WIP custom mutator example

Author: PBetzler

.gitignore

@@ -4,4 +4,5 @@ build
 cmake-build-debug
 
 /**/.cifuzz-*
-/**/*fuzzer_inputs
+/**/*fuzzer_inputs
+/**/*fuzz_test_inputs

src/explore_me/custom_mutator_example_checks_test.cpp

@@ -11,44 +11,54 @@ TEST(ExploreCustomMutatorExampleChecks, DeveloperTest) {
     SpecialRequirementsStruct inputStruct = (SpecialRequirementsStruct) {.a=0, .b= 10, .c= 0, .c_size= 0};
     inputStruct.c = malloc(sizeof("Developer"));
     inputStruct.c_size = sizeof("Developer");
-    EXPECT_NO_THROW(ExploreCustomMutatorExampleChecks(inputStruct));
+    EXPECT_NO_THROW(ExploreCustomMutatorExampleChecks(&inputStruct));
 }
 
 TEST(ExploreStructuredInputChecks, MaintainerTest) {
     InputStrut inputStruct = (InputStruct) {.a=20, .b= -10, .c=0};
     inputStruct.c = malloc(sizeof("Maintainer"));
     inputStruct.c_size = sizeof("Maintainer");
-    EXPECT_NO_THROW(ExploreCustomMutatorExampleChecks(inputStruct));
+    EXPECT_NO_THROW(ExploreCustomMutatorExampleChecks(&inputStruct));
 }
 
 #endif
 
 FUZZ_TEST(const uint8_t *data, size_t size) {
     SpecialRequirementsStruct* inputStruct = (SpecialRequirementsStruct*) data;
-    ExploreCustomMutatorExampleChecks(*inputStruct);
+    ExploreCustomMutatorExampleChecks(inputStruct);
 
     free(inputStruct->c);
 }
 
 
 extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *data, size_t size,
                                           size_t maxSize, unsigned int seed) {
+    std::cout << "In custom mutator.\n";
+
     FuzzedDataProvider fdp(data, size);
     long a = fdp.ConsumeIntegral<long>();
     long b = fdp.ConsumeIntegral<long>();
-    const char* tempC = fdp.ConsumeRemainingBytesAsString().c_str();
-    size_t c_size= strlen(tempC) +1;
+    std::string tempC = fdp.ConsumeRemainingBytesAsString();
+    size_t c_size= strlen(tempC.c_str()) +1;
     char* c = (char*) malloc(c_size);
-    strncpy(c, tempC, c_size);
+    strncpy(c, tempC.c_str(), c_size);
     SpecialRequirementsStruct specialRequirementsStruct = (SpecialRequirementsStruct) {
         .a= a, .b=b, .c_size=c_size, .c= c
     };
+    size_t size1 = sizeof(specialRequirementsStruct);
+
+    if (maxSize >= size1) {
+        free(data);
+        data = (uint8_t*) malloc (size1);
+        std::memcpy(data, &specialRequirementsStruct, size1);
+        return sizeof(specialRequirementsStruct);
+    } else {
+        return maxSize;
+    }
+
+
+
 
-    free(data);
-    data = (uint8_t*) malloc (sizeof(specialRequirementsStruct));
-    std::memcpy(data, &specialRequirementsStruct, sizeof(specialRequirementsStruct));
 
-    std::cout << "In custom mutator.\n";
 
-    return sizeof(specialRequirementsStruct);
 }

src/explore_me/explore_me.cpp

@@ -41,11 +41,11 @@ void ExploreStructuredInputChecks(InputStruct inputStruct){
     }
 }
 
-void ExploreCustomMutatorExampleChecks(SpecialRequirementsStruct specialRequirementsStruct){
-    strncpy(specialRequirementsStruct.c, "Hello", specialRequirementsStruct.c_size);
+void ExploreCustomMutatorExampleChecks(SpecialRequirementsStruct* specialRequirementsStruct){
+    strncpy(specialRequirementsStruct->c, "Hello\0", specialRequirementsStruct->c_size);
 
-    if (insecureEncrypt(specialRequirementsStruct.a) == 0x4e9e91e6677cfff3L) {
-        if (insecureEncrypt(specialRequirementsStruct.b) == 0x4f8b9fb34431d9d3L) {
+    if (insecureEncrypt(specialRequirementsStruct->a) == 0x4e9e91e6677cfff3L) {
+        if (insecureEncrypt(specialRequirementsStruct->b) == 0x4f8b9fb34431d9d3L) {
             trigger_memory_leak();
         }
     }

src/explore_me/explore_me.h

@@ -26,4 +26,4 @@ void ExploreComplexChecks(long a, long b, std::string c);
 
 void ExploreStructuredInputChecks(InputStruct inputStrut);
 
-void ExploreCustomMutatorExampleChecks(SpecialRequirementsStruct specialRequirementsStruct);
+void ExploreCustomMutatorExampleChecks(SpecialRequirementsStruct* specialRequirementsStruct);