build: move again stuff using libfuzzer

author Vincent Bernat <vincent@bernat.ch>

Sat, 5 Nov 2022 19:18:27 +0000 (20:18 +0100)

committer Vincent Bernat <vincent@bernat.ch>

Sat, 5 Nov 2022 19:18:27 +0000 (20:18 +0100)
author Vincent Bernat <vincent@bernat.ch>
Sat, 5 Nov 2022 19:18:27 +0000 (20:18 +0100)
committer Vincent Bernat <vincent@bernat.ch>
Sat, 5 Nov 2022 19:18:27 +0000 (20:18 +0100)
diff --git a/README.md b/README.md

index 18fe2b8799dde6a64907111fc803c44812494060..375874519a98d13dc3ac9e102a7b936c8ce98e60 100644 (file)
--- a/README.md
+++ b/README.md
@@ -340,18 +340,6 @@ You can append any further arguments. If lldpd is unable to find
  `lldpcli` it will start in an unconfigured mode and won't send or
  accept LLDP frames.
  
-You can use [afl](http://lcamtuf.coredump.cx/afl/) to test some
-aspects of lldpd. To test frame decoding, you can do something like
-that:
-
-    export AFL_USE_ASAN=1 # only on 32bit arch
-    ./configure CC=afl-gcc
-    make clean check
-    cd tests
-    mkdir inputs
-    mv *.pcap inputs
-    afl-fuzz -i inputs -o outputs ./decode @@
-
  There is a general test suite with `make check`. It's also possible to
  run integration tests. They need [pytest](http://pytest.org/latest/)
  and rely on Linux containers to be executed.
@@ -369,15 +357,27 @@ To enable code coverage, use:
      genhtml gcov.info --output-directory coverage
  
