oss-fuzz/docs/reference.md

1.5 KiB

Reference

Sanitizers

Fuzzers are usually built with one or more sanitizer enabled. You can select sanitizer configuration by specifying $SANITIZER build environment variable using -e option:

python infra/helper.py build_fuzzers --sanitizer undefined json

Supported sanitizers:

$SANITIZER Description
address (default) Address Sanitizer with Leak Sanitizer.
undefined Undefined Behavior Sanitizer.
memory Memory Sanitizer.
NOTE: It is critical that you build all the code in your program (including libraries it uses) with Memory Sanitizer. Otherwise, you will see false positive crashes due to an inability to see initializations in uninstrumented code.
profile Used for generating code coverage reports. See Code Coverage doc.

Compiler flag values for predefined configurations are specified in the Dockerfile. These flags can be overridden by specifying $SANITIZER_FLAGS directly.

You can choose which configurations to automatically run your fuzzers with in project.yaml file (e.g. sqlite3):

sanitizers:
  - address
  - undefined