Commit e86607084c75b7d55ec23e28f9f8d6c915238ecf
2020-02-18T18:42:12
Merge pull request #5400 from lhchavez/fix-packfile-fuzzer fuzzers: Fix the documentation
diff --git a/docs/fuzzing.md b/docs/fuzzing.md
index cd82576..25b32cb 100644
--- a/docs/fuzzing.md
+++ b/docs/fuzzing.md
@@ -3,7 +3,7 @@
libgit2 is currently using [libFuzzer](https://libfuzzer.info) to perform
automated fuzz testing. libFuzzer only works with clang.
-## Prerequisites** for building fuzz targets:
+## Prerequisites for building fuzz targets:
1. All the prerequisites for [building libgit2](https://github.com/libgit2/libgit2).
2. A recent version of clang. 6.0 is preferred. [pre-build Debian/Ubuntu
@@ -27,14 +27,15 @@ automated fuzz testing. libFuzzer only works with clang.
## Run the fuzz targets
-1. `ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolize-6.0
+1. `ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolize
LSAN_OPTIONS=allocator_may_return_null=1
- ASAN_OPTIONS=allocator_may_return_null=1 ./build/fuzz/fuzz_packfile_raw
- fuzz/corpora/fuzz_packfile_raw/`
+ ASAN_OPTIONS=allocator_may_return_null=1 ./build/fuzzers/packfile_fuzzer
+ fuzzers/corpora/packfile/`
The `LSAN_OPTIONS` and `ASAN_OPTIONS` are there to allow `malloc(3)` to return
-`NULL`. The `LLVM_PROFILE_FILE` is there to override the path where libFuzzer
-will write the coverage report.
+`NULL`, which is expected if a huge chunk of memory is allocated. The
+`LLVM_PROFILE_FILE` environment string can also be added to override the path
+where libFuzzer will write the coverage report.
## Get coverage