From af6c0e68390855e100b187f8e374d1f27f12298a Mon Sep 17 00:00:00 2001 From: Wouter van Oortmerssen Date: Mon, 16 Jul 2018 15:51:01 -0700 Subject: [PATCH] Updated fuzzer scripts Point to new Chromium location Also enable UBSan Change-Id: I4ba182e3c6a967ad89090b776d05762fa9ae6e40 --- tests/fuzzer/build_fuzzer.sh | 6 +++--- tests/fuzzer/build_run_parser_test.sh | 5 ++++- tests/fuzzer/build_run_verifier_test.sh | 4 +++- tests/test.cpp | 19 ++++++++++++++++--- 4 files changed, 26 insertions(+), 8 deletions(-) diff --git a/tests/fuzzer/build_fuzzer.sh b/tests/fuzzer/build_fuzzer.sh index 48eb3b7c9..c013cdd8a 100644 --- a/tests/fuzzer/build_fuzzer.sh +++ b/tests/fuzzer/build_fuzzer.sh @@ -14,7 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -git clone https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer -clang++ -c -g -O2 -std=c++11 Fuzzer/*.cpp -IFuzzer +git clone https://chromium.googlesource.com/chromium/llvm-project/compiler-rt/lib/fuzzer +clang++ -c -g -O2 -std=c++11 fuzzer/*.cpp -Ifuzzer ar ruv libFuzzer.a Fuzzer*.o -rm -rf Fuzzer *.o +rm -rf fuzzer *.o diff --git a/tests/fuzzer/build_run_parser_test.sh b/tests/fuzzer/build_run_parser_test.sh index 3a053e762..7fac7182a 100644 --- a/tests/fuzzer/build_run_parser_test.sh +++ b/tests/fuzzer/build_run_parser_test.sh @@ -14,7 +14,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -clang++ -fsanitize-coverage=edge -fsanitize=address -std=c++11 -stdlib=libstdc++ -I.. -I../../include flatbuffers_parser_fuzzer.cc ../../src/idl_parser.cpp ../../src/util.cpp libFuzzer.a -o fuzz_parser +clang++ -fsanitize-coverage=edge -fsanitize=address -fsanitize=undefined \ + -g -fno-omit-frame-pointer -std=c++11 -stdlib=libstdc++ \ + -I.. -I../../include flatbuffers_parser_fuzzer.cc ../../src/idl_parser.cpp \ + ../../src/util.cpp libFuzzer.a -o fuzz_parser mkdir -p parser_corpus cp ../*.json ../*.fbs parser_corpus ./fuzz_parser parser_corpus diff --git a/tests/fuzzer/build_run_verifier_test.sh b/tests/fuzzer/build_run_verifier_test.sh index 67616496a..412afffc6 100644 --- a/tests/fuzzer/build_run_verifier_test.sh +++ b/tests/fuzzer/build_run_verifier_test.sh @@ -14,7 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -clang++ -fsanitize-coverage=edge -fsanitize=address -std=c++11 -stdlib=libstdc++ -I.. -I../../include flatbuffers_verifier_fuzzer.cc libFuzzer.a -o fuzz_verifier +clang++ -fsanitize-coverage=edge -fsanitize=address -fsanitize=undefined \ + -g -fno-omit-frame-pointer -std=c++11 -stdlib=libstdc++ \ + -I.. -I../../include flatbuffers_verifier_fuzzer.cc libFuzzer.a -o fuzz_verifier mkdir -p verifier_corpus cp ../*.mon verifier_corpus ./fuzz_verifier verifier_corpus diff --git a/tests/test.cpp b/tests/test.cpp index 4a2ee2788..27d2a21c3 100644 --- a/tests/test.cpp +++ b/tests/test.cpp @@ -1952,19 +1952,19 @@ void EndianSwapTest() { void UninitializedVectorTest() { flatbuffers::FlatBufferBuilder builder; - + Test *buf = nullptr; auto vector_offset = builder.CreateUninitializedVectorOfStructs(2, &buf); TEST_NOTNULL(buf); buf[0] = Test(10, 20); buf[1] = Test(30, 40); - + auto required_name = builder.CreateString("myMonster"); auto monster_builder = MonsterBuilder(builder); monster_builder.add_name(required_name); // required field mandated for monster. monster_builder.add_test4(vector_offset); builder.Finish(monster_builder.Finish()); - + auto p = builder.GetBufferPointer(); auto uvt = flatbuffers::GetRoot(p); TEST_NOTNULL(uvt); @@ -1978,6 +1978,18 @@ void UninitializedVectorTest() { TEST_EQ(test_1->b(), 40); } +// For testing any binaries, e.g. from fuzzing. +void LoadVerifyBinaryTest() { + std::string binary; + if (flatbuffers::LoadFile((test_data_path + + "fuzzer/your-filename-here").c_str(), + true, &binary)) { + flatbuffers::Verifier verifier( + reinterpret_cast(binary.data()), binary.size()); + TEST_EQ(VerifyMonsterBuffer(verifier), true); + } +} + int main(int /*argc*/, const char * /*argv*/ []) { // clang-format off #if defined(FLATBUFFERS_MEMORY_LEAK_TRACKING) && \ @@ -2021,6 +2033,7 @@ int main(int /*argc*/, const char * /*argv*/ []) { ReflectionTest(flatbuf.data(), flatbuf.size()); ParseProtoTest(); UnionVectorTest(); + LoadVerifyBinaryTest(); #endif // clang-format on