Skip to content

Releases: google/honggfuzz

OSS-Fuzz rolling release

23 Jun 20:30
Choose a tag to compare

This release should only used for integration with OSS-Fuzz.
It's guaranteed to work with Linux/Ubuntu/x86-64/ptrace only.

PS: It's a rolling release.

Version 2.5

01 Jan 10:46
Choose a tag to compare
  • fixed build for Android NDK >= 23
  • fixed build for CygWin
  • improved hfuzz-cc, so it supports -x correctly
  • error returned if unknown cmd-line parameters are provided
  • support for thread CPU pinning
  • various fixes for *BSD
  • increased number of dictionary entries (to 8192)

Version 2.4

24 Feb 16:22
Choose a tag to compare
  • better NetBSD support (compatiblity)
  • fixed mangle_getLen() #360
  • disabled --linux_net_ns by default, as the Linux kernel dies under heavy load of new net namespaces
  • added support for address compression in IntelPT mode
  • simplified input_skipFactor() which now yields better results (faster coverage acquisition)
  • added --save_smaller for the use with Rust fuzzing
  • fixed Android build under MacOSX
  • simplified some mangle() functions

Version 2.3.1

22 Jul 21:41
Choose a tag to compare
  • Fixed 'make install' with #356

Version 2.3

22 Jul 19:53
Choose a tag to compare
  • honggfuzz.h - split run_t into substructs
  • clang-format options in .clang-format
  • added missing mutex initializers
  • removed unncessary comparisons to 'true' and 'false'
  • improved NetBSD compatibility
  • removed unnecessary memory fences (speed ups)
  • faster searching through the binary for const 4/8-byte values
  • removed unnecessary includes with iwyu
  • libhfnetdriver - general improvements around local socket fuzzing and timeouts

Version 2.2

23 Apr 21:48
Choose a tag to compare
  • Added 8bitcnt instrumentation - use hfuzz-cc/hfuzz-8bitcnt-(gcc|clang) for that
  • PC-guard instrumentation now uses edge counting
  • --experimental_const_feedback is now set to true by default
  • additional string instrumentation wrappers: glib, lcms
  • additional mutators: splicing, changing ascii numbers
  • additional integer comparison instrumentation (adding integers to the dynamic dictionary)
  • fixed linking with ld.lld
  • removed sanitizer-coverage-prune-blocks from hfuzz-cc.c
  • most mutators have now either overwrite or insert versions
  • fixed memory barriers in libhfuzz/
  • implemented skip_factor which dictates how often a given input is fuzzed
  • lowered the default timeout to 1 second
  • honggfuzz now uses microseconds, instead of milliseconds across the code
  • added some new functions to libhfcommon/files
  • enabled more aggressive inlining in hfuzz-cc/
  • fixed compilation dependency under MacOS X

Version 2.1

03 Mar 00:38
Choose a tag to compare
  • string/int comparison enabled for targets built with *SAN, but w/o hfuzz-cc
  • Parallel work made faster by using faster ATOMIC constructs (check first, then update)
  • Implement --experimental_const_feedback - const string/integer feedback (used as an additional dictionary)
  • Sanitizer report files are "better"-deleted (i.e. based on PID and not TID)
  • New patches for fuzzing added (e.g. for bind-9.16.0/9.15.7)
  • Buffered output enabled in display.c
  • Some functions moved from per-arch arch.c to common subproc.c
  • Compilation under MacOS X 10.15 (Catalina) is now supported
  • Added suport for bfd/binutils-2.33

Version 2.0

07 Dec 15:33
Choose a tag to compare
  • Coverage-based corpus minimizer with '-M'
  • QEmu mode: coverage feedback for Linux binaries
  • *SAN sanitizer stack-parsing improved for Linux and for POSIX
  • Move signal functionality to libhfcommon/
  • Fixed Android builds with newer unwind and capstone
  • NetDriver: more functionality - e.g. specifying custom addresses and custom tmpfs mount points
  • Examples: for /usr/bin/file, newer ISC Bind patch, improved OpenSSL code

Version 1.9

22 May 14:15
Choose a tag to compare
  • Don't include netdriver if not needed
  • Updated examples (bind/openssl)
  • Add missing TEMP_FAILURE_RETRY() wrappers
  • Add additional _HF_STATE_DYNAMIC_SWITCH_TO_MAIN state

Version 1.8

18 Feb 14:50
Choose a tag to compare
  • Multiple smaller changes wrt threading - e.g. introducing the signal thread
  • Removed the support for -p (pid fuzzing), honggfuzz net driver, or persistent fuzzing mode should be used instead
  • Reimplementation of memory comparison routines, now verified with glibc's test-suite
  • Improved hfuzz-cc/clang/gcc - e.g. for the MacOSX platform, also using -fno-sanitize=fuzzer if -fsanitize=fuzzer is specified, + some samba code wrappers
  • Examples: new corpora for some of those, new patch for ISC Bind (9.13.5)