Coverage Report

Created: 2026-04-06 07:40

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/libssh/tests/fuzz/nallocinc.c
Line
Count
Source
1
/*
2
 MIT License
3
4
 Copyright (c) 2025 Catena cyber
5
6
 Permission is hereby granted, free of charge, to any person obtaining a copy
7
 of this software and associated documentation files (the "Software"), to deal
8
 in the Software without restriction, including without limitation the rights
9
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10
 copies of the Software, and to permit persons to whom the Software is
11
 furnished to do so, subject to the following conditions:
12
13
 The above copyright notice and this permission notice shall be included in all
14
 copies or substantial portions of the Software.
15
16
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22
 SOFTWARE.
23
*/
24
25
/* Nalloc fuzz : framework to make allocations and IO fail while fuzzing */
26
27
/* Environment variables to control nalloc fuzz behavior :
28
 * NALLOC_VERBOSE: set it to log failed allocations with their stacktraces
29
 * NALLOC_FREQ: set it to control how frequently allocations fail
30
 *  value 0 disables nalloc (no allocations fail)
31
 *  value 1..31 : allocations fail always (1) or very rarely (31 -> 1 / 2^31)
32
 *  value 32 : allocations fail at a random rate between 5 and 20 for each run
33
 */
34
#if defined(__clang__) && defined(__has_feature)
35
#if __has_feature(address_sanitizer)
36
#define NALLOC_ASAN 1
37
#endif
38
#endif
39
40
#include <errno.h>
41
#include <stdbool.h>
42
#include <stdint.h>
43
#include <stdio.h>
44
#include <stdlib.h>
45
#include <string.h>
46
47
#ifdef __cplusplus
48
extern "C" {
49
#endif
50
51
static const uint32_t nalloc_crc32_table[] = {
52
    0x00000000, 0x04c11db7, 0x09823b6e, 0x0d4326d9, 0x130476dc, 0x17c56b6b,
53
    0x1a864db2, 0x1e475005, 0x2608edb8, 0x22c9f00f, 0x2f8ad6d6, 0x2b4bcb61,
54
    0x350c9b64, 0x31cd86d3, 0x3c8ea00a, 0x384fbdbd, 0x4c11db70, 0x48d0c6c7,
55
    0x4593e01e, 0x4152fda9, 0x5f15adac, 0x5bd4b01b, 0x569796c2, 0x52568b75,
56
    0x6a1936c8, 0x6ed82b7f, 0x639b0da6, 0x675a1011, 0x791d4014, 0x7ddc5da3,
57
    0x709f7b7a, 0x745e66cd, 0x9823b6e0, 0x9ce2ab57, 0x91a18d8e, 0x95609039,
58
    0x8b27c03c, 0x8fe6dd8b, 0x82a5fb52, 0x8664e6e5, 0xbe2b5b58, 0xbaea46ef,
59
    0xb7a96036, 0xb3687d81, 0xad2f2d84, 0xa9ee3033, 0xa4ad16ea, 0xa06c0b5d,
60
    0xd4326d90, 0xd0f37027, 0xddb056fe, 0xd9714b49, 0xc7361b4c, 0xc3f706fb,
61
    0xceb42022, 0xca753d95, 0xf23a8028, 0xf6fb9d9f, 0xfbb8bb46, 0xff79a6f1,
62
    0xe13ef6f4, 0xe5ffeb43, 0xe8bccd9a, 0xec7dd02d, 0x34867077, 0x30476dc0,
63
    0x3d044b19, 0x39c556ae, 0x278206ab, 0x23431b1c, 0x2e003dc5, 0x2ac12072,
64
    0x128e9dcf, 0x164f8078, 0x1b0ca6a1, 0x1fcdbb16, 0x018aeb13, 0x054bf6a4,
65
    0x0808d07d, 0x0cc9cdca, 0x7897ab07, 0x7c56b6b0, 0x71159069, 0x75d48dde,
66
    0x6b93dddb, 0x6f52c06c, 0x6211e6b5, 0x66d0fb02, 0x5e9f46bf, 0x5a5e5b08,
67
    0x571d7dd1, 0x53dc6066, 0x4d9b3063, 0x495a2dd4, 0x44190b0d, 0x40d816ba,
68
    0xaca5c697, 0xa864db20, 0xa527fdf9, 0xa1e6e04e, 0xbfa1b04b, 0xbb60adfc,
69
    0xb6238b25, 0xb2e29692, 0x8aad2b2f, 0x8e6c3698, 0x832f1041, 0x87ee0df6,
70
    0x99a95df3, 0x9d684044, 0x902b669d, 0x94ea7b2a, 0xe0b41de7, 0xe4750050,
71
    0xe9362689, 0xedf73b3e, 0xf3b06b3b, 0xf771768c, 0xfa325055, 0xfef34de2,
72
    0xc6bcf05f, 0xc27dede8, 0xcf3ecb31, 0xcbffd686, 0xd5b88683, 0xd1799b34,
73
    0xdc3abded, 0xd8fba05a, 0x690ce0ee, 0x6dcdfd59, 0x608edb80, 0x644fc637,
74
    0x7a089632, 0x7ec98b85, 0x738aad5c, 0x774bb0eb, 0x4f040d56, 0x4bc510e1,
75
    0x46863638, 0x42472b8f, 0x5c007b8a, 0x58c1663d, 0x558240e4, 0x51435d53,
76
    0x251d3b9e, 0x21dc2629, 0x2c9f00f0, 0x285e1d47, 0x36194d42, 0x32d850f5,
77
    0x3f9b762c, 0x3b5a6b9b, 0x0315d626, 0x07d4cb91, 0x0a97ed48, 0x0e56f0ff,
78
    0x1011a0fa, 0x14d0bd4d, 0x19939b94, 0x1d528623, 0xf12f560e, 0xf5ee4bb9,
79
    0xf8ad6d60, 0xfc6c70d7, 0xe22b20d2, 0xe6ea3d65, 0xeba91bbc, 0xef68060b,
80
    0xd727bbb6, 0xd3e6a601, 0xdea580d8, 0xda649d6f, 0xc423cd6a, 0xc0e2d0dd,
81
    0xcda1f604, 0xc960ebb3, 0xbd3e8d7e, 0xb9ff90c9, 0xb4bcb610, 0xb07daba7,
82
    0xae3afba2, 0xaafbe615, 0xa7b8c0cc, 0xa379dd7b, 0x9b3660c6, 0x9ff77d71,
83
    0x92b45ba8, 0x9675461f, 0x8832161a, 0x8cf30bad, 0x81b02d74, 0x857130c3,
84
    0x5d8a9099, 0x594b8d2e, 0x5408abf7, 0x50c9b640, 0x4e8ee645, 0x4a4ffbf2,
85
    0x470cdd2b, 0x43cdc09c, 0x7b827d21, 0x7f436096, 0x7200464f, 0x76c15bf8,
86
    0x68860bfd, 0x6c47164a, 0x61043093, 0x65c52d24, 0x119b4be9, 0x155a565e,
87
    0x18197087, 0x1cd86d30, 0x029f3d35, 0x065e2082, 0x0b1d065b, 0x0fdc1bec,
88
    0x3793a651, 0x3352bbe6, 0x3e119d3f, 0x3ad08088, 0x2497d08d, 0x2056cd3a,
89
    0x2d15ebe3, 0x29d4f654, 0xc5a92679, 0xc1683bce, 0xcc2b1d17, 0xc8ea00a0,
90
    0xd6ad50a5, 0xd26c4d12, 0xdf2f6bcb, 0xdbee767c, 0xe3a1cbc1, 0xe760d676,
91
    0xea23f0af, 0xeee2ed18, 0xf0a5bd1d, 0xf464a0aa, 0xf9278673, 0xfde69bc4,
92
    0x89b8fd09, 0x8d79e0be, 0x803ac667, 0x84fbdbd0, 0x9abc8bd5, 0x9e7d9662,
93
    0x933eb0bb, 0x97ffad0c, 0xafb010b1, 0xab710d06, 0xa6322bdf, 0xa2f33668,
94
    0xbcb4666d, 0xb8757bda, 0xb5365d03, 0xb1f740b4};
95
96
// Nallocfuzz data to take a decision
