Hu Chunming / sip_server

Blame view

3rdparty/boost_1_81_0/libs/json/fuzzing/fuzz.sh 2.73 KB
Edit Raw Normal View History
73ef4ff3   Hu Chunming   提交三方库 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
  #!/bin/sh
  #
  # builds the fuzzers, runs old crashes etc
  #
  # Optional: set environment variable CLANG, otherwise clang is auto detected.
  #
  # By Paul Dreik 2019-2020 for the boost json project
  # License: Boost 1.0
  
  set -e
  
  fuzzdir=$(dirname $0)
  me=$(basename $0)
  
  cd $fuzzdir
  
  if [ -z $CLANG ] ; then
      #see if we can find clang
      for clangver in -10 -9 -8 -7 -6 -6.0 "" ;   do
  	CLANG=clang++$clangver
  	if which $CLANG >/dev/null; then
  	    break
  	fi
      done
  fi
  
  if ! which $CLANG >/dev/null; then
      if ! -x $CLANG; then
  	echo $me: sorry, could not find clang $CLANG
  	exit 1
      fi
  fi
  echo "$me: will use this compiler: $CLANG"
  
  # set the maximum size of the input, to avoid
  # big inputs which blow up the corpus size
  MAXLEN="-max_len=4000"
  
  # If doing fuzzing locally (not in CI), adjust this to utilize more
  # of your cpu.
  #JOBS="-jobs=32"
  JOBS=
  
  # set a timelimit (you may want to adjust this if you run locally)
  MAXTIME="-max_total_time=30"
  
  variants="basic_parser parse parser"
  
  for variant in $variants; do
  
  srcfile=fuzz_$variant.cpp
  fuzzer=./fuzzer_$variant
  
  if [ ! -e $fuzzer -o $srcfile -nt $fuzzer ] ; then
      # explicitly set BOOST_JSON_STACK_BUFFER_SIZE small so interesting
      # code paths are taken also for small inputs (see https://github.com/CPPAlliance/json/issues/333)
      $CLANG \
          -std=c++17 \
          -O3 \
          -g \
          -fsanitize=fuzzer,address,undefined \
          -fno-sanitize-recover=undefined \
          -I../include \
          -DBOOST_JSON_STACK_BUFFER_SIZE=64  \
          -o $fuzzer \
          ../src/src.cpp \
          $srcfile
  fi
  
  # make sure ubsan stops in case anything is found
  export UBSAN_OPTIONS="halt_on_error=1"
  
  # make sure the old crashes pass without problems
  if [ -d old_crashes/$variant ]; then
    find old_crashes/$variant -type f -print0 |xargs -0 --no-run-if-empty $fuzzer
  fi
  
  # make an initial corpus from the test data already in the repo
  seedcorpus=seedcorpus/$variant
  if [ ! -d $seedcorpus ] ; then
      mkdir -p $seedcorpus
      find ../test -name "*.json" -type f -print0 |xargs -0 --no-run-if-empty cp -f -t $seedcorpus/
  fi
  
  # if an old corpus exists, use it
  # get it with curl -O --location -J https://bintray.com/pauldreik/boost.json/download_file?file_path=corpus%2Fcorpus.tar
  if [ -e corpus.tar ] ; then
    mkdir -p oldcorpus
    tar xf corpus.tar -C oldcorpus || echo "corpus.tar was broken! ignoring it"
    OLDCORPUS=oldcorpus/cmin/$variant
    # in case the old corpus did not have this variant (when adding/renaming a new fuzzer)
    mkdir -p $OLDCORPUS
  else
    OLDCORPUS=
  fi
  
  
  # run the fuzzer for a short while
  mkdir -p out/$variant
  $fuzzer out/$variant $OLDCORPUS $seedcorpus/ $MAXTIME $MAXLEN $JOBS
  
  # minimize the corpus
  mkdir -p cmin/$variant
  $fuzzer cmin/$variant $OLDCORPUS out/$variant $seedcorpus/ -merge=1 $MAXLEN
  done