search

google / honggfuzz

Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
https://honggfuzz.dev
Apache License 2.0
3.04k stars 511 forks source link

Linker error during Qemu mode build #328

Closed minium closed 4 years ago

minium commented 4 years ago

Hey all,

I've tried to build Honggfuzz with Qemu mode but I'm running into an issue at link-time. I'm running on:

Linux kali 5.5.0-kali2-amd64 #1 SMP Debian 5.5.17-1kali1 (2020-04-21) x86_64 GNU/Linux

This is the configuration:

=== Cloning custom QEMU version ===
Cloning into 'honggfuzz-qemu'...
remote: Enumerating objects: 7068, done.
remote: Counting objects: 100% (7068/7068), done.
remote: Compressing objects: 100% (6376/6376), done.
remote: Total 7068 (delta 1052), reused 2267 (delta 548), pack-reused 0
Receiving objects: 100% (7068/7068), 28.52 MiB | 2.54 MiB/s, done.
Resolving deltas: 100% (1052/1052), done.
=== Configuring QEMU for "i386-linux-user x86_64-linux-user" ===
Install prefix    /usr/local
BIOS directory    /usr/local/share/qemu
firmware path     /usr/local/share/qemu-firmware
binary directory  /usr/local/bin
library directory /usr/local/lib
module directory  /usr/local/lib/qemu
libexec directory /usr/local/libexec
include directory /usr/local/include
config directory  /usr/local/etc
local state directory   /usr/local/var
Manual directory  /usr/local/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path       /root/Desktop/Tools/Misc/Honggfuzz/src/qemu_mode/honggfuzz-qemu
GIT binary        git
GIT submodules    ui/keycodemapdb tests/fp/berkeley-testfloat-3 tests/fp/berkeley-softfloat-3 dtc slirp
C compiler        cc
Host C compiler   cc
C++ compiler      c++
Objective-C compiler clang
ARFLAGS           rv
CFLAGS            -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g
QEMU_CFLAGS       -I/usr/include/pixman-1 -I$(SRC_PATH)/dtc/libfdt -Werror  -pthread -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -fPIE -DPIE -m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99  -Wexpansion-to-defined -Wendif-labels -Wno-shift-negative-value -Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-declaration -Wold-style-definition -Wtype-limits -fstack-protector-strong -I/usr/include/capstone
LDFLAGS           -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g
QEMU_LDFLAGS      -L$(BUILD_DIR)/dtc/libfdt
make              make
install           install
python            python3 -B (3.8.2)
slirp support     git
smbd              /usr/sbin/smbd
module support    no
host CPU          x86_64
host big endian   no
target list       i386-linux-user x86_64-linux-user
gprof enabled     no
sparse enabled    no
strip binaries    yes
profiler          no
static build      no
SDL support       no
SDL image support no
GTK support       no
GTK GL support    no
VTE support       no
TLS priority      NORMAL
GNUTLS support    no
libgcrypt         no
nettle            no
libtasn1          no
PAM               no
iconv support     yes
curses support    yes
virgl support     no
curl support      no
mingw32 support   no
Audio drivers      oss
Block whitelist (rw)
Block whitelist (ro)
VirtFS support
Multipath support
VNC support       yes
VNC SASL support  no
VNC JPEG support  no
VNC PNG support   no
xen support       no
brlapi support    no
bluez  support    no
Documentation     no
PIE               yes
vde support       no
netmap support    no
Linux AIO support no
ATTR/XATTR support yes
Install blobs     yes
KVM support       yes
HAX support       no
HVF support       no
WHPX support      no
TCG support       yes
TCG debug enabled no
TCG interpreter   no
malloc trim support yes
RDMA support      no
PVRDMA support    no
fdt support       git
membarrier        no
preadv support    yes
fdatasync         yes
madvise           yes
posix_madvise     yes
posix_memalign    yes
libcap-ng support no
vhost-net support yes
vhost-crypto support yes
vhost-scsi support yes
vhost-vsock support yes
vhost-user support yes
Trace backends    log
spice support     no
rbd support       no
xfsctl support    no
smartcard support no
libusb            no
usb net redir     no
OpenGL support    no
OpenGL dmabufs    no
libiscsi support  no
libnfs support    no
build guest agent yes
QGA VSS support   no
QGA w32 disk info no
QGA MSI support   no
seccomp support   no
coroutine backend ucontext
coroutine pool    yes
debug stack usage no
mutex debugging   no
crypto afalg      no
GlusterFS support no
gcov              gcov
gcov enabled      no
TPM support       yes
libssh support    no
QOM debugging     yes
Live block migration yes
lzo support       no
snappy support    no
bzip2 support     no
lzfse support     no
NUMA host support no
libxml2           no
tcmalloc support  no
jemalloc support  no
avx2 optimization yes
replication support yes
VxHS block device no
bochs support     yes
cloop support     yes
dmg support       yes
qcow v1 support   yes
vdi support       yes
vvfat support     yes
qed support       yes
parallels support yes
sheepdog support  yes
capstone          system
docker            yes
libpmem support   no
libudev           no
default devices   yes

NOTE: cross-compilers enabled:  'cc'

Run "cd honggfuzz-qemu/ && make".
Targets: "honggfuzz-qemu/*-linux-user/qemu-*".

And the truncated output of the compilation process:

# cd honggfuzz-qemu/ && make
  GEN     config-all-devices.mak
  GEN     config-host.h
[...]
  LINK    i386-linux-user/qemu-i386
/usr/bin/ld: /root/Desktop/Tools/Misc/Honggfuzz/src/qemu_mode/..//libhfuzz/libhfuzz.a(instrument.o): in function `initializeInstrument':
instrument.c:(.text+0x2769): undefined reference to `dlsym'
/usr/bin/ld: instrument.c:(.text+0x28f1): undefined reference to `dlerror'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:212: qemu-i386] Error 1
make: *** [Makefile:472: i386-linux-user/all] Error 2

As you can see above, the linker that cannot find the dlsym and dlerror symbols inside the statically linked lbhfuzz. Is there a known solution to this?

minium commented 4 years ago

It appears that -ldl is missing in the linker flags. Any chance we can address this?

A temporary fix is to run the configuration as follows:

LIBS=-ldl ./configure --honggfuzz-path="<hongfuzz-src-path>" --disable-system --target-list="i386-linux-user x86_64-linux-user"
robertswiecki commented 4 years ago

This should be fixed in this project https://github.com/thebabush/honggfuzz-qemu IMO.

@thebabush could you help with this?

robertswiecki commented 4 years ago

Ah.. you want to update local Makefile? I guess it's doable purely in honggfuzz, lemme try.

robertswiecki commented 4 years ago

Should be fixed now with a299f3f17074663c0dffba029b2171a0c09d4dee

thebabush commented 4 years ago

:/ wierd, want me to update my repo?

robertswiecki commented 4 years ago

Nah, I think specifying LIBS during ./configure is fine.