Add ollama

projects/goblin/directed_target/config.toml

@@ -26,6 +26,38 @@ line = 164
 file = "/goblin/src/archive/mod.rs"
 line = 342
 
+[[target]]
+file = "/goblin/src/elf/mod.rs"
+line = 163
+
+[[target]]
+file = "/goblin/src/elf/mod.rs"
+line = 269
+
+[[target]]
+file = "/goblin/src/elf/mod.rs"
+line = 365
+
+[[target]]
+file = "/goblin/src/mach/mod.rs"
+line = 157
+
+[[target]]
+file = "/goblin/src/mach/mod.rs"
+line = 186
+
+[[target]]
+file = "/goblin/src/mach/mod.rs"
+line = 245
+
+[[target]]
+file = "/goblin/src/pe/mod.rs"
+line = 100
+
+[[target]]
+file = "/goblin/src/pe/mod.rs"
+line = 171
+
 [[target]]
 file = "/goblin/src/pe/debug.rs"
 line = 172

projects/goblin/parse-afl++.toml

@@ -20,7 +20,7 @@ args = "-s 90 --wait-jobs -j2"
 
 [aflplusplus]
 target = "/goblin/fuzz-afl/target/release/afl_parse"
-args = "-t 2000+ -i /corpus"
+args = "-t 2000 -i /corpus"
 
 [cov]
 target = "/cov_parse @@"

projects/goblin/parse-libafl.toml

@@ -24,7 +24,7 @@ jobs = 2
 [difuzz]
 path = "/directed_target/sydr/difuzz/libafl_difuzz"
 target = "/parse_libafl_target @@"
-args = "-j4 --sync-limit 200 --sync-jobs 2 -l64 -i /corpus -e /ets_parse.toml"
+args = "-j4 --sync-limit 200 --sync-jobs 2 --panic-analysis rust -l64 -i /corpus -e /ets_parse.toml"
 casr_bin = "/casr_parse"
 
 [cov]

projects/goblin/parse_elf-libafl.toml

@@ -24,7 +24,7 @@ jobs = 2
 [difuzz]
 path = "/directed_target/sydr/difuzz/libafl_difuzz"
 target = "/parse_elf_libafl_target @@"
-args = "-j4 --sync-limit 200 --sync-jobs 2 -l64 -i /corpus -e /ets_parse_elf.toml"
+args = "-j4 --sync-limit 200 --sync-jobs 2 --panic-analysis rust -l64 -i /corpus -e /ets_parse_elf.toml"
 casr_bin = "/casr_parse_elf"
 
 [cov]

projects/image-go/gif-libafl.toml

@@ -22,7 +22,7 @@ jobs = 2
 [difuzz]
 path = "/directed_target/sydr/difuzz/libafl_difuzz"
 target = "/difuzz_target_image_gif @@"
-args = "-j4 --sync-limit 200 --sync-jobs 2 -l64 -i /go-fuzz-corpus/gif/corpus -e /ets_gif.toml"
+args = "-j4 --panic-analysis go --sync-limit 200 --sync-jobs 2 -l64 -i /go-fuzz-corpus/gif/corpus -e /ets_gif.toml"
 casr_bin = "/sydr_image_gif"
 
 [cov]

projects/image-go/jpeg-libafl.toml

@@ -22,7 +22,7 @@ jobs = 2
 [difuzz]
 path = "/directed_target/sydr/difuzz/libafl_difuzz"
 target = "/difuzz_target_image_jpeg @@"
-args = "-j4 --sync-limit 200 --sync-jobs 2 -l64 -i /go-fuzz-corpus/jpeg/corpus -e /ets_jpeg.toml"
+args = "-j4 --panic-analysis go --sync-limit 200 --sync-jobs 2 -l64 -i /go-fuzz-corpus/jpeg/corpus -e /ets_jpeg.toml"
 casr_bin = "/sydr_image_jpeg"
 
 [cov]

projects/image-go/png-libafl.toml

@@ -22,7 +22,7 @@ jobs = 2
 [difuzz]
 path = "/directed_target/sydr/difuzz/libafl_difuzz"
 target = "/difuzz_target_image_png @@"
-args = "-j4 --sync-limit 200 --sync-jobs 2 -l64 -i /go-fuzz-corpus/png/corpus -e /ets_png.toml"
+args = "-j4 --panic-analysis go --sync-limit 200 --sync-jobs 2 -l64 -i /go-fuzz-corpus/png/corpus -e /ets_png.toml"
 casr_bin = "/sydr_image_png"
 
