diff options
| author | Greg Steuck <gnezdo@google.com> | 2019-01-12 13:20:22 -0800 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2019-01-14 09:48:45 +0100 |
| commit | 77c702cf1a02ef4bb695e9daa9339afb3cbd5d89 (patch) | |
| tree | aeedbb9480a51758ff791b9c584b1fc278d34c8c /tools | |
| parent | c3f3344c78d6f69e1494297262c453f8ed10a844 (diff) | |
sys/openbsd: avoid /dev/fd node creation
Prevents corpus explosion with corrupted coverage data.
The two parallel runs of:
`doas ./syz-execprog -cover -coverfile /tmp/{fixed,unfixed} r.syz`
show markedly different coverage pictures:
unfixed:
```
2019/01/12 13:55:38 parsed 1 programs
2019/01/12 13:55:38 executed programs: 0
2019/01/12 13:55:38 call #0: signal 821, coverage 2438
2019/01/12 13:55:38 call #1: signal 243, coverage 1363
2019/01/12 13:55:38 call #2: signal 502, coverage 1993
2019/01/12 13:55:38 call #3: signal 15, coverage 44
2019/01/12 13:55:38 call #4: signal 335, coverage 8196
```
fixed:
```
2019/01/12 13:51:57 parsed 1 programs
2019/01/12 13:51:57 executed programs: 0
2019/01/12 13:51:57 call #0: signal 837, coverage 2491
2019/01/12 13:51:57 call #1: signal 241, coverage 1341
2019/01/12 13:51:57 call #2: signal 27, coverage 61
2019/01/12 13:51:57 call #3: signal 13, coverage 44
2019/01/12 13:51:57 call #4: signal 39, coverage 299
```
The contents of `r.syz` is
```
mknod(&(0x7f0000000180)='./file0\x00', 0x2006, 0x10000016e8)
r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000002480)=[{&(0x7f0000001480)="<junk>", 0x573}], 0x1)
lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000))
```
So, it's the final lstat which was getting that extra coverage. In
particular, the end of unfixed.4 has some 4734 values
0xffffffff00000000.
Diffstat (limited to 'tools')
0 files changed, 0 insertions, 0 deletions