Changeset 1532


Ignore:
Timestamp:
Jan 1, 2007, 10:35:54 PM (15 years ago)
Author:
Sam Hocevar
Message:
  • Implemented signal handling.
  • Updated documentation accordingly and improved a few parts.
Location:
zzuf/trunk
Files:
1 added
6 edited

Legend:

Unmodified
Added
Removed
  • zzuf/trunk/doc/zzuf.1

    r1531 r1532  
    55.B zzuf
    66[
    7 .B \-vqdhic
     7.B \-cdhiqSv
    88] [
    99.B \-r
     
    8787regular expression. This option supersedes anything that is specified by the
    8888.B \-\-exclude
    89 flag. Use this for instance if you do not know for sure what files your
    90 application is going to read, but do not want it to fuzz files in the
     89flag. Use this for instance if you are unsure of what files your
     90application is going to read and do not want it to fuzz files in the
    9191.B /etc
    9292directory.
     
    120120.B \-I
    121121flags can be specified, in which case files matching any one of the regular
    122 expressions will be fuzzed.
     122expressions will be fuzzed. See also the
     123.B \-c
     124flag.
    123125.TP
    124126.B \-q, \-\-quiet
    125127Hide the output of the fuzzed application. This is useful if the application
    126 is very verbose but only its exit code is really useful to you.
     128is very verbose but only its exit code or signaled status is really useful to
     129you.
    127130.TP
    128131.B \-r, \-\-ratio <ratio>
     
    153156will run the application several times, each time with a different seed, and
    154157report the behaviour of each run.
     158.TP
     159.B \-S, \-\-signal
     160Prevent children from installing signal handlers for signals that usually
     161cause coredumps. These signals are
     162.BR SIGABRT ,
     163.BR SIGFPE ,
     164.BR SIGILL ,
     165.BR SIGQUIT ,
     166.BR SIGSEGV ,
     167.B SIGTRAP
     168and, if available on the running platform,
     169.BR SIGSYS ,
     170.BR SIGEMT ,
     171.BR SIGBUS ,
     172.B SIGXCPU
     173and
     174.BR SIGXFSZ .
     175Instead of calling the signal handler, the application will simply crash. If
     176you do not want core dumps, you should set appropriate limits with the
     177.B limit coredumpsize
     178command. See your shell's documentation on how to set such limits.
    155179.TP
    156180.B \-T, \-\-max\-time <n>
     
    188212files from fuzzing (because
    189213.B convert
    190 will also open its own configuration files and we do not want
     214will also open its own XML configuration files and we do not want
    191215.B zzuf
    192216to fuzz them):
     
    216240
    217241.fi
    218 Fuzz
     242Fuzz 2% of
    219243.BR mplayer 's
    220 input with seeds 0 to 9999, launching up to 3 simultaneous child processes
    221 and killing
    222 .BR mplayer
    223 if it takes more than one minute to read the file:
     244input bits
     245.RB  ( \-r
     246.BR 0.02 )
     247with seeds 0 to 9999
     248.RB ( \-s
     249.BR 0:10000 ),
     250disabling its standard output messages
     251.RB ( \-q ),
     252launching up to three simultaneous child processes
     253.RB ( \-F
     254.BR 3 ),
     255killing
     256.B mplayer
     257if it takes more than one minute to read the file
     258.RB ( \-T
     259.BR 60 )
     260and disabling its
     261.B SIGSEGV
     262signal handler
     263.RB ( \-S ):
    224264.fn
    225265
     
    240280drop bytes from the input, to fuzz according to the file format, or to do
    241281all these complicated operations. They are planned, though.
     282
     283Due to
     284.B zzuf
     285using
     286.B LD_PRELOAD
     287to run its child processes, it will fail in the presence of any mechanism
     288that disables preloading. For instance setuid root binaries will not be
     289fuzzed.
    242290.RI
    243291.SH AUTHOR
  • zzuf/trunk/src/Makefile.am

    r1517 r1532  
    66pkglib_LTLIBRARIES = libzzuf.la
    77libzzuf_la_SOURCES = libzzuf.c libzzuf.h fuzz.c fuzz.h debug.c debug.h \
    8                      load-fd.c load-stream.c load.h random.c random.h
     8                     load-fd.c load-signal.c load-stream.c load.h \
     9                     random.c random.h
    910libzzuf_la_LDFLAGS = -module -avoid-version -no-undefined
    1011libzzuf_la_LIBADD = -ldl
  • zzuf/trunk/src/libzzuf.c

    r1529 r1532  
    4141int   _zz_ready    = 0;
    4242int   _zz_hasdebug = 0;
     43float _zz_ratio    = 0.004f;
    4344int   _zz_seed     = 0;
    44 float _zz_ratio    = 0.004f;
     45int   _zz_signal   = 0;
    4546
    4647/* Local variables */
     
