From 3ed159964a34bb73ba484bae95c714449c16b0fc Mon Sep 17 00:00:00 2001 From: tjog <28024277+tjog@users.noreply.github.com> Date: Sat, 3 May 2025 17:15:59 +0200 Subject: [PATCH 1/3] libfuzzer: add standalone test for libfuzzer initialization --- test/standalone/build.zig.zon | 3 +++ test/standalone/libfuzzer/build.zig | 26 ++++++++++++++++++++++++++ test/standalone/libfuzzer/main.zig | 22 ++++++++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 test/standalone/libfuzzer/build.zig create mode 100644 test/standalone/libfuzzer/main.zig diff --git a/test/standalone/build.zig.zon b/test/standalone/build.zig.zon index 44358b37f0..e1829b4878 100644 --- a/test/standalone/build.zig.zon +++ b/test/standalone/build.zig.zon @@ -108,6 +108,9 @@ .libcxx = .{ .path = "libcxx", }, + .libfuzzer = .{ + .path = "libfuzzer", + }, .load_dynamic_library = .{ .path = "load_dynamic_library", }, diff --git a/test/standalone/libfuzzer/build.zig b/test/standalone/libfuzzer/build.zig new file mode 100644 index 0000000000..1260ce6e71 --- /dev/null +++ b/test/standalone/libfuzzer/build.zig @@ -0,0 +1,26 @@ +const std = @import("std"); +const builtin = @import("builtin"); + +pub fn build(b: *std.Build) void { + const target = b.standardTargetOptions(.{}); + const optimize = b.standardOptimizeOption(.{}); + + if (builtin.os.tag == .windows) return; // TODO: libfuzzer support for windows + + const run_step = b.step("run", "Run executables"); + const exe = b.addExecutable(.{ + .name = "main", + .root_module = b.createModule(.{ + .root_source_file = b.path("main.zig"), + .target = target, + .optimize = optimize, + .fuzz = true, + }), + }); + + b.installArtifact(exe); + b.default_step = run_step; + + const run_artifact = b.addRunArtifact(exe); + run_step.dependOn(&run_artifact.step); +} diff --git a/test/standalone/libfuzzer/main.zig b/test/standalone/libfuzzer/main.zig new file mode 100644 index 0000000000..b0a18c8b20 --- /dev/null +++ b/test/standalone/libfuzzer/main.zig @@ -0,0 +1,22 @@ +const std = @import("std"); + +const FuzzerSlice = extern struct { + ptr: [*]const u8, + len: usize, + + fn fromSlice(s: []const u8) FuzzerSlice { + return .{ .ptr = s.ptr, .len = s.len }; + } +}; + +extern fn fuzzer_set_name(name_ptr: [*]const u8, name_len: usize) void; +extern fn fuzzer_init(cache_dir: FuzzerSlice) void; +extern fn fuzzer_init_corpus_elem(input_ptr: [*]const u8, input_len: usize) void; +extern fn fuzzer_coverage_id() u64; + +pub fn main() !void { + fuzzer_init(FuzzerSlice.fromSlice("")); + fuzzer_init_corpus_elem("hello".ptr, "hello".len); + fuzzer_set_name("test".ptr, "test".len); + _ = fuzzer_coverage_id(); +} From 68700e5de1e593d8f924e5ff0e7ebdd47373b3c8 Mon Sep 17 00:00:00 2001 From: tjog <28024277+tjog@users.noreply.github.com> Date: Sat, 3 May 2025 17:17:07 +0200 Subject: [PATCH 2/3] link+macho+fuzz: use correct input type A debug build of the compiler detects invalid union access since `classifyInputFile` detects `.archive` and this line constructed a `.object` input. --- src/link/MachO.zig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/link/MachO.zig b/src/link/MachO.zig index 2043be3e7b..f6ec0a74d8 100644 --- a/src/link/MachO.zig +++ b/src/link/MachO.zig @@ -416,7 +416,7 @@ pub fn flushModule( } if (comp.config.any_fuzz) { - try positionals.append(try link.openObjectInput(diags, comp.fuzzer_lib.?.full_object_path)); + try positionals.append(try link.openArchiveInput(diags, comp.fuzzer_lib.?.full_object_path, false, false)); } if (comp.ubsan_rt_lib) |crt_file| { From 0ba77eca7430ecb7c9852df175f3fc175bf50bbf Mon Sep 17 00:00:00 2001 From: tjog <28024277+tjog@users.noreply.github.com> Date: Sat, 3 May 2025 23:33:26 +0200 Subject: [PATCH 3/3] disable getauxvalImpl instrumentation as libfuzzer's allocator may need to call it --- lib/std/os/linux.zig | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/std/os/linux.zig b/lib/std/os/linux.zig index 794fccdf13..f055022203 100644 --- a/lib/std/os/linux.zig +++ b/lib/std/os/linux.zig @@ -523,6 +523,7 @@ pub const getauxval = if (extern_getauxval) struct { }.getauxval else getauxvalImpl; fn getauxvalImpl(index: usize) callconv(.c) usize { + @disableInstrumentation(); const auxv = elf_aux_maybe orelse return 0; var i: usize = 0; while (auxv[i].a_type != std.elf.AT_NULL) : (i += 1) {