def test_doesnt_mutate_options(self): """Test that calling get_memory_tool_options followed by set_memory_tool_options does not mutate sanitizer options unless we do so explicitly.""" # Make environment module use the Windows symbolizer, since its path is # hard to get right. test_helpers.patch_environ(self) os.environ['JOB_NAME'] = 'windows_libfuzzer_chrome_asan' test_helpers.patch(self, [ 'system.environment.platform', 'system.environment.get_llvm_symbolizer_path' ]) self.mock.platform.return_value = 'WINDOWS' windows_symbolizer_path = ( r'c:\clusterfuzz\resources\platform\windows\llvm-symbolizer.exe') self.mock.get_llvm_symbolizer_path.return_value = windows_symbolizer_path environment.reset_current_memory_tool_options() memory_tool_var = 'ASAN_OPTIONS' first_asan_options_dict = environment.get_memory_tool_options( memory_tool_var) environment.set_memory_tool_options(memory_tool_var, first_asan_options_dict) second_asan_options_dict = environment.get_memory_tool_options( memory_tool_var) self.assertDictEqual(first_asan_options_dict, second_asan_options_dict)
def set_additional_sanitizer_options_for_afl_fuzz(): """Set *SAN_OPTIONS to afl's liking. If ASAN_OPTIONS or MSAN_OPTION is set, they must contain certain options or afl-fuzz will refuse to fuzz. See check_asan_opts() in afl-fuzz.c in afl for more details. """ # We need to check if ASAN_OPTIONS and/or MSAN_OPTIONS contain symbolize=0 # because ClusterFuzz sets all sanitizers options equal to an empty string # before adding symbolize=0 to *either* ASAN_OPTIONS or MSAN_OPTIONS. Because # they will both be set but one will be empty, afl will think the empty one is # incorrect and quit if we don't do this. required_sanitizer_options = { 'ASAN_OPTIONS': { 'symbolize': 0, 'abort_on_error': 1 }, 'MSAN_OPTIONS': { 'symbolize': 0, 'exit_code': 86 }, } for options_env_var, option_values in required_sanitizer_options.iteritems( ): # If os.environ[options_env_var] is an empty string, afl will refuse to run, # because we haven't set the right options. Thus only continue if it does # not exist. if options_env_var not in os.environ: continue options_env_value = environment.get_memory_tool_options( options_env_var) options_env_value.update(option_values) environment.set_memory_tool_options(options_env_var, options_env_value)
def set_sanitizer_options(fuzzer_path): """Sets sanitizer options based on .options file overrides and what this script requires.""" engine_common.process_sanitizer_options_overrides(fuzzer_path) sanitizer_options_var = environment.get_current_memory_tool_var() sanitizer_options = environment.get_memory_tool_options( sanitizer_options_var, {}) sanitizer_options['exitcode'] = constants.TARGET_ERROR_EXITCODE environment.set_memory_tool_options(sanitizer_options_var, sanitizer_options)
def _set_dedup_flags(): """Allow libFuzzer to do its own crash comparison during minimization.""" memory_tool_options = environment.get_memory_tool_options( memory_tool_options_var) memory_tool_options['symbolize'] = 1 memory_tool_options['dedup_token_length'] = 3 environment.set_memory_tool_options(memory_tool_options_var, memory_tool_options)
def _setup_memory_tools_environment(testcase): """Set up environment for various memory tools used.""" env = testcase.get_metadata('env') if not env: environment.reset_current_memory_tool_options( redzone_size=testcase.redzone) return for options_name, options_value in six.iteritems(env): if not options_value: environment.remove_key(options_name) continue environment.set_memory_tool_options(options_name, options_value)
def process_sanitizer_options(self): """Process sanitizer options overrides.""" if not self.fuzzer_options: return # Only need to look as ASan, as that's what we prune with. overrides = self.fuzzer_options.get_asan_options() if not overrides: return asan_options = environment.get_memory_tool_options("ASAN_OPTIONS") asan_options.update(overrides) environment.set_memory_tool_options("ASAN_OPTIONS", asan_options)
def process_sanitizer_options_overrides(fuzzer_path): """Applies sanitizer option overrides from .options file.""" fuzzer_options = options.get_fuzz_target_options(fuzzer_path) if not fuzzer_options: return asan_options = environment.get_memory_tool_options('ASAN_OPTIONS', {}) msan_options = environment.get_memory_tool_options('MSAN_OPTIONS', {}) ubsan_options = environment.get_memory_tool_options('UBSAN_OPTIONS', {}) hwasan_options = environment.get_memory_tool_options('HWASAN_OPTIONS', {}) asan_overrides = fuzzer_options.get_asan_options() if asan_options and asan_overrides: asan_options.update(asan_overrides) environment.set_memory_tool_options('ASAN_OPTIONS', asan_options) msan_overrides = fuzzer_options.get_msan_options() if msan_options and msan_overrides: msan_options.update(msan_overrides) environment.set_memory_tool_options('MSAN_OPTIONS', msan_options) ubsan_overrides = fuzzer_options.get_ubsan_options() if ubsan_options and ubsan_overrides: ubsan_options.update(ubsan_overrides) environment.set_memory_tool_options('UBSAN_OPTIONS', ubsan_options) hwasan_overrides = fuzzer_options.get_hwasan_options() if hwasan_options and hwasan_overrides: hwasan_options.update(hwasan_overrides) environment.set_memory_tool_options('HWASAN_OPTIONS', hwasan_options)