1 /* 2 * ***************************************************************************** 3 * 4 * SPDX-License-Identifier: BSD-2-Clause 5 * 6 * Copyright (c) 2018-2025 Gavin D. Howard and contributors. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * * Redistributions of source code must retain the above copyright notice, this 12 * list of conditions and the following disclaimer. 13 * 14 * * Redistributions in binary form must reproduce the above copyright notice, 15 * this list of conditions and the following disclaimer in the documentation 16 * and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 * POSSIBILITY OF SUCH DAMAGE. 29 * 30 * ***************************************************************************** 31 * 32 * The entry point for libFuzzer when fuzzing dc. 33 * 34 */ 35 36 #include <setjmp.h> 37 #include <string.h> 38 39 #include <status.h> 40 #include <ossfuzz.h> 41 #include <vm.h> 42 #include <bc.h> 43 #include <dc.h> 44 45 uint8_t* bc_fuzzer_data; 46 47 /// A boolean about whether we should use -c (false) or -C (true). 48 static bool dc_C; 49 50 int 51 LLVMFuzzerInitialize(int* argc, char*** argv) 52 { 53 BC_UNUSED(argc); 54 55 if (argv == NULL || *argv == NULL) 56 { 57 dc_C = false; 58 } 59 else 60 { 61 char* name; 62 63 // Get the basename 64 name = strrchr((*argv)[0], BC_FILE_SEP); 65 name = name == NULL ? (*argv)[0] : name + 1; 66 67 // Figure out which to use. 68 dc_C = (strcmp(name, "dc_fuzzer_C") == 0); 69 } 70 71 return 0; 72 } 73 74 int 75 LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) 76 { 77 BcStatus s; 78 79 // I've already tested empty input, so just ignore. 80 if (Size == 0 || Data[0] == '\0') return 0; 81 82 // Clear the global. This is to ensure a clean start. 83 memset(vm, 0, sizeof(BcVm)); 84 85 // Make sure to set the name. 86 vm->name = "dc"; 87 88 BC_SIG_LOCK; 89 90 // We *must* do this here. Otherwise, other code could not jump out all of 91 // the way. 92 bc_vec_init(&vm->jmp_bufs, sizeof(sigjmp_buf), BC_DTOR_NONE); 93 94 BC_SETJMP_LOCKED(vm, exit); 95 96 // Create a string with the data. 97 bc_fuzzer_data = bc_vm_malloc(Size + 1); 98 memcpy(bc_fuzzer_data, Data, Size); 99 bc_fuzzer_data[Size] = '\0'; 100 101 s = dc_main((int) (bc_fuzzer_args_len - 1), 102 dc_C ? dc_fuzzer_args_C : dc_fuzzer_args_c); 103 104 exit: 105 106 BC_SIG_MAYLOCK; 107 108 free(bc_fuzzer_data); 109 110 return s == BC_STATUS_SUCCESS || s == BC_STATUS_QUIT ? 0 : -1; 111 } 112