CMake Options for libavif Tests and Fuzzers

This article provides a straightforward guide to the CMake configuration options required to build the test suite and fuzzing targets for libavif, the portable AVIF image library. It covers the primary flags needed to enable these builds, manage dependencies like GoogleTest, and configure standalone fuzzer binaries.

CMake Options for Building Tests

To verify the integrity and performance of libavif, you can compile its built-in test suite. The primary CMake options used for configuring tests include:

• AVIF_BUILD_TESTS: Set this option to ON to enable the creation of test executables. By default, it is set to OFF.
  • Example: -DAVIF_BUILD_TESTS=ON
• AVIF_GTEST: The test suite relies on the GoogleTest framework. This option controls how CMake locates or builds GoogleTest. It accepts the following values:
  • LOCAL: Automatically downloads and builds a local copy of GoogleTest (recommended for quick setups).
  • SYSTEM: Uses a version of GoogleTest already installed on your system.
  • OFF: Disables GoogleTest integration.
  • Example: -DAVIF_GTEST=LOCAL

To configure and run the tests, use the following commands in your build directory:

cmake -DAVIF_BUILD_TESTS=ON -DAVIF_GTEST=LOCAL ..
cmake --build .
ctest

CMake Options for Building Fuzzers

Fuzzing is crucial for identifying security vulnerabilities and memory leaks in image decoders. libavif includes several fuzzing targets that can be built using specific CMake flags:

• AVIF_BUILD_FUZZERS: Set this to ON to enable the compilation of the fuzzing targets.
  • Example: -DAVIF_BUILD_FUZZERS=ON
• AVIF_FUZZER_BINARIES: Set this to ON to generate standalone, runnable fuzzer binaries. This is particularly useful if you want to run the fuzzers locally using a simple loop or a basic harness without integration into a larger infrastructure like OSS-Fuzz.
  • Example: -DAVIF_FUZZER_BINARIES=ON

To build the fuzz targets with a standard compiler wrapper (such as Clang with sanitizers), configure your build with the following options:

cmake -DAVIF_BUILD_FUZZERS=ON -DAVIF_FUZZER_BINARIES=ON -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ ..
cmake --build .

For advanced security testing, you should combine these flags with compiler sanitizers by adding appropriate flags (like -fsanitize=address,fuzzer-no-link or -fsanitize=fuzzer) to your CMAKE_C_FLAGS and CMAKE_CXX_FLAGS.