xref: /aosp_15_r20/external/AFLplusplus/utils/persistent_mode/persistent_demo.c (revision 08b48e0b10e97b33e7b60c5b6e2243bd915777f2) 
1*08b48e0bSAndroid Build Coastguard Worker /*
2*08b48e0bSAndroid Build Coastguard Worker    american fuzzy lop++ - persistent mode example
3*08b48e0bSAndroid Build Coastguard Worker    --------------------------------------------
4*08b48e0bSAndroid Build Coastguard Worker 
5*08b48e0bSAndroid Build Coastguard Worker    Originally written by Michal Zalewski
6*08b48e0bSAndroid Build Coastguard Worker 
7*08b48e0bSAndroid Build Coastguard Worker    Copyright 2015 Google Inc. All rights reserved.
8*08b48e0bSAndroid Build Coastguard Worker 
9*08b48e0bSAndroid Build Coastguard Worker    Licensed under the Apache License, Version 2.0 (the "License");
10*08b48e0bSAndroid Build Coastguard Worker    you may not use this file except in compliance with the License.
11*08b48e0bSAndroid Build Coastguard Worker    You may obtain a copy of the License at:
12*08b48e0bSAndroid Build Coastguard Worker 
13*08b48e0bSAndroid Build Coastguard Worker      http://www.apache.org/licenses/LICENSE-2.0
14*08b48e0bSAndroid Build Coastguard Worker 
15*08b48e0bSAndroid Build Coastguard Worker    This file demonstrates the high-performance "persistent mode" that may be
16*08b48e0bSAndroid Build Coastguard Worker    suitable for fuzzing certain fast and well-behaved libraries, provided that
17*08b48e0bSAndroid Build Coastguard Worker    they are stateless or that their internal state can be easily reset
18*08b48e0bSAndroid Build Coastguard Worker    across runs.
19*08b48e0bSAndroid Build Coastguard Worker 
20*08b48e0bSAndroid Build Coastguard Worker    To make this work, the library and this shim need to be compiled in LLVM
21*08b48e0bSAndroid Build Coastguard Worker    mode using afl-clang-fast (other compiler wrappers will *not* work).
22*08b48e0bSAndroid Build Coastguard Worker 
23*08b48e0bSAndroid Build Coastguard Worker  */
24*08b48e0bSAndroid Build Coastguard Worker 
25*08b48e0bSAndroid Build Coastguard Worker #include <stdio.h>
26*08b48e0bSAndroid Build Coastguard Worker #include <stdlib.h>
27*08b48e0bSAndroid Build Coastguard Worker #include <unistd.h>
28*08b48e0bSAndroid Build Coastguard Worker #include <signal.h>
29*08b48e0bSAndroid Build Coastguard Worker #include <string.h>
30*08b48e0bSAndroid Build Coastguard Worker #include <limits.h>
31*08b48e0bSAndroid Build Coastguard Worker 
32*08b48e0bSAndroid Build Coastguard Worker /* Main entry point. */
33*08b48e0bSAndroid Build Coastguard Worker 
34*08b48e0bSAndroid Build Coastguard Worker /* To ensure checks are not optimized out it is recommended to disable
35*08b48e0bSAndroid Build Coastguard Worker    code optimization for the fuzzer harness main() */
36*08b48e0bSAndroid Build Coastguard Worker #pragma clang optimize off
37*08b48e0bSAndroid Build Coastguard Worker #pragma GCC            optimize("O0")
38*08b48e0bSAndroid Build Coastguard Worker 
main(int argc,char ** argv)39*08b48e0bSAndroid Build Coastguard Worker int main(int argc, char **argv) {
40*08b48e0bSAndroid Build Coastguard Worker 
41*08b48e0bSAndroid Build Coastguard Worker   ssize_t len;                               /* how much input did we read? */
42*08b48e0bSAndroid Build Coastguard Worker   char buf[100]; /* Example-only buffer, you'd replace it with other global or
43*08b48e0bSAndroid Build Coastguard Worker                     local variables appropriate for your use case. */
44*08b48e0bSAndroid Build Coastguard Worker 
45*08b48e0bSAndroid Build Coastguard Worker   /* The number passed to __AFL_LOOP() controls the maximum number of
46*08b48e0bSAndroid Build Coastguard Worker      iterations before the loop exits and the program is allowed to
47*08b48e0bSAndroid Build Coastguard Worker      terminate normally. This limits the impact of accidental memory leaks
48*08b48e0bSAndroid Build Coastguard Worker      and similar hiccups. */
49*08b48e0bSAndroid Build Coastguard Worker 
50*08b48e0bSAndroid Build Coastguard Worker   __AFL_INIT();
51*08b48e0bSAndroid Build Coastguard Worker   while (__AFL_LOOP(UINT_MAX)) {
52*08b48e0bSAndroid Build Coastguard Worker 
53*08b48e0bSAndroid Build Coastguard Worker     /*** PLACEHOLDER CODE ***/
54*08b48e0bSAndroid Build Coastguard Worker 
55*08b48e0bSAndroid Build Coastguard Worker     /* STEP 1: Fully re-initialize all critical variables. In our example, this
56*08b48e0bSAndroid Build Coastguard Worker                involves zeroing buf[], our input buffer. */
57*08b48e0bSAndroid Build Coastguard Worker 
58*08b48e0bSAndroid Build Coastguard Worker     memset(buf, 0, 100);
59*08b48e0bSAndroid Build Coastguard Worker 
60*08b48e0bSAndroid Build Coastguard Worker     /* STEP 2: Read input data. When reading from stdin, no special preparation
61*08b48e0bSAndroid Build Coastguard Worker                is required. When reading from a named file, you need to close
62*08b48e0bSAndroid Build Coastguard Worker                the old descriptor and reopen the file first!
