update engine: add fuzzing targets |
||
Issue descriptionupdate_engine parses external xml downloaded in omaha_request_action so let's add a fuzzer to it. payload_metadata extracts and parses metadata from the downloaded payload, so it's also worth adding a fuzzer for it.
,
Nov 19
The xmls are parsed using XML_parser (which is a third party project) and if anything XML_parser needs to be fuzzed. update engine only calls the XML_parser and just looks at the fields in there. In addition those xmls go through https only and we are sure of their origin. So I don't really know the point of the fuzzers here, But feel free to add yourself to the owners of the update_engine cause cluster fuzz is gonna generate very annoying bugs once in a while and you probably need to take the ownership of fixing the fuzzer bugs :)
,
Nov 19
Thanks for the feedback! What I thought is operations taken based on the output of XML_parser still can cause crashes or instabilities (besides potential instabilities caused by XML_parser itself). Is that a valid functionality to fuzz on? (I also want to avoid over-testing the code that is deemed unnecessary). Sure, i'll add myself as an owner.
,
Nov 23
The following revision refers to this bug: https://chromium.googlesource.com/aosp/platform/system/update_engine/+/e3183927f68f1ec2c7bc9c21e48c55c618aabd2a commit e3183927f68f1ec2c7bc9c21e48c55c618aabd2a Author: Xiaochu Liu <xiaochu@chromium.org> Date: Fri Nov 23 03:08:01 2018 update_engine: edit OWNERS Add xiaochu@google.com to OWNERS so related party can be held responsible for Chrome OS changes regarding DLC or the fuzzers. BUG= chromium:906815 TEST=None Change-Id: I7769ca704e3d706d14565d9b388e09852d2407db Reviewed-on: https://chromium-review.googlesource.com/1344913 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Xiaochu Liu <xiaochu@chromium.org> Reviewed-by: Amin Hassani <ahassani@chromium.org> [modify] https://crrev.com/e3183927f68f1ec2c7bc9c21e48c55c618aabd2a/OWNERS
,
Nov 27
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/83371ba2b073a53dad9efa5453c4c4849dfdf3ed commit 83371ba2b073a53dad9efa5453c4c4849dfdf3ed Author: Xiaochu Liu <xiaochu@chromium.org> Date: Tue Nov 27 04:31:09 2018 update_engine: install /update_engine_omaha_request_action_fuzzer Install the fuzzer to proper location. BUG= chromium:906815 TEST=USE="asan fuzzer" emerge-kefka update_engine CQ-DEPEND=CL:1344914 Change-Id: I7e62798ab9c5a0d350fd3aea9ce6dfb7986d12ee Reviewed-on: https://chromium-review.googlesource.com/1345471 Commit-Ready: Xiaochu Liu <xiaochu@chromium.org> Tested-by: Xiaochu Liu <xiaochu@chromium.org> Reviewed-by: Manoj Gupta <manojgupta@chromium.org> [modify] https://crrev.com/83371ba2b073a53dad9efa5453c4c4849dfdf3ed/chromeos-base/update_engine/update_engine-9999.ebuild
,
Nov 27
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/f10803fdd973256518a5b3db37cfe8354aca9528 commit f10803fdd973256518a5b3db37cfe8354aca9528 Author: Xiaochu Liu <xiaochu@chromium.org> Date: Tue Nov 27 04:31:10 2018 chromium-os-fuzzers: add update_engine Add update_engine as dependency to chromium-os-fuzzers. BUG= chromium:906815 TEST=None CQ-DEPEND=CL:1345471 Change-Id: I1f51c9d3690ed7c96c9b972d4d20db5efe9719d3 Reviewed-on: https://chromium-review.googlesource.com/1351214 Commit-Ready: Xiaochu Liu <xiaochu@chromium.org> Tested-by: Xiaochu Liu <xiaochu@chromium.org> Reviewed-by: Manoj Gupta <manojgupta@chromium.org> [modify] https://crrev.com/f10803fdd973256518a5b3db37cfe8354aca9528/virtual/chromium-os-fuzzers/chromium-os-fuzzers-1.ebuild [rename] https://crrev.com/f10803fdd973256518a5b3db37cfe8354aca9528/virtual/chromium-os-fuzzers/chromium-os-fuzzers-1-r18.ebuild
,
Nov 27
The following revision refers to this bug: https://chromium.googlesource.com/aosp/platform/system/update_engine/+/399118630bab9615b0237d80cd7c8abbb010a512 commit 399118630bab9615b0237d80cd7c8abbb010a512 Author: Xiaochu Liu <xiaochu@chromium.org> Date: Tue Nov 27 04:31:09 2018 update_engine: add omaha_request_action_fuzzer target It fuzzes the XML response sent from Omaha. It also refactored .gyp file to separate fake*/mock* libraries from unittest* themselves. BUG= chromium:906815 TEST=cros_fuzz Change-Id: Ic7d0e7d18784e48f4e43b538f9797e5d2d452d08 Reviewed-on: https://chromium-review.googlesource.com/1344914 Commit-Ready: Xiaochu Liu <xiaochu@chromium.org> Tested-by: Xiaochu Liu <xiaochu@chromium.org> Reviewed-by: Amin Hassani <ahassani@chromium.org> [add] https://crrev.com/399118630bab9615b0237d80cd7c8abbb010a512/fuzz/xml.dict [add] https://crrev.com/399118630bab9615b0237d80cd7c8abbb010a512/omaha_request_action_fuzzer.cc [modify] https://crrev.com/399118630bab9615b0237d80cd7c8abbb010a512/update_engine.gyp
,
Dec 3
|
||
►
Sign in to add a comment |
||
Comment 1 by xiaochu@chromium.org
, Nov 19