sys/linux: add syz_open_dev$char_usb descriptions

syz_open_dev$char_usb opens char devices with major = USB_MAJOR. Sanitize its values to make sure it doesn't open other char/block devices.
author: Andrey Konovalov <andreyknvl@google.com> 2019-08-07 18:03:59 +0200
committer: Dmitry Vyukov <dvyukov@google.com> 2019-08-08 15:34:27 +0200
commit: d545e945ce3761556e10fd6b4c20a952c0e821a1 (patch)
tree: 9eac971ae8d917de598827c1941d872253d67080 /tools/syz-trace2syz
parent: bcc419e9414564fc64cdde076635d6295641f9a4 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/tools/syz-trace2syz/proggen/call_selector.go b/tools/syz-trace2syz/proggen/call_selector.go
index 989cbe6bd..5ace0fd2a 100644
--- a/tools/syz-trace2syz/proggen/call_selector.go
+++ b/tools/syz-trace2syz/proggen/call_selector.go
@@ -137,8 +137,11 @@ func (cs *openCallSelector) Select(call *parser.Syscall) *prog.Syscall {
 
 func (cs *openCallSelector) matchOpen(meta *prog.Syscall, call *parser.Syscall) (bool, int) {
 	straceFileArg := call.Args[openDiscriminatorArgs[call.CallName]]
-	syzFileArg := meta.Args[openDiscriminatorArgs[meta.CallName]]
 	straceBuf := straceFileArg.(*parser.BufferType).Val
+	syzFileArg := meta.Args[openDiscriminatorArgs[meta.CallName]]
+	if _, ok := syzFileArg.(*prog.PtrType); !ok {
+		return false, -1
+	}
 	syzBuf := syzFileArg.(*prog.PtrType).Type.(*prog.BufferType)
 	if syzBuf.Kind != prog.BufferString {
 		return false, -1
author	Andrey Konovalov <andreyknvl@google.com>	2019-08-07 18:03:59 +0200
committer	Dmitry Vyukov <dvyukov@google.com>	2019-08-08 15:34:27 +0200
commit	d545e945ce3761556e10fd6b4c20a952c0e821a1 (patch)
tree	9eac971ae8d917de598827c1941d872253d67080 /tools/syz-trace2syz
parent	bcc419e9414564fc64cdde076635d6295641f9a4 (diff)