WIP: added custom mutator example

Author: PBetzler

src/explore_me/CMakeLists.txt

@@ -19,6 +19,7 @@ foreach(TestType IN ITEMS
     simple_checks
     complex_checks
     structured_input_checks
+    custom_mutator_example_checks
 )
 
     add_executable(${TestType}_test

src/explore_me/custom_mutator_example_checks_fuzz_test_inputs/brilliant_caterpillar-crash-da39a3ee5e6b4b0d3255bfef95601890afd80709

@@ -0,0 +1,54 @@
+#include <cifuzz/cifuzz.h>
+#include <fuzzer/FuzzedDataProvider.h>
+#include <iostream>
+
+#include "explore_me.h"
+
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#include <gtest/gtest.h>
+
+TEST(ExploreCustomMutatorExampleChecks, DeveloperTest) {
+    SpecialRequirementsStruct inputStruct = (SpecialRequirementsStruct) {.a=0, .b= 10, .c= 0, .c_size= 0};
+    inputStruct.c = malloc(sizeof("Developer"));
+    inputStruct.c_size = sizeof("Developer");
+    EXPECT_NO_THROW(ExploreCustomMutatorExampleChecks(inputStruct));
+}
+
+TEST(ExploreStructuredInputChecks, MaintainerTest) {
+    InputStrut inputStruct = (InputStruct) {.a=20, .b= -10, .c=0};
+    inputStruct.c = malloc(sizeof("Maintainer"));
+    inputStruct.c_size = sizeof("Maintainer");
+    EXPECT_NO_THROW(ExploreCustomMutatorExampleChecks(inputStruct));
+}
+
+#endif
+
+FUZZ_TEST(const uint8_t *data, size_t size) {
+    SpecialRequirementsStruct* inputStruct = (SpecialRequirementsStruct*) data;
+    ExploreCustomMutatorExampleChecks(*inputStruct);
+
+    free(inputStruct->c);
+}
+
+
+extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *data, size_t size,
+                                          size_t maxSize, unsigned int seed) {
+    FuzzedDataProvider fdp(data, size);
+    long a = fdp.ConsumeIntegral<long>();
+    long b = fdp.ConsumeIntegral<long>();
+    const char* tempC = fdp.ConsumeRemainingBytesAsString().c_str();
+    size_t c_size= strlen(tempC) +1;
+    char* c = (char*) malloc(c_size);
+    strncpy(c, tempC, c_size);
+    SpecialRequirementsStruct specialRequirementsStruct = (SpecialRequirementsStruct) {
+        .a= a, .b=b, .c_size=c_size, .c= c
+    };
+
+    free(data);
+    data = (uint8_t*) malloc (sizeof(specialRequirementsStruct));
+    std::memcpy(data, &specialRequirementsStruct, sizeof(specialRequirementsStruct));
+
+    std::cout << "In custom mutator.\n";
+
+    return sizeof(specialRequirementsStruct);
+}

src/explore_me/custom_mutator_example_checks_fuzz_test_inputs/tough_pigeon-crash-da39a3ee5e6b4b0d3255bfef95601890afd80709

@@ -31,16 +31,26 @@ void ExploreComplexChecks(long a, long b, std::string c) {
   }
 }
 
-void ExploreStructuredInputChecks(InputStrut inputStrut){
-    if (EncodeBase64(inputStrut.c) == "SGV5LCB3ZWw=") {
-        if (insecureEncrypt(inputStrut.a) == 0x4e9e91e6677cfff3L) {
-            if (insecureEncrypt(inputStrut.b) == 0x4f8b9fb34431d9d3L) {
+void ExploreStructuredInputChecks(InputStruct inputStruct){
+    if (EncodeBase64(inputStruct.c) == "SGV5LCB3ZWw=") {
+        if (insecureEncrypt(inputStruct.a) == 0x4e9e91e6677cfff3L) {
+            if (insecureEncrypt(inputStruct.b) == 0x4f8b9fb34431d9d3L) {
                 trigger_double_free();
             }
         }
     }
 }
 
+void ExploreCustomMutatorExampleChecks(SpecialRequirementsStruct specialRequirementsStruct){
+    strncpy(specialRequirementsStruct.c, "Hello", specialRequirementsStruct.c_size);
+
+    if (insecureEncrypt(specialRequirementsStruct.a) == 0x4e9e91e6677cfff3L) {
+        if (insecureEncrypt(specialRequirementsStruct.b) == 0x4f8b9fb34431d9d3L) {
+            trigger_memory_leak();
+        }
+    }
+}
+
 static long insecureEncrypt(long input) {
   long key = 0xefe4eb93215cb6b0L;
   return input ^ key;

src/explore_me/custom_mutator_example_checks_test.cpp

@@ -7,16 +7,23 @@
 
 #include <string>
 
-struct InputStrut {
+struct InputStruct {
     long a;
     long b;
     std::string c;
 };
 
+struct SpecialRequirementsStruct {
+    long a;
+    long b;
+    size_t c_size;
+    char* c;
+};
+
 void ExploreSimpleChecks(int a, int b, std::string c);
 
 void ExploreComplexChecks(long a, long b, std::string c);
 
-void ExploreStructuredInputChecks(InputStrut inputStrut);
+void ExploreStructuredInputChecks(InputStruct inputStrut);
 
-void ExploreCustomMutatorExampleChecks(long a, long b, std::string c);
+void ExploreCustomMutatorExampleChecks(SpecialRequirementsStruct specialRequirementsStruct);

src/explore_me/explore_me.cpp

@@ -7,13 +7,13 @@
 #include <gtest/gtest.h>
 
 TEST(ExploreStructuredInputChecks, DeveloperTest) {
-    InputStrut inputStrut = (InputStrut) {.a=0, .b= 10, .c="Developer"};
-    EXPECT_NO_THROW(ExploreStructuredInputChecks(inputStrut));
+    InputStruct inputStruct = (InputStrut) {.a=0, .b= 10, .c="Developer"};
+    EXPECT_NO_THROW(ExploreStructuredInputChecks(inputStruct));
 }
 
 TEST(ExploreStructuredInputChecks, MaintainerTest) {
-    InputStrut inputStrut = (InputStrut) {.a=20, .b= -10, .c="Maintainer"};
-    EXPECT_NO_THROW(ExploreStructuredInputChecks(inputStrut));
+    InputStruct inputStruct = (InputStruct) {.a=20, .b= -10, .c="Maintainer"};
+    EXPECT_NO_THROW(ExploreStructuredInputChecks(inputStruct));
 }
 
 #endif
@@ -23,7 +23,7 @@ FUZZ_TEST(const uint8_t *data, size_t size) {
     int a = fdp.ConsumeIntegral<int>();
     int b = fdp.ConsumeIntegral<int>();
     std::string c = fdp.ConsumeRemainingBytesAsString();
-    InputStrut inputStrut = (InputStrut) {.a=a, .b= b, .c=c};
+    InputStruct inputStruct = (InputStruct) {.a=a, .b= b, .c=c};
 
-    ExploreStructuredInputChecks(inputStrut);
+    ExploreStructuredInputChecks(inputStruct);
 }