From 8dd16259287f58f9273002717ec4d27e97127719 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 12 Jun 2024 07:43:14 +0200 Subject: Merging upstream version 127.0. Signed-off-by: Daniel Baumann --- tools/fuzzing/interface/FuzzingInterface.cpp | 39 ++++++++++++++++ tools/fuzzing/interface/FuzzingInterface.h | 48 ++----------------- tools/fuzzing/interface/FuzzingInterfaceStream.cpp | 54 ---------------------- tools/fuzzing/interface/FuzzingInterfaceStream.h | 41 +++++++--------- .../fuzzing/interface/harness/FuzzerTestHarness.h | 1 + tools/fuzzing/interface/moz.build | 4 -- 6 files changed, 60 insertions(+), 127 deletions(-) delete mode 100644 tools/fuzzing/interface/FuzzingInterfaceStream.cpp (limited to 'tools/fuzzing/interface') diff --git a/tools/fuzzing/interface/FuzzingInterface.cpp b/tools/fuzzing/interface/FuzzingInterface.cpp index f06ca68656..ba932c4b2a 100644 --- a/tools/fuzzing/interface/FuzzingInterface.cpp +++ b/tools/fuzzing/interface/FuzzingInterface.cpp @@ -28,3 +28,42 @@ LazyLogModule gFuzzingLog("nsFuzzing"); #endif } // namespace mozilla + +#ifdef AFLFUZZ +__AFL_FUZZ_INIT(); + +int afl_interface_raw(FuzzingTestFuncRaw testFunc) { + __AFL_INIT(); + char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE"); + uint8_t* buf = NULL; + + if (testFilePtr) { + std::string testFile(testFilePtr); + while (__AFL_LOOP(1000)) { + std::ifstream is; + is.open(testFile, std::ios::binary); + is.seekg(0, std::ios::end); + size_t len = is.tellg(); + is.seekg(0, std::ios::beg); + MOZ_RELEASE_ASSERT(len >= 0); + if (!len) { + is.close(); + continue; + } + buf = reinterpret_cast(realloc(buf, len)); + MOZ_RELEASE_ASSERT(buf); + is.read(reinterpret_cast(buf), len); + is.close(); + testFunc(buf, len); + } + } else { + buf = __AFL_FUZZ_TESTCASE_BUF; + while (__AFL_LOOP(1000)) { + size_t len = __AFL_FUZZ_TESTCASE_LEN; + testFunc(buf, len); + } + } + + return 0; +} +#endif // AFLFUZZ diff --git a/tools/fuzzing/interface/FuzzingInterface.h b/tools/fuzzing/interface/FuzzingInterface.h index 792f0809ec..31a4b50867 100644 --- a/tools/fuzzing/interface/FuzzingInterface.h +++ b/tools/fuzzing/interface/FuzzingInterface.h @@ -37,55 +37,17 @@ extern LazyLogModule gFuzzingLog; MOZ_LOG(mozilla::gFuzzingLog, mozilla::LogLevel::Verbose, args) #endif // JS_STANDALONE +} // namespace mozilla + typedef int (*FuzzingTestFuncRaw)(const uint8_t*, size_t); #ifdef AFLFUZZ -static int afl_interface_raw(const char* testFile, - FuzzingTestFuncRaw testFunc) { - char* buf = NULL; - - while (__AFL_LOOP(1000)) { - std::ifstream is; - is.open(testFile, std::ios::binary); - is.seekg(0, std::ios::end); - int len = is.tellg(); - is.seekg(0, std::ios::beg); - MOZ_RELEASE_ASSERT(len >= 0); - if (!len) { - is.close(); - continue; - } - buf = (char*)realloc(buf, len); - MOZ_RELEASE_ASSERT(buf); - is.read(buf, len); - is.close(); - testFunc((uint8_t*)buf, (size_t)len); - } - - free(buf); - - return 0; -} - -# define MOZ_AFL_INTERFACE_COMMON() \ - char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE"); \ - if (!testFilePtr) { \ - fprintf(stderr, \ - "Must specify testfile in MOZ_FUZZ_TESTFILE environment " \ - "variable.\n"); \ - return 1; \ - } \ - /* Make a copy of testFilePtr so the testing function can safely call \ - * getenv \ - */ \ - std::string testFile(testFilePtr); +int afl_interface_raw(FuzzingTestFuncRaw testFunc); # define MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName) \ static int afl_fuzz_##moduleName(const uint8_t* data, size_t size) { \ - MOZ_RELEASE_ASSERT(data == NULL && size == 0); \ - MOZ_AFL_INTERFACE_COMMON(); \ - return ::mozilla::afl_interface_raw(testFile.c_str(), testFunc); \ + return afl_interface_raw(testFunc); \ } \ static void __attribute__((constructor)) AFLRegister##moduleName() { \ ::mozilla::FuzzerRegistry::getInstance().registerModule( \ @@ -110,6 +72,4 @@ static int afl_interface_raw(const char* testFile, MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName); \ MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName); -} // namespace mozilla - #endif // FuzzingInterface_h__ diff --git a/tools/fuzzing/interface/FuzzingInterfaceStream.cpp b/tools/fuzzing/interface/FuzzingInterfaceStream.cpp deleted file mode 100644 index f2c5c891e9..0000000000 --- a/tools/fuzzing/interface/FuzzingInterfaceStream.cpp +++ /dev/null @@ -1,54 +0,0 @@ -/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/* - * Interface implementation for the unified fuzzing interface - */ - -#include "nsIFile.h" -#include "nsIPrefService.h" -#include "nsIProperties.h" - -#include "FuzzingInterfaceStream.h" - -#include "mozilla/Assertions.h" - -#ifndef JS_STANDALONE -# include "nsNetUtil.h" -#endif - -namespace mozilla { - -#ifdef AFLFUZZ - -void afl_interface_stream(const char* testFile, - FuzzingTestFuncStream testFunc) { - nsresult rv; - nsCOMPtr dirService = - do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID); - MOZ_RELEASE_ASSERT(dirService != nullptr); - nsCOMPtr file; - rv = dirService->Get(NS_OS_CURRENT_WORKING_DIR, NS_GET_IID(nsIFile), - getter_AddRefs(file)); - MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); - file->AppendNative(nsDependentCString(testFile)); - while (__AFL_LOOP(1000)) { - nsCOMPtr inputStream; - rv = NS_NewLocalFileInputStream(getter_AddRefs(inputStream), file); - MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); - if (!NS_InputStreamIsBuffered(inputStream)) { - nsCOMPtr bufStream; - rv = NS_NewBufferedInputStream(getter_AddRefs(bufStream), - inputStream.forget(), 1024); - MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); - inputStream = bufStream; - } - testFunc(inputStream.forget()); - } -} - -#endif - -} // namespace mozilla diff --git a/tools/fuzzing/interface/FuzzingInterfaceStream.h b/tools/fuzzing/interface/FuzzingInterfaceStream.h index 1542020794..44807d9ebd 100644 --- a/tools/fuzzing/interface/FuzzingInterfaceStream.h +++ b/tools/fuzzing/interface/FuzzingInterfaceStream.h @@ -28,32 +28,25 @@ #include "FuzzingInterface.h" -namespace mozilla { - typedef int (*FuzzingTestFuncStream)(nsCOMPtr); #ifdef AFLFUZZ -void afl_interface_stream(const char* testFile, FuzzingTestFuncStream testFunc); - -# define MOZ_AFL_INTERFACE_COMMON(initFunc) \ - if (initFunc) initFunc(NULL, NULL); \ - char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE"); \ - if (!testFilePtr) { \ - fprintf(stderr, \ - "Must specify testfile in MOZ_FUZZ_TESTFILE environment " \ - "variable.\n"); \ - return; \ - } \ - /* Make a copy of testFilePtr so the testing function can safely call \ - * getenv \ - */ \ - std::string testFile(testFilePtr); - -# define MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName) \ - TEST(AFL, moduleName) \ - { \ - MOZ_AFL_INTERFACE_COMMON(initFunc); \ - ::mozilla::afl_interface_stream(testFile.c_str(), testFunc); \ +# define MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName) \ + static int afl_fuzz_inner_##moduleName(const uint8_t* data, size_t size) { \ + if (size > INT32_MAX) return 0; \ + nsCOMPtr stream; \ + nsresult rv = NS_NewByteInputStream(getter_AddRefs(stream), \ + Span((const char*)data, size), \ + NS_ASSIGNMENT_DEPEND); \ + MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); \ + return testFunc(stream.forget()); \ + } \ + static int afl_fuzz_##moduleName(const uint8_t* data, size_t size) { \ + return afl_interface_raw(afl_fuzz_inner_##moduleName); \ + } \ + static void __attribute__((constructor)) AFLRegister##moduleName() { \ + ::mozilla::FuzzerRegistry::getInstance().registerModule( \ + #moduleName, initFunc, afl_fuzz_##moduleName); \ } #else # define MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName) /* Nothing \ @@ -85,6 +78,4 @@ void afl_interface_stream(const char* testFile, FuzzingTestFuncStream testFunc); MOZ_LIBFUZZER_INTERFACE_STREAM(initFunc, testFunc, moduleName); \ MOZ_AFL_INTERFACE_STREAM(initFunc, testFunc, moduleName); -} // namespace mozilla - #endif // FuzzingInterfaceStream_h__ diff --git a/tools/fuzzing/interface/harness/FuzzerTestHarness.h b/tools/fuzzing/interface/harness/FuzzerTestHarness.h index d7bb1064cf..6104be5438 100644 --- a/tools/fuzzing/interface/harness/FuzzerTestHarness.h +++ b/tools/fuzzing/interface/harness/FuzzerTestHarness.h @@ -14,6 +14,7 @@ #include "mozilla/ArrayUtils.h" #include "mozilla/Attributes.h" +#include "mozilla/IntegerPrintfMacros.h" #include "prenv.h" #include "nsComponentManagerUtils.h" diff --git a/tools/fuzzing/interface/moz.build b/tools/fuzzing/interface/moz.build index 8a51007174..fbfb59d924 100644 --- a/tools/fuzzing/interface/moz.build +++ b/tools/fuzzing/interface/moz.build @@ -21,10 +21,6 @@ else: "FuzzingInterfaceStream.h", ] - SOURCES += [ - "FuzzingInterfaceStream.cpp", - ] - DIRS += [ "harness", ] -- cgit v1.2.3