Where to find corpus for fuzzing?

Denis_Korovin · June 26, 2025, 1:29pm

Hello,
I am interested in running the fuzz tests located in src/tests/fuzz using libFuzzer. However, I could not find any information in the documentation about where to obtain or how to generate the initial corpus, dictionary (.dict ) and seed files required for effective fuzzing.
⦁ Are there any official or recommended sources for these files for Suricata’s fuzz targets?
⦁ If not, what is the suggested way to create or collect an initial corpus and dictionary for these tests?
⦁ Are there any examples or best practices from the Suricata community for setting up fuzzing inputs?

Jeff_Lucovsky · June 27, 2025, 1:59pm

Hi,

Please look at qa/run-ossfuz-corpus.sh

That script will download a corpus for each of the fuzz targets, which are located in the src/tests/fuzz directory.

Denis_Korovin · June 27, 2025, 4:10pm

Thank you for your response. However, I was unable to find the qa/run-ossfuz-corpus.sh script in my Suricata source tree. Could you please clarify where I can find this script, or if it has been moved or renamed recently? Any guidance would be appreciated.

Jeff_Lucovsky · June 27, 2025, 8:01pm

Here’s the direct link – it should be in your github clone

github.com/OISF/suricata

qa/run-ossfuzz-corpus.sh

master

#/bin/sh
ls src/fuzz_* | while read ftarget
do
    target=$(basename $ftarget)
    echo "target $target"
    #download public corpus
    rm -f public.zip
    wget --quiet "https://storage.googleapis.com/suricata-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/suricata_$target/public.zip"
    rm -rf corpus_$target
    unzip -q public.zip -d corpus_$target
    #run target on corpus.
    export LLVM_PROFILE_FILE="/tmp/$target.profraw"
    /usr/bin/time -v ./src/$target corpus_$target
done

Make sure you configure suricata with --enable-fuzztagets