# Install git and get this tutorial
sudo apt-get --yes install git
git clone https://github.com/google/fuzzing.git fuzzing
# Get fuzzer-test-suite
git clone https://github.com/google/fuzzer-test-suite.git FTS
./fuzzing/tutorial/libFuzzer/install-deps.sh # Get deps
./fuzzing/tutorial/libFuzzer/install-clang.sh # Get fresh clang binaries
clang++ -g -fsanitize=address,fuzzer fuzzing/tutorial/libFuzzer/fuzz_me.cc
./a.out
INFO: Seed: 2032387296
INFO: Loaded 1 modules (7 inline 8-bit counters): 7 [0x74ee40, 0x74ee47),
INFO: Loaded 1 PC tables (7 PCs): 7 [0x52f8c8,0x52f938),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
==24251== ERROR: libFuzzer: deadly signal
#0 0x4ee747 in __sanitizer_print_stack_trace /tmp/final/llvm.src/projects/compiler-rt/lib/asan/asan_stack.cc:38:3
#1 0x42c5c6 in fuzzer::Fuzzer::CrashCallback() /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:233:5
#2 0x42c58f in fuzzer::Fuzzer::StaticCrashSignalCallback() /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:206:6
#3 0x7f3d207a43cf (/lib/x86_64-linux-gnu/libpthread.so.0+0x113cf)
#4 0x443595 in HandleCmp<unsigned long> /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp:330:26
#5 0x443595 in __sanitizer_cov_trace_const_cmp8 /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp:434
#6 0x515ed7 in FuzzMe(unsigned char const*, unsigned long) /home/user/fuzzing/tutorial/libFuzzer/fuzz_me.cc:5:19
#7 0x516174 in LLVMFuzzerTestOneInput /home/user/fuzzing/tutorial/libFuzzer/fuzz_me.cc:13:3
#8 0x42d81c in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:515:13
#9 0x42eead in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, fuzzer::fuzzer_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:701:3
#10 0x42f1e5 in fuzzer::Fuzzer::Loop(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, fuzzer::fuzzer_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:739:3
#11 0x424070 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:754:6
#12 0x445c72 in main /tmp/final/llvm.src/projects/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#13 0x7f3d1fdc882f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#14 0x41d0f8 in _start (/home/user/a.out+0x41d0f8)
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
MS: 0 ; base unit: 0000000000000000000000000000000000000000
artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709
Base64: