diff options
| author | Andrey Konovalov <andreyknvl@google.com> | 2019-06-18 18:55:58 +0200 |
|---|---|---|
| committer | Andrey Konovalov <andreyknvl@gmail.com> | 2019-06-24 17:24:44 +0200 |
| commit | fa26c3cf35b4c8849e53da15351f1941aee227e1 (patch) | |
| tree | ef72b0d8e7b8ab81ba72571468256ce911aeb11a /executor/executor.cc | |
| parent | 35a4434115fb4c8bbf33b3d0bdae863688d9ffde (diff) | |
sys/linux, executor: add basic USB HID fuzzing support
This commit adds the necessary descriptions and executor adjustments to
enable targeted fuzzing of the enumeration process of USB HID devices.
Diffstat (limited to 'executor/executor.cc')
| -rw-r--r-- | executor/executor.cc | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/executor/executor.cc b/executor/executor.cc index 2ea588b72..597f6d656 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -601,12 +601,16 @@ retry: prog_extra_cover = true; call_extra_cover = true; } - if (strcmp(syscalls[call_num].name, "syz_usb_connect") == 0) { + if (strncmp(syscalls[call_num].name, "syz_usb_connect", strlen("syz_usb_connect")) == 0) { prog_extra_timeout = 2000; // Must match timeout in pkg/csource/csource.go. call_extra_timeout = 2000; } - if (strcmp(syscalls[call_num].name, "syz_usb_disconnect") == 0) { + if (strncmp(syscalls[call_num].name, "syz_usb_control_io", strlen("syz_usb_control_io")) == 0) { + // Must match timeout in pkg/csource/csource.go. + call_extra_timeout = 200; + } + if (strncmp(syscalls[call_num].name, "syz_usb_disconnect", strlen("syz_usb_disconnect")) == 0) { // Must match timeout in pkg/csource/csource.go. call_extra_timeout = 200; } @@ -723,6 +727,7 @@ retry: timeout_ms = 1000; if (event_timedwait(&th->done, timeout_ms)) handle_completion(th); + // Check if any of previous calls have completed. for (int i = 0; i < kMaxThreads; i++) { th = &threads[i]; @@ -776,9 +781,10 @@ retry: close_fds(); #endif - if (!colliding && !collide && prog_extra_cover) { + if (prog_extra_cover) { sleep_ms(500); - write_extra_output(); + if (!colliding && !collide) + write_extra_output(); } if (flag_collide && !flag_inject_fault && !colliding && !collide) { @@ -1446,10 +1452,12 @@ void debug_dump_data(const char* data, int length) { if (!flag_debug) return; - for (int i = 0; i < length; i++) { + int i; + for (i = 0; i < length; i++) { debug("%02x ", data[i] & 0xff); if (i % 16 == 15) debug("\n"); } - debug("\n"); + if (i % 16 != 0) + debug("\n"); } |