Fuzz-testing CircuitPython

I've been hacking on CircuitPython lately. A lot of what I've done is fix bugs found by afl. Here's how to try it for yourself:

I recommend that you use a throwaway virtual machine for this, because at one point afl-fuzz learned how to create files in the filesystem! that was a big surprise, waking up to a directory full of filenames like "tesppppppppppppppppppppppppppppptfile"!

First, make sure you can build circuitpython's unix port. The steps are, approximately,

  1. Clone circuitpython
  2. git submodule update --init --recursive
  3. make -C ports/unix -j5 deplibs
  4. make -C ports/unix -j5
(you can review the .travis.yml file in the CircuitPython source tree for the packages they install on top of a regular Ubuntu system to get it building)

Note that the executable is ports/unix/micropython even when you have cloned circuitpython.

Next, get afl from http://lcamtuf.coredump.cx/afl/. If you can, follow the instructions in llvm_mode/README.llvm to get afl-clang-fast. Now, clean and rebuild:

  1. make -C ports/unix clean
  2. make -C ports/unix CC=/path/to/afl-clang-fast -j5 deplibs
  3. make -C ports/unix CC=/path/to/afl-clang-fast -j5
(If you couldn't use afl-clang-fast, then use CC=afl-clang or CC=afl-gcc)

Prepare the testcases directory for afl-fuzz. I used a number of tests from tests/basic:

  1. mkdir testcases
  2. cp tests/basics/*.py testcases

And start the fuzzer:

  1. /path/to/afl-fuzz -i testcases -o findings -- ports/unix/circuitpython

If you have any good findings, drop by the adafruit circuitpython discord and let us know about them! Even better if you fix them.

Entry first conceived on 26 March 2018, 23:51 UTC, last modified on 6 July 2019, 21:49 UTC