shithub: fuzz

Info  •  Files  •  Log  •  Branches

add list implementation to track input types (in order) of a given function (and as a utility). also refactor list of enums representing syscalls available from user space.

--- a/README.md

+++ b/README.md

@@ -16,7 +16,9 @@

 ## Usage

+To perform up to round 5 of fuzzing for the read, write, open, and close calls:

+	fuzz -n 5 read write open close

 ## Recommended reading

--- a/fuzz.h

+++ b/fuzz.h

@@ -1,68 +1,85 @@

 #ifndef FUZZ_H

 #define FUZZ_H

+#include "list.h"

 /* 

 For full list of syscalls:

+If systab doesn't exist, do: cd /sys/src/9/port && mk

 /sys/src/9/port/systab.h

 /sys/src/libc/9syscall/sys.h

- */

+/sys/include/libc.h:537

+*/

-// List of all system calls with sc_ prefix added

+// User space syscall definitions as per libc.h with sc_ prefix added

 typedef int call;

 enum call {

-	sc__errstr,

-	sc__exits,

-	sc__fsession,

-	sc__fstat,

-	sc__fwstat,

-	sc__mount,

-	sc__nsec,

-	sc__read,

-	sc__stat,

-	sc__wait,

-	sc__write,

-	sc__wstat,

-	sc_alarm,

-	sc_await,

-	sc_bind,

-	sc_brk_,

-	sc_chdir,

-	sc_close,

-	sc_create,

-	sc_dup,

-	sc_errstr,

-	sc_exec,

-	sc_fauth,

-	sc_fd2path,

-	sc_fstat,

-	sc_fversion,

-	sc_fwstat,

-	sc_mount,

-	sc_noted,

-	sc_notify,

-	sc_open,

-	sc_oseek,

-	sc_pipe,

-	sc_pread,

-	sc_pwrite,

-	sc_remove,

-	sc_rendezvous,

-	sc_rfork,

-	sc_seek,

-	sc_segattach,

-	sc_segbrk,

-	sc_segdetach,

-	sc_segflush,

-	sc_segfree,

-	sc_semacquire,

-	sc_semrelease,

-	sc_sleep,

-	sc_stat,

-	sc_sysr1,

-	sc_tsemacquire,

-	sc_unmount,

-	sc_wstat

+sc_exits	,		//	_exits(char*);

+sc_abort	,		//	abort(void);

+sc_access	,		//	access(char*, int);

+sc_alarm	,		//	alarm(ulong);

+sc_await	,		//	await(char*, int);

+sc_bind	,		//	bind(char*, char*, int);

+sc_brk	,		//	brk(void*);

+sc_chdir	,		//	chdir(char*);

+sc_close	,		//	close(int);

+sc_create	,		//	create(char*, int, ulong);

+sc_dup	,		//	dup(int, int);

+sc_errstr	,		//	errstr(char*, uint);

+sc_exec	,		//	exec(char*, char*[]);

+sc_execl	,		//	execl(char*, ...);

+sc_fork	,		//	fork(void);

+sc_rfork	,		//	rfork(int);

+sc_fauth	,		//	fauth(int, char*);

+sc_fstat	,		//	fstat(int, uchar*, int);

+sc_fwstat	,		//	fwstat(int, uchar*, int);

+sc_fversion,		//	fversion(int, int, char*, int);

+sc_mount	,		//	mount(int, int, char*, int, char*);

+sc_unmount,		//	unmount(char*, char*);

+sc_noted	,		//	noted(int);

+sc_notify	,		//	notify(void(*)(void*, char*));

+sc_open	,		//	open(char*, int);

+sc_fd2path,		//	fd2path(int, char*, int);

+sc_pipe	,		//	pipe(int*);

+sc_pread	,		//	pread(int, void*, long, vlong);

+sc_preadv,		//	preadv(int, IOchunk*, int, vlong);

+sc_pwrite	,		//	pwrite(int, void*, long, vlong);

+sc_pwritev,		//	pwritev(int, IOchunk*, int, vlong);

+sc_read	,		//	read(int, void*, long);

+sc_readn	,		//	readn(int, void*, long);

+sc_readv	,		//	readv(int, IOchunk*, int);

+sc_remove,		//	remove(char*);

+sc_sbrk	,		//	sbrk(ulong);

+sc_oseek	,		//	oseek(int, long, int);

+sc_seek,			//	seek(int, vlong, int);

+sc_segattach,		//	segattach(int, char*, void*, ulong);

+sc_segbrk	,		//	segbrk(void*, void*);

+sc_segdetach,		//	segdetach(void*);

+sc_segflush,		//	segflush(void*, ulong);

