1 1.1 kamil # Copyright (c) 2018 The NetBSD Foundation, Inc. 2 1.1 kamil # All rights reserved. 3 1.1 kamil # 4 1.1 kamil # This code is derived from software contributed to The NetBSD Foundation 5 1.1 kamil # by Yang Zheng. 6 1.1 kamil # 7 1.1 kamil # Redistribution and use in source and binary forms, with or without 8 1.1 kamil # modification, are permitted provided that the following conditions 9 1.1 kamil # are met: 10 1.1 kamil # 1. Redistributions of source code must retain the above copyright 11 1.1 kamil # notice, this list of conditions and the following disclaimer. 12 1.1 kamil # 2. Redistributions in binary form must reproduce the above copyright 13 1.1 kamil # notice, this list of conditions and the following disclaimer in the 14 1.1 kamil # documentation and/or other materials provided with the distribution. 15 1.1 kamil # 16 1.1 kamil # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 1.1 kamil # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 1.1 kamil # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 1.1 kamil # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 1.1 kamil # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 1.1 kamil # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 1.1 kamil # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 1.1 kamil # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 1.1 kamil # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 1.1 kamil # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 1.1 kamil # POSSIBILITY OF SUCH DAMAGE. 27 1.1 kamil # 28 1.1 kamil 29 1.1 kamil test_target() 30 1.1 kamil { 31 1.1 kamil SUPPORT='n' 32 1.1 kamil if uname -m | grep -q "amd64" && command -v c++ >/dev/null 2>&1 && \ 33 1.1 kamil ! echo __clang__ | c++ -E - | grep -q __clang__; then 34 1.1 kamil # only clang with major version newer than 7 is supported 35 1.1 kamil CLANG_MAJOR=`echo __clang_major__ | c++ -E - | grep -o '^[[:digit:]]'` 36 1.1 kamil if [ "$CLANG_MAJOR" -ge "7" ]; then 37 1.1 kamil SUPPORT='y' 38 1.1 kamil fi 39 1.1 kamil fi 40 1.1 kamil } 41 1.1 kamil 42 1.1 kamil atf_test_case oom 43 1.1 kamil oom_head() { 44 1.1 kamil atf_set "descr" "Test thread sanitizer for out-of-memory condition" 45 1.1 kamil atf_set "require.progs" "c++ paxctl" 46 1.1 kamil } 47 1.1 kamil 48 1.1 kamil atf_test_case oom_profile 49 1.1 kamil oom_profile_head() { 50 1.1 kamil atf_set "descr" "Test thread sanitizer for out-of-memory with profiling option" 51 1.1 kamil atf_set "require.progs" "c++ paxctl" 52 1.1 kamil } 53 1.1 kamil atf_test_case oom_pic 54 1.1 kamil oom_pic_head() { 55 1.1 kamil atf_set "descr" "Test thread sanitizer for out-of-memory with position independent code (PIC) flag" 56 1.1 kamil atf_set "require.progs" "c++ paxctl" 57 1.1 kamil } 58 1.1 kamil atf_test_case oom_pie 59 1.1 kamil oom_pie_head() { 60 1.1 kamil atf_set "descr" "Test thread sanitizer for out-of-memory with position independent execution (PIE) flag" 61 1.1 kamil atf_set "require.progs" "c++ paxctl" 62 1.1 kamil } 63 1.1 kamil 64 1.1 kamil oom_body(){ 65 1.1 kamil cat > test.cc << EOF 66 1.1 kamil #include <stddef.h> 67 1.1 kamil #include <stdint.h> 68 1.1 kamil #include <stdlib.h> 69 1.1 kamil 70 1.1 kamil extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 71 1.1 kamil if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 72 1.1 kamil return 0; 73 1.1 kamil } 74 