Re: [libvirt] [GSOC] project libvirt fuzzing

On 03/21/2017 04:39 AM, D L wrote: > On Thu, Mar 16, 2017 at 1:03 PM, Michal Privoznik <mprivozn(a)redhat.com&gt; > wrote: > Hi Michal, >> > Hey, > I have been digesting your comments. Then I switched concentration from > general > instrumentation and fuzzing to qemuBuildCommandLine(). I have been having > difficulties of resolving the dependencies/shared objects in order to fuzz > a particular > function. Then I came to a conclusion, I would imagine, but have not > started yet, > to target specific functions, some helper functions need to be in place to > be > responsible of the callbacks, and it seems hand-crafted instrumentation is > also > necessary. This might be one of the cases where programming is necessary > for > this project. > I don't think that we want to fuzz functions callde from qemuBuildCommandLine() separately. That indeed would be too overwhelming. I think we would be perfectly okay with fuzzing the qemuBuildCommandLine() itself (well, with help of XML parsing as described in my previous e-mails). So we might focus on generating XMLs for now (e.g. write a grammar that does that? dunno - don't have much experience with fuzzers). The whole idea that I have in my mind is as follows: 1) let fuzzer genereate a XML document 2) def = virDomainDefParse*(document); 3) qemuBuildCommandLine(def); 4) if SIGSEGV store XML somewhere for future inspection 5) goto 1) For points 2) and 3) we might need to create a binary, but that should be fairly easy to do. Does this sound reasonable to you? That's great. I really appreciate the clarity. Yes, I also think we need

> Given the slow progress, or maybe I started later than an ideal situation, > I am a > bit worried if I could finish the requirement before the submission > deadline, not > to mention other libvirt community-specific requirement mentioned on the > website. > Well, the requirements for submitting are not have all the coding ready :-). You can check the requirements here: http://wiki.libvirt.org/page/Google_Summer_of_Code_FAQ Then, for the student application you should describe in the form how you want to achieve the goal, design some time line and so on. Don't worry, you can edit it until the deadline.

> So to make sure I am on the right track, what are the concrete goals to > achieve, > specific requirement to meet, or procedures for me to follow in order to > submit > the application by the deadline? > > Well, you've successfully subscribed to the list and I assume you've cloned and compiled libvirt. So what you need to do is to prove it - send a patch that fixes something in libvirt. There is a link in the FAQ to a list of bite sized tasks. Or I can think of something easy if you want.> > Michal Yes, I compiled, installed, and used the binaries successfully.