mirrors/unicorn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fuzz builds ok (#1007)

Browse Source 
* Fuzzing M68K without abort

* UC_MODE_32 is not ok with sparc

use UC_MODE_SPARC32|UC_MODE_BIG_ENDIAN instead

* Temporary removing leaking on start targets

* Do not abort for m68K undef instructions
This commit is contained in:
Catena cyber 2018-09-11 06:49:32 +02:00 committed by Nguyen Anh Quynh
parent 2ab9e83703
commit 12bcf3bea0
6 changed files with 3 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
qemu/target-m68k/translate.c
View File

@ -888,10 +888,7 @@ DISAS_INSN(undef_fpu)
DISAS_INSN(undef)
{
M68kCPU *cpu = m68k_env_get_cpu(env);
gen_exception(s, s->pc - 2, EXCP_UNSUPPORTED);
cpu_abort(CPU(cpu), "Illegal instruction: %04x @ %08x", insn, s->pc - 2);
}
DISAS_INSN(mulw)

56
tests/fuzz/fuzz_emu_arm_thumbbe.c
View File

@ -1,56 +0,0 @@
#include <unicorn/unicorn.h>
// memory address where emulation starts
#define ADDRESS 0x1000000
uc_engine *uc;
int initialized = 0;
FILE * outfile = NULL;
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
uc_err err;
if (initialized == 0) {
if (outfile == NULL) {
// we compute the output
outfile = fopen("/dev/null", "w");
if (outfile == NULL) {
printf("failed opening /dev/null\n");
abort();
return 0;
}
}
initialized = 1;
}
// Not global as we must reset this structure
// Initialize emulator in supplied mode
err = uc_open(UC_ARCH_ARM, UC_MODE_THUMB + UC_MODE_BIG_ENDIAN, &uc);
if (err != UC_ERR_OK) {
printf("Failed on uc_open() with error returned: %u\n", err);
abort();
}
// map 4MB memory for this emulation
uc_mem_map(uc, ADDRESS, 4 * 1024 * 1024, UC_PROT_ALL);
// write machine code to be emulated to memory
if (uc_mem_write(uc, ADDRESS, Data, Size)) {
printf("Failed to write emulation code to memory, quit!\n");
abort();
}
// emulate code in infinite time & 4096 instructions
// avoid timeouts with infinite loops
err=uc_emu_start(uc, ADDRESS, ADDRESS + Size, 0, 0x1000);
if (err) {
fprintf(outfile, "Failed on uc_emu_start() with error returned %u: %s\n", err, uc_strerror(err));
}
uc_close(uc);
return 0;
}

56
tests/fuzz/fuzz_emu_sparc_32.c
View File

@ -1,56 +0,0 @@
#include <unicorn/unicorn.h>
// memory address where emulation starts
#define ADDRESS 0x1000000
uc_engine *uc;
int initialized = 0;
FILE * outfile = NULL;
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
uc_err err;
if (initialized == 0) {
if (outfile == NULL) {
// we compute the output
outfile = fopen("/dev/null", "w");
if (outfile == NULL) {
printf("failed opening /dev/null\n");
abort();
return 0;
}
}
initialized = 1;
}
// Not global as we must reset this structure
// Initialize emulator in supplied mode
err = uc_open(UC_ARCH_SPARC, UC_MODE_32, &uc);
if (err != UC_ERR_OK) {
printf("Failed on uc_open() with error returned: %u\n", err);
abort();
}
// map 4MB memory for this emulation
uc_mem_map(uc, ADDRESS, 4 * 1024 * 1024, UC_PROT_ALL);
// write machine code to be emulated to memory
if (uc_mem_write(uc, ADDRESS, Data, Size)) {
printf("Failed to write emulation code to memory, quit!\n");
abort();
}
// emulate code in infinite time & 4096 instructions
// avoid timeouts with infinite loops
err=uc_emu_start(uc, ADDRESS, ADDRESS + Size, 0, 0x1000);
if (err) {
fprintf(outfile, "Failed on uc_emu_start() with error returned %u: %s\n", err, uc_strerror(err));
}
uc_close(uc);
return 0;
}

