Skip to content

Commit

Permalink
Update README (google#230)
Browse files Browse the repository at this point in the history
* Add syntax highlight to snippets in README
* Add a section with grammars in protobuf format to the README
  • Loading branch information
ligurio authored and onionpsy committed Jun 17, 2024
1 parent 681f485 commit 8128a73
Showing 1 changed file with 25 additions and 7 deletions.
32 changes: 25 additions & 7 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,15 @@ It could be used together with guided fuzzing engines, such as [libFuzzer](http:

Install prerequisites:

```
```sh
sudo apt-get update
sudo apt-get install protobuf-compiler libprotobuf-dev binutils cmake \
ninja-build liblzma-dev libz-dev pkg-config autoconf libtool
```

Compile and test everything:

```
```sh
mkdir build
cd build
cmake .. -GNinja -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_BUILD_TYPE=Debug
Expand All @@ -36,7 +36,7 @@ build a working version of protobuf.

Installation:

```
```sh
ninja
sudo ninja install
```
Expand All @@ -59,7 +59,7 @@ using [libFuzzer](http://libfuzzer.info)'s mutators.

To apply one mutation to a protobuf object do the following:

```
```c++
class MyProtobufMutator : public protobuf_mutator::Mutator {
public:
// Optionally redefine the Mutate* methods to perform more sophisticated mutations.
Expand All @@ -77,7 +77,7 @@ See also the `ProtobufMutatorMessagesTest.UsageExample` test from
## Integrating with libFuzzer
LibFuzzerProtobufMutator can help to integrate with libFuzzer. For example
```
```c++
#include "src/libfuzzer/libfuzzer_macro.h"
DEFINE_PROTO_FUZZER(const MyMessageType& input) {
Expand All @@ -97,7 +97,7 @@ for fuzzer even if it's capable of inserting acceptable values with time.
PostProcessorRegistration can be used to avoid such issue and guide your fuzzer towards interesting
code. It registers callback which will be called for each message of particular type after each mutation.

```
```c++
static protobuf_mutator::libfuzzer::PostProcessorRegistration<MyMessageType> reg = {
[](MyMessageType* message, unsigned int seed) {
TweakMyMessage(message, seed);
Expand All @@ -117,7 +117,7 @@ may corrupt the reproducer so it stops triggering the bug.

Note: You can add callback for any nested message and you can add multiple callbacks for
the same message type.
```
```c++
static PostProcessorRegistration<MyMessageType> reg1 = {
[](MyMessageType* message, unsigned int seed) {
TweakMyMessage(message, seed);
Expand Down Expand Up @@ -155,6 +155,24 @@ cleanup/initialize the message as workaround.
* [Envoy](https://github.com/envoyproxy/envoy/search?q=DEFINE_TEXT_PROTO_FUZZER+OR+DEFINE_PROTO_FUZZER+OR+DEFINE_BINARY_PROTO_FUZZER&unscoped_q=DEFINE_TEXT_PROTO_FUZZER+OR+DEFINE_PROTO_FUZZER+OR+DEFINE_BINARY_PROTO_FUZZER&type=Code)
* [LLVM](https://github.com/llvm-mirror/clang/search?q=DEFINE_TEXT_PROTO_FUZZER+OR+DEFINE_PROTO_FUZZER+OR+DEFINE_BINARY_PROTO_FUZZER&unscoped_q=DEFINE_TEXT_PROTO_FUZZER+OR+DEFINE_PROTO_FUZZER+OR+DEFINE_BINARY_PROTO_FUZZER&type=Code)

## Grammars
* GIF, https://github.com/google/oss-fuzz/tree/master/projects/giflib
* JSON
* https://github.com/google/oss-fuzz/tree/master/projects/jsoncpp
* https://github.com/officialcjunior/fuzzrtos/tree/c72e6670e566672ccf8023265cbfad616e75790d/protobufv2
* Lua 5.1 Language,
* https://github.com/ligurio/lua-c-api-tests/tree/master/tests/luaL_loadbuffer_proto
* https://github.com/Spoookyyy/luaj/tree/main/fuzz
* PNG, https://github.com/google/oss-fuzz/tree/master/projects/libpng-proto
* SQL
* https://github.com/tarantool/tarantool/tree/master/test/fuzz/sql_fuzzer
* https://chromium.googlesource.com/chromium/src/third_party/+/refs/heads/main/sqlite/fuzz
* Solidity Language, https://github.com/ethereum/solidity/tree/develop/test/tools/ossfuzz
* XML
* https://github.com/google/oss-fuzz/tree/master/projects/xerces-c
* https://github.com/google/libprotobuf-mutator/tree/master/examples/xml
* JPEG, https://source.chromium.org/chromium/chromium/src/+/main:media/gpu/vaapi/fuzzers/jpeg_decoder/

## Bugs found with help of the library

### Chromium
Expand Down

0 comments on commit 8128a73

Please sign in to comment.