diff options
| -rw-r--r-- | fuzz.c | 39 | ||||
| -rw-r--r-- | mangle.c | 20 | ||||
| -rw-r--r-- | mangle.h | 1 | ||||
| -rw-r--r-- | subproc.c | 11 |
4 files changed, 28 insertions, 43 deletions
@@ -84,25 +84,17 @@ bool fuzz_shouldTerminate() { } static bool fuzz_checkSizeNRewind(run_t* run) { - if (lseek(run->dynamicFileFd, (off_t)0, SEEK_SET) == (off_t)-1) { - PLOG_E("lseek(fd=%d, 0, SEEK_SET)", run->dynamicFileFd); - return false; - } struct stat st; if (fstat(run->dynamicFileFd, &st) == -1) { PLOG_E("fstat(fd=%d)", run->dynamicFileFd); return false; } - if (st.st_size <= _HF_INPUT_MAX_SIZE) { - run->dynamicFileSz = (size_t)st.st_size; - } else { - run->dynamicFileSz = _HF_INPUT_MAX_SIZE; + if ((size_t)st.st_size > run->global->maxFileSz) { LOG_W("External tool created too large of a file, '%zu', truncating it to '%zu'", - (size_t)st.st_size, run->dynamicFileSz); - } - if (ftruncate(run->dynamicFileFd, _HF_INPUT_MAX_SIZE) == -1) { - PLOG_E("ftruncate(fd=%d, size=%zu)", run->dynamicFileFd, (size_t)_HF_INPUT_MAX_SIZE); - return false; + (size_t)st.st_size, run->global->maxFileSz); + mangle_setSize(run, run->global->maxFileSz); + } else { + mangle_setSize(run, (size_t)st.st_size); } return true; } @@ -131,16 +123,15 @@ static bool fuzz_prepareFileDynamically(run_t* run) { } } + mangle_setSize(run, run->dynfileqCurrent->size); memcpy(run->dynamicFile, run->dynfileqCurrent->data, run->dynfileqCurrent->size); - run->dynamicFileSz = run->dynfileqCurrent->size; - mangle_mangleContent(run); return true; } static bool fuzz_prepareFile(run_t* run, bool rewind) { - char fname[PATH_MAX]; + static __thread char fname[PATH_MAX]; if (input_getNext(run, fname, /* rewind= */ rewind) == false) { return false; } @@ -151,8 +142,8 @@ static bool fuzz_prepareFile(run_t* run, bool rewind) { LOG_E("Couldn't read contents of '%s'", fname); return false; } - run->dynamicFileSz = fileSz; + mangle_setSize(run, fileSz); mangle_mangleContent(run); return true; @@ -473,6 +464,8 @@ static void fuzz_fuzzLoop(run_t* run) { run->linux.hwCnts.bbCnt = 0; run->linux.hwCnts.newBBCnt = 0; + mangle_setSize(run, run->global->maxFileSz); + if (fuzz_getState(run) == _HF_STATE_DYNAMIC_PRE) { run->mutationsPerRun = 0U; if (fuzz_prepareFile(run, /* rewind= */ false) == false) { @@ -517,10 +510,6 @@ static void fuzz_fuzzLoop(run_t* run) { } } } - /* Truncate input file to the desired size */ - if (ftruncate(run->dynamicFileFd, run->dynamicFileSz) == -1) { - PLOG_F("ftruncate(fd=%d, size=%zu)", run->dynamicFileFd, run->dynamicFileSz); - } if (subproc_Run(run) == false) { LOG_F("subproc_Run()"); @@ -567,14 +556,6 @@ static void* fuzz_threadNew(void* arg) { } for (;;) { - /* Reset and rewind the input file to the original maximum size */ - if (ftruncate(run.dynamicFileFd, hfuzz->maxFileSz) == -1) { - PLOG_F("ftruncate(fd=%d, size=%zu)", run.dynamicFileFd, hfuzz->maxFileSz); - } - if (lseek(run.dynamicFileFd, (off_t)0, SEEK_SET) == (off_t)-1) { - PLOG_F("lseek(fd=%d, 0, SEEK_SET)", run.dynamicFileFd); - } - /* Check if dry run mode with verifier enabled */ if (run.global->mutationsPerRun == 0U && run.global->useVerifier) { if (ATOMIC_POST_INC(run.global->cnts.mutationsCnt) >= run.global->io.fileCnt) { @@ -36,6 +36,19 @@ #include "libhfcommon/log.h" #include "libhfcommon/util.h" +void mangle_setSize(run_t* run, size_t sz) { + if (sz > run->global->maxFileSz) { + PLOG_F("Too large size requested: %zu > maxSize: %zu", sz, run->global->maxFileSz); + } + if (ftruncate(run->dynamicFileFd, sz) == -1) { + PLOG_F("ftruncate(fd=%d, size=%zu)", run->dynamicFileFd, sz); + } + if (lseek(run->dynamicFileFd, (off_t)0, SEEK_SET) == (off_t)-1) { + PLOG_F("lseek(fd=%d, 0, SEEK_SET)", run->dynamicFileFd); + } + run->dynamicFileSz = sz; +} + static inline void mangle_Overwrite(run_t* run, const uint8_t* src, size_t off, size_t sz) { size_t maxToCopy = run->dynamicFileSz - off; if (sz > maxToCopy) { @@ -74,7 +87,7 @@ static void mangle_Inflate(run_t* run, size_t off, size_t len) { len = run->global->maxFileSz - run->dynamicFileSz; } - run->dynamicFileSz += len; + mangle_setSize(run, run->dynamicFileSz + len); mangle_Move(run, off, off + len, run->dynamicFileSz); } @@ -492,7 +505,8 @@ static void mangle_CloneByte(run_t* run) { } static void mangle_Resize(run_t* run) { - run->dynamicFileSz = util_rndGet(0, run->global->maxFileSz); + size_t sz = util_rndGet(0, run->global->maxFileSz); + mangle_setSize(run, sz); } static void mangle_Expand(run_t* run) { @@ -511,8 +525,8 @@ static void mangle_Shrink(run_t* run) { size_t len = util_rndGet(1, run->dynamicFileSz - 1); size_t off = util_rndGet(0, len); + mangle_setSize(run, run->dynamicFileSz - len); mangle_Move(run, off + len, off, run->dynamicFileSz); - run->dynamicFileSz -= len; } static void mangle_InsertRnd(run_t* run) { @@ -27,5 +27,6 @@ #include "honggfuzz.h" extern void mangle_mangleContent(run_t* run); +extern void mangle_setSize(run_t* run, size_t sz); #endif @@ -319,17 +319,6 @@ static bool subproc_New(run_t* run) { bool subproc_Run(run_t* run) { run->timeStartedMillis = util_timeNowMillis(); - /* Rewind the input file to position 0 */ - if (lseek(run->dynamicFileFd, (off_t)0, SEEK_SET) == (off_t)-1) { - PLOG_E("lseek(fd=%d, 0, SEEK_SET)", run->dynamicFileFd); - return false; - } - /* Truncate input file to the desired size */ - if (ftruncate(run->dynamicFileFd, run->dynamicFileSz) == -1) { - PLOG_E("ftruncate(fd=%d, size=%zu)", run->dynamicFileFd, run->dynamicFileSz); - return false; - } - if (!subproc_New(run)) { LOG_E("subproc_New()"); return false; |