adding fuzzer for espeak_synth #1178
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 5 commits
May 1, 2022 22:00
sthibaul
reviewed
May 11, 2022
|
Ok, so this now looks in good shape. But... it finds bugs :) Perhaps we can change the workflow rules to run this every week or so for now, so people get to know the bugs which need to be fixed before we can run this on master & pull requests? |
agree. |
and with best debugging flags
since it currently fails, we can't run it on push/PR
|
Ok, commited, thanks a lot @annastan, @kmamadoudram, @yocvito ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi all,
We are 3 students in IT security (@annastan, @kmamadoudram, @yocvito) and are currently working on fuzzing liblouis/espeak-ng for a school project with @sthibaul. For espeak, , we have decided to focus on espeak_Synth function and have achieved to find known bugs (here) in previous commits, thus we come here to show you the work we have done.
So, what have we done yet ?
Basically, we have used libfuzzer to implements fuzzing on
espeak_Synth. The fuzzer just look for an ENV variable containing the language you want to test and start fuzzing.If you are already familiar with libfuzzer, then there is no other specific switch than libfuzzer ones to pass to the fuzzer.
The only thing you need to care about is configuration but you can find more information on how to use the fuzzer we added in tests/fuzzing/README.md
To check that our fuzzer was actually working, we have used clang coverage and have added the related compiler flags to the espeak-ng directory sources in makefile.am. We were thus able to see that our fuzzer was, indeed, really reaching a lot of the source code. (more info on coverage in the README.md)
What’s now ?
We will continue to integrate and improve the fuzzers in the next months. It's not entirely ready yet but we will continue to modify it and come back to you to highlights our changes.
Finally, to find bugs, we need relevant corpus files for each language. We have built a first skeleton of what could be a fuzzer for this functions and have added some scripts to help using it. We are still working on it and will be grateful about any suggestions you could make.
Thank you.