97
uint32_t nalloc_random_state = 0;
98
__thread unsigned int nalloc_running = 0;
99
bool nalloc_initialized = false;
100
uint32_t nalloc_runs = 0;
101
102
// Nalloc fuzz parameters
103
uint32_t nalloc_bitmask = 0xFF;
104
bool nalloc_random_bitmask = true;
105
uint32_t nalloc_magic = 0x294cee63;
106
bool nalloc_verbose = false;
107
108
#ifdef NALLOC_ASAN
109
extern void __sanitizer_print_stack_trace(void);
110
#endif
111
112
// Generic init, using env variables to get parameters
113
void nalloc_init(const char *prog)
114
40
{
115
40
    if (nalloc_initialized) {
116
0
        return;
117
0
    }
118
40
    nalloc_initialized = true;
119
40
    char *bitmask = getenv("NALLOC_FREQ");
120
40
    if (bitmask) {
121
0
        int shift = atoi(bitmask);
122
0
        if (shift > 0 && shift < 31) {
123
0
            nalloc_bitmask = 1 << shift;
124
0
            nalloc_random_bitmask = false;
125
0
        } else if (shift == 0) {
126
0
            nalloc_random_bitmask = false;
127
0
            nalloc_bitmask = 0;
128
0
        }
129
40
    } else if (prog == NULL || strstr(prog, "nalloc") == NULL) {
130
20
        nalloc_random_bitmask = false;
131
20
        nalloc_bitmask = 0;
132
20
        return;
133
20
    }
134
135
20
    char *verbose = getenv("NALLOC_VERBOSE");
136
20
    if (verbose) {
137
0
        nalloc_verbose = true;
138
0
    }
139
20
}
140
141
// add one byte to the CRC
142
static inline void nalloc_random_update(uint8_t b)
143
287M
{
144
287M
    nalloc_random_state =
145
287M
        ((uint32_t)((uint32_t)nalloc_random_state << 8)) ^
146
287M
        nalloc_crc32_table[((nalloc_random_state >> 24) ^ b) & 0xFF];
147
287M
}
ssh_client_config_fuzzer.c:nalloc_random_update
Line
Count
Source
143
11.5M
{
144
11.5M
    nalloc_random_state =
145
11.5M
        ((uint32_t)((uint32_t)nalloc_random_state << 8)) ^
146
11.5M
        nalloc_crc32_table[((nalloc_random_state >> 24) ^ b) & 0xFF];
147
11.5M
}
ssh_pubkey_fuzzer.c:nalloc_random_update
Line
Count
Source
143
52.6M
{
144
52.6M
    nalloc_random_state =
145
52.6M
        ((uint32_t)((uint32_t)nalloc_random_state << 8)) ^
146
52.6M
        nalloc_crc32_table[((nalloc_random_state >> 24) ^ b) & 0xFF];
147
52.6M
}
ssh_known_hosts_fuzzer.c:nalloc_random_update
Line
Count
Source
143
10.1M
{
144
10.1M
    nalloc_random_state =
145
10.1M
        ((uint32_t)((uint32_t)nalloc_random_state << 8)) ^
146
10.1M
        nalloc_crc32_table[((nalloc_random_state >> 24) ^ b) & 0xFF];
147
10.1M
}
ssh_privkey_fuzzer.c:nalloc_random_update
Line
Count
Source
143
14.2M
{
144
14.2M
    nalloc_random_state =
145
14.2M
        ((uint32_t)((uint32_t)nalloc_random_state << 8)) ^
146
14.2M
        nalloc_crc32_table[((nalloc_random_state >> 24) ^ b) & 0xFF];
147
14.2M
}
ssh_client_fuzzer.c:nalloc_random_update
Line
Count
Source
143
12.8M
{
144
12.8M
    nalloc_random_state =
145
12.8M
        ((uint32_t)((uint32_t)nalloc_random_state << 8)) ^
146
12.8M
        nalloc_crc32_table[((nalloc_random_state >> 24) ^ b) & 0xFF];
147
12.8M
}
ssh_scp_fuzzer.c:nalloc_random_update
Line
Count
Source
143
98.5M
{
144
98.5M
    nalloc_random_state =
145
98.5M
        ((uint32_t)((uint32_t)nalloc_random_state << 8)) ^
146
98.5M
        nalloc_crc32_table[((nalloc_random_state >> 24) ^ b) & 0xFF];
147
98.5M
}
ssh_server_fuzzer.c:nalloc_random_update
Line
Count
Source
143
16.2M
{
144
16.2M
    nalloc_random_state =
145
16.2M
        ((uint32_t)((uint32_t)nalloc_random_state << 8)) ^
146
16.2M
        nalloc_crc32_table[((nalloc_random_state >> 24) ^ b) & 0xFF];
147
16.2M
}
ssh_bind_config_fuzzer.c:nalloc_random_update
Line
Count
Source
143
23.1M
{
144
23.1M
    nalloc_random_state =
145
23.1M
        ((uint32_t)((uint32_t)nalloc_random_state << 8)) ^
146
23.1M
        nalloc_crc32_table[((nalloc_random_state >> 24) ^ b) & 0xFF];
147
23.1M
}
ssh_sshsig_fuzzer.c:nalloc_random_update
Line
Count
Source
143
22.3M
{
144
22.3M
    nalloc_random_state =
145
22.3M
        ((uint32_t)((uint32_t)nalloc_random_state << 8)) ^
146
22.3M
        nalloc_crc32_table[((nalloc_random_state >> 24) ^ b) & 0xFF];
147
22.3M
}
ssh_sftp_attr_fuzzer.c:nalloc_random_update
Line
Count
Source
143
25.9M
{
144
25.9M
    nalloc_random_state =
145
25.9M
        ((uint32_t)((uint32_t)nalloc_random_state << 8)) ^
146
25.9M
        nalloc_crc32_table[((nalloc_random_state >> 24) ^ b) & 0xFF];
147
25.9M
}
148
149
// Start the failure injections, using a buffer as seed
150
static int nalloc_start(const uint8_t *data, size_t size)
151
30.5k
{
152
30.5k
    if (nalloc_random_bitmask) {
153
9.63k
        if (nalloc_random_state & 0x10) {
154
4.78k
            nalloc_bitmask = 0xFFFFFFFF;
155
4.84k
        } else {
156
4.84k
            nalloc_bitmask = 1 << (5 + (nalloc_random_state & 0xF));
157
4.84k
        }
158
20.8k
    } else if (nalloc_bitmask == 0) {
159
        // nalloc disabled
160
20.8k
        return 2;
161
20.8k
    }
162
9.63k
    nalloc_random_state = 0;
163
262M
    for (size_t i = 0; i < size; i++) {
164
262M
        nalloc_random_update(data[i]);
165
262M
    }
166
9.63k
    if (__sync_fetch_and_add(&nalloc_running, 1)) {
167
0
        __sync_fetch_and_sub(&nalloc_running, 1);
