Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Ensure custom target_options are always passed last to the fuzzer #2952

Merged
merged 5 commits into from
Apr 2, 2023

Conversation

Porges
Copy link
Member

@Porges Porges commented Mar 28, 2023

Fixes #2941.

It is possible for users to supply target_options which could interfere with the normal arguments that we pass. For example -ignore_remaining_args=1 might be used when the user has custom options they need to parse in LLVMFuzzerInitialize.

To prevent these from interfering with our options, change the LibFuzzer code so that custom arguments are always passed last.

This required two additional arguments to the build_std_command function:

  • extra_args supplies any extra arguments needed by the system, for example, when testing the runnability of a fuzzer we pass -help=1. This is needed to be able to insert the argument before any custom args.
  • custom_arg_filter can be supplied to perform any modifications on the custom arguments if needed. Since LibFuzzer arguments are last-one-wins, if we always pass custom args last, when we want to forcibly override the custom arguments we will need to remove them. Currently this is only used to remove any -runs=X arguments that are supplied when we are performing a single-input run.

@codecov-commenter
Copy link

codecov-commenter commented Mar 28, 2023

Codecov Report

Merging #2952 (7ea1475) into main (6933521) will increase coverage by 0.06%.
The diff coverage is 72.72%.

@@            Coverage Diff             @@
##             main    #2952      +/-   ##
==========================================
+ Coverage   29.01%   29.07%   +0.06%     
==========================================
  Files         304      304              
  Lines       36313    36335      +22     
==========================================
+ Hits        10537    10566      +29     
+ Misses      25776    25769       -7     
Impacted Files Coverage Δ
src/agent/onefuzz-agent/src/validations.rs 0.00% <0.00%> (ø)
...c/agent/onefuzz-task/src/tasks/analysis/generic.rs 0.00% <ø> (ø)
...rc/agent/onefuzz-task/src/tasks/coverage/dotnet.rs 0.00% <ø> (ø)
...c/agent/onefuzz-task/src/tasks/coverage/generic.rs 0.00% <ø> (ø)
src/agent/onefuzz-task/src/tasks/fuzz/generator.rs 0.00% <ø> (ø)
...rc/agent/onefuzz-task/src/tasks/fuzz/supervisor.rs 0.00% <ø> (ø)
src/agent/onefuzz-task/src/tasks/merge/generic.rs 0.00% <ø> (ø)
src/agent/onefuzz/src/input_tester.rs 0.00% <ø> (ø)
src/agent/onefuzz/src/libfuzzer.rs 71.73% <73.77%> (+2.16%) ⬆️
src/agent/onefuzz/src/expand.rs 81.59% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@Porges
Copy link
Member Author

Porges commented Mar 28, 2023

Do not merge yet; for some reason this has broken Windows check-pr run.

@Porges Porges requested a review from chkeita March 28, 2023 23:56
@Porges Porges merged commit 8cbf66e into main Apr 2, 2023
@Porges Porges deleted the target-options-last branch April 2, 2023 23:27
This was referenced Apr 5, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

The target option should be the last arguments added to the libfuzzer executable
3 participants