fuzzzzz

2020-11-20 15:23:43 +01:00 · 2020-11-20 15:23:43 +01:00 · 6c7615a7b9
commit 6c7615a7b9
parent a88f3d6dd2
2 changed files with 12 additions and 17 deletions
--- a/fuzzers/libfuzzer/src/lib.rs
+++ b/fuzzers/libfuzzer/src/lib.rs
@ -61,6 +61,7 @@ pub extern "C" fn afl_libfuzzer_main() {
    //

    for i in 0..1000 {
+        println!("Fuzzer corpus iteration #{}", i);
        engine
            .fuzz_one(&mut state)
            .expect(&format!("Error in iter {}", i));
--- a/fuzzers/libfuzzer/test/test.c
+++ b/fuzzers/libfuzzer/test/test.c
@ -1,37 +1,31 @@
 #include <stdio.h>
 #include <stdint.h>

-// gcc -shared -o libdemo.so demo-so.c -w
-int target_func(char *buf, int size) {
+int target_func(const uint8_t *buf, size_t size) {
+
+  printf("BUF (%ld): ", size);
+  for (int i = 0; i < size; i++) {
+      printf("%02X", buf[i]);
+  }
+  printf("\n");
  
-  printf("buffer:%p, size:%p\n", buf, size);
  switch (buf[0]) {

    case 1:
-      puts("222");
-      if (buf[1] == '\x44') {
-
-        puts("null ptr deference");
-        *(char *)(0) = 1;
-
+      if (buf[1] == 0x44) {
+        __builtin_trap();
      }

      break;
    case 0xff:
-      if (buf[2] == '\xff') {
-
-        if (buf[1] == '\x44') {
-
-          puts("crash....");
+      if (buf[2] == 0xff) {
+        if (buf[1] == 0x44) {
          *(char *)(0xdeadbeef) = 1;
-
        }
-
      }

      break;
    default:
-      puts("default action");
      break;

  }