57a35bb96c
- target ClientSession::_handleInput(), since crashing there would bring down the whole loolwsd (not just a kit process), and it deals with input from untrusted users (browsers) - add a --enable-fuzzers configure switch to build with -fsanitize=fuzzer (compared to normal sanitizers build, this is the only special flag needed) - configuring other sanitizers is not done automatically, either use --with-sanitizer=... or the environment variables from LODE's sanitizer config - run the actual fuzzer like this: ./clientsession_fuzzer -max_len=16384 fuzzer/data/ - note that at least openSUSE Leap 15.1 sadly ships with a clang with libfuzzer static libs removed from the package, so you need a self-built clang to run the fuzzer (either manual build or one from LODE) - <https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/refs/heads/master/efficient_fuzzing.md#execution-speed> suggests that "You should aim for at least 1,000 exec/s from your fuzz target locally" (i.e. one run should not take more than 1 ms), so try this minimal approach first. The alternative would be to start from the existing loolwsd_fuzzer binary, then step by step cut it down to not fork(), not do any network traffic, etc -- till it's fast enough that the fuzzer can find interesting input - the various configurations start to be really complex (the matrix is just very large), so try to use Util::isFuzzing() for fuzzer-specific changes (this is what core.git does as well), and only resort to ifdefs for the Util::isFuzzing() itself Change-Id: I72dc1193b34c93eacb5d8e39cef42387d42bd72f Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89226 Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com> Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
1 line
59 B
Text
1 line
59 B
Text
load url=file%3A%2F%2F%2Ffuzz%2Ffuzz.odt part=0 lang=en-US
|