##// END OF EJS Templates
fuzz: make standalone_fuzz_target_runner call LLVMFuzzerInitialize...
Augie Fackler -
r44253:01ec70a8 default draft
parent child Browse files
Show More
@@ -1,41 +1,45
1 // Copyright 2017 Google Inc. All Rights Reserved.
1 // Copyright 2017 Google Inc. All Rights Reserved.
2 // Licensed under the Apache License, Version 2.0 (the "License");
2 // Licensed under the Apache License, Version 2.0 (the "License");
3
3
4 // Example of a standalone runner for "fuzz targets".
4 // Example of a standalone runner for "fuzz targets".
5 // It reads all files passed as parameters and feeds their contents
5 // It reads all files passed as parameters and feeds their contents
6 // one by one into the fuzz target (LLVMFuzzerTestOneInput).
6 // one by one into the fuzz target (LLVMFuzzerTestOneInput).
7 // This runner does not do any fuzzing, but allows us to run the fuzz target
7 // This runner does not do any fuzzing, but allows us to run the fuzz target
8 // on the test corpus (e.g. "do_stuff_test_data") or on a single file,
8 // on the test corpus (e.g. "do_stuff_test_data") or on a single file,
9 // e.g. the one that comes from a bug report.
9 // e.g. the one that comes from a bug report.
10
10
11 #include <cassert>
11 #include <cassert>
12 #include <fstream>
12 #include <fstream>
13 #include <iostream>
13 #include <iostream>
14 #include <vector>
14 #include <vector>
15
15
16 // Forward declare the "fuzz target" interface.
16 // Forward declare the "fuzz target" interface.
17 // We deliberately keep this inteface simple and header-free.
17 // We deliberately keep this inteface simple and header-free.
18 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
18 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
19
19
20 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv);
21
20 int main(int argc, char **argv)
22 int main(int argc, char **argv)
21 {
23 {
24 LLVMFuzzerInitialize(&argc, &argv);
25
22 for (int i = 1; i < argc; i++) {
26 for (int i = 1; i < argc; i++) {
23 std::ifstream in(argv[i]);
27 std::ifstream in(argv[i]);
24 in.seekg(0, in.end);
28 in.seekg(0, in.end);
25 size_t length = in.tellg();
29 size_t length = in.tellg();
26 in.seekg(0, in.beg);
30 in.seekg(0, in.beg);
27 std::cout << "Reading " << length << " bytes from " << argv[i]
31 std::cout << "Reading " << length << " bytes from " << argv[i]
28 << std::endl;
32 << std::endl;
29 // Allocate exactly length bytes so that we reliably catch
33 // Allocate exactly length bytes so that we reliably catch
30 // buffer overflows.
34 // buffer overflows.
31 std::vector<char> bytes(length);
35 std::vector<char> bytes(length);
32 in.read(bytes.data(), bytes.size());
36 in.read(bytes.data(), bytes.size());
33 assert(in);
37 assert(in);
34 LLVMFuzzerTestOneInput(
38 LLVMFuzzerTestOneInput(
35 reinterpret_cast<const uint8_t *>(bytes.data()),
39 reinterpret_cast<const uint8_t *>(bytes.data()),
36 bytes.size());
40 bytes.size());
37 std::cout << "Execution successful" << std::endl;
41 std::cout << "Execution successful" << std::endl;
38 }
42 }
39 return 0;
43 return 0;
40 }
44 }
41 // no-check-code since this is from a third party
45 // no-check-code since this is from a third party
General Comments 0
You need to be logged in to leave comments. Login now