diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index 7066e2d543..4428cd530e 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -36,6 +36,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 + - name: Install deps + run: sudo apt-get install -y llvm llvm-dev clang nasm + - name: get clang version + run: command -v llvm-config && clang -v - name: Install cargo-hack run: curl -LsSf https://github.com/taiki-e/cargo-hack/releases/latest/download/cargo-hack-x86_64-unknown-linux-gnu.tar.gz | tar xzf - -C ~/.cargo/bin - name: Run a normal build @@ -76,6 +80,8 @@ jobs: - uses: actions/checkout@v2 - name: MacOS Build run: cargo build --verbose + - name: Install deps + run: brew install llvm libpng nasm - name: Run clippy run: ./scripts/clippy.sh - name: Build fuzzers diff --git a/fuzzers/forkserver_simple/Makefile b/fuzzers/forkserver_simple/Makefile new file mode 100644 index 0000000000..67fea9bf14 --- /dev/null +++ b/fuzzers/forkserver_simple/Makefile @@ -0,0 +1,23 @@ +FUZZER_NAME="forkserver_simple" +PROJECT_DIR=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) + +PHONY: all + +all: fuzzer + +fuzzer: + cargo build --release + cp $(PROJECT_DIR)/target/release/$(FUZZER_NAME) . + +clean: + rm ./$(FUZZER_NAME) + +run: all + taskset -c 0 ./$(FUZZER_NAME) 2>/dev/null & + sleep 0.2 + +short_test: all + timeout 11s taskset -c 0 ./$(FUZZER_NAME) 2>/dev/null & + +test: all + timeout 59s taskset -c 0 ./$(FUZZER_NAME) 2>/dev/null & \ No newline at end of file diff --git a/fuzzers/libfuzzer_libmozjpeg/Makefile b/fuzzers/libfuzzer_libmozjpeg/Makefile index 0cd43ea86e..91a3dcfc3c 100644 --- a/fuzzers/libfuzzer_libmozjpeg/Makefile +++ b/fuzzers/libfuzzer_libmozjpeg/Makefile @@ -1,5 +1,5 @@ -PWD=`pwd` FUZZER_NAME="fuzzer_mozjpeg" +PROJECT_DIR=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) PHONY: all @@ -18,8 +18,8 @@ libafl_cxx: target/release/libafl_cxx libafl_cc: target/release/libafl_cxx mozjpeg-4.0.3-compiled: mozjpeg-4.0.3 libafl_cc - cd $(PWD)/mozjpeg-4.0.3 && cmake --disable-shared . -DCMAKE_C_COMPILER=$(abspath $(PWD)/../target/release/libafl_cc) -DCMAKE_CXX_COMPILER=$(abspath $(PWD)/../target/release/libafl_cxx) -G "Unix Makefiles" - $(MAKE) -C $(PWD)/mozjpeg-4.0.3 + cd mozjpeg-4.0.3 && cmake . -DENABLE_SHARED=false -DCMAKE_C_COMPILER=$(abspath $(PROJECT_DIR)/target/release/libafl_cc) -DCMAKE_CXX_COMPILER=$(abspath $(PROJECT_DIR)/target/release/libafl_cxx) -G "Unix Makefiles" + $(MAKE) -C mozjpeg-4.0.3 fuzzer: mozjpeg-4.0.3-compiled libafl_cxx @@ -28,9 +28,9 @@ fuzzer: mozjpeg-4.0.3-compiled libafl_cxx # Build the mozjpeg harness target/release/libafl_cxx \ - $(PWD)/harness.cc \ - $(PWD)/mozjpeg-4.0.3/*.a \ - -I$(PWD)/mozjpeg-4.0.3/ \ + $(PROJECT_DIR)/harness.cc \ + $(PROJECT_DIR)/mozjpeg-4.0.3/*.a \ + -I$(PROJECT_DIR)/mozjpeg-4.0.3/ \ -o $(FUZZER_NAME) \ -lm -lz diff --git a/fuzzers/libfuzzer_libmozjpeg/README.md b/fuzzers/libfuzzer_libmozjpeg/README.md index 826af53365..4284050c86 100644 --- a/fuzzers/libfuzzer_libmozjpeg/README.md +++ b/fuzzers/libfuzzer_libmozjpeg/README.md @@ -20,7 +20,7 @@ Now compile it with: ``` cd mozjpeg-4.0.3 -cmake --disable-shared . -DCMAKE_C_COMPILER=$(realpath ../target/release/libafl_cc) -DCMAKE_CXX_COMPILER=$(realpath ../target/release/libafl_cxx) -G "Unix Makefiles" +cmake --disable-shared . -DCMAKE_C_COMPILER="$(pwd)/../target/release/libafl_cc" -DCMAKE_CXX_COMPILER="$(pwd)/../target/release/libafl_cxx" -G "Unix Makefiles" make -j `nproc` cd .. ``` diff --git a/fuzzers/libfuzzer_libpng/Makefile b/fuzzers/libfuzzer_libpng/Makefile index fe388109bc..eb090e908c 100644 --- a/fuzzers/libfuzzer_libpng/Makefile +++ b/fuzzers/libfuzzer_libpng/Makefile @@ -1,5 +1,5 @@ -PWD=`pwd` FUZZER_NAME="fuzzer_libpng" +PROJECT_DIR=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) PHONY: all @@ -18,9 +18,9 @@ libafl_cxx: target/release/libafl_cxx libafl_cc: target/release/libafl_cxx libpng-1.6.37/.libs/libpng16.a: libpng-1.6.37 libafl_cc - cd libpng-1.6.37 && ./configure && cd .. - $(MAKE) -C libpng-1.6.37 CC=$(realpath target/release/libafl_cc) CXX=$(realpath target/release/libafl_cxx) - + cd