Added missing test-libfuzzer.sh scripts (#164)

Plus some minor cleanup on existing scripts.
google · Oct 28, 2019 · 045fbc8 · 045fbc8
1 parent f4a0fff
commit 045fbc8
Show file tree

Hide file tree

Showing 19 changed files with 54 additions and 26 deletions.
diff --git a/boringssl-2016-02-12/test-libfuzzer.sh b/boringssl-2016-02-12/test-libfuzzer.sh
@@ -9,8 +9,7 @@
 export ASAN_OPTIONS=detect_leaks=0:quarantine_size_mb=50
 
 set -x
-rm -rf $CORPUS
+rm -rf $CORPUS fuzz-*.log
 mkdir $CORPUS
-rm -f *.log
 [ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -artifact_prefix=$CORPUS/ -use_value_profile=1 -jobs=$JOBS -workers=$JOBS $LIBFUZZER_FLAGS $CORPUS seeds
 grep "AddressSanitizer: heap-use-after-free" fuzz-0.log || exit 1
diff --git a/c-ares-CVE-2016-5180/test-libfuzzer.sh b/c-ares-CVE-2016-5180/test-libfuzzer.sh
@@ -3,5 +3,8 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 . $(dirname $0)/../common.sh
 set -x
+
+rm -f fuzz-*.log
+
 [ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -max_total_time=100 $LIBFUZZER_FLAGS 2>&1 | tee log
 grep -Pzo "(?s)ERROR: AddressSanitizer:.*ares_create_query" log
diff --git a/guetzli-2017-3-30/test-libfuzzer.sh b/guetzli-2017-3-30/test-libfuzzer.sh
@@ -3,9 +3,9 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 . $(dirname $0)/../common.sh
 set -x
-rm -rf $CORPUS
+rm -rf $CORPUS fuzz-*.log
 
-cp -r $SCRIPT_DIR/seeds $CORPUS
+mkdir $CORPUS
 
-[ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -max_len=180 -use_value_profile=1 -close_fd_mask=3 -dict=$SCRIPT_DIR/jpeg.dict -artifact_prefix=$CORPUS/ -jobs=$JOBS -workers=$JOBS $LIBFUZZER_FLAGS $CORPUS
+[ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -max_len=180 -use_value_profile=1 -close_fd_mask=3 -dict=$SCRIPT_DIR/jpeg.dict -artifact_prefix=$CORPUS/ -jobs=$JOBS -workers=$JOBS $LIBFUZZER_FLAGS $CORPUS $SCRIPT_DIR/seeds
 grep "ERROR: libFuzzer: deadly signal" fuzz-0.log || exit 1
diff --git a/harfbuzz-1.3.2/test-libfuzzer.sh b/harfbuzz-1.3.2/test-libfuzzer.sh
@@ -3,7 +3,7 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 . $(dirname $0)/../common.sh
 set -x
-rm -rf $CORPUS
+rm -rf $CORPUS fuzz-*.log
 mkdir $CORPUS
 [ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -artifact_prefix=$CORPUS/ -max_total_time=1800 -jobs=$JOBS -workers=$JOBS $LIBFUZZER_FLAGS $CORPUS seeds
 grep "hb-buffer.cc:419: bool hb_buffer_t::move_to(unsigned int): Assertion `i <= out_len + (len - idx)' failed" fuzz-0.log
diff --git a/lcms-2017-03-21/test-libfuzzer.sh b/lcms-2017-03-21/test-libfuzzer.sh
@@ -3,7 +3,7 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 set -x
 . $(dirname $0)/../common.sh
-rm -rf $CORPUS
+rm -rf $CORPUS fuzz-*.log
 mkdir $CORPUS
 
 [ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -artifact_prefix=$CORPUS/ -jobs=$JOBS -workers=$JOBS $LIBFUZZER_FLAGS $CORPUS $SCRIPT_DIR/seeds

diff --git a/libarchive-2017-01-04/test-libfuzzer.sh b/libarchive-2017-01-04/test-libfuzzer.sh
@@ -4,7 +4,7 @@
 
 set -x
 . $(dirname $0)/../common.sh
-rm -rf $CORPUS
+rm -rf $CORPUS fuzz-*.log
 mkdir $CORPUS
 
 [ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -artifact_prefix=$CORPUS/ -jobs=$JOBS -workers=$JOBS -max_len=1000 $LIBFUZZER_FLAGS $CORPUS $SCRIPT_DIR/seeds

diff --git a/libjpeg-turbo-07-2017/test-libfuzzer.sh b/libjpeg-turbo-07-2017/test-libfuzzer.sh
@@ -3,11 +3,9 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 . $(dirname $0)/../common.sh
 set -x
-rm -rf $CORPUS
+rm -rf $CORPUS fuzz-*.log
 mkdir $CORPUS
 
