Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update reproducing.md

This commit is contained in:
Kostya Serebryany 2016-11-18 17:20:49 -08:00 committed by GitHub
parent d0f5741b91
commit 9eee25479b
1 changed files with 6 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
docs/reproducing.md
View File

@ -1,10 +1,12 @@
# Reproducing OSS-Fuzz issues # Reproducing OSS-Fuzz issues
You've been CC'ed on an OSS-Fuzz issue ([examples](https://bugs.chromium.org/p/oss-fuzz/issues/list)), You've been CC'ed on an OSS-Fuzz issue
now what? ([examples](https://bugs.chromium.org/p/oss-fuzz/issues/list)), now what?
Before attempting a fix the bug you should be able to reliably reproduce it. Before attempting a fix the bug you should be able to reliably reproduce it.
Every issue has a reproducer file attached. Every issue has a reproducer file attached.
Download it. If the issue is not public, you will need to login using your Google account
that is CC-ed to the bug report.
This file contains the bytes that were fed to the [Fuzz Target](http://libfuzzer.info/#fuzz-target). This file contains the bytes that were fed to the [Fuzz Target](http://libfuzzer.info/#fuzz-target).
If you have [properly integrated](ideal_integration.md) the fuzz target with your build and test system If you have [properly integrated](ideal_integration.md) the fuzz target with your build and test system
@ -12,7 +14,7 @@ all you need is to download the reproducer file and run
``` ```
./fuzz_target_binary REPRODUCER_FILE ./fuzz_target_binary REPRODUCER_FILE
``` ```
Depending on the nature of the bug, the fuzz target binary needs to be build with the appropriate sanitizer Depending on the nature of the bug, the fuzz target binary needs to be built with the appropriate sanitizer
(e.g. if this is a buffer overflow, with [AddressSanitizer](http://clang.llvm.org/docs/AddressSanitizer.html)). (e.g. if this is a buffer overflow, with [AddressSanitizer](http://clang.llvm.org/docs/AddressSanitizer.html)).
**TODO** **TODO**
@ -20,34 +22,10 @@ Depending on the nature of the bug, the fuzz target binary needs to be build wit
Another option is to use the Docker commands (**TODO: link**) to replicate the exact build steps Another option is to use the Docker commands (**TODO: link**) to replicate the exact build steps
used by OSS-Fuzz and then feed the reproducer input to the target. used by OSS-Fuzz and then feed the reproducer input to the target.
## **TODO careate separate file with all docker commands**
([how?](installing_docker.md), [why?](faq.md#why-do-you-use-docker)), but ([how?](installing_docker.md), [why?](faq.md#why-do-you-use-docker)), but
is entirely possible to do without. is entirely possible to do without.
## **TODO Move into a separate file with docker commands**
## Bug tracker reports
Bug reports in our bug tracker have the format:
```
Detailed report: <link to ClusterFuzz report>
Target: target
Fuzzer: libFuzzer_target_fuzzer
Fuzzer binary: fuzzer
Job Type: libFuzzer_asan_libchewing
Crash Type: Heap-use-after-free
Crash Address: 0x1337
Crash State
Frame1
Frame2
Frame3
Regressed: <Regression range link>
Minimized Testcase (size): <Testcase download link>
```
Click the testcase download link to download the testcase (you may need to Click the testcase download link to download the testcase (you may need to
login, using the same Google account that you've been CC'ed with). The "Detailed login, using the same Google account that you've been CC'ed with). The "Detailed