Changeset 1705 for zzuf/trunk/src


Ignore:
Timestamp:
Jan 25, 2007, 12:40:27 PM (13 years ago)
Author:
Sam Hocevar
Message:
  • Implemented -b/--bytes to restrict fuzzing to specific offsets.
Location:
zzuf/trunk/src
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • zzuf/trunk/src/fuzz.c

    r1693 r1705  
    2525#endif
    2626#include <stdio.h>
     27#include <stdlib.h>
    2728#include <string.h>
    2829
     
    3637#define MAGIC2 0x783bc31f
    3738
    38 /* Fuzzing variables */
     39/* Per-offset byte protection */
     40static unsigned int *ranges = NULL;
     41static unsigned int ranges_static[512];
     42
     43/* Per-value byte protection */
    3944static int protect[256];
    4045static int refuse[256];
     
    4247/* Local prototypes */
    4348static void readchars(int *, char const *);
     49
     50void _zz_bytes(char const *list)
     51{
     52    char const *parser;
     53    unsigned int i, chunks;
     54
     55    /* Count commas */
     56    for(parser = list, chunks = 1; *parser; parser++)
     57        if(*parser == ',')
     58            chunks++;
     59
     60    /* TODO: free(ranges) if ranges != ranges_static */
     61    if(chunks >= 256)
     62        ranges = malloc((chunks + 1) * 2 * sizeof(unsigned int));
     63    else
     64        ranges = ranges_static;
     65
     66    /* Fill ranges list */
     67    for(parser = list, i = 0; i < chunks; i++)
     68    {
     69        char const *comma = strchr(parser, ',');
     70        char const *dash = strchr(parser, '-');
     71
     72        ranges[i * 2] = (dash == parser) ? 0 : atoi(parser);
     73        if(dash && (dash + 1 == comma || dash[1] == '\0'))
     74            ranges[i * 2 + 1] = ranges[i * 2]; /* special case */
     75        else if(dash && (!comma || dash < comma))
     76            ranges[i * 2 + 1] = atoi(dash + 1) + 1;
     77        else
     78            ranges[i * 2 + 1] = ranges[i * 2] + 1;
     79        parser = comma + 1;
     80    }
     81
     82    ranges[i * 2] = ranges[i * 2 + 1] = 0;
     83}
    4484
    4585void _zz_protect(char const *list)
     
    66106#endif
    67107
     108    aligned_buf = buf - pos;
    68109    fuzz = _zz_getfuzz(fd);
    69     aligned_buf = buf - pos;
    70110
    71111    for(i = pos / CHUNKBYTES;
     
    103143        for(j = start; j < stop; j++)
    104144        {
    105             uint8_t byte = aligned_buf[j];
     145            unsigned int *r;
     146            uint8_t byte;
     147
     148            if(!ranges)
     149                goto range_ok;
     150
     151            for(r = ranges; r[1]; r += 2)
     152                if(j >= r[0] && (r[0] == r[1] || j < r[1]))
     153                    goto range_ok;
     154
     155            continue; /* Not in a range */
     156
     157        range_ok:
     158            byte = aligned_buf[j];
    106159
    107160            if(protect[byte])
  • zzuf/trunk/src/fuzz.h

    r1693 r1705  
    1717 */
    1818
     19extern void _zz_bytes(char const *);
    1920extern void _zz_protect(char const *);
    2021extern void _zz_refuse(char const *);
  • zzuf/trunk/src/libzzuf.c

    r1701 r1705  
    7979        _zz_setautoinc();
    8080
     81    tmp = getenv("ZZUF_BYTES");
     82    if(tmp && *tmp)
     83        _zz_bytes(tmp);
     84
    8185    tmp = getenv("ZZUF_PROTECT");
    8286    if(tmp && *tmp)
  • zzuf/trunk/src/opts.c

    r1692 r1705  
    3434void _zz_opts_init(struct opts *opts)
    3535{
    36     opts->protect = opts->refuse = NULL;
     36    opts->bytes = opts->protect = opts->refuse = NULL;
    3737    opts->seed = DEFAULT_SEED;
    3838    opts->endseed = DEFAULT_SEED + 1;
  • zzuf/trunk/src/opts.h

