"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "cmdline.c" between
honggfuzz-2.4.tar.gz and honggfuzz-2.5.tar.gz

About: honggfuzz is a security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with powerful analysis options.

[ To the main honggfuzz source changes report ]

cmdline.c  (honggfuzz-2.4):cmdline.c  (honggfuzz-2.5)
skipping to change at line 137 skipping to change at line 137
LOG_HELP(" As above, maximize unique branches (edges) via Intel BTS:"); LOG_HELP(" As above, maximize unique branches (edges) via Intel BTS:");
LOG_HELP_BOLD(" " PROG_NAME " --linux_perf_bts_edge -- /usr/bin/djpeg " _HF _FILE_PLACEHOLDER); LOG_HELP_BOLD(" " PROG_NAME " --linux_perf_bts_edge -- /usr/bin/djpeg " _HF _FILE_PLACEHOLDER);
LOG_HELP( LOG_HELP(
" As above, maximize unique code blocks via Intel Processor Trace (requi res libipt.so):"); " As above, maximize unique code blocks via Intel Processor Trace (requi res libipt.so):");
LOG_HELP_BOLD(" " PROG_NAME " --linux_perf_ipt_block -- /usr/bin/djpeg " _H F_FILE_PLACEHOLDER); LOG_HELP_BOLD(" " PROG_NAME " --linux_perf_ipt_block -- /usr/bin/djpeg " _H F_FILE_PLACEHOLDER);
#endif /* defined(_HF_ARCH_LINUX) */ #endif /* defined(_HF_ARCH_LINUX) */
} }
static void cmdlineUsage(const char* pname, struct custom_option* opts) { static void cmdlineUsage(const char* pname, struct custom_option* opts) {
cmdlineHelp(pname, opts); cmdlineHelp(pname, opts);
exit(0); exit(EXIT_SUCCESS);
} }
bool cmdlineAddEnv(honggfuzz_t* hfuzz, char* env) { bool cmdlineAddEnv(honggfuzz_t* hfuzz, char* env) {
size_t enveqlen = strlen(env); size_t enveqlen = strlen(env);
const char* eqpos = strchr(env, '='); const char* eqpos = strchr(env, '=');
if (eqpos) { if (eqpos) {
enveqlen = (uintptr_t)eqpos - (uintptr_t)env + 1; enveqlen = (uintptr_t)eqpos - (uintptr_t)env + 1;
} }
for (size_t i = 0; i < ARRAYSIZE(hfuzz->exe.env_ptrs); i++) { for (size_t i = 0; i < ARRAYSIZE(hfuzz->exe.env_ptrs); i++) {
skipping to change at line 308 skipping to change at line 308
bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) {
*hfuzz = (honggfuzz_t){ *hfuzz = (honggfuzz_t){
.threads = .threads =
{ {
.threadsFinished = 0, .threadsFinished = 0,
.threadsMax = ({ .threadsMax = ({
long ncpus = sysconf(_SC_NPROCESSORS_ONLN); long ncpus = sysconf(_SC_NPROCESSORS_ONLN);
(ncpus <= 1 ? 1 : ncpus / 2); (ncpus <= 1 ? 1 : ncpus / 2);
}), }),
.threadsActiveCnt = 0, .threadsActiveCnt = 0,
.pinThreadToCPUs = 0,
.mainThread = pthread_self(), .mainThread = pthread_self(),
.mainPid = getpid(), .mainPid = getpid(),
}, },
.io = .io =
{ {
.inputDir = NULL, .inputDir = NULL,
.outputDir = NULL, .outputDir = NULL,
.inputDirPtr = NULL, .inputDirPtr = NULL,
.fileCnt = 0, .fileCnt = 0,
.testedFileCnt = 0, .testedFileCnt = 0,
skipping to change at line 379 skipping to change at line 380
.display = .display =
{ {
.useScreen = true, .useScreen = true,
.lastDisplayUSecs = util_timeNowUSecs(), .lastDisplayUSecs = util_timeNowUSecs(),
.cmdline_txt[0] = '\0', .cmdline_txt[0] = '\0',
}, },
.cfg = .cfg =
{ {
.useVerifier = false, .useVerifier = false,
.exitUponCrash = false, .exitUponCrash = false,
.exitCodeUponCrash = 0,
