/src/botan/src/fuzzer/fuzzers.h

Source (jump to first uncovered line)
/*
* (C) 2015,2016,2017 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#ifndef BOTAN_FUZZER_DRIVER_H_
#define BOTAN_FUZZER_DRIVER_H_

#include <stdint.h>
#include <stdlib.h> // for setenv
#include <iostream>
#include <vector>
#include <botan/exceptn.h>
#include <botan/chacha_rng.h>

static const size_t max_fuzzer_input_size = 8192;

extern void fuzz(const uint8_t in[], size_t len);

extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv);
extern "C" int LLVMFuzzerTestOneInput(const uint8_t in[], size_t len);

extern "C" int LLVMFuzzerInitialize(int *, char ***)
   {
   /*
   * This disables the mlock pool, as overwrites within the pool are
   * opaque to ASan or other instrumentation.
   */
   ::setenv("BOTAN_MLOCK_POOL_SIZE", "0", 1);
   return 0;
   }

// Called by main() in libFuzzer or in main for AFL below
extern "C" int LLVMFuzzerTestOneInput(const uint8_t in[], size_t len)
   {
   if(len <= max_fuzzer_input_size)
      {
      fuzz(in, len);
      }
   return 0;
   }

// Some helpers for the fuzzer jigs

inline Botan::RandomNumberGenerator& fuzzer_rng()
   {
   static Botan::ChaCha_RNG rng(Botan::secure_vector<uint8_t>(32));
   return rng;
   }

#define FUZZER_WRITE_AND_CRASH(expr) \
   do { std::cerr << expr; abort(); } while(0)

#define FUZZER_ASSERT_EQUAL(x, y) do {                                  \
   if(x != y) {                                                         \
      FUZZER_WRITE_AND_CRASH(#x << " = " << x << " !=\n"                \
                             << #y << " = " << y << "\n");              \
   } } while(0)

#define FUZZER_ASSERT_TRUE(e)                                           \
   do {                                                                 \
   if(!(e)) {                                                           \
      FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false");      \
   } } while(0)

#if defined(BOTAN_FUZZER_IS_AFL) || defined(BOTAN_FUZZER_IS_TEST)

/* Stub for AFL */

#if defined(BOTAN_FUZZER_IS_AFL) && !defined(__AFL_COMPILER)
   #error "Build configured for AFL but not being compiled by AFL compiler"
#endif

#if defined(BOTAN_FUZZER_IS_TEST)

#include <fstream>

namespace {

int fuzz_files(char* files[])
   {
   for(size_t i = 0; files[i]; ++i)
      {
      std::ifstream in(files[i]);

      if(in.good())
         {
         std::vector<uint8_t> buf(max_fuzzer_input_size);
         in.read(reinterpret_cast<char*>(buf.data()), buf.size());
         const size_t got = in.gcount();
         buf.resize(got);
         buf.shrink_to_fit();

         LLVMFuzzerTestOneInput(buf.data(), got);
         }
      }

   return 0;
   }

}

#endif

int main(int argc, char* argv[])
   {
   LLVMFuzzerInitialize(&argc, &argv);

#if defined(BOTAN_FUZZER_IS_TEST)
   if(argc > 1)
      {
      return fuzz_files(&argv[1]);
      }
#endif

#if defined(__AFL_LOOP)
   while(__AFL_LOOP(1000))
#endif
      {
      std::vector<uint8_t> buf(max_fuzzer_input_size);
      std::cin.read(reinterpret_cast<char*>(buf.data()), buf.size());
      const size_t got = std::cin.gcount();

      buf.resize(got);
      buf.shrink_to_fit();

      LLVMFuzzerTestOneInput(buf.data(), got);
      }
   }

#elif defined(BOTAN_FUZZER_IS_KLEE)

#include <klee/klee.h>

int main(int argc, char* argv[])
   {
   LLVMFuzzerInitialize(&argc, &argv);

   uint8_t input[max_fuzzer_input_size] = { 0 };
   klee_make_symbolic(&input, sizeof(input), "input");

   size_t input_len = klee_range(0, sizeof(input), "input_len");

