/usbredir/-/tree/main/fuzzing?ref_type=heads
[2] https://github.com/google/oss-fuzz/tree/master/projects/spice-usbredir