From a923bf23449c000f47b1f11630e7eb6c10a0428a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 22 May 2019 16:19:14 +0200 Subject: changelog - tabs/spaces --- CHANGELOG | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 9863c7cd..dcd788ab 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -6,11 +6,11 @@ 2019-02-23 - Version 1.8 - Native support for NetBSD - - Multiple smaller changes wrt threading - e.g. introducing the signal thread - - Removed the support for -p (pid fuzzing), honggfuzz net driver, or persistent fuzzing mode should be used instead - - Reimplementation of memory comparison routines, now verified with glibc's test-suite - - Improved hfuzz-cc/clang/gcc - e.g. for the MacOSX platform, also using -fno-sanitize=fuzzer if -fsanitize=fuzzer is specified, + some samba code wrappers - - Examples: new corpora for some of those, new patch for ISC Bind (9.13.5) + - Multiple smaller changes wrt threading - e.g. introducing the signal thread + - Removed the support for -p (pid fuzzing), honggfuzz net driver, or persistent fuzzing mode should be used instead + - Reimplementation of memory comparison routines, now verified with glibc's test-suite + - Improved hfuzz-cc/clang/gcc - e.g. for the MacOSX platform, also using -fno-sanitize=fuzzer if -fsanitize=fuzzer is specified, + some samba code wrappers + - Examples: new corpora for some of those, new patch for ISC Bind (9.13.5) 2018-08-23 - Version 1.7 - Native support for NetBSD -- cgit v1.2.3 From 8f2e8ea9d0218e255854455f65834d4ea0f3323b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 23 May 2019 14:59:27 +0200 Subject: hfuzz-cc: disjoin libhfcommon from libhfuzz and libhfnetdriver --- Makefile | 8 ++++---- hfuzz_cc/hfuzz-cc.c | 22 +++++++++++++++++++++- libhfnetdriver/netdriver.c | 4 ++-- 3 files changed, 27 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 73d95e0a..ce54832b 100644 --- a/Makefile +++ b/Makefile @@ -298,14 +298,14 @@ $(LCOMMON_ARCH): $(LCOMMON_OBJS) $(LHFUZZ_OBJS): $(LHFUZZ_SRCS) $(CC) -c $(CFLAGS) $(LIBS_CFLAGS) -o $@ $(@:.o=.c) -$(LHFUZZ_ARCH): $(LHFUZZ_OBJS) $(LCOMMON_OBJS) - $(AR) rcs $(LHFUZZ_ARCH) $(LHFUZZ_OBJS) $(LCOMMON_OBJS) +$(LHFUZZ_ARCH): $(LHFUZZ_OBJS) + $(AR) rcs $(LHFUZZ_ARCH) $(LHFUZZ_OBJS) $(LNETDRIVER_OBJS): $(LNETDRIVER_SRCS) $(CC) -c $(CFLAGS) $(LIBS_CFLAGS) -o $@ $(@:.o=.c) -$(LNETDRIVER_ARCH): $(LNETDRIVER_OBJS) $(LCOMMON_OBJS) - $(AR) rcs $(LNETDRIVER_ARCH) $(LNETDRIVER_OBJS) $(LCOMMON_OBJS) +$(LNETDRIVER_ARCH): $(LNETDRIVER_OBJS) + $(AR) rcs $(LNETDRIVER_ARCH) $(LNETDRIVER_OBJS) .PHONY: clean clean: diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 288d0406..fe1f6e45 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -36,6 +36,12 @@ __asm__("\n" "lhfnetdriver_start:\n" " .incbin \"libhfnetdriver/libhfnetdriver.a\"\n" "lhfnetdriver_end:\n" + "\n" + " .global lhfcommon_start\n" + " .global lhfcommon_end\n" + "lhfcommon_start:\n" + " .incbin \"libhfcommon/libhfcommon.a\"\n" + "lhfcommon_end:\n" "\n"); static const char* _basename(const char* path) { @@ -276,6 +282,20 @@ static char* getLibHFNetDriverPath() { return path; } +static char* getLibHFCommonPath() { + extern uint8_t lhfcommon_start __asm__("lhfcommon_start"); + extern uint8_t lhfcommon_end __asm__("lhfcommon_end"); + + static char path[PATH_MAX] = {}; + if (path[0]) { + return path; + } + if (!getLibPath("libhfuzz", "HFUZZ_LHFCOMMON_PATH", &lhfcommon_start, &lhfcommon_end, path)) { + LOG_F("Couldn't create the temporary libhcommon.a"); + } + return path; +} + static void commonOpts(int* j, char** args) { args[(*j)++] = getIncPaths(); if (isGCC) { @@ -411,7 +431,7 @@ static int ldMode(int argc, char** argv) { /* Reference standard honggfuzz libraries (libhfuzz and libhfnetdriver) */ args[j++] = getLibHFNetDriverPath(); args[j++] = getLibHFuzzPath(); - args[j++] = getLibHFNetDriverPath(); + args[j++] = getLibHFCommonPath(); /* Needed by the libhfcommon */ args[j++] = "-pthread"; diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 2b4f1ea8..aa700e34 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -279,7 +279,7 @@ uint16_t netDriver_getTCPPort(int argc, char **argv) { return HonggfuzzNetDriverPort(argc, argv); } -__attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv) { +int LLVMFuzzerInitialize(int *argc, char ***argv) { if (getenv(HFND_SKIP_FUZZING_ENV)) { LOG_I( "Honggfuzz Net Driver (pid=%d): '%s' is set, skipping fuzzing, calling main() directly", @@ -311,7 +311,7 @@ __attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv) { return 0; } -__attribute__((weak)) int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { int sock = netDriver_sockConnLoopback(hfnd_globals.sa_family, hfnd_globals.tcp_port); if (sock == -1) { LOG_F("Couldn't connect to the server TCP port"); -- cgit v1.2.3 From 08706874e296650a7e80a519524164bafe270876 Mon Sep 17 00:00:00 2001 From: dobin Date: Sat, 8 Jun 2019 15:11:44 +0200 Subject: fix for #253 --- fuzz.c | 8 +-- socketfuzzer.c | 22 ++++++-- socketfuzzer/Makefile | 2 +- socketfuzzer/README.md | 62 +++++++++++++++++++---- socketfuzzer/honggfuzz_socketclient.py | 93 +++++++++++++++++++++++++--------- socketfuzzer/unittest.sh | 3 +- socketfuzzer/vulnserver_cov.c | 40 +++++++++------ 7 files changed, 171 insertions(+), 59 deletions(-) diff --git a/fuzz.c b/fuzz.c index 950c556f..8aec2ccb 100644 --- a/fuzz.c +++ b/fuzz.c @@ -405,7 +405,6 @@ static void fuzz_fuzzLoop(run_t* run) { } static void fuzz_fuzzLoopSocket(run_t* run) { - run->pid = 0; run->timeStartedMillis = 0; run->crashFileName[0] = '\0'; run->pc = 0; @@ -442,8 +441,11 @@ static void fuzz_fuzzLoopSocket(run_t* run) { LOG_D("------[ 2: fetch input"); if (!fuzz_waitForExternalInput(run)) { /* Fuzzer could not connect to target, and told us to - restart it. Do it on the next iteration. */ + restart it. Do it on the next iteration. + or: it crashed by fuzzing. Restart it too. + */ LOG_D("------[ 2.1: Target down, will restart it"); + run->pid = 0; // make subproc_Run() restart it on next iteration return; } @@ -507,10 +509,10 @@ static void* fuzz_threadNew(void* arg) { break; } - input_setSize(&run, run.global->mutate.maxFileSz); if (hfuzz->socketFuzzer.enabled) { fuzz_fuzzLoopSocket(&run); } else { + input_setSize(&run, run.global->mutate.maxFileSz); fuzz_fuzzLoop(&run); } diff --git a/socketfuzzer.c b/socketfuzzer.c index 29783582..191d6580 100644 --- a/socketfuzzer.c +++ b/socketfuzzer.c @@ -29,9 +29,16 @@ #include "libhfcommon/util.h" bool fuzz_waitForExternalInput(run_t* run) { + /* if the target crashed, we need to identify here and return false, + so honggfuzz will restart it, and the fuzzing loop */ + if(run->crashFileName[0] != '\0') { + LOG_E("Target has crashed."); + return false; + } + /* tell the external fuzzer to do his thing */ if (!fuzz_prepareSocketFuzzer(run)) { - LOG_F("fuzz_prepareSocketFuzzer() failed"); + LOG_E("fuzz_prepareSocketFuzzer() failed"); } /* the external fuzzer may inform us of a crash */ @@ -66,13 +73,20 @@ int fuzz_waitforSocketFuzzer(run_t* run) { // We dont care what we receive, its just to block here if (ret < 0) { - LOG_F("fuzz_waitforSocketFuzzer: received: %zu", ret); + LOG_E("fuzz_waitforSocketFuzzer: received: %zu", ret); } if (memcmp(buf, "okay", 4) == 0) { return 1; } else if (memcmp(buf, "bad!", 4) == 0) { return 2; + } else if (memcmp(buf, "halt", 4) == 0) { + LOG_D("External fuzzer ordered us to shut down."); + if (run->pid) { + kill(run->pid, SIGKILL); + } + exit(0); + } return 0; @@ -83,7 +97,7 @@ bool fuzz_notifySocketFuzzerNewCov(honggfuzz_t* hfuzz) { bool ret = files_sendToSocket(hfuzz->socketFuzzer.clientSocket, (uint8_t*)"New!", 4); LOG_D("fuzz_notifySocketFuzzer: SEND: New!"); if (!ret) { - LOG_F("fuzz_notifySocketFuzzer"); + LOG_E("fuzz_notifySocketFuzzer"); } return true; @@ -93,7 +107,7 @@ bool fuzz_notifySocketFuzzerCrash(run_t* run) { bool ret = files_sendToSocket(run->global->socketFuzzer.clientSocket, (uint8_t*)"Cras", 4); LOG_D("fuzz_notifySocketFuzzer: SEND: Crash"); if (!ret) { - LOG_F("fuzz_notifySocketFuzzer"); + LOG_E("fuzz_notifySocketFuzzer"); } return true; diff --git a/socketfuzzer/Makefile b/socketfuzzer/Makefile index 8cb8c7d8..14096678 100644 --- a/socketfuzzer/Makefile +++ b/socketfuzzer/Makefile @@ -1,5 +1,5 @@ all: vulnserver_cov -vulnserver_cov: +vulnserver_cov: vulnserver_cov.c unset HFUZZ_CC_ASAN ../hfuzz_cc/hfuzz-cc vulnserver_cov.c -o vulnserver_cov diff --git a/socketfuzzer/README.md b/socketfuzzer/README.md index eaa06c00..80062fe1 100644 --- a/socketfuzzer/README.md +++ b/socketfuzzer/README.md @@ -1,8 +1,10 @@ # Honggfuzz - SocketClient -Implement an external fuzzer to fuzz network servers or similar. +Use Honggfuzz as Code-Coverage tool, and implement an external fuzzer which +interacts with the target (usually a network server). The actual fuzzer and +honggfuzz communicate via a local socket. -Tested on Ubuntu 17.04. +Tested on Ubuntu 17.04, 18.04. ## Protocol @@ -16,6 +18,8 @@ HonggFuzz <-> FFW "New!" --> "Cras" --> <-- "bad!" +... + <-- "halt" ``` * "Fuzz": HongFuzz tells FFW to send its network messages to the target server @@ -23,6 +27,7 @@ HonggFuzz <-> FFW * "New!": HonggFuzz tells FFW that new basic blocks have been reached * "Cras": HonggFuzz tells FFW that the target has crashed * "bad!": FFW tells Honggfuzz that the server is crashed +* "halt": Fuzzing finished, shutdown HonggFuzz in an orderly manner. ## Overview @@ -89,38 +94,73 @@ Send to target: 5 Automatic test, successful run: ``` $ ./unittest.sh -Auto -connecting to /tmp/honggfuzz_socket +Auto Test +connecting to /tmp/honggfuzz_socket.24916 Test: 0 - initial +A SocketFuzzer client connected. Continuing. ok: Fuzz -Test: 1 - first new BB +Test: 1 - expecting first new BB +# vulnserver_cov: Listening on port: 5001 +# vulnserver_cov: New client connected +# vulnserver_cov: Received data with len: 6 on state: 0 +# vulnserver_cov: Auth success +# vulnserver_cov: Closing... ok: New! ok: Fuzz -Test: 2 - second new BB +Test: 2 - expecting second new BB +# vulnserver_cov: New client connected +# vulnserver_cov: Received data with len: 6 on state: 0 +# vulnserver_cov: Handledata1: BBBBBB +# vulnserver_cov: Closing... ok: New! ok: Fuzz -Test: 3 - repeat second msg, no new BB +Test: 3 - repeat second msg, expecting no new BB +# vulnserver_cov: New client connected +# vulnserver_cov: Received data with len: 6 on state: 0 +# vulnserver_cov: Handledata1: BBBBBB +# vulnserver_cov: Closing... ok: Fuzz -Test: 4 - crash stack +Test: 4 - crash stack, expect new BB, then crash notification +# vulnserver_cov: New client connected +# vulnserver_cov: Received data with len: 128 on state: 0 +# vulnserver_cov: Handledata1: BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB� + ok: New! ok: Cras ok: Fuzz -Test: 5 - resend second, no new BB +Test: 5 - resend second, expecting no new BB +# vulnserver_cov: Listening on port: 5001 ok: Fuzz -Test: 6 - send three, new BB +Test: 6 - send three, expecting new BB +# vulnserver_cov: New client connected +# vulnserver_cov: Received data with len: 6 on state: 0 +# vulnserver_cov: Handledata2: CCCCCC +# vulnserver_cov: Closing... ok: New! ok: Fuzz Test: 7 - send four, new BB +# vulnserver_cov: New client connected +# vulnserver_cov: Received data with len: 6 on state: 0 +# vulnserver_cov: Handledata3: 6 +# vulnserver_cov: Closing... ok: New! ok: Fuzz -Test: 8 - send four again, no new BB +Test: 8 - fake unresponsive server + ok: Fuzz + +Test: 9 - send four again, no new BB +# vulnserver_cov: New client connected +# vulnserver_cov: Received data with len: 6 on state: 0 +# vulnserver_cov: Handledata3: 6 +# vulnserver_cov: Closing... +# vulnserver_cov: Listening on port: 5001 ok: Fuzz ``` diff --git a/socketfuzzer/honggfuzz_socketclient.py b/socketfuzzer/honggfuzz_socketclient.py index b129d6a6..29a90c76 100755 --- a/socketfuzzer/honggfuzz_socketclient.py +++ b/socketfuzzer/honggfuzz_socketclient.py @@ -107,12 +107,14 @@ class TargetSocket: if n == 7: # heap buffer overflow data = "C" * 128 + if n == 8: + # heap buffer overflow + data = "FFFFFF" #print " Send: " + str(data) return self.sendToSocket(data) - def sendResp(targetSocketRes, hfSocket): if not targetSocketRes: print " ! Server down. Send: bad!" @@ -121,16 +123,12 @@ def sendResp(targetSocketRes, hfSocket): hfSocket.send("okay") - def auto(pid): - print "Auto" - + print "Auto Test" hfSocket = HonggfuzzSocket(pid) targetSocket = TargetSocket() - hfSocket.connect() - print "" print "Test: 0 - initial" ret = hfSocket.recv() @@ -140,9 +138,8 @@ def auto(pid): print " nok: " + ret return - print "" - print "Test: 1 - first new BB" + print "Test: 1 - expecting first new BB" ret = targetSocket.sendFuzz(1) sendResp(ret, hfSocket) ret = hfSocket.recv() @@ -158,9 +155,8 @@ def auto(pid): print " nok: " + ret return - print "" - print "Test: 2 - second new BB" + print "Test: 2 - expecting second new BB" targetSocket.sendFuzz(2) sendResp(ret, hfSocket) ret = hfSocket.recv() @@ -176,9 +172,8 @@ def auto(pid): print " nok: " + ret return - print "" - print "Test: 3 - repeat second msg, no new BB" + print "Test: 3 - repeat second msg, expecting no new BB" targetSocket.sendFuzz(2) sendResp(ret, hfSocket) ret = hfSocket.recv() @@ -189,15 +184,25 @@ def auto(pid): return print "" - print "Test: 4 - crash stack" + print "Test: 4 - crash stack, expect new BB, then crash notification" targetSocket.sendFuzz(6) sendResp(ret, hfSocket) + # first, a new BB is detected + ret = hfSocket.recv() + if ret == "New!": + print " ok: " + ret + else: + print " nok: " + ret + return + # this leads to a crash ret = hfSocket.recv() if ret == "Cras": print " ok: " + ret else: print " nok: " + ret return + # after the crash, the target should have been restarted, and + # we are ready to fuzz again ret = hfSocket.recv() if ret == "Fuzz": print " ok: " + ret @@ -206,7 +211,7 @@ def auto(pid): return print "" - print "Test: 5 - resend second, no new BB" + print "Test: 5 - resend second, expecting no new BB" targetSocket.sendFuzz(2) sendResp(ret, hfSocket) ret = hfSocket.recv() @@ -217,22 +222,25 @@ def auto(pid): return print "" - print "Test: 6 - send three, new BB" + print "Test: 6 - send three, expecting new BB" targetSocket.sendFuzz(3) sendResp(ret, hfSocket) ret = hfSocket.recv() if ret == "New!": print " ok: " + ret - else: - print " nok: " + ret - return - ret = hfSocket.recv() - if ret == "Fuzz": - print " ok: " + ret + elif ret == "Fuzz": + print " okish: Should have been New!, but lets continue anyway" else: print " nok: " + ret return + if ret == "New!": + ret = hfSocket.recv() + if ret == "Fuzz": + print " ok: " + ret + else: + print " nok: " + ret + return print "" print "Test: 7 - send four, new BB" @@ -251,9 +259,20 @@ def auto(pid): print " nok: " + ret return + # lets simulate that the server has become unresponsive for some reason. + # as described in #253 + print "" + print "Test: 8 - fake unresponsive server" + hfSocket.send("bad!") + ret = hfSocket.recv() + if ret == "Fuzz": + print " ok: " + ret + else: + print " nok: " + ret + return print "" - print "Test: 8 - send four again, no new BB" + print "Test: 9 - send four again, no new BB" targetSocket.sendFuzz(4) sendResp(ret, hfSocket) ret = hfSocket.recv() @@ -263,6 +282,35 @@ def auto(pid): print " nok: " + ret return + # shut honggfuzz down + hfSocket.send("halt") + + # this does not really work yet in honggfuzz. + if (False): + # lets make the server unresponsive + print "" + print "Test: 10 - real unresponsive server" + targetSocket.sendFuzz(8) + sendResp(ret, hfSocket) + # we first have a new BB + ret = hfSocket.recv() + if ret == "New!": + print " ok: " + ret + else: + print " nok: " + ret + return + + print "" + print "Test: 11 - send four again, no new BB" + targetSocket.sendFuzz(4) + sendResp(ret, hfSocket) + ret = hfSocket.recv() + if ret == "Fuzz": + print " ok: " + ret + else: + print " nok: " + ret + return + def interactive(pid): hfSocket = HonggfuzzSocket(pid) @@ -306,7 +354,6 @@ def interactive(pid): print("Exception: " + str(e)) - def main(): mode = None pid = None diff --git a/socketfuzzer/unittest.sh b/socketfuzzer/unittest.sh index e1c3781e..e119c160 100644 --- a/socketfuzzer/unittest.sh +++ b/socketfuzzer/unittest.sh @@ -1,7 +1,6 @@ #!/bin/bash -rm -rf HONGGFUZZ.REPORT.TXT SIGABR* HF.san* +rm HONGGFUZZ.REPORT.TXT SIGABR* HF.san* SIGSEGV.*.fuzz ../honggfuzz --keep_output --debug --sanitizers --stdin_input --threads 1 --verbose --logfile log.txt --socket_fuzzer -- ./vulnserver_cov & - python ./honggfuzz_socketclient.py auto $! diff --git a/socketfuzzer/vulnserver_cov.c b/socketfuzzer/vulnserver_cov.c index d0926e33..89c7c716 100644 --- a/socketfuzzer/vulnserver_cov.c +++ b/socketfuzzer/vulnserver_cov.c @@ -10,7 +10,7 @@ /* Do nothing with first message */ void handleData0(char *data, int len) { - printf("Auth success\n"); + printf("# vulnserver_cov: Auth success\n"); } /* Second message is stack based buffer overflow */ @@ -18,7 +18,7 @@ void handleData1(char *data, int len) { char buff[8]; bzero(buff, 8); memcpy(buff, data, len); - printf("Handledata1: %s\n", buff); + printf("# vulnserver_cov: Handledata1: %s\n", buff); } /* Third message is heap overflow */ @@ -26,19 +26,23 @@ void handleData2(char *data, int len) { char *buff = malloc(8); bzero(buff, 8); memcpy(buff, data, len); - printf("Handledata2: %s\n", buff); + printf("# vulnserver_cov: Handledata2: %s\n", buff); free(buff); } void handleData3(char *data, int len) { - printf("Meh: %i\n", len); + printf("# vulnserver_cov: Handledata3: %i\n", len); } void handleData4(char *data, int len) { - printf("Blah: %i\n", len); + printf("# vulnserver_cov: Handledata4: %i\n", len); } -void doprocessing(int sock) { +void handleData5(char *data, int len) { + printf("# vulnserver_cov: Handledata5: %i\n", len); +} + +void doprocessing(int sock, int serversock) { char data[1024]; int n = 0; int len = 0; @@ -51,7 +55,7 @@ void doprocessing(int sock) { return; } - printf("Received data with len: %i on state: %i\n", len, n); + printf("# vulnserver_cov: Received data with len: %i on state: %i\n", len, n); switch (data[0]) { case 'A': handleData0(data, len); @@ -73,6 +77,12 @@ void doprocessing(int sock) { handleData4(data, len); write(sock, "ok", 2); break; + case 'F': + handleData5(data, len); + write(sock, "ok", 2); + // close the main server socket whoooops + close(serversock); + break; default: return; } @@ -95,24 +105,24 @@ int main(int argc, char *argv[]) { sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) { - perror("ERROR opening socket"); + perror("# vulnserver_cov: ERROR opening socket"); exit(1); } int reuse = 1; if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEPORT, (const char *)&reuse, sizeof(reuse)) < 0) - perror("setsockopt(SO_REUSEPORT) failed"); + perror("# vulnserver_cov: setsockopt(SO_REUSEPORT) failed"); bzero((char *)&serv_addr, sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_addr.s_addr = INADDR_ANY; serv_addr.sin_port = htons(portno); - printf("Listening on port: %i\n", portno); + printf("# vulnserver_cov: Listening on port: %i\n", portno); /* Now bind the host address using bind() call.*/ if (bind(sockfd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0) { - perror("ERROR on binding"); + perror("# vulnserver_cov: ERROR on binding"); exit(1); } @@ -122,12 +132,12 @@ int main(int argc, char *argv[]) { while (1) { newsockfd = accept(sockfd, (struct sockaddr *)&cli_addr, &clilen); if (newsockfd < 0) { - perror("ERROR on accept"); + perror("# vulnserver_cov: ERROR on accept"); exit(1); } - printf("New client connected\n"); - doprocessing(newsockfd); - printf("Closing...\n"); + printf("# vulnserver_cov: New client connected\n"); + doprocessing(newsockfd, sockfd); + printf("# vulnserver_cov: Closing...\n"); shutdown(newsockfd, 2); close(newsockfd); } -- cgit v1.2.3 From 4612f676291c47a1a8344789c804a6a95c78df84 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 10 Jun 2019 11:32:20 +0200 Subject: make indent depend --- fuzz.c | 4 ++-- socketfuzzer.c | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/fuzz.c b/fuzz.c index 8aec2ccb..7416f087 100644 --- a/fuzz.c +++ b/fuzz.c @@ -441,11 +441,11 @@ static void fuzz_fuzzLoopSocket(run_t* run) { LOG_D("------[ 2: fetch input"); if (!fuzz_waitForExternalInput(run)) { /* Fuzzer could not connect to target, and told us to - restart it. Do it on the next iteration. + restart it. Do it on the next iteration. or: it crashed by fuzzing. Restart it too. */ LOG_D("------[ 2.1: Target down, will restart it"); - run->pid = 0; // make subproc_Run() restart it on next iteration + run->pid = 0; // make subproc_Run() restart it on next iteration return; } diff --git a/socketfuzzer.c b/socketfuzzer.c index 191d6580..58777424 100644 --- a/socketfuzzer.c +++ b/socketfuzzer.c @@ -31,7 +31,7 @@ bool fuzz_waitForExternalInput(run_t* run) { /* if the target crashed, we need to identify here and return false, so honggfuzz will restart it, and the fuzzing loop */ - if(run->crashFileName[0] != '\0') { + if (run->crashFileName[0] != '\0') { LOG_E("Target has crashed."); return false; } @@ -86,7 +86,6 @@ int fuzz_waitforSocketFuzzer(run_t* run) { kill(run->pid, SIGKILL); } exit(0); - } return 0; -- cgit v1.2.3 From 3cab1b321b27aad90e4982d37b6bcdbf16870574 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 10 Jun 2019 13:38:57 +0200 Subject: fuzz: use write barrier at the end of updating shared struct --- fuzz.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fuzz.c b/fuzz.c index 7416f087..5f36b403 100644 --- a/fuzz.c +++ b/fuzz.c @@ -192,6 +192,9 @@ static void fuzz_perfFeedback(run_t* run) { run->linux.hwCnts.newBBCnt, run->global->linux.hwCnts.bbCnt); MX_SCOPED_LOCK(&run->global->feedback.feedback_mutex); + defer { + wmb(); + }; uint64_t softCntPc = 0; uint64_t softCntEdge = 0; -- cgit v1.2.3 From 9c799bc803e752286d9de4ffb42f9d61506525ae Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 10 Jun 2019 20:51:44 +0200 Subject: libhfcommon: don't use barriers with atomics by default --- libhfcommon/util.h | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/libhfcommon/util.h b/libhfcommon/util.h index d71b3a70..fd389712 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -40,28 +40,28 @@ #define MX_RWLOCK_UNLOCK(m) util_mutexRWUnlock(m, __func__, __LINE__) /* Atomics */ -#define ATOMIC_GET(x) __atomic_load_n(&(x), __ATOMIC_SEQ_CST) -#define ATOMIC_SET(x, y) __atomic_store_n(&(x), y, __ATOMIC_SEQ_CST) -#define ATOMIC_CLEAR(x) __atomic_store_n(&(x), 0, __ATOMIC_SEQ_CST) -#define ATOMIC_XCHG(x, y) __atomic_exchange_n(&(x), y, __ATOMIC_SEQ_CST) +#define ATOMIC_GET(x) __atomic_load_n(&(x), __ATOMIC_RELAXED) +#define ATOMIC_SET(x, y) __atomic_store_n(&(x), y, __ATOMIC_RELAXED) +#define ATOMIC_CLEAR(x) __atomic_store_n(&(x), 0, __ATOMIC_RELAXED) +#define ATOMIC_XCHG(x, y) __atomic_exchange_n(&(x), y, __ATOMIC_RELAXED) -#define ATOMIC_PRE_INC(x) __atomic_add_fetch(&(x), 1, __ATOMIC_SEQ_CST) -#define ATOMIC_POST_INC(x) __atomic_fetch_add(&(x), 1, __ATOMIC_SEQ_CST) +#define ATOMIC_PRE_INC(x) __atomic_add_fetch(&(x), 1, __ATOMIC_RELAXED) +#define ATOMIC_POST_INC(x) __atomic_fetch_add(&(x), 1, __ATOMIC_RELAXED) -#define ATOMIC_PRE_DEC(x) __atomic_sub_fetch(&(x), 1, __ATOMIC_SEQ_CST) -#define ATOMIC_POST_DEC(x) __atomic_fetch_sub(&(x), 1, __ATOMIC_SEQ_CST) +#define ATOMIC_PRE_DEC(x) __atomic_sub_fetch(&(x), 1, __ATOMIC_RELAXED) +#define ATOMIC_POST_DEC(x) __atomic_fetch_sub(&(x), 1, __ATOMIC_RELAXED) -#define ATOMIC_PRE_ADD(x, y) __atomic_add_fetch(&(x), y, __ATOMIC_SEQ_CST) -#define ATOMIC_POST_ADD(x, y) __atomic_fetch_add(&(x), y, __ATOMIC_SEQ_CST) +#define ATOMIC_PRE_ADD(x, y) __atomic_add_fetch(&(x), y, __ATOMIC_RELAXED) +#define ATOMIC_POST_ADD(x, y) __atomic_fetch_add(&(x), y, __ATOMIC_RELAXED) -#define ATOMIC_PRE_SUB(x, y) __atomic_sub_fetch(&(x), y, __ATOMIC_SEQ_CST) -#define ATOMIC_POST_SUB(x, y) __atomic_fetch_sub(&(x), y, __ATOMIC_SEQ_CST) +#define ATOMIC_PRE_SUB(x, y) __atomic_sub_fetch(&(x), y, __ATOMIC_RELAXED) +#define ATOMIC_POST_SUB(x, y) __atomic_fetch_sub(&(x), y, __ATOMIC_RELAXED) -#define ATOMIC_PRE_AND(x, y) __atomic_and_fetch(&(x), y, __ATOMIC_SEQ_CST) -#define ATOMIC_POST_AND(x, y) __atomic_fetch_and(&(x), y, __ATOMIC_SEQ_CST) +#define ATOMIC_PRE_AND(x, y) __atomic_and_fetch(&(x), y, __ATOMIC_RELAXED) +#define ATOMIC_POST_AND(x, y) __atomic_fetch_and(&(x), y, __ATOMIC_RELAXED) -#define ATOMIC_PRE_OR(x, y) __atomic_or_fetch(&(x), y, __ATOMIC_SEQ_CST) -#define ATOMIC_POST_OR(x, y) __atomic_fetch_or(&(x), y, __ATOMIC_SEQ_CST) +#define ATOMIC_PRE_OR(x, y) __atomic_or_fetch(&(x), y, __ATOMIC_RELAXED) +#define ATOMIC_POST_OR(x, y) __atomic_fetch_or(&(x), y, __ATOMIC_RELAXED) #define ATOMIC_PRE_INC_RELAXED(x) __atomic_add_fetch(&(x), 1, __ATOMIC_RELAXED) #define ATOMIC_POST_OR_RELAXED(x, y) __atomic_fetch_or(&(x), y, __ATOMIC_RELAXED) -- cgit v1.2.3 From fbb08b00f2bbd3460a452302489a18241bcde54c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 18 Jun 2019 23:01:19 +0200 Subject: hfuzz-cc: test for --target-help --- hfuzz_cc/hfuzz-cc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index fe1f6e45..b91888ae 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -91,6 +91,9 @@ static bool isLDMode(int argc, char** argv) { if (strcmp(argv[i], "--version") == 0) { return false; } + if (strcmp(argv[i], "--target-help") == 0) { + return false; + } if (strcmp(argv[i], "-c") == 0) { return false; } -- cgit v1.2.3 From 69fff66b41409b5013613a2c52fdd335c830ddff Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 24 Jun 2019 14:22:58 +0200 Subject: macos: waiting for process group of -pid doesn't seem reliable --- mac/arch.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/mac/arch.c b/mac/arch.c index d641cea8..d50d8f1c 100644 --- a/mac/arch.c +++ b/mac/arch.c @@ -361,8 +361,7 @@ static bool arch_checkWait(run_t* run) { /* All queued wait events must be tested when SIGCHLD was delivered */ for (;;) { int status; - /* Wait for the whole process group of run->pid */ - pid_t pid = TEMP_FAILURE_RETRY(wait4(-(run->pid), &status, WNOHANG, NULL)); + pid_t pid = TEMP_FAILURE_RETRY(wait4(run->pid, &status, WNOHANG, NULL)); if (pid == 0) { return false; } -- cgit v1.2.3 From 589a9fb92c843ce5d44645e58457f7c041a33238 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 27 Jun 2019 11:20:32 +0200 Subject: readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 192d2730..4087598d 100644 --- a/README.md +++ b/README.md @@ -85,6 +85,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * A couple of problems in the [__MATLAB MAT File I/O Library__](https://sourceforge.net/projects/matio): [#1](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#2](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#3](https://github.com/tbeu/matio/commit/a55b9c2c01582b712d5a643699a13b5c41687db1), [#4](https://github.com/tbeu/matio/commit/3e6283f37652e29e457ab9467f7738a562594b6b), [#5](https://github.com/tbeu/matio/commit/783ee496a6914df68e77e6019054ad91e8ed6420) * [Samba's tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206) * [Crash in __djvulibre__](https://github.com/barak/djvulibre/commit/89d71b01d606e57ecec2c2930c145bb20ba5bbe3) + * [Multiple crashes in __VLC__](https://www.pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to/) * __Rust__: * panic() in regex [#1](https://github.com/rust-lang/regex/issues/464), [#2](https://github.com/rust-lang/regex/issues/465), [#3](https://github.com/rust-lang/regex/issues/465#issuecomment-381412816) * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) -- cgit v1.2.3 From e6f68ea7f90cc8cdd7e9084693a811d19f1942ab Mon Sep 17 00:00:00 2001 From: houjingyi Date: Thu, 11 Jul 2019 10:46:41 +0000 Subject: Update USAGE.md update Options --- docs/USAGE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/USAGE.md b/docs/USAGE.md index 71c65ac1..b85999e0 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -77,8 +77,8 @@ Options: Disable ANSI console; use simple log output --verifier|-V Enable crashes verifier - --debug_level|-d VALUE - Debug level (0 - FATAL ... 4 - DEBUG), (default: '3' [INFO]) + --debug|-d + Show debug messages (level >= 4) --extension|-e VALUE Input file extension (e.g. 'swf'), (default: 'fuzz') --workspace|-W VALUE -- cgit v1.2.3 From 13506bbe9dabe5cb6e9cc8c355ee248883de1a0a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 16 Jul 2019 13:43:41 +0200 Subject: cmdline: correct value for -F --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index df54e535..09bde191 100644 --- a/cmdline.c +++ b/cmdline.c @@ -429,7 +429,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "rlimit_data", required_argument, NULL, 0x102 }, "Per process RLIMIT_DATA in MiB (default: 0 [no limit])" }, { { "rlimit_core", required_argument, NULL, 0x103 }, "Per process RLIMIT_CORE in MiB (default: 0 [no cores are produced])" }, { { "report", required_argument, NULL, 'R' }, "Write report to this file (default: '/" _HF_REPORT_FILE "')" }, - { { "max_file_size", required_argument, NULL, 'F' }, "Maximal size of files processed by the fuzzer in bytes (default: 1048576)" }, + { { "max_file_size", required_argument, NULL, 'F' }, "Maximal size of files processed by the fuzzer in bytes (default: 134217728 = 128MB)" }, { { "clear_env", no_argument, NULL, 0x108 }, "Clear all environment variables before executing the binary" }, { { "env", required_argument, NULL, 'E' }, "Pass this environment variable, can be used multiple times" }, { { "save_all", no_argument, NULL, 'u' }, "Save all test-cases (not only the unique ones) by appending the current time-stamp to the filenames" }, -- cgit v1.2.3 From de7917b475c8573f8b97d71b9fcd93acbd1dad41 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 16 Jul 2019 14:35:02 +0200 Subject: Update README --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 4087598d..c53b9d8a 100644 --- a/README.md +++ b/README.md @@ -86,6 +86,8 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [Samba's tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206) * [Crash in __djvulibre__](https://github.com/barak/djvulibre/commit/89d71b01d606e57ecec2c2930c145bb20ba5bbe3) * [Multiple crashes in __VLC__](https://www.pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to/) + * [Buffer overflow in __ClassiCube__](https://github.com/UnknownShadow200/ClassiCube/issues/591) + * [Crash in __MPV__](https://github.com/mpv-player/mpv/issues/6808) * __Rust__: * panic() in regex [#1](https://github.com/rust-lang/regex/issues/464), [#2](https://github.com/rust-lang/regex/issues/465), [#3](https://github.com/rust-lang/regex/issues/465#issuecomment-381412816) * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) @@ -109,12 +111,14 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__honggfuzz-rs__: fuzzing Rust with Honggfuzz](https://github.com/rust-fuzz/honggfuzz-rs) * [__roughenough-fuzz__](https://github.com/int08h/roughenough-fuzz) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) + * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) * [__Monkey__: a HTTP server](https://github.com/monkey/monkey/blob/master/FUZZ.md) * [__Killerbeez API__](https://github.com/grimm-co/killerbeez-mutators) * [__FuzzM__: a gray box model-based fuzzing framework](https://github.com/collins-research/FuzzM) * [__FuzzOS__: by Mozilla Security](https://github.com/MozillaSecurity/fuzzos) * [__Android__: by OHA](https://android.googlesource.com/platform/external/honggfuzz) * [__QDBI__: by Quarkslab](https://project.inria.fr/FranceJapanICST/files/2019/04/19-Kyoto-Fuzzing_Binaries_using_Dynamic_Instrumentation.pdf) + * [__fuzzer-test-suite__: by Google](https://github.com/google/fuzzer-test-suite) ## Examples -- cgit v1.2.3 From f059cb2fc8cc4f6335cab2c16115c494d30286a9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 17 Jul 2019 15:47:21 +0200 Subject: libhfuzz: use atomics for guard getting/setting --- libhfuzz/instrument.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index ddaf5315..6b157820 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -333,14 +333,14 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard(uint32_t* guard) return; } #endif /* defined(__ANDROID__) */ - if (*guard == 0U) { + if (ATOMIC_GET(*guard) == 0U) { return; } bool prev = ATOMIC_XCHG(feedback->pcGuardMap[*guard], true); if (prev == false) { ATOMIC_PRE_INC_RELAXED(feedback->pidFeedbackEdge[my_thread_no]); } - *guard = 0U; + ATOMIC_SET(*guard, 0U); } void instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { -- cgit v1.2.3 From 98c82fa4ee1e1df88bb46999cfb793bad7ccef81 Mon Sep 17 00:00:00 2001 From: Guillaume Weghsteen Date: Wed, 17 Jul 2019 16:40:28 +0200 Subject: add new statistic collection add crashes count and timeouted count to the final summary add new_units_added libfuzzer like statitic - counts the number of new samples added in the corpus during this run because of new coverage found. add slowest unit - after each round, update the timeOfLongestUnitInMilliseconds if the round was more than 10% slower than the slowest one so far and above option threshold (default: 10s). Timeouts are not considered. print the statistics in the final summary. The slowest unit value will always be 0 if under the threshold defined in the options. --- cmdline.c | 8 +++++++- fuzz.c | 2 ++ honggfuzz.c | 8 ++++++-- honggfuzz.h | 3 +++ subproc.c | 6 ++++++ 5 files changed, 24 insertions(+), 3 deletions(-) diff --git a/cmdline.c b/cmdline.c index df54e535..f152f4fc 100644 --- a/cmdline.c +++ b/cmdline.c @@ -288,8 +288,9 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .timeStart = time(NULL), .runEndTime = 0, .tmOut = 10, - .tmoutVTALRM = false, .lastCovUpdate = time(NULL), + .timeOfLongestUnitInMilliseconds = 0, + .tmoutVTALRM = false, }, .mutate = { @@ -312,6 +313,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .report_mutex = PTHREAD_MUTEX_INITIALIZER, .reportFile = NULL, .dynFileIterExpire = 0, + .reportSlowUnits = 10000LL, #if defined(__ANDROID__) .monitorSIGABRT = false, #else @@ -441,6 +443,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "socket_fuzzer", no_argument, NULL, 0x10B }, "Instrument external fuzzer via socket" }, { { "netdriver", no_argument, NULL, 0x10C }, "Use netdriver (libhfnetdriver/). In most cases it will be autodetected through a binary signature" }, { { "only_printable", no_argument, NULL, 'o' }, "Only generate printable inputs" }, + { { "report_slow_units", required_argument, NULL, 0x10D}, "Report slowest units if they run for more than this number of milliseconds (default: 10'000)"}, #if defined(_HF_ARCH_LINUX) { { "linux_symbols_bl", required_argument, NULL, 0x504 }, "Symbols blacklist filter file (one entry per line)" }, @@ -564,6 +567,9 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { case 'R': hfuzz->cfg.reportFile = optarg; break; + case 0x10D: + hfuzz->cfg.reportSlowUnits = strtoll(optarg, NULL, 10); + break; case 'n': if (optarg[0] == 'a') { long ncpus = sysconf(_SC_NPROCESSORS_ONLN); diff --git a/fuzz.c b/fuzz.c index 5f36b403..256d707e 100644 --- a/fuzz.c +++ b/fuzz.c @@ -120,6 +120,7 @@ static void fuzz_addFileToFileQ(honggfuzz_t* hfuzz, const uint8_t* data, size_t MX_SCOPED_RWLOCK_WRITE(&hfuzz->io.dynfileq_mutex); TAILQ_INSERT_TAIL(&hfuzz->io.dynfileq, dynfile, pointers); hfuzz->io.dynfileqCnt++; + hfuzz->io.new_units_added++; if (hfuzz->socketFuzzer.enabled) { /* Don't add coverage data to files in socketFuzzer mode */ @@ -168,6 +169,7 @@ static void fuzz_setDynamicMainState(run_t* run) { LOG_I("Entering phase 3/3: Dynamic Main (Feedback Driven Mode)"); snprintf(run->origFileName, sizeof(run->origFileName), "[DYNAMIC]"); + run->global->io.new_units_added = 0; ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MAIN); /* diff --git a/honggfuzz.c b/honggfuzz.c index 4a3eb741..93bba8dd 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -189,8 +189,12 @@ static void printSummary(honggfuzz_t* hfuzz) { if (elapsed_sec) { exec_per_sec = hfuzz->cnts.mutationsCnt / elapsed_sec; } - LOG_I("Summary iterations:%zu time:%" PRIu64 " speed:%" PRIu64, hfuzz->cnts.mutationsCnt, - elapsed_sec, exec_per_sec); + LOG_I("Summary iterations:%zu time:%" PRIu64 " speed:%" PRIu64 " " + "crashes_count:%zu timeout_count:%zu new_units_added:%zu " + "slowest_unit_ms:%" PRId64 , + hfuzz->cnts.mutationsCnt, elapsed_sec, exec_per_sec, + hfuzz->cnts.crashesCnt, hfuzz->cnts.timeoutedCnt, hfuzz->io.new_units_added, + hfuzz->timing.timeOfLongestUnitInMilliseconds); } static void pingThreads(honggfuzz_t* hfuzz) { diff --git a/honggfuzz.h b/honggfuzz.h index d0a219e6..0d9f6db2 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -191,6 +191,7 @@ typedef struct { size_t fileCnt; const char* fileExtn; bool fileCntDone; + size_t new_units_added; const char* workDir; const char* crashDir; const char* covDirAll; @@ -223,6 +224,7 @@ typedef struct { time_t runEndTime; time_t tmOut; time_t lastCovUpdate; + int64_t timeOfLongestUnitInMilliseconds; bool tmoutVTALRM; } timing; struct { @@ -245,6 +247,7 @@ typedef struct { pthread_mutex_t report_mutex; bool monitorSIGABRT; size_t dynFileIterExpire; + int64_t reportSlowUnits; bool only_printable; } cfg; struct { diff --git a/subproc.c b/subproc.c index aeb23c79..c01c3639 100644 --- a/subproc.c +++ b/subproc.c @@ -173,6 +173,12 @@ bool subproc_persistentModeStateMachine(run_t* run) { if (!subproc_persistentGetReady(run)) { return false; } + int64_t curMillis = util_timeNowMillis(); + int64_t diffMillis = curMillis - run->timeStartedMillis; + if (diffMillis > (ATOMIC_GET(run->global->timing.timeOfLongestUnitInMilliseconds) * 1.1) && diffMillis > run->global->cfg.reportSlowUnits) { + LOG_D("Found new slowest unit, runs in %" PRId64 " ms", diffMillis); + ATOMIC_SET(run->global->timing.timeOfLongestUnitInMilliseconds, diffMillis); + } run->runState = _HF_RS_SEND_DATA; /* The current persistent round is done */ return true; -- cgit v1.2.3 From e666d7a1b5d7d217985784976adb427c1f251778 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 27 Jul 2019 19:52:32 +0200 Subject: fuzz: correct 'Terminating thread' msg --- fuzz.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fuzz.c b/fuzz.c index 5f36b403..4a59902a 100644 --- a/fuzz.c +++ b/fuzz.c @@ -534,9 +534,8 @@ static void* fuzz_threadNew(void* arg) { kill(run.pid, SIGKILL); } - LOG_I("Terminating thread no. #%" PRId32 ", left: %zu", fuzzNo, - hfuzz->threads.threadsMax - ATOMIC_GET(run.global->threads.threadsFinished)); - ATOMIC_POST_INC(run.global->threads.threadsFinished); + size_t j = ATOMIC_PRE_INC(run.global->threads.threadsFinished); + LOG_I("Terminating thread no. #%" PRId32 ", left: %zu", fuzzNo, hfuzz->threads.threadsMax - j); return NULL; } -- cgit v1.2.3 From 1d05642b768bcea833877d56faebd29081edd208 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 30 Jul 2019 00:06:47 +0200 Subject: readme: +crashes --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c53b9d8a..6509aaa8 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * panic() in sleep-parser [#1](https://github.com/datrs/sleep-parser/issues/3) * panic() in lewton [#1](https://github.com/RustAudio/lewton/issues/27) * panic()/DoS in Ethereum-Parity [#1](https://srlabs.de/bites/ethereum_dos/) + * crashes in rust-bitcoin/rust-lightning [#1](https://github.com/rust-bitcoin/rust-lightning/commit/a9aa3c37fe182dd266e0faebc788e0c9ee724783) * ... and more ## Projects utilizing Honggfuzz -- cgit v1.2.3 From 06b6a060d502701f1b1a73b97753ce4f1e33f070 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 30 Jul 2019 14:05:34 +0200 Subject: libhfuzz: make sure that the feedback structure is mmap()'d before guards are set --- libhfuzz/instrument.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 6b157820..c91d99be 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -40,7 +40,7 @@ static feedback_t bbMapFb; feedback_t* feedback = &bbMapFb; uint32_t my_thread_no = 0; -__attribute__((constructor)) static void initializeInstrument(void) { +static void initializeInstrument(void) { if (fcntl(_HF_LOG_FD, F_GETFD) != -1) { enum llevel_t ll = INFO; const char* llstr = getenv(_HF_LOG_LEVEL_ENV); @@ -82,6 +82,11 @@ __attribute__((constructor)) static void initializeInstrument(void) { instrumentClearNewCov(); } +static __thread pthread_once_t localInitOnce = PTHREAD_ONCE_INIT; +__attribute__((constructor)) void localInit(void) { + pthread_once(&localInitOnce, initializeInstrument); +} + /* Reset the counters of newly discovered edges/pcs/features */ void instrumentClearNewCov() { feedback->pidFeedbackPc[my_thread_no] = 0U; @@ -292,14 +297,17 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard_init( uint32_t* start, uint32_t* stop) { guards_initialized = true; static uint32_t n = 1U; + + /* Make sure that the feedback struct is mmapped */ + localInit(); + for (uint32_t* x = start; x < stop; x++, n++) { if (n >= _HF_PC_GUARD_MAX) { LOG_F("This process has too many PC guards:%" PRIu32 " (current module:%tu start:%p stop:%p)\n", n, ((uintptr_t)stop - (uintptr_t)start) / sizeof(start), start, stop); } - /* If the corresponding PC was already hit, map this specific guard as non-interesting (0) - */ + /* If the corresponding PC was already hit, map this specific guard as uniteresting (0) */ *x = ATOMIC_GET(feedback->pcGuardMap[n]) ? 0U : n; } } -- cgit v1.2.3 From 8eda3d3c985a7aae67a7b52373962c383bd7fe9c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 30 Jul 2019 14:11:04 +0200 Subject: libhfuzz: typos --- libhfuzz/instrument.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index c91d99be..399293f7 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -298,7 +298,7 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard_init( guards_initialized = true; static uint32_t n = 1U; - /* Make sure that the feedback struct is mmapped */ + /* Make sure that the feedback struct is already mmap()'d */ localInit(); for (uint32_t* x = start; x < stop; x++, n++) { @@ -307,7 +307,7 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard_init( " (current module:%tu start:%p stop:%p)\n", n, ((uintptr_t)stop - (uintptr_t)start) / sizeof(start), start, stop); } - /* If the corresponding PC was already hit, map this specific guard as uniteresting (0) */ + /* If the corresponding PC was already hit, map this specific guard as uninteresting (0) */ *x = ATOMIC_GET(feedback->pcGuardMap[n]) ? 0U : n; } } -- cgit v1.2.3 From 31ef51c864fba0befb06e35aac9a4f7f4dcb8f8f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 30 Jul 2019 16:41:43 +0200 Subject: honggfuzz.h: make naming of truct params conform to the similar convention --- cmdline.c | 1 + fuzz.c | 11 ++++++----- honggfuzz.c | 8 ++++---- honggfuzz.h | 2 +- subproc.c | 4 +++- 5 files changed, 15 insertions(+), 11 deletions(-) diff --git a/cmdline.c b/cmdline.c index e9239c84..db8d4478 100644 --- a/cmdline.c +++ b/cmdline.c @@ -257,6 +257,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .inputDirPtr = NULL, .fileCnt = 0, .fileCntDone = false, + .newUnitsAdded = 0, .fileExtn = "fuzz", .workDir = NULL, .crashDir = NULL, diff --git a/fuzz.c b/fuzz.c index 78304bc8..1d595aed 100644 --- a/fuzz.c +++ b/fuzz.c @@ -120,7 +120,6 @@ static void fuzz_addFileToFileQ(honggfuzz_t* hfuzz, const uint8_t* data, size_t MX_SCOPED_RWLOCK_WRITE(&hfuzz->io.dynfileq_mutex); TAILQ_INSERT_TAIL(&hfuzz->io.dynfileq, dynfile, pointers); hfuzz->io.dynfileqCnt++; - hfuzz->io.new_units_added++; if (hfuzz->socketFuzzer.enabled) { /* Don't add coverage data to files in socketFuzzer mode */ @@ -131,12 +130,15 @@ static void fuzz_addFileToFileQ(honggfuzz_t* hfuzz, const uint8_t* data, size_t LOG_E("Couldn't save the coverage data to '%s'", hfuzz->io.covDirAll); } - /* No need to add files to the new coverage dir, if this is just the dry-run phase */ - if (fuzz_getState(hfuzz) == _HF_STATE_DYNAMIC_DRY_RUN || hfuzz->io.covDirNew == NULL) { + /* No need to add files to the new coverage dir, if it's not the main phase */ + if (fuzz_getState(hfuzz) == _HF_STATE_DYNAMIC_DRY_RUN || + fuzz_getState(hfuzz) == _HF_STATE_DYNAMIC_SWITCH_TO_MAIN) { return; } - if (!fuzz_writeCovFile(hfuzz->io.covDirNew, data, len)) { + hfuzz->io.newUnitsAdded++; + + if (hfuzz->io.covDirNew && !fuzz_writeCovFile(hfuzz->io.covDirNew, data, len)) { LOG_E("Couldn't save the new coverage data to '%s'", hfuzz->io.covDirNew); } } @@ -169,7 +171,6 @@ static void fuzz_setDynamicMainState(run_t* run) { LOG_I("Entering phase 3/3: Dynamic Main (Feedback Driven Mode)"); snprintf(run->origFileName, sizeof(run->origFileName), "[DYNAMIC]"); - run->global->io.new_units_added = 0; ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MAIN); /* diff --git a/honggfuzz.c b/honggfuzz.c index 93bba8dd..28a7a564 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -191,10 +191,10 @@ static void printSummary(honggfuzz_t* hfuzz) { } LOG_I("Summary iterations:%zu time:%" PRIu64 " speed:%" PRIu64 " " "crashes_count:%zu timeout_count:%zu new_units_added:%zu " - "slowest_unit_ms:%" PRId64 , - hfuzz->cnts.mutationsCnt, elapsed_sec, exec_per_sec, - hfuzz->cnts.crashesCnt, hfuzz->cnts.timeoutedCnt, hfuzz->io.new_units_added, - hfuzz->timing.timeOfLongestUnitInMilliseconds); + "slowest_unit_ms:%" PRId64, + hfuzz->cnts.mutationsCnt, elapsed_sec, exec_per_sec, hfuzz->cnts.crashesCnt, + hfuzz->cnts.timeoutedCnt, hfuzz->io.newUnitsAdded, + hfuzz->timing.timeOfLongestUnitInMilliseconds); } static void pingThreads(honggfuzz_t* hfuzz) { diff --git a/honggfuzz.h b/honggfuzz.h index 0d9f6db2..d84a74d9 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -191,7 +191,7 @@ typedef struct { size_t fileCnt; const char* fileExtn; bool fileCntDone; - size_t new_units_added; + size_t newUnitsAdded; const char* workDir; const char* crashDir; const char* covDirAll; diff --git a/subproc.c b/subproc.c index c01c3639..2762e74a 100644 --- a/subproc.c +++ b/subproc.c @@ -175,7 +175,9 @@ bool subproc_persistentModeStateMachine(run_t* run) { } int64_t curMillis = util_timeNowMillis(); int64_t diffMillis = curMillis - run->timeStartedMillis; - if (diffMillis > (ATOMIC_GET(run->global->timing.timeOfLongestUnitInMilliseconds) * 1.1) && diffMillis > run->global->cfg.reportSlowUnits) { + if (diffMillis > + (ATOMIC_GET(run->global->timing.timeOfLongestUnitInMilliseconds) * 1.1) && + diffMillis > run->global->cfg.reportSlowUnits) { LOG_D("Found new slowest unit, runs in %" PRId64 " ms", diffMillis); ATOMIC_SET(run->global->timing.timeOfLongestUnitInMilliseconds, diffMillis); } -- cgit v1.2.3 From 9564fd085027b52b999bfe1b686c591487ff38b4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 30 Jul 2019 22:19:04 +0200 Subject: fuzz: simplify state check --- fuzz.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fuzz.c b/fuzz.c index 1d595aed..47d57325 100644 --- a/fuzz.c +++ b/fuzz.c @@ -131,8 +131,7 @@ static void fuzz_addFileToFileQ(honggfuzz_t* hfuzz, const uint8_t* data, size_t } /* No need to add files to the new coverage dir, if it's not the main phase */ - if (fuzz_getState(hfuzz) == _HF_STATE_DYNAMIC_DRY_RUN || - fuzz_getState(hfuzz) == _HF_STATE_DYNAMIC_SWITCH_TO_MAIN) { + if (fuzz_getState(hfuzz) != _HF_STATE_DYNAMIC_MAIN) { return; } -- cgit v1.2.3 From 76191f2c2ecfdfccf7d1453b5f08d7adf7016015 Mon Sep 17 00:00:00 2001 From: Guillaume Weghsteen Date: Wed, 31 Jul 2019 15:14:20 +0200 Subject: add branch_coverage_percent and guard_nb statistics --- honggfuzz.c | 6 ++++-- honggfuzz.h | 1 + libhfuzz/instrument.c | 5 +++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/honggfuzz.c b/honggfuzz.c index 28a7a564..b8016f96 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -189,12 +189,14 @@ static void printSummary(honggfuzz_t* hfuzz) { if (elapsed_sec) { exec_per_sec = hfuzz->cnts.mutationsCnt / elapsed_sec; } + uint64_t branch_percent_cov = (100*hfuzz->linux.hwCnts.softCntEdge) / hfuzz->feedback.feedbackMap->guardNb; LOG_I("Summary iterations:%zu time:%" PRIu64 " speed:%" PRIu64 " " "crashes_count:%zu timeout_count:%zu new_units_added:%zu " - "slowest_unit_ms:%" PRId64, + "slowest_unit_ms:%" PRId64 " guard_nb:%" PRIu64 " branch_coverage_percent:%" PRIu64, hfuzz->cnts.mutationsCnt, elapsed_sec, exec_per_sec, hfuzz->cnts.crashesCnt, hfuzz->cnts.timeoutedCnt, hfuzz->io.newUnitsAdded, - hfuzz->timing.timeOfLongestUnitInMilliseconds); + hfuzz->timing.timeOfLongestUnitInMilliseconds, hfuzz->feedback.feedbackMap->guardNb, + branch_percent_cov); } static void pingThreads(honggfuzz_t* hfuzz) { diff --git a/honggfuzz.h b/honggfuzz.h index d84a74d9..95bdefcb 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -174,6 +174,7 @@ typedef struct { uint64_t pidFeedbackPc[_HF_THREAD_MAX]; uint64_t pidFeedbackEdge[_HF_THREAD_MAX]; uint64_t pidFeedbackCmp[_HF_THREAD_MAX]; + uint64_t guardNb; } feedback_t; typedef struct { diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 399293f7..77166fc3 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -310,6 +310,11 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard_init( /* If the corresponding PC was already hit, map this specific guard as uninteresting (0) */ *x = ATOMIC_GET(feedback->pcGuardMap[n]) ? 0U : n; } + + /*stores the number of guards for statistics purpose*/ + if (ATOMIC_GET(feedback->guardNb) < n-1){ + ATOMIC_SET(feedback->guardNb, n-1); + } } ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { -- cgit v1.2.3 From 5eba4d28355e235a797fb4b6da433d3fb7e3d6dc Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 2 Aug 2019 14:26:52 +0200 Subject: display: display number of total guards --- display.c | 4 +++- honggfuzz.c | 3 ++- libhfuzz/instrument.c | 6 +++--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/display.c b/display.c index 9aee3beb..e26336cc 100644 --- a/display.c +++ b/display.c @@ -249,7 +249,9 @@ static void display_displayLocked(honggfuzz_t* hfuzz) { uint64_t softCntPc = ATOMIC_GET(hfuzz->linux.hwCnts.softCntPc); uint64_t softCntEdge = ATOMIC_GET(hfuzz->linux.hwCnts.softCntEdge); uint64_t softCntCmp = ATOMIC_GET(hfuzz->linux.hwCnts.softCntCmp); - display_put(" edge: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntEdge); + display_put(" edge: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET "/" ESC_BOLD + "%" _HF_NONMON_SEP PRIu64 ESC_RESET, + softCntEdge, hfuzz->feedback.feedbackMap->guardNb); display_put(" pc: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntPc); display_put(" cmp: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntCmp); } diff --git a/honggfuzz.c b/honggfuzz.c index b8016f96..804ae17f 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -189,7 +189,8 @@ static void printSummary(honggfuzz_t* hfuzz) { if (elapsed_sec) { exec_per_sec = hfuzz->cnts.mutationsCnt / elapsed_sec; } - uint64_t branch_percent_cov = (100*hfuzz->linux.hwCnts.softCntEdge) / hfuzz->feedback.feedbackMap->guardNb; + uint64_t branch_percent_cov = + (100 * hfuzz->linux.hwCnts.softCntEdge) / hfuzz->feedback.feedbackMap->guardNb; LOG_I("Summary iterations:%zu time:%" PRIu64 " speed:%" PRIu64 " " "crashes_count:%zu timeout_count:%zu new_units_added:%zu " "slowest_unit_ms:%" PRId64 " guard_nb:%" PRIu64 " branch_coverage_percent:%" PRIu64, diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 77166fc3..e0c64892 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -311,9 +311,9 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard_init( *x = ATOMIC_GET(feedback->pcGuardMap[n]) ? 0U : n; } - /*stores the number of guards for statistics purpose*/ - if (ATOMIC_GET(feedback->guardNb) < n-1){ - ATOMIC_SET(feedback->guardNb, n-1); + /* Store number of guards for statistical purposes */ + if (ATOMIC_GET(feedback->guardNb) < n - 1) { + ATOMIC_SET(feedback->guardNb, n - 1); } } -- cgit v1.2.3 From 73a3e7583db711ade72518d0e78d8b7fa1d3e945 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 2 Aug 2019 14:29:31 +0200 Subject: honggfuzz.c: stats - avoid divbyzero --- honggfuzz.