add the example from the Eclipser paper

trailofbits · May 30, 2019 · 37d28b5 · 37d28b5
1 parent cd116c0
commit 37d28b5
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt
@@ -112,6 +112,16 @@ if (BUILD_LIBFUZZER)
    set_target_properties(Runlen_LF PROPERTIES COMPILE_DEFINITIONS "LIBFUZZER")
 endif()
 
+add_executable(FromEclipser FromEclipser.cpp)
+target_link_libraries(FromEclipser deepstate)
+
+if (BUILD_LIBFUZZER)
+   add_executable(FromEclipser_LF FromEclipser.cpp) 
+   target_link_libraries(FromEclipser_LF deepstate_LF)
+   target_link_libraries (FromEclipser_LF "-fsanitize=fuzzer,undefined")
+   set_target_properties(FromEclipser_LF PROPERTIES COMPILE_DEFINITIONS "LIBFUZZER")
+endif()
+
 if (NOT APPLE)
   add_executable(Squares Squares.c)
   target_link_libraries(Squares deepstate)

diff --git a/examples/FromEclipser.cpp b/examples/FromEclipser.cpp
@@ -0,0 +1,19 @@
+#include <deepstate/DeepState.hpp>
+
+using namespace deepstate;
+
+#include <assert.h>
+
+int vulnfunc(int32_t intInput, char * strInput) {
+   if (2 * intInput + 1 == 31337)
+      if (strcmp(strInput, "Bad!") == 0)
+         assert(0);
+   return 0;
+}
+
+TEST(FromEclipser, CrashIt) {
+   char *buf = (char*)DeepState_Malloc(9);
+   buf[8] = 0;
+   vulnfunc(*((int32_t*) &buf[0]), &buf[4]);
+   free(buf);
+}