Symphonia icon indicating copy to clipboard operation
Symphonia copied to clipboard

Published 20 hours ago verified publisher icon pdeljanov

Add fuzzers

Open qarmin opened this issue 2 years ago • 2 comments

Looks that already some crates have code which can be used in fuzzers - https://github.com/pdeljanov/Symphonia/blob/master/symphonia-codec-aac/tests/tests.rs

If anyone want to implement it, this is git patch with unfinished attempt to do this - symphonia.txt

qarmin avatar Jul 31 '22 07:07 qarmin

Nice, thanks! The general framework looks workable. You said this is unfinished - what's left to be done?

I see the Vorbis target erroneously specifies the format as MP3, but... other than that :smiley:

I'm actually aware of one item. Formats such as FLAC and OGG have checksums embedded. Checksum verification needs to be disabled when fuzzing, otherwise most inputs created by the fuzzer will be rejected because of the checksum mismatch, and no interesting decoding will happen.

If disabling the checksum is not exposed in the API, you can use if cfg!(fuzzing) { return true } in checksum validation functions. Fuzzers will set the fuzzing cfg flag automatically.

Shnatsel avatar Nov 13 '22 20:11 Shnatsel

I've run the MP3 fuzzer for a bit and it didn't find any crashes. If my previous experience fuzzing multimedia libraries in C and Rust is anything to go by, this indicates that the fuzzing harness is broken.

I've checked, and line coverage for fuzzing MP3 looks reasonable: mp3-coverage.html.gz

@pdeljanov did you really manage to create an audio decoder that didn't crash when fuzzed for the first time?!

Shnatsel avatar Nov 13 '22 21:11 Shnatsel