input: make sure files are read in small chunks (starting with 4 byte…

…s) when using dynamic mode
google · Jul 20, 2024 · e13230f · e13230f
1 parent f4d2962
commit e13230f
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 13 deletions.
diff --git a/fuzz.c b/fuzz.c
@@ -162,11 +162,12 @@ static void fuzz_minimizeRemoveFiles(run_t* run) {
         return;
     }
     for (;;) {
-        char fname[PATH_MAX];
-        if (!input_getNext(run, fname, /* rewind= */ false)) {
+        char   fname[PATH_MAX];
+        size_t len;
+        if (!input_getNext(run, fname, &len, /* rewind= */ false)) {
             break;
         }
-        if (!input_inDynamicCorpus(run, fname)) {
+        if (!input_inDynamicCorpus(run, fname, len)) {
             if (input_removeStaticFile(run->global->io.inputDir, fname)) {
                 LOG_I("Removed unnecessary '%s'", fname);
             }

diff --git a/input.c b/input.c
@@ -123,7 +123,7 @@ bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) {
     return true;
 }
 
-bool input_getNext(run_t* run, char fname[PATH_MAX], bool rewind) {
+bool input_getNext(run_t* run, char fname[PATH_MAX], size_t* len, bool rewind) {
     MX_SCOPED_LOCK(&run->global->mutex.input);
 
     if (run->global->io.fileCnt == 0U) {
@@ -161,6 +161,7 @@ bool input_getNext(run_t* run, char fname[PATH_MAX], bool rewind) {
         }
 
         snprintf(fname, PATH_MAX, "%s", entry->d_name);
+        *len = st.st_size;
         return true;
     }
 }
@@ -430,12 +431,12 @@ void input_addDynamicInput(run_t* run) {
     }
 }
 
-bool input_inDynamicCorpus(run_t* run, const char* fname) {
+bool input_inDynamicCorpus(run_t* run, const char* fname, size_t len) {
     MX_SCOPED_RWLOCK_WRITE(&run->global->mutex.dynfileq);
 
     dynfile_t* iter = NULL;
     TAILQ_FOREACH_HF (iter, &run->global->io.dynfileq, pointers) {
-        if (strncmp(iter->path, fname, PATH_MAX) == 0) {
+        if (strncmp(iter->path, fname, PATH_MAX) == 0 && iter->size == len) {
             return true;
         }
     }
@@ -732,7 +733,7 @@ const uint8_t* input_getRandomInputAsBuf(run_t* run, size_t* len) {
 }
 
 static bool input_shouldReadNewFile(run_t* run) {
-    if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_DRY_RUN) {
+    if (fuzz_getState(run->global) != _HF_STATE_DYNAMIC_DRY_RUN) {
         input_setSize(run, run->global->mutate.maxInputSz);
         return true;
     }
@@ -759,17 +760,25 @@ static bool input_shouldReadNewFile(run_t* run) {
 bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) {
     if (input_shouldReadNewFile(run)) {
         for (;;) {
-            if (!input_getNext(run, run->dynfile->path, /* rewind= */ rewind)) {
+            size_t flen;
+            if (!input_getNext(run, run->dynfile->path, &flen, /* rewind= */ rewind)) {
                 return false;
             }
-            if (!needs_mangle || !input_inDynamicCorpus(run, run->dynfile->path)) {
-                LOG_D("Skipping '%s' as it's already in the dynamic corpus", run->dynfile->path);
+            if (needs_mangle) {
                 break;
             }
+            if (!input_inDynamicCorpus(run, run->dynfile->path, HF_MIN(flen, run->dynfile->size))) {
+                break;
+            }
+            LOG_D("Skipping '%s' (dynamic corpus size=%zu, file size=%zu) as it's already in the "
+                  "dynamic corpus",
+                run->dynfile->path, run->dynfile->size, flen);
         }
         run->global->io.testedFileCnt++;
     }
 
+    LOG_D("Reading '%s' (max size=%zu)", run->dynfile->path, run->dynfile->size);
+
     char path[PATH_MAX];
     snprintf(path, sizeof(path), "%s/%s", run->global->io.inputDir, run->dynfile->path);
 

diff --git a/input.h b/input.h
@@ -33,14 +33,14 @@
 
 extern void           input_setSize(run_t* run, size_t sz);
 extern bool           input_getDirStatsAndRewind(honggfuzz_t* hfuzz);
-extern bool           input_getNext(run_t* run, char fname[PATH_MAX], bool rewind);
+extern bool           input_getNext(run_t* run, char fname[PATH_MAX], size_t* len, bool rewind);
 extern bool           input_init(honggfuzz_t* hfuzz);
 extern bool           input_parseDictionary(honggfuzz_t* hfuzz);
 extern void           input_freeDictionary(honggfuzz_t* hfuzz);
 extern bool           input_parseBlacklist(honggfuzz_t* hfuzz);
 extern bool           input_writeCovFile(const char* dir, dynfile_t* dynfile);
 extern void           input_addDynamicInput(run_t* run);
-extern bool           input_inDynamicCorpus(run_t* run, const char* fname);
+extern bool           input_inDynamicCorpus(run_t* run, const char* fname, size_t len);
 extern void           input_renumerateInputs(honggfuzz_t* hfuzz);
 extern bool           input_prepareDynamicInput(run_t* run, bool needs_mangle);
 extern const uint8_t* input_getRandomInputAsBuf(run_t* run, size_t* len);

diff --git a/libhfcommon/files.c b/libhfcommon/files.c
@@ -63,7 +63,7 @@ ssize_t files_readFileToBufMax(const char* fname, uint8_t* buf, size_t fileMaxSz
 
     ssize_t readSz = files_readFromFd(fd, buf, fileMaxSz);
     if (readSz < 0) {
-        LOG_W("Couldn't read '%s' to a buf", fname);
+        PLOG_W("Couldn't read '%s' to a buf (size=%zu)", fname, fileMaxSz);
     }
     close(fd);