Closed DanAlbert closed 5 years ago
Hi, is there any followup on this ? I am currently trying to cross compile fuzzing using ndk_r17 but without success.
This works out of the box with no NDK changes needed.
Android.mk:
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE := foo
LOCAL_SRC_FILES := foo.cpp
LOCAL_CPPFLAGS := -fsanitize=address,fuzzer
LOCAL_LDFLAGS := -fsanitize=address,fuzzer
include $(BUILD_EXECUTABLE)
foo.cpp:
#include <stdint.h>
#include <stdlib.h>
void bad_api(const uint8_t*, size_t) {
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
bad_api(data, size);
return 0;
}
Run:
$ adb shell LD_LIBRARY_PATH=/data/local/tmp /data/local/tmp/foo
INFO: Seed: 4241960551
INFO: Loaded 1 modules (2 inline 8-bit counters): 2 [0xb3aba078, 0xb3aba07a),
INFO: Loaded 1 PC tables (2 PCs): 2 [0xb3aba07c,0xb3aba08c),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
#2 INITED cov: 1 ft: 1 corp: 1/1b exec/s: 0 rss: 24Mb
...
worth adding that as an NDK test so we don't accidentally regress it like we did tsan?
I wasn't sure how to usefully add a device test since I think these just run forever until they crash, but I suppose a build test would be useful.
Libfuzzer has command line flags to limit the number of runs: https://llvm.org/docs/LibFuzzer.html#options
On Wed, Sep 18, 2019 at 10:06 PM Dan Albert notifications@github.com wrote:
Reopened #653 https://github.com/android/ndk/issues/653.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/android/ndk/issues/653?email_source=notifications&email_token=AADG4ST5LYPQQCGWNGQAV2DQKMCGRA5CNFSM4EVNKFCKYY3PNVWWK3TUL52HS4DFWZEXG43VMVCXMZLOORHG65DJMZUWGYLUNFXW5KTDN5WW2ZLOORPWSZGOTWYWLPQ#event-2645648830, or mute the thread https://github.com/notifications/unsubscribe-auth/AADG4SUKNU7WS2U27UMDHW3QKMCGRANCNFSM4EVNKFCA .
@DanAlbert when running your above sample build, I get the following error. I am using ndk r20, any ideas?
/home/user/.android/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin/../lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld: error: cannot open /home/user/.android/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/8.0.7/lib/linux/libclang_rt.fuzzer-arm-android.a: No such file or directory
Edit: confirmed working with ndk-r21 (unreleased) built from source.
@tick-rick: Yeah, it looks like we didn't ship that library in r20, but do in r21.
@stephenhines just in case that was an accident and there's some reason we shouldn't be shipping this.
@DanAlbert Is this because they switched the compiler but it's still using the other version flags? I see an "8.0.7" in the middle of that file path. I don't have the time to check this today, but wanted to respond quickly in case that's all that is wrong here.
TLDR: This is WAI.
Upstream changed how the libfuzzer
runtime is named. Previously, it used to be just libfuzzer.a
and so for Android, we created arch-specific variants, like, lib64/clang/<version>/lib/linux/arm/libfuzzer.a
. Recently upstream also packages a libclang_rt.fuzzer-<arch>.a
and the driver will use that name during linking. I guess for r20
, we had the driver change but did not package the new archives..
Okay, so nothing to worry about for r21 then. The regression test has been submitted (and the logic for packaging the sanitizers as a result of the fuzzer improved), so closing.
Hi,
I am trying to build the file mentioned by @DanAlbert using ndk-r21d(21.3.6528147). I encountered the following errors.
Can someone please help? Thanks.
$ ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk
....
....
/media/storage/android-ndk-r21d/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/9.0.8/lib/linux/libclang_rt.fuzzer-aarch64-android.a(FuzzerSHA1.cpp.o): In function `widen':
/toolchain/prebuilts/ndk/r20/sources/cxx-stl/llvm-libc++/include/ios:759: undefined reference to `std::__ndk1::locale::~locale()'
/media/storage/android-ndk-r21d/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/9.0.8/lib/linux/libclang_rt.fuzzer-aarch64-android.a(FuzzerSHA1.cpp.o): In function `setstate':
/toolchain/prebuilts/ndk/r20/sources/cxx-stl/llvm-libc++/include/ios:529: undefined reference to `std::__ndk1::ios_base::clear(unsigned int)'
/media/storage/android-ndk-r21d/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/9.0.8/lib/linux/libclang_rt.fuzzer-aarch64-android.a(FuzzerSHA1.cpp.o): In function `~sentry':
/toolchain/prebuilts/ndk/r20/sources/cxx-stl/llvm-libc++/include/ostream:275: undefined reference to `std::uncaught_exception()'
/media/storage/android-ndk-r21d/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/9.0.8/lib/linux/libclang_rt.fuzzer-aarch64-android.a(FuzzerSHA1.cpp.o): In function `setstate':
/toolchain/prebuilts/ndk/r20/sources/cxx-stl/llvm-libc++/include/ios:529: undefined reference to `std::__ndk1::ios_base::clear(unsigned int)'
clang++: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [/media/storage/android-ndk-r21d/build/core/build-binary.mk:738: obj/local/arm64-v8a/foo] Error 1
APP_STL=c++_shared
(or static, if that's a better fit for you).
Thanks a lot. :smile:
Something for the longer term roadmap, but adding libfuzzer and
BUILD_FUZZ_TEST
as we did for the platform might be helpful to some folks.