Skip to content

Instantly share code, notes, and snippets.

View andreafioraldi's full-sized avatar
💭
double free or corruption (!prev): 0xcafecafe

Andrea Fioraldi andreafioraldi

💭
double free or corruption (!prev): 0xcafecafe
View GitHub Profile
View empty_fuzzer_lib.c
#include <stdint.h>
__attribute__ ((weak)) void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) {
}
__attribute__ ((weak)) void __sanitizer_cov_trace_pc_guard(uint32_t *guard) {
}
__attribute__ ((weak)) void __cmplog_rtn_hook(uint8_t *ptr1, uint8_t *ptr2) {
}
@andreafioraldi
andreafioraldi / nostd_rust_ctor.rs
Created November 28, 2020 10:20
Use rust ctor crate on no_std when producing an ELF
View nostd_rust_ctor.rs
#![no_std]
#![no_main]
extern crate libc;
#[ctor::ctor]
fn foo() {
unsafe { libc::puts("foo()\x00".as_ptr() as *const i8); }
}
View classes.c
#include <stdio.h>
#include <assert.h>
/* Macro magic, you don't have to understand, just believe. */
#define AFL_MAGIC_FIRST_(a, ...) a
#define AFL_MAGIC_SECOND_(a, b, ...) b
#define AFL_MAGIC_FIRST(...) AFL_MAGIC_FIRST_(__VA_ARGS__,)
#define AFL_MAGIC_SECOND(...) AFL_MAGIC_SECOND_(__VA_ARGS__,)
View bind.rs
/* automatically generated by rust-bindgen 0.55.1 */
#[doc = " class Object"]
pub type afl_object_t = afl_object;
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct afl_object_vtable {
pub _base_vptr: *mut afl_object_vtable,
pub _create_wrapper: ::std::option::Option<
unsafe extern "C" fn(arg1: *mut ::std::os::raw::c_void) -> *mut ::std::os::raw::c_void,
View c_objects.c
#include <stdio.h>
#define INHERITS(type) struct type _base;
#define BASE_CAST(ptr) (&(ptr)->_base)
#define VTABLE_INHERITS(type) struct type##_vtable _base;
#define VTABLE_INIT_BASE_VPTR(type) \
._base_vptr = (struct afl_object_vtable*)&type##_vtable_instance
#define VTABLE_OF(type, ptr) ((struct type##_vtable*)(((struct afl_object*)(ptr))->vptr))
@andreafioraldi
andreafioraldi / cpp_c.cc
Last active October 5, 2020 09:46
C to C++ and back
View cpp_c.cc
#include <stdio.h>
#include <stdlib.h>
#define offsetof(type, field) ((size_t)&(((type *)0)->field))
#define derived_cast(derived_type, obj) ((derived_type*)((char*)(obj) - offsetof(derived_type, base)))
/// BASE
struct base_C_class;
View triage.py
#!/usr/bin/env python3
'''
Copyright (c) 2020-2021, Andrea Fioraldi
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
View sanitizer_crash_min.py
#!/usr/bin/env python3
'''
Copyright (c) 2020, Andrea Fioraldi
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
View blob_loader.c
#include <sys/mman.h>
#include <sys/stat.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <stdint.h>
#include <stdint.h>
typedef uint8_t u8;
View ubsan_minimize_crashes.py
#!/usr/bin/env python3
'''
Copyright (c) 2020, Andrea Fioraldi
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.