| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 |
- // Copyright (C) 2019 Intel Corporation. All rights reserved.
- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
- #include "wasm_runtime_common.h"
- #include "wasm_export.h"
- #include "bh_read_file.h"
- #include <stdlib.h>
- #include <stdio.h>
- #include <errno.h>
- #include <string.h>
- #include <iostream>
- #include <vector>
- using namespace std;
- extern "C" WASMModuleCommon *
- wasm_runtime_load(uint8 *buf, uint32 size, char *error_buf,
- uint32 error_buf_size);
- extern "C" WASMModuleInstanceCommon *
- wasm_runtime_instantiate(WASMModuleCommon *module, uint32 stack_size,
- uint32 heap_size, char *error_buf,
- uint32 error_buf_size);
- extern "C" int
- LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
- {
- /* libfuzzer don't allow us to modify the given Data, so we copy the data
- * here */
- std::vector<uint8_t> myData(Data, Data + Size);
- /* init runtime environment */
- wasm_runtime_init();
- wasm_module_t module =
- wasm_runtime_load((uint8_t *)myData.data(), Size, nullptr, 0);
- if (module) {
- wasm_runtime_unload(module);
- }
- /* destroy runtime environment */
- wasm_runtime_destroy();
- return 0; /* Values other than 0 and -1 are reserved for future use. */
- }
- /* Forward-declare the libFuzzer's mutator callback. */
- extern "C" size_t
- LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize);
- /* The custom mutator: */
- #ifdef CUSTOM_MUTATOR
- extern "C" size_t
- LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, size_t MaxSize,
- unsigned int Seed)
- {
- if ((NULL != Data) && (Size > 10)) {
- int mutate_ret = -1;
- /* delete */
- if (access("./cur.wasm", 0) == 0) {
- remove("./cur.wasm");
- }
- /* 1.write data to cur.wasm */
- FILE *fwrite_fp = fopen("./cur.wasm", "wb");
- if (NULL == fwrite_fp) {
- printf("Faild to open cur.wasm file!\n");
- return 0;
- }
- fwrite(Data, sizeof(uint8_t), Size, fwrite_fp);
- fclose(fwrite_fp);
- fwrite_fp = NULL;
- /* 2.wasm-tools mutate modify cur.wasm */
- char cmd_tmp[150] = { 0 };
- /* clang-format off */
- const char *preserve_semantic = (Seed % 2) ? "--preserve-semantics" : "";
- sprintf(cmd_tmp, "wasm-tools mutate cur.wasm --seed %d -o modified.wasm %s > /dev/null 2>&1", Seed, preserve_semantic);
- /* clang-format on */
- mutate_ret = system(cmd_tmp);
- memset(cmd_tmp, 0, sizeof(cmd_tmp));
- if (mutate_ret != 0) {
- /* If source file not valid, use libfuzzer's own modifier */
- return LLVMFuzzerMutate(Data, Size, MaxSize);
- }
- /* 3.read modified file */
- int read_len = 0;
- int file_len = 0;
- int res = 0;
- uint8_t *buf = NULL;
- FILE *fread_fp = fopen("./modified.wasm", "rb");
- if (NULL == fread_fp) {
- printf("Faild to open modified.wasm file!\n");
- exit(0);
- }
- fseek(fread_fp, 0, SEEK_END); /* location to file end */
- file_len = ftell(fread_fp); /* get file size */
- buf = (uint8_t *)malloc(file_len);
- if (NULL != buf) {
- fseek(fread_fp, 0, SEEK_SET); /* location to file start */
- read_len = fread(buf, 1, file_len, fread_fp);
- if ((read_len == file_len) && (read_len < MaxSize)) {
- /* 4.fill Data buffer */
- memcpy(Data, buf, read_len);
- res = read_len;
- }
- else {
- res = 0;
- }
- }
- else {
- res = 0;
- }
- memset(buf, 0, file_len);
- free(buf);
- fclose(fread_fp);
- fread_fp = NULL;
- return res;
- }
- else {
- if (access("./modified.wasm", 0) == 0) {
- remove("./modified.wasm");
- }
- memset(Data, 0, Size);
- Size = 0;
- return 0;
- }
- }
- #endif // CUSTOM_MUTATOR
|
