diff options
| author |  Calvin Rose <calsrose@gmail.com> | 2020-04-05 08:17:42 -0500 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2020-04-05 08:17:42 -0500 |
| commit | 553e38ffd6f53c3eeb5b037d7147f12c177eb080 (patch) | |
| tree | bd3b43e0a0f6df7caaca8c80b56c084e883284bf | |
| parent | Prevent unmarsal DOS in arrays,buffers,tables,and structs. (diff) | |
| parent | Setup some simple fuzz helpers for unmarshal. (diff) | |
Merge pull request #337 from andrewchambers/fuzzunmarshal
Setup some simple fuzz helpers for unmarshal.
| -rw-r--r-- | tools/afl/README.md | 18 | ||||
| -rw-r--r-- | tools/afl/generate_unmarshal_testcases.janet | 49 | ||||
| -rw-r--r-- | tools/afl/unmarshal_runner.janet | 2 |
3 files changed, 67 insertions, 2 deletions
diff --git a/tools/afl/README.md b/tools/afl/README.md index f4a8edb9..d7d76ab6 100644 --- a/tools/afl/README.md +++ b/tools/afl/README.md @@ -3,12 +3,26 @@ To use these, you need to install afl (of course), and xterm. A tiling window manager helps manage many concurrent fuzzer instances. +Note, afl sometimes requires system configuration, if you find AFL quitting prematurely, try manually +launching it and addressing any error messages. + ## Fuzz the parser ``` $ sh ./tools/afl/prepare_to_fuzz.sh -export NFUZZ=1 +$ export NFUZZ=1 $ sh ./tools/afl/fuzz.sh parser Ctrl+C when done to close all fuzzer terminals. $ sh ./tools/afl/aggregate_cases.sh parser $ ls ./fuzz_out/parser_aggregated/ -```
\ No newline at end of file +``` + +## Fuzz the unmarshaller +``` +$ janet ./tools/afl/generate_unmarshal_testcases.janet +$ sh ./tools/afl/prepare_to_fuzz.sh +$ export NFUZZ=1 +$ sh ./tools/afl/fuzz.sh unmarshal +Ctrl+C when done to close all fuzzer terminals. +$ sh ./tools/afl/aggregate_cases.sh unmarshal +$ ls ./fuzz_out/unmarshal_aggregated/ +``` diff --git a/tools/afl/generate_unmarshal_testcases.janet b/tools/afl/generate_unmarshal_testcases.janet new file mode 100644 index 00000000..d04e1890 --- /dev/null +++ b/tools/afl/generate_unmarshal_testcases.janet @@ -0,0 +1,49 @@ + +(os/mkdir "./tools/afl/unmarshal_testcases/") + +(defn spit-case [n v] + (spit + (string "./tools/afl/unmarshal_testcases/" (string n)) + (marshal v make-image-dict))) + +(def cases [ + nil + + "abc" + + :def + + 'hij + + 123 + + (int/s64 123) + + "7" + + [1 2 3] + + @[1 2 3] + + {:a 123} + + @{:b 'xyz} + + (peg/compile + '{:a (* "a" :b "a") + :b (* "b" (+ :a 0) "b") + :main (* "(" :b ")")}) + + (fn f [a] (fn [] {:ab a})) + + (fn f [a] (print "hello world!")) + + (do + (defn f [a] (yield) @[1 "2"]) + (def fb (fiber/new f)) + (resume fb) + fb) +]) + +(eachk i cases + (spit-case i (in cases i))) diff --git a/tools/afl/unmarshal_runner.janet b/tools/afl/unmarshal_runner.janet new file mode 100644 index 00000000..801e8e00 --- /dev/null +++ b/tools/afl/unmarshal_runner.janet @@ -0,0 +1,2 @@ + (pp (unmarshal (slurp ((dyn :args) 1)) load-image-dict)) + |