1 |
commit: d56b0a6dd878cd451ee258844fd70c2099cd19bd |
2 |
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Mar 4 23:45:43 2017 +0000 |
4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Apr 16 19:21:59 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d56b0a6d |
7 |
|
8 |
fuzz: add basic framework for using libFuzzer |
9 |
|
10 |
By itself, this commit doesn't do anything useful. We have to update |
11 |
each tool to hook into libFuzzer, so we'll do that in follow up commits. |
12 |
|
13 |
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org> |
14 |
|
15 |
Makefile | 20 +++++++++++++++++++- |
16 |
paxinc.h | 6 ++++++ |
17 |
porting.h | 5 +++++ |
18 |
3 files changed, 30 insertions(+), 1 deletion(-) |
19 |
|
20 |
diff --git a/Makefile b/Makefile |
21 |
index 8a54faf..8e7b183 100644 |
22 |
--- a/Makefile |
23 |
+++ b/Makefile |
24 |
@@ -102,12 +102,30 @@ debug: clean |
25 |
analyze: clean |
26 |
scan-build $(MAKE) all |
27 |
|
28 |
-fuzz: clean |
29 |
+fuzz: |
30 |
+ @echo "Pick a fuzzer backend:" |
31 |
+ @echo "$$ make afl-fuzz" |
32 |
+ @echo "$$ make libfuzzer" |
33 |
+ @false |
34 |
+ |
35 |
+afl-fuzz: clean |
36 |
$(MAKE) AFL_HARDEN=1 CC=afl-gcc all |
37 |
@rm -rf findings |
38 |
@printf '\nNow run:\n%s\n' \ |
39 |
"afl-fuzz -t 100 -i tests/fuzz/small/ -o findings/ ./scanelf -s '*' -axetrnibSDIYZB @@" |
40 |
|
41 |
+# Not all objects support libfuzzer. |
42 |
+LIBFUZZER_TARGETS = |
43 |
+LIBFUZZER_FLAGS = \ |
44 |
+ -fsanitize=fuzzer \ |
45 |
+ -fsanitize-coverage=edge |
46 |
+libfuzzer: clean |
47 |
+ $(MAKE) \ |
48 |
+ CC="clang" \ |
49 |
+ CFLAGS="-g3 -ggdb $(call check_compiler_many,$(DEBUG_FLAGS)) $(LIBFUZZER_FLAGS)" \ |
50 |
+ CPPFLAGS="-DPAX_UTILS_LIBFUZZ=1" \ |
51 |
+ $(LIBFUZZER_TARGETS) |
52 |
+ |
53 |
compile.c = $(CC) $(CFLAGS) $(CPPFLAGS) $(CPPFLAGS-$<) -o $@ -c $< |
54 |
|
55 |
ifeq ($(V),) |
56 |
|
57 |
diff --git a/paxinc.h b/paxinc.h |
58 |
index 6d433b9..620ad68 100644 |
59 |
--- a/paxinc.h |
60 |
+++ b/paxinc.h |
61 |
@@ -108,6 +108,12 @@ const char *strfileperms(const char *fname); |
62 |
#define PTR_ALIGN_DOWN(base, size) ((__typeof__(base))ALIGN_DOWN((uintptr_t)(base), (size))) |
63 |
#define PTR_ALIGN_UP(base, size) ((__typeof__(base))ALIGN_UP ((uintptr_t)(base), (size))) |
64 |
|
65 |
+/* Support for libFuzzer: http://llvm.org/docs/LibFuzzer.html */ |
66 |
+#if PAX_UTILS_LIBFUZZ |
67 |
+int LLVMFuzzerInitialize(__unused__ int *argc, __unused__ char ***argv); |
68 |
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); |
69 |
+#endif |
70 |
+ |
71 |
/* helper functions for showing errors */ |
72 |
extern const char *NORM, *RED, *YELLOW; |
73 |
void color_init(bool disable); |
74 |
|
75 |
diff --git a/porting.h b/porting.h |
76 |
index 17bbbbc..c4f5fc6 100644 |
77 |
--- a/porting.h |
78 |
+++ b/porting.h |
79 |
@@ -94,6 +94,11 @@ |
80 |
# define PAX_UTILS_CLEANUP 0 |
81 |
#endif |
82 |
|
83 |
+/* Support for libFuzzer: https://llvm.org/docs/LibFuzzer.html */ |
84 |
+#ifndef PAX_UTILS_LIBFUZZ |
85 |
+# define PAX_UTILS_LIBFUZZ 0 |
86 |
+#endif |
87 |
+ |
88 |
/* Few arches can safely do unaligned accesses */ |
89 |
#if defined(__cris__) || \ |
90 |
defined(__i386__) || \ |