[SBFT23] R-Fuzz (google#1770)

Signed-off-by: Ju Chen <[email protected]>

fuzzers/symsan/build_freetype2.sh

@@ -0,0 +1,40 @@
+#!/bin/bash -ex
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+INSTALL_DIR="$PWD/install"
+
+mkdir $OUT/seeds
+# TRT/fonts is the full seed folder, but they're too big
+cp TRT/fonts/TestKERNOne.otf $OUT/seeds/
+cp TRT/fonts/TestGLYFOne.ttf $OUT/seeds/
+
+tar xf libarchive-3.4.3.tar.xz
+
+cd libarchive-3.4.3
+./configure --prefix="$INSTALL_DIR" --disable-shared --with-xml2=no
+make clean
+make -j $(nproc)
+make install
+cd ..
+
+cd freetype2
+./autogen.sh
+./configure --with-harfbuzz=no --with-bzip2=no --with-png=no --without-zlib
+make clean
+make all -j $(nproc)
+
+$CXX $CXXFLAGS -std=c++11 -I"$INSTALL_DIR/include" -I include -I . src/tools/ftfuzzer/ftfuzzer.cc \
+    objs/.libs/libfreetype.a $FUZZER_LIB -L"$INSTALL_DIR/lib" -larchive \
+    -o $OUT/ftfuzzer

fuzzers/symsan/build_proj.sh

@@ -0,0 +1,98 @@
+#!/bin/bash -ex
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+set -e
+
+if [ "$SRC" == "" ]; then
+    echo "SRC env var not defined"
+    exit 1
+fi
+
+if [ "$OUT" == "" ]; then
+    echo "OUT env var not defined"
+    exit 1
+fi
+
+if [ "$CXX" == "" ]; then
+    echo "CXX env var not defined"
+    exit 1
+fi
+
+if [ "$LIB_FUZZING_ENGINE" = "" ]; then
+    export LIB_FUZZING_ENGINE=-lFuzzingEngine
+fi
+
+I386_PACKAGES="zlib1g-dev:i386 libssl-dev:i386 libsqlite3-dev:i386"
+X64_PACKAGES="zlib1g-dev libssl-dev libsqlite3-dev"
+
+if [ "$ARCHITECTURE" = "i386" ]; then
+    apt-get install -y $I386_PACKAGES
+else
+    apt-get install -y $X64_PACKAGES
+fi
+
+# build libcurl.a (builing against Ubuntu libcurl.a doesn't work easily)
+cd curl
+autoreconf -i
+./configure --disable-shared --without-ssl --prefix=$SRC/install
+make clean -s
+make -j$(nproc) -s
+make install
+cd ..
+
+# build libtiff.a
+cd libtiff
+./autogen.sh
+./configure --disable-shared --prefix=$SRC/install
+make -j$(nproc)
+make install
+cd ..
+
+mkdir build
+cd build
+cmake .. -DBUILD_SHARED_LIBS:BOOL=OFF \
+        -DCURL_INCLUDE_DIR:PATH="$SRC/install/include" \
+        -DCURL_LIBRARY_RELEASE:FILEPATH="$SRC/install/lib/libcurl.a" \
+        -DTIFF_INCLUDE_DIR:PATH="$SRC/install/include" \
+        -DTIFF_LIBRARY_RELEASE:FILEPATH="$SRC/install/lib/libtiff.a" \
+        -DCMAKE_INSTALL_PREFIX=$SRC/install \
+        -DBUILD_APPS:BOOL=OFF \
+        -DBUILD_TESTING:BOOL=OFF
+make clean -s
+make -j$(nproc) -s
+make install
+cd ..
+
+EXTRA_LIBS="-lpthread -Wl,-Bstatic -lsqlite3 -L$SRC/install/lib -ltiff -lcurl -lssl -lcrypto -lz -Wl,-Bdynamic"
+
+build_fuzzer()
+{
+    fuzzerName=$1
+    sourceFilename=$2
+    shift
+    shift
+    echo "Building fuzzer $fuzzerName"
+    $CXX $CXXFLAGS -std=c++11 -fvisibility=hidden -llzma -Isrc -Iinclude \
+        $sourceFilename $* -o $OUT/$fuzzerName \
+        $LIB_FUZZING_ENGINE "$SRC/install/lib/libproj.a" $EXTRA_LIBS
+}
+
+build_fuzzer proj_crs_to_crs_fuzzer test/fuzzers/proj_crs_to_crs_fuzzer.cpp
+
+echo "[libfuzzer]" > $OUT/proj_crs_to_crs_fuzzer.options
+echo "max_len = 10000" >> $OUT/proj_crs_to_crs_fuzzer.options
+
+cp -r data/* $OUT

