Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / honggfuzz / cc6b929d45b8bbfb3e28617ab511a2b23b5aa962 / . / cmdline.c
blob: 38642420f1a696816f025ac2ec361e1a737e1496 [file] [log] [blame]
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]1/*
2
3 honggfuzz - cmdline parsing
4
5 -----------------------------------------
6
7 Copyright 2014 Google Inc. All Rights Reserved.
8
9 Licensed under the Apache License, Version 2.0 (the "License");
10 you may not use this file except in compliance with the License.
11 You may obtain a copy of the License at
12
13 http://www.apache.org/licenses/LICENSE-2.0
14
15 Unless required by applicable law or agreed to in writing, software
16 distributed under the License is distributed on an "AS IS" BASIS,
17 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 See the License for the specific language governing permissions and
19 limitations under the License.
20
21*/
22
23#include "cmdline.h"
24
25#include <ctype.h>
26#include <errno.h>
27#include <getopt.h>
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]28#include <inttypes.h>
29#include <limits.h>
Robert Swiecki846ccd72017-01-12 17:52:23 +0100[diff] [blame]30#if defined(_HF_ARCH_LINUX)
31#include <sched.h>
Robert Swiecki4e595fb2017-10-11 17:26:51 +0200[diff] [blame]32#endif /* defined(_HF_ARCH_LINUX) */
Robert Swiecki846ccd72017-01-12 17:52:23 +0100[diff] [blame]33#include <signal.h>
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]34#include <stdio.h>
Robert Swieckid0fa62c2017-09-28 18:11:05 +0200[diff] [blame]35#include <stdlib.h>
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]36#include <string.h>
Robert Swieckif8292582018-01-10 16:19:18 +0100[diff] [blame]37#include <sys/mman.h>
Robert Swiecki3bfc33c2016-03-14 18:12:41 +0100[diff] [blame]38#include <sys/queue.h>
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]39#include <sys/stat.h>
40#include <sys/types.h>
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]41#include <unistd.h>
42
Robert Swiecki8a1fc672018-01-25 23:22:47 +0100[diff] [blame]43#include "display.h"
Robert Swiecki246af3e2018-01-05 14:56:32 +0100[diff] [blame]44#include "libhfcommon/common.h"
45#include "libhfcommon/files.h"
46#include "libhfcommon/log.h"
47#include "libhfcommon/util.h"
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]48
49struct custom_option {
50 struct option opt;
Robert Swiecki4e595fb2017-10-11 17:26:51 +0200[diff] [blame]51 const char* descr;
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]52};
53
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]54static bool checkFor_FILE_PLACEHOLDER(const char* const* args) {
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]55 for (int x = 0; args[x]; x++) {
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]56 if (strstr(args[x], _HF_FILE_PLACEHOLDER)) return true;
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]57 }
58 return false;
59}
60
Robert Swiecki5cc1f7b2018-01-16 20:55:43 +0100[diff] [blame]61static bool cmdlineCheckBinaryType(honggfuzz_t* hfuzz) {
Robert Swieckif8292582018-01-10 16:19:18 +0100[diff] [blame]62 int fd;
63 off_t fileSz;
Robert Swiecki5cc1f7b2018-01-16 20:55:43 +0100[diff] [blame]64 uint8_t* map = files_mapFile(hfuzz->exe.cmdline[0], &fileSz, &fd, /* isWriteable= */ false);
Robert Swiecki437280c2018-01-14 02:09:03 +0100[diff] [blame]65 if (!map) {
Robert Swiecki76f73e12018-01-24 17:07:21 +0100[diff] [blame]66 /* It's not a critical error */
67 return true;
Robert Swieckif8292582018-01-10 16:19:18 +0100[diff] [blame]68 }
Robert Swiecki437280c2018-01-14 02:09:03 +0100[diff] [blame]69 defer {
70 if (munmap(map, fileSz) == -1) {
71 PLOG_W("munmap(%p, %zu)", map, (size_t)fileSz);
72 }
73 close(fd);
74 };
75
Robert Swieckif8292582018-01-10 16:19:18 +0100[diff] [blame]76 if (memmem(map, fileSz, _HF_PERSISTENT_SIG, strlen(_HF_PERSISTENT_SIG))) {
Robert Swiecki5cc1f7b2018-01-16 20:55:43 +0100[diff] [blame]77 LOG_I("Persistent signature found in '%s'. Enabling persistent fuzzing mode",
78 hfuzz->exe.cmdline[0]);
79 hfuzz->exe.persistent = true;
Robert Swieckif8292582018-01-10 16:19:18 +0100[diff] [blame]80 }
Robert Swiecki5cc1f7b2018-01-16 20:55:43 +0100[diff] [blame]81 if (memmem(map, fileSz, _HF_NETDRIVER_SIG, strlen(_HF_NETDRIVER_SIG))) {
82 LOG_I("NetDriver signature found '%s'", hfuzz->exe.cmdline[0]);
83 hfuzz->exe.netDriver = true;
84 }
85 return true;
Robert Swieckif8292582018-01-10 16:19:18 +0100[diff] [blame]86}
87
Robert Swiecki3ab16642018-01-12 18:08:37 +0100[diff] [blame]88static const char* cmdlineYesNo(bool yes) {
89 return (yes ? "true" : "false");
90}
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]91
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]92static void cmdlineHelp(const char* pname, struct custom_option* opts) {
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]93 LOG_HELP_BOLD("Usage: %s [options] -- path_to_command [args]", pname);
94 LOG_HELP_BOLD("Options:");
95 for (int i = 0; opts[i].opt.name; i++) {
Robert Swieckif3a5f6a2016-03-16 14:47:30 +0100[diff] [blame]96 if (isprint(opts[i].opt.val) && opts[i].opt.val < 0x80) {
Robert Swiecki0b566112017-10-17 17:39:07 +0200[diff] [blame]97 LOG_HELP_BOLD(" --%s%s%c %s", opts[i].opt.name, "|-", opts[i].opt.val,
Robert Swiecki4e595fb2017-10-11 17:26:51 +0200[diff] [blame]98 opts[i].opt.has_arg == required_argument ? "VALUE" : "");
