"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "hfuzz_cc/hfuzz-cc.c" between
honggfuzz-2.1.tar.gz and honggfuzz-2.2.tar.gz

About: honggfuzz is a security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with powerful analysis options.

hfuzz-cc.c  (honggfuzz-2.1):hfuzz-cc.c  (honggfuzz-2.2)
skipping to change at line 25 skipping to change at line 25
#include "honggfuzz.h" #include "honggfuzz.h"
#include "libhfcommon/common.h" #include "libhfcommon/common.h"
#include "libhfcommon/files.h" #include "libhfcommon/files.h"
#include "libhfcommon/log.h" #include "libhfcommon/log.h"
#include "libhfcommon/util.h" #include "libhfcommon/util.h"
#define ARGS_MAX 4096 #define ARGS_MAX 4096
static bool isCXX = false; static bool isCXX = false;
static bool isGCC = false; static bool isGCC = false;
static bool usePCGuard = true;
static bool hasCmdLineFSanitizeFuzzer = false;
/* Embed libhf/.a inside this binary */ /* Embed libhf/.a inside this binary */
__asm__("\n" __asm__("\n"
" .global lhfuzz_start\n" " .global lhfuzz_start\n"
" .global lhfuzz_end\n" " .global lhfuzz_end\n"
"lhfuzz_start:\n" "lhfuzz_start:\n"
" .incbin \"libhfuzz/libhfuzz.a\"\n" " .incbin \"libhfuzz/libhfuzz.a\"\n"
"lhfuzz_end:\n" "lhfuzz_end:\n"
"\n" "\n"
" .global lhfnetdriver_start\n" " .global lhfnetdriver_start\n"
skipping to change at line 110 skipping to change at line 112
if (strcmp(argv[i], "-E") == 0) { if (strcmp(argv[i], "-E") == 0) {
return false; return false;
} }
if (strcmp(argv[i], "-S") == 0) { if (strcmp(argv[i], "-S") == 0) {
return false; return false;
} }
} }
return true; return true;
} }
static bool isFSanitizeFuzzer(int argc, char** argv) { static bool hasFSanitizeFuzzer(int argc, char** argv) {
for (int i = 1; i < argc; i++) { for (int i = 1; i < argc; i++) {
if (util_strStartsWith(argv[i], "-fsanitize=") && strstr(argv[i], "fuzze r")) { if (util_strStartsWith(argv[i], "-fsanitize=") && strstr(argv[i], "fuzze r")) {
return true; return true;
} }
} }
return false; return false;
} }
static int hf_execvp(const char* file, char** argv) { static int hf_execvp(const char* file, char** argv) {
argv[0] = (char*)file; argv[0] = (char*)file;
skipping to change at line 163 skipping to change at line 165
if (isCXX) { if (isCXX) {
hf_execvp("g++", argv); hf_execvp("g++", argv);
hf_execvp("gcc", argv); hf_execvp("gcc", argv);
} else { } else {
hf_execvp("gcc", argv); hf_execvp("gcc", argv);
} }
} else { } else {
if (isCXX) { if (isCXX) {
/* Try the default one, then the newest ones (hopefully) in order */ /* Try the default one, then the newest ones (hopefully) in order */
hf_execvp("clang++", argv); hf_execvp("clang++", argv);
hf_execvp("clang++-devel", argv); hf_execvp("clang++-11.0", argv);
hf_execvp("clang++-11", argv);
hf_execvp("clang++11", argv);
