yVyny�y�y�y�y�y�z�z*zBzZzqz�z�z�z�z�{�{�{/{G{_{v{�{�{�{�{�|�|�|5|M|e|}|�|�|�|�|�}�}$}<}T}l}�}�}�}�}�}�~�~-~E~]~u~�~�~�~�~���7Og��������)�A�Z�r�������Ԁ�����5�N�f������ȁ�����*�C�[�t�������ւ��� �9�Q�j�������̓�����0�H�a�z�����Ą݄����(�A�Z�r�������օ���!�:�S�l�������І�����4�M�g�������ˇ�����0�I�b�{�����Lj������,�F�_�x�����ĉމ����*�C�]�v�����܊����(�B�[�u�����ۋ����(�B�[�u�����܌����)�B�\�v�����Íݍ����+�D�^�x�����Ǝ������-�G�a�{�����ɏ�����1�K�e������ΐ�����6�P�k�������ӑ���"�<�W�q�������ڒ����)�D�^�x�����ȓ�����1�L�f�������Д��� �;�U�p�������ڕ����*�E�_�z�����ʖ�����5�P�k�������֗���'�B�]�w�����Ș�����4�O�j�������֙���'�B�^�y�����ʚ�����7�R�m�������ڛ����,�G�c�~�����М���"�=�Y�t�����Ɲ�����4�P�k�������ڞ����,�H�c������ҟ� �%�A�\�x�����ˠ�����:�V�r�����ơ�����5�Q�m�������ݢ����1�M�i�������٣����-�I�e�������֤���*�G�c������ԥ���)�E�a�~�����Ӧ���(�D�`�}�����ҧ���(�D�a�}�����Ө���)�E�b�~�����ԩ���*�G�d�������ת���-�J�g�������ګ����0�M�j�������ެ����5�R�o�����ƭ�����:�W�t�����̮���#�@�^�{�����ӯ�
97 | �*�H�e�������ڰ����2�P�m�����ű�����;�Y�v�����ϲ�
98 | �'�E�b�������ٳ����2�O�m�����ƴ�����=�[�y�����ҵ���,�I�g�������߶����9�W�u�����Ϸ����)�G�e�������ݸ����8�V�t�����ι����)�G�f�������ߺ����:�X�v�����ѻ���-�K�j�����ż��� �?�]�|�����ؽ����3�R�q�����;�
99 | �)�G�f�����¿������>�\�{�����������4�S�r���������
100 | �,�K�j¨�������$�C�bÁà���������<�[�{ĚĹ�������6�U�uŔų�������0�P�oƏƮ�������,�K�kNJǪ�������(�G�gȆȦ�������$�D�dɃɣ�������"�A�aʁʡ������� �@�_�˟˿�������?�^�~̞̾�������>�^�~͞;�������?�_�Οο����� �@�`πϠ�������!�B�bЂТ�������$�D�eхѥ�������'�G�h҈ҩ�����
101 | �+�L�lӍӭ�������0�P�qԒԲ�������5�V�wո�������;�\�}ֿ֞�����!�B�cׄץ�������)�J�k،ح�������1�R�sٔٵ�������:�[�|ڞڿ�����"�D�eۆۨ�������-�N�oܑܲ�������8�Y�{ݜݾ�����"�D�eއި�����
102 | �/�P�rߔߵ�������<�^���������(�J�l���������7�Y�z�������$�F�h���������4�V�x�������#�E�g���������4�V�y�������$�F�i���������7�Y�{��������(�J�m���������<�^���������.�Q�s�������!�D�f���������7�Z�}���������+�N�q������� �C�f���������8�[�~��������.�Q�t�������$�H�k���������?�b���������6�Z�}���������/�R�v���������'�K�o���������!�D�h�����������>�b�����������9�]�����������4�X�|���������0�T�x���������,�P�u���������)�M�r���������'�K�o���������%�I�m��������chrm��������������T{��L�������&f���\
--------------------------------------------------------------------------------
/demos/lcms/seeds_invalid/is3:
--------------------------------------------------------------------------------
1 | ��"8lcms����mntrRGB XYZ ������������acspAPPL������������������������������
--------------------------------------------------------------------------------
/demos/lcms/seeds_valid/s1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/lcms/seeds_valid/s1
--------------------------------------------------------------------------------
/demos/lcms/seeds_valid/s2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/lcms/seeds_valid/s2
--------------------------------------------------------------------------------
/demos/lcms/seeds_valid/s3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/lcms/seeds_valid/s3
--------------------------------------------------------------------------------
/demos/lcms/seeds_valid/s4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/lcms/seeds_valid/s4
--------------------------------------------------------------------------------
/demos/lcms/seeds_valid/s5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/lcms/seeds_valid/s5
--------------------------------------------------------------------------------
/demos/lcms/seeds_valid/s7:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/lcms/seeds_valid/s7
--------------------------------------------------------------------------------
/demos/lexbor/Makefile:
--------------------------------------------------------------------------------
1 | CC_FUZZ = afl-clang-fast
2 | CXX_FUZZ = afl-clang-fast++
3 | CFLAGS_ASAN = -fsanitize=address,undefined
4 | CXXFLAGS_ASAN = -fsanitize=address,undefined
5 |
6 | LIB_NAME = lib
7 | LIB_REPO = https://github.com/lexbor/lexbor
8 |
9 | DEPS = -I $(PWD)/$(LIB_NAME)/source/ \
10 | -I $(PWD)/$(LIB_NAME)/ \
11 | -L $(PWD)/$(LIB_NAME)/
12 |
13 | DEPS_DYN = -llexbor
14 | DEPS_STC = -l:liblexbor_static.a -lm
15 | DEPS_LDD = $(PWD)/$(LIB_NAME)/
16 |
17 | #------------------------------------------------------------------------
18 | lib: # build for harness generation. Dynamic linking, asan, and afl instrumentation
19 | export AFL_USE_ASAN=1
20 | export AFL_USE_UBSAN=1
21 | rm -rf $(LIB_NAME)
22 | git clone $(LIB_REPO) $(LIB_NAME)
23 | cd $(LIB_NAME) && \
24 | git checkout 6c219fe4ec9866067e9a635c5ad1b74cb617e154 && \
25 | cmake . \
26 | -DCMAKE_C_COMPILER=$(CC_FUZZ) -DCMAKE_CXX_COMPILER=$(CXX_FUZZ) -DCMAKE_EXPORT_COMPILE_COMMANDS=ON && \
27 | make all -j12
28 |
29 | lib_fuzz: # build for fuzzing. Static linking with afl instrumentation
30 | rm -rf $(LIB_NAME)_fuzz
31 | git clone $(LIB_REPO) $(LIB_NAME)_fuzz
32 | cd $(LIB_NAME)_fuzz && \
33 | git checkout 6c219fe4ec9866067e9a635c5ad1b74cb617e154 && \
34 | cmake . \
35 | -DCMAKE_C_COMPILER=$(CC_FUZZ) -DCMAKE_CXX_COMPILER=$(CXX_FUZZ) -DBUILD_SHARED_LIBS=OFF && \
36 | make all -j12
37 |
38 | run_mx: # Use Multiplier to index the library
39 | mx-index --db $(PWD)/$(LIB_NAME).db --target $(PWD)/$(LIB_NAME)/compile_commands.json --workspace $(PWD)/mx
40 |
41 | #------------------------------------------------------------------------
42 | all: lib lib_fuzz run_mx
43 |
44 | #------------------------------------------------------------------------
45 | harness: # make command used to make the harness during generation
46 | $(CC_FUZZ) -o $(OUT)/harness.out $(OUT)/harness.c $(DEPS) $(DEPS_DYN) $(CFLAGS_ASAN)
47 |
48 | showmap: # command used to get coverage information about library under test
49 | LD_LIBRARY_PATH=$(DEPS_LDD) afl-showmap -o $(OUT)/tempfile -- $(OUT)/harness.out $(SEED)
50 |
51 | harness_fuzz: # compile a harness specifically for fuzzing. Pass the harness number using make harness_fuzz HARNESS_NUMBER=x
52 | @ls bin || mkdir bin
53 | $(eval LIB_NAME=lib_fuzz) \
54 | $(CC_FUZZ) -o bin/ogharn$(HARNESS_NUMBER)\_fuzz $(OUT)/final-harnesses/src/harness$(HARNESS_NUMBER):*.c -static $(DEPS) $(DEPS_STC) ;
55 |
56 | clean:
57 | rm -rf bin mx lib.db-*
58 |
59 | clean_lib:
60 | rm -rf $(LIB_NAME)*
--------------------------------------------------------------------------------
/demos/lexbor/run_ogharn.sh:
--------------------------------------------------------------------------------
1 | ogharn.py -i $PWD -o $PWD/out -n 3 --m $PWD/lib.db -h lexbor/html/interfaces/document.h -r b -d -f
--------------------------------------------------------------------------------
/demos/lexbor/seeds_invalid/empty:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/lexbor/seeds_invalid/empty
--------------------------------------------------------------------------------
/demos/lexbor/seeds_invalid/s6.html:
--------------------------------------------------------------------------------
1 |
3 |
4 | Postfix manual - canonical(5)
7 |
8 | CANONICAL(5) CANONICAL(5)
9 |
10 | NAME
11 | canonical - Postfix canonical table format
12 |
13 | SYNOPSIS
14 | postmap /etc/postfix/canonical
15 |
16 | postmap -q " string " /etc/postfix/canonical
17 |
18 | postmap -q - /etc/postfix/canonical <inputfile
19 |
20 | DESCRIPTION
21 | The optional canonical (5)cleanup (8)canonical (5)postmap (1)dbm or db format, is used for fast searching by the mail system.
29 | Execute the command "postmap /etc/postfix/canonical " to rebuild an
30 | indexed file after changing the corresponding text file.
31 |
32 | When the table is provided via other means such as NIS, LDAP or SQL,
33 | the same lookups are done as for ordinary indexed files.
34 |
35 | Alternatively, the table can be provided as a regular-expression map
36 | where patterns are given as regular expressions, or lookups can be
37 | directed to a TCP-based server. In those cases, the lookups are done in
38 | a slightly different way as described below under "REGULAR EXPRESSION
39 | TABLES" or "TCP-BASED TABLES".
40 |
41 | By default the canonical (5)canonical_classes local_header_re -
49 | write_clients parameter, or if the remote_header_rewrite_domain config-
50 | uration parameter specifies a non-empty value. To get the behavior
51 | before Postfix 2.2, specify "local_header_rewrite_clients =
52 | static :all".
53 |
54 | Typically, one would use the canonical (5)Firstname.Lastname , or to clean up addresses produced by legacy mail
56 | systems.
57 |
58 | The canonical (5)virtual alias sup-
59 | port or with local aliasing . To change the destination but not the
60 | headers, use the virtual (5)aliases (5)CASE FOLDING
63 | The search string is folded to lowercase before database lookup. As of
64 | Postfix 2.3, the search string is not case folded with database types
65 | such as regexp : or pcre : whose lookup fields can match both upper and
66 | lower case.
67 |
68 | TABLE FORMAT
69 | The input format for the postmap (1)pattern address
72 | When pattern matches a mail address, replace it by the corre-
73 | sponding address .
74 |
75 | blank lines and comments
76 | Empty lines and whitespace-only lines are ignored, as are lines
77 | whose first non-whitespace character is a `#'.
78 |
79 | multi-line text
80 | A logical line starts with non-whitespace text. A line that
81 | starts with whitespace continues a logical line.
82 |
83 | TABLE SEARCH ORDER
84 | With lookups from indexed files such as DB or DBM, or from networked
85 | tables such as NIS, LDAP or SQL, each user @domain query produces a
86 | sequence of query patterns as described below.
87 |
88 | Each query pattern is sent to each specified lookup table before trying
89 | the next query pattern, until a match is found.
90 |
91 | user @domain address
92 | Replace user @domain by address . This form has the highest prece-
93 | dence.
94 |
95 | This is useful to clean up addresses produced by legacy mail
96 | systems. It can also be used to produce Firstname.Lastname
97 | style addresses, but see below for a simpler solution.
