Google Git
Sign in
pigweed / third_party / github / google / honggfuzz / 188694ce03e8938d057781d415864a6546e69250
commit188694ce03e8938d057781d415864a6546e69250[log] [tgz]
authorRobert Swiecki <robert@swiecki.net>Sat Dec 20 17:31:57 2025 +0100
committerRobert Swiecki <robert@swiecki.net>Sat Dec 20 17:31:57 2025 +0100
tree6fe91dba0ee0e1a0b679ace67084b95cddc88b4a
parent6dff0a7e34681b5998ce721f5891f70fc1d92674 [diff]
Readme - categorized
1 file changed
tree: 6fe91dba0ee0e1a0b679ace67084b95cddc88b4a
  1. android/
  2. docs/
  3. examples/
  4. hfuzz_cc/
  5. includes/
  6. libhfcommon/
  7. libhfnetdriver/
  8. libhfuzz/
  9. linux/
  10. mac/
  11. netbsd/
  12. patches/
  13. posix/
  14. qemu_mode/
  15. socketfuzzer/
  16. third_party/
  17. tools/
  18. .clang-format
  19. .clangd
  20. .gitattributes
  21. .gitignore
  22. .gitmodules
  23. arch.h
  24. CHANGELOG
  25. cmdline.c
  26. cmdline.h
  27. CONTRIBUTING.md
  28. COPYING
  29. display.c
  30. display.h
  31. Dockerfile
  32. fuzz.c
  33. fuzz.h
  34. honggfuzz.c
  35. honggfuzz.h
  36. input.c
  37. input.h
  38. Makefile
  39. mangle.c
  40. mangle.h
  41. README.md
  42. report.c
  43. report.h
  44. sanitizers.c
  45. sanitizers.h
  46. screenshot-honggfuzz-1.png
  47. socketfuzzer.c
  48. socketfuzzer.h
  49. subproc.c
  50. subproc.h
README.md

Honggfuzz

A security-oriented, feedback-driven, evolutionary fuzzer.

Honggfuzz is a general-purpose fuzzer that uses code coverage (software and hardware-based) to find bugs. It is multi-process, multi-threaded, and supports persistent fuzzing for extreme speed.

Key Features

  • Fast: Multi-process and multi-threaded engine. unlocking full CPU potential.
  • Persistent Fuzzing: Test APIs directly in-process with iteration speeds up to 1M/sec.
  • Feedback-Driven: Uses hardware (Intel BTS/PT) and software code coverage to evolve inputs.
  • Easy: Can start with an empty corpus and automatically build a valid input set.
  • Deep Monitoring: Uses low-level APIs (ptrace) to detect hijacked signals and hidden crashes.
  • Broad Support: Linux, macOS, Android, NetBSD, FreeBSD, and Windows (Cygwin).

Installation

Dependencies

Linux (Ubuntu/Debian)

sudo apt-get install binutils-dev libunwind-dev libblocksruntime-dev clang

macOS Requires Xcode (10.8+) and libblocksruntime.

Build

make
# Compilation wrappers are created in hfuzz_cc/

Usage

1. Compile Target

Use the provided compiler wrappers to automatically add instrumentation:

# C code
./hfuzz_cc/hfuzz-clang -o my_target my_target.c

# C++ code
./hfuzz_cc/hfuzz-clang++ -o my_target my_target.cpp

2. Run Fuzzer

Point it to an input corpus directory (can be empty) and your binary:

# Basic run
./honggfuzz -i input_dir/ -- ./my_target ___FILE___

# Persistent mode (faster)
./honggfuzz -P -i input_dir/ -- ./my_target

Note: ___FILE___ is a placeholder for the input filename generated by honggfuzz.

For advanced examples (Apache, OpenSSL, BIND, etc.), check the examples/ directory.

See USAGE.md for detailed options.

Trophies

Honggfuzz has discovered major security vulnerabilities in critical software.

HTTP & Servers

  • Apache HTTPD:
    • CVE-2017-7659 (mod_http2 remote crash)
    • CVE-2017-9789 (Use-after-free)
    • CVE-2018-1301, CVE-2018-1302, CVE-2018-1303
  • OpenSSH: Pre-auth remote crash (commit 28652bca)
  • BIND: Multiple bugs
  • NGINX Unit: Infinite loop
  • ProFTPD: CVE-2019-18217 (DoS)
  • Samba: CVE-2019-14907, CVE-2020-10745, CVE-2021-20277

Cryptography & SSL

  • OpenSSL:
    • CVE-2016-6309 (Critical, Potential RCE)
    • CVE-2015-1789, CVE-2016-7054, CVE-2017-3731
  • LibreSSL: Multiple crashes and invalid frees
  • BoringSSL: Uninitialized memory use
  • Crypto++: CVE-2016-9939 (Remote DoS)

Languages & Interpreters

  • PHP: WDDX bugs, generic interpreter crashes
  • Python/Ruby: Interpreter bugs
  • Rust: Panics/safety issues in regex, h2, sleep-parser, lewton
  • Perl: Multiple interpreter crashes

Media & Formats

  • FreeType 2: CVE-2010-2497 through CVE-2010-2527 (7+ CVEs)
  • LibTIFF: Multiple bugs
  • LibJPEG/Turbo: Multiple bugs
  • VLC: Double-free RCE
  • Adobe Flash: CVE-2015-0316
  • ImageIO (iOS/macOS): Multiple security problems (Project Zero)
  • LibreOffice: Memory corruption

System & Utils

  • Systemd: Tested by honggfuzz
  • fwupd: 17+ bugs found
  • TCPDump: Multiple bugs
  • Rsyslog: Multiple bugs

(See OSS-Fuzz for hundreds more)

Projects Using Honggfuzz

  • Google OSS-Fuzz: Continuous fuzzing for open source software.
  • Android: Used by Android Security team.
  • Rust: honggfuzz-rs crate for fuzzing Rust code.
  • Bitcoin Core: Fuzzing infrastructure.
  • Apache HTTP Server: CI fuzzing.
  • Systemd: CI fuzzing.
  • Cifasis QuickFuzz
  • Mozilla FuzzOS

License

Apache License 2.0.

This is NOT an official Google product