From: Eric Biggers Date: Fri, 5 Aug 2022 05:23:23 +0000 (-0700) Subject: tools: add afl-fuzz files X-Git-Tag: v1.13.6~5 X-Git-Url: https://wimlib.net/git/?a=commitdiff_plain;h=9a26b65c5018cac5024c96d52d1ce77924666e9e;p=wimlib tools: add afl-fuzz files --- diff --git a/tools/afl-fuzz/Makefile b/tools/afl-fuzz/Makefile new file mode 100644 index 00000000..cff26bf6 --- /dev/null +++ b/tools/afl-fuzz/Makefile @@ -0,0 +1,11 @@ +SRC := $(wildcard */*.c) +EXE := $(SRC:.c=) + +LDLIBS := -lwim +LDFLAGS := -L../../.libs +CPPFLAGS := -I../../include + +all:$(EXE) + +clean: + rm -f $(EXE) diff --git a/tools/afl-fuzz/compress/fuzz.c b/tools/afl-fuzz/compress/fuzz.c new file mode 100644 index 00000000..ccda14b3 --- /dev/null +++ b/tools/afl-fuzz/compress/fuzz.c @@ -0,0 +1,63 @@ +#include +#include +#include +#include +#include +#include +#include +#include + +int main(int argc, char *argv[]) +{ + int fd; + struct stat stbuf; + uint8_t ctype; + uint8_t level; + struct wimlib_compressor *c; + struct wimlib_decompressor *d; + size_t usize, csize; + void *udata, *cdata, *decompressed; + int ret; + + fd = open(argv[1], O_RDONLY); + assert(fd >= 0); + ret = fstat(fd, &stbuf); + assert(!ret); + + if (stbuf.st_size < 2) + return 0; + ret = read(fd, &ctype, 1); + assert(ret == 1); + ret = read(fd, &level, 1); + assert(ret == 1); + ctype = 1 + ((ctype - 1) % 3); /* 1-3 */ + level = 1 + (level % 100); /* 1-100 */ + usize = stbuf.st_size - 2; + + udata = malloc(usize); + cdata = malloc(usize); + decompressed = malloc(usize); + + ret = read(fd, udata, usize); + assert(ret == usize); + + ret = wimlib_create_compressor(ctype, usize, level, &c); + if (ret == 0) { + ret = wimlib_create_decompressor(ctype, usize, &d); + assert(ret == 0); + + csize = wimlib_compress(udata, usize, cdata, usize, c); + if (csize) { + ret = wimlib_decompress(cdata, csize, + decompressed, usize, d); + assert(ret == 0); + assert(memcmp(udata, decompressed, usize) == 0); + } + wimlib_free_compressor(c); + wimlib_free_decompressor(d); + } + free(udata); + free(cdata); + free(decompressed); + return 0; +} diff --git a/tools/afl-fuzz/compress/inputs/lzms20 b/tools/afl-fuzz/compress/inputs/lzms20 new file mode 100644 index 00000000..063a7cb6 --- /dev/null +++ b/tools/afl-fuzz/compress/inputs/lzms20 @@ -0,0 +1,16 @@ +CHAPTER 1. Loomings. + +Call me Ishmael. Some years ago—never mind how long precisely—having +little or no money in my purse, and nothing particular to interest me +on shore, I thought I would sail about a little and see the watery part +of the world. It is a way I have of driving off the spleen and +regulating the circulation. Whenever I find myself growing grim about +the mouth; whenever it is a damp, drizzly November in my soul; whenever +I find myself involuntarily pausing before coffin warehouses, and +bringing up the rear of every funeral I meet; and especially whenever +my hypos get such an upper hand of me, that it requires a strong moral +principle to prevent me from deliberately stepping into the street, and +methodically knocking people’s hats off—then, I account it high time to +get to sea as soon as I can. This is my substitute for pistol and ball. +With a philosophical flourish Cato throws himself upon his sword; I +quietly take to the ship. There is nothing su \ No newline at end of file diff --git a/tools/afl-fuzz/compress/inputs/lzms50 b/tools/afl-fuzz/compress/inputs/lzms50 new file mode 100644 index 00000000..bcb1bc0a --- /dev/null +++ b/tools/afl-fuzz/compress/inputs/lzms50 @@ -0,0 +1,16 @@ +2CHAPTER 