-
Notifications
You must be signed in to change notification settings - Fork 245
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add fuzzing support in libmaxminddb #357
Conversation
Signed-off-by: Arjun <pkillarjun@protonmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool! I have a few comments.
if (status == MMDB_SUCCESS) | ||
MMDB_close(&mmdb); | ||
|
||
unlink(filename); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would we want to error check any of these calls? This one, fwrite, fclose, sprintf could all have their return values checked I think.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one, fwrite, fclose, sprintf could all have their return values checked I think.
Good idea, but too much voodoo, I guess.
|
||
fp = fopen(filename, "wb"); | ||
if (!fp) | ||
return 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this or the above return something other than 0?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this or the above return something other than 0?
No, if the program returns anything else other than return 0;
, the coverage won't be counted.
I get it; we could use return -1;
or return 1;
, but I would say let's keep it return 0;
for consistency.
Souce LibFuzzer
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would we want it to be counted though? It's an error, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's an error, right?
It is an error. I think there are bigger problems in your system if you see these errors.
We would be running in a controlled environment, so it won't be a problem.
Signed-off-by: Arjun <pkillarjun@protonmail.com>
fuzz_mmdb
fuzz target.These are the bugs i found #356
My plans are to integrate libmaxminddb into OSS-Fuzz.