57 lines
1.4 KiB
Bash
Executable file
57 lines
1.4 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
set -eux
|
|
|
|
root=$(dirname "$0")/..
|
|
export ASAN_OPTIONS="quarantine_size_mb=10:detect_leaks=1:symbolize=1"
|
|
export UBSAN="print_stacktrace=1:halt_on_error=1:symbolize=1"
|
|
|
|
declare -A mode_config=( ["halt"]="-timeout=1 -rss_limit_mb=256" ["recover"]="-timeout=10 -rss_limit_mb=256" )
|
|
|
|
run_fuzzer() {
|
|
if [ "$#" -lt 2 ]; then
|
|
echo "usage: $0 <language> <halt|recover> <libFuzzer args...>"
|
|
exit 1
|
|
fi
|
|
|
|
lang="$1"
|
|
shift
|
|
mode="$1"
|
|
shift
|
|
# Treat remainder of arguments as libFuzzer arguments
|
|
|
|
# Fuzzing logs and testcases are always written to `pwd`, so `cd` there first
|
|
results="${root}/out/fuzz-results/${lang}_${mode}"
|
|
mkdir -p "${results}"
|
|
cd "${results}"
|
|
|
|
# Create a corpus directory, so new discoveries are stored on disk. These will
|
|
# then be loaded on subsequent fuzzing runs
|
|
mkdir -p corpus
|
|
|
|
"../../${lang}_fuzzer_${mode}" "-dict=../../${lang}.dict" "-artifact_prefix=${lang}_${mode}_" -max_len=2048 ${mode_config[$mode]} "./corpus" "$@"
|
|
}
|
|
|
|
reproduce() {
|
|
if [ "$#" -lt 3 ]; then
|
|
echo "usage: $0 <language> (halt|recover) <testcase> <libFuzzer args...>"
|
|
exit 1
|
|
fi
|
|
|
|
lang="$1"
|
|
shift
|
|
mode="$1"
|
|
shift
|
|
testcase="$1"
|
|
shift
|
|
# Treat remainder of arguments as libFuzzer arguments
|
|
|
|
"${root}/out/${lang}_fuzzer_${mode}" ${mode_config[$mode]} -runs=1 "${testcase}" "$@"
|
|
}
|
|
|
|
script=$(basename "$0")
|
|
if [ "$script" == "run-fuzzer" ]; then
|
|
run_fuzzer "$@"
|
|
elif [ "$script" == "reproduce" ]; then
|
|
reproduce "$@"
|
|
fi
|