98 |
99 | user address
100 | Replace user @site by address when site is equal to $myorigin site is listed in $mydestination inet_interfaces proxy_interfaces Firstname.Last-
105 | name .
106 |
107 | @domain address
108 | Replace other addresses in domain by address . This form has the
109 | lowest precedence.
110 |
111 | Note: @domain is a wild-card. When this form is applied to
112 | recipient addresses, the Postfix SMTP server accepts mail for
113 | any recipient in domain , regardless of whether that recipient
114 | exists. This may turn your mail system into a backscatter
115 | source: Postfix first accepts mail for non-existent recipients
116 | and then tries to return that mail as "undeliverable" to the
117 | often forged sender address.
118 |
119 | To avoid backscatter with mail for a wild-card domain, replace
120 | the wild-card mapping with explicit 1:1 mappings, or add a
121 | reject_unverified_recipient restriction for that domain:
122 |
123 | smtpd_recipient_restrictions =
124 | ...
125 | reject_unauth_destination
126 | check_recipient_access
127 | inline :{example.com=reject_unverified_recipient }
128 | unverified_recipient_reject_code = 550
129 |
130 | In the above example, Postfix may contact a remote server if the
131 | recipient is rewritten to a remote address.
132 |
133 | RESULT ADDRESS REWRITING
134 | The lookup result is subject to address rewriting:
135 |
136 | o When the result has the form @otherdomain , the result becomes
137 | the same user in otherdomain .
138 |
139 | o When "append_at_myorigin =yes@$myorigin " to addresses
140 | without "@domain".
141 |
142 | o When "append_dot_mydomain =yes.$mydomain " to addresses
143 | without ".domain".
144 |
145 | ADDRESS EXTENSION
146 | When a mail address localpart contains the optional recipient delimiter
147 | (e.g., user+foo @domain ), the lookup order becomes: user+foo @domain ,
148 | user @domain , user+foo , user , and @domain .
149 |
150 | The propagate_unmatched_extensions +foo ) is propagated to the result of table
152 | lookup.
153 |
154 | REGULAR EXPRESSION TABLES
155 | This section describes how the table lookups change when the table is
156 | given in the form of regular expressions. For a description of regular
157 | expression lookup table syntax, see regexp_table (5)pcre_table (5)user@domain mail addresses are not bro-
161 | ken up into their user and @domain constituent parts, nor is user+foo
162 | broken up into user and foo .
163 |
164 | Patterns are applied in the order as specified in the table, until a
165 | pattern is found that matches the search string.
166 |
167 | Results are the same as with indexed file lookups, with the additional
168 | feature that parenthesized substrings from the pattern can be interpo-
169 | lated as $1 , $2 and so on.
170 |
171 | TCP-BASED TABLES
172 | This section describes how the table lookups change when lookups are
173 | directed to a TCP-based server. For a description of the TCP
174 | client/server lookup protocol, see tcp_table (5)user@domain
178 | mail addresses are not broken up into their user and @domain con-
179 | stituent parts, nor is user+foo broken up into user and foo .
180 |
181 | Results are the same as with indexed file lookups.
182 |
183 | BUGS
184 | The table format does not understand quoting conventions.
185 |
186 | CONFIGURATION PARAMETERS
187 | The following main.cf postconf (5)canonical_classes (envelope_sender, envelope_recipient, header_sender,header_recipient)
193 | What addresses are subject to canonical_maps address mapping.
194 |
195 | canonical_maps (empty)recipient_canonical_maps (empty)sender_canonical_maps (empty)propagate_unmatched_extensions (canonical, virtual)inet_interfaces (all)local_header_rewrite_clients (permit_inet_interfaces )myorigin or
220 | $mydomain ; either don't rewrite message headers from other
221 | clients at all, or rewrite message headers and update incomplete
222 | addresses with the domain specified in the remote_header_re -
223 | write_domain parameter.
224 |
225 | proxy_interfaces (empty)masquerade_classes (envelope_sender, header_sender, header_recipient)masquerade_domains (empty)masquerade_exceptions (empty)masquer -
239 | ade_domains .
240 |
241 | mydestination ($myhostname , localhost.$mydomain , localhost)local_transport
243 | mail delivery transport.
244 |
245 | myorigin ($myhostname )owner_request_special (yes)listname entries in the
251 | aliases (5)listname and list-
252 | name -request address localparts when the recipient_delimiter is
253 | set to "-".
254 |
255 | remote_header_rewrite_domain (empty)SEE ALSO
261 | cleanup(8) , canonicalize and enqueue mail
262 | postmap(1) , Postfix lookup table manager
263 | postconf(5) , configuration parameters
264 | virtual(5) , virtual aliasing
265 |
266 | README FILES
267 | DATABASE_README , Postfix lookup table overview
268 | ADDRESS_REWRITING_README , address rewriting guide
269 |
270 | LICENSE
271 | The Secure Mailer license must be distributed with this software.
272 |
273 | AUTHOR(S)
274 | Wietse Venema
275 | IBM T.J. Watson Research
276 | P.O. Box 704
277 | Yorktown Heights, NY 10598, USA
278 |
279 | Wietse Venema
280 | Google, Inc.
281 | 111 8th Avenue
282 | New York, NY 10011, USA
283 |
284 | CANONICAL(5)
285 |
286 |
--------------------------------------------------------------------------------
/demos/lexbor/seeds_invalid/single:
--------------------------------------------------------------------------------
1 | S
--------------------------------------------------------------------------------
/demos/lexbor/seeds_valid/s1.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | My First Heading
6 | My first paragraph.
7 |
8 |
9 |
--------------------------------------------------------------------------------
/demos/magic/Makefile:
--------------------------------------------------------------------------------
1 | CC_FUZZ = afl-clang-fast
2 | CXX_FUZZ = afl-clang-fast++
3 | CFLAGS_ASAN = -fsanitize=address,undefined
4 | CXXFLAGS_ASAN = -fsanitize=address,undefined
5 |
6 | LIB_NAME = lib
7 | LIB_REPO = https://github.com/file/file.git
8 |
9 | DEPS = -I $(PWD)/$(LIB_NAME)/src/ \
10 | -L $(PWD)/$(LIB_NAME)/src/.libs
11 |
12 | DEPS_DYN = -l magic
13 | DEPS_STC = -l:libmagic.a -llzma -lbz2 -lz -lzstd
14 | DEPS_LDD = $(PWD)/$(LIB_NAME)/src/.libs/
15 |
16 | #------------------------------------------------------------------------
17 | lib: # build for harness generation. Dynamic linking, asan, and afl instrumentation
18 | export AFL_USE_ASAN=1
19 | export AFL_USE_UBSAN=1
20 | rm -rf $(LIB_NAME)
21 | git clone $(LIB_REPO) $(LIB_NAME)
22 | cd $(LIB_NAME) && \
23 | git checkout 0fa2c8c3e64c372d038d46969bafaaa09a13a87b && \
24 | autoreconf -i && ./configure \
25 | CC=$(CC_FUZZ) CXX=$(CC_FUZZ) --enable-static && \
26 | make all -j12
27 |
28 | lib_plain: # Build for indexing with multiplier
29 | export AFL_USE_ASAN=1
30 | export AFL_USE_UBSAN=1
31 | rm -rf $(LIB_NAME)_plain
32 | git clone $(LIB_REPO) $(LIB_NAME)_plain
33 | cd $(LIB_NAME)_plain && \
34 | git checkout 0fa2c8c3e64c372d038d46969bafaaa09a13a87b && \
35 | autoreconf -i && ./configure \
36 | CC=$(CC) CXX=$(CXX) && \
37 | bear -- make all -j12
38 |
39 | lib_fuzz: # build for fuzzing. Static linking with afl instrumentation
40 | rm -rf $(LIB_NAME)_fuzz
41 | git clone $(LIB_REPO) $(LIB_NAME)_fuzz
42 | cd $(LIB_NAME)_fuzz && \
43 | git checkout 0fa2c8c3e64c372d038d46969bafaaa09a13a87b && \
44 | autoreconf -i && ./configure \
45 | CC=$(CC_FUZZ) CXX=$(CXX_FUZZ) --enable-static && \
46 | make all -j12
47 |
48 | run_mx:
49 | mx-index --db $(PWD)/$(LIB_NAME).db --target $(PWD)/$(LIB_NAME)_plain/compile_commands.json --workspace $(PWD)/mx
50 |
51 | #------------------------------------------------------------------------
52 | all: lib lib_plain lib_fuzz run_mx
53 |
54 | #------------------------------------------------------------------------
55 | harness: # make command used to make the harness during generation
56 | $(CC_FUZZ) -o $(OUT)/harness.out $(OUT)/harness.c $(DEPS) $(DEPS_DYN) $(CFLAGS_ASAN)
57 |
58 | showmap: # command used to get coverage information about library under test
59 | LD_LIBRARY_PATH=$(DEPS_LDD) MAGIC=$(PWD)lib/magic/magic.mgc afl-showmap -o $(OUT)/tempfile -- $(OUT)/harness.out $(SEED)
60 |
61 | harness_fuzz: # compile a harness specifically for fuzzing. Pass the harness number using make harness_fuzz HARNESS_NUMBER=x
62 | @ls bin || mkdir bin
63 | $(eval LIB_NAME=lib_fuzz) \
64 | $(CC_FUZZ) -o bin/ogharn$(HARNESS_NUMBER)\_fuzz $(OUT)/final-harnesses/src/harness$(HARNESS_NUMBER):*.c -static $(DEPS) $(DEPS_STC) ;
65 |
66 | clean:
67 | rm -rf bin mx lib.db-*
68 |
69 | clean_lib:
70 | rm -rf $(LIB_NAME)*
--------------------------------------------------------------------------------
/demos/magic/config.yaml:
--------------------------------------------------------------------------------
1 | blacklist:
2 |
3 | preamble_func: magic_load
4 |
5 | arg_keys:
6 | magic_load:
7 | - {"index": 1, "value": "NULL"}
8 | magic_open:
9 | - {"index": 0, "value": "MAGIC_NONE"}
--------------------------------------------------------------------------------
/demos/magic/run_ogharn.sh:
--------------------------------------------------------------------------------
1 | ogharn.py -i $PWD -o $PWD/out -n 3 --m $PWD/lib.db -h magic.h file.h -r b -d -f -as -c $PWD/config.yaml
--------------------------------------------------------------------------------
/demos/magic/seeds_invalid/is1:
--------------------------------------------------------------------------------
1 | G
2 | �
3 | ���
4 | IHDR��� ��� �����D�������tEXtSoftware�Adobe ImageReadyq�e<����PLTEf��������3�f���>L�����aIDATx�ܓ1�� �������4� �:aa�7��$��D�D��n�
5 | G���ূo��ϺT�!0�o��V�<�zM L��0�DH�D"LC�8��՛Ql��&\����f�5��˚����IEND�B`�
--------------------------------------------------------------------------------
/demos/magic/seeds_invalid/is3:
--------------------------------------------------------------------------------
1 | *
--------------------------------------------------------------------------------
/demos/magic/seeds_valid/s1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/magic/seeds_valid/s1
--------------------------------------------------------------------------------
/demos/magic/seeds_valid/s2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/magic/seeds_valid/s2
--------------------------------------------------------------------------------
/demos/magic/seeds_valid/s3:
--------------------------------------------------------------------------------
1 | create table t1(one smallint);
2 | insert into t1 values(1);
3 | select * from t1;
4 |
--------------------------------------------------------------------------------
/demos/magic/seeds_valid/s4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/magic/seeds_valid/s4
--------------------------------------------------------------------------------
/demos/magic/seeds_valid/s5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/magic/seeds_valid/s5
--------------------------------------------------------------------------------
