1b8bc0d8aSopenharmony_ci/**file test-fuzzer-persistent.c 2b8bc0d8aSopenharmony_ci * from test-parse.c and test-mnote.c 3b8bc0d8aSopenharmony_ci * 4b8bc0d8aSopenharmony_ci * \brief Persistent AFL fuzzing binary (reaches 4 digits execs / second) 5b8bc0d8aSopenharmony_ci * 6b8bc0d8aSopenharmony_ci * Copyright (C) 2007 Hans Ulrich Niedermann <gp@n-dimensional.de> 7b8bc0d8aSopenharmony_ci * Copyright 2002 Lutz Mueller <lutz@users.sourceforge.net> 8b8bc0d8aSopenharmony_ci * 9b8bc0d8aSopenharmony_ci * This library is free software; you can redistribute it and/or 10b8bc0d8aSopenharmony_ci * modify it under the terms of the GNU Lesser General Public 11b8bc0d8aSopenharmony_ci * License as published by the Free Software Foundation; either 12b8bc0d8aSopenharmony_ci * version 2 of the License, or (at your option) any later version. 13b8bc0d8aSopenharmony_ci * 14b8bc0d8aSopenharmony_ci * This library is distributed in the hope that it will be useful, 15b8bc0d8aSopenharmony_ci * but WITHOUT ANY WARRANTY; without even the implied warranty of 16b8bc0d8aSopenharmony_ci * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17b8bc0d8aSopenharmony_ci * Lesser General Public License for more details. 18b8bc0d8aSopenharmony_ci * 19b8bc0d8aSopenharmony_ci * You should have received a copy of the GNU Lesser General Public 20b8bc0d8aSopenharmony_ci * License along with this library; if not, write to the 21b8bc0d8aSopenharmony_ci * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, 22b8bc0d8aSopenharmony_ci * Boston, MA 02110-1301 USA. 23b8bc0d8aSopenharmony_ci * 24b8bc0d8aSopenharmony_ci */ 25b8bc0d8aSopenharmony_ci 26b8bc0d8aSopenharmony_ci#include <string.h> 27b8bc0d8aSopenharmony_ci#include <unistd.h> 28b8bc0d8aSopenharmony_ci#include <stdio.h> 29b8bc0d8aSopenharmony_ci#include <stdlib.h> 30b8bc0d8aSopenharmony_ci#include <sys/stat.h> 31b8bc0d8aSopenharmony_ci 32b8bc0d8aSopenharmony_ci#include "libexif/exif-data.h" 33b8bc0d8aSopenharmony_ci#include "libexif/exif-loader.h" 34b8bc0d8aSopenharmony_ci#include "libexif/exif-system.h" 35b8bc0d8aSopenharmony_ci 36b8bc0d8aSopenharmony_ci__AFL_FUZZ_INIT(); 37b8bc0d8aSopenharmony_ci 38b8bc0d8aSopenharmony_ci#undef USE_LOG 39b8bc0d8aSopenharmony_ci 40b8bc0d8aSopenharmony_ci#ifdef USE_LOG 41b8bc0d8aSopenharmony_cistatic void 42b8bc0d8aSopenharmony_cilogfunc(ExifLog *log, ExifLogCode code, const char *domain, const char *format, va_list args, void *data) 43b8bc0d8aSopenharmony_ci{ 44b8bc0d8aSopenharmony_ci fprintf( stderr, "test-fuzzer: code=%d domain=%s ", code, domain); 45b8bc0d8aSopenharmony_ci vfprintf (stderr, format, args); 46b8bc0d8aSopenharmony_ci fprintf (stderr, "\n"); 47b8bc0d8aSopenharmony_ci} 48b8bc0d8aSopenharmony_ci#endif 49b8bc0d8aSopenharmony_ci 50b8bc0d8aSopenharmony_ci/** Callback function handling an ExifEntry. */ 51b8bc0d8aSopenharmony_civoid