You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 lines
1.1 KiB
48 lines
1.1 KiB
4 months ago
|
# Fuzzing DNG SDK
|
||
|
|
||
|
This fuzzer is intented to do a varian analysis of the issue reported
|
||
|
in b/156261521.
|
||
|
|
||
|
Here is a list of some CVEs previously discovered in DNG SDK:
|
||
|
|
||
|
* CVE-2020-9589
|
||
|
* CVE-2020-9590
|
||
|
* CVE-2020-9620
|
||
|
* CVE-2020-9621
|
||
|
* CVE-2020-9622
|
||
|
* CVE-2020-9623
|
||
|
* CVE-2020-9624
|
||
|
* CVE-2020-9625
|
||
|
* CVE-2020-9626
|
||
|
* CVE-2020-9627
|
||
|
* CVE-2020-9628
|
||
|
* CVE-2020-9629
|
||
|
|
||
|
## Building & running the fuzz target: Android device
|
||
|
|
||
|
It is recommended to set rss limit to higher values (such as 4096) when running
|
||
|
the fuzzer to avoid frequent OOM libFuzzer crashes.
|
||
|
|
||
|
```sh
|
||
|
$ source build/envsetup.sh
|
||
|
$ lunch aosp_arm64-eng
|
||
|
$ SANITIZE_TARGET=hwaddress make dng_parser_fuzzer
|
||
|
$ adb sync data
|
||
|
$ adb shell /data/fuzz/arm64/dng_parser_fuzzer/dng_parser_fuzzer \
|
||
|
$ -rss_limit=4096 \
|
||
|
$ /data/fuzz/arm64/dng_parser_fuzzer/corpus
|
||
|
```
|
||
|
|
||
|
## Building & running the fuzz target: Host
|
||
|
|
||
|
```sh
|
||
|
$ source build/envsetup.sh
|
||
|
$ lunch aosp_x86_64-eng
|
||
|
$ SANITIZE_HOST=address make dng_parser_fuzzer
|
||
|
$ LD_LIBRARY_PATH=$ANDROID_HOST_OUT/fuzz/x86_64/lib/ \
|
||
|
$ $ANDROID_HOST_OUT/fuzz/x86_64/dng_parser_fuzzer/dng_parser_fuzzer \
|
||
|
$ -rss_limit_mb=4096 \
|
||
|
$ $ANDROID_HOST_OUT/fuzz/x86_64/dng_parser_fuzzer/corpus/
|
||
|
```
|
||
|
|