Changeset 72436 in vbox for trunk

Timestamp:

Jun 4, 2018 7:59:26 PM (7 years ago)

Author:

vboxsync

Message:

Runtime: bugref:9006 and bugref:9188: Initial code drop for a small and simple fuzzing framework which will be used for fuzzing our various parsers which handle untrusted user input

(filesystem, disk images, archives, certificates, etc.). Supports fuzzing any binary as long as it accepts input through a file or stdin so far. Very much work in
progress...

Location:

trunk

Files:

• include/iprt/fuzz.h (added)
• include/iprt/mangling.h (modified) (1 diff)
• src/VBox/Runtime/Makefile.kmk (modified) (1 diff)
• src/VBox/Runtime/common/fuzz (added)
• src/VBox/Runtime/tools/Makefile.kmk (modified) (1 diff)
• src/VBox/Runtime/tools/RTFuzzMaster.cpp (added)

trunk/include/iprt/mangling.h

@@ -1008 +1008 @@
 # define RTFsIsoMakerCmdEx                              RT_MANGLER(RTFsIsoMakerCmdEx)
 # define RTFsNtfsVolOpen                                RT_MANGLER(RTFsNtfsVolOpen)
+# define RTFuzzCmdMaster                                RT_MANGLER(RTFuzzCmdMaster)
+# define RTFuzzCtxCfgGetBehavioralFlags                 RT_MANGLER(RTFuzzCtxCfgGetBehavioralFlags)
+# define RTFuzzCtxCfgGetInputSeedMaximum                RT_MANGLER(RTFuzzCtxCfgGetInputSeedMaximum)
+# define RTFuzzCtxCfgGetTmpDirectory                    RT_MANGLER(RTFuzzCtxCfgGetTmpDirectory)
+# define RTFuzzCtxCfgSetBehavioralFlags                 RT_MANGLER(RTFuzzCtxCfgSetBehavioralFlags)
+# define RTFuzzCtxCfgSetInputSeedMaximum                RT_MANGLER(RTFuzzCtxCfgSetInputSeedMaximum)
+# define RTFuzzCtxCfgSetTmpDirectory                    RT_MANGLER(RTFuzzCtxCfgSetTmpDirectory)
+# define RTFuzzCtxCorpusInputAdd                        RT_MANGLER(RTFuzzCtxCorpusInputAdd)
+# define RTFuzzCtxCorpusInputAddFromDirPath             RT_MANGLER(RTFuzzCtxCorpusInputAddFromDirPath)
+# define RTFuzzCtxCorpusInputAddFromFile                RT_MANGLER(RTFuzzCtxCorpusInputAddFromFile)
+# define RTFuzzCtxCreate                                RT_MANGLER(RTFuzzCtxCreate)
+# define RTFuzzCtxCreateFromState                       RT_MANGLER(RTFuzzCtxCreateFromState)
+# define RTFuzzCtxCreateFromStateFile                   RT_MANGLER(RTFuzzCtxCreateFromStateFile)
+# define RTFuzzCtxInputGenerate                         RT_MANGLER(RTFuzzCtxInputGenerate)
+# define RTFuzzCtxRelease                               RT_MANGLER(RTFuzzCtxRelease)
+# define RTFuzzCtxRetain                                RT_MANGLER(RTFuzzCtxRetain)
+# define RTFuzzCtxStateExport                           RT_MANGLER(RTFuzzCtxStateExport)
+# define RTFuzzCtxStateExportToFile                     RT_MANGLER(RTFuzzCtxStateExportToFile)
+# define RTFuzzInputAddToCtxCorpus                      RT_MANGLER(RTFuzzInputAddToCtxCorpus)
+# define RTFuzzInputQueryData                           RT_MANGLER(RTFuzzInputQueryData)
+# define RTFuzzInputQueryDigestString                   RT_MANGLER(RTFuzzInputQueryDigestString)
+# define RTFuzzInputRelease                             RT_MANGLER(RTFuzzInputRelease)
+# define RTFuzzInputRemoveFromCtxCorpus                 RT_MANGLER(RTFuzzInputRemoveFromCtxCorpus)
+# define RTFuzzInputRetain                              RT_MANGLER(RTFuzzInputRetain)
+# define RTFuzzInputWriteToFile                         RT_MANGLER(RTFuzzInputWriteToFile)
+# define RTFuzzObsCreate                                RT_MANGLER(RTFuzzObsCreate)
+# define RTFuzzObsDestroy                               RT_MANGLER(RTFuzzObsDestroy)
+# define RTFuzzObsExecStart                             RT_MANGLER(RTFuzzObsExecStart)
+# define RTFuzzObsExecStop                              RT_MANGLER(RTFuzzObsExecStop)
+# define RTFuzzObsQueryCtx                              RT_MANGLER(RTFuzzObsQueryCtx)
+# define RTFuzzObsSetTestBinary                         RT_MANGLER(RTFuzzObsSetTestBinary)
+# define RTFuzzObsSetTestBinaryArgs                     RT_MANGLER(RTFuzzObsSetTestBinaryArgs)
+# define RTFuzzObsSetTmpDirectory                       RT_MANGLER(RTFuzzObsSetTmpDirectory)
 # define RTGetOpt                                       RT_MANGLER(RTGetOpt)
 # define RTGetOptArgvFree                               RT_MANGLER(RTGetOptArgvFree)

trunk/src/VBox/Runtime/Makefile.kmk

@@ -1629 +1629 @@
                 $(patsubst common/checksum/alt-%,common/checksum/openssl-%,$(RuntimeR3_SOURCES)) ) ) \
         common/checksum/crc32-zlib.cpp \
+        common/fuzz/fuzz.cpp \
+        common/fuzz/fuzz-observer.cpp \
+        common/fuzz/fuzzmastercmd.cpp \
         common/misc/aiomgr.cpp
 ifneq ($(KBUILD_TARGET),win)

trunk/src/VBox/Runtime/tools/Makefile.kmk

@@ -184 +184 @@
  RTTraceLogTool_SOURCES = RTTraceLogTool.cpp
 
+ # RTFuzzMaster - Fuzzing master tool.
+ PROGRAMS += RTFuzzMaster
+ RTFuzzMaster_TEMPLATE = VBoxR3Tool
+ RTFuzzMaster_SOURCES = RTFuzzMaster.cpp
+
  if1of ($(KBUILD_TARGET), darwin linux solaris win)
   # RTKrnlModInfo - our lsmod/kextstat clone (for testing the RTKrnlMod code).