diff --git a/HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Ata/AhciPei/TestIdentifyAtaDevice.c b/HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Ata/AhciPei/TestIdentifyAtaDevice.c index fa23995..9adb42e 100644 --- a/HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Ata/AhciPei/TestIdentifyAtaDevice.c +++ b/HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Ata/AhciPei/TestIdentifyAtaDevice.c @@ -82,6 +82,7 @@ VOID DeviceIndex = 1; Status = CreateNewDevice (Private, DeviceIndex, 1, 0xFFFF, 0, IdentifyData1); if (EFI_ERROR (Status)) { + FreePool (Private); return; } @@ -145,6 +146,7 @@ VOID DataBuffer ); FreePool (DataBuffer); + FreePool (Private); return; } diff --git a/HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Usb/UsbBusDxe/TestUsb.c b/HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Usb/UsbBusDxe/TestUsb.c index 43a5399..910c0d8 100644 --- a/HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Usb/UsbBusDxe/TestUsb.c +++ b/HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Usb/UsbBusDxe/TestUsb.c @@ -60,6 +60,5 @@ RunTestHarness( Bus.Usb2Hc = Usb2Hc; UsbBuildDescTable (&UsbDev); -} - - + UsbFreeDevice (&UsbDev); + } diff --git a/HBFA/UefiHostFuzzTestCasePkg/UefiHostFuzzTestCasePkg.dsc b/HBFA/UefiHostFuzzTestCasePkg/UefiHostFuzzTestCasePkg.dsc index 4f8bd6d..c5c667a 100644 --- a/HBFA/UefiHostFuzzTestCasePkg/UefiHostFuzzTestCasePkg.dsc +++ b/HBFA/UefiHostFuzzTestCasePkg/UefiHostFuzzTestCasePkg.dsc @@ -145,14 +145,14 @@ Tpm2DeviceStubLib|UefiHostFuzzTestCasePkg/TestStub/Tpm2DeviceLibStub/Tpm2DeviceLibStub.inf } - UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Usb/UsbBusDxe/TestUsb.inf { - - NULL|MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf - } - UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Usb/UsbBusPei/TestPeiUsb.inf { - - NULL|MdeModulePkg/Bus/Usb/UsbBusPei/UsbBusPei.inf - } +# UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Usb/UsbBusDxe/TestUsb.inf { +# +# NULL|MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf +# } +# UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Usb/UsbBusPei/TestPeiUsb.inf { +# +# NULL|MdeModulePkg/Bus/Usb/UsbBusPei/UsbBusPei.inf +# } UefiHostFuzzTestCasePkg/TestCase/SecurityPkg/Library/FmpAuthenticationLibPkcs7/TestFmpAuthenticationLibPkcs7.inf { @@ -165,29 +165,29 @@ BaseCryptLib|UefiHostFuzzTestCasePkg/TestCase/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/CryptoLibStubRsa2048Sha256.inf } - UefiHostFuzzTestCasePkg/TestCase/FatPkg/FatPei/TestPeiGpt.inf { - - NULL|UefiHostFuzzTestCasePkg/TestCase/FatPkg/FatPei/Override/FatPei.inf -!if $(TEST_WITH_INSTRUMENT) - - MSFT: *_*_*_CC_FLAGS = "-DTEST_WITH_INSTRUMENT=TRUE" - GCC:*_*_*_CC_FLAGS = "-DTEST_WITH_INSTRUMENT=TRUE" - - InstrumentHookLib|UefiHostFuzzTestCasePkg/TestCase/FatPkg/FatPei/InstrumentHookLibTestPeiGpt/InstrumentHookLibTestPeiGpt.inf -!endif - } +# UefiHostFuzzTestCasePkg/TestCase/FatPkg/FatPei/TestPeiGpt.inf { +# +# NULL|UefiHostFuzzTestCasePkg/TestCase/FatPkg/FatPei/Override/FatPei.inf +#!if $(TEST_WITH_INSTRUMENT) +# +# MSFT: *_*_*_CC_FLAGS = "-DTEST_WITH_INSTRUMENT=TRUE" +# GCC:*_*_*_CC_FLAGS = "-DTEST_WITH_INSTRUMENT=TRUE" +# +# InstrumentHookLib|UefiHostFuzzTestCasePkg/TestCase/FatPkg/FatPei/InstrumentHookLibTestPeiGpt/InstrumentHookLibTestPeiGpt.inf +#!endif +# } - UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Ata/AhciPei/TestIdentifyAtaDevice.inf{ - - NULL|UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Ata/AhciPei/Override/AhciPei.inf - IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf - PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf - LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf - PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf - TdxLib|MdePkg/Library/TdxLib/TdxLib.inf - CcProbeLib|OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf - RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf - } +# UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Ata/AhciPei/TestIdentifyAtaDevice.inf{ +# +# NULL|UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Ata/AhciPei/Override/AhciPei.inf +# IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf +# PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf +# LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf +# PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf +# TdxLib|MdePkg/Library/TdxLib/TdxLib.inf +# CcProbeLib|OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf +# RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf +# } UefiHostFuzzTestCasePkg/TestCase/SecurityPkg/Library/DxeTpm2MeasureBootLib/TestTcg2MeasureGptTable.inf{ diff --git a/HBFA/UefiHostTestTools/RunLibFuzzer.py b/HBFA/UefiHostTestTools/RunLibFuzzer.py index 78edd8f..e8dc3fc 100644 --- a/HBFA/UefiHostTestTools/RunLibFuzzer.py +++ b/HBFA/UefiHostTestTools/RunLibFuzzer.py @@ -322,6 +322,14 @@ def updateBuildFlags(SanitizerFlags, buildProfraw): profrawCcCovFlag = rb'-fprofile-instr-generate -fcoverage-mapping' profrawLdCovFlag = rb'-fprofile-instr-generate -fcoverage-mapping' + if os.getenv('LIB_FUZZING_ENGINE') is not None: + LIB_FUZZING_ENGINE = os.getenv('LIB_FUZZING_ENGINE') + else: + LIB_FUZZING_ENGINE = '' + if os.getenv('CXXFLAGS') is not None: + CXXFLAGS = os.getenv('CXXFLAGS') + else: + CXXFLAGS = '' # Patch with appropriate coverage and sanitizer if buildProfraw: @@ -354,20 +362,26 @@ def updateBuildFlags(SanitizerFlags, buildProfraw): rb'GCC:*_LIBFUZZER_*_CC_FLAGS = ' rb'"-DTEST_WITH_LIBFUZZER=TRUE" -O1' rb' -fsanitize=fuzzer' + - SanitizerFlags.encode(), raw) + SanitizerFlags.encode() + + rb' ' + + CXXFLAGS.encode(), raw) raw = re.sub(rb'GCC:\*_LIBFUZZER_\*_DLINK2_FLAGS = -fsanitize=' rb'fuzzer,address', rb'GCC:*_LIBFUZZER_*_DLINK2_FLAGS = -fsanitize=fuzzer' - + SanitizerFlags.encode(), raw) + + SanitizerFlags.encode() + + rb' ' + + LIB_FUZZING_ENGINE.encode(), raw) raw = re.sub(rb'GCC:\*_CLANG8_\*_CC_FLAGS = -O1 -fsanitize=address' rb' -fprofile-arcs -ftest-coverage', rb'GCC:*_CLANG8_*_CC_FLAGS = -O1 -fsanitize=' + SanitizerFlags[1::].encode() + - rb' -fprofile-arcs -ftest-coverage', raw) + rb' -fprofile-arcs -ftest-coverage ' + + CXXFLAGS.encode(), raw) raw = re.sub(rb'GCC:\*_CLANG8_\*_DLINK2_FLAGS = -fsanitize=address' rb' --coverage', rb'GCC:*_CLANG8_*_DLINK2_FLAGS = ' rb'-fsanitize=' + SanitizerFlags[1::].encode() + - rb' --coverage', raw) + rb' --coverage ' + + LIB_FUZZING_ENGINE.encode(), raw) # Write out file fws = open(OutputBuildOptionFile, 'wb') diff --git a/docs/src/harness/includedfuzzharnesses.md b/docs/src/harness/includedfuzzharnesses.md index e887c67..a4cee7b 100644 --- a/docs/src/harness/includedfuzzharnesses.md +++ b/docs/src/harness/includedfuzzharnesses.md @@ -8,14 +8,12 @@ A number of fuzzing test harness cases are included in HBFA-FL. These, test-harn | TestBmpSupportLib | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Library/BaseBmpSupportLib/TestBmpSupportLib.{c,inf} | | TestPartition | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Universal/Disk/PartitionDxe/TestPartition.{c,inf} | | TestUdf | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Universal/Disk/UdfDxe/TestUdf.{c,inf} | -| TestUsb | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Usb/UsbBusDxe/TestUsb.{c,inf} | | TestPeiUsb | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Usb/UsbBusPei/TestPeiUsb.{c,inf} | | TestVariableSmm | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Universal/Variable/RuntimeDxe/TestVariableSmm.{c,inf} | | TestFmpAuthenticationLibPkcs7 | HBFA/UefiHostFuzzTestCasePkg/TestCase/SecurityPkg/Library/FmpAuthenticationLibPkcs7/TestFmpAuthenticationLibPkcs7.{c,inf} | | TestFmpAuthenticationLibRsa2048Sha256 | HBFA/UefiHostFuzzTestCasePkg/TestCase/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/TestFmpAuthenticationLibRsa2048Sha256.{c,inf} | | TestCapsulePei | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Universal/CapsulePei/Common/TestCapsulePei.{c,inf} | | TestFileName | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Universal/Disk/UdfDxe/TestFileName.{c,inf} | -| TestPeiGpt | HBFA/UefiHostFuzzTestCasePkg/TestCase/FatPkg/FatPei/TestPeiGpt.{c,inf} | | TestValidateTdxCfv | HBFA/UefiHostFuzzTestCasePkg/TestCase/OvmfPkg/EmuVariableFvbRuntimeDxe/TestValidateTdxCfv.{c,inf} | | TestTcg2MeasureGptTable | HBFA/UefiHostFuzzTestCasePkg/TestCase/SecurityPkg/Library/DxeTpm2MeasureBootLib/TestTcg2MeasureGptTable.{c,inf} | | TestTcg2MeasurePeImage | HBFA/UefiHostFuzzTestCasePkg/TestCase/SecurityPkg/Library/DxeTpm2MeasureBootLib/TestTcg2MeasurePeImage.{c,inf} | @@ -23,7 +21,6 @@ A number of fuzzing test harness cases are included in HBFA-FL. These, test-harn | TestVirtio10Blk | HBFA/UefiHostFuzzTestCasePkg/TestCase/OvmfPkg/Virtio10BlkDxe/TestVirtio10Blk.{c,inf} | | TestVirtioBlk | HBFA/UefiHostFuzzTestCasePkg/TestCase/OvmfPkg/VirtioBlkDxe/TestVirtioBlk.{c,inf} | | TestVirtioBlkReadWrite | HBFA/UefiHostFuzzTestCasePkg/TestCase/OvmfPkg/VirtioBlkReadWrite/TestVirtioBlkReadWrite.{c,inf} | -| TestIdentifyAtaDevice | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Ata/AhciPei/TestIdentifyAtaDevice.