Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update faq.md

This commit is contained in:
Kostya Serebryany 2017-03-01 21:57:48 -08:00 committed by GitHub
parent ebc9db5d0d
commit e7adc498b2
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/faq.md
View File

@ -78,10 +78,11 @@ you can search for contacts in the respective project.yaml file.
## What if my fuzzer does not find anything?
If your fuzz target is running for many days and does not find bugs or new coverage it may mean several things:
If your fuzz target is running for many days and does not find bugs or new coverage it, may mean several things:
- We've covered all reachable code. In order to cover more code we need more fuzz targets.
- The [seed corpus](new_project_guide.md#seed-corpus) is not good enough and the fuzzing engine(s) are not able to go deeper based on the existing seeds. Need to add more seeds.
- There is some crypto/crc stuff in the code that will prevent any fuzzing engine from going deeper, in which case the crypto should be disabled in [fuzzing mode](http://libfuzzer.info#fuzzer-friendly-build-mode). Examples: [openssl](https://github.com/openssl/openssl/tree/master/fuzz#reproducing-issues), [boringssl](https://boringssl.googlesource.com/boringssl/+/HEAD/FUZZING.md#Fuzzer-mode)
- It is also possible that the fuzzer is running too slow (you may check the speed of your targets at https://oss-fuzz.com/)
In either case, look at the [coverage reports](clusterfuzz.md#coverage-reports) for your target(s) and figure out why some parts of the code are not covered.