Ejemplo n.º 1
0
static int fuzz_write(
    unsigned int seg,
    unsigned long offset,
    void *p_data,
    unsigned int bytes,
    struct x86_emulate_ctxt *ctxt)
{
    return maybe_fail("write", true);
}
Ejemplo n.º 2
0
static int fuzz_write(
    enum x86_segment seg,
    unsigned long offset,
    void *p_data,
    unsigned int bytes,
    struct x86_emulate_ctxt *ctxt)
{
    /* Writes not expected for any system segments. */
    assert(is_x86_user_segment(seg));

    return maybe_fail(ctxt, "write", true);
}
Ejemplo n.º 3
0
static int _fuzz_rep_write(const char *why, unsigned long *reps)
{
    int rc = maybe_fail(why, true);

    switch ( rc )
    {
    case X86EMUL_UNHANDLEABLE:
        /* No work is done in this case */
        *reps = 0;
        break;
    case X86EMUL_EXCEPTION:
    case X86EMUL_RETRY:
        /* Halve the amount in this case */
        *reps /= 2;
        break;
    }

    return rc;
}
Ejemplo n.º 4
0
static int fuzz_insn_fetch(
    enum x86_segment seg,
    unsigned long offset,
    void *p_data,
    unsigned int bytes,
    struct x86_emulate_ctxt *ctxt)
{
    assert(seg == x86_seg_cs);

    /*
     * Zero-length instruction fetches are made at the destination of jumps,
     * to perform segmentation checks.  No data needs returning.
     */
    if ( bytes == 0 )
    {
        assert(p_data == NULL);
        return maybe_fail(ctxt, "insn_fetch", true);
    }

    return data_read(ctxt, seg, "insn_fetch", p_data, bytes);
}
Ejemplo n.º 5
0
static int data_read(const char *why, void *dst, unsigned int bytes)
{
    unsigned int i;
    int rc;

    if ( data_index + bytes > data_num )
        rc = X86EMUL_EXCEPTION;
    else
        rc = maybe_fail(why, true);

    if ( rc == X86EMUL_OKAY )
    {
        memcpy(dst,  input.data + data_index, bytes);
        data_index += bytes;

        printf("%s: ", why);
        for ( i = 0; i < bytes; i++ )
            printf(" %02x", *(unsigned char *)(dst + i));
        printf("\n");
    }

    return rc;
}
Ejemplo n.º 6
0
static int data_read(struct x86_emulate_ctxt *ctxt,
                     enum x86_segment seg,
                     const char *why, void *dst, unsigned int bytes)
{
    struct fuzz_state *s = ctxt->data;
    const struct fuzz_corpus *c = s->corpus;
    unsigned int i;
    int rc;

    if ( s->data_index + bytes > s->data_num )
    {
        /*
         * Fake up a segment limit violation.  System segment limit volations
         * are reported by X86EMUL_EXCEPTION alone, so the emulator can fill
         * in the correct context.
         */
        if ( !is_x86_system_segment(seg) )
            x86_emul_hw_exception(13, 0, ctxt);

        rc = X86EMUL_EXCEPTION;
    }
    else
        rc = maybe_fail(ctxt, why, true);

    if ( rc == X86EMUL_OKAY )
    {
        memcpy(dst, &c->data[s->data_index], bytes);
        s->data_index += bytes;

        printf("%s: ", why);
        for ( i = 0; i < bytes; i++ )
            printf(" %02x", *(unsigned char *)(dst + i));
        printf("\n");
    }

    return rc;
}