cybersecurity · beginner · ~10 min

Compose the libFuzzer entry point

Fuzz-harness contract: allocate, NUL-terminate, call, free.

Challenge

Implement int call_under_test_with_buffer(const unsigned char *data, int size, int (*parser)(const char *)).

The function:

  1. If size <= 0 or data == NULL or parser == NULL, return 0 (skip).
  2. Allocate size + 1 bytes, copy data, NUL-terminate.
  3. Call parser on the copy.
  4. Free the copy.
  5. Return 0.

This is the kernel of every libFuzzer harness for a string-parser.

Why this matters

The libFuzzer entry-point signature is muscle memory. Write it once; reuse forever.

Input format

data + size + parser callback.

Output format

0 always.

Constraints

No leaks. Always NUL-terminate.

Starter code

#include <stddef.h>
int call_under_test_with_buffer(const unsigned char *data, int size, int (*parser)(const char *)) { /* TODO */ (void)data; (void)size; (void)parser; return 0; }

Common mistakes

Forgetting +1 for NUL. Leaking on the early-return path.

Edge cases to handle

size == 0. NULL data. NULL parser.

Complexity

O(size).

Background lessons

Solve this exercise in the browser editor — compile and run against the test harness, no setup required.