diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-01-18 19:52:44 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-01-20 00:24:39 +1100 |
| commit | 80603c0daa2538c349c1c152405580b164d5475f (patch) | |
| tree | f9af28a55dfd54dd4b35053de8f19406ed6b9957 /regress/unittests | |
| parent | 87d5495bd337e358ad69c524fcb9495208c0750b (diff) | |
upstream commit
add a fuzz_matches_original() function to the fuzzer to
detect fuzz cases that are identical to the original data. Hacky
implementation, but very useful when you need the fuzz to be different, e.g.
when verifying signature
Diffstat (limited to 'regress/unittests')
| -rw-r--r-- | regress/unittests/test_helper/fuzz.c | 10 | ||||
| -rw-r--r-- | regress/unittests/test_helper/test_helper.h | 10 |
2 files changed, 18 insertions, 2 deletions
diff --git a/regress/unittests/test_helper/fuzz.c b/regress/unittests/test_helper/fuzz.c index 93cff6969..06fb247ef 100644 --- a/regress/unittests/test_helper/fuzz.c +++ b/regress/unittests/test_helper/fuzz.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: fuzz.c,v 1.6 2015/01/18 19:50:55 djm Exp $ */ | 1 | /* $OpenBSD: fuzz.c,v 1.7 2015/01/18 19:52:44 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2011 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2011 Damien Miller <djm@mindrot.org> |
| 4 | * | 4 | * |
| @@ -378,6 +378,14 @@ fuzz_next(struct fuzz *fuzz) | |||
| 378 | } | 378 | } |
| 379 | 379 | ||
| 380 | int | 380 | int |
| 381 | fuzz_matches_original(struct fuzz *fuzz) | ||
| 382 | { | ||
| 383 | if (fuzz_len(fuzz) != fuzz->slen) | ||
| 384 | return 0; | ||
| 385 | return memcmp(fuzz_ptr(fuzz), fuzz->seed, fuzz->slen) == 0; | ||
| 386 | } | ||
| 387 | |||
| 388 | int | ||
| 381 | fuzz_done(struct fuzz *fuzz) | 389 | fuzz_done(struct fuzz *fuzz) |
| 382 | { | 390 | { |
| 383 | FUZZ_DBG(("fuzz = %p, strategies = 0x%lx", fuzz, | 391 | FUZZ_DBG(("fuzz = %p, strategies = 0x%lx", fuzz, |
diff --git a/regress/unittests/test_helper/test_helper.h b/regress/unittests/test_helper/test_helper.h index 48c888ac3..1d9c66986 100644 --- a/regress/unittests/test_helper/test_helper.h +++ b/regress/unittests/test_helper/test_helper.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: test_helper.h,v 1.5 2015/01/15 07:36:28 djm Exp $ */ | 1 | /* $OpenBSD: test_helper.h,v 1.6 2015/01/18 19:52:44 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2011 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2011 Damien Miller <djm@mindrot.org> |
| 4 | * | 4 | * |
| @@ -283,6 +283,13 @@ void fuzz_cleanup(struct fuzz *fuzz); | |||
| 283 | /* Prepare the next fuzz case in the series */ | 283 | /* Prepare the next fuzz case in the series */ |
| 284 | void fuzz_next(struct fuzz *fuzz); | 284 | void fuzz_next(struct fuzz *fuzz); |
| 285 | 285 | ||
| 286 | /* | ||
| 287 | * Check whether this fuzz case is identical to the original | ||
| 288 | * This is slow, but useful if the caller needs to ensure that all tests | ||
| 289 | * generated change the input (e.g. when fuzzing signatures). | ||
| 290 | */ | ||
| 291 | int fuzz_matches_original(struct fuzz *fuzz); | ||
| 292 | |||
| 286 | /* Determine whether the current fuzz sequence is exhausted (nonzero = yes) */ | 293 | /* Determine whether the current fuzz sequence is exhausted (nonzero = yes) */ |
| 287 | int fuzz_done(struct fuzz *fuzz); | 294 | int fuzz_done(struct fuzz *fuzz); |
| 288 | 295 | ||
| @@ -292,4 +299,5 @@ u_char *fuzz_ptr(struct fuzz *fuzz); | |||
| 292 | 299 | ||
| 293 | /* Dump the current fuzz case to stderr */ | 300 | /* Dump the current fuzz case to stderr */ |
| 294 | void fuzz_dump(struct fuzz *fuzz); | 301 | void fuzz_dump(struct fuzz *fuzz); |
| 302 | |||
| 295 | #endif /* _TEST_HELPER_H */ | 303 | #endif /* _TEST_HELPER_H */ |