afl-fuzz
This commit is contained in:
sfan5
21
build.sh
Executable file
21
build.sh
Executable file
@@ -0,0 +1,21 @@
|
||||
#!/bin/bash
|
||||
export CC=afl-clang-lto
|
||||
export CXX=afl-clang-lto++
|
||||
export LD=$CXX
|
||||
|
||||
args=(-DBUILD_EXAMPLES=ON -DENABLE_OPENGL=OFF -DBUILD_SHARED_LIBS=OFF)
|
||||
|
||||
unset AFL_USE_ASAN
|
||||
grep -Fq '/afl-' build2/CMakeCache.txt || rm -rf build2
|
||||
cmake -S . -B build2 "${args[@]}"
|
||||
nice make -C build2 clean
|
||||
nice make -C build2 -j10
|
||||
for f in build2/bin/Linux/*; do
|
||||
ln -sv "../../$f" "bin/Linux/${f##*/}_noasan"
|
||||
done
|
||||
|
||||
export AFL_USE_ASAN=1
|
||||
grep -Fq '/afl-' CMakeCache.txt || rm -f CMakeCache.txt
|
||||
cmake . "${args[@]}"
|
||||
nice make clean
|
||||
nice make -j10
|
||||
@@ -2,9 +2,9 @@ set(CMAKE_CXX_STANDARD 17)
|
||||
set(CMAKE_CXX_STANDARD_REQUIRED ON)
|
||||
|
||||
set(IRREXAMPLES
|
||||
# removed
|
||||
LoadTexture
|
||||
)
|
||||
if(UNIX)
|
||||
if(FALSE)
|
||||
list(APPEND IRREXAMPLES AutomatedTest)
|
||||
endif()
|
||||
|
||||
|
||||
29
examples/LoadTexture/main.cpp
Normal file
29
examples/LoadTexture/main.cpp
Normal file
@@ -0,0 +1,29 @@
|
||||
#include <irrlicht.h>
|
||||
#include <iostream>
|
||||
|
||||
using namespace irr;
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
if (argc < 2)
|
||||
return 1;
|
||||
|
||||
SIrrlichtCreationParameters p;
|
||||
p.DriverType = video::EDT_NULL;
|
||||
p.WindowSize = core::dimension2du(640, 480);
|
||||
p.LoggingLevel = ELL_DEBUG;
|
||||
|
||||
auto *device = createDeviceEx(p);
|
||||
if (!device)
|
||||
return 1;
|
||||
auto *driver = device->getVideoDriver();
|
||||
|
||||
while (__AFL_LOOP(10000)) {
|
||||
auto *tex = driver->getTexture(argv[1]);
|
||||
if (tex)
|
||||
driver->removeTexture(tex);
|
||||
}
|
||||
|
||||
device->drop();
|
||||
return 0;
|
||||
}
|
||||
34
repro.sh
Executable file
34
repro.sh
Executable file
@@ -0,0 +1,34 @@
|
||||
#!/bin/bash
|
||||
aflout=out/default
|
||||
myout=out_rep
|
||||
exe=./bin/Linux/LoadTexture
|
||||
rm -rf "$myout" && mkdir -p "$myout"
|
||||
find $aflout/crashes -name 'id:*' -print | \
|
||||
while read file; do
|
||||
echo "➤ Testing $file..."
|
||||
short=${file##*/}
|
||||
short=${short%%,*}
|
||||
fout=$myout/$short.txt
|
||||
$exe "$file" >"$fout" 2>&1
|
||||
r=$?
|
||||
if grep -Fq '==ERROR: AddressSanitizer: SEGV on unknown address' "$fout"; then
|
||||
gdb -q --batch -iex 'set confirm off' -ex r -ex bt --args \
|
||||
${exe}_noasan "$file" >"$fout" 2>&1
|
||||
if grep -q '^Thread.*received signal'; then
|
||||
cp "$file" "$myout/$short.bin"
|
||||
echo "✔ Reproduced (gdb)"
|
||||
else
|
||||
echo "✗ Not reproduced (gdb)"
|
||||
rm -f "$fout"
|
||||
fi
|
||||
continue
|
||||
fi
|
||||
grep -Fq '==ABORTING' "$fout" && r=1
|
||||
if [ $r -eq 0 ]; then
|
||||
echo "✗ Not reproduced (asan)"
|
||||
rm -f "$fout"
|
||||
continue
|
||||
fi
|
||||
cp "$file" "$myout/$short.bin"
|
||||
echo "✔ Reproduced (asan)"
|
||||
done
|
||||
17
run.sh
Executable file
17
run.sh
Executable file
@@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
export AFL_SKIP_CPUFREQ=1
|
||||
export AFL_TMPDIR=/dev/shm
|
||||
opts=(
|
||||
-t 100
|
||||
-i sample_u/
|
||||
-o out/
|
||||
)
|
||||
exe=./bin/Linux/LoadTexture
|
||||
if ! [ -d sample_u ]; then
|
||||
mkdir sample_u
|
||||
afl-cmin.bash -i sample/ -o sample_u/ -- $exe @@
|
||||
echo; echo
|
||||
fi
|
||||
exec afl-fuzz \
|
||||
"${opts[@]}" "$@" \
|
||||
-- $exe @@
|
||||
Reference in New Issue
Block a user