[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 4/4] tools/fuzz: add README.afl

On 20/01/17 12:11, Wei Liu wrote:
> And rename README to README.oss-fuzz.
>
> Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx>
> ---
> Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
> Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
> Cc: Jan Beulich <jbeulich@xxxxxxxx>
> ---
>  tools/fuzz/README.afl                  | 27 +++++++++++++++++++++++++++
>  tools/fuzz/{README => README.oss-fuzz} |  0
>  2 files changed, 27 insertions(+)
>  create mode 100644 tools/fuzz/README.afl
>  rename tools/fuzz/{README => README.oss-fuzz} (100%)
>
> diff --git a/tools/fuzz/README.afl b/tools/fuzz/README.afl
> new file mode 100644
> index 0000000..7214b61
> --- /dev/null
> +++ b/tools/fuzz/README.afl
> @@ -0,0 +1,27 @@
> +# OVERVIEW
> +
> +Some fuzzing targets have American Fuzzy Lop (AFL) support.
> +
> +See also http://lcamtuf.coredump.cx/afl/
> +
> +# HOW IT WORKS
> +
> +AFL provides a customised toolchain to build an executable, which in
> +turn is launched by the fuzzer.
> +
> +# HOW TO USE IT
> +
> +Use the x86 instruction emulator fuzzer as an example.
> +
> +1. download and compile AFL in $AFLPATH.
> +
> +2. run the following commands to build:
> +   $ cd tools/fuzz/x86_instruction_emulator
> +   $ make distclean
> +   $ make CC=$AFLPATH/afl-gcc afl # produces afl-x86-insn-emulator-fuzzer
> +
> +3. run the fuzzer with AFL:
> +   $ $AFLPATH/afl-fuzz -m none -t 1000 -i testcase_dir -o findings_dir -- \
> +     ./afl-x86-insn-emulator-fuzzer @@
> +
> +Please see AFL documentation for more information.

Having just debugged this README  (I totally haven't forgotten how to
use AFL, despite all the recent work on it ;p), it is missing the
initial test case.

I previously used a ret instruction as the seed testcase.

$ mkdir testcase_dir
$ echo -n -e '\xc3' > testcase_dir/ret.bin

after which ALF is happy to start running.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.