fuzz_diff.c File Reference

#include <stdio.h>
#include <stdlib.h>
#include <inttypes.h>
#include <assert.h>
#include <capstone/capstone.h>

Go to the source code of this file.

Classes
struct	platform

Functions
void	LLVMFuzzerInit ()
int	LLVMFuzzerReturnOneInput (const uint8_t *Data, size_t Size, char *AssemblyText)
int	LLVMFuzzerTestOneInput (const uint8_t *Data, size_t Size)

Variables
FILE *	outfile = NULL
struct platform	platforms []

Function Documentation

LLVMFuzzerInit()

void LLVMFuzzerInit

(

)

Definition at line 9 of file fuzz_llvm.cpp.

                                 {
    LLVMInitializeAllTargetInfos();
    LLVMInitializeAllTargetMCs();
    LLVMInitializeAllDisassemblers();
}

Referenced by LLVMFuzzerTestOneInput().

LLVMFuzzerReturnOneInput()

int LLVMFuzzerReturnOneInput	(	const uint8_t *	Data,
		size_t	Size,
		char *	AssemblyText
	)

Definition at line 16 of file fuzz_llvm.cpp.

                                                                                               {
    LLVMDisasmContextRef Ctx;
    std::vector<uint8_t> DataCopy(Data, Data + Size);
    uint8_t *p = DataCopy.data();
    int r = 1;
 
    switch(Data[0]) {
        case 0:
            Ctx = LLVMCreateDisasmCPUFeatures("i386", "", "", nullptr, 0, nullptr, nullptr);
            if (LLVMSetDisasmOptions(Ctx, LLVMDisassembler_Option_AsmPrinterVariant) == 0) {
                abort();
            }
            break;
            //TODO other cases
        default:
            return 1;
    }
    assert(Ctx);
 
    if (LLVMDisasmInstruction(Ctx, p+1, Size-1, 0, AssemblyText, 80) > 0) {
        r = 0;
    }
    LLVMDisasmDispose(Ctx);
 
    return r;
}

References assert(), p, and r.

Referenced by LLVMFuzzerTestOneInput().

LLVMFuzzerTestOneInput()

int LLVMFuzzerTestOneInput	(	const uint8_t *	Data,
		size_t	Size
	)

Definition at line 180 of file fuzz_diff.c.

                                                             {
    csh handle;
    cs_insn *insn;
    cs_err err;
    const uint8_t **Datap = &Data;
    size_t * Sizep = &Size;
    uint64_t address = 0x1000;
    char LLVMAssemblyText[80];
    char CapstoneAssemblyText[80];
 
    if (Size < 1) {
        // 1 byte for arch choice
        return 0;
    } else if (Size > 0x1000) {
        //limit input to 4kb
        Size = 0x1000;
    }
    if (outfile == NULL) {
        // we compute the output
        outfile = fopen("/dev/null", "w");
        if (outfile == NULL) {
            return 0;
        }
        LLVMFuzzerInit();
    }
 
    if (Data[0] >= sizeof(platforms)/sizeof(platforms[0])) {
        return 0;
    }
 
    if (LLVMFuzzerReturnOneInput(Data, Size, LLVMAssemblyText) == 1) {
        return 0;
    }
 
    err = cs_open(platforms[Data[0]].arch, platforms[Data[0]].mode, &handle);
    if (err) {
        return 0;
    }
 
    insn = cs_malloc(handle);
    Data++;
    Size--;
    assert(insn);
        if (cs_disasm_iter(handle, Datap, Sizep, &address, insn)) {
            snprintf(CapstoneAssemblyText, 80, "\t%s\t%s", insn->mnemonic, insn->op_str);
            if (strcmp(CapstoneAssemblyText, LLVMAssemblyText) != 0) {
                printf("capstone %s != llvm %s", CapstoneAssemblyText, LLVMAssemblyText);
                abort();
            }
        } else {
            printf("capstone failed with llvm %s", LLVMAssemblyText);
            abort();
        }
    cs_free(insn, 1);
    cs_close(&handle);
 
    return 0;
}

Variable Documentation

outfile

FILE* outfile = NULL

Definition at line 16 of file fuzz_diff.c.

Referenced by compress(), decompress(), extract_binobj(), gunpipe(), gunzip(), LLVMFuzzerTestOneInput(), lunpipe(), and tar().

platforms

struct platform platforms[]

Definition at line 16 of file fuzz_diff.c.

Referenced by LLVMFuzzerTestOneInput(), main(), TestBasic::main(), test(), and update_asmplatforms_options().