OSS-Fuzz - continuous fuzzing for open source software.

fuzzing fuzz-testing oss-fuzz security stability starred-google-repo starred-repo vulnerabilities

Go to file

Victor Costan 6af0e55ecd leveldb: Fuzzer improvements. (#4837 ) * Stop when opening a database fails. This will avoid null pointer dereferences. * Use C++11 smart pointers for leveldb::DB and leveldb::Iterator. This makes it easier to ensure the fuzzer doesn't leak memory. No leak was detected while applying this fix. * Use the FuzzedDataProvider API exclusively for consuming data. This makes it easier to ensure maximum fuzzer coverage. * Avoid building unnecessary code (tests, benchmarks). This slightly reduces oss-fuzz resource usage. * Use an enum class and FuzzedDataProvider::ConsumeEnum() instead of reimplementing it. This makes it easier to extend the fuzzer with new operations in the future. * Use meaningful names (key, value, name) instead of tmp* for local variables storing leveldb API inputs.		2020-12-14 14:46:37 +11:00
.github/workflows	Revert msan patch (#4788 )	2020-12-04 19:44:46 -08:00
docs	Fix symbolization for python targets. (#4836 )	2020-12-13 15:07:28 -08:00
infra	Copy llvm-symbolizer in $OUT, needed for python targets. (#4832 )	2020-12-12 18:58:59 -08:00
projects	leveldb: Fuzzer improvements. (#4837 )	2020-12-14 14:46:37 +11:00
.dockerignore	Reland `55d9a81`. (#4269 )	2020-08-06 14:33:08 -07:00
.gitignore	Delete unnecessary files and fix format in some MD pages (#4115 )	2020-07-16 15:27:29 -07:00
.pylintrc	Revert msan patch (#4788 )	2020-12-04 19:44:46 -08:00
.style.yapf	[infra] Add presubmit script (#3196 )	2020-01-10 10:19:42 -08:00
CONTRIBUTING.md	Delete unnecessary files and fix format in some MD pages (#4115 )	2020-07-16 15:27:29 -07:00
LICENSE	Create LICENSE	2016-10-03 12:24:25 -07:00
README.md	Update links and blog posts. (#4833 )	2020-12-13 09:10:51 -08:00
oss-fuzz.iml	Add jekyll generator for docs. (#2660 )	2019-08-06 13:29:19 -07:00

README.md

OSS-Fuzz: Continuous Fuzzing for Open Source Software

Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community.

In cooperation with the Core Infrastructure Initiative and the OpenSSF, OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution.

We support the libFuzzer, AFL, and Honggfuzz fuzzing engines in combination with Sanitizers, as well as ClusterFuzz, a distributed fuzzer execution environment and reporting tool.

Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.

Overview

Documentation

Read our detailed documentation to learn how to use OSS-Fuzz.

Trophies

As of June 2020, OSS-Fuzz has found over 20,000 bugs in 300 open source projects.

Blog posts

2016-12-01 - Announcing OSS-Fuzz: Continuous fuzzing for open source software
2017-05-08 - OSS-Fuzz: Five months later, and rewarding projects
2018-11-06 - A New Chapter for OSS-Fuzz
2020-10-09 - Fuzzing internships for Open Source Software
2020-12-07 - Improving open source security during the Google summer internship program