1*3f982cf4SFabien Sanglard# Building and running fuzzers 2*3f982cf4SFabien Sanglard 3*3f982cf4SFabien SanglardIn order to build fuzzers, you need the GN arg `use_libfuzzer=true`. It's also 4*3f982cf4SFabien Sanglardrecommended to build with `is_asan=true` to catch additional problems. Building 5*3f982cf4SFabien Sanglardand running then might look like: 6*3f982cf4SFabien Sanglard```bash 7*3f982cf4SFabien Sanglard gn gen out/libfuzzer --args="use_libfuzzer=true is_asan=true is_debug=false" 8*3f982cf4SFabien Sanglard ninja -C out/libfuzzer some_fuzz_target 9*3f982cf4SFabien Sanglard out/libfuzzer/some_fuzz_target <args> <corpus_dir> [additional corpus dirs] 10*3f982cf4SFabien Sanglard``` 11*3f982cf4SFabien Sanglard 12*3f982cf4SFabien SanglardThe arguments to the fuzzer binary should be whatever is listed in the GN target 13*3f982cf4SFabien Sanglarddescription (e.g. `-max_len=1500`). These arguments may be automatically 14*3f982cf4SFabien Sanglardscraped by Chromium's ClusterFuzz tool when it runs fuzzers, but they are not 15*3f982cf4SFabien Sanglardbuilt into the target. You can also look at the file 16*3f982cf4SFabien Sanglard`out/libfuzzer/some_fuzz_target.options` for what arguments should be used. The 17*3f982cf4SFabien Sanglard`corpus_dir` is listed as `seed_corpus` in the GN definition of the fuzzer 18*3f982cf4SFabien Sanglardtarget. 19*3f982cf4SFabien Sanglard 20