diff options
| author | Andrey Konovalov <andreyknvl@google.com> | 2017-07-19 15:31:22 +0200 |
|---|---|---|
| committer | Andrey Konovalov <andreyknvl@google.com> | 2017-07-19 15:46:50 +0200 |
| commit | 94f1595a775beffc924ace61dbdaabfc57d65668 (patch) | |
| tree | 23419c4fc03a7fbdbb4123533660d768243826d3 /sys/sys_amd64.go | |
| parent | 0107e4124d76088695cc3c6132072a3e604121a4 (diff) | |
prog: allow recursion for optional pointers
When syzkaller generates arg that uses a few structs that reference each
other via pointers, it can go into infinite recursion and crash.
Fix this by forcing pointer args to be null when the depth of recursion
reaches 3 for some struct.
Diffstat (limited to 'sys/sys_amd64.go')
| -rw-r--r-- | sys/sys_amd64.go | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/sys/sys_amd64.go b/sys/sys_amd64.go index 88835de03..9f8013528 100644 --- a/sys/sys_amd64.go +++ b/sys/sys_amd64.go @@ -680,6 +680,10 @@ var structArray = []Type{ &StructType{TypeCommon: TypeCommon{TypeName: "syz_length_parent2_struct_inner_inner", IsOptional: false}}, &StructType{TypeCommon: TypeCommon{TypeName: "syz_length_parent_struct", IsOptional: false}}, &StructType{TypeCommon: TypeCommon{TypeName: "syz_length_vma_struct", IsOptional: false}}, + &StructType{TypeCommon: TypeCommon{TypeName: "syz_recur_0", IsOptional: false}}, + &StructType{TypeCommon: TypeCommon{TypeName: "syz_recur_1", IsOptional: false}}, + &StructType{TypeCommon: TypeCommon{TypeName: "syz_recur_2", IsOptional: false}}, + &StructType{TypeCommon: TypeCommon{TypeName: "syz_recur_2_0", IsOptional: false}}, &StructType{TypeCommon: TypeCommon{TypeName: "syz_regression0_struct", IsOptional: false}}, &UnionType{TypeCommon: TypeCommon{TypeName: "syz_union0", IsOptional: false}}, &StructType{TypeCommon: TypeCommon{TypeName: "syz_union0_struct", IsOptional: false}}, @@ -19100,6 +19104,69 @@ var structFields = []struct { &VmaType{TypeCommon: TypeCommon{TypeName: "vma", FldName: "f0", ArgDir: DirOut, IsOptional: false}, RangeBegin: 0, RangeEnd: 0}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "f1", ArgDir: DirOut, IsOptional: false}, TypeSize: 8, BigEndian: false, BitfieldLen: 0}, Buf: "f0", ByteSize: 0}, }}, + {structKey{"syz_recur_0", "", DirIn}, []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_0", "", DirIn})}, + }}, + {structKey{"syz_recur_0", "", DirInOut}, []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_0", "", DirIn})}, + }}, + {structKey{"syz_recur_0", "", DirOut}, []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_0", "", DirIn})}, + }}, + {structKey{"syz_recur_1", "", DirIn}, []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_1", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a1", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2", "", DirIn})}, + }}, + {structKey{"syz_recur_1", "", DirInOut}, []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_1", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a1", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2", "", DirIn})}, + }}, + {structKey{"syz_recur_1", "", DirOut}, []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_1", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a1", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2", "", DirIn})}, + }}, + {structKey{"syz_recur_2", "", DirIn}, []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a1", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_1", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a2", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a3", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a4", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a5", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2", "", DirIn})}, + }}, + {structKey{"syz_recur_2", "", DirInOut}, []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a1", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_1", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a2", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a3", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a4", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a5", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2", "", DirIn})}, + }}, + {structKey{"syz_recur_2", "", DirOut}, []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a1", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_1", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a2", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a3", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a4", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a5", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2", "", DirIn})}, + }}, + {structKey{"syz_recur_2_0", "", DirIn}, []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a1", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a2", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a3", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + }}, + {structKey{"syz_recur_2_0", "", DirInOut}, []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a1", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a2", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a3", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + }}, + {structKey{"syz_recur_2_0", "", DirOut}, []Type{ + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a1", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a2", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + &PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a3", ArgDir: DirIn, IsOptional: true}, Type: getStruct(structKey{"syz_recur_2_0", "", DirIn})}, + }}, {structKey{"syz_regression0_struct", "", DirIn}, []Type{ &PtrType{TypeCommon: TypeCommon{TypeName: "buffer", FldName: "f0", ArgDir: DirIn, IsOptional: false}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "buffer", FldName: "f0", ArgDir: DirOut, IsOptional: false}, Kind: BufferBlobRand}}, }}, @@ -22833,6 +22900,9 @@ var Calls = []*Call{ &Call{Name: "syz_test$opt0", CallName: "syz_test", Native: false, Args: []Type{&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "a0", ArgDir: DirIn, IsOptional: true}, TypeSize: 8, BigEndian: false, BitfieldLen: 0}}}, NR: 1000001}, &Call{Name: "syz_test$opt1", CallName: "syz_test", Native: false, Args: []Type{&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: true}, Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "", ArgDir: DirIn, IsOptional: false}, TypeSize: 8, BigEndian: false, BitfieldLen: 0}}}}, NR: 1000001}, &Call{Name: "syz_test$opt2", CallName: "syz_test", Native: false, Args: []Type{&VmaType{TypeCommon: TypeCommon{TypeName: "vma", FldName: "a0", ArgDir: DirIn, IsOptional: true}, RangeBegin: 0, RangeEnd: 0}}, NR: 1000001}, + &Call{Name: "syz_test$recur0", CallName: "syz_test", Native: false, Args: []Type{&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: false}, Type: getStruct(structKey{"syz_recur_0", "", DirInOut})}}, NR: 1000001}, + &Call{Name: "syz_test$recur1", CallName: "syz_test", Native: false, Args: []Type{&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: false}, Type: getStruct(structKey{"syz_recur_1", "", DirInOut})}}, NR: 1000001}, + &Call{Name: "syz_test$recur2", CallName: "syz_test", Native: false, Args: []Type{&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: false}, Type: getStruct(structKey{"syz_recur_2", "", DirInOut})}}, NR: 1000001}, &Call{Name: "syz_test$regression0", CallName: "syz_test", Native: false, Args: []Type{&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: false}, Type: getStruct(structKey{"syz_regression0_struct", "", DirInOut})}}, NR: 1000001}, &Call{Name: "syz_test$text_x86_16", CallName: "syz_test", Native: false, Args: []Type{&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: false}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", FldName: "", ArgDir: DirIn, IsOptional: false}, Kind: BufferText, Text: Text_x86_16}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "a1", ArgDir: DirIn, IsOptional: false}, TypeSize: 8, BigEndian: false, BitfieldLen: 0}, Buf: "a0", ByteSize: 0}}, NR: 1000001}, &Call{Name: "syz_test$text_x86_32", CallName: "syz_test", Native: false, Args: []Type{&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", ArgDir: DirIn, IsOptional: false}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", FldName: "", ArgDir: DirIn, IsOptional: false}, Kind: BufferText, Text: Text_x86_32}}, &LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "a1", ArgDir: DirIn, IsOptional: false}, TypeSize: 8, BigEndian: false, BitfieldLen: 0}, Buf: "a0", ByteSize: 0}}, NR: 1000001}, |