LibFuzzer
=========
-Or, how to fuzz OpenSSL with [libfuzzer](llvm.org/docs/LibFuzzer.html).
+Or, how to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html).
Starting from a vanilla+OpenSSH server Ubuntu install.
$ CC=clang ./config enable-fuzz-libfuzzer \
--with-fuzzer-include=../../svn-work/Fuzzer \
--with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer \
- enable-asan enable-ubsan no-shared
+ -DPEDANTIC enable-asan enable-ubsan no-shared \
+ -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \
+ -fsanitize-coverage=edge,indirect-calls,8bit-counters
$ sudo apt-get install make
$ LDCMD=clang++ make -j
- $ fuzz/helper.py <fuzzer> <arguments>
+ $ fuzz/helper.py $FUZZER
-Where `<fuzzer>` is one of the executables in `fuzz/`. Most fuzzers do not
-need any command line arguments, but, for example, `asn1` needs the name of a
-data type.
+Where $FUZZER is one of the executables in `fuzz/`.
If you get a crash, you should find a corresponding input file in
-`fuzz/corpora/<fuzzer>-crash/`. You can reproduce the crash with
+`fuzz/corpora/$FUZZER-crash/`. You can reproduce the crash with
- $ fuzz/<fuzzer> <crashfile>
+ $ fuzz/$FUZZER <crashfile>
AFL
===
Run one of the fuzzers:
- $ afl-fuzz fuzz/<fuzzer> -i fuzz/corpora/<fuzzer> -o fuzz/corpora/<fuzzer>/out <fuzzer> <arguments>
+ $ afl-fuzz -i fuzz/corpora/$FUZZER -o fuzz/corpora/$FUZZER/out fuzz/$FUZZER
-Where `<fuzzer>` is one of the executables in `fuzz/`. Most fuzzers do not
-need any command line arguments, but, for example, `asn1` needs the name of a
-data type.
+Where $FUZZER is one of the executables in `fuzz/`.
projects / openssl.git / blobdiff