Summary of the use of libfuzzer for Fuzz testing

News 2023-06-05 11:48:29 views: null

Summary of the use of libfuzzer for Fuzz testing

background

In the project, in order to test the robustness of the algorithm, fuzz testing is often used for stress testing. Fuzz testing is a fuzz testing method, which essentially traverses different function branches by injecting various mutated random data to expose possible problems in the program.

*

Next, this article takes the libFuzzer tool that comes with LLVM on the Android platform as an example to briefly introduce its usage.

Fundamental

Before learning how to use it, first understand its basic operation principle. In LLVM, first call the initialization interface once LLVMFuzzerInitializeto set parameters, and then repeatedly call the interface LLVMFuzzerTestOneInputto continuously pour in random data of different lengths until the program reaches the maximum operating limit or finds a bug in the middle before interrupting and exiting.

Instructions

required environment

  • computer hardware
    • NDK compilation software, using NDK-R20 and above versions, its clang compiler comes with address sanitization and fuzz test modules
    • adb software, used for joint debugging of computer and mobile phone
  • Android phone (with developer options available)

needed file

  • CPP keynote:
    • xx_fuzz.cc
  • Compile the script:
    • andriod.mk
    • application.mk
  • Algorithm source code to be tested
    • xx.c

basic process

  • The computer uses NDK to compile source files and generate executable files
    • Added in andriod.mk
      • Compile options:LOCAL_CFLAGS += -fsanitize=fuzzer,address -fomit-frame-pointer
      • Link options:LOCAL_LDFLAGS += -fsanitize=fuzzer,address
      • The address option is to open the asan address disinfection function, which can enhance the ability to find bugs
    • Add in application.mk
      • Standard library:APP_STL := c++_shared
      • Because the scheduling code is written in CPP, the STL library is required
    • Open powershell, in the directory where the mk file is located, ndk-buildcompile the executable file through instructions
  • Push to the mobile phone folder through the ADB software push
    • Copy the executable file and dynamic library file (such as: libclang_rt.asan-aarch64-android.soand libc++_shared.so) generated in the previous step
    • Push it into the phone, such as/data/local/tmp/xx_fuzz/
      • Command example:adb push xx.so /data/local/tmp/xx_fuzz/
  • Enter the relevant command through ADB to start the running program on the mobile phone
    • Connect the computer to the Android phone, and the phone enters developer mode
    • Computer command window, input adb shell, enter the mobile phone environment
    • Switch to the directory corresponding to the executable file, enter the following command, and run the program
      • LD_LIBRARY_PATH=./ ./demo_exe -max_len=65535 -len_control=0 -artifact_prefix=./corpus/ -detect_leaks=0 ./corpus
  • Parse the error log
    • According to the error information fed back by the mobile phone environment, such as offset address 0x226534
    • Add the directory where the llvm-symbolizer.exe that comes with ndk is located to the path of the computer environment variable
    • Enter the following commands in the command window to analyze the error-related code context, analyze the algorithm, and fix bugs
      • instruction:llvm-symbolizer -e=demo_exe 0x226534 --print-source-context-lines=3
      • Mode: llvm-symbolizer -e=library name or EXE name error display offset address
  • key steps
    • Turn on the compilation option of the fuzz test and compile successfully
    • LLVMFuzzerInitialize/LLVMFuzzerTestOneInput caller code writing
  • Precautions
    • There is no need to write the main function in the main demo, the main is provided by the libfuzzer framework
    • When the c and cpp codes are jointly compiled, macros are required to distinguish function names

For specific MK file compilation script instructions, see " NDK Compilation Series: Building C/CPP Projects ".

Main tone DEMO

xx_fuzz.ccThe two interface functions in the main call used in the above process , the framework template is as follows:

#include <stddef.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <math.h>

#ifdef __cplusplus
extern "C" {
    
    
#endif

int LLVMFuzzerInitialize(int argc, char **argv)
{
    
    
	// write your code
    return 0;
}

int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
{
    
    
	// write your code
    return 0;
}
    
#ifdef __cplusplus
}
#endif

Further, for specific usage, please refer to: libfuzzer from getting started to giving up .

References

  1. llvm-libfuzzer official introduction
  2. Getting started with libFuzzer - compile and link
  3. LibFuzzer use summary tutorial
  4. libFuzzerLearning
  5. Android NDK Address Sanitizer address sanitization ASAN
  6. aac's fuzzer test project

Guess you like

Origin blog.csdn.net/qq_17256689/article/details/129131306
Recommended
Ranking
2019 JD pen questions - Choir
Grafana installation & basic configuration
How to solve the high gas fee of Filecoin? The official attitude is bright!
Informatization development 59
Date,DateFormat,Calendar,
Introduction to MySQL - Understanding MySQL
win10 conexão de área de trabalho remota ubuntu20 (RDP)
52. Customize generics on methods
Detailed explanation of CAP, ACID, BASE theory and NWR practice strategy
UnknownHostException:XXX:Name or service not know
Daily
More
2024-08-01(0)
2024-07-31(0)
2024-07-30(0)
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)

Code World

© 2018 codetd.com