mirror of
https://github.com/netdata/libbpf.git
synced 2026-03-26 11:19:06 +08:00
ea10235072
Fixes
```
./out/bpf-object-fuzzer: Running 1 inputs 1 time(s) each.
Running: CORPUS/036ff286c13e4590646c7ef59435ec642432da8e
elf_begin.c:232:20: runtime error: member access within misaligned address 0x000001655e71 for type 'Elf64_Shdr', which requires 8 byte alignment
0x000001655e71: note: pointer points here
00 00 00 7f 45 4c 46 02 02 01 00 00 00 07 fb 00 1d 00 00 6c 69 63 65 42 fb 00 41 00 57 03 00 20
^
#0 0x574d51 in get_shnum /home/libbpf/elfutils/libelf/elf_begin.c:232:20
#1 0x574d51 in file_read_elf /home/libbpf/elfutils/libelf/elf_begin.c:296:19
#2 0x569c2c in __libelf_read_mmaped_file /home/libbpf/elfutils/libelf/elf_begin.c:559:14
#3 0x58e812 in elf_memory /home/libbpf/elfutils/libelf/elf_memory.c:49:10
#4 0x4905b4 in bpf_object__elf_init /home/libbpf/src/libbpf.c:1255:9
#5 0x4905b4 in bpf_object_open /home/libbpf/src/libbpf.c:7104:8
#6 0x49144e in bpf_object__open_mem /home/libbpf/src/libbpf.c:7171:20
#7 0x483018 in LLVMFuzzerTestOneInput /home/libbpf/fuzz/bpf-object-fuzzer.c:16:8
#8 0x439389 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/libbpf/out/bpf-object-fuzzer+0x439389)
#9 0x419e2f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/libbpf/out/bpf-object-fuzzer+0x419e2f)
#10 0x421aee in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/libbpf/out/bpf-object-fuzzer+0x421aee)
#11 0x410f96 in main (/home/libbpf/out/bpf-object-fuzzer+0x410f96)
#12 0x7f153e21255f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f)
#13 0x7f153e21260b in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2d60b)
#14 0x410fe4 in _start (/home/libbpf/out/bpf-object-fuzzer+0x410fe4)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior elf_begin.c:232:20 in
```
and
```
./out/bpf-object-fuzzer: Running 1 inputs 1 time(s) each.
Running: CORPUS/446b578d82c47fe177de6fd675f4cb6bae8d1ea9
elf_begin.c:485:40: runtime error: addition of unsigned offset to 0x000002277e70 overflowed to 0x0000021d7e6f
#0 0x5748f1 in file_read_elf /home/libbpf/elfutils/libelf/elf_begin.c:485:40
#1 0x569c2c in __libelf_read_mmaped_file /home/libbpf/elfutils/libelf/elf_begin.c:559:14
#2 0x58e812 in elf_memory /home/libbpf/elfutils/libelf/elf_memory.c:49:10
#3 0x4905b4 in bpf_object__elf_init /home/libbpf/src/libbpf.c:1255:9
#4 0x4905b4 in bpf_object_open /home/libbpf/src/libbpf.c:7104:8
#5 0x49144e in bpf_object__open_mem /home/libbpf/src/libbpf.c:7171:20
#6 0x483018 in LLVMFuzzerTestOneInput /home/libbpf/fuzz/bpf-object-fuzzer.c:16:8
#7 0x439389 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/libbpf/out/bpf-object-fuzzer+0x439389)
#8 0x419e2f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/libbpf/out/bpf-object-fuzzer+0x419e2f)
#9 0x421aee in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/libbpf/out/bpf-object-fuzzer+0x421aee)
#10 0x410f96 in main (/home/libbpf/out/bpf-object-fuzzer+0x410f96)
#11 0x7f753e38255f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f)
#12 0x7f753e38260b in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2d60b)
#13 0x410fe4 in _start (/home/libbpf/out/bpf-object-fuzzer+0x410fe4)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior elf_begin.c:485:40 in
```
64 lines
2.3 KiB
Bash
Executable File
64 lines
2.3 KiB
Bash
Executable File
#!/bin/bash
|
|
set -eux
|
|
|
|
SANITIZER=${SANITIZER:-address}
|
|
flags="-O1 -fno-omit-frame-pointer -g -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize=fuzzer-no-link"
|
|
|
|
export CC=${CC:-clang}
|
|
export CFLAGS=${CFLAGS:-$flags}
|
|
|
|
export CXX=${CXX:-clang++}
|
|
export CXXFLAGS=${CXXFLAGS:-$flags}
|
|
|
|
cd "$(dirname -- "$0")/.."
