Vips Libfuzzer

experiment with libfuzzer
Alternatives To Vips Libfuzzer
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Libprotobuf Mutator_fuzzing_learning203
3 months agomitC++
Learn how to combine libprotobuf-mutator with libfuzzer & AFL++
a month ago1May 04, 20228otherC
The libtpms library provides software emulation of a Trusted Platform Module (TPM 1.2 and TPM 2.0)
Afl Patches73
4 years agoother
Patches to afl to fix bugs or add enhancements
3 years agoapache-2.0C
VxWorks Fuzzer with AFL and QEMU
5 Afl Suite Docker16
3 years agoShell
Dockerfile for AFL++ and helpful other tools
Afl Simulate15
4 years agoagpl-3.0C
Simulate afl-fuzz
Klee Fl5
4 years agoC++
KLEE-fl : Compile Project to Bitcode and Try Fuzzing with KLEE .
4 years agoC++
DeepState testing for levelDB
3 years ago1C
Afl Mruby4
6 years ago1mitPython
Docker-based AFL-Fuzzer for MRuby
Alternatives To Vips Libfuzzer
Select To Compare

Alternative Project Comparisons

Test libvips with libFuzzer




The test is to load a small jpeg from a memory buffer and calculate the image average. It currently runs on my desktop for at least 23000 minutes of CPU time with no problems.

We need to add some more tests, perhaps tiff load from buffer and jpeg save to buffer.

Setup and test

There are two main routes: building your own clang, which needs a huge PC, or using an older prebuilt binary.

Make your own clang

libFuzzer became part of clang in April 2017. If you have a very recent version (6.0 or later) it's a bit simpler to fuzz.

You can do this via git with:

$ mkdir clang
$ cd clang/
$ git clone llvm-project
$ cd llvm-project
$ git config branch.master.rebase true
$ cd ..
$ mkdir clang-build && cd clang-build
$ cmake -GNinja ../llvm-project/llvm -DLLVM_ENABLE_PROJECTS="clang;libcxx;libcxxabi;openmp;llvm;compiler-rt"
$ ninja 

It'll take many, many hours, you'll need > 10gb of memory (if running wth -j 1, much more otherwise) and > 100gb of disc. It'll leave the compiler in clang/clang-build/bin.

Recent, pre-built clang

If building clang is too much work, Chromium have pre-built clang binaries --- download one for your system with:

$ mkdir clang
$ cd clang
$ git clone
$ ./clang/scripts/

Will leave the clang binary in ./third_party/llvm-build/Release+Asserts/bin/clang

Build libjpeg with coverage and address sanitation

Or you'll get a lot of fuzzer reports from inside libjpeg. See:

Build the 9c development version.

$ cd jpeg-9c
$ export CLANG_DIR=/home/john/GIT/clang/bin
$ export FUZZ_FLAGS="-g -fsanitize-coverage=trace-pc-guard -fsanitize=address"
$ CC=$CLANG_DIR/clang CFLAGS="$FUZZ_FLAGS" ./configure --prefix=/home/john/vips 

Build libvips with coverage and address sanitation

$ cd libvips
$ CC=$CLANG_DIR/clang CXX=$CLANG_DIR/clang++ \
    ./ --prefix=/home/john/vips \
        --with-jpeg-includes=/home/john/vips/include \
        --with-jpeg-libraries=/home/john/vips/lib \

Imagemagick uses -lomp, which the prebuilt clang does not support.

Build libFuzzer.a

If you are using an older clang without the built-in fuzzer, you must build it yourself.

$ git clone
$ ./Fuzzer/  

Build jpegload_buffer_fuzz.c against the custom libvips build

If you have the latest clang:

$ $CLANG_DIR/clang -g -fsanitize=fuzzer,address jpegload_buffer_fuzz.c `pkg-config vips --cflags --libs` -lstdc++

If you made your own fuzzer, you need:

$ $CLANG_DIR/clang -g -fsanitize=address jpegload_buffer_fuzz.c libFuzzer.a `pkg-config vips --cflags --libs` -lstdc++

Run the fuzzer

You need to tell address sanitiser where to find the stack trace symbolizer for your clang.

$ export ASAN_SYMBOLIZER_PATH=$CLANG_DIR/llvm-symbolizer
$ export ASAN_OPTIONS=symbolize=1
$ ./a.out jpegload_corpus

Debug a crash

$ $CLANG_DIR/clang -g -fsanitize=address jpegload_buffer_fuzz.c main.c `pkg-config vips --cflags --libs`
$ ASAN_OPTIONS=abort_on_error=1 gdb -ex r --args ./a.out crash-xxxxx

up a few times and you should be able to see what's going on.


Repeat the jpeg steps, with the obvious changes.

Popular Clang Projects
Popular Fuzzer Projects
Popular Compilers Categories

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.