Lines Matching refs:fuzz
51 struct fuzz { struct
95 fuzz_dump(struct fuzz *fuzz) in fuzz_dump() argument
97 u_char *p = fuzz_ptr(fuzz); in fuzz_dump()
98 size_t i, j, len = fuzz_len(fuzz); in fuzz_dump()
100 switch (fuzz->strategy) { in fuzz_dump()
103 fuzz_ntop(fuzz->strategy), in fuzz_dump()
104 fuzz->o1, fuzz->slen * 8, fuzz->o1); in fuzz_dump()
108 fuzz_ntop(fuzz->strategy), in fuzz_dump()
109 (((fuzz_ullong)fuzz->o2) * fuzz->slen * 8) + fuzz->o1, in fuzz_dump()
110 ((fuzz_ullong)fuzz->slen * 8) * fuzz->slen * 8, in fuzz_dump()
111 fuzz->o1, fuzz->o2); in fuzz_dump()
115 fuzz_ntop(fuzz->strategy), in fuzz_dump()
116 fuzz->o1, fuzz->slen, fuzz->o1); in fuzz_dump()
120 fuzz_ntop(fuzz->strategy), in fuzz_dump()
121 (((fuzz_ullong)fuzz->o2) * fuzz->slen) + fuzz->o1, in fuzz_dump()
122 ((fuzz_ullong)fuzz->slen) * fuzz->slen, in fuzz_dump()
123 fuzz->o1, fuzz->o2); in fuzz_dump()
127 fuzz_ntop(fuzz->strategy), in fuzz_dump()
128 fuzz->o1, fuzz->slen, fuzz->o1); in fuzz_dump()
132 fuzz_ntop(fuzz->strategy), in fuzz_dump()
133 fuzz->o1, fuzz->slen, fuzz->o1); in fuzz_dump()
136 assert(fuzz->o2 < sizeof(fuzz_b64chars) - 1); in fuzz_dump()
138 fuzz_ntop(fuzz->strategy), in fuzz_dump()
139 (fuzz->o1 * (fuzz_ullong)64) + fuzz->o2, in fuzz_dump()
140 fuzz->slen * (fuzz_ullong)64, fuzz->o1, in fuzz_dump()
141 fuzz_b64chars[fuzz->o2]); in fuzz_dump()
147 fprintf(stderr, "fuzz context %p len = %zu\n", fuzz, len); in fuzz_dump()
169 struct fuzz *
172 struct fuzz *ret = calloc(sizeof(*ret), 1); in fuzz_begin()
192 fuzz_cleanup(struct fuzz *fuzz) in fuzz_cleanup() argument
194 FUZZ_DBG(("cleanup, fuzz = %p", fuzz)); in fuzz_cleanup()
195 assert(fuzz != NULL); in fuzz_cleanup()
196 assert(fuzz->seed != NULL); in fuzz_cleanup()
197 assert(fuzz->fuzzed != NULL); in fuzz_cleanup()
198 free(fuzz->seed); in fuzz_cleanup()
199 free(fuzz->fuzzed); in fuzz_cleanup()
200 free(fuzz); in fuzz_cleanup()
204 fuzz_strategy_done(struct fuzz *fuzz) in fuzz_strategy_done() argument
207 fuzz, fuzz_ntop(fuzz->strategy), fuzz->o1, fuzz->o2, fuzz->slen)); in fuzz_strategy_done()
209 switch (fuzz->strategy) { in fuzz_strategy_done()
211 return fuzz->o1 >= fuzz->slen * 8; in fuzz_strategy_done()
213 return fuzz->o2 >= fuzz->slen * 8; in fuzz_strategy_done()
215 return fuzz->o2 >= fuzz->slen; in fuzz_strategy_done()
220 return fuzz->o1 >= fuzz->slen; in fuzz_strategy_done()
227 fuzz_next(struct fuzz *fuzz) in fuzz_next() argument
232 "o1 = %zu, o2 = %zu, slen = %zu", fuzz, fuzz_ntop(fuzz->strategy), in fuzz_next()
233 (u_long)fuzz->strategies, fuzz->o1, fuzz->o2, fuzz->slen)); in fuzz_next()
235 if (fuzz->strategy == 0 || fuzz_strategy_done(fuzz)) { in fuzz_next()
237 if (fuzz->fuzzed == NULL) { in fuzz_next()
239 fuzz->fuzzed = calloc(fuzz->slen, 1); in fuzz_next()
244 if ((fuzz->strategies & i) != 0) { in fuzz_next()
245 fuzz->strategy = i; in fuzz_next()
249 FUZZ_DBG(("selected = %u", fuzz->strategy)); in fuzz_next()
250 if (fuzz->strategy == 0) { in fuzz_next()
254 fuzz->strategies &= ~(fuzz->strategy); in fuzz_next()
255 fuzz->o1 = fuzz->o2 = 0; in fuzz_next()
