1 #include <stdint.h>
2 #include <stdlib.h>
3 #include <stdio.h>
4 #include <string.h>
5
6 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
7
8 #define MAX_INSTR_SIZE 64
9 #define MAX_LINE_SIZE 128
10
main(int argc,char ** argv)11 int main(int argc, char** argv)
12 {
13 FILE * fp;
14 uint8_t Data[MAX_INSTR_SIZE];
15 char line[MAX_LINE_SIZE];
16 size_t Size;
17 char arch[MAX_LINE_SIZE];
18 char mode[MAX_LINE_SIZE];
19 unsigned int value;
20 int i;
21
22 if (argc < 2) {
23 return 1;
24 }
25 for (i = 1; i < argc; i++) {
26 //opens the file, get its size, and reads it into a buffer
27 fp = fopen(argv[i], "rb");
28 if (fp == NULL) {
29 return 2;
30 }
31 printf("Trying %s\n", argv[i]);
32 if (fgets(line, MAX_LINE_SIZE, fp) == NULL) {
33 break;
34 }
35 if (line[0] == '#') {
36 if (sscanf(line, "# %[^,], %[^,]", arch, mode) != 2) {
37 printf("Wrong mode %s\n", line);
38 return 1;
39 }
40 if (strcmp(arch, "CS_ARCH_X86") == 0 && strcmp(mode, "CS_MODE_32") == 0) {
41 Data[0] = 0;
42 } else if (strcmp(arch, "CS_ARCH_X86") == 0 && strcmp(mode, "CS_MODE_64") == 0) {
43 Data[0] = 1;
44 } else if (strcmp(arch, "CS_ARCH_ARM") == 0 && strcmp(mode, "CS_MODE_ARM") == 0) {
45 Data[0] = 2;
46 } else if (strcmp(arch, "CS_ARCH_ARM") == 0 && strcmp(mode, "CS_MODE_THUMB") == 0) {
47 Data[0] = 3;
48 } else if (strcmp(arch, "CS_ARCH_ARM") == 0 && strcmp(mode, "CS_MODE_ARM+CS_MODE_V8") == 0) {
49 Data[0] = 4;
50 } else if (strcmp(arch, "CS_ARCH_ARM") == 0 && strcmp(mode, "CS_MODE_THUMB+CS_MODE_V8") == 0) {
51 Data[0] = 5;
52 } else if (strcmp(arch, "CS_ARCH_ARM") == 0 && strcmp(mode, "CS_MODE_THUMB+CS_MODE_MCLASS") == 0) {
53 Data[0] = 6;
54 } else if (strcmp(arch, "CS_ARCH_ARM64") == 0 && strcmp(mode, "0") == 0) {
55 Data[0] = 7;
56 } else if (strcmp(arch, "CS_ARCH_MIPS") == 0 && strcmp(mode, "CS_MODE_MIPS32+CS_MODE_BIG_ENDIAN") == 0) {
57 Data[0] = 8;
58 } else if (strcmp(arch, "CS_ARCH_MIPS") == 0 && strcmp(mode, "CS_MODE_MIPS32+CS_MODE_MICRO") == 0) {
59 Data[0] = 9;
60 } else if (strcmp(arch, "CS_ARCH_MIPS") == 0 && strcmp(mode, "CS_MODE_MIPS64") == 0) {
61 Data[0] = 10;
62 } else if (strcmp(arch, "CS_ARCH_MIPS") == 0 && strcmp(mode, "CS_MODE_MIPS32") == 0) {
63 Data[0] = 11;
64 } else if (strcmp(arch, "CS_ARCH_MIPS") == 0 && strcmp(mode, "CS_MODE_MIPS64+CS_MODE_BIG_ENDIAN") == 0) {
65 Data[0] = 12;
66 } else if (strcmp(arch, "CS_ARCH_MIPS") == 0 && strcmp(mode, "CS_MODE_MIPS32+CS_MODE_MICRO+CS_MODE_BIG_ENDIAN") == 0) {
67 Data[0] = 13;
68 } else if (strcmp(arch, "CS_ARCH_MIPS") == 0 && strcmp(mode, "CS_MODE_MIPS32+CS_MODE_BIG_ENDIAN+CS_MODE_MICRO") == 0) {
69 Data[0] = 13;
70 } else if (strcmp(arch, "CS_ARCH_PPC") == 0 && strcmp(mode, "CS_MODE_BIG_ENDIAN") == 0) {
71 Data[0] = 14;
72 } else if (strcmp(arch, "CS_ARCH_SPARC") == 0 && strcmp(mode, "CS_MODE_BIG_ENDIAN") == 0) {
73 Data[0] = 15;
74 } else if (strcmp(arch, "CS_ARCH_SPARC") == 0 && strcmp(mode, "CS_MODE_BIG_ENDIAN + CS_MODE_V9") == 0) {
75 Data[0] = 16;
76 } else if (strcmp(arch, "CS_ARCH_SYSZ") == 0 && strcmp(mode, "0") == 0) {
77 Data[0] = 17;
78 } else if (strcmp(arch, "CS_ARCH_XCORE") == 0 && strcmp(mode, "0") == 0) {
79 Data[0] = 18;
80 } else if (strcmp(arch, "CS_ARCH_MIPS") == 0 && strcmp(mode, "CS_MODE_MIPS32R6+CS_MODE_BIG_ENDIAN") == 0) {
81 Data[0] = 19;
82 } else if (strcmp(arch, "CS_ARCH_MIPS") == 0 && strcmp(mode, "CS_MODE_MIPS32R6+CS_MODE_MICRO+CS_MODE_BIG_ENDIAN") == 0) {
83 Data[0] = 20;
84 } else if (strcmp(arch, "CS_ARCH_MIPS") == 0 && strcmp(mode, "CS_MODE_MIPS32R6") == 0) {
85 Data[0] = 21;
86 } else if (strcmp(arch, "CS_ARCH_MIPS") == 0 && strcmp(mode, "CS_MODE_MIPS32R6+CS_MODE_MICRO") == 0) {
87 Data[0] = 22;
88 } else if (strcmp(arch, "CS_ARCH_M68K") == 0 && strcmp(mode, "0") == 0) {
89 Data[0] = 23;
90 } else if (strcmp(arch, "CS_ARCH_M680X") == 0 && strcmp(mode, "CS_MODE_M680X_6809") == 0) {
91 Data[0] = 24;
92 } else if (strcmp(arch, "CS_ARCH_EVM") == 0 && strcmp(mode, "0") == 0) {
93 Data[0] = 25;
94 } else {
95 printf("Unknown mode\n");
96 //fail instead of continue
97 return 1;
98 }
99 } else {
100 printf("No mode\n");
101 //fail instead of continue
102 return 1;
103 }
104
105 while(1) {
106 if (fgets(line, MAX_LINE_SIZE, fp) == NULL) {
107 break;
108 }
109 Size = 1;
110 // we start line at offset 0 and Data buffer at offset 1
111 // since Data[0] is option : arch + mode
112 while (sscanf(line+(Size-1)*5, "0x%02x", &value) == 1) {
113 Data[Size] = value;
114 Size++;
115 if (line[(Size-1)*5-1] != ',') {
116 //end of pattern
117 break;
118 } else if (MAX_LINE_SIZE < (Size-1)*5) {
119 printf("Line overflow\n");
120 return 1;
121 }
122 }
123 //lauch fuzzer
124 LLVMFuzzerTestOneInput(Data, Size);
125 }
126 fclose(fp);
127 }
128 return 0;
129 }
130
131