Support Honggfuzz's persistent mode in fuzzpuzz

Unlike AFL, Honggfuzz's compiler wrapper doesn't provide a convenient
preprocessor macro, so we have to have CMake detect the existence of
HF_ITER.  Also the resulting program can't run outside of Honggfuzz, so
maybe some additional cleverness is called for there as well.  Still, it
makes Honggfuzz go ten times faster, which is nice.

1 files changed, 27 insertions, 0 deletions

diff --git a/fuzzpuzz.c b/fuzzpuzz.c
index 034421d..f4f3b92 100644
--- a/fuzzpuzz.c
+++ b/fuzzpuzz.c
@@ -16,6 +16,13 @@
  * cmake --build build-afl --target fuzzpuzz
  * mkdir fuzz-in && ln icons/''*.sav fuzz-in
  * afl-fuzz -i fuzz-in -o fuzz-out -x fuzzpuzz.dict -- build-afl/fuzzpuzz
+ *
+ * Similarly with Honggfuzz:
+ *
+ * CC=hfuzz-cc cmake -B build-honggfuzz
+ * cmake --build build-honggfuzz --target fuzzpuzz
+ * mkdir fuzz-corpus && ln icons/''*.sav fuzz-corpus
+ * honggfuzz -s -i fuzz-corpus -w fuzzpuzz.dict -- build-honggfuzz/fuzzpuzz
  */
 
 #include <stdbool.h>
@@ -32,6 +39,10 @@
 __AFL_FUZZ_INIT();
 #endif
 
+#ifdef HAVE_HF_ITER
+extern int HF_ITER(unsigned char **, size_t *);
+#endif
+
 static const char *fuzz_one(bool (*readfn)(void *, void *, int), void *rctx,
                             void (*rewindfn)(void *),
                             void (*writefn)(void *, const void *, int),
@@ -123,6 +134,22 @@ int main(int argc, char **argv)
             ret = 1;
             continue;
         }
+#elif defined(HAVE_HF_ITER)
+    /*
+     * Honggfuzz persistent mode.  Unlike AFL persistent mode, the
+     * resulting executable cannot be run outside of Honggfuzz.
+     */
+    while (true) {
+        unsigned char *testcase_buf;
+        size_t testcase_len;
+        if (in != NULL) fclose(in);
+        HF_ITER(&testcase_buf, &testcase_len);
+        in = fmemopen(testcase_buf, testcase_len, "r");
+        if (in == NULL) {
+            fprintf(stderr, "fmemopen failed");
+            ret = 1;
+            continue;
+        }
 #else
     in = stdin;
     while (ret == -1) {