static void initialize_ants(gcp_t *problem) {/*{{{*/ int i; ant = malloc_(sizeof(gcp_solution_t) * problem->nants); for (i = 0; i < problem->nants; i++) { ant[i] = malloc_(sizeof(gcp_solution_t)); //ant[i]->nodes_color = malloc_(sizeof(int) * problem->ncolors); //ant[i]->color = malloc_(sizeof(int) * problem->size); } }/*}}}*/
fs_node_t *install_initrd(u32 location) { initrd_header = (initrd_header_t *)location; file_headers = (initrd_file_header_t *) (location+sizeof(initrd_header_t)); initrd_root = (fs_node_t*)malloc_(sizeof(fs_node_t)); strcpy(initrd_root->name, "initrd"); initrd_root->flags = FS_DIRECTORY; initrd_root->readdir = &initrd_readdir; initrd_root->finddir = &initrd_finddir; initrd_dev = (fs_node_t*)malloc_(sizeof(fs_node_t)); strcpy(initrd_dev->name, "dev"); initrd_dev->flags = FS_DIRECTORY; initrd_dev->readdir = &initrd_readdir; initrd_dev->finddir = &initrd_finddir; root_nodes = (fs_node_t*)malloc_(sizeof(fs_node_t) * initrd_header->nfiles); nroot_nodes = initrd_header->nfiles; int i; for (i = 0; i < (int)initrd_header->nfiles; i++) { file_headers[i].offset += location; strcpy(root_nodes[i].name, (char*)&file_headers[i].name); root_nodes[i].mask = root_nodes[i].uid = root_nodes[i].gid = 0; root_nodes[i].length = file_headers[i].length; root_nodes[i].inode = i; root_nodes[i].flags = FS_FILE; root_nodes[i].read = &initrd_read; root_nodes[i].write = 0; root_nodes[i].readdir = 0; root_nodes[i].finddir = 0; root_nodes[i].open = 0; root_nodes[i].close = 0; root_nodes[i].impl = 0; } return initrd_root; }
static void initialize_data(gcp_t *problem) {/*{{{*/ int i; pheromone = malloc_(sizeof(double) * problem->size); for (i = 0; i < problem->size; i++) { pheromone[i] = malloc(sizeof(double) * problem->size); } best_ant = malloc_(sizeof(gcp_solution_t)); initialize_pheromone(problem); initialize_ants(problem); }/*}}}*/
static double* calculate_probbs(int v, int size, int color, int *degree, /*{{{*/ int **adj, int* color_of, double alpha, double beta) { int i, j, size_color, neighbors; double sum, trail, totalsum; static double *probb = NULL; if (!probb) { probb = malloc_(sizeof(double) * size+1); } totalsum = 0; for (i = 0; i < size; i++) { probb[i] = 0; if ((degree[i] != OUT) && (i!=v) && (!adj[i][v])) { size_color = 0; sum = 0; neighbors = 0; for (j = 0; j < size; j++) { if (color_of[j] == color) { sum += pheromone[j][i]; size_color++; } if ((degree[j] != OUT) && adj[j][v] && adj[j][i]) { neighbors++; } } if (size_color == 0) trail = 1; else trail = sum/size_color; probb[i] = pow(trail, alpha) * pow(neighbors, beta); totalsum += probb[i]; } } probb[i] = totalsum; /////////////////////////////////////////// /* if (totalsum == 0) { for (i = 0; i < size; i++) { if ((degree[i] != OUT) && (i!=v) && (!adj[i][v])) { probb[i] = 1; totalsum++; } } probb[i] = totalsum; } */ return probb; }/*}}}*/
/* ----------------------------------------------------------------------- */ void *kalloc (size_t size) { void *addr = malloc_(size); assert_msg(addr != NULL, "The kernel run out of memory."); // kSYS.objMemory_ += size; memset(addr, 0, size); return addr; }
static void create_game(int fd, char* nick) { struct game * g = malloc_(sizeof(struct game)); g->players_number = 1; g->players_conn[0] = fd; g->players_nick[0] = nick; g->status = GAME_STATUS_OPEN; games = g_list_append(games, g); open_players = g_list_remove(open_players, GINT_TO_POINTER(fd)); calculate_list_games(); }
/*---------------------------------------------------------------------------* * NAME: push_hash * DESC: add a hash in the linked list hash structure *---------------------------------------------------------------------------*/ void push_hash(config *conf, unsigned int id, unsigned int type) { struct struct_hash *hash; struct struct_hash *prev = NULL; /* dummy hash values equal to zero for the hash computation */ unsigned int dummy_int = 0x00000000; /* debug */ debug(1, "<-----------------------[enter]\n"); /* go to the last hash */ for(hash = conf->hash;hash;hash = hash->next) { debug(3, "current struct hash of block[%d]\n", hash->id); prev = hash; /* save the preview */ } debug(3," add hash structure\n"); /* create a hash entry in the linked list */ hash = malloc_(sizeof(struct struct_hash)); /* update the previous block's field next */ if (prev) prev->next = hash; /* fill the other fields */ hash->id = id; /* used next to find the struct_block */ hash->block = NULL; /* init the struct_block pointer */ hash->offset = conf->buf_fuzz_size; /* current size of the buffer */ hash->next = NULL; /* init the next pointer */ hash->type = type; /* put the correct hash type */ /* update if it's the first hash */ if (!conf->hash) conf->hash = hash; /* add the correct number of byte in the fuzz buffer */ switch(type) { case HF_BLOCK_CRC32_B : /* big-endian 32 bits */ push_data(conf, (unsigned char *) &dummy_int, sizeof(int)); break; case HF_BLOCK_CRC32_L : /* little-endian 32 bits */ push_data(conf, (unsigned char *) &dummy_int, sizeof(int)); break; default: /* should never happen */ break; } /* debug */ debug(1, "<-----------------------[quit]\n"); }
void* malloc(size_t size) { if (!size) return ZERO_SIZE_POINTER; void* ret=malloc_(size); if (!ret) abort(); memset(ret, 0, size); if (ignore==0) { ignore++; cb.malloc(ret, size); ignore--; } return ret; }
/*! ************************************************************************************* * \brief * NALU_t *GeneratePic_parameter_set_NALU (); * * \note * Uses the global variables through FillParameterSetStructures() * * \return * A NALU containing the Picture Parameter Set * ************************************************************************************* */ NALU_t *GeneratePic_parameter_set_NALU(pic_parameter_set_rbsp_t *active_pps) { NALU_t *n = AllocNALU(64000); t_sint32 RBSPlen = 0; byte *rbsp = (byte*)NULL; void * vfm_memory_ctxt = my_vfm_memory_ctxt; /*byte rbsp[MAXRBSPSIZE]; */ rbsp = (byte *)malloc_(MAXRBSPSIZE * sizeof(char)); // rbsp = (byte *)alloca(MAXRBSPSIZE * sizeof(char)); RBSPlen = GeneratePic_parameter_set_rbsp (active_pps, (char *)rbsp); RBSPtoNALU ((char *)rbsp, n, RBSPlen, NALU_TYPE_PPS, NALU_PRIORITY_HIGHEST, 0, 1); n->startcodeprefix_len = 4; free(rbsp); return n; }
char * load_initrd_app(char *name, char **argv, char **env) { int argc = 0; while (argv[argc]) { ++argc; } struct dirent* node = 0; for (size_t i = 0; (node = readdir_fs(fs_root_initrd, i)) != 0; ++i) { fs_node_t * fsnode = finddir_fs(fs_root_initrd, node->name); if ((fsnode->flags & 0x7) == FS_DIRECTORY) { } else { char * argv_[] = { name, NULL, NULL, NULL }; int argc_ = 0; while (argv_[argc_]) { argc_++; } printk("\nSearching!\n"); char* buf = malloc_( fsnode->length); printk("%d\n",fsnode->length); u32 sz = read_fs(fsnode, 0, fsnode->length, buf); printk("Size: %d bytes\t Name: %s\n", fsnode->length, node->name); if(strcmp(node->name, name) == 0) { return buf; elf_exec__(buf, sz, name,argc,argv); memset(buf,0,400000); } } } return 0; }
/*---------------------------------------------------------------------------* * NAME: main * DESC: Main Entry Point *---------------------------------------------------------------------------*/ int main(int argc, char **argv) { config *conf; unsigned int first_arg; /* create the configuration structure */ conf = malloc_(sizeof(config)); /* init the configuration structure */ init_configuration(conf); /* parse the arguments */ first_arg = parsing_args(argc, argv, conf); conf->xml_filename = argv[first_arg]; /* copy the name of the .ad file */ conf->output_name = argv[first_arg+1]; /* basic check */ if ((conf->output_name == NULL) || (conf->xml_filename == NULL)) { usage(argv, conf); } /* open the output_name file */ output_desc = fopen(conf->output_name, "w"); if (!output_desc) { error_("cannot write the file: \"%s\": ", conf->output_name); perror(""); error_("QUITTING!\n"); free(conf); exit(-1); } /* xml parsing of the file */ xml_parsing(conf); /* free the configuration structure */ free(conf); return 0; }
