oss-fuzz/docs/index.md

---
layout: default
title: OSS-Fuzz
permalink: /
nav_order: 1
has_children: true
has_toc: false
---

# OSS-Fuzz

[Fuzz testing] is a well-known technique for uncovering programming errors in
software. Many of these detectable errors, like [buffer overflow], can have
serious security implications. Google has found [thousands] of security
vulnerabilities and stability bugs by deploying [guided in-process fuzzing of
Chrome components], and we now want to share that service with the open source
community.

[Fuzz testing]: https://en.wikipedia.org/wiki/Fuzz_testing
[buffer overflow]: https://en.wikipedia.org/wiki/Buffer_overflow
[thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1
[guided in-process fuzzing of Chrome components]: https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html

In cooperation with the [Core Infrastructure Initiative] and the [OpenSSF],
OSS-Fuzz aims to make common open source software more secure and stable by
combining modern fuzzing techniques with scalable, distributed execution.
Projects that do not qualify for OSS-Fuzz (e.g. closed source) can run their own
instances of [ClusterFuzz] or [ClusterFuzzLite].

[Core Infrastructure Initiative]: https://www.coreinfrastructure.org/
[OpenSSF]: https://www.openssf.org/

We support the [libFuzzer], [AFL++], [Honggfuzz], and [Centipede] fuzzing engines in
combination with [Sanitizers], as well as [ClusterFuzz], a distributed fuzzer
execution environment and reporting tool.

[libFuzzer]: https://llvm.org/docs/LibFuzzer.html
[AFL++]: https://github.com/AFLplusplus/AFLplusplus
[Honggfuzz]: https://github.com/google/honggfuzz
[Centipede]: https://github.com/google/centipede
[Sanitizers]: https://github.com/google/sanitizers
[ClusterFuzz]: https://github.com/google/clusterfuzz
[ClusterFuzzLite]: https://google.github.io/clusterfuzzlite/

Currently, OSS-Fuzz supports C/C++, Rust, Go, Python and Java/JVM code. Other
languages supported by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64
and i386 builds.

[LLVM]: https://llvm.org


## Project history
OSS-Fuzz was launched in 2016 in response to the
[Heartbleed] vulnerability, discovered in [OpenSSL], one of the
most popular open source projects for encrypting web traffic. The vulnerability
had the potential to affect almost every internet user, yet was caused by a
relatively simple memory buffer overflow bug that could have been detected by
fuzzing—that is, by running the code on randomized inputs to intentionally cause
unexpected behaviors or crashes. At the time, though, fuzzing
was not widely used and was cumbersome for developers, requiring extensive
manual effort.

Google created OSS-Fuzz to fill this gap: it's a free service that runs fuzzers
for open source projects and privately alerts developers to the bugs detected.
Since its launch, OSS-Fuzz has become a critical service for the open source
community, growing beyond C/C++ to
detect problems in memory-safe languages such as Go, Rust, and Python.

[Heartbleed]: https://heartbleed.com/ 
[OpenSSL]: https://www.openssl.org/

## Learn more about fuzzing

This documentation describes how to use OSS-Fuzz service for your open source
project. To learn more about fuzzing in general, we recommend reading [libFuzzer
tutorial] and the other docs in [google/fuzzing] repository. These and some
other resources are listed on the [useful links] page.

[google/fuzzing]: https://github.com/google/fuzzing/tree/master/docs
[libFuzzer tutorial]: https://github.com/google/fuzzing/blob/master/tutorial/libFuzzerTutorial.md
[useful links]: {{ site.baseurl }}/reference/useful-links/#tutorials

## Trophies
As of August 2023, OSS-Fuzz has helped identify and fix over [10,000] vulnerabilities and [36,000] bugs across [1,000] projects.

