Merge pull request #27 from matrix-org/rav/fuzzers_readme

Add a README for the fuzzers

1 files changed, 51 insertions, 0 deletions

diff --git a/fuzzers/README.rst b/fuzzers/README.rst
new file mode 100644
index 0000000..b3142ca
--- /dev/null
+++ b/fuzzers/README.rst
@@ -0,0 +1,51 @@
+Fuzzers
+=======
+
+This directory contains a collection of fuzzing tools. Each tests a different
+entry point to the code.
+
+Usage notes:
+
+1. Install AFL:
+
+   .. code::
+
+      apt-get install afl
+
+2. Build the fuzzers:
+
+   .. code::
+
+      make fuzzers
+
+3. Some of the tests (eg ``fuzz_decrypt`` and ``fuzz_group_decrypt``) require a
+   session file. You can use the ones generated by the python test script
+   (``python/test.sh``).
+
+4. Make some work directories:
+
+   .. code::
+
+      mkdir -p fuzzing/in fuzzing/out
+
+5. Generate starting input:
+
+   .. code::
+
+      echo "Test" > fuzzing/in/test
+
+6. Run the test under ``afl-fuzz``:
+
+   .. code::
+
+      afl-fuzz -i fuzzing/in -o fuzzing/out -- \
+         ./build/fuzzers/fuzz_<fuzzing_tool> [<test args>]
+
+7. To resume with the data produced by an earlier run:
+
+   .. code::
+
+      ./afl-fuzz -i- -o existing_output_dir [...etc...]
+
+8. If it shows failures, pipe the failure case into
+   ``./build/fuzzers/debug_<fuzzing_tool>``, fix, and repeat.