Commit 266976b1633bcea0d017d0f37ac817b0b8af8694
2015-10-15T22:15:53
add src/tools/ftfuzzer/README
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
diff --git a/ChangeLog b/ChangeLog
index b63e657..a71cb86 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2015-10-15 Kostya Serebryany <kcc@google.com>
+
+ [ftfuzzer] Add README.
+
+ * src/tools/ftfuzzer/README: New file.
+
2015-10-15 Bungeman <bungeman@gmail.com>
[bdf] Fix memory leak (#46213).
diff --git a/src/tools/ftfuzzer/README b/src/tools/ftfuzzer/README
new file mode 100644
index 0000000..7248bb7
--- /dev/null
+++ b/src/tools/ftfuzzer/README
@@ -0,0 +1,23 @@
+ftfuzzer
+--------
+
+ftfuzzer.cc contains a target function for FreeType fuzzing.
+It can be used with libFuzzer (http://llvm.org/docs/LibFuzzer.html)
+or potentially any other similar fuzzer.
+
+Usage:
+ 1. Build libfreetype.a and ftfuzzer.cc using the most recent clang compiler
+ with these flags:
+ -fsanitize-coverage=edge,8bit-counters # for fuzzer coverage feedback
+ -fsanitize=address,signed-integer-overflow,shift # for bug checking
+ 2. Link with libFuzzer (it contains main()).
+ 3. Run the fuzzer on some test corpus.
+
+The exact flags and commands may vary.
+There is a continuous fuzzing bot that runs ftfuzzer:
+https://github.com/google/libfuzzer-bot/tree/master/freetype.
+Check the bot confituration for the most current settings.
+
+runinput.cc contains a convenience main() function to run the target function
+on a set of input files. Link it with ftfuzzer.cc and libfreetype.a
+and run like "./a.out my_tests_inputs/*"