king
/
v811_spc009
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b394c2d4e7'
${ noResults }
v811_spc009/external/dng_sdk/fuzzer
History
jianglk.darker 7ee447c011
v811_spc009_project 		4 months ago
..
seeds/CVE_2020_9589 v811_spc009_project 4 months ago
Android.bp v811_spc009_project 4 months ago
README.md v811_spc009_project 4 months ago
dng_parser_fuzzer.cpp v811_spc009_project 4 months ago

README.md

Fuzzing DNG SDK

This fuzzer is intented to do a varian analysis of the issue reported in b/156261521.

Here is a list of some CVEs previously discovered in DNG SDK:

  • CVE-2020-9589
  • CVE-2020-9590
  • CVE-2020-9620
  • CVE-2020-9621
  • CVE-2020-9622
  • CVE-2020-9623
  • CVE-2020-9624
  • CVE-2020-9625
  • CVE-2020-9626
  • CVE-2020-9627
  • CVE-2020-9628
  • CVE-2020-9629

Building & running the fuzz target: Android device

It is recommended to set rss limit to higher values (such as 4096) when running the fuzzer to avoid frequent OOM libFuzzer crashes.

$ source build/envsetup.sh
$ lunch aosp_arm64-eng
$ SANITIZE_TARGET=hwaddress make dng_parser_fuzzer
$ adb sync data
$ adb shell /data/fuzz/arm64/dng_parser_fuzzer/dng_parser_fuzzer \
$ -rss_limit=4096 \
$ /data/fuzz/arm64/dng_parser_fuzzer/corpus

Building & running the fuzz target: Host

$ source build/envsetup.sh
$ lunch aosp_x86_64-eng
$ SANITIZE_HOST=address make dng_parser_fuzzer
$ LD_LIBRARY_PATH=$ANDROID_HOST_OUT/fuzz/x86_64/lib/ \
$ $ANDROID_HOST_OUT/fuzz/x86_64/dng_parser_fuzzer/dng_parser_fuzzer \
$ -rss_limit_mb=4096 \
$ $ANDROID_HOST_OUT/fuzz/x86_64/dng_parser_fuzzer/corpus/