Wireshark-dev: [Wireshark-dev] Fuzzing Wireshark with oss-fuzz
From: Moshe <me@xxxxxxxxxxxxxxx>
Date: Tue, 20 Dec 2016 23:31:31 -0500
Hello,

I've been working on adding Wireshark to Google's oss-fuzz project, so that Wireshark will benefit from the free CPU power Google is offering.

The first step is to adding Wireshark is to submit a request for the project. The Google team merged the request to add Wireshark about 12 hours ago and so this step is complete.

The second step is to create a fuzzing interface. The fuzzing interface needs to have the following signature:

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
  DoSomethingInterestingWithMyAPI(Data, Size);
  return 0;  // Non-zero return values are reserved for future use.
}

So my questions are the following:

1) What are your thoughts on the above approach for writing the fuzzing interface? My current plan is to base the fuzzing interface on rawshark.
a) One option is to split rawshark.c's main() into separate functions for initialization, processing, and cleanup and then write a fuzzing interface which calls into rawshark to do the heavy lifting. 
b) A second option is to copy most of rawshark.c into a separate file, and then optimize that new file for fuzzing. This means that rawshark and the fuzzing interface won't be dependent upon each other.
I'm currently leaning towards refactoring rawshark, then copying the refactored rawshark.c into the new file (the second option). Any advice is welcome.

2) Once I isolate the functions I need from rawshark, it appear that I'll need to perform the steps below. Are there any omissions or possible issues I should be aware of?
a) Replace rawshark's load_cap_file and raw_cf_open with functions that can operate on a string of bytes, as the current functions use file descriptors. 
b) Remove or hardcode values or any configuration options specified via command-line args.

3) Compiling: Is there a consensus on whether it's better to build wireshark with configure or cmake?

4a) Assuming using configure, could anyone suggest flags that should be included or changed? I currently have the following command:
./configure --enable-asan CFLAGS=-fno-omit-frame-pointer CXXFLAGS=-fno-omit-frame-pointer

4b) Assuming using cmake, could anyone suggest flags that should be included or changed? I currently have the following command:
-DENABLE_ASAN=1 DCMAKE_C_FLAGS="-fno-omit-frame-pointer" DCMAKE_CXX_FLAGS="-fno-omit-frame-pointer"

Thanks,
Moshe