diff --git a/src/Makefile b/src/Makefile index 2abf2d1..24b50b5 100644 --- a/src/Makefile +++ b/src/Makefile @@ -4,7 +4,7 @@ #============================================================================== CC ?= gcc -CFLAGS += -Wall -w -O2 -D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 `pkg-config --cflags --libs gio-2.0 libffi` -g +CFLAGS += -Wall -Wno-unused-parameter -O2 -D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 `pkg-config --cflags --libs gio-2.0 libffi` -g OBJ = dfuzzer.o introspection.o fuzz.o rand.o util.o TARGET = dfuzzer all: dfuzzer diff --git a/src/dfuzzer.c b/src/dfuzzer.c index e7e51f4..17d2c36 100644 --- a/src/dfuzzer.c +++ b/src/dfuzzer.c @@ -132,23 +132,19 @@ int main(int argc, char **argv) cleanup: // free all suppressions and their descriptions - if (df_suppression) { - for (int i = 0; df_suppression[i]; i++) - free(df_suppression[i]); - } - if (df_supp_description) { - for (int i = 0; df_supp_description[i]; i++) - free(df_supp_description[i]); - } + for (int i = 0; df_suppression[i]; i++) + free(df_suppression[i]); + + for (int i = 0; df_supp_description[i]; i++) + free(df_supp_description[i]); return ret; } int df_process_bus(GBusType bus_type) { - _cleanup_(g_object_unrefp) GDBusConnection *dcon = NULL; + _cleanup_(g_dbus_connection_unrefp) GDBusConnection *dcon = NULL; _cleanup_(g_error_freep) GError *error = NULL; - int ret = DF_BUS_OK; switch (bus_type) { case G_BUS_TYPE_SESSION: @@ -215,9 +211,9 @@ int df_process_bus(GBusType bus_type) * @param dcon D-Bus connection structure * @return 0 on success, -1 on error */ -int df_list_bus_names(const GDBusConnection *dcon) +int df_list_bus_names(GDBusConnection *dcon) { - _cleanup_(g_object_unrefp) GDBusProxy *proxy = NULL; // proxy for getting bus names + _cleanup_(g_dbus_proxy_unrefp) GDBusProxy *proxy = NULL; // proxy for getting bus names _cleanup_(g_variant_iter_freep) GVariantIter *iter = NULL; _cleanup_(g_variant_unrefp) GVariant *response = NULL; // response from method ListNames _cleanup_(g_error_freep) GError *error = NULL; // must be set to NULL @@ -273,12 +269,12 @@ int df_list_bus_names(const GDBusConnection *dcon) * will be traversed) * @return 1 when obj. path target_proc.obj_path is found on bus, 0 otherwise */ -int df_is_object_on_bus(const GDBusConnection *dcon, const char *root_node) +int df_is_object_on_bus(GDBusConnection *dcon, const char *root_node) { char *intro_iface = "org.freedesktop.DBus.Introspectable"; char *intro_method = "Introspect"; _cleanup_(g_variant_unrefp) GVariant *response = NULL; - _cleanup_(g_object_unrefp) GDBusProxy *dproxy = NULL; + _cleanup_(g_dbus_proxy_unrefp) GDBusProxy *dproxy = NULL; _cleanup_(g_freep) gchar *introspection_xml = NULL; _cleanup_(g_error_freep) GError *error = NULL; /** Information about nodes in a remote object hierarchy. */ @@ -369,18 +365,17 @@ int df_is_object_on_bus(const GDBusConnection *dcon, const char *root_node) * @return 0 on success, 1 on error, 2 when testing detected any failures * or warnings, 3 on warnings */ -int df_traverse_node(const GDBusConnection *dcon, const char *root_node) +int df_traverse_node(GDBusConnection *dcon, const char *root_node) { char *intro_iface = "org.freedesktop.DBus.Introspectable"; char *intro_method = "Introspect"; _cleanup_(g_variant_unrefp) GVariant *response = NULL; - _cleanup_(g_object_unrefp) GDBusProxy *dproxy = NULL; + _cleanup_(g_dbus_proxy_unrefp) GDBusProxy *dproxy = NULL; _cleanup_(g_freep) gchar *introspection_xml = NULL; _cleanup_(g_error_freep) GError *error = NULL; /** Information about nodes in a remote object hierarchy. */ _cleanup_(g_dbus_node_info_unrefp) GDBusNodeInfo *node_data = NULL; GDBusNodeInfo *node = NULL; - char *object = NULL; int i = 0; /** Information about a D-Bus interface. */ GDBusInterfaceInfo *interface = NULL; @@ -505,9 +500,9 @@ int df_traverse_node(const GDBusConnection *dcon, const char *root_node) * @return 0 on success, 1 on error, 2 when testing detected any failures, * 3 on warnings */ -int df_fuzz(const GDBusConnection *dcon, const char *name, const char *obj, const char *intf) +int df_fuzz(GDBusConnection *dcon, const char *name, const char *obj, const char *intf) { - _cleanup_(g_object_unrefp) GDBusProxy *dproxy; // D-Bus interface proxy + _cleanup_(g_dbus_proxy_unrefp) GDBusProxy *dproxy = NULL; // D-Bus interface proxy _cleanup_(g_error_freep) GError *error = NULL; GDBusMethodInfo *m; GDBusArgInfo *in_arg; @@ -577,7 +572,7 @@ int df_fuzz(const GDBusConnection *dcon, const char *name, const char *obj, cons } // if method name is in df_suppression array of names, it is skipped - if (df_suppression != NULL) { + if (df_suppression[0] != NULL) { int skipflg = 0; for (i = 0; df_suppression[i] != NULL; i++) { if (strcmp(df_suppression[i], m->name) == 0) { @@ -778,10 +773,10 @@ int df_open_proc_status_file(const int pid) * @param dcon D-Bus connection structure * @return Process PID on success, -1 on error */ -int df_get_pid(const GDBusConnection *dcon) +int df_get_pid(GDBusConnection *dcon) { _cleanup_(g_error_freep) GError *error = NULL; - _cleanup_(g_object_unrefp) GDBusProxy *pproxy = NULL; + _cleanup_(g_dbus_proxy_unrefp) GDBusProxy *pproxy = NULL; _cleanup_(g_variant_unrefp) GVariant *variant_pid = NULL; int pid = -1; diff --git a/src/dfuzzer.h b/src/dfuzzer.h index d8219c2..11e20a1 100644 --- a/src/dfuzzer.h +++ b/src/dfuzzer.h @@ -67,7 +67,7 @@ int df_process_bus(GBusType bus_type); * @param dcon D-Bus connection structure * @return 0 on success, -1 on error */ -int df_list_bus_names(const GDBusConnection *dcon); +int df_list_bus_names(GDBusConnection *dcon); /** * @function Traverses through all objects of bus name target_proc.name @@ -77,7 +77,7 @@ int df_list_bus_names(const GDBusConnection *dcon); * will be traversed) * @return 1 when obj. path target_proc.obj_path is found on bus, 0 otherwise */ -int df_is_object_on_bus(const GDBusConnection *dcon, const char *root_node); +int df_is_object_on_bus(GDBusConnection *dcon, const char *root_node); /** * @function Traverses through all interfaces and objects of bus @@ -89,7 +89,7 @@ int df_is_object_on_bus(const GDBusConnection *dcon, const char *root_node); * @return 0 on success, 1 on error, 2 when testing detected any failures * or warnings, 3 on warnings */ -int df_traverse_node(const GDBusConnection *dcon, const char *root_node); +int df_traverse_node(GDBusConnection *dcon, const char *root_node); /** * @function Controls fuzz testing of all methods of specified interface (intf) @@ -101,7 +101,7 @@ int df_traverse_node(const GDBusConnection *dcon, const char *root_node); * @return 0 on success, 1 on error, 2 when testing detected any failures * or warnings, 3 on warnings */ -int df_fuzz(const GDBusConnection *dcon, const char *name, const char *obj, const char *intf); +int df_fuzz(GDBusConnection *dcon, const char *name, const char *obj, const char *intf); /** * @function Checks if name is valid D-Bus name, obj is valid @@ -126,7 +126,7 @@ int df_open_proc_status_file(const int pid); * @param dcon D-Bus connection structure * @return Process PID on success, -1 on error */ -int df_get_pid(const GDBusConnection *dcon); +int df_get_pid(GDBusConnection *dcon); /** * @function Prints process name and package to which process belongs. diff --git a/src/fuzz.c b/src/fuzz.c index ffba25e..25efb91 100644 --- a/src/fuzz.c +++ b/src/fuzz.c @@ -68,36 +68,9 @@ static int df_exec_cmd_check(const char *cmd); static GVariant *df_fuzz_create_variant(void); static int df_fuzz_create_list_variants(void); static int df_fuzz_create_fmt_string(char **fmt, const int n); -static int df_fuzz_call_method(const GVariant *value, const int void_method); +static int df_fuzz_call_method(GVariant *value, const int void_method); -/** - * @function Error checked write function with short write correction (when - * write is interrupted by a signal). - * @param fd File descriptor where to write - * @param buf Buffer from which to write to file descriptor fd - * @param count Number of bytes to be written - * @return 0 on success, -1 on error - */ -inline int df_ewrite(int fd, const void *buf, size_t count) -{ - ssize_t written = 0; - do { - written = write(fd, buf, count); - if (written == count) - break; - if (written > 0) { - buf += written; - count -= written; - } - } while (written >= 0 || errno == EINTR); - if (written < 0) { - perror("write"); - return -1; - } - return 0; -} - /** * @function Saves pointer on D-Bus interface proxy for this module to be * able to call methods through this proxy during fuzz testing. Also saves @@ -443,7 +416,7 @@ static int df_fuzz_write_log(void) g_variant_get(s->var, s->sig, var); if (var != NULL && g_variant_check_format_string(var, "s", FALSE)) { - g_variant_get(&var, "s", &tmp12); + g_variant_get(var, "s", &tmp12); str_len = strlen(tmp12); tmp12cpy = tmp12; if (tmp12 != NULL) @@ -819,7 +792,7 @@ static GVariant *df_fuzz_create_variant(void) // Initialize the cif if (ffi_prep_cif(&cif, FFI_DEFAULT_ABI, df_list.args + 1, &ffi_type_pointer, args) == FFI_OK) { - ffi_call(&cif, g_variant_new, &val, values); + ffi_call(&cif, FFI_FN(g_variant_new), &val, values); // val now holds the result of the call to g_variant_new(). // When val will be freed, all the floating Gvariants which // was used to