Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / honggfuzz / be7fa27b196dd26f4b5390afa4e949c61007ebd4 / . / honggfuzz.c
blob: 1e59b65c0fad690643b507e03ecc04e7dd590f09 [file] [log] [blame]
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]1/*
robert.swiecki@gmail.com3b630b42015-02-16 10:53:53 +0000[diff] [blame]2 *
robert.swiecki@gmail.com90e99112015-02-15 02:05:14 +0000[diff] [blame]3 * honggfuzz - the main file
4 * -----------------------------------------
robert.swiecki@gmail.com3b630b42015-02-16 10:53:53 +0000[diff] [blame]5 *
robert.swiecki@gmail.com8531f692015-02-17 12:25:36 +0000[diff] [blame]6 * Author:
7 * Robert Swiecki <swiecki@google.com>
8 * Felix Gröbert <groebert@google.com>
robert.swiecki@gmail.com3b630b42015-02-16 10:53:53 +0000[diff] [blame]9 *
robert.swiecki@gmail.com772b33d2015-02-14 20:35:00 +0000[diff] [blame]10 * Copyright 2010-2015 by Google Inc. All Rights Reserved.
robert.swiecki@gmail.com3b630b42015-02-16 10:53:53 +0000[diff] [blame]11 *
12 * Licensed under the Apache License, Version 2.0 (the "License"); you may
13 * not use this file except in compliance with the License. You may obtain
robert.swiecki@gmail.com772b33d2015-02-14 20:35:00 +0000[diff] [blame]14 * a copy of the License at
robert.swiecki@gmail.com3b630b42015-02-16 10:53:53 +0000[diff] [blame]15 *
robert.swiecki@gmail.com772b33d2015-02-14 20:35:00 +0000[diff] [blame]16 * http://www.apache.org/licenses/LICENSE-2.0
robert.swiecki@gmail.com3b630b42015-02-16 10:53:53 +0000[diff] [blame]17 *
robert.swiecki@gmail.com772b33d2015-02-14 20:35:00 +0000[diff] [blame]18 * Unless required by applicable law or agreed to in writing, software
19 * distributed under the License is distributed on an "AS IS" BASIS,
20 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
21 * implied. See the License for the specific language governing
22 * permissions and limitations under the License.
robert.swiecki@gmail.com3b630b42015-02-16 10:53:53 +0000[diff] [blame]23 *
robert.swiecki@gmail.com772b33d2015-02-14 20:35:00 +0000[diff] [blame]24 */
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]25
robert.swiecki@gmail.comba85c3e2015-02-02 14:55:16 +0000[diff] [blame]26#include <getopt.h>
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]27#include <stdio.h>
28#include <stdlib.h>
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]29#include <string.h>
robert.swiecki@gmail.comba85c3e2015-02-02 14:55:16 +0000[diff] [blame]30#include <time.h>
31#include <unistd.h>
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]32
33#include "common.h"
34#include "log.h"
35#include "files.h"
36#include "fuzz.h"
37#include "util.h"
38
robert.swiecki3d505e22010-10-14 01:17:17 +0000[diff] [blame]39#define AB ANSI_BOLD
40#define AC ANSI_CLEAR
41#define ANSI_BOLD "\033[1m"
42#define ANSI_CLEAR "\033[0m"
43
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]44static bool checkFor_FILE_PLACEHOLDER(char **args)
45{
46 for (int x = 0; args[x]; x++) {
Anestis Bechtsoudisc1f6faa2015-07-31 05:32:19 +0300[diff] [blame]47 if (strstr(args[x], _HF_FILE_PLACEHOLDER))
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]48 return true;
