我正在尝试编译一个基于 LPM(libprotobuf-mutator) 的示例模糊测试应用程序。但是遇到了以下编译问题。看起来有一些我没有包含的库。有人可以看看,让我知道正确的编译指令。
featureB_2
# clang++ -fsanitize=fuzzer -g sample.cpp input.pb.cc -I <path>/libprotobuf-mutator/ -L <path>/libprotobuf-mutator/build/src/libprotobuf-mutator.a -lprotobuf
clang++: /lib64/libtinfo.so.5: no version information available (required by clang++)
/usr/local/bin/clang-9: /lib64/libtinfo.so.5: no version information available (required by /usr/local/bin/clang-9)
/usr/local/bin/clang-9: /lib64/libtinfo.so.5: no version information available (required by /usr/local/bin/clang-9)
/tmp/sample-a6cb0e.o: In function `LLVMFuzzerCustomMutator':
<path>/lpm_example/sample.cpp:39: undefined reference to `protobuf_mutator::libfuzzer::CustomProtoMutator(bool, unsigned char*, unsigned long, unsigned long, unsigned int, google::protobuf::Message*)'
/tmp/sample-a6cb0e.o: In function `LLVMFuzzerCustomCrossOver':
<path>/lpm_example/sample.cpp:39: undefined reference to `protobuf_mutator::libfuzzer::CustomProtoCrossOver(bool, unsigned char const*, unsigned long, unsigned char const*, unsigned long, unsigned char*, unsigned long, unsigned int, google::protobuf::Message*, google::protobuf::Message*)'
/tmp/sample-a6cb0e.o: In function `LLVMFuzzerTestOneInput':
<path>/lpm_example/sample.cpp:39: undefined reference to `protobuf_mutator::libfuzzer::LoadProtoInput(bool, unsigned char const*, unsigned long, google::protobuf::Message*)'
clang-9: error: linker command failed with exit code 1 (use -v to see invocation)
的内容
sample.c
对应的proto文件(Input)的内容是-
#include <stdio.h>
#include "input.pb.h"
#include "src/libfuzzer/libfuzzer_macro.h"
using namespace std;
char get_first_cap(const char *in, int size) {
const char *first_cap = NULL;
int i = 0;
char array[10];
if (size == 0)
return ' ';
printf ( "size if %d\n", size );
printf ( "Array is %s\n", in );
for ( ; i < size; in++, i++) {
if (*in >= 'A' && *in <= 'Z') {
first_cap = in;
array[i] = *in;
break;
}
}
if ( first_cap )
return *first_cap;
else
return ' ';
}
#if 0
extern "C" int LLVMFuzzerTestOneInput(const char *Data, long long Size) {
get_first_cap(Data, Size);
return 0;
}
#endif
DEFINE_PROTO_FUZZER ( Input& input ) {
char *data = NULL;
string name = input.name ( );
int length = input.length ( );
data = (char*)&name[0];
get_first_cap ( data, length );
}
通过以下命令生成相应的syntax = "proto2";
message Input {
optional string name = 1;
optional int64 length = 2;
}
message InputRecord {
repeated Input record = 1;
}
-
input.ph.h input.pb.c