1 | /* $Id: fuzz-config.cpp 83426 2020-03-25 19:40:09Z vboxsync $ */
|
---|
2 | /** @file
|
---|
3 | * IPRT - Fuzzing framework API, config API.
|
---|
4 | */
|
---|
5 |
|
---|
6 | /*
|
---|
7 | * Copyright (C) 2020 Oracle Corporation
|
---|
8 | *
|
---|
9 | * This file is part of VirtualBox Open Source Edition (OSE), as
|
---|
10 | * available from http://www.virtualbox.org. This file is free software;
|
---|
11 | * you can redistribute it and/or modify it under the terms of the GNU
|
---|
12 | * General Public License (GPL) as published by the Free Software
|
---|
13 | * Foundation, in version 2 as it comes in the "COPYING" file of the
|
---|
14 | * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
|
---|
15 | * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
|
---|
16 | *
|
---|
17 | * The contents of this file may alternatively be used under the terms
|
---|
18 | * of the Common Development and Distribution License Version 1.0
|
---|
19 | * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
|
---|
20 | * VirtualBox OSE distribution, in which case the provisions of the
|
---|
21 | * CDDL are applicable instead of those of the GPL.
|
---|
22 | *
|
---|
23 | * You may elect to license modified versions of this file under the
|
---|
24 | * terms and conditions of either the GPL or the CDDL or both.
|
---|
25 | */
|
---|
26 |
|
---|
27 |
|
---|
28 | /*********************************************************************************************************************************
|
---|
29 | * Header Files *
|
---|
30 | *********************************************************************************************************************************/
|
---|
31 | #include <iprt/fuzz.h>
|
---|
32 | #include "internal/iprt.h"
|
---|
33 |
|
---|
34 | #include <iprt/asm.h>
|
---|
35 | #include <iprt/assert.h>
|
---|
36 | #include <iprt/file.h>
|
---|
37 | #include <iprt/err.h>
|
---|
38 | #include <iprt/mem.h>
|
---|
39 | #include <iprt/string.h>
|
---|
40 | #include <iprt/json.h>
|
---|
41 | #include <iprt/vfs.h>
|
---|
42 | #include <iprt/zip.h>
|
---|
43 |
|
---|
44 |
|
---|
45 | /*********************************************************************************************************************************
|
---|
46 | * Defined Constants And Macros *
|
---|
47 | *********************************************************************************************************************************/
|
---|
48 |
|
---|
49 | /** The index filename used to get all the other content. */
|
---|
50 | #define RTFUZZ_CFG_INDEX_FILE_NAME "index.json"
|
---|
51 | /** The custom config object member name. */
|
---|
52 | #define RTFUZZ_CFG_JSON_CUSTOM_CFG "CustomCfg"
|
---|
53 | /** The input corpus array member name. */
|
---|
54 | #define RTFUZZ_CFG_JSON_INPUT_CORPUS "InputCorpus"
|
---|
55 | /** The input name. */
|
---|
56 | #define RTFUZZ_CFG_JSON_INPUT_NAME "Name"
|
---|
57 |
|
---|
58 |
|
---|
59 | /*********************************************************************************************************************************
|
---|
60 | * Structures and Typedefs *
|
---|
61 | *********************************************************************************************************************************/
|
---|
62 |
|
---|
63 | /**
|
---|
64 | * Internal fuzzer config state.
|
---|
65 | */
|
---|
66 | typedef struct RTFUZZCFGINT
|
---|
67 | {
|
---|
68 | /** Magic value identifying the struct. */
|
---|
69 | uint32_t u32Magic;
|
---|
70 | /** Reference counter. */
|
---|
71 | volatile uint32_t cRefs;
|
---|
72 | /** The VFS file handle we get the config from. */
|
---|
73 | RTVFSFILE hVfsFile;
|
---|
74 | /** The JSON root handle of the config. */
|
---|
75 | RTJSONVAL hJsonRoot;
|
---|
76 | /** The custom config file handle if existing. */
|
---|
77 | RTVFSFILE hVfsFileCustomCfg;
|
---|
78 | } RTFUZZCFGINT;
|
---|
79 | /** Pointer to the internal fuzzer config state. */
|
---|
80 | typedef RTFUZZCFGINT *PRTFUZZCFGINT;
|
---|
81 | /** Pointer to a const internal fuzzer config state. */
|
---|
82 | typedef const RTFUZZCFGINT *PCRTFUZZCFGINT;
|
---|
83 |
|
---|
84 |
|
---|
85 | /*********************************************************************************************************************************
|
---|
86 | * Internal Functions *
|
---|
87 | *********************************************************************************************************************************/
|
---|
88 |
|
---|
89 |
|
---|
90 | /**
|
---|
91 | * Creates a filesystem stream from the given VFS file object.
