summaryrefslogtreecommitdiffstats
path: root/tools/fuzzing/interface
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-12 05:35:37 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-12 05:35:37 +0000
commita90a5cba08fdf6c0ceb95101c275108a152a3aed (patch)
tree532507288f3defd7f4dcf1af49698bcb76034855 /tools/fuzzing/interface
parentAdding debian version 126.0.1-1. (diff)
downloadfirefox-a90a5cba08fdf6c0ceb95101c275108a152a3aed.tar.xz
firefox-a90a5cba08fdf6c0ceb95101c275108a152a3aed.zip
Merging upstream version 127.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tools/fuzzing/interface')
-rw-r--r--tools/fuzzing/interface/FuzzingInterface.cpp39
-rw-r--r--tools/fuzzing/interface/FuzzingInterface.h48
-rw-r--r--tools/fuzzing/interface/FuzzingInterfaceStream.cpp54
-rw-r--r--tools/fuzzing/interface/FuzzingInterfaceStream.h41
-rw-r--r--tools/fuzzing/interface/harness/FuzzerTestHarness.h1
-rw-r--r--tools/fuzzing/interface/moz.build4
6 files changed, 60 insertions, 127 deletions
diff --git a/tools/fuzzing/interface/FuzzingInterface.cpp b/tools/fuzzing/interface/FuzzingInterface.cpp
index f06ca68656..ba932c4b2a 100644
--- a/tools/fuzzing/interface/FuzzingInterface.cpp
+++ b/tools/fuzzing/interface/FuzzingInterface.cpp
@@ -28,3 +28,42 @@ LazyLogModule gFuzzingLog("nsFuzzing");
#endif
} // namespace mozilla
+
+#ifdef AFLFUZZ
+__AFL_FUZZ_INIT();
+
+int afl_interface_raw(FuzzingTestFuncRaw testFunc) {
+ __AFL_INIT();
+ char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE");
+ uint8_t* buf = NULL;
+
+ if (testFilePtr) {
+ std::string testFile(testFilePtr);
+ while (__AFL_LOOP(1000)) {
+ std::ifstream is;
+ is.open(testFile, std::ios::binary);
+ is.seekg(0, std::ios::end);
+ size_t len = is.tellg();
+ is.seekg(0, std::ios::beg);
+ MOZ_RELEASE_ASSERT(len >= 0);
+ if (!len) {
+ is.close();
+ continue;
+ }
+ buf = reinterpret_cast<uint8_t*>(realloc(buf, len));
+ MOZ_RELEASE_ASSERT(buf);
+ is.read(reinterpret_cast<char*>(buf), len);
+ is.close();
+ testFunc(buf, len);
+ }
+ } else {
+ buf = __AFL_FUZZ_TESTCASE_BUF;
+ while (__AFL_LOOP(1000)) {
+ size_t len = __AFL_FUZZ_TESTCASE_LEN;
+ testFunc(buf, len);
+ }
+ }
+
+ return 0;
+}
+#endif // AFLFUZZ
diff --git a/tools/fuzzing/interface/FuzzingInterface.h b/tools/fuzzing/interface/FuzzingInterface.h
index 792f0809ec..31a4b50867 100644
--- a/tools/fuzzing/interface/FuzzingInterface.h
+++ b/tools/fuzzing/interface/FuzzingInterface.h
@@ -37,55 +37,17 @@ extern LazyLogModule gFuzzingLog;
MOZ_LOG(mozilla::gFuzzingLog, mozilla::LogLevel::Verbose, args)
#endif // JS_STANDALONE
+} // namespace mozilla
+
typedef int (*FuzzingTestFuncRaw)(const uint8_t*, size_t);
#ifdef AFLFUZZ
-static int afl_interface_raw(const char* testFile,
- FuzzingTestFuncRaw testFunc) {
- char* buf = NULL;
-
- while (__AFL_LOOP(1000)) {
- std::ifstream is;
- is.open(testFile, std::ios::binary);
- is.seekg(0, std::ios::end);
- int len = is.tellg();
- is.seekg(0, std::ios::beg);
- MOZ_RELEASE_ASSERT(len >= 0);
- if (!len) {
- is.close();
- continue;
- }
- buf = (char*)realloc(buf, len);
- MOZ_RELEASE_ASSERT(buf);
- is.read(buf, len);
- is.close();
- testFunc((uint8_t*)buf, (size_t)len);
- }
-
- free(buf);
-
- return 0;
-}
-
-# define MOZ_AFL_INTERFACE_COMMON() \
- char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE"); \
- if (!testFilePtr) { \
- fprintf(stderr, \
- "Must specify testfile in MOZ_FUZZ_TESTFILE environment " \
- "variable.\n"); \
- return 1; \
- } \
- /* Make a copy of testFilePtr so the testing function can safely call \
- * getenv \
- */ \
- std::string testFile(testFilePtr);
+int afl_interface_raw(FuzzingTestFuncRaw testFunc);
# define MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName) \
static int afl_fuzz_##moduleName(const uint8_t* data, size_t size) { \
- MOZ_RELEASE_ASSERT(data == NULL && size == 0); \
- MOZ_AFL_INTERFACE_COMMON(); \
- return ::mozilla::afl_interface_raw(testFile.c_str(), testFunc); \
+ return afl_interface_raw(testFunc); \
} \
static void __attribute__((constructor)) AFLRegister##moduleName() { \
::mozilla::FuzzerRegistry::getInstance().registerModule( \
@@ -110,6 +72,4 @@ static int afl_interface_raw(const char* testFile,
MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName); \
MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName);
-} // namespace mozilla
-
#endif // FuzzingInterface_h__
diff --git a/tools/fuzzing/interface/FuzzingInterfaceStream.cpp b/tools/fuzzing/interface/FuzzingInterfaceStream.cpp
deleted file mode 100644
index f2c5c891e9..0000000000
--- a/tools/fuzzing/interface/FuzzingInterfaceStream.cpp
