4 files changed, 0 insertions, 282 deletions
diff --git a/examples/terminal-emulators/Makefile b/examples/terminal-emulators/Makefile
deleted file mode 100644
index 177537b4..00000000
--- a/examples/terminal-emulators/Makefile
+++ /dev/null
@@ -1,18 +0,0 @@
-HFUZZ_CC ?= ../../hfuzz_cc/hfuzz-clang
-CC ?= cc
-
-CFLAGS += -std=c99
-
-BIN = terminal-test
-LIBCLOSE = libclose.so
-
-all: $(BIN) $(LIBCLOSE)
-
-$(BIN): $(BIN:=.c)
-	$(HFUZZ_CC) $(CFLAGS) $(LDFLAGS) -o $(BIN) $<
-
-$(LIBCLOSE): $(LIBCLOSE:.so=.c)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $(LIBCLOSE) $<
-
-clean:
-	rm -f -- $(BIN) $(LIBCLOSE)
diff --git a/examples/terminal-emulators/README.md b/examples/terminal-emulators/README.md
deleted file mode 100644
index f46c973a..00000000
--- a/examples/terminal-emulators/README.md
+++ /dev/null
@@ -1,93 +0,0 @@
-# Fuzzing terminal emulators #
-
-## Step 1: Prepare libclose.so and terminal-test ##
-
-```
-$ cd /home/jagger/src/honggfuzz/examples/terminal-emulators/
-$ make
-../../hfuzz_cc/hfuzz-clang -std=c99  -o terminal-test terminal-test.c
-cc -std=c99  -shared -o libclose.so libclose.c
-```
-
-*libclose.so* serves one purpose only: when preloaded (with _LD_PRELOAD=libclose.so_)
-it will prevent file-descriptors *1022* and *1023* (used by honggfuzz for coverage
-feedback accumulation) will not be closed by the fuzzed binary (terminal emulator)
-before passing to the _terminal-test_ binary.
-
-The *terminal-test* program will feed the terminal emulator with data from the
-fuzzing engine, and will try to read back any data that the terminal can produce.
-See the _Bonus: term.log_ secion on why it might matter.
-
-## Step 2: Instrument your terminal emulator ##
-
-Add compiler-time instrumentation to your fuzzed terminal emulator. Typically it
-would consist of the following sequence of commands (for xterm):
-
-```
-$ cd xterm-327
-$ CC=/home/jagger/src/honggfuzz/hfuzz_cc/hfuzz-clang CXX=$CC ./configure
-...
-...
-$ CC=/home/jagger/src/honggfuzz/hfuzz_cc/hfuzz-clang CXX=$CC make -j4
-```
-
-Alternatively, you might want to compile it with ASAN enabled, for better
-detection of memory corruption problems
-
-```
-$ cd xterm-327
-$ HFUZZ_CC_ASAN=1 CC=/home/jagger/src/honggfuzz/hfuzz_cc/hfuzz-clang CXX=$CC ./configure
-...
-...
-$ HFUZZ_CC_ASAN=1 CC=/home/jagger/src/honggfuzz/hfuzz_cc/hfuzz-clang CXX=$CC make -j4
-```
-
-## Step 3: Create initial input corpus ##
-
-It can consist even of a single file.
-
-```
-$ mkdir IN
-$ echo A >IN/1
-```
-
-## Step 4: Launch it! ##
-
-```
-$ /home/jagger/src/honggfuzz/honggfuzz -z -P -i IN/ -E LD_PRELOAD=/home/jagger/src/honggfuzz/examples/terminal-emulators/libclose.so -- xterm-327/xterm -e /home/jagger/src/honggfuzz/examples/terminal-emulators/terminal-test
-```
-
-Typical output:
-```
-----------------------------[ honggfuzz v1.0alpha ]---------------------------
-  Iterations : 4,865,546 [4.87M]
-       Phase : Dynamic Main (2/2)
-    Run Time : 0 hrs 0 min 15 sec
-   Input Dir : [865] 'IN/'
-  Fuzzed Cmd : './xterm -e /home/jagger/src/honggfuzz/examples/terminal-em...'
-     Threads : 4, CPUs: 8, CPU: 733% (91%/CPU)
-       Speed : 320,951/sec (avg: 324,369)
-     Crashes : 0 (unique: 0, blacklist: 0, verified: 0)
-    Timeouts : 0 [10 sec.]
- Corpus Size : 265, max file size: 1,024
-    Coverage : bb: 850 cmp: 35,516
------------------------------------[ LOGS ]-----------------------------------
-NEW, size:912 (i,b,sw,hw,cmp): 0/0/1/0/1, Tot:0/0/772/0/32216
-NEW, size:940 (i,b,sw,hw,cmp): 0/0/1/0/32, Tot:0/0/773/0/32248
-NEW, size:919 (i,b,sw,hw,cmp): 0/0/0/0/9, Tot:0/0/773/0/32257
-NEW, size:1024 (i,b,sw,hw,cmp): 0/0/0/0/2, Tot:0/0/773/0/32259
-NEW, size:1013 (i,b,sw,hw,cmp): 0/0/0/0/1, Tot:0/0/773/0/32260
-...
-...
-```
-
-## Bonus: term.log ##
-
-The *term.log* file will contain interesting data which can be fetched from the
-terminal emulator's input buffer. It will typically contains responses to ESC
-sequences requesting info about terminal size, or about the current color map.
