SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support running on Android aarch64 (#17)

Browse Source 
* android: cleanup build.rs and allow for cross-compilation

* aarch64: use an aarch64 undefined instruction

* android: i8 should be u8

* android: siginfo_t is different on arm

* android: cast to c_char instead of u8/i8

It turns out that c_char is different on android and linux

* android: handle LDFLAGS being empty

* android: formatting

* fixed warning

Co-authored-by: Dominik Maier <domenukk@gmail.com>
This commit is contained in:
s1341 2021-03-01 16:18:27 +02:00 committed by GitHub
parent 24e9f70b83
commit d0d9d2887f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 25 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
fuzzers/libfuzzer_libpng/build.rs
View File

@ -23,6 +23,10 @@ fn main() {
// Enforce clang for its -fsanitize-coverage support.
std::env::set_var("CC", "clang");
std::env::set_var("CXX", "clang++");
let ldflags = match env::var("LDFLAGS") {
Ok(val) => val,
Err(_) => "".to_string(),
};
if !libpng_path.is_dir() {
if !Path::new(&libpng_tar).is_file() {
@ -46,9 +50,7 @@ fn main() {
.current_dir(&libpng_path)
.args(&[
"--disable-shared",
"CC=clang",
"CFLAGS=-O3 -g -D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard",
"LDFLAGS=-g -fPIE -fsanitize-coverage=trace-pc-guard",
&format!("--host={}", env::var("TARGET").unwrap())[..],
])
.env("CC", "clang")
.env("CXX", "clang++")
@ -60,30 +62,14 @@ fn main() {
"CXXFLAGS",
"-O3 -g -D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard",
)
.env("LDFLAGS", "-g -fPIE -fsanitize-coverage=trace-pc-guard")
.env(
"LDFLAGS",
format!("-g -fPIE -fsanitize-coverage=trace-pc-guard {}", ldflags),
)
.status()
.unwrap();
Command::new("make")
.current_dir(&libpng_path)
//.arg(&format!("-j{}", num_cpus::get()))
.args(&[
"CC=clang",
"CXX=clang++",
"CFLAGS=-O3 -g -D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard",
"LDFLAGS=-g -fPIE -fsanitize-coverage=trace-pc-guard",
"CXXFLAGS=-D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard",
])
.env("CC", "clang")
.env("CXX", "clang++")
.env(
"CFLAGS",
"-O3 -g -D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard",
)
.env(
"CXXFLAGS",
"-O3 -g -D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard",
)
.env("LDFLAGS", "-g -fPIE -fsanitize-coverage=trace-pc-guard")
.status()
.unwrap();
}
@ -94,6 +80,7 @@ fn main() {
cc::Build::new()
.include(&libpng_path)
.cpp(true)
.flag("-fsanitize-coverage=trace-pc-guard")
// .define("HAS_DUMMY_CRASH", "1")
.file("./harness.cc")
@ -108,7 +95,8 @@ fn main() {
println!("cargo:rustc-link-lib=dylib=z");
//For the C++ harness
println!("cargo:rustc-link-lib=static=stdc++");
//must by dylib for android
println!("cargo:rustc-link-lib=dylib=stdc++");
println!("cargo:rerun-if-changed=build.rs");
}

5
fuzzers/libfuzzer_libpng/harness.cc
View File

@ -159,6 +159,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
PNG_CLEANUP
#ifdef HAS_DUMMY_CRASH
asm("ud2");
#ifdef __aarch64__
asm volatile (".word 0xf7f0a000\n");
#else
asm("ud2");
#endif
#endif
return 0;
}

2
libafl/src/bolts/shmem.rs
View File

@ -273,7 +273,7 @@ pub mod shmem {
return 0 as *mut c_uchar;
}
snprintf(
(*shm).shm_str.as_mut_ptr() as *mut i8,
(*shm).shm_str.as_mut_ptr() as *mut c_char,
size_of::<[c_char; 20]>() as c_ulong,
b"%d\x00" as *const u8 as *const c_char,
(*shm).shm_id,

7
libafl/src/executors/inprocess.rs
View File

@ -207,9 +207,14 @@ pub mod unix_signals {
I: Input,
{
if CURRENT_INPUT_PTR == ptr::null() {
#[cfg(target_os = "android")]
let si_addr = { ((info._pad[0] as usize) | ((info._pad[1] as usize) << 32)) as usize };
#[cfg(not(target_os = "android"))]
let si_addr = { info.si_addr() as usize };
println!(
"We crashed at addr 0x{:x}, but are not in the target... Bug in the fuzzer? Exiting.",
info.si_addr() as usize
si_addr
);
// let's yolo-cat the maps for debugging, if possible.
#[cfg(target_os = "linux")]