content_foreach_func(ExifEntry *entry, void *callback_data); 52b8bc0d8aSopenharmony_civoid content_foreach_func(ExifEntry *entry, void *UNUSED(callback_data)) 53b8bc0d8aSopenharmony_ci{ 54b8bc0d8aSopenharmony_ci char buf[2001]; 55b8bc0d8aSopenharmony_ci 56b8bc0d8aSopenharmony_ci /* ensure \0 */ 57b8bc0d8aSopenharmony_ci buf[sizeof(buf)-1] = 0; 58b8bc0d8aSopenharmony_ci buf[sizeof(buf)-2] = 0; 59b8bc0d8aSopenharmony_ci exif_tag_get_name(entry->tag); 60b8bc0d8aSopenharmony_ci exif_format_get_name(entry->format); 61b8bc0d8aSopenharmony_ci exif_entry_get_value(entry, buf, sizeof(buf)-1); 62b8bc0d8aSopenharmony_ci if (buf[sizeof(buf)-2] != 0) abort(); 63b8bc0d8aSopenharmony_ci} 64b8bc0d8aSopenharmony_ci 65b8bc0d8aSopenharmony_ci 66b8bc0d8aSopenharmony_ci/** Callback function handling an ExifContent (corresponds 1:1 to an IFD). */ 67b8bc0d8aSopenharmony_civoid data_foreach_func(ExifContent *content, void *callback_data); 68b8bc0d8aSopenharmony_civoid data_foreach_func(ExifContent *content, void *callback_data) 69b8bc0d8aSopenharmony_ci{ 70b8bc0d8aSopenharmony_ci printf(" Content %p: ifd=%d\n", (void *)content, exif_content_get_ifd(content)); 71b8bc0d8aSopenharmony_ci exif_content_foreach_entry(content, content_foreach_func, callback_data); 72b8bc0d8aSopenharmony_ci} 73b8bc0d8aSopenharmony_cistatic int 74b8bc0d8aSopenharmony_citest_exif_data (ExifData *d) 75b8bc0d8aSopenharmony_ci{ 76b8bc0d8aSopenharmony_ci unsigned int i, c; 77b8bc0d8aSopenharmony_ci char v[1024]; 78b8bc0d8aSopenharmony_ci ExifMnoteData *md; 79b8bc0d8aSopenharmony_ci 80b8bc0d8aSopenharmony_ci fprintf (stdout, "Byte order: %s\n", 81b8bc0d8aSopenharmony_ci exif_byte_order_get_name (exif_data_get_byte_order (d))); 82b8bc0d8aSopenharmony_ci 83b8bc0d8aSopenharmony_ci md = exif_data_get_mnote_data (d); 84b8bc0d8aSopenharmony_ci if (!md) { 85b8bc0d8aSopenharmony_ci fprintf (stderr, "Could not parse maker note!\n"); 86b8bc0d8aSopenharmony_ci return 1; 87b8bc0d8aSopenharmony_ci } 88b8bc0d8aSopenharmony_ci 89b8bc0d8aSopenharmony_ci exif_mnote_data_ref (md); 90b8bc0d8aSopenharmony_ci exif_mnote_data_unref (md); 91b8bc0d8aSopenharmony_ci 92b8bc0d8aSopenharmony_ci c = exif_mnote_data_count (md); 93b8bc0d8aSopenharmony_ci for (i = 0; i < c; i++) { 94b8bc0d8aSopenharmony_ci const char *name = exif_mnote_data_get_name (md, i); 95b8bc0d8aSopenharmony_ci if (!name) continue; 96b8bc0d8aSopenharmony_ci exif_mnote_data_get_name (md, i); 97b8bc0d8aSopenharmony_ci exif_mnote_data_get_title (md, i); 98b8bc0d8aSopenharmony_ci exif_mnote_data_get_description (md, i); 99b8bc0d8aSopenharmony_ci exif_mnote_data_get_value (md, i, v, sizeof (v)); 100b8bc0d8aSopenharmony_ci } 101b8bc0d8aSopenharmony_ci 102b8bc0d8aSopenharmony_ci return 0; 103b8bc0d8aSopenharmony_ci} 104b8bc0d8aSopenharmony_ci 105b8bc0d8aSopenharmony_ci/** Main program. */ 106b8bc0d8aSopenharmony_ciint