Changeset 1563 for zzuf


Ignore:
Timestamp:
Jan 5, 2007, 11:28:07 AM (14 years ago)
Author:
Sam Hocevar
Message:
  • Allow octal escape values for -P and -R.
  • Updated manpage accordingly and added a few minor things in it.
Location:
zzuf/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • zzuf/trunk/doc/zzuf.1

    r1562 r1563  
    8989.RS
    9090.TP
    91 \fB\\0\fR
    92 null byte
    93 .TP
    9491\fB\\n\fR
    9592new line
     
    10097\fB\\t\fR
    10198tabulation
     99.TP
     100\fB\\\fR\fINNN\fR
     101the byte whose octal value is \fINNN\fR
    102102.TP
    103103\fB\\x\fR\fINN\fR
     
    109109.IP
    110110You can use \(oq\fB-\fR\(cq to specify ranges. For instance, to protect all
    111 bytes from \(oq\fB\\x01\fR\(cq to \(oq \(cq, use
    112 \(oq\fB\-P\ \(aq\\x01-\ \(aq\fR\(cq.
    113 
    114 The statistical outcome of this option should not be overlooked. Because
    115 \fBzzuf\fR cannot know the nature of the input data beforehands and must
    116 fuzz it even if only one byte of data was received, protecting characters
    117 may change the meaning of the \fB\-r\fR flag depending on the data being
    118 fuzzed. For instance, asking to fuzz 1% of input bits (\fB\-r\ 0.01\fR)
    119 and to protect lowercase characters (\fB\-P\ a-z\fR) will result in
    120 an actual average fuzzing ratio of 0.9% with truly random data, 0.3% with
    121 random ASCII data and 0.2% with a standard English text.
     111bytes from '\\001' to '/', use \(oq\fB\-P\ \(aq\\001-/\(aq\fR\(cq.
     112
     113The statistical outcome of this option should not be overlooked: if characters
     114are protected, the effect of the \(oq\fB\-r\fR\(cq flag will vary depending
     115on the data being fuzzed. For instance, asking to fuzz 1% of input bits
     116(\fB\-r\ 0.01\fR) and to protect lowercase characters (\fB\-P\ a-z\fR) will
     117result in an actual average fuzzing ratio of 0.9% with truly random data,
     1180.3% with random ASCII data and 0.2% with standard English text.
    122119
    123120See also the \fB\-R\fR flag.
     
    189186and prevent non-ASCII characters from appearing in the output:
    190187.PP
    191 \fB    zzuf -P \(aq\\n\(aq -R \(aq\\0-\\x1f\\x7f-\\xff\(aq cat /etc/motd\fR
     188\fB    zzuf -P \(aq\\n\(aq -R \(aq\\x00-\\x1f\\x7f-\\xff\(aq cat /etc/motd\fR
    192189.PP
    193190Fuzz the input of the \fBconvert\fR program, using file \fBfoo.jpeg\fR as the
     
    198195\fB    zzuf -E \(aq\\.xml$\(aq convert -- foo.jpeg -format tga /dev/null\fR
    199196.PP
    200 Fuzz the input of \fBvlc\fR, using file \fBmovie.avi\fR as the original input
     197Fuzz the input of \fBVLC\fR, using file \fBmovie.avi\fR as the original input
    201198and restricting fuzzing to filenames that appear on the command line
    202199(\fB\-c\fR), then generate \fBfuzzy-movie.avi\fR which is a file that
    203 can be read by \fBvlc\fR to reproduce the same behaviour without using
     200can be read by \fBVLC\fR to reproduce the same behaviour without using
    204201\fBzzuf\fR:
    205202.PP
     
    208205\fB    vlc fuzzy-movie.avi\fR
    209206.PP
    210 Fuzz 2% of \fBmplayer\fR's input bits (\fB\-r\ 0.02\fR) with seeds 0 to 9999
     207Fuzz 2% of \fBMPlayer\fR's input bits (\fB\-r\ 0.02\fR) with seeds 0 to 9999
    211208(\fB\-s\ 0:10000\fR), disabling its standard output messages (\fB\-q\fR),
    212209launching up to three simultaneous child processes (\fB\-F\ 3\fR), killing
    213 \fBmplayer\fR if it takes more than one minute to read the file (\fB\-T\ 60\fR)
     210\fBMPlayer\fR if it takes more than one minute to read the file (\fB\-T\ 60\fR)
    214211and disabling its \fBSIGSEGV\fR signal handler (\fB\-S\fR):
    215212.PP
     
    238235.PP
    239236Though best efforts are made, identical behaviour for different versions of
    240 \fBzzuf\fR is not guaranteed. Only the reproducibility for subsequent calls
    241 with the same \fBzzuf\fR version on different operating systems and with
    242 different target programs is guaranteed.
     237\fBzzuf\fR is not guaranteed. The reproducibility for subsequent calls on
     238different operating systems and with different target programs is only
     239guaranteed when the same version of \fBzzuf\fR is used.
     240.SH HISTORY
     241.PP
     242\fBZzuf\fR started its life in 2002 as the \fBstreamfucker\fR tool, a small
     243multimedia stream corrupter used to find bugs in the \fBVLC\fR media player.
     244\fBZzuf\fR is a complete rewrite of that tool.
    243245.SH AUTHOR
    244246.PP

  • zzuf/trunk/src/libzzuf.c

    r1560 r1563  
    157157            else if(*tmp == 't')
    158158                new = '\t';
    159             else if(*tmp == '0')
    160                 new = '\0';
     159            else if(tmp[0] >= '0' && tmp[0] <= '7' && tmp[1] >= '0'
     160                     && tmp[1] <= '7' && tmp[2] >= '0' && tmp[2] <= '7')
     161            {
     162                new = tmp[2] - '0';
     163                new |= (int)(tmp[1] - '0') << 3;
     164                new |= (int)(tmp[0] - '0') << 6;
     165                tmp += 2;
     166            }
    161167            else if((*tmp == 'x' || *tmp == 'X')
    162168                     && tmp[1] && strchr(hex, tmp[1])
Note: See TracChangeset for help on using the changeset viewer.