From 16a79bfbbc95a40f78eebf42b82599f937995f84 Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Thu, 17 Dec 2020 17:25:01 +0100
Subject: [PATCH] first attempts

---
 fuzzers/libfuzzer/Cargo.toml |  1 +
 fuzzers/libfuzzer/compiler   |  2 +-
 fuzzers/libfuzzer/src/lib.rs | 70 +++++++++++++++++++++++++++++++++++-
 fuzzers/libfuzzer/test.sh    | 13 +++----
 4 files changed, 78 insertions(+), 8 deletions(-)

diff --git a/fuzzers/libfuzzer/Cargo.toml b/fuzzers/libfuzzer/Cargo.toml
index f31f776145..f8af052585 100644
--- a/fuzzers/libfuzzer/Cargo.toml
+++ b/fuzzers/libfuzzer/Cargo.toml
@@ -17,6 +17,7 @@ opt-level = 3
 debug = true
 
 [dependencies]
+clap = "2.32.0"
 afl = { path = "../../afl/" }
 
 [lib]
diff --git a/fuzzers/libfuzzer/compiler b/fuzzers/libfuzzer/compiler
index 056a86af34..7e02ba7964 100755
--- a/fuzzers/libfuzzer/compiler
+++ b/fuzzers/libfuzzer/compiler
@@ -53,7 +53,7 @@ def ld_mode():
     args += sys.argv[1:]
     args += [
       os.path.join(script_dir, "runtime", "rt.o"),
-      os.path.join(script_dir, "target", "release", "liblibfuzzer.a"),
+      os.path.join(script_dir, "target", "debug", "liblibfuzzer.a"),
     ]
     
     args += ["-fsanitize-coverage=trace-pc-guard,trace-cmp"]
diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs
index 38a985038e..e1eac82781 100644
--- a/fuzzers/libfuzzer/src/lib.rs
+++ b/fuzzers/libfuzzer/src/lib.rs
@@ -1,7 +1,12 @@
 #![cfg_attr(not(feature = "std"), no_std)]
 
+#[macro_use]
+extern crate clap;
 extern crate alloc;
 
+use clap::{App, Arg};
+use std::env;
+
 use afl::corpus::InMemoryCorpus;
 use afl::engines::Engine;
 use afl::engines::Fuzzer;
@@ -23,6 +28,9 @@ extern "C" {
     /// int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     fn LLVMFuzzerTestOneInput(data: *const u8, size: usize) -> i32;
 
+    /// int LLVMFuzzerInitialize(int argc, char **argv)
+    fn LLVMFuzzerInitialize(argc: u32, argv: *const *const u8) -> i32;
+
     static __lafl_edges_map: *mut u8;
     static __lafl_cmp_map: *mut u8;
     static __lafl_max_edges_size: u32;
@@ -39,8 +47,68 @@ const NAME_COV_MAP: &str = "cov_map";
 
 #[no_mangle]
 pub extern "C" fn afl_libfuzzer_main() {
-    let mut rand = StdRand::new(0);
+    let matches = App::new("libAFLrs fuzzer harness")
+        .about("libAFLrs fuzzer harness help options.")
+        .arg(
+            Arg::with_name("dictionary")
+                .short("x")
+                .value_name("DICTIONARY")
+                .takes_value(true)
+                .multiple(true)
+                .help("Dictionary file to use, can be specified multiple times."),
+        )
+        .arg(
+            Arg::with_name("statstime")
+                .short("T")
+                .value_name("STATSTIME")
+                .takes_value(true)
+                .help("How often to print statistics in seconds [default: 5, disable: 0]"),
+        )
+        .arg(Arg::with_name("workdir")
+                               .help("Where to write the corpus, also reads the data on start. If more than one is supplied the first will be the work directory, all others will just be initially read from.")
+                                .multiple(true)
+                                .value_name("WORKDIR")
+                               )
+        .get_matches();
 
+    let statstime = value_t!(matches, "statstime", u32).unwrap_or(5);
+
+    let workdir = if matches.is_present("workdir") {
+        matches.value_of("workdir").unwrap().to_string()
+    } else {
+        env::current_dir().unwrap().to_string_lossy().to_string()
+    };
+
+    let mut dictionary: Option<Vec<String>> = None;
+
+    if matches.is_present("dictionary") {
+        dictionary = Some(values_t!(matches, "dictionary", String).unwrap_or_else(|e| e.exit()));
+    }
+
+    let mut input: Option<Vec<String>> = None;
+    if matches.is_present("workdir") {
+        input = Some(values_t!(matches, "workdir", String).unwrap_or_else(|e| e.exit()));
+    }
+
+    // debug prints
+
+    println!("workdir: {}", workdir);
+
+    if dictionary != None {
+        for file in dictionary.unwrap() {
+            println!("dic: {}", file);
+        }
+    }
+
+    if input != None {
+        for indir in input.unwrap() {
+            println!("in: {}", indir);
+        }
+    }
+    
+    // original code
+
+    let mut rand = StdRand::new(0);
     let mut corpus = InMemoryCorpus::new();
     let mut generator = RandPrintablesGenerator::new(32);
 
diff --git a/fuzzers/libfuzzer/test.sh b/fuzzers/libfuzzer/test.sh
index f88f80aefa..335a282190 100755
--- a/fuzzers/libfuzzer/test.sh
+++ b/fuzzers/libfuzzer/test.sh
@@ -1,11 +1,12 @@
 #!/bin/sh
 
-cargo build --release
-make -C runtime
+cargo build || exit 1
+make -C runtime || exit 1
 
-./compiler -flto=thin -c test/test.c -o test_fuzz.o
-./compiler -flto=thin -fuse-ld=lld test_fuzz.o -o test_fuzz.elf
+rm -f test_fuzz.elf test_fuzz.o
+./compiler -flto=thin -c test/test.c -o test_fuzz.o || exit 1
+./compiler -flto=thin test_fuzz.o -o test_fuzz.elf || exit 1
+
+RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b  foo bar
 
-RUST_BACKTRACE=1 ./test_fuzz.elf
 
-#rm ./test_fuzz.elf