def fuzz(self,
target_path,
options,
unused_reproducers_dir=None,
max_time=0):
"""Run a fuzz session.
Args:
target_path: Path to the target.
options: The FuzzOptions object returned by prepare().
reproducers_dir: The directory to put reproducers in when crashes
are found.
max_time: Maximum allowed time for the fuzzing to run.
Returns:
A FuzzResult object.
"""
profiler.start_if_needed('syzkaller_kasan')
syzkaller_runner = runner.get_runner(target_path)
# Directory to place new units.
self._create_temp_corpus_dir('new')
return syzkaller_runner.fuzz(max_time,
additional_args=options.arguments)
def reproduce(self, target_path, input_path, arguments, max_time): # pylint: disable=unused-argument
"""Reproduce a crash given an input.
Example: ./syz-crush -config my.cfg -infinite=false -restart_time=20s
crash-qemu-1-1455745459265726910
Args:
target_path: Path to the target.
input_path: Path to the reproducer input.
arguments: Additional arguments needed for reproduction.
max_time: Maximum allowed time for the reproduction.
Returns:
A ReproduceResult.
"""
binary_dir = self.prepare_binary_path()
syzkaller_runner = runner.get_runner(
os.path.join(binary_dir, constants.SYZ_REPRO))
repro_args = runner.get_config()
repro_args.extend([
'-infinite=false', '-restart_time={}s'.format(REPRO_TIME),
input_path
])
result = syzkaller_runner.repro(max_time, repro_args=repro_args)
return engine.ReproduceResult(result.command, result.return_code,
result.time_executed, result.output)
def fuzz(self,
target_path,
options,
unused_reproducers_dir=None,
max_time=0):
"""Run a fuzz session.
Args:
target_path: Path to the target.
options: The FuzzOptions object returned by prepare().
reproducers_dir: The directory to put reproducers in when crashes
are found.
max_time: Maximum allowed time for the fuzzing to run.
Returns:
A FuzzResult object.
"""
profiler.start_if_needed('syzkaller_kasan')
syzkaller_runner = runner.get_runner(target_path)
# Directory to place new units.
self._create_temp_corpus_dir('new')
args = options.arguments
# TODO(yanghuiz): Dump coverfile from Syzkaller HTTP endpoint and
# remove this.
if not environment.is_android_cuttlefish():
args += ['--coverfile', runner.get_cover_file_path()]
self.init_corpus(options.corpus_dir, runner.get_work_dir())
fuzz_result = syzkaller_runner.fuzz(max_time, additional_args=args)
self.save_corpus(runner.get_work_dir(), options.corpus_dir)
return fuzz_result
def reproduce(self, target_path, input_path, arguments, max_time):
"""Reproduce a crash given an input.
Example: ./syz-repro -config my.cfg crash-qemu-1-1455745459265726910
Args:
target_path: Path to the target.
input_path: Path to the reproducer input.
arguments: Additional arguments needed for reproduction.
max_time: Maximum allowed time for the reproduction.
Returns:
A ReproduceResult.
"""
binary_dir = self.prepare_binary_path()
syzkaller_runner = runner.get_runner(
os.path.join(binary_dir, constants.SYZ_REPRO))
repro_args = runner.get_config()
repro_args.extend(input_path)
result = syzkaller_runner.repro(max_time, repro_args=repro_args)
return engine.ReproduceResult(result.command, result.return_code,
result.time_executed, result.output)
