Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/contrib/bc/src/bc_fuzzer.c
39563 views
1
/*

2
 * *****************************************************************************

3
 *

4
 * SPDX-License-Identifier: BSD-2-Clause

5
 *

6
 * Copyright (c) 2018-2025 Gavin D. Howard and contributors.

7
 *

8
 * Redistribution and use in source and binary forms, with or without

9
 * modification, are permitted provided that the following conditions are met:

10
 *

11
 * * Redistributions of source code must retain the above copyright notice, this

12
 *   list of conditions and the following disclaimer.

13
 *

14
 * * Redistributions in binary form must reproduce the above copyright notice,

15
 *   this list of conditions and the following disclaimer in the documentation

16
 *   and/or other materials provided with the distribution.

17
 *

18
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

19
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

20
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

21
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE

22
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

23
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

24
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

25
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

26
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

27
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

28
 * POSSIBILITY OF SUCH DAMAGE.

29
 *

30
 * *****************************************************************************

31
 *

32
 * The entry point for libFuzzer when fuzzing bc.

33
 *

34
 */

35


36
#include <setjmp.h>

37
#include <string.h>

38


39
#include <status.h>

40
#include <ossfuzz.h>

41
#include <vm.h>

42
#include <bc.h>

43
#include <dc.h>

44


45
uint8_t* bc_fuzzer_data;

46


47
/// A boolean about whether we should use -c (false) or -C (true).

48
static bool bc_C;

49


50
int

51
LLVMFuzzerInitialize(int* argc, char*** argv)

52
{

53
	BC_UNUSED(argc);

54


55
	if (argv == NULL || *argv == NULL)

56
	{

57
		bc_C = false;

58
	}

59
	else

60
	{

61
		char* name;

62


63
		// Get the basename

64
		name = strrchr((*argv)[0], BC_FILE_SEP);

65
		name = name == NULL ? (*argv)[0] : name + 1;

66


67
		// Figure out which to use.

68
		bc_C = (strcmp(name, "bc_fuzzer_C") == 0);

69
	}

70


71
	return 0;

72
}

73


74
int

75
LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size)

76
{

77
	BcStatus s;

78


79
	// I've already tested empty input, so just ignore.

80
	if (Size == 0 || Data[0] == '\0') return 0;

81


82
	// Clear the global. This is to ensure a clean start.

83
	memset(vm, 0, sizeof(BcVm));

84


85
	// Make sure to set the name.

86
	vm->name = "bc";

87


88
	BC_SIG_LOCK;

89


90
	// We *must* do this here. Otherwise, other code could not jump out all of

91
	// the way.

92
	bc_vec_init(&vm->jmp_bufs, sizeof(sigjmp_buf), BC_DTOR_NONE);

93


94
	BC_SETJMP_LOCKED(vm, exit);

95


96
	// Create a string with the data.

97
	bc_fuzzer_data = bc_vm_malloc(Size + 1);

98
	memcpy(bc_fuzzer_data, Data, Size);

99
	bc_fuzzer_data[Size] = '\0';

100


101
	s = bc_main((int) (bc_fuzzer_args_len - 1),

102
	            bc_C ? bc_fuzzer_args_C : bc_fuzzer_args_c);

103


104
exit:

105


106
	BC_SIG_MAYLOCK;

107


108
	free(bc_fuzzer_data);

109


110
	return s == BC_STATUS_SUCCESS || s == BC_STATUS_QUIT ? 0 : -1;

111
}

112


113