lwip-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-devel] Reporting crashes found by running a fuzzing campaign

From: Hiromasa Ito
Subject: Re: [lwip-devel] Reporting crashes found by running a fuzzing campaign
Date: Fri, 21 Feb 2020 10:53:31 +0900
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 
Hi, Simon.

Thanks for your refactoring and merging my suggestion!

I have no idea why the 003 does not trigger anything,
but I will post if I get something about that :)

Best regards,
Hiromasa

On 2020/02/21 6:00, address@hidden wrote:

Hey!

Am 05.12.2019 um 07:25 schrieb Hiromasa Ito:

Hi, Simon.

I made patches for lwip and lwip-contrib (both are for v2.1.0.RC1).
The lwip patch generates my test driver and modifies Makefile and lwipopts.h a 
little.
The lwip-contrib patch modifies UNIX-ported sys_arch.c to make sys_now() fuzzy.

To build my test driver, run this command at test/fuzz:
`make triple_fuzz D='-DFUZZED_TMR'`

After that, to reproduce crashes, run this command:
`./triple_fuzz <crashed_input_file>`

crashed_input.tar.gz contains nine crashed input files.
Each file reproduces crashes failed at different assertions.

Please check them out!


I've finally found the time to smoothly integrate these new tests into
test/fuzz, now creating 3 binaries that execute tests in 3 different
modes (where mode 3 is your work).

Strangely, the file 003 does not trigger anything, but I'll work on the
other 8 ;-)

Regards,
Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]