Esempi in C++ (Cpp) per fuzz_main

Esempio n. 1

0

Mostra file

File: honggfuzz.c Progetto: QardenEden/honggfuzz

int main(int argc, char **argv)
{
    honggfuzz_t hfuzz;
    if (cmdlineParse(argc, argv, &hfuzz) == false) {
        LOG_F("Parsing of the cmd-line arguments failed");
    }

    if (!files_init(&hfuzz)) {
        LOG_F("Couldn't load input files");
        exit(EXIT_FAILURE);
    }

    if (hfuzz.dictionaryFile && (files_parseDictionary(&hfuzz) == false)) {
        LOG_F("Couldn't parse dictionary file ('%s')", hfuzz.dictionaryFile);
    }

    if (hfuzz.blacklistFile && (files_parseBlacklist(&hfuzz) == false)) {
        LOG_F("Couldn't parse stackhash blacklist file ('%s')", hfuzz.blacklistFile);
    }

    /*
     * So far so good
     */
    fuzz_main(&hfuzz);

    abort();                    /* NOTREACHED */
    return EXIT_SUCCESS;
}

Esempio n. 2

0

Mostra file

File: fuzzing_common.c Progetto: jfrazelle/tor

int
main(int argc, char **argv)
{
  size_t size;

  global_init();

  /* Disable logging by default to speed up fuzzing. */
  int loglevel = LOG_ERR;

  for (int i = 1; i < argc; ++i) {
    if (!strcmp(argv[i], "--warn")) {
      loglevel = LOG_WARN;
    } else if (!strcmp(argv[i], "--notice")) {
      loglevel = LOG_NOTICE;
    } else if (!strcmp(argv[i], "--info")) {
      loglevel = LOG_INFO;
    } else if (!strcmp(argv[i], "--debug")) {
      loglevel = LOG_DEBUG;
    }
  }

  {
    log_severity_list_t s;
    memset(&s, 0, sizeof(s));
    set_log_severity_config(loglevel, LOG_ERR, &s);
    /* ALWAYS log bug warnings. */
    s.masks[LOG_WARN-LOG_ERR] |= LD_BUG;
    add_stream_log(&s, "", fileno(stdout));
  }

  if (fuzz_init() < 0)
    abort();

#ifdef __AFL_HAVE_MANUAL_CONTROL
  /* Tell AFL to pause and fork here - ignored if not using AFL */
  __AFL_INIT();
#endif

#define MAX_FUZZ_SIZE (128*1024)
  char *input = read_file_to_str_until_eof(0, MAX_FUZZ_SIZE, &size);
  tor_assert(input);
  char *raw = tor_memdup(input, size); /* Because input is nul-terminated */
  tor_free(input);
  fuzz_main((const uint8_t*)raw, size);
  tor_free(raw);

  if (fuzz_cleanup() < 0)
    abort();

  tor_free(mock_options);
  UNMOCK(get_options);
  return 0;
}

Esempio n. 3

0

Mostra file

File: fuzzing_common.c Progetto: jfrazelle/tor

int
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
  static int initialized = 0;
  if (!initialized) {
    global_init();
    if (fuzz_init() < 0)
      abort();
    initialized = 1;
  }

  return fuzz_main(Data, Size);
}

Esempio n. 4

0

Mostra file

File: honggfuzz.c Progetto: Berrrry/honggfuzz-android

int main(int argc, char **argv)
{
    int c;
    int ll = l_INFO;
    honggfuzz_t hfuzz;

    hfuzz.inputFile = NULL;
    hfuzz.nullifyStdio = false;
    hfuzz.fuzzStdin = false;
    hfuzz.saveUnique = false;
    hfuzz.fileExtn = "fuzz";
    hfuzz.flipRate = 0.001f;
    hfuzz.flipMode = 'B';
    hfuzz.fuzzStart = 0;
    hfuzz.fuzzEnd = UINT_MAX;
    hfuzz.externalCommand = NULL;
    hfuzz.tmOut = 3;
    hfuzz.ignoreAddr = (void *)0UL;
    hfuzz.threadsMax = 5;
    hfuzz.asLimit = 0UL;
    hfuzz.cmdline = NULL;
    hfuzz.pid = 0;

    hfuzz.files = NULL;
    hfuzz.threadsCnt = 0;

    printf(AB PROG_NAME " version " PROG_VERSION "\n" PROG_AUTHORS AC "\n");
    if (argc < 2) {
        usage();
        exit(EXIT_SUCCESS);
    }

