mirror of https://github.com/mollyim/webrtc.git synced 2025-05-13 13:50:40 +01:00

History

Christoffer Dewerin 7cb56f5fbd Fix links Bug: None Change-Id: I3a30b1a847e929a336563a0fa472bfe2950ce69d Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/334260 Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org> Commit-Queue: Christoffer Dewerin <jansson@google.com> Cr-Commit-Position: refs/heads/main@{#41517}	2024-01-12 16:39:54 +00:00
..
README.md	Fix links	2024-01-12 16:39:54 +00:00

Christoffer Dewerin 7cb56f5fbd Fix links

Bug: None
Change-Id: I3a30b1a847e929a336563a0fa472bfe2950ce69d
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/334260
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Commit-Queue: Christoffer Dewerin <jansson@google.com>
Cr-Commit-Position: refs/heads/main@{#41517}

2024-01-12 16:39:54 +00:00

README.md

Fix links

2024-01-12 16:39:54 +00:00

README.md

Fuzzing in WebRTC

Intro

WebRTC currently uses libfuzzer for fuzz testing however FuzzTest is a new approach which we have not yet looked into but we will in the future.

Before continuing, read the libfuzzer and FuzzTest getting started docs to get familar.

Compiling locally

To build the fuzzers residing in the test/fuzzers directory, use

$ gn gen out/fuzzers --args='use_libfuzzer=true optimize_for_fuzzing=true'

Depending on the fuzzer additional arguments like is_asan, is_msan or is_ubsan_security might be required.

See the GN documentation for all available options. There are also more platform specific tips on the Android and iOS instructions.

Add new fuzzers

Create a new .cc file in the test/fuzzers directory, use existing files as a guide.

Add a new webrtc_fuzzers_test build rule in the test/fuzzers/BUILD.gn, use existing rules as a guide.

Ensure it compiles and executes locally then add it to a gerrit CL and upload it for review, e.g.

$ autoninja -C out/fuzzers test/fuzzers:h264_depacketizer_fuzzer

It can then be executed like so:

$ out/fuzzers/bin/run_h264_depacketizer_fuzzer

Running fuzzers automatically

All fuzzer tests in the test/fuzzers/BUILD.gn file are compiled per CL on the libfuzzer bot. This is only to verify that it compiles, this bot does not do any fuzz testing.

When WebRTC is rolled into to Chromium, the libfuzz bots in the chromium.fuzz will compile it, zip it and then upload to https://clusterfuzz.com for execution.

You can verify that the fuzz test is being executed by:

Navigate to a bot in the chromium.fuzz libfuzzer waterfall, e.g. Libfuzzer Upload Linux ASan bot/linux bot.
Click on the latest build# link.
Search for //third_party/webrtc/test/fuzzers in the raw_io.output_text_refs_ file in the calculate_all_fuzzers step.
Verify that the new fuzzer (as it's named in the webrtc_fuzzers_test build rule) is present.
Also verify that it's NOT in the no_clusterfuzz file in the calculate_no_clusterfuzz step. If it is, file a bug at https://bugs.webrtc.org.

Bugs are filed automatically in https://crbug.com in the blink > WebRTC component and assigned based on test/fuzzers/OWNERS file or the commit history.

If you are a non-googler, you can only view data from https://clusterfuzz.com if your account is CC'ed on the reported bug.

Additional reading

Libfuzzer in Chromium