-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This is based on our past SystemSan work. This will recursively find the command that builds the fuzz target, and print out the environment variables and commands for building the target. Usage: ``` $ tracer <fuzz_target_source_name> <output_path> <build command> ``` Output (written to <output_path>): ``` export ENV=val export ENV=val cd /path/to/cwd clang -o fuzz_target ... ```
- Loading branch information
1 parent
c8bca3b
commit 36621f7
Showing
12 changed files
with
463 additions
and
88 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#!/bin/sh | ||
# Copyright 2024 Google LLC | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
# | ||
################################################################################ | ||
/src/tracer $FUZZ_TARGET /usr/local/bin/recompile $SRC/real_build.sh |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
tracer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
.POSIX: | ||
CXX = clang++ | ||
CFLAGS = -std=c++20 -Wall -Wextra -O3 -g3 -Werror -static | ||
|
||
all: tracer | ||
|
||
tracer: tracer.cpp inspect_utils.cpp | ||
$(CXX) $(CFLAGS) -lpthread -o $@ $^ | ||
|
||
clean: | ||
rm -f tracer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
# Deployment | ||
|
||
``` | ||
$ make | ||
$ gsutil cp tracer gs://clusterfuzz-builds/ | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
/* | ||
* Copyright 2022 Google LLC | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
/* A detector that uses ptrace to identify DNS arbitrary resolutions. */ | ||
|
||
/* C standard library */ | ||
#include <signal.h> | ||
|
||
/* POSIX */ | ||
#include <unistd.h> | ||
|
||
/* Linux */ | ||
#include <sys/ptrace.h> | ||
|
||
#include <iostream> | ||
#include <string> | ||
#include <vector> | ||
#include <map> | ||
|
||
#include "inspect_utils.h" | ||
|
||
extern pid_t g_root_pid; | ||
extern std::map<pid_t, ThreadParent> root_pids; | ||
|
||
std::vector<std::byte> read_memory(pid_t pid, unsigned long long address, | ||
size_t size) { | ||
std::vector<std::byte> memory; | ||
|
||
for (size_t i = 0; i < size; i += sizeof(long)) { | ||
long word = ptrace(PTRACE_PEEKTEXT, pid, address + i, 0); | ||
if (word == -1) { | ||
return memory; | ||
} | ||
|
||
std::byte *word_bytes = reinterpret_cast<std::byte *>(&word); | ||
memory.insert(memory.end(), word_bytes, word_bytes + sizeof(long)); | ||
} | ||
|
||
return memory; | ||
} | ||
|
||
// Construct a string with the memory specified in a register. | ||
std::string read_string(pid_t pid, unsigned long long reg, unsigned long length) { | ||
auto memory = read_memory(pid, reg, length); | ||
if (!memory.size()) { | ||
return ""; | ||
} | ||
|
||
std::string content(reinterpret_cast<char *>(memory.data()), | ||
std::min(memory.size(), length)); | ||
return content.c_str(); | ||
} | ||
|
||
unsigned long long read_pointer(pid_t pid, unsigned long long address) { | ||
auto memory = read_memory(pid, address, sizeof(unsigned long long)); | ||
return *reinterpret_cast<unsigned long long *>(memory.data()); | ||
} | ||
|
||
// Read null pointer terminated array. | ||
std::vector<std::string> read_null_pointer_terminated_array( | ||
pid_t pid, unsigned long long address, const int max_item_len, const int max_array_len) { | ||
std::vector<std::string> result; | ||
|
||
for (int i = 0; i < max_array_len; ++i) { | ||
auto ptr = read_pointer(pid, address); | ||
if (ptr == 0) { | ||
break; | ||
} | ||
auto value = read_string(pid, ptr, max_item_len); | ||
result.push_back(value); | ||
address += sizeof(unsigned long long); | ||
} | ||
|
||
return result; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
/* | ||
* Copyright 2022 Google LLC | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
/* A detector that uses ptrace to identify DNS arbitrary resolutions. */ | ||
|
||
|
||
/* POSIX */ | ||
#include <unistd.h> | ||
|
||
#include <string> | ||
#include <vector> | ||
|
||
// Structure to know which thread id triggered the bug. | ||
struct ThreadParent { | ||
// Parent thread ID, ie creator. | ||
pid_t parent_tid; | ||
// Current thread ID ran exec to become another process. | ||
bool ran_exec = false; | ||
|
||
ThreadParent() : parent_tid(0) {} | ||
ThreadParent(pid_t tid) : parent_tid(tid) {} | ||
}; | ||
|
||
std::vector<std::byte> read_memory(pid_t pid, unsigned long long address, | ||
size_t size); | ||
std::string read_string(pid_t pid, unsigned long long reg, unsigned long length); | ||
unsigned long long read_pointer(pid_t pid, unsigned long long address); | ||
|
||
std::vector<std::string> read_null_pointer_terminated_array( | ||
pid_t pid, unsigned long long address, const int max_item_len, const int max_array_len); |
Oops, something went wrong.