Stefano Bonicatti

Stefano Bonicatti

07/21/2022, 9:35 AM
There’s no watchdog or osqueryd running. The fuzzed binaries are separate executables which have the bare minimum to do the task they need to do: https://github.com/osquery/osquery/blob/master/osquery/main/harnesses/fuzz_sqlquery.cpp Anyway the issue there is not the fact that there’s no memory limit (there is, the oss-fuzz one), but it’s the nature of the test itself, which I think it may be time to just remove. Fuzzing requires you to give a limited amount of code that can run fast; sqlquery touches a lot of code and also calls system APIs or reads from the filesystem etc, and for the most part depends on what the oss-fuzz OS have on it more than what is the input data provided by the fuzzer. Tables rarely transform constraints, and that’s less interesting and useful than fuzzing our internal helpers, or trying to generate data that imitates some of the one that can be gathered through system APIs by the tables (and where the table has to process it in some way).


07/21/2022, 10:25 AM
Ah. Thanks for going into it