Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 1 | /* |
| 2 | |
| 3 | honggfuzz - cmdline parsing |
| 4 | |
| 5 | ----------------------------------------- |
| 6 | |
| 7 | Copyright 2014 Google Inc. All Rights Reserved. |
| 8 | |
| 9 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 10 | you may not use this file except in compliance with the License. |
| 11 | You may obtain a copy of the License at |
| 12 | |
| 13 | http://www.apache.org/licenses/LICENSE-2.0 |
| 14 | |
| 15 | Unless required by applicable law or agreed to in writing, software |
| 16 | distributed under the License is distributed on an "AS IS" BASIS, |
| 17 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 18 | See the License for the specific language governing permissions and |
| 19 | limitations under the License. |
| 20 | |
| 21 | */ |
| 22 | |
| 23 | #include "cmdline.h" |
| 24 | |
| 25 | #include <ctype.h> |
| 26 | #include <errno.h> |
| 27 | #include <getopt.h> |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 28 | #include <inttypes.h> |
| 29 | #include <limits.h> |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 30 | #include <stdlib.h> |
| 31 | #include <stdio.h> |
| 32 | #include <string.h> |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 33 | #include <unistd.h> |
| 34 | |
| 35 | #include "common.h" |
| 36 | #include "log.h" |
Anestis Bechtsoudis | be0ac7b | 2015-12-26 15:38:47 +0200 | [diff] [blame] | 37 | #include "files.h" |
Robert Swiecki | 72d2bef | 2016-01-19 14:39:26 +0100 | [diff] [blame] | 38 | #include "util.h" |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 39 | |
| 40 | struct custom_option { |
| 41 | struct option opt; |
| 42 | const char *descr; |
| 43 | }; |
| 44 | |
| 45 | static bool checkFor_FILE_PLACEHOLDER(char **args) |
| 46 | { |
| 47 | for (int x = 0; args[x]; x++) { |
| 48 | if (strstr(args[x], _HF_FILE_PLACEHOLDER)) |
| 49 | return true; |
| 50 | } |
| 51 | return false; |
| 52 | } |
| 53 | |
| 54 | static const char *cmdlineYesNo(bool yes) |
| 55 | { |
| 56 | return (yes ? "true" : "false"); |
| 57 | } |
| 58 | |
| 59 | static void cmdlineHelp(const char *pname, struct custom_option *opts) |
| 60 | { |
| 61 | LOG_HELP_BOLD("Usage: %s [options] -- path_to_command [args]", pname); |
| 62 | LOG_HELP_BOLD("Options:"); |
| 63 | for (int i = 0; opts[i].opt.name; i++) { |
| 64 | if (isprint(opts[i].opt.val)) { |
| 65 | LOG_HELP_BOLD(" --%s%s%c %s", opts[i].opt.name, |
| 66 | "|-", opts[i].opt.val, |
| 67 | opts[i].opt.has_arg == required_argument ? "[val]" : ""); |
| 68 | } else { |
| 69 | LOG_HELP_BOLD(" --%s %s", opts[i].opt.name, |
| 70 | opts[i].opt.has_arg == required_argument ? "[val]" : ""); |
| 71 | } |
| 72 | LOG_HELP("\t%s", opts[i].descr); |
| 73 | } |
Jagger | 3212737 | 2015-10-09 23:07:38 +0200 | [diff] [blame] | 74 | LOG_HELP_BOLD("\nExamples:"); |
| 75 | LOG_HELP(" Run the binary over a mutated file chosen from the directory"); |
| 76 | LOG_HELP_BOLD(" " PROG_NAME " -f input_dir -- /usr/bin/tiffinfo -D " _HF_FILE_PLACEHOLDER); |
| 77 | LOG_HELP(" As above, provide input over STDIN:"); |
