Closed djn3m0 closed 2 years ago
Wabt uses the fuzz-in
directory via the afl-fuzzer builds. See more about AFL here: http://lcamtuf.coredump.cx/afl/.
It takes a bit of setup, but if you create a symbol link in the source directory called afl-fuzz
and point it to AFL's bin dir (after compiling), you can build the wabt tools with fuzzing by running make gcc-fuzz-debug
. Then you can use the scripts/fuzz-wasm2wast
and scripts/fuzz-wast2wasm
scripts to run the fuzzer.
You're right that it would be good to add documentation about this. :-)
So it is something to fuzz webassembly tools or the javascript engine that gonna load and parse them?
And you are right, I think it would be great to have more detailed documentation about it.
Yes, this is just used to fuzz wabt's wast2wasm
and wasm2wast
tools. I don't know much about other WebAssembly implementations, but I assume most of them fuzz inputs as well. See, for example, v8's wasm fuzzer: https://chromium.googlesource.com/v8/v8/+/refs/heads/lkgr/test/fuzzer/wasm.cc
Hi,
Im interested to know more about 'fuzz-in' directory and how to use those content to fuzz webassembly, but the readme file doesnt have any information about them! Can you please explain how I can use those files and what is the idea of the fuzzer?
Thanks