create it will be freed too, because val is @@ -1003,13 +976,12 @@ static int df_fuzz_create_fmt_string(char **fmt, const int n) * @return 0 on success, -1 on error, 1 if void method returned non-void * value or 2 when tested method raised exception (so it should be skipped) */ -static int df_fuzz_call_method(const GVariant *value, const int void_method) +static int df_fuzz_call_method(GVariant *value, const int void_method) { _cleanup_(g_error_freep) GError *error = NULL; _cleanup_(g_variant_unrefp) GVariant *response = NULL; _cleanup_(g_freep) gchar *dbus_error = NULL; - gchar *fmt; - + const gchar *fmt; // Synchronously invokes method with arguments stored in value (GVariant *) // on df_dproxy. diff --git a/src/fuzz.h b/src/fuzz.h index 9109b8e..dd813c9 100644 --- a/src/fuzz.h +++ b/src/fuzz.h @@ -61,16 +61,6 @@ struct df_sig_list { }; -/** - * @function Error checked write function with short write correction (when - * write is interrupted by a signal). - * @param fd File descriptor where to write - * @param buf Buffer from which to write to file descriptor fd - * @param count Number of bytes to be written - * @return 0 on success, -1 on error - */ -inline int df_ewrite(int fd, const void *buf, size_t count); - /** * @function Saves pointer on D-Bus interface proxy for this module to be * able to call methods through this proxy during fuzz testing. Also saves diff --git a/src/introspection.c b/src/introspection.c index 4513063..77a8e7c 100644 --- a/src/introspection.c +++ b/src/introspection.c @@ -47,7 +47,7 @@ static GDBusArgInfo **df_out_args; * @param interface D-Bus interface * @return 0 on success, -1 on error */ -int df_init_introspection(const GDBusProxy *dproxy, const char *name, const char *interface) +int df_init_introspection(GDBusProxy *dproxy, const char *name, const char *interface) { if (!dproxy || !interface) { df_debug("Passing NULL argument to function.\n"); diff --git a/src/introspection.h b/src/introspection.h index 038e088..d176886 100644 --- a/src/introspection.h +++ b/src/introspection.h @@ -30,8 +30,7 @@ * @param interface D-Bus interface * @return 0 on success, -1 on error */ -int df_init_introspection(const GDBusProxy *dproxy, const char *name, - const char *interface); +int df_init_introspection(GDBusProxy *dproxy, const char *name, const char *interface); /** * @return Pointer on GDBusMethodInfo which contains information about method diff --git a/src/rand.c b/src/rand.c index def4538..62775dc 100644 --- a/src/rand.c +++ b/src/rand.c @@ -23,6 +23,7 @@ #include #include #include +#include #include "rand.h" @@ -336,15 +337,6 @@ guint64 df_rand_guint64(void) return gu64; } -/** - * @return Generated pseudo-random double precision floating point number - * from interval <0, 1> - */ -inline double drand(void) -{ - return ((double)rand() / RAND_MAX); -} - /** * @return Generated pseudo-random double precision floating point number */ @@ -539,7 +531,7 @@ int df_rand_dbus_objpath_string(gchar **buf) */ int df_rand_dbus_signature_string(gchar **buf) { - static unsigned char size = 1; + static uint16_t size = 1; size++; int i, j; diff --git a/src/rand.h b/src/rand.h index 604551d..4c321dc 100644 --- a/src/rand.h +++ b/src/rand.h @@ -88,7 +88,10 @@ guint64 df_rand_guint64(void); * @return Generated pseudo-random double precision floating point number * from interval <0, 1> */ -inline double drand(void); +inline double drand(void) +{ + return ((double)rand() / RAND_MAX); +} /** * @return Generated pseudo-random double precision floating point number diff --git a/src/util.h b/src/util.h index 5f5c92f..606f251 100644 --- a/src/util.h +++ b/src/util.h @@ -17,11 +17,20 @@ } \ } +static inline void g_dbus_connection_unref(GDBusConnection *p) { + g_object_unref(p); +} + +static inline void g_dbus_proxy_unref(GDBusProxy *p) { + g_object_unref(p); +} + DEFINE_TRIVIAL_CLEANUP_FUNC(int, close); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(char*, free, NULL); -DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(gpointer, g_free, NULL); -DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(gpointer, g_object_unref, NULL); +DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(gchar*, g_free, NULL); +DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(GDBusConnection*, g_dbus_connection_unref, NULL); +DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(GDBusProxy*, g_dbus_proxy_unref, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(GVariantIter*, g_variant_iter_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(GError*, g_error_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(GVariant*, g_variant_unref, NULL);