source: zzuf/trunk/src/fuzz.c @ 1613

Last change on this file since 1613 was 1613, checked in by Sam Hocevar, 14 years ago
  • If no argument is given, just fuzz standard input.
  • Property svn:keywords set to Id
File size: 2.8 KB
Line 
1/*
2 *  zzuf - general purpose fuzzer
3 *  Copyright (c) 2006 Sam Hocevar <sam@zoy.org>
4 *                All Rights Reserved
5 *
6 *  $Id: fuzz.c 1613 2007-01-07 18:18:50Z sam $
7 *
8 *  This program is free software. It comes without any warranty, to
9 *  the extent permitted by applicable law. You can redistribute it
10 *  and/or modify it under the terms of the Do What The Fuck You Want
11 *  To Public License, Version 2, as published by Sam Hocevar. See
12 *  http://sam.zoy.org/wtfpl/COPYING for more details.
13 */
14
15/*
16 *  fuzz.c: fuzz functions
17 */
18
19#include "config.h"
20
21#if defined HAVE_STDINT_H
22#   include <stdint.h>
23#elif defined HAVE_INTTYPES_H
24#   include <inttypes.h>
25#endif
26#include <stdio.h>
27#include <string.h>
28#include <regex.h>
29
30#include "libzzuf.h"
31#include "debug.h"
32#include "random.h"
33#include "fuzz.h"
34#include "fd.h"
35
36#define MAGIC1 0x33ea84f7
37#define MAGIC2 0x783bc31f
38
39static float _zz_ratio = 0.004f;
40static int   _zz_seed  = 0;
41
42void _zz_setseed(int seed)
43{
44    _zz_seed = seed;
45}
46
47void _zz_setratio(float ratio)
48{
49    _zz_ratio = ratio;
50    if(_zz_ratio < 0.0f)
51        _zz_ratio = 0.0f;
52    else if(_zz_ratio > 5.0f)
53        _zz_ratio = 5.0f;
54}
55
56void _zz_fuzz(int fd, uint8_t *buf, uint64_t len)
57{
58    uint64_t start, stop;
59    struct fuzz *fuzz;
60    uint8_t *aligned_buf;
61    unsigned long int pos = _zz_getpos(fd);
62    unsigned int i, j, todo;
63
64#if 0
65    debug("fuzz(%i, %lli@%li)", fd, (unsigned long long int)len,
66          (unsigned long int)pos);
67#endif
68
69    fuzz = _zz_getfuzz(fd);
70    aligned_buf = buf - pos;
71
72    for(i = pos / CHUNKBYTES;
73        i < (pos + len + CHUNKBYTES - 1) / CHUNKBYTES;
74        i++)
75    {
76        /* Cache bitmask array */
77        if(fuzz->cur != (int)i)
78        {
79            uint32_t chunkseed = i * MAGIC1;
80
81            memset(fuzz->data, 0, CHUNKBYTES);
82
83            /* Add some random dithering to handle ratio < 1.0/CHUNKBYTES */
84            _zz_srand(_zz_seed ^ chunkseed);
85            todo = (int)((_zz_ratio * (8 * CHUNKBYTES * 1000)
86                                                + _zz_rand(1000)) / 1000.0);
87            _zz_srand(_zz_seed ^ chunkseed ^ (todo * MAGIC2));
88
89            while(todo--)
90            {
91                unsigned int idx = _zz_rand(CHUNKBYTES);
92                uint8_t bit = (1 << _zz_rand(8));
93
94                fuzz->data[idx] ^= bit;
95            }
96
97            fuzz->cur = i;
98        }
99
100        /* Apply our bitmask array to the buffer */
101        start = (i * CHUNKBYTES > pos) ? i * CHUNKBYTES : pos;
102
103        stop = ((i + 1) * CHUNKBYTES < pos + len)
104              ? (i + 1) * CHUNKBYTES : pos + len;
105
106        for(j = start; j < stop; j++)
107        {
108            uint8_t byte = aligned_buf[j];
109
110            if(_zz_protect[byte])
111                continue;
112
113            byte ^= fuzz->data[j % CHUNKBYTES];
114
115            if(_zz_refuse[byte])
116                continue;
117
118            aligned_buf[j] = byte;
119        }
120    }
121}
122
Note: See TracBrowser for help on using the repository browser.