diff options
Diffstat (limited to 'infra/base-images/base-runner/run_fuzzer')
-rwxr-xr-x | infra/base-images/base-runner/run_fuzzer | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/infra/base-images/base-runner/run_fuzzer b/infra/base-images/base-runner/run_fuzzer index 6464ddc2c..b9bc8d9d6 100755 --- a/infra/base-images/base-runner/run_fuzzer +++ b/infra/base-images/base-runner/run_fuzzer @@ -98,22 +98,29 @@ fi if [[ "$FUZZING_ENGINE" = afl ]]; then # Set afl++ environment options. - export ASAN_OPTIONS="$ASAN_OPTIONS:abort_on_error=1:symbolize=0" + export ASAN_OPTIONS="$ASAN_OPTIONS:abort_on_error=1:symbolize=0:detect_odr_violation=0:" export MSAN_OPTIONS="$MSAN_OPTIONS:exit_code=86:symbolize=0" export UBSAN_OPTIONS="$UBSAN_OPTIONS:symbolize=0" export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 export AFL_SKIP_CPUFREQ=1 export AFL_NO_AFFINITY=1 export AFL_FAST_CAL=1 - export AFL_MAP_SIZE=4194304 # If $OUT/afl_cmplog.txt is present this means the target was compiled for # CMPLOG. So we have to add the proper parameters to afl-fuzz. `-l 2` is # CMPLOG level 2, which will colorize larger files but not huge files and # not enable transform analysis unless there have been several cycles without # any finds. - test -e $OUT/afl_cmplog.txt && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -l 2 -c $OUT/$FUZZER" + test -e "$OUT/afl_cmplog.txt" && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -l 2 -c $OUT/$FUZZER" + # If $OUT/afl++.dict we load it as a dictionary for afl-fuzz. + test -e "$OUT/afl++.dict" && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -x $OUT/afl++.dict" + # Ensure timeout is a bit large than 1sec as some of the OSS-Fuzz fuzzers + # are slower than this. + AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -t 5000+" # AFL expects at least 1 file in the input dir. echo input > ${CORPUS_DIR}/input + echo afl++ setup: + env|grep AFL_ + cat "$OUT/afl_options.txt" CMD_LINE="$OUT/afl-fuzz $AFL_FUZZER_ARGS -i $CORPUS_DIR -o $FUZZER_OUT $(get_dictionary) $* -- $OUT/$FUZZER" elif [[ "$FUZZING_ENGINE" = honggfuzz ]]; then |