diff options
| author | Wladimir J. van der Laan <laanwj@gmail.com> | 2017-10-05 18:07:34 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2017-10-05 18:07:50 +0200 |
| commit | 9e8ef9d99179644ef55f2940bda94b9d65e1ec51 (patch) | |
| tree | 9a4e6c955852868c42e56fe16e408a640b4412d4 /src | |
| parent | becbd71b0c1691774c5fb513ad691196e4a71a58 (diff) | |
| parent | f3ba86973428d7442bf95713890be6185bc40dd0 (diff) | |
| download | bitcoin-9e8ef9d99179644ef55f2940bda94b9d65e1ec51.tar.xz | |
Merge #10440: [tests] Add libFuzzer support
f3ba869 [tests] Add libFuzzer support. (practicalswift)
Pull request description:
Add `libFuzzer` support.
As discussed in [issue #10364](https://github.com/bitcoin/bitcoin/issues/10364#issuecomment-300000902).
See http://llvm.org/docs/LibFuzzer.html#fuzzer-usage for usage instructions.
Tree-SHA512: 32562a3a43eb07e79989d55eeb0bfe94e2cff060da8ff0cb50c2f838ef19f2fd583a3dc89074a6442bd3e395185d309371325ed9a0ef50065431d5ea7f099772
Diffstat (limited to 'src')
| -rw-r--r-- | src/test/test_bitcoin_fuzzy.cpp | 50 |
1 files changed, 39 insertions, 11 deletions
diff --git a/src/test/test_bitcoin_fuzzy.cpp b/src/test/test_bitcoin_fuzzy.cpp index 50e4076d07..581ad2ffa0 100644 --- a/src/test/test_bitcoin_fuzzy.cpp +++ b/src/test/test_bitcoin_fuzzy.cpp @@ -48,8 +48,8 @@ enum TEST_ID { TEST_ID_END }; -bool read_stdin(std::vector<char> &data) { - char buffer[1024]; +bool read_stdin(std::vector<uint8_t> &data) { + uint8_t buffer[1024]; ssize_t length=0; while((length = read(STDIN_FILENO, buffer, 1024)) > 0) { data.insert(data.end(), buffer, buffer+length); @@ -59,11 +59,7 @@ bool read_stdin(std::vector<char> &data) { return length==0; } -int do_fuzz() -{ - std::vector<char> buffer; - if (!read_stdin(buffer)) return 0; - +int test_one_input(std::vector<uint8_t> buffer) { if (buffer.size() < sizeof(uint32_t)) return 0; uint32_t test_id = 0xffffffff; @@ -255,9 +251,32 @@ int do_fuzz() return 0; } +static std::unique_ptr<ECCVerifyHandle> globalVerifyHandle; +void initialize() { + globalVerifyHandle = std::unique_ptr<ECCVerifyHandle>(new ECCVerifyHandle()); +} + +// This function is used by libFuzzer +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + test_one_input(std::vector<uint8_t>(data, data + size)); + return 0; +} + +// This function is used by libFuzzer +extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) { + initialize(); + return 0; +} + +// Disabled under WIN32 due to clash with Cygwin's WinMain. +#ifndef WIN32 +// Declare main(...) "weak" to allow for libFuzzer linking. libFuzzer provides +// the main(...) function. +__attribute__((weak)) +#endif int main(int argc, char **argv) { - ECCVerifyHandle globalVerifyHandle; + initialize(); #ifdef __AFL_INIT // Enable AFL deferred forkserver mode. Requires compilation using // afl-clang-fast++. See fuzzing.md for details. @@ -267,11 +286,20 @@ int main(int argc, char **argv) #ifdef __AFL_LOOP // Enable AFL persistent mode. Requires compilation using afl-clang-fast++. // See fuzzing.md for details. + int ret = 0; while (__AFL_LOOP(1000)) { - do_fuzz(); + std::vector<uint8_t> buffer; + if (!read_stdin(buffer)) { + continue; + } + ret = test_one_input(buffer); } - return 0; + return ret; #else - return do_fuzz(); + std::vector<uint8_t> buffer; + if (!read_stdin(buffer)) { + return 0; + } + return test_one_input(buffer); #endif } |