- Timestamp:
- Jan 13, 2007, 8:33:48 PM (14 years ago)
- Location:
- zzuf/trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
zzuf/trunk/doc/zzuf.1
r1660 r1663 3 3 zzuf \- multiple purpose fuzzer 4 4 .SH SYNOPSIS 5 \fBzzuf\fR [\fB\- cdiMnqSx\fR] [\fB\-r\fR \fIratio\fR] [\fB\-s\fR \fIseed\fR|\fB\-s\fR \fIstart:stop\fR]6 .br 7 [\fB\-D\fR \fIdelay\fR] [\fB\-F\fR \fIforks\fR] [\fB\-C\fR \fIcrashes\fR] [\fB\-B\fR \fIbytes\fR]8 .br 9 [\fB\-T\fR \fIseconds\fR] [\fB\-M\fR \fImegabytes\fR] [\fB\-P\fR \fIprotect\fR] [\fB\-R\fR \fIrefuse\fR]10 .br 11 [\fB\-I\fR \fIinclude\fR] [\fB\-E\fR \fIexclude\fR] [\fIPROGRAM\fR [\fB\-\-\fR] [\fIARGS\fR]...]5 \fBzzuf\fR [\fB\-AcdiMnqSx\fR] [\fB\-r\fR \fIratio\fR] [\fB\-s\fR \fIseed\fR|\fB\-s\fR \fIstart:stop\fR] 6 .br 7 [\fB\-D\fR \fIdelay\fR] [\fB\-F\fR \fIforks\fR] [\fB\-C\fR \fIcrashes\fR] [\fB\-B\fR \fIbytes\fR] 8 .br 9 [\fB\-T\fR \fIseconds\fR] [\fB\-M\fR \fImegabytes\fR] [\fB\-P\fR \fIprotect\fR] [\fB\-R\fR \fIrefuse\fR] 10 .br 11 [\fB\-I\fR \fIinclude\fR] [\fB\-E\fR \fIexclude\fR] [\fIPROGRAM\fR [\fB\-\-\fR] [\fIARGS\fR]...] 12 12 .br 13 13 \fBzzuf \-h\fR | \fB\-\-help\fR … … 38 38 \fB zzuf < /dev/zero\fR 39 39 .SH OPTIONS 40 .TP 41 \fB\-A\fR, \fB\-\-autoinc\fR 42 Increment random seed each time a new file is opened. This is only required 43 if the same application is expected to open the same file several times and 44 you want to test a different seed each time. 40 45 .TP 41 46 \fB\-B\fR, \fB\-\-max\-bytes\fR=\fIn\fR … … 253 258 \fB zzuf \-c \-r 0.02 \-q \-s 0:10000 \-F 5 \-D 0.5 \-T 60 \-S \\\fR 254 259 \fB mplayer \-\- \-benchmark \-vo null \-fps 1000 movie.avi\fR 260 .PP 261 Create an HTML-like file that loads 1000 times the same \fBhello.gif\fR image 262 and open it in \fBFirefox\fR in auto-increment mode (\fB\-A\fR): 263 .PP 264 \fB awk \(aqBEGIN { for(i=0; i<1000; i++) { print \\\fR 265 \fB "<img src=\\"hello.gif#"i"\\">" }}\(aq > hello.html\fR 266 \fB zzuf -A -I \(aqhello[.]gif\(aq -r 0.001 firefox hello.html\fR 255 267 .SH RESTRICTIONS 256 268 .PP -
zzuf/trunk/src/fd.c
r1653 r1663 29 29 #include <string.h> 30 30 31 #include "debug.h" 31 32 #include "libzzuf.h" 32 33 #include "fd.h" … … 45 46 { 46 47 int managed; 47 uint64_t seed;48 48 uint64_t pos; 49 49 /* Public stuff */ … … 54 54 static int maxfd, nfiles; 55 55 56 static int32_t seed = 0; 57 static float ratio = 0.004f; 58 static int autoinc = 0; 59 56 60 void _zz_include(char const *regex) 57 61 { … … 64 68 if(regcomp(&re_exclude, regex, REG_EXTENDED) == 0) 65 69 has_exclude = 1; 70 } 71 72 void _zz_setseed(int32_t s) 73 { 74 seed = s; 75 } 76 77 void _zz_setratio(float r) 78 { 79 if(r < 0.0f) 80 r = 0.0f; 81 else if(r > 5.0f) 82 r = 5.0f; 83 ratio = r; 84 } 85 86 void _zz_setautoinc(void) 87 { 88 autoinc = 1; 66 89 } 67 90 … … 124 147 if(fd < 0 || fd > 65535 || (fd < maxfd && fds[fd] != -1)) 125 148 return; 149 150 #if 0 151 if(autoinc) 152 debug("using seed %li", (long int)seed); 153 #endif 126 154 127 155 /* If filedescriptor is outside our bounds */ … … 160 188 files[i].managed = 1; 161 189 files[i].pos = 0; 190 files[i].fuzz.seed = seed; 191 files[i].fuzz.ratio = ratio; 162 192 files[i].fuzz.cur = -1; 163 193 #ifdef HAVE_FGETLN 164 194 files[i].fuzz.tmp = NULL; 165 195 #endif 196 197 if(autoinc) 198 seed++; 166 199 167 200 fds[fd] = i; -
zzuf/trunk/src/fd.h
r1621 r1663 19 19 extern void _zz_include(char const *); 20 20 extern void _zz_exclude(char const *); 21 extern void _zz_setseed(int32_t); 22 extern void _zz_setratio(float); 23 extern void _zz_setautoinc(void); 21 24 extern void _zz_fd_init(void); 22 25 extern void _zz_fd_fini(void); -
zzuf/trunk/src/fuzz.c
r1621 r1663 37 37 38 38 /* Fuzzing variables */ 39 static int protect[256]; 40 static int refuse[256]; 41 static float ratio = 0.004f; 42 static int seed = 0; 39 static int protect[256]; 40 static int refuse[256]; 43 41 42 /* Local prototypes */ 44 43 static void readchars(int *, char const *); 45 44 … … 52 51 { 53 52 readchars(refuse, list); 54 }55 56 void _zz_setseed(int s)57 {58 seed = s;59 }60 61 void _zz_setratio(float r)62 {63 if(r < 0.0f)64 r = 0.0f;65 else if(r > 5.0f)66 r = 5.0f;67 ratio = r;68 53 } 69 54 … … 91 76 if(fuzz->cur != (int)i) 92 77 { 93 uint32_t chunkseed = i * MAGIC1; 78 uint32_t chunkseed = (i + (int)(fuzz->ratio * MAGIC1)) ^ MAGIC2; 79 _zz_srand(fuzz->seed ^ chunkseed); 94 80 95 81 memset(fuzz->data, 0, CHUNKBYTES); 96 82 97 83 /* Add some random dithering to handle ratio < 1.0/CHUNKBYTES */ 98 _zz_srand(seed ^ chunkseed); 99 todo = (int)((ratio * (8 * CHUNKBYTES * 1000) 84 todo = (int)((fuzz->ratio * (8 * CHUNKBYTES * 1000) 100 85 + _zz_rand(1000)) / 1000.0); 101 _zz_srand(seed ^ chunkseed ^ (todo * MAGIC2));102 103 86 while(todo--) 104 87 { -
zzuf/trunk/src/fuzz.h
r1614 r1663 19 19 extern void _zz_protect(char const *); 20 20 extern void _zz_refuse(char const *); 21 extern void _zz_setseed(int);22 extern void _zz_setratio(float);23 21 24 22 extern void _zz_fuzz(int, uint8_t *, uint64_t); -
zzuf/trunk/src/libzzuf.c
r1662 r1663 71 71 _zz_setratio(atof(tmp)); 72 72 73 tmp = getenv("ZZUF_AUTOINC"); 74 if(tmp && *tmp == '1') 75 _zz_setautoinc(); 76 73 77 tmp = getenv("ZZUF_PROTECT"); 74 78 if(tmp && *tmp) -
zzuf/trunk/src/libzzuf.h
