libFuzzer in Chrome

go/libfuzzer-chrome

Getting Started | Buildbot | ClusterFuzz Status | Cover Bug

This directory contains integration between libFuzzer and Chrome. libFuzzer is an in-process coverage-driven evolutionary fuzzer. It helps engineers to uncover potential security & stability problems earlier.

Requirements: libFuzzer in Chrome is supported with GN on Linux only. Check Reference for experimental platform availability.

Integration Status

Fuzzer tests are well-integrated with Chrome build system & distributed ClusterFuzz fuzzing system. Cover bug: crbug.com/539572.

Documentation

• Getting Started Guide walks you through all the steps necessary to create your fuzzer and submit it to ClusterFuzz.
• Efficient Fuzzer Guide explains how to measure fuzzer effectiveness and ways to improve it.
• ClusterFuzz Integration describes integration between ClusterFuzz and libFuzzer.
• Reproducing contains information on how to reproduce bugs reported by ClusterFuzz.
• Reference contains detailed references for different integration parts.

Trophies

• ClusterFuzz Bugs - issues found and automatically filed by ClusterFuzz.
• Manual Bugs - issues that were filed manually after running fuzzers.
• Pdfium Bugs - bugs found in pdfium by manual fuzzing.
• OSS Trophies - bugs found with libFuzzer in open-source projects.

Blog Posts

• Guided in-process fuzzing of Chrome components.

Project Links

• libFuzzer Infrastructure Bugs