[afl++] Use AFL++ instead of AFL for fuzzing. (#5046)

2 files changed, 14 insertions, 4 deletions

diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile
index 5a894ce1..2874a0e6 100644
--- a/infra/base-images/base-builder/Dockerfile
+++ b/infra/base-images/base-builder/Dockerfile
@@ -149,6 +149,10 @@ WORKDIR $SRC
 
 RUN git clone -b stable https://github.com/google/AFL.git afl
 
+RUN git clone -b stable https://github.com/AFLplusplus/AFLplusplus.git aflplusplus && \
+    cd aflplusplus && \
+    git checkout 068bef5eab942df0a133c92522f2ab81b28ac636
+
 RUN cd $SRC && \
     curl -L -O https://github.com/google/honggfuzz/archive/oss-fuzz.tar.gz && \
     mkdir honggfuzz && \
diff --git a/infra/base-images/base-builder/compile_afl b/infra/base-images/base-builder/compile_afl
index a428bee5..945aa1ca 100755
--- a/infra/base-images/base-builder/compile_afl
+++ b/infra/base-images/base-builder/compile_afl
@@ -29,8 +29,8 @@ ar r $LIB_FUZZING_ENGINE $WORK/afl/*.o
 popd > /dev/null
 rm -rf $WORK/afl
 
-# Build and copy afl tools necessary for fuzzing.
-pushd $SRC/afl > /dev/null
+# Build and copy afl++ tools necessary for fuzzing.
+pushd $SRC/aflplusplus > /dev/null
 
 # Unset CFLAGS and CXXFLAGS while building AFL since we don't want to slow it
 # down with sanitizers.
@@ -38,11 +38,17 @@ INITIAL_CXXFLAGS=$CXXFLAGS
 INITIAL_CFLAGS=$CFLAGS
 unset CXXFLAGS
 unset CFLAGS
-make clean && AFL_NO_X86=1 make
+
+make clean
+AFL_NO_X86=1 PYTHON_INCLUDE=/ make
+make -C utils/aflpp_driver
+
 CFLAGS=$INITIAL_CFLAGS
 CXXFLAGS=$INITIAL_CXXFLAGS
 
-find . -name 'afl-*' -executable -type f | xargs cp -t $OUT
+# Some important projects include libraries, copy those even when they don't
+# start with "afl-". Use "sort -u" to avoid a warning about duplicates.
+ls afl-* *.a *.o *.so | sort -u | xargs cp -t $OUT
 popd > /dev/null
 
 echo " done."