/demos/openexr/Makefile:
--------------------------------------------------------------------------------
1 | CC_FUZZ = afl-clang-fast
2 | CXX_FUZZ = afl-clang-fast++
3 | CFLAGS_ASAN = -fsanitize=address,undefined
4 | CXXFLAGS_ASAN = -fsanitize=address,undefined
5 |
6 | LIB_NAME = lib
7 | LIB_REPO = https://github.com/AcademySoftwareFoundation/openexr
8 |
9 | DEPS = -I $(PWD)/$(LIB_NAME)/src/lib/OpenEXR \
10 | -I $(PWD)/$(LIB_NAME)/src/lib/OpenEXRUtil/ \
11 | -I $(PWD)/$(LIB_NAME)/cmake \
12 | -L $(PWD)/$(LIB_NAME)/src/lib/OpenEXR/ \
13 | -L $(PWD)/$(LIB_NAME)/src/lib/IlmThread/ \
14 | -L $(PWD)/$(LIB_NAME)/src/lib/Iex/ \
15 | -L $(PWD)/$(LIB_NAME)/_deps/imath-build/src/Imath \
16 | -L $(PWD)/$(LIB_NAME)/src/lib/OpenEXRCore/ \
17 | -L $(PWD)/$(LIB_NAME)/src/lib/OpenEXRUtil/
18 |
19 | DEPS_DYN = -lOpenEXR -lOpenEXRUtil
20 | DEPS_STC = -l:libOpenEXRUtil-3_3.a -l:libOpenEXR-3_3.a -l:libOpenEXRCore-3_3.a -l:libIex-3_3.a -l:libIlmThread-3_3.a -l:libImath-3_2.a -lstdc++ -lm -ldeflate
21 | DEPS_LDD = $(PWD)/$(LIB_NAME)/src/lib/OpenEXR:$(PWD)/$(LIB_NAME)/src/lib/OpenEXRUtil/:$(PWD)/$(LIB_NAME)/src/lib/OpenEXRCore/
22 |
23 | #------------------------------------------------------------------------
24 | lib: # build for harness generation. Dynamic linking, asan, and afl instrumentation
25 | export AFL_USE_ASAN=1
26 | export AFL_USE_UBSAN=1
27 | rm -rf $(LIB_NAME)
28 | git clone $(LIB_REPO) $(LIB_NAME)
29 | cd $(LIB_NAME) && \
30 | git checkout d669510fda59ac26dc183e8bc271208c0eb737ad && \
31 | cmake . \
32 | -DCMAKE_C_COMPILER=$(CC_FUZZ) -DCMAKE_CXX_COMPILER=$(CXX_FUZZ) -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DBUILD_TESTING=OFF \
33 | BUILD_TESTING=OFF && \
34 | make all -j12
35 |
36 | lib_fuzz: # build for fuzzing. Static linking with afl instrumentation
37 | rm -rf $(LIB_NAME)_fuzz
38 | git clone $(LIB_REPO) $(LIB_NAME)_fuzz
39 | cd $(LIB_NAME)_fuzz && \
40 | git checkout d669510fda59ac26dc183e8bc271208c0eb737ad && \
41 | cmake . \
42 | -DCMAKE_C_COMPILER=$(CC_FUZZ) -DCMAKE_CXX_COMPILER=$(CXX_FUZZ) -DBUILD_SHARED_LIBS=OFF -DBUILD_TESTING=OFF && \
43 | make all -j12
44 |
45 | run_mx: # Use Multiplier to index the library
46 | mx-index --db $(PWD)/$(LIB_NAME).db --target $(PWD)/$(LIB_NAME)/compile_commands.json --workspace $(PWD)/mx
47 |
48 | #------------------------------------------------------------------------
49 | all: lib lib_fuzz run_mx
50 |
51 | #------------------------------------------------------------------------
52 | harness: # make command used to make the harness during generation
53 | $(CC_FUZZ) -o $(OUT)/harness.out $(OUT)/harness.c $(DEPS) $(DEPS_DYN) $(CFLAGS_ASAN)
54 |
55 | showmap: # command used to get coverage information about library under test
56 | LD_LIBRARY_PATH=$(DEPS_LDD) afl-showmap -o $(OUT)/tempfile -- $(OUT)/harness.out $(SEED)
57 |
58 | harness_fuzz: # compile a harness specifically for fuzzing. Pass the harness number using make harness_fuzz HARNESS_NUMBER=x
59 | @ls bin || mkdir bin
60 | $(eval LIB_NAME=lib_fuzz) \
61 | $(CC_FUZZ) -o bin/ogharn$(HARNESS_NUMBER)\_fuzz $(OUT)/final-harnesses/src/harness$(HARNESS_NUMBER):*.c -static $(DEPS) $(DEPS_STC) ;
62 |
63 | clean:
64 | rm -rf bin mx lib.db-*
65 |
66 | clean_lib:
67 | rm -rf $(LIB_NAME)*
--------------------------------------------------------------------------------
/demos/openexr/run_ogharn.sh:
--------------------------------------------------------------------------------
1 | ogharn.py -i $PWD -o $PWD/out -n 3 --m $PWD/lib.db -h ImfCRgbaFile.h -r f -d -f -as
--------------------------------------------------------------------------------
/demos/openexr/seeds_invalid/empty:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/openexr/seeds_invalid/empty
--------------------------------------------------------------------------------
/demos/openexr/seeds_invalid/single:
--------------------------------------------------------------------------------
1 | S
--------------------------------------------------------------------------------
/demos/openexr/seeds_valid/s1.exr:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/openexr/seeds_valid/s1.exr
--------------------------------------------------------------------------------
/demos/openexr/seeds_valid/s2.exr:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/openexr/seeds_valid/s2.exr
--------------------------------------------------------------------------------
/demos/openexr/seeds_valid/s3.exr:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/openexr/seeds_valid/s3.exr
--------------------------------------------------------------------------------
/demos/openexr/seeds_valid/s4.exr:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/openexr/seeds_valid/s4.exr
--------------------------------------------------------------------------------
/demos/pcap/Makefile:
--------------------------------------------------------------------------------
1 | CC_FUZZ = afl-clang-fast
2 | CXX_FUZZ = afl-clang-fast++
3 | CFLAGS_ASAN = -fsanitize=address,undefined
4 | CXXFLAGS_ASAN = -fsanitize=address,undefined
5 |
6 | LIB_NAME = lib
7 | LIB_REPO = https://github.com/the-tcpdump-group/libpcap.git
8 |
9 | DEPS = -I $(PWD)/$(LIB_NAME)/ \
10 | -L $(PWD)/$(LIB_NAME)/ \
11 | -L $(PWD)/$(LIB_NAME)/systemd/build
12 |
13 | DEPS_DYN = -lpcap -ldbus-1 -libverbs -lnl-3 -lnl-genl-3 -lnl-route-3 -lnl-genl-3
14 | DEPS_STC = -l:libpcap.a -ldbus-1 -l:libsystemd.a -libverbs -lnl-3 -lnl-genl-3 -lnl-route-3 -lcap -lnl-genl-3
15 | DEPS_LDD = $(PWD)/$(LIB_NAME)/
16 |
17 | #------------------------------------------------------------------------
18 | lib: # build for harness generation. Dynamic linking, asan, and afl instrumentation
19 | export AFL_USE_ASAN=1
20 | export AFL_USE_UBSAN=1
21 | rm -rf $(LIB_NAME)
22 | git clone $(LIB_REPO) $(LIB_NAME)
23 | cd $(LIB_NAME) && \
24 | git checkout e17fe06d6a54abc85fb17998d0cb1742d490382a && \
25 | ./autogen.sh && ./configure \
26 | CC=$(CC_FUZZ) CXX=$(CC_FUZZ) && \
27 | make all -j12
28 |
29 | lib_plain: # build for indexing with multiplier
30 | export AFL_USE_ASAN=1
31 | export AFL_USE_UBSAN=1
32 | rm -rf $(LIB_NAME)_plain
33 | git clone $(LIB_REPO) $(LIB_NAME)_plain
34 | cd $(LIB_NAME)_plain && \
35 | git checkout e17fe06d6a54abc85fb17998d0cb1742d490382a && \
36 | ./autogen.sh && ./configure \
37 | CC=$(CC) CXX=$(CXX) && \
38 | bear -- make all -j12
39 |
40 | lib_fuzz: # build for fuzzing. Static linking with afl instrumentation
41 | rm -rf $(LIB_NAME)_fuzz
42 | git clone $(LIB_REPO) $(LIB_NAME)_fuzz
43 | cd $(LIB_NAME)_fuzz && \
44 | git checkout e17fe06d6a54abc85fb17998d0cb1742d490382a && \
45 | git clone https://github.com/systemd/systemd.git && \
46 | cd systemd && \
47 | meson build --buildtype=release -Dstatic-libsystemd=true && \
48 | cd build && ninja && cd ../.. && \
49 | ./autogen.sh && ./configure \
50 | CC=$(CC_FUZZ) CXX=$(CXX_FUZZ) --enable-static && \
51 | make all -j12
52 |
53 | run_mx: # Use Multiplier to index the library
54 | mx-index --db $(PWD)/$(LIB_NAME).db --target $(PWD)/$(LIB_NAME)_plain/compile_commands.json --workspace $(PWD)/mx
55 |
56 | #------------------------------------------------------------------------
57 | all: lib lib_plain lib_fuzz run_mx
58 |
59 | #------------------------------------------------------------------------
60 | harness: # make command used to make the harness during generation
61 | $(CC_FUZZ) -o $(OUT)/harness.out $(OUT)/harness.c $(DEPS) $(DEPS_DYN) $(CFLAGS_ASAN)
62 |
63 | showmap: # command used to get coverage information about library under test
64 | LD_LIBRARY_PATH=$(DEPS_LDD) afl-showmap -o $(OUT)/tempfile -- $(OUT)/harness.out $(SEED)
65 |
66 | harness_fuzz: # compile a harness specifically for fuzzing. Pass the harness number using make harness_fuzz HARNESS_NUMBER=x
67 | @ls bin || mkdir bin
68 | $(eval LIB_NAME=lib_fuzz) \
69 | $(CC_FUZZ) -o bin/ogharn$(HARNESS_NUMBER)\_fuzz $(OUT)/final-harnesses/src/harness$(HARNESS_NUMBER):*.c -static $(DEPS) $(DEPS_STC) ;
70 |
71 | clean:
72 | rm -rf bin mx lib.db-*
73 |
74 | clean_lib:
75 | rm -rf $(LIB_NAME)*
--------------------------------------------------------------------------------
/demos/pcap/config.yaml:
--------------------------------------------------------------------------------
1 | blacklist:
2 | - pcap_compile_nopcap
3 | - pcap_lookupdev
4 | - pcap_fileno
5 | - pcap_open_live
6 | - pcap_dump_file
7 | - pcap_activate
8 | - pcap_dump
9 | - pcap_file
--------------------------------------------------------------------------------
/demos/pcap/run_ogharn.sh:
--------------------------------------------------------------------------------
1 | ogharn.py -i $PWD -o $PWD/out -n 3 --m $PWD/lib.db -h pcap/pcap.h -r b -d -c $PWD/config.yaml -f
--------------------------------------------------------------------------------
/demos/pcap/seeds_invalid/is1:
--------------------------------------------------------------------------------
1 | 00000000�������0000000000���0000MGC000000000000000000000000000000000000000000000000000000000000000000000000000000000965798***732'000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
--------------------------------------------------------------------------------
/demos/pcap/seeds_invalid/is2:
--------------------------------------------------------------------------------
1 | ����
--------------------------------------------------------------------------------
/demos/pcap/seeds_invalid/is3:
--------------------------------------------------------------------------------
1 | *
--------------------------------------------------------------------------------
/demos/pcap/seeds_invalid/is4:
--------------------------------------------------------------------------------
1 | tcp[tcpflags]&tcp-sy--943* != 0 or tcp[cpflags]&tcp-fin or tp[tcpflagtcp-rst != 0
2 |
--------------------------------------------------------------------------------
/demos/pcap/seeds_valid/s1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/pcap/seeds_valid/s1
--------------------------------------------------------------------------------
/demos/pcap/seeds_valid/s2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/pcap/seeds_valid/s2
--------------------------------------------------------------------------------
/demos/pcap/seeds_valid/s4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/pcap/seeds_valid/s4
--------------------------------------------------------------------------------
/demos/pcap/seeds_valid/s5:
--------------------------------------------------------------------------------
1 | tcp[tcpflags]&tcp-syn != 0 or tcp[tcpflags]&tcp-fin != 0 or tcp[tcpflags]&tcp-rst != 0
2 |
--------------------------------------------------------------------------------
/demos/pcap/seeds_valid/s6:
--------------------------------------------------------------------------------
1 | ip and ((icmp and dst host 1.1.1.1 and not host 2.2.2.2) or (host 1.1.1.1 and src host 3.3.3.3))
2 |
--------------------------------------------------------------------------------
/demos/pcre2/Makefile:
