awesome-android/avbroot
3
0
Fork 0
mirror of https://github.com/chenxiaolong/avbroot.git synced 2026-06-02 06:23:34 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d874921a69f3b503cc0ddb57f620607a28ffb82c
avbroot/fuzz
T
History
Andrew Gunnerson d874921a69 Replace file reopen concept with ReadAt/WriteAt traits 
File reopening was conflating ownership of file-like types with the fact
that they support parallel reads and writes at arbitrary offsets.

The Reopen trait has now been replaced with ReadAt and WriteAt traits,
which are implemented for types that support parallel I/O. If a type
compatible with the standard Read/Write/Seek traits is needed, a new
UserPosFile type can act as the bridge by storing its own userspace file
offset. For the opposite bridge, there's MutexFile, which implements
ReadAt/WriteAt by using locks to make the operations sequential. This is
only really used in the tests though.

This eliminates the need for the PSeekFile and SharedCursor types. The
standard File and Cursor types can be used instead, and if shared
ownership is needed, Arc can be used.

Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
2025-08-22 22:07:11 -04:00
..
hfuzz_workspace
Add fuzzer for FEC image parser
2023-09-28 18:41:47 -04:00
src/bin
Replace file reopen concept with ReadAt/WriteAt traits
2025-08-22 22:07:11 -04:00
.gitignore
Add initial honggfuzz fuzzing infrastructure
2023-09-27 19:15:42 -04:00
Cargo.toml
Update dependencies and fix most pedantic clippy warnings
2024-12-08 18:46:40 -05:00
README.md
Add initial honggfuzz fuzzing infrastructure
2023-09-27 19:15:42 -04:00

README.md

Fuzzing

While avbroot's parsers are all memory-safe, it is still possible for panics or crashes to occur, for example due to excessive memory allocation, integer overflow, or division by zero. Fuzzing helps to identify these issues by randomizing inputs in a way that tries to increase code coverage.

Running the fuzzers

  1. Install the cargo honggfuzz commands.

    cargo install honggfuzz

  2. Pick a fuzz target to run. A fuzz target is the name of the source file in src/bin/ without the .rs extension.

    The list of targets can be queried programmatically with:

    cargo read-manifest | jq -r '.targets[].name'

  3. Run the fuzzer.

    cargo hfuzz run <fuzz target>

    This will run forever until it is manually killed. At the top of the screen, a summary section like the following is shown:

      Iterations : 31,243 [31.24k]
  Mode [1/3] : Feedback Driven Dry Run [2486/4085]
      Target : hfuzz_target/x86_64-unknown-linux-gnu/release/bootimage
     Threads : 8, CPUs: 16, CPU%: 800% [50%/CPU]
       Speed : 36,126/sec [avg: 31,243]
     Crashes : 53 [unique: 1, blocklist: 0, verified: 0]
    Timeouts : 0 [1 sec]
 Corpus Size : 1,424, max: 24,576 bytes, init: 4,085 files
  Cov Update : 0 days 00 hrs 00 mins 00 secs ago
    Coverage : edge: 897/224,621 [0%] pc: 2 cmp: 34,736

    When a crash occurs, the Crashes counter will increment and the input data that triggered the crash will be written to hfuzz_workspace/<fuzz target>/*.fuzz. New files are only written for unique crashes.

  4. If a crash occurs, run the following command to trigger the crash in a debugger.

    cargo hfuzz run-debug <fuzz target> \
    hfuzz_workspace/<fuzz_target>/<input file>.fuzz

    This defaults to using rust-lldb. To use rust-gdb instead, set the HFUZZ_DEBUGGER environment variable to rust-gdb.

    Alternatively, just feed the input file to the appropriate avbroot command directly (eg. avbroot boot info -i hfuzz_workspace/<fuzz_target>/<input file>.fuzz for boot images).

Reference in New Issue View Git Blame Copy Permalink