From 6f7a03894a8e728ea1dd0590ca556f684cf09536 Mon Sep 17 00:00:00 2001 From: Federico Ceratto Date: Fri, 20 Jan 2017 20:29:59 +0000 Subject: [PATCH] Updated Fuzzing your nim code to rabbit out all the hard bugs (markdown) --- ...-nim-code-to-rabbit-out-all-the-hard-bugs.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/Fuzzing-your-nim-code-to-rabbit-out-all-the-hard-bugs.md b/Fuzzing-your-nim-code-to-rabbit-out-all-the-hard-bugs.md index daa1faf..ada9bf2 100644 --- a/Fuzzing-your-nim-code-to-rabbit-out-all-the-hard-bugs.md +++ b/Fuzzing-your-nim-code-to-rabbit-out-all-the-hard-bugs.md @@ -48,7 +48,9 @@ This is a pretty contrived thing, but just imagine this being somewhere in a fil Save that example in a file called "afl.nim". Because afl needs to instrument the generated binary code, you need to tell nim to use the compiler frontend afl comes with, instead of whatever your distro defaults to. Create a file called "afl.nim.cfg" in the same directory and put this in: -``` +```ini +# nim.cfg for afl-clang +-d:noSignalHandler cc = clang clang.exe = "afl-clang" clang.linkerexe = "afl-clang" @@ -59,6 +61,16 @@ This is a working example for OSX, where afl was installed via homebrew. To make Very important: `-d:noSignalHandler`, because AFL installs it's own signal handler inside instrumented code. +```ini +# nim.cfg for afl-gcc +-d:noSignalHandler +cc = gcc +gcc.exe = "afl-gcc" +gcc.linkerexe = "afl-gcc" +``` + +This is a working example for Linux. AFL was installed globally with 'apt-get install afl' + ``` $ nim c -d:noSignalHandler afl ``` @@ -113,4 +125,5 @@ trace = 0x10f913050"Traceback (most recent call last)\10" You can limit the exceptions that are considered crashes by adjusting the except: clause in the example. -Then I'd strongly suggest to start reading up on afl if you want to employ it with confidence. \ No newline at end of file +Then I'd strongly suggest to start reading up on afl if you want to employ it with confidence. +