    for (;;) {
        c = getopt(argc, argv, "hqsuf:d:e:r:m:c:t:a:n:l:p:b:w:");
        if (c < 0)
            break;

        switch (c) {
        case 'f':
            hfuzz.inputFile = optarg;
            break;
        case 'h':
            usage();
            break;
        case 'q':
            hfuzz.nullifyStdio = true;
            break;
        case 's':
            hfuzz.fuzzStdin = true;
            break;
        case 'u':
            hfuzz.saveUnique = true;
            break;
        case 'd':
            ll = atoi(optarg);
            break;
        case 'e':
            hfuzz.fileExtn = optarg;
            break;
        case 'r':
            hfuzz.flipRate = atof(optarg);
            break;
        case 'm':
            hfuzz.flipMode = optarg[0];
            break;
        case 'c':
            hfuzz.externalCommand = optarg;
            break;
        case 't':
            hfuzz.tmOut = atol(optarg);
            break;
        case 'a':
            hfuzz.ignoreAddr = (void *)atol(optarg);
            break;
        case 'n':
            hfuzz.threadsMax = atol(optarg);
            break;
        case 'l':
            hfuzz.asLimit = strtoul(optarg, NULL, 10);
            break;
        case 'p':
            hfuzz.pid = atoi(optarg);
            break;
        case 'b':
            hfuzz.fuzzStart = strtoul(optarg, NULL, 10);
            break;
        case 'w':
            hfuzz.fuzzEnd = strtoul(optarg, NULL, 10);
            break;
        default:
            break;
        }
    }
    hfuzz.cmdline = &argv[optind];

    util_rndInit();
    log_setMinLevel(ll);

    if (!hfuzz.cmdline[0]) {
        LOGMSG(l_FATAL, "Please specify binary to fuzz");
        usage();
    }

    if (!hfuzz.fuzzStdin && !checkFor_FILE_PLACEHOLDER(hfuzz.cmdline)) {
        LOGMSG(l_FATAL,
               "You must specify '" FILE_PLACEHOLDER
               "' when the -s (stdin fuzzing) option is not set");
        usage();
    }

    if (hfuzz.pid) {
        LOGMSG(l_INFO, "External PID specified, concurrency disabled");
        hfuzz.threadsMax = 1;
    }

    if (strchr(hfuzz.fileExtn, '/')) {
        LOGMSG(l_FATAL, "The file extension contains the '/' character: '%s'", hfuzz.fileExtn);
        usage();
    }

    if (hfuzz.fuzzStart > hfuzz.fuzzEnd || hfuzz.fuzzStart == hfuzz.fuzzEnd) {
        LOGMSG(l_FATAL, "Invalid mangle fuzz area file offsets");
        usage();
    }

    LOGMSG(l_INFO,
           "debugLevel: %d, inputFile '%s', nullifyStdio: %d, fuzzStdin: %d, saveUnique: %d, flipRate: %lf, "
           "flipMode: '%c', externalCommand: '%s', tmOut: %ld, threadsMax: %ld, fileExtn '%s', ignoreAddr: %p, "
           "memoryLimit: %lu (MiB), fuzzExe: '%s', fuzzedPid: %d",
           ll, hfuzz.inputFile, hfuzz.nullifyStdio ? 1 : 0,
           hfuzz.fuzzStdin ? 1 : 0, hfuzz.saveUnique ? 1 : 0, hfuzz.flipRate, hfuzz.flipMode,
           hfuzz.externalCommand == NULL ? "NULL" : hfuzz.externalCommand, hfuzz.tmOut,
           hfuzz.threadsMax, hfuzz.fileExtn, hfuzz.ignoreAddr, hfuzz.asLimit, hfuzz.cmdline[0],
           hfuzz.pid);

    if (!(hfuzz.fuzzers = malloc(sizeof(hfuzz.fuzzers[0]) * hfuzz.threadsMax))) {
        LOGMSG_P(l_FATAL, "Couldn't allocate memory");
        exit(EXIT_FAILURE);
    }
    memset(hfuzz.fuzzers, '\0', sizeof(hfuzz.fuzzers[0]) * hfuzz.threadsMax);

    if (!files_init(&hfuzz)) {
        LOGMSG(l_FATAL, "Couldn't load input files");
        exit(EXIT_FAILURE);
    }

    /*
     * So far so good
     */
    fuzz_main(&hfuzz);

    abort();                    /* NOTREACHED */
    return EXIT_SUCCESS;
}