{"id":13737256,"url":"https://github.com/planetis-m/libfuzzer","last_synced_at":"2025-07-06T00:37:23.758Z","repository":{"id":161973710,"uuid":"373807752","full_name":"planetis-m/libfuzzer","owner":"planetis-m","description":"Thin interface for libFuzzer, an in-process, coverage-guided, evolutionary fuzzing engine.","archived":false,"fork":false,"pushed_at":"2023-02-11T19:13:20.000Z","size":125,"stargazers_count":44,"open_issues_count":8,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-06T20:36:49.782Z","etag":null,"topics":["fuzzing","hacking","security","unit-testing"],"latest_commit_sha":null,"homepage":"","language":"Nim","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/planetis-m.png","metadata":{"files":{"readme":"readme.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-04T10:36:58.000Z","updated_at":"2025-02-21T18:11:33.000Z","dependencies_parsed_at":null,"dependency_job_id":"a4f68e73-fbbd-43b2-88e9-9ad5353ebfc5","html_url":"https://github.com/planetis-m/libfuzzer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/planetis-m/libfuzzer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/planetis-m%2Flibfuzzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/planetis-m%2Flibfuzzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/planetis-m%2Flibfuzzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/planetis-m%2Flibfuzzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/planetis-m","download_url":"https://codeload.github.com/planetis-m/libfuzzer/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/planetis-m%2Flibfuzzer/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263832484,"owners_count":23517350,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzzing","hacking","security","unit-testing"],"created_at":"2024-08-03T03:01:38.677Z","updated_at":"2025-07-06T00:37:23.731Z","avatar_url":"https://github.com/planetis-m.png","language":"Nim","funding_links":[],"categories":["Nim","Development Tools"],"sub_categories":["Fuzzing"],"readme":"=========================================================\n libFuzzer\n=========================================================\n\nThin interface for LLVM/Clang libFuzzer, an in-process, coverage-guided,\nevolutionary fuzzing engine.\n\nIntroduction\n============\n\nFuzzing is a type of automated testing which continuously manipulates inputs to\na program to find issues such as panics or bugs. These semi-random data mutations\ncan discover new code coverage that existing unit tests may miss, and uncover\nedge case bugs which would otherwise go unnoticed. Since fuzzing can reach these\nedge cases, fuzz testing is particularly valuable for finding security exploits\nand vulnerabilities.\n\nRead the `Documentation \u003chttps://planetis-m.github.io/libfuzzer/fuzztarget.html\u003e`_\n\nClang Sanitizers\n================\n\nSanitizers are compiler build-in error detectors with relatively small runtime\ncost. Clang has:\n\n- `AddressSanitizer \u003chttps://clang.llvm.org/docs/AddressSanitizer.html\u003e`_ - use-after-free, double-free, ...\n- `MemorySanitizer \u003chttps://clang.llvm.org/docs/MemorySanitizer.html\u003e`_ - uninitialized reads\n- `UndefinedBehaviourSanitizer \u003chttps://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html\u003e`_ - overflows, divide by zero, ...\n- `ThreadSanitizer \u003chttps://clang.llvm.org/docs/ThreadSanitizer.html\u003e`_ - data races\n\nFor more information watch the talk *Sanitize your C++ code* [4]_\nThere are demos at the `tests \u003ctests/\u003e`_ directory.\n\nExample\n=======\n\nIn 95% of cases all you need is to define the procedure ``testOneInput`` in your file.\n\n\n.. code-block:: nim\n\n proc fuzzMe(data: openarray[byte]): bool =\n result = data.len \u003e= 3 and\n data[0].char == 'F' and\n data[1].char == 'U' and\n data[2].char == 'Z' and\n data[3].char == 'Z' # :ā€‘\u003c\n\n proc initialize(): cint {.exportc: \"LLVMFuzzerInitialize\".} =\n {.emit: \"N_CDECL(void, NimMain)(void); NimMain();\".}\n\n proc testOneInput(data: ptr UncheckedArray[byte], len: int): cint {.\n exportc: \"LLVMFuzzerTestOneInput\", raises: [].} =\n result = 0\n discard fuzzMe(data.toOpenArray(0, len-1))\n\n\nCompile with:\n\n.. code-block::\n\n $ nim c --cc:clang -t:\"-fsanitize=fuzzer,address,undefined\" -l:\"-fsanitize=fuzzer,address,undefined\" -d:nosignalhandler --nomain:on -g tfuzz.nim\n\n\nCoverage report\n===============\n\nUse `Clang Coverage \u003chttp://clang.llvm.org/docs/SourceBasedCodeCoverage.html\u003e`_ to visualize and study your code coverage.\n\n- Include the `standalone \u003clibfuzzer/standalone.nim\u003e`_ main procedure for fuzz targets.\n- Follow the instructions given at the `test coverage \u003ctests/tcov.nim\u003e`_ example.\n- When running the executable, pass as parameter a list of test units.\n\nStructure-Aware Fuzzing\n=======================\n\n But the lack of an input grammar can also result in inefficient fuzzing\n for complicated input types, where any traditional mutation (e.g. bit\n flipping) leads to an invalid input rejected by the target API in the\n early stage of parsing. With some additional effort, however, libFuzzer\n can be turned into a grammar-aware (i.e. structure-aware) fuzzing engine\n for a specific input type.\n\nā€”*Structure-Aware Fuzzing with libFuzzer* [5]_\n\nTake a look at the snappy compression `example \u003cexamples/compress/\u003e`_\nand ` \u003cexperiments/nfpsum.nim\u003e`_\n\nInstallation\n============\n\n- Copy the files ``libfuzzer/fuzztarget.{nim,nims}``, ``libfuzzer/standalone.nim`` at your testing directory.\n- Fill in the implementations of the exported procedures.\n- Compile and run with an empty corpus directory as an argument.\n\nPresentations\n=============\n\n.. [#] Jonathan Metzman `Fuzzing 101 \u003chttps://www.youtube.com/watch?v=NI2w6eT8p-E\u003e`_\n.. [#] Kostya Serebryany `Fuzz or lose... \u003chttps://www.youtube.com/watch?v=k-Cv8Q3zWNQ\u003e`_\n.. [#] Kostya Serebryany `Sanitize your C++ code \u003chttps://www.youtube.com/watch?v=V2_80g0eOMc\u003e`_\n\nFurther Readings\n================\n\n.. [#] `libFuzzer Tutorial \u003chttps://github.com/google/fuzzing/blob/master/tutorial/libFuzzerTutorial.md\u003e`_\n.. [#] `Structure-Aware Fuzzing with libFuzzer \u003chttps://github.com/google/fuzzing/blob/master/docs/structure-aware-fuzzing.md\u003e`_\n.. [#] `Efficient Fuzzing Guide \u003chttps://chromium.googlesource.com/chromium/src/+/refs/heads/main/testing/libfuzzer/efficient_fuzzing.md#efficient-fuzzing-guide\u003e`_\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fplanetis-m%2Flibfuzzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fplanetis-m%2Flibfuzzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fplanetis-m%2Flibfuzzer/lists"}