1 /* 2 * ***************************************************************************** 3 * 4 * SPDX-License-Identifier: BSD-2-Clause 5 * 6 * Copyright (c) 2018-2024 Gavin D. Howard and contributors. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * * Redistributions of source code must retain the above copyright notice, this 12 * list of conditions and the following disclaimer. 13 * 14 * * Redistributions in binary form must reproduce the above copyright notice, 15 * this list of conditions and the following disclaimer in the documentation 16 * and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 * POSSIBILITY OF SUCH DAMAGE. 29 * 30 * ***************************************************************************** 31 * 32 * The entry point for libFuzzer when fuzzing bc. 33 * 34 */ 35 36 #include <setjmp.h> 37 #include <string.h> 38 39 #include <version.h> 40 #include <status.h> 41 #include <ossfuzz.h> 42 #include <vm.h> 43 #include <bc.h> 44 #include <dc.h> 45 46 uint8_t* bc_fuzzer_data; 47 48 /// A boolean about whether we should use -c (false) or -C (true). 49 static bool bc_C; 50 51 int 52 LLVMFuzzerInitialize(int* argc, char*** argv) 53 { 54 BC_UNUSED(argc); 55 56 if (argv == NULL || *argv == NULL) 57 { 58 bc_C = false; 59 } 60 else 61 { 62 char* name; 63 64 // Get the basename 65 name = strrchr((*argv)[0], BC_FILE_SEP); 66 name = name == NULL ? (*argv)[0] : name + 1; 67 68 // Figure out which to use. 69 bc_C = (strcmp(name, "bc_fuzzer_C") == 0); 70 } 71 72 return 0; 73 } 74 75 int 76 LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) 77 { 78 BcStatus s; 79 80 // I've already tested empty input, so just ignore. 81 if (Size == 0 || Data[0] == '\0') return 0; 82 83 // Clear the global. This is to ensure a clean start. 84 memset(vm, 0, sizeof(BcVm)); 85 86 // Make sure to set the name. 87 vm->name = "bc"; 88 89 BC_SIG_LOCK; 90 91 // We *must* do this here. Otherwise, other code could not jump out all of 92 // the way. 93 bc_vec_init(&vm->jmp_bufs, sizeof(sigjmp_buf), BC_DTOR_NONE); 94 95 BC_SETJMP_LOCKED(vm, exit); 96 97 // Create a string with the data. 98 bc_fuzzer_data = bc_vm_malloc(Size + 1); 99 memcpy(bc_fuzzer_data, Data, Size); 100 bc_fuzzer_data[Size] = '\0'; 101 102 s = bc_main((int) (bc_fuzzer_args_len - 1), 103 bc_C ? bc_fuzzer_args_C : bc_fuzzer_args_c); 104 105 exit: 106 107 BC_SIG_MAYLOCK; 108 109 free(bc_fuzzer_data); 110 111 return s == BC_STATUS_SUCCESS || s == BC_STATUS_QUIT ? 0 : -1; 112 } 113