From 2e08fb5bbf704cde15cb5886aa8a63362092d788 Mon Sep 17 00:00:00 2001 From: Maksym Sobolyev Date: Wed, 21 Aug 2024 06:22:49 -0700 Subject: [PATCH] Record refcounter trace into a file in the artefacts dir. --- scripts/fuzz/fuzz_command_parser.c | 13 +++++++++++++ scripts/fuzz/fuzz_standalone.h | 11 ++++++++++- scripts/fuzz/rfz_utils.c | 13 +++++++++++++ scripts/fuzz/rfz_utils.h | 1 + src/rtpp_refcnt.c | 8 ++++++-- src/rtpp_refcnt.h | 9 +++++++++ 6 files changed, 52 insertions(+), 3 deletions(-) diff --git a/scripts/fuzz/fuzz_command_parser.c b/scripts/fuzz/fuzz_command_parser.c index 4a35d5a91..b9a40f76d 100644 --- a/scripts/fuzz/fuzz_command_parser.c +++ b/scripts/fuzz/fuzz_command_parser.c @@ -11,6 +11,19 @@ int LLVMFuzzerInitialize(int *_argc, char ***_argv) { +#if 1 + char * const *argv = *_argv; + + for (int i = 0; i < *_argc; i++) { + int aplen = sizeof("-artifact_prefix=") - 1; + if (memcmp(argv[i], "-artifact_prefix=", aplen)) + continue; + RTPPInitializeParams.artifact_prefix = argv[i] + aplen; + fprintf(stderr, "RTPPInitializeParams.artifact_prefix = %s\n", RTPPInitializeParams.artifact_prefix); + } +#else + RTPPInitializeParams.artifact_prefix = "/out"; +#endif return RTPPInitialize(); } diff --git a/scripts/fuzz/fuzz_standalone.h b/scripts/fuzz/fuzz_standalone.h index 3bb410e27..76b26d074 100644 --- a/scripts/fuzz/fuzz_standalone.h +++ b/scripts/fuzz/fuzz_standalone.h @@ -15,6 +15,7 @@ extern int LLVMFuzzerInitialize(int *argc, char ***argv) __attribute__((__weak__ int LLVMFuzzerTestOneInput(const char *data, size_t size); +#if 0 __attribute__((constructor)) static void rtpp_init() { @@ -24,6 +25,7 @@ rtpp_init() abort(); } } +#endif int main(int argc, char *argv[]) @@ -32,12 +34,19 @@ main(int argc, char *argv[]) char *cp; size_t size; + if (LLVMFuzzerInitialize == NULL) + return (-1); + int r = LLVMFuzzerInitialize(&argc, &argv); + if (r != 0) + return (-1); fflag = 0; - while ((ch = getopt(argc, argv, "f")) != -1) { + while ((ch = getopt(argc, argv, "a:f")) != -1) { switch (ch) { case 'f': fflag = 1; break; + case 'a': + break; default: return (-1); } diff --git a/scripts/fuzz/rfz_utils.c b/scripts/fuzz/rfz_utils.c index 27d6911d8..5f9a5725e 100644 --- a/scripts/fuzz/rfz_utils.c +++ b/scripts/fuzz/rfz_utils.c @@ -1,4 +1,5 @@ #include +#include #include #include #include @@ -61,6 +62,10 @@ cleanupHandler(void) printf("Cleaning up before exit...\n"); rtpp_shutdown(gconf.cfsp); close(gconf.tfd); + if (rtpp_refcnt_tracefile != NULL) { + fflush(rtpp_refcnt_tracefile); + fclose(rtpp_refcnt_tracefile); + } } static unsigned char deterministic_data[32] = { @@ -138,6 +143,14 @@ RTPPInitialize(void) if (__afl_manual_init != NULL) __afl_manual_init(); + if (rp->artifact_prefix != NULL) { + char buf[512]; + snprintf(buf, sizeof(buf), "%s/rtpp_refcnt.%d.txt", rp->artifact_prefix, getpid()); + rtpp_refcnt_tracefile = fopen(buf, "w"); + if (rtpp_refcnt_tracefile == NULL) + goto e0; + } + OPT_SAVE(); assert(RAND_set_rand_method(&dummy) == 1); SeedRNGs(); diff --git a/scripts/fuzz/rfz_utils.h b/scripts/fuzz/rfz_utils.h index 3cc2d0f5f..c41af0077 100644 --- a/scripts/fuzz/rfz_utils.h +++ b/scripts/fuzz/rfz_utils.h @@ -8,6 +8,7 @@ struct RTPPInitializeParams { const char *notify_socket; const char *rec_spool_dir; const char *rec_final_dir; + const char *artifact_prefix; const char *modules[]; }; diff --git a/src/rtpp_refcnt.c b/src/rtpp_refcnt.c index 6a2c645d0..a815eacdb 100644 --- a/src/rtpp_refcnt.c +++ b/src/rtpp_refcnt.c @@ -80,6 +80,8 @@ struct rtpp_refcnt_priv int flags; }; const size_t rtpp_refcnt_osize = sizeof(struct rtpp_refcnt_priv); +FILE *rtpp_refcnt_tracefile = NULL; +#define TRFD ((rtpp_refcnt_tracefile == NULL) ? stderr : rtpp_refcnt_tracefile) static void rtpp_refcnt_attach(struct rtpp_refcnt *, rtpp_refcnt_dtor_t, void *); @@ -185,7 +187,8 @@ rtpp_refcnt_incref(struct rtpp_refcnt *pub, HERETYPE mlp) free(dbuf); } #else - fprintf(stderr, CODEPTR_FMT(": rtpp_refcnt(%p, %u).incref()\n", mlp, pub, oldcnt)); + fprintf(TRFD, CODEPTR_FMT(": rtpp_refcnt(%p, %u).incref()\n", mlp, pub, oldcnt)); + fflush(TRFD); #endif } #endif @@ -223,7 +226,8 @@ rtpp_refcnt_decref(struct rtpp_refcnt *pub, HERETYPE mlp) free(dbuf); } #else - fprintf(stderr, CODEPTR_FMT(": rtpp_refcnt(%p, %u).decref()\n", mlp, pub, oldcnt)); + fprintf(TRFD, CODEPTR_FMT(": rtpp_refcnt(%p, %u).decref()\n", mlp, pub, oldcnt)); + fflush(TRFD); #endif } #endif diff --git a/src/rtpp_refcnt.h b/src/rtpp_refcnt.h index 6af22a458..2f9b7fad3 100644 --- a/src/rtpp_refcnt.h +++ b/src/rtpp_refcnt.h @@ -31,6 +31,14 @@ struct rtpp_codeptr; typedef void (*rtpp_refcnt_dtor_t)(void *); +#if defined(__FreeBSD__) +struct __sFILE; +typedef struct __sFILE FILE; +#else +struct _IO_FILE; +typedef struct _IO_FILE FILE; +#endif + DECLARE_CLASS(rtpp_refcnt, void *, rtpp_refcnt_dtor_t); DECLARE_METHOD(rtpp_refcnt, refcnt_incref, void, const struct rtpp_codeptr *); @@ -63,6 +71,7 @@ struct rtpp_refcnt }; extern const size_t rtpp_refcnt_osize; +extern FILE *rtpp_refcnt_tracefile; rtpp_refcnt_rot *rtpp_refcnt_ctor_pa(void *); #define _GET_ARG_3(_1, _2, _3, ...) _3