Open-Harbor/osrm-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Basic Fuzz Testing.

Browse Source 
[100%] Fuzzing libosrm
    /tmp/osrm-backend/build/fuzz/driver -max_len=4096 corpus  > fuzz-0.log 2>&1
    /tmp/osrm-backend/build/fuzz/driver -max_len=4096 corpus  > fuzz-1.log 2>&1
    /tmp/osrm-backend/build/fuzz/driver -max_len=4096 corpus  > fuzz-2.log 2>&1
    /tmp/osrm-backend/build/fuzz/driver -max_len=4096 corpus  > fuzz-3.log 2>&1

References:
- http://llvm.org/docs/LibFuzzer.html
- http://llvm.org/releases/3.8.0/docs/LibFuzzer.html
- https://github.com/Project-OSRM/osrm-backend/issues/1678
This commit is contained in:
Daniel J. Hofmann
2016-04-12 11:58:43 +02:00
committed by Patrick Niklaus
parent 12d478784b
commit 2557bdcf39
3 changed files with 66 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
fuzz/CMakeLists.txt
+25
View File
@@ -0,0 +1,25 @@
# Fuzz testing using LLVM's libFuzzer.
#
# See:
# - http://llvm.org/docs/LibFuzzer.html
# - http://llvm.org/releases/3.8.0/docs/LibFuzzer.html
#
# TODO(daniel-j-h):
# - make more user friendly, at the moment we require you to build and install libFuzzer.a
# - pick up LLVM_ROOT
# - build libFuzzer on the fly
#
# clang++ -std=c++11 -stdlib=libc++ -c -g -O2 ~/llvm/lib/Fuzzer/*.cpp -I~/llvm/lib/Fuzzer
# ar ruv libFuzzer.a Fuzzer*.o
if (ENABLE_FUZZING)
add_executable(driver driver.cc $<TARGET_OBJECTS:UTIL> $<TARGET_OBJECTS:SERVER>)
target_link_libraries(driver Fuzzer osrm)
add_custom_target(fuzz
DEPENDS driver
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
COMMAND ${CMAKE_COMMAND} -E make_directory corpus
COMMAND driver -jobs=4 -workers=4 -max_len=4096 corpus
COMMENT "Fuzzing libosrm" VERBATIM)
endif ()
fuzz/driver.cc
+32
View File
@@ -0,0 +1,32 @@
#include "server/api/parameters_parser.hpp"
#include "engine/api/base_parameters.hpp"
#include "engine/api/match_parameters.hpp"
#include "engine/api/nearest_parameters.hpp"
#include "engine/api/route_parameters.hpp"
#include "engine/api/table_parameters.hpp"
#include "engine/api/tile_parameters.hpp"
#include "engine/api/trip_parameters.hpp"
#include <iterator>
#include <string>
/*
* First pass at fuzzing the server, without any libosrm setup.
* Later we want keep state across fuzz testing invocations via:
*
* struct State { State() { setup_osrm(); } };
* static State state;
*/
extern "C" int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size)
{
std::string in(reinterpret_cast<const char *>(data), size);
auto first = begin(in);
const auto last = end(in);
(void)osrm::server::api::parseParameters<osrm::engine::api::RouteParameters>(first, last);
return 0; /* Always return zero, sanitizers hard-abort */
}