diff --git a/ChangeLog b/ChangeLog index b63e65733..a71cb866c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2015-10-15 Kostya Serebryany + + [ftfuzzer] Add README. + + * src/tools/ftfuzzer/README: New file. + 2015-10-15 Bungeman [bdf] Fix memory leak (#46213). diff --git a/src/tools/ftfuzzer/README b/src/tools/ftfuzzer/README new file mode 100644 index 000000000..7248bb7b1 --- /dev/null +++ b/src/tools/ftfuzzer/README @@ -0,0 +1,23 @@ +ftfuzzer +-------- + +ftfuzzer.cc contains a target function for FreeType fuzzing. +It can be used with libFuzzer (http://llvm.org/docs/LibFuzzer.html) +or potentially any other similar fuzzer. + +Usage: + 1. Build libfreetype.a and ftfuzzer.cc using the most recent clang compiler + with these flags: + -fsanitize-coverage=edge,8bit-counters # for fuzzer coverage feedback + -fsanitize=address,signed-integer-overflow,shift # for bug checking + 2. Link with libFuzzer (it contains main()). + 3. Run the fuzzer on some test corpus. + +The exact flags and commands may vary. +There is a continuous fuzzing bot that runs ftfuzzer: +https://github.com/google/libfuzzer-bot/tree/master/freetype. +Check the bot confituration for the most current settings. + +runinput.cc contains a convenience main() function to run the target function +on a set of input files. Link it with ftfuzzer.cc and libfreetype.a +and run like "./a.out my_tests_inputs/*"