libFuzzer in Chrome

Getting Started | Buildbot | ClusterFuzz Status | Cover Bug

This directory contains integration between libFuzzer and Chrome. libFuzzer is an in-process coverage-driven evolutionary fuzzer. It helps engineers to uncover potential security & stability problems earlier.

Requirements: libFuzzer in Chrome is supported with GN on Linux only.

Integration Status

Fuzzer tests are well-integrated with Chrome build system & distributed ClusterFuzz fuzzing system. Cover bug: crbug.com/539572.

Documentation

Getting Started Guide walks you through all the steps necessary to create your fuzzer and submit it to ClusterFuzz.
Efficient Fuzzer Guide explains how to measure fuzzer effectiveness and ways to improve it.
ClusterFuzz Integration describes integration between ClusterFuzz and libFuzzer.
Reference contains detailed references for different integration parts.

Trophies

ClusterFuzz Bugs - issues found and automatically filed by ClusterFuzz.
Manual Bugs - issues that were filed manually after running fuzzers.
Pdfium Bugs - bugs found in pdfium by manual fuzzing.
OSS Trophies - bugs found with libFuzzer in open-source projects.