oss-fuzz

History

Jay Berkenbilt f858510cbe Qpdf ownership (#2496 ) * example project: fix minor problems with standalone fuzzer * typo: "successfull" -> "successful" * main should explicitly return 0 on success * example project: fix minor problems with Makefile * make "all" the first target * use LIB_FUZZING_ENGINE to reference fuzzer in all places * example project: fix typos in README * Add upstream qpdf maintainer as auto_cc for qpdf I am adding myself (using my Google account) as an auto_cc in preparation for taking over ownership of the qpdf project and doing a full integration with oss-fuzz.		2019-06-09 18:59:50 -07:00
..
do_stuff_test_data	add an 'example' project (#603 )	2017-05-13 13:24:17 -07:00
Makefile	Qpdf ownership (#2496 )	2019-06-09 18:59:50 -07:00
README.md	Qpdf ownership (#2496 )	2019-06-09 18:59:50 -07:00
do_stuff_fuzzer.cpp	[example] Fix a typo in "example" project from #603 .	2017-05-14 12:56:09 +02:00
do_stuff_fuzzer.dict	Create do_stuff_fuzzer.dict	2017-05-15 17:51:38 -07:00
do_stuff_unittest.cpp	add an 'example' project (#603 )	2017-05-13 13:24:17 -07:00
my_api.cpp	add an 'example' project (#603 )	2017-05-13 13:24:17 -07:00
my_api.h	add an 'example' project (#603 )	2017-05-13 13:24:17 -07:00
standalone_fuzz_target_runner.cpp	Qpdf ownership (#2496 )	2019-06-09 18:59:50 -07:00

This directory contains an example software project that has most of the traits of ideal support for fuzzing.

Files in my-api-repo

Imagine that these files reside in your project's repository:

my_api.h: and my_api.cpp implement the API we want to test/fuzz. The function DoStuff() inside my_api.cpp contains a bug. (Find it!)
do_stuff_unittest.cpp: is a unit test for DoStuff(). Unit tests are not necessary for fuzzing but are generally a good practice.
do_stuff_fuzzer.cpp: is a fuzz target for DoStuff().
do_stuff_test_data: corpus directory for do_stuff_fuzzer.cpp.
do_stuff_fuzzer.dict: a fuzzing dictionary file for DoStuff(). Optional, but may improve fuzzing in many cases.
Makefile: is a build file (the same can be done with other build systems):
- accepts external compiler flags via $CC, $CXX, $CFLAGS, $CXXFLAGS
- accepts external fuzzing engine via $LIB_FUZZING_ENGINE, by default uses standalone_fuzz_target_runner.cpp
- builds the fuzz target(s) and their corpus archive(s)
- make check executes do_stuff_fuzzer.cpp on do_stuff_test_data/*, thus ensures that the fuzz target is up to date and uses it as a regression test.
standalone_fuzz_target_runner.cpp: is a simple standalone runner for fuzz targets. You may use it to execute a fuzz target on given files w/o having to link in libFuzzer or other fuzzing engine.

oss-fuzz/projects/example
- Dockerfile: sets up the build environment
- build.sh: builds the fuzz target(s). The smaller this file the better (most of the logic should be inside the project's build system).
- project.yaml: short project description and contact info.