|
---|
92 | *
|
---|
93 | * @returns IPRT status code.
|
---|
94 | * @param phVfsFss Where to store the handle to the filesystem stream on success.
|
---|
95 | * @param hVFsFile The VFS file handle.
|
---|
96 | */
|
---|
97 | static int rtFuzzCfgTarFssFromVfsFile(PRTVFSFSSTREAM phVfsFss, RTVFSFILE hVfsFile)
|
---|
98 | {
|
---|
99 | int rc = RTVfsFileSeek(hVfsFile, 0, RTFILE_SEEK_BEGIN, NULL);
|
---|
100 | if (RT_SUCCESS(rc))
|
---|
101 | {
|
---|
102 | RTVFSIOSTREAM hVfsFileIos = RTVfsFileToIoStream(hVfsFile);
|
---|
103 | if (hVfsFileIos != NIL_RTVFSIOSTREAM)
|
---|
104 | {
|
---|
105 | RTVFSIOSTREAM hGunzipIos;
|
---|
106 | rc = RTZipGzipDecompressIoStream(hVfsFileIos, 0 /*fFlags*/, &hGunzipIos);
|
---|
107 | if (RT_SUCCESS(rc))
|
---|
108 | {
|
---|
109 | RTVFSFSSTREAM hTarFss;
|
---|
110 | rc = RTZipTarFsStreamFromIoStream(hGunzipIos, 0 /*fFlags*/, &hTarFss);
|
---|
111 | if (RT_SUCCESS(rc))
|
---|
112 | {
|
---|
113 | RTVfsIoStrmRelease(hGunzipIos);
|
---|
114 | RTVfsIoStrmRelease(hVfsFileIos);
|
---|
115 | *phVfsFss = hTarFss;
|
---|
116 | return VINF_SUCCESS;
|
---|
117 | }
|
---|
118 |
|
---|
119 | RTVfsIoStrmRelease(hGunzipIos);
|
---|
120 | }
|
---|
121 |
|
---|
122 | RTVfsIoStrmRelease(hVfsFileIos);
|
---|
123 | }
|
---|
124 | else
|
---|
125 | rc = VERR_INVALID_STATE; /** @todo */
|
---|
126 | }
|
---|
127 |
|
---|
128 | return rc;
|
---|
129 | }
|
---|
130 |
|
---|
131 |
|
---|
132 | /**
|
---|
133 | * Finds a given file in the filesystem stream.
|
---|
134 | *
|
---|
135 | * @returns IPRT status code.
|
---|
136 | * @param hVfsFss The filesystem stream handle.
|
---|
137 | * @param pszFilename The filename to look for.
|
---|
138 | * @param fValidateUtf8 Flag whether tpo validate the content as UTF-8.
|
---|
139 | * @param phVfsFile Where to store the VFS file handle on success (content is completely in memory).
|
---|
140 | */
|
---|
141 | static int rtFuzzCfgFindFile(RTVFSFSSTREAM hVfsFss, const char *pszFilename, bool fValidateUtf8,
|
---|
142 | PRTVFSFILE phVfsFile)
|
---|
143 | {
|
---|
144 | int rc = VINF_SUCCESS;
|
---|
145 |
|
---|
146 | *phVfsFile = NIL_RTVFSFILE;
|
---|
147 | for (;;)
|
---|
148 | {
|
---|
149 | /*
|
---|
150 | * Get the next stream object.
|
---|
151 | */
|
---|
152 | char *pszName;
|
---|
153 | RTVFSOBJ hVfsObj;
|
---|
154 | RTVFSOBJTYPE enmType;
|
---|
155 | rc = RTVfsFsStrmNext(hVfsFss, &pszName, &enmType, &hVfsObj);
|
---|
156 | if (RT_FAILURE(rc))
|
---|
157 | {
|
---|
158 | if (rc == VERR_EOF)
|
---|
159 | rc = VERR_NOT_FOUND;
|
---|
160 | break;
|
---|
161 | }
|
---|
162 | const char *pszAdjName = pszName[0] == '.' && pszName[1] == '/' ? &pszName[2] : pszName;
|
---|
163 |
|
---|
164 | if ( !strcmp(pszAdjName, pszFilename)
|
---|
165 | && ( enmType == RTVFSOBJTYPE_FILE
|
---|
166 | || enmType == RTVFSOBJTYPE_IO_STREAM))
|
---|
167 | {
|
---|
168 | RTStrFree(pszName);
|
---|
169 |
|
---|
170 | RTVFSIOSTREAM hVfsIos = RTVfsObjToIoStream(hVfsObj);
|
---|
171 | rc = RTVfsMemorizeIoStreamAsFile(hVfsIos, RTFILE_O_READ, phVfsFile);
|
---|
172 | if ( RT_SUCCESS(rc)
|
---|
173 | && fValidateUtf8)
|
---|
174 | rc = RTVfsIoStrmValidateUtf8Encoding(hVfsIos,
|
---|
175 | RTVFS_VALIDATE_UTF8_BY_RTC_3629 | RTVFS_VALIDATE_UTF8_NO_NULL,
|
---|
176 | NULL);
|
---|
177 |
|
---|
178 | RTVfsObjRelease(hVfsObj);
|
---|
179 | RTVfsIoStrmRelease(hVfsIos);
|
---|
180 | if ( RT_FAILURE(rc)
|
---|
181 | && *phVfsFile != NIL_RTVFSFILE)
|
---|
182 | {
|
---|
183 | RTVfsFileRelease(*phVfsFile);
|
---|
184 | *phVfsFile = NIL_RTVFSFILE;
|
---|
185 | }
|
---|
186 | return rc;
|
---|
187 | }
|
---|
188 |
|
---|
189 | /*
|
---|
190 | * Clean up.
|
---|
191 | */
|
---|
192 | RTVfsObjRelease(hVfsObj);
|
---|
193 | RTStrFree(pszName);
|
---|
194 | }
|
---|
195 |
|
---|
196 | return rc;
|
---|
197 | }
|
---|
198 |
|
---|
199 |
|
---|
200 | /**
|
---|
201 | * Returns the memorized file handle for the given name from the given tarball VFS file handle.
|
---|
202 | *
|
---|
203 | * @returns IPRT status code.
|
---|
204 | * @param hVfsTarball The VFS file handle of the tarball containing the object.
|
---|
205 | * @param pszFilename The filename to look for.
|
---|
206 | * @param fValidateUtf8 Flag whether tpo validate the content as UTF-8.
|
---|
207 | * @param phVfsFile Where to store the VFS file handle on success (content is completely in memory).
|
---|
208 | */
|
---|
209 | static int rtFuzzCfgGrabFileFromTarball(RTVFSFILE hVfsTarball, const char *pszFilename, bool fValidateUtf8, PRTVFSFILE phVfsFile)
|
---|
210 | {
|
---|
211 | RTVFSFSSTREAM hVfsFss;
|
---|
212 | int rc = rtFuzzCfgTarFssFromVfsFile(&hVfsFss, hVfsTarball);
|
---|
213 | if (RT_SUCCESS(rc))
|
---|
214 | {
|
---|
215 | /* Search for the index file and parse it. */
|
---|
216 | RTVFSFILE hVfsJson;
|
---|
217 | rc = rtFuzzCfgFindFile(hVfsFss, pszFilename, fValidateUtf8, &hVfsJson);
|
---|
218 | RTVfsFsStrmRelease(hVfsFss);
|
---|
219 | if (RT_SUCCESS(rc))
|
---|
220 | *phVfsFile = hVfsJson;
|
---|
221 | }
|
---|
222 |
|
---|
223 | return rc;
|
---|
224 | }
|
---|
225 |
|
---|
226 |
|
---|
227 | /**
|
---|
228 | * Loads the given fuzzing config.
|
---|
229 | *
|
---|
230 | * @returns IPRT status code.
|
---|
231 | * @param pThis The fuzzing config instance.
|
---|
232 | * @param pErrInfo Additional error information, optional.
