1# Fuzzing glibc based programs # 2 3**Requirements** 4 * gcc-6 or, for best results (cmp instrumentation), gcc-8 released after 2017-10 5 * relatively modern glibc (e.g. 2.26) 6 7**Prepare glibc** 8 9```shell 10$ gcc -c ~/src/honggfuzz/examples/glibc/wrappers.c -o /tmp/wrappers.o 11$ cd ~/src/glibc-2.26 12$ mkdir build && cd build 13$ CC="gcc-8 -Wl,/tmp/wrappers.o" CFLAGS="-fsanitize-coverage=trace-pc,trace-cmp -O3 -fno-omit-frame-pointer -ggdb -Wno-error" ../configure --prefix=/usr --without-cvs --enable-add-ons=libidn --without-selinux --enable-stackguard-randomization --enable-obsolete-rpc --disable-sanity-checks 14$ make -j$(nproc) lib 15``` 16 17_For gcc < 8, use the following ```CFLAGS```, as gcc < 8 doesn't support -fsanitize-coverage=trace-cmp_ 18 19```shell 20CFLAGS="-fsanitize-coverage=trace-pc -O3 -fno-omit-frame-pointer -ggdb -Wno-error" 21``` 22 23**Compile code** 24 25```shell 26$ ~/src/honggfuzz/hfuzz-cc/hfuzz-gcc -Wl,-z,muldefs -nodefaultlibs -I ~/src/honggfuzz/ ~/src/honggfuzz/examples/glibc/resolver.c -o resolver -L ~/src/glibc-2.26/build -L ~/src/glibc-2.26/build/nptl -L ~/src/glibc-2.26/rt -L ~/src/glibc-2.26/build/resolv ~/src/honggfuzz/libhfuzz/libhfuzz.a -lc -static -lgcc -lpthread -lgcc_eh -lc 27``` 28 29**Fuzz it** 30 31```shell 32$ ~/src/honggfuzz/honggfuzz -f IN/ -P -- ./resolver 33``` 34