tree: fa55ca0c4ac4d4f29faa00ddb89e68855ab382b2 [path history] [tgz]
  1. fuzz_corpus/
  2. proto/
  3. test/
  4. BUILD.gn
  5. cast_auth_util.cc
  6. cast_auth_util.h
  7. cast_auth_util_fuzzer.cc
  8. cast_auth_util_fuzzer_shared.cc
  9. cast_auth_util_fuzzer_shared.h
  10. cast_auth_util_unittest.cc
  11. cast_channel_enum.cc
  12. cast_channel_enum.h
  13. cast_framer.cc
  14. cast_framer.h
  15. cast_framer_ingest_fuzzer.cc
  16. cast_framer_serialize_fuzzer.cc
  17. cast_framer_unittest.cc
  18. cast_message_handler.cc
  19. cast_message_handler.h
  20. cast_message_handler_unittest.cc
  21. cast_message_util.cc
  22. cast_message_util.h
  23. cast_message_util_fuzzer.cc
  24. cast_message_util_unittest.cc
  25. cast_socket.cc
  26. cast_socket.h
  27. cast_socket_service.cc
  28. cast_socket_service.h
  29. cast_socket_service_unittest.cc
  30. cast_socket_unittest.cc
  31. cast_test_util.cc
  32. cast_test_util.h
  33. cast_transport.cc
  34. cast_transport.h
  35. cast_transport_unittest.cc
  36. DEPS
  37. DIR_METADATA
  38. enum_table.cc
  39. enum_table.h
  40. enum_table_unittest.cc
  41. fuzz.dict
  42. keep_alive_delegate.cc
  43. keep_alive_delegate.h
  44. keep_alive_delegate_unittest.cc
  45. keep_alive_handler.cc
  46. keep_alive_handler.h
  47. libcast_socket_service.cc
  48. libcast_socket_service.h
  49. libcast_socket_service_unittest.cc
  50. logger.cc
  51. logger.h
  52. logger_unittest.cc
  53. mojo_data_pump.cc
  54. mojo_data_pump.h
  55. openscreen_cast_auth_util_fuzzer.cc
  56. openscreen_message_framer_deserialize_fuzzer.cc
  57. openscreen_message_framer_serialize_fuzzer.cc
  58. OWNERS
  59. README.md
components/cast_channel/README.md

How to Run a Fuzz Test

Create an appropriate build config:

% tools/mb/mb.py gen -m chromium.fuzz -b 'Libfuzzer Upload Linux ASan' out/libfuzzer
% gn gen out/libfuzzer

Build the fuzz target:

% ninja -C out/libfuzzer $TEST_NAME

Create an empty corpus directory if you don't have one already.

% mkdir ${TEST_NAME}_corpus

Turning off detection of ODR violations that occur in component builds:

% export ASAN_OPTIONS=detect_odr_violation=0

If the test has a seed corpus:

% ./out/libfuzzer/$TEST_NAME ${TEST_NAME}_corpus out/libfuzzer/gen/components/cast_channel/${TEST_NAME}_corpus

If the test has no seed corpus, omit the last parameter:

% ./out/libfuzzer/$TEST_NAME ${TEST_NAME}_corpus

For more details, refer to https://chromium.googlesource.com/chromium/src/testing/libfuzzer/+/refs/heads/main/getting_started.md