clusterfuzzlite icon indicating copy to clipboard operation
clusterfuzzlite copied to clipboard

Published 20 hours ago verified publisher icon google

Document how to provide dictionaries and seed corpus to fuzzers

Open AMS21 opened this issue 2 years ago • 6 comments

Hi, first of all thanks for all the awesome work you've put into this project really appreciate it.

For several of my fuzzers I've created dictionaries and/or have large number of sample files which I obviously would like the fuzzers to take advantage of.

I've looked through the documentation here but was not able to find the answers there so maybe someone here can help me.

AMS21 avatar Jan 10 '23 06:01 AMS21

@jonathanmetzman can you help answer this?

oliverchang avatar Jan 11 '23 22:01 oliverchang

Hi, first of all thanks for all the awesome work you've put into this project really appreciate it.

No problem!

For several of my fuzzers I've created dictionaries and/or have large number of sample files which I obviously would like the fuzzers to take advantage of.

I've looked through the documentation here but was not able to find the answers there so maybe someone here can help me.

Good point we should document this. Basically you need to put the dictionary/seed corpus (zip containing sample files) next to your fuzzers. For example: if youre fuzzer is called png_parser_fuzzer, your $OUT directory should look like this:

png_parser_fuzzer
png_parser_fuzzer_seed_corpus.zip
png_parser_fuzzer.dict

jonathanmetzman avatar Jan 12 '23 16:01 jonathanmetzman

Thanks for the quick response. That's exactly what I was looking for.

Keeping this issue open to track the missing documentation then.

AMS21 avatar Jan 13 '23 09:01 AMS21

This is both already documented in OSS-Fuzz's New project guide > Efficient fuzzing section, which ClusterFuzzLite's docs link to from Build integration > Efficient fuzzing, so I think this issue can be closed. This is probably due to the code base being the same for OSS-Fuzz and CFL in this regard.

To provide a corpus for my_fuzzer, put my_fuzzer_seed_corpus.zip file next to the fuzz target’s binary in $OUT during the build. ... Put your dict file in $OUT. If the dict filename is the same as your target binary name (i.e. %fuzz_target%.dict), it will be automatically used.

I too, sometimes find it hard to find the right information from the docs due to the similarities between OSS-Fuzz and ClusterFuzzLite, but I don't think this is easy to overcome. For example, searching for dictionary or seed on the CFL docs gives no useful results. Maybe in the efficient fuzzing section, we could change:

To improve your fuzz target ability to find bugs faster, please read this section.

to:

To improve your fuzz target ability to find bugs faster, e.g., by providing a seed corpus or dictionaries, please read this section.

securitykernel avatar Feb 25 '23 08:02 securitykernel

Good point. I agree

AMS21 avatar Feb 25 '23 08:02 AMS21

I think this info should be more front and center though.

jonathanmetzman avatar Feb 27 '23 17:02 jonathanmetzman