1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#[cfg(fuzzing_afl)]
pub mod fuzzer {
use std::io::Read;
extern "C" {
#[allow(improper_ctypes)]
fn __BOLERO__test(input: &[u8]);
fn __afl_persistent_loop(counter: usize) -> isize;
fn __afl_manual_init();
}
#[used]
static PERSIST_MARKER: &str = "##SIG_AFL_PERSISTENT##\0";
#[used]
static DEFERED_MARKER: &str = "##SIG_AFL_DEFER_FORKSRV##\0";
pub unsafe fn fuzz() {
std::panic::set_hook(Box::new(|info| {
println!("{}", info);
std::process::abort();
}));
let mut input = vec![];
__afl_manual_init();
while __afl_persistent_loop(1000) != 0 {
if std::io::stdin().read_to_end(&mut input).is_err() {
return;
}
let panicked = std::panic::catch_unwind(|| {
__BOLERO__test(&input);
})
.is_err();
if panicked {
std::process::abort();
}
input.clear();
}
}
}
#[cfg(fuzzing_afl)]
pub use fuzzer::*;
#[cfg(feature = "bin")]
pub mod bin {
use std::{
ffi::CString,
os::raw::{c_char, c_int},
};
extern "C" {
pub fn afl_fuzz_main(a: c_int, b: *const *const c_char) -> c_int;
}
pub unsafe fn exec<Args: Iterator<Item = String>>(args: Args) {
let args = args
.map(|arg| CString::new(arg).unwrap())
.collect::<Vec<_>>();
let c_args = args
.iter()
.map(|arg| arg.as_ptr())
.chain(Some(0 as *const _))
.collect::<Vec<_>>();
afl_fuzz_main(args.len() as c_int, c_args.as_ptr());
}
}
#[cfg(feature = "bin")]
pub use bin::*;