diff options
| author | Robert Swiecki <robert@swiecki.net> | 2017-12-25 23:09:21 +0100 |
|---|---|---|
| committer | Robert Swiecki <robert@swiecki.net> | 2017-12-25 23:09:21 +0100 |
| commit | de2e42a0980ea9fc9a78284d00d1211d459f5ddc (patch) | |
| tree | 775228ac5a5aa5377813b9cdf25f8ab06aba311f /examples | |
| parent | 056ad10de405c3d02580ab92de57d110b307e7e1 (diff) | |
| download | honggfuzz-de2e42a0980ea9fc9a78284d00d1211d459f5ddc.tar.gz | |
examples/glibc: add Readme
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/glibc/README.md | 30 | ||||
| -rw-r--r-- | examples/glibc/wrappers.c | 40 |
2 files changed, 70 insertions, 0 deletions
diff --git a/examples/glibc/README.md b/examples/glibc/README.md new file mode 100644 index 00000000..86d42efd --- /dev/null +++ b/examples/glibc/README.md @@ -0,0 +1,30 @@ +# Fuzzing glibc based programs # + +**Prepare glibc** + +```shell +$ gcc ~/src/honggfuzz/examples/glibc/wrappers.c -o /tmp/wrappers.o +$ cd ~/src/glibc-2.26 +$ mkdir build +$ cd build +$ CC="gcc-8 -Wl,/tmp/wrappers.o" CFLAGS="-fsanitize-coverage=trace-pc,trace-cmp -O3 -fno-omit-frame-pointer -ggdb -Wno-error" LIBS="/tmp/wrappers.o" LDFLAGS="/tmp/wrappers.o" ../configure --prefix=/usr --without-cvs --enable-add-ons=libidn --without-selinux --enable-stackguard-randomization --enable-obsolete-rpc --disable-sanity-checks +$ make -j$(nproc) +``` + +_For gcc < 8, use the following ```configure``` options_ + +``` +$ CC="gcc -Wl,/tmp/wrappers.o" CFLAGS="-fsanitize-coverage=trace-pc -O3 -fno-omit-frame-pointer -ggdb -Wno-error" LIBS="/tmp/wrappers.o" LDFLAGS="/tmp/wrappers.o" ../configure --prefix=/usr --without-cvs --enable-add-ons=libidn --without-selinux --enable-stackguard-randomization --enable-obsolete-rpc --disable-sanity-checks +``` + +**Compile code** + +```shell +$ gcc -Wl,-z,muldefs -nodefaultlibs -I ~/src/honggfuzz/ ~/src/honggfuzz/examples/glibc/resolver.c -o resolver -L ~/src/glibc-2.26/build ~/src/honggfuzz/libhfuzz/libhfuzz.a -lc -static -lgcc -lpthread -lgcc_eh -lc +``` + +**Fuzz it** + +```shell +$ ~/src/honggfuzz/honggfuzz -f IN/ -P -- ./resolver +``` diff --git a/examples/glibc/wrappers.c b/examples/glibc/wrappers.c new file mode 100644 index 00000000..5f0feed8 --- /dev/null +++ b/examples/glibc/wrappers.c @@ -0,0 +1,40 @@ +#define AL(x) __attribute__((weak, alias("alias_func"))) void x(void); + +__attribute__((weak)) __attribute__((no_instrument_function)) void alias_func(void) {} + +AL(__cyg_profile_func_enter) +AL(__cyg_profile_func_exit) +AL(__sanitizer_cov_trace_pc) +AL(__sanitizer_cov_trace_const_cmp1) +AL(__sanitizer_cov_trace_const_cmp2) +AL(__sanitizer_cov_trace_const_cmp4) +AL(__sanitizer_cov_trace_const_cmp8) +AL(__sanitizer_cov_trace_cmp1) +AL(__sanitizer_cov_trace_cmp2) +AL(__sanitizer_cov_trace_cmp4) +AL(__sanitizer_cov_trace_cmp8) +AL(__sanitizer_cov_trace_switch) +AL(__sanitizer_cov_trace_cmpd) +AL(__sanitizer_cov_trace_cmpf) +AL(__asan_report_store1) +AL(__asan_report_store2) +AL(__asan_report_store4) +AL(__asan_report_store8) +AL(__asan_report_store16) +AL(__asan_report_load1) +AL(__asan_report_load2) +AL(__asan_report_load4) +AL(__asan_report_load8) +AL(__asan_report_load16) +AL(__asan_register_globals) +AL(__asan_unregister_globals) +AL(__asan_init) +AL(__asan_version_mismatch_check_v8) +AL(__asan_handle_no_return) +AL(__asan_option_detect_stack_use_after_return) +AL(__asan_stack_malloc_1) +AL(__asan_stack_malloc_2) +AL(__asan_stack_malloc_3) +AL(__asan_stack_malloc_4) +AL(__asan_report_load_n) +AL(__asan_report_store_n) |