• Home
  • Raw
  • Download

Lines Matching refs:fuzz

59 struct fuzz {  struct
103 fuzz_fmt(struct fuzz *fuzz, char *s, size_t n)  in fuzz_fmt()  argument
105 	if (fuzz == NULL)  in fuzz_fmt()
108 	switch (fuzz->strategy) {  in fuzz_fmt()
111 		    fuzz_ntop(fuzz->strategy),  in fuzz_fmt()
112 		    fuzz->o1, fuzz->slen * 8, fuzz->o1);  in fuzz_fmt()
116 		    fuzz_ntop(fuzz->strategy),  in fuzz_fmt()
117 		    (((fuzz_ullong)fuzz->o2) * fuzz->slen * 8) + fuzz->o1,  in fuzz_fmt()
118 		    ((fuzz_ullong)fuzz->slen * 8) * fuzz->slen * 8,  in fuzz_fmt()
119 		    fuzz->o1, fuzz->o2);  in fuzz_fmt()
123 		    fuzz_ntop(fuzz->strategy),  in fuzz_fmt()
124 		    fuzz->o1, fuzz->slen, fuzz->o1);  in fuzz_fmt()
128 		    fuzz_ntop(fuzz->strategy),  in fuzz_fmt()
129 		    (((fuzz_ullong)fuzz->o2) * fuzz->slen) + fuzz->o1,  in fuzz_fmt()
130 		    ((fuzz_ullong)fuzz->slen) * fuzz->slen,  in fuzz_fmt()
131 		    fuzz->o1, fuzz->o2);  in fuzz_fmt()
135 		    fuzz_ntop(fuzz->strategy),  in fuzz_fmt()
136 		    fuzz->o1, fuzz->slen, fuzz->o1);  in fuzz_fmt()
140 		    fuzz_ntop(fuzz->strategy),  in fuzz_fmt()
141 		    fuzz->o1, fuzz->slen, fuzz->o1);  in fuzz_fmt()
144 		assert(fuzz->o2 < sizeof(fuzz_b64chars) - 1);  in fuzz_fmt()
146 		    fuzz_ntop(fuzz->strategy),  in fuzz_fmt()
147 		    (fuzz->o1 * (fuzz_ullong)64) + fuzz->o2,  in fuzz_fmt()
148 		    fuzz->slen * (fuzz_ullong)64, fuzz->o1,  in fuzz_fmt()
149 		    fuzz_b64chars[fuzz->o2]);  in fuzz_fmt()
184 fuzz_dump(struct fuzz *fuzz)  in fuzz_dump()  argument
188 	if (fuzz_fmt(fuzz, buf, sizeof(buf)) != 0) {  in fuzz_dump()
193 	fprintf(stderr, "fuzz original %p len = %zu\n", fuzz->seed, fuzz->slen);  in fuzz_dump()
194 	dump(fuzz->seed, fuzz->slen);  in fuzz_dump()
195 	fprintf(stderr, "fuzz context %p len = %zu\n", fuzz, fuzz_len(fuzz));  in fuzz_dump()
196 	dump(fuzz_ptr(fuzz), fuzz_len(fuzz));  in fuzz_dump()
199 static struct fuzz *last_fuzz;
214 struct fuzz *
217 	struct fuzz *ret = calloc(sizeof(*ret), 1);  in fuzz_begin()
244 fuzz_cleanup(struct fuzz *fuzz)  in fuzz_cleanup()  argument
246 	FUZZ_DBG(("cleanup, fuzz = %p", fuzz));  in fuzz_cleanup()
252 	assert(fuzz != NULL);  in fuzz_cleanup()
253 	assert(fuzz->seed != NULL);  in fuzz_cleanup()
254 	assert(fuzz->fuzzed != NULL);  in fuzz_cleanup()
255 	free(fuzz->seed);  in fuzz_cleanup()
256 	free(fuzz->fuzzed);  in fuzz_cleanup()
257 	free(fuzz);  in fuzz_cleanup()
261 fuzz_strategy_done(struct fuzz *fuzz)  in fuzz_strategy_done()  argument
264 	    fuzz, fuzz_ntop(fuzz->strategy), fuzz->o1, fuzz->o2, fuzz->slen));  in fuzz_strategy_done()
266 	switch (fuzz->strategy) {  in fuzz_strategy_done()
268 		return fuzz->o1 >= fuzz->slen * 8;  in fuzz_strategy_done()
270 		return fuzz->o2 >= fuzz->slen * 8;  in fuzz_strategy_done()
272 		return fuzz->o2 >= fuzz->slen;  in fuzz_strategy_done()
277 		return fuzz->o1 >= fuzz->slen;  in fuzz_strategy_done()
284 fuzz_next(struct fuzz *fuzz)  in fuzz_next()  argument
289 	    "o1 = %zu, o2 = %zu, slen = %zu", fuzz, fuzz_ntop(fuzz->strategy),  in fuzz_next()
290 	    (u_long)fuzz->strategies, fuzz->o1, fuzz->o2, fuzz->slen));  in fuzz_next()
292 	if (fuzz->strategy == 0 || fuzz_strategy_done(fuzz)) {  in fuzz_next()
294 		if (fuzz->fuzzed == NULL) {  in fuzz_next()
296 			fuzz->fuzzed = calloc(fuzz->slen, 1);  in fuzz_next()
301 			if ((fuzz->strategies & i) != 0) {  in fuzz_next()
302 				fuzz->strategy = i;  in fuzz_next()
306 		FUZZ_DBG(("selected = %u", fuzz->strategy));  in fuzz_next()
307 		if (fuzz->strategy == 0) {  in fuzz_next()
311 		fuzz->strategies &= ~(fuzz->strategy);  in fuzz_next()
