-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathafl_decompress_driver.c
55 lines (45 loc) · 1.17 KB
/
afl_decompress_driver.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
/*
Decompression console driver for use with afl-fuzz (fast mode)
*/
#include <unistd.h>
#include <stdio.h>
#define LZW_EDDY_IMPLEMENTATION
#include "lzw.h"
/* this lets the source compile without afl-clang-fast/lto */
#ifndef __AFL_FUZZ_TESTCASE_LEN
ssize_t fuzz_len;
unsigned char fuzz_buf[1024000];
#define __AFL_FUZZ_TESTCASE_LEN fuzz_len
#define __AFL_FUZZ_TESTCASE_BUF fuzz_buf
#define __AFL_FUZZ_INIT() void sync(void);
#define __AFL_LOOP(x) \
((fuzz_len = read(0, fuzz_buf, sizeof(fuzz_buf))) > 0 ? 1 : 0)
#define __AFL_INIT() sync()
#endif
__AFL_FUZZ_INIT();
#ifdef __clang__
#pragma clang optimize off
#else
#pragma GCC optimize("O0")
#endif
int main(int argc, char *argv[]) {
struct lzw_state state;
uint8_t dest[2048];
uint8_t *input = __AFL_FUZZ_TESTCASE_BUF;
#ifdef __clang_major__
while (__AFL_LOOP(1000)) {
#endif
memset(&state, 0, sizeof(state));
ssize_t slen = __AFL_FUZZ_TESTCASE_LEN;
if (slen > 0) {
ssize_t res, written = 0;
while ((res = lzw_decompress(&state, input, slen, dest, sizeof(dest))) > 0) {
written += res;
}
printf("decompressed:%zd (res=%zd)\n", written, res);
}
#ifdef __clang_major__
}
#endif
return EXIT_SUCCESS;
}