fuzz: allow overriding LWIP_RAND for fuzz tests

Fuzz tests need reproducible code, so we need an "unsafe" version of
LWIP_RAND() in this case...

Also, to reproduce fuzz tests cases from Linux on Windows,
LWIP_RAND_FOR_FUZZ_SIMULATE_GLIBC provides the first 20 random numbers that
glibc would have...
This commit is contained in:
Simon Goldschmidt 2020-03-27 22:42:06 +01:00
parent 003f5cc12d
commit e30d50710d
3 changed files with 39 additions and 0 deletions

View File

@ -382,6 +382,15 @@ extern "C" {
#define LWIP_PROVIDE_ERRNO
#endif
/* Use a special, reproducable version of rand() for fuzz tests? */
#ifdef LWIP_RAND_FOR_FUZZ
#ifdef LWIP_RAND
#undef LWIP_RAND
#endif
u32_t lwip_fuzz_rand(void);
#define LWIP_RAND() lwip_fuzz_rand()
#endif
/**
* @}
*/

View File

@ -667,3 +667,32 @@ int lwip_fuzztest(int argc, char** argv, enum lwip_fuzz_type type, u32_t test_ap
pcap_dump_stop();
return 0;
}
#ifdef LWIP_RAND_FOR_FUZZ
u32_t lwip_fuzz_rand(void)
{
#ifdef LWIP_RAND_FOR_FUZZ_SIMULATE_GLIBC
/* this is what glibc rand() returns (first 20 numbers) */
static u32_t rand_nrs[] = {0x6b8b4567, 0x327b23c6, 0x643c9869, 0x66334873, 0x74b0dc51,
0x19495cff, 0x2ae8944a, 0x625558ec, 0x238e1f29, 0x46e87ccd,
0x3d1b58ba, 0x507ed7ab, 0x2eb141f2, 0x41b71efb, 0x79e2a9e3,
0x7545e146, 0x515f007c, 0x5bd062c2, 0x12200854, 0x4db127f8};
static int idx = 0;
u32_t ret = rand_nrs[idx];
idx++;
if (idx >= sizeof(rand_nrs)/sizeof((rand_nrs)[0])) {
idx = 0;
}
return ret;
#else
/* a simple LCG, unsafe but should give the same result for every execution (best for fuzzing) */
u32_t result;
static s32_t state[1] = {0xdeadbeef};
s32_t val = state[0];
val = ((state[0] * 1103515245) + 12345) & 0x7fffffff;
state[0] = val;
result = val;
return result;
#endif
}
#endif

View File

@ -34,6 +34,7 @@
#define MEMP_NUM_SYS_TIMEOUT 17
#define LWIP_FUZZ_SYS_NOW
#define LWIP_RAND_FOR_FUZZ
/* Prevent having to link sys_arch.c (we don't test the API layers in unit tests) */
#define NO_SYS 1