| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
 | /*
   american fuzzy lop++ - a trivial program to test the build
   --------------------------------------------------------
   Originally written by Michal Zalewski
   Copyright 2014 Google Inc. All rights reserved.
   Copyright 2019-2022 AFLplusplus Project. All rights reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at:
     http://www.apache.org/licenses/LICENSE-2.0
 */
#include <fcntl.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
void LLVMFuzzerTestOneInput(char *buf, int len) {
  printf (">>> LLVMFuzzerTestOneInput >>>\n");
  if (len < 1) return;
  buf[len] = 0;
  // we support three input cases
  if (buf[0] == '0')
    printf("Looks like a zero to me!\n");
  else if (buf[0] == '1')
    printf("Pretty sure that is a one!\n");
  else
    printf("Neither one or zero? How quaint!\n");
}
void slow() {
  usleep(100000);
}
int main(int argc, char **argv) {
  char * file;
  int    fd = -1;
  off_t  len;
  char * buf = NULL;
  size_t n_read;
  int    result = -1;
  if (argc != 2) { return 1; }
  do {
    file = argv[1];
    dprintf(STDERR_FILENO, "Running: %s\n", file);
    fd = open(file, O_RDONLY);
    if (fd < 0) {
      perror("open");
      break;
    }
    len = lseek(fd, 0, SEEK_END);
    if (len < 0) {
      perror("lseek (SEEK_END)");
      break;
    }
    if (lseek(fd, 0, SEEK_SET) != 0) {
      perror("lseek (SEEK_SET)");
      break;
    }
    buf = malloc(len);
    if (buf == NULL) {
      perror("malloc");
      break;
    }
    n_read = read(fd, buf, len);
    if (n_read != len) {
      perror("read");
      break;
    }
    dprintf(STDERR_FILENO, "Running:    %s: (%zd bytes)\n", file, n_read);
    LLVMFuzzerTestOneInput(buf, len);
    dprintf(STDERR_FILENO, "Done:    %s: (%zd bytes)\n", file, n_read);
    slow();
    result = 0;
  } while (false);
  if (buf != NULL) { free(buf); }
  if (fd != -1) { close(fd); }
  return result;
}
 |