Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] master cf142c6: Get Wireshark to compile
From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Sat, 24 Jan 2015 14:43:11 -0800
On 1/24/15 1:28 PM, Guy Harris wrote:
> 
> On Jan 24, 2015, at 11:14 AM, Wireshark code review <code-review-do-not-reply@xxxxxxxxxxxxx> wrote:
> 
>> cf142c6 by Gerald Combs (gerald@xxxxxxxxxxxxx):
>>
>>    Get Wireshark to compile with afl-gcc.
>>
>>    Fix errors found by American Fuzzy Lop's afl-gcc
>>    (http://lcamtuf.coredump.cx/afl/):
>>
>>    peektagged.c:
>>    error: 'fileVersion' may be used uninitialized in this function
> 
> So did AFL generate a test case for this one?  I'm not sure where it could ever be used uninitialized, given that wtap_file_read_number() should, if it returns a value that's neither -1 nor 0, fill in the variable to which it's handed a pointer; perhaps afl-gcc's data flow analysis missed something, or perhaps I did.

These were fixes that had to be made prior to fuzzing. As far as I can
tell they fall into the "squelch a compiler warning" category. afl-gcc
generates an instrumented executable, which you can then run under
afl-fuzz (the actual fuzzer). According to the documentation the
instrumentation isn't strictly necessary but it does enable more
intelligent and efficient fuzzing.

BTW, I haven't found anything yet, but it looks like Evan has
(gb2a5f15). Hopefully we can add an AFL step to the buildbot at some
point but I'm not sure if that's feasible with the current version.