Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / honggfuzz / d57cb6125e3e4176ace1a3dd05bc92cd2155f104
commitd57cb6125e3e4176ace1a3dd05bc92cd2155f104[log] [tgz]
authorRobert Swiecki <robert@swiecki.net>Sat Oct 15 02:34:19 2016 +0200
committerRobert Swiecki <robert@swiecki.net>Sat Oct 15 02:34:19 2016 +0200
treeb5173c1f6e1d703af18dc0a3407ad30fc45a0d3c
parente7fd19e134df3b9ec7026bf5123d9587308db1cb [diff]
parent884860af2bd6db8c48723ad87593e002578f3c47 [diff]
Merge branch 'master' of ssh://github.com/google/honggfuzz
tree: b5173c1f6e1d703af18dc0a3407ad30fc45a0d3c
  1. android/
  2. docs/
  3. examples/
  4. libhfuzz/
  5. linux/
  6. mac/
  7. posix/
  8. third_party/
  9. tools/
  10. .gitignore
  11. arch.h
  12. CHANGELOG
  13. cmdline.c
  14. cmdline.h
  15. common.h
  16. CONTRIBUTING
  17. COPYING
  18. display.c
  19. display.h
  20. files.c
  21. files.h
  22. fuzz.c
  23. fuzz.h
  24. honggfuzz.c
  25. log.c
  26. log.h
  27. Makefile
  28. mangle.c
  29. mangle.h
  30. README.md
  31. report.c
  32. report.h
  33. sancov.c
  34. sancov.h
  35. subproc.c
  36. subproc.h
  37. util.c
  38. util.h
README.md

honggfuzz

Description

  • A general-purpose, easy-to-use fuzzer with interesting analysis options. See USAGE for details
  • Supports several hardware-based (CPU) and software-based feedback-driven fuzzing methods
  • It works (at least) under GNU/Linux, FreeBSD, Mac OS X, Windows/CygWin and Android
  • Supports persistent modes of fuzzing (long-lived process calling a fuzzed API repeatedly) with libhfuzz
  • Can fuzz standalone long-lasting processes (e.g. network servers like Apache's httpd and ISC's bind)

Code

Requirements

  • Linux - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev)
  • FreeBSD - gmake
  • Android - Android SDK/NDK. Also see this detailed doc on how to build and run it
  • Windows - CygWin
  • if Clang/LLVM is used - the BlocksRuntime Library (libblocksruntime-dev)

Trophies

The tool has been used to find a few interesting security problems in major software packages; Examples:

Other

This is NOT an official Google product.