Provided by: fuzz_0.6-18_amd64 bug


       fuzz - stress test programs


       fuzz  [-t|--timeout  timeinsecs]  [-p|--printable]  [-n|--newlines N] [-l|--length totlen]
       [-m|--maxline maxlinelen] [-r|--runcount numruns]  [-b|--bytes]  [-c|--chroot]  [-u|--user
       username]  [-a|--args]  [-o|--omitdata]  [-e|--execute  filename]  [-x|--maxargs  numargs]
       [-d|--dontask] [-y|--mararglen arglen] [-V|--version] [-i|--priority] target targetarg...


       fuzz is a program designed to find bugs in other programs. It does this by doing a form of
       black  box  testing. It does this by running the target program multiple times and passing
       it random input. Right now this can come from one of two places,  stdin  and  the  command
       line arguments. Testing completes whenever the program either the requested number of runs
       finishes successufully or the program crashes.

       Any arguments following the target program are passed directly to the target program.

       NOTE: If the program is not in PATH, it must be referred to using absolute path.

       -a, --args
              In addition to passing random data via stdin, pass random command  line  arguments.
              This  simply  sets the number or random arguments to be passed to 256. See the BUGS

       -b, --bytes
              In addition to counting through the number of runs. Count through the  bytes  being
              sent  through stdin to the program. This option really serves no purpose other than
              making something interesting to watch.

       -c, --chroot
              Since there is no telling what a program will do  when  given  random  input.  this
              allows a program to be sort of caged while it is run so that the damage that it may
              be able to do is minimized. This requires that the fuzz be run  as  root.  It  will
              drop  privlages  before  it  runs  the  test  program.  This option is best used in
              conjunction with the --user option. This often times requires  that  a  program  is
              statically linked.

       -d, --dontask
              In  the  cases  where  the  target  program  is  for sure part of a package and the
              packaging information will provide the needed version information then you can  use
              this option to avoid being asked what the version is.

       -i, --priority
              Run at a specified priority.

       -l, --length LENGTH
              The  length  in  bytes  of  the  data  stream to pass through stdin into the target
              program. The default length is 100K.

       -m, --maxline MAXLINELEN
              Specify the maximum line length within the random data stream passed into stdin.

       -n, --newlines N
              Include random N newlines in the input stream.

       -o, --omitdata
              Some programs don't take input from stdin. They only take input  from  the  command
              line arguments. If this is the case simply use the --omitdata option.

       -p, --printable
              This  limits  both  the  stdin  and  the  command  line arguments to only printable
              characters. By default fuzz passes fully random bytes into the target program.

       -r, --runcount RUNCOUNT
              The number of times to run the target program. The default is 10,000.

       -t, --timeout TIME
              This sets the number of seconds that the fuzz  will  wait  for  the  other  program
              before  it assumes that the program is hung. The default value is 120 seconds. This
              is sensing of when a program is  hung  is  not  entirely  reliable.  See  the  BUGS

       -u, --user USERNAME
              Since  there  is  no  telling  what a program will do when given random input, this
              specifies what user the target program will be run as so that it is  easy  to  find
              and  repair  anything  that  may  have been scribbled across your file system. This
              option was designed to be used in conjuntion with the --chroot option and will only
              work if fuzz is run as root.

       -V, --version
              Print the version of fuzz and exit.

       -x. --maxargs NUMARGS
              This  is  to set the maximum number of arguments that are passed to each invocation
              of the target program.

       -y, --maxarglen ARGLEN
              Sets the maximum length of an arguments passed to the target program.


       Check grep:

              fuzz grep foo

       Run program with different user:

              fuzz --chroot --user nobody cpio -i

       When program is not in path, use absolute patch to access it:

              fuzz ./src/myprogram


       The random arg functions doesn't work very well right now. The  arguments  passed  are  so
       random  that  the  program  usually just prints out the usage message and then terminates.
       This will become much more useful later when we are mating data sets with the intention of
       maximizing code coverage.


       Ben Woodard <>