r1652 r1663 28 28 struct fuzz 29 29 { 30 uint32_t seed; 31 float ratio; 30 32 int cur; 31 33 #ifdef HAVE_FGETLN … … 36 38 37 39 /* Internal variables */ 38 extern int _zz_ready; 39 extern int _zz_disabled; 40 extern int _zz_hasdebug; 41 extern int _zz_signal; 42 extern int _zz_memory; 43 extern int _zz_network; 40 extern int _zz_ready; 41 extern int _zz_disabled; 42 extern int _zz_hasdebug; 43 extern int _zz_signal; 44 extern int _zz_memory; 45 extern int _zz_network; 46 extern int _zz_autoinc; 44 47 45 48 /* Library initialisation shit */ -
zzuf/trunk/src/zzuf.c
r1661 r1663 112 112 for(;;) 113 113 { 114 # define OPTSTR " B:cC:dD:E:F:iI:mM:nP:qr:R:s:ST:xhv"114 # define OPTSTR "AB:cC:dD:E:F:iI:mM:nP:qr:R:s:ST:xhv" 115 115 # ifdef HAVE_GETOPT_LONG 116 116 # define MOREINFO "Try `%s --help' for more information.\n" … … 119 119 { 120 120 /* Long option, needs arg, flag, short option */ 121 { "autoinc", 0, NULL, 'A' }, 121 122 { "max-bytes", 1, NULL, 'B' }, 122 123 { "cmdline", 0, NULL, 'c' }, … … 152 153 switch(c) 153 154 { 155 case 'A': /* --autoinc */ 156 setenv("ZZUF_AUTOINC", "1", 1); 157 break; 154 158 case 'B': /* --max-bytes */ 155 159 maxbytes = atoi(optarg); … … 723 727 static void usage(void) 724 728 { 725 printf("Usage: zzuf [- cdimnqSx] [-r ratio] [-s seed | -s start:stop]\n");726 printf(" [-D delay] [-F forks] [-C crashes] [-B bytes]\n");727 printf(" [-T seconds] [-M bytes] [-P protect] [-R refuse]\n");728 printf(" [-I include] [-E exclude] [PROGRAM [--] [ARGS]...]\n");729 printf("Usage: zzuf [-AcdimnqSx] [-r ratio] [-s seed | -s start:stop]\n"); 730 printf(" [-D delay] [-F forks] [-C crashes] [-B bytes]\n"); 731 printf(" [-T seconds] [-M bytes] [-P protect] [-R refuse]\n"); 732 printf(" [-I include] [-E exclude] [PROGRAM [--] [ARGS]...]\n"); 729 733 # ifdef HAVE_GETOPT_LONG 730 734 printf(" zzuf -h | --help\n"); … … 738 742 printf("Mandatory arguments to long options are mandatory for short options too.\n"); 739 743 # ifdef HAVE_GETOPT_LONG 744 printf(" -A, --autoinc increment seed each time a new file is opened\n"); 740 745 printf(" -B, --max-bytes <n> kill children that output more than <n> bytes\n"); 741 746 printf(" -c, --cmdline only fuzz files specified in the command line\n"); … … 762 767 printf(" -v, --version output version information and exit\n"); 763 768 # else 769 printf(" -A increment seed each time a new file is opened\n"); 764 770 printf(" -B <n> kill children that output more than <n> bytes\n"); 765 771 printf(" -c only fuzz files specified in the command line\n");
Note: See TracChangeset
for help on using the changeset viewer.