From 89338cad4eed9441644ec8c5f1687b511c829ea4 Mon Sep 17 00:00:00 2001
From: Paul Dreik <github@pauldreik.se>
Date: Sun, 28 Apr 2019 09:40:32 +0200
Subject: [PATCH] add notes on how to reproduce crashes

---
 fuzzing/README.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/fuzzing/README.md b/fuzzing/README.md
index cbdb2b1628d6..6043f8f630d1 100644
--- a/fuzzing/README.md
+++ b/fuzzing/README.md
@@ -21,3 +21,21 @@ This macro is the defacto standard for making fuzzing practically possible, see
 To do a variety of builds making sure the build system works as intended,
 execute ```./build.sh```.
 
+# Reproduce
+To reproduce a crash, there are at least two ways.
+## Reproduce with a normal build
+This will build a normal executable, fed with input from the files given on the command line. This gives an example for the chrono_duration fuzzer:
+```sh
+./build.sh
+cd build-fuzzers-reproduce
+bin/fuzzer_chrono_duration  ../crashes/chrono_duration/*
+```
+
+## Reproduce using libFuzzer
+This will build libFuzzer, fed with input from the files given on the command line. The default libFuzzer build uses sanitizers, so this may catch errors not seen in the normal build. This gives an example for the chrono_duration fuzzer:
+```sh
+./build.sh
+cd build-fuzzers-reproduce
+export UBSAN_OPTIONS=halt_on_error=1
+bin/fuzzer_chrono_duration  ../crashes/chrono_duration/*
+```