curl-fuzzer icon indicating copy to clipboard operation
curl-fuzzer copied to clipboard

Published 20 hours ago verified publisher icon curl

Add more standalone fuzzing harnesses

Open elopez opened this issue 2 years ago • 3 comments

This PR adds some new standalone harnesses that fuzz:

  • Alt-Svc parsing
  • Base64 encoding/decoding
  • DoH decoding
  • Date parsing
  • (un)escaping

Some of the harness code includes (from CURLDIR) or copies bits from internal headers; there might be a nicer way to do that.

elopez avatar Oct 27 '22 15:10 elopez

Immediate comment - I'm mildly terrified about adding another 2000 files to this repo, but I don't know if that's FUD or not.

cmeister2 avatar Oct 27 '22 16:10 cmeister2

For each harness there's a few "seed" cases with human-readable names, plus some more inputs obtained through fuzzing, with hash-like filenames. We can probably remove the latter and let oss-fuzz rediscover them, if you don't want all the files committed in the repository.

elopez avatar Oct 27 '22 17:10 elopez

For each harness there's a few "seed" cases with human-readable names, plus some more inputs obtained through fuzzing, with hash-like filenames. We can probably remove the latter and let oss-fuzz rediscover them, if you don't want all the files committed in the repository.

I realise I didn't respond here - yes, please, if you could do that that would be great.

cmeister2 avatar Nov 02 '22 13:11 cmeister2