Adds a new target to binutils project (#3151)

2019-12-18 19:54:39 +01:00 · 2019-12-18 19:54:39 +01:00 · 44d340ef60
parent 06875f9b36
commit 44d340ef60
3 changed files with 61 additions and 4 deletions
--- a/projects/binutils/Dockerfile
+++ b/projects/binutils/Dockerfile
@ -21,4 +21,4 @@ RUN apt-get update && apt-get install -y make
 RUN git clone --recursive --depth 1 git://sourceware.org/git/binutils-gdb.git binutils-gdb
 WORKDIR $SRC
 COPY build.sh $SRC/
-COPY fuzz_disassemble.c $SRC/
+COPY fuzz_*.c $SRC/
--- a/projects/binutils/build.sh
+++ b/projects/binutils/build.sh
@ -20,9 +20,12 @@ cd binutils-gdb
 ./configure --disable-gdb --enable-targets=all
 make MAKEINFO=true && true
 mkdir fuzz
-cp ../fuzz_disassemble.c fuzz/
+cp ../fuzz_*.c fuzz/

-$CC $CFLAGS -I include -I bfd -I opcodes -c fuzz/fuzz_disassemble.c -o fuzz/fuzz_disassemble.o
-$CXX $CXXFLAGS fuzz/fuzz_disassemble.o -o $OUT/fuzz_disassemble -lFuzzingEngine opcodes/libopcodes.a bfd/libbfd.a libiberty/libiberty.a zlib/libz.a
+cd fuzz
+ls fuzz_*.c | cut -d. -f1 | while read i; do
+    $CC $CFLAGS -I ../include -I ../bfd -I ../opcodes -c $i.c -o $i.o
+    $CXX $CXXFLAGS $i.o -o $OUT/$i $LIB_FUZZING_ENGINE ../opcodes/libopcodes.a ../bfd/libbfd.a ../libiberty/libiberty.a ../zlib/libz.a
+done

 # TODO build corpuses
--- a/projects/binutils/fuzz_bfd.c
+++ b/projects/binutils/fuzz_bfd.c
@ -0,0 +1,54 @@
+#include "sysdep.h"
+#include "bfd.h"
+
+#include <stdint.h>
+#include <stdio.h>
+
+
+static int bufferToFile(const char * name, const uint8_t *Data, size_t Size) {
+    FILE * fd;
+    if (remove(name) != 0) {
+        if (errno != ENOENT) {
+            printf("failed remove, errno=%d\n", errno);
+            return -1;
+        }
+    }
+    fd = fopen(name, "wb");
+    if (fd == NULL) {
+        printf("failed open, errno=%d\n", errno);
+        return -2;
+    }
+    if (fwrite (Data, 1, Size, fd) != Size) {
+        fclose(fd);
+        return -3;
+    }
+    fclose(fd);
+    return 0;
+}
+
+static int initialized = 0;
+//TODO? part of fuzzing
+char *target = NULL;
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+    if (initialized == 0) {
+        if (bfd_init () != BFD_INIT_MAGIC) {
+            abort();
+        }
+        initialized = 1;
+    }
+
+    if (bufferToFile("/tmp/fuzz.bfd", Data, Size) < 0) {
+        abort();
+    }
+    bfd *file = bfd_openr ("/tmp/fuzz.bfd", target);
+    if (file == NULL)
+    {
+        return 0;
+    }
+    bfd_check_format (file, bfd_archive);
+    //TODO loop over subfiles and more processing
+    bfd_close (file);
+
+    return 0;
+}