blob: ffea927e898bb62131d996cce3485728be201f2f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
// cc -O3 -fPIC -shared -g -o custom_send.so -I../../include custom_send.c
// cd ../..
// afl-cc -o test-instr test-instr.c
// afl-fuzz -i in -o out -- ./test-instr -f /tmp/foo
#include "custom_mutator_helpers.h"
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
typedef struct my_mutator {
afl_t *afl;
} my_mutator_t;
my_mutator_t *afl_custom_init(afl_t *afl, unsigned int seed) {
my_mutator_t *data = calloc(1, sizeof(my_mutator_t));
if (!data) {
perror("afl_custom_init alloc");
return NULL;
}
data->afl = afl;
return data;
}
void afl_custom_fuzz_send(my_mutator_t *data, uint8_t *buf, size_t buf_size) {
int fd = open("/tmp/foo", O_CREAT | O_NOFOLLOW | O_TRUNC | O_RDWR, 0644);
if (fd >= 0) {
(void)write(fd, buf, buf_size);
close(fd);
}
return;
}
void afl_custom_deinit(my_mutator_t *data) {
free(data);
}
|
