tree: 5bb72b64b4124bb43cc2180d132f9a3a93d70f0a [path history] [tgz]
  1. fuzzers/
  2. tests/
  3. BUILD.gn
  4. OWNERS
  5. README.md
  6. archive_corpus.py
  7. clusterfuzz.md
  8. dictionary_generator.py
  9. drfuzz_main.cc
  10. efficient_fuzzer.md
  11. fuzzer_test.gni
  12. gen_fuzzer_config.py
  13. getting_started.md
  14. reference.md
  15. reproducing.md
  16. unittest_main.cc
  17. zip_sources.py
testing/libfuzzer/README.md

libFuzzer in Chrome

go/libfuzzer-chrome

This directory contains integration between libFuzzer and Chrome. libFuzzer is an in-process coverage-driven evolutionary fuzzer. It helps engineers to uncover potential security & stability problems earlier.

Requirements: libFuzzer in Chrome is supported with GN on Linux only. Check Reference for experimental platform availability.

Integration Status

Fuzzer tests are well-integrated with Chrome build system & distributed ClusterFuzz fuzzing system. Cover bug: crbug.com/539572.

Documentation

  • Getting Started Guide walks you through all the steps necessary to create your fuzzer and submit it to ClusterFuzz.
  • Efficient Fuzzer Guide explains how to measure fuzzer effectiveness and ways to improve it.
  • ClusterFuzz Integration describes integration between ClusterFuzz and libFuzzer.
  • Reproducing contains information on how to reproduce bugs reported by ClusterFuzz.
  • Reference contains detailed references for different integration parts.

Trophies

  • ClusterFuzz Bugs - issues found and automatically filed by ClusterFuzz.
  • Manual Bugs - issues that were filed manually after running fuzzers.
  • Pdfium Bugs - bugs found in pdfium by manual fuzzing.
  • OSS Trophies - bugs found with libFuzzer in open-source projects.

Blog Posts