aboutsummaryrefslogtreecommitdiff
path: root/fuzz
diff options
context:
space:
mode:
Diffstat (limited to 'fuzz')
-rw-r--r--fuzz/.gitignore1
-rw-r--r--fuzz/Makefile13
-rw-r--r--fuzz/buffer-fuzzer.c106
-rw-r--r--fuzz/dictionaries/buffer-fuzzer.dict15
-rw-r--r--fuzz/inputs/buffer-fuzzer/buffer-fuzzer.in9
5 files changed, 142 insertions, 2 deletions
diff --git a/fuzz/.gitignore b/fuzz/.gitignore
index af19e48..21d1a0c 100644
--- a/fuzz/.gitignore
+++ b/fuzz/.gitignore
@@ -1,2 +1,3 @@
/results
/text-fuzzer
+/buffer-fuzzer
diff --git a/fuzz/Makefile b/fuzz/Makefile
index 66037a2..bb05bd6 100644
--- a/fuzz/Makefile
+++ b/fuzz/Makefile
@@ -1,6 +1,6 @@
-include ../../config.mk
-ALL = text-fuzzer
+ALL = text-fuzzer buffer-fuzzer
CC = afl-gcc
CFLAGS += -I. -I../.. -DBUFFER_SIZE=4 -DBLOCK_SIZE=4
@@ -10,6 +10,10 @@ text-fuzzer: text-fuzzer.c fuzzer.h ../../text.c ../../text-util.c ../../text-mo
@echo Compiling $@ binary
${CC} ${CFLAGS} ${CFLAGS_STD} ${CFLAGS_EXTRA} ${filter %.c, $^} ${LDFLAGS} -o $@
+buffer-fuzzer: buffer-fuzzer.c fuzzer.h ../../buffer.c
+ @echo Compiling $@ binary
+ @${CC} ${CFLAGS} ${CFLAGS_STD} ${CFLAGS_EXTRA} ${filter %.c, $^} ${LDFLAGS} -o $@
+
debug: clean
$(MAKE) CFLAGS_EXTRA='${CFLAGS_EXTRA} ${CFLAGS_DEBUG}'
@@ -18,6 +22,11 @@ afl-fuzz-text: text-fuzzer
@afl-fuzz -i - -x "dictionaries/$<.dict" -o "results/$<" -- "./$<" || \
afl-fuzz -i "inputs/$<" -x "dictionaries/$<.dict" -o "results/$<" -- "./$<"
+afl-fuzz-buffer: buffer-fuzzer
+ @mkdir -p "results/$<"
+ @afl-fuzz -i - -x "dictionaries/$<.dict" -o "results/$<" -- "./$<" || \
+ afl-fuzz -i "inputs/$<" -x "dictionaries/$<.dict" -o "results/$<" -- "./$<"
+
clean:
@echo cleaning
@rm -f $(ALL)
@@ -25,4 +34,4 @@ clean:
distclean: clean
@rm -rf results/
-.PHONY: clean distclean debug afl-fuzz-text
+.PHONY: clean distclean debug afl-fuzz-text afl-fuzz-buffer
diff --git a/fuzz/buffer-fuzzer.c b/fuzz/buffer-fuzzer.c
new file mode 100644
index 0000000..fea3ec8
--- /dev/null
+++ b/fuzz/buffer-fuzzer.c
@@ -0,0 +1,106 @@
+#include <stddef.h>
+#include <stdbool.h>
+#include <string.h>
+#include <errno.h>
+#include <stdio.h>
+#include <unistd.h>
+#include "fuzzer.h"
+#include "buffer.h"
+#include "util.h"
+
+#ifndef BUFSIZ
+#define BUFSIZ 1024
+#endif
+
+typedef enum CmdStatus (*Cmd)(Buffer *buf, const char *cmd);
+
+static enum CmdStatus cmd_insert(Buffer *buf, const char *cmd) {
+ char data[BUFSIZ];
+ size_t pos;
+ if (sscanf(cmd, "%zu %s\n", &pos, data) != 2)
+ return CMD_ERR;
+ return buffer_insert0(buf, pos, data);
+}
+
+static enum CmdStatus cmd_set(Buffer *buf, const char *cmd) {
