dali/bacnet_stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AFL + Libfuzzer harnesses (#455)

Browse Source 
* Package fuzzers

* Provide ability to remove main

* Don't build fuzzers by default
This commit is contained in:
anthony-crystalpeak
2023-07-17 08:06:32 -07:00
committed by GitHub
parent 9e7f8978fa
commit fcc9647983
9 changed files with 558 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/fuzz-afl/README.md
+24
View File
@@ -0,0 +1,24 @@
# Getting Started
* Install [AFL](https://github.com/google/AFL), ensure afl-gcc exists on the system:
```
$ afl-gcc
afl-cc 2.57b by <lcamtuf@google.com>
```
* Build via `make fuzz-afl` from repository root
* Clone a decent [corpus](https://github.com/CrystalPeakSecurity/bacnet-corpus/tree/main)
* Start AFL and feed it the input/output directories along with target executable
```
afl-fuzz -i </path/to/corpus/> -o </path/to/output_dir/> -m none ./apps/fuzz-afl/fuzz-afl
```
Caveats:
* This builds the target with ASAN (Address Sanitizer). This makes AFL require the `-m none` to not interpret ASAN's behavior as a crash
* AFL uses a fork/exec model to launch the target. This is nice because each testcase is from a clean state. But this also brings in a lot of overhead. If you need something faster, check out ../fuzz-libfuzzer/