faq.md - OpenGrok cross reference for /external/oss-fuzz/docs/faq.md

Lines Matching +full:oss +full:- +full:fuzz
1 ---
7 ---
11 - TOC
13 ---
19 [useful links]({{ site.baseurl }}/reference/useful-links/#tutorials) page.
27 user security. We will consider each request on a case-by-case basis, but some
30   - Exposure to remote attacks (e.g. libraries that are used to process
32   - Number of users/other projects depending on this project.
37 ## How can I find potential fuzz targets in my open source project?
41   - consume un-trusted data from users or from the network.
42   - consume complex input data even if it's 'trusted'.
43   - use an algorithm that has two or more implementations
45 …- look for existing fuzz target [examples](https://github.com/google/oss-fuzz/tree/master/projects)
48 ## Where can I store fuzz target sources and the build script if it's not yet accepted upstream?
50 Fuzz target sources as well as the build script may temporarily live inside the
51 `projects/<your_project>` directory in the OSS-Fuzz repository. Note that we do
55 ## My project is not open source. Can I use OSS-Fuzz?
57 You cannot use OSS-Fuzz, but you can use [ClusterFuzz] which OSS-Fuzz is based
58 on. ClusterFuzz is an open-source fuzzing infrastructure that you can deploy in
61 OSS-Fuzz is a production instance of ClusterFuzz, plus the code living in
62 [OSS-Fuzz repository]: build scripts, `project.yaml` files with contacts, etc.
64 [OSS-Fuzz repository]: https://github.com/google/oss-fuzz
66 …different issue tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list) for reporting bugs in O…
68 Security access control is important for the kind of issues that OSS-Fuzz detects.
74 Our [ClusterFuzz]({{ site.baseurl }}/further-reading/clusterfuzz) fuzzing
75 infrastructure and [issue tracker](https://bugs.chromium.org/p/oss-fuzz/issues/list)
83 special compiler flags.  An easy-to-use Docker image is provided to simplify
90 If a single input to a [fuzz target]({{ site.baseurl }}/reference/glossary/#fuzz-target)
92 report this as a timeout or an OOM (out-of-memory) bug
93 (examples: [timeouts](https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q=%22Crash+Type%3A+Tim…
94 [OOMs](https://bugs.chromium.org/p/oss-fuzz/issues/list?can=1&q="Crash+Type%3A+Out-of-memory")).
103 So, we report only one timeout and only one OOM bug per fuzz target.
108 ## Can I launch an additional process (e.g. a daemon) from my fuzz target?
110 No. In order to get all the benefits of in-process, coverage-guided fuzz testing,
115 Another rule of thumb is: "the smaller fuzz target is, the better it is". It is
116 expected that your project will have many fuzz targets to test different
117 components, instead of a single fuzz target trying to cover everything.
118 Think of fuzz target as a unit test, though it is much more powerful since it
121 ## What if my fuzz target finds a bug in another project (dependency) ?
123 Every bug report has a crash stack-trace that shows where the crash happened.
126 - If this is a bug is due to an incorrect usage of the dependent project's API 
128 - If this is a real bug in the dependent project, then you should CC the
131 is maintained in OSS-Fuzz, you can search for contacts in the respective
136 If your fuzz target is running for many days and does not find bugs or new
138 - We've covered all reachable code. In order to cover more code we need more
139   fuzz targets.
140 - The [seed corpus]({{ site.baseurl }}/getting-started/new-project-guide#seed-corpus) is not good e…
143 - There is some crypto/crc stuff in the code that will prevent any fuzzing
145   [fuzzing mode](http://libfuzzer.info#fuzzer-friendly-build-mode).
146   Examples: [openssl](https://github.com/openssl/openssl/tree/master/fuzz#reproducing-issues),
147   [boringssl](https://boringssl.googlesource.com/boringssl/+/HEAD/FUZZING.md#Fuzzer-mode)
148 - It is also possible that the fuzzer is running too slow
149   (you may check the speed of your targets at https://oss-fuzz.com/)
152 [coverage reports]({{ site.baseurl }}/further-reading/clusterfuzz#coverage-reports)
171 [code coverage]({{ site.baseurl }}/advanced-topics/code-coverage/) for detailed
174 ## What happens when I rename a fuzz target ?
176 If you rename your fuzz targets, the existing bugs for those targets will get
179 the number of cpu cycles that original fuzz target has run. If this is not
180 desirable, make sure to copy the accumulated corpora from the original fuzz
182 [here]({{ site.baseurl }}/advanced-topics/corpora/#downloading-the-corpus)) and
184 new location [here]({{ site.baseurl }}/advanced-topics/corpora/#viewing-the-corpus-for-a-fuzz-targe…
186 ## Does OSS-Fuzz support AFL or honggfuzz?
188 OSS-Fuzz *uses* the following
189 [fuzzing engines]({{ site.baseurl }}/reference/glossary/#fuzzing-engine):
193    well-maintained version of [AFL](https://lcamtuf.coredump.cx/afl/).
196 Follow the [new project guide] and OSS-Fuzz will use all its fuzzing engines
201 OSS-Fuzz builders have 32CPU/28.8GB RAM.
203 Fuzzing machines only have a single core and fuzz targets should not use more
206 ## Are there any restrictions on using test cases / corpora generated by OSS-Fuzz?
209 corpora generated by OSS-Fuzz. OSS-Fuzz infrastructure is fully open source
211 have no intent to restrict the use of the artifacts produced by OSS-Fuzz.
214 [new project guide]: {{ site.baseurl }}/getting-started/new-project-guide/
215 [ideal integration guide]: {{ site.baseurl }}/getting-started/new-project-guide/