.reportFile = NULL, .reportFile = NULL,
.dynFileIterExpire = 0, .dynFileIterExpire = 0,
.only_printable = false, .only_printable = false,
.minimize = false, .minimize = false,
.switchingToFDM = false, .switchingToFDM = false,
}, },
.sanitizer = .sanitizer =
{ {
.enable = false, .enable = false,
.del_report = false, .del_report = false,
skipping to change at line 508 skipping to change at line 510
{ { "pprocess_cmd", required_argument, NULL, 0x111 }, "External command postprocessing files produced by internal mutators" }, { { "pprocess_cmd", required_argument, NULL, 0x111 }, "External command postprocessing files produced by internal mutators" },
{ { "ffmutate_cmd", required_argument, NULL, 0x110 }, "External command mutating files which have effective coverage feedback" }, { { "ffmutate_cmd", required_argument, NULL, 0x110 }, "External command mutating files which have effective coverage feedback" },
{ { "run_time", required_argument, NULL, 0x109 }, "Number of seconds thi s fuzzing session will last (default: 0 [no limit])" }, { { "run_time", required_argument, NULL, 0x109 }, "Number of seconds thi s fuzzing session will last (default: 0 [no limit])" },
{ { "iterations", required_argument, NULL, 'N' }, "Number of fuzzing ite rations (default: 0 [no limit])" }, { { "iterations", required_argument, NULL, 'N' }, "Number of fuzzing ite rations (default: 0 [no limit])" },
{ { "rlimit_as", required_argument, NULL, 0x100 }, "Per process RLIMIT_A S in MiB (default: 0 [default limit])" }, { { "rlimit_as", required_argument, NULL, 0x100 }, "Per process RLIMIT_A S in MiB (default: 0 [default limit])" },
{ { "rlimit_rss", required_argument, NULL, 0x101 }, "Per process RLIMIT_ RSS in MiB (default: 0 [default limit]). It will also set *SAN's soft_rss_limit_ mb" }, { { "rlimit_rss", required_argument, NULL, 0x101 }, "Per process RLIMIT_ RSS in MiB (default: 0 [default limit]). It will also set *SAN's soft_rss_limit_ mb" },
{ { "rlimit_data", required_argument, NULL, 0x102 }, "Per process RLIMIT _DATA in MiB (default: 0 [default limit])" }, { { "rlimit_data", required_argument, NULL, 0x102 }, "Per process RLIMIT _DATA in MiB (default: 0 [default limit])" },
{ { "rlimit_core", required_argument, NULL, 0x103 }, "Per process RLIMIT _CORE in MiB (default: 0 [no cores are produced])" }, { { "rlimit_core", required_argument, NULL, 0x103 }, "Per process RLIMIT _CORE in MiB (default: 0 [no cores are produced])" },
{ { "rlimit_stack", required_argument, NULL, 0x104 }, "Per process RLIMI T_STACK in MiB (default: 0 [default limit])" }, { { "rlimit_stack", required_argument, NULL, 0x104 }, "Per process RLIMI T_STACK in MiB (default: 0 [default limit])" },
{ { "report", required_argument, NULL, 'R' }, "Write report to this file (default: '<workdir>/" _HF_REPORT_FILE "')" }, { { "report", required_argument, NULL, 'R' }, "Write report to this file (default: '<workdir>/" _HF_REPORT_FILE "')" },
{ { "max_file_size", required_argument, NULL, 'F' }, "Maximal size of fi les processed by the fuzzer in bytes (default: 134217728 = 128MB)" }, { { "max_file_size", required_argument, NULL, 'F' }, "Maximal size of fi les processed by the fuzzer in bytes (default: 1048576 = 1MB)" },
