Provided by: zzuf_0.13.svn20100215-4_amd64 bug

NAME

       libzzuf - helper library for the zzuf multiple purpose fuzzer

DESCRIPTION

       libzzuf is a helper library automatically preloaded by zzuf when fuzzing applications, but
       it can also be used alone for debugging purposes or specific cases that cannot be  covered
       by zzuf.

USAGE

       libzzuf  must  be  preloaded  using  the  operating  system's  default  way  of preloading
       libraries. For instance, on a typical Linux installation:

           LD_PRELOAD=/usr/lib/zzuf/libzzuf.so

ENVIRONMENT VARIABLES

       libzzuf's initial setup is done through environment variables. After  they  are  read,  no
       further information can be sent to the fuzzed process.

       All environment variables are optional.

       ZZUF_DEBUG
              This  environment  variable  is  set  to  the debugging level. 0 means no debugging
              information is sent to zzuf. 1 logs important information as well as  all  diverted
              functions. 2 logs fuzzing status and all optional file stream information.

       ZZUF_DEBUGFD
              This  environment  variable  is  set  to  a file descriptor where libzzuf will send
              debugging information. This is used to send  data  to  the  main  zzuf  controlling
              binary.

       ZZUF_SEED
              This variable is set to the initial random seed. Corresponding zzuf flag: --seed.

       ZZUF_MINRATIO, ZZUF_MAXRATIO
              These  variables  are set to the minimal and maximal fuzzing ratios.  Corresponding
              zzuf flag: --ratio.

       ZZUF_AUTOINC
              If this variable is set, the random seed is incremented each time  a  new  file  is
              opened. Corresponding zzuf flag: --autoinc.

       ZZUF_BYTES
              This  variable  contains  byte  ranges  to  which  fuzzing  should  be  restricted.
              Corresponding zzuf flag: --bytes.

       ZZUF_LIST
              This  variable  contains  file  descriptor  ranges  to  which  fuzzing  should   be
              restricted. Corresponding zzuf flag: --list.

       ZZUF_NETWORK
              If  this  variable  is  set,  network  mode  is activated. Corresponding zzuf flag:
              --network.

       ZZUF_PORTS
              This  variable  contains  port  ranges  to  which  fuzzing  should  be  restricted.
              Corresponding zzuf flag: --port.

       ZZUF_PROTECT, ZZUF_REFUSE
              These  variables  contain character ranges to protect or refuse. Corresponding zzuf
              flags: --protect, --refuse.

       ZZUF_INCLUDE, ZZUF_EXCLUDE
              These variables contain regular expressions  to  indicate  which  files  should  be
              included  or  excluded  from  the  list  of fuzzed files. Corresponding zzuf flags:
              --include, --exclude.

       ZZUF_SIGNAL
              If this variable is set, the fuzzed  process  will  be  prevented  from  installing
              signal handlers that usually cause coredumps. Corresponding zzuf flag: --signal.

       ZZUF_MEMORY
              This  variable  contains  the  maximum  amount of memory that the fuzzed process is
              allowed to allocate. Corresponding zzuf flag: --max-memory.

       ZZUF_STDIN
              If this variable is set, standard input will be  fuzzed,  too.  Corresponding  zzuf
              flag: --stdin.

NOTES

       In order to intercept file and network operations, signal handlers and memory allocations,
       libzzuf diverts and reimplements the following functions, which can sometimes be private C
       library symbols, too:

       Unix file descriptor handling:
              open(),  dup(),  dup2(),  lseek(),  read(),  readv(),  pread(), accept(), socket(),
              recv(), recvfrom(), recvmsg(), aio_read(), aio_return(), close()

       Standard IO streams:
              fopen(),  freopen(),  fseek(),  fseeko(),  rewind(),  fread(),  getc(),  getchar(),
              fgetc(), fgets(), ungetc(), fclose()

       Memory management:
              mmap(),    munmap(),    malloc(),    calloc(),    valloc(),   free(),   memalign(),
              posix_memalign()

       Required on Linux:
              open64(), lseek64(), mmap64(),  _IO_getc(),  getline(),  getdelim(),  __getdelim(),
              getc_unlocked(),     getchar_unlocked(),     fgetc_unlocked(),    fgets_unlocked(),
              fread_unlocked(), __uflow()

       Required on BSD systems:
              fgetln(), __srefill(), __srget()

       Required on Mac OS X:
              map_fd()

       Required on HP-UX:
              __open64(), __lseek64(), __filbuf()

       Required on OpenSolaris:
              freopen64(), fseeko64(), fsetpos64()

       Signal handling:
              signal(), sigaction()

       If an application manipulates  file  descriptors  (reading  data,  seeking  around)  using
       functions  that are not in that list, libzzuf will not fuzz its input consistently and the
       results should not be trusted. You can use a tool such as ltrace(1) on Linux to  know  the
       missing functions.

       On BSD systems, such as FreeBSD or Mac OS X, __srefill() is enough to monitor all standard
       IO streams functions. On other systems, such as Linux, each function is reimplemented on a
       case  by  case  basis.  One  important  unimplemented function is fscanf(), because of its
       complexity. Missing functions will be added upon user request.

SEE ALSO

       zzuf(1), ld.so(8)

AUTHOR

       Copyright © 2002-2010 Sam Hocevar <sam@hocevar.net>.

       libzzuf and this manual page are free software. They come without  any  warranty,  to  the
       extent permitted by applicable law. You can redistribute them and/or modify them under the
       terms of the Do What The Fuck You Want To Public License, Version 2, as published  by  Sam
       Hocevar. See http://sam.zoy.org/wtfpl/COPYING for more details.

       zzuf's  webpage  can  be  found  at  http://caca.zoy.org/wiki/zzuf.   An  overview  of the
       architecture and inner works is at http://caca.zoy.org/wiki/zzuf/internals.