- Clone the submodule (the libxml2 library):
git clone https://github.com/Patrick-Pataky/oss-fuzz-libxml2.git
cd oss-fuzz-libxml2
git submodule update --init --recursive
cd projects/libxml2/libxml2 && git reset --hard 1039cd53
cd -- Build the libxml2 image:
python3 infra/helper.py build_image libxml2The report is available at report.pdf in the root directory.
cd part1
sh run.w_corpus.sh
sh run.w_o_corpus.shAnd get the coverage:
python3 ../infra/helper.py build_fuzzers --sanitizer coverage libxml2
python3 ../infra/helper.py coverage libxml2 --corpus-dir build/out/part1Seed/ --fuzz-target xml
python3 ../infra/helper.py coverage libxml2 --corpus-dir build/out/part1NoSeed/ --fuzz-target xmlFollow the instructions in part3/README.md to run the fuzzers.
Follow the instructions in part4/README.md.
The fuzzers are built from the libxml2/fuzz/ directory.
- Build the fuzzers: This command uses the source code (for the fuzzers) already inside the Docker image:
python3 infra/helper.py build_fuzzers libxml2
mkdir -p build/out/corpus- Run a fuzzer:
python3 infra/helper.py run_fuzzer libxml2 <fuzzer> --corpus-dir build/out/corpus- Generate coverage:
python3 infra/helper.py build_fuzzers libxml2 --sanitizer coverage
python3 infra/helper.py coverage libxml2 --fuzz-target <fuzzer> --corpus-dir build/out/corpusAfter modifying the harnesses, first commit the changes to the libxml2 submodule. Then, generate a patch file to be able to reproduce the changes:
./patch.sh generateTo apply a patch from another person, use the following command:
./patch.sh apply <patch_file>
# or apply all patches:
./patch.sh applyTo reset all patches, use:
./patch.sh resetYou can rebuild the fuzzers with the following command. It uses the source code (for the fuzzers) in ./projects/libxml2 directory:
python3 infra/helper.py build_fuzzers libxml2 --mount_path $(pwd)/projects/libxml2/libxml2Then you can run the fuzzer you have modified:
python3 infra/helper.py run_fuzzer libxml2 <fuzzer> --corpus-dir build/out/corpus