    5859
    5960    tmp = getenv("ZZUF_DEBUG");
    60     if(tmp && *tmp)
     61    if(tmp && *tmp == '1')
    6162        _zz_hasdebug = 1;
    6263
     
    8788    }
    8889
     90    tmp = getenv("ZZUF_SIGNAL");
     91    if(tmp && *tmp == '1')
     92        _zz_signal = 1;
     93
    8994    _zz_fd_init();
    9095
     
    9499
    95100    _zz_load_fd();
     101    _zz_load_signal();
    96102    _zz_load_stream();
    97103
  • zzuf/trunk/src/libzzuf.h

    r1527 r1532  
    3232extern int       _zz_ready;
    3333extern int       _zz_hasdebug;
     34extern float     _zz_ratio;
    3435extern int       _zz_seed;
    35 extern float     _zz_ratio;
     36extern int       _zz_signal;
    3637
    3738/* Library initialisation shit */
  • zzuf/trunk/src/load.h

    r1523 r1532  
    2828
    2929extern void _zz_load_fd(void);
     30extern void _zz_load_signal(void);
    3031extern void _zz_load_stream(void);
    3132
  • zzuf/trunk/src/zzuf.c

    r1531 r1532  
    9797        {
    9898            /* Long option, needs arg, flag, short option */
     99            { "max-bytes", 1, NULL, 'B' },
     100            { "cmdline",   0, NULL, 'c' },
     101            { "debug",     0, NULL, 'd' },
     102            { "exclude",   1, NULL, 'E' },
     103            { "fork",      1, NULL, 'F' },
     104            { "help",      0, NULL, 'h' },
     105            { "stdin",     0, NULL, 'i' },
    99106            { "include",   1, NULL, 'I' },
    100             { "exclude",   1, NULL, 'E' },
    101             { "cmdline",   0, NULL, 'c' },
    102             { "stdin",     0, NULL, 'i' },
     107            { "quiet",     0, NULL, 'q' },
     108            { "ratio",     1, NULL, 'r' },
    103109            { "seed",      1, NULL, 's' },
    104             { "ratio",     1, NULL, 'r' },
    105             { "fork",      1, NULL, 'F' },
    106             { "max-bytes", 1, NULL, 'B' },
     110            { "signal",    0, NULL, 'S' },
    107111            { "max-time",  1, NULL, 'T' },
    108             { "quiet",     0, NULL, 'q' },
    109             { "debug",     0, NULL, 'd' },
    110             { "help",      0, NULL, 'h' },
    111112            { "version",   0, NULL, 'v' },
    112113        };
    113         int c = getopt_long(argc, argv, "B:cdE:F:hiI:qr:s:T:v",
     114        int c = getopt_long(argc, argv, "B:cdE:F:hiI:qr:s:ST:v",
    114115                            long_options, &option_index);
    115116#   else
    116117#       define MOREINFO "Try `%s -h' for more information.\n"
    117         int c = getopt(argc, argv, "B:cdE:F:hiI:qr:s:T:v");
     118        int c = getopt(argc, argv, "B:cdE:F:hiI:qr:s:ST:v");
    118119#   endif
    119120        if(c == -1)
     
    163164        case 'q': /* --quiet */
    164165            quiet = 1;
     166            break;
     167        case 'S': /* --signal */
     168            setenv("ZZUF_SIGNAL", "1", 1);
    165169            break;
    166170        case 'd': /* --debug */
     
    529533    printf("  -s, --seed <seed>        random seed (default 0)\n");
    530534    printf("      --seed <start:stop>  specify a seed range\n");
     535    printf("  -S, --signal             prevent children from diverting crashing signals\n");
    531536    printf("  -T, --max-time <n>       kill children that run for more than <n> seconds\n");
    532537    printf("  -v, --version            output version information and exit\n");
     
    544549    printf("  -s <seed>        random seed (default 0)\n");
    545550    printf("     <start:stop>  specify a seed range\n");
     551    printf("  -S               prevent children from diverting crashing signals\n");
    546552    printf("  -T <n>           kill children that run for more than <n> seconds\n");
    547553    printf("  -v               output version information and exit\n");
Note: See TracChangeset for help on using the changeset viewer.