Google Git
Sign in
chromium / chromium / src / testing / libfuzzer
Clone this repo:

Branches

  1. aa1d5d6 Limit memory usage for sqlite3 fuzzer + move it to sqlite dir. by mmoroz · 3 days ago master
  2. 3e5d3ea [libfuzzer] Set max_len=64 for v8_regexp_parser_fuzzer. by mmoroz · 5 days ago
  3. babcca8 Add a fuzzer for the Content-Security-Policy header. by jbroman · 7 days ago
  4. e7d0ff8 [libfuzzer] Recommend to use `use_libfuzzer` for development more explicitly. by mmoroz · 10 days ago
  5. ce72362 Add a fuzzer for the feature policy string parser. by iclelland · 11 days ago

libFuzzer in Chrome

go/libfuzzer-chrome

Getting Started | Buildbot | ClusterFuzz Status | Cover Bug

This directory contains integration between libFuzzer and Chrome. libFuzzer is an in-process coverage-driven evolutionary fuzzer. It helps engineers to uncover potential security & stability problems earlier.

Requirements: libFuzzer in Chrome is supported with GN on Linux only. Check Reference for experimental platform availability.

Integration Status

Fuzzer tests are well-integrated with Chrome build system & distributed ClusterFuzz fuzzing system. Cover bug: crbug.com/539572.

Documentation

  • Getting Started Guide walks you through all the steps necessary to create your fuzzer and submit it to ClusterFuzz.
  • Efficient Fuzzer Guide explains how to measure fuzzer effectiveness and ways to improve it.
  • ClusterFuzz Integration describes integration between ClusterFuzz and libFuzzer.
  • Reproducing contains information on how to reproduce bugs reported by ClusterFuzz.
  • Reference contains detailed references for different integration parts.

Trophies

  • ClusterFuzz Bugs - issues found and automatically filed by ClusterFuzz.
  • Manual Bugs - issues that were filed manually after running fuzzers.
  • Pdfium Bugs - bugs found in pdfium by manual fuzzing.
  • OSS Trophies - bugs found with libFuzzer in open-source projects.

Blog Posts

Project Links