--------------------------------------------------------------------------------
1 | CC_FUZZ = afl-clang-fast
2 | CXX_FUZZ = afl-clang-fast++
3 | CFLAGS_ASAN = -fsanitize=address,undefined
4 | CXXFLAGS_ASAN = -fsanitize=address,undefined
5 |
6 | LIB_NAME = lib
7 | LIB_REPO = https://github.com/PCRE2Project/pcre2.git
8 |
9 | DEPS = -I $(PWD)/$(LIB_NAME)/ \
10 | -I $(PWD)/$(LIB_NAME)/src \
11 | -L $(PWD)/$(LIB_NAME)/ \
12 |
13 | DEPS_DYN = -l:libpcre2-8.a
14 | DEPS_STC = -l:libpcre2-8.a
15 | DEPS_LDD = $(PWD)/$(LIB_NAME)/
16 |
17 | #------------------------------------------------------------------------
18 | lib: # build for harness generation. Dynamic linking, asan, and afl instrumentation
19 | export AFL_USE_ASAN=1
20 | export AFL_USE_UBSAN=1
21 | rm -rf $(LIB_NAME)
22 | git clone $(LIB_REPO) $(LIB_NAME)
23 | cd $(LIB_NAME) && \
24 | git checkout a67878318cd08eb92e7f3afa2a15b55d46d285e2 && \
25 | cmake . \
26 | -DCMAKE_C_COMPILER=$(CC_FUZZ) -DCMAKE_CXX_COMPILER=$(CXX_FUZZ) -DCMAKE_EXPORT_COMPILE_COMMANDS=ON && \
27 | make all -j12
28 |
29 | lib_fuzz: # build for fuzzing. Static linking with afl instrumentation
30 | rm -rf $(LIB_NAME)_fuzz
31 | git clone $(LIB_REPO) $(LIB_NAME)_fuzz
32 | cd $(LIB_NAME)_fuzz && \
33 | git checkout a67878318cd08eb92e7f3afa2a15b55d46d285e2 && \
34 | cmake . \
35 | -DCMAKE_C_COMPILER=$(CC_FUZZ) -DCMAKE_CXX_COMPILER=$(CXX_FUZZ) -DBUILD_SHARED_LIBS=Off && \
36 | make all -j12
37 |
38 | run_mx: # Use Multiplier to index the library
39 | mx-index --db $(PWD)/$(LIB_NAME).db --target $(PWD)/$(LIB_NAME)/compile_commands.json --workspace $(PWD)/mx
40 |
41 | #------------------------------------------------------------------------
42 | all: lib lib_fuzz run_mx
43 |
44 | #------------------------------------------------------------------------
45 | harness: # make command used to make the harness during generation
46 | $(CC_FUZZ) -o $(OUT)/harness.out $(OUT)/harness.c $(DEPS) $(DEPS_DYN) $(CFLAGS_ASAN)
47 |
48 | harness_static: # command used to statically compile harness during harness generation
49 | $(CC_FUZZ) -o $(OUT)/harness.out $(OUT)/harness.c -static $(DEPS) $(DEPS_DYN)
50 |
51 | showmap: # command used to get coverage information about library under test
52 | LD_LIBRARY_PATH=$(DEPS_LDD) afl-showmap -o $(OUT)/tempfile -- $(OUT)/harness.out $(SEED)
53 |
54 | showmap_static:
55 | afl-showmap -o $(OUT)/tempfile -- $(OUT)/harness.out $(SEED)
56 |
57 | harness_fuzz: # compile a harness specifically for fuzzing. Pass the harness number using make harness_fuzz HARNESS_NUMBER=x
58 | @ls bin || mkdir bin
59 | $(eval LIB_NAME=lib_fuzz) \
60 | $(CC_FUZZ) -o bin/ogharn$(HARNESS_NUMBER)\_fuzz $(OUT)/final-harnesses/src/harness$(HARNESS_NUMBER):*.c -static $(DEPS) $(DEPS_STC) ;
61 |
62 | clean:
63 | rm -rf bin mx lib.db-*
64 |
65 | clean_lib:
66 | rm -rf $(LIB_NAME)*
67 |
68 |
--------------------------------------------------------------------------------
/demos/pcre2/config.yaml:
--------------------------------------------------------------------------------
1 | add_define_to_harness: "#ifndef PCRE2_CODE_UNIT_WIDTH\n#define PCRE2_CODE_UNIT_WIDTH 8\n#endif"
--------------------------------------------------------------------------------
/demos/pcre2/run_ogharn.sh:
--------------------------------------------------------------------------------
1 | ogharn.py -i $PWD -o $PWD/out -n 3 --m $PWD/lib.db -h pcre2.h -r b -d -e -f -c $PWD/config.yaml
--------------------------------------------------------------------------------
/demos/pcre2/seeds_invalid/is1:
--------------------------------------------------------------------------------
1 | (*3497)
--------------------------------------------------------------------------------
/demos/pcre2/seeds_invalid/is2:
--------------------------------------------------------------------------------
1 | "�"
--------------------------------------------------------------------------------
/demos/pcre2/seeds_invalid/is3:
--------------------------------------------------------------------------------
1 | )
--------------------------------------------------------------------------------
/demos/pcre2/seeds_invalid/is4:
--------------------------------------------------------------------------------
1 | ^([a-zA-Z0-9_\-\.]+)@([a-Z0-9_\-\.]+)\[a-zA-Z]5})$
--------------------------------------------------------------------------------
/demos/pcre2/seeds_valid/s1:
--------------------------------------------------------------------------------
1 | abc
--------------------------------------------------------------------------------
/demos/pcre2/seeds_valid/s2:
--------------------------------------------------------------------------------
1 | (a(b(c(d(e)))))
--------------------------------------------------------------------------------
/demos/pcre2/seeds_valid/s3:
--------------------------------------------------------------------------------
1 | ^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$
--------------------------------------------------------------------------------
/demos/pcre2/seeds_valid/s4:
--------------------------------------------------------------------------------
1 | ([A-Z]\w+) contains two different elements of the regular
2 | expression combined together. This expression will match any pattern
3 | containing uppercase letter followed by any character.
--------------------------------------------------------------------------------
/demos/raylib/Makefile:
--------------------------------------------------------------------------------
1 | CC_FUZZ = afl-clang-fast
2 | CXX_FUZZ = afl-clang-fast++
3 | CFLAGS_ASAN = -fsanitize=address,undefined
4 | CXXFLAGS_ASAN = -fsanitize=address,undefined
5 |
6 | LIB_NAME = lib
7 | LIB_REPO = https://github.com/raysan5/raylib
8 |
9 | DEPS = -I $(PWD)/$(LIB_NAME)/lib \
10 | -I $(PWD)/$(LIB_NAME)/src \
11 | -I $(PWD)/$(LIB_NAME)/ \
12 | -L $(PWD)/$(LIB_NAME)/raylib \
13 | -L $(PWD)/$(LIB_NAME)/lib
14 |
15 | DEPS_STC = -l:libraylib.a -lm
16 | DEPS_DYN = -lraylib
17 | DEPS_LDD = $(PWD)/$(LIB_NAME)/raylib/
18 |
19 | #------------------------------------------------------------------------
20 | lib: # build for harness generation. Dynamic linking, asan, and afl instrumentation
21 | export AFL_USE_ASAN=1
22 | export AFL_USE_UBSAN=1
23 | rm -rf $(LIB_NAME)
24 | git clone $(LIB_REPO) $(LIB_NAME)
25 | cd $(LIB_NAME) && \
26 | git checkout a17a81f05b62d92af1bff103721d17a180aa84e5 && \
27 | cmake . \
28 | -DCMAKE_C_COMPILER=$(CC_FUZZ) -DCMAKE_CXX_COMPILER=$(CXX_FUZZ) -DBUILD_SHARED_LIBS=ON \
29 | -DCMAKE_EXPORT_COMPILE_COMMANDS=ON && \
30 | make PLATFORM=PLATFORM_DESKTOP RAYLIB_LIBTYPE=SHARED all -j12
31 |
32 | lib_fuzz: # build for fuzzing. Static linking with afl instrumentation
33 | rm -rf $(LIB_NAME)_fuzz
34 | git clone $(LIB_REPO) $(LIB_NAME)_fuzz
35 | cd $(LIB_NAME)_fuzz && \
36 | git checkout a17a81f05b62d92af1bff103721d17a180aa84e5 && \
37 | cmake . \
38 | -DCMAKE_C_COMPILER=$(CC_FUZZ) -DCMAKE_CXX_COMPILER=$(CXX_FUZZ) -DBUILD_SHARED_LIBS=OFF && \
39 | make PLATFORM=PLATFORM_DESKTOP RAYLIB_LIBTYPE=SHARED all -j12
40 |
41 | run_mx: # Use Multiplier to index the library
42 | mx-index --db $(PWD)/$(LIB_NAME).db --target $(PWD)/$(LIB_NAME)/compile_commands.json --workspace $(PWD)/mx
43 |
44 | #------------------------------------------------------------------------
45 | all: lib lib_fuzz run_mx
46 |
47 | #------------------------------------------------------------------------
48 | harness: # make command used to make the harness during generation
49 | $(CC_FUZZ) -o $(OUT)/harness.out $(OUT)/harness.c $(DEPS) $(DEPS_DYN) $(CFLAGS_ASAN)
50 |
51 | showmap: # command used to get coverage information about library under test
52 | LD_LIBRARY_PATH=$(DEPS_LDD) afl-showmap -o $(OUT)/tempfile -- $(OUT)/harness.out $(SEED)
53 |
54 | harness_fuzz: # compile a harness specifically for fuzzing. Pass the harness number using make harness_fuzz HARNESS_NUMBER=x
55 | @ls bin || mkdir bin
56 | $(eval LIB_NAME=lib_fuzz) \
57 | $(CC_FUZZ) -o bin/ogharn$(HARNESS_NUMBER)\_fuzz $(OUT)/final-harnesses/src/harness$(HARNESS_NUMBER):*.c -static $(DEPS) $(DEPS_STC) ;
58 |
59 |
60 | clean:
61 | rm -rf bin mx lib.db-*
62 |
63 | clean_lib:
64 | rm -rf $(LIB_NAME)*
--------------------------------------------------------------------------------
/demos/raylib/README.md:
--------------------------------------------------------------------------------
1 | #### Note: For fuzzing raylib harnesses, the -e '.png' command line argument is necessary.
--------------------------------------------------------------------------------
/demos/raylib/run_ogharn.sh:
--------------------------------------------------------------------------------
1 | ogharn.py -i $PWD -o $PWD/out -n 3 --m $PWD/lib.db -h raylib.h -r f -d -f -as
--------------------------------------------------------------------------------
/demos/raylib/seeds_invalid/empty:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/raylib/seeds_invalid/empty
--------------------------------------------------------------------------------
/demos/raylib/seeds_invalid/s5.png:
--------------------------------------------------------------------------------
1 | �PNG
2 | �
3 | �g�����V����*��x=�E�R������#��n�Z�=$�_ayyssi�L�G��n��L����y��C��@�����|�<��l��--��������m]d�4�4�e��-��������:�h�˪�*�9�hf��1�»̕���贅I)��%$��=������nJ���n��wA�P�n�5��;62�X3�"5��-�g��,��Ӑ�Ǐ_��/�ڪ�b�pG>]����{U����ut ��V�V�k�����03X��"����J��c���{��U[{�p�����V���Vw+�BA��lw�BK�$IDo� �=�g�YB�����8���%�G���V��Ωn���=�a�p:��4V��$��[����Wk�B�&,L��v��
4 | �=��[��a�����LH�%�3�tƟ�n���ZH$i�Fb&�cB�N2��FD����u��&�H��y�z���x�834Ӗm�S}�p
5 | +Q��4Ƅ`�t�~���Xo
6 | u!�J����4���T:���Q�������t`%������y�Zfy1E���]���G��_�~QڮeX�����o
7 | -�[�v��o il2B�9���;��2������7q[SJ�+v�㼼�{`�%}d�`�a,������쉞,���j_1���q��F�T�0
8 |
9 | V+�����0L_�WncCCA�N��$&�7��������IEND�B`�
--------------------------------------------------------------------------------
/demos/raylib/seeds_valid/s1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/raylib/seeds_valid/s1.png
--------------------------------------------------------------------------------
/demos/raylib/seeds_valid/s2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/raylib/seeds_valid/s2.png
--------------------------------------------------------------------------------
/demos/raylib/seeds_valid/s3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/raylib/seeds_valid/s3.png
--------------------------------------------------------------------------------
/demos/raylib/seeds_valid/s4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/raylib/seeds_valid/s4.png
--------------------------------------------------------------------------------
/demos/raylib/seeds_valid/s5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/raylib/seeds_valid/s5.png
--------------------------------------------------------------------------------
/demos/sqlite/Makefile:
--------------------------------------------------------------------------------
1 | #------------------------------------------------------------------------
2 | # Leave these as-is (unless you must change the compiler)!
