1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <gc.h>
#include "wc.h"
#include "wtf.h"
char *get_null_terminated(const uint8_t *data, size_t size) {
char *new_str = (char *)malloc(size+1);
if (new_str == NULL){
exit(1);
}
memcpy(new_str, data, size);
new_str[size] = '\0';
return new_str;
}
static void *die_oom(size_t bytes) {
fprintf(stderr, "Out of memory: %lu bytes unavailable!\n", (unsigned long)bytes);
exit(1);
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size){
static int init_done = 0;
if (!init_done) {
GC_INIT();
#if (GC_VERSION_MAJOR>7) || ((GC_VERSION_MAJOR==7) && (GC_VERSION_MINOR>=2))
GC_set_oom_fn(die_oom);
#else
GC_oom_fn = die_oom;
#endif
#ifdef USE_M17N
#ifdef USE_UNICODE
wtf_init(WC_CES_UTF_8, WC_CES_UTF_8);
#else
wtf_init(WC_CES_EUC_JP, WC_CES_EUC_JP);
#endif
#endif
init_done = 1;
}
if (size < 30) {
return 0;
}
GC_disable();
char *new_str1 = get_null_terminated(data, 20);
data += 20; size -= 20;
char *new_str2 = get_null_terminated(data, size);
wc_ces old, from, to;
from = wc_guess_charset_short(new_str1,0);
to = wc_guess_charset_short(new_str2, 0);
char filename[256];
sprintf(filename, "/tmp/libfuzzer.%d", getpid());
FILE *fp = fopen(filename, "wb");
if (fp) {
fwrite(data, size, 1, fp);
fclose(fp);
}
FILE *f = fopen(filename, "r");
if (f) {
Str s = Strfgetall(f);
wc_Str_conv_with_detect(s, &from, from, to);
if (s != NULL) {
Strfree(s);
}
fclose(f);
}
unlink(filename);
free(new_str1);
free(new_str2);
GC_enable();
GC_gcollect();
return 0;
}
|
