Skip to content

feat(go-avahi): implement stateful daemon-aware fuzzing and pure Go DNS decoding harnesses#50

Open
rishavtarway wants to merge 1 commit intoOpenPrinting:mainfrom
rishavtarway:add-go-avahi-support
Open

feat(go-avahi): implement stateful daemon-aware fuzzing and pure Go DNS decoding harnesses#50
rishavtarway wants to merge 1 commit intoOpenPrinting:mainfrom
rishavtarway:add-go-avahi-support

Conversation

@rishavtarway
Copy link
Contributor

@rishavtarway rishavtarway commented Mar 10, 2026

This Pull Request finalizes the fuzzing setup for the go-avahi project within the OpenPrinting/fuzzing repository. The changes expand the existing fuzzing suite to cover both stateful interactions with the avahi-daemon and critical pure Go logic paths, significantly increasing the library's overall test coverage against malformed or adversarial inputs.

Technical Achievements:

  • Stateful Lifecycle Fuzzing: Introduced harnesses for EntryGroup and ServiceBrowser lifecycles. These fuzzers leverage dbus-daemon and a live avahi-daemon within the OSS-Fuzz environment to test real-world CGo state transitions and asynchronous event handling.
  • Pure Go DNS Decoding: Implemented targeted fuzzing for DNSDecodeA, DNSDecodeAAAA, and DNSDecodeTXT functions to validate resource record parsing without external dependencies.
  • Architectural Cleanup: Removed deprecated local runner scripts and non-standard in-code seed management, strictly following the patterns observed in the ipp-usb and goipp projects.
  • Binary Portability: Enhanced oss_fuzz_build.sh with robust RPATH patching using patchelf to ensure binary compatibility across different container execution environments.

Implementation Steps:

  1. Header Standardization: Updated all existing and new fuzzer sources to include standard OpenPrinting copyright headers.
  2. Logic Isolation: Refactored fuzzers to utilize external seed corpuses managed via the build script, ensuring a clean and maintainable codebase.
  3. Graceful Degradation: Implemented fallback logic in stateful fuzzers that detects the presence of the avahi-daemon, allowing tests to skip gracefully in restrictive environments while remaining fully functional for intensive fuzzing.
  4. Local Validation: Conducted extensive verification using the OSS-Fuzz emulator with AddressSanitizer (ASAN) enabled, achieving millions of iterations across all 11 harnesses with 0 detected crashes or leaks.

Verified Harnesses:

  • fuzz_dns_decode_a
  • fuzz_dns_decode_aaaa
  • fuzz_dns_decode_txt
  • fuzz_entry_group
  • fuzz_service_browser
  • fuzz_client_lifecycle
  • fuzz_string_array
  • fuzz_domain_normalize
  • fuzz_domain_roundtrip
  • fuzz_service_name
  • fuzz_state_strings

@rishavtarway
feat(go-avahi): implement comprehensive stateful and DNS decoding fuz…
e4287c1 
…zing suite

This update expands the go-avahi fuzzing coverage with the following technical enhancements:

- Stateful Lifecycle Fuzzing: Added harnesses for EntryGroup and ServiceBrowser utilizing live avahi-daemon interaction.
- Pure Go Logic: Implemented targeted DNS resource record decoding fuzzers (A, AAAA, TXT).
- Architectural Alignment: Standardized headers and migrated to external seed corpus management to match OpenPrinting standards.
- Build Portability: Enhanced RPATH patching in build scripts for robust container execution.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rishavtarway