yfchoco-cs412-fuzzing-lab/Makefile at main · yfchoco208/yfchoco-cs412-fuzzing-lab · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

# Fuzzing libpng with AFL++ + ASan and QEMU (and AFL++ + NO ASan)

AFL_CC = afl-clang-fast
AFL_CXX = afl-clang-fast++
QEMU_CC = gcc

MIN_CC = afl-cmin
FUZZ_CC = afl-fuzz

AFL_CFLAGS = -fsanitize=address -g -O1
QEMU_CFLAGS = -g -O1

LDFLAGS = -fsanitize=address
#LIBPNG_DIR = libpng-1.2.56
LIBPNG_DIR = libpng-1.2.53

SRCS = harness.c
SRCS_PER = harness_persistent.c
SRCS_BUG = harness_bug.c

AFL_TARGET = png_fuzz
QEMU_TARGET = png_fuzz_qemu
AFL_PER_TARGET = png_fuzz_persistent
AFL_BUG_TARGET = png_fuzz_bug

#SEEDS_DIR = seeds
SEEDS_DIR = seeds_relevant

AFL_INCDIR = -I$(LIBPNG_DIR)/install/include
AFL_LIBDIR = -L$(LIBPNG_DIR)/install/lib

QEMU_INCDIR = -I$(LIBPNG_DIR)/install_vanilla/include
QEMU_LIBDIR = -L$(LIBPNG_DIR)/install_vanilla/lib

AFL_FUZZ_OUT = findings
QEMU_FUZZ_OUT = findings-qemu
AFL_PER_FUZZ_OUT = findings-per
AFL_FUZZ_BUG_OUT = findings-bug

EXTRAS = -lpng12 -lz -lm

# Fuzzing with AFL++ and NO ASan
AFL_NO_TARGET = png_fuzz_no
AFL_NO_FUZZ_OUT = findings-no
AFL_NO_CFLAGS = -g -O1
AFL_NO_INCDIR = -I$(LIBPNG_DIR)/install_no/include
AFL_NO_LIBDIR = -L$(LIBPNG_DIR)/install_no/lib


# libpng might be a directory so call PHONY
.PHONY: libpng-afl libpng-qemu harness-afl harness-qemu fuzz-afl fuzz-qemu \
harness-afl-per fuzz-afl-per libpng-afl-no harness-afl-no fuzz-afl-no \
harness-afl-bug fuzz-afl-bug clean-test build fuzz clean

# Build libpng as static library with AFL++ and ASan
libpng-afl:
	cd $(LIBPNG_DIR) && make distclean || true
	cd $(LIBPNG_DIR) && rm -rf install
	cd $(LIBPNG_DIR) && \
	CC=$(AFL_CC) CXX=$(AFL_CXX) \
	CFLAGS="$(AFL_CFLAGS)" \
	LDFLAGS="$(LDFLAGS)" \
	./configure --disable-shared --prefix=$$(pwd)/install &&\
	make -j$$(nproc) && make install

libpng-qemu:
	cd $(LIBPNG_DIR) && make distclean || true
	cd $(LIBPNG_DIR) && rm -rf install_vanilla
	cd $(LIBPNG_DIR) && \
	CC=$(QEMU_CC) \
	CFLAGS="$(QEMU_CFLAGS)" \
	./configure --disable-shared --prefix=$$(pwd)/install_vanilla &&\
	make -j$$(nproc) && make install

libpng-afl-no:
	cd $(LIBPNG_DIR) && make distclean || true
	cd $(LIBPNG_DIR) && rm -rf install_no
	cd $(LIBPNG_DIR) && \
	CC=$(AFL_CC) CXX=$(AFL_CXX) \
	CFLAGS="$(AFL_NO_CFLAGS)" \
	./configure --disable-shared --prefix=$$(pwd)/install_no &&\
	make -j$$(nproc) && make install

# Compile harness and start fuzz (& minimize corpus)
harness-afl:
	$(AFL_CC) $(SRCS) $(AFL_INCDIR) $(AFL_LIBDIR) $(EXTRAS) $(AFL_CFLAGS) -o $(AFL_TARGET)

harness-qemu:
	$(QEMU_CC) $(SRCS) $(QEMU_INCDIR) $(QEMU_LIBDIR) $(EXTRAS) $(QEMU_CFLAGS) -o $(QEMU_TARGET)

harness-afl-per:
	$(AFL_CC) $(SRCS_PER) $(AFL_INCDIR) $(AFL_LIBDIR) $(EXTRAS) $(AFL_CFLAGS) -o $(AFL_PER_TARGET)

harness-afl-no:
	$(AFL_CC) $(SRCS) $(AFL_NO_INCDIR) $(AFL_NO_LIBDIR) $(EXTRAS) $(AFL_NO_CFLAGS) -o $(AFL_NO_TARGET)

harness-afl-bug:
	$(AFL_CC) $(SRCS_BUG) $(AFL_INCDIR) $(AFL_LIBDIR) $(EXTRAS) $(AFL_CFLAGS) -o $(AFL_BUG_TARGET)

fuzz-afl:
	$(FUZZ_CC) -i $(SEEDS_DIR) -o $(AFL_FUZZ_OUT) -x png.dict -- ./$(AFL_TARGET) @@

fuzz-qemu:
	$(FUZZ_CC) -Q -i $(SEEDS_DIR) -o $(QEMU_FUZZ_OUT) -x png.dict -- ./$(QEMU_TARGET) @@

fuzz-afl-per:
	$(FUZZ_CC) -i $(SEEDS_DIR) -o $(AFL_PER_FUZZ_OUT) -x png.dict -- ./$(AFL_PER_TARGET)

fuzz-afl-no:
	$(FUZZ_CC) -i $(SEEDS_DIR) -o $(AFL_NO_FUZZ_OUT) -x png.dict -- ./$(AFL_NO_TARGET) @@

fuzz-afl-bug:
	$(FUZZ_CC) -i $(SEEDS_DIR) -o $(AFL_FUZZ_BUG_OUT) -x png.dict -- ./$(AFL_BUG_TARGET) @@

clean:
	rm -f $(AFL_TARGET) $(QEMU_TARGET) $(AFL_PER_TARGET) $(AFL_NO_TARGET) $(AFL_BUG_TARGET)

clean-test:
	rm -rf findings-test findings-qemu-test findings-per-test findings-no-test

# build, run/fuzz, clean required as mentioned in handout
build: libpng-afl harness-afl libpng-qemu harness-qemu harness-afl-per \
libpng-afl-no harness-afl-no harness-afl-bug
fuzz: fuzz-afl