def execute(args):
"""Attempt to reproduce a crash then report on the result."""
# Initialize fuzzing engines.
init.run()
# The current working directory may change while we're running.
absolute_build_dir = os.path.abspath(args.build_dir)
try:
result = _reproduce_crash(args.testcase, absolute_build_dir,
args.iterations, args.disable_xvfb, args.verbose,
args.disable_android_setup)
except errors.ReproduceToolUnrecoverableError as exception:
print(exception)
return
if not result:
return
_print_stacktrace(result)
if result.is_crash():
status_message = 'Test case reproduced successfully.'
else:
status_message = 'Unable to reproduce the desired crash.'
print(status_message)
_cleanup()
def test_minimize(self):
"""Test minimize."""
helpers.patch(self, ["base.utils.is_oss_fuzz"])
self.mock.is_oss_fuzz.return_value = True
testcase_file_path = os.path.join(self.temp_dir, "testcase")
with open(testcase_file_path, "wb") as f:
f.write("EEE")
with open(testcase_file_path) as f:
fuzzed_keys = blobs.write_blob(f)
testcase_path = os.path.join(self.temp_dir, "testcase")
testcase = data_types.Testcase(
crash_type="Null-dereference WRITE",
crash_address="",
crash_state="Foo\n",
crash_stacktrace="",
crash_revision=1337,
fuzzed_keys=fuzzed_keys,
fuzzer_name="libFuzzer",
overridden_fuzzer_name="libFuzzer_test_fuzzer",
job_type="libfuzzer_asan_job",
original_absolute_path=testcase_path,
absolute_path=testcase_path,
minimized_arguments="%TESTCASE% test_fuzzer",
)
testcase.put()
data_types.FuzzTarget(engine="libFuzzer", binary="test_fuzzer").put()
fuzzers_init.run()
self._setup_env(job_type="libfuzzer_asan_job")
environment.set_value("APP_ARGS", testcase.minimized_arguments)
environment.set_value("LIBFUZZER_MINIMIZATION_ROUNDS", 3)
environment.set_value("UBSAN_OPTIONS",
"unneeded_option=1:silence_unsigned_overflow=1")
minimize_task.execute_task(testcase.key.id(), "libfuzzer_asan_job")
testcase = data_handler.get_testcase_by_id(testcase.key.id())
self.assertNotEqual("", testcase.minimized_keys)
self.assertNotEqual("NA", testcase.minimized_keys)
self.assertNotEqual(testcase.fuzzed_keys, testcase.minimized_keys)
self.assertEqual(
{
"ASAN_OPTIONS": {},
"UBSAN_OPTIONS": {
"silence_unsigned_overflow": 1
}
},
testcase.get_metadata("env"),
)
blobs.read_blob_to_disk(testcase.minimized_keys, testcase_path)
with open(testcase_path) as f:
self.assertEqual(1, len(f.read()))
def test_minimize(self):
"""Test minimize."""
