From c243108b6a037806df334b679604e6430756be8b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 4 Mar 2021 15:19:53 +0100 Subject: update afl++ commit id plus add afl++ debug script (#5297) --- infra/base-images/base-builder/Dockerfile | 2 +- infra/base-images/base-builder/compile_afl | 25 ++++++++++++++++--------- infra/base-images/base-builder/debug_afl | 30 ++++++++++++++++++++++++++++++ infra/base-images/base-runner/run_fuzzer | 2 +- 4 files changed, 48 insertions(+), 11 deletions(-) create mode 100755 infra/base-images/base-builder/debug_afl (limited to 'infra') diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile index 057904707..c0beda0d7 100644 --- a/infra/base-images/base-builder/Dockerfile +++ b/infra/base-images/base-builder/Dockerfile @@ -176,7 +176,7 @@ WORKDIR $SRC # TODO: switch to -b stable once we can. RUN git clone https://github.com/AFLplusplus/AFLplusplus.git aflplusplus && \ cd aflplusplus && \ - git checkout 333509bb0a56be9bd2e236f0e2f37d4af2dd7d59 + git checkout 79d75d8e42e5adf64e149ab6e1fe197cb1d4f303 RUN cd $SRC && \ curl -L -O https://github.com/google/honggfuzz/archive/oss-fuzz.tar.gz && \ diff --git a/infra/base-images/base-builder/compile_afl b/infra/base-images/base-builder/compile_afl index eef0b0193..b832fd8c3 100644 --- a/infra/base-images/base-builder/compile_afl +++ b/infra/base-images/base-builder/compile_afl @@ -19,6 +19,10 @@ # The 'env|grep' setup ensures we do not trigger the linter. # The variables need to be set to "1" here - or before running this script. +# AFL++ settings. +export AFL_LLVM_MODE_WORKAROUND=0 +export AFL_ENABLE_DICTIONARY=0 + # Start compiling afl++. echo "Copying precompiled afl++" @@ -39,7 +43,7 @@ export AFL_QUIET=1 # Several targets run their own tools, so ensure its working. export AFL_MAP_SIZE=4194304 # No leak errors during builds. -export ASAN_OPTIONS="detect_leaks=0:symbolize=0" +export ASAN_OPTIONS="detect_leaks=0:symbolize=0:detect_odr_violation=0:abort_on_error=1" # AFL compile option roulette. It is OK if they all happen together. @@ -56,8 +60,10 @@ test $(($RANDOM % 10)) -lt 1 && { export AFL_LLVM_LAF_ALL=1 } -export AFL_LLVM_MODE_WORKAROUND=0 -export AFL_ENABLE_DICTIONARY=0 +# If the targets wants a dictionary - then create one. +test "$AFL_ENABLE_DICTIONARY" = "1" && { + export AFL_LLVM_DICT2FILE="$OUT/afl++.dict" +} # In case afl-clang-fast ever breaks, this is a workaround: test "$AFL_LLVM_MODE_WORKAROUND" = "1" && { @@ -70,18 +76,19 @@ test "$AFL_LLVM_MODE_WORKAROUND" = "1" && { } export CFLAGS="$CFLAGS $WORKAROUND_FLAGS" export CXXFLAGS="$CXXFLAGS $WORKAROUND_FLAGS" + unset AFL_LLVM_LAF_ALL + unset AFL_LLVM_DICT2FILE + unset AFL_ENABLE_DICTIONARY # We need to create a new fuzzer lib however. ar ru libAFLDrivernew.a afl-compiler-rt.o utils/aflpp_driver/aflpp_driver.o cp -f libAFLDrivernew.a $LIB_FUZZING_ENGINE } -# If the targets whishes a dictionary - then create one. -test "$AFL_ENABLE_DICTIONARY" = "1" && { - export AFL_LLVM_DICT2FILE="$OUT/afl++.dict" -} - # Provide a way to document the afl++ options used in this build: -env | grep AFL_ > "$OUT/afl_options.txt" +echo +echo afl++ target compilation setup: +env | grep AFL_ | tee "$OUT/afl_options.txt" +echo popd > /dev/null diff --git a/infra/base-images/base-builder/debug_afl b/infra/base-images/base-builder/debug_afl new file mode 100755 index 000000000..3e46a18b4 --- /dev/null +++ b/infra/base-images/base-builder/debug_afl @@ -0,0 +1,30 @@ +#!/bin/bash +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Source this file for afl++ debug sessions. +apt-get update +apt-get install -y strace gdb vim joe + +pushd $SRC/aflplusplus > /dev/null +git checkout dev +git pull +make +popd > /dev/null + +export ASAN_OPTIONS="detect_leaks=0:symbolize=0:detect_odr_violation=0:abort_on_error=1" +export AFL_MAP_SIZE=4194304 +ulimit -c unlimited diff --git a/infra/base-images/base-runner/run_fuzzer b/infra/base-images/base-runner/run_fuzzer index 2dd50a85d..16ca244ae 100755 --- a/infra/base-images/base-runner/run_fuzzer +++ b/infra/base-images/base-runner/run_fuzzer @@ -98,7 +98,7 @@ fi if [[ "$FUZZING_ENGINE" = afl ]]; then # Set afl++ environment options. - export ASAN_OPTIONS="$ASAN_OPTIONS:abort_on_error=1:symbolize=0" + export ASAN_OPTIONS="$ASAN_OPTIONS:abort_on_error=1:symbolize=0:detect_odr_violation=0:" export MSAN_OPTIONS="$MSAN_OPTIONS:exit_code=86:symbolize=0" export UBSAN_OPTIONS="$UBSAN_OPTIONS:symbolize=0" export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 -- cgit v1.2.3