168
0
        return 0;
169
0
    }
170
9.63k
    nalloc_runs++;
171
9.63k
    return 1;
172
9.63k
}
ssh_client_config_fuzzer.c:nalloc_start
Line
Count
Source
151
499
{
152
499
    if (nalloc_random_bitmask) {
153
21
        if (nalloc_random_state & 0x10) {
154
7
            nalloc_bitmask = 0xFFFFFFFF;
155
14
        } else {
156
14
            nalloc_bitmask = 1 << (5 + (nalloc_random_state & 0xF));
157
14
        }
158
478
    } else if (nalloc_bitmask == 0) {
159
        // nalloc disabled
160
478
        return 2;
161
478
    }
162
21
    nalloc_random_state = 0;
163
11.4M
    for (size_t i = 0; i < size; i++) {
164
11.4M
        nalloc_random_update(data[i]);
165
11.4M
    }
166
21
    if (__sync_fetch_and_add(&nalloc_running, 1)) {
167
0
        __sync_fetch_and_sub(&nalloc_running, 1);
168
0
        return 0;
169
0
    }
170
21
    nalloc_runs++;
171
21
    return 1;
172
21
}
ssh_pubkey_fuzzer.c:nalloc_start
Line
Count
Source
151
3.75k
{
152
3.75k
    if (nalloc_random_bitmask) {
153
1.38k
        if (nalloc_random_state & 0x10) {
154
699
            nalloc_bitmask = 0xFFFFFFFF;
155
699
        } else {
156
687
            nalloc_bitmask = 1 << (5 + (nalloc_random_state & 0xF));
157
687
        }
158
2.37k
    } else if (nalloc_bitmask == 0) {
159
        // nalloc disabled
160
2.37k
        return 2;
161
2.37k
    }
162
1.38k
    nalloc_random_state = 0;
163
52.5M
    for (size_t i = 0; i < size; i++) {
164
52.5M
        nalloc_random_update(data[i]);
165
52.5M
    }
166
1.38k
    if (__sync_fetch_and_add(&nalloc_running, 1)) {
167
0
        __sync_fetch_and_sub(&nalloc_running, 1);
168
0
        return 0;
169
0
    }
170
1.38k
    nalloc_runs++;
171
1.38k
    return 1;
172
1.38k
}
ssh_known_hosts_fuzzer.c:nalloc_start
Line
Count
Source
151
4.07k
{
152
4.07k
    if (nalloc_random_bitmask) {
153
1.65k
        if (nalloc_random_state & 0x10) {
154
868
            nalloc_bitmask = 0xFFFFFFFF;
155
868
        } else {
156
789
            nalloc_bitmask = 1 << (5 + (nalloc_random_state & 0xF));
157
789
        }
158
2.42k
    } else if (nalloc_bitmask == 0) {
159
        // nalloc disabled
160
2.42k
        return 2;
161
2.42k
    }
162
1.65k
    nalloc_random_state = 0;
163
9.45M
    for (size_t i = 0; i < size; i++) {
164
9.44M
        nalloc_random_update(data[i]);
165
9.44M
    }
166
1.65k
    if (__sync_fetch_and_add(&nalloc_running, 1)) {
167
0
        __sync_fetch_and_sub(&nalloc_running, 1);
168
0
        return 0;
169
0
    }
170
1.65k
    nalloc_runs++;
171
1.65k
    return 1;
172
1.65k
}
ssh_privkey_fuzzer.c:nalloc_start
Line
Count
Source
151
239
{
152
239
    if (nalloc_random_bitmask) {
153
178
        if (nalloc_random_state & 0x10) {
154
94
            nalloc_bitmask = 0xFFFFFFFF;
155
94
        } else {
156
84
            nalloc_bitmask = 1 << (5 + (nalloc_random_state & 0xF));
157
84
        }
158
178
    } else if (nalloc_bitmask == 0) {
159
        // nalloc disabled
160
61
        return 2;
161
61
    }
162
178
    nalloc_random_state = 0;
163
14.2M
    for (size_t i = 0; i < size; i++) {
164
14.2M
        nalloc_random_update(data[i]);
165
14.2M
    }
166
178
    if (__sync_fetch_and_add(&nalloc_running, 1)) {
167
0
        __sync_fetch_and_sub(&nalloc_running, 1);
168
0
        return 0;
169
0
    }
170
178
    nalloc_runs++;
171
178
    return 1;
172
178
}
ssh_client_fuzzer.c:nalloc_start
Line
Count
Source
151
5.19k
{
152
5.19k
    if (nalloc_random_bitmask) {
153
1.78k
        if (nalloc_random_state & 0x10) {
154
887
            nalloc_bitmask = 0xFFFFFFFF;
155
899
        } else {
156
899
            nalloc_bitmask = 1 << (5 + (nalloc_random_state & 0xF));
157
899
        }
158
3.41k
    } else if (nalloc_bitmask == 0) {
159
        // nalloc disabled
160
3.41k
        return 2;
161
3.41k
    }
162
1.78k
    nalloc_random_state = 0;
163
11.1M
    for (size_t i = 0; i < size; i++) {
164
11.1M
        nalloc_random_update(data[i]);
165
11.1M
    }
166
1.78k
    if (__sync_fetch_and_add(&nalloc_running, 1)) {
167
0
        __sync_fetch_and_sub(&nalloc_running, 1);
168
0
        return 0;
169
0
    }
170
1.78k
    nalloc_runs++;
171
1.78k
    return 1;
172
1.78k
}
ssh_scp_fuzzer.c:nalloc_start
Line
Count
Source
151
1.41k
{
152
1.41k
    if (nalloc_random_bitmask) {
153
699
        if (nalloc_random_state & 0x10) {
154
338
            nalloc_bitmask = 0xFFFFFFFF;
155
361
        } else {
156
361
            nalloc_bitmask = 1 << (5 + (nalloc_random_state & 0xF));
157
361
        }
158
720
    } else if (nalloc_bitmask == 0) {
159
        // nalloc disabled
160
720
        return 2;
161
720
    }
162
699
    nalloc_random_state = 0;
163
94.7M
    for (size_t i = 0; i < size; i++) {
164
94.7M
        nalloc_random_update(data[i]);
165
94.7M
    }
166
699
    if (__sync_fetch_and_add(&nalloc_running, 1)) {
167
0
        __sync_fetch_and_sub(&nalloc_running, 1);
168
0
        return 0;
169
0
    }
170
699
    nalloc_runs++;
171
699
    return 1;
172
699
}
ssh_server_fuzzer.c:nalloc_start
Line
Count
Source
151
9.81k
{
152
9.81k
    if (nalloc_random_bitmask) {
153
2.09k
        if (nalloc_random_state & 0x10) {
154
1.01k
            nalloc_bitmask = 0xFFFFFFFF;
