On 2018-10-30 Bhargava Shastry wrote: > - oss-fuzz requires a Google linked email address of the maintainer. > Could you please provide me one?
No, I'm sorry. This is the email address to use to contact me, and I don't plan to link this address to a Google account. > - It is better that the test harness and related config (dictionary, > other fuzzer options) reside in the xz source repo. Are you okay > maintaining these in the long run? Including the files in the xz repo is fine. I can maintain them in sense that fuzz.c compiles and I can merge fuzzing related patches that get sent to me. I hope this is enough. > As starting point, I used all files with the "xz" extension that I > could find in the source repo (total of 63 files). I guess it's a good starting point. Most of them are under hundred bytes and only one is over thousand bytes (good-1-delta-lzma2.tiff.xz is 51,316 bytes). The bad files are based on certain good files but each bad file has something broken in it, so perhaps the bad files aren't so great for fuzzing (if the damage is at the beginning, the decoder might stop there and fuzzing bits past that point is pointless). > I also did the following experiment > > - I ran version 1 overnight (over 16 hours in total) > - The coverage saturated at about 996 CFG edges > > Then, I took the corpus that was generated for v1 fuzzing and fed it > to v2. My hope is that this will quickly tell me how much better > (coverage wise) v2 is were it to be run for as long as v1 > > - I found v2 covers 1004 CFG edges i.e., only 8 CFG edges more than v1 > > However, to be sure I need to keep v2 running for as long as v1, but > my guess is that this saturation will prevail. The test method sounds good. :-) Only eight more edges sounds low since there are more than eight places where the code can run out of input or output and has to stop. Perhaps it needs better input files to hit more of such situations. Or, like I said in the previous email, maybe the small input/output buffers aren't as valuable for fuzzing as I thought and we should just use the simple fast version. -- Lasse Collin | IRC: Larhzu @ IRCnet & Freenode
