blob: 0981f1a976d77fed736a7ab65b633ccf9642b9a4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
=== Setup
Required packages: afl
==== Compiling Qt
This will build an instrumented Qt:
[source, sh]
----
export CC=$(which afl-gcc)
export CXX=$(which afl-g++)
./configure ...
make
----
=== Running the fuzzer
[source, sh]
----
cd /sys/devices/system/cpu
su
echo performance | tee cpu*/cpufreq/scaling_governor
exit
cd $testdir
afl-fuzz -m 512 -t 40 -i $input -o $output -- $testexe @@
# see for available scaling_governor values:
cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors
cd /sys/devices/system/cpu
su
echo powersave | tee cpu*/cpufreq/scaling_governor
exit
----
The $input directory contains your reference input files, while the findings of the fuzzers will be written in $output.
@@ gets replaced by the name of a file generated by AFL, containing the mutated input.
=== Using ramdisk for tests
[source, sh]
----
$ mkdir afl
# mount -t tmpfs -o size=1024M tmpfs afl/
$ cd afl/
$ afl-fuzz -i inputs -o findings ...
----
=== Sources
1. https://www.kdab.com/fuzzing-qt-fun-profit/
|
