On 2/10/20 9:11 AM, Johannes Berg wrote:
> On Sun, 2020-02-09 at 17:58 +0100, Markus Theil wrote:
>> this
>> series fixes several bugs found while fuzzing the scan code of iw.
> Nice, can you describe the setup you used for this?
>
> johannes
>
I used clang with its sanitizers (-fsanitize=address,fuzzer,undefined).
A file named fuzz_scan.c is used to call print_ies() with random input.
Some beacon frame TLVs were used as seed corpus for libfuzzer. I can also
post my small patches doing this, but the current integration into the Makefile can
be called "ad-hoc" at best :).
Markus
fuzz_scan.c:
#include "iw.h"
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
print_ies((unsigned char *)data, size, size % 2, PRINT_SCAN);
return 0;
}
