|
|
|
|
@ -259,6 +259,16 @@ void SetFuzzedErrNo(FuzzedDataProvider& fuzzed_data_provider, const std::array<T
|
|
|
|
|
errno = fuzzed_data_provider.PickValueInArray(errnos);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Sets a fuzzed errno in the range [0, 133 (EHWPOISON)]. Can be used from functions emulating
|
|
|
|
|
* standard library functions that set errno, or in other contexts where the value of errno
|
|
|
|
|
* might be relevant for the execution path that will be taken.
|
|
|
|
|
*/
|
|
|
|
|
inline void SetFuzzedErrNo(FuzzedDataProvider& fuzzed_data_provider) noexcept
|
|
|
|
|
{
|
|
|
|
|
errno = fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 133);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns a byte vector of specified size regardless of the number of remaining bytes available
|
|
|
|
|
* from the fuzzer. Pads with zero value bytes if needed to achieve the specified size.
|
|
|
|
|
@ -345,6 +355,7 @@ public:
|
|
|
|
|
|
|
|
|
|
FILE* open()
|
|
|
|
|
{
|
|
|
|
|
SetFuzzedErrNo(m_fuzzed_data_provider);
|
|
|
|
|
if (m_fuzzed_data_provider.ConsumeBool()) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
@ -386,6 +397,7 @@ public:
|
|
|
|
|
static ssize_t read(void* cookie, char* buf, size_t size)
|
|
|
|
|
{
|
|
|
|
|
FuzzedFileProvider* fuzzed_file = (FuzzedFileProvider*)cookie;
|
|
|
|
|
SetFuzzedErrNo(fuzzed_file->m_fuzzed_data_provider);
|
|
|
|
|
if (buf == nullptr || size == 0 || fuzzed_file->m_fuzzed_data_provider.ConsumeBool()) {
|
|
|
|
|
return fuzzed_file->m_fuzzed_data_provider.ConsumeBool() ? 0 : -1;
|
|
|
|
|
}
|
|
|
|
|
@ -404,6 +416,7 @@ public:
|
|
|
|
|
static ssize_t write(void* cookie, const char* buf, size_t size)
|
|
|
|
|
{
|
|
|
|
|
FuzzedFileProvider* fuzzed_file = (FuzzedFileProvider*)cookie;
|
|
|
|
|
SetFuzzedErrNo(fuzzed_file->m_fuzzed_data_provider);
|
|
|
|
|
const ssize_t n = fuzzed_file->m_fuzzed_data_provider.ConsumeIntegralInRange<ssize_t>(0, size);
|
|
|
|
|
if (AdditionOverflow(fuzzed_file->m_offset, (int64_t)n)) {
|
|
|
|
|
return fuzzed_file->m_fuzzed_data_provider.ConsumeBool() ? 0 : -1;
|
|
|
|
|
@ -414,8 +427,9 @@ public:
|
|
|
|
|
|
|
|
|
|
static int seek(void* cookie, int64_t* offset, int whence)
|
|
|
|
|
{
|
|
|
|
|
assert(whence == SEEK_SET || whence == SEEK_CUR); // SEEK_END not implemented yet.
|
|
|
|
|
assert(whence == SEEK_SET || whence == SEEK_CUR || whence == SEEK_END);
|
|
|
|
|
FuzzedFileProvider* fuzzed_file = (FuzzedFileProvider*)cookie;
|
|
|
|
|
SetFuzzedErrNo(fuzzed_file->m_fuzzed_data_provider);
|
|
|
|
|
int64_t new_offset = 0;
|
|
|
|
|
if (whence == SEEK_SET) {
|
|
|
|
|
new_offset = *offset;
|
|
|
|
|
@ -424,6 +438,12 @@ public:
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
new_offset = fuzzed_file->m_offset + *offset;
|
|
|
|
|
} else if (whence == SEEK_END) {
|
|
|
|
|
const int64_t n = fuzzed_file->m_fuzzed_data_provider.ConsumeIntegralInRange<int64_t>(0, 4096);
|
|
|
|
|
if (AdditionOverflow(n, *offset)) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
new_offset = n + *offset;
|
|
|
|
|
}
|
|
|
|
|
if (new_offset < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
@ -436,6 +456,7 @@ public:
|
|
|
|
|
static int close(void* cookie)
|
|
|
|
|
{
|
|
|
|
|
FuzzedFileProvider* fuzzed_file = (FuzzedFileProvider*)cookie;
|
|
|
|
|
SetFuzzedErrNo(fuzzed_file->m_fuzzed_data_provider);
|
|
|
|
|
return fuzzed_file->m_fuzzed_data_provider.ConsumeIntegralInRange<int>(-1, 0);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
practicalswift
5 years ago