pw_fuzzer: Reproducing Bugs Found by OSS-Fuzz#

Better C++ code through easier fuzzing

Core Pigweed is integrated with OSS-Fuzz, a continuous fuzzing infrastructure for open source software. Fuzzers listed in in pw_test_groups will automatically start being run within a day or so of appearing in the git repository.

Bugs produced by OSS-Fuzz can be found in its Monorail instance. These bugs include:

  • A detailed report, including a symbolized backtrace.

  • A revision range indicating when the bug has been detected.

  • A minimized testcase, which is a fuzzer input that can be used to reproduce the bug.

To reproduce a bug:

  1. Build the fuzzers.

  2. Download the minimized testcase.

  3. Run the fuzzer with the testcase as an argument.

For example, if the testcase is saved as ~/Downloads/testcase and the fuzzer is the same as in the examples above, you could run:

$ ./out/host/obj/pw_fuzzer/toy_fuzzer ~/Downloads/testcase

If you need to recreate the OSS-Fuzz environment locally, you can use its documentation on reproducing issues.

In particular, you can recreate the OSS-Fuzz environment using:

$ python infra/ pull_images
$ python infra/ build_image pigweed
$ python infra/ build_fuzzers --sanitizer <address/undefined> pigweed

With that environment, you can run the reproduce bugs using:

python infra/ reproduce pigweed <pw_module>_<fuzzer_name> ~/Downloads/testcase

You can even verify fixes in your local source checkout:

$ python infra/ build_fuzzers --sanitizer <address/undefined> pigweed $PW_ROOT
$ python infra/ reproduce pigweed <pw_module>_<fuzzer_name> ~/Downloads/testcase