-/* $OpenBSD: fuzz.c,v 1.4 2014/11/19 13:35:37 krw Exp $ */
+/* $OpenBSD: fuzz.c,v 1.5 2015/01/13 14:51:51 djm Exp $ */
/*
* Copyright (c) 2011 Damien Miller <djm@mindrot.org>
*
/* Utility functions/framework for fuzz tests */
#include <sys/types.h>
+#include <sys/uio.h>
#include <assert.h>
#include <ctype.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
+#include <signal.h>
+#include <unistd.h>
#include "test_helper.h"
+#include "atomicio.h"
/* #define FUZZ_DEBUG */
}
}
-void
-fuzz_dump(struct fuzz *fuzz)
+static int
+fuzz_fmt(struct fuzz *fuzz, char *s, size_t n)
{
- u_char *p = fuzz_ptr(fuzz);
- size_t i, j, len = fuzz_len(fuzz);
+ if (fuzz == NULL)
+ return -1;
switch (fuzz->strategy) {
case FUZZ_1_BIT_FLIP:
- fprintf(stderr, "%s case %zu of %zu (bit: %zu)\n",
+ snprintf(s, n, "%s case %zu of %zu (bit: %zu)\n",
fuzz_ntop(fuzz->strategy),
fuzz->o1, fuzz->slen * 8, fuzz->o1);
- break;
+ return 0;
case FUZZ_2_BIT_FLIP:
- fprintf(stderr, "%s case %llu of %llu (bits: %zu, %zu)\n",
+ snprintf(s, n, "%s case %llu of %llu (bits: %zu, %zu)\n",
fuzz_ntop(fuzz->strategy),
(((fuzz_ullong)fuzz->o2) * fuzz->slen * 8) + fuzz->o1,
((fuzz_ullong)fuzz->slen * 8) * fuzz->slen * 8,
fuzz->o1, fuzz->o2);
- break;
+ return 0;
case FUZZ_1_BYTE_FLIP:
- fprintf(stderr, "%s case %zu of %zu (byte: %zu)\n",
+ snprintf(s, n, "%s case %zu of %zu (byte: %zu)\n",
fuzz_ntop(fuzz->strategy),
fuzz->o1, fuzz->slen, fuzz->o1);
- break;
+ return 0;
case FUZZ_2_BYTE_FLIP:
- fprintf(stderr, "%s case %llu of %llu (bytes: %zu, %zu)\n",
+ snprintf(s, n, "%s case %llu of %llu (bytes: %zu, %zu)\n",
fuzz_ntop(fuzz->strategy),
(((fuzz_ullong)fuzz->o2) * fuzz->slen) + fuzz->o1,
((fuzz_ullong)fuzz->slen) * fuzz->slen,
fuzz->o1, fuzz->o2);
- break;
+ return 0;
case FUZZ_TRUNCATE_START:
- fprintf(stderr, "%s case %zu of %zu (offset: %zu)\n",
+ snprintf(s, n, "%s case %zu of %zu (offset: %zu)\n",
fuzz_ntop(fuzz->strategy),
fuzz->o1, fuzz->slen, fuzz->o1);
- break;
+ return 0;
case FUZZ_TRUNCATE_END:
- fprintf(stderr, "%s case %zu of %zu (offset: %zu)\n",
+ snprintf(s, n, "%s case %zu of %zu (offset: %zu)\n",
fuzz_ntop(fuzz->strategy),
fuzz->o1, fuzz->slen, fuzz->o1);
- break;
+ return 0;
case FUZZ_BASE64:
assert(fuzz->o2 < sizeof(fuzz_b64chars) - 1);
- fprintf(stderr, "%s case %llu of %llu (offset: %zu char: %c)\n",
+ snprintf(s, n, "%s case %llu of %llu (offset: %zu char: %c)\n",
fuzz_ntop(fuzz->strategy),
(fuzz->o1 * (fuzz_ullong)64) + fuzz->o2,
fuzz->slen * (fuzz_ullong)64, fuzz->o1,
fuzz_b64chars[fuzz->o2]);
- break;
+ return 0;
default:
+ return -1;
abort();
}
+}
+
+void
+fuzz_dump(struct fuzz *fuzz)
+{
+ u_char *p = fuzz_ptr(fuzz);
+ size_t i, j, len = fuzz_len(fuzz);
+ char buf[256];
+ if (fuzz_fmt(fuzz, buf, sizeof(buf)) != 0) {
+ fprintf(stderr, "%s: fuzz invalid\n", __func__);
+ abort();
+ }
+ fputs(buf, stderr);
fprintf(stderr, "fuzz context %p len = %zu\n", fuzz, len);
for (i = 0; i < len; i += 16) {
fprintf(stderr, "%.4zd: ", i);
}
}
+#ifdef SIGINFO
+static struct fuzz *last_fuzz;
+
+static void
+siginfo(int unused __unused)
+{
+ char buf[256];
+
+ test_info(buf, sizeof(buf));
+ atomicio(vwrite, STDERR_FILENO, buf, strlen(buf));
+ if (last_fuzz != NULL) {
+ fuzz_fmt(last_fuzz, buf, sizeof(buf));
+ atomicio(vwrite, STDERR_FILENO, buf, strlen(buf));
+ }
+}
+#endif
+
struct fuzz *
fuzz_begin(u_int strategies, const void *p, size_t l)
{
FUZZ_DBG(("begin, ret = %p", ret));
fuzz_next(ret);
+
+#ifdef SIGINFO
+ last_fuzz = ret;
+ signal(SIGINFO, siginfo);
+#endif
+
return ret;
}
fuzz_cleanup(struct fuzz *fuzz)
{
FUZZ_DBG(("cleanup, fuzz = %p", fuzz));
+#ifdef SIGINFO
+ last_fuzz = NULL;
+ signal(SIGINFO, SIG_DFL);
+#endif
assert(fuzz != NULL);
assert(fuzz->seed != NULL);
assert(fuzz->fuzzed != NULL);
projects / openbsd / commitdiff