Re: [tor-bugs] #16301 [Tor]: Add afl-fuzz instructions to contrib

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#16301: Add afl-fuzz instructions to contrib
-----------------------------+---------------------------------
     Reporter:  teor         |      Owner:  teor
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:  Tor: very long term
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:  lorax
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+---------------------------------

Comment (by teor):

 Most of the software that I've seen fuzzed is already split into libraries
 which process files or data buffers (think ImageMagick and
 libjpeg/libpng/...)

 When I fuzzed torrc parsing in #14142, I built a stripped-down version of
 `tor_main` which only initialised the data structures required to parse
 arguments. I did this so that fuzzing would operate at a reasonable speed.

 There's also llvm's coverage-guided in-process fuzzing using libFuzzer. It
 promises to be several orders of magnitude faster than afl-fuzz for small
 data inputs, as long as the program doesn't maintain (much) state between
 runs.

 However, most of libFuzzer only works on Linux at the moment, so I'd need
 to set up a VM or VPS on my end for that.
 http://blog.llvm.org/2015/04/fuzz-all-clangs.html

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16301#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs