test: move fuzzing tests from google/oss-fuzz repository #4719
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fuzz targets moved from google/oss-fuzz repository. SA google/oss-fuzz#12506 for more details about advantages.
How does it work?
There is a new cmake option -
ENABLE_FUZZING
(for clang only). It enables fuzz targets (binaries withLLVMFuzzerTestOneInput
as entrypoint). This option is used bybuild/script/oss-fuzz-build.sh
script which will be called fromoss-fuzz
build process (I will prepare an MR for that). Fuzz targets with seed corpus and dictionaries are copied toOUT
directory and oss-fuzz runs them. Please have a look the documentation for details.Why do we need
seed
in this repository?It increases the efficiency of fuzzing significantly if the fuzz target is quite complex. Seed can contain any data (valid or malformed), the only goal is to provide fuzzers a hint of how to reach some code branches.
Can we put all seed files into a single tar archive?
Yes, we can do anything we want with the seed, there is only one requirement -
oss-fuzz-build.sh
has to prepare seed corpus with the name$fuzzer_seed_corpus.zip
in$OUT
directory where$fuzzer
is the name of fuzz binary.Is it possible to test it locally?
Sure. You can have a look at
build/script/oss-fuzz-build.sh
as a reference. Please note that this script is running on oss-fuzz environment where env likeCC
,CXX
, etc have special values. But in general, you can do the following:and run fuzzers. See the doc for reference: https://llvm.org/docs/LibFuzzer.html