Re: fuzzing dtc with AFL
> I've now commited fixes (and test cases) for all of these to the > master tree. Thanks David! It's looking much better, but the fuzzer did trip on another divide by zero, this time a modulo: /dts-v1/; / { x = <(0%0)> }; Anton -- To unsubscribe from this list: send the line "unsubscribe devicetree-compiler" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: fuzzing dtc with AFL
Hi David, > What's AFL? http://lcamtuf.coredump.cx/afl/ > Nice catches all. I'll try to debug these in detail soon. Thanks! Anton -- To unsubscribe from this list: send the line "unsubscribe devicetree-compiler" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: fuzzing dtc with AFL
On Sun, Jan 03, 2016 at 08:28:48PM +1100, David Gibson wrote: > On Sun, Jan 03, 2016 at 02:32:47AM +1100, Anton Blanchard wrote: > > Hi David, > > > > I wanted something to test AFL with, and since dtc is simple, self > > What's AFL? > > > contained and checked out on my laptop, I attacked it. It found a > > number of interesting testcases: > > > > A divide by zero issue: > > > > # ./dtc test1.dts > > Floating point exception > > > > An issue parsing octals: > > > > # ./dtc test2.dts > > dtc: dtc-lexer.l:156: yylex: Assertion `!(*e) || !e[strspn(e, "UL")]' > > failed. > > Aborted > > > > An issue with null escape characters: > > > > # ./dtc test3.dts > > dtc: util.c:155: get_escape_char: Assertion `c' failed. > > Aborted > > > > and a SEGV: > > > > # ./dtc test4.dts > > Segmentation fault > > Nice catches all. I'll try to debug these in detail soon. I've now commited fixes (and test cases) for all of these to the master tree. -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson signature.asc Description: PGP signature
Re: fuzzing dtc with AFL
On Sun, Jan 03, 2016 at 02:32:47AM +1100, Anton Blanchard wrote: > Hi David, > > I wanted something to test AFL with, and since dtc is simple, self What's AFL? > contained and checked out on my laptop, I attacked it. It found a > number of interesting testcases: > > A divide by zero issue: > > # ./dtc test1.dts > Floating point exception > > An issue parsing octals: > > # ./dtc test2.dts > dtc: dtc-lexer.l:156: yylex: Assertion `!(*e) || !e[strspn(e, "UL")]' > failed. > Aborted > > An issue with null escape characters: > > # ./dtc test3.dts > dtc: util.c:155: get_escape_char: Assertion `c' failed. > Aborted > > and a SEGV: > > # ./dtc test4.dts > Segmentation fault Nice catches all. I'll try to debug these in detail soon. -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson signature.asc Description: PGP signature
fuzzing dtc with AFL
Hi David, I wanted something to test AFL with, and since dtc is simple, self contained and checked out on my laptop, I attacked it. It found a number of interesting testcases: A divide by zero issue: # ./dtc test1.dts Floating point exception An issue parsing octals: # ./dtc test2.dts dtc: dtc-lexer.l:156: yylex: Assertion `!(*e) || !e[strspn(e, "UL")]' failed. Aborted An issue with null escape characters: # ./dtc test3.dts dtc: util.c:155: get_escape_char: Assertion `c' failed. Aborted and a SEGV: # ./dtc test4.dts Segmentation fault Anton test1.dts Description: audio/vnd.dts test2.dts Description: audio/vnd.dts test3.dts Description: audio/vnd.dts test4.dts Description: audio/vnd.dts