From 44d340ef60d334ffeaf9d731fb8155c560305f78 Mon Sep 17 00:00:00 2001
From: Catena cyber <35799796+catenacyber@users.noreply.github.com>
Date: Wed, 18 Dec 2019 19:54:39 +0100
Subject: [PATCH] Adds a new target to binutils project (#3151)

---
 projects/binutils/Dockerfile |  2 +-
 projects/binutils/build.sh   |  9 ++++--
 projects/binutils/fuzz_bfd.c | 54 ++++++++++++++++++++++++++++++++++++
 3 files changed, 61 insertions(+), 4 deletions(-)
 create mode 100644 projects/binutils/fuzz_bfd.c

diff --git a/projects/binutils/Dockerfile b/projects/binutils/Dockerfile
index 288bd3fa9..9d0b59011 100644
--- a/projects/binutils/Dockerfile
+++ b/projects/binutils/Dockerfile
@@ -21,4 +21,4 @@ RUN apt-get update && apt-get install -y make
 RUN git clone --recursive --depth 1 git://sourceware.org/git/binutils-gdb.git binutils-gdb
 WORKDIR $SRC
 COPY build.sh $SRC/
-COPY fuzz_disassemble.c $SRC/
+COPY fuzz_*.c $SRC/
diff --git a/projects/binutils/build.sh b/projects/binutils/build.sh
index 99740e1bf..c5476fda5 100755
--- a/projects/binutils/build.sh
+++ b/projects/binutils/build.sh
@@ -20,9 +20,12 @@ cd binutils-gdb
 ./configure --disable-gdb --enable-targets=all
 make MAKEINFO=true && true
 mkdir fuzz
-cp ../fuzz_disassemble.c fuzz/
+cp ../fuzz_*.c fuzz/
 
-$CC $CFLAGS -I include -I bfd -I opcodes -c fuzz/fuzz_disassemble.c -o fuzz/fuzz_disassemble.o
-$CXX $CXXFLAGS fuzz/fuzz_disassemble.o -o $OUT/fuzz_disassemble -lFuzzingEngine opcodes/libopcodes.a bfd/libbfd.a libiberty/libiberty.a zlib/libz.a
+cd fuzz
+ls fuzz_*.c | cut -d. -f1 | while read i; do
+    $CC $CFLAGS -I ../include -I ../bfd -I ../opcodes -c $i.c -o $i.o
+    $CXX $CXXFLAGS $i.o -o $OUT/$i $LIB_FUZZING_ENGINE ../opcodes/libopcodes.a ../bfd/libbfd.a ../libiberty/libiberty.a ../zlib/libz.a
+done
 
 # TODO build corpuses
diff --git a/projects/binutils/fuzz_bfd.c b/projects/binutils/fuzz_bfd.c
new file mode 100644
index 000000000..0afe728c0
--- /dev/null
+++ b/projects/binutils/fuzz_bfd.c
@@ -0,0 +1,54 @@
+#include "sysdep.h"
+#include "bfd.h"
+
+#include <stdint.h>
+#include <stdio.h>
+
+
+static int bufferToFile(const char * name, const uint8_t *Data, size_t Size) {
+    FILE * fd;
+    if (remove(name) != 0) {
+        if (errno != ENOENT) {
+            printf("failed remove, errno=%d\n", errno);
+            return -1;
+        }
+    }
+    fd = fopen(name, "wb");
+    if (fd == NULL) {
+        printf("failed open, errno=%d\n", errno);
+        return -2;
+    }
+    if (fwrite (Data, 1, Size, fd) != Size) {
+        fclose(fd);
+        return -3;
+    }
+    fclose(fd);
+    return 0;
+}
+
+static int initialized = 0;
+//TODO? part of fuzzing
+char *target = NULL;
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+    if (initialized == 0) {
+        if (bfd_init () != BFD_INIT_MAGIC) {
+            abort();
+        }
+        initialized = 1;
+    }
+
+    if (bufferToFile("/tmp/fuzz.bfd", Data, Size) < 0) {
+        abort();
+    }
+    bfd *file = bfd_openr ("/tmp/fuzz.bfd", target);
+    if (file == NULL)
+    {
+        return 0;
+    }
+    bfd_check_format (file, bfd_archive);
+    //TODO loop over subfiles and more processing
+    bfd_close (file);
+
+    return 0;
+}