3 |
4 | CC_FUZZ = afl-clang-fast
5 | CXX_FUZZ = afl-clang-fast++
6 | CC = clang
7 | CXX = clang++
8 | CFLAGS_ASAN = -fsanitize=address,undefined
9 | CXXFLAGS_ASAN = -fsanitize=address,undefined
10 |
11 | #------------------------------------------------------------------------
12 | # Edit these below accordingly...
13 |
14 | LIB_NAME = lib
15 | LIB_REPO = https://github.com/sqlite/sqlite.git
16 |
17 | DEPS = -I $(PWD)/$(LIB_NAME)/ \
18 | -L $(PWD)/$(LIB_NAME)/
19 |
20 | DEPS_STAT = -I $(PWD)/$(LIB_NAME)_static/ \
21 | -L $(PWD)/$(LIB_NAME)_static/
22 |
23 | DEPS_DYN = -lsqlite3
24 | DEPS_STC = -l:libsqlite3.a -lm
25 | DEPS_LDD = $(PWD)/$(LIB_NAME)/
26 |
27 | #------------------------------------------------------------------------
28 | lib: # build for harness generation. Dynamic linking, asan, and afl instrumentation
29 | export AFL_USE_ASAN=1
30 | export AFL_USE_UBSAN=1
31 | rm -rf $(LIB_NAME)
32 | git clone $(LIB_REPO) $(LIB_NAME)
33 | cd $(LIB_NAME) && \
34 | git checkout 0df847cc776131919935658230fe2e629906dabb && \
35 | ./configure \
36 | CC=$(CC_FUZZ) CXX=$(CXX_FUZZ) \
37 | CFLAGS="-DSQLITE_ENABLE_API_ARMOR" \
38 | CXXFLAGS="-DSQLITE_ENABLE_API_ARMOR" && \
39 | make all -j12
40 |
41 | lib_plain: # build for harness generation. Dynamic linking, asan, and afl instrumentation
42 | rm -rf $(LIB_NAME)_plain
43 | git clone $(LIB_REPO) $(LIB_NAME)_plain
44 | cd $(LIB_NAME)_plain && \
45 | git checkout 0df847cc776131919935658230fe2e629906dabb && \
46 | ./configure \
47 | CC=$(CC) CXX=$(CXX) \
48 | CFLAGS="-DSQLITE_ENABLE_API_ARMOR" \
49 | CXXFLAGS="-DSQLITE_ENABLE_API_ARMOR" && \
50 | bear -- make all -j12
51 |
52 | lib_static:
53 | rm -rf $(LIB_NAME)_static
54 | git clone $(LIB_REPO) $(LIB_NAME)_static
55 | cd $(LIB_NAME)_static && \
56 | git checkout 0df847cc776131919935658230fe2e629906dabb && \
57 | ./configure --static \
58 | CC=$(CC_FUZZ) CXX=$(CXX_FUZZ) \
59 | CFLAGS="-DSQLITE_ENABLE_API_ARMOR" \
60 | CXXFLAGS="-DSQLITE_ENABLE_API_ARMOR" && \
61 | make all -j12
62 |
63 |
64 | lib_fuzz: # build for fuzzing. Static linking with afl instrumentation
65 | rm -rf $(LIB_NAME)_fuzz
66 | git clone $(LIB_REPO) $(LIB_NAME)_fuzz
67 | cd $(LIB_NAME)_fuzz && \
68 | git checkout 0df847cc776131919935658230fe2e629906dabb && \
69 | ./configure --static --with-tclsh=/usr/bin/tclsh8.6 \
70 | CC=$(CC_FUZZ) CXX=$(CXX_FUZZ) \
71 | CFLAGS="-DSQLITE_ENABLE_API_ARMOR" \
72 | CXXFLAGS="-DSQLITE_ENABLE_API_ARMOR" && \
73 | make all -j12
74 |
75 | run_mx: # Use Multiplier to index the library
76 | mx-index --db $(PWD)/$(LIB_NAME).db --target $(PWD)/$(LIB_NAME)_plain/compile_commands.json --workspace $(PWD)/mx
77 |
78 | #------------------------------------------------------------------------
79 | all: lib lib_plain lib_fuzz run_mx
80 |
81 | #------------------------------------------------------------------------
82 | harness: # make command used to make the harness during generation
83 | $(CC_FUZZ) -o $(OUT)/harness.out $(OUT)/harness.c $(DEPS) $(DEPS_DYN) $(CFLAGS_ASAN)
84 |
85 | harness_static: # command used to statically compile harness during harness generation
86 | $(CC_FUZZ) -o $(OUT)/harness.out $(OUT)/harness.c -static $(DEPS) $(DEPS_STC)
87 |
88 | showmap: # command used to get coverage information about library under test
89 | LD_LIBRARY_PATH=$(DEPS_LDD) afl-showmap -o $(OUT)/tempfile -- $(OUT)/harness.out $(SEED)
90 |
91 | showmap_static: # command used to get coverage information about the statically linked harness
92 | afl-showmap -o $(OUT)/tempfile -- $(OUT)/harness.out $(SEED)
93 |
94 |
95 | harness_fuzz: # compile a harness specifically for fuzzing. Pass the harness number using make harness_fuzz HARNESS_NUMBER=x
96 | @ls bin || mkdir bin
97 | $(eval LIB_NAME=lib_fuzz) \
98 | $(CC_FUZZ) -o bin/ogharn$(HARNESS_NUMBER)\_fuzz $(OUT)/final-harnesses/src/harness$(HARNESS_NUMBER):*.c -static $(DEPS) $(DEPS_STC) ;
99 |
100 | clean:
101 | rm -rf bin mx lib.db-*
102 |
103 | clean_lib:
104 | rm -rf $(LIB_NAME)*
--------------------------------------------------------------------------------
/demos/sqlite/config.yaml:
--------------------------------------------------------------------------------
1 | blacklist:
2 | - sqlite3_mprintf
3 | - sqlite3_vmprintf
4 | - sqlite3_snprintf
5 | - sqlite3_vsnprintf
6 | - sqlite3_open16
7 | - sqlite3_open_v2
8 |
9 | preamble_func: sqlite3_open
10 |
11 | arg_keys:
12 | sqlite3_open:
13 | - {"index": 0, "value": "\":memory:\""} # 0th arg to sqlite3_open should be ":memory:" to avoid filesystem overhead
--------------------------------------------------------------------------------
/demos/sqlite/run_ogharn.sh:
--------------------------------------------------------------------------------
1 | ogharn.py -i $PWD -o $PWD/out -n 3 --m $PWD/lib.db -h sqlite3.h -r b -d -f -c $PWD/config.yaml -e
--------------------------------------------------------------------------------
/demos/sqlite/seeds_invalid/s1:
--------------------------------------------------------------------------------
1 | SELECT * FROM json_tree('{"id":"0001","type":"donut","name":"Cake","ppu":0.55,"batters":{"batter":[{"id":"1001","type":"Regular"},{"id":"1002","type":"Chocolate"},{"id":"1003","type":"Blueberry"},{"id":"1004","type":"Devil''s Food"}]},"topping":[{"id":"5001","type":"None"},{"id":"5002","type":"Glazed"},{"id":"5005","type":"Sugar"},{"id":"5007","type":"Powdered Sugar"},{"id":"5006","type":"Chocolate with Sprinkles"},{"id":"5003","type":"Chocolate"},{"id":"5004","type":"Maple"}]},{"id":"0002","type":"donut","name":"Raised","ppu":0.55,"batters":{"batter":[{"id":"1001","type":"Regular"}]},"topping":[{"id":"5001","type":"None"},{"id":"5002","type":"Glazed"},{"id":"5005","type":"Sugar"},{"id":"5003","type":"Chocolate"},{"id":"5004","type":"Maple"}]},{"id":"0003","type":"donut","name":"Old Fashioned","ppu":0.55,"batters":{"batter":[{"id":"1001","type":"Regular"},{"id":"1002","type":"Chocolate"}]},"topping":[{"id":"5001","type":"None"},{"id":"5002","type":"Glazed"},{"id":"5003","type":"Chocolate"},{"id":"5004","type":"Maple"}]}]');
2 |
--------------------------------------------------------------------------------
/demos/sqlite/seeds_invalid/s2:
--------------------------------------------------------------------------------
1 | .open --he
2 | | size 2040 pagesize 4096 filename altertable001.txt.db
3 | | page 1 offset 0
4 | | 0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 SQLite format 3.
5 | | 16: 10 00 01 01 00 40 20 20 00 00 00 00 00 00 00 05 .....@ ........
6 | | 32: 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 04 ................
7 | | 48: 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ................
8 | | 96: 00 00 00 00 0d 00 00 00 05 0e 55 00 0f 74 0f 3c ..........U..t.<
9 | | 112: 0e f9 0e d1 0e 55 00 00 00 00 00 00 00 00 00 00 .....U..........
10 | | 3664: 00 00 00 00 00 7a 05 07 15 11 11 08 81 63 76 69 .....z.......cvi
11 | | 3680: 65 77 76 31 76 31 43 52 45 41 54 45 20 56 49 45 ewv1v1CREATE VIE
12 | | 3696: 57 20 76 31 28 78 2c 79 29 20 41 53 0a 53 45 4c W v1(x,y) AS.SEL
13 | | 3712: 45 43 54 20 74 31 2e 62 2c 74 32 2e 62 20 46 52 ECT t1.b,t2.b FR
14 | | 3728: 4f 4d 20 74 31 2c 74 32 20 57 48 45 52 45 20 74 OM t1,t2 WHERE t
15 | | 3744: 31 2e 61 3d 74 32 2e 61 20 47 52 4f 55 50 20 42 1.a=t2.a GROUP B
16 | | 3760: 59 20 31 20 48 41 56 49 4e 47 20 74 32 2e 63 20 Y 1 HAVING t2.c
17 | | 3776: 4e 4f 54 20 4e 55 4c 4c 0a 4c 49 4d 49 54 20 31 NOT NULL.LIMIT 1
18 | | 3792: 30 26 04 06 17 11 11 01 39 74 61 62 6c 65 74 32 0&......9tablet2
19 | | 3808: 74 32 05 43 52 45 41 54 45 20 54 41 42 4c 45 20 t2.CREATE TABLE
20 | | 3824: 74 32 28 61 2c 62 2c 63 29 41 03 06 17 15 11 01 t2(a,b,c)A......
21 | | 3840: 6b 69 6e 64 65 78 74 31 78 31 74 31 04 43 52 45 kindext1x1t1.CRE
22 | | 3856: 41 54 45 20 49 4e 44 45 58 20 74 31 78 31 20 4f ATE INDEX t1x1 O
23 | | 3872: 4e 20 74 31 28 64 29 20 57 48 45 52 45 20 65 65 N t1(d) WHERE ee
24 | | 3888: 20 49 53 20 4e 4f 54 20 4e 55 4c 4c 36 02 06 17 IS NOT NULL6...