{ { "clear_env", no_argument, NULL, 0x108 }, "Clear all environment vari ables before executing the binary" }, { { "clear_env", no_argument, NULL, 0x108 }, "Clear all environment vari ables before executing the binary" },
{ { "env", required_argument, NULL, 'E' }, "Pass this environment variab le, can be used multiple times" }, { { "env", required_argument, NULL, 'E' }, "Pass this environment variab le, can be used multiple times" },
{ { "save_all", no_argument, NULL, 'u' }, "Save all test-cases (not only the unique ones) by appending the current time-stamp to the filenames" }, { { "save_all", no_argument, NULL, 'u' }, "Save all test-cases (not only the unique ones) by appending the current time-stamp to the filenames" },
{ { "save_smaller", no_argument, NULL, 'U' }, "Save smaller test-cases, renaming first filename with .orig suffix" }, { { "save_smaller", no_argument, NULL, 'U' }, "Save smaller test-cases, renaming first filename with .orig suffix" },
{ { "tmout_sigvtalrm", no_argument, NULL, 'T' }, "Treat time-outs as cra shes - use SIGVTALRM to kill timeouting processes (default: use SIGKILL)" }, { { "tmout_sigvtalrm", no_argument, NULL, 'T' }, "Treat time-outs as cra shes - use SIGVTALRM to kill timeouting processes (default: use SIGKILL)" },
{ { "sanitizers", no_argument, NULL, 'S' }, "** DEPRECATED ** Enable san itizers settings (default: false)" }, { { "sanitizers", no_argument, NULL, 'S' }, "** DEPRECATED ** Enable san itizers settings (default: false)" },
{ { "sanitizers_del_report", required_argument, NULL, 0x10F }, "Delete s anitizer report after use (default: false)" }, { { "sanitizers_del_report", required_argument, NULL, 0x10F }, "Delete s anitizer report after use (default: false)" },
{ { "monitor_sigabrt", required_argument, NULL, 0x105 }, "** DEPRECATED ** SIGABRT is always monitored" }, { { "monitor_sigabrt", required_argument, NULL, 0x105 }, "** DEPRECATED ** SIGABRT is always monitored" },
{ { "no_fb_timeout", required_argument, NULL, 0x106 }, "Skip feedback if the process has timeouted (default: false)" }, { { "no_fb_timeout", required_argument, NULL, 0x106 }, "Skip feedback if the process has timeouted (default: false)" },
{ { "exit_upon_crash", no_argument, NULL, 0x107 }, "Exit upon seeing the { { "exit_upon_crash", no_argument, NULL, 0x107 }, "Exit upon seeing the
first crash (default: false)" }, first crash" },
{ { "exit_code_upon_crash", required_argument, NULL, 0x113 }, "Exit code
to use upon seeing the first crash" },
{ { "socket_fuzzer", no_argument, NULL, 0x10B }, "Instrument external fu zzer via socket" }, { { "socket_fuzzer", no_argument, NULL, 0x10B }, "Instrument external fu zzer via socket" },
{ { "netdriver", no_argument, NULL, 0x10C }, "Use netdriver (libhfnetdri ver/). In most cases it will be autodetected through a binary signature" }, { { "netdriver", no_argument, NULL, 0x10C }, "Use netdriver (libhfnetdri ver/). In most cases it will be autodetected through a binary signature" },
{ { "only_printable", no_argument, NULL, 0x10D }, "Only generate printab le inputs" }, { { "only_printable", no_argument, NULL, 0x10D }, "Only generate printab le inputs" },