Robert Swiecki | 72d2bef | 2016-01-19 14:39:26 +0100 | [diff] [blame] | 78 | LOG_HELP_BOLD(" " PROG_NAME " -f input_dir -s -- /usr/bin/djpeg"); |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 79 | #if defined(_HF_ARCH_LINUX) |
Jagger | 3212737 | 2015-10-09 23:07:38 +0200 | [diff] [blame] | 80 | LOG_HELP(" Run the binary over a dynamic file, maximize total no. of instructions:"); |
Jagger | 72f258b | 2015-10-09 23:09:01 +0200 | [diff] [blame] | 81 | LOG_HELP_BOLD(" " PROG_NAME " --linux_perf_instr -- /usr/bin/tiffinfo -D " |
| 82 | _HF_FILE_PLACEHOLDER); |
Jagger | 3212737 | 2015-10-09 23:07:38 +0200 | [diff] [blame] | 83 | LOG_HELP(" Run the binary over a dynamic file, maximize total no. of branches:"); |
Jagger | 72f258b | 2015-10-09 23:09:01 +0200 | [diff] [blame] | 84 | LOG_HELP_BOLD(" " PROG_NAME " --linux_perf_branch -- /usr/bin/tiffinfo -D " |
| 85 | _HF_FILE_PLACEHOLDER); |
Jagger | 3212737 | 2015-10-09 23:07:38 +0200 | [diff] [blame] | 86 | LOG_HELP(" Run the binary over a dynamic file, maximize unique code blocks (coverage):"); |
| 87 | LOG_HELP_BOLD(" " PROG_NAME " --linux_perf_ip -- /usr/bin/tiffinfo -D " _HF_FILE_PLACEHOLDER); |
| 88 | LOG_HELP(" Run the binary over a dynamic file, maximize unique branches (edges):"); |
Jagger | 72f258b | 2015-10-09 23:09:01 +0200 | [diff] [blame] | 89 | LOG_HELP_BOLD(" " PROG_NAME " --linux_perf_ip_addr -- /usr/bin/tiffinfo -D " |
| 90 | _HF_FILE_PLACEHOLDER); |
Jagger | 3212737 | 2015-10-09 23:07:38 +0200 | [diff] [blame] | 91 | LOG_HELP(" Run the binary over a dynamic file, maximize custom counters (experimental):"); |
Jagger | 72f258b | 2015-10-09 23:09:01 +0200 | [diff] [blame] | 92 | LOG_HELP_BOLD(" " PROG_NAME " --linux_perf_custom -- /usr/bin/tiffinfo -D " |
| 93 | _HF_FILE_PLACEHOLDER); |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 94 | #endif /* defined(_HF_ARCH_LINUX) */ |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 95 | } |
| 96 | |
| 97 | static void cmdlineUsage(const char *pname, struct custom_option *opts) |
| 98 | { |
| 99 | cmdlineHelp(pname, opts); |
| 100 | exit(0); |
| 101 | } |
| 102 | |
| 103 | static bool cmdlineIsANumber(const char *s) |
| 104 | { |
Jagger | 9c4d162 | 2015-10-16 01:40:17 +0200 | [diff] [blame] | 105 | if (!isdigit(s[0])) { |
| 106 | return false; |
| 107 | } |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 108 | for (int i = 0; s[i]; s++) { |
| 109 | if (!isdigit(s[i]) && s[i] != 'x') { |
| 110 | return false; |
| 111 | } |
| 112 | } |
| 113 | return true; |
| 114 | } |
| 115 | |
| 116 | rlim_t cmdlineParseRLimit(int res, const char *optarg, unsigned long mul) |
| 117 | { |
| 118 | struct rlimit cur; |
| 119 | if (getrlimit(res, &cur) == -1) { |
| 120 | PLOG_F("getrlimit(%d)", res); |
| 121 | } |
| 122 | if (strcasecmp(optarg, "max") == 0) { |
| 123 | return cur.rlim_max; |
| 124 | } |
| 125 | if (strcasecmp(optarg, "def") == 0) { |
| 126 | return cur.rlim_cur; |
| 127 | } |
| 128 | if (cmdlineIsANumber(optarg) == false) { |
| 129 | LOG_F("RLIMIT %d needs a numeric or 'max'/'def' value ('%s' provided)", res, optarg); |
| 130 | } |
| 131 | rlim_t val = strtoul(optarg, NULL, 0) * mul; |
