LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-10 13:00:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
21912123c4
ladybird/Meta/Lagom
History
Linus Groh 21912123c4 Travis: Update host GCC to version 10 
This allows us to use the latest C++20 features in programs which we
compile and run as part of Lagom.
2020-11-02 13:12:35 +01:00
..
Fuzzers Meta+LibGfx: Fuzz BMP parsing 2020-09-12 00:13:29 +02:00
.gitignore Lagom: Move this into Meta/ 2019-11-18 09:07:05 +01:00
CMakeLists.txt LibTLS: (Almost) verify certificate chain against root CA certificates 2020-10-30 23:42:03 +01:00
ReadMe.md Travis: Update host GCC to version 10 2020-11-02 13:12:35 +01:00
TestApp.cpp LibCore: Remove leading C from filenames 2020-02-06 15:04:03 +01:00
TestJson.cpp AK: JsonParser improvements 2020-06-13 12:43:22 +02:00

ReadMe.md

Lagom

The Serenity C++ library, for other Operating Systems.

About

If you want to bring the comfortable Serenity classes with you to another system, look no further. This is basically a "port" of the AK and LibCore libraries to generic *nix systems.

Lagom is a Swedish word that means "just the right amount." (Wikipedia)

Prerequisites

You'll need a compiler as capable as the one used for the toolchain - which might differ from the compiler you used to compile the toolchain. Check GCC_VERSION in BuildIt.sh.

Fuzzing

Lagom can be used to fuzz parts of SerenityOS's code base. This requires buildling with clang, so it's convenient to use a different build directory for that. Run CMake like this:

# From the root of the SerenityOS checkout:
mkdir BuildLagom && cd BuildLagom
cmake -GNinja -DBUILD_LAGOM=ON -DENABLE_FUZZER_SANITIZER=ON -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ ..
ninja Meta/Lagom/all
# Or as a handy rebuild-rerun line:
ninja FuzzJs && Meta/Lagom/Fuzzers/FuzzJs

Any fuzzing results (particularly slow inputs, crashes, etc.) will be dropped in the current directory.

clang emits different warnings than gcc, so you may have to remove -Werror in CMakeLists.txt and Meta/Lagom/CMakeLists.txt.

Fuzzers work better if you give them a fuzz corpus, e.g. Meta/Lagom/Fuzzers/FuzzBMP ../Base/res/html/misc/bmpsuite_files/rgba32-61754.bmp Pay attention that LLVM also likes creating new files, don't blindly commit them (yet)!

Analyzing a crash

LLVM fuzzers have a weird interface. In particular, to see the help, you need to call it with -help=1, and it will ignore --help and -help.

To reproduce a crash, run it like this: MyFuzzer crash-27480a219572aa5a11b285968a3632a4cf25388e

To reproduce a crash in gdb, you want to disable various signal handlers, so that gdb sees the actual location of the crash:

$ gdb ./Meta/Lagom/Fuzzers/FuzzBMP
<... SNIP some output ...>
(gdb) run -handle_abrt=0 -handle_segv=0 crash-27480a219572aa5a11b285968a3632a4cf25388e
<... SNIP some output ...>
FuzzBMP: ../../Libraries/LibGfx/Bitmap.cpp:84: Gfx::Bitmap::Bitmap(Gfx::BitmapFormat, const Gfx::IntSize &, Gfx::Bitmap::Purgeable): Assertion `m_data && m_data != (void*)-1' failed.

Thread 1 "FuzzBMP" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50	../sysdeps/unix/sysv/linux/raise.c: File or directory not found.
(gdb)