1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* Interface implementation for the unified fuzzing interface
*/
#include "FuzzingInterface.h"
#include "nsNetUtil.h"
namespace mozilla {
#ifdef __AFL_COMPILER
void afl_interface_stream(const char* testFile, FuzzingTestFuncStream testFunc) {
nsresult rv;
nsCOMPtr<nsIProperties> dirService =
do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID);
MOZ_RELEASE_ASSERT(dirService != nullptr);
nsCOMPtr<nsIFile> file;
rv = dirService->Get(NS_OS_CURRENT_WORKING_DIR,
NS_GET_IID(nsIFile), getter_AddRefs(file));
MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
file->AppendNative(nsDependentCString(testFile));
while(__AFL_LOOP(1000)) {
nsCOMPtr<nsIInputStream> inputStream;
rv = NS_NewLocalFileInputStream(getter_AddRefs(inputStream), file);
MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
if (!NS_InputStreamIsBuffered(inputStream)) {
nsCOMPtr<nsIInputStream> bufStream;
rv = NS_NewBufferedInputStream(getter_AddRefs(bufStream),
inputStream, 1024);
MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
inputStream = bufStream;
}
testFunc(inputStream.forget());
}
}
void afl_interface_raw(const char* testFile, FuzzingTestFuncRaw testFunc) {
char* buf = NULL;
while(__AFL_LOOP(1000)) {
std::ifstream is;
is.open (testFile, std::ios::binary);
is.seekg (0, std::ios::end);
int len = is.tellg();
is.seekg (0, std::ios::beg);
MOZ_RELEASE_ASSERT(len >= 0);
if (!len) {
is.close();
continue;
}
buf = (char*)realloc(buf, len);
MOZ_RELEASE_ASSERT(buf);
is.read(buf,len);
is.close();
testFunc((uint8_t*)buf, (size_t)len);
}
free(buf);
}
#endif
} // namespace mozilla
|
