/work/obj-fuzz/dist/include/mozilla/ipc/Faulty.h

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef mozilla_ipc_Faulty_h
#define mozilla_ipc_Faulty_h

#include <set>
#include <string>
#include <vector>
#include "base/string16.h"
#include "base/singleton.h"
#include "nsDebug.h"
#include "nsTArray.h"

#define FAULTY_DEFAULT_PROBABILITY 1000
#define FAULTY_DEFAULT_MUTATION_FACTOR 10
#define FAULTY_LOG(fmt, args...) \
  if (mozilla::ipc::Faulty::IsLoggingEnabled()) { \
    printf_stderr("[Faulty] (%10u) " fmt "\n", getpid(), ## args); \
  }

namespace IPC {
  // Needed for blacklisting messages.
  class Message;
}

namespace mozilla {
namespace ipc {

class Faulty
{
  public:
    // Used as a default argument for the Fuzz|datatype| methods.
    static const unsigned int sDefaultProbability;

    static unsigned int DefaultProbability(void);
    static bool Logging(void);
    static bool IsLoggingEnabled(void) { return sIsLoggingEnabled; }
    static std::vector<uint8_t> GetDataFromIPCMessage(IPC::Message* aMsg);
    static nsresult CreateOutputDirectory(const char *aPathname);
    static nsresult ReadFile(const char* aPathname, nsTArray<nsCString> &aArray);
    static void CopyFDs(IPC::Message* aDstMsg, IPC::Message* aSrcMsg);

    // Fuzzing methods for Pickle.
    void FuzzBool(bool* aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzChar(char* aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzUChar(unsigned char* aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzInt16(int16_t* aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzUInt16(uint16_t* aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzInt(int* aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzUInt32(uint32_t* aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzLong(long* aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzULong(unsigned long* aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzInt64(int64_t* aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzUInt64(uint64_t* aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzSize(size_t* aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzFloat(float* aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzDouble(double* aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzString(std::string& aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzWString(std::wstring& aValue, unsigned int aProbability=sDefaultProbability);
    void FuzzBytes(void* aData, int aLength, unsigned int aProbability=sDefaultProbability);

    // Fuzzing methods for pipe fuzzing.
    void MaybeCollectAndClosePipe(int aPipe, unsigned int aProbability=sDefaultProbability);

    // Fuzzing methods for message blob fuzzing.
    void DumpMessage(const char *aChannel, IPC::Message* aMsg, std::string aAppendix=nullptr);
    bool IsMessageNameBlacklisted(const char* aMessageName);
    IPC::Message* MutateIPCMessage(const char *aChannel, IPC::Message* aMsg,
      unsigned int aProbability=sDefaultProbability);

    void LogMessage(const char* aChannel, IPC::Message* aMsg);

  private:
    std::set<int> mFds;

    const bool mFuzzMessages;
    const bool mFuzzPipes;
    const bool mFuzzPickle;
    const bool mUseLargeValues;
    const bool mUseAsWhitelist;
    const bool mIsValidProcessType;

    const char* mMessagePath;
    const char* mBlacklistPath;

    size_t sMsgCounter;

    static const bool sIsLoggingEnabled;

    Faulty();
    friend struct DefaultSingletonTraits<Faulty>;
    DISALLOW_EVIL_CONSTRUCTORS(Faulty);

    static bool IsValidProcessType(void);
    static uint32_t MutationFactor();

    // Fuzzing methods for Pickle
    void MutateBool(bool* aValue);
    void MutateChar(char* aValue);
    void MutateUChar(unsigned char* aValue);
    void MutateInt16(int16_t* aValue);
    void MutateUInt16(uint16_t* aValue);
    void MutateInt(int* aValue);
    void MutateUInt32(uint32_t* aValue);
    void MutateLong(long* aValue);
    void MutateULong(unsigned long* aValue);
    void MutateInt64(int64_t* aValue);
    void MutateUInt64(uint64_t* aValue);
    void MutateSize(size_t* aValue);
    void MutateFloat(float* aValue);
    void MutateDouble(double* aValue);
};

