fuzz_disasm.c File Reference

#include <stdio.h>
#include <stdlib.h>
#include <inttypes.h>
#include <capstone/capstone.h>

Go to the source code of this file.

Classes
struct	platform

Functions
const char *	cs_fuzz_arch (uint8_t arch)
int	LLVMFuzzerTestOneInput (const uint8_t *Data, size_t Size)

Variables
static FILE *	outfile = NULL
struct platform	platforms []

Function Documentation

cs_fuzz_arch()

const char* cs_fuzz_arch

(

uint8_t

arch

)

Definition at line 217 of file fuzz_disasm.c.

                                        {
    return platforms[arch % sizeof(platforms)/sizeof(platforms[0])].cstoolname;
}

References arch, platform::cstoolname, and platforms.

Referenced by main().

LLVMFuzzerTestOneInput()

int LLVMFuzzerTestOneInput	(	const uint8_t *	Data,
		size_t	Size
	)

Definition at line 221 of file fuzz_disasm.c.

                                                             {
    csh handle;
    cs_insn *all_insn;
    cs_detail *detail;
    cs_err err;
 
    if (Size < 1) {
        // 1 byte for arch choice
        return 0;
    } else if (Size > 0x1000) {
        //limit input to 4kb
        Size = 0x1000;
    }
    if (outfile == NULL) {
        // we compute the output
        outfile = fopen("/dev/null", "w");
        if (outfile == NULL) {
            return 0;
        }
    }
 
    int platforms_len = sizeof(platforms)/sizeof(platforms[0]);
    int i = (int)Data[0] % platforms_len;
 
    err = cs_open(platforms[i].arch, platforms[i].mode, &handle);
    if (err) {
        return 0;
    }
    cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON);
 
    uint64_t address = 0x1000;
    size_t count = cs_disasm(handle, Data+1, Size-1, address, 0, &all_insn);
 
    if (count) {
        size_t j;
        int n;
 
        for (j = 0; j < count; j++) {
            cs_insn *i = &(all_insn[j]);
            fprintf(outfile, "0x%"PRIx64":\t%s\t\t%s // insn-ID: %u, insn-mnem: %s\n",
                   i->address, i->mnemonic, i->op_str,
                   i->id, cs_insn_name(handle, i->id));
 
            detail = i->detail;
 
            if (detail->regs_read_count > 0) {
                fprintf(outfile, "\tImplicit registers read: ");
                for (n = 0; n < detail->regs_read_count; n++) {
                    fprintf(outfile, "%s ", cs_reg_name(handle, detail->regs_read[n]));
                }
            }
 
            if (detail->regs_write_count > 0) {
                fprintf(outfile, "\tImplicit registers modified: ");
                for (n = 0; n < detail->regs_write_count; n++) {
                    fprintf(outfile, "%s ", cs_reg_name(handle, detail->regs_write[n]));
                }
            }
 
            if (detail->groups_count > 0) {
                fprintf(outfile, "\tThis instruction belongs to groups: ");
                for (n = 0; n < detail->groups_count; n++) {
                    fprintf(outfile, "%s ", cs_group_name(handle, detail->groups[n]));
                }
            }
        }
        fprintf(outfile, "0x%"PRIx64":\n", all_insn[j-1].address + all_insn[j-1].size);
        cs_free(all_insn, count);
    }
 
    cs_close(&handle);
 
    return 0;
}

Variable Documentation

outfile

FILE* outfile = NULL

static

Definition at line 23 of file fuzz_disasm.c.

Referenced by LLVMFuzzerTestOneInput().

platforms

struct platform platforms[]

Definition at line 23 of file fuzz_disasm.c.

Referenced by cs_fuzz_arch(), and LLVMFuzzerTestOneInput().