summaryrefslogtreecommitdiff
path: root/tools/afl
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2018-07-02 22:46:14 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2018-07-02 22:46:14 (GMT)
commit8dc83465a6ca2d5b94b983b39f6c06d37e4126a0 (patch)
treeb5594fe7cd0d9e9a9269eaa3454412da2bd9dd5a /tools/afl
parentde2cb8e2fad4a3031d7b7c2cb189a6dbdaf8d5a9 (diff)
Improved the Itanium C++ demangling.
Diffstat (limited to 'tools/afl')
-rw-r--r--tools/afl/Makefile13
-rwxr-xr-xtools/afl/demangler.sh27
-rw-r--r--tools/afl/itanium.c69
3 files changed, 109 insertions, 0 deletions
diff --git a/tools/afl/Makefile b/tools/afl/Makefile
new file mode 100644
index 0000000..4f684aa
--- /dev/null
+++ b/tools/afl/Makefile
@@ -0,0 +1,13 @@
+
+all: itanium
+
+itanium: itanium.c
+ afl-gcc -o $@ \
+ `pkg-config --libs --cflags gtk+-3.0 glib-2.0 libxml-2.0` \
+ -I../.. -I../../src \
+ -Wl,-rpath,$(PWD)/../../src/.libs -L../../src/.libs -lchrysacore \
+ -Wl,-rpath,$(PWD)/../../plugins/itanium/.libs -L../../plugins/itanium/.libs -litanium \
+ $^
+
+clean:
+ rm -f itanium *~
diff --git a/tools/afl/demangler.sh b/tools/afl/demangler.sh
new file mode 100755
index 0000000..e82ccbf
--- /dev/null
+++ b/tools/afl/demangler.sh
@@ -0,0 +1,27 @@
+#§/bin/sh
+
+
+if [ "$#" -ne 1 ]; then
+ echo "Usage: $0 <type>"
+ exit
+fi
+
+rm -rf testcase_dir findings_dir
+
+mkdir testcase_dir findings_dir
+
+n=0
+
+for enc in $( cat ../../tests/mangling/$1.py | grep decode_routine | cut -d\' -f 2 );
+do
+
+ echo -n $enc > testcase_dir/$( printf "%03d" $n )
+
+ n=$(( n + 1 ))
+
+done
+
+
+#echo -n '_Z4makeI7FactoryiET_IT0_Ev' > testcase_dir/00
+
+afl-fuzz -t 100 -m 4096 -i testcase_dir -o findings_dir -- ./$1
diff --git a/tools/afl/itanium.c b/tools/afl/itanium.c
new file mode 100644
index 0000000..9e68078
--- /dev/null
+++ b/tools/afl/itanium.c
@@ -0,0 +1,69 @@
+
+#include <malloc.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+
+#include <common/io.h>
+#include <plugins/itanium/demangler.h>
+
+
+
+/* Tampon d'entrée */
+static char _input_buffer[4096];
+
+
+
+/******************************************************************************
+* *
+* Paramètres : argc = nombre d'arguments dans la ligne de commande. *
+* argv = arguments de la ligne de commande. *
+* *
+* Description : Point d'entrée du programme. *
+* *
+* Retour : EXIT_SUCCESS si le prgm s'est déroulé sans encombres. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+int main(int argc, char **argv)
+{
+ int result; /* Bilan de l'exécution */
+ ssize_t got; /* Quantité de données lues */
+ GCompDemangler *demangler; /* Décodeur à solliciter */
+ GBinRoutine *routine; /* Routine obtenue par décodage*/
+ char *desc; /* Description finale obtenue */
+
+ result = EXIT_FAILURE;
+
+ got = safe_read_partial(STDIN_FILENO, _input_buffer, sizeof(_input_buffer));
+ if (got <= 0) goto exit;
+
+ printf("input: %zd bytes ('%s')\n", got, _input_buffer);
+
+ demangler = g_itanium_demangler_new();
+
+ routine = g_compiler_demangler_decode_routine(demangler, _input_buffer);
+ if (routine == NULL) goto demangling_exit;
+
+ desc = g_binary_routine_to_string(routine, true);
+
+ g_object_unref(G_OBJECT(routine));
+
+ printf("routine: %s\n", desc);
+
+ free(desc);
+
+ result = EXIT_SUCCESS;
+
+ demangling_exit:
+
+ g_object_unref(G_OBJECT(demangler));
+
+ exit:
+
+ return result;
+
+}