Writing schema for C library (e.g., ngiflib)

[Marsman1996]

Hi there,

I'm now trying to apply GraphFuzz to multiple C libraries. According to #7, I refer to the schema.yaml of sqlite3 as an example and write a schema.yaml (in the attachment) for ngiflib. However, here are some problems I met.

1. In theschema.yaml, I define a CheckGif(u8*), but in fuzz_exec.cpp the fuzz driver give it a u8 variable directly instead of a pointer.

   uint8_t _a0;
   memcpy(&_a0, context + 0, sizeof(uint8_t));
   CheckGif(_a0);
   

2. When I run $gfuzz gen cpp schema.yaml ., it warns me that [!] Unable to process custom scope: {'open_memory': None, 'inputs': ['FILE'], 'outputs': ['ngiflib_gif'], 'exec': '$o0 = new_gif($i0);\n'}. I think I wrote a wrong schema.yaml, but not sure how to correct it.

Thanks for any reply!

Here is the attachment graphfuzz.zip, including the schema.yaml, and header files.

[hgarrereyn]

Hey, sorry for the delay!

1. Currently GraphFuzz doesn't support arbitrary unbounded pointers (like u8 *). By default it assumes this type of reference just points to a single u8 value. Instead, you can get the effect you want by defining an array input. For example:

check_gif:
    inputs: ['u8[4096]']
    exec: |
        CheckGif(&$a0);

2. The problem you are encountering is that GraphFuzz doesn't understand the FILE type. You will need to define it with a typedef in the schema or you can encapsulate it in some other type (e.g. a custom struct) so that GraphFuzz can infer how to use it.