12275c8599
This commit introduces a new build configuration, "Fuzzing", which enables the new address sanitizer (shipped in VS 16.9) and code coverage over the entire solution. Only a small subset of projects (those comprising original conhost, right now) are selected to build in this configuration, and even then only in Fuzzing|x64. It also adds a fuzzing-adapted build of conhost, which makes no server connections and handles no client applications. To do this, I've replicated a bit of the console startup routine into fuzzmain.cpp and made up some fake data. This is the bare minimum required to boot up Win32 interactivity (or VT interactivity!) and pretend that a process has connected. If we don't pretend that a process has connected, "conhost" will exit immediately. If we don't forge the process list, conhost will exit. If we can't provide a server handle, we can't provide a "device comm". Minor changes were necessary to server/host such that they would accept a preexisting "device comm". We use this new behavior to provide a "null" one that only hangs up threads and otherwise responds to requests successfully. This fuzzing-adapted build links LLVM's libFuzzer, which is an excellent coverage-based fuzzer that will produce a corpus of inputs that exercise unique codepaths. Eventually, we can use this to generate known-"good" inputs for anything. I've gone ahead and added a fuzz function that yeets bytes directly into WriteCharsLegacy, which was the original reason I went down this path. The implementation of LLVMFuzzerTestOneInput should be replaced with whatever you want to fuzz. |
||
---|---|---|
.. | ||
actions/spelling | ||
ISSUE_TEMPLATE | ||
linters | ||
workflows | ||
PULL_REQUEST_TEMPLATE.md |