Add basic structure for fuzzing targets

General changes: * Add -D/--deterministic command line option as convenience/alternative to -G/--load-seeds (i.e. no file needed, it just uses zero-initialized random seeds). It also changes Broker data stores over to using deterministic timing rather than real time. * Add option to make Reporter abort on runtime scripting errors
2025-10-06 16:48:19 +00:00 · 2020-04-21 20:16:00 -07:00 · 2020-04-21 20:16:00 -07:00 · 8f1b34b915
commit 8f1b34b915
parent f849571910
20 changed files with 1290 additions and 928 deletions
--- a/src/fuzzers/FuzzBuffer.cc
+++ b/src/fuzzers/FuzzBuffer.cc
@ -0,0 +1,56 @@
+#if !defined(_GNU_SOURCE)
+#define _GNU_SOURCE
+#endif
+
+#include <string.h>
+
+#include "FuzzBuffer.h"
+
+bool zeek::FuzzBuffer::Valid() const
+	{
+	if ( end - begin < PKT_MAGIC_LEN + 2 )
+		return false;
+
+	if ( memcmp(begin, PKT_MAGIC, PKT_MAGIC_LEN) != 0)
+		return false;
+
+	return true;
+	}
+
+int zeek::FuzzBuffer::Next(const unsigned char** chunk, size_t* len, bool* is_orig)
+	{
+	if ( begin == end )
+		{
+		*chunk = nullptr;
+		*len = 0;
+		return 0;
+		}
+
+	auto pos = (const unsigned char*)memmem(begin, end - begin,
+	                                        PKT_MAGIC, PKT_MAGIC_LEN);
+
+	if ( ! pos )
+		return -1;
+
+	begin += PKT_MAGIC_LEN;
+	auto remaining = end - begin;
+
+	if ( remaining < 2 )
+		return -2;
+
+	*is_orig = begin[0] & 0x01;
+	begin += 1;
+
+	*chunk = begin;
+
+	auto next = (const unsigned char*)memmem(begin, end - begin,
+	                                         PKT_MAGIC, PKT_MAGIC_LEN);
+
+	if ( next )
+		begin = next;
+	else
+		begin = end;
+
+	*len = begin - *chunk;
+	return 0;
+	}