diff options
Diffstat (limited to 'tools')
-rw-r--r-- | tools/afl/Makefile | 13 | ||||
-rwxr-xr-x | tools/afl/demangler.sh | 27 | ||||
-rw-r--r-- | tools/afl/itanium.c | 69 |
3 files changed, 109 insertions, 0 deletions
diff --git a/tools/afl/Makefile b/tools/afl/Makefile new file mode 100644 index 0000000..4f684aa --- /dev/null +++ b/tools/afl/Makefile @@ -0,0 +1,13 @@ + +all: itanium + +itanium: itanium.c + afl-gcc -o $@ \ + `pkg-config --libs --cflags gtk+-3.0 glib-2.0 libxml-2.0` \ + -I../.. -I../../src \ + -Wl,-rpath,$(PWD)/../../src/.libs -L../../src/.libs -lchrysacore \ + -Wl,-rpath,$(PWD)/../../plugins/itanium/.libs -L../../plugins/itanium/.libs -litanium \ + $^ + +clean: + rm -f itanium *~ diff --git a/tools/afl/demangler.sh b/tools/afl/demangler.sh new file mode 100755 index 0000000..e82ccbf --- /dev/null +++ b/tools/afl/demangler.sh @@ -0,0 +1,27 @@ +#§/bin/sh + + +if [ "$#" -ne 1 ]; then + echo "Usage: $0 <type>" + exit +fi + +rm -rf testcase_dir findings_dir + +mkdir testcase_dir findings_dir + +n=0 + +for enc in $( cat ../../tests/mangling/$1.py | grep decode_routine | cut -d\' -f 2 ); +do + + echo -n $enc > testcase_dir/$( printf "%03d" $n ) + + n=$(( n + 1 )) + +done + + +#echo -n '_Z4makeI7FactoryiET_IT0_Ev' > testcase_dir/00 + +afl-fuzz -t 100 -m 4096 -i testcase_dir -o findings_dir -- ./$1 diff --git a/tools/afl/itanium.c b/tools/afl/itanium.c new file mode 100644 index 0000000..9e68078 --- /dev/null +++ b/tools/afl/itanium.c @@ -0,0 +1,69 @@ + +#include <malloc.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> + + +#include <common/io.h> +#include <plugins/itanium/demangler.h> + + + +/* Tampon d'entrée */ +static char _input_buffer[4096]; + + + +/****************************************************************************** +* * +* Paramètres : argc = nombre d'arguments dans la ligne de commande. * +* argv = arguments de la ligne de commande. * +* * +* Description : Point d'entrée du programme. * +* * +* Retour : EXIT_SUCCESS si le prgm s'est déroulé sans encombres. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int main(int argc, char **argv) +{ + int result; /* Bilan de l'exécution */ + ssize_t got; /* Quantité de données lues */ + GCompDemangler *demangler; /* Décodeur à solliciter */ + GBinRoutine *routine; /* Routine obtenue par décodage*/ + char *desc; /* Description finale obtenue */ + + result = EXIT_FAILURE; + + got = safe_read_partial(STDIN_FILENO, _input_buffer, sizeof(_input_buffer)); + if (got <= 0) goto exit; + + printf("input: %zd bytes ('%s')\n", got, _input_buffer); + + demangler = g_itanium_demangler_new(); + + routine = g_compiler_demangler_decode_routine(demangler, _input_buffer); + if (routine == NULL) goto demangling_exit; + + desc = g_binary_routine_to_string(routine, true); + + g_object_unref(G_OBJECT(routine)); + + printf("routine: %s\n", desc); + + free(desc); + + result = EXIT_SUCCESS; + + demangling_exit: + + g_object_unref(G_OBJECT(demangler)); + + exit: + + return result; + +} |