def get_coverage_binary(benchmark: str) -> str: """Get the coverage binary for benchmark.""" coverage_binaries_dir = build_utils.get_coverage_binaries_dir() fuzz_target = benchmark_utils.get_fuzz_target(benchmark) return fuzzer_utils.get_fuzz_target_binary(coverage_binaries_dir / benchmark, fuzz_target_name=fuzz_target)
def run_fuzzer(max_total_time, log_filename): """Runs the fuzzer using its script. Logs stdout and stderr of the fuzzer script to |log_filename| if provided.""" input_corpus = environment.get('SEED_CORPUS_DIR') output_corpus = environment.get('OUTPUT_CORPUS_DIR') fuzz_target_name = environment.get('FUZZ_TARGET') target_binary = fuzzer_utils.get_fuzz_target_binary( FUZZ_TARGET_DIR, fuzz_target_name) if not target_binary: logs.error('Fuzz target binary not found.') return _unpack_clusterfuzz_seed_corpus(target_binary, input_corpus) _clean_seed_corpus(input_corpus) if max_total_time is None: logs.warning('max_total_time is None. Fuzzing indefinitely.') runner_niceness = environment.get('RUNNER_NICENESS', 0) try: # Because the runner is launched at a higher priority, # set it back to the default(0) for fuzzing processes. command = [ 'nice', '-n', str(0 - runner_niceness), 'python3', '-u', '-c', ('import fuzzer; ' 'fuzzer.fuzz(' "'{input_corpus}', '{output_corpus}', '{target_binary}')").format( input_corpus=shlex.quote(input_corpus), output_corpus=shlex.quote(output_corpus), target_binary=shlex.quote(target_binary)) ] fuzzer_environment = _get_fuzzer_environment() # Write output to stdout if user is fuzzing from command line. # Otherwise, write output to the log file. if environment.get('FUZZ_OUTSIDE_EXPERIMENT'): new_process.execute(command, timeout=max_total_time, write_to_stdout=True, kill_children=True, env=fuzzer_environment) else: with open(log_filename, 'wb') as log_file: new_process.execute(command, timeout=max_total_time, output_file=log_file, kill_children=True, env=fuzzer_environment) except subprocess.CalledProcessError: global fuzzer_errored_out # pylint:disable=invalid-name fuzzer_errored_out = True logs.error('Fuzz process returned nonzero.')
def run_fuzzer(max_total_time, log_filename): """Runs the fuzzer using its script. Logs stdout and stderr of the fuzzer script to |log_filename| if provided.""" input_corpus = environment.get('SEED_CORPUS_DIR') output_corpus = environment.get('OUTPUT_CORPUS_DIR') fuzz_target_name = environment.get('FUZZ_TARGET') target_binary = fuzzer_utils.get_fuzz_target_binary( FUZZ_TARGET_DIR, fuzz_target_name) if not target_binary: logs.error('Fuzz target binary not found.') return _unpack_clusterfuzz_seed_corpus(target_binary, input_corpus) _clean_seed_corpus(input_corpus) if max_total_time is None: logs.warning('max_total_time is None. Fuzzing indefinitely.') runner_niceness = environment.get('RUNNER_NICENESS', 0) try: with open(log_filename, 'w') as log_file: # Because the runner is launched at a higher priority, # set it back to the default(0) for fuzzing processes. new_process.execute([ 'nice', '-n', str(0 - runner_niceness), 'python3', '-u', '-c', ('import fuzzer; ' 'fuzzer.fuzz(' "'{input_corpus}', '{output_corpus}', '{target_binary}')" ).format(input_corpus=shlex.quote(input_corpus), output_corpus=shlex.quote(output_corpus), target_binary=shlex.quote(target_binary)) ], timeout=max_total_time, output_files=[log_file], kill_children=True, env=_get_fuzzer_environment()) except subprocess.CalledProcessError: logs.error('Fuzz process returned nonzero.')
def test_found_fuzzer_containing_string_without_fuzzer_name_arg(fs, environ): """Test that fuzz target with search string is returned, when None fuzzer name argument is provided.""" fs.create_file('/out/custom-target', contents='\n\nLLVMFuzzerTestOneInput') assert fuzzer_utils.get_fuzz_target_binary('/out', None) == ('/out/custom-target')
def test_found_fuzzer_on_default_path(fs, environ): """Test that default fuzz target path is returned if found.""" fuzz_target_path = '/out/fuzz-target' fs.create_file(fuzz_target_path) assert fuzzer_utils.get_fuzz_target_binary('/out', None) == ('/out/fuzz-target')
def test_not_found_without_fuzzer_name_arg(fs, environ): """Test that None is returned when no fuzz target exists and None fuzzer name argument is provided.""" fs.create_file('/out/empty') assert fuzzer_utils.get_fuzz_target_binary('/out', None) is None