ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-18 12:48:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Address race-condition when syncing input seeds (#204)

Browse Source
This commit is contained in:
Cheick Keita
2020-10-28 08:57:46 -07:00
committed by GitHub
parent db8534109f
commit 66dda9397a
2 changed files with 31 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/agent/onefuzz-agent/src/tasks/fuzz/libfuzzer_fuzz.rs
View File

@ -96,34 +96,44 @@ impl LibFuzzerFuzzTask {
worker_id: u64, worker_id: u64,
stats_sender: Option<&StatsSender>, stats_sender: Option<&StatsSender>,
) -> Result<()> { ) -> Result<()> {
let local_input_dir = tempdir()?;
loop { loop {
self.run_fuzzer(worker_id, stats_sender).await?; self.run_fuzzer(&local_input_dir.path(), worker_id, stats_sender)
.await?;
let mut entries = tokio::fs::read_dir(local_input_dir.path()).await?;
while let Some(Ok(entry)) = entries.next().await {
let destination_path = self.config.inputs.path.clone().join(entry.file_name());
tokio::fs::rename(entry.path(), destination_path).await?;
}
} }
} }
// Fuzz with a libFuzzer until it exits. // Fuzz with a libFuzzer until it exits.
// //
// While it runs, parse stderr for progress metrics, and report them. // While it runs, parse stderr for progress metrics, and report them.
async fn run_fuzzer(&self, worker_id: u64, stats_sender: Option<&StatsSender>) -> Result<()> { async fn run_fuzzer(
&self,
local_inputs: impl AsRef<std::path::Path>,
worker_id: u64,
stats_sender: Option<&StatsSender>,
) -> Result<()> {
let crash_dir = tempdir()?; let crash_dir = tempdir()?;
let run_id = Uuid::new_v4(); let run_id = Uuid::new_v4();
info!("starting fuzzer run, run_id = {}", run_id); info!("starting fuzzer run, run_id = {}", run_id);
let inputs: Vec<_> = { let mut inputs = vec![&self.config.inputs.path];
if let Some(readonly_inputs) = &self.config.readonly_inputs { if let Some(readonly_inputs) = &self.config.readonly_inputs {
readonly_inputs.iter().map(|d| &d.path).collect() readonly_inputs.iter().for_each(|d| inputs.push(&d.path));
} else {
vec![]
} }
};
let fuzzer = LibFuzzer::new( let fuzzer = LibFuzzer::new(
&self.config.target_exe, &self.config.target_exe,
&self.config.target_options, &self.config.target_options,
&self.config.target_env, &self.config.target_env,
); );
let mut running = fuzzer.fuzz(crash_dir.path(), &self.config.inputs.path, &inputs)?; let mut running = fuzzer.fuzz(crash_dir.path(), local_inputs, &inputs)?;
let sys_info = task::spawn(report_fuzzer_sys_info(worker_id, run_id, running.id())); let sys_info = task::spawn(report_fuzzer_sys_info(worker_id, run_id, running.id()));

11
src/agent/onefuzz/src/libfuzzer.rs
View File

@ -14,6 +14,8 @@ use std::{
}; };
use tokio::process::{Child, Command}; use tokio::process::{Child, Command};
const DEFAULT_MAX_TOTAL_SECONDS: i32 = 10 * 60;
pub struct LibFuzzerMergeOutput { pub struct LibFuzzerMergeOutput {
pub added_files_count: i32, pub added_files_count: i32,
pub added_feature_count: i32, pub added_feature_count: i32,
@ -70,6 +72,15 @@ impl<'a> LibFuzzer<'a> {
cmd.arg(o); cmd.arg(o);
} }
// check if a max_time is already set
if let None = self
.options
.iter()
.find(|o| o.starts_with("-max_total_time"))
{
cmd.arg(format!("-max_total_time={}", DEFAULT_MAX_TOTAL_SECONDS));
}
// When writing a new faulting input, the libFuzzer runtime _exactly_ // When writing a new faulting input, the libFuzzer runtime _exactly_
// prepends the value of `-artifact_prefix` to the new file name. To // prepends the value of `-artifact_prefix` to the new file name. To
// specify that a new file `crash-<digest>` should be written to a // specify that a new file `crash-<digest>` should be written to a