main(const int argc, const char *argv[]) 107b8bc0d8aSopenharmony_ci{ 108b8bc0d8aSopenharmony_ci int i; 109b8bc0d8aSopenharmony_ci ExifData *d; 110b8bc0d8aSopenharmony_ci ExifLoader *loader = exif_loader_new(); 111b8bc0d8aSopenharmony_ci unsigned int xbuf_size; 112b8bc0d8aSopenharmony_ci unsigned char *xbuf; 113b8bc0d8aSopenharmony_ci FILE *f; 114b8bc0d8aSopenharmony_ci struct stat stbuf; 115b8bc0d8aSopenharmony_ci#ifdef USE_LOG 116b8bc0d8aSopenharmony_ci ExifLog *log = exif_log_new (); 117b8bc0d8aSopenharmony_ci 118b8bc0d8aSopenharmony_ci exif_log_set_func(log, logfunc, NULL); 119b8bc0d8aSopenharmony_ci#endif 120b8bc0d8aSopenharmony_ci 121b8bc0d8aSopenharmony_ci#ifdef __AFL_HAVE_MANUAL_CONTROL 122b8bc0d8aSopenharmony_ci __AFL_INIT(); 123b8bc0d8aSopenharmony_ci#endif 124b8bc0d8aSopenharmony_ci 125b8bc0d8aSopenharmony_ci unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF; // must be after __AFL_INIT 126b8bc0d8aSopenharmony_ci // and before __AFL_LOOP! 127b8bc0d8aSopenharmony_ci 128b8bc0d8aSopenharmony_ci while (__AFL_LOOP(10000)) { 129b8bc0d8aSopenharmony_ci 130b8bc0d8aSopenharmony_ci int len = __AFL_FUZZ_TESTCASE_LEN; // don't use the macro directly in a call! 131b8bc0d8aSopenharmony_ci 132b8bc0d8aSopenharmony_ci d = exif_data_new_from_data(buf, len); 133b8bc0d8aSopenharmony_ci 134b8bc0d8aSopenharmony_ci /* try the exif loader */ 135b8bc0d8aSopenharmony_ci #ifdef USE_LOG 136b8bc0d8aSopenharmony_ci exif_data_log (d, log); 137b8bc0d8aSopenharmony_ci #endif 138b8bc0d8aSopenharmony_ci exif_data_foreach_content(d, data_foreach_func, NULL); 139b8bc0d8aSopenharmony_ci test_exif_data (d); 140b8bc0d8aSopenharmony_ci 141b8bc0d8aSopenharmony_ci xbuf = NULL; 142b8bc0d8aSopenharmony_ci exif_data_save_data (d, &xbuf, &xbuf_size); 143b8bc0d8aSopenharmony_ci free (xbuf); 144b8bc0d8aSopenharmony_ci 145b8bc0d8aSopenharmony_ci exif_data_set_byte_order(d, EXIF_BYTE_ORDER_INTEL); 146b8bc0d8aSopenharmony_ci 147b8bc0d8aSopenharmony_ci xbuf = NULL; 148b8bc0d8aSopenharmony_ci exif_data_save_data (d, &xbuf, &xbuf_size); 149b8bc0d8aSopenharmony_ci free (xbuf); 150b8bc0d8aSopenharmony_ci 151b8bc0d8aSopenharmony_ci exif_data_unref(d); 152b8bc0d8aSopenharmony_ci 153b8bc0d8aSopenharmony_ci#if 0 154b8bc0d8aSopenharmony_ci /* try the exif data writer ... different than the loader */ 155b8bc0d8aSopenharmony_ci 156b8bc0d8aSopenharmony_ci exif_loader_write(loader, buf, len); 157b8bc0d8aSopenharmony_ci 158b8bc0d8aSopenharmony_ci d = exif_loader_get_data(loader); 159b8bc0d8aSopenharmony_ci exif_data_foreach_content(d, data_foreach_func, NULL); 160b8bc0d8aSopenharmony_ci test_exif_data (d); 161b8bc0d8aSopenharmony_ci exif_loader_unref(loader); 162b8bc0d8aSopenharmony_ci exif_data_unref(d); 163b8bc0d8aSopenharmony_ci#endif 164b8bc0d8aSopenharmony_ci } 165b8bc0d8aSopenharmony_ci return 0; 166b8bc0d8aSopenharmony_ci} 167