first attempts
This commit is contained in:
van Hauser
parent
468c5f6bfa
commit
16a79bfbbc
@ -17,6 +17,7 @@ opt-level = 3
|
|||||||
debug = true
|
debug = true
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
|
clap = "2.32.0"
|
||||||
afl = { path = "../../afl/" }
|
afl = { path = "../../afl/" }
|
||||||
|
|
||||||
[lib]
|
[lib]
|
||||||
|
|||||||
@ -53,7 +53,7 @@ def ld_mode():
|
|||||||
args += sys.argv[1:]
|
args += sys.argv[1:]
|
||||||
args += [
|
args += [
|
||||||
os.path.join(script_dir, "runtime", "rt.o"),
|
os.path.join(script_dir, "runtime", "rt.o"),
|
||||||
os.path.join(script_dir, "target", "release", "liblibfuzzer.a"),
|
os.path.join(script_dir, "target", "debug", "liblibfuzzer.a"),
|
||||||
]
|
]
|
||||||
|
|
||||||
args += ["-fsanitize-coverage=trace-pc-guard,trace-cmp"]
|
args += ["-fsanitize-coverage=trace-pc-guard,trace-cmp"]
|
||||||
|
|||||||
@ -1,7 +1,12 @@
|
|||||||
#![cfg_attr(not(feature = "std"), no_std)]
|
#![cfg_attr(not(feature = "std"), no_std)]
|
||||||
|
|
||||||
|
#[macro_use]
|
||||||
|
extern crate clap;
|
||||||
extern crate alloc;
|
extern crate alloc;
|
||||||
|
|
||||||
|
use clap::{App, Arg};
|
||||||
|
use std::env;
|
||||||
|
|
||||||
use afl::corpus::InMemoryCorpus;
|
use afl::corpus::InMemoryCorpus;
|
||||||
use afl::engines::Engine;
|
use afl::engines::Engine;
|
||||||
use afl::engines::Fuzzer;
|
use afl::engines::Fuzzer;
|
||||||
@ -23,6 +28,9 @@ extern "C" {
|
|||||||
/// int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
/// int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||||
fn LLVMFuzzerTestOneInput(data: *const u8, size: usize) -> i32;
|
fn LLVMFuzzerTestOneInput(data: *const u8, size: usize) -> i32;
|
||||||
|
|
||||||
|
/// int LLVMFuzzerInitialize(int argc, char **argv)
|
||||||
|
fn LLVMFuzzerInitialize(argc: u32, argv: *const *const u8) -> i32;
|
||||||
|
|
||||||
static __lafl_edges_map: *mut u8;
|
static __lafl_edges_map: *mut u8;
|
||||||
static __lafl_cmp_map: *mut u8;
|
static __lafl_cmp_map: *mut u8;
|
||||||
static __lafl_max_edges_size: u32;
|
static __lafl_max_edges_size: u32;
|
||||||
@ -39,8 +47,68 @@ const NAME_COV_MAP: &str = "cov_map";
|
|||||||
|
|
||||||
#[no_mangle]
|
#[no_mangle]
|
||||||
pub extern "C" fn afl_libfuzzer_main() {
|
pub extern "C" fn afl_libfuzzer_main() {
|
||||||
let mut rand = StdRand::new(0);
|
let matches = App::new("libAFLrs fuzzer harness")
|
||||||
|
.about("libAFLrs fuzzer harness help options.")
|
||||||
|
.arg(
|
||||||
|
Arg::with_name("dictionary")
|
||||||
|
.short("x")
|
||||||
|
.value_name("DICTIONARY")
|
||||||
|
.takes_value(true)
|
||||||
|
.multiple(true)
|
||||||
|
.help("Dictionary file to use, can be specified multiple times."),
|
||||||
|
)
|
||||||
|
.arg(
|
||||||
|
Arg::with_name("statstime")
|
||||||
|
.short("T")
|
||||||
|
.value_name("STATSTIME")
|
||||||
|
.takes_value(true)
|
||||||
|
.help("How often to print statistics in seconds [default: 5, disable: 0]"),
|
||||||
|
)
|
||||||
|
.arg(Arg::with_name("workdir")
|
||||||
|
.help("Where to write the corpus, also reads the data on start. If more than one is supplied the first will be the work directory, all others will just be initially read from.")
|
||||||
|
.multiple(true)
|
||||||
|
.value_name("WORKDIR")
|
||||||
|
)
|
||||||
|
.get_matches();
|
||||||
|
|
||||||
|
let statstime = value_t!(matches, "statstime", u32).unwrap_or(5);
|
||||||
|
|
||||||
|
let workdir = if matches.is_present("workdir") {
|
||||||
|
matches.value_of("workdir").unwrap().to_string()
|
||||||
|
} else {
|
||||||
|
env::current_dir().unwrap().to_string_lossy().to_string()
|
||||||
|
};
|
||||||
|
|
||||||
|
let mut dictionary: Option<Vec<String>> = None;
|
||||||
|
|
||||||
|
if matches.is_present("dictionary") {
|
||||||
|
dictionary = Some(values_t!(matches, "dictionary", String).unwrap_or_else(|e| e.exit()));
|
||||||
|
}
|
||||||
|
|
||||||
|
let mut input: Option<Vec<String>> = None;
|
||||||
|
if matches.is_present("workdir") {
|
||||||
|
input = Some(values_t!(matches, "workdir", String).unwrap_or_else(|e| e.exit()));
|
||||||
|
}
|
||||||
|
|
||||||
|
// debug prints
|
||||||
|
|
||||||
|
println!("workdir: {}", workdir);
|
||||||
|
|
||||||
|
if dictionary != None {
|
||||||
|
for file in dictionary.unwrap() {
|
||||||
|
println!("dic: {}", file);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if input != None {
|
||||||
|
for indir in input.unwrap() {
|
||||||
|
println!("in: {}", indir);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// original code
|
||||||
|
|
||||||
|
let mut rand = StdRand::new(0);
|
||||||
let mut corpus = InMemoryCorpus::new();
|
let mut corpus = InMemoryCorpus::new();
|
||||||
let mut generator = RandPrintablesGenerator::new(32);
|
let mut generator = RandPrintablesGenerator::new(32);
|
||||||
|
|
||||||
|
|||||||
@ -1,11 +1,12 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
cargo build --release
|
cargo build || exit 1
|
||||||
make -C runtime
|
make -C runtime || exit 1
|
||||||
|
|
||||||
./compiler -flto=thin -c test/test.c -o test_fuzz.o
|
rm -f test_fuzz.elf test_fuzz.o
|
||||||
./compiler -flto=thin -fuse-ld=lld test_fuzz.o -o test_fuzz.elf
|
./compiler -flto=thin -c test/test.c -o test_fuzz.o || exit 1
|
||||||
|
./compiler -flto=thin test_fuzz.o -o test_fuzz.elf || exit 1
|
||||||
|
|
||||||
|
RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b foo bar
|
||||||
|
|
||||||
RUST_BACKTRACE=1 ./test_fuzz.elf
|
|
||||||
|
|
||||||
#rm ./test_fuzz.elf
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user