corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
80b1443c29c901b4f15e3c9d39a1f86d2e6a6cc0
tubestation/tools/fuzzing/interface/FuzzingInterface.h
Christian Holler da96299906 Bug 1431090 - Prepare tools/fuzzing/ to be used with JS_STANDALONE. r=froydnj 
This patch adjusts tools/fuzzing/ in such a way that the relevant parts can be
reused in the JS engine. Changes in detail include:

* Various JS_STANDALONE checks to exclude parts that cannot be included in
  those builds.

* Turn LibFuzzerRegistry and LibFuzzerRunner into generic FuzzerRegistry and
  FuzzerRunner classes and use them for AFL as well. Previously, AFL was
  piggy-backing on gtests which was kind of an ugly solution anyway (besides
  that it can't work in JS). Now more code like registry and harness is
  shared between the two and they follow almost the same call paths and entry
  points. AFL macros in FuzzingInterface have been rewritten accordingly.
  This also required name changes in various places. Furthermore, this unifies
  the way, the fuzzing target is selected, using the FUZZER environment
  variable rather than LIBFUZZER (using LIBFUZZER in browser builds will give
  you a deprecation warning because I know some people are using this already
  and need time to switch). Previously, AFL target had to be selected using
  GTEST_FILTER, so this is also much better now.

* I had to split up FuzzingInterface* such that the STREAM parts are in a
  separate set of files FuzzingInterfaceStream* because they use nsStringStream
  which is not allowed to be included into the JS engine even in a full browser
  build (error: "Using XPCOM strings is limited to code linked into libxul.").
  I also had to pull FuzzingInterface.cpp (the RAW part only) into the header
  and make it static because otherwise, would have to make not only separate
  files but also separate libraries to statically link to the JS engine, which
  seemed overkill for a single small function. The streaming equivalent of the
  function is still in a cpp file.

* LibFuzzerRegister functions are now unique by appending the module name to
  avoid redefinition errors.

MozReview-Commit-ID: 44zWCdglnHr
2018-01-17 15:20:35 +01:00

92 lines
3.5 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* Interface definitions for the unified fuzzing interface
*/
#ifndef FuzzingInterface_h__
#define FuzzingInterface_h__
#include <fstream>
#include "FuzzerRegistry.h"
#include "mozilla/Assertions.h"
namespace mozilla {
typedef int(*FuzzingTestFuncRaw)(const uint8_t*, size_t);
#ifdef __AFL_COMPILER
static int afl_interface_raw(const char* testFile, FuzzingTestFuncRaw testFunc) {
char* buf = NULL;
while(__AFL_LOOP(1000)) {
std::ifstream is;
is.open (testFile, std::ios::binary);
is.seekg (0, std::ios::end);
int len = is.tellg();
is.seekg (0, std::ios::beg);
MOZ_RELEASE_ASSERT(len >= 0);
if (!len) {
is.close();
continue;
}
buf = (char*)realloc(buf, len);
MOZ_RELEASE_ASSERT(buf);
is.read(buf,len);
is.close();
testFunc((uint8_t*)buf, (size_t)len);
}
free(buf);
return 0;
}
#define MOZ_AFL_INTERFACE_COMMON() \
char* testFilePtr = getenv("MOZ_FUZZ_TESTFILE"); \
if (!testFilePtr) { \
fprintf(stderr, "Must specify testfile in MOZ_FUZZ_TESTFILE environment variable.\n"); \
return 1; \
} \
/* Make a copy of testFilePtr so the testing function can safely call getenv */ \
std::string testFile(testFilePtr);
#define MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName) \
static int afl_fuzz_##moduleName(const uint8_t *data, size_t size) { \
MOZ_RELEASE_ASSERT(data == NULL && size == 0); \
MOZ_AFL_INTERFACE_COMMON(); \
return ::mozilla::afl_interface_raw(testFile.c_str(), testFunc); \
} \
static void __attribute__ ((constructor)) AFLRegister##moduleName() { \
::mozilla::FuzzerRegistry::getInstance().registerModule( \
#moduleName, initFunc, afl_fuzz_##moduleName \
); \
}
#else
#define MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName) /* Nothing */
#endif // __AFL_COMPILER
#ifdef LIBFUZZER
#define MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName) \
static void __attribute__ ((constructor)) LibFuzzerRegister##moduleName() { \
::mozilla::FuzzerRegistry::getInstance().registerModule( \
#moduleName, initFunc, testFunc \
); \
}
#else
#define MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName) /* Nothing */
#endif
#define MOZ_FUZZING_INTERFACE_RAW(initFunc, testFunc, moduleName) \
MOZ_LIBFUZZER_INTERFACE_RAW(initFunc, testFunc, moduleName); \
MOZ_AFL_INTERFACE_RAW(initFunc, testFunc, moduleName);
} // namespace mozilla
#endif // FuzzingInterface_h__
Reference in New Issue View Git Blame Copy Permalink