  ## Fuzzing
-libfuzzer:
  
-```
-export CC=clang
-export CXX=clang++
+### With libfuzzer
  
-sh ./tests/build.sh ASan
-sh ./tests/build.sh Run
  ```
+./tests/fuzzer/build.sh ASan
+./tests/fuzzer/build.sh run
+```
+
+### With AFL
+
+You can use [afl](http://lcamtuf.coredump.cx/afl/) to test some
+aspects of lldpd. To test frame decoding, you can do something like
+that:
+
+    export AFL_USE_ASAN=1 # only on 32bit arch
+    ./configure CC=afl-gcc
+    make clean check
+    cd tests
+    mkdir inputs
+    mv *.pcap inputs
+    afl-fuzz -i inputs -o outputs ./decode @@
  
  ## Embedding
  
diff --git a/tests/build-fuzzer.sh b/tests/fuzzer/build.sh

old mode 100644 (file)

new mode 100755 (executable)

similarity index 83%

rename from tests/build-fuzzer.sh

rename to tests/fuzzer/build.sh

index aa28757..0011142
--- a/tests/build-fuzzer.sh
+++ b/tests/fuzzer/build.sh
@@ -1,23 +1,22 @@
  #!/bin/bash -eu
  
-build(){
+build() {
     export CFLAGS="$1"
-   export CXXFLAGS="$1"
  
     ./autogen.sh
-   ./configure CC="$CC" CFLAGS="$CFLAGS" LDFLAGS="$CFLAGS" \
+   ./configure CC="${CC:-clang}" CFLAGS="$CFLAGS" LDFLAGS="$CFLAGS" \
        --enable-fuzzer=yes --disable-shared --disable-hardening --enable-pie
  
     make -j$(nproc)
-   mkdir -p tests/seed/fuzz-decode_Corpus
+   mkdir -p tests/fuzzer/corpus
  }
  
-run(){
+run() {
     cd tests
-   ./fuzz-decode seed/fuzz-decode_Corpus seed/fuzz-decode_seed_corpus
+   ./fuzz-decode fuzzer/corpus fuzzer/seed-corpus
  }
  
-help(){
+help() {
     echo "use: ./$0 ASan | UBSan | MSan | Run"
  }
  
@@ -25,6 +24,6 @@ case $1 in
     ASan) build "-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link" ;;
     UBSan) build "-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr -fno-sanitize-recover=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr -fsanitize=fuzzer-no-link" ;;
     MSan) build "-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=memory -fsanitize-memory-track-origins -fsanitize=fuzzer-no-link" ;;
-   run) run $2 ;;
+   run) run ${2:-} ;;
     *) help ;;
  esac
diff --git a/tests/seed/fuzz-decode_seed_corpus/cdp.0.raw b/tests/fuzzer/seed-corpus/cdp.0.raw

similarity index 100%

rename from tests/seed/fuzz-decode_seed_corpus/cdp.0.raw

rename to tests/fuzzer/seed-corpus/cdp.0.raw
diff --git a/tests/seed/fuzz-decode_seed_corpus/cdp.1.raw b/tests/fuzzer/seed-corpus/cdp.1.raw

similarity index 100%

rename from tests/seed/fuzz-decode_seed_corpus/cdp.1.raw

rename to tests/fuzzer/seed-corpus/cdp.1.raw
diff --git a/tests/seed/fuzz-decode_seed_corpus/cdp.2.raw b/tests/fuzzer/seed-corpus/cdp.2.raw

similarity index 100%

rename from tests/seed/fuzz-decode_seed_corpus/cdp.2.raw

rename to tests/fuzzer/seed-corpus/cdp.2.raw
diff --git a/tests/seed/fuzz-decode_seed_corpus/cdp.3.raw b/tests/fuzzer/seed-corpus/cdp.3.raw

similarity index 100%

rename from tests/seed/fuzz-decode_seed_corpus/cdp.3.raw

rename to tests/fuzzer/seed-corpus/cdp.3.raw
diff --git a/tests/seed/fuzz-decode_seed_corpus/edp.0.raw b/tests/fuzzer/seed-corpus/edp.0.raw

similarity index 100%

rename from tests/seed/fuzz-decode_seed_corpus/edp.0.raw

rename to tests/fuzzer/seed-corpus/edp.0.raw
diff --git a/tests/seed/fuzz-decode_seed_corpus/edp.1.raw b/tests/fuzzer/seed-corpus/edp.1.raw

similarity index 100%

rename from tests/seed/fuzz-decode_seed_corpus/edp.1.raw

rename to tests/fuzzer/seed-corpus/edp.1.raw
diff --git a/tests/seed/fuzz-decode_seed_corpus/edp.2.raw b/tests/fuzzer/seed-corpus/edp.2.raw

similarity index 100%

rename from tests/seed/fuzz-decode_seed_corpus/edp.2.raw

rename to tests/fuzzer/seed-corpus/edp.2.raw
diff --git a/tests/seed/fuzz-decode_seed_corpus/edp.3.raw b/tests/fuzzer/seed-corpus/edp.3.raw

similarity index 100%

rename from tests/seed/fuzz-decode_seed_corpus/edp.3.raw

rename to tests/fuzzer/seed-corpus/edp.3.raw