{c,inf} | Additionally, many of the test-cases make use of stub-libraries to simulate responses from function call that would interact with hardware. These libraries are included in HBFA in the relative directory: @@ -47,7 +44,6 @@ HBFA-FL includes some seed corpus for the included test-cases. The relative loca | TestBmpSupportLib | HBFA/UefiHostFuzzTestCasePkg/Seed/BMP/Raw | TestPartition | HBFA/UefiHostFuzzTestCasePkg/Seed/UDF/Raw/Partition | TestUdf | HBFA/UefiHostFuzzTestCasePkg/Seed/UDF/Raw/FileSystem -| TestUsb | HBFA/UefiHostFuzzTestCasePkg/Seed/USB/Raw | TestPeiUsb | HBFA/UefiHostFuzzTestCasePkg/Seed/USB/Raw | TestDxeCapsuleLibFmp | HBFA/UefiHostFuzzTestCasePkg/Seed/Capsule | TestVariableSmm | HBFA/UefiHostFuzzTestCasePkg/Seed/VariableSmm/Raw @@ -57,7 +53,6 @@ HBFA-FL includes some seed corpus for the included test-cases. The relative loca | TestUpdateLockBoxFuzzLength | HBFA/UefiHostFuzzTestCasePkg/Seed/LockBox/Raw | TestUpdateLockBoxFuzzOffset | HBFA/UefiHostFuzzTestCasePkg/Seed/LockBox/Raw | TestFileName | HBFA/UefiHostFuzzTestCasePkg/Seed/UDF/Raw/FileName -| TestPeiGpt | HBFA/UefiHostFuzzTestCasePkg/Seed/Gpt/Raw ## Test-cases presently not included in HBFA-FL diff --git a/docs/src/tutorials/writingafuzzingharness.md b/docs/src/tutorials/writingafuzzingharness.md index 9e40c0e..1da686f 100644 --- a/docs/src/tutorials/writingafuzzingharness.md +++ b/docs/src/tutorials/writingafuzzingharness.md @@ -1140,14 +1140,12 @@ A number of fuzzing test harness cases are included in HBFA. Carefully examining | TestBmpSupportLib | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Library/BaseBmpSupportLib/TestBmpSupportLib.{c,inf} | | TestPartition | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Universal/Disk/PartitionDxe/TestPartition.{c,inf} | | TestUdf | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Universal/Disk/UdfDxe/TestUdf.{c,inf} | -| TestUsb | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Usb/UsbBusDxe/TestUsb.{c,inf} | | TestPeiUsb | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Usb/UsbBusPei/TestPeiUsb.{c,inf} | | TestVariableSmm | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Universal/Variable/RuntimeDxe/TestVariableSmm.{c,inf} | | TestFmpAuthenticationLibPkcs7 | HBFA/UefiHostFuzzTestCasePkg/TestCase/SecurityPkg/Library/FmpAuthenticationLibPkcs7/TestFmpAuthenticationLibPkcs7.{c,inf} | | TestFmpAuthenticationLibRsa2048Sha256 | HBFA/UefiHostFuzzTestCasePkg/TestCase/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/TestFmpAuthenticationLibRsa2048Sha256.{c,inf} | | TestCapsulePei | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Universal/CapsulePei/Common/TestCapsulePei.{c,inf} | | TestFileName | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Universal/Disk/UdfDxe/TestFileName.{c,inf} | -| TestPeiGpt | HBFA/UefiHostFuzzTestCasePkg/TestCase/FatPkg/FatPei/TestPeiGpt.{c,inf} | | TestValidateTdxCfv | HBFA/UefiHostFuzzTestCasePkg/TestCase/OvmfPkg/EmuVariableFvbRuntimeDxe/TestValidateTdxCfv.{c,inf} | | TestTcg2MeasureGptTable | HBFA/UefiHostFuzzTestCasePkg/TestCase/SecurityPkg/Library/DxeTpm2MeasureBootLib/TestTcg2MeasureGptTable.{c,inf} | | TestTcg2MeasurePeImage | HBFA/UefiHostFuzzTestCasePkg/TestCase/SecurityPkg/Library/DxeTpm2MeasureBootLib/TestTcg2MeasurePeImage.