diff options
| author | Miklos Vajna <vmiklos@collabora.com> | 2020-02-21 15:52:20 +0100 |
|---|---|---|
| committer | Michael Meeks <michael.meeks@collabora.com> | 2020-02-22 12:18:22 +0100 |
| commit | 57a35bb96c18ae552ce9165eb25120222a58bfee (patch) | |
| tree | d5b5e619ff1d8c3d9329c59667cf42c6b6ce42f0 /Makefile.am | |
| parent | 8d2a8da960828d16502927f80ad76fabf502df6d (diff) | |
Add an initial libfuzzer based fuzzer
- target ClientSession::_handleInput(), since crashing there would bring
down the whole loolwsd (not just a kit process), and it deals with
input from untrusted users (browsers)
- add a --enable-fuzzers configure switch to build with
-fsanitize=fuzzer (compared to normal sanitizers build, this is the only
special flag needed)
- configuring other sanitizers is not done automatically, either use
--with-sanitizer=... or the environment variables from LODE's sanitizer
config
- run the actual fuzzer like this:
./clientsession_fuzzer -max_len=16384 fuzzer/data/
- note that at least openSUSE Leap 15.1 sadly ships with a clang with
libfuzzer static libs removed from the package, so you need a
self-built clang to run the fuzzer (either manual build or one from
LODE)
- <https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/refs/heads/master/efficient_fuzzing.md#execution-speed>
suggests that "You should aim for at least 1,000 exec/s from your fuzz
target locally" (i.e. one run should not take more than 1 ms), so try
this minimal approach first. The alternative would be to start from the
existing loolwsd_fuzzer binary, then step by step cut it down to not
fork(), not do any network traffic, etc -- till it's fast enough that
the fuzzer can find interesting input
- the various configurations start to be really complex (the matrix is
just very large), so try to use Util::isFuzzing() for fuzzer-specific
changes (this is what core.git does as well), and only resort to ifdefs
for the Util::isFuzzing() itself
Change-Id: I72dc1193b34c93eacb5d8e39cef42387d42bd72f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89226
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Diffstat (limited to 'Makefile.am')
| -rw-r--r-- | Makefile.am | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/Makefile.am b/Makefile.am index c6d417185..1ee125b1f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -19,9 +19,14 @@ SUBDIRS = . test loleaflet cypress_test export ENABLE_DEBUG bin_PROGRAMS = \ - loolwsd loolforkit \ + loolforkit \ loolconvert loolconfig +if ENABLE_LIBFUZZER +else +bin_PROGRAMS += loolwsd +endif + dist_bin_SCRIPTS = loolwsd-systemplate-setup man_MANS = man/loolwsd.1 \ @@ -119,12 +124,17 @@ loolwsd_SOURCES = $(loolwsd_sources) \ noinst_PROGRAMS = clientnb \ connect \ lokitclient \ - loolwsd_fuzzer \ loolmap \ loolstress \ loolmount \ loolsocketdump +if ENABLE_LIBFUZZER +noinst_PROGRAMS += clientsession_fuzzer +else +noinst_PROGRAMS += loolwsd_fuzzer +endif + connect_SOURCES = tools/Connect.cpp \ common/Log.cpp \ common/Protocol.cpp \ @@ -148,6 +158,16 @@ loolwsd_fuzzer_SOURCES = $(loolwsd_sources) \ $(shared_sources) \ kit/DummyLibreOfficeKit.cpp +clientsession_fuzzer_CPPFLAGS = \ + -DKIT_IN_PROCESS=1 \ + $(AM_CPPFLAGS) +clientsession_fuzzer_SOURCES = \ + $(loolwsd_sources) \ + $(loolforkit_sources) \ + $(shared_sources) \ + fuzzer/ClientSession.cpp +clientsession_fuzzer_LDFLAGS = -fsanitize=fuzzer $(AM_LDFLAGS) + clientnb_SOURCES = net/clientnb.cpp \ common/Log.cpp \ common/Util.cpp |