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]99 } else {
100 LOG_HELP_BOLD(" --%s %s", opts[i].opt.name,
Robert Swiecki4e595fb2017-10-11 17:26:51 +0200[diff] [blame]101 opts[i].opt.has_arg == required_argument ? "VALUE" : "");
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]102 }
103 LOG_HELP("\t%s", opts[i].descr);
104 }
Jagger32127372015-10-09 23:07:38 +0200[diff] [blame]105 LOG_HELP_BOLD("\nExamples:");
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]106 LOG_HELP(
Robert Swieckic39819b2018-01-22 16:09:16 +0100[diff] [blame]107 " Run the binary over a mutated file chosen from the directory. Disable fuzzing feedback "
108 "(static mode):");
Robert Swiecki216a4362017-12-13 13:02:52 +0100[diff] [blame]109 LOG_HELP_BOLD(" " PROG_NAME " -f input_dir -x -- /usr/bin/djpeg " _HF_FILE_PLACEHOLDER);
Jagger32127372015-10-09 23:07:38 +0200[diff] [blame]110 LOG_HELP(" As above, provide input over STDIN:");
Robert Swiecki930e12f2017-10-24 14:52:03 +0200[diff] [blame]111 LOG_HELP_BOLD(" " PROG_NAME " -f input_dir -x -s -- /usr/bin/djpeg");
Robert Swieckic39819b2018-01-22 16:09:16 +0100[diff] [blame]112 LOG_HELP(" Use compile-time instrumentation (-fsanitize-coverage=trace-pc-guard,...):");
Robert Swiecki216a4362017-12-13 13:02:52 +0100[diff] [blame]113 LOG_HELP_BOLD(" " PROG_NAME " -f input_dir -- /usr/bin/djpeg " _HF_FILE_PLACEHOLDER);
Robert Swieckic39819b2018-01-22 16:09:16 +0100[diff] [blame]114 LOG_HELP(" Use SANCOV instrumentation: (-fsanitize-coverage=bb/edge/func)");
Robert Swiecki216a4362017-12-13 13:02:52 +0100[diff] [blame]115 LOG_HELP_BOLD(" " PROG_NAME " -f input_dir -C -- /usr/bin/djpeg " _HF_FILE_PLACEHOLDER);
Robert Swieckic39819b2018-01-22 16:09:16 +0100[diff] [blame]116 LOG_HELP(" Use persistent mode w/o instrumentation:");
Robert Swiecki216a4362017-12-13 13:02:52 +0100[diff] [blame]117 LOG_HELP_BOLD(" " PROG_NAME " -f input_dir -P -x -- /usr/bin/djpeg_persistent_mode");
Robert Swieckic39819b2018-01-22 16:09:16 +0100[diff] [blame]118 LOG_HELP(
119 " Use persistent mode and compile-time (-fsanitize-coverage=trace-pc-guard,...) "
120 "instrumentation:");
Robert Swiecki216a4362017-12-13 13:02:52 +0100[diff] [blame]121 LOG_HELP_BOLD(" " PROG_NAME " -f input_dir -P -- /usr/bin/djpeg_persistent_mode");
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]122#if defined(_HF_ARCH_LINUX)
Robert Swiecki930e12f2017-10-24 14:52:03 +0200[diff] [blame]123 LOG_HELP(
124 " Run the binary with dynamically generate inputs, maximize total no. of instructions:");
Robert Swiecki216a4362017-12-13 13:02:52 +0100[diff] [blame]125 LOG_HELP_BOLD(" " PROG_NAME " --linux_perf_instr -- /usr/bin/djpeg " _HF_FILE_PLACEHOLDER);
Robert Swiecki930e12f2017-10-24 14:52:03 +0200[diff] [blame]126 LOG_HELP(" As above, maximize total no. of branches:");
Robert Swiecki216a4362017-12-13 13:02:52 +0100[diff] [blame]127 LOG_HELP_BOLD(" " PROG_NAME " --linux_perf_branch -- /usr/bin/djpeg " _HF_FILE_PLACEHOLDER);
Robert Swiecki930e12f2017-10-24 14:52:03 +0200[diff] [blame]128 LOG_HELP(" As above, maximize unique branches (edges) via Intel BTS:");
Robert Swiecki216a4362017-12-13 13:02:52 +0100[diff] [blame]129 LOG_HELP_BOLD(" " PROG_NAME " --linux_perf_bts_edge -- /usr/bin/djpeg " _HF_FILE_PLACEHOLDER);
Robert Swiecki930e12f2017-10-24 14:52:03 +0200[diff] [blame]130 LOG_HELP(
131 " As above, maximize unique code blocks via Intel Processor Trace (requires libipt.so):");
Robert Swiecki216a4362017-12-13 13:02:52 +0100[diff] [blame]132 LOG_HELP_BOLD(" " PROG_NAME " --linux_perf_ipt_block -- /usr/bin/djpeg " _HF_FILE_PLACEHOLDER);
Robert Swiecki4e595fb2017-10-11 17:26:51 +0200[diff] [blame]133#endif /* defined(_HF_ARCH_LINUX) */
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]134}
135
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]136static void cmdlineUsage(const char* pname, struct custom_option* opts) {
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]137 cmdlineHelp(pname, opts);
138 exit(0);
139}
140
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]141rlim_t cmdlineParseRLimit(int res, const char* optarg, unsigned long mul) {
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]142 struct rlimit cur;
143 if (getrlimit(res, &cur) == -1) {
144 PLOG_F("getrlimit(%d)", res);
145 }
146 if (strcasecmp(optarg, "max") == 0) {
147 return cur.rlim_max;
148 }
149 if (strcasecmp(optarg, "def") == 0) {
150 return cur.rlim_cur;
151 }
Anestis Bechtsoudis413cb132016-02-07 12:59:00 +0200[diff] [blame]152 if (util_isANumber(optarg) == false) {
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]153 LOG_F("RLIMIT %d needs a numeric or 'max'/'def' value ('%s' provided)", res, optarg);
154 }
155 rlim_t val = strtoul(optarg, NULL, 0) * mul;
Jagger2bd61b72015-10-10 05:23:32 +0200[diff] [blame]156 if ((unsigned long)val == ULONG_MAX && errno != 0) {
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]157 PLOG_F("strtoul('%s', 0)", optarg);
158 }
159 return val;
160}
161
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]162static bool cmdlineVerify(honggfuzz_t* hfuzz) {
Robert Swiecki76f73e12018-01-24 17:07:21 +0100[diff] [blame]163 if (!cmdlineCheckBinaryType(hfuzz)) {
164 LOG_E("Couldn't test binary for signatures");
165 return false;
166 }
167
Robert Swiecki5cc1f7b2018-01-16 20:55:43 +0100[diff] [blame]168 if (!hfuzz->exe.fuzzStdin && !hfuzz->exe.persistent &&
