ClaudioRizzo
commented
6 years ago Hi, is there any followup on this ? I am currently trying to cross compile fuzzing using ndk_r17 but without success.
Closed DanAlbert closed 5 years ago
ClaudioRizzo
commented
6 years ago Hi, is there any followup on this ? I am currently trying to cross compile fuzzing using ndk_r17 but without success.
DanAlbert
commented
5 years ago This works out of the box with no NDK changes needed.
Android.mk:
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE := foo
LOCAL_SRC_FILES := foo.cpp
LOCAL_CPPFLAGS := -fsanitize=address,fuzzer
LOCAL_LDFLAGS := -fsanitize=address,fuzzer
include $(BUILD_EXECUTABLE)foo.cpp:
#include <stdint.h>
#include <stdlib.h>
void bad_api(const uint8_t*, size_t) {
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
bad_api(data, size);
return 0;
}Run:
$ adb shell LD_LIBRARY_PATH=/data/local/tmp /data/local/tmp/foo
INFO: Seed: 4241960551
INFO: Loaded 1 modules (2 inline 8-bit counters): 2 [0xb3aba078, 0xb3aba07a),
INFO: Loaded 1 PC tables (2 PCs): 2 [0xb3aba07c,0xb3aba08c),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
INFO: A corpus is not provided, starting from an empty corpus
#2 INITED cov: 1 ft: 1 corp: 1/1b exec/s: 0 rss: 24Mb
...
enh-google
commented
5 years ago worth adding that as an NDK test so we don't accidentally regress it like we did tsan?
DanAlbert
commented
5 years ago I wasn't sure how to usefully add a device test since I think these just run forever until they crash, but I suppose a build test would be useful.
eugenis
commented
5 years ago Libfuzzer has command line flags to limit the number of runs: https://llvm.org/docs/LibFuzzer.html#options
On Wed, Sep 18, 2019 at 10:06 PM Dan Albert notifications@github.com wrote:
Reopened #653 https://github.com/android/ndk/issues/653.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/android/ndk/issues/653?email_source=notifications&email_token=AADG4ST5LYPQQCGWNGQAV2DQKMCGRA5CNFSM4EVNKFCKYY3PNVWWK3TUL52HS4DFWZEXG43VMVCXMZLOORHG65DJMZUWGYLUNFXW5KTDN5WW2ZLOORPWSZGOTWYWLPQ#event-2645648830, or mute the thread https://github.com/notifications/unsubscribe-auth/AADG4SUKNU7WS2U27UMDHW3QKMCGRANCNFSM4EVNKFCA .
DanAlbert
commented
5 years ago 
ghost
commented
5 years ago @DanAlbert when running your above sample build, I get the following error. I am using ndk r20, any ideas?
/home/user/.android/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin/../lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld: error: cannot open /home/user/.android/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/8.0.7/lib/linux/libclang_rt.fuzzer-arm-android.a: No such file or directoryEdit: confirmed working with ndk-r21 (unreleased) built from source.
DanAlbert
commented
5 years ago @tick-rick: Yeah, it looks like we didn't ship that library in r20, but do in r21.
@stephenhines just in case that was an accident and there's some reason we shouldn't be shipping this.
stephenhines
commented
5 years ago @DanAlbert Is this because they switched the compiler but it's still using the other version flags? I see an "8.0.7" in the middle of that file path. I don't have the time to check this today, but wanted to respond quickly in case that's all that is wrong here.
pirama-arumuga-nainar
commented
5 years ago TLDR: This is WAI.
Upstream changed how the libfuzzer runtime is named. Previously, it used to be just libfuzzer.a and so for Android, we created arch-specific variants, like, lib64/clang/<version>/lib/linux/arm/libfuzzer.a. Recently upstream also packages a libclang_rt.fuzzer-<arch>.a and the driver will use that name during linking. I guess for r20, we had the driver change but did not package the new archives..
DanAlbert
commented
5 years ago Okay, so nothing to worry about for r21 then. The regression test has been submitted (and the logic for packaging the sanitizers as a result of the fuzzer improved), so closing.
faizal3199
commented
4 years ago Hi,
I am trying to build the file mentioned by @DanAlbert using ndk-r21d(21.3.6528147). I encountered the following errors.
Can someone please help? Thanks.
$ ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./Android.mk
....
....
/media/storage/android-ndk-r21d/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/9.0.8/lib/linux/libclang_rt.fuzzer-aarch64-android.a(FuzzerSHA1.cpp.o): In function `widen':
/toolchain/prebuilts/ndk/r20/sources/cxx-stl/llvm-libc++/include/ios:759: undefined reference to `std::__ndk1::locale::~locale()'
/media/storage/android-ndk-r21d/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/9.0.8/lib/linux/libclang_rt.fuzzer-aarch64-android.a(FuzzerSHA1.cpp.o): In function `setstate':
/toolchain/prebuilts/ndk/r20/sources/cxx-stl/llvm-libc++/include/ios:529: undefined reference to `std::__ndk1::ios_base::clear(unsigned int)'
/media/storage/android-ndk-r21d/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/9.0.8/lib/linux/libclang_rt.fuzzer-aarch64-android.a(FuzzerSHA1.cpp.o): In function `~sentry':
/toolchain/prebuilts/ndk/r20/sources/cxx-stl/llvm-libc++/include/ostream:275: undefined reference to `std::uncaught_exception()'
/media/storage/android-ndk-r21d/toolchains/llvm/prebuilt/linux-x86_64/lib64/clang/9.0.8/lib/linux/libclang_rt.fuzzer-aarch64-android.a(FuzzerSHA1.cpp.o): In function `setstate':
/toolchain/prebuilts/ndk/r20/sources/cxx-stl/llvm-libc++/include/ios:529: undefined reference to `std::__ndk1::ios_base::clear(unsigned int)'
clang++: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [/media/storage/android-ndk-r21d/build/core/build-binary.mk:738: obj/local/arm64-v8a/foo] Error 1APP_STL=c++_shared (or static, if that's a better fit for you).
faizal3199
commented
4 years ago Thanks a lot. :smile:
Something for the longer term roadmap, but adding libfuzzer and
BUILD_FUZZ_TESTas we did for the platform might be helpful to some folks.