[OMPT-svn-commit] OpenMPT r21159 - trunk/OpenMPT/contrib/fuzzing

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Author: sagamusix
Date: Sun Jul 14 13:54:32 2024
New Revision: 21159
URL: https://source.openmpt.org/browse/openmpt/?op=revision&rev=21159

Log:
[Imp] Various improvements to fuzzing configuration (https://github.com/OpenMPT/openmpt/pull/21).

Patch-by: vanhauser-thc <vh...@th...>

Added:
   trunk/OpenMPT/contrib/fuzzing/fuzz-secondary3.sh   (contents, props changed)
Modified:
   trunk/OpenMPT/contrib/fuzzing/build.sh
   trunk/OpenMPT/contrib/fuzzing/fuzz-main.sh
   trunk/OpenMPT/contrib/fuzzing/fuzz-secondary1.sh
   trunk/OpenMPT/contrib/fuzzing/fuzz-secondary2.sh
   trunk/OpenMPT/contrib/fuzzing/fuzz-settings.sh
   trunk/OpenMPT/contrib/fuzzing/readme.md

Modified: trunk/OpenMPT/contrib/fuzzing/build.sh
==============================================================================

--- trunk/OpenMPT/contrib/fuzzing/build.sh	Sun Jul 14 01:44:35 2024	(r21158)
+++ trunk/OpenMPT/contrib/fuzzing/build.sh	Sun Jul 14 13:54:32 2024	(r21159)
@@ -1,4 +1,4 @@
 #!/usr/bin/env bash
 cd "${0%/*}"
 cd ../..
-AFL_USE_ASAN=1 CONFIG=afl make clean all EXAMPLES=0 TEST=0 OPENMPT123=0 NO_VORBIS=1 NO_VORBISFILE=1 NO_MPG123=1 CHECKED_ADDRESS=1
+AFL_LLVM_CMPLOG=1 AFL_USE_ASAN=1 CONFIG=afl make clean all EXAMPLES=0 TEST=0 OPENMPT123=0 NO_VORBIS=1 NO_VORBISFILE=1 NO_MPG123=1 CHECKED_ADDRESS=1

Modified: trunk/OpenMPT/contrib/fuzzing/fuzz-main.sh
==============================================================================
--- trunk/OpenMPT/contrib/fuzzing/fuzz-main.sh	Sun Jul 14 01:44:35 2024	(r21158)
+++ trunk/OpenMPT/contrib/fuzzing/fuzz-main.sh	Sun Jul 14 13:54:32 2024	(r21159)
@@ -9,5 +9,4 @@
 mkdir $FUZZING_TEMPDIR/bin
 cp -d ../../bin/* $FUZZING_TEMPDIR/bin/
 
-#export AFL_PRELOAD=$AFL_DIR/libdislocator.so
-LD_LIBRARY_PATH=$FUZZING_TEMPDIR/bin $AFL_DIR/afl-fuzz -p explore -x all_formats.dict -t $FUZZING_TIMEOUT $FUZZING_INPUT -o $FUZZING_FINDINGS_DIR -D -M fuzzer01 $FUZZING_TEMPDIR/bin/fuzz
+LD_LIBRARY_PATH=$FUZZING_TEMPDIR/bin $FUZZING_AFL_DIR/afl-fuzz -x all_formats.dict -t $FUZZING_TIMEOUT $FUZZING_INPUT -o $FUZZING_FINDINGS_DIR -M fuzzer01 $FUZZING_TEMPDIR/bin/fuzz

Modified: trunk/OpenMPT/contrib/fuzzing/fuzz-secondary1.sh
==============================================================================
--- trunk/OpenMPT/contrib/fuzzing/fuzz-secondary1.sh	Sun Jul 14 01:44:35 2024	(r21158)
+++ trunk/OpenMPT/contrib/fuzzing/fuzz-secondary1.sh	Sun Jul 14 13:54:32 2024	(r21159)
@@ -2,5 +2,4 @@
 cd "${0%/*}"
 . ./fuzz-settings.sh
 
-#export AFL_PRELOAD=$AFL_DIR/libdislocator.so
-LD_LIBRARY_PATH=$FUZZING_TEMPDIR/bin $AFL_DIR/afl-fuzz -p coe -x all_formats.dict -t $FUZZING_TIMEOUT $FUZZING_INPUT -o $FUZZING_FINDINGS_DIR -S fuzzer02 $FUZZING_TEMPDIR/bin/fuzz
+LD_LIBRARY_PATH=$FUZZING_TEMPDIR/bin $FUZZING_AFL_DIR/afl-fuzz -c0 -l2 -x all_formats.dict -t $FUZZING_TIMEOUT $FUZZING_INPUT -o $FUZZING_FINDINGS_DIR -S fuzzer02 $FUZZING_TEMPDIR/bin/fuzz

Modified: trunk/OpenMPT/contrib/fuzzing/fuzz-secondary2.sh
==============================================================================
--- trunk/OpenMPT/contrib/fuzzing/fuzz-secondary2.sh	Sun Jul 14 01:44:35 2024	(r21158)
+++ trunk/OpenMPT/contrib/fuzzing/fuzz-secondary2.sh	Sun Jul 14 13:54:32 2024	(r21159)
@@ -2,5 +2,4 @@
 cd "${0%/*}"
 . ./fuzz-settings.sh
 
