-
-
Save JFreegman/cc08d2f68a48bc34ff57 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* Returns true if the byte should be randomized based on a probability calculated with the fuzz-factor f. | |
* | |
* f is a value between 0 and 100, where 100 means the byte is guaranteed to be randomized. | |
* The value will change every clock tick (based on the f we supply), but will remain constant during | |
* the creation of a single packet so that entire packets may be fuzzed with the same f. This is used in | |
* favour of a constant value in order to test the largest possible range in a single session. | |
*/ | |
static bool fuzz_this_byte(unsigned short f) | |
{ | |
return random_int_range(101) <= f; | |
} | |
/* Fuzzes a group packet and adds num_extra random bytes to the end. | |
* | |
* Fuzzing will begin after the hash id (offset of HASH_ID_BYTES) as all packets will fail the initial | |
* integrity check otherwise, which would give us no better code coverage than level 1. | |
* | |
* Returns length of fuzzed packet or 0 if packet is too small to be fuzzed. | |
*/ | |
static uint32_t fuzz_gc_packet(uint8_t *packet, uint32_t length, uint32_t num_extra, size_t max_size) | |
{ | |
if (length <= HASH_ID_BYTES) | |
return 0; | |
unsigned short f = unix_time() % 101; | |
uint32_t i, real_len = length; | |
for (i = HASH_ID_BYTES; i < length; ++i) { | |
if (fuzz_this_byte(f)) | |
packet[i] = rand(); | |
} | |
/* occasionally truncate a few bytes to test boundaries */ | |
if (random_int_range(10) == 0) | |
return length - 1 - random_int_range(3); | |
for (i = length; i < num_extra && i < max_size; ++i) { | |
packet[i] = rand(); | |
++real_len; | |
} | |
return real_len; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment