mirror of
https://github.com/reactos/syzkaller.git
synced 2024-11-30 14:50:36 +00:00
77c702cf1a
Prevents corpus explosion with corrupted coverage data. The two parallel runs of: `doas ./syz-execprog -cover -coverfile /tmp/{fixed,unfixed} r.syz` show markedly different coverage pictures: unfixed: ``` 2019/01/12 13:55:38 parsed 1 programs 2019/01/12 13:55:38 executed programs: 0 2019/01/12 13:55:38 call #0: signal 821, coverage 2438 2019/01/12 13:55:38 call #1: signal 243, coverage 1363 2019/01/12 13:55:38 call #2: signal 502, coverage 1993 2019/01/12 13:55:38 call #3: signal 15, coverage 44 2019/01/12 13:55:38 call #4: signal 335, coverage 8196 ``` fixed: ``` 2019/01/12 13:51:57 parsed 1 programs 2019/01/12 13:51:57 executed programs: 0 2019/01/12 13:51:57 call #0: signal 837, coverage 2491 2019/01/12 13:51:57 call #1: signal 241, coverage 1341 2019/01/12 13:51:57 call #2: signal 27, coverage 61 2019/01/12 13:51:57 call #3: signal 13, coverage 44 2019/01/12 13:51:57 call #4: signal 39, coverage 299 ``` The contents of `r.syz` is ``` mknod(&(0x7f0000000180)='./file0\x00', 0x2006, 0x10000016e8) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x10, r0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000002480)=[{&(0x7f0000001480)="<junk>", 0x573}], 0x1) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)) ``` So, it's the final lstat which was getting that extra coverage. In particular, the end of unfixed.4 has some 4734 values 0xffffffff00000000. |
||
---|---|---|
.. | ||
gen | ||
fs_amd64.const | ||
fs.txt | ||
init.go | ||
ipc_amd64.const | ||
ipc.txt | ||
kqueue_amd64.const | ||
kqueue.txt | ||
mm_amd64.const | ||
mm.txt | ||
socket_amd64.const | ||
socket_inet6_amd64.const | ||
socket_inet6.txt | ||
socket_inet_amd64.const | ||
socket_inet.txt | ||
socket_unix_amd64.const | ||
socket_unix.txt | ||
socket.txt | ||
sys_amd64.const | ||
sys.txt | ||
tty_amd64.const | ||
tty.txt | ||
vnet.txt |