3 files changed, 102 insertions, 0 deletions

diff --git a/configure.ac b/configure.ac
index ae8abe2..98684bb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -58,6 +58,15 @@ AC_ARG_ENABLE(debug,
 AM_CONDITIONAL( [WANT_DEBUG], [test x"$debug" = x"yes"])
 
 #------------------------------------------------------------------------------
+AC_ARG_ENABLE(afl-persistent-mode,
+  [AS_HELP_STRING([--enable-afl-persistent-mode],
+                  [Build extra fuzzing tool(s) that require afl/afl++
+		  compilers (default=disabled)])],
+  [afl_persistent_mode=$enableval],
+  [afl_persistent_mode="no"])
+AM_CONDITIONAL( [WANT_AFL_PERSISTENT_MODE],
+                [test x"afl_persistent_mode" = x"yes"])
+#------------------------------------------------------------------------------
 AC_ARG_ENABLE(strict-cflags,
   [AS_HELP_STRING([--enable-strict-cflags],
                   [Build with strict cflags (default=disabled)])],
diff --git a/tools/ipc-modem/tests/Makefile.am b/tools/ipc-modem/tests/Makefile.am
index 1be4952..c69adec 100644
--- a/tools/ipc-modem/tests/Makefile.am
+++ b/tools/ipc-modem/tests/Makefile.am
@@ -9,6 +9,10 @@ bin_PROGRAMS = \
 	ipc-modem-sms-test \
 	$(NULL)
 
+if WANT_AFL_PERSISTENT_MODE
+bin_PROGRAMS += ipc-modem-sms-fuzz-persistent
+endif
+
 # TODO: Find a way to make test more modular and represent each run of the
 # ipc-modem in TEST while having it implemented in a single python file
 PY_LOG_COMPILER = $(PYTHON)
@@ -28,3 +32,11 @@ ipc_modem_sms_fuzz_SOURCES = \
 	ipc-modem-sms-fuzz.c
 ipc_modem_sms_fuzz_LDADD = $(top_builddir)/samsung-ipc/libsamsung-ipc.la
 ipc_modem_sms_fuzz_LDFLAGS = -lpthread
+
+ipc_modem_sms_fuzz_persistent_SOURCES = \
+	../ipc-modem-log.c \
+	../ipc-modem-sms.c \
+	ipc-modem-sms-fuzz-persistent.c
+ipc_modem_sms_fuzz_persistent_LDADD = \
+	$(top_builddir)/samsung-ipc/libsamsung-ipc.la
+ipc_modem_sms_fuzz_persistent_LDFLAGS = -lpthread
diff --git a/tools/ipc-modem/tests/ipc-modem-sms-fuzz-persistent.c b/tools/ipc-modem/tests/ipc-modem-sms-fuzz-persistent.c
new file mode 100644
index 0000000..a4f5efe
--- /dev/null
+++ b/tools/ipc-modem/tests/ipc-modem-sms-fuzz-persistent.c
@@ -0,0 +1,81 @@
+/*
+ * This file is part of libsamsung-ipc.
+ *
+ * Copyright (C) 2022 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+ *
+ * libsamsung-ipc is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * libsamsung-ipc is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with libsamsung-ipc.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sysexits.h>
+#include <unistd.h>
+
+#include <samsung-ipc.h>
+
+#include "../ipc-modem-log.h"
+#include "../ipc-modem-sms.h"
+
+__AFL_FUZZ_INIT();
+
+static int run_test(struct ipc_modem_data *data)
+{
+	struct sms_header *sms_header = NULL;
+	char *sms_text = NULL;
+
+	unsigned char *sms_pdu = __AFL_FUZZ_TESTCASE_BUF;
+	int rc;
+	int sms_pdu_size;
+
+	while (__AFL_LOOP(10000)) {
+		sms_pdu_size = __AFL_FUZZ_TESTCASE_LEN;
+
+		rc = ipc_modem_parse_sms_pdu(data, sms_pdu, sms_pdu_size,
+					     &sms_header, &sms_text);
+		if (rc == 0) {
+			free(sms_header);
+			free(sms_text);
+		}
+	}
+
+	return 0;
+}
+
+int main(int argc, char *argv[])
+{
+	struct ipc_modem_data data;
+	int rc;
+
+	bzero((void *)&data, sizeof(data));
+
+	data.client = ipc_client_create(IPC_CLIENT_TYPE_DUMMY);
+
+	data.debug = true;
+	if (data.debug == 0)
+		ipc_client_log_callback_register(data.client,
+						 modem_log_handler_quiet,
+						 NULL);
+	else
+		ipc_client_log_callback_register(data.client,
+						 modem_log_handler,
+						 NULL);
+	rc = run_test(&data);
+
+	ipc_client_destroy(data.client);
+
+	return rc;
+}