Mercurial > dropbear
annotate fuzz/fuzz-harness.c @ 1774:833bf9947603
Fuzzing - get rid of "prefix" for streams
Improved packet generation with sshpacketmutator
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 01 Nov 2020 23:44:58 +0800 |
parents | 2406a9987810 |
children | 8179eabe16c9 |
rev | line source |
---|---|
1348 | 1 #include "includes.h" |
1354 | 2 #include "buffer.h" |
3 #include "dbutil.h" | |
1348 | 4 |
5 extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size); | |
6 | |
7 int main(int argc, char ** argv) { | |
1354 | 8 int i; |
9 buffer *input = buf_new(100000); | |
10 | |
1363 | 11 for (i = 1; i < argc; i++) { |
12 #if DEBUG_TRACE | |
13 if (strcmp(argv[i], "-v") == 0) { | |
14 debug_trace = 1; | |
1373
9891bc31a1b3
fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents:
1363
diff
changeset
|
15 TRACE(("debug printing on")) |
1363 | 16 } |
1357 | 17 #endif |
1363 | 18 } |
1357 | 19 |
1605
bff41a61a1b6
Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents:
1589
diff
changeset
|
20 int old_fuzz_wrapfds = 0; |
1354 | 21 for (i = 1; i < argc; i++) { |
1363 | 22 if (argv[i][0] == '-') { |
1559
92c93b4a3646
Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents:
1373
diff
changeset
|
23 /* ignore arguments */ |
1363 | 24 continue; |
25 } | |
26 | |
1354 | 27 char* fn = argv[i]; |
28 buf_setlen(input, 0); | |
29 buf_readfile(input, fn); | |
30 buf_setpos(input, 0); | |
31 | |
1741
d1b279aa5ed1
Get client fuzzer building and starting (fails straight away)
Matt Johnston <matt@ucc.asn.au>
parents:
1740
diff
changeset
|
32 /* Run twice to catch problems with statefulness */ |
1605
bff41a61a1b6
Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents:
1589
diff
changeset
|
33 fuzz.wrapfds = old_fuzz_wrapfds; |
1358
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
34 printf("Running %s once \n", fn); |
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
35 LLVMFuzzerTestOneInput(input->data, input->len); |
6b89eb92f872
glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents:
1357
diff
changeset
|
36 printf("Running %s twice \n", fn); |
1354 | 37 LLVMFuzzerTestOneInput(input->data, input->len); |
38 printf("Done %s\n", fn); | |
1605
bff41a61a1b6
Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents:
1589
diff
changeset
|
39 |
bff41a61a1b6
Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents:
1589
diff
changeset
|
40 /* Disable wrapfd so it won't interfere with buf_readfile() above */ |
bff41a61a1b6
Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents:
1589
diff
changeset
|
41 old_fuzz_wrapfds = fuzz.wrapfds; |
bff41a61a1b6
Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents:
1589
diff
changeset
|
42 fuzz.wrapfds = 0; |
1354 | 43 } |
44 | |
45 printf("Finished\n"); | |
46 | |
1348 | 47 return 0; |
48 } | |
1760
2406a9987810
Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
49 |
2406a9987810
Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
50 size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) { |
2406a9987810
Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
51 printf("standalone fuzzer harness shouldn't call LLVMFuzzerMutate"); |
2406a9987810
Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
52 abort(); |
2406a9987810
Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
53 return 0; |
2406a9987810
Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents:
1756
diff
changeset
|
54 } |