Skip to content

Latest commit

 

History

History

lua

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 
luaL_addgsub_test-afl++.toml
luaL_addgsub_test-afl++.toml
 
 
luaL_addgsub_test-lf.toml
luaL_addgsub_test-lf.toml
 
 
luaL_buffaddr_test-afl++.toml
luaL_buffaddr_test-afl++.toml
 
 
luaL_buffaddr_test-lf.toml
luaL_buffaddr_test-lf.toml
 
 
luaL_bufflen_test-afl++.toml
luaL_bufflen_test-afl++.toml
 
 
luaL_bufflen_test-lf.toml
luaL_bufflen_test-lf.toml
 
 
luaL_buffsub_test-afl++.toml
luaL_buffsub_test-afl++.toml
 
 
luaL_buffsub_test-lf.toml
luaL_buffsub_test-lf.toml
 
 
luaL_dostring_test-afl++.toml
luaL_dostring_test-afl++.toml
 
 
luaL_dostring_test-lf.toml
luaL_dostring_test-lf.toml
 
 
luaL_gsub_test-afl++.toml
luaL_gsub_test-afl++.toml
 
 
luaL_gsub_test-lf.toml
luaL_gsub_test-lf.toml
 
 
luaL_loadbuffer_proto_test-afl++.toml
luaL_loadbuffer_proto_test-afl++.toml
 
 
luaL_loadbuffer_proto_test-lf.toml
luaL_loadbuffer_proto_test-lf.toml
 
 
luaL_loadbuffer_test-afl++.toml
luaL_loadbuffer_test-afl++.toml
 
 
luaL_loadbuffer_test-lf.toml
luaL_loadbuffer_test-lf.toml
 
 
luaL_loadbufferx_test-afl++.toml
luaL_loadbufferx_test-afl++.toml
 
 
luaL_loadbufferx_test-lf.toml
luaL_loadbufferx_test-lf.toml
 
 
luaL_loadstring_test-afl++.toml
luaL_loadstring_test-afl++.toml
 
 
luaL_loadstring_test-lf.toml
luaL_loadstring_test-lf.toml
 
 
luaL_traceback_test-afl++.toml
luaL_traceback_test-afl++.toml
 
 
luaL_traceback_test-lf.toml
luaL_traceback_test-lf.toml
 
 
lua_load_test-afl++.toml
lua_load_test-afl++.toml
 
 
lua_load_test-lf.toml
lua_load_test-lf.toml
 
 
lua_stringtonumber_test-afl++.toml
lua_stringtonumber_test-afl++.toml
 
 
lua_stringtonumber_test-lf.toml
lua_stringtonumber_test-lf.toml
 
 

README.md

Lua

Lua is a powerful, efficient, lightweight, embeddable scripting language. Lua is dynamically typed, runs by interpreting bytecode with a register-based virtual machine, and has automatic memory management with incremental garbage collection, making it ideal for configuration, scripting, and rapid prototyping. Lua is designed, implemented, and maintained by a team at PUC-Rio, the Pontifical Catholic University of Rio de Janeiro in Brazil.

Build Docker

$ sudo docker build -t oss-sydr-fuzz-lua .

Run Hybrid Fuzzing

Unzip Sydr (sydr.zip) in projects/lua directory:

$ unzip sydr.zip

Run docker:

$ sudo docker run --cap-add=SYS_PTRACE  --security-opt seccomp=unconfined -v /etc/localtime:/etc/localtime:ro --rm -it -v $PWD:/fuzz oss-sydr-fuzz-lua /bin/bash

Change directory to /fuzz:

# cd /fuzz

Run hybrid fuzzing:

# sydr-fuzz -c luaL_loadstring.toml run

Corpus minimization (step is required for AFL++):

sydr-fuzz -c luaL_loadstring.toml cmin

Collect and report coverage:

# sydr-fuzz -c luaL_loadstring.toml cov-report

Building HTML report:

$ sydr-fuzz -c luaL_loadstring.toml cov-show -- -format=html > index.html

Hybrid Fuzzing with AFL++

# sydr-fuzz -c luaL_loadstring-afl++.toml run

Alternative Fuzz Targets

Lua project has 13 fuzz targets.

lua_dump

# sydr-fuzz -c lua_dump.toml run

luaL_addgsub

# sydr-fuzz -c luaL_addgsub.toml run

luaL_buffaddr

# sydr-fuzz -c luaL_buffaddr.toml run

luaL_bufflen

# sydr-fuzz -c luaL_bufflen.toml run

luaL_buffsub

# sydr-fuzz -c luaL_buffsub.toml run

luaL_dostring

# sydr-fuzz -c luaL_dostring.toml run

luaL_gsub

# sydr-fuzz -c luaL_gsub.toml run

luaL_loadbuffer

# sydr-fuzz -c luaL_loadbuffer.toml run

luaL_loadbuffer_proto

# sydr-fuzz -c luaL_loadbuffer_proto.toml run

luaL_loadbufferx

# sydr-fuzz -c luaL_loadbufferx.toml run

luaL_loadstring

# sydr-fuzz -c luaL_loadstring.toml run

lua_load

# sydr-fuzz -c lua_load.toml run

luaL_traceback

# sydr-fuzz -c luaL_traceback.toml run

lua_stringtonumber

# sydr-fuzz -c lua_stringtonumber.toml run