Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2017-03-04 15:45:43 -0800
committerMike Frysinger <vapier@gentoo.org>2021-04-16 15:21:59 -0400
commitd56b0a6dd878cd451ee258844fd70c2099cd19bd (patch)
tree096e4e6166fdc77a6867750704c1ea4f72dd95dc
parentpaxldso: add support for "new" glibc cache format (diff)
downloadpax-utils-d56b0a6dd878cd451ee258844fd70c2099cd19bd.tar.gz
pax-utils-d56b0a6dd878cd451ee258844fd70c2099cd19bd.tar.bz2
pax-utils-d56b0a6dd878cd451ee258844fd70c2099cd19bd.zip
fuzz: add basic framework for using libFuzzer
By itself, this commit doesn't do anything useful. We have to update each tool to hook into libFuzzer, so we'll do that in follow up commits. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat
-rw-r--r--Makefile20
-rw-r--r--paxinc.h6
-rw-r--r--porting.h5
3 files changed, 30 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index 8a54faf..8e7b183 100644
--- a/Makefile
+++ b/Makefile
@@ -102,12 +102,30 @@ debug: clean
analyze: clean
scan-build $(MAKE) all
-fuzz: clean
+fuzz:
+ @echo "Pick a fuzzer backend:"
+ @echo "$$ make afl-fuzz"
+ @echo "$$ make libfuzzer"
+ @false
+
+afl-fuzz: clean
$(MAKE) AFL_HARDEN=1 CC=afl-gcc all
@rm -rf findings
@printf '\nNow run:\n%s\n' \
"afl-fuzz -t 100 -i tests/fuzz/small/ -o findings/ ./scanelf -s '*' -axetrnibSDIYZB @@"
+# Not all objects support libfuzzer.
+LIBFUZZER_TARGETS =
+LIBFUZZER_FLAGS = \
+ -fsanitize=fuzzer \
+ -fsanitize-coverage=edge
+libfuzzer: clean
+ $(MAKE) \
+ CC="clang" \
+ CFLAGS="-g3 -ggdb $(call check_compiler_many,$(DEBUG_FLAGS)) $(LIBFUZZER_FLAGS)" \
+ CPPFLAGS="-DPAX_UTILS_LIBFUZZ=1" \
+ $(LIBFUZZER_TARGETS)
+
compile.c = $(CC) $(CFLAGS) $(CPPFLAGS) $(CPPFLAGS-$<) -o $@ -c $<
ifeq ($(V),)
diff --git a/paxinc.h b/paxinc.h
index 6d433b9..620ad68 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -108,6 +108,12 @@ const char *strfileperms(const char *fname);
#define PTR_ALIGN_DOWN(base, size) ((__typeof__(base))ALIGN_DOWN((uintptr_t)(base), (size)))
#define PTR_ALIGN_UP(base, size) ((__typeof__(base))ALIGN_UP ((uintptr_t)(base), (size)))
+/* Support for libFuzzer: http://llvm.org/docs/LibFuzzer.html */
+#if PAX_UTILS_LIBFUZZ
+int LLVMFuzzerInitialize(__unused__ int *argc, __unused__ char ***argv);
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+#endif
+
/* helper functions for showing errors */
extern const char *NORM, *RED, *YELLOW;
void color_init(bool disable);
diff --git a/porting.h b/porting.h
index 17bbbbc..c4f5fc6 100644
--- a/porting.h
+++ b/porting.h
@@ -94,6 +94,11 @@
# define PAX_UTILS_CLEANUP 0
#endif
+/* Support for libFuzzer: https://llvm.org/docs/LibFuzzer.html */
+#ifndef PAX_UTILS_LIBFUZZ
+# define PAX_UTILS_LIBFUZZ 0
+#endif
+
/* Few arches can safely do unaligned accesses */
#if defined(__cris__) || \
defined(__i386__) || \