Jan 1, 2007, 10:35:54 PM (15 years ago)
Sam Hocevar
  • Implemented signal handling.
  • Updated documentation accordingly and improved a few parts.
1 edited


  • zzuf/trunk/doc/zzuf.1

    r1531 r1532  
    55.B zzuf
    7 .B \-vqdhic
     7.B \-cdhiqSv
    88] [
    99.B \-r
    8787regular expression. This option supersedes anything that is specified by the
    8888.B \-\-exclude
    89 flag. Use this for instance if you do not know for sure what files your
    90 application is going to read, but do not want it to fuzz files in the
     89flag. Use this for instance if you are unsure of what files your
     90application is going to read and do not want it to fuzz files in the
    9191.B /etc
    120120.B \-I
    121121flags can be specified, in which case files matching any one of the regular
    122 expressions will be fuzzed.
     122expressions will be fuzzed. See also the
     123.B \-c
    124126.B \-q, \-\-quiet
    125127Hide the output of the fuzzed application. This is useful if the application
    126 is very verbose but only its exit code is really useful to you.
     128is very verbose but only its exit code or signaled status is really useful to
    128131.B \-r, \-\-ratio <ratio>
    153156will run the application several times, each time with a different seed, and
    154157report the behaviour of each run.
     159.B \-S, \-\-signal
     160Prevent children from installing signal handlers for signals that usually
     161cause coredumps. These signals are
     162.BR SIGABRT ,
     163.BR SIGFPE ,
     164.BR SIGILL ,
     165.BR SIGQUIT ,
     166.BR SIGSEGV ,
     167.B SIGTRAP
     168and, if available on the running platform,
     169.BR SIGSYS ,
     170.BR SIGEMT ,
     171.BR SIGBUS ,
     172.B SIGXCPU
     174.BR SIGXFSZ .
     175Instead of calling the signal handler, the application will simply crash. If
     176you do not want core dumps, you should set appropriate limits with the
     177.B limit coredumpsize
     178command. See your shell's documentation on how to set such limits.
    156180.B \-T, \-\-max\-time <n>
    188212files from fuzzing (because
    189213.B convert
    190 will also open its own configuration files and we do not want
     214will also open its own XML configuration files and we do not want
    191215.B zzuf
    192216to fuzz them):
    218 Fuzz
     242Fuzz 2% of
    219243.BR mplayer 's
    220 input with seeds 0 to 9999, launching up to 3 simultaneous child processes
    221 and killing
    222 .BR mplayer
    223 if it takes more than one minute to read the file:
     244input bits
     245.RB  ( \-r
     246.BR 0.02 )
     247with seeds 0 to 9999
     248.RB ( \-s
     249.BR 0:10000 ),
     250disabling its standard output messages
     251.RB ( \-q ),
     252launching up to three simultaneous child processes
     253.RB ( \-F
     254.BR 3 ),
     256.B mplayer
     257if it takes more than one minute to read the file
     258.RB ( \-T
     259.BR 60 )
     260and disabling its
     261.B SIGSEGV
     262signal handler
     263.RB ( \-S ):
    240280drop bytes from the input, to fuzz according to the file format, or to do
    241281all these complicated operations. They are planned, though.
     283Due to
     284.B zzuf
     286.B LD_PRELOAD
     287to run its child processes, it will fail in the presence of any mechanism
     288that disables preloading. For instance setuid root binaries will not be
    243291.SH AUTHOR
Note: See TracChangeset for help on using the changeset viewer.