summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile6
-rw-r--r--fuzz.c22
-rw-r--r--input.c122
-rw-r--r--input.h8
-rw-r--r--mangle.c130
-rw-r--r--mangle.h6
6 files changed, 147 insertions, 147 deletions
diff --git a/Makefile b/Makefile
index fddab5e9..36c8ecfb 100644
--- a/Makefile
+++ b/Makefile
@@ -364,10 +364,10 @@ honggfuzz.o: cmdline.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h
honggfuzz.o: display.h fuzz.h input.h libhfcommon/files.h
honggfuzz.o: libhfcommon/common.h libhfcommon/log.h
input.o: input.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h
-input.o: libhfcommon/files.h libhfcommon/common.h libhfcommon/log.h
+input.o: libhfcommon/files.h libhfcommon/common.h mangle.h subproc.h
+input.o: libhfcommon/log.h
mangle.o: mangle.h honggfuzz.h libhfcommon/util.h input.h
-mangle.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h
-mangle.o: libhfcommon/log.h subproc.h
+mangle.o: libhfcommon/common.h libhfcommon/log.h
report.o: report.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h
report.o: libhfcommon/log.h
sancov.o: sancov.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h
diff --git a/fuzz.c b/fuzz.c
index e3cad378..6c48553e 100644
--- a/fuzz.c
+++ b/fuzz.c
@@ -341,7 +341,7 @@ static bool fuzz_runVerifier(run_t* run) {
static bool fuzz_fetchInput(run_t* run) {
if (fuzz_getState(run) == _HF_STATE_DYNAMIC_DRY_RUN) {
run->mutationsPerRun = 0U;
- if (mangle_prepareStaticFile(run, /* rewind= */ false)) {
+ if (input_prepareStaticFile(run, /* rewind= */ false)) {
return true;
}
fuzz_setDynamicMainState(run);
@@ -349,27 +349,27 @@ static bool fuzz_fetchInput(run_t* run) {
}
if (fuzz_getState(run) == _HF_STATE_DYNAMIC_MAIN) {
- if (run->global->exe.externalCommand && !mangle_prepareExternalFile(run)) {
- LOG_E("fuzz_prepareFileExternally() failed");
+ if (run->global->exe.externalCommand && !input_prepareExternalFile(run)) {
+ LOG_E("input_prepareFileExternally() failed");
return false;
- } else if (!mangle_prepareDynamicInput(run)) {
- LOG_E("fuzz_prepareFileDynamically() failed");
+ } else if (!input_prepareDynamicInput(run)) {
+ LOG_E("input_prepareFileDynamically() failed");
return false;
}
}
if (fuzz_getState(run) == _HF_STATE_STATIC) {
- if (run->global->exe.externalCommand && !mangle_prepareExternalFile(run)) {
- LOG_E("fuzz_prepareFileExternally() failed");
+ if (run->global->exe.externalCommand && !input_prepareExternalFile(run)) {
+ LOG_E("input_prepareFileExternally() failed");
return false;
- } else if (!mangle_prepareStaticFile(run, true /* rewind */)) {
- LOG_E("fuzz_prepareFile() failed");
+ } else if (!input_prepareStaticFile(run, true /* rewind */)) {
+ LOG_E("input_prepareFile() failed");
return false;
}
}
- if (run->global->exe.postExternalCommand && !mangle_postProcessFile(run)) {
- LOG_E("fuzz_postProcessFile() failed");
+ if (run->global->exe.postExternalCommand && !input_postProcessFile(run)) {
+ LOG_E("input_postProcessFile() failed");
return false;
}
diff --git a/input.c b/input.c
index b71d45e8..61291410 100644
--- a/input.c
+++ b/input.c
@@ -39,6 +39,8 @@
#include "libhfcommon/common.h"
#include "libhfcommon/files.h"
+#include "mangle.h"
+#include "subproc.h"
#if defined(_HF_ARCH_LINUX)
#include <sys/syscall.h>
@@ -50,6 +52,19 @@
#include "libhfcommon/log.h"
#include "libhfcommon/util.h"
+void input_setSize(run_t* run, size_t sz) {