|
---|
233 | */
|
---|
234 | static int rtFuzzCfgLoad(PRTFUZZCFGINT pThis, PRTERRINFO pErrInfo)
|
---|
235 | {
|
---|
236 | /* Search for the index file and parse it. */
|
---|
237 | RTVFSFILE hVfsJson;
|
---|
238 | int rc = rtFuzzCfgGrabFileFromTarball(pThis->hVfsFile, RTFUZZ_CFG_INDEX_FILE_NAME, true /*fValidateUtf8*/, &hVfsJson);
|
---|
239 | if (RT_SUCCESS(rc))
|
---|
240 | {
|
---|
241 | rc = RTJsonParseFromVfsFile(&pThis->hJsonRoot, hVfsJson, pErrInfo);
|
---|
242 | if (RT_SUCCESS(rc))
|
---|
243 | {
|
---|
244 | /* Look for the custom config in the JSON and find it in the VFS file. */
|
---|
245 | char *pszCustomCfgFilename = NULL;
|
---|
246 | rc = RTJsonValueQueryStringByName(pThis->hJsonRoot, RTFUZZ_CFG_JSON_CUSTOM_CFG, &pszCustomCfgFilename);
|
---|
247 | if (rc == VERR_NOT_FOUND)
|
---|
248 | rc = VINF_SUCCESS; /* The custom config is optional. */
|
---|
249 | if ( RT_SUCCESS(rc)
|
---|
250 | && pszCustomCfgFilename)
|
---|
251 | {
|
---|
252 | rc = rtFuzzCfgGrabFileFromTarball(pThis->hVfsFile, pszCustomCfgFilename, false /*fValidateUtf8*/, &pThis->hVfsFileCustomCfg);
|
---|
253 | RTStrFree(pszCustomCfgFilename);
|
---|
254 | }
|
---|
255 |
|
---|
256 | if (RT_FAILURE(rc))
|
---|
257 | {
|
---|
258 | RTJsonValueRelease(pThis->hJsonRoot);
|
---|
259 | pThis->hJsonRoot = NIL_RTJSONVAL;
|
---|
260 | }
|
---|
261 | }
|
---|
262 |
|
---|
263 | RTVfsFileRelease(hVfsJson);
|
---|
264 | }
|
---|
265 |
|
---|
266 | return rc;
|
---|
267 | }
|
---|
268 |
|
---|
269 |
|
---|
270 | /**
|
---|
271 | * Searches for the given object name in the given JSON array, returning the object on success.
|
---|
272 | *
|
---|
273 | * @returns IPRT status code.
|
---|
274 | * @param hJsonValArr JSON value handle containing the input corpus objects.
|
---|
275 | * @param pszName The name to look for.
|
---|
276 | * @param phJsonVal Where to store the referenced JSON value on success.
|
---|
277 | */
|
---|
278 | static int rtFuzzCfgQueryInputCorpusEntryFromArray(RTJSONVAL hJsonValArr, const char *pszName, PRTJSONVAL phJsonVal)
|
---|
279 | {
|
---|
280 | int rc = VERR_NOT_FOUND;
|
---|
281 | uint32_t cEntries = RTJsonValueGetArraySize(hJsonValArr);
|
---|
282 |
|
---|
283 | for (uint32_t i = 0; i < cEntries; i++)
|
---|
284 | {
|
---|
285 | RTJSONVAL hJsonVal;
|
---|
286 | int rc2 = RTJsonValueQueryByIndex(hJsonValArr, i, &hJsonVal);
|
---|
287 | if (RT_SUCCESS(rc2))
|
---|
288 | {
|
---|
289 | char *pszObjName;
|
---|
290 | rc2 = RTJsonValueQueryStringByName(hJsonVal, RTFUZZ_CFG_JSON_INPUT_NAME, &pszObjName);
|
---|
291 | if (RT_SUCCESS(rc2))
|
---|
292 | {
|
---|
293 | if (!strcmp(pszObjName, pszName))
|
---|
294 | {
|
---|
295 | RTStrFree(pszObjName);
|
---|
296 | *phJsonVal = hJsonVal;
|
---|
297 | return VINF_SUCCESS;
|
---|
298 | }
|
---|
299 |
|
---|
300 | RTStrFree(pszObjName);
|
---|
301 | }
|
---|
302 |
|
---|
303 | RTJsonValueRelease(hJsonVal);
|
---|
304 | }
|
---|
305 |
|
---|
306 | if (RT_FAILURE(rc2))
|
---|
307 | {
|
---|
308 | rc = rc2;
|
---|
309 | break;
|
---|
310 | }
|
---|
311 | }
|
---|
312 |
|
---|
313 | return rc;
|
---|
314 | }
|
---|
315 |
|
---|
316 |
|
---|
317 | /**
|
---|
318 | * Queries a 64bit unsigned integer.
|
---|
319 | *
|
---|
320 | * @returns IPRT status code.
|
---|
321 | * @param hJsonInp JSON object handle to search in.
|
---|
322 | * @param pszName Value name to look for.
|
---|
323 | * @param pu64Val Where to store the value on success.
|
---|
324 | */
|
---|
325 | static int rtFuzzCfgInputQueryU64(RTJSONVAL hJsonInp, const char *pszName, uint64_t *pu64Val)
|
---|
326 | {
|
---|
327 | int64_t i64Val;
|
---|
328 | int rc = RTJsonValueQueryIntegerByName(hJsonInp, pszName, &i64Val);
|
---|
329 | if (RT_SUCCESS(rc))
|
---|
330 | {
|
---|
331 | if (i64Val >= 0)
|
---|
332 | *pu64Val = (uint64_t)i64Val;
|
---|
333 | else
|
---|
334 | rc = VERR_OUT_OF_RANGE;
|
---|
335 | }
|
---|
336 |
|
---|
337 | return rc;
|
---|
338 | }
|
---|
339 |
|
---|
340 |
|
---|
341 | /**
|
---|
342 | * Queries a 64bit unsigned integer, supplying a default value if the name is not found in the
|
---|
343 | * given JSON object.
