blob: 92761286b18c29633f9a837f96f6d4bb9d2a1c3c [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -07001/*
2 * General driver to allow command-line fuzzer (i.e. afl) to
3 * exercise the libFuzzer entrypoint.
4 */
5
6#include <sys/types.h>
7#include <fcntl.h>
8#include <stdio.h>
9#include <stdlib.h>
10#include <string.h>
11#include <unistd.h>
12
13#define kMaxAflInputSize (1 << 20)
14static unsigned char afl_buffer[kMaxAflInputSize];
15
16#ifdef __AFL_LOOP
17/* If we are built with afl-clang-fast, use persistent mode */
18#define KEEP_FUZZING(count) __AFL_LOOP(1000)
19#else
20/* If we are built with afl-clang, execute each input once */
21#define KEEP_FUZZING(count) ((count) < 1)
22#endif
23
24/* In ares-test-fuzz.c: */
25int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size);
26
27static void ProcessFile(int fd) {
28 ssize_t count = read(fd, afl_buffer, kMaxAflInputSize);
29 /*
30 * Make a copy of the data so that it's not part of a larger
31 * buffer (where buffer overflows would go unnoticed).
32 */
33 unsigned char *copied_data = (unsigned char *)malloc(count);
34 LLVMFuzzerTestOneInput(copied_data, count);
35 free(copied_data);
36}
37
38int main(int argc, char *argv[]) {
39 if (argc == 1) {
40 int count = 0;
41 while (KEEP_FUZZING(count)) {
42 ProcessFile(fileno(stdin));
43 count++;
44 }
45 } else {
46 int ii;
47 for (ii = 1; ii < argc; ++ii) {
48 int fd = open(argv[ii], O_RDONLY);
49 if (fd < 0) {
50 fprintf(stderr, "Failed to open '%s'\n", argv[ii]);
51 continue;
52 }
53 ProcessFile(fd);
54 close(fd);
55 }
56 }
57 return 0;
58}