move input preparation from mangle to input

author: Robert Swiecki <robert@swiecki.net> 2018-01-13 14:03:39 +0100
committer: Robert Swiecki <robert@swiecki.net> 2018-01-13 14:03:39 +0100
commit: 0f2c30afccb75ec6a5c29131184c2b672cd5b95d (patch)
tree: 0cafbfdfaf1cb18663c3446db23377ac81e6fb17 /input.c
parent: 43775f95d9e6b8c46c52e0454b8721d023b9236b (diff)
download: honggfuzz-0f2c30afccb75ec6a5c29131184c2b672cd5b95d.tar.gz
1 files changed, 122 insertions, 0 deletions
diff --git a/input.c b/input.c
index b71d45e8..61291410 100644
--- a/input.c
+++ b/input.c
@@ -39,6 +39,8 @@
 
 #include "libhfcommon/common.h"
 #include "libhfcommon/files.h"
+#include "mangle.h"
+#include "subproc.h"
 
 #if defined(_HF_ARCH_LINUX)
 #include <sys/syscall.h>
@@ -50,6 +52,19 @@
 #include "libhfcommon/log.h"
 #include "libhfcommon/util.h"
 
+void input_setSize(run_t* run, size_t sz) {
+    if (sz > run->global->maxFileSz) {
+        PLOG_F("Too large size requested: %zu > maxSize: %zu", sz, run->global->maxFileSz);
+    }
+    if (ftruncate(run->dynamicFileFd, sz) == -1) {
+        PLOG_F("ftruncate(fd=%d, size=%zu)", run->dynamicFileFd, sz);
+    }
+    if (lseek(run->dynamicFileFd, (off_t)0, SEEK_SET) == (off_t)-1) {
+        PLOG_F("lseek(fd=%d, 0, SEEK_SET)", run->dynamicFileFd);
+    }
+    run->dynamicFileSz = sz;
+}
+
 static bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) {
     rewinddir(hfuzz->io.inputDirPtr);
 
@@ -291,3 +306,110 @@ bool input_parseBlacklist(honggfuzz_t* hfuzz) {
     }
     return true;
 }
+
+static bool input_checkSizeNRewind(run_t* run) {
+    struct stat st;
+    if (fstat(run->dynamicFileFd, &st) == -1) {
+        PLOG_E("fstat(fd=%d)", run->dynamicFileFd);
+        return false;
+    }
+    if ((size_t)st.st_size > run->global->maxFileSz) {
+        LOG_W("External tool created too large of a file, '%zu', truncating it to '%zu'",
+            (size_t)st.st_size, run->global->maxFileSz);
+        input_setSize(run, run->global->maxFileSz);
+    } else {
+        input_setSize(run, (size_t)st.st_size);
+    }
+    return true;
+}
+
+bool input_prepareDynamicInput(run_t* run) {
+    run->origFileName = "[DYNAMIC]";
+
+    {
+        MX_SCOPED_RWLOCK_READ(&run->global->dynfileq_mutex);
+
+        if (run->global->dynfileqCnt == 0) {
+            LOG_F(
+                "The dynamic file corpus is empty. Apparently, the initial fuzzing of the "
+                "provided file corpus (-f) has not produced any follow-up files with positive "
+                "coverage and/or CPU counters");
+        }
+
+        if (run->dynfileqCurrent == NULL) {
+            run->dynfileqCurrent = TAILQ_FIRST(&run->global->dynfileq);
+        } else {
+            if (run->dynfileqCurrent == TAILQ_LAST(&run->global->dynfileq, dyns_t)) {
+                run->dynfileqCurrent = TAILQ_FIRST(&run->global->dynfileq);
+            } else {
+                run->dynfileqCurrent = TAILQ_NEXT(run->dynfileqCurrent, pointers);
+            }
+        }
+    }
+
+    input_setSize(run, run->dynfileqCurrent->size);
+    memcpy(run->dynamicFile, run->dynfileqCurrent->data, run->dynfileqCurrent->size);
+    mangle_mangleContent(run);
+
+    return true;
+}
+
+bool input_prepareStaticFile(run_t* run, bool rewind) {
+    input_setSize(run, run->global->maxFileSz);
+
+    static __thread char fname[PATH_MAX];
+    if (input_getNext(run, fname, /* rewind= */ rewind) == false) {
+        return false;
+    }
+    run->origFileName = files_basename(fname);
+
+    ssize_t fileSz = files_readFileToBufMax(fname, run->dynamicFile, run->global->maxFileSz);
+    if (fileSz < 0) {
+        LOG_E("Couldn't read contents of '%s'", fname);
+        return false;
+    }
+
+    input_setSize(run, fileSz);
+    mangle_mangleContent(run);
+
+    return true;
+}
+
+bool input_prepareExternalFile(run_t* run) {
+    input_setSize(run, (size_t)0);
+    run->origFileName = "[EXTERNAL]";
+
+    char fname[PATH_MAX];
+    snprintf(fname, sizeof(fname), "/dev/fd/%d", run->dynamicFileFd);
+
+    const char* const argv[] = {run->global->exe.externalCommand, fname, NULL};
+    if (subproc_System(run, argv) != 0) {
+        LOG_E("Subprocess '%s' returned abnormally", run->global->exe.externalCommand);
+        return false;
+    }
+    LOG_D("Subporcess '%s' finished with success", run->global->exe.externalCommand);
+
+    if (!input_checkSizeNRewind(run)) {
+        return false;
+    }
+
+    return true;
+}
+
+bool input_postProcessFile(run_t* run) {
+    char fname[PATH_MAX];
+    snprintf(fname, sizeof(fname), "/dev/fd/%d", run->dynamicFileFd);
+
+    const char* const argv[] = {run->global->exe.postExternalCommand, fname, NULL};
+    if (subproc_System(run, argv) != 0) {
+        LOG_E("Subprocess '%s' returned abnormally", run->global->exe.postExternalCommand);
+        return false;
+    }
+    LOG_D("Subporcess '%s' finished with success", run->global->exe.externalCommand);
+
+    if (!input_checkSizeNRewind(run)) {
+        return false;
+    }
+
+    return true;
+}
author	Robert Swiecki <robert@swiecki.net>	2018-01-13 14:03:39 +0100
committer	Robert Swiecki <robert@swiecki.net>	2018-01-13 14:03:39 +0100
commit	0f2c30afccb75ec6a5c29131184c2b672cd5b95d (patch)
tree	0cafbfdfaf1cb18663c3446db23377ac81e6fb17 /input.c
parent	43775f95d9e6b8c46c52e0454b8721d023b9236b (diff)
download	honggfuzz-0f2c30afccb75ec6a5c29131184c2b672cd5b95d.tar.gz