155
1.08k
        } else {
156
1.08k
            nalloc_bitmask = 1 << (5 + (nalloc_random_state & 0xF));
157
1.08k
        }
158
7.71k
    } else if (nalloc_bitmask == 0) {
159
        // nalloc disabled
160
7.71k
        return 2;
161
7.71k
    }
162
2.09k
    nalloc_random_state = 0;
163
15.5M
    for (size_t i = 0; i < size; i++) {
164
15.5M
        nalloc_random_update(data[i]);
165
15.5M
    }
166
2.09k
    if (__sync_fetch_and_add(&nalloc_running, 1)) {
167
0
        __sync_fetch_and_sub(&nalloc_running, 1);
168
0
        return 0;
169
0
    }
170
2.09k
    nalloc_runs++;
171
2.09k
    return 1;
172
2.09k
}
ssh_bind_config_fuzzer.c:nalloc_start
Line
Count
Source
151
523
{
152
523
    if (nalloc_random_bitmask) {
153
115
        if (nalloc_random_state & 0x10) {
154
53
            nalloc_bitmask = 0xFFFFFFFF;
155
62
        } else {
156
62
            nalloc_bitmask = 1 << (5 + (nalloc_random_state & 0xF));
157
62
        }
158
408
    } else if (nalloc_bitmask == 0) {
159
        // nalloc disabled
160
408
        return 2;
161
408
    }
162
115
    nalloc_random_state = 0;
163
5.66M
    for (size_t i = 0; i < size; i++) {
164
5.66M
        nalloc_random_update(data[i]);
165
5.66M
    }
166
115
    if (__sync_fetch_and_add(&nalloc_running, 1)) {
167
0
        __sync_fetch_and_sub(&nalloc_running, 1);
168
0
        return 0;
169
0
    }
170
115
    nalloc_runs++;
171
115
    return 1;
172
115
}
ssh_sshsig_fuzzer.c:nalloc_start
Line
Count
Source
151
3.75k
{
152
3.75k
    if (nalloc_random_bitmask) {
153
1.11k
        if (nalloc_random_state & 0x10) {
154
540
            nalloc_bitmask = 0xFFFFFFFF;
155
574
        } else {
156
574
            nalloc_bitmask = 1 << (5 + (nalloc_random_state & 0xF));
157
574
        }
158
2.64k
    } else if (nalloc_bitmask == 0) {
159
        // nalloc disabled
160
2.64k
        return 2;
161
2.64k
    }
162
1.11k
    nalloc_random_state = 0;
163
22.3M
    for (size_t i = 0; i < size; i++) {
164
22.3M
        nalloc_random_update(data[i]);
165
22.3M
    }
166
1.11k
    if (__sync_fetch_and_add(&nalloc_running, 1)) {
167
0
        __sync_fetch_and_sub(&nalloc_running, 1);
168
0
        return 0;
169
0
    }
170
1.11k
    nalloc_runs++;
171
1.11k
    return 1;
172
1.11k
}
ssh_sftp_attr_fuzzer.c:nalloc_start
Line
Count
Source
151
1.22k
{
152
1.22k
    if (nalloc_random_bitmask) {
153
586
        if (nalloc_random_state & 0x10) {
154
291
            nalloc_bitmask = 0xFFFFFFFF;
155
295
        } else {
156
295
            nalloc_bitmask = 1 << (5 + (nalloc_random_state & 0xF));
157
295
        }
158
638
    } else if (nalloc_bitmask == 0) {
159
        // nalloc disabled
160
638
        return 2;
161
638
    }
162
586
    nalloc_random_state = 0;
163
25.0M
    for (size_t i = 0; i < size; i++) {
164
25.0M
        nalloc_random_update(data[i]);
165
25.0M
    }
166
586
    if (__sync_fetch_and_add(&nalloc_running, 1)) {
167
0
        __sync_fetch_and_sub(&nalloc_running, 1);
168
0
        return 0;
169
0
    }
170
586
    nalloc_runs++;
171
586
    return 1;
172
586
}
173
174
// Stop the failure injections
175
static void nalloc_end()
176
30.5k
{
177
30.5k
    __sync_fetch_and_sub(&nalloc_running, 1);
178
30.5k
}
ssh_client_config_fuzzer.c:nalloc_end
Line
Count
Source
176
499
{
177
499
    __sync_fetch_and_sub(&nalloc_running, 1);
178
499
}
ssh_pubkey_fuzzer.c:nalloc_end
Line
Count
Source
176
3.75k
{
177
3.75k
    __sync_fetch_and_sub(&nalloc_running, 1);
178
3.75k
}
ssh_known_hosts_fuzzer.c:nalloc_end
Line
Count
Source
176
4.07k
{
177
4.07k
    __sync_fetch_and_sub(&nalloc_running, 1);
178
4.07k
}
ssh_privkey_fuzzer.c:nalloc_end
Line
Count
Source
176
239
{
177
239
    __sync_fetch_and_sub(&nalloc_running, 1);
178
239
}
ssh_client_fuzzer.c:nalloc_end
Line
Count
Source
176
5.19k
{
177
5.19k
    __sync_fetch_and_sub(&nalloc_running, 1);
178
5.19k
}
ssh_scp_fuzzer.c:nalloc_end
Line
Count
Source
176
1.41k
{
177
1.41k
    __sync_fetch_and_sub(&nalloc_running, 1);
178
1.41k
}
ssh_server_fuzzer.c:nalloc_end
Line
Count
Source
176
9.81k
{
177
9.81k
    __sync_fetch_and_sub(&nalloc_running, 1);
178
9.81k
}
ssh_bind_config_fuzzer.c:nalloc_end
Line
Count
Source
176
523
{
177
523
    __sync_fetch_and_sub(&nalloc_running, 1);
178
523
}
ssh_sshsig_fuzzer.c:nalloc_end
Line
Count
Source
176
3.75k
{
177
3.75k
    __sync_fetch_and_sub(&nalloc_running, 1);
178
3.75k
}
ssh_sftp_attr_fuzzer.c:nalloc_end
Line
Count
Source
176
1.22k
{
177
1.22k
    __sync_fetch_and_sub(&nalloc_running, 1);
178
1.22k
}
179
180
static bool nalloc_backtrace_exclude(size_t size, const char *op)
181
10.5k
{
182
10.5k
    if (nalloc_verbose) {
183
0
        fprintf(stderr, "failed %s(%zu) \n", op, size);
184
#ifdef NALLOC_ASAN
185
        __sanitizer_print_stack_trace();
186
#endif
187
0
    }
188
189
10.5k
    return false;
190
10.5k
}
ssh_client_config_fuzzer.c:nalloc_backtrace_exclude
Line
Count
Source
181
14
{
182
14
    if (nalloc_verbose) {
183
0
        fprintf(stderr, "failed %s(%zu) \n", op, size);
184
#ifdef NALLOC_ASAN
185
        __sanitizer_print_stack_trace();
186
#endif
187
0
    }
188
189
    return false;
190
14
}
ssh_pubkey_fuzzer.c:nalloc_backtrace_exclude
