diff options
author | Mike Frysinger <vapier@gentoo.org> | 2017-03-04 15:45:43 -0800 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2021-04-16 15:21:59 -0400 |
commit | d56b0a6dd878cd451ee258844fd70c2099cd19bd (patch) | |
tree | 096e4e6166fdc77a6867750704c1ea4f72dd95dc | |
parent | paxldso: add support for "new" glibc cache format (diff) | |
download | pax-utils-d56b0a6dd878cd451ee258844fd70c2099cd19bd.tar.gz pax-utils-d56b0a6dd878cd451ee258844fd70c2099cd19bd.tar.bz2 pax-utils-d56b0a6dd878cd451ee258844fd70c2099cd19bd.zip |
fuzz: add basic framework for using libFuzzer
By itself, this commit doesn't do anything useful. We have to update
each tool to hook into libFuzzer, so we'll do that in follow up commits.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-rw-r--r-- | Makefile | 20 | ||||
-rw-r--r-- | paxinc.h | 6 | ||||
-rw-r--r-- | porting.h | 5 |
3 files changed, 30 insertions, 1 deletions
@@ -102,12 +102,30 @@ debug: clean analyze: clean scan-build $(MAKE) all -fuzz: clean +fuzz: + @echo "Pick a fuzzer backend:" + @echo "$$ make afl-fuzz" + @echo "$$ make libfuzzer" + @false + +afl-fuzz: clean $(MAKE) AFL_HARDEN=1 CC=afl-gcc all @rm -rf findings @printf '\nNow run:\n%s\n' \ "afl-fuzz -t 100 -i tests/fuzz/small/ -o findings/ ./scanelf -s '*' -axetrnibSDIYZB @@" +# Not all objects support libfuzzer. +LIBFUZZER_TARGETS = +LIBFUZZER_FLAGS = \ + -fsanitize=fuzzer \ + -fsanitize-coverage=edge +libfuzzer: clean + $(MAKE) \ + CC="clang" \ + CFLAGS="-g3 -ggdb $(call check_compiler_many,$(DEBUG_FLAGS)) $(LIBFUZZER_FLAGS)" \ + CPPFLAGS="-DPAX_UTILS_LIBFUZZ=1" \ + $(LIBFUZZER_TARGETS) + compile.c = $(CC) $(CFLAGS) $(CPPFLAGS) $(CPPFLAGS-$<) -o $@ -c $< ifeq ($(V),) @@ -108,6 +108,12 @@ const char *strfileperms(const char *fname); #define PTR_ALIGN_DOWN(base, size) ((__typeof__(base))ALIGN_DOWN((uintptr_t)(base), (size))) #define PTR_ALIGN_UP(base, size) ((__typeof__(base))ALIGN_UP ((uintptr_t)(base), (size))) +/* Support for libFuzzer: http://llvm.org/docs/LibFuzzer.html */ +#if PAX_UTILS_LIBFUZZ +int LLVMFuzzerInitialize(__unused__ int *argc, __unused__ char ***argv); +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); +#endif + /* helper functions for showing errors */ extern const char *NORM, *RED, *YELLOW; void color_init(bool disable); @@ -94,6 +94,11 @@ # define PAX_UTILS_CLEANUP 0 #endif +/* Support for libFuzzer: https://llvm.org/docs/LibFuzzer.html */ +#ifndef PAX_UTILS_LIBFUZZ +# define PAX_UTILS_LIBFUZZ 0 +#endif + /* Few arches can safely do unaligned accesses */ #if defined(__cris__) || \ defined(__i386__) || \ |