Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(298)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/afl/src/experimental/crash_triage/triage_crashes.sh

Issue 2075883002: Add American Fuzzy Lop (afl) to third_party/afl/ (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix nits Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/afl/src/experimental/clang_asm_normalize/as ('k') | third_party/afl/src/experimental/distributed_fuzzing/sync_script.sh » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 #!/bin/sh
2 #
3 # american fuzzy lop - crash triage utility
4 # -----------------------------------------
5 #
6 # Written and maintained by Michal Zalewski <lcamtuf@google.com>
7 #
8 # Copyright 2013, 2014 Google Inc. All rights reserved.
9 #
10 # Licensed under the Apache License, Version 2.0 (the "License");
11 # you may not use this file except in compliance with the License.
12 # You may obtain a copy of the License at:
13 #
14 # http://www.apache.org/licenses/LICENSE-2.0
15 #
16 # Note that this assumes that the targeted application reads from stdin
17 # and requires no other cmdline parameters. Modify as needed if this is
18 # not the case.
19 #
20 # Note that on OpenBSD, you may need to install a newer version of gdb
21 # (e.g., from ports). You can set GDB=/some/path to point to it if
22 # necessary.
23 #
24
25 echo "crash triage utility for afl-fuzz by <lcamtuf@google.com>"
26 echo
27
28 ulimit -v 100000 2>/dev/null
29 ulimit -d 100000 2>/dev/null
30
31 if [ ! "$#" = "2" ]; then
32 echo "Usage: $0 /path/to/afl_output_dir /path/to/tested_binary" 1>&2
33 echo 1>&2
34 echo "Note: the tested binary must accept input on stdin and require no additi onal" 1>&2
35 echo "parameters. For more complex use cases, you need to edit this script." 1 >&2
36 echo 1>&2
37 exit 1
38 fi
39
40 DIR="$1"
41 BIN="$2"
42
43 echo "$DIR" | grep -qE '^(/var)?/tmp/'
44 T1="$?"
45
46 echo "$BIN" | grep -qE '^(/var)?/tmp/'
47 T2="$?"
48
49 if [ "$T1" = "0" -o "$T2" = "0" ]; then
50 echo "[-] Error: do not use shared /tmp or /var/tmp directories with this scri pt." 1>&2
51 exit 1
52 fi
53
54 if [ "$GDB" = "" ]; then
55 GDB=gdb
56 fi
57
58 if [ ! -f "$BIN" -o ! -x "$BIN" ]; then
59 echo "[-] Error: binary '$2' not found or is not executable." 1>&2
60 exit 1
61 fi
62
63 if [ ! -d "$DIR/queue" ]; then
64 echo "[-] Error: directory '$1' not found or not created by afl-fuzz." 1>&2
65 exit 1
66 fi
67
68 CCOUNT=$((`ls -- "$DIR/crashes" 2>/dev/null | wc -l`))
69
70 if [ "$CCOUNT" = "0" ]; then
71 echo "No crashes recorded in the target directory - nothing to be done."
72 exit 0
73 fi
74
75 echo
76
77 for crash in $DIR/crashes/id:*; do
78
79 id=`basename -- "$crash" | cut -d, -f1 | cut -d: -f2`
80 sig=`basename -- "$crash" | cut -d, -f2 | cut -d: -f2`
81
82 echo "+++ ID $id, SIGNAL $sig +++"
83 echo
84
85 $GDB --batch -q --ex "r <$crash" --ex 'back' --ex 'disass $pc, $pc+16' --ex 'i nfo reg' --ex 'quit' "$BIN" 0</dev/null
86 echo
87
88 done
89
OLDNEW
« no previous file with comments | « third_party/afl/src/experimental/clang_asm_normalize/as ('k') | third_party/afl/src/experimental/distributed_fuzzing/sync_script.sh » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698