Google Git
Sign in
chromium / chromium / src / testing / libfuzzer / 5f9ba1c8c0c6b6cc341afc10f670e4653107f3b6
commit5f9ba1c8c0c6b6cc341afc10f670e4653107f3b6[log] [tgz]
authorTitouan Rigoudy <titouan@chromium.org>Fri Aug 22 15:35:44 2025
committerCopybara-Service <copybara-worker@google.com>Fri Aug 22 15:38:25 2025
treed1bdf260d0a77a4f745b9bf29c6aeb2ad8c279fc
parent4fbd7d915d5b64951f904a688205c082c6b0df76 [diff]
[Fuzzing] Expect Mac ARM64 stack frame format.

Bug: 435630448
Change-Id: I40f30f11a5b58867ac986285b430c7bc57b83e15
Cq-Include-Trybots: luci.chromium.try:linux-x64-libfuzzer-asan-dbg-tests,linux-x64-libfuzzer-asan-rel-tests,linux-x64-libfuzzer-ubsan-rel-tests,linux-x86-libfuzzer-asan-rel-tests,win-x64-libfuzzer-asan-rel-tests,mac-arm64-libfuzzer-asan-rel-tests
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6874570
Reviewed-by: Ali Hijazi <ahijazi@chromium.org>
Commit-Queue: Ali Hijazi <ahijazi@chromium.org>
Auto-Submit: Titouan Rigoudy <titouan@chromium.org>
Commit-Queue: Titouan Rigoudy <titouan@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1505090}
NOKEYCHECK=True
GitOrigin-RevId: 13cb2752311632dbfde8a72848de51460fd6f6e9
1 file changed
tree: d1bdf260d0a77a4f745b9bf29c6aeb2ad8c279fc
  1. fuzzer_support_ios/
  2. fuzzers/
  3. fuzzilli/
  4. proto/
  5. renderer_fuzzing/
  6. research/
  7. tests/
  8. AFL_integration.md
  9. archive_corpus.py
  10. BUILD.gn
  11. confirm_fuzztest_init.cc
  12. confirm_fuzztests.py
  13. dictionary_generator.py
  14. efficient_fuzzing.md
  15. fuzzer_test.gni
  16. fuzzing_browsertests.md
  17. fuzztest_init_helper.cc
  18. fuzztest_init_helper.h
  19. fuzztest_wrapper.cpp
  20. gen_fuzzer_config.py
  21. gen_fuzzer_owners.py
  22. getting_started.md
  23. getting_started_with_libfuzzer.md
  24. libfuzzer_exports.h
  25. libFuzzer_integration.md
  26. libprotobuf-mutator.md
  27. OWNERS
  28. README.md
  29. reference.md
  30. reproducing.md
  31. unittest_main.cc
  32. zip_sources.py
README.md

Fuzz testing in Chromium

go/chrome-fuzzing

Fuzzing is a testing technique that feeds auto-generated inputs to a piece of target code in an attempt to crash the code. It's one of the most effective methods we have for finding security and stability issues (see go/fuzzing-success). You can learn more about the benefits of fuzzing at go/why-fuzz.

This documentation covers the in-process guided fuzzing approach employed by different fuzzing engines, such as libFuzzer or [AFL]. To learn more about out-of-process fuzzers, please refer to the Blackbox fuzzing page in the ClusterFuzz documentation.

Getting Started

In Chromium, you can easily create and submit fuzz targets. The targets are automatically discovered by buildbots, built with different fuzzing engines, then uploaded to the distributed ClusterFuzz fuzzing system to run at scale.

You should fuzz any code which absorbs inputs from untrusted sources, such as the web. If the code parses, decodes, or otherwise manipulates that input, it's an especially good idea to fuzz it.

Create your first fuzz target and submit it by stepping through our Getting Started Guide.

Advanced Topics

Further Reading

Trophies

Other Links