[SBFT23] libafl_libfuzzer updates (google#1760)

Further updates for the second round of evaluation of SBFT. --------- Co-authored-by: Dongge Liu <[email protected]>
ardier · Mar 5, 2023 · 7f8dad3 · 7f8dad3
1 parent 51f729c
commit 7f8dad3
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 23 deletions.
diff --git a/fuzzers/libafl_libfuzzer/builder.Dockerfile b/fuzzers/libafl_libfuzzer/builder.Dockerfile
@@ -36,9 +36,9 @@ RUN git clone \
         --branch libfuzzer \
         https://github.com/AFLplusplus/libafl /libafl && \
     cd /libafl && \
-    git checkout 04ef0f650baff36ab4ae379364821c7c11c88e6e && \
+    git checkout d31f82387d1d233771ff1e13ef7e49cdb508410f && \
     unset CFLAGS CXXFLAGS && \
     export LIBAFL_EDGES_MAP_SIZE=2621440 && \
     cd ./libafl_libfuzzer/libafl_libfuzzer_runtime && \
-    env -i CXX=$CXX CC=$CC PATH="/root/.cargo/bin/:$PATH" cargo build --release && \
+    env -i CXX=$CXX CC=$CC PATH="/root/.cargo/bin/:$PATH" cargo build --release --no-default-features && \
     cp ./target/release/libafl_libfuzzer_runtime.a /usr/lib/libFuzzer.a
diff --git a/fuzzers/libafl_libfuzzer/fuzzer.py b/fuzzers/libafl_libfuzzer/fuzzer.py
@@ -20,7 +20,7 @@
 from fuzzers import utils
 
 
-def prepare_fuzz_environment(input_corpus):
+def prepare_fuzz_environment():
     """Prepare to fuzz with a LibAFL-based fuzzer."""
     os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:' \
                                  'malloc_context_size=0:symbolize=0:' \
@@ -34,8 +34,6 @@ def prepare_fuzz_environment(input_corpus):
                                   'handle_sigbus=0:handle_sigfpe=0:' \
                                   'handle_sigill=0:print_stacktrace=0:' \
                                   'symbolize=0:symbolize_inline_frames=0'
-    # Create at least one non-empty seed to start.
-    utils.create_seed_file_for_empty_corpus(input_corpus)
 
 
 def build():
@@ -75,35 +73,23 @@ def run_fuzzer(input_corpus, output_corpus, target_binary, extra_flags=None):
     if extra_flags is None:
         extra_flags = []
 
+    # ASAN doesn't play nicely with our signal handling
+    # in the future, we will make this more compatible with libfuzzer, but
+    # for the initial implementation, we consider this sufficient
+    prepare_fuzz_environment()
+
     # Seperate out corpus and crash directories as sub-directories of
     # |output_corpus| to avoid conflicts when corpus directory is reloaded.
     crashes_dir = os.path.join(output_corpus, 'crashes')
     output_corpus = os.path.join(output_corpus, 'corpus')
     os.makedirs(crashes_dir)
     os.makedirs(output_corpus)
 
-    # Enable symbolization if needed.
-    # Note: if the flags are like `symbolize=0:..:symbolize=1` then
-    # only symbolize=1 is respected.
-    # libafl_libfuzzer does not currently support focus_function
-    # for flag in extra_flags:
-    #     if flag.startswith('-focus_function'):
-    #         if 'ASAN_OPTIONS' in os.environ:
-    #             os.environ['ASAN_OPTIONS'] += ':symbolize=1'
-    #         else:
-    #             os.environ['ASAN_OPTIONS'] = 'symbolize=1'
-    #         if 'UBSAN_OPTIONS' in os.environ:
-    #             os.environ['UBSAN_OPTIONS'] += ':symbolize=1'
-    #         else:
-    #             os.environ['UBSAN_OPTIONS'] = 'symbolize=1'
-    #         break
-
     flags = [
+        # not supported by libafl_libfuzzer currently
         '-print_final_stats=1',
-        # currently unsupported by libafl_libfuzzer currently
         # `close_fd_mask` to prevent too much logging output from the target.
         '-close_fd_mask=3',
-        # currently unsupported by libafl_libfuzzer currently
         # Run in fork mode to allow ignoring ooms, timeouts, crashes and
         # continue fuzzing indefinitely.
         '-fork=1',