build: move again stuff using libfuzzer

And fix documentation.

README.md

@@ -340,18 +340,6 @@ You can append any further arguments. If lldpd is unable to find
 `lldpcli` it will start in an unconfigured mode and won't send or
 accept LLDP frames.
 
-You can use [afl](http://lcamtuf.coredump.cx/afl/) to test some
-aspects of lldpd. To test frame decoding, you can do something like
-that:
-
-    export AFL_USE_ASAN=1 # only on 32bit arch
-    ./configure CC=afl-gcc
-    make clean check
-    cd tests
-    mkdir inputs
-    mv *.pcap inputs
-    afl-fuzz -i inputs -o outputs ./decode @@
-
 There is a general test suite with `make check`. It's also possible to
 run integration tests. They need [pytest](http://pytest.org/latest/)
 and rely on Linux containers to be executed.
@@ -369,15 +357,27 @@ To enable code coverage, use:
     genhtml gcov.info --output-directory coverage
 
 ## Fuzzing
-libfuzzer:
 
-```
-export CC=clang
-export CXX=clang++
+### With libfuzzer
 
-sh ./tests/build.sh ASan
-sh ./tests/build.sh Run
 ```
+./tests/fuzzer/build.sh ASan
+./tests/fuzzer/build.sh run
+```
+
+### With AFL
+
+You can use [afl](http://lcamtuf.coredump.cx/afl/) to test some
+aspects of lldpd. To test frame decoding, you can do something like
+that:
+
+    export AFL_USE_ASAN=1 # only on 32bit arch
+    ./configure CC=afl-gcc
+    make clean check
+    cd tests
+    mkdir inputs
+    mv *.pcap inputs
+    afl-fuzz -i inputs -o outputs ./decode @@
 
 ## Embedding
 

tests/build-fuzzer.sh → tests/fuzzer/build.sh

@@ -1,30 +1,29 @@
 #!/bin/bash -eu
 
-build(){
+build() {
    export CFLAGS="$1"
-   export CXXFLAGS="$1"
 
    ./autogen.sh
-   ./configure CC="$CC" CFLAGS="$CFLAGS" LDFLAGS="$CFLAGS" \
+   ./configure CC="${CC:-clang}" CFLAGS="$CFLAGS" LDFLAGS="$CFLAGS" \
       --enable-fuzzer=yes --disable-shared --disable-hardening --enable-pie
 
    make -j$(nproc)
-   mkdir -p tests/seed/fuzz-decode_Corpus
+   mkdir -p tests/fuzzer/corpus
 }
 
-run(){
+run() {
    cd tests
-   ./fuzz-decode seed/fuzz-decode_Corpus seed/fuzz-decode_seed_corpus
+   ./fuzz-decode fuzzer/corpus fuzzer/seed-corpus
 }
 
-help(){
+help() {
    echo "use: ./$0 ASan | UBSan | MSan | Run"
 }
 
 case $1 in
    ASan) build "-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link" ;;
    UBSan) build "-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr -fno-sanitize-recover=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr -fsanitize=fuzzer-no-link" ;;
    MSan) build "-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=memory -fsanitize-memory-track-origins -fsanitize=fuzzer-no-link" ;;
-   run) run $2 ;;
+   run) run ${2:-} ;;
    *) help ;;
 esac