Commit Graph

26 Commits

Author SHA1 Message Date
Simon Goldschmidt
9509acd876 fuzz: fix warning casting u64_t to s32_t/u32_t 2023-10-03 21:11:57 +02:00
Jonathan Neuschäfer
c2f9244137 test/fuzz: Fix use of htons vs. ntohs
Although ntohs and htons perform equivalent operations (a byte swap on
little-endian platforms), their semantic roles (as implied by the names)
are different.

In fuzz_common.c, we get integers from simulated network packages, and
convert them for host CPU use, so ntohs is the right variant to use.
2023-05-11 22:10:32 +02:00
Jonathan Neuschäfer
5514d8eb63 test/fuzz: Build with -O2 by default
Fuzzers should run fast by default, since the goal is to try many
variations of input data.
2023-05-11 22:08:46 +02:00
Jonathan Neuschäfer
911da26f96 test/fuzz: Fix CC default value in makefile
Unfortunately, CC ?= afl-gcc doesn't work. This is because CC has a
default value (of "cc"), and the ?= operator only assigns a value if the
variable previously had none. "make" currently compiles with cc.

In this patch, I implemented the more elaborate way to achieve what was
probably intended: "make" will use afl-gcc now, and "make CC=foo" will
compile with "foo".
2023-05-11 22:08:40 +02:00
Jonathan Neuschäfer
95a63bc352 test/fuzz: Use HTTPS URLs and mention AFL++ 2023-04-07 22:27:30 +02:00
Jonathan Neuschäfer
e8b0324f81 test/fuzz: Don't crash with assertion failure when a packet is too big
A fuzzer may generate big packets, and it will interpret assertion
failures as bugs. Instead of asserting that the packet size is
reasonable, simply skip the packet when it's not the case.
2023-04-07 22:25:50 +02:00
Wouter van Gulik
5ab46f82f9 Fix failing fuzzer if compiling with ubsan
See patch #10163

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2021-12-30 22:04:23 +01:00
Erik Ekman
d6a37b1ad6 fuzz: Improve Makefile
Similar to recent change to ports/unix/check:
- Split depfile into three different files
- Fix make dep
- Skip depfile generation for 'make clean'
2020-12-04 10:51:11 +01:00
Erik Ekman
9b1056ef0e fuzz: Fix compile error in simulated glibc rand
When using LWIP_RAND_FOR_FUZZ_SIMULATE_GLIBC:

fuzz_common.c: In function ‘lwip_fuzz_rand’:
fuzz_common.c:683:11: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
  683 |   if (idx >= sizeof(rand_nrs)/sizeof((rand_nrs)[0])) {
      |           ^~
cc1: all warnings being treated as errors
2020-06-19 13:26:58 +02:00
Simon Goldschmidt
e30d50710d fuzz: allow overriding LWIP_RAND for fuzz tests
Fuzz tests need reproducible code, so we need an "unsafe" version of
LWIP_RAND() in this case...

Also, to reproduce fuzz tests cases from Linux on Windows,
LWIP_RAND_FOR_FUZZ_SIMULATE_GLIBC provides the first 20 random numbers that
glibc would have...
2020-03-27 22:42:06 +01:00
Simon Goldschmidt
003f5cc12d fuzz: whitespace fixes 2020-03-09 21:50:50 +01:00
Simon Goldschmidt
b795784832 fuzz: make CC overridable from 'afl-gcc'
e.g. for debugging crashes
2020-03-09 21:40:30 +01:00
Simon Goldschmidt
412c8d1902 fuzz: fix compiler error "missing prototype" 2020-03-08 20:41:53 +01:00
Simon Goldschmidt
a02f34a193 fuzz: add pcap output to help debugging fuzz crashes 2020-03-05 21:00:00 +01:00
Simon Goldschmidt
a9052caf10 fuzz: add debug output to help debugging fuzz crashes 2020-03-05 20:49:41 +01:00
Simon Goldschmidt
d05be56a50 fuzz: add more fuzz tests
From: Hiromasa Ito <v3hertz@gmail.com>

See bugs #57374-#57380 found by this new test mode.
2020-02-20 21:55:13 +01:00
Simon Goldschmidt
a07e0a82c9 test: split fuzz into different files and binaries
This is in preparation to add more fuzzing code...
2020-02-17 22:05:46 +01:00
Gao Qingshui
a9ac18aebb ip6: enable ip6_autoconfig_enabled by default
See bug #56135

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2020-02-04 22:23:58 +01:00
Simon Goldschmidt
f857260e29 fix compiling fuzz test under Linux after merging contrib to main repo 2019-12-11 22:20:14 +01:00
Simon Goldschmidt
cb3f0a9b17 fuzz: adapt to changes in mdns
mdns_resp_add_netif() takes only 3 arguments
2019-12-11 19:50:50 +01:00
goldsimon
e6f0700c81 fuzz: fix compile error, ignore 0 length pbufs 2018-02-18 08:56:23 +01:00
goldsimon
58de2af5f2 test/fuzz: add some applications, add an experimental multi-packet mode
The experimental multi-packet mode splits input bytes depending on a length
decoded from the first 2 bytes and does that until the end of input.
To use this mode, compile with "make D=-DLWIP_FUZZ_MULTI_PACKET"

Signed-off-by: goldsimon <goldsimon@gmx.de>
2018-02-15 14:35:08 +01:00
Dirk Ziegelmeier
bb8088d498 Minor cleanup of FUZZ test Makefile 2016-12-17 10:09:15 +01:00
Dirk Ziegelmeier
11780f037b Fixup Makefile of FUZZ test after moving to main lwIP rep 2016-12-17 10:05:49 +01:00
sg
c13a43e5c8 added note about afl-fuzz requiring linux 2016-12-15 21:42:46 +01:00
sg
844c201702 added fuzz tests (moved from contrib/ports/unix/fuzz to get them to a more prominent place, even if afl-fuzz still needs *nix to run) 2016-12-15 21:39:46 +01:00