diff options
author | Evgeny Vereshchagin <evvers@ya.ru> | 2018-11-08 01:27:46 +0300 |
---|---|---|
committer | Oliver Chang <oliverchang@users.noreply.github.com> | 2018-11-08 09:27:46 +1100 |
commit | 3358b336bed76f92ec73c982eb48933592a93457 (patch) | |
tree | e11317e64955372f549280f51456711a62415731 | |
parent | 1ad8633819e2631ff6f1c11e28446343991f7fe0 (diff) | |
download | oss-fuzz-3358b336bed76f92ec73c982eb48933592a93457.tar.gz |
[infra]: place the findings of fuzzers run with `helper.py run_fuzzer` in $OUT (#1922)
When `libFuzzer` is used as a fuzzing engine it conveniently puts
everything it finds into its working directory, which happens to
be $OUT. When any other engine is used, the output is sent to /tmp,
which disappears as soon as the container stops. That makes it
unnecessarily hard to extract reproducers found by afl for further analysis
without joining the mount namespace of a running container and
almost impossible with `honggfuzz`, that exits immediately after a crash.
-rwxr-xr-x | infra/base-images/base-runner/run_fuzzer | 7 | ||||
-rwxr-xr-x | infra/helper.py | 8 |
2 files changed, 13 insertions, 2 deletions
diff --git a/infra/base-images/base-runner/run_fuzzer b/infra/base-images/base-runner/run_fuzzer index d427e0e66..e3a85a586 100755 --- a/infra/base-images/base-runner/run_fuzzer +++ b/infra/base-images/base-runner/run_fuzzer @@ -25,7 +25,12 @@ FUZZER=$1 shift CORPUS_DIR="/tmp/${FUZZER}_corpus" -FUZZER_OUT="/tmp/${FUZZER}_out" + +if [[ "$RUN_FUZZER_MODE" = interactive ]]; then + FUZZER_OUT="$OUT/${FUZZER}_${FUZZING_ENGINE}_${SANITIZER}_out" +else + FUZZER_OUT="/tmp/${FUZZER}_${FUZZING_ENGINE}_${SANITIZER}_out" +fi function get_dictionary() { local options_file="$FUZZER.options" diff --git a/infra/helper.py b/infra/helper.py index 854b2e0a9..b99b069c2 100755 --- a/infra/helper.py +++ b/infra/helper.py @@ -105,6 +105,7 @@ def main(): run_fuzzer_parser = subparsers.add_parser( 'run_fuzzer', help='Run a fuzzer.') _add_engine_args(run_fuzzer_parser) + _add_sanitizer_args(run_fuzzer_parser) _add_environment_args(run_fuzzer_parser) run_fuzzer_parser.add_argument('project_name', help='name of the project') run_fuzzer_parser.add_argument('fuzzer_name', help='name of the fuzzer') @@ -677,7 +678,12 @@ def run_fuzzer(args): if not _check_fuzzer_exists(args.project_name, args.fuzzer_name): return 1 - env = ['FUZZING_ENGINE=' + args.engine] + env = [ + 'FUZZING_ENGINE=' + args.engine, + 'SANITIZER=' + args.sanitizer, + 'RUN_FUZZER_MODE=interactive', + ] + if args.e: env += args.e |