49 }
50 return false;
51}
52
groebert@google.com76afff92013-06-20 14:43:41 +0000[diff] [blame]53static void usage(bool exit_success)
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]54{
robert.swiecki@gmail.comba85c3e2015-02-02 14:55:16 +0000[diff] [blame]55 /* *INDENT-OFF* */
robert.swiecki@gmail.com9344c0b2015-03-04 06:33:11 +0000[diff] [blame]56 printf(AB PROG_NAME " version " PROG_VERSION " by " PROG_AUTHORS AC "\n");
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]57 printf("%s",
robert.swiecki@gmail.comb6daf882015-02-28 16:56:08 +0000[diff] [blame]58 " [" AB "-f val" AC "] : input file corpus directory\n"
59 " (or a path to a single input file)\n"
robert.swiecki@gmail.comcdf18f92015-02-11 22:22:18 +0000[diff] [blame]60 " [" AB "-h" AC "] : this help\n"
robert.swiecki@gmail.com341dd122015-02-18 13:05:20 +0000[diff] [blame]61 " [" AB "-q" AC "] : null-ify children's stdin, stdout, stderr; make them quiet\n"
62 " (default: " AB "false" AC ")\n"
robert.swieckif9175d82015-02-26 14:47:24 +0000[diff] [blame]63 " [" AB "-s" AC "] : provide fuzzing input on STDIN, instead of a file argument\n"
robert.swiecki@gmail.com341dd122015-02-18 13:05:20 +0000[diff] [blame]64 " (default: " AB "false" AC ")\n"
robert.swiecki@gmail.comcdf18f92015-02-11 22:22:18 +0000[diff] [blame]65 " [" AB "-u" AC "] : save unique test-cases only, otherwise (if not used) append\n"
66 " current timestamp to the output filenames (default: " AB "false" AC ")\n"
Robert Swieckic578d642015-09-08 16:13:36 +0200[diff] [blame]67 " [" AB "-v" AC "] : display simple log messages on stdout instead of using ANSI\n"
68 " console (default: " AB "false" AC ")\n"
robert.swiecki@gmail.comcdf18f92015-02-11 22:22:18 +0000[diff] [blame]69 " [" AB "-d val" AC "] : debug level (0 - FATAL ... 4 - DEBUG), (default: '" AB "3" AC
robert.swiecki@gmail.comba85c3e2015-02-02 14:55:16 +0000[diff] [blame]70 "' [INFO])\n"
robert.swiecki@gmail.com6f319912015-02-28 05:01:37 +0000[diff] [blame]71 " [" AB "-e val" AC "] : file extension (e.g. 'swf'), (default: '" AB "fuzz" AC "')\n"
Anestis Bechtsoudis672a9182015-09-08 09:00:29 +0300[diff] [blame]72 " [" AB "-W val" AC "] : Workspace directory to save crashes & runtime files\n"
73 " (default: current '.')\n"
robert.swiecki@gmail.comcdf18f92015-02-11 22:22:18 +0000[diff] [blame]74 " [" AB "-r val" AC "] : flip rate, (default: '" AB "0.001" AC "')\n"
robert.swiecki@gmail.com4f1124f2015-04-21 17:12:22 +0000[diff] [blame]75 " [" AB "-w val" AC "] : wordlist, (default: empty) [tokens delimited by NUL-bytes]\n"
robert.swiecki@gmail.com341dd122015-02-18 13:05:20 +0000[diff] [blame]76 " [" AB "-c val" AC "] : external command modifying the input corpus of files,\n"
robert.swieckif9175d82015-02-26 14:47:24 +0000[diff] [blame]77 " instead of -r/-m (default: " AB "none" AC ")\n"
robert.swiecki@gmail.comcdf18f92015-02-11 22:22:18 +0000[diff] [blame]78 " [" AB "-t val" AC "] : timeout (in secs), (default: '" AB "3" AC "' [0 - no timeout])\n"
79 " [" AB "-a val" AC "] : address limit (from si.si_addr) below which crashes\n"
