From 2218beb040bb9a921d000181302461e52d51a54b Mon Sep 17 00:00:00 2001 From: Gerardo Di Giacomo Date: Thu, 15 Feb 2024 08:35:14 -0800 Subject: [PATCH] [fuzzing] fixes oss-fuzz FP and fuzz.sh (#12030) * [fuzzing] fixes oss-fuzz FP and fuzz.sh --- testsuite/fuzzer/fuzz.sh | 38 ++++--------------- .../move/aptosvm_publish_and_run.rs | 3 +- 2 files changed, 10 insertions(+), 31 deletions(-) diff --git a/testsuite/fuzzer/fuzz.sh b/testsuite/fuzzer/fuzz.sh index dd3e0452bb286..bc4181541a95b 100755 --- a/testsuite/fuzzer/fuzz.sh +++ b/testsuite/fuzzer/fuzz.sh @@ -22,7 +22,7 @@ function cargo_fuzz() { if [ -z "$1" ]; then error "error using cargo()" fi - cargo_fuzz_cmd="cargo "+$NIGHTLY_VERSION-x86_64-unknown-linux-gnu" fuzz $1" + cargo_fuzz_cmd="cargo "+$NIGHTLY_VERSION" fuzz $1" shift $cargo_fuzz_cmd $EXTRAFLAGS $@ } @@ -122,22 +122,19 @@ function build-oss-fuzz() { # use rust-gdb to debug a fuzz target with a testcase function debug() { - if [ -z "$1" ]; then + if [ -z "$2" ]; then usage debug fi fuzz_target=$1 testcase=$2 - if [ -z "$testcase" ]; then - error "No testcase provided" - fi if [ ! -f "$testcase" ]; then error "$testcase does not exist" fi info "Debugging $fuzz_target with $testcase" # find the binary - binary=$(find ./target -name $fuzz_target -type f -executable) + binary=$(find ./target -name $fuzz_target -type f -perm /111) if [ -z "$binary" ]; then - error "Could not find binary for $fuzz_target" + error "Could not find binary for $fuzz_target. Run `./fuzz.sh build $fuzz_target` first" fi # run the binary with rust-gdb export LSAN_OPTIONS=verbosity=1:log_threads=1 @@ -147,22 +144,19 @@ function debug() { # use cargo-flamegraph to generate a flamegraph for a fuzz target with a testcase function flamegraph() { - if [ -z "$1" ]; then + if [ -z "$2" ]; then usage flamegraph fi fuzz_target=$1 testcase=$2 - if [ -z "$testcase" ]; then - error "No testcase provided" - fi if [ ! -f "$testcase" ]; then error "$testcase does not exist" fi info "Generating flamegraph for $fuzz_target with $testcase" # find the binary - binary=$(find ./target -name $fuzz_target -type f -executable) + binary=$(find ./target -name $fuzz_target -type f -perm /111) if [ -z "$binary" ]; then - error "Could not find binary for $fuzz_target" + error "Could not find binary for $fuzz_target. Run `./fuzz.sh build $fuzz_target` first" fi # run the binary with cargo-flamegraph time=$(date +%s) @@ -215,23 +209,7 @@ function add() { echo "path = \"$fuzz_target_path\"" echo "test = false" echo "doc = false" - } >> $fuzz_path/Cargo.toml - info "Fuzzing target '$fuzz_target' added successfully at $fuzz_target_path." - else - error "Failed to create directory or file for fuzzing target." - fi - - mkdir -p fuzz/fuzz_targets/$(dirname $fuzz_target_path) && touch fuzz/fuzz_targets/$fuzz_target_path - - if [ $? -eq 0 ]; then - { - echo "" - echo "[[bin]]" - echo "name = \"$fuzz_target\"" - echo "path = \"$fuzz_target_path\"" - echo "test = false" - echo "doc = false" - } >> $fuzz_path/Cargo.toml + } >> fuzz/Cargo.toml info "Fuzzing target '$fuzz_target' added successfully at $fuzz_target_path." else error "Failed to create directory or file for fuzzing target." diff --git a/testsuite/fuzzer/fuzz/fuzz_targets/move/aptosvm_publish_and_run.rs b/testsuite/fuzzer/fuzz/fuzz_targets/move/aptosvm_publish_and_run.rs index c6324263328f4..0b52df4d2db67 100644 --- a/testsuite/fuzzer/fuzz/fuzz_targets/move/aptosvm_publish_and_run.rs +++ b/testsuite/fuzzer/fuzz/fuzz_targets/move/aptosvm_publish_and_run.rs @@ -265,7 +265,8 @@ fn run_case(mut input: RunnableState) -> Result<(), Corpus> { tdbg!("publishing"); for module in group.iter() { let mut b = vec![]; - module.serialize(&mut b).map_err(|_| Corpus::Keep)?; + module.serialize(&mut b).map_err(|_| Corpus::Reject)?; + CompiledModule::deserialize(&b).map_err(|_| Corpus::Reject)?; vm.add_module(&module.self_id(), b); } tdbg!("published");