# Variables [env] FUZZER_NAME='libpng_harness' FUZZER_NAME_CRASHING='libpng_harness_crashing' PROJECT_DIR = { script = ["pwd"] } CROSS_CC = "arm-linux-gnueabi-gcc" [tasks.unsupported] script_runner="@shell" script=''' echo "Qemu fuzzer not supported on windows/mac" ''' #zlib [tasks.zlib] linux_alias = "zlib_unix" mac_alias = "unsupported" windows_alias = "unsupported" [tasks.zlib_unix_wget] condition = { files_not_exist = [ "./zlib-1.2.12" ] } script_runner="@shell" # NOTE: There's no specific reason we're using an old version of zlib, # but newer versions get moved to fossils/ after a while. script=''' wget https://zlib.net/fossils/zlib-1.2.12.tar.gz tar -xvf zlib-1.2.12.tar.gz ''' [tasks.zlib_unix] condition = { files_not_exist = [ "./zlib-1.2.12/zlib/lib/libz.a" ] } script_runner="@shell" script=''' cd zlib-1.2.12 && CC=$CROSS_CC ./configure --prefix=./zlib make install ''' dependencies = [ "zlib_unix_wget" ] # libpng [tasks.libpng] linux_alias = "libpng_unix" mac_alias = "unsupported" windows_alias = "unsupported" [tasks.libpng_unix_wget] condition = { files_not_exist = [ "./libpng-1.6.37" ] } script_runner="@shell" script=''' wget https://deac-fra.dl.sourceforge.net/project/libpng/libpng16/1.6.37/libpng-1.6.37.tar.xz tar -xvf libpng-1.6.37.tar.xz ''' [tasks.libpng_unix] condition = { files_not_exist = [ "./libpng-1.6.37/.libs/libpng16.a" ] } script_runner="@shell" script=''' cd libpng-1.6.37 && CC=$CROSS_CC CFLAGS=-I../zlib-1.2.12/zlib/lib LDFLAGS=-L../zlib-1.2.12/zlib/lib ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes --host=arm make ''' dependencies = [ "zlib", "libpng_unix_wget" ] # fuzzer [tasks.fuzzer] linux_alias = "fuzzer_unix" mac_alias = "fuzzer_unix" windows_alias = "unsupported" [tasks.fuzzer_unix] command = "cargo" args = ["build", "--release"] # Harness [tasks.harness] linux_alias = "harness_unix" mac_alias = "unsupported" windows_alias = "unsupported" [tasks.harness_unix] script_runner="@shell" script=''' # Build the libpng harness arm-linux-gnueabi-g++ \ ./harness.cc \ ./libpng-1.6.37/.libs/libpng16.a \ ./zlib-1.2.12/zlib/lib/libz.a \ -I./libpng-1.6.37/ \ -I../zlib-1.2.12/zlib/lib \ -L../zlib-1.2.12/zlib/lib \ -o ${FUZZER_NAME} \ -lm \ -static ''' dependencies = [ "libpng" ] # Run the fuzzer [tasks.run] linux_alias = "run_unix" mac_alias = "run_unix" windows_alias = "unsupported" [tasks.run_unix] command = "cargo" args = ["run", "--release", "./${FUZZER_NAME}"] dependencies = [ "harness", "fuzzer" ] # Harness with an artifical crash [tasks.harness_crashing] linux_alias = "harness_unix_crashing" mac_alias = "unsupported" windows_alias = "unsupported" [tasks.harness_unix_crashing] script_runner="@shell" script=''' # Build the libpng harness arm-linux-gnueabi-g++ \ ./harness.cc \ ./libpng-1.6.37/.libs/libpng16.a \ ./zlib-1.2.12/zlib/lib/libz.a \ -I./libpng-1.6.37/ \ -I../zlib-1.2.12/zlib/lib \ -L../zlib-1.2.12/zlib/lib \ -o ${FUZZER_NAME_CRASHING} \ -lm \ -DHAS_DUMMY_CRASH \ -static ''' dependencies = [ "libpng" ] # Run the fuzzer with an artificial crash [tasks.run_crashing] linux_alias = "run_unix_crashing" mac_alias = "unsupported" windows_alias = "unsupported" [tasks.run_unix_crashing] command = "cargo" args = ["run", "--release", "./${FUZZER_NAME_CRASHING}"] dependencies = [ "harness_crashing", "fuzzer" ] # Run the fuzzer [tasks.test] linux_alias = "test_unix" mac_alias = "test_unix" windows_alias = "unsupported" # Short test [tasks.test_unix] script_runner = "@shell" script=''' rm -rf libafl_unix_shmem_server || true timeout 11s cargo run --release ./${FUZZER_NAME} 2>/dev/null & ''' dependencies = [ "harness", "fuzzer" ] # Clean up [tasks.clean] linux_alias = "clean_unix" mac_alias = "clean_unix" windows_alias = "unsupported" [tasks.clean_unix] # Disable default `clean` definition clear = true script_runner="@shell" script=''' rm -f ./${FUZZER_NAME} rm -f ./${FUZZER_NAME_CRASHING} rm -rf zlib-* rm -rf libpng-* cargo clean '''