Line
Count
Source
181
1.13k
{
182
1.13k
    if (nalloc_verbose) {
183
0
        fprintf(stderr, "failed %s(%zu) \n", op, size);
184
#ifdef NALLOC_ASAN
185
        __sanitizer_print_stack_trace();
186
#endif
187
0
    }
188
189
    return false;
190
1.13k
}
ssh_known_hosts_fuzzer.c:nalloc_backtrace_exclude
Line
Count
Source
181
881
{
182
881
    if (nalloc_verbose) {
183
0
        fprintf(stderr, "failed %s(%zu) \n", op, size);
184
#ifdef NALLOC_ASAN
185
        __sanitizer_print_stack_trace();
186
#endif
187
0
    }
188
189
    return false;
190
881
}
ssh_privkey_fuzzer.c:nalloc_backtrace_exclude
Line
Count
Source
181
1.39k
{
182
1.39k
    if (nalloc_verbose) {
183
0
        fprintf(stderr, "failed %s(%zu) \n", op, size);
184
#ifdef NALLOC_ASAN
185
        __sanitizer_print_stack_trace();
186
#endif
187
0
    }
188
189
    return false;
190
1.39k
}
ssh_client_fuzzer.c:nalloc_backtrace_exclude
Line
Count
Source
181
899
{
182
899
    if (nalloc_verbose) {
183
0
        fprintf(stderr, "failed %s(%zu) \n", op, size);
184
#ifdef NALLOC_ASAN
185
        __sanitizer_print_stack_trace();
186
#endif
187
0
    }
188
189
    return false;
190
899
}
ssh_scp_fuzzer.c:nalloc_backtrace_exclude
Line
Count
Source
181
4.33k
{
182
4.33k
    if (nalloc_verbose) {
183
0
        fprintf(stderr, "failed %s(%zu) \n", op, size);
184
#ifdef NALLOC_ASAN
185
        __sanitizer_print_stack_trace();
186
#endif
187
0
    }
188
189
    return false;
190
4.33k
}
ssh_server_fuzzer.c:nalloc_backtrace_exclude
Line
Count
Source
181
1.08k
{
182
1.08k
    if (nalloc_verbose) {
183
0
        fprintf(stderr, "failed %s(%zu) \n", op, size);
184
#ifdef NALLOC_ASAN
185
        __sanitizer_print_stack_trace();
186
#endif
187
0
    }
188
189
    return false;
190
1.08k
}
ssh_bind_config_fuzzer.c:nalloc_backtrace_exclude
Line
Count
Source
181
63
{
182
63
    if (nalloc_verbose) {
183
0
        fprintf(stderr, "failed %s(%zu) \n", op, size);
184
#ifdef NALLOC_ASAN
185
        __sanitizer_print_stack_trace();
186
#endif
187
0
    }
188
189
    return false;
190
63
}
ssh_sshsig_fuzzer.c:nalloc_backtrace_exclude
Line
Count
Source
181
498
{
182
498
    if (nalloc_verbose) {
183
0
        fprintf(stderr, "failed %s(%zu) \n", op, size);
184
#ifdef NALLOC_ASAN
185
        __sanitizer_print_stack_trace();
186
#endif
187
0
    }
188
189
    return false;
190
498
}
ssh_sftp_attr_fuzzer.c:nalloc_backtrace_exclude
Line
Count
Source
181
295
{
182
295
    if (nalloc_verbose) {
183
0
        fprintf(stderr, "failed %s(%zu) \n", op, size);
184
#ifdef NALLOC_ASAN
185
        __sanitizer_print_stack_trace();
186
#endif
187
0
    }
188
189
    return false;
190
295
}
191
192
//
193
static bool nalloc_fail(size_t size, const char *op)
194
56.3M
{
195
    // do not fail before thread init
196
56.3M
    if (nalloc_runs == 0) {
197
28.4M
        return false;
198
28.4M
    }
199
27.8M
    if (__sync_fetch_and_add(&nalloc_running, 1) != 1) {
200
        // do not fail allocations outside of fuzzer input
201
        // and do not fail inside of this function
202
4.23M
        __sync_fetch_and_sub(&nalloc_running, 1);
203
4.23M
        return false;
204
4.23M
    }
205
23.6M
    nalloc_random_update((uint8_t)size);
206
23.6M
    if (size >= 0x100) {
207
1.67M
        nalloc_random_update((uint8_t)(size >> 8));
208
1.67M
        if (size >= 0x10000) {
209
23.9k
            nalloc_random_update((uint8_t)(size >> 16));
210
            // bigger may already fail or oom
211
23.9k
        }
212
1.67M
    }
213
23.6M
    if (((nalloc_random_state ^ nalloc_magic) & nalloc_bitmask) == 0) {
214
10.5k
        if (nalloc_backtrace_exclude(size, op)) {
215
0
            __sync_fetch_and_sub(&nalloc_running, 1);
216
0
            return false;
217
0
        }
218
10.5k
        __sync_fetch_and_sub(&nalloc_running, 1);
219
10.5k
        return true;
220
10.5k
    }
221
23.6M
    __sync_fetch_and_sub(&nalloc_running, 1);
222
23.6M
    return false;
223
23.6M
}
ssh_client_config_fuzzer.c:nalloc_fail
Line
Count
Source
194
3.35M
{
195
    // do not fail before thread init
196
3.35M
    if (nalloc_runs == 0) {
197
3.27M
        return false;
198
3.27M
    }
199
79.5k
    if (__sync_fetch_and_add(&nalloc_running, 1) != 1) {
200
        // do not fail allocations outside of fuzzer input
201
        // and do not fail inside of this function
202
124
        __sync_fetch_and_sub(&nalloc_running, 1);
203
124
        return false;
204
124
    }
205
79.4k
    nalloc_random_update((uint8_t)size);
206
79.4k
    if (size >= 0x100) {
207
2.29k
        nalloc_random_update((uint8_t)(size >> 8));
208
2.29k
        if (size >= 0x10000) {
209
0
            nalloc_random_update((uint8_t)(size >> 16));
210
            // bigger may already fail or oom
211
0
        }
212
2.29k
    }
213
79.4k
    if (((nalloc_random_state ^ nalloc_magic) & nalloc_bitmask) == 0) {
214
14
        if (nalloc_backtrace_exclude(size, op)) {
215
0
            __sync_fetch_and_sub(&nalloc_running, 1);
216
0
            return false;
217
0
        }
218
14
        __sync_fetch_and_sub(&nalloc_running, 1);
219
14
        return true;
220
14
    }
221
79.4k
    __sync_fetch_and_sub(&nalloc_running, 1);
