Add fuzzing infrastructure

Though text formats aren't exactly fuzzer's strong suit, fuzzers can catch many surface-level bugs. The fuzz/ directory contains target programs, testcases and dictionaries to drive the afl fuzzer. This commit adds a fuzzer for the XKB keymap text format and the Compose text format. On my slow machine, using a single core, a full cycle of the XKB fuzzer takes 5 hours. For Compose, it takes a few minutes. Fuzzing for the other file formats (rules files mostly) will be added later. To do some fuzzing, run `./fuzz/fuzz.sh`. Signed-off-by: Ran Benita <ran234@gmail.com>
author: Ran Benita <ran234@gmail.com> 2018-03-11 00:04:05 +0200
committer: Ran Benita <ran234@gmail.com> 2018-07-30 10:35:10 +0300
commit: 2cb5c2a3f3a74fb7478648a7811ca2b6e6272311 (patch)
tree: c1d58aa95d6408690ea2a346be09387d22ee01a0 /fuzz/fuzz.sh
parent: a54cfe087a2b84d5cb44f4dfa0e5951f8289ca3c (diff)
download: xorg-lib-libxkbcommon-2cb5c2a3f3a74fb7478648a7811ca2b6e6272311.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/fuzz/fuzz.sh b/fuzz/fuzz.sh
new file mode 100755
index 0000000..65aab9c
--- /dev/null
+++ b/fuzz/fuzz.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+    keymap|compose)
+        ;;
+    *)
+        echo "usage: $0 keymap|compose" 1>&2
+        exit 1
+        ;;
+esac
+
+export CC=afl-clang-fast
+export AFL_HARDEN=1
+test -d fuzz/build || meson setup -Db_lto=true fuzz/build
+ninja -C fuzz/build
+afl-fuzz -i fuzz/$1/testcases -x fuzz/$1/dict -o fuzz/$1/findings -t 200 -m 10 -- ./fuzz/build/fuzz-$1 @@
author	Ran Benita <ran234@gmail.com>	2018-03-11 00:04:05 +0200
committer	Ran Benita <ran234@gmail.com>	2018-07-30 10:35:10 +0300
commit	2cb5c2a3f3a74fb7478648a7811ca2b6e6272311 (patch)
tree	c1d58aa95d6408690ea2a346be09387d22ee01a0 /fuzz/fuzz.sh
parent	a54cfe087a2b84d5cb44f4dfa0e5951f8289ca3c (diff)
download	xorg-lib-libxkbcommon-2cb5c2a3f3a74fb7478648a7811ca2b6e6272311.tar.gz