1. Loomings. + +Call me Ishmael. Some years ago—never mind how long precisely—having +little or no money in my purse, and nothing particular to interest me +on shore, I thought I would sail about a little and see the watery part +of the world. It is a way I have of driving off the spleen and +regulating the circulation. Whenever I find myself growing grim about +the mouth; whenever it is a damp, drizzly November in my soul; whenever +I find myself involuntarily pausing before coffin warehouses, and +bringing up the rear of every funeral I meet; and especially whenever +my hypos get such an upper hand of me, that it requires a strong moral +principle to prevent me from deliberately stepping into the street, and +methodically knocking people’s hats off—then, I account it high time to +get to sea as soon as I can. This is my substitute for pistol and ball. +With a philosophical flourish Cato throws himself upon his sword; I +quietly take to the ship. There is nothing su \ No newline at end of file diff --git a/tools/afl-fuzz/compress/inputs/lzms80 b/tools/afl-fuzz/compress/inputs/lzms80 new file mode 100644 index 00000000..9f537ada --- /dev/null +++ b/tools/afl-fuzz/compress/inputs/lzms80 @@ -0,0 +1,16 @@ +PCHAPTER 1. Loomings. + +Call me Ishmael. Some years ago—never mind how long precisely—having +little or no money in my purse, and nothing particular to interest me +on shore, I thought I would sail about a little and see the watery part +of the world. It is a way I have of driving off the spleen and +regulating the circulation. Whenever I find myself growing grim about +the mouth; whenever it is a damp, drizzly November in my soul; whenever +I find myself involuntarily pausing before coffin warehouses, and +bringing up the rear of every funeral I meet; and especially whenever +my hypos get such an upper hand of me, that it requires a strong moral +principle to prevent me from deliberately stepping into the street, and +methodically knocking people’s hats off—then, I account it high time to +get to sea as soon as I can. This is my substitute for pistol and ball. +With a philosophical flourish Cato throws himself upon his sword; I +quietly take to the ship. There is nothing su \ No newline at end of file diff --git a/tools/afl-fuzz/compress/inputs/lzx20 b/tools/afl-fuzz/compress/inputs/lzx20 new file mode 100644 index 00000000..83bcdfdf --- /dev/null +++ b/tools/afl-fuzz/compress/inputs/lzx20 @@ -0,0 +1,16 @@ +CHAPTER 1. Loomings. + +Call me Ishmael. Some years ago—never mind how long precisely—having +little or no money in my purse, and nothing particular to interest me +on shore, I thought I would sail about a little and see the watery part +of the world. It is a way I have of driving off the spleen and +regulating the circulation. Whenever I find myself growing grim about +the mouth; whenever it is a damp, drizzly November in my soul; whenever +I find myself involuntarily pausing before coffin warehouses, and +bringing up the rear of every funeral I meet; and especially whenever +my hypos get such an upper hand of me, that it requires a strong moral +principle to prevent me from deliberately stepping into the street, and +methodically knocking people’s hats off—then, I account it high time to +get to sea as soon as I can. This is my substitute for pistol and ball. +With a philosophical flourish Cato throws himself upon his sword; I +quietly take to the ship. There is nothing su \ No newline at end of file diff --git a/tools/afl-fuzz/compress/inputs/lzx50 b/tools/afl-fuzz/compress/inputs/lzx50 new file mode 100644 index 00000000..fac05344 --- /dev/null +++ b/tools/afl-fuzz/compress/inputs/lzx50 @@ -0,0 +1,16 @@ +2CHAPTER 1. Loomings. + +Call me Ishmael. Some years ago—never mind how long precisely—having +little or no money in my purse, and nothing particular to interest me +on shore, I thought I would sail about a little and see the watery part +of the world. It is a way I have of driving off the spleen and +regulating the circulation. Whenever I find myself growing grim about +the mouth; whenever it is a damp, drizzly November in my soul; whenever +I find myself involuntarily pausing before coffin warehouses, and +bringing up the rear of every funeral I meet; and especially whenever +my hypos get such an upper hand of me, that it requires a strong moral +principle to prevent me from deliberately stepping into the street, and +methodically knocking people’s hats off—then, I account it high time to +get to sea as soon as I can. This is my substitute for pistol and ball. +With a philosophical flourish Cato throws himself upon his sword; I +quietly take to the ship. There is nothing su \ No newline at end of file diff --git a/tools/afl-fuzz/compress/inputs/lzx80 b/tools/afl-fuzz/compress/inputs/lzx80 new file mode 100644 index 00000000..46e720f1 --- /dev/null +++ b/tools/afl-fuzz/compress/inputs/lzx80 @@ -0,0 +1,16 @@ +PCHAPTER 1. Loomings. + +Call me Ishmael. Some years ago—never mind how long precisely—having +little or no money in my purse, and nothing particular to interest me +on shore, I thought I would sail about a little and see the watery part +of the world. It is a way I have of driving off the spleen and +regulating the circulation. Whenever I find myself growing grim about +the mouth; whenever it is a damp, drizzly November in my soul; whenever +I find myself involuntarily pausing before coffin warehouses, and +bringing up the rear of every funeral I meet; and especially whenever +my hypos get such an upper hand of me, that it requires a strong moral +principle to prevent me from deliberately stepping into the street, and +methodically knocking people’s hats off—then, I account it high time to +get to sea as soon as I can. This is my substitute for pistol and ball. +With a philosophical flourish Cato throws himself upon his sword; I +quietly take to the ship. There is nothing su \ No newline at end of file diff --git a/tools/afl-fuzz/compress/inputs/xpress20 b/tools/afl-fuzz/compress/inputs/xpress20 new file mode 100644 index 00000000..e41ed0bc --- /dev/null +++ b/tools/afl-fuzz/compress/inputs/xpress20 @@ -0,0 +1,16 @@ +CHAPTER 1. Loomings. + +Call me Ishmael. Some years ago—never mind how long precisely—having +little or no money in my purse, and nothing particular to interest me +on shore, I thought I would sail about a little and see the watery part +of the world. It is a way I have of driving off the spleen and +regulating the circulation. Whenever I find myself growing grim about +the mouth; whenever it is a damp, drizzly November in my soul; whenever +I find myself involuntarily pausing before coffin warehouses, and +bringing up the rear of every funeral I meet; and especially whenever +my hypos get such an upper hand of me, that it requires a strong moral +principle to prevent me from deliberately stepping into the street, and +methodically knocking people’s hats off—then, I account it high time to +get to sea as soon as I can. This is my substitute for pistol and ball. +With a philosophical flourish Cato throws himself upon his sword; I +quietly