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]169 !checkFor_FILE_PLACEHOLDER(hfuzz->exe.cmdline)) {
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]170 LOG_E("You must specify '" _HF_FILE_PLACEHOLDER
Robert Swiecki5cc1f7b2018-01-16 20:55:43 +0100[diff] [blame]171 "' if the -s (stdin fuzzing) or --persistent options are not set");
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]172 return false;
173 }
174
Robert Swiecki5cc1f7b2018-01-16 20:55:43 +0100[diff] [blame]175 if (hfuzz->exe.fuzzStdin && hfuzz->exe.persistent) {
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]176 LOG_E(
177 "Stdin fuzzing (-s) and persistent fuzzing (-P) cannot be specified at the same time");
178 return false;
179 }
180
181 if (hfuzz->threads.threadsMax >= _HF_THREAD_MAX) {
182 LOG_E("Too many fuzzing threads specified %zu (>= _HF_THREAD_MAX (%u))",
183 hfuzz->threads.threadsMax, _HF_THREAD_MAX);
184 return false;
185 }
186
187 if (strchr(hfuzz->io.fileExtn, '/')) {
188 LOG_E("The file extension contains the '/' character: '%s'", hfuzz->io.fileExtn);
189 return false;
190 }
191
192 if (hfuzz->io.workDir == NULL) {
193 hfuzz->io.workDir = ".";
194 }
195 if (mkdir(hfuzz->io.workDir, 0700) == -1 && errno != EEXIST) {
196 PLOG_E("Couldn't create the workspace directory '%s'", hfuzz->io.workDir);
197 return false;
198 }
199 if (hfuzz->io.crashDir == NULL) {
200 hfuzz->io.crashDir = hfuzz->io.workDir;
201 }
202 if (mkdir(hfuzz->io.crashDir, 0700) && errno != EEXIST) {
203 PLOG_E("Couldn't create the crash directory '%s'", hfuzz->io.crashDir);
204 return false;
205 }
206
207 if (hfuzz->linux.pid > 0 || hfuzz->linux.pidFile) {
208 LOG_I("PID=%d specified, lowering maximum number of concurrent threads to 1",
209 hfuzz->linux.pid);
210 hfuzz->threads.threadsMax = 1;
211 }
212
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]213 if (hfuzz->mutate.mutationsPerRun == 0U && hfuzz->cfg.useVerifier) {
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]214 LOG_I("Verifier enabled with mutationsPerRun == 0, activating the dry run mode");
215 }
216
217 /*
Robert Swiecki34c876f2018-01-25 17:19:11 +0100[diff] [blame]218 * 'enableSanitizers' can be auto enabled when san_cov is used, although it's probably
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]219 * better to let user know about the features that each flag control.
220 */
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]221 if ((hfuzz->feedback.dynFileMethod & _HF_DYNFILE_SANCOV) && !hfuzz->sanitizer.enable) {
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]222 LOG_E("Sanitizer coverage cannot be used without enabling sanitizers '-S/--sanitizers'");
223 return false;
224 }
225
Robert Swieckie9231d62018-03-02 03:35:11 +0100[diff] [blame]226 if (hfuzz->mutate.maxFileSz > _HF_INPUT_MAX_SIZE) {
227 LOG_E("Maximum file size '%zu' bigger than the maximum size '%zu'", hfuzz->mutate.maxFileSz,
Robert Swiecki0a01ea72018-01-11 01:50:18 +0100[diff] [blame]228 (size_t)_HF_INPUT_MAX_SIZE);
229 return false;
230 }
231
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]232 return true;
233}
234
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]235bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) {
Robert Swieckicbba70f2018-03-11 03:16:59 +0100[diff] [blame]236 *hfuzz = (honggfuzz_t){
Robert Swieckia3536a02018-03-08 04:57:51 +0100[diff] [blame]237 .threads =
238 {
239 .threadsFinished = 0,
240 .threadsMax =
241 (sysconf(_SC_NPROCESSORS_ONLN) <= 1) ? 1 : sysconf(_SC_NPROCESSORS_ONLN) / 2,
242 .threadsActiveCnt = 0,
243 .mainThread = pthread_self(),
244 .mainPid = getpid(),
245 },
Robert Swiecki82c707c2017-11-14 16:36:23 +0100[diff] [blame]246 .io =
247 {
248 .inputDir = NULL,
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]249 .inputDirPtr = NULL,
Robert Swiecki82c707c2017-11-14 16:36:23 +0100[diff] [blame]250 .fileCnt = 0,
251 .fileCntDone = false,
252 .fileExtn = "fuzz",
Robert Swieckiced3eba2017-12-15 15:33:03 +0100[diff] [blame]253 .workDir = NULL,
254 .crashDir = NULL,
255 .covDirAll = NULL,
256 .covDirNew = NULL,
Robert Swiecki26fd6d52017-11-15 00:46:21 +0100[diff] [blame]257 .saveUnique = true,
Robert Swiecki363510f2018-03-09 02:00:30 +0100[diff] [blame]258 .dynfileqCnt = 0U,
259 .dynfileq_mutex = PTHREAD_RWLOCK_INITIALIZER,
Robert Swiecki82c707c2017-11-14 16:36:23 +0100[diff] [blame]260 },
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]261 .exe =
262 {
Robert Swiecki2aeff252018-01-10 14:58:44 +0100[diff] [blame]263 .argc = 0,
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]264 .cmdline = NULL,
265 .nullifyStdio = true,
266 .fuzzStdin = false,
267 .externalCommand = NULL,
268 .postExternalCommand = NULL,
Robert Swiecki5cc1f7b2018-01-16 20:55:43 +0100[diff] [blame]269 .persistent = false,
270 .netDriver = false,
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]271 .asLimit = 0U,
272 .rssLimit = 0U,
273 .dataLimit = 0U,
274 .clearEnv = false,
275 .envs[0] = NULL,
276 },
Robert Swiecki371e1292017-12-18 01:10:33 +0100[diff] [blame]277 .timing =
278 {
279 .timeStart = time(NULL),
280 .runEndTime = 0,
281 .tmOut = 10,
Robert Swieckieba27172017-12-18 01:12:02 +0100[diff] [blame]282 .tmoutVTALRM = false,
Robert Swiecki36f7e512018-01-16 03:46:41 +0100[diff] [blame]283 .lastCovUpdate = time(NULL),
Robert Swiecki371e1292017-12-18 01:10:33 +0100[diff] [blame]284 },
Robert Swiecki04dcac32018-03-02 03:05:26 +0100[diff] [blame]285 .mutate =
