• Home
Name Date Size #Lines LOC

..--

do_stuff_test_data/03-May-2024-22

MakefileD03-May-20241.9 KiB5517

README.mdD03-May-20242.4 KiB3022

do_stuff_fuzzer.cppD03-May-2024430 147

do_stuff_fuzzer.dictD03-May-2024176 76

do_stuff_unittest.cppD03-May-2024927 3220

my_api.cppD03-May-2024670 2617

my_api.hD03-May-2024283 92

standalone_fuzz_target_runner.cppD03-May-20241.4 KiB3721

README.md

1Example of [OSS-Fuzz ideal integration](https://google.github.io/oss-fuzz/advanced-topics/ideal-integration/).
2
3This directory contains an example software project that has most of the traits of [ideal](https://google.github.io/oss-fuzz/advanced-topics/ideal-integration/) support for fuzzing.
4
5## Files in my-api-repo
6Imagine that these files reside in your project's repository:
7
8* [my_api.h](my_api.h): and [my_api.cpp](my_api.cpp) implement the API we want to test/fuzz. The function `DoStuff()` inside [my_api.cpp](my_api.cpp) contains a bug. (Find it!)
9* [do_stuff_unittest.cpp](do_stuff_unittest.cpp): is a unit test for `DoStuff()`. Unit tests are not necessary for fuzzing but are generally a good practice.
10* [do_stuff_fuzzer.cpp](do_stuff_fuzzer.cpp): is a [fuzz target](http://libfuzzer.info/#fuzz-target) for `DoStuff()`.
11* [do_stuff_test_data](do_stuff_test_data): corpus directory for [do_stuff_fuzzer.cpp](do_stuff_fuzzer.cpp).
12* [do_stuff_fuzzer.dict](do_stuff_fuzzer.dict): a [fuzzing dictionary file](https://google.github.io/oss-fuzz/getting-started/new-project-guide#dictionaries) for `DoStuff()`. Optional, but may improve fuzzing in many cases.
13* [Makefile](Makefile): is a build file (the same can be done with other build systems):
14  * accepts external compiler flags via `$CC`, `$CXX`, `$CFLAGS`, `$CXXFLAGS`
15  * accepts external fuzzing engine via `$LIB_FUZZING_ENGINE`, by default uses [standalone_fuzz_target_runner.cpp](standalone_fuzz_target_runner.cpp)
16  * builds the fuzz target(s) and their corpus archive(s)
17  * `make check` executes [do_stuff_fuzzer.cpp](do_stuff_fuzzer.cpp) on [`do_stuff_test_data/*`](do_stuff_test_data), thus ensures that the fuzz target is up to date and uses it as a regression test.
18* [standalone_fuzz_target_runner.cpp](standalone_fuzz_target_runner.cpp): is a simple standalone runner for fuzz targets. You may use it to execute a fuzz target on given files w/o having to link in libFuzzer or other fuzzing engine.
19
20## Files in OSS-Fuzz repository
21* [oss-fuzz/projects/example](..)
22  * [Dockerfile](../Dockerfile): sets up the build environment
23  * [build.sh](../build.sh): builds the fuzz target(s). The smaller this file the better (most of the logic should be inside the project's build system).
24  * [project.yaml](../project.yaml): short project description and contact info.
25
26## Example bug
27Example bug report filed automatically: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1562
28
29
30