Not able to Cross-compile and link source code using afl-clang-fast++

1.4k views Asked by At

I am trying to fuzz a simple C++ code using afl plus plus clang compiler (llvm_mode). I'm able to fuzz the code and generate the ARM object file but it fails while linking. I guess i'm missing some linker options. Any help would be appreciated

Following is my command:

afl-clang-fast++  --target=arm-linux-gnueabihf --rtlib=compiler-rt --stdlib=libc++ -nostdinc++ -I${root}/include/c++/v1 -Wl,-L${root}/lib --sysroot ${sysroot} --gcc-toolchain=/home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf -rpath ${root}/lib TestCodeX86toARM.cpp -o Test -v

root and sysroot values are as follows

root=/path/to/clang/install_dir

sysroot=/path/to/linarogcc/arm-linux-gnueabihf/libc

From the output, i can conclude that with the help of Linaro tool-chain, compilation is going through but linking is failing

Output:

afl-clang-fast++2.66d by <[email protected]> in CLASSIC mode
clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final)
Target: arm--linux-gnueabihf
Thread model: posix
InstalledDir: /usr/lib/llvm-6.0/bin
Found candidate GCC installation: /home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/lib/gcc/arm-linux-gnueabihf/7.5.0
Selected GCC installation: /home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/lib/gcc/arm-linux-gnueabihf/7.5.0
Candidate multilib: .;@m32
Selected multilib: .;@m32
 "/usr/lib/llvm-6.0/bin/clang" -cc1 -triple armv6kz--linux-gnueabihf -emit-obj -disable-free -disable-llvm-verifier -discard-value-names -main-file-name TestCodeX86toARM.cpp -mrelocation-model static -mthread-model posix -mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases -fuse-init-array -target-cpu arm1176jzf-s -target-feature +strict-align -target-abi aapcs-linux -mfloat-abi hard -fallow-half-arguments-and-returns -dwarf-column-info -debug-info-kind=limited -dwarf-version=4 -debugger-tuning=gdb -v -nostdinc++ -resource-dir /usr/lib/llvm-6.0/lib/clang/6.0.0 -I /home/user/Tejas/clang+llvm-10.0.0-x86_64-linux-gnu-ubuntu-18.04/include/c++/v1 -D __AFL_HAVE_MANUAL_CONTROL=1 -D __AFL_COMPILER=1 -D FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -D __AFL_FUZZ_INIT()=int __afl_sharedmem_fuzzing = 1;extern unsigned int *__afl_fuzz_len;extern unsigned char *__afl_fuzz_ptr;unsigned char __afl_fuzz_alt[1024000];unsigned char *__afl_fuzz_alt_ptr = __afl_fuzz_alt; -D __AFL_FUZZ_TESTCASE_BUF=(__afl_fuzz_ptr ? __afl_fuzz_ptr : __afl_fuzz_alt_ptr) -D __AFL_FUZZ_TESTCASE_LEN=(__afl_fuzz_ptr ? *__afl_fuzz_len : (*__afl_fuzz_len = read(0, __afl_fuzz_alt_ptr, 1024000)) == 0xffffffff ? 0 : *__afl_fuzz_len) -D "__AFL_LOOP(_A)=({ static volatile char *_B __attribute__((used));  _B = (char*)\"##SIG_AFL_PERSISTENT##\"; __attribute__((visibility(\"default\"))) int _L(unsigned int) __asm__(\"__afl_persistent_loop\"); _L(_A); })" -D "__AFL_INIT()=do { static volatile char *_A __attribute__((used));  _A = (char*)\"##SIG_AFL_DEFER_FORKSRV##\"; __attribute__((visibility(\"default\"))) void _I(void) __asm__(\"__afl_manual_init\"); _I(); } while (0)" -isysroot /home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc -internal-isystem /home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc/usr/local/include -internal-isystem /usr/lib/llvm-6.0/lib/clang/6.0.0/include -internal-externc-isystem /home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc/include -internal-externc-isystem /home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc/usr/include -O3 -Wno-unused-command-line-argument -fdeprecated-macro -fdebug-compilation-dir /home/user/Tejas/CrossCopileTestCode -ferror-limit 19 -fmessage-length 87 -funroll-loops -fno-signed-char -fobjc-runtime=gcc -fcxx-exceptions -fexceptions -fdiagnostics-show-option -fcolor-diagnostics -vectorize-loops -vectorize-slp -load /usr/local/lib/afl/afl-llvm-pass.so -o /tmp/TestCodeX86toARM-c0d8ac.o -x c++ TestCodeX86toARM.cpp
clang -cc1 version 6.0.0 based upon LLVM 6.0.0 default target x86_64-pc-linux-gnu
ignoring nonexistent directory "/home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc/usr/local/include"
ignoring nonexistent directory "/home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc/include"
#include "..." search starts here:
#include <...> search starts here:
 /home/user/Tejas/clang+llvm-10.0.0-x86_64-linux-gnu-ubuntu-18.04/include/c++/v1
 /usr/lib/llvm-6.0/lib/clang/6.0.0/include
 /home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc/usr/include
End of search list.
afl-llvm-pass++2.66d by <[email protected]> and <[email protected]>
[+] Instrumented 3 locations (non-hardened mode, ratio 100%).
 "/home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/lib/gcc/arm-linux-gnueabihf/7.5.0/../../../../arm-linux-gnueabihf/bin/ld" --sysroot=/home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc -z relro -X --hash-style=gnu --eh-frame-hdr -m armelf_linux_eabi -dynamic-linker /lib/ld-linux-armhf.so.3 -o Test /home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc/usr/lib/../lib/crt1.o /home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc/usr/lib/../lib/crti.o /home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/lib/gcc/arm-linux-gnueabihf/7.5.0/crtbegin.o -L/home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/lib/gcc/arm-linux-gnueabihf/7.5.0 -L/home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/lib/gcc/arm-linux-gnueabihf/7.5.0/../../../../arm-linux-gnueabihf/lib/../lib -L/home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc/lib/../lib -L/home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc/usr/lib/../lib -L/home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/lib/gcc/arm-linux-gnueabihf/7.5.0/../../../../arm-linux-gnueabihf/lib -L/home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc/lib -L/home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc/usr/lib -L/home/user/Tejas/clang+llvm-10.0.0-x86_64-linux-gnu-ubuntu-18.04/lib -rpath /home/user/Tejas/clang+llvm-10.0.0-x86_64-linux-gnu-ubuntu-18.04/lib /tmp/TestCodeX86toARM-c0d8ac.o /usr/local/lib/afl/afl-llvm-rt.o -lc++ -lm /usr/lib/llvm-6.0/lib/clang/6.0.0/lib/linux/libclang_rt.builtins-armhf.a -lc /usr/lib/llvm-6.0/lib/clang/6.0.0/lib/linux/libclang_rt.builtins-armhf.a /home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/lib/gcc/arm-linux-gnueabihf/7.5.0/crtend.o /home/user/Tejas/LLVM/gcc-linaro-7.5.0-2019.12-x86_64_arm-linux-gnueabihf/arm-linux-gnueabihf/libc/usr/lib/../lib/crtn.o
/usr/local/lib/afl/afl-llvm-rt.o: file not recognized: File format not recognized
clang: error: linker command failed with exit code 1 (use -v to see invocation)
0

There are 0 answers