diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2018-08-30 21:10:38 -0700 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2018-08-30 21:45:04 -0700 |
| commit | a4718693a3d9fcabb02299b2ec07c19d8208c539 (patch) | |
| tree | 4646830d734816c5d6ab7bd5f71338ce3f9b1b54 /prog | |
| parent | 4239b99abbcccac9104facbf2b040a5af4ffe1b1 (diff) | |
sys/linux: add syz_execute_func
The function executes random code.
Update #310
Diffstat (limited to 'prog')
| -rw-r--r-- | prog/rand.go | 40 | ||||
| -rw-r--r-- | prog/types.go | 3 |
2 files changed, 42 insertions, 1 deletions
diff --git a/prog/rand.go b/prog/rand.go index 7f5597f82..23b4afcfa 100644 --- a/prog/rand.go +++ b/prog/rand.go @@ -326,6 +326,12 @@ func (r *randGen) createResource(s *state, res *ResourceType) (arg Arg, calls [] func (r *randGen) generateText(kind TextKind) []byte { switch kind { + case TextTarget: + if r.target.Arch == "amd64" || r.target.Arch == "386" { + cfg := createTargetIfuzzConfig(r.target) + return ifuzz.Generate(cfg, r.Rand) + } + fallthrough case TextArm64: // Just a stub, need something better. text := make([]byte, 50) @@ -341,6 +347,12 @@ func (r *randGen) generateText(kind TextKind) []byte { func (r *randGen) mutateText(kind TextKind, text []byte) []byte { switch kind { + case TextTarget: + if r.target.Arch == "amd64" || r.target.Arch == "386" { + cfg := createTargetIfuzzConfig(r.target) + return ifuzz.Mutate(cfg, r.Rand, text) + } + fallthrough case TextArm64: return mutateData(r, text, 40, 60) default: @@ -349,6 +361,32 @@ func (r *randGen) mutateText(kind TextKind, text []byte) []byte { } } +func createTargetIfuzzConfig(target *Target) *ifuzz.Config { + cfg := &ifuzz.Config{ + Len: 10, + Priv: false, + Exec: true, + MemRegions: []ifuzz.MemRegion{ + {Start: target.DataOffset, Size: target.NumPages * target.PageSize}, + }, + } + for _, p := range target.SpecialPointers { + cfg.MemRegions = append(cfg.MemRegions, ifuzz.MemRegion{ + Start: p & ^target.PageSize, Size: p & ^target.PageSize + target.PageSize, + }) + } + switch target.Arch { + case "amd64": + cfg.Mode = ifuzz.ModeLong64 + case "386": + cfg.Mode = ifuzz.ModeProt32 + default: + panic("unknown text kind") + } + return cfg + +} + func createIfuzzConfig(kind TextKind) *ifuzz.Config { cfg := &ifuzz.Config{ Len: 10, @@ -377,6 +415,8 @@ func createIfuzzConfig(kind TextKind) *ifuzz.Config { cfg.Mode = ifuzz.ModeProt32 case TextX86bit64: cfg.Mode = ifuzz.ModeLong64 + default: + panic("unknown text kind") } return cfg } diff --git a/prog/types.go b/prog/types.go index 3bb2fdbb4..1ce94b6f0 100644 --- a/prog/types.go +++ b/prog/types.go @@ -342,7 +342,8 @@ const ( type TextKind int const ( - TextX86Real TextKind = iota + TextTarget TextKind = iota + TextX86Real TextX86bit16 TextX86bit32 TextX86bit64 |