added a structured inputs example

Author: PBetzler

src/explore_me/CMakeLists.txt

@@ -18,6 +18,7 @@ target_link_libraries(explore_me
 foreach(TestType IN ITEMS
     simple_checks
     complex_checks
+    structured_input_checks
 )
 
     add_executable(${TestType}_test

src/explore_me/explore_me.cpp

@@ -6,6 +6,8 @@
 static long insecureEncrypt(long input);
 static void trigger_global_buffer_overflow(const std::string &c);
 static void trigger_use_after_free();
+static void trigger_double_free();
+static void trigger_memory_leak();
 
 void ExploreSimpleChecks(int a, int b, std::string c) {
   if (a >= 20000) {
@@ -29,6 +31,16 @@ void ExploreComplexChecks(long a, long b, std::string c) {
   }
 }
 
+void ExploreStructuredInputChecks(InputStrut inputStrut){
+    if (EncodeBase64(inputStrut.c) == "SGV5LCB3ZWw=") {
+        if (insecureEncrypt(inputStrut.a) == 0x4e9e91e6677cfff3L) {
+            if (insecureEncrypt(inputStrut.b) == 0x4f8b9fb34431d9d3L) {
+                trigger_double_free();
+            }
+        }
+    }
+}
+
 static long insecureEncrypt(long input) {
   long key = 0xefe4eb93215cb6b0L;
   return input ^ key;
@@ -47,4 +59,19 @@ static void trigger_use_after_free() {
   buffer[5] = '\0';
   free(buffer);
   printf("%s\n", buffer);
-}
+}
+
+static void trigger_double_free(){
+    auto *buffer = static_cast<char *>(malloc(6));
+    memcpy(buffer, "hello", 5);
+    buffer[5] = '\0';
+    for (int i = 0; i < 2; i++) {
+        free(buffer);
+    }
+}
+
+static void trigger_memory_leak(){
+    auto *buffer = static_cast<char *>(malloc(6));
+    memcpy(buffer, "hello", 5);
+    buffer[5] = '\0';
+    }

src/explore_me/explore_me.h

@@ -7,6 +7,16 @@
 
 #include <string>
 
+struct InputStrut {
+    long a;
+    long b;
+    std::string c;
+};
+
 void ExploreSimpleChecks(int a, int b, std::string c);
 
-void ExploreComplexChecks(long a, long b, std::string c);
+void ExploreComplexChecks(long a, long b, std::string c);
+
+void ExploreStructuredInputChecks(InputStrut inputStrut);
+
+void ExploreCustomMutatorExampleChecks(long a, long b, std::string c);

src/explore_me/structured_input_checks_test.cpp

@@ -0,0 +1,29 @@
+#include <cifuzz/cifuzz.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include "explore_me.h"
+
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#include <gtest/gtest.h>
+
+TEST(ExploreStructuredInputChecks, DeveloperTest) {
+    InputStrut inputStrut = (InputStrut) {.a=0, .b= 10, .c="Developer"};
+    EXPECT_NO_THROW(ExploreStructuredInputChecks(inputStrut));
+}
+
+TEST(ExploreStructuredInputChecks, MaintainerTest) {
+    InputStrut inputStrut = (InputStrut) {.a=20, .b= -10, .c="Maintainer"};
+    EXPECT_NO_THROW(ExploreStructuredInputChecks(inputStrut));
+}
+
+#endif
+
+FUZZ_TEST(const uint8_t *data, size_t size) {
+    FuzzedDataProvider fdp(data, size);
+    int a = fdp.ConsumeIntegral<int>();
+    int b = fdp.ConsumeIntegral<int>();
+    std::string c = fdp.ConsumeRemainingBytesAsString();
+    InputStrut inputStrut = (InputStrut) {.a=a, .b= b, .c=c};
+
+    ExploreStructuredInputChecks(inputStrut);
+}