mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/tools/fuzzing/shmem/SharedMemoryFuzzer.cpp

133 строки
3.1 KiB
C++
Исходник Обычный вид История

Bug 1232119 - Add fuzzer for SharedMemory. r=billm --HG-- extra : rebase_source : dbb29a3e40590555717db0de789ccb13dd0bfbf5
2017-05-23 23:36:28 +03:00
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "FuzzingMutate.h"
#include "FuzzingTraits.h"
#include "nsDebug.h"
#include "prenv.h"
#include "SharedMemoryFuzzer.h"
#define SHMEM_FUZZER_DEFAULT_MUTATION_PROBABILITY 2
#define SHMEM_FUZZER_DEFAULT_MUTATION_FACTOR 500
#define SHMEM_FUZZER_LOG(fmt, args...) \
if (SharedMemoryFuzzer::IsLoggingEnabled()) { \
printf_stderr("[SharedMemoryFuzzer] " fmt "\n", ## args); \
}
namespace mozilla {
namespace ipc {
using namespace fuzzing;
/* static */
bool
SharedMemoryFuzzer::IsLoggingEnabled()
{
static bool sInitialized = false;
static bool sIsLoggingEnabled = false;
if (!sInitialized) {
sIsLoggingEnabled = !!PR_GetEnv("SHMEM_FUZZER_ENABLE_LOGGING");
sInitialized = true;
}
return sIsLoggingEnabled;
}
/* static */
bool
SharedMemoryFuzzer::IsEnabled()
{
static bool sInitialized = false;
static bool sIsFuzzerEnabled = false;
if (!sInitialized) {
sIsFuzzerEnabled = !!PR_GetEnv("SHMEM_FUZZER_ENABLE");
}
return sIsFuzzerEnabled;
}
/* static */
uint64_t
SharedMemoryFuzzer::MutationProbability()
{
static uint64_t sPropValue = SHMEM_FUZZER_DEFAULT_MUTATION_PROBABILITY;
static bool sInitialized = false;
if (sInitialized) {
return sPropValue;
}
sInitialized = true;
const char* probability = PR_GetEnv("SHMEM_FUZZER_MUTATION_PROBABILITY");
if (probability) {
long n = std::strtol(probability, nullptr, 10);
if (n != 0) {
sPropValue = n;
return sPropValue;
}
}
return sPropValue;
}
/* static */
uint64_t
SharedMemoryFuzzer::MutationFactor()
{
static uint64_t sPropValue = SHMEM_FUZZER_DEFAULT_MUTATION_FACTOR;
static bool sInitialized = false;
if (sInitialized) {
return sPropValue;
}
sInitialized = true;
const char* factor = PR_GetEnv("SHMEM_FUZZER_MUTATION_FACTOR");
if (factor) {
long n = strtol(factor, nullptr, 10);
if (n != 0) {
sPropValue = n;
return sPropValue;
}
}
return sPropValue;
}
/* static */
void*
SharedMemoryFuzzer::MutateSharedMemory(void* aMemory, size_t aSize)
{
if (!IsEnabled()) {
return aMemory;
}
if (aSize == 0) {
/* Shmem opened from foreign handle. */
SHMEM_FUZZER_LOG("shmem is of size 0.");
return aMemory;
}
if (!aMemory) {
/* Memory space is not mapped. */
SHMEM_FUZZER_LOG("shmem memory space is not mapped.");
return aMemory;
}
// The likelihood when a value gets fuzzed of this object.
if (!FuzzingTraits::Sometimes(MutationProbability())) {
return aMemory;
}
const size_t max = FuzzingTraits::Frequency(aSize, MutationFactor());
SHMEM_FUZZER_LOG("shmem of size: %zu / mutations: %zu", aSize, max);
for (size_t i = 0; i < max; i++) {
FuzzingMutate::ChangeBit((uint8_t*)aMemory, aSize);
}
return aMemory;
}
} // namespace ipc
} // namespace mozilla