80 " are not reported, (default: '" AB "0" AC "' [suggested: 65535])\n"
robert.swiecki@gmail.comb6daf882015-02-28 16:56:08 +0000[diff] [blame]81 " [" AB "-n val" AC "] : number of concurrent fuzzing threads, (default: '" AB "2" AC "')\n"
Anestis Bechtsoudis51c9bb12015-08-26 14:46:21 +0300[diff] [blame]82 " [" AB "-N val" AC "] : number of fuzzing mutations, (default: '" AB "0" AC "' [infinite])\n"
robert.swiecki@gmail.come7190b92015-02-14 23:05:42 +0000[diff] [blame]83 " [" AB "-l val" AC "] : per process memory limit in MiB, (default: '" AB "0" AC "' [no limit])\n"
robert.swiecki@gmail.com6f319912015-02-28 05:01:37 +0000[diff] [blame]84 " [" AB "-R val" AC "] : write report to this file, (default: '" AB _HF_REPORT_FILE AC "')\n"
85 " [" AB "-F val" AC "] : Maximal size of files created by the fuzzer (default '" AB "1048576" AC "')\n"
robert.swiecki@gmail.com32b47a02015-03-04 06:07:26 +0000[diff] [blame]86 " [" AB "-E val" AC "] : Pass this environment variable (default '" AB "empty" AC "')\n"
87 " can be used multiple times\n"
robert.swiecki@gmail.com7ec5d712015-03-01 16:18:15 +0000[diff] [blame]88#if defined(_HF_ARCH_LINUX)
robert.swiecki@gmail.com254c0ec2015-02-23 02:54:26 +0000[diff] [blame]89 " [" AB "-p val" AC "] : [Linux] attach to a pid (and its thread group), instead of \n"
robert.swiecki@gmail.comb6daf882015-02-28 16:56:08 +0000[diff] [blame]90 " monitoring a previously created process, (default: '" AB "0" AC "' [none])\n"
Jaggerdbc4a152015-09-08 01:26:58 +0200[diff] [blame]91 " [" AB "-LR" AC "] : [Linux] Don't disable ASLR randomization, might be useful with MSAN\n"
92 " [" AB "-LU" AC "] : [Linux] Report MSAN's UMRS (uninitialized memory access)\n"
robert.swiecki@gmail.com684f60c2015-03-01 17:39:18 +0000[diff] [blame]93 " [" AB "-o val" AC "] : [Linux] cut-off address, don't record branches above that address\n"
robert.swiecki@gmail.com341dd122015-02-18 13:05:20 +0000[diff] [blame]94 " [" AB "-D val" AC "] : [Linux] create a file dynamically with Linux perf counters,\n"
95 " can be used with or without the '-f' flag (initial file contents)\n"
robert.swiecki@gmail.comb6daf882015-02-28 16:56:08 +0000[diff] [blame]96 " (default: " AB "none" AC ")\n"
robert.swiecki@gmail.com341dd122015-02-18 13:05:20 +0000[diff] [blame]97 " Available counters: \n"
robert.swiecki@gmail.com6f319912015-02-28 05:01:37 +0000[diff] [blame]98 " " AB "'i' " AC "- PERF_COUNT_HW_INSTRUCTIONS (total IPs)\n"
99 " " AB "'b' " AC "- PERF_COUNT_HW_BRANCH_INSTRUCTIONS (total jumps/calls)\n"
robert.swiecki@gmail.com10e69b62015-03-08 02:21:56 +0000[diff] [blame]100 " " AB "'p' " AC "- PERF_SAMPLE_IP (unique code blocks)\n"
101 " (newer Intel CPUs only)\n"
102 " " AB "'e' " AC "- PERF_SAMPLE_IP/PERF_SAMPLE_ADDR (unique branch edges)\n"
robert.swiecki@gmail.com6f319912015-02-28 05:01:37 +0000[diff] [blame]103 " (newer Intel CPUs only)\n"
robert.swieckif9175d82015-02-26 14:47:24 +0000[diff] [blame]104#endif /* defined(_HF_ARCH_LINUX) */
robert.swiecki@gmail.com3203ac42015-03-01 15:07:32 +0000[diff] [blame]105 "\nExamples:\n"
106 " Run the binary over a mutated file chosen from the directory:\n"
