/src/qubes-os/qubes-core-qrexec/fuzz/fuzz.c
Line | Count | Source (jump to first uncovered line) |
1 | | #include <assert.h> |
2 | | #include <stdio.h> |
3 | | #include <string.h> |
4 | | #include <sys/socket.h> |
5 | | #include <stdbool.h> |
6 | | #include <stdlib.h> |
7 | | #include <errno.h> |
8 | | |
9 | | #include "fuzz.h" |
10 | | |
11 | | #define MAX_FILES 16 |
12 | | |
13 | | #define MARKER_SIZE 4 |
14 | | |
15 | | static fuzz_file_t files[MAX_FILES]; |
16 | | |
17 | 0 | static void panic(const char *msg) { |
18 | 0 | fprintf(stderr, "%s\n", msg); |
19 | 0 | abort(); |
20 | 0 | } |
21 | | |
22 | 5.93k | static void file_read(fuzz_file_t *file, void *buf, size_t count) { |
23 | 5.93k | assert (count <= file->input_size); |
24 | 5.93k | memcpy(buf, file->input_data, count); |
25 | 5.93k | file->input_data += count; |
26 | 5.93k | file->input_size -= count; |
27 | 5.93k | } |
28 | | |
29 | 5.98k | static bool file_input_eof(fuzz_file_t *file) { |
30 | 5.98k | return file->input_size == 0; |
31 | 5.98k | } |
32 | | |
33 | 2.15k | fuzz_file_t *fuzz_file_create(int fd, const void *input_data, size_t input_size) { |
34 | 2.15k | fuzz_file_t *file = &files[fd]; |
35 | 2.15k | if (file->allocated) { |
36 | 0 | panic("fuzz_file_create: file already allocated"); |
37 | 0 | } |
38 | | |
39 | 2.15k | file->allocated = true; |
40 | 2.15k | file->fd = fd; |
41 | 2.15k | file->open_read = true; |
42 | 2.15k | file->open_write = true; |
43 | | |
44 | 2.15k | file->input_data = input_data; |
45 | 2.15k | file->input_size = input_size; |
46 | 2.15k | return file; |
47 | 2.15k | } |
48 | | |
49 | 2.15k | void fuzz_file_destroy(fuzz_file_t *file) { |
50 | 2.15k | file->allocated = false; |
51 | 2.15k | } |
52 | | |
53 | 0 | int fuzz_libvchan_write(fuzz_file_t *file, const void *data, size_t size) { |
54 | 0 | return fuzz_write(file->fd, data, size); |
55 | 0 | } |
56 | | |
57 | 678 | int fuzz_libvchan_send(fuzz_file_t *file, const void *data, size_t size) { |
58 | 678 | return fuzz_write(file->fd, data, size); |
59 | 678 | } |
60 | | |
61 | 5.98k | int fuzz_libvchan_read(fuzz_file_t *file, void *data, size_t size) { |
62 | 5.98k | if (!file->allocated || !file->open_read) |
63 | 0 | panic("libvchan_read() from a closed file"); |
64 | | |
65 | 5.98k | if (size == 0) |
66 | 0 | return 0; |
67 | | |
68 | 5.98k | if (file_input_eof(file)) |
69 | 56 | return -1; |
70 | | |
71 | 5.93k | if (size > file->input_size) |
72 | 91 | size = file->input_size; |
73 | 5.93k | file_read(file, data, size); |
74 | 5.93k | return size; |
75 | 5.98k | } |
76 | | |
77 | 4.23k | int fuzz_libvchan_recv(fuzz_file_t *file, void *data, size_t size) { |
78 | 4.23k | return fuzz_libvchan_read(file, data, size); |
79 | 4.23k | } |
80 | | |
81 | 0 | int fuzz_libvchan_wait(fuzz_file_t *file) { |
82 | 0 | return 0; |
83 | 0 | } |
84 | | |
85 | 0 | void fuzz_libvchan_close(fuzz_file_t *file) { |
86 | 0 | file->open_read = false; |
87 | 0 | file->open_write = false; |
88 | 0 | } |
89 | | |
90 | 0 | int fuzz_libvchan_fd_for_select(fuzz_file_t *file) { |
91 | 0 | return file->fd; |
92 | 0 | } |
93 | | |
94 | 0 | int fuzz_libvchan_is_open(fuzz_file_t *file) { |
95 | 0 | return file->open_read && file->open_write; |
96 | 0 | } |
97 | | |
98 | 2.84k | int fuzz_libvchan_data_ready(fuzz_file_t *file) { |
99 | 2.84k | return file->input_size; |
100 | 2.84k | } |
101 | | |
102 | 0 | int fuzz_libvchan_buffer_space(fuzz_file_t *file) { |
103 | 0 | return 1024; |
104 | 0 | } |
105 | | |
106 | 0 | ssize_t fuzz_read(int fd, void *buf, size_t count) { |
107 | 0 | if (!files[fd].allocated || !files[fd].open_read) |
108 | 0 | panic("invalid read()"); |
109 | |
|
110 | 0 | if (count == 0) |
111 | 0 | return 0; |
112 | | |
113 | 0 | if (file_input_eof(&files[fd])) |
114 | 0 | return 0; |
115 | | |
116 | 0 | if (count > files[fd].input_size) |
117 | 0 | count = files[fd].input_size; |
118 | |
|
119 | 0 | if (count > 0) |
120 | 0 | file_read(&files[fd], buf, count); |
121 | |
|
122 | 0 | return count; |
123 | 0 | } |
124 | | |
125 | | static volatile char output[256]; |
126 | | |
127 | 2.34k | ssize_t fuzz_write(int fd, const void *buf, size_t count) { |
128 | 2.34k | if (!files[fd].allocated || !files[fd].open_write) |
129 | 0 | panic("invalid write()"); |
130 | | |
131 | 2.34k | if (count == 0) |
132 | 0 | return 0; |
133 | | |
134 | | // Ensure all bytes of buf are accessed |
135 | 4.96k | for (int i = 0; i < count; i += sizeof(output)) { |
136 | 2.62k | size_t n = count - i < sizeof(output) ? count - i : sizeof(output); |
137 | 2.62k | memcpy((void*) output, buf, n); |
138 | 2.62k | } |
139 | | |
140 | 2.34k | return count; |
141 | 2.34k | } |
142 | | |
143 | | typedef int EVTCHN; |
144 | 0 | fuzz_file_t *fuzz_libvchan_client_init(int domain, int port) { |
145 | | /* not implemented yet */ |
146 | 0 | abort(); |
147 | 0 | } |
148 | | |
149 | 0 | fuzz_file_t *fuzz_libvchan_client_init_async(int domain, int port, EVTCHN *watch_fd) { |
150 | | /* not implemented yet */ |
151 | 0 | abort(); |
152 | 0 | } |
153 | | |
154 | 0 | int fuzz_libvchan_client_init_async_finish(fuzz_file_t *ctrl, bool blocking) { |
155 | | /* not implemented yet */ |
156 | 0 | abort(); |
157 | 0 | } |