From a5b315a5873f1f71f7b41381e015013bc3072ae2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc=20Andr=C3=A9=20Tanner?= <mat@brain-dump.org>
Date: Mon, 20 Feb 2017 14:35:59 +0100
Subject: test/fuzz: add fuzzing driver for buffer

---
 fuzz/.gitignore                            |   1 +
 fuzz/Makefile                              |  13 +++-
 fuzz/buffer-fuzzer.c                       | 106 +++++++++++++++++++++++++++++
 fuzz/dictionaries/buffer-fuzzer.dict       |  15 ++++
 fuzz/inputs/buffer-fuzzer/buffer-fuzzer.in |   9 +++
 5 files changed, 142 insertions(+), 2 deletions(-)
 create mode 100644 fuzz/buffer-fuzzer.c
 create mode 100644 fuzz/dictionaries/buffer-fuzzer.dict
 create mode 100644 fuzz/inputs/buffer-fuzzer/buffer-fuzzer.in

(limited to 'fuzz')

diff --git a/fuzz/.gitignore b/fuzz/.gitignore
index af19e48..21d1a0c 100644
--- a/fuzz/.gitignore
+++ b/fuzz/.gitignore
@@ -1,2 +1,3 @@
 /results
 /text-fuzzer
+/buffer-fuzzer
diff --git a/fuzz/Makefile b/fuzz/Makefile
index 66037a2..bb05bd6 100644
--- a/fuzz/Makefile
+++ b/fuzz/Makefile
@@ -1,6 +1,6 @@
 -include ../../config.mk
 
-ALL = text-fuzzer
+ALL = text-fuzzer buffer-fuzzer
 CC = afl-gcc
 CFLAGS += -I. -I../.. -DBUFFER_SIZE=4 -DBLOCK_SIZE=4
 
@@ -10,6 +10,10 @@ text-fuzzer: text-fuzzer.c fuzzer.h ../../text.c ../../text-util.c ../../text-mo
 	@echo Compiling $@ binary
 	${CC} ${CFLAGS} ${CFLAGS_STD} ${CFLAGS_EXTRA} ${filter %.c, $^} ${LDFLAGS} -o $@
 
+buffer-fuzzer: buffer-fuzzer.c fuzzer.h ../../buffer.c
+	@echo Compiling $@ binary
+	@${CC} ${CFLAGS} ${CFLAGS_STD} ${CFLAGS_EXTRA} ${filter %.c, $^} ${LDFLAGS} -o $@
+
 debug: clean
 	$(MAKE) CFLAGS_EXTRA='${CFLAGS_EXTRA} ${CFLAGS_DEBUG}'
 
@@ -18,6 +22,11 @@ afl-fuzz-text: text-fuzzer
 	@afl-fuzz -i - -x "dictionaries/$<.dict" -o "results/$<" -- "./$<" || \
 	 afl-fuzz -i "inputs/$<" -x "dictionaries/$<.dict" -o "results/$<" -- "./$<"
 
+afl-fuzz-buffer: buffer-fuzzer
+	@mkdir -p "results/$<"
+	@afl-fuzz -i - -x "dictionaries/$<.dict" -o "results/$<" -- "./$<" || \
+	 afl-fuzz -i "inputs/$<" -x "dictionaries/$<.dict" -o "results/$<" -- "./$<"
+
 clean:
 	@echo cleaning
 	@rm -f $(ALL)
@@ -25,4 +34,4 @@ clean:
 distclean: clean
 	@rm -rf results/
 
