From e90b4dc283f6862d372ecbb86f02c12889ac48f6 Mon Sep 17 00:00:00 2001
From: Sam Hocevar <sam@hocevar.net>
Date: Tue, 9 Jan 2007 10:05:47 +0000
Subject: [PATCH]   * Rename -B/--max-bytes to -O/--max-output so that we can
 implement -A/-B.

---
 doc/zzuf.1 | 16 ++++++++--------
 src/zzuf.c | 20 ++++++++++----------
 2 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/doc/zzuf.1 b/doc/zzuf.1
index e05515a..572059f 100644
--- a/doc/zzuf.1
+++ b/doc/zzuf.1
@@ -4,7 +4,7 @@ zzuf \- multiple purpose fuzzer
 .SH SYNOPSIS
 \fBzzuf\fR [\fB\-cdiMnqS\fR] [\fB\-r\fR \fIratio\fR] [\fB\-s\fR \fIseed\fR | \fB\-s\fR \fIstart:stop\fR]
 .br
-                [\fB\-F\fR \fIforks\fR] [\fB\-C\fR \fIcrashes\fR] [\fB\-B\fR \fIbytes\fR] [\fB\-T\fR \fIseconds\fR]
+                [\fB\-F\fR \fIforks\fR] [\fB\-C\fR \fIcrashes\fR] [\fB\-O\fR \fIbytes\fR] [\fB\-T\fR \fIseconds\fR]
 .br
                 [\fB\-P\fR \fIprotect\fR] [\fB\-R\fR \fIrefuse\fR]
 .br
@@ -30,7 +30,7 @@ If you want to specify flags for your application, put a \(oq\fB\-\-\fR\(cq
 marker before them on the command line (otherwise \fBzzuf\fR will try to
 interpret them as arguments for itself), eg:
 .PP
-\fB    zzuf \-B 1000 cat \-\- \-v /dev/zero\fR
+\fB    zzuf \-O 1000 cat \-\- \-v /dev/zero\fR
 .PP
 When no program is specified, \fBzzuf\fR simply fuzzes the standard input, as
 if the \fBcat\fR utility had been called:
@@ -38,11 +38,6 @@ if the \fBcat\fR utility had been called:
 \fB    zzuf < /dev/zero\fR
 .SH OPTIONS
 .TP
-\fB\-B\fR, \fB\-\-max\-bytes\fR=\fIn\fR
-Automatically terminate child processes that output more than \fIn\fR bytes
-on the standard output and standard error channels. This is useful to detect
-infinite loops. See also the \fB\-T\fR flag.
-.TP
 \fB\-c\fR, \fB\-\-cmdline\fR
 Only fuzz files whose name is specified in the target application's command
 line. This is mostly a shortcut to avoid specifiying twice the argument:
@@ -101,6 +96,11 @@ of that output. The standard error channel is left untouched.
 \fB\-n\fR, \fB\-\-network\fR
 Fuzz the application's network input. By default \fBzzuf\fR only fuzzes files.
 .TP
+\fB\-O\fR, \fB\-\-max\-output\fR=\fIn\fR
+Automatically terminate child processes that output more than \fIn\fR bytes
+on the standard output and standard error channels. This is useful to detect
+infinite loops. See also the \fB\-T\fR flag.
+.TP
 \fB\-P\fR, \fB\-\-protect\fR=\fIlist\fR
 Protect a list of characters so that if they appear in input data that would
 normally be fuzzed, they are left unmodified instead.
@@ -186,7 +186,7 @@ how to set such limits.
 \fB\-T\fR, \fB\-\-max\-time\fR=\fIn\fR
 Automatically terminate child processes that run for more than \fIn\fR
 seconds. This is useful to detect infinite loops or processes stuck in other
-situations. See also the \fB\-B\fR flag.
+situations. See also the \fB\-O\fR flag.
 .TP
 \fB\-h\fR, \fB\-\-help\fR
 Display a short help message and exit.
diff --git a/src/zzuf.c b/src/zzuf.c
index c50a88c..42458a0 100644
--- a/src/zzuf.c
+++ b/src/zzuf.c
@@ -77,7 +77,7 @@ static int maxforks = 1, child_count = 0, maxcrashes = 1, crashes = 0;
 static int seed = 0;
 static int endseed = 1;
 static int quiet = 0;
-static int maxbytes = -1;
+static int maxoutput = -1;
 static int md5 = 0;
 static double maxtime = -1.0;
 
