shithub: fuzz

Download patch

ref: fafcd2be9252bf274a25fd4601a0dcca3ee8a8b0
parent: 1789e9f170e4c3cb5e5b26c01fff55f086d4db73
author: seh <seh@localhost>
date: Tue Nov 20 08:40:58 EST 2018 

fix runtime segfault due to operator precedence ;; clean up logging ;; move fuzz() call to child process ;; TODO -- someone is calling exits or something and we dont need a child, but have to use one atm


--- /dev/null
+++ b/.hgignore
@@ -1,0 +1,4 @@
+syntax: glob
+fuzz.log
+*.[8qkv5967o]
+[8qkv5967o].out
--- a/input.c
+++ b/input.c
@@ -28,6 +28,8 @@
 
 			break;
 		case sc_abort :			//	abort(void);
+			fprint(logfd, "!! Someone called abort, don't do that.\n");
+			/* NOPE
 			// log the variables
 			log_call(sc);
 
@@ -36,6 +38,7 @@
 			
 			// execute the call
 			abort();
+			*/
 
 			break;
 		case sc_access :		//	access(char* : int);
@@ -992,8 +995,8 @@
 			//TODO - not sure what to do with variable # of parameters
 			exits("SYSCALL NOT IMPLEMENTED");
 			break;
-		default :
-			exits("Unknown system call!");
+		default:
+			exits("Unknown system call");
 	}
 }
 
@@ -1001,8 +1004,8 @@
 void
 log_call(caller *sc)
 {
-	fprint(logfd, "\nSystem Call: %s", sc->name);
-	fprint(logfd, "\n\tRound #: %d", sc->round);
+	fprint(logfd, "\nSystem Call: %s\n", sc->name);
+	fprint(logfd, "\n\tRound #: %d\n", sc->round);
 
 	int x;
 	for (x = 0; x < (sc->inputs.size); x++) {
@@ -1021,7 +1024,7 @@
 				fprint(logfd, "%ld", *(long*) ele->var);
 				break;
 			case t_ulong :
-				fprint(logfd, "%lu", *(unsigned long*) ele->var);
+				fprint(logfd, "%lud", *(unsigned long*) ele->var);
 				break;
 			case t_vlong :
 				fprint(logfd, "%lld", *(long long*) ele->var);
@@ -1030,10 +1033,11 @@
 				fprint(logfd, "%ld", *(long*) ele->var);
 				break;
 			case t_DirS :  //TODO : verify that this works; compiler warns against
-				fprint(logfd, "%s", (Dir*) ele->var);
+				// fprint(logfd, "%s", (Dir*) ele->var);
 				break;
 			case t_charS :
-				fprint(logfd, "%s", (char**) ele->var);
+				// TODO -- segfaults
+				// fprint(logfd, "%s", *(char**) ele->var);
 				break;
 			case t_charSArr :
 				//fprint(logfd, "%s", (char**) ele->var);
@@ -1047,6 +1051,7 @@
 			default :
 				exits("Unknown input variable type!");
 		}
+		fprint(logfd, "\n");
 	}
 }
 
--- a/main.c
+++ b/main.c
@@ -38,8 +38,11 @@
 	// Acquire a list of calls specified by spaces (fuzz -n 1 read write seek)
 	for(;*argv;argv++){
 		int index;
-		if(index = name2index(*argv) > 0){
-			print("Loading call: %s\n", *argv);
+		if((index = name2index(*argv)) > 0){
+			#ifdef DEBUG 
+			print("DEBUG index: %d\n", index);
+			#endif
+			fprint(logfd, "Loading call: %s\n", *argv);
 			ladd(&tofuzz, &syscalls[index]); // Might be dangerous, pls fix
 		}else{
 			print("Error: Invalid system call: %s\n", *argv);
@@ -47,14 +50,27 @@
 		}
 	}
 	
-	logfd = open("./fuzz.log", OWRITE);
+	logfd = create("./fuzz.log", OWRITE, 0777);
+	if(logfd < 0){
+		fprint(2, "Error: Failed to create/open log file.");
+		exits("log file create fail");
+	}
 	
 	// Operate for the desired number of rounds, -1 is infinite
 	for(i = 0; i < nrounds || nrounds < 0; i++){
 		int j;
+		fprint(logfd, "== Begin round %d ==\n", i);
 		for(j = 0; j < tofuzz.size; j++){
-			// <Log here>
-			fuzz((caller*)lget(&tofuzz, j)); // Fuzz (this syncs the disk)
+			caller *fcall = (caller*) lget(&tofuzz, j);
+			fprint(logfd, "­­ Fuzzing: %s ­­\n", fcall->name);
+			
+			// Someone in here is calling exits inappropriately so forking.
+			int pid = rfork(RFFDG|RFREND|RFPROC|RFMEM);
+			if(pid == 0){
+				// Child
+				fuzz(fcall); // Fuzz, syncs the disk
+				exits(nil);
+			}
 		}
 	}
 
@@ -82,8 +98,12 @@
 name2index(char* name)
 {
 	int i;
-	for(i = 0; i < NCALLS; i++)
+	for(i = 0; i < NCALLS; i++){
+		#ifdef DEBUG
+		print("DEBUG cmp %s to %s on %d\n", syscalls[i].name, name, i);
+		#endif
 		if(strcmp(syscalls[i].name, name) == 0)
 			return i;
+	}
 	return -1;
 }