libpng-1.6.37 && ./configure + $(MAKE) -C libpng-1.6.37 CC="$(PROJECT_DIR)/target/release/libafl_cc" CXX="$(PROJECT_DIR)/target/release/libafl_cxx" + fuzzer: libpng-1.6.37/.libs/libpng16.a libafl_cxx # Build the libpng libfuzzer library @@ -28,9 +28,9 @@ fuzzer: libpng-1.6.37/.libs/libpng16.a libafl_cxx # Build the libpng harness target/release/libafl_cxx \ - $(PWD)/harness.cc \ - $(PWD)/libpng-1.6.37/.libs/libpng16.a \ - -I$(PWD)/libpng-1.6.37/ \ + $(PROJECT_DIR)/harness.cc \ + $(PROJECT_DIR)/libpng-1.6.37/.libs/libpng16.a \ + -I$(PROJECT_DIR)/libpng-1.6.37/ \ -o $(FUZZER_NAME) \ -lm -lz diff --git a/fuzzers/libfuzzer_libpng/README.md b/fuzzers/libfuzzer_libpng/README.md index 6484bf62e6..930a21025d 100644 --- a/fuzzers/libfuzzer_libpng/README.md +++ b/fuzzers/libfuzzer_libpng/README.md @@ -35,7 +35,7 @@ Now compile libpng, using the libafl_cc compiler wrapper: ```bash cd libpng-1.6.37 ./configure -make CC=$(realpath ../target/release/libafl_cc) CXX=$(realpath ../target/release/libafl_cxx) -j `nproc` +make CC="$(pwd)/../target/release/libafl_cc" CXX="$(pwd)/../target/release/libafl_cxx" -j `nproc` ``` You can find the static lib at `libpng-1.6.37/.libs/libpng16.a`. diff --git a/fuzzers/libfuzzer_libpng_launcher/Makefile b/fuzzers/libfuzzer_libpng_launcher/Makefile index fe388109bc..855b18c055 100644 --- a/fuzzers/libfuzzer_libpng_launcher/Makefile +++ b/fuzzers/libfuzzer_libpng_launcher/Makefile @@ -1,5 +1,5 @@ -PWD=`pwd` FUZZER_NAME="fuzzer_libpng" +PROJECT_DIR=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) PHONY: all @@ -18,19 +18,19 @@ libafl_cxx: target/release/libafl_cxx libafl_cc: target/release/libafl_cxx libpng-1.6.37/.libs/libpng16.a: libpng-1.6.37 libafl_cc - cd libpng-1.6.37 && ./configure && cd .. - $(MAKE) -C libpng-1.6.37 CC=$(realpath target/release/libafl_cc) CXX=$(realpath target/release/libafl_cxx) + cd libpng-1.6.37 && ./configure + $(MAKE) -C libpng-1.6.37 CC="$(PROJECT_DIR)/target/release/libafl_cc" CXX="$(PROJECT_DIR)/target/release/libafl_cxx" fuzzer: libpng-1.6.37/.libs/libpng16.a libafl_cxx # Build the libpng libfuzzer library cargo build --release - # Build the libpng harness + # Build the libpng harness target/release/libafl_cxx \ - $(PWD)/harness.cc \ - $(PWD)/libpng-1.6.37/.libs/libpng16.a \ - -I$(PWD)/libpng-1.6.37/ \ + $(PROJECT_DIR)/harness.cc \ + $(PROJECT_DIR)/libpng-1.6.37/.libs/libpng16.a \ + -I$(PROJECT_DIR)/libpng-1.6.37/ \ -o $(FUZZER_NAME) \ -lm -lz diff --git a/fuzzers/libfuzzer_reachability/README.md b/fuzzers/libfuzzer_reachability/README.md index 87ad627715..b92817791d 100644 --- a/fuzzers/libfuzzer_reachability/README.md +++ b/fuzzers/libfuzzer_reachability/README.md @@ -33,7 +33,7 @@ Now compile libpng, using the libafl_cc compiler wrapper: ```bash cd libpng-1.6.37 ./configure -make CC=$(realpath ../target/release/libafl_cc) CXX=$(realpath ../target/release/libafl_cxx) -j `nproc` +make CC="$(pwd)/../target/release/libafl_cc" CXX="$(pwd)/../target/release/libafl_cxx" -j `nproc` ``` You can find the static lib at `libpng-1.6.37/.libs/libpng16.a`. diff --git a/fuzzers/libfuzzer_reachability/test.sh b/fuzzers/libfuzzer_reachability/test.sh deleted file mode 100755 index 7d3873dc68..0000000000 --- a/fuzzers/libfuzzer_reachability/test.sh +++ /dev/null @@ -1,10 +0,0 @@ -cargo build --release -./target/release/libafl_cxx ./harness.cc libpng-1.6.37/.libs/libpng16.a -I libpng-1.6.37/ -o fuzzer_libpng -lz -lm - -taskset -c 0 ./fuzzer_libpng & -sleep 1 -taskset -c 1 ./fuzzer_libpng 2>/dev/null - - -killall ./fuzzer_libpng -rm -rf ./fuzzer_libpng diff --git a/fuzzers/libfuzzer_stb_image/Makefile b/fuzzers/libfuzzer_stb_image/Makefile new file mode 100644 index 0000000000..5fcc9d9562 --- /dev/null +++ b/fuzzers/libfuzzer_stb_image/Makefile @@ -0,0 +1,71 @@ +FUZZER_NAME="libfuzzer_stb_image" +PROJECT_DIR=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))) + +PHONY: all + +all: fuzzer + +target/release/libafl_cxx: build.rs + # Build the libpng libfuzzer library + cargo build --release + +libafl_cxx: target/release/libafl_cxx + +libafl_cc: target/release/libafl_cxx + +fuzzer: libafl_cxx + # Build the libpng libfuzzer library + cargo build --release + cp $(PROJECT_DIR)/target/release/$(FUZZER_NAME) . + +clean: + rm ./$(FUZZER_NAME) + +run: all + ./$(FUZZER_NAME) & + sleep 0.2 + ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + +short_test: all + timeout 11s ./$(FUZZER_NAME) & + sleep 0.2 + timeout 10s taskset -c 0 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + timeout 10s taskset -c 1 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + timeout 10s taskset -c 2 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + timeout 10s taskset -c 3 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + +test: all + timeout 60s ./$(FUZZER_NAME) & + sleep 0.2 + timeout 59s taskset 0x00000001 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + timeout 59s taskset 0x00000002 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + timeout 59s taskset 0x00000004 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + timeout 59s taskset 0x00000008 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00000010 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00000020 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00000040 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00000080 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00000100 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00000200 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00000400 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00000800 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00001000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00002000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00004000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00008000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00010000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00020000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00040000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00080000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00100000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00200000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00400000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x00800000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x01000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x02000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x04000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x08000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x10000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x20000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x40000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & + # timeout 59s taskset 0x80000000 ./$(FUZZER_NAME) >/dev/null 2>/dev/null & diff --git a/libafl_targets/src/libfuzzer_compatibility.c b/libafl_targets/src/libfuzzer_compatibility.c index d7e80a03fe..489e9f3b31 100644 --- a/libafl_targets/src/libfuzzer_compatibility.c +++ b/libafl_targets/src/libfuzzer_compatibility.c @@ -12,7 +12,9 @@ EXT_FUNC(LLVMFuzzerCustomCrossOver, size_t, const uint8_t *Data2, size_t Size2, uint8_t *Out, size_t MaxOutSize, unsigned int Seed), false); -EXT_FUNC(LLVMFuzzerTestOneInput, int, (uint8_t *Data, size_t Size), false); +EXT_FUNC_IMPL(LLVMFuzzerTestOneInput, int, (uint8_t *Data, size_t Size), false) { + return 0; +} void libafl_main(void); EXT_FUNC_IMPL(main, int, (int argc, char** argv), false) { diff --git a/scripts/build_all_fuzzers.sh b/scripts/build_all_fuzzers.sh index 4d3058197b..efcf548d5c 100755 --- a/scripts/build_all_fuzzers.sh +++ b/scripts/build_all_fuzzers.sh @@ -20,9 +20,16 @@ do else echo "[+] Skipping fmt and clippy for $fuzzer (--no-fmt specified)" fi - echo "[*] Building $fuzzer" - cargo build || exit 1 + + if [ -e ./Makefile ] && [ "$(uname)" == "Linux" ]; then + echo "[*] Testing $fuzzer" + make short_test || exit 1 + echo "[+] Done testing $fuzzer" + else + echo "[*] Building $fuzzer" + cargo build || exit 1 + echo "[+] Done building $fuzzer" + fi cd .. - echo "[+] Done building $fuzzer" echo "" done