Fuzzing Wireshark with oss-fuzz

[Moshe <me () moshekaplan com>]

Hello,

I've been working on adding Wireshark to Google's oss-fuzz project, so that
Wireshark will benefit from the free CPU power Google is offering.

The first step is to adding Wireshark is to submit a request for the
project. The Google team merged the request to add Wireshark about 12 hours
ago and so this step is complete.

The second step is to create a fuzzing interface. The fuzzing interface
needs to have the following signature:

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
  DoSomethingInterestingWithMyAPI(Data, Size);
  return 0;  // Non-zero return values are reserved for future use.
}

So my questions are the following:

1) What are your thoughts on the above approach for writing the fuzzing
interface? My current plan is to base the fuzzing interface on rawshark.
a) One option is to split rawshark.c's main() into separate functions for
initialization, processing, and cleanup and then write a fuzzing interface
which calls into rawshark to do the heavy lifting.
b) A second option is to copy most of rawshark.c into a separate file, and
then optimize that new file for fuzzing. This means that rawshark and the
fuzzing interface won't be dependent upon each other.
I'm currently leaning towards refactoring rawshark, then copying the
refactored rawshark.c into the new file (the second option). Any advice is
welcome.

2) Once I isolate the functions I need from rawshark, it appear that I'll
need to perform the steps below. Are there any omissions or possible issues
I should be aware of?
a) Replace rawshark's load_cap_file and raw_cf_open with functions that can
operate on a string of bytes, as the current functions use file
descriptors.
b) Remove or hardcode values or any configuration options specified via
command-line args.

3) Compiling: Is there a consensus on whether it's better to build
wireshark with configure or cmake?

4a) Assuming using configure, could anyone suggest flags that should be
included or changed? I currently have the following command:
./configure --enable-asan CFLAGS=-fno-omit-frame-pointer
CXXFLAGS=-fno-omit-frame-pointer

4b) Assuming using cmake, could anyone suggest flags that should be
included or changed? I currently have the following command:
-DENABLE_ASAN=1 DCMAKE_C_FLAGS="-fno-omit-frame-pointer" DCMAKE_CXX_FLAGS="
-fno-omit-frame-pointer"

Thanks,
Moshe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe