fuzz_disasm.c
Go to the documentation of this file.
1 // the following must precede stdio (woo, thanks msft)
2 #if defined(_MSC_VER) && _MSC_VER < 1900
3 #define _CRT_SECURE_NO_WARNINGS
4 #endif
5 
6 #include <stdio.h>
7 #include <stdlib.h>
8 #include <inttypes.h>
9 
10 #include <capstone/capstone.h>
11 
12 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
13 
14 
15 struct platform {
16  cs_arch arch;
17  cs_mode mode;
18  const char *comment;
19 };
20 
21 static FILE *outfile = NULL;
22 
23 static struct platform platforms[] = {
24  {
25  // item 0
26  CS_ARCH_X86,
27  CS_MODE_32,
28  "X86 32 (Intel syntax)"
29  },
30  {
31  // item 1
32  CS_ARCH_X86,
33  CS_MODE_64,
34  "X86 64 (Intel syntax)"
35  },
36  {
37  // item 2
38  CS_ARCH_ARM,
39  CS_MODE_ARM,
40  "ARM"
41  },
42  {
43  // item 3
44  CS_ARCH_ARM,
45  CS_MODE_THUMB,
46  "THUMB"
47  },
48  {
49  // item 4
50  CS_ARCH_ARM,
51  (cs_mode)(CS_MODE_ARM + CS_MODE_V8),
52  "Arm-V8"
53  },
54  {
55  // item 5
56  CS_ARCH_ARM,
57  (cs_mode)(CS_MODE_THUMB+CS_MODE_V8),
58  "THUMB+V8"
59  },
60  {
61  // item 6
62  CS_ARCH_ARM,
63  (cs_mode)(CS_MODE_THUMB + CS_MODE_MCLASS),
64  "Thumb-MClass"
65  },
66  {
67  // item 7
68  CS_ARCH_ARM64,
69  (cs_mode)0,
70  "ARM-64"
71  },
72  {
73  // item 8
74  CS_ARCH_MIPS,
75  (cs_mode)(CS_MODE_MIPS32 + CS_MODE_BIG_ENDIAN),
76  "MIPS-32 (Big-endian)"
77  },
78  {
79  // item 9
80  CS_ARCH_MIPS,
81  (cs_mode)(CS_MODE_MIPS32 + CS_MODE_MICRO),
82  "MIPS-32 (micro)"
83  },
84  {
85  //item 10
86  CS_ARCH_MIPS,
87  CS_MODE_MIPS64,
88  "MIPS-64-EL (Little-endian)"
89  },
90  {
91  //item 11
92  CS_ARCH_MIPS,
93  CS_MODE_MIPS32,
94  "MIPS-32-EL (Little-endian)"
95  },
96  {
97  //item 12
98  CS_ARCH_MIPS,
99  (cs_mode)(CS_MODE_MIPS64 + CS_MODE_BIG_ENDIAN),
100  "MIPS-64 (Big-endian)"
101  },
102  {
103  //item 13
104  CS_ARCH_MIPS,
105  (cs_mode)(CS_MODE_MIPS32 + CS_MODE_MICRO + CS_MODE_BIG_ENDIAN),
106  "MIPS-32 | Micro (Big-endian)"
107  },
108  {
109  //item 14
110  CS_ARCH_PPC,
111  CS_MODE_BIG_ENDIAN,
112  "PPC-64"
113  },
114  {
115  //item 15
116  CS_ARCH_SPARC,
117  CS_MODE_BIG_ENDIAN,
118  "Sparc"
119  },
120  {
121  //item 16
122  CS_ARCH_SPARC,
123  (cs_mode)(CS_MODE_BIG_ENDIAN + CS_MODE_V9),
124  "SparcV9"
125  },
126  {
127  //item 17
128  CS_ARCH_SYSZ,
129  (cs_mode)0,
130  "SystemZ"
131  },
132  {
133  //item 18
134  CS_ARCH_XCORE,
135  (cs_mode)0,
136  "XCore"
137  },
138  {
139  //item 19
140  CS_ARCH_MIPS,
141  (cs_mode)(CS_MODE_MIPS32R6 + CS_MODE_BIG_ENDIAN),
142  "MIPS-32R6 (Big-endian)"
143  },
144  {
145  //item 20
146  CS_ARCH_MIPS,
147  (cs_mode)(CS_MODE_MIPS32R6 + CS_MODE_MICRO + CS_MODE_BIG_ENDIAN),
148  "MIPS-32R6 (Micro+Big-endian)"
149  },
150  {
151  //item 21
152  CS_ARCH_MIPS,
153  CS_MODE_MIPS32R6,
154  "MIPS-32R6 (Little-endian)"
155  },
156  {
157  //item 22
158  CS_ARCH_MIPS,
159  (cs_mode)(CS_MODE_MIPS32R6 + CS_MODE_MICRO),
160  "MIPS-32R6 (Micro+Little-endian)"
161  },
162  {
163  //item 23
164  CS_ARCH_M68K,
165  (cs_mode)0,
166  "M68K"
167  },
168  {
169  //item 24
170  CS_ARCH_M680X,
171  (cs_mode)CS_MODE_M680X_6809,
172  "M680X_M6809"
173  },
174  {
175  //item 25
176  CS_ARCH_EVM,
177  (cs_mode)0,
178  "EVM"
179  },
180 #ifdef CAPSTONE_HAS_MOS65XX
181  {
182  //item 26
183  CS_ARCH_MOS65XX,
184  (cs_mode)0,
185  "MOS65XX"
186  },
187 #endif
188 };
189 
190 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
191  csh handle;
192  cs_insn *all_insn;
