alwin.berger/FRET-LibAFL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
FRET-LibAFL/fuzzers/inprocess/libfuzzer_libpng_centralized/README.md
Romain Malmain c944a70056
Linux kernel fuzzing example (#2496) 
* linux kernel (x509_cert) and process fuzzing example

* rework filters

* update to latest qemu

* working for process and kernel fuzzing

* new i2s mutator for binary only fuzzers

* refactoring modules with new filtering interface

* add state as parameter of harness

* hide unused global in usermode

* Script for stub bindings generation

* do not try to check whether it is worth generating the bindings, always
  generate when the env variable is on.

* add taplo to fmt_all.sh

* Moved fuzzers (again) in a target-centric way.

* fix rust 2024 warnings.

* new libafl_qemu harness structure.

* rename qemu_systemmode into qemu_baremetal

* fix qemu baremetal makefile

* fix formatter

---------

Co-authored-by: Toka <tokazerkje@outlook.com>
2024-09-26 14:29:33 +02:00

1.5 KiB
Raw Permalink Blame History

Libfuzzer for libpng, with launcher

This folder contains an example fuzzer for libpng, using LLMP for fast multi-process fuzzing and crash detection. To show off crash detection, we added a ud2 instruction to the harness, edit harness.cc if you want a non-crashing example. It has been tested on Linux.

In contrast to the normal libfuzzer libpng example, this uses the launcher feature, that automatically spawns n child processes, and binds them to a free core.

Build

To build this example, run

cargo build --release

This will build the library with the fuzzer (src/lib.rs) with the libfuzzer compatibility layer and the SanitizerCoverage runtime functions for coverage feedback. In addition, it will also build two C and C++ compiler wrappers (bin/libafl_c(libafl_c/xx).rs) that you must use to compile the target.

Then download libpng, and unpack the archive:

wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz
tar -xvf v1.6.37.tar.gz

Now compile libpng, using the libafl_cc compiler wrapper:

cd libpng-1.6.37
./configure
make CC=../target/release/libafl_cc CXX=../target/release/libafl_cxx -j `nproc`

You can find the static lib at libpng-1.6.37/.libs/libpng16.a.

Now, we have to build the libfuzzer harness and link all together to create our fuzzer binary.

cd ..
./target/release/libafl_cxx ./harness.cc libpng-1.6.37/.libs/libpng16.a -I libpng-1.6.37/ -o fuzzer_libpng -lz -lm

Afterwards, the fuzzer will be ready to run.

Run

Just run once, the launcher feature should do the rest.