btrfs.c (953B)
1 #include <stdio.h> 2 #include <stdlib.h> 3 #include <time.h> 4 #include <err.h> 5 6 #include "fsfuzz.h" 7 8 int 9 btrfs_init(struct fsfuzz_info *fs_info 10 __attribute__ ((unused))) 11 { 12 srand((unsigned int)time(NULL)); 13 return 0; 14 } 15 16 int 17 btrfs_fuzz(struct fsfuzz_info *fs_info) 18 { 19 char *p; 20 size_t offset; 21 size_t i; 22 23 p = fs_info->img; 24 for (i = 0; i < 32; i++) { 25 /* The superblock in btrfs is at 0x10000 */ 26 offset = 0x10000 + (rand() % 4096); 27 if (offset + 3 >= fs_info->size) { 28 warnx("Wrong offset, ignoring"); 29 continue; 30 } 31 if (fs_info->verbosity) 32 printf("[+] Patching offset %#lx with 0xffffffff\n", 33 (long)offset); 34 p[offset + 0] = 0xff; 35 p[offset + 1] = 0xff; 36 p[offset + 2] = 0xff; 37 p[offset + 3] = 0xff; 38 } 39 return 0; 40 } 41 42 static struct fsfuzz_ops btrfs_fuzz_ops = { 43 .name = "btrfs", 44 .init = btrfs_init, 45 .fuzz = btrfs_fuzz 46 }; 47 48 __attribute__ ((constructor)) 49 static void 50 btrfs_register(void) 51 { 52 fsfuzz_register(&btrfs_fuzz_ops); 53 }