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/honggfuzz.c b/honggfuzz.c index 804ae17f..5a5a0953 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -190,7 +190,9 @@ static void printSummary(honggfuzz_t* hfuzz) { exec_per_sec = hfuzz->cnts.mutationsCnt / elapsed_sec; } uint64_t branch_percent_cov = - (100 * hfuzz->linux.hwCnts.softCntEdge) / hfuzz->feedback.feedbackMap->guardNb; + hfuzz->feedback.feedbackMap->guardNb + ? ((100 * hfuzz->linux.hwCnts.softCntEdge) / hfuzz->feedback.feedbackMap->guardNb) + : 0; LOG_I("Summary iterations:%zu time:%" PRIu64 " speed:%" PRIu64 " " "crashes_count:%zu timeout_count:%zu new_units_added:%zu " "slowest_unit_ms:%" PRId64 " guard_nb:%" PRIu64 " branch_coverage_percent:%" PRIu64, -- cgit v1.2.3 From 20c4544ac90c65717a1c0657065d7e501e1c6390 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 2 Aug 2019 15:13:41 +0200 Subject: examples/bind: patch for 9.15.2 --- examples/bind/bind-9.15.2.patch | 390 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 390 insertions(+) create mode 100644 examples/bind/bind-9.15.2.patch diff --git a/examples/bind/bind-9.15.2.patch b/examples/bind/bind-9.15.2.patch new file mode 100644 index 00000000..abffa849 --- /dev/null +++ b/examples/bind/bind-9.15.2.patch @@ -0,0 +1,390 @@ +diff -Nur ORIG.bind-9.15.2/bin/named/main.c bind-9.15.2/bin/named/main.c +--- ORIG.bind-9.15.2/bin/named/main.c 2019-07-10 17:00:29.000000000 +0200 ++++ bind-9.15.2/bin/named/main.c 2019-08-02 15:11:53.841464756 +0200 +@@ -1382,11 +1382,285 @@ + } + #endif /* HAVE_LIBSCF */ + ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static void enter_namespaces(void) ++{ ++ if (linuxEnterNs(CLONE_NEWUSER | CLONE_NEWNET | CLONE_NEWNS | CLONE_NEWIPC) == false) { ++ exit(1); ++ } ++ if (linuxIfaceUp("lo") == false) { ++ exit(1); ++ } ++ if (linuxMountTmpfs("/tmp") == false) { ++ exit(1); ++ } ++} ++ ++static size_t rlen = 0; ++static const uint8_t* rbuf = NULL; ++ ++__attribute__((no_sanitize("memory"))) ++__attribute__((no_sanitize("address"))) static void* ++bind_thr(void* unused __attribute__((unused))) ++{ ++ while (!named_g_run_done) { ++ usleep(300000); ++ } ++ ++ int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); ++ if (myfd == -1) { ++ perror("socket"); ++ exit(1); ++ } ++ int val = 1; ++ if (setsockopt(myfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) { ++ perror("setsockopt(SO_REUSEADDR)"); ++ } ++ ++ const struct sockaddr_in saddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(53), ++ .sin_addr.s_addr = inet_addr("127.0.0.2"), ++ }; ++ if (bind(myfd, &saddr, sizeof(saddr)) == -1) { ++ perror("bind"); ++ exit(1); ++ } ++ ++ if (listen(myfd, SOMAXCONN) == -1) { ++ perror("listen"); ++ exit(1); ++ } ++ ++ for (;;) { ++ struct sockaddr_in cli; ++ socklen_t cli_len = sizeof(cli); ++ ++ int nfd = accept(myfd, &cli, &cli_len); ++ if (nfd == -1) { ++ perror("accept"); ++ exit(1); ++ } ++ ++ static char b[1024 * 1024]; ++ ssize_t sz = recv(nfd, b, sizeof(b), 0); ++ if (sz <= 0) { ++ perror("recv"); ++ _exit(1); ++ } ++ if (sz < 4) { ++ close(nfd); ++ continue; ++ } ++ if (rlen < 1) { ++ close(nfd); ++ continue; ++ } ++ ++ /* It's a response, so set QR bit to 1 */ ++ uint8_t qr = rbuf[0] | 0x80; ++ ++ uint16_t t_l = htons(rlen + 2); ++ const struct iovec iov[] = { ++ { ++ .iov_base = &t_l, ++ .iov_len = sizeof(t_l), ++ }, ++ { ++ .iov_base = &b[2], ++ .iov_len = 2, ++ }, ++ { ++ .iov_base = &qr, ++ .iov_len = 1, ++ }, ++ { ++ .iov_base = (void*)&rbuf[1], ++ .iov_len = rlen - 1, ++ }, ++ }; ++ ++ if (writev(nfd, iov, 4) == -1) { ++ perror("writev() failed"); ++ } ++ ++ close(nfd); ++ } ++ ++ return NULL; ++} ++ ++static void rndloop(int sock) ++{ ++ const struct sockaddr_in bsaddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(0), ++ .sin_addr.s_addr = htonl((((uint32_t)util_rnd64()) & 0x00FFFFFF) | 0x7F000000), ++ }; ++ if (bind(sock, (const struct sockaddr*)&bsaddr, sizeof(bsaddr)) == -1) { ++ perror("bind"); ++ } ++} ++ ++__attribute__((no_sanitize("memory"))) ++__attribute__((no_sanitize("address"))) static void* ++connect_thr(void* unused __attribute__((unused))) ++{ ++ while (!named_g_run_done) { ++ usleep(300000); ++ } ++ ++ for (;;) { ++ int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); ++ if (myfd == -1) { ++ perror("socket"); ++ exit(1); ++ } ++ int val = 1; ++ if (setsockopt(myfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) { ++ perror("setsockopt(SO_REUSEADDR)"); ++ } ++ ++ rndloop(myfd); ++ ++ const struct sockaddr_in saddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(53), ++ .sin_addr.s_addr = htonl(INADDR_LOOPBACK), ++ }; ++ if (connect(myfd, &saddr, sizeof(saddr)) == -1) { ++ close(myfd); ++ continue; ++ } ++ ++ const uint8_t* buf; ++ size_t len; ++ ++ if (named_g_fuzz_type == isc_fuzz_client) { ++ HF_ITER(&buf, &len); ++ ++ rlen = 0; ++ rbuf = NULL; ++ ++ if (len < 32) { ++ close(myfd); ++ continue; ++ } ++ ++ uint32_t tmplen = *((const uint32_t*)buf); ++ ++ buf = &buf[sizeof(uint32_t)]; ++ len -= sizeof(uint32_t); ++ ++ tmplen %= len; ++ ++ rbuf = &buf[tmplen]; ++ rlen = len - tmplen; ++ len = tmplen; ++ } else { ++ static const uint8_t qbuf[] = { ++ 0x88, 0x0c, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x01, 0x0a, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, ++ 0x61, 0x61, 0x61, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, ++ 0x65, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x29, 0x10, ++ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00 ++ }; ++ buf = qbuf; ++ len = sizeof(qbuf); ++ HF_ITER(&rbuf, &rlen); ++ } ++ ++ uint16_t t_l = htons(len); ++ const struct iovec iov[] = { ++ { ++ .iov_base = &t_l, ++ .iov_len = sizeof(t_l), ++ }, ++ { ++ .iov_base = (void*)buf, ++ .iov_len = len, ++ }, ++ }; ++ ++ if (writev(myfd, iov, 2) == -1) { ++ perror("write"); ++ close(myfd); ++ continue; ++ } ++ ++ if (shutdown(myfd, SHUT_WR) == -1) { ++ if (errno == ENOTCONN) { ++ close(myfd); ++ continue; ++ } ++ perror("shutdown"); ++ _exit(1); ++ } ++ ++ uint8_t b[1024 * 512]; ++ while (recv(myfd, b, sizeof(b), 0) > 0) ++ ; ++ close(myfd); ++ } ++} ++ ++static void launch_thr(void) ++{ ++ pthread_attr_t attr; ++ pthread_attr_init(&attr); ++ pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); ++ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); ++ ++ pthread_t t; ++ if (pthread_create(&t, &attr, bind_thr, NULL) < 0) { ++ perror("pthread_create(bind_thr)"); ++ exit(1); ++ } ++ ++ pthread_attr_init(&attr); ++ pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); ++ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); ++ if (pthread_create(&t, &attr, connect_thr, NULL) < 0) { ++ perror("pthread_create(connect_thr)"); ++ exit(1); ++ } ++} ++ + /* main entry point, possibly hooked */ + +-int +-main(int argc, char *argv[]) { +- isc_result_t result; ++int main(int argc, char* argv[]) ++{ ++ if (!getenv("NO_FUZZ")) { ++ named_g_fuzz_addr = "127.0.0.1:53"; ++ named_g_fuzz_type = isc_fuzz_client; ++ enter_namespaces(); ++ launch_thr(); ++ } ++ ++ isc_result_t result; + #ifdef HAVE_LIBSCF + char *instance = NULL; + #endif +diff -Nur ORIG.bind-9.15.2/compile.sh bind-9.15.2/compile.sh +--- ORIG.bind-9.15.2/compile.sh 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.15.2/compile.sh 2019-08-02 15:11:53.841464756 +0200 +@@ -0,0 +1,20 @@ ++#!/bin/sh ++ ++set -ex ++ ++export CC="$HOME"/src/honggfuzz/hfuzz_cc/hfuzz-clang ++export CXX="$HOME"/src/honggfuzz/hfuzz_cc/hfuzz-clang++ ++export CFLAGS="-fsanitize=address -Wno-shift-negative-value -Wno-logical-not-parentheses -g -ggdb -O0 -D__AFL_COMPILER" ++./configure \ ++ --prefix="$HOME"/fuzz/bind/dist/ \ ++ --without-gssapi \ ++ --disable-chroot \ ++ --disable-linux-caps \ ++ --without-libtool \ ++ --enable-epoll \ ++ --enable-fuzzing=afl \ ++ --disable-backtrace \ ++ --with-openssl=yes ++ ++make clean ++make -j$(nproc) +diff -Nur ORIG.bind-9.15.2/lib/dns/request.c bind-9.15.2/lib/dns/request.c +--- ORIG.bind-9.15.2/lib/dns/request.c 2019-07-10 17:00:29.000000000 +0200 ++++ bind-9.15.2/lib/dns/request.c 2019-08-02 15:11:53.841464756 +0200 +@@ -758,7 +758,7 @@ + goto cleanup; + } + +- if ((options & DNS_REQUESTOPT_TCP) != 0 || r.length > 512) ++ if ((options & DNS_REQUESTOPT_TCP) != 0 || r.length >= 0) + tcp = true; + share = (options & DNS_REQUESTOPT_SHARE); + +@@ -1048,6 +1048,8 @@ + dns_compress_t cctx; + bool cleanup_cctx = false; + ++ options |= DNS_REQUESTOPT_TCP; ++ + REQUIRE(bufferp != NULL && *bufferp == NULL); + + req_log(ISC_LOG_DEBUG(3), "request_render"); +diff -Nur ORIG.bind-9.15.2/lib/dns/resolver.c bind-9.15.2/lib/dns/resolver.c +--- ORIG.bind-9.15.2/lib/dns/resolver.c 2019-07-10 17:00:29.000000000 +0200 ++++ bind-9.15.2/lib/dns/resolver.c 2019-08-02 15:11:53.845464755 +0200 +@@ -1960,7 +1960,7 @@ + goto stop_idle_timer; + } + query->mctx = fctx->mctx; +- query->options = options; ++ query->options = options | DNS_FETCHOPT_TCP; + query->attributes = 0; + query->sends = 0; + query->connects = 0; +diff -Nur ORIG.bind-9.15.2/lib/isc/random.c bind-9.15.2/lib/isc/random.c +--- ORIG.bind-9.15.2/lib/isc/random.c 2019-07-10 17:00:29.000000000 +0200 ++++ bind-9.15.2/lib/isc/random.c 2019-08-02 15:11:53.845464755 +0200 +@@ -94,6 +94,7 @@ + isc_random8(void) { + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); ++ return 1; + return (next() & 0xff); + } + +@@ -101,6 +102,7 @@ + isc_random16(void) { + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); ++ return 1; + return (next() & 0xffff); + } + +@@ -108,6 +110,7 @@ + isc_random32(void) { + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); ++ return 1; + return (next()); + } + +@@ -122,6 +125,13 @@ + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); + ++ for (size_t z = 0; z < buflen; z++) { ++ char * b = (char*)buf; ++ b[z] = z + 1; ++ } ++ return; ++ ++ + for (i = 0; i + sizeof(r) <= buflen; i += sizeof(r)) { + r = next(); + memmove((uint8_t *)buf + i, &r, sizeof(r)); -- cgit v1.2.3 From 2e7c0c0f752c619a84a5dfe05a9a21088bba2302 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 2 Aug 2019 16:41:40 +0200 Subject: subproc: gather info about slowest unit unconditionally --- cmdline.c | 5 ----- honggfuzz.h | 1 - subproc.c | 13 +++++-------- 3 files changed, 5 insertions(+), 14 deletions(-) diff --git a/cmdline.c b/cmdline.c index db8d4478..66d02df8 100644 --- a/cmdline.c +++ b/cmdline.c @@ -314,7 +314,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .report_mutex = PTHREAD_MUTEX_INITIALIZER, .reportFile = NULL, .dynFileIterExpire = 0, - .reportSlowUnits = 10000LL, #if defined(__ANDROID__) .monitorSIGABRT = false, #else @@ -444,7 +443,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "socket_fuzzer", no_argument, NULL, 0x10B }, "Instrument external fuzzer via socket" }, { { "netdriver", no_argument, NULL, 0x10C }, "Use netdriver (libhfnetdriver/). In most cases it will be autodetected through a binary signature" }, { { "only_printable", no_argument, NULL, 'o' }, "Only generate printable inputs" }, - { { "report_slow_units", required_argument, NULL, 0x10D}, "Report slowest units if they run for more than this number of milliseconds (default: 10'000)"}, #if defined(_HF_ARCH_LINUX) { { "linux_symbols_bl", required_argument, NULL, 0x504 }, "Symbols blacklist filter file (one entry per line)" }, @@ -568,9 +566,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { case 'R': hfuzz->cfg.reportFile = optarg; break; - case 0x10D: - hfuzz->cfg.reportSlowUnits = strtoll(optarg, NULL, 10); - break; case 'n': if (optarg[0] == 'a') { long ncpus = sysconf(_SC_NPROCESSORS_ONLN); diff --git a/honggfuzz.h b/honggfuzz.h index 95bdefcb..e2008d53 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -248,7 +248,6 @@ typedef struct { pthread_mutex_t report_mutex; bool monitorSIGABRT; size_t dynFileIterExpire; - int64_t reportSlowUnits; bool only_printable; } cfg; struct { diff --git a/subproc.c b/subproc.c index 2762e74a..fa2dba24 100644 --- a/subproc.c +++ b/subproc.c @@ -173,14 +173,6 @@ bool subproc_persistentModeStateMachine(run_t* run) { if (!subproc_persistentGetReady(run)) { return false; } - int64_t curMillis = util_timeNowMillis(); - int64_t diffMillis = curMillis - run->timeStartedMillis; - if (diffMillis > - (ATOMIC_GET(run->global->timing.timeOfLongestUnitInMilliseconds) * 1.1) && - diffMillis > run->global->cfg.reportSlowUnits) { - LOG_D("Found new slowest unit, runs in %" PRId64 " ms", diffMillis); - ATOMIC_SET(run->global->timing.timeOfLongestUnitInMilliseconds, diffMillis); - } run->runState = _HF_RS_SEND_DATA; /* The current persistent round is done */ return true; @@ -397,6 +389,11 @@ bool subproc_Run(run_t* run) { arch_prepareParent(run); arch_reapChild(run); + int64_t diffMillis = util_timeNowMillis() - run->timeStartedMillis; + if (diffMillis >= run->global->timing.timeOfLongestUnitInMilliseconds) { + run->global->timing.timeOfLongestUnitInMilliseconds = diffMillis; + } + return true; } -- cgit v1.2.3 From 798c276dd559c273bef69df4a4db1c96bbc3d7a5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 17 Aug 2019 13:11:45 +0200 Subject: hongfuzz: use ATOMIC_GET when accessing hfuzz->feedback.feedbackMap --- honggfuzz.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/honggfuzz.c b/honggfuzz.c index 5a5a0953..e8ead22c 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -189,10 +189,9 @@ static void printSummary(honggfuzz_t* hfuzz) { if (elapsed_sec) { exec_per_sec = hfuzz->cnts.mutationsCnt / elapsed_sec; } + uint64_t guardNb = ATOMIC_GET(hfuzz->feedback.feedbackMap->guardNb); uint64_t branch_percent_cov = - hfuzz->feedback.feedbackMap->guardNb - ? ((100 * hfuzz->linux.hwCnts.softCntEdge) / hfuzz->feedback.feedbackMap->guardNb) - : 0; + guardNb ? ((100 * ATOMIC_GET(hfuzz->linux.hwCnts.softCntEdge)) / guardNb) : 0; LOG_I("Summary iterations:%zu time:%" PRIu64 " speed:%" PRIu64 " " "crashes_count:%zu timeout_count:%zu new_units_added:%zu " "slowest_unit_ms:%" PRId64 " guard_nb:%" PRIu64 " branch_coverage_percent:%" PRIu64, -- cgit v1.2.3 From 1c6ee91b2edd9e685501880fdfa15c3639c1dcbd Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 17 Aug 2019 13:12:55 +0200 Subject: display: use ATOMIC_GET when accessing hfuzz->feedback.feedbackMap --- display.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/display.c b/display.c index e26336cc..113d58db 100644 --- a/display.c +++ b/display.c @@ -251,7 +251,7 @@ static void display_displayLocked(honggfuzz_t* hfuzz) { uint64_t softCntCmp = ATOMIC_GET(hfuzz->linux.hwCnts.softCntCmp); display_put(" edge: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET "/" ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, - softCntEdge, hfuzz->feedback.feedbackMap->guardNb); + softCntEdge, ATOMIC_GET(hfuzz->feedback.feedbackMap->guardNb)); display_put(" pc: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntPc); display_put(" cmp: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntCmp); } -- cgit v1.2.3 From e1cad9c60a9dfadff94601b7997cfff486e688fb Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 18 Aug 2019 09:43:21 +0200 Subject: display: add option to display >1T iterations as 'T' --- display.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/display.c b/display.c index 113d58db..3bf292cc 100644 --- a/display.c +++ b/display.c @@ -63,7 +63,9 @@ __attribute__((format(printf, 1, 2))) static void display_put(const char* fmt, . } static void display_printKMG(uint64_t val) { - if (val >= 1000000000UL) { + if (val >= 1000000000000ULL) { + display_put(" [%.02LfT]", (long double)val / 1000000000.0L); + } else if (val >= 1000000000UL) { display_put(" [%.02LfG]", (long double)val / 1000000000.0L); } else if (val >= 1000000UL) { display_put(" [%.02LfM]", (long double)val / 1000000.0L); -- cgit v1.2.3 From b50c009ecd1dfc6dd9c92546f81ce3c6128f86b9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 18 Aug 2019 19:54:26 +0200 Subject: libhfuzz: typo --- libhfuzz/fetch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfuzz/fetch.c b/libhfuzz/fetch.c index ebc5c6a6..b81ea20e 100644 --- a/libhfuzz/fetch.c +++ b/libhfuzz/fetch.c @@ -17,7 +17,7 @@ /* * If this signature is visible inside a binary, it's probably a persistent-style fuzzing program. - * This mode of discover is employed by honggfuzz + * This discovery mode is employed by honggfuzz */ __attribute__((visibility("default"))) __attribute__((used)) const char* LIBHFUZZ_module_fetch = _HF_PERSISTENT_SIG; -- cgit v1.2.3 From 5ff9949e70bdf9d28e1f5124405f0fe2915c1b09 Mon Sep 17 00:00:00 2001 From: thebabush Date: Mon, 19 Aug 2019 02:23:35 +0200 Subject: qemu_mode: initial support --- qemu_mode/Makefile | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 qemu_mode/Makefile diff --git a/qemu_mode/Makefile b/qemu_mode/Makefile new file mode 100644 index 00000000..b5c1ae9b --- /dev/null +++ b/qemu_mode/Makefile @@ -0,0 +1,22 @@ + +.PHONY: clean qemu_bin + +TARGETS ?= x86_64-linux-user + +qemu_bin: honggfuzz-qemu/config.status + @echo "\nRun \"cd honggfuzz-qemu/ && make\"." + @echo "Targets: \"honggfuzz-qemu/*-linux-user/qemu-*\".\n" + +honggfuzz-qemu/config.status: honggfuzz-qemu/ + @echo "=== Configuring QEMU for \"$(TARGETS)\" ===" + @cd honggfuzz-qemu/ && \ + ./configure --honggfuzz-path="$(PWD)/../" --disable-system --target-list="$(TARGETS)" + +honggfuzz-qemu/: + @echo "=== Cloning custom QEMU version ===" + @git clone --depth 1 https://github.com/thebabush/honggfuzz-qemu.git -b honggfuzz + +clean: + @echo "=== Cleaning ===" + rm -rf honggfuzz-qemu/ + -- cgit v1.2.3 From 8d1a77ed91647051fcf54fb67b30a21efdb278b0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 19 Aug 2019 23:47:32 +0200 Subject: libhfuzz: make it workable with honggfuzz-qemu linked with hfuzz-g++ --- libhfuzz/instrument.c | 44 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index e0c64892..12c41828 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -83,7 +83,9 @@ static void initializeInstrument(void) { } static __thread pthread_once_t localInitOnce = PTHREAD_ONCE_INIT; -__attribute__((constructor)) void localInit(void) { + +extern void hfuzzInstrumentInit(void); +__attribute__((constructor)) void hfuzzInstrumentInit(void) { pthread_once(&localInitOnce, initializeInstrument); } @@ -114,14 +116,22 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __cyg_profile_func_exit( /* * -fsanitize-coverage=trace-pc */ -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc(void) { - register uintptr_t ret = (uintptr_t)__builtin_return_address(0) & _HF_PERF_BITMAP_BITSZ_MASK; +ATTRIBUTE_X86_REQUIRE_SSE42 static inline void hfuzz_trace_pc_internal(uintptr_t pc) { + register uintptr_t ret = pc & _HF_PERF_BITMAP_BITSZ_MASK; register uint8_t prev = ATOMIC_BTS(feedback->bbMapPc, ret); if (!prev) { ATOMIC_PRE_INC_RELAXED(feedback->pidFeedbackPc[my_thread_no]); } } +ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc(void) { + hfuzz_trace_pc_internal((uintptr_t)__builtin_return_address(0)); +} + +ATTRIBUTE_X86_REQUIRE_SSE42 void hfuzz_trace_pc(uintptr_t pc) { + hfuzz_trace_pc_internal(pc); +} + /* * -fsanitize-coverage=trace-cmp */ @@ -145,8 +155,9 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint1 } } -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { - uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; +ATTRIBUTE_X86_REQUIRE_SSE42 static inline void hfuzz_trace_cmp4_internal( + uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { + uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); uint8_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); if (prev < v) { @@ -155,8 +166,17 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint3 } } -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { - uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; +ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { + hfuzz_trace_cmp4_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); +} + +ATTRIBUTE_X86_REQUIRE_SSE42 void hfuzz_trace_cmp4(uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { + hfuzz_trace_cmp4_internal(pc, Arg1, Arg2); +} + +ATTRIBUTE_X86_REQUIRE_SSE42 static inline void hfuzz_trace_cmp8_internal( + uintptr_t pc, uint64_t Arg1, uint64_t Arg2) { + uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcountll(Arg1 ^ Arg2)); uint8_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); if (prev < v) { @@ -165,6 +185,14 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint6 } } +ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { + hfuzz_trace_cmp8_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); +} + +ATTRIBUTE_X86_REQUIRE_SSE42 void hfuzz_trace_cmp8(uintptr_t pc, uint64_t Arg1, uint64_t Arg2) { + hfuzz_trace_cmp8_internal(pc, Arg1, Arg2); +} + /* * Const versions of trace_cmp, we don't use any special handling for these * @@ -299,7 +327,7 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard_init( static uint32_t n = 1U; /* Make sure that the feedback struct is already mmap()'d */ - localInit(); + hfuzzInstrumentInit(); for (uint32_t* x = start; x < stop; x++, n++) { if (n >= _HF_PC_GUARD_MAX) { -- cgit v1.2.3 From 0924f2f9525e64b191cb9f9957cc4cbbf10a72f7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 21 Aug 2019 13:52:46 +0200 Subject: add missing TEMP_FAILURE_RETRY around code --- libhfcommon/log.c | 2 +- libhfcommon/util.c | 5 ++--- libhfuzz/persistent.c | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/libhfcommon/log.c b/libhfcommon/log.c index 48be6345..c4f15c3e 100644 --- a/libhfcommon/log.c +++ b/libhfcommon/log.c @@ -69,7 +69,7 @@ void logInitLogFile(const char* logfile, int fd, enum llevel_t ll) { log_level = ll; if (logfile) { - log_fd = open(logfile, O_CREAT | O_RDWR | O_TRUNC, 0640); + log_fd = TEMP_FAILURE_RETRY(open(logfile, O_CREAT | O_RDWR | O_TRUNC, 0640)); if (log_fd == -1) { log_fd = STDERR_FILENO; PLOG_E("Couldn't open logfile open('%s')", logfile); diff --git a/libhfcommon/util.c b/libhfcommon/util.c index 51ec608e..eadefaa7 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -89,7 +89,7 @@ static __thread pthread_once_t rndThreadOnce = PTHREAD_ONCE_INIT; static __thread uint64_t rndState[2]; static void util_rndInitThread(void) { - int fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC); + int fd = TEMP_FAILURE_RETRY(open("/dev/urandom", O_RDONLY | O_CLOEXEC)); if (fd == -1) { PLOG_F("Couldn't open /dev/urandom for reading"); } @@ -197,8 +197,7 @@ void util_getLocalTime(const char* fmt, char* buf, size_t len, time_t tm) { } void util_closeStdio(bool close_stdin, bool close_stdout, bool close_stderr) { - int fd = open("/dev/null", O_RDWR); - + int fd = TEMP_FAILURE_RETRY(open("/dev/null", O_RDWR)); if (fd == -1) { PLOG_E("Couldn't open '/dev/null'"); return; diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c index 5e015c39..8f7cbc8c 100644 --- a/libhfuzz/persistent.c +++ b/libhfuzz/persistent.c @@ -77,7 +77,7 @@ static int HonggfuzzRunFromFile(int argc, char** argv) { const char* fname = "[STDIN]"; if (argc > 1) { fname = argv[argc - 1]; - if ((in_fd = open(argv[argc - 1], O_RDONLY)) == -1) { + if ((in_fd = TEMP_FAILURE_RETRY(open(argv[argc - 1], O_RDONLY))) == -1) { PLOG_W("Cannot open '%s' as input, using stdin", argv[argc - 1]); in_fd = STDIN_FILENO; fname = "[STDIN]"; -- cgit v1.2.3 From 81d01d2343af81c99bcb90d14336119a481fb2ed Mon Sep 17 00:00:00 2001 From: Guillaume Weghsteen Date: Tue, 20 Aug 2019 18:00:45 +0200 Subject: Add peak_rss_mb metrics --- honggfuzz.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/honggfuzz.c b/honggfuzz.c index e8ead22c..caf08d3a 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -192,13 +192,18 @@ static void printSummary(honggfuzz_t* hfuzz) { uint64_t guardNb = ATOMIC_GET(hfuzz->feedback.feedbackMap->guardNb); uint64_t branch_percent_cov = guardNb ? ((100 * ATOMIC_GET(hfuzz->linux.hwCnts.softCntEdge)) / guardNb) : 0; + struct rusage usage; + if (getrusage(RUSAGE_CHILDREN, &usage)){ + PLOG_F("getrusage failed"); + } LOG_I("Summary iterations:%zu time:%" PRIu64 " speed:%" PRIu64 " " "crashes_count:%zu timeout_count:%zu new_units_added:%zu " - "slowest_unit_ms:%" PRId64 " guard_nb:%" PRIu64 " branch_coverage_percent:%" PRIu64, + "slowest_unit_ms:%" PRId64 " guard_nb:%" PRIu64 " branch_coverage_percent:%" PRIu64 " " + "peak_rss_mb:%zu", hfuzz->cnts.mutationsCnt, elapsed_sec, exec_per_sec, hfuzz->cnts.crashesCnt, hfuzz->cnts.timeoutedCnt, hfuzz->io.newUnitsAdded, hfuzz->timing.timeOfLongestUnitInMilliseconds, hfuzz->feedback.feedbackMap->guardNb, - branch_percent_cov); + branch_percent_cov, usage.ru_maxrss); } static void pingThreads(honggfuzz_t* hfuzz) { -- cgit v1.2.3 From dbb61a5a2e61d0c2308ff1a5f67f7ef570da8366 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 26 Aug 2019 18:26:36 +0200 Subject: display: support for SIGWINCH --- display.c | 8 ++++++-- display.h | 1 + honggfuzz.c | 14 ++++++++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/display.c b/display.c index 3bf292cc..35b56e3e 100644 --- a/display.c +++ b/display.c @@ -299,8 +299,12 @@ void display_fini(void) { display_put(ESC_SCROLL_RESET ESC_NAV_DOWN(500)); } -void display_init(void) { - atexit(display_fini); +void display_clear(void) { display_put(ESC_CLEAR_ALL); display_put(ESC_NAV_DOWN(500)); } + +void display_init(void) { + atexit(display_fini); + display_clear(); +} diff --git a/display.h b/display.h index dc61422c..26227d18 100644 --- a/display.h +++ b/display.h @@ -28,6 +28,7 @@ extern void display_display(honggfuzz_t* hfuzz); extern void display_init(void); +extern void display_clear(void); extern void display_createTargetStr(honggfuzz_t* hfuzz); #endif diff --git a/honggfuzz.c b/honggfuzz.c index e8ead22c..2b5e16c2 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -47,6 +47,7 @@ #include "subproc.h" static int sigReceived = 0; +static bool clearWin = false; /* * CygWin/MinGW incorrectly copies stack during fork(), so we need to keep some @@ -72,6 +73,11 @@ static void sigHandler(int sig) { } return; } + if (sig == SIGWINCH) { + ATOMIC_SET(clearWin, true); + return; + } + /* Do nothing with pings from the main thread */ if (sig == SIGUSR1) { return; @@ -141,6 +147,7 @@ static void setupSignalsPreThreads(void) { sigaddset(&ss, SIGCHLD); /* This is checked for via sigwaitinfo/sigtimedwait */ sigaddset(&ss, SIGUSR1); + sigaddset(&ss, SIGWINCH); if (sigprocmask(SIG_SETMASK, &ss, NULL) != 0) { PLOG_F("sigprocmask(SIG_SETMASK)"); } @@ -168,6 +175,9 @@ static void setupSignalsPreThreads(void) { if (sigaction(SIGCHLD, &sa, NULL) == -1) { PLOG_F("sigaction(SIGCHLD) failed"); } + if (sigaction(SIGWINCH, &sa, NULL) == -1) { + PLOG_F("sigaction(SIGWINCH) failed"); + } } static void setupSignalsMainThread(void) { @@ -178,6 +188,7 @@ static void setupSignalsMainThread(void) { sigaddset(&ss, SIGINT); sigaddset(&ss, SIGQUIT); sigaddset(&ss, SIGALRM); + sigaddset(&ss, SIGWINCH); if (pthread_sigmask(SIG_UNBLOCK, &ss, NULL) != 0) { PLOG_F("pthread_sigmask(SIG_UNBLOCK)"); } @@ -308,6 +319,9 @@ int main(int argc, char** argv) { for (;;) { if (hfuzz.display.useScreen) { + if (ATOMIC_XCHG(clearWin, false)) { + display_clear(); + } display_display(&hfuzz); } if (ATOMIC_GET(sigReceived) > 0) { -- cgit v1.2.3 From e6c974ebf6f760c2b42ef5f5926a6d14228d37ef Mon Sep 17 00:00:00 2001 From: Guillaume Weghsteen Date: Tue, 27 Aug 2019 09:52:06 +0200 Subject: dont't crash honggfuzz if we can't getrusage, just warn the user --- honggfuzz.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/honggfuzz.c b/honggfuzz.c index caf08d3a..70d488e4 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -194,7 +194,8 @@ static void printSummary(honggfuzz_t* hfuzz) { guardNb ? ((100 * ATOMIC_GET(hfuzz->linux.hwCnts.softCntEdge)) / guardNb) : 0; struct rusage usage; if (getrusage(RUSAGE_CHILDREN, &usage)){ - PLOG_F("getrusage failed"); + PLOG_W("getrusage failed"); + usage.ru_maxrss = 0; // 0 means something went wrong with rusage } LOG_I("Summary iterations:%zu time:%" PRIu64 " speed:%" PRIu64 " " "crashes_count:%zu timeout_count:%zu new_units_added:%zu " -- cgit v1.2.3 From 99559afa16ca275e443e6111000407ff3a4de0e6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 27 Aug 2019 22:45:02 +0200 Subject: subproc: allow to use ___FILE___ and -s with persistent mode --- cmdline.c | 6 ------ fuzz.c | 2 -- honggfuzz.c | 4 ++-- honggfuzz.h | 1 - linux/arch.c | 6 ++---- mac/arch.c | 6 ++---- netbsd/arch.c | 6 ++---- posix/arch.c | 6 ++---- subproc.c | 19 ++++++++----------- 9 files changed, 18 insertions(+), 38 deletions(-) diff --git a/cmdline.c b/cmdline.c index 66d02df8..1d85b78c 100644 --- a/cmdline.c +++ b/cmdline.c @@ -193,12 +193,6 @@ static bool cmdlineVerify(honggfuzz_t* hfuzz) { return false; } - if (hfuzz->exe.fuzzStdin && hfuzz->exe.persistent) { - LOG_E( - "Stdin fuzzing (-s) and persistent fuzzing (-P) cannot be specified at the same time"); - return false; - } - if (hfuzz->threads.threadsMax >= _HF_THREAD_MAX) { LOG_E("Too many fuzzing threads specified %zu (>= _HF_THREAD_MAX (%u))", hfuzz->threads.threadsMax, _HF_THREAD_MAX); diff --git a/fuzz.c b/fuzz.c index 47d57325..ac7ae52d 100644 --- a/fuzz.c +++ b/fuzz.c @@ -385,7 +385,6 @@ static void fuzz_fuzzLoop(run_t* run) { run->mainWorker = true; run->mutationsPerRun = run->global->mutate.mutationsPerRun; run->dynamicFileSz = 0; - run->dynamicFileCopyFd = -1; run->tmOutSignaled = false; run->linux.hwCnts.cpuInstrCnt = 0; @@ -420,7 +419,6 @@ static void fuzz_fuzzLoopSocket(run_t* run) { run->mainWorker = true; run->mutationsPerRun = run->global->mutate.mutationsPerRun; run->dynamicFileSz = 0; - run->dynamicFileCopyFd = -1; run->tmOutSignaled = false; run->linux.hwCnts.cpuInstrCnt = 0; diff --git a/honggfuzz.c b/honggfuzz.c index 9cef1000..8e819267 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -204,9 +204,9 @@ static void printSummary(honggfuzz_t* hfuzz) { uint64_t branch_percent_cov = guardNb ? ((100 * ATOMIC_GET(hfuzz->linux.hwCnts.softCntEdge)) / guardNb) : 0; struct rusage usage; - if (getrusage(RUSAGE_CHILDREN, &usage)){ + if (getrusage(RUSAGE_CHILDREN, &usage)) { PLOG_W("getrusage failed"); - usage.ru_maxrss = 0; // 0 means something went wrong with rusage + usage.ru_maxrss = 0; // 0 means something went wrong with rusage } LOG_I("Summary iterations:%zu time:%" PRIu64 " speed:%" PRIu64 " " "crashes_count:%zu timeout_count:%zu new_units_added:%zu " diff --git a/honggfuzz.h b/honggfuzz.h index e2008d53..5fe6f588 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -332,7 +332,6 @@ typedef struct { uint8_t* dynamicFile; size_t dynamicFileSz; int dynamicFileFd; - int dynamicFileCopyFd; uint32_t fuzzNo; int persistentSock; bool waitingForReady; diff --git a/linux/arch.c b/linux/arch.c index cda074f1..3603cfa0 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -137,13 +137,11 @@ bool arch_launchChild(run_t* run) { char argData[PATH_MAX]; char inputFile[PATH_MAX]; - snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", run->dynamicFileCopyFd); + snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", run->dynamicFileFd); int x = 0; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { - if (run->global->exe.persistent || run->global->exe.fuzzStdin) { - args[x] = run->global->exe.cmdline[x]; - } else if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { + if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { args[x] = inputFile; } else if (strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { const char* off = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); diff --git a/mac/arch.c b/mac/arch.c index d50d8f1c..141a9cab 100644 --- a/mac/arch.c +++ b/mac/arch.c @@ -296,13 +296,11 @@ bool arch_launchChild(run_t* run) { char argData[PATH_MAX]; char inputFile[PATH_MAX]; - snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", run->dynamicFileCopyFd); + snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", run->dynamicFileFd); int x; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { - if (run->global->exe.persistent || run->global->exe.fuzzStdin) { - args[x] = run->global->exe.cmdline[x]; - } else if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { + if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { args[x] = inputFile; } else if (strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { const char* off = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); diff --git a/netbsd/arch.c b/netbsd/arch.c index bacd1ee1..4faa396c 100644 --- a/netbsd/arch.c +++ b/netbsd/arch.c @@ -79,13 +79,11 @@ bool arch_launchChild(run_t* run) { char argData[PATH_MAX]; char inputFile[PATH_MAX]; - snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", run->dynamicFileCopyFd); + snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", run->dynamicFileFd); int x = 0; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { - if (run->global->exe.persistent || run->global->exe.fuzzStdin) { - args[x] = run->global->exe.cmdline[x]; - } else if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { + if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { args[x] = inputFile; } else if (strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { const char* off = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); diff --git a/posix/arch.c b/posix/arch.c index cdc14293..5f8317e6 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -149,13 +149,11 @@ bool arch_launchChild(run_t* run) { char argData[PATH_MAX]; char inputFile[PATH_MAX]; - snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", run->dynamicFileCopyFd); + snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", run->dynamicFileFd); int x; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { - if (run->global->exe.persistent || run->global->exe.fuzzStdin) { - args[x] = run->global->exe.cmdline[x]; - } else if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { + if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { args[x] = inputFile; } else if (strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { const char* off = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); diff --git a/subproc.c b/subproc.c index fa2dba24..acf3f8b1 100644 --- a/subproc.c +++ b/subproc.c @@ -263,6 +263,10 @@ static bool subproc_PrepareExecv(run_t* run) { PLOG_E("dup2('%d', _HF_INPUT_FD='%d')", run->dynamicFileFd, _HF_INPUT_FD); return false; } + if (lseek(run->dynamicFileFd, 0, SEEK_SET) == (off_t)-1) { + PLOG_E("lseek(fileFd=%d, 0, SEEK_SET)", run->dynamicFileFd); + return false; + } /* The log FD */ if ((run->global->exe.netDriver || run->global->exe.persistent)) { @@ -281,17 +285,10 @@ static bool subproc_PrepareExecv(run_t* run) { PLOG_W("sigprocmask(empty_set)"); } - if (!run->global->exe.persistent) { - if ((run->dynamicFileCopyFd = files_writeBufToTmpFile( - run->global->io.workDir, run->dynamicFile, run->dynamicFileSz, 0)) == -1) { - LOG_E("Couldn't save data to a temporary file"); - return false; - } - if (run->global->exe.fuzzStdin && - TEMP_FAILURE_RETRY(dup2(run->dynamicFileCopyFd, STDIN_FILENO)) == -1) { - PLOG_E("dup2(_HF_INPUT_FD=%d, STDIN_FILENO=%d)", run->dynamicFileCopyFd, STDIN_FILENO); - return false; - } + if (run->global->exe.fuzzStdin && + TEMP_FAILURE_RETRY(dup2(run->dynamicFileFd, STDIN_FILENO)) == -1) { + PLOG_E("dup2(_HF_INPUT_FD=%d, STDIN_FILENO=%d)", run->dynamicFileFd, STDIN_FILENO); + return false; } return true; -- cgit v1.2.3 From 65880af52e3111d631b2b024e6e11295e48a4846 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 28 Aug 2019 13:06:29 +0200 Subject: */arch.c: use _HF_INPUT_FD instead of run->dynamicFileFd b/c the latter if O_CLOEXEC --- linux/arch.c | 2 +- mac/arch.c | 2 +- netbsd/arch.c | 2 +- posix/arch.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/linux/arch.c b/linux/arch.c index 3603cfa0..7f88d189 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -137,7 +137,7 @@ bool arch_launchChild(run_t* run) { char argData[PATH_MAX]; char inputFile[PATH_MAX]; - snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", run->dynamicFileFd); + snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", _HF_INPUT_FD); int x = 0; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { diff --git a/mac/arch.c b/mac/arch.c index 141a9cab..1f8c0f58 100644 --- a/mac/arch.c +++ b/mac/arch.c @@ -296,7 +296,7 @@ bool arch_launchChild(run_t* run) { char argData[PATH_MAX]; char inputFile[PATH_MAX]; - snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", run->dynamicFileFd); + snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", _HF_INPUT_FD); int x; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { diff --git a/netbsd/arch.c b/netbsd/arch.c index 4faa396c..d9cbac29 100644 --- a/netbsd/arch.c +++ b/netbsd/arch.c @@ -79,7 +79,7 @@ bool arch_launchChild(run_t* run) { char argData[PATH_MAX]; char inputFile[PATH_MAX]; - snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", run->dynamicFileFd); + snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", _HF_INPUT_FD); int x = 0; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { diff --git a/posix/arch.c b/posix/arch.c index 5f8317e6..bc325bfd 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -149,7 +149,7 @@ bool arch_launchChild(run_t* run) { char argData[PATH_MAX]; char inputFile[PATH_MAX]; - snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", run->dynamicFileFd); + snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", _HF_INPUT_FD); int x; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { -- cgit v1.2.3 From fdde1ed8bfebfa3cd6f0bc251759cc88b997d6d5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 28 Aug 2019 13:27:02 +0200 Subject: mangle: resize files unconditionally --- mangle.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/mangle.c b/mangle.c index 0a20d587..591c3df2 100644 --- a/mangle.c +++ b/mangle.c @@ -848,6 +848,26 @@ static void mangle_Shrink(run_t* run) { mangle_Move(run, off + len, off, run->dynamicFileSz); } +static void mangle_Resize(run_t* run) { + size_t newsz = util_rndGet(1, run->global->mutate.maxFileSz); + size_t oldsz = run->dynamicFileSz; + + input_setSize(run, newsz); + if (newsz > run->dynamicFileSz) { + util_rndBuf(&run->dynamicFile[oldsz], newsz - oldsz); + } +} + +static void mangle_ResizePrintable(run_t* run) { + size_t newsz = util_rndGet(1, run->global->mutate.maxFileSz); + size_t oldsz = run->dynamicFileSz; + + input_setSize(run, newsz); + if (newsz > oldsz) { + util_rndBufPrintable(&run->dynamicFile[oldsz], newsz - oldsz); + } +} + static void mangle_InsertRnd(run_t* run) { size_t off = util_rndGet(0, run->dynamicFileSz - 1); size_t len = util_rndGet(1, run->dynamicFileSz - off); @@ -921,20 +941,17 @@ void mangle_mangleContent(run_t* run) { return; } - /* No point in modifying it, if its size is 0 */ - if (run->dynamicFileSz == 0UL) { - input_setSize(run, 1UL); - } - /* Max number of stacked changes is, by default, 6 */ uint64_t changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); if (run->global->cfg.only_printable) { + mangle_ResizePrintable(run); for (uint64_t x = 0; x < changesCnt; x++) { uint64_t choice = util_rndGet(0, ARRAYSIZE(manglePrintableFuncs) - 1); manglePrintableFuncs[choice](run); } } else { + mangle_Resize(run); for (uint64_t x = 0; x < changesCnt; x++) { uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleFuncs) - 1); mangleFuncs[choice](run); -- cgit v1.2.3 From d0baec1f782b7cdb811939b6d13e83690e39ed90 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 28 Aug 2019 17:34:30 +0200 Subject: arch: use shorter form of concatenating strings --- linux/arch.c | 4 +--- mac/arch.c | 4 +--- mangle.c | 4 ++-- netbsd/arch.c | 4 +--- posix/arch.c | 4 +--- 5 files changed, 6 insertions(+), 14 deletions(-) diff --git a/linux/arch.c b/linux/arch.c index 7f88d189..12b65d80 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -135,9 +135,7 @@ bool arch_launchChild(run_t* run) { #define ARGS_MAX 512 const char* args[ARGS_MAX + 2]; char argData[PATH_MAX]; - - char inputFile[PATH_MAX]; - snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", _HF_INPUT_FD); + const char inputFile[] = "/dev/fd/" HF_XSTR(_HF_INPUT_FD); int x = 0; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { diff --git a/mac/arch.c b/mac/arch.c index 1f8c0f58..c0ef646d 100644 --- a/mac/arch.c +++ b/mac/arch.c @@ -294,9 +294,7 @@ bool arch_launchChild(run_t* run) { #define ARGS_MAX 512 const char* args[ARGS_MAX + 2]; char argData[PATH_MAX]; - - char inputFile[PATH_MAX]; - snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", _HF_INPUT_FD); + const char inputFile[] = "/dev/fd/" HF_XSTR(_HF_INPUT_FD); int x; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { diff --git a/mangle.c b/mangle.c index 591c3df2..dd63102b 100644 --- a/mangle.c +++ b/mangle.c @@ -850,7 +850,7 @@ static void mangle_Shrink(run_t* run) { static void mangle_Resize(run_t* run) { size_t newsz = util_rndGet(1, run->global->mutate.maxFileSz); - size_t oldsz = run->dynamicFileSz; + size_t oldsz = run->dynamicFileSz; input_setSize(run, newsz); if (newsz > run->dynamicFileSz) { @@ -860,7 +860,7 @@ static void mangle_Resize(run_t* run) { static void mangle_ResizePrintable(run_t* run) { size_t newsz = util_rndGet(1, run->global->mutate.maxFileSz); - size_t oldsz = run->dynamicFileSz; + size_t oldsz = run->dynamicFileSz; input_setSize(run, newsz); if (newsz > oldsz) { diff --git a/netbsd/arch.c b/netbsd/arch.c index d9cbac29..34070137 100644 --- a/netbsd/arch.c +++ b/netbsd/arch.c @@ -77,9 +77,7 @@ bool arch_launchChild(run_t* run) { #define ARGS_MAX 512 const char* args[ARGS_MAX + 2]; char argData[PATH_MAX]; - - char inputFile[PATH_MAX]; - snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", _HF_INPUT_FD); + const char inputFile[] = "/dev/fd/" HF_XSTR(_HF_INPUT_FD); int x = 0; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { diff --git a/posix/arch.c b/posix/arch.c index bc325bfd..f63de1f6 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -147,9 +147,7 @@ bool arch_launchChild(run_t* run) { #define ARGS_MAX 512 const char* args[ARGS_MAX + 2]; char argData[PATH_MAX]; - - char inputFile[PATH_MAX]; - snprintf(inputFile, sizeof(inputFile), "/dev/fd/%d", _HF_INPUT_FD); + const char inputFile[] = "/dev/fd/" HF_XSTR(_HF_INPUT_FD); int x; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { -- cgit v1.2.3 From 762617598e18f25e47fe59ed23dee6d8f2117ca1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 28 Aug 2019 18:14:32 +0200 Subject: honggfuzz: map feedback struct unconditionally --- honggfuzz.c | 9 +++------ subproc.c | 5 ++--- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/honggfuzz.c b/honggfuzz.c index 8e819267..e18fe478 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -303,12 +303,9 @@ int main(int argc, char** argv) { LOG_F("Couldn't parse symbols whitelist file ('%s')", hfuzzl.symsWlFile); } - if (hfuzz.feedback.dynFileMethod != _HF_DYNFILE_NONE) { - if (!(hfuzz.feedback.feedbackMap = files_mapSharedMem( - sizeof(feedback_t), &hfuzz.feedback.bbFd, "hfuzz-feedback", hfuzz.io.workDir))) { - LOG_F("files_mapSharedMem(sz=%zu, dir='%s') failed", sizeof(feedback_t), - hfuzz.io.workDir); - } + if (!(hfuzz.feedback.feedbackMap = files_mapSharedMem( + sizeof(feedback_t), &hfuzz.feedback.bbFd, "hfuzz-feedback", hfuzz.io.workDir))) { + LOG_F("files_mapSharedMem(sz=%zu, dir='%s') failed", sizeof(feedback_t), hfuzz.io.workDir); } setupRLimits(); diff --git a/subproc.c b/subproc.c index acf3f8b1..f037f252 100644 --- a/subproc.c +++ b/subproc.c @@ -250,9 +250,8 @@ static bool subproc_PrepareExecv(run_t* run) { /* close_stdout= */ run->global->exe.nullifyStdio, /* close_stderr= */ run->global->exe.nullifyStdio); - /* The bitmap structure */ - if (run->global->feedback.bbFd != -1 && - TEMP_FAILURE_RETRY(dup2(run->global->feedback.bbFd, _HF_BITMAP_FD)) == -1) { + /* The bitmap/feedback structure */ + if (TEMP_FAILURE_RETRY(dup2(run->global->feedback.bbFd, _HF_BITMAP_FD)) == -1) { PLOG_E("dup2(%d, _HF_BITMAP_FD=%d)", run->global->feedback.bbFd, _HF_BITMAP_FD); return false; } -- cgit v1.2.3 From e8448c39f56ba67b45083100d9c777124d8dfec6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 28 Aug 2019 22:23:59 +0200 Subject: mangle: incorrect comparison --- mangle.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mangle.c b/mangle.c index dd63102b..15cb1549 100644 --- a/mangle.c +++ b/mangle.c @@ -853,7 +853,7 @@ static void mangle_Resize(run_t* run) { size_t oldsz = run->dynamicFileSz; input_setSize(run, newsz); - if (newsz > run->dynamicFileSz) { + if (newsz > oldsz) { util_rndBuf(&run->dynamicFile[oldsz], newsz - oldsz); } } -- cgit v1.2.3 From 8eeef3d537f74c97df9397ec666b42467403df1c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 28 Aug 2019 22:35:09 +0200 Subject: mangle: add mangle_Resize to the list of used functions --- mangle.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mangle.c b/mangle.c index 15cb1549..1df24c47 100644 --- a/mangle.c +++ b/mangle.c @@ -912,6 +912,7 @@ void mangle_mangleContent(run_t* run) { mangle_CloneByte, mangle_Expand, mangle_Shrink, + mangle_Resize, mangle_InsertRnd, mangle_ASCIIVal, }; @@ -933,6 +934,7 @@ void mangle_mangleContent(run_t* run) { mangle_CloneByte, mangle_Expand, mangle_Shrink, + mangle_ResizePrintable, mangle_InsertRndPrintable, mangle_ASCIIVal, }; -- cgit v1.2.3 From 84e3cff5e6ae805c9666492b31b1601a240c59b4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 28 Aug 2019 23:32:31 +0200 Subject: fuzz: no need to check for bbFd --- fuzz.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/fuzz.c b/fuzz.c index ac7ae52d..f61df599 100644 --- a/fuzz.c +++ b/fuzz.c @@ -201,14 +201,12 @@ static void fuzz_perfFeedback(run_t* run) { uint64_t softCntPc = 0; uint64_t softCntEdge = 0; uint64_t softCntCmp = 0; - if (run->global->feedback.bbFd != -1) { - softCntPc = ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo]); - ATOMIC_CLEAR(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo]); - softCntEdge = ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo]); - ATOMIC_CLEAR(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo]); - softCntCmp = ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo]); - ATOMIC_CLEAR(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo]); - } + softCntPc = ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo]); + ATOMIC_CLEAR(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo]); + softCntEdge = ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo]); + ATOMIC_CLEAR(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo]); + softCntCmp = ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo]); + ATOMIC_CLEAR(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo]); int64_t diff0 = run->global->linux.hwCnts.cpuInstrCnt - run->linux.hwCnts.cpuInstrCnt; int64_t diff1 = run->global->linux.hwCnts.cpuBranchCnt - run->linux.hwCnts.cpuBranchCnt; -- cgit v1.2.3 From 9913c4dc446ee44e141bc93496752cb90fe23186 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 29 Aug 2019 13:23:00 +0200 Subject: libhfuzz/fetch: call lseek(fd,0) for the input file with each iteration --- libhfuzz/fetch.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libhfuzz/fetch.c b/libhfuzz/fetch.c index b81ea20e..42af737e 100644 --- a/libhfuzz/fetch.c +++ b/libhfuzz/fetch.c @@ -51,6 +51,10 @@ void HonggfuzzFetchData(const uint8_t** buf_ptr, size_t* len_ptr) { *buf_ptr = inputFile; *len_ptr = (size_t)rcvLen; + + if (lseek(_HF_INPUT_FD, (off_t)0, SEEK_SET) == -1) { + PLOG_W("lseek(_HF_INPUT_FD=%d, 0)", _HF_INPUT_FD); + } } bool fetchIsInputAvailable(void) { -- cgit v1.2.3 From 3034b88092a648c697f06abac1eaf183d5e1693d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 29 Aug 2019 13:47:40 +0200 Subject: mangle: improved Resize funcs --- mangle.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 50 insertions(+), 6 deletions(-) diff --git a/mangle.c b/mangle.c index 1df24c47..2e1a798f 100644 --- a/mangle.c +++ b/mangle.c @@ -849,21 +849,65 @@ static void mangle_Shrink(run_t* run) { } static void mangle_Resize(run_t* run) { - size_t newsz = util_rndGet(1, run->global->mutate.maxFileSz); size_t oldsz = run->dynamicFileSz; + uint64_t v = util_rndGet(0, 16); + ssize_t newsz = 0; - input_setSize(run, newsz); - if (newsz > oldsz) { + switch (v) { + case 0: + newsz = (ssize_t)util_rndGet(1, run->global->mutate.maxFileSz); + break; + case 1 ... 8: + newsz = oldsz + v; + break; + case 9 ... 16: + newsz = oldsz + 8 - v; + break; + default: + LOG_F("Illegal value from util_rndGet: %" PRIu64, v); + break; + } + if (newsz < 1) { + newsz = 1; + } + if (newsz > (ssize_t)run->global->mutate.maxFileSz) { + newsz = run->global->mutate.maxFileSz; + } + + input_setSize(run, (size_t)newsz); + if (newsz > (ssize_t)oldsz) { util_rndBuf(&run->dynamicFile[oldsz], newsz - oldsz); } } static void mangle_ResizePrintable(run_t* run) { - size_t newsz = util_rndGet(1, run->global->mutate.maxFileSz); size_t oldsz = run->dynamicFileSz; + uint64_t v = util_rndGet(0, 16); + ssize_t newsz = 0; + + switch (v) { + case 0: + newsz = (ssize_t)util_rndGet(1, run->global->mutate.maxFileSz); + break; + case 1 ... 8: + newsz = oldsz + v; + break; + case 9 ... 16: + newsz = oldsz + 8 - v; + break; + default: + LOG_F("Illegal value from util_rndGet: %" PRIx64, v); + break; + } + if (newsz < 1) { + newsz = 1; + } + if (newsz > (ssize_t)run->global->mutate.maxFileSz) { + newsz = run->global->mutate.maxFileSz; + } - input_setSize(run, newsz); - if (newsz > oldsz) { + input_setSize(run, (size_t)newsz); + if (newsz > (ssize_t)oldsz) { util_rndBufPrintable(&run->dynamicFile[oldsz], newsz - oldsz); } } -- cgit v1.2.3 From 0bd2bc5f3a0dfb340f52bb98bba7bfa1319fa019 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 29 Aug 2019 15:52:29 +0200 Subject: display: display percentage of paths hit --- display.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/display.c b/display.c index 35b56e3e..a3b6a973 100644 --- a/display.c +++ b/display.c @@ -251,9 +251,10 @@ static void display_displayLocked(honggfuzz_t* hfuzz) { uint64_t softCntPc = ATOMIC_GET(hfuzz->linux.hwCnts.softCntPc); uint64_t softCntEdge = ATOMIC_GET(hfuzz->linux.hwCnts.softCntEdge); uint64_t softCntCmp = ATOMIC_GET(hfuzz->linux.hwCnts.softCntCmp); + uint64_t guardNb = ATOMIC_GET(hfuzz->feedback.feedbackMap->guardNb); display_put(" edge: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET "/" ESC_BOLD - "%" _HF_NONMON_SEP PRIu64 ESC_RESET, - softCntEdge, ATOMIC_GET(hfuzz->feedback.feedbackMap->guardNb)); + "%" _HF_NONMON_SEP PRIu64 ESC_RESET " (%" PRId64 "%%)", + softCntEdge, guardNb, softCntEdge ? ((softCntEdge * 100) / softCntEdge) : 0); display_put(" pc: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntPc); display_put(" cmp: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntCmp); } -- cgit v1.2.3 From c5ee05d34179a57c7b41e4983c22fbadf4073006 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 29 Aug 2019 15:54:11 +0200 Subject: display: fix percentage display --- display.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/display.c b/display.c index a3b6a973..a64e3fe3 100644 --- a/display.c +++ b/display.c @@ -254,7 +254,7 @@ static void display_displayLocked(honggfuzz_t* hfuzz) { uint64_t guardNb = ATOMIC_GET(hfuzz->feedback.feedbackMap->guardNb); display_put(" edge: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET "/" ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET " (%" PRId64 "%%)", - softCntEdge, guardNb, softCntEdge ? ((softCntEdge * 100) / softCntEdge) : 0); + softCntEdge, guardNb, guardNb ? ((softCntEdge * 100) / guardNb) : 0); display_put(" pc: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntPc); display_put(" cmp: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntCmp); } -- cgit v1.2.3 From 32062cfc4a8abd9a0a16e36e4c19808fa9d2af4c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 29 Aug 2019 15:55:19 +0200 Subject: display: fix percentage display #2 --- display.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/display.c b/display.c index a64e3fe3..4e4bad36 100644 --- a/display.c +++ b/display.c @@ -253,7 +253,7 @@ static void display_displayLocked(honggfuzz_t* hfuzz) { uint64_t softCntCmp = ATOMIC_GET(hfuzz->linux.hwCnts.softCntCmp); uint64_t guardNb = ATOMIC_GET(hfuzz->feedback.feedbackMap->guardNb); display_put(" edge: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET "/" ESC_BOLD - "%" _HF_NONMON_SEP PRIu64 ESC_RESET " (%" PRId64 "%%)", + "%" _HF_NONMON_SEP PRIu64 ESC_RESET " [%" PRId64 "%%]", softCntEdge, guardNb, guardNb ? ((softCntEdge * 100) / guardNb) : 0); display_put(" pc: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntPc); display_put(" cmp: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntCmp); -- cgit v1.2.3 From 8649b582696768087dfefe7ca0e2ce8b516032ba Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 29 Aug 2019 16:36:49 +0200 Subject: mangle: resize once only --- mangle.