ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 19:08:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix and update libfuzzer custom mutator

Browse Source
This commit is contained in:
van Hauser
2020-09-21 15:47:10 +02:00
parent f34fe1f81e
commit 207cbd5cf7
14 changed files with 387 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
custom_mutators/libfuzzer/FuzzerDriver.cpp
View File

@ -77,7 +77,7 @@ struct {
} Flags;
static const FlagDescription FlagDescriptions[]{
\
#define FUZZER_DEPRECATED_FLAG(Name) \
{#Name, "Deprecated; don't use", 0, nullptr, nullptr, nullptr},
#define FUZZER_FLAG_INT(Name, Default, Description) \
@ -941,23 +941,12 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
Options.EntropicNumberOfRarestFeatures =
(size_t)Flags.entropic_number_of_rarest_features;
Options.EntropicScalePerExecTime = Flags.entropic_scale_per_exec_time;
if (Options.Entropic) {
if (!Options.FocusFunction.empty()) {
Printf(
"ERROR: The parameters `--entropic` and `--focus_function` cannot "
"be used together.\n");
exit(1);
}
if (!Options.FocusFunction.empty())
Options.Entropic = false; // FocusFunction overrides entropic scheduling.
if (Options.Entropic)
Printf("INFO: Running with entropic power schedule (0x%X, %d).\n",
Options.EntropicFeatureFrequencyThreshold,
Options.EntropicNumberOfRarestFeatures);
}
struct EntropicOptions Entropic;
Entropic.Enabled = Options.Entropic;
Entropic.FeatureFrequencyThreshold =

4
custom_mutators/libfuzzer/FuzzerExtFunctionsDlsym.cpp
View File

@ -45,8 +45,8 @@ namespace fuzzer {
ExternalFunctions::ExternalFunctions() {
\
#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) this->NAME =
GetFnPtr < decltype(ExternalFunctions::NAME)>(#NAME, WARN)
#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
this->NAME = GetFnPtr<decltype(ExternalFunctions::NAME)>(#NAME, WARN)
#include "FuzzerExtFunctions.def"

5
custom_mutators/libfuzzer/FuzzerExtFunctionsWeak.cpp
View File

@ -46,8 +46,9 @@ namespace fuzzer {
ExternalFunctions::ExternalFunctions() {
\
#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) this->NAME = ::NAME;
CheckFnPtr(reinterpret_cast<void *>(reinterpret_cast<uintptr_t>(::NAME)),
#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
this->NAME = ::NAME; \
CheckFnPtr(reinterpret_cast<void *>(reinterpret_cast<uintptr_t>(::NAME)), \
#NAME, WARN);
#include "FuzzerExtFunctions.def"

23
custom_mutators/libfuzzer/FuzzerExtFunctionsWindows.cpp
View File

@ -45,16 +45,15 @@ using namespace fuzzer;
#endif // LIBFUZZER_MSVC
extern "C" {
#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN)
RETURN_TYPE NAME##Def FUNC_SIG {
Printf("ERROR: Function \"%s\" not defined.\n", #NAME);
exit(1);
}
EXTERNAL_FUNC(NAME, NAME##Def) RETURN_TYPE NAME FUNC_SIG
\
#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
RETURN_TYPE NAME##Def FUNC_SIG { \
\
Printf("ERROR: Function \"%s\" not defined.\n", #NAME); \
exit(1); \
\
} \
EXTERNAL_FUNC(NAME, NAME##Def) RETURN_TYPE NAME FUNC_SIG
#include "FuzzerExtFunctions.def"
@ -81,8 +80,8 @@ namespace fuzzer {
ExternalFunctions::ExternalFunctions() {
\
#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) this->NAME =
GetFnPtr < decltype(::NAME)>(::NAME, ::NAME##Def, #NAME, WARN);
#define EXT_FUNC(NAME, RETURN_TYPE, FUNC_SIG, WARN) \
this->NAME = GetFnPtr<decltype(::NAME)>(::NAME, ::NAME##Def, #NAME, WARN);
#include "FuzzerExtFunctions.def"

5
custom_mutators/libfuzzer/FuzzerFlags.def
View File

@ -171,8 +171,9 @@ FUZZER_FLAG_INT(ignore_remaining_args, 0, "If 1, ignore all arguments passed "
FUZZER_FLAG_STRING(focus_function, "Experimental. "
"Fuzzing will focus on inputs that trigger calls to this function. "
"If -focus_function=auto and -data_flow_trace is used, libFuzzer "
"will choose the focus functions automatically.")
FUZZER_FLAG_INT(entropic, 0, "Experimental. Enables entropic power schedule.")
"will choose the focus functions automatically. Disables -entropic when "
"specified.")
FUZZER_FLAG_INT(entropic, 1, "Enables entropic power schedule.")
FUZZER_FLAG_INT(entropic_feature_frequency_threshold, 0xFF, "Experimental. If "
"entropic is enabled, all features which are observed less often than "
"the specified value are considered as rare.")