25 | | 3904: 17 11 01 53 69 6e 64 65 78 74 31 61 62 63 74 31 ...Sindext1abct1
26 | | 3920: 03 43 52 45 41 54 45 20 49 4e 44 45 58 20 74 31 .CREATE INDEX t1
27 | | 3936: 61 62 63 20 4f 4e 20 74 31 28 61 2c 62 2c 63 2b abc ON t1(a,b,c+
28 | | 3952: 64 2b 65 29 81 09 01 07 17 11 11 01 81 7d 74 61 d+e)..........ta
29 | | 3968: 62 6c 65 74 31 74 31 02 43 52 45 41 54 45 20 54 blet1t1.CREATE T
30 | | 3984: 41 42 4c 45 20 74 31 28 61 2c 62 2c 63 2c 64 2c ABLE t1(a,b,c,d,
31 | | 4000: 65 2c 66 2c 67 2c 68 2c 6a 2c 6a 6a 2c 6a 6a 6a e,f,g,h,j,jj,jjj
32 | | 4016: 2c 6b 2c 61 61 2c 62 62 2c 63 63 2c 64 64 2c 65 ,k,aa,bb,cc,dd,e
33 | | 4032: 65 20 44 45 46 41 55 4c 54 20 33 2e 31 34 2c 0a e DEFAULT 3.14,.
34 | | 4048: 66 66 20 44 45 46 41 55 4c 54 28 27 68 69 63 63 ff DEFAULT('hicc
35 | | 4064: 75 70 27 29 2c 67 67 20 4e 4f 54 20 4e 55 4c 4c up'),gg NOT NULL
36 | | 4080: 20 44 45 46 41 55 4c 54 28 66 61 6c 73 65 29 29 DEFAULT(false))
37 | | page 2 offset 4096
38 | | 0: 0d 00 00 00 0a 0e 7b 00 0f dc 0f b6 0f 8f 0f 68 ...............h
39 | | 16: 0f 41 0f 1a 0e f3 0e cb 0e a3 0e 7b 00 00 00 00 .A..............
40 | | 3696: 00 00 00 00 00 00 00 00 00 00 00 26 0a 14 01 01 ...........&....
41 | | 3712: 02 08 00 00 00 00 00 00 00 00 00 00 00 00 07 19 ................
42 | | 3728: 08 09 5a 00 b4 40 09 1e b8 51 eb 85 1f 68 69 63 ..Z..@...Q...hic
43 | | 3744: 63 75 70 26 09 14 01 01 02 08 00 00 00 00 00 00 cup&............
44 | | 3760: 00 00 00 00 00 00 07 19 08 08 50 00 a0 40 09 1e ..........P..@..
45 | | 3776: b8 51 eb 85 1f 68 69 63 63 75 70 26 08 14 01 01 .Q...hiccup&....
46 | | 3792: 02 08 00 00 00 00 00 00 00 00 00 00 00 00 07 19 ................
47 | | 3808: 08 07 46 00 8c 40 09 1e b8 51 eb 85 1f 68 69 63 ..F..@...Q...hic
48 | | 3824: 63 75 70 25 07 14 01 01 01 08 00 00 00 00 00 00 cup%............
49 | | 3840: 00 00 00 00 00 00 07 19 08 06 3c 78 40 09 1e b8 ..........(x,y,z) FROM t1;
7 | SELECT (a,b,c)<(x,y,z) FROM t1;
8 | SELECT (a,b,c)<=(x,y,z) FROM t1;
9 | SELECT (a,b,c)>(x,y,z) FROM t1;
10 | SELECT (a,b,c)>=(x,y,z) FROM t1;
11 | SELECT (a,b,c) IS (x,y,z) FROM t1;
12 | SELECT (a,b,c) IS NOT (x,y,z) FROM t1;
13 | SELECT rowid FROM t1 WHERE (a,b,c)==(x,y,z);
14 | SELECT rowid FROM t1 WHERE (a,b,c)<>(x,y,z);
15 | SELECT rowid FROM t1 WHERE (a,b,c)<(x,y,z);
16 | SELECT rowid FROM t1 WHERE (a,b,c)<=(x,y,z);
17 | SELECT rowid FROM t1 WHERE (a,b,c)>(x,y,z);
18 | SELECT rowid FROM t1 WHERE (a,b,c)>=(x,y,z);
19 | SELECT rowid FROM t1 WHERE (a,b,c)IS (x,y,z);
20 | SELECT rowid FROM t1 WHERE (a,b,c)IS NOT(x,y,z);
--------------------------------------------------------------------------------
/demos/sqlite/seeds_valid/s6:
--------------------------------------------------------------------------------
1 | CREATE TABLE t15(a INTEGER PRIMARY KEY, b);
2 | INSERT INTO t15(a,b)VALUES(10,'0'),(20,'000'),(30,'000');
3 | ALTER TABLE t15 ADD COLUMN c;
4 | CREATE INDEX t000 ON t15(c);
5 | INSERT INTO t15(a,b)
6 | VALUES(5,'000'),(15,'000'),(25,'000'),(35,'000');
7 | UPDATE t15 SET a=printf("0%d",b) WHERE c IS NULL;
8 | SELECT a,b,c,'0'FROM t15 ORDER BY a;
9 |
--------------------------------------------------------------------------------
/demos/sqlite/seeds_valid/s7:
--------------------------------------------------------------------------------
1 | SELECT ''
--------------------------------------------------------------------------------
/demos/stormlib/Makefile:
--------------------------------------------------------------------------------
1 | CC_FUZZ = afl-clang-fast
2 | CXX_FUZZ = afl-clang-fast++
3 | CFLAGS_ASAN = -fsanitize=address,undefined
4 | CXXFLAGS_ASAN = -fsanitize=address,undefined
5 |
6 |
7 | LIB_NAME = lib
8 | LIB_REPO = https://github.com/ladislav-zezula/StormLib
9 |
10 | DEPS = -I $(PWD)/$(LIB_NAME)/src/ \
11 | -I $(PWD)/$(LIB_NAME)/ \
12 | -L $(PWD)/$(LIB_NAME)/
13 |
14 | DEPS_DYN = -lstorm
15 | DEPS_STC = -l:libstorm.a -lz -lbz2 -lstdc++
16 | DEPS_LDD = $(PWD)/$(LIB_NAME)/
17 |
18 | #------------------------------------------------------------------------
19 | lib: # build for harness generation. Dynamic linking, asan, and afl instrumentation
20 | export AFL_USE_ASAN=1
21 | export AFL_USE_UBSAN=1
22 | rm -rf $(LIB_NAME)
23 | git clone $(LIB_REPO) $(LIB_NAME)
24 | cd $(LIB_NAME) && \
25 | git checkout 605222393594f5885b877bfc0086dae756674965 && \
26 | cmake . \
27 | -DCMAKE_C_COMPILER=$(CC_FUZZ) -DCMAKE_CXX_COMPILER=$(CXX_FUZZ) -DBUILD_SHARED_LIBS=ON \
28 | -DCMAKE_EXPORT_COMPILE_COMMANDS=ON && \
29 | make all -j12
30 |
31 | lib_fuzz: # build for fuzzing. Static linking with afl instrumentation
32 | rm -rf $(LIB_NAME)_fuzz
33 | git clone $(LIB_REPO) $(LIB_NAME)_fuzz
34 | cd $(LIB_NAME)_fuzz && \
35 | git checkout 605222393594f5885b877bfc0086dae756674965 && \
36 | cmake . \
37 | -DCMAKE_C_COMPILER=$(CC_FUZZ) -DCMAKE_CXX_COMPILER=$(CXX_FUZZ) -DBUILD_SHARED_LIBS=OFF && \
38 | make all -j12
39 |
40 | run_mx: # Use Multiplier to index the library
41 | mx-index --db $(PWD)/$(LIB_NAME).db --target $(PWD)/$(LIB_NAME)_plain/compile_commands.json --workspace $(PWD)/mx
42 |
43 | #------------------------------------------------------------------------
44 | all: lib lib_fuzz run_mx
45 |
46 | #------------------------------------------------------------------------
47 | harness: # make command used to make the harness during generation
48 | $(CC_FUZZ) -o $(OUT)/harness.out $(OUT)/harness.c $(DEPS) $(DEPS_DYN) $(CFLAGS_ASAN)
49 |
50 | showmap: # command used to get coverage information about library under test
51 | LD_LIBRARY_PATH=$(DEPS_LDD) afl-showmap -o $(OUT)/tempfile -- $(OUT)/harness.out $(SEED)
52 |
53 | harness_fuzz: # compile a harness specifically for fuzzing. Pass the harness number using make harness_fuzz HARNESS_NUMBER=x
54 | @ls bin || mkdir bin
55 | $(eval LIB_NAME=lib_fuzz) \
56 | $(CC_FUZZ) -o bin/ogharn$(HARNESS_NUMBER)\_fuzz $(OUT)/final-harnesses/src/harness$(HARNESS_NUMBER):*.c -static $(DEPS) $(DEPS_STC) ;
57 |
58 | clean:
59 | rm -rf bin mx lib.db-*
60 |
61 | clean_lib:
62 | rm -rf $(LIB_NAME)*
--------------------------------------------------------------------------------
/demos/stormlib/run_ogharn.sh:
--------------------------------------------------------------------------------
1 | ogharn.py -i $PWD -o $PWD/out -n 3 --m $PWD/lib.db -h StormLib.h -r f -d -f
--------------------------------------------------------------------------------
/demos/stormlib/seeds_invalid/invalid.SC2Replay_:
--------------------------------------------------------------------------------
1 | MPQQasdfasdfasdfasdf
--------------------------------------------------------------------------------
/demos/stormlib/seeds_invalid/small:
--------------------------------------------------------------------------------
1 | S
--------------------------------------------------------------------------------
/demos/stormlib/seeds_valid/s1.SC2Replay:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/stormlib/seeds_valid/s1.SC2Replay
--------------------------------------------------------------------------------
/demos/stormlib/seeds_valid/s2.SC2Replay:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/stormlib/seeds_valid/s2.SC2Replay
--------------------------------------------------------------------------------
/demos/stormlib/seeds_valid/s3.SC2Replay:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/stormlib/seeds_valid/s3.SC2Replay
--------------------------------------------------------------------------------
/demos/stormlib/seeds_valid/s4.SC2Replay:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/stormlib/seeds_valid/s4.SC2Replay
--------------------------------------------------------------------------------
/demos/ucl/Makefile:
--------------------------------------------------------------------------------
1 | CC_FUZZ = afl-clang-fast
2 | CXX_FUZZ = afl-clang-fast++
3 | CFLAGS_ASAN = -fsanitize=address,undefined
4 | CXXFLAGS_ASAN = -fsanitize=address,undefined
5 |
6 | #------------------------------------------------------------------------
7 | # Edit these below accordingly...
