Mercurial > hg

view contrib/fuzz/standalone_fuzz_target_runner.cc @ 43813:5a9e2ae9899b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fuzz: use a more standard approach to allow local builds of fuzzers This is taken from the (improved since we started fuzzing) guide on ideal integrations. Rather than have our own wonky targets for building outside the fuzzer universe, we have a driver program we carry along and use when we're not using LibFuzzer. This will let us jettison a fair amount of goo. contrib/fuzz/standalone_fuzz_target_runner.cc is https://github.com/google/oss-fuzz/ file projects/example/my-api-repo/standalone from git revision c4579d9358a73ea5dbcc99cb985de1f2bf76dcf7, reformatted with out clang-format settings and a no-check-code comment added. It allows running a single test input through a fuzzer, rather than performing ongoing fuzzing as libfuzzer would. contrib/fuzz/FuzzedDataProvider.h is https://github.com/llvm/llvm-project/ file /compiler-rt/include/fuzzer/FuzzedDataProvider.h from git revision a44ef027ebca1598892ea9b104d6189aeb3bc2f0, reformatted with our clang-format settings and a no-check-code comment added. We can discard this if we instead want to add an hghave check for a new enough llvm that includes FuzzedDataProvder.h in the fuzzer headers. Differential Revision: https://phab.mercurial-scm.org/D7564
author Augie Fackler <augie@google.com>
date Fri, 06 Dec 2019 15:19:47 -0500
parents
children e137338e926b
line wrap: on
line source

// Copyright 2017 Google Inc. All Rights Reserved.
// Licensed under the Apache License, Version 2.0 (the "License");

// Example of a standalone runner for "fuzz targets".
// It reads all files passed as parameters and feeds their contents
// one by one into the fuzz target (LLVMFuzzerTestOneInput).
// This runner does not do any fuzzing, but allows us to run the fuzz target
// on the test corpus (e.g. "do_stuff_test_data") or on a single file,
// e.g. the one that comes from a bug report.

#include <cassert>
#include <fstream>
#include <iostream>
#include <vector>

// Forward declare the "fuzz target" interface.
// We deliberately keep this inteface simple and header-free.
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);

int main(int argc, char **argv)
{
	for (int i = 1; i < argc; i++) {
		std::ifstream in(argv[i]);
		in.seekg(0, in.end);
		size_t length = in.tellg();
		in.seekg(0, in.beg);
		std::cout << "Reading " << length << " bytes from " << argv[i]
		          << std::endl;
		// Allocate exactly length bytes so that we reliably catch
		// buffer overflows.
		std::vector<char> bytes(length);
		in.read(bytes.data(), bytes.size());
		assert(in);
		LLVMFuzzerTestOneInput(
		    reinterpret_cast<const uint8_t *>(bytes.data()),
		    bytes.size());
		std::cout << "Execution successful" << std::endl;
	}
	return 0;
}
// no-check-code since this is from a third party