286 {
287 .mutationsMax = 0,
288 .dictionaryFile = NULL,
289 .dictionaryCnt = 0,
290 .mutationsPerRun = 6U,
Robert Swieckie9231d62018-03-02 03:35:11 +0100[diff] [blame]291 .maxFileSz = 0UL,
Robert Swiecki04dcac32018-03-02 03:05:26 +0100[diff] [blame]292 },
Robert Swiecki5e26bd92018-03-02 12:09:34 +0100[diff] [blame]293 .display =
294 {
295 .useScreen = true,
Robert Swieckieb9fbdd2018-03-08 05:15:37 +0100[diff] [blame]296 .lastDisplayMillis = util_timeNowMillis(),
Robert Swiecki5e26bd92018-03-02 12:09:34 +0100[diff] [blame]297 .cmdline_txt[0] = '\0',
298 },
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]299 .cfg =
300 {
301 .useVerifier = false,
302 .exitUponCrash = false,
303 .report_mutex = PTHREAD_MUTEX_INITIALIZER,
304 .reportFile = NULL,
305 .dynFileIterExpire = 0,
Anestis Bechtsoudise5f09f82016-12-27 16:06:05 +0200[diff] [blame]306#if defined(__ANDROID__)
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]307 .monitorSIGABRT = false,
Anestis Bechtsoudise5f09f82016-12-27 16:06:05 +0200[diff] [blame]308#else
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]309 .monitorSIGABRT = true,
Anestis Bechtsoudise5f09f82016-12-27 16:06:05 +0200[diff] [blame]310#endif
plusun99ef77e2018-07-31 10:52:27 +0000[diff] [blame]311 .only_printable = false,
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]312 },
313 .sanitizer =
314 {
315 .enable = false,
316 .sanCov_mutex = PTHREAD_MUTEX_INITIALIZER,
317 .extSanOpts = NULL,
318 .covMetadata = NULL,
319 .sanCovCnts =
320 {
321 .hitBBCnt = 0ULL,
322 .totalBBCnt = 0ULL,
323 .dsoCnt = 0ULL,
324 .iDsoCnt = 0ULL,
325 .newBBCnt = 0ULL,
326 .crashesCnt = 0ULL,
327 },
328 },
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]329 .feedback =
330 {
331 .feedbackMap = NULL,
332 .feedback_mutex = PTHREAD_MUTEX_INITIALIZER,
333 .bbFd = -1,
334 .blacklistFile = NULL,
335 .blacklist = NULL,
336 .blacklistCnt = 0,
337 .skipFeedbackOnTimeout = false,
338 .dynFileMethod = _HF_DYNFILE_SOFT,
Robert Swiecki363510f2018-03-09 02:00:30 +0100[diff] [blame]339 .state = _HF_STATE_UNSET,
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]340 },
Robert Swiecki01a980e2017-11-14 03:36:50 +0100[diff] [blame]341 .cnts =
342 {
343 .mutationsCnt = 0,
344 .crashesCnt = 0,
345 .uniqueCrashesCnt = 0,
346 .verifiedCrashesCnt = 0,
347 .blCrashesCnt = 0,
348 .timeoutedCnt = 0,
349 },
Robert Swieckia3536a02018-03-08 04:57:51 +0100[diff] [blame]350 .socketFuzzer =
351 {
352 .enabled = false,
353 .serverSocket = -1,
354 .clientSocket = -1,
355 },
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]356
Robert Swiecki6c9f6822016-03-14 16:12:27 +0100[diff] [blame]357 /* Linux code */
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]358 .linux =
359 {
Robert Swiecki4e595fb2017-10-11 17:26:51 +0200[diff] [blame]360 .exeFd = -1,
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]361 .hwCnts =
362 {
363 .cpuInstrCnt = 0ULL,
364 .cpuBranchCnt = 0ULL,
365 .bbCnt = 0ULL,
366 .newBBCnt = 0ULL,
367 .softCntPc = 0ULL,
368 .softCntCmp = 0ULL,
369 },
Robert Swieckid0fa62c2017-09-28 18:11:05 +0200[diff] [blame]370 .dynamicCutOffAddr = ~(0ULL),
371 .disableRandomization = true,
372 .ignoreAddr = NULL,
373 .numMajorFrames = 7,
374 .pid = 0,
375 .pidFile = NULL,
Robert Swiecki06008f72017-12-27 18:40:34 +0100[diff] [blame]376 .pidCmd = {},
Robert Swieckid0fa62c2017-09-28 18:11:05 +0200[diff] [blame]377 .symsBlFile = NULL,
378 .symsBlCnt = 0,
379 .symsBl = NULL,
380 .symsWlFile = NULL,
381 .symsWlCnt = 0,
382 .symsWl = NULL,
383 .cloneFlags = 0,
384 .kernelOnly = false,
385 .useClone = true,
Jaggerab26e702016-03-22 04:28:00 +0100[diff] [blame]386 },
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]387 };
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]388
Robert Swiecki363510f2018-03-09 02:00:30 +0100[diff] [blame]389 TAILQ_INIT(&hfuzz->io.dynfileq);
Robert Swiecki04dcac32018-03-02 03:05:26 +0100[diff] [blame]390 TAILQ_INIT(&hfuzz->mutate.dictq);
Robert Swiecki3bfc33c2016-03-14 18:12:41 +0100[diff] [blame]391
Robert Swiecki0b566112017-10-17 17:39:07 +0200[diff] [blame]392 // clang-format off
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]393 struct custom_option custom_opts[] = {
Robert Swieckid0fa62c2017-09-28 18:11:05 +0200[diff] [blame]394 { { "help", no_argument, NULL, 'h' }, "Help plz.." },
395 { { "input", required_argument, NULL, 'f' }, "Path to a directory containing initial file corpus" },
Robert Swieckie46d8af2018-01-12 03:20:04 +0100[diff] [blame]396 { { "persistent", no_argument, NULL, 'P' }, "Enable persistent fuzzing (use hfuzz_cc/hfuzz-clang to compile code). This will be auto-detected!!!" },
Robert Swiecki930e12f2017-10-24 14:52:03 +0200[diff] [blame]397 { { "instrument", no_argument, NULL, 'z' }, "*DEFAULT-MODE-BY-DEFAULT* Enable compile-time instrumentation (use hfuzz_cc/hfuzz-clang to compile code)" },
Robert Swiecki6edfd6c2018-01-22 16:06:53 +0100[diff] [blame]398 { { "noinst", no_argument, NULL, 'x' }, "Static mode only, disable any instrumentation (hw/sw) feedback" },
Robert Swieckid0fa62c2017-09-28 18:11:05 +0200[diff] [blame]399 { { "sancov", no_argument, NULL, 'C' }, "Enable sanitizer coverage feedback" },
400 { { "keep_output", no_argument, NULL, 'Q' }, "Don't close children's stdin, stdout, stderr; can be noisy" },
Robert Swieckiac640e02018-01-22 16:04:45 +0100[diff] [blame]401 { { "timeout", required_argument, NULL, 't' }, "Timeout in seconds (default: 10)" },
