pw_fuzzer: Reproducing Bugs Found by OSS-Fuzz#
Better C++ code through easier fuzzing
Core Pigweed is integrated with OSS-Fuzz, a continuous fuzzing infrastructure
for open source software. Fuzzers listed in in
automatically start being run within a day or so of appearing in the git
Bugs produced by OSS-Fuzz can be found in its Monorail instance. These bugs include:
A detailed report, including a symbolized backtrace.
A revision range indicating when the bug has been detected.
A minimized testcase, which is a fuzzer input that can be used to reproduce the bug.
To reproduce a bug:
Build the fuzzers.
Download the minimized testcase.
Run the fuzzer with the testcase as an argument.
For example, if the testcase is saved as
and the fuzzer is the same as in the examples above, you could run:
$ ./out/host/obj/pw_fuzzer/toy_fuzzer ~/Downloads/testcase
If you need to recreate the OSS-Fuzz environment locally, you can use its documentation on reproducing issues.
In particular, you can recreate the OSS-Fuzz environment using:
$ python infra/helper.py pull_images $ python infra/helper.py build_image pigweed $ python infra/helper.py build_fuzzers --sanitizer <address/undefined> pigweed
With that environment, you can run the reproduce bugs using:
python infra/helper.py reproduce pigweed <pw_module>_<fuzzer_name> ~/Downloads/testcase
You can even verify fixes in your local source checkout:
$ python infra/helper.py build_fuzzers --sanitizer <address/undefined> pigweed $PW_ROOT $ python infra/helper.py reproduce pigweed <pw_module>_<fuzzer_name> ~/Downloads/testcase