diff mbox

[06/14] fuzz/x86_emulate: Implement dread() and davail()

Message ID 20170825164343.29015-6-george.dunlap@citrix.com (mailing list archive)
State New, archived
Headers show

Commit Message

George Dunlap Aug. 25, 2017, 4:43 p.m. UTC 
Rather than open-coding the "read" from the input file.

Signed-off-by: George Dunlap <george.dunlap@citrix.com>
---
CC: Ian Jackson <ian.jackson@citrix.com>
CC: Wei Liu <wei.liu2@citrix.com>
CC: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
---
 tools/fuzz/x86_instruction_emulator/fuzz-emul.c | 31 ++++++++++++++++++-------
 1 file changed, 22 insertions(+), 9 deletions(-)

Comments

Andrew Cooper Aug. 25, 2017, 5:45 p.m. UTC | #1 
On 25/08/17 17:43, George Dunlap wrote:
> Rather than open-coding the "read" from the input file.
>
> Signed-off-by: George Dunlap <george.dunlap@citrix.com>

This patch fills me with dread.

How about data_read() and data_available() which are slightly more
descriptive?

Also, both should be using bool rather than int.

~Andrew
George Dunlap Sept. 14, 2017, 5:06 p.m. UTC | #2 
On Fri, Aug 25, 2017 at 6:45 PM, Andrew Cooper
<andrew.cooper3@citrix.com> wrote:
> On 25/08/17 17:43, George Dunlap wrote:
>> Rather than open-coding the "read" from the input file.
>>
>> Signed-off-by: George Dunlap <george.dunlap@citrix.com>
>
> This patch fills me with dread.
>
> How about data_read() and data_available() which are slightly more
> descriptive?
>
> Also, both should be using bool rather than int.

I'm happy to do both; I was just waiting for comments on the rest of
the series before resending.

 -George
George Dunlap Sept. 25, 2017, 11:40 a.m. UTC | #3 
On Fri, Aug 25, 2017 at 6:45 PM, Andrew Cooper
<andrew.cooper3@citrix.com> wrote:
> On 25/08/17 17:43, George Dunlap wrote:
>> Rather than open-coding the "read" from the input file.
>>
>> Signed-off-by: George Dunlap <george.dunlap@citrix.com>
>
> This patch fills me with dread.
>
> How about data_read() and data_available() which are slightly more
> descriptive?

Actually, data_read() is actually already being used by the function
which will 'randomly' fail.

How about 'input_read' and 'input_available'?

 -george
diff mbox

Patch

diff --git a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
index 7f9a369421..0f5ff0b265 100644
--- a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
+++ b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
@@ -52,6 +52,22 @@  struct fuzz_state
     struct x86_emulate_ops ops;
 };
 
+static inline int davail(struct fuzz_state *s, size_t size)
+{
+    return s->data_index + size < s->data_num;
+}
+
+static inline int dread(struct fuzz_state *s, void *dst, size_t size)
+{
+    if ( !davail(s, size) )
+        return 0;
+
+    memcpy(dst, &s->corpus->data[s->data_index], size);
+    s->data_index += size;
+
+    return 1;
+}
+
 char *x86emul_return_string[] = {
     [X86EMUL_OKAY]="X86EMUL_OKAY",
     [X86EMUL_UNHANDLEABLE]="X86EMUL_UNHANDLEABLE",
@@ -68,10 +84,10 @@  static int maybe_fail(struct x86_emulate_ctxt *ctxt,
                       const char *why, bool exception)
 {
     struct fuzz_state *s = ctxt->data;
-    const struct fuzz_corpus *c = s->corpus;
+    unsigned char c;
     int rc;
 
-    if ( s->data_index >= s->data_num )
+    if ( !dread(s, &c, sizeof(c)) )
         rc = X86EMUL_EXCEPTION;
     else
     {
@@ -80,13 +96,12 @@  static int maybe_fail(struct x86_emulate_ctxt *ctxt,
          * 25% unhandlable
          * 25% exception
          */
-        if ( c->data[s->data_index] > 0xc0 )
+        if ( c > 0xc0 )
             rc = X86EMUL_EXCEPTION;
-        else if ( c->data[s->data_index] > 0x80 )
+        else if ( c > 0x80 )
             rc = X86EMUL_UNHANDLEABLE;
         else
             rc = X86EMUL_OKAY;
-        s->data_index++;
     }
 
     if ( rc == X86EMUL_EXCEPTION && !exception )
@@ -106,11 +121,10 @@  static int data_read(struct x86_emulate_ctxt *ctxt,
                      const char *why, void *dst, unsigned int bytes)
 {
     struct fuzz_state *s = ctxt->data;
-    const struct fuzz_corpus *c = s->corpus;
     unsigned int i;
     int rc;
 
-    if ( s->data_index + bytes > s->data_num )
+    if ( !davail(s, bytes) )
     {
         /*
          * Fake up a segment limit violation.  System segment limit volations
@@ -128,8 +142,7 @@  static int data_read(struct x86_emulate_ctxt *ctxt,
 
     if ( rc == X86EMUL_OKAY )
     {
-        memcpy(dst, &c->data[s->data_index], bytes);
-        s->data_index += bytes;
+        dread(s, dst, bytes);
 
         printf("%s: ", why);
         for ( i = 0; i < bytes; i++ )