curl/tests/fuzz
Max Dymond c73ebb8537
ossfuzz: changes before merging the generated corpora
Before merging in the oss-fuzz corpora from Google, there are some changes
to the fuzzer.
- Add a read corpus script, to display corpus files nicely.
- Change the behaviour of the fuzzer so that TLV parse failures all now
  go down the same execution paths, which should reduce the size of the
  corpora.
- Make unknown TLVs a failure to parse, which should decrease the size
  of the corpora as well.

Closes #1881
2017-09-18 23:23:13 +02:00
..
curl_fuzz_data rtsp: do not call fwrite() with NULL pointer FILE * 2017-09-08 23:56:02 +02:00
corpus.py ossfuzz: changes before merging the generated corpora 2017-09-18 23:23:13 +02:00
curl_fuzzer.cc ossfuzz: changes before merging the generated corpora 2017-09-18 23:23:13 +02:00
curl_fuzzer.h ossfuzz: changes before merging the generated corpora 2017-09-18 23:23:13 +02:00
generate_corpus.py ossfuzz: changes before merging the generated corpora 2017-09-18 23:23:13 +02:00
Makefile.am ossfuzz: add some more handled CURL options 2017-09-08 15:00:55 +02:00
Makefile.inc ossfuzz: Move to C++ for curl_fuzzer. 2017-09-02 11:07:55 +02:00
read_corpus.py ossfuzz: changes before merging the generated corpora 2017-09-18 23:23:13 +02:00
README ossfuzz: Move to C++ for curl_fuzzer. 2017-09-02 11:07:55 +02:00
standalone_fuzz_target_runner.cc ossfuzz: Move to C++ for curl_fuzzer. 2017-09-02 11:07:55 +02:00
testinput.h ossfuzz: Move to C++ for curl_fuzzer. 2017-09-02 11:07:55 +02:00

Fuzz tests
==========

The goal is to add tests for *ALL* protocols supported in libcurl.

Building the fuzz target
========================
From the CURL root directory:

export CC=clang-5.0
export CXX=clang++-5.0
export CFLAGS="-fsanitize=address -fsanitize-address-use-after-scope -fsanitize-coverage=trace-pc-guard,trace-cmp"
export CXXFLAGS="-fsanitize=address -fsanitize-address-use-after-scope -fsanitize-coverage=trace-pc-guard,trace-cmp -stdlib=libc++"
./configure --disable-shared --enable-debug --enable-maintainer-mode
make -sj

cd tests/fuzz

(optional) export LIB_FUZZING_ENGINE=<path to libFuzzer.a>

make check