mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2026-01-26 23:58:26 -05:00
2d99b49797
The fuzz targets that write a temp file currently use the same filename every time. One of the users identified that if the tests are running in parallel mode, many processes are accessing the same file. This results in unstable input to the API being tested, where the file may be overwritten as the function is being tested. This commit fixes it by putting the fuzz process PID in the filenames for the scanfile and dbload fuzz targets. Resolves: https://github.com/Cisco-Talos/clamav/issues/432 Also fixed a CMake bug that built an extra fuzz target file that doesn't serve any purpose. Resolves: https://github.com/Cisco-Talos/clamav/issues/431
OSS-Fuzz
ClamAV has chosen to integrate with oss-fuzz.
What this means is that this repository includes:
-
Fuzz targets:
- A function to which we apply fuzzing.
- For ClamAV, clamav_scanfile_fuzzer.cc may be compiled with specific macros defined to produce multiple fuzz targets.
- Additional fuzz targets may be added to fuzz other ClamAV inputs.
-
Seed corpora:
- A set of minimal test inputs that generate maximal code coverage.
- Each ClamAV fuzz target has a seed corpus located under: fuzz/corpus/
-
Fuzzing dictionaries:
- A simple dictionary of tokens used by the input language. This can have a dramatic positive effect on fuzzing efficiency. For example, when fuzzing an XML parser, a dictionary of XML tokens will help.
- Some ClamAV fuzz targets have a dictionary located under: fuzz/dictionaries/.dict
For more information on how this is set up, see: ideal OSS-Fuzz integration