robert.swiecki@gmail.comb6daf882015-02-28 16:56:08 +0000[diff] [blame]107 AB " " PROG_NAME " -f input_dir -- /usr/bin/tiffinfo -D " _HF_FILE_PLACEHOLDER AC "\n"
robert.swiecki@gmail.com3203ac42015-03-01 15:07:32 +0000[diff] [blame]108 " As above, provide input over STDIN:\n"
robert.swiecki@gmail.comb6daf882015-02-28 16:56:08 +0000[diff] [blame]109 AB " " PROG_NAME " -f input_dir -- /usr/bin/djpeg\n" AC
robert.swiecki@gmail.com7ec5d712015-03-01 16:18:15 +0000[diff] [blame]110#if defined(_HF_ARCH_LINUX)
Daniel Lockyerc8297e92015-06-05 13:26:50 +0100[diff] [blame]111 " Run the binary over a dynamic file, maximize total no. of instructions:\n"
robert.swiecki@gmail.com3203ac42015-03-01 15:07:32 +0000[diff] [blame]112 AB " " PROG_NAME " -Di -- /usr/bin/tiffinfo -D " _HF_FILE_PLACEHOLDER AC "\n"
Daniel Lockyerc8297e92015-06-05 13:26:50 +0100[diff] [blame]113 " Run the binary over a dynamic file, maximize total no. of branches:\n"
robert.swiecki@gmail.com3203ac42015-03-01 15:07:32 +0000[diff] [blame]114 AB " " PROG_NAME " -Db -- /usr/bin/tiffinfo -D " _HF_FILE_PLACEHOLDER AC "\n"
Daniel Lockyerc8297e92015-06-05 13:26:50 +0100[diff] [blame]115 " Run the binary over a dynamic file, maximize unique code blocks (coverage):\n"
robert.swiecki@gmail.comdae079f2015-03-08 02:31:11 +0000[diff] [blame]116 AB " " PROG_NAME " -Dp -- /usr/bin/tiffinfo -D " _HF_FILE_PLACEHOLDER AC "\n"
Daniel Lockyerc8297e92015-06-05 13:26:50 +0100[diff] [blame]117 " Run the binary over a dynamic file, maximize unique branches (edges):\n"
Jaggerdaffbca2015-06-05 22:24:16 +0200[diff] [blame]118 AB " " PROG_NAME " -De -- /usr/bin/tiffinfo -D " _HF_FILE_PLACEHOLDER AC "\n"
119 " Run the binary over a dynamic file, maximize custom counters (experimental):\n"
120 AB " " PROG_NAME " -Df -- /usr/bin/tiffinfo -D " _HF_FILE_PLACEHOLDER AC "\n"
robert.swiecki@gmail.com7ec5d712015-03-01 16:18:15 +0000[diff] [blame]121#endif /* defined(_HF_ARCH_LINUX) */
robert.swiecki@gmail.com4be26672015-03-05 03:36:50 +0000[diff] [blame]122 );
robert.swiecki@gmail.comba85c3e2015-02-02 14:55:16 +0000[diff] [blame]123 /* *INDENT-ON* */
groebert@google.com76afff92013-06-20 14:43:41 +0000[diff] [blame]124
125 if (exit_success) {
robert.swiecki@gmail.comc6d28752014-01-08 12:02:37 +0000[diff] [blame]126 exit(EXIT_SUCCESS);
groebert@google.com76afff92013-06-20 14:43:41 +0000[diff] [blame]127 } else {
robert.swiecki@gmail.comc6d28752014-01-08 12:02:37 +0000[diff] [blame]128 exit(EXIT_FAILURE);
groebert@google.com76afff92013-06-20 14:43:41 +0000[diff] [blame]129 }
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]130}
131
132int main(int argc, char **argv)
133{
robert.swiecki@gmail.com5b935792011-06-01 16:30:09 +0000[diff] [blame]134 int c;
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]135 int ll = l_INFO;
robert.swiecki@gmail.com327f7502015-02-02 21:10:55 +0000[diff] [blame]136 honggfuzz_t hfuzz = {
robert.swiecki@gmail.com5f6b2e72015-02-02 22:17:37 +0000[diff] [blame]137 .cmdline = NULL,
robert.swiecki@gmail.com327f7502015-02-02 21:10:55 +0000[diff] [blame]138 .inputFile = NULL,
139 .nullifyStdio = false,
