diff --git a/lib/Fuzzer/FuzzerInterface.h b/lib/Fuzzer/FuzzerInterface.h index 48a5c1bf71e..30620e51396 100644 --- a/lib/Fuzzer/FuzzerInterface.h +++ b/lib/Fuzzer/FuzzerInterface.h @@ -70,9 +70,10 @@ int main(int argc, char **argv) { */ int FuzzerDriver(int argc, char **argv, UserCallback Callback); -// Same interface as LLVMFuzzerTestOneInput. +// Mutates raw data in [Data, Data+Size] inplace. +// Returns the new size, which is not greater than MaxSize. // Can be used inside the user-supplied LLVMFuzzerTestOneInput. -size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed); +size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize); } // namespace fuzzer diff --git a/lib/Fuzzer/FuzzerInternal.h b/lib/Fuzzer/FuzzerInternal.h index ded25da847d..466ef975fa2 100644 --- a/lib/Fuzzer/FuzzerInternal.h +++ b/lib/Fuzzer/FuzzerInternal.h @@ -322,6 +322,7 @@ public: // Merge Corpora[1:] into Corpora[0]. void Merge(const std::vector &Corpora); + MutationDispatcher &GetMD() { return MD; } private: void AlarmCallback(); diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp index 1c2c369e53d..ca9643892ba 100644 --- a/lib/Fuzzer/FuzzerLoop.cpp +++ b/lib/Fuzzer/FuzzerLoop.cpp @@ -60,6 +60,11 @@ static void MissingWeakApiFunction(const char *FnName) { // Only one Fuzzer per process. static Fuzzer *F; +size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize) { + assert(F); + return F->GetMD().Mutate(Data, Size, MaxSize); +} + Fuzzer::Fuzzer(UserCallback CB, MutationDispatcher &MD, FuzzingOptions Options) : CB(CB), MD(MD), Options(Options) { SetDeathCallback(); diff --git a/lib/Fuzzer/FuzzerMutate.cpp b/lib/Fuzzer/FuzzerMutate.cpp index b3442219b16..252955e13e3 100644 --- a/lib/Fuzzer/FuzzerMutate.cpp +++ b/lib/Fuzzer/FuzzerMutate.cpp @@ -34,12 +34,6 @@ MutationDispatcher::Mutator MutationDispatcher::Mutators[] = { "AddFromPersAutoDict"}, }; -size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed) { - Random R(Seed); - MutationDispatcher MD(R); - return MD.Mutate(Data, Size, MaxSize); -} - static char FlipRandomBit(char X, Random &Rand) { int Bit = Rand(8); char Mask = 1 << Bit; diff --git a/lib/Fuzzer/test/CustomMutatorTest.cpp b/lib/Fuzzer/test/CustomMutatorTest.cpp index 84077d7368d..ef4851e1bf6 100644 --- a/lib/Fuzzer/test/CustomMutatorTest.cpp +++ b/lib/Fuzzer/test/CustomMutatorTest.cpp @@ -7,11 +7,19 @@ #include "FuzzerInterface.h" +static volatile int Sink; + extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { assert(Data); - if (Size > 0 && Data[0] == 'F') { - std::cout << "BINGO; Found the target, exiting\n"; - exit(1); + if (Size > 0 && Data[0] == 'H') { + Sink = 1; + if (Size > 1 && Data[1] == 'i') { + Sink = 2; + if (Size > 2 && Data[2] == '!') { + std::cout << "BINGO; Found the target, exiting\n"; + exit(1); + } + } } return 0; } @@ -23,5 +31,5 @@ extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, std::cerr << "In LLVMFuzzerCustomMutator\n"; Printed = true; } - return fuzzer::Mutate(Data, Size, MaxSize, Seed); + return fuzzer::Mutate(Data, Size, MaxSize); }