    r1702 r1705  
    2020{
    2121    char const **newargv;
    22     char *protect, *refuse;
     22    char *bytes, *protect, *refuse;
    2323    uint32_t seed;
    2424    uint32_t endseed;
  • zzuf/trunk/src/zzuf.c

    r1704 r1705  
    126126    {
    127127#   if defined HAVE_REGEX_H
    128 #       define OPTSTR "AB:cC:dD:E:F:iI:mM:nP:qr:R:s:ST:vxhV"
     128#       define OPTSTR "Ab:B:cC:dD:E:F:iI:mM:nP:qr:R:s:ST:vxhV"
    129129#   else
    130 #       define OPTSTR "AB:C:dD:F:imM:nP:qr:R:s:ST:vxhV"
     130#       define OPTSTR "Ab:B:C:dD:F:imM:nP:qr:R:s:ST:vxhV"
    131131#   endif
    132132#   if defined HAVE_GETOPT_LONG
     
    137137            /* Long option, needs arg, flag, short option */
    138138            { "autoinc",     0, NULL, 'A' },
     139            { "bytes",       1, NULL, 'b' },
    139140            { "max-bytes",   1, NULL, 'B' },
    140141#if defined HAVE_REGEX_H
     
    181182            setenv("ZZUF_AUTOINC", "1", 1);
    182183            break;
     184        case 'b': /* --bytes */
     185            opts->bytes = optarg;
     186            break;
    183187        case 'B': /* --max-bytes */
    184188            opts->maxbytes = atoi(optarg);
     
    297301    if(optind >= argc)
    298302    {
     303        if(opts->bytes)
     304            _zz_bytes(opts->bytes);
     305
     306        /* FIXME: protect and refuse are ignored */
     307
    299308        if(opts->endseed != opts->seed + 1)
    300309        {
     
    335344#endif
    336345
     346    if(opts->bytes)
     347        setenv("ZZUF_BYTES", opts->bytes, 1);
    337348    if(opts->protect)
    338349        setenv("ZZUF_PROTECT", opts->protect, 1);
     
    10211032#if defined HAVE_REGEX_H
    10221033    printf("Usage: zzuf [-AcdimnqSvx] [-s seed|-s start:stop] [-r ratio|-r min:max]\n");
    1023     printf("                          [-D delay] [-F forks] [-C crashes] [-B bytes]\n");
    1024     printf("                          [-T seconds] [-M bytes] [-P protect] [-R refuse]\n");
    1025     printf("                          [-I include] [-E exclude] [PROGRAM [--] [ARGS]...]\n");
    10261034#else
    10271035    printf("Usage: zzuf [-AdimnqSvx] [-s seed|-s start:stop] [-r ratio|-r min:max]\n");
    1028     printf("                         [-D delay] [-F forks] [-C crashes] [-B bytes]\n");
    1029     printf("                         [-T seconds] [-M bytes] [-P protect] [-R refuse]\n");
    1030     printf("                         [PROGRAM [--] [ARGS]...]\n");
     1036#endif
     1037    printf("                  [-D delay] [-F forks] [-C crashes] [-B bytes] [-T seconds]\n");
     1038    printf("                  [-M bytes] [-b ranges] [-P protect] [-R refuse]\n");
     1039#if defined HAVE_REGEX_H
     1040    printf("                  [-I include] [-E exclude] [PROGRAM [--] [ARGS]...]\n");
     1041#else
     1042    printf("                  [PROGRAM [--] [ARGS]...]\n");
    10311043#endif
    10321044#   if defined HAVE_GETOPT_LONG
     
    10421054#   if defined HAVE_GETOPT_LONG
    10431055    printf("  -A, --autoinc             increment seed each time a new file is opened\n");
     1056    printf("  -b, --bytes <ranges>      only fuzz bytes at offsets within <ranges>\n");
    10441057    printf("  -B, --max-bytes <n>       kill children that output more than <n> bytes\n");
    10451058#if defined HAVE_REGEX_H
     
    10771090#   else
    10781091    printf("  -A               increment seed each time a new file is opened\n");
     1092    printf("  -b <ranges>      only fuzz bytes at offsets within <ranges>\n");
    10791093    printf("  -B <n>           kill children that output more than <n> bytes\n");
    10801094#if defined HAVE_REGEX_H
Note: See TracChangeset for help on using the changeset viewer.