ossfuzz

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

OSS-Fuzz

OSS-Fuzz is an open-source project developed by Google that provides free distributed infrastructure for continuous fuzz testing. It streamlines the fuzzing process and facilitates simpler modifications. While only select projects are accepted into OSS-Fuzz, the project's core is open-source, allowing anyone to host their own instance for private projects.

OSS-Fuzz 是由Google开发的开源项目，为持续模糊测试提供免费的分布式基础设施。它简化了模糊测试流程，便于进行修改。虽然只有部分精选项目能被OSS-Fuzz接纳，但该项目的核心是开源的，任何人都可以为私有项目部署自己的实例。

Overview

概述

OSS-Fuzz provides a simple CLI framework for building and starting harnesses or calculating their coverage. Additionally, OSS-Fuzz can be used as a service that hosts static web pages generated from fuzzing outputs such as coverage information.

OSS-Fuzz提供了一个简单的CLI框架，用于构建和启动harness，或计算它们的覆盖率。此外，OSS-Fuzz还可以作为一项服务，托管由模糊测试输出（如覆盖率信息）生成的静态网页。

Key Concepts

核心概念

Concept	Description
helper.py	CLI script for building images, building fuzzers, and running harnesses locally
Base Images	Hierarchical Docker images providing build dependencies and compilers
project.yaml	Configuration file defining project metadata for OSS-Fuzz enrollment
Dockerfile	Project-specific image with build dependencies
build.sh	Script that builds fuzzing harnesses for your project
Criticality Score	Metric used by OSS-Fuzz team to evaluate project acceptance

概念	描述
helper.py	用于构建镜像、构建模糊测试器以及在本地运行测试harness的CLI脚本
Base Images	分层Docker镜像，提供构建依赖和编译器
project.yaml	定义OSS-Fuzz注册项目元数据的配置文件
Dockerfile	包含项目构建依赖的项目专属镜像
build.sh	为你的项目构建模糊测试harness的脚本
Criticality Score	OSS-Fuzz团队用于评估项目是否可被接纳的指标

When to Apply

适用场景

Apply this technique when:

Setting up continuous fuzzing for an open-source project
Need distributed fuzzing infrastructure without managing servers
Want coverage reports and bug tracking integrated with fuzzing
Testing existing OSS-Fuzz harnesses locally
Reproducing crashes from OSS-Fuzz bug reports

Skip this technique when:

Project is closed-source (unless hosting your own OSS-Fuzz instance)
Project doesn't meet OSS-Fuzz's criticality score threshold
Need proprietary or specialized fuzzing infrastructure
Fuzzing simple scripts that don't warrant infrastructure

在以下场景中应用该技术：

为开源项目搭建持续模糊测试
需要分布式模糊测试基础设施但不想管理服务器
希望将覆盖率报告和漏洞追踪与模糊测试集成
在本地测试现有的OSS-Fuzz harness
重现OSS-Fuzz漏洞报告中的崩溃问题

在以下场景中跳过该技术：

项目为闭源（除非部署自己的OSS-Fuzz实例）
项目未达到OSS-Fuzz的Criticality Score阈值
需要专有或特殊的模糊测试基础设施
模糊测试简单脚本，无需基础设施支持

Quick Reference

快速参考

Task	Command
Clone OSS-Fuzz	`git clone https://github.com/google/oss-fuzz`
Build project image	`python3 infra/helper.py build_image --pull <project>`
Build fuzzers with ASan	`python3 infra/helper.py build_fuzzers --sanitizer=address <project>`
Run specific harness	`python3 infra/helper.py run_fuzzer <project> <harness>`
Generate coverage report	`python3 infra/helper.py coverage <project>`
Check helper.py options	`python3 infra/helper.py --help`

任务	命令
克隆OSS-Fuzz	`git clone https://github.com/google/oss-fuzz`
构建项目镜像	`python3 infra/helper.py build_image --pull <project>`
使用ASan构建模糊测试器	`python3 infra/helper.py build_fuzzers --sanitizer=address <project>`
运行指定的harness	`python3 infra/helper.py run_fuzzer <project> <harness>`
生成覆盖率报告	`python3 infra/helper.py coverage <project>`
查看helper.py选项	`python3 infra/helper.py --help`

