Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / honggfuzz / b59b0bf7ffaa8aee84577d79228c6a71eefe2e62
commitb59b0bf7ffaa8aee84577d79228c6a71eefe2e62[log] [tgz]
authorAnestis Bechtsoudis <anestis@census-labs.com>Sat Apr 29 19:01:09 2017 +0300
committerAnestis Bechtsoudis <anestis@census-labs.com>Sat Apr 29 19:01:09 2017 +0300
treeef8082a5340f7c9b193122ceaace2ee71573eaac
parentb71b17e413551e55a1e19a1e27762671a3657dee [diff]
[hfuzz_cc] Fix linker issue from sym leading underscore

Some compilers might prefix the inline ASM symbols with an underscore thus the
linker will complain later. Issue was spotted on Darwin, but it probably affects
other too.

Explicitly controlling the names appears to resolve the issue across the border,
without requiring any more platform specific preprocessor switches.

Undefined symbols for architecture x86_64:
  "_lhfuzz_end", referenced from:
      _main in hfuzz-clang-cc-837d06.o
  "_lhfuzz_start", referenced from:
      _main in hfuzz-clang-cc-837d06.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [hfuzz_cc/hfuzz-clang-cc] Error 1

Signed-off-by: Anestis Bechtsoudis <anestis@census-labs.com>
1 file changed
tree: ef8082a5340f7c9b193122ceaace2ee71573eaac
  1. android/
  2. docs/
  3. examples/
  4. hfuzz_cc/
  5. libhfuzz/
  6. linux/
  7. mac/
  8. posix/
  9. third_party/
  10. tools/
  11. .gitignore
  12. .gitmodules
  13. arch.h
  14. CHANGELOG
  15. cmdline.c
  16. cmdline.h
  17. common.h
  18. CONTRIBUTING
  19. COPYING
  20. display.c
  21. display.h
  22. files.c
  23. files.h
  24. fuzz.c
  25. fuzz.h
  26. honggfuzz.c
  27. log.c
  28. log.h
  29. Makefile
  30. mangle.c
  31. mangle.h
  32. README.md
  33. report.c
  34. report.h
  35. sancov.c
  36. sancov.h
  37. sanitizers.c
  38. sanitizers.h
  39. subproc.c
  40. subproc.h
  41. util.c
  42. util.h
README.md

honggfuzz

Description

A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See USAGE for details

  • Supports several hardware-based (CPU: branch/instruction counting, Intel BTS, Intel PT) and software-based feedback-driven fuzzing methods
  • It works (at least) under GNU/Linux, FreeBSD, Mac OS X, Windows/CygWin and Android
  • Supports persistent modes of fuzzing (long-lived process calling a fuzzed API repeatedly) with libhfuzz/libhfuzz.a. More on that here
  • Can fuzz remote/standalone long-lasting processes (e.g. network servers like Apache's httpd and ISC's bind)

Code

  • Latest stable version: 0.9, or simply use the master branch
  • Changelog

Requirements

  • Linux - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev)
  • FreeBSD - gmake, clang-3.6 or newer
  • Android - Android SDK/NDK. Also see this detailed doc on how to build and run it
  • Windows - CygWin
  • Darwin/OS X - Xcode 10.8+
  • if Clang/LLVM is used - the BlocksRuntime Library (libblocksruntime-dev)

Trophies

The tool has been used to find a few interesting security problems in major software packages; Examples:

Examples

The examples directory contains code demonstrating (among others) how to use honggfuzz to find bugs in the OpenSSL library and in the Apache web server.

Other

This is NOT an official Google product.