regress: Provide Makefile targets to generate fuzzer inputs

These will be useful for seeding AFL and may be useful for other
purposes.  This also lets us check that at least with our existing
test cases, the corresponding fuzzer input files work.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
This reverts commit 44843c19f7b3ebf59aa4cda4cef9be0f5d973126.

diff --git a/.gitignore b/.gitignore
index 0d0daf97674e7dbf04167f32ed141c149705ec04..4218eae1f9c62b1dc9f1f929b316069f60e33a02 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -34,6 +34,7 @@ regress/*_record
 regress/*_playback
 regress/*_fuzz
 regress/output-*.*
+regress/fuzz-*
 regress/pipe.out
 regress/pipe.err
 regress/harness.h

diff --git a/regress/Makefile.in b/regress/Makefile.in
index 846c2365d5c53fc1540cd114f3f9b88b2fb6111b..3c5252f3fecda9b3dea4dfd72c0e38062016010c 100644 (file)
--- a/regress/Makefile.in
+++ b/regress/Makefile.in
@@ -53,9 +53,23 @@ check:               $(TARGETS) $(addprefix check-,$(ALL_TESTS))
                @echo
                @echo 'all tests passed or maybe skipped.'
 
+checkfuzz:     $(TARGETS) $(addprefix checkfuzz-,$(ALL_TESTS))
+               @echo
+               @echo 'all fuzzes passed or maybe skipped.'
+# this target is mostly useful as prep work for running the fuzzer;
+# it doesn't really test any of adns
+
 check-%:       case-%.sys
                @srcdir=$(srcdir) $(srcdir)/r1test $* || test $$? = 5
 
+fuzz-%:                case-%.sys $(TARGETS) make1fuzz shlib
+               srcdir=$(srcdir) $(srcdir)/make1fuzz $*
+
+.PRECIOUS: fuzz-%
+
+checkfuzz-%:   fuzz-% $(TARGETS)
+               @srcdir=$(srcdir) $(srcdir)/check1fuzz $< || test $$? = 5
+
 LINK_CMD=      $(CC) $(LDFLAGS) $^ $(LDLIBS) -o $@
 
 %_record:      %_c.o hrecord.o hnonfuzz.o $(HARNLOBJS)

diff --git a/regress/check1fuzz b/regress/check1fuzz
new file mode 100755 (executable)
index 0000000..73ed172
--- /dev/null
+++ b/regress/check1fuzz
@@ -0,0 +1,28 @@
+#!/bin/sh
+# usage: check1fuzz <fuzzer stimulus file>
+# fuzz check script, for checking that one fuzz input works
+
+set -e
+: ${srcdir=.}
+. "$srcdir"/shlib
+
+fuzzfile="$1"
+
+exec <"$fuzzfile"
+
+desc="${fuzzfile#fuzz-}"
+
+read nargs
+if [ "$nargs" = 0 ]; then printf "SKIPPED-$desc "; exit 5; fi
+
+read arg1len
+read program
+
+case "$program" in
+*/*)   ;;
+*)     program="./$program" ;;
+esac
+
+${program} <"$fuzzfile" >/dev/null
+
+printf "$desc "

diff --git a/regress/make1fuzz b/regress/make1fuzz
new file mode 100755 (executable)
index 0000000..a7a08f2
--- /dev/null
+++ b/regress/make1fuzz
@@ -0,0 +1,49 @@
+#!/bin/sh
+set -e
+
+: ${srcdir=.}
+. "$srcdir"/shlib
+
+casename="$1"
+
+playback_prepare
+
+ofuzz="fuzz-$casename"
+
+rm -f "$ofuzz.tmp"
+exec >"$ofuzz.tmp"
+
+fuzzout_complete () {
+       mv "$ofuzz.tmp" "$ofuzz"
+       exit 0
+}
+
+if test ! -e $playback; then
+       echo 0
+       fuzzout_complete
+fi
+
+playback_execute_callback () {
+       set "${program}_fuzz" "$@"
+
+       printf "%d\n" "$#"
+       for a in "$@"; do
+               printf "%d\n" "${#a}"
+               printf "%s\n" "$a"
+       done
+}
+playback_execute
+
+if test -e "$case.in"
+then
+       inputsz=$(stat -c'%s' -L "$case.in")
+       printf "%d\n" "$inputsz"
+       cat "$case.in"
+else
+       echo 0
+fi
+echo
+
+cat <&4
+
+fuzzout_complete

diff --git a/settings.make.in b/settings.make.in
index e68899db5313ef36f632775b2fcaf4086c5c7b89..3b1e4bd060891710acc00f5032f731edccade1c7 100644 (file)
--- a/settings.make.in
+++ b/settings.make.in
@@ -29,7 +29,7 @@ clean mostlyclean:
                rm -f $(TARGETS) $(AUTOCSRCS) $(AUTOCHDRS)
                rm -f *.o *.tmp* *.so *.so.* pipe.*
                rm -f output-*.err output-*.leftover
-               rm -f output-*.out output-*.report
+               rm -f output-*.out output-*.report fuzz-*
 
 distclean:             clean
                rm -f *~ ./#*# core *.orig *.rej Makefile config.h