-#export AFL_PRELOAD=$AFL_DIR/libdislocator.so
-LD_LIBRARY_PATH=$FUZZING_TEMPDIR/bin $AFL_DIR/afl-fuzz -p exploit -x all_formats.dict -t $FUZZING_TIMEOUT $FUZZING_INPUT -o $FUZZING_FINDINGS_DIR -S fuzzer03 $FUZZING_TEMPDIR/bin/fuzz
+LD_LIBRARY_PATH=$FUZZING_TEMPDIR/bin $FUZZING_AFL_DIR/afl-fuzz -p fast -x all_formats.dict -t $FUZZING_TIMEOUT $FUZZING_INPUT -o $FUZZING_FINDINGS_DIR -S fuzzer03 $FUZZING_TEMPDIR/bin/fuzz

Added: trunk/OpenMPT/contrib/fuzzing/fuzz-secondary3.sh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/OpenMPT/contrib/fuzzing/fuzz-secondary3.sh	Sun Jul 14 13:54:32 2024	(r21159)
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+cd "${0%/*}"
+. ./fuzz-settings.sh
+
+unset AFL_DISABLE_TRIM
+LD_LIBRARY_PATH=$FUZZING_TEMPDIR/bin $FUZZING_AFL_DIR/afl-fuzz -p exploit -P 300 -a binary -x all_formats.dict -t $FUZZING_TIMEOUT $FUZZING_INPUT -o $FUZZING_FINDINGS_DIR -S fuzzer04 $FUZZING_TEMPDIR/bin/fuzz

Modified: trunk/OpenMPT/contrib/fuzzing/fuzz-settings.sh
==============================================================================
--- trunk/OpenMPT/contrib/fuzzing/fuzz-settings.sh	Sun Jul 14 01:44:35 2024	(r21158)
+++ trunk/OpenMPT/contrib/fuzzing/fuzz-settings.sh	Sun Jul 14 13:54:32 2024	(r21159)
@@ -15,4 +15,13 @@
 # Fuzzer timeout in ms, + = don't abort on timeout
 FUZZING_TIMEOUT=5000+
 # Path to afl-fuzz binary
-AFL_DIR=afl
+FUZZING_AFL_DIR=afl
+
+# AFL specific envs
+AFL_TRY_AFFINITY=1
+AFL_CMPLOG_ONLY_NEW=1
+AFL_NO_WARN_INSTABILITY=1
+AFL_FAST_CAL=1
+AFL_IMPORT_FIRST=1
+AFL_DISABLE_TRIM=1
+AFL_IGNORE_SEED_PROBLEMS=1

Modified: trunk/OpenMPT/contrib/fuzzing/readme.md
==============================================================================
--- trunk/OpenMPT/contrib/fuzzing/readme.md	Sun Jul 14 01:44:35 2024	(r21158)
+++ trunk/OpenMPT/contrib/fuzzing/readme.md	Sun Jul 14 13:54:32 2024	(r21159)
@@ -10,8 +10,8 @@
   module formats to make the life of the fuzzer a bit easier.
 * `fuzz-main.sh`: Script to launch the main fuzzing process. If you want to
   use just one fuzzer instance, run this one.
-* `fuzz-secondary[1|2].sh`: Scripts to launch the secondary fuzzing process. It
-  is recommended to run at least two fuzzer instances, as the deterministic and
+* `fuzz-secondary[1|2|3].sh`: Scripts to launch the secondary fuzzing processes.
+  It is recommended to run at least 2 fuzzer instances, as the deterministic and
   random fuzz mode have been found to complement each other really well. The two
   scripts are set up to use different exploration strategies.
 * `fuzz-settings.sh`: Set up your preferences and afl settings here before the
@@ -43,9 +43,8 @@
   The default setup mounts a tmpfs folder for all temporary files. You may
   change this behaviour if you do not have root privileges.
 * Run `fuzz-main.sh` for the first (deterministic) instance of afl-fuzz.
-* For a "secondary" instance to run on another core, run `fuzz-secondary1.sh`
-  and/or `fuzz-secondary2.sh`.
+* For a "secondary" instance to run on another core, run `fuzz-secondary1.sh`,
+  `fuzz-secondary2.sh` and `fuzz-secondary3.sh`.
 * If you want to make use of even more cores, create more copies of
-  `fuzz-secondary2.sh` and adjust "infile03" / "fuzzer03" to
-  "infile04" / "fuzzer04" and so on (they need to be unique). Try varying the
-  fuzzing strategey (the -p parameter) to get results more quickly.
+  `fuzz-secondary2.sh` and adjust "fuzzer03" to "fuzzer05" and so on (they need to be unique).
+  Try varying the fuzzing strategy (the -p parameter) to get more varied results quickly.




[OMPT-svn-commit] OpenMPT r21159 - trunk/OpenMPT/contrib/fuzzing

A music tracker software for Windows.

[OMPT-svn-commit] OpenMPT r21159 - trunk/OpenMPT/contrib/fuzzing