| | 31 | |
| | 32 | === Testing protocol === |
| | 33 | |
| | 34 | The zzuf commands used to find bugs were rather straightforward. A few flags are recurrent: |
| | 35 | * `-r0.0001:0.02` to try several fuzzing ratios |
| | 36 | * `-s0:10000` to stop after 10000 tries |
| | 37 | * `-b8` to skip the first 8 bytes and ensure that the file format is not misinterpreted |
| | 38 | |
| | 39 | MPlayer is very easy to test, thanks to its `-benchmark` flag: |
| | 40 | {{{ |
| | 41 | #!sh |
| | 42 | % zzuf -vq -c -r0.0001:0.02 -s0:10000 -b8- -j8 -T5 -S mplayer -benchmark \ |
| | 43 | -ao pcm:file=/dev/null -vo md5sum:outfile=/dev/null filename |
| | 44 | }}} |
| | 45 | |
| | 46 | VLC doesn’t provide a benchmark flag, forcing us to spawn a lot more parallel processes using `-j`, so that the test goes a bit faster: |
| | 47 | {{{ |
| | 48 | #!sh |
| | 49 | % zzuf -vq -c -r0.0001:0.02 -s0:10000 -b8- -j80 vlc -I dummy \ |
| | 50 | -A dummy -V dummy filename vlc://quit |
| | 51 | }}} |
| | 52 | |
| | 53 | GStreamer is as easy to test as MPlayer: |
| | 54 | {{{ |
| | 55 | #!sh |
| | 56 | % zzuf -vq -I'orig.*' -r0.0001:0.02 -s0:10000 -b8- -j5 -S gst-launch-0.10 \ |
| | 57 | filesrc location=filename '!' decodebin '!' fakesink |
| | 58 | }}} |
| | 59 | |
| | 60 | I could not find a benchmark mode for xine, so I tested it using the libcaca output: |
| | 61 | {{{ |
| | 62 | #!sh |
| | 63 | % CACA_DRIVER=raw zzuf -vq -c -r0.0001:0.02 -s0:10000 -b8- -j15 -S cacaxine -A none -q filename |
| | 64 | }}} |
| | 65 | |
| | 66 | Finally, mpg321 and ogg123 don’t have a benchmark mode either. We increase the `-j` value as well: |
| | 67 | {{{ |
| | 68 | #!sh |
| | 69 | % zzuf -vq -c -r0.0001:0.02 -s0:10000 -b8- -j10 mpg321 filename |
| | 70 | % zzuf -vq -c -r0.0001:0.02 -s0:10000 -b8- -j10 ogg123 -d null filename |
| | 71 | }}} |
