2 files changed, 54 insertions, 1 deletions

diff --git a/fuzzers/README.rst b/fuzzers/README.rst
new file mode 100644
index 0000000..d052303
--- /dev/null
+++ b/fuzzers/README.rst
@@ -0,0 +1,51 @@
+Fuzzers
+=======
+
+This directory contains a collection of fuzzing tools. Each tests a different
+entry point to the code.
+
+Usage notes:
+
+1. Install AFL:
+
+   .. code::
+
+      apt-get install afl
+
+2. Build the fuzzers:
+
+   .. code::
+
+      make fuzzers
+
+3. Some of the tests (eg ``fuzz_decrypt`` and ``fuzz_group_decrypt``) require a
+   session file. You can use the ones generated by the python test script
+   (``python/test.sh``).
+
+4. Make some work directories:
+
+   .. code::
+
+      mkdir -p fuzzing/in fuzzing/out
+
+5. Generate starting input:
+
+   .. code::
+
+      echo "Test" > fuzzing/in/test
+
+6. Run the test under ``afl-fuzz``:
+
+   .. code::
+
+      afl-fuzz -i fuzzing/in -o fuzzing/out -- \
+         ./build/fuzzers/fuzz_<fuzzing_tool> [<test args>]
+
+7. To resume with the data produced by an earlier run:
+
+   .. code::
+
+       afl-fuzz -i- -o existing_output_dir [...etc...]
+
+8. If it shows failures, pipe the failure case into
+   ``./build/fuzzers/debug_<fuzzing_tool>``, fix, and repeat.
diff --git a/fuzzers/fuzz_group_decrypt.cpp b/fuzzers/fuzz_group_decrypt.cpp
index 1fc99d7..bb12d0e 100644
--- a/fuzzers/fuzz_group_decrypt.cpp
+++ b/fuzzers/fuzz_group_decrypt.cpp
@@ -54,6 +54,8 @@ int main(int argc, const char *argv[]) {
 
     uint8_t plaintext[max_length];
 
+    uint32_t ratchet_index;
+
     size_t length = check_error(
         olm_inbound_group_session_last_error,
         session,
@@ -61,7 +63,7 @@ int main(int argc, const char *argv[]) {
         olm_group_decrypt(
             session,
             message_buffer, message_length,
-            plaintext, max_length
+            plaintext, max_length, &ratchet_index
         )
     );