tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

README (879B)

      1 # JS Fuzzing Interface
      2 
      3 This directory contains fuzzing targets that implement the unified fuzzing
      4 interface to be used with libFuzzer or AFL.
      5 
      6 ## Building the fuzzing targets
      7 
      8 To include this directory in your JS build, you need to build with Clang
      9 and the --enable-fuzzing flag enabled. The build system will automatically
     10 detect if you are building with afl-clang-fast for AFL or regular Clang
     11 for libFuzzer.
     12 
     13 ## Running a fuzzing target
     14 
     15 To run a particular target with libFuzzer, use:
     16 
     17     cd $OBJDIR/dist/bin
     18     FUZZER=YourTargetName ./fuzz-tests
     19 
     20 To run with AFL, use something like
     21 
     22     cd $OBJDIR/dist/bin
     23     FUZZER=YourTargetName MOZ_FUZZ_TESTFILE=input \
     24     afl-fuzz <regular AFL options> -f input ./fuzz-tests
     25 
     26 
     27 ## Writing a fuzzing target
     28 
     29 1.  Check testExample.cpp for a target skeleton with comments.
     30 
     31 2.  Add your own .cpp file to UNIFIED_SOURCES in moz.build