Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(221)

Unified Diff: third_party/afl/src/experimental/crash_triage/triage_crashes.sh

Issue 2075883002: Add American Fuzzy Lop (afl) to third_party/afl/ (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix nits Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/afl/src/experimental/crash_triage/triage_crashes.sh
diff --git a/third_party/afl/src/experimental/crash_triage/triage_crashes.sh b/third_party/afl/src/experimental/crash_triage/triage_crashes.sh
new file mode 100755
index 0000000000000000000000000000000000000000..9dddefdd0955bd26b926a81697eaa80b389a85ce
--- /dev/null
+++ b/third_party/afl/src/experimental/crash_triage/triage_crashes.sh
@@ -0,0 +1,89 @@
+#!/bin/sh
+#
+# american fuzzy lop - crash triage utility
+# -----------------------------------------
+#
+# Written and maintained by Michal Zalewski <lcamtuf@google.com>
+#
+# Copyright 2013, 2014 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Note that this assumes that the targeted application reads from stdin
+# and requires no other cmdline parameters. Modify as needed if this is
+# not the case.
+#
+# Note that on OpenBSD, you may need to install a newer version of gdb
+# (e.g., from ports). You can set GDB=/some/path to point to it if
+# necessary.
+#
+
+echo "crash triage utility for afl-fuzz by <lcamtuf@google.com>"
+echo
+
+ulimit -v 100000 2>/dev/null
+ulimit -d 100000 2>/dev/null
+
+if [ ! "$#" = "2" ]; then
+ echo "Usage: $0 /path/to/afl_output_dir /path/to/tested_binary" 1>&2
+ echo 1>&2
+ echo "Note: the tested binary must accept input on stdin and require no additional" 1>&2
+ echo "parameters. For more complex use cases, you need to edit this script." 1>&2
+ echo 1>&2
+ exit 1
+fi
+
+DIR="$1"
+BIN="$2"
+
+echo "$DIR" | grep -qE '^(/var)?/tmp/'
+T1="$?"
+
+echo "$BIN" | grep -qE '^(/var)?/tmp/'
+T2="$?"
+
+if [ "$T1" = "0" -o "$T2" = "0" ]; then
+ echo "[-] Error: do not use shared /tmp or /var/tmp directories with this script." 1>&2
+ exit 1
+fi
+
+if [ "$GDB" = "" ]; then
+ GDB=gdb
+fi
+
+if [ ! -f "$BIN" -o ! -x "$BIN" ]; then
+ echo "[-] Error: binary '$2' not found or is not executable." 1>&2
+ exit 1
+fi
+
+if [ ! -d "$DIR/queue" ]; then
+ echo "[-] Error: directory '$1' not found or not created by afl-fuzz." 1>&2
+ exit 1
+fi
+
+CCOUNT=$((`ls -- "$DIR/crashes" 2>/dev/null | wc -l`))
+
+if [ "$CCOUNT" = "0" ]; then
+ echo "No crashes recorded in the target directory - nothing to be done."
+ exit 0
+fi
+
+echo
+
+for crash in $DIR/crashes/id:*; do
+
+ id=`basename -- "$crash" | cut -d, -f1 | cut -d: -f2`
+ sig=`basename -- "$crash" | cut -d, -f2 | cut -d: -f2`
+
+ echo "+++ ID $id, SIGNAL $sig +++"
+ echo
+
+ $GDB --batch -q --ex "r <$crash" --ex 'back' --ex 'disass $pc, $pc+16' --ex 'info reg' --ex 'quit' "$BIN" 0</dev/null
+ echo
+
+done
+

Powered by Google App Engine
This is Rietveld 408576698