Changeset 1791 for zzufTweet

Timestamp:

Jul 6, 2007, 3:40:55 PM (13 years ago)

Author:

Sam Hocevar

Message:

• Added -p flag to cherry pick file descriptors that get fuzzed.

Location:

zzuf/trunk/src

Files:

• fd.c (modified) (6 diffs)
• fd.h (modified) (1 diff)
• fuzz.c (modified) (1 diff)
• fuzz.h (modified) (1 diff)
• lib-fd.c (modified) (9 diffs)
• lib-mem.c (modified) (2 diffs)
• lib-stream.c (modified) (9 diffs)
• libzzuf.c (modified) (1 diff)
• opts.c (modified) (1 diff)
• opts.h (modified) (1 diff)
• zzuf.c (modified) (7 diffs)

zzuf/trunk/src/fd.c

@@ -35 +35 @@
 #include "libzzuf.h"
 #include "fd.h"
+#include "fuzz.h"
 
 /* Regex stuff */
@@ -41 +42 @@
 static int has_include = 0, has_exclude = 0;
 #endif
+
+/* File descriptor cherry picking */
+static int *ranges = NULL;
+static int ranges_static[512];
 
 /* File descriptor stuff. When program is launched, we use the static array of
@@ -50 +55 @@
 static struct files
 {
-    int managed, locked;
+    int managed, locked, active;
     int64_t pos;
     /* Public stuff */
@@ -88 +93 @@
     (void)regex;
 #endif
+}
+
+/* This function is the same as _zz_bytes() */
+void _zz_pick(char const *list)
+{   
+    char const *parser;
+    unsigned int i, chunks;
+
+    /* Count commas */ 
+    for(parser = list, chunks = 1; *parser; parser++)
+        if(*parser == ',')
+            chunks++;
+
+    /* TODO: free(ranges) if ranges != ranges_static */
+    if(chunks >= 256)
+        ranges = malloc((chunks + 1) * 2 * sizeof(unsigned int));
+    else
+        ranges = ranges_static;
+
+    /* Fill ranges list */ 
+    for(parser = list, i = 0; i < chunks; i++)
+    {
+        char const *comma = strchr(parser, ',');
+        char const *dash = strchr(parser, '-');
+
+        ranges[i * 2] = (dash == parser) ? 0 : atoi(parser);
+        if(dash && (dash + 1 == comma || dash[1] == '\0'))
+            ranges[i * 2 + 1] = ranges[i * 2]; /* special case */
+        else if(dash && (!comma || dash < comma))
+            ranges[i * 2 + 1] = atoi(dash + 1) + 1;
+        else
+            ranges[i * 2 + 1] = ranges[i * 2] + 1;
+        parser = comma + 1;
+    }
+
+    ranges[i * 2] = ranges[i * 2 + 1] = 0;
 }
 
@@ -259 +300 @@
     files[i].fuzz.uflag = 0;
 
+    /* Check whether we should ignore the fd */
+    if(ranges)
+    {
+        static int idx = 0;
+        int *r;
+
+        idx++;
+
+        for(r = ranges; r[1]; r += 2)
+            if(idx >= r[0] && (r[0] == r[1] || idx < r[1]))
+                goto range_ok;
+
+        files[i].active = 0;
+    }
+    else
+    {
+    range_ok:
+        files[i].active = 1;
+    }
+
     if(autoinc)
         seed++;
@@ -312 +373 @@
 }
 
+int _zz_isactive(int fd)
+{
+    if(fd < 0 || fd >= maxfd || fds[fd] == -1)
+        return 1;
+
+    return files[fds[fd]].active;
+}
+
 int64_t _zz_getpos(int fd)
 {

zzuf/trunk/src/fd.h

@@ -33 +33 @@
 extern void _zz_unlock(int);
 extern int _zz_islocked(int);
+extern int _zz_isactive(int);
 extern int64_t _zz_getpos(int);
 extern void _zz_setpos(int, int64_t);

zzuf/trunk/src/fuzz.c

@@ -65 +65 @@
 }
 
+/* This function is the same as _zz_pick() */
 void _zz_bytes(char const *list)
 {

zzuf/trunk/src/fuzz.h

@@ -19 +19 @@
 extern void _zz_fuzzing(char const *);
 extern void _zz_bytes(char const *);
+extern void _zz_pick(char const *);
 extern void _zz_protect(char const *);
 extern void _zz_refuse(char const *);

zzuf/trunk/src/lib-fd.c

@@ -208 +208 @@
     LOADSYM(recv);
     ret = ORIG(recv)(s, buf, len, flags);
-    if(!_zz_ready || !_zz_iswatched(s) || _zz_islocked(s))
+    if(!_zz_ready || !_zz_iswatched(s) || _zz_islocked(s) || !_zz_isactive(s))
         return ret;
 
@@ -241 +241 @@
     LOADSYM(recvfrom);
     ret = ORIG(recvfrom)(s, buf, len, flags, from, fromlen);
-    if(!_zz_ready || !_zz_iswatched(s) || _zz_islocked(s))
+    if(!_zz_ready || !_zz_iswatched(s) || _zz_islocked(s) || !_zz_isactive(s))
         return ret;
 