1.1 kamil EOF 75 1.1 kamil 76 1.1 kamil c++ -fsanitize=fuzzer -o test test.cc 77 1.1 kamil paxctl +a test 78 1.1 kamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 79 1.1 kamil } 80 1.1 kamil 81 1.1 kamil oom_profile_body(){ 82 1.1 kamil cat > test.cc << EOF 83 1.1 kamil #include <stddef.h> 84 1.1 kamil #include <stdint.h> 85 1.1 kamil #include <stdlib.h> 86 1.1 kamil 87 1.1 kamil extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 88 1.1 kamil if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 89 1.1 kamil return 0; 90 1.1 kamil } 91 1.1 kamil EOF 92 1.1 kamil 93 1.4 skrll c++ -fsanitize=fuzzer -static -o test -pg test.cc 94 1.1 kamil paxctl +a test 95 1.1 kamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 96 1.1 kamil } 97 1.1 kamil 98 1.1 kamil oom_pic_body(){ 99 1.1 kamil cat > test.cc << EOF 100 1.1 kamil #include <stddef.h> 101 1.1 kamil #include <stdint.h> 102 1.1 kamil int help(const uint8_t *data, size_t size); 103 1.1 kamil extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 104 1.1 kamil return help(data, size); 105 1.1 kamil } 106 1.1 kamil EOF 107 1.1 kamil 108 1.1 kamil cat > pic.cc << EOF 109 1.1 kamil #include <stddef.h> 110 1.1 kamil #include <stdint.h> 111 1.1 kamil #include <stdlib.h> 112 1.1 kamil 113 1.1 kamil int help(const uint8_t *data, size_t size) { 114 1.1 kamil if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 115 1.1 kamil return 0; 116 1.1 kamil } 117 1.1 kamil EOF 118 1.1 kamil 119 1.1 kamil c++ -fsanitize=fuzzer -fPIC -shared -o libtest.so pic.cc 120 1.1 kamil c++ -o test test.cc -fsanitize=fuzzer -L. -ltest 121 1.1 kamil paxctl +a test 122 1.1 kamil 123 1.1 kamil export LD_LIBRARY_PATH=. 124 1.1 kamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 125 1.1 kamil } 126 1.1 kamil oom_pie_body(){ 127 1.3 skrll 128 1.1 kamil #check whether -pie flag is supported on this architecture 129 1.3 skrll if ! c++ -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then 130 1.1 kamil atf_set_skip "c++ -pie not supported on this architecture" 131 1.1 kamil fi 132 1.1 kamil cat > test.cc << EOF 133 1.1 kamil #include <stddef.h> 134 1.1 kamil #include <stdint.h> 135 1.1 kamil #include <stdlib.h> 136 1.1 kamil 137 1.1 kamil extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 138 1.1 kamil if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 139 1.1 kamil return 0; 140 1.1 kamil } 141 1.1 kamil EOF 142 1.1 kamil 143 1.1 kamil c++ -fsanitize=fuzzer -o test -fpie -pie test.cc 144 1.1 kamil paxctl +a test 145 1.1 kamil atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 146 1.1 kamil } 147 1.1 kamil 148 1.1 kamil 149 1.1 kamil atf_test_case target_not_supported 150 1.1 kamil target_not_supported_head() 151 1.1 kamil { 152 1.1 kamil atf_set "descr" "Test forced skip" 153 1.1 kamil } 154 1.1 kamil 155 1.2 kamil target_not_supported_body() 156 1.2 kamil { 157 1.2 kamil atf_skip "Target is not supported" 158 1.2 kamil } 159 1.2 kamil 160 1.1 kamil atf_init_test_cases() 161 1.1 kamil { 162 1.1 kamil test_target 163 1.1 kamil test $SUPPORT = 'n' && { 164 1.1 kamil atf_add_test_case target_not_supported 165 1.1 kamil return 0 166 1.1 kamil } 167 1.1 kamil atf_add_test_case oom 168 1.1 kamil atf_add_test_case oom_profile 169 1.1 kamil atf_add_test_case oom_pie 170 1.1 kamil atf_add_test_case oom_pic 171 1.1 kamil } 172
Indexes created Sat Sep 20 22:09:52 GMT 2025