| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Fuzz testing COPY FROM parsing |
| Date: | 2021-02-05 10:45:30 |
| Message-ID: | c70d47ad-0d7f-ed7c-5b2a-42f633d13d51@iki.fi |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
I've been mucking around with COPY FROM lately, and to test it, I wrote
some tools to generate input files and load them with COPY FROM:
https://github.com/hlinnaka/pgcopyfuzz
I used a fuzz testing tool called honggfuzz [1] to generate test inputs
for COPY FROM. At first I tried to use afl and libfuzzer, but honggfuzz
was much easier to use with PostgreSQL. It has a "persistent fuzzing
mode", which allows starting the server normally (well, in single-user
mode), and calling a function to get the next input. With the other
fuzzers I tried, you have to provide a callback function that the fuzzer
calls for each test iteration, and that was hard to integrate into the
PostgreSQL main processing loop.
I ran it for about 2 h on my laptop with the patch I was working on [2].
It didn't find any crashes, but it generated about 1300 input files that
it considered "interesting" based on code coverage analysis. When I took
those generated inputs, and ran them against unpatched and patched
server, some inputs produced different results. So that revealed a
couple of bugs in the patch. (I'll post a fixed patched version on that
thread soon.)
I hope others find this useful, too.
[1] https://github.com/google/honggfuzz
[2]
https://www.postgresql.org/message-id/11d39e63-b80a-5f8d-8043-fff04201fadc@iki.fi
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bharath Rupireddy | 2021-02-05 11:45:15 | Should we improve "PID XXXX is not a PostgreSQL server process" warning for pg_terminate_backend(<<postmaster_pid>>)? |
| Previous Message | Ajin Cherian | 2021-02-05 10:01:04 | Re: Single transaction in the tablesync worker? |