[10,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=Type%3DBug-Security%20label%3Aclusterfuzz%20-status%3ADuplicate%2CWontFix&can=1
[36,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=Type%3DBug%20label%3Aclusterfuzz%20-status%3ADuplicate%2CWontFix&can=1
[1,000]: https://github.com/google/oss-fuzz/tree/master/projects
Add jekyll generator for docs. (#2660) * Add jekyll generator for docs. * Add content for index.md 2019-08-06 20:29:19 +00:00			`---`
			`layout: default`
			`title: OSS-Fuzz`
			`permalink: /`
			`nav_order: 1`
			`has_children: true`
[Docs] Clarify fuzzing process and new projects procedure (#2673) 2019-08-09 19:24:43 +00:00			`has_toc: false`
Add jekyll generator for docs. (#2660) * Add jekyll generator for docs. * Add content for index.md 2019-08-06 20:29:19 +00:00			`---`

			`# OSS-Fuzz`

Delete unnecessary files and fix format in some MD pages (#4115) * style: Clean up the repo * Bolster the `.gitignore` * Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80 characters and seperate links for readability * Remove pesky Unicode dash in `CONTRIBUTING.md` * Remove `.DS_STORE` files * Rename `#project.yaml#` to something logical and enable stntax highlighting * Updates from reviewers * Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim temporary files * Apply markdown style to `docs/index.md` * small comma grammatical change * http -> https 2020-07-16 22:27:29 +00:00			`[Fuzz testing] is a well-known technique for uncovering programming errors in`
			`software. Many of these detectable errors, like [buffer overflow], can have`
			`serious security implications. Google has found [thousands] of security`
			`vulnerabilities and stability bugs by deploying [guided in-process fuzzing of`
			`Chrome components], and we now want to share that service with the open source`
			`community.`

			`[Fuzz testing]: https://en.wikipedia.org/wiki/Fuzz_testing`
			`[buffer overflow]: https://en.wikipedia.org/wiki/Buffer_overflow`
[docs] Change "hundreds of bugs" to "thousands of bugs" :) (#2674) * [docs] Change "hundreds of bugs" to "thousands of bugs" :) * include AFL crashes too 2019-08-09 19:35:14 +00:00			`[thousands]: https://bugs.chromium.org/p/chromium/issues/list?q=label%3AStability-LibFuzzer%2CStability-AFL%20-status%3ADuplicate%2CWontFix&can=1`
Delete unnecessary files and fix format in some MD pages (#4115) * style: Clean up the repo * Bolster the `.gitignore` * Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80 characters and seperate links for readability * Remove pesky Unicode dash in `CONTRIBUTING.md` * Remove `.DS_STORE` files * Rename `#project.yaml#` to something logical and enable stntax highlighting * Updates from reviewers * Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim temporary files * Apply markdown style to `docs/index.md` * small comma grammatical change * http -> https 2020-07-16 22:27:29 +00:00			`[guided in-process fuzzing of Chrome components]: https://security.googleblog.com/2016/08/guided-in-process-fuzzing-of-chrome.html`

