oss-fuzz

Mark Wielaard mark@klomp.org
Thu Dec 26 22:51:00 GMT 2019


Hi Berkeley,

On Mon, Dec 23, 2019 at 08:06:54AM +0200, Berkeley Churchill wrote:
> Great, thanks for the feedback!
> 
> One of my first tasks will be to support llvm/clang builds.  I've seen some
> prior discussion on what's needed for that, but if you have any extra tips
> I'll take them.  I'll be sure to create a build target for the fuzzers so
> they can be run standalone.

clang is slightly inconvenient because it doesn't implement various
GNU C extensions. We even have a configure check for them now so it is
clear what we require from a C/gnu99 compiler:
https://sourceware.org/git/?p=elfutils.git;a=blob;f=configure.ac;hb=HEAD#l98

In theory when clang support that, everything should just compile.

There have been some attempts to rewrite some source code to get clang
to accept it:
https://sourceware.org/git/?p=elfutils.git&a=search&h=HEAD&st=commit&s=clang

But there is just too much code clang simply doesn't parse.

I don't know how much work there is left to get clang to accept
everything. But Matthias (CCed) said he got somewhat further on irc
once. Maybe he can share his patches.

A simpler approach would be to see if oss-fuzz really needs clang at
all. As far as I know the only thing needed is a compiler supporting
inserting tracing calls into every basic block and/or comparison
operations and linking to some (C++) library that intercepts those. gcc
can do that with -fsanitize-coverage=trace-pc and/or
-fsanitize-coverage=trace-cmp (which I believe is command line
compatible with what clang uses).

Cheers,

Mark

> On Mon, Dec 23, 2019 at 3:12 AM Mark Wielaard <mark@klomp.org> wrote:
> 
> > Hi Berkeley,
> >
> > On Fri, 2019-12-20 at 17:21 +0200, Berkeley Churchill wrote:
> > > Any interest in integrating with oss-fuzz?  It's a google project
> > > that supports open source projects by fuzzing. It allows Google to
> > > find and report bugs, especially security bugs, to the project.
> > > I'm willing to work on writing fuzzers and performing the integration,
> > > if this would be welcome by the maintainers.   Thoughts?
> >
> > Certainly interested. I have been running afl-fuzz on various utilities
> > and test cases. That has found lots of issues. But it isn't very
> > structured. And it often needs to go through a completely valid ELF
> > file before fuzzing the more interesting data structures inside it.
> >
> > The only request I would have is that if the fuzzer targets are added
> > to elfutils itself then they should also be made to work locally. So
> > someone could also use them with e.g. afl-fuzz or some other fuzzing
> > framework, or simply as extra testcase.
> >
> > Please also see:
> > https://sourceware.org/git/?p=elfutils.git;f=CONTRIBUTING;hb=HEAD
> >
> > Cheers,
> >
> > Mark
> >



More information about the Elfutils-devel mailing list