/work/obj-fuzz/dist/include/FuzzingInterface.h
Line | Count | Source |
1 | | /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
3 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
4 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
5 | | |
6 | | /* |
7 | | * Interface definitions for the unified fuzzing interface |
8 | | */ |
9 | | |
10 | | #ifndef FuzzingInterface_h__ |
11 | | #define FuzzingInterface_h__ |
12 | | |
13 | | #include <fstream> |
14 | | |
15 | | #include "FuzzerRegistry.h" |
16 | | #include "mozilla/Assertions.h" |
17 | | |
18 | | namespace mozilla { |
19 | | |
20 | | typedef int(*FuzzingTestFuncRaw)(const uint8_t*, size_t); |
21 | | |
22 | | #ifdef __AFL_COMPILER |
23 | | |
24 | | static int afl_interface_raw(const char* testFile, FuzzingTestFuncRaw testFunc) { |
25 | | char* buf = NULL; |
26 | | |
27 | | while(__AFL_LOOP(1000)) { |
28 | | std::ifstream is; |
29 | | is.open (testFile, std::ios::binary); |
30 | | is.seekg (0, std::ios::end); |
31 | | int len = is.tellg(); |
32 | | is.seekg (0, std::ios::beg); |
33 | | MOZ_RELEASE_ASSERT(len >= 0); |
34 | | if (!len) { |
35 | | is.close(); |
36 | | continue; |
37 | | } |
38 | | buf = (char*)realloc(buf, len); |
39 | | MOZ_RELEASE_ASSERT(buf); |
40 | | is.read(buf,len); |
41 | | is.close(); |
42 | | testFunc((uint8_t*)buf, (size_t)len); |
43 | | } |
44 | | |
45 | | free(buf); |
46 | | |
47 | | return 0; |
48 | | } |
49 | | |
50 | | #define MOZ_AFL_INTERFACE_COMMON() \ |
51 | | char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE"); \ |
52 | | if (!testFilePtr) { \ |
53 | | fprintf(stderr, "Must specify testfile in MOZ_FUZZ_TESTFILE environment variable.\n"); \ |
54 | | return 1; \ |
55 | | } \ |
56 | | /* Make a copy of testFilePtr so the testing function can safely call getenv */ \ |
57 | | std::string testFile(testFilePtr); |
58 | | |
59 | | #define MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName) \ |
60 | | static int afl_fuzz_##moduleName(const uint8_t *data, size_t size) { \ |
61 | | MOZ_RELEASE_ASSERT(data == NULL && size == 0); \ |
62 | | MOZ_AFL_INTERFACE_COMMON(); \ |
63 | | return ::mozilla::afl_interface_raw(testFile.c_str(), testFunc); \ |
64 | | } \ |
65 | | static void __attribute__ ((constructor)) AFLRegister##moduleName() { \ |
66 | | ::mozilla::FuzzerRegistry::getInstance().registerModule( \ |
67 | | #moduleName, initFunc, afl_fuzz_##moduleName \ |
68 | | ); \ |
69 | | } |
70 | | #else |
71 | | #define MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName) /* Nothing */ |
72 | | #endif // __AFL_COMPILER |
73 | | |
74 | | #ifdef LIBFUZZER |
75 | | #define MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName) \ |
76 | 18 | static void __attribute__ ((constructor)) LibFuzzerRegister##moduleName() { \ |
77 | 18 | ::mozilla::FuzzerRegistry::getInstance().registerModule( \ |
78 | 18 | #moduleName, initFunc, testFunc \ |
79 | 18 | ); \ |
80 | 18 | } av1_fuzzer.cpp:LibFuzzerRegisterAV1Decode() Line | Count | Source | 76 | 3 | static void __attribute__ ((constructor)) LibFuzzerRegister##moduleName() { \ | 77 | 3 | ::mozilla::FuzzerRegistry::getInstance().registerModule( \ | 78 | 3 | #moduleName, initFunc, testFunc \ | 79 | 3 | ); \ | 80 | 3 | } |
sdp_parser_libfuzz.cpp:LibFuzzerRegisterSdpParser() Line | Count | Source | 76 | 3 | static void __attribute__ ((constructor)) LibFuzzerRegister##moduleName() { \ | 77 | 3 | ::mozilla::FuzzerRegistry::getInstance().registerModule( \ | 78 | 3 | #moduleName, initFunc, testFunc \ | 79 | 3 | ); \ | 80 | 3 | } |
stun_parser_libfuzz.cpp:LibFuzzerRegisterStunParser() Line | Count | Source | 76 | 3 | static void __attribute__ ((constructor)) LibFuzzerRegister##moduleName() { \ | 77 | 3 | ::mozilla::FuzzerRegistry::getInstance().registerModule( \ | 78 | 3 | #moduleName, initFunc, testFunc \ | 79 | 3 | ); \ | 80 | 3 | } |
qcms_fuzzer.cpp:LibFuzzerRegisterQcms() Line | Count | Source | 76 | 3 | static void __attribute__ ((constructor)) LibFuzzerRegister##moduleName() { \ | 77 | 3 | ::mozilla::FuzzerRegistry::getInstance().registerModule( \ | 78 | 3 | #moduleName, initFunc, testFunc \ | 79 | 3 | ); \ | 80 | 3 | } |
csp_fuzzer.cpp:LibFuzzerRegisterContentSecurityPolicyParser() Line | Count | Source | 76 | 3 | static void __attribute__ ((constructor)) LibFuzzerRegister##moduleName() { \ | 77 | 3 | ::mozilla::FuzzerRegistry::getInstance().registerModule( \ | 78 | 3 | #moduleName, initFunc, testFunc \ | 79 | 3 | ); \ | 80 | 3 | } |
content_parent_ipc_libfuzz.cpp:LibFuzzerRegisterContentParentIPC() Line | Count | Source | 76 | 3 | static void __attribute__ ((constructor)) LibFuzzerRegister##moduleName() { \ | 77 | 3 | ::mozilla::FuzzerRegistry::getInstance().registerModule( \ | 78 | 3 | #moduleName, initFunc, testFunc \ | 79 | 3 | ); \ | 80 | 3 | } |
|
81 | | #else |
82 | | #define MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName) /* Nothing */ |
83 | | #endif |
84 | | |
85 | | #define MOZ_FUZZING_INTERFACE_RAW(initFunc, testFunc, moduleName) \ |
86 | | MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName); \ |
87 | | MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName); |
88 | | |
89 | | } // namespace mozilla |
90 | | |
91 | | #endif // FuzzingInterface_h__ |