alwin.berger/FRET-LibAFL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
FRET-LibAFL/fuzzers/qemu_launcher
History
Patrick Gersch cf9c4188c0
Disabling qemu dependecies for qemu fullsystem (#737) 
* Disabling qemu dependecies by default

* Adding full emulation_mode support

* Removing usermode from libafl_qemu default features

* Fixing refactoring

* Fixing typo in systemmode

* Fixing clippy:needless-borrow

* Mark libafl_load/save_qemu_snapshot as unused + cpu_reset

* Fixing clippy::needless-borrow

* Fixing needless-borrow yet again

* reset_cpu -> cpu_reset

* Fixing github workflow yet again

* Fixing clippy::uninlined-format-args

* Adding current libafl_qemu_bridge

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
2022-10-25 14:16:11 +02:00
..
corpus
Bump to 0.7
2021-12-01 17:22:09 +01:00
src
Implement thread-safe AsanGiovese in Rust with snapshots support (#851)
2022-10-25 09:48:59 +02:00
.gitignore
Fixing CI from #559 (#580)
2022-03-29 14:57:38 +02:00
Cargo.toml
Disabling qemu dependecies for qemu fullsystem (#737)
2022-10-25 14:16:11 +02:00
harness.cc
Format C/Cpp code in ./scripts/fmt_all.sh (#653)
2022-05-29 03:23:02 +02:00
Makefile.toml
Move build_id to bolts (#649)
2022-05-27 01:05:03 +02:00
README.md
Bump to 0.7
2021-12-01 17:22:09 +01:00

README.md

Libfuzzer for libpng, with launcher

This folder contains an example fuzzer for libpng, using LLMP for fast multi-process fuzzing and crash detection. To show off crash detection, we added a ud2 instruction to the harness, edit harness.cc if you want a non-crashing example. It has been tested on Linux.

In contrast to the normal libfuzzer libpng example, this uses the launcher feature, that automatically spawns n child processes, and binds them to a free core.

Build

To build this example, run

cargo build --release

This will build the library with the fuzzer (src/lib.rs) with the libfuzzer compatibility layer and the SanitizerCoverage runtime functions for coverage feedback. In addition, it will also build two C and C++ compiler wrappers (bin/libafl_c(libafl_c/xx).rs) that you must use to compile the target.

Then download libpng, and unpack the archive:

wget https://deac-fra.dl.sourceforge.net/project/libpng/libpng16/1.6.37/libpng-1.6.37.tar.xz
tar -xvf libpng-1.6.37.tar.xz

Now compile libpng, using the libafl_cc compiler wrapper:

cd libpng-1.6.37
./configure
make CC=../target/release/libafl_cc CXX=../target/release/libafl_cxx -j `nproc`

You can find the static lib at libpng-1.6.37/.libs/libpng16.a.

Now, we have to build the libfuzzer harness and link all together to create our fuzzer binary.

cd ..
./target/release/libafl_cxx ./harness.cc libpng-1.6.37/.libs/libpng16.a -I libpng-1.6.37/ -o fuzzer_libpng -lz -lm

Afterwards, the fuzzer will be ready to run.

Run

Just run once, the launcher feature should do the rest.