Jagger | 2bd61b7 | 2015-10-10 05:23:32 +0200 | [diff] [blame] | 132 | if ((unsigned long)val == ULONG_MAX && errno != 0) { |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 133 | PLOG_F("strtoul('%s', 0)", optarg); |
| 134 | } |
| 135 | return val; |
| 136 | } |
| 137 | |
| 138 | bool cmdlineParse(int argc, char *argv[], honggfuzz_t * hfuzz) |
| 139 | { |
| 140 | /* *INDENT-OFF* */ |
| 141 | (*hfuzz) = (honggfuzz_t) { |
| 142 | .cmdline = NULL, |
Robert Swiecki | 72d2bef | 2016-01-19 14:39:26 +0100 | [diff] [blame] | 143 | .cmdline_txt[0] = '\0', |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 144 | .inputFile = NULL, |
| 145 | .nullifyStdio = false, |
| 146 | .useScreen = true, |
| 147 | .fuzzStdin = false, |
Anestis Bechtsoudis | 0cde66f | 2015-10-11 19:37:11 -0700 | [diff] [blame] | 148 | .useVerifier = false, |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 149 | .saveUnique = true, |
| 150 | .fileExtn = "fuzz", |
| 151 | .workDir = ".", |
| 152 | .flipRate = 0.001f, |
| 153 | .externalCommand = NULL, |
| 154 | .dictionaryFile = NULL, |
| 155 | .dictionary = NULL, |
| 156 | .dictionaryCnt = 0, |
| 157 | .blacklistFile = NULL, |
| 158 | .blacklistCnt = 0, |
| 159 | .blacklist = NULL, |
| 160 | .maxFileSz = (1024 * 1024), |
| 161 | .tmOut = 3, |
| 162 | .mutationsMax = 0, |
| 163 | .threadsFinished = 0, |
| 164 | .threadsMax = 2, |
| 165 | .reportFile = NULL, |
| 166 | .asLimit = 0ULL, |
| 167 | .files = NULL, |
| 168 | .fileCnt = 0, |
Anestis Bechtsoudis | 46ea10e | 2015-11-07 18:16:25 +0200 | [diff] [blame] | 169 | .lastCheckedFileIndex = 0, |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 170 | .pid = 0, |
| 171 | .envs = {[0 ... (ARRAYSIZE(hfuzz->envs) - 1)] = NULL,}, |
| 172 | |
| 173 | .timeStart = time(NULL), |
| 174 | .mutationsCnt = 0, |
| 175 | .crashesCnt = 0, |
| 176 | .uniqueCrashesCnt = 0, |
Anestis Bechtsoudis | 79b799e | 2015-11-01 00:02:25 +0200 | [diff] [blame] | 177 | .verifiedCrashesCnt = 0, |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 178 | .blCrashesCnt = 0, |
| 179 | .timeoutedCnt = 0, |
| 180 | |
| 181 | .dynFileMethod = _HF_DYNFILE_NONE, |
| 182 | .dynamicFileBest = NULL, |
| 183 | .dynamicFileBestSz = 1, |
| 184 | .hwCnts = { |
| 185 | .cpuInstrCnt = 0ULL, |
| 186 | .cpuBranchCnt = 0ULL, |
| 187 | .pcCnt = 0ULL, |
| 188 | .pathCnt = 0ULL, |
| 189 | .customCnt = 0ULL, |
| 190 | }, |
Anestis Bechtsoudis | be0ac7b | 2015-12-26 15:38:47 +0200 | [diff] [blame] | 191 | .sanCovCnts = { |
Anestis Bechtsoudis | 56e360f | 2016-01-11 14:29:17 +0200 | [diff] [blame] | 192 | .hitBBCnt = 0ULL, |
| 193 | .totalBBCnt = 0ULL, |
Anestis Bechtsoudis | a16f70f | 2016-01-03 13:03:21 +0200 | [diff] [blame] | 194 | .dsoCnt = 0ULL, |
| 195 | .iDsoCnt = 0ULL, |
Anestis Bechtsoudis | 56e360f | 2016-01-11 14:29:17 +0200 | [diff] [blame] | 196 | .newBBCnt = 0ULL, |
Anestis Bechtsoudis | a16f70f | 2016-01-03 13:03:21 +0200 | [diff] [blame] | 197 | .crashesCnt = 0ULL, |
Anestis Bechtsoudis | be0ac7b | 2015-12-26 15:38:47 +0200 | [diff] [blame] | 198 | }, |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 199 | .dynamicCutOffAddr = ~(0ULL), |