8 |
9 | LIB_NAME = lib
10 | LIB_REPO = https://github.com/vstakhov/libucl
11 |
12 | DEPS = -I $(PWD)/$(LIB_NAME)/ \
13 | -I $(PWD)/$(LIB_NAME)/include \
14 | -I $(PWD)/$(LIB_NAME)/src \
15 | -I $(PWD)/$(LIB_NAME)/uthash \
16 | -L $(PWD)/$(LIB_NAME)/
17 |
18 | DEPS_DYN = -lucl
19 | DEPS_STC = -l:libucl.a
20 | DEPS_LDD = $(PWD)/$(LIB_NAME)/
21 |
22 | #------------------------------------------------------------------------
23 | lib: # build for harness generation. Dynamic linking, asan, and afl instrumentation
24 | export AFL_USE_ASAN=1
25 | export AFL_USE_UBSAN=1
26 | rm -rf $(LIB_NAME)
27 | git clone $(LIB_REPO) $(LIB_NAME)
28 | cd $(LIB_NAME)&& \
29 | git checkout 51c5e2f0526c41efc5e919e0b834a87b1976f33c && \
30 | cmake . \
31 | -DCMAKE_C_COMPILER=$(CC_FUZZ) -DCMAKE_CXX_COMPILER=$(CXX_FUZZ) -DBUILD_SHARED_LIBS=OFF -DCMAKE_EXPORT_COMPILE_COMMANDS=ON && \
32 | make all -j12
33 |
34 | lib_fuzz: # build for fuzzing. Static linking with afl instrumentation
35 | rm -rf $(LIB_NAME)_fuzz
36 | git clone $(LIB_REPO) $(LIB_NAME)_fuzz
37 | cd $(LIB_NAME)_fuzz && \
38 | git checkout 51c5e2f0526c41efc5e919e0b834a87b1976f33c && \
39 | cmake . \
40 | -DCMAKE_C_COMPILER=$(CC_FUZZ) -DCMAKE_CXX_COMPILER=$(CXX_FUZZ) -DBUILD_SHARED_LIBS=OFF && \
41 | make all -j12
42 |
43 | run_mx: # Use Multiplier to index the library
44 | mx-index --db $(PWD)/$(LIB_NAME).db --target $(PWD)/$(LIB_NAME)/compile_commands.json --workspace $(PWD)/mx
45 |
46 | #------------------------------------------------------------------------
47 | all: lib lib_fuzz run_mx
48 |
49 | #------------------------------------------------------------------------
50 | harness: # make command used to make the harness during generation
51 | $(CC_FUZZ) -o $(OUT)/harness.out $(OUT)/harness.c $(DEPS) $(DEPS_DYN) $(CFLAGS_ASAN)
52 |
53 | showmap: # command used to get coverage information about library under test
54 | LD_LIBRARY_PATH=$(DEPS_LDD) afl-showmap -o $(OUT)/tempfile -- $(OUT)/harness.out $(SEED)
55 |
56 | harness_fuzz: # compile a harness specifically for fuzzing. Pass the harness number using make harness_fuzz HARNESS_NUMBER=x
57 | @ls bin || mkdir bin
58 | $(eval LIB_NAME=lib_fuzz) \
59 | $(CC_FUZZ) -o bin/ogharn$(HARNESS_NUMBER)\_fuzz $(OUT)/final-harnesses/src/harness$(HARNESS_NUMBER):*.c -static $(DEPS) $(DEPS_STC) ;
60 |
61 | clean:
62 | rm -rf bin mx lib.db-*
63 |
64 | clean_lib:
65 | rm -rf $(LIB_NAME)*
--------------------------------------------------------------------------------
/demos/ucl/run_ogharn.sh:
--------------------------------------------------------------------------------
1 | ogharn.py -i $PWD -o $PWD/out -n 3 -m $PWD/lib.db -h ucl.h -r b -d -f
--------------------------------------------------------------------------------
/demos/ucl/seeds_invalid/s5:
--------------------------------------------------------------------------------
1 | S
--------------------------------------------------------------------------------
/demos/ucl/seeds_invalid/s6.in:
--------------------------------------------------------------------------------
1 | section1 { param1 = value; param2 = value,
2 | section3 {param = value; param2 = value, param3 = ["value1", value2, 100500]}}
3 | section2 { param1 = {key = value}, param1 = ["key"]}
4 |
5 | # Numbers
6 | key1 = 1=s
7 | key2 = 1min@@ #
8 | key3 = 1kb
9 | key4 = 5M
10 | key5 = 10mS
11 | key6 = 10y
12 |
13 | # Strings
14 | key1 "some string";
15 | key2 = /some/path;
16 | key3 = 111some,
17 | key4: s1,
18 | "key5": "\n\r123"
19 |
20 | # Variables
21 | keyvar = "$ABItest
22 | keyvar = "${ABI}$ABI${ABI}${$ABI}"
23 | keyvar = "${some}$no${}$$test$$$$$$$";
24 | keyvar = "$ABI$$ABI$$$ABI$$$$";
25 |
--------------------------------------------------------------------------------
/demos/ucl/seeds_invalid/s7.in:
--------------------------------------------------------------------------------
1 | section1 param1 = value; param2 = value,
2 | section3 {pam = value; param2 = value, param3 = [value1", value2, 100500]}}
3 | section2 param1 = {key = value}, param1 = ["key"]}
4 |
5 | # Numbers
6 | key1 = 1=s
7 | key2 = 1min@@ #
8 | key3 = 1kb
9 | key4 = 5M
10 | key5 = 10mS
11 | key6 = 10y
12 |
13 | # Strings
14 | key1 "some string";
15 | key2 = /some/path;
16 | key3 = 111some,
17 | key4: s1,
18 | "key5": "\n\r123"
19 |
20 | # Variables
21 | keyvar = "$ABItest
22 | keyvar = "${ABI}$ABI${ABI}${$ABI}"
23 | keyvar = "${some}$no${}$$test$$$$$$$";
24 | keyvar = "$ABI$$ABI$$$ABI$$$$";
25 |
--------------------------------------------------------------------------------
/demos/ucl/seeds_valid/s1.in:
--------------------------------------------------------------------------------
1 |
2 |
3 | {"key": "value"}
4 |
--------------------------------------------------------------------------------
/demos/ucl/seeds_valid/s2.res:
--------------------------------------------------------------------------------
1 | overrided {
2 | key = "overrided";
3 | }
4 | section {
5 | value = "test";
6 | }
7 |
8 |
--------------------------------------------------------------------------------
/demos/ucl/seeds_valid/s3.in:
--------------------------------------------------------------------------------
1 | section blah { # test
2 | param = "value"
3 | }
4 | section test {
5 | key = test;
6 | subsection testsub {
7 | flag on;
8 | subsubsection testsubsub1 testsubsub2 {
9 | key = [1, 2, 3];
10 | }
11 | }
12 | }
13 |
14 | section test {
15 | /* Empty */
16 | }
17 |
18 |
19 | section foo { # test
20 | param = 123.2;
21 | }
22 |
23 | array = []
24 |
--------------------------------------------------------------------------------
/demos/ucl/seeds_valid/s4.in:
--------------------------------------------------------------------------------
1 | section1 { param1 = value; param2 = value,
2 | section3 {param = value; param2 = value, param3 = ["value1", value2, 100500]}}
3 | section2 { param1 = {key = value}, param1 = ["key"]}
4 |
5 | # Numbers
6 | key1 = 1s
7 | key2 = 1min
8 | key3 = 1kb
9 | key4 = 5M
10 | key5 = 10mS
11 | key6 = 10y
12 |
13 | # Strings
14 | key1 = "some string";
15 | key2 = /some/path;
16 | key3 = 111some,
17 | key4: s1,
18 | "key5": "\n\r123"
19 |
20 | # Variables
21 | keyvar = "$ABItest";
22 | keyvar = "${ABI}$ABI${ABI}${$ABI}";
23 | keyvar = "${some}$no${}$$test$$$$$$$";
24 | keyvar = "$ABI$$ABI$$$ABI$$$$";
25 |
--------------------------------------------------------------------------------
/demos/zlib/Makefile:
--------------------------------------------------------------------------------
1 | CC_FUZZ = afl-clang-fast
2 | CXX_FUZZ = afl-clang-fast++
3 | CFLAGS_ASAN = -fsanitize=address,undefined
4 | CXXFLAGS_ASAN = -fsanitize=address,undefined
5 |
6 | LIB_NAME = lib
7 | LIB_REPO = https://github.com/madler/zlib.git
8 |
9 | DEPS = -I $(PWD)/$(LIB_NAME)/ \
10 | -L $(PWD)/$(LIB_NAME)/
11 |
12 | # link against
13 | DEPS_DYN = -lz
14 | DEPS_STC = -l:libz.a
15 | DEPS_LDD = $(PWD)/$(LIB_NAME)/
16 |
17 | #------------------------------------------------------------------------
18 | lib: # build for harness generation. Dynamic linking, asan, and afl instrumentation
19 | export AFL_USE_ASAN=1
20 | export AFL_USE_UBSAN=1
21 | rm -rf $(LIB_NAME)
22 | git clone $(LIB_REPO) $(LIB_NAME)
23 | cd $(LIB_NAME) && \
24 | git checkout ef24c4c7502169f016dcd2a26923dbaf3216748c && \
25 | cmake . \
26 | -DCMAKE_C_COMPILER=$(CC_FUZZ) -DCMAKE_CXX_COMPILER=$(CXX_FUZZ) \
27 | -DCMAKE_EXPORT_COMPILE_COMMANDS=ON && \
28 | make all -j12
29 |
30 | lib_fuzz: # build for fuzzing. Static linking with afl instrumentation
31 | rm -rf $(LIB_NAME)_fuzz
32 | git clone $(LIB_REPO) $(LIB_NAME)_fuzz
33 | cd $(LIB_NAME)_fuzz && \
34 | git checkout ef24c4c7502169f016dcd2a26923dbaf3216748c && \
35 | cmake . \
36 | -DCMAKE_C_COMPILER=$(CC_FUZZ) -DCMAKE_CXX_COMPILER=$(CXX_FUZZ) \
37 | -DBUILD_SHARED_LIBS=OFF && \
38 | make all -j12
39 |
40 |
41 | run_mx: # Use Multiplier to index the library
42 | mx-index --db $(PWD)/$(LIB_NAME).db --target $(PWD)/$(LIB_NAME)/compile_commands.json --workspace $(PWD)/mx
43 |
44 | #------------------------------------------------------------------------
45 | all: lib lib_fuzz run_mx
46 |
47 | #------------------------------------------------------------------------
48 | harness: # make command used to make the harness during generation
49 | $(CC_FUZZ) -o $(OUT)/harness.out $(OUT)/harness.c $(DEPS) $(DEPS_DYN) $(CFLAGS_ASAN)
50 |
51 | showmap: # command used to get coverage information about library under test
52 | LD_LIBRARY_PATH=$(DEPS_LDD) afl-showmap -o $(OUT)/tempfile -- $(OUT)/harness.out $(SEED)
53 |
54 | harness_fuzz: # compile a harness specifically for fuzzing. Pass the harness number using make harness_fuzz HARNESS_NUMBER=x
55 | @ls bin || mkdir bin
56 | $(eval LIB_NAME=lib_fuzz) \
57 | $(CC_FUZZ) -o bin/ogharn$(HARNESS_NUMBER)\_fuzz $(OUT)/final-harnesses/src/harness$(HARNESS_NUMBER):*.c -static $(DEPS) $(DEPS_STC) ;
58 |
59 | clean:
60 | rm -rf bin mx lib.db-*
61 |
62 | clean_lib:
63 | rm -rf $(LIB_NAME)*
--------------------------------------------------------------------------------
/demos/zlib/config.yaml:
--------------------------------------------------------------------------------
1 | blacklist:
2 | - gzvprintf
3 | - gzprintf
4 | - gzfwrite
5 | - gzfread
--------------------------------------------------------------------------------
/demos/zlib/run_ogharn.sh:
--------------------------------------------------------------------------------
1 | ogharn.py -i $PWD -o $PWD/out -n 3 --m $PWD/lib.db -h zlib.h -r b -d -c $PWD/config.yaml -f
--------------------------------------------------------------------------------
/demos/zlib/seeds_invalid/is1:
--------------------------------------------------------------------------------
1 | ����T@e��1401T@e��14012�4����TAe�x�[4012�4������
--------------------------------------------------------------------------------
/demos/zlib/seeds_invalid/is2:
--------------------------------------------------------------------------------
1 | �[�������T@e��1401T@e��14012�4����TAe�x�[4012�4������
--------------------------------------------------------------------------------
/demos/zlib/seeds_invalid/is3:
--------------------------------------------------------------------------------
1 | *
--------------------------------------------------------------------------------
/demos/zlib/seeds_valid/s1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/zlib/seeds_valid/s1
--------------------------------------------------------------------------------
/demos/zlib/seeds_valid/s2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/zlib/seeds_valid/s2
--------------------------------------------------------------------------------
/demos/zlib/seeds_valid/s3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/zlib/seeds_valid/s3
--------------------------------------------------------------------------------
