Create new fuzzer build mode

author: Jack Lloyd <[email protected]> 2017-07-31 15:13:15 -0400
committer: Jack Lloyd <[email protected]> 2017-08-25 17:36:51 -0400
commit: 3baa546d70bcd078b23be07069d755a5f130fb0f (patch)
tree: d626d73fdf845987e2d1783e8493593501378a07 /src/fuzzer/fuzzers.h
parent: 41e1e7cbc1e4e864ad5d15dd0c09227b04940a91 (diff)
1 files changed, 95 insertions, 0 deletions
diff --git a/src/fuzzer/fuzzers.h b/src/fuzzer/fuzzers.h
new file mode 100644
index 000000000..2f1b1346d
--- /dev/null
+++ b/src/fuzzer/fuzzers.h
@@ -0,0 +1,95 @@
+/*
+* (C) 2015,2016,2017 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_FUZZER_DRIVER_H__
+#define BOTAN_FUZZER_DRIVER_H__
+
+#include <stdint.h>
+#include <stdlib.h> // for setenv
+#include <iostream>
+#include <vector>
+#include <botan/exceptn.h>
+#include <botan/chacha_rng.h>
+
+#if defined(BOTAN_FUZZER_IS_AFL) && !defined(__AFL_COMPILER)
+   #error "Build configured for AFL but not being compiled by AFL compiler"
+#endif
+
+static const size_t max_fuzzer_input_size = 8192;
+
+extern void fuzz(const uint8_t in[], size_t len);
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv);
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t in[], size_t len);
+
+extern "C" int LLVMFuzzerInitialize(int *, char ***)
+   {
+   /*
+   * This disables the mlock pool, as overwrites within the pool are
+   * opaque to ASan or other instrumentation.
+   */
+   ::setenv("BOTAN_MLOCK_POOL_SIZE", "0", 1);
+   return 0;
+   }
+
+// Called by main() in libFuzzer or in main for AFL below
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t in[], size_t len)
+   {
+   if(len <= max_fuzzer_input_size)
+      {
+      fuzz(in, len);
+      }
+   return 0;
+   }
+
+// Some helpers for the fuzzer jigs
+
+inline Botan::RandomNumberGenerator& fuzzer_rng()
+   {
+   static Botan::ChaCha_RNG rng(Botan::secure_vector<uint8_t>(32));
+   return rng;
+   }
+
+#define FUZZER_ASSERT_EQUAL(x, y) do {                                  \
+   if(x != y) {                                                         \
+      std::cerr << #x << " = " << x << " !=\n" << #y << " = " << y         \
+                << " at " << __LINE__ << ":" << __FILE__ << std::endl;     \
+      abort();                                                          \
+} } while(0)
+
+#define FUZZER_ASSERT_TRUE(e)                                           \
+   do {                                                                 \
+   if(!(e)) {                                                           \
+   std::cerr << "Expression " << #e << " was false at "                 \
+             << __LINE__ << ":" << __FILE__ << std::endl;               \
+   abort();                                                             \
+   } } while(0)
+
+#if defined(BOTAN_FUZZER_IS_AFL) || defined(BOTAN_FUZZER_IS_TEST)
+
+/* Stub for AFL */
+
+int main(int argc, char* argv[])
+   {
+   LLVMFuzzerInitialize(&argc, &argv);
+
+#if defined(__AFL_LOOP)
+   while(__AFL_LOOP(1000))
+#endif
+      {
+      std::vector<uint8_t> buf(max_fuzzer_input_size);
+      std::cin.read((char*)buf.data(), buf.size());
+      const size_t got = std::cin.gcount();
+
+      buf.resize(got);
+      buf.shrink_to_fit();
+
+      LLVMFuzzerTestOneInput(buf.data(), got);
+      }
+   }
+
+#endif
+
+#endif
author	Jack Lloyd <[email protected]>	2017-07-31 15:13:15 -0400
committer	Jack Lloyd <[email protected]>	2017-08-25 17:36:51 -0400
commit	3baa546d70bcd078b23be07069d755a5f130fb0f (patch)
tree	d626d73fdf845987e2d1783e8493593501378a07 /src/fuzzer/fuzzers.h
parent	41e1e7cbc1e4e864ad5d15dd0c09227b04940a91 (diff)