rk3588-game
/
android13
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
android13/external/openscreen/docs/fuzzing.md

891 B
Raw Blame History

Building and running fuzzers

In order to build fuzzers, you need the GN arg use_libfuzzer=true. It's also recommended to build with is_asan=true to catch additional problems. Building and running then might look like:

  gn gen out/libfuzzer --args="use_libfuzzer=true is_asan=true is_debug=false"
  ninja -C out/libfuzzer some_fuzz_target
  out/libfuzzer/some_fuzz_target <args> <corpus_dir> [additional corpus dirs]

The arguments to the fuzzer binary should be whatever is listed in the GN target description (e.g. -max_len=1500). These arguments may be automatically scraped by Chromium's ClusterFuzz tool when it runs fuzzers, but they are not built into the target. You can also look at the file out/libfuzzer/some_fuzz_target.options for what arguments should be used. The corpus_dir is listed as seed_corpus in the GN definition of the fuzzer target.