def __init__(self, build_directory, context): self.build_directory = build_directory self.context = context self.fuzzer_path = engine_common.find_fuzzer_path( self.build_directory, self.context.fuzz_target.binary) if not self.fuzzer_path: raise CorpusPruningException('Failed to get fuzzer path for %s.' % self.context.fuzz_target.binary) fuzz_inputs_disk = environment.get_value('FUZZ_INPUTS_DISK') self.runner = libfuzzer.get_runner(self.fuzzer_path, temp_dir=fuzz_inputs_disk) if context.use_minijail: self.runner.chroot.add_binding( minijail.ChrootBinding(self.context.initial_corpus_path, '/corpus', False)) self.runner.chroot.add_binding( minijail.ChrootBinding(self.context.minimized_corpus_path, '/min', True)) self.runner.chroot.add_binding( minijail.ChrootBinding(self.context.shared_corpus_path, '/shared', False)) self.runner.chroot.add_binding( minijail.ChrootBinding(self.context.bad_units_path, '/bad_units', True)) self.fuzzer_options = options.get_fuzz_target_options(self.fuzzer_path)
def process_sanitizer_options_overrides(fuzzer_path): """Applies sanitizer option overrides from .options file.""" fuzzer_options = options.get_fuzz_target_options(fuzzer_path) if not fuzzer_options: return asan_options = environment.get_memory_tool_options('ASAN_OPTIONS', {}) msan_options = environment.get_memory_tool_options('MSAN_OPTIONS', {}) ubsan_options = environment.get_memory_tool_options('UBSAN_OPTIONS', {}) hwasan_options = environment.get_memory_tool_options('HWASAN_OPTIONS', {}) asan_overrides = fuzzer_options.get_asan_options() if asan_options and asan_overrides: asan_options.update(asan_overrides) environment.set_memory_tool_options('ASAN_OPTIONS', asan_options) msan_overrides = fuzzer_options.get_msan_options() if msan_options and msan_overrides: msan_options.update(msan_overrides) environment.set_memory_tool_options('MSAN_OPTIONS', msan_options) ubsan_overrides = fuzzer_options.get_ubsan_options() if ubsan_options and ubsan_overrides: ubsan_options.update(ubsan_overrides) environment.set_memory_tool_options('UBSAN_OPTIONS', ubsan_options) hwasan_overrides = fuzzer_options.get_hwasan_options() if hwasan_options and hwasan_overrides: hwasan_options.update(hwasan_overrides) environment.set_memory_tool_options('HWASAN_OPTIONS', hwasan_options)
def get_grammar(fuzzer_path): """Get grammar for a given fuzz target. Return none if there isn't one.""" fuzzer_options = options.get_fuzz_target_options(fuzzer_path) if fuzzer_options: grammar = fuzzer_options.get_grammar_options() if grammar: return grammar.get('grammar') return None
def _get_arguments(self, fuzz_target_path): """Helper to return fuzz target arguments by parsing options file for a fuzz target.""" fuzzer_options = options.get_fuzz_target_options(fuzz_target_path) if fuzzer_options is None: return None fuzzer_arguments = fuzzer_options.get_engine_arguments('libfuzzer') return sorted(fuzzer_arguments.list())
def __init__(self, build_directory, context): self.build_directory = build_directory self.context = context self.target_path = engine_common.find_fuzzer_path( self.build_directory, self.context.fuzz_target.binary) if not self.target_path: raise CorpusPruningException("Failed to get fuzzer path for %s." % self.context.fuzz_target.binary) self.fuzzer_options = options.get_fuzz_target_options(self.target_path)
def generate_arguments(self, fuzzer_path): """Generate arguments for fuzzer using .options file or default values.""" arguments = [] rss_limit_mb = None timeout = None fuzzer_options = options.get_fuzz_target_options(fuzzer_path) if fuzzer_options: libfuzzer_arguments = fuzzer_options.get_engine_arguments( 'libfuzzer') if libfuzzer_arguments: arguments.extend(libfuzzer_arguments.list()) rss_limit_mb = libfuzzer_arguments.get('rss_limit_mb', constructor=int) timeout = libfuzzer_arguments.get('timeout', constructor=int) if not timeout: arguments.append( '%s%d' % (constants.TIMEOUT_FLAG, constants.DEFAULT_TIMEOUT_LIMIT)) else: # Custom timeout value shouldn't be greater than the default timeout # limit. # TODO(mmoroz): Eventually, support timeout values greater than the # default. if timeout > constants.DEFAULT_TIMEOUT_LIMIT: arguments.remove('%s%d' % (constants.TIMEOUT_FLAG, timeout)) arguments.append( '%s%d' % (constants.TIMEOUT_FLAG, constants.DEFAULT_TIMEOUT_LIMIT)) if not rss_limit_mb: arguments.append( '%s%d' % (constants.RSS_LIMIT_FLAG, constants.DEFAULT_RSS_LIMIT_MB)) else: # Custom rss_limit_mb value shouldn't be greater than the default value. if rss_limit_mb > constants.DEFAULT_RSS_LIMIT_MB: arguments.remove('%s%d' % (constants.RSS_LIMIT_FLAG, rss_limit_mb)) arguments.append( '%s%d' % (constants.RSS_LIMIT_FLAG, constants.DEFAULT_RSS_LIMIT_MB)) return ' '.join(arguments)
def parse_options(self, target_path): """Parses a target's .options file (determined using |target_path|) if it exists and sets configs based on it.""" fuzzer_options = options.get_fuzz_target_options(target_path) if not fuzzer_options: return # Try to convert libFuzzer arguments to AFL. libfuzzer_options = fuzzer_options.get_engine_arguments('libfuzzer') for name, value in libfuzzer_options.dict().iteritems(): if name not in self.LIBFUZZER_TO_AFL_OPTIONS: continue afl_name = self.LIBFUZZER_TO_AFL_OPTIONS[name] self.additional_afl_arguments.append('%s%s' % (afl_name, value)) # Get configs set specifically for AFL. afl_options = fuzzer_options.get_engine_arguments('AFL') self.num_persistent_executions = afl_options.get( PERSISTENT_EXECUTIONS_OPTION, constants.MAX_PERSISTENT_EXECUTIONS) self.additional_env_vars = fuzzer_options.get_env()