Code and corpora for curl and libcurl fuzzing.
This is the curl fuzzing OSS-Fuzz runs for us, non-stop.
Great! Run ./mainline.sh
. It will download you a fresh copy of curl, compile
it with clang
, install it to a temporary directory, then compile the fuzzer
against curl. It'll also run the regression testcases.
If you have a local copy of curl that you want to use instead, pass the path as
an argument to ./mainline.sh
. It will compile and install that curl to a
temporary directory instead.
./mainline.sh
is run regressibly by Github Actions.
Setting the FUZZ_VERBOSE
environment variable turns on curl verbose logging.
This can be useful when debugging a single testcase.
The public corpus links for each target should be accessible here:
Check out REPRODUCING.md for more detailed instructions.
To look at the contents of a testcase, run
python read_corpus.py --input <path/to/file>
This will print out a list of contents inside the file.
To generate a new testcase, run python generate_corpus.py
with appropriate
options.
Wonderful! Here's a bit of information you may need to know.
Testcases are written in a Type-Length-Value or TLV format. Each TLV has:
TLV type numbers are defined in both corpus.py and curl_fuzzer.h.
To add a new TLV:
generate_corpus.py
, corpus.py
.curl_fuzzer.cc
, curl_fuzzer.h
. Thisfuzz_parse_tlv()
.FUZZ_CURLOPT_TRACKER_SPACE
can encompass your additional TLVs!