[vlc-devel] [PATCH] add libfuzzer support

Shaleen Jain shaleen.jain95 at gmail.com
Wed Jun 21 15:41:12 CEST 2017 

On Wed, Jun 21, 2017 at 6:47 PM, Rémi Denis-Courmont <remi at remlab.net> 
wrote:
> Le 21 juin 2017 15:36:50 GMT+03:00, Shaleen Jain 
> <shaleen.jain95 at gmail.com> a écrit :
>> ---
>>  .gitignore            |  1 +
>>  configure.ac          |  8 ++++++++
>>  test/Makefile.am      |  2 ++
>>  test/fuzz/Makefile.am | 19 +++++++++++++++++++
>>  4 files changed, 30 insertions(+)
>>  create mode 100644 test/fuzz/Makefile.am
>> 
>> diff --git a/.gitignore b/.gitignore
>> index 0b0ee9cc20..fcd0e59213 100644
>> --- a/.gitignore
>> +++ b/.gitignore
>> @@ -45,6 +45,7 @@ wxvlc
>>  vlc_install_dir/*
>>  plugins.dat
>>  patches/*
>> +*_fuzzer
>> 
>>  include/vlc/libvlc_version.h
>> 
>> diff --git a/configure.ac b/configure.ac
>> index 67fc7deb1a..c289b69510 100644
>> --- a/configure.ac
>> +++ b/configure.ac
>> @@ -94,6 +94,13 @@ AS_IF([test -n "${with_binary_version}"],[
>>           [Binary specific version])
>>  ])
>> 
>> +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
>> +#if !defined(__clang__)
>> +#error
>> +#endif])], have_clang=yes, have_clang=no)
>> +
>> +AM_CONDITIONAL(HAVE_CLANG, test "x$have_clang" = "xyes")
>> +
>>  dnl
>>  dnl  Check the operating system
>>  dnl
>> @@ -4248,6 +4255,7 @@ AC_CONFIG_FILES([
>>    lib/Makefile
>>    bin/Makefile
>>    test/Makefile
>> +  test/fuzz/Makefile
>>    modules/hw/mmal/Makefile
>>    share/vlc.appdata.xml.in
>>  ])
>> diff --git a/test/Makefile.am b/test/Makefile.am
>> index 95d4df6516..30c1bb56b6 100644
>> --- a/test/Makefile.am
>> +++ b/test/Makefile.am
>> @@ -4,6 +4,8 @@
>> 
>>  AUTOMAKE_OPTIONS = subdir-objects
>> 
>> +SUBDIRS = fuzz
>> +
>>  extra_check_verbose = $(extra_check_verbose_$(V))
>>  extra_check_verbose_ = $(extra_check_flags__$(AM_DEFAULT_VERBOSITY))
>>  extra_check_verbose_0 = @echo TEST $@
>> diff --git a/test/fuzz/Makefile.am b/test/fuzz/Makefile.am
>> new file mode 100644
>> index 0000000000..57eb04f13f
>> --- /dev/null
>> +++ b/test/fuzz/Makefile.am
>> @@ -0,0 +1,19 @@
>> +AUTOMAKE_OPTIONS = subdir-objects
>> +
>> +AM_CXXFLAGS = -fsanitize=address -fsanitize-address-use-after-scope 
>> -fsanitize=undefined -fno-sanitize-recover=undefined
>> +if HAVE_CLANG
>> +AM_CXXFLAGS += -fsanitize-coverage=trace-pc-guard,trace-cmp
>> +else
>> +AM_CXXFLAGS += -fsanitize-coverage=trace-pc
>> +endif
>> +
>> +LIBVLCCORE = ../../src/libvlccore.la
>> +LIBVLC = ../../lib/libvlc.la
>> +
>> +LDADD = $(LIBVLCCORE) $(LIBVLC) -L./ -lFuzzer
>> +
>> +check_PROGRAMS = \
>> + libvlc_demux_fuzzer
>> +
>> +libvlc_demux_fuzzer_SOURCES = libvlc_demux_fuzzer.cpp
>> +
> 
> Hello,
> 
> AFAIK, this won't work. You need to build the entire tree with 
> sanitizers, not just the fuzzing binary.
> 
> The source code is missing too. But, I don't think that this should 
> be published, as it helps potentially hostile third parties with 
> better computational power than it helps us. That is why I did not 
> publish my own AFL and libfuzzer VLC frontends.
> --
> Rémi Denis-Courmont
> Typed on an inconvenient virtual keyboard

Hello,

It works, but yes for pretty stack traces you need to build the 
complete source with sanitizers while running ./configure with 
C/CXXFLAGS

Have a separate patch for the source here 
https://mailman.videolan.org/pipermail/vlc-devel/2017-June/113736.html

Working on this as part of integration with oss-fuzz which will give us 
a lot more computation power than any third party. I don't think 
security by obscurity is really an option for us.
You should really publish your code as well


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20170621/9d5dd9c3/attachment.html>

More information about the vlc-devel mailing list