diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh index 6bb324cc..47728c2f 100755 --- a/.clusterfuzzlite/build.sh +++ b/.clusterfuzzlite/build.sh @@ -1,7 +1,7 @@ #!/bin/bash -eu # build project -cmake -S . -B build -DCMAKE_BUILD_TYPE=Release -DCLUSTERFUZZ=ON +cmake -S . -B build -DCMAKE_BUILD_TYPE=DEBUG -DCLUSTERFUZZ=ON cmake --build build # copy binary and dict to $OUT diff --git a/CMakeLists.txt b/CMakeLists.txt index a90fc8f7..418997f1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -409,7 +409,7 @@ if(CLUSTERFUZZ) add_subdirectory(regress/parser-libfuzzer) if (NOT DEFINED ENV{CLUSTERFUZZLITE}) set(CMAKE_C_COMPILER clang) - string(APPEND CMAKE_C_FLAGS " -g -O1 -fsanitize=fuzzer-no-link") + string(APPEND CMAKE_C_FLAGS " -g -O0 -fsanitize=fuzzer-no-link") endif() endif() add_subdirectory(compat) diff --git a/iked/ikev2_pld.c b/iked/ikev2_pld.c index 05ed27a0..104f9de4 100644 --- a/iked/ikev2_pld.c +++ b/iked/ikev2_pld.c @@ -18,6 +18,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include #include #include #include diff --git a/regress/parser-libfuzzer/common.c b/regress/parser-libfuzzer/common.c index 7871d208..2030e75e 100644 --- a/regress/parser-libfuzzer/common.c +++ b/regress/parser-libfuzzer/common.c @@ -12,6 +12,7 @@ #include #include +#include #include "iked.h" #include "types.h" @@ -162,6 +163,7 @@ ssize_t ikev2_nat_detection(struct iked *env, struct iked_message *msg, void *ptr, size_t len, u_int type, int frompeer) { + bzero(ptr, len); return (0); } diff --git a/regress/parser-libfuzzer/run_test.sh b/regress/parser-libfuzzer/run_test.sh index 9560e07d..31ad4552 100644 --- a/regress/parser-libfuzzer/run_test.sh +++ b/regress/parser-libfuzzer/run_test.sh @@ -1,6 +1,7 @@ #!/bin/sh # script to run the parser-fuzzer for 5 minutes with the right options +# use repo github.com/openiked-portable/corpus as corpus for faster results # ASAN-option to help finding the source of memory leaks export ASAN_OPTIONS=fast_unwind_on_malloc=0