1*fdb6b69dSkamil# Copyright (c) 2018 The NetBSD Foundation, Inc. 2*fdb6b69dSkamil# All rights reserved. 3*fdb6b69dSkamil# 4*fdb6b69dSkamil# This code is derived from software contributed to The NetBSD Foundation 5*fdb6b69dSkamil# by Yang Zheng. 6*fdb6b69dSkamil# 7*fdb6b69dSkamil# Redistribution and use in source and binary forms, with or without 8*fdb6b69dSkamil# modification, are permitted provided that the following conditions 9*fdb6b69dSkamil# are met: 10*fdb6b69dSkamil# 1. Redistributions of source code must retain the above copyright 11*fdb6b69dSkamil# notice, this list of conditions and the following disclaimer. 12*fdb6b69dSkamil# 2. Redistributions in binary form must reproduce the above copyright 13*fdb6b69dSkamil# notice, this list of conditions and the following disclaimer in the 14*fdb6b69dSkamil# documentation and/or other materials provided with the distribution. 15*fdb6b69dSkamil# 16*fdb6b69dSkamil# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17*fdb6b69dSkamil# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18*fdb6b69dSkamil# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19*fdb6b69dSkamil# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20*fdb6b69dSkamil# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21*fdb6b69dSkamil# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22*fdb6b69dSkamil# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23*fdb6b69dSkamil# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24*fdb6b69dSkamil# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25*fdb6b69dSkamil# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26*fdb6b69dSkamil# POSSIBILITY OF SUCH DAMAGE. 27*fdb6b69dSkamil# 28*fdb6b69dSkamil 29*fdb6b69dSkamiltest_target() 30*fdb6b69dSkamil{ 31*fdb6b69dSkamil SUPPORT='n' 32*fdb6b69dSkamil if uname -m | grep -q "amd64" && command -v c++ >/dev/null 2>&1 && \ 33*fdb6b69dSkamil ! echo __clang__ | c++ -E - | grep -q __clang__; then 34*fdb6b69dSkamil # only clang with major version newer than 7 is supported 35*fdb6b69dSkamil CLANG_MAJOR=`echo __clang_major__ | c++ -E - | grep -o '^[[:digit:]]'` 36*fdb6b69dSkamil if [ "$CLANG_MAJOR" -ge "7" ]; then 37*fdb6b69dSkamil SUPPORT='y' 38*fdb6b69dSkamil fi 39*fdb6b69dSkamil fi 40*fdb6b69dSkamil} 41*fdb6b69dSkamil 42*fdb6b69dSkamilatf_test_case oom 43*fdb6b69dSkamiloom_head() { 44*fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for out-of-memory condition" 45*fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 46*fdb6b69dSkamil} 47*fdb6b69dSkamil 48*fdb6b69dSkamilatf_test_case oom_profile 49*fdb6b69dSkamiloom_profile_head() { 50*fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for out-of-memory with profiling option" 51*fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 52*fdb6b69dSkamil} 53*fdb6b69dSkamilatf_test_case oom_pic 54*fdb6b69dSkamiloom_pic_head() { 55*fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for out-of-memory with position independent code (PIC) flag" 56*fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 57*fdb6b69dSkamil} 58*fdb6b69dSkamilatf_test_case oom_pie 59*fdb6b69dSkamiloom_pie_head() { 60*fdb6b69dSkamil atf_set "descr" "Test thread sanitizer for out-of-memory with position independent execution (PIE) flag" 61*fdb6b69dSkamil atf_set "require.progs" "c++ paxctl" 62*fdb6b69dSkamil} 63*fdb6b69dSkamil 64*fdb6b69dSkamiloom_body(){ 65*fdb6b69dSkamil cat > test.cc << EOF 66*fdb6b69dSkamil#include <stddef.h> 67*fdb6b69dSkamil#include <stdint.h> 68*fdb6b69dSkamil#include <stdlib.h> 69*fdb6b69dSkamil 70*fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 71*fdb6b69dSkamil if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 72*fdb6b69dSkamil return 0; 73*fdb6b69dSkamil} 74*fdb6b69dSkamilEOF 75*fdb6b69dSkamil 76*fdb6b69dSkamil c++ -fsanitize=fuzzer -o test test.cc 77*fdb6b69dSkamil paxctl +a test 78*fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 79*fdb6b69dSkamil} 80*fdb6b69dSkamil 81*fdb6b69dSkamiloom_profile_body(){ 82*fdb6b69dSkamil cat > test.cc << EOF 83*fdb6b69dSkamil#include <stddef.h> 84*fdb6b69dSkamil#include <stdint.h> 85*fdb6b69dSkamil#include <stdlib.h> 86*fdb6b69dSkamil 87*fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 88*fdb6b69dSkamil if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 89*fdb6b69dSkamil return 0; 90*fdb6b69dSkamil} 91*fdb6b69dSkamilEOF 92*fdb6b69dSkamil 93*fdb6b69dSkamil c++ -fsanitize=fuzzer -o test -pg test.cc 94*fdb6b69dSkamil paxctl +a test 95*fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 96*fdb6b69dSkamil} 97*fdb6b69dSkamil 98*fdb6b69dSkamiloom_pic_body(){ 99*fdb6b69dSkamil cat > test.cc << EOF 100*fdb6b69dSkamil#include <stddef.h> 101*fdb6b69dSkamil#include <stdint.h> 102*fdb6b69dSkamilint help(const uint8_t *data, size_t size); 103*fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 104*fdb6b69dSkamil return help(data, size); 105*fdb6b69dSkamil} 106*fdb6b69dSkamilEOF 107*fdb6b69dSkamil 108*fdb6b69dSkamil cat > pic.cc << EOF 109*fdb6b69dSkamil#include <stddef.h> 110*fdb6b69dSkamil#include <stdint.h> 111*fdb6b69dSkamil#include <stdlib.h> 112*fdb6b69dSkamil 113*fdb6b69dSkamilint help(const uint8_t *data, size_t size) { 114*fdb6b69dSkamil if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 115*fdb6b69dSkamil return 0; 116*fdb6b69dSkamil} 117*fdb6b69dSkamilEOF 118*fdb6b69dSkamil 119*fdb6b69dSkamil c++ -fsanitize=fuzzer -fPIC -shared -o libtest.so pic.cc 120*fdb6b69dSkamil c++ -o test test.cc -fsanitize=fuzzer -L. -ltest 121*fdb6b69dSkamil paxctl +a test 122*fdb6b69dSkamil 123*fdb6b69dSkamil export LD_LIBRARY_PATH=. 124*fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 125*fdb6b69dSkamil} 126*fdb6b69dSkamiloom_pie_body(){ 127*fdb6b69dSkamil 128*fdb6b69dSkamil #check whether -pie flag is supported on this architecture 129*fdb6b69dSkamil if ! c++ -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then 130*fdb6b69dSkamil atf_set_skip "c++ -pie not supported on this architecture" 131*fdb6b69dSkamil fi 132*fdb6b69dSkamil cat > test.cc << EOF 133*fdb6b69dSkamil#include <stddef.h> 134*fdb6b69dSkamil#include <stdint.h> 135*fdb6b69dSkamil#include <stdlib.h> 136*fdb6b69dSkamil 137*fdb6b69dSkamilextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 138*fdb6b69dSkamil if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 139*fdb6b69dSkamil return 0; 140*fdb6b69dSkamil} 141*fdb6b69dSkamilEOF 142*fdb6b69dSkamil 143*fdb6b69dSkamil c++ -fsanitize=fuzzer -o test -fpie -pie test.cc 144*fdb6b69dSkamil paxctl +a test 145*fdb6b69dSkamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 146*fdb6b69dSkamil} 147*fdb6b69dSkamil 148*fdb6b69dSkamil 149*fdb6b69dSkamilatf_test_case target_not_supported 150*fdb6b69dSkamiltarget_not_supported_head() 151*fdb6b69dSkamil{ 152*fdb6b69dSkamil atf_set "descr" "Test forced skip" 153*fdb6b69dSkamil} 154*fdb6b69dSkamil 155*fdb6b69dSkamilatf_init_test_cases() 156*fdb6b69dSkamil{ 157*fdb6b69dSkamil test_target 158*fdb6b69dSkamil test $SUPPORT = 'n' && { 159*fdb6b69dSkamil atf_add_test_case target_not_supported 160*fdb6b69dSkamil return 0 161*fdb6b69dSkamil } 162*fdb6b69dSkamil atf_add_test_case oom 163*fdb6b69dSkamil atf_add_test_case oom_profile 164*fdb6b69dSkamil atf_add_test_case oom_pie 165*fdb6b69dSkamil atf_add_test_case oom_pic 166*fdb6b69dSkamil} 167