Menu
▾
▴
[OMPT-svn-commit] OpenMPT r20772 - in branches/OpenMPT-1.28: . common contrib/fuzzing
|
From: <sv...@op...> - 2024-05-11 21:02:08
|
Author: sagamusix Date: Sat May 11 23:01:58 2024 New Revision: 20772 URL: https://source.openmpt.org/browse/openmpt/?op=revision&rev=20772 Log: Merged revision(s) 20766-20769 from branches/OpenMPT-1.30: Merged revision(s) 20651 from trunk/OpenMPT: [Var] Fuzzing: AFL_HARDEN and ASan are not compatible in v4.10c. ........ Merged revision(s) 20695-20696 from trunk/OpenMPT: [Imp] Enable host-specific performance optimizations in afl++. ........ [Var] Update fuzzer dictionary. ........ ........ Merged revision(s) 20756 from branches/OpenMPT-1.31: Merged revision(s) 20749-20750, 20755 from trunk/OpenMPT: [Mod] Reduce static variable usage in fuzzer program to eventually allow using __AFL_LOOP. ........ [Imp] mptRandom: Add reinit_global_random() function for fuzzer builds to allow deterministic consecutive fuzzer runs in the same process. ........ [Imp] Speed up fuzzing by using persistent mode and shared memory file input. Note: afl++ will report a stability of about 99.x%. According to its debug output, the unstable edges are in WavesReverb and I3DL2Reverb implementations, however the unstable edges that it finds don't make any sense. As a tiny bit of instability in these parts of the code should not hurt overall code coverage, we trade this for the significant gains in speed that persistent mode gives us. ........ ........ ........ Added: branches/OpenMPT-1.28/contrib/fuzzing/fuzz.cpp - copied unchanged from r20769, branches/OpenMPT-1.30/contrib/fuzzing/fuzz.cpp Deleted: branches/OpenMPT-1.28/contrib/fuzzing/fuzz.c Modified: branches/OpenMPT-1.28/ (props changed) branches/OpenMPT-1.28/Makefile branches/OpenMPT-1.28/common/mptRandom.cpp branches/OpenMPT-1.28/common/mptRandom.h branches/OpenMPT-1.28/contrib/fuzzing/all_formats.dict branches/OpenMPT-1.28/contrib/fuzzing/build.sh branches/OpenMPT-1.28/contrib/fuzzing/get-afl.sh Modified: branches/OpenMPT-1.28/Makefile ============================================================================== --- branches/OpenMPT-1.28/Makefile Sat May 11 23:01:40 2024 (r20771) +++ branches/OpenMPT-1.28/Makefile Sat May 11 23:01:58 2024 (r20772) @@ -1407,10 +1407,10 @@ $(SILENT)$(LINK.cc) $(BIN_LDFLAGS) $(LDFLAGS_RPATH) $(LDFLAGS_LIBOPENMPT) $(LDFLAGS_OPENMPT123) $(OPENMPT123_OBJECTS) $(OBJECTS_LIBOPENMPT) $(LOADLIBES) $(LDLIBS) $(LDLIBS_LIBOPENMPT) $(LDLIBS_OPENMPT123) -o $@ endif -contrib/fuzzing/fuzz.o: contrib/fuzzing/fuzz.c - $(INFO) [CC] $< - $(VERYSILENT)$(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -M -MT$@ $< > $*.d - $(SILENT)$(COMPILE.c) $(OUTPUT_OPTION) $< +contrib/fuzzing/fuzz.o: contrib/fuzzing/fuzz.cpp + $(INFO) [CXX] $< + $(VERYSILENT)$(CXX) $(CXXFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -M -MT$@ $< > $*.d + $(SILENT)$(COMPILE.cc) $(OUTPUT_OPTION) $< bin/fuzz$(EXESUFFIX): contrib/fuzzing/fuzz.o $(OBJECTS_LIBOPENMPT) $(OUTPUT_LIBOPENMPT) $(INFO) [LD] $@ $(SILENT)$(LINK.cc) $(LDFLAGS_LIBOPENMPT) contrib/fuzzing/fuzz.o $(OBJECTS_LIBOPENMPT) $(LOADLIBES) $(LDLIBS) $(LDLIBS_LIBOPENMPT) -o $@ Modified: branches/OpenMPT-1.28/common/mptRandom.cpp ============================================================================== --- branches/OpenMPT-1.28/common/mptRandom.cpp Sat May 11 23:01:40 2024 (r20771) +++ branches/OpenMPT-1.28/common/mptRandom.cpp Sat May 11 23:01:58 2024 (r20772) @@ -322,6 +322,16 @@ return g_global_prng; } +#ifdef MPT_BUILD_FUZZER +void reinit_global_random() +{ + global_prng().