| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Anestis Bechtsoudis <anestis@census-labs.com>
|
|
|
|
libhfuzz is compiled as static library using the BUILD_STATIC_LIBRARY
template from Android NDK. The static library is added as "virtual"
dependency to main honggfuzz module, otherwise the build system
will ignore it since it detects that the module target is not used. The
libhfuzz extra cflags are matching the ones from master Makefile. Testing
of the libhfuzz is still pending since it requires clang 4.0 while Android is
still defaulting to 3.8.
Also tided-up a little bit the Android.mk so that common configuration is
shared at the top of the file for both target modules.
Finally an additional post build step was required to copy the generated
.a file into the project dir so that both output files are under the same file.
Static libraries compiled from NDK templates are not automatically added
to project output dirs since they purposed for internal dependencies by
default.
Signed-off-by: Anestis Bechtsoudis <anestis@census-labs.com>
|
|
General:
* Move common flags outside the arch if-statements
* Each arch is defining additional flags (ARCH_xxx),
which are then appended before rules take place.
* For dynamic libs set the suffix type based on the arch.
MAC was having a .so for interceptor lib, instead of dylib.
Small tricks to avoid libtool et. al.
* Fixed tabs/spaces that where mixed across the file
* Improve clean rule by defining all target subdirs. This will
allow cross-platform cleans to be completed without
leftovers.
Linux:
* Missing library warnings have been moved in matching
arch statement.
MAC:
* Do some more error checking with xCode SDKs.
For example xCode 7 is shipped in 10.10 (Yosemite)
systems, but with 10.11 (El Capitan) SDK only.
* mig RPC generation has been moved before rules
to ensure that always a latest copy of system is used
even for non clean builds.
* Verify that mig RPC code generations has been
completed successfully before rules.
* mig generated code is placed under mac directory
Makefile output has been diff-ed with previous state
to ensure that same flags are passed across the supported
archs.
Signed-off-by: Anestis Bechtsoudis <anestis@census-labs.com>
|
|
When fuzzing with unique crashes enabled in Linux arch, if the same bug (same PC value)
is triggered under different execution path, fuzzer will miss it since the constructed output
filename will be the same and thus skipped.
Following the same philosophy with MAC arch, a callstack signature hash is created from
the last 3 nibbles of each frame's PC. This will effectively cover both the ASLR disabled
targets and attached PID targets which have (probably) ASLR enabled. Callstack hash is
added as part of both the output filename and report file.
However, since most modern targets use a pool of worker processes (e.g. media parsers),
whitelisting the entire backtrace might result into significant noise for cases where the bug
is triggered from the main thread or a worker. Plus other cases (e.g. matroska) where same
bug can be triggered with different exec paths based on how some locks were acquired at
runtime.
For previous reasons only the 7 most significant frames are participating into the callstack
signature. This value is controlled with NMAJORFRAMES macro and can be easily altered.
Another idea would be to export as a calling argument, although since args are quite a few already
I've left it hardcoded.
As a PoC to verify the signature behavior badcode2 target has been added at the examples.
Signed-off-by: Anestis Bechtsoudis <anestis@census-labs.com>
|
|
Exclude example binary
Signed-off-by: Anestis Bechtsoudis <anestis@census-labs.com>
|
|
* Add Android API 21 support (make android) using POSIX / SIGNAL arch
* Add support for targets with args of type arg=___FILE___
* Add .gitignore
|