| 200 | .dynamicFile_mutex = PTHREAD_MUTEX_INITIALIZER, |
| 201 | |
| 202 | .disableRandomization = true, |
| 203 | .msanReportUMRS = false, |
| 204 | .ignoreAddr = NULL, |
Anestis Bechtsoudis | be0ac7b | 2015-12-26 15:38:47 +0200 | [diff] [blame] | 205 | .useSanCov = false, |
Anestis Bechtsoudis | a16f70f | 2016-01-03 13:03:21 +0200 | [diff] [blame] | 206 | .covMetadata = NULL, |
Anestis Bechtsoudis | 1fd10c7 | 2016-01-07 12:38:45 +0200 | [diff] [blame] | 207 | .clearCovMetadata = false, |
Anestis Bechtsoudis | 02b99be | 2015-12-27 11:53:01 +0200 | [diff] [blame] | 208 | .dynFileIterExpire = _HF_MAX_DYNFILE_ITER, |
Anestis Bechtsoudis | a16f70f | 2016-01-03 13:03:21 +0200 | [diff] [blame] | 209 | .sanCov_mutex = PTHREAD_MUTEX_INITIALIZER, |
Anestis Bechtsoudis | ac05480 | 2016-01-07 23:48:06 +0200 | [diff] [blame] | 210 | .workersBlock_mutex = PTHREAD_MUTEX_INITIALIZER, |
Robert Swiecki | 23ec02a | 2016-01-19 18:47:45 +0100 | [diff] [blame^] | 211 | .sanOpts = { |
Anestis Bechtsoudis | 61b5ab1 | 2016-01-08 16:07:02 +0200 | [diff] [blame] | 212 | .asanOpts = NULL, |
| 213 | .msanOpts = NULL, |
| 214 | .ubsanOpts = NULL, |
| 215 | }, |
| 216 | .numMajorFrames = 7, |
Anestis Bechtsoudis | a1f8a03 | 2016-01-14 16:45:30 +0200 | [diff] [blame] | 217 | .isDynFileLocked = false, |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 218 | }; |
| 219 | /* *INDENT-ON* */ |
| 220 | |
| 221 | /* *INDENT-OFF* */ |
| 222 | struct custom_option custom_opts[] = { |
| 223 | {{"help", no_argument, NULL, 'h'}, "Help plz.."}, |
| 224 | {{"input", required_argument, NULL, 'f'}, "Path to the file corpus (file or a directory)"}, |
| 225 | {{"nullify_stdio", no_argument, NULL, 'q'}, "Null-ify children's stdin, stdout, stderr; make them quiet"}, |
| 226 | {{"stdin_input", no_argument, NULL, 's'}, "Provide fuzzing input on STDIN, instead of ___FILE___"}, |
| 227 | {{"save_all", no_argument, NULL, 'u'}, "Save all test-cases (not only the unique ones) by appending the current time-stamp to the filenames"}, |
Robert Swiecki | 03ef531 | 2015-10-09 18:25:40 +0200 | [diff] [blame] | 228 | {{"logfile", required_argument, NULL, 'l'}, "Log file"}, |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 229 | {{"verbose", no_argument, NULL, 'v'}, "Disable ANSI console; use simple log output"}, |
Anestis Bechtsoudis | 4a3c8e8 | 2015-11-07 18:59:14 +0200 | [diff] [blame] | 230 | #if defined(_HF_ARCH_LINUX) || defined(_HF_ARCH_DARWIN) |
Anestis Bechtsoudis | 15744be | 2015-10-31 22:33:31 +0200 | [diff] [blame] | 231 | {{"verifier", no_argument, NULL, 'V'}, "Enable crashes verifier (default: disabled)"}, |
Anestis Bechtsoudis | 0cde66f | 2015-10-11 19:37:11 -0700 | [diff] [blame] | 232 | #endif |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 233 | {{"debug_level", required_argument, NULL, 'd'}, "Debug level (0 - FATAL ... 4 - DEBUG), (default: '3' [INFO])"}, |
| 234 | {{"extension", required_argument, NULL, 'e'}, "Input file extension (e.g. 'swf'), (default: 'fuzz')"}, |
| 235 | {{"wokspace", required_argument, NULL, 'W'}, "Workspace directory to save crashes & runtime files (default: '.')"}, |