OSS-Fuzz Project Components

OSS-Fuzz项目组件

OSS-Fuzz provides several publicly available tools and web interfaces:

OSS-Fuzz提供了多个公开可用的工具和Web界面：

Bug Tracker

漏洞追踪器

The bug tracker allows you to:

Check bugs from specific projects (initially visible only to maintainers, later made public)
Create new issues and comment on existing ones
Search for similar bugs across all projects to understand issues

漏洞追踪器允许你：

查看特定项目的漏洞（最初仅对维护者可见，后续会公开）
创建新问题并对现有问题发表评论
跨所有项目搜索类似漏洞，以便了解问题详情

Build Status System

构建状态系统

The build status system helps track:

Build statuses of all included projects
Date of last successful build
Build failures and their duration

构建状态系统有助于追踪：

所有纳入项目的构建状态
上次成功构建的日期
构建失败及其持续时间

Fuzz Introspector

Fuzz Introspector displays:

Coverage data for projects enrolled in OSS-Fuzz
Hit frequency for covered code
Performance analysis and blocker identification

Read this case study for examples and explanations.

Fuzz Introspector 展示：

已加入OSS-Fuzz的项目的覆盖率数据
已覆盖代码的命中频率
性能分析和阻塞点识别

阅读该案例研究获取示例和说明。

Step-by-Step: Running a Single Harness

分步指南：运行单个Harness

You don't need to host the whole OSS-Fuzz platform to use it. The helper script makes it easy to run individual harnesses locally.

你无需部署整个OSS-Fuzz平台即可使用它。helper脚本可帮助你轻松在本地运行单个harness。

Step 1: Clone OSS-Fuzz

步骤1：克隆OSS-Fuzz

bash

git clone https://github.com/google/oss-fuzz
cd oss-fuzz
python3 infra/helper.py --help

bash

git clone https://github.com/google/oss-fuzz
cd oss-fuzz
python3 infra/helper.py --help

Step 2: Build Project Image

步骤2：构建项目镜像

bash

python3 infra/helper.py build_image --pull <project-name>

This downloads and builds the base Docker image for the project.

bash

python3 infra/helper.py build_image --pull <project-name>

此命令会下载并构建该项目的基础Docker镜像。

Step 3: Build Fuzzers with Sanitizers

步骤3：使用Sanitizer构建模糊测试器

bash

python3 infra/helper.py build_fuzzers --sanitizer=address <project-name>

Sanitizer options:

```
--sanitizer=address
```
for AddressSanitizer with LeakSanitizer
Other sanitizers available (language support varies)

Note: Fuzzers are built to

/build/out/<project-name>/

containing the harness executables, dictionaries, corpus, and crash files.

bash

python3 infra/helper.py build_fuzzers --sanitizer=address <project-name>

Sanitizer选项：

```
--sanitizer=address
```
用于搭配LeakSanitizer的AddressSanitizer
还支持其他sanitizer（语言支持情况有所不同）

注意： 模糊测试器会被构建到

/build/out/<project-name>/

目录下，包含harness可执行文件、字典、语料库和崩溃文件。

Step 4: Run the Fuzzer

步骤4：运行模糊测试器

bash

python3 infra/helper.py run_fuzzer <project-name> <harness-name> [<fuzzer-args>]

The helper script automatically runs any missed steps if you skip them.

bash

python3 infra/helper.py run_fuzzer <project-name> <harness-name> [<fuzzer-args>]

如果你跳过某些步骤，helper脚本会自动运行遗漏的步骤。

Step 5: Coverage Analysis (Optional)

步骤5：覆盖率分析（可选）

First, install gsutil (skip gcloud initialization).

bash

python3 infra/helper.py build_fuzzers --sanitizer=coverage <project-name>
python3 infra/helper.py coverage <project-name>

Use

--no-corpus-download

to use only local corpus. The command generates and hosts a coverage report locally.

