• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /**file test-fuzzer-persistent.c
2  * from test-parse.c and test-mnote.c
3  *
4  * \brief Persistent AFL fuzzing binary (reaches 4 digits execs / second)
5  *
6  * Copyright (C) 2007 Hans Ulrich Niedermann <gp@n-dimensional.de>
7  * Copyright 2002 Lutz Mueller <lutz@users.sourceforge.net>
8  *
9  * This library is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU Lesser General Public
11  * License as published by the Free Software Foundation; either
12  * version 2 of the License, or (at your option) any later version.
13  *
14  * This library is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  * Lesser General Public License for more details.
18  *
19  * You should have received a copy of the GNU Lesser General Public
20  * License along with this library; if not, write to the
21  * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
22  * Boston, MA  02110-1301  USA.
23  *
24  * SPDX-License-Identifier: LGPL-2.0-or-later
25  */
26 
27 #include <string.h>
28 #include <unistd.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <sys/stat.h>
32 
33 #include "libexif/exif-data.h"
34 #include "libexif/exif-loader.h"
35 #include "libexif/exif-system.h"
36 
37 __AFL_FUZZ_INIT();
38 
39 #undef USE_LOG
40 
41 #ifdef USE_LOG
42 static void
logfunc(ExifLog * log,ExifLogCode code,const char * domain,const char * format,va_list args,void * data)43 logfunc(ExifLog *log, ExifLogCode code, const char *domain, const char *format, va_list args, void *data)
44 {
45 	fprintf( stderr, "test-fuzzer: code=%d domain=%s ", code, domain);
46 	vfprintf (stderr, format, args);
47 	fprintf (stderr, "\n");
48 }
49 #endif
50 
51 /** Callback function handling an ExifEntry. */
52 void content_foreach_func(ExifEntry *entry, void *callback_data);
content_foreach_func(ExifEntry * entry,void * UNUSED (callback_data))53 void content_foreach_func(ExifEntry *entry, void *UNUSED(callback_data))
54 {
55 	char buf[2001];
56 
57 	/* ensure \0 */
58 	buf[sizeof(buf)-1] = 0;
59 	buf[sizeof(buf)-2] = 0;
60 	exif_tag_get_name(entry->tag);
61 	exif_format_get_name(entry->format);
62 	exif_entry_get_value(entry, buf, sizeof(buf)-1);
63 	if (buf[sizeof(buf)-2] != 0) abort();
64 }
65 
66 
67 /** Callback function handling an ExifContent (corresponds 1:1 to an IFD). */
68 void data_foreach_func(ExifContent *content, void *callback_data);
data_foreach_func(ExifContent * content,void * callback_data)69 void data_foreach_func(ExifContent *content, void *callback_data)
70 {
71 	printf("  Content %p: ifd=%d\n", (void *)content, exif_content_get_ifd(content));
72 	exif_content_foreach_entry(content, content_foreach_func, callback_data);
73 }
74 static int
test_exif_data(ExifData * d)75 test_exif_data (ExifData *d)
76 {
77 	unsigned int i, c;
78 	char v[1024];
79 	ExifMnoteData *md;
80 
81 	fprintf (stdout, "Byte order: %s\n",
82 		exif_byte_order_get_name (exif_data_get_byte_order (d)));
83 
84 	md = exif_data_get_mnote_data (d);
85 	if (!md) {
86 		fprintf (stderr, "Could not parse maker note!\n");
87 		return 1;
88 	}
89 
90 	exif_mnote_data_ref (md);
91 	exif_mnote_data_unref (md);
92 
93 	c = exif_mnote_data_count (md);
94 	for (i = 0; i < c; i++) {
95 		const char *name = exif_mnote_data_get_name (md, i);
96 		if (!name) continue;
97 		exif_mnote_data_get_name (md, i);
98 		exif_mnote_data_get_title (md, i);
99 		exif_mnote_data_get_description (md, i);
100 		exif_mnote_data_get_value (md, i, v, sizeof (v));
101 	}
102 
103 	return 0;
104 }
105 
106 /** Main program. */
main(const int argc,const char * argv[])107 int main(const int argc, const char *argv[])
108 {
109 	int		i;
110 	ExifData	*d;
111 	ExifLoader	*loader = exif_loader_new();
112 	unsigned int	xbuf_size;
113 	unsigned char	*xbuf;
114 	FILE		*f;
115 	struct		stat stbuf;
116 #ifdef USE_LOG
117 	ExifLog		*log = exif_log_new ();
118 
119 	exif_log_set_func(log, logfunc, NULL);
120 #endif
121 
122 #ifdef __AFL_HAVE_MANUAL_CONTROL
123 	__AFL_INIT();
124 #endif
125 
126 	unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF;  // must be after __AFL_INIT
127                                                  // and before __AFL_LOOP!
128 
129 	while (__AFL_LOOP(10000)) {
130 
131 		int len = __AFL_FUZZ_TESTCASE_LEN;  // don't use the macro directly in a call!
132 
133 		d = exif_data_new_from_data(buf, len);
134 
135 		/* try the exif loader */
136 	#ifdef USE_LOG
137 		exif_data_log (d, log);
138 	#endif
139 		exif_data_foreach_content(d, data_foreach_func, NULL);
140 		test_exif_data (d);
141 
142 		xbuf = NULL;
143 		exif_data_save_data (d, &xbuf, &xbuf_size);
144 		free (xbuf);
145 
146 		exif_data_set_byte_order(d, EXIF_BYTE_ORDER_INTEL);
147 
148 		xbuf = NULL;
149 		exif_data_save_data (d, &xbuf, &xbuf_size);
150 		free (xbuf);
151 
152 		exif_data_unref(d);
153 
154 #if 0
155 		/* try the exif data writer ... different than the loader */
156 
157 		exif_loader_write(loader, buf, len);
158 
159 		d = exif_loader_get_data(loader);
160 		exif_data_foreach_content(d, data_foreach_func, NULL);
161 		test_exif_data (d);
162 		exif_loader_unref(loader);
163 		exif_data_unref(d);
164 #endif
165 	}
166 	return 0;
167 }
168