search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
factor out the stuck syscall info to own function
[trinity.git] / interesting-numbers.c
blobd639605d86fd2a429467cfce18f475cd607a4827
1 #include <stdio.h>
2 #include <stdlib.h>
3 #include "arch.h"
4 #include "log.h" // for BUG
5 #include "random.h"
6 #include "sanitise.h"
7 #include "trinity.h" // page_size
8
9 unsigned int get_interesting_32bit_value(void)
10 {
11 switch (rand() % 11) {
12
13 /* common case, return small values*/
14 case 0 ... 7:
15 switch (rand() % 9) {
16 case 0: return 0x00000000;
17 case 1: return 0x00000001;
18 case 2: return rand() % 256;
19 case 3: return 0x00000fff; // 4095
20 case 4: return 0x00001000; // 4096
21 case 5: return 0x00001001; // 4097
22 case 6: return 0x00008000;
23 case 7: return 0x0000fffe;
24 case 8: return 0x0000ffff;
25 default:
26 BUG("unreachable!\n");
27 return 0;
28 }
29 break;
30
31 /* less common case, go crazy */
32 case 8 ... 10:
33 switch (rand() % 15) {
34 case 0: return 0x00010000;
35 case 1: return 0x0fffffff;
36 case 2: return 0x40000000;
37 case 3: return 0x7fffffff;
38 case 4: return 0x80000000;
39 case 5: return 0x80000001;
40 case 6: return 0x8fffffff;
41 case 7: return 0xc0000000;
42 case 8: return 0xf0000000;
43 case 9: return 0xff000000;
44 case 10: return 0xffff0000;
45 case 11: return 0xffffe000;
46 case 12: return 0xffffff00 | (rand() % 256);
47 case 13: return 0xffffffff;
48 case 14: return 0xffffffff - page_size;
49 default:
50 BUG("unreachable!\n");
51 return 0;
52 }
53 break;
54
55 default:
56 BUG("unreachable!\n");
57 break;
58 }
59
60 BUG("unreachable!\n");
61 return 0;
62 }
63
64 #if __WORDSIZE != 32
65 static unsigned long per_arch_interesting_addr(unsigned long low)
66 {
67 int i = 0;
68
69 #if defined(__x86_64__)
70 i = rand() % 4;
71
72 switch (i) {
73 case 0: return 0x00007fffffffffffUL; // x86-64 canonical addr end.
74 case 1: return 0x0000800000000000UL; // First x86-64 non-canonical addr
75 case 2: return 0xffff800000000000UL | (low << 4); // x86-64 canonical addr range 2 begin
76 case 3: return VDSO_ADDR | (low & 0x0fffff);
77 default:
78 BUG("unreachable!\n");
79 break;
80 }
81 #endif
82
83 // FIXME: Add more arch specific addresses here.
84
85 return i | low;
86 }
87 #endif /* __WORDSIZE */
88
89 unsigned long get_interesting_value(void)
90 {
91 #if __WORDSIZE == 32
92 return get_interesting_32bit_value();
93 #else
94 unsigned long low = 0;
95
96 if (rand_bool())
97 low = get_interesting_32bit_value();
98
99 switch (rand() % 13) {
100 case 0: return 0;
101 case 1: return low;
102 case 2: return 0x0000000100000000UL | low;
103 case 3: return 0x7fffffff00000000UL | low;
104 case 4: return 0x8000000000000000UL | low;
105 case 5: return 0xffffffff00000000UL | low;
106 case 6: return 0xffffffffffffff00UL | (rand() % 256);
107 case 7: return 0xffffffffffffffffUL - page_size;
108 case 8: return PAGE_OFFSET | (low << 4);
109 case 9: return KERNEL_ADDR | (low & 0xffffff);
110 case 10: return MODULE_ADDR | (low & 0xffffff);
111 case 11: return per_arch_interesting_addr(low);
112 case 12: return (low << 32);
113 default: break;
114 }
115 BUG("unreachable!\n");
116 return 0;
117 #endif /* __WORDSIZE */
118 }
Linux systemcall fuzzer