From 5eee4a6b180424e8dc940eeb0dfde5e2f78e8b8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joel=20H=C3=B6ner?= <athre0z@zyantific.com>
Date: Thu, 1 Sep 2016 19:14:08 +0200
Subject: [PATCH] made output buffer in fuzzer input tool dynamic

---
 tools/ZydisFuzzIn.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/tools/ZydisFuzzIn.c b/tools/ZydisFuzzIn.c
index 3c5c023..5e96c53 100644
--- a/tools/ZydisFuzzIn.c
+++ b/tools/ZydisFuzzIn.c
@@ -24,6 +24,12 @@
 
 ***************************************************************************************************/
 
+/*
+ * This file implements a tool that is supposed to be fed as input for fuzzers like AFL,
+ * reading a control block from stdin, allowing the fuzzer to reach every possible
+ * code-path, testing any possible combination of disassembler configurations.
+ */
+
 #include <stddef.h>
 #include <stdio.h>
 #include <string.h>
@@ -36,6 +42,7 @@ typedef struct ZydisFuzzControlBlock_ {
     int decoderFlags;  
     int formatterStyle;
     int formatterFlags;
+    uint8_t bufSize;
 } ZydisFuzzControlBlock;
 
 /* ============================================================================================== */
@@ -75,6 +82,7 @@ int main()
     }
 
     ZydisInstructionInfo info;
+    char *outBuf = malloc(controlBlock.bufSize);
     while (ZYDIS_SUCCESS(ZydisDecoderDecodeNextInstruction(&decoder, &info)))
     {
         if (info.flags & ZYDIS_IFLAG_ERROR_MASK)
@@ -83,10 +91,12 @@ int main()
             continue;
         }
 
-        char outBuf[256];
-        ZydisFormatterFormatInstruction(&formatter, &info, outBuf, sizeof(outBuf));
+        ZydisFormatterFormatInstruction(&formatter, &info, outBuf, controlBlock.bufSize);
         puts(outBuf);
     }
+
+    free(outBuf);
+    return 0;
 }
 
 /* ============================================================================================== */