+++ /dev/null
@@ -1,54 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*
- * Interface implementation for the unified fuzzing interface
- */
-
-#include "nsIFile.h"
-#include "nsIPrefService.h"
-#include "nsIProperties.h"
-
-#include "FuzzingInterfaceStream.h"
-
-#include "mozilla/Assertions.h"
-
-#ifndef JS_STANDALONE
-# include "nsNetUtil.h"
-#endif
-
-namespace mozilla {
-
-#ifdef AFLFUZZ
-
-void afl_interface_stream(const char* testFile,
- FuzzingTestFuncStream testFunc) {
- nsresult rv;
- nsCOMPtr<nsIProperties> dirService =
- do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID);
- MOZ_RELEASE_ASSERT(dirService != nullptr);
- nsCOMPtr<nsIFile> file;
- rv = dirService->Get(NS_OS_CURRENT_WORKING_DIR, NS_GET_IID(nsIFile),
- getter_AddRefs(file));
- MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
- file->AppendNative(nsDependentCString(testFile));
- while (__AFL_LOOP(1000)) {
- nsCOMPtr<nsIInputStream> inputStream;
- rv = NS_NewLocalFileInputStream(getter_AddRefs(inputStream), file);
- MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
- if (!NS_InputStreamIsBuffered(inputStream)) {
- nsCOMPtr<nsIInputStream> bufStream;
- rv = NS_NewBufferedInputStream(getter_AddRefs(bufStream),
- inputStream.forget(), 1024);
- MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
- inputStream = bufStream;
- }
- testFunc(inputStream.forget());
- }
-}
-
-#endif
-
-} // namespace mozilla
diff --git a/tools/fuzzing/interface/FuzzingInterfaceStream.h b/tools/fuzzing/interface/FuzzingInterfaceStream.h
index 1542020794..44807d9ebd 100644
--- a/tools/fuzzing/interface/FuzzingInterfaceStream.h
+++ b/tools/fuzzing/interface/FuzzingInterfaceStream.h
@@ -28,32 +28,25 @@
#include "FuzzingInterface.h"
-namespace mozilla {
-
typedef int (*FuzzingTestFuncStream)(nsCOMPtr<nsIInputStream>);
#ifdef AFLFUZZ
-void afl_interface_stream(const char* testFile, FuzzingTestFuncStream testFunc);
-
-# define MOZ_AFL_INTERFACE_COMMON(initFunc) \
- if (initFunc) initFunc(NULL, NULL); \
- char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE"); \
- if (!testFilePtr) { \
- fprintf(stderr, \
- "Must specify testfile in MOZ_FUZZ_TESTFILE environment " \
- "variable.\n"); \
- return; \
- } \
- /* Make a copy of testFilePtr so the testing function can safely call \
- * getenv \
- */ \
- std::string testFile(testFilePtr);
-
-# define MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName) \
- TEST(AFL, moduleName) \
- { \
- MOZ_AFL_INTERFACE_COMMON(initFunc); \
- ::mozilla::afl_interface_stream(testFile.c_str(), testFunc); \
+# define MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName) \
+ static int afl_fuzz_inner_##moduleName(const uint8_t* data, size_t size) { \
+ if (size > INT32_MAX) return 0; \
+ nsCOMPtr<nsIInputStream> stream; \
+ nsresult rv = NS_NewByteInputStream(getter_AddRefs(stream), \
+ Span((const char*)data, size), \
+ NS_ASSIGNMENT_DEPEND); \
+ MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); \
+ return testFunc(stream.forget()); \
+ } \
+ static int afl_fuzz_##moduleName(const uint8_t* data, size_t size) { \
+ return afl_interface_raw(afl_fuzz_inner_##moduleName); \
+ } \
+ static void __attribute__((constructor)) AFLRegister##moduleName() { \
+ ::mozilla::FuzzerRegistry::getInstance().registerModule( \
+ #moduleName, initFunc, afl_fuzz_##moduleName); \
}
#else
# define MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName) /* Nothing \
@@ -85,6 +78,4 @@ void afl_interface_stream(const char* testFile, FuzzingTestFuncStream testFunc);
MOZ_LIBFUZZER_INTERFACE_STREAM(initFunc, testFunc, moduleName); \
MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName);
-} // namespace mozilla
-
#endif // FuzzingInterfaceStream_h__
diff --git a/tools/fuzzing/interface/harness/FuzzerTestHarness.h b/tools/fuzzing/interface/harness/FuzzerTestHarness.h
index d7bb1064cf..6104be5438 100644
--- a/tools/fuzzing/interface/harness/FuzzerTestHarness.h
+++ b/tools/fuzzing/interface/harness/FuzzerTestHarness.h
@@ -14,6 +14,7 @@
#include "mozilla/ArrayUtils.h"
#include "mozilla/Attributes.h"
+#include "mozilla/IntegerPrintfMacros.h"
#include "prenv.h"
#include "nsComponentManagerUtils.h"
diff --git a/tools/fuzzing/interface/moz.build b/tools/fuzzing/interface/moz.build
index 8a51007174..fbfb59d924 100644
--- a/tools/fuzzing/interface/moz.build
+++ b/tools/fuzzing/interface/moz.build
@@ -21,10 +21,6 @@ else:
"FuzzingInterfaceStream.h",
]
- SOURCES += [
- "FuzzingInterfaceStream.cpp",
- ]
-
DIRS += [
"harness",
]
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-03 13:25:32 +0000