{ { "export_feedback", no_argument, NULL, 0x10E }, "Export the coverage feedback structure as ./hfuzz-feedback" }, { { "export_feedback", no_argument, NULL, 0x10E }, "Export the coverage feedback structure as ./hfuzz-feedback" },
{ { "const_feedback", required_argument, NULL, 0x112 }, "Use constant in teger/string values from fuzzed programs to mangle input files via a dynamic dic tionary (default: true)" }, { { "const_feedback", required_argument, NULL, 0x112 }, "Use constant in teger/string values from fuzzed programs to mangle input files via a dynamic dic tionary (default: true)" },
{ { "pin_thread_cpu", required_argument, NULL, 0x114 }, "Pin a single ex ecution thread to this many consecutive CPUs (default: 0 = no CPU pinning)" },
#if defined(_HF_ARCH_LINUX) #if defined(_HF_ARCH_LINUX)
{ { "linux_symbols_bl", required_argument, NULL, 0x504 }, "Symbols block list filter file (one entry per line)" }, { { "linux_symbols_bl", required_argument, NULL, 0x504 }, "Symbols block list filter file (one entry per line)" },
{ { "linux_symbols_wl", required_argument, NULL, 0x505 }, "Symbols allow list filter file (one entry per line)" }, { { "linux_symbols_wl", required_argument, NULL, 0x505 }, "Symbols allow list filter file (one entry per line)" },
{ { "linux_symbols_al", required_argument, NULL, 0x505 }, "Symbols allow list filter file (one entry per line)" }, { { "linux_symbols_al", required_argument, NULL, 0x505 }, "Symbols allow list filter file (one entry per line)" },
{ { "linux_addr_low_limit", required_argument, NULL, 0x500 }, "Address l imit (from si.si_addr) below which crashes are not reported, (default: 0)" }, { { "linux_addr_low_limit", required_argument, NULL, 0x500 }, "Address l imit (from si.si_addr) below which crashes are not reported, (default: 0)" },
{ { "linux_keep_aslr", no_argument, NULL, 0x501 }, "Don't disable ASLR r andomization, might be useful with MSAN" }, { { "linux_keep_aslr", no_argument, NULL, 0x501 }, "Don't disable ASLR r andomization, might be useful with MSAN" },
{ { "linux_perf_ignore_above", required_argument, NULL, 0x503 }, "Ignore perf events which report IPs above this address" }, { { "linux_perf_ignore_above", required_argument, NULL, 0x503 }, "Ignore perf events which report IPs above this address" },
{ { "linux_perf_instr", no_argument, NULL, 0x510 }, "Use PERF_COUNT_HW_I NSTRUCTIONS perf" }, { { "linux_perf_instr", no_argument, NULL, 0x510 }, "Use PERF_COUNT_HW_I NSTRUCTIONS perf" },
{ { "linux_perf_branch", no_argument, NULL, 0x511 }, "Use PERF_COUNT_HW_ BRANCH_INSTRUCTIONS perf" }, { { "linux_perf_branch", no_argument, NULL, 0x511 }, "Use PERF_COUNT_HW_ BRANCH_INSTRUCTIONS perf" },
skipping to change at line 569 skipping to change at line 573
int opt_index = 0; int opt_index = 0;
for (;;) { for (;;) {
int c = getopt_long( int c = getopt_long(
argc, argv, "-?hQvVsuUPxf:i:o:dqe:W:r:c:F:t:R:n:N:l:p:g:E:w:B:zMTS", opts, &opt_index); argc, argv, "-?hQvVsuUPxf:i:o:dqe:W:r:c:F:t:R:n:N:l:p:g:E:w:B:zMTS", opts, &opt_index);
if (c < 0) { if (c < 0) {
break; break;
} }
switch (c) { switch (c) {
case 'h': case 'h':
case '?':
