mirrors/ghostty
1
0
Fork 0
mirror of https://github.com/ghostty-org/ghostty.git synced 2026-04-19 22:10:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e8f861f561ee81a29cd06ad727a353a08a548eac
ghostty/test/fuzz-libghostty/AGENTS.md
Mitchell Hashimoto e8f861f561 fuzz: replace : with _ for Windows
2026-03-01 06:47:01 -08:00

1.3 KiB
Raw Blame History

AFL++ Fuzzer for Libghostty

  • ghostty-fuzz is a binary built with afl-cc
  • Build ghostty-fuzz with zig build
  • After running afl-cmin/afl-tmin, run corpus/sanitize-filenames.sh before committing to replace colons with underscores (colons are invalid on Windows NTFS).

Important: stdin-based input

The instrumented binary (afl.c harness) reads fuzz input from stdin, not from a file argument. This affects how you invoke AFL++ tools:

  • afl-fuzz: Uses shared-memory fuzzing automatically; @@ works because AFL writes directly to shared memory, bypassing file I/O.

  • afl-showmap: Must pipe input via stdin, not @@:

    cat testcase | afl-showmap -o map.txt -- zig-out/bin/ghostty-fuzz

  • afl-cmin: Do not use @@. Requires AFL_NO_FORKSRV=1 with the bash version due to a bug in the Python afl-cmin (AFL++ 4.35c):

    AFL_NO_FORKSRV=1 /opt/homebrew/Cellar/afl++/4.35c/libexec/afl-cmin.bash \
  -i afl-out/default/queue -o corpus/vt-parser-cmin \
  -- zig-out/bin/ghostty-fuzz

  • afl-tmin: Also requires AFL_NO_FORKSRV=1, no @@:

    AFL_NO_FORKSRV=1 afl-tmin -i <input> -o <output> -- zig-out/bin/ghostty-fuzz

If you pass @@ or a filename argument, afl-showmap/afl-cmin/afl-tmin will see only ~4 tuples (the C main paths) and produce useless results.