mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-19 10:23:17 +00:00
0037f5825b
I found two issues with the cl_load fuzz targets, one of which impacts the scanfile and scanmap fuzz targets: 1. We were defining the preprocessor definitions incorrectly using "SCAN_TARGETS" instead of "TARGET" in unit_tests/CMakeLists.txt. For the scan fuzz targets this meant it wasn't properly defining unique settings for each compiled target. For the cl_load fuzz target it's worse, it wasn't setting the database file name correctly which means it rejected the filenames entirely for not having a legitimate suffix. 2. We were pre-compiling the engine before loading signatures. You can't load sigs for an engine that's already compiled, so this would also fail right away without trying to load any sigs. |
||
|---|---|---|
| .. | ||
| clamav_dbload_fuzzer.cpp | ||
| clamav_scanfile_fuzzer.cpp | ||
| clamav_scanmap_fuzzer.cpp | ||
| CMakeLists.txt | ||
| README.md | ||
| run_fuzzer_tests.py | ||
| standalone_fuzz_target_runner.cpp | ||
OSS-Fuzz
ClamAV has chosen to integrate with oss-fuzz.
What this means is that this repository includes:
-
Fuzz targets:
- A function to which we apply fuzzing.
- For ClamAV, clamav_scanfile_fuzzer.cc may be compiled with specific macros defined to produce multiple fuzz targets.
- Additional fuzz targets may be added to fuzz other ClamAV inputs.
-
Seed corpora:
- A set of minimal test inputs that generate maximal code coverage.
- Each ClamAV fuzz target has a seed corpus located under: fuzz/corpus/
-
Fuzzing dictionaries:
- A simple dictionary of tokens used by the input language. This can have a dramatic positive effect on fuzzing efficiency. For example, when fuzzing an XML parser, a dictionary of XML tokens will help.
- Some ClamAV fuzz targets have a dictionary located under: fuzz/dictionaries/.dict
For more information on how this is set up, see: ideal OSS-Fuzz integration