cmdlineUsage(argv[0], custom_opts); cmdlineUsage(argv[0], custom_opts);
break; break;
case '?':
cmdlineHelp(argv[0], custom_opts);
return false;
case 'i': case 'i':
case 'f': /* Synonym for -i, stands for -f(iles) */ case 'f': /* Synonym for -i, stands for -f(iles) */
hfuzz->io.inputDir = optarg; hfuzz->io.inputDir = optarg;
break; break;
case 'x': case 'x':
hfuzz->feedback.dynFileMethod = _HF_DYNFILE_NONE; hfuzz->feedback.dynFileMethod = _HF_DYNFILE_NONE;
break; break;
case 'Q': case 'Q':
hfuzz->exe.nullifyStdio = false; hfuzz->exe.nullifyStdio = false;
break; break;
skipping to change at line 712 skipping to change at line 718
break; break;
case 0x110: case 0x110:
hfuzz->exe.feedbackMutateCommand = optarg; hfuzz->exe.feedbackMutateCommand = optarg;
break; break;
case 0x106: case 0x106:
hfuzz->feedback.skipFeedbackOnTimeout = true; hfuzz->feedback.skipFeedbackOnTimeout = true;
break; break;
case 0x107: case 0x107:
hfuzz->cfg.exitUponCrash = true; hfuzz->cfg.exitUponCrash = true;
break; break;
case 0x113:
hfuzz->cfg.exitCodeUponCrash = strtoul(optarg, NULL, 0);
break;
case 0x114:
hfuzz->threads.pinThreadToCPUs = strtoul(optarg, NULL, 0);
break;
case 0x108: case 0x108:
hfuzz->exe.clearEnv = true; hfuzz->exe.clearEnv = true;
break; break;
case 'P': case 'P':
hfuzz->exe.persistent = true; hfuzz->exe.persistent = true;
break; break;
case 'T': case 'T':
hfuzz->timing.tmoutVTALRM = true; hfuzz->timing.tmoutVTALRM = true;
break; break;
case 'E': case 'E':
skipping to change at line 788 skipping to change at line 800
hfuzz->arch_netbsd.ignoreAddr = (void*)strtoul(optarg, NULL, 0); hfuzz->arch_netbsd.ignoreAddr = (void*)strtoul(optarg, NULL, 0);
break; break;
case 0x504: case 0x504:
hfuzz->arch_netbsd.symsBlFile = optarg; hfuzz->arch_netbsd.symsBlFile = optarg;
break; break;
case 0x505: case 0x505:
hfuzz->arch_netbsd.symsWlFile = optarg; hfuzz->arch_netbsd.symsWlFile = optarg;
break; break;
#endif /* defined(_HF_ARCH_NETBSD) */ #endif /* defined(_HF_ARCH_NETBSD) */
default: default:
cmdlineUsage(argv[0], custom_opts); cmdlineHelp(argv[0], custom_opts);
return false; return false;
break;
} }
} }
logInitLogFile(logfile, -1, ll); logInitLogFile(logfile, -1, ll);
hfuzz->exe.argc = argc - optind; hfuzz->exe.argc = argc - optind;
hfuzz->exe.cmdline = (const char* const*)&argv[optind]; hfuzz->exe.cmdline = (const char* const*)&argv[optind];
if (hfuzz->exe.argc <= 0) { if (hfuzz->exe.argc <= 0) {
LOG_E("No fuzz command provided"); LOG_E("No fuzz command provided");
cmdlineUsage(argv[0], custom_opts); cmdlineHelp(argv[0], custom_opts);
return false; return false;
} }
if (!files_exists(hfuzz->exe.cmdline[0])) { if (!files_exists(hfuzz->exe.cmdline[0])) {
LOG_E("Your fuzzed binary '%s' doesn't seem to exist", hfuzz->exe.cmdlin e[0]); LOG_E("Your fuzzed binary '%s' doesn't seem to exist", hfuzz->exe.cmdlin e[0]);
return false; return false;
} }
if (!cmdlineVerify(hfuzz)) { if (!cmdlineVerify(hfuzz)) {
return false; return false;
} }
 End of changes. 12 change blocks. 
8 lines changed or deleted 20 lines changed or added
To the C Programs section of the honggfuzz source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)