hf_execvp("clang++-10.0", argv); hf_execvp("clang++-10.0", argv);
hf_execvp("clang++-10", argv); hf_execvp("clang++-10", argv);
hf_execvp("clang++10", argv);
hf_execvp("clang++-9.0", argv); hf_execvp("clang++-9.0", argv);
hf_execvp("clang++-9", argv); hf_execvp("clang++-9", argv);
hf_execvp("clang++9", argv);
hf_execvp("clang++-8.0", argv); hf_execvp("clang++-8.0", argv);
hf_execvp("clang++-8", argv); hf_execvp("clang++-8", argv);
hf_execvp("clang++8", argv);
hf_execvp("clang++-7.0", argv); hf_execvp("clang++-7.0", argv);
hf_execvp("clang++-7", argv); hf_execvp("clang++-7", argv);
hf_execvp("clang++-6.0", argv); hf_execvp("clang++7", argv);
hf_execvp("clang++-6", argv);
hf_execvp("clang++-5.0", argv);
hf_execvp("clang++-5", argv);
hf_execvp("clang", argv); hf_execvp("clang", argv);
} else { } else {
/* Try the default one, then the newest ones (hopefully) in order */ /* Try the default one, then the newest ones (hopefully) in order */
hf_execvp("clang", argv); hf_execvp("clang", argv);
hf_execvp("clang-devel", argv); hf_execvp("clang-11.0", argv);
hf_execvp("clang-11", argv);
hf_execvp("clang11", argv);
hf_execvp("clang-10.0", argv); hf_execvp("clang-10.0", argv);
hf_execvp("clang-10", argv); hf_execvp("clang-10", argv);
hf_execvp("clang10", argv);
hf_execvp("clang-9.0", argv); hf_execvp("clang-9.0", argv);
hf_execvp("clang-9", argv); hf_execvp("clang-9", argv);
hf_execvp("clang9", argv);
hf_execvp("clang-8.0", argv); hf_execvp("clang-8.0", argv);
hf_execvp("clang-8", argv); hf_execvp("clang-8", argv);
hf_execvp("clang8", argv);
hf_execvp("clang-7.0", argv); hf_execvp("clang-7.0", argv);
hf_execvp("clang-7", argv); hf_execvp("clang-7", argv);
hf_execvp("clang-6.0", argv); hf_execvp("clang7", argv);
hf_execvp("clang-6", argv);
hf_execvp("clang-5.0", argv);
hf_execvp("clang-5", argv);
} }
} }
PLOG_F("execvp('%s')", argv[0]); PLOG_F("execvp('%s')", argv[0]);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
/* It'll point back to the libhfuzz's source tree */ /* It'll point back to the libhfuzz's source tree */
char* getIncPaths(void) { char* getIncPaths(void) {
#if !defined(_HFUZZ_INC_PATH) #if !defined(_HFUZZ_INC_PATH)
skipping to change at line 299 skipping to change at line 305
static char path[PATH_MAX] = {}; static char path[PATH_MAX] = {};
if (path[0]) { if (path[0]) {
return path; return path;
} }
if (!getLibPath("libhfuzz", "HFUZZ_LHFCOMMON_PATH", &lhfcommon_start, &lhfco mmon_end, path)) { if (!getLibPath("libhfuzz", "HFUZZ_LHFCOMMON_PATH", &lhfcommon_start, &lhfco mmon_end, path)) {
LOG_F("Couldn't create the temporary libhcommon.a"); LOG_F("Couldn't create the temporary libhcommon.a");
} }
return path; return path;
} }
static void commonOpts(int* j, char** args) { static void commonPreOpts(int* j, char** args) {
args[(*j)++] = getIncPaths(); args[(*j)++] = getIncPaths();
