From 7921270476ef3ed15b82f2c4bce86094c7cad735 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 18 Jan 2022 20:54:28 +0100 Subject: [PATCH] Ignore fuzz setup problem detection during building with afl++ (#7127) * update afl++ commit id * update afl++ commit id * fix for afl++ * attempt fix for curl * allow easy reproducable afl++ builds * new commit id * fixes * another afl++ commit increase * not a relevant update, but why not * two afl++ fixes * add debug script * update commit id (not relevant though) * add wget * update afl++ commit id * just afl++ doc updates, but maybe this results in some attention * ignore afl++ fuzz setup problems during building * update afl++ commit id * fix laf-intel implementation * ensure fuzz tests are running without issues for afl++ * update afl++ commit id --- infra/base-images/base-builder/Dockerfile | 2 +- infra/base-images/base-builder/compile_afl | 6 +++++- infra/base-images/base-runner/run_fuzzer | 10 +++++++++- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile index 1f6018e06..53522aaed 100644 --- a/infra/base-images/base-builder/Dockerfile +++ b/infra/base-images/base-builder/Dockerfile @@ -125,7 +125,7 @@ WORKDIR $SRC RUN git clone https://github.com/AFLplusplus/AFLplusplus.git aflplusplus && \ cd aflplusplus && \ - git checkout ef77d552e9b89852b293c300a5a9a9c617945f43 && \ + git checkout c5117b42cab9f47448a7f3cfe3edae6708d32528 && \ wget --no-check-certificate -O oss.sh https://raw.githubusercontent.com/vanhauser-thc/binary_blobs/master/oss.sh && \ chmod 755 oss.sh diff --git a/infra/base-images/base-builder/compile_afl b/infra/base-images/base-builder/compile_afl index 9275fd114..321d02915 100644 --- a/infra/base-images/base-builder/compile_afl +++ b/infra/base-images/base-builder/compile_afl @@ -15,6 +15,9 @@ # ################################################################################ +# In emergencies where afl++'s own compiler fails set this to "1": +export AFL_LLVM_MODE_WORKAROUND=0 + # AFL++ setup echo "Copying precompiled AFL++" @@ -34,6 +37,8 @@ export CXX="$SRC/aflplusplus/afl-clang-fast++" export AFL_QUIET=1 # No leak errors during builds. export ASAN_OPTIONS="detect_leaks=0:symbolize=0:detect_odr_violation=0:abort_on_error=1" +# Do not abort on any problems (because this is during build where it is ok) +export AFL_IGNORE_PROBLEMS=1 # No complain on unknown AFL environment variables export AFL_IGNORE_UNKNOWN_ENVS=1 @@ -44,7 +49,6 @@ env | egrep -q '^AFL_SKIP_OSSFUZZ=' || { # The variables need to be set to "1" here - or before running this script. # AFL++ configuration options. - export AFL_LLVM_MODE_WORKAROUND=0 export AFL_ENABLE_DICTIONARY=0 export AFL_ENABLE_CMPLOG=1 export AFL_LAF_CHANCE=5 diff --git a/infra/base-images/base-runner/run_fuzzer b/infra/base-images/base-runner/run_fuzzer index cda877cf1..97213279e 100755 --- a/infra/base-images/base-runner/run_fuzzer +++ b/infra/base-images/base-runner/run_fuzzer @@ -113,20 +113,28 @@ if [[ "$FUZZING_ENGINE" = afl ]]; then export AFL_FAST_CAL=1 export AFL_CMPLOG_ONLY_NEW=1 export AFL_FORKSRV_INIT_TMOUT=30000 + export AFL_IGNORE_PROBLEMS=1 + export AFL_IGNORE_UNKNOWN_ENVS=1 + # If $OUT/afl_cmplog.txt is present this means the target was compiled for # CMPLOG. So we have to add the proper parameters to afl-fuzz. test -e "$OUT/afl_cmplog.txt" && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -c $OUT/$FUZZER" + # If $OUT/afl++.dict we load it as a dictionary for afl-fuzz. test -e "$OUT/afl++.dict" && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -x $OUT/afl++.dict" + # Ensure timeout is a bit larger than 1sec as some of the OSS-Fuzz fuzzers # are slower than this. AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -t 5000+" + # AFL expects at least 1 file in the input dir. echo input > ${CORPUS_DIR}/input + + CMD_LINE="$OUT/afl-fuzz $AFL_FUZZER_ARGS -i $CORPUS_DIR -o $FUZZER_OUT $(get_dictionary) $* -- $OUT/$FUZZER" + echo afl++ setup: env|grep AFL_ cat "$OUT/afl_options.txt" - CMD_LINE="$OUT/afl-fuzz $AFL_FUZZER_ARGS -i $CORPUS_DIR -o $FUZZER_OUT $(get_dictionary) $* -- $OUT/$FUZZER" elif [[ "$FUZZING_ENGINE" = honggfuzz ]]; then