~thread_safe_prng<mpt::default_prng>(); + global_random_device().~random_device(); + new(&global_random_device()) mpt::random_device{}; + new(&global_prng()) thread_safe_prng<mpt::default_prng>{global_random_device()}; +} +#endif // MPT_BUILD_FUZZER + #endif // MODPLUG_TRACKER && !MPT_BUILD_WINESUPPORT Modified: branches/OpenMPT-1.28/common/mptRandom.h ============================================================================== --- branches/OpenMPT-1.28/common/mptRandom.h Sat May 11 23:01:40 2024 (r20771) +++ branches/OpenMPT-1.28/common/mptRandom.h Sat May 11 23:01:58 2024 (r20772) @@ -618,6 +618,10 @@ mpt::random_device & global_random_device(); mpt::thread_safe_prng<mpt::default_prng> & global_prng(); +#ifdef MPT_BUILD_FUZZER +void reinit_global_random(); +#endif // MPT_BUILD_FUZZER + #if defined(MODPLUG_TRACKER) && !defined(MPT_BUILD_WINESUPPORT) void set_global_random_device(mpt::random_device *rd); void set_global_prng(mpt::thread_safe_prng<mpt::default_prng> *rng); Modified: branches/OpenMPT-1.28/contrib/fuzzing/all_formats.dict ============================================================================== --- branches/OpenMPT-1.28/contrib/fuzzing/all_formats.dict Sat May 11 23:01:40 2024 (r20771) +++ branches/OpenMPT-1.28/contrib/fuzzing/all_formats.dict Sat May 11 23:01:58 2024 (r20772) @@ -5,7 +5,7 @@ amf="AMF\x0A" ams="Extreme" -ams="AMShdr\x1A\x02\x02" +ams="AMShdr\x1A\x00\x02\x02" #dbm="DBM0" dbm="NAME" @@ -45,7 +45,7 @@ far="\x0D\x0A\x1A" gdm="GDM\xFE" -gdm="GMFS" +gdm="\x0D\x0A\x1AGMFS\x01\x00" imf="IM10" imf="IS10" @@ -198,7 +198,7 @@ psm16="PPAT" ptm="PTMF" -ptm="\x1A\x03\x02" +ptm="\x1A\x03\x02\x00" s3m="SCRM" #s3m="SCRS" Modified: branches/OpenMPT-1.28/contrib/fuzzing/build.sh ============================================================================== --- branches/OpenMPT-1.28/contrib/fuzzing/build.sh Sat May 11 23:01:40 2024 (r20771) +++ branches/OpenMPT-1.28/contrib/fuzzing/build.sh Sat May 11 23:01:58 2024 (r20772) @@ -1,4 +1,4 @@ #!/usr/bin/env bash cd "${0%/*}" cd ../.. -AFL_HARDEN=1 CONFIG=afl make clean all EXAMPLES=0 TEST=0 OPENMPT123=0 NO_VORBIS=1 NO_VORBISFILE=1 NO_MPG123=1 CHECKED_ADDRESS=1 +AFL_USE_ASAN=1 CONFIG=afl make clean all EXAMPLES=0 TEST=0 OPENMPT123=0 NO_VORBIS=1 NO_VORBISFILE=1 NO_MPG123=1 CHECKED_ADDRESS=1 Copied: branches/OpenMPT-1.28/contrib/fuzzing/fuzz.cpp (from r20769, branches/OpenMPT-1.30/contrib/fuzzing/fuzz.cpp) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/OpenMPT-1.28/contrib/fuzzing/fuzz.cpp Sat May 11 23:01:58 2024 (r20772, copy of r20769, branches/OpenMPT-1.30/contrib/fuzzing/fuzz.cpp) @@ -0,0 +1,88 @@ +/* + * fuzz.cpp + * -------- + * Purpose: Tiny libopenmpt user to be used by fuzzing tools + * Notes : (currently none) + * Authors: OpenMPT Devs + * The OpenMPT source code is