e413984095
When diverting functions that handle FILE objects, we try to detect whether
the internal buffer contents have changed and therefore need to be fuzzed.
In recent glibc versions, it may happen that an fseek() call is made that
should not invalidate the internal buffer, yet a read() call is still performed.
This is arguably a bug. Considering the following code:
f = fopen("/dev/null", "r");
fread(ptr, 1, 1, f);
fseek(f, 1, SEEK_SET);
The following system calls are made, where the second read() call is
completely unnecessary and is the cause for the buffer refill:
read(..., 4096);
lseek(0, SEEK_SET);
read(..., 4096);
In order to work around this problem, we fill the internal buffer with random
data before calling fseek(), we check whether any bytes have changed, then we
restore it if it was left untouched. This is not 100% robust but honestly it
will do for now.
About zzuf:
zzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behaviour is deterministic, making it easy to reproduce bugs.
For instructions and examples on how to use zzuf, see the manual page and the website at http://caca.zoy.org/wiki/zzuf.
