aboutsummaryrefslogtreecommitdiffhomepage
path: root/infra
diff options
context:
space:
mode:
Diffstat (limited to 'infra')
-rw-r--r--infra/base-images/base-builder/Dockerfile2
-rw-r--r--infra/base-images/base-builder/compile_afl6
-rwxr-xr-xinfra/base-images/base-runner/run_fuzzer10
3 files changed, 15 insertions, 3 deletions
diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile
index 1f6018e0..53522aae 100644
--- a/infra/base-images/base-builder/Dockerfile
+++ b/infra/base-images/base-builder/Dockerfile
@@ -125,7 +125,7 @@ WORKDIR $SRC
RUN git clone https://github.com/AFLplusplus/AFLplusplus.git aflplusplus && \
cd aflplusplus && \
- git checkout ef77d552e9b89852b293c300a5a9a9c617945f43 && \
+ git checkout c5117b42cab9f47448a7f3cfe3edae6708d32528 && \
wget --no-check-certificate -O oss.sh https://raw.githubusercontent.com/vanhauser-thc/binary_blobs/master/oss.sh && \
chmod 755 oss.sh
diff --git a/infra/base-images/base-builder/compile_afl b/infra/base-images/base-builder/compile_afl
index 9275fd11..321d0291 100644
--- a/infra/base-images/base-builder/compile_afl
+++ b/infra/base-images/base-builder/compile_afl
@@ -15,6 +15,9 @@
#
################################################################################
+# In emergencies where afl++'s own compiler fails set this to "1":
+export AFL_LLVM_MODE_WORKAROUND=0
+
# AFL++ setup
echo "Copying precompiled AFL++"
@@ -34,6 +37,8 @@ export CXX="$SRC/aflplusplus/afl-clang-fast++"
export AFL_QUIET=1
# No leak errors during builds.
export ASAN_OPTIONS="detect_leaks=0:symbolize=0:detect_odr_violation=0:abort_on_error=1"
+# Do not abort on any problems (because this is during build where it is ok)
+export AFL_IGNORE_PROBLEMS=1
# No complain on unknown AFL environment variables
export AFL_IGNORE_UNKNOWN_ENVS=1
@@ -44,7 +49,6 @@ env | egrep -q '^AFL_SKIP_OSSFUZZ=' || {
# The variables need to be set to "1" here - or before running this script.
# AFL++ configuration options.
- export AFL_LLVM_MODE_WORKAROUND=0
export AFL_ENABLE_DICTIONARY=0
export AFL_ENABLE_CMPLOG=1
export AFL_LAF_CHANCE=5
diff --git a/infra/base-images/base-runner/run_fuzzer b/infra/base-images/base-runner/run_fuzzer
index cda877cf..97213279 100755
--- a/infra/base-images/base-runner/run_fuzzer
+++ b/infra/base-images/base-runner/run_fuzzer
@@ -113,20 +113,28 @@ if [[ "$FUZZING_ENGINE" = afl ]]; then
export AFL_FAST_CAL=1
export AFL_CMPLOG_ONLY_NEW=1
export AFL_FORKSRV_INIT_TMOUT=30000
+ export AFL_IGNORE_PROBLEMS=1
+ export AFL_IGNORE_UNKNOWN_ENVS=1
+
# If $OUT/afl_cmplog.txt is present this means the target was compiled for
# CMPLOG. So we have to add the proper parameters to afl-fuzz.
test -e "$OUT/afl_cmplog.txt" && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -c $OUT/$FUZZER"
+
# If $OUT/afl++.dict we load it as a dictionary for afl-fuzz.
test -e "$OUT/afl++.dict" && AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -x $OUT/afl++.dict"
+
# Ensure timeout is a bit larger than 1sec as some of the OSS-Fuzz fuzzers
# are slower than this.
AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -t 5000+"
+
# AFL expects at least 1 file in the input dir.
echo input > ${CORPUS_DIR}/input
+
+ CMD_LINE="$OUT/afl-fuzz $AFL_FUZZER_ARGS -i $CORPUS_DIR -o $FUZZER_OUT $(get_dictionary) $* -- $OUT/$FUZZER"
+
echo afl++ setup:
env|grep AFL_
cat "$OUT/afl_options.txt"
- CMD_LINE="$OUT/afl-fuzz $AFL_FUZZER_ARGS -i $CORPUS_DIR -o $FUZZER_OUT $(get_dictionary) $* -- $OUT/$FUZZER"
elif [[ "$FUZZING_ENGINE" = honggfuzz ]]; then