curl/tests/fuzz
Daniel Stenberg a14f7152ce
rtsp: do not call fwrite() with NULL pointer FILE *
If the default write callback is used and no destination has been set, a
NULL pointer would be passed to fwrite()'s 4th argument.

OSS-fuzz bug https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3327
(not publicly open yet)

Detected by OSS-fuzz
Closes #1874
2017-09-08 23:56:02 +02:00
..
curl_fuzz_data rtsp: do not call fwrite() with NULL pointer FILE * 2017-09-08 23:56:02 +02:00
curl_fuzzer.cc ossfuzz: add some more handled CURL options 2017-09-08 15:00:55 +02:00
curl_fuzzer.h ossfuzz: add some more handled CURL options 2017-09-08 15:00:55 +02:00
generate_corpus.py ossfuzz: add some more handled CURL options 2017-09-08 15:00:55 +02:00
Makefile.am ossfuzz: add some more handled CURL options 2017-09-08 15:00:55 +02:00
Makefile.inc ossfuzz: Move to C++ for curl_fuzzer. 2017-09-02 11:07:55 +02:00
README ossfuzz: Move to C++ for curl_fuzzer. 2017-09-02 11:07:55 +02:00
standalone_fuzz_target_runner.cc ossfuzz: Move to C++ for curl_fuzzer. 2017-09-02 11:07:55 +02:00
testinput.h ossfuzz: Move to C++ for curl_fuzzer. 2017-09-02 11:07:55 +02:00

Fuzz tests
==========

The goal is to add tests for *ALL* protocols supported in libcurl.

Building the fuzz target
========================
From the CURL root directory:

export CC=clang-5.0
export CXX=clang++-5.0
export CFLAGS="-fsanitize=address -fsanitize-address-use-after-scope -fsanitize-coverage=trace-pc-guard,trace-cmp"
export CXXFLAGS="-fsanitize=address -fsanitize-address-use-after-scope -fsanitize-coverage=trace-pc-guard,trace-cmp -stdlib=libc++"
./configure --disable-shared --enable-debug --enable-maintainer-mode
make -sj

cd tests/fuzz

(optional) export LIB_FUZZING_ENGINE=<path to libFuzzer.a>

make check