| 236 | {{"flip_rate", required_argument, NULL, 'r'}, "Maximal flip rate, (default: '0.001')"}, |
| 237 | {{"wordlist", required_argument, NULL, 'w'}, "Wordlist file (tokens delimited by NUL-bytes)"}, |
| 238 | {{"stackhash_bl", required_argument, NULL, 'B'}, "Stackhashes blacklist file (one entry per line)"}, |
| 239 | {{"mutate_cmd", required_argument, NULL, 'c'}, "External command modifying the input corpus of files, instead of -r/-m parameters"}, |
| 240 | {{"timeout", required_argument, NULL, 't'}, "Timeout in seconds (default: '3')"}, |
| 241 | {{"threads", required_argument, NULL, 'n'}, "Number of concurrent fuzzing threads (default: '2')"}, |
| 242 | {{"iterations", required_argument, NULL, 'N'}, "Number of fuzzing iterations (default: '0' [no limit])"}, |
Robert Swiecki | 03ef531 | 2015-10-09 18:25:40 +0200 | [diff] [blame] | 243 | {{"rlimit_as", required_argument, NULL, 0x100}, "Per process memory limit in MiB (default: '0' [no limit])"}, |
dyjakan | ebfd24e | 2015-10-16 19:24:32 +0100 | [diff] [blame] | 244 | {{"report", required_argument, NULL, 'R'}, "Write report to this file (default: '" _HF_REPORT_FILE "')"}, |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 245 | {{"max_file_size", required_argument, NULL, 'F'}, "Maximal size of files processed by the fuzzer in bytes (default: '1048576')"}, |
| 246 | {{"env", required_argument, NULL, 'E'}, "Pass this environment variable, can be used multiple times"}, |
| 247 | |
| 248 | #if defined(_HF_ARCH_LINUX) |
Anestis Bechtsoudis | 5532934 | 2015-12-26 18:08:24 +0200 | [diff] [blame] | 249 | {{"sancov", no_argument, NULL, 'C'}, "EXPERIMENTAL: Enable sanitizer coverage feedback (default: disabled)"}, |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 250 | {{"linux_pid", required_argument, NULL, 'p'}, "[Linux] Attach to a pid (and its thread group)"}, |
| 251 | {{"linux_addr_low_limit", required_argument, NULL, 0x500}, "Address limit (from si.si_addr) below which crashes are not reported, (default: '0')"}, |
| 252 | {{"linux_keep_aslr", no_argument, NULL, 0x501}, "Don't disable ASLR randomization, might be useful with MSAN"}, |
| 253 | {{"linux_report_msan_umrs", no_argument, NULL, 0x502}, "Report MSAN's UMRS (uninitialized memory access)"}, |
Jagger | ae6a445 | 2015-10-14 17:34:43 +0200 | [diff] [blame] | 254 | {{"linux_perf_ignore_above", required_argument, NULL, 0x503}, "Ignore perf events which report IPs above this address"}, |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 255 | {{"linux_perf_instr", no_argument, NULL, 0x510}, "Use PERF_COUNT_HW_INSTRUCTIONS perf"}, |
| 256 | {{"linux_perf_branch", no_argument, NULL, 0x511}, "Use PERF_COUNT_HW_BRANCH_INSTRUCTIONS perf"}, |
| 257 | {{"linux_perf_ip", no_argument, NULL, 0x512}, "Use PERF_SAMPLE_IP perf (newer Intel CPUs only)"}, |
| 258 | {{"linux_perf_ip_addr", no_argument, NULL, 0x513}, "Use PERF_SAMPLE_IP/PERF_SAMPLE_ADDR perf (newer Intel CPUs only)"}, |
| 259 | {{"linux_perf_custom", no_argument, NULL, 0x514}, "Custom counter (see the interceptor/ directory for examples)"}, |
| 260 | #endif // defined(_HF_ARCH_LINUX) |
| 261 | {{0, 0, 0, 0}, NULL}, |
| 262 | }; |
