diff options
| -rw-r--r-- | pkg/rpctype/rpctype.go | 9 | ||||
| -rw-r--r-- | prog/mutation.go | 2 | ||||
| -rw-r--r-- | prog/mutation_test.go | 16 | ||||
| -rw-r--r-- | syz-fuzzer/fuzzer.go | 12 |
4 files changed, 25 insertions, 14 deletions
diff --git a/pkg/rpctype/rpctype.go b/pkg/rpctype/rpctype.go index 78f8938f8..efe9e4c1d 100644 --- a/pkg/rpctype/rpctype.go +++ b/pkg/rpctype/rpctype.go @@ -6,11 +6,10 @@ package rpctype type RpcInput struct { - Call string - Prog []byte - CallIndex int - Signal []uint32 - Cover []uint32 + Call string + Prog []byte + Signal []uint32 + Cover []uint32 } type RpcCandidate struct { diff --git a/prog/mutation.go b/prog/mutation.go index ac6aa63fe..ca5cb8874 100644 --- a/prog/mutation.go +++ b/prog/mutation.go @@ -475,7 +475,7 @@ func Minimize(p0 *Prog, callIndex0 int, pred0 func(*Prog, int) bool, crash bool) if callIndex0 != -1 { if callIndex0 < 0 || callIndex0 >= len(p0.Calls) || name0 != p0.Calls[callIndex0].Meta.Name { - panic(fmt.Sprintf("bad call index after minimizatoin: ncalls=%v index=%v call=%v/%v", + panic(fmt.Sprintf("bad call index after minimization: ncalls=%v index=%v call=%v/%v", len(p0.Calls), callIndex0, name0, p0.Calls[callIndex0].Meta.Name)) } } diff --git a/prog/mutation_test.go b/prog/mutation_test.go index 4e9bb626a..1fe2da9eb 100644 --- a/prog/mutation_test.go +++ b/prog/mutation_test.go @@ -6,6 +6,7 @@ package prog import ( "bytes" "fmt" + "math/rand" "testing" ) @@ -310,3 +311,18 @@ func TestMinimizeRandom(t *testing.T) { }, false) } } + +func TestMinimizeCallIndex(t *testing.T) { + target, rs, iters := initTest(t) + r := rand.New(rs) + for i := 0; i < iters; i++ { + p := target.Generate(rs, 5, nil) + ci := r.Intn(len(p.Calls)) + p1, ci1 := Minimize(p, ci, func(p1 *Prog, callIndex int) bool { + return r.Intn(2) == 0 + }, r.Intn(2) == 0) + if ci1 < 0 || ci1 >= len(p1.Calls) || p.Calls[ci].Meta.Name != p1.Calls[ci1].Meta.Name { + t.Fatalf("bad call index after minimization") + } + } +} diff --git a/syz-fuzzer/fuzzer.go b/syz-fuzzer/fuzzer.go index 955b561e2..613c57e1c 100644 --- a/syz-fuzzer/fuzzer.go +++ b/syz-fuzzer/fuzzer.go @@ -477,9 +477,6 @@ func addInput(inp RpcInput) { if err != nil { panic(err) } - if inp.CallIndex < 0 || inp.CallIndex >= len(p.Calls) { - Fatalf("bad call index %v, calls %v, program:\n%s", inp.CallIndex, len(p.Calls), inp.Prog) - } sig := hash.Hash(inp.Prog) if _, ok := corpusHashes[sig]; !ok { corpus = append(corpus, p) @@ -599,11 +596,10 @@ func triageInput(pid int, env *ipc.Env, inp Input) { a := &NewInputArgs{ Name: *flagName, RpcInput: RpcInput{ - Call: call.CallName, - Prog: data, - CallIndex: inp.call, - Signal: []uint32(cover.Canonicalize(inp.signal)), - Cover: []uint32(inputCover), + Call: call.CallName, + Prog: data, + Signal: []uint32(cover.Canonicalize(inp.signal)), + Cover: []uint32(inputCover), }, } if err := manager.Call("Manager.NewInput", a, nil); err != nil { |