This is the repository for the GSoC 2018 project of "Integrate libFuzzer With the Basesystem".
For more details about what I have done during GSoC 2018, you can refer to these articles:
- GSoC 2018 Reports: Integrate libFuzzer with the Basesystem, Part 1
- GSoC 2018 Reports: Integrate libFuzzer with the Basesystem, Part 2
- GSoC 2018 Reports: Integrate libFuzzer with the Basesystem, Part 3
There are also other repositories/branches which are used during this project and below is a brief introduction for all of them.
This repository is forked from the NetBSD/src. The links for the "Bug(s)" in the following lines are the potential bugs we have found during this project with the help of libFuzzer.
This branch is used for the LLVM porting and the fuzzing of basic libraries in the NetBSD source.
It contains the changes of:
- Porting LLVM (Commit: I)
- Fuzzing regex(3) functions
- Fuzzing checksum functions
- Fuzzing libutil(3)
- Fuzzing bozohttpd(8) (Commits: I, II, III, IV, V, VI; Bug: I)
- Fixing two bugs in top(1) (Commit: I)
- This has been merged by the NetBSD/src (Commits: I, II)
This branch is used for the aggressive implementation of fuzzing userland applications. Here, the word "aggressive" means that these changes may either use tricky mechanisms or need bulk modifications to the original implementations.
It contains the changes of:
- Fuzzing expr(1) (Commits: I, II, III, IV, V, VI, VII; Bugs: I, II)
- Fuzzing sed(1) (Commits: I, II, III)
- Fuzzing sh(1) (Commits: I, II, III, IV, V, VI)
- Fuzzing ping(8) (Commits: I, II, III, IV, V, VI, VII)
This branch provides the source for fuzzing applications with AFL and honggfuzz to make a comparison with the libFuzzer in the evaluation.
It only contains a part of the fuzzed programs, this is because other programs we have evaluated need no modification to work them. Here is what this branch includes:
This branch includes the source of fuzzing ping(8) with honggfuzz without any modification to original implementation. It is implemented with the help of HF_ITER interface provided by the honggfuzz and LD_PRELOAD environment. Here are the commits: I, II, III, IV, V, VI, VII.
Forked from llvm-mirror/llvm. This repository mainly contains the changes to adapt current LLVM source to be statically linkable on NetBSD. There are two main commits: I, II.
Forked from llvm-mirror/compiler-rt. This repository mainly contributes to the porting of sanitizers to the NetBSD by adding interceptors for some interfaces. It includes interceptors for:
- statvfs(2) (Commit: I)
- mount(2) (Commits: I, II)
- fseek(3) (Commit: I)
- cdbr(3) (Commit: I)
- rmd160(3) (Commit: I)
- sha2(3) (Commit: I)
- getchar(3) (Commit: I)
- setvbuf(3) (Commit: I)
- mi_vector_hash(3) (Commit: I)
- Some other 24 commits.
This repository is forked from NetBSD/pkgsrc-wip. The main changes are two:
- Some scripts to work with libFuzzer, AFL and honggfuzz (link)
- Scripts for fuzzing applications with AFL and honggfuzz: expr(1), file(1), ping(8), sed(1), sh(1) and some common lines
- Script to build the whole NetBSD environment (inlcuding the LLVM tools): link
- Scripts to build single application/library under the NetBSD source tree
- Script to build microbenchmarks with different fuzzers
- Scripts to fuzz applications with libFuzzer: expr(1), ping(8), sed(1), sh(1) and some common lines
- Scripts to fuzz applications with Radamsa: expr(1), file(1), sed(1), sh(1)
- Newly added honggfuzz package (link). This package has been merged (link). There are also some changes which have been merged by the google/honggfuzz to adapt honggfuzz to the NetBSD environment: in this pull request.