| OLD | NEW |
|---|
| (Empty) | |
| 1 /* |
| 2 american fuzzy lop - persistent mode example |
| 3 -------------------------------------------- |
| 4 |
| 5 Written and maintained by Michal Zalewski <lcamtuf@google.com> |
| 6 |
| 7 Copyright 2015 Google Inc. All rights reserved. |
| 8 |
| 9 Licensed under the Apache License, Version 2.0 (the "License"); |
| 10 you may not use this file except in compliance with the License. |
| 11 You may obtain a copy of the License at: |
| 12 |
| 13 http://www.apache.org/licenses/LICENSE-2.0 |
| 14 |
| 15 This file demonstrates the high-performance "persistent mode" that may be |
| 16 suitable for fuzzing certain fast and well-behaved libraries, provided that |
| 17 they are stateless or that their internal state can be easily reset |
| 18 across runs. |
| 19 |
| 20 To make this work, the library and this shim need to be compiled in LLVM |
| 21 mode using afl-clang-fast (other compiler wrappers will *not* work). |
| 22 |
| 23 */ |
| 24 |
| 25 #include <stdio.h> |
| 26 #include <stdlib.h> |
| 27 #include <unistd.h> |
| 28 #include <signal.h> |
| 29 #include <string.h> |
| 30 |
| 31 |
| 32 /* Main entry point. */ |
| 33 |
| 34 int main(int argc, char** argv) { |
| 35 |
| 36 char buf[100]; /* Example-only buffer, you'd replace it with other global or |
| 37 local variables appropriate for your use case. */ |
| 38 |
| 39 /* The number passed to __AFL_LOOP() controls the maximum number of |
| 40 iterations before the loop exits and the program is allowed to |
| 41 terminate normally. This limits the impact of accidental memory leaks |
| 42 and similar hiccups. */ |
| 43 |
| 44 while (__AFL_LOOP(1000)) { |
| 45 |
| 46 /*** PLACEHOLDER CODE ***/ |
| 47 |
| 48 /* STEP 1: Fully re-initialize all critical variables. In our example, this |
| 49 involves zeroing buf[], our input buffer. */ |
| 50 |
| 51 memset(buf, 0, 100); |
| 52 |
| 53 /* STEP 2: Read input data. When reading from stdin, no special preparation |
| 54 is required. When reading from a named file, you need to close |
| 55 the old descriptor and reopen the file first! |
| 56 |
| 57 Beware of reading from buffered FILE* objects such as stdin. Use |
| 58 raw file descriptors or call fopen() / fdopen() in every pass. */ |
| 59 |
| 60 read(0, buf, 100); |
| 61 |
| 62 /* STEP 3: This is where we'd call the tested library on the read data. |
| 63 We just have some trivial inline code that faults on 'foo!'. */ |
| 64 |
| 65 if (buf[0] == 'f') { |
| 66 printf("one\n"); |
| 67 if (buf[1] == 'o') { |
| 68 printf("two\n"); |
| 69 if (buf[2] == 'o') { |
| 70 printf("three\n"); |
| 71 if (buf[3] == '!') { |
| 72 printf("four\n"); |
| 73 abort(); |
| 74 } |
| 75 } |
| 76 } |
| 77 } |
| 78 |
| 79 /*** END PLACEHOLDER CODE ***/ |
| 80 |
| 81 } |
| 82 |
| 83 /* Once the loop is exited, terminate normally - AFL will restart the process |
| 84 when this happens, with a clean slate when it comes to allocated memory, |
| 85 leftover file descriptors, etc. */ |
| 86 |
| 87 return 0; |
| 88 |
| 89 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2075883002:
Add American Fuzzy Lop (afl) to third_party/afl/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master