From 4ca90e3dfd83dfa429aea1b56eb652388bb22b08 Mon Sep 17 00:00:00 2001 From: sfan5 Date: Sun, 17 Sep 2023 23:40:31 +0200 Subject: [PATCH] afl-fuzz --- build.sh | 21 +++++++++++++++++++++ examples/CMakeLists.txt | 4 ++-- examples/LoadTexture/main.cpp | 29 +++++++++++++++++++++++++++++ repro.sh | 34 ++++++++++++++++++++++++++++++++++ run.sh | 17 +++++++++++++++++ 5 files changed, 103 insertions(+), 2 deletions(-) create mode 100755 build.sh create mode 100644 examples/LoadTexture/main.cpp create mode 100755 repro.sh create mode 100755 run.sh diff --git a/build.sh b/build.sh new file mode 100755 index 00000000..6a353429 --- /dev/null +++ b/build.sh @@ -0,0 +1,21 @@ +#!/bin/bash +export CC=afl-clang-lto +export CXX=afl-clang-lto++ +export LD=$CXX + +args=(-DBUILD_EXAMPLES=ON -DENABLE_OPENGL=OFF -DBUILD_SHARED_LIBS=OFF) + +unset AFL_USE_ASAN +grep -Fq '/afl-' build2/CMakeCache.txt || rm -rf build2 +cmake -S . -B build2 "${args[@]}" +nice make -C build2 clean +nice make -C build2 -j10 +for f in build2/bin/Linux/*; do + ln -sv "../../$f" "bin/Linux/${f##*/}_noasan" +done + +export AFL_USE_ASAN=1 +grep -Fq '/afl-' CMakeCache.txt || rm -f CMakeCache.txt +cmake . "${args[@]}" +nice make clean +nice make -j10 diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt index 7b942862..9fb7d3e1 100644 --- a/examples/CMakeLists.txt +++ b/examples/CMakeLists.txt @@ -2,9 +2,9 @@ set(CMAKE_CXX_STANDARD 17) set(CMAKE_CXX_STANDARD_REQUIRED ON) set(IRREXAMPLES - # removed + LoadTexture ) -if(UNIX) +if(FALSE) list(APPEND IRREXAMPLES AutomatedTest) endif() diff --git a/examples/LoadTexture/main.cpp b/examples/LoadTexture/main.cpp new file mode 100644 index 00000000..9896c4e3 --- /dev/null +++ b/examples/LoadTexture/main.cpp @@ -0,0 +1,29 @@ +#include +#include + +using namespace irr; + +int main(int argc, char *argv[]) +{ + if (argc < 2) + return 1; + + SIrrlichtCreationParameters p; + p.DriverType = video::EDT_NULL; + p.WindowSize = core::dimension2du(640, 480); + p.LoggingLevel = ELL_DEBUG; + + auto *device = createDeviceEx(p); + if (!device) + return 1; + auto *driver = device->getVideoDriver(); + + while (__AFL_LOOP(10000)) { + auto *tex = driver->getTexture(argv[1]); + if (tex) + driver->removeTexture(tex); + } + + device->drop(); + return 0; +} diff --git a/repro.sh b/repro.sh new file mode 100755 index 00000000..e724c454 --- /dev/null +++ b/repro.sh @@ -0,0 +1,34 @@ +#!/bin/bash +aflout=out/default +myout=out_rep +exe=./bin/Linux/LoadTexture +rm -rf "$myout" && mkdir -p "$myout" +find $aflout/crashes -name 'id:*' -print | \ +while read file; do + echo "➤ Testing $file..." + short=${file##*/} + short=${short%%,*} + fout=$myout/$short.txt + $exe "$file" >"$fout" 2>&1 + r=$? + if grep -Fq '==ERROR: AddressSanitizer: SEGV on unknown address' "$fout"; then + gdb -q --batch -iex 'set confirm off' -ex r -ex bt --args \ + ${exe}_noasan "$file" >"$fout" 2>&1 + if grep -q '^Thread.*received signal'; then + cp "$file" "$myout/$short.bin" + echo "✔ Reproduced (gdb)" + else + echo "✗ Not reproduced (gdb)" + rm -f "$fout" + fi + continue + fi + grep -Fq '==ABORTING' "$fout" && r=1 + if [ $r -eq 0 ]; then + echo "✗ Not reproduced (asan)" + rm -f "$fout" + continue + fi + cp "$file" "$myout/$short.bin" + echo "✔ Reproduced (asan)" +done diff --git a/run.sh b/run.sh new file mode 100755 index 00000000..66b2402c --- /dev/null +++ b/run.sh @@ -0,0 +1,17 @@ +#!/bin/bash +export AFL_SKIP_CPUFREQ=1 +export AFL_TMPDIR=/dev/shm +opts=( + -t 100 + -i sample_u/ + -o out/ +) +exe=./bin/Linux/LoadTexture +if ! [ -d sample_u ]; then + mkdir sample_u + afl-cmin.bash -i sample/ -o sample_u/ -- $exe @@ + echo; echo +fi +exec afl-fuzz \ + "${opts[@]}" "$@" \ + -- $exe @@