{c,inf} | @@ -1155,7 +1153,6 @@ A number of fuzzing test harness cases are included in HBFA. Carefully examining | TestVirtio10Blk | HBFA/UefiHostFuzzTestCasePkg/TestCase/OvmfPkg/Virtio10BlkDxe/TestVirtio10Blk.{c,inf} | | TestVirtioBlk | HBFA/UefiHostFuzzTestCasePkg/TestCase/OvmfPkg/VirtioBlkDxe/TestVirtioBlk.{c,inf} | | TestVirtioBlkReadWrite | HBFA/UefiHostFuzzTestCasePkg/TestCase/OvmfPkg/VirtioBlkReadWrite/TestVirtioBlkReadWrite.{c,inf} | -| TestIdentifyAtaDevice | HBFA/UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Ata/AhciPei/TestIdentifyAtaDevice.{c,inf} | Additionally, many of the test-cases make use of stub-libraries to simulate responses from function call that would interact with hardware. These libraries are included in HBFA in the relative directory: @@ -1659,15 +1656,6 @@ Importantly, for a fuzzing test harness in HBFA, you must ensure that there is a Tpm2DeviceStubLib|UefiHostFuzzTestCasePkg/TestStub/Tpm2DeviceLibStub/Tpm2DeviceLibStub.inf } - UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Usb/UsbBusDxe/TestUsb.inf { - - NULL|MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf - } - UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Usb/UsbBusPei/TestPeiUsb.inf { - - NULL|MdeModulePkg/Bus/Usb/UsbBusPei/UsbBusPei.inf - } - UefiHostFuzzTestCasePkg/TestCase/SecurityPkg/Library/FmpAuthenticationLibPkcs7/TestFmpAuthenticationLibPkcs7.inf { FmpAuthenticationLib|SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf @@ -1679,18 +1667,6 @@ Importantly, for a fuzzing test harness in HBFA, you must ensure that there is a BaseCryptLib|UefiHostFuzzTestCasePkg/TestCase/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/CryptoLibStubRsa2048Sha256.inf } - UefiHostFuzzTestCasePkg/TestCase/FatPkg/FatPei/TestPeiGpt.inf { - - NULL|UefiHostFuzzTestCasePkg/TestCase/FatPkg/FatPei/Override/FatPei.inf -!if $(TEST_WITH_INSTRUMENT) - - MSFT: *_*_*_CC_FLAGS = "-DTEST_WITH_INSTRUMENT=TRUE" - GCC:*_*_*_CC_FLAGS = "-DTEST_WITH_INSTRUMENT=TRUE" - - InstrumentHookLib|UefiHostFuzzTestCasePkg/TestCase/FatPkg/FatPei/InstrumentHookLibTestPeiGpt/InstrumentHookLibTestPeiGpt.inf -!endif - } - UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Library/SmmLockBoxLib/UpdateLockBoxTestCase/TestUpdateLockBoxFuzzLength.inf { NULL|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf @@ -1699,17 +1675,6 @@ Importantly, for a fuzzing test harness in HBFA, you must ensure that there is a NULL|MdeModulePkg/Library/SmmLockBoxLib/SmmLockBoxSmmLib.inf } - UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Ata/AhciPei/TestIdentifyAtaDevice.inf{ - - NULL|UefiHostFuzzTestCasePkg/TestCase/MdeModulePkg/Bus/Ata/AhciPei/Override/AhciPei.inf - IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf - PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf - LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf - PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf - TdxLib|MdePkg/Library/TdxLib/TdxLib.inf - CcProbeLib|OvmfPkg/Library/CcProbeLib/DxeCcProbeLib.inf - RegisterFilterLib|MdePkg/Library/RegisterFilterLibNull/RegisterFilterLibNull.inf - } UefiHostFuzzTestCasePkg/TestCase/OvmfPkg/Library/TdxStartupLib/TestHobList.inf {