258 assert(fuzz->fuzzed != NULL); in fuzz_next()
260 switch (fuzz->strategy) { in fuzz_next()
262 assert(fuzz->o1 / 8 < fuzz->slen); in fuzz_next()
263 memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen); in fuzz_next()
264 fuzz->fuzzed[fuzz->o1 / 8] ^= 1 << (fuzz->o1 % 8); in fuzz_next()
265 fuzz->o1++; in fuzz_next()
268 assert(fuzz->o1 / 8 < fuzz->slen); in fuzz_next()
269 assert(fuzz->o2 / 8 < fuzz->slen); in fuzz_next()
270 memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen); in fuzz_next()
271 fuzz->fuzzed[fuzz->o1 / 8] ^= 1 << (fuzz->o1 % 8); in fuzz_next()
272 fuzz->fuzzed[fuzz->o2 / 8] ^= 1 << (fuzz->o2 % 8); in fuzz_next()
273 fuzz->o1++; in fuzz_next()
274 if (fuzz->o1 >= fuzz->slen * 8) { in fuzz_next()
275 fuzz->o1 = 0; in fuzz_next()
276 fuzz->o2++; in fuzz_next()
280 assert(fuzz->o1 < fuzz->slen); in fuzz_next()
281 memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen); in fuzz_next()
282 fuzz->fuzzed[fuzz->o1] ^= 0xff; in fuzz_next()
283 fuzz->o1++; in fuzz_next()
286 assert(fuzz->o1 < fuzz->slen); in fuzz_next()
287 assert(fuzz->o2 < fuzz->slen); in fuzz_next()
288 memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen); in fuzz_next()
289 fuzz->fuzzed[fuzz->o1] ^= 0xff; in fuzz_next()
290 fuzz->fuzzed[fuzz->o2] ^= 0xff; in fuzz_next()
291 fuzz->o1++; in fuzz_next()
292 if (fuzz->o1 >= fuzz->slen) { in fuzz_next()
293 fuzz->o1 = 0; in fuzz_next()
294 fuzz->o2++; in fuzz_next()
299 assert(fuzz->o1 < fuzz->slen); in fuzz_next()
300 memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen); in fuzz_next()
301 fuzz->o1++; in fuzz_next()
304 assert(fuzz->o1 < fuzz->slen); in fuzz_next()
305 assert(fuzz->o2 < sizeof(fuzz_b64chars) - 1); in fuzz_next()
306 memcpy(fuzz->fuzzed, fuzz->seed, fuzz->slen); in fuzz_next()
307 fuzz->fuzzed[fuzz->o1] = fuzz_b64chars[fuzz->o2]; in fuzz_next()
308 fuzz->o2++; in fuzz_next()
309 if (fuzz->o2 >= sizeof(fuzz_b64chars) - 1) { in fuzz_next()
310 fuzz->o2 = 0; in fuzz_next()
311 fuzz->o1++; in fuzz_next()
319 "o1 = %zu, o2 = %zu, slen = %zu", fuzz, fuzz_ntop(fuzz->strategy), in fuzz_next()
320 (u_long)fuzz->strategies, fuzz->o1, fuzz->o2, fuzz->slen)); in fuzz_next()
324 fuzz_done(struct fuzz *fuzz) in fuzz_done() argument
326 FUZZ_DBG(("fuzz = %p, strategies = 0x%lx", fuzz, in fuzz_done()
327 (u_long)fuzz->strategies)); in fuzz_done()
329 return fuzz_strategy_done(fuzz) && fuzz->strategies == 0; in fuzz_done()
333 fuzz_len(struct fuzz *fuzz) in fuzz_len() argument
335 assert(fuzz->fuzzed != NULL); in fuzz_len()
336 switch (fuzz->strategy) { in fuzz_len()
342 return fuzz->slen; in fuzz_len()
345 assert(fuzz->o1 <= fuzz->slen); in fuzz_len()
346 return fuzz->slen - fuzz->o1; in fuzz_len()
353 fuzz_ptr(struct fuzz *fuzz) in fuzz_ptr() argument
355 assert(fuzz->fuzzed != NULL); in fuzz_ptr()
356 switch (fuzz->strategy) { in fuzz_ptr()
362 return fuzz->fuzzed; in fuzz_ptr()
364 assert(fuzz->o1 <= fuzz->slen); in fuzz_ptr()
365 return fuzz->fuzzed + fuzz->o1; in fuzz_ptr()
367 assert(fuzz->o1 <= fuzz->slen); in fuzz_ptr()
368 return fuzz->fuzzed; in fuzz_ptr()