radare2/test/fuzz
2023-03-05 01:51:55 +01:00
..
scripts
fuzz_bin_demangle.c RAnalEsil -> REsil api refactor ##api 2022-11-17 10:22:55 +01:00
fuzz_bin.c Fix infinite loop in dyldcache parser ##fuzz 2022-09-12 17:31:24 +02:00
fuzz_cmd.c Move slow test, fix mz regression and unref in regitem 2023-03-05 01:51:55 +01:00
fuzz_dwarf.c Add the dwarf fuzzer program ##test 2023-01-20 18:12:23 +01:00
fuzz_ia.c Fix an oobs in xbe and add fuzz.cmd 2023-03-04 23:43:40 +01:00
fuzz_pdb_parse.c Fuzz pdb ##fuzz 2022-08-22 20:08:07 +02:00
fuzz_pkcs7_parse.c Fuzz pkcs7, punycode, x509 ##fuzz 2022-08-22 20:08:07 +02:00
fuzz_protobuf_decode.c Fuzz protobuf ##fuzz 2022-08-22 20:08:07 +02:00
fuzz_punycode_decode.c Fuzz pkcs7, punycode, x509 ##fuzz 2022-08-22 20:08:07 +02:00
fuzz_run_parseline.c libFuzzer demangler target ##fuzz 2022-08-21 22:35:28 +02:00
fuzz_x509_parse.c Fix -Wimplicit-const-int-float-conversion spotted by latest clang 2023-03-04 19:56:36 +01:00
meson.build Fix an oobs in xbe and add fuzz.cmd 2023-03-04 23:43:40 +01:00
README.md Update libfuzz build instructions ##test 2023-01-21 02:39:45 +01:00

libFuzzer tests

Setup

Get libFuzzer-capable clang

# Linux
export CC=clang-14
# macOS
export CC="$(brew --prefix llvm@14)/bin/clang"

Clean project

git clean -xdf
rm -rf shlr/capstone
rm -rf build

Build project with libFuzzer and sanitizers

# If you want to debug crashes
export CFLAGS="-g"
# Build project with test/fuzz
python3 ./sys/meson.py --fuzz --sanitize address,leak,fuzzer-no-link

Run

Refer to https://llvm.org/docs/LibFuzzer.html

Show help

./build/test/fuzz/fuzz_r_run_parseline -help=1

Run fuzzer

mkdir corpus_parseline
./build/test/fuzz/fuzz_r_run_parseline \
  -workers=1 -runs=50000 -timeout=3    \
  corpus_parseline

Replay crashes

./build/test/fuzz/fuzz_r_run_parseline crash-*

Adding a new target

  • add your test to /test/fuzz/meson.build
  • add /test/fuzz/fuzz_<name>.c file
    • add system setup to LLVMFuzzerInitialize (disable logging, enable sandbox, etc)
    • add fuzz target to LLVMFuzzerTestOneInput
    • make sure input is short (ideally no longer than 256 bytes)
    • make sure no memory leaks are present
  • -close_fd_mask=2 (mute stderr) if your target is spammy
  • -ignore_ooms -fork=16 if you're likely to OOM