Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle panics and infinite loops found via fuzzer #43

Merged
merged 8 commits into from
Nov 16, 2022
Merged

Handle panics and infinite loops found via fuzzer #43

merged 8 commits into from
Nov 16, 2022

Conversation

eric
Copy link
Contributor

@eric eric commented Nov 16, 2022

By doing some basic fuzzing I was able to find some panics and an infinite loop.

I've let it run for 20 minutes and haven't found any additional issues yet.

asticode
asticode requested changes Nov 16, 2022
View reviewed changes
Copy link
Owner

@asticode asticode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm really not familiar with fuzzing but those are really good catch 👍

Could you explain a little bit how you came up with the testdata?

data_psi.go Outdated Show resolved Hide resolved
data_pes.go Outdated Show resolved Hide resolved
@eric
Copy link
Contributor Author

eric commented Nov 16, 2022
edited
Loading

Could you explain a little bit how you came up with the testdata?

I grabbed the first 1880 bytes from 6 different MPEG-TS streams I had laying around as the start and then the fuzzer automatically writes additional files as there are failures.

I then took the .ts files and used file2fuzz from golang.org/x/tools/cmd/file2fuzz@latest to convert them to testdata.

You can read up more about fuzzing here: https://go.dev/security/fuzz/

The system will take the initial data you give it as a starting point and then will create random permutations that it uses to explore what could cause the code under test to fail (crash in our case).

To run the fuzzer:

$ go test -fuzz FuzzDemuxer

@eric eric requested a review from asticode November 16, 2022 08:43
@asticode asticode merged commit 055f96f into asticode:master Nov 16, 2022
@asticode
Copy link
Owner

Thanks a lot for the explanation! I'll dig a little bit deeper with the link you've provided 👍

@aler9 aler9 mentioned this pull request Jul 30, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asticode asticode Awaiting requested review from asticode

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eric @asticode