Jagger0764ad72015-09-06 01:11:08 +0200[diff] [blame]140 .useScreen = true,
robert.swiecki@gmail.com327f7502015-02-02 21:10:55 +0000[diff] [blame]141 .fuzzStdin = false,
142 .saveUnique = false,
143 .fileExtn = "fuzz",
Anestis Bechtsoudis672a9182015-09-08 09:00:29 +0300[diff] [blame]144 .workDir = ".",
robert.swiecki@gmail.com327f7502015-02-02 21:10:55 +0000[diff] [blame]145 .flipRate = 0.001f,
robert.swiecki@gmail.com327f7502015-02-02 21:10:55 +0000[diff] [blame]146 .externalCommand = NULL,
robert.swiecki@gmail.com4f1124f2015-04-21 17:12:22 +0000[diff] [blame]147 .dictionaryFile = NULL,
148 .dictionary = NULL,
149 .dictionaryCnt = 0,
robert.swiecki@gmail.com172f42a2015-02-26 14:32:17 +0000[diff] [blame]150 .maxFileSz = (1024 * 1024),
robert.swiecki@gmail.com327f7502015-02-02 21:10:55 +0000[diff] [blame]151 .tmOut = 3,
robert.swiecki@gmail.com327f7502015-02-02 21:10:55 +0000[diff] [blame]152 .mutationsMax = 0,
Jaggerea39a8f2015-09-05 00:57:22 +0200[diff] [blame]153 .threadsFinished = 0,
robert.swiecki@gmail.come52bac72015-02-28 15:03:50 +0000[diff] [blame]154 .threadsMax = 2,
robert.swiecki@gmail.com5f6b2e72015-02-02 22:17:37 +0000[diff] [blame]155 .ignoreAddr = NULL,
Jagger55e3bee2015-09-10 00:07:23 +0200[diff] [blame]156 .reportFile = NULL,
Robert Swieckic578d642015-09-08 16:13:36 +0200[diff] [blame]157 .asLimit = 0ULL,
robert.swiecki@gmail.com327f7502015-02-02 21:10:55 +0000[diff] [blame]158 .files = NULL,
robert.swiecki@gmail.com5f6b2e72015-02-02 22:17:37 +0000[diff] [blame]159 .fileCnt = 0,
robert.swiecki@gmail.com341dd122015-02-18 13:05:20 +0000[diff] [blame]160 .pid = 0,
robert.swiecki@gmail.com32b47a02015-03-04 06:07:26 +0000[diff] [blame]161 .envs = {[0 ... (ARRAYSIZE(hfuzz.envs) - 1)] = NULL,},
Jagger0764ad72015-09-06 01:11:08 +0200[diff] [blame]162
Jagger630aa7f2015-09-06 02:53:51 +0200[diff] [blame]163 .timeStart = time(NULL),
Jagger0764ad72015-09-06 01:11:08 +0200[diff] [blame]164 .mutationsCnt = 0,
165 .crashesCnt = 0,
Jagger4b5281e2015-09-06 02:35:37 +0200[diff] [blame]166 .timeoutedCnt = 0,
Jagger0764ad72015-09-06 01:11:08 +0200[diff] [blame]167
robert.swiecki@gmail.comcac22fd2015-02-19 14:03:28 +0000[diff] [blame]168 .dynFileMethod = _HF_DYNFILE_NONE,
robert.swiecki@gmail.com0a7eabe2015-02-22 14:47:45 +0000[diff] [blame]169 .dynamicFileBest = NULL,
robert.swiecki@gmail.com060a9dd2015-02-28 06:37:27 +0000[diff] [blame]170 .dynamicFileBestSz = 1,
Jagger3b513552015-09-09 02:08:35 +0200[diff] [blame]171 .hwCnts = {
172 .cpuInstrCnt = 0ULL,
173 .cpuBranchCnt = 0ULL,
174 .pcCnt = 0ULL,
175 .pathCnt = 0ULL,
176 .customCnt = 0ULL,
177 },
robert.swiecki@gmail.com9be63de2015-03-02 07:08:45 +0000[diff] [blame]178 .dynamicCutOffAddr = ~(0ULL),
robert.swiecki@gmail.com41d8e052015-02-19 01:10:41 +0000[diff] [blame]179 .dynamicFile_mutex = PTHREAD_MUTEX_INITIALIZER,
Jaggerdbc4a152015-09-08 01:26:58 +0200[diff] [blame]180
181 .disableRandomization = true,
182 .msanReportUMRS = false,
robert.swiecki@gmail.com327f7502015-02-02 21:10:55 +0000[diff] [blame]183 };
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]184
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]185 if (argc < 2) {
groebert@google.com76afff92013-06-20 14:43:41 +0000[diff] [blame]186 usage(true);
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]187 }
188
189 for (;;) {
Jaggerdbc4a152015-09-08 01:26:58 +0200[diff] [blame]190 c = getopt(argc, argv, "-?hqvsuf:d:e:W:r:c:F:D:t:a:R:n:N:l:p:g:o:E:w:L:");
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]191 if (c < 0)
192 break;
193
194 switch (c) {
195 case 'f':
196 hfuzz.inputFile = optarg;
197 break;
198 case 'h':
robert.swiecki@gmail.comd7aed312015-02-03 21:26:37 +0000[diff] [blame]199 case '?':
groebert@google.com76afff92013-06-20 14:43:41 +0000[diff] [blame]200 usage(true);
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]201 break;
202 case 'q':
203 hfuzz.nullifyStdio = true;
204 break;
Jagger0764ad72015-09-06 01:11:08 +0200[diff] [blame]205 case 'v':
206 hfuzz.useScreen = false;
207 break;
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]208 case 's':
209 hfuzz.fuzzStdin = true;
210 break;
211 case 'u':
212 hfuzz.saveUnique = true;
213 break;
214 case 'd':
215 ll = atoi(optarg);
216 break;
217 case 'e':
218 hfuzz.fileExtn = optarg;
219 break;
Anestis Bechtsoudis672a9182015-09-08 09:00:29 +0300[diff] [blame]220 case 'W':
221 hfuzz.workDir = optarg;
222 break;
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]223 case 'r':
robert.swiecki@gmail.com5c03df02015-02-22 15:05:50 +0000[diff] [blame]224 hfuzz.flipRate = strtod(optarg, NULL);
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]225 break;
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]226 case 'c':
227 hfuzz.externalCommand = optarg;
228 break;
robert.swiecki@gmail.com4da86bf2015-02-22 14:24:58 +0000[diff] [blame]229 case 'F':
230 hfuzz.maxFileSz = strtoul(optarg, NULL, 0);
231 break;
robert.swiecki@gmail.com6d6f7562015-02-17 22:18:51 +0000[diff] [blame]232 case 'D':
robert.swiecki@gmail.com341dd122015-02-18 13:05:20 +0000[diff] [blame]233 switch (optarg[0]) {
234 case 'i':
robert.swiecki@gmail.com81e26dc2015-03-03 04:26:04 +0000[diff] [blame]235 hfuzz.dynFileMethod |= _HF_DYNFILE_INSTR_COUNT;
robert.swiecki@gmail.com341dd122015-02-18 13:05:20 +0000[diff] [blame]236 break;
237 case 'b':
robert.swiecki@gmail.com81e26dc2015-03-03 04:26:04 +0000[diff] [blame]238 hfuzz.dynFileMethod |= _HF_DYNFILE_BRANCH_COUNT;
robert.swiecki@gmail.com341dd122015-02-18 13:05:20 +0000[diff] [blame]239 break;
robert.swiecki@gmail.comd7818972015-02-24 23:37:59 +0000[diff] [blame]240 case 'p':
robert.swiecki@gmail.com10e69b62015-03-08 02:21:56 +0000[diff] [blame]241 hfuzz.dynFileMethod |= _HF_DYNFILE_UNIQUE_BLOCK_COUNT;
242 break;
243 case 'e':
244 hfuzz.dynFileMethod |= _HF_DYNFILE_UNIQUE_EDGE_COUNT;
robert.swiecki@gmail.comd7818972015-02-24 23:37:59 +0000[diff] [blame]245 break;
robert.swiecki2a953692015-03-16 19:33:37 +0000[diff] [blame]246 case 'f':
247 hfuzz.dynFileMethod |= _HF_DYNFILE_CUSTOM;
248 break;
robert.swiecki@gmail.com341dd122015-02-18 13:05:20 +0000[diff] [blame]249 default:
robert.swiecki@gmail.com9344c0b2015-03-04 06:33:11 +0000[diff] [blame]250 LOGMSG(l_ERROR, "Unknown -D mode");
