aboutsummaryrefslogtreecommitdiff
path: root/fuzzers/README.rst
diff options
context:
space:
mode:
authormanuroe <manu@matrix.org>2016-11-07 17:21:39 +0100
committermanuroe <manu@matrix.org>2016-11-07 17:21:39 +0100
commit5d1b66c350ac017613982f904b896750766654de (patch)
treea290c557e7881f7eb48cbdd568a4f3e43cb749c6 /fuzzers/README.rst
parent62f52806702b799b9e25e7cdf07be1c8a31325a2 (diff)
parentf6c05be8c5d35e725a8a2ed5ad661398ac9f8cd2 (diff)
Merge remote-tracking branch 'origin/master' into olmkit
Diffstat (limited to 'fuzzers/README.rst')
-rw-r--r--fuzzers/README.rst51
1 files changed, 51 insertions, 0 deletions
diff --git a/fuzzers/README.rst b/fuzzers/README.rst
new file mode 100644
index 0000000..d052303
--- /dev/null
+++ b/fuzzers/README.rst
@@ -0,0 +1,51 @@
+Fuzzers
+=======
+
+This directory contains a collection of fuzzing tools. Each tests a different
+entry point to the code.
+
+Usage notes:
+
+1. Install AFL:
+
+ .. code::
+
+ apt-get install afl
+
+2. Build the fuzzers:
+
+ .. code::
+
+ make fuzzers
+
+3. Some of the tests (eg ``fuzz_decrypt`` and ``fuzz_group_decrypt``) require a
+ session file. You can use the ones generated by the python test script
+ (``python/test.sh``).
+
+4. Make some work directories:
+
+ .. code::
+
+ mkdir -p fuzzing/in fuzzing/out
+
+5. Generate starting input:
+
+ .. code::
+
+ echo "Test" > fuzzing/in/test
+
+6. Run the test under ``afl-fuzz``:
+
+ .. code::
+
+ afl-fuzz -i fuzzing/in -o fuzzing/out -- \
+ ./build/fuzzers/fuzz_<fuzzing_tool> [<test args>]
+
+7. To resume with the data produced by an earlier run:
+
+ .. code::
+
+ afl-fuzz -i- -o existing_output_dir [...etc...]
+
+8. If it shows failures, pipe the failure case into
+ ``./build/fuzzers/debug_<fuzzing_tool>``, fix, and repeat.