take to the ship. There is nothing su \ No newline at end of file diff --git a/tools/afl-fuzz/compress/inputs/xpress50 b/tools/afl-fuzz/compress/inputs/xpress50 new file mode 100644 index 00000000..0a8f87f5 --- /dev/null +++ b/tools/afl-fuzz/compress/inputs/xpress50 @@ -0,0 +1,16 @@ +2CHAPTER 1. Loomings. + +Call me Ishmael. Some years ago—never mind how long precisely—having +little or no money in my purse, and nothing particular to interest me +on shore, I thought I would sail about a little and see the watery part +of the world. It is a way I have of driving off the spleen and +regulating the circulation. Whenever I find myself growing grim about +the mouth; whenever it is a damp, drizzly November in my soul; whenever +I find myself involuntarily pausing before coffin warehouses, and +bringing up the rear of every funeral I meet; and especially whenever +my hypos get such an upper hand of me, that it requires a strong moral +principle to prevent me from deliberately stepping into the street, and +methodically knocking people’s hats off—then, I account it high time to +get to sea as soon as I can. This is my substitute for pistol and ball. +With a philosophical flourish Cato throws himself upon his sword; I +quietly take to the ship. There is nothing su \ No newline at end of file diff --git a/tools/afl-fuzz/compress/inputs/xpress80 b/tools/afl-fuzz/compress/inputs/xpress80 new file mode 100644 index 00000000..22e87612 --- /dev/null +++ b/tools/afl-fuzz/compress/inputs/xpress80 @@ -0,0 +1,16 @@ +PCHAPTER 1. Loomings. + +Call me Ishmael. Some years ago—never mind how long precisely—having +little or no money in my purse, and nothing particular to interest me +on shore, I thought I would sail about a little and see the watery part +of the world. It is a way I have of driving off the spleen and +regulating the circulation. Whenever I find myself growing grim about +the mouth; whenever it is a damp, drizzly November in my soul; whenever +I find myself involuntarily pausing before coffin warehouses, and +bringing up the rear of every funeral I meet; and especially whenever +my hypos get such an upper hand of me, that it requires a strong moral +principle to prevent me from deliberately stepping into the street, and +methodically knocking people’s hats off—then, I account it high time to +get to sea as soon as I can. This is my substitute for pistol and ball. +With a philosophical flourish Cato throws himself upon his sword; I +quietly take to the ship. There is nothing su \ No newline at end of file diff --git a/tools/afl-fuzz/decompress/fuzz.c b/tools/afl-fuzz/decompress/fuzz.c new file mode 100644 index 00000000..546a695e --- /dev/null +++ b/tools/afl-fuzz/decompress/fuzz.c @@ -0,0 +1,46 @@ +#include +#include +#include +#include +#include +#include +#include + +int main(int argc, char *argv[]) +{ + int fd; + struct stat stbuf; + uint8_t ctype; + size_t csize, uspace; + void *cdata, *udata; + struct wimlib_decompressor *d; + int ret; + + fd = open(argv[1], O_RDONLY); + assert(fd >= 0); + ret = fstat(fd, &stbuf); + assert(!ret); + + if (stbuf.st_size < 1) + return 0; + ret = read(fd, &ctype, 1); + assert(ret == 1); + ctype = 1 + ((ctype - 1) % 3); /* 1-3 */ + csize = stbuf.st_size - 1; + uspace = csize * 8; + + cdata = malloc(csize); + udata = malloc(uspace); + + ret = read(fd, cdata, csize); + assert(ret == csize); + + ret = wimlib_create_decompressor(ctype, uspace, &d); + if (ret == 0) + wimlib_decompress(cdata, csize, udata, uspace, d); + + free(udata); + free(cdata); + wimlib_free_decompressor(d); + return 