+sc_segfree,		//	segfree(void*, ulong);

+sc_semacquire,	//	semacquire(long*, int);

+sc_semrelease	,	//	semrelease(long*, long);

+sc_sleep,			//	sleep(long);

+sc_stat,			//	stat(char*, uchar*, int);

+sc_tsemacquire,	//	tsemacquire(long*, ulong);

+sc_wait,			//	wait(void);

+sc_waitpid,		//	waitpid(void);

+sc_write,			//	write(int, void*, long);

+sc_writev,			//	writev(int, IOchunk*, int);

+sc_wstat,			//	wstat(char*, uchar*, int);

+sc_rendezvous,	//	rendezvous(void*, void*);

+sc_dirstat,		//	dirstat(char*);

+sc_dirfstat,		//	dirfstat(int);

+sc_dirwstat,		//	dirwstat(char*, Dir*);

+sc_dirfwstat,		//	dirfwstat(int, Dir*);

+sc_dirread,		//	dirread(int, Dir**);

+sc_nulldir,		//	nulldir(Dir*);

+sc_dirreadall,		//	dirreadall(int, Dir**);

+sc_getpid	,		//	getpid(void);

+sc_getppid,		//	getppid(void);

+sc_rerrstr,		//	rerrstr(char*, uint);

+sc_sysname,		//	sysname(void);

+sc_werrstr		//	werrstr(char*, ...);

 };

 // Structure to track state of system calling

@@ -69,9 +86,10 @@

 typedef struct caller caller;

 struct caller

 {

-	call		c;			// System call in use

+	call			c;			// System call in use

 	char*		name;		// Real name of syscall

-	int			round;	// Last run executed

+	int			round;		// Last run executed

+	List			inputs;

 };

 /* == Function prototypes == */

--- /dev/null

+++ b/list.c

@@ -1,0 +1,88 @@

+#include <u.h>

+#include <libc.h>

+#include "list.h"

+

+// Create a new list

+List

+mklist()

+{

+	return (List){nil, 0};

+}

+

+// Append to a list

+void

+ladd(List* l, void* p)

+{

+	int i;

+	Node* new = malloc(sizeof(Node));

+	new->dat = p;

+	new->next = nil;

+	Node* n = l->root;

+	//Node* prev = nil;

+	

+	if(l->size == 0){

+		l->root = new;

+		new->next = nil;

+		l->size++;

+		return;

+	}

+

+	for(i = 0; i < l->size; i++){

+		if(i != l->size-1)

+			n = n->next;

+	}

+	

+	n->next = new;

+	new->next = nil;

+	l->size++;

+	return;

+	

+}

+

+// Search → delete from a list

+void*

+ldel(List* l, void* tofind, int(*comp)(void *, void *))

+{

+	int i;

+	void* dat = nil;

+	Node* n = l->root;

+	Node* prev = nil;

+	

+	if(l->size == 0){

+		return dat;

+	}

+

+	for(i = 0; i < l->size; i++){

+		if((*comp)(n->dat, tofind)){

+			if(l->size == 1){

+				// 1 node

+				dat = n->dat;

+				free(n);

+				l->root = nil;

+			}else if(i == 0){

+				// 0 nodes

+				l->root = n->next;

+				dat = n->dat;

+				free(n);

+			}else if(i == l->size-1){

+				// We are the last node

+				prev->next = nil;

+				dat = n->dat;

+				free(n);

+			}else{

+				// this is probably unsafe

+				prev->next = n->next;

+				dat = n->dat;

+				free(n);

+			}

+			l->size--;

+			return dat;

+		}

+		

+		prev = n;

+		if(i != l->size-1)

+			n = n->next;

+			

+	}

+	return dat;

+}

--- /dev/null

+++ b/list.h

@@ -1,0 +1,32 @@

+#ifndef LIST_H

+#define LIST_H

+

+#define true 1

+#define false 0

+

+#define BUFSIZE 256

+

+/* List (Queue) Architecture */

+typedef struct Node Node;

+typedef struct List List;

+

+struct Node {

+	Node*	next;

+	void*	dat;

+};

+

+struct List {

+	Node*	root;

+	int		size;

+};

+

+// Create a new list

+List mklist(void);

+

+// Append to a list

+void ladd(List*, void*);

+

+// Search → delete from a list

+void* ldel(List*, void*, int(*comp)(void *, void *));

+

+#endif

--- a/mkfile

+++ b/mkfile

@@ -5,9 +5,10 @@

 BIN = /$objtype/bin

 OFILES = main.$O \

-					input.$O

+		input.$O \

+		list.$O

-HFILES = fuzz.h

+HFILES = fuzz.h list.h

 MAN = fuzz.man