/src/capstonev5/suite/fuzz/fuzz_disasm.c

Source (jump to first uncovered line)
// the following must precede stdio (woo, thanks msft)
#if defined(_MSC_VER) && _MSC_VER < 1900
#define _CRT_SECURE_NO_WARNINGS
#endif

#include <stdio.h>
#include <stdlib.h>
#include <inttypes.h>

#include <capstone/capstone.h>

#include "platform.h"

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);


static FILE *outfile = NULL;

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
    csh handle;
    cs_insn *all_insn;
    cs_detail *detail;
    cs_err err;
    unsigned int i;

    if (Size < 1) {
        // 1 byte for arch choice
        return 0;
    } else if (Size > 0x1000) {
        //limit input to 4kb
        Size = 0x1000;
    }

    if (outfile == NULL) {
        // we compute the output
        outfile = fopen("/dev/null", "w");
        if (outfile == NULL) {
            return 0;
        }
    }

    i = get_platform_entry((uint8_t)Data[0]);

    err = cs_open(platforms[i].arch, platforms[i].mode, &handle);
    if (err) {
        return 0;
    }

    cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON);
    if (Data[0]&0x80) {
        //hack
        cs_option(handle, CS_OPT_SYNTAX, CS_OPT_SYNTAX_ATT);
    }

    uint64_t address = 0x1000;
    size_t count = cs_disasm(handle, Data+1, Size-1, address, 0, &all_insn);

    if (count) {
        size_t j;
        unsigned int n;

        for (j = 0; j < count; j++) {
            cs_insn *i = &(all_insn[j]);
            fprintf(outfile, "0x%"PRIx64":\t%s\t\t%s // insn-ID: %u, insn-mnem: %s\n",
                   i->address, i->mnemonic, i->op_str,
                   i->id, cs_insn_name(handle, i->id));

            detail = i->detail;

            if (detail->regs_read_count > 0) {
                fprintf(outfile, "\tImplicit registers read: ");
                for (n = 0; n < detail->regs_read_count; n++) {
                    fprintf(outfile, "%s ", cs_reg_name(handle, detail->regs_read[n]));
                }
            }

            if (detail->regs_write_count > 0) {
                fprintf(outfile, "\tImplicit registers modified: ");
                for (n = 0; n < detail->regs_write_count; n++) {
                    fprintf(outfile, "%s ", cs_reg_name(handle, detail->regs_write[n]));
                }
            }

            if (detail->groups_count > 0) {
                fprintf(outfile, "\tThis instruction belongs to groups: ");
                for (n = 0; n < detail->groups_count; n++) {
                    fprintf(outfile, "%s ", cs_group_name(handle, detail->groups[n]));
                }
            }
        }

        fprintf(outfile, "0x%"PRIx64":\n", all_insn[j-1].address + all_insn[j-1].size);
        cs_free(all_insn, count);
    }

    cs_close(&handle);

    return 0;
}

Line	Count	Source (jump to first uncovered line)
1		// the following must precede stdio (woo, thanks msft)
2		#if defined(_MSC_VER) && _MSC_VER < 1900
3		#define _CRT_SECURE_NO_WARNINGS
4		#endif
5
6		#include <stdio.h>
7		#include <stdlib.h>
8		#include <inttypes.h>
9
10		#include <capstone/capstone.h>
11
12		#include "platform.h"
13
14		int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
15
16
17		static FILE *outfile = NULL;
18
19	87.1k	int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
20	87.1k	csh handle;
21	87.1k	cs_insn *all_insn;
22	87.1k	cs_detail *detail;
23	87.1k	cs_err err;
24	87.1k	unsigned int i;
25
26	87.1k	if (Size < 1) {
27		// 1 byte for arch choice
28	0	return 0;
29	87.1k	} else if (Size > 0x1000) {
30		//limit input to 4kb
31	0	Size = 0x1000;
32	0	}
33
34	87.1k	if (outfile == NULL) {
35		// we compute the output
36	2	outfile = fopen("/dev/null", "w");
37	2	if (outfile == NULL) {
38	0	return 0;
39	0	}
40	2	}
41
42	87.1k	i = get_platform_entry((uint8_t)Data[0]);
43
44	87.1k	err = cs_open(platforms[i].arch, platforms[i].mode, &handle);
45	87.1k	if (err) {
46	7	return 0;
47	7	}
48
49	87.1k	cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON);
50	87.1k	if (Data[0]&0x80) {
51		//hack
52	24.6k	cs_option(handle, CS_OPT_SYNTAX, CS_OPT_SYNTAX_ATT);
53	24.6k	}
54
55	87.1k	uint64_t address = 0x1000;
56	87.1k	size_t count = cs_disasm(handle, Data+1, Size-1, address, 0, &all_insn);
57
58	87.1k	if (count) {
59	85.6k	size_t j;
60	85.6k	unsigned int n;
61
62	7.08M	for (j = 0; j < count; j++) {
63	7.00M	cs_insn *i = &(all_insn[j]);
64	7.00M	fprintf(outfile, "0x%"PRIx64":\t%s\t\t%s // insn-ID: %u, insn-mnem: %s\n",
65	7.00M	i->address, i->mnemonic, i->op_str,
66	7.00M	i->id, cs_insn_name(handle, i->id));
67
68	7.00M	detail = i->detail;
69
70	7.00M	if (detail->regs_read_count > 0) {
71	1.63M	fprintf(outfile, "\tImplicit registers read: ");
72	4.11M	for (n = 0; n < detail->regs_read_count; n++) {
73	2.47M	fprintf(outfile, "%s ", cs_reg_name(handle, detail->regs_read[n]));
74	2.47M	}
75	1.63M	}
76
77	7.00M	if (detail->regs_write_count > 0) {
78	3.22M	fprintf(outfile, "\tImplicit registers modified: ");
79	7.01M	for (n = 0; n < detail->regs_write_count; n++) {
80	3.78M	fprintf(outfile, "%s ", cs_reg_name(handle, detail->regs_write[n]));
81	3.78M	}
82	3.22M	}
83
84	7.00M	if (detail->groups_count > 0) {
85	4.10M	fprintf(outfile, "\tThis instruction belongs to groups: ");
86	9.96M	for (n = 0; n < detail->groups_count; n++) {
87	5.85M	fprintf(outfile, "%s ", cs_group_name(handle, detail->groups[n]));
88	5.85M	}
89	4.10M	}
90	7.00M	}
91
92	85.6k	fprintf(outfile, "0x%"PRIx64":\n", all_insn[j-1].address + all_insn[j-1].size);
93	85.6k	cs_free(all_insn, count);
94	85.6k	}
95
96	87.1k	cs_close(&handle);
97
98	87.1k	return 0;
99	87.1k	}

Coverage Report

Created: 2024-08-21 06:24