Google Git
Sign in
android / platform / external / AFLplusplus / ad3dba04 / . / dictionaries
tree: 8448cacd13b979aced2fc424098715c0112e6c1e [path history] [tgz]
  1. aff.dict
  2. ass.dict
  3. atom.dict
  4. av1_dc.dict
  5. bash.dict
  6. bdf.dict
  7. bmp.dict
  8. bz2.dict
  9. creole.dict
  10. css.dict
  11. csv.dict
  12. dds.dict
  13. djvu.dict
  14. docommand.dict
  15. exif.dict
  16. fbs.dict
  17. ftp.dict
  18. gif.dict
  19. graphviz.dict
  20. heif.dict
  21. hoextdown.dict
  22. html_tags.dict
  23. http.dict
  24. icc.dict
  25. iccprofile.dict
  26. icns.dict
  27. initfile.dict
  28. jbig2.dict
  29. jpeg.dict
  30. jpeg2000.dict
  31. js.dict
  32. json.dict
  33. jsonnet.dict
  34. markdown.dict
  35. math.dict
  36. mathml.dict
  37. mp4.dict
  38. mysqld.dict
  39. ogg.dict
  40. openexr.dict
  41. otf.dict
  42. pbm.dict
  43. pcap.dict
  44. pdf.dict
  45. perl.dict
  46. png.dict
  47. proj4.dict
  48. protobuf.dict
  49. ps.dict
  50. psd.dict
  51. README.md
  52. regexp.dict
  53. riff.dict
  54. rss.dict
  55. rst.dict
  56. rtf.dict
  57. sas.dict
  58. spss.dict
  59. sql.dict
  60. stata.dict
  61. svg.dict
  62. tex.dict
  63. theme-load-fuzz.dict
  64. tiff.dict
  65. tokener_parse_ex.dict
  66. toml.dict
  67. type42.dict
  68. url.dict
  69. utf8.dict
  70. vcf.dict
  71. vhd.dict
  72. vpx_dec.dict
  73. wav.dict
  74. webm.dict
  75. webp.dict
  76. wkt.dict
  77. x86.dict
  78. xml.dict
  79. xml_UTF_16.dict
  80. xml_UTF_16BE.dict
  81. xml_UTF_16LE.dict
  82. xpath.dict
  83. xslt.dict
  84. yaml.dict
  85. yara.dict
  86. zip.dict
dictionaries/README.md

AFL dictionaries

(See ../README.md for the general instruction manual.)

This subdirectory contains a set of dictionaries that can be used in conjunction with the -x option to allow the fuzzer to effortlessly explore the grammar of some of the more verbose data formats or languages. The basic principle behind the operation of fuzzer dictionaries is outlined in section 10 of the “main” README.md for the project.

These sets were done by Michal Zalewski, various contributors, and imported from oss-fuzz, go-fuzz and libfuzzer.

Custom dictionaries can be added at will. They should consist of a reasonably-sized set of rudimentary syntax units that the fuzzer will then try to clobber together in various ways. Snippets between 2 and 16 bytes are usually the sweet spot.

Custom dictionaries can be created in two ways:

  • By creating a new directory and placing each token in a separate file, in which case, there is no need to escape or otherwise format the data.

  • By creating a flat text file where tokens are listed one per line in the format of name=“value”. The alphanumeric name is ignored and can be omitted, although it is a convenient way to document the meaning of a particular token. The value must appear in quotes, with hex escaping (\xNN) applied to all non-printable, high-bit, or otherwise problematic characters (\ and " shorthands are recognized, too).

The fuzzer auto-selects the appropriate mode depending on whether the -x parameter is a file or a directory.

In the file mode, every name field can be optionally followed by @, e.g.:

keyword_foo@1 = "foo"

Such entries will be loaded only if the requested dictionary level is equal or higher than this number. The default level is zero; a higher value can be set by appending @ to the dictionary file name, like so:

-x path/to/dictionary.dct@2

Good examples of dictionaries can be found in xml.dict and png.dict.