Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(WiP): Afl gcc #417

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

(WiP): Afl gcc #417

wants to merge 3 commits into from

Conversation

cfcs
Copy link

@cfcs cfcs commented Sep 25, 2019

This PR enables building the tenders with afl-gcc and the unikernels with your regular $CC.

  1. It adds a --dry-run option to SPT which was helpful for fuzzing.
  2. I don't really know what I'm doing re: the configure script. I am not attached to any of the changes, the main thing is making HOSTCC in Makefile.common be able to be different from CC.

I've been using this (for 15 min) to fuzz the spt tender and elftool with these commands:

mkdir fuzz-out fuzz-manifest fuzz-abi

afl-fuzz -i newfuzz-in -o fuzz-out/ -f /dev/shm/foo -t 200 -- ./tenders/spt/solo5-spt --dry-run --mem=2 -- /dev/shm/foo

afl-fuzz -i newfuzz-in -o fuzz-manifest -f /dev/shm/foo.manifest -t 200 -- ./elftool/solo5-elftool query-manifest /dev/shm/foo.manifest

afl-fuzz -i newfuzz-in -o fuzz-abi/ -f /dev/shm/foo.abi -t 500 -- ./elftool/solo5-elftool query-abi /dev/shm/foo.abi

So far it's managed to trigger a few assertions (that's fair), but has not produced any actual crashes (that's good 🎉 )

solo5-spt: common/mft.c:145: mft_type_to_string: Assertion `false' failed.

solo5-spt: spt/spt_core.c:158: spt_guest_mprotect: Assertion `addr_start < addr_end' failed.


solo5-elftool: ../tenders/common/elf.c:476: elf_load_note: Assertion `note_size != 0 && note_size <= nhdr.h.n_descsz' failed.

Sometimes the mft_type_to_string assertions are triggered after solo5-elftool query-manifest has started printing JSON though, which may not be ideal.

@mato mato added enhancement pr/rfc Work in progress or RFC, do not merge labels Oct 24, 2019
@mato mato mentioned this pull request Oct 24, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement pr/rfc Work in progress or RFC, do not merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cfcs @mato