56
tests/fuzz/fuzz_emu_sparc_64be.c
View File

@ -1,56 +0,0 @@
#include <unicorn/unicorn.h>
// memory address where emulation starts
#define ADDRESS 0x1000000
uc_engine *uc;
int initialized = 0;
FILE * outfile = NULL;
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
uc_err err;
if (initialized == 0) {
if (outfile == NULL) {
// we compute the output
outfile = fopen("/dev/null", "w");
if (outfile == NULL) {
printf("failed opening /dev/null\n");
abort();
return 0;
}
}
initialized = 1;
}
// Not global as we must reset this structure
// Initialize emulator in supplied mode
err = uc_open(UC_ARCH_SPARC, UC_MODE_SPARC64|UC_MODE_BIG_ENDIAN, &uc);
if (err != UC_ERR_OK) {
printf("Failed on uc_open() with error returned: %u\n", err);
abort();
}
// map 4MB memory for this emulation
uc_mem_map(uc, ADDRESS, 4 * 1024 * 1024, UC_PROT_ALL);
// write machine code to be emulated to memory
if (uc_mem_write(uc, ADDRESS, Data, Size)) {
printf("Failed to write emulation code to memory, quit!\n");
abort();
}
// emulate code in infinite time & 4096 instructions
// avoid timeouts with infinite loops
err=uc_emu_start(uc, ADDRESS, ADDRESS + Size, 0, 0x1000);
if (err) {
fprintf(outfile, "Failed on uc_emu_start() with error returned %u: %s\n", err, uc_strerror(err));
}
uc_close(uc);
return 0;
}

5
tests/fuzz/gentargets.sh
View File

@ -4,9 +4,8 @@
sed 's/UC_MODE_32/UC_MODE_64/' fuzz_emu_x86_32.c > fuzz_emu_x86_64.c
sed 's/UC_MODE_32/UC_MODE_16/' fuzz_emu_x86_32.c > fuzz_emu_x86_16.c
sed 's/UC_ARCH_X86/UC_ARCH_SPARC/' fuzz_emu_x86_32.c > fuzz_emu_sparc_32.c
sed 's/UC_ARCH_X86/UC_ARCH_SPARC/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_SPARC32|UC_MODE_BIG_ENDIAN/' > fuzz_emu_sparc_32be.c
sed 's/UC_ARCH_X86/UC_ARCH_SPARC/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_SPARC64|UC_MODE_BIG_ENDIAN/' > fuzz_emu_sparc_64be.c
#sed 's/UC_ARCH_X86/UC_ARCH_SPARC/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_SPARC64|UC_MODE_BIG_ENDIAN/' > fuzz_emu_sparc_64be.c
sed 's/UC_ARCH_X86/UC_ARCH_M68K/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_BIG_ENDIAN/' > fuzz_emu_m68k_be.c
@ -19,4 +18,4 @@ sed 's/UC_ARCH_X86/UC_ARCH_ARM64/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE
sed 's/UC_ARCH_X86/UC_ARCH_ARM/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_ARM/' > fuzz_emu_arm_arm.c
sed 's/UC_ARCH_X86/UC_ARCH_ARM/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_THUMB/' > fuzz_emu_arm_thumb.c
sed 's/UC_ARCH_X86/UC_ARCH_ARM/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_ARM + UC_MODE_BIG_ENDIAN/' > fuzz_emu_arm_armbe.c
sed 's/UC_ARCH_X86/UC_ARCH_ARM/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_THUMB + UC_MODE_BIG_ENDIAN/' > fuzz_emu_arm_thumbbe.c
#sed 's/UC_ARCH_X86/UC_ARCH_ARM/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_THUMB + UC_MODE_BIG_ENDIAN/' > fuzz_emu_arm_thumbbe.c

2
tests/regress/memleak_sparc.c
View File

@ -55,7 +55,7 @@ static void test_sparc(void)
printf("Emulate SPARC code\n");
// Initialize emulator in Sparc mode
err = uc_open(UC_ARCH_SPARC, UC_MODE_32, &uc);
err = uc_open(UC_ARCH_SPARC, UC_MODE_SPARC32|UC_MODE_BIG_ENDIAN, &uc);
if (err) {
printf("Failed on uc_open() with error returned: %u (%s)\n",
err, uc_strerror(err));