   LLVMFuzzerTestOneInput(input, input_len);
   }

#endif

#endif

Line	Count	Source (jump to first uncovered line)
1		/*
2		* (C) 2015,2016,2017 Jack Lloyd
3		*
4		* Botan is released under the Simplified BSD License (see license.txt)
5		*/
6
7		#ifndef BOTAN_FUZZER_DRIVER_H_
8		#define BOTAN_FUZZER_DRIVER_H_
9
10		#include <stdint.h>
11		#include <stdlib.h> // for setenv
12		#include <iostream>
13		#include <vector>
14		#include <botan/exceptn.h>
15		#include <botan/chacha_rng.h>
16
17		static const size_t max_fuzzer_input_size = 8192;
18
19		extern void fuzz(const uint8_t in[], size_t len);
20
21		extern "C" int LLVMFuzzerInitialize(int argc, char **argv);
22		extern "C" int LLVMFuzzerTestOneInput(const uint8_t in[], size_t len);
23
24		extern "C" int LLVMFuzzerInitialize(int , char **)
25	64	{
26		/*
27		* This disables the mlock pool, as overwrites within the pool are
28		* opaque to ASan or other instrumentation.
29		*/
30	64	::setenv("BOTAN_MLOCK_POOL_SIZE", "0", 1);
31	64	return 0;
32	64	}
33
34		// Called by main() in libFuzzer or in main for AFL below
35		extern "C" int LLVMFuzzerTestOneInput(const uint8_t in[], size_t len)
36	51.8k	{
37	51.8k	if(len <= max_fuzzer_input_size)
38	51.6k	{
39	51.6k	fuzz(in, len);
40	51.6k	}
41	51.8k	return 0;
42	51.8k	}
43
44		// Some helpers for the fuzzer jigs
45
46		inline Botan::RandomNumberGenerator& fuzzer_rng()
47	38.2k	{
48	38.2k	static Botan::ChaCha_RNG rng(Botan::secure_vector<uint8_t>(32));
49	38.2k	return rng;
50	38.2k	}
51
52		#define FUZZER_WRITE_AND_CRASH(expr) \
53	0	do { std::cerr << expr; abort(); } while(0)
54
55	58.4k	#define FUZZER_ASSERT_EQUAL(x, y) do { \
56	58.4k	if(x != y) { \
57	0	FUZZER_WRITE_AND_CRASH(#x << " = " << x << " !=\n" \
58	0	<< #y << " = " << y << "\n"); \
59	58.4k	} } while(0)
60
61		#define FUZZER_ASSERT_TRUE(e) \
62	113k	do { \
63	113k	if(!(e)) { \
64	0	FUZZER_WRITE_AND_CRASH("Expression " << #e << " was false"); \
65	113k	} } while(0)
66
67		#if defined(BOTAN_FUZZER_IS_AFL) \|\| defined(BOTAN_FUZZER_IS_TEST)
68
69		/* Stub for AFL */
70
71		#if defined(BOTAN_FUZZER_IS_AFL) && !defined(__AFL_COMPILER)
72		#error "Build configured for AFL but not being compiled by AFL compiler"
73		#endif
74
75		#if defined(BOTAN_FUZZER_IS_TEST)
76
77		#include <fstream>
78
79		namespace {
80
81		int fuzz_files(char* files[])
82		{
83		for(size_t i = 0; files[i]; ++i)
84		{
85		std::ifstream in(files[i]);
86
87		if(in.good())
88		{
89		std::vector<uint8_t> buf(max_fuzzer_input_size);
90		in.read(reinterpret_cast<char*>(buf.data()), buf.size());
91		const size_t got = in.gcount();
92		buf.resize(got);
93		buf.shrink_to_fit();
94
95		LLVMFuzzerTestOneInput(buf.data(), got);
96		}
97		}
98
99		return 0;
100		}
101
102		}
103
104		#endif
105
106		int main(int argc, char* argv[])
107		{
108		LLVMFuzzerInitialize(&argc, &argv);
109
110		#if defined(BOTAN_FUZZER_IS_TEST)
111		if(argc > 1)
112		{
113		return fuzz_files(&argv[1]);
114		}
115		#endif
116
117		#if defined(__AFL_LOOP)
118		while(__AFL_LOOP(1000))
119		#endif
120		{
121		std::vector<uint8_t> buf(max_fuzzer_input_size);
122		std::cin.read(reinterpret_cast<char*>(buf.data()), buf.size());
123		const size_t got = std::cin.gcount();
124
125		buf.resize(got);
126		buf.shrink_to_fit();
127
128		LLVMFuzzerTestOneInput(buf.data(), got);
129		}
130		}
131
132		#elif defined(BOTAN_FUZZER_IS_KLEE)
133
134		#include <klee/klee.h>
135
136		int main(int argc, char* argv[])
137		{
138		LLVMFuzzerInitialize(&argc, &argv);
139
140		uint8_t input[max_fuzzer_input_size] = { 0 };
141		klee_make_symbolic(&input, sizeof(input), "input");
142
143		size_t input_len = klee_range(0, sizeof(input), "input_len");
144
145		LLVMFuzzerTestOneInput(input, input_len);
146		}
147
148		#endif
149
150		#endif

Coverage Report

Created: 2022-06-23 06:44