-rm fuzz-*.log
-
 test_source_location() {
   SRC_LOC="$1"
   echo "test_source_location: $SRC_LOC"

diff --git a/libpng-1.2.56/test-libfuzzer.sh b/libpng-1.2.56/test-libfuzzer.sh
@@ -3,7 +3,7 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 . $(dirname $0)/../common.sh
 set -x
-rm -rf $CORPUS
+rm -rf $CORPUS fuzz-*.log
 mkdir $CORPUS
 
 # seed.png was generated by this command:

diff --git a/libssh-2017-1272/test-libfuzzer.sh b/libssh-2017-1272/test-libfuzzer.sh
@@ -4,11 +4,9 @@
 . $(dirname $0)/../common.sh
 set -x
 
-rm -rf $CORPUS
+rm -rf $CORPUS fuzz-*.log
 mkdir $CORPUS
 
-rm -f *.log
-
 [ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -max_len=60 -artifact_prefix=$CORPUS/ -jobs=$JOBS -workers=$JOBS $LIBFUZZER_FLAGS $CORPUS
 grep "ERROR: LeakSanitizer: detected memory leaks" fuzz-0.log || exit 1
 

diff --git a/libxml2-v2.9.2/test-libfuzzer.sh b/libxml2-v2.9.2/test-libfuzzer.sh
@@ -5,7 +5,7 @@ set -x
 . $(dirname $0)/../common.sh
 
 get_git_revision https://github.com/mcarpenter/afl be3e88d639da5350603f6c0fee06970128504342 afl
-rm -rf $CORPUS
+rm -rf $CORPUS fuzz-*.log
 mkdir $CORPUS
 [ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -artifact_prefix=$CORPUS/ -jobs=$JOBS -dict=afl/dictionaries/xml.dict -workers=$JOBS $CORPUS -max_len=64 $LIBFUZZER_FLAGS
 grep "AddressSanitizer: heap-buffer-overflow\|ERROR: LeakSanitizer: detected memory leaks" fuzz-0.log
diff --git a/llvm-libcxxabi-2017-01-27/test-libfuzzer.sh b/llvm-libcxxabi-2017-01-27/test-libfuzzer.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# Copyright 2016 Google Inc. All Rights Reserved.
+# Licensed under the Apache License, Version 2.0 (the "License");
+set -x
+. $(dirname $0)/../common.sh
+
+rm -rf $CORPUS fuzz-*.log
+mkdir $CORPUS
+[ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -artifact_prefix=$CORPUS/ -jobs=$JOBS -workers=$JOBS $CORPUS $LIBFUZZER_FLAGS
+grep "terminate called after throwing an instance of 'std::out_of_range'" fuzz-0.log || exit 1
diff --git a/openssl-1.0.1f/test-libfuzzer.sh b/openssl-1.0.1f/test-libfuzzer.sh
@@ -4,5 +4,8 @@
 # Find heartbleed.
 . $(dirname $0)/../common.sh
 set -x
+
+rm -f fuzz-*.log
+
 [ -e $EXECUTABLE_NAME_BASE ]  && ./$EXECUTABLE_NAME_BASE -max_total_time=300 -detect_leaks=0 $LIBFUZZER_FLAGS 2>&1 | tee log
 grep -Pzo "(?s)ERROR: AddressSanitizer: heap-buffer-overflow.*READ of size.*#1 0x.* in tls1_process_heartbeat .*ssl/t1_lib.c:2586" log
diff --git a/openssl-1.0.2d/test-libfuzzer.sh b/openssl-1.0.2d/test-libfuzzer.sh
@@ -3,7 +3,7 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 set -x
 . $(dirname $0)/../common.sh
-rm -rf $CORPUS
+rm -rf $CORPUS fuzz-*.log
 mkdir $CORPUS
 [ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -artifact_prefix=$CORPUS/ -max_len=512  -jobs=$JOBS -workers=$JOBS $CORPUS
 grep 'Assertion `strcmp(openssl_results.exptmod, gcrypt_results.exptmod)==0. failed.' fuzz-0.log || exit 1

diff --git a/pcre2-10.00/test-libfuzzer.sh b/pcre2-10.00/test-libfuzzer.sh
@@ -3,7 +3,7 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 . $(dirname $0)/../common.sh
 set -x
-rm -rf $CORPUS
+rm -rf $CORPUS fuzz-*log
 mkdir $CORPUS
 [ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -artifact_prefix=$CORPUS/ -max_total_time=300 -jobs=$JOBS -workers=$JOBS $LIBFUZZER_FLAGS $CORPUS
 grep "ERROR: AddressSanitizer" fuzz-0.log
diff --git a/proj4-2017-08-14/test-libfuzzer.sh b/proj4-2017-08-14/test-libfuzzer.sh
@@ -4,11 +4,9 @@
 