312 		fuzz->o1 = fuzz->o2 = 0;  in fuzz_next()
315 	assert(fuzz->fuzzed != NULL);  in fuzz_next()
317 	switch (fuzz->strategy) {  in fuzz_next()
319 		assert(fuzz->o1 / 8 < fuzz->slen);  in fuzz_next()
320 		memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen);  in fuzz_next()
321 		fuzz->fuzzed[fuzz->o1 / 8] ^= 1 << (fuzz->o1 % 8);  in fuzz_next()
322 		fuzz->o1++;  in fuzz_next()
325 		assert(fuzz->o1 / 8 < fuzz->slen);  in fuzz_next()
326 		assert(fuzz->o2 / 8 < fuzz->slen);  in fuzz_next()
327 		memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen);  in fuzz_next()
328 		fuzz->fuzzed[fuzz->o1 / 8] ^= 1 << (fuzz->o1 % 8);  in fuzz_next()
329 		fuzz->fuzzed[fuzz->o2 / 8] ^= 1 << (fuzz->o2 % 8);  in fuzz_next()
330 		fuzz->o1++;  in fuzz_next()
331 		if (fuzz->o1 >= fuzz->slen * 8) {  in fuzz_next()
332 			fuzz->o1 = 0;  in fuzz_next()
333 			fuzz->o2++;  in fuzz_next()
337 		assert(fuzz->o1 < fuzz->slen);  in fuzz_next()
338 		memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen);  in fuzz_next()
339 		fuzz->fuzzed[fuzz->o1] ^= 0xff;  in fuzz_next()
340 		fuzz->o1++;  in fuzz_next()
343 		assert(fuzz->o1 < fuzz->slen);  in fuzz_next()
344 		assert(fuzz->o2 < fuzz->slen);  in fuzz_next()
345 		memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen);  in fuzz_next()
346 		fuzz->fuzzed[fuzz->o1] ^= 0xff;  in fuzz_next()
347 		fuzz->fuzzed[fuzz->o2] ^= 0xff;  in fuzz_next()
348 		fuzz->o1++;  in fuzz_next()
349 		if (fuzz->o1 >= fuzz->slen) {  in fuzz_next()
350 			fuzz->o1 = 0;  in fuzz_next()
351 			fuzz->o2++;  in fuzz_next()
356 		assert(fuzz->o1 < fuzz->slen);  in fuzz_next()
357 		memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen);  in fuzz_next()
358 		fuzz->o1++;  in fuzz_next()
361 		assert(fuzz->o1 < fuzz->slen);  in fuzz_next()
362 		assert(fuzz->o2 < sizeof(fuzz_b64chars) - 1);  in fuzz_next()
363 		memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen);  in fuzz_next()
364 		fuzz->fuzzed[fuzz->o1] = fuzz_b64chars[fuzz->o2];  in fuzz_next()
365 		fuzz->o2++;  in fuzz_next()
366 		if (fuzz->o2 >= sizeof(fuzz_b64chars) - 1) {  in fuzz_next()
367 			fuzz->o2 = 0;  in fuzz_next()
368 			fuzz->o1++;  in fuzz_next()
376 	    "o1 = %zu, o2 = %zu, slen = %zu", fuzz, fuzz_ntop(fuzz->strategy),  in fuzz_next()
377 	    (u_long)fuzz->strategies, fuzz->o1, fuzz->o2, fuzz->slen));  in fuzz_next()
381 fuzz_matches_original(struct fuzz *fuzz)  in fuzz_matches_original()  argument
383 	if (fuzz_len(fuzz) != fuzz->slen)  in fuzz_matches_original()
385 	return memcmp(fuzz_ptr(fuzz), fuzz->seed, fuzz->slen) == 0;  in fuzz_matches_original()
389 fuzz_done(struct fuzz *fuzz)  in fuzz_done()  argument
391 	FUZZ_DBG(("fuzz = %p, strategies = 0x%lx", fuzz,  in fuzz_done()
392 	    (u_long)fuzz->strategies));  in fuzz_done()
394 	return fuzz_strategy_done(fuzz) && fuzz->strategies == 0;  in fuzz_done()
398 fuzz_len(struct fuzz *fuzz)  in fuzz_len()  argument
400 	assert(fuzz->fuzzed != NULL);  in fuzz_len()
401 	switch (fuzz->strategy) {  in fuzz_len()
407 		return fuzz->slen;  in fuzz_len()
410 		assert(fuzz->o1 <= fuzz->slen);  in fuzz_len()
411 		return fuzz->slen - fuzz->o1;  in fuzz_len()
418 fuzz_ptr(struct fuzz *fuzz)  in fuzz_ptr()  argument
420 	assert(fuzz->fuzzed != NULL);  in fuzz_ptr()
421 	switch (fuzz->strategy) {  in fuzz_ptr()
427 		return fuzz->fuzzed;  in fuzz_ptr()
429 		assert(fuzz->o1 <= fuzz->slen);  in fuzz_ptr()
430 		return fuzz->fuzzed + fuzz->o1;  in fuzz_ptr()
432 		assert(fuzz->o1 <= fuzz->slen);  in fuzz_ptr()
433 		return fuzz->fuzzed;  in fuzz_ptr()