Update docs, add python support. (#4878) 2020-12-21 21:43:26 +00:00			`In cooperation with the [Core Infrastructure Initiative] and the [OpenSSF],`
			`OSS-Fuzz aims to make common open source software more secure and stable by`
			`combining modern fuzzing techniques with scalable, distributed execution.`
[ClusterFuzzLite] Support local runs (#6987) 2022-01-19 22:24:47 +00:00			`Projects that do not qualify for OSS-Fuzz (e.g. closed source) can run their own`
			`instances of [ClusterFuzz] or [ClusterFuzzLite].`
Delete unnecessary files and fix format in some MD pages (#4115) * style: Clean up the repo * Bolster the `.gitignore` * Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80 characters and seperate links for readability * Remove pesky Unicode dash in `CONTRIBUTING.md` * Remove `.DS_STORE` files * Rename `#project.yaml#` to something logical and enable stntax highlighting * Updates from reviewers * Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim temporary files * Apply markdown style to `docs/index.md` * small comma grammatical change * http -> https 2020-07-16 22:27:29 +00:00
			`[Core Infrastructure Initiative]: https://www.coreinfrastructure.org/`
Update docs, add python support. (#4878) 2020-12-21 21:43:26 +00:00			`[OpenSSF]: https://www.openssf.org/`
Delete unnecessary files and fix format in some MD pages (#4115) * style: Clean up the repo * Bolster the `.gitignore` * Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80 characters and seperate links for readability * Remove pesky Unicode dash in `CONTRIBUTING.md` * Remove `.DS_STORE` files * Rename `#project.yaml#` to something logical and enable stntax highlighting * Updates from reviewers * Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim temporary files * Apply markdown style to `docs/index.md` * small comma grammatical change * http -> https 2020-07-16 22:27:29 +00:00
Centipede integration (#8046) * Add Centipede as a fuzzer * Specify dictionary param of Centipede * Update docs * Mark Centipede as experimental * More accurate description * Remove garbage * Simplify code * Move mkdir to dockerfile * Add the weak.c trick * Install deps with Centipede's script & uninstall new deps * Fix doc * Reuse libweak_sancov_stubs.so * Reorganise flags * format * Consistent file type * Reuse the weak references defined in Centipede * Replace the shared library of weak symbols with a static one * Correct the place to call mkdir * Allow 2G of SHM for Centipede * Create dirs in run_fuzzer * Keep Centipede up-to-date * Avoid duplicating Centipede's binary * The params of Centipede and their explanations * The engine info of centipede * Save the target binary (with san) in a subdir of the project * Set the target (with san) dir in check_build * Create the target (with san) first to avoid side-effects * Fic clone * Fix format * Add periods * Fix comments * Fix dirs * Fix parameters * Adding Centipede as a fuzzing engine for Scarecrow * Add CI support * Represent sanitizer with a variable * Remove the unnecessary definition of FUZZER_OUT * Reorganise binary directories * format * A minor note * Present issues with dirs that alread exist * Use os.path.join to join path * Make a function to get the out/ in check build * Reusing existing flags in .bazel * Avoid hardcoding sanitizer, set rss_limit_mb=4096, leave address_space_limit_mb disabled * Better ways to add bazel build options * A better way to add bazel flags * Remove redundant --bazelrc * Better Cohesion * Avoid code duplication * Simplify code * Exit on crash 2022-09-06 02:34:58 +00:00			`We support the [libFuzzer], [AFL++], [Honggfuzz], and [Centipede] fuzzing engines in`
Delete unnecessary files and fix format in some MD pages (#4115) * style: Clean up the repo * Bolster the `.gitignore` * Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80 characters and seperate links for readability * Remove pesky Unicode dash in `CONTRIBUTING.md` * Remove `.DS_STORE` files * Rename `#project.yaml#` to something logical and enable stntax highlighting * Updates from reviewers * Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim temporary files * Apply markdown style to `docs/index.md` * small comma grammatical change * http -> https 2020-07-16 22:27:29 +00:00			`combination with [Sanitizers], as well as [ClusterFuzz], a distributed fuzzer`
			`execution environment and reporting tool.`
[docs] Change "hundreds of bugs" to "thousands of bugs" :) (#2674) * [docs] Change "hundreds of bugs" to "thousands of bugs" :) * include AFL crashes too 2019-08-09 19:35:14 +00:00
Delete unnecessary files and fix format in some MD pages (#4115) * style: Clean up the repo * Bolster the `.gitignore` * Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80 characters and seperate links for readability * Remove pesky Unicode dash in `CONTRIBUTING.md` * Remove `.DS_STORE` files * Rename `#project.yaml#` to something logical and enable stntax highlighting * Updates from reviewers * Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim temporary files * Apply markdown style to `docs/index.md` * small comma grammatical change * http -> https 2020-07-16 22:27:29 +00:00			`[libFuzzer]: https://llvm.org/docs/LibFuzzer.html`
Use afl++ in docs. (#5049) 2021-01-26 23:28:08 +00:00			`[AFL++]: https://github.com/AFLplusplus/AFLplusplus`
Delete unnecessary files and fix format in some MD pages (#4115) * style: Clean up the repo * Bolster the `.gitignore` * Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80 characters and seperate links for readability * Remove pesky Unicode dash in `CONTRIBUTING.md` * Remove `.DS_STORE` files * Rename `#project.yaml#` to something logical and enable stntax highlighting * Updates from reviewers * Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim temporary files * Apply markdown style to `docs/index.md` * small comma grammatical change * http -> https 2020-07-16 22:27:29 +00:00			`[Honggfuzz]: https://github.com/google/honggfuzz`
Centipede integration (#8046) * Add Centipede as a fuzzer * Specify dictionary param of Centipede * Update docs * Mark Centipede as experimental * More accurate description * Remove garbage * Simplify code * Move mkdir to dockerfile * Add the weak.c trick * Install deps with Centipede's script & uninstall new deps * Fix doc * Reuse libweak_sancov_stubs.so * Reorganise flags * format * Consistent file type * Reuse the weak references defined in Centipede * Replace the shared library of weak symbols with a static one * Correct the place to call mkdir * Allow 2G of SHM for Centipede * Create dirs in run_fuzzer * Keep Centipede up-to-date * Avoid duplicating Centipede's binary * The params of Centipede and their explanations * The engine info of centipede * Save the target binary (with san) in a subdir of the project * Set the target (with san) dir in check_build * Create the target (with san) first to avoid side-effects * Fic clone * Fix format * Add periods * Fix comments * Fix dirs * Fix parameters * Adding Centipede as a fuzzing engine for Scarecrow * Add CI support * Represent sanitizer with a variable * Remove the unnecessary definition of FUZZER_OUT * Reorganise binary directories * format * A minor note * Present issues with dirs that alread exist * Use os.path.join to join path * Make a function to get the out/ in check build * Reusing existing flags in .bazel * Avoid hardcoding sanitizer, set rss_limit_mb=4096, leave address_space_limit_mb disabled * Better ways to add bazel build options * A better way to add bazel flags * Remove redundant --bazelrc * Better Cohesion * Avoid code duplication * Simplify code * Exit on crash 2022-09-06 02:34:58 +00:00			`[Centipede]: https://github.com/google/centipede`
Delete unnecessary files and fix format in some MD pages (#4115) * style: Clean up the repo * Bolster the `.gitignore` * Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80 characters and seperate links for readability * Remove pesky Unicode dash in `CONTRIBUTING.md` * Remove `.DS_STORE` files * Rename `#project.yaml#` to something logical and enable stntax highlighting * Updates from reviewers * Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim temporary files * Apply markdown style to `docs/index.md` * small comma grammatical change * http -> https 2020-07-16 22:27:29 +00:00			`[Sanitizers]: https://github.com/google/sanitizers`
			`[ClusterFuzz]: https://github.com/google/clusterfuzz`
[ClusterFuzzLite] Support local runs (#6987) 2022-01-19 22:24:47 +00:00			`[ClusterFuzzLite]: https://google.github.io/clusterfuzzlite/`
Add jekyll generator for docs. (#2660) * Add jekyll generator for docs. * Add content for index.md 2019-08-06 20:29:19 +00:00
Add docs for Java/JVM fuzzing (#5298) Related: https://github.com/google/oss-fuzz/issues/5178 2021-03-05 15:22:24 +00:00			`Currently, OSS-Fuzz supports C/C++, Rust, Go, Python and Java/JVM code. Other`
			`languages supported by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64`
			`and i386 builds.`
Add jekyll generator for docs. (#2660) * Add jekyll generator for docs. * Add content for index.md 2019-08-06 20:29:19 +00:00
Delete unnecessary files and fix format in some MD pages (#4115) * style: Clean up the repo * Bolster the `.gitignore` * Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80 characters and seperate links for readability * Remove pesky Unicode dash in `CONTRIBUTING.md` * Remove `.DS_STORE` files * Rename `#project.yaml#` to something logical and enable stntax highlighting * Updates from reviewers * Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim temporary files * Apply markdown style to `docs/index.md` * small comma grammatical change * http -> https 2020-07-16 22:27:29 +00:00			`[LLVM]: https://llvm.org`
Add jekyll generator for docs. (#2660) * Add jekyll generator for docs. * Add content for index.md 2019-08-06 20:29:19 +00:00
Olivekl add project history (#10841) Add two paragraphs from blog post (https://security.googleblog.com/2022/09/fuzzing-beyond-memory-corruption.html) explaining the project's history. 2023-08-15 19:17:37 +00:00
			`## Project history`
			`OSS-Fuzz was launched in 2016 in response to the`
			`[Heartbleed] vulnerability, discovered in [OpenSSL], one of the`
			`most popular open source projects for encrypting web traffic. The vulnerability`
			`had the potential to affect almost every internet user, yet was caused by a`
			`relatively simple memory buffer overflow bug that could have been detected by`
			`fuzzing—that is, by running the code on randomized inputs to intentionally cause`
			`unexpected behaviors or crashes. At the time, though, fuzzing`
			`was not widely used and was cumbersome for developers, requiring extensive`
			`manual effort.`