/demos/zlib/seeds_valid/s4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FuturesLab/OGHarn/ed713caab5edfef123eab53bfd2c948e515cae1f/demos/zlib/seeds_valid/s4
--------------------------------------------------------------------------------
/extras/install_dependencies.sh:
--------------------------------------------------------------------------------
1 | SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
2 |
3 | # Get clang-18
4 | wget https://apt.llvm.org/llvm.sh
5 | chmod u+x llvm.sh
6 | sudo ./llvm.sh 18
7 |
8 | sudo apt install curl
9 |
10 | # Add kitware's repo GPG key to the system for authentication
11 | curl -sSL https://apt.kitware.com/keys/kitware-archive-latest.asc | \
12 | gpg --dearmor - | \
13 | sudo tee /etc/apt/trusted.gpg.d/kitware.gpg
14 | sudo apt-add-repository "deb https://apt.kitware.com/ubuntu/ $(lsb_release -cs) main"
15 | sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6AF7F09730B3F0A4
16 |
17 |
18 | # Add deadsnakes repo to apt so python3.12 can be installed
19 | sudo add-apt-repository ppa:deadsnakes/ppa
20 |
21 | # Installing dependencies
22 | sudo apt update
23 | sudo apt install build-essential ninja-build cmake graphviz xdot
24 | sudo apt-get install clang-18
25 | sudo apt install python3.12-dev python3.12-venv
26 | sudo apt install kitware-archive-keyring
27 | sudo apt install bear
28 | sudo apt install cmake
29 | sudo apt install lld llvm
30 | sudo apt install libzstd-dev
31 |
32 | # Build Multiplier directories
33 | WORKSPACE_DIR="${SCRIPT_DIR}/multiplier"
34 | mkdir -p "${WORKSPACE_DIR}/build"
35 | mkdir -p "${WORKSPACE_DIR}/src"
36 | mkdir -p "${WORKSPACE_DIR}/install"
37 |
38 | # Create a new venv for Multiplier's Python API
39 | if [[ ! -f "${WORKSPACE_DIR}/install/bin/activate" ]]; then
40 | python3.12 -m venv "${WORKSPACE_DIR}/install"
41 | fi
42 | source "${WORKSPACE_DIR}/install/bin/activate"
43 |
44 | # Clone Multiplier
45 | cd "${WORKSPACE_DIR}/src"
46 | git clone https://github.com/trailofbits/multiplier.git
47 |
48 | # Build Multiplier
49 | cmake \
50 | -DCMAKE_BUILD_TYPE=Release \
51 | -DCMAKE_INSTALL_PREFIX="${WORKSPACE_DIR}/install" \
52 | -DCMAKE_LINKER_TYPE=LLD \
53 | -DCMAKE_C_COMPILER="$(which clang-18)" \
54 | -DCMAKE_CXX_COMPILER="$(which clang++-18)" \
55 | -DMX_ENABLE_INSTALL=ON \
56 | -DMX_ENABLE_PYTHON_BINDINGS=ON \
57 | -DLLVM_CONFIG=/usr/bin/llvm-config-18 \
58 | -DLLVM_DIR=/usr/lib/llvm-18/lib/cmake/llvm/ \
59 | -DCMAKE_LINKER=$(which lld-18) \
60 | -GNinja \
61 | "${WORKSPACE_DIR}/src/multiplier"
62 |
63 | ninja install
64 |
65 | # Clone and build AFLplusplus
66 | cd "${SCRIPT_DIR}" && git clone https://github.com/AFLplusplus/AFLplusplus.git
67 | cd "${SCRIPT_DIR}/AFLplusplus" && make all -j12 && cd "${SCRIPT_DIR}"
68 |
--------------------------------------------------------------------------------
/extras/mult-to-c-types.txt:
--------------------------------------------------------------------------------
1 | FLOAT = float
2 | DOUBLE = double
3 | LONG_DOUBLE = long double
4 | FLOAT16 = _Float16
5 | B_FLOAT16 = __bf16
6 | FLOAT128 = __float128
7 | IBM128 = __ibm128
8 | VOID = void
9 | BOOLEAN = bool
10 | CHARACTER_U = char
11 | U_CHAR = unsigned char
12 | W_CHAR_U = wchar_t
13 | CHAR8 = char8_t
14 | CHAR16 = char16_t
15 | CHAR32 = char32_t
16 | U_SHORT = unsigned short
17 | U_INT = unsigned int
18 | U_LONG = unsigned long
19 | U_LONG_LONG = unsigned long long
20 | U_INT128 = unsigned __int128
21 | CHARACTER_S = char
22 | S_CHAR = signed char
23 | W_CHAR_S = wchar_t
24 | SHORT = short
25 | INT = int
26 | LONG = long
27 | LONG_LONG = long long
28 | INT128 = __int128
29 |
--------------------------------------------------------------------------------
/extras/set_env.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
4 | PARENT_DIR=$(dirname "$SCRIPT_DIR")/src
5 |
6 | # add Multiplier, AFL++, and OGHarn to the path
7 | export MULT_PATH=$SCRIPT_DIR/multiplier/install/bin
8 | export AFL_PATH=$SCRIPT_DIR/AFLplusplus
9 | export PATH=$PATH:$MULT_PATH:$AFL_PATH:$PARENT_DIR
10 |
11 | # activate the virtual environment and install the necessary packages
12 | source $SCRIPT_DIR/multiplier/install/bin/activate
13 | pip install -Iv cfile==0.2.0
14 | pip install PyYAML
15 |
--------------------------------------------------------------------------------
/extras/type-to-val.txt:
--------------------------------------------------------------------------------
1 | float = 2.0
2 | double = 2.0
3 | long double = 2.0
4 | _Float16 = 2.0
5 | __bf16 = 2.0
6 | __float128 = 2.0
7 | __ibm128 = 1
8 | void = NULL
9 | bool = 1
10 | char = 's'
11 | unsigned char = 's'
12 | wchar_t = 's'
13 | char8_t = 's'
14 | char16_t = 's'
15 | char32_t = 's'
16 | unsigned short = 1
17 | unsigned int = 1
18 | unsigned long = 1
19 | unsigned long long = 1
20 | unsigned __int128 = 1
21 | char = 's'
22 | signed char = 's'
23 | wchar_t = 's'
24 | short = 1
25 | int = 1
26 | long = 1
27 | long long = 1
28 | __int128 = 1
29 | size_t = 1
30 |
--------------------------------------------------------------------------------
/src/process_mx.py:
--------------------------------------------------------------------------------
1 | import multiplier as mx
2 | import engine
3 |
4 | class Index_Target_Header:
5 | def __init__(self, db_path, headers, recurse):
6 | self.index = mx.Index.in_memory_cache(mx.Index.from_database(db_path))
7 | self.recurse = recurse
8 | self.headers = headers
9 | self.mx_headers = []
10 | self.valid_paths = set()
11 | self.functions = []
12 | self.enums = {}
13 | self.typedefs = {}
14 | self.fps = {}
15 | self.macros = []
16 | self.builtIns = []
17 |
18 | self.get_includes()
19 |
20 | def file_contained_in_headers(self, filename):
21 | for header in self.headers:
22 | if header in filename and filename.split("/")[-1] == header.split("/")[-1]:
23 | return True
24 | return False
25 |
26 | def get_includes(self):
27 | file_queue = []
28 | for file in self.index.files:
29 | filename = self.get_file_name(file)
30 | if self.file_contained_in_headers(filename):
31 | file_queue.append(file)
32 |
33 | # get the directory the header files are stored in
34 | if not len(file_queue):
35 | raise ValueError("Indexed library does not contain files - The supplied .db file is likely malformed or incomplete.")
36 |
37 | base_path = "/".join(self.get_file_name(file_queue[0]).split("/")[:-1])
38 |
39 | if self.recurse:
40 | # recursively pull in #included files,
41 | while len(file_queue):
42 | file = file_queue.pop(0)
43 | for reference in mx.frontend.IncludeLikeMacroDirective.IN(file):
44 | referenced_filename = self.get_file_name(reference.included_file)
45 | if base_path in referenced_filename and not self.file_contained_in_headers(referenced_filename):
46 | file_queue.append(reference.included_file)
47 | self.headers.append(referenced_filename)
48 |
49 | def extractArtifacts(self):
50 | self.get_enums()
51 | self.get_macrodefs()
52 | self.get_typedefs()
53 | # function return type and arguments have both string representation and multiplier representation
54 | self.get_functions()
55 | return self.functions, self.macros, self.enums, self.fps, self.typedefs
56 |
57 | def get_func_info(self, func):
58 | return [p.original_type for p in func.parameters], func.return_type
59 |
60 | def get_file_name(self, file):
61 | for p in file.paths:
62 | return str(p)
63 |
64 | def contained_in_API_specific_header(self, entity):
65 | if file := mx.frontend.File.containing(entity):
66 | filename = self.get_file_name(file)
67 | return self.file_contained_in_headers(filename)
68 | return False
69 |
70 | def get_typedefs(self):
71 | for typeDef in mx.ast.TypedefDecl.IN(self.index):
72 | if not self.contained_in_API_specific_header(typeDef):
73 | continue
74 | if isinstance(typeDef.underlying_type, mx.ast.ElaboratedType):
75 | if isinstance(typeDef.underlying_type.named_type, mx.ast.EnumType):
76 | self.add_enum(typeDef.underlying_type.named_type.declaration, typeDef.name)
77 | continue
78 | #function pointers are declared as pointer types and then FunctionProtoType types
79 | if isinstance(typeDef.underlying_type, mx.ast.PointerType) and isinstance(typeDef.underlying_type.pointee_type, mx.ast.FunctionProtoType):
80 | self.fps[typeDef.name] = typeDef.underlying_type.pointee_type
81 | elif typeDef.name in self.typedefs:
82 | self.typedefs[typeDef.name].add(typeDef.underlying_type)
83 | else:
84 | self.typedefs[typeDef.name] = set()
85 | self.typedefs[typeDef.name].add(typeDef.underlying_type)
86 |
87 | def get_macrodefs(self):
88 | for macro in mx.frontend.DefineMacroDirective.IN(self.index):
89 | if not self.contained_in_API_specific_header(macro):
90 | continue
91 | if macro.is_function_like:
92 | # don't really care about function-like macros for now
93 | continue
94 | self.macros.append(macro.name.data)
95 |
96 |
97 | def get_functions(self):
98 | func_occurrences = {}
99 | func_mapping = {}
100 | for func in mx.ast.FunctionDecl.IN(self.index):
101 | if not self.contained_in_API_specific_header(func):
102 | continue
103 | mult_args, mult_ret = self.get_func_info(func)
104 | func_name = func.name
105 | if func.name in func_mapping:
106 | if not any(x == mult_args for x in func_mapping[func.name]):
107 | # storing overloaded functions if necessary
108 | func_name = f"{func.name}overload{func_occurrences[func.name]}"
109 | func_occurrences[func.name] += 1
110 | func_mapping[func.name].append(mult_args)
111 | self.functions.append(engine.Function(func_name, mult_args, mult_ret))
112 | else:
113 | func_mapping[func.name] = [mult_args]
114 | func_occurrences[func.name] = 1
115 | self.functions.append(engine.Function(func_name, mult_args, mult_ret))
116 |
117 |
118 | def add_enum(self, enum, name):
119 | if not self.contained_in_API_specific_header(enum):
120 | return
121 | self.enums[name] = []
122 | for val in enum.enumerators:
123 | self.enums[name].append(val.name)
124 |
125 | def get_enums(self):
126 | for enum in mx.ast.EnumDecl.IN(self.index):
127 | if enum.name:
128 | self.add_enum(enum, enum.name)
129 | elif enum.typedef_name_for_anonymous_declaration:
130 | self.add_enum(enum, enum.typedef_name_for_anonymous_declaration.name)
--------------------------------------------------------------------------------
5 |
6 | This repository provides the source code for **OGHarn**: a prototype framework for automated generation of fuzzing harnesses for C library APIs.
7 |
8 | This work is presented in our paper **[No Harness, No Problem: Oracle-guided Harnessing for Auto-generating C API Fuzzing Harnesses](https://futures.cs.utah.edu/papers/25ICSE-b.pdf)**, appearing in the 2025 International Conference on Software Engineering (ICSE'25).
9 |
10 | * [Installing OGHarn](#installation)
11 | * [Target Library Setup](#target-library-setup)
12 | * [Generating Harnesses](#generating-harnesses)
13 | * [Additional Notes](#additional-notes)
14 | * [Bug Trophy Case](#bug-trophy-case)
15 |
16 | 
17 |
18 |