From 4c392de98daf5b950b522e7ccba78933130ae252 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Fri, 26 Feb 2021 11:45:30 +0100 Subject: [PATCH] more docu --- fuzzers/libfuzzer_libpng/README.md | 5 ++++- fuzzers/libfuzzer_libpng/test.sh | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/fuzzers/libfuzzer_libpng/README.md b/fuzzers/libfuzzer_libpng/README.md index 498d18babb..dbd64b37ff 100644 --- a/fuzzers/libfuzzer_libpng/README.md +++ b/fuzzers/libfuzzer_libpng/README.md @@ -1,6 +1,7 @@ # Libfuzzer for libpng This folder contains an example fuzzer for libpng, using LLMP for fast multi-process fuzzing and crash detection. +To show off crash detection, we added a ud2 instruction to the harness, edit harness.cc if you want a non-crashing example. It has been tested on Linux. ## Build @@ -19,4 +20,6 @@ As this example uses in-process fuzzing, we added a Restarting Event Manager (`s This means each client will start itself again to listen for crashes and timeouts. By restarting the actual fuzzer, it can recover from these exit conditions. -For convenience, you may just run `./test.sh` in this folder. \ No newline at end of file +In any real-world scenario, you should use `taskset` to pin each client to an empty cpu core, the lib does not pick an empty core automatically (yet). + +For convenience, you may just run `./test.sh` in this folder to test it. \ No newline at end of file diff --git a/fuzzers/libfuzzer_libpng/test.sh b/fuzzers/libfuzzer_libpng/test.sh index db3a2497d4..f707f77271 100755 --- a/fuzzers/libfuzzer_libpng/test.sh +++ b/fuzzers/libfuzzer_libpng/test.sh @@ -6,12 +6,12 @@ cargo build --example libfuzzer_libpng --release || exit 1 cp ../../target/release/examples/libfuzzer_libpng ./.libfuzzer_test.elf # The broker -RUST_BACKTRACE=full ./.libfuzzer_test.elf & +RUST_BACKTRACE=full taskset 0 ./.libfuzzer_test.elf & # Give the broker time to spawn sleep 2 echo "Spawning client" -# The 1st fuzzer client -RUST_BACKTRACE=full ./.libfuzzer_test.elf 2>/dev/null +# The 1st fuzzer client, pin to cpu 0x1 +RUST_BACKTRACE=full taskset 1 ./.libfuzzer_test.elf 2>/dev/null killall .libfuzzer_test.elf rm -rf ./.libfuzzer_test.elf