Skip to content

Latest commit

 

History

History
49 lines (34 loc) · 2.07 KB

reproducing.md

File metadata and controls

49 lines (34 loc) · 2.07 KB

Reproducing oss-fuzz issues

You've been CC'ed on an oss-fuzz issue, now what? Before attempting a fix you should be able to reliably reproduce an issue.

The process is much simpler if you have Docker installed (how?, why?), but is entirely possible to do without.

Docker

If you have docker installed, follow these steps:

  • Download testcase. Each issue has a minimized testcase link. Download the testcase to a file.

  • Reproduce from nightly sources:

docker run --rm -v $testcase_file:/testcase -t ossfuzz/$target reproduce $fuzzer

It builds the fuzzer from nightly sources (in the image) and runs it with testcase input. E.g. for libxml2 it will be:

docker run --rm -ti -v ~/Downloads/testcase:/testcase ossfuzz/libxml2 reproduce libxml2_xml_read_memory_fuzzer
   
  • Reproduce from local sources:

docker run --rm -v $target_checkout_dir:/src/$target
-v $reproducer_file:/testcase -t ossfuzz/$target reproduce $fuzzer

This is essentially the previous command that additonally mounts local sources into the running container.

  • Fix the issue. Use the previous command to verify you fixed the issue locally.
  • Submit the fix. ClusterFuzz will automatically pick up the changes, recheck the testcase and will close the issue.

Manual

Manual process is fully documented on main libFuzzer page. To manully reproduce the issue you have to:

ClusterFuzz will automatically pick up the changes, recheck the testcase and will close the issue.