-
ckitagawa authored
This CL introduces a fuzzer for the ELF disassemblers in Zucchini. I have already uploaded some corpus files to the clusterfuzz-corpus Google Storage bucket. Achieves ~700 exec/s locally. This is on-par with the DEX and Win32 disassemblers as it requires a largish representative file to serve as a test. (Recommendation is ~1000 exec/s). Brings up coverage of ELF related code from 0-30% to 80-100% I expect this will find quite a few crashes early on but should stabilize within a couple of weeks; est. 1-2 bugfixes per day based on how DEX and Win32 went. Mostly checked_casts and bounds issues. Bug: 1013641 Change-Id: I205135547cad2a95e59f99d7f040c13d72c45b59 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1856624 Commit-Queue: Calder Kitagawa <ckitagawa@chromium.org> Reviewed-by:
Etienne Pierre-Doray <etiennep@chromium.org> Cr-Commit-Position: refs/heads/master@{#705245}
b00aaaba
