mirror of https://github.com/pellepl/spiffs
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30 lines
1.1 KiB
30 lines
1.1 KiB
8 years ago
|
# Fuzzing SPIFFS
|
||
|
|
|
||
|
|
The SPIFFS test suite includes a test program designed for fuzzing with
|
||
|
|
[AFL](http://lcamtuf.coredump.cx/afl/). This automatically exercises the
|
||
|
|
SPIFFS API and verifies that the file system does not crash or interact incorrectly
|
||
|
|
with the flash chip.
|
||
|
|
|
||
|
|
There are two steps to fuzzing. The first is to build the test suite with
|
||
|
|
the AFL version of gcc. The CC variable should point to your copy of afl-gcc.
|
||
|
|
|
||
|
|
```
|
||
|
|
make clean test CC=/usr/local/bin/afl-gcc
|
||
|
|
```
|
||
|
|
|
||
|
|
There is a new test `afl_test` that reads from stdin a list of commands
|
||
|
|
and arguments. These are interpreted and executed on the API. The `afltests`
|
||
|
|
directory contains a number of test cases that can be fed to the `afl_test` test.
|
||
|
|
|
||
|
|
|
||
|
|
The second is to run this test suite under afl as follows (where findings is
|
||
|
|
the output directory):
|
||
|
|
|
||
|
|
```
|
||
|
|
afl-fuzz -i afltests -o findings ./build/linux_spiffs_test -f afl_test
|
||
|
|
```
|
||
|
|
|
||
|
|
This run will take hours (or days) and will (hopefully) not find any crashes.
|
||
|
|
If a crash (or hang) is found, then the input file that caused the crash is
|
||
|
|
saved. This allows the specific test case to be debugged.
|