Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-10-07 02:23:58 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
86529d7cf6
radare2/test/fuzz
History
Keegan Saunders 9eb1cf34bd Initial import of the dalvik.ns plugin ##arch
2024-09-19 15:56:29 +02:00
..
scripts Fix some typos 2023-09-18 14:41:40 +02:00
fuzz_anal.c Fix null deref in fuzzed omt command ##crash 2023-03-06 14:43:29 +01:00
fuzz_bin2.c Fix UAF in y-;q and assert with 0 size functions ##crash 2023-03-06 14:01:12 +01:00
fuzz_bin_demangle.c Fix some vulns spotted in the swift demangler ##crash 2024-05-20 20:15:15 +02:00
fuzz_bin.c Fix infinite loop in dyldcache parser ##fuzz 2022-09-12 17:31:24 +02:00
fuzz_cmd.c Fix #21438 - Do not permit negative arguments to /z 2023-03-06 14:22:58 +01:00
fuzz_dwarf.c Add the dwarf fuzzer program ##test 2023-01-20 18:12:23 +01:00
fuzz_fs.c Fix assert in pFB 2023-03-06 14:58:20 +01:00
fuzz_ia.c Fix an oobs in xbe and add fuzz.cmd 2023-03-04 23:43:40 +01:00
fuzz_pdb_parse.c Fuzz pdb ##fuzz 2022-08-22 20:08:07 +02:00
fuzz_pkcs7_parse.c Fuzz pkcs7, punycode, x509 ##fuzz 2022-08-22 20:08:07 +02:00
fuzz_protobuf_decode.c Fuzz protobuf ##fuzz 2022-08-22 20:08:07 +02:00
fuzz_punycode_decode.c Fuzz pkcs7, punycode, x509 ##fuzz 2022-08-22 20:08:07 +02:00
fuzz_run_parseline.c libFuzzer demangler target ##fuzz 2022-08-21 22:35:28 +02:00
fuzz_x509_parse.c Fix -Wimplicit-const-int-float-conversion spotted by latest clang 2023-03-04 19:56:36 +01:00
meson.build Initial import of the dalvik.ns plugin ##arch 2024-09-19 15:56:29 +02:00
README.md Update libfuzz build instructions ##test 2023-01-21 02:39:45 +01:00

README.md

libFuzzer tests

Setup

Get libFuzzer-capable clang

# Linux
export CC=clang-14
# macOS
export CC="$(brew --prefix llvm@14)/bin/clang"

Clean project

git clean -xdf
rm -rf shlr/capstone
rm -rf build

Build project with libFuzzer and sanitizers

# If you want to debug crashes
export CFLAGS="-g"
# Build project with test/fuzz
python3 ./sys/meson.py --fuzz --sanitize address,leak,fuzzer-no-link

Run

Refer to https://llvm.org/docs/LibFuzzer.html

Show help

./build/test/fuzz/fuzz_r_run_parseline -help=1

Run fuzzer

mkdir corpus_parseline
./build/test/fuzz/fuzz_r_run_parseline \
  -workers=1 -runs=50000 -timeout=3    \
  corpus_parseline

Replay crashes

./build/test/fuzz/fuzz_r_run_parseline crash-*

Adding a new target

  • add your test to /test/fuzz/meson.build
  • add /test/fuzz/fuzz_<name>.c file
    • add system setup to LLVMFuzzerInitialize (disable logging, enable sandbox, etc)
    • add fuzz target to LLVMFuzzerTestOneInput
    • make sure input is short (ideally no longer than 256 bytes)
    • make sure no memory leaks are present
  • -close_fd_mask=2 (mute stderr) if your target is spammy
  • -ignore_ooms -fork=16 if you're likely to OOM