| Hasnain Lakhani | cf41a1c | 2025-08-25 10:55:35 -0700 | [diff] [blame] | 1 | # C GLib Fuzzing README |
| 2 | |
| 3 | To build the fuzz targets, run `make check` in this directory. The build system uses LLVM's libFuzzer for fuzzing the C GLib Thrift implementation. |
| 4 | |
| 5 | These are standard libFuzzer targets, so you can run them using the standard libFuzzer interface. After building, you can run a fuzzer using: |
| 6 | ```bash |
| 7 | ./<fuzzer_name> |
| 8 | ``` |
| 9 | |
| 10 | We currently have two fuzz targets: |
| 11 | |
| 12 | * fuzz_parse_binary -- fuzzes the deserialization of the Binary protocol |
| 13 | * fuzz_parse_compact -- fuzzes the deserialization of the Compact protocol |
| 14 | * TODO: Add round trip fuzzers, similar to other languages. |
| 15 | |
| 16 | The fuzzers use libFuzzer's built-in mutation engine to generate test cases. Each fuzzer implements the standard `LLVMFuzzerTestOneInput` interface. |
| 17 | |
| 18 | For more information about libFuzzer and its options, see the [libFuzzer documentation](https://llvm.org/docs/LibFuzzer.html). |
| 19 | |
| 20 | You can also use the corpus generator from the Rust implementation to generate initial corpus files that can be used with these C GLib fuzzers, since the wire formats are identical between implementations. |