released under the BSD license. Read LICENSE for more details. + */ + +#include <memory> +#include <cstdint> +#include <cstdlib> + +#include <cerrno> +#include <unistd.h> + +#include <libopenmpt/libopenmpt.h> + +#include "../../common/mptRandom.h" + +#define BUFFERSIZE 450 // shouldn't match OpenMPT's internal mix buffer size (512) +#define SAMPLERATE 22050 + +static int16_t buffer[BUFFERSIZE]; + +static int ErrFunc (int error, void *) +{ + switch (error) + { + case OPENMPT_ERROR_INVALID_ARGUMENT: + case OPENMPT_ERROR_OUT_OF_RANGE: + case OPENMPT_ERROR_LENGTH: + case OPENMPT_ERROR_DOMAIN: + case OPENMPT_ERROR_LOGIC: + case OPENMPT_ERROR_UNDERFLOW: + case OPENMPT_ERROR_OVERFLOW: + case OPENMPT_ERROR_RANGE: + case OPENMPT_ERROR_RUNTIME: + case OPENMPT_ERROR_EXCEPTION: + std::abort(); + default: + return OPENMPT_ERROR_FUNC_RESULT_NONE; + } +} + +__AFL_FUZZ_INIT(); + +int main( int argc, char * argv[] ) { + (void)argc; + (void)argv; + openmpt_module_create_from_memory2( buffer, BUFFERSIZE, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr ); +#ifdef __AFL_HAVE_MANUAL_CONTROL + __AFL_INIT(); +#endif + + unsigned char *fileBuffer = __AFL_FUZZ_TESTCASE_BUF; // must be after __AFL_INIT and before __AFL_LOOP! + + while (__AFL_LOOP(10000)) { + int fileSize = __AFL_FUZZ_TESTCASE_LEN; + OpenMPT::mpt::reinit_global_random(); + openmpt_module * mod = openmpt_module_create_from_memory2( fileBuffer, fileSize, nullptr, nullptr, ErrFunc, nullptr, nullptr, nullptr, nullptr); + if ( mod == NULL ) + return 1; + + // verify API contract: If the file can be loaded, header probing must be successful too. + if ( openmpt_probe_file_header( OPENMPT_PROBE_FILE_HEADER_FLAGS_DEFAULT, fileBuffer, fileSize, fileSize, nullptr, nullptr, ErrFunc, nullptr, nullptr, nullptr ) == OPENMPT_PROBE_FILE_HEADER_RESULT_FAILURE ) + std::abort(); + + openmpt_module_ctl_set( mod, "render.resampler.emulate_amiga", (openmpt_module_get_num_orders( mod ) & 1) ? "0" : "1" ); + // render about a second of the module for fuzzing the actual mix routines + for(int i = 0; i < 50; i++) { + size_t count = openmpt_module_read_mono( mod, SAMPLERATE, BUFFERSIZE, buffer ); + if ( count == 0 ) { + break; + } + } + openmpt_module_set_position_seconds( mod, 1.0 ); + openmpt_module_read_mono( mod, SAMPLERATE, BUFFERSIZE, buffer ); + openmpt_module_set_position_order_row( mod, 3, 16 ); + openmpt_module_read_mono( mod, SAMPLERATE, BUFFERSIZE, buffer ); + + // fuzz string-related stuff + openmpt_free_string ( openmpt_module_get_metadata( mod, "date" ) ); + openmpt_free_string ( openmpt_module_get_metadata( mod, "message" ) ); + openmpt_module_destroy( mod ); + } + return 0; +} Modified: branches/OpenMPT-1.28/contrib/fuzzing/get-afl.sh ============================================================================== --- branches/OpenMPT-1.28/contrib/fuzzing/get-afl.sh Sat May 11 23:01:40 2024 (r20771) +++ branches/OpenMPT-1.28/contrib/fuzzing/get-afl.sh Sat May 11 23:01:58 2024 (r20772) @@ -12,7 +12,7 @@ tar -xzvf $AFL_FILENAME rm $AFL_FILENAME cd AFLplusplus-* -make source-only || exit +make PERFORMANCE=1 source-only || exit cd .. rm -rf afl mv AFLplusplus-* afl \ No newline at end of file |