if (isGCC) {
if (useBelowGCC8()) { if (!isGCC) {
/* trace-pc is the best that gcc-6/7 currently offers */
args[(*j)++] = "-fsanitize-coverage=trace-pc";
} else {
/* gcc-8+ offers trace-cmp as well, but it's not that widely used ye
t */
args[(*j)++] = "-fsanitize-coverage=trace-pc,trace-cmp";
}
} else {
args[(*j)++] = "-Wno-unused-command-line-argument"; args[(*j)++] = "-Wno-unused-command-line-argument";
args[(*j)++] = "-fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div,i
ndirect-calls";
args[(*j)++] = "-mllvm";
args[(*j)++] = "-sanitizer-coverage-prune-blocks=1";
} }
/* /*
* Make the execution flow more explicit, allowing for more code blocks * Make the execution flow more explicit, allowing for more code blocks
* (and better code coverage estimates) * (and better code coverage estimates)
*/ */
args[(*j)++] = "-fno-inline"; if (isGCC) {
args[(*j)++] = "-finline-limit=4000";
} else {
args[(*j)++] = "-mllvm";
args[(*j)++] = "-inline-threshold=2000";
}
args[(*j)++] = "-fno-builtin"; args[(*j)++] = "-fno-builtin";
args[(*j)++] = "-fno-omit-frame-pointer"; args[(*j)++] = "-fno-omit-frame-pointer";
args[(*j)++] = "-D__NO_STRING_INLINES"; args[(*j)++] = "-D__NO_STRING_INLINES";
/* Make it possible to use the libhfnetdriver */ /* Make it possible to use the libhfnetdriver */
args[(*j)++] = "-DHFND_FUZZING_ENTRY_FUNCTION_CXX(x,y)=" args[(*j)++] = "-DHFND_FUZZING_ENTRY_FUNCTION_CXX(x,y)="
"extern const char* LIBHFNETDRIVER_module_netdriver;" "extern const char* LIBHFNETDRIVER_module_netdriver;"
"const char** LIBHFNETDRIVER_tmp1 = &LIBHFNETDRIVER_module_ne tdriver;" "const char** LIBHFNETDRIVER_tmp1 = &LIBHFNETDRIVER_module_ne tdriver;"
"extern \"C\" int HonggfuzzNetDriver_main(x,y);" "extern \"C\" int HonggfuzzNetDriver_main(x,y);"
"int HonggfuzzNetDriver_main(x,y)"; "int HonggfuzzNetDriver_main(x,y)";
skipping to change at line 342 skipping to change at line 343
"extern const char* LIBHFNETDRIVER_module_netdriver;" "extern const char* LIBHFNETDRIVER_module_netdriver;"
"const char** LIBHFNETDRIVER_tmp1 = &LIBHFNETDRIVER_module_ne tdriver;" "const char** LIBHFNETDRIVER_tmp1 = &LIBHFNETDRIVER_module_ne tdriver;"
"int HonggfuzzNetDriver_main(x,y);" "int HonggfuzzNetDriver_main(x,y);"
"int HonggfuzzNetDriver_main(x,y)"; "int HonggfuzzNetDriver_main(x,y)";
if (useM32()) { if (useM32()) {
args[(*j)++] = "-m32"; args[(*j)++] = "-m32";
} }
} }
static void commonPostOpts(int* j, char** args) {
if (isGCC) {
if (useBelowGCC8()) {
/* trace-pc is the best that gcc-6/7 currently offers */
args[(*j)++] = "-fsanitize-coverage=trace-pc";
} else {
/* gcc-8+ offers trace-cmp as well, but it's not that widely used ye
t */
args[(*j)++] = "-fsanitize-coverage=trace-pc,trace-cmp";
}
} else {
if (usePCGuard) {
if (hasCmdLineFSanitizeFuzzer) {