robert.swiecki@gmail.com341dd122015-02-18 13:05:20 +0000[diff] [blame]251 usage(EXIT_FAILURE);
252 break;
253 }
robert.swiecki@gmail.com1111d132015-03-12 01:32:26 +0000[diff] [blame]254 break;
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]255 case 't':
256 hfuzz.tmOut = atol(optarg);
257 break;
258 case 'a':
robert.swiecki@gmail.comba85c3e2015-02-02 14:55:16 +0000[diff] [blame]259 hfuzz.ignoreAddr = (void *)strtoul(optarg, NULL, 0);
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]260 break;
robert.swiecki@gmail.come7190b92015-02-14 23:05:42 +0000[diff] [blame]261 case 'R':
262 hfuzz.reportFile = optarg;
263 break;
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]264 case 'n':
265 hfuzz.threadsMax = atol(optarg);
266 break;
groebert@google.com8e2f44a2013-03-15 13:54:18 +0000[diff] [blame]267 case 'N':
268 hfuzz.mutationsMax = atol(optarg);
269 break;
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]270 case 'l':
Robert Swieckic578d642015-09-08 16:13:36 +0200[diff] [blame]271 hfuzz.asLimit = strtoull(optarg, NULL, 0);
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]272 break;
robert.swiecki28cba5c2011-06-22 01:38:55 +0000[diff] [blame]273 case 'p':
274 hfuzz.pid = atoi(optarg);
275 break;
robert.swiecki@gmail.com684f60c2015-03-01 17:39:18 +0000[diff] [blame]276 case 'o':
277 hfuzz.dynamicCutOffAddr = strtoull(optarg, NULL, 0);
278 break;
robert.swiecki@gmail.comda8396c2015-03-04 01:42:09 +0000[diff] [blame]279 case 'E':
280 for (size_t i = 0; i < ARRAYSIZE(hfuzz.envs); i++) {
281 if (hfuzz.envs[i] == NULL) {
282 hfuzz.envs[i] = optarg;
robert.swiecki@gmail.com42f346b2015-03-04 03:36:54 +0000[diff] [blame]283 break;
robert.swiecki@gmail.comda8396c2015-03-04 01:42:09 +0000[diff] [blame]284 }
285 }
286 break;
robert.swiecki@gmail.com4f1124f2015-04-21 17:12:22 +0000[diff] [blame]287 case 'w':
288 hfuzz.dictionaryFile = optarg;
289 break;
Jaggerdbc4a152015-09-08 01:26:58 +0200[diff] [blame]290 case 'L':
291 switch (optarg[0]) {
292 case 'R':
293 hfuzz.disableRandomization = false;
294 break;
295 case 'U':
296 hfuzz.msanReportUMRS = true;
297 break;
298 default:
299 LOGMSG(l_ERROR, "Unknown -L switch");
300 usage(EXIT_FAILURE);
301 }
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]302 default:
303 break;
304 }
305 }
306 hfuzz.cmdline = &argv[optind];
Jagger0764ad72015-09-06 01:11:08 +0200[diff] [blame]307
Jaggerdbc4a152015-09-08 01:26:58 +0200[diff] [blame]308 log_setMinLevel(ll);
309
robert.swiecki@gmail.comde0080f2015-02-28 14:42:34 +0000[diff] [blame]310 if (hfuzz.dynamicFileBestSz > hfuzz.maxFileSz) {
311 LOGMSG(l_FATAL,
312 "Initial dynamic file size cannot be larger than maximum file size (%zu > %zu)",
313 hfuzz.dynamicFileBestSz, hfuzz.maxFileSz);
314 }
315
robert.swiecki@gmail.com0a7eabe2015-02-22 14:47:45 +0000[diff] [blame]316 if ((hfuzz.dynamicFileBest = malloc(hfuzz.maxFileSz)) == NULL) {
317 LOGMSG(l_FATAL, "malloc(%zu) failed", hfuzz.maxFileSz);
318 }
319
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]320 if (!hfuzz.cmdline[0]) {
robert.swiecki@gmail.com36700b52015-02-22 05:03:16 +0000[diff] [blame]321 LOGMSG(l_FATAL, "Please specify a binary to fuzz");
