1.get freetype source code
wget http://download.savannah.gnu.org/releases/freetype/freetype-2.8.tar.gz
tar -xf freetype-2.8.tar.gz
cd freetype-2.8/
2.use afl-gcc to instrumentation
CC=/home/wk/workspace/AFL/afl-gcc ./configure
make
3.write a harness program
#include <ft2build.h>
#include FT_FREETYPE_H
int main(int argc, char *argv[]){
FT_Library lib;
FT_Face face;
FT_Init_FreeType(&lib);
FT_New_Face(lib, argv[1], 0, &face);
}
4.compile harness program with static link
./afl-gcc fttest.c -I/home/wk/workspace/freetype-2.8/include -L/home/wk/workspace/freetype-2.8/objs/.libs -lfreetype -lz -static -o font_parser
5.write a test case for harness program
wk@ubuntu:~/workspace/AFL$ cat tmp
AAEAAAAKAIAAAwAgT1MvMgAAAAAAAAEoAAAAVmNtYXAAAAAAAAABiAAAACxnbHlmAAAAAAAAAbwA
AAAkaGVhZAAAAAAAAACsAAAAOGhoZWEAAAAAAAAA5AAAACRobXR4AAAAAAAAAYAAAAAGbG9jYQAA
AAAAAAG0AAAABm1heHAAAAAAAAABCAAAACBuYW1lAAAAAAAAAeAAAAAgcG9zdAAAAAAAAAIAAAAA
EAABAAAAAQAAAkgTY18PPPUACwAgAAAAALSRooAAAAAAyld0xgAAAAAAAQABAAAAAAAAAAAAAAAA
AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAEAAAACAAIAAQAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAEAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAACMAIwAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAMA
AQAAAAwABAAgAAAABAAEAAEAAABB//8AAABBwAABAAAAAAAAAAgAEgAAAAEAAAAAAAAAAAAA
AAAxAAABAAAAAAABAAEAAQAAMTcBAQAAAAAAAgAeAAMAAQQJAAEAAAAAAAMAAQQJAAIAAgAAAAAA
AQAAAAAAAAAAAAAAAAAA
wk@ubuntu:~/workspace/AFL$ cat tmp | base64 --decode > testcaseft/small.ttf
6.start to fuzz
./afl-fuzz -i testcaseft/ -o findings_dir/ -- ./font_parser @@