Robert Swieckid0fa62c2017-09-28 18:11:05 +0200[diff] [blame]402 { { "threads", required_argument, NULL, 'n' }, "Number of concurrent fuzzing threads (default: number of CPUs / 2)" },
403 { { "stdin_input", no_argument, NULL, 's' }, "Provide fuzzing input on STDIN, instead of ___FILE___" },
Robert Swieckiac640e02018-01-22 16:04:45 +0100[diff] [blame]404 { { "mutations_per_run", required_argument, NULL, 'r' }, "Maximal number of mutations per one run (default: 6)" },
Robert Swieckid0fa62c2017-09-28 18:11:05 +0200[diff] [blame]405 { { "logfile", required_argument, NULL, 'l' }, "Log file" },
406 { { "verbose", no_argument, NULL, 'v' }, "Disable ANSI console; use simple log output" },
407 { { "verifier", no_argument, NULL, 'V' }, "Enable crashes verifier" },
Robert Swiecki97cd6242017-12-27 21:02:47 +0100[diff] [blame]408 { { "debug", no_argument, NULL, 'd' }, "Show debug messages (level >= 4)" },
409 { { "quiet", no_argument, NULL, 'q' }, "Show only warnings and more serious messages (level <= 1)" },
Robert Swieckid0fa62c2017-09-28 18:11:05 +0200[diff] [blame]410 { { "extension", required_argument, NULL, 'e' }, "Input file extension (e.g. 'swf'), (default: 'fuzz')" },
411 { { "workspace", required_argument, NULL, 'W' }, "Workspace directory to save crashes & runtime files (default: '.')" },
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]412 { { "crashdir", required_argument, NULL, 0x600 }, "Directory where crashes are saved to (default: workspace directory)" },
413 { { "covdir_all", required_argument, NULL, 0x601 }, "Coverage is written to a separate directory (default: input directory)" },
414 { { "covdir_new", required_argument, NULL, 0x602 }, "New coverage (beyond the dry-run fuzzing phase) is written to this separate directory" },
Robert Swieckid0fa62c2017-09-28 18:11:05 +0200[diff] [blame]415 { { "dict", required_argument, NULL, 'w' }, "Dictionary file. Format:http://llvm.org/docs/LibFuzzer.html#dictionaries" },
416 { { "stackhash_bl", required_argument, NULL, 'B' }, "Stackhashes blacklist file (one entry per line)" },
417 { { "mutate_cmd", required_argument, NULL, 'c' }, "External command producing fuzz files (instead of internal mutators)" },
418 { { "pprocess_cmd", required_argument, NULL, 0x104 }, "External command postprocessing files produced by internal mutators" },
Robert Swieckiac640e02018-01-22 16:04:45 +0100[diff] [blame]419 { { "run_time", required_argument, NULL, 0x109 }, "Number of seconds this fuzzing session will last (default: 0 [no limit])" },
420 { { "iterations", required_argument, NULL, 'N' }, "Number of fuzzing iterations (default: 0 [no limit])" },
421 { { "rlimit_as", required_argument, NULL, 0x100 }, "Per process RLIMIT_AS in MiB (default: 0 [no limit])" },
422 { { "rlimit_rss", required_argument, NULL, 0x101 }, "Per process RLIMIT_RSS in MiB (default: 0 [no limit]). It will also set *SAN's soft_rss_limit_mb if used" },
423 { { "rlimit_data", required_argument, NULL, 0x102 }, "Per process RLIMIT_DATA in MiB (default: 0 [no limit])" },
424 { { "report", required_argument, NULL, 'R' }, "Write report to this file (default: '<workdir>/" _HF_REPORT_FILE "')" },
425 { { "max_file_size", required_argument, NULL, 'F' }, "Maximal size of files processed by the fuzzer in bytes (default: 1048576)" },
Robert Swiecki8954afd2017-11-14 18:14:22 +0100[diff] [blame]426 { { "clear_env", no_argument, NULL, 0x108 }, "Clear all environment variables before executing the binary" },
Robert Swieckid0fa62c2017-09-28 18:11:05 +0200[diff] [blame]427 { { "env", required_argument, NULL, 'E' }, "Pass this environment variable, can be used multiple times" },
428 { { "save_all", no_argument, NULL, 'u' }, "Save all test-cases (not only the unique ones) by appending the current time-stamp to the filenames" },
429 { { "tmout_sigvtalrm", no_argument, NULL, 'T' }, "Use SIGVTALRM to kill timeouting processes (default: use SIGKILL)" },
430 { { "sanitizers", no_argument, NULL, 'S' }, "Enable sanitizers settings (default: false)" },
Robert Swiecki97d88932018-01-10 19:29:34 +0100[diff] [blame]431 { { "san_opts", required_argument, NULL, 0x10A }, "Options appended to the regular *SAN_OPTIONS (default: empty)" },
Robert Swieckib1f5a252018-01-22 16:05:39 +0100[diff] [blame]432 { { "monitor_sigabrt", required_argument, NULL, 0x105 }, "Monitor SIGABRT (default: false for Android, true for other platforms)" },
Robert Swieckiac640e02018-01-22 16:04:45 +0100[diff] [blame]433 { { "no_fb_timeout", required_argument, NULL, 0x106 }, "Skip feedback if the process has timeouted (default: false)" },
434 { { "exit_upon_crash", no_argument, NULL, 0x107 }, "Exit upon seeing the first crash (default: false)" },
dobinedf9f8d2018-01-21 13:57:02 +0100[diff] [blame]435 { { "socket_fuzzer", no_argument, NULL, 0x10b }, "Instrument external fuzzer via socket" },
plusun99ef77e2018-07-31 10:52:27 +0000[diff] [blame]436 { { "only_printable", no_argument, NULL, 'o' }, "Only generate printable inputs" },
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]437
438#if defined(_HF_ARCH_LINUX)
Robert Swieckid0fa62c2017-09-28 18:11:05 +0200[diff] [blame]439 { { "linux_symbols_bl", required_argument, NULL, 0x504 }, "Symbols blacklist filter file (one entry per line)" },
440 { { "linux_symbols_wl", required_argument, NULL, 0x505 }, "Symbols whitelist filter file (one entry per line)" },