+ char data[BUFSIZ];
+ if (sscanf(cmd, "%s\n", data) != 1)
+ return CMD_ERR;
+ return buffer_put0(buf, data);
+}
+
+static enum CmdStatus cmd_delete(Buffer *buf, const char *cmd) {
+ size_t pos, len;
+ if (sscanf(cmd, "%zu %zu", &pos, &len) != 2)
+ return CMD_ERR;
+ return buffer_remove(buf, pos, len);
+}
+
+static enum CmdStatus cmd_clear(Buffer *buf, const char *cmd) {
+ buffer_clear(buf);
+ return CMD_OK;
+}
+
+static enum CmdStatus cmd_size(Buffer *buf, const char *cmd) {
+ printf("%zu bytes\n", buffer_length(buf));
+ return CMD_OK;
+}
+
+static enum CmdStatus cmd_capacity(Buffer *buf, const char *cmd) {
+ printf("%zu bytes\n", buffer_capacity(buf));
+ return CMD_OK;
+}
+
+static enum CmdStatus cmd_print(Buffer *buf, const char *cmd) {
+ size_t len = buffer_length(buf);
+ const char *data = buffer_content(buf);
+ if (data && fwrite(data, len, 1, stdout) != 1)
+ return CMD_ERR;
+ if (data)
+ puts("");
+ return CMD_OK;
+}
+
+static enum CmdStatus cmd_quit(Buffer *buf, const char *cmd) {
+ return CMD_QUIT;
+}
+
+static Cmd commands[] = {
+ ['?'] = cmd_capacity,
+ ['='] = cmd_set,
+ ['#'] = cmd_size,
+ ['c'] = cmd_clear,
+ ['d'] = cmd_delete,
+ ['i'] = cmd_insert,
+ ['p'] = cmd_print,
+ ['q'] = cmd_quit,
+};
+
+int main(int argc, char *argv[]) {
+ char line[BUFSIZ];
+ Buffer buf;
+ buffer_init(&buf);
+
+ for (;;) {
+ printf("> ");
+ if (!fgets(line, sizeof(line), stdin))
+ break;
+ if (!isatty(0))
+ printf("%s", line);
+ if (line[0] == '\n')
+ continue;
+ size_t idx = line[0];
+ if (idx < LENGTH(commands) && commands[idx]) {
+ enum CmdStatus ret = commands[idx](&buf, line+1);
+ printf("%s", cmd_status_msg[ret]);
+ if (ret == CMD_QUIT)
+ break;
+ } else {
+ puts("Invalid command");
+ }
+ }
+
+ buffer_release(&buf);
+
+ return 0;
+}
diff --git a/fuzz/dictionaries/buffer-fuzzer.dict b/fuzz/dictionaries/buffer-fuzzer.dict
new file mode 100644
index 0000000..4497343
--- /dev/null
+++ b/fuzz/dictionaries/buffer-fuzzer.dict
@@ -0,0 +1,15 @@
+# AFL dictionary for buffer-fuzzer
+#
+# Not sure whether it makes sense to specify a dictionary,
+# the syntax is quite simple?
+#
+cmd_capacity="?"
+cmd_set="="
+cmd_size="#"
+cmd_clear="c"
+# cmd_delete="d 0 1"
+cmd_delete="d"
+# cmd_insert="i 0 text"
+cmd_insert="i"
+cmd_print="p"
+cmd_quit="q"
diff --git a/fuzz/inputs/buffer-fuzzer/buffer-fuzzer.in b/fuzz/inputs/buffer-fuzzer/buffer-fuzzer.in
new file mode 100644
index 0000000..20120c7
--- /dev/null
+++ b/fuzz/inputs/buffer-fuzzer/buffer-fuzzer.in
@@ -0,0 +1,9 @@
+i 0 text
+d 1 2
+p
+i 1 ex
+p
+= data
+p
+c
+q
You can read more about the author.