diff --git a/doc/zzuf.1 b/doc/zzuf.1 index 891ea85..2e6602e 100644 --- a/doc/zzuf.1 +++ b/doc/zzuf.1 @@ -322,7 +322,7 @@ which can be private libc symbols, too: Unix file descriptor handling: \fBopen\fR(), \fBlseek\fR(), \fBread\fR(), \fBreadv\fR(), \fBpread\fR(), \fBaccept\fR(), \fBsocket\fR(), \fBrecv\fR(), \fBrecvfrom\fR(), \fBrecvmsg\fR(), -\fBclose\fR() +\fBaio_read\fR(), \fBaio_return\fR(), \fBclose\fR() .TP Standard IO streams: \fBfopen\fR(), \fBfreopen\fR(), \fBfseek\fR(), \fBfseeko\fR(), \fBrewind\fR(), diff --git a/src/fuzz.c b/src/fuzz.c index 2fa3b78..b205aee 100644 --- a/src/fuzz.c +++ b/src/fuzz.c @@ -52,11 +52,11 @@ void _zz_refuse(char const *list) readchars(refuse, list); } -void _zz_fuzz(int fd, uint8_t *buf, uint64_t len) +void _zz_fuzz(int fd, volatile uint8_t *buf, uint64_t len) { uint64_t start, stop; struct fuzz *fuzz; - uint8_t *aligned_buf; + volatile uint8_t *aligned_buf; unsigned long int pos = _zz_getpos(fd); unsigned int i, j, todo; diff --git a/src/fuzz.h b/src/fuzz.h index 1562dd3..8f4db43 100644 --- a/src/fuzz.h +++ b/src/fuzz.h @@ -19,5 +19,5 @@ extern void _zz_protect(char const *); extern void _zz_refuse(char const *); -extern void _zz_fuzz(int, uint8_t *, uint64_t); +extern void _zz_fuzz(int, volatile uint8_t *, uint64_t); diff --git a/src/lib-fd.c b/src/lib-fd.c index 7f1cbfb..f836a27 100644 --- a/src/lib-fd.c +++ b/src/lib-fd.c @@ -41,6 +41,7 @@ #include #include #include +#include #include "libzzuf.h" #include "lib-load.h" @@ -73,6 +74,8 @@ static int (*recvmsg_orig) (int s, struct msghdr *hdr, int flags); static ssize_t (*read_orig) (int fd, void *buf, size_t count); static ssize_t (*readv_orig) (int fd, const struct iovec *iov, int count); static ssize_t (*pread_orig) (int fd, void *buf, size_t count, off_t offset); +static int (*aio_read_orig) (struct aiocb *aiocbp); +static ssize_t (*aio_return_orig) (struct aiocb *aiocbp); static off_t (*lseek_orig) (int fd, off_t offset, int whence); #ifdef HAVE_LSEEK64 static off64_t (*lseek64_orig) (int fd, off64_t offset, int whence); @@ -344,6 +347,53 @@ off64_t lseek64(int fd, off64_t offset, int whence) } #endif +int aio_read(struct aiocb *aiocbp) +{ + int ret; + int fd = aiocbp->aio_fildes; + + LOADSYM(aio_read); + if(!_zz_ready || !_zz_iswatched(fd) || _zz_disabled) + return aio_read_orig(aiocbp); + + _zz_disabled = 1; + ret = aio_read_orig(aiocbp); + + debug("%s({%i, %i, %i, %p, %li, ..., %li}) = %i", __func__, + fd, aiocbp->aio_lio_opcode, aiocbp->aio_reqprio, aiocbp->aio_buf, + (long int)aiocbp->aio_nbytes, (long int)aiocbp->aio_offset, ret); + + return ret; +} + +ssize_t aio_return(struct aiocb *aiocbp) +{ + ssize_t ret; + int fd = aiocbp->aio_fildes; + + LOADSYM(aio_return); + if(!_zz_ready || !_zz_iswatched(fd)) + return aio_return_orig(aiocbp); + + ret = aio_return_orig(aiocbp); + _zz_disabled = 0; + + /* FIXME: make sure we’re actually *reading* */ + if(ret > 0) + { + _zz_setpos(fd, aiocbp->aio_offset); + _zz_fuzz(fd, aiocbp->aio_buf, ret); + _zz_addpos(fd, ret); + } + + debug("%s({%i, %i, %i, %p, %li, ..., %li}) = %li", __func__, + fd, aiocbp->aio_lio_opcode, aiocbp->aio_reqprio, aiocbp->aio_buf, + (long int)aiocbp->aio_nbytes, (long int)aiocbp->aio_offset, + (long int)ret); + + return ret; +} + int close(int fd) { int ret; @@ -365,7 +415,7 @@ int close(int fd) /* XXX: the following functions are local */ -static void fuzz_iovec (int fd, const struct iovec *iov, ssize_t ret) +static void fuzz_iovec(int fd, const struct iovec *iov, ssize_t ret) { /* NOTE: We assume that iov countains at least bytes. */ while(ret > 0)