olm/fuzzing/start_fuzzers.sh

119 lines
3.2 KiB
Bash
Raw Normal View History

#!/usr/bin/bash
# Needs to be started in tmux.
script_dir() {
dirname "$(readlink -f "$0")"
}
fuzzer_dir() {
printf '%s/fuzzers\n' "$(script_dir)"
}
fuzzer_list() {
find "$(fuzzer_dir)" -maxdepth 1 -type f \( -name '*.cpp' -or -name '*.c' \) -printf '%P\n' \
| while read -r fuzzer; do
fuzzer="${fuzzer#fuzz_}"
printf '%s\n' "${fuzzer%.c*}"
done
}
usage() {
printf '%s: HARNESS FUZZER\n\n' "$(basename "$0")"
printf ' HARNESS ∈ {\n'
# We want word-splitting here so that each fuzzer ends up as a separate
# argument.
# shellcheck disable=SC2046
printf '%30s,\n' $(fuzzer_list | tr '\n' ' ')
printf ' }\n'
printf ' FUZZER ∈ {afl, afl++}\n'
}
if [[ $# -ne 2 ]]; then
usage
exit 1
fi
case "$2" in
afl++)
export AFL_PATH=/home/dkasak/code/projects/afl/afl++
export AFL_AUTORESUME=1
AFL_ARGS_FUZZER0="-D"
AFL_ARGS_FUZZER1="-L 0"
AFL_ARGS_FUZZER2="-p rare"
AFL_ARGS_FUZZER3="-p fast"
AFL_ARGS_FUZZER4="-p exploit"
AFL_ARGS_FUZZER5="-p explore"
;;
afl)
export AFL_PATH=/usr/bin
;;
*)
printf 'Unknown fuzzer: %s\n' "$2"
exit 1
;;
esac
export AFL=$AFL_PATH/afl-fuzz
export AFL_TMPDIR=/tmp
case "$1" in
group_decrypt)
FUZZER_ARG1="fuzzing/$1/pickled-inbound-group-session.txt"
;;
decrypt)
FUZZER_ARG1="fuzzing/$1/pickled-session.txt"
FUZZER_ARG2="1"
;;
decode_message)
;;
unpickle_session)
;;
unpickle_account)
;;
unpickle_account_test)
;;
unpickle_megolm_outbound)
;;
*)
printf 'Unknown harness: %s\n' "$1"
exit 1
;;
esac
cd "$(script_dir)" || exit 1
# Fuzzer args are deliberately not quoted below so that word-splitting happens.
# This is used so that they expand into nothing in cases where they are missing
# or to expand into multiple arguments from a string definition.
# shellcheck disable=SC2086
tmux new-window -d -n "M" -- \
"$AFL" -i "corpora/$1/in" -o "corpora/$1/out" -M i0 "$AFL_ARGS_FUZZER0" \
-- "../build/fuzzers/fuzz_$1" $FUZZER_ARG1 $FUZZER_ARG2
# shellcheck disable=SC2086
tmux new-window -d -n "S1" -- \
"$AFL" -i "corpora/$1/in" -o "corpora/$1/out" -S i1 "$AFL_ARGS_FUZZER1" \
-- "../build/fuzzers/fuzz_$1" $FUZZER_ARG1 $FUZZER_ARG2
# shellcheck disable=SC2086
tmux new-window -d -n "S2" -- \
"$AFL" -i "corpora/$1/in" -o "corpora/$1/out" -S i2 $AFL_ARGS_FUZZER2 \
-- "../build/fuzzers/fuzz_$1" $FUZZER_ARG1 $FUZZER_ARG2
# shellcheck disable=SC2086
tmux new-window -d -n "S3" -- \
"$AFL" -i "corpora/$1/in" -o "corpora/$1/out" -S i3 $AFL_ARGS_FUZZER3 \
-- "../build/fuzzers/fuzz_$1" $FUZZER_ARG1 $FUZZER_ARG2
# shellcheck disable=SC2086
tmux new-window -d -n "S4" -- \
"$AFL" -i "corpora/$1/in" -o "corpora/$1/out" -S i4 $AFL_ARGS_FUZZER4 \
-- "../build/fuzzers/fuzz_$1_asan" $FUZZER_ARG1 $FUZZER_ARG2
# shellcheck disable=SC2086
tmux new-window -d -n "S5" -- \
"$AFL" -i "corpora/$1/in" -o "corpora/$1/out" -S i5 $AFL_ARGS_FUZZER5 \
-- "../build/fuzzers/fuzz_$1" $FUZZER_ARG1 $FUZZER_ARG2