|
---|
344 | *
|
---|
345 | * @returns IPRT status code.
|
---|
346 | * @param hJsonInp JSON object handle to search in.
|
---|
347 | * @param pszName Value name to look for.
|
---|
348 | * @param pu64Val Where to store the value on success.
|
---|
349 | * @param u64Def The value to set if the value is not found.
|
---|
350 | */
|
---|
351 | static int rtFuzzCfgInputQueryU64Def(RTJSONVAL hJsonInp, const char *pszName, uint64_t *pu64Val, uint64_t u64Def)
|
---|
352 | {
|
---|
353 | int rc = rtFuzzCfgInputQueryU64(hJsonInp, pszName, pu64Val);
|
---|
354 | if (rc == VERR_NOT_FOUND)
|
---|
355 | {
|
---|
356 | *pu64Val = u64Def;
|
---|
357 | rc = VINF_SUCCESS;
|
---|
358 | }
|
---|
359 |
|
---|
360 | return rc;
|
---|
361 | }
|
---|
362 |
|
---|
363 |
|
---|
364 | /**
|
---|
365 | * Adds the given input to the given fuzzing contexts input corpus.
|
---|
366 | *
|
---|
367 | * @returns IPRT status code.
|
---|
368 | * @param hFuzzCtx The fuzzing context to add the input to.
|
---|
369 | * @param hJsonInp The JSON input object with further parameters.
|
---|
370 | * @param hVfsIos The VFS I/O stream of the input data to add.
|
---|
371 | */
|
---|
372 | static int rtFuzzCfgAddInputToCtx(RTFUZZCTX hFuzzCtx, RTJSONVAL hJsonInp, RTVFSIOSTREAM hVfsIos)
|
---|
373 | {
|
---|
374 | uint64_t offMutStart = 0;
|
---|
375 | int rc = rtFuzzCfgInputQueryU64Def(hJsonInp, "MutationStartOffset", &offMutStart, 0);
|
---|
376 | if (RT_SUCCESS(rc))
|
---|
377 | {
|
---|
378 | uint64_t cbMutRange = UINT64_MAX;
|
---|
379 | rc = rtFuzzCfgInputQueryU64Def(hJsonInp, "MutationRangeSize", &cbMutRange, UINT64_MAX);
|
---|
380 | if (RT_SUCCESS(rc))
|
---|
381 | rc = RTFuzzCtxCorpusInputAddFromVfsIoStrmEx(hFuzzCtx, hVfsIos, offMutStart, cbMutRange);
|
---|
382 | }
|
---|
383 |
|
---|
384 | return rc;
|
---|
385 | }
|
---|
386 |
|
---|
387 |
|
---|
388 | /**
|
---|
389 | * Sets the global fuzzer config form the given JSON object.
|
---|
390 | *
|
---|
391 | * @returns IPRT status code.
|
---|
392 | * @param hJsonRoot The JSON object handle for the fuzzer config.
|
---|
393 | * @param hFuzzCtx The fuzzing context to configure.
