Rizin
unix-like reverse engineering framework and cli tools
Functions
onefile.c File Reference
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>

Go to the source code of this file.

Functions

int LLVMFuzzerTestOneInput (const uint8_t *Data, size_t Size)
 
int main (int argc, char **argv)
 

Function Documentation

◆ LLVMFuzzerTestOneInput()

int LLVMFuzzerTestOneInput ( const uint8_t data,
size_t  size 
)

This fuzz target attempts to compress the fuzzed data with the simple compression function with an output buffer that may be too small to ensure that the compressor never crashes.

This fuzz target attempts to decompress the fuzzed data with the simple decompression function to ensure the decompressor never crashes.

This fuzz target performs a lz4 round-trip test (compress & decompress), compares the result with the original, and calls abort() on corruption.

This fuzz target attempts to compress the fuzzed data with the simple compression function with an output buffer that may be too small to ensure that the compressor never crashes.

This fuzz target attempts to decompress the fuzzed data with the simple decompression function to ensure the decompressor never crashes.

This fuzz target performs a lz4 round-trip test (compress & decompress), compares the result with the original, and calls abort() on corruption.

Definition at line 180 of file fuzz_diff.c.

180  {
181  csh handle;
182  cs_insn *insn;
183  cs_err err;
184  const uint8_t **Datap = &Data;
185  size_t * Sizep = &Size;
186  uint64_t address = 0x1000;
187  char LLVMAssemblyText[80];
188  char CapstoneAssemblyText[80];
189 
190  if (Size < 1) {
191  // 1 byte for arch choice
192  return 0;
193  } else if (Size > 0x1000) {
194  //limit input to 4kb
195  Size = 0x1000;
196  }
197  if (outfile == NULL) {
198  // we compute the output
199  outfile = fopen("/dev/null", "w");
200  if (outfile == NULL) {
201  return 0;
202  }
203  LLVMFuzzerInit();
204  }
205 
206  if (Data[0] >= sizeof(platforms)/sizeof(platforms[0])) {
207  return 0;
208  }
209 
210  if (LLVMFuzzerReturnOneInput(Data, Size, LLVMAssemblyText) == 1) {
211  return 0;
212  }
213 
214  err = cs_open(platforms[Data[0]].arch, platforms[Data[0]].mode, &handle);
215  if (err) {
216  return 0;
217  }
218 
219  insn = cs_malloc(handle);
220  Data++;
221  Size--;
222  assert(insn);
223  if (cs_disasm_iter(handle, Datap, Sizep, &address, insn)) {
224  snprintf(CapstoneAssemblyText, 80, "\t%s\t%s", insn->mnemonic, insn->op_str);
225  if (strcmp(CapstoneAssemblyText, LLVMAssemblyText) != 0) {
226  printf("capstone %s != llvm %s", CapstoneAssemblyText, LLVMAssemblyText);
227  abort();
228  }
229  } else {
230  printf("capstone failed with llvm %s", LLVMAssemblyText);
231  abort();
232  }
233  cs_free(insn, 1);
234  cs_close(&handle);
235 
236  return 0;
237 }
err
static bool err
Definition: armass.c:435
handle
static mcore_handle handle
Definition: asm_mcore.c:8
csh
size_t csh
Definition: capstone.h:71
NULL
#define NULL
Definition: cris-opc.c:27
cs_open
CAPSTONE_EXPORT cs_err CAPSTONE_API cs_open(cs_arch arch, cs_mode mode, csh *handle)
Definition: cs.c:453
cs_free
CAPSTONE_EXPORT void CAPSTONE_API cs_free(cs_insn *insn, size_t count)
Definition: cs.c:1017
cs_close
CAPSTONE_EXPORT cs_err CAPSTONE_API cs_close(csh *handle)
Definition: cs.c:501
cs_malloc
CAPSTONE_EXPORT cs_insn *CAPSTONE_API cs_malloc(csh ud)
Definition: cs.c:1030
cs_disasm_iter
CAPSTONE_EXPORT bool CAPSTONE_API cs_disasm_iter(csh ud, const uint8_t **code, size_t *size, uint64_t *address, cs_insn *insn)
Definition: cs.c:1058
printf
_Use_decl_annotations_ int __cdecl printf(const char *const _Format,...)
Definition: cs_driver.c:93
arch
cs_arch arch
Definition: cstool.c:13
LLVMFuzzerInit
void LLVMFuzzerInit()
Definition: fuzz_llvm.cpp:9
LLVMFuzzerReturnOneInput
int LLVMFuzzerReturnOneInput(const uint8_t *Data, size_t Size, char *AssemblyText)
Definition: fuzz_llvm.cpp:16
platforms
struct platform platforms[]
Definition: fuzz_diff.c:18
outfile
FILE * outfile
Definition: fuzz_diff.c:16
mode
const char int mode
Definition: ioapi.h:137
snprintf
snprintf
Definition: kernel.h:364
assert
assert(limit<=UINT32_MAX/2)
uint64_t
unsigned long uint64_t
Definition: sftypes.h:28
uint8_t
unsigned char uint8_t
Definition: sftypes.h:31

Referenced by main().

◆ main()

int main ( int  argc,
char **  argv 
)

Definition at line 7 of file onefile.c.

8 {
9  FILE * fp;
10  uint8_t *Data;
11  size_t Size;
12 
13  if (argc != 2) {
14  return 1;
15  }
16  //opens the file, get its size, and reads it into a buffer
17  fp = fopen(argv[1], "rb");
18  if (fp == NULL) {
19  return 2;
20  }
21  if (fseek(fp, 0L, SEEK_END) != 0) {
22  fclose(fp);
23  return 2;
24  }
25  Size = ftell(fp);
26  if (Size == (size_t) -1) {
27  fclose(fp);
28  return 2;
29  }
30  if (fseek(fp, 0L, SEEK_SET) != 0) {
31  fclose(fp);
32  return 2;
33  }
34  Data = malloc(Size);
35  if (Data == NULL) {
36  fclose(fp);
37  return 2;
38  }
39  if (fread(Data, Size, 1, fp) != 1) {
40  fclose(fp);
41  free(Data);
42  return 2;
43  }
44 
45  //lauch fuzzer
46  LLVMFuzzerTestOneInput(Data, Size);
47  free(Data);
48  fclose(fp);
49  return 0;
50 }
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
malloc
void * malloc(size_t size)
Definition: malloc.c:123
argv
static static fork const void static count static fd const char const char static newpath char char argv
Definition: sflib.h:40
benchmark.FILE
string FILE
Definition: benchmark.py:21
LLVMFuzzerTestOneInput
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
Definition: fuzz_diff.c:180
SEEK_SET
#define SEEK_SET
Definition: zip.c:88
SEEK_END
#define SEEK_END
Definition: zip.c:84
L
#define L
Definition: zip_err_str.c:7

References argv, benchmark::FILE, free(), L, LLVMFuzzerTestOneInput(), malloc(), NULL, SEEK_END, and SEEK_SET.