libfuzzer实战——cmakelists.txt常见修改策略

libfuzzer实战——cmakelists.txt常见修改策略

libfuzzer的精髓在于了解程序架构，然后再加以fuzz。aosp，chromium，skia这类大型工程插桩fuzz的操作都是先对整体工程插桩，然后再在工程中添加自己的测试文件。这也是针对所有大型工程Libfuzzer的使用方法。

设置CC和CXX

set(CMAKE_C_COMPILER "clang")
set(CMAKE_CXX_COMPILER "clang++")
set(cov-flag -fsanitize-coverage=edge,indirect-calls,trace-cmp,trace-gep,trace-pc-guard)
set(CMAKE_CXX_FLAGS "-g -fsanitize=address")
set(CMAKE_C_FLAGS "-g -fsanitize=address ${cov-flag}")

在CMakeLists.txt中添加自己的测试文件

add_executable(fuzz-ReadAnimatedImage
  myfuzzer/fuzz-ReadAnimatedImage/fuzz_ReadAnimatedImage.cpp  
)

target_compile_options(fuzz-ReadAnimatedImage PUBLIC -fsanitize=fuzzer,address -O3) 

target_include_directories(fuzz-ReadAnimatedImage PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/src)
target_include_directories(fuzz-ReadAnimatedImage PRIVATE ${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR})

target_include_directories(fuzz-ReadAnimatedImage PUBLIC .)
target_link_libraries(fuzz-ReadAnimatedImage exampleutil imagedec imageenc -fsanitize=address,fuzzer)

poppler插桩

cmake ..   -DBUILD_SHARED_LIBS=OFF   -DENABLE_DCTDECODER=none   -DENABLE_LIBOPENJPEG=none   -DENABLE_CMS=none   -DENABLE_LIBPNG=OFF   -DENABLE_ZLIB=OFF   -DENABLE_LIBTIFF=OFF   -DENABLE_LIBJPEG=OFF   -DENABLE_GLIB=OFF   -DENABLE_LIBCURL=OFF   -DENABLE_QT5=OFF   -DENABLE_UTILS=OFF   -DWITH_Cairo=OFF   -DWITH_NSS3=OFF