441 { { "linux_pid", required_argument, NULL, 'p' }, "Attach to a pid (and its thread group)" },
442 { { "linux_file_pid", required_argument, NULL, 0x502 }, "Attach to pid (and its thread group) read from file" },
Robert Swieckiac640e02018-01-22 16:04:45 +0100[diff] [blame]443 { { "linux_addr_low_limit", required_argument, NULL, 0x500 }, "Address limit (from si.si_addr) below which crashes are not reported, (default: 0)" },
Robert Swieckid0fa62c2017-09-28 18:11:05 +0200[diff] [blame]444 { { "linux_keep_aslr", no_argument, NULL, 0x501 }, "Don't disable ASLR randomization, might be useful with MSAN" },
445 { { "linux_perf_ignore_above", required_argument, NULL, 0x503 }, "Ignore perf events which report IPs above this address" },
446 { { "linux_perf_instr", no_argument, NULL, 0x510 }, "Use PERF_COUNT_HW_INSTRUCTIONS perf" },
447 { { "linux_perf_branch", no_argument, NULL, 0x511 }, "Use PERF_COUNT_HW_BRANCH_INSTRUCTIONS perf" },
448 { { "linux_perf_bts_edge", no_argument, NULL, 0x513 }, "Use Intel BTS to count unique edges" },
449 { { "linux_perf_ipt_block", no_argument, NULL, 0x514 }, "Use Intel Processor Trace to count unique blocks (requires libipt.so)" },
450 { { "linux_perf_kernel_only", no_argument, NULL, 0x515 }, "Gather kernel-only coverage with Intel PT and with Intel BTS" },
451 { { "linux_ns_net", no_argument, NULL, 0x0530 }, "Use Linux NET namespace isolation" },
452 { { "linux_ns_pid", no_argument, NULL, 0x0531 }, "Use Linux PID namespace isolation" },
453 { { "linux_ns_ipc", no_argument, NULL, 0x0532 }, "Use Linux IPC namespace isolation" },
454#endif // defined(_HF_ARCH_LINUX)
455 { { 0, 0, 0, 0 }, NULL },
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]456 };
Robert Swiecki0b566112017-10-17 17:39:07 +0200[diff] [blame]457 // clang-format on
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]458
459 struct option opts[ARRAYSIZE(custom_opts)];
460 for (unsigned i = 0; i < ARRAYSIZE(custom_opts); i++) {
461 opts[i] = custom_opts[i].opt;
462 }
463
464 enum llevel_t ll = INFO;
Robert Swiecki4e595fb2017-10-11 17:26:51 +0200[diff] [blame]465 const char* logfile = NULL;
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]466 int opt_index = 0;
467 for (;;) {
Robert Swiecki0b566112017-10-17 17:39:07 +0200[diff] [blame]468 int c = getopt_long(
plusun99ef77e2018-07-31 10:52:27 +0000[diff] [blame]469 argc, argv, "-?hQvVsuPxf:dqe:W:r:c:F:t:R:n:N:l:p:g:E:w:B:CzTSo", opts, &opt_index);
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]470 if (c < 0) break;
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]471
472 switch (c) {
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]473 case 'h':
474 case '?':
475 cmdlineUsage(argv[0], custom_opts);
476 break;
477 case 'f':
Robert Swiecki82c707c2017-11-14 16:36:23 +0100[diff] [blame]478 hfuzz->io.inputDir = optarg;
Robert Swieckiced3eba2017-12-15 15:33:03 +0100[diff] [blame]479 if (hfuzz->io.covDirAll == NULL) {
480 hfuzz->io.covDirAll = optarg;
481 }
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]482 break;
483 case 'x':
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]484 hfuzz->feedback.dynFileMethod = _HF_DYNFILE_NONE;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]485 break;
486 case 'Q':
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]487 hfuzz->exe.nullifyStdio = false;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]488 break;
489 case 'v':
Robert Swiecki5e26bd92018-03-02 12:09:34 +0100[diff] [blame]490 hfuzz->display.useScreen = false;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]491 break;
492 case 'V':
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]493 hfuzz->cfg.useVerifier = true;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]494 break;
495 case 's':
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]496 hfuzz->exe.fuzzStdin = true;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]497 break;
498 case 'u':
Robert Swiecki26fd6d52017-11-15 00:46:21 +0100[diff] [blame]499 hfuzz->io.saveUnique = false;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]500 break;
501 case 'l':
502 logfile = optarg;
503 break;
504 case 'd':
Robert Swiecki97cd6242017-12-27 21:02:47 +0100[diff] [blame]505 ll = DEBUG;
506 break;
507 case 'q':
508 ll = WARNING;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]509 break;
510 case 'e':
Robert Swiecki82c707c2017-11-14 16:36:23 +0100[diff] [blame]511 hfuzz->io.fileExtn = optarg;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]512 break;
513 case 'W':
Robert Swiecki82c707c2017-11-14 16:36:23 +0100[diff] [blame]514 hfuzz->io.workDir = optarg;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]515 break;
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]516 case 0x600:
Robert Swieckiced3eba2017-12-15 15:33:03 +0100[diff] [blame]517 hfuzz->io.crashDir = optarg;
518 break;
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]519 case 0x601:
520 hfuzz->io.covDirAll = optarg;
521 break;
522 case 0x602:
523 hfuzz->io.covDirNew = optarg;
524 break;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]525 case 'r':
Robert Swiecki04dcac32018-03-02 03:05:26 +0100[diff] [blame]526 hfuzz->mutate.mutationsPerRun = strtoul(optarg, NULL, 10);
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]527 break;
528 case 'c':
