diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2022-11-24 15:31:23 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2022-12-22 10:11:08 +0100 |
| commit | fb1fed72556fcc8fbe60d75a7e70a188f373aa19 (patch) | |
| tree | 82f5e20db255c76ff1ce806022de9bf582e7fdbd /executor/common_zlib.h | |
| parent | 15722cf868a7299046186afe60e99edf938699f8 (diff) | |
prog: mutate compressed images with hints
Images are very large so the generic algorithm for data arguments
can produce too many mutants. For images we consider only
4/8-byte aligned ints. This is enough to handle all magic
numbers and checksums. We also ignore 0 and ^uint64(0) source bytes,
because there are too many of these in lots of images.
With this change the fuzzer was able to get past magic checks
in all of the following functions with our fake images:
- in fs/befs/super.c befs_check_sb()
- in fs/freevxfs/vxfs_super.c vxfs_fill_super()
- in fs/hpfs/super.c hpfs_fill_super()
- in fs/omfs/inode.c omfs_fill_super()
- in fs/qnx6/inode.c qnx6_check_first_superblock()
- in fs/ufs/super.c ufs_fill_super()
And even successfully mounted sysv filesystem and triggered
"sleeping function called from invalid context in __getblk_gfp"
when opening a file in the mounted filesystem.
Diffstat (limited to 'executor/common_zlib.h')
0 files changed, 0 insertions, 0 deletions