+ if (sz > run->global->maxFileSz) {
+ PLOG_F("Too large size requested: %zu > maxSize: %zu", sz, run->global->maxFileSz);
+ }
+ if (ftruncate(run->dynamicFileFd, sz) == -1) {
+ PLOG_F("ftruncate(fd=%d, size=%zu)", run->dynamicFileFd, sz);
+ }
+ if (lseek(run->dynamicFileFd, (off_t)0, SEEK_SET) == (off_t)-1) {
+ PLOG_F("lseek(fd=%d, 0, SEEK_SET)", run->dynamicFileFd);
+ }
+ run->dynamicFileSz = sz;
+}
+
static bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) {
rewinddir(hfuzz->io.inputDirPtr);
@@ -291,3 +306,110 @@ bool input_parseBlacklist(honggfuzz_t* hfuzz) {
}
return true;
}
+
+static bool input_checkSizeNRewind(run_t* run) {
+ struct stat st;
+ if (fstat(run->dynamicFileFd, &st) == -1) {
+ PLOG_E("fstat(fd=%d)", run->dynamicFileFd);
+ return false;
+ }
+ if ((size_t)st.st_size > run->global->maxFileSz) {
+ LOG_W("External tool created too large of a file, '%zu', truncating it to '%zu'",
+ (size_t)st.st_size, run->global->maxFileSz);
+ input_setSize(run, run->global->maxFileSz);
+ } else {
+ input_setSize(run, (size_t)st.st_size);
+ }
+ return true;
+}
+
+bool input_prepareDynamicInput(run_t* run) {
+ run->origFileName = "[DYNAMIC]";
+
+ {
+ MX_SCOPED_RWLOCK_READ(&run->global->dynfileq_mutex);
+
+ if (run->global->dynfileqCnt == 0) {
+ LOG_F(
+ "The dynamic file corpus is empty. Apparently, the initial fuzzing of the "
+ "provided file corpus (-f) has not produced any follow-up files with positive "
+ "coverage and/or CPU counters");
+ }
+
+ if (run->dynfileqCurrent == NULL) {
+ run->dynfileqCurrent = TAILQ_FIRST(&run->global->dynfileq);
+ } else {
+ if (run->dynfileqCurrent == TAILQ_LAST(&run->global->dynfileq, dyns_t)) {
+ run->dynfileqCurrent = TAILQ_FIRST(&run->global->dynfileq);
+ } else {
+ run->dynfileqCurrent = TAILQ_NEXT(run->dynfileqCurrent, pointers);
+ }
+ }
+ }
+
+ input_setSize(run, run->dynfileqCurrent->size);
+ memcpy(run->dynamicFile, run->dynfileqCurrent->data, run->dynfileqCurrent->size);
+ mangle_mangleContent(run);
+
+ return true;
+}
+
+bool input_prepareStaticFile(run_t* run, bool rewind) {
+ input_setSize(run, run->global->maxFileSz);
+
+ static __thread char fname[PATH_MAX];
+ if (input_getNext(run, fname, /* rewind= */ rewind) == false) {
+ return false;
+ }
+ run->origFileName = files_basename(fname);
+
+ ssize_t fileSz = files_readFileToBufMax(fname, run->dynamicFile, run->global->maxFileSz);
+ if (fileSz < 0) {
+ LOG_E("Couldn't read contents of '%s'", fname);
+ return false;
+ }
+
+ input_setSize(run, fileSz);
+ mangle_mangleContent(run);
+
+ return true;
+}
+
+bool input_prepareExternalFile(run_t* run) {
+ input_setSize(run, (size_t)0);
+ run->origFileName = "[EXTERNAL]";
+
+ char fname[PATH_MAX];
+ snprintf(fname, sizeof(fname), "/dev/fd/%d", run->dynamicFileFd);
+
+ const char* const argv[] = {run->global->exe.externalCommand, fname, NULL};
+ if (subproc_System(run, argv) != 0) {
+ LOG_E("Subprocess '%s' returned abnormally", run->global->exe.externalCommand);
+ return false;
+ }
+ LOG_D("Subporcess '%s' finished with success", run->global->exe.externalCommand);
+
+ if (!input_checkSizeNRewind(run)) {
+ return false;
+ }
+
+ return true;
+}
+
+bool input_postProcessFile(run_t* run) {
+ char fname[PATH_MAX];
+ snprintf(fname, sizeof(fname), "/dev/fd/%d", run->dynamicFileFd);
+
+ const char* const argv[] = {run->global->exe.postExternalCommand, fname, NULL};
