diff options
Diffstat (limited to 'fuzz/mutator_aux.h')
-rw-r--r-- | fuzz/mutator_aux.h | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/fuzz/mutator_aux.h b/fuzz/mutator_aux.h new file mode 100644 index 0000000..687f130 --- /dev/null +++ b/fuzz/mutator_aux.h | |||
@@ -0,0 +1,65 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2019 Yubico AB. All rights reserved. | ||
3 | * Use of this source code is governed by a BSD-style | ||
4 | * license that can be found in the LICENSE file. | ||
5 | */ | ||
6 | |||
7 | #ifndef _MUTATOR_AUX_H | ||
8 | #define _MUTATOR_AUX_H | ||
9 | |||
10 | /* | ||
11 | * As of LLVM 7.0.1, MSAN support in libFuzzer was still experimental. | ||
12 | * We therefore have to be careful when using our custom mutator, or | ||
13 | * MSAN will flag uninitialised reads on memory populated by libFuzzer. | ||
14 | * Since there is no way to suppress MSAN without regenerating object | ||
15 | * code (in which case you might as well rebuild libFuzzer with MSAN), | ||
16 | * we adjust our mutator to make it less accurate while allowing | ||
17 | * fuzzing to proceed. | ||
18 | */ | ||
19 | |||
20 | #if defined(__has_feature) | ||
21 | # if __has_feature(memory_sanitizer) | ||
22 | # define NO_MSAN __attribute__((no_sanitize("memory"))) | ||
23 | # define WITH_MSAN 1 | ||
24 | # endif | ||
25 | #endif | ||
26 | |||
27 | #if !defined(WITH_MSAN) | ||
28 | # define NO_MSAN | ||
29 | #endif | ||
30 | |||
31 | #define MAXSTR 1024 | ||
32 | #define MAXBLOB 3072 | ||
33 | |||
34 | struct blob { | ||
35 | uint8_t body[MAXBLOB]; | ||
36 | size_t len; | ||
37 | }; | ||
38 | |||
39 | size_t xstrlen(const char *); | ||
40 | void consume(const void *, size_t); | ||
41 | |||
42 | int unpack_blob(uint8_t, uint8_t **, size_t *, struct blob *); | ||
43 | int unpack_byte(uint8_t, uint8_t **, size_t *, uint8_t *); | ||
44 | int unpack_int(uint8_t, uint8_t **, size_t *, int *); | ||
45 | int unpack_string(uint8_t, uint8_t **, size_t *, char *); | ||
46 | |||
47 | int pack_blob(uint8_t, uint8_t **, size_t *, const struct blob *); | ||
48 | int pack_byte(uint8_t, uint8_t **, size_t *, uint8_t); | ||
49 | int pack_int(uint8_t, uint8_t **, size_t *, int); | ||
50 | int pack_string(uint8_t, uint8_t **, size_t *, const char *); | ||
51 | |||
52 | void mutate_byte(uint8_t *); | ||
53 | void mutate_int(int *); | ||
54 | void mutate_blob(struct blob *); | ||
55 | void mutate_string(char *); | ||
56 | |||
57 | void * dev_open(const char *); | ||
58 | void dev_close(void *); | ||
59 | void set_wire_data(uint8_t *, size_t); | ||
60 | int dev_read(void *, unsigned char *, size_t, int); | ||
61 | int dev_write(void *, const unsigned char *, size_t); | ||
62 | |||
63 | uint32_t uniform_random(uint32_t); | ||
64 | |||
65 | #endif /* !_MUTATOR_AUX_H */ | ||