How to get info about function arguments from python code?

I’m creating simple GTK 4 fuzzer -
For now I’m able only test functions which have 0 arguments.
How can I get info about functions arguments?
E.g. there is function which takes 3 arguments function(a,b,c) - how can I check what type of arguments this functions expects?

My recommendation would be to use the introspection data generated by GTK, but:

  • if you don’t know how to write a fuzzer for any generic API, then you might have a problem, and I’d recommend you learn more about the C ABI
  • do not run your fuzzer on GTK: it’s pointless. GTK has too much internal state that depends on the state of the windowing system
  • GTK follows a strict “garbage in, garbage out” policy; we validate the arguments of public API, and we assert on internal state; sending random garbage into the public API is just going to result in a critical warning and undefined behaviour

You may want to fuzz specific parts of the GTK internals, like the GtkBuilder XML parser; or the icon theme cache parser. That requires knowledge of the internals of the library.

Once one gets into this I think it becomes more of a fuzzer in general for gobject introspection APIs and less about GTK. Personally I’ve noticed some “low-hanging fruit” for bugs there:

  • Incorrect/missing asserts on the type of arguments
  • Incorrect/missing null checks
  • Object/Boxed/String/etc properties that don’t handle null correctly
  • Inconsistent transfer and nullable annotations

So maybe those could be an area to start with. It may be possible to make this work by using g_log_set_handler to trigger a test fail if a critical error is printed. I don’t know how you would handle the case of memory leaks, possibly you could try to call the unref or free function twice and fail if it doesn’t trigger a crash.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.