Changeset 1720
- Timestamp:
- Jan 27, 2007, 8:05:46 PM (16 years ago)
- Location:
- zzuf/trunk
- Files:
-
- 6 edited
-
doc/zzuf.1 (modified) (2 diffs)
-
src/fuzz.c (modified) (4 diffs)
-
src/fuzz.h (modified) (1 diff)
-
src/opts.c (modified) (1 diff)
-
src/opts.h (modified) (1 diff)
-
src/zzuf.c (modified) (8 diffs)
Legend:
- Unmodified
- Added
- Removed
-
zzuf/trunk/doc/zzuf.1
r1708 r1720 5 5 \fBzzuf\fR [\fB\-AcdimnqSvx\fR] [\fB\-s\fR \fIseed\fR|\fB\-s\fR \fIstart:stop\fR] [\fB\-r\fR \fIratio\fR|\fB\-r\fR \fImin:max\fR] 6 6 .br 7 [\fB\-D\fR \fIdelay\fR] [\fB\-F\fR \fIforks\fR] [\fB\-C\fR \fIcrashes\fR] [\fB\-B\fR \fIbytes\fR] [\fB\-T\fR \fIseconds\fR]8 .br 9 [\fB\-M\fR \fImegabytes\fR] [\fB\-b\fR \fIranges\fR] [\fB\-P\fR \fIprotect\fR] [\fB\-R\fR \fIrefuse\fR]10 .br 11 7 [\fB\-f\fR \fIfuzzing\fR] [\fB\-D\fR \fIdelay\fR] [\fB\-F\fR \fIforks\fR] [\fB\-C\fR \fIcrashes\fR] [\fB\-B\fR \fIbytes\fR] 8 .br 9 [\fB\-T\fR \fIseconds\fR] [\fB\-M\fR \fImegabytes\fR] [\fB\-P\fR \fIprotect\fR] [\fB\-R\fR \fIrefuse\fR] 10 .br 11 [\fB\-b\fR \fIranges\fR] [\fB\-I\fR \fIinclude\fR] [\fB\-E\fR \fIexclude\fR] [\fIPROGRAM\fR [\fB\-\-\fR] [\fIARGS\fR]...] 12 12 .br 13 13 \fBzzuf \-h\fR | \fB\-\-help\fR … … 98 98 Multiple \fB\-E\fR flags can be specified, in which case files matching any one 99 99 of the regular expressions will be ignored. 100 .TP 101 \fB\-f\fR, \fB\-\-fuzzing\fR=\fImode\fR 102 Select how the input is fuzzed. Valid values for \fImode\fR are: 103 .RS 104 .TP 105 \fBxor\fR 106 randomly set and unset bits 107 .TP 108 \fBset\fR 109 only set bits 110 .TP 111 \fBunset\fR 112 only unset bits 113 .RE 114 .IP 115 The default value for \fImode\fR is \fBxor\fR. 100 116 .TP 101 117 \fB\-F\fR, \fB\-\-max\-forks\fR=\fIforks\fR -
zzuf/trunk/src/fuzz.c
r1719 r1720 37 37 #define MAGIC2 0x783bc31f 38 38 39 /* Fuzzing mode */ 40 static enum fuzzing 41 { 42 FUZZING_XOR = 0, FUZZING_SET, FUZZING_UNSET 43 } 44 fuzzing; 45 39 46 /* Per-offset byte protection */ 40 47 static unsigned int *ranges = NULL; … … 47 54 /* Local prototypes */ 48 55 static void readchars(int *, char const *); 56 57 extern void _zz_fuzzing(char const *mode) 58 { 59 if(!strcmp(mode, "xor")) 60 fuzzing = FUZZING_XOR; 61 else if(!strcmp(mode, "set")) 62 fuzzing = FUZZING_SET; 63 else if(!strcmp(mode, "unset")) 64 fuzzing = FUZZING_UNSET; 65 } 49 66 50 67 void _zz_bytes(char const *list) … … 144 161 { 145 162 unsigned int *r; 146 uint8_t byte ;163 uint8_t byte, fuzzbyte; 147 164 148 165 if(!ranges) … … 161 178 continue; 162 179 163 byte ^= fuzz->data[j % CHUNKBYTES]; 180 fuzzbyte = fuzz->data[j % CHUNKBYTES]; 181 182 if(!fuzzbyte) 183 continue; 184 185 switch(fuzzing) 186 { 187 case FUZZING_XOR: 188 byte ^= fuzzbyte; 189 break; 190 case FUZZING_SET: 191 byte |= fuzzbyte; 192 break; 193 case FUZZING_UNSET: 194 byte &= ~fuzzbyte; 195 break; 196 } 164 197 165 198 if(refuse[byte]) -
zzuf/trunk/src/fuzz.h
