mirror of https://github.com/google/oss-fuzz.git
binutils: add 3 new targetes readelfs (#7043)
Coverage should be tracked on these to see if they help explore their respective architectures under the bfd/ directory.
This commit is contained in:
DavidKorczynski
GitHub
parent
00f772962f
commit
5fe8ecc3c4
|
|
@ -112,7 +112,10 @@ done
|
|||
# Fuzzers that need additional flags
|
||||
fuzz_compile dlltool dlltool "-DDLLTOOL_I386 -DDLLTOOL_DEFAULT_I386"
|
||||
fuzz_compile objdump objdump_safe "-DOBJDUMP_SAFE"
|
||||
fuzz_compile readelf readelf_pef "-DREADELF_TARGETED "
|
||||
fuzz_compile readelf readelf_pef "-DREADELF_TARGETED=\"pef\""
|
||||
fuzz_compile readelf readelf_elf32_bigarm "-DREADELF_TARGETED=\"elf32-bigarm\""
|
||||
fuzz_compile readelf readelf_elf32_littlearm "-DREADELF_TARGETED=\"elf32-littlearm\""
|
||||
fuzz_compile readelf readelf_elf64_mmix "-DREADELF_TARGETED=\"elf64-mmix\""
|
||||
|
||||
#
|
||||
# Link fuzzers
|
||||
|
|
@ -127,6 +130,9 @@ OBJ3="dwarf.o prdbg.o rddbg.o unwind-ia64.o debug.o stabs.o rdcoff.o bucomm.o ve
|
|||
declare -A fl
|
||||
fl["readelf"]=${OBJ2}
|
||||
fl["readelf_pef"]=${OBJ2}
|
||||
fl["readelf_elf32_bigarm"]=${OBJ2}
|
||||
fl["readelf_elf32_littlearm"]=${OBJ2}
|
||||
fl["readelf_elf64_mmix"]=${OBJ2}
|
||||
fl["objdump"]=${OBJ3}
|
||||
fl["objdump_safe"]=${OBJ3}
|
||||
fl["dwarf"]=${OBJ3}
|
||||
|
|
@ -162,14 +168,14 @@ then
|
|||
fi
|
||||
|
||||
# Copy seeds out
|
||||
for fuzzname in readelf_pef objdump objdump_safe nm objcopy bdf windres addr2line dwarf; do
|
||||
for fuzzname in readelf_pef readelf_elf64_mmix readelf_elf32_littlearm readelf_elf32_bigarm objdump objdump_safe nm objcopy bdf windres addr2line dwarf; do
|
||||
cp $SRC/binary-samples/oss-fuzz-binutils/general_seeds.zip $OUT/fuzz_${fuzzname}_seed_corpus.zip
|
||||
done
|
||||
# Seed targeted the pef file format
|
||||
cp $SRC/binary-samples/oss-fuzz-binutils/fuzz_bfd_ext_seed_corpus.zip $OUT/fuzz_bfd_ext_seed_corpus.zip
|
||||
|
||||
# Copy options files
|
||||
for ft in readelf readelf_pef objcopy objdump dlltool disas_ext-bfd_arch_csky nm as windres objdump_safe ranlib_simulation addr2line dwarf; do
|
||||
for ft in readelf readelf_pef readelf_elf64_mmix readelf_elf32_littlearm readelf_elf32_bigarm objcopy objdump dlltool disas_ext-bfd_arch_csky nm as windres objdump_safe ranlib_simulation addr2line dwarf; do
|
||||
echo "[libfuzzer]" > $OUT/fuzz_${ft}.options
|
||||
echo "detect_leaks=0" >> $OUT/fuzz_${ft}.options
|
||||
done
|
||||
|
|
|
|||
|
|
@ -59,57 +59,71 @@ int check_architecture(char *tmpfilename, char *arch_string) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
// int gb=0;
|
||||
|
||||
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
|
||||
int
|
||||
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
||||
{
|
||||
char filename[256];
|
||||
sprintf(filename, "/tmp/libfuzzer.%d", getpid());
|
||||
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
||||
char filename[256];
|
||||
sprintf(filename, "/tmp/libfuzzer.%d", getpid());
|
||||
|
||||
FILE *fp = fopen(filename, "wb");
|
||||
if (!fp)
|
||||
return 0;
|
||||
FILE *fp = fopen(filename, "wb");
|
||||
if (!fp)
|
||||
return 0;
|
||||
|
||||
/* Code to quickly extract target list.
|
||||
* This is used to identify new targets but should
|
||||
* not be in the fuzz code.
|
||||
if (gb == 0) {
|
||||
char **doublel = bfd_target_list();
|
||||
while (*doublel != NULL) {
|
||||
printf("Target: %s\n", *doublel);
|
||||
doublel++;
|
||||
}
|
||||
gb=1;
|
||||
}
|
||||
exit(0);
|
||||
*/
|
||||
|
||||
#ifdef READELF_TARGETED
|
||||
if (check_architecture(filename, "pef") == 0) {
|
||||
if (check_architecture(filename, READELF_TARGETED) == 0) {
|
||||
unlink(filename);
|
||||
return 0;
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
fwrite(data, size, 1, fp);
|
||||
fclose(fp);
|
||||
do_syms = true;
|
||||
do_reloc = true;
|
||||
do_unwind = true;
|
||||
do_dynamic = true;
|
||||
do_header = true;
|
||||
do_sections = true;
|
||||
do_section_groups = true;
|
||||
do_segments = true;
|
||||
do_version = true;
|
||||
do_histogram = true;
|
||||
do_arch = true;
|
||||
do_notes = true;
|
||||
fwrite(data, size, 1, fp);
|
||||
fclose(fp);
|
||||
do_syms = true;
|
||||
do_reloc = true;
|
||||
do_unwind = true;
|
||||
do_dynamic = true;
|
||||
do_header = true;
|
||||
do_sections = true;
|
||||
do_section_groups = true;
|
||||
do_segments = true;
|
||||
do_version = true;
|
||||
do_histogram = true;
|
||||
do_arch = true;
|
||||
do_notes = true;
|
||||
|
||||
// Enable DWARF analysis
|
||||
// We must call both dwarf_select_sections_by_letters and dwarf_select_sections_all
|
||||
// since dwarf_select_sections_all does not set do_debug_lines |= FLAG_DEBUG_LINES_DECODED;
|
||||
// We must call both dwarf_select_sections_by_letters and
|
||||
// dwarf_select_sections_all since dwarf_select_sections_all does not set
|
||||
// do_debug_lines |= FLAG_DEBUG_LINES_DECODED;
|
||||
dwarf_select_sections_by_letters("L");
|
||||
dwarf_select_sections_all();
|
||||
|
||||
// Main fuzz entrypoint
|
||||
process_file(filename);
|
||||
process_file(filename);
|
||||
|
||||
unlink(filename);
|
||||
unlink(filename);
|
||||
|
||||
free (dump_ctf_symtab_name);
|
||||
dump_ctf_symtab_name = NULL;
|
||||
free (dump_ctf_strtab_name);
|
||||
dump_ctf_strtab_name = NULL;
|
||||
free (dump_ctf_parent_name);
|
||||
dump_ctf_parent_name = NULL;
|
||||
free(dump_ctf_symtab_name);
|
||||
dump_ctf_symtab_name = NULL;
|
||||
free(dump_ctf_strtab_name);
|
||||
dump_ctf_strtab_name = NULL;
|
||||
free(dump_ctf_parent_name);
|
||||
dump_ctf_parent_name = NULL;
|
||||
|
||||
return 0;
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue