From f3707ad5de2c12cdbd52115cf71abf7c7631d021 Mon Sep 17 00:00:00 2001 From: George Liontos Date: Thu, 31 Jul 2025 13:05:55 +0300 Subject: [PATCH 01/13] Add windows C++ targets Signed-off-by: George Liontos --- cpp/windows/CMakeLists.txt | 121 ++++++++++++++++++ cpp/windows/README.md | 94 ++++++++++++++ cpp/windows/crashers/test_abort.txt | 1 + .../crashers/test_address_sanitizer.txt | 1 + cpp/windows/crashers/test_assert.txt | 1 + cpp/windows/crashers/test_null_deref.txt | 1 + cpp/windows/crashers/test_raise_fail_fast.txt | 1 + cpp/windows/crashers/test_runtime_error.txt | 1 + cpp/windows/dotnet_fuzz_target.cs | 98 ++++++++++++++ cpp/windows/fuzz_methods.cpp | 92 +++++++++++++ cpp/windows/fuzz_target.cpp | 23 ++++ cpp/windows/libfuzzer_target.cpp | 13 ++ cpp/windows/testsuite/test_abort.txt | 1 + .../testsuite/test_address_sanitizer.txt | 1 + cpp/windows/testsuite/test_assert.txt | 1 + cpp/windows/testsuite/test_null_deref.txt | 1 + .../testsuite/test_raise_fail_fast.txt | 1 + cpp/windows/testsuite/test_runtime_error.txt | 1 + 18 files changed, 453 insertions(+) create mode 100644 cpp/windows/CMakeLists.txt create mode 100644 cpp/windows/README.md create mode 100644 cpp/windows/crashers/test_abort.txt create mode 100644 cpp/windows/crashers/test_address_sanitizer.txt create mode 100644 cpp/windows/crashers/test_assert.txt create mode 100644 cpp/windows/crashers/test_null_deref.txt create mode 100644 cpp/windows/crashers/test_raise_fail_fast.txt create mode 100644 cpp/windows/crashers/test_runtime_error.txt create mode 100644 cpp/windows/dotnet_fuzz_target.cs create mode 100644 cpp/windows/fuzz_methods.cpp create mode 100644 cpp/windows/fuzz_target.cpp create mode 100644 cpp/windows/libfuzzer_target.cpp create mode 100644 cpp/windows/testsuite/test_abort.txt create mode 100644 cpp/windows/testsuite/test_address_sanitizer.txt create mode 100644 cpp/windows/testsuite/test_assert.txt create mode 100644 cpp/windows/testsuite/test_null_deref.txt create mode 100644 cpp/windows/testsuite/test_raise_fail_fast.txt create mode 100644 cpp/windows/testsuite/test_runtime_error.txt diff --git a/cpp/windows/CMakeLists.txt b/cpp/windows/CMakeLists.txt new file mode 100644 index 0000000..29833ba --- /dev/null +++ b/cpp/windows/CMakeLists.txt @@ -0,0 +1,121 @@ +cmake_minimum_required(VERSION 3.10) +project(FuzzExample NONE) # No default language, we use custom commands + +set(SRC "fuzz_target.cpp") +set(DOTNET_SRC "dotnet_fuzz_target.cs") +set(LIBFUZZER_SRC "libfuzzer_target.cpp") +set(OUTPUT_DIR "${CMAKE_SOURCE_DIR}/${OUT_DIR}") +set(OUTPUT_PACKAGE_DIR "${CMAKE_SOURCE_DIR}/${OUT_DIR}_packages") +file(MAKE_DIRECTORY ${OUTPUT_DIR}) +file(MAKE_DIRECTORY ${OUTPUT_PACKAGE_DIR}) + +# Customize these as needed to refer to correct compiler paths +find_program(MSVC_CL cl.exe) +find_program(CLANG_CL clang++.exe) +find_program(CSC_CL csc.exe) +find_program(MINGW_CL g++.exe) + +# Uncomment in cygwin. +#set(ENV{PATH} "C:/cygwin64/bin;$ENV{PATH}") +#find_program(GCC_CL g++) + +# Function: build fuzz binary +function(add_fuzz_target name src compiler_cmd) + file(MAKE_DIRECTORY ${OUTPUT_DIR}/fuzz_target_${name}) + set(output "${OUTPUT_DIR}/fuzz_target_${name}/fuzz_target_${name}.exe") + set(flags ${ARGN}) + + if(${compiler_cmd} MATCHES "cl(.exe)?$") + add_custom_command( + OUTPUT ${output} + COMMAND ${compiler_cmd} ${flags} ${CMAKE_SOURCE_DIR}/${src} + DEPENDS ${SRC} + COMMENT "Building fuzz_target_${name}.exe with MSVC" + ) + else() + add_custom_command( + OUTPUT ${output} + COMMAND ${compiler_cmd} ${flags} ${CMAKE_SOURCE_DIR}/${src} -o ${output} + DEPENDS ${SRC} + COMMENT "Building fuzz_target_${name}.exe with ${compiler_cmd}" + ) + endif() + + add_custom_target(build_binary_${name} ALL DEPENDS ${output}) +endfunction() + +# Function: package binary for Mayhem +function(add_mayhem_package name) + set(binary "${OUTPUT_DIR}/fuzz_target_${name}/fuzz_target_${name}.exe") + set(package_dir "${OUTPUT_PACKAGE_DIR}/mayhem_package_${name}") + set(package_marker "${package_dir}/.done") + + add_custom_command( + OUTPUT ${package_marker} + COMMAND ${CMAKE_COMMAND} -E make_directory ${package_dir} + COMMAND mayhem package -o ${package_dir} ${binary} + COMMAND ${CMAKE_COMMAND} -E copy_directory ${CMAKE_SOURCE_DIR}/testsuite ${package_dir}/testsuite + COMMAND ${CMAKE_COMMAND} -E touch ${package_marker} + DEPENDS ${binary} + COMMENT "Packaging ${name} for Mayhem" + ) + + add_custom_target(package_${name} ALL DEPENDS ${package_marker}) + add_dependencies(package_${name} build_binary_${name}) +endfunction() + +# Targets + +if(EXISTS "${MSVC_CL}") + add_fuzz_target("msvc" "${SRC}" "${MSVC_CL}" + /nologo /Zi /FS /MDd /EHsc + /Fo${OUTPUT_DIR}/fuzz_target_msvc/fuzz_target_msvc.obj + /Fe${OUTPUT_DIR}/fuzz_target_msvc/fuzz_target_msvc.exe + ) + add_mayhem_package("msvc") + + add_fuzz_target("msvc_asan" "${SRC}" "${MSVC_CL}" + /nologo /fsanitize=address /Zi /FS /EHsc /MDd + /Fo${OUTPUT_DIR}/fuzz_target_msvc_asan/fuzz_target_msvc_asan.obj + /Fe${OUTPUT_DIR}/fuzz_target_msvc_asan/fuzz_target_msvc_asan.exe + ) + add_mayhem_package("msvc_asan") +endif() + +if(EXISTS "${CLANG_CL}") + add_fuzz_target("clang" "${SRC}" "${CLANG_CL}" -g -O1) + add_mayhem_package("clang") + + add_fuzz_target("clang_asan" "${SRC}" "${CLANG_CL}" -g -O1 -fsanitize=address) + add_mayhem_package("clang_asan") + + add_fuzz_target("libfuzzer" "${LIBFUZZER_SRC}" "${CLANG_CL}" -g -O1 -fsanitize=fuzzer) + add_mayhem_package("libfuzzer") +endif() + +if(EXISTS "${MINGW_CL}") + add_fuzz_target("mingw" "${SRC}" "${MINGW_CL}" -g -O1) + add_mayhem_package("mingw") +endif() + +if(EXISTS "${GCC_CL}") + add_fuzz_target("gplusplus" "${SRC}" "${GCC_CL}" -g -O1) +endif() + + + +# Optional: .NET target (not packaged) +if(EXISTS "${CSC_CL}") + file(MAKE_DIRECTORY "${OUTPUT_DIR}/fuzz_target_dotnet") + set(DOTNET_OUTPUT "${OUTPUT_DIR}/fuzz_target_dotnet/fuzz_target_dotnet.exe") + + add_custom_command( + OUTPUT ${DOTNET_OUTPUT} + COMMAND ${CMAKE_COMMAND} -E make_directory ${OUTPUT_DIR} + COMMAND ${CSC_CL} /unsafe /nologo /out:${DOTNET_OUTPUT} ${CMAKE_SOURCE_DIR}/${DOTNET_SRC} + DEPENDS ${DOTNET_SRC} + COMMENT "Building fuzz_target_dotnet.exe with ${CSC_CL}" + ) + + add_custom_target(build_dotnet ALL DEPENDS ${DOTNET_OUTPUT}) +endif() \ No newline at end of file diff --git a/cpp/windows/README.md b/cpp/windows/README.md new file mode 100644 index 0000000..8231839 --- /dev/null +++ b/cpp/windows/README.md @@ -0,0 +1,94 @@ +# Windows Fuzzing Example + +This is a simple example C++ project designed for fuzz testing with [Mayhem](https://forallsecure.com). + + +## Quick Start + + +**Option: Command Prompt** +In order to compile x64 binaries, search for `x64 Native Tools Command Prompt for VS`. In that command prompt run: + +```bash +cmake -G "NMake Makefiles" -B build64 -DOUT_DIR=out64 +cmake --build build64 +``` + +This will produce two output folders: +- out64: Contains all the compiled binaries and PDB files +- out64_packages: Containes all the compiled binaries along with Mayhemfiles for each one, the testsuite and binary dependencies. + +In order to compile for x86, search for `x86 Native Tools Command Prompt for VS`. In that command prompt run: + +```bash +cmake -G "NMake Makefiles" -B build32 -DOUT_DIR=out32 +cmake --build build32 +``` + +This will produce two output folders: +- out32 +- out32_packages + +These are equivalent to x64 ones. The only difference is that the artifcats are 32 bit. + +Run the packages with `mayhem run ` + +**Option: Visual Studio**: + 1. Open this as a directory. Visual studio should recognize cmake and set + up everything for you. + 2. To compile, run "Build->Build All". + + +Then run: +```bash +mayhem package -o mayhem_package out/fuzz_target_.exe +copy testsuite/* mayhem_package/testsuite +mayhem run mayhem_package +``` + +**Option: cgwin command line**: + +```bash +cmake -S . -B build +cmake --build build +``` + +Then run: +```bash +mayhem package -o mayhem_package_gplusplus out/fuzz_target_gplusplus.exe +copy testsuite/* mayhem_package/testsuite +mayhem run mayhem_package_gplusplus +``` + +## Fuzzing Support with Mayhem + +| Compiler | Architecture | Binary | Sanitizers | +|------------------------|--------------|-----------|--------------------| +| MSVC 2022 (cl.exe v19) | x32/x64 | Supported | Failing | +| clang 10+ (MSVC) | x32/x64 | Supported | Failing | +| clang 10+ (libfuzzer) | x32/x64 | Supported | Failing | +| gcc 12.4 (cygwin) | x32/x64 | Failing | Failing | +| gcc 15.1 (mingw) | x32/x64 | Supported | N/A. Linking fails | + +**clang8 and cygwin**: cygwin installs clang8, which does not support +`libfuzzer` or `ASAN`. To use `libfuzzer` or `ASAN`, you need to install: + * clang 10+ + * built with the `libclang_rt` library. + +MSVC will install a supported version of clang, and you can also install +from the [GitHub release page](https://github.com/llvm/llvm-project/releases) + +## Windows Behaviors + +Windows behaviors are different than Linux. In Linux, `assert` and `abort` +crash with a signal, but in Windows they are silently wrapped. + +| Case | Linux Behavior | Windows MSVC Default | Supported | +|---------------------------------|------------------------|-----------------------------|-----------| +| `abort()` | Raises signal, exits | Shows dialog, exits code 3 | No | +| `assert()` | Raises SIGABRT | May no-op in release | No | +| `throw std::runtime_error` | Uncaught → terminate() | Exits silently (code 1/3) | Yes | +| Null pointer dereference | Crashes | Crashes | Yes | +| OOB heap write (with ASAN) | Detected by ASAN | Detected by ASAN (Clang) | No | +| `RaiseFailFastException()` | Not applicable | Crashes with fast fail | No | + diff --git a/cpp/windows/crashers/test_abort.txt b/cpp/windows/crashers/test_abort.txt new file mode 100644 index 0000000..a6866f5 --- /dev/null +++ b/cpp/windows/crashers/test_abort.txt @@ -0,0 +1 @@ +bug \ No newline at end of file diff --git a/cpp/windows/crashers/test_address_sanitizer.txt b/cpp/windows/crashers/test_address_sanitizer.txt new file mode 100644 index 0000000..924806b --- /dev/null +++ b/cpp/windows/crashers/test_address_sanitizer.txt @@ -0,0 +1 @@ +boo \ No newline at end of file diff --git a/cpp/windows/crashers/test_assert.txt b/cpp/windows/crashers/test_assert.txt new file mode 100644 index 0000000..7e32cfb --- /dev/null +++ b/cpp/windows/crashers/test_assert.txt @@ -0,0 +1 @@ +cab \ No newline at end of file diff --git a/cpp/windows/crashers/test_null_deref.txt b/cpp/windows/crashers/test_null_deref.txt new file mode 100644 index 0000000..9d25384 --- /dev/null +++ b/cpp/windows/crashers/test_null_deref.txt @@ -0,0 +1 @@ +mom \ No newline at end of file diff --git a/cpp/windows/crashers/test_raise_fail_fast.txt b/cpp/windows/crashers/test_raise_fail_fast.txt new file mode 100644 index 0000000..edca36d --- /dev/null +++ b/cpp/windows/crashers/test_raise_fail_fast.txt @@ -0,0 +1 @@ +dog \ No newline at end of file diff --git a/cpp/windows/crashers/test_runtime_error.txt b/cpp/windows/crashers/test_runtime_error.txt new file mode 100644 index 0000000..8eff968 --- /dev/null +++ b/cpp/windows/crashers/test_runtime_error.txt @@ -0,0 +1 @@ +dad \ No newline at end of file diff --git a/cpp/windows/dotnet_fuzz_target.cs b/cpp/windows/dotnet_fuzz_target.cs new file mode 100644 index 0000000..2cebb88 --- /dev/null +++ b/cpp/windows/dotnet_fuzz_target.cs @@ -0,0 +1,98 @@ +using System; +using System.IO; +using System.Runtime.InteropServices; +using System.Diagnostics; + +class Program +{ + [DllImport("kernel32.dll")] + static extern void RaiseFailFastException(IntPtr pExceptionRecord, IntPtr pContextRecord, uint dwFlags); + + static void TestAbortBug(string data) + { + if (data.StartsWith("bug")) + { + Console.WriteLine("Found 'bug' abort corner case!"); + Environment.FailFast("Simulated abort"); + } + } + + static void TestNullDerefMom(string data) + { + if (data.StartsWith("mom")) + { + Console.WriteLine("Found 'mom' null deref corner case!"); + unsafe + { + int* ptr = null; + *ptr = 42; + } + } + } + + static void TestRuntimeErrorDad(string data) + { + if (data.StartsWith("dad")) + { + Console.WriteLine("Found 'dad' runtime_error corner case!"); + throw new Exception("Simulated runtime error"); + } + } + + static void TestAssertCab(string data) + { + if (data.StartsWith("cab")) + { + Console.WriteLine("Found 'cab' assert corner case!"); + Debug.Assert(false, "Assertion failed for input 'cab'"); + } + } + + static void TestRaiseFailFastDog(string data) + { + if (data.StartsWith("dog")) + { + Console.WriteLine("Found 'dog' RaiseFailFastException!"); + RaiseFailFastException(IntPtr.Zero, IntPtr.Zero, 0); + } + } + + static void TestAddressSanitizerBoo(string data) + { + if (data.StartsWith("boo")) + { + Console.WriteLine("Found 'boo' address sanitizer corner case!"); + int[] x = new int[100]; + x[100] = 5; // Out of bounds write + } + } + + static void TestAbortSetBehaviorSet(string data) + { + if (data.StartsWith("set")) + { + Console.WriteLine("Found 'set' FailFast corner case!"); + Environment.FailFast("set_abort_behavior + abort simulation"); + } + } + + static void Main(string[] args) + { + if (args.Length < 1) + { + Console.Error.WriteLine("Usage: dotnet_fuzz_target "); + return; + } + + string input = File.ReadAllText(args[0]); + Console.WriteLine($"Read '{input}' from input file."); + + TestAbortBug(input); + TestNullDerefMom(input); + TestRuntimeErrorDad(input); + TestAbortSetBehaviorSet(input); + TestAddressSanitizerBoo(input); + TestRaiseFailFastDog(input); + TestAssertCab(input); + } +} diff --git a/cpp/windows/fuzz_methods.cpp b/cpp/windows/fuzz_methods.cpp new file mode 100644 index 0000000..ae0df1c --- /dev/null +++ b/cpp/windows/fuzz_methods.cpp @@ -0,0 +1,92 @@ +#include +#include +#include +#include +#include +#include + +void fuzz_init() { + static bool initialized = false; + if (!initialized) { +#ifdef _MSC_VER + // abort() displays a message box, then exits. + // assert() may not crash or trigger a debugger, depending on the CRT configuration. + // This disables the message box, but does not solve the whole problem. + // This is only available in MSVC. + _set_abort_behavior(0, _WRITE_ABORT_MSG | _CALL_REPORTFAULT); +#endif + initialized = true; + } +} + +void test_address_sanitizer_boo(std::string data) { + // This function uses a null deref to see if mayhem catches it with 'address_sanitizer' + if (data.size() >= 3) { + if (data.c_str()[0] == 'b' && data.c_str()[1] == 'o' && data.c_str()[2] == 'o') { + // Note: this will crash powershell in MSVC. + std::cout << "Found 'boo' address sanitizer corner case!\n"; + int* x = new int[100]; + x[100] = 5; + delete[] x; + } + } +} + +void test_null_deref_mom(std::string data) { + // This function uses a null deref to see if mayhem catches it with 'mom' + if (data.size() >= 3) { + if (data.c_str()[0] == 'm' && data.c_str()[1] == 'o' && data.c_str()[2] == 'm') { + std::cout << "Found 'mom' null deref corner case!\n"; + *((volatile int*)0) = 123; // guaranteed crash + } + } +} + +void test_runtime_error_dad(std::string data) { + // This function uses a runtime error to see if mayhem catches it with input 'dad'. + if (data.size() >= 3) { + if (data.c_str()[0] == 'd' && data.c_str()[1] == 'a' && data.c_str()[2] == 'd') { + std::cout << "Found 'dad' corner case!\n"; + throw std::runtime_error("Found 'dad' runtime_error corner case!"); // Alternative: throw an exception + } + } +} + +void test_assert_cab(std::string data) { + if (data.size() >= 3) { + if (data.c_str()[0] == 'c' && data.c_str()[1] == 'a' && data.c_str()[2] == 'b') { + std::cout << "Found 'cab' assert corner case!\n"; + assert(1 == 0); + } + } +} + +void test_raise_fail_fast_dog(std::string data) { + if (data.size() >= 3) { + if (data.c_str()[0] == 'd' && data.c_str()[1] == 'o' && data.c_str()[2] == 'g') { + std::cout << "Found 'dog' RaiseFailFastException!\n"; + RaiseFailFastException(nullptr, nullptr, 0); + } + } +} + + +void test_abort_bug(std::string data) { + // This function uses a null deref to see if mayhem catches it with 'bug' + + if (data.size() >= 3) { + if (data.c_str()[0] == 'b' && data.c_str()[1] == 'u' && data.c_str()[2] == 'g') { + std::cout << "Found 'bug' abort corner case!\n"; + abort(); // Uncomment to crash on this condition + } + } +} + +void test_all(std::string data) { + test_abort_bug(data); + test_assert_cab(data); + test_null_deref_mom(data); + test_runtime_error_dad(data); + test_address_sanitizer_boo(data); + test_raise_fail_fast_dog(data); +} \ No newline at end of file diff --git a/cpp/windows/fuzz_target.cpp b/cpp/windows/fuzz_target.cpp new file mode 100644 index 0000000..acc0a07 --- /dev/null +++ b/cpp/windows/fuzz_target.cpp @@ -0,0 +1,23 @@ +#include +#include "fuzz_methods.cpp" + +int main(int argc, char* argv[]) { + if (argc < 2) { + std::cerr << "Usage: fuzz_target \n"; + return 1; + } + + std::ifstream file(argv[1], std::ios::binary); + if (!file) { + std::cerr << "Error opening file: " << argv[1] << "\n"; + return 1; + } + + std::string data((std::istreambuf_iterator(file)), + std::istreambuf_iterator()); + + fuzz_init(); + test_all(data); + + return 0; +} \ No newline at end of file diff --git a/cpp/windows/libfuzzer_target.cpp b/cpp/windows/libfuzzer_target.cpp new file mode 100644 index 0000000..3ade3be --- /dev/null +++ b/cpp/windows/libfuzzer_target.cpp @@ -0,0 +1,13 @@ +#include "fuzz_methods.cpp" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + fuzz_init(); + + if (Size > 0) { + std::string data((const char*) Data, Size); + test_all(data); + return 0; + } + + return 1; +} \ No newline at end of file diff --git a/cpp/windows/testsuite/test_abort.txt b/cpp/windows/testsuite/test_abort.txt new file mode 100644 index 0000000..b7ce198 --- /dev/null +++ b/cpp/windows/testsuite/test_abort.txt @@ -0,0 +1 @@ +bu. \ No newline at end of file diff --git a/cpp/windows/testsuite/test_address_sanitizer.txt b/cpp/windows/testsuite/test_address_sanitizer.txt new file mode 100644 index 0000000..7b27f90 --- /dev/null +++ b/cpp/windows/testsuite/test_address_sanitizer.txt @@ -0,0 +1 @@ +bo. \ No newline at end of file diff --git a/cpp/windows/testsuite/test_assert.txt b/cpp/windows/testsuite/test_assert.txt new file mode 100644 index 0000000..ef55258 --- /dev/null +++ b/cpp/windows/testsuite/test_assert.txt @@ -0,0 +1 @@ +ca. \ No newline at end of file diff --git a/cpp/windows/testsuite/test_null_deref.txt b/cpp/windows/testsuite/test_null_deref.txt new file mode 100644 index 0000000..5d3a263 --- /dev/null +++ b/cpp/windows/testsuite/test_null_deref.txt @@ -0,0 +1 @@ +mo. \ No newline at end of file diff --git a/cpp/windows/testsuite/test_raise_fail_fast.txt b/cpp/windows/testsuite/test_raise_fail_fast.txt new file mode 100644 index 0000000..0baf38e --- /dev/null +++ b/cpp/windows/testsuite/test_raise_fail_fast.txt @@ -0,0 +1 @@ +do. \ No newline at end of file diff --git a/cpp/windows/testsuite/test_runtime_error.txt b/cpp/windows/testsuite/test_runtime_error.txt new file mode 100644 index 0000000..ee94fad --- /dev/null +++ b/cpp/windows/testsuite/test_runtime_error.txt @@ -0,0 +1 @@ +da. \ No newline at end of file From 9597e9a67743f3cea7d1355df7cab8ca41e14ff5 Mon Sep 17 00:00:00 2001 From: xansec Date: Tue, 5 Aug 2025 09:32:35 -0400 Subject: [PATCH 02/13] idea --- base-executable/cpp-base-executable | 1 - cpp/{ => linux}/afl/cpp-afl-clang/Dockerfile | 0 cpp/{ => linux}/afl/cpp-afl-clang/Mayhemfile | 0 cpp/{ => linux}/afl/cpp-afl-clang/README.md | 0 .../afl/cpp-afl-clang/src/mayhemit.cpp | 0 .../afl/cpp-afl-clang/testsuite/seed.txt | 0 cpp/{ => linux}/afl/cpp-afl-gcc/Dockerfile | 0 cpp/{ => linux}/afl/cpp-afl-gcc/Mayhemfile | 0 cpp/{ => linux}/afl/cpp-afl-gcc/README.md | 0 .../afl/cpp-afl-gcc/src/mayhemit.cpp | 0 .../afl/cpp-afl-gcc/testsuite/seed.txt | 0 .../aflpp/cpp-aflpp-clang/Dockerfile | 0 .../aflpp/cpp-aflpp-clang/Mayhemfile | 0 .../aflpp/cpp-aflpp-clang/README.md | 0 .../aflpp/cpp-aflpp-clang/src/mayhemit.cpp | 0 .../aflpp/cpp-aflpp-clang/testsuite/seed.txt | 0 .../aflpp/cpp-aflpp-gcc/Dockerfile | 0 .../aflpp/cpp-aflpp-gcc/Mayhemfile | 0 cpp/{ => linux}/aflpp/cpp-aflpp-gcc/README.md | 0 .../aflpp/cpp-aflpp-gcc/src/mayhemit.cpp | 0 .../aflpp/cpp-aflpp-gcc/testsuite/seed.txt | 0 .../cpp-base-executable/Dockerfile | 0 .../cpp-base-executable/Mayhemfile | 0 .../cpp-base-executable/README.md | 0 .../linux-cpp-base-executable | 1 + .../cpp-base-executable/src/mayhemit.cpp | 0 .../cpp-base-executable/testsuite/seed.txt | 0 .../honggfuzz/cpp-honggfuzz-clang/Dockerfile | 0 .../honggfuzz/cpp-honggfuzz-clang/Mayhemfile | 0 .../honggfuzz/cpp-honggfuzz-clang/README.md | 0 .../cpp-honggfuzz-clang/src/mayhemit.cpp | 0 .../cpp-honggfuzz-clang/testsuite/seed.txt | 0 .../honggfuzz/cpp-honggfuzz-gcc/Dockerfile | 0 .../honggfuzz/cpp-honggfuzz-gcc/Mayhemfile | 0 .../honggfuzz/cpp-honggfuzz-gcc/README.md | 0 .../cpp-honggfuzz-gcc/src/mayhemit.cpp | 0 .../cpp-honggfuzz-gcc/testsuite/seed.txt | 0 .../libfuzzer/cpp-libfuzzer/Dockerfile | 0 .../libfuzzer/cpp-libfuzzer/Mayhemfile | 0 .../libfuzzer/cpp-libfuzzer/README.md | 0 .../libfuzzer/cpp-libfuzzer/src/mayhemit.cpp | 0 .../cpp-libfuzzer/testsuite/seed.txt | 0 cpp/windows/base-executable/clang/Dockerfile | 0 cpp/windows/base-executable/clang/Mayhemfile | 0 cpp/windows/base-executable/clang/README.md | 0 .../clang/src}/fuzz_methods.cpp | 0 .../clang/src}/fuzz_target.cpp | 0 .../clang}/testsuite/test_abort.txt | 0 .../testsuite/test_address_sanitizer.txt | 0 .../clang}/testsuite/test_assert.txt | 0 .../clang}/testsuite/test_null_deref.txt | 0 .../clang}/testsuite/test_raise_fail_fast.txt | 0 .../clang}/testsuite/test_runtime_error.txt | 0 cpp/windows/base-executable/gcc/Dockerfile | 0 cpp/windows/base-executable/gcc/Mayhemfile | 0 cpp/windows/base-executable/gcc/README.md | 0 .../base-executable/gcc/src/fuzz_methods.cpp | 92 +++++++++++++++++++ .../base-executable/gcc/src/fuzz_target.cpp | 23 +++++ .../gcc/testsuite/test_abort.txt | 1 + .../gcc/testsuite/test_address_sanitizer.txt | 1 + .../gcc/testsuite/test_assert.txt | 1 + .../gcc/testsuite/test_null_deref.txt | 1 + .../gcc/testsuite/test_raise_fail_fast.txt | 1 + .../gcc/testsuite/test_runtime_error.txt | 1 + cpp/windows/base-executable/msvc/Dockerfile | 0 cpp/windows/base-executable/msvc/Mayhemfile | 0 cpp/windows/base-executable/msvc/README.md | 0 .../base-executable/msvc/src/fuzz_methods.cpp | 92 +++++++++++++++++++ .../base-executable/msvc/src/fuzz_target.cpp | 23 +++++ .../msvc/testsuite/test_abort.txt | 1 + .../msvc/testsuite/test_address_sanitizer.txt | 1 + .../msvc/testsuite/test_assert.txt | 1 + .../msvc/testsuite/test_null_deref.txt | 1 + .../msvc/testsuite/test_raise_fail_fast.txt | 1 + .../msvc/testsuite/test_runtime_error.txt | 1 + .../msvc/windows-cpp-base-executable | 1 + .../{ => libfuzzer}/libfuzzer_target.cpp | 0 .../libfuzzer/testsuite/test_abort.txt | 1 + .../testsuite/test_address_sanitizer.txt | 1 + .../libfuzzer/testsuite/test_assert.txt | 1 + .../libfuzzer/testsuite/test_null_deref.txt | 1 + .../testsuite/test_raise_fail_fast.txt | 1 + .../testsuite/test_runtime_error.txt | 1 + .../libfuzzer}/Dockerfile | 0 .../libfuzzer}/Mayhemfile | 0 .../libfuzzer}/Program.cs | 0 .../libfuzzer}/README.md | 0 .../libfuzzer}/fuzzme.csproj | 0 .../libfuzzer}/testsuite/seed.txt | 0 csharp/windows/base-executable/README.md | 0 .../base-executable}/dotnet_fuzz_target.cs | 0 .../base-executable/testsuite/test_abort.txt | 1 + .../testsuite/test_address_sanitizer.txt | 1 + .../base-executable/testsuite/test_assert.txt | 1 + .../testsuite/test_null_deref.txt | 1 + .../testsuite/test_raise_fail_fast.txt | 1 + .../testsuite/test_runtime_error.txt | 1 + .../windows-csharp-base-executable | 1 + 98 files changed, 257 insertions(+), 1 deletion(-) delete mode 120000 base-executable/cpp-base-executable rename cpp/{ => linux}/afl/cpp-afl-clang/Dockerfile (100%) rename cpp/{ => linux}/afl/cpp-afl-clang/Mayhemfile (100%) rename cpp/{ => linux}/afl/cpp-afl-clang/README.md (100%) rename cpp/{ => linux}/afl/cpp-afl-clang/src/mayhemit.cpp (100%) rename cpp/{ => linux}/afl/cpp-afl-clang/testsuite/seed.txt (100%) rename cpp/{ => linux}/afl/cpp-afl-gcc/Dockerfile (100%) rename cpp/{ => linux}/afl/cpp-afl-gcc/Mayhemfile (100%) rename cpp/{ => linux}/afl/cpp-afl-gcc/README.md (100%) rename cpp/{ => linux}/afl/cpp-afl-gcc/src/mayhemit.cpp (100%) rename cpp/{ => linux}/afl/cpp-afl-gcc/testsuite/seed.txt (100%) rename cpp/{ => linux}/aflpp/cpp-aflpp-clang/Dockerfile (100%) rename cpp/{ => linux}/aflpp/cpp-aflpp-clang/Mayhemfile (100%) rename cpp/{ => linux}/aflpp/cpp-aflpp-clang/README.md (100%) rename cpp/{ => linux}/aflpp/cpp-aflpp-clang/src/mayhemit.cpp (100%) rename cpp/{ => linux}/aflpp/cpp-aflpp-clang/testsuite/seed.txt (100%) rename cpp/{ => linux}/aflpp/cpp-aflpp-gcc/Dockerfile (100%) rename cpp/{ => linux}/aflpp/cpp-aflpp-gcc/Mayhemfile (100%) rename cpp/{ => linux}/aflpp/cpp-aflpp-gcc/README.md (100%) rename cpp/{ => linux}/aflpp/cpp-aflpp-gcc/src/mayhemit.cpp (100%) rename cpp/{ => linux}/aflpp/cpp-aflpp-gcc/testsuite/seed.txt (100%) rename cpp/{ => linux}/base-executable/cpp-base-executable/Dockerfile (100%) rename cpp/{ => linux}/base-executable/cpp-base-executable/Mayhemfile (100%) rename cpp/{ => linux}/base-executable/cpp-base-executable/README.md (100%) create mode 120000 cpp/linux/base-executable/cpp-base-executable/linux-cpp-base-executable rename cpp/{ => linux}/base-executable/cpp-base-executable/src/mayhemit.cpp (100%) rename cpp/{ => linux}/base-executable/cpp-base-executable/testsuite/seed.txt (100%) rename cpp/{ => linux}/honggfuzz/cpp-honggfuzz-clang/Dockerfile (100%) rename cpp/{ => linux}/honggfuzz/cpp-honggfuzz-clang/Mayhemfile (100%) rename cpp/{ => linux}/honggfuzz/cpp-honggfuzz-clang/README.md (100%) rename cpp/{ => linux}/honggfuzz/cpp-honggfuzz-clang/src/mayhemit.cpp (100%) rename cpp/{ => linux}/honggfuzz/cpp-honggfuzz-clang/testsuite/seed.txt (100%) rename cpp/{ => linux}/honggfuzz/cpp-honggfuzz-gcc/Dockerfile (100%) rename cpp/{ => linux}/honggfuzz/cpp-honggfuzz-gcc/Mayhemfile (100%) rename cpp/{ => linux}/honggfuzz/cpp-honggfuzz-gcc/README.md (100%) rename cpp/{ => linux}/honggfuzz/cpp-honggfuzz-gcc/src/mayhemit.cpp (100%) rename cpp/{ => linux}/honggfuzz/cpp-honggfuzz-gcc/testsuite/seed.txt (100%) rename cpp/{ => linux}/libfuzzer/cpp-libfuzzer/Dockerfile (100%) rename cpp/{ => linux}/libfuzzer/cpp-libfuzzer/Mayhemfile (100%) rename cpp/{ => linux}/libfuzzer/cpp-libfuzzer/README.md (100%) rename cpp/{ => linux}/libfuzzer/cpp-libfuzzer/src/mayhemit.cpp (100%) rename cpp/{ => linux}/libfuzzer/cpp-libfuzzer/testsuite/seed.txt (100%) create mode 100644 cpp/windows/base-executable/clang/Dockerfile create mode 100644 cpp/windows/base-executable/clang/Mayhemfile create mode 100644 cpp/windows/base-executable/clang/README.md rename cpp/windows/{ => base-executable/clang/src}/fuzz_methods.cpp (100%) rename cpp/windows/{ => base-executable/clang/src}/fuzz_target.cpp (100%) rename cpp/windows/{ => base-executable/clang}/testsuite/test_abort.txt (100%) rename cpp/windows/{ => base-executable/clang}/testsuite/test_address_sanitizer.txt (100%) rename cpp/windows/{ => base-executable/clang}/testsuite/test_assert.txt (100%) rename cpp/windows/{ => base-executable/clang}/testsuite/test_null_deref.txt (100%) rename cpp/windows/{ => base-executable/clang}/testsuite/test_raise_fail_fast.txt (100%) rename cpp/windows/{ => base-executable/clang}/testsuite/test_runtime_error.txt (100%) create mode 100644 cpp/windows/base-executable/gcc/Dockerfile create mode 100644 cpp/windows/base-executable/gcc/Mayhemfile create mode 100644 cpp/windows/base-executable/gcc/README.md create mode 100644 cpp/windows/base-executable/gcc/src/fuzz_methods.cpp create mode 100644 cpp/windows/base-executable/gcc/src/fuzz_target.cpp create mode 100644 cpp/windows/base-executable/gcc/testsuite/test_abort.txt create mode 100644 cpp/windows/base-executable/gcc/testsuite/test_address_sanitizer.txt create mode 100644 cpp/windows/base-executable/gcc/testsuite/test_assert.txt create mode 100644 cpp/windows/base-executable/gcc/testsuite/test_null_deref.txt create mode 100644 cpp/windows/base-executable/gcc/testsuite/test_raise_fail_fast.txt create mode 100644 cpp/windows/base-executable/gcc/testsuite/test_runtime_error.txt create mode 100644 cpp/windows/base-executable/msvc/Dockerfile create mode 100644 cpp/windows/base-executable/msvc/Mayhemfile create mode 100644 cpp/windows/base-executable/msvc/README.md create mode 100644 cpp/windows/base-executable/msvc/src/fuzz_methods.cpp create mode 100644 cpp/windows/base-executable/msvc/src/fuzz_target.cpp create mode 100644 cpp/windows/base-executable/msvc/testsuite/test_abort.txt create mode 100644 cpp/windows/base-executable/msvc/testsuite/test_address_sanitizer.txt create mode 100644 cpp/windows/base-executable/msvc/testsuite/test_assert.txt create mode 100644 cpp/windows/base-executable/msvc/testsuite/test_null_deref.txt create mode 100644 cpp/windows/base-executable/msvc/testsuite/test_raise_fail_fast.txt create mode 100644 cpp/windows/base-executable/msvc/testsuite/test_runtime_error.txt create mode 120000 cpp/windows/base-executable/msvc/windows-cpp-base-executable rename cpp/windows/{ => libfuzzer}/libfuzzer_target.cpp (100%) create mode 100644 cpp/windows/libfuzzer/testsuite/test_abort.txt create mode 100644 cpp/windows/libfuzzer/testsuite/test_address_sanitizer.txt create mode 100644 cpp/windows/libfuzzer/testsuite/test_assert.txt create mode 100644 cpp/windows/libfuzzer/testsuite/test_null_deref.txt create mode 100644 cpp/windows/libfuzzer/testsuite/test_raise_fail_fast.txt create mode 100644 cpp/windows/libfuzzer/testsuite/test_runtime_error.txt rename csharp/{libfuzzer/csharp-sharpfuzz => linux/libfuzzer}/Dockerfile (100%) rename csharp/{libfuzzer/csharp-sharpfuzz => linux/libfuzzer}/Mayhemfile (100%) rename csharp/{libfuzzer/csharp-sharpfuzz => linux/libfuzzer}/Program.cs (100%) rename csharp/{libfuzzer/csharp-sharpfuzz => linux/libfuzzer}/README.md (100%) rename csharp/{libfuzzer/csharp-sharpfuzz => linux/libfuzzer}/fuzzme.csproj (100%) rename csharp/{libfuzzer/csharp-sharpfuzz => linux/libfuzzer}/testsuite/seed.txt (100%) create mode 100644 csharp/windows/base-executable/README.md rename {cpp/windows => csharp/windows/base-executable}/dotnet_fuzz_target.cs (100%) create mode 100644 csharp/windows/base-executable/testsuite/test_abort.txt create mode 100644 csharp/windows/base-executable/testsuite/test_address_sanitizer.txt create mode 100644 csharp/windows/base-executable/testsuite/test_assert.txt create mode 100644 csharp/windows/base-executable/testsuite/test_null_deref.txt create mode 100644 csharp/windows/base-executable/testsuite/test_raise_fail_fast.txt create mode 100644 csharp/windows/base-executable/testsuite/test_runtime_error.txt create mode 120000 csharp/windows/base-executable/windows-csharp-base-executable diff --git a/base-executable/cpp-base-executable b/base-executable/cpp-base-executable deleted file mode 120000 index beb466d..0000000 --- a/base-executable/cpp-base-executable +++ /dev/null @@ -1 +0,0 @@ -../cpp/base-executable/cpp-base-executable \ No newline at end of file diff --git a/cpp/afl/cpp-afl-clang/Dockerfile b/cpp/linux/afl/cpp-afl-clang/Dockerfile similarity index 100% rename from cpp/afl/cpp-afl-clang/Dockerfile rename to cpp/linux/afl/cpp-afl-clang/Dockerfile diff --git a/cpp/afl/cpp-afl-clang/Mayhemfile b/cpp/linux/afl/cpp-afl-clang/Mayhemfile similarity index 100% rename from cpp/afl/cpp-afl-clang/Mayhemfile rename to cpp/linux/afl/cpp-afl-clang/Mayhemfile diff --git a/cpp/afl/cpp-afl-clang/README.md b/cpp/linux/afl/cpp-afl-clang/README.md similarity index 100% rename from cpp/afl/cpp-afl-clang/README.md rename to cpp/linux/afl/cpp-afl-clang/README.md diff --git a/cpp/afl/cpp-afl-clang/src/mayhemit.cpp b/cpp/linux/afl/cpp-afl-clang/src/mayhemit.cpp similarity index 100% rename from cpp/afl/cpp-afl-clang/src/mayhemit.cpp rename to cpp/linux/afl/cpp-afl-clang/src/mayhemit.cpp diff --git a/cpp/afl/cpp-afl-clang/testsuite/seed.txt b/cpp/linux/afl/cpp-afl-clang/testsuite/seed.txt similarity index 100% rename from cpp/afl/cpp-afl-clang/testsuite/seed.txt rename to cpp/linux/afl/cpp-afl-clang/testsuite/seed.txt diff --git a/cpp/afl/cpp-afl-gcc/Dockerfile b/cpp/linux/afl/cpp-afl-gcc/Dockerfile similarity index 100% rename from cpp/afl/cpp-afl-gcc/Dockerfile rename to cpp/linux/afl/cpp-afl-gcc/Dockerfile diff --git a/cpp/afl/cpp-afl-gcc/Mayhemfile b/cpp/linux/afl/cpp-afl-gcc/Mayhemfile similarity index 100% rename from cpp/afl/cpp-afl-gcc/Mayhemfile rename to cpp/linux/afl/cpp-afl-gcc/Mayhemfile diff --git a/cpp/afl/cpp-afl-gcc/README.md b/cpp/linux/afl/cpp-afl-gcc/README.md similarity index 100% rename from cpp/afl/cpp-afl-gcc/README.md rename to cpp/linux/afl/cpp-afl-gcc/README.md diff --git a/cpp/afl/cpp-afl-gcc/src/mayhemit.cpp b/cpp/linux/afl/cpp-afl-gcc/src/mayhemit.cpp similarity index 100% rename from cpp/afl/cpp-afl-gcc/src/mayhemit.cpp rename to cpp/linux/afl/cpp-afl-gcc/src/mayhemit.cpp diff --git a/cpp/afl/cpp-afl-gcc/testsuite/seed.txt b/cpp/linux/afl/cpp-afl-gcc/testsuite/seed.txt similarity index 100% rename from cpp/afl/cpp-afl-gcc/testsuite/seed.txt rename to cpp/linux/afl/cpp-afl-gcc/testsuite/seed.txt diff --git a/cpp/aflpp/cpp-aflpp-clang/Dockerfile b/cpp/linux/aflpp/cpp-aflpp-clang/Dockerfile similarity index 100% rename from cpp/aflpp/cpp-aflpp-clang/Dockerfile rename to cpp/linux/aflpp/cpp-aflpp-clang/Dockerfile diff --git a/cpp/aflpp/cpp-aflpp-clang/Mayhemfile b/cpp/linux/aflpp/cpp-aflpp-clang/Mayhemfile similarity index 100% rename from cpp/aflpp/cpp-aflpp-clang/Mayhemfile rename to cpp/linux/aflpp/cpp-aflpp-clang/Mayhemfile diff --git a/cpp/aflpp/cpp-aflpp-clang/README.md b/cpp/linux/aflpp/cpp-aflpp-clang/README.md similarity index 100% rename from cpp/aflpp/cpp-aflpp-clang/README.md rename to cpp/linux/aflpp/cpp-aflpp-clang/README.md diff --git a/cpp/aflpp/cpp-aflpp-clang/src/mayhemit.cpp b/cpp/linux/aflpp/cpp-aflpp-clang/src/mayhemit.cpp similarity index 100% rename from cpp/aflpp/cpp-aflpp-clang/src/mayhemit.cpp rename to cpp/linux/aflpp/cpp-aflpp-clang/src/mayhemit.cpp diff --git a/cpp/aflpp/cpp-aflpp-clang/testsuite/seed.txt b/cpp/linux/aflpp/cpp-aflpp-clang/testsuite/seed.txt similarity index 100% rename from cpp/aflpp/cpp-aflpp-clang/testsuite/seed.txt rename to cpp/linux/aflpp/cpp-aflpp-clang/testsuite/seed.txt diff --git a/cpp/aflpp/cpp-aflpp-gcc/Dockerfile b/cpp/linux/aflpp/cpp-aflpp-gcc/Dockerfile similarity index 100% rename from cpp/aflpp/cpp-aflpp-gcc/Dockerfile rename to cpp/linux/aflpp/cpp-aflpp-gcc/Dockerfile diff --git a/cpp/aflpp/cpp-aflpp-gcc/Mayhemfile b/cpp/linux/aflpp/cpp-aflpp-gcc/Mayhemfile similarity index 100% rename from cpp/aflpp/cpp-aflpp-gcc/Mayhemfile rename to cpp/linux/aflpp/cpp-aflpp-gcc/Mayhemfile diff --git a/cpp/aflpp/cpp-aflpp-gcc/README.md b/cpp/linux/aflpp/cpp-aflpp-gcc/README.md similarity index 100% rename from cpp/aflpp/cpp-aflpp-gcc/README.md rename to cpp/linux/aflpp/cpp-aflpp-gcc/README.md diff --git a/cpp/aflpp/cpp-aflpp-gcc/src/mayhemit.cpp b/cpp/linux/aflpp/cpp-aflpp-gcc/src/mayhemit.cpp similarity index 100% rename from cpp/aflpp/cpp-aflpp-gcc/src/mayhemit.cpp rename to cpp/linux/aflpp/cpp-aflpp-gcc/src/mayhemit.cpp diff --git a/cpp/aflpp/cpp-aflpp-gcc/testsuite/seed.txt b/cpp/linux/aflpp/cpp-aflpp-gcc/testsuite/seed.txt similarity index 100% rename from cpp/aflpp/cpp-aflpp-gcc/testsuite/seed.txt rename to cpp/linux/aflpp/cpp-aflpp-gcc/testsuite/seed.txt diff --git a/cpp/base-executable/cpp-base-executable/Dockerfile b/cpp/linux/base-executable/cpp-base-executable/Dockerfile similarity index 100% rename from cpp/base-executable/cpp-base-executable/Dockerfile rename to cpp/linux/base-executable/cpp-base-executable/Dockerfile diff --git a/cpp/base-executable/cpp-base-executable/Mayhemfile b/cpp/linux/base-executable/cpp-base-executable/Mayhemfile similarity index 100% rename from cpp/base-executable/cpp-base-executable/Mayhemfile rename to cpp/linux/base-executable/cpp-base-executable/Mayhemfile diff --git a/cpp/base-executable/cpp-base-executable/README.md b/cpp/linux/base-executable/cpp-base-executable/README.md similarity index 100% rename from cpp/base-executable/cpp-base-executable/README.md rename to cpp/linux/base-executable/cpp-base-executable/README.md diff --git a/cpp/linux/base-executable/cpp-base-executable/linux-cpp-base-executable b/cpp/linux/base-executable/cpp-base-executable/linux-cpp-base-executable new file mode 120000 index 0000000..05cc7f8 --- /dev/null +++ b/cpp/linux/base-executable/cpp-base-executable/linux-cpp-base-executable @@ -0,0 +1 @@ +./linux-cpp-base-executable \ No newline at end of file diff --git a/cpp/base-executable/cpp-base-executable/src/mayhemit.cpp b/cpp/linux/base-executable/cpp-base-executable/src/mayhemit.cpp similarity index 100% rename from cpp/base-executable/cpp-base-executable/src/mayhemit.cpp rename to cpp/linux/base-executable/cpp-base-executable/src/mayhemit.cpp diff --git a/cpp/base-executable/cpp-base-executable/testsuite/seed.txt b/cpp/linux/base-executable/cpp-base-executable/testsuite/seed.txt similarity index 100% rename from cpp/base-executable/cpp-base-executable/testsuite/seed.txt rename to cpp/linux/base-executable/cpp-base-executable/testsuite/seed.txt diff --git a/cpp/honggfuzz/cpp-honggfuzz-clang/Dockerfile b/cpp/linux/honggfuzz/cpp-honggfuzz-clang/Dockerfile similarity index 100% rename from cpp/honggfuzz/cpp-honggfuzz-clang/Dockerfile rename to cpp/linux/honggfuzz/cpp-honggfuzz-clang/Dockerfile diff --git a/cpp/honggfuzz/cpp-honggfuzz-clang/Mayhemfile b/cpp/linux/honggfuzz/cpp-honggfuzz-clang/Mayhemfile similarity index 100% rename from cpp/honggfuzz/cpp-honggfuzz-clang/Mayhemfile rename to cpp/linux/honggfuzz/cpp-honggfuzz-clang/Mayhemfile diff --git a/cpp/honggfuzz/cpp-honggfuzz-clang/README.md b/cpp/linux/honggfuzz/cpp-honggfuzz-clang/README.md similarity index 100% rename from cpp/honggfuzz/cpp-honggfuzz-clang/README.md rename to cpp/linux/honggfuzz/cpp-honggfuzz-clang/README.md diff --git a/cpp/honggfuzz/cpp-honggfuzz-clang/src/mayhemit.cpp b/cpp/linux/honggfuzz/cpp-honggfuzz-clang/src/mayhemit.cpp similarity index 100% rename from cpp/honggfuzz/cpp-honggfuzz-clang/src/mayhemit.cpp rename to cpp/linux/honggfuzz/cpp-honggfuzz-clang/src/mayhemit.cpp diff --git a/cpp/honggfuzz/cpp-honggfuzz-clang/testsuite/seed.txt b/cpp/linux/honggfuzz/cpp-honggfuzz-clang/testsuite/seed.txt similarity index 100% rename from cpp/honggfuzz/cpp-honggfuzz-clang/testsuite/seed.txt rename to cpp/linux/honggfuzz/cpp-honggfuzz-clang/testsuite/seed.txt diff --git a/cpp/honggfuzz/cpp-honggfuzz-gcc/Dockerfile b/cpp/linux/honggfuzz/cpp-honggfuzz-gcc/Dockerfile similarity index 100% rename from cpp/honggfuzz/cpp-honggfuzz-gcc/Dockerfile rename to cpp/linux/honggfuzz/cpp-honggfuzz-gcc/Dockerfile diff --git a/cpp/honggfuzz/cpp-honggfuzz-gcc/Mayhemfile b/cpp/linux/honggfuzz/cpp-honggfuzz-gcc/Mayhemfile similarity index 100% rename from cpp/honggfuzz/cpp-honggfuzz-gcc/Mayhemfile rename to cpp/linux/honggfuzz/cpp-honggfuzz-gcc/Mayhemfile diff --git a/cpp/honggfuzz/cpp-honggfuzz-gcc/README.md b/cpp/linux/honggfuzz/cpp-honggfuzz-gcc/README.md similarity index 100% rename from cpp/honggfuzz/cpp-honggfuzz-gcc/README.md rename to cpp/linux/honggfuzz/cpp-honggfuzz-gcc/README.md diff --git a/cpp/honggfuzz/cpp-honggfuzz-gcc/src/mayhemit.cpp b/cpp/linux/honggfuzz/cpp-honggfuzz-gcc/src/mayhemit.cpp similarity index 100% rename from cpp/honggfuzz/cpp-honggfuzz-gcc/src/mayhemit.cpp rename to cpp/linux/honggfuzz/cpp-honggfuzz-gcc/src/mayhemit.cpp diff --git a/cpp/honggfuzz/cpp-honggfuzz-gcc/testsuite/seed.txt b/cpp/linux/honggfuzz/cpp-honggfuzz-gcc/testsuite/seed.txt similarity index 100% rename from cpp/honggfuzz/cpp-honggfuzz-gcc/testsuite/seed.txt rename to cpp/linux/honggfuzz/cpp-honggfuzz-gcc/testsuite/seed.txt diff --git a/cpp/libfuzzer/cpp-libfuzzer/Dockerfile b/cpp/linux/libfuzzer/cpp-libfuzzer/Dockerfile similarity index 100% rename from cpp/libfuzzer/cpp-libfuzzer/Dockerfile rename to cpp/linux/libfuzzer/cpp-libfuzzer/Dockerfile diff --git a/cpp/libfuzzer/cpp-libfuzzer/Mayhemfile b/cpp/linux/libfuzzer/cpp-libfuzzer/Mayhemfile similarity index 100% rename from cpp/libfuzzer/cpp-libfuzzer/Mayhemfile rename to cpp/linux/libfuzzer/cpp-libfuzzer/Mayhemfile diff --git a/cpp/libfuzzer/cpp-libfuzzer/README.md b/cpp/linux/libfuzzer/cpp-libfuzzer/README.md similarity index 100% rename from cpp/libfuzzer/cpp-libfuzzer/README.md rename to cpp/linux/libfuzzer/cpp-libfuzzer/README.md diff --git a/cpp/libfuzzer/cpp-libfuzzer/src/mayhemit.cpp b/cpp/linux/libfuzzer/cpp-libfuzzer/src/mayhemit.cpp similarity index 100% rename from cpp/libfuzzer/cpp-libfuzzer/src/mayhemit.cpp rename to cpp/linux/libfuzzer/cpp-libfuzzer/src/mayhemit.cpp diff --git a/cpp/libfuzzer/cpp-libfuzzer/testsuite/seed.txt b/cpp/linux/libfuzzer/cpp-libfuzzer/testsuite/seed.txt similarity index 100% rename from cpp/libfuzzer/cpp-libfuzzer/testsuite/seed.txt rename to cpp/linux/libfuzzer/cpp-libfuzzer/testsuite/seed.txt diff --git a/cpp/windows/base-executable/clang/Dockerfile b/cpp/windows/base-executable/clang/Dockerfile new file mode 100644 index 0000000..e69de29 diff --git a/cpp/windows/base-executable/clang/Mayhemfile b/cpp/windows/base-executable/clang/Mayhemfile new file mode 100644 index 0000000..e69de29 diff --git a/cpp/windows/base-executable/clang/README.md b/cpp/windows/base-executable/clang/README.md new file mode 100644 index 0000000..e69de29 diff --git a/cpp/windows/fuzz_methods.cpp b/cpp/windows/base-executable/clang/src/fuzz_methods.cpp similarity index 100% rename from cpp/windows/fuzz_methods.cpp rename to cpp/windows/base-executable/clang/src/fuzz_methods.cpp diff --git a/cpp/windows/fuzz_target.cpp b/cpp/windows/base-executable/clang/src/fuzz_target.cpp similarity index 100% rename from cpp/windows/fuzz_target.cpp rename to cpp/windows/base-executable/clang/src/fuzz_target.cpp diff --git a/cpp/windows/testsuite/test_abort.txt b/cpp/windows/base-executable/clang/testsuite/test_abort.txt similarity index 100% rename from cpp/windows/testsuite/test_abort.txt rename to cpp/windows/base-executable/clang/testsuite/test_abort.txt diff --git a/cpp/windows/testsuite/test_address_sanitizer.txt b/cpp/windows/base-executable/clang/testsuite/test_address_sanitizer.txt similarity index 100% rename from cpp/windows/testsuite/test_address_sanitizer.txt rename to cpp/windows/base-executable/clang/testsuite/test_address_sanitizer.txt diff --git a/cpp/windows/testsuite/test_assert.txt b/cpp/windows/base-executable/clang/testsuite/test_assert.txt similarity index 100% rename from cpp/windows/testsuite/test_assert.txt rename to cpp/windows/base-executable/clang/testsuite/test_assert.txt diff --git a/cpp/windows/testsuite/test_null_deref.txt b/cpp/windows/base-executable/clang/testsuite/test_null_deref.txt similarity index 100% rename from cpp/windows/testsuite/test_null_deref.txt rename to cpp/windows/base-executable/clang/testsuite/test_null_deref.txt diff --git a/cpp/windows/testsuite/test_raise_fail_fast.txt b/cpp/windows/base-executable/clang/testsuite/test_raise_fail_fast.txt similarity index 100% rename from cpp/windows/testsuite/test_raise_fail_fast.txt rename to cpp/windows/base-executable/clang/testsuite/test_raise_fail_fast.txt diff --git a/cpp/windows/testsuite/test_runtime_error.txt b/cpp/windows/base-executable/clang/testsuite/test_runtime_error.txt similarity index 100% rename from cpp/windows/testsuite/test_runtime_error.txt rename to cpp/windows/base-executable/clang/testsuite/test_runtime_error.txt diff --git a/cpp/windows/base-executable/gcc/Dockerfile b/cpp/windows/base-executable/gcc/Dockerfile new file mode 100644 index 0000000..e69de29 diff --git a/cpp/windows/base-executable/gcc/Mayhemfile b/cpp/windows/base-executable/gcc/Mayhemfile new file mode 100644 index 0000000..e69de29 diff --git a/cpp/windows/base-executable/gcc/README.md b/cpp/windows/base-executable/gcc/README.md new file mode 100644 index 0000000..e69de29 diff --git a/cpp/windows/base-executable/gcc/src/fuzz_methods.cpp b/cpp/windows/base-executable/gcc/src/fuzz_methods.cpp new file mode 100644 index 0000000..ae0df1c --- /dev/null +++ b/cpp/windows/base-executable/gcc/src/fuzz_methods.cpp @@ -0,0 +1,92 @@ +#include +#include +#include +#include +#include +#include + +void fuzz_init() { + static bool initialized = false; + if (!initialized) { +#ifdef _MSC_VER + // abort() displays a message box, then exits. + // assert() may not crash or trigger a debugger, depending on the CRT configuration. + // This disables the message box, but does not solve the whole problem. + // This is only available in MSVC. + _set_abort_behavior(0, _WRITE_ABORT_MSG | _CALL_REPORTFAULT); +#endif + initialized = true; + } +} + +void test_address_sanitizer_boo(std::string data) { + // This function uses a null deref to see if mayhem catches it with 'address_sanitizer' + if (data.size() >= 3) { + if (data.c_str()[0] == 'b' && data.c_str()[1] == 'o' && data.c_str()[2] == 'o') { + // Note: this will crash powershell in MSVC. + std::cout << "Found 'boo' address sanitizer corner case!\n"; + int* x = new int[100]; + x[100] = 5; + delete[] x; + } + } +} + +void test_null_deref_mom(std::string data) { + // This function uses a null deref to see if mayhem catches it with 'mom' + if (data.size() >= 3) { + if (data.c_str()[0] == 'm' && data.c_str()[1] == 'o' && data.c_str()[2] == 'm') { + std::cout << "Found 'mom' null deref corner case!\n"; + *((volatile int*)0) = 123; // guaranteed crash + } + } +} + +void test_runtime_error_dad(std::string data) { + // This function uses a runtime error to see if mayhem catches it with input 'dad'. + if (data.size() >= 3) { + if (data.c_str()[0] == 'd' && data.c_str()[1] == 'a' && data.c_str()[2] == 'd') { + std::cout << "Found 'dad' corner case!\n"; + throw std::runtime_error("Found 'dad' runtime_error corner case!"); // Alternative: throw an exception + } + } +} + +void test_assert_cab(std::string data) { + if (data.size() >= 3) { + if (data.c_str()[0] == 'c' && data.c_str()[1] == 'a' && data.c_str()[2] == 'b') { + std::cout << "Found 'cab' assert corner case!\n"; + assert(1 == 0); + } + } +} + +void test_raise_fail_fast_dog(std::string data) { + if (data.size() >= 3) { + if (data.c_str()[0] == 'd' && data.c_str()[1] == 'o' && data.c_str()[2] == 'g') { + std::cout << "Found 'dog' RaiseFailFastException!\n"; + RaiseFailFastException(nullptr, nullptr, 0); + } + } +} + + +void test_abort_bug(std::string data) { + // This function uses a null deref to see if mayhem catches it with 'bug' + + if (data.size() >= 3) { + if (data.c_str()[0] == 'b' && data.c_str()[1] == 'u' && data.c_str()[2] == 'g') { + std::cout << "Found 'bug' abort corner case!\n"; + abort(); // Uncomment to crash on this condition + } + } +} + +void test_all(std::string data) { + test_abort_bug(data); + test_assert_cab(data); + test_null_deref_mom(data); + test_runtime_error_dad(data); + test_address_sanitizer_boo(data); + test_raise_fail_fast_dog(data); +} \ No newline at end of file diff --git a/cpp/windows/base-executable/gcc/src/fuzz_target.cpp b/cpp/windows/base-executable/gcc/src/fuzz_target.cpp new file mode 100644 index 0000000..acc0a07 --- /dev/null +++ b/cpp/windows/base-executable/gcc/src/fuzz_target.cpp @@ -0,0 +1,23 @@ +#include +#include "fuzz_methods.cpp" + +int main(int argc, char* argv[]) { + if (argc < 2) { + std::cerr << "Usage: fuzz_target \n"; + return 1; + } + + std::ifstream file(argv[1], std::ios::binary); + if (!file) { + std::cerr << "Error opening file: " << argv[1] << "\n"; + return 1; + } + + std::string data((std::istreambuf_iterator(file)), + std::istreambuf_iterator()); + + fuzz_init(); + test_all(data); + + return 0; +} \ No newline at end of file diff --git a/cpp/windows/base-executable/gcc/testsuite/test_abort.txt b/cpp/windows/base-executable/gcc/testsuite/test_abort.txt new file mode 100644 index 0000000..b7ce198 --- /dev/null +++ b/cpp/windows/base-executable/gcc/testsuite/test_abort.txt @@ -0,0 +1 @@ +bu. \ No newline at end of file diff --git a/cpp/windows/base-executable/gcc/testsuite/test_address_sanitizer.txt b/cpp/windows/base-executable/gcc/testsuite/test_address_sanitizer.txt new file mode 100644 index 0000000..7b27f90 --- /dev/null +++ b/cpp/windows/base-executable/gcc/testsuite/test_address_sanitizer.txt @@ -0,0 +1 @@ +bo. \ No newline at end of file diff --git a/cpp/windows/base-executable/gcc/testsuite/test_assert.txt b/cpp/windows/base-executable/gcc/testsuite/test_assert.txt new file mode 100644 index 0000000..ef55258 --- /dev/null +++ b/cpp/windows/base-executable/gcc/testsuite/test_assert.txt @@ -0,0 +1 @@ +ca. \ No newline at end of file diff --git a/cpp/windows/base-executable/gcc/testsuite/test_null_deref.txt b/cpp/windows/base-executable/gcc/testsuite/test_null_deref.txt new file mode 100644 index 0000000..5d3a263 --- /dev/null +++ b/cpp/windows/base-executable/gcc/testsuite/test_null_deref.txt @@ -0,0 +1 @@ +mo. \ No newline at end of file diff --git a/cpp/windows/base-executable/gcc/testsuite/test_raise_fail_fast.txt b/cpp/windows/base-executable/gcc/testsuite/test_raise_fail_fast.txt new file mode 100644 index 0000000..0baf38e --- /dev/null +++ b/cpp/windows/base-executable/gcc/testsuite/test_raise_fail_fast.txt @@ -0,0 +1 @@ +do. \ No newline at end of file diff --git a/cpp/windows/base-executable/gcc/testsuite/test_runtime_error.txt b/cpp/windows/base-executable/gcc/testsuite/test_runtime_error.txt new file mode 100644 index 0000000..ee94fad --- /dev/null +++ b/cpp/windows/base-executable/gcc/testsuite/test_runtime_error.txt @@ -0,0 +1 @@ +da. \ No newline at end of file diff --git a/cpp/windows/base-executable/msvc/Dockerfile b/cpp/windows/base-executable/msvc/Dockerfile new file mode 100644 index 0000000..e69de29 diff --git a/cpp/windows/base-executable/msvc/Mayhemfile b/cpp/windows/base-executable/msvc/Mayhemfile new file mode 100644 index 0000000..e69de29 diff --git a/cpp/windows/base-executable/msvc/README.md b/cpp/windows/base-executable/msvc/README.md new file mode 100644 index 0000000..e69de29 diff --git a/cpp/windows/base-executable/msvc/src/fuzz_methods.cpp b/cpp/windows/base-executable/msvc/src/fuzz_methods.cpp new file mode 100644 index 0000000..ae0df1c --- /dev/null +++ b/cpp/windows/base-executable/msvc/src/fuzz_methods.cpp @@ -0,0 +1,92 @@ +#include +#include +#include +#include +#include +#include + +void fuzz_init() { + static bool initialized = false; + if (!initialized) { +#ifdef _MSC_VER + // abort() displays a message box, then exits. + // assert() may not crash or trigger a debugger, depending on the CRT configuration. + // This disables the message box, but does not solve the whole problem. + // This is only available in MSVC. + _set_abort_behavior(0, _WRITE_ABORT_MSG | _CALL_REPORTFAULT); +#endif + initialized = true; + } +} + +void test_address_sanitizer_boo(std::string data) { + // This function uses a null deref to see if mayhem catches it with 'address_sanitizer' + if (data.size() >= 3) { + if (data.c_str()[0] == 'b' && data.c_str()[1] == 'o' && data.c_str()[2] == 'o') { + // Note: this will crash powershell in MSVC. + std::cout << "Found 'boo' address sanitizer corner case!\n"; + int* x = new int[100]; + x[100] = 5; + delete[] x; + } + } +} + +void test_null_deref_mom(std::string data) { + // This function uses a null deref to see if mayhem catches it with 'mom' + if (data.size() >= 3) { + if (data.c_str()[0] == 'm' && data.c_str()[1] == 'o' && data.c_str()[2] == 'm') { + std::cout << "Found 'mom' null deref corner case!\n"; + *((volatile int*)0) = 123; // guaranteed crash + } + } +} + +void test_runtime_error_dad(std::string data) { + // This function uses a runtime error to see if mayhem catches it with input 'dad'. + if (data.size() >= 3) { + if (data.c_str()[0] == 'd' && data.c_str()[1] == 'a' && data.c_str()[2] == 'd') { + std::cout << "Found 'dad' corner case!\n"; + throw std::runtime_error("Found 'dad' runtime_error corner case!"); // Alternative: throw an exception + } + } +} + +void test_assert_cab(std::string data) { + if (data.size() >= 3) { + if (data.c_str()[0] == 'c' && data.c_str()[1] == 'a' && data.c_str()[2] == 'b') { + std::cout << "Found 'cab' assert corner case!\n"; + assert(1 == 0); + } + } +} + +void test_raise_fail_fast_dog(std::string data) { + if (data.size() >= 3) { + if (data.c_str()[0] == 'd' && data.c_str()[1] == 'o' && data.c_str()[2] == 'g') { + std::cout << "Found 'dog' RaiseFailFastException!\n"; + RaiseFailFastException(nullptr, nullptr, 0); + } + } +} + + +void test_abort_bug(std::string data) { + // This function uses a null deref to see if mayhem catches it with 'bug' + + if (data.size() >= 3) { + if (data.c_str()[0] == 'b' && data.c_str()[1] == 'u' && data.c_str()[2] == 'g') { + std::cout << "Found 'bug' abort corner case!\n"; + abort(); // Uncomment to crash on this condition + } + } +} + +void test_all(std::string data) { + test_abort_bug(data); + test_assert_cab(data); + test_null_deref_mom(data); + test_runtime_error_dad(data); + test_address_sanitizer_boo(data); + test_raise_fail_fast_dog(data); +} \ No newline at end of file diff --git a/cpp/windows/base-executable/msvc/src/fuzz_target.cpp b/cpp/windows/base-executable/msvc/src/fuzz_target.cpp new file mode 100644 index 0000000..acc0a07 --- /dev/null +++ b/cpp/windows/base-executable/msvc/src/fuzz_target.cpp @@ -0,0 +1,23 @@ +#include +#include "fuzz_methods.cpp" + +int main(int argc, char* argv[]) { + if (argc < 2) { + std::cerr << "Usage: fuzz_target \n"; + return 1; + } + + std::ifstream file(argv[1], std::ios::binary); + if (!file) { + std::cerr << "Error opening file: " << argv[1] << "\n"; + return 1; + } + + std::string data((std::istreambuf_iterator(file)), + std::istreambuf_iterator()); + + fuzz_init(); + test_all(data); + + return 0; +} \ No newline at end of file diff --git a/cpp/windows/base-executable/msvc/testsuite/test_abort.txt b/cpp/windows/base-executable/msvc/testsuite/test_abort.txt new file mode 100644 index 0000000..b7ce198 --- /dev/null +++ b/cpp/windows/base-executable/msvc/testsuite/test_abort.txt @@ -0,0 +1 @@ +bu. \ No newline at end of file diff --git a/cpp/windows/base-executable/msvc/testsuite/test_address_sanitizer.txt b/cpp/windows/base-executable/msvc/testsuite/test_address_sanitizer.txt new file mode 100644 index 0000000..7b27f90 --- /dev/null +++ b/cpp/windows/base-executable/msvc/testsuite/test_address_sanitizer.txt @@ -0,0 +1 @@ +bo. \ No newline at end of file diff --git a/cpp/windows/base-executable/msvc/testsuite/test_assert.txt b/cpp/windows/base-executable/msvc/testsuite/test_assert.txt new file mode 100644 index 0000000..ef55258 --- /dev/null +++ b/cpp/windows/base-executable/msvc/testsuite/test_assert.txt @@ -0,0 +1 @@ +ca. \ No newline at end of file diff --git a/cpp/windows/base-executable/msvc/testsuite/test_null_deref.txt b/cpp/windows/base-executable/msvc/testsuite/test_null_deref.txt new file mode 100644 index 0000000..5d3a263 --- /dev/null +++ b/cpp/windows/base-executable/msvc/testsuite/test_null_deref.txt @@ -0,0 +1 @@ +mo. \ No newline at end of file diff --git a/cpp/windows/base-executable/msvc/testsuite/test_raise_fail_fast.txt b/cpp/windows/base-executable/msvc/testsuite/test_raise_fail_fast.txt new file mode 100644 index 0000000..0baf38e --- /dev/null +++ b/cpp/windows/base-executable/msvc/testsuite/test_raise_fail_fast.txt @@ -0,0 +1 @@ +do. \ No newline at end of file diff --git a/cpp/windows/base-executable/msvc/testsuite/test_runtime_error.txt b/cpp/windows/base-executable/msvc/testsuite/test_runtime_error.txt new file mode 100644 index 0000000..ee94fad --- /dev/null +++ b/cpp/windows/base-executable/msvc/testsuite/test_runtime_error.txt @@ -0,0 +1 @@ +da. \ No newline at end of file diff --git a/cpp/windows/base-executable/msvc/windows-cpp-base-executable b/cpp/windows/base-executable/msvc/windows-cpp-base-executable new file mode 120000 index 0000000..ba095ef --- /dev/null +++ b/cpp/windows/base-executable/msvc/windows-cpp-base-executable @@ -0,0 +1 @@ +./windows-cpp-base-executable \ No newline at end of file diff --git a/cpp/windows/libfuzzer_target.cpp b/cpp/windows/libfuzzer/libfuzzer_target.cpp similarity index 100% rename from cpp/windows/libfuzzer_target.cpp rename to cpp/windows/libfuzzer/libfuzzer_target.cpp diff --git a/cpp/windows/libfuzzer/testsuite/test_abort.txt b/cpp/windows/libfuzzer/testsuite/test_abort.txt new file mode 100644 index 0000000..b7ce198 --- /dev/null +++ b/cpp/windows/libfuzzer/testsuite/test_abort.txt @@ -0,0 +1 @@ +bu. \ No newline at end of file diff --git a/cpp/windows/libfuzzer/testsuite/test_address_sanitizer.txt b/cpp/windows/libfuzzer/testsuite/test_address_sanitizer.txt new file mode 100644 index 0000000..7b27f90 --- /dev/null +++ b/cpp/windows/libfuzzer/testsuite/test_address_sanitizer.txt @@ -0,0 +1 @@ +bo. \ No newline at end of file diff --git a/cpp/windows/libfuzzer/testsuite/test_assert.txt b/cpp/windows/libfuzzer/testsuite/test_assert.txt new file mode 100644 index 0000000..ef55258 --- /dev/null +++ b/cpp/windows/libfuzzer/testsuite/test_assert.txt @@ -0,0 +1 @@ +ca. \ No newline at end of file diff --git a/cpp/windows/libfuzzer/testsuite/test_null_deref.txt b/cpp/windows/libfuzzer/testsuite/test_null_deref.txt new file mode 100644 index 0000000..5d3a263 --- /dev/null +++ b/cpp/windows/libfuzzer/testsuite/test_null_deref.txt @@ -0,0 +1 @@ +mo. \ No newline at end of file diff --git a/cpp/windows/libfuzzer/testsuite/test_raise_fail_fast.txt b/cpp/windows/libfuzzer/testsuite/test_raise_fail_fast.txt new file mode 100644 index 0000000..0baf38e --- /dev/null +++ b/cpp/windows/libfuzzer/testsuite/test_raise_fail_fast.txt @@ -0,0 +1 @@ +do. \ No newline at end of file diff --git a/cpp/windows/libfuzzer/testsuite/test_runtime_error.txt b/cpp/windows/libfuzzer/testsuite/test_runtime_error.txt new file mode 100644 index 0000000..ee94fad --- /dev/null +++ b/cpp/windows/libfuzzer/testsuite/test_runtime_error.txt @@ -0,0 +1 @@ +da. \ No newline at end of file diff --git a/csharp/libfuzzer/csharp-sharpfuzz/Dockerfile b/csharp/linux/libfuzzer/Dockerfile similarity index 100% rename from csharp/libfuzzer/csharp-sharpfuzz/Dockerfile rename to csharp/linux/libfuzzer/Dockerfile diff --git a/csharp/libfuzzer/csharp-sharpfuzz/Mayhemfile b/csharp/linux/libfuzzer/Mayhemfile similarity index 100% rename from csharp/libfuzzer/csharp-sharpfuzz/Mayhemfile rename to csharp/linux/libfuzzer/Mayhemfile diff --git a/csharp/libfuzzer/csharp-sharpfuzz/Program.cs b/csharp/linux/libfuzzer/Program.cs similarity index 100% rename from csharp/libfuzzer/csharp-sharpfuzz/Program.cs rename to csharp/linux/libfuzzer/Program.cs diff --git a/csharp/libfuzzer/csharp-sharpfuzz/README.md b/csharp/linux/libfuzzer/README.md similarity index 100% rename from csharp/libfuzzer/csharp-sharpfuzz/README.md rename to csharp/linux/libfuzzer/README.md diff --git a/csharp/libfuzzer/csharp-sharpfuzz/fuzzme.csproj b/csharp/linux/libfuzzer/fuzzme.csproj similarity index 100% rename from csharp/libfuzzer/csharp-sharpfuzz/fuzzme.csproj rename to csharp/linux/libfuzzer/fuzzme.csproj diff --git a/csharp/libfuzzer/csharp-sharpfuzz/testsuite/seed.txt b/csharp/linux/libfuzzer/testsuite/seed.txt similarity index 100% rename from csharp/libfuzzer/csharp-sharpfuzz/testsuite/seed.txt rename to csharp/linux/libfuzzer/testsuite/seed.txt diff --git a/csharp/windows/base-executable/README.md b/csharp/windows/base-executable/README.md new file mode 100644 index 0000000..e69de29 diff --git a/cpp/windows/dotnet_fuzz_target.cs b/csharp/windows/base-executable/dotnet_fuzz_target.cs similarity index 100% rename from cpp/windows/dotnet_fuzz_target.cs rename to csharp/windows/base-executable/dotnet_fuzz_target.cs diff --git a/csharp/windows/base-executable/testsuite/test_abort.txt b/csharp/windows/base-executable/testsuite/test_abort.txt new file mode 100644 index 0000000..b7ce198 --- /dev/null +++ b/csharp/windows/base-executable/testsuite/test_abort.txt @@ -0,0 +1 @@ +bu. \ No newline at end of file diff --git a/csharp/windows/base-executable/testsuite/test_address_sanitizer.txt b/csharp/windows/base-executable/testsuite/test_address_sanitizer.txt new file mode 100644 index 0000000..7b27f90 --- /dev/null +++ b/csharp/windows/base-executable/testsuite/test_address_sanitizer.txt @@ -0,0 +1 @@ +bo. \ No newline at end of file diff --git a/csharp/windows/base-executable/testsuite/test_assert.txt b/csharp/windows/base-executable/testsuite/test_assert.txt new file mode 100644 index 0000000..ef55258 --- /dev/null +++ b/csharp/windows/base-executable/testsuite/test_assert.txt @@ -0,0 +1 @@ +ca. \ No newline at end of file diff --git a/csharp/windows/base-executable/testsuite/test_null_deref.txt b/csharp/windows/base-executable/testsuite/test_null_deref.txt new file mode 100644 index 0000000..5d3a263 --- /dev/null +++ b/csharp/windows/base-executable/testsuite/test_null_deref.txt @@ -0,0 +1 @@ +mo. \ No newline at end of file diff --git a/csharp/windows/base-executable/testsuite/test_raise_fail_fast.txt b/csharp/windows/base-executable/testsuite/test_raise_fail_fast.txt new file mode 100644 index 0000000..0baf38e --- /dev/null +++ b/csharp/windows/base-executable/testsuite/test_raise_fail_fast.txt @@ -0,0 +1 @@ +do. \ No newline at end of file diff --git a/csharp/windows/base-executable/testsuite/test_runtime_error.txt b/csharp/windows/base-executable/testsuite/test_runtime_error.txt new file mode 100644 index 0000000..ee94fad --- /dev/null +++ b/csharp/windows/base-executable/testsuite/test_runtime_error.txt @@ -0,0 +1 @@ +da. \ No newline at end of file diff --git a/csharp/windows/base-executable/windows-csharp-base-executable b/csharp/windows/base-executable/windows-csharp-base-executable new file mode 120000 index 0000000..2813989 --- /dev/null +++ b/csharp/windows/base-executable/windows-csharp-base-executable @@ -0,0 +1 @@ +./windows-csharp-base-executable \ No newline at end of file From f70cef46fa93e82ebb34c452dc08d43eef0eea87 Mon Sep 17 00:00:00 2001 From: Dan Forbes Date: Fri, 15 Aug 2025 11:39:15 -0400 Subject: [PATCH 03/13] Add Windows Workflow --- .github/workflows/build-windows.yml | 75 +++++++++++++++ cpp/windows/libfuzzer/src/fuzz_methods.cpp | 92 +++++++++++++++++++ .../libfuzzer/{ => src}/libfuzzer_target.cpp | 0 3 files changed, 167 insertions(+) create mode 100644 .github/workflows/build-windows.yml create mode 100644 cpp/windows/libfuzzer/src/fuzz_methods.cpp rename cpp/windows/libfuzzer/{ => src}/libfuzzer_target.cpp (100%) diff --git a/.github/workflows/build-windows.yml b/.github/workflows/build-windows.yml new file mode 100644 index 0000000..82b4b68 --- /dev/null +++ b/.github/workflows/build-windows.yml @@ -0,0 +1,75 @@ +name: Build Windows + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + workflow_dispatch: + workflow_call: + inputs: + mayhem_url: + description: 'Mayhem URL' + required: true + default: 'https://app.mayhem.security' + type: string + workspace: + description: 'Mayhem Workspace' + required: true + default: 'dforbes' + type: string + +jobs: + build: + runs-on: windows-latest + steps: + - name: Check out the repo + uses: actions/checkout@v5 + + - name: Setup Developer Command Prompt + uses: TheMrMilchmann/setup-msvc-dev@v3 + with: + arch: x64 + + - name: Build + run: | + cl.exe cpp\windows\base-executable\msvc\src\fuzz_target.cpp /nologo /Zi /FS /MDd /EHsc /Fo: "fuzz_target_msvc.obj" /Fe: "fuzz_target_msvc.exe" + clang++.exe cpp\windows\base-executable\clang\src\fuzz_target.cpp -g -O1 -o fuzz_target_clang.exe + clang++.exe cpp\windows\libfuzzer\src\libfuzzer_target.cpp -g -O1 -fsanitize=fuzzer -o fuzz_target_libfuzzer.exe + g++.exe cpp\windows\base-executable\gcc\src\fuzz_target.cpp -g -O1 -o fuzz_target_mingw.exe + + - name: Install Mayhem + shell: pwsh + run: | + Invoke-WebRequest -Uri "https://app.mayhem.security/cli/Windows/mayhem.msi" -OutFile "mayhem.msi" + Start-Process msiexec.exe -ArgumentList "/i mayhem.msi /quiet /norestart" -Wait + echo "MAYHEM_PATH=C:\Program Files (x86)\Mayhem\mayhem.exe" | Out-File -FilePath $env:GITHUB_ENV -Append + + - name: Set values + shell: pwsh + run: | + $mayhemUrl = if ([string]::IsNullOrEmpty("${{ inputs.mayhem_url }}")) { 'https://app.mayhem.security' } else { "${{ inputs.mayhem_url }}" } + $workspace = if ([string]::IsNullOrEmpty("${{ inputs.workspace }}")) { 'dforbes' } else { "${{ inputs.workspace }}" } + echo "MAYHEM_URL=$mayhemUrl" | Out-File -FilePath $env:GITHUB_ENV -Append + echo "WORKSPACE=$workspace" | Out-File -FilePath $env:GITHUB_ENV -Append + + - name: Mayhem login + shell: pwsh + run: | + &$env:MAYHEM_PATH login "$env:MAYHEM_URL" "${{ secrets.MAYHEM_TOKEN }}" + + - name: Mayhem run + shell: pwsh + run: | + &$env:MAYHEM_PATH package -o mayhem_package_msvc fuzz_target_msvc.exe + Copy-Item -Path cpp\windows\base-executable\msvc\testsuite -Destination mayhem_package_msvc\testsuite + &$env:MAYHEM_PATH run --owner $env:WORKSPACE --project mayhem-examples --target cpp-windows-msvc --duration 5m mayhem_package_msvc + &$env:MAYHEM_PATH package -o mayhem_package_clang fuzz_target_clang.exe + Copy-Item -Path cpp\windows\base-executable\clang\testsuite -Destination mayhem_package_clang\testsuite + &$env:MAYHEM_PATH run --owner $env:WORKSPACE --project mayhem-examples --target cpp-windows-clang --duration 5m mayhem_package_clang + &$env:MAYHEM_PATH package -o mayhem_package_libfuzzer fuzz_target_libfuzzer.exe + Copy-Item -Path cpp\windows\libfuzzer\testsuite -Destination mayhem_package_libfuzzer\testsuite + &$env:MAYHEM_PATH run --owner $env:WORKSPACE --project mayhem-examples --target cpp-windows-libfuzzer --duration 5m mayhem_package_libfuzzer + &$env:MAYHEM_PATH package -o mayhem_package_mingw fuzz_target_mingw.exe + Copy-Item -Path cpp\windows\base-executable\gcc\testsuite -Destination mayhem_package_mingw\testsuite + &$env:MAYHEM_PATH run --owner $env:WORKSPACE --project mayhem-examples --target cpp-windows-mingw --duration 5m mayhem_package_mingw diff --git a/cpp/windows/libfuzzer/src/fuzz_methods.cpp b/cpp/windows/libfuzzer/src/fuzz_methods.cpp new file mode 100644 index 0000000..ae0df1c --- /dev/null +++ b/cpp/windows/libfuzzer/src/fuzz_methods.cpp @@ -0,0 +1,92 @@ +#include +#include +#include +#include +#include +#include + +void fuzz_init() { + static bool initialized = false; + if (!initialized) { +#ifdef _MSC_VER + // abort() displays a message box, then exits. + // assert() may not crash or trigger a debugger, depending on the CRT configuration. + // This disables the message box, but does not solve the whole problem. + // This is only available in MSVC. + _set_abort_behavior(0, _WRITE_ABORT_MSG | _CALL_REPORTFAULT); +#endif + initialized = true; + } +} + +void test_address_sanitizer_boo(std::string data) { + // This function uses a null deref to see if mayhem catches it with 'address_sanitizer' + if (data.size() >= 3) { + if (data.c_str()[0] == 'b' && data.c_str()[1] == 'o' && data.c_str()[2] == 'o') { + // Note: this will crash powershell in MSVC. + std::cout << "Found 'boo' address sanitizer corner case!\n"; + int* x = new int[100]; + x[100] = 5; + delete[] x; + } + } +} + +void test_null_deref_mom(std::string data) { + // This function uses a null deref to see if mayhem catches it with 'mom' + if (data.size() >= 3) { + if (data.c_str()[0] == 'm' && data.c_str()[1] == 'o' && data.c_str()[2] == 'm') { + std::cout << "Found 'mom' null deref corner case!\n"; + *((volatile int*)0) = 123; // guaranteed crash + } + } +} + +void test_runtime_error_dad(std::string data) { + // This function uses a runtime error to see if mayhem catches it with input 'dad'. + if (data.size() >= 3) { + if (data.c_str()[0] == 'd' && data.c_str()[1] == 'a' && data.c_str()[2] == 'd') { + std::cout << "Found 'dad' corner case!\n"; + throw std::runtime_error("Found 'dad' runtime_error corner case!"); // Alternative: throw an exception + } + } +} + +void test_assert_cab(std::string data) { + if (data.size() >= 3) { + if (data.c_str()[0] == 'c' && data.c_str()[1] == 'a' && data.c_str()[2] == 'b') { + std::cout << "Found 'cab' assert corner case!\n"; + assert(1 == 0); + } + } +} + +void test_raise_fail_fast_dog(std::string data) { + if (data.size() >= 3) { + if (data.c_str()[0] == 'd' && data.c_str()[1] == 'o' && data.c_str()[2] == 'g') { + std::cout << "Found 'dog' RaiseFailFastException!\n"; + RaiseFailFastException(nullptr, nullptr, 0); + } + } +} + + +void test_abort_bug(std::string data) { + // This function uses a null deref to see if mayhem catches it with 'bug' + + if (data.size() >= 3) { + if (data.c_str()[0] == 'b' && data.c_str()[1] == 'u' && data.c_str()[2] == 'g') { + std::cout << "Found 'bug' abort corner case!\n"; + abort(); // Uncomment to crash on this condition + } + } +} + +void test_all(std::string data) { + test_abort_bug(data); + test_assert_cab(data); + test_null_deref_mom(data); + test_runtime_error_dad(data); + test_address_sanitizer_boo(data); + test_raise_fail_fast_dog(data); +} \ No newline at end of file diff --git a/cpp/windows/libfuzzer/libfuzzer_target.cpp b/cpp/windows/libfuzzer/src/libfuzzer_target.cpp similarity index 100% rename from cpp/windows/libfuzzer/libfuzzer_target.cpp rename to cpp/windows/libfuzzer/src/libfuzzer_target.cpp From b261c7c2ac2be27b12d4bf9ce171b377a2755ccd Mon Sep 17 00:00:00 2001 From: xansec Date: Mon, 18 Aug 2025 20:44:27 -0400 Subject: [PATCH 04/13] better windows target structure --- .github/workflows/blank.yml | 52 -------- .github/workflows/build-linux-docker.yml | 32 +++++ .github/workflows/build-windows.yml | 90 ++++++------- CONTRIBUTING.md | 27 ++-- LICENSE.md | 2 +- Makefile | 18 +-- README.md | 16 ++- base-executable/ada-base-executable | 1 - base-executable/android-base-executable | 1 - base-executable/c-base-executable | 1 - base-executable/fortran-base-executable | 1 - base-executable/go-base-executable | 1 - base-executable/java-base-executable | 1 - base-executable/linux/ada-base-executable | 1 + base-executable/linux/android-base-executable | 1 + base-executable/linux/c-base-executable | 1 + base-executable/linux/fortran-base-executable | 1 + base-executable/linux/go-base-executable | 1 + base-executable/linux/java-base-executable | 1 + base-executable/linux/obj-c-base-executable | 1 + base-executable/linux/ocaml-base-executable | 1 + .../linux/powerpc-c-base-executable | 1 + .../linux/powerpc64-c-base-executable | 1 + .../linux/powerpc64le-c-base-executable | 1 + base-executable/linux/rust-base-executable | 1 + base-executable/obj-c-base-executable | 1 - base-executable/ocaml-base-executable | 1 - base-executable/powerpc-c-base-executable | 1 - base-executable/powerpc64-c-base-executable | 1 - base-executable/powerpc64le-c-base-executable | 1 - base-executable/rust-base-executable | 1 - {cpp => base-executable}/windows/README.md | 65 +--------- .../windows/clang-cpp-base-executable | 1 + .../windows/csharp-base-executable | 1 + .../windows/gcc-cpp-base-executable | 1 + .../windows/msvc-cpp-base-executable | 1 + cpp/windows/CMakeLists.txt | 121 ------------------ .../clang-cpp-base-executable/README.md | 23 ++++ .../src/fuzz_methods.cpp | 0 .../src/fuzz_target.cpp | 0 .../testsuite/test_abort.txt | 0 .../testsuite/test_address_sanitizer.txt | 0 .../testsuite/test_assert.txt | 0 .../testsuite/test_null_deref.txt | 0 .../testsuite/test_raise_fail_fast.txt | 0 .../testsuite/test_runtime_error.txt | 0 cpp/windows/base-executable/clang/Dockerfile | 0 cpp/windows/base-executable/clang/Mayhemfile | 0 cpp/windows/base-executable/clang/README.md | 0 .../gcc-cpp-base-executable/README.md | 23 ++++ .../src/fuzz_methods.cpp | 0 .../src/fuzz_target.cpp | 0 .../testsuite/test_abort.txt | 0 .../testsuite/test_address_sanitizer.txt | 0 .../testsuite/test_assert.txt | 0 .../testsuite/test_null_deref.txt | 0 .../testsuite/test_raise_fail_fast.txt | 0 .../testsuite/test_runtime_error.txt | 0 cpp/windows/base-executable/gcc/Dockerfile | 0 cpp/windows/base-executable/gcc/Mayhemfile | 0 cpp/windows/base-executable/gcc/README.md | 0 .../msvc-cpp-base-executable/README.md | 23 ++++ .../src/fuzz_methods.cpp | 0 .../src/fuzz_target.cpp | 0 .../testsuite/test_abort.txt | 0 .../testsuite/test_address_sanitizer.txt | 0 .../testsuite/test_assert.txt | 0 .../testsuite/test_null_deref.txt | 0 .../testsuite/test_raise_fail_fast.txt | 0 .../testsuite/test_runtime_error.txt | 0 .../windows-cpp-base-executable | 0 cpp/windows/base-executable/msvc/Dockerfile | 0 cpp/windows/base-executable/msvc/Mayhemfile | 0 cpp/windows/base-executable/msvc/README.md | 0 cpp/windows/libfuzzer/README.md | 23 ++++ .../{ => csharp-sharpfuzz}/Dockerfile | 0 .../{ => csharp-sharpfuzz}/Mayhemfile | 4 +- .../{ => csharp-sharpfuzz}/Program.cs | 8 +- .../{ => csharp-sharpfuzz}/README.md | 8 +- .../{ => csharp-sharpfuzz}/fuzzme.csproj | 0 .../{ => csharp-sharpfuzz}/testsuite/seed.txt | 0 csharp/windows/base-executable/README.md | 0 .../csharp-base-executable/README.md | 23 ++++ .../csharp-base-executable/src/dotnet_fuzz.cs | 105 +++++++++++++++ .../src/dotnet_fuzz.csproj | 11 ++ .../testsuite/test_abort.txt | 0 .../testsuite/test_address_sanitizer.txt | 0 .../testsuite/test_assert.txt | 0 .../testsuite/test_null_deref.txt | 0 .../testsuite/test_raise_fail_fast.txt | 0 .../testsuite/test_runtime_error.txt | 0 .../base-executable/dotnet_fuzz_target.cs | 98 -------------- .../windows-csharp-base-executable | 1 - 93 files changed, 372 insertions(+), 429 deletions(-) delete mode 100644 .github/workflows/blank.yml create mode 100644 .github/workflows/build-linux-docker.yml delete mode 120000 base-executable/ada-base-executable delete mode 120000 base-executable/android-base-executable delete mode 120000 base-executable/c-base-executable delete mode 120000 base-executable/fortran-base-executable delete mode 120000 base-executable/go-base-executable delete mode 120000 base-executable/java-base-executable create mode 120000 base-executable/linux/ada-base-executable create mode 120000 base-executable/linux/android-base-executable create mode 120000 base-executable/linux/c-base-executable create mode 120000 base-executable/linux/fortran-base-executable create mode 120000 base-executable/linux/go-base-executable create mode 120000 base-executable/linux/java-base-executable create mode 120000 base-executable/linux/obj-c-base-executable create mode 120000 base-executable/linux/ocaml-base-executable create mode 120000 base-executable/linux/powerpc-c-base-executable create mode 120000 base-executable/linux/powerpc64-c-base-executable create mode 120000 base-executable/linux/powerpc64le-c-base-executable create mode 120000 base-executable/linux/rust-base-executable delete mode 120000 base-executable/obj-c-base-executable delete mode 120000 base-executable/ocaml-base-executable delete mode 120000 base-executable/powerpc-c-base-executable delete mode 120000 base-executable/powerpc64-c-base-executable delete mode 120000 base-executable/powerpc64le-c-base-executable delete mode 120000 base-executable/rust-base-executable rename {cpp => base-executable}/windows/README.md (51%) create mode 120000 base-executable/windows/clang-cpp-base-executable create mode 120000 base-executable/windows/csharp-base-executable create mode 120000 base-executable/windows/gcc-cpp-base-executable create mode 120000 base-executable/windows/msvc-cpp-base-executable delete mode 100644 cpp/windows/CMakeLists.txt create mode 100644 cpp/windows/base-executable/clang-cpp-base-executable/README.md rename cpp/windows/base-executable/{clang => clang-cpp-base-executable}/src/fuzz_methods.cpp (100%) rename cpp/windows/base-executable/{clang => clang-cpp-base-executable}/src/fuzz_target.cpp (100%) rename cpp/windows/base-executable/{clang => clang-cpp-base-executable}/testsuite/test_abort.txt (100%) rename cpp/windows/base-executable/{clang => clang-cpp-base-executable}/testsuite/test_address_sanitizer.txt (100%) rename cpp/windows/base-executable/{clang => clang-cpp-base-executable}/testsuite/test_assert.txt (100%) rename cpp/windows/base-executable/{clang => clang-cpp-base-executable}/testsuite/test_null_deref.txt (100%) rename cpp/windows/base-executable/{clang => clang-cpp-base-executable}/testsuite/test_raise_fail_fast.txt (100%) rename cpp/windows/base-executable/{clang => clang-cpp-base-executable}/testsuite/test_runtime_error.txt (100%) delete mode 100644 cpp/windows/base-executable/clang/Dockerfile delete mode 100644 cpp/windows/base-executable/clang/Mayhemfile delete mode 100644 cpp/windows/base-executable/clang/README.md create mode 100644 cpp/windows/base-executable/gcc-cpp-base-executable/README.md rename cpp/windows/base-executable/{gcc => gcc-cpp-base-executable}/src/fuzz_methods.cpp (100%) rename cpp/windows/base-executable/{gcc => gcc-cpp-base-executable}/src/fuzz_target.cpp (100%) rename cpp/windows/base-executable/{gcc => gcc-cpp-base-executable}/testsuite/test_abort.txt (100%) rename cpp/windows/base-executable/{gcc => gcc-cpp-base-executable}/testsuite/test_address_sanitizer.txt (100%) rename cpp/windows/base-executable/{gcc => gcc-cpp-base-executable}/testsuite/test_assert.txt (100%) rename cpp/windows/base-executable/{gcc => gcc-cpp-base-executable}/testsuite/test_null_deref.txt (100%) rename cpp/windows/base-executable/{gcc => gcc-cpp-base-executable}/testsuite/test_raise_fail_fast.txt (100%) rename cpp/windows/base-executable/{gcc => gcc-cpp-base-executable}/testsuite/test_runtime_error.txt (100%) delete mode 100644 cpp/windows/base-executable/gcc/Dockerfile delete mode 100644 cpp/windows/base-executable/gcc/Mayhemfile delete mode 100644 cpp/windows/base-executable/gcc/README.md create mode 100644 cpp/windows/base-executable/msvc-cpp-base-executable/README.md rename cpp/windows/base-executable/{msvc => msvc-cpp-base-executable}/src/fuzz_methods.cpp (100%) rename cpp/windows/base-executable/{msvc => msvc-cpp-base-executable}/src/fuzz_target.cpp (100%) rename cpp/windows/base-executable/{msvc => msvc-cpp-base-executable}/testsuite/test_abort.txt (100%) rename cpp/windows/base-executable/{msvc => msvc-cpp-base-executable}/testsuite/test_address_sanitizer.txt (100%) rename cpp/windows/base-executable/{msvc => msvc-cpp-base-executable}/testsuite/test_assert.txt (100%) rename cpp/windows/base-executable/{msvc => msvc-cpp-base-executable}/testsuite/test_null_deref.txt (100%) rename cpp/windows/base-executable/{msvc => msvc-cpp-base-executable}/testsuite/test_raise_fail_fast.txt (100%) rename cpp/windows/base-executable/{msvc => msvc-cpp-base-executable}/testsuite/test_runtime_error.txt (100%) rename cpp/windows/base-executable/{msvc => msvc-cpp-base-executable}/windows-cpp-base-executable (100%) delete mode 100644 cpp/windows/base-executable/msvc/Dockerfile delete mode 100644 cpp/windows/base-executable/msvc/Mayhemfile delete mode 100644 cpp/windows/base-executable/msvc/README.md create mode 100644 cpp/windows/libfuzzer/README.md rename csharp/linux/libfuzzer/{ => csharp-sharpfuzz}/Dockerfile (100%) rename csharp/linux/libfuzzer/{ => csharp-sharpfuzz}/Mayhemfile (54%) rename csharp/linux/libfuzzer/{ => csharp-sharpfuzz}/Program.cs (73%) rename csharp/linux/libfuzzer/{ => csharp-sharpfuzz}/README.md (54%) rename csharp/linux/libfuzzer/{ => csharp-sharpfuzz}/fuzzme.csproj (100%) rename csharp/linux/libfuzzer/{ => csharp-sharpfuzz}/testsuite/seed.txt (100%) delete mode 100644 csharp/windows/base-executable/README.md create mode 100644 csharp/windows/base-executable/csharp-base-executable/README.md create mode 100644 csharp/windows/base-executable/csharp-base-executable/src/dotnet_fuzz.cs create mode 100644 csharp/windows/base-executable/csharp-base-executable/src/dotnet_fuzz.csproj rename csharp/windows/base-executable/{ => csharp-base-executable}/testsuite/test_abort.txt (100%) rename csharp/windows/base-executable/{ => csharp-base-executable}/testsuite/test_address_sanitizer.txt (100%) rename csharp/windows/base-executable/{ => csharp-base-executable}/testsuite/test_assert.txt (100%) rename csharp/windows/base-executable/{ => csharp-base-executable}/testsuite/test_null_deref.txt (100%) rename csharp/windows/base-executable/{ => csharp-base-executable}/testsuite/test_raise_fail_fast.txt (100%) rename csharp/windows/base-executable/{ => csharp-base-executable}/testsuite/test_runtime_error.txt (100%) delete mode 100644 csharp/windows/base-executable/dotnet_fuzz_target.cs delete mode 120000 csharp/windows/base-executable/windows-csharp-base-executable diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml deleted file mode 100644 index 19a95dc..0000000 --- a/.github/workflows/blank.yml +++ /dev/null @@ -1,52 +0,0 @@ -# This is a basic workflow to help you get started with Actions - -name: CI - -# Controls when the action will run. -on: - # Triggers the workflow on push or pull request events but only for the main branch - push: - branches: [ main ] - pull_request: - branches: [ main ] - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # This workflow contains a single job called "build" - build: - # The type of runner that the job will run on - runs-on: ubuntu-latest - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - name: Check out the repo - uses: actions/checkout@v2 - - # Login to remote registry - - name: Docker login - run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - env: - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - - # Build images so that they're ready to be pushed - - name: Build images - env: - MAYHEM_DOCKER_REGISTRY: docker.io - run: make build - - # Push images to dockerhub - - name: Push images - env: - MAYHEM_DOCKER_REGISTRY: docker.io - run: make push - - # Runs a set of commands using the runners shell - - name: Run a multi-line script - run: | - echo Add other actions to build, - echo test, and deploy your project. diff --git a/.github/workflows/build-linux-docker.yml b/.github/workflows/build-linux-docker.yml new file mode 100644 index 0000000..5b0d487 --- /dev/null +++ b/.github/workflows/build-linux-docker.yml @@ -0,0 +1,32 @@ +name: Build Linux Docker Images for Mayhem + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Check out the repo + uses: actions/checkout@v5 + + - name: Docker login + run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + + - name: Build images + env: + MAYHEM_DOCKER_REGISTRY: docker.io + run: make build + + - name: Push images + env: + MAYHEM_DOCKER_REGISTRY: docker.io + run: make push diff --git a/.github/workflows/build-windows.yml b/.github/workflows/build-windows.yml index 82b4b68..75aefa4 100644 --- a/.github/workflows/build-windows.yml +++ b/.github/workflows/build-windows.yml @@ -1,4 +1,4 @@ -name: Build Windows +name: Build Windows Targets for Mayhem on: push: @@ -6,18 +6,6 @@ on: pull_request: branches: [ main ] workflow_dispatch: - workflow_call: - inputs: - mayhem_url: - description: 'Mayhem URL' - required: true - default: 'https://app.mayhem.security' - type: string - workspace: - description: 'Mayhem Workspace' - required: true - default: 'dforbes' - type: string jobs: build: @@ -31,45 +19,49 @@ jobs: with: arch: x64 - - name: Build + - name: Build Windows C++ targets run: | - cl.exe cpp\windows\base-executable\msvc\src\fuzz_target.cpp /nologo /Zi /FS /MDd /EHsc /Fo: "fuzz_target_msvc.obj" /Fe: "fuzz_target_msvc.exe" - clang++.exe cpp\windows\base-executable\clang\src\fuzz_target.cpp -g -O1 -o fuzz_target_clang.exe + cl.exe cpp\windows\base-executable\msvc-cpp-base-executable\src\fuzz_target.cpp /nologo /Zi /FS /MDd /EHsc /Fo: "fuzz_target_msvc.obj" /Fe: "fuzz_target_msvc.exe" + clang++.exe cpp\windows\base-executable\clang-cpp-base-executable\src\fuzz_target.cpp -g -O1 -o fuzz_target_clang.exe clang++.exe cpp\windows\libfuzzer\src\libfuzzer_target.cpp -g -O1 -fsanitize=fuzzer -o fuzz_target_libfuzzer.exe - g++.exe cpp\windows\base-executable\gcc\src\fuzz_target.cpp -g -O1 -o fuzz_target_mingw.exe - - - name: Install Mayhem - shell: pwsh - run: | - Invoke-WebRequest -Uri "https://app.mayhem.security/cli/Windows/mayhem.msi" -OutFile "mayhem.msi" - Start-Process msiexec.exe -ArgumentList "/i mayhem.msi /quiet /norestart" -Wait - echo "MAYHEM_PATH=C:\Program Files (x86)\Mayhem\mayhem.exe" | Out-File -FilePath $env:GITHUB_ENV -Append + g++.exe cpp\windows\base-executable\gcc-cpp-base-executable\src\fuzz_target.cpp -g -O1 -o fuzz_target_mingw.exe - - name: Set values - shell: pwsh + - name: Build Windows C# targets run: | - $mayhemUrl = if ([string]::IsNullOrEmpty("${{ inputs.mayhem_url }}")) { 'https://app.mayhem.security' } else { "${{ inputs.mayhem_url }}" } - $workspace = if ([string]::IsNullOrEmpty("${{ inputs.workspace }}")) { 'dforbes' } else { "${{ inputs.workspace }}" } - echo "MAYHEM_URL=$mayhemUrl" | Out-File -FilePath $env:GITHUB_ENV -Append - echo "WORKSPACE=$workspace" | Out-File -FilePath $env:GITHUB_ENV -Append + csc.exe /unsafe /nologo /out:/dotnet_fuzz.exe csharp\windows\base-executable\csharp-base-executable\src\dotnet_fuzz.cs - - name: Mayhem login - shell: pwsh - run: | - &$env:MAYHEM_PATH login "$env:MAYHEM_URL" "${{ secrets.MAYHEM_TOKEN }}" + # - name: Install Mayhem + # shell: pwsh + # run: | + # Invoke-WebRequest -Uri "https://app.mayhem.security/cli/Windows/mayhem.msi" -OutFile "mayhem.msi" + # Start-Process msiexec.exe -ArgumentList "/i mayhem.msi /quiet /norestart" -Wait + # echo "MAYHEM_PATH=C:\Program Files (x86)\Mayhem\mayhem.exe" | Out-File -FilePath $env:GITHUB_ENV -Append - - name: Mayhem run - shell: pwsh - run: | - &$env:MAYHEM_PATH package -o mayhem_package_msvc fuzz_target_msvc.exe - Copy-Item -Path cpp\windows\base-executable\msvc\testsuite -Destination mayhem_package_msvc\testsuite - &$env:MAYHEM_PATH run --owner $env:WORKSPACE --project mayhem-examples --target cpp-windows-msvc --duration 5m mayhem_package_msvc - &$env:MAYHEM_PATH package -o mayhem_package_clang fuzz_target_clang.exe - Copy-Item -Path cpp\windows\base-executable\clang\testsuite -Destination mayhem_package_clang\testsuite - &$env:MAYHEM_PATH run --owner $env:WORKSPACE --project mayhem-examples --target cpp-windows-clang --duration 5m mayhem_package_clang - &$env:MAYHEM_PATH package -o mayhem_package_libfuzzer fuzz_target_libfuzzer.exe - Copy-Item -Path cpp\windows\libfuzzer\testsuite -Destination mayhem_package_libfuzzer\testsuite - &$env:MAYHEM_PATH run --owner $env:WORKSPACE --project mayhem-examples --target cpp-windows-libfuzzer --duration 5m mayhem_package_libfuzzer - &$env:MAYHEM_PATH package -o mayhem_package_mingw fuzz_target_mingw.exe - Copy-Item -Path cpp\windows\base-executable\gcc\testsuite -Destination mayhem_package_mingw\testsuite - &$env:MAYHEM_PATH run --owner $env:WORKSPACE --project mayhem-examples --target cpp-windows-mingw --duration 5m mayhem_package_mingw + # - name: Set values + # shell: pwsh + # run: | + # $mayhemUrl = if ([string]::IsNullOrEmpty("${{ inputs.mayhem_url }}")) { 'https://app.mayhem.security' } else { "${{ inputs.mayhem_url }}" } + # $workspace = if ([string]::IsNullOrEmpty("${{ inputs.workspace }}")) { 'dforbes' } else { "${{ inputs.workspace }}" } + # echo "MAYHEM_URL=$mayhemUrl" | Out-File -FilePath $env:GITHUB_ENV -Append + # echo "WORKSPACE=$workspace" | Out-File -FilePath $env:GITHUB_ENV -Append + + # - name: Mayhem login + # shell: pwsh + # run: | + # &$env:MAYHEM_PATH login "$env:MAYHEM_URL" "${{ secrets.MAYHEM_TOKEN }}" + + # - name: Mayhem run + # shell: pwsh + # run: | + # &$env:MAYHEM_PATH package -o mayhem_package_msvc fuzz_target_msvc.exe + # Copy-Item -Path cpp\windows\base-executable\msvc\testsuite -Destination mayhem_package_msvc\testsuite + # &$env:MAYHEM_PATH run --owner $env:WORKSPACE --project mayhem-examples --target cpp-windows-msvc --duration 5m mayhem_package_msvc + # &$env:MAYHEM_PATH package -o mayhem_package_clang fuzz_target_clang.exe + # Copy-Item -Path cpp\windows\base-executable\clang\testsuite -Destination mayhem_package_clang\testsuite + # &$env:MAYHEM_PATH run --owner $env:WORKSPACE --project mayhem-examples --target cpp-windows-clang --duration 5m mayhem_package_clang + # &$env:MAYHEM_PATH package -o mayhem_package_libfuzzer fuzz_target_libfuzzer.exe + # Copy-Item -Path cpp\windows\libfuzzer\testsuite -Destination mayhem_package_libfuzzer\testsuite + # &$env:MAYHEM_PATH run --owner $env:WORKSPACE --project mayhem-examples --target cpp-windows-libfuzzer --duration 5m mayhem_package_libfuzzer + # &$env:MAYHEM_PATH package -o mayhem_package_mingw fuzz_target_mingw.exe + # Copy-Item -Path cpp\windows\base-executable\gcc\testsuite -Destination mayhem_package_mingw\testsuite + # &$env:MAYHEM_PATH run --owner $env:WORKSPACE --project mayhem-examples --target cpp-windows-mingw --duration 5m mayhem_package_mingw diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a6654e0..0513768 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,19 +1,22 @@ # How do I contribute? -All targets are broken down by language, fuzzer, and target. The general structure is: +All targets are broken down by language, OS, fuzzer, and target. The general structure is: ```sh - - - - - - - testsuite - - src - - Dockerfile - - Mayhemfile - - README.md + - + - + - + - testsuite + - src + - Dockerfile + - Mayhemfile + - README.md ``` -All targets should be able to be built and pushed using the following commands: +## Linux Targets + +All Linux targets should be able to be built and pushed using the following commands: > **Note:** You should first navigate to the corresponding target directory before executing the below commands. @@ -43,3 +46,9 @@ if input[0] == "b" ``` You can also use the included `Makefile` at the root of the `mayhem-examples` repository to automatically build and push all images using the `make build` and `make push` commands, respectively. + +## Windows Targets + +For Windows targets, the structure is similar, but the build and packaging process is different. Namely, you will not use a Dockerfile or Mayhemfile, and will compile the target directly using the appropriate compiler for the language (e.g., `csc.exe` for C# or `clang++.exe` for C++). You can find more examples under the (`base-executable/windows/README.md`)[base-executable/windows/README.md] and [cpp/windows/libfuzzer/README.md](cpp/windows/libfuzzer/README.md) directories. + +Be sure to include a `README.md` as well. \ No newline at end of file diff --git a/LICENSE.md b/LICENSE.md index 19de8eb..0fe7a88 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,4 +1,4 @@ -Copyright (c) 2021 ForAllSecure +Copyright (c) 2025 ForAllSecure Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/Makefile b/Makefile index 8cf632a..c62f9c6 100644 --- a/Makefile +++ b/Makefile @@ -20,15 +20,15 @@ FUZZERS := \ c/honggfuzz/c-honggfuzz-clang \ c/honggfuzz/c-honggfuzz-gcc \ c/libfuzzer/c-libfuzzer \ - cpp/afl/cpp-afl-clang \ - cpp/afl/cpp-afl-gcc \ - cpp/aflpp/cpp-aflpp-clang \ - cpp/aflpp/cpp-aflpp-gcc \ - cpp/base-executable/cpp-base-executable \ - cpp/honggfuzz/cpp-honggfuzz-clang \ - cpp/honggfuzz/cpp-honggfuzz-gcc \ - cpp/libfuzzer/cpp-libfuzzer \ - csharp/libfuzzer/csharp-sharpfuzz \ + cpp/linux/afl/cpp-afl-clang \ + cpp/linux/afl/cpp-afl-gcc \ + cpp/linux/aflpp/cpp-aflpp-clang \ + cpp/linux/aflpp/cpp-aflpp-gcc \ + cpp/linux/base-executable/cpp-base-executable \ + cpp/linux/honggfuzz/cpp-honggfuzz-clang \ + cpp/linux/honggfuzz/cpp-honggfuzz-gcc \ + cpp/linux/libfuzzer/cpp-libfuzzer \ + csharp/linux/libfuzzer/csharp-sharpfuzz \ fortran/base-executable/fortran-base-executable \ go/base-executable/go-base-executable \ go/libfuzzer/go-go-fuzz \ diff --git a/README.md b/README.md index 88bb121..7f195c4 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Mayhem example templates for programming languages and fuzzers that you love! Like a "Hello World!" but for fuzzing! ![visitors](https://visitor-badge.glitch.me/badge?page_id=ForAllSecure.mayhem-examples) -[![CI](https://github.com/ForAllSecure/mayhem-examples/actions/workflows/blank.yml/badge.svg)](https://github.com/ForAllSecure/mayhem-examples/actions/workflows/blank.yml) +[![CI](https://github.com/ForAllSecure/mayhem-examples/actions/workflows/build-linux-docker.yml/badge.svg)](https://github.com/ForAllSecure/mayhem-examples/actions/workflows/build-linux-docker.yml) --- @@ -15,7 +15,7 @@ Mayhem example templates for programming languages and fuzzers that you love! Li Use the Mayhem CLI to execute a new Mayhem run (via the `mayhem run` command) for any mayhem-examples target directory with a valid `Mayhemfile`. Alternatively, Mayhem users can use the Mayhem UI to execute a new Mayhem run by selecting and fuzzing a mayhem-examples target Docker image uploaded to either the private Mayhem Docker Registry or the public [Docker Hub](https://hub.docker.com/). -> **Note:** Before executing a Mayhem run on the mayhem-examples, you'll need to first upload the below mayhem-example targets to either a private Mayhem Docker Registry or to the public Docker Hub. Read the [How to Get Started](#how-to-get-started) section for more details. +> **Note:** Before executing a Mayhem run on most of the mayhem-examples, you'll need to first upload the below mayhem-example targets to either a private Mayhem Docker Registry, or to the public Github Container Registry or Docker Hub. Read the [How to Get Started](#how-to-get-started) section for more details. Windows targets can be built directly and packaged with the `mayhem package` command. ## Target List by Language/Fuzzer @@ -57,6 +57,12 @@ Order is alphabetical. | [forallsecure/rust-cargo-fuzz](rust/libfuzzer/rust-cargo-fuzz) | Rust | Rust 1.44 | [cargo-fuzz](https://rust-fuzz.github.io/book/cargo-fuzz.html) | ![](https://img.shields.io/docker/image-size/forallsecure/rust-cargo-fuzz) | [![docker-logo](.images/docker-logo.png)](https://hub.docker.com/r/forallsecure/rust-cargo-fuzz) | [forallsecure/swift-libfuzzer](swift/libfuzzer/swift-libfuzzer) | Swift | Swift 5.4.2 | [libFuzzer](https://github.com/apple/swift/blob/main/docs/libFuzzerIntegration.md) | ![](https://img.shields.io/docker/image-size/forallsecure/swift-libfuzzer) | [![docker-logo](.images/docker-logo.png)](https://hub.docker.com/r/forallsecure/swift-libfuzzer) + +#### Looking for Windows targets? + +You can find information about building Windows base executable targets [here](base-executable/windows/README.md) and Windows libFuzzer targets [here](cpp/windows/libfuzzer/README.md). + + ## Supported Fuzzers | Fuzzer | dictionary | max_length | sanitizers | @@ -161,8 +167,6 @@ Mayhem can run Docker images stored on either the included private Docker regist ## About Us -ForAllSecure was founded with the mission to make the world’s critical software safe. The company has been applying its patented technology from over a decade of CMU research to solving the difficult challenge of making software safer. ForAllSecure has partnered with Fortune 1000 companies in aerospace, automotive and high-tech industries, as well as the US Department of Defense to integrate Mayhem into software development cycles for continuous security. Profitable and revenue-funded, the company is scaling rapidly. +Mayhem was founded with the mission to make the world’s critical software safe. The company has been applying its patented technology from over a decade of CMU research to solving the difficult challenge of making software safer. Mayhem has partnered with Fortune 1000 companies in aerospace, automotive and high-tech industries, as well as the US Department of Defense to integrate Mayhem into software development cycles for continuous security. Profitable and revenue-funded, the company is scaling rapidly. -* [https://forallsecure.com/](https://forallsecure.com/) -* [https://forallsecure.com/mayhem-for-code](https://forallsecure.com/mayhem-for-code) -* [https://community.forallsecure.com/](https://community.forallsecure.com/) \ No newline at end of file +* [https://mayhem.security/](https://mayhem.security/) \ No newline at end of file diff --git a/base-executable/ada-base-executable b/base-executable/ada-base-executable deleted file mode 120000 index 7ab688d..0000000 --- a/base-executable/ada-base-executable +++ /dev/null @@ -1 +0,0 @@ -../ada/base-executable/ada-base-executable \ No newline at end of file diff --git a/base-executable/android-base-executable b/base-executable/android-base-executable deleted file mode 120000 index f576d74..0000000 --- a/base-executable/android-base-executable +++ /dev/null @@ -1 +0,0 @@ -../android/base-executable/android-base-executable \ No newline at end of file diff --git a/base-executable/c-base-executable b/base-executable/c-base-executable deleted file mode 120000 index a8dc528..0000000 --- a/base-executable/c-base-executable +++ /dev/null @@ -1 +0,0 @@ -../c/base-executable/c-base-executable \ No newline at end of file diff --git a/base-executable/fortran-base-executable b/base-executable/fortran-base-executable deleted file mode 120000 index 0a0a78b..0000000 --- a/base-executable/fortran-base-executable +++ /dev/null @@ -1 +0,0 @@ -../fortran/base-executable/fortran-base-executable/ \ No newline at end of file diff --git a/base-executable/go-base-executable b/base-executable/go-base-executable deleted file mode 120000 index 75c3c5e..0000000 --- a/base-executable/go-base-executable +++ /dev/null @@ -1 +0,0 @@ -../go/base-executable/go-base-executable \ No newline at end of file diff --git a/base-executable/java-base-executable b/base-executable/java-base-executable deleted file mode 120000 index 7520863..0000000 --- a/base-executable/java-base-executable +++ /dev/null @@ -1 +0,0 @@ -../java/base-executable/java-base-executable \ No newline at end of file diff --git a/base-executable/linux/ada-base-executable b/base-executable/linux/ada-base-executable new file mode 120000 index 0000000..04a9c7a --- /dev/null +++ b/base-executable/linux/ada-base-executable @@ -0,0 +1 @@ +../../ada/base-executable/ada-base-executable \ No newline at end of file diff --git a/base-executable/linux/android-base-executable b/base-executable/linux/android-base-executable new file mode 120000 index 0000000..d043750 --- /dev/null +++ b/base-executable/linux/android-base-executable @@ -0,0 +1 @@ +../../android/base-executable/android-base-executable \ No newline at end of file diff --git a/base-executable/linux/c-base-executable b/base-executable/linux/c-base-executable new file mode 120000 index 0000000..d42c08d --- /dev/null +++ b/base-executable/linux/c-base-executable @@ -0,0 +1 @@ +../../c/base-executable/c-base-executable/ \ No newline at end of file diff --git a/base-executable/linux/fortran-base-executable b/base-executable/linux/fortran-base-executable new file mode 120000 index 0000000..99c252f --- /dev/null +++ b/base-executable/linux/fortran-base-executable @@ -0,0 +1 @@ +../../fortran/base-executable/fortran-base-executable \ No newline at end of file diff --git a/base-executable/linux/go-base-executable b/base-executable/linux/go-base-executable new file mode 120000 index 0000000..6e21771 --- /dev/null +++ b/base-executable/linux/go-base-executable @@ -0,0 +1 @@ +../../go/base-executable/go-base-executable \ No newline at end of file diff --git a/base-executable/linux/java-base-executable b/base-executable/linux/java-base-executable new file mode 120000 index 0000000..6da8c6d --- /dev/null +++ b/base-executable/linux/java-base-executable @@ -0,0 +1 @@ +../../java/base-executable/java-base-executable \ No newline at end of file diff --git a/base-executable/linux/obj-c-base-executable b/base-executable/linux/obj-c-base-executable new file mode 120000 index 0000000..da107a7 --- /dev/null +++ b/base-executable/linux/obj-c-base-executable @@ -0,0 +1 @@ +../../objective-c/base-executable/obj-c-base-executable \ No newline at end of file diff --git a/base-executable/linux/ocaml-base-executable b/base-executable/linux/ocaml-base-executable new file mode 120000 index 0000000..68e89b2 --- /dev/null +++ b/base-executable/linux/ocaml-base-executable @@ -0,0 +1 @@ +../../ocaml/base-executable/ocaml-base-executable \ No newline at end of file diff --git a/base-executable/linux/powerpc-c-base-executable b/base-executable/linux/powerpc-c-base-executable new file mode 120000 index 0000000..d2c2c56 --- /dev/null +++ b/base-executable/linux/powerpc-c-base-executable @@ -0,0 +1 @@ +../../c/base-executable/powerpc-c-base-executable \ No newline at end of file diff --git a/base-executable/linux/powerpc64-c-base-executable b/base-executable/linux/powerpc64-c-base-executable new file mode 120000 index 0000000..a5a122e --- /dev/null +++ b/base-executable/linux/powerpc64-c-base-executable @@ -0,0 +1 @@ +../../c/base-executable/powerpc64-c-base-executable/ \ No newline at end of file diff --git a/base-executable/linux/powerpc64le-c-base-executable b/base-executable/linux/powerpc64le-c-base-executable new file mode 120000 index 0000000..1e05285 --- /dev/null +++ b/base-executable/linux/powerpc64le-c-base-executable @@ -0,0 +1 @@ +../../c/base-executable/powerpc64le-c-base-executable \ No newline at end of file diff --git a/base-executable/linux/rust-base-executable b/base-executable/linux/rust-base-executable new file mode 120000 index 0000000..19879ea --- /dev/null +++ b/base-executable/linux/rust-base-executable @@ -0,0 +1 @@ +../../rust/base-executable/rust-base-executable \ No newline at end of file diff --git a/base-executable/obj-c-base-executable b/base-executable/obj-c-base-executable deleted file mode 120000 index dc9990d..0000000 --- a/base-executable/obj-c-base-executable +++ /dev/null @@ -1 +0,0 @@ -../objective-c/base-executable/obj-c-base-executable \ No newline at end of file diff --git a/base-executable/ocaml-base-executable b/base-executable/ocaml-base-executable deleted file mode 120000 index b1b90be..0000000 --- a/base-executable/ocaml-base-executable +++ /dev/null @@ -1 +0,0 @@ -../ocaml/base-executable/ocaml-base-executable \ No newline at end of file diff --git a/base-executable/powerpc-c-base-executable b/base-executable/powerpc-c-base-executable deleted file mode 120000 index a989224..0000000 --- a/base-executable/powerpc-c-base-executable +++ /dev/null @@ -1 +0,0 @@ -../c/base-executable/powerpc-c-base-executable \ No newline at end of file diff --git a/base-executable/powerpc64-c-base-executable b/base-executable/powerpc64-c-base-executable deleted file mode 120000 index c6d33af..0000000 --- a/base-executable/powerpc64-c-base-executable +++ /dev/null @@ -1 +0,0 @@ -../c/base-executable/powerpc64-c-base-executable \ No newline at end of file diff --git a/base-executable/powerpc64le-c-base-executable b/base-executable/powerpc64le-c-base-executable deleted file mode 120000 index 973e1ba..0000000 --- a/base-executable/powerpc64le-c-base-executable +++ /dev/null @@ -1 +0,0 @@ -../c/base-executable/powerpc64le-c-base-executable \ No newline at end of file diff --git a/base-executable/rust-base-executable b/base-executable/rust-base-executable deleted file mode 120000 index 317fa3e..0000000 --- a/base-executable/rust-base-executable +++ /dev/null @@ -1 +0,0 @@ -../rust/base-executable/rust-base-executable \ No newline at end of file diff --git a/cpp/windows/README.md b/base-executable/windows/README.md similarity index 51% rename from cpp/windows/README.md rename to base-executable/windows/README.md index 8231839..14b1d3d 100644 --- a/cpp/windows/README.md +++ b/base-executable/windows/README.md @@ -1,64 +1,6 @@ -# Windows Fuzzing Example +# Windows Base Executable Fuzzing Examples -This is a simple example C++ project designed for fuzz testing with [Mayhem](https://forallsecure.com). - - -## Quick Start - - -**Option: Command Prompt** -In order to compile x64 binaries, search for `x64 Native Tools Command Prompt for VS`. In that command prompt run: - -```bash -cmake -G "NMake Makefiles" -B build64 -DOUT_DIR=out64 -cmake --build build64 -``` - -This will produce two output folders: -- out64: Contains all the compiled binaries and PDB files -- out64_packages: Containes all the compiled binaries along with Mayhemfiles for each one, the testsuite and binary dependencies. - -In order to compile for x86, search for `x86 Native Tools Command Prompt for VS`. In that command prompt run: - -```bash -cmake -G "NMake Makefiles" -B build32 -DOUT_DIR=out32 -cmake --build build32 -``` - -This will produce two output folders: -- out32 -- out32_packages - -These are equivalent to x64 ones. The only difference is that the artifcats are 32 bit. - -Run the packages with `mayhem run ` - -**Option: Visual Studio**: - 1. Open this as a directory. Visual studio should recognize cmake and set - up everything for you. - 2. To compile, run "Build->Build All". - - -Then run: -```bash -mayhem package -o mayhem_package out/fuzz_target_.exe -copy testsuite/* mayhem_package/testsuite -mayhem run mayhem_package -``` - -**Option: cgwin command line**: - -```bash -cmake -S . -B build -cmake --build build -``` - -Then run: -```bash -mayhem package -o mayhem_package_gplusplus out/fuzz_target_gplusplus.exe -copy testsuite/* mayhem_package/testsuite -mayhem run mayhem_package_gplusplus -``` +This directory contains examples of fuzzing Windows base executables using various compilers and configurations. To run, simply navigate to a given directory and follow the instructions in the README files. ## Fuzzing Support with Mayhem @@ -81,7 +23,7 @@ from the [GitHub release page](https://github.com/llvm/llvm-project/releases) ## Windows Behaviors Windows behaviors are different than Linux. In Linux, `assert` and `abort` -crash with a signal, but in Windows they are silently wrapped. +crash with a signal, but in Windows they are silently wrapped. Note that `assert` prints a message and then immediately calls `abort()`, so the behavior is similar. Also, note that compiling for release mode may remove `assert()` calls entirely. | Case | Linux Behavior | Windows MSVC Default | Supported | |---------------------------------|------------------------|-----------------------------|-----------| @@ -92,3 +34,4 @@ crash with a signal, but in Windows they are silently wrapped. | OOB heap write (with ASAN) | Detected by ASAN | Detected by ASAN (Clang) | No | | `RaiseFailFastException()` | Not applicable | Crashes with fast fail | No | +_Note: You can get Mayhem to recognize `assert` and `abort` as crashes by setting the environment variable `AFL_CRASH_EXITCODE` to `3` in your Mayhemfile, as this is the exit code Windows raises when an `abort()` is called._ \ No newline at end of file diff --git a/base-executable/windows/clang-cpp-base-executable b/base-executable/windows/clang-cpp-base-executable new file mode 120000 index 0000000..91a8e67 --- /dev/null +++ b/base-executable/windows/clang-cpp-base-executable @@ -0,0 +1 @@ +../../cpp/windows/base-executable/clang-cpp-base-executable \ No newline at end of file diff --git a/base-executable/windows/csharp-base-executable b/base-executable/windows/csharp-base-executable new file mode 120000 index 0000000..054b325 --- /dev/null +++ b/base-executable/windows/csharp-base-executable @@ -0,0 +1 @@ +../../csharp/windows/base-executable/csharp-base-executable \ No newline at end of file diff --git a/base-executable/windows/gcc-cpp-base-executable b/base-executable/windows/gcc-cpp-base-executable new file mode 120000 index 0000000..04f1951 --- /dev/null +++ b/base-executable/windows/gcc-cpp-base-executable @@ -0,0 +1 @@ +../../cpp/windows/base-executable/gcc-cpp-base-executable \ No newline at end of file diff --git a/base-executable/windows/msvc-cpp-base-executable b/base-executable/windows/msvc-cpp-base-executable new file mode 120000 index 0000000..3774ac1 --- /dev/null +++ b/base-executable/windows/msvc-cpp-base-executable @@ -0,0 +1 @@ +../../cpp/windows/base-executable/msvc-cpp-base-executable \ No newline at end of file diff --git a/cpp/windows/CMakeLists.txt b/cpp/windows/CMakeLists.txt deleted file mode 100644 index 29833ba..0000000 --- a/cpp/windows/CMakeLists.txt +++ /dev/null @@ -1,121 +0,0 @@ -cmake_minimum_required(VERSION 3.10) -project(FuzzExample NONE) # No default language, we use custom commands - -set(SRC "fuzz_target.cpp") -set(DOTNET_SRC "dotnet_fuzz_target.cs") -set(LIBFUZZER_SRC "libfuzzer_target.cpp") -set(OUTPUT_DIR "${CMAKE_SOURCE_DIR}/${OUT_DIR}") -set(OUTPUT_PACKAGE_DIR "${CMAKE_SOURCE_DIR}/${OUT_DIR}_packages") -file(MAKE_DIRECTORY ${OUTPUT_DIR}) -file(MAKE_DIRECTORY ${OUTPUT_PACKAGE_DIR}) - -# Customize these as needed to refer to correct compiler paths -find_program(MSVC_CL cl.exe) -find_program(CLANG_CL clang++.exe) -find_program(CSC_CL csc.exe) -find_program(MINGW_CL g++.exe) - -# Uncomment in cygwin. -#set(ENV{PATH} "C:/cygwin64/bin;$ENV{PATH}") -#find_program(GCC_CL g++) - -# Function: build fuzz binary -function(add_fuzz_target name src compiler_cmd) - file(MAKE_DIRECTORY ${OUTPUT_DIR}/fuzz_target_${name}) - set(output "${OUTPUT_DIR}/fuzz_target_${name}/fuzz_target_${name}.exe") - set(flags ${ARGN}) - - if(${compiler_cmd} MATCHES "cl(.exe)?$") - add_custom_command( - OUTPUT ${output} - COMMAND ${compiler_cmd} ${flags} ${CMAKE_SOURCE_DIR}/${src} - DEPENDS ${SRC} - COMMENT "Building fuzz_target_${name}.exe with MSVC" - ) - else() - add_custom_command( - OUTPUT ${output} - COMMAND ${compiler_cmd} ${flags} ${CMAKE_SOURCE_DIR}/${src} -o ${output} - DEPENDS ${SRC} - COMMENT "Building fuzz_target_${name}.exe with ${compiler_cmd}" - ) - endif() - - add_custom_target(build_binary_${name} ALL DEPENDS ${output}) -endfunction() - -# Function: package binary for Mayhem -function(add_mayhem_package name) - set(binary "${OUTPUT_DIR}/fuzz_target_${name}/fuzz_target_${name}.exe") - set(package_dir "${OUTPUT_PACKAGE_DIR}/mayhem_package_${name}") - set(package_marker "${package_dir}/.done") - - add_custom_command( - OUTPUT ${package_marker} - COMMAND ${CMAKE_COMMAND} -E make_directory ${package_dir} - COMMAND mayhem package -o ${package_dir} ${binary} - COMMAND ${CMAKE_COMMAND} -E copy_directory ${CMAKE_SOURCE_DIR}/testsuite ${package_dir}/testsuite - COMMAND ${CMAKE_COMMAND} -E touch ${package_marker} - DEPENDS ${binary} - COMMENT "Packaging ${name} for Mayhem" - ) - - add_custom_target(package_${name} ALL DEPENDS ${package_marker}) - add_dependencies(package_${name} build_binary_${name}) -endfunction() - -# Targets - -if(EXISTS "${MSVC_CL}") - add_fuzz_target("msvc" "${SRC}" "${MSVC_CL}" - /nologo /Zi /FS /MDd /EHsc - /Fo${OUTPUT_DIR}/fuzz_target_msvc/fuzz_target_msvc.obj - /Fe${OUTPUT_DIR}/fuzz_target_msvc/fuzz_target_msvc.exe - ) - add_mayhem_package("msvc") - - add_fuzz_target("msvc_asan" "${SRC}" "${MSVC_CL}" - /nologo /fsanitize=address /Zi /FS /EHsc /MDd - /Fo${OUTPUT_DIR}/fuzz_target_msvc_asan/fuzz_target_msvc_asan.obj - /Fe${OUTPUT_DIR}/fuzz_target_msvc_asan/fuzz_target_msvc_asan.exe - ) - add_mayhem_package("msvc_asan") -endif() - -if(EXISTS "${CLANG_CL}") - add_fuzz_target("clang" "${SRC}" "${CLANG_CL}" -g -O1) - add_mayhem_package("clang") - - add_fuzz_target("clang_asan" "${SRC}" "${CLANG_CL}" -g -O1 -fsanitize=address) - add_mayhem_package("clang_asan") - - add_fuzz_target("libfuzzer" "${LIBFUZZER_SRC}" "${CLANG_CL}" -g -O1 -fsanitize=fuzzer) - add_mayhem_package("libfuzzer") -endif() - -if(EXISTS "${MINGW_CL}") - add_fuzz_target("mingw" "${SRC}" "${MINGW_CL}" -g -O1) - add_mayhem_package("mingw") -endif() - -if(EXISTS "${GCC_CL}") - add_fuzz_target("gplusplus" "${SRC}" "${GCC_CL}" -g -O1) -endif() - - - -# Optional: .NET target (not packaged) -if(EXISTS "${CSC_CL}") - file(MAKE_DIRECTORY "${OUTPUT_DIR}/fuzz_target_dotnet") - set(DOTNET_OUTPUT "${OUTPUT_DIR}/fuzz_target_dotnet/fuzz_target_dotnet.exe") - - add_custom_command( - OUTPUT ${DOTNET_OUTPUT} - COMMAND ${CMAKE_COMMAND} -E make_directory ${OUTPUT_DIR} - COMMAND ${CSC_CL} /unsafe /nologo /out:${DOTNET_OUTPUT} ${CMAKE_SOURCE_DIR}/${DOTNET_SRC} - DEPENDS ${DOTNET_SRC} - COMMENT "Building fuzz_target_dotnet.exe with ${CSC_CL}" - ) - - add_custom_target(build_dotnet ALL DEPENDS ${DOTNET_OUTPUT}) -endif() \ No newline at end of file diff --git a/cpp/windows/base-executable/clang-cpp-base-executable/README.md b/cpp/windows/base-executable/clang-cpp-base-executable/README.md new file mode 100644 index 0000000..88b0a5c --- /dev/null +++ b/cpp/windows/base-executable/clang-cpp-base-executable/README.md @@ -0,0 +1,23 @@ +## Building Windows C++ Targets + +Run the following to build the Windows C++ Clang target for Mayhem. + +```cmd +clang++.exe src\fuzz_target.cpp -g -O1 -o fuzz_target_clang.exe +``` + +## Creating a Mayhem package + +Once you've got your binary built, you can create a Mayhem package like so: + +```cmd +mayhem.exe package -o .\cpp-windows-base-executable-clang .\fuzz_target_clang.exe +``` + +## Executing the Mayhem Run + +The `mayhem package` command will create a `Mayhemfile` for you under the `cpp-windows-base-executable-clang` directory. You can initiate a Mayhem run like so: + +```cmd +mayhem.exe run .\cpp-windows-base-executable-clang --project mayhem-examples --target cpp-windows-base-executable-clang --duration 90 +``` diff --git a/cpp/windows/base-executable/clang/src/fuzz_methods.cpp b/cpp/windows/base-executable/clang-cpp-base-executable/src/fuzz_methods.cpp similarity index 100% rename from cpp/windows/base-executable/clang/src/fuzz_methods.cpp rename to cpp/windows/base-executable/clang-cpp-base-executable/src/fuzz_methods.cpp diff --git a/cpp/windows/base-executable/clang/src/fuzz_target.cpp b/cpp/windows/base-executable/clang-cpp-base-executable/src/fuzz_target.cpp similarity index 100% rename from cpp/windows/base-executable/clang/src/fuzz_target.cpp rename to cpp/windows/base-executable/clang-cpp-base-executable/src/fuzz_target.cpp diff --git a/cpp/windows/base-executable/clang/testsuite/test_abort.txt b/cpp/windows/base-executable/clang-cpp-base-executable/testsuite/test_abort.txt similarity index 100% rename from cpp/windows/base-executable/clang/testsuite/test_abort.txt rename to cpp/windows/base-executable/clang-cpp-base-executable/testsuite/test_abort.txt diff --git a/cpp/windows/base-executable/clang/testsuite/test_address_sanitizer.txt b/cpp/windows/base-executable/clang-cpp-base-executable/testsuite/test_address_sanitizer.txt similarity index 100% rename from cpp/windows/base-executable/clang/testsuite/test_address_sanitizer.txt rename to cpp/windows/base-executable/clang-cpp-base-executable/testsuite/test_address_sanitizer.txt diff --git a/cpp/windows/base-executable/clang/testsuite/test_assert.txt b/cpp/windows/base-executable/clang-cpp-base-executable/testsuite/test_assert.txt similarity index 100% rename from cpp/windows/base-executable/clang/testsuite/test_assert.txt rename to cpp/windows/base-executable/clang-cpp-base-executable/testsuite/test_assert.txt diff --git a/cpp/windows/base-executable/clang/testsuite/test_null_deref.txt b/cpp/windows/base-executable/clang-cpp-base-executable/testsuite/test_null_deref.txt similarity index 100% rename from cpp/windows/base-executable/clang/testsuite/test_null_deref.txt rename to cpp/windows/base-executable/clang-cpp-base-executable/testsuite/test_null_deref.txt diff --git a/cpp/windows/base-executable/clang/testsuite/test_raise_fail_fast.txt b/cpp/windows/base-executable/clang-cpp-base-executable/testsuite/test_raise_fail_fast.txt similarity index 100% rename from cpp/windows/base-executable/clang/testsuite/test_raise_fail_fast.txt rename to cpp/windows/base-executable/clang-cpp-base-executable/testsuite/test_raise_fail_fast.txt diff --git a/cpp/windows/base-executable/clang/testsuite/test_runtime_error.txt b/cpp/windows/base-executable/clang-cpp-base-executable/testsuite/test_runtime_error.txt similarity index 100% rename from cpp/windows/base-executable/clang/testsuite/test_runtime_error.txt rename to cpp/windows/base-executable/clang-cpp-base-executable/testsuite/test_runtime_error.txt diff --git a/cpp/windows/base-executable/clang/Dockerfile b/cpp/windows/base-executable/clang/Dockerfile deleted file mode 100644 index e69de29..0000000 diff --git a/cpp/windows/base-executable/clang/Mayhemfile b/cpp/windows/base-executable/clang/Mayhemfile deleted file mode 100644 index e69de29..0000000 diff --git a/cpp/windows/base-executable/clang/README.md b/cpp/windows/base-executable/clang/README.md deleted file mode 100644 index e69de29..0000000 diff --git a/cpp/windows/base-executable/gcc-cpp-base-executable/README.md b/cpp/windows/base-executable/gcc-cpp-base-executable/README.md new file mode 100644 index 0000000..8af1978 --- /dev/null +++ b/cpp/windows/base-executable/gcc-cpp-base-executable/README.md @@ -0,0 +1,23 @@ +## Building Windows C++ Targets + +Run the following to build the Windows C++ GCC target for Mayhem. + +```cmd +g++.exe src\fuzz_target.cpp -g -O1 -o fuzz_target_mingw.exe +``` + +## Creating a Mayhem package + +Once you've got your binary built, you can create a Mayhem package like so: + +```cmd +mayhem.exe package -o .\cpp-windows-base-executable-gcc .\fuzz_target_mingw.exe +``` + +## Executing the Mayhem Run + +The `mayhem package` command will create a `Mayhemfile` for you under the `cpp-windows-base-executable-gcc` directory. You can initiate a Mayhem run like so: + +```cmd +mayhem.exe run .\cpp-windows-base-executable-gcc --project mayhem-examples --target cpp-windows-base-executable-gcc --duration 90 +``` \ No newline at end of file diff --git a/cpp/windows/base-executable/gcc/src/fuzz_methods.cpp b/cpp/windows/base-executable/gcc-cpp-base-executable/src/fuzz_methods.cpp similarity index 100% rename from cpp/windows/base-executable/gcc/src/fuzz_methods.cpp rename to cpp/windows/base-executable/gcc-cpp-base-executable/src/fuzz_methods.cpp diff --git a/cpp/windows/base-executable/gcc/src/fuzz_target.cpp b/cpp/windows/base-executable/gcc-cpp-base-executable/src/fuzz_target.cpp similarity index 100% rename from cpp/windows/base-executable/gcc/src/fuzz_target.cpp rename to cpp/windows/base-executable/gcc-cpp-base-executable/src/fuzz_target.cpp diff --git a/cpp/windows/base-executable/gcc/testsuite/test_abort.txt b/cpp/windows/base-executable/gcc-cpp-base-executable/testsuite/test_abort.txt similarity index 100% rename from cpp/windows/base-executable/gcc/testsuite/test_abort.txt rename to cpp/windows/base-executable/gcc-cpp-base-executable/testsuite/test_abort.txt diff --git a/cpp/windows/base-executable/gcc/testsuite/test_address_sanitizer.txt b/cpp/windows/base-executable/gcc-cpp-base-executable/testsuite/test_address_sanitizer.txt similarity index 100% rename from cpp/windows/base-executable/gcc/testsuite/test_address_sanitizer.txt rename to cpp/windows/base-executable/gcc-cpp-base-executable/testsuite/test_address_sanitizer.txt diff --git a/cpp/windows/base-executable/gcc/testsuite/test_assert.txt b/cpp/windows/base-executable/gcc-cpp-base-executable/testsuite/test_assert.txt similarity index 100% rename from cpp/windows/base-executable/gcc/testsuite/test_assert.txt rename to cpp/windows/base-executable/gcc-cpp-base-executable/testsuite/test_assert.txt diff --git a/cpp/windows/base-executable/gcc/testsuite/test_null_deref.txt b/cpp/windows/base-executable/gcc-cpp-base-executable/testsuite/test_null_deref.txt similarity index 100% rename from cpp/windows/base-executable/gcc/testsuite/test_null_deref.txt rename to cpp/windows/base-executable/gcc-cpp-base-executable/testsuite/test_null_deref.txt diff --git a/cpp/windows/base-executable/gcc/testsuite/test_raise_fail_fast.txt b/cpp/windows/base-executable/gcc-cpp-base-executable/testsuite/test_raise_fail_fast.txt similarity index 100% rename from cpp/windows/base-executable/gcc/testsuite/test_raise_fail_fast.txt rename to cpp/windows/base-executable/gcc-cpp-base-executable/testsuite/test_raise_fail_fast.txt diff --git a/cpp/windows/base-executable/gcc/testsuite/test_runtime_error.txt b/cpp/windows/base-executable/gcc-cpp-base-executable/testsuite/test_runtime_error.txt similarity index 100% rename from cpp/windows/base-executable/gcc/testsuite/test_runtime_error.txt rename to cpp/windows/base-executable/gcc-cpp-base-executable/testsuite/test_runtime_error.txt diff --git a/cpp/windows/base-executable/gcc/Dockerfile b/cpp/windows/base-executable/gcc/Dockerfile deleted file mode 100644 index e69de29..0000000 diff --git a/cpp/windows/base-executable/gcc/Mayhemfile b/cpp/windows/base-executable/gcc/Mayhemfile deleted file mode 100644 index e69de29..0000000 diff --git a/cpp/windows/base-executable/gcc/README.md b/cpp/windows/base-executable/gcc/README.md deleted file mode 100644 index e69de29..0000000 diff --git a/cpp/windows/base-executable/msvc-cpp-base-executable/README.md b/cpp/windows/base-executable/msvc-cpp-base-executable/README.md new file mode 100644 index 0000000..7516d8c --- /dev/null +++ b/cpp/windows/base-executable/msvc-cpp-base-executable/README.md @@ -0,0 +1,23 @@ +## Building Windows C++ Targets + +Run the following to build the Windows C++ MSVC target for Mayhem. + +```cmd +cl.exe src\fuzz_target.cpp /nologo /Zi /FS /MDd /EHsc /Fo: "fuzz_target_msvc.obj" /Fe: "fuzz_target_msvc.exe" +``` + +## Creating a Mayhem package + +Once you've got your binary built, you can create a Mayhem package like so: + +```cmd +mayhem.exe package -o .\cpp-windows-base-executable-msvc .\fuzz_target_msvc.exe +``` + +## Executing the Mayhem Run + +The `mayhem package` command will create a `Mayhemfile` for you under the `cpp-windows-base-executable-msvc` directory. You can initiate a Mayhem run like so: + +```cmd +mayhem.exe run .\cpp-windows-base-executable-msvc --project mayhem-examples --target cpp-windows-base-executable-msvc --duration 90 +``` \ No newline at end of file diff --git a/cpp/windows/base-executable/msvc/src/fuzz_methods.cpp b/cpp/windows/base-executable/msvc-cpp-base-executable/src/fuzz_methods.cpp similarity index 100% rename from cpp/windows/base-executable/msvc/src/fuzz_methods.cpp rename to cpp/windows/base-executable/msvc-cpp-base-executable/src/fuzz_methods.cpp diff --git a/cpp/windows/base-executable/msvc/src/fuzz_target.cpp b/cpp/windows/base-executable/msvc-cpp-base-executable/src/fuzz_target.cpp similarity index 100% rename from cpp/windows/base-executable/msvc/src/fuzz_target.cpp rename to cpp/windows/base-executable/msvc-cpp-base-executable/src/fuzz_target.cpp diff --git a/cpp/windows/base-executable/msvc/testsuite/test_abort.txt b/cpp/windows/base-executable/msvc-cpp-base-executable/testsuite/test_abort.txt similarity index 100% rename from cpp/windows/base-executable/msvc/testsuite/test_abort.txt rename to cpp/windows/base-executable/msvc-cpp-base-executable/testsuite/test_abort.txt diff --git a/cpp/windows/base-executable/msvc/testsuite/test_address_sanitizer.txt b/cpp/windows/base-executable/msvc-cpp-base-executable/testsuite/test_address_sanitizer.txt similarity index 100% rename from cpp/windows/base-executable/msvc/testsuite/test_address_sanitizer.txt rename to cpp/windows/base-executable/msvc-cpp-base-executable/testsuite/test_address_sanitizer.txt diff --git a/cpp/windows/base-executable/msvc/testsuite/test_assert.txt b/cpp/windows/base-executable/msvc-cpp-base-executable/testsuite/test_assert.txt similarity index 100% rename from cpp/windows/base-executable/msvc/testsuite/test_assert.txt rename to cpp/windows/base-executable/msvc-cpp-base-executable/testsuite/test_assert.txt diff --git a/cpp/windows/base-executable/msvc/testsuite/test_null_deref.txt b/cpp/windows/base-executable/msvc-cpp-base-executable/testsuite/test_null_deref.txt similarity index 100% rename from cpp/windows/base-executable/msvc/testsuite/test_null_deref.txt rename to cpp/windows/base-executable/msvc-cpp-base-executable/testsuite/test_null_deref.txt diff --git a/cpp/windows/base-executable/msvc/testsuite/test_raise_fail_fast.txt b/cpp/windows/base-executable/msvc-cpp-base-executable/testsuite/test_raise_fail_fast.txt similarity index 100% rename from cpp/windows/base-executable/msvc/testsuite/test_raise_fail_fast.txt rename to cpp/windows/base-executable/msvc-cpp-base-executable/testsuite/test_raise_fail_fast.txt diff --git a/cpp/windows/base-executable/msvc/testsuite/test_runtime_error.txt b/cpp/windows/base-executable/msvc-cpp-base-executable/testsuite/test_runtime_error.txt similarity index 100% rename from cpp/windows/base-executable/msvc/testsuite/test_runtime_error.txt rename to cpp/windows/base-executable/msvc-cpp-base-executable/testsuite/test_runtime_error.txt diff --git a/cpp/windows/base-executable/msvc/windows-cpp-base-executable b/cpp/windows/base-executable/msvc-cpp-base-executable/windows-cpp-base-executable similarity index 100% rename from cpp/windows/base-executable/msvc/windows-cpp-base-executable rename to cpp/windows/base-executable/msvc-cpp-base-executable/windows-cpp-base-executable diff --git a/cpp/windows/base-executable/msvc/Dockerfile b/cpp/windows/base-executable/msvc/Dockerfile deleted file mode 100644 index e69de29..0000000 diff --git a/cpp/windows/base-executable/msvc/Mayhemfile b/cpp/windows/base-executable/msvc/Mayhemfile deleted file mode 100644 index e69de29..0000000 diff --git a/cpp/windows/base-executable/msvc/README.md b/cpp/windows/base-executable/msvc/README.md deleted file mode 100644 index e69de29..0000000 diff --git a/cpp/windows/libfuzzer/README.md b/cpp/windows/libfuzzer/README.md new file mode 100644 index 0000000..57d0620 --- /dev/null +++ b/cpp/windows/libfuzzer/README.md @@ -0,0 +1,23 @@ +## Building Windows C++ LibFuzzer Targets + +Run the following to build the Windows libFuzzer target for Mayhem. + +```cmd +clang++.exe src\libfuzzer_target.cpp -g -O1 -fsanitize=fuzzer -o fuzz_target_libfuzzer.exe +``` + +## Creating a Mayhem package + +Once you've got your binary built, you can create a Mayhem package like so: + +```cmd +mayhem.exe package -o .\cpp-windows-libfuzzer .\fuzz_target_libfuzzer.exe +``` + +## Executing the Mayhem Run + +The `mayhem package` command will create a `Mayhemfile` for you under the `cpp-windows-libfuzzer` directory. You can initiate a Mayhem run like so: + +```cmd +mayhem.exe run .\cpp-windows-libfuzzer --project mayhem-examples --target cpp-windows-libfuzzer --duration 90 +``` diff --git a/csharp/linux/libfuzzer/Dockerfile b/csharp/linux/libfuzzer/csharp-sharpfuzz/Dockerfile similarity index 100% rename from csharp/linux/libfuzzer/Dockerfile rename to csharp/linux/libfuzzer/csharp-sharpfuzz/Dockerfile diff --git a/csharp/linux/libfuzzer/Mayhemfile b/csharp/linux/libfuzzer/csharp-sharpfuzz/Mayhemfile similarity index 54% rename from csharp/linux/libfuzzer/Mayhemfile rename to csharp/linux/libfuzzer/csharp-sharpfuzz/Mayhemfile index 451856d..d2ac146 100644 --- a/csharp/linux/libfuzzer/Mayhemfile +++ b/csharp/linux/libfuzzer/csharp-sharpfuzz/Mayhemfile @@ -1,7 +1,7 @@ -image: $MAYHEM_DOCKER_REGISTRY/forallsecure/csharp-sharpfuzz:latest +image: $MAYHEM_DOCKER_REGISTRY/forallsecure/csharp-linux-sharpfuzz:latest duration: 90 project: mayhem-examples -target: csharp +target: csharp-linux-sharpfuzz cmds: - cmd: /fuzzme/libfuzzer-dotnet --target_path=/fuzzme/fuzzme libfuzzer: true diff --git a/csharp/linux/libfuzzer/Program.cs b/csharp/linux/libfuzzer/csharp-sharpfuzz/Program.cs similarity index 73% rename from csharp/linux/libfuzzer/Program.cs rename to csharp/linux/libfuzzer/csharp-sharpfuzz/Program.cs index a949c10..0640bab 100644 --- a/csharp/linux/libfuzzer/Program.cs +++ b/csharp/linux/libfuzzer/csharp-sharpfuzz/Program.cs @@ -18,9 +18,9 @@ public static void Func(ReadOnlySpan data) { } } -class Program { - static void Main(string[] args) { - Fuzzer.LibFuzzer.Run(data => { Fuzzme.Func(data); }); + class Program { + static void Main(string[] args) { + Fuzzer.LibFuzzer.Run(data => { Fuzzme.Func(data); }); + } } } -} diff --git a/csharp/linux/libfuzzer/README.md b/csharp/linux/libfuzzer/csharp-sharpfuzz/README.md similarity index 54% rename from csharp/linux/libfuzzer/README.md rename to csharp/linux/libfuzzer/csharp-sharpfuzz/README.md index e38c3aa..daff381 100644 --- a/csharp/linux/libfuzzer/README.md +++ b/csharp/linux/libfuzzer/csharp-sharpfuzz/README.md @@ -1,10 +1,10 @@ ## Building and Pushing the Docker Image -Run the following to build the `forallsecure/csharp-sharpfuzz` Docker image and push it to a specified Docker registry. +Run the following to build the `forallsecure/csharp-linux-sharpfuzz` Docker image and push it to a specified Docker registry. ```sh -docker build -t $MAYHEM_DOCKER_REGISTRY/forallsecure/csharp-sharpfuzz . -docker push $MAYHEM_DOCKER_REGISTRY/forallsecure/csharp-sharpfuzz +docker build -t $MAYHEM_DOCKER_REGISTRY/forallsecure/csharp-linux-sharpfuzz . +docker push $MAYHEM_DOCKER_REGISTRY/forallsecure/csharp-linux-sharpfuzz ``` ## Executing the Mayhem Run @@ -15,7 +15,7 @@ Then initiate a Mayhem run using a Mayhemfile similar to the following: image: $MAYHEM_DOCKER_REGISTRY/forallsecure/csharp-sharpfuzz:latest duration: 90 project: mayhem-examples -target: csharp +target: csharp-linux-sharpfuzz cmds: - cmd: /fuzzme/libfuzzer-dotnet --target_path=/fuzzme/fuzzme libfuzzer: true diff --git a/csharp/linux/libfuzzer/fuzzme.csproj b/csharp/linux/libfuzzer/csharp-sharpfuzz/fuzzme.csproj similarity index 100% rename from csharp/linux/libfuzzer/fuzzme.csproj rename to csharp/linux/libfuzzer/csharp-sharpfuzz/fuzzme.csproj diff --git a/csharp/linux/libfuzzer/testsuite/seed.txt b/csharp/linux/libfuzzer/csharp-sharpfuzz/testsuite/seed.txt similarity index 100% rename from csharp/linux/libfuzzer/testsuite/seed.txt rename to csharp/linux/libfuzzer/csharp-sharpfuzz/testsuite/seed.txt diff --git a/csharp/windows/base-executable/README.md b/csharp/windows/base-executable/README.md deleted file mode 100644 index e69de29..0000000 diff --git a/csharp/windows/base-executable/csharp-base-executable/README.md b/csharp/windows/base-executable/csharp-base-executable/README.md new file mode 100644 index 0000000..18b19be --- /dev/null +++ b/csharp/windows/base-executable/csharp-base-executable/README.md @@ -0,0 +1,23 @@ +## Building Windows C# Targets + +Run the following to build the Windows C# target for Mayhem. + +```cmd +csc.exe /unsafe /nologo /out:/dotnet_fuzz.exe src\dotnet_fuzz.cs +``` + +## Creating a Mayhem package + +Once you've got your binary built, you can create a Mayhem package like so: + +```cmd +mayhem.exe package -o .\csharp-windows-base-executable .\dotnet_fuzz.exe +``` + +## Executing the Mayhem Run + +The `mayhem package` command will create a `Mayhemfile` for you under the `csharp-windows-base-executable` directory. You can initiate a Mayhem run like so: + +```cmd +mayhem.exe run .\csharp-windows-base-executable --project mayhem-examples --target csharp-windows-base-executable --duration 90 +``` diff --git a/csharp/windows/base-executable/csharp-base-executable/src/dotnet_fuzz.cs b/csharp/windows/base-executable/csharp-base-executable/src/dotnet_fuzz.cs new file mode 100644 index 0000000..4a47366 --- /dev/null +++ b/csharp/windows/base-executable/csharp-base-executable/src/dotnet_fuzz.cs @@ -0,0 +1,105 @@ +using System; +using System.IO; +using System.Runtime.InteropServices; +using System.Diagnostics; + +namespace DotnetFuzz +{ + public static class DotnetFuzz + { + [DllImport("kernel32.dll")] + public static extern void RaiseFailFastException(IntPtr pExceptionRecord, IntPtr pContextRecord, uint dwFlags); + + public static void TestAbortBug(string data) + { + if (data.StartsWith("bug")) + { + Console.WriteLine("Found 'bug' abort corner case!"); + Environment.FailFast("Simulated abort"); + } + } + + public static void TestNullDerefMom(string data) + { + if (data.StartsWith("mom")) + { + Console.WriteLine("Found 'mom' null deref corner case!"); + unsafe + { + int* ptr = null; + *ptr = 42; + } + } + } + + public static void TestRuntimeErrorDad(string data) + { + if (data.StartsWith("dad")) + { + Console.WriteLine("Found 'dad' runtime_error corner case!"); + throw new Exception("Simulated runtime error"); + } + } + + public static void TestAssertCab(string data) + { + if (data.StartsWith("cab")) + { + Console.WriteLine("Found 'cab' assert corner case!"); + Debug.Assert(false, "Assertion failed for input 'cab'"); + } + } + + public static void TestRaiseFailFastDog(string data) + { + if (data.StartsWith("dog")) + { + Console.WriteLine("Found 'dog' RaiseFailFastException!"); + RaiseFailFastException(IntPtr.Zero, IntPtr.Zero, 0); + } + } + + public static void TestAddressSanitizerBoo(string data) + { + if (data.StartsWith("boo")) + { + Console.WriteLine("Found 'boo' address sanitizer corner case!"); + int[] x = new int[100]; + x[100] = 5; // Out of bounds write + } + } + + public static void TestAbortSetBehaviorSet(string data) + { + if (data.StartsWith("set")) + { + Console.WriteLine("Found 'set' FailFast corner case!"); + Environment.FailFast("set_abort_behavior + abort simulation"); + } + } + } + + class Program + { + + static void Main(string[] args) + { + if (args.Length < 1) + { + Console.Error.WriteLine("Usage: dotnet_fuzz_target "); + return; + } + + string input = File.ReadAllText(args[0]); + // Console.WriteLine($"Read '{input}' from input file."); + + DotnetFuzz.TestAbortBug(input); + DotnetFuzz.TestNullDerefMom(input); + DotnetFuzz.TestRuntimeErrorDad(input); + DotnetFuzz.TestAssertCab(input); + DotnetFuzz.TestRaiseFailFastDog(input); + DotnetFuzz.TestAddressSanitizerBoo(input); + DotnetFuzz.TestAbortSetBehaviorSet(input); + } + } +} diff --git a/csharp/windows/base-executable/csharp-base-executable/src/dotnet_fuzz.csproj b/csharp/windows/base-executable/csharp-base-executable/src/dotnet_fuzz.csproj new file mode 100644 index 0000000..fca5df0 --- /dev/null +++ b/csharp/windows/base-executable/csharp-base-executable/src/dotnet_fuzz.csproj @@ -0,0 +1,11 @@ + + + + Exe + net6.0 + true + dotnet_fuzz + true + + + \ No newline at end of file diff --git a/csharp/windows/base-executable/testsuite/test_abort.txt b/csharp/windows/base-executable/csharp-base-executable/testsuite/test_abort.txt similarity index 100% rename from csharp/windows/base-executable/testsuite/test_abort.txt rename to csharp/windows/base-executable/csharp-base-executable/testsuite/test_abort.txt diff --git a/csharp/windows/base-executable/testsuite/test_address_sanitizer.txt b/csharp/windows/base-executable/csharp-base-executable/testsuite/test_address_sanitizer.txt similarity index 100% rename from csharp/windows/base-executable/testsuite/test_address_sanitizer.txt rename to csharp/windows/base-executable/csharp-base-executable/testsuite/test_address_sanitizer.txt diff --git a/csharp/windows/base-executable/testsuite/test_assert.txt b/csharp/windows/base-executable/csharp-base-executable/testsuite/test_assert.txt similarity index 100% rename from csharp/windows/base-executable/testsuite/test_assert.txt rename to csharp/windows/base-executable/csharp-base-executable/testsuite/test_assert.txt diff --git a/csharp/windows/base-executable/testsuite/test_null_deref.txt b/csharp/windows/base-executable/csharp-base-executable/testsuite/test_null_deref.txt similarity index 100% rename from csharp/windows/base-executable/testsuite/test_null_deref.txt rename to csharp/windows/base-executable/csharp-base-executable/testsuite/test_null_deref.txt diff --git a/csharp/windows/base-executable/testsuite/test_raise_fail_fast.txt b/csharp/windows/base-executable/csharp-base-executable/testsuite/test_raise_fail_fast.txt similarity index 100% rename from csharp/windows/base-executable/testsuite/test_raise_fail_fast.txt rename to csharp/windows/base-executable/csharp-base-executable/testsuite/test_raise_fail_fast.txt diff --git a/csharp/windows/base-executable/testsuite/test_runtime_error.txt b/csharp/windows/base-executable/csharp-base-executable/testsuite/test_runtime_error.txt similarity index 100% rename from csharp/windows/base-executable/testsuite/test_runtime_error.txt rename to csharp/windows/base-executable/csharp-base-executable/testsuite/test_runtime_error.txt diff --git a/csharp/windows/base-executable/dotnet_fuzz_target.cs b/csharp/windows/base-executable/dotnet_fuzz_target.cs deleted file mode 100644 index 2cebb88..0000000 --- a/csharp/windows/base-executable/dotnet_fuzz_target.cs +++ /dev/null @@ -1,98 +0,0 @@ -using System; -using System.IO; -using