groebert@google.com76afff92013-06-20 14:43:41 +0000[diff] [blame]322 usage(false);
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]323 }
324
325 if (!hfuzz.fuzzStdin && !checkFor_FILE_PLACEHOLDER(hfuzz.cmdline)) {
326 LOGMSG(l_FATAL,
robert.swiecki@gmail.coma0d87142015-02-14 13:11:18 +0000[diff] [blame]327 "You must specify '" _HF_FILE_PLACEHOLDER
robert.swiecki@gmail.comebc1cac2011-07-02 03:15:51 +0000[diff] [blame]328 "' when the -s (stdin fuzzing) option is not set");
groebert@google.com76afff92013-06-20 14:43:41 +0000[diff] [blame]329 usage(false);
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]330 }
331
332 if (strchr(hfuzz.fileExtn, '/')) {
333 LOGMSG(l_FATAL, "The file extension contains the '/' character: '%s'", hfuzz.fileExtn);
groebert@google.com76afff92013-06-20 14:43:41 +0000[diff] [blame]334 usage(false);
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]335 }
336
robert.swiecki@gmail.come4683202015-04-02 00:10:52 +0000[diff] [blame]337 if (hfuzz.pid > 0) {
Jaggerdfe815f2015-06-29 01:59:06 +0200[diff] [blame]338 LOGMSG(l_INFO, "PID=%d specified, lowering maximum number of concurrent threads to 1",
339 hfuzz.pid);
robert.swiecki@gmail.come4683202015-04-02 00:10:52 +0000[diff] [blame]340 hfuzz.threadsMax = 1;
341 }
342
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]343 LOGMSG(l_INFO,
344 "debugLevel: %d, inputFile '%s', nullifyStdio: %d, fuzzStdin: %d, saveUnique: %d, flipRate: %lf, "
robert.swiecki@gmail.com4da86bf2015-02-22 14:24:58 +0000[diff] [blame]345 "externalCommand: '%s', tmOut: %ld, mutationsMax: %ld, threadsMax: %ld, fileExtn '%s', ignoreAddr: %p, "
Robert Swieckic578d642015-09-08 16:13:36 +0200[diff] [blame]346 "memoryLimit: %llu (MiB), fuzzExe: '%s', fuzzedPid: %d",
robert.swiecki@gmail.com772b33d2015-02-14 20:35:00 +0000[diff] [blame]347 ll, hfuzz.inputFile, hfuzz.nullifyStdio ? 1 : 0,
348 hfuzz.fuzzStdin ? 1 : 0, hfuzz.saveUnique ? 1 : 0,
robert.swiecki@gmail.com4da86bf2015-02-22 14:24:58 +0000[diff] [blame]349 hfuzz.flipRate,
robert.swiecki@gmail.com772b33d2015-02-14 20:35:00 +0000[diff] [blame]350 hfuzz.externalCommand == NULL ? "NULL" : hfuzz.externalCommand,
351 hfuzz.tmOut, hfuzz.mutationsMax, hfuzz.threadsMax,
352 hfuzz.fileExtn, hfuzz.ignoreAddr, hfuzz.asLimit, hfuzz.cmdline[0], hfuzz.pid);
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]353
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]354 if (!files_init(&hfuzz)) {
355 LOGMSG(l_FATAL, "Couldn't load input files");
356 exit(EXIT_FAILURE);
357 }
358
robert.swiecki@gmail.com4f1124f2015-04-21 17:12:22 +0000[diff] [blame]359 if (hfuzz.dictionaryFile && (files_parseDictionary(&hfuzz) == false)) {
360 LOGMSG(l_FATAL, "Couldn't parse dictionary file ('%s')", hfuzz.dictionaryFile);
361 }
362
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]363 /*
364 * So far so good
365 */
366 fuzz_main(&hfuzz);
367
robert.swiecki@gmail.com0a7eabe2015-02-22 14:47:45 +0000[diff] [blame]368 free(hfuzz.dynamicFileBest);
369
robert.swiecki3bb518c2010-10-14 00:48:24 +0000[diff] [blame]370 abort(); /* NOTREACHED */
371 return EXIT_SUCCESS;
372}