diff options
| -rw-r--r-- | prog/analysis.go | 9 | ||||
| -rw-r--r-- | prog/size_test.go | 12 | ||||
| -rw-r--r-- | sys/test.txt | 27 | ||||
| -rw-r--r-- | sysgen/sysgen.go | 2 |
4 files changed, 44 insertions, 6 deletions
diff --git a/prog/analysis.go b/prog/analysis.go index 99f947df2..a4f399f98 100644 --- a/prog/analysis.go +++ b/prog/analysis.go @@ -166,7 +166,11 @@ func generateSize(arg *Arg, lenType *sys.LenType) *Arg { return constArg(lenType, uintptr(len(arg.Inner))) } default: - return constArg(lenType, arg.Size()) + if lenType.ByteSize != 0 { + return constArg(lenType, arg.Size()/lenType.ByteSize) + } else { + return constArg(lenType, arg.Size()) + } } } @@ -192,6 +196,9 @@ func assignSizes(args []*Arg) { if typ, ok := arg.Type.(*sys.LenType); ok { if typ.Buf == "parent" { arg.Val = parentSize + if typ.ByteSize != 0 { + arg.Val /= typ.ByteSize + } continue } diff --git a/prog/size_test.go b/prog/size_test.go index d5aaaaf12..0b7e5fb98 100644 --- a/prog/size_test.go +++ b/prog/size_test.go @@ -107,8 +107,16 @@ func TestAssignSize(t *testing.T) { "syz_test$length16(&(0x7f0000000000)={[0x42, 0x42], 0x2, 0x10, 0x8, 0x4, 0x2})", }, { - "syz_test$length17(&(0x7f0000000000)={{0x42, 0x42, 0x42, 0xff}, 0xff, 0xff})", - "syz_test$length17(&(0x7f0000000000)={{0x42, 0x42, 0x42, 0x8}, 0x8, 0x8})", + "syz_test$length17(&(0x7f0000000000)={0x42, 0xff, 0xff, 0xff, 0xff})", + "syz_test$length17(&(0x7f0000000000)={0x42, 0x8, 0x4, 0x2, 0x1})", + }, + { + "syz_test$length18(&(0x7f0000000000)={0x42, 0xff, 0xff, 0xff, 0xff})", + "syz_test$length18(&(0x7f0000000000)={0x42, 0x8, 0x4, 0x2, 0x1})", + }, + { + "syz_test$length19(&(0x7f0000000000)={{0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0xff}, 0xff, 0xff, 0xff})", + "syz_test$length19(&(0x7f0000000000)={{0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x14}, 0x14, 0x14, 0x5})", }, } diff --git a/sys/test.txt b/sys/test.txt index e883d9a76..e36af549d 100644 --- a/sys/test.txt +++ b/sys/test.txt @@ -182,7 +182,9 @@ syz_test$length14(a0 ptr[inout, syz_length_large_struct], a1 ptr[inout, len[a0, syz_test$length15(a0 int16, a1 len[a0]) syz_test$length16(a0 ptr[in, syz_length_bytesize_struct]) -syz_test$length17(a0 ptr[in, syz_length_bf_struct]) +syz_test$length17(a0 ptr[in, syz_length_bytesize2_struct]) +syz_test$length18(a0 ptr[in, syz_length_bytesize3_struct]) +syz_test$length19(a0 ptr[in, syz_length_bf_struct]) syz_length_flags = 0, 1 @@ -263,17 +265,38 @@ syz_length_bytesize_struct { f5 bytesize8[f0, int8] } +syz_length_bytesize2_struct { + f0 int64 + f1 bytesize[f0, int8] + f2 bytesize2[f0, int8] + f3 bytesize4[f0, int8] + f4 bytesize8[f0, int8] +} + +syz_length_bytesize3_struct { + f0 int32 + f1 bytesize[parent, int8] + f2 bytesize2[parent, int8] + f3 bytesize4[parent, int8] + f4 bytesize8[parent, int8] +} + syz_length_bf_struct_inner { f0 int32:10 f1 int32:10 f2 int32:10 - f4 len[parent, int32] + f3 int32:32 + f4 int32:16 + f5 int32:16 + f6 int32:10 + f7 len[parent, int32] } syz_length_bf_struct { f0 syz_length_bf_struct_inner f1 len[f0, int8] f2 bytesize[f0, int8] + f3 bytesize4[f0, int8] } # Big endian diff --git a/sysgen/sysgen.go b/sysgen/sysgen.go index da855d6a2..867561ad7 100644 --- a/sysgen/sysgen.go +++ b/sysgen/sysgen.go @@ -731,7 +731,7 @@ func decodeIntType(typ string) (uint64, bool, uint64) { sz, _ = strconv.ParseInt(typ[3:], 10, 64) } - if bitfieldLen >= uint64(sz) { + if bitfieldLen > uint64(sz) { failf("bitfield of size %v is too large for base type of size %v", bitfieldLen, sz/8) } |