r1705 r1720 17 17 */ 18 18 19 extern void _zz_fuzzing(char const *); 19 20 extern void _zz_bytes(char const *); 20 21 extern void _zz_protect(char const *); -
zzuf/trunk/src/opts.c
r1705 r1720 34 34 void _zz_opts_init(struct opts *opts) 35 35 { 36 opts-> bytes = opts->protect = opts->refuse = NULL;36 opts->fuzzing = opts->bytes = opts->protect = opts->refuse = NULL; 37 37 opts->seed = DEFAULT_SEED; 38 38 opts->endseed = DEFAULT_SEED + 1; -
zzuf/trunk/src/opts.h
r1707 r1720 21 21 char **oldargv; 22 22 char **newargv; 23 char * bytes, *protect, *refuse;23 char *fuzzing, *bytes, *protect, *refuse; 24 24 uint32_t seed; 25 25 uint32_t endseed; -
zzuf/trunk/src/zzuf.c
r1718 r1720 131 131 { 132 132 # if defined HAVE_REGEX_H 133 # define OPTSTR "Ab:B:cC:dD:E: F:iI:mM:nP:qr:R:s:ST:vxhV"133 # define OPTSTR "Ab:B:cC:dD:E:f:F:iI:mM:nP:qr:R:s:ST:vxhV" 134 134 # else 135 # define OPTSTR "Ab:B:C:dD: F:imM:nP:qr:R:s:ST:vxhV"135 # define OPTSTR "Ab:B:C:dD:f:F:imM:nP:qr:R:s:ST:vxhV" 136 136 # endif 137 137 # if defined HAVE_GETOPT_LONG … … 153 153 { "exclude", 1, NULL, 'E' }, 154 154 #endif 155 { "fuzzing", 1, NULL, 'f' }, 155 156 { "max-forks", 1, NULL, 'F' }, 156 157 { "stdin", 0, NULL, 'i' }, … … 220 221 break; 221 222 #endif 223 case 'f': /* --fuzzing */ 224 opts->fuzzing = optarg; 225 break; 222 226 case 'F': /* --max-forks */ 223 227 opts->maxchild = atoi(optarg) > 1 ? atoi(optarg) : 1; … … 344 348 #endif 345 349 350 if(opts->fuzzing) 351 setenv("ZZUF_FUZZING", opts->fuzzing, 1); 346 352 if(opts->bytes) 347 353 setenv("ZZUF_BYTES", opts->bytes, 1); … … 394 400 ctx = _zz_md5_init(); 395 401 402 if(opts->fuzzing) 403 _zz_fuzzing(opts->fuzzing); 396 404 if(opts->bytes) 397 405 _zz_bytes(opts->bytes); … … 1049 1057 printf("Usage: zzuf [-AdimnqSvx] [-s seed|-s start:stop] [-r ratio|-r min:max]\n"); 1050 1058 #endif 1051 printf(" [-D delay] [-F forks] [-C crashes] [-B bytes] [-T seconds]\n");1052 printf(" 1053 #if defined HAVE_REGEX_H 1054 printf(" 1059 printf(" [-f fuzzing] [-D delay] [-F forks] [-C crashes] [-B bytes]\n"); 1060 printf(" [-T seconds] [-M bytes] [-b ranges] [-P protect] [-R refuse]\n"); 1061 #if defined HAVE_REGEX_H 1062 printf(" [-I include] [-E exclude] [PROGRAM [--] [ARGS]...]\n"); 1055 1063 #else 1056 printf(" 1064 printf(" [PROGRAM [--] [ARGS]...]\n"); 1057 1065 #endif 1058 1066 # if defined HAVE_GETOPT_LONG … … 1079 1087 printf(" -E, --exclude <regex> do not fuzz files matching <regex>\n"); 1080 1088 #endif 1089 printf(" -f, --fuzzing <mode> use fuzzing mode <mode> ([xor] set unset)\n"); 1081 1090 printf(" -F, --max-forks <n> number of concurrent children (default 1)\n"); 1082 1091 printf(" -i, --stdin fuzz standard input\n"); … … 1115 1124 printf(" -E <regex> do not fuzz files matching <regex>\n"); 1116 1125 #endif 1126 printf(" -f <mode> use fuzzing mode <mode>\n"); 1117 1127 printf(" -F <n> number of concurrent forks (default 1)\n"); 1118 1128 printf(" -i fuzz standard input\n");
Note: See TracChangeset
for help on using the changeset viewer.
