diff options
Diffstat (limited to 'src/c-ares/test/ares-fuzz.c')
-rw-r--r-- | src/c-ares/test/ares-fuzz.c | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/src/c-ares/test/ares-fuzz.c b/src/c-ares/test/ares-fuzz.c new file mode 100644 index 00000000..92761286 --- /dev/null +++ b/src/c-ares/test/ares-fuzz.c @@ -0,0 +1,58 @@ +/* + * General driver to allow command-line fuzzer (i.e. afl) to + * exercise the libFuzzer entrypoint. + */ + +#include <sys/types.h> +#include <fcntl.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define kMaxAflInputSize (1 << 20) +static unsigned char afl_buffer[kMaxAflInputSize]; + +#ifdef __AFL_LOOP +/* If we are built with afl-clang-fast, use persistent mode */ +#define KEEP_FUZZING(count) __AFL_LOOP(1000) +#else +/* If we are built with afl-clang, execute each input once */ +#define KEEP_FUZZING(count) ((count) < 1) +#endif + +/* In ares-test-fuzz.c: */ +int LLVMFuzzerTestOneInput(const unsigned char *data, unsigned long size); + +static void ProcessFile(int fd) { + ssize_t count = read(fd, afl_buffer, kMaxAflInputSize); + /* + * Make a copy of the data so that it's not part of a larger + * buffer (where buffer overflows would go unnoticed). + */ + unsigned char *copied_data = (unsigned char *)malloc(count); + LLVMFuzzerTestOneInput(copied_data, count); + free(copied_data); +} + +int main(int argc, char *argv[]) { + if (argc == 1) { + int count = 0; + while (KEEP_FUZZING(count)) { + ProcessFile(fileno(stdin)); + count++; + } + } else { + int ii; + for (ii = 1; ii < argc; ++ii) { + int fd = open(argv[ii], O_RDONLY); + if (fd < 0) { + fprintf(stderr, "Failed to open '%s'\n", argv[ii]); + continue; + } + ProcessFile(fd); + close(fd); + } + } + return 0; +} |