Comments (7)
OK, I tried it with asan, and this didn't fix the problem as I'd expected.
from cmark.
@JordanMilne, this is the first I've heard of American Fuzzy Lop. If you'd care to contribute the build and test procedure you use to test cmark with afl, I could integrate it into our tests.
from cmark.
Btw, valgrind finds the problem too:
==17659== Invalid read of size 4
==17659== at 0x804B3F8: S_process_line (blocks.c:661)
==17659== by 0x804AFE2: S_parser_feed (blocks.c:490)
==17659== by 0x804AEDE: cmark_parser_feed (blocks.c:460)
==17659== by 0x806D424: main (main.c:143)
==17659== Address 0x422f1e8 is 40 bytes inside a block of size 92 free'd
==17659== at 0x402B358: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==17659== by 0x804907D: S_free_nodes (node.c:141)
==17659== by 0x80490BF: cmark_node_free (node.c:151)
==17659== by 0x804A769: finalize (blocks.c:224)
==17659== by 0x804A9A1: add_child (blocks.c:300)
==17659== by 0x804B819: S_process_line (blocks.c:756)
==17659== by 0x804AFE2: S_parser_feed (blocks.c:490)
==17659== by 0x804AEDE: cmark_parser_feed (blocks.c:460)
==17659== by 0x806D424: main (main.c:143)
from cmark.
AFL was what I used to find the segfaults in commonmark/commonmark-spec#66 (diff) , can't believe I didn't mention it then!
Setup is a little tricky since you need to instrument the binaries with a custom compiler, but the short version is:
AFL_PATH
should be put in the env by the user, it points to the dir containingafl-gcc
,afl-as
, etc. AFAIK there's no binary distribution so you need to compile it yourself.- Need a folder full of small testcases that use as many parser / renderer features as possible. I just modified
spec_tests.py
to spit out each test fromspec.txt
as a separate.md
file. - To compile with AFL's instrumentation, the
AFL_HARDEN
env var should be1
andCMAKE_C_COMPILER
should be${AFL_PATH}/afl-gcc
. You can compile with ASAN instrumentation by settingAFL_USE_ASAN=1
too, but it should be optional because there's a wholeREADME
dedicated to getting AFL to play nice with ASAN and it will slow your fuzzing run down to 1/10th of the regular speed. Faster than Valgrind, but needlessly slow if you're not looking for memory errors.
*${AFL_PATH}/afl-fuzz -i <folder_of_md_testcases_as_separate_files> -o results -- <cmark_binary_location>
, you probably also need -m none
if cmark
was compiled with ASAN. AFL will probably also complain about things wrong with your environment the first few times.
- After the user exits AFL, the testcases causing issues will be in
results/hangs
andresults/crashes
. - You can then triage with something like
ASAN_OPTIONS=abort_on_error=1,symbolize=1 gdb --args ./src/cmark <md_for_crash_or_hang>
. You might need LLVM forllvm-symbolizer
from cmark.
FWIW, I tested cmark with AFL about two weeks ago and didn't find any errors. But I didn't compile with ASAN, so it was only checking for crashes and hangs.
from cmark.
@nwellnhofer, if you have code for testing with AFL, it
might be good to make this part of the master repository
and add a makefile target for it.
+++ Nick Wellnhofer [Feb 20 15 06:16 ]:
FWIW, I tested cmark with AFL about two weeks ago and didn't find any
errors. But I didn't compile with ASAN, so it was only checking for
crashes and hangs.—
Reply to this email directly or [1]view it on GitHub.References
from cmark.
OK, will do.
from cmark.
Related Issues (20)
- Quadratic behavior in Commonmark renderer involving get_containing_block HOT 1
- Add additional C flags to your build (improving your code) HOT 5
- [Clang-tidy] Narrowing data types is implementation defined
- [Feature] Support math environment via $ and $$ like LaTeX HOT 2
- Line spacing of items in an unordered list is different if an item contains a fenced code block with an blank line before HOT 2
- API documentation is missing an explanation of CMARK_NODE_CUSTOM_BLOCK and CMARK_NODE_CUSTOM_INLINE HOT 2
- incorrect start_column & end_column HOT 1
- Odd parsing of `**A*B*C*` HOT 3
- Tracking backslash escapes?
- Latex export does not set the enumi counter correctly HOT 1
- H
- Parsing of "____a__!__!___" HOT 2
- Parsing of inline HTML declaration is stricter than spec
- Quadratic behavior when scanning inline HTML comments HOT 3
- Link reference definition title that should not be
- `cmark -t commonmark` makes little sense HOT 3
- libcmark uses full version number as major dylib version number HOT 3
- HTML comments do not follow the 0.30 spec
- Make `CMARK_OPT_UNSAFE` settable during runtime HOT 4
- Cannot compile with `-ftest-coverage` HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cmark.