Show More
@@ -1,41 +1,45 | |||||
1 | // Copyright 2017 Google Inc. All Rights Reserved. |
|
1 | // Copyright 2017 Google Inc. All Rights Reserved. | |
2 | // Licensed under the Apache License, Version 2.0 (the "License"); |
|
2 | // Licensed under the Apache License, Version 2.0 (the "License"); | |
3 |
|
3 | |||
4 | // Example of a standalone runner for "fuzz targets". |
|
4 | // Example of a standalone runner for "fuzz targets". | |
5 | // It reads all files passed as parameters and feeds their contents |
|
5 | // It reads all files passed as parameters and feeds their contents | |
6 | // one by one into the fuzz target (LLVMFuzzerTestOneInput). |
|
6 | // one by one into the fuzz target (LLVMFuzzerTestOneInput). | |
7 | // This runner does not do any fuzzing, but allows us to run the fuzz target |
|
7 | // This runner does not do any fuzzing, but allows us to run the fuzz target | |
8 | // on the test corpus (e.g. "do_stuff_test_data") or on a single file, |
|
8 | // on the test corpus (e.g. "do_stuff_test_data") or on a single file, | |
9 | // e.g. the one that comes from a bug report. |
|
9 | // e.g. the one that comes from a bug report. | |
10 |
|
10 | |||
11 | #include <cassert> |
|
11 | #include <cassert> | |
12 | #include <fstream> |
|
12 | #include <fstream> | |
13 | #include <iostream> |
|
13 | #include <iostream> | |
14 | #include <vector> |
|
14 | #include <vector> | |
15 |
|
15 | |||
16 | // Forward declare the "fuzz target" interface. |
|
16 | // Forward declare the "fuzz target" interface. | |
17 | // We deliberately keep this inteface simple and header-free. |
|
17 | // We deliberately keep this inteface simple and header-free. | |
18 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); |
|
18 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); | |
19 |
|
19 | |||
|
20 | extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv); | |||
|
21 | ||||
20 | int main(int argc, char **argv) |
|
22 | int main(int argc, char **argv) | |
21 | { |
|
23 | { | |
|
24 | LLVMFuzzerInitialize(&argc, &argv); | |||
|
25 | ||||
22 | for (int i = 1; i < argc; i++) { |
|
26 | for (int i = 1; i < argc; i++) { | |
23 | std::ifstream in(argv[i]); |
|
27 | std::ifstream in(argv[i]); | |
24 | in.seekg(0, in.end); |
|
28 | in.seekg(0, in.end); | |
25 | size_t length = in.tellg(); |
|
29 | size_t length = in.tellg(); | |
26 | in.seekg(0, in.beg); |
|
30 | in.seekg(0, in.beg); | |
27 | std::cout << "Reading " << length << " bytes from " << argv[i] |
|
31 | std::cout << "Reading " << length << " bytes from " << argv[i] | |
28 | << std::endl; |
|
32 | << std::endl; | |
29 | // Allocate exactly length bytes so that we reliably catch |
|
33 | // Allocate exactly length bytes so that we reliably catch | |
30 | // buffer overflows. |
|
34 | // buffer overflows. | |
31 | std::vector<char> bytes(length); |
|
35 | std::vector<char> bytes(length); | |
32 | in.read(bytes.data(), bytes.size()); |
|
36 | in.read(bytes.data(), bytes.size()); | |
33 | assert(in); |
|
37 | assert(in); | |
34 | LLVMFuzzerTestOneInput( |
|
38 | LLVMFuzzerTestOneInput( | |
35 | reinterpret_cast<const uint8_t *>(bytes.data()), |
|
39 | reinterpret_cast<const uint8_t *>(bytes.data()), | |
36 | bytes.size()); |
|
40 | bytes.size()); | |
37 | std::cout << "Execution successful" << std::endl; |
|
41 | std::cout << "Execution successful" << std::endl; | |
38 | } |
|
42 | } | |
39 | return 0; |
|
43 | return 0; | |
40 | } |
|
44 | } | |
41 | // no-check-code since this is from a third party |
|
45 | // no-check-code since this is from a third party |
General Comments 0
You need to be logged in to leave comments.
Login now