1 /*
2  * Copyright © 2019 Manuel Stoeckl
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining
5  * a copy of this software and associated documentation files (the
6  * "Software"), to deal in the Software without restriction, including
7  * without limitation the rights to use, copy, modify, merge, publish,
8  * distribute, sublicense, and/or sell copies of the Software, and to
9  * permit persons to whom the Software is furnished to do so, subject to
10  * the following conditions:
11  *
12  * The above copyright notice and this permission notice (including the
13  * next paragraph) shall be included in all copies or substantial
14  * portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19  * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
20  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
21  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23  * SOFTWARE.
24  */
25 
26 #include "common.h"
27 #include "main.h"
28 
29 #include <errno.h>
30 #include <fcntl.h>
31 #include <inttypes.h>
32 #include <poll.h>
33 #include <stdarg.h>
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include <sys/mman.h>
38 #include <sys/socket.h>
39 #include <sys/wait.h>
40 #include <time.h>
41 #include <unistd.h>
42 
43 log_handler_func_t log_funcs[2] = {NULL, NULL};
main(int argc,char ** argv)44 int main(int argc, char **argv)
45 {
46 	if (argc == 1 || !strcmp(argv[1], "--help")) {
47 		printf("Usage: ./fuzz_hook_det [--server] [--log] {input_file}\n");
48 		printf("A program to run and control Wayland and channel inputs for core Waypipe operations\n");
49 		return EXIT_FAILURE;
50 	}
51 	bool display_side = true;
52 	if (argc > 1 && !strcmp(argv[1], "--server")) {
53 		display_side = false;
54 		argc--;
55 		argv++;
56 	}
57 	if (argc > 1 && !strcmp(argv[1], "--log")) {
58 		log_funcs[0] = test_atomic_log_handler;
59 		log_funcs[1] = test_atomic_log_handler;
60 		argc--;
61 		argv++;
62 	}
63 
64 	size_t len;
65 	char *buf = read_file_into_mem(argv[1], &len);
66 	if (!buf) {
67 		return EXIT_FAILURE;
68 	}
69 	printf("Loaded %zu bytes\n", len);
70 
71 	struct test_state ts;
72 	if (setup_state(&ts, display_side, true) == -1) {
73 		return -1;
74 	}
75 
76 	char *ignore_buf = malloc(65536);
77 
78 	/* Main loop: RW from socketpairs with sendmsg, with short wait */
79 	int64_t file_nwords = (int64_t)len / 4;
80 	int64_t cursor = 0;
81 	uint32_t *data = (uint32_t *)buf;
82 	while (cursor < file_nwords) {
83 		uint32_t header = data[cursor++];
84 		bool wayland_side = header & 0x1;
85 		bool add_file = header & 0x2;
86 		int new_fileno = -1;
87 
88 		if (add_file && wayland_side && cursor < file_nwords) {
89 			uint32_t fsize = data[cursor++];
90 			if (fsize == 0) {
91 				/* 'copy' sink */
92 				new_fileno = open("/dev/null", O_WRONLY);
93 				if (new_fileno == -1) {
94 					wp_error("Failed to open /dev/null");
95 				}
96 			} else {
97 				/* avoid buffer overflow */
98 				fsize = fsize > 1000000 ? 1000000 : fsize;
99 				new_fileno = create_anon_file();
100 				if (ftruncate(new_fileno, (off_t)fsize) == -1) {
101 					wp_error("Failed to resize tempfile");
102 					checked_close(new_fileno);
103 					break;
104 				}
105 			}
106 		}
107 
108 		uint32_t packet_size = header >> 2;
109 		int64_t words_left = file_nwords - cursor;
110 		if (packet_size > 2048) {
111 			packet_size = 2048;
112 		}
113 		if (packet_size > (uint32_t)words_left) {
114 			packet_size = (uint32_t)words_left;
115 		}
116 
117 		struct transfer_queue transfers;
118 		memset(&transfers, 0, sizeof(transfers));
119 		pthread_mutex_init(&transfers.async_recv_queue.lock, NULL);
120 
121 		if (wayland_side) {
122 			/* Send a message (incl fds) */
123 			struct msg m;
124 			m.data = &data[cursor];
125 			m.len = (int)packet_size;
126 			if (new_fileno != -1) {
127 				m.fds = &new_fileno;
128 				m.nfds = 1;
129 			} else {
130 				m.fds = NULL;
131 				m.nfds = 0;
132 			}
133 			send_wayland_msg(&ts, m, &transfers);
134 			/* ignore any created transfers, since this is only
135 			 * a test of one side */
136 		} else {
137 			/* Send a transfer */
138 			void *msg_copy = calloc(packet_size, 4);
139 			memcpy(msg_copy, &data[cursor], packet_size * 4);
140 			transfer_add(&transfers, packet_size * 4, msg_copy);
141 			receive_wire(&ts, &transfers);
142 		}
143 		cleanup_transfer_queue(&transfers);
144 
145 		cursor += packet_size;
146 	}
147 
148 	cleanup_state(&ts);
149 
150 	free(buf);
151 	free(ignore_buf);
152 	return EXIT_SUCCESS;
153 }
154