t_fuzzer_oom.sh revision 1.2
1 # Copyright (c) 2018 The NetBSD Foundation, Inc. 2 # All rights reserved. 3 # 4 # This code is derived from software contributed to The NetBSD Foundation 5 # by Yang Zheng. 6 # 7 # Redistribution and use in source and binary forms, with or without 8 # modification, are permitted provided that the following conditions 9 # are met: 10 # 1. Redistributions of source code must retain the above copyright 11 # notice, this list of conditions and the following disclaimer. 12 # 2. Redistributions in binary form must reproduce the above copyright 13 # notice, this list of conditions and the following disclaimer in the 14 # documentation and/or other materials provided with the distribution. 15 # 16 # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 # POSSIBILITY OF SUCH DAMAGE. 27 # 28 29 test_target() 30 { 31 SUPPORT='n' 32 if uname -m | grep -q "amd64" && command -v c++ >/dev/null 2>&1 && \ 33 ! echo __clang__ | c++ -E - | grep -q __clang__; then 34 # only clang with major version newer than 7 is supported 35 CLANG_MAJOR=`echo __clang_major__ | c++ -E - | grep -o '^[[:digit:]]'` 36 if [ "$CLANG_MAJOR" -ge "7" ]; then 37 SUPPORT='y' 38 fi 39 fi 40 } 41 42 atf_test_case oom 43 oom_head() { 44 atf_set "descr" "Test thread sanitizer for out-of-memory condition" 45 atf_set "require.progs" "c++ paxctl" 46 } 47 48 atf_test_case oom_profile 49 oom_profile_head() { 50 atf_set "descr" "Test thread sanitizer for out-of-memory with profiling option" 51 atf_set "require.progs" "c++ paxctl" 52 } 53 atf_test_case oom_pic 54 oom_pic_head() { 55 atf_set "descr" "Test thread sanitizer for out-of-memory with position independent code (PIC) flag" 56 atf_set "require.progs" "c++ paxctl" 57 } 58 atf_test_case oom_pie 59 oom_pie_head() { 60 atf_set "descr" "Test thread sanitizer for out-of-memory with position independent execution (PIE) flag" 61 atf_set "require.progs" "c++ paxctl" 62 } 63 64 oom_body(){ 65 cat > test.cc << EOF 66 #include <stddef.h> 67 #include <stdint.h> 68 #include <stdlib.h> 69 70 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 71 if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 72 return 0; 73 } 74 EOF 75 76 c++ -fsanitize=fuzzer -o test test.cc 77 paxctl +a test 78 atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 79 } 80 81 oom_profile_body(){ 82 cat > test.cc << EOF 83 #include <stddef.h> 84 #include <stdint.h> 85 #include <stdlib.h> 86 87 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 88 if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 89 return 0; 90 } 91 EOF 92 93 c++ -fsanitize=fuzzer -o test -pg test.cc 94 paxctl +a test 95 atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 96 } 97 98 oom_pic_body(){ 99 cat > test.cc << EOF 100 #include <stddef.h> 101 #include <stdint.h> 102 int help(const uint8_t *data, size_t size); 103 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 104 return help(data, size); 105 } 106 EOF 107 108 cat > pic.cc << EOF 109 #include <stddef.h> 110 #include <stdint.h> 111 #include <stdlib.h> 112 113 int help(const uint8_t *data, size_t size) { 114 if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 115 return 0; 116 } 117 EOF 118 119 c++ -fsanitize=fuzzer -fPIC -shared -o libtest.so pic.cc 120 c++ -o test test.cc -fsanitize=fuzzer -L. -ltest 121 paxctl +a test 122 123 export LD_LIBRARY_PATH=. 124 atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 125 } 126 oom_pie_body(){ 127 128 #check whether -pie flag is supported on this architecture 129 if ! c++ -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then 130 atf_set_skip "c++ -pie not supported on this architecture" 131 fi 132 cat > test.cc << EOF 133 #include <stddef.h> 134 #include <stdint.h> 135 #include <stdlib.h> 136 137 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 138 if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024); 139 return 0; 140 } 141 EOF 142 143 c++ -fsanitize=fuzzer -o test -fpie -pie test.cc 144 paxctl +a test 145 atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30 146 } 147 148 149 atf_test_case target_not_supported 150 target_not_supported_head() 151 { 152 atf_set "descr" "Test forced skip" 153 } 154 155 target_not_supported_body() 156 { 157 atf_skip "Target is not supported" 158 } 159 160 atf_init_test_cases() 161 { 162 test_target 163 test $SUPPORT = 'n' && { 164 atf_add_test_case target_not_supported 165 return 0 166 } 167 atf_add_test_case oom 168 atf_add_test_case oom_profile 169 atf_add_test_case oom_pie 170 atf_add_test_case oom_pic 171 } 172
Indexes created Mon Sep 22 05:09:51 GMT 2025