1. About Zzuf

Zzuf is a transparent application input fuzzer. It works by intercepting
file operations and changing random bits in the program's input. Zzuf's
behaviour is deterministic, making it easy to reproduce bugs.


2. Example

Fuzz the input of the "cat" program using default settings:

  # zzuf cat /etc/motd

Fuzz 1% of the input bits of the "cat" program using seed 94324:

  # zzuf -s 94324 -r 0.01 cat /etc/motd

Fuzz the input of the "convert" program, using file foo.jpeg as the
original input and restricting fuzzing to filenames matching the regular
expression "foo" (because convert will also open its own configuration
files and we do not want zzuf to fuzz them):

  # zzuf -i 'foo' convert -- foo.jpeg -format tga /dev/null

Fuzz the input of VLC, using file movie.avi as the original input, and
generate fuzzy-movie.avi which is the file that can be fed to VLC to
reproduce the behaviour without using zzuf:

  # zzuf -s 87423 -r 0.01 vlc -- movie.avi
  # zzuf -s 87423 -r 0.01 cp movie.avi fuzzy-movie.avi
  # vlc fuzzy-movie.avi

Fuzz the input of MPlayer and backup movies that caused it to crash:

  # for seed in $(seq -w 0 9999); do
        zzuf -s ${seed} -r 0.01 -i 'movie[.]avi' \
                  mplayer -- -benchmark -vo null movie.avi >/dev/null 2>&1
        RET=$?
        if [ $RET != 0 ]; then
            echo "seed ${seed}: exit $RET"
            zzuf -s ${seed} -r 0.05 cp movie.avi movie-${seed}.avi
        fi
    done