290
custom_mutators/libfuzzer/FuzzerInterceptors.cpp Normal file
View File

@ -0,0 +1,290 @@
//===-- FuzzerInterceptors.cpp --------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// Intercept certain libc functions to aid fuzzing.
// Linked only when other RTs that define their own interceptors are not linked.
//===----------------------------------------------------------------------===//
#include "FuzzerPlatform.h"
#if LIBFUZZER_LINUX
#define GET_CALLER_PC() __builtin_return_address(0)
#define PTR_TO_REAL(x) real_##x
#define REAL(x) __interception::PTR_TO_REAL(x)
#define FUNC_TYPE(x) x##_type
#define DEFINE_REAL(ret_type, func, ...) \
typedef ret_type (*FUNC_TYPE(func))(__VA_ARGS__); \
namespace __interception { \
\
FUNC_TYPE(func) PTR_TO_REAL(func); \
\
}
#include <cassert>
#include <cstdint>
#include <dlfcn.h> // for dlsym()
static void *getFuncAddr(const char *name, uintptr_t wrapper_addr) {
void *addr = dlsym(RTLD_NEXT, name);
if (!addr) {
// If the lookup using RTLD_NEXT failed, the sanitizer runtime library is
// later in the library search order than the DSO that we are trying to
// intercept, which means that we cannot intercept this function. We still
// want the address of the real definition, though, so look it up using
// RTLD_DEFAULT.
addr = dlsym(RTLD_DEFAULT, name);
// In case `name' is not loaded, dlsym ends up finding the actual wrapper.
// We don't want to intercept the wrapper and have it point to itself.
if (reinterpret_cast<uintptr_t>(addr) == wrapper_addr) addr = nullptr;
}
return addr;
}
static int FuzzerInited = 0;
static bool FuzzerInitIsRunning;
static void fuzzerInit();
static void ensureFuzzerInited() {
assert(!FuzzerInitIsRunning);
if (!FuzzerInited) { fuzzerInit(); }
}
static int internal_strcmp_strncmp(const char *s1, const char *s2, bool strncmp,
size_t n) {
size_t i = 0;
while (true) {
if (strncmp) {
if (i == n) break;
i++;
}
unsigned c1 = *s1;
unsigned c2 = *s2;
if (c1 != c2) return (c1 < c2) ? -1 : 1;
if (c1 == 0) break;
s1++;
s2++;
}
return 0;
}
static int internal_strncmp(const char *s1, const char *s2, size_t n) {
return internal_strcmp_strncmp(s1, s2, true, n);
}
static int internal_strcmp(const char *s1, const char *s2) {
return internal_strcmp_strncmp(s1, s2, false, 0);
}
static int internal_memcmp(const void *s1, const void *s2, size_t n) {
const uint8_t *t1 = static_cast<const uint8_t *>(s1);
const uint8_t *t2 = static_cast<const uint8_t *>(s2);
for (size_t i = 0; i < n; ++i, ++t1, ++t2)
if (*t1 != *t2) return *t1 < *t2 ? -1 : 1;
return 0;
}
static size_t internal_strlen(const char *s) {
size_t i = 0;
while (s[i])
i++;
return i;
}
static char *internal_strstr(const char *haystack, const char *needle) {
// This is O(N^2), but we are not using it in hot places.
size_t len1 = internal_strlen(haystack);
size_t len2 = internal_strlen(needle);
if (len1 < len2) return nullptr;
for (size_t pos = 0; pos <= len1 - len2; pos++) {
if (internal_memcmp(haystack + pos, needle, len2) == 0)
return const_cast<char *>(haystack) + pos;
}
return nullptr;
}
extern "C" {
// Weak hooks forward-declared to avoid dependency on
// <sanitizer/common_interface_defs.h>.
void __sanitizer_weak_hook_memcmp(void *called_pc, const void *s1,
const void *s2, size_t n, int result);
void __sanitizer_weak_hook_strncmp(void *called_pc, const char *s1,
const char *s2, size_t n, int result);
void __sanitizer_weak_hook_strncasecmp(void *called_pc, const char *s1,
const char *s2, size_t n, int result);
void __sanitizer_weak_hook_strcmp(void *called_pc, const char *s1,
const char *s2, int result);
void __sanitizer_weak_hook_strcasecmp(void *called_pc, const char *s1,
const char *s2, int result);
void __sanitizer_weak_hook_strstr(void *called_pc, const char *s1,
const char *s2, char *result);
void __sanitizer_weak_hook_strcasestr(void *called_pc, const char *s1,
const char *s2, char *result);
void __sanitizer_weak_hook_memmem(void *called_pc, const void *s1, size_t len1,
const void *s2, size_t len2, void *result);
