From c1c3a73cd976f966bf74d6bbcc126b559b43e147 Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Fri, 21 Oct 2016 18:25:45 +0200 Subject: prog: fix checks for max and min len when mutating a bin blob --- prog/mutation.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/prog/mutation.go b/prog/mutation.go index 8d5fa36a4..80b7cdf54 100644 --- a/prog/mutation.go +++ b/prog/mutation.go @@ -388,14 +388,14 @@ func mutateData(r *randGen, data []byte, minLen, maxLen int) []byte { r.choose( 100, func() { // Append byte. - if len(data) == maxLen { + if len(data) >= maxLen { return } data = append(data, byte(r.rand(256))) }, 100, func() { // Remove byte. - if len(data) == minLen { + if len(data) <= minLen { return } if len(data) == 0 { -- cgit mrf-deployment From 557cc42a1f8e3cbf2095755543b7cd0c00030ccd Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Fri, 21 Oct 2016 18:23:38 +0200 Subject: prog: better validate arg data --- prog/validation.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/prog/validation.go b/prog/validation.go index 6d84073ba..c30e2eecd 100644 --- a/prog/validation.go +++ b/prog/validation.go @@ -136,6 +136,12 @@ func (c *Call) validate(ctx *validCtx) error { } case ArgPageSize: case ArgData: + switch typ1 := typ.(type) { + case *sys.ArrayType: + if typ2, ok := typ1.Type.(*sys.IntType); !ok || typ2.Size() != 1 { + return fmt.Errorf("syscall %v: data arg '%v' should be an array", c.Meta.Name, typ.Name()) + } + } case ArgGroup: switch typ1 := typ.(type) { case *sys.StructType: -- cgit mrf-deployment From 7c5f5c84aad04e34ab536be4789243423c849190 Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Thu, 3 Nov 2016 19:22:21 +0100 Subject: manager: print actual number of loaded progs --- syz-manager/manager.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/syz-manager/manager.go b/syz-manager/manager.go index 8f5839e29..b9d94301a 100644 --- a/syz-manager/manager.go +++ b/syz-manager/manager.go @@ -154,7 +154,7 @@ func RunManager(cfg *config.Config, syscalls map[int]bool, suppressions []*regex } mgr.candidates = append(mgr.candidates, data) } - Logf(0, "loaded %v programs", len(mgr.persistentCorpus.m)) + Logf(0, "loaded %v programs (%v total)", len(mgr.candidates), len(mgr.persistentCorpus.m)) // Create HTTP server. mgr.initHttp() -- cgit mrf-deployment From 5f1dc346935b8b0d7d4fc42457e7070d6d5c0e2a Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Tue, 22 Nov 2016 16:00:43 +0100 Subject: manager: add empty line before per-call coverage in html --- syz-manager/html.go | 1 + 1 file changed, 1 insertion(+) diff --git a/syz-manager/html.go b/syz-manager/html.go index f29b95e4c..0884e6266 100644 --- a/syz-manager/html.go +++ b/syz-manager/html.go @@ -481,6 +481,7 @@ var summaryTemplate = template.Must(template.New("").Parse(addStyle(`
Per-call coverage: +
{{range $c := $.Calls}} {{$c.Name}} inputs:{{$c.Inputs}} -- cgit mrf-deployment