1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
#include "libhfuzz/fetch.h"
#include <errno.h>
#include <fcntl.h>
#include <stdbool.h>
#include <stdint.h>
#include <sys/mman.h>
#include <unistd.h>
#include "honggfuzz.h"
#include "libhfcommon/files.h"
#include "libhfcommon/log.h"
/*
* If this signature is visible inside a binary, it's probably a persistent-style fuzzing program.
* This discovery mode is employed by honggfuzz
*/
__attribute__((visibility("default"))) __attribute__((used)) const char* LIBHFUZZ_module_fetch =
_HF_PERSISTENT_SIG;
static const uint8_t* inputFile = NULL;
__attribute__((constructor)) static void init(void) {
if (fcntl(_HF_INPUT_FD, F_GETFD) == -1 && errno == EBADF) {
return;
}
if ((inputFile = mmap(NULL, _HF_INPUT_MAX_SIZE, PROT_READ, MAP_SHARED, _HF_INPUT_FD, 0)) ==
MAP_FAILED) {
PLOG_F("mmap(fd=%d, size=%zu) of the input file failed", _HF_INPUT_FD,
(size_t)_HF_INPUT_MAX_SIZE);
}
}
void HonggfuzzFetchData(const uint8_t** buf_ptr, size_t* len_ptr) {
if (!files_writeToFd(_HF_PERSISTENT_FD, &HFReadyTag, sizeof(HFReadyTag))) {
LOG_F("writeToFd(size=%zu, readyTag) failed", sizeof(HFReadyTag));
}
uint64_t rcvLen;
ssize_t sz = files_readFromFd(_HF_PERSISTENT_FD, (uint8_t*)&rcvLen, sizeof(rcvLen));
if (sz == -1) {
PLOG_F("readFromFd(fd=%d, size=%zu) failed", _HF_PERSISTENT_FD, sizeof(rcvLen));
}
if (sz != sizeof(rcvLen)) {
LOG_F("readFromFd(fd=%d, size=%zu) failed, received=%zd bytes", _HF_PERSISTENT_FD,
sizeof(rcvLen), sz);
}
*buf_ptr = inputFile;
*len_ptr = (size_t)rcvLen;
if (lseek(_HF_INPUT_FD, (off_t)0, SEEK_SET) == -1) {
PLOG_W("lseek(_HF_INPUT_FD=%d, 0)", _HF_INPUT_FD);
}
}
bool fetchIsInputAvailable(void) {
LOG_D("Current module: %s", LIBHFUZZ_module_fetch);
return (inputFile != NULL);
}
|
