On Dec 21, 2016, at 2:12 AM, Peter Wu <[email protected]> wrote:
> From the efforts that I have seen, Moshe seems to be targeting the
> dissectors functions. Since these may appear over the network, it is
> probably one of the more interesting parts to tackle first.
Then I'm not sure how well
> The second step is to create a fuzzing interface. The fuzzing interface needs
> to have the following signature:
>
> extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
> DoSomethingInterestingWithMyAPI(Data, Size);
> return 0; // Non-zero return values are reserved for future use.
> }
matches the way it works.
If you have a program called "rednose", that takes a JPEG image, looks for
noses, and colors them red, you could have an API that takes a pointer to an
array of bytes containing a JPEG image, and a size_t giving the total number of
bytes in the image, and call the nose-detector-and-colorer API (although, given
that the argument is a const pointer, it'd have to provide some output buffer).
I guess you *could* have an API that takes a *single* blob of data and hands it
to the frame dissector, with enough metadata to have it interpreted as an
Ethernet frame, and that would catch *some* issues. It wouldn't catch any
issues that would only show up with a sequence of packets.
Is there some way to fuzz code that's *not* stateless, and that takes a
*sequence* of bits of input, in order?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
