diff options
author | Robert Swiecki <robert@swiecki.net> | 2018-01-11 01:50:18 +0100 |
---|---|---|
committer | Robert Swiecki <robert@swiecki.net> | 2018-01-11 01:50:18 +0100 |
commit | 0a01ea792cd09caf0dfea7afec70906fdc10e30a (patch) | |
tree | cf9a8a8102d3b661fffc630e027d34e0b6c06906 /fuzz.c | |
parent | f4cbd8ba63b9962347dac00da56d601b6c88ffe4 (diff) | |
download | honggfuzz-0a01ea792cd09caf0dfea7afec70906fdc10e30a.tar.gz |
Remove notion of the inputFile, in favor of input file-descriptors accessible as /dev/fd/<x>
Diffstat (limited to 'fuzz.c')
-rw-r--r-- | fuzz.c | 111 |
1 files changed, 41 insertions, 70 deletions
@@ -83,11 +83,28 @@ bool fuzz_shouldTerminate() { return false; } -static void fuzz_getFileName(run_t* run) { - char bname[PATH_MAX]; - snprintf(bname, sizeof(bname), "%s", run->global->exe.cmdline[0]); - snprintf(run->fileName, PATH_MAX, "%s/honggfuzz.input.%" PRIu32 ".%s.%s", - run->global->io.workDir, run->fuzzNo, basename(bname), run->global->io.fileExtn); +static bool fuzz_checkSizeNRewind(run_t* run) { + if (lseek(run->dynamicFileFd, (off_t)0, SEEK_SET) == (off_t)-1) { + PLOG_E("lseek(fd=%d, 0, SEEK_SET)", run->dynamicFileFd); + return false; + } + struct stat st; + if (fstat(run->dynamicFileFd, &st) == -1) { + PLOG_E("fstat(fd=%d)", run->dynamicFileFd); + return false; + } + if (st.st_size <= _HF_INPUT_MAX_SIZE) { + run->dynamicFileSz = (size_t)st.st_size; + } else { + run->dynamicFileSz = _HF_INPUT_MAX_SIZE; + LOG_W("External tool created too large of a file, '%zu', truncating it to '%zu'", + (size_t)st.st_size, run->dynamicFileSz); + } + if (ftruncate(run->dynamicFileFd, run->dynamicFileSz) == -1) { + PLOG_E("ftruncate(fd=%d, size=%zu)", run->dynamicFileFd, run->dynamicFileSz); + return false; + } + return true; } static bool fuzz_prepareFileDynamically(run_t* run) { @@ -119,13 +136,6 @@ static bool fuzz_prepareFileDynamically(run_t* run) { mangle_mangleContent(run); - if (run->global->persistent == false && - files_writeBufToFile(run->fileName, run->dynamicFile, run->dynamicFileSz, - O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC) == false) { - LOG_E("Couldn't write buffer to file '%s'", run->fileName); - return false; - } - return true; } @@ -145,79 +155,48 @@ static bool fuzz_prepareFile(run_t* run, bool rewind) { mangle_mangleContent(run); - if (run->global->persistent == false && - files_writeBufToFile(run->fileName, run->dynamicFile, run->dynamicFileSz, - O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC) == false) { - LOG_E("Couldn't write buffer to file '%s'", run->fileName); - return false; - } - return true; } static bool fuzz_prepareFileExternally(run_t* run) { - char fname[PATH_MAX]; - if (input_getNext(run, fname, true /* rewind */)) { - run->origFileName = files_basename(fname); - if (files_copyFile(fname, run->fileName, NULL, false /* try_link */) == false) { - LOG_E("files_copyFile('%s', '%s')", fname, run->fileName); - return false; - } + static __thread char ofname[PATH_MAX]; + if (input_getNext(run, ofname, /* rewind= */ true)) { + run->origFileName = files_basename(ofname); } else { run->origFileName = "[EXTERNAL]"; - int dstfd = open(run->fileName, O_CREAT | O_TRUNC | O_RDWR | O_CLOEXEC, 0644); - if (dstfd == -1) { - PLOG_E("Couldn't create a temporary file '%s'", run->fileName); - return false; - } - close(dstfd); } - LOG_D("Created '%s' as an input file", run->fileName); + char fname[PATH_MAX]; + snprintf(fname, sizeof(fname), "/dev/fd/%d", run->dynamicFileFd); - const char* const argv[] = {run->global->exe.externalCommand, run->fileName, NULL}; + const char* const