diff options
Diffstat (limited to 'doc/Development/Fuzzing.asciidoc')
| -rw-r--r-- | doc/Development/Fuzzing.asciidoc | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/doc/Development/Fuzzing.asciidoc b/doc/Development/Fuzzing.asciidoc new file mode 100644 index 0000000..0981f1a --- /dev/null +++ b/doc/Development/Fuzzing.asciidoc @@ -0,0 +1,49 @@ +=== Setup +Required packages: afl + +==== Compiling Qt +This will build an instrumented Qt: + +[source, sh] +---- +export CC=$(which afl-gcc) +export CXX=$(which afl-g++) +./configure ... +make +---- + +=== Running the fuzzer +[source, sh] +---- +cd /sys/devices/system/cpu +su +echo performance | tee cpu*/cpufreq/scaling_governor +exit + +cd $testdir +afl-fuzz -m 512 -t 40 -i $input -o $output -- $testexe @@ + +# see for available scaling_governor values: +cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors + +cd /sys/devices/system/cpu +su +echo powersave | tee cpu*/cpufreq/scaling_governor +exit +---- + +The $input directory contains your reference input files, while the findings of the fuzzers will be written in $output. + +@@ gets replaced by the name of a file generated by AFL, containing the mutated input. + +=== Using ramdisk for tests +[source, sh] +---- +$ mkdir afl +# mount -t tmpfs -o size=1024M tmpfs afl/ +$ cd afl/ +$ afl-fuzz -i inputs -o findings ... +---- + +=== Sources +1. https://www.kdab.com/fuzzing-qt-fun-profit/ |