| 263 | /* *INDENT-ON* */ |
| 264 | |
| 265 | struct option opts[ARRAYSIZE(custom_opts)]; |
| 266 | for (unsigned i = 0; i < ARRAYSIZE(custom_opts); i++) { |
| 267 | opts[i] = custom_opts[i].opt; |
| 268 | } |
| 269 | |
| 270 | enum llevel_t ll = INFO; |
| 271 | const char *logfile = NULL; |
| 272 | int opt_index = 0; |
| 273 | for (;;) { |
Anestis Bechtsoudis | be0ac7b | 2015-12-26 15:38:47 +0200 | [diff] [blame] | 274 | int c = getopt_long(argc, argv, "-?hqvVsuf:d:e:W:r:c:F:t:R:n:N:l:p:g:E:w:B:C", opts, |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 275 | &opt_index); |
| 276 | if (c < 0) |
| 277 | break; |
| 278 | |
| 279 | switch (c) { |
| 280 | case 'h': |
| 281 | case '?': |
| 282 | cmdlineUsage(argv[0], custom_opts); |
| 283 | break; |
| 284 | case 'f': |
| 285 | hfuzz->inputFile = optarg; |
| 286 | break; |
| 287 | case 'q': |
| 288 | hfuzz->nullifyStdio = true; |
| 289 | break; |
| 290 | case 'v': |
| 291 | hfuzz->useScreen = false; |
| 292 | break; |
Anestis Bechtsoudis | 0cde66f | 2015-10-11 19:37:11 -0700 | [diff] [blame] | 293 | case 'V': |
| 294 | hfuzz->useVerifier = true; |
| 295 | break; |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 296 | case 's': |
| 297 | hfuzz->fuzzStdin = true; |
| 298 | break; |
| 299 | case 'u': |
| 300 | hfuzz->saveUnique = false; |
| 301 | break; |
Robert Swiecki | 03ef531 | 2015-10-09 18:25:40 +0200 | [diff] [blame] | 302 | case 'l': |
| 303 | logfile = optarg; |
| 304 | break; |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 305 | case 'd': |
| 306 | ll = atoi(optarg); |
| 307 | break; |
| 308 | case 'e': |
| 309 | hfuzz->fileExtn = optarg; |
| 310 | break; |
| 311 | case 'W': |
| 312 | hfuzz->workDir = optarg; |
| 313 | break; |
| 314 | case 'r': |
| 315 | hfuzz->flipRate = strtod(optarg, NULL); |
| 316 | break; |
| 317 | case 'c': |
| 318 | hfuzz->externalCommand = optarg; |
| 319 | break; |
Anestis Bechtsoudis | be0ac7b | 2015-12-26 15:38:47 +0200 | [diff] [blame] | 320 | case 'C': |
| 321 | hfuzz->useSanCov = true; |
| 322 | break; |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 323 | case 'F': |
| 324 | hfuzz->maxFileSz = strtoul(optarg, NULL, 0); |
| 325 | break; |
| 326 | case 't': |
| 327 | hfuzz->tmOut = atol(optarg); |
| 328 | break; |
| 329 | case 'R': |
| 330 | hfuzz->reportFile = optarg; |
| 331 | break; |
| 332 | case 'n': |
| 333 | hfuzz->threadsMax = atol(optarg); |
| 334 | break; |
| 335 | case 'N': |
| 336 | hfuzz->mutationsMax = atol(optarg); |
| 337 | break; |
Robert Swiecki | 03ef531 | 2015-10-09 18:25:40 +0200 | [diff] [blame] | 338 | case 0x100: |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 339 | hfuzz->asLimit = strtoull(optarg, NULL, 0); |
| 340 | break; |
| 341 | case 'p': |
Jagger | 9c4d162 | 2015-10-16 01:40:17 +0200 | [diff] [blame] | 342 | if (cmdlineIsANumber(optarg) == false) { |
| 343 | LOG_E("-p '%s' is not a number", optarg); |
| 344 | return false; |
| 345 | } |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 346 | hfuzz->pid = atoi(optarg); |
Jagger | 9c4d162 | 2015-10-16 01:40:17 +0200 | [diff] [blame] | 347 | if (hfuzz->pid < 1) { |