 . $(dirname $0)/../common.sh
 
-rm -rf $CORPUS
+rm -rf $CORPUS fuzz-*.log
 mkdir $CORPUS
 
-rm fuzz-*.log
-
 [ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -artifact_prefix=$CORPUS -jobs=$JOBS -workers=$JOBS $LIBFUZZER_FLAGS $CORPUS seeds
 grep "ERROR: LeakSanitizer" fuzz-0.log || exit 1
 
diff --git a/re2-2014-12-09/test-libfuzzer.sh b/re2-2014-12-09/test-libfuzzer.sh
@@ -3,14 +3,13 @@
 # Licensed under the Apache License, Version 2.0 (the "License");
 . $(dirname $0)/../common.sh
 set -x
-rm -rf $CORPUS
+rm -rf $CORPUS fuzz-*.log
 mkdir $CORPUS
-rm -f *.log
 [ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -artifact_prefix=$CORPUS/ -exit_on_src_pos=re2/dfa.cc:474 -exit_on_src_pos=re2/dfa.cc:474  -runs=10000000 -jobs=$JOBS -workers=$JOBS $LIBFUZZER_FLAGS $CORPUS
 grep "INFO: found line matching 're2/dfa.cc:474', exiting." fuzz-0.log || exit 1
 
 # Also test merging here
-rm -rf $CORPUS-2
+rm -rf $CORPUS-2 fuzz-*.log
 mkdir $CORPUS-2
 [ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE $CORPUS-2 $CORPUS -merge=1 2> log
 grep -v DFA log

diff --git a/sqlite-2016-11-14/test-libfuzzer.sh b/sqlite-2016-11-14/test-libfuzzer.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# Copyright 2017 Google Inc. All Rights Reserved.
+# Licensed under the Apache License, Version 2.0 (the "License");
+. $(dirname $0)/../common.sh
+set -x
+rm -rf $CORPUS fuzz-*.log
+mkdir $CORPUS
+
+[ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -dict=$SCRIPT_DIR/sql.dict -artifact_prefix=$CORPUS/ -jobs=$JOBS -workers=$JOBS $LIBFUZZER_FLAGS $CORPUS
+grep "AddressSanitizer: heap-use-after-free\|LeakSanitizer: detect memory leaks" fuzz-0.log || exit 1
diff --git a/vorbis-2017-12-11/test-libfuzzer.sh b/vorbis-2017-12-11/test-libfuzzer.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# Copyright 2016 Google Inc. All Rights Reserved.
+# Licensed under the Apache License, Version 2.0 (the "License");
+. $(dirname $0)/../common.sh
+set -x
+
+rm -rf $CORPUS fuzz-*.log
+mkdir $CORPUS
+[ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE -use_value_profile=1 -artifact_prefix=$CORPUS/ -jobs=$JOBS -workers=$JOBS $LIBFUZZER_FLAGS $CORPUS $SCRIPT_DIR/seeds
+grep "AddressSanitizer: heap-buffer-overflow\|AddressSanitizer: SEGV on unknown address" fuzz-0.log || exit 1
diff --git a/woff2-2016-05-06/test-libfuzzer.sh b/woff2-2016-05-06/test-libfuzzer.sh
@@ -5,13 +5,13 @@
 set -x
 
 # Find the buffer overflow (or OOM) with a seed corpus.
-rm -rf $CORPUS
+rm -rf $CORPUS fuzz-*.log
 mkdir $CORPUS
 [ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE  -artifact_prefix=$CORPUS/ -max_total_time=1800 -jobs=$JOBS -workers=$JOBS $LIBFUZZER_FLAGS $CORPUS seeds
 grep "AddressSanitizer: heap-buffer-overflow\|ERROR: libFuzzer: out-of-memory" fuzz-0.log  || exit 1
 
 # Find OOM bug with an empty seed corpus.
-rm -rf $CORPUS-1
+rm -rf $CORPUS-1 fuzz-*.log
 mkdir $CORPUS-1
 [ -e $EXECUTABLE_NAME_BASE ] && ./$EXECUTABLE_NAME_BASE  -artifact_prefix=$CORPUS-1/ -max_total_time=600 -jobs=$JOBS -workers=$JOBS $CORPUS-1
 grep "ERROR: libFuzzer: out-of-memory" fuzz-0.log || exit 1