-.PHONY: clean distclean debug afl-fuzz-text
+.PHONY: clean distclean debug afl-fuzz-text afl-fuzz-buffer
diff --git a/fuzz/buffer-fuzzer.c b/fuzz/buffer-fuzzer.c
new file mode 100644
index 0000000..fea3ec8
--- /dev/null
+++ b/fuzz/buffer-fuzzer.c
@@ -0,0 +1,106 @@
+#include <stddef.h>
+#include <stdbool.h>
+#include <string.h>
+#include <errno.h>
+#include <stdio.h>
+#include <unistd.h>
+#include "fuzzer.h"
+#include "buffer.h"
+#include "util.h"
+
+#ifndef BUFSIZ
+#define BUFSIZ 1024
+#endif
+
+typedef enum CmdStatus (*Cmd)(Buffer *buf, const char *cmd);
+
+static enum CmdStatus cmd_insert(Buffer *buf, const char *cmd) {
+	char data[BUFSIZ];
+	size_t pos;
+	if (sscanf(cmd, "%zu %s\n", &pos, data) != 2)
+		return CMD_ERR;
+	return buffer_insert0(buf, pos, data);
+}
+
+static enum CmdStatus cmd_set(Buffer *buf, const char *cmd) {
+	char data[BUFSIZ];
+	if (sscanf(cmd, "%s\n", data) != 1)
+		return CMD_ERR;
+	return buffer_put0(buf, data);
+}
+
+static enum CmdStatus cmd_delete(Buffer *buf, const char *cmd) {
+	size_t pos, len;
+	if (sscanf(cmd, "%zu %zu", &pos, &len) != 2)
+		return CMD_ERR;
+	return buffer_remove(buf, pos, len);
+}
+
+static enum CmdStatus cmd_clear(Buffer *buf, const char *cmd) {
+	buffer_clear(buf);
+	return CMD_OK;
+}
+
+static enum CmdStatus cmd_size(Buffer *buf, const char *cmd) {
+	printf("%zu bytes\n", buffer_length(buf));
+	return CMD_OK;
+}
+
+static enum CmdStatus cmd_capacity(Buffer *buf, const char *cmd) {
+	printf("%zu bytes\n", buffer_capacity(buf));
+	return CMD_OK;
+}
+
+static enum CmdStatus cmd_print(Buffer *buf, const char *cmd) {
+	size_t len = buffer_length(buf);
+	const char *data = buffer_content(buf);
+	if (data && fwrite(data, len, 1, stdout) != 1)
+		return CMD_ERR;
+	if (data)
+		puts("");
+	return CMD_OK;
+}
+
+static enum CmdStatus cmd_quit(Buffer *buf, const char *cmd) {
+	return CMD_QUIT;
+}
+
+static Cmd commands[] = {
+	['?'] = cmd_capacity,
+	['='] = cmd_set,
+	['#'] = cmd_size,
+	['c'] = cmd_clear,
+	['d'] = cmd_delete,
+	['i'] = cmd_insert,
+	['p'] = cmd_print,
+	['q'] = cmd_quit,
+};
+
+int main(int argc, char *argv[]) {
+	char line[BUFSIZ];
+	Buffer buf;
+	buffer_init(&buf);
+
+	for (;;) {
+		printf("> ");
+		if (!fgets(line, sizeof(line), stdin))
+			break;
+		if (!isatty(0))
+			printf("%s", line);
+		if (line[0] == '\n')
+			continue;
+		size_t idx = line[0];
+		if (idx < LENGTH(commands) && commands[idx]) {
+			enum CmdStatus ret = commands[idx](&buf, line+1);
+			printf("%s", cmd_status_msg[ret]);
+			if (ret == CMD_QUIT)
+				break;
+		} else {
+			puts("Invalid command");
+		}
+	}
+
+	buffer_release(&buf);
+
+	return 0;
+}
diff --git a/fuzz/dictionaries/buffer-fuzzer.dict b/fuzz/dictionaries/buffer-fuzzer.dict
new file mode 100644
index 0000000..4497343
--- /dev/null
+++ b/fuzz/dictionaries/buffer-fuzzer.dict
@@ -0,0 +1,15 @@
+# AFL dictionary for buffer-fuzzer
+#
+# Not sure whether it makes sense to specify a dictionary,
+# the syntax is quite simple?
+#
+cmd_capacity="?"
+cmd_set="="
+cmd_size="#"
+cmd_clear="c"
+# cmd_delete="d 0 1"
+cmd_delete="d"
+# cmd_insert="i 0 text"
+cmd_insert="i"
+cmd_print="p"
+cmd_quit="q"
diff --git a/fuzz/inputs/buffer-fuzzer/buffer-fuzzer.in b/fuzz/inputs/buffer-fuzzer/buffer-fuzzer.in
new file mode 100644
index 0000000..20120c7
--- /dev/null
+++ b/fuzz/inputs/buffer-fuzzer/buffer-fuzzer.in
@@ -0,0 +1,9 @@
+i 0 text
+d 1 2
+p
+i 1 ex
+p
+= data
+p
+c
+q
-- 
cgit v1.2.3