 [cov]

projects/image-go/tiff-libafl.toml

@@ -22,7 +22,7 @@ jobs = 2
 [difuzz]
 path = "/directed_target/sydr/difuzz/libafl_difuzz"
 target = "/difuzz_target_image_tiff @@"
-args = "-j4 --sync-limit 200 --sync-jobs 2 -l64 -i /go-fuzz-corpus/tiff/corpus -e /ets_tiff.toml"
+args = "-j4 --panic-analysis go --sync-limit 200 --sync-jobs 2 -l64 -i /go-fuzz-corpus/tiff/corpus -e /ets_tiff.toml"
 casr_bin = "/sydr_image_tiff"
 
 [cov]

projects/image-go/webp-libafl.toml

@@ -22,7 +22,7 @@ jobs = 2
 [difuzz]
 path = "/directed_target/sydr/difuzz/libafl_difuzz"
 target = "/difuzz_target_image_webp @@"
-args = "-j4 --sync-limit 200 --sync-jobs 2 -l64 -i /go-fuzz-corpus/webp/corpus -e /ets_webp.toml"
+args = "-j4 --panic-analysis go --sync-limit 200 --sync-jobs 2 -l64 -i /go-fuzz-corpus/webp/corpus -e /ets_webp.toml"
 casr_bin = "/sydr_image_webp"
 
 [cov]

projects/ollama/Dockerfile

@@ -0,0 +1,62 @@
+# Copyright 2025 ISP RAS
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+ARG BASE_IMAGE="sydr/ubuntu22.04-sydr-fuzz"
+FROM $BASE_IMAGE
+
+# Clone Ollama.
+RUN git clone https://github.com/ollama/ollama.git /ollama
+
+WORKDIR /ollama
+
+RUN git checkout 05a43e078a89247dcc71c703c1bee2af97c1655d
+
+# Apply patch.
+COPY ollama.patch build.sh ./
+RUN git apply ollama.patch
+
+# Extract corpuses.
+COPY corpus.zip /
+RUN unzip /corpus.zip -d /
+
+# Create directories for fuzz targets.
+RUN mkdir sydr && cd sydr && mkdir -p convert parser server harmony wordpiece
+
+# Move fuzz targets.
+RUN mkdir fuzz
+COPY fuzz.go fuzz
+
+COPY server_manifest_sydr.go sydr/server
+COPY parser_parsefile_sydr.go sydr/parser
+COPY convert_tokenizer_sydr.go sydr/convert
+COPY convert_vocabulary_sydr.go sydr/convert
+COPY harmony_parser_sydr.go /ollama/sydr/harmony
+COPY wordpiece_sydr.go /ollama/sydr/wordpiece
+
+# Build GGML.
+RUN mkdir -p build && cd build && \
+    CC=clang-18 CXX=clang++-18 cmake --preset 'CPU' -DGGML_AVX_VNNI=OFF .. && \
+    make -j
+
+# Install go-fuzz.
+RUN go install github.com/dvyukov/go-fuzz/go-fuzz@latest && \
+    go install github.com/dvyukov/go-fuzz/go-fuzz-build@latest && \
+    go get github.com/dvyukov/go-fuzz/go-fuzz-dep
+
+# Build targets.
+RUN ./build.sh
+
+WORKDIR /

projects/ollama/Dockerfile_libafl

@@ -0,0 +1,69 @@
+# Copyright 2025 ISP RAS
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+ARG BASE_IMAGE="sydr/ubuntu22.04-sydr-fuzz"
+FROM $BASE_IMAGE
+
+ARG SYDR_ARCHIVE="./sydr.zip"
+
+WORKDIR /
+
+# Clone Ollama.
+RUN git clone https://github.com/ollama/ollama.git /ollama
+
+WORKDIR /ollama
+
+RUN git checkout 05a43e078a89247dcc71c703c1bee2af97c1655d
+
+# Apply patch.
+COPY ollama.patch build.sh ./
+RUN git apply ollama.patch
+
+# Extract corpuses.
+COPY corpus.zip /
+RUN unzip /corpus.zip -d /
+
+# Create directories for fuzz targets.
+RUN mkdir sydr && cd sydr && mkdir -p convert/tokenizer convert/vocabulary \
+    parser/parsefile server/manifest harmony/parser wordpiece/encode
+
+# Move fuzz targets.
+RUN mkdir fuzz
+COPY fuzz.go fuzz
+
+COPY server_manifest_sydr.go sydr/server/manifest/main.go
+COPY parser_parsefile_sydr.go sydr/parser/parsefile/main.go
+COPY convert_tokenizer_sydr.go sydr/convert/tokenizer/main.go
+COPY convert_vocabulary_sydr.go sydr/convert/vocabulary/main.go
+COPY harmony_parser_sydr.go sydr/harmony/parser/main.go
+COPY wordpiece_sydr.go sydr/wordpiece/encode/main.go
+
+# Build GGML.
+RUN mkdir -p build && cd build && \
+    CC=clang-18 CXX=clang++-18 cmake --preset 'CPU' -DGGML_AVX_VNNI=OFF .. && \
+    make -j
+
+# Copy LibAFL-DiFuzz target template.
+COPY directed_target /directed_target
+
+WORKDIR /directed_target
+
+# Build image for LibAFL-DiFuzz.
+ADD ${SYDR_ARCHIVE} ./
+RUN unzip -o ${SYDR_ARCHIVE} && rm ${SYDR_ARCHIVE}
+RUN OUT_DIR=/ cargo make all
+
+WORKDIR /

