def fuzz(self, target_path, options, unused_reproducers_dir=None, max_time=0): """Run a fuzz session. Args: target_path: Path to the target. options: The FuzzOptions object returned by prepare(). reproducers_dir: The directory to put reproducers in when crashes are found. max_time: Maximum allowed time for the fuzzing to run. Returns: A FuzzResult object. """ profiler.start_if_needed('syzkaller_kasan') syzkaller_runner = runner.get_runner(target_path) # Directory to place new units. self._create_temp_corpus_dir('new') return syzkaller_runner.fuzz(max_time, additional_args=options.arguments)
def reproduce(self, target_path, input_path, arguments, max_time): # pylint: disable=unused-argument """Reproduce a crash given an input. Example: ./syz-crush -config my.cfg -infinite=false -restart_time=20s crash-qemu-1-1455745459265726910 Args: target_path: Path to the target. input_path: Path to the reproducer input. arguments: Additional arguments needed for reproduction. max_time: Maximum allowed time for the reproduction. Returns: A ReproduceResult. """ binary_dir = self.prepare_binary_path() syzkaller_runner = runner.get_runner( os.path.join(binary_dir, constants.SYZ_REPRO)) repro_args = runner.get_config() repro_args.extend([ '-infinite=false', '-restart_time={}s'.format(REPRO_TIME), input_path ]) result = syzkaller_runner.repro(max_time, repro_args=repro_args) return engine.ReproduceResult(result.command, result.return_code, result.time_executed, result.output)
def fuzz(self, target_path, options, unused_reproducers_dir=None, max_time=0): """Run a fuzz session. Args: target_path: Path to the target. options: The FuzzOptions object returned by prepare(). reproducers_dir: The directory to put reproducers in when crashes are found. max_time: Maximum allowed time for the fuzzing to run. Returns: A FuzzResult object. """ profiler.start_if_needed('syzkaller_kasan') syzkaller_runner = runner.get_runner(target_path) # Directory to place new units. self._create_temp_corpus_dir('new') args = options.arguments # TODO(yanghuiz): Dump coverfile from Syzkaller HTTP endpoint and # remove this. if not environment.is_android_cuttlefish(): args += ['--coverfile', runner.get_cover_file_path()] self.init_corpus(options.corpus_dir, runner.get_work_dir()) fuzz_result = syzkaller_runner.fuzz(max_time, additional_args=args) self.save_corpus(runner.get_work_dir(), options.corpus_dir) return fuzz_result
def reproduce(self, target_path, input_path, arguments, max_time): """Reproduce a crash given an input. Example: ./syz-repro -config my.cfg crash-qemu-1-1455745459265726910 Args: target_path: Path to the target. input_path: Path to the reproducer input. arguments: Additional arguments needed for reproduction. max_time: Maximum allowed time for the reproduction. Returns: A ReproduceResult. """ binary_dir = self.prepare_binary_path() syzkaller_runner = runner.get_runner( os.path.join(binary_dir, constants.SYZ_REPRO)) repro_args = runner.get_config() repro_args.extend(input_path) result = syzkaller_runner.repro(max_time, repro_args=repro_args) return engine.ReproduceResult(result.command, result.return_code, result.time_executed, result.output)