fsfuzz

small fs fuzzer
git clone git://git.2f30.org/fsfuzz
Log | Files | Refs

reiserfs.c (980B)

      1 #include <stdio.h>
      2 #include <stdlib.h>
      3 #include <time.h>
      4 #include <err.h>
      5 
      6 #include "fsfuzz.h"
      7 
      8 int
      9 reiserfs_init(struct fsfuzz_info *fs_info
     10 	   __attribute__ ((unused)))
     11 {
     12 	srand((unsigned int)time(NULL));
     13 	return 0;
     14 }
     15 
     16 int
     17 reiserfs_fuzz(struct fsfuzz_info *fs_info)
     18 {
     19 	char *p;
     20 	size_t offset;
     21 	size_t i;
     22 
     23 	p = fs_info->img;
     24 	for (i = 0; i < 32; i++) {
     25 		/* The superblock in reiserfs is at 0x10000 */
     26 		offset = 0x10000 + (rand() % 4096);
     27 		if (offset + 3 >= fs_info->size) {
     28 			warnx("Wrong offset, ignoring");
     29 			continue;
     30 		}
     31 		if (fs_info->verbosity)
     32 			printf("[+] Patching offset %#lx with 0xffffffff\n",
     33 			       (long)offset);
     34 		p[offset + 0] = 0xff;
     35 		p[offset + 1] = 0xff;
     36 		p[offset + 2] = 0xff;
     37 		p[offset + 3] = 0xff;
     38 	}
     39 	return 0;
     40 }
     41 
     42 static struct fsfuzz_ops reiserfs_fuzz_ops = {
     43 	.name = "reiserfs",
     44 	.init = reiserfs_init,
     45 	.fuzz = reiserfs_fuzz
     46 };
     47 
     48 __attribute__ ((constructor))
     49 static void
     50 reiserfs_register(void)
     51 {
     52 	fsfuzz_register(&reiserfs_fuzz_ops);
     53 }