ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-16 03:48:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

handle libfuzzer fuzzing non-zero exits better (#381)

Browse Source 
When running libfuzzer in 'fuzzing' mode, we expect the following on exit.

If the exit code is zero, crashing input isn't required.  This happens if the user specifies '-runs=N'

If the exit code is non-zero, then crashes are expected.  In practice, there are two causes to non-zero exits.
1. If the binary can't execute for some reason, like a missing prerequisite
2. If the binary _can_ execute, sometimes the sanitizers are put in such a bad place that they are unable to record the input that caused the crash.

This PR enables handling these two non-zero exit cases.

1. Optionally verify the libfuzzer target loads appropriately using `target_exe -help=1`.  This allows failing faster in the common issues, such a missing prerequisite library.
2. Optionally allow non-zero exits without crashes to be a warning, rather than a task failure.
This commit is contained in:
bmc-msft
2021-01-05 09:40:15 -05:00
committed by GitHub
parent 75d2ffd7f4
commit 37f06bb324
20 changed files with 240 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/api-service/__app__/onefuzzlib/job_templates/defaults/libfuzzer.py
View File

@ -217,6 +217,38 @@ libfuzzer_linux = JobTemplate(
),
],
),
UserField(
name="check_fuzzer_help",
help="Verify fuzzer by checking if it supports -help=1",
type=UserFieldType.Bool,
default=True,
locations=[
UserFieldLocation(
op=UserFieldOperation.add,
path="/tasks/0/task/check_fuzzer_help",
),
UserFieldLocation(
op=UserFieldOperation.add,
path="/tasks/1/task/check_fuzzer_help",
),
UserFieldLocation(
op=UserFieldOperation.add,
path="/tasks/2/task/check_fuzzer_help",
),
],
),
UserField(
name="expect_crash_on_failure",
help="Require crashes upon non-zero exits from libfuzzer",
type=UserFieldType.Bool,
default=True,
locations=[
UserFieldLocation(
op=UserFieldOperation.add,
path="/tasks/0/task/expect_crash_on_failure",
),
],
),
UserField(
name="reboot_after_setup",
help=REBOOT_HELP,

14
src/api-service/__app__/onefuzzlib/tasks/config.py
View File

@ -317,6 +317,20 @@ def build_task_config(
if TaskFeature.ensemble_sync_delay in definition.features:
config.ensemble_sync_delay = task_config.task.ensemble_sync_delay
if TaskFeature.check_fuzzer_help in definition.features:
config.check_fuzzer_help = (
task_config.task.check_fuzzer_help
if task_config.task.check_fuzzer_help is not None
else True
)
if TaskFeature.expect_crash_on_failure in definition.features:
config.expect_crash_on_failure = (
task_config.task.expect_crash_on_failure
if task_config.task.expect_crash_on_failure is not None
else True
)
return config

5
src/api-service/__app__/onefuzzlib/tasks/defs.py
View File

@ -63,6 +63,8 @@ TASK_DEFINITIONS = {
TaskFeature.target_options,
TaskFeature.target_workers,
TaskFeature.ensemble_sync_delay,
TaskFeature.check_fuzzer_help,
TaskFeature.expect_crash_on_failure,
],
vm=VmDefinition(compare=Compare.AtLeast, value=1),
containers=[
@ -105,6 +107,7 @@ TASK_DEFINITIONS = {
TaskFeature.target_options,
TaskFeature.target_timeout,
TaskFeature.check_retry_count,
TaskFeature.check_fuzzer_help,
],
vm=VmDefinition(compare=Compare.AtLeast, value=1),
containers=[
@ -146,6 +149,7 @@ TASK_DEFINITIONS = {
TaskFeature.target_exe,
TaskFeature.target_env,
TaskFeature.target_options,
TaskFeature.check_fuzzer_help,
],
vm=VmDefinition(compare=Compare.Equal, value=1),
containers=[
@ -180,6 +184,7 @@ TASK_DEFINITIONS = {
TaskFeature.target_exe,
TaskFeature.target_env,
TaskFeature.target_options,
TaskFeature.check_fuzzer_help,
],
vm=VmDefinition(compare=Compare.Equal, value=1),
containers=[