See official OSS-Fuzz documentation for details.

首先，安装gsutil（跳过gcloud初始化）。

bash

python3 infra/helper.py build_fuzzers --sanitizer=coverage <project-name>
python3 infra/helper.py coverage <project-name>

使用

--no-corpus-download

仅使用本地语料库。该命令会在本地生成并托管覆盖率报告。

详情请参阅OSS-Fuzz官方文档。

Common Patterns

常见模式

Pattern: Running irssi Example

模式：运行irssi示例

Use Case: Testing OSS-Fuzz setup with a simple enrolled project

bash

undefined

使用场景： 通过一个简单的已注册项目测试OSS-Fuzz设置

bash

undefined

Clone and navigate to OSS-Fuzz

克隆并进入OSS-Fuzz目录

git clone https://github.com/google/oss-fuzz cd oss-fuzz

Build and run irssi fuzzer

构建并运行irssi模糊测试器

python3 infra/helper.py build_image --pull irssi python3 infra/helper.py build_fuzzers --sanitizer=address irssi python3 infra/helper.py run_fuzzer irssi irssi-fuzz


**Expected Output:**

INFO:main:Running: docker run --rm --privileged --shm-size=2g --platform linux/amd64 -i -e FUZZING_ENGINE=libfuzzer -e SANITIZER=address -e RUN_FUZZER_MODE=interactive -e HELPER=True -v /private/tmp/oss-fuzz/build/out/irssi:/out -t gcr.io/oss-fuzz-base/base-runner run_fuzzer irssi-fuzz. Using seed corpus: irssi-fuzz_seed_corpus.zip /out/irssi-fuzz -rss_limit_mb=2560 -timeout=25 /tmp/irssi-fuzz_corpus -max_len=2048 < /dev/null INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 1531341664 INFO: Loaded 1 modules (95687 inline 8-bit counters): 95687 [0x1096c80, 0x10ae247), INFO: Loaded 1 PC tables (95687 PCs): 95687 [0x10ae248,0x1223eb8), INFO: 719 files found in /tmp/irssi-fuzz_corpus INFO: seed corpus: files: 719 min: 1b max: 170106b total: 367969b rss: 48Mb #720 INITED cov: 409 ft: 1738 corp: 640/163Kb exec/s: 0 rss: 62Mb #762 REDUCE cov: 409 ft: 1738 corp: 640/163Kb lim: 2048 exec/s: 0 rss: 63Mb L: 236/2048 MS: 2 ShuffleBytes-EraseBytes-

undefined

python3 infra/helper.py build_image --pull irssi python3 infra/helper.py build_fuzzers --sanitizer=address irssi python3 infra/helper.py run_fuzzer irssi irssi-fuzz


**预期输出：**

undefined

Pattern: Enrolling a New Project

模式：注册新项目

Use Case: Adding your project to OSS-Fuzz (or private instance)

Create three files in

projects/<your-project>/

1. project.yaml - Project metadata:

yaml

homepage: "https://github.com/yourorg/yourproject"
language: c++
primary_contact: "your-email@example.com"
main_repo: "https://github.com/yourorg/yourproject"
fuzzing_engines:
  - libfuzzer
sanitizers:
  - address
  - undefined

2. Dockerfile - Build dependencies:

dockerfile

FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y \
    autoconf \
    automake \
    libtool \
    pkg-config
RUN git clone --depth 1 https://github.com/yourorg/yourproject
WORKDIR yourproject
COPY build.sh $SRC/

3. build.sh - Build harnesses:

bash

#!/bin/bash -eu
./autogen.sh
./configure --disable-shared
make -j$(nproc)

