⚗️ try to address #2012

nlohmann · Apr 11, 2020 · 2556a22 · 2556a22
1 parent 6121fc5
commit 2556a22
Showing 1 changed file with 24 additions and 8 deletions.
diff --git a/test/src/fuzzer-driver_afl.cpp b/test/src/fuzzer-driver_afl.cpp
@@ -14,25 +14,41 @@ Licensed under the MIT License <http://opensource.org/licenses/MIT>.
 #include <vector>    // for vector
 #include <cstdint>   // for uint8_t
 #include <iostream>  // for cin
+#include <cstring>   // for memcpy
+#include <unistd.h>  // for read
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size);
 
+static const std::size_t MaxInputSize = 1048576;  // 1MiB
+static uint8_t InputBuf[MaxInputSize];
+
 int main()
 {
 #ifdef __AFL_HAVE_MANUAL_CONTROL
+    /* AFL deferred fork */
+    __AFL_INIT();
+
+    /* AFL persistent loop */
     while (__AFL_LOOP(1000))
     {
 #endif
-        // copy stdin to byte vector
-        std::vector<uint8_t> vec;
-        char c;
-        while (std::cin.get(c))
+
+        /* read data*/
+        ssize_t bytesReaded = read(0, InputBuf, MaxInputSize);
+        if (bytesReaded > 0)
         {
-            vec.push_back(static_cast<uint8_t>(c));
-        }
+            /* allocate memory, exactly bytesReaded to catch overflows */
+            uint8_t* tmpBuf = (uint8_t*)malloc(bytesReaded);
+            memcpy(tmpBuf, InputBuf, bytesReaded);
 
-        LLVMFuzzerTestOneInput(vec.data(), vec.size());
 #ifdef __AFL_HAVE_MANUAL_CONTROL
-    }
+            /* run harness*/
+            LLVMFuzzerTestOneInput(tmpBuf, bytesReaded);
+
+            /* clear */
+            free(tmpBuf);
+        }
 #endif
+    }
+    return 0;
 }