source: zzuf/trunk/src/fuzz.c @ 1595

Last change on this file since 1595 was 1595, checked in by Sam Hocevar, 14 years ago
  • Always define getc(), but undefine the getc macro beforehands just in case.
  • Implemented _IO_getc().
  • Property svn:keywords set to Id
File size: 2.5 KB
Line 
1/*
2 *  zzuf - general purpose fuzzer
3 *  Copyright (c) 2006 Sam Hocevar <sam@zoy.org>
4 *                All Rights Reserved
5 *
6 *  $Id: fuzz.c 1595 2007-01-07 10:34:45Z sam $
7 *
8 *  This program is free software. It comes without any warranty, to
9 *  the extent permitted by applicable law. You can redistribute it
10 *  and/or modify it under the terms of the Do What The Fuck You Want
11 *  To Public License, Version 2, as published by Sam Hocevar. See
12 *  http://sam.zoy.org/wtfpl/COPYING for more details.
13 */
14
15/*
16 *  fuzz.c: fuzz functions
17 */
18
19#include "config.h"
20
21#if defined HAVE_STDINT_H
22#   include <stdint.h>
23#elif defined HAVE_INTTYPES_H
24#   include <inttypes.h>
25#endif
26#include <stdio.h>
27#include <string.h>
28
29#include "libzzuf.h"
30#include "debug.h"
31#include "random.h"
32#include "fuzz.h"
33
34#define MAGIC1 0x33ea84f7
35#define MAGIC2 0x783bc31f
36
37void _zz_fuzz(int fd, uint8_t *buf, uint64_t len)
38{
39    uint64_t start, stop;
40    struct fuzz *fuzz;
41    uint8_t *aligned_buf;
42    unsigned long int pos = _zz_getpos(fd);
43    unsigned int i, j, todo;
44
45#if 0
46    debug("fuzz(%i, %lli@%li)", fd, (unsigned long long int)len,
47          (unsigned long int)pos);
48#endif
49
50    fuzz = _zz_getfuzz(fd);
51    aligned_buf = buf - pos;
52
53    for(i = pos / CHUNKBYTES;
54        i < (pos + len + CHUNKBYTES - 1) / CHUNKBYTES;
55        i++)
56    {
57        /* Cache bitmask array */
58        if(fuzz->cur != (int)i)
59        {
60            uint32_t chunkseed = i * MAGIC1;
61
62            memset(fuzz->data, 0, CHUNKBYTES);
63
64            /* Add some random dithering to handle ratio < 1.0/CHUNKBYTES */
65            _zz_srand(_zz_seed ^ chunkseed);
66            todo = (int)((_zz_ratio * (8 * CHUNKBYTES * 1000)
67                                                + _zz_rand(1000)) / 1000.0);
68            _zz_srand(_zz_seed ^ chunkseed ^ (todo * MAGIC2));
69
70            while(todo--)
71            {
72                unsigned int idx = _zz_rand(CHUNKBYTES);
73                uint8_t bit = (1 << _zz_rand(8));
74
75                fuzz->data[idx] ^= bit;
76            }
77
78            fuzz->cur = i;
79        }
80
81        /* Apply our bitmask array to the buffer */
82        start = (i * CHUNKBYTES > pos) ? i * CHUNKBYTES : pos;
83
84        stop = ((i + 1) * CHUNKBYTES < pos + len)
85              ? (i + 1) * CHUNKBYTES : pos + len;
86
87        for(j = start; j < stop; j++)
88        {
89            uint8_t byte = aligned_buf[j];
90
91            if(_zz_protect[byte])
92                continue;
93
94            byte ^= fuzz->data[j % CHUNKBYTES];
95
96            if(_zz_refuse[byte])
97                continue;
98
99            aligned_buf[j] = byte;
100        }
101    }
102}
103
Note: See TracBrowser for help on using the repository browser.