Commit Graph

10 Commits

Author SHA1 Message Date
Kacper Michajłow e56054bc40 fuzzers: always return 0
While LibFuzzer supports rejecting unwanted inputs, it looks like
Honggfuzz treats anything other than 0 as fatal error.

https://llvm.org/docs/LibFuzzer.html#rejecting-unwanted-inputs
348a472139/libhfuzz/persistent.c (L67)
This LOG_F calls exit(EXIT_FAILURE)
2024-05-21 06:28:18 +02:00
Kacper Michajłow 7a93a584fc fuzzer: add dedicated fuzzers for each demuxer
This will help drill deeper into specific code.
2024-05-15 20:09:54 +02:00
Kacper Michajłow 6ede789092 fuzzer_load: use memfd_create instead of real file
Should be slightly faster. Also fixes leaking temporary file on errors.
2024-05-15 20:09:54 +02:00
Kacper Michajłow 3c26389312 fuzzer_load: merge file and config load into one file
Removes code duplication. Add missing unlink while at it.
2024-05-15 20:09:54 +02:00
Kacper Michajłow fd1c13f9b3 fuzzers: don't build binaries for disabled protocols
While there is a merit to test if disabled protocols doesn't crash or
something, such test can be made as simple unit tests, no fuzzing needed.
2024-05-15 20:09:54 +02:00
Kacper Michajłow c1d5f0e9c8 fuzzers: set network-timeout to 1 second
We don't expect any data to actually access, so timeout as soon as
possible.
2024-05-10 04:15:10 +02:00
Kacper Michajłow bf6d49cbd4 fuzzer_loadfile_direct: exclude paths also for file://
Loading external files makes little sense. Might disable this completely
later, but let see how it works, The idea is the same as for direct
load. Exclude paths starting with `file://.` and `file:///`. But still
fuzz any processing that other input might have. It shouldn't be a huge
problem if we do `file://mpv` for example. Not great, but also not
terrible.
2024-05-09 02:01:24 +02:00
Kacper Michajłow 49cb039b8c fuzzer_set_property: fix for other types than string
I tested with string version, oops.
2024-05-08 18:52:40 +02:00
Kacper Michajłow e1d1eb7ace fuzzers: add fuzzer for config parsers 2024-05-08 18:52:40 +02:00
Kacper Michajłow 47dbc3a74e fuzzers: add new fuzzer targets
fuzzer_set_property.c:

fuzz mpv_set_property in both initialized and non-initialized state.
Useful for user provided values sanitization test. I've already seen
some memory leaks in parsing code, good to drill it.

fuzzer_loadfile.c:

mpv_command "loadfile" test. Good for testing demuxers, decoding and
playback loop. Sadly in headless mode we can't really test AO and VO,
but at least all the code around can be fuzzed. Especially our custom
demuxers like demux_mkv.

fuzzer_loadfile_direct.c:

Similar to loadfile above, but instead of saving the data to file, it
passes the fuzz input in the command. Generated protocol specific
versions (mf:// and memory:// for now) and generic one.

Nothing really complex, but good start and even those few targets should
give good coverage of the most common code paths in libmpv.
2024-04-27 02:47:47 +02:00