1 /*
2 * Copyright © 2019 Manuel Stoeckl
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice (including the
13 * next paragraph) shall be included in all copies or substantial
14 * portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
20 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
21 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE.
24 */
25
26 #include "common.h"
27 #include "main.h"
28
29 #include <errno.h>
30 #include <fcntl.h>
31 #include <inttypes.h>
32 #include <poll.h>
33 #include <stdarg.h>
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include <sys/mman.h>
38 #include <sys/socket.h>
39 #include <sys/wait.h>
40 #include <time.h>
41 #include <unistd.h>
42
43 log_handler_func_t log_funcs[2] = {NULL, NULL};
main(int argc,char ** argv)44 int main(int argc, char **argv)
45 {
46 if (argc == 1 || !strcmp(argv[1], "--help")) {
47 printf("Usage: ./fuzz_hook_det [--server] [--log] {input_file}\n");
48 printf("A program to run and control Wayland and channel inputs for core Waypipe operations\n");
49 return EXIT_FAILURE;
50 }
51 bool display_side = true;
52 if (argc > 1 && !strcmp(argv[1], "--server")) {
53 display_side = false;
54 argc--;
55 argv++;
56 }
57 if (argc > 1 && !strcmp(argv[1], "--log")) {
58 log_funcs[0] = test_atomic_log_handler;
59 log_funcs[1] = test_atomic_log_handler;
60 argc--;
61 argv++;
62 }
63
64 size_t len;
65 char *buf = read_file_into_mem(argv[1], &len);
66 if (!buf) {
67 return EXIT_FAILURE;
68 }
69 printf("Loaded %zu bytes\n", len);
70
71 struct test_state ts;
72 if (setup_state(&ts, display_side, true) == -1) {
73 return -1;
74 }
75
76 char *ignore_buf = malloc(65536);
77
78 /* Main loop: RW from socketpairs with sendmsg, with short wait */
79 int64_t file_nwords = (int64_t)len / 4;
80 int64_t cursor = 0;
81 uint32_t *data = (uint32_t *)buf;
82 while (cursor < file_nwords) {
83 uint32_t header = data[cursor++];
84 bool wayland_side = header & 0x1;
85 bool add_file = header & 0x2;
86 int new_fileno = -1;
87
88 if (add_file && wayland_side && cursor < file_nwords) {
89 uint32_t fsize = data[cursor++];
90 if (fsize == 0) {
91 /* 'copy' sink */
92 new_fileno = open("/dev/null", O_WRONLY);
93 if (new_fileno == -1) {
94 wp_error("Failed to open /dev/null");
95 }
96 } else {
97 /* avoid buffer overflow */
98 fsize = fsize > 1000000 ? 1000000 : fsize;
99 new_fileno = create_anon_file();
100 if (ftruncate(new_fileno, (off_t)fsize) == -1) {
101 wp_error("Failed to resize tempfile");
102 checked_close(new_fileno);
103 break;
104 }
105 }
106 }
107
108 uint32_t packet_size = header >> 2;
109 int64_t words_left = file_nwords - cursor;
110 if (packet_size > 2048) {
111 packet_size = 2048;
112 }
113 if (packet_size > (uint32_t)words_left) {
114 packet_size = (uint32_t)words_left;
115 }
116
117 struct transfer_queue transfers;
118 memset(&transfers, 0, sizeof(transfers));
119 pthread_mutex_init(&transfers.async_recv_queue.lock, NULL);
120
121 if (wayland_side) {
122 /* Send a message (incl fds) */
123 struct msg m;
124 m.data = &data[cursor];
125 m.len = (int)packet_size;
126 if (new_fileno != -1) {
127 m.fds = &new_fileno;
128 m.nfds = 1;
129 } else {
130 m.fds = NULL;
131 m.nfds = 0;
132 }
133 send_wayland_msg(&ts, m, &transfers);
134 /* ignore any created transfers, since this is only
135 * a test of one side */
136 } else {
137 /* Send a transfer */
138 void *msg_copy = calloc(packet_size, 4);
139 memcpy(msg_copy, &data[cursor], packet_size * 4);
140 transfer_add(&transfers, packet_size * 4, msg_copy);
141 receive_wire(&ts, &transfers);
142 }
143 cleanup_transfer_queue(&transfers);
144
145 cursor += packet_size;
146 }
147
148 cleanup_state(&ts);
149
150 free(buf);
151 free(ignore_buf);
152 return EXIT_SUCCESS;
153 }
154