test(fuzz): seed flist entry decode corpus (FCV-19.c)#4758
Merged
Conversation
oferchen
force-pushed
the
test/fcv-19c-flist-seeds
branch
from
3676a06 to
b2c97e0
Compare
2 tasks
oferchen
force-pushed
the
test/fcv-19c-flist-seeds
branch
5 times, most recently
from
269e0c3 to
9c6c677
Compare
Add 24 hand-crafted libfuzzer seeds for the flist_entry_decode target, covering the recv_file_entry wire-format branch matrix: regular file, directory with XMIT_TOP_DIR, symlink, char/block devices, FIFO, XMIT_LONG_NAME (>254 bytes), XMIT_SAME_TIME/MODE/NAME inherited fields, INC_RECURSE hardlink forward/backward references, UTF-8 multibyte filenames, XMIT_MOD_NSEC (proto 32 nanosecond mtime), truncation mid-name and mid-mtime, malformed parent_node_idx with i32::MAX value, empty name (sender-invariant violation), maximum-length name (4095 bytes), and legacy protocol V28 entries with fixed 4-byte encoding. Seeds are valid for the stateless read_file_entry helper that the fuzzer exercises under both ProtocolVersion::V28 and V30, and bias the in-process corpus toward the conditional branches that need coverage on first iteration.
oferchen
force-pushed
the
test/fcv-19c-flist-seeds
branch
from
9c6c677 to
9a4db98
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
fuzz/corpus/flist_entry_decode/covering therecv_file_entrywire-format branch matrix.read_file_entryhelper, which the fuzz target exercises under bothProtocolVersion::V28andV30.Coverage matrix
01_regular_file_minimalXMIT_TOP_DIR02_directory_top_dir03_symlink_entry04_device_char,05_device_block06_fifo_entryXMIT_LONG_NAME(300-byte name)07_long_name_300bXMIT_SAME_TIME(mtime inherited)08_same_time_inheritedXMIT_SAME_MODE(mode inherited)09_same_mode_inheritedXMIT_SAME_NAME(name prefix inherited)10_same_name_prefix,22_same_name_chain11_inc_recurse_parent_forward,12_inc_recurse_parent_backward13_iconv_utf8_multibyteXMIT_MOD_NSEC, proto 32)14_nsec_mtime_proto3215_truncation_mid_name16_truncation_mid_mtime17_malformed_parent_node_idx18_empty_name19_max_length_name20_proto28_regular_file,21_proto28_extended_flags23_end_of_list_onlyXMIT_SAME_*flags after a primer24_all_same_flags_after_primerTest plan
fuzz/corpus/).cargo +nightly fuzz run flist_entry_decodelocally to confirm libfuzzer ingests every seed without panic.