helpers.patch(self, ['base.utils.is_oss_fuzz'])
self.mock.is_oss_fuzz.return_value = True
testcase_file_path = os.path.join(self.temp_dir, 'testcase')
with open(testcase_file_path, 'wb') as f:
f.write(b'EEE')
with open(testcase_file_path) as f:
fuzzed_keys = blobs.write_blob(f)
testcase_path = os.path.join(self.temp_dir, 'testcase')
testcase = data_types.Testcase(
crash_type='Null-dereference WRITE',
crash_address='',
crash_state='Foo\n',
crash_stacktrace='',
crash_revision=1337,
fuzzed_keys=fuzzed_keys,
fuzzer_name='libFuzzer',
overridden_fuzzer_name='libFuzzer_test_fuzzer',
job_type='libfuzzer_asan_job',
original_absolute_path=testcase_path,
absolute_path=testcase_path,
minimized_arguments='%TESTCASE% test_fuzzer')
testcase.put()
data_types.FuzzTarget(engine='libFuzzer', binary='test_fuzzer').put()
fuzzers_init.run()
self._setup_env(job_type='libfuzzer_asan_job')
environment.set_value('APP_ARGS', testcase.minimized_arguments)
environment.set_value('LIBFUZZER_MINIMIZATION_ROUNDS', 3)
environment.set_value('UBSAN_OPTIONS',
'unneeded_option=1:silence_unsigned_overflow=1')
minimize_task.execute_task(testcase.key.id(), 'libfuzzer_asan_job')
testcase = data_handler.get_testcase_by_id(testcase.key.id())
self.assertNotEqual('', testcase.minimized_keys)
self.assertNotEqual('NA', testcase.minimized_keys)
self.assertNotEqual(testcase.fuzzed_keys, testcase.minimized_keys)
self.assertEqual(
{
'ASAN_OPTIONS': {},
'UBSAN_OPTIONS': {
'silence_unsigned_overflow': 1
}
}, testcase.get_metadata('env'))
blobs.read_blob_to_disk(testcase.minimized_keys, testcase_path)
with open(testcase_path) as f:
self.assertEqual(1, len(f.read()))
def execute(args):
"""Attempt to reproduce a crash then report on the result."""
# Initialize fuzzing engines.
init.run()
# Prepare the emulator if needed.
emulator_process = None
if args.emulator:
print("Starting emulator...")
emulator_process = android.start_emulator()
# The current working directory may change while we're running.
absolute_build_dir = os.path.abspath(args.build_dir)
try:
result = _reproduce_crash(
args.testcase,
absolute_build_dir,
args.iterations,
args.disable_xvfb,
args.verbose,
args.disable_android_setup,
)
except errors.ReproduceToolUnrecoverableError as exception:
print(exception)
return
finally:
if emulator_process:
emulator_process.terminate()
if not result:
return
_print_stacktrace(result)
if result.is_crash():
status_message = "Test case reproduced successfully."
else:
status_message = "Unable to reproduce the desired crash."
print(status_message)
_cleanup()
def main():
"""Prepare the configuration options and start requesting tasks."""
logs.configure('run_bot')
root_directory = environment.get_value('ROOT_DIR')
if not root_directory:
print('Please set ROOT_DIR environment variable to the root of the source '
'checkout before running. Exiting.')
print('For an example, check init.bash in the local directory.')
return
dates.initialize_timezone_from_environment()
environment.set_bot_environment()
monitor.initialize()
if not profiler.start_if_needed('python_profiler_bot'):
sys.exit(-1)
fuzzers_init.run()
if environment.is_trusted_host(ensure_connected=False):
from bot.untrusted_runner import host
host.init()
if environment.is_untrusted_worker():
# Track revision since we won't go into the task_loop.
update_task.track_revision()
from bot.untrusted_runner import untrusted as untrusted_worker
untrusted_worker.start_server()
assert False, 'Unreachable code'
while True:
# task_loop should be an infinite loop,
# unless we run into an exception.
error_stacktrace, clean_exit, task_payload = task_loop()
# Print the error trace to the console.
if not clean_exit:
print('Exception occurred while running "%s".' % task_payload)
print('-' * 80)
print(error_stacktrace)
print('-' * 80)
should_terminate = (
clean_exit or errors.error_in_list(error_stacktrace,
errors.BOT_ERROR_TERMINATION_LIST))
if should_terminate:
return
logs.log_error(
'Task exited with exception (payload="%s").' % task_payload,
error_stacktrace=error_stacktrace)
should_hang = errors.error_in_list(error_stacktrace,
errors.BOT_ERROR_HANG_LIST)
if should_hang:
logs.log('Start hanging forever.')
while True:
# Sleep to avoid consuming 100% of CPU.
time.sleep(60)
# See if our run timed out, if yes bail out.
if data_handler.bot_run_timed_out():
return
# Clear the current exception.
sys.exc_clear()
