1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// A wrapper which knows to execute a given fuzzer within a fuzztest
// executable that contains multiple fuzzers.
// The fuzzer binary is assumed to be in the same directory as this binary.
#include <iostream>
#include "base/command_line.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/path_service.h"
#include "base/process/launch.h"
#include "base/strings/string_split.h"
#include "base/strings/stringprintf.h"
#include "base/strings/utf_ostream_operators.h"
#include "base/strings/utf_string_conversions.h"
#include "testing/libfuzzer/fuzztest_wrapper_buildflags.h"
extern const char* kFuzzerBinary;
extern const char* kFuzzerArgs;
#if BUILDFLAG(USE_CENTIPEDE)
namespace {
void HandleReplayMode(auto& args) {
// We're handling a centipede based fuzzer. If the last argument is a
// filepath, we're trying to replay a testcase, since it doesn't make sense
// to get a filepath when running with the centipede binary.
if (args.size() <= 1) {
return;
}
base::FilePath test_case(args.back());
if (!base::PathExists(test_case)) {
return;
}
auto env = base::Environment::Create();
#if BUILDFLAG(IS_WIN)
auto env_value = base::WideToUTF8(args.back());
#else
auto env_value = args.back();
#endif
env->SetVar("FUZZTEST_REPLAY", env_value);
env->UnSetVar("CENTIPEDE_RUNNER_FLAGS");
std::cerr << "FuzzTest wrapper setting env var: FUZZTEST_REPLAY="
<< args.back() << '\n';
// We must not add the testcase to the command line, as this will not be
// parsed correctly by centipede.
args.pop_back();
}
} // namespace
#endif // BUILDFLAG(USE_CENTIPEDE)
int main(int argc, const char* const* argv) {
base::CommandLine::Init(argc, argv);
base::FilePath fuzzer_path;
if (!base::PathService::Get(base::DIR_EXE, &fuzzer_path)) {
return -1;
}
fuzzer_path = fuzzer_path.AppendASCII(kFuzzerBinary);
base::LaunchOptions launch_options;
base::CommandLine cmdline(fuzzer_path);
std::vector<std::string_view> additional_args = base::SplitStringPiece(
kFuzzerArgs, " ", base::KEEP_WHITESPACE, base::SPLIT_WANT_ALL);
for (auto arg : additional_args) {
cmdline.AppendArg(arg);
}
auto args = base::CommandLine::ForCurrentProcess()->argv();
#if BUILDFLAG(USE_CENTIPEDE)
HandleReplayMode(args);
#endif // BUILDFLAG(USE_CENTIPEDE)
bool skipped_first = false;
for (auto arg : args) {
if (!skipped_first) {
skipped_first = true;
continue;
}
// We avoid AppendArguments because it parses switches then reorders things.
cmdline.AppendArgNative(arg);
}
std::cerr << "FuzzTest wrapper launching:" << cmdline.GetCommandLineString()
<< "\n";
base::Process p = base::LaunchProcess(cmdline, launch_options);
int exit_code;
p.WaitForExit(&exit_code);
return exit_code;
}
#if defined(WIN32)
#define ALWAYS_EXPORT __declspec(dllexport)
#else
#define ALWAYS_EXPORT __attribute__((visibility("default")))
#endif
ALWAYS_EXPORT extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data,
size_t size) {
// No-op. This symbol exists to ensure that this binary is detected as
// a fuzzer by ClusterFuzz's heuristics. It never actually gets called.
return -1;
}
|
