Chiebot-Mirror
/
freetype
mirror of https://github.com/freetype/freetype.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

[ftfuzzer] Update README file.

Browse Source
2.6.5
Werner Lemberg 9 years ago
parent bcf618b256
commit 6bda921da0
1 changed files with 52 additions and 15 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 67
      src/tools/ftfuzzer/README

67
src/tools/ftfuzzer/README
Unescape View File

@ -1,23 +1,60 @@
ftfuzzer
--------
========
ftfuzzer.cc contains a target function for FreeType fuzzing.
It can be used with libFuzzer (http://llvm.org/docs/LibFuzzer.html)
or potentially any other similar fuzzer.
ftfuzzer.cc
-----------
This file contains a target function for FreeType fuzzing. It can be used
with libFuzzer (http://llvm.org/docs/LibFuzzer.html) or potentially any
other similar fuzzer.
Usage:
1. Build libfreetype.a and ftfuzzer.cc using the most recent clang compiler
with these flags:
-fsanitize-coverage=edge,8bit-counters # for fuzzer coverage feedback
-fsanitize=address,signed-integer-overflow,shift # for bug checking
2. Link with libFuzzer (it contains main()).
1. Build `libfreetype.a' and `ftfuzzer.cc' using the most recent clang
compiler with these flags:
-fsanitize-coverage=edge,8bit-counters # for fuzzer coverage feedback
-fsanitize=address,signed-integer-overflow,shift # for bug checking
You also need the header files from `libarchive' for handling tar files
(see `ftmutator.cc' below for more).
2. Link with `libFuzzer' (it contains main()) and `libarchive'.
3. Run the fuzzer on some test corpus.
The exact flags and commands may vary.
There is a continuous fuzzing bot that runs ftfuzzer:
https://github.com/google/libfuzzer-bot/tree/master/freetype.
Check the bot confituration for the most current settings.
runinput.cc contains a convenience main() function to run the target function
on a set of input files. Link it with ftfuzzer.cc and libfreetype.a
and run like "./a.out my_tests_inputs/*"
There is a continuous fuzzing bot that runs ftfuzzer.
https://github.com/google/libfuzzer-bot/tree/master/freetype
Check the bot configuration for the most current settings.
ftmutator.cc
------------
FreeType has the ability to `attach' auxiliary files to a font file,
providing additional information. The main usage is to load AFM files for
PostScript Type 1 fonts.
However, libFuzzer currently only supports mutation of a single input file.
For this reason, `ftmutator.cc' contains a custom fuzzer mutator that uses
an uncompressed tar file archive as the input. The first file in such a
tarball gets opened by FreeType as a font, all other files are treated as
input for `FT_Attach_Stream'.
Compilation is similar to `ftfuzzer.c'.
runinput.cc
-----------
To run the target function on a set of input files, this file contains a
convenience main() function. Link it with `ftfuzzer.cc', `libfreetype.a',
and `libarchive' and run like
./a.out my_tests_inputs/*

Write Preview
Loading…
Cancel
Save