-But, if you notice there arbitrary or binary data, basically something that
-a typical terminal shouldn't responsd with, try to investigate it. You might
-have just found and interesting case of RCE, where arbitrary data can
-be pushed into terminal's input buffer, and then read back (and potentially
-executed) with whatever runs under said emulator (e.g. _/bin/bash_)
diff --git a/examples/terminal-emulators/libclose.c b/examples/terminal-emulators/libclose.c
deleted file mode 100644
index 3d09bdb0..00000000
--- a/examples/terminal-emulators/libclose.c
+++ /dev/null
@@ -1,54 +0,0 @@
-#if !defined(_GNU_SOURCE)
-#define _GNU_SOURCE
-#endif
-
-#include <errno.h>
-#include <fcntl.h>
-#include <stdarg.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <sys/syscall.h>
-#include <unistd.h>
-
-int close(int fd) {
-    if (fd == 1021 || fd == 1022 || fd == 1023) {
-        return 0;
-    }
-    return syscall(__NR_close, fd);
-}
-
-int fcntl64(int __fd, int __cmd, ...) {
-    va_list ap;
-    va_start(ap, __cmd);
-    int a1 = va_arg(ap, int);
-    int a2 = va_arg(ap, int);
-    int a3 = va_arg(ap, int);
-    int a4 = va_arg(ap, int);
-    va_end(ap);
-
-    if (__fd == 1021 || __fd == 1022 || __fd == 1023) {
-        if (__cmd == F_SETFD) {
-            a1 &= ~(FD_CLOEXEC);
-        }
-    }
-
-    return syscall(__NR_fcntl, __fd, __cmd, a1, a2, a3, a4);
-}
-
-int fcntl(int __fd, int __cmd, ...) {
-    va_list ap;
-    va_start(ap, __cmd);
-    int a1 = va_arg(ap, int);
-    int a2 = va_arg(ap, int);
-    int a3 = va_arg(ap, int);
-    int a4 = va_arg(ap, int);
-    va_end(ap);
-
-    if (__fd == 1021 || __fd == 1022 || __fd == 1023) {
-        if (__cmd == F_SETFD) {
-            a1 &= ~(FD_CLOEXEC);
-        }
-    }
-
-    return syscall(__NR_fcntl, __fd, __cmd, a1, a2, a3, a4);
-}
diff --git a/examples/terminal-emulators/terminal-test.c b/examples/terminal-emulators/terminal-test.c
deleted file mode 100644
index 3614f098..00000000
--- a/examples/terminal-emulators/terminal-test.c
+++ /dev/null
@@ -1,117 +0,0 @@
-#if !defined(_GNU_SOURCE)
-#define _GNU_SOURCE
-#endif
-
-#include <ctype.h>
-#include <error.h>
-#include <fcntl.h>
-#include <libhfuzz/libhfuzz.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/uio.h>
-#include <unistd.h>
-
-#define ARRAYSIZE(x) (sizeof(x) / sizeof(*x))
-
-static int fd_tty_write;
-static int fd_tty_read;
-static int fd_log;
-
-int LLVMFuzzerInitialize(int* argc, char*** argv) {
-    fd_tty_write = open("/dev/tty", O_RDWR | O_DSYNC);
-    if (fd_tty_write == -1) {
-        perror("open('/dev/tty'), O_RDWR | O_DSYNC");
-        exit(EXIT_FAILURE);
-    }
-    fd_tty_read = open("/dev/tty", O_RDWR | O_NONBLOCK);
-    if (fd_tty_read == -1) {
-        perror("open('/dev/tty'), O_RDWR | O_NONBLOCK");
-        exit(EXIT_FAILURE);
-    }
-    fd_log = open("./term.log", O_WRONLY | O_CREAT | O_APPEND, 0644);
-    if (fd_log == -1) {
-        perror("open('./term.log')");
-        exit(EXIT_FAILURE);
-    }
-    return 0;
-}
-
-static bool isInteresting(const char* s, size_t len) {
-    for (size_t i = 0; i < len; i++) {
-        if (s[i] == '[') {
-            continue;
-        }
-        if (s[i] == ']') {
-            continue;
-        }
-        if (s[i] == '?') {
-            continue;
-        }
-        if (s[i] == ';') {
-            continue;
-        }
-        if (s[i] == 'c') {
-            continue;
-        }
-        if (s[i] == 'R') {
-            continue;
-        }
-        if (s[i] == '\0') {
-            continue;
-        }
-        if (s[i] == '\x1b') {
-            continue;
-        }
-        if (isdigit(s[i])) {
-            continue;
-        }
-        return true;
-    }
-    return false;
-}
-
-int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) {
-    write(fd_tty_write, buf, len);
-
-    for (;;) {
-        char read_buf[1024 * 1024];
-        ssize_t sz = read(fd_tty_read, read_buf, sizeof(read_buf));
-        if (sz <= 0) {
-            break;
-        }
-
-        static const char msg_in[] = "\n============ IN ============\n";
-        static const char msg_out[] = "\n============ OUT ===========\n";
-        static const char msg_end[] = "\n============================\n";
-
-        struct iovec iov[] = {
-            {
-                .iov_base = (void*)msg_in,
-                .iov_len = sizeof(msg_in),
-            },
-            {
-                .iov_base = (void*)buf,
-                .iov_len = len,
-            },
-            {
-                .iov_base = (void*)msg_out,
-                .iov_len = sizeof(msg_out),
-            },
-            {
-                .iov_base = (void*)read_buf,
-                .iov_len = sz,
-            },
-            {
-                .iov_base = (void*)msg_end,
-                .iov_len = sizeof(msg_end),
-            },
-        };
-
-        writev(fd_log, iov, ARRAYSIZE(iov));
-    }
-
-    return 0;
-}