| 1 |
commit: d56b0a6dd878cd451ee258844fd70c2099cd19bd |
| 2 |
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sat Mar 4 23:45:43 2017 +0000 |
| 4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Apr 16 19:21:59 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d56b0a6d |
| 7 |
|
| 8 |
fuzz: add basic framework for using libFuzzer |
| 9 |
|
| 10 |
By itself, this commit doesn't do anything useful. We have to update |
| 11 |
each tool to hook into libFuzzer, so we'll do that in follow up commits. |
| 12 |
|
| 13 |
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org> |
| 14 |
|
| 15 |
Makefile | 20 +++++++++++++++++++- |
| 16 |
paxinc.h | 6 ++++++ |
| 17 |
porting.h | 5 +++++ |
| 18 |
3 files changed, 30 insertions(+), 1 deletion(-) |
| 19 |
|
| 20 |
diff --git a/Makefile b/Makefile |
| 21 |
index 8a54faf..8e7b183 100644 |
| 22 |
--- a/Makefile |
| 23 |
+++ b/Makefile |
| 24 |
@@ -102,12 +102,30 @@ debug: clean |
| 25 |
analyze: clean |
| 26 |
scan-build $(MAKE) all |
| 27 |
|
| 28 |
-fuzz: clean |
| 29 |
+fuzz: |
| 30 |
+ @echo "Pick a fuzzer backend:" |
| 31 |
+ @echo "$$ make afl-fuzz" |
| 32 |
+ @echo "$$ make libfuzzer" |
| 33 |
+ @false |
| 34 |
+ |
| 35 |
+afl-fuzz: clean |
| 36 |
$(MAKE) AFL_HARDEN=1 CC=afl-gcc all |
| 37 |
@rm -rf findings |
| 38 |
@printf '\nNow run:\n%s\n' \ |
| 39 |
"afl-fuzz -t 100 -i tests/fuzz/small/ -o findings/ ./scanelf -s '*' -axetrnibSDIYZB @@" |
| 40 |
|
| 41 |
+# Not all objects support libfuzzer. |
| 42 |
+LIBFUZZER_TARGETS = |
| 43 |
+LIBFUZZER_FLAGS = \ |
| 44 |
+ -fsanitize=fuzzer \ |
| 45 |
+ -fsanitize-coverage=edge |
| 46 |
+libfuzzer: clean |
| 47 |
+ $(MAKE) \ |
| 48 |
+ CC="clang" \ |
| 49 |
+ CFLAGS="-g3 -ggdb $(call check_compiler_many,$(DEBUG_FLAGS)) $(LIBFUZZER_FLAGS)" \ |
| 50 |
+ CPPFLAGS="-DPAX_UTILS_LIBFUZZ=1" \ |
| 51 |
+ $(LIBFUZZER_TARGETS) |
| 52 |
+ |
| 53 |
compile.c = $(CC) $(CFLAGS) $(CPPFLAGS) $(CPPFLAGS-$<) -o $@ -c $< |
| 54 |
|
| 55 |
ifeq ($(V),) |
| 56 |
|
| 57 |
diff --git a/paxinc.h b/paxinc.h |
| 58 |
index 6d433b9..620ad68 100644 |
| 59 |
--- a/paxinc.h |
| 60 |
+++ b/paxinc.h |
| 61 |
@@ -108,6 +108,12 @@ const char *strfileperms(const char *fname); |
| 62 |
#define PTR_ALIGN_DOWN(base, size) ((__typeof__(base))ALIGN_DOWN((uintptr_t)(base), (size))) |
| 63 |
#define PTR_ALIGN_UP(base, size) ((__typeof__(base))ALIGN_UP ((uintptr_t)(base), (size))) |
| 64 |
|
| 65 |
+/* Support for libFuzzer: http://llvm.org/docs/LibFuzzer.html */ |
| 66 |
+#if PAX_UTILS_LIBFUZZ |
| 67 |
+int LLVMFuzzerInitialize(__unused__ int *argc, __unused__ char ***argv); |
| 68 |
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); |
| 69 |
+#endif |
| 70 |
+ |
| 71 |
/* helper functions for showing errors */ |
| 72 |
extern const char *NORM, *RED, *YELLOW; |
| 73 |
void color_init(bool disable); |
| 74 |
|
| 75 |
diff --git a/porting.h b/porting.h |
| 76 |
index 17bbbbc..c4f5fc6 100644 |
| 77 |
--- a/porting.h |
| 78 |
+++ b/porting.h |
| 79 |
@@ -94,6 +94,11 @@ |
| 80 |
# define PAX_UTILS_CLEANUP 0 |
| 81 |
#endif |
| 82 |
|
| 83 |
+/* Support for libFuzzer: https://llvm.org/docs/LibFuzzer.html */ |
| 84 |
+#ifndef PAX_UTILS_LIBFUZZ |
| 85 |
+# define PAX_UTILS_LIBFUZZ 0 |
| 86 |
+#endif |
| 87 |
+ |
| 88 |
/* Few arches can safely do unaligned accesses */ |
| 89 |
#if defined(__cris__) || \ |
| 90 |
defined(__i386__) || \ |
Archives