fuzzers/symsan/builder.Dockerfile

@@ -16,77 +16,34 @@ ARG parent_image
 FROM $parent_image
 
 RUN apt-get update -y &&  \
-    apt-get -y install wget python3-pip python3-setuptools apt-transport-https \
-    #llvm-6.0 llvm-6.0-dev clang-6.0 llvm-6.0-tools libboost-all-dev texinfo \
-    libboost-all-dev texinfo \
-    lsb-release software-properties-common autoconf curl zlib1g-dev cmake protobuf-compiler
+    apt-get -y install wget python3-dev python3-setuptools apt-transport-https \
+    libboost-all-dev texinfo libz3-dev \
+    build-essential automake flex bison libglib2.0-dev libpixman-1-dev libgtk-3-dev ninja-build libnl-genl-3-dev \
+    lsb-release software-properties-common autoconf curl zlib1g-dev cmake protobuf-compiler libprotobuf-dev
 
-
-
-#install cargo
 RUN if [ -x "$(command -v rustc)" ]; then rustup self uninstall -y; fi
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | bash -s -- -y
 
-#RUN rustup update
-#install protobuf
 RUN wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 12
 
-
-
-
-RUN rm -rf /usr/include/z3
-RUN rm -rf /usr/local/include/z3
-RUN mkdir -p /out/lib
-RUN git clone https://github.com/Z3Prover/z3.git /z3 && \
-		cd /z3 && git checkout z3-4.8.12 && mkdir -p build && cd build && \
-		#cmake -DCMAKE_INSTALL_PREFIX=/out .. && make -j && make install
-		CC=clang-12 CXX=clang++-12 cmake  .. && make -j && make install
-RUN ldconfig
-
-
-RUN git clone https://github.com/protocolbuffers/protobuf.git /protobuf  && \
-    cd /protobuf && \
-    git checkout f4d0f7c85eb5347b5296d44ae2ad3ba2e27e0050 && \
-    git submodule update --init --recursive && \
-    unset CFLAGS && \
-    unset CXXFLAGS && \
-    ./autogen.sh && \
-    ./configure --prefix=/out && \
-   # ./configure  && \
-    make -j && \
-    make install
-
-RUN ldconfig
-
-
 # Download and compile afl++.
 RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \
     cd /afl && \
-    git checkout e4ff0ebd56d8076abd2413ebfaeb7b5e6c07bc3a && \
+    git checkout 33eba1fc5652060e8d877b02135fce2325813d0c && \
     unset CFLAGS && unset CXXFLAGS && \
     export CC=clang && export AFL_NO_X86=1 && \
     PYTHON_INCLUDE=/ make && make install && \
     cp utils/aflpp_driver/libAFLDriver.a /
 
-
-#RUN rm -rf /usr/local/include/llvm && rm -rf /usr/local/include/llvm-c
-#RUN rm -rf /usr/include/llvm && rm -rf /usr/include/llvm-c
-#RUN ln -s /usr/lib/llvm-6.0/include/llvm /usr/include/llvm
-#RUN ln -s /usr/lib/llvm-6.0/include/llvm-c /usr/include/llvm-c
-RUN cp /usr/local/lib/libz3.so.4.8.12.0 /out/lib/
 ENV PATH="/out/bin:${PATH}"
 ENV PATH="/root/.cargo/bin:${PATH}"
 RUN cp /usr/local/lib/libpython3.8.so.1.0 /out/
-# build kirenenko
 
-#COPY fastgen_para /out/fastgen
 RUN git clone https://github.com/chenju2k6/symsan /symsan
 
-#RUN rm /usr/local/lib/libc++*
-#RUN rm -r /usr/local/include/c++
-#RUN apt-get update -y
 RUN apt-get install -y libc++abi-12-dev libc++-12-dev libunwind-dev
-RUN cd /symsan && git checkout unified_frontend && \
+
+RUN cd /symsan && git checkout jigsaw && \
     unset CFLAGS && \
     unset CXXFLAGS && \
     mkdir build && \
@@ -97,7 +54,6 @@ RUN cd /symsan && git checkout unified_frontend && \
     cd ../../../ && cargo build --release && \
     cp target/release/libruntime_fast.a build/lib/symsan
 
-
 COPY libfuzz-harness-proxy.c /
 RUN KO_DONT_OPTIMIZE=1 USE_TRACK=1 KO_CC=clang-12 KO_USE_FASTGEN=1 /symsan/build/bin/ko-clang -c /libfuzz-harness-proxy.c -o /libfuzzer-harness.o
 RUN KO_DONT_OPTIMIZE=1 KO_CC=clang-12 /symsan/build/bin/ko-clang -c /libfuzz-harness-proxy.c -o /libfuzzer-harness-fast.o

fuzzers/symsan/bz2.abilist

@@ -0,0 +1,33 @@
+fun:BZ2_blockSort=uninstrumented
+fun:BZ2_bsInitWrite=uninstrumented
+fun:BZ2_bzBuffToBuffCompress=uninstrumented
+fun:BZ2_bzBuffToBuffDecompress=uninstrumented
+fun:BZ2_bzCompress=uninstrumented
+fun:BZ2_bzCompressEnd=uninstrumented
+fun:BZ2_bzCompressInit=uninstrumented
+fun:BZ2_bzDecompress=uninstrumented
+fun:BZ2_bzDecompressEnd=uninstrumented
+fun:BZ2_bzDecompressInit=uninstrumented
+fun:BZ2_bzRead=uninstrumented
+fun:BZ2_bzReadClose=uninstrumented
+fun:BZ2_bzReadGetUnused=uninstrumented
+fun:BZ2_bzReadOpen=uninstrumented
+fun:BZ2_bzWrite=uninstrumented
+fun:BZ2_bzWriteClose=uninstrumented
+fun:BZ2_bzWriteClose64=uninstrumented
+fun:BZ2_bzWriteOpen=uninstrumented
+fun:BZ2_bz__AssertH__fail=uninstrumented
+fun:BZ2_bzclose=uninstrumented
+fun:BZ2_bzdopen=uninstrumented
+fun:BZ2_bzerror=uninstrumented
+fun:BZ2_bzflush=uninstrumented
+fun:BZ2_bzlibVersion=uninstrumented
+fun:BZ2_bzopen=uninstrumented
+fun:BZ2_bzread=uninstrumented
+fun:BZ2_bzwrite=uninstrumented
+fun:BZ2_compressBlock=uninstrumented
+fun:BZ2_decompress=uninstrumented
+fun:BZ2_hbAssignCodes=uninstrumented
+fun:BZ2_hbCreateDecodeTables=uninstrumented
+fun:BZ2_hbMakeCodeLengths=uninstrumented
+fun:BZ2_indexIntoF=uninstrumented

