mirror of https://github.com/radareorg/radare2.git synced 2024-12-02 18:27:18 +00:00

History

Richard Patel 78ae1247ff Fuzz pdb ##fuzz		2022-08-22 20:08:07 +02:00
..
scripts
fuzz_bin_demangle.c	libFuzzer demangler target ##fuzz	2022-08-21 22:35:28 +02:00
fuzz_bin.c	libFuzzer demangler target ##fuzz	2022-08-21 22:35:28 +02:00
fuzz_pdb_parse.c	Fuzz pdb ##fuzz	2022-08-22 20:08:07 +02:00
fuzz_pkcs7_parse.c	Fuzz pkcs7, punycode, x509 ##fuzz	2022-08-22 20:08:07 +02:00
fuzz_protobuf_decode.c	Fuzz protobuf ##fuzz	2022-08-22 20:08:07 +02:00
fuzz_punycode_decode.c	Fuzz pkcs7, punycode, x509 ##fuzz	2022-08-22 20:08:07 +02:00
fuzz_run_parseline.c	libFuzzer demangler target ##fuzz	2022-08-21 22:35:28 +02:00
fuzz_x509_parse.c	Fuzz pkcs7, punycode, x509 ##fuzz	2022-08-22 20:08:07 +02:00
meson.build	Fuzz pdb ##fuzz	2022-08-22 20:08:07 +02:00
README.md	libFuzzer bin target ##fuzz	2022-08-21 22:35:28 +02:00

libFuzzer tests

Setup

Get libFuzzer-capable clang

# Linux
export CC=clang-14
# macOS
export CC="$(brew --prefix llvm@14)/bin/clang"

Clean project

rm -rf build

Build project with libFuzzer and sanitizers

# If you want to debug crashes
export CFLAGS="-g"
# Build project with test/fuzz
python3 ./sys/meson.py --fuzz --sanitize address,leak

Show help

./build/test/fuzz/fuzz_r_run_parseline -help=1

Run fuzzer

mkdir corpus_parseline
./build/test/fuzz/fuzz_r_run_parseline \
  -workers=1 -runs=50000 -timeout=3    \
  corpus_parseline

Replay crashes

./build/test/fuzz/fuzz_r_run_parseline crash-*

add your test to /test/fuzz/meson.build
add /test/fuzz/fuzz_<name>.c file
- add system setup to LLVMFuzzerInitialize (disable logging, enable sandbox, etc)
- add fuzz target to LLVMFuzzerTestOneInput
- make sure input is short (ideally no longer than 256 bytes)
- make sure no memory leaks are present
-close_fd_mask=2 (mute stderr) if your target is spammy
-ignore_ooms -fork=16 if you're likely to OOM