| This directory contains source code and build scripts for coverage-guided |
| fuzzers. |
| |
| Detailed instructions are available at: |
| |
| https://github.com/google/oss-fuzz/blob/master/docs/ |
| |
| Quick start: |
| |
| Build a container |
| |
| $ docker build -t ossfuzz/tpm2 -f fuzz/Dockerfile . |
| |
| Build fuzzers |
| |
| $ docker run -ti --rm -v $(pwd):/src/tpm2 -v /tmp/fuzzers:/out \ |
| ossfuzz/tpm2 |
| |
| Look in /tmp/fuzzers to see the executables. Run them like so: |
| |
| $ docker run -ti -v $(pwd)/fuzz/corpus-execute-command:/corpus \ |
| -v /tmp/fuzzers:/out ossfuzz/libfuzzer-runner \ |
| /out/tpm2_execute_command_fuzzer /corpus -runs=100 |
| |
| To reproduce a crash under gdb: |
| |
| Build a container |
| |
| $ docker build -t ossfuzz/tpm2 -f fuzz/Dockerfile . |
| |
| Build fuzzers |
| |
| $ docker run -ti --rm -v $(pwd):/src/tpm2 -v /tmp/fuzzers:/out \ |
| ossfuzz/tpm2 |
| or |
| |
| $ docker run -ti --rm -v $(pwd):/src/tpm2 -v /tmp/fuzzers:/out \ |
| -e FUZZING_ENGINE=libfuzzer \ |
| -e SANITIZER=<address/memory/undefined> \ |
| ossfuzz/tpm2 |
| |
| Get a shell in the container |
| |
| $ docker run -ti --privileged \ |
| -v <crash_testcase>:/testcase \ |
| -v /tmp/fuzzers:/out \ |
| -v $(pwd):/src/tpm2 \ |
| -t ossfuzz/libfuzzer-runner |
| |
| In the container |
| |
| # gdb /out/tpm2_execute_command_fuzzer |
| |
| In gdb |
| |
| (gdb) r /testcase |