使用场景： 将你的项目添加到OSS-Fuzz（或私有实例）

在

projects/<your-project>/

目录下创建三个文件：

1. project.yaml - 项目元数据：

yaml

homepage: "https://github.com/yourorg/yourproject"
language: c++
primary_contact: "your-email@example.com"
main_repo: "https://github.com/yourorg/yourproject"
fuzzing_engines:
  - libfuzzer
sanitizers:
  - address
  - undefined

2. Dockerfile - 构建依赖：

dockerfile

FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y \
    autoconf \
    automake \
    libtool \
    pkg-config
RUN git clone --depth 1 https://github.com/yourorg/yourproject
WORKDIR yourproject
COPY build.sh $SRC/

3. build.sh - 构建harness：

bash

#!/bin/bash -eu
./autogen.sh
./configure --disable-shared
make -j$(nproc)

Build harnesses

构建harness

$CXX $CXXFLAGS -std=c++11 -I.
$SRC/yourproject/fuzz/harness.cc -o $OUT/harness
$LIB_FUZZING_ENGINE ./libyourproject.a

Copy corpus and dictionary if available

复制语料库和字典（如果有）

cp $SRC/yourproject/fuzz/corpus.zip $OUT/harness_seed_corpus.zip cp $SRC/yourproject/fuzz/dictionary.dict $OUT/harness.dict

undefined

cp $SRC/yourproject/fuzz/corpus.zip $OUT/harness_seed_corpus.zip cp $SRC/yourproject/fuzz/dictionary.dict $OUT/harness.dict

undefined

Docker Images in OSS-Fuzz

OSS-Fuzz中的Docker镜像

Harnesses are built and executed in Docker containers. All projects share a runner image, but each project has its own build image.

Harness在Docker容器中构建和执行。所有项目共享一个运行器镜像，但每个项目都有自己的构建镜像。

Image Hierarchy

镜像层级

Images build on each other in this sequence:

base_image - Specific Ubuntu version
base_clang - Clang compiler; based on
```
base_image
```
base_builder - Build dependencies; based on
```
base_clang
```
- Language-specific variants:
```
base_builder_go
```
  , etc.
- See /oss-fuzz/infra/base-images/ for full list
Your project Docker image - Project-specific dependencies; based on
```
base_builder
```
or language variant

镜像按以下顺序逐层构建：

base_image - 特定版本的Ubuntu
base_clang - Clang编译器；基于
```
base_image
```
base_builder - 构建依赖；基于
```
base_clang
```
- 特定语言变体：
```
base_builder_go
```
  等
- 完整列表请查看/oss-fuzz/infra/base-images/
你的项目Docker镜像 - 项目专属依赖；基于
```
base_builder
```
或特定语言变体

Runner Images (Used Separately)

运行器镜像（单独使用）

base_runner - Executes harnesses; based on
```
base_clang
```
base_runner_debug - With debug tools; based on
```
base_runner
```

base_runner - 执行harness；基于
```
base_clang
```
base_runner_debug - 包含调试工具；基于
```
base_runner
```

Advanced Usage

高级用法

Tips and Tricks

技巧与窍门

Tip	Why It Helps
Don't manually copy source code	Project Dockerfile likely already pulls latest version
Check existing projects	Browse oss-fuzz/projects for examples
Keep harnesses in separate repo	Like curl-fuzzer - cleaner organization
Use specific compiler versions	Base images provide consistent build environment
Install dependencies in Dockerfile	May require approval for OSS-Fuzz enrollment

技巧	优势
不要手动复制源代码	项目Dockerfile可能已经拉取了最新版本
查看现有项目	浏览oss-fuzz/projects获取示例
将harness放在单独的仓库中	类似于curl-fuzzer - 组织更清晰
使用特定版本的编译器	基础镜像提供一致的构建环境
在Dockerfile中安装依赖	OSS-Fuzz注册可能需要审批

Criticality Score

OSS-Fuzz uses a criticality score to evaluate project acceptance. See this example for how scoring works.

Projects with lower scores may still be added to private OSS-Fuzz instances.

