[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 04/14] fuzz/x86_emulate: Add a better input size check



For some reason the 'feof()' check for the file size isn't working in
llvm-clang-fast mode; the result is several kilobyte files rather than
the 4k limit files as we've requested.  This is bad in part because
AFL will spend time trying to "fuzz" bits of the input that are never
touched.

Add a new check: Offer to read INPUT_SIZE + 1; if we actually get that
many bytes, return an error.

Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx>
---
CC: Ian Jackson <ian.jackson@xxxxxxxxxx>
CC: Wei Liu <wei.liu2@xxxxxxxxxx>
CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CC: Jan Beulich <jbeulich@xxxxxxxx>
---
 tools/fuzz/x86_instruction_emulator/afl-harness.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/fuzz/x86_instruction_emulator/afl-harness.c 
b/tools/fuzz/x86_instruction_emulator/afl-harness.c
index 1a79ff228e..51e0183356 100644
--- a/tools/fuzz/x86_instruction_emulator/afl-harness.c
+++ b/tools/fuzz/x86_instruction_emulator/afl-harness.c
@@ -76,7 +76,7 @@ int main(int argc, char **argv)
             }
         }
 
-        size = fread(input, 1, INPUT_SIZE, fp);
+        size = fread(input, 1, INPUT_SIZE + 1, fp);
 
         if ( ferror(fp) )
         {
@@ -84,7 +84,7 @@ int main(int argc, char **argv)
             exit(-1);
         }
 
-        if ( !feof(fp) )
+        if ( !feof(fp) || size > INPUT_SIZE )
         {
             printf("Input too large\n");
             exit(-1);
-- 
2.14.1


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.