oss-fuzz icon indicating copy to clipboard operation
oss-fuzz copied to clipboard
verified publisher icon google

infra: add support for non-persistent mode AFL

Open DavidKorczynski opened this issue 3 years ago • 2 comments

Also adds an example of using it.

DavidKorczynski avatar Mar 01 '22 19:03 DavidKorczynski

@vanhauser-thc I would like to add some fuzzers that uses non-persistent afl++ fuzzing, and by the looks of it this could be achieved without major changes. I added a simple example from binutils (but have some other examples to include down the line). Could you give this a review?

DavidKorczynski avatar Mar 01 '22 19:03 DavidKorczynski

Related: https://github.com/google/oss-fuzz/issues/7347

jonathanmetzman avatar Mar 02 '22 06:03 jonathanmetzman

lgtm except for my main gripe

will fix this up shortly.

Do you prefer for me to remake this as a PR on a non-fork?

DavidKorczynski avatar Oct 20 '22 15:10 DavidKorczynski

Do you prefer for me to remake this as a PR on a non-fork?

Could you clarify this, not sure what it means?

jonathanmetzman avatar Oct 20 '22 16:10 jonathanmetzman

Could you clarify this, not sure what it means?

Ref: https://github.com/google/oss-fuzz/pull/7351#issuecomment-1241314536

If I should make this as a branch on github.com/google/oss-fuzz instead of github.com/DavidKorczynski/oss-fuzz so you can run trial builds?

DavidKorczynski avatar Oct 20 '22 21:10 DavidKorczynski

Could you clarify this, not sure what it means?

Ref: #7351 (comment)

If I should make this as a branch on github.com/google/oss-fuzz instead of github.com/DavidKorczynski/oss-fuzz so you can run trial builds?

Sorry for the late reply. We can run trial builds on forks now.

jonathanmetzman avatar Oct 31 '22 18:10 jonathanmetzman

lgtm except for my main gripe

Fixed check if the binary doesn't contain ##SIG_AFL_PERSISTENT## and then treat it as non-persistent. in base runner. Can confirm it works.

DavidKorczynski avatar Oct 31 '22 19:10 DavidKorczynski

It would be great if it was possible to resurrect this PR. The systemd project added a test based on a corpus produced by AFL++ in https://github.com/systemd/systemd/pull/27458 the other day. It kind of works but the problem is that the binary has to be built and run manually elsewhere to be able to keep the corpus up to date. It would be easier if it was possible to offload that onto OSS-Fuzz.

evverx avatar May 02 '23 13:05 evverx

Before I forget apart from systemd I think elfutils could benefit from this too. Its fuzz targets have blind spots: https://sourceware.org/pipermail/elfutils-devel/2023q1/005957.html and the easiest way to cover them would be to fuzz the binaries. (admittedly it wouldn't be the most efficient way to fuzz it though but until proper fuzz targets are implemented this approach could be used instead).

evverx avatar May 07 '23 15:05 evverx