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/mangle.c b/mangle.c index 2e1a798f..ed35f421 100644 --- a/mangle.c +++ b/mangle.c @@ -956,7 +956,6 @@ void mangle_mangleContent(run_t* run) { mangle_CloneByte, mangle_Expand, mangle_Shrink, - mangle_Resize, mangle_InsertRnd, mangle_ASCIIVal, }; @@ -978,7 +977,6 @@ void mangle_mangleContent(run_t* run) { mangle_CloneByte, mangle_Expand, mangle_Shrink, - mangle_ResizePrintable, mangle_InsertRndPrintable, mangle_ASCIIVal, }; -- cgit v1.2.3 From 6a2ecb1e79df3cdc14c4cddd8dee6d3b9b035e3e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 2 Sep 2019 13:38:24 +0200 Subject: mangle: merge printable and non-printable funcs --- mangle.c | 297 ++++++++++++++++++--------------------------------------------- 1 file changed, 85 insertions(+), 212 deletions(-) diff --git a/mangle.c b/mangle.c index ed35f421..f1510456 100644 --- a/mangle.c +++ b/mangle.c @@ -69,7 +69,7 @@ static inline void mangle_Move(run_t* run, size_t off_from, size_t off_to, size_ memmove(&run->dynamicFile[off_to], &run->dynamicFile[off_from], len); } -static void mangle_Inflate(run_t* run, size_t off, size_t len) { +static void mangle_Inflate(run_t* run, size_t off, size_t len, bool printable) { if (run->dynamicFileSz >= run->global->mutate.maxFileSz) { return; } @@ -79,9 +79,14 @@ static void mangle_Inflate(run_t* run, size_t off, size_t len) { input_setSize(run, run->dynamicFileSz + len); mangle_Move(run, off, off + len, run->dynamicFileSz); + if (printable) { + util_rndBufPrintable(&run->dynamicFile[off], len); + } else { + util_rndBuf(&run->dynamicFile[off], len); + } } -static void mangle_MemMove(run_t* run) { +static void mangle_MemMove(run_t* run, bool printable HF_ATTR_UNUSED) { size_t off_from = util_rndGet(0, run->dynamicFileSz - 1); size_t off_to = util_rndGet(0, run->dynamicFileSz - 1); size_t len = util_rndGet(0, run->dynamicFileSz); @@ -89,47 +94,30 @@ static void mangle_MemMove(run_t* run) { mangle_Move(run, off_from, off_to, len); } -static void mangle_Byte(run_t* run) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); - run->dynamicFile[off] = (uint8_t)util_rnd64(); -} - -static void mangle_PrintableByte(run_t* run) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); - run->dynamicFile[off] = util_rndPrintable(); -} - -static void mangle_Bytes(run_t* run) { +static void mangle_Bytes(run_t* run, bool printable) { size_t off = util_rndGet(0, run->dynamicFileSz - 1); - uint32_t val = (uint32_t)util_rnd64(); - /* Overwrite with random 2,3,4-byte values */ - size_t toCopy = util_rndGet(2, 4); - mangle_Overwrite(run, (uint8_t*)&val, off, toCopy); -} - -static void mangle_PrintableBytes(run_t* run) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); - uint32_t val; - util_rndBufPrintable((uint8_t*)&val, sizeof(val)); + uint64_t buf; + if (printable) { + util_rndBufPrintable((uint8_t*)&buf, sizeof(buf)); + } else { + util_rndBuf((uint8_t*)&buf, sizeof(buf)); + } - /* Overwrite with random 2,3,4-byte values */ - size_t toCopy = util_rndGet(2, 4); - mangle_Overwrite(run, (uint8_t*)&val, off, toCopy); + /* Overwrite with random 1-8-byte values */ + size_t toCopy = util_rndGet(1, 8); + mangle_Overwrite(run, (uint8_t*)&buf, off, toCopy); } -static void mangle_Bit(run_t* run) { +static void mangle_Bit(run_t* run, bool printable) { size_t off = util_rndGet(0, run->dynamicFileSz - 1); run->dynamicFile[off] ^= (uint8_t)(1U << util_rndGet(0, 7)); + if (printable) { + util_turnToPrintable(&(run->dynamicFile[off]), 1); + } } -static void mangle_BitPrintable(run_t* run) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); - run->dynamicFile[off] ^= (uint8_t)(1U << util_rndGet(0, 7)); - util_turnToPrintable(&(run->dynamicFile[off]), 1); -} - -static void mangle_DictionaryInsertNoCheck(run_t* run) { +static void mangle_DictionaryInsertNoCheck(run_t* run, bool printable) { uint64_t choice = util_rndGet(0, run->global->mutate.dictionaryCnt - 1); struct strings_t* str = TAILQ_FIRST(&run->global->mutate.dictq); for (uint64_t i = 0; i < choice; i++) { @@ -137,25 +125,16 @@ static void mangle_DictionaryInsertNoCheck(run_t* run) { } size_t off = util_rndGet(0, run->dynamicFileSz - 1); - mangle_Inflate(run, off, str->len); - mangle_Move(run, off, off + str->len, str->len); + mangle_Inflate(run, off, str->len, printable); mangle_Overwrite(run, (uint8_t*)str->s, off, str->len); } -static void mangle_DictionaryInsert(run_t* run) { - if (run->global->mutate.dictionaryCnt == 0) { - mangle_Bit(run); - return; - } - mangle_DictionaryInsertNoCheck(run); -} - -static void mangle_DictionaryInsertPrintable(run_t* run) { +static void mangle_DictionaryInsert(run_t* run, bool printable) { if (run->global->mutate.dictionaryCnt == 0) { - mangle_BitPrintable(run); + mangle_Bit(run, printable); return; } - mangle_DictionaryInsertNoCheck(run); + mangle_DictionaryInsertNoCheck(run, printable); } static void mangle_DictionaryNoCheck(run_t* run) { @@ -170,25 +149,16 @@ static void mangle_DictionaryNoCheck(run_t* run) { mangle_Overwrite(run, (uint8_t*)str->s, off, str->len); } -static void mangle_Dictionary(run_t* run) { +static void mangle_Dictionary(run_t* run, bool printable) { if (run->global->mutate.dictionaryCnt == 0) { - mangle_Bit(run); + mangle_Bit(run, printable); return; } mangle_DictionaryNoCheck(run); } -static void mangle_DictionaryPrintable(run_t* run) { - if (run->global->mutate.dictionaryCnt == 0) { - mangle_BitPrintable(run); - return; - } - - mangle_DictionaryNoCheck(run); -} - -static void mangle_Magic(run_t* run) { +static void mangle_Magic(run_t* run, bool printable) { static const struct { const uint8_t val[8]; const size_t size; @@ -426,16 +396,10 @@ static void mangle_Magic(run_t* run) { {"\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, }; - size_t off = util_rndGet(0, run->dynamicFileSz - 1); - uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicVals) - 1); - mangle_Overwrite(run, mangleMagicVals[choice].val, off, mangleMagicVals[choice].size); -} - -static void mangle_MagicPrintable(run_t* run) { static const struct { const uint8_t val[8]; const size_t size; - } mangleMagicVals[] = { + } mangleMagicValsPrintable[] = { /* 1B - No endianness */ {"\x00\x00\x00\x00\x00\x00\x00\x00", 1}, {"\x01\x00\x00\x00\x00\x00\x00\x00", 1}, @@ -670,9 +634,14 @@ static void mangle_MagicPrintable(run_t* run) { }; size_t off = util_rndGet(0, run->dynamicFileSz - 1); - uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicVals) - 1); - mangle_Overwrite(run, mangleMagicVals[choice].val, off, mangleMagicVals[choice].size); - util_turnToPrintable(&run->dynamicFile[off], mangleMagicVals[choice].size); + if (printable) { + uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicValsPrintable) - 1); + mangle_Overwrite( + run, mangleMagicValsPrintable[choice].val, off, mangleMagicValsPrintable[choice].size); + } else { + uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicVals) - 1); + mangle_Overwrite(run, mangleMagicVals[choice].val, off, mangleMagicVals[choice].size); + } } static void mangle_MemSetWithVal(run_t* run, int val) { @@ -682,24 +651,19 @@ static void mangle_MemSetWithVal(run_t* run, int val) { memset(&run->dynamicFile[off], val, sz); } -static void mangle_MemSet(run_t* run) { - mangle_MemSetWithVal(run, (int)util_rndGet(0, UINT8_MAX)); -} - -static void mangle_MemSetPrintable(run_t* run) { - mangle_MemSetWithVal(run, (int)util_rndPrintable()); -} - -static void mangle_Random(run_t* run) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); - size_t len = util_rndGet(1, run->dynamicFileSz - off); - util_rndBuf(&run->dynamicFile[off], len); +static void mangle_MemSet(run_t* run, bool printable) { + mangle_MemSetWithVal( + run, printable ? (int)util_rndPrintable() : (int)util_rndGet(0, UINT8_MAX)); } -static void mangle_RandomPrintable(run_t* run) { +static void mangle_Random(run_t* run, bool printable) { size_t off = util_rndGet(0, run->dynamicFileSz - 1); size_t len = util_rndGet(1, run->dynamicFileSz - off); - util_rndBufPrintable(&run->dynamicFile[off], len); + if (printable) { + util_rndBufPrintable(&run->dynamicFile[off], len); + } else { + util_rndBuf(&run->dynamicFile[off], len); + } } static void mangle_AddSubWithRange(run_t* run, size_t off, uint64_t varLen) { @@ -764,7 +728,7 @@ static void mangle_AddSubWithRange(run_t* run, size_t off, uint64_t varLen) { } } -static void mangle_AddSub(run_t* run) { +static void mangle_AddSub(run_t* run, bool printable) { size_t off = util_rndGet(0, run->dynamicFileSz - 1); /* 1,2,4,8 */ @@ -774,52 +738,39 @@ static void mangle_AddSub(run_t* run) { } mangle_AddSubWithRange(run, off, varLen); -} - -static void mangle_AddSubPrintable(run_t* run) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); - - /* 1,2,4,8 */ - uint64_t varLen = 1U << util_rndGet(0, 3); - if ((run->dynamicFileSz - off) < varLen) { - varLen = 1; + if (printable) { + util_turnToPrintable((uint8_t*)&run->dynamicFile[off], varLen); } - - mangle_AddSubWithRange(run, off, varLen); - util_turnToPrintable((uint8_t*)&run->dynamicFile[off], varLen); -} - -static void mangle_IncByte(run_t* run) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); - run->dynamicFile[off] += (uint8_t)1UL; -} - -static void mangle_IncBytePrintable(run_t* run) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); - run->dynamicFile[off] = (run->dynamicFile[off] - 32 + 1) % 95 + 32; -} - -static void mangle_DecByte(run_t* run) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); - run->dynamicFile[off] -= (uint8_t)1UL; } -static void mangle_DecBytePrintable(run_t* run) { +static void mangle_IncByte(run_t* run, bool printable) { size_t off = util_rndGet(0, run->dynamicFileSz - 1); - run->dynamicFile[off] = (run->dynamicFile[off] - 32 + 94) % 95 + 32; + if (printable) { + run->dynamicFile[off] = (run->dynamicFile[off] - 32 + 1) % 95 + 32; + } else { + run->dynamicFile[off] += (uint8_t)1UL; + } } -static void mangle_NegByte(run_t* run) { +static void mangle_DecByte(run_t* run, bool printable) { size_t off = util_rndGet(0, run->dynamicFileSz - 1); - run->dynamicFile[off] = ~(run->dynamicFile[off]); + if (printable) { + run->dynamicFile[off] = (run->dynamicFile[off] - 32 + 94) % 95 + 32; + } else { + run->dynamicFile[off] -= (uint8_t)1UL; + } } -static void mangle_NegBytePrintable(run_t* run) { +static void mangle_NegByte(run_t* run, bool printable) { size_t off = util_rndGet(0, run->dynamicFileSz - 1); - run->dynamicFile[off] = 94 - (run->dynamicFile[off] - 32) + 32; + if (printable) { + run->dynamicFile[off] = 94 - (run->dynamicFile[off] - 32) + 32; + } else { + run->dynamicFile[off] = ~(run->dynamicFile[off]); + } } -static void mangle_CloneByte(run_t* run) { +static void mangle_CloneByte(run_t* run, bool printable HF_ATTR_UNUSED) { size_t off1 = util_rndGet(0, run->dynamicFileSz - 1); size_t off2 = util_rndGet(0, run->dynamicFileSz - 1); @@ -828,15 +779,14 @@ static void mangle_CloneByte(run_t* run) { run->dynamicFile[off2] = tmp; } -static void mangle_Expand(run_t* run) { +static void mangle_Expand(run_t* run, bool printable) { size_t off = util_rndGet(0, run->dynamicFileSz - 1); size_t len = util_rndGet(1, run->dynamicFileSz - off); - mangle_Inflate(run, off, len); - mangle_Move(run, off, off + len, run->dynamicFileSz); + mangle_Inflate(run, off, len, printable); } -static void mangle_Shrink(run_t* run) { +static void mangle_Shrink(run_t* run, bool printable HF_ATTR_UNUSED) { if (run->dynamicFileSz <= 1U) { return; } @@ -848,7 +798,7 @@ static void mangle_Shrink(run_t* run) { mangle_Move(run, off + len, off, run->dynamicFileSz); } -static void mangle_Resize(run_t* run) { +static void mangle_Resize(run_t* run, bool printable) { size_t oldsz = run->dynamicFileSz; uint64_t v = util_rndGet(0, 16); ssize_t newsz = 0; @@ -876,61 +826,15 @@ static void mangle_Resize(run_t* run) { input_setSize(run, (size_t)newsz); if (newsz > (ssize_t)oldsz) { - util_rndBuf(&run->dynamicFile[oldsz], newsz - oldsz); - } -} - -static void mangle_ResizePrintable(run_t* run) { - size_t oldsz = run->dynamicFileSz; - uint64_t v = util_rndGet(0, 16); - ssize_t newsz = 0; - - switch (v) { - case 0: - newsz = (ssize_t)util_rndGet(1, run->global->mutate.maxFileSz); - break; - case 1 ... 8: - newsz = oldsz + v; - break; - case 9 ... 16: - newsz = oldsz + 8 - v; - break; - default: - LOG_F("Illegal value from util_rndGet: %" PRIx64, v); - break; - } - if (newsz < 1) { - newsz = 1; - } - if (newsz > (ssize_t)run->global->mutate.maxFileSz) { - newsz = run->global->mutate.maxFileSz; - } - - input_setSize(run, (size_t)newsz); - if (newsz > (ssize_t)oldsz) { - util_rndBufPrintable(&run->dynamicFile[oldsz], newsz - oldsz); + if (printable) { + util_rndBufPrintable(&run->dynamicFile[oldsz], newsz - oldsz); + } else { + util_rndBuf(&run->dynamicFile[oldsz], newsz - oldsz); + } } } -static void mangle_InsertRnd(run_t* run) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); - size_t len = util_rndGet(1, run->dynamicFileSz - off); - - mangle_Inflate(run, off, len); - mangle_Move(run, off, off + len, run->dynamicFileSz); - util_rndBuf(&run->dynamicFile[off], len); -} - -static void mangle_InsertRndPrintable(run_t* run) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); - size_t len = util_rndGet(1, run->dynamicFileSz - off); - - mangle_Inflate(run, off, len); - mangle_Move(run, off, off + len, run->dynamicFileSz); - util_rndBufPrintable(&run->dynamicFile[off], len); -} - -static void mangle_ASCIIVal(run_t* run) { +static void mangle_ASCIIVal(run_t* run, bool printable HF_ATTR_UNUSED) { char buf[32]; snprintf(buf, sizeof(buf), "%" PRId64, (int64_t)util_rnd64()); size_t off = util_rndGet(0, run->dynamicFileSz - 1); @@ -939,8 +843,7 @@ static void mangle_ASCIIVal(run_t* run) { } void mangle_mangleContent(run_t* run) { - static void (*const mangleFuncs[])(run_t * run) = { - mangle_Byte, + static void (*const mangleFuncs[])(run_t * run, bool printable) = { mangle_Bit, mangle_Bytes, mangle_Magic, @@ -956,28 +859,6 @@ void mangle_mangleContent(run_t* run) { mangle_CloneByte, mangle_Expand, mangle_Shrink, - mangle_InsertRnd, - mangle_ASCIIVal, - }; - - static void (*const manglePrintableFuncs[])(run_t * run) = { - mangle_PrintableByte, - mangle_BitPrintable, - mangle_PrintableBytes, - mangle_MagicPrintable, - mangle_IncBytePrintable, - mangle_DecBytePrintable, - mangle_NegBytePrintable, - mangle_AddSubPrintable, - mangle_DictionaryPrintable, - mangle_DictionaryInsertPrintable, - mangle_MemMove, - mangle_MemSetPrintable, - mangle_RandomPrintable, - mangle_CloneByte, - mangle_Expand, - mangle_Shrink, - mangle_InsertRndPrintable, mangle_ASCIIVal, }; @@ -985,20 +866,12 @@ void mangle_mangleContent(run_t* run) { return; } + mangle_Resize(run, /* printable= */ run->global->cfg.only_printable); + /* Max number of stacked changes is, by default, 6 */ uint64_t changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); - - if (run->global->cfg.only_printable) { - mangle_ResizePrintable(run); - for (uint64_t x = 0; x < changesCnt; x++) { - uint64_t choice = util_rndGet(0, ARRAYSIZE(manglePrintableFuncs) - 1); - manglePrintableFuncs[choice](run); - } - } else { - mangle_Resize(run); - for (uint64_t x = 0; x < changesCnt; x++) { - uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleFuncs) - 1); - mangleFuncs[choice](run); - } + for (uint64_t x = 0; x < changesCnt; x++) { + uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleFuncs) - 1); + mangleFuncs[choice](run, /* printable= */ run->global->cfg.only_printable); } } -- cgit v1.2.3 From e46d5f31fa85b5fb8b90f27b418dcc688e077853 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 14:03:26 +0200 Subject: No need to use a special signal to emulate SIGUSR1 --- cmdline.c | 2 +- honggfuzz.c | 12 ++---------- linux/arch.c | 12 ++---------- mac/arch.c | 4 ++-- netbsd/arch.c | 4 ++-- posix/arch.c | 4 ++-- 6 files changed, 11 insertions(+), 27 deletions(-) diff --git a/cmdline.c b/cmdline.c index 1d85b78c..2c524cac 100644 --- a/cmdline.c +++ b/cmdline.c @@ -708,7 +708,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { sigemptyset(&hfuzz->exe.waitSigSet); sigaddset(&hfuzz->exe.waitSigSet, SIGIO); /* Persistent socket data */ - sigaddset(&hfuzz->exe.waitSigSet, SIGUSR1); /* Ping from the signal thread */ + sigaddset(&hfuzz->exe.waitSigSet, SIGCHLD); /* Ping from the signal thread */ LOG_I("cmdline:'%s', bin:'%s' inputDir:'%s', fuzzStdin:%s, mutationsPerRun:%u, " "externalCommand:'%s', timeout:%ld, mutationsMax:%zu, threadsMax:%zu", diff --git a/honggfuzz.c b/honggfuzz.c index e18fe478..75c45c50 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -78,10 +78,6 @@ static void sigHandler(int sig) { return; } - /* Do nothing with pings from the main thread */ - if (sig == SIGUSR1) { - return; - } /* It's handled in the signal thread */ if (sig == SIGCHLD) { return; @@ -146,7 +142,6 @@ static void setupSignalsPreThreads(void) { /* Let the signal thread catch SIGCHLD */ sigaddset(&ss, SIGCHLD); /* This is checked for via sigwaitinfo/sigtimedwait */ - sigaddset(&ss, SIGUSR1); sigaddset(&ss, SIGWINCH); if (sigprocmask(SIG_SETMASK, &ss, NULL) != 0) { PLOG_F("sigprocmask(SIG_SETMASK)"); @@ -169,9 +164,6 @@ static void setupSignalsPreThreads(void) { if (sigaction(SIGALRM, &sa, NULL) == -1) { PLOG_F("sigaction(SIGQUIT) failed"); } - if (sigaction(SIGUSR1, &sa, NULL) == -1) { - PLOG_F("sigaction(SIGUSR1) failed"); - } if (sigaction(SIGCHLD, &sa, NULL) == -1) { PLOG_F("sigaction(SIGCHLD) failed"); } @@ -220,8 +212,8 @@ static void printSummary(honggfuzz_t* hfuzz) { static void pingThreads(honggfuzz_t* hfuzz) { for (size_t i = 0; i < hfuzz->threads.threadsMax; i++) { - if (pthread_kill(hfuzz->threads.threads[i], SIGUSR1) != 0 && errno != EINTR) { - PLOG_W("pthread_kill(thread=%zu, SIGUSR1)", i); + if (pthread_kill(hfuzz->threads.threads[i], SIGCHLD) != 0 && errno != EINTR) { + PLOG_W("pthread_kill(thread=%zu, SIGCHLD)", i); } } } diff --git a/linux/arch.c b/linux/arch.c index 12b65d80..21d56404 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -263,10 +263,10 @@ void arch_reapChild(run_t* run) { .tv_sec = 0ULL, .tv_nsec = (1000ULL * 1000ULL * 250ULL), }; - /* Return with SIGIO, SIGCHLD and with SIGUSR1 */ + /* Return with SIGIO, SIGCHLD */ int sig = sigtimedwait(&run->global->exe.waitSigSet, NULL, &ts /* 0.25s */); if (sig == -1 && (errno != EAGAIN && errno != EINTR)) { - PLOG_F("sigwaitinfo(SIGIO|SIGCHLD|SIGUSR1)"); + PLOG_F("sigwaitinfo(SIGIO|SIGCHLD)"); } if (arch_checkWait(run)) { @@ -428,13 +428,5 @@ bool arch_archThreadInit(run_t* run) { PLOG_W("prctl(PR_SET_CHILD_SUBREAPER, 1)"); } - sigset_t ss; - sigemptyset(&ss); - sigaddset(&ss, SIGUSR1); - if (pthread_sigmask(SIG_BLOCK, &ss, NULL) != 0) { - PLOG_W("Couldn't block SIGUSR1"); - return false; - } - return true; } diff --git a/mac/arch.c b/mac/arch.c index c0ef646d..ca896714 100644 --- a/mac/arch.c +++ b/mac/arch.c @@ -408,10 +408,10 @@ void arch_reapChild(run_t* run) { PLOG_F("poll(fd=%d)", run->persistentSock); } } else { - /* Return with SIGIO, SIGCHLD and with SIGUSR1 */ + /* Return with SIGIO, SIGCHLD */ int sig; if (sigwait(&run->global->exe.waitSigSet, &sig) != 0) { - PLOG_F("sigwait(SIGIO|SIGCHLD|SIGUSR1)"); + PLOG_F("sigwait(SIGIO|SIGCHLD)"); } } diff --git a/netbsd/arch.c b/netbsd/arch.c index 34070137..d11bdf1b 100644 --- a/netbsd/arch.c +++ b/netbsd/arch.c @@ -185,14 +185,14 @@ void arch_reapChild(run_t* run) { PLOG_F("poll(fd=%d)", run->persistentSock); } } else { - /* Return with SIGIO, SIGCHLD and with SIGUSR1 */ + /* Return with SIGIO, SIGCHLD */ const struct timespec ts = { .tv_sec = 0ULL, .tv_nsec = (1000ULL * 1000ULL * 250ULL), }; int sig = sigtimedwait(&run->global->exe.waitSigSet, NULL, &ts /* 0.25s */); if (sig == -1 && (errno != EAGAIN && errno != EINTR)) { - PLOG_F("sigtimedwait(SIGIO|SIGCHLD|SIGUSR1)"); + PLOG_F("sigtimedwait(SIGIO|SIGCHLD)"); } } diff --git a/posix/arch.c b/posix/arch.c index f63de1f6..8a7c9f19 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -241,14 +241,14 @@ void arch_reapChild(run_t* run) { PLOG_F("poll(fd=%d)", run->persistentSock); } } else { - /* Return with SIGIO, SIGCHLD and with SIGUSR1 */ + /* Return with SIGIO, SIGCHLD */ const struct timespec ts = { .tv_sec = 0ULL, .tv_nsec = (1000ULL * 1000ULL * 250ULL), }; int sig = sigtimedwait(&run->global->exe.waitSigSet, NULL, &ts /* 0.25s */); if (sig == -1 && (errno != EAGAIN && errno != EINTR)) { - PLOG_F("sigtimedwait(SIGIO|SIGCHLD|SIGUSR1)"); + PLOG_F("sigtimedwait(SIGIO|SIGCHLD)"); } } -- cgit v1.2.3 From e1b6cc946cad407eef1245e2166ae71bcdce71bc Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 14:20:58 +0200 Subject: libhfuzz: don't reinitialized already initialized modules (can happen on macos) --- libhfuzz/instrument.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 12c41828..35f4f913 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -329,6 +329,11 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard_init( /* Make sure that the feedback struct is already mmap()'d */ hfuzzInstrumentInit(); + /* If this module was already initialized, skip it */ + if (*start > 0) { + return; + } + for (uint32_t* x = start; x < stop; x++, n++) { if (n >= _HF_PC_GUARD_MAX) { LOG_F("This process has too many PC guards:%" PRIu32 -- cgit v1.2.3 From 766bc638c9ff711333546e2f0b5876bac96a4100 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 14:21:17 +0200 Subject: make indent --- libhfuzz/instrument.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 35f4f913..9ef2bebf 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -329,10 +329,10 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard_init( /* Make sure that the feedback struct is already mmap()'d */ hfuzzInstrumentInit(); - /* If this module was already initialized, skip it */ - if (*start > 0) { - return; - } + /* If this module was already initialized, skip it */ + if (*start > 0) { + return; + } for (uint32_t* x = start; x < stop; x++, n++) { if (n >= _HF_PC_GUARD_MAX) { -- cgit v1.2.3 From 4e58d81ec92a4bc5fcf0e7729b29dced844d0f96 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 16:00:55 +0200 Subject: sigwait(): handle EINTR --- honggfuzz.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/honggfuzz.c b/honggfuzz.c index 75c45c50..beb1900e 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -229,14 +229,21 @@ static void* signalThread(void* arg) { } for (;;) { - int sig; - if (sigwait(&ss, &sig) != 0 && errno != EINTR) { + int sig = 0; + errno = 0; + int ret = sigwait(&ss, &sig); + if (ret == EINTR) { + continue; + } + if (errno == EINTR) { + continue; + } + if (ret != 0) { PLOG_F("sigwait(SIGCHLD)"); } if (fuzz_isTerminating()) { break; } - if (sig == SIGCHLD) { pingThreads(hfuzz); } -- cgit v1.2.3 From 331772864b9d977002a060372997eb106299e003 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 16:02:29 +0200 Subject: sigwait(): handle EINTR #2 --- honggfuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/honggfuzz.c b/honggfuzz.c index beb1900e..ba406890 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -235,7 +235,7 @@ static void* signalThread(void* arg) { if (ret == EINTR) { continue; } - if (errno == EINTR) { + if (ret != 0 && errno == EINTR) { continue; } if (ret != 0) { -- cgit v1.2.3 From 1546be6ddb27f58d9a59432900ee603aca97dc42 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 19:31:22 +0200 Subject: libhfcommon/input: use shm_open(SHM_ANON) with FreeBSD --- libhfcommon/files.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index cc4e54f4..2332bef4 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -414,6 +414,14 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name, const char* dir) #endif /* defined(_HF_ARCH_LINUX) */ +/* SHM_ANON is available with some *BSD OSes */ +#if defined(SHM_ANON) + if (*fd == -1) { + if ((*fd = shm_open(SHM_ANON, O_RDWR, 0600)) == -1) { + PLOG_E("OOO"); + } + } +#endif if (*fd == -1) { char template[PATH_MAX]; snprintf(template, sizeof(template), "%s/%s.XXXXXX", dir, name); -- cgit v1.2.3 From d7e68059f0ddf0715dee9239d826f69464dee2d9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 19:43:07 +0200 Subject: libhfcommon/files: use shm_open with other OSes --- fuzz.c | 4 ++-- honggfuzz.c | 4 ++-- libhfcommon/files.c | 19 ++++++++++++++++--- libhfcommon/files.h | 2 +- 4 files changed, 21 insertions(+), 8 deletions(-) diff --git a/fuzz.c b/fuzz.c index f61df599..1d8ef8c2 100644 --- a/fuzz.c +++ b/fuzz.c @@ -480,8 +480,8 @@ static void* fuzz_threadNew(void* arg) { /* Do not try to handle input files with socketfuzzer */ if (!hfuzz->socketFuzzer.enabled) { - if (!(run.dynamicFile = files_mapSharedMem(hfuzz->mutate.maxFileSz, &run.dynamicFileFd, - "hfuzz-input", run.global->io.workDir))) { + if (!(run.dynamicFile = files_mapSharedMem( + hfuzz->mutate.maxFileSz, &run.dynamicFileFd, "hfuzz-input"))) { LOG_F("Couldn't create an input file of size: %zu", hfuzz->mutate.maxFileSz); } } diff --git a/honggfuzz.c b/honggfuzz.c index ba406890..35e31d6a 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -302,8 +302,8 @@ int main(int argc, char** argv) { LOG_F("Couldn't parse symbols whitelist file ('%s')", hfuzzl.symsWlFile); } - if (!(hfuzz.feedback.feedbackMap = files_mapSharedMem( - sizeof(feedback_t), &hfuzz.feedback.bbFd, "hfuzz-feedback", hfuzz.io.workDir))) { + if (!(hfuzz.feedback.feedbackMap = + files_mapSharedMem(sizeof(feedback_t), &hfuzz.feedback.bbFd, "hfuzz-feedback"))) { LOG_F("files_mapSharedMem(sz=%zu, dir='%s') failed", sizeof(feedback_t), hfuzz.io.workDir); } diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 2332bef4..e6febe91 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -41,6 +41,7 @@ #if defined(_HF_ARCH_LINUX) #include #endif /* defined(_HF_ARCH_LINUX) */ +#include #include #include @@ -393,7 +394,7 @@ uint8_t* files_mapFileShared(const char* fileName, off_t* fileSz, int* fd) { return buf; } -void* files_mapSharedMem(size_t sz, int* fd, const char* name, const char* dir) { +void* files_mapSharedMem(size_t sz, int* fd, const char* name) { *fd = -1; #if defined(_HF_ARCH_LINUX) @@ -418,13 +419,25 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name, const char* dir) #if defined(SHM_ANON) if (*fd == -1) { if ((*fd = shm_open(SHM_ANON, O_RDWR, 0600)) == -1) { - PLOG_E("OOO"); + PLOG_W("shm_open(SHM_ANON, O_RDWR, 0600)"); } } #endif + if (*fd == -1) { + char tmpname[PATH_MAX]; + struct timeval tv; + gettimeofday(&tv, NULL); + snprintf(tmpname, sizeof(tmpname), "%s%lx%lx%d", name, (unsigned long)tv.tv_sec, + (unsigned long)tv.tv_usec, (int)getpid()); + if ((*fd = shm_open(tmpname, O_RDWR | O_CREAT | O_EXCL, 0600)) == -1) { + PLOG_W("shm_open('%s', O_RDWR|O_CREAT|O_EXCL, 0600)", tmpname); + } else { + shm_unlink(tmpname); + } + } if (*fd == -1) { char template[PATH_MAX]; - snprintf(template, sizeof(template), "%s/%s.XXXXXX", dir, name); + snprintf(template, sizeof(template), "/tmp/%s.XXXXXX", name); if ((*fd = mkostemp(template, O_CLOEXEC)) == -1) { PLOG_W("mkstemp('%s')", template); return NULL; diff --git a/libhfcommon/files.h b/libhfcommon/files.h index f535a366..99090db2 100644 --- a/libhfcommon/files.h +++ b/libhfcommon/files.h @@ -63,7 +63,7 @@ extern uint8_t* files_mapFile(const char* fileName, off_t* fileSz, int* fd, bool extern uint8_t* files_mapFileShared(const char* fileName, off_t* fileSz, int* fd); -extern void* files_mapSharedMem(size_t sz, int* fd, const char* name, const char* dir); +extern void* files_mapSharedMem(size_t sz, int* fd, const char* name); extern size_t files_parseSymbolFilter(const char* inFIle, char*** filterList); -- cgit v1.2.3 From 60215846c5981a0f8bfd2aee7edee369c7789ab2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 19:46:45 +0200 Subject: libhfcommon/input: use shm_open(SHM_ANON) with FreeBSD #2 --- libhfcommon/files.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index e6febe91..72185b89 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -427,7 +427,7 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name) { char tmpname[PATH_MAX]; struct timeval tv; gettimeofday(&tv, NULL); - snprintf(tmpname, sizeof(tmpname), "%s%lx%lx%d", name, (unsigned long)tv.tv_sec, + snprintf(tmpname, sizeof(tmpname), "/%s%lx%lx%d", name, (unsigned long)tv.tv_sec, (unsigned long)tv.tv_usec, (int)getpid()); if ((*fd = shm_open(tmpname, O_RDWR | O_CREAT | O_EXCL, 0600)) == -1) { PLOG_W("shm_open('%s', O_RDWR|O_CREAT|O_EXCL, 0600)", tmpname); -- cgit v1.2.3 From e7d4ffd0edc89728de25b837a8fa7f63365dfa7c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 20:06:20 +0200 Subject: libhfcommon/files: disable shm_open under macosx --- libhfcommon/files.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 72185b89..ba519def 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -422,7 +422,9 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name) { PLOG_W("shm_open(SHM_ANON, O_RDWR, 0600)"); } } -#endif +#endif /* defined(SHM_ANON) */ +#if !defined(_HF_ARCH_DARWIN) + /* shm objects under MacOSX are 'a-typical' */ if (*fd == -1) { char tmpname[PATH_MAX]; struct timeval tv; @@ -435,6 +437,7 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name) { shm_unlink(tmpname); } } +#endif /* !defined(_HF_ARCH_DARWIN) */ if (*fd == -1) { char template[PATH_MAX]; snprintf(template, sizeof(template), "/tmp/%s.XXXXXX", name); -- cgit v1.2.3 From 92fac33d07ca0e8a567733934396acd89b5bc5e0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 20:11:11 +0200 Subject: libhfcommon: use CLOEXEC by default --- libhfcommon/files.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index ba519def..167e1d3b 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -397,7 +397,7 @@ uint8_t* files_mapFileShared(const char* fileName, off_t* fileSz, int* fd) { void* files_mapSharedMem(size_t sz, int* fd, const char* name) { *fd = -1; -#if defined(_HF_ARCH_LINUX) +#if defined(_HF_ARCH_LINUXZ) #if !defined(MFD_CLOEXEC) /* sys/memfd.h is not always present */ #define MFD_CLOEXEC 0x0001U @@ -418,8 +418,8 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name) { /* SHM_ANON is available with some *BSD OSes */ #if defined(SHM_ANON) if (*fd == -1) { - if ((*fd = shm_open(SHM_ANON, O_RDWR, 0600)) == -1) { - PLOG_W("shm_open(SHM_ANON, O_RDWR, 0600)"); + if ((*fd = shm_open(SHM_ANON, O_RDWR | O_CLOEXEC, 0600)) == -1) { + PLOG_W("shm_open(SHM_ANON, O_RDWR|O_CLOEXEC, 0600)"); } } #endif /* defined(SHM_ANON) */ @@ -431,8 +431,8 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name) { gettimeofday(&tv, NULL); snprintf(tmpname, sizeof(tmpname), "/%s%lx%lx%d", name, (unsigned long)tv.tv_sec, (unsigned long)tv.tv_usec, (int)getpid()); - if ((*fd = shm_open(tmpname, O_RDWR | O_CREAT | O_EXCL, 0600)) == -1) { - PLOG_W("shm_open('%s', O_RDWR|O_CREAT|O_EXCL, 0600)", tmpname); + if ((*fd = shm_open(tmpname, O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, 0600)) == -1) { + PLOG_W("shm_open('%s', O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, 0600)", tmpname); } else { shm_unlink(tmpname); } -- cgit v1.2.3 From dc98b4356b1fed3c1a392a78ef92d819da2034e3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 20:12:49 +0200 Subject: libhfcommon/files: invalid ifdef --- libhfcommon/files.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 167e1d3b..931529cf 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -397,7 +397,7 @@ uint8_t* files_mapFileShared(const char* fileName, off_t* fileSz, int* fd) { void* files_mapSharedMem(size_t sz, int* fd, const char* name) { *fd = -1; -#if defined(_HF_ARCH_LINUXZ) +#if defined(_HF_ARCH_LINUX) #if !defined(MFD_CLOEXEC) /* sys/memfd.h is not always present */ #define MFD_CLOEXEC 0x0001U -- cgit v1.2.3 From aafede130ff86c083b11f3f2ccbd56c3c39f69e4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 22:09:39 +0200 Subject: posix/arch: WSL defines __WALL but doesn't accept it --- Makefile | 2 +- posix/arch.c | 10 +--------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index ce54832b..8801ec5f 100644 --- a/Makefile +++ b/Makefile @@ -157,7 +157,7 @@ else -Wextra -Wno-initializer-overrides -Wno-override-init \ -Wno-unknown-warning-option -Wno-unknown-pragmas \ -funroll-loops - ARCH_LDFLAGS := -pthread -L/usr/local/lib + ARCH_LDFLAGS := -pthread -lrt -L/usr/local/lib # OS Posix endif diff --git a/posix/arch.c b/posix/arch.c index 8a7c9f19..93275689 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -184,15 +184,7 @@ static bool arch_checkWait(run_t* run) { /* All queued wait events must be tested when SIGCHLD was delivered */ for (;;) { int status; - int wflags = WNOHANG; -#if defined(__WNOTHREAD) - wflags |= __WNOTHREAD; -#endif /* defined(__WNOTHREAD) */ -#if defined(__WALL) - wflags |= __WALL; -#endif /* defined(__WALL) */ - - pid_t pid = TEMP_FAILURE_RETRY(waitpid(run->pid, &status, wflags)); + pid_t pid = TEMP_FAILURE_RETRY(waitpid(run->pid, &status, WNOHANG)); if (pid == 0) { return false; } -- cgit v1.2.3 From 3bf1bc9c8e3238c5a3333f26d3bdb4c33dd69ccc Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 23:39:52 +0200 Subject: input: typo --- input.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/input.c b/input.c index 372ee055..d3704190 100644 --- a/input.c +++ b/input.c @@ -311,7 +311,7 @@ bool input_parseBlacklist(honggfuzz_t* hfuzz) { return true; } -bool input_prepareDynamicInput(run_t* run, bool need_mangele) { +bool input_prepareDynamicInput(run_t* run, bool need_mangle) { { MX_SCOPED_RWLOCK_READ(&run->global->io.dynfileq_mutex); @@ -332,7 +332,9 @@ bool input_prepareDynamicInput(run_t* run, bool need_mangele) { input_setSize(run, run->dynfileqCurrent->size); memcpy(run->dynamicFile, run->dynfileqCurrent->data, run->dynfileqCurrent->size); - if (need_mangele) mangle_mangleContent(run); + if (need_mangle) { + mangle_mangleContent(run); + } return true; } -- cgit v1.2.3 From 661d542d8a3cb705a837b4dd198c3c873b7787d3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 23:41:45 +0200 Subject: fuzz: add 1-byte file before changing the state --- fuzz.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fuzz.c b/fuzz.c index 1d8ef8c2..12293ae2 100644 --- a/fuzz.c +++ b/fuzz.c @@ -168,10 +168,6 @@ static void fuzz_setDynamicMainState(run_t* run) { util_sleepForMSec(10); /* Check every 10ms */ } - LOG_I("Entering phase 3/3: Dynamic Main (Feedback Driven Mode)"); - snprintf(run->origFileName, sizeof(run->origFileName), "[DYNAMIC]"); - ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MAIN); - /* * If the initial fuzzing yielded no useful coverage, just add a single 1-byte file to the * dynamic corpus, so the dynamic phase doesn't fail because of lack of useful inputs @@ -180,6 +176,10 @@ static void fuzz_setDynamicMainState(run_t* run) { const char* single_byte = run->global->cfg.only_printable ? " " : "\0"; fuzz_addFileToFileQ(run->global, (const uint8_t*)single_byte, 1U); } + + LOG_I("Entering phase 3/3: Dynamic Main (Feedback Driven Mode)"); + snprintf(run->origFileName, sizeof(run->origFileName), "[DYNAMIC]"); + ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MAIN); } static void fuzz_perfFeedback(run_t* run) { -- cgit v1.2.3 From 64c25bffc57c1ed61e1e483b8062417a317d8bc4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Sep 2019 23:48:23 +0200 Subject: input: typo #2 --- input.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/input.c b/input.c index d3704190..b7c3b09a 100644 --- a/input.c +++ b/input.c @@ -339,7 +339,7 @@ bool input_prepareDynamicInput(run_t* run, bool need_mangle) { return true; } -bool input_prepareStaticFile(run_t* run, bool rewind, bool need_mangele) { +bool input_prepareStaticFile(run_t* run, bool rewind, bool need_mangle) { char fname[PATH_MAX]; if (!input_getNext(run, fname, /* rewind= */ rewind)) { return false; @@ -354,7 +354,9 @@ bool input_prepareStaticFile(run_t* run, bool rewind, bool need_mangele) { } input_setSize(run, fileSz); - if (need_mangele) mangle_mangleContent(run); + if (need_mangle) { + mangle_mangleContent(run); + } return true; } -- cgit v1.2.3 From 3cb8567a410bc9c241bdee7e6b40d8eeef5ee42a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Sep 2019 00:08:15 +0200 Subject: libhfcommon/files: bugaround for freebsd --- libhfcommon/files.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 931529cf..6a59113c 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -453,7 +453,15 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name) { *fd = -1; return NULL; } - void* ret = mmap(NULL, sz, PROT_READ | PROT_WRITE, MAP_SHARED, *fd, 0); + int mmapflags = MAP_SHARED; +#if defined(MAP_NOSYNC) + /* + * Some kind of bug in FreeBSD kernel. Without this flag, the shm_open() memory will cause a lot + * of troubles to the calling process when mmap()'d + */ + mmapflags |= MAP_NOSYNC; +#endif /* defined(MAP_NOSYNC) */ + void* ret = mmap(NULL, sz, PROT_READ | PROT_WRITE, mmapflags, *fd, 0); if (ret == MAP_FAILED) { PLOG_W("mmap(sz=%zu, fd=%d)", sz, *fd); *fd = -1; -- cgit v1.2.3 From ff8186e3b943a237cb8dc7265cdb215cf759bf67 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Sep 2019 00:16:58 +0200 Subject: hfuzz-cc: add -lrt to the linking process (for shm_open) --- hfuzz_cc/hfuzz-cc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index b91888ae..98127ca8 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -438,6 +438,7 @@ static int ldMode(int argc, char** argv) { /* Needed by the libhfcommon */ args[j++] = "-pthread"; + args[j++] = "-lrt"; /* Disable -fsanitize=fuzzer */ if (isFSanitizeFuzzer(argc, argv)) { -- cgit v1.2.3 From 3b3149bf45393972fa3cc4991e14b94dc21d8dd8 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Sep 2019 00:28:52 +0200 Subject: hfuzz-cc: librt doesn't seem to exist with macosx --- hfuzz_cc/hfuzz-cc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 98127ca8..28409e7b 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -438,7 +438,9 @@ static int ldMode(int argc, char** argv) { /* Needed by the libhfcommon */ args[j++] = "-pthread"; +#ifndef _HF_ARCH_DARWIN args[j++] = "-lrt"; +#endif /* _HF_ARCH_DARWIN */ /* Disable -fsanitize=fuzzer */ if (isFSanitizeFuzzer(argc, argv)) { -- cgit v1.2.3 From dab750dc59436b392bd10581f4b696770934f69b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Sep 2019 00:33:27 +0200 Subject: use MAP_NOSYNC with mmap under FreeBSD --- libhfcommon/files.c | 10 +++++++++- libhfuzz/instrument.c | 12 ++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 6a59113c..3cc2fd7e 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -384,7 +384,15 @@ uint8_t* files_mapFileShared(const char* fileName, off_t* fileSz, int* fd) { } uint8_t* buf; - if ((buf = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, *fd, 0)) == MAP_FAILED) { + int mmapflags = MAP_SHARED; +#if defined(MAP_NOSYNC) + /* + * Some kind of bug in FreeBSD kernel. Without this flag, the shm_open() memory will cause a lot + * of troubles to the calling process when mmap()'d + */ + mmapflags |= MAP_NOSYNC; +#endif /* defined(MAP_NOSYNC) */ + if ((buf = mmap(NULL, st.st_size, PROT_READ, mmapflags, *fd, 0)) == MAP_FAILED) { PLOG_W("Couldn't mmap() the '%s' file", fileName); close(*fd); return NULL; diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 9ef2bebf..88cab7a2 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -72,8 +72,16 @@ static void initializeInstrument(void) { "Link your fuzzed binaries with the newest honggfuzz sources via hfuzz-clang(++)", (size_t)st.st_size, sizeof(feedback_t)); } - if ((feedback = mmap(NULL, sizeof(feedback_t), PROT_READ | PROT_WRITE, MAP_SHARED, - _HF_BITMAP_FD, 0)) == MAP_FAILED) { + int mmapflags = MAP_SHARED; +#if defined(MAP_NOSYNC) + /* + * Some kind of bug in FreeBSD kernel. Without this flag, the shm_open() memory will cause a lot + * of troubles to the calling process when mmap()'d + */ + mmapflags |= MAP_NOSYNC; +#endif /* defined(MAP_NOSYNC) */ + if ((feedback = mmap(NULL, sizeof(feedback_t), PROT_READ | PROT_WRITE, mmapflags, _HF_BITMAP_FD, + 0)) == MAP_FAILED) { PLOG_F("mmap(fd=%d, size=%zu) of the feedback structure failed", _HF_BITMAP_FD, sizeof(feedback_t)); } -- cgit v1.2.3 From 41099102bec3b4d895d46ef27da51b7f81b2ec3c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Sep 2019 13:20:30 +0200 Subject: make it compilable under android ndk 20 --- honggfuzz.c | 2 +- libhfcommon/files.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/honggfuzz.c b/honggfuzz.c index 35e31d6a..a07ad9f1 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -203,7 +203,7 @@ static void printSummary(honggfuzz_t* hfuzz) { LOG_I("Summary iterations:%zu time:%" PRIu64 " speed:%" PRIu64 " " "crashes_count:%zu timeout_count:%zu new_units_added:%zu " "slowest_unit_ms:%" PRId64 " guard_nb:%" PRIu64 " branch_coverage_percent:%" PRIu64 " " - "peak_rss_mb:%zu", + "peak_rss_mb:%lu", hfuzz->cnts.mutationsCnt, elapsed_sec, exec_per_sec, hfuzz->cnts.crashesCnt, hfuzz->cnts.timeoutedCnt, hfuzz->io.newUnitsAdded, hfuzz->timing.timeOfLongestUnitInMilliseconds, hfuzz->feedback.feedbackMap->guardNb, diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 3cc2fd7e..c0a61b5b 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -431,7 +431,7 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name) { } } #endif /* defined(SHM_ANON) */ -#if !defined(_HF_ARCH_DARWIN) +#if !defined(_HF_ARCH_DARWIN) && !defined(__ANDROID__) /* shm objects under MacOSX are 'a-typical' */ if (*fd == -1) { char tmpname[PATH_MAX]; @@ -445,7 +445,7 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name) { shm_unlink(tmpname); } } -#endif /* !defined(_HF_ARCH_DARWIN) */ +#endif /* !defined(_HF_ARCH_DARWIN) && !defined(__ANDROID__) */ if (*fd == -1) { char template[PATH_MAX]; snprintf(template, sizeof(template), "/tmp/%s.XXXXXX", name); -- cgit v1.2.3 From a914e6538963e85e2418dfbbbf2a2d03bfa4c9ec Mon Sep 17 00:00:00 2001 From: Guillaume Weghsteen Date: Wed, 4 Sep 2019 15:29:14 +0200 Subject: Convert maxrss to mb --- honggfuzz.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/honggfuzz.c b/honggfuzz.c index a07ad9f1..ff587b6d 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -200,6 +200,11 @@ static void printSummary(honggfuzz_t* hfuzz) { PLOG_W("getrusage failed"); usage.ru_maxrss = 0; // 0 means something went wrong with rusage } +#ifdef _HF_ARCH_DARWIN + usage.ru_maxrss >>= 20; +#else + usage.ru_maxrss >>= 10; +#endif LOG_I("Summary iterations:%zu time:%" PRIu64 " speed:%" PRIu64 " " "crashes_count:%zu timeout_count:%zu new_units_added:%zu " "slowest_unit_ms:%" PRId64 " guard_nb:%" PRIu64 " branch_coverage_percent:%" PRIu64 " " -- cgit v1.2.3 From e08bcb29c21823502034e97bc8ae8b1ba589b272 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Sep 2019 15:37:19 +0200 Subject: posix/arch: sigwait for sigtimedwait for openbsd --- Makefile | 7 ++++++- posix/arch.c | 12 +++++------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 8801ec5f..7d101ebb 100644 --- a/Makefile +++ b/Makefile @@ -157,7 +157,12 @@ else -Wextra -Wno-initializer-overrides -Wno-override-init \ -Wno-unknown-warning-option -Wno-unknown-pragmas \ -funroll-loops - ARCH_LDFLAGS := -pthread -lrt -L/usr/local/lib +ifeq ($(OS),OpenBSD) + ARCH_LDFLAGS := -L/usr/local/lib -pthread +else + ARCH_LDFLAGS := -L/usr/local/lib -pthread -lrt + # OS OpenBSD +endif # OS Posix endif diff --git a/posix/arch.c b/posix/arch.c index 93275689..d553b1d7 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -234,13 +234,11 @@ void arch_reapChild(run_t* run) { } } else { /* Return with SIGIO, SIGCHLD */ - const struct timespec ts = { - .tv_sec = 0ULL, - .tv_nsec = (1000ULL * 1000ULL * 250ULL), - }; - int sig = sigtimedwait(&run->global->exe.waitSigSet, NULL, &ts /* 0.25s */); - if (sig == -1 && (errno != EAGAIN && errno != EINTR)) { - PLOG_F("sigtimedwait(SIGIO|SIGCHLD)"); + errno = 0; + int sig; + int ret = sigwait(&run->global->exe.waitSigSet, &sig); + if (ret != 0 && ret != EINTR) { + PLOG_F("sigwait(SIGIO|SIGCHLD)"); } } -- cgit v1.2.3 From 79faca411e417f6242bf7d0dffb31a1268c8b6a0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Sep 2019 15:42:09 +0200 Subject: hfuzz-cc: disable -lrt linking for OpenBSD --- hfuzz_cc/hfuzz-cc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 28409e7b..57827608 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -438,9 +438,9 @@ static int ldMode(int argc, char** argv) { /* Needed by the libhfcommon */ args[j++] = "-pthread"; -#ifndef _HF_ARCH_DARWIN +#if !defined(_HF_ARCH_DARWIN) && !defined(__OpenBSD__) args[j++] = "-lrt"; -#endif /* _HF_ARCH_DARWIN */ +#endif /* !defined(_HF_ARCH_DARWIN) && !defined(__OpenBSD__) */ /* Disable -fsanitize=fuzzer */ if (isFSanitizeFuzzer(argc, argv)) { -- cgit v1.2.3 From f3cac6ed2a2e267790e4ab241c95caea4d9dcd88 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Sep 2019 21:03:04 +0200 Subject: libhfcommon: use map_hassemaphore --- libhfcommon/files.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index c0a61b5b..b3891f84 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -392,6 +392,10 @@ uint8_t* files_mapFileShared(const char* fileName, off_t* fileSz, int* fd) { */ mmapflags |= MAP_NOSYNC; #endif /* defined(MAP_NOSYNC) */ +#if defined(MAP_HASSEMAPHORE) + /* We use mutexes, so.. */ + mmapflags |= MAP_HASSEMAPHORE; +#endif /* defined(MAP_HASSEMAPHORE) */ if ((buf = mmap(NULL, st.st_size, PROT_READ, mmapflags, *fd, 0)) == MAP_FAILED) { PLOG_W("Couldn't mmap() the '%s' file", fileName); close(*fd); -- cgit v1.2.3 From b5005f8c005e51f1ba938afd0a168355a483c412 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Sep 2019 21:28:04 +0200 Subject: libhfcommon: use POSIX_MADV_RANDOM with input/feedback mappings --- libhfcommon/files.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index b3891f84..549a2894 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -480,6 +480,9 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name) { close(*fd); return NULL; } + if (posix_madvise(ret, sz, POSIX_MADV_RANDOM) == -1) { + PLOG_W("posix_madvise(sz=%zu, POSIX_MADV_RANDOM)", sz); + } return ret; } -- cgit v1.2.3 From 41a6c8cb44768564e2d6109da374a2ca7ddcd780 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Sep 2019 21:36:11 +0200 Subject: libhfcommon/files_mapFileShared --- libhfcommon/files.c | 36 ------------------------------------ libhfcommon/files.h | 2 -- 2 files changed, 38 deletions(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 549a2894..01047538 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -370,42 +370,6 @@ uint8_t* files_mapFile(const char* fileName, off_t* fileSz, int* fd, bool isWrit return buf; } -uint8_t* files_mapFileShared(const char* fileName, off_t* fileSz, int* fd) { - if ((*fd = TEMP_FAILURE_RETRY(open(fileName, O_RDONLY))) == -1) { - PLOG_W("Couldn't open() '%s' file in R/O mode", fileName); - return NULL; - } - - struct stat st; - if (fstat(*fd, &st) == -1) { - PLOG_W("Couldn't stat() the '%s' file", fileName); - close(*fd); - return NULL; - } - - uint8_t* buf; - int mmapflags = MAP_SHARED; -#if defined(MAP_NOSYNC) - /* - * Some kind of bug in FreeBSD kernel. Without this flag, the shm_open() memory will cause a lot - * of troubles to the calling process when mmap()'d - */ - mmapflags |= MAP_NOSYNC; -#endif /* defined(MAP_NOSYNC) */ -#if defined(MAP_HASSEMAPHORE) - /* We use mutexes, so.. */ - mmapflags |= MAP_HASSEMAPHORE; -#endif /* defined(MAP_HASSEMAPHORE) */ - if ((buf = mmap(NULL, st.st_size, PROT_READ, mmapflags, *fd, 0)) == MAP_FAILED) { - PLOG_W("Couldn't mmap() the '%s' file", fileName); - close(*fd); - return NULL; - } - - *fileSz = st.st_size; - return buf; -} - void* files_mapSharedMem(size_t sz, int* fd, const char* name) { *fd = -1; diff --git a/libhfcommon/files.h b/libhfcommon/files.h index 99090db2..31741c15 100644 --- a/libhfcommon/files.h +++ b/libhfcommon/files.h @@ -61,8 +61,6 @@ extern bool files_copyFile( extern uint8_t* files_mapFile(const char* fileName, off_t* fileSz, int* fd, bool isWritable); -extern uint8_t* files_mapFileShared(const char* fileName, off_t* fileSz, int* fd); - extern void* files_mapSharedMem(size_t sz, int* fd, const char* name); extern size_t files_parseSymbolFilter(const char* inFIle, char*** filterList); -- cgit v1.2.3 From 64b466408f041a71dd07c48bf77e895feed58a64 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Sep 2019 21:41:30 +0200 Subject: use madvise(nocore) for the input fd --- fuzz.c | 4 ++-- honggfuzz.c | 4 ++-- libhfcommon/files.c | 14 +++++++++++++- libhfcommon/files.h | 2 +- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/fuzz.c b/fuzz.c index 12293ae2..fc3d7fb6 100644 --- a/fuzz.c +++ b/fuzz.c @@ -480,8 +480,8 @@ static void* fuzz_threadNew(void* arg) { /* Do not try to handle input files with socketfuzzer */ if (!hfuzz->socketFuzzer.enabled) { - if (!(run.dynamicFile = files_mapSharedMem( - hfuzz->mutate.maxFileSz, &run.dynamicFileFd, "hfuzz-input"))) { + if (!(run.dynamicFile = files_mapSharedMem(hfuzz->mutate.maxFileSz, &run.dynamicFileFd, + "hfuzz-input", /* nocore= */ true))) { LOG_F("Couldn't create an input file of size: %zu", hfuzz->mutate.maxFileSz); } } diff --git a/honggfuzz.c b/honggfuzz.c index a07ad9f1..6f3ffb4e 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -302,8 +302,8 @@ int main(int argc, char** argv) { LOG_F("Couldn't parse symbols whitelist file ('%s')", hfuzzl.symsWlFile); } - if (!(hfuzz.feedback.feedbackMap = - files_mapSharedMem(sizeof(feedback_t), &hfuzz.feedback.bbFd, "hfuzz-feedback"))) { + if (!(hfuzz.feedback.feedbackMap = files_mapSharedMem( + sizeof(feedback_t), &hfuzz.feedback.bbFd, "hfuzz-feedback", /* nocore= */ false))) { LOG_F("files_mapSharedMem(sz=%zu, dir='%s') failed", sizeof(feedback_t), hfuzz.io.workDir); } diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 01047538..ce6c260b 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -370,7 +370,7 @@ uint8_t* files_mapFile(const char* fileName, off_t* fileSz, int* fd, bool isWrit return buf; } -void* files_mapSharedMem(size_t sz, int* fd, const char* name) { +void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore) { *fd = -1; #if defined(_HF_ARCH_LINUX) @@ -447,6 +447,18 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name) { if (posix_madvise(ret, sz, POSIX_MADV_RANDOM) == -1) { PLOG_W("posix_madvise(sz=%zu, POSIX_MADV_RANDOM)", sz); } + if (nocore) { +#if defined(MADV_DONTDUMP) + if (madvise(ret, sz, MADV_DONTDUMP) == -1) { + PLOG_W("madvise(sz=%zu, MADV_DONTDUMP)", sz); + } +#endif /* defined(MADV_DONTDUMP) */ +#if defined(MADV_NOCORE) + if (madvise(ret, sz, MADV_NOCORE) == -1) { + PLOG_W("madvise(sz=%zu, MADV_NOCORE)", sz); + } +#endif /* defined(MADV_NOCORE) */ + } return ret; } diff --git a/libhfcommon/files.h b/libhfcommon/files.h index 31741c15..00f591d0 100644 --- a/libhfcommon/files.h +++ b/libhfcommon/files.h @@ -61,7 +61,7 @@ extern bool files_copyFile( extern uint8_t* files_mapFile(const char* fileName, off_t* fileSz, int* fd, bool isWritable); -extern void* files_mapSharedMem(size_t sz, int* fd, const char* name); +extern void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore); extern size_t files_parseSymbolFilter(const char* inFIle, char*** filterList); -- cgit v1.2.3 From 525cd883edfa9b190fc8b2beda708867a60702f6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Sep 2019 21:41:53 +0200 Subject: use madvise(nocore) for the feedback --- honggfuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/honggfuzz.c b/honggfuzz.c index 6f3ffb4e..b4376f24 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -303,7 +303,7 @@ int main(int argc, char** argv) { } if (!(hfuzz.feedback.feedbackMap = files_mapSharedMem( - sizeof(feedback_t), &hfuzz.feedback.bbFd, "hfuzz-feedback", /* nocore= */ false))) { + sizeof(feedback_t), &hfuzz.feedback.bbFd, "hfuzz-feedback", /* nocore= */ true))) { LOG_F("files_mapSharedMem(sz=%zu, dir='%s') failed", sizeof(feedback_t), hfuzz.io.workDir); } -- cgit v1.2.3 From 69f1f048c4c9f6208064c474242c2d9181d2cbd5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Sep 2019 13:33:50 +0200 Subject: libhfcommon/files: use MAP_NOCORE if available --- libhfcommon/files.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index ce6c260b..330bc5e6 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -437,6 +437,14 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore) { */ mmapflags |= MAP_NOSYNC; #endif /* defined(MAP_NOSYNC) */ + if (nocore) { +#if defined(MAP_CONCEAL) + mmapflags |= MAP_CONCEAL; +#endif /* defined(MAP_CONCEAL) */ +#if defined(MAP_NOCORE) + mmapflags |= MAP_NOCORE; +#endif /* defined(MAP_NOCORE) */ + } void* ret = mmap(NULL, sz, PROT_READ | PROT_WRITE, mmapflags, *fd, 0); if (ret == MAP_FAILED) { PLOG_W("mmap(sz=%zu, fd=%d)", sz, *fd); -- cgit v1.2.3 From 60944a79cd847e67726a4acc9b1244195e1e76e9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Sep 2019 14:13:10 +0200 Subject: fuzz: avoid one unnecessary input_setSize --- fuzz.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fuzz.c b/fuzz.c index fc3d7fb6..630648a1 100644 --- a/fuzz.c +++ b/fuzz.c @@ -513,7 +513,6 @@ static void* fuzz_threadNew(void* arg) { if (hfuzz->socketFuzzer.enabled) { fuzz_fuzzLoopSocket(&run); } else { - input_setSize(&run, run.global->mutate.maxFileSz); fuzz_fuzzLoop(&run); } -- cgit v1.2.3 From 3b8b89cde620dde22cde21b47b4a8b2444132ffd Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Sep 2019 14:18:02 +0200 Subject: input: optimize input_setSize --- input.