projects/ollama/README.md

@@ -0,0 +1,102 @@
+# Ollama
+
+Ollama is an application which lets you run offline large language models locally.
+
+## Build Docker
+
+    $ sudo docker build -t oss-sydr-fuzz-ollama .
+
+## Build LibAFL-DiFuzz Docker
+
+Pass `sydr.zip` as an argument:
+
+    $ sudo docker build --build-arg SYDR_ARCHIVE="sydr.zip" -t oss-sydr-fuzz-libafl-ollama -f ./Dockerfile_libafl .
+
+## Run Hybrid Fuzzing
+
+Unzip Sydr (`sydr.zip`) in `projects/ollama` directory:
+
+    $ unzip sydr.zip
+
+Run docker:
+
+    $ sudo docker run --cap-add=SYS_PTRACE  --security-opt seccomp=unconfined -v /etc/localtime:/etc/localtime:ro --rm -it -v $PWD:/fuzz oss-sydr-fuzz-ollama /bin/bash
+
+Run docker for LibAFL-DiFuzz:
+
+    $ sudo docker run --cap-add=SYS_PTRACE  --security-opt seccomp=unconfined -v /etc/localtime:/etc/localtime:ro --rm -it -v $PWD:/fuzz oss-sydr-fuzz-libafl-ollama /bin/bash
+
+Change directory to `/fuzz`:
+
+    # cd /fuzz
+
+Run hybrid fuzzing with libfuzzer:
+
+    # sydr-fuzz -c convert_tokenizer-lf.toml run
+
+Run hybrid fuzzing with LibAFL-DiFuzz:
+
+    # sydr-fuzz -c convert_tokenizer-libafl.toml run
+
+Minimize corpus (only for libfuzzer):
+
+    # sydr-fuzz -c convert_tokenizer-lf.toml cmin
+
+Collect coverage:
+
+    # sydr-fuzz -c convert_tokenizer-lf.toml cov-html
+    # sydr-fuzz -c convert_tokenizer-libafl.toml cov-html
+
+## Alternative Fuzz Targets
+
+Ollama project has 10 fuzz targets.
+
+### convert_vocabulary (libfuzzer)
+
+    # cd /fuzz
+    # sydr-fuzz -c convert_vocabulary-lf.toml run
+
+### convert_vocabulary (LibAFL-DiFuzz)
+
+    # cd /fuzz
+    # sydr-fuzz -c convert_vocabulary-libafl.toml run
+
+### server_manifest (libfuzzer)
+
+    # cd /fuzz
+    # sydr-fuzz -c server_manifest-lf.toml run
+
+### server_manifest (LibAFL-DiFuzz)
+
+    # cd /fuzz
+    # sydr-fuzz -c server_manifest-libafl.toml run
+
+### parser_parsefile (libfuzzer)
+
+    # cd /fuzz
+    # sydr-fuzz -c parser_parsefile-lf.toml run
+
+### parser_parsefile (LibAFL-DiFuzz)
+
+    # cd /fuzz
+    # sydr-fuzz -c parser_parsefile-libafl.toml run
+
+### harmony_parser (libfuzzer)
+
+    # cd /fuzz
+    # sydr-fuzz -c harmony_parser-lf.toml run
+
+### harmony_parser (LibAFL-DiFuzz)
+
+    # cd /fuzz
+    # sydr-fuzz -c harmony_parser-libafl.toml run
+
+### wordpiece (libfuzzer)
+
+    # cd /fuzz
+    # sydr-fuzz -c wordpiece-lf.toml run
+
+### wordpiece (LibAFL-DiFuzz)
+
+    # cd /fuzz
+    # sydr-fuzz -c wordpiece-libafl.toml run