Skip to content

Latest commit

 

History

History
 
 

fuzz

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
inputs
inputs
 
 
LICENSE.apache2
LICENSE.apache2
 
 
README.md
README.md
 
 
main.zig
main.zig
 
 
sql.dict
sql.dict
 
 

README.md

fuzz testing

This repository contains a binary used for fuzz testing.

Acknowledgments

The fuzz setup with AFL++ comes from Ryan Liptak's blog post. See this example repo too.

Prerequisites

To build the fuzz binary we need the afl-clang-lto binary in the system path. The recommended way to get that is to install AFL++.

If you don't want to install it system-wide you can also do this instead:

make PREFIX=$HOME/local install

then make sure that $HOME/local/bin is in your system path.

If you installed LLVM from source as described in the Zig wiki, do this instead:

LLVM_CONFIG=$HOME/local/llvm15-release/bin/llvm-config make PREFIX=$HOME/local install

Build and run

Once AFL++ is installed, build the fuzz binary:

$ zig build fuzz

Finally to run the fuzzer do this:

$ afl-fuzz -i - -o fuzz/outputs -- ./zig-out/bin/fuzz

Note that afl-fuzz might complain about core dumps being sent to an external utility (usually systemd).

You'll have to do this as root:

# echo core > /proc/sys/kernel/core_pattern

afl-fuzz might also complain about the scaling governor, setting AFL_SKIP_CPUFREQ as suggested is good enough:

$ AFL_SKIP_CPUFREQ=1 afl-fuzz -i - -o fuzz/outputs -- ./zig-out/bin/fuzz

Debugging a crash

If afl-fuzz finds a crash it will be added to fuzz/outputs/default/crashes.XYZ.

To debug the crash you can run the fuzz binary and giving it the content of the crash via stdin, for example:

$ ./zig-out/bin/fuzz < 'fuzz/outputs/default/crashes.2021-12-31-12:43:12/id:000000,sig:06,src:000004,time:210548,execs:1011599,op:havoc,rep:2'