[tor-bugs] #16301 [Tor]: Add afl-fuzz instructions to contrib
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 8 10:21:40 UTC 2015
#16301: Add afl-fuzz instructions to contrib
-----------------------------+---------------------------------
Reporter: teor | Owner: teor
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: very long term
Component: Tor | Version:
Resolution: | Keywords: lorax
Actual Points: | Parent ID:
Points: |
-----------------------------+---------------------------------
Comment (by teor):
Most of the software that I've seen fuzzed is already split into libraries
which process files or data buffers (think ImageMagick and
libjpeg/libpng/...)
When I fuzzed torrc parsing in #14142, I built a stripped-down version of
`tor_main` which only initialised the data structures required to parse
arguments. I did this so that fuzzing would operate at a reasonable speed.
There's also llvm's coverage-guided in-process fuzzing using libFuzzer. It
promises to be several orders of magnitude faster than afl-fuzz for small
data inputs, as long as the program doesn't maintain (much) state between
runs.
However, most of libFuzzer only works on Linux at the moment, so I'd need
to set up a VM or VPS on my end for that.
http://blog.llvm.org/2015/04/fuzz-all-clangs.html
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16301#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list