about summary refs log tree commit diff
path: root/utils
diff options
context:
space:
mode:
Diffstat (limited to 'utils')
-rw-r--r--utils/argv_fuzzing/argv-fuzz-inl.h43
-rw-r--r--utils/argv_fuzzing/argv_fuzz_demo.c16
-rw-r--r--utils/argv_fuzzing/argv_fuzz_persistent_demo.c28
3 files changed, 87 insertions, 0 deletions
diff --git a/utils/argv_fuzzing/argv-fuzz-inl.h b/utils/argv_fuzzing/argv-fuzz-inl.h
index ec22c53b..d3440799 100644
--- a/utils/argv_fuzzing/argv-fuzz-inl.h
+++ b/utils/argv_fuzzing/argv-fuzz-inl.h
@@ -29,6 +29,10 @@
    If you would like to always preserve argv[0], use this instead:
    AFL_INIT_SET0("prog_name");
 
+  To enable persistent fuzzing, use the AFL_INIT_ARGV_PERSISTENT macro with
+  buf as argument, or use AFL_INIT_SET0_PERSISTENT("prog_name", buf)
+  to preserver argv[0]. buf should be defined as:
+  unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF;
 */
 
 #ifndef _HAVE_ARGV_FUZZ_INL
@@ -53,6 +57,20 @@
                                  \
   } while (0)
 
+#define AFL_INIT_ARGV_PERSISTENT(persistent_buff)                \
+    do {                                                         \
+        argv = afl_init_argv_persistent(&argc, persistent_buff); \
+     } while (0)
+
+#define AFL_INIT_SET0_PERSISTENT(_p, persistent_buff)            \
+  do {                                                           \
+                                                                 \
+    argv = afl_init_argv_persistent(&argc, persistent_buff);     \
+    argv[0] = (_p);                                              \
+    if (!argc) argc = 1;                                         \
+                                                                 \
+  } while (0)
+
 #define MAX_CMDLINE_LEN 100000
 #define MAX_CMDLINE_PAR 50000
 
@@ -87,6 +105,31 @@ static char **afl_init_argv(int *argc) {
 
 }
 
+static char **afl_init_argv_persistent(int *argc, unsigned char *persistent_buff) {
+
+  static char *ret[MAX_CMDLINE_PAR];
+
+  unsigned char *ptr = persistent_buff;
+  int   rc = 0;
+
+  while (*ptr && rc < MAX_CMDLINE_PAR) {
+
+    ret[rc] = (char *)ptr;
+    if (ret[rc][0] == 0x02 && !ret[rc][1]) ret[rc]++;
+    rc++;
+
+    while (*ptr)
+      ptr++;
+    ptr++;
+
+  }
+
+  *argc = rc;
+
+  return ret;
+
+}
+
 #undef MAX_CMDLINE_LEN
 #undef MAX_CMDLINE_PAR
 
diff --git a/utils/argv_fuzzing/argv_fuzz_demo.c b/utils/argv_fuzzing/argv_fuzz_demo.c
new file mode 100644
index 00000000..f4375316
--- /dev/null
+++ b/utils/argv_fuzzing/argv_fuzz_demo.c
@@ -0,0 +1,16 @@
+#include <stdio.h>
+#include <string.h>
+#include "argv-fuzz-inl.h"
+
+int main(int argc, char **argv) {
+AFL_INIT_ARGV();
+  if (argc > 1 && strcmp(argv[1], "XYZ") == 0) {
+    if (strcmp(argv[2], "TEST2") == 0) {
+      abort();
+    }
+  } else {
+    printf("Bad number of arguments!\n");
+  }
+
+  return 0;
+}
\ No newline at end of file
diff --git a/utils/argv_fuzzing/argv_fuzz_persistent_demo.c b/utils/argv_fuzzing/argv_fuzz_persistent_demo.c
new file mode 100644
index 00000000..5ecda22b
--- /dev/null
+++ b/utils/argv_fuzzing/argv_fuzz_persistent_demo.c
@@ -0,0 +1,28 @@
+#include <stdio.h>
+#include <string.h>
+#include "argv-fuzz-inl.h"
+
+__AFL_FUZZ_INIT();
+
+int main(int argc, char **argv) {
+#ifdef __AFL_HAVE_MANUAL_CONTROL
+  __AFL_INIT();
+#endif
+  unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF;
+
+  while (__AFL_LOOP(100000)) {
+    int len = __AFL_FUZZ_TESTCASE_LEN;
+
+    if (len < 8) continue;
+
+    AFL_INIT_ARGV_P(buf);
+
+    if (argc > 1 && strcmp(argv[1], "XYZ") == 0) {
+      if (strcmp(argv[2], "TEST2") == 0) { abort(); }
+    } else {
+      printf("Bad number of arguments!\n");
+    }
+  }
+
+  return 0;
+}
\ No newline at end of file
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-21 19:51:57 +0000