| 348 | LOG_E("-p '%d' is invalid", hfuzz->pid); |
| 349 | return false; |
| 350 | } |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 351 | break; |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 352 | case 'E': |
| 353 | for (size_t i = 0; i < ARRAYSIZE(hfuzz->envs); i++) { |
| 354 | if (hfuzz->envs[i] == NULL) { |
| 355 | hfuzz->envs[i] = optarg; |
| 356 | break; |
| 357 | } |
| 358 | } |
| 359 | break; |
| 360 | case 'w': |
| 361 | hfuzz->dictionaryFile = optarg; |
| 362 | break; |
| 363 | case 'B': |
| 364 | hfuzz->blacklistFile = optarg; |
| 365 | break; |
| 366 | case 0x500: |
| 367 | hfuzz->ignoreAddr = (void *)strtoul(optarg, NULL, 0); |
| 368 | break; |
| 369 | case 0x501: |
| 370 | hfuzz->disableRandomization = false; |
| 371 | break; |
| 372 | case 0x502: |
| 373 | hfuzz->msanReportUMRS = true; |
| 374 | break; |
| 375 | case 0x503: |
Jagger | 0b21ebb | 2015-10-14 17:39:15 +0200 | [diff] [blame] | 376 | hfuzz->dynamicCutOffAddr = strtoull(optarg, NULL, 0); |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 377 | break; |
| 378 | case 0x510: |
| 379 | hfuzz->dynFileMethod |= _HF_DYNFILE_INSTR_COUNT; |
| 380 | break; |
| 381 | case 0x511: |
| 382 | hfuzz->dynFileMethod |= _HF_DYNFILE_BRANCH_COUNT; |
| 383 | break; |
| 384 | case 0x512: |
| 385 | hfuzz->dynFileMethod |= _HF_DYNFILE_UNIQUE_BLOCK_COUNT; |
| 386 | break; |
| 387 | case 0x513: |
| 388 | hfuzz->dynFileMethod |= _HF_DYNFILE_UNIQUE_EDGE_COUNT; |
| 389 | break; |
| 390 | case 0x514: |
| 391 | hfuzz->dynFileMethod |= _HF_DYNFILE_CUSTOM; |
| 392 | break; |
| 393 | default: |
| 394 | cmdlineUsage(argv[0], custom_opts); |
| 395 | return false; |
| 396 | break; |
| 397 | } |
| 398 | } |
Jagger | 72f258b | 2015-10-09 23:09:01 +0200 | [diff] [blame] | 399 | |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 400 | if (logInitLogFile(logfile, ll) == false) { |
| 401 | return false; |
| 402 | } |
| 403 | |
| 404 | hfuzz->cmdline = &argv[optind]; |
| 405 | if (hfuzz->cmdline[0] == NULL) { |
| 406 | LOG_E("No fuzz command provided"); |
| 407 | cmdlineUsage(argv[0], custom_opts); |
| 408 | return false; |
| 409 | } |
| 410 | |
| 411 | if (hfuzz->dynamicFileBestSz > hfuzz->maxFileSz) { |
| 412 | LOG_E("Initial dynamic file size cannot be larger than maximum file size (%zu > %zu)", |
| 413 | hfuzz->dynamicFileBestSz, hfuzz->maxFileSz); |
| 414 | return false; |
| 415 | } |
| 416 | |
| 417 | if ((hfuzz->dynamicFileBest = malloc(hfuzz->maxFileSz)) == NULL) { |
| 418 | LOG_E("malloc(%zu) failed", hfuzz->maxFileSz); |
| 419 | return false; |
| 420 | } |
| 421 | |
| 422 | if (!hfuzz->fuzzStdin && !checkFor_FILE_PLACEHOLDER(hfuzz->cmdline)) { |
| 423 | LOG_E("You must specify '" _HF_FILE_PLACEHOLDER |
| 424 | "' when the -s (stdin fuzzing) option is not set"); |
| 425 | return false; |
| 426 | } |
| 427 | |
Anestis Bechtsoudis | be0ac7b | 2015-12-26 15:38:47 +0200 | [diff] [blame] | 428 | if (hfuzz->dynFileMethod != _HF_DYNFILE_NONE && hfuzz->useSanCov) { |
| 429 | LOG_E("You cannot enable sanitizer coverage & perf feedback at the same time"); |
| 430 | return false; |
| 431 | } |
| 432 | |
