Commits

Anonymous committed 5911f18

Add stress test

Comments (0)

Files changed (3)

hachoir-tools/fuzzer/mangle.c

+/*
+  trivial binary file fuzzer by Ilja van Sprundel.
+  It's usage is very simple, it takes a filename and headersize
+  as input. it will then change approximatly between 0 and 10% of
+  the header with random bytes (biased towards the highest bit set)
+
+  obviously you need a bash script or something as a wrapper !
+
+  so far this broke: - libmagic (used file)
+                     - preview (osX pdf viewer)
+		     - xpdf (hang, not a crash ...)
+		     - mach-o loading (osX 10.3.7, seems to be fixed later)
+		     - qnx elf loader (panics almost instantly, yikes !)
+		     - FreeBSD elf loading
+		     - openoffice
+		     - amp
+		     - osX image loading (.dmg)
+		     - libbfd (used objdump)
+		     - libtiff (used tiff2pdf)
+		     - xine (division by 0, took 20 minutes of fuzzing)
+		     - OpenBSD elf loading (3.7 on a sparc)
+		     - unixware 713 elf loading
+		     - DragonFlyBSD elf loading
+		     - solaris 10 elf loading
+		     - cistron-radiusd
+		     - linux ext2fs (2.4.29) image loading (division by 0)
+		     - linux reiserfs (2.4.29) image loading (instant panic !!!)
+		     - linux jfs (2.4.29) image loading (long (uninteruptable) loop, 2 oopses)
+		     - linux xfs (2.4.29) image loading (instant panic)
+		     - windows macromedia flash .swf loading (obviously the windows version of mangle needs a few tweaks to work ...)
+		     - Quicktime player 7.0.1 for MacOS X
+		     - totem
+		     - gnumeric
+                     - vlc
+                     - mplayer
+                     - python bytecode interpreter
+                     - realplayer 10.0.6.776 (GOLD)
+                     - dvips
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/mman.h>
+#include <fcntl.h>
+
+#define DEFAULT_HEADER_SIZE 1024
+#define DEFAULT_NAME "test2"
+
+int getseed(void) {
+	int fd = open("/dev/urandom", O_RDONLY);
+	int r;
+	if (fd < 0) {
+		perror("open");
+		exit(0);
+	}
+	read(fd, &r, sizeof(r));
+	close(fd);
+	return(r);
+}
+
+int main(int argc, char **argv) {
+
+	int fd;
+	char *p, *name;
+	unsigned char c;
+	unsigned int count, i, off, hsize;
+
+	if (argc < 2) {
+		hsize = DEFAULT_HEADER_SIZE;
+		name = DEFAULT_NAME;
+	} else if (argc < 3) {
+		hsize = DEFAULT_HEADER_SIZE;
+		name = argv[1];
+	} else {
+		hsize = atoi(argv[2]);
+		name = argv[1];
+	}
+	fd = open(name, O_RDWR);
+	if (fd < 0) {
+		perror("open");
+		exit(0);
+	}
+	p = mmap(0, hsize, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
+	if ((int) p == -1) {
+		perror("mmap");
+		close(fd);
+		exit(0);
+	}
+	srand(getseed());
+	count = (unsigned) rand() % (hsize / 10);
+	for (i = 0; i < count; i++) {
+		off = rand() % hsize;
+		c = rand() % 256;
+		/* we want the highest bit set more often, in case of signedness issues */
+		if ( (rand() % 2) && c < 128) c |= 0x80;
+		p[off] = c;
+	}
+	close(fd);
+	munmap(p, hsize);
+}

hachoir-tools/fuzzer/stress.sh

+#!/bin/bash
+
+TEST_FILES=/home/haypo/mytestcase/ExifTool/
+TEST_FILES=~/mytestcase
+TEST_FILES=~/waves
+TEST_FILES=~/mytestcase2/Metadata
+TEST_FILES=~/mytestcase2
+TEST_FILES=~/testcase
+GOTCHA=$PWD/error
+MANGLE=$PWD/mangle
+PROG="hachoir-grep --all --quiet"
+MAX_BLOCK=1000
+PROG="hachoir-metadata --quiet"
+MAX_BLOCK=100
+
+if [ ! -e $MANGLE ]; then
+    gcc mangle.c -o $MANGLE
+fi
+
+if [ ! -e $GOTCHA ]; then
+    echo "mkdir $GOTCHA"
+    mkdir -p $GOTCHA
+fi
+
+if [ $(find $TEST_FILES -maxdepth 1 -type f|wc -l) -eq 0 ]; then
+    echo "Empty directory $TEST_FILES"
+    exit 1
+fi
+
+# Nice
+snice 19
+
+trap 'rm -f "$FILE" ; exit 0' INT
+
+i=0
+while true
+do
+	while true
+	do
+		FILE=`(cd $TEST_FILES; find . -maxdepth 1 -type f) | perl -ne'rand($.)<=1&&($r=$_);END{print$r}'`
+                FILE=$(basename "$FILE")
+                echo "total: "$(ls $GOTCHA|wc -l)" error -- test file: $FILE"
+		dd if="$TEST_FILES/$FILE" of="$FILE" count=$MAX_BLOCK 2>/dev/null && \
+		$MANGLE "$FILE" $(wc -c "$FILE") && \
+		$PROG "$FILE" 2>&1 > /dev/null \
+		| grep -q Traceback && break
+		rm "$FILE"
+	done
+	((i=$i+1))
+	SHA=`sha1sum "$FILE" | awk '{print $1}'`
+	mv "$FILE" "$GOTCHA/$SHA"
+	echo "=> ERROR: $FILE"
+done
+

hachoir-tools/hachoir-subfile

             self.current_offset//8, humanFilesize(self.current_offset//8))
         size = (self.current_offset - self.start_offset) // 8
         duration = time() - self.main_start
-        if 0.5 < duration:
+        if 0.1 <= duration:
             print >>sys.stderr, "Total time: %s -- global rate: %s/sec" % (
                 humanDuration(duration*1000), humanFilesize(size // duration))