[ftfuzzer] Update README file.
This commit is contained in:
parent
bcf618b256
commit
6bda921da0
|
@ -1,23 +1,60 @@
|
||||||
ftfuzzer
|
ftfuzzer
|
||||||
--------
|
========
|
||||||
|
|
||||||
ftfuzzer.cc contains a target function for FreeType fuzzing.
|
|
||||||
It can be used with libFuzzer (http://llvm.org/docs/LibFuzzer.html)
|
ftfuzzer.cc
|
||||||
or potentially any other similar fuzzer.
|
-----------
|
||||||
|
|
||||||
|
This file contains a target function for FreeType fuzzing. It can be used
|
||||||
|
with libFuzzer (http://llvm.org/docs/LibFuzzer.html) or potentially any
|
||||||
|
other similar fuzzer.
|
||||||
|
|
||||||
Usage:
|
Usage:
|
||||||
1. Build libfreetype.a and ftfuzzer.cc using the most recent clang compiler
|
|
||||||
with these flags:
|
1. Build `libfreetype.a' and `ftfuzzer.cc' using the most recent clang
|
||||||
-fsanitize-coverage=edge,8bit-counters # for fuzzer coverage feedback
|
compiler with these flags:
|
||||||
-fsanitize=address,signed-integer-overflow,shift # for bug checking
|
|
||||||
2. Link with libFuzzer (it contains main()).
|
-fsanitize-coverage=edge,8bit-counters # for fuzzer coverage feedback
|
||||||
|
-fsanitize=address,signed-integer-overflow,shift # for bug checking
|
||||||
|
|
||||||
|
You also need the header files from `libarchive' for handling tar files
|
||||||
|
(see `ftmutator.cc' below for more).
|
||||||
|
|
||||||
|
2. Link with `libFuzzer' (it contains main()) and `libarchive'.
|
||||||
|
|
||||||
3. Run the fuzzer on some test corpus.
|
3. Run the fuzzer on some test corpus.
|
||||||
|
|
||||||
The exact flags and commands may vary.
|
The exact flags and commands may vary.
|
||||||
There is a continuous fuzzing bot that runs ftfuzzer:
|
|
||||||
https://github.com/google/libfuzzer-bot/tree/master/freetype.
|
|
||||||
Check the bot confituration for the most current settings.
|
|
||||||
|
|
||||||
runinput.cc contains a convenience main() function to run the target function
|
|
||||||
on a set of input files. Link it with ftfuzzer.cc and libfreetype.a
|
There is a continuous fuzzing bot that runs ftfuzzer.
|
||||||
and run like "./a.out my_tests_inputs/*"
|
|
||||||
|
https://github.com/google/libfuzzer-bot/tree/master/freetype
|
||||||
|
|
||||||
|
Check the bot configuration for the most current settings.
|
||||||
|
|
||||||
|
|
||||||
|
ftmutator.cc
|
||||||
|
------------
|
||||||
|
|
||||||
|
FreeType has the ability to `attach' auxiliary files to a font file,
|
||||||
|
providing additional information. The main usage is to load AFM files for
|
||||||
|
PostScript Type 1 fonts.
|
||||||
|
|
||||||
|
However, libFuzzer currently only supports mutation of a single input file.
|
||||||
|
For this reason, `ftmutator.cc' contains a custom fuzzer mutator that uses
|
||||||
|
an uncompressed tar file archive as the input. The first file in such a
|
||||||
|
tarball gets opened by FreeType as a font, all other files are treated as
|
||||||
|
input for `FT_Attach_Stream'.
|
||||||
|
|
||||||
|
Compilation is similar to `ftfuzzer.c'.
|
||||||
|
|
||||||
|
|
||||||
|
runinput.cc
|
||||||
|
-----------
|
||||||
|
|
||||||
|
To run the target function on a set of input files, this file contains a
|
||||||
|
convenience main() function. Link it with `ftfuzzer.cc', `libfreetype.a',
|
||||||
|
and `libarchive' and run like
|
||||||
|
|
||||||
|
./a.out my_tests_inputs/*
|
||||||
|
|
Loading…
Reference in New Issue