DEFINE_REAL(int, bcmp, const void *, const void *, size_t)
DEFINE_REAL(int, memcmp, const void *, const void *, size_t)
DEFINE_REAL(int, strncmp, const char *, const char *, size_t)
DEFINE_REAL(int, strcmp, const char *, const char *)
DEFINE_REAL(int, strncasecmp, const char *, const char *, size_t)
DEFINE_REAL(int, strcasecmp, const char *, const char *)
DEFINE_REAL(char *, strstr, const char *, const char *)
DEFINE_REAL(char *, strcasestr, const char *, const char *)
DEFINE_REAL(void *, memmem, const void *, size_t, const void *, size_t)
ATTRIBUTE_INTERFACE int bcmp(const char *s1, const char *s2, size_t n) {
if (!FuzzerInited) return internal_memcmp(s1, s2, n);
int result = REAL(bcmp)(s1, s2, n);
__sanitizer_weak_hook_memcmp(GET_CALLER_PC(), s1, s2, n, result);
return result;
}
ATTRIBUTE_INTERFACE int memcmp(const void *s1, const void *s2, size_t n) {
if (!FuzzerInited) return internal_memcmp(s1, s2, n);
int result = REAL(memcmp)(s1, s2, n);
__sanitizer_weak_hook_memcmp(GET_CALLER_PC(), s1, s2, n, result);
return result;
}
ATTRIBUTE_INTERFACE int strncmp(const char *s1, const char *s2, size_t n) {
if (!FuzzerInited) return internal_strncmp(s1, s2, n);
int result = REAL(strncmp)(s1, s2, n);
__sanitizer_weak_hook_strncmp(GET_CALLER_PC(), s1, s2, n, result);
return result;
}
ATTRIBUTE_INTERFACE int strcmp(const char *s1, const char *s2) {
if (!FuzzerInited) return internal_strcmp(s1, s2);
int result = REAL(strcmp)(s1, s2);
__sanitizer_weak_hook_strcmp(GET_CALLER_PC(), s1, s2, result);
return result;
}
ATTRIBUTE_INTERFACE int strncasecmp(const char *s1, const char *s2, size_t n) {
ensureFuzzerInited();
int result = REAL(strncasecmp)(s1, s2, n);
__sanitizer_weak_hook_strncasecmp(GET_CALLER_PC(), s1, s2, n, result);
return result;
}
ATTRIBUTE_INTERFACE int strcasecmp(const char *s1, const char *s2) {
ensureFuzzerInited();
int result = REAL(strcasecmp)(s1, s2);
__sanitizer_weak_hook_strcasecmp(GET_CALLER_PC(), s1, s2, result);
return result;
}
ATTRIBUTE_INTERFACE char *strstr(const char *s1, const char *s2) {
if (!FuzzerInited) return internal_strstr(s1, s2);
char *result = REAL(strstr)(s1, s2);
__sanitizer_weak_hook_strstr(GET_CALLER_PC(), s1, s2, result);
return result;
}
ATTRIBUTE_INTERFACE char *strcasestr(const char *s1, const char *s2) {
ensureFuzzerInited();
char *result = REAL(strcasestr)(s1, s2);
__sanitizer_weak_hook_strcasestr(GET_CALLER_PC(), s1, s2, result);
return result;
}
ATTRIBUTE_INTERFACE
void *memmem(const void *s1, size_t len1, const void *s2, size_t len2) {
ensureFuzzerInited();
void *result = REAL(memmem)(s1, len1, s2, len2);
__sanitizer_weak_hook_memmem(GET_CALLER_PC(), s1, len1, s2, len2, result);
return result;
}
__attribute__((section(".preinit_array"),
used)) static void (*__local_fuzzer_preinit)(void) = fuzzerInit;
} // extern "C"
static void fuzzerInit() {
assert(!FuzzerInitIsRunning);
if (FuzzerInited) return;
FuzzerInitIsRunning = true;
REAL(bcmp) = reinterpret_cast<memcmp_type>(
getFuncAddr("bcmp", reinterpret_cast<uintptr_t>(&bcmp)));
REAL(memcmp) = reinterpret_cast<memcmp_type>(
getFuncAddr("memcmp", reinterpret_cast<uintptr_t>(&memcmp)));
REAL(strncmp) = reinterpret_cast<strncmp_type>(
getFuncAddr("strncmp", reinterpret_cast<uintptr_t>(&strncmp)));
REAL(strcmp) = reinterpret_cast<strcmp_type>(
getFuncAddr("strcmp", reinterpret_cast<uintptr_t>(&strcmp)));
REAL(strncasecmp) = reinterpret_cast<strncasecmp_type>(
getFuncAddr("strncasecmp", reinterpret_cast<uintptr_t>(&strncasecmp)));
REAL(strcasecmp) = reinterpret_cast<strcasecmp_type>(
getFuncAddr("strcasecmp", reinterpret_cast<uintptr_t>(&strcasecmp)));
REAL(strstr) = reinterpret_cast<strstr_type>(
getFuncAddr("strstr", reinterpret_cast<uintptr_t>(&strstr)));
REAL(strcasestr) = reinterpret_cast<strcasestr_type>(
getFuncAddr("strcasestr", reinterpret_cast<uintptr_t>(&strcasestr)));
REAL(memmem) = reinterpret_cast<memmem_type>(
getFuncAddr("memmem", reinterpret_cast<uintptr_t>(&memmem)));
FuzzerInitIsRunning = false;
FuzzerInited = 1;
}
#endif