diff --git a/tests/seed/fuzz-decode_seed_corpus/edp.4.raw b/tests/fuzzer/seed-corpus/edp.4.raw

similarity index 100%

rename from tests/seed/fuzz-decode_seed_corpus/edp.4.raw

rename to tests/fuzzer/seed-corpus/edp.4.raw
diff --git a/tests/seed/fuzz-decode_seed_corpus/lldp.0.raw b/tests/fuzzer/seed-corpus/lldp.0.raw

similarity index 100%

rename from tests/seed/fuzz-decode_seed_corpus/lldp.0.raw

rename to tests/fuzzer/seed-corpus/lldp.0.raw
diff --git a/tests/seed/fuzz-decode_seed_corpus/lldp.1.raw b/tests/fuzzer/seed-corpus/lldp.1.raw

similarity index 100%

rename from tests/seed/fuzz-decode_seed_corpus/lldp.1.raw

rename to tests/fuzzer/seed-corpus/lldp.1.raw
diff --git a/tests/seed/fuzz-decode_seed_corpus/sonmp.0.raw b/tests/fuzzer/seed-corpus/sonmp.0.raw

similarity index 100%

rename from tests/seed/fuzz-decode_seed_corpus/sonmp.0.raw

rename to tests/fuzzer/seed-corpus/sonmp.0.raw
diff --git a/tests/seed/fuzz-decode_seed_corpus/sonmp.1.raw b/tests/fuzzer/seed-corpus/sonmp.1.raw

similarity index 100%

rename from tests/seed/fuzz-decode_seed_corpus/sonmp.1.raw

rename to tests/fuzzer/seed-corpus/sonmp.1.raw
diff --git a/tests/seed/fuzz-decode_seed_corpus/sonmp.2.raw b/tests/fuzzer/seed-corpus/sonmp.2.raw

similarity index 100%

rename from tests/seed/fuzz-decode_seed_corpus/sonmp.2.raw

rename to tests/fuzzer/seed-corpus/sonmp.2.raw
author	Vincent Bernat <vincent@bernat.ch>
	Sat, 5 Nov 2022 19:18:27 +0000 (20:18 +0100)
committer	Vincent Bernat <vincent@bernat.ch>
	Sat, 5 Nov 2022 19:18:27 +0000 (20:18 +0100)
README.md		patch \| blob \| blame \| history
tests/fuzzer/build.sh	[moved from tests/build-fuzzer.sh with 83% similarity, mode: 0755]	patch \| blob \| blame \| history
tests/fuzzer/seed-corpus/cdp.0.raw	[moved from tests/seed/fuzz-decode_seed_corpus/cdp.0.raw with 100% similarity]	patch \| blob \| blame \| history
tests/fuzzer/seed-corpus/cdp.1.raw	[moved from tests/seed/fuzz-decode_seed_corpus/cdp.1.raw with 100% similarity]	patch \| blob \| blame \| history
tests/fuzzer/seed-corpus/cdp.2.raw	[moved from tests/seed/fuzz-decode_seed_corpus/cdp.2.raw with 100% similarity]	patch \| blob \| blame \| history
tests/fuzzer/seed-corpus/cdp.3.raw	[moved from tests/seed/fuzz-decode_seed_corpus/cdp.3.raw with 100% similarity]	patch \| blob \| blame \| history
tests/fuzzer/seed-corpus/edp.0.raw	[moved from tests/seed/fuzz-decode_seed_corpus/edp.0.raw with 100% similarity]	patch \| blob \| blame \| history
tests/fuzzer/seed-corpus/edp.1.raw	[moved from tests/seed/fuzz-decode_seed_corpus/edp.1.raw with 100% similarity]	patch \| blob \| blame \| history
tests/fuzzer/seed-corpus/edp.2.raw	[moved from tests/seed/fuzz-decode_seed_corpus/edp.2.raw with 100% similarity]	patch \| blob \| blame \| history
tests/fuzzer/seed-corpus/edp.3.raw	[moved from tests/seed/fuzz-decode_seed_corpus/edp.3.raw with 100% similarity]	patch \| blob \| blame \| history
tests/fuzzer/seed-corpus/edp.4.raw	[moved from tests/seed/fuzz-decode_seed_corpus/edp.4.raw with 100% similarity]	patch \| blob \| blame \| history
tests/fuzzer/seed-corpus/lldp.0.raw	[moved from tests/seed/fuzz-decode_seed_corpus/lldp.0.raw with 100% similarity]	patch \| blob \| blame \| history
tests/fuzzer/seed-corpus/lldp.1.raw	[moved from tests/seed/fuzz-decode_seed_corpus/lldp.1.raw with 100% similarity]	patch \| blob \| blame \| history
tests/fuzzer/seed-corpus/sonmp.0.raw	[moved from tests/seed/fuzz-decode_seed_corpus/sonmp.0.raw with 100% similarity]	patch \| blob \| blame \| history
tests/fuzzer/seed-corpus/sonmp.1.raw	[moved from tests/seed/fuzz-decode_seed_corpus/sonmp.1.raw with 100% similarity]	patch \| blob \| blame \| history
tests/fuzzer/seed-corpus/sonmp.2.raw	[moved from tests/seed/fuzz-decode_seed_corpus/sonmp.2.raw with 100% similarity]	patch \| blob \| blame \| history