222
    return false;
223
79.4k
}
ssh_pubkey_fuzzer.c:nalloc_fail
Line
Count
Source
194
141k
{
195
    // do not fail before thread init
196
141k
    if (nalloc_runs == 0) {
197
111k
        return false;
198
111k
    }
199
29.3k
    if (__sync_fetch_and_add(&nalloc_running, 1) != 1) {
200
        // do not fail allocations outside of fuzzer input
201
        // and do not fail inside of this function
202
9.70k
        __sync_fetch_and_sub(&nalloc_running, 1);
203
9.70k
        return false;
204
9.70k
    }
205
19.6k
    nalloc_random_update((uint8_t)size);
206
19.6k
    if (size >= 0x100) {
207
3.73k
        nalloc_random_update((uint8_t)(size >> 8));
208
3.73k
        if (size >= 0x10000) {
209
175
            nalloc_random_update((uint8_t)(size >> 16));
210
            // bigger may already fail or oom
211
175
        }
212
3.73k
    }
213
19.6k
    if (((nalloc_random_state ^ nalloc_magic) & nalloc_bitmask) == 0) {
214
1.13k
        if (nalloc_backtrace_exclude(size, op)) {
215
0
            __sync_fetch_and_sub(&nalloc_running, 1);
216
0
            return false;
217
0
        }
218
1.13k
        __sync_fetch_and_sub(&nalloc_running, 1);
219
1.13k
        return true;
220
1.13k
    }
221
18.5k
    __sync_fetch_and_sub(&nalloc_running, 1);
222
    return false;
223
19.6k
}
ssh_known_hosts_fuzzer.c:nalloc_fail
Line
Count
Source
194
1.87M
{
195
    // do not fail before thread init
196
1.87M
    if (nalloc_runs == 0) {
197
1.14M
        return false;
198
1.14M
    }
199
730k
    if (__sync_fetch_and_add(&nalloc_running, 1) != 1) {
200
        // do not fail allocations outside of fuzzer input
201
        // and do not fail inside of this function
202
13.2k
        __sync_fetch_and_sub(&nalloc_running, 1);
203
13.2k
        return false;
204
13.2k
    }
205
716k
    nalloc_random_update((uint8_t)size);
206
716k
    if (size >= 0x100) {
207
10.6k
        nalloc_random_update((uint8_t)(size >> 8));
208
10.6k
        if (size >= 0x10000) {
209
0
            nalloc_random_update((uint8_t)(size >> 16));
210
            // bigger may already fail or oom
211
0
        }
212
10.6k
    }
213
716k
    if (((nalloc_random_state ^ nalloc_magic) & nalloc_bitmask) == 0) {
214
881
        if (nalloc_backtrace_exclude(size, op)) {
215
0
            __sync_fetch_and_sub(&nalloc_running, 1);
216
0
            return false;
217
0
        }
218
881
        __sync_fetch_and_sub(&nalloc_running, 1);
219
881
        return true;
220
881
    }
221
715k
    __sync_fetch_and_sub(&nalloc_running, 1);
222
    return false;
223
716k
}
ssh_privkey_fuzzer.c:nalloc_fail
Line
Count
Source
194
11.8k
{
195
    // do not fail before thread init
196
11.8k
    if (nalloc_runs == 0) {
197
6.39k
        return false;
198
6.39k
    }
199
5.48k
    if (__sync_fetch_and_add(&nalloc_running, 1) != 1) {
200
        // do not fail allocations outside of fuzzer input
201
        // and do not fail inside of this function
202
892
        __sync_fetch_and_sub(&nalloc_running, 1);
203
892
        return false;
204
892
    }
205
4.59k
    nalloc_random_update((uint8_t)size);
206
4.59k
    if (size >= 0x100) {
207
201
        nalloc_random_update((uint8_t)(size >> 8));
208
201
        if (size >= 0x10000) {
209
28
            nalloc_random_update((uint8_t)(size >> 16));
210
            // bigger may already fail or oom
211
28
        }
212
201
    }
213
4.59k
    if (((nalloc_random_state ^ nalloc_magic) & nalloc_bitmask) == 0) {
214
1.39k
        if (nalloc_backtrace_exclude(size, op)) {
215
0
            __sync_fetch_and_sub(&nalloc_running, 1);
216
0
            return false;
217
0
        }
218
1.39k
        __sync_fetch_and_sub(&nalloc_running, 1);
219
1.39k
        return true;
220
1.39k
    }
221
3.19k
    __sync_fetch_and_sub(&nalloc_running, 1);
222
    return false;
223
4.59k
}
ssh_client_fuzzer.c:nalloc_fail
Line
Count
Source
194
2.75M
{
195
    // do not fail before thread init
196
2.75M
    if (nalloc_runs == 0) {
197
1.77M
        return false;
198
1.77M
    }
199
972k
    if (__sync_fetch_and_add(&nalloc_running, 1) != 1) {
200
        // do not fail allocations outside of fuzzer input
201
        // and do not fail inside of this function
202
10.7k
        __sync_fetch_and_sub(&nalloc_running, 1);
203
10.7k
        return false;
204
10.7k
    }
205
961k
    nalloc_random_update((uint8_t)size);
206
961k
    if (size >= 0x100) {
207
727k
        nalloc_random_update((uint8_t)(size >> 8));
208
727k
        if (size >= 0x10000) {
209
55
            nalloc_random_update((uint8_t)(size >> 16));
210
            // bigger may already fail or oom
211
55
        }
212
727k
    }
213
961k
    if (((nalloc_random_state ^ nalloc_magic) & nalloc_bitmask) == 0) {
214
899
        if (nalloc_backtrace_exclude(size, op)) {
215
0
            __sync_fetch_and_sub(&nalloc_running, 1);
216
0
            return false;
217
0
        }
218
899
        __sync_fetch_and_sub(&nalloc_running, 1);
219
899
        return true;
220
899
    }
221
960k
    __sync_fetch_and_sub(&nalloc_running, 1);
222
    return false;
223
961k
}
ssh_scp_fuzzer.c:nalloc_fail
Line
Count
Source
194
21.4M
{
195
    // do not fail before thread init
196
21.4M