argv[] = {run->global->exe.externalCommand, fname, NULL}; if (subproc_System(run, argv) != 0) { LOG_E("Subprocess '%s' returned abnormally", run->global->exe.externalCommand); return false; } LOG_D("Subporcess '%s' finished with success", run->global->exe.externalCommand); - ssize_t rsz = files_readFileToBufMax(run->fileName, run->dynamicFile, run->global->maxFileSz); - if (rsz < 0) { - LOG_W("Couldn't read back '%s' to the buffer", run->fileName); + if (!fuzz_checkSizeNRewind(run)) { return false; } - run->dynamicFileSz = rsz; - - if (run->global->persistent) { - unlink(run->fileName); - } return true; } static bool fuzz_postProcessFile(run_t* run) { - if (run->global->persistent) { - if (files_writeBufToFile(run->fileName, run->dynamicFile, run->dynamicFileSz, - O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC) == false) { - LOG_E("Couldn't write file to '%s'", run->fileName); - return false; - } - } + char fname[PATH_MAX]; + snprintf(fname, sizeof(fname), "/dev/fd/%d", run->dynamicFileFd); - const char* const argv[] = {run->global->exe.postExternalCommand, run->fileName, NULL}; + const char* const argv[] = {run->global->exe.postExternalCommand, fname, NULL}; if (subproc_System(run, argv) != 0) { LOG_E("Subprocess '%s' returned abnormally", run->global->exe.postExternalCommand); return false; } LOG_D("Subporcess '%s' finished with success", run->global->exe.externalCommand); - ssize_t rsz = files_readFileToBufMax(run->fileName, run->dynamicFile, run->global->maxFileSz); - if (rsz < 0) { - LOG_W("Couldn't read back '%s' to the buffer", run->fileName); + if (!fuzz_checkSizeNRewind(run)) { return false; } - run->dynamicFileSz = rsz; return true; } @@ -328,20 +307,10 @@ static bool fuzz_runVerifier(run_t* crashedFuzzer) { LOG_F("Could not initialize the thread"); } - fuzz_getFileName(&vFuzzer); - if (files_writeBufToFile(vFuzzer.fileName, crashBuf, crashFileSz, - O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC) == false) { - LOG_E("Couldn't write buffer to file '%s'", vFuzzer.fileName); - return false; - } - if (subproc_Run(&vFuzzer) == false) { LOG_F("subproc_Run()"); } - /* Delete intermediate files generated from verifier */ - unlink(vFuzzer.fileName); - /* If stack hash doesn't match skip name tag and exit */ if (crashedFuzzer->backtrace != vFuzzer.backtrace) { LOG_D("Verifier stack hash mismatch"); @@ -607,10 +576,6 @@ static void fuzz_fuzzLoop(run_t* run) { LOG_F("subproc_Run()"); } - if (run->global->persistent == false) { - unlink(run->fileName); - } - if (run->global->dynFileMethod != _HF_DYNFILE_NONE) { fuzz_perfFeedback(run); } @@ -642,7 +607,6 @@ static void* fuzz_threadNew(void* arg) { .fuzzNo = fuzzNo, .persistentSock = -1, .tmOutSignaled = false, - .fileName = "[UNSET]", .linux.attachedPid = 0, }; @@ -651,13 +615,20 @@ static void* fuzz_threadNew(void* arg) { LOG_F("Couldn't create an input file of size: %zu", hfuzz->maxFileSz); } defer { close(run.dynamicFileFd); }; - fuzz_getFileName(&run); if (arch_archThreadInit(&run) == false) { LOG_F("Could not initialize the thread"); } for (;;) { + /* Reset and rewind the input file to the original maximum size */ + if (ftruncate(run.dynamicFileFd, hfuzz->maxFileSz) == -1) { + PLOG_F("ftruncate(fd=%d, size=%zu)", run.dynamicFileFd, hfuzz->maxFileSz); + } + if (lseek(run.dynamicFileFd, (off_t)0, SEEK_SET) == (off_t)-1) { + PLOG_F("lseek(fd=%d, 0, SEEK_SET)", run.dynamicFileFd); + } + /* Check if dry run mode with verifier enabled */ if (run.global->mutationsPerRun == 0U && run.global->useVerifier) { if (ATOMIC_POST_INC(run.global->cnts.mutationsCnt) >= run.global->io.fileCnt) { |