63*08b48e0bSAndroid Build Coastguard Worker 
64*08b48e0bSAndroid Build Coastguard Worker                Beware of reading from buffered FILE* objects such as stdin. Use
65*08b48e0bSAndroid Build Coastguard Worker                raw file descriptors or call fopen() / fdopen() in every pass. */
66*08b48e0bSAndroid Build Coastguard Worker 
67*08b48e0bSAndroid Build Coastguard Worker     len = read(0, buf, 100);
68*08b48e0bSAndroid Build Coastguard Worker 
69*08b48e0bSAndroid Build Coastguard Worker     /* STEP 3: This is where we'd call the tested library on the read data.
70*08b48e0bSAndroid Build Coastguard Worker                We just have some trivial inline code that faults on 'foo!'. */
71*08b48e0bSAndroid Build Coastguard Worker 
72*08b48e0bSAndroid Build Coastguard Worker     /* do we have enough data? */
73*08b48e0bSAndroid Build Coastguard Worker     if (len < 8) continue;
74*08b48e0bSAndroid Build Coastguard Worker 
75*08b48e0bSAndroid Build Coastguard Worker     if (buf[0] == 'f') {
76*08b48e0bSAndroid Build Coastguard Worker 
77*08b48e0bSAndroid Build Coastguard Worker       printf("one\n");
78*08b48e0bSAndroid Build Coastguard Worker       if (buf[1] == 'o') {
79*08b48e0bSAndroid Build Coastguard Worker 
80*08b48e0bSAndroid Build Coastguard Worker         printf("two\n");
81*08b48e0bSAndroid Build Coastguard Worker         if (buf[2] == 'o') {
82*08b48e0bSAndroid Build Coastguard Worker 
83*08b48e0bSAndroid Build Coastguard Worker           printf("three\n");
84*08b48e0bSAndroid Build Coastguard Worker           if (buf[3] == '!') {
85*08b48e0bSAndroid Build Coastguard Worker 
86*08b48e0bSAndroid Build Coastguard Worker             printf("four\n");
87*08b48e0bSAndroid Build Coastguard Worker             if (buf[4] == '!') {
88*08b48e0bSAndroid Build Coastguard Worker 
89*08b48e0bSAndroid Build Coastguard Worker               printf("five\n");
90*08b48e0bSAndroid Build Coastguard Worker               if (buf[5] == '!') {
91*08b48e0bSAndroid Build Coastguard Worker 
92*08b48e0bSAndroid Build Coastguard Worker                 printf("six\n");
93*08b48e0bSAndroid Build Coastguard Worker                 abort();
94*08b48e0bSAndroid Build Coastguard Worker 
95*08b48e0bSAndroid Build Coastguard Worker               }
96*08b48e0bSAndroid Build Coastguard Worker 
97*08b48e0bSAndroid Build Coastguard Worker             }
98*08b48e0bSAndroid Build Coastguard Worker 
99*08b48e0bSAndroid Build Coastguard Worker           }
100*08b48e0bSAndroid Build Coastguard Worker 
101*08b48e0bSAndroid Build Coastguard Worker         }
102*08b48e0bSAndroid Build Coastguard Worker 
103*08b48e0bSAndroid Build Coastguard Worker       }
104*08b48e0bSAndroid Build Coastguard Worker 
105*08b48e0bSAndroid Build Coastguard Worker     }
106*08b48e0bSAndroid Build Coastguard Worker 
107*08b48e0bSAndroid Build Coastguard Worker     /*** END PLACEHOLDER CODE ***/
108*08b48e0bSAndroid Build Coastguard Worker 
109*08b48e0bSAndroid Build Coastguard Worker   }
110*08b48e0bSAndroid Build Coastguard Worker 
111*08b48e0bSAndroid Build Coastguard Worker   /* Once the loop is exited, terminate normally - AFL will restart the process
112*08b48e0bSAndroid Build Coastguard Worker      when this happens, with a clean slate when it comes to allocated memory,
113*08b48e0bSAndroid Build Coastguard Worker      leftover file descriptors, etc. */
114*08b48e0bSAndroid Build Coastguard Worker 
115*08b48e0bSAndroid Build Coastguard Worker   return 0;
116*08b48e0bSAndroid Build Coastguard Worker 
117*08b48e0bSAndroid Build Coastguard Worker }
118*08b48e0bSAndroid Build Coastguard Worker 
119