Fuzzing of various libtorrent APIs (both internal and external), inspired by Kostya Serebryany's cppcon 2017 presentation
This project requires:
A very recent version of clang that supports libFuzzer. clang-5.0 may not be recent enough, you may have to build head from source.
Also known as b2. To configure boost build with your fresh clang build,
create a ~/user-config.jam with something like this in it (example for macOS):
using darwin : 6.0 : ~/Documents/dev/clang/build/bin/clang++ ;
Or on Linux:
using clang ;
The corpus is the set of inputs that has been built by libFuzzer. It's the seed for testing more mutations. The corpus is not checked into the repository, before running the fuzzer it is advised to download and unzip the corpus associated with the latest release on github.
https://github.com/arvidn/libtorrent/releases/download/libtorrent_1_2_0/corpus.zip
Uzip the corpus in the fuzzers directory:
unzip corpus.zip
To build the fuzzers:
b2 clang stage
The fuzzers binaries are placed in a directory called fuzzers.
To run the fuzzers, there's a convenience run.sh script that launches all fuzzers in parallel. By default, each fuzzer runs for 48 hours. This can be adjusted in the run.sh script.
Please consider contributing back any updated corpuses (amended by more seed inputs) or fuzzers for more APIs in libtorrent.