| Up to higher level directory | |||
| Name | Date | Size | |
|---|---|---|---|
| _xxtestfuzz.c | 22-Oct-2020 | 1.1K | |
| fuzz_tests.txt | 22-Oct-2020 | 57 | |
| fuzzer.c | 22-Oct-2020 | 3.9K | |
| README.rst | 22-Oct-2020 | 1.5K | |
README.rst
1 Fuzz Tests for CPython 2 ====================== 3 4 These fuzz tests are designed to be included in Google's `oss-fuzz`_ project. 5 6 oss-fuzz works against a library exposing a function of the form 7 ``int LLVMFuzzerTestOneInput(const uint8_t* data, size_t length)``. We provide 8 that library (``fuzzer.c``), and include a ``_fuzz`` module for testing with 9 some toy values -- no fuzzing occurs in Python's test suite. 10 11 oss-fuzz will regularly pull from CPython, discover all the tests in 12 ``fuzz_tests.txt``, and run them -- so adding a new test here means it will 13 automatically be run in oss-fuzz, while also being smoke-tested as part of 14 CPython's test suite. 15 16 Adding a new fuzz test 17 ---------------------- 18 19 Add the test name on a new line in ``fuzz_tests.txt``. 20 21 In ``fuzzer.c``, add a function to be run:: 22 23 int $test_name (const char* data, size_t size) { 24 ... 25 return 0; 26 } 27 28 29 And invoke it from ``LLVMFuzzerTestOneInput``:: 30 31 #if _Py_FUZZ_YES(fuzz_builtin_float) 32 rv |= _run_fuzz(data, size, fuzz_builtin_float); 33 #endif 34 35 ``LLVMFuzzerTestOneInput`` will run in oss-fuzz, with each test in 36 ``fuzz_tests.txt`` run separately. 37 38 What makes a good fuzz test 39 --------------------------- 40 41 Libraries written in C that might handle untrusted data are worthwhile. The 42 more complex the logic (e.g. parsing), the more likely this is to be a useful 43 fuzz test. See the existing examples for reference, and refer to the 44 `oss-fuzz`_ docs. 45 46 .. _oss-fuzz: https://github.com/google/oss-fuzz 47
