LibFuzzerfication project uses libFuzzer for fuzzing popular applications and libraries.
Purpose of fuzzing is to automatically generate lots of test input and to make code crash and increase code coverage. libFuzzer is a library for in-process, coverage-guided evolutionary fuzzing of other libraries. It is similiar to American Fuzzy Lop (AFL) but performs fuzzing inside single process and is much faster.
There have been lots of vulnerabilities in popular libraries that should have been (theoretically) easy to test. We want to offer easy way to fuzz-test these libraries and increase awareness about the situation. We also want this to be available to everyone.
- LibFuzzer is open-source library (part of LLVM)
- Relies on compiler instrumentation to get coverage feedback
- It is linked with the library under test
- Works fully inside the running program (a process) -> Fast!
- LibFuzzer itself can be built with any compiler and must be built without specific flags.
- Target code must be buit with Clang using ASan, USan or MSan and -fsanitize-coverage=edge[,8bit-counters,trace-cmp,indirect-calls]
Optional features are inside [].
- You pull container from Dockerhub
- Start Writing your own libfuzzer stub
- Share dockerfile with other users
- Use libFuzzer to collect corpus so that other people can continue where you left off
You can start writing stubs without docker.
- You can get started by reading our Getting started tutorial
- See example: mysamplelib
- libFuzzer
- SanitizerCoverage
- You can find some nice examples from: libfuzzer-bot repo
- libFuzzer in Chrome
- Efficient Fuzzer
- Atte Kettunen (@attekett)
- Mikko Yliniemi (@mikessu)
- Ossi Herrala (@oherrala)
- Jani Kenttälä (@evilon)
- Marko Laakso (@ikisusi)
- Pauli Huttunen (@WhiteEyeDoll)
- Joonas Kuorilehto (@joneskoo)
- Ari Kauppi (@arikauppi)
Visit #ouspg @ IRCnet if you're interested!
This is part of OUSPG-open