-
Notifications
You must be signed in to change notification settings - Fork 4
Reproducing
Many of the issues found by this project can be reproduced by simply decompressing the test case in question. However, some tests may require a bit more effort since they may not trigger a crash reliably on all computers.
In some cases, it may be necessary to patch the sources of the library in question. This is typically only necessary to disable checking checksums. Note that checksums don't usually improve security—while it is hard for fuzzers to generate a file with a correct checksum, it is usually easy for someone crafting a malicious archive to do so.
You can find any necessary patches in the "libraries/:library/patches" directory of CompFuzz. If that folder doesn't exist for the library you are testing then no patches are necessary.
Note that some libraries don't ship with an executable, they are only libraries. In these cases you may see a *.c or *.cpp file (containing a small program to test the library) in the patches directory instead of a *.diff or *.patch.
Things like accessing invalid memory don't always cause an application to crash, so it's a often required to use a tool like AddressSanitizer or valgrind. Generally we use AddressSanitizer, but valgrind should work.
ASan support is built into recent versions of GCC and clang. Just add the -fsanitize=address flag to your C/C++ flags.
Valgrind doesn't require any compile-time flags. Instead, you run valgrind and valgrind runs your program. Something like:
valgrind --tool=memcheck path/to/decompressor …Simply pass the test case as the compressed file to the decompressor with the appropriate flags to decompress a file. The exact flags you need to use depend on the implementation.