Hey Mark This is useful. I did have to filter out some of the debug parsing from the `libreadelf` I put together. I figured I could save some time by using some existing client of libelf. I will take a look at those simpler tests, which might make for a cleaner OSS-Fuzz target as well.
I can work on getting the results published. I have a Google account so I can look into this. Thanks for the response Murtaza On Thu, Oct 28, 2021 at 12:34 PM Mark Wielaard <m...@klomp.org> wrote: > Hi Murtaza, > > On Thu, Oct 28, 2021 at 09:47:40AM -0700, Murtaza Izzee via Elfutils-devel > wrote: > > Wanted to add elfutils to OSS-Fuzz. libelf is used in many distributions > > and seems like a good target to have some fuzz testing on > > > > https://github.com/google/oss-fuzz/pull/6670 > > > > Would love to hear your thoughts. > > We have been using afl (American Fuzzy Lop) in an ad-hoc way to find > issues. I have used OSS-Fuzz for some other projects, but found it > very painful to get any results out if you don't have a google > account. If you can set it up so that it posts the results and > artifacts to the mailinglists that would be great. > > If possible I would try write something a bit more specific than just > reusing eu-readelf. When using eu-readelf you'll basically first have > to go through libdwfl and libdw initialization, there are various > sanity checks that probably mean the fuzzer will not reach libelf for > more interesting input files. Take a peek at some of the simpler elf > tests (under test) if you want to really fuzz libelf itself. Maybe > using elfcpy and then elfcmp to make sure the copy is really identical > would make a fun fuzzcase. > > Cheers, > > Mark > >