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]529 hfuzz->exe.externalCommand = optarg;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]530 break;
531 case 'C':
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]532 hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_SANCOV;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]533 break;
534 case 'S':
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]535 hfuzz->sanitizer.enable = true;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]536 break;
Robert Swiecki97d88932018-01-10 19:29:34 +0100[diff] [blame]537 case 0x10A:
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]538 hfuzz->sanitizer.extSanOpts = optarg;
Robert Swiecki97d88932018-01-10 19:29:34 +0100[diff] [blame]539 break;
dobinedf9f8d2018-01-21 13:57:02 +0100[diff] [blame]540 case 0x10B:
Robert Swiecki5e26bd92018-03-02 12:09:34 +0100[diff] [blame]541 hfuzz->socketFuzzer.enabled = true;
Robert Swiecki56276192018-01-21 15:43:02 +0100[diff] [blame]542 hfuzz->timing.tmOut = 0; // Disable process timeout checks
dobinedf9f8d2018-01-21 13:57:02 +0100[diff] [blame]543 break;
plusun99ef77e2018-07-31 10:52:27 +0000[diff] [blame]544 case 'o':
545 hfuzz->cfg.only_printable = true;
546 break;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]547 case 'z':
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]548 hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_SOFT;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]549 break;
550 case 'F':
Robert Swieckie9231d62018-03-02 03:35:11 +0100[diff] [blame]551 hfuzz->mutate.maxFileSz = strtoul(optarg, NULL, 0);
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]552 break;
553 case 't':
Robert Swiecki371e1292017-12-18 01:10:33 +0100[diff] [blame]554 hfuzz->timing.tmOut = atol(optarg);
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]555 break;
556 case 'R':
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]557 hfuzz->cfg.reportFile = optarg;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]558 break;
559 case 'n':
560 hfuzz->threads.threadsMax = atol(optarg);
561 break;
562 case 0x109: {
563 time_t p = atol(optarg);
564 if (p > 0) {
Robert Swiecki371e1292017-12-18 01:10:33 +0100[diff] [blame]565 hfuzz->timing.runEndTime = time(NULL) + p;
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]566 }
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]567 } break;
568 case 'N':
Robert Swiecki04dcac32018-03-02 03:05:26 +0100[diff] [blame]569 hfuzz->mutate.mutationsMax = atol(optarg);
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]570 break;
571 case 0x100:
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]572 hfuzz->exe.asLimit = strtoull(optarg, NULL, 0);
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]573 break;
574 case 0x101:
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]575 hfuzz->exe.rssLimit = strtoull(optarg, NULL, 0);
Robert Swiecki8954afd2017-11-14 18:14:22 +0100[diff] [blame]576 break;
577 case 0x102:
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]578 hfuzz->exe.dataLimit = strtoull(optarg, NULL, 0);
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]579 break;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]580 case 0x104:
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]581 hfuzz->exe.postExternalCommand = optarg;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]582 break;
583 case 0x105:
584 if ((strcasecmp(optarg, "0") == 0) || (strcasecmp(optarg, "false") == 0)) {
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]585 hfuzz->cfg.monitorSIGABRT = false;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]586 } else {
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]587 hfuzz->cfg.monitorSIGABRT = true;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]588 }
589 break;
590 case 0x106:
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]591 hfuzz->feedback.skipFeedbackOnTimeout = true;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]592 break;
593 case 0x107:
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]594 hfuzz->cfg.exitUponCrash = true;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]595 break;
Robert Swiecki8954afd2017-11-14 18:14:22 +0100[diff] [blame]596 case 0x108:
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]597 hfuzz->exe.clearEnv = true;
Robert Swiecki8954afd2017-11-14 18:14:22 +0100[diff] [blame]598 break;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]599 case 'P':
Robert Swiecki5cc1f7b2018-01-16 20:55:43 +0100[diff] [blame]600 hfuzz->exe.persistent = true;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]601 break;
602 case 'T':
Robert Swieckieba27172017-12-18 01:12:02 +0100[diff] [blame]603 hfuzz->timing.tmoutVTALRM = true;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]604 break;
605 case 'p':
606 if (util_isANumber(optarg) == false) {
607 LOG_E("-p '%s' is not a number", optarg);
608 return false;
609 }
610 hfuzz->linux.pid = atoi(optarg);
611 if (hfuzz->linux.pid < 1) {
612 LOG_E("-p '%d' is invalid", hfuzz->linux.pid);
613 return false;
614 }
615 break;
616 case 0x502:
617 hfuzz->linux.pidFile = optarg;
618 break;
619 case 'E':
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]620 for (size_t i = 0; i < ARRAYSIZE(hfuzz->exe.envs); i++) {
621 if (hfuzz->exe.envs[i] == NULL) {
622 hfuzz->exe.envs[i] = optarg;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]623 break;
624 }
625 }