0; +} diff --git a/tools/afl-fuzz/decompress/inputs/lzms b/tools/afl-fuzz/decompress/inputs/lzms new file mode 100644 index 00000000..739dd498 Binary files /dev/null and b/tools/afl-fuzz/decompress/inputs/lzms differ diff --git a/tools/afl-fuzz/decompress/inputs/lzx b/tools/afl-fuzz/decompress/inputs/lzx new file mode 100644 index 00000000..e555efe2 Binary files /dev/null and b/tools/afl-fuzz/decompress/inputs/lzx differ diff --git a/tools/afl-fuzz/decompress/inputs/xpress b/tools/afl-fuzz/decompress/inputs/xpress new file mode 100644 index 00000000..e6c9925a Binary files /dev/null and b/tools/afl-fuzz/decompress/inputs/xpress differ diff --git a/tools/afl-fuzz/fuzz.sh b/tools/afl-fuzz/fuzz.sh new file mode 100755 index 00000000..ea2bd4e4 --- /dev/null +++ b/tools/afl-fuzz/fuzz.sh @@ -0,0 +1,154 @@ +#!/bin/bash + +set -e -u -o pipefail + +cd "$(dirname "$0")" + +read -r -a AVAILABLE_TARGETS < <(echo */fuzz.c | sed 's@/fuzz.c@@g') + +usage() +{ + cat << EOF +Usage: $0 [OPTION]... [TARGET]... + +Fuzz wimlib with afl-fuzz. + +Options: + --asan Enable AddressSanitizer + --no-resume Don't resume existing afl-fuzz session; start a new one + --ubsan Enable UndefinedBehaviorSanitizer + +Available targets: ${AVAILABLE_TARGETS[*]} +EOF +} + +die() +{ + echo "$*" 1>&2 + exit 1 +} + +asan=false +ubsan=false +may_resume=true + +longopts_array=( +asan +help +no-resume +ubsan +) +longopts=$(echo "${longopts_array[@]}" | tr ' ' ',') + +if ! options=$(getopt -o "" -l "$longopts" -- "$@"); then + usage 1>&2 + exit 1 +fi +eval set -- "$options" +while (( $# >= 0 )); do + case "$1" in + --asan) + asan=true + ;; + --help) + usage + exit 0 + ;; + --no-resume) + may_resume=false + ;; + --ubsan) + ubsan=true + ;; + --) + shift + break + ;; + *) + echo 1>&2 "Invalid option: \"$1\"" + usage 1>&2 + exit 1 + esac + shift +done + +if $asan && $ubsan; then + die "--asan and --ubsan are mutually exclusive" +fi + +if ! type -P afl-fuzz > /dev/null; then + die "afl-fuzz is not installed" +fi + +if (( $# == 0 )); then + targets=("${AVAILABLE_TARGETS[@]}") +else + for target; do + found=false + for t in "${AVAILABLE_TARGETS[@]}"; do + if [ "$target" = "$t" ]; then + found=true + fi + done + if ! $found; then + echo 1>&2 "Unknown target '$target'" + echo 1>&2 "Available targets: ${AVAILABLE_TARGETS[*]}" + exit 1 + fi + done + targets=("$@") +fi +if (( ${#targets[@]} > 1 )) && ! type -P urxvt > /dev/null; then + die "urxvt is not installed" +fi + +afl_opts="" +if $asan; then + export AFL_USE_ASAN=1 + export CFLAGS="-O2 -m32" + export CC=afl-clang + afl_opts+=" -m 800" +elif $ubsan; then + export CFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined" + export CC=afl-gcc +else + export AFL_HARDEN=1 + export CFLAGS="-O2" + export CC=afl-gcc +fi + +sudo sh -c "echo core > /proc/sys/kernel/core_pattern" +sudo sh -c "echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor" + +NPROC=$(getconf _NPROCESSORS_ONLN) + +( +cd ../../ +./configure CC="$CC" CFLAGS="$CFLAGS" +make "-j$NPROC" +) +make "-j$NPROC" -B +export LD_LIBRARY_PATH=$PWD/../../.libs + +for dir in "${targets[@]}"; do + workdir=/tmp/wimlib_$dir + cp -vaT "$dir" "$workdir" + indir=$workdir/inputs + outdir=$workdir/outputs + if [ -e "$outdir" ]; then + if $may_resume; then + indir="-" + else + rm -rf "${outdir:?}"/* + fi + else + mkdir "$outdir" + fi + cmd="afl-fuzz -i $indir -o $outdir -T wimlib_$dir $afl_opts -- $workdir/fuzz @@" + if (( ${#targets[@]} > 1 )); then + urxvt -e bash -c "$cmd" & + else + $cmd + fi +done +wait