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/input.c b/input.c index b7c3b09a..a9e02cc1 100644 --- a/input.c +++ b/input.c @@ -53,6 +53,9 @@ #include "libhfcommon/util.h" void input_setSize(run_t* run, size_t sz) { + if (run->dynamicFileSz == sz) { + return; + } if (sz > run->global->mutate.maxFileSz) { PLOG_F("Too large size requested: %zu > maxSize: %zu", sz, run->global->mutate.maxFileSz); } -- cgit v1.2.3 From 135637b75018c00a59b8e19b5111f78648da2eec Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Sep 2019 00:51:11 +0200 Subject: fuzz: no need to reset run->dynamicFileSz --- fuzz.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fuzz.c b/fuzz.c index 630648a1..870d1e31 100644 --- a/fuzz.c +++ b/fuzz.c @@ -382,7 +382,6 @@ static void fuzz_fuzzLoop(run_t* run) { run->report[0] = '\0'; run->mainWorker = true; run->mutationsPerRun = run->global->mutate.mutationsPerRun; - run->dynamicFileSz = 0; run->tmOutSignaled = false; run->linux.hwCnts.cpuInstrCnt = 0; @@ -416,7 +415,6 @@ static void fuzz_fuzzLoopSocket(run_t* run) { run->report[0] = '\0'; run->mainWorker = true; run->mutationsPerRun = run->global->mutate.mutationsPerRun; - run->dynamicFileSz = 0; run->tmOutSignaled = false; run->linux.hwCnts.cpuInstrCnt = 0; -- cgit v1.2.3 From 2fb8e0451586a85341374b6a1ce41b50990d96c3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Sep 2019 19:13:05 +0200 Subject: Makefile: libraries are right now in special arch-based dirs like /usr/lib/x86-64... --- Makefile | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/Makefile b/Makefile index 7d101ebb..87e325bc 100644 --- a/Makefile +++ b/Makefile @@ -50,12 +50,6 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes ARCH_SRCS := $(sort $(wildcard linux/*.c)) LIBS_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 - ifeq ("$(wildcard /usr/include/bfd.h)","") - WARN_LIBRARY += binutils-devel - endif - ifeq ("$(wildcard /usr/include/libunwind-ptrace.h)","") - WARN_LIBRARY += libunwind-devel/libunwind8-devel - endif ifeq ("$(wildcard /usr/local/include/intel-pt.h)","/usr/local/include/intel-pt.h") ARCH_CFLAGS += -D_HF_LINUX_INTEL_PT_LIB ARCH_CFLAGS += -I/usr/local/include @@ -65,13 +59,6 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes ARCH_CFLAGS += -D_HF_LINUX_INTEL_PT_LIB ARCH_LDFLAGS += -lipt endif - ifdef WARN_LIBRARY - $(info --------------------------------------------------------) - $(info Libraries which are most likely missing on your OS. ) - $(info This can result in linking/compilation errors. ) - $(info > $(WARN_LIBRARY)) - $(info --------------------------------------------------------) - endif # OS Linux else ifeq ($(OS),Darwin) ARCH := DARWIN -- cgit v1.2.3 From e31da44706a74f7bf9f7f57d45433e8c67fe7dca Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 11 Sep 2019 15:15:57 +0200 Subject: libhfcommon: use MAP_HASSEMAPHORE if present --- libhfcommon/files.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 330bc5e6..9c0bea5a 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -437,6 +437,10 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore) { */ mmapflags |= MAP_NOSYNC; #endif /* defined(MAP_NOSYNC) */ +#if defined(MAP_HASSEMAPHORE) + mmapflags |= MAP_HASSEMAPHORE; + /* Our shared/mmap'd pages can have mutexes in them */ +#endif /* defined(MAP_HASSEMAPHORE) */ if (nocore) { #if defined(MAP_CONCEAL) mmapflags |= MAP_CONCEAL; -- cgit v1.2.3 From 96357fc6b3167b16fa36b1ec2fe126440c068a8e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 12 Sep 2019 16:23:19 +0200 Subject: linux/arch: adjust oom score for fuzzed tasks --- linux/arch.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/linux/arch.c b/linux/arch.c index 21d56404..b25a7ce2 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -122,6 +122,13 @@ bool arch_launchChild(run_t* run) { return false; } + /* Increase our OOM score, so fuzzed processes die faster */ + static const char score100[] = "+500"; + if (!files_writeBufToFile( + "/proc/self/oom_score_adj", (uint8_t*)score100, strlen(score100), O_WRONLY)) { + LOG_W("Couldn't increase our oom_score"); + } + /* * Disable ASLR: * This might fail in Docker, as Docker blocks __NR_personality. Consequently -- cgit v1.2.3 From 4b57e5842df3d8bade8f3a4e74851cc7a35092cc Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 13 Sep 2019 16:42:37 +0200 Subject: libhfcommon/files: remove unneeded copyFile --- libhfcommon/files.c | 90 ---------------------------------------------- libhfcommon/files.h | 3 -- libhfnetdriver/netdriver.c | 10 +++--- 3 files changed, 6 insertions(+), 97 deletions(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 9c0bea5a..cb3a1772 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -204,96 +204,6 @@ const char* files_basename(const char* path) { return base ? base + 1 : path; } -/* - * dstExists argument can be used by caller for cases where existing destination - * file requires special handling (e.g. save unique crashes) - */ -bool files_copyFile(const char* source, const char* destination, bool* dstExists, bool try_link) { - if (dstExists) { - *dstExists = false; - } - - if (try_link) { - if (link(source, destination) == 0) { - return true; - } else { - if (errno == EEXIST) { - // Should kick-in before MAC, so avoid the hassle - if (dstExists) *dstExists = true; - return false; - } else { - PLOG_D("Couldn't link '%s' as '%s'", source, destination); - /* - * Don't fail yet as we might have a running env which doesn't allow - * hardlinks (e.g. SELinux) - */ - } - } - } - // Now try with a verbose POSIX alternative - int inFD, outFD, dstOpenFlags; - mode_t dstFilePerms; - - // O_EXCL is important for saving unique crashes - dstOpenFlags = O_CREAT | O_WRONLY | O_CLOEXEC | O_EXCL; - dstFilePerms = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH; - - inFD = TEMP_FAILURE_RETRY(open(source, O_RDONLY | O_CLOEXEC)); - if (inFD == -1) { - PLOG_D("Couldn't open '%s' source", source); - return false; - } - - struct stat inSt; - if (fstat(inFD, &inSt) == -1) { - PLOG_W("Couldn't fstat(fd='%d' fileName='%s')", inFD, source); - close(inFD); - return false; - } - - outFD = TEMP_FAILURE_RETRY(open(destination, dstOpenFlags, dstFilePerms)); - if (outFD == -1) { - if (errno == EEXIST) { - if (dstExists) *dstExists = true; - } - PLOG_D("Couldn't open '%s' destination", destination); - close(inFD); - return false; - } - - uint8_t* inFileBuf = malloc(inSt.st_size); - if (!inFileBuf) { - PLOG_W("malloc(%zu) failed", (size_t)inSt.st_size); - close(inFD); - close(outFD); - return false; - } - - ssize_t readSz = files_readFromFd(inFD, inFileBuf, (size_t)inSt.st_size); - if (readSz < 0) { - PLOG_W("Couldn't read '%s' to a buf", source); - free(inFileBuf); - close(inFD); - close(outFD); - return false; - } - - if (files_writeToFd(outFD, inFileBuf, readSz) == false) { - PLOG_W("Couldn't write '%zu' bytes to file '%s' (fd='%d')", (size_t)readSz, destination, - outFD); - unlink(destination); - free(inFileBuf); - close(inFD); - close(outFD); - return false; - } - - free(inFileBuf); - close(inFD); - close(outFD); - return true; -} - /* * Reads symbols from src file (one per line) and append them to filterList. The * total number of added symbols is returned. diff --git a/libhfcommon/files.h b/libhfcommon/files.h index 00f591d0..84da68b2 100644 --- a/libhfcommon/files.h +++ b/libhfcommon/files.h @@ -56,9 +56,6 @@ extern bool files_exists(const char* fileName); extern const char* files_basename(const char* path); -extern bool files_copyFile( - const char* source, const char* destination, bool* dstExists, bool try_link); - extern uint8_t* files_mapFile(const char* fileName, off_t* fileSz, int* fd, bool isWritable); extern void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore); diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index aa700e34..0dbde609 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -134,11 +134,13 @@ static int netDriver_sockConnAddr(const struct sockaddr *addr, socklen_t socklen if (setsockopt(sock, SOL_TCP, TCP_NODELAY, &val, (socklen_t)sizeof(val)) == -1) { PLOG_W("setsockopt(sock=%d, SOL_TCP, TCP_NODELAY, %d)", sock, val); } -#endif /* defined(SOL_TCP) && defined(TCP_NODELAY) */ - val = (1024ULL * 1024ULL); /* 1MiB */ - if (setsockopt(sock, SOL_SOCKET, SO_SNDBUF, &val, (socklen_t)sizeof(val)) == -1) { - PLOG_D("setsockopt(sock=%d, SOL_SOCKET, SO_SNDBUF, %d)", sock, val); +#endif /* defined(SOL_TCP) && defined(TCP_NODELAY) */ +#if defined(SOL_TCP) && defined(TCP_QUICKACK) + val = 1; + if (setsockopt(sock, SOL_TCP, TCP_QUICKACK, &val, (socklen_t)sizeof(val)) == -1) { + PLOG_D("setsockopt(sock=%d, SOL_TCP, TCP_QUICKACK, %d)", sock, val); } +#endif /* defined(SOL_TCP) && defined(TCP_QUICKACK) */ netDriver_bindToRndLoopback(sock, addr->sa_family); -- cgit v1.2.3 From 0df4b403e5552a63806c3b2eea7eec3579313ad1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 15 Sep 2019 13:28:23 +0200 Subject: Readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6509aaa8..e01d5fad 100644 --- a/README.md +++ b/README.md @@ -88,6 +88,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [Multiple crashes in __VLC__](https://www.pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to/) * [Buffer overflow in __ClassiCube__](https://github.com/UnknownShadow200/ClassiCube/issues/591) * [Crash in __MPV__](https://github.com/mpv-player/mpv/issues/6808) + * [Heap buffer-overflow in __picoc__](https://gitlab.com/zsaleeba/picoc/issues/44) * __Rust__: * panic() in regex [#1](https://github.com/rust-lang/regex/issues/464), [#2](https://github.com/rust-lang/regex/issues/465), [#3](https://github.com/rust-lang/regex/issues/465#issuecomment-381412816) * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) -- cgit v1.2.3 From 488333c0cc557633bc76105b595b1b62801ad7b0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 16 Sep 2019 13:52:16 +0200 Subject: libhfcommon/files: implement files_getTmpMapFlags and make it used --- Makefile | 1 + libhfcommon/files.c | 47 ++++++++++++++++++++++++++--------------------- libhfcommon/files.h | 2 ++ libhfuzz/instrument.c | 12 +++--------- libhfuzz/persistent.c | 3 ++- 5 files changed, 34 insertions(+), 31 deletions(-) diff --git a/Makefile b/Makefile index 87e325bc..6cfe1e0a 100644 --- a/Makefile +++ b/Makefile @@ -421,6 +421,7 @@ libhfuzz/fetch.o: libhfuzz/fetch.h honggfuzz.h libhfcommon/util.h libhfuzz/fetch.o: libhfcommon/common.h libhfcommon/files.h libhfuzz/fetch.o: libhfcommon/common.h libhfcommon/log.h libhfuzz/instrument.o: libhfuzz/instrument.h honggfuzz.h libhfcommon/util.h +libhfuzz/instrument.o: libhfcommon/common.h libhfcommon/files.h libhfuzz/instrument.o: libhfcommon/common.h libhfcommon/log.h libhfuzz/linux.o: libhfcommon/common.h libhfcommon/files.h libhfuzz/linux.o: libhfcommon/common.h libhfcommon/log.h libhfcommon/ns.h diff --git a/libhfcommon/files.c b/libhfcommon/files.c index cb3a1772..cbcd38c4 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -280,6 +280,30 @@ uint8_t* files_mapFile(const char* fileName, off_t* fileSz, int* fd, bool isWrit return buf; } +/* mmap flags for various OSs, when mmap'ing a temporary file or a shared mem */ +int files_getTmpMapFlags(int flag, bool nocore) { +#if defined(MAP_NOSYNC) + /* + * Some kind of bug in FreeBSD kernel. Without this flag, the shm_open() memory will cause a lot + * of troubles to the calling process when mmap()'d + */ + flag |= MAP_NOSYNC; +#endif /* defined(MAP_NOSYNC) */ +#if defined(MAP_HASSEMAPHORE) + flag |= MAP_HASSEMAPHORE; + /* Our shared/mmap'd pages can have mutexes in them */ +#endif /* defined(MAP_HASSEMAPHORE) */ + if (nocore) { +#if defined(MAP_CONCEAL) + flag |= MAP_CONCEAL; +#endif /* defined(MAP_CONCEAL) */ +#if defined(MAP_NOCORE) + flag |= MAP_NOCORE; +#endif /* defined(MAP_NOCORE) */ + } + return flag; +} + void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore) { *fd = -1; @@ -339,27 +363,8 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore) { *fd = -1; return NULL; } - int mmapflags = MAP_SHARED; -#if defined(MAP_NOSYNC) - /* - * Some kind of bug in FreeBSD kernel. Without this flag, the shm_open() memory will cause a lot - * of troubles to the calling process when mmap()'d - */ - mmapflags |= MAP_NOSYNC; -#endif /* defined(MAP_NOSYNC) */ -#if defined(MAP_HASSEMAPHORE) - mmapflags |= MAP_HASSEMAPHORE; - /* Our shared/mmap'd pages can have mutexes in them */ -#endif /* defined(MAP_HASSEMAPHORE) */ - if (nocore) { -#if defined(MAP_CONCEAL) - mmapflags |= MAP_CONCEAL; -#endif /* defined(MAP_CONCEAL) */ -#if defined(MAP_NOCORE) - mmapflags |= MAP_NOCORE; -#endif /* defined(MAP_NOCORE) */ - } - void* ret = mmap(NULL, sz, PROT_READ | PROT_WRITE, mmapflags, *fd, 0); + int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); + void* ret = mmap(NULL, sz, PROT_READ | PROT_WRITE, mflags, *fd, 0); if (ret == MAP_FAILED) { PLOG_W("mmap(sz=%zu, fd=%d)", sz, *fd); *fd = -1; diff --git a/libhfcommon/files.h b/libhfcommon/files.h index 84da68b2..8d01e9e3 100644 --- a/libhfcommon/files.h +++ b/libhfcommon/files.h @@ -58,6 +58,8 @@ extern const char* files_basename(const char* path); extern uint8_t* files_mapFile(const char* fileName, off_t* fileSz, int* fd, bool isWritable); +extern int files_getTmpMapFlags(int flag, bool nocore); + extern void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore); extern size_t files_parseSymbolFilter(const char* inFIle, char*** filterList); diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 88cab7a2..b85a91f3 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -16,6 +16,7 @@ #include "honggfuzz.h" #include "libhfcommon/common.h" +#include "libhfcommon/files.h" #include "libhfcommon/log.h" #include "libhfcommon/util.h" @@ -72,15 +73,8 @@ static void initializeInstrument(void) { "Link your fuzzed binaries with the newest honggfuzz sources via hfuzz-clang(++)", (size_t)st.st_size, sizeof(feedback_t)); } - int mmapflags = MAP_SHARED; -#if defined(MAP_NOSYNC) - /* - * Some kind of bug in FreeBSD kernel. Without this flag, the shm_open() memory will cause a lot - * of troubles to the calling process when mmap()'d - */ - mmapflags |= MAP_NOSYNC; -#endif /* defined(MAP_NOSYNC) */ - if ((feedback = mmap(NULL, sizeof(feedback_t), PROT_READ | PROT_WRITE, mmapflags, _HF_BITMAP_FD, + int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); + if ((feedback = mmap(NULL, sizeof(feedback_t), PROT_READ | PROT_WRITE, mflags, _HF_BITMAP_FD, 0)) == MAP_FAILED) { PLOG_F("mmap(fd=%d, size=%zu) of the feedback structure failed", _HF_BITMAP_FD, sizeof(feedback_t)); diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c index 8f7cbc8c..38f7d053 100644 --- a/libhfuzz/persistent.c +++ b/libhfuzz/persistent.c @@ -44,7 +44,8 @@ __attribute__((constructor)) static void initializePersistent(void) { if (fcntl(_HF_INPUT_FD, F_GETFD) == -1 && errno == EBADF) { return; } - if ((inputFile = mmap(NULL, _HF_INPUT_MAX_SIZE, PROT_READ, MAP_SHARED, _HF_INPUT_FD, 0)) == + int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ false); + if ((inputFile = mmap(NULL, _HF_INPUT_MAX_SIZE, PROT_READ, mflags, _HF_INPUT_FD, 0)) == MAP_FAILED) { PLOG_F("mmap(fd=%d, size=%zu) of the input file failed", _HF_INPUT_FD, (size_t)_HF_INPUT_MAX_SIZE); -- cgit v1.2.3 From 16de698a3d5a08327194254115288c464549cbf5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 16 Sep 2019 13:58:31 +0200 Subject: libhfuzz/files: prefault the mmap'd memory --- libhfcommon/files.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index cbcd38c4..3c627c12 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -290,9 +290,16 @@ int files_getTmpMapFlags(int flag, bool nocore) { flag |= MAP_NOSYNC; #endif /* defined(MAP_NOSYNC) */ #if defined(MAP_HASSEMAPHORE) - flag |= MAP_HASSEMAPHORE; /* Our shared/mmap'd pages can have mutexes in them */ + flag |= MAP_HASSEMAPHORE; #endif /* defined(MAP_HASSEMAPHORE) */ + /* Avoid mapping the memory lazily */ +#if defined(MAP_PREFAULT_READ) + flag |= MAP_PREFAULT_READ; +#endif /* defined(MAP_PREFAULT_READ) */ +#if defined(MAP_POPULATE) + flag |= MAP_POPULATE; +#endif /* defined(MAP_POPULATE) */ if (nocore) { #if defined(MAP_CONCEAL) flag |= MAP_CONCEAL; -- cgit v1.2.3 From 2e9128b35d2ed77d93dfd788c0b1cadd2d25cd07 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 16 Sep 2019 21:05:44 +0200 Subject: input: fix debug log --- input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/input.c b/input.c index a9e02cc1..83db0f1a 100644 --- a/input.c +++ b/input.c @@ -192,8 +192,8 @@ bool input_init(honggfuzz_t* hfuzz) { return false; } if ((hfuzz->io.inputDirPtr = fdopendir(dir_fd)) == NULL) { + PLOG_W("fdopendir(dir='%s', fd=%d)", hfuzz->io.inputDir, dir_fd); close(dir_fd); - PLOG_W("opendir('%s')", hfuzz->io.inputDir); return false; } if (input_getDirStatsAndRewind(hfuzz) == false) { -- cgit v1.2.3 From e57107f86a383b27478fe79342d22e0d6a4b61b8 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 17 Sep 2019 21:38:23 +0200 Subject: honggfuzz: move main loop into a separate func --- honggfuzz.c | 74 ++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 39 insertions(+), 35 deletions(-) diff --git a/honggfuzz.c b/honggfuzz.c index cbb5f123..bb39554e 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -257,6 +257,44 @@ static void* signalThread(void* arg) { return NULL; } +static void mainThreadLoop(honggfuzz_t* hfuzz) { + setupSignalsMainThread(); + setupMainThreadTimer(); + + for (;;) { + if (hfuzz->display.useScreen) { + if (ATOMIC_XCHG(clearWin, false)) { + display_clear(); + } + display_display(hfuzz); + } + if (ATOMIC_GET(sigReceived) > 0) { + LOG_I("Signal %d (%s) received, terminating", ATOMIC_GET(sigReceived), + strsignal(ATOMIC_GET(sigReceived))); + break; + } + if (ATOMIC_GET(hfuzz->threads.threadsFinished) >= hfuzz->threads.threadsMax) { + break; + } + if (hfuzz->timing.runEndTime > 0 && (time(NULL) > hfuzz->timing.runEndTime)) { + LOG_I("Maximum run time reached, terminating"); + break; + } + pingThreads(hfuzz); + pause(); + } + + fuzz_setTerminating(); + + for (;;) { + if (ATOMIC_GET(hfuzz->threads.threadsFinished) >= hfuzz->threads.threadsMax) { + break; + } + pingThreads(hfuzz); + util_sleepForMSec(50); /* 50ms */ + } +} + int main(int argc, char** argv) { /* * Work around CygWin/MinGW @@ -321,41 +359,7 @@ int main(int argc, char** argv) { LOG_F("Couldn't start the signal thread"); } - setupSignalsMainThread(); - setupMainThreadTimer(); - - for (;;) { - if (hfuzz.display.useScreen) { - if (ATOMIC_XCHG(clearWin, false)) { - display_clear(); - } - display_display(&hfuzz); - } - if (ATOMIC_GET(sigReceived) > 0) { - LOG_I("Signal %d (%s) received, terminating", ATOMIC_GET(sigReceived), - strsignal(ATOMIC_GET(sigReceived))); - break; - } - if (ATOMIC_GET(hfuzz.threads.threadsFinished) >= hfuzz.threads.threadsMax) { - break; - } - if (hfuzz.timing.runEndTime > 0 && (time(NULL) > hfuzz.timing.runEndTime)) { - LOG_I("Maximum run time reached, terminating"); - break; - } - pingThreads(&hfuzz); - pause(); - } - - fuzz_setTerminating(); - - for (;;) { - if (ATOMIC_GET(hfuzz.threads.threadsFinished) >= hfuzz.threads.threadsMax) { - break; - } - pingThreads(&hfuzz); - util_sleepForMSec(50); /* 50ms */ - } + mainThreadLoop(&hfuzz); /* Clean-up global buffers */ if (hfuzz.feedback.blacklist) { -- cgit v1.2.3 From b46392097044c639503b2af204de6621856eb9b6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 17 Sep 2019 21:42:01 +0200 Subject: display: no need to emphasise the total number of edges --- display.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/display.c b/display.c index 4e4bad36..248a0da7 100644 --- a/display.c +++ b/display.c @@ -252,8 +252,8 @@ static void display_displayLocked(honggfuzz_t* hfuzz) { uint64_t softCntEdge = ATOMIC_GET(hfuzz->linux.hwCnts.softCntEdge); uint64_t softCntCmp = ATOMIC_GET(hfuzz->linux.hwCnts.softCntCmp); uint64_t guardNb = ATOMIC_GET(hfuzz->feedback.feedbackMap->guardNb); - display_put(" edge: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET "/" ESC_BOLD - "%" _HF_NONMON_SEP PRIu64 ESC_RESET " [%" PRId64 "%%]", + display_put(" edge: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET "/" + "%" _HF_NONMON_SEP PRIu64 " [%" PRId64 "%%]", softCntEdge, guardNb, guardNb ? ((softCntEdge * 100) / guardNb) : 0); display_put(" pc: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntPc); display_put(" cmp: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntCmp); -- cgit v1.2.3 From a44bc80cce134974bed16b4c47c4dbb7d7ce5adb Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 18 Sep 2019 00:23:25 +0200 Subject: mangle: correct magic printable version --- mangle.c | 247 ++------------------------------------------------------------- 1 file changed, 4 insertions(+), 243 deletions(-) diff --git a/mangle.c b/mangle.c index f1510456..1245bc53 100644 --- a/mangle.c +++ b/mangle.c @@ -396,251 +396,12 @@ static void mangle_Magic(run_t* run, bool printable) { {"\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, }; - static const struct { - const uint8_t val[8]; - const size_t size; - } mangleMagicValsPrintable[] = { - /* 1B - No endianness */ - {"\x00\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x01\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x02\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x03\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x04\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x05\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x06\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x07\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x08\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x09\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x0A\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x0B\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x0C\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x0D\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x0E\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x0F\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x10\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x20\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x40\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x7E\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x7F\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x80\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x81\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\xC0\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\xFE\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\xFF\x00\x00\x00\x00\x00\x00\x00", 1}, - /* 2B - NE */ - {"\x00\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x01\x01\x00\x00\x00\x00\x00\x00", 2}, - {"\x80\x80\x00\x00\x00\x00\x00\x00", 2}, - {"\xFF\xFF\x00\x00\x00\x00\x00\x00", 2}, - /* 2B - BE */ - {"\x00\x01\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x02\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x03\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x04\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x05\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x06\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x07\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x08\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x09\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x0A\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x0B\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x0C\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x0D\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x0E\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x0F\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x10\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x20\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x40\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x7E\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x7F\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x80\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x81\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\xC0\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\xFE\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\xFF\x00\x00\x00\x00\x00\x00", 2}, - {"\x7E\xFF\x00\x00\x00\x00\x00\x00", 2}, - {"\x7F\xFF\x00\x00\x00\x00\x00\x00", 2}, - {"\x80\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x80\x01\x00\x00\x00\x00\x00\x00", 2}, - {"\xFF\xFE\x00\x00\x00\x00\x00\x00", 2}, - /* 2B - LE */ - {"\x00\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x01\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x02\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x03\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x04\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x05\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x06\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x07\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x08\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x09\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x0A\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x0B\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x0C\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x0D\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x0E\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x0F\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x10\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x20\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x40\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x7E\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x7F\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x80\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x81\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\xC0\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\xFE\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\xFF\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\xFF\x7E\x00\x00\x00\x00\x00\x00", 2}, - {"\xFF\x7F\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x80\x00\x00\x00\x00\x00\x00", 2}, - {"\x01\x80\x00\x00\x00\x00\x00\x00", 2}, - {"\xFE\xFF\x00\x00\x00\x00\x00\x00", 2}, - /* 4B - NE */ - {"\x00\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x01\x01\x01\x01\x00\x00\x00\x00", 4}, - {"\x80\x80\x80\x80\x00\x00\x00\x00", 4}, - {"\xFF\xFF\xFF\xFF\x00\x00\x00\x00", 4}, - /* 4B - BE */ - {"\x00\x00\x00\x01\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x02\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x03\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x04\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x05\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x06\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x07\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x08\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x09\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x0A\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x0B\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x0C\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x0D\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x0E\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x0F\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x10\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x20\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x40\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x7E\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x7F\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x80\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x81\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\xC0\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\xFE\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\xFF\x00\x00\x00\x00", 4}, - {"\x7E\xFF\xFF\xFF\x00\x00\x00\x00", 4}, - {"\x7F\xFF\xFF\xFF\x00\x00\x00\x00", 4}, - {"\x80\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x80\x00\x00\x01\x00\x00\x00\x00", 4}, - {"\xFF\xFF\xFF\xFE\x00\x00\x00\x00", 4}, - /* 4B - LE */ - {"\x00\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x01\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x02\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x03\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x04\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x05\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x06\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x07\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x08\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x09\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x0A\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x0B\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x0C\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x0D\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x0E\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x0F\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x10\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x20\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x40\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x7E\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x7F\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x80\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x81\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\xC0\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\xFE\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\xFF\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\xFF\xFF\xFF\x7E\x00\x00\x00\x00", 4}, - {"\xFF\xFF\xFF\x7F\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x80\x00\x00\x00\x00", 4}, - {"\x01\x00\x00\x80\x00\x00\x00\x00", 4}, - {"\xFE\xFF\xFF\xFF\x00\x00\x00\x00", 4}, - /* 8B - NE */ - {"\x00\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x01\x01\x01\x01\x01\x01\x01\x01", 8}, - {"\x80\x80\x80\x80\x80\x80\x80\x80", 8}, - {"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, - /* 8B - BE */ - {"\x00\x00\x00\x00\x00\x00\x00\x01", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x02", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x03", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x04", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x05", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x06", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x07", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x08", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x09", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x0A", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x0B", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x0C", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x0D", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x0E", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x0F", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x10", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x20", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x40", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x7E", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x7F", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x80", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x81", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\xC0", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\xFE", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\xFF", 8}, - {"\x7E\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, - {"\x7F\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, - {"\x80\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x80\x00\x00\x00\x00\x00\x00\x01", 8}, - {"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE", 8}, - /* 8B - LE */ - {"\x00\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x01\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x02\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x03\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x04\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x05\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x06\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x07\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x08\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x09\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x0A\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x0B\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x0C\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x0D\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x0E\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x0F\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x10\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x20\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x40\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x7E\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x7F\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x80\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x81\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\xC0\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\xFE\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\xFF\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x7E", 8}, - {"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x7F", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x80", 8}, - {"\x01\x00\x00\x00\x00\x00\x00\x80", 8}, - {"\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, - }; - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicVals) - 1); + mangle_Overwrite(run, mangleMagicVals[choice].val, off, mangleMagicVals[choice].size); + if (printable) { - uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicValsPrintable) - 1); - mangle_Overwrite( - run, mangleMagicValsPrintable[choice].val, off, mangleMagicValsPrintable[choice].size); - } else { - uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicVals) - 1); - mangle_Overwrite(run, mangleMagicVals[choice].val, off, mangleMagicVals[choice].size); + util_turnToPrintable(&run->dynamicFile[off], mangleMagicVals[choice].size); } } -- cgit v1.2.3 From 657bf2d13b341d793b39d008fae2612b09a0e642 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 22 Sep 2019 08:26:18 +0200 Subject: netbsd: remove socketfuzzer from this arch (never tested) --- netbsd/trace.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/netbsd/trace.c b/netbsd/trace.c index c48467fe..f98240f7 100644 --- a/netbsd/trace.c +++ b/netbsd/trace.c @@ -56,7 +56,6 @@ #include "libhfcommon/log.h" #include "libhfcommon/util.h" #include "netbsd/unwind.h" -#include "socketfuzzer.h" #include "subproc.h" #include @@ -486,11 +485,6 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { info.psi_siginfo.si_code, sig_addr, instr, localtmstr, pid, run->global->io.fileExtn); } - /* Target crashed (no duplicate detection yet) */ - if (run->global->socketFuzzer.enabled) { - LOG_D("SocketFuzzer: trace: Crash Identified"); - } - if (files_exists(run->crashFileName)) { LOG_I("Crash (dup): '%s' already exists, skipping", run->crashFileName); // Clear filename so that verifier can understand we hit a duplicate @@ -504,11 +498,6 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { return; } - /* Unique new crash, notify fuzzer */ - if (run->global->socketFuzzer.enabled) { - LOG_D("SocketFuzzer: trace: New Uniqu Crash"); - fuzz_notifySocketFuzzerCrash(run); - } LOG_I("Crash: saved as '%s'", run->crashFileName); ATOMIC_POST_INC(run->global->cnts.uniqueCrashesCnt); -- cgit v1.2.3 From 6432ff95d1bbe764b3941015591753901e8cd6c0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 22 Sep 2019 20:56:42 +0200 Subject: subproc: allways map input file to _HF_INPUT_FILE --- Makefile | 2 +- subproc.c | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 6cfe1e0a..f1c71835 100644 --- a/Makefile +++ b/Makefile @@ -457,7 +457,7 @@ netbsd/arch.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h netbsd/arch.o: libhfcommon/log.h libhfcommon/ns.h netbsd/trace.h subproc.h netbsd/trace.o: netbsd/trace.h honggfuzz.h libhfcommon/util.h netbsd/trace.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h -netbsd/trace.o: libhfcommon/log.h netbsd/unwind.h socketfuzzer.h subproc.h +netbsd/trace.o: libhfcommon/log.h netbsd/unwind.h subproc.h netbsd/unwind.o: netbsd/unwind.h honggfuzz.h libhfcommon/util.h netbsd/unwind.o: libhfcommon/common.h libhfcommon/log.h posix/arch.o: arch.h honggfuzz.h libhfcommon/util.h fuzz.h diff --git a/subproc.c b/subproc.c index f037f252..defcbd97 100644 --- a/subproc.c +++ b/subproc.c @@ -257,13 +257,12 @@ static bool subproc_PrepareExecv(run_t* run) { } /* The input file to _HF_INPUT_FD */ - if (run->global->exe.persistent && - TEMP_FAILURE_RETRY(dup2(run->dynamicFileFd, _HF_INPUT_FD)) == -1) { + if (TEMP_FAILURE_RETRY(dup2(run->dynamicFileFd, _HF_INPUT_FD)) == -1) { PLOG_E("dup2('%d', _HF_INPUT_FD='%d')", run->dynamicFileFd, _HF_INPUT_FD); return false; } - if (lseek(run->dynamicFileFd, 0, SEEK_SET) == (off_t)-1) { - PLOG_E("lseek(fileFd=%d, 0, SEEK_SET)", run->dynamicFileFd); + if (lseek(_HF_INPUT_FD, 0, SEEK_SET) == (off_t)-1) { + PLOG_E("lseek(_HF_INPUT_FD=%d, 0, SEEK_SET)", _HF_INPUT_FD); return false; } -- cgit v1.2.3 From 6fcaf5695b7d2f5f5c7365c7a5c32926d7384e89 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 27 Sep 2019 13:32:53 +0200 Subject: readme --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index e01d5fad..023b0072 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [Buffer overflow in __ClassiCube__](https://github.com/UnknownShadow200/ClassiCube/issues/591) * [Crash in __MPV__](https://github.com/mpv-player/mpv/issues/6808) * [Heap buffer-overflow in __picoc__](https://gitlab.com/zsaleeba/picoc/issues/44) + * Crashes in __OpenCOBOL__: [#1](https://sourceforge.net/p/open-cobol/bugs/586/), [#2](https://sourceforge.net/p/open-cobol/bugs/587/) * __Rust__: * panic() in regex [#1](https://github.com/rust-lang/regex/issues/464), [#2](https://github.com/rust-lang/regex/issues/465), [#3](https://github.com/rust-lang/regex/issues/465#issuecomment-381412816) * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) @@ -121,6 +122,9 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__Android__: by OHA](https://android.googlesource.com/platform/external/honggfuzz) * [__QDBI__: by Quarkslab](https://project.inria.fr/FranceJapanICST/files/2019/04/19-Kyoto-Fuzzing_Binaries_using_Dynamic_Instrumentation.pdf) * [__fuzzer-test-suite__: by Google](https://github.com/google/fuzzer-test-suite) + * [__DeepState__: by Trail-of-Bits](https://github.com/trailofbits/deepstate) + * [__DeepState__: by Trail-of-Bits](https://github.com/trailofbits/deepstate) + * [__Quiche-HTTP/3__: by Cloudflare](https://github.com/cloudflare/quiche/pull/179) ## Examples -- cgit v1.2.3 From 7ead49671fba77932562dfa0af685c6d1c6ff9f6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 2 Oct 2019 21:35:31 +0200 Subject: Readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 023b0072..0e08edac 100644 --- a/README.md +++ b/README.md @@ -96,6 +96,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * panic() in sleep-parser [#1](https://github.com/datrs/sleep-parser/issues/3) * panic() in lewton [#1](https://github.com/RustAudio/lewton/issues/27) * panic()/DoS in Ethereum-Parity [#1](https://srlabs.de/bites/ethereum_dos/) + * crash() in Parts - a GPT partition manager [#1](https://github.com/DianaNites/parts/commit/d8ab05d48d87814f362e94f01c93d9eeb4f4abf4) * crashes in rust-bitcoin/rust-lightning [#1](https://github.com/rust-bitcoin/rust-lightning/commit/a9aa3c37fe182dd266e0faebc788e0c9ee724783) * ... and more -- cgit v1.2.3 From e6545f393a04ee9f7a2f69d412b163fd2a584870 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 5 Oct 2019 13:51:28 +0200 Subject: Initial work on corpus minimization (doesn't work yet) --- cmdline.c | 12 +++++++----- display.c | 18 +++++++++++------- fuzz.c | 36 ++++++++++++++++++++++++++++-------- honggfuzz.c | 4 ++++ honggfuzz.h | 12 ++++++++---- 5 files changed, 58 insertions(+), 24 deletions(-) diff --git a/cmdline.c b/cmdline.c index 2c524cac..0c97a8ce 100644 --- a/cmdline.c +++ b/cmdline.c @@ -314,6 +314,8 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .monitorSIGABRT = true, #endif .only_printable = false, + .minimize = false, + .switchingToFDM = false, }, .sanitizer = { @@ -397,6 +399,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "input", required_argument, NULL, 'f' }, "Path to a directory containing initial file corpus" }, { { "persistent", no_argument, NULL, 'P' }, "Enable persistent fuzzing (use hfuzz_cc/hfuzz-clang to compile code). This will be auto-detected!!!" }, { { "instrument", no_argument, NULL, 'z' }, "*DEFAULT-MODE-BY-DEFAULT* Enable compile-time instrumentation (use hfuzz_cc/hfuzz-clang to compile code)" }, + { { "minimize", no_argument, NULL, 'M' }, "Minimize the input corpus. It will most likely delete some corpus files!" }, { { "noinst", no_argument, NULL, 'x' }, "Static mode only, disable any instrumentation (hw/sw) feedback" }, { { "keep_output", no_argument, NULL, 'Q' }, "Don't close children's stdin, stdout, stderr; can be noisy" }, { { "timeout", required_argument, NULL, 't' }, "Timeout in seconds (default: 10)" }, @@ -473,7 +476,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { int opt_index = 0; for (;;) { int c = getopt_long( - argc, argv, "-?hQvVsuPxf:dqe:W:r:c:F:t:R:n:N:l:p:g:E:w:B:zTSo", opts, &opt_index); + argc, argv, "-?hQvVsuPxf:dqe:W:r:c:F:t:R:n:N:l:p:g:E:w:B:zMTSo", opts, &opt_index); if (c < 0) break; switch (c) { @@ -551,6 +554,9 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { case 'z': hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_SOFT; break; + case 'M': + hfuzz->cfg.minimize = true; + break; case 'F': hfuzz->mutate.maxFileSz = strtoul(optarg, NULL, 0); break; @@ -706,10 +712,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { display_createTargetStr(hfuzz); - sigemptyset(&hfuzz->exe.waitSigSet); - sigaddset(&hfuzz->exe.waitSigSet, SIGIO); /* Persistent socket data */ - sigaddset(&hfuzz->exe.waitSigSet, SIGCHLD); /* Ping from the signal thread */ - LOG_I("cmdline:'%s', bin:'%s' inputDir:'%s', fuzzStdin:%s, mutationsPerRun:%u, " "externalCommand:'%s', timeout:%ld, mutationsMax:%zu, threadsMax:%zu", hfuzz->display.cmdline_txt, hfuzz->exe.cmdline[0], hfuzz->io.inputDir, diff --git a/display.c b/display.c index 248a0da7..a02e6ee4 100644 --- a/display.c +++ b/display.c @@ -176,16 +176,20 @@ static void display_displayLocked(honggfuzz_t* hfuzz) { case _HF_STATE_STATIC: display_put("\n Mode : " ESC_BOLD "Static" ESC_RESET "\n"); break; - case _HF_STATE_DYNAMIC_DRY_RUN: - display_put("\n Mode [1/3] : " ESC_BOLD "Feedback Driven Dry Run" ESC_RESET "\n"); - break; - case _HF_STATE_DYNAMIC_SWITCH_TO_MAIN: - display_put("\n Mode [2/3] : " ESC_BOLD - "Switching to the Feedback Driven Mode" ESC_RESET "\n"); - break; + case _HF_STATE_DYNAMIC_DRY_RUN: { + if (ATOMIC_GET(hfuzz->cfg.switchingToFDM)) { + display_put("\n Mode [2/3] : " ESC_BOLD + "Switching to the Feedback Driven Mode" ESC_RESET "\n"); + } else { + display_put("\n Mode [1/3] : " ESC_BOLD "Feedback Driven Dry Run" ESC_RESET "\n"); + } + } break; case _HF_STATE_DYNAMIC_MAIN: display_put("\n Mode [3/3] : " ESC_BOLD "Feedback Driven Mode" ESC_RESET "\n"); break; + case _HF_STATE_DYNAMIC_MINIMIZE: + display_put("\n Mode [3/3] : " ESC_BOLD "Corpus Minimization" ESC_RESET "\n"); + break; default: display_put("\n Mode : " ESC_BOLD "Unknown" ESC_RESET "\n"); break; diff --git a/fuzz.c b/fuzz.c index 870d1e31..492df782 100644 --- a/fuzz.c +++ b/fuzz.c @@ -109,12 +109,15 @@ static bool fuzz_writeCovFile(const char* dir, const uint8_t* data, size_t len) return true; } -static void fuzz_addFileToFileQ(honggfuzz_t* hfuzz, const uint8_t* data, size_t len) { +static void fuzz_addFileToFileQ( + honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t covCnt, const char* path) { ATOMIC_SET(hfuzz->timing.lastCovUpdate, time(NULL)); struct dynfile_t* dynfile = (struct dynfile_t*)util_Malloc(sizeof(struct dynfile_t)); dynfile->size = len; dynfile->data = (uint8_t*)util_Malloc(len); + dynfile->covCnt = covCnt; + snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); memcpy(dynfile->data, data, len); MX_SCOPED_RWLOCK_WRITE(&hfuzz->io.dynfileq_mutex); @@ -150,12 +153,13 @@ static void fuzz_setDynamicMainState(run_t* run) { static pthread_mutex_t state_mutex = PTHREAD_MUTEX_INITIALIZER; MX_SCOPED_LOCK(&state_mutex); - if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MAIN) { + if (fuzz_getState(run->global) != _HF_STATE_DYNAMIC_DRY_RUN) { + /* Already switched out of the Dry Run */ return; } - LOG_I("Entering phase 2/3: Switching to Dynamic Main (Feedback Driven Mode)"); - ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_SWITCH_TO_MAIN); + LOG_I("Entering phase 2/3: Switching to the Feedback Driven Mode"); + ATOMIC_SET(run->global->cfg.switchingToFDM, true); for (;;) { /* Check if all threads have already reported in for changing state */ @@ -168,15 +172,23 @@ static void fuzz_setDynamicMainState(run_t* run) { util_sleepForMSec(10); /* Check every 10ms */ } + ATOMIC_SET(run->global->cfg.switchingToFDM, false); + + if (run->global->cfg.minimize) { + LOG_I("Entering phase 3/3: Corpus Minimization (Feedback Driven Mode)"); + ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MINIMIZE); + return; + } + /* * If the initial fuzzing yielded no useful coverage, just add a single 1-byte file to the * dynamic corpus, so the dynamic phase doesn't fail because of lack of useful inputs */ if (run->global->io.dynfileqCnt == 0) { const char* single_byte = run->global->cfg.only_printable ? " " : "\0"; - fuzz_addFileToFileQ(run->global, (const uint8_t*)single_byte, 1U); + fuzz_addFileToFileQ(run->global, (const uint8_t*)single_byte, /* size= */ 1U, + /* covCnt= */ 0, /* path= */ NULL); } - LOG_I("Entering phase 3/3: Dynamic Main (Feedback Driven Mode)"); snprintf(run->origFileName, sizeof(run->origFileName), "[DYNAMIC]"); ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MAIN); @@ -234,7 +246,9 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); - fuzz_addFileToFileQ(run->global, run->dynamicFile, run->dynamicFileSz); + uint64_t totalCovCnt = run->linux.hwCnts.newBBCnt + softCntPc + softCntEdge; + fuzz_addFileToFileQ( + run->global, run->dynamicFile, run->dynamicFileSz, totalCovCnt, run->origFileName); if (run->global->socketFuzzer.enabled) { LOG_D("SocketFuzzer: fuzz: new BB (perf)"); @@ -315,7 +329,7 @@ static bool fuzz_runVerifier(run_t* run) { static bool fuzz_fetchInput(run_t* run) { { fuzzState_t st = fuzz_getState(run->global); - if (st == _HF_STATE_DYNAMIC_DRY_RUN || st == _HF_STATE_DYNAMIC_SWITCH_TO_MAIN) { + if (st == _HF_STATE_DYNAMIC_DRY_RUN) { run->mutationsPerRun = 0U; if (input_prepareStaticFile(run, /* rewind= */ false, true)) { return true; @@ -325,6 +339,12 @@ static bool fuzz_fetchInput(run_t* run) { } } + if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { + + + + } + if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MAIN) { if (run->global->exe.externalCommand) { if (!input_prepareExternalFile(run)) { diff --git a/honggfuzz.c b/honggfuzz.c index bb39554e..ec0987d9 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -314,6 +314,10 @@ int main(int argc, char** argv) { LOG_F("Parsing of the cmd-line arguments failed"); } + sigemptyset(&hfuzz.exe.waitSigSet); + sigaddset(&hfuzz.exe.waitSigSet, SIGIO); /* Persistent socket data */ + sigaddset(&hfuzz.exe.waitSigSet, SIGCHLD); /* Ping from the signal thread */ + if (hfuzz.display.useScreen) { display_init(); } diff --git a/honggfuzz.h b/honggfuzz.h index 5fe6f588..521ecb2c 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -147,15 +147,17 @@ typedef struct node { typedef enum { _HF_STATE_UNSET = 0, - _HF_STATE_STATIC = 1, - _HF_STATE_DYNAMIC_DRY_RUN = 2, - _HF_STATE_DYNAMIC_SWITCH_TO_MAIN = 3, - _HF_STATE_DYNAMIC_MAIN = 4, + _HF_STATE_STATIC, + _HF_STATE_DYNAMIC_DRY_RUN, + _HF_STATE_DYNAMIC_MAIN, + _HF_STATE_DYNAMIC_MINIMIZE, } fuzzState_t; struct dynfile_t { uint8_t* data; size_t size; + uint64_t covCnt; + char path[PATH_MAX]; TAILQ_ENTRY(dynfile_t) pointers; }; @@ -249,6 +251,8 @@ typedef struct { bool monitorSIGABRT; size_t dynFileIterExpire; bool only_printable; + bool minimize; + bool switchingToFDM; } cfg; struct { bool enable; -- cgit v1.2.3 From bb28df88332c56d52b910ddb2427f00152c53009 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 6 Oct 2019 20:44:51 +0200 Subject: More work on corpus minimization --- cmdline.c | 1 + fuzz.c | 78 ++++++++++++++++++++++++++++++++++++++------------- honggfuzz.c | 4 +++ honggfuzz.h | 2 +- input.c | 60 ++++++++++++++++++++++++++++----------- input.h | 6 ++-- libhfuzz/instrument.c | 4 --- 7 files changed, 112 insertions(+), 43 deletions(-) diff --git a/cmdline.c b/cmdline.c index 0c97a8ce..b968be10 100644 --- a/cmdline.c +++ b/cmdline.c @@ -260,6 +260,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .saveUnique = true, .dynfileqCnt = 0U, .dynfileq_mutex = PTHREAD_RWLOCK_INITIALIZER, + .dynfileqCurrent = NULL, }, .exe = { diff --git a/fuzz.c b/fuzz.c index 492df782..278b76e9 100644 --- a/fuzz.c +++ b/fuzz.c @@ -128,6 +128,10 @@ static void fuzz_addFileToFileQ( /* Don't add coverage data to files in socketFuzzer mode */ return; } + if (hfuzz->cfg.minimize) { + /* When minimizing we should only delete files */ + return; + } if (!fuzz_writeCovFile(hfuzz->io.covDirAll, data, len)) { LOG_E("Couldn't save the coverage data to '%s'", hfuzz->io.covDirAll); @@ -175,7 +179,7 @@ static void fuzz_setDynamicMainState(run_t* run) { ATOMIC_SET(run->global->cfg.switchingToFDM, false); if (run->global->cfg.minimize) { - LOG_I("Entering phase 3/3: Corpus Minimization (Feedback Driven Mode)"); + LOG_I("Entering phase 3/3: Corpus Minimization"); ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MINIMIZE); return; } @@ -187,29 +191,60 @@ static void fuzz_setDynamicMainState(run_t* run) { if (run->global->io.dynfileqCnt == 0) { const char* single_byte = run->global->cfg.only_printable ? " " : "\0"; fuzz_addFileToFileQ(run->global, (const uint8_t*)single_byte, /* size= */ 1U, - /* covCnt= */ 0, /* path= */ NULL); + /* covCnt= */ 0, /* path= */ "[DYNAMIC]"); } - LOG_I("Entering phase 3/3: Dynamic Main (Feedback Driven Mode)"); snprintf(run->origFileName, sizeof(run->origFileName), "[DYNAMIC]"); + LOG_I("Entering phase 3/3: Dynamic Main (Feedback Driven Mode)"); ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MAIN); } +static void fuzz_perfFeedbackForMinimization(run_t* run) { + uint64_t softCntPc = ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo]); + uint64_t softCntEdge = + ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo]); + uint64_t softCntCmp = + ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo]); + uint64_t cpuInstr = run->global->linux.hwCnts.cpuInstrCnt; + uint64_t cpuBranch = run->global->linux.hwCnts.cpuBranchCnt; + + LOG_I("Minimization Cov, Size:%zu (i,b,hw,ed,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 + "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, + run->dynamicFileSz, cpuInstr, cpuBranch, run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, + softCntCmp); + + fuzz_addFileToFileQ(run->global, run->dynamicFile, run->dynamicFileSz, + softCntPc + softCntEdge + softCntCmp + cpuInstr + cpuBranch, run->origFileName); + + ATOMIC_SET(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo], 0); + memset(run->global->feedback.feedbackMap->pidFeedbackPc, '\0', + sizeof(run->global->feedback.feedbackMap->pidFeedbackPc)); + + ATOMIC_SET(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo], 0); + memset(run->global->feedback.feedbackMap->pidFeedbackEdge, '\0', + sizeof(run->global->feedback.feedbackMap->pidFeedbackEdge)); + + ATOMIC_SET(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo], 0); + memset(run->global->feedback.feedbackMap->pidFeedbackCmp, '\0', + sizeof(run->global->feedback.feedbackMap->pidFeedbackCmp)); + + memset(&run->global->linux.hwCnts, '\0', sizeof(run->global->linux.hwCnts)); +} + static void fuzz_perfFeedback(run_t* run) { if (run->global->feedback.skipFeedbackOnTimeout && run->tmOutSignaled) { return; } - LOG_D("New file size: %zu, Perf feedback new/cur (instr,branch): %" PRIu64 "/%" PRIu64 - "/%" PRIu64 "/%" PRIu64 ", BBcnt new/total: %" PRIu64 "/%" PRIu64, - run->dynamicFileSz, run->linux.hwCnts.cpuInstrCnt, run->global->linux.hwCnts.cpuInstrCnt, - run->linux.hwCnts.cpuBranchCnt, run->global->linux.hwCnts.cpuBranchCnt, - run->linux.hwCnts.newBBCnt, run->global->linux.hwCnts.bbCnt); - MX_SCOPED_LOCK(&run->global->feedback.feedback_mutex); defer { wmb(); }; + if (run->global->cfg.minimize && fuzz_getState(run->global) == _HF_STATE_DYNAMIC_DRY_RUN) { + fuzz_perfFeedbackForMinimization(run); + return; + } + uint64_t softCntPc = 0; uint64_t softCntEdge = 0; uint64_t softCntCmp = 0; @@ -237,7 +272,7 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.softCntEdge += softCntEdge; run->global->linux.hwCnts.softCntCmp += softCntCmp; - LOG_I("Size:%zu (i,b,hw,edge,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 + LOG_I("Size:%zu (i,b,hw,ed,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 ", Tot:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, run->dynamicFileSz, run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, @@ -246,14 +281,18 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); - uint64_t totalCovCnt = run->linux.hwCnts.newBBCnt + softCntPc + softCntEdge; - fuzz_addFileToFileQ( - run->global, run->dynamicFile, run->dynamicFileSz, totalCovCnt, run->origFileName); + if (!run->global->cfg.minimize) { + fuzz_addFileToFileQ( + run->global, run->dynamicFile, run->dynamicFileSz, /* covCnt= */ 0, "[DYNAMIC]"); + } if (run->global->socketFuzzer.enabled) { LOG_D("SocketFuzzer: fuzz: new BB (perf)"); fuzz_notifySocketFuzzerNewCov(run->global); } + } else if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { + LOG_I("Removing uninteresting file '%s' from the input corpus", run->origFileName); + input_removeStaticFile(run->origFileName); } } @@ -339,11 +378,9 @@ static bool fuzz_fetchInput(run_t* run) { } } - if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { - - - - } + if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { + return input_prepareDynamicFileForMinimization(run); + } if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MAIN) { if (run->global->exe.externalCommand) { @@ -410,6 +447,10 @@ static void fuzz_fuzzLoop(run_t* run) { run->linux.hwCnts.newBBCnt = 0; if (!fuzz_fetchInput(run)) { + if (run->global->cfg.minimize && fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { + fuzz_setTerminating(); + return; + } LOG_F("Cound't prepare input for fuzzing"); } if (!subproc_Run(run)) { @@ -487,7 +528,6 @@ static void* fuzz_threadNew(void* arg) { run_t run = { .global = hfuzz, .pid = 0, - .dynfileqCurrent = NULL, .dynamicFile = NULL, .dynamicFileFd = -1, .fuzzNo = fuzzNo, diff --git a/honggfuzz.c b/honggfuzz.c index ec0987d9..14444a31 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -313,6 +313,10 @@ int main(int argc, char** argv) { if (cmdlineParse(argc, myargs, &hfuzz) == false) { LOG_F("Parsing of the cmd-line arguments failed"); } + if (hfuzz.cfg.minimize) { + LOG_I("Minimization mode enabled. Setting number of threads to 1"); + hfuzz.threads.threadsMax = 1; + } sigemptyset(&hfuzz.exe.waitSigSet); sigaddset(&hfuzz.exe.waitSigSet, SIGIO); /* Persistent socket data */ diff --git a/honggfuzz.h b/honggfuzz.h index 521ecb2c..b090e656 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -202,6 +202,7 @@ typedef struct { bool saveUnique; size_t dynfileqCnt; pthread_rwlock_t dynfileq_mutex; + struct dynfile_t* dynfileqCurrent; TAILQ_HEAD(dyns_t, dynfile_t) dynfileq; } io; struct { @@ -332,7 +333,6 @@ typedef struct { char report[_HF_REPORT_SIZE]; bool mainWorker; unsigned mutationsPerRun; - struct dynfile_t* dynfileqCurrent; uint8_t* dynamicFile; size_t dynamicFileSz; int dynamicFileFd; diff --git a/input.c b/input.c index 83db0f1a..4b3fc427 100644 --- a/input.c +++ b/input.c @@ -164,7 +164,6 @@ bool input_getNext(run_t* run, char* fname, bool rewind) { } snprintf(fname, PATH_MAX, "%s/%s", run->global->io.inputDir, entry->d_name); - struct stat st; if (stat(fname, &st) == -1) { LOG_W("Couldn't stat() the '%s' file", fname); @@ -314,35 +313,34 @@ bool input_parseBlacklist(honggfuzz_t* hfuzz) { return true; } -bool input_prepareDynamicInput(run_t* run, bool need_mangle) { +bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { + struct dynfile_t* current = NULL; + { - MX_SCOPED_RWLOCK_READ(&run->global->io.dynfileq_mutex); + MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); if (run->global->io.dynfileqCnt == 0) { - LOG_F("The dynamic file corpus is empty. This shouldn't happen"); + LOG_E("The dynamic file corpus is empty. This shouldn't happen"); } - if (run->dynfileqCurrent == NULL) { - run->dynfileqCurrent = TAILQ_FIRST(&run->global->io.dynfileq); - } else { - if (run->dynfileqCurrent == TAILQ_LAST(&run->global->io.dynfileq, dyns_t)) { - run->dynfileqCurrent = TAILQ_FIRST(&run->global->io.dynfileq); - } else { - run->dynfileqCurrent = TAILQ_NEXT(run->dynfileqCurrent, pointers); - } + if (run->global->io.dynfileqCurrent == NULL) { + run->global->io.dynfileqCurrent = TAILQ_FIRST(&run->global->io.dynfileq); } + current = run->global->io.dynfileqCurrent; + run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); } - input_setSize(run, run->dynfileqCurrent->size); - memcpy(run->dynamicFile, run->dynfileqCurrent->data, run->dynfileqCurrent->size); - if (need_mangle) { + input_setSize(run, current->size); + memcpy(run->dynamicFile, current->data, current->size); + + if (needs_mangle) { mangle_mangleContent(run); } return true; } -bool input_prepareStaticFile(run_t* run, bool rewind, bool need_mangle) { +bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { char fname[PATH_MAX]; if (!input_getNext(run, fname, /* rewind= */ rewind)) { return false; @@ -357,13 +355,19 @@ bool input_prepareStaticFile(run_t* run, bool rewind, bool need_mangle) { } input_setSize(run, fileSz); - if (need_mangle) { + if (needs_mangle) { mangle_mangleContent(run); } return true; } +void input_removeStaticFile(const char* path) { + if (unlink(path) == -1) { + PLOG_E("unlink('%s') failed", path); + } +} + bool input_prepareExternalFile(run_t* run) { snprintf(run->origFileName, sizeof(run->origFileName), "[EXTERNAL]"); @@ -429,6 +433,28 @@ bool input_postProcessFile(run_t* run) { return true; } +bool input_prepareDynamicFileForMinimization(run_t* run) { + MX_SCOPED_RWLOCK_READ(&run->global->io.dynfileq_mutex); + + struct dynfile_t* current = NULL; + + if (run->global->io.dynfileqCnt == 0) { + LOG_F("The dynamic file corpus is empty (fro minimization). This shouldn't happen"); + } + + if (run->global->io.dynfileqCurrent == NULL) { + run->global->io.dynfileqCurrent = TAILQ_FIRST(&run->global->io.dynfileq); + } + current = run->global->io.dynfileqCurrent; + run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); + + input_setSize(run, current->size); + memcpy(run->dynamicFile, current->data, current->size); + snprintf(run->origFileName, sizeof(run->origFileName), "%s", current->path); + + return true; +} + bool input_feedbackMutateFile(run_t* run) { int fd = files_writeBufToTmpFile(run->global->io.workDir, run->dynamicFile, run->dynamicFileSz, 0); diff --git a/input.h b/input.h index 15664ce7..d32f5610 100644 --- a/input.h +++ b/input.h @@ -31,10 +31,12 @@ extern bool input_getNext(run_t* run, char* fname, bool rewind); extern bool input_init(honggfuzz_t* hfuzz); extern bool input_parseDictionary(honggfuzz_t* hfuzz); extern bool input_parseBlacklist(honggfuzz_t* hfuzz); -extern bool input_prepareDynamicInput(run_t* run, bool need_mangele); -extern bool input_prepareStaticFile(run_t* run, bool rewind, bool need_mangele); +extern bool input_prepareDynamicInput(run_t* run, bool needs_mangle); +extern bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle); +extern void input_removeStaticFile(const char* path); extern bool input_prepareExternalFile(run_t* run); extern bool input_postProcessFile(run_t* run); +extern bool input_prepareDynamicFileForMinimization(run_t* run); extern bool input_feedbackMutateFile(run_t* run); #endif /* ifndef _HF_INPUT_H_ */ diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index b85a91f3..fa0a39b0 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -381,14 +381,10 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard(uint32_t* guard) return; } #endif /* defined(__ANDROID__) */ - if (ATOMIC_GET(*guard) == 0U) { - return; - } bool prev = ATOMIC_XCHG(feedback->pcGuardMap[*guard], true); if (prev == false) { ATOMIC_PRE_INC_RELAXED(feedback->pidFeedbackEdge[my_thread_no]); } - ATOMIC_SET(*guard, 0U); } void instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { -- cgit v1.2.3 From d2de0f22c889d9913be5201a6ff6dc05c6e2270d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 6 Oct 2019 21:05:59 +0200 Subject: More work on corpus minimization (should work now) --- fuzz.c | 23 +++++++++++------------ input.c | 14 ++++++++------ 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/fuzz.c b/fuzz.c index 278b76e9..a64c5277 100644 --- a/fuzz.c +++ b/fuzz.c @@ -216,16 +216,16 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { softCntPc + softCntEdge + softCntCmp + cpuInstr + cpuBranch, run->origFileName); ATOMIC_SET(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo], 0); - memset(run->global->feedback.feedbackMap->pidFeedbackPc, '\0', - sizeof(run->global->feedback.feedbackMap->pidFeedbackPc)); + memset(run->global->feedback.feedbackMap->bbMapPc, '\0', + sizeof(run->global->feedback.feedbackMap->bbMapPc)); ATOMIC_SET(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo], 0); - memset(run->global->feedback.feedbackMap->pidFeedbackEdge, '\0', - sizeof(run->global->feedback.feedbackMap->pidFeedbackEdge)); + memset(run->global->feedback.feedbackMap->pcGuardMap, '\0', + sizeof(run->global->feedback.feedbackMap->pcGuardMap)); ATOMIC_SET(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo], 0); - memset(run->global->feedback.feedbackMap->pidFeedbackCmp, '\0', - sizeof(run->global->feedback.feedbackMap->pidFeedbackCmp)); + memset(run->global->feedback.feedbackMap->bbMapCmp, '\0', + sizeof(run->global->feedback.feedbackMap->bbMapCmp)); memset(&run->global->linux.hwCnts, '\0', sizeof(run->global->linux.hwCnts)); } @@ -245,14 +245,13 @@ static void fuzz_perfFeedback(run_t* run) { return; } - uint64_t softCntPc = 0; - uint64_t softCntEdge = 0; - uint64_t softCntCmp = 0; - softCntPc = ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo]); + uint64_t softCntPc = ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo]); ATOMIC_CLEAR(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo]); - softCntEdge = ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo]); + uint64_t softCntEdge = + ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo]); ATOMIC_CLEAR(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo]); - softCntCmp = ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo]); + uint64_t softCntCmp = + ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo]); ATOMIC_CLEAR(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo]); int64_t diff0 = run->global->linux.hwCnts.cpuInstrCnt - run->linux.hwCnts.cpuInstrCnt; diff --git a/input.c b/input.c index 4b3fc427..a026744c 100644 --- a/input.c +++ b/input.c @@ -436,8 +436,6 @@ bool input_postProcessFile(run_t* run) { bool input_prepareDynamicFileForMinimization(run_t* run) { MX_SCOPED_RWLOCK_READ(&run->global->io.dynfileq_mutex); - struct dynfile_t* current = NULL; - if (run->global->io.dynfileqCnt == 0) { LOG_F("The dynamic file corpus is empty (fro minimization). This shouldn't happen"); } @@ -445,12 +443,16 @@ bool input_prepareDynamicFileForMinimization(run_t* run) { if (run->global->io.dynfileqCurrent == NULL) { run->global->io.dynfileqCurrent = TAILQ_FIRST(&run->global->io.dynfileq); } - current = run->global->io.dynfileqCurrent; run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); + if (run->global->io.dynfileqCurrent == NULL) { + return false; + } - input_setSize(run, current->size); - memcpy(run->dynamicFile, current->data, current->size); - snprintf(run->origFileName, sizeof(run->origFileName), "%s", current->path); + input_setSize(run, run->global->io.dynfileqCurrent->size); + memcpy(run->dynamicFile, run->global->io.dynfileqCurrent->data, + run->global->io.dynfileqCurrent->size); + snprintf( + run->origFileName, sizeof(run->origFileName), "%s", run->global->io.dynfileqCurrent->path); return true; } -- cgit v1.2.3 From cef1aca32b25061b0b5be9c738d70a2b83e839ae Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 6 Oct 2019 21:28:04 +0200 Subject: Corpus minimization: sort files prior to testing coverage --- fuzz.c | 13 +++++++++++-- input.c | 36 ++++++++++++++++++++++++++++++++++++ input.h | 1 + 3 files changed, 48 insertions(+), 2 deletions(-) diff --git a/fuzz.c b/fuzz.c index a64c5277..ea255907 100644 --- a/fuzz.c +++ b/fuzz.c @@ -180,6 +180,7 @@ static void fuzz_setDynamicMainState(run_t* run) { if (run->global->cfg.minimize) { LOG_I("Entering phase 3/3: Corpus Minimization"); + input_sortDynamicInput(run->global); ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MINIMIZE); return; } @@ -212,8 +213,16 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { run->dynamicFileSz, cpuInstr, cpuBranch, run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, softCntCmp); - fuzz_addFileToFileQ(run->global, run->dynamicFile, run->dynamicFileSz, - softCntPc + softCntEdge + softCntCmp + cpuInstr + cpuBranch, run->origFileName); + uint64_t totCov = softCntEdge + softCntPc; + if (totCov == 0) { + totCov = softCntCmp; + } + if (totCov == 0) { + totCov = cpuInstr + cpuBranch; + } + + fuzz_addFileToFileQ( + run->global, run->dynamicFile, run->dynamicFileSz, totCov, run->origFileName); ATOMIC_SET(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo], 0); memset(run->global->feedback.feedbackMap->bbMapPc, '\0', diff --git a/input.c b/input.c index a026744c..63b09872 100644 --- a/input.c +++ b/input.c @@ -448,6 +448,9 @@ bool input_prepareDynamicFileForMinimization(run_t* run) { return false; } + LOG_I("Testing file '%s' with coverage goodness of %" PRIu64, + run->global->io.dynfileqCurrent->path, run->global->io.dynfileqCurrent->covCnt); + input_setSize(run, run->global->io.dynfileqCurrent->size); memcpy(run->dynamicFile, run->global->io.dynfileqCurrent->data, run->global->io.dynfileqCurrent->size); @@ -488,3 +491,36 @@ bool input_feedbackMutateFile(run_t* run) { input_setSize(run, (size_t)sz); return true; } + +void input_sortDynamicInput(honggfuzz_t* hfuzz) { + LOG_I("Sorting %zu dynamic entries by coverage", hfuzz->io.dynfileqCnt); + + for (size_t i = 0; i < hfuzz->io.dynfileqCnt; i++) { + struct dynfile_t* item = NULL; + TAILQ_FOREACH(item, &hfuzz->io.dynfileq, pointers) { + struct dynfile_t* itemnext = TAILQ_NEXT(item, pointers); + if (itemnext == NULL) { + continue; + } + if (item->covCnt >= itemnext->covCnt) { + continue; + } + + uint8_t* data = item->data; + size_t size = item->size; + uint64_t covCnt = item->covCnt; + char path[PATH_MAX]; + snprintf(path, sizeof(path), "%s", item->path); + + item->data = itemnext->data; + item->size = itemnext->size; + item->covCnt = itemnext->covCnt; + snprintf(item->path, sizeof(item->path), "%s", itemnext->path); + + itemnext->data = data; + itemnext->size = size; + itemnext->covCnt = covCnt; + snprintf(itemnext->path, sizeof(itemnext->path), "%s", path); + } + } +} diff --git a/input.h b/input.h index d32f5610..df921f97 100644 --- a/input.h +++ b/input.h @@ -38,5 +38,6 @@ extern bool input_prepareExternalFile(run_t* run); extern bool input_postProcessFile(run_t* run); extern bool input_prepareDynamicFileForMinimization(run_t* run); extern bool input_feedbackMutateFile(run_t* run); +extern void input_sortDynamicInput(honggfuzz_t* hfuzz); #endif /* ifndef _HF_INPUT_H_ */ -- cgit v1.2.3 From 88c1b44d053fb2992cadbb4efe7dc3de8e7eb0a1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 6 Oct 2019 21:29:36 +0200 Subject: Corpus minimization: sort files prior to testing coverage #2 --- fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fuzz.c b/fuzz.c index ea255907..000116b0 100644 --- a/fuzz.c +++ b/fuzz.c @@ -179,8 +179,8 @@ static void fuzz_setDynamicMainState(run_t* run) { ATOMIC_SET(run->global->cfg.switchingToFDM, false); if (run->global->cfg.minimize) { - LOG_I("Entering phase 3/3: Corpus Minimization"); input_sortDynamicInput(run->global); + LOG_I("Entering phase 3/3: Corpus Minimization"); ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MINIMIZE); return; } -- cgit v1.2.3 From 61d6f5fbb916021f204a04200e38c50f850da4ab Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 6 Oct 2019 21:30:07 +0200 Subject: Corpus minimization: sort files prior to testing coverage #3 --- input.c | 1 + 1 file changed, 1 insertion(+) diff --git a/input.c b/input.c index 63b09872..7c5dff63 100644 --- a/input.c +++ b/input.c @@ -492,6 +492,7 @@ bool input_feedbackMutateFile(run_t* run) { return true; } +/* Yes, the bubblesort :) */ void input_sortDynamicInput(honggfuzz_t* hfuzz) { LOG_I("Sorting %zu dynamic entries by coverage", hfuzz->io.dynfileqCnt); -- cgit v1.2.3 From f77e0a9b483690001474e95e1836b5e641ec50eb Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 6 Oct 2019 21:47:16 +0200 Subject: fuzz: don't modify shared state without write lock --- input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/input.c b/input.c index 7c5dff63..e82af680 100644 --- a/input.c +++ b/input.c @@ -434,7 +434,7 @@ bool input_postProcessFile(run_t* run) { } bool input_prepareDynamicFileForMinimization(run_t* run) { - MX_SCOPED_RWLOCK_READ(&run->global->io.dynfileq_mutex); + MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); if (run->global->io.dynfileqCnt == 0) { LOG_F("The dynamic file corpus is empty (fro minimization). This shouldn't happen"); -- cgit v1.2.3 From ac6d9ee33c1ecab1be0f8d592ede6a639b5b14a0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 6 Oct 2019 22:36:57 +0200 Subject: minimize: more complex coverage metrix --- fuzz.c | 26 ++++++++++++-------------- honggfuzz.h | 4 +++- input.c | 26 ++++++++++++++++++++------ 3 files changed, 35 insertions(+), 21 deletions(-) diff --git a/fuzz.c b/fuzz.c index 000116b0..fc68a437 100644 --- a/fuzz.c +++ b/fuzz.c @@ -109,14 +109,16 @@ static bool fuzz_writeCovFile(const char* dir, const uint8_t* data, size_t len) return true; } -static void fuzz_addFileToFileQ( - honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t covCnt, const char* path) { +static void fuzz_addFileToFileQ(honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov1l, + uint64_t cov2l, uint64_t cov3l, const char* path) { ATOMIC_SET(hfuzz->timing.lastCovUpdate, time(NULL)); struct dynfile_t* dynfile = (struct dynfile_t*)util_Malloc(sizeof(struct dynfile_t)); dynfile->size = len; dynfile->data = (uint8_t*)util_Malloc(len); - dynfile->covCnt = covCnt; + dynfile->cov1l = cov1l; + dynfile->cov2l = cov2l; + dynfile->cov3l = cov3l; snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); memcpy(dynfile->data, data, len); @@ -192,7 +194,7 @@ static void fuzz_setDynamicMainState(run_t* run) { if (run->global->io.dynfileqCnt == 0) { const char* single_byte = run->global->cfg.only_printable ? " " : "\0"; fuzz_addFileToFileQ(run->global, (const uint8_t*)single_byte, /* size= */ 1U, - /* covCnt= */ 0, /* path= */ "[DYNAMIC]"); + /* cov1l/2l/3l= */ 0, 0, 0, /* path= */ "[DYNAMIC]"); } snprintf(run->origFileName, sizeof(run->origFileName), "[DYNAMIC]"); LOG_I("Entering phase 3/3: Dynamic Main (Feedback Driven Mode)"); @@ -213,16 +215,12 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { run->dynamicFileSz, cpuInstr, cpuBranch, run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, softCntCmp); - uint64_t totCov = softCntEdge + softCntPc; - if (totCov == 0) { - totCov = softCntCmp; - } - if (totCov == 0) { - totCov = cpuInstr + cpuBranch; - } + uint64_t cov1l = softCntEdge + softCntPc; + uint64_t cov2l = cpuInstr + cpuBranch; + uint64_t cov3l = softCntCmp; fuzz_addFileToFileQ( - run->global, run->dynamicFile, run->dynamicFileSz, totCov, run->origFileName); + run->global, run->dynamicFile, run->dynamicFileSz, cov1l, cov2l, cov3l, run->origFileName); ATOMIC_SET(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo], 0); memset(run->global->feedback.feedbackMap->bbMapPc, '\0', @@ -290,8 +288,8 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); if (!run->global->cfg.minimize) { - fuzz_addFileToFileQ( - run->global, run->dynamicFile, run->dynamicFileSz, /* covCnt= */ 0, "[DYNAMIC]"); + fuzz_addFileToFileQ(run->global, run->dynamicFile, run->dynamicFileSz, + /* cov1l/2l/3l= */ 0, 0, 0, "[DYNAMIC]"); } if (run->global->socketFuzzer.enabled) { diff --git a/honggfuzz.h b/honggfuzz.h index b090e656..a65f2247 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -156,7 +156,9 @@ typedef enum { struct dynfile_t { uint8_t* data; size_t size; - uint64_t covCnt; + uint64_t cov1l; + uint64_t cov2l; + uint64_t cov3l; char path[PATH_MAX]; TAILQ_ENTRY(dynfile_t) pointers; diff --git a/input.c b/input.c index e82af680..1d0fb7f0 100644 --- a/input.c +++ b/input.c @@ -448,8 +448,9 @@ bool input_prepareDynamicFileForMinimization(run_t* run) { return false; } - LOG_I("Testing file '%s' with coverage goodness of %" PRIu64, - run->global->io.dynfileqCurrent->path, run->global->io.dynfileqCurrent->covCnt); + LOG_I("Testing file '%s' with coverage goodness of %" PRIu64 "/%" PRIu64 "/%" PRIu64, + run->global->io.dynfileqCurrent->path, run->global->io.dynfileqCurrent->cov1l, + run->global->io.dynfileqCurrent->cov2l, run->global->io.dynfileqCurrent->cov3l); input_setSize(run, run->global->io.dynfileqCurrent->size); memcpy(run->dynamicFile, run->global->io.dynfileqCurrent->data, @@ -503,24 +504,37 @@ void input_sortDynamicInput(honggfuzz_t* hfuzz) { if (itemnext == NULL) { continue; } - if (item->covCnt >= itemnext->covCnt) { + if (item->cov1l >= itemnext->cov1l) { + continue; + } + if (item->cov1l == itemnext->cov1l && item->cov2l >= itemnext->cov2l) { + continue; + } + if (item->cov1l == itemnext->cov1l && item->cov2l == itemnext->cov2l && + item->cov3l >= itemnext->cov3l) { continue; } uint8_t* data = item->data; size_t size = item->size; - uint64_t covCnt = item->covCnt; + uint64_t cov1l = item->cov1l; + uint64_t cov2l = item->cov2l; + uint64_t cov3l = item->cov3l; char path[PATH_MAX]; snprintf(path, sizeof(path), "%s", item->path); item->data = itemnext->data; item->size = itemnext->size; - item->covCnt = itemnext->covCnt; + item->cov1l = itemnext->cov1l; + item->cov2l = itemnext->cov2l; + item->cov3l = itemnext->cov3l; snprintf(item->path, sizeof(item->path), "%s", itemnext->path); itemnext->data = data; itemnext->size = size; - itemnext->covCnt = covCnt; + itemnext->cov1l = cov1l; + itemnext->cov2l = cov2l; + itemnext->cov3l = cov3l; snprintf(itemnext->path, sizeof(itemnext->path), "%s", path); } } -- cgit v1.2.3 From 009fb81026ed85796864cbb84f92f7a741beff35 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 6 Oct 2019 23:21:57 +0200 Subject: minimize: better cov comparison --- input.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/input.c b/input.c index 1d0fb7f0..03dd0590 100644 --- a/input.c +++ b/input.c @@ -504,14 +504,14 @@ void input_sortDynamicInput(honggfuzz_t* hfuzz) { if (itemnext == NULL) { continue; } - if (item->cov1l >= itemnext->cov1l) { + if (itemnext->cov1l < item->cov1l) { continue; } - if (item->cov1l == itemnext->cov1l && item->cov2l >= itemnext->cov2l) { + if (itemnext->cov1l == item->cov1l && itemnext->cov2l < item->cov2l) { continue; } - if (item->cov1l == itemnext->cov1l && item->cov2l == itemnext->cov2l && - item->cov3l >= itemnext->cov3l) { + if (itemnext->cov1l == item->cov1l && itemnext->cov2l == item->cov2l && + itemnext->cov3l < item->cov3l) { continue; } -- cgit v1.2.3 From b48d6a644344de457811ea6f01beb10a985f351a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 6 Oct 2019 23:48:28 +0200 Subject: cmdline: introduce --output --- cmdline.c | 12 +++++------- fuzz.c | 40 ++++++++++++++++++++++++++-------------- honggfuzz.h | 2 +- 3 files changed, 32 insertions(+), 22 deletions(-) diff --git a/cmdline.c b/cmdline.c index b968be10..4356f851 100644 --- a/cmdline.c +++ b/cmdline.c @@ -248,6 +248,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .io = { .inputDir = NULL, + .outputDir = NULL, .inputDirPtr = NULL, .fileCnt = 0, .fileCntDone = false, @@ -255,7 +256,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .fileExtn = "fuzz", .workDir = NULL, .crashDir = NULL, - .covDirAll = NULL, .covDirNew = NULL, .saveUnique = true, .dynfileqCnt = 0U, @@ -398,9 +398,10 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { struct custom_option custom_opts[] = { { { "help", no_argument, NULL, 'h' }, "Help plz.." }, { { "input", required_argument, NULL, 'f' }, "Path to a directory containing initial file corpus" }, + { { "output", required_argument, NULL, 0x601 }, "Output data (dynamic coverage corpus, or the minimized coverage corpus) is written to this directory (default: input directory is used)" }, { { "persistent", no_argument, NULL, 'P' }, "Enable persistent fuzzing (use hfuzz_cc/hfuzz-clang to compile code). This will be auto-detected!!!" }, { { "instrument", no_argument, NULL, 'z' }, "*DEFAULT-MODE-BY-DEFAULT* Enable compile-time instrumentation (use hfuzz_cc/hfuzz-clang to compile code)" }, - { { "minimize", no_argument, NULL, 'M' }, "Minimize the input corpus. It will most likely delete some corpus files!" }, + { { "minimize", no_argument, NULL, 'M' }, "Minimize the input corpus. It will most likely delete some input corpus files if no --output is used!" }, { { "noinst", no_argument, NULL, 'x' }, "Static mode only, disable any instrumentation (hw/sw) feedback" }, { { "keep_output", no_argument, NULL, 'Q' }, "Don't close children's stdin, stdout, stderr; can be noisy" }, { { "timeout", required_argument, NULL, 't' }, "Timeout in seconds (default: 10)" }, @@ -415,7 +416,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "extension", required_argument, NULL, 'e' }, "Input file extension (e.g. 'swf'), (default: 'fuzz')" }, { { "workspace", required_argument, NULL, 'W' }, "Workspace directory to save crashes & runtime files (default: '.')" }, { { "crashdir", required_argument, NULL, 0x600 }, "Directory where crashes are saved to (default: workspace directory)" }, - { { "covdir_all", required_argument, NULL, 0x601 }, "Coverage is written to a separate directory (default: input directory)" }, + { { "covdir_all", required_argument, NULL, 0x601 }, "** DEPRECATED ** use --output" }, { { "covdir_new", required_argument, NULL, 0x602 }, "New coverage (beyond the dry-run fuzzing phase) is written to this separate directory" }, { { "dict", required_argument, NULL, 'w' }, "Dictionary file. Format:http://llvm.org/docs/LibFuzzer.html#dictionaries" }, { { "stackhash_bl", required_argument, NULL, 'B' }, "Stackhashes blacklist file (one entry per line)" }, @@ -487,9 +488,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { break; case 'f': hfuzz->io.inputDir = optarg; - if (hfuzz->io.covDirAll == NULL) { - hfuzz->io.covDirAll = optarg; - } break; case 'x': hfuzz->feedback.dynFileMethod = _HF_DYNFILE_NONE; @@ -528,7 +526,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { hfuzz->io.crashDir = optarg; break; case 0x601: - hfuzz->io.covDirAll = optarg; + hfuzz->io.outputDir = optarg; break; case 0x602: hfuzz->io.covDirNew = optarg; diff --git a/fuzz.c b/fuzz.c index fc68a437..6339a547 100644 --- a/fuzz.c +++ b/fuzz.c @@ -135,8 +135,9 @@ static void fuzz_addFileToFileQ(honggfuzz_t* hfuzz, const uint8_t* data, size_t return; } - if (!fuzz_writeCovFile(hfuzz->io.covDirAll, data, len)) { - LOG_E("Couldn't save the coverage data to '%s'", hfuzz->io.covDirAll); + const char* outDir = hfuzz->io.outputDir ? hfuzz->io.outputDir : hfuzz->io.inputDir; + if (!fuzz_writeCovFile(outDir, data, len)) { + LOG_E("Couldn't save the coverage data to '%s'", hfuzz->io.outputDir); } /* No need to add files to the new coverage dir, if it's not the main phase */ @@ -210,7 +211,7 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { uint64_t cpuInstr = run->global->linux.hwCnts.cpuInstrCnt; uint64_t cpuBranch = run->global->linux.hwCnts.cpuBranchCnt; - LOG_I("Minimization Cov, Size:%zu (i,b,hw,ed,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 + LOG_I("Corpus Minimization, len:%zu (i,b,hw,ed,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, run->dynamicFileSz, cpuInstr, cpuBranch, run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, softCntCmp); @@ -278,16 +279,25 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.softCntEdge += softCntEdge; run->global->linux.hwCnts.softCntCmp += softCntCmp; - LOG_I("Size:%zu (i,b,hw,ed,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 - "/%" PRIu64 "/%" PRIu64 ", Tot:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 - "/%" PRIu64 "/%" PRIu64, - run->dynamicFileSz, run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, - run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, softCntCmp, - run->global->linux.hwCnts.cpuInstrCnt, run->global->linux.hwCnts.cpuBranchCnt, - run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, - run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); + if (run->global->cfg.minimize) { + if (run->global->io.outputDir) { + LOG_I("Saving interesting input '%s' to the '%s' directory", run->origFileName, + run->global->io.outputDir); + if (!fuzz_writeCovFile( + run->global->io.outputDir, run->dynamicFile, run->dynamicFileSz)) { + LOG_E("Couldn't save the coverage data to '%s'", run->global->io.outputDir); + } + } + } else { + LOG_I("Size:%zu (i,b,hw,ed,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 + "/%" PRIu64 "/%" PRIu64 ", Tot:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 + "/%" PRIu64 "/%" PRIu64, + run->dynamicFileSz, run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, + run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, softCntCmp, + run->global->linux.hwCnts.cpuInstrCnt, run->global->linux.hwCnts.cpuBranchCnt, + run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, + run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); - if (!run->global->cfg.minimize) { fuzz_addFileToFileQ(run->global, run->dynamicFile, run->dynamicFileSz, /* cov1l/2l/3l= */ 0, 0, 0, "[DYNAMIC]"); } @@ -297,8 +307,10 @@ static void fuzz_perfFeedback(run_t* run) { fuzz_notifySocketFuzzerNewCov(run->global); } } else if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { - LOG_I("Removing uninteresting file '%s' from the input corpus", run->origFileName); - input_removeStaticFile(run->origFileName); + if (run->global->io.outputDir == NULL) { + LOG_I("Removing uninteresting file '%s' from the input corpus", run->origFileName); + input_removeStaticFile(run->origFileName); + } } } diff --git a/honggfuzz.h b/honggfuzz.h index a65f2247..d60373ad 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -192,6 +192,7 @@ typedef struct { } threads; struct { const char* inputDir; + const char* outputDir; DIR* inputDirPtr; size_t fileCnt; const char* fileExtn; @@ -199,7 +200,6 @@ typedef struct { size_t newUnitsAdded; const char* workDir; const char* crashDir; - const char* covDirAll; const char* covDirNew; bool saveUnique; size_t dynfileqCnt; -- cgit v1.2.3 From e8f1b5ea04205dd199a2066adf5e1cd9d52730c2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 6 Oct 2019 23:52:54 +0200 Subject: fuzz: correct hw minimization coverage --- fuzz.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fuzz.c b/fuzz.c index 6339a547..0943ff06 100644 --- a/fuzz.c +++ b/fuzz.c @@ -208,8 +208,8 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo]); uint64_t softCntCmp = ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo]); - uint64_t cpuInstr = run->global->linux.hwCnts.cpuInstrCnt; - uint64_t cpuBranch = run->global->linux.hwCnts.cpuBranchCnt; + uint64_t cpuInstr = run->linux.hwCnts.cpuInstrCnt; + uint64_t cpuBranch = run->linux.hwCnts.cpuBranchCnt; LOG_I("Corpus Minimization, len:%zu (i,b,hw,ed,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, -- cgit v1.2.3 From 8fd5406466ef7a8b2c18b2a1e8531fbb7b536b5e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 00:36:00 +0200 Subject: cmdline: recycle 'o' as it'll be used for --output soon --- cmdline.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmdline.c b/cmdline.c index 4356f851..5285d92e 100644 --- a/cmdline.c +++ b/cmdline.c @@ -441,7 +441,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "exit_upon_crash", no_argument, NULL, 0x107 }, "Exit upon seeing the first crash (default: false)" }, { { "socket_fuzzer", no_argument, NULL, 0x10B }, "Instrument external fuzzer via socket" }, { { "netdriver", no_argument, NULL, 0x10C }, "Use netdriver (libhfnetdriver/). In most cases it will be autodetected through a binary signature" }, - { { "only_printable", no_argument, NULL, 'o' }, "Only generate printable inputs" }, + { { "only_printable", no_argument, NULL, 0x10D }, "Only generate printable inputs" }, #if defined(_HF_ARCH_LINUX) { { "linux_symbols_bl", required_argument, NULL, 0x504 }, "Symbols blacklist filter file (one entry per line)" }, @@ -478,7 +478,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { int opt_index = 0; for (;;) { int c = getopt_long( - argc, argv, "-?hQvVsuPxf:dqe:W:r:c:F:t:R:n:N:l:p:g:E:w:B:zMTSo", opts, &opt_index); + argc, argv, "-?hQvVsuPxf:dqe:W:r:c:F:t:R:n:N:l:p:g:E:w:B:zMTS", opts, &opt_index); if (c < 0) break; switch (c) { @@ -547,7 +547,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { case 0x10C: hfuzz->exe.netDriver = true; break; - case 'o': + case 0x10D: hfuzz->cfg.only_printable = true; break; case 'z': -- cgit v1.2.3 From 2d72cab4a1a2c88465a76f2d5b33227adbadfb2e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 00:38:19 +0200 Subject: cmdline: make -i a synonym for -f --- cmdline.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index 5285d92e..e397a0f2 100644 --- a/cmdline.c +++ b/cmdline.c @@ -478,7 +478,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { int opt_index = 0; for (;;) { int c = getopt_long( - argc, argv, "-?hQvVsuPxf:dqe:W:r:c:F:t:R:n:N:l:p:g:E:w:B:zMTS", opts, &opt_index); + argc, argv, "-?hQvVsuPxf:i:dqe:W:r:c:F:t:R:n:N:l:p:g:E:w:B:zMTS", opts, &opt_index); if (c < 0) break; switch (c) { @@ -487,6 +487,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { cmdlineUsage(argv[0], custom_opts); break; case 'f': + case 'i': hfuzz->io.inputDir = optarg; break; case 'x': -- cgit v1.2.3 From 5f17e217a0a4f870b923a24f28d4588228d66cd7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 00:54:16 +0200 Subject: input: more readable sorting --- fuzz.c | 3 +-- honggfuzz.h | 8 +++----- input.c | 23 ++--------------------- 3 files changed, 6 insertions(+), 28 deletions(-) diff --git a/fuzz.c b/fuzz.c index 0943ff06..00e95331 100644 --- a/fuzz.c +++ b/fuzz.c @@ -113,9 +113,8 @@ static void fuzz_addFileToFileQ(honggfuzz_t* hfuzz, const uint8_t* data, size_t uint64_t cov2l, uint64_t cov3l, const char* path) { ATOMIC_SET(hfuzz->timing.lastCovUpdate, time(NULL)); - struct dynfile_t* dynfile = (struct dynfile_t*)util_Malloc(sizeof(struct dynfile_t)); + struct dynfile_t* dynfile = (struct dynfile_t*)util_Malloc(sizeof(struct dynfile_t) + len); dynfile->size = len; - dynfile->data = (uint8_t*)util_Malloc(len); dynfile->cov1l = cov1l; dynfile->cov2l = cov2l; dynfile->cov3l = cov3l; diff --git a/honggfuzz.h b/honggfuzz.h index d60373ad..c599c0db 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -154,21 +154,19 @@ typedef enum { } fuzzState_t; struct dynfile_t { - uint8_t* data; size_t size; uint64_t cov1l; uint64_t cov2l; uint64_t cov3l; char path[PATH_MAX]; - TAILQ_ENTRY(dynfile_t) - pointers; + TAILQ_ENTRY(dynfile_t) pointers; + uint8_t data[]; }; struct strings_t { char* s; size_t len; - TAILQ_ENTRY(strings_t) - pointers; + TAILQ_ENTRY(strings_t) pointers; }; typedef struct { diff --git a/input.c b/input.c index 03dd0590..ed6d28c7 100644 --- a/input.c +++ b/input.c @@ -515,27 +515,8 @@ void input_sortDynamicInput(honggfuzz_t* hfuzz) { continue; } - uint8_t* data = item->data; - size_t size = item->size; - uint64_t cov1l = item->cov1l; - uint64_t cov2l = item->cov2l; - uint64_t cov3l = item->cov3l; - char path[PATH_MAX]; - snprintf(path, sizeof(path), "%s", item->path); - - item->data = itemnext->data; - item->size = itemnext->size; - item->cov1l = itemnext->cov1l; - item->cov2l = itemnext->cov2l; - item->cov3l = itemnext->cov3l; - snprintf(item->path, sizeof(item->path), "%s", itemnext->path); - - itemnext->data = data; - itemnext->size = size; - itemnext->cov1l = cov1l; - itemnext->cov2l = cov2l; - itemnext->cov3l = cov3l; - snprintf(itemnext->path, sizeof(itemnext->path), "%s", path); + TAILQ_REMOVE(&hfuzz->io.dynfileq, itemnext, pointers); + TAILQ_INSERT_BEFORE(item, itemnext, pointers); } } } -- cgit v1.2.3 From 5b1fe00244c85db6dc57c2cfa9fd915f5756f909 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 02:27:13 +0200 Subject: input: correct sorting --- input.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/input.c b/input.c index ed6d28c7..a11cb2fc 100644 --- a/input.c +++ b/input.c @@ -442,8 +442,9 @@ bool input_prepareDynamicFileForMinimization(run_t* run) { if (run->global->io.dynfileqCurrent == NULL) { run->global->io.dynfileqCurrent = TAILQ_FIRST(&run->global->io.dynfileq); + } else { + run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); } - run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); if (run->global->io.dynfileqCurrent == NULL) { return false; } @@ -493,13 +494,16 @@ bool input_feedbackMutateFile(run_t* run) { return true; } +#define TAILQ_FOREACH_SAFE(var, head, field) \ + for ((var) = TAILQ_FIRST((head)); (var); (var) = TAILQ_NEXT((var), field)) + /* Yes, the bubblesort :) */ void input_sortDynamicInput(honggfuzz_t* hfuzz) { LOG_I("Sorting %zu dynamic entries by coverage", hfuzz->io.dynfileqCnt); for (size_t i = 0; i < hfuzz->io.dynfileqCnt; i++) { - struct dynfile_t* item = NULL; - TAILQ_FOREACH(item, &hfuzz->io.dynfileq, pointers) { + for (struct dynfile_t* item = TAILQ_FIRST(&hfuzz->io.dynfileq); item; + item = TAILQ_NEXT(item, pointers)) { struct dynfile_t* itemnext = TAILQ_NEXT(item, pointers); if (itemnext == NULL) { continue; @@ -517,6 +521,9 @@ void input_sortDynamicInput(honggfuzz_t* hfuzz) { TAILQ_REMOVE(&hfuzz->io.dynfileq, itemnext, pointers); TAILQ_INSERT_BEFORE(item, itemnext, pointers); + + /* We've swapped items, so rewind item to the itemnext */ + item = itemnext; } } } -- cgit v1.2.3 From beba17fdc0820ba856e675efdc236ff45870567f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 02:28:31 +0200 Subject: input: correct sorting #2 --- input.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/input.c b/input.c index a11cb2fc..bb019384 100644 --- a/input.c +++ b/input.c @@ -494,7 +494,7 @@ bool input_feedbackMutateFile(run_t* run) { return true; } -#define TAILQ_FOREACH_SAFE(var, head, field) \ +#define TAILQ_FOREACH_HF(var, head, field) \ for ((var) = TAILQ_FIRST((head)); (var); (var) = TAILQ_NEXT((var), field)) /* Yes, the bubblesort :) */ @@ -502,8 +502,8 @@ void input_sortDynamicInput(honggfuzz_t* hfuzz) { LOG_I("Sorting %zu dynamic entries by coverage", hfuzz->io.dynfileqCnt); for (size_t i = 0; i < hfuzz->io.dynfileqCnt; i++) { - for (struct dynfile_t* item = TAILQ_FIRST(&hfuzz->io.dynfileq); item; - item = TAILQ_NEXT(item, pointers)) { + struct dynfile_t* item = NULL; + TAILQ_FOREACH_HF(item, &hfuzz->io.dynfileq, pointers) { struct dynfile_t* itemnext = TAILQ_NEXT(item, pointers); if (itemnext == NULL) { continue; -- cgit v1.2.3 From 1897206f4b0d2e7d46372e0e0471aa87166b1d0b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 02:40:06 +0200 Subject: cmdline: better description of the minimization process --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index e397a0f2..2bb7b05c 100644 --- a/cmdline.c +++ b/cmdline.c @@ -401,7 +401,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "output", required_argument, NULL, 0x601 }, "Output data (dynamic coverage corpus, or the minimized coverage corpus) is written to this directory (default: input directory is used)" }, { { "persistent", no_argument, NULL, 'P' }, "Enable persistent fuzzing (use hfuzz_cc/hfuzz-clang to compile code). This will be auto-detected!!!" }, { { "instrument", no_argument, NULL, 'z' }, "*DEFAULT-MODE-BY-DEFAULT* Enable compile-time instrumentation (use hfuzz_cc/hfuzz-clang to compile code)" }, - { { "minimize", no_argument, NULL, 'M' }, "Minimize the input corpus. It will most likely delete some input corpus files if no --output is used!" }, + { { "minimize", no_argument, NULL, 'M' }, "Minimize the input corpus. It will most likely delete some corpus files (from the input directory) if no --output is used!" }, { { "noinst", no_argument, NULL, 'x' }, "Static mode only, disable any instrumentation (hw/sw) feedback" }, { { "keep_output", no_argument, NULL, 'Q' }, "Don't close children's stdin, stdout, stderr; can be noisy" }, { { "timeout", required_argument, NULL, 't' }, "Timeout in seconds (default: 10)" }, -- cgit v1.2.3 From 9b574a53a8b8a8d92045b6f364faa5783324bcec Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 04:10:51 +0200 Subject: input: remove unnecessary include --- Makefile | 4 ++-- input.c | 14 +++----------- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index f1c71835..7f93ad45 100644 --- a/Makefile +++ b/Makefile @@ -386,8 +386,8 @@ honggfuzz.o: cmdline.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h honggfuzz.o: display.h fuzz.h input.h libhfcommon/files.h honggfuzz.o: libhfcommon/common.h libhfcommon/log.h socketfuzzer.h subproc.h input.o: input.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h -input.o: libhfcommon/files.h libhfcommon/common.h mangle.h subproc.h -input.o: libhfcommon/log.h +input.o: libhfcommon/files.h libhfcommon/common.h libhfcommon/log.h mangle.h +input.o: subproc.h mangle.o: mangle.h honggfuzz.h libhfcommon/util.h input.h mangle.o: libhfcommon/common.h libhfcommon/log.h report.o: report.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h diff --git a/input.c b/input.c index bb019384..aecc7d50 100644 --- a/input.c +++ b/input.c @@ -39,18 +39,10 @@ #include "libhfcommon/common.h" #include "libhfcommon/files.h" -#include "mangle.h" -#include "subproc.h" - -#if defined(_HF_ARCH_LINUX) -#include -#if defined(__NR_memfd_create) -#include -#endif /* defined(__NR_memfd_create) */ -#endif /* defined(_HF_ARCH_LINUX) */ - #include "libhfcommon/log.h" #include "libhfcommon/util.h" +#include "mangle.h" +#include "subproc.h" void input_setSize(run_t* run, size_t sz) { if (run->dynamicFileSz == sz) { @@ -449,7 +441,7 @@ bool input_prepareDynamicFileForMinimization(run_t* run) { return false; } - LOG_I("Testing file '%s' with coverage goodness of %" PRIu64 "/%" PRIu64 "/%" PRIu64, + LOG_I("Testing file '%s', coverage: %" PRIu64 "/%" PRIu64 "/%" PRIu64, run->global->io.dynfileqCurrent->path, run->global->io.dynfileqCurrent->cov1l, run->global->io.dynfileqCurrent->cov2l, run->global->io.dynfileqCurrent->cov3l); -- cgit v1.2.3 From 4e19da845e222fe25652e96bc14ce68940df3f29 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 04:14:35 +0200 Subject: fuzz: add mininimization msg --- fuzz.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fuzz.c b/fuzz.c index 00e95331..54e98722 100644 --- a/fuzz.c +++ b/fuzz.c @@ -466,6 +466,7 @@ static void fuzz_fuzzLoop(run_t* run) { if (!fuzz_fetchInput(run)) { if (run->global->cfg.minimize && fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { fuzz_setTerminating(); + LOG_I("Minimization done!"); return; } LOG_F("Cound't prepare input for fuzzing"); -- cgit v1.2.3 From 826c08c9b09177cd2b2b1706b83b0acb8b17b077 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 04:16:38 +0200 Subject: fuzz: add mininimization msg #1 --- fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fuzz.c b/fuzz.c index 54e98722..be510355 100644 --- a/fuzz.c +++ b/fuzz.c @@ -466,7 +466,7 @@ static void fuzz_fuzzLoop(run_t* run) { if (!fuzz_fetchInput(run)) { if (run->global->cfg.minimize && fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { fuzz_setTerminating(); - LOG_I("Minimization done!"); + LOG_I("Corpus minimization done!"); return; } LOG_F("Cound't prepare input for fuzzing"); -- cgit v1.2.3 From 98429424fa8682757a0ff14391870eb6dbc4c6c3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 04:30:51 +0200 Subject: input: dynamic corpus dbg messages --- input.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/input.c b/input.c index aecc7d50..3a307ae6 100644 --- a/input.c +++ b/input.c @@ -312,7 +312,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); if (run->global->io.dynfileqCnt == 0) { - LOG_E("The dynamic file corpus is empty. This shouldn't happen"); + LOG_F("The dynamic file corpus is empty. This shouldn't happen"); } if (run->global->io.dynfileqCurrent == NULL) { @@ -429,7 +429,7 @@ bool input_prepareDynamicFileForMinimization(run_t* run) { MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); if (run->global->io.dynfileqCnt == 0) { - LOG_F("The dynamic file corpus is empty (fro minimization). This shouldn't happen"); + LOG_F("The dynamic file corpus is empty (for minimization). This shouldn't happen"); } if (run->global->io.dynfileqCurrent == NULL) { -- cgit v1.2.3 From 49345a091c398af6f51c583a1e751704c418e82f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 04:47:17 +0200 Subject: input: simplify dictionary list --- honggfuzz.h | 2 +- input.c | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/honggfuzz.h b/honggfuzz.h index c599c0db..ef173c76 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -164,9 +164,9 @@ struct dynfile_t { }; struct strings_t { - char* s; size_t len; TAILQ_ENTRY(strings_t) pointers; + char s[]; }; typedef struct { diff --git a/input.c b/input.c index 3a307ae6..959ffdb4 100644 --- a/input.c +++ b/input.c @@ -239,10 +239,11 @@ bool input_parseDictionary(honggfuzz_t* hfuzz) { LOG_D("Parsing word: '%s'", bufv); - char* s = util_StrDup(bufv); - struct strings_t* str = (struct strings_t*)util_Malloc(sizeof(struct strings_t)); - str->len = util_decodeCString(s); - str->s = s; + len = util_decodeCString(bufv); + struct strings_t* str = (struct strings_t*)util_Malloc(sizeof(struct strings_t) + len + 1); + str->len = len; + memcpy(str->s, bufv, str->len); + str->s[len] = '\0'; hfuzz->mutate.dictionaryCnt += 1; TAILQ_INSERT_TAIL(&hfuzz->mutate.dictq, str, pointers); -- cgit v1.2.3 From 17a0e87729f55319e60b6947179d1282bc5cee3c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 04:54:39 +0200 Subject: input: simplify dictionary list #2 --- input.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/input.c b/input.c index 959ffdb4..93fea852 100644 --- a/input.c +++ b/input.c @@ -231,8 +231,8 @@ bool input_parseDictionary(honggfuzz_t* hfuzz) { } char bufn[1025] = {}; char bufv[1025] = {}; - if (sscanf(lineptr, "\"%1024s", bufv) != 1 && - sscanf(lineptr, "%1024[^=]=\"%1024s", bufn, bufv) != 2) { + if (sscanf(lineptr, "\"%1024[^\"]", bufv) != 1 && + sscanf(lineptr, "%1024[^=]=\"%1024[^\"]", bufn, bufv) != 2) { LOG_W("Incorrect dictionary entry: '%s'. Skipping", lineptr); continue; } @@ -241,8 +241,8 @@ bool input_parseDictionary(honggfuzz_t* hfuzz) { len = util_decodeCString(bufv); struct strings_t* str = (struct strings_t*)util_Malloc(sizeof(struct strings_t) + len + 1); + memcpy(str->s, bufv, len); str->len = len; - memcpy(str->s, bufv, str->len); str->s[len] = '\0'; hfuzz->mutate.dictionaryCnt += 1; TAILQ_INSERT_TAIL(&hfuzz->mutate.dictq, str, pointers); -- cgit v1.2.3 From 7df09213bc3399056674f3a32eb6e010977dfc6a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 14:52:17 +0200 Subject: move corpus manipulation to the input module --- Makefile | 2 +- fuzz.c | 90 +++++++++---------------------------------------------------- fuzz.h | 1 + honggfuzz.h | 4 +-- input.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++----- input.h | 3 +++ 6 files changed, 91 insertions(+), 87 deletions(-) diff --git a/Makefile b/Makefile index 7f93ad45..5787abc2 100644 --- a/Makefile +++ b/Makefile @@ -385,7 +385,7 @@ fuzz.o: subproc.h honggfuzz.o: cmdline.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h honggfuzz.o: display.h fuzz.h input.h libhfcommon/files.h honggfuzz.o: libhfcommon/common.h libhfcommon/log.h socketfuzzer.h subproc.h -input.o: input.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h +input.o: input.h honggfuzz.h libhfcommon/util.h fuzz.h libhfcommon/common.h input.o: libhfcommon/files.h libhfcommon/common.h libhfcommon/log.h mangle.h input.o: subproc.h mangle.o: mangle.h honggfuzz.h libhfcommon/util.h input.h diff --git a/fuzz.c b/fuzz.c index be510355..0a4ba41e 100644 --- a/fuzz.c +++ b/fuzz.c @@ -82,75 +82,10 @@ bool fuzz_shouldTerminate() { return false; } -static fuzzState_t fuzz_getState(honggfuzz_t* hfuzz) { +fuzzState_t fuzz_getState(honggfuzz_t* hfuzz) { return ATOMIC_GET(hfuzz->feedback.state); } -static bool fuzz_writeCovFile(const char* dir, const uint8_t* data, size_t len) { - char fname[PATH_MAX]; - - uint64_t crc64f = util_CRC64(data, len); - uint64_t crc64r = util_CRC64Rev(data, len); - snprintf(fname, sizeof(fname), "%s/%016" PRIx64 "%016" PRIx64 ".%08" PRIx32 ".honggfuzz.cov", - dir, crc64f, crc64r, (uint32_t)len); - - if (files_exists(fname)) { - LOG_D("File '%s' already exists in the output corpus directory '%s'", fname, dir); - return true; - } - - LOG_D("Adding file '%s' to the corpus directory '%s'", fname, dir); - - if (!files_writeBufToFile(fname, data, len, O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC)) { - LOG_W("Couldn't write buffer to file '%s'", fname); - return false; - } - - return true; -} - -static void fuzz_addFileToFileQ(honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov1l, - uint64_t cov2l, uint64_t cov3l, const char* path) { - ATOMIC_SET(hfuzz->timing.lastCovUpdate, time(NULL)); - - struct dynfile_t* dynfile = (struct dynfile_t*)util_Malloc(sizeof(struct dynfile_t) + len); - dynfile->size = len; - dynfile->cov1l = cov1l; - dynfile->cov2l = cov2l; - dynfile->cov3l = cov3l; - snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); - memcpy(dynfile->data, data, len); - - MX_SCOPED_RWLOCK_WRITE(&hfuzz->io.dynfileq_mutex); - TAILQ_INSERT_TAIL(&hfuzz->io.dynfileq, dynfile, pointers); - hfuzz->io.dynfileqCnt++; - - if (hfuzz->socketFuzzer.enabled) { - /* Don't add coverage data to files in socketFuzzer mode */ - return; - } - if (hfuzz->cfg.minimize) { - /* When minimizing we should only delete files */ - return; - } - - const char* outDir = hfuzz->io.outputDir ? hfuzz->io.outputDir : hfuzz->io.inputDir; - if (!fuzz_writeCovFile(outDir, data, len)) { - LOG_E("Couldn't save the coverage data to '%s'", hfuzz->io.outputDir); - } - - /* No need to add files to the new coverage dir, if it's not the main phase */ - if (fuzz_getState(hfuzz) != _HF_STATE_DYNAMIC_MAIN) { - return; - } - - hfuzz->io.newUnitsAdded++; - - if (hfuzz->io.covDirNew && !fuzz_writeCovFile(hfuzz->io.covDirNew, data, len)) { - LOG_E("Couldn't save the new coverage data to '%s'", hfuzz->io.covDirNew); - } -} - static void fuzz_setDynamicMainState(run_t* run) { /* All threads need to indicate willingness to switch to the DYNAMIC_MAIN state. Count them! */ static uint32_t cnt = 0; @@ -193,8 +128,8 @@ static void fuzz_setDynamicMainState(run_t* run) { */ if (run->global->io.dynfileqCnt == 0) { const char* single_byte = run->global->cfg.only_printable ? " " : "\0"; - fuzz_addFileToFileQ(run->global, (const uint8_t*)single_byte, /* size= */ 1U, - /* cov1l/2l/3l= */ 0, 0, 0, /* path= */ "[DYNAMIC]"); + input_addDynamicInput(run->global, (const uint8_t*)single_byte, /* size= */ 1U, + /* cov */ (uint64_t[3]){0, 0, 0}, /* path= */ "[DYNAMIC]"); } snprintf(run->origFileName, sizeof(run->origFileName), "[DYNAMIC]"); LOG_I("Entering phase 3/3: Dynamic Main (Feedback Driven Mode)"); @@ -215,12 +150,13 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { run->dynamicFileSz, cpuInstr, cpuBranch, run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, softCntCmp); - uint64_t cov1l = softCntEdge + softCntPc; - uint64_t cov2l = cpuInstr + cpuBranch; - uint64_t cov3l = softCntCmp; - - fuzz_addFileToFileQ( - run->global, run->dynamicFile, run->dynamicFileSz, cov1l, cov2l, cov3l, run->origFileName); + uint64_t cov[3] = { + [0] = softCntEdge + softCntPc, + [1] = cpuInstr + cpuBranch, + [2] = softCntCmp, + }; + input_addDynamicInput( + run->global, run->dynamicFile, run->dynamicFileSz, cov, run->origFileName); ATOMIC_SET(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo], 0); memset(run->global->feedback.feedbackMap->bbMapPc, '\0', @@ -282,7 +218,7 @@ static void fuzz_perfFeedback(run_t* run) { if (run->global->io.outputDir) { LOG_I("Saving interesting input '%s' to the '%s' directory", run->origFileName, run->global->io.outputDir); - if (!fuzz_writeCovFile( + if (!input_writeCovFile( run->global->io.outputDir, run->dynamicFile, run->dynamicFileSz)) { LOG_E("Couldn't save the coverage data to '%s'", run->global->io.outputDir); } @@ -297,8 +233,8 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); - fuzz_addFileToFileQ(run->global, run->dynamicFile, run->dynamicFileSz, - /* cov1l/2l/3l= */ 0, 0, 0, "[DYNAMIC]"); + input_addDynamicInput(run->global, run->dynamicFile, run->dynamicFileSz, + (uint64_t[3]){0, 0, 0}, "[DYNAMIC]"); } if (run->global->socketFuzzer.enabled) { diff --git a/fuzz.h b/fuzz.h index 4bce6562..32409ce7 100644 --- a/fuzz.h +++ b/fuzz.h @@ -32,5 +32,6 @@ extern void fuzz_threadsStart(honggfuzz_t* fuzz); extern bool fuzz_isTerminating(void); extern void fuzz_setTerminating(void); extern bool fuzz_shouldTerminate(void); +extern fuzzState_t fuzz_getState(honggfuzz_t* hfuzz); #endif diff --git a/honggfuzz.h b/honggfuzz.h index ef173c76..a5b730e4 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -155,9 +155,7 @@ typedef enum { struct dynfile_t { size_t size; - uint64_t cov1l; - uint64_t cov2l; - uint64_t cov3l; + uint64_t cov[3]; char path[PATH_MAX]; TAILQ_ENTRY(dynfile_t) pointers; uint8_t data[]; diff --git a/input.c b/input.c index 93fea852..839d21e6 100644 --- a/input.c +++ b/input.c @@ -37,6 +37,7 @@ #include #include +#include "fuzz.h" #include "libhfcommon/common.h" #include "libhfcommon/files.h" #include "libhfcommon/log.h" @@ -306,6 +307,71 @@ bool input_parseBlacklist(honggfuzz_t* hfuzz) { return true; } +bool input_writeCovFile(const char* dir, const uint8_t* data, size_t len) { + char fname[PATH_MAX]; + + uint64_t crc64f = util_CRC64(data, len); + uint64_t crc64r = util_CRC64Rev(data, len); + snprintf(fname, sizeof(fname), "%s/%016" PRIx64 "%016" PRIx64 ".