    if (nalloc_runs == 0) {
197
14.1M
        return false;
198
14.1M
    }
199
7.28M
    if (__sync_fetch_and_add(&nalloc_running, 1) != 1) {
200
        // do not fail allocations outside of fuzzer input
201
        // and do not fail inside of this function
202
4.17M
        __sync_fetch_and_sub(&nalloc_running, 1);
203
4.17M
        return false;
204
4.17M
    }
205
3.10M
    nalloc_random_update((uint8_t)size);
206
3.10M
    if (size >= 0x100) {
207
541k
        nalloc_random_update((uint8_t)(size >> 8));
208
541k
        if (size >= 0x10000) {
209
23.2k
            nalloc_random_update((uint8_t)(size >> 16));
210
            // bigger may already fail or oom
211
23.2k
        }
212
541k
    }
213
3.10M
    if (((nalloc_random_state ^ nalloc_magic) & nalloc_bitmask) == 0) {
214
4.33k
        if (nalloc_backtrace_exclude(size, op)) {
215
0
            __sync_fetch_and_sub(&nalloc_running, 1);
216
0
            return false;
217
0
        }
218
4.33k
        __sync_fetch_and_sub(&nalloc_running, 1);
219
4.33k
        return true;
220
4.33k
    }
221
3.10M
    __sync_fetch_and_sub(&nalloc_running, 1);
222
    return false;
223
3.10M
}
ssh_server_fuzzer.c:nalloc_fail
Line
Count
Source
194
5.06M
{
195
    // do not fail before thread init
196
5.06M
    if (nalloc_runs == 0) {
197
4.55M
        return false;
198
4.55M
    }
199
509k
    if (__sync_fetch_and_add(&nalloc_running, 1) != 1) {
200
        // do not fail allocations outside of fuzzer input
201
        // and do not fail inside of this function
202
19.2k
        __sync_fetch_and_sub(&nalloc_running, 1);
203
19.2k
        return false;
204
19.2k
    }
205
490k
    nalloc_random_update((uint8_t)size);
206
490k
    if (size >= 0x100) {
207
230k
        nalloc_random_update((uint8_t)(size >> 8));
208
230k
        if (size >= 0x10000) {
209
94
            nalloc_random_update((uint8_t)(size >> 16));
210
            // bigger may already fail or oom
211
94
        }
212
230k
    }
213
490k
    if (((nalloc_random_state ^ nalloc_magic) & nalloc_bitmask) == 0) {
214
1.08k
        if (nalloc_backtrace_exclude(size, op)) {
215
0
            __sync_fetch_and_sub(&nalloc_running, 1);
216
0
            return false;
217
0
        }
218
1.08k
        __sync_fetch_and_sub(&nalloc_running, 1);
219
1.08k
        return true;
220
1.08k
    }
221
489k
    __sync_fetch_and_sub(&nalloc_running, 1);
222
    return false;
223
490k
}
ssh_bind_config_fuzzer.c:nalloc_fail
Line
Count
Source
194
20.3M
{
195
    // do not fail before thread init
196
20.3M
    if (nalloc_runs == 0) {
197
3.02M
        return false;
198
3.02M
    }
199
17.3M
    if (__sync_fetch_and_add(&nalloc_running, 1) != 1) {
200
        // do not fail allocations outside of fuzzer input
201
        // and do not fail inside of this function
202
688
        __sync_fetch_and_sub(&nalloc_running, 1);
203
688
        return false;
204
688
    }
205
17.3M
    nalloc_random_update((uint8_t)size);
206
17.3M
    if (size >= 0x100) {
207
153k
        nalloc_random_update((uint8_t)(size >> 8));
208
153k
        if (size >= 0x10000) {
209
0
            nalloc_random_update((uint8_t)(size >> 16));
210
            // bigger may already fail or oom
211
0
        }
212
153k
    }
213
17.3M
    if (((nalloc_random_state ^ nalloc_magic) & nalloc_bitmask) == 0) {
214
63
        if (nalloc_backtrace_exclude(size, op)) {
215
0
            __sync_fetch_and_sub(&nalloc_running, 1);
216
0
            return false;
217
0
        }
218
63
        __sync_fetch_and_sub(&nalloc_running, 1);
219
63
        return true;
220
63
    }
221
17.3M
    __sync_fetch_and_sub(&nalloc_running, 1);
222
    return false;
223
17.3M
}
ssh_sshsig_fuzzer.c:nalloc_fail
Line
Count
Source
194
117k
{
195
    // do not fail before thread init
196
117k
    if (nalloc_runs == 0) {
197
105k
        return false;
198
105k
    }
199
11.9k
    if (__sync_fetch_and_add(&nalloc_running, 1) != 1) {
200
        // do not fail allocations outside of fuzzer input
201
        // and do not fail inside of this function
202
5.57k
        __sync_fetch_and_sub(&nalloc_running, 1);
203
5.57k
        return false;
204
5.57k
    }
205
6.41k
    nalloc_random_update((uint8_t)size);
206
6.41k
    if (size >= 0x100) {
207
802
        nalloc_random_update((uint8_t)(size >> 8));
208
802
        if (size >= 0x10000) {
209
112
            nalloc_random_update((uint8_t)(size >> 16));
210
            // bigger may already fail or oom
211
112
        }
212
802
    }
213
6.41k
    if (((nalloc_random_state ^ nalloc_magic) & nalloc_bitmask) == 0) {
214
498
        if (nalloc_backtrace_exclude(size, op)) {
215
0
            __sync_fetch_and_sub(&nalloc_running, 1);
216
0
            return false;
217
0
        }
218
498
        __sync_fetch_and_sub(&nalloc_running, 1);
219
498
        return true;
220
498
    }
221
5.91k
    __sync_fetch_and_sub(&nalloc_running, 1);
222
    return false;
223
6.41k
}
ssh_sftp_attr_fuzzer.c:nalloc_fail
Line
Count
Source
194
1.24M
{
195
    // do not fail before thread init
196
1.24M
    if (nalloc_runs == 0) {
197
285k
        return false;
198
285k
    }
199
960k
    if (__sync_fetch_and_add(&nalloc_running, 1) != 1) {
