Add scripts to generate a dictionary and seed corpus for the config fuzzing #5915
Conversation
| } | ||
|
|
||
| function main() { | ||
| if [[ $# < 1 ]]; then |
There was a problem hiding this comment.
What's the expected usage? This seem like it's mean to be called with an argument for where output goes? I generally expect scripts to take arguments for input and output to stdout
There was a problem hiding this comment.
These scripts will be called as part of the oss-fuzz build.sh file to put the resulting files in the $OUT dir with the appropriate name. jbig2dec demonstrates what the files are supposed to look like (although I don't know why it calls unzip -l).
There was a problem hiding this comment.
As far as taking an argument for output; for the .dict file I can print to stdout and pipe to a file if you like; but for the corpus the output needs to be a zip file. (And my initial thought was to make the 'one argument which is the output location' a uniform calling convention.)
|
You could also pull in the stuff from |
tomrittervg
force-pushed
the
seed-and-dict
branch
from
3807675 to
2398df9
Compare
|
Updated! |
tomrittervg
force-pushed
the
seed-and-dict
branch
from
2398df9 to
94f8998
Compare
tomrittervg
force-pushed
the
seed-and-dict
branch
from
94f8998 to
c8fd184
Compare
|
Updated! LMK if I missed anything. |
This is partly a straw-man PR.
The dictionary should list keywords for the config file. Rather than make a hard-coded list that will eventually get out of date, I grab them from the sample config files and from keywords inside HasMember() in the source code.
The seed corpus is a set of interesting config files for the fuzzer to start with. Again, I grab the sample config files.
I'd love more/better suggestions for how to identify config keywords in the codebase; or config files that are interesting but not represented in the existing test configs.
If these techniques are decent; but some hardcoded suggestions are also valuable, we can add them into the script (for the dict) or in a sub-directory of harnesses (for seed files).
Finally, if no one has any ideas, we can always add these to the tree, update oss-fuzz, and see if the code coverage improves.