Google Git
Sign in
chromium / chromium / src / testing / libfuzzer / 96af182b2db4ff0270e0b0ec890bc7331d5773d8
commit96af182b2db4ff0270e0b0ec890bc7331d5773d8[log] [tgz]
authorJonathan Metzman <metzman@chromium.org>Tue Feb 13 22:54:54 2018
committerCommit Bot <commit-bot@chromium.org>Tue Feb 13 22:54:54 2018
tree5c34043792fed2c6c778d35c3965a10263b4f21e
parentc12c1932279f0995a53c83c5c71c55020f57d5b0 [diff]
[LPM][libFuzzer] Add protoc plugin to allow fuzzing of real proto libraries.

Real proto definitions (not definitions written solely for fuzzing)
in Chromium must contain a line specifying that they are to be built
using protobuf's "LITE_RUNTIME". This made them unsable with LPM.
This change makes them usable by LPM by adding a plugin that proto
libraries can be built with to ensure that they aren't built with
the LITE_RUNTIME when fuzzing, but continue to be built with the
LITE_RUNTIME in production.

Bug: 796717,769578,796721
Change-Id: I329af4c42261d37ce019c8550a0acde8420aaa84
Reviewed-on: https://chromium-review.googlesource.com/912592
Reviewed-by: Oliver Chang <ochang@chromium.org>
Commit-Queue: Jonathan Metzman <metzman@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#536529}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: e52bc8a29af9984559bce0e3654dbd14196b45dc
1 file changed
tree: 5c34043792fed2c6c778d35c3965a10263b4f21e
  1. fuzzers/
  2. proto/
  3. tests/
  4. archive_corpus.py
  5. BUILD.gn
  6. clusterfuzz.md
  7. coverage.py
  8. dictionary_generator.py
  9. drfuzz_main.cc
  10. efficient_fuzzer.md
  11. fuzzer_test.gni
  12. gen_fuzzer_config.py
  13. getting_started.md
  14. libfuzzer_exports.h
  15. libprotobuf-mutator.md
  16. OWNERS
  17. README.md
  18. reference.md
  19. unittest_main.cc
  20. zip_sources.py
README.md

libFuzzer in Chromium

go/libfuzzer-chromium (Googler only)

Getting Started | Buildbot | ClusterFuzz Status | Cover Bug

This directory contains integration between libFuzzer and Chromium. libFuzzer is an in-process coverage-driven evolutionary fuzzer. It helps engineers to uncover potential security & stability problems earlier.

Requirements: libFuzzer in Chromium is supported with Linux and Mac only.

Integration Status

Fuzzer tests are well-integrated with Chromium build system and distributed ClusterFuzz fuzzing system. Cover bug: crbug.com/539572.

Documentation

  • Getting Started Guide walks you through all the steps necessary to create your fuzzer and submit it to ClusterFuzz.
  • Efficient Fuzzer Guide explains how to measure fuzzer effectiveness and ways to improve it.
  • Guide to libprotobuf-mutator walks through the steps necessary to create a fuzzer that libFuzzer gives mutated protobufs to as input (for developers already familiar with libFuzzer).
  • ClusterFuzz Integration describes integration between ClusterFuzz and libFuzzer.
  • Reproducing contains information on how to reproduce bugs reported by ClusterFuzz.
  • Reference contains detailed references for different integration parts.

Trophies

  • ClusterFuzz Bugs - issues found and automatically filed by ClusterFuzz.
  • Manual Bugs - issues that were filed manually after running fuzzers.
  • Pdfium Bugs - bugs found in pdfium by manual fuzzing.
  • OSS Trophies - bugs found with libFuzzer in open-source projects.

Blog Posts

Project Links