OSS-Fuzz使用Criticality Score评估项目是否可被接纳。查看该示例了解评分方式。

评分较低的项目仍可添加到私有OSS-Fuzz实例中。

Hosting Your Own Instance

部署自己的实例

Since OSS-Fuzz is open-source, you can host your own instance for:

Private projects not eligible for public OSS-Fuzz
Projects with lower criticality scores
Custom fuzzing infrastructure needs

由于OSS-Fuzz是开源的，你可以部署自己的实例用于：

不符合公共OSS-Fuzz条件的私有项目
评分较低的项目
自定义模糊测试基础设施需求

Anti-Patterns

反模式

Anti-Pattern	Problem	Correct Approach
Manually pulling source in build.sh	Doesn't use latest version	Let Dockerfile handle git clone
Copying code to OSS-Fuzz repo	Hard to maintain, violates separation	Reference external harness repo
Ignoring base image versions	Build inconsistencies	Use provided base images and compilers
Skipping local testing	Wastes CI resources	Use helper.py locally before PR
Not checking build status	Unnoticed build failures	Monitor build status page regularly

反模式	问题	正确做法
在build.sh中手动拉取源代码	无法使用最新版本	让Dockerfile处理git克隆
将代码复制到OSS-Fuzz仓库	难以维护，违反分离原则	引用外部harness仓库
忽略基础镜像版本	构建不一致	使用提供的基础镜像和编译器
跳过本地测试	浪费CI资源	在提交PR前使用helper.py进行本地测试
不检查构建状态	未发现构建失败	定期监控构建状态页面

Tool-Specific Guidance

工具特定指南

libFuzzer

OSS-Fuzz primarily uses libFuzzer as the fuzzing engine for C/C++ projects.

Harness signature:

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    // Your fuzzing logic
    return 0;
}

Build in build.sh:

bash

$CXX $CXXFLAGS -std=c++11 -I. \
    harness.cc -o $OUT/harness \
    $LIB_FUZZING_ENGINE ./libproject.a

Integration tips:

Use
```
$LIB_FUZZING_ENGINE
```
variable provided by OSS-Fuzz
Include
```
-fsanitize=fuzzer
```
is handled automatically
Link against static libraries when possible

OSS-Fuzz主要使用libFuzzer作为C/C++项目的模糊测试引擎。

Harness签名：

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    // 你的模糊测试逻辑
    return 0;
}

在build.sh中构建：

bash

$CXX $CXXFLAGS -std=c++11 -I. \
    harness.cc -o $OUT/harness \
    $LIB_FUZZING_ENGINE ./libproject.a

集成技巧：

使用OSS-Fuzz提供的
```
$LIB_FUZZING_ENGINE
```
变量
自动处理
```
-fsanitize=fuzzer
```
的添加
尽可能链接静态库

AFL++

OSS-Fuzz supports AFL++ as an alternative fuzzing engine.

Enable in project.yaml:

yaml

fuzzing_engines:
  - afl
  - libfuzzer

Integration tips:

AFL++ harnesses work alongside libFuzzer harnesses
Use persistent mode for better performance
OSS-Fuzz handles engine-specific compilation flags

OSS-Fuzz支持AFL++作为替代模糊测试引擎。

在project.yaml中启用：

yaml

fuzzing_engines:
  - afl
  - libfuzzer

集成技巧：

AFL++ harness可与libFuzzer harness共存
使用持久模式提升性能
OSS-Fuzz处理引擎特定的编译标志

Atheris (Python)

Atheris（Python）

For Python projects with C extensions.