193  cs_detail *detail;
194  cs_err err;
195 
196  if (Size < 1) {
197  // 1 byte for arch choice
198  return 0;
199  } else if (Size > 0x1000) {
200  //limit input to 4kb
201  Size = 0x1000;
202  }
203 
204  if (outfile == NULL) {
205  // we compute the output
206  outfile = fopen("/dev/null", "w");
207  if (outfile == NULL) {
208  return 0;
209  }
210  }
211 
212  int platforms_len = sizeof(platforms)/sizeof(platforms[0]);
213  int i = (int)Data[0] % platforms_len;
214 
215  err = cs_open(platforms[i].arch, platforms[i].mode, &handle);
216  if (err) {
217  return 0;
218  }
219 
220  cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON);
221 
222  uint64_t address = 0x1000;
223  size_t count = cs_disasm(handle, Data+1, Size-1, address, 0, &all_insn);
224 
225  if (count) {
226  size_t j;
227  unsigned int n;
228 
229  for (j = 0; j < count; j++) {
230  cs_insn *i = &(all_insn[j]);
231  fprintf(outfile, "0x%"PRIx64":\t%s\t\t%s // insn-ID: %u, insn-mnem: %s\n",
232  i->address, i->mnemonic, i->op_str,
233  i->id, cs_insn_name(handle, i->id));
234 
235  detail = i->detail;
236 
237  if (detail->regs_read_count > 0) {
238  fprintf(outfile, "\tImplicit registers read: ");
239  for (n = 0; n < detail->regs_read_count; n++) {
240  fprintf(outfile, "%s ", cs_reg_name(handle, detail->regs_read[n]));
241  }
242  }
243 
244  if (detail->regs_write_count > 0) {
245  fprintf(outfile, "\tImplicit registers modified: ");
246  for (n = 0; n < detail->regs_write_count; n++) {
247  fprintf(outfile, "%s ", cs_reg_name(handle, detail->regs_write[n]));
248  }
249  }
250 
251  if (detail->groups_count > 0) {
252  fprintf(outfile, "\tThis instruction belongs to groups: ");
253  for (n = 0; n < detail->groups_count; n++) {
254  fprintf(outfile, "%s ", cs_group_name(handle, detail->groups[n]));
255  }
256  }
257  }
258 
259  fprintf(outfile, "0x%"PRIx64":\n", all_insn[j-1].address + all_insn[j-1].size);
260  cs_free(all_insn, count);
261  }
262 
263  cs_close(&handle);
264 
265  return 0;
266 }
cs_close
CAPSTONE_EXPORT cs_err CAPSTONE_API cs_close(csh *handle)
Definition: cs.c:522
CS_MODE_32
@ CS_MODE_32
32-bit mode (X86)
Definition: capstone.h:107
CS_ARCH_M68K
@ CS_ARCH_M68K
68K architecture
Definition: capstone.h:83
CS_ARCH_MOS65XX
@ CS_ARCH_MOS65XX
MOS65XX architecture (including MOS6502)
Definition: capstone.h:87
CS_MODE_ARM
@ CS_MODE_ARM
32-bit ARM
Definition: capstone.h:105
cs_disasm
CAPSTONE_EXPORT size_t CAPSTONE_API cs_disasm(csh ud, const uint8_t *buffer, size_t size, uint64_t offset, size_t count, cs_insn **insn)
Definition: cs.c:822
CS_ARCH_PPC
@ CS_ARCH_PPC
PowerPC architecture.
Definition: capstone.h:79
LLVMFuzzerTestOneInput
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
Definition: fuzz_disasm.c:190
error_ref_leak.err
err
Definition: error_ref_leak.py:35
cs_open
CAPSTONE_EXPORT cs_err CAPSTONE_API cs_open(cs_arch arch, cs_mode mode, csh *handle)
Definition: cs.c:474
platform::mode
cs_mode mode
Definition: test_arm_regression.c:20
cs_arch
cs_arch
Architecture type.
Definition: capstone.h:74
mode
const char int mode
Definition: bloaty/third_party/zlib/contrib/minizip/ioapi.h:135
CS_OPT_DETAIL
@ CS_OPT_DETAIL
Break down instruction structure into details.
Definition: capstone.h:172
detail
Definition: test_winkernel.cpp:39
uint8_t
unsigned char uint8_t
Definition: stdint-msvc2008.h:78
platform::comment
const char * comment
Definition: fuzz_disasm.c:18
CS_ARCH_EVM
@ CS_ARCH_EVM
Ethereum architecture.
Definition: capstone.h:86
CS_ARCH_M680X
@ CS_ARCH_M680X
680X architecture
Definition: capstone.h:85
cs_option
CAPSTONE_EXPORT cs_err CAPSTONE_API cs_option(csh ud, cs_opt_type type, size_t value)
Definition: cs.c:670
CS_MODE_MICRO
@ CS_MODE_MICRO
MicroMips mode (MIPS)
Definition: capstone.h:112
cs_mode
cs_mode
Mode type.
Definition: capstone.h:103
capstone.h
cs_insn_name
const CAPSTONE_EXPORT char *CAPSTONE_API cs_insn_name(csh ud, unsigned int insn)
Definition: cs.c:1188
xds_interop_client.int
int
Definition: xds_interop_client.py:113
CS_ARCH_SYSZ
@ CS_ARCH_SYSZ
SystemZ architecture.
Definition: capstone.h:81
cs_reg_name
const CAPSTONE_EXPORT char *CAPSTONE_API cs_reg_name(csh ud, unsigned int reg)
Definition: cs.c:1176
CS_ARCH_X86
@ CS_ARCH_X86
X86 architecture (including x86 & x86-64)
Definition: capstone.h:78
uint64_t
unsigned __int64 uint64_t
Definition: stdint-msvc2008.h:90
CS_OPT_ON
@ CS_OPT_ON
Turn ON an option (CS_OPT_DETAIL, CS_OPT_SKIPDATA).
Definition: capstone.h:184
CS_MODE_THUMB
@ CS_MODE_THUMB
ARM's Thumb mode, including Thumb-2.
Definition: capstone.h:109
CS_MODE_BIG_ENDIAN
@ CS_MODE_BIG_ENDIAN
big-endian mode
Definition: capstone.h:124
CS_MODE_MIPS32R6
@ CS_MODE_MIPS32R6
Mips32r6 ISA.
Definition: capstone.h:114
CS_MODE_MCLASS
@ CS_MODE_MCLASS
ARM's Cortex-M series.
Definition: capstone.h:110
arch
cs_arch arch
Definition: cstool.c:13
CS_MODE_M680X_6809
@ CS_MODE_M680X_6809
M680X Motorola 6809 mode.
Definition: capstone.h:133
platform::arch
cs_arch arch
Definition: test_arm_regression.c:19
n
int n
Definition: abseil-cpp/absl/container/btree_test.cc:1080
CS_ARCH_SPARC
@ CS_ARCH_SPARC
Sparc architecture.
Definition: capstone.h:80
CS_ARCH_MIPS
@ CS_ARCH_MIPS
Mips architecture.
Definition: capstone.h:77
csh
size_t csh
Definition: capstone.h:71
benchmark.FILE
FILE
Definition: benchmark.py:21
CS_MODE_MIPS64
@ CS_MODE_MIPS64
Mips64 ISA (Mips)
Definition: capstone.h:126
count
int * count
Definition: bloaty/third_party/googletest/googlemock/test/gmock_stress_test.cc:96
CS_MODE_64
@ CS_MODE_64
64-bit mode (X86, PPC)
Definition: capstone.h:108
CS_ARCH_ARM
@ CS_ARCH_ARM
ARM architecture (including Thumb, Thumb-2)
Definition: capstone.h:75
outfile
static FILE * outfile
Definition: fuzz_disasm.c:21
cs_group_name
const CAPSTONE_EXPORT char *CAPSTONE_API cs_group_name(csh ud, unsigned int group)
Definition: cs.c:1200
platforms
static struct platform platforms[]
Definition: fuzz_disasm.c:23
cs_free
CAPSTONE_EXPORT void CAPSTONE_API cs_free(cs_insn *insn, size_t count)
Definition: cs.c:1039
CS_MODE_V9
@ CS_MODE_V9
SparcV9 mode (Sparc)
Definition: capstone.h:116
handle
static csh handle
Definition: test_arm_regression.c:16
CS_ARCH_ARM64
@ CS_ARCH_ARM64
ARM-64, also called AArch64.
Definition: capstone.h:76
size
voidpf void uLong size
Definition: bloaty/third_party/zlib/contrib/minizip/ioapi.h:136
CS_MODE_MIPS32
@ CS_MODE_MIPS32
Mips32 ISA (Mips)
Definition: capstone.h:125
CS_ARCH_XCORE
@ CS_ARCH_XCORE
XCore architecture.
Definition: capstone.h:82
CS_MODE_V8
@ CS_MODE_V8
ARMv8 A32 encodings for ARM.
Definition: capstone.h:111
platform
Definition: test_arm_regression.c:18
i
uint64_t i
Definition: abseil-cpp/absl/container/btree_benchmark.cc:230
test_evm.detail
detail
Definition: test_evm.py:9

grpc
Author(s):
autogenerated on Thu Mar 13 2025 02:59:22