%08" PRIx32 ".honggfuzz.cov", + dir, crc64f, crc64r, (uint32_t)len); + + if (files_exists(fname)) { + LOG_D("File '%s' already exists in the output corpus directory '%s'", fname, dir); + return true; + } + + LOG_D("Adding file '%s' to the corpus directory '%s'", fname, dir); + + if (!files_writeBufToFile(fname, data, len, O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC)) { + LOG_W("Couldn't write buffer to file '%s'", fname); + return false; + } + + return true; +} + +void input_addDynamicInput( + honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov[3], const char* path) { + ATOMIC_SET(hfuzz->timing.lastCovUpdate, time(NULL)); + + struct dynfile_t* dynfile = (struct dynfile_t*)util_Malloc(sizeof(struct dynfile_t) + len); + dynfile->size = len; + dynfile->cov[0] = cov[0]; + dynfile->cov[1] = cov[1]; + dynfile->cov[2] = cov[2]; + snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); + memcpy(dynfile->data, data, len); + + MX_SCOPED_RWLOCK_WRITE(&hfuzz->io.dynfileq_mutex); + TAILQ_INSERT_TAIL(&hfuzz->io.dynfileq, dynfile, pointers); + hfuzz->io.dynfileqCnt++; + + if (hfuzz->socketFuzzer.enabled) { + /* Don't add coverage data to files in socketFuzzer mode */ + return; + } + if (hfuzz->cfg.minimize) { + /* When minimizing we should only delete files */ + return; + } + + const char* outDir = hfuzz->io.outputDir ? hfuzz->io.outputDir : hfuzz->io.inputDir; + if (!input_writeCovFile(outDir, data, len)) { + LOG_E("Couldn't save the coverage data to '%s'", hfuzz->io.outputDir); + } + + /* No need to add files to the new coverage dir, if it's not the main phase */ + if (fuzz_getState(hfuzz) != _HF_STATE_DYNAMIC_MAIN) { + return; + } + + hfuzz->io.newUnitsAdded++; + + if (hfuzz->io.covDirNew && !input_writeCovFile(hfuzz->io.covDirNew, data, len)) { + LOG_E("Couldn't save the new coverage data to '%s'", hfuzz->io.covDirNew); + } +} + bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { struct dynfile_t* current = NULL; @@ -443,8 +509,8 @@ bool input_prepareDynamicFileForMinimization(run_t* run) { } LOG_I("Testing file '%s', coverage: %" PRIu64 "/%" PRIu64 "/%" PRIu64, - run->global->io.dynfileqCurrent->path, run->global->io.dynfileqCurrent->cov1l, - run->global->io.dynfileqCurrent->cov2l, run->global->io.dynfileqCurrent->cov3l); + run->global->io.dynfileqCurrent->path, run->global->io.dynfileqCurrent->cov[0], + run->global->io.dynfileqCurrent->cov[1], run->global->io.dynfileqCurrent->cov[2]); input_setSize(run, run->global->io.dynfileqCurrent->size); memcpy(run->dynamicFile, run->global->io.dynfileqCurrent->data, @@ -501,14 +567,14 @@ void input_sortDynamicInput(honggfuzz_t* hfuzz) { if (itemnext == NULL) { continue; } - if (itemnext->cov1l < item->cov1l) { + if (itemnext->cov[0] < item->cov[0]) { continue; } - if (itemnext->cov1l == item->cov1l && itemnext->cov2l < item->cov2l) { + if (itemnext->cov[0] == item->cov[0] && itemnext->cov[1] < item->cov[1]) { continue; } - if (itemnext->cov1l == item->cov1l && itemnext->cov2l == item->cov2l && - itemnext->cov3l < item->cov3l) { + if (itemnext->cov[0] == item->cov[0] && itemnext->cov[1] == item->cov[1] && + itemnext->cov[2] < item->cov[2]) { continue; } diff --git a/input.h b/input.h index df921f97..e2fa681a 100644 --- a/input.h +++ b/input.h @@ -31,6 +31,9 @@ extern bool input_getNext(run_t* run, char* fname, bool rewind); extern bool input_init(honggfuzz_t* hfuzz); extern bool input_parseDictionary(honggfuzz_t* hfuzz); extern bool input_parseBlacklist(honggfuzz_t* hfuzz); +extern bool input_writeCovFile(const char* dir, const uint8_t* data, size_t len); +extern void input_addDynamicInput( + honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov[3], const char* path); extern bool input_prepareDynamicInput(run_t* run, bool needs_mangle); extern bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle); extern void input_removeStaticFile(const char* path); -- cgit v1.2.3 From b3f8252af44cbbcdf75e71ff39b7aa012848bd7b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 15:07:00 +0200 Subject: input: secondary factor when sorting inputs for minimization is the input size (smaller, better) --- cmdline.c | 8 ++++---- fuzz.c | 10 ++++++---- honggfuzz.h | 2 +- input.c | 12 +++++++----- input.h | 2 +- 5 files changed, 19 insertions(+), 15 deletions(-) diff --git a/cmdline.c b/cmdline.c index 2bb7b05c..4585fb09 100644 --- a/cmdline.c +++ b/cmdline.c @@ -398,10 +398,10 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { struct custom_option custom_opts[] = { { { "help", no_argument, NULL, 'h' }, "Help plz.." }, { { "input", required_argument, NULL, 'f' }, "Path to a directory containing initial file corpus" }, - { { "output", required_argument, NULL, 0x601 }, "Output data (dynamic coverage corpus, or the minimized coverage corpus) is written to this directory (default: input directory is used)" }, + { { "output", required_argument, NULL, 0x601 }, "Output data (new dynamic coverage corpus, or the minimized coverage corpus) is written to this directory (default: input directory is used)" }, { { "persistent", no_argument, NULL, 'P' }, "Enable persistent fuzzing (use hfuzz_cc/hfuzz-clang to compile code). This will be auto-detected!!!" }, { { "instrument", no_argument, NULL, 'z' }, "*DEFAULT-MODE-BY-DEFAULT* Enable compile-time instrumentation (use hfuzz_cc/hfuzz-clang to compile code)" }, - { { "minimize", no_argument, NULL, 'M' }, "Minimize the input corpus. It will most likely delete some corpus files (from the input directory) if no --output is used!" }, + { { "minimize", no_argument, NULL, 'M' }, "Minimize the input corpus. It will most likely delete some corpus files (from the --input directory) if no --output is used!" }, { { "noinst", no_argument, NULL, 'x' }, "Static mode only, disable any instrumentation (hw/sw) feedback" }, { { "keep_output", no_argument, NULL, 'Q' }, "Don't close children's stdin, stdout, stderr; can be noisy" }, { { "timeout", required_argument, NULL, 't' }, "Timeout in seconds (default: 10)" }, @@ -487,7 +487,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { cmdlineUsage(argv[0], custom_opts); break; case 'f': - case 'i': + case 'i': /* Synonym for -f, stands for -i(input) */ hfuzz->io.inputDir = optarg; break; case 'x': @@ -543,7 +543,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { break; case 0x10B: hfuzz->socketFuzzer.enabled = true; - hfuzz->timing.tmOut = 0; // Disable process timeout checks + hfuzz->timing.tmOut = 0; /* Disable process timeout checks */ break; case 0x10C: hfuzz->exe.netDriver = true; diff --git a/fuzz.c b/fuzz.c index 0a4ba41e..4e232c2a 100644 --- a/fuzz.c +++ b/fuzz.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -129,7 +130,7 @@ static void fuzz_setDynamicMainState(run_t* run) { if (run->global->io.dynfileqCnt == 0) { const char* single_byte = run->global->cfg.only_printable ? " " : "\0"; input_addDynamicInput(run->global, (const uint8_t*)single_byte, /* size= */ 1U, - /* cov */ (uint64_t[3]){0, 0, 0}, /* path= */ "[DYNAMIC]"); + /* cov */ (uint64_t[4]){0, 0, 0, 0}, /* path= */ "[DYNAMIC]"); } snprintf(run->origFileName, sizeof(run->origFileName), "[DYNAMIC]"); LOG_I("Entering phase 3/3: Dynamic Main (Feedback Driven Mode)"); @@ -150,10 +151,11 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { run->dynamicFileSz, cpuInstr, cpuBranch, run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, softCntCmp); - uint64_t cov[3] = { + uint64_t cov[4] = { [0] = softCntEdge + softCntPc, - [1] = cpuInstr + cpuBranch, - [2] = softCntCmp, + [1] = 64U - (uint64_t)log2l(run->dynamicFileSz), /* The smaller input size, the better */ + [2] = cpuInstr + cpuBranch, + [3] = softCntCmp, }; input_addDynamicInput( run->global, run->dynamicFile, run->dynamicFileSz, cov, run->origFileName); diff --git a/honggfuzz.h b/honggfuzz.h index a5b730e4..19104a33 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -155,7 +155,7 @@ typedef enum { struct dynfile_t { size_t size; - uint64_t cov[3]; + uint64_t cov[4]; char path[PATH_MAX]; TAILQ_ENTRY(dynfile_t) pointers; uint8_t data[]; diff --git a/input.c b/input.c index 839d21e6..81072097 100644 --- a/input.c +++ b/input.c @@ -331,16 +331,14 @@ bool input_writeCovFile(const char* dir, const uint8_t* data, size_t len) { } void input_addDynamicInput( - honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov[3], const char* path) { + honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov[4], const char* path) { ATOMIC_SET(hfuzz->timing.lastCovUpdate, time(NULL)); struct dynfile_t* dynfile = (struct dynfile_t*)util_Malloc(sizeof(struct dynfile_t) + len); dynfile->size = len; - dynfile->cov[0] = cov[0]; - dynfile->cov[1] = cov[1]; - dynfile->cov[2] = cov[2]; - snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); + memcpy(dynfile->cov, cov, sizeof(dynfile->cov)); memcpy(dynfile->data, data, len); + snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); MX_SCOPED_RWLOCK_WRITE(&hfuzz->io.dynfileq_mutex); TAILQ_INSERT_TAIL(&hfuzz->io.dynfileq, dynfile, pointers); @@ -577,6 +575,10 @@ void input_sortDynamicInput(honggfuzz_t* hfuzz) { itemnext->cov[2] < item->cov[2]) { continue; } + if (itemnext->cov[0] == item->cov[0] && itemnext->cov[1] == item->cov[1] && + itemnext->cov[2] == item->cov[2] && itemnext->cov[3] < item->cov[3]) { + continue; + } TAILQ_REMOVE(&hfuzz->io.dynfileq, itemnext, pointers); TAILQ_INSERT_BEFORE(item, itemnext, pointers); diff --git a/input.h b/input.h index e2fa681a..5eb8d64d 100644 --- a/input.h +++ b/input.h @@ -33,7 +33,7 @@ extern bool input_parseDictionary(honggfuzz_t* hfuzz); extern bool input_parseBlacklist(honggfuzz_t* hfuzz); extern bool input_writeCovFile(const char* dir, const uint8_t* data, size_t len); extern void input_addDynamicInput( - honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov[3], const char* path); + honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov[4], const char* path); extern bool input_prepareDynamicInput(run_t* run, bool needs_mangle); extern bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle); extern void input_removeStaticFile(const char* path); -- cgit v1.2.3 From c9fe3994ef2c27beab7d469650dee095930cfb6a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 15:14:37 +0200 Subject: cmdline: the main switch for --input is now -i, though -f will work --- cmdline.c | 16 ++-- docs/ExternalFuzzerUsage.md | 6 +- docs/FeedbackDrivenFuzzing.md | 22 +++--- docs/USAGE.md | 90 ++++++++++++---------- examples/apache-httpd/README.md | 12 +-- ...un-honggfuzz-on-badcode1-with-externalfuzzer.sh | 2 +- examples/badcode/run-honggfuzz-on-badcode1.sh | 2 +- examples/bind/README.md | 2 +- examples/glibc/README.md | 2 +- examples/openssl/README.md | 8 +- examples/terminal-emulators/README.md | 2 +- 11 files changed, 82 insertions(+), 82 deletions(-) diff --git a/cmdline.c b/cmdline.c index 4585fb09..08c8d10f 100644 --- a/cmdline.c +++ b/cmdline.c @@ -107,16 +107,16 @@ static void cmdlineHelp(const char* pname, struct custom_option* opts) { LOG_HELP( " Run the binary over a mutated file chosen from the directory. Disable fuzzing feedback " "(static mode):"); - LOG_HELP_BOLD(" " PROG_NAME " -f input_dir -x -- /usr/bin/djpeg " _HF_FILE_PLACEHOLDER); + LOG_HELP_BOLD(" " PROG_NAME " -i input_dir -x -- /usr/bin/djpeg " _HF_FILE_PLACEHOLDER); LOG_HELP(" As above, provide input over STDIN:"); - LOG_HELP_BOLD(" " PROG_NAME " -f input_dir -x -s -- /usr/bin/djpeg"); + LOG_HELP_BOLD(" " PROG_NAME " -i input_dir -x -s -- /usr/bin/djpeg"); LOG_HELP(" Use compile-time instrumentation (-fsanitize-coverage=trace-pc-guard,...):"); - LOG_HELP_BOLD(" " PROG_NAME " -f input_dir -- /usr/bin/djpeg " _HF_FILE_PLACEHOLDER); + LOG_HELP_BOLD(" " PROG_NAME " -i input_dir -- /usr/bin/djpeg " _HF_FILE_PLACEHOLDER); LOG_HELP(" Use persistent mode w/o instrumentation:"); - LOG_HELP_BOLD(" " PROG_NAME " -f input_dir -P -x -- /usr/bin/djpeg_persistent_mode"); + LOG_HELP_BOLD(" " PROG_NAME " -i input_dir -P -x -- /usr/bin/djpeg_persistent_mode"); LOG_HELP(" Use persistent mode and compile-time (-fsanitize-coverage=trace-pc-guard,...) " "instrumentation:"); - LOG_HELP_BOLD(" " PROG_NAME " -f input_dir -P -- /usr/bin/djpeg_persistent_mode"); + LOG_HELP_BOLD(" " PROG_NAME " -i input_dir -P -- /usr/bin/djpeg_persistent_mode"); #if defined(_HF_ARCH_LINUX) LOG_HELP( " Run the binary with dynamically generate inputs, maximize total no. of instructions:"); @@ -397,7 +397,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { // clang-format off struct custom_option custom_opts[] = { { { "help", no_argument, NULL, 'h' }, "Help plz.." }, - { { "input", required_argument, NULL, 'f' }, "Path to a directory containing initial file corpus" }, + { { "input", required_argument, NULL, 'i' }, "Path to a directory containing initial file corpus" }, { { "output", required_argument, NULL, 0x601 }, "Output data (new dynamic coverage corpus, or the minimized coverage corpus) is written to this directory (default: input directory is used)" }, { { "persistent", no_argument, NULL, 'P' }, "Enable persistent fuzzing (use hfuzz_cc/hfuzz-clang to compile code). This will be auto-detected!!!" }, { { "instrument", no_argument, NULL, 'z' }, "*DEFAULT-MODE-BY-DEFAULT* Enable compile-time instrumentation (use hfuzz_cc/hfuzz-clang to compile code)" }, @@ -486,8 +486,8 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { case '?': cmdlineUsage(argv[0], custom_opts); break; - case 'f': - case 'i': /* Synonym for -f, stands for -i(input) */ + case 'i': + case 'f': /* Synonym for -i, stands for -f(iles) */ hfuzz->io.inputDir = optarg; break; case 'x': diff --git a/docs/ExternalFuzzerUsage.md b/docs/ExternalFuzzerUsage.md index d220e645..7f9ed6b3 100644 --- a/docs/ExternalFuzzerUsage.md +++ b/docs/ExternalFuzzerUsage.md @@ -31,7 +31,7 @@ $ ./examples/targets/badcode1 examples/inputfiles/badcode1.txt The bug in badcode1.c is that it reads lines up to 128 bytes from the input file and writes them to a 64 byte buffer (`fgets(str, 128, fp)`). If we would modify random bytes in the input file, the bug would only trigger when we overwrite the newline in the inputfile. With standard honggfuzz options this might take a while: ``` -$ ./honggfuzz -n 1 -f examples/badcode/inputfiles/badcode1.txt -- ./examples/badcode/targets/badcode1 ___FILE___ +$ ./honggfuzz -n 1 -i examples/badcode/inputfiles/badcode1.txt -- ./examples/badcode/targets/badcode1 ___FILE___ honggfuzz, version 0.1 Robert Swiecki , Copyright 2010 by Google Inc. All Rights Reserved. [INFO] Launched new process, pid: 43288, (1/1) 123456789012345678901234567890123456789012345678901234567890 @@ -45,14 +45,14 @@ honggfuzz, version 0.1 Robert Swiecki , Copyright 2010 by Go Now if we take a look at the script under [examples/externalfuzzers/lowBytesIncrease.py](http://code.google.com/p/honggfuzz/source/browse/trunk/examples/externalfuzzers/lowBytesIncrease.py), we see that it searches the input file (as provided by `argv[1]`) for low bytes and increases them randomly. This will modify the newlines, and thus trigger the bug much faster, as shown below: ``` -$ ./honggfuzz -n 1 -f examples/badcode/inputfiles/badcode1.txt -c `pwd`/examples/externalfuzzers/lowBytesIncrease.py -- ./examples/badcode/targets/badcode1 ___FILE___ +$ ./honggfuzz -n 1 -i examples/badcode/inputfiles/badcode1.txt -c `pwd`/examples/externalfuzzers/lowBytesIncrease.py -- ./examples/badcode/targets/badcode1 ___FILE___ honggfuzz, version 0.1 Robert Swiecki , Copyright 2010 by Google Inc. All Rights Reserved. [INFO] Launched new process, pid: 44578, (1/1) [INFO] Ok, that's interesting, saving the '.honggfuzz.1287067149.44576.413228313.fuzz' as 'SIGSEGV.44578.2010-10-14.16.39.09.fuzz' [INFO] Launched new process, pid: 44580, (1/1) [INFO] Ok, that's interesting, saving the '.honggfuzz.1287067149.44576.637798454.fuzz' as 'SIGSEGV.44580.2010-10-14.16.39.09.fuzz' ... -```$ ./honggfuzz -n 1 -f examples/badcode/inputfiles/badcode1.txt -c `pwd`/examples/externalfuzzers/lowBytesIncrease.py -- ./examples/badcode/targets/badcode1 ___FILE___ +```$ ./honggfuzz -n 1 -i examples/badcode/inputfiles/badcode1.txt -c `pwd`/examples/externalfuzzers/lowBytesIncrease.py -- ./examples/badcode/targets/badcode1 ___FILE___ honggfuzz, version 0.1 Robert Swiecki , Copyright 2010 by Google Inc. All Rights Reserved. [INFO] Launched new process, pid: 44578, (1/1) [INFO] Ok, that's interesting, saving the '.honggfuzz.1287067149.44576.413228313.fuzz' as 'SIGSEGV.44578.2010-10-14.16.39.09.fuzz' diff --git a/docs/FeedbackDrivenFuzzing.md b/docs/FeedbackDrivenFuzzing.md index 28298a41..ba7de048 100644 --- a/docs/FeedbackDrivenFuzzing.md +++ b/docs/FeedbackDrivenFuzzing.md @@ -73,7 +73,7 @@ int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) { ``` $ [honggfuzz_dir]/honggfuzz/hfuzz_cc/hfuzz-clang -c fuzzedlib.c -o fuzzedlib.o $ [honggfuzz_dir]/honggfuzz/hfuzz_cc/hfuzz-clang test.c fuzzedlib.o -o test -$ [honggfuzz_dir]/honggfuzz -P -f INPUT.corpus -- ./test +$ [honggfuzz_dir]/honggfuzz -i input_corpus -P -- ./test ``` `LLVMFuzzerInitialize(int *argc, char **argv)` is supported as well @@ -101,16 +101,16 @@ int main(void) { ``` $ [honggfuzz_dir]/honggfuzz/hfuzz_cc/hfuzz-clang -c fuzzedlib.c -o fuzzedlib.o $ [honggfuzz_dir]/honggfuzz/hfuzz_cc/hfuzz-clang test.c fuzzedlib.o -o test -$ [honggfuzz_dir]/honggfuzz -P -f INPUT.corpus -- ./test +$ [honggfuzz_dir]/honggfuzz -i input_corpus -P -- ./test ``` Example: ``` -$ [honggfuzz_dir]/honggfuzz -P -f IN.server/ -- ./persistent.server.openssl.1.0.2i.asan +$ [honggfuzz_dir]/honggfuzz -i input_corpus -P -- ./persistent.server.openssl.1.0.2i.asan ------------------------------[ honggfuzz v0.8 ]------------------------------ Iterations : 3,275,169 [3.28M] Run Time : 2 hrs 17 min 16 sec (since: 2016-09-27 07:30:04) - Input Dir : 'IN.server/' + Input Dir : 'input_corpus' Fuzzed Cmd : './persistent.server.openssl.1.0.2i.asan' Fuzzing Threads : 2, CPUs: 8, CPU: 759.0% (94.9%/CPU) Speed (Round) : 86/sec (avg: 397) @@ -130,11 +130,11 @@ PS. You can also use a non-persistent mode here (without the __-P__ flag), in wh This mode will take into consideration pairs (tuples) of jumps, recording unique from-to jump pairs. The data is taken from the Intel BTS CPU registers. ``` -$ [honggfuzz_dir]/honggfuzz --linux_perf_bts_edge -f IN.corpus/ -- /usr/bin/xmllint -format ___FILE___ +$ [honggfuzz_dir]/honggfuzz --linux_perf_bts_edge -i input_corpus -- /usr/bin/xmllint -format ___FILE___ ============================== STAT ============================== Iterations: 1 Start time: 2016-02-16 18:37:08 (1 seconds elapsed) -Input file/dir: 'IN/' +Input file/dir: 'input_corpus' Fuzzed cmd: '/usr/bin/xmllint -format ___FILE___' Fuzzing threads: 2 Execs per second: 1 (avg: 1) @@ -152,7 +152,7 @@ Coverage (max): This mode will utilize Interl's PT (Process Trace) subsystem, which should be way faster than BTS (Branch Trace Store), but will currently produce less precise results. ``` -$ [honggfuzz_dir]/honggfuzz --linux_perf_ipt_block -f IN.corpus/ -- /usr/bin/xmllint -format ___FILE___ +$ [honggfuzz_dir]/honggfuzz --linux_perf_ipt_block -i IN.corpus/ -- /usr/bin/xmllint -format ___FILE___ ============================== STAT ============================== Iterations: 0 Start time: 2016-02-16 18:38:45 (0 seconds elapsed) @@ -173,11 +173,11 @@ Coverage (max): This mode tries to maximize the number of instructions taken during each process iteration. The counters will be taken from the Linux perf subsystems. Intel, AMD and even other CPU architectures are supported for this mode. ``` -$ [honggfuzz_dir]/honggfuzz --linux_perf_instr -f IN.corpus -- /usr/bin/xmllint -format ___FILE___ +$ [honggfuzz_dir]/honggfuzz --linux_perf_instr -i input_corpus -- /usr/bin/xmllint -format ___FILE___ ============================== STAT ============================== Iterations: 2776 Start time: 2016-02-16 18:40:51 (3 seconds elapsed) -Input file/dir: 'CURRENT_BEST' +Input file/dir: 'input_corpus' Fuzzed cmd: '/usr/bin/xmllint -format ___FILE___' Fuzzing threads: 2 Execs per second: 922 (avg: 925) @@ -198,11 +198,11 @@ Coverage (max): As above, it will try to maximize the number of branches taken by CPU on behalf of the fuzzed process (here: djpeg.static) while performing each fuzzing iteration. Intel, AMD and even other CPU architectures are supported for this mode. ``` -$ [honggfuzz_dir]/honggfuzz --linux_perf_branch -f IN/ -F 2500 -- /usr/bin/xmllint -format ___FILE___ +$ [honggfuzz_dir]/honggfuzz --linux_perf_branch -i input_corpus -F 2500 -- /usr/bin/xmllint -format ___FILE___ ============================== STAT ============================== Iterations: 0 Start time: 2016-02-16 18:39:41 (0 seconds elapsed) -Input file/dir: 'IN/' +Input file/dir: 'input_corpus' Fuzzed cmd: '/usr/bin/xmllint -format ___FILE___' Fuzzing threads: 2 Execs per second: 0 (avg: 0) diff --git a/docs/USAGE.md b/docs/USAGE.md index b85999e0..d11b261a 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -53,38 +53,48 @@ Usage: ./honggfuzz [options] -- path_to_command [args] Options: --help|-h Help plz.. - --input|-f VALUE + --input|-i VALUE Path to a directory containing initial file corpus + --output VALUE + Output data (new dynamic coverage corpus, or the minimized coverage corpus) is written to this directory (default: input directory is used) --persistent|-P - Enable persistent fuzzing (use hfuzz_cc/hfuzz-clang to compile code) + Enable persistent fuzzing (use hfuzz_cc/hfuzz-clang to compile code). This will be auto-detected!!! --instrument|-z *DEFAULT-MODE-BY-DEFAULT* Enable compile-time instrumentation (use hfuzz_cc/hfuzz-clang to compile code) + --minimize|-M + Minimize the input corpus. It will most likely delete some corpus files (from the --input directory) if no --output is used! --noinst|-x - Static mode (dry-mode), disable any instrumentation (hw/sw) + Static mode only, disable any instrumentation (hw/sw) feedback --keep_output|-Q Don't close children's stdin, stdout, stderr; can be noisy --timeout|-t VALUE - Timeout in seconds (default: '10') + Timeout in seconds (default: 10) --threads|-n VALUE Number of concurrent fuzzing threads (default: number of CPUs / 2) --stdin_input|-s Provide fuzzing input on STDIN, instead of ___FILE___ --mutations_per_run|-r VALUE - Maximal number of mutations per one run (default: '6') + Maximal number of mutations per one run (default: 6) --logfile|-l VALUE Log file --verbose|-v Disable ANSI console; use simple log output --verifier|-V Enable crashes verifier - --debug|-d + --debug|-d Show debug messages (level >= 4) + --quiet|-q + Show only warnings and more serious messages (level <= 1) --extension|-e VALUE Input file extension (e.g. 'swf'), (default: 'fuzz') --workspace|-W VALUE Workspace directory to save crashes & runtime files (default: '.') - --covdir VALUE - New coverage is written to a separate directory (default: use the input directory) + --crashdir VALUE + Directory where crashes are saved to (default: workspace directory) + --covdir_all VALUE + ** DEPRECATED ** use --output + --covdir_new VALUE + New coverage (beyond the dry-run fuzzing phase) is written to this separate directory --dict|-w VALUE Dictionary file. Format:http://llvm.org/docs/LibFuzzer.html#dictionaries --stackhash_bl|-B VALUE @@ -93,20 +103,24 @@ Options: External command producing fuzz files (instead of internal mutators) --pprocess_cmd VALUE External command postprocessing files produced by internal mutators + --ffmutate_cmd VALUE + External command mutating files which have effective coverage feedback --run_time VALUE - Number of seconds this fuzzing session will last (default: '0' [no limit]) + Number of seconds this fuzzing session will last (default: 0 [no limit]) --iterations|-N VALUE - Number of fuzzing iterations (default: '0' [no limit]) + Number of fuzzing iterations (default: 0 [no limit]) --rlimit_as VALUE - Per process RLIMIT_AS in MiB (default: '0' [no limit]) + Per process RLIMIT_AS in MiB (default: 0 [no limit]) --rlimit_rss VALUE - Per process RLIMIT_RSS in MiB (default: '0' [no limit]) + Per process RLIMIT_RSS in MiB (default: 0 [no limit]). It will also set *SAN's soft_rss_limit_mb if used --rlimit_data VALUE - Per process RLIMIT_DATA in MiB (default: '0' [no limit]) + Per process RLIMIT_DATA in MiB (default: 0 [no limit]) + --rlimit_core VALUE + Per process RLIMIT_CORE in MiB (default: 0 [no cores are produced]) --report|-R VALUE - Write report to this file (default: 'HONGGFUZZ.REPORT.TXT') + Write report to this file (default: '/HONGGFUZZ.REPORT.TXT') --max_file_size|-F VALUE - Maximal size of files processed by the fuzzer in bytes (default: '1048576') + Maximal size of files processed by the fuzzer in bytes (default: 134217728 = 128MB) --clear_env Clear all environment variables before executing the binary --env|-E VALUE @@ -118,21 +132,23 @@ Options: --sanitizers|-S Enable sanitizers settings (default: false) --monitor_sigabrt VALUE - Monitor SIGABRT (default: 'false for Android - 'true for other platforms) + Monitor SIGABRT (default: false for Android, true for other platforms) --no_fb_timeout VALUE - Skip feedback if the process has timeouted (default: 'false') + Skip feedback if the process has timeouted (default: false) --exit_upon_crash - Exit upon seeing the first crash (default: 'false') + Exit upon seeing the first crash (default: false) + --socket_fuzzer + Instrument external fuzzer via socket + --netdriver + Use netdriver (libhfnetdriver/). In most cases it will be autodetected through a binary signature + --only_printable + Only generate printable inputs --linux_symbols_bl VALUE Symbols blacklist filter file (one entry per line) --linux_symbols_wl VALUE Symbols whitelist filter file (one entry per line) - --linux_pid|-p VALUE - Attach to a pid (and its thread group) - --linux_file_pid VALUE - Attach to pid (and its thread group) read from file --linux_addr_low_limit VALUE - Address limit (from si.si_addr) below which crashes are not reported, (default: '0') + Address limit (from si.si_addr) below which crashes are not reported, (default: 0) --linux_keep_aslr Don't disable ASLR randomization, might be useful with MSAN --linux_perf_ignore_above VALUE @@ -153,28 +169,18 @@ Options: Use Linux PID namespace isolation --linux_ns_ipc Use Linux IPC namespace isolation - --netbsd_symbols_bl VALUE - Symbols blacklist filter file (one entry per line) - --netbsd_symbols_wl VALUE - Symbols whitelist filter file (one entry per line) - --netbsd_pid|-p VALUE - Attach to a pid (and its thread group) - --netbsd_file_pid VALUE - Attach to pid (and its thread group) read from file - --netbsd_addr_low_limit VALUE - Address limit (from si.si_addr) below which crashes are not reported, (default: '0') Examples: - Run the binary over a mutated file chosen from the directory. Disable fuzzing feedback (dry/static mode) - honggfuzz -f input_dir -x -- /usr/bin/djpeg ___FILE___ + Run the binary over a mutated file chosen from the directory. Disable fuzzing feedback (static mode): + honggfuzz -i input_dir -x -- /usr/bin/djpeg ___FILE___ As above, provide input over STDIN: - honggfuzz -f input_dir -x -s -- /usr/bin/djpeg - Use compile-time instrumentation (libhfuzz/instrument.c): - honggfuzz -f input_dir -- /usr/bin/djpeg ___FILE___ - Use persistent mode (libhfuzz/persistent.c) w/o instrumentation: - honggfuzz -f input_dir -P -x -- /usr/bin/djpeg_persistent_mode - Use persistent mode (libhfuzz/persistent.c) and compile-time instrumentation: - honggfuzz -f input_dir -P -- /usr/bin/djpeg_persistent_mode + honggfuzz -i input_dir -x -s -- /usr/bin/djpeg + Use compile-time instrumentation (-fsanitize-coverage=trace-pc-guard,...): + honggfuzz -i input_dir -- /usr/bin/djpeg ___FILE___ + Use persistent mode w/o instrumentation: + honggfuzz -i input_dir -P -x -- /usr/bin/djpeg_persistent_mode + Use persistent mode and compile-time (-fsanitize-coverage=trace-pc-guard,...) instrumentation: + honggfuzz -i input_dir -P -- /usr/bin/djpeg_persistent_mode Run the binary with dynamically generate inputs, maximize total no. of instructions: honggfuzz --linux_perf_instr -- /usr/bin/djpeg ___FILE___ As above, maximize total no. of branches: diff --git a/examples/apache-httpd/README.md b/examples/apache-httpd/README.md index 2710736e..f6d5b3dc 100644 --- a/examples/apache-httpd/README.md +++ b/examples/apache-httpd/README.md @@ -29,9 +29,7 @@ $ ./compile_and_install.asan.sh 5. Copy custom configuration files (```httpd.conf.h1``` and ```httpd.conf.h2```) to ```/home/$USER/fuzz/apache/apache2/conf/``` (i.e. to your apache dist directory) - ``` -$ cp httpd.conf.h1 httpd.conf.h2 /home/$USER/fuzz/apache/apache2/conf/ - ``` + ```$ cp httpd.conf.h1 httpd.conf.h2 /home/$USER/fuzz/apache/apache2/conf/``` 6. Edit ```httpd.conf.h1``` and ```httpd.conf.h2```, so they contain valid configuration paths @@ -39,12 +37,8 @@ $ cp httpd.conf.h1 httpd.conf.h2 /home/$USER/fuzz/apache/apache2/conf/ * HTTP/1 - ``` -$ honggfuzz/honggfuzz -f corpus_http1 -w ./httpd.wordlist -- ./apache2/bin/httpd -DFOREGROUND -f /home/$USER/fuzz/apache/apache2/conf/httpd.conf.h1 - ``` + ```$ honggfuzz/honggfuzz -i corpus_http1 -w ./httpd.wordlist -- ./apache2/bin/httpd -DFOREGROUND -f /home/$USER/fuzz/apache/apache2/conf/httpd.conf.h1``` * HTTP/2 -``` -$ honggfuzz/honggfuzz -f corpus_http2 -w ./httpd.wordlist -- ./apache2/bin/httpd -DFOREGROUND -f /home/$USER/fuzz/apache/apache2/conf/httpd.conf.h2 -``` +```$ honggfuzz/honggfuzz -i corpus_http2 -w ./httpd.wordlist -- ./apache2/bin/httpd -DFOREGROUND -f /home/$USER/fuzz/apache/apache2/conf/httpd.conf.h2``` diff --git a/examples/badcode/run-honggfuzz-on-badcode1-with-externalfuzzer.sh b/examples/badcode/run-honggfuzz-on-badcode1-with-externalfuzzer.sh index 7885acf9..5f47cdcd 100644 --- a/examples/badcode/run-honggfuzz-on-badcode1-with-externalfuzzer.sh +++ b/examples/badcode/run-honggfuzz-on-badcode1-with-externalfuzzer.sh @@ -1,2 +1,2 @@ #!/bin/sh -../../honggfuzz -n1 -u -f inputfiles -c ../externalfuzzers/lowBytesIncrease.py -- targets/badcode1 ___FILE___ +../../honggfuzz -n1 -u -i inputfiles -c ../externalfuzzers/lowBytesIncrease.py -- targets/badcode1 ___FILE___ diff --git a/examples/badcode/run-honggfuzz-on-badcode1.sh b/examples/badcode/run-honggfuzz-on-badcode1.sh index 7b3b778b..edb1bf3e 100644 --- a/examples/badcode/run-honggfuzz-on-badcode1.sh +++ b/examples/badcode/run-honggfuzz-on-badcode1.sh @@ -1,2 +1,2 @@ #!/bin/sh -../../honggfuzz -n1 -u -f inputfiles -- targets/badcode1 ___FILE___ +../../honggfuzz -n1 -u -i inputfiles -- targets/badcode1 ___FILE___ diff --git a/examples/bind/README.md b/examples/bind/README.md index f765f6fd..129645ae 100644 --- a/examples/bind/README.md +++ b/examples/bind/README.md @@ -36,5 +36,5 @@ $ cp honggfuzz/examples/bind/test.zone /home/jagger/fuzz/bind/dist/etc/ 6. **Go** ``` -$ honggfuzz/honggfuzz -f IN.req-response/ -z -P -- ./dist/sbin/named -c /home/jagger/fuzz/bind/dist/etc/named.conf -g +$ honggfuzz/honggfuzz -i input_corpus -z -P -- ./dist/sbin/named -c /home/jagger/fuzz/bind/dist/etc/named.conf -g ``` diff --git a/examples/glibc/README.md b/examples/glibc/README.md index 99b3985c..21ceef50 100644 --- a/examples/glibc/README.md +++ b/examples/glibc/README.md @@ -29,5 +29,5 @@ $ ~/src/honggfuzz/hfuzz-cc/hfuzz-gcc -Wl,-z,muldefs -nodefaultlibs -I ~/src/hong **Fuzz it** ```shell -$ ~/src/honggfuzz/honggfuzz -f IN/ -P -- ./resolver +$ ~/src/honggfuzz/honggfuzz -i IN/ -P -- ./resolver ``` diff --git a/examples/openssl/README.md b/examples/openssl/README.md index 0dfd9ae3..0a5906a0 100644 --- a/examples/openssl/README.md +++ b/examples/openssl/README.md @@ -46,8 +46,8 @@ $ /home/jagger/src/honggfuzz/examples/openssl/make.sh openssl-master address **Fuzzing** ```shell -$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_server/ -P -- ./openssl-master.address.server -$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_client/ -P -- ./openssl-master.address.client -$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_x509/ -P -- ./openssl-master.address.x509 -$ /home/jagger/src/honggfuzz/honggfuzz -f corpus_privkey/ -P -- ./openssl-master.address.privkey +$ /home/jagger/src/honggfuzz/honggfuzz -i corpus_server/ -P -- ./openssl-master.address.server +$ /home/jagger/src/honggfuzz/honggfuzz -i corpus_client/ -P -- ./openssl-master.address.client +$ /home/jagger/src/honggfuzz/honggfuzz -i corpus_x509/ -P -- ./openssl-master.address.x509 +$ /home/jagger/src/honggfuzz/honggfuzz -i corpus_privkey/ -P -- ./openssl-master.address.privkey ``` diff --git a/examples/terminal-emulators/README.md b/examples/terminal-emulators/README.md index 9e47d9e3..f46c973a 100644 --- a/examples/terminal-emulators/README.md +++ b/examples/terminal-emulators/README.md @@ -54,7 +54,7 @@ $ echo A >IN/1 ## Step 4: Launch it! ## ``` -$ /home/jagger/src/honggfuzz/honggfuzz -z -P -f IN/ -E LD_PRELOAD=/home/jagger/src/honggfuzz/examples/terminal-emulators/libclose.so -- xterm-327/xterm -e /home/jagger/src/honggfuzz/examples/terminal-emulators/terminal-test +$ /home/jagger/src/honggfuzz/honggfuzz -z -P -i IN/ -E LD_PRELOAD=/home/jagger/src/honggfuzz/examples/terminal-emulators/libclose.so -- xterm-327/xterm -e /home/jagger/src/honggfuzz/examples/terminal-emulators/terminal-test ``` Typical output: -- cgit v1.2.3 From e153f960717efb4ea9f5a179c6e16b7972b72101 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 15:18:22 +0200 Subject: log2(0) is undefined --- fuzz.c | 3 ++- input.c | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/fuzz.c b/fuzz.c index 4e232c2a..78042f75 100644 --- a/fuzz.c +++ b/fuzz.c @@ -153,7 +153,8 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { uint64_t cov[4] = { [0] = softCntEdge + softCntPc, - [1] = 64U - (uint64_t)log2l(run->dynamicFileSz), /* The smaller input size, the better */ + [1] = run->dynamicFileSz ? (64 - (uint64_t)log2l(run->dynamicFileSz)) + : 64, /* The smaller input size, the better */ [2] = cpuInstr + cpuBranch, [3] = softCntCmp, }; diff --git a/input.c b/input.c index 81072097..8ba36cb7 100644 --- a/input.c +++ b/input.c @@ -506,9 +506,10 @@ bool input_prepareDynamicFileForMinimization(run_t* run) { return false; } - LOG_I("Testing file '%s', coverage: %" PRIu64 "/%" PRIu64 "/%" PRIu64, + LOG_I("Testing file '%s', coverage: %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, run->global->io.dynfileqCurrent->path, run->global->io.dynfileqCurrent->cov[0], - run->global->io.dynfileqCurrent->cov[1], run->global->io.dynfileqCurrent->cov[2]); + run->global->io.dynfileqCurrent->cov[1], run->global->io.dynfileqCurrent->cov[2], + run->global->io.dynfileqCurrent->cov[3]); input_setSize(run, run->global->io.dynfileqCurrent->size); memcpy(run->dynamicFile, run->global->io.dynfileqCurrent->data, -- cgit v1.2.3 From dead4d1766cfc60f8e456060769b73b621884be2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 15:31:28 +0200 Subject: examples/jpeg: + readme --- examples/libjpeg/README.md | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 examples/libjpeg/README.md diff --git a/examples/libjpeg/README.md b/examples/libjpeg/README.md new file mode 100644 index 00000000..f27737ce --- /dev/null +++ b/examples/libjpeg/README.md @@ -0,0 +1,43 @@ +# Fuzzing OpenSSL # + +**Requirements** + + * honggfuzz + * clang-5.0, or newer + * libjpeg9, or libjpeg-turbo + +**Preparation (for OpenSSL 1.1.0/master)** + +1. Compile honggfuzz +2. Unpack/Clone libjpeg(-turbo) + +3. Configure+Compile libjpeg(-turbo) + +```shell +CC=/hfuzz_cc/hfuzz-clang CXX=/hfuzz_cc/hfuzz-clang++ CFLAGS="-fsanitize=address" ./configure +make -j$(nproc) +``` + +4. Compile fuzzing targets + +```shell +$ /hfuzz_cc/hfuzz-clang -I ./jpeg-9c/ /examples/libjpeg/persistent-jpeg.c -o persistent.jpeg9.address jpeg-9c/.libs/libjpeg.a -fsanitize=address +``` + +or + +```shell +$ /hfuzz_cc/hfuzz-clang -I ./libjpeg-turbo-2.0.3/ -I ./libjpeg-turbo-2.0.3/out/ /examples/libjpeg/persistent-jpeg.c -o persistent.jpeg-turbo.address libjpeg-turbo-2.0.3/out/libjpeg.a -fsanitize=address +``` + +**Fuzzing** + +```shell +$ honggfuzz -i initial_corpus --rlimit_rss 2048 -- ./persistent.jpeg9.address +``` + +or + +``` +$ honggfuzz -i initial_corpus --rlimit_rss 2048 -- ./persistent.jpeg-turbo.address +``` -- cgit v1.2.3 From db82311fd512af0bf42354e0d0f43d8cce06ff5b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 15:32:38 +0200 Subject: examples/jpeg: + readme - remove ssl references --- examples/libjpeg/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/libjpeg/README.md b/examples/libjpeg/README.md index f27737ce..29246129 100644 --- a/examples/libjpeg/README.md +++ b/examples/libjpeg/README.md @@ -1,4 +1,4 @@ -# Fuzzing OpenSSL # +# Fuzzing libjpeg(-turbo) # **Requirements** @@ -6,7 +6,7 @@ * clang-5.0, or newer * libjpeg9, or libjpeg-turbo -**Preparation (for OpenSSL 1.1.0/master)** +**Preparation** 1. Compile honggfuzz 2. Unpack/Clone libjpeg(-turbo) -- cgit v1.2.3 From faa8208de6a496ed379ea33033b80f82fc308e7b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 18:45:34 +0200 Subject: input: remove duplicating input_feedbackMutateFile() --- fuzz.c | 10 ++++++---- input.c | 40 ++++------------------------------------ input.h | 3 +-- 3 files changed, 11 insertions(+), 42 deletions(-) diff --git a/fuzz.c b/fuzz.c index 78042f75..36b359c8 100644 --- a/fuzz.c +++ b/fuzz.c @@ -372,13 +372,15 @@ static bool fuzz_fetchInput(run_t* run) { } } - if (run->global->exe.postExternalCommand && !input_postProcessFile(run)) { - LOG_E("input_postProcessFile() failed"); + if (run->global->exe.postExternalCommand && + !input_postProcessFile(run, run->global->exe.postExternalCommand)) { + LOG_E("input_postProcessFile('%s') failed", run->global->exe.postExternalCommand); return false; } - if (run->global->exe.feedbackMutateCommand && !input_feedbackMutateFile(run)) { - LOG_E("input_feedbackMutateFile() failed"); + if (run->global->exe.feedbackMutateCommand && + !input_postProcessFile(run, run->global->exe.feedbackMutateCommand)) { + LOG_E("input_postProcessFile('%s') failed", run->global->exe.feedbackMutateCommand); return false; } diff --git a/input.c b/input.c index 8ba36cb7..5c6b7911 100644 --- a/input.c +++ b/input.c @@ -458,7 +458,7 @@ bool input_prepareExternalFile(run_t* run) { return true; } -bool input_postProcessFile(run_t* run) { +bool input_postProcessFile(run_t* run, const char* cmd) { int fd = files_writeBufToTmpFile(run->global->io.workDir, run->dynamicFile, run->dynamicFileSz, 0); if (fd == -1) { @@ -472,12 +472,12 @@ bool input_postProcessFile(run_t* run) { char fname[PATH_MAX]; snprintf(fname, sizeof(fname), "/dev/fd/%d", fd); - const char* const argv[] = {run->global->exe.postExternalCommand, fname, NULL}; + const char* const argv[] = {cmd, fname, NULL}; if (subproc_System(run, argv) != 0) { - LOG_E("Subprocess '%s' returned abnormally", run->global->exe.postExternalCommand); + LOG_E("Subprocess '%s' returned abnormally", cmd); return false; } - LOG_D("Subporcess '%s' finished with success", run->global->exe.externalCommand); + LOG_D("Subporcess '%s' finished with success", cmd); input_setSize(run, run->global->mutate.maxFileSz); ssize_t sz = files_readFromFdSeek(fd, run->dynamicFile, run->global->mutate.maxFileSz, 0); @@ -520,38 +520,6 @@ bool input_prepareDynamicFileForMinimization(run_t* run) { return true; } -bool input_feedbackMutateFile(run_t* run) { - int fd = - files_writeBufToTmpFile(run->global->io.workDir, run->dynamicFile, run->dynamicFileSz, 0); - if (fd == -1) { - LOG_E("Couldn't write input file to a temporary buffer"); - return false; - } - defer { - close(fd); - }; - - char fname[PATH_MAX]; - snprintf(fname, sizeof(fname), "/dev/fd/%d", fd); - - const char* const argv[] = {run->global->exe.feedbackMutateCommand, fname, NULL}; - if (subproc_System(run, argv) != 0) { - LOG_E("Subprocess '%s' returned abnormally", run->global->exe.feedbackMutateCommand); - return false; - } - LOG_D("Subporcess '%s' finished with success", run->global->exe.externalCommand); - - input_setSize(run, run->global->mutate.maxFileSz); - ssize_t sz = files_readFromFdSeek(fd, run->dynamicFile, run->global->mutate.maxFileSz, 0); - if (sz == -1) { - LOG_E("Couldn't read file from fd=%d", fd); - return false; - } - - input_setSize(run, (size_t)sz); - return true; -} - #define TAILQ_FOREACH_HF(var, head, field) \ for ((var) = TAILQ_FIRST((head)); (var); (var) = TAILQ_NEXT((var), field)) diff --git a/input.h b/input.h index 5eb8d64d..82cf5406 100644 --- a/input.h +++ b/input.h @@ -38,9 +38,8 @@ extern bool input_prepareDynamicInput(run_t* run, bool needs_mangle); extern bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle); extern void input_removeStaticFile(const char* path); extern bool input_prepareExternalFile(run_t* run); -extern bool input_postProcessFile(run_t* run); +extern bool input_postProcessFile(run_t* run, const char* cmd); extern bool input_prepareDynamicFileForMinimization(run_t* run); -extern bool input_feedbackMutateFile(run_t* run); extern void input_sortDynamicInput(honggfuzz_t* hfuzz); #endif /* ifndef _HF_INPUT_H_ */ -- cgit v1.2.3 From ba6b667a61fe52015298ca1d5ced9c5e9db3387b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 19:14:01 +0200 Subject: minimization: separating file name from input dir --- fuzz.c | 5 +++-- input.c | 48 +++++++++++++++++++++++++++--------------------- input.h | 6 ++++-- 3 files changed, 34 insertions(+), 25 deletions(-) diff --git a/fuzz.c b/fuzz.c index 36b359c8..1684eb55 100644 --- a/fuzz.c +++ b/fuzz.c @@ -246,8 +246,9 @@ static void fuzz_perfFeedback(run_t* run) { } } else if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { if (run->global->io.outputDir == NULL) { - LOG_I("Removing uninteresting file '%s' from the input corpus", run->origFileName); - input_removeStaticFile(run->origFileName); + LOG_I("Removing uninteresting file '%s' from '%s'", run->origFileName, + run->global->io.inputDir); + input_removeStaticFile(run->global->io.inputDir, run->origFileName); } } } diff --git a/input.c b/input.c index 5c6b7911..92f4be54 100644 --- a/input.c +++ b/input.c @@ -80,22 +80,23 @@ static bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) { break; } - char fname[PATH_MAX]; - snprintf(fname, sizeof(fname), "%s/%s", hfuzz->io.inputDir, entry->d_name); - LOG_D("Analyzing file '%s'", fname); + char path[PATH_MAX]; + snprintf(path, sizeof(path), "%s/%s", hfuzz->io.inputDir, entry->d_name); + + LOG_D("Analyzing file '%s'", path); struct stat st; - if (stat(fname, &st) == -1) { - LOG_W("Couldn't stat() the '%s' file", fname); + if (stat(path, &st) == -1) { + LOG_W("Couldn't stat() the '%s' file", path); continue; } if (!S_ISREG(st.st_mode)) { - LOG_D("'%s' is not a regular file, skipping", fname); + LOG_D("'%s' is not a regular file, skipping", path); continue; } if (hfuzz->mutate.maxFileSz != 0UL && st.st_size > (off_t)hfuzz->mutate.maxFileSz) { LOG_D("File '%s' is bigger than maximal defined file size (-F): %" PRId64 " > %" PRId64, - fname, (int64_t)st.st_size, (int64_t)hfuzz->mutate.maxFileSz); + path, (int64_t)st.st_size, (int64_t)hfuzz->mutate.maxFileSz); } if ((size_t)st.st_size > maxSize) { maxSize = st.st_size; @@ -126,7 +127,7 @@ static bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) { return true; } -bool input_getNext(run_t* run, char* fname, bool rewind) { +bool input_getNext(run_t* run, char fname[PATH_MAX], bool rewind) { static pthread_mutex_t input_mutex = PTHREAD_MUTEX_INITIALIZER; MX_SCOPED_LOCK(&input_mutex); @@ -155,17 +156,19 @@ bool input_getNext(run_t* run, char* fname, bool rewind) { } continue; } - - snprintf(fname, PATH_MAX, "%s/%s", run->global->io.inputDir, entry->d_name); + char path[PATH_MAX]; + snprintf(path, PATH_MAX, "%s/%s", run->global->io.inputDir, entry->d_name); struct stat st; - if (stat(fname, &st) == -1) { - LOG_W("Couldn't stat() the '%s' file", fname); + if (stat(path, &st) == -1) { + LOG_W("Couldn't stat() the '%s' file", path); continue; } if (!S_ISREG(st.st_mode)) { - LOG_D("'%s' is not a regular file, skipping", fname); + LOG_D("'%s' is not a regular file, skipping", path); continue; } + + snprintf(fname, PATH_MAX, "%s", entry->d_name); return true; } } @@ -398,16 +401,17 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { } bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { - char fname[PATH_MAX]; - if (!input_getNext(run, fname, /* rewind= */ rewind)) { + if (!input_getNext(run, run->origFileName, /* rewind= */ rewind)) { return false; } - snprintf(run->origFileName, sizeof(run->origFileName), "%s", fname); - input_setSize(run, run->global->mutate.maxFileSz); - ssize_t fileSz = files_readFileToBufMax(fname, run->dynamicFile, run->global->mutate.maxFileSz); + + char path[PATH_MAX]; + snprintf(path, sizeof(path), "%s/%s", run->global->io.inputDir, run->origFileName); + + ssize_t fileSz = files_readFileToBufMax(path, run->dynamicFile, run->global->mutate.maxFileSz); if (fileSz < 0) { - LOG_E("Couldn't read contents of '%s'", fname); + LOG_E("Couldn't read contents of '%s'", path); return false; } @@ -419,7 +423,9 @@ bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { return true; } -void input_removeStaticFile(const char* path) { +void input_removeStaticFile(const char* dir, const char* name) { + char path[PATH_MAX]; + snprintf(path, sizeof(path), "%s/%s", dir, name); if (unlink(path) == -1) { PLOG_E("unlink('%s') failed", path); } @@ -506,7 +512,7 @@ bool input_prepareDynamicFileForMinimization(run_t* run) { return false; } - LOG_I("Testing file '%s', coverage: %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, + LOG_I("Testing '%s', coverage: %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, run->global->io.dynfileqCurrent->path, run->global->io.dynfileqCurrent->cov[0], run->global->io.dynfileqCurrent->cov[1], run->global->io.dynfileqCurrent->cov[2], run->global->io.dynfileqCurrent->cov[3]); diff --git a/input.h b/input.h index 82cf5406..02a64108 100644 --- a/input.h +++ b/input.h @@ -24,10 +24,12 @@ #ifndef _HF_INPUT_H_ #define _HF_INPUT_H_ +#include + #include "honggfuzz.h" extern void input_setSize(run_t* run, size_t sz); -extern bool input_getNext(run_t* run, char* fname, bool rewind); +extern bool input_getNext(run_t* run, char fname[PATH_MAX], bool rewind); extern bool input_init(honggfuzz_t* hfuzz); extern bool input_parseDictionary(honggfuzz_t* hfuzz); extern bool input_parseBlacklist(honggfuzz_t* hfuzz); @@ -36,7 +38,7 @@ extern void input_addDynamicInput( honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov[4], const char* path); extern bool input_prepareDynamicInput(run_t* run, bool needs_mangle); extern bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle); -extern void input_removeStaticFile(const char* path); +extern void input_removeStaticFile(const char* dir, const char* name); extern bool input_prepareExternalFile(run_t* run); extern bool input_postProcessFile(run_t* run, const char* cmd); extern bool input_prepareDynamicFileForMinimization(run_t* run); -- cgit v1.2.3 From 051ffb82986b0458a4b8861a3235fdb7ae794fb7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 19:49:02 +0200 Subject: fuzz: provide corectly-sized array to a function --- fuzz.c | 2 +- input.c | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/fuzz.c b/fuzz.c index 1684eb55..f614f737 100644 --- a/fuzz.c +++ b/fuzz.c @@ -237,7 +237,7 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); input_addDynamicInput(run->global, run->dynamicFile, run->dynamicFileSz, - (uint64_t[3]){0, 0, 0}, "[DYNAMIC]"); + (uint64_t[4]){0, 0, 0, 0}, "[DYNAMIC]"); } if (run->global->socketFuzzer.enabled) { diff --git a/input.c b/input.c index 92f4be54..768ade14 100644 --- a/input.c +++ b/input.c @@ -338,8 +338,10 @@ void input_addDynamicInput( ATOMIC_SET(hfuzz->timing.lastCovUpdate, time(NULL)); struct dynfile_t* dynfile = (struct dynfile_t*)util_Malloc(sizeof(struct dynfile_t) + len); + for (size_t i = 0; i < ARRAYSIZE(dynfile->cov); i++) { + dynfile->cov[i] = cov[i]; + } dynfile->size = len; - memcpy(dynfile->cov, cov, sizeof(dynfile->cov)); memcpy(dynfile->data, data, len); snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); -- cgit v1.2.3 From d30975d47f0b73c680c233dbf259f62ff7bb2cc9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 21:15:38 +0200 Subject: input: making sorting more readable --- input.c | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/input.c b/input.c index 768ade14..b9db9fbc 100644 --- a/input.c +++ b/input.c @@ -542,26 +542,23 @@ void input_sortDynamicInput(honggfuzz_t* hfuzz) { if (itemnext == NULL) { continue; } - if (itemnext->cov[0] < item->cov[0]) { - continue; - } - if (itemnext->cov[0] == item->cov[0] && itemnext->cov[1] < item->cov[1]) { - continue; - } - if (itemnext->cov[0] == item->cov[0] && itemnext->cov[1] == item->cov[1] && - itemnext->cov[2] < item->cov[2]) { - continue; + + bool swap = false; + for (size_t j = 0; j < ARRAYSIZE(item->cov); j++) { + if (itemnext->cov[j] > item->cov[j]) { + swap = true; + break; + } + if (itemnext->cov[j] < item->cov[j]) { + break; + } } - if (itemnext->cov[0] == item->cov[0] && itemnext->cov[1] == item->cov[1] && - itemnext->cov[2] == item->cov[2] && itemnext->cov[3] < item->cov[3]) { - continue; + if (swap) { + TAILQ_REMOVE(&hfuzz->io.dynfileq, itemnext, pointers); + TAILQ_INSERT_BEFORE(item, itemnext, pointers); + /* We've swapped items, so rewind item to the itemnext */ + item = itemnext; } - - TAILQ_REMOVE(&hfuzz->io.dynfileq, itemnext, pointers); - TAILQ_INSERT_BEFORE(item, itemnext, pointers); - - /* We've swapped items, so rewind item to the itemnext */ - item = itemnext; } } } -- cgit v1.2.3 From 8df334f2ea1811c689755a80356635de980b6f20 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 22:46:37 +0200 Subject: makefile: -lm for netbsd --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 5787abc2..9c0c7933 100644 --- a/Makefile +++ b/Makefile @@ -132,7 +132,7 @@ else ifeq ($(OS),NetBSD) -Wextra -Wno-override-init \ -funroll-loops -D_KERNTYPES ARCH_LDFLAGS := -L/usr/local/lib -L/usr/pkg/lib \ - -pthread -lcapstone -lrt \ + -pthread -lcapstone -lrt -lm \ -Wl,--rpath=/usr/pkg/lib # OS NetBSD -- cgit v1.2.3 From c56b87e53f0a44e2cbe9e1e51fb05b3f40b113f0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 22:47:37 +0200 Subject: input: use log2 insdtead of log2l --- fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fuzz.c b/fuzz.c index f614f737..8910b88b 100644 --- a/fuzz.c +++ b/fuzz.c @@ -153,7 +153,7 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { uint64_t cov[4] = { [0] = softCntEdge + softCntPc, - [1] = run->dynamicFileSz ? (64 - (uint64_t)log2l(run->dynamicFileSz)) + [1] = run->dynamicFileSz ? (64 - (uint64_t)log2(run->dynamicFileSz)) : 64, /* The smaller input size, the better */ [2] = cpuInstr + cpuBranch, [3] = softCntCmp, -- cgit v1.2.3 From 7320b035b003ec465c37a17202868daa0e867b07 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 7 Oct 2019 22:50:56 +0200 Subject: makefile: -lm for all --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 9c0c7933..6436ac5f 100644 --- a/Makefile +++ b/Makefile @@ -46,7 +46,7 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes -funroll-loops \ -D_FILE_OFFSET_BITS=64 ARCH_LDFLAGS := -L/usr/local/include \ - -pthread -lunwind-ptrace -lunwind-generic -lbfd -lopcodes -lrt -ldl + -pthread -lunwind-ptrace -lunwind-generic -lbfd -lopcodes -lrt -ldl -lm ARCH_SRCS := $(sort $(wildcard linux/*.c)) LIBS_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 @@ -145,9 +145,9 @@ else -Wno-unknown-warning-option -Wno-unknown-pragmas \ -funroll-loops ifeq ($(OS),OpenBSD) - ARCH_LDFLAGS := -L/usr/local/lib -pthread + ARCH_LDFLAGS := -L/usr/local/lib -pthread -lm else - ARCH_LDFLAGS := -L/usr/local/lib -pthread -lrt + ARCH_LDFLAGS := -L/usr/local/lib -pthread -lrt -lm # OS OpenBSD endif # OS Posix -- cgit v1.2.3 From 9184e0f38359b9a85dc2c0d7e88fb263ea415c47 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 8 Oct 2019 01:19:39 +0200 Subject: input: better coverage comparisons --- input.c | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/input.c b/input.c index b9db9fbc..6b167742 100644 --- a/input.c +++ b/input.c @@ -247,8 +247,7 @@ bool input_parseDictionary(honggfuzz_t* hfuzz) { struct strings_t* str = (struct strings_t*)util_Malloc(sizeof(struct strings_t) + len + 1); memcpy(str->s, bufv, len); str->len = len; - str->s[len] = '\0'; - hfuzz->mutate.dictionaryCnt += 1; + hfuzz->mutate.dictionaryCnt++; TAILQ_INSERT_TAIL(&hfuzz->mutate.dictq, str, pointers); LOG_D("Dictionary: loaded word: '%s' (len=%zu)", str->s, str->len); @@ -528,6 +527,21 @@ bool input_prepareDynamicFileForMinimization(run_t* run) { return true; } +/* true if item1 is bigger than item2 */ +static bool input_cmpCov(struct dynfile_t* item1, struct dynfile_t* item2) { + for (size_t j = 0; j < ARRAYSIZE(item1->cov); j++) { + if (item1->cov[j] > item2->cov[j]) { + return true; + } + if (item1->cov[j] < item2->cov[j]) { + return false; + } + } + + /* Both are equal */ + return false; +} + #define TAILQ_FOREACH_HF(var, head, field) \ for ((var) = TAILQ_FIRST((head)); (var); (var) = TAILQ_NEXT((var), field)) @@ -543,17 +557,7 @@ void input_sortDynamicInput(honggfuzz_t* hfuzz) { continue; } - bool swap = false; - for (size_t j = 0; j < ARRAYSIZE(item->cov); j++) { - if (itemnext->cov[j] > item->cov[j]) { - swap = true; - break; - } - if (itemnext->cov[j] < item->cov[j]) { - break; - } - } - if (swap) { + if (input_cmpCov(itemnext, item)) { TAILQ_REMOVE(&hfuzz->io.dynfileq, itemnext, pointers); TAILQ_INSERT_BEFORE(item, itemnext, pointers); /* We've swapped items, so rewind item to the itemnext */ -- cgit v1.2.3 From fae5c0816108b23bab4c189051e172d25f8c50ed Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 8 Oct 2019 01:23:52 +0200 Subject: better messaging about minimization --- fuzz.c | 8 ++++---- input.c | 5 ----- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/fuzz.c b/fuzz.c index 8910b88b..dae1a9ca 100644 --- a/fuzz.c +++ b/fuzz.c @@ -219,12 +219,13 @@ static void fuzz_perfFeedback(run_t* run) { if (run->global->cfg.minimize) { if (run->global->io.outputDir) { - LOG_I("Saving interesting input '%s' to the '%s' directory", run->origFileName, - run->global->io.outputDir); + LOG_I("Keeping '%s' in '%s'", run->origFileName, run->global->io.outputDir); if (!input_writeCovFile( run->global->io.outputDir, run->dynamicFile, run->dynamicFileSz)) { LOG_E("Couldn't save the coverage data to '%s'", run->global->io.outputDir); } + } else { + LOG_I("Keeping '%s' in '%s'", run->origFileName, run->global->io.inputDir); } } else { LOG_I("Size:%zu (i,b,hw,ed,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 @@ -246,8 +247,7 @@ static void fuzz_perfFeedback(run_t* run) { } } else if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { if (run->global->io.outputDir == NULL) { - LOG_I("Removing uninteresting file '%s' from '%s'", run->origFileName, - run->global->io.inputDir); + LOG_I("Removing '%s' from '%s'", run->origFileName, run->global->io.inputDir); input_removeStaticFile(run->global->io.inputDir, run->origFileName); } } diff --git a/input.c b/input.c index 6b167742..c1af8f3f 100644 --- a/input.c +++ b/input.c @@ -513,11 +513,6 @@ bool input_prepareDynamicFileForMinimization(run_t* run) { return false; } - LOG_I("Testing '%s', coverage: %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, - run->global->io.dynfileqCurrent->path, run->global->io.dynfileqCurrent->cov[0], - run->global->io.dynfileqCurrent->cov[1], run->global->io.dynfileqCurrent->cov[2], - run->global->io.dynfileqCurrent->cov[3]); - input_setSize(run, run->global->io.dynfileqCurrent->size); memcpy(run->dynamicFile, run->global->io.dynfileqCurrent->data, run->global->io.dynfileqCurrent->size); -- cgit v1.2.3 From c57069c16b67b72cfdcf23118cab8f61032c434d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 8 Oct 2019 01:30:37 +0200 Subject: better messaging about minimization #2 --- fuzz.