2
custom_mutators/libfuzzer/FuzzerLoop.cpp
View File

@ -752,7 +752,7 @@ void Fuzzer::PrintStatusForNewUnit(const Unit &U, const char *Text) {
if (Options.Verbosity) {
Printf(" L: %zd/%zd ", U.size(), Corpus.MaxInputSize());
MD.PrintMutationSequence();
MD.PrintMutationSequence(Options.Verbosity >= 2);
Printf("\n");
}

26
custom_mutators/libfuzzer/FuzzerMain.cpp Normal file
View File

@ -0,0 +1,26 @@
//===- FuzzerMain.cpp - main() function and flags -------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// main() and flags.
//===----------------------------------------------------------------------===//
#include "FuzzerDefs.h"
#include "FuzzerPlatform.h"
extern "C" {
// This function should be defined by the user.
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
} // extern "C"
ATTRIBUTE_INTERFACE int main(int argc, char **argv) {
return fuzzer::FuzzerDriver(&argc, &argv, LLVMFuzzerTestOneInput);
}

17
custom_mutators/libfuzzer/FuzzerMutate.cpp
View File

@ -18,6 +18,7 @@
namespace fuzzer {
const size_t Dictionary::kMaxDictSize;
static const size_t kMaxMutationsToPrint = 10;
static void PrintASCII(const Word &W, const char *PrintAfter) {
@ -608,18 +609,24 @@ void MutationDispatcher::PrintRecommendedDictionary() {
}
void MutationDispatcher::PrintMutationSequence() {
void MutationDispatcher::PrintMutationSequence(bool Verbose) {
Printf("MS: %zd ", CurrentMutatorSequence.size());
for (auto M : CurrentMutatorSequence)
Printf("%s-", M.Name);
size_t EntriesToPrint =
Verbose ? CurrentMutatorSequence.size()
: std::min(kMaxMutationsToPrint, CurrentMutatorSequence.size());
for (size_t i = 0; i < EntriesToPrint; i++)
Printf("%s-", CurrentMutatorSequence[i].Name);
if (!CurrentDictionaryEntrySequence.empty()) {
Printf(" DE: ");
for (auto DE : CurrentDictionaryEntrySequence) {
EntriesToPrint = Verbose ? CurrentDictionaryEntrySequence.size()
: std::min(kMaxMutationsToPrint,
CurrentDictionaryEntrySequence.size());
for (size_t i = 0; i < EntriesToPrint; i++) {
Printf("\"");
PrintASCII(DE->GetW(), "\"-");
PrintASCII(CurrentDictionaryEntrySequence[i]->GetW(), "\"-");
}

5
custom_mutators/libfuzzer/FuzzerMutate.h
View File

@ -24,8 +24,9 @@ public:
~MutationDispatcher() {}
/// Indicate that we are about to start a new sequence of mutations.
void StartMutationSequence();
/// Print the current sequence of mutations.
void PrintMutationSequence();
/// Print the current sequence of mutations. Only prints the full sequence
/// when Verbose is true.
void PrintMutationSequence(bool Verbose = true);
/// Return the current sequence of mutations.
std::string MutationSequence();
/// Indicate that the current sequence of mutations was successful.

