tree: aafcdf9bb29101d00677830ae24025cfa32f6a0b [path history] [tgz]
  1. BUILD.gn
  2. OWNERS
  3. README.md
  4. archive_corpus.py
  5. clusterfuzz.md
  6. drfuzz_main.cc
  7. efficient_fuzzer.md
  8. fuzzer_test.gni
  9. fuzzers/
  10. gen_fuzzer_config.py
  11. getting_started.md
  12. reference.md
  13. tests/
  14. unittest_main.cc
testing/libfuzzer/README.md

libFuzzer in Chrome

go/libfuzzer-chrome

This directory contains integration between libFuzzer and Chrome. libFuzzer is an in-process coverage-driven evolutionary fuzzer. It helps engineers to uncover potential security & stability problems earlier.

Requirements: libFuzzer in Chrome is supported with GN on Linux only.

Integration Status

Fuzzer tests are well-integrated with Chrome build system & distributed ClusterFuzz fuzzing system. Cover bug: crbug.com/539572.

Documentation

Trophies

  • ClusterFuzz Bugs - issues found and automatically filed by ClusterFuzz.
  • Manual Bugs - issues that were filed manually after running fuzzers.
  • Pdfium Bugs - bugs found in pdfium by manual fuzzing.
  • OSS Trophies - bugs found with libFuzzer in open-source projects.