1 /*
2 * *****************************************************************************
3 *
4 * SPDX-License-Identifier: BSD-2-Clause
5 *
6 * Copyright (c) 2018-2025 Gavin D. Howard and contributors.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
10 *
11 * * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
13 *
14 * * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 *
30 * *****************************************************************************
31 *
32 * The entry point for libFuzzer when fuzzing dc.
33 *
34 */
35
36 #include <setjmp.h>
37 #include <string.h>
38
39 #include <status.h>
40 #include <ossfuzz.h>
41 #include <vm.h>
42 #include <bc.h>
43 #include <dc.h>
44
45 uint8_t* bc_fuzzer_data;
46
47 /// A boolean about whether we should use -c (false) or -C (true).
48 static bool dc_C;
49
50 int
LLVMFuzzerInitialize(int * argc,char *** argv)51 LLVMFuzzerInitialize(int* argc, char*** argv)
52 {
53 BC_UNUSED(argc);
54
55 if (argv == NULL || *argv == NULL)
56 {
57 dc_C = false;
58 }
59 else
60 {
61 char* name;
62
63 // Get the basename
64 name = strrchr((*argv)[0], BC_FILE_SEP);
65 name = name == NULL ? (*argv)[0] : name + 1;
66
67 // Figure out which to use.
68 dc_C = (strcmp(name, "dc_fuzzer_C") == 0);
69 }
70
71 return 0;
72 }
73
74 int
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)75 LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size)
76 {
77 BcStatus s;
78
79 // I've already tested empty input, so just ignore.
80 if (Size == 0 || Data[0] == '\0') return 0;
81
82 // Clear the global. This is to ensure a clean start.
83 memset(vm, 0, sizeof(BcVm));
84
85 // Make sure to set the name.
86 vm->name = "dc";
87
88 BC_SIG_LOCK;
89
90 // We *must* do this here. Otherwise, other code could not jump out all of
91 // the way.
92 bc_vec_init(&vm->jmp_bufs, sizeof(sigjmp_buf), BC_DTOR_NONE);
93
94 BC_SETJMP_LOCKED(vm, exit);
95
96 // Create a string with the data.
97 bc_fuzzer_data = bc_vm_malloc(Size + 1);
98 memcpy(bc_fuzzer_data, Data, Size);
99 bc_fuzzer_data[Size] = '\0';
100
101 s = dc_main((int) (bc_fuzzer_args_len - 1),
102 dc_C ? dc_fuzzer_args_C : dc_fuzzer_args_c);
103
104 exit:
105
106 BC_SIG_MAYLOCK;
107
108 free(bc_fuzzer_data);
109
110 return s == BC_STATUS_SUCCESS || s == BC_STATUS_QUIT ? 0 : -1;
111 }
112