|
You can run the tests over the corpus with a "regular" build, then
$ fuzzing/fuzz-input ../fuzzing/IN/*
Or building with fuzzing enabled, and running:
$ CFLAGS="-fsanitize=fuzzer" CC=clang CXX=clang++ meson -Db_lundef=false
$ fuzzing/fuzz-input ../fuzzing/IN
I have an initial corpus which was generated by running fuzz-input for
a few hours starting with qemu.pkt, which is the first packet sent by
qemu. Sadly, it only covers 25%... I tried to increase the coverage
manually, see for example tftp-get-blah.pkt, but that's not so simple,
as multiple packets may be required to setup a session etc.
Neverthess, the fuzzing already found a few issues, so it might be
worth to add it in this current form.
fuzzing/oss-fuzz.sh is used by oss-fuzz, for Google fuzzing.
(see documentation if you want to reproduce the build locally)
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