@@ -109,7 +109,6 @@ int main(int argc, char *argv[])
         static struct option long_options[] =
         {
             /* Long option, needs arg, flag, short option */
-            { "max-bytes",   1, NULL, 'B' },
             { "cmdline",     0, NULL, 'c' },
             { "max-crashes", 1, NULL, 'C' },
             { "debug",       0, NULL, 'd' },
@@ -119,6 +118,7 @@ int main(int argc, char *argv[])
             { "include",     1, NULL, 'I' },
             { "md5",         0, NULL, 'M' },
             { "network",     0, NULL, 'n' },
+            { "max-output",  1, NULL, 'O' },
             { "protect",     1, NULL, 'P' },
             { "quiet",       0, NULL, 'q' },
             { "ratio",       1, NULL, 'r' },
@@ -129,20 +129,17 @@ int main(int argc, char *argv[])
             { "help",        0, NULL, 'h' },
             { "version",     0, NULL, 'v' },
         };
-        int c = getopt_long(argc, argv, "B:cC:dE:F:iI:MnP:qr:R:s:ST:hv",
+        int c = getopt_long(argc, argv, "cC:dE:F:iI:MnO:P:qr:R:s:ST:hv",
                             long_options, &option_index);
 #   else
 #       define MOREINFO "Try `%s -h' for more information.\n"
-        int c = getopt(argc, argv, "B:cC:dE:F:iI:MnP:qr:R:s:ST:hv");
+        int c = getopt(argc, argv, "cC:dE:F:iI:MnO:P:qr:R:s:ST:hv");
 #   endif
         if(c == -1)
             break;
 
         switch(c)
         {
-        case 'B': /* --max-bytes */
-            maxbytes = atoi(optarg);
-            break;
         case 'c': /* --cmdline */
             cmdline = 1;
             break;
@@ -182,6 +179,9 @@ int main(int argc, char *argv[])
         case 'n': /* --network */
             setenv("ZZUF_NETWORK", "1", 1);
             break;
+        case 'O': /* --max-output */
+            maxoutput = atoi(optarg);
+            break;
         case 'P': /* --protect */
             protect = optarg;
             break;
@@ -465,7 +465,7 @@ static void clean_children(void)
     for(i = 0; i < maxforks; i++)
     {
         if(child_list[i].status == STATUS_RUNNING
-            && maxbytes >= 0 && child_list[i].bytes > maxbytes)
+            && maxoutput >= 0 && child_list[i].bytes > maxoutput)
         {
             fprintf(stdout, "zzuf[seed=%i]: data exceeded, sending SIGTERM\n",
                     child_list[i].seed);
@@ -674,7 +674,6 @@ static void usage(void)
     printf("\n");
     printf("Mandatory arguments to long options are mandatory for short options too.\n");
 #   ifdef HAVE_GETOPT_LONG
-    printf("  -B, --max-bytes <n>      kill children that output more than <n> bytes\n");
     printf("  -c, --cmdline            only fuzz files specified in the command line\n");
     printf("  -C, --max-crashes <n>    stop after <n> children have crashed (default 1)\n");
     printf("  -d, --debug              print debug messages\n");
@@ -684,6 +683,7 @@ static void usage(void)
     printf("  -I, --include <regex>    only fuzz files matching <regex>\n");
     printf("  -M, --md5                compute the output's MD5 hash\n");
     printf("  -n, --network            fuzz network input\n");
+    printf("  -O, --max-output <n>     kill children that output more than <n> bytes\n");
     printf("  -P, --protect <list>     protect bytes and characters in <list>\n");
     printf("  -q, --quiet              do not print children's messages\n");
     printf("  -r, --ratio <ratio>      bit fuzzing ratio (default 0.004)\n");
@@ -695,7 +695,6 @@ static void usage(void)
     printf("  -h, --help               display this help and exit\n");
     printf("  -v, --version            output version information and exit\n");
 #   else
-    printf("  -B <n>           kill children that output more than <n> bytes\n");
     printf("  -c               only fuzz files specified in the command line\n");
     printf("  -C <n>           stop after <n> children have crashed (default 1)\n");
     printf("  -d               print debug messages\n");
@@ -705,6 +704,7 @@ static void usage(void)
     printf("  -I <regex>       only fuzz files matching <regex>\n");
     printf("  -M               compute the output's MD5 hash\n");
     printf("  -n               fuzz network input\n");
+    printf("  -O <n>           kill children that output more than <n> bytes\n");
     printf("  -P <list>        protect bytes and characters in <list>\n");
     printf("  -q               do not print the fuzzed application's messages\n");
     printf("  -r <ratio>       bit fuzzing ratio (default 0.004)\n");