Add fuzz testing for BMP header loading#7
Merged
JacobBorden merged 2 commits intodevelopmentfrom May 29, 2025
Merged
Conversation
This commit introduces fuzz testing for the `BmpTool::load()` function, specifically targeting 54-byte BMP headers to ensure graceful failure without heap interaction when processing malformed headers. Key changes: - Integrated libFuzzer into the CMake build system with an `ENABLE_FUZZING` option. This uses Clang and AddressSanitizer when enabled. - Created a fuzzing harness (`tests/fuzz/fuzz_bitmap.cpp`) that feeds 54-byte data chunks from the fuzzer to `BmpTool::load()`. - Added a GitHub Actions workflow (`.github/workflows/fuzzing.yml`) to automate the fuzzing process on pushes and pull requests. The workflow builds with Clang, ASan, and runs the fuzzer for a short duration. - Added a unit test (`tests/test_bitmap.cpp`) to specifically check for correct error handling (`BitmapError::NotABmp`) when an invalid BMP magic number is encountered. Manual analysis of `BmpTool::load()` suggests it is designed to prevent heap allocations if header validation fails for 54-byte inputs. The primary risks identified (integer overflows in validation, mishandling of `ih.biSize`) are targets for the automated fuzzing setup. A Clang compiler crash was encountered in the development environment when compiling `src/bitmap/bitmap.cpp` with fuzzing flags. This prevented direct execution and iteration of the fuzzer during this development, but the fuzzing infrastructure is provided for environments where this compilation succeeds (e.g., the GitHub Actions runner).
The method `result.has_error()` was incorrectly used in the `LoadWithInvalidMagicType` test case in `tests/test_bitmap.cpp`. This has been changed to the correct method `result.isError()`, as indicated by build failures in the CI.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit introduces fuzz testing for the
BmpTool::load()function, specifically targeting 54-byte BMP headers to ensure graceful failure without heap interaction when processing malformed headers.Key changes:
ENABLE_FUZZINGoption. This uses Clang and AddressSanitizer when enabled.tests/fuzz/fuzz_bitmap.cpp) that feeds 54-byte data chunks from the fuzzer toBmpTool::load()..github/workflows/fuzzing.yml) to automate the fuzzing process on pushes and pull requests. The workflow builds with Clang, ASan, and runs the fuzzer for a short duration.tests/test_bitmap.cpp) to specifically check for correct error handling (BitmapError::NotABmp) when an invalid BMP magic number is encountered.Manual analysis of
BmpTool::load()suggests it is designed to prevent heap allocations if header validation fails for 54-byte inputs. The primary risks identified (integer overflows in validation, mishandling ofih.biSize) are targets for the automated fuzzing setup.A Clang compiler crash was encountered in the development environment when compiling
src/bitmap/bitmap.cppwith fuzzing flags. This prevented direct execution and iteration of the fuzzer during this development, but the fuzzing infrastructure is provided for environments where this compilation succeeds (e.g., the GitHub Actions runner).