Anestis Bechtsoudis | bd65054 | 2015-12-26 18:10:32 +0200 | [diff] [blame] | 433 | /* Sanity checks for timeout. Optimal ranges highly depend on target */ |
| 434 | if (hfuzz->useSanCov && hfuzz->tmOut < 15) { |
Anestis Bechtsoudis | ebea845 | 2015-12-26 18:05:40 +0200 | [diff] [blame] | 435 | LOG_E("Timeout value (%ld) too small for sanitizer coverage feedback", hfuzz->tmOut); |
| 436 | return false; |
| 437 | } |
| 438 | |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 439 | if (strchr(hfuzz->fileExtn, '/')) { |
| 440 | LOG_E("The file extension contains the '/' character: '%s'", hfuzz->fileExtn); |
| 441 | return false; |
| 442 | } |
Anestis Bechtsoudis | be0ac7b | 2015-12-26 15:38:47 +0200 | [diff] [blame] | 443 | |
Anestis Bechtsoudis | 8f4aa61 | 2015-12-27 12:06:19 +0200 | [diff] [blame] | 444 | if (hfuzz->workDir[0] != '.' || strlen(hfuzz->workDir) > 2) { |
Anestis Bechtsoudis | c8e7f6e | 2015-12-26 14:48:48 +0200 | [diff] [blame] | 445 | if (!files_exists(hfuzz->workDir)) { |
| 446 | LOG_E("Provided workspace directory '%s' doesn't exist", hfuzz->workDir); |
| 447 | return false; |
| 448 | } |
| 449 | } |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 450 | |
| 451 | if (hfuzz->pid > 0) { |
| 452 | LOG_I("PID=%d specified, lowering maximum number of concurrent threads to 1", hfuzz->pid); |
| 453 | hfuzz->threadsMax = 1; |
| 454 | } |
| 455 | |
Anestis Bechtsoudis | 46ea10e | 2015-11-07 18:16:25 +0200 | [diff] [blame] | 456 | if (hfuzz->flipRate == 0.0L && hfuzz->useVerifier) { |
Anestis Bechtsoudis | c8e7f6e | 2015-12-26 14:48:48 +0200 | [diff] [blame] | 457 | LOG_I("Verifier enabled with 0.0 flipRate, activating dry run mode"); |
Anestis Bechtsoudis | 46ea10e | 2015-11-07 18:16:25 +0200 | [diff] [blame] | 458 | } |
| 459 | |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 460 | LOG_I("inputFile '%s', nullifyStdio: %s, fuzzStdin: %s, saveUnique: %s, flipRate: %lf, " |
Anestis Bechtsoudis | c947332 | 2015-10-09 12:59:17 -0700 | [diff] [blame] | 461 | "externalCommand: '%s', tmOut: %ld, mutationsMax: %zu, threadsMax: %zu, fileExtn '%s', ignoreAddr: %p, " |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 462 | "memoryLimit: 0x%" PRIx64 "(MiB), fuzzExe: '%s', fuzzedPid: %d", |
| 463 | hfuzz->inputFile, |
| 464 | cmdlineYesNo(hfuzz->nullifyStdio), cmdlineYesNo(hfuzz->fuzzStdin), |
| 465 | cmdlineYesNo(hfuzz->saveUnique), hfuzz->flipRate, |
| 466 | hfuzz->externalCommand == NULL ? "NULL" : hfuzz->externalCommand, hfuzz->tmOut, |
| 467 | hfuzz->mutationsMax, hfuzz->threadsMax, hfuzz->fileExtn, hfuzz->ignoreAddr, |
| 468 | hfuzz->asLimit, hfuzz->cmdline[0], hfuzz->pid); |
| 469 | |
Robert Swiecki | 2aaa52b | 2016-01-19 14:40:47 +0100 | [diff] [blame] | 470 | snprintf(hfuzz->cmdline_txt, sizeof(hfuzz->cmdline_txt), "%s", hfuzz->cmdline[0]); |
Robert Swiecki | 72d2bef | 2016-01-19 14:39:26 +0100 | [diff] [blame] | 471 | for (size_t i = 1; hfuzz->cmdline[i]; i++) { |
| 472 | util_ssnprintf(hfuzz->cmdline_txt, sizeof(hfuzz->cmdline_txt), " %s", hfuzz->cmdline[i]); |
| 473 | } |
| 474 | |
Robert Swiecki | a88f96f | 2015-10-09 16:47:39 +0200 | [diff] [blame] | 475 | return true; |
| 476 | } |