-
Notifications
You must be signed in to change notification settings - Fork 2.6k
[libarchive] Expand fuzzing from 1 to 25 targets #14678
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Update build configuration to use all 25 fuzz targets now available in upstream libarchive (merged in libarchive/libarchive#2820). Changes: - Update build.sh to compile all 25 fuzzers from contrib/oss-fuzz/ - Copy dictionaries and options files for guided fuzzing - Generate seed corpora from libarchive's test files - Remove local libarchive_fuzzer.cc (now in upstream repo) New fuzzers include: - 13 format-specific: tar, zip, 7zip, rar, rar5, xar, cab, lha, iso9660, cpio, warc, mtree, ar - 4 security-critical: encryption, write_disk, read_disk, entry (ACL) - 7 API coverage: write, linkify, match, string, seek, roundtrip, filter Expected coverage improvement: 74% → 85-95%
- TAR: Change pattern from "test_compat_*tar*.uu" to "*tar*.uu" Increases coverage from 30 to 70 test files, including: - test_read_format_tar_*.uu - test_read_format_gtar_*.uu - test_pax_*.tar.uu - test_acl_pax_*.tar.uu - CPIO: Change pattern from "test_compat_cpio*.uu" to "*cpio*.uu" Increases coverage from 1 to 11 test files, including: - test_read_format_cpio_*.uu
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
View this failed invocation of the CLA check for more information.
For the most up to date status, view the checks section at the bottom of the pull request.
skypher is a new contributor to projects/libarchive. The PR must be approved by known contributors before it can be merged. The past contributors are: Mrmaxmeier, DonggeLiu, jvoisin, cvediver, Dor1s, mmatuska (unverified)
Summary
Update libarchive build configuration to use all 25 fuzz targets now available in upstream libarchive (merged in libarchive/libarchive#2820).
Changes
build.shto compile all 25 fuzzers fromcontrib/oss-fuzz/libarchive_fuzzer.cc(now in upstream repo)New Fuzzers (24 new, 25 total)
Format-specific (13):
Security-critical (4):
API coverage (7):
Coverage Targets
Previously uncovered functions now targeted:
archive_entry_linkifyxar_read_headerExpected coverage improvement: 74% → 85-95%
Testing
check_buildvalidationpython infra/helper.py build_fuzzers libarchivepython infra/helper.py check_build libarchive