#! /bin/sh # # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2018-2021 Gavin D. Howard and contributors. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # * Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. # # * Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation # and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # This script uses some non-POSIX behavior, but since it's meant for bc # maintainers only, I can accept that. # Get an entry from the file. If an argument exists, it is an index. Get that # line. Otherwise, get a random line. getentry() { # Figure out if we get a specific or random line. if [ $# -gt 0 ]; then entnum="$1" else entnum=0 fi # Get data from stdin and figure out how many lines there are. e=$(cat -) num=$(printf '%s\n' "$e" | wc -l) # Figure out what line we are going to get. Uses bc's own PRNG. if [ "$entnum" -eq 0 ]; then rand=$(printf 'irand(%s) + 1\n' "$num" | "$bcdir/bc") else rand="$entnum" fi # Get the line. ent=$(printf '%s\n' "$e" | tail -n +$rand | head -n 1) printf '%s\n' "$ent" } script="$0" dir=$(dirname "$script") . "$dir/functions.sh" # Command-line processing. if [ "$#" -lt 1 ]; then printf 'usage: %s dir\n' "$0" exit 1 fi d="$1" shift bcdir="$dir/../bin" # Figure out the correct input directory. if [ "$d" = "bc" ]; then inputs="$dir/../tests/fuzzing/bc_inputs1" opts="-lq" elif [ "$d" = "dc" ]; then inputs="$dir/../test/fuzzing/dc_inputs" opts="-x" else err_exit "wrong type of executable" 1 fi export ASAN_OPTIONS="abort_on_error=1:allocator_may_return_null=1" entries=$(cat "$dir/radamsa.txt") IFS=$'\n' go=1 # Infinite loop. while [ "$go" -ne 0 ]; do # If we are running bc, fuzz command-line arguments in BC_ENV_ARGS. if [ "$d" = "bc" ]; then entry=$(cat -- "$dir/radamsa.txt" | getentry) items=$(printf '%s\n' "$entry" | radamsa -n 10) printf '%s\n' "$items" for i in `seq 1 10`; do item=$(printf '%s\n' "$items" | getentry "$i") export BC_ENV_ARGS="$item" echo 'halt' | "$bcdir/$d" err=$? checkcrash "$d" "$err" "radamsa env args: \"$item\"" done fi f=$(ls "$inputs" | getentry) l=$(cat "$inputs/$f" | wc -l) ll=$(printf '%s^2\n' "$l" | bc) # Fuzz on the AFL++ inputs. for i in $(seq 1 2); do data=$(cat "$inputs/$f" | radamsa -n 1) printf '%s\n' "$data" > "$dir/../.log_${d}_test.txt" printf '%s\n' "$data" | timeout -s SIGTERM 5 "$bcdir/$d" "$opts" > /dev/null err=$? checkcrash "$d" "$err" "radamsa stdin" done done