OSS-Fuzz - continuous fuzzing for open source software.

fuzzing fuzz-testing oss-fuzz security stability starred-google-repo starred-repo vulnerabilities

Go to file

Hasnain Lakhani 54c35a54ef [proxygen] Re-enable AFL; change build script to put libunwind in the generated directory and make the fuzzer find it (#2872 ) I'm re-enabling AFL since the issue with gmock's main being present was fixed in `e8616a31f4` This libunwind changes solve the issues we were seeing with the fuzzers not running in the clusterfuzz bot environment. What this PR does, roughly: * Copy the .so from the build image into `/out/lib` * Patch the binaries so they have an rpath which specifies looking in `/out/lib` for libraries in addition to the normal search path This will work assuming `/out/lib` is copied over in the bot environment and is available. I'm relying on code reviewers to let me know if this is true or not. If not, it should be an easy path update. Test plan: Verifying the AFL build was easy: python infra/helper.py build_fuzzers --sanitizer address --engine afl proxygen python infra/helper.py check_build --engine afl proxygen python infra/helper.py run_fuzzer --engine afl proxygen ProxygenHTTP1xFuzzer I verified the libunwind changes by using the shell command (thanks for the tip, didn't know that was there!). I first built the binary using this build script. I then used `python infra/helper.py shell --sanitizer address proxygen` In the shell, I: * Ran `/out/ProxygenHTTP1xFuzzer` and verified it worked * Ran `ldd` on it and showed it pointed to `/out/lib` for `libunwind.so.8` * Uninstalled libunwind * Verified it still worked * Used `patchelf --print-rpath ProxygenHTTP1xFuzzer` to verify that the rpath was set as I expected (inside `/out/lib`) * Removed the patch using `patchelf --remove-rpath to_patch` * Verified that the fuzzer no longer runs (crashes on startup, complaining about missing `libunwind.so.8`) * I verified that the binary still finds the system one if rpath isn't set, by reinstalling it, using `patchelf --print-rpath` again, verifying that it prints the path to the system `libunwind` when I run `ldd`, and that the fuzzer runs fine. This implies it can find other system libraries fine too (and I saw that in the `ldd` output) I don't think I can do any further testing, so we will just have to hope that this works in the bot environment.		2019-09-21 20:08:51 -07:00
docs	[docs] Add "Integrating a Go project" documentation page (#2714 ). (#2837 )	2019-09-17 07:15:22 -07:00
infra	[infra] Skip code coverage job for gofuzz projects (#2714 ). (#2818 )	2019-09-09 08:47:58 -07:00
projects	[proxygen] Re-enable AFL; change build script to put libunwind in the generated directory and make the fuzzer find it (#2872 )	2019-09-21 20:08:51 -07:00
.gitignore	[infra] replacing wget with ADD where possible	2016-12-28 14:09:09 -08:00
.travis.yml	don't use travis_wait (#2867 )	2019-09-20 11:24:02 -07:00
CONTRIBUTING	Other projects use the notation GitHub, but this project was fixed as Github. (#1377 )	2018-04-29 19:04:09 -07:00
LICENSE	Create LICENSE	2016-10-03 12:24:25 -07:00
README.md	Document i386 fuzzing (#2704 )	2019-08-19 14:07:33 -07:00
oss-fuzz.iml	Add jekyll generator for docs. (#2660 )	2019-08-06 13:29:19 -07:00

README.md

OSS-Fuzz: Continuous Fuzzing for Open Source Software

Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community.

In cooperation with the Core Infrastructure Initiative, OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution.

We support the libFuzzer and AFL fuzzing engines in combination with Sanitizers, as well as ClusterFuzz, a distributed fuzzer execution environment and reporting tool.

Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.

Overview

Documentation

Read our detailed documentation to learn how to use OSS-Fuzz.

Trophies

As of August 2019, OSS-Fuzz has found over 14,000 bugs in 200 open source projects.

Blog posts

2016-12-01 - Announcing OSS-Fuzz: Continuous fuzzing for open source software
2017-05-08 - OSS-Fuzz: Five months later, and rewarding projects
2018-11-06 - A New Chapter for OSS-Fuzz