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/fuzz.c b/fuzz.c index dae1a9ca..193a7089 100644 --- a/fuzz.c +++ b/fuzz.c @@ -218,14 +218,11 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.softCntCmp += softCntCmp; if (run->global->cfg.minimize) { - if (run->global->io.outputDir) { - LOG_I("Keeping '%s' in '%s'", run->origFileName, run->global->io.outputDir); - if (!input_writeCovFile( - run->global->io.outputDir, run->dynamicFile, run->dynamicFileSz)) { - LOG_E("Couldn't save the coverage data to '%s'", run->global->io.outputDir); - } - } else { - LOG_I("Keeping '%s' in '%s'", run->origFileName, run->global->io.inputDir); + LOG_I("Keeping '%s' in '%s'", run->origFileName, + run->global->io.outputDir ? run->global->io.outputDir : run->global->io.inputDir); + if (run->global->io.outputDir && !input_writeCovFile(run->global->io.outputDir, + run->dynamicFile, run->dynamicFileSz)) { + LOG_E("Couldn't save the coverage data to '%s'", run->global->io.outputDir); } } else { LOG_I("Size:%zu (i,b,hw,ed,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 -- cgit v1.2.3 From 737d22da11c30c86858cf63684800b5a2bb3ae2a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 8 Oct 2019 02:04:00 +0200 Subject: make indent --- input.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/input.c b/input.c index c1af8f3f..4e54cf1a 100644 --- a/input.c +++ b/input.c @@ -532,7 +532,6 @@ static bool input_cmpCov(struct dynfile_t* item1, struct dynfile_t* item2) { return false; } } - /* Both are equal */ return false; } @@ -543,7 +542,6 @@ static bool input_cmpCov(struct dynfile_t* item1, struct dynfile_t* item2) { /* Yes, the bubblesort :) */ void input_sortDynamicInput(honggfuzz_t* hfuzz) { LOG_I("Sorting %zu dynamic entries by coverage", hfuzz->io.dynfileqCnt); - for (size_t i = 0; i < hfuzz->io.dynfileqCnt; i++) { struct dynfile_t* item = NULL; TAILQ_FOREACH_HF(item, &hfuzz->io.dynfileq, pointers) { -- cgit v1.2.3 From a2d08053f8c6dc6c46ef1b4a77a1851babcd1660 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 8 Oct 2019 02:22:14 +0200 Subject: libhfcommon/files: better log msg --- libhfcommon/files.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 3c627c12..86681e74 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -69,7 +69,7 @@ ssize_t files_readFileToBufMax(const char* fileName, uint8_t* buf, size_t fileMa bool files_writeBufToFile(const char* fileName, const uint8_t* buf, size_t fileSz, int flags) { int fd = TEMP_FAILURE_RETRY(open(fileName, flags, 0644)); if (fd == -1) { - PLOG_W("Couldn't open '%s' for R/W", fileName); + PLOG_W("Couldn't create/open '%s' for R/W", fileName); return false; } -- cgit v1.2.3 From 4bc386d9acad98c97d6d623f75fa2fda7552e82c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 8 Oct 2019 02:29:39 +0200 Subject: honggfuzz: test for input/output dirs existence --- honggfuzz.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/honggfuzz.c b/honggfuzz.c index 14444a31..daf599d5 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -313,6 +313,12 @@ int main(int argc, char** argv) { if (cmdlineParse(argc, myargs, &hfuzz) == false) { LOG_F("Parsing of the cmd-line arguments failed"); } + if (hfuzz.io.inputDir && access(hfuzz.io.inputDir, R_OK) == -1) { + PLOG_F("Input directory '%s' is not readable", hfuzz.io.inputDir); + } + if (hfuzz.io.outputDir && access(hfuzz.io.outputDir, W_OK) == -1) { + PLOG_F("Output directory '%s' is not writeable", hfuzz.io.outputDir); + } if (hfuzz.cfg.minimize) { LOG_I("Minimization mode enabled. Setting number of threads to 1"); hfuzz.threads.threadsMax = 1; -- cgit v1.2.3 From 05a268b9d567e280f14bd908213049c674d8a7f0 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 8 Oct 2019 20:23:35 +0200 Subject: Update USAGE.md --- docs/USAGE.md | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/docs/USAGE.md b/docs/USAGE.md index d11b261a..0cd0c074 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -48,6 +48,56 @@ It should work under the following operating systems: # USAGE # +## Non-persistent fuzzing w/o instrumentation (```-x```) ## + +### Input as a file (```___FILE___```) ### +```shell +honggfuzz -i input_dir -x -- /usr/bin/djpeg ___FILE___ +``` + +### Input on FD=0/STDIN (```-s````) #### +```shell +honggfuzz -i input_dir -x -s -- /usr/bin/djpeg +``` + +## Non-persistent fuzzing with instrumentation ## + +### Compile-time instrumentation (enabled by default) ### +```shell + honggfuzz -i input_dir -- /usr/bin/djpeg ___FILE___ +``` + +### Various hardware-based counters ### +```shell + honggfuzz --linux_perf_branch -- /usr/bin/djpeg ___FILE___ + honggfuzz --linux_perf_bts_edge -- /usr/bin/djpeg ___FILE___ + honggfuzz --linux_perf_ipt_block -- /usr/bin/djpeg ___FILE___ +``` + +## Persistent-mode (```-P``` - it will be auto-detected) ## + +```shell + honggfuzz -i input_dir -P -- jpeg_persistent_mode + honggfuzz --linux_perf_bts_edge -- jpeg_persistent_mode + honggfuzz --linux_perf_ipt_block -- jpeg_persistent_mode + honggfuzz --linux_perf_branch -- jpeg_persistent_mode + honggfuzz --linux_perf_instr -- jpeg_persistent_mode +``` + +but also + +```shell +honggfuzz -i input_dir --linux_perf_bts_edge --linux_perf_instr -P -- jpeg_persistent_mode +``` + +## Corpus Miminization (```-M```) ## + +```shell +honggfuzz -i input_dir -P -M -- jpeg_persistent_mode +``` + +## ```--help``` + ```shell Usage: ./honggfuzz [options] -- path_to_command [args] Options: -- cgit v1.2.3 From 898ba9cf3d09328fac133654f89c7a7229566074 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 8 Oct 2019 20:27:05 +0200 Subject: Update USAGE.md --- docs/USAGE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/USAGE.md b/docs/USAGE.md index 0cd0c074..cdda9f7c 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -90,7 +90,7 @@ but also honggfuzz -i input_dir --linux_perf_bts_edge --linux_perf_instr -P -- jpeg_persistent_mode ``` -## Corpus Miminization (```-M```) ## +## Corpus Minimization (```-M```) ## ```shell honggfuzz -i input_dir -P -M -- jpeg_persistent_mode -- cgit v1.2.3 From 7defc2d64bc37f7b2a07ccb4bfb265e15b94c0cc Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 8 Oct 2019 20:29:29 +0200 Subject: Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 0e08edac..09947dc6 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte * Works (at least) under GNU/Linux, FreeBSD, NetBSD, Mac OS X, Windows/CygWin and [Android](https://github.com/google/honggfuzz/blob/master/docs/Android.md) * Supports the __persistent fuzzing mode__ (long-lived process calling a fuzzed API repeatedly) with libhfuzz/libhfuzz.a. More on that can be found [here](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md) * It comes with the __[examples](https://github.com/google/honggfuzz/tree/master/examples) directory__, consisting of real world fuzz setups for widely-used software (e.g. Apache and OpenSSL) + * Provides the __[corpus minimization](https://github.com/google/honggfuzz/blob/master/docs/USAGE.md#corpus-minimization--m)__ functionality --- -- cgit v1.2.3 From a57e1c2cbe9893db59ce305044b6550068e5d83e Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 8 Oct 2019 20:31:02 +0200 Subject: Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 09947dc6..9b8d03ca 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte * Has a [solid track record](#trophies) of uncovered security bugs: the __only__ (to the date) __vulnerability in OpenSSL with the [critical](https://www.openssl.org/news/secadv/20160926.txt) score mark__ was discovered by honggfuzz. See the [Trophies](#trophies) paragraph for the summary of findings to the date * Uses low-level interfaces to monitor processes (e.g. _ptrace_ under Linux and NetBSD). As opposed to other fuzzers, it __will discover and report hijacked/ignored signals from crashes__ (intercepted and potentially hidden by a fuzzed program) * Easy-to-use, feed it a simple corpus directory (can even be empty) and it will work its way up expanding it utilizing feedback-based coverage metrics - * Supports several (more than any other coverage-based feedback-driven fuzzer) hardware-based (CPU: branch/instruction counting, __Intel BTS__, __Intel PT__) and software-based [feedback-driven fuzzing](https://github.com/google/honggfuzz/blob/master/docs/FeedbackDrivenFuzzing.md) methods known from other fuzzers (libfuzzer, afl) + * Supports several (more than any other coverage-based feedback-driven fuzzer) hardware-based (CPU: branch/instruction counting, __Intel BTS__, __Intel PT__) and software-based [feedback-driven fuzzing](https://github.com/google/honggfuzz/blob/master/docs/FeedbackDrivenFuzzing.md) methods known from other fuzzers (libfuzzer, afl). See also the new __[qemu mode](https://github.com/google/honggfuzz/tree/master/qemu_mode)__ blackbox instrumentation. * Works (at least) under GNU/Linux, FreeBSD, NetBSD, Mac OS X, Windows/CygWin and [Android](https://github.com/google/honggfuzz/blob/master/docs/Android.md) * Supports the __persistent fuzzing mode__ (long-lived process calling a fuzzed API repeatedly) with libhfuzz/libhfuzz.a. More on that can be found [here](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md) * It comes with the __[examples](https://github.com/google/honggfuzz/tree/master/examples) directory__, consisting of real world fuzz setups for widely-used software (e.g. Apache and OpenSSL) -- cgit v1.2.3 From b9c464b04be6e03680aebfaf4771c7625887bc62 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 8 Oct 2019 20:31:38 +0200 Subject: Update USAGE.md --- docs/USAGE.md | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/docs/USAGE.md b/docs/USAGE.md index cdda9f7c..bdf16c77 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -1,25 +1,3 @@ -# INTRODUCTION # - - This document describes the **honggfuzz** project. - -# OBJECTIVE # - -Honggfuzz is a security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. - -# FEATURES # - - * It's __multi-threaded__ and __multi-process__: no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores. The file corpus is shared between threads (and - fuzzed instances) - * It's blazingly fast (specifically in the [persistent fuzzing mode](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md)). A simple _LLVMFuzzerTestOneInput_ function can be tested with __up to 1 -mo iterations per second__ on a relatively modern CPU (e.g. i7-6600K) - * Has a nice track record of uncovered security bugs: e.g. the __only__ (to the date) __vulnerability in OpenSSL with the [critical](https://www.openssl.org/news/secadv/20160926.txt) score mark__ was discovered by honggfuzz - * Uses low-level interfaces to monitor processes (e.g. _ptrace_ under Linux and NetBSD). As opposed to other fuzzers, it __will discover and report hidden signals__ (caught and potentially hidden by signal handlers) - * Easy-to-use, feed it a simple input corpus (__can even consist of a single, 1-byte file__) and it will work its way up expanding it utilizing feedback-based coverage metrics - * Supports several (more than any other coverage-based feedback-driven fuzzer) hardware-based (CPU: branch/instruction counting, __Intel BTS__, __Intel PT__) and software-based [feedback-driven fuzzing](https://github.com/google/honggfuzz/blob/master/docs/FeedbackDrivenFuzzing.md) methods known from other fuzzers (libfuzzer, afl) - * Works (at least) under GNU/Linux, FreeBSD, NetBSD, Mac OS X, Windows/CygWin and [Android](https://github.com/google/honggfuzz/blob/master/docs/Android.md) - * Supports __persistent fuzzing mode__ (long-lived process calling a fuzzed API repeatedly) with libhfuzz/libhfuzz.a. More on that can be found [here](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md) - * It comes with the __[examples](https://github.com/google/honggfuzz/tree/master/examples) directory__, consisting of real world fuzz setups for widely-used software (e.g. Apache and OpenSSL) - # REQUIREMENTS # * A POSIX compliant operating system, [Android](https://github.com/google/honggfuzz/blob/master/docs/Android.md) or Windows (CygWin) -- cgit v1.2.3 From a805d8a572eed14c34765e3ba7e63d6185e8bdfc Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 8 Oct 2019 20:33:32 +0200 Subject: Update USAGE.md --- docs/USAGE.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/USAGE.md b/docs/USAGE.md index bdf16c77..a14bbc7f 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -70,10 +70,18 @@ honggfuzz -i input_dir --linux_perf_bts_edge --linux_perf_instr -P -- jpeg_persi ## Corpus Minimization (```-M```) ## +### Minimize files directly in the input (```--input```) directory (it will remove unneeded files) ### + ```shell honggfuzz -i input_dir -P -M -- jpeg_persistent_mode ``` +### Compile and copy minimized corpus to the output (```--output```) directory (the input directory will be left untouched) ### + +```shell +honggfuzz -i input_dir --output output_dir -P -M -- jpeg_persistent_mode +``` + ## ```--help``` ```shell -- cgit v1.2.3 From 14a2bbbb3b5dd37eef6ba8caa1fab9a018e850d0 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 8 Oct 2019 21:23:27 +0200 Subject: Update USAGE.md --- docs/USAGE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/USAGE.md b/docs/USAGE.md index a14bbc7f..36381b4d 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -70,13 +70,13 @@ honggfuzz -i input_dir --linux_perf_bts_edge --linux_perf_instr -P -- jpeg_persi ## Corpus Minimization (```-M```) ## -### Minimize files directly in the input (```--input```) directory (it will remove unneeded files) ### +### Minimize files directly inside the input (```--input```) directory ### ```shell honggfuzz -i input_dir -P -M -- jpeg_persistent_mode ``` -### Compile and copy minimized corpus to the output (```--output```) directory (the input directory will be left untouched) ### +### Compile and save minimized corpus in the output directory (```--output```) ### ```shell honggfuzz -i input_dir --output output_dir -P -M -- jpeg_persistent_mode -- cgit v1.2.3 From ab4a3e86d1881f8d756de2c2b4e1950611e234bc Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 8 Oct 2019 21:24:23 +0200 Subject: Update USAGE.md --- docs/USAGE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/USAGE.md b/docs/USAGE.md index 36381b4d..099c6f48 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -82,7 +82,7 @@ honggfuzz -i input_dir -P -M -- jpeg_persistent_mode honggfuzz -i input_dir --output output_dir -P -M -- jpeg_persistent_mode ``` -## ```--help``` +# CMDLINE ```--help``` # ```shell Usage: ./honggfuzz [options] -- path_to_command [args] -- cgit v1.2.3 From 2835d1b6eb733aee5bd309ae6daec2d35209e670 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 8 Oct 2019 21:32:41 +0200 Subject: Update USAGE.md --- docs/USAGE.md | 46 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 14 deletions(-) diff --git a/docs/USAGE.md b/docs/USAGE.md index 099c6f48..09a721aa 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -40,29 +40,35 @@ honggfuzz -i input_dir -x -s -- /usr/bin/djpeg ## Non-persistent fuzzing with instrumentation ## -### Compile-time instrumentation (enabled by default) ### +### Compile-time instrumentation (```-z``` _enabled by default_) ### ```shell - honggfuzz -i input_dir -- /usr/bin/djpeg ___FILE___ + honggfuzz -i input_dir -z -- instrumented.djpeg ___FILE___ ``` -### Various hardware-based counters ### +### QEMU-mode (black-box instrumentation) ### ```shell - honggfuzz --linux_perf_branch -- /usr/bin/djpeg ___FILE___ - honggfuzz --linux_perf_bts_edge -- /usr/bin/djpeg ___FILE___ - honggfuzz --linux_perf_ipt_block -- /usr/bin/djpeg ___FILE___ +honggfuzz -i input_dir -- /qemu_mode/honggfuzz-qemu/x86_64-linux-user/qemu-x86_64 /usr/bin/djpeg ___FILE___ ``` -## Persistent-mode (```-P``` - it will be auto-detected) ## +### Various hardware-based mechanisms/counters ### +```shell + honggfuzz -i input_dir --linux_perf_bts_edge -- /usr/bin/djpeg ___FILE___ + honggfuzz -i input_dir --linux_perf_ipt_block -- /usr/bin/djpeg ___FILE___ + honggfuzz -i input_dir --linux_perf_instr -- /usr/bin/djpeg ___FILE___ + honggfuzz -i input_dir --linux_perf_branch -- /usr/bin/djpeg ___FILE___ +``` + +## Persistent-mode (```-P``` _it will be auto-detected_) ## ```shell honggfuzz -i input_dir -P -- jpeg_persistent_mode - honggfuzz --linux_perf_bts_edge -- jpeg_persistent_mode - honggfuzz --linux_perf_ipt_block -- jpeg_persistent_mode - honggfuzz --linux_perf_branch -- jpeg_persistent_mode - honggfuzz --linux_perf_instr -- jpeg_persistent_mode + honggfuzz --i input_dir -linux_perf_bts_edge -P -- jpeg_persistent_mode + honggfuzz -i input_dir --linux_perf_ipt_block -P -- jpeg_persistent_mode + honggfuzz -i input_dir--linux_perf_branch -P -- jpeg_persistent_mode + honggfuzz -i input_dir --linux_perf_instr -P -- jpeg_persistent_mode ``` -but also +but also a couple of instrumentation mechanisms used together ```shell honggfuzz -i input_dir --linux_perf_bts_edge --linux_perf_instr -P -- jpeg_persistent_mode @@ -70,18 +76,30 @@ honggfuzz -i input_dir --linux_perf_bts_edge --linux_perf_instr -P -- jpeg_persi ## Corpus Minimization (```-M```) ## -### Minimize files directly inside the input (```--input```) directory ### +### Minimize corpus directly inside the input (```-i```) directory ### ```shell honggfuzz -i input_dir -P -M -- jpeg_persistent_mode ``` -### Compile and save minimized corpus in the output directory (```--output```) ### +or + +```shell +honggfuzz -i input_dir -M -- instrumented.djpeg ___FILE___ +``` + +### Save minimized corpus to the output (```--output```) directory ### ```shell honggfuzz -i input_dir --output output_dir -P -M -- jpeg_persistent_mode ``` +or + +```shell +honggfuzz -i input_dir --output output_dir -M -- instrumented.djpeg ___FILE___ +``` + # CMDLINE ```--help``` # ```shell -- cgit v1.2.3 From cd9bafb43f5c3780b8321cae92eea20859becba6 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 8 Oct 2019 21:33:48 +0200 Subject: Update USAGE.md --- docs/USAGE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/USAGE.md b/docs/USAGE.md index 09a721aa..9f5a9318 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -40,7 +40,7 @@ honggfuzz -i input_dir -x -s -- /usr/bin/djpeg ## Non-persistent fuzzing with instrumentation ## -### Compile-time instrumentation (```-z``` _enabled by default_) ### +### Compile-time instrumentation (```-z```). _Note: enabled by default_ ### ```shell honggfuzz -i input_dir -z -- instrumented.djpeg ___FILE___ ``` @@ -58,7 +58,7 @@ honggfuzz -i input_dir -- /qemu_mode/honggfuzz-qemu/x86_64-linux- honggfuzz -i input_dir --linux_perf_branch -- /usr/bin/djpeg ___FILE___ ``` -## Persistent-mode (```-P``` _it will be auto-detected_) ## +## Persistent-mode (```-P```). _Note: it will be auto-detected_ ## ```shell honggfuzz -i input_dir -P -- jpeg_persistent_mode -- cgit v1.2.3 From 815d72bb5d772ee4a337a431a3c4a0fecd7df9ab Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 8 Oct 2019 21:36:37 +0200 Subject: Update USAGE.md --- docs/USAGE.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/USAGE.md b/docs/USAGE.md index 9f5a9318..26ee1826 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -33,14 +33,14 @@ It should work under the following operating systems: honggfuzz -i input_dir -x -- /usr/bin/djpeg ___FILE___ ``` -### Input on FD=0/STDIN (```-s````) #### +### Input on FD=0/STDIN (```-s```/```--stdin_input```) #### ```shell honggfuzz -i input_dir -x -s -- /usr/bin/djpeg ``` ## Non-persistent fuzzing with instrumentation ## -### Compile-time instrumentation (```-z```). _Note: enabled by default_ ### +### Compile-time instrumentation (```-z```/```--instrument```). _Note: it is enabled by default_ ### ```shell honggfuzz -i input_dir -z -- instrumented.djpeg ___FILE___ ``` @@ -61,10 +61,10 @@ honggfuzz -i input_dir -- /qemu_mode/honggfuzz-qemu/x86_64-linux- ## Persistent-mode (```-P```). _Note: it will be auto-detected_ ## ```shell - honggfuzz -i input_dir -P -- jpeg_persistent_mode - honggfuzz --i input_dir -linux_perf_bts_edge -P -- jpeg_persistent_mode + honggfuzz -i input_dir -z -P -- jpeg_persistent_mode + honggfuzz -i input_dir --linux_perf_bts_edge -P -- jpeg_persistent_mode honggfuzz -i input_dir --linux_perf_ipt_block -P -- jpeg_persistent_mode - honggfuzz -i input_dir--linux_perf_branch -P -- jpeg_persistent_mode + honggfuzz -i input_dir --linux_perf_branch -P -- jpeg_persistent_mode honggfuzz -i input_dir --linux_perf_instr -P -- jpeg_persistent_mode ``` @@ -74,9 +74,9 @@ but also a couple of instrumentation mechanisms used together honggfuzz -i input_dir --linux_perf_bts_edge --linux_perf_instr -P -- jpeg_persistent_mode ``` -## Corpus Minimization (```-M```) ## +## Corpus Minimization (```-M```/```--minimize```) ## -### Minimize corpus directly inside the input (```-i```) directory ### +### Minimize corpus directly inside the input (```-i```/```--input```) directory ### ```shell honggfuzz -i input_dir -P -M -- jpeg_persistent_mode -- cgit v1.2.3 From 1536710e9521376f0c8c03680db45a26af30e40c Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 8 Oct 2019 21:38:22 +0200 Subject: Update USAGE.md --- docs/USAGE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/USAGE.md b/docs/USAGE.md index 26ee1826..9b4c0e64 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -74,7 +74,7 @@ but also a couple of instrumentation mechanisms used together honggfuzz -i input_dir --linux_perf_bts_edge --linux_perf_instr -P -- jpeg_persistent_mode ``` -## Corpus Minimization (```-M```/```--minimize```) ## +## Corpus Minimization (```-M```) ## ### Minimize corpus directly inside the input (```-i```/```--input```) directory ### -- cgit v1.2.3 From 8b6d5879665c63e39c12ddcf8b65c3b0458c7f49 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 8 Oct 2019 21:39:20 +0200 Subject: Update USAGE.md --- docs/USAGE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/USAGE.md b/docs/USAGE.md index 9b4c0e64..b1b5f830 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -6,7 +6,7 @@ * Image formats: Tavis Ormandy's [Image Testuite](http://code.google.com/p/imagetestsuite/) has been effective at finding vulnerabilities in various graphics libraries. * PDF: Adobe provides some [test PDF files](http://acroeng.adobe.com/). -_**Note**: With the feedback-driven coverage-based modes, you can start your fuzzing with even a single 1-byte file._ +_**Note**: With the feedback-driven coverage-based modes, you can start your fuzzing without any input corpus._ ## Compatibility list ## -- cgit v1.2.3 From a703bc12c2b0771473299242f983744a22c6c6f2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 8 Oct 2019 23:11:10 +0200 Subject: input: sort dynamic input on addition --- fuzz.c | 1 - input.c | 72 ++++++++++++++++++++++++++++++----------------------------------- input.h | 1 - 3 files changed, 33 insertions(+), 41 deletions(-) diff --git a/fuzz.c b/fuzz.c index 193a7089..39c263f5 100644 --- a/fuzz.c +++ b/fuzz.c @@ -117,7 +117,6 @@ static void fuzz_setDynamicMainState(run_t* run) { ATOMIC_SET(run->global->cfg.switchingToFDM, false); if (run->global->cfg.minimize) { - input_sortDynamicInput(run->global); LOG_I("Entering phase 3/3: Corpus Minimization"); ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MINIMIZE); return; diff --git a/input.c b/input.c index 4e54cf1a..f6321c87 100644 --- a/input.c +++ b/input.c @@ -332,6 +332,23 @@ bool input_writeCovFile(const char* dir, const uint8_t* data, size_t len) { return true; } +/* true if item1 is bigger than item2 */ +static bool input_cmpCov(struct dynfile_t* item1, struct dynfile_t* item2) { + for (size_t j = 0; j < ARRAYSIZE(item1->cov); j++) { + if (item1->cov[j] > item2->cov[j]) { + return true; + } + if (item1->cov[j] < item2->cov[j]) { + return false; + } + } + /* Both are equal */ + return false; +} + +#define TAILQ_FOREACH_HF(var, head, field) \ + for ((var) = TAILQ_FIRST((head)); (var); (var) = TAILQ_NEXT((var), field)) + void input_addDynamicInput( honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov[4], const char* path) { ATOMIC_SET(hfuzz->timing.lastCovUpdate, time(NULL)); @@ -345,7 +362,18 @@ void input_addDynamicInput( snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); MX_SCOPED_RWLOCK_WRITE(&hfuzz->io.dynfileq_mutex); - TAILQ_INSERT_TAIL(&hfuzz->io.dynfileq, dynfile, pointers); + + /* Sort it by coverage - put better coverage in front of the list */ + struct dynfile_t* iter = NULL; + TAILQ_FOREACH_HF(iter, &hfuzz->io.dynfileq, pointers) { + if (input_cmpCov(dynfile, iter)) { + TAILQ_INSERT_BEFORE(iter, dynfile, pointers); + break; + } + } + if (iter == NULL) { + TAILQ_INSERT_TAIL(&hfuzz->io.dynfileq, dynfile, pointers); + } hfuzz->io.dynfileqCnt++; if (hfuzz->socketFuzzer.enabled) { @@ -519,43 +547,9 @@ bool input_prepareDynamicFileForMinimization(run_t* run) { snprintf( run->origFileName, sizeof(run->origFileName), "%s", run->global->io.dynfileqCurrent->path); - return true; -} + LOG_D("Cov: %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, + run->global->io.dynfileqCurrent->cov[0], run->global->io.dynfileqCurrent->cov[1], + run->global->io.dynfileqCurrent->cov[2], run->global->io.dynfileqCurrent->cov[3]); -/* true if item1 is bigger than item2 */ -static bool input_cmpCov(struct dynfile_t* item1, struct dynfile_t* item2) { - for (size_t j = 0; j < ARRAYSIZE(item1->cov); j++) { - if (item1->cov[j] > item2->cov[j]) { - return true; - } - if (item1->cov[j] < item2->cov[j]) { - return false; - } - } - /* Both are equal */ - return false; -} - -#define TAILQ_FOREACH_HF(var, head, field) \ - for ((var) = TAILQ_FIRST((head)); (var); (var) = TAILQ_NEXT((var), field)) - -/* Yes, the bubblesort :) */ -void input_sortDynamicInput(honggfuzz_t* hfuzz) { - LOG_I("Sorting %zu dynamic entries by coverage", hfuzz->io.dynfileqCnt); - for (size_t i = 0; i < hfuzz->io.dynfileqCnt; i++) { - struct dynfile_t* item = NULL; - TAILQ_FOREACH_HF(item, &hfuzz->io.dynfileq, pointers) { - struct dynfile_t* itemnext = TAILQ_NEXT(item, pointers); - if (itemnext == NULL) { - continue; - } - - if (input_cmpCov(itemnext, item)) { - TAILQ_REMOVE(&hfuzz->io.dynfileq, itemnext, pointers); - TAILQ_INSERT_BEFORE(item, itemnext, pointers); - /* We've swapped items, so rewind item to the itemnext */ - item = itemnext; - } - } - } + return true; } diff --git a/input.h b/input.h index 02a64108..3f4cab40 100644 --- a/input.h +++ b/input.h @@ -42,6 +42,5 @@ extern void input_removeStaticFile(const char* dir, const char* name); extern bool input_prepareExternalFile(run_t* run); extern bool input_postProcessFile(run_t* run, const char* cmd); extern bool input_prepareDynamicFileForMinimization(run_t* run); -extern void input_sortDynamicInput(honggfuzz_t* hfuzz); #endif /* ifndef _HF_INPUT_H_ */ -- cgit v1.2.3 From d66839e30a5503d9053c782817c7927045f8680d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 8 Oct 2019 23:28:58 +0200 Subject: examples/openssl: print more errorss --- examples/openssl/client.c | 6 +++--- examples/openssl/hf_ssl_lib.h | 3 +-- examples/openssl/privkey.c | 20 ++++++++++++-------- examples/openssl/server.c | 6 +++--- examples/openssl/x509.c | 8 +++++--- 5 files changed, 24 insertions(+), 19 deletions(-) diff --git a/examples/openssl/client.c b/examples/openssl/client.c index 3a395849..e2d7a636 100644 --- a/examples/openssl/client.c +++ b/examples/openssl/client.c @@ -4,6 +4,9 @@ extern "C" { #endif +#include +#include + #include #include #include @@ -12,9 +15,6 @@ extern "C" { #include #include -#include -#include - static const uint8_t kRSACertificateDER[] = {0x30, 0x82, 0x06, 0x3d, 0x30, 0x82, 0x04, 0x25, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x0f, 0x2d, 0x4d, 0xdd, 0x2f, 0xa5, 0xc0, 0x5f, 0x5a, 0xd3, 0x6e, 0x9f, 0xbe, 0x29, 0x68, 0xe9, 0x24, 0x72, 0x6c, 0xea, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, diff --git a/examples/openssl/hf_ssl_lib.h b/examples/openssl/hf_ssl_lib.h index 1ae97995..9b3b6519 100644 --- a/examples/openssl/hf_ssl_lib.h +++ b/examples/openssl/hf_ssl_lib.h @@ -1,10 +1,9 @@ +#include #include #include #include #include -#include - #ifdef __cplusplus extern "C" { #endif diff --git a/examples/openssl/privkey.c b/examples/openssl/privkey.c index 396c87ae..f68f4e50 100644 --- a/examples/openssl/privkey.c +++ b/examples/openssl/privkey.c @@ -1,14 +1,14 @@ -#include -#include -#include -#include +#ifdef __cplusplus +extern "C" { +#endif #include #include -#ifdef __cplusplus -extern "C" { -#endif +#include +#include +#include +#include int LLVMFuzzerInitialize(int* argc, char*** argv) { HFInit(); @@ -18,7 +18,11 @@ int LLVMFuzzerInitialize(int* argc, char*** argv) { } int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { - EVP_PKEY_free(d2i_AutoPrivateKey(NULL, &buf, len)); + EVP_PKEY* key = d2i_AutoPrivateKey(NULL, &buf, len); + if (key == NULL) { + fprintf(stderr, "%s", ERR_error_string(ERR_get_error(), NULL)); + } + EVP_PKEY_free(key); return 0; } diff --git a/examples/openssl/server.c b/examples/openssl/server.c index f087cb25..17426e1f 100644 --- a/examples/openssl/server.c +++ b/examples/openssl/server.c @@ -4,6 +4,9 @@ extern "C" { #endif +#include +#include + #include #include #include @@ -13,9 +16,6 @@ extern "C" { #include #include -#include -#include - static const uint8_t kCertificateDER[] = {0x30, 0x82, 0x06, 0x3a, 0x30, 0x82, 0x04, 0x22, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x0f, 0x2d, 0x4d, 0xdd, 0x2f, 0xa5, 0xc0, 0x5f, 0x5a, 0xd3, 0x6e, 0x9f, 0xbe, 0x29, 0x68, 0xe9, 0x24, 0x72, 0x6c, 0xeb, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, diff --git a/examples/openssl/x509.c b/examples/openssl/x509.c index 48f4bb77..2f2dd9cc 100644 --- a/examples/openssl/x509.c +++ b/examples/openssl/x509.c @@ -4,6 +4,9 @@ extern "C" { #endif +#include +#include + #include #include #include @@ -11,9 +14,6 @@ extern "C" { #include #include -#include -#include - int LLVMFuzzerInitialize(int* argc, char*** argv) { HFInit(); HFResetRand(); @@ -33,6 +33,8 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { X509_free(x); BIO_free(o); + } else { + fprintf(stderr, "%s", ERR_error_string(ERR_get_error(), NULL)); } return 0; -- cgit v1.2.3 From 70e9f8abc062fd71d1ed1c8c20b5c8cbc7bb5b32 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 9 Oct 2019 00:20:18 +0200 Subject: fuzz: minimization msg --- fuzz.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/fuzz.c b/fuzz.c index 39c263f5..ceb82247 100644 --- a/fuzz.c +++ b/fuzz.c @@ -145,11 +145,6 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { uint64_t cpuInstr = run->linux.hwCnts.cpuInstrCnt; uint64_t cpuBranch = run->linux.hwCnts.cpuBranchCnt; - LOG_I("Corpus Minimization, len:%zu (i,b,hw,ed,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 - "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, - run->dynamicFileSz, cpuInstr, cpuBranch, run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, - softCntCmp); - uint64_t cov[4] = { [0] = softCntEdge + softCntPc, [1] = run->dynamicFileSz ? (64 - (uint64_t)log2(run->dynamicFileSz)) @@ -157,6 +152,9 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { [2] = cpuInstr + cpuBranch, [3] = softCntCmp, }; + LOG_I("Corpus Minimization, len:%zu: %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, + run->dynamicFileSz, cov[0], cov[1], cov[2], cov[3]); + input_addDynamicInput( run->global, run->dynamicFile, run->dynamicFileSz, cov, run->origFileName); -- cgit v1.2.3 From ff70ef99dea97e9add3d75708610a1b6aadf54a4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 9 Oct 2019 00:23:15 +0200 Subject: fuzz: minimization msg #2 --- fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fuzz.c b/fuzz.c index ceb82247..7dc1be3e 100644 --- a/fuzz.c +++ b/fuzz.c @@ -152,7 +152,7 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { [2] = cpuInstr + cpuBranch, [3] = softCntCmp, }; - LOG_I("Corpus Minimization, len:%zu: %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, + LOG_I("Corpus Minimization: len:%zu, %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, run->dynamicFileSz, cov[0], cov[1], cov[2], cov[3]); input_addDynamicInput( -- cgit v1.2.3 From 7bb88673ca9cc5cf58f8c27e681a5996d2778e7a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 9 Oct 2019 00:25:19 +0200 Subject: fuzz: minimization msg #3 --- fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fuzz.c b/fuzz.c index 7dc1be3e..2ba35fbb 100644 --- a/fuzz.c +++ b/fuzz.c @@ -152,7 +152,7 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { [2] = cpuInstr + cpuBranch, [3] = softCntCmp, }; - LOG_I("Corpus Minimization: len:%zu, %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, + LOG_I("Corpus Minimization: len:%zu, cov:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, run->dynamicFileSz, cov[0], cov[1], cov[2], cov[3]); input_addDynamicInput( -- cgit v1.2.3 From 2d90208cecb79db9d5b27ad5052a6ca0d7b18e6c Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Wed, 9 Oct 2019 08:58:23 +0200 Subject: Update USAGE.md --- docs/USAGE.md | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/docs/USAGE.md b/docs/USAGE.md index b1b5f830..1c14ba83 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -1,12 +1,11 @@ # REQUIREMENTS # - * A POSIX compliant operating system, [Android](https://github.com/google/honggfuzz/blob/master/docs/Android.md) or Windows (CygWin) - * GNU/Linux with modern kernel (>= v4.2) for hardware-based code coverage guided fuzzing - * A corpus of input files. Honggfuzz expects a set of files to use and modify as input to the application you're fuzzing. How you get or create these files is up to you, but you might be interested in the following sources: + * A POSIX compliant operating system, MacOSX, [Android](https://github.com/google/honggfuzz/blob/master/docs/Android.md) or Windows (CygWin) + * GNU/Linux with modern kernel (>= v4.2) for hardware-based code coverage guided fuzzing (intel PT, Intel BTS, instruction/branch counting) + * An input corpus: You might be interested in the following for some common file formats: * Image formats: Tavis Ormandy's [Image Testuite](http://code.google.com/p/imagetestsuite/) has been effective at finding vulnerabilities in various graphics libraries. * PDF: Adobe provides some [test PDF files](http://acroeng.adobe.com/). - -_**Note**: With the feedback-driven coverage-based modes, you can start your fuzzing without any input corpus._ + * _**Note**: With the feedback-driven coverage-based modes, you can start your fuzzing without the input corpus._ ## Compatibility list ## @@ -16,13 +15,12 @@ It should work under the following operating systems: |:-------|:-----------|:----------| | **GNU/Linux** | Works | ptrace() API (x86, x86-64 disassembly support)| | **FreeBSD** | Works | POSIX signal interface | +| **OpenBSD** | Works | POSIX signal interface | | **NetBSD** | Works | ptrace() API (x86, x86-64 disassembly support)| | **Mac OS X** | Works | POSIX signal interface/Mac OS X crash reports (x86-64/x86 disassembly support) | | **Android** | Works | ptrace() API (x86, x86-64 disassembly support) | | **MS Windows** | Works | POSIX signal interface via CygWin | -| **Other Unices** | Depends`*` | POSIX signal interface | - - _`*`) It might work provided that a given operating system implements **wait4()** call_ +| **Other Unices** | Maybe | POSIX signal interface | # USAGE # -- cgit v1.2.3 From 6d070f591b2cfc1110e1b79e8249d286e8370698 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Wed, 9 Oct 2019 09:02:23 +0200 Subject: Update PersistentFuzzing.md --- docs/PersistentFuzzing.md | 64 +++++++++++++++++++++-------------------------- 1 file changed, 28 insertions(+), 36 deletions(-) diff --git a/docs/PersistentFuzzing.md b/docs/PersistentFuzzing.md index ed592029..8dd13e53 100644 --- a/docs/PersistentFuzzing.md +++ b/docs/PersistentFuzzing.md @@ -3,45 +3,50 @@ Honggfuzz is capable of fuzzing APIs, which is to say; to test new data within the same process. This speeds-up the process of fuzzing APIs greatly # Requirements for hardware-based counter-based fuzzing # - * GNU/Linux or POSIX interface (e.g. FreeBSD, Windows/CygWin) + * GNU/Linux # HowTo # -One can prepare a binary in the two following ways: +Prepare a binary in the two following ways: -## ASAN-style ## +## ASAN-style (_LLVMFuzzerTestOneInput_) ## -Two functions must be prepared +Two functions must be provided -```int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)``` - -and (optional) +```c +int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)``` +```` -```int LLVMFuzzerInitialize(int *argc, char ***argv)``` +and optionally -Example (test.c): +```c +int LLVMFuzzerInitialize(int *argc, char ***argv)``` ``` -int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) { + +### Example (test.c): +```c +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { TestAPI(buf, len); return 0; } ``` -Compilation: -``` -$ hfuzz_cc/hfuzz_clang test.c -o test +### Compilation +```shell +$ hfuzz_cc/hfuzz-clang test.c -o test ``` -Execution: -``` +### Fuzzing +```shell $ honggfuzz -P -- ./test ``` ## HF_ITER style ## -A complete program needs to be prepared, using ```HF_ITER``` symbol to obtain new inputs +A complete program needs to be prepared, using ```HF_ITER``` symbol to fetch new inputs from honggfuzz + +### Example (test.c): -Example (test.c): ```c #include @@ -54,32 +59,19 @@ int main(void) { HF_ITER(&buf, &len); - TestAPI(buf, len); + ApiToBeFuzzed(buf, len); } } ``` -Compilation: -``` -$ hfuzz_cc/hfuzz_clang test.c -o test ~/honggfuzz/libfuzz/libfuzz.a -``` +### Compilation -Execution: -``` -$ honggfuzz -P -- ./test +```shell +$ hfuzz_cc/hfuzz-clang test.c -o test ~/honggfuzz/libfuzz/libfuzz.a ``` -# Feedback-driven modes # - -The persistent fuzzing can be easily used together with feedback-driven fuzzing. In order to achieve that, one needs to compile binary with compile-time instrumentation, or use hardware-based instrumentation (BTS, Intel PT). More can be found in this [document](FeedbackDrivenFuzzing.md) +## Fuzzing -Example (compile-time) ``` -$ honggfuzz -P -z -- ./test -``` - -Example (hardware-based) -``` -$ honggfuzz -P --linux_perf_bts_edge -- ./test -$ honggfuzz -P --linux_perf_ipt_block -- ./test +$ honggfuzz -P -- ./test ``` -- cgit v1.2.3 From cb6d40faaa68d56ebec9b060718b4a25fee2ac90 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Wed, 9 Oct 2019 09:08:02 +0200 Subject: Update FeedbackDrivenFuzzing.md --- docs/FeedbackDrivenFuzzing.md | 165 +++++------------------------------------- 1 file changed, 17 insertions(+), 148 deletions(-) diff --git a/docs/FeedbackDrivenFuzzing.md b/docs/FeedbackDrivenFuzzing.md index ba7de048..2013556f 100644 --- a/docs/FeedbackDrivenFuzzing.md +++ b/docs/FeedbackDrivenFuzzing.md @@ -7,25 +7,26 @@ Honggfuzz is capable of performing feedback-guided (code coverage driven) fuzzin * Sanitzer-coverage instrumentation (`-fsanitize-coverage=bb`) * Compile-time instrumentation (`-finstrument-functions` or `-fsanitize-coverage=trace-pc[-guard],indirect-calls,trace-cmp` or both) -Developers should provide the initial file corpus which will be gradually improved upon. It can even comprise of a single 1-byte initial file, and honggfuzz will try to generate better inputs starting from there. +Developers may provide the initial file corpus which will be gradually improved upon, but it's not necessary with feedback-driven modes. --- # Requirements for software-based coverage-guided fuzzing # - * `-fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp` - Clang >= 4.0 + * `-fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp` - Clang >= 5.0 + * `-fsanitize-coverage=trace-pc` - GCC >= 9.0 * `-fsanitize-coverage=bb` - Clang >= 3.7 * `-finstrument-functions` - GCC or Clang * [older, slower variant] `-fsanitize-coverage=trace-pc,indirect-calls` - Clang >= 3.9 _Note_: The _-fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp_ set of flags will be automatically added to clang's command-line switches when using [hfuzz-clang](https://github.com/google/honggfuzz/tree/master/hfuzz_cc) binary. -``` -$ [honggfuzz_dir]/honggfuzz/hfuzz_cc/hfuzz-clang terminal-test.c -o terminal-test +```shell +$ /honggfuzz/hfuzz_cc/hfuzz-clang terminal-test.c -o terminal-test ``` --- # Requirements for hardware-based counter-based fuzzing # * GNU/Linux OS - * Relatively modern Linux kernel (4.2 should suffice) + * A relatively modern Linux kernel (4.2 should be ok) * CPU which is supported by the [perf subsystem](https://perf.wiki.kernel.org/index.php/Main_Page) for hardware-assisted instruction and branch counting --- @@ -38,11 +39,11 @@ $ [honggfuzz_dir]/honggfuzz/hfuzz_cc/hfuzz-clang terminal-test.c -o terminal-tes --- # Fuzzing strategy # -The implemented strategy is trying to identify files which add new code coverage (or increased instruction/branch counters). Then those inputs are added (dynamically stored in memory) corpus, and reused during following fuzzing rounds +The implemented strategy identifies files which add new code coverage (or increased instruction/branch counters). Those inputs are then added to a dynamically stored in memory corpus, and reused during following fuzzing rounds There are 2 phases of feedback-driven the fuzzing: - * Honggfuzz goes through each file in the initial corpus directory (-f). It adds files which hit new code coverage to the dynamic input corpus (as well as saving them on the disk, using *COVERAGE_DATA.PID.pid.RND.time.rnd* pattern - * Honggfuzz choses randomly files from the dynamic input corpus (in-memory), mutates them, and runs a new fuzzing round (round in persistent mode, exec in non-persistent mode). If the newly created file induces new code path (extends code coverage), it gets added to the dynamic input corpus + * Honggfuzz goes through each file in the initial corpus directory (_-i_). It adds files which hit new code coverage to the dynamic input corpus. + * Honggfuzz choses randomly files from the dynamic input corpus (in-memory), mutates them, and runs a new fuzzing round. If the newly created file induces new code path (extends code coverage), it gets added to the dynamic input corpus as well. # Compile-time instrumentation with clang/gcc (default mode) # @@ -53,167 +54,35 @@ Here you can use the following: _Note_: The _-fsanitize-coverage=trace-pc-guard,indirect-calls,trace-cmp_ set of flags will be automatically added to clang's command-line switches when using [hfuzz-clang](https://github.com/google/honggfuzz/tree/master/hfuzz_cc) binary. The [hfuzz-clang](https://github.com/google/honggfuzz/tree/master/hfuzz_cc) binary will also link your code with _libhfuzz.a_ -Two persistent modes can be used here: - -### LLVM-style LLVMFuzzerTestOneInput ### - -```c -$ cat test.c -#include -#include // Our API to test - -extern int LLVMFuzzerTestOneInput(uint8_t **buf, size_t *len); - -int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) { - _FuncFromFuzzedLib_(buf, len); - return 0; -} -``` - -``` -$ [honggfuzz_dir]/honggfuzz/hfuzz_cc/hfuzz-clang -c fuzzedlib.c -o fuzzedlib.o -$ [honggfuzz_dir]/honggfuzz/hfuzz_cc/hfuzz-clang test.c fuzzedlib.o -o test -$ [honggfuzz_dir]/honggfuzz -i input_corpus -P -- ./test -``` - -`LLVMFuzzerInitialize(int *argc, char **argv)` is supported as well - -### Fetching input with HF_ITER() ### - -```c -$ cat test.c -#include -#include // Our API to test - -// Get input from the fuzzer -extern void HF_ITER(uint8_t **buf, size_t *len); - -int main(void) { - for (;;) { - uint8_t *buf; - size_t len; - HF_ITER(&buf, &len); - _FuncFromFuzzedLib_(buf, len); - } - return 0; -} -``` -``` -$ [honggfuzz_dir]/honggfuzz/hfuzz_cc/hfuzz-clang -c fuzzedlib.c -o fuzzedlib.o -$ [honggfuzz_dir]/honggfuzz/hfuzz_cc/hfuzz-clang test.c fuzzedlib.o -o test -$ [honggfuzz_dir]/honggfuzz -i input_corpus -P -- ./test -``` - -Example: -``` -$ [honggfuzz_dir]/honggfuzz -i input_corpus -P -- ./persistent.server.openssl.1.0.2i.asan -------------------------------[ honggfuzz v0.8 ]------------------------------ - Iterations : 3,275,169 [3.28M] - Run Time : 2 hrs 17 min 16 sec (since: 2016-09-27 07:30:04) - Input Dir : 'input_corpus' - Fuzzed Cmd : './persistent.server.openssl.1.0.2i.asan' - Fuzzing Threads : 2, CPUs: 8, CPU: 759.0% (94.9%/CPU) - Speed (Round) : 86/sec (avg: 397) - Crashes : 0 (unique: 0, blacklist: 0, verified: 0) - Timeouts : 0 [10 sec.] - Corpus size : 393 (max file size: 40,000 bytes) - Coverage : - *** blocks seen: 3,545, comparison map: 204,542 ------------------------------------[ LOGS ]----------------------------------- -``` - -PS. You can also use a non-persistent mode here (without the __-P__ flag), in which case you need to read data either from a file passed at command-line (`___FILE___`), or from the standard input (e.g. with `read(0, buf, sizeof(buf))`. The compile-time instrumentation will still work in such case. - # Hardware-based coverage # ## Unique branch pair (edges) counting (--linux_perf_bts_edge) ## This mode will take into consideration pairs (tuples) of jumps, recording unique from-to jump pairs. The data is taken from the Intel BTS CPU registers. -``` -$ [honggfuzz_dir]/honggfuzz --linux_perf_bts_edge -i input_corpus -- /usr/bin/xmllint -format ___FILE___ -============================== STAT ============================== -Iterations: 1 -Start time: 2016-02-16 18:37:08 (1 seconds elapsed) -Input file/dir: 'input_corpus' -Fuzzed cmd: '/usr/bin/xmllint -format ___FILE___' -Fuzzing threads: 2 -Execs per second: 1 (avg: 1) -Crashes: 0 (unique: 0, blacklist: 0, verified: 0) -Timeouts: 0 -Number of dynamic files: 251 -Coverage (max): - - BTS unique edges: 2341 -============================== LOGS ============================== -[2016-02-16T18:37:09+0100][I][14944] fuzz_perfFeedback():420 New: (Size New,Old): 257,257, Perf (Cur,New): 0/0/0/0/0/0,0/0/0/2341/0/0 +```shell +$ /honggfuzz --linux_perf_bts_edge -i input_corpus -- /usr/bin/xmllint -format ___FILE___ ``` ## Unique branch points counting (--linux_perf_ipt_block) ## This mode will utilize Interl's PT (Process Trace) subsystem, which should be way faster than BTS (Branch Trace Store), but will currently produce less precise results. -``` -$ [honggfuzz_dir]/honggfuzz --linux_perf_ipt_block -i IN.corpus/ -- /usr/bin/xmllint -format ___FILE___ -============================== STAT ============================== -Iterations: 0 -Start time: 2016-02-16 18:38:45 (0 seconds elapsed) -Input file/dir: 'IN/' -Fuzzed cmd: '/usr/bin/xmllint -format ___FILE___' -Fuzzing threads: 2 -Execs per second: 0 (avg: 0) -Crashes: 0 (unique: 0, blacklist: 0, verified: 0) -Timeouts: 0 -Number of dynamic files: 251 -Coverage (max): - - PT unique blocks: 243 -============================== LOGS ============================== +```shell +$ /honggfuzz --linux_perf_ipt_block -i input_corpus -- /usr/bin/xmllint -format ___FILE___ ``` ## Instruction counting (--linux_perf_instr) ## This mode tries to maximize the number of instructions taken during each process iteration. The counters will be taken from the Linux perf subsystems. Intel, AMD and even other CPU architectures are supported for this mode. -``` -$ [honggfuzz_dir]/honggfuzz --linux_perf_instr -i input_corpus -- /usr/bin/xmllint -format ___FILE___ -============================== STAT ============================== -Iterations: 2776 -Start time: 2016-02-16 18:40:51 (3 seconds elapsed) -Input file/dir: 'input_corpus' -Fuzzed cmd: '/usr/bin/xmllint -format ___FILE___' -Fuzzing threads: 2 -Execs per second: 922 (avg: 925) -Crashes: 0 (unique: 0, blacklist: 0, verified: 0) -Timeouts: 0 -Number of dynamic files: 251 -Coverage (max): - - cpu instructions: 1369752 -============================== LOGS ============================== -[2016-02-16T18:40:54+0100][I][17406] fuzz_perfFeedback():420 New: (Size New,Old): 2497,2496, Perf (Cur,New): 1369752/0/0/0/0/0,1371747/0/0/0/0/0 -[2016-02-16T18:40:54+0100][I][17406] fuzz_perfFeedback():420 New: (Size New,Old): 2497,2497, Perf (Cur,New): 1371747/0/0/0/0/0,1372273/0/0/0/0/0 -[2016-02-16T18:40:54+0100][I][17406] fuzz_perfFeedback():420 New: (Size New,Old): 2497,2497, Perf (Cur,New): 1372273/0/0/0/0/0,1372390/0/0/0/0/0 -[2016-02-16T18:40:54+0100][I][17406] fuzz_perfFeedback():420 New: (Size New,Old): 2497,2497, Perf (Cur,New): 1372390/0/0/0/0/0,1372793/0/0/0/0/0 +```shell +$ /honggfuzz --linux_perf_instr -i input_corpus -- /usr/bin/xmllint -format ___FILE___ ``` ## Branch counting (--linux_perf_branch) ## As above, it will try to maximize the number of branches taken by CPU on behalf of the fuzzed process (here: djpeg.static) while performing each fuzzing iteration. Intel, AMD and even other CPU architectures are supported for this mode. -``` -$ [honggfuzz_dir]/honggfuzz --linux_perf_branch -i input_corpus -F 2500 -- /usr/bin/xmllint -format ___FILE___ -============================== STAT ============================== -Iterations: 0 -Start time: 2016-02-16 18:39:41 (0 seconds elapsed) -Input file/dir: 'input_corpus' -Fuzzed cmd: '/usr/bin/xmllint -format ___FILE___' -Fuzzing threads: 2 -Execs per second: 0 (avg: 0) -Crashes: 0 (unique: 0, blacklist: 0, verified: 0) -Timeouts: 0 -Number of dynamic files: 251 -Coverage (max): - - cpu branches: 0 -============================== LOGS ============================== -[2016-02-16T18:39:41+0100][I][16738] fuzz_perfFeedback():420 New: (Size New,Old): 2500,2500, Perf (Cur,New): 0/0/0/0/0/0,0/258259/0/0/0/0 -[2016-02-16T18:39:41+0100][I][16738] fuzz_perfFeedback():420 New: (Size New,Old): 2500,2500, Perf (Cur,New): 0/258259/0/0/0/0,0/258260/0/0/0/0 -[2016-02-16T18:39:41+0100][I][16738] fuzz_perfFeedback():420 New: (Size New,Old): 2500,2500, Perf (Cur,New): 0/258260/0/0/0/0,0/258261/0/0/0/0 -[2016-02-16T18:39:41+0100][I][16738] fuzz_perfFeedback():420 New: (Size New,Old): 2500,2500, Perf (Cur,New): 0/258261/0/0/0/0,0/258263/0/0/0/0 +```shell +$ /honggfuzz --linux_perf_branch -i input_corpus -F 2500 -- /usr/bin/xmllint -format ___FILE___ ``` -- cgit v1.2.3 From 50a81734379fec0d3133d21e70a87559566d5677 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Wed, 9 Oct 2019 09:18:17 +0200 Subject: Update Android.md --- docs/Android.