fuzzers/symsan/cares.abilist

@@ -0,0 +1,89 @@
+fun:ares__bitncmp=uninstrumented
+fun:ares__close_sockets=uninstrumented
+fun:ares__destroy_servers_state=uninstrumented
+fun:ares__expand_name_for_response=uninstrumented
+fun:ares__free_query=uninstrumented
+fun:ares__generate_new_id=uninstrumented
+fun:ares__get_hostent=uninstrumented
+fun:ares__init_list_head=uninstrumented
+fun:ares__init_list_node=uninstrumented
+fun:ares__init_servers_state=uninstrumented
+fun:ares__insert_in_list=uninstrumented
+fun:ares__is_list_empty=uninstrumented
+fun:ares__is_onion_domain=uninstrumented
+fun:ares__read_line=uninstrumented
+fun:ares__remove_from_list=uninstrumented
+fun:ares__send_query=uninstrumented
+fun:ares__socket_close=uninstrumented
+fun:ares__timedout=uninstrumented
+fun:ares__tvnow=uninstrumented
+fun:ares_cancel=uninstrumented
+fun:ares_create_query=uninstrumented
+fun:ares_destroy=uninstrumented
+fun:ares_destroy_options=uninstrumented
+fun:ares_dup=uninstrumented
+fun:ares_expand_name=uninstrumented
+fun:ares_expand_string=uninstrumented
+fun:ares_fds=uninstrumented
+fun:ares_free_data=uninstrumented
+fun:ares_free_hostent=uninstrumented
+fun:ares_free_string=uninstrumented
+fun:ares_get_servers=uninstrumented
+fun:ares_get_servers_ports=uninstrumented
+fun:ares_gethostbyaddr=uninstrumented
+fun:ares_gethostbyname=uninstrumented
+fun:ares_gethostbyname_file=uninstrumented
+fun:ares_getnameinfo=uninstrumented
+fun:ares_getsock=uninstrumented
+fun:ares_inet_net_pton=uninstrumented
+fun:ares_inet_ntop=uninstrumented
+fun:ares_inet_pton=uninstrumented
+fun:ares_init=uninstrumented
+fun:ares_init_options=uninstrumented
+fun:ares_library_cleanup=uninstrumented
+fun:ares_library_init=uninstrumented
+fun:ares_library_init_mem=uninstrumented
+fun:ares_library_initialized=uninstrumented
+fun:ares_malloc_data=uninstrumented
+fun:ares_mkquery=uninstrumented
+fun:ares_parse_a_reply=uninstrumented
+fun:ares_parse_aaaa_reply=uninstrumented
+fun:ares_parse_mx_reply=uninstrumented
+fun:ares_parse_naptr_reply=uninstrumented
+fun:ares_parse_ns_reply=uninstrumented
+fun:ares_parse_ptr_reply=uninstrumented
+fun:ares_parse_soa_reply=uninstrumented
+fun:ares_parse_srv_reply=uninstrumented
+fun:ares_parse_txt_reply=uninstrumented
+fun:ares_parse_txt_reply_ext=uninstrumented
+fun:ares_process=uninstrumented
+fun:ares_process_fd=uninstrumented
+fun:ares_query=uninstrumented
+fun:ares_save_options=uninstrumented
+fun:ares_search=uninstrumented
+fun:ares_send=uninstrumented
+fun:ares_set_local_dev=uninstrumented
+fun:ares_set_local_ip4=uninstrumented
+fun:ares_set_local_ip6=uninstrumented
+fun:ares_set_servers=uninstrumented
+fun:ares_set_servers_csv=uninstrumented
+fun:ares_set_servers_ports=uninstrumented
+fun:ares_set_servers_ports_csv=uninstrumented
+fun:ares_set_socket_callback=uninstrumented
+fun:ares_set_socket_configure_callback=uninstrumented
+fun:ares_set_socket_functions=uninstrumented
+fun:ares_set_sortlist=uninstrumented
+fun:ares_strdup=uninstrumented
+fun:ares_strerror=uninstrumented
+fun:ares_strsplit=uninstrumented
+fun:ares_strsplit_free=uninstrumented
+fun:ares_timeout=uninstrumented
+fun:ares_version=uninstrumented
+fun:aresx_sitoss=uninstrumented
+fun:aresx_sitous=uninstrumented
+fun:aresx_sltosi=uninstrumented
+fun:aresx_sztosi=uninstrumented
+fun:aresx_sztoui=uninstrumented
+fun:aresx_uztosi=uninstrumented
+fun:aresx_uztosl=uninstrumented
+fun:aresx_uztoss=uninstrumented

fuzzers/symsan/fres.sh

@@ -12,4 +12,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #!/bin/bash
-LD_PRELOAD="/out/lib/libprotobuf.so /out/lib/libz3.so.4.8.12.0" RUST_LOG=info /out/fastgen --sync_afl -i - -o /out/corpus -t $1 -- $2 @@
+RUST_LOG=info /out/fastgen --sync_afl -i - -o /out/corpus -t $1 -- $2 @@

fuzzers/symsan/fuz.sh

@@ -10,4 +10,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #!/bin/bash
-LD_PRELOAD="/out/lib/libprotobuf.so /out/lib/libz3.so.4.8.12.0" RUST_LOG=info /out/fastgen --sync_afl -i /out/seeds -o /out/corpus -t $1 -- $2 @@
+RUST_LOG=info /out/fastgen --sync_afl -i /out/seeds -o /out/corpus -t $1 -- $2 @@