zydis
zydis copied to clipboard
Improve OSS-Fuzz integration
Due to the changes in the encoder PR (#254), the build on oss-fuzz is now failing. When fixing it, we should use the opportunity to also:
- [x] Add the new encoder fuzzing targets
- [x] Restrict the fuzzer to a sensible input file size to increase fuzzer efficiency (suggested by @mappzor)
- [x] Add fuzzing corpora for the encoder targets
- [ ] Add our command line tools
./ZydisDisasm
and./ZydisInfo
to be fuzzed as well - [ ] Add fuzzing coverage for the
Disassembler.h
API
Add fuzzing corpora for the encoder targets
I've checked that structures under clang-cl on Windows and clang on Linux are ABI-compatible (I had some doubts), so we can re-use my existing corpora 😀
Restrict the fuzzer to a sensible input file size to increase fuzzer efficiency (suggested by @mappzor)
Here are the current minimums:
- Decoder:
sizeof(ZydisFuzzControlBlock) (272) + sizeof(buffer) (32) = 304
- ReEncoding:
sizeof(ZydisFuzzControlBlock) (8) + sizeof(buffer) (32) = 40
- Encoding:
sizeof(ZydisEncoderRequest) (392)
I don't think buffer
variables need to be that long though. While it's good to have few bytes more than ZYDIS_MAX_INSTRUCTION_LENGTH (15)
, 20 should be enough. For encoding target it's probably better to use something slightly bigger than size of encoder request, not for fuzzing itself but to make maintenance easier. Using minimum value means that even the smallest addition to structure requires PR to oss-fuzz. Same argument can be made for other fuzz targets but I think encoding is potentially the most affected.