|
---|
394 | */
|
---|
395 | static int rtFuzzCfgSetFuzzCtxCfg(RTJSONVAL hJsonRoot, RTFUZZCTX hFuzzCtx)
|
---|
396 | {
|
---|
397 | uint64_t u64Tmp;
|
---|
398 | int rc = rtFuzzCfgInputQueryU64(hJsonRoot, "Seed", &u64Tmp);
|
---|
399 | if (RT_SUCCESS(rc))
|
---|
400 | rc = RTFuzzCtxReseed(hFuzzCtx, u64Tmp);
|
---|
401 | else if (rc == VERR_NOT_FOUND)
|
---|
402 | rc = VINF_SUCCESS;
|
---|
403 |
|
---|
404 | if (RT_SUCCESS(rc))
|
---|
405 | {
|
---|
406 | rc = rtFuzzCfgInputQueryU64(hJsonRoot, "InputSizeMax", &u64Tmp);
|
---|
407 | if (RT_SUCCESS(rc))
|
---|
408 | rc = RTFuzzCtxCfgSetInputSeedMaximum(hFuzzCtx, (size_t)u64Tmp);
|
---|
409 | else if (rc == VERR_NOT_FOUND)
|
---|
410 | rc = VINF_SUCCESS;
|
---|
411 | }
|
---|
412 |
|
---|
413 | if (RT_SUCCESS(rc))
|
---|
414 | {
|
---|
415 | uint64_t offMutateStart = 0;
|
---|
416 | uint64_t cbMutateRange = UINT64_MAX;
|
---|
417 | rc = rtFuzzCfgInputQueryU64(hJsonRoot, "MutationStartOffset", &offMutateStart);
|
---|
418 | if (rc == VERR_NOT_FOUND)
|
---|
419 | rc = VINF_SUCCESS;
|
---|
420 |
|
---|
421 | if (RT_SUCCESS(rc))
|
---|
422 | {
|
---|
423 | rc = rtFuzzCfgInputQueryU64(hJsonRoot, "MutationRangeSize", &cbMutateRange);
|
---|
424 | if (rc == VERR_NOT_FOUND)
|
---|
425 | rc = VINF_SUCCESS;
|
---|
426 | }
|
---|
427 |
|
---|
428 | if (RT_SUCCESS(rc))
|
---|
429 | rc = RTFuzzCtxCfgSetMutationRange(hFuzzCtx, offMutateStart, cbMutateRange);
|
---|
430 | }
|
---|
431 |
|
---|
432 | /** @todo More here */
|
---|
433 | return rc;
|
---|
434 | }
|
---|
435 |
|
---|
436 |
|
---|
437 | /**
|
---|
438 | * Adds all inputs in the iven config file to the given fuzzer context.
|
---|
439 | *
|
---|
440 | * @returns IPRT status code.
|
---|
441 | * @param pThis The fuzzing config instance.
|
---|
442 | * @param hJsonValCorpusArr The JSON array handle containing the input corpus configuration.
|
---|
443 | * @param hFuzzCtx The fuzzing context to configure.
|
---|
444 | */
|
---|
445 | static int rtFuzzCfgAddFuzzCtxInputs(PRTFUZZCFGINT pThis, RTJSONVAL hJsonValCorpusArr, RTFUZZCTX hFuzzCtx)
|
---|
446 | {
|
---|
447 | /*
|
---|
448 | * Go through the tarball sequentially and search the corresponding entries in the JSON array
|
---|
449 | * instead of the other way around because reopening the tarball and seeking around
|
---|
450 | * each time (filesystem stream) is much more expensive.
|
---|
451 | */
|
---|
452 | RTVFSFSSTREAM hVfsFss;
|
---|
453 | int rc = rtFuzzCfgTarFssFromVfsFile(&hVfsFss, pThis->hVfsFile);
|
---|
454 | if (RT_SUCCESS(rc))
|
---|
455 | {
|
---|
456 | for (;;)
|
---|
457 | {
|
---|
458 | /*
|
---|
459 | * Get the next stream object.
|
---|
460 | */
|
---|
461 | char *pszName;
|
---|
462 | RTVFSOBJ hVfsObj;
|
---|
463 | RTVFSOBJTYPE enmType;
|
---|
464 | rc = RTVfsFsStrmNext(hVfsFss, &pszName, &enmType, &hVfsObj);
|
---|
465 | if (RT_FAILURE(rc))
|
---|
466 | {
|
---|
467 | if (rc == VERR_EOF)
|
---|
468 | rc = VINF_SUCCESS;
|
---|
469 | break;
|
---|
470 | }
|
---|
471 |
|
---|
472 | if ( enmType == RTVFSOBJTYPE_FILE
|
---|
473 | || enmType == RTVFSOBJTYPE_IO_STREAM)
|
---|
474 | {
|
---|
475 | const char *pszAdjName = pszName[0] == '.' && pszName[1] == '/' ? &pszName[2] : pszName;
|
---|
476 |
|
---|
477 | /* Skip the index.json. */
|
---|
478 | if (strcmp(pszAdjName, RTFUZZ_CFG_INDEX_FILE_NAME))
|
---|
479 | {
|
---|
480 | /* Look for a JSON object with the matching filename and process it. */
|
---|
481 | RTJSONVAL hJsonInp;
|
---|
482 | rc = rtFuzzCfgQueryInputCorpusEntryFromArray(hJsonValCorpusArr, pszAdjName, &hJsonInp);
|
---|
483 | if (RT_SUCCESS(rc))
|
---|
484 | {
|
---|
485 | RTVFSIOSTREAM hVfsIos = RTVfsObjToIoStream(hVfsObj);
|
---|
486 | rc = rtFuzzCfgAddInputToCtx(hFuzzCtx, hJsonInp, hVfsIos);
|
---|
487 | RTVfsIoStrmRelease(hVfsIos);
|
---|
488 | RTJsonValueRelease(hJsonInp);
|
---|
489 | }
|
---|
490 | }
|
---|
491 | }
|
---|
492 |
|
---|
493 | /*
|
---|
494 | * Clean up.
