Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improves binutils fuzz target (#3343) 

Support disassembly of testcases containing more than one
 insn
This commit is contained in:
Catena cyber 2020-02-06 16:44:52 +01:00 committed by GitHub
parent 1950826621
commit c15978c5d1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
projects/binutils/fuzz_disassemble.c
View File

@ -53,8 +53,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
struct disassemble_info disasm_info;
SFILE s;
if (Size < 10) {
if (Size < 10 || Size > 16394) {
// 10 bytes for options
// 16394 limit code to prevent timeouts
return 0;
}
@ -79,7 +80,16 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
disassembler_ftype disasfunc = disassembler(disasm_info.arch, 0, disasm_info.mach, NULL);
if (disasfunc != NULL) {
disassemble_init_for_target(&disasm_info);
disasfunc(0x1000, &disasm_info);
while (1) {
int octets = disasfunc(0x1000, &disasm_info);
if (octets < 0)
break;
if (disasm_info.buffer_length <= (size_t) octets)
break;
disasm_info.buffer += octets;
disasm_info.buffer_vma += octets / disasm_info.octets_per_byte;
disasm_info.buffer_length -= octets;
}
disassemble_free_target(&disasm_info);
}
}