mirror of
https://github.com/protocolbuffers/protobuf-go.git
synced 2025-01-25 06:35:21 +00:00
4d5be764fb
The UnmarshalInitialized flag produced by Unmarshal and Validate are filters such that must never have false positives (i.e., report a partial message as initialized) otherwise it is incorrect. It can tolerate some degree of false negatives (i.e., report an initialized message as partial), but that leads to significant performance degradation needing to do the full initialization check. These should be the exception, not the norm. Adjust the fuzzer to search for false-negative cases. For now, we only require that the Unmarshal and Validate report initialized for any "normalized" messages which we produce by marshaling intermediate message again. This is to work around a known case where they cannot determine initialization status if the wire data relies on protobuf's merge functionality (where two or more partial messages merge together to form an initialized message). Change-Id: I6bb6c6594981ca08a92583bae77e5a2d44924af6 Reviewed-on: https://go-review.googlesource.com/c/protobuf/+/231577 Reviewed-by: Damien Neil <dneil@google.com>
Fuzzing
Fuzzing support using go-fuzz.
Basic operation:
$ go install github.com/dvyukov/go-fuzz/go-fuzz
$ go install github.com/mdempsky/go114-fuzz-build
$ cd internal/fuzz/{fuzzer}
$ go114-fuzz-build google.golang.org/protobuf/internal/fuzz/{fuzzer}
$ go-fuzz
OSS-Fuzz
Fuzzers are automatically run by OSS-Fuzz.
The OSS-Fuzz configuration currently builds fuzzers in every directory under internal/fuzz. Only add fuzzers (not support packages) in this directory.
Fuzzing results are available at the OSS-Fuzz console,
under golang-protobuf
.