Joe Tsai 4d5be764fb internal/fuzz/wirefuzz: add test to verify initialization checks
The UnmarshalInitialized flag produced by Unmarshal and Validate are
filters such that must never have false positives (i.e., report a
partial message as initialized) otherwise it is incorrect.
It can tolerate some degree of false negatives (i.e., report an
initialized message as partial), but that leads to significant
performance degradation needing to do the full initialization check.
These should be the exception, not the norm.

Adjust the fuzzer to search for false-negative cases. For now, we only
require that the Unmarshal and Validate report initialized for any
"normalized" messages which we produce by marshaling intermediate
message again. This is to work around a known case where they cannot
determine initialization status if the wire data relies on protobuf's
merge functionality (where two or more partial messages merge
together to form an initialized message).

Change-Id: I6bb6c6594981ca08a92583bae77e5a2d44924af6
Reviewed-on: https://go-review.googlesource.com/c/protobuf/+/231577
Reviewed-by: Damien Neil <dneil@google.com>
2020-05-01 18:43:38 +00:00
..

Fuzzing

Fuzzing support using go-fuzz.

Basic operation:

$ go install github.com/dvyukov/go-fuzz/go-fuzz
$ go install github.com/mdempsky/go114-fuzz-build
$ cd internal/fuzz/{fuzzer}
$ go114-fuzz-build google.golang.org/protobuf/internal/fuzz/{fuzzer}
$ go-fuzz

OSS-Fuzz

Fuzzers are automatically run by OSS-Fuzz.

The OSS-Fuzz configuration currently builds fuzzers in every directory under internal/fuzz. Only add fuzzers (not support packages) in this directory.

Fuzzing results are available at the OSS-Fuzz console, under golang-protobuf.