A dual-purpose fuzzing harness for libFuzzer (Clang) and AFL++ (GCC), focused on the infix FFI trampoline generation API. More...

#include "fuzz_helpers.h"

Include dependency graph for fuzz_trampoline.c:

Functions
void	dummy_target_for_fuzzing (void)

void	dummy_closure_handler (infix_context_t ctx, void ret, void **args)

static void	FuzzTest (fuzzer_input in)

int	LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
	The entry point called by the libFuzzer engine.

Detailed Description

A dual-purpose fuzzing harness for libFuzzer (Clang) and AFL++ (GCC), focused on the infix FFI trampoline generation API.

This source code is dual-licensed under the Artistic License 2.0 or the MIT License. You may choose to use this code under the terms of either license.

SPDX-License-Identifier: (Artistic-2.0 OR MIT)

The documentation blocks within this file are licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0).

SPDX-License-Identifier: CC-BY-4.0

This harness uses the shared recursive generator (fuzz_helpers.h) to create a pool of complex infix_type objects within a memory arena. It then uses these types to construct randomized function signatures which are passed to infix_forward_create_manual and infix_reverse_create_*_manual.

The goal is to find bugs in the ABI classification and JIT code generation stages. This harness now tests the fully arena-based workflow.

Function Documentation

◆ dummy_closure_handler()

void dummy_closure_handler	(	infix_context_t *	ctx,
		void *	ret,
		void **	args
	)

◆ dummy_target_for_fuzzing()

void dummy_target_for_fuzzing ( void )

◆ FuzzTest()

static void FuzzTest ( fuzzer_input in )

static

◆ LLVMFuzzerTestOneInput()

int LLVMFuzzerTestOneInput	(	const uint8_t *	data,
		size_t	size
	)