xref: /aosp_15_r20/external/AFLplusplus/utils/crash_triage/triage_crashes.sh (revision 08b48e0b10e97b33e7b60c5b6e2243bd915777f2) 
1*08b48e0bSAndroid Build Coastguard Worker#!/bin/sh
2*08b48e0bSAndroid Build Coastguard Worker#
3*08b48e0bSAndroid Build Coastguard Worker# american fuzzy lop++ - crash triage utility
4*08b48e0bSAndroid Build Coastguard Worker# -----------------------------------------
5*08b48e0bSAndroid Build Coastguard Worker#
6*08b48e0bSAndroid Build Coastguard Worker# Originally written by Michal Zalewski
7*08b48e0bSAndroid Build Coastguard Worker#
8*08b48e0bSAndroid Build Coastguard Worker# Copyright 2013, 2014, 2017 Google Inc. All rights reserved.
9*08b48e0bSAndroid Build Coastguard Worker#
10*08b48e0bSAndroid Build Coastguard Worker# Licensed under the Apache License, Version 2.0 (the "License");
11*08b48e0bSAndroid Build Coastguard Worker# you may not use this file except in compliance with the License.
12*08b48e0bSAndroid Build Coastguard Worker# You may obtain a copy of the License at:
13*08b48e0bSAndroid Build Coastguard Worker#
14*08b48e0bSAndroid Build Coastguard Worker#   http://www.apache.org/licenses/LICENSE-2.0
15*08b48e0bSAndroid Build Coastguard Worker#
16*08b48e0bSAndroid Build Coastguard Worker# Note that this assumes that the targeted application reads from stdin
17*08b48e0bSAndroid Build Coastguard Worker# and requires no other cmdline parameters. Modify as needed if this is
18*08b48e0bSAndroid Build Coastguard Worker# not the case.
19*08b48e0bSAndroid Build Coastguard Worker#
20*08b48e0bSAndroid Build Coastguard Worker# Note that on OpenBSD, you may need to install a newer version of gdb
21*08b48e0bSAndroid Build Coastguard Worker# (e.g., from ports). You can set GDB=/some/path to point to it if
22*08b48e0bSAndroid Build Coastguard Worker# necessary.
23*08b48e0bSAndroid Build Coastguard Worker#
24*08b48e0bSAndroid Build Coastguard Worker
25*08b48e0bSAndroid Build Coastguard Workerecho "crash triage utility for afl-fuzz by Michal Zalewski"
26*08b48e0bSAndroid Build Coastguard Workerecho
27*08b48e0bSAndroid Build Coastguard Worker
28*08b48e0bSAndroid Build Coastguard Workerulimit -v 100000 2>/dev/null
29*08b48e0bSAndroid Build Coastguard Workerulimit -d 100000 2>/dev/null
30*08b48e0bSAndroid Build Coastguard Worker
31*08b48e0bSAndroid Build Coastguard Workerif [ "$#" -lt "2" ]; then
32*08b48e0bSAndroid Build Coastguard Worker  echo "Usage: $0 /path/to/afl_output_dir /path/to/tested_binary [...target params...]" 1>&2
33*08b48e0bSAndroid Build Coastguard Worker  echo 1>&2
34*08b48e0bSAndroid Build Coastguard Worker  exit 1
35*08b48e0bSAndroid Build Coastguard Workerfi
36*08b48e0bSAndroid Build Coastguard Worker
37*08b48e0bSAndroid Build Coastguard WorkerDIR="$1"
38*08b48e0bSAndroid Build Coastguard WorkerBIN="$2"
39*08b48e0bSAndroid Build Coastguard Workershift
40*08b48e0bSAndroid Build Coastguard Workershift
41*08b48e0bSAndroid Build Coastguard Worker
42*08b48e0bSAndroid Build Coastguard Workerif [ "$AFL_ALLOW_TMP" = "" ]; then
43*08b48e0bSAndroid Build Coastguard Worker
44*08b48e0bSAndroid Build Coastguard Worker  echo "$DIR" | grep -qE '^(/var)?/tmp/'
45*08b48e0bSAndroid Build Coastguard Worker  T1="$?"
46*08b48e0bSAndroid Build Coastguard Worker
47*08b48e0bSAndroid Build Coastguard Worker  echo "$BIN" | grep -qE '^(/var)?/tmp/'
48*08b48e0bSAndroid Build Coastguard Worker  T2="$?"