@@ -274 +274 @@
     LOADSYM(recvmsg);
     ret = ORIG(recvmsg)(s, hdr, flags);
-    if(!_zz_ready || !_zz_iswatched(s) || _zz_islocked(s))
+    if(!_zz_ready || !_zz_iswatched(s) || _zz_islocked(s) || !_zz_isactive(s))
         return ret;
 
@@ -294 +294 @@
     LOADSYM(read);
     ret = ORIG(read)(fd, buf, count);
-    if(!_zz_ready || !_zz_iswatched(fd) || _zz_islocked(fd))
+    if(!_zz_ready || !_zz_iswatched(fd) || _zz_islocked(fd)
+         || !_zz_isactive(fd))
         return ret;
 
@@ -325 +326 @@
     LOADSYM(readv);
     ret = ORIG(readv)(fd, iov, count);
-    if(!_zz_ready || !_zz_iswatched(fd) || _zz_islocked(fd))
+    if(!_zz_ready || !_zz_iswatched(fd) || _zz_islocked(fd)
+         || !_zz_isactive(fd))
         return ret;
 
@@ -343 +345 @@
     LOADSYM(pread);
     ret = ORIG(pread)(fd, buf, count, offset);
-    if(!_zz_ready || !_zz_iswatched(fd) || _zz_islocked(fd))
+    if(!_zz_ready || !_zz_iswatched(fd) || _zz_islocked(fd)
+         || !_zz_isactive(fd))
         return ret;
 
@@ -376 +379 @@
         LOADSYM(fn); \
         ret = ORIG(fn)(fd, offset, whence); \
-        if(!_zz_ready || !_zz_iswatched(fd) || _zz_islocked(fd)) \
+        if(!_zz_ready || !_zz_iswatched(fd) || _zz_islocked(fd) \
+             || !_zz_isactive(fd)) \
             return ret; \
         debug("%s(%i, %lli, %i) = %lli", __func__, fd, \
@@ -407 +411 @@
 
     LOADSYM(aio_read);
-    if(!_zz_ready || !_zz_iswatched(fd))
+    if(!_zz_ready || !_zz_iswatched(fd) || !_zz_isactive(fd))
         return ORIG(aio_read)(aiocbp);
 
@@ -426 +430 @@
 
     LOADSYM(aio_return);
-    if(!_zz_ready || !_zz_iswatched(fd))
+    if(!_zz_ready || !_zz_iswatched(fd) || !_zz_isactive(fd))
         return ORIG(aio_return)(aiocbp);
 

zzuf/trunk/src/lib-mem.c

@@ -224 +224 @@
         char *b = MAP_FAILED; \
         LOADSYM(fn); \
-        if(!_zz_ready || !_zz_iswatched(fd) || _zz_islocked(fd)) \
+        if(!_zz_ready || !_zz_iswatched(fd) || _zz_islocked(fd) \
+             || !_zz_isactive(fd)) \
             return ORIG(fn)(start, length, prot, flags, fd, offset); \
         ret = ORIG(fn)(NULL, length, prot, flags, fd, offset); \
@@ -318 +319 @@
     LOADSYM(map_fd);
     ret = ORIG(map_fd)(fd, offset, addr, find_space, numbytes);
-    if(!_zz_ready || !_zz_iswatched(fd) || _zz_islocked(fd))
+    if(!_zz_ready || !_zz_iswatched(fd) || _zz_islocked(fd)
+         || !_zz_isactive(fd))
         return ret;
 

zzuf/trunk/src/lib-stream.c

@@ -176 +176 @@
         LOADSYM(fn); \
         fd = fileno(stream); \
-        if(!_zz_ready || !_zz_iswatched(fd)) \
+        if(!_zz_ready || !_zz_iswatched(fd) || !_zz_isactive(fd)) \
             return ORIG(fn)(stream, offset, whence); \
         _zz_lock(fd); \
@@ -204 +204 @@
     LOADSYM(rewind);
     fd = fileno(stream);
-    if(!_zz_ready || !_zz_iswatched(fd))
+    if(!_zz_ready || !_zz_iswatched(fd) || !_zz_isactive(fd))
     {
         ORIG(rewind)(stream);
@@ -234 +234 @@
     LOADSYM(fread);
     fd = fileno(stream);
-    if(!_zz_ready || !_zz_iswatched(fd))
+    if(!_zz_ready || !_zz_iswatched(fd) || !_zz_isactive(fd))
         return ORIG(fread)(ptr, size, nmemb, stream);
 
@@ -295 +295 @@
         LOADSYM(fn); \
         fd = fileno(stream); \
-        if(!_zz_ready || !_zz_iswatched(fd)) \
+        if(!_zz_ready || !_zz_iswatched(fd) || !_zz_isactive(fd)) \
             return ORIG(fn)(stream); \
         _zz_lock(fd); \
@@ -333 +333 @@
     LOADSYM(fgetc);
     fd = fileno(stream);
-    if(!_zz_ready || !_zz_iswatched(fd))
+    if(!_zz_ready || !_zz_iswatched(fd) || !_zz_isactive(fd))
         return ORIG(fgets)(s, size, stream);
 
