From 08482b59872fe590fbd73981733beebc1e72f51f Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Dec 2016 14:15:42 -0500 Subject: Update fuzzers with comments from OSS-Fuzz review Add explicit length limitations, to prevent the fuzzer from just giving us increasingly long inputs until timeout occurs due to non-linear algorithms. Use LLVM fuzzer interface in all cases, and just have AFL driver call that API when a define is set to include a main function. OSS-Fuzz will be using the LLVM API, regardless of the fuzzing engine. [ci skip] --- src/extra_tests/fuzzers/jigs/driver.h | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) (limited to 'src/extra_tests/fuzzers/jigs/driver.h') diff --git a/src/extra_tests/fuzzers/jigs/driver.h b/src/extra_tests/fuzzers/jigs/driver.h index 3eab8623d..bac0f572b 100644 --- a/src/extra_tests/fuzzers/jigs/driver.h +++ b/src/extra_tests/fuzzers/jigs/driver.h @@ -17,32 +17,26 @@ using namespace Botan; -void fuzz(const uint8_t in[], size_t len); +extern void fuzz(const uint8_t in[], size_t len); -void fuzzer_init() +extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) { /* * This disables the mlock pool, as overwrites within the pool are * opaque to ASan or other instrumentation. */ ::setenv("BOTAN_MLOCK_POOL_SIZE", "0", 1); + return 0; } -#if defined(USE_LLVM_FUZZER) - -// Called by main() in libFuzzer +// Called by main() in libFuzzer or in main for AFL below extern "C" int LLVMFuzzerTestOneInput(const uint8_t in[], size_t len) { fuzz(in, len); return 0; } -int LLVMFuzzerInitialize(int *argc, char ***argv) { - fuzzer_init(); - return 0; -} - -#else +#if defined(INCLUDE_AFL_MAIN) // Read stdin for AFL @@ -50,7 +44,7 @@ int main(int argc, char* argv[]) { const size_t max_read = 4096; - fuzzer_init(); + LLVMFuzzerInitialize(); #if defined(__AFL_LOOP) while(__AFL_LOOP(1000)) -- cgit v1.2.3