Mercurial > dropbear
comparison fuzz/fuzz-common.c @ 1760:2406a9987810
Add first try at fuzzing custom mutator
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 25 Oct 2020 22:52:36 +0800 |
| parents | 1365661f6be6 |
| children | b688c884dad7 |
comparison
equal
deleted
inserted
replaced
| 1759:4c5599435084 | 1760:2406a9987810 |
|---|---|
| 254 wrapfd_setseed(wrapseed); | 254 wrapfd_setseed(wrapseed); |
| 255 | 255 |
| 256 int fakesock = wrapfd_new(); | 256 int fakesock = wrapfd_new(); |
| 257 | 257 |
| 258 m_malloc_set_epoch(1); | 258 m_malloc_set_epoch(1); |
| 259 fuzz.do_jmp = 1; | |
| 259 if (setjmp(fuzz.jmp) == 0) { | 260 if (setjmp(fuzz.jmp) == 0) { |
| 260 svr_session(fakesock, fakesock); | 261 svr_session(fakesock, fakesock); |
| 261 m_malloc_free_epoch(1, 0); | 262 m_malloc_free_epoch(1, 0); |
| 262 } else { | 263 } else { |
| 264 fuzz.do_jmp = 0; | |
| 263 m_malloc_free_epoch(1, 1); | 265 m_malloc_free_epoch(1, 1); |
| 264 TRACE(("dropbear_exit longjmped")) | 266 TRACE(("dropbear_exit longjmped")) |
| 265 /* dropbear_exit jumped here */ | 267 /* dropbear_exit jumped here */ |
| 266 } | 268 } |
| 267 | 269 |
| 300 wrapfd_setseed(wrapseed); | 302 wrapfd_setseed(wrapseed); |
| 301 | 303 |
| 302 int fakesock = wrapfd_new(); | 304 int fakesock = wrapfd_new(); |
| 303 | 305 |
| 304 m_malloc_set_epoch(1); | 306 m_malloc_set_epoch(1); |
| 307 fuzz.do_jmp = 1; | |
| 305 if (setjmp(fuzz.jmp) == 0) { | 308 if (setjmp(fuzz.jmp) == 0) { |
| 306 cli_session(fakesock, fakesock, NULL, 0); | 309 cli_session(fakesock, fakesock, NULL, 0); |
| 307 m_malloc_free_epoch(1, 0); | 310 m_malloc_free_epoch(1, 0); |
| 308 } else { | 311 } else { |
| 312 fuzz.do_jmp = 0; | |
| 309 m_malloc_free_epoch(1, 1); | 313 m_malloc_free_epoch(1, 1); |
| 310 TRACE(("dropbear_exit longjmped")) | 314 TRACE(("dropbear_exit longjmped")) |
| 311 /* dropbear_exit jumped here */ | 315 /* dropbear_exit jumped here */ |
| 312 } | 316 } |
| 313 | 317 |