2
custom_mutators/libfuzzer/FuzzerOptions.h
View File

@ -46,7 +46,7 @@ struct FuzzingOptions {
size_t MaxNumberOfRuns = -1L;
int ReportSlowUnits = 10;
bool OnlyASCII = false;
bool Entropic = false;
bool Entropic = true;
size_t EntropicFeatureFrequencyThreshold = 0xFF;
size_t EntropicNumberOfRarestFeatures = 100;
bool EntropicScalePerExecTime = false;

54
custom_mutators/libfuzzer/Makefile
View File

@ -1,81 +1,81 @@
#CFLAGS = -O3 -funroll-loops -fPIC -fpermissive -std=c++11
CFLAGS = -g -O0 -fPIC -fpermissive -std=c++11
CC ?= clang++
CFLAGS = -g -O3 -funroll-loops -fPIC -fpermissive -std=c++11
#CFLAGS = -g -O0 -fPIC -fpermissive -std=c++11
CXX ?= clang++
all: libfuzzer-mutator.so
FuzzerCrossOver.o: FuzzerCrossOver.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerDataFlowTrace.o: FuzzerDataFlowTrace.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerDriver.o: FuzzerDriver.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerExtFunctionsDlsym.o: FuzzerExtFunctionsDlsym.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerExtFunctionsWeak.o: FuzzerExtFunctionsWeak.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerExtFunctionsWindows.o: FuzzerExtFunctionsWindows.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerExtraCounters.o: FuzzerExtraCounters.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerFork.o: FuzzerFork.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerIO.o: FuzzerIO.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerIOPosix.o: FuzzerIOPosix.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerIOWindows.o: FuzzerIOWindows.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerLoop.o: FuzzerLoop.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerMerge.o: FuzzerMerge.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerMutate.o: FuzzerMutate.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerSHA1.o: FuzzerSHA1.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerTracePC.o: FuzzerTracePC.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerUtil.o: FuzzerUtil.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerUtilDarwin.o: FuzzerUtilDarwin.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerUtilFuchsia.o: FuzzerUtilFuchsia.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerUtilLinux.o: FuzzerUtilLinux.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerUtilPosix.o: FuzzerUtilPosix.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
FuzzerUtilWindows.o: FuzzerUtilWindows.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
libfuzzer.o: libfuzzer.cpp
$(CC) $(CFLAGS) -I../../include -I. -c $^
$(CXX) $(CFLAGS) -I../../include -I. -c $^
libfuzzer-mutator.so: FuzzerCrossOver.o FuzzerDataFlowTrace.o FuzzerDriver.o FuzzerExtFunctionsDlsym.o FuzzerExtFunctionsWeak.o FuzzerExtFunctionsWindows.o FuzzerExtraCounters.o FuzzerFork.o FuzzerIO.o FuzzerIOPosix.o FuzzerIOWindows.o FuzzerLoop.o FuzzerMerge.o FuzzerMutate.o FuzzerSHA1.o FuzzerTracePC.o FuzzerUtil.o FuzzerUtilDarwin.o FuzzerUtilFuchsia.o FuzzerUtilLinux.o FuzzerUtilPosix.o FuzzerUtilWindows.o libfuzzer.o
$(CC) $(CFLAGS) -I../../include -I. -shared -o libfuzzer-mutator.so *.o
$(CXX) $(CFLAGS) -I../../include -I. -shared -o libfuzzer-mutator.so *.o
clean:
rm -f *.o *~ *.so core

2
custom_mutators/libfuzzer/README.md
View File

@ -21,4 +21,4 @@ are done.
> Original repository: https://github.com/llvm/llvm-project
> Path: compiler-rt/lib/fuzzer/*.{h|cpp}
> Source commit: d4b88ac1658d681e143482336cac27c6a74b8b24
> Source commit: df3e903655e2499968fc7af64fb5fa52b2ee79bb

2
custom_mutators/libfuzzer/libfuzzer.cpp
View File

@ -72,7 +72,7 @@ extern "C" my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) {
/* When a new queue entry is added we check if there are new dictionary
entries to add to honggfuzz structure */
#if ß
#if 0
extern "C" void afl_custom_queue_new_entry(my_mutator_t * data,
const uint8_t *filename_new_queue,
const uint8_t *filename_orig_queue) {