/*---------------------------------------------------------------------------* * NAME: main * DESC: Main Entry Point *---------------------------------------------------------------------------*/ int main(int argc, char **argv) { config *conf; unsigned int first_arg; /* create the configuration structure */ conf = malloc_(sizeof(config)); /* create the adc structure */ conf->adc = malloc_(sizeof(struct struct_adc)); /* initialize the configuration structure */ init_configuration(conf); /* parse the arguments */ first_arg = parsing_args(argc, argv, conf); /* check if selected mode is well defined (dirty) */ if ( /* client mode -> port AND host */ ((conf->mode == 0) && ((conf->port == 0) || (conf->host == NULL))) || /* server mode -> port */ ((conf->mode == 1) && (conf->port == 0)) || /* no file.ad defined */ (argv[first_arg] == NULL) || /* debugger and file */ ((conf->type == 2) && (conf->dbg_mode)) || /* fuzz udp or tcp or file */ ((conf->fuzz_file_dir != NULL) && ((conf->host != NULL) || (conf->port != 0) || (conf->type != 2))) ) { usage(argv, conf); } /* verbose messages */ /* autodafe's debugger */ if (conf->dbg_mode) { verbose_("[*] Autodafe's debugger mode activated.\n"); } /* file mode */ if (conf->type == 2) { verbose_("[*] mode *file* - all fuzzed files will be in %s\n", conf->fuzz_file_dir); } /* network mode */ else { if (conf->mode) { if (!conf->type) /* tcp */ verbose_("[*] mode *server* - listening on port: %d (tcp)\n", conf->port); else /* udp */ verbose_("[*] mode *server* - listening on port: %d (udp)\n", conf->port); } else { if (!conf->type) /* tcp */ verbose_("[*] mode *client* - connection to %s on port: %d (tcp)\n", conf->host, conf->port); else /* udp */ verbose_("[*] mode *client* - connection to %s on port: %d (udp)\n", conf->host, conf->port); } } /* read the file */ if(read_adc_file(conf, argv[first_arg])) goto fuzzer_end; /* ignore the SIGPIPE signal (ie. "Connection closed by foreign host") */ signal(SIGPIPE, sigpipe_handler); /* start the connection with the debugger */ if (conf->dbg_mode) if (dbg_connection(conf)) goto fuzzer_end; /* start the fuzz engine */ fuzz_engine(conf); if (conf->buf_fuzz) free(conf->buf_fuzz); /* free the fuzz buffer (in case of error) */ fuzzer_end: if (conf->adc->buffer) free(conf->adc->buffer); /* free the memory-copy of adc file */ if (conf->adc) free(conf->adc); /* free the adc structure */ if (conf) free(conf); /* free the configuration structure */ return 0; }
/*---------------------------------------------------------------------------* * NAME: fuzz_core * DESC: the heart of the fuzzing function. * * id is the id of the fuzz * filename is the file used to fuzz * weight is the default weight of the fuzz * * RETURN 0 -> don't fuzz. * RETURN struct struct_fuzz *fuzz of the fuzzed value *---------------------------------------------------------------------------*/ struct struct_fuzz *fuzz_core(config *conf, unsigned int id, unsigned char *filename, unsigned int weight) { struct struct_fuzz *fuzz; struct struct_fuzz *prev = NULL; struct struct_source *source; FILE *file; unsigned char *file_content; /* debug */ debug(1, "<-----------------------[enter]\n"); /* check if there is a fuzz structure for this id */ debug(3, "value of conf->fuzz: %p\n", conf->fuzz); for (fuzz=conf->fuzz;fuzz;fuzz=fuzz->next) { prev = fuzz; if (fuzz->id == id) break; } /* there is no entry, we add a new one */ if (!fuzz) { debug(2, "Adding a new fuzz entry\n"); /* malloc_ */ fuzz = malloc_(sizeof(struct struct_fuzz)); /* init the structure */ fuzz->next = NULL; fuzz->source = NULL; fuzz->id = id; fuzz->current = 0; fuzz->weight = weight; /* update previous entry */ if (prev) prev->next = fuzz; /* update if it's the first entry */ if (!conf->fuzz) conf->fuzz = fuzz; /* init total + parse the source files */ fuzz->total = fill_source(fuzz, filename); /* bad (memory leak, but who cares?) */ if (fuzz->total == -1) { exit(-31339); } } /* there is an entry */ else { debug(2, "fuzz[%d] found\n", fuzz->id); /* we are currently fuzzing this structure */ if (conf->fuzz_current == fuzz->id) { /* check if we use the debugger mode, if yes, check if we don't use the bruteforce mode, if yes, check if the weight is > 0, if not fuzz->current = fuzz->total i.e. we don't fuzz this entry */ if ((conf->dbg_mode) && (!conf->bruteforce) && (fuzz->weight <= 0)) { fuzz->current = fuzz->total; verbose_("[!] this fuzz is *NOT* relevant, we don't fuzz id: %d\n", fuzz->id); } /* there is something to fuzz */ if (fuzz->current < fuzz->total) { debug(1, "fuzzing: %d/%d\n", fuzz->current+1, fuzz->total); /* open the file pointed by fuzz->source->filename where id == fuzz->current */ for (source = fuzz->source; source; source = source->next) { debug(3, "source: %p source->id: %d fuzz->current: %d\n", source, source->id, fuzz->current); if (source->id == fuzz->current) { break; } } debug(3,"we catch the source->id: %d and fuzz->current: %d\n", source->id, fuzz->current); debug(3,"try to open the file: \"%s\"\n", source->filename); /* open the file */ file = fopen(source->filename, "r"); /* should never happen */ if (!file) { error_(" ??? cannot read another time this file: \"%s\" ???: ", source->filename); perror(""); error_("QUITTING!\n"); exit(-31337); } /* allocate buffer */ file_content = malloc_(source->size); /* copy the content of the file in the buffer */ if (fread(file_content, source->size, 1, file) <= 0) { error_(" ??? cannot read the content of this file: \"%s\" ???: ", source->filename); perror(""); error_("QUITTING!\n"); exit(-31338); } /* close the file */ fclose(file); /* copy the content in the fuzz buffer */ push_data(conf, file_content, source->size); /* free file_content */ free(file_content); /* update the fuzzer counter */ fuzz->current++; /* debug */ debug(1, "<-----------------------[quit]\n"); return fuzz; } /* we can fuzz the next structure */ conf->fuzz_current++; debug(2, "we have fuzzed all the data for this function...\n"); return 0; } } /* debug */ debug(1, "<-----------------------[quit]\n"); /* we are not currently fuzzing this structure */ return 0; }
static void ant_rlf(gcp_solution_t *sol, gcp_t *problem) {/*{{{*/ int i, j; int colornumber = 0; /* number of colors used */ int colored = 0; /* number of colored vertex */ int v, new_v; /* vertex to be colored */ int nn; /* keep number of non-neighbors of v */ double *probb; /* probabilities for choosing a vertex */ /*{{{*/ static int *degree = NULL; static int **adj = NULL; static int *ctr = NULL; if (!ctr) { degree = malloc_(sizeof(int) * problem->size); adj = malloc_(sizeof(int*) * problem->size); } for (i = 0; i < problem->size; i++) { degree[i] = problem->degree[i]; if (!ctr) { adj[i] = malloc(sizeof(int) * problem->size); } for (j = 0; j < problem->size; j++) { adj[i][j] = problem->adj[i][j]; // adj[j][i] = problem->adj[j][i]; } } ctr = degree; /*}}}*/ while (colored < problem->size) { v = first_vertex(degree, problem->size); sol->color[v] = colornumber; sol->nodes_color[colornumber]++; colored++; nn = problem->size - degree[v] - 1; for (i = 0; i < problem->size; i++) { if (!adj[v][i] && (degree[i] == OUT)) { nn--; } } while (nn > 0) { /* choose new_v, non neighbor of v that is not OUT with probability p */ /* probb = calculate_probbs(v, problem->size, colornumber, degree, adj, sol->color, problem->alpha, problem->beta); new_v = choose_vertex(probb, problem->size); */ new_v = 0; while (v==new_v || (degree[new_v]==OUT) || adj[new_v][v]) new_v++; for (i = new_v; i < problem->size; i++) { if ((i != v) && !adj[v][i] && (degree[i] != OUT) && (degree[i] > degree[new_v])) new_v = i; } sol->color[new_v] = colornumber; sol->nodes_color[colornumber]++; colored++; contract(v, new_v, degree, adj, problem->size, &nn); nn--; } remove_(v, degree, adj, problem->size); colornumber++; } sol->spent_time = current_usertime_secs(); sol->ncolors = colornumber; }/*}}}*/
