Separate AFL build, run fuzz stages, and add afl argument pass-through
This commit is contained in:
parent
f968506039
commit
b25a14f433
|
@ -111,3 +111,4 @@ contrib/debian/files
|
|||
contrib/debian/substvars
|
||||
|
||||
src/fuzzing/*/output
|
||||
src/fuzz.cpp
|
||||
|
|
|
@ -186,7 +186,6 @@ bool AppInit(int argc, char* argv[])
|
|||
|
||||
return fRet;
|
||||
}
|
||||
#include "fuzz.h"
|
||||
#ifdef ZCASH_FUZZ
|
||||
#warning BUILDING A FUZZER, NOT THE REAL MAIN
|
||||
#include "fuzz.cpp"
|
||||
|
|
17
src/fuzz.cpp
17
src/fuzz.cpp
|
@ -1,17 +0,0 @@
|
|||
extern bool DecodeHexTx(CTransaction& tx, const std::string& strHexTx);
|
||||
|
||||
bool fuzz_DecodeHexTxFunction (const std::string& strHexTx) {
|
||||
CTransaction tx;
|
||||
return DecodeHexTx(tx, strHexTx);
|
||||
}
|
||||
|
||||
|
||||
int fuzz_DecodeHexTx (int argc, char *argv[]) {
|
||||
std::ifstream t(argv[1]);
|
||||
std::string str((std::istreambuf_iterator<char>(t)),
|
||||
std::istreambuf_iterator<char>());
|
||||
if (fuzz_DecodeHexTxFunction (str)) { fprintf(stdout, "Decoded hex string") ; return 0; }
|
||||
else { fprintf(stderr, "Could not decode hex string") ; return -1; }
|
||||
}
|
||||
|
||||
int main (int argc, char *argv[]) { return fuzz_DecodeHexTx(argc, argv); }
|
|
@ -1,13 +1,19 @@
|
|||
#!/usr/bin/env bash
|
||||
# A wrapper around ./zcutil/build.sh for instrumenting the build with AFL:
|
||||
# ./zcutil/afl/afl-build.sh <directory where AFL is installed>
|
||||
# ./zcutil/afl/afl-build.sh <directory where AFL is installed> <fuzz case>
|
||||
# You may obtain a copy of AFL using ./zcutil/afl/afl-get.sh.
|
||||
|
||||
set -eu -o pipefail
|
||||
|
||||
export AFL_INSTALL_DIR="$1"
|
||||
export AFL_INSTALL_DIR=$(realpath "$1")
|
||||
FUZZ_CASE="$2"
|
||||
shift 2
|
||||
export AFL_LOG_DIR="$(pwd)"
|
||||
export ZCUTIL=$(realpath "./zcutil")
|
||||
shift 1
|
||||
|
||||
cp "./src/fuzzing/$FUZZ_CASE/fuzz.cpp" src/fuzz.cpp
|
||||
|
||||
CONFIGURE_FLAGS="--enable-tests=no --enable-fuzz-main" "$ZCUTIL/build.sh" "CC=$ZCUTIL/afl/zcash-wrapper-gcc" "CXX=$ZCUTIL/afl/zcash-wrapper-g++" AFL_HARDEN=1 "$@"
|
||||
|
||||
echo "You can now run AFL as follows:"
|
||||
echo "$ ./zcutil/afl/afl-run.sh '$AFL_INSTALL_DIR' '$FUZZ_CASE'"
|
||||
|
|
|
@ -28,5 +28,6 @@ mv afl-*/* .
|
|||
make
|
||||
|
||||
echo "You can now build zcashd with AFL instrumentation as follows:"
|
||||
echo "$ make clean"
|
||||
echo "$ ./zcutil/afl/afl-build.sh '$(pwd)'"
|
||||
echo "$ make clean # if you've already built zcashd without AFL instrumentation"
|
||||
echo "$ ./zcutil/afl/afl-build.sh '$(pwd)' <fuzz case> -j\$(nproc)"
|
||||
echo "...where <fuzz case> is the name of a directory in src/fuzzing."
|
||||
|
|
|
@ -2,10 +2,12 @@
|
|||
# Builds AFL and an instrumented zcashd, then begins fuzzing.
|
||||
# This script must be run from within the top level directory of a zcash clone.
|
||||
# Pass it the name of a directory in ./src/fuzzing.
|
||||
# Additional arguments are passed-through to AFL.
|
||||
|
||||
set -eu -o pipefail
|
||||
|
||||
FUZZ_CASE="$1"
|
||||
shift 1
|
||||
|
||||
export AFL_INSTALL_DIR=$(realpath "./afl-temp")
|
||||
|
||||
|
@ -14,9 +16,5 @@ if [ ! -d "$AFL_INSTALL_DIR" ]; then
|
|||
./zcutil/afl/afl-get.sh "$AFL_INSTALL_DIR"
|
||||
fi
|
||||
|
||||
cp "./src/fuzzing/$FUZZ_CASE/fuzz.h" src/fuzz.h
|
||||
cp "./src/fuzzing/$FUZZ_CASE/fuzz.cpp" src/fuzz.cpp
|
||||
|
||||
./zcutil/afl/afl-build.sh "$AFL_INSTALL_DIR" -j$(nproc)
|
||||
|
||||
"$AFL_INSTALL_DIR/afl-fuzz" -i "./src/fuzzing/$FUZZ_CASE/input" -o "./src/fuzzing/$FUZZ_CASE/output" ./src/zcashd
|
||||
./zcutil/afl/afl-build.sh "$AFL_INSTALL_DIR" "$FUZZ_CASE" -j$(nproc)
|
||||
./zcutil/afl/afl-run.sh "$AFL_INSTALL_DIR" "$FUZZ_CASE" "$@"
|
|
@ -0,0 +1,9 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -eu -o pipefail
|
||||
|
||||
AFL_INSTALL_DIR="$1"
|
||||
FUZZ_CASE="$2"
|
||||
shift 2
|
||||
|
||||
"$AFL_INSTALL_DIR/afl-fuzz" -i "./src/fuzzing/$FUZZ_CASE/input" -o "./src/fuzzing/$FUZZ_CASE/output" "$@" ./src/zcashd
|
Loading…
Reference in New Issue