From 8b53eb4d47b47a49e922a1c765354fe94ff608c8 Mon Sep 17 00:00:00 2001 From: Jonathan Rudenberg Date: Tue, 16 Jan 2018 12:09:56 -0500 Subject: [PATCH] fuzz: add docs on creating fuzzer targets to HACKING --- HACKING | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/HACKING b/HACKING index 6267c58e222..551216bb45b 100644 --- a/HACKING +++ b/HACKING @@ -79,3 +79,36 @@ for systemd (this example is for Fedora): And after that, head over to your repo on github and click "Compare & pull request" Happy hacking! + + +FUZZERS + +systemd includes fuzzers in src/fuzz that use libFuzzer and are automatically +run by OSS-Fuzz (https://github.com/google/oss-fuzz) with sanitizers. To add a +fuzz target, create a new src/fuzz/fuzz-foo.c file with a LLVMFuzzerTestOneInput +function and add it to the list in src/fuzz/meson.build. + +Whenever possible, a seed corpus and a dictionary should also be added with new +fuzz targets. The dictionary should be named src/fuzz/fuzz-foo.dict and the seed +corpus should be built and exported as $OUT/fuzz-foo_seed_corpus.zip in +scripts/oss-fuzz.sh. + +The fuzzers can be built locally if you have libFuzzer installed by running +scripts/oss-fuzz.sh. You should also confirm that the fuzzer runs in the +OSS-Fuzz environment by checking out the OSS-Fuzz repo, modifying the git clone +in projects/systemd/Dockerfile to point at your code (for example, a fork on +GitHub) and then running these commands: + + python infra/helper.py build_image systemd + python infra/helper.py build_fuzzers --sanitizer memory systemd + python infra/helper.py run_fuzzer systemd fuzz-foo + +For more details on building fuzzers and integrating with OSS-Fuzz, visit: + + https://github.com/google/oss-fuzz/blob/master/docs/new_project_guide.md + + https://llvm.org/docs/LibFuzzer.html + + https://github.com/google/fuzzer-test-suite/blob/master/tutorial/libFuzzerTutorial.md + + https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/HEAD/efficient_fuzzer.md -- 2.47.3