glib/fuzzing/README.md

Fuzz targets used by [oss-fuzz](https://github.com/google/oss-fuzz/).

Useful links: [Dashboard](https://oss-fuzz.com/) _(requires access)_, [Build logs](https://oss-fuzz-build-logs.storage.googleapis.com/index.html), [Coverage](https://oss-fuzz.com/coverage-report/job/libfuzzer_asan_glib/latest)

## How to add new targets

Add **fuzz_target_name.c** and edit `meson.build` accordingly.

New targets are picked up by oss-fuzz automatically within a day. Targets must not be renamed once added.

Add (optional) **fuzz_target_name.dict** containing keywords and magic bytes.

Add (optional) **fuzz_target_name.corpus** with file names on separate lines. Wildcards `?`, `*` and `**` are supported. Examples below.

```bash
glib/*  # all files in directory glib
glib/** # all files in directory glib and sub-directories
**.xbel # all files ending with .xbel in the repository
```

Recommended reading: [Fuzz Target](https://llvm.org/docs/LibFuzzer.html#fuzz-target), [Dictionaries](https://llvm.org/docs/LibFuzzer.html#dictionaries), [Corpus](https://llvm.org/docs/LibFuzzer.html#corpus)

## How to reproduce oss-fuzz bugs locally

Build with at least the following flags, choosing a sanitizer as needed. A somewhat recent version of [clang](http://clang.llvm.org/) is recommended.

```bash
$ CC=clang CXX=clang++ meson DIR -Db_sanitize=<address|undefined> -Db_lundef=false
```

Afterwards run the affected target against the provided test case.

```bash
$ DIR/fuzzing/fuzz_target_name FILE
```

#### FAQs

###### What about Memory Sanitizer (MSAN)?

Correct MSAN instrumentation is [difficult to achieve](https://clang.llvm.org/docs/MemorySanitizer.html#handling-external-code) locally, so false positives are very likely to mask the actual bug.

If need be, [you can still reproduce](https://google.github.io/oss-fuzz/advanced-topics/reproducing/#building-using-docker) those bugs with the oss-fuzz provided docker images.

###### There are no file/function names in the stack trace.

`llvm-symbolizer` must be in `PATH`.

###### UndefinedBehavior Sanitizer (UBSAN) doesn't provide a stack trace.

Set environment variable `UBSAN_OPTIONS` to `print_stacktrace=1` prior to running the target.
Integrate oss-fuzz targets 2018-10-11 02:02:03 +02:00			`Fuzz targets used by [oss-fuzz](https://github.com/google/oss-fuzz/).`

Fix oss-fuzz coverage link 2020-02-15 09:23:25 +01:00			`Useful links: [Dashboard](https://oss-fuzz.com/) _(requires access)_, [Build logs](https://oss-fuzz-build-logs.storage.googleapis.com/index.html), [Coverage](https://oss-fuzz.com/coverage-report/job/libfuzzer_asan_glib/latest)`
Add useful links to fuzzing README 2018-10-11 22:11:00 +02:00
Integrate oss-fuzz targets 2018-10-11 02:02:03 +02:00			`## How to add new targets`

			Add fuzz_target_name.c and edit `meson.build` accordingly.

			`New targets are picked up by oss-fuzz automatically within a day. Targets must not be renamed once added.`

			`Add (optional) fuzz_target_name.dict containing keywords and magic bytes.`

			Add (optional) fuzz_target_name.corpus with file names on separate lines. Wildcards `?`, `` and `*` are supported. Examples below.

			```bash
			`glib/* # all files in directory glib`
			`glib/** # all files in directory glib and sub-directories`
			`**.xbel # all files ending with .xbel in the repository`
			```

			`Recommended reading: [Fuzz Target](https://llvm.org/docs/LibFuzzer.html#fuzz-target), [Dictionaries](https://llvm.org/docs/LibFuzzer.html#dictionaries), [Corpus](https://llvm.org/docs/LibFuzzer.html#corpus)`

			`## How to reproduce oss-fuzz bugs locally`

			`Build with at least the following flags, choosing a sanitizer as needed. A somewhat recent version of [clang](http://clang.llvm.org/) is recommended.`

			```bash
			`$ CC=clang CXX=clang++ meson DIR -Db_sanitize=<address\|undefined> -Db_lundef=false`
			```

			`Afterwards run the affected target against the provided test case.`

			```bash
			`$ DIR/fuzzing/fuzz_target_name FILE`
			```

			`#### FAQs`

			`###### What about Memory Sanitizer (MSAN)?`

			`Correct MSAN instrumentation is [difficult to achieve](https://clang.llvm.org/docs/MemorySanitizer.html#handling-external-code) locally, so false positives are very likely to mask the actual bug.`

docs: Update various external links to use HEAD instead of master Update several links to allow the remote to use its configured default branch name, rather than specifying `master` as the default branch name. This will help avoid breakage if any of these projects rename their default branch in the future. Fix a few of the links where they were hitting redirects or had moved. Signed-off-by: Philip Withnall <pwithnall@endlessos.org> Helps: #2348 2021-06-07 14:16:50 +02:00			`If need be, [you can still reproduce](https://google.github.io/oss-fuzz/advanced-topics/reproducing/#building-using-docker) those bugs with the oss-fuzz provided docker images.`
Integrate oss-fuzz targets 2018-10-11 02:02:03 +02:00
			`###### There are no file/function names in the stack trace.`

			`llvm-symbolizer` must be in `PATH`.

			`###### UndefinedBehavior Sanitizer (UBSAN) doesn't provide a stack trace.`

			Set environment variable `UBSAN_OPTIONS` to `print_stacktrace=1` prior to running the target.