X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=fuzz%2FREADME.md;h=69c388121b8c867a821afdb4c811af16d4498e98;hp=e9ec88b8c6b90c2d2621a1e8bf1e03d2a7838c37;hb=0282aeb690d63fab73a07191b63300a2fe30d212;hpb=f59d0131cb6fc224aee0a0a92de1f04cdebe97c8 diff --git a/fuzz/README.md b/fuzz/README.md index e9ec88b8c6..69c388121b 100644 --- a/fuzz/README.md +++ b/fuzz/README.md @@ -3,7 +3,7 @@ LibFuzzer ========= -Or, how to fuzz OpenSSL with [libfuzzer](llvm.org/docs/LibFuzzer.html). +Or, how to fuzz OpenSSL with [libfuzzer](http://llvm.org/docs/LibFuzzer.html). Starting from a vanilla+OpenSSH server Ubuntu install. @@ -38,19 +38,19 @@ Configure for fuzzing: $ CC=clang ./config enable-fuzz-libfuzzer \ --with-fuzzer-include=../../svn-work/Fuzzer \ --with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer \ - enable-asan enable-ubsan no-shared + -DPEDANTIC enable-asan enable-ubsan no-shared \ + -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \ + -fsanitize-coverage=edge,indirect-calls,8bit-counters $ sudo apt-get install make $ LDCMD=clang++ make -j - $ fuzz/helper.py + $ fuzz/helper.py $FUZZER -Where `` is one of the executables in `fuzz/`. Most fuzzers do not -need any command line arguments, but, for example, `asn1` needs the name of a -data type. +Where $FUZZER is one of the executables in `fuzz/`. If you get a crash, you should find a corresponding input file in -`fuzz/corpora/-crash/`. You can reproduce the crash with +`fuzz/corpora/$FUZZER-crash/`. You can reproduce the crash with - $ fuzz/ + $ fuzz/$FUZZER AFL === @@ -63,8 +63,6 @@ Configure for fuzzing: Run one of the fuzzers: - $ afl-fuzz fuzz/ -i fuzz/corpora/ -o fuzz/corpora//out + $ afl-fuzz -i fuzz/corpora/$FUZZER -o fuzz/corpora/$FUZZER/out fuzz/$FUZZER -Where `` is one of the executables in `fuzz/`. Most fuzzers do not -need any command line arguments, but, for example, `asn1` needs the name of a -data type. +Where $FUZZER is one of the executables in `fuzz/`.