626 break;
627 case 'w':
Robert Swiecki04dcac32018-03-02 03:05:26 +0100[diff] [blame]628 hfuzz->mutate.dictionaryFile = optarg;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]629 break;
630 case 'B':
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]631 hfuzz->feedback.blacklistFile = optarg;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]632 break;
Robert Swiecki846ccd72017-01-12 17:52:23 +0100[diff] [blame]633#if defined(_HF_ARCH_LINUX)
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]634 case 0x500:
635 hfuzz->linux.ignoreAddr = (void*)strtoul(optarg, NULL, 0);
636 break;
637 case 0x501:
638 hfuzz->linux.disableRandomization = false;
639 break;
640 case 0x503:
641 hfuzz->linux.dynamicCutOffAddr = strtoull(optarg, NULL, 0);
642 break;
643 case 0x504:
644 hfuzz->linux.symsBlFile = optarg;
645 break;
646 case 0x505:
647 hfuzz->linux.symsWlFile = optarg;
648 break;
649 case 0x510:
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]650 hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_INSTR_COUNT;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]651 break;
652 case 0x511:
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]653 hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_BRANCH_COUNT;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]654 break;
655 case 0x513:
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]656 hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_BTS_EDGE;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]657 break;
658 case 0x514:
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]659 hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_IPT_BLOCK;
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]660 break;
661 case 0x515:
662 hfuzz->linux.kernelOnly = true;
663 break;
664 case 0x530:
665 hfuzz->linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWNET);
666 break;
667 case 0x531:
668 hfuzz->linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWPID);
669 break;
670 case 0x532:
671 hfuzz->linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWIPC);
672 break;
Robert Swiecki4e595fb2017-10-11 17:26:51 +0200[diff] [blame]673#endif /* defined(_HF_ARCH_LINUX) */
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]674 default:
675 cmdlineUsage(argv[0], custom_opts);
676 return false;
677 break;
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]678 }
679 }
Jagger72f258b2015-10-09 23:09:01 +0200[diff] [blame]680
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]681 if (!logInitLogFile(logfile, ll)) {
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]682 return false;
683 }
Robert Swiecki2aeff252018-01-10 14:58:44 +0100[diff] [blame]684 hfuzz->exe.argc = argc - optind;
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]685 hfuzz->exe.cmdline = (const char* const*)&argv[optind];
Robert Swiecki2aeff252018-01-10 14:58:44 +0100[diff] [blame]686 if (hfuzz->exe.argc <= 0) {
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]687 LOG_E("No fuzz command provided");
688 cmdlineUsage(argv[0], custom_opts);
689 return false;
690 }
Robert Swiecki8a1fc672018-01-25 23:22:47 +0100[diff] [blame]691 if (!files_exists(hfuzz->exe.cmdline[0])) {
692 LOG_E("Your fuzzed binary '%s' doesn't seem to exist", hfuzz->exe.cmdline[0]);
693 return false;
694 }
Robert Swieckia35d9d82017-12-15 22:00:41 +0100[diff] [blame]695 if (!cmdlineVerify(hfuzz)) {
Anestis Bechtsoudisc1a0d9f2016-12-29 11:34:10 +0200[diff] [blame]696 return false;
697 }
698
Robert Swiecki8a1fc672018-01-25 23:22:47 +0100[diff] [blame]699 display_createTargetStr(hfuzz);
700
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]701 LOG_I(
Robert Swiecki8a1fc672018-01-25 23:22:47 +0100[diff] [blame]702 "cmdline: '%s' pid: %d, inputDir '%s', nullifyStdio: %s, fuzzStdin: %s, saveUnique: %s, "
Robert Swieckid50ed422017-11-13 23:32:26 +0100[diff] [blame]703 "mutationsPerRun: %u, "
704 "externalCommand: '%s', runEndTime: %d tmOut: %ld, mutationsMax: %zu, "
705 "threads.threadsMax: %zu, "
706 "fileExtn: '%s', "
Robert Swiecki8954afd2017-11-14 18:14:22 +0100[diff] [blame]707 "ASLimit: 0x%" PRIx64 "(MiB), RSSLimit: 0x%" PRIx64 ", DATALimit: 0x%" PRIx64
708 ", fuzzExe: '%s', fuzzedPid: %d, monitorSIGABRT: '%s'",
Robert Swiecki5e26bd92018-03-02 12:09:34 +0100[diff] [blame]709 hfuzz->display.cmdline_txt, (int)getpid(), hfuzz->io.inputDir,
Robert Swiecki8a1fc672018-01-25 23:22:47 +0100[diff] [blame]710 cmdlineYesNo(hfuzz->exe.nullifyStdio), cmdlineYesNo(hfuzz->exe.fuzzStdin),
Robert Swiecki04dcac32018-03-02 03:05:26 +0100[diff] [blame]711 cmdlineYesNo(hfuzz->io.saveUnique), hfuzz->mutate.mutationsPerRun,
Robert Swiecki97d0cee2017-12-18 00:17:50 +0100[diff] [blame]712 hfuzz->exe.externalCommand == NULL ? "NULL" : hfuzz->exe.externalCommand,
Robert Swiecki04dcac32018-03-02 03:05:26 +0100[diff] [blame]713 (int)hfuzz->timing.runEndTime, (long)hfuzz->timing.tmOut, hfuzz->mutate.mutationsMax,
Robert Swiecki371e1292017-12-18 01:10:33 +0100[diff] [blame]714 hfuzz->threads.threadsMax, hfuzz->io.fileExtn, hfuzz->exe.asLimit, hfuzz->exe.rssLimit,
715 hfuzz->exe.dataLimit, hfuzz->exe.cmdline[0], hfuzz->linux.pid,
Robert Swieckia5b918a2018-03-07 23:59:53 +0100[diff] [blame]716 cmdlineYesNo(hfuzz->cfg.monitorSIGABRT));
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]717
Robert Swieckia88f96f2015-10-09 16:47:39 +0200[diff] [blame]718 return true;
719}