2021-10-23 19:25:44 +00:00
|
|
|
/* Copyright 2021 Google LLC
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
|
limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We convert as.c into a header file to make convenient for fuzzing.
|
|
|
|
|
* We do this for several of the binutils applications when creating
|
|
|
|
|
* the binutils fuzzers.
|
|
|
|
|
*/
|
|
|
|
|
#include <fuzz_as.h>
|
|
|
|
|
|
2023-03-01 22:02:01 +00:00
|
|
|
/* Don't allow cleanups. libiberty's function of the same name adds
|
|
|
|
|
cleanups to a list without any means of clearing the list. The
|
|
|
|
|
list must be clear at the start if LLVMFuzzerTestOneInput is to run
|
|
|
|
|
more than once, otherwise we will get multiple copies of the same
|
|
|
|
|
cleanup on the list which leads to double frees if xexit is called.
|
|
|
|
|
Also a cleanup from the first run can result in use-after-free
|
|
|
|
|
errors when as_fatal is hit as in issue 56429. */
|
|
|
|
|
int
|
|
|
|
|
xatexit (void (*fn) (void) ATTRIBUTE_UNUSED)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-23 19:25:44 +00:00
|
|
|
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
|
|
|
|
|
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
|
|
|
char filename[256];
|
|
|
|
|
sprintf(filename, "/tmp/libfuzzer-%d.s", getpid());
|
|
|
|
|
FILE *fp = fopen(filename, "wb");
|
|
|
|
|
if (!fp) {
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
fwrite(data, size, 1, fp);
|
|
|
|
|
fclose(fp);
|
|
|
|
|
|
|
|
|
|
reg_section = NULL;
|
|
|
|
|
|
2023-02-27 05:54:21 +00:00
|
|
|
char *fakeArgv[3];
|
2023-01-11 09:52:31 +00:00
|
|
|
fakeArgv[0] = "fuzz_as";
|
2021-10-23 19:25:44 +00:00
|
|
|
fakeArgv[1] = filename; // Assemble our fake source file.
|
|
|
|
|
fakeArgv[2] = NULL;
|
|
|
|
|
|
2023-02-27 05:54:21 +00:00
|
|
|
int argc = 2;
|
|
|
|
|
char **argv = fakeArgv;
|
|
|
|
|
gas_early_init (&argc, &argv);
|
2021-10-23 19:25:44 +00:00
|
|
|
|
2023-02-20 09:39:24 +00:00
|
|
|
out_file_name = "/tmp/tmp-out";
|
2022-03-19 19:19:31 +00:00
|
|
|
|
2023-02-20 09:39:24 +00:00
|
|
|
gas_init ();
|
2021-10-23 19:25:44 +00:00
|
|
|
|
|
|
|
|
// Main fuzzer target. Assemble our random data.
|
2023-02-27 05:54:21 +00:00
|
|
|
perform_an_assembly_pass (argc, argv);
|
2021-10-23 19:25:44 +00:00
|
|
|
|
|
|
|
|
// Cleanup
|
|
|
|
|
cond_finish_check (-1);
|
2023-01-11 09:52:31 +00:00
|
|
|
codeview_finish ();
|
2021-10-23 19:25:44 +00:00
|
|
|
dwarf2_finish ();
|
|
|
|
|
cfi_finish ();
|
|
|
|
|
input_scrub_end ();
|
|
|
|
|
|
2023-01-11 09:52:31 +00:00
|
|
|
keep_it = 0;
|
|
|
|
|
output_file_close ();
|
|
|
|
|
free_notes ();
|
2021-10-23 19:25:44 +00:00
|
|
|
unlink(filename);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
