Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2296893002:
Add minidump fuzzer for breakpad. (Closed)
|
Created:
4 years, 3 months ago by Will Harris Modified:
4 years, 3 months ago CC:
chromium-reviews Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionAdd minidump fuzzer for breakpad.
Make fuzzer_test target clone defines, and also noop definitions for a few more variables.
BUG=None
Committed: https://crrev.com/dee978f1ee27b272aeebdc75cecc1ed4f8148eb6
Cr-Commit-Position: refs/heads/master@{#416081}
Patch Set 1 #Patch Set 2 : add options #
Total comments: 14
Patch Set 3 : code review changes and bug fixes #Patch Set 4 : remove errant newline #
Total comments: 1
Patch Set 5 : nit #Patch Set 6 : add base dep #Patch Set 7 : fix #
Total comments: 1
Patch Set 8 : do not binary_symlink the test #
Messages
Total messages: 39 (21 generated)
Description was changed from ========== Add minidump fuzzer for breakpad. BUG=None ========== to ========== Add minidump fuzzer for breakpad. BUG=None ==========
wfh@chromium.org changed reviewers: + thestig@chromium.org
I (mostly) have no idea what I'm doing. PTAL.
thestig@chromium.org changed reviewers: + mark@chromium.org
+mark: any preferences on where the fuzzers should live?
https://codereview.chromium.org/2296893002/diff/20001/breakpad/BUILD.gn File breakpad/BUILD.gn (right): https://codereview.chromium.org/2296893002/diff/20001/breakpad/BUILD.gn#newcode7 breakpad/BUILD.gn:7: import("//testing/libfuzzer/fuzzer_test.gni") alphabetical order https://codereview.chromium.org/2296893002/diff/20001/breakpad/BUILD.gn#newco... breakpad/BUILD.gn:170: "src/processor/exploitability_linux.cc", Are these all actually needed? https://codereview.chromium.org/2296893002/diff/20001/breakpad/minidump_fuzze... File breakpad/minidump_fuzzer.cc (right): https://codereview.chromium.org/2296893002/diff/20001/breakpad/minidump_fuzze... breakpad/minidump_fuzzer.cc:1: #include <stddef.h> Missing copyright ehader. https://codereview.chromium.org/2296893002/diff/20001/breakpad/minidump_fuzze... breakpad/minidump_fuzzer.cc:28: // This is probably a dodgy cast. Beh. I wish the Minidump ctor just took a buffer instead of an istream. https://codereview.chromium.org/2296893002/diff/20001/breakpad/minidump_fuzze... breakpad/minidump_fuzzer.cc:38: bool PrintMinidumpProcess(std::istream& input, pass by non-const ref https://codereview.chromium.org/2296893002/diff/20001/breakpad/minidump_fuzze... breakpad/minidump_fuzzer.cc:65: if (machine_readable) { But it's always false.
Will always says that he has no idea what he’s doing! Since this fuzzes MinidumpProcessor, I guess it should live next to minidump_processor.cc. Unless we’re planning on adding more fuzzers soon, I don’t think we need to dedicate a directory to just this one file at this point.
I don't know if the fuzzer targets will work for the breakpad repos, that's why I didn't want to put it next to the existing files. I wanted it to live in the chromium repos. I don't mind where it lives though ( in fact the original CL had it living where you suggested, then I realized I didn't want to mess with breakpad deps ). Turns out this isn't working either; something is wrong... so I might have to get back to this CL later this week.
The fuzzer is now actually running... before it was bailing really early as seek() didn't work on the std::istream. PTAL? https://codereview.chromium.org/2296893002/diff/20001/breakpad/BUILD.gn File breakpad/BUILD.gn (right): https://codereview.chromium.org/2296893002/diff/20001/breakpad/BUILD.gn#newcode7 breakpad/BUILD.gn:7: import("//testing/libfuzzer/fuzzer_test.gni") On 2016/08/30 21:00:33, Lei Zhang wrote: > alphabetical order Done. https://codereview.chromium.org/2296893002/diff/20001/breakpad/BUILD.gn#newco... breakpad/BUILD.gn:170: "src/processor/exploitability_linux.cc", On 2016/08/30 21:00:33, Lei Zhang wrote: > Are these all actually needed? ../../breakpad/src/processor/exploitability.cc:81: error: undefined reference to 'google_breakpad::ExploitabilityWin::ExploitabilityWin(google_breakpad::Minidump*, google_breakpad::ProcessState*)' ../../breakpad/src/processor/minidump_processor.cc:1129: error: undefined reference to 'google_breakpad::NTStatusToString(unsigned int)' ../../breakpad/src/processor/exploitability.cc:85: error: undefined reference to 'google_breakpad::ExploitabilityLinux::ExploitabilityLinux(google_breakpad::Minidump*, google_breakpad::ProcessState*, bool)' clang: error: linker command failed with exit code 1 (use -v to see invocation) (yes) https://codereview.chromium.org/2296893002/diff/20001/breakpad/BUILD.gn#newco... breakpad/BUILD.gn:267: binary_symlink("minidump_fuzzer") { I'm not even sure what this does, or whether it's needed. https://codereview.chromium.org/2296893002/diff/20001/breakpad/minidump_fuzze... File breakpad/minidump_fuzzer.cc (right): https://codereview.chromium.org/2296893002/diff/20001/breakpad/minidump_fuzze... breakpad/minidump_fuzzer.cc:1: #include <stddef.h> On 2016/08/30 21:00:33, Lei Zhang wrote: > Missing copyright ehader. Done. https://codereview.chromium.org/2296893002/diff/20001/breakpad/minidump_fuzze... breakpad/minidump_fuzzer.cc:28: // This is probably a dodgy cast. On 2016/08/30 21:00:33, Lei Zhang wrote: > Beh. I wish the Minidump ctor just took a buffer instead of an istream. Acknowledged. https://codereview.chromium.org/2296893002/diff/20001/breakpad/minidump_fuzze... breakpad/minidump_fuzzer.cc:38: bool PrintMinidumpProcess(std::istream& input, On 2016/08/30 21:00:33, Lei Zhang wrote: > pass by non-const ref Done. https://codereview.chromium.org/2296893002/diff/20001/breakpad/minidump_fuzze... breakpad/minidump_fuzzer.cc:65: if (machine_readable) { On 2016/08/30 21:00:33, Lei Zhang wrote: > But it's always false. Done.
