diff options
Diffstat (limited to 'fuzz/mutator_aux.h')
| -rw-r--r-- | fuzz/mutator_aux.h | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/fuzz/mutator_aux.h b/fuzz/mutator_aux.h new file mode 100644 index 0000000..687f130 --- /dev/null +++ b/fuzz/mutator_aux.h | |||
| @@ -0,0 +1,65 @@ | |||
| 1 | /* | ||
| 2 | * Copyright (c) 2019 Yubico AB. All rights reserved. | ||
| 3 | * Use of this source code is governed by a BSD-style | ||
| 4 | * license that can be found in the LICENSE file. | ||
| 5 | */ | ||
| 6 | |||
| 7 | #ifndef _MUTATOR_AUX_H | ||
| 8 | #define _MUTATOR_AUX_H | ||
| 9 | |||
| 10 | /* | ||
| 11 | * As of LLVM 7.0.1, MSAN support in libFuzzer was still experimental. | ||
| 12 | * We therefore have to be careful when using our custom mutator, or | ||
| 13 | * MSAN will flag uninitialised reads on memory populated by libFuzzer. | ||
| 14 | * Since there is no way to suppress MSAN without regenerating object | ||
| 15 | * code (in which case you might as well rebuild libFuzzer with MSAN), | ||
| 16 | * we adjust our mutator to make it less accurate while allowing | ||
| 17 | * fuzzing to proceed. | ||
| 18 | */ | ||
| 19 | |||
| 20 | #if defined(__has_feature) | ||
| 21 | # if __has_feature(memory_sanitizer) | ||
| 22 | # define NO_MSAN __attribute__((no_sanitize("memory"))) | ||
| 23 | # define WITH_MSAN 1 | ||
| 24 | # endif | ||
| 25 | #endif | ||
| 26 | |||
| 27 | #if !defined(WITH_MSAN) | ||
| 28 | # define NO_MSAN | ||
| 29 | #endif | ||
| 30 | |||
| 31 | #define MAXSTR 1024 | ||
| 32 | #define MAXBLOB 3072 | ||
| 33 | |||
| 34 | struct blob { | ||
| 35 | uint8_t body[MAXBLOB]; | ||
| 36 | size_t len; | ||
| 37 | }; | ||
| 38 | |||
| 39 | size_t xstrlen(const char *); | ||
| 40 | void consume(const void *, size_t); | ||
| 41 | |||
| 42 | int unpack_blob(uint8_t, uint8_t **, size_t *, struct blob *); | ||
| 43 | int unpack_byte(uint8_t, uint8_t **, size_t *, uint8_t *); | ||
| 44 | int unpack_int(uint8_t, uint8_t **, size_t *, int *); | ||
| 45 | int unpack_string(uint8_t, uint8_t **, size_t *, char *); | ||
| 46 | |||
| 47 | int pack_blob(uint8_t, uint8_t **, size_t *, const struct blob *); | ||
| 48 | int pack_byte(uint8_t, uint8_t **, size_t *, uint8_t); | ||
| 49 | int pack_int(uint8_t, uint8_t **, size_t *, int); | ||
| 50 | int pack_string(uint8_t, uint8_t **, size_t *, const char *); | ||
| 51 | |||
| 52 | void mutate_byte(uint8_t *); | ||
| 53 | void mutate_int(int *); | ||
| 54 | void mutate_blob(struct blob *); | ||
| 55 | void mutate_string(char *); | ||
| 56 | |||
| 57 | void * dev_open(const char *); | ||
| 58 | void dev_close(void *); | ||
| 59 | void set_wire_data(uint8_t *, size_t); | ||
| 60 | int dev_read(void *, unsigned char *, size_t, int); | ||
| 61 | int dev_write(void *, const unsigned char *, size_t); | ||
| 62 | |||
| 63 | uint32_t uniform_random(uint32_t); | ||
| 64 | |||
| 65 | #endif /* !_MUTATOR_AUX_H */ | ||