1#! /bin/sh 2# 3# SPDX-License-Identifier: BSD-2-Clause 4# 5# Copyright (c) 2018-2021 Gavin D. Howard and contributors. 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions are met: 9# 10# * Redistributions of source code must retain the above copyright notice, this 11# list of conditions and the following disclaimer. 12# 13# * Redistributions in binary form must reproduce the above copyright notice, 14# this list of conditions and the following disclaimer in the documentation 15# and/or other materials provided with the distribution. 16# 17# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 18# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 21# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27# POSSIBILITY OF SUCH DAMAGE. 28# 29 30# This script uses some non-POSIX behavior, but since it's meant for bc 31# maintainers only, I can accept that. 32 33# Get an entry from the file. If an argument exists, it is an index. Get that 34# line. Otherwise, get a random line. 35getentry() { 36 37 # Figure out if we get a specific or random line. 38 if [ $# -gt 0 ]; then 39 entnum="$1" 40 else 41 entnum=0 42 fi 43 44 # Get data from stdin and figure out how many lines there are. 45 e=$(cat -) 46 num=$(printf '%s\n' "$e" | wc -l) 47 48 # Figure out what line we are going to get. Uses bc's own PRNG. 49 if [ "$entnum" -eq 0 ]; then 50 rand=$(printf 'irand(%s) + 1\n' "$num" | "$bcdir/bc") 51 else 52 rand="$entnum" 53 fi 54 55 # Get the line. 56 ent=$(printf '%s\n' "$e" | tail -n +$rand | head -n 1) 57 58 printf '%s\n' "$ent" 59} 60 61script="$0" 62dir=$(dirname "$script") 63 64. "$dir/functions.sh" 65 66# Command-line processing. 67if [ "$#" -lt 1 ]; then 68 printf 'usage: %s dir\n' "$0" 69 exit 1 70fi 71 72d="$1" 73shift 74 75bcdir="$dir/../bin" 76 77# Figure out the correct input directory. 78if [ "$d" = "bc" ]; then 79 inputs="$dir/../tests/fuzzing/bc_inputs1" 80 opts="-lq" 81elif [ "$d" = "dc" ]; then 82 inputs="$dir/../test/fuzzing/dc_inputs" 83 opts="-x" 84else 85 err_exit "wrong type of executable" 1 86fi 87 88export ASAN_OPTIONS="abort_on_error=1:allocator_may_return_null=1" 89 90entries=$(cat "$dir/radamsa.txt") 91 92IFS=$'\n' 93 94go=1 95 96# Infinite loop. 97while [ "$go" -ne 0 ]; do 98 99 # If we are running bc, fuzz command-line arguments in BC_ENV_ARGS. 100 if [ "$d" = "bc" ]; then 101 102 entry=$(cat -- "$dir/radamsa.txt" | getentry) 103 items=$(printf '%s\n' "$entry" | radamsa -n 10) 104 105 printf '%s\n' "$items" 106 107 for i in `seq 1 10`; do 108 109 item=$(printf '%s\n' "$items" | getentry "$i") 110 111 export BC_ENV_ARGS="$item" 112 echo 'halt' | "$bcdir/$d" 113 err=$? 114 115 checkcrash "$d" "$err" "radamsa env args: \"$item\"" 116 done 117 118 fi 119 120 f=$(ls "$inputs" | getentry) 121 l=$(cat "$inputs/$f" | wc -l) 122 ll=$(printf '%s^2\n' "$l" | bc) 123 124 # Fuzz on the AFL++ inputs. 125 for i in $(seq 1 2); do 126 data=$(cat "$inputs/$f" | radamsa -n 1) 127 printf '%s\n' "$data" > "$dir/../.log_${d}_test.txt" 128 printf '%s\n' "$data" | timeout -s SIGTERM 5 "$bcdir/$d" "$opts" > /dev/null 129 err=$? 130 checkcrash "$d" "$err" "radamsa stdin" 131 done 132 133done 134