Search code examples
fuzzing

How to use AFL to test functions with struct parameters?


I am new to fuzz. Due to the supervisor's task, I am testing a series of small functions whose parameters are structures, such as

struct Node{
    int a;
    float b;
}
void foo(Node node){...}

And he asked me to try using AFL .But I found that AFL can only mutate the content of an input file and use it for testing, that is, the program can only get a character array. So how can I use AFL to generate these structure data?

I must use AFL, so please do not mention other tools such as AFL++.

I think the only way is to split this character array in some way and assign the values ​​of each sub-array to each structure variable, but this will make it more random.


Solution

    1. Write code that saves your structure type variable to a file, something like this:

       Node new_node;    
       new_node.a = realistic_value_for_a;              
       //Use realistic values for initializing the fields of your object.    
       new_node.b = realistic_value_for_b;    
      
       FILE* pFile = fopen( "your_file_name", "wb" );    
       fwrite( &new_node, sizeof(new_node), 1, pFile );    
       fclose( pFile );
      

      This is an example without any error checks etc.

    2. Modify your test to read the object from the file and pass it to the func, for example:

       Node new_node;
      
       FILE* pFile = fopen( "your_file_name", "rb" );
      
       fread( &new_node, sizeof(new_node), 1, pFile );
      
       fclose( pFile );
      
       foo(new_node);
      
    3. Use the file written in step 1 as seed in AFL.