diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2019-12-11 13:03:43 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2019-12-11 02:55:32 +0000 |
| commit | e6fc8e79aee289f79b5fba7b7c2974d476702b1e (patch) | |
| tree | 0f03a1655ca1f9ddd92f993d4c492933151f9d37 /lib/fuzzing | |
| parent | 6e5aefc2d3095f0fb6535e6ab3a4ec12b898794f (diff) | |
| download | samba-e6fc8e79aee289f79b5fba7b7c2974d476702b1e.tar.gz | |
lib/fuzzing: Split up automatically build fuzzers into TYPE_{IN,OUT,STRUCT}
The advise is that a fuzz target should be as small as possible
so we split this up. Splitting up by function would build too
many fuzzers, but this should help a little.
See for example:
https://github.com/google/fuzzing/blob/master/docs/good-fuzz-target.md#large-apis
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@samba.org>
Diffstat (limited to 'lib/fuzzing')
| -rw-r--r-- | lib/fuzzing/fuzz_ndr_X.c | 14 | ||||
| -rw-r--r-- | lib/fuzzing/wscript_build | 8 |
2 files changed, 19 insertions, 3 deletions
diff --git a/lib/fuzzing/fuzz_ndr_X.c b/lib/fuzzing/fuzz_ndr_X.c index cdc9de50a8c..5fc21dcef26 100644 --- a/lib/fuzzing/fuzz_ndr_X.c +++ b/lib/fuzzing/fuzz_ndr_X.c @@ -192,6 +192,20 @@ int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) { function = SVAL(data, 2); type = fuzz_packet_flags & 3; + +#ifdef FUZZ_TYPE + /* + * Fuzz targets should have as small an interface as possible. + * This allows us to create 3 binaries for most pipes, + * TYPE_IN, TYPE_OUT and TYPE_STRUCT + * + * We keep the header format, and just exit early if it does + * not match. + */ + if (type != FUZZ_TYPE) { + return 0; + } +#endif #endif switch (type) { diff --git a/lib/fuzzing/wscript_build b/lib/fuzzing/wscript_build index 191aa69b6d7..e77eea88df5 100644 --- a/lib/fuzzing/wscript_build +++ b/lib/fuzzing/wscript_build @@ -59,10 +59,12 @@ def SAMBA_NDR_FUZZ(bld, interface, auto_deps=False, fuzz_src = os.path.join(fuzz_reldir, 'fuzz_ndr_X.c') cflags = "-D FUZZ_PIPE_TABLE=ndr_table_%s" % interface + if fuzz_type: + name += "_%s" % (fuzz_type) + cflags += " -D FUZZ_TYPE=%s " % (fuzz_type) if fuzz_type and fuzz_function: - name += "_%s_%d" % (fuzz_type, fuzz_function) - cflags += " -D FUZZ_TYPE=%s -DFUZZ_FUNCTION=%d" % (fuzz_type, - fuzz_function) + name += "_%d" % (fuzz_function) + cflags += " -D FUZZ_FUNCTION=%d" % (fuzz_function) fuzz_named_src = os.path.join(fuzz_reldir, '%s.c' % (name)) |