/*---------------------------------------------------------------------------* * NAME: push_length * DESC: add a length in the linked list length structure *---------------------------------------------------------------------------*/ void push_length(config *conf, unsigned int id, unsigned int type) { struct struct_length *length; struct struct_length *prev = NULL; /* dummy length values */ unsigned int dummy_int = 0xffffffff; unsigned short dummy_short = 0xffff; unsigned char dummy_char = 0xff; /* debug */ debug(1, "<-----------------------[enter]\n"); debug(3," entering push_length\n"); /* go to the last length */ for(length = conf->length;length;length = length->next) { debug(3, "current struct length of block[%d]\n", length->id); prev = length; /* save the preview */ } debug(3," add length structure\n"); /* create a length entry in the linked list */ length = malloc_(sizeof(struct struct_length)); /* update the previous block's field next */ if (prev) prev->next = length; /* fill the other fields */ length->id = id; /* used next to find the struct_block */ length->block = NULL; /* init the struct_block pointer */ length->offset = conf->buf_fuzz_size; /* current size of the buffer */ length->next = NULL; /* init the next pointer */ length->type = type; /* put the correct length type */ /* update if it's the first length */ if (!conf->length) conf->length = length; /* add the correct number of byte in the fuzz buffer */ switch(type) { case HF_BLOCK_SIZE_B_32 : /* big-endian 32bits */ push_data(conf, (unsigned char *) &dummy_int, sizeof(int)); break; case HF_BLOCK_SIZE_L_32 : /* little-endian 32bits */ push_data(conf, (unsigned char *) &dummy_int, sizeof(int)); break; case HF_BLOCK_SIZE_B_16 : /* big-endian 16bits */ push_data(conf, (unsigned char *) &dummy_short, sizeof(short)); break; case HF_BLOCK_SIZE_L_16 : /* little-endian 16bits */ push_data(conf, (unsigned char *) &dummy_short, sizeof(short)); break; case HF_BLOCK_SIZE_8 : /* 8bits */ push_data(conf, &dummy_char, sizeof(char)); break; case HF_BLOCK_SIZE_S_16 : /* string in hexadecimal */ /* don't add bytes in buffer now. See after */ break; case HF_BLOCK_SIZE_S_10 : /* string in decimal */ /* don't add bytes in buffer now. See after */ break; default: /* should never happen */ break; } /* debug */ debug(1, "<-----------------------[quit]\n"); }
void * memdup(void *src, size_t size) { void * r = malloc_(size); memcpy(r, src, size); return r; }
int read_llb(h2fmi_read_boot_page_t read_page, int offset, int size, unsigned char *buf) { int rv = 0; int page = div(offset, LLB_PAGE_SIZE); /*offset / LLB_PAGE_SIZE*/ int start = offset - page * LLB_PAGE_SIZE; /*offset % LLB_PAGE_SIZE*/ #if 0 unsigned char *tmp = malloc_(4096); if (!tmp) { return -1; } for (page += 2; size > 0; page++) { int chunk = size; if (chunk > LLB_PAGE_SIZE - start) { chunk = LLB_PAGE_SIZE - start; } rv = read_page(0, page, tmp); if (rv) { break; } memcpy(buf, tmp + start, chunk); start = 0; buf += chunk; size -= chunk; } #else /* XXX more efficient, but should be used ONLY if read_page reads exactly LLB_PAGE_SIZE bytes */ unsigned char *tmp = NULL; page += 2; if (start) { int chunk = LLB_PAGE_SIZE - start; if (!(tmp = malloc_(LLB_PAGE_SIZE))) return -1; rv = read_page(0, page, tmp); if (rv) { goto err; } memcpy(buf, tmp + start, chunk); buf += chunk; size -= chunk; page++; } for (; size >= LLB_PAGE_SIZE; page++) { rv = read_page(0, page, buf); if (rv) { goto err; } buf += LLB_PAGE_SIZE; size -= LLB_PAGE_SIZE; } if (size) { if (!tmp && !(tmp = malloc_(LLB_PAGE_SIZE))) return -1; rv = read_page(0, page, tmp); if (rv == 0) { memcpy(buf, tmp, size); } } err: #endif free_(tmp); return rv; }