+ if (subproc_System(run, argv) != 0) {
+ LOG_E("Subprocess '%s' returned abnormally", run->global->exe.postExternalCommand);
+ return false;
+ }
+ LOG_D("Subporcess '%s' finished with success", run->global->exe.externalCommand);
+
+ if (!input_checkSizeNRewind(run)) {
+ return false;
+ }
+
+ return true;
+}
diff --git a/input.h b/input.h
index 9a500d1a..6f4d8d1c 100644
--- a/input.h
+++ b/input.h
@@ -26,12 +26,14 @@
#include "honggfuzz.h"
+extern void input_setSize(run_t* run, size_t sz);
extern bool input_getNext(run_t* run, char* fname, bool rewind);
-
extern bool input_init(honggfuzz_t* hfuzz);
-
extern bool input_parseDictionary(honggfuzz_t* hfuzz);
-
extern bool input_parseBlacklist(honggfuzz_t* hfuzz);
+extern bool input_prepareDynamicInput(run_t* run);
+extern bool input_prepareStaticFile(run_t* run, bool rewind);
+extern bool input_prepareExternalFile(run_t* run);
+extern bool input_postProcessFile(run_t* run);
#endif /* ifndef _HF_INPUT_H_ */
diff --git a/mangle.c b/mangle.c
index d4e82f07..ea253e81 100644
--- a/mangle.c
+++ b/mangle.c
@@ -36,23 +36,8 @@
#include "input.h"
#include "libhfcommon/common.h"
-#include "libhfcommon/files.h"
#include "libhfcommon/log.h"
#include "libhfcommon/util.h"
-#include "subproc.h"
-
-static void mangle_setSize(run_t* run, size_t sz) {
- if (sz > run->global->maxFileSz) {
- PLOG_F("Too large size requested: %zu > maxSize: %zu", sz, run->global->maxFileSz);
- }
- if (ftruncate(run->dynamicFileFd, sz) == -1) {
- PLOG_F("ftruncate(fd=%d, size=%zu)", run->dynamicFileFd, sz);
- }
- if (lseek(run->dynamicFileFd, (off_t)0, SEEK_SET) == (off_t)-1) {
- PLOG_F("lseek(fd=%d, 0, SEEK_SET)", run->dynamicFileFd);
- }
- run->dynamicFileSz = sz;
-}
static inline void mangle_Overwrite(run_t* run, const uint8_t* src, size_t off, size_t sz) {
size_t maxToCopy = run->dynamicFileSz - off;
@@ -92,7 +77,7 @@ static void mangle_Inflate(run_t* run, size_t off, size_t len) {
len = run->global->maxFileSz - run->dynamicFileSz;
}
- mangle_setSize(run, run->dynamicFileSz + len);
+ input_setSize(run, run->dynamicFileSz + len);
mangle_Move(run, off, off + len, run->dynamicFileSz);
}
@@ -511,7 +496,7 @@ static void mangle_CloneByte(run_t* run) {
static void mangle_Resize(run_t* run) {
size_t sz = util_rndGet(0, run->global->maxFileSz);
- mangle_setSize(run, sz);
+ input_setSize(run, sz);
}
static void mangle_Expand(run_t* run) {
@@ -530,7 +515,7 @@ static void mangle_Shrink(run_t* run) {
size_t len = util_rndGet(1, run->dynamicFileSz - 1);
size_t off = util_rndGet(0, len);
- mangle_setSize(run, run->dynamicFileSz - len);
+ input_setSize(run, run->dynamicFileSz - len);
mangle_Move(run, off + len, off, run->dynamicFileSz);
}
@@ -551,7 +536,7 @@ static void mangle_ASCIIVal(run_t* run) {
mangle_Overwrite(run, (uint8_t*)buf, off, strlen(buf));
}
-static void mangle_mangleContent(run_t* run) {
+void mangle_mangleContent(run_t* run) {
if (run->mutationsPerRun == 0U) {
return;
}
@@ -595,110 +580,3 @@ static void mangle_mangleContent(run_t* run) {
mangleFuncs[choice](run);
}
}
-
-static bool mangle_checkSizeNRewind(run_t* run) {
- struct stat st;
- if (fstat(run->dynamicFileFd, &st) == -1) {
- PLOG_E("fstat(fd=%d)", run->dynamicFileFd);
- return false;
- }
- if ((size_t)st.st_size > run->global->maxFileSz) {
