|
|
@@ -28,7 +28,17 @@ From the `build/` directory, you can then run the fuzzers. For example: |
|
|
|
|
|
|
|
The arguments to `jobs` and `workers` should be the number of cores that you wish to dedicate to fuzzing. By default, libFuzzer uses the largest test in the corpus (or 64 if empty) as the maximum test case length. The `max_len` argument overrides this. |
|
|
|
|
|
|
|
The recommended values of `max_len` for each test may be found in `.options` files alongside the test source. These were determined by rounding up the length of the largest case in the corpus. When writing a new fuzzer, configure `max_len` in a similar file. |
|
|
|
The recommended values of `max_len` for each test are: |
|
|
|
|
|
|
|
| Test | `max_len` value | |
|
|
|
|-----------|-----------------| |
|
|
|
| `privkey` | 2048 | |
|
|
|
| `cert` | 3072 | |
|
|
|
| `server` | 4096 | |
|
|
|
| `client` | 20000 | |
|
|
|
|
|
|
|
|
|
|
|
These were determined by rounding up the length of the largest case in the corpus. |
|
|
|
|
|
|
|
There are directories in `fuzz/` for each of the fuzzing tests which contain seed files for fuzzing. Some of the seed files were generated manually but many of them are “interesting” results generated by the fuzzing itself. (Where “interesting” means that it triggered a previously unknown path in the code.) |
|
|
|
|
|
|
|