int main(){
apop_prep(NULL, &search_sim);
one_run(10, 10);
one_run(100, 10);
one_run(10, 45);
apop_model *fuzzed = fuzz(search_sim);
apop_data_print(fuzzed->data, .output_name="outdata");
}
DWORD WINAPI fuzzThread(LPVOID lpParam) {
UINT32 threadId = *((UINT32*)lpParam);
printf("Go ! Fuzzer %d\n", threadId);
try{
while (1){
int i = fastrand16() & 0xFFF; //TODO: do it better ! faster ! stronger !
if (syscall_list[i].enabled == 1){
threadHB[threadId]++;
curSyscall[threadId] = &syscall_list[i];
fuzz(curSyscall[threadId]);
}
}
}
catch (...){
printf("...");
}
return 0;
}
int main(int argc, char *argv[])
{
setvbuf(stdout, NULL, _IONBF, 0);
if (argc != 2) {
fprintf(stderr, "Wrong argument count!\n");
return 1;
}
struct bitmap_file original = read_bitmap(argv[1]);
struct bitmap_file fuzzed = fuzz(original);
write_bitmap(argv[1], fuzzed);
free(original.fh);
free(original.ih);
free(original.ih_cont);
free(original.pixels);
free(fuzzed.pixels);
return 0;
}
int execute_fuzz(option_block *opts)
{
char *line = malloc(8192);
char *req = malloc(opts->mseql + 16384);
char *req2 = malloc(opts->mseql + 16384);
char *preq = malloc(opts->mseql + 16384);
char *p, *j;
char c,f,b;
int tsze = 0;
int reqsize = 0;
int preqsize= 0;
int i = 0;
int k = 0;
unsigned int seq4b = 0;
memset(req, 0, opts->mseql + 16384);
memset(req2, 0, opts->mseql + 16384);
memset(preq, 0, opts->mseql + 16384);
if(opts->state != FUZZ)
{
fprintf(stderr, "[%s] fatal: corrupted state for execute_fuzz()\n",
get_time_as_log());
exit(-1);
}
/*setup the socket fd*/
opts->sockfd = -1;
while(!feof(opts->fp))
{
tsze = 0;
reqsize = 0;
line[0] = 0;
while(strcmp(line, "--") && strcmp(line, "c-"))
{
tsze = readLine(opts, line, 8192, 1);
if(!strcmp(line, "--") || !strcmp(line, "c-") || tsze == 0)
{
break;
}
if(opts->mseql && ((tsze + reqsize) > opts->mseql + 8192))
{
/*ohnoes overflow*/
fprintf(stderr, "[%s] error: overflow[%d:%d].\n",
get_time_as_log(), opts->mseql,
(tsze + reqsize));
exit(-1);
}
memcpy(req+reqsize, line, tsze);
reqsize += tsze-1;
if(opts->line_terminator_size)
{
memcpy(req+reqsize, opts->line_term,
opts->line_terminator_size);
}
reqsize += opts->line_terminator_size;
*(req+reqsize) = 0;
}
if(feof(opts->fp)) break;
if(!strcasecmp(line, "c-"))
opts->close_conn = 0;
else
opts->close_conn = 1;
/* TODO: implement this feature in an intuitive and useful manner */
opts->send_initial_nonfuzz_again = 0;
if(opts->trim_nl)
req[reqsize-1] = 0;
if(opts->seqstep <= 0)
{
opts->seqstep = opts->mseql;
}
/*loaded a request.*/
p = strstr(req, "FUZZ");
if(!p)
{
if(fuzz(opts, req, reqsize) < 0)
{
goto done;
}
memcpy(preq, req, reqsize);
preqsize = reqsize;
}
else /* we have to FUZZ for reals*/
{
/*do the literals*/
if(opts->no_literal_fuzz == 0)
{
for(tsze = 0; tsze < opts->num_litr; ++tsze)
{
char litr_is_bin = 0;
i = 0;
/*first, do the literals, which are filled in as-is*/
strcpy(req2, req);
c = *(
(opts->litr[tsze]) +
strspn(opts->litr[tsze], " "));
b = *(1+
(opts->litr[tsze]) +
strspn(opts->litr[tsze], " "));
f = *(2 +
(opts->litr[tsze])+
strspn(opts->litr[tsze], " "));
if((c == '0') ||
(c == '\\'))
{
if((b == 'x') &&
((f >= '0') &&
(f <= '9')))
litr_is_bin = 1;
}
if(c == 'x')
if((f >= '0') && (f <= '9'))
litr_is_bin = 1;
if(!litr_is_bin)
i = strrepl(req2, reqsize, "FUZZ", opts->litr[tsze]);
else
{
char *blit = malloc(8192);
int blit_len = 0;
strcpy(blit,opts->litr[tsze]+
strspn(opts->litr[tsze]," "));
strrepl(blit, strlen(blit), "0x", " ");
strrepl(blit, strlen(blit), "\\x", " ");
blit_len = ascii_to_bin(blit);
i = smemrepl(req2, reqsize, "FUZZ",blit, blit_len );
free( blit );
}
if(opts->send_initial_nonfuzz_again)
if(fuzz(opts, preq, preqsize) < 0)
goto done;
if(fuzz(opts, req2, i)<0)
goto done;
}
}
if(opts->no_sequence_fuzz == 0)
{
/*do the sequences*/
for(tsze = 0; tsze < opts->num_seq; ++tsze)
{
char seq_buf[5] = {0};
/*at this point, we do sequences. Sequencing will be done*/
/*by filling to maxseqlen, in increments of seqstep*/
memcpy(req2, req, (p-req));
/*we've filled up req2 with everything BEFORE FUZZ*/
j = req2;
for(k = opts->seqstep; k <= opts->mseql; k+= opts->seqstep)
{
seq4b = 0;
req2 = j;
req2 += (p-req);
for(i=0; i < k; ++i)
{
*req2++ =
*(opts->seq[tsze] +
(i % opts->seq_lens[tsze]));
if(strstr(j, "__SEQUENCE_NUM_ASCII__"))
{
snprintf(seq_buf, 5, "%04d", seq4b++);
strrepl(j, strlen(j), "__SEQUENCE_NUM_ASCII__",
seq_buf);
req2 -= 18;
}
}
memcpy(req2, (char *)(p+4), strlen(p+4));
*(req2+(strlen(p+4))) = 0;
req2 = j;
if(opts->send_initial_nonfuzz_again)
if(fuzz(opts, preq, preqsize) < 0)
goto done;
if(fuzz(opts, req2, strlen(req2))<0)
goto done;
}
}
}
}
}
done:
free( line );
free( req );
free( req2 );
return 0;
}