|
---|
495 | */
|
---|
496 | RTVfsObjRelease(hVfsObj);
|
---|
497 | RTStrFree(pszName);
|
---|
498 | if (RT_FAILURE(rc))
|
---|
499 | break; /* Abort on error. */
|
---|
500 | }
|
---|
501 |
|
---|
502 | RTVfsFsStrmRelease(hVfsFss);
|
---|
503 | }
|
---|
504 |
|
---|
505 | return rc;
|
---|
506 | }
|
---|
507 |
|
---|
508 |
|
---|
509 | /**
|
---|
510 | * Destroys the given fuzzing config.
|
---|
511 | *
|
---|
512 | * @returns nothing.
|
---|
513 | * @param pThis The fuzzing config instance to destroy.
|
---|
514 | */
|
---|
515 | static void rtFuzzCfgDestroy(PRTFUZZCFGINT pThis)
|
---|
516 | {
|
---|
517 | RTJsonValueRelease(pThis->hJsonRoot);
|
---|
518 | RTVfsFileRelease(pThis->hVfsFile);
|
---|
519 | if (pThis->hVfsFileCustomCfg != NIL_RTVFSFILE)
|
---|
520 | RTVfsFileRelease(pThis->hVfsFileCustomCfg);
|
---|
521 | pThis->hVfsFile = NIL_RTVFSFILE;
|
---|
522 | RTMemFree(pThis);
|
---|
523 | }
|
---|
524 |
|
---|
525 |
|
---|
526 | RTDECL(int) RTFuzzCfgCreateFromVfsFile(PRTFUZZCFG phFuzzCfg, RTVFSFILE hVfsFile, PRTERRINFO pErrInfo)
|
---|
527 | {
|
---|
528 | AssertPtrReturn(phFuzzCfg, VERR_INVALID_POINTER);
|
---|
529 |
|
---|
530 | int rc;
|
---|
531 | PRTFUZZCFGINT pThis = (PRTFUZZCFGINT)RTMemAllocZ(sizeof(*pThis));
|
---|
532 | if (RT_LIKELY(pThis))
|
---|
533 | {
|
---|
534 | pThis->u32Magic = 0; /** @todo */
|
---|
535 | pThis->cRefs = 1;
|
---|
536 | RTVfsFileRetain(hVfsFile);
|
---|
537 | pThis->hVfsFile = hVfsFile;
|
---|
538 | pThis->hVfsFileCustomCfg = NIL_RTVFSFILE;
|
---|
539 |
|
---|
540 | rc = rtFuzzCfgLoad(pThis, pErrInfo);
|
---|
541 | if (RT_SUCCESS(rc))
|
---|
542 | {
|
---|
543 | *phFuzzCfg = pThis;
|
---|
544 | return VINF_SUCCESS;
|
---|
545 | }
|
---|
546 |
|
---|
547 | RTVfsFileRelease(hVfsFile);
|
---|
548 | pThis->hVfsFile = NULL;
|
---|
549 | RTMemFree(pThis);
|
---|
550 | }
|
---|
551 | else
|
---|
552 | rc = VERR_NO_MEMORY;
|
---|
553 |
|
---|
554 | return rc;
|
---|
555 | }
|
---|
556 |
|
---|
557 |
|
---|
558 | RTDECL(int) RTFuzzCfgCreateFromFile(PRTFUZZCFG phFuzzCfg, const char *pszFilename, PRTERRINFO pErrInfo)
|
---|
559 | {
|
---|
560 | AssertPtrReturn(pszFilename, VERR_INVALID_POINTER);
|
---|
561 |
|
---|
562 | RTVFSFILE hVfsFile;
|
---|
563 | int rc = RTVfsFileOpenNormal(pszFilename, RTFILE_O_READ | RTFILE_O_OPEN | RTFILE_O_DENY_NONE, &hVfsFile);
|
---|
564 | if (RT_SUCCESS(rc))
|
---|
565 | {
|
---|
566 | rc = RTFuzzCfgCreateFromVfsFile(phFuzzCfg, hVfsFile, pErrInfo);
|
---|
567 | RTVfsFileRelease(hVfsFile);
|
---|
568 | }
|
---|
569 |
|
---|
570 | return rc;
|
---|
571 | }
|
---|
572 |
|
---|
573 |
|
---|
574 | RTDECL(uint32_t) RTFuzzCfgRetain(RTFUZZCFG hFuzzCfg)
