annotate fuzz/fuzz-harness.c @ 1774:833bf9947603

Fuzzing - get rid of "prefix" for streams Improved packet generation with sshpacketmutator
author Matt Johnston <matt@ucc.asn.au>
date Sun, 01 Nov 2020 23:44:58 +0800
parents 2406a9987810
children 8179eabe16c9
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 #include "includes.h"
1354
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
2 #include "buffer.h"
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
3 #include "dbutil.h"
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 int main(int argc, char ** argv) {
1354
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
8 int i;
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
9 buffer *input = buf_new(100000);
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
10
1363
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
11 for (i = 1; i < argc; i++) {
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
12 #if DEBUG_TRACE
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
13 if (strcmp(argv[i], "-v") == 0) {
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
14 debug_trace = 1;
1373
9891bc31a1b3 fuzzers disable logging by default
Matt Johnston <matt@ucc.asn.au>
parents: 1363
diff changeset
15 TRACE(("debug printing on"))
1363
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
16 }
1357
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1354
diff changeset
17 #endif
1363
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
18 }
1357
08f4fa4dc6a0 closer to working
Matt Johnston <matt@ucc.asn.au>
parents: 1354
diff changeset
19
1605
bff41a61a1b6 Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents: 1589
diff changeset
20 int old_fuzz_wrapfds = 0;
1354
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
21 for (i = 1; i < argc; i++) {
1363
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
22 if (argv[i][0] == '-') {
1559
92c93b4a3646 Fix to be able to compile normal(ish) binaries with --enable-fuzz
Matt Johnston <matt@ucc.asn.au>
parents: 1373
diff changeset
23 /* ignore arguments */
1363
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
24 continue;
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
25 }
b2f295125ed6 -v for debug_trace
Matt Johnston <matt@ucc.asn.au>
parents: 1358
diff changeset
26
1354
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
27 char* fn = argv[i];
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
28 buf_setlen(input, 0);
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
29 buf_readfile(input, fn);
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
30 buf_setpos(input, 0);
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
31
1741
d1b279aa5ed1 Get client fuzzer building and starting (fails straight away)
Matt Johnston <matt@ucc.asn.au>
parents: 1740
diff changeset
32 /* Run twice to catch problems with statefulness */
1605
bff41a61a1b6 Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents: 1589
diff changeset
33 fuzz.wrapfds = old_fuzz_wrapfds;
1358
6b89eb92f872 glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents: 1357
diff changeset
34 printf("Running %s once \n", fn);
6b89eb92f872 glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents: 1357
diff changeset
35 LLVMFuzzerTestOneInput(input->data, input->len);
6b89eb92f872 glaring wrapfd problems fixed
Matt Johnston <matt@ucc.asn.au>
parents: 1357
diff changeset
36 printf("Running %s twice \n", fn);
1354
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
37 LLVMFuzzerTestOneInput(input->data, input->len);
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
38 printf("Done %s\n", fn);
1605
bff41a61a1b6 Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents: 1589
diff changeset
39
bff41a61a1b6 Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents: 1589
diff changeset
40 /* Disable wrapfd so it won't interfere with buf_readfile() above */
bff41a61a1b6 Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents: 1589
diff changeset
41 old_fuzz_wrapfds = fuzz.wrapfds;
bff41a61a1b6 Disable wrapfds outside of fuzzed code
Matt Johnston <matt@ucc.asn.au>
parents: 1589
diff changeset
42 fuzz.wrapfds = 0;
1354
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
43 }
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
44
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
45 printf("Finished\n");
7618759e9327 better harness
Matt Johnston <matt@ucc.asn.au>
parents: 1348
diff changeset
46
1348
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47 return 0;
5c2899e35b63 fuzz harness
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 }
1760
2406a9987810 Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents: 1756
diff changeset
49
2406a9987810 Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents: 1756
diff changeset
50 size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) {
2406a9987810 Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents: 1756
diff changeset
51 printf("standalone fuzzer harness shouldn't call LLVMFuzzerMutate");
2406a9987810 Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents: 1756
diff changeset
52 abort();
2406a9987810 Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents: 1756
diff changeset
53 return 0;
2406a9987810 Add first try at fuzzing custom mutator
Matt Johnston <matt@ucc.asn.au>
parents: 1756
diff changeset
54 }