lwip.patchDescription: Text document
|
| From: | Hiromasa Ito |
| Subject: | Re: [lwip-devel] Reporting crashes found by running a fuzzing campaign |
| Date: | Thu, 5 Dec 2019 15:25:37 +0900 |
| User-agent: | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 |
Hi, Simon. I made patches for lwip and lwip-contrib (both are for v2.1.0.RC1). The lwip patch generates my test driver and modifies Makefile and lwipopts.h a little. The lwip-contrib patch modifies UNIX-ported sys_arch.c to make sys_now() fuzzy. To build my test driver, run this command at test/fuzz: `make triple_fuzz D='-DFUZZED_TMR'` After that, to reproduce crashes, run this command: `./triple_fuzz <crashed_input_file>` crashed_input.tar.gz contains nine crashed input files. Each file reproduces crashes failed at different assertions. Please check them out! Best regards, Hiromasa On 2019/12/05 5:47, address@hidden wrote:
Am 04.12.2019 um 15:03 schrieb Hiromasa Ito:Hi, Simon. Thank you for your reply! :)As bug reports, like above.OK. I will report all crashes I found as bug reports.The crashed inputs are certainly needed! The test driver would be interesting. You might have noticed we have and AFL setup in test/fuzz and input files in test/fuzz/inputs. I'd be happy to incorporate changes if appropriate.OK. I think I should upload the whole fuzzing environment (crashed inputs, my test driver, initial seeds, and lwIP I tested) for reproducibility. Please give me some time to prepare for publication.A patch to test/fuzz and the inputs that directly crash would be best to keep it simple enough for me to reproduce the issue. Time on lwIP is scarce at the moment, so try to keep me from losing track ;-) Regards, SimonBest regards, Hiromasa On 2019/12/04 17:48, Simon Goldschmidt wrote:"Hiromasa Ito" <address@hidden> wrote:I have written a new test driver and ran a fuzzing campaign on lwIP with American Fuzzy Lop (AFL). As a result, I have found nine crashes caused by assertion failures, and they seem to be bugs. I have already reported two of them, but still have seven crashes not reported. https://savannah.nongnu.org/bugs/?51447 https://savannah.nongnu.org/bugs/?55706 There for, I have two questions for developers. First, how should I report these unreported crashes?As bug reports, like above.Should I report them individually, like the ones above?That depends if they are real separate issues (report individually) or crashes in the same area (combine in one bug).If needed, I can upload the test driver, crashed inputs, and the source codes of lwIP I used.The crashed inputs are certainly needed! The test driver would be interesting. You might have noticed we have and AFL setup in test/fuzz and input files in test/fuzz/inputs. I'd be happy to incorporate changes if appropriate.Second, can I write about these crashes in my academic paper? I'm a master's student in computer science in Japan. If any bugs cause these crashes, I'd like to write about them in my paper. If it is inconvenient, please let me know.Yes, I don't see a problem writing about that. Regards, SimonBest regards, Hiromasa _______________________________________________ lwip-devel mailing list address@hidden https://lists.nongnu.org/mailman/listinfo/lwip-devel_______________________________________________ lwip-devel mailing list address@hidden https://lists.nongnu.org/mailman/listinfo/lwip-devel-- vhertz _______________________________________________ lwip-devel mailing list address@hidden https://lists.nongnu.org/mailman/listinfo/lwip-devel_______________________________________________ lwip-devel mailing list address@hidden https://lists.nongnu.org/mailman/listinfo/lwip-devel
lwip.patch
Description: Text document
contrib.patch
Description: Text document
crashed_inputs.tar.gz
Description: GNU Zip compressed data
| [Prev in Thread] | Current Thread | [Next in Thread] |