xref: /freebsd/contrib/bc/src/bc_fuzzer.c (revision 35c0a8c449fd2b7f75029ebed5e10852240f0865)
1 /*
2  * *****************************************************************************
3  *
4  * SPDX-License-Identifier: BSD-2-Clause
5  *
6  * Copyright (c) 2018-2024 Gavin D. Howard and contributors.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions are met:
10  *
11  * * Redistributions of source code must retain the above copyright notice, this
12  *   list of conditions and the following disclaimer.
13  *
14  * * Redistributions in binary form must reproduce the above copyright notice,
15  *   this list of conditions and the following disclaimer in the documentation
16  *   and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28  * POSSIBILITY OF SUCH DAMAGE.
29  *
30  * *****************************************************************************
31  *
32  * The entry point for libFuzzer when fuzzing bc.
33  *
34  */
35 
36 #include <setjmp.h>
37 #include <string.h>
38 
39 #include <version.h>
40 #include <status.h>
41 #include <ossfuzz.h>
42 #include <vm.h>
43 #include <bc.h>
44 #include <dc.h>
45 
46 uint8_t* bc_fuzzer_data;
47 
48 /// A boolean about whether we should use -c (false) or -C (true).
49 static bool bc_C;
50 
51 int
52 LLVMFuzzerInitialize(int* argc, char*** argv)
53 {
54 	BC_UNUSED(argc);
55 
56 	if (argv == NULL || *argv == NULL)
57 	{
58 		bc_C = false;
59 	}
60 	else
61 	{
62 		char* name;
63 
64 		// Get the basename
65 		name = strrchr((*argv)[0], BC_FILE_SEP);
66 		name = name == NULL ? (*argv)[0] : name + 1;
67 
68 		// Figure out which to use.
69 		bc_C = (strcmp(name, "bc_fuzzer_C") == 0);
70 	}
71 
72 	return 0;
73 }
74 
75 int
76 LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size)
77 {
78 	BcStatus s;
79 
80 	// I've already tested empty input, so just ignore.
81 	if (Size == 0 || Data[0] == '\0') return 0;
82 
83 	// Clear the global. This is to ensure a clean start.
84 	memset(vm, 0, sizeof(BcVm));
85 
86 	// Make sure to set the name.
87 	vm->name = "bc";
88 
89 	BC_SIG_LOCK;
90 
91 	// We *must* do this here. Otherwise, other code could not jump out all of
92 	// the way.
93 	bc_vec_init(&vm->jmp_bufs, sizeof(sigjmp_buf), BC_DTOR_NONE);
94 
95 	BC_SETJMP_LOCKED(vm, exit);
96 
97 	// Create a string with the data.
98 	bc_fuzzer_data = bc_vm_malloc(Size + 1);
99 	memcpy(bc_fuzzer_data, Data, Size);
100 	bc_fuzzer_data[Size] = '\0';
101 
102 	s = bc_main((int) (bc_fuzzer_args_len - 1),
103 	            bc_C ? bc_fuzzer_args_C : bc_fuzzer_args_c);
104 
105 exit:
106 
107 	BC_SIG_MAYLOCK;
108 
109 	free(bc_fuzzer_data);
110 
111 	return s == BC_STATUS_SUCCESS || s == BC_STATUS_QUIT ? 0 : -1;
112 }
113