xref: /aosp_15_r20/external/AFLplusplus/utils/qbdi_mode/demo-so.c (revision 08b48e0b10e97b33e7b60c5b6e2243bd915777f2) 
1*08b48e0bSAndroid Build Coastguard Worker #include <stdio.h>
2*08b48e0bSAndroid Build Coastguard Worker 
3*08b48e0bSAndroid Build Coastguard Worker // gcc -shared -o libdemo.so demo-so.c -w
target_func(char * buf,int size)4*08b48e0bSAndroid Build Coastguard Worker int target_func(char *buf, int size) {
5*08b48e0bSAndroid Build Coastguard Worker 
6*08b48e0bSAndroid Build Coastguard Worker   printf("buffer:%p, size:%p\n", buf, size);
7*08b48e0bSAndroid Build Coastguard Worker   switch (buf[0]) {
8*08b48e0bSAndroid Build Coastguard Worker 
9*08b48e0bSAndroid Build Coastguard Worker     case 1:
10*08b48e0bSAndroid Build Coastguard Worker       puts("222");
11*08b48e0bSAndroid Build Coastguard Worker       if (buf[1] == '\x44') {
12*08b48e0bSAndroid Build Coastguard Worker 
13*08b48e0bSAndroid Build Coastguard Worker         puts("null ptr deference");
14*08b48e0bSAndroid Build Coastguard Worker         *(char *)(0) = 1;
15*08b48e0bSAndroid Build Coastguard Worker 
16*08b48e0bSAndroid Build Coastguard Worker       }
17*08b48e0bSAndroid Build Coastguard Worker 
18*08b48e0bSAndroid Build Coastguard Worker       break;
19*08b48e0bSAndroid Build Coastguard Worker     case 0xff:
20*08b48e0bSAndroid Build Coastguard Worker       if (buf[2] == '\xff') {
21*08b48e0bSAndroid Build Coastguard Worker 
22*08b48e0bSAndroid Build Coastguard Worker         if (buf[1] == '\x44') {
23*08b48e0bSAndroid Build Coastguard Worker 
24*08b48e0bSAndroid Build Coastguard Worker           puts("crash....");
25*08b48e0bSAndroid Build Coastguard Worker           *(char *)(0xdeadbeef) = 1;
26*08b48e0bSAndroid Build Coastguard Worker 
27*08b48e0bSAndroid Build Coastguard Worker         }
28*08b48e0bSAndroid Build Coastguard Worker 
29*08b48e0bSAndroid Build Coastguard Worker       }
30*08b48e0bSAndroid Build Coastguard Worker 
31*08b48e0bSAndroid Build Coastguard Worker       break;
32*08b48e0bSAndroid Build Coastguard Worker     default:
33*08b48e0bSAndroid Build Coastguard Worker       puts("default action");
34*08b48e0bSAndroid Build Coastguard Worker       break;
35*08b48e0bSAndroid Build Coastguard Worker 
36*08b48e0bSAndroid Build Coastguard Worker   }
37*08b48e0bSAndroid Build Coastguard Worker 
38*08b48e0bSAndroid Build Coastguard Worker   return 1;
39*08b48e0bSAndroid Build Coastguard Worker 
40*08b48e0bSAndroid Build Coastguard Worker }
41*08b48e0bSAndroid Build Coastguard Worker 
42