200
        // do not fail allocations outside of fuzzer input
201
        // and do not fail inside of this function
202
2.93k
        __sync_fetch_and_sub(&nalloc_running, 1);
203
2.93k
        return false;
204
2.93k
    }
205
957k
    nalloc_random_update((uint8_t)size);
206
957k
    if (size >= 0x100) {
207
1.92k
        nalloc_random_update((uint8_t)(size >> 8));
208
1.92k
        if (size >= 0x10000) {
209
232
            nalloc_random_update((uint8_t)(size >> 16));
210
            // bigger may already fail or oom
211
232
        }
212
1.92k
    }
213
957k
    if (((nalloc_random_state ^ nalloc_magic) & nalloc_bitmask) == 0) {
214
295
        if (nalloc_backtrace_exclude(size, op)) {
215
0
            __sync_fetch_and_sub(&nalloc_running, 1);
216
0
            return false;
217
0
        }
218
295
        __sync_fetch_and_sub(&nalloc_running, 1);
219
295
        return true;
220
295
    }
221
956k
    __sync_fetch_and_sub(&nalloc_running, 1);
222
    return false;
223
957k
}
224
225
// ASAN interceptor for libc routines
226
#ifdef NALLOC_ASAN
227
extern void *__interceptor_malloc(size_t);
228
extern void *__interceptor_calloc(size_t, size_t);
229
extern void *__interceptor_realloc(void *, size_t);
230
extern void *__interceptor_reallocarray(void *, size_t, size_t);
231
232
extern ssize_t __interceptor_read(int, void *, size_t);
233
extern ssize_t __interceptor_write(int, const void *, size_t);
234
extern ssize_t __interceptor_recv(int, void *, size_t, int);
235
extern ssize_t __interceptor_send(int, const void *, size_t, int);
236
237
#define nalloc_malloc(s)             __interceptor_malloc(s)
238
#define nalloc_calloc(s, n)          __interceptor_calloc(s, n)
239
#define nalloc_realloc(p, s)         __interceptor_realloc(p, s)
240
#define nalloc_reallocarray(p, s, n) __interceptor_reallocarray(p, s, n)
241
242
#define nalloc_read(f, b, s)    __interceptor_read(f, b, s)
243
#define nalloc_write(f, b, s)   __interceptor_write(f, b, s)
244
#define nalloc_recv(f, b, s, x) __interceptor_recv(f, b, s, x)
245
#define nalloc_send(f, b, s, x) __interceptor_send(f, b, s, x)
246
247
#else
248
extern void *__libc_malloc(size_t);
249
extern void *__libc_calloc(size_t, size_t);
250
extern void *__libc_realloc(void *, size_t);
251
extern void *__libc_reallocarray(void *, size_t, size_t);
252
253
extern ssize_t __read(int, void *, size_t);
254
extern ssize_t __write(int, const void *, size_t);
255
extern ssize_t __recv(int, void *, size_t, int);
256
extern ssize_t __send(int, const void *, size_t, int);
257
258
48.9M
#define nalloc_malloc(s)             __libc_malloc(s)
259
4.54M
#define nalloc_calloc(s, n)          __libc_calloc(s, n)
260
2.02M
#define nalloc_realloc(p, s)         __libc_realloc(p, s)
261
0
#define nalloc_reallocarray(p, s, n) __libc_reallocarray(p, s, n)
262
263
0
#define nalloc_read(f, b, s)    __read(f, b, s)
264
3.75k
#define nalloc_write(f, b, s)   __write(f, b, s)
265
723k
#define nalloc_recv(f, b, s, x) __recv(f, b, s, x)
266
296k
#define nalloc_send(f, b, s, x) __send(f, b, s, x)
267
#endif
268
269
// nalloc standard function overwrites with pseudo-random failures
270
ssize_t read(int fd, void *buf, size_t count)
271
0
{
272
0
    if (nalloc_fail(count, "read")) {
273
0
        errno = EIO;
274
0
        return -1;
275
0
    }
276
0
    return nalloc_read(fd, buf, count);
277
0
}
278
279
ssize_t write(int fd, const void *buf, size_t count)
280
3.75k
{
281
3.75k
    if (nalloc_fail(count, "write")) {
282
0
        errno = EIO;
283
0
        return -1;
284
0
    }
285
3.75k
    return nalloc_write(fd, buf, count);
286
3.75k
}
287
288
ssize_t recv(int fd, void *buf, size_t count, int flags)
289
723k
{
290
723k
    if (nalloc_fail(count, "recv")) {
291
0
        errno = EIO;
292
0
        return -1;
293
0
    }
294
723k
    return nalloc_recv(fd, buf, count, flags);
295
723k
}
296
297
ssize_t send(int fd, const void *buf, size_t count, int flags)
298
296k
{
299
296k
    if (nalloc_fail(count, "send")) {
300
0
        errno = EIO;
301
0
        return -1;
302
0
    }
303
296k
    return nalloc_send(fd, buf, count, flags);
304
296k
}
305
306
void *calloc(size_t nmemb, size_t size)
307
4.55M
{
308
4.55M
    if (nalloc_fail(size, "calloc")) {
309
6.58k
        errno = ENOMEM;
310
6.58k
        return NULL;
311
6.58k
    }
312
4.54M
    return nalloc_calloc(nmemb, size);
313
4.55M
}
314
315
void *malloc(size_t size)
316
48.9M
{
317
48.9M
    if (nalloc_fail(size, "malloc")) {
318
3.70k
        errno = ENOMEM;
319
3.70k
        return NULL;
320
3.70k
    }
321
48.9M
    return nalloc_malloc(size);
322
48.9M
}
323
324
void *realloc(void *ptr, size_t size)
325
2.02M
{
326
2.02M
    if (nalloc_fail(size, "realloc")) {
327
297
        errno = ENOMEM;
328
297
        return NULL;
329
297
    }
330
2.02M
    return nalloc_realloc(ptr, size);
331
2.02M
}
332
333
void *reallocarray(void *ptr, size_t nmemb, size_t size)
334
0
{
335
0
    if (nalloc_fail(size, "reallocarray")) {
336
0
        errno = ENOMEM;
337
0
        return NULL;
338
0
    }
339
0
    return nalloc_reallocarray(ptr, nmemb, size);
340
0
}
341
342
#ifdef __cplusplus
343
} // extern "C" {
344
#endif