From: charles Date: Mon, 14 Dec 2009 19:46:27 +0000 (+0000) Subject: Add fuzzer work in progress X-Git-Tag: pre-name-change~158 X-Git-Url: http://www.aleph1.co.uk/gitweb/?p=yaffs2.git;a=commitdiff_plain;h=5a7a15b0b01076e7f96a354e2999f8dcf2e6d28b Add fuzzer work in progress --- diff --git a/direct/tests/Makefile b/direct/tests/Makefile index 46e7a03..f4b3974 100644 --- a/direct/tests/Makefile +++ b/direct/tests/Makefile @@ -14,7 +14,7 @@ # # NB Warning this Makefile does not include header dependencies. # -# $Id: Makefile,v 1.4 2009-11-09 19:16:33 charles Exp $ +# $Id: Makefile,v 1.5 2009-12-14 19:46:27 charles Exp $ #EXTRA_COMPILE_FLAGS = -DYAFFS_IGNORE_TAGS_ECC @@ -60,7 +60,7 @@ YAFFSDIRECTSYMLINKS = yaffscfg2k.c yaffs_fileem2k.c yaffsfs.c yaffs_flashif.h y SYMLINKS = $(YAFFSSYMLINKS) $(YAFFSDIRECTSYMLINKS) #all: directtest2k boottest -all: yaffs_test +all: yaffs_test fuzzer $(ALLOBJS): %.o: %.c gcc -c $(CFLAGS) -o $@ $< @@ -74,10 +74,14 @@ $(YAFFSDIRECTSYMLINKS): yaffs_test: $(SYMLINKS) $(YAFFSTESTOBJS) - gcc -o $@ $(YAFFSTESTOBJS) + gcc $(CFLLAG) -o $@ $(YAFFSTESTOBJS) + +fuzzer: fuzzer.c + gcc $(CFLAGS) -o $@ $< + clean: - rm -f yaffs_test $(ALLOBJS) core $(YAFFSSYMLINKS) $(YAFFSDIRECTSYMLINKS) + rm -f yaffs_test fuzzer fuzzer.o $(ALLOBJS) core $(YAFFSSYMLINKS) $(YAFFSDIRECTSYMLINKS) diff --git a/direct/tests/fuzzer.c b/direct/tests/fuzzer.c new file mode 100644 index 0000000..fed272a --- /dev/null +++ b/direct/tests/fuzzer.c @@ -0,0 +1,75 @@ +/* + * Fuzzer to fuzz a file + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +int main(int argc, char *argv[]) +{ + int prob = 10000; + int h; + int flen = 0; + int changesPerBuffer = 0; + int b; + char c; + unsigned char buffer[1000000]; + int bufsize; + int x; + int i; + int nbuffers; + + while((c = getopt(argc,argv,"p:")) != -1){ + switch(c){ + case 'p': + prob = atoi(optarg); + break; + } + } + if(prob < 100){ + printf("-p value less than 100 is invalid\n"); + return 1; + } + + if(optind >= argc){ + printf(" Needs a file name to fuzz\n"); + return 1; + } + + h = open(argv[optind], O_RDWR); + flen = lseek(h,0,SEEK_END); + lseek(h,0,SEEK_SET); + if(flen < 1){ + printf(" File is too short\n"); + return 1; + } + + nbuffers = (flen + sizeof(buffer) - 1) / sizeof(buffer); + + changesPerBuffer = 1+ (sizeof(buffer) * 8) / prob; + + printf("Fuzzing file %s. Size %d, probablity 1/%d, changing %d bits in each of %d buffers\n", + argv[optind],flen,prob,changesPerBuffer,nbuffers); + + srand(time(0)); + + for(b = 0; b < nbuffers; b++){ + printf("buffer %d\n",b); + lseek(h,b * sizeof(buffer),SEEK_SET); + bufsize = read(h,buffer,sizeof(buffer)); + for(i = 0; i < changesPerBuffer; i++){ + x = rand() % (sizeof(buffer) * 8); + buffer[x >> 3] ^= (1 << (x & 7)); + } + lseek(h,b * sizeof(buffer),SEEK_SET); + write(h,buffer,bufsize); + } + close(h); + return 0; +}