args[(*j)++] = "-fno-sanitize=fuzzer";
args[(*j)++] = "-fno-sanitize=fuzzer-no-link";
}
args[(*j)++] = "-fsanitize-coverage=trace-pc-guard,trace-cmp,trace-d
iv,indirect-calls";
} else {
args[(*j)++] = "-fno-sanitize-coverage=trace-pc-guard";
args[(*j)++] = "-fno-sanitize=fuzzer";
args[(*j)++] = "-fsanitize=fuzzer-no-link";
args[(*j)++] = "-fsanitize-coverage=trace-cmp,trace-div,indirect-cal
ls";
}
}
}
static int ccMode(int argc, char** argv) { static int ccMode(int argc, char** argv) {
char* args[ARGS_MAX]; char* args[ARGS_MAX];
int j = 0; int j = 0;
if (isCXX) { if (isCXX) {
args[j++] = "c++"; args[j++] = "c++";
} else { } else {
args[j++] = "cc"; args[j++] = "cc";
} }
commonOpts(&j, args); commonPreOpts(&j, args);
for (int i = 1; i < argc; i++) { for (int i = 1; i < argc; i++) {
args[j++] = argv[i]; args[j++] = argv[i];
} }
/* Disable -fsanitize=fuzzer */ commonPostOpts(&j, args);
if (isFSanitizeFuzzer(argc, argv)) {
args[j++] = "-fno-sanitize=fuzzer";
}
return execCC(j, args); return execCC(j, args);
} }
static int ldMode(int argc, char** argv) { static int ldMode(int argc, char** argv) {
char* args[ARGS_MAX]; char* args[ARGS_MAX];
int j = 0; int j = 0;
if (isCXX) { if (isCXX) {
args[j++] = "c++"; args[j++] = "c++";
} else { } else {
args[j++] = "cc"; args[j++] = "cc";
} }
commonOpts(&j, args); commonPreOpts(&j, args);
/* MacOS X linker doesn't like those */ /* MacOS X linker doesn't like those */
#ifndef _HF_ARCH_DARWIN #ifndef _HF_ARCH_DARWIN
/* Intercept common *cmp functions */ /* Intercept common *cmp functions */
args[j++] = "-Wl,--wrap=strcmp"; args[j++] = "-Wl,--wrap=strcmp";
args[j++] = "-Wl,--wrap=strcasecmp"; args[j++] = "-Wl,--wrap=strcasecmp";
args[j++] = "-Wl,--wrap=stricmp";
args[j++] = "-Wl,--wrap=strncmp"; args[j++] = "-Wl,--wrap=strncmp";
args[j++] = "-Wl,--wrap=strncasecmp"; args[j++] = "-Wl,--wrap=strncasecmp";
args[j++] = "-Wl,--wrap=strnicmp";
args[j++] = "-Wl,--wrap=strstr"; args[j++] = "-Wl,--wrap=strstr";
args[j++] = "-Wl,--wrap=strcasestr"; args[j++] = "-Wl,--wrap=strcasestr";
args[j++] = "-Wl,--wrap=memcmp"; args[j++] = "-Wl,--wrap=memcmp";
args[j++] = "-Wl,--wrap=bcmp"; args[j++] = "-Wl,--wrap=bcmp";
args[j++] = "-Wl,--wrap=memmem"; args[j++] = "-Wl,--wrap=memmem";
args[j++] = "-Wl,--wrap=strcpy"; args[j++] = "-Wl,--wrap=strcpy";
/* Apache's httpd mem/str cmp functions */ /* Apache httpd */
args[j++] = "-Wl,--wrap=ap_cstr_casecmp"; args[j++] = "-Wl,--wrap=ap_cstr_casecmp";
args[j++] = "-Wl,--wrap=ap_cstr_casecmpn"; args[j++] = "-Wl,--wrap=ap_cstr_casecmpn";
args[j++] = "-Wl,--wrap=ap_strcasestr"; args[j++] = "-Wl,--wrap=ap_strcasestr";
args[j++] = "-Wl,--wrap=apr_cstr_casecmp"; args[j++] = "-Wl,--wrap=apr_cstr_casecmp";
args[j++] = "-Wl,--wrap=apr_cstr_casecmpn"; args[j++] = "-Wl,--wrap=apr_cstr_casecmpn";
