update afl++ commit id plus add afl++ debug script (#5297)

author: van Hauser <vh@thc.org> 2021-03-04 15:19:53 +0100
committer: GitHub <noreply@github.com> 2021-03-04 14:19:53 +0000
commit: c243108b6a037806df334b679604e6430756be8b (patch)
tree: b2ae853b54a0ca03d3688a459078cb79c6ef7d28 /infra
parent: cb0a8bc2c64b3c5f117ed94e243ae6e4fa561a85 (diff)
download: oss-fuzz-c243108b6a037806df334b679604e6430756be8b.tar.gz
4 files changed, 48 insertions, 11 deletions
diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile
index 057904707..c0beda0d7 100644
--- a/infra/base-images/base-builder/Dockerfile
+++ b/infra/base-images/base-builder/Dockerfile
@@ -176,7 +176,7 @@ WORKDIR $SRC
 # TODO: switch to -b stable once we can.
 RUN git clone https://github.com/AFLplusplus/AFLplusplus.git aflplusplus && \
     cd aflplusplus && \
-    git checkout 333509bb0a56be9bd2e236f0e2f37d4af2dd7d59
+    git checkout 79d75d8e42e5adf64e149ab6e1fe197cb1d4f303
 
 RUN cd $SRC && \
     curl -L -O https://github.com/google/honggfuzz/archive/oss-fuzz.tar.gz && \
diff --git a/infra/base-images/base-builder/compile_afl b/infra/base-images/base-builder/compile_afl
index eef0b0193..b832fd8c3 100644
--- a/infra/base-images/base-builder/compile_afl
+++ b/infra/base-images/base-builder/compile_afl
@@ -19,6 +19,10 @@
 # The 'env|grep' setup ensures we do not trigger the linter.
 # The variables need to be set to "1" here - or before running this script.
 
+# AFL++ settings.
+export AFL_LLVM_MODE_WORKAROUND=0
+export AFL_ENABLE_DICTIONARY=0
+
 # Start compiling afl++.
 echo "Copying precompiled afl++"
 
@@ -39,7 +43,7 @@ export AFL_QUIET=1
 # Several targets run their own tools, so ensure its working.
 export AFL_MAP_SIZE=4194304
 # No leak errors during builds.
-export ASAN_OPTIONS="detect_leaks=0:symbolize=0"
+export ASAN_OPTIONS="detect_leaks=0:symbolize=0:detect_odr_violation=0:abort_on_error=1"
 
 # AFL compile option roulette. It is OK if they all happen together.
 
@@ -56,8 +60,10 @@ test $(($RANDOM % 10)) -lt 1 && {
   export AFL_LLVM_LAF_ALL=1
 }
 
-export AFL_LLVM_MODE_WORKAROUND=0
-export AFL_ENABLE_DICTIONARY=0
+# If the targets wants a dictionary - then create one.
+test "$AFL_ENABLE_DICTIONARY" = "1" && {
+  export AFL_LLVM_DICT2FILE="$OUT/afl++.dict"
+}
 
 # In case afl-clang-fast ever breaks, this is a workaround:
 test "$AFL_LLVM_MODE_WORKAROUND" = "1" && {
@@ -70,18 +76,19 @@ test "$AFL_LLVM_MODE_WORKAROUND" = "1" && {
   }
   export CFLAGS="$CFLAGS $WORKAROUND_FLAGS"
   export CXXFLAGS="$CXXFLAGS $WORKAROUND_FLAGS"
+  unset AFL_LLVM_LAF_ALL
+  unset AFL_LLVM_DICT2FILE
+  unset AFL_ENABLE_DICTIONARY
   # We need to create a new fuzzer lib however.
   ar ru libAFLDrivernew.a afl-compiler-rt.o utils/aflpp_driver/aflpp_driver.o
   cp -f libAFLDrivernew.a $LIB_FUZZING_ENGINE
 }
 
-# If the targets whishes a dictionary - then create one.
-test "$AFL_ENABLE_DICTIONARY" = "1" && {
-  export AFL_LLVM_DICT2FILE="$OUT/afl++.dict"
-}
-
 # Provide a way to document the afl++ options used in this build:
-env | grep AFL_ > "$OUT/afl_options.txt"
+echo
+echo afl++ target compilation setup:
+env | grep AFL_ | tee "$OUT/afl_options.txt"
+echo
 
 popd > /dev/null
 
diff --git a/infra/base-images/base-builder/debug_afl b/infra/base-images/base-builder/debug_afl
new file mode 100755
index 000000000..3e46a18b4
--- /dev/null
+++ b/infra/base-images/base-builder/debug_afl
@@ -0,0 +1,30 @@
+#!/bin/bash
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# Source this file for afl++ debug sessions.
+apt-get update
+apt-get install -y strace gdb vim joe 
+
+pushd $SRC/aflplusplus > /dev/null
+git checkout dev
+git pull
+make
+popd > /dev/null
+
+export ASAN_OPTIONS="detect_leaks=0:symbolize=0:detect_odr_violation=0:abort_on_error=1"
+export AFL_MAP_SIZE=4194304
+ulimit -c unlimited 
diff --git a/infra/base-images/base-runner/run_fuzzer b/infra/base-images/base-runner/run_fuzzer
index 2dd50a85d..16ca244ae 100755
--- a/infra/base-images/base-runner/run_fuzzer
+++ b/infra/base-images/base-runner/run_fuzzer
@@ -98,7 +98,7 @@ fi
 if [[ "$FUZZING_ENGINE" = afl ]]; then
 
   # Set afl++ environment options.
-  export ASAN_OPTIONS="$ASAN_OPTIONS:abort_on_error=1:symbolize=0"
+  export ASAN_OPTIONS="$ASAN_OPTIONS:abort_on_error=1:symbolize=0:detect_odr_violation=0:"
   export MSAN_OPTIONS="$MSAN_OPTIONS:exit_code=86:symbolize=0"
   export UBSAN_OPTIONS="$UBSAN_OPTIONS:symbolize=0"
   export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1
author	van Hauser <vh@thc.org>	2021-03-04 15:19:53 +0100
committer	GitHub <noreply@github.com>	2021-03-04 14:19:53 +0000
commit	c243108b6a037806df334b679604e6430756be8b (patch)
tree	b2ae853b54a0ca03d3688a459078cb79c6ef7d28 /infra
parent	cb0a8bc2c64b3c5f117ed94e243ae6e4fa561a85 (diff)
download	oss-fuzz-c243108b6a037806df334b679604e6430756be8b.tar.gz