System.Runtime.InteropServices; -using System.Diagnostics; - -class Program -{ - [DllImport("kernel32.dll")] - static extern void RaiseFailFastException(IntPtr pExceptionRecord, IntPtr pContextRecord, uint dwFlags); - - static void TestAbortBug(string data) - { - if (data.StartsWith("bug")) - { - Console.WriteLine("Found 'bug' abort corner case!"); - Environment.FailFast("Simulated abort"); - } - } - - static void TestNullDerefMom(string data) - { - if (data.StartsWith("mom")) - { - Console.WriteLine("Found 'mom' null deref corner case!"); - unsafe - { - int* ptr = null; - *ptr = 42; - } - } - } - - static void TestRuntimeErrorDad(string data) - { - if (data.StartsWith("dad")) - { - Console.WriteLine("Found 'dad' runtime_error corner case!"); - throw new Exception("Simulated runtime error"); - } - } - - static void TestAssertCab(string data) - { - if (data.StartsWith("cab")) - { - Console.WriteLine("Found 'cab' assert corner case!"); - Debug.Assert(false, "Assertion failed for input 'cab'"); - } - } - - static void TestRaiseFailFastDog(string data) - { - if (data.StartsWith("dog")) - { - Console.WriteLine("Found 'dog' RaiseFailFastException!"); - RaiseFailFastException(IntPtr.Zero, IntPtr.Zero, 0); - } - } - - static void TestAddressSanitizerBoo(string data) - { - if (data.StartsWith("boo")) - { - Console.WriteLine("Found 'boo' address sanitizer corner case!"); - int[] x = new int[100]; - x[100] = 5; // Out of bounds write - } - } - - static void TestAbortSetBehaviorSet(string data) - { - if (data.StartsWith("set")) - { - Console.WriteLine("Found 'set' FailFast corner case!"); - Environment.FailFast("set_abort_behavior + abort simulation"); - } - } - - static void Main(string[] args) - { - if (args.Length < 1) - { - Console.Error.WriteLine("Usage: dotnet_fuzz_target "); - return; - } - - string input = File.ReadAllText(args[0]); - Console.WriteLine($"Read '{input}' from input file."); - - TestAbortBug(input); - TestNullDerefMom(input); - TestRuntimeErrorDad(input); - TestAbortSetBehaviorSet(input); - TestAddressSanitizerBoo(input); - TestRaiseFailFastDog(input); - TestAssertCab(input); - } -} diff --git a/csharp/windows/base-executable/windows-csharp-base-executable b/csharp/windows/base-executable/windows-csharp-base-executable deleted file mode 120000 index 2813989..0000000 --- a/csharp/windows/base-executable/windows-csharp-base-executable +++ /dev/null @@ -1 +0,0 @@ -./windows-csharp-base-executable \ No newline at end of file From f9aae51267e4b0c2940389ca1b8a89608cc90a2f Mon Sep 17 00:00:00 2001 From: xansec Date: Mon, 18 Aug 2025 20:55:33 -0400 Subject: [PATCH 05/13] update debian base --- android/base-executable/android-base-executable/Dockerfile | 4 ++-- c/base-executable/c-base-executable/Dockerfile | 2 +- c/base-executable/powerpc-c-base-executable/Dockerfile | 2 +- c/base-executable/powerpc64-c-base-executable/Dockerfile | 2 +- c/base-executable/powerpc64le-c-base-executable/Dockerfile | 2 +- c/honggfuzz/c-honggfuzz-clang/Dockerfile | 2 +- c/honggfuzz/c-honggfuzz-gcc/Dockerfile | 2 +- cpp/linux/base-executable/cpp-base-executable/Dockerfile | 2 +- cpp/linux/honggfuzz/cpp-honggfuzz-clang/Dockerfile | 2 +- cpp/linux/honggfuzz/cpp-honggfuzz-gcc/Dockerfile | 2 +- fortran/base-executable/fortran-base-executable/Dockerfile | 2 +- objective-c/base-executable/obj-c-base-executable/Dockerfile | 2 +- ocaml/base-executable/ocaml-base-executable/Dockerfile | 2 +- 13 files changed, 14 insertions(+), 14 deletions(-) diff --git a/android/base-executable/android-base-executable/Dockerfile b/android/base-executable/android-base-executable/Dockerfile index a2a3b24..3fd3b83 100644 --- a/android/base-executable/android-base-executable/Dockerfile +++ b/android/base-executable/android-base-executable/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim +FROM debian:bookworm-slim RUN apt-get update && \ apt-get install -fy wget zip make && \ wget https://dl.google.com/android/repository/android-ndk-r21e-linux-x86_64.zip && \ @@ -12,7 +12,7 @@ WORKDIR /android-ndk-r21e/mayhemit/jni/ RUN ../../ndk-build WORKDIR /android-ndk-r21e/mayhemit/libs/x86_64 -FROM debian:buster-slim +FROM debian:bookworm-slim COPY --from=0 /android-ndk-r21e/mayhemit/libs/x86_64/mayhemit /mayhemit # Set to fuzz! diff --git a/c/base-executable/c-base-executable/Dockerfile b/c/base-executable/c-base-executable/Dockerfile index 5ecc2ad..ac4609f 100644 --- a/c/base-executable/c-base-executable/Dockerfile +++ b/c/base-executable/c-base-executable/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim as builder +FROM debian:bookworm-slim as builder RUN apt-get update && \ apt-get install -y gcc make libc6-dbg && \ rm -rf /var/lib/apt/lists/* diff --git a/c/base-executable/powerpc-c-base-executable/Dockerfile b/c/base-executable/powerpc-c-base-executable/Dockerfile index 51c5a7a..3936cad 100644 --- a/c/base-executable/powerpc-c-base-executable/Dockerfile +++ b/c/base-executable/powerpc-c-base-executable/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim as builder +FROM debian:bookworm-slim as builder RUN apt-get update && \ apt-get install -y gcc-powerpc-linux-gnu make libc6-dbg && \ rm -rf /var/lib/apt/lists/* diff --git a/c/base-executable/powerpc64-c-base-executable/Dockerfile b/c/base-executable/powerpc64-c-base-executable/Dockerfile index 37b2e1a..eef9afc 100644 --- a/c/base-executable/powerpc64-c-base-executable/Dockerfile +++ b/c/base-executable/powerpc64-c-base-executable/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim as builder +FROM debian:bookworm-slim as builder RUN apt-get update && \ apt-get install -y gcc-powerpc64-linux-gnu make libc6-dbg && \ rm -rf /var/lib/apt/lists/* diff --git a/c/base-executable/powerpc64le-c-base-executable/Dockerfile b/c/base-executable/powerpc64le-c-base-executable/Dockerfile index 8f9ee10..48ea851 100644 --- a/c/base-executable/powerpc64le-c-base-executable/Dockerfile +++ b/c/base-executable/powerpc64le-c-base-executable/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim as builder +FROM debian:bookworm-slim as builder RUN apt-get update && \ apt-get install -y gcc-powerpc64le-linux-gnu make libc6-dbg && \ rm -rf /var/lib/apt/lists/* diff --git a/c/honggfuzz/c-honggfuzz-clang/Dockerfile b/c/honggfuzz/c-honggfuzz-clang/Dockerfile index 54a8736..24b3475 100644 --- a/c/honggfuzz/c-honggfuzz-clang/Dockerfile +++ b/c/honggfuzz/c-honggfuzz-clang/Dockerfile @@ -2,7 +2,7 @@ FROM fuzzers/honggfuzz:1.9 COPY src/mayhemit.c . RUN hfuzz-clang -fno-inline mayhemit.c -o /mayhemit -FROM debian:buster-slim +FROM debian:bookworm-slim COPY --from=0 /mayhemit . COPY --from=0 /usr/local/bin/honggfuzz /usr/local/bin/honggfuzz COPY --from=0 /usr/lib/x86_64-linux-gnu/libunwind-ptrace.so.0 /usr/lib/x86_64-linux-gnu/libunwind-ptrace.so.0 diff --git a/c/honggfuzz/c-honggfuzz-gcc/Dockerfile b/c/honggfuzz/c-honggfuzz-gcc/Dockerfile index 346dd76..11428bc 100644 --- a/c/honggfuzz/c-honggfuzz-gcc/Dockerfile +++ b/c/honggfuzz/c-honggfuzz-gcc/Dockerfile @@ -2,7 +2,7 @@ FROM fuzzers/honggfuzz:1.9 COPY src/mayhemit.c . RUN hfuzz-gcc mayhemit.c -o /mayhemit -FROM debian:buster-slim +FROM debian:bookworm-slim COPY --from=0 /mayhemit . COPY --from=0 /usr/local/bin/honggfuzz /usr/local/bin/honggfuzz COPY --from=0 /usr/lib/x86_64-linux-gnu/libunwind-ptrace.so.0 /usr/lib/x86_64-linux-gnu/libunwind-ptrace.so.0 diff --git a/cpp/linux/base-executable/cpp-base-executable/Dockerfile b/cpp/linux/base-executable/cpp-base-executable/Dockerfile index 43c23fa..412132a 100644 --- a/cpp/linux/base-executable/cpp-base-executable/Dockerfile +++ b/cpp/linux/base-executable/cpp-base-executable/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim as builder +FROM debian:bookworm-slim as builder RUN apt-get update && \ apt-get install -y gcc g++ make libc6-dbg && \ rm -rf /var/lib/apt/lists/* diff --git a/cpp/linux/honggfuzz/cpp-honggfuzz-clang/Dockerfile b/cpp/linux/honggfuzz/cpp-honggfuzz-clang/Dockerfile index caf56c3..8f091b6 100644 --- a/cpp/linux/honggfuzz/cpp-honggfuzz-clang/Dockerfile +++ b/cpp/linux/honggfuzz/cpp-honggfuzz-clang/Dockerfile @@ -2,7 +2,7 @@ FROM fuzzers/honggfuzz:1.9 COPY src/mayhemit.cpp . RUN hfuzz-clang++ -fno-inline mayhemit.cpp -o mayhemit -FROM debian:buster-slim +FROM debian:bookworm-slim COPY --from=0 /mayhemit . COPY --from=0 /usr/local/bin/honggfuzz /usr/local/bin/honggfuzz COPY --from=0 /usr/lib/x86_64-linux-gnu/libunwind-ptrace.so.0 /usr/lib/x86_64-linux-gnu/libunwind-ptrace.so.0 diff --git a/cpp/linux/honggfuzz/cpp-honggfuzz-gcc/Dockerfile b/cpp/linux/honggfuzz/cpp-honggfuzz-gcc/Dockerfile index e9650a5..4cd6044 100644 --- a/cpp/linux/honggfuzz/cpp-honggfuzz-gcc/Dockerfile +++ b/cpp/linux/honggfuzz/cpp-honggfuzz-gcc/Dockerfile @@ -2,7 +2,7 @@ FROM fuzzers/honggfuzz:1.9 COPY src/mayhemit.cpp . RUN hfuzz-g++ mayhemit.cpp -o /mayhemit -FROM debian:buster-slim +FROM debian:bookworm-slim COPY --from=0 /mayhemit . COPY --from=0 /usr/local/bin/honggfuzz /usr/local/bin/honggfuzz COPY --from=0 /usr/lib/x86_64-linux-gnu/libunwind-ptrace.so.0 /usr/lib/x86_64-linux-gnu/libunwind-ptrace.so.0 diff --git a/fortran/base-executable/fortran-base-executable/Dockerfile b/fortran/base-executable/fortran-base-executable/Dockerfile index f37aba6..42ba8de 100644 --- a/fortran/base-executable/fortran-base-executable/Dockerfile +++ b/fortran/base-executable/fortran-base-executable/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim +FROM debian:bookworm-slim COPY src/mayhemit.f90 . RUN apt-get update && \ apt-get install -fy gfortran && \ diff --git a/objective-c/base-executable/obj-c-base-executable/Dockerfile b/objective-c/base-executable/obj-c-base-executable/Dockerfile index a4faa5f..6328518 100644 --- a/objective-c/base-executable/obj-c-base-executable/Dockerfile +++ b/objective-c/base-executable/obj-c-base-executable/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim as builder +FROM debian:bookworm-slim as builder RUN apt-get update && \ apt-get install -fy build-essential gobjc gobjc++ gnustep gnustep-devel libgnustep-base-dev COPY src/mayhemit.m . diff --git a/ocaml/base-executable/ocaml-base-executable/Dockerfile b/ocaml/base-executable/ocaml-base-executable/Dockerfile index 447f1e4..871a0b7 100644 --- a/ocaml/base-executable/ocaml-base-executable/Dockerfile +++ b/ocaml/base-executable/ocaml-base-executable/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:buster-slim as builder +FROM debian:bookworm-slim as builder RUN apt-get update && \ apt-get install -y ocaml COPY src/mayhemit.ml . From 148bfd2219bdc8f713ee10958a69b89e6ca5ad44 Mon Sep 17 00:00:00 2001 From: Dan Forbes Date: Tue, 19 Aug 2025 07:49:27 -0400 Subject: [PATCH 06/13] Remove Reference to "dforbes" Workspace --- .github/workflows/build-windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-windows.yml b/.github/workflows/build-windows.yml index 75aefa4..f4902bb 100644 --- a/.github/workflows/build-windows.yml +++ b/.github/workflows/build-windows.yml @@ -41,7 +41,7 @@ jobs: # shell: pwsh # run: | # $mayhemUrl = if ([string]::IsNullOrEmpty("${{ inputs.mayhem_url }}")) { 'https://app.mayhem.security' } else { "${{ inputs.mayhem_url }}" } - # $workspace = if ([string]::IsNullOrEmpty("${{ inputs.workspace }}")) { 'dforbes' } else { "${{ inputs.workspace }}" } + # $workspace = if ([string]::IsNullOrEmpty("${{ inputs.workspace }}")) { 'mayhem-examples' } else { "${{ inputs.workspace }}" } # echo "MAYHEM_URL=$mayhemUrl" | Out-File -FilePath $env:GITHUB_ENV -Append # echo "WORKSPACE=$workspace" | Out-File -FilePath $env:GITHUB_ENV -Append From 878f146960abce72a0d7b41d876909e835ab059d Mon Sep 17 00:00:00 2001 From: xansec Date: Fri, 19 Sep 2025 14:34:18 -0400 Subject: [PATCH 07/13] fix dockerfiles --- .../android-base-executable/Dockerfile | 4 ++-- .../linux/libfuzzer/csharp-sharpfuzz/Dockerfile | 16 +++++++++------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/android/base-executable/android-base-executable/Dockerfile b/android/base-executable/android-base-executable/Dockerfile index 3fd3b83..eb44e01 100644 --- a/android/base-executable/android-base-executable/Dockerfile +++ b/android/base-executable/android-base-executable/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:bookworm-slim +FROM debian:bookworm-slim AS builder RUN apt-get update && \ apt-get install -fy wget zip make && \ wget https://dl.google.com/android/repository/android-ndk-r21e-linux-x86_64.zip && \ @@ -13,7 +13,7 @@ RUN ../../ndk-build WORKDIR /android-ndk-r21e/mayhemit/libs/x86_64 FROM debian:bookworm-slim -COPY --from=0 /android-ndk-r21e/mayhemit/libs/x86_64/mayhemit /mayhemit +COPY --from=builder /android-ndk-r21e/mayhemit/libs/x86_64/mayhemit /mayhemit # Set to fuzz! ENTRYPOINT [] diff --git a/csharp/linux/libfuzzer/csharp-sharpfuzz/Dockerfile b/csharp/linux/libfuzzer/csharp-sharpfuzz/Dockerfile index 4f8ecd9..8ee9606 100644 --- a/csharp/linux/libfuzzer/csharp-sharpfuzz/Dockerfile +++ b/csharp/linux/libfuzzer/csharp-sharpfuzz/Dockerfile @@ -1,14 +1,16 @@ -FROM mcr.microsoft.com/dotnet/nightly/sdk:6.0 as builder +FROM mcr.microsoft.com/dotnet/nightly/sdk:6.0 AS builder RUN mkdir /workdir WORKDIR /workdir -RUN dotnet tool install --global SharpFuzz.CommandLine -RUN wget https://github.com/Metalnem/libfuzzer-dotnet/releases/latest/download/libfuzzer-dotnet.tar.gz && \ - tar -xf libfuzzer-dotnet.tar.gz && \ - rm libfuzzer-dotnet.tar.gz +RUN dotnet tool install --global SharpFuzz.CommandLine --version 2.1.1 +RUN wget $(curl -s https://api.github.com/repos/Metalnem/libfuzzer-dotnet/releases/latest | grep "tarball_url" | cut -d '"' -f 4) -O libfuzzer-dotnet.tar.gz && \ + mkdir libfuzzer-dotnet && \ + tar xzf libfuzzer-dotnet.tar.gz -C libfuzzer-dotnet --strip-components=1 && \ + rm libfuzzer-dotnet.tar.gz && \ + rm -r libfuzzer-dotnet/tests libfuzzer-dotnet/test.ps1 -ENV PATH $PATH:/root/.dotnet/tools +ENV PATH=$PATH:/root/.dotnet/tools COPY Program.cs Program.cs COPY fuzzme.csproj fuzzme.csproj @@ -17,7 +19,7 @@ RUN dotnet publish fuzzme.csproj -c release -r linux-x64 --self-contained -o fuz RUN sharpfuzz ./fuzzme/fuzzme.dll Fuzzme.Fuzzme RUN mv libfuzzer-dotnet fuzzme/libfuzzer-dotnet -FROM mcr.microsoft.com/dotnet/nightly/runtime:6.0 as fuzzer +FROM mcr.microsoft.com/dotnet/nightly/runtime:6.0 COPY --from=builder /workdir/fuzzme /fuzzme # Set to fuzz! From b3f8999d517055c13a8df373ecf6d6000e5b42b6 Mon Sep 17 00:00:00 2001 From: xansec Date: Fri, 19 Sep 2025 14:54:35 -0400 Subject: [PATCH 08/13] fix dockerfiles 2 --- objective-c/base-executable/obj-c-base-executable/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/objective-c/base-executable/obj-c-base-executable/Dockerfile b/objective-c/base-executable/obj-c-base-executable/Dockerfile index 6328518..ec24fe8 100644 --- a/objective-c/base-executable/obj-c-base-executable/Dockerfile +++ b/objective-c/base-executable/obj-c-base-executable/Dockerfile @@ -1,8 +1,8 @@ -FROM debian:bookworm-slim as builder +FROM debian:bookworm-slim AS builder RUN apt-get update && \ apt-get install -fy build-essential gobjc gobjc++ gnustep gnustep-devel libgnustep-base-dev COPY src/mayhemit.m . -RUN gcc $(gnustep-config --objc-flags) $(gnustep-config --base-libs) mayhemit.m -o mayhemit +RUN gcc mayhemit.m $(gnustep-config --objc-flags) $(gnustep-config --base-libs) -o mayhemit # Set to fuzz! ENTRYPOINT [] From 4c31c73ff097a98accddaa70679324b61b27cb29 Mon Sep 17 00:00:00 2001 From: xansec Date: Fri, 19 Sep 2025 16:52:02 -0400 Subject: [PATCH 09/13] fix dockerfiles 3 --- ocaml/afl/ocaml-afl/Dockerfile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ocaml/afl/ocaml-afl/Dockerfile b/ocaml/afl/ocaml-afl/Dockerfile index 81b3582..827e676 100644 --- a/ocaml/afl/ocaml-afl/Dockerfile +++ b/ocaml/afl/ocaml-afl/Dockerfile @@ -1,8 +1,9 @@ -FROM fuzzers/afl:2.52 -RUN apt-get update && \ - apt-get install -y ocaml +FROM ubuntu AS base +RUN apt update -y && apt install -y curl afl++ unzip +RUN curl -fsSL https://opam.ocaml.org/install.sh | bash +RUN opam init --disable-sandboxing -y COPY src/mayhemit.ml . -RUN ocamlopt -afl-instrument unix.cmxa mayhemit.ml -o /mayhemit && \ +RUN eval $(opam env) && ocamlopt -afl-instrument unix.cmxa mayhemit.ml -o /mayhemit && \ mkdir /input && \ echo seed > input/seed && \ mkdir /output From f19c26ee4ad92f328d502f95955a357caf61ffb7 Mon Sep 17 00:00:00 2001 From: xansec Date: Fri, 19 Sep 2025 17:25:08 -0400 Subject: [PATCH 10/13] fix dockerfiles 4 --- rust/afl/rust-afl/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/afl/rust-afl/Dockerfile b/rust/afl/rust-afl/Dockerfile index f8e9bd5..3d5add4 100644 --- a/rust/afl/rust-afl/Dockerfile +++ b/rust/afl/rust-afl/Dockerfile @@ -1,4 +1,4 @@ -FROM fuzzers/cargo-fuzz:0.10.0 +FROM fuzzers/cargo-fuzz:0.11.0 RUN cargo install afl --version 0.7.0 COPY src/mayhemit.rs . RUN export USER=root && \ From 518b4461efc4e56acb3b0443ab9084d85b82536c Mon Sep 17 00:00:00 2001 From: xansec Date: Fri, 19 Sep 2025 17:49:14 -0400 Subject: [PATCH 11/13] fix dockerfiles 5 --- rust/afl/rust-afl/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rust/afl/rust-afl/Dockerfile b/rust/afl/rust-afl/Dockerfile index 3d5add4..eadefb4 100644 --- a/rust/afl/rust-afl/Dockerfile +++ b/rust/afl/rust-afl/Dockerfile @@ -1,6 +1,7 @@ FROM fuzzers/cargo-fuzz:0.11.0 RUN cargo install afl --version 0.7.0 COPY src/mayhemit.rs . +ENV RUSTFLAGS="-Znew-llvm-pass-manager=no" RUN export USER=root && \ cargo new mayhemit && \ cd mayhemit && \ @@ -11,4 +12,4 @@ RUN echo seed > /tmp/seed # Set to fuzz! ENTRYPOINT ["cargo", "afl", "fuzz", "-i", "/tmp", "-o", "/out"] -CMD ["/mayhemit/target/debug/mayhemit"] +CMD ["/mayhemit/target/debug/mayhemit"] \ No newline at end of file From e9700cc9423d0ed17c2cd854bb8ace6b85187f8b Mon Sep 17 00:00:00 2001 From: xansec Date: Fri, 3 Oct 2025 16:53:21 -0400 Subject: [PATCH 12/13] fix rust --- rust/afl/rust-afl/Dockerfile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/rust/afl/rust-afl/Dockerfile b/rust/afl/rust-afl/Dockerfile index eadefb4..3d1e775 100644 --- a/rust/afl/rust-afl/Dockerfile +++ b/rust/afl/rust-afl/Dockerfile @@ -1,12 +1,11 @@ -FROM fuzzers/cargo-fuzz:0.11.0 -RUN cargo install afl --version 0.7.0 +FROM rust:1.90.0 +RUN cargo install cargo-afl COPY src/mayhemit.rs . -ENV RUSTFLAGS="-Znew-llvm-pass-manager=no" RUN export USER=root && \ cargo new mayhemit && \ cd mayhemit && \ mv /mayhemit.rs src/main.rs && \ - echo afl = '"0.4"' >> Cargo.toml && \ + echo afl = '"*"' >> Cargo.toml && \ cargo afl build RUN echo seed > /tmp/seed From a964e8868a8751f6e0c0c8ea9d47b56914c1b8a5 Mon Sep 17 00:00:00 2001 From: xansec <76011430+xansec@users.noreply.github.com> Date: Mon, 27 Oct 2025 16:07:13 -0400 Subject: [PATCH 13/13] free up space --- .github/workflows/build-linux-docker.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/build-linux-docker.yml b/.github/workflows/build-linux-docker.yml index 5b0d487..cc81620 100644 --- a/.github/workflows/build-linux-docker.yml +++ b/.github/workflows/build-linux-docker.yml @@ -12,6 +12,22 @@ jobs: build: runs-on: ubuntu-latest steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + with: + # this might remove tools that are actually needed, + # if set to "true" but frees about 6 GB + tool-cache: false + + # all of these default to true, but feel free to set to + # "false" if necessary for your workflow + android: true + dotnet: true + haskell: true + large-packages: true + docker-images: true + swap-storage: true + - name: Check out the repo uses: actions/checkout@v5