diff options
| author |  Abhishek Arya <inferno@chromium.org> | 2017-01-05 23:34:57 -0800 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2017-01-05 23:34:57 -0800 |
| commit | e4da5a4bcaf2fb5f634ef6b0fc345b0a4159fbca (patch) | |
| tree | e42e46e716b51803cb496d2682d811baae75bf9e /docs/reproducing.md | |
| parent | 355c87f7360264612b688d282e2ccbe76c313036 (diff) | |
Update reproducing.md
Diffstat (limited to 'docs/reproducing.md')
| -rw-r--r-- | docs/reproducing.md | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/docs/reproducing.md b/docs/reproducing.md index cb565f0f..c665b088 100644 --- a/docs/reproducing.md +++ b/docs/reproducing.md @@ -13,9 +13,9 @@ This file contains the bytes that were fed to the [Fuzz Target](http://libfuzzer If you have already [integrated](ideal_integration.md) the fuzz target with your build and test system, all you do is run: -<pre> -./fuzz_target_binary <b><i><testcase_path></i></b> -</pre> +```bash +$ ./fuzz_target_binary <testcase_path> +``` If this is a timeout bug, add the <b><i>-timeout=25</i></b> argument.<br /> If this is an OOM bug, add the <b><i>-rss_limit_mb=2048</i></b> argument.<br /> @@ -30,25 +30,26 @@ to replicate the exact build steps used by OSS-Fuzz and then feed the reproducer - *Reproduce using latest OSS-Fuzz build:* - <pre> - python infra/helper.py reproduce <b><i>$PROJECT_NAME</i></b> <b><i><fuzzer_name></i></b> <b><i><testcase_path></i></b> - </pre> +```bash +$ python infra/helper.py reproduce $PROJECT_NAME <fuzzer_name> <testcase_path> +``` It builds the fuzzer from the most recent successful OSS-Fuzz build (usually last night's sources) and feeds the testcase file to the target function. E.g. for [libxml2](../projects/libxml2) project with fuzzer named `libxml2_xml_read_memory_fuzzer`, it will be: - - <pre> -python infra/helper.py reproduce libxml2 libxml2_xml_read_memory_fuzzer ~/Downloads/testcase - </pre> + +```bash +$ python infra/helper.py reproduce libxml2 libxml2_xml_read_memory_fuzzer ~/Downloads/testcase +``` + - *Reproduce using local source checkout:* - <pre> -python infra/helper.py build_fuzzers <b><i>$PROJECT_NAME</i></b> <b><i><source_path></i></b> -python infra/helper.py reproduce <b><i>$PROJECT_NAME</i></b> <b><i><fuzzer_name></i></b> <b><i><testcase_path></i></b> - </pre> - +```bash +$ python infra/helper.py build_fuzzers $PROJECT_NAME <source_path> +$ python infra/helper.py reproduce $PROJECT_NAME <fuzzer_name> <testcase_path> +``` + This is essentially the previous command that additionally mounts local sources into the running container. - *Fix issue*. Write a patch to fix the issue in your local checkout and then use the previous command to verify the fix (i.e. no crash occurred). [Use gdb](debugging.md#debugging-fuzzers-with-gdb) if needed. |