mirror of
				https://github.com/Cisco-Talos/clamav.git
				synced 2025-10-26 13:44:12 +00:00 
			
		
		
		
	|  0037f5825b I found two issues with the cl_load fuzz targets, one of which impacts the scanfile and scanmap fuzz targets: 1. We were defining the preprocessor definitions incorrectly using "SCAN_TARGETS" instead of "TARGET" in unit_tests/CMakeLists.txt. For the scan fuzz targets this meant it wasn't properly defining unique settings for each compiled target. For the cl_load fuzz target it's worse, it wasn't setting the database file name correctly which means it rejected the filenames entirely for not having a legitimate suffix. 2. We were pre-compiling the engine before loading signatures. You can't load sigs for an engine that's already compiled, so this would also fail right away without trying to load any sigs. | ||
|---|---|---|
| .. | ||
| clamav_dbload_fuzzer.cpp | ||
| clamav_scanfile_fuzzer.cpp | ||
| clamav_scanmap_fuzzer.cpp | ||
| CMakeLists.txt | ||
| README.md | ||
| run_fuzzer_tests.py | ||
| standalone_fuzz_target_runner.cpp | ||
OSS-Fuzz
ClamAV has chosen to integrate with oss-fuzz.
What this means is that this repository includes:
- 
Fuzz targets: - A function to which we apply fuzzing.
- For ClamAV, clamav_scanfile_fuzzer.cc may be compiled with specific macros defined to produce multiple fuzz targets.
- Additional fuzz targets may be added to fuzz other ClamAV inputs.
 
- 
Seed corpora: - A set of minimal test inputs that generate maximal code coverage.
- Each ClamAV fuzz target has a seed corpus located under: fuzz/corpus/
 
- 
Fuzzing dictionaries: - A simple dictionary of tokens used by the input language. This can have a dramatic positive effect on fuzzing efficiency. For example, when fuzzing an XML parser, a dictionary of XML tokens will help.
- Some ClamAV fuzz targets have a dictionary located under: fuzz/dictionaries/.dict
 
For more information on how this is set up, see: ideal OSS-Fuzz integration