aboutsummaryrefslogtreecommitdiff
path: root/fuzzers
diff options
context:
space:
mode:
authorRichard van der Hoff <github@rvanderhoff.org.uk>2016-10-19 15:20:54 +0100
committerGitHub <noreply@github.com>2016-10-19 15:20:54 +0100
commit780203b05410b7311dc55f245bba76cbe090a81e (patch)
treef7b94b60788bb6b2340455c294e5ea9a37470075 /fuzzers
parent38acc352a3f3aac40c132e5321da540da38c832e (diff)
parentcada801de524fcbb085bced6fb49a079fad2c1e0 (diff)
Merge pull request #27 from matrix-org/rav/fuzzers_readme
Add a README for the fuzzers
Diffstat (limited to 'fuzzers')
-rw-r--r--fuzzers/README.rst51
1 files changed, 51 insertions, 0 deletions
diff --git a/fuzzers/README.rst b/fuzzers/README.rst
new file mode 100644
index 0000000..b3142ca
--- /dev/null
+++ b/fuzzers/README.rst
@@ -0,0 +1,51 @@
+Fuzzers
+=======
+
+This directory contains a collection of fuzzing tools. Each tests a different
+entry point to the code.
+
+Usage notes:
+
+1. Install AFL:
+
+ .. code::
+
+ apt-get install afl
+
+2. Build the fuzzers:
+
+ .. code::
+
+ make fuzzers
+
+3. Some of the tests (eg ``fuzz_decrypt`` and ``fuzz_group_decrypt``) require a
+ session file. You can use the ones generated by the python test script
+ (``python/test.sh``).
+
+4. Make some work directories:
+
+ .. code::
+
+ mkdir -p fuzzing/in fuzzing/out
+
+5. Generate starting input:
+
+ .. code::
+
+ echo "Test" > fuzzing/in/test
+
+6. Run the test under ``afl-fuzz``:
+
+ .. code::
+
+ afl-fuzz -i fuzzing/in -o fuzzing/out -- \
+ ./build/fuzzers/fuzz_<fuzzing_tool> [<test args>]
+
+7. To resume with the data produced by an earlier run:
+
+ .. code::
+
+ ./afl-fuzz -i- -o existing_output_dir [...etc...]
+
+8. If it shows failures, pipe the failure case into
+ ``./build/fuzzers/debug_<fuzzing_tool>``, fix, and repeat.