-
-
Notifications
You must be signed in to change notification settings - Fork 6.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Discussion: how to allow access to internal functions for fuzzing testing #4561
Comments
We already do this to some extent with the regular Is this enough? |
I think it's close, but I think the header files are needed. At the moment the "hacky" solution here in the fuzzer for the curl_fnmatch fuzzer is to manually copy the curl_fnmatch.h header file into a directory which is then set as an include directory for the fuzzer. For doh.h that starts to get tricky, because there's a lot of subsequent header includes that also need copying over. In my limited testing so far I didn't manage to get it compiling because some functions were being redefined - I assume something to do with #defines, but I haven't dug into it further. |
I think these are two independent problems:
It sounds to me like (2) is the problem now? You mentioned an |
Agreed.
I think we basically do need to make Equally I personally think it'd be good if we had a configuration option to install these files alongside other curl API files so that the hacky "copy it out of the lib/ directory" approach is not necessary. |
I am not sure if enable-debug adds the memory debugging machinery? That can be good to be able to disable, for instance to build a fast exploring fuzzer. Fuzz testing can be orthogonal to debugging. I used cmake for adding the internal fuzzers, and I think it was not that complicated or destroys for regular users. I am worried that maintaining functionality for being able to install internal headers not meant to be external opens up for problems. Will it require maintenance and no one except the fuzzer writers will notice when it breaks? |
Thankfully, curl already has a fuzzer regression test stage: https://github.com/curl/curl/blob/master/.travis.yml#L674. If the main build breaks this new code, the curl builds won't pass. |
Does it really need to have it standalone? I mean we can do unit tests without it, just by finding it in the lib dir - can't the fuzz build process do it like that too? If it really needs to be standalone we probably need to split the current |
I can give it a shot. Might just work. If so then we probably don't need anything else here. |
Good! The netrc parser and the cookie stuff also need to be accessible. It will be interesting how this is going to look, compared to the existing "in-tree" cmake solution! |
Currently @pauldreik and I are discussing how best to do testing of libcurl internals with regards to focused fuzz testers. I noted on curl/curl-fuzzer#32 (comment) that it might be sensible to:
enable-internal-function-access
)curl/internal_functions.h
)In the short term I'd expect a limited number of functions that this would be useful for; for example
doh_encode
.This issue is to cover thoughts about how best to implement this.
The text was updated successfully, but these errors were encountered: