Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[docs] FAQ: fix honggfuzz info and add a question about corpora use. (#3410)

This commit is contained in:
Max Moroz 2020-02-19 15:27:58 -08:00 committed by GitHub
parent 6cd7db7758
commit 4d8c828789
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
docs/faq.md
View File

@ -54,7 +54,6 @@ your own environment and run continuously at scale.
OSS-Fuzz is a production instance of ClusterFuzz, plus the code living in OSS-Fuzz is a production instance of ClusterFuzz, plus the code living in
[OSS-Fuzz repository]: build scripts, `project.yaml` files with contacts, etc. [OSS-Fuzz repository]: build scripts, `project.yaml` files with contacts, etc.
[ClusterFuzz]: https://github.com/google/clusterfuzz
[OSS-Fuzz repository]: https://github.com/google/oss-fuzz [OSS-Fuzz repository]: https://github.com/google/oss-fuzz
## Why do you use a [different issue tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list) for reporting bugs in OSS projects? ## Why do you use a [different issue tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list) for reporting bugs in OSS projects?
@ -163,23 +162,25 @@ target (instructions to download
restore it to the new GCS location later (instruction to find the restore it to the new GCS location later (instruction to find the
new location [here]({{ site.baseurl }}/advanced-topics/corpora/#viewing-the-corpus-for-a-fuzz-target)). new location [here]({{ site.baseurl }}/advanced-topics/corpora/#viewing-the-corpus-for-a-fuzz-target)).
## Does OSS-Fuzz support AFL? ## Does OSS-Fuzz support AFL or honggfuzz?
OSS-Fuzz *uses* [AFL](http://lcamtuf.coredump.cx/afl/) as one of its OSS-Fuzz *uses* both [AFL](http://lcamtuf.coredump.cx/afl/) and
[fuzzing engines]({{ site.baseurl }}/reference/glossary/#fuzzing-engine) but this is an implementation [honggfuzz](https://github.com/google/honggfuzz)
detail. Just follow the [fuzzing engines]({{ site.baseurl }}/reference/glossary/#fuzzing-engine).
Follow the
[ideal integration guide]({{ site.baseurl }}/advanced-topics/ideal-integration/) [ideal integration guide]({{ site.baseurl }}/advanced-topics/ideal-integration/)
and OSS-Fuzz will use all its fuzzing engines on your code. and OSS-Fuzz will use all its fuzzing engines on your code.
## Does OSS-Fuzz support Honggfuzz?
OSS-Fuzz (the service) does not use honggfuzz to find bugs.
That is because [ClusterFuzz](https://github.com/google/clusterfuzz)
(the infrastructure OSS-Fuzz runs on) does not support honggfuzz.
However, OSS-Fuzz supports **building** fuzz targets for use with honggfuzz,
similar to the way it supports [AFL](#does-oss-fuzz-support-afl).
Currently OSS-Fuzz builders do builds for libFuzzer, AFL, and honggfuzz.
## What are the specs on your machines? ## What are the specs on your machines?
OSS-Fuzz builders have 32CPU/28.8GB RAM. OSS-Fuzz builders have 32CPU/28.8GB RAM.
Fuzzing machines only have a single core and fuzz targets should not use more Fuzzing machines only have a single core and fuzz targets should not use more
than 2.5GB of RAM. than 2.5GB of RAM.
## Are there any restrictions on using test cases / corpora generated by OSS-Fuzz?
No, you can freely use (i.e. share, add to your repo, etc.) the test cases and
corpora generated by OSS-Fuzz. OSS-Fuzz infrastructure is fully open source
(including [ClusterFuzz], various fuzzing engines, and other dependencies). We
have no intent to restrict the use of the artifacts produced by OSS-Fuzz.
[ClusterFuzz]: https://github.com/google/clusterfuzz