1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
#!/bin/bash
set -e -u -o pipefail
cd "$(dirname "$0")"
read -r -a AVAILABLE_TARGETS < <(echo */fuzz.c | sed 's@/fuzz.c@@g')
usage()
{
cat << EOF
Usage: $0 [OPTION]... FUZZ_TARGET
Fuzz libdeflate with LLVM's libFuzzer.
Options:
--asan Enable AddressSanitizer
--max-len=LEN Maximum length of generated inputs (default: $MAX_LEN)
--msan Enable MemorySanitizer
--time=SECONDS Stop after the given time has passed
--ubsan Enable UndefinedBehaviorSanitizer
Available fuzz targets: ${AVAILABLE_TARGETS[*]}
EOF
}
die()
{
echo "$*" 1>&2
exit 1
}
run_cmd()
{
echo "$*"
"$@"
}
EXTRA_SANITIZERS=
EXTRA_FUZZER_ARGS=()
MAX_LEN=65536
longopts_array=(
asan
help
max-len:
msan
time:
ubsan
)
longopts=$(echo "${longopts_array[@]}" | tr ' ' ',')
if ! options=$(getopt -o "" -l "$longopts" -- "$@"); then
usage 1>&2
exit 1
fi
eval set -- "$options"
while true; do
case "$1" in
--asan)
EXTRA_SANITIZERS+=",address"
;;
--help)
usage
exit 0
;;
--max-len)
MAX_LEN=$2
shift
;;
--msan)
EXTRA_SANITIZERS+=",memory"
;;
--time)
EXTRA_FUZZER_ARGS+=("-max_total_time=$2")
shift
;;
--ubsan)
EXTRA_SANITIZERS+=",undefined"
;;
--)
shift
break
;;
*)
echo 1>&2 "Invalid option '$1'"
usage 1>&2
exit 1
esac
shift
done
EXTRA_FUZZER_ARGS+=("-max_len=$MAX_LEN")
if (( $# != 1 )); then
echo 1>&2 "No fuzz target specified!"
usage 1>&2
exit 1
fi
TARGET=$1
if [ ! -e "$TARGET/fuzz.c" ]; then
echo 1>&2 "'$TARGET' is not a valid fuzz target!"
usage 1>&2
exit 1
fi
run_cmd clang -g -O1 -fsanitize=fuzzer$EXTRA_SANITIZERS \
-Wall -Werror -DLIBDEFLATE_ENABLE_ASSERTIONS=1 -I ../../ \
../../lib/*{,/*}.c "$TARGET/fuzz.c" -o "$TARGET/fuzz"
run_cmd "$TARGET/fuzz" "${EXTRA_FUZZER_ARGS[@]}" "$TARGET/corpus"
|
