This commit is contained in:
sfan5 2023-09-18 17:13:32 +02:00
parent 4ca90e3dfd
commit 275e152523
5 changed files with 65 additions and 14 deletions

@ -1,21 +1,27 @@
#!/bin/bash #!/bin/bash -e
export CC=afl-clang-lto
export CXX=afl-clang-lto++
export LD=$CXX
args=(-DBUILD_EXAMPLES=ON -DENABLE_OPENGL=OFF -DBUILD_SHARED_LIBS=OFF) args=(-DBUILD_EXAMPLES=ON -DENABLE_OPENGL=OFF -DBUILD_SHARED_LIBS=OFF)
export CC=afl-clang-fast
export CXX=afl-clang-fast++
export LD=$CXX
unset AFL_USE_ASAN unset AFL_USE_ASAN
grep -Fq '/afl-' build2/CMakeCache.txt || rm -rf build2 if ! grep -Fq '/afl-' build2/CMakeCache.txt; then
rm -rf build2
cmake -S . -B build2 "${args[@]}" cmake -S . -B build2 "${args[@]}"
fi
nice make -C build2 clean nice make -C build2 clean
nice make -C build2 -j10 nice make -C build2 -j10
for f in build2/bin/Linux/*; do for f in build2/bin/Linux/*; do
ln -sv "../../$f" "bin/Linux/${f##*/}_noasan" ln -snfv "../../$f" "bin/Linux/${f##*/}_noasan"
done done
export CC=afl-clang-lto
export CXX=afl-clang-lto++
export LD=$CXX
export AFL_USE_ASAN=1 export AFL_USE_ASAN=1
grep -Fq '/afl-' CMakeCache.txt || rm -f CMakeCache.txt if ! grep -Fq '/afl-' CMakeCache.txt; then
rm -f CMakeCache.txt
cmake . "${args[@]}" cmake . "${args[@]}"
fi
nice make clean nice make clean
nice make -j10 nice make -j10

@ -3,6 +3,7 @@ set(CMAKE_CXX_STANDARD_REQUIRED ON)
set(IRREXAMPLES set(IRREXAMPLES
LoadTexture LoadTexture
LoadMesh
) )
if(FALSE) if(FALSE)
list(APPEND IRREXAMPLES AutomatedTest) list(APPEND IRREXAMPLES AutomatedTest)

@ -0,0 +1,44 @@
#include <irrlicht.h>
#include <iostream>
using namespace irr;
int main(int argc, char *argv[])
{
if (argc < 2)
return 1;
SIrrlichtCreationParameters p;
p.DriverType = video::EDT_NULL;
p.WindowSize = core::dimension2du(640, 480);
p.LoggingLevel = ELL_DEBUG;
auto *device = createDeviceEx(p);
if (!device)
return 1;
auto *smgr = device->getSceneManager();
while (__AFL_LOOP(10000)) {
auto *mfile = device->getFileSystem()->createAndOpenFile(argv[1]);
if (!mfile)
continue;
scene::IAnimatedMesh *mesh;
// Irrlicht matches on file extension so we have to do this by hand
for (u32 i = 0; i < smgr->getMeshLoaderCount(); i++) {
mfile->seek(0);
mesh = smgr->getMeshLoader(i)->createMesh(mfile);
if (mesh) {
core::stringc msg("Loaded using loader #");
msg += core::stringc(i);
device->getLogger()->log(msg.c_str(), ELL_DEBUG);
break;
}
}
if (mesh)
mesh->drop();
mfile->drop();
}
device->drop();
return 0;
}

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
aflout=out/default aflout=out/default
myout=out_rep myout=out_rep
exe=./bin/Linux/LoadTexture exe=./bin/Linux/LoadMesh
rm -rf "$myout" && mkdir -p "$myout" rm -rf "$myout" && mkdir -p "$myout"
find $aflout/crashes -name 'id:*' -print | \ find $aflout/crashes -name 'id:*' -print | \
while read file; do while read file; do
@ -14,7 +14,7 @@ while read file; do
if grep -Fq '==ERROR: AddressSanitizer: SEGV on unknown address' "$fout"; then if grep -Fq '==ERROR: AddressSanitizer: SEGV on unknown address' "$fout"; then
gdb -q --batch -iex 'set confirm off' -ex r -ex bt --args \ gdb -q --batch -iex 'set confirm off' -ex r -ex bt --args \
${exe}_noasan "$file" >"$fout" 2>&1 ${exe}_noasan "$file" >"$fout" 2>&1
if grep -q '^Thread.*received signal'; then if grep -Eq '^(Thread|Program).*received signal' "$fout"; then
cp "$file" "$myout/$short.bin" cp "$file" "$myout/$short.bin"
echo "✔ Reproduced (gdb)" echo "✔ Reproduced (gdb)"
else else

4
run.sh

@ -1,15 +1,15 @@
#!/bin/bash #!/bin/bash
export AFL_SKIP_CPUFREQ=1 export AFL_SKIP_CPUFREQ=1
export AFL_TMPDIR=/dev/shm export AFL_TMPDIR=/dev/shm
exe=./bin/Linux/LoadMesh
opts=( opts=(
-t 100 -t 100
-i sample_u/ -i sample_u/
-o out/ -o out/
) )
exe=./bin/Linux/LoadTexture
if ! [ -d sample_u ]; then if ! [ -d sample_u ]; then
mkdir sample_u mkdir sample_u
afl-cmin.bash -i sample/ -o sample_u/ -- $exe @@ afl-cmin.bash -T 4 -i sample/ -o sample_u/ -- $exe @@
echo; echo echo; echo
fi fi
exec afl-fuzz \ exec afl-fuzz \