Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / honggfuzz / 7ff7d6ceca3114ff76da6c531bb7b25e2f0509b4
commit7ff7d6ceca3114ff76da6c531bb7b25e2f0509b4[log] [tgz]
authorAnestis Bechtsoudis <anestis@census-labs.com>Tue Oct 18 16:36:17 2016 +0300
committerAnestis Bechtsoudis <anestis@census-labs.com>Tue Oct 18 16:36:17 2016 +0300
treedb015bd35d7d54b0e883230731ad05ec6d39da58
parentf5ded9301f4aa232671aa6ae0d9b04f6e53ea5ed [diff]
parent482eae8730dc1d5eafaf0fa95da0beb366696cd4 [diff]
Merge branch 'master' into android-libhfuzz

* master:
  Fix submodule init bug when non-recursive clone
tree: db015bd35d7d54b0e883230731ad05ec6d39da58
  1. android/
  2. docs/
  3. examples/
  4. libhfuzz/
  5. linux/
  6. mac/
  7. posix/
  8. third_party/
  9. tools/
  10. .gitignore
  11. .gitmodules
  12. arch.h
  13. CHANGELOG
  14. cmdline.c
  15. cmdline.h
  16. common.h
  17. CONTRIBUTING
  18. COPYING
  19. display.c
  20. display.h
  21. files.c
  22. files.h
  23. fuzz.c
  24. fuzz.h
  25. honggfuzz.c
  26. log.c
  27. log.h
  28. Makefile
  29. mangle.c
  30. mangle.h
  31. README.md
  32. report.c
  33. report.h
  34. sancov.c
  35. sancov.h
  36. subproc.c
  37. subproc.h
  38. util.c
  39. util.h
README.md

honggfuzz

Description

  • A general-purpose, easy-to-use fuzzer with interesting analysis options. See USAGE for details
  • Supports several hardware-based (CPU) and software-based feedback-driven fuzzing methods
  • It works (at least) under GNU/Linux, FreeBSD, Mac OS X, Windows/CygWin and Android
  • Supports persistent modes of fuzzing (long-lived process calling a fuzzed API repeatedly) with libhfuzz
  • Can fuzz standalone long-lasting processes (e.g. network servers like Apache's httpd and ISC's bind)

Code

Requirements

  • Linux - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev)
  • FreeBSD - gmake
  • Android - Android SDK/NDK. Also see this detailed doc on how to build and run it
  • Windows - CygWin
  • Darwin/OS X - Xcode 10.8+
  • if Clang/LLVM is used - the BlocksRuntime Library (libblocksruntime-dev)

Trophies

The tool has been used to find a few interesting security problems in major software packages; Examples:

Other

This is NOT an official Google product.