lgtm https://codereview.chromium.org/2296893002/diff/20001/breakpad/BUILD.gn File breakpad/BUILD.gn (right): https://codereview.chromium.org/2296893002/diff/20001/breakpad/BUILD.gn#newco... breakpad/BUILD.gn:267: binary_symlink("minidump_fuzzer") { On 2016/08/31 17:48:09, Will Harris wrote: > I'm not even sure what this does, or whether it's needed. Well, presumably it adds a symlink when doing an Android build on Linux? I'm not familiar with the GN syntax so not exactly sure what's linked. Anyway, cannot hurt. https://codereview.chromium.org/2296893002/diff/60001/breakpad/minidump_fuzze... File breakpad/minidump_fuzzer.cc (right): https://codereview.chromium.org/2296893002/diff/60001/breakpad/minidump_fuzze... breakpad/minidump_fuzzer.cc:49: return 0; return false;
wfh@chromium.org changed reviewers: + ochang@chromium.org
Thanks. +ochang can you give this a rs look over to make sure I haven't missed anything with fuzzer config. I can't put the corpus in just yet but hopefully will find a suitable one soon.
lgtm
The CQ bit was checked by wfh@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from thestig@chromium.org Link to the patchset: https://codereview.chromium.org/2296893002/#ps80001 (title: "nit")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: android_clang_dbg_recipe on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/android_clan...)
wfh@chromium.org changed reviewers: + aizatsky@chromium.org
Description was changed from ========== Add minidump fuzzer for breakpad. BUG=None ========== to ========== Add minidump fuzzer for breakpad. Make fuzzer_test target clone defines, and also noop definitions for a few more variables. BUG=None ==========
aizatsky -> PTAL at the fuzzer_test.gni changes.
lgtm https://codereview.chromium.org/2296893002/diff/120001/breakpad/minidump_fuzz... File breakpad/minidump_fuzzer.cc (right): https://codereview.chromium.org/2296893002/diff/120001/breakpad/minidump_fuzz... breakpad/minidump_fuzzer.cc:73: BPLOG(ERROR) << "MinidumpProcessor::Process failed"; It's better for fuzzer not to log anything. Do you need this for debugging only or would you rather hunt for these as asserts?
The CQ bit was checked by aizatsky@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from thestig@chromium.org, ochang@chromium.org Link to the patchset: https://codereview.chromium.org/2296893002/#ps120001 (title: "fix")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: android_arm64_dbg_recipe on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/android_arm6...) android_clang_dbg_recipe on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/android_clan...) cast_shell_android on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/cast_shell_a...) chromeos_x86-generic_chromium_compile_only_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromeos_x86-ge...)
Patchset #9 (id:160001) has been deleted
Patchset #8 (id:140001) has been deleted
Patchset #8 (id:180001) has been deleted
Patchset #9 (id:220001) has been deleted
Patchset #8 (id:200001) has been deleted
The CQ bit was checked by wfh@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from ochang@chromium.org, thestig@chromium.org, aizatsky@chromium.org Link to the patchset: https://codereview.chromium.org/2296893002/#ps240001 (title: "do not binary_symlink the test")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Message was sent while issue was closed.
Description was changed from ========== Add minidump fuzzer for breakpad. Make fuzzer_test target clone defines, and also noop definitions for a few more variables. BUG=None ========== to ========== Add minidump fuzzer for breakpad. Make fuzzer_test target clone defines, and also noop definitions for a few more variables. BUG=None ==========
Message was sent while issue was closed.
Committed patchset #8 (id:240001)
Message was sent while issue was closed.
Description was changed from ========== Add minidump fuzzer for breakpad. Make fuzzer_test target clone defines, and also noop definitions for a few more variables. BUG=None ========== to ========== Add minidump fuzzer for breakpad. Make fuzzer_test target clone defines, and also noop definitions for a few more variables. BUG=None Committed: https://crrev.com/dee978f1ee27b272aeebdc75cecc1ed4f8148eb6 Cr-Commit-Position: refs/heads/master@{#416081} ==========
Message was sent while issue was closed.
Patchset 8 (id:??) landed as https://crrev.com/dee978f1ee27b272aeebdc75cecc1ed4f8148eb6 Cr-Commit-Position: refs/heads/master@{#416081} |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