|
|
|
|
export OUT=${OUT:-"$(pwd)/out"}
|
|
mkdir -p "$OUT"
|
|
|
|
export LIB_FUZZING_ENGINE=${LIB_FUZZING_ENGINE:--fsanitize=fuzzer}
|
|
|
|
# Ideally libbelf should be built using release tarballs available
|
|
# at https://sourceware.org/elfutils/ftp/. Unfortunately sometimes they
|
|
# fail to compile (for example, elfutils-0.185 fails to compile with LDFLAGS enabled
|
|
# due to https://bugs.gentoo.org/794601) so let's just point the script to
|
|
# commits referring to versions of libelf that actually can be built
|
|
rm -rf elfutils
|
|
git clone git://sourceware.org/git/elfutils.git
|
|
(
|
|
cd elfutils
|
|
git checkout 83251d4091241acddbdcf16f814e3bc6ef3df49a
|
|
git log --oneline -1
|
|
|
|
# ASan isn't compatible with -Wl,--no-undefined: https://github.com/google/sanitizers/issues/380
|
|
find -name Makefile.am | xargs sed -i 's/,--no-undefined//'
|
|
|
|
# ASan isn't compatible with -Wl,-z,defs either:
|
|
# https://clang.llvm.org/docs/AddressSanitizer.html#usage
|
|
sed -i 's/^\(ZDEFS_LDFLAGS=\).*/\1/' configure.ac
|
|
|
|
if [[ "$SANITIZER" == undefined ]]; then
|
|
# That's basicaly what --enable-sanitize-undefined does to turn off unaligned access
|
|
# elfutils heavily relies on on i386/x86_64 but without changing compiler flags along the way
|
|
sed -i 's/\(check_undefined_val\)=[0-9]/\1=1/' configure.ac
|
|
fi
|
|
|
|
autoreconf -i -f
|
|
if ! ./configure --enable-maintainer-mode --disable-debuginfod --disable-libdebuginfod \
|
|
CC="$CC" CFLAGS="-Wno-error $CFLAGS" CXX="$CXX" CXXFLAGS="-Wno-error $CXXFLAGS" LDFLAGS="$CFLAGS"; then
|
|
cat config.log
|
|
exit 1
|
|
fi
|
|
|
|
make -C config -j$(nproc) V=1
|
|
make -C lib -j$(nproc) V=1
|
|
make -C libelf -j$(nproc) V=1
|
|
)
|
|
|
|
make -C src BUILD_STATIC_ONLY=y V=1 clean
|
|
make -C src -j$(nproc) CFLAGS="-I$(pwd)/elfutils/libelf $CFLAGS" BUILD_STATIC_ONLY=y V=1
|
|
|
|
$CC $CFLAGS -Isrc -Iinclude -Iinclude/uapi -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -c fuzz/bpf-object-fuzzer.c -o bpf-object-fuzzer.o
|
|
$CXX $CXXFLAGS $LIB_FUZZING_ENGINE bpf-object-fuzzer.o src/libbpf.a "$(pwd)/elfutils/libelf/libelf.a" -l:libz.a -o "$OUT/bpf-object-fuzzer"
|
|
|
|
cp fuzz/bpf-object-fuzzer_seed_corpus.zip "$OUT"
|