mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2025-01-18 21:35:11 +01:00
Code Issues Projects Releases Wiki Activity

fuzz: add custom cross-over functions

Browse Source 
These can be used in custom mutators for libFuzzer targets.
This commit is contained in:
Matt Morehouse 2023-10-23 13:38:41 -05:00 committed by Rusty Russell
parent 58f16c2146
commit 38e31d6034
2 changed files with 69 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
tests/fuzz/libfuzz.c
View File

@ -3,6 +3,8 @@
#include <assert.h>
#include <ccan/isaac/isaac64.h>
#include <common/pseudorand.h>
#include <stdlib.h>
#include <string.h>
#include <tests/fuzz/libfuzz.h>
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
@ -53,3 +55,66 @@ char *to_string(const tal_t *ctx, const u8 *data, size_t data_size)
return string;
}
static size_t insert_part(const u8 *in1, size_t in1_size, const u8 *in2,
size_t in2_size, u8 *out, size_t max_out_size)
{
size_t max_insert_size;
size_t insert_begin;
size_t insert_size;
size_t in2_begin;
if (in1_size >= max_out_size)
return 0;
if (in1_size == 0 || in2_size == 0)
return 0;
max_insert_size = max_out_size - in1_size;
if (max_insert_size > in2_size)
max_insert_size = in2_size;
insert_begin = rand() % in1_size;
insert_size = (rand() % max_insert_size) + 1;
in2_begin = rand() % (in2_size - insert_size + 1);
memcpy(out, in1, insert_begin);
memcpy(out + insert_begin, in2 + in2_begin, insert_size);
memcpy(out + insert_begin + insert_size, in1 + insert_begin,
in1_size - insert_begin);
return in1_size + insert_size;
}
static size_t overwrite_part(const u8 *in1, size_t in1_size, const u8 *in2,
size_t in2_size, u8 *out, size_t max_out_size)
{
size_t overwrite_begin;
size_t overwrite_size;
size_t in2_begin;
if (in1_size > max_out_size)
return 0;
if (in1_size == 0)
return 0;
overwrite_begin = rand() % in1_size;
overwrite_size = (rand() % (in1_size - overwrite_begin)) + 1;
if (overwrite_size > in2_size)
overwrite_size = in2_size;
in2_begin = rand() % (in2_size - overwrite_size + 1);
memcpy(out, in1, in1_size);
memcpy(out + overwrite_begin, in2 + in2_begin, overwrite_size);
return in1_size;
}
size_t cross_over(const u8 *in1, size_t in1_size, const u8 *in2,
size_t in2_size, u8 *out, size_t max_out_size, unsigned seed)
{
srand(seed);
if (rand() % 2)
return insert_part(in1, in1_size, in2, in2_size, out,
max_out_size);
return overwrite_part(in1, in1_size, in2, in2_size, out, max_out_size);
}

4
tests/fuzz/libfuzz.h
View File

@ -21,4 +21,8 @@ const uint8_t **get_chunks(const void *ctx, const uint8_t *data,
/* Copy the data as a string. */
char *to_string(const tal_t *ctx, const u8 *data, size_t data_size);
/* Combine parts of in1 and in2 to generate a new output in out. */
size_t cross_over(const u8 *in1, size_t in1_size, const u8 *in2,
size_t in2_size, u8 *out, size_t max_out_size, unsigned seed);
#endif /* LIGHTNING_TESTS_FUZZ_LIBFUZZ_H */