static int fuzz_write( unsigned int seg, unsigned long offset, void *p_data, unsigned int bytes, struct x86_emulate_ctxt *ctxt) { return maybe_fail("write", true); }
static int fuzz_write( enum x86_segment seg, unsigned long offset, void *p_data, unsigned int bytes, struct x86_emulate_ctxt *ctxt) { /* Writes not expected for any system segments. */ assert(is_x86_user_segment(seg)); return maybe_fail(ctxt, "write", true); }
static int _fuzz_rep_write(const char *why, unsigned long *reps) { int rc = maybe_fail(why, true); switch ( rc ) { case X86EMUL_UNHANDLEABLE: /* No work is done in this case */ *reps = 0; break; case X86EMUL_EXCEPTION: case X86EMUL_RETRY: /* Halve the amount in this case */ *reps /= 2; break; } return rc; }
static int fuzz_insn_fetch( enum x86_segment seg, unsigned long offset, void *p_data, unsigned int bytes, struct x86_emulate_ctxt *ctxt) { assert(seg == x86_seg_cs); /* * Zero-length instruction fetches are made at the destination of jumps, * to perform segmentation checks. No data needs returning. */ if ( bytes == 0 ) { assert(p_data == NULL); return maybe_fail(ctxt, "insn_fetch", true); } return data_read(ctxt, seg, "insn_fetch", p_data, bytes); }
static int data_read(const char *why, void *dst, unsigned int bytes) { unsigned int i; int rc; if ( data_index + bytes > data_num ) rc = X86EMUL_EXCEPTION; else rc = maybe_fail(why, true); if ( rc == X86EMUL_OKAY ) { memcpy(dst, input.data + data_index, bytes); data_index += bytes; printf("%s: ", why); for ( i = 0; i < bytes; i++ ) printf(" %02x", *(unsigned char *)(dst + i)); printf("\n"); } return rc; }
static int data_read(struct x86_emulate_ctxt *ctxt, enum x86_segment seg, const char *why, void *dst, unsigned int bytes) { struct fuzz_state *s = ctxt->data; const struct fuzz_corpus *c = s->corpus; unsigned int i; int rc; if ( s->data_index + bytes > s->data_num ) { /* * Fake up a segment limit violation. System segment limit volations * are reported by X86EMUL_EXCEPTION alone, so the emulator can fill * in the correct context. */ if ( !is_x86_system_segment(seg) ) x86_emul_hw_exception(13, 0, ctxt); rc = X86EMUL_EXCEPTION; } else rc = maybe_fail(ctxt, why, true); if ( rc == X86EMUL_OKAY ) { memcpy(dst, &c->data[s->data_index], bytes); s->data_index += bytes; printf("%s: ", why); for ( i = 0; i < bytes; i++ ) printf(" %02x", *(unsigned char *)(dst + i)); printf("\n"); } return rc; }