Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add fuzzers for parsers #160

Closed
chenxiaolong opened this issue Sep 27, 2023 · 0 comments
Closed

Add fuzzers for parsers #160

chenxiaolong opened this issue Sep 27, 2023 · 0 comments
Assignees
@chenxiaolong

Comments

@chenxiaolong
Copy link
Owner

All of avbroot's parsers are memory-safe, but there can still be logic issues that lead to a panic/crash. From preliminary testing with honggfuzz, I've already found one crash in the boot image parser caused by dividing by zero.

I plan to add fuzz tests for most of avbroot's parsers.
@chenxiaolong chenxiaolong self-assigned this Sep 27, 2023
chenxiaolong added a commit that referenced this issue Sep 27, 2023
@chenxiaolong
bootimage: Ensure page_size is never 0
759b418 
Otherwise, we'll panic due to dividing by 0.

(Found by honggfuzz)

Issue: #160

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
chenxiaolong added a commit that referenced this issue Sep 27, 2023
@chenxiaolong
bootimage: Fix panic when validating vendor v4 table size
22a71e7 
The multiplication can overflow.

(Found by honggfuzz)

Issue: #160

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
chenxiaolong added a commit that referenced this issue Sep 27, 2023
@chenxiaolong
Add initial honggfuzz fuzzing infrastructure

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
de9b70f 
This initially includes fuzzers for the AVB and boot image parsers. The
initial input corpus are the same test files we use for the round trip
tests.

Issue: #160

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
@chenxiaolong chenxiaolong mentioned this issue Sep 27, 2023
Merged
chenxiaolong added a commit that referenced this issue Sep 27, 2023
@chenxiaolong
Add initial honggfuzz fuzzing infrastructure
7c25e39 
This initially includes fuzzers for the AVB and boot image parsers. The
initial input corpus are the same test files we use for the round trip
tests.

Issue: #160

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
chenxiaolong added a commit that referenced this issue Sep 27, 2023
@chenxiaolong
Add initial honggfuzz fuzzing infrastructure
4dbe471 
This initially includes fuzzers for the AVB and boot image parsers. The
initial input corpus are the same test files we use for the round trip
tests.

Issue: #160

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
chenxiaolong added a commit that referenced this issue Sep 27, 2023
@chenxiaolong
Add initial honggfuzz fuzzing infrastructure
7f5c043 
This initially includes fuzzers for the AVB and boot image parsers. The
initial input corpus are the same test files we use for the round trip
tests.

Issue: #160

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
chenxiaolong added a commit that referenced this issue Sep 27, 2023
@chenxiaolong
Add initial honggfuzz fuzzing infrastructure
a8ce275 
This initially includes fuzzers for the AVB and boot image parsers. The
initial input corpus are the same test files we use for the round trip
tests.

Issue: #160

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
chenxiaolong added a commit that referenced this issue Sep 27, 2023
@chenxiaolong
Add initial honggfuzz fuzzing infrastructure
5b22d7b 
This initially includes fuzzers for the AVB and boot image parsers. The
initial input corpus are the same test files we use for the round trip
tests.

Issue: #160

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
chenxiaolong added a commit that referenced this issue Sep 27, 2023
@chenxiaolong
bootimage: Ensure page_size is never 0
07f2e30 
Otherwise, we'll panic due to dividing by 0.

(Found by honggfuzz)

Issue: #160

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
chenxiaolong added a commit that referenced this issue Sep 27, 2023
@chenxiaolong
bootimage: Fix panic when validating vendor v4 table size
f85b6ee 
The multiplication can overflow.

(Found by honggfuzz)

Issue: #160

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
chenxiaolong added a commit that referenced this issue Sep 27, 2023
@chenxiaolong
avb: Use checked addition when computing auth/aux block size
e293331 
(Found by honggfuzz)

Issue: #160

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
@chenxiaolong chenxiaolong mentioned this issue Sep 27, 2023
Merged
chenxiaolong added a commit that referenced this issue Sep 28, 2023
@chenxiaolong
Add fuzzer for cpio
0aba185 
Issue: #160

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
This was referenced Sep 28, 2023
Merged
Merged
chenxiaolong added a commit that referenced this issue Sep 28, 2023
@chenxiaolong
Add fuzzer for FEC image parser
2a57343 
Issue: #160

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
@chenxiaolong chenxiaolong mentioned this issue Sep 28, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chenxiaolong chenxiaolong

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chenxiaolong