tools/fuzzing/interface/FuzzingInterface.cpp

   1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* This Source Code Form is subject to the terms of the Mozilla Public
   3  * License, v. 2.0. If a copy of the MPL was not distributed with this
   4  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   5
   6 /*
   7  * Common code for the unified fuzzing interface
   8  */
   9
  10 #include <stdarg.h>
  11 #include <stdlib.h>
  12 #include "FuzzingInterface.h"
  13
  14 namespace mozilla {
  15
  16 #ifdef JS_STANDALONE
  17 MOZ_RUNINIT static bool fuzzing_verbose = !!getenv("MOZ_FUZZ_LOG");
  18 void fuzzing_log(const char* aFmt, ...) {
  19   if (fuzzing_verbose) {
  20     va_list ap;
  21     va_start(ap, aFmt);
  22     vfprintf(stderr, aFmt, ap);
  23     va_end(ap);
  24   }
  25 }
  26 #else
  27 LazyLogModule gFuzzingLog("nsFuzzing");
  28 #endif
  29
  30 }  // namespace mozilla
  31
  32 #ifdef AFLFUZZ
  33 __attribute__((weak)) extern uint8_t* __afl_area_ptr;
  34 __attribute__((weak)) extern uint32_t __afl_map_size;
  35
  36 __AFL_FUZZ_INIT();
  37
  38 int afl_interface_raw(FuzzingTestFuncRaw testFunc) {
  39   char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE");
  40   uint8_t* buf = NULL;
  41
  42   if (testFilePtr) {
  43     std::string testFile(testFilePtr);
  44     while (__AFL_LOOP(1000)) {
  45       std::ifstream is;
  46       is.open(testFile, std::ios::binary);
  47       is.seekg(0, std::ios::end);
  48       size_t len = is.tellg();
  49       is.seekg(0, std::ios::beg);
  50       MOZ_RELEASE_ASSERT(len >= 0);
  51       if (!len) {
  52         is.close();
  53         continue;
  54       }
  55       buf = reinterpret_cast<uint8_t*>(realloc(buf, len));
  56       MOZ_RELEASE_ASSERT(buf);
  57       is.read(reinterpret_cast<char*>(buf), len);
  58       is.close();
  59       if (testFunc(buf, len)) {
  60         // this pattern is from the driver for
  61         // LLVMFuzzerTestOneInput in aflpp_driver.c
  62         memset(__afl_area_ptr, 0, __afl_map_size);
  63         __afl_area_ptr[0] = 1;
  64       }
  65     }
  66   } else {
  67     buf = __AFL_FUZZ_TESTCASE_BUF;
  68     while (__AFL_LOOP(1000)) {
  69       size_t len = __AFL_FUZZ_TESTCASE_LEN;
  70       if (testFunc(buf, len)) {
  71         // this pattern is from the driver for
  72         // LLVMFuzzerTestOneInput in aflpp_driver.c
  73         memset(__afl_area_ptr, 0, __afl_map_size);
  74         __afl_area_ptr[0] = 1;
  75       }
  76     }
  77   }
  78
  79   return 0;
  80 }
  81 #endif  // AFLFUZZ