openage icon indicating copy to clipboard operation
openage copied to clipboard
verified publisher icon SFTtech

Add Fuzzing Support

Open simonsan opened this issue 5 years ago • 0 comments

We should add support for fuzzing to the engine to check for vulnerabilities by e.g. user input.

The first step in using libFuzzer on a library is to implement a fuzz target – a function that accepts an array of bytes and does something interesting with these bytes using the API under test. Like this:

// fuzz_target.cc

extern "C" 
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
    DoSomethingInterestingWithMyAPI(Data, Size);
    return 0;  // Non-zero return values are reserved for future use.
}

https://llvm.org/docs/LibFuzzer.html https://github.com/google/oss-fuzz

simonsan avatar Feb 15 '20 10:02 simonsan