- LOG_W("External tool created too large of a file, '%zu', truncating it to '%zu'",
- (size_t)st.st_size, run->global->maxFileSz);
- mangle_setSize(run, run->global->maxFileSz);
- } else {
- mangle_setSize(run, (size_t)st.st_size);
- }
- return true;
-}
-
-bool mangle_prepareDynamicInput(run_t* run) {
- run->origFileName = "[DYNAMIC]";
-
- {
- MX_SCOPED_RWLOCK_READ(&run->global->dynfileq_mutex);
-
- if (run->global->dynfileqCnt == 0) {
- LOG_F(
- "The dynamic file corpus is empty. Apparently, the initial fuzzing of the "
- "provided file corpus (-f) has not produced any follow-up files with positive "
- "coverage and/or CPU counters");
- }
-
- if (run->dynfileqCurrent == NULL) {
- run->dynfileqCurrent = TAILQ_FIRST(&run->global->dynfileq);
- } else {
- if (run->dynfileqCurrent == TAILQ_LAST(&run->global->dynfileq, dyns_t)) {
- run->dynfileqCurrent = TAILQ_FIRST(&run->global->dynfileq);
- } else {
- run->dynfileqCurrent = TAILQ_NEXT(run->dynfileqCurrent, pointers);
- }
- }
- }
-
- mangle_setSize(run, run->dynfileqCurrent->size);
- memcpy(run->dynamicFile, run->dynfileqCurrent->data, run->dynfileqCurrent->size);
- mangle_mangleContent(run);
-
- return true;
-}
-
-bool mangle_prepareStaticFile(run_t* run, bool rewind) {
- mangle_setSize(run, run->global->maxFileSz);
-
- static __thread char fname[PATH_MAX];
- if (input_getNext(run, fname, /* rewind= */ rewind) == false) {
- return false;
- }
- run->origFileName = files_basename(fname);
-
- ssize_t fileSz = files_readFileToBufMax(fname, run->dynamicFile, run->global->maxFileSz);
- if (fileSz < 0) {
- LOG_E("Couldn't read contents of '%s'", fname);
- return false;
- }
-
- mangle_setSize(run, fileSz);
- mangle_mangleContent(run);
-
- return true;
-}
-
-bool mangle_prepareExternalFile(run_t* run) {
- mangle_setSize(run, (size_t)0);
- run->origFileName = "[EXTERNAL]";
-
- char fname[PATH_MAX];
- snprintf(fname, sizeof(fname), "/dev/fd/%d", run->dynamicFileFd);
-
- const char* const argv[] = {run->global->exe.externalCommand, fname, NULL};
- if (subproc_System(run, argv) != 0) {
- LOG_E("Subprocess '%s' returned abnormally", run->global->exe.externalCommand);
- return false;
- }
- LOG_D("Subporcess '%s' finished with success", run->global->exe.externalCommand);
-
- if (!mangle_checkSizeNRewind(run)) {
- return false;
- }
-
- return true;
-}
-
-bool mangle_postProcessFile(run_t* run) {
- char fname[PATH_MAX];
- snprintf(fname, sizeof(fname), "/dev/fd/%d", run->dynamicFileFd);
-
- const char* const argv[] = {run->global->exe.postExternalCommand, fname, NULL};
- if (subproc_System(run, argv) != 0) {
- LOG_E("Subprocess '%s' returned abnormally", run->global->exe.postExternalCommand);
- return false;
- }
- LOG_D("Subporcess '%s' finished with success", run->global->exe.externalCommand);
-
- if (!mangle_checkSizeNRewind(run)) {
- return false;
- }
-
- return true;
-}
diff --git a/mangle.h b/mangle.h
index 42ec3aa2..e9894519 100644
--- a/mangle.h
+++ b/mangle.h
@@ -26,9 +26,7 @@
#include "honggfuzz.h"
-extern bool mangle_prepareDynamicInput(run_t* run);
-extern bool mangle_prepareStaticFile(run_t* run, bool rewind);
-extern bool mangle_prepareExternalFile(run_t* run);
-extern bool mangle_postProcessFile(run_t* run);
+extern void mangle_mangleContent(run_t* run);
+extern void mangle_mangleContent(run_t* run);
#endif
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 04:25:23 +0000