image-fuzzer: Return bytes objects on string fuzzing functions (71858451) · Commits · SUMMER2020 / students / proj-2021291

tests/image-fuzzer/qcow2/fuzz.py

+21 −21

Original line number	Diff line number	Diff line
		@@ -36,11 +36,11 @@ UINT32_V = [0, 0x100, 0x1000, 0x10000, 0x100000, UINT32//4, UINT32//2 - 1,
		UINT64_V = UINT32_V + [0x1000000, 0x10000000, 0x100000000, UINT64//4,
		UINT64//2 - 1, UINT64//2, UINT64//2 + 1, UINT64 - 1,
		UINT64]
		STRING_V = ['%s%p%x%d', '.1024d', '%.2049d', '%p%p%p%p', '%x%x%x%x',
		'%d%d%d%d', '%s%s%s%s', '%99999999999s', '%08x', '%%20d', '%%20n',
		'%%20x', '%%20s', '%s%s%s%s%s%s%s%s%s%s', '%p%p%p%p%p%p%p%p%p%p',
		'%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%',
		'%s x 129', '%x x 257']
		BYTES_V = [b'%s%p%x%d', b'.1024d', b'%.2049d', b'%p%p%p%p', b'%x%x%x%x',
		b'%d%d%d%d', b'%s%s%s%s', b'%99999999999s', b'%08x', b'%%20d', b'%%20n',
		b'%%20x', b'%%20s', b'%s%s%s%s%s%s%s%s%s%s', b'%p%p%p%p%p%p%p%p%p%p',
		b'%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%',
		b'%s x 129', b'%x x 257']


		def random_from_intervals(intervals):
		@@ -76,12 +76,12 @@ def random_bits(bit_ranges):
		return val


		def truncate_string(strings, length):
		"""Return strings truncated to specified length."""
		if type(strings) == list:
		return [s[:length] for s in strings]
		def truncate_bytes(sequences, length):
		"""Return sequences truncated to specified length."""
		if type(sequences) == list:
		return [s[:length] for s in sequences]
		else:
		return strings[:length]
		return sequences[:length]


		def validator(current, pick, choices):
		@@ -110,12 +110,12 @@ def bit_validator(current, bit_ranges):
		return validator(current, random_bits, bit_ranges)


		def string_validator(current, strings):
		"""Return a random string value from the list not equal to the current.
		def bytes_validator(current, sequences):
		"""Return a random bytes value from the list not equal to the current.

		This function is useful for selection from valid values except current one.
		"""
		return validator(current, random.choice, strings)
		return validator(current, random.choice, sequences)


		def selector(current, constraints, validate=int_validator):
		@@ -283,9 +283,9 @@ def header_length(current):
		def bf_name(current):
		"""Fuzz the backing file name."""
		constraints = [
		truncate_string(STRING_V, len(current))
		truncate_bytes(BYTES_V, len(current))
		]
		return selector(current, constraints, string_validator)
		return selector(current, constraints, bytes_validator)


		def ext_magic(current):
		@@ -303,10 +303,10 @@ def ext_length(current):
		def bf_format(current):
		"""Fuzz backing file format in the corresponding header extension."""
		constraints = [
		truncate_string(STRING_V, len(current)),
		truncate_string(STRING_V, (len(current) + 7) & ~7) # Fuzz padding
		truncate_bytes(BYTES_V, len(current)),
		truncate_bytes(BYTES_V, (len(current) + 7) & ~7) # Fuzz padding
		]
		return selector(current, constraints, string_validator)
		return selector(current, constraints, bytes_validator)


		def feature_type(current):
		@@ -324,10 +324,10 @@ def feature_bit_number(current):
		def feature_name(current):
		"""Fuzz feature name field of a feature name table header extension."""
		constraints = [
		truncate_string(STRING_V, len(current)),
		truncate_string(STRING_V, 46) # Fuzz padding (field length = 46)
		truncate_bytes(BYTES_V, len(current)),
		truncate_bytes(BYTES_V, 46) # Fuzz padding (field length = 46)
		]
		return selector(current, constraints, string_validator)
		return selector(current, constraints, bytes_validator)


		def l1_entry(current):