Example from cbor2 integration:

Harness:

python

import atheris
import sys
import cbor2

@atheris.instrument_func
def TestOneInput(data):
    fdp = atheris.FuzzedDataProvider(data)
    try:
        cbor2.loads(data)
    except (cbor2.CBORDecodeError, ValueError):
        pass

def main():
    atheris.Setup(sys.argv, TestOneInput)
    atheris.Fuzz()

if __name__ == "__main__":
    main()

Build in build.sh:

bash

pip3 install .
for fuzzer in $(find $SRC -name 'fuzz_*.py'); do
  compile_python_fuzzer $fuzzer
done

Integration tips:

Use
```
compile_python_fuzzer
```
helper provided by OSS-Fuzz
See Continuously Fuzzing Python C Extensions blog post

适用于带有C扩展的Python项目。

来自cbor2集成的示例：

Harness：

python

import atheris
import sys
import cbor2

@atheris.instrument_func
def TestOneInput(data):
    fdp = atheris.FuzzedDataProvider(data)
    try:
        cbor2.loads(data)
    except (cbor2.CBORDecodeError, ValueError):
        pass

def main():
    atheris.Setup(sys.argv, TestOneInput)
    atheris.Fuzz()

if __name__ == "__main__":
    main()

在build.sh中构建：

bash

pip3 install .
for fuzzer in $(find $SRC -name 'fuzz_*.py'); do
  compile_python_fuzzer $fuzzer
done

集成技巧：

使用OSS-Fuzz提供的
```
compile_python_fuzzer
```
助手
阅读持续模糊测试Python C扩展博客文章

Rust Projects

Rust项目

Enable in project.yaml:

yaml

language: rust
fuzzing_engines:
  - libfuzzer
sanitizers:
  - address  # Only AddressSanitizer supported for Rust

Build in build.sh:

bash

cargo fuzz build -O --debug-assertions
cp fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1 $OUT/

Integration tips:

Rust supports only AddressSanitizer with libfuzzer
Use cargo-fuzz for local development
OSS-Fuzz handles Rust-specific compilation

在project.yaml中启用：

yaml

language: rust
fuzzing_engines:
  - libfuzzer
sanitizers:
  - address  # Rust仅支持AddressSanitizer

在build.sh中构建：

bash

cargo fuzz build -O --debug-assertions
cp fuzz/target/x86_64-unknown-linux-gnu/release/fuzz_target_1 $OUT/

集成技巧：

Rust仅支持搭配libfuzzer的AddressSanitizer
使用cargo-fuzz进行本地开发
OSS-Fuzz处理Rust特定的编译

Troubleshooting

故障排除

Issue	Cause	Solution
Build fails with missing dependencies	Dependencies not in Dockerfile	Add `apt-get install` or equivalent in Dockerfile
Harness crashes immediately	Missing input validation	Add size checks in harness
Coverage is 0%	Harness not reaching target code	Verify harness actually calls target functions
Build timeout	Complex build process	Optimize build.sh, consider parallel builds
Sanitizer errors in build	Incompatible flags	Use flags provided by OSS-Fuzz environment variables
Cannot find source code	Wrong working directory in Dockerfile	Set WORKDIR or use absolute paths

问题	原因	解决方案
构建失败，提示缺少依赖	Dockerfile中未包含依赖	在Dockerfile中添加 `apt-get install` 或等效命令
Harness立即崩溃	缺少输入验证	在harness中添加大小检查
覆盖率为0%	Harness未触达目标代码	验证harness是否实际调用了目标函数
构建超时	构建过程复杂	优化build.sh，考虑并行构建
构建中出现Sanitizer错误	标志不兼容	使用OSS-Fuzz环境变量提供的标志
无法找到源代码	Dockerfile中的工作目录错误	设置WORKDIR或使用绝对路径

Related Skills

Skill	How It Applies
libfuzzer	Primary fuzzing engine used by OSS-Fuzz
aflpp	Alternative fuzzing engine supported by OSS-Fuzz
atheris	Used for fuzzing Python projects in OSS-Fuzz
cargo-fuzz	Used for Rust projects in OSS-Fuzz

技能	应用方式
libfuzzer	OSS-Fuzz使用的主要模糊测试引擎
aflpp	OSS-Fuzz支持的替代模糊测试引擎
atheris	用于在OSS-Fuzz中模糊测试Python项目
cargo-fuzz	用于在OSS-Fuzz中模糊测试Rust项目