49*08b48e0bSAndroid Build Coastguard Worker
50*08b48e0bSAndroid Build Coastguard Worker  if [ "$T1" = "0" -o "$T2" = "0" ]; then
51*08b48e0bSAndroid Build Coastguard Worker    echo "[-] Error: do not use shared /tmp or /var/tmp directories with this script." 1>&2
52*08b48e0bSAndroid Build Coastguard Worker    exit 1
53*08b48e0bSAndroid Build Coastguard Worker  fi
54*08b48e0bSAndroid Build Coastguard Worker
55*08b48e0bSAndroid Build Coastguard Workerfi
56*08b48e0bSAndroid Build Coastguard Worker
57*08b48e0bSAndroid Build Coastguard Workerif
58*08b48e0bSAndroid Build Coastguard Worker [ "$GDB" = "" ]; then
59*08b48e0bSAndroid Build Coastguard Worker  GDB=gdb
60*08b48e0bSAndroid Build Coastguard Workerfi
61*08b48e0bSAndroid Build Coastguard Worker
62*08b48e0bSAndroid Build Coastguard Workerif [ ! -f "$BIN" -o ! -x "$BIN" ]; then
63*08b48e0bSAndroid Build Coastguard Worker  echo "[-] Error: binary '$BIN' not found or is not executable." 1>&2
64*08b48e0bSAndroid Build Coastguard Worker  exit 1
65*08b48e0bSAndroid Build Coastguard Workerfi
66*08b48e0bSAndroid Build Coastguard Worker
67*08b48e0bSAndroid Build Coastguard Workerif [ ! -d "$DIR/queue" ]; then
68*08b48e0bSAndroid Build Coastguard Worker  echo "[-] Error: directory '$DIR' not found or not created by afl-fuzz." 1>&2
69*08b48e0bSAndroid Build Coastguard Worker  exit 1
70*08b48e0bSAndroid Build Coastguard Workerfi
71*08b48e0bSAndroid Build Coastguard Worker
72*08b48e0bSAndroid Build Coastguard WorkerCCOUNT=$((`ls -- "$DIR/crashes" 2>/dev/null | wc -l`))
73*08b48e0bSAndroid Build Coastguard Worker
74*08b48e0bSAndroid Build Coastguard Workerif [ "$CCOUNT" = "0" ]; then
75*08b48e0bSAndroid Build Coastguard Worker  echo "No crashes recorded in the target directory - nothing to be done."
76*08b48e0bSAndroid Build Coastguard Worker  exit 0
77*08b48e0bSAndroid Build Coastguard Workerfi
78*08b48e0bSAndroid Build Coastguard Worker
79*08b48e0bSAndroid Build Coastguard Workerecho
80*08b48e0bSAndroid Build Coastguard Worker
81*08b48e0bSAndroid Build Coastguard Workerfor crash in $DIR/crashes/id:*; do
82*08b48e0bSAndroid Build Coastguard Worker
83*08b48e0bSAndroid Build Coastguard Worker  id=`basename -- "$crash" | cut -d, -f1 | cut -d: -f2`
84*08b48e0bSAndroid Build Coastguard Worker  sig=`basename -- "$crash" | cut -d, -f2 | cut -d: -f2`
85*08b48e0bSAndroid Build Coastguard Worker
86*08b48e0bSAndroid Build Coastguard Worker  # Grab the args, converting @@ to $crash
87*08b48e0bSAndroid Build Coastguard Worker
88*08b48e0bSAndroid Build Coastguard Worker  use_args=""
89*08b48e0bSAndroid Build Coastguard Worker  use_stdio=1
90*08b48e0bSAndroid Build Coastguard Worker
91*08b48e0bSAndroid Build Coastguard Worker  for a in $@; do
92*08b48e0bSAndroid Build Coastguard Worker
93*08b48e0bSAndroid Build Coastguard Worker    case "$a" in
94*08b48e0bSAndroid Build Coastguard Worker      *@@*)
95*08b48e0bSAndroid Build Coastguard Worker      unset use_stdio
96*08b48e0bSAndroid Build Coastguard Worker      use_args="$use_args `printf %s "$a" | sed -e 's<@@<'$crash'<g'`"
97*08b48e0bSAndroid Build Coastguard Worker      ;;
98*08b48e0bSAndroid Build Coastguard Worker      *)
99*08b48e0bSAndroid Build Coastguard Worker      use_args="$use_args $a"
100*08b48e0bSAndroid Build Coastguard Worker      ;;
101*08b48e0bSAndroid Build Coastguard Worker    esac
102*08b48e0bSAndroid Build Coastguard Worker
103*08b48e0bSAndroid Build Coastguard Worker  done
104*08b48e0bSAndroid Build Coastguard Worker
105*08b48e0bSAndroid Build Coastguard Worker  # Strip the trailing space
106*08b48e0bSAndroid Build Coastguard Worker  use_args="${use_args# }"
107*08b48e0bSAndroid Build Coastguard Worker
108*08b48e0bSAndroid Build Coastguard Worker  echo "+++ ID $id, SIGNAL $sig +++"
109*08b48e0bSAndroid Build Coastguard Worker  echo
110*08b48e0bSAndroid Build Coastguard Worker
111*08b48e0bSAndroid Build Coastguard Worker  if [ "$use_stdio" = "1" ]; then
112*08b48e0bSAndroid Build Coastguard Worker    $GDB --batch -q --ex "r $use_args <$crash" --ex 'back' --ex 'disass $pc, $pc+16' --ex 'info reg' --ex 'quit' "$BIN" 0</dev/null
113*08b48e0bSAndroid Build Coastguard Worker  else
114*08b48e0bSAndroid Build Coastguard Worker    $GDB --batch -q --ex "r $use_args" --ex 'back' --ex 'disass $pc, $pc+16' --ex 'info reg' --ex 'quit' "$BIN" 0</dev/null
115*08b48e0bSAndroid Build Coastguard Worker  fi
116*08b48e0bSAndroid Build Coastguard Worker  echo
117*08b48e0bSAndroid Build Coastguard Worker
118*08b48e0bSAndroid Build Coastguard Workerdone
119