To run the tests, you first need to build the project. It's preferable to build in debugging mode (see the building guide). Don't forget to add the flag
-DBUILD_TESTING=ON to your CMake invocation.
Once the build is successful, you can simply run
./runTests from your build directory to execute them.
If you want to try fuzzing, you need to enable it when you build the project. Add
-DBUILD_FUZZING=ON to your cmake command line (see the building guide).
We will build a corpus thanks to the unit tests. From your build directory run:
./runTests mkdir corpus mv fuzz_case* corpus
You will simply run the fuzzer continuously from your build dir, until you find a crash, if that ever happens:
./fuzzer/fuzz -detect_leaks=0 corpus
If you are (un)lucky, you may uncover a crash through the fuzzer. LibFuzzer will save the faulty input in the current directory, under a name like "crash-9127ecb8d6f30e400d35c47c45bf406eb605b9bb".
The first thing you need to do is to try to minimize the crash. LibFuzzer will attempt to find the minimal input that triggers the crash:
./fuzzer/fuzz -detect_leaks=0 -exact_artifact_path=mycrash.txt -minimize_crash=1 crash-9127ecb8d6f30e400d35c47c45bf406eb605b9bb
This will run for a while, if you feel like it's not making any more progress, you can stop it whenever you want. It will store the resulting minimized crash in
If your minimized mycrash.txt happens to be 0 bytes, check that your original crash file is not a false positive with
cat crash-9127ecb8d6f30e400d35c47c45bf406eb605b9bb |fuzzer/fuzz_reproduce
Congratulations! You have now found your first fuzzing bug in Kdenlive. Please report it here, don't forget to add the
mycrash.txt that you found.