diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2020-01-05 11:46:35 +0100 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2020-01-05 11:46:35 +0100 |
| commit | 026aaeb2b5393e0c838873306e1c5f2084a8a1aa (patch) | |
| tree | 348d47a986a845325a08fe21ab833f0ea81ec31e /prog/mutation.go | |
| parent | 90408076e697f47d8da739b9ee6ea1da33c74bbd (diff) | |
prog: don't mutate strings with enumerated values
Strings with enumerated values are frequently file names
or have complete enumeration of relevant values.
Mutating complete enumeration if not very profitable.
Mutating file names leads to escaping paths and
fuzzer messing with things it is not supposed to mess with as in:
r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000440)='/proc/self//exe\x00', 0x3, 0x0)
Diffstat (limited to 'prog/mutation.go')
| -rw-r--r-- | prog/mutation.go | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/prog/mutation.go b/prog/mutation.go index c9f647ae8..571b54a3f 100644 --- a/prog/mutation.go +++ b/prog/mutation.go @@ -344,14 +344,14 @@ func (t *BufferType) mutate(r *randGen, s *state, arg Arg, ctx ArgCtx) (calls [] data := append([]byte{}, a.Data()...) a.data = mutateData(r, data, minLen, maxLen) case BufferString: - data := append([]byte{}, a.Data()...) - if r.bin() { + if len(t.Values) != 0 { + a.data = r.randString(s, t) + } else { if t.TypeSize != 0 { minLen, maxLen = t.TypeSize, t.TypeSize } + data := append([]byte{}, a.Data()...) a.data = mutateData(r, data, minLen, maxLen) - } else { - a.data = r.randString(s, t) } case BufferFilename: a.data = []byte(r.filename(s, t)) @@ -630,6 +630,10 @@ func (t *BufferType) getMutationPrio(target *Target, arg Arg, ignoreSpecial bool if t.Dir() == DirOut && !t.Varlen() { return dontMutate, false } + if t.Kind == BufferString && len(t.Values) == 1 { + // These are effectively consts (and frequently file names). + return dontMutate, false + } return 0.8 * maxPriority, false } |