Skill	Relationship
coverage-analysis	OSS-Fuzz generates coverage reports via helper.py
address-sanitizer	Default sanitizer for OSS-Fuzz projects
fuzz-harness-writing	Essential for enrolling projects in OSS-Fuzz
corpus-management	OSS-Fuzz maintains corpus for enrolled projects

技能	关系
coverage-analysis	OSS-Fuzz通过helper.py生成覆盖率报告
address-sanitizer	OSS-Fuzz项目的默认Sanitizer
fuzz-harness-writing	项目加入OSS-Fuzz的必备技能
corpus-management	OSS-Fuzz为已注册项目维护语料库

关键外部资源

OSS-Fuzz Official Documentation Comprehensive documentation covering enrollment, harness writing, and troubleshooting for the OSS-Fuzz platform.

Getting Started Guide Step-by-step process for enrolling new projects into OSS-Fuzz, including requirements and approval process.

cbor2 OSS-Fuzz Integration PR Real-world example of enrolling a Python project with C extensions into OSS-Fuzz. Shows:

Initial proposal and project introduction
Criticality score evaluation
Complete implementation (project.yaml, Dockerfile, build.sh, harnesses)

Fuzz Introspector Case Studies Examples and explanations of using Fuzz Introspector to analyze coverage and identify fuzzing blockers.

OSS-Fuzz官方文档 涵盖注册、harness编写和故障排除的综合文档。

入门指南 将新项目注册到OSS-Fuzz的分步流程，包括要求和审批流程。

cbor2 OSS-Fuzz集成PR 将带有C扩展的Python项目注册到OSS-Fuzz的真实示例。展示：

初始提案和项目介绍
Criticality Score评估
完整实现（project.yaml、Dockerfile、build.sh、harness）

Fuzz Introspector案例研究 使用Fuzz Introspector分析覆盖率和识别模糊测试阻塞点的示例和说明。

Video Resources

视频资源

Check OSS-Fuzz documentation for workshop recordings and tutorials on enrollment and harness development.

查看OSS-Fuzz文档获取研讨会录像和关于注册与harness开发的教程。

ossfuzz

Original

Translation

OSS-Fuzz

OSS-Fuzz

Overview

概述

Key Concepts

核心概念

When to Apply

适用场景

Quick Reference

快速参考

OSS-Fuzz Project Components

OSS-Fuzz项目组件

Bug Tracker

漏洞追踪器

Build Status System

构建状态系统

Fuzz Introspector

Fuzz Introspector

Step-by-Step: Running a Single Harness

分步指南：运行单个Harness

Step 1: Clone OSS-Fuzz

步骤1：克隆OSS-Fuzz

Step 2: Build Project Image

步骤2：构建项目镜像

Step 3: Build Fuzzers with Sanitizers

步骤3：使用Sanitizer构建模糊测试器

Step 4: Run the Fuzzer

步骤4：运行模糊测试器

Step 5: Coverage Analysis (Optional)

步骤5：覆盖率分析（可选）

Common Patterns

常见模式

Pattern: Running irssi Example

模式：运行irssi示例

Clone and navigate to OSS-Fuzz

克隆并进入OSS-Fuzz目录

Build and run irssi fuzzer

构建并运行irssi模糊测试器

Pattern: Enrolling a New Project

模式：注册新项目

Build harnesses

构建harness

Copy corpus and dictionary if available

复制语料库和字典（如果有）

Docker Images in OSS-Fuzz

OSS-Fuzz中的Docker镜像

Image Hierarchy

镜像层级

Runner Images (Used Separately)

运行器镜像（单独使用）

Advanced Usage

高级用法

Tips and Tricks

技巧与窍门

Criticality Score

Criticality Score

Hosting Your Own Instance

部署自己的实例

Anti-Patterns

反模式

Tool-Specific Guidance

工具特定指南

libFuzzer

libFuzzer

AFL++

AFL++

Atheris (Python)

Atheris（Python）

Rust Projects

Rust项目

Troubleshooting

故障排除

Related Skills

相关技能

Tools That Use This Technique

使用该技术的工具

Related Techniques