From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sat, 19 Nov 2016 18:59:10 +0000 (+0000)
Subject: regress: Provide Makefile targets to generate fuzzer inputs
X-Git-Tag: adns-1.6.0~87
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=9cad514abb308ba57b3c87a63d035bf9ea6c1ed1;p=adns.git

regress: Provide Makefile targets to generate fuzzer inputs

These will be useful for seeding AFL and may be useful for other
purposes.  This also lets us check that at least with our existing
test cases, the corresponding fuzzer input files work.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

This reverts commit 44843c19f7b3ebf59aa4cda4cef9be0f5d973126.
---

diff --git a/.gitignore b/.gitignore
index 0d0daf9..4218eae 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,6 +34,7 @@ regress/*_record
 regress/*_playback
 regress/*_fuzz
 regress/output-*.*
+regress/fuzz-*
 regress/pipe.out
 regress/pipe.err
 regress/harness.h
diff --git a/regress/Makefile.in b/regress/Makefile.in
index 846c236..3c5252f 100644
--- a/regress/Makefile.in
+++ b/regress/Makefile.in
@@ -53,9 +53,23 @@ check:		$(TARGETS) $(addprefix check-,$(ALL_TESTS))
 		@echo
 		@echo 'all tests passed or maybe skipped.'
 
+checkfuzz:	$(TARGETS) $(addprefix checkfuzz-,$(ALL_TESTS))
+		@echo
+		@echo 'all fuzzes passed or maybe skipped.'
+# this target is mostly useful as prep work for running the fuzzer;
+# it doesn't really test any of adns
+
 check-%:	case-%.sys
 		@srcdir=$(srcdir) $(srcdir)/r1test $* || test $$? = 5
 
+fuzz-%:		case-%.sys $(TARGETS) make1fuzz shlib
+		srcdir=$(srcdir) $(srcdir)/make1fuzz $*
+
+.PRECIOUS: fuzz-%
+
+checkfuzz-%:	fuzz-% $(TARGETS)
+		@srcdir=$(srcdir) $(srcdir)/check1fuzz $< || test $$? = 5
+
 LINK_CMD=	$(CC) $(LDFLAGS) $^ $(LDLIBS) -o $@
 
 %_record:	%_c.o hrecord.o hnonfuzz.o $(HARNLOBJS)
diff --git a/regress/check1fuzz b/regress/check1fuzz
new file mode 100755
index 0000000..73ed172
--- /dev/null
+++ b/regress/check1fuzz
@@ -0,0 +1,28 @@
+#!/bin/sh
+# usage: check1fuzz <fuzzer stimulus file>
+# fuzz check script, for checking that one fuzz input works
+
+set -e
+: ${srcdir=.}
+. "$srcdir"/shlib
+
+fuzzfile="$1"
+
+exec <"$fuzzfile"
+
+desc="${fuzzfile#fuzz-}"
+
+read nargs
+if [ "$nargs" = 0 ]; then printf "SKIPPED-$desc "; exit 5; fi
+
+read arg1len
+read program
+
+case "$program" in
+*/*)	;;
+*)	program="./$program" ;;
+esac
+
+${program} <"$fuzzfile" >/dev/null
+
+printf "$desc "
diff --git a/regress/make1fuzz b/regress/make1fuzz
new file mode 100755
index 0000000..a7a08f2
--- /dev/null
+++ b/regress/make1fuzz
@@ -0,0 +1,49 @@
+#!/bin/sh
+set -e
+
+: ${srcdir=.}
+. "$srcdir"/shlib
+
+casename="$1"
+
+playback_prepare
+
+ofuzz="fuzz-$casename"
+
+rm -f "$ofuzz.tmp"
+exec >"$ofuzz.tmp"
+
+fuzzout_complete () {
+	mv "$ofuzz.tmp" "$ofuzz"
+	exit 0
+}
+
+if test ! -e $playback; then
+	echo 0
+	fuzzout_complete
+fi
+
+playback_execute_callback () {
+	set "${program}_fuzz" "$@"
+
+	printf "%d\n" "$#"
+	for a in "$@"; do
+		printf "%d\n" "${#a}"
+		printf "%s\n" "$a"
+	done
+}
+playback_execute
+
+if test -e "$case.in"
+then
+	inputsz=$(stat -c'%s' -L "$case.in")
+	printf "%d\n" "$inputsz"
+	cat "$case.in"
+else
+	echo 0
+fi
+echo
+
+cat <&4
+
+fuzzout_complete
diff --git a/settings.make.in b/settings.make.in
index e68899d..3b1e4bd 100644
--- a/settings.make.in
+++ b/settings.make.in
@@ -29,7 +29,7 @@ clean mostlyclean:
 		rm -f $(TARGETS) $(AUTOCSRCS) $(AUTOCHDRS)
 		rm -f *.o *.tmp* *.so *.so.* pipe.*
 		rm -f output-*.err output-*.leftover
-		rm -f output-*.out output-*.report
+		rm -f output-*.out output-*.report fuzz-*
 
 distclean:		clean
 		rm -f *~ ./#*# core *.orig *.rej Makefile config.h