|
---|
575 | {
|
---|
576 | PRTFUZZCFGINT pThis = hFuzzCfg;
|
---|
577 |
|
---|
578 | AssertPtrReturn(pThis, UINT32_MAX);
|
---|
579 |
|
---|
580 | uint32_t cRefs = ASMAtomicIncU32(&pThis->cRefs);
|
---|
581 | AssertMsg(cRefs > 1 && cRefs < _1M, ("%#x %p\n", cRefs, pThis));
|
---|
582 | return cRefs;
|
---|
583 | }
|
---|
584 |
|
---|
585 |
|
---|
586 | RTDECL(uint32_t) RTFuzzCfgRelease(RTFUZZCFG hFuzzCfg)
|
---|
587 | {
|
---|
588 | PRTFUZZCFGINT pThis = hFuzzCfg;
|
---|
589 | if (pThis == NIL_RTFUZZCFG)
|
---|
590 | return 0;
|
---|
591 | AssertPtrReturn(pThis, UINT32_MAX);
|
---|
592 |
|
---|
593 | uint32_t cRefs = ASMAtomicDecU32(&pThis->cRefs);
|
---|
594 | AssertMsg(cRefs < _1M, ("%#x %p\n", cRefs, pThis));
|
---|
595 | if (cRefs == 0)
|
---|
596 | rtFuzzCfgDestroy(pThis);
|
---|
597 | return cRefs;
|
---|
598 | }
|
---|
599 |
|
---|
600 |
|
---|
601 | RTDECL(int) RTFuzzCfgImport(RTFUZZCFG hFuzzCfg, RTFUZZCTX hFuzzCtx, uint32_t fFlags)
|
---|
602 | {
|
---|
603 | AssertReturn(hFuzzCfg != NIL_RTFUZZCFG, VERR_INVALID_HANDLE);
|
---|
604 | AssertReturn(hFuzzCtx != NIL_RTFUZZCTX, VERR_INVALID_HANDLE);
|
---|
605 | AssertReturn(!(fFlags & ~RTFUZZCFG_IMPORT_F_VALID), VERR_INVALID_PARAMETER);
|
---|
606 |
|
---|
607 | /* Get the input corpus array. */
|
---|
608 | PRTFUZZCFGINT pThis = hFuzzCfg;
|
---|
609 | RTJSONVAL hJsonValCorpusArr;
|
---|
610 | int rc = RTJsonValueQueryByName(pThis->hJsonRoot, RTFUZZ_CFG_JSON_INPUT_CORPUS, &hJsonValCorpusArr);
|
---|
611 | if (RT_SUCCESS(rc))
|
---|
612 | {
|
---|
613 | if (RTJsonValueGetType(hJsonValCorpusArr) == RTJSONVALTYPE_ARRAY)
|
---|
614 | {
|
---|
615 | /* If not ommitted set the global fuzzing context config now. */
|
---|
616 | if (!(fFlags & RTFUZZCFG_IMPORT_F_ONLY_INPUT))
|
---|
617 | rc = rtFuzzCfgSetFuzzCtxCfg(pThis->hJsonRoot, hFuzzCtx);
|
---|
618 |
|
---|
619 | if (RT_SUCCESS(rc))
|
---|
620 | rc = rtFuzzCfgAddFuzzCtxInputs(pThis, hJsonValCorpusArr, hFuzzCtx);
|
---|
621 | }
|
---|
622 | else
|
---|
623 | rc = VERR_JSON_VALUE_INVALID_TYPE;
|
---|
624 | }
|
---|
625 |
|
---|
626 | return rc;
|
---|
627 | }
|
---|
628 |
|
---|
629 |
|
---|
630 | RTDECL(int) RTFuzzCfgQueryCustomCfg(RTFUZZCFG hFuzzCfg, PRTVFSFILE phVfsFile)
|
---|
631 | {
|
---|
632 | PRTFUZZCFGINT pThis = hFuzzCfg;
|
---|
633 |
|
---|
634 | if (pThis->hVfsFileCustomCfg != NIL_RTVFSFILE)
|
---|
635 | {
|
---|
636 | RTVfsFileRetain(pThis->hVfsFileCustomCfg);
|
---|
637 | *phVfsFile = pThis->hVfsFileCustomCfg;
|
---|
638 | return VINF_SUCCESS;
|
---|
639 | }
|
---|
640 |
|
---|
641 | return VERR_NOT_FOUND;
|
---|
642 | }
|
---|
643 |
|
---|