} // namespace ipc
} // namespace mozilla

#endif


Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -- */
2		/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3		/* This Source Code Form is subject to the terms of the Mozilla Public
4		* License, v. 2.0. If a copy of the MPL was not distributed with this
5		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7		#ifndef mozilla_ipc_Faulty_h
8		#define mozilla_ipc_Faulty_h
9
10		#include <set>
11		#include <string>
12		#include <vector>
13		#include "base/string16.h"
14		#include "base/singleton.h"
15		#include "nsDebug.h"
16		#include "nsTArray.h"
17
18	3	#define FAULTY_DEFAULT_PROBABILITY 1000
19	0	#define FAULTY_DEFAULT_MUTATION_FACTOR 10
20		#define FAULTY_LOG(fmt, args...) \
21	0	if (mozilla::ipc::Faulty::IsLoggingEnabled()) { \
22	0	printf_stderr("[Faulty] (%10u) " fmt "\n", getpid(), ## args); \
23	0	}
24
25		namespace IPC {
26		// Needed for blacklisting messages.
27		class Message;
28		}
29
30		namespace mozilla {
31		namespace ipc {
32
33		class Faulty
34		{
35		public:
36		// Used as a default argument for the Fuzz\|datatype\| methods.
37		static const unsigned int sDefaultProbability;
38
39		static unsigned int DefaultProbability(void);
40		static bool Logging(void);
41	0	static bool IsLoggingEnabled(void) { return sIsLoggingEnabled; }
42		static std::vector<uint8_t> GetDataFromIPCMessage(IPC::Message* aMsg);
43		static nsresult CreateOutputDirectory(const char *aPathname);
44		static nsresult ReadFile(const char* aPathname, nsTArray<nsCString> &aArray);
45		static void CopyFDs(IPC::Message* aDstMsg, IPC::Message* aSrcMsg);
46
47		// Fuzzing methods for Pickle.
48		void FuzzBool(bool* aValue, unsigned int aProbability=sDefaultProbability);
49		void FuzzChar(char* aValue, unsigned int aProbability=sDefaultProbability);
50		void FuzzUChar(unsigned char* aValue, unsigned int aProbability=sDefaultProbability);
51		void FuzzInt16(int16_t* aValue, unsigned int aProbability=sDefaultProbability);
52		void FuzzUInt16(uint16_t* aValue, unsigned int aProbability=sDefaultProbability);
53		void FuzzInt(int* aValue, unsigned int aProbability=sDefaultProbability);
54		void FuzzUInt32(uint32_t* aValue, unsigned int aProbability=sDefaultProbability);
55		void FuzzLong(long* aValue, unsigned int aProbability=sDefaultProbability);
56		void FuzzULong(unsigned long* aValue, unsigned int aProbability=sDefaultProbability);
57		void FuzzInt64(int64_t* aValue, unsigned int aProbability=sDefaultProbability);
58		void FuzzUInt64(uint64_t* aValue, unsigned int aProbability=sDefaultProbability);
59		void FuzzSize(size_t* aValue, unsigned int aProbability=sDefaultProbability);
60		void FuzzFloat(float* aValue, unsigned int aProbability=sDefaultProbability);
61		void FuzzDouble(double* aValue, unsigned int aProbability=sDefaultProbability);
62		void FuzzString(std::string& aValue, unsigned int aProbability=sDefaultProbability);
63		void FuzzWString(std::wstring& aValue, unsigned int aProbability=sDefaultProbability);
64		void FuzzBytes(void* aData, int aLength, unsigned int aProbability=sDefaultProbability);
65
66		// Fuzzing methods for pipe fuzzing.
67		void MaybeCollectAndClosePipe(int aPipe, unsigned int aProbability=sDefaultProbability);
68
69		// Fuzzing methods for message blob fuzzing.
70		void DumpMessage(const char aChannel, IPC::Message aMsg, std::string aAppendix=nullptr);
71		bool IsMessageNameBlacklisted(const char* aMessageName);
72		IPC::Message* MutateIPCMessage(const char aChannel, IPC::Message aMsg,
73		unsigned int aProbability=sDefaultProbability);
74
75		void LogMessage(const char* aChannel, IPC::Message* aMsg);
76
77		private:
78		std::set<int> mFds;
79
80		const bool mFuzzMessages;
81		const bool mFuzzPipes;
82		const bool mFuzzPickle;
83		const bool mUseLargeValues;
84		const bool mUseAsWhitelist;
85		const bool mIsValidProcessType;
86
87		const char* mMessagePath;
88		const char* mBlacklistPath;
89
90		size_t sMsgCounter;
91
92		static const bool sIsLoggingEnabled;
93
94		Faulty();
95		friend struct DefaultSingletonTraits<Faulty>;
96		DISALLOW_EVIL_CONSTRUCTORS(Faulty);
97
98		static bool IsValidProcessType(void);
99		static uint32_t MutationFactor();
100
101		// Fuzzing methods for Pickle
102		void MutateBool(bool* aValue);
103		void MutateChar(char* aValue);
104		void MutateUChar(unsigned char* aValue);
105		void MutateInt16(int16_t* aValue);
106		void MutateUInt16(uint16_t* aValue);
107		void MutateInt(int* aValue);
108		void MutateUInt32(uint32_t* aValue);
109		void MutateLong(long* aValue);
110		void MutateULong(unsigned long* aValue);
111		void MutateInt64(int64_t* aValue);
112		void MutateUInt64(uint64_t* aValue);
113		void MutateSize(size_t* aValue);
114		void MutateFloat(float* aValue);
115		void MutateDouble(double* aValue);
116		};
117
118		} // namespace ipc
119		} // namespace mozilla
120
121		#endif
122

Coverage Report

Created: 2018-09-25 14:53