You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 lines
891 B
20 lines
891 B
# Building and running fuzzers
|
|
|
|
In order to build fuzzers, you need the GN arg `use_libfuzzer=true`. It's also
|
|
recommended to build with `is_asan=true` to catch additional problems. Building
|
|
and running then might look like:
|
|
```bash
|
|
gn gen out/libfuzzer --args="use_libfuzzer=true is_asan=true is_debug=false"
|
|
ninja -C out/libfuzzer some_fuzz_target
|
|
out/libfuzzer/some_fuzz_target <args> <corpus_dir> [additional corpus dirs]
|
|
```
|
|
|
|
The arguments to the fuzzer binary should be whatever is listed in the GN target
|
|
description (e.g. `-max_len=1500`). These arguments may be automatically
|
|
scraped by Chromium's ClusterFuzz tool when it runs fuzzers, but they are not
|
|
built into the target. You can also look at the file
|
|
`out/libfuzzer/some_fuzz_target.options` for what arguments should be used. The
|
|
`corpus_dir` is listed as `seed_corpus` in the GN definition of the fuzzer
|
|
target.
|
|
|