diff options
author | Aqua-sama <aqua@iserlohn-fortress.net> | 2018-11-25 13:01:17 +0100 |
---|---|---|
committer | Aqua-sama <aqua@iserlohn-fortress.net> | 2018-11-25 15:05:18 +0100 |
commit | 09c4508aee96ca20d084b8a60b4c6603de8bff8b (patch) | |
tree | fa17b39bb6018b96b8045b3af6bdfbd8e1ca5af5 /doc/Development/Fuzzing.asciidoc | |
parent | Add QT_NO_DEBUG to non-debug builds (diff) | |
download | smolbote-09c4508aee96ca20d084b8a60b4c6603de8bff8b.tar.xz |
Add Session Dialog
Diffstat (limited to 'doc/Development/Fuzzing.asciidoc')
-rw-r--r-- | doc/Development/Fuzzing.asciidoc | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/doc/Development/Fuzzing.asciidoc b/doc/Development/Fuzzing.asciidoc new file mode 100644 index 0000000..0981f1a --- /dev/null +++ b/doc/Development/Fuzzing.asciidoc @@ -0,0 +1,49 @@ +=== Setup +Required packages: afl + +==== Compiling Qt +This will build an instrumented Qt: + +[source, sh] +---- +export CC=$(which afl-gcc) +export CXX=$(which afl-g++) +./configure ... +make +---- + +=== Running the fuzzer +[source, sh] +---- +cd /sys/devices/system/cpu +su +echo performance | tee cpu*/cpufreq/scaling_governor +exit + +cd $testdir +afl-fuzz -m 512 -t 40 -i $input -o $output -- $testexe @@ + +# see for available scaling_governor values: +cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors + +cd /sys/devices/system/cpu +su +echo powersave | tee cpu*/cpufreq/scaling_governor +exit +---- + +The $input directory contains your reference input files, while the findings of the fuzzers will be written in $output. + +@@ gets replaced by the name of a file generated by AFL, containing the mutated input. + +=== Using ramdisk for tests +[source, sh] +---- +$ mkdir afl +# mount -t tmpfs -o size=1024M tmpfs afl/ +$ cd afl/ +$ afl-fuzz -i inputs -o findings ... +---- + +=== Sources +1. https://www.kdab.com/fuzzing-qt-fun-profit/ |