def __init__(self, build_directory, context):
self.build_directory = build_directory
self.context = context
self.fuzzer_path = engine_common.find_fuzzer_path(
self.build_directory, self.context.fuzz_target.binary)
if not self.fuzzer_path:
raise CorpusPruningException('Failed to get fuzzer path for %s.' %
self.context.fuzz_target.binary)
fuzz_inputs_disk = environment.get_value('FUZZ_INPUTS_DISK')
self.runner = libfuzzer.get_runner(self.fuzzer_path,
temp_dir=fuzz_inputs_disk)
if context.use_minijail:
self.runner.chroot.add_binding(
minijail.ChrootBinding(self.context.initial_corpus_path,
'/corpus', False))
self.runner.chroot.add_binding(
minijail.ChrootBinding(self.context.minimized_corpus_path,
'/min', True))
self.runner.chroot.add_binding(
minijail.ChrootBinding(self.context.shared_corpus_path,
'/shared', False))
self.runner.chroot.add_binding(
minijail.ChrootBinding(self.context.bad_units_path,
'/bad_units', True))
self.fuzzer_options = options.get_fuzz_target_options(self.fuzzer_path)
def process_sanitizer_options_overrides(fuzzer_path):
"""Applies sanitizer option overrides from .options file."""
fuzzer_options = options.get_fuzz_target_options(fuzzer_path)
if not fuzzer_options:
return
asan_options = environment.get_memory_tool_options('ASAN_OPTIONS', {})
msan_options = environment.get_memory_tool_options('MSAN_OPTIONS', {})
ubsan_options = environment.get_memory_tool_options('UBSAN_OPTIONS', {})
hwasan_options = environment.get_memory_tool_options('HWASAN_OPTIONS', {})
asan_overrides = fuzzer_options.get_asan_options()
if asan_options and asan_overrides:
asan_options.update(asan_overrides)
environment.set_memory_tool_options('ASAN_OPTIONS', asan_options)
msan_overrides = fuzzer_options.get_msan_options()
if msan_options and msan_overrides:
msan_options.update(msan_overrides)
environment.set_memory_tool_options('MSAN_OPTIONS', msan_options)
ubsan_overrides = fuzzer_options.get_ubsan_options()
if ubsan_options and ubsan_overrides:
ubsan_options.update(ubsan_overrides)
environment.set_memory_tool_options('UBSAN_OPTIONS', ubsan_options)
hwasan_overrides = fuzzer_options.get_hwasan_options()
if hwasan_options and hwasan_overrides:
hwasan_options.update(hwasan_overrides)
environment.set_memory_tool_options('HWASAN_OPTIONS', hwasan_options)
def get_grammar(fuzzer_path):
"""Get grammar for a given fuzz target. Return none if there isn't one."""
fuzzer_options = options.get_fuzz_target_options(fuzzer_path)
if fuzzer_options:
grammar = fuzzer_options.get_grammar_options()
if grammar:
return grammar.get('grammar')
return None
def _get_arguments(self, fuzz_target_path):
"""Helper to return fuzz target arguments by parsing options file for a
fuzz target."""
fuzzer_options = options.get_fuzz_target_options(fuzz_target_path)
if fuzzer_options is None:
return None
fuzzer_arguments = fuzzer_options.get_engine_arguments('libfuzzer')
return sorted(fuzzer_arguments.list())
def __init__(self, build_directory, context):
self.build_directory = build_directory
self.context = context
self.target_path = engine_common.find_fuzzer_path(
self.build_directory, self.context.fuzz_target.binary)
if not self.target_path:
raise CorpusPruningException("Failed to get fuzzer path for %s." %
self.context.fuzz_target.binary)
self.fuzzer_options = options.get_fuzz_target_options(self.target_path)
def generate_arguments(self, fuzzer_path):
"""Generate arguments for fuzzer using .options file or default values."""
arguments = []
rss_limit_mb = None
timeout = None
fuzzer_options = options.get_fuzz_target_options(fuzzer_path)
if fuzzer_options:
libfuzzer_arguments = fuzzer_options.get_engine_arguments(
'libfuzzer')
if libfuzzer_arguments:
arguments.extend(libfuzzer_arguments.list())
rss_limit_mb = libfuzzer_arguments.get('rss_limit_mb',
constructor=int)
timeout = libfuzzer_arguments.get('timeout', constructor=int)
if not timeout:
arguments.append(
'%s%d' %
(constants.TIMEOUT_FLAG, constants.DEFAULT_TIMEOUT_LIMIT))
else:
# Custom timeout value shouldn't be greater than the default timeout
# limit.
# TODO(mmoroz): Eventually, support timeout values greater than the
# default.
if timeout > constants.DEFAULT_TIMEOUT_LIMIT:
arguments.remove('%s%d' % (constants.TIMEOUT_FLAG, timeout))
arguments.append(
'%s%d' %
(constants.TIMEOUT_FLAG, constants.DEFAULT_TIMEOUT_LIMIT))
if not rss_limit_mb:
arguments.append(
'%s%d' %
(constants.RSS_LIMIT_FLAG, constants.DEFAULT_RSS_LIMIT_MB))
else:
# Custom rss_limit_mb value shouldn't be greater than the default value.
if rss_limit_mb > constants.DEFAULT_RSS_LIMIT_MB:
arguments.remove('%s%d' %
(constants.RSS_LIMIT_FLAG, rss_limit_mb))
arguments.append(
'%s%d' %
(constants.RSS_LIMIT_FLAG, constants.DEFAULT_RSS_LIMIT_MB))
return ' '.join(arguments)
def parse_options(self, target_path):
"""Parses a target's .options file (determined using |target_path|) if it
exists and sets configs based on it."""
fuzzer_options = options.get_fuzz_target_options(target_path)
if not fuzzer_options:
return
# Try to convert libFuzzer arguments to AFL.
libfuzzer_options = fuzzer_options.get_engine_arguments('libfuzzer')
for name, value in libfuzzer_options.dict().iteritems():
if name not in self.LIBFUZZER_TO_AFL_OPTIONS:
continue
afl_name = self.LIBFUZZER_TO_AFL_OPTIONS[name]
self.additional_afl_arguments.append('%s%s' % (afl_name, value))
# Get configs set specifically for AFL.
afl_options = fuzzer_options.get_engine_arguments('AFL')
self.num_persistent_executions = afl_options.get(
PERSISTENT_EXECUTIONS_OPTION, constants.MAX_PERSISTENT_EXECUTIONS)
self.additional_env_vars = fuzzer_options.get_env()
