summaryrefslogtreecommitdiffstats
path: root/tools/fuzzing/faulty/Faulty.h
diff options
context:
space:
mode:
Diffstat (limited to 'tools/fuzzing/faulty/Faulty.h')
-rw-r--r--tools/fuzzing/faulty/Faulty.h136
1 files changed, 136 insertions, 0 deletions
diff --git a/tools/fuzzing/faulty/Faulty.h b/tools/fuzzing/faulty/Faulty.h
new file mode 100644
index 0000000000..922f4d7c2d
--- /dev/null
+++ b/tools/fuzzing/faulty/Faulty.h
@@ -0,0 +1,136 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_ipc_Faulty_h
+#define mozilla_ipc_Faulty_h
+
+#include <set>
+#include <string>
+#include <vector>
+#include "base/string16.h"
+#include "nsDebug.h"
+#include "nsTArray.h"
+#include "mozilla/UniquePtr.h"
+
+#ifdef IsLoggingEnabled
+// This is defined in the Windows SDK urlmon.h
+# undef IsLoggingEnabled
+#endif
+
+#define FAULTY_DEFAULT_PROBABILITY 1000
+#define FAULTY_DEFAULT_MUTATION_FACTOR 10
+#define FAULTY_LOG(fmt, args...) \
+ if (mozilla::ipc::Faulty::IsLoggingEnabled()) { \
+ printf_stderr("[Faulty] (%10u) " fmt "\n", getpid(), ##args); \
+ }
+
+namespace IPC {
+// Needed for blacklisting messages.
+class Message;
+class MessageReader;
+class MessageWriter;
+} // namespace IPC
+
+namespace mozilla {
+namespace ipc {
+
+class Faulty {
+ public:
+ // Used as a default argument for the Fuzz|datatype| methods.
+ static unsigned int DefaultProbability();
+ static bool IsLoggingEnabled(void);
+ static std::vector<uint8_t> GetDataFromIPCMessage(IPC::Message* aMsg);
+ static nsresult CreateOutputDirectory(const char* aPathname);
+ static nsresult ReadFile(const char* aPathname, nsTArray<nsCString>& aArray);
+ static void CopyFDs(IPC::Message* aDstMsg, IPC::Message* aSrcMsg);
+
+ static Faulty& instance();
+
+ // Fuzzing methods for Pickle.
+ void FuzzBool(bool* aValue, unsigned int aProbability = DefaultProbability());
+ void FuzzChar(char* aValue, unsigned int aProbability = DefaultProbability());
+ void FuzzUChar(unsigned char* aValue,
+ unsigned int aProbability = DefaultProbability());
+ void FuzzInt16(int16_t* aValue,
+ unsigned int aProbability = DefaultProbability());
+ void FuzzUInt16(uint16_t* aValue,
+ unsigned int aProbability = DefaultProbability());
+ void FuzzInt(int* aValue, unsigned int aProbability = DefaultProbability());
+ void FuzzUInt32(uint32_t* aValue,
+ unsigned int aProbability = DefaultProbability());
+ void FuzzLong(long* aValue, unsigned int aProbability = DefaultProbability());
+ void FuzzULong(unsigned long* aValue,
+ unsigned int aProbability = DefaultProbability());
+ void FuzzInt64(int64_t* aValue,
+ unsigned int aProbability = DefaultProbability());
+ void FuzzUInt64(uint64_t* aValue,
+ unsigned int aProbability = DefaultProbability());
+ void FuzzFloat(float* aValue,
+ unsigned int aProbability = DefaultProbability());
+ void FuzzDouble(double* aValue,
+ unsigned int aProbability = DefaultProbability());
+ void FuzzString(std::string& aValue,
+ unsigned int aProbability = DefaultProbability());
+ void FuzzWString(std::wstring& aValue,
+ unsigned int aProbability = DefaultProbability());
+ void FuzzBytes(void* aData, int aLength,
+ unsigned int aProbability = DefaultProbability());
+
+ // Fuzzing methods for pipe fuzzing.
+ void MaybeCollectAndClosePipe(
+ int aPipe, unsigned int aProbability = DefaultProbability());
+
+ // Fuzzing methods for message blob fuzzing.
+ void DumpMessage(const char* aChannel, IPC::Message* aMsg,
+ std::string aAppendix = nullptr);
+ bool IsMessageNameBlacklisted(const char* aMessageName);
+ UniquePtr<IPC::Message> MutateIPCMessage(
+ const char* aChannel, UniquePtr<IPC::Message> aMsg,
+ unsigned int aProbability = DefaultProbability());
+
+ void LogMessage(const char* aChannel, IPC::Message* aMsg);
+
+ private:
+ std::set<int> mFds;
+
+ const bool mFuzzMessages;
+ const bool mFuzzPipes;
+ const bool mFuzzPickle;
+ const bool mUseLargeValues;
+ const bool mUseAsWhitelist;
+ const bool mIsValidProcessType;
+
+ const char* mMessagePath;
+ const char* mBlacklistPath;
+
+ size_t sMsgCounter;
+
+ Faulty();
+ DISALLOW_EVIL_CONSTRUCTORS(Faulty);
+
+ static bool IsValidProcessType(void);
+ static uint32_t MutationFactor();
+
+ // Fuzzing methods for Pickle
+ void MutateBool(bool* aValue);
+ void MutateChar(char* aValue);
+ void MutateUChar(unsigned char* aValue);
+ void MutateInt16(int16_t* aValue);
+ void MutateUInt16(uint16_t* aValue);
+ void MutateInt(int* aValue);
+ void MutateUInt32(uint32_t* aValue);
+ void MutateLong(long* aValue);
+ void MutateULong(unsigned long* aValue);
+ void MutateInt64(int64_t* aValue);
+ void MutateUInt64(uint64_t* aValue);
+ void MutateFloat(float* aValue);
+ void MutateDouble(double* aValue);
+};
+
+} // namespace ipc
+} // namespace mozilla
+
+#endif