libfuzzerfication
LibFuzzerfication project uses libFuzzer for fuzzing popular applications and libraries.
About
Purpose of fuzzing is to automatically generate lots of test input and to make code crash and increase code coverage. libFuzzer is a library for in-process, coverage-guided evolutionary fuzzing of other libraries. It is similiar to American Fuzzy Lop (AFL) but performs fuzzing inside single process and is much faster.
Motivation
There have been lots of vulnerabilities in popular libraries that should have been (theoretically) easy to test. We want to offer easy way to fuzz-test these libraries and increase awareness about the situation. We also want this to be available to everyone.
About libfuzzer
- LibFuzzer is open-source library (part of LLVM)
- Relies on compiler instrumentation to get coverage feedback
- It is linked with the library under test
- Works fully inside the running program (a process) -> Fast!
- LibFuzzer itself can be built with any compiler and must be built without specific flags.
- Target code must be buit with Clang using ASan, USan or MSan and -fsanitize-coverage=edge[,8bit-counters,trace-cmp,indirect-calls]
Optional features are inside [].
How does this project work?
- You pull container from Dockerhub
- Start Writing your own libfuzzer stub
- Share dockerfile with other users
- Use libFuzzer to collect corpus so that other people can continue where you left off
You can start writing stubs without docker.
Getting started
- You can get started by reading our Getting started tutorial
- See example: mysamplelib
Material
- libFuzzer
- SanitizerCoverage
- You can find some nice examples from: libfuzzer-bot repo
- libFuzzer in Chrome
- Efficient Fuzzer
Tracking
Found issues
Contributors
- Atte Kettunen (@attekett)
- Mikko Yliniemi (@mikessu)
- Ossi Herrala (@oherrala)
- Jani Kenttälä (@evilon)
- Marko Laakso (@ikisusi)
- Pauli Huttunen (@WhiteEyeDoll)
- Joonas Kuorilehto (@joneskoo)
- Ari Kauppi (@arikauppi)
Visit #ouspg @ IRCnet if you're interested!
This is part of OUSPG-open