• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /**file test-fuzzer-persistent.c
2  * from test-parse.c and test-mnote.c
3  *
4  * \brief Persistent AFL fuzzing binary (reaches 4 digits execs / second)
5  *
6  * Copyright (C) 2007 Hans Ulrich Niedermann <gp@n-dimensional.de>
7  * Copyright 2002 Lutz Mueller <lutz@users.sourceforge.net>
8  *
9  * This library is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU Lesser General Public
11  * License as published by the Free Software Foundation; either
12  * version 2 of the License, or (at your option) any later version.
13  *
14  * This library is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  * Lesser General Public License for more details.
18  *
19  * You should have received a copy of the GNU Lesser General Public
20  * License along with this library; if not, write to the
21  * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
22  * Boston, MA  02110-1301  USA.
23  *
24  */
25 
26 #include <string.h>
27 #include <unistd.h>
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <sys/stat.h>
31 
32 #include "libexif/exif-data.h"
33 #include "libexif/exif-loader.h"
34 #include "libexif/exif-system.h"
35 
36 __AFL_FUZZ_INIT();
37 
38 #undef USE_LOG
39 
40 #ifdef USE_LOG
41 static void
logfunc(ExifLog * log,ExifLogCode code,const char * domain,const char * format,va_list args,void * data)42 logfunc(ExifLog *log, ExifLogCode code, const char *domain, const char *format, va_list args, void *data)
43 {
44 	fprintf( stderr, "test-fuzzer: code=%d domain=%s ", code, domain);
45 	vfprintf (stderr, format, args);
46 	fprintf (stderr, "\n");
47 }
48 #endif
49 
50 /** Callback function handling an ExifEntry. */
51 void content_foreach_func(ExifEntry *entry, void *callback_data);
content_foreach_func(ExifEntry * entry,void * UNUSED (callback_data))52 void content_foreach_func(ExifEntry *entry, void *UNUSED(callback_data))
53 {
54 	char buf[2001];
55 
56 	/* ensure \0 */
57 	buf[sizeof(buf)-1] = 0;
58 	buf[sizeof(buf)-2] = 0;
59 	exif_tag_get_name(entry->tag);
60 	exif_format_get_name(entry->format);
61 	exif_entry_get_value(entry, buf, sizeof(buf)-1);
62 	if (buf[sizeof(buf)-2] != 0) abort();
63 }
64 
65 
66 /** Callback function handling an ExifContent (corresponds 1:1 to an IFD). */
67 void data_foreach_func(ExifContent *content, void *callback_data);
data_foreach_func(ExifContent * content,void * callback_data)68 void data_foreach_func(ExifContent *content, void *callback_data)
69 {
70 	printf("  Content %p: ifd=%d\n", (void *)content, exif_content_get_ifd(content));
71 	exif_content_foreach_entry(content, content_foreach_func, callback_data);
72 }
73 static int
test_exif_data(ExifData * d)74 test_exif_data (ExifData *d)
75 {
76 	unsigned int i, c;
77 	char v[1024];
78 	ExifMnoteData *md;
79 
80 	fprintf (stdout, "Byte order: %s\n",
81 		exif_byte_order_get_name (exif_data_get_byte_order (d)));
82 
83 	md = exif_data_get_mnote_data (d);
84 	if (!md) {
85 		fprintf (stderr, "Could not parse maker note!\n");
86 		return 1;
87 	}
88 
89 	exif_mnote_data_ref (md);
90 	exif_mnote_data_unref (md);
91 
92 	c = exif_mnote_data_count (md);
93 	for (i = 0; i < c; i++) {
94 		const char *name = exif_mnote_data_get_name (md, i);
95 		if (!name) continue;
96 		exif_mnote_data_get_name (md, i);
97 		exif_mnote_data_get_title (md, i);
98 		exif_mnote_data_get_description (md, i);
99 		exif_mnote_data_get_value (md, i, v, sizeof (v));
100 	}
101 
102 	return 0;
103 }
104 
105 /** Main program. */
main(const int argc,const char * argv[])106 int main(const int argc, const char *argv[])
107 {
108 	int		i;
109 	ExifData	*d;
110 	ExifLoader	*loader = exif_loader_new();
111 	unsigned int	xbuf_size;
112 	unsigned char	*xbuf;
113 	FILE		*f;
114 	struct		stat stbuf;
115 #ifdef USE_LOG
116 	ExifLog		*log = exif_log_new ();
117 
118 	exif_log_set_func(log, logfunc, NULL);
119 #endif
120 
121 #ifdef __AFL_HAVE_MANUAL_CONTROL
122 	__AFL_INIT();
123 #endif
124 
125 	unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF;  // must be after __AFL_INIT
126                                                  // and before __AFL_LOOP!
127 
128 	while (__AFL_LOOP(10000)) {
129 
130 		int len = __AFL_FUZZ_TESTCASE_LEN;  // don't use the macro directly in a call!
131 
132 		d = exif_data_new_from_data(buf, len);
133 
134 		/* try the exif loader */
135 	#ifdef USE_LOG
136 		exif_data_log (d, log);
137 	#endif
138 		exif_data_foreach_content(d, data_foreach_func, NULL);
139 		test_exif_data (d);
140 
141 		xbuf = NULL;
142 		exif_data_save_data (d, &xbuf, &xbuf_size);
143 		free (xbuf);
144 
145 		exif_data_set_byte_order(d, EXIF_BYTE_ORDER_INTEL);
146 
147 		xbuf = NULL;
148 		exif_data_save_data (d, &xbuf, &xbuf_size);
149 		free (xbuf);
150 
151 		exif_data_unref(d);
152 
153 #if 0
154 		/* try the exif data writer ... different than the loader */
155 
156 		exif_loader_write(loader, buf, len);
157 
158 		d = exif_loader_get_data(loader);
159 		exif_data_foreach_content(d, data_foreach_func, NULL);
160 		test_exif_data (d);
161 		exif_loader_unref(loader);
162 		exif_data_unref(d);
163 #endif
164 	}
165 	return 0;
166 }
167