Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix fuzz target source path and binary name in gnutls.yaml #750

Merged
merged 1 commit into from
Dec 12, 2024
Merged

Fix fuzz target source path and binary name in gnutls.yaml #750

merged 1 commit into from
Dec 12, 2024

Conversation

DonggeLiu
Copy link
Collaborator

@DonggeLiu DonggeLiu commented Dec 12, 2024
edited
Loading

This is a tricky case because the old target path (/src/libtasn1/fuzz/libtasn1_gnutls_der_fuzzer.c) is indeed a fuzz target, but it was not used.

I found the new one and its corresponding binary with @jonathanmetzman's trick:

  1. Add a magic string (const volatile char* build_id = "BUILD_TRACKER_my_unique_identifier_123";) to the fuzz target before compilation.
  2. Find the binary with the string (find /out -type f -executable -print0 | xargs -0 sh -c 'for file do if strings "$file" | grep "BUILD_TRACKER_" >/dev/null; then basename "$file"; fi; done') after compilation.

I reckon we can do this systematically and automatically:

  1. Inject unique magic strings (e.g., BUILD_TRACKER_my_unique_identifier_1, BUILD_TRACKER_my_unique_identifier_2) to all c/c++ files containing LLVMFuzzerTestOneInput.
  2. Match binaries in /out against fuzz target source files based on the string.

@DonggeLiu
Copy link
Collaborator Author

/gcbrun skip

@DonggeLiu DonggeLiu mentioned this pull request Dec 12, 2024
Merged
@DavidKorczynski DavidKorczynski merged commit 05f3d95 into main Dec 12, 2024
5 checks passed
@DavidKorczynski DavidKorczynski deleted the DonggeLiu-patch-1 branch December 12, 2024 10:51
DavidKorczynski pushed a commit that referenced this pull request Dec 12, 2024
@DonggeLiu
Fix fuzz target source path and binary name in hostap.yaml (#751)
75a42fb 
Similar to #750, this is another tricky case where the old target path
is indeed a fuzz target and seems to be compiled with all actual fuzz
targets.

Found the correct fuzz target source path and binary name using the same
trick as in #750.
@DavidKorczynski
Copy link
Collaborator

fyi, the approach you take is the one that Fuzz Introspector use: https://github.com/ossf/fuzz-introspector/blob/28009df5d005f9c1c5131902aa7efc7e77856d48/src/fuzz_introspector/utils.py#L185-L196

problems that happen now can be the project doesn't compile with FI's C/C++ frontend (i.e. light only) and thus the approach is not used, or, some optimisations forced the strings out.

@DonggeLiu
Copy link
Collaborator Author

problems that happen now can be the project doesn't compile with FI's C/C++ frontend (i.e. light only) and thus the approach is not used, or, some optimisations forced the strings out.

Thanks for the information, @DavidKorczynski.
You are quite right: The project is indeed incompatible with FI at the moment.

Given FI proves this approach works on most projects but some projects are incompatible with FI, would you think it is a good idea for me to implement the approach in bash commands now so that it does not rely on FI?
E.g., Executing bash commands above in our ccache images, set the fuzz target source path and binary name as ENV vars so that OFG can use them directly.

Just to double-check to ensure I don't redo anything that's already done/planned by FI.

@DonggeLiu DonggeLiu mentioned this pull request Dec 13, 2024
Merged
DavidKorczynski pushed a commit that referenced this pull request Dec 13, 2024
@DonggeLiu
Update fuzz target source file path and binary name of librawspeed.ya…
d71ae42 
…ml (#752)

This is another strange case:
1. The project is
[compatible](https://oss-fuzz-build-logs.storage.googleapis.com/index.html#librawspeed)
with FI.
2. FI API [did not
report](https://introspector.oss-fuzz.com/api/harness-source-and-executable?project=librawspeed)
any pair.
3. The trick from #750 works:
```bash
#!/usr/bin/env bash

# First, find all matching files
FILES=$(find /src \
    -type f \( -name '*.c' -o -name '*.cc' -o -name '*.cpp' -o -name '*.cxx' \) \
    -not -path '*/aflplusplus/*' \
    -not -path '*/fuzztest/*' \
    -not -path '*/honggfuzz/*' \
    -not -path '*/libfuzzer/*' \
    -exec grep -l 'LLVMFuzzerTestOneInput' {} \;)

# For each file, insert a build_id line at the top of the file
for file in $FILES; do
    # Escape any slashes so the file path can be safely inserted by sed
    file_escaped=$(echo "$file" | sed 's/\//\\\//g')

    # Insert the build_id line at the top of the file
    # Adjust the insertion point as needed (e.g., after includes) if desired
    sed -i "1i const volatile char* build_id = \"$file_escaped\";" "$file"
done

echo "build_id line inserted in all matched files."
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DavidKorczynski DavidKorczynski DavidKorczynski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DonggeLiu @DavidKorczynski