			`Google created OSS-Fuzz to fill this gap: it's a free service that runs fuzzers`
			`for open source projects and privately alerts developers to the bugs detected.`
			`Since its launch, OSS-Fuzz has become a critical service for the open source`
			`community, growing beyond C/C++ to`
			`detect problems in memory-safe languages such as Go, Rust, and Python.`

			`[Heartbleed]: https://heartbleed.com/`
			`[OpenSSL]: https://www.openssl.org/`

[docs] Update the main docs page to mention fuzzing docs. (#3220) * [docs] Update the main docs page to mention fuzzing docs. * Add an FAQ entry too * update the main readme and move the faq question up 2020-01-13 01:14:20 +00:00			`## Learn more about fuzzing`

Delete unnecessary files and fix format in some MD pages (#4115) * style: Clean up the repo * Bolster the `.gitignore` * Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80 characters and seperate links for readability * Remove pesky Unicode dash in `CONTRIBUTING.md` * Remove `.DS_STORE` files * Rename `#project.yaml#` to something logical and enable stntax highlighting * Updates from reviewers * Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim temporary files * Apply markdown style to `docs/index.md` * small comma grammatical change * http -> https 2020-07-16 22:27:29 +00:00			`This documentation describes how to use OSS-Fuzz service for your open source`
			`project. To learn more about fuzzing in general, we recommend reading [libFuzzer`
			`tutorial] and the other docs in [google/fuzzing] repository. These and some`
			`other resources are listed on the [useful links] page.`
[docs] Update the main docs page to mention fuzzing docs. (#3220) * [docs] Update the main docs page to mention fuzzing docs. * Add an FAQ entry too * update the main readme and move the faq question up 2020-01-13 01:14:20 +00:00
			`[google/fuzzing]: https://github.com/google/fuzzing/tree/master/docs`
			`[libFuzzer tutorial]: https://github.com/google/fuzzing/blob/master/tutorial/libFuzzerTutorial.md`
Delete unnecessary files and fix format in some MD pages (#4115) * style: Clean up the repo * Bolster the `.gitignore` * Follow `CONTRIBUTING.md` guidelines and wrap `README.md` to 80 characters and seperate links for readability * Remove pesky Unicode dash in `CONTRIBUTING.md` * Remove `.DS_STORE` files * Rename `#project.yaml#` to something logical and enable stntax highlighting * Updates from reviewers * Greatly reduce `.gitignore` to only macOS `.DS_Store` and Vim temporary files * Apply markdown style to `docs/index.md` * small comma grammatical change * http -> https 2020-07-16 22:27:29 +00:00			`[useful links]: {{ site.baseurl }}/reference/useful-links/#tutorials`
[docs] Update the main docs page to mention fuzzing docs. (#3220) * [docs] Update the main docs page to mention fuzzing docs. * Add an FAQ entry too * update the main readme and move the faq question up 2020-01-13 01:14:20 +00:00
Add jekyll generator for docs. (#2660) * Add jekyll generator for docs. * Add content for index.md 2019-08-06 20:29:19 +00:00			`## Trophies`
Olivekl add project history (#10841) Add two paragraphs from blog post (https://security.googleblog.com/2022/09/fuzzing-beyond-memory-corruption.html) explaining the project's history. 2023-08-15 19:17:37 +00:00			`As of August 2023, OSS-Fuzz has helped identify and fix over [10,000] vulnerabilities and [36,000] bugs across [1,000] projects.`
Update docs, add python support. (#4878) 2020-12-21 21:43:26 +00:00
Olivekl add project history (#10841) Add two paragraphs from blog post (https://security.googleblog.com/2022/09/fuzzing-beyond-memory-corruption.html) explaining the project's history. 2023-08-15 19:17:37 +00:00			`[10,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=Type%3DBug-Security%20label%3Aclusterfuzz%20-status%3ADuplicate%2CWontFix&can=1`
			`[36,000]: https://bugs.chromium.org/p/oss-fuzz/issues/list?q=Type%3DBug%20label%3Aclusterfuzz%20-status%3ADuplicate%2CWontFix&can=1`
			`[1,000]: https://github.com/google/oss-fuzz/tree/master/projects`