Skip to content
master
Go to file
Code

Latest commit

* Update infra/base-images/all.sh

Add build of base-sanitizer-libs-builder and msan-libs-builder to this
shell script.

* msan: Don't warn on un-instrumented standard libs

These libraries do not need to be built with instrumentation, because
MemorySanitizer includes interceptors for them.

* Fix indentation

* Add missing docstrings

* Fix unused variable

* Fix invalid names

* Install python-apt on CI

* Revert "Install python-apt on CI"

This reverts commit d3da49c.

* Install and use python-apt in system directory

* Revert "Install and use python-apt in system directory"

This reverts commit e0ede10.

* Build python-apt from source

* Check out correct version of python-apt

* Fix octal literals

* More indentation fixes

* Add more missing docstrings

* Change variable names of opened files

* Remove unused import

* Ignore lints about package.Package API

* Fix or ignore remaining invalid names

* Fix apparent typo in compiler_wrapper_test.py

-z should precede a keyword, not a long option

* Fix use of xrange

* Style fixes, compiler_wrapper

* Fix apparent error in compiler_wrapper_test.py

Similar to the previous error, the test case would pass "-z
--no-undefined" to the linker. "-z" only has an effect when it is
followed by a keyword, otherwise ld ignores it and prints a warning
message. In this test case, "-z" and "--no-undefined" were passed in two
separate "-Wl," compiler arguments, but they reflect a common issue.

* Add missing license header

* Rename more functions

* Better name for global variable

* Rename methods of Package

* Rename functions in msan_builder.py

* Fix invalid variable names

* Fix useless-object-inheritance

* pylint: Fixes for Package and its subclasses

* Remove unused imports

* Indentation fixes

* Fix too-may-locals error in msan_build.py

* Add missing docstrings
6fc050e

Git stats

Files

Permalink
Failed to load latest commit information.

README.md

OSS-Fuzz: Continuous Fuzzing for Open Source Software

Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community.

In cooperation with the Core Infrastructure Initiative, OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution.

We support the libFuzzer, AFL, and Honggfuzz fuzzing engines in combination with Sanitizers, as well as ClusterFuzz, a distributed fuzzer execution environment and reporting tool.

Currently, OSS-Fuzz supports C/C++, Rust, and Go code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.

Overview

OSS-Fuzz process diagram

Documentation

Read our detailed documentation to learn how to use OSS-Fuzz.

Trophies

As of June 2020, OSS-Fuzz has found over 20,000 bugs in 300 open source projects.

Blog posts

You can’t perform that action at this time.