Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libprotobuf-mutator / 12a53ca13d6250fa2ced4654636efd781ec4367f
commit12a53ca13d6250fa2ced4654636efd781ec4367f[log] [tgz]
authorMatt Morehouse <mascasa@google.com>Wed Aug 02 14:16:26 2017 -0700
committerVitaly Buka <vitalybuka@gmail.com>Wed Aug 02 19:10:33 2017 -0700
treeb605825b780edd5a9e6f4356e43da7cf7c7d9661
parent2ac9b0f89073743f63a549f2969b7a93056e9f54 [diff]
Use system-installed protobuf by default.

Alternatively, setting DOWNLOAD_PROTOBUF=1 in cmake will have a
working protobuf version downloaded and built automatically.
5 files changed
tree: b605825b780edd5a9e6f4356e43da7cf7c7d9661
  1. cmake/
  2. examples/
  3. port/
  4. src/
  5. .clang-format
  6. .gitignore
  7. .travis.yml
  8. AUTHORS
  9. CMakeLists.txt
  10. CONTRIBUTING
  11. LICENSE
  12. README.md
README.md

libprotobuf-mutator

Overview

libprotobuf-mutator is a library to randomly mutate protobuffers.
It could be used together with guided fuzzing engines, such as libFuzzer.

Quick start on Debian/Ubuntu

Install prerequisites:

sudo apt-get update
sudo apt-get install binutils cmake ninja-build liblzma-dev libz-dev docbook2x

Compile and test everything:

mkdir build
cd build
cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_BUILD_TYPE=Debug
ninja check

Clang is only needed for libFuzzer integration.
By default, the system-installed version of protobuf is used. However, on some systems, the system version is too old. You can pass -DDOWNLOAD_PROTOBUF=1 to cmake to automatically download and build a working version of protobuf.

Usage

To use libprotobuf-mutator simply include protobuf_mutator.h and protobuf_mutator.cc into your build files.

The ProtobufMutator class implements mutations of the protobuf tree structure and mutations of individual fields. The field mutation logic is very basic -- for better results you should override the ProtobufMutator::Mutate* methods with more sophisticated logic, e.g. using libFuzzer's mutators.

To apply one mutation to a protobuf object do the following:

class MyProtobufMutator : public protobuf_mutator::Mutator {
 public:
  MyProtobufMutator(uint32_t seed) : protobuf_mutator::Mutator(seed) {}
  // Optionally redefine the Mutate* methods to perform more sophisticated mutations.
}
void Mutate(MyMessage* message) {
  MyProtobufMutator mutator(my_random_seed);
  mutator.Mutate(message, 200);
}

See also the ProtobufMutatorMessagesTest.UsageExample test from protobuf_mutator_test.cc.

Integrating with libFuzzer

LibFuzzerProtobufMutator can help to integrate with libFuzzer. For example

#include "src/libfuzzer/libfuzzer_macro.h"

DEFINE_PROTO_FUZZER(const MyMessageType& input) {
  // Code which needs to be fuzzed.
  ConsumeMyMessageType(input);
}

Please see libfuzzer_example.cc as an example.