/* Frequently used time-constant *SSL functions */ /* *SSL */
args[j++] = "-Wl,--wrap=CRYPTO_memcmp"; args[j++] = "-Wl,--wrap=CRYPTO_memcmp";
args[j++] = "-Wl,--wrap=OPENSSL_memcmp"; args[j++] = "-Wl,--wrap=OPENSSL_memcmp";
args[j++] = "-Wl,--wrap=OPENSSL_strcasecmp"; args[j++] = "-Wl,--wrap=OPENSSL_strcasecmp";
args[j++] = "-Wl,--wrap=OPENSSL_strncasecmp"; args[j++] = "-Wl,--wrap=OPENSSL_strncasecmp";
args[j++] = "-Wl,--wrap=memcmpct"; args[j++] = "-Wl,--wrap=memcmpct";
/* Frequently used libXML2 functions */ /* libXML2 */
args[j++] = "-Wl,--wrap=xmlStrncmp"; args[j++] = "-Wl,--wrap=xmlStrncmp";
args[j++] = "-Wl,--wrap=xmlStrcmp"; args[j++] = "-Wl,--wrap=xmlStrcmp";
args[j++] = "-Wl,--wrap=xmlStrEqual"; args[j++] = "-Wl,--wrap=xmlStrEqual";
args[j++] = "-Wl,--wrap=xmlStrcasecmp"; args[j++] = "-Wl,--wrap=xmlStrcasecmp";
args[j++] = "-Wl,--wrap=xmlStrncasecmp"; args[j++] = "-Wl,--wrap=xmlStrncasecmp";
args[j++] = "-Wl,--wrap=xmlStrstr"; args[j++] = "-Wl,--wrap=xmlStrstr";
args[j++] = "-Wl,--wrap=xmlStrcasestr"; args[j++] = "-Wl,--wrap=xmlStrcasestr";
/* Some Samba functions */ /* Samba */
args[j++] = "-Wl,--wrap=memcmp_const_time"; args[j++] = "-Wl,--wrap=memcmp_const_time";
args[j++] = "-Wl,--wrap=strcsequal"; args[j++] = "-Wl,--wrap=strcsequal";
/* LittleCMS */
args[j++] = "-Wl,--wrap=cmsstrcasecmp";
/* GLib */
args[j++] = "-Wl,--wrap=g_strcmp0";
args[j++] = "-Wl,--wrap=g_strcasecmp";
args[j++] = "-Wl,--wrap=g_strncasecmp";
args[j++] = "-Wl,--wrap=g_strstr_len";
args[j++] = "-Wl,--wrap=g_ascii_strcasecmp";
args[j++] = "-Wl,--wrap=g_ascii_strncasecmp";
args[j++] = "-Wl,--wrap=g_str_has_prefix";
args[j++] = "-Wl,--wrap=g_str_has_suffix";
/* CUrl */
args[j++] = "-Wl,--wrap=Curl_strcasecompare";
args[j++] = "-Wl,--wrap=curl_strequal";
args[j++] = "-Wl,--wrap=Curl_safe_strcasecompare";
args[j++] = "-Wl,--wrap=Curl_strncasecompare";
args[j++] = "-Wl,--wrap=curl_strnequal";
#endif /* _HF_ARCH_DARWIN */ #endif /* _HF_ARCH_DARWIN */
/* Pull modules defining the following symbols (if they exist) */ /* Pull modules defining the following symbols (if they exist) */
#ifdef _HF_ARCH_DARWIN #ifdef _HF_ARCH_DARWIN
args[j++] = "-Wl,-U,_HonggfuzzNetDriver_main"; args[j++] = "-Wl,-U,_HonggfuzzNetDriver_main";
args[j++] = "-Wl,-U,_LIBHFUZZ_module_instrument"; args[j++] = "-Wl,-U,_LIBHFUZZ_module_instrument";
args[j++] = "-Wl,-U,_LIBHFUZZ_module_memorycmp"; args[j++] = "-Wl,-U,_LIBHFUZZ_module_memorycmp";
#else /* _HF_ARCH_DARWIN */ #else /* _HF_ARCH_DARWIN */
args[j++] = "-Wl,-u,HonggfuzzNetDriver_main"; args[j++] = "-Wl,-u,HonggfuzzNetDriver_main";
args[j++] = "-Wl,-u,LIBHFUZZ_module_instrument"; args[j++] = "-Wl,-u,LIBHFUZZ_module_instrument";
args[j++] = "-Wl,-u,LIBHFUZZ_module_memorycmp"; args[j++] = "-Wl,-u,LIBHFUZZ_module_memorycmp";
