Jef 20d28e80a5 Initial community commit | 3 months ago | |
---|---|---|
.. | ||
all_formats.dict | 3 months ago | |
build.sh | 3 months ago | |
fuzz-main.sh | 3 months ago | |
fuzz-secondary1.sh | 3 months ago | |
fuzz-secondary2.sh | 3 months ago | |
fuzz-settings.sh | 3 months ago | |
fuzz.c | 3 months ago | |
get-afl.sh | 3 months ago | |
readme.md | 3 months ago |
In this directory, you can find the necessary tools for fuzzing libopenmpt with the American Fuzzy Lop fuzzer (afl++).
Contents:
all_formats.dict
: A dictionary containing magic bytes from all supported
module formats to make the life of the fuzzer a bit easier.fuzz-main.sh
: Script to launch the main fuzzing process. If you want to
use just one fuzzer instance, run this one.fuzz-secondary[1|2].sh
: Scripts to launch the secondary fuzzing process. It
is recommended to run at least two fuzzer instances, as the deterministic and
random fuzz mode have been found to complement each other really well. The two
scripts are set up to use different exploration strategiesfuzz-settings.sh
: Set up your preferences and afl settings here before the
first run.fuzz.c
: A tiny C program that is used by the fuzzer to test libopenmpt.get-afl.sh
: A simple script to obtain the latest version of afl++.
You can also make it download from a specific branch or tag, e.g.
GET_AFL_VERSION=stable ./get-afl.sh
to download the latest stable but
unreleased code.contrib/fuzzing/afl
, as it is automatically done by
the get-afl.sh
install script.get-afl.sh
, or manually extract afl to contrib/fuzzing/afl
, use
make source-only
to build. If building fails because llvm-config
cannot be
found, try prepending LLVM_CONFIG=/usr/bin/llvm-config-12
or similar, and
read the afl manual.build.sh
script in this directory.fuzz-settings.sh
to your taste. Most importantly, you will have to
specify the input directory for first use.
The default setup mounts a tmpfs folder for all temporary files. You may
change this behaviour if you do not have root privileges.fuzz-main.sh
for the first (deterministic) instance of afl-fuzz.fuzz-secondary1.sh
and/or fuzz-secondary2.sh
.fuzz-secondary2.sh
and adjust "infile03" / "fuzzer03" to
"infile04" / "fuzzer04" and so o (they need to be unique). Try variying the
fuzzing strategey (the -p parameter) to get results more quickly.