@@ -386 +386 @@
     LOADSYM(ungetc);
     fd = fileno(stream);
-    if(!_zz_ready || !_zz_iswatched(fd))
+    if(!_zz_ready || !_zz_iswatched(fd) || !_zz_isactive(fd))
         return ORIG(ungetc)(c, stream);
 
@@ -440 +440 @@
         LOADSYM(fgetc); \
         fd = fileno(stream); \
-        if(!_zz_ready || !_zz_iswatched(fd)) \
+        if(!_zz_ready || !_zz_iswatched(fd) || !_zz_isactive(fd)) \
             return ORIG(getdelim)(lineptr, n, delim, stream); \
         line = *lineptr; \
@@ -522 +522 @@
     LOADSYM(fgetc);
     fd = fileno(stream);
-    if(!_zz_ready || !_zz_iswatched(fd))
+    if(!_zz_ready || !_zz_iswatched(fd) || !_zz_isactive(fd))
         return ORIG(fgetln)(stream, len);
 
@@ -571 +571 @@
     LOADSYM(__srefill);
     fd = fileno(fp);
-    if(!_zz_ready || !_zz_iswatched(fd))
+    if(!_zz_ready || !_zz_iswatched(fd) || !_zz_isactive(fd))
         return ORIG(__srefill)(fp);
 

zzuf/trunk/src/libzzuf.c

@@ -91 +91 @@
         _zz_bytes(tmp);
 
+    tmp = getenv("ZZUF_PICK");
+    if(tmp && *tmp)
+        _zz_pick(tmp);
+
     tmp = getenv("ZZUF_PROTECT");
     if(tmp && *tmp)

zzuf/trunk/src/opts.c

@@ -34 +34 @@
 void _zz_opts_init(struct opts *opts)
 {
-    opts->fuzzing = opts->bytes = opts->protect = opts->refuse = NULL;
+    opts->fuzzing = opts->bytes = opts->pick = NULL;
+    opts->protect = opts->refuse = NULL;
     opts->seed = DEFAULT_SEED;
     opts->endseed = DEFAULT_SEED + 1;

zzuf/trunk/src/opts.h

@@ -21 +21 @@
     char **oldargv;
     char **newargv;
-    char *fuzzing, *bytes, *protect, *refuse;
+    char *fuzzing, *bytes, *pick, *protect, *refuse;
     uint32_t seed;
     uint32_t endseed;

zzuf/trunk/src/zzuf.c

@@ -158 +158 @@
 #endif
 #define OPTSTR OPTSTR_REGEX OPTSTR_RLIMIT \
-            "Ab:B:C:dD:f:F:imnP:qr:R:s:ST:vxhV"
+            "Ab:B:C:dD:f:F:imnp:P:qr:R:s:ST:vxhV"
 #define MOREINFO "Try `%s --help' for more information.\n"
         int option_index = 0;
@@ -185 +185 @@
             { "max-memory",  1, NULL, 'M' },
             { "network",     0, NULL, 'n' },
+            { "pick",        1, NULL, 'p' },
             { "protect",     1, NULL, 'P' },
             { "quiet",       0, NULL, 'q' },
@@ -275 +276 @@
             setenv("ZZUF_NETWORK", "1", 1);
             break;
+        case 'p': /* --pick */
+            opts->pick = myoptarg;
+            break;
         case 'P': /* --protect */
             opts->protect = myoptarg;
@@ -376 +380 @@
     if(opts->bytes)
         setenv("ZZUF_BYTES", opts->bytes, 1);
+    if(opts->pick)
+        setenv("ZZUF_PICK", opts->pick, 1);
     if(opts->protect)
         setenv("ZZUF_PROTECT", opts->protect, 1);
@@ -428 +434 @@
     if(opts->bytes)
         _zz_bytes(opts->bytes);
+    if(opts->pick)
+        _zz_pick(opts->pick);
     if(opts->protect)
         _zz_protect(opts->protect);
@@ -1086 +1094 @@
 #endif
 #if defined HAVE_REGEX_H
+    printf("              [-p descriptors] [-I include] [-E exclude]\n");
+    printf("              [PROGRAM [--] [ARGS]...]\n");
+#else
     printf("              [-I include] [-E exclude] [PROGRAM [--] [ARGS]...]\n");
-#else
-    printf("              [PROGRAM [--] [ARGS]...]\n");
 #endif
     printf("       zzuf -h | --help\n");
@@ -1118 +1127 @@
 #endif
     printf("  -n, --network             fuzz network input\n");
+    printf("  -p, --pick <list>         only fuzz Nth descriptor with N in <list>\n");
     printf("  -P, --protect <list>      protect bytes and characters in <list>\n");
     printf("  -q, --quiet               do not print children's messages\n");