#endif /* _HF_ARCH_DARWIN */ #endif /* _HF_ARCH_DARWIN */
for (int i = 1; i < argc; i++) { for (int i = 1; i < argc; i++) {
args[j++] = argv[i]; args[j++] = argv[i];
} }
/* Reference standard honggfuzz libraries (libhfuzz and libhfnetdriver) */ /* Reference standard honggfuzz libraries first (libhfuzz, libhfcommon and l ibhfnetdriver) */
args[j++] = getLibHFNetDriverPath(); args[j++] = getLibHFNetDriverPath();
args[j++] = getLibHFuzzPath(); args[j++] = getLibHFuzzPath();
args[j++] = getLibHFCommonPath(); args[j++] = getLibHFCommonPath();
/* Needed by the libhfcommon */ /* Needed by libhfcommon */
args[j++] = "-pthread"; args[j++] = "-pthread";
#if !defined(__NetBSD__)
args[j++] = "-ldl"; args[j++] = "-ldl";
#endif /* !defined(__NetBSD__) */
#if !defined(_HF_ARCH_DARWIN) && !defined(__OpenBSD__) #if !defined(_HF_ARCH_DARWIN) && !defined(__OpenBSD__)
args[j++] = "-lrt"; args[j++] = "-lrt";
#endif /* !defined(_HF_ARCH_DARWIN) && !defined(__OpenBSD__) */ #endif /* !defined(_HF_ARCH_DARWIN) && !defined(__OpenBSD__) */
#if defined(__ANDROID__) #if defined(__ANDROID__)
args[j++] = "-latomic"; args[j++] = "-latomic";
#endif #endif
/* Disable -fsanitize=fuzzer */ commonPostOpts(&j, args);
if (isFSanitizeFuzzer(argc, argv)) {
args[j++] = "-fno-sanitize=fuzzer";
}
return execCC(j, args); return execCC(j, args);
} }
static bool baseNameContains(const char* path, const char* str) { static bool baseNameContains(const char* path, const char* str) {
if (strstr(_basename(path), str)) { if (strstr(_basename(path), str)) {
return true; return true;
} }
return false; return false;
} }
skipping to change at line 471 skipping to change at line 512
int main(int argc, char** argv) { int main(int argc, char** argv) {
if (baseNameContains(argv[0], "++")) { if (baseNameContains(argv[0], "++")) {
isCXX = true; isCXX = true;
} }
if (baseNameContains(argv[0], "-gcc")) { if (baseNameContains(argv[0], "-gcc")) {
isGCC = true; isGCC = true;
} }
if (baseNameContains(argv[0], "-g++")) { if (baseNameContains(argv[0], "-g++")) {
isGCC = true; isGCC = true;
} }
if (baseNameContains(argv[0], "-pcguard-")) {
usePCGuard = true;
}
if (baseNameContains(argv[0], "-8bitcnt-")) {
usePCGuard = false;
}
hasCmdLineFSanitizeFuzzer = hasFSanitizeFuzzer(argc, argv);
if (argc <= 1) { if (argc <= 1) {
return execCC(argc, argv); return execCC(argc, argv);
} }
if (argc > (ARGS_MAX - 128)) { if (argc > (ARGS_MAX - 128)) {
LOG_F("'%s': Too many positional arguments: %d", argv[0], argc); LOG_F("'%s': Too many positional arguments: %d", argv[0], argc);
return EXIT_FAILURE; return EXIT_FAILURE;
} }
if (isLDMode(argc, argv)) { if (isLDMode(argc, argv)) {
return ldMode(argc, argv); return ldMode(argc, argv);
 End of changes. 33 change blocks. 
43 lines changed or deleted 93 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)