Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
FUZZ(1)			    General Commands Manual		       FUZZ(1)

       fuzz - stress test programs

       fuzz   [-t|--timeout   timeinsecs]   [-p|--printable]   [-n|--newlines]
       [-l|--length totlen] [-m|--maxline maxlinelen] [-r|--runcount  numruns]
       [-b|--bytes] [-c|--chroot] [-u|--user username] [-a|--args] [-o|--omit-
       data] [-e|--execute  filename]  [-x|--maxargs  numargs]	[-d|--dontask]
       [-y|--mararglen	arglen]	 [-V|--version]	 [-i|--priority] target	targe-

       fuzz is a program designed to find bugs in other	programs. It does this
       by  doing a form	of black box testing. It does this by running the tar-
       get program multiple times and passing it random	input. Right now  this
       can  come from one of two places, stdin and the command line arguments.
       Testing completes whenever the program either the requested  number  of
       runs finishes successufully or the program crashes.

       Any  arguments  following the target program are	passed directly	to the
       target program.

       -t, --timeout TIME
	      This sets	the number of seconds that the fuzz will wait for  the
	      other  program  before  it assumes that the program is hung. The
	      default value is 120 seconds. This is sensing of when a  program
	      is hung is not entirely reliable.	See the	BUGS section.

       -p, --printable
	      This  limits  both  the  stdin and the command line arguments to
	      only printable characters. By default fuzz passes	 fully	random
	      bytes into the target program.

       -n, --newlines
	      Include random newlines in the input stream.

       -l, --length LENGTH
	      The  length  in  bytes  of the data stream to pass through stdin
	      into the target program. The default length is 100K.

       -m, --maxline MAXLINELEN
	      Specify the maximum line length within the  random  data	stream
	      passed into stdin.

       -r, --runcount RUNCOUNT
	      The  number  of  times to	run the	target program.	The default is

       -b, --bytes
	      In addition to  counting	through	 the  number  of  runs.	 Count
	      through  the bytes being sent through stdin to the program. This
	      option really serves no purpose other than making	something  in-
	      teresting	to watch.

       -c, --chroot
	      Since there is no	telling	what a program will do when given ran-
	      dom input. this allows a program to be sort of caged while it is
	      run  so  that the	damage that it may be able to do is minimized.
	      This requires that the  fuzz  be	run  as	 root.	It  will  drop
	      privlages	 before	 it runs the test program. This	option is best
	      used in conjunction with the --user option. This often times re-
	      quires that a program is statically linked.

       -u, --user USERNAME
	      Since there is no	telling	what a program will do when given ran-
	      dom input, this specifies	what user the target program  will  be
	      run  as  so that it is easy to find and repair anything that may
	      have been	scribbled across your file system. This	option was de-
	      signed  to  be  used  in conjuntion with the --chroot option and
	      will only	work if	fuzz is	run as root.

       -a, --args
	      In addition to passing random data via stdin, pass  random  com-
	      mand line	arguments. This	simply sets the	number or random argu-
	      ments to be passed to 256. See the BUGS section.

       -o, --omitdata
	      Some programs don't take input from stdin. They only take	 input
	      from  the	command	line arguments.	If this	is the case simply use
	      the --omitdata option.

       -x. --maxargs NUMARGS
	      This is to set the maximum number	of arguments that  are	passed
	      to each invocation of the	target program.

       -y, --maxarglen ARGLEN
	      Sets  the	 maximum  length  of an	arguments passed to the	target

       -V, --version
	      Print the	version	of fuzz	and exit.

       -i, --priority
	      Run at a specified priority.

       -d, --dontask
	      In the cases where the target program is	for  sure  part	 of  a
	      package  and  the	 packaging information will provide the	needed
	      version information then you can use this	option to avoid	 being
	      asked what the version is.

	      fuzz grep	foo
	      fuzz -c -u nobody	cpio -i

       The  random  arg	 functions doesn't work	very well right	now. The argu-
       ments passed are	so random that the program usually just	prints out the
       usage  message  and  then terminates. This will become much more	useful
       later when we are mating	data sets with	the  intention	of  maximizing
       code coverage.

       Ben Woodard <>

3rd Berkeley Distribution      November	3, 1999			       FUZZ(1)


Want to link to this manual page? Use this URL:

home | help