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Android.md b/docs/Android.md index beba57e6..21d7deb5 100644 --- a/docs/Android.md +++ b/docs/Android.md @@ -17,7 +17,7 @@ build an upstream git fork is executed | **Dependency** | **Last Tested Version** | |:-------|:-----------| -| **Android NDK** | r16 with Android API 24 (Nougat 7.0) | +| **Android NDK** | r20 | | **libunwind** | upstream master commit [bc8698f] | | **capstone** | 3.0.4 stable version | -- cgit v1.2.3 From 444e5409fe9697d0c4f9ef262aed32fc849fbb00 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 9 Oct 2019 09:19:10 +0200 Subject: remove obsolete docs/ExternalFuzzerUsage.md --- docs/ExternalFuzzerUsage.md | 62 --------------------------------------------- 1 file changed, 62 deletions(-) delete mode 100644 docs/ExternalFuzzerUsage.md diff --git a/docs/ExternalFuzzerUsage.md b/docs/ExternalFuzzerUsage.md deleted file mode 100644 index 7f9ed6b3..00000000 --- a/docs/ExternalFuzzerUsage.md +++ /dev/null @@ -1,62 +0,0 @@ -# Introduction # - -With honggfuzz you can fuzz files by flipping bytes (`-mB`) or bits (`-mb`). You can also specify the rate (`-r`) of how many bytes or bits should be changed in the input file. - -Alternatively to this _"dumb"_ fuzzing mode, you can specify a custom fuzzer (`-c`) to modify input files. - -# Details # - -When run in `-mB` or `-mb` mode, honggfuzz does the following: - 1. a random file from the input files is chosen, and saved as a `.honggfuzz` file - 1. depending on the file size, the specified rate (`-r`) of bits or bytes is flipped - 1. the fuzzing target is executed with the input file (either via STDIN (`-s`) or via a command line parameter (`___FILE___`) - -When run in `-c` mode, the first and last steps are the same, but the file modification differs: - 1. a random file from the input files is chosen, and saved as a `.honggfuzz` file - 1. honggfuzz executes the external fuzzing binary or script specified by the `-c` parameter and appends the temporary `.honggfuzz` file as the first argument to the external fuzzer - 1. the external fuzzer should open and modify the temporary file - 1. honggfuzz waits for the external fuzzer to terminate - 1. the fuzzing target is executed with the modified input file (either via STDIN (`-s`) or via a command line parameter (`___FILE___`) - -# Example # - -If we consider the badcode1.c examples from the examples directory, we can see that it runs correctly for the sample input: - -``` -$ ./examples/targets/badcode1 examples/inputfiles/badcode1.txt -123456789012345678901234567890123456789012345678901234567890 -123456789012345678901234567890123456789012345678901234567890 -``` - -The bug in badcode1.c is that it reads lines up to 128 bytes from the input file and writes them to a 64 byte buffer (`fgets(str, 128, fp)`). If we would modify random bytes in the input file, the bug would only trigger when we overwrite the newline in the inputfile. With standard honggfuzz options this might take a while: - -``` -$ ./honggfuzz -n 1 -i examples/badcode/inputfiles/badcode1.txt -- ./examples/badcode/targets/badcode1 ___FILE___ -honggfuzz, version 0.1 Robert Swiecki , Copyright 2010 by Google Inc. All Rights Reserved. -[INFO] Launched new process, pid: 43288, (1/1) -123456789012345678901234567890123456789012345678901234567890 -12345678012345678901234567890123456789012345678901234567890 -[INFO] Launched new process, pid: 43289, (1/1) -123456789012345678901234567890123456789012345678901234567890 -12345678901234567890123456789?123456789012345678901234567890 -... -``` - -Now if we take a look at the script under [examples/externalfuzzers/lowBytesIncrease.py](http://code.google.com/p/honggfuzz/source/browse/trunk/examples/externalfuzzers/lowBytesIncrease.py), we see that it searches the input file (as provided by `argv[1]`) for low bytes and increases them randomly. This will modify the newlines, and thus trigger the bug much faster, as shown below: - -``` -$ ./honggfuzz -n 1 -i examples/badcode/inputfiles/badcode1.txt -c `pwd`/examples/externalfuzzers/lowBytesIncrease.py -- ./examples/badcode/targets/badcode1 ___FILE___ -honggfuzz, version 0.1 Robert Swiecki , Copyright 2010 by Google Inc. All Rights Reserved. -[INFO] Launched new process, pid: 44578, (1/1) -[INFO] Ok, that's interesting, saving the '.honggfuzz.1287067149.44576.413228313.fuzz' as 'SIGSEGV.44578.2010-10-14.16.39.09.fuzz' -[INFO] Launched new process, pid: 44580, (1/1) -[INFO] Ok, that's interesting, saving the '.honggfuzz.1287067149.44576.637798454.fuzz' as 'SIGSEGV.44580.2010-10-14.16.39.09.fuzz' -... -```$ ./honggfuzz -n 1 -i examples/badcode/inputfiles/badcode1.txt -c `pwd`/examples/externalfuzzers/lowBytesIncrease.py -- ./examples/badcode/targets/badcode1 ___FILE___ -honggfuzz, version 0.1 Robert Swiecki , Copyright 2010 by Google Inc. All Rights Reserved. -[INFO] Launched new process, pid: 44578, (1/1) -[INFO] Ok, that's interesting, saving the '.honggfuzz.1287067149.44576.413228313.fuzz' as 'SIGSEGV.44578.2010-10-14.16.39.09.fuzz' -[INFO] Launched new process, pid: 44580, (1/1) -[INFO] Ok, that's interesting, saving the '.honggfuzz.1287067149.44576.637798454.fuzz' as 'SIGSEGV.44580.2010-10-14.16.39.09.fuzz' -... -}}}``` -- cgit v1.2.3 From 0d5e2a817f59a09626f52d8d662057c25bb27d94 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Wed, 9 Oct 2019 09:23:57 +0200 Subject: Update README.md --- README.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 9b8d03ca..25f366f8 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,19 @@ -# honggfuzz - -## Description +# Description A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See [USAGE](https://github.com/google/honggfuzz/blob/master/docs/USAGE.md) for the description of command-line options. - * It's __multi-process__ and __multi-threaded__: no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores with a single supervising process. The file corpus is automatically shared and improved between the fuzzing threads and fuzzed processes. - * It's blazingly fast when in the [persistent fuzzing mode](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md)). A simple/empty _LLVMFuzzerTestOneInput_ function can be tested with __up to 1mo iterations per second__ on a relatively modern CPU (e.g. i7-6700K) - * Has a [solid track record](#trophies) of uncovered security bugs: the __only__ (to the date) __vulnerability in OpenSSL with the [critical](https://www.openssl.org/news/secadv/20160926.txt) score mark__ was discovered by honggfuzz. See the [Trophies](#trophies) paragraph for the summary of findings to the date - * Uses low-level interfaces to monitor processes (e.g. _ptrace_ under Linux and NetBSD). As opposed to other fuzzers, it __will discover and report hijacked/ignored signals from crashes__ (intercepted and potentially hidden by a fuzzed program) - * Easy-to-use, feed it a simple corpus directory (can even be empty) and it will work its way up expanding it utilizing feedback-based coverage metrics - * Supports several (more than any other coverage-based feedback-driven fuzzer) hardware-based (CPU: branch/instruction counting, __Intel BTS__, __Intel PT__) and software-based [feedback-driven fuzzing](https://github.com/google/honggfuzz/blob/master/docs/FeedbackDrivenFuzzing.md) methods known from other fuzzers (libfuzzer, afl). See also the new __[qemu mode](https://github.com/google/honggfuzz/tree/master/qemu_mode)__ blackbox instrumentation. - * Works (at least) under GNU/Linux, FreeBSD, NetBSD, Mac OS X, Windows/CygWin and [Android](https://github.com/google/honggfuzz/blob/master/docs/Android.md) - * Supports the __persistent fuzzing mode__ (long-lived process calling a fuzzed API repeatedly) with libhfuzz/libhfuzz.a. More on that can be found [here](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md) - * It comes with the __[examples](https://github.com/google/honggfuzz/tree/master/examples) directory__, consisting of real world fuzz setups for widely-used software (e.g. Apache and OpenSSL) - * Provides the __[corpus minimization](https://github.com/google/honggfuzz/blob/master/docs/USAGE.md#corpus-minimization--m)__ functionality +# Features + + * It's __multi-process__ and __multi-threaded__: there's no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores with a single running instance. The file corpus is automatically shared and improved between all fuzzed processes. + * It's blazingly fast when the [persistent fuzzing mode](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md)) is used. A simple/empty _LLVMFuzzerTestOneInput_ function can be tested with __up to 1mo iterations per second__ on a relatively modern CPU (e.g. i7-6700K). + * Has a [solid track record](#trophies) of uncovered security bugs: the __only__ (to the date) __vulnerability in OpenSSL with the [critical](https://www.openssl.org/news/secadv/20160926.txt) score mark__ was discovered by honggfuzz. See the [Trophies](#trophies) paragraph for the summary of findings to the date. + * Uses low-level interfaces to monitor processes (e.g. _ptrace_ under Linux and NetBSD). As opposed to other fuzzers, it __will discover and report hijacked/ignored signals from crashes__ (intercepted and potentially hidden by a fuzzed program). + * Easy-to-use, feed it a simple corpus directory (can even be empty for [feedback-driven fuzzing]) and it will work its way up, expanding it by utilizing feedback-based coverage metrics. + * Supports several (more than any other coverage-based feedback-driven fuzzer) hardware-based (CPU: branch/instruction counting, __Intel BTS__, __Intel PT__) and software-based [feedback-driven fuzzing](https://github.com/google/honggfuzz/blob/master/docs/FeedbackDrivenFuzzing.md) modes. Also, see the new __[qemu mode](https://github.com/google/honggfuzz/tree/master/qemu_mode)__ for blackbox binary fuzzing. + * Works (at least) under GNU/Linux, FreeBSD, NetBSD, Mac OS X, Windows/CygWin and [Android](https://github.com/google/honggfuzz/blob/master/docs/Android.md). + * Supports the __persistent fuzzing mode__ (long-lived process calling a fuzzed API repeatedly). More on that can be found [here](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md). + * It comes with the __[examples](https://github.com/google/honggfuzz/tree/master/examples) directory__, consisting of real world fuzz setups for widely-used software (e.g. Apache HTTPS, OpenSSL, libjpeg etc.). + * Provides __[corpus minimization](https://github.com/google/honggfuzz/blob/master/docs/USAGE.md#corpus-minimization--m)__ modes. --- @@ -23,12 +23,12 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte --- -## Code +# Code * Latest stable version: [1.9](https://github.com/google/honggfuzz/releases) * [Changelog](https://github.com/google/honggfuzz/blob/master/CHANGELOG) -## Requirements +# Requirements * **Linux** - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev), clang-4.0 or higher for software-based coverage modes * **FreeBSD** - gmake, clang-3.6 or newer (clang-devel/4.0 suggested) @@ -39,7 +39,7 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte * if **Clang/LLVM** is used to compile honggfuzz - link it with the BlocksRuntime Library (libblocksruntime-dev) -## Trophies +# Trophies Honggfuzz has been used to find a few interesting security problems in major software packages; An incomplete list: @@ -101,7 +101,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * crashes in rust-bitcoin/rust-lightning [#1](https://github.com/rust-bitcoin/rust-lightning/commit/a9aa3c37fe182dd266e0faebc788e0c9ee724783) * ... and more -## Projects utilizing Honggfuzz +# Projects utilizing Honggfuzz * [__QuickFuzz__ by CIFASIS](http://quickfuzz.org) * [__OSS-Fuzz__](https://github.com/google/oss-fuzz) @@ -128,7 +128,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__DeepState__: by Trail-of-Bits](https://github.com/trailofbits/deepstate) * [__Quiche-HTTP/3__: by Cloudflare](https://github.com/cloudflare/quiche/pull/179) -## Examples +# Fuzzing examples The [examples](https://github.com/google/honggfuzz/tree/master/examples/) directory contains code demonstrating (among others) how to use honggfuzz to find bugs in the @@ -136,7 +136,7 @@ directory contains code demonstrating (among others) how to use honggfuzz to fin library and in the [Apache](https://github.com/google/honggfuzz/tree/master/examples/apache-httpd) HTTPD web server. -## Other +# Contact * User mailing list: [honggfuzz@googlegroups.com](mailto:honggfuzz@googlegroups.com), sign up with [this link](https://groups.google.com/forum/#!forum/honggfuzz). -- cgit v1.2.3 From 9359e59309bcd6d362c3a56a93e545eef98a330a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 9 Oct 2019 09:26:17 +0200 Subject: readme --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 25f366f8..5e822f0c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,11 @@ # Description -A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See [USAGE](https://github.com/google/honggfuzz/blob/master/docs/USAGE.md) for the description of command-line options. +A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See the [Usage document](https://github.com/google/honggfuzz/blob/master/docs/USAGE.md) for a primer on Honggfuzz use. + +# Code + + * Latest stable version: [1.9](https://github.com/google/honggfuzz/releases) + * [Changelog](https://github.com/google/honggfuzz/blob/master/CHANGELOG) # Features @@ -23,11 +28,6 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte --- -# Code - - * Latest stable version: [1.9](https://github.com/google/honggfuzz/releases) - * [Changelog](https://github.com/google/honggfuzz/blob/master/CHANGELOG) - # Requirements * **Linux** - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev), clang-4.0 or higher for software-based coverage modes -- cgit v1.2.3 From a72a61bec8bec45b37dbec481832beebe876c865 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Wed, 9 Oct 2019 09:33:47 +0200 Subject: Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 25f366f8..37fa131c 100644 --- a/README.md +++ b/README.md @@ -115,8 +115,6 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__FFW - Fuzzing For Worms__](https://github.com/dobin/ffw) * [__honggfuzz-rs__: fuzzing Rust with Honggfuzz](https://github.com/rust-fuzz/honggfuzz-rs) * [__roughenough-fuzz__](https://github.com/int08h/roughenough-fuzz) - * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) - * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) * [__Monkey__: a HTTP server](https://github.com/monkey/monkey/blob/master/FUZZ.md) * [__Killerbeez API__](https://github.com/grimm-co/killerbeez-mutators) * [__FuzzM__: a gray box model-based fuzzing framework](https://github.com/collins-research/FuzzM) @@ -127,6 +125,8 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__DeepState__: by Trail-of-Bits](https://github.com/trailofbits/deepstate) * [__DeepState__: by Trail-of-Bits](https://github.com/trailofbits/deepstate) * [__Quiche-HTTP/3__: by Cloudflare](https://github.com/cloudflare/quiche/pull/179) + * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) + * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) # Fuzzing examples -- cgit v1.2.3 From e8d33793808619b4c36c4e0e00151c05c2d231a7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 9 Oct 2019 14:43:29 +0200 Subject: examples/bind: +bind-9.15.4.patch --- examples/bind/bind-9.14.1.patch | 390 ---------------------------------------- examples/bind/bind-9.15.4.patch | 390 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 390 insertions(+), 390 deletions(-) delete mode 100644 examples/bind/bind-9.14.1.patch create mode 100644 examples/bind/bind-9.15.4.patch diff --git a/examples/bind/bind-9.14.1.patch b/examples/bind/bind-9.14.1.patch deleted file mode 100644 index b1e2a48e..00000000 --- a/examples/bind/bind-9.14.1.patch +++ /dev/null @@ -1,390 +0,0 @@ -diff -Nur ORIG.bind-9.14.1/bin/named/main.c bind-9.14.1/bin/named/main.c ---- ORIG.bind-9.14.1/bin/named/main.c 2019-04-06 22:09:59.000000000 +0200 -+++ bind-9.14.1/bin/named/main.c 2019-05-09 16:26:27.615239219 +0200 -@@ -1347,11 +1347,285 @@ - } - #endif /* HAVE_LIBSCF */ - -+#include -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+ -+static void enter_namespaces(void) -+{ -+ if (linuxEnterNs(CLONE_NEWUSER | CLONE_NEWNET | CLONE_NEWNS | CLONE_NEWIPC) == false) { -+ exit(1); -+ } -+ if (linuxIfaceUp("lo") == false) { -+ exit(1); -+ } -+ if (linuxMountTmpfs("/tmp") == false) { -+ exit(1); -+ } -+} -+ -+static size_t rlen = 0; -+static const uint8_t* rbuf = NULL; -+ -+__attribute__((no_sanitize("memory"))) -+__attribute__((no_sanitize("address"))) static void* -+bind_thr(void* unused __attribute__((unused))) -+{ -+ while (!named_g_run_done) { -+ usleep(300000); -+ } -+ -+ int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); -+ if (myfd == -1) { -+ perror("socket"); -+ exit(1); -+ } -+ int val = 1; -+ if (setsockopt(myfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) { -+ perror("setsockopt(SO_REUSEADDR)"); -+ } -+ -+ const struct sockaddr_in saddr = { -+ .sin_family = AF_INET, -+ .sin_port = htons(53), -+ .sin_addr.s_addr = inet_addr("127.0.0.2"), -+ }; -+ if (bind(myfd, &saddr, sizeof(saddr)) == -1) { -+ perror("bind"); -+ exit(1); -+ } -+ -+ if (listen(myfd, SOMAXCONN) == -1) { -+ perror("listen"); -+ exit(1); -+ } -+ -+ for (;;) { -+ struct sockaddr_in cli; -+ socklen_t cli_len = sizeof(cli); -+ -+ int nfd = accept(myfd, &cli, &cli_len); -+ if (nfd == -1) { -+ perror("accept"); -+ exit(1); -+ } -+ -+ static char b[1024 * 1024]; -+ ssize_t sz = recv(nfd, b, sizeof(b), 0); -+ if (sz <= 0) { -+ perror("recv"); -+ _exit(1); -+ } -+ if (sz < 4) { -+ close(nfd); -+ continue; -+ } -+ if (rlen < 1) { -+ close(nfd); -+ continue; -+ } -+ -+ /* It's a response, so set QR bit to 1 */ -+ uint8_t qr = rbuf[0] | 0x80; -+ -+ uint16_t t_l = htons(rlen + 2); -+ const struct iovec iov[] = { -+ { -+ .iov_base = &t_l, -+ .iov_len = sizeof(t_l), -+ }, -+ { -+ .iov_base = &b[2], -+ .iov_len = 2, -+ }, -+ { -+ .iov_base = &qr, -+ .iov_len = 1, -+ }, -+ { -+ .iov_base = (void*)&rbuf[1], -+ .iov_len = rlen - 1, -+ }, -+ }; -+ -+ if (writev(nfd, iov, 4) == -1) { -+ perror("writev() failed"); -+ } -+ -+ close(nfd); -+ } -+ -+ return NULL; -+} -+ -+static void rndloop(int sock) -+{ -+ const struct sockaddr_in bsaddr = { -+ .sin_family = AF_INET, -+ .sin_port = htons(0), -+ .sin_addr.s_addr = htonl((((uint32_t)util_rnd64()) & 0x00FFFFFF) | 0x7F000000), -+ }; -+ if (bind(sock, (const struct sockaddr*)&bsaddr, sizeof(bsaddr)) == -1) { -+ perror("bind"); -+ } -+} -+ -+__attribute__((no_sanitize("memory"))) -+__attribute__((no_sanitize("address"))) static void* -+connect_thr(void* unused __attribute__((unused))) -+{ -+ while (!named_g_run_done) { -+ usleep(300000); -+ } -+ -+ for (;;) { -+ int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); -+ if (myfd == -1) { -+ perror("socket"); -+ exit(1); -+ } -+ int val = 1; -+ if (setsockopt(myfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) { -+ perror("setsockopt(SO_REUSEADDR)"); -+ } -+ -+ rndloop(myfd); -+ -+ const struct sockaddr_in saddr = { -+ .sin_family = AF_INET, -+ .sin_port = htons(53), -+ .sin_addr.s_addr = htonl(INADDR_LOOPBACK), -+ }; -+ if (connect(myfd, &saddr, sizeof(saddr)) == -1) { -+ close(myfd); -+ continue; -+ } -+ -+ const uint8_t* buf; -+ size_t len; -+ -+ if (named_g_fuzz_type == isc_fuzz_client) { -+ HF_ITER(&buf, &len); -+ -+ rlen = 0; -+ rbuf = NULL; -+ -+ if (len < 32) { -+ close(myfd); -+ continue; -+ } -+ -+ uint32_t tmplen = *((const uint32_t*)buf); -+ -+ buf = &buf[sizeof(uint32_t)]; -+ len -= sizeof(uint32_t); -+ -+ tmplen %= len; -+ -+ rbuf = &buf[tmplen]; -+ rlen = len - tmplen; -+ len = tmplen; -+ } else { -+ static const uint8_t qbuf[] = { -+ 0x88, 0x0c, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x01, 0x0a, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, -+ 0x61, 0x61, 0x61, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, -+ 0x65, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x29, 0x10, -+ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00 -+ }; -+ buf = qbuf; -+ len = sizeof(qbuf); -+ HF_ITER(&rbuf, &rlen); -+ } -+ -+ uint16_t t_l = htons(len); -+ const struct iovec iov[] = { -+ { -+ .iov_base = &t_l, -+ .iov_len = sizeof(t_l), -+ }, -+ { -+ .iov_base = (void*)buf, -+ .iov_len = len, -+ }, -+ }; -+ -+ if (writev(myfd, iov, 2) == -1) { -+ perror("write"); -+ close(myfd); -+ continue; -+ } -+ -+ if (shutdown(myfd, SHUT_WR) == -1) { -+ if (errno == ENOTCONN) { -+ close(myfd); -+ continue; -+ } -+ perror("shutdown"); -+ _exit(1); -+ } -+ -+ uint8_t b[1024 * 512]; -+ while (recv(myfd, b, sizeof(b), 0) > 0) -+ ; -+ close(myfd); -+ } -+} -+ -+static void launch_thr(void) -+{ -+ pthread_attr_t attr; -+ pthread_attr_init(&attr); -+ pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); -+ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); -+ -+ pthread_t t; -+ if (pthread_create(&t, &attr, bind_thr, NULL) < 0) { -+ perror("pthread_create(bind_thr)"); -+ exit(1); -+ } -+ -+ pthread_attr_init(&attr); -+ pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); -+ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); -+ if (pthread_create(&t, &attr, connect_thr, NULL) < 0) { -+ perror("pthread_create(connect_thr)"); -+ exit(1); -+ } -+} -+ - /* main entry point, possibly hooked */ - --int --main(int argc, char *argv[]) { -- isc_result_t result; -+int main(int argc, char* argv[]) -+{ -+ if (!getenv("NO_FUZZ")) { -+ named_g_fuzz_addr = "127.0.0.1:53"; -+ named_g_fuzz_type = isc_fuzz_client; -+ enter_namespaces(); -+ launch_thr(); -+ } -+ -+ isc_result_t result; - #ifdef HAVE_LIBSCF - char *instance = NULL; - #endif -diff -Nur ORIG.bind-9.14.1/compile.sh bind-9.14.1/compile.sh ---- ORIG.bind-9.14.1/compile.sh 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.14.1/compile.sh 2019-05-09 16:27:15.139211816 +0200 -@@ -0,0 +1,20 @@ -+#!/bin/sh -+ -+set -ex -+ -+export CC="$HOME"/src/honggfuzz/hfuzz_cc/hfuzz-clang -+export CXX="$HOME"/src/honggfuzz/hfuzz_cc/hfuzz-clang++ -+export CFLAGS="-fsanitize=address -Wno-shift-negative-value -Wno-logical-not-parentheses -g -ggdb -O0 -D__AFL_COMPILER" -+./configure \ -+ --prefix="$HOME"/fuzz/bind/dist/ \ -+ --without-gssapi \ -+ --disable-chroot \ -+ --disable-linux-caps \ -+ --without-libtool \ -+ --enable-epoll \ -+ --enable-fuzzing=afl \ -+ --disable-backtrace \ -+ --with-openssl=yes -+ -+make clean -+make -j$(nproc) -diff -Nur ORIG.bind-9.14.1/lib/dns/request.c bind-9.14.1/lib/dns/request.c ---- ORIG.bind-9.14.1/lib/dns/request.c 2019-04-06 22:09:59.000000000 +0200 -+++ bind-9.14.1/lib/dns/request.c 2019-05-09 16:26:27.615239219 +0200 -@@ -760,7 +760,7 @@ - goto cleanup; - } - -- if ((options & DNS_REQUESTOPT_TCP) != 0 || r.length > 512) -+ if ((options & DNS_REQUESTOPT_TCP) != 0 || r.length >= 0) - tcp = true; - share = (options & DNS_REQUESTOPT_SHARE); - -@@ -1050,6 +1050,8 @@ - dns_compress_t cctx; - bool cleanup_cctx = false; - -+ options |= DNS_REQUESTOPT_TCP; -+ - REQUIRE(bufferp != NULL && *bufferp == NULL); - - req_log(ISC_LOG_DEBUG(3), "request_render"); -diff -Nur ORIG.bind-9.14.1/lib/dns/resolver.c bind-9.14.1/lib/dns/resolver.c ---- ORIG.bind-9.14.1/lib/dns/resolver.c 2019-04-06 22:09:59.000000000 +0200 -+++ bind-9.14.1/lib/dns/resolver.c 2019-05-09 16:26:27.619239217 +0200 -@@ -1951,7 +1951,7 @@ - goto stop_idle_timer; - } - query->mctx = fctx->mctx; -- query->options = options; -+ query->options = options | DNS_FETCHOPT_TCP; - query->attributes = 0; - query->sends = 0; - query->connects = 0; -diff -Nur ORIG.bind-9.14.1/lib/isc/random.c bind-9.14.1/lib/isc/random.c ---- ORIG.bind-9.14.1/lib/isc/random.c 2019-04-06 22:09:59.000000000 +0200 -+++ bind-9.14.1/lib/isc/random.c 2019-05-09 16:26:27.619239217 +0200 -@@ -96,6 +96,7 @@ - isc_random8(void) { - RUNTIME_CHECK(isc_once_do(&isc_random_once, - isc_random_initialize) == ISC_R_SUCCESS); -+ return 1; - return (next() & 0xff); - } - -@@ -103,6 +104,7 @@ - isc_random16(void) { - RUNTIME_CHECK(isc_once_do(&isc_random_once, - isc_random_initialize) == ISC_R_SUCCESS); -+ return 1; - return (next() & 0xffff); - } - -@@ -110,6 +112,7 @@ - isc_random32(void) { - RUNTIME_CHECK(isc_once_do(&isc_random_once, - isc_random_initialize) == ISC_R_SUCCESS); -+ return 1; - return (next()); - } - -@@ -124,6 +127,13 @@ - RUNTIME_CHECK(isc_once_do(&isc_random_once, - isc_random_initialize) == ISC_R_SUCCESS); - -+ for (size_t z = 0; z < buflen; z++) { -+ char * b = (char*)buf; -+ b[z] = z + 1; -+ } -+ return; -+ -+ - for (i = 0; i + sizeof(r) <= buflen; i += sizeof(r)) { - r = next(); - memmove((uint8_t *)buf + i, &r, sizeof(r)); diff --git a/examples/bind/bind-9.15.4.patch b/examples/bind/bind-9.15.4.patch new file mode 100644 index 00000000..7ddeb2f6 --- /dev/null +++ b/examples/bind/bind-9.15.4.patch @@ -0,0 +1,390 @@ +diff -Nur ORIG.bind-9.15.4/bin/named/main.c bind-9.15.4/bin/named/main.c +--- ORIG.bind-9.15.4/bin/named/main.c 2019-09-09 16:52:45.000000000 +0200 ++++ bind-9.15.4/bin/named/main.c 2019-10-09 14:38:44.369350853 +0200 +@@ -1385,11 +1385,285 @@ + } + #endif /* HAVE_LIBSCF */ + ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static void enter_namespaces(void) ++{ ++ if (linuxEnterNs(CLONE_NEWUSER | CLONE_NEWNET | CLONE_NEWNS | CLONE_NEWIPC) == false) { ++ exit(1); ++ } ++ if (linuxIfaceUp("lo") == false) { ++ exit(1); ++ } ++ if (linuxMountTmpfs("/tmp") == false) { ++ exit(1); ++ } ++} ++ ++static size_t rlen = 0; ++static const uint8_t* rbuf = NULL; ++ ++__attribute__((no_sanitize("memory"))) ++__attribute__((no_sanitize("address"))) static void* ++bind_thr(void* unused __attribute__((unused))) ++{ ++ while (!named_g_run_done) { ++ usleep(300000); ++ } ++ ++ int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); ++ if (myfd == -1) { ++ perror("socket"); ++ exit(1); ++ } ++ int val = 1; ++ if (setsockopt(myfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) { ++ perror("setsockopt(SO_REUSEADDR)"); ++ } ++ ++ const struct sockaddr_in saddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(53), ++ .sin_addr.s_addr = inet_addr("127.0.0.2"), ++ }; ++ if (bind(myfd, &saddr, sizeof(saddr)) == -1) { ++ perror("bind"); ++ exit(1); ++ } ++ ++ if (listen(myfd, SOMAXCONN) == -1) { ++ perror("listen"); ++ exit(1); ++ } ++ ++ for (;;) { ++ struct sockaddr_in cli; ++ socklen_t cli_len = sizeof(cli); ++ ++ int nfd = accept(myfd, &cli, &cli_len); ++ if (nfd == -1) { ++ perror("accept"); ++ exit(1); ++ } ++ ++ static char b[1024 * 1024]; ++ ssize_t sz = recv(nfd, b, sizeof(b), 0); ++ if (sz <= 0) { ++ perror("recv"); ++ _exit(1); ++ } ++ if (sz < 4) { ++ close(nfd); ++ continue; ++ } ++ if (rlen < 1) { ++ close(nfd); ++ continue; ++ } ++ ++ /* It's a response, so set QR bit to 1 */ ++ uint8_t qr = rbuf[0] | 0x80; ++ ++ uint16_t t_l = htons(rlen + 2); ++ const struct iovec iov[] = { ++ { ++ .iov_base = &t_l, ++ .iov_len = sizeof(t_l), ++ }, ++ { ++ .iov_base = &b[2], ++ .iov_len = 2, ++ }, ++ { ++ .iov_base = &qr, ++ .iov_len = 1, ++ }, ++ { ++ .iov_base = (void*)&rbuf[1], ++ .iov_len = rlen - 1, ++ }, ++ }; ++ ++ if (writev(nfd, iov, 4) == -1) { ++ perror("writev() failed"); ++ } ++ ++ close(nfd); ++ } ++ ++ return NULL; ++} ++ ++static void rndloop(int sock) ++{ ++ const struct sockaddr_in bsaddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(0), ++ .sin_addr.s_addr = htonl((((uint32_t)util_rnd64()) & 0x00FFFFFF) | 0x7F000000), ++ }; ++ if (bind(sock, (const struct sockaddr*)&bsaddr, sizeof(bsaddr)) == -1) { ++ perror("bind"); ++ } ++} ++ ++__attribute__((no_sanitize("memory"))) ++__attribute__((no_sanitize("address"))) static void* ++connect_thr(void* unused __attribute__((unused))) ++{ ++ while (!named_g_run_done) { ++ usleep(300000); ++ } ++ ++ for (;;) { ++ int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); ++ if (myfd == -1) { ++ perror("socket"); ++ exit(1); ++ } ++ int val = 1; ++ if (setsockopt(myfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) { ++ perror("setsockopt(SO_REUSEADDR)"); ++ } ++ ++ rndloop(myfd); ++ ++ const struct sockaddr_in saddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(53), ++ .sin_addr.s_addr = htonl(INADDR_LOOPBACK), ++ }; ++ if (connect(myfd, &saddr, sizeof(saddr)) == -1) { ++ close(myfd); ++ continue; ++ } ++ ++ const uint8_t* buf; ++ size_t len; ++ ++ if (named_g_fuzz_type == isc_fuzz_client) { ++ HF_ITER(&buf, &len); ++ ++ rlen = 0; ++ rbuf = NULL; ++ ++ if (len < 32) { ++ close(myfd); ++ continue; ++ } ++ ++ uint32_t tmplen = *((const uint32_t*)buf); ++ ++ buf = &buf[sizeof(uint32_t)]; ++ len -= sizeof(uint32_t); ++ ++ tmplen %= len; ++ ++ rbuf = &buf[tmplen]; ++ rlen = len - tmplen; ++ len = tmplen; ++ } else { ++ static const uint8_t qbuf[] = { ++ 0x88, 0x0c, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x01, 0x0a, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, ++ 0x61, 0x61, 0x61, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, ++ 0x65, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x29, 0x10, ++ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00 ++ }; ++ buf = qbuf; ++ len = sizeof(qbuf); ++ HF_ITER(&rbuf, &rlen); ++ } ++ ++ uint16_t t_l = htons(len); ++ const struct iovec iov[] = { ++ { ++ .iov_base = &t_l, ++ .iov_len = sizeof(t_l), ++ }, ++ { ++ .iov_base = (void*)buf, ++ .iov_len = len, ++ }, ++ }; ++ ++ if (writev(myfd, iov, 2) == -1) { ++ perror("write"); ++ close(myfd); ++ continue; ++ } ++ ++ if (shutdown(myfd, SHUT_WR) == -1) { ++ if (errno == ENOTCONN) { ++ close(myfd); ++ continue; ++ } ++ perror("shutdown"); ++ _exit(1); ++ } ++ ++ uint8_t b[1024 * 512]; ++ while (recv(myfd, b, sizeof(b), 0) > 0) ++ ; ++ close(myfd); ++ } ++} ++ ++static void launch_thr(void) ++{ ++ pthread_attr_t attr; ++ pthread_attr_init(&attr); ++ pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); ++ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); ++ ++ pthread_t t; ++ if (pthread_create(&t, &attr, bind_thr, NULL) < 0) { ++ perror("pthread_create(bind_thr)"); ++ exit(1); ++ } ++ ++ pthread_attr_init(&attr); ++ pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); ++ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); ++ if (pthread_create(&t, &attr, connect_thr, NULL) < 0) { ++ perror("pthread_create(connect_thr)"); ++ exit(1); ++ } ++} ++ + /* main entry point, possibly hooked */ + +-int +-main(int argc, char *argv[]) { +- isc_result_t result; ++int main(int argc, char* argv[]) ++{ ++ if (!getenv("NO_FUZZ")) { ++ named_g_fuzz_addr = "127.0.0.1:53"; ++ named_g_fuzz_type = isc_fuzz_client; ++ enter_namespaces(); ++ launch_thr(); ++ } ++ ++ isc_result_t result; + #ifdef HAVE_LIBSCF + char *instance = NULL; + #endif +diff -Nur ORIG.bind-9.15.4/compile.sh bind-9.15.4/compile.sh +--- ORIG.bind-9.15.4/compile.sh 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.15.4/compile.sh 2019-10-09 14:38:44.369350853 +0200 +@@ -0,0 +1,20 @@ ++#!/bin/sh ++ ++set -ex ++ ++export CC="$HOME"/src/honggfuzz/hfuzz_cc/hfuzz-clang ++export CXX="$HOME"/src/honggfuzz/hfuzz_cc/hfuzz-clang++ ++export CFLAGS="-fsanitize=address -Wno-shift-negative-value -Wno-logical-not-parentheses -g -ggdb -O0 -D__AFL_COMPILER" ++./configure \ ++ --prefix="$HOME"/fuzz/bind/dist/ \ ++ --without-gssapi \ ++ --disable-chroot \ ++ --disable-linux-caps \ ++ --without-libtool \ ++ --enable-epoll \ ++ --enable-fuzzing=afl \ ++ --disable-backtrace \ ++ --with-openssl=yes ++ ++make clean ++make -j$(nproc) +diff -Nur ORIG.bind-9.15.4/lib/dns/request.c bind-9.15.4/lib/dns/request.c +--- ORIG.bind-9.15.4/lib/dns/request.c 2019-09-09 16:52:45.000000000 +0200 ++++ bind-9.15.4/lib/dns/request.c 2019-10-09 14:38:44.369350853 +0200 +@@ -747,7 +747,7 @@ + goto cleanup; + } + +- if ((options & DNS_REQUESTOPT_TCP) != 0 || r.length > 512) ++ if ((options & DNS_REQUESTOPT_TCP) != 0 || r.length >= 0) + tcp = true; + share = (options & DNS_REQUESTOPT_SHARE); + +@@ -1033,6 +1033,8 @@ + dns_compress_t cctx; + bool cleanup_cctx = false; + ++ options |= DNS_REQUESTOPT_TCP; ++ + REQUIRE(bufferp != NULL && *bufferp == NULL); + + req_log(ISC_LOG_DEBUG(3), "request_render"); +diff -Nur ORIG.bind-9.15.4/lib/dns/resolver.c bind-9.15.4/lib/dns/resolver.c +--- ORIG.bind-9.15.4/lib/dns/resolver.c 2019-09-09 16:52:45.000000000 +0200 ++++ bind-9.15.4/lib/dns/resolver.c 2019-10-09 14:38:44.377350850 +0200 +@@ -1946,7 +1946,7 @@ + + query = isc_mem_get(fctx->mctx, sizeof(*query)); + query->mctx = fctx->mctx; +- query->options = options; ++ query->options = options | DNS_FETCHOPT_TCP; + query->attributes = 0; + query->sends = 0; + query->connects = 0; +diff -Nur ORIG.bind-9.15.4/lib/isc/random.c bind-9.15.4/lib/isc/random.c +--- ORIG.bind-9.15.4/lib/isc/random.c 2019-09-09 16:52:45.000000000 +0200 ++++ bind-9.15.4/lib/isc/random.c 2019-10-09 14:38:44.377350850 +0200 +@@ -94,6 +94,7 @@ + isc_random8(void) { + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); ++ return 1; + return (next() & 0xff); + } + +@@ -101,6 +102,7 @@ + isc_random16(void) { + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); ++ return 1; + return (next() & 0xffff); + } + +@@ -108,6 +110,7 @@ + isc_random32(void) { + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); ++ return 1; + return (next()); + } + +@@ -122,6 +125,13 @@ + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); + ++ for (size_t z = 0; z < buflen; z++) { ++ char * b = (char*)buf; ++ b[z] = z + 1; ++ } ++ return; ++ ++ + for (i = 0; i + sizeof(r) <= buflen; i += sizeof(r)) { + r = next(); + memmove((uint8_t *)buf + i, &r, sizeof(r)); -- cgit v1.2.3 From 862834f31e115453c394465109d4c47f20af2e93 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 9 Oct 2019 14:44:51 +0200 Subject: examples/bind: refreshed corpus --- ...0000016c87e0973c11b000000000.00000007.honggfuzz.cov | Bin 0 -> 7 bytes ...5cee2e16acb6dd8220b9abdade32.0001fabb.honggfuzz.cov | Bin 129723 -> 0 bytes ...d8346486e4fc3376edca420c4f70.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...56df0e0348abb829cb360bb03890.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...065362942dedcf16f957ce516f6b.0000090a.honggfuzz.cov | Bin 2314 -> 0 bytes ...38e4a56c2644ecc7e2314239203c.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...a250ec8d8e24071fec461d8db524.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...3c160350d8acc52a0b4785ce153a.0000008b.honggfuzz.cov | Bin 139 -> 0 bytes ...fdfcf3686e22ecd0ab99cb4495c8.00001107.honggfuzz.cov | Bin 0 -> 4359 bytes ...602d60fe8da4594c750dfd2dbeec.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...5c04078e1b783ea8c31a7236da05.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...bb4f6a765a937721f5c30db906bf.0000002b.honggfuzz.cov | Bin 43 -> 0 bytes ...6cc3d80000009027f9000000d800.0000000b.honggfuzz.cov | Bin 0 -> 11 bytes ...fbacae172dfeb1a273216d2284a9.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...fd44645573c0fcbbf0d631e53924.00001b19.honggfuzz.cov | Bin 6937 -> 0 bytes ...002696cf4e1c65835f267400011f.0000000f.honggfuzz.cov | Bin 15 -> 0 bytes ...5340feb13bc02306206c0411b006.0000000e.honggfuzz.cov | Bin 0 -> 14 bytes ...65c28e6f56b44b36f6e4c25cc942.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...222e635e85976000f50a80a5b309.00001586.honggfuzz.cov | Bin 5510 -> 0 bytes ...ad61208b1b839c06102fddd6a552.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c271bdfaecf37de413ee13e0d3e9.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...000194e0f4c000014584b05491b0.0000000a.honggfuzz.cov | Bin 0 -> 10 bytes ...d88a32f5900065821af80001b000.00000006.honggfuzz.cov | Bin 6 -> 0 bytes ...5bb45e19f3982569beb11d7ef40e.0000015c.honggfuzz.cov | Bin 0 -> 348 bytes ...6ef9b2f6411754a23e889b72d18a.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...6ef9b2fbc1178cafbe889b7f518f.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...512da6e187e776cf3e16db8d6331.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...1752993e0b12b737b88d85db6de5.00000967.honggfuzz.cov | Bin 2407 -> 0 bytes ...da715da021d46db3bfa4cf0baa63.000003bd.honggfuzz.cov | Bin 0 -> 957 bytes ...81f0e22c782acc357c2e705e1f3d.000473b4.honggfuzz.cov | Bin 291764 -> 0 bytes ...4ad5078e1db8231fdf6b24e28b40.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...5ac4078e1db83ea8c31a74f6da05.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...2a3cd68b3e540e65e4250b444c88.0000070e.honggfuzz.cov | Bin 1806 -> 0 bytes ...3f29d3eb16fc50c5f5881f0008ac.0001eeea.honggfuzz.cov | Bin 126698 -> 0 bytes ...4e2bd2d3ad3913a1b4dbc1f6fbb6.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e44e1a651c6848c79513d1a84895.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...8342ccc89fe80342aaa5c426e4d9.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...add27499334b6b6452249a32abdb.000002ac.honggfuzz.cov | Bin 0 -> 684 bytes ...a16b5aaff09845842edcdca274a1.000014a0.honggfuzz.cov | Bin 5280 -> 0 bytes ...f3ebca033876eab4ef36125124f9.00018619.honggfuzz.cov | Bin 99865 -> 0 bytes ...9f680edfd8d47b4fae9cc8d69736.0001f52b.honggfuzz.cov | Bin 128299 -> 0 bytes ...2d2afd14bc164b6359f3ef4dbb92.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...5ccad957c89db319d7344355b90b.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...b165c0dca41b363118a175bbee6b.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...b182c2d174c9ea853a04e9f7fa5d.000004ee.honggfuzz.cov | Bin 1262 -> 0 bytes ...107018be60f2dc941ca56a90ab06.000000c7.honggfuzz.cov | Bin 199 -> 0 bytes ...ff7364e96506c14c9950f7563f2b.00000ce3.honggfuzz.cov | Bin 3299 -> 0 bytes ...ae12ceb9ca0a2d86ffe5fef22d22.00000086.honggfuzz.cov | Bin 134 -> 0 bytes ...d0ad7ab47e95a010e26d0057293a.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...a3e63a219bbc88e2ed9143b8bf3a.0000004e.honggfuzz.cov | Bin 78 -> 0 bytes ...4b960798cb314372535218f97e02.00000041.honggfuzz.cov | Bin 65 -> 0 bytes ...0c4017721cb60db16647d8ecd5ec.000190ff.honggfuzz.cov | Bin 102655 -> 0 bytes ...0591f1a6509f250b8c5986005346.00000ee1.honggfuzz.cov | Bin 0 -> 3809 bytes ...7dd5c6e8d886cb500c2546a1f86c.00000037.honggfuzz.cov | Bin 0 -> 55 bytes ...b30762d0a2641fa398062e9945cf.000002c2.honggfuzz.cov | Bin 0 -> 706 bytes ...8663f9db591fdead41e0d829b949.00000097.honggfuzz.cov | Bin 151 -> 0 bytes ...1c69711d9b662470d4e606dac682.00000090.honggfuzz.cov | Bin 0 -> 144 bytes ...33968370f70a91e192ae77cdc0e7.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...684977aad8f8131f5e163a5934e4.00000314.honggfuzz.cov | Bin 0 -> 788 bytes ...93b08ade3ee505288479ef463100.000008c6.honggfuzz.cov | Bin 0 -> 2246 bytes ...416d9af2c3a195b635b27bec6550.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...820d2c9dd04e41f94e26cf1f1cb9.0000077b.honggfuzz.cov | Bin 0 -> 1915 bytes ...e37f7bba2c807a91825d12f6c94a.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...b684ac3d708fd211cbfec6f95c01.000000c7.honggfuzz.cov | Bin 0 -> 199 bytes ...9f99703e630f1f83e4b25db29e4e.00000048.honggfuzz.cov | Bin 0 -> 72 bytes ...fab65f8910c3dce7b510cf0b214c.0000002f.honggfuzz.cov | Bin 47 -> 0 bytes ...5aa278de8d4e52548fb115426371.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a302d8d606a40b464af7806e4e1d.0001b92d.honggfuzz.cov | Bin 112941 -> 0 bytes ...c0663854da37c9af0d681ed4f5d6.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ae3737a346d4664c1c82b23420cf.0000005e.honggfuzz.cov | Bin 94 -> 0 bytes ...ce50c7979ca44564775b6d3175fb.00000062.honggfuzz.cov | Bin 0 -> 98 bytes ...3b524b024885cbab5cf7f18bc267.00002165.honggfuzz.cov | Bin 0 -> 8549 bytes ...7c44b7760947006d2667ced9adb4.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...4f19626bc2b2f60e9d7a1f54bb5b.000000c7.honggfuzz.cov | Bin 0 -> 199 bytes ...2011fba935cb3df86f3bfc57cc49.000002a9.honggfuzz.cov | Bin 681 -> 0 bytes ...1c39ecdcb2f170d4bc71cc13fa3f.000001e0.honggfuzz.cov | Bin 0 -> 480 bytes ...8e8fa663cdbc7f6e89b804f72e2b.00000038.honggfuzz.cov | Bin 0 -> 56 bytes ...65123029ec38afd5d8a1066ccc9b.00002de2.honggfuzz.cov | Bin 0 -> 11746 bytes ...4ff71ec88f7548b08747828b4475.00000295.honggfuzz.cov | Bin 0 -> 661 bytes ...d780bc7692fecaeed453421fc897.000007b4.honggfuzz.cov | Bin 0 -> 1972 bytes ...326b47b25cfe99b1f3c8eff19b48.0000010f.honggfuzz.cov | Bin 0 -> 271 bytes ...e11b508095c021ce89b9d038ece7.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...dd6cc0f9d7e04527ab93bbf654fa.00000034.honggfuzz.cov | Bin 52 -> 0 bytes ...f0bc0d813f4bd85fcb92c92e1319.0000003e.honggfuzz.cov | Bin 62 -> 0 bytes ...929fac9194f6795c4b38c3cfd9d1.000093e3.honggfuzz.cov | Bin 37859 -> 0 bytes ...951c43a52d111538529ae08c7975.000713ab.honggfuzz.cov | Bin 463787 -> 0 bytes ...a0893201b7598e57b83827589091.000016dc.honggfuzz.cov | Bin 5852 -> 0 bytes ...8a5a996ca1d7e76e48c73a69a2be.00000119.honggfuzz.cov | Bin 281 -> 0 bytes ...ac2ae90b098a8269288a30bec312.000002e5.honggfuzz.cov | Bin 0 -> 741 bytes ...ab3424bccff1a2c6a944ae189ab9.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...7dd67e73bc1f11bbdf993fd73ae4.00000a66.honggfuzz.cov | Bin 0 -> 2662 bytes ...49220e657d044b75a1fe8290ac9d.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...6dd73191f9e1c5a8da459f621d2c.0007791c.honggfuzz.cov | Bin 489756 -> 0 bytes ...e50bd1ca5a459850a0a8cbf32d9e.00000106.honggfuzz.cov | Bin 262 -> 0 bytes ...70379e90a67fc808678bf3c37e62.000000ea.honggfuzz.cov | Bin 0 -> 234 bytes ...daffa299b9a21592f186301f4a67.00000565.honggfuzz.cov | Bin 1381 -> 0 bytes ...f5412fae03be9dad27588404dcc5.0000078f.honggfuzz.cov | Bin 0 -> 1935 bytes ...c7a27dd217d1d0c65db6690d2f22.0000f931.honggfuzz.cov | Bin 63793 -> 0 bytes ...3fddddab425f2d24cc1996fe057b.00000094.honggfuzz.cov | Bin 148 -> 0 bytes ...02924f03522baaed2de00b58ddeb.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...ef3f73c17f47e05b09d6606c98a7.00000051.honggfuzz.cov | Bin 0 -> 81 bytes ...56cf4e1c01b065835ff80d80011f.0000000d.honggfuzz.cov | Bin 13 -> 0 bytes ...5b3ccb7005ee144a5af6e188d3c9.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...eede2b76610be79ff89ebd0877eb.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...df52b41ed824b945fd817ecb9278.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...89f1d0afe5ce752cb9a426ca9682.000011b3.honggfuzz.cov | Bin 4531 -> 0 bytes ...570d2cd92d887504b2b7229e6cc8.0000014e.honggfuzz.cov | Bin 334 -> 0 bytes ...1b4242b748bf7302f25d9a77f172.00000167.honggfuzz.cov | Bin 0 -> 359 bytes ...1a3ef32b7e8afbeded2a0b2676df.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...a9fec2927dcffe007e514c24465c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a72ac769556b92dbdf7e232a43a6.00000bb8.honggfuzz.cov | Bin 0 -> 3000 bytes ...dacbed2ff3ba228484485a84ded8.00001c73.honggfuzz.cov | Bin 7283 -> 0 bytes ...dacea2443a91924b5546df865acf.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...01fe57315e49ea7f3222eab4b6d3.00000bca.honggfuzz.cov | Bin 3018 -> 0 bytes ...cb482323a79fd548ceca1b5fbff7.000000bd.honggfuzz.cov | Bin 189 -> 0 bytes ...0fb5a14f4fdbb9e67e5ac2eb7675.0001153e.honggfuzz.cov | Bin 0 -> 70974 bytes ...0f8deb5941f51a670a04bf87e88e.00000351.honggfuzz.cov | Bin 849 -> 0 bytes ...76506f02a926ab0df0b296561fff.00008b64.honggfuzz.cov | Bin 0 -> 35684 bytes ...4e5bc63de7a5dcdb9abd5609d645.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...9db6879c6642cd694bb3372ab42b.000003f5.honggfuzz.cov | Bin 0 -> 1013 bytes ...8d1b845d598f043bb6f88ca74757.0000018c.honggfuzz.cov | Bin 0 -> 396 bytes ...9a4f7266fd4e4970ee8c0f23d1f0.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...9f47c42c1a7289aac0cc2a1c7ec8.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...78ad43bd22f6da2599ce5ad875a3.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...50e8f003084dabaad5d333cb66b3.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...1f34be053024cedc283c9dfebf6a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...5eaf5cec582b081c8370703fda6e.00006828.honggfuzz.cov | Bin 26664 -> 0 bytes ...9d08fb8b47ef8007696e3e415fd8.00000033.honggfuzz.cov | Bin 0 -> 51 bytes ...d9addb4fe4d4b7ab861ceee08654.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...1016dab5139842d3ca47caacf98d.0000008f.honggfuzz.cov | Bin 143 -> 0 bytes ...5bbe823b24cb032d3dccc405f827.00000110.honggfuzz.cov | Bin 272 -> 0 bytes ...d8c7b773f0d7b396b2a368243a11.000000b0.honggfuzz.cov | Bin 176 -> 0 bytes ...85bf51ab1e297b55ef262cdb0a0f.00003422.honggfuzz.cov | Bin 0 -> 13346 bytes ...96a1216c461700a302854d0a2c15.00019747.honggfuzz.cov | Bin 104263 -> 0 bytes ...52c049333bb3666068b59ae387de.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...dfded76df1b753bf1f5f0bc14ff9.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ce84b34840f138195bc73c716576.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...83884b58b552aa17b6500d15be38.00000032.honggfuzz.cov | Bin 0 -> 50 bytes ...5dcef75c57d54fc223ac76430bd7.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...dcb17d5ddea0de26fc6edfd41d04.00000044.honggfuzz.cov | Bin 0 -> 68 bytes ...94cfc1582063ff7713a8d6d1e357.000000f2.honggfuzz.cov | Bin 0 -> 242 bytes ...94cfc15c3063087713a8d7618851.000000f2.honggfuzz.cov | Bin 242 -> 0 bytes ...7b607e05a625c4319c11141e65df.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...120ee93a36d6dd45b14b8337b739.0004a501.honggfuzz.cov | Bin 304385 -> 0 bytes ...e2787b190d9455a71358cc994ce5.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...5ba7b1eda89d478faeb623f18732.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...e33efa7e2b5fb41443deb04a0156.000001b8.honggfuzz.cov | Bin 0 -> 440 bytes ...56d56719cad21c2ee353578386e1.000000bf.honggfuzz.cov | Bin 0 -> 191 bytes ...aa6a65592f0c4b9fdc85580220ed.00000372.honggfuzz.cov | Bin 0 -> 882 bytes ...f042e9576343d0cfca7132b4a115.00000030.honggfuzz.cov | Bin 0 -> 48 bytes ...1d88e0fa62f5b8ad8e5d91fc5d40.00000020.honggfuzz.cov | Bin 0 -> 32 bytes ...aef1352cbeceedc7177ff7dcd42a.00000d98.honggfuzz.cov | Bin 3480 -> 0 bytes ...4081717ef774e39ddd757dbab867.000013ef.honggfuzz.cov | Bin 0 -> 5103 bytes ...80611072520dbbc381bb43396b51.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...02b196088a86714af6b1fa590d92.000000eb.honggfuzz.cov | Bin 0 -> 235 bytes ...59c44f60936977b16041ea8b649c.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...5203ce5ba7f1ee6bd62ad646f776.000001fc.honggfuzz.cov | Bin 508 -> 0 bytes ...92734da36ec163964cf2e552d369.00000b95.honggfuzz.cov | Bin 2965 -> 0 bytes ...5165b9b2b284c91ec6010762d59a.00000ea9.honggfuzz.cov | Bin 0 -> 3753 bytes ...45071a52c7da860e1607f186912d.0000054f.honggfuzz.cov | Bin 1359 -> 0 bytes ...a58835352511790fac1199a3df80.00000ad5.honggfuzz.cov | Bin 2773 -> 0 bytes ...1a29105a90b255f7804d9b7636d5.000000f9.honggfuzz.cov | Bin 0 -> 249 bytes ...7e342ba8b42b57264c09f5d689ef.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...8d145380fb404a8ea610b7eabecc.0000005c.honggfuzz.cov | Bin 92 -> 0 bytes ...491ede448e66c83d5272847f3286.00000059.honggfuzz.cov | Bin 89 -> 0 bytes ...fe8c2d18974b054aadd645889463.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...7153749821c50b78114d6f8ae4ef.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...4d06cfcb9c33badd615251709875.0007d000.honggfuzz.cov | Bin 512000 -> 0 bytes ...b8c3b3416f5dd3a84eaf837412a7.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...5bad7e33b44ac42b7306f17e309c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...b86f8fbb5293f1341b727ae9d9e2.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...bccc4c4ffc06b74d8a6305c8328b.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...42843dff902bf2914042b85571d9.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c2c6b8e9ec924a6b25f802476cda.0000051e.honggfuzz.cov | Bin 1310 -> 0 bytes ...71fa6ca637be16f2d509a5e4db76.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...3a868c4908deea94fae5ad80dfab.000000a0.honggfuzz.cov | Bin 160 -> 0 bytes ...333e28400776138586fa6148c24a.000001e6.honggfuzz.cov | Bin 486 -> 0 bytes ...b449d067c91fad4ea58f2480c6e4.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...b5cefab691287f45f928ce290b84.00000276.honggfuzz.cov | Bin 0 -> 630 bytes ...812509f2bd5883d1f474f44c8dc5.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...93f4cd0e80e5073b8fa86527b27e.00004ff5.honggfuzz.cov | Bin 0 -> 20469 bytes ...d9823df1caf7e05ab54e03b2ec19.00002c73.honggfuzz.cov | Bin 0 -> 11379 bytes ...2f95ef1e4406e767c88cdac5cf3d.000002a6.honggfuzz.cov | Bin 0 -> 678 bytes ...c28bbad84647163aade4f2ae06cf.000000d1.honggfuzz.cov | Bin 209 -> 0 bytes ...36ae0a76ca2e6891b644d750fec0.00000065.honggfuzz.cov | Bin 0 -> 101 bytes ...8ef2bfe591f3119c62ded93d1b0d.0000019a.honggfuzz.cov | Bin 0 -> 410 bytes ...5dfacf1f70f96bd7bc64db356abd.000003ee.honggfuzz.cov | Bin 0 -> 1006 bytes ...89d8f338b1f034339a1cec661408.00000063.honggfuzz.cov | Bin 99 -> 0 bytes ...456ca759ffc94b79da4f62bc497a.000004c9.honggfuzz.cov | Bin 0 -> 1225 bytes ...722585495197ea80d3bc54ef97ad.00006796.honggfuzz.cov | Bin 26518 -> 0 bytes ...de3285977ef3accee21e840d1d39.0000014a.honggfuzz.cov | Bin 330 -> 0 bytes ...55c629761260ec3d83b8ad7c493a.000019da.honggfuzz.cov | Bin 6618 -> 0 bytes ...671f4003b211ea5720834e1758e7.00000fc5.honggfuzz.cov | Bin 4037 -> 0 bytes ...e90f07dec33d4da7684409f11460.00009349.honggfuzz.cov | Bin 37705 -> 0 bytes ...c05c44ca61b962893f6f3c853f55.00000091.honggfuzz.cov | Bin 0 -> 145 bytes ...e34663c07d8c20fbe40c80af893f.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...3c0592e6b3331c766ee87a0c60ce.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a636beec78c748cd9d2f044880d6.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...4cb96da506a30babdc8aa1c77371.00016592.honggfuzz.cov | Bin 91538 -> 0 bytes ...63c5234e54c70548444a72775905.0000005e.honggfuzz.cov | Bin 94 -> 0 bytes ...61170a51eeda057a1b692a773436.000000a1.honggfuzz.cov | Bin 161 -> 0 bytes ...551195ea6a24311bd4207f9a16c3.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...4515854f398884fada54bf3bcc95.00000040.honggfuzz.cov | Bin 64 -> 0 bytes ...2871b91111463305b1b8a2557f31.0000011f.honggfuzz.cov | Bin 287 -> 0 bytes ...5306159de46e63de526ac4fe9049.000002d8.honggfuzz.cov | Bin 0 -> 728 bytes ...5d645fc1ca0ef3b57dcbd8ba5e15.0000026f.honggfuzz.cov | Bin 0 -> 623 bytes ...2641ec5794427911c6f328dac0cf.0000009e.honggfuzz.cov | Bin 158 -> 0 bytes ...cbf932995646f1b0b3aeff10ee93.00000020.honggfuzz.cov | Bin 0 -> 32 bytes ...239f687ffadbe56fbe2682f36f72.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...22f28a94b9749ecd71f4b5845707.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...005b297a146cfe3128534c252fc6.0000010f.honggfuzz.cov | Bin 0 -> 271 bytes ...9e9daa0fb94fe90e2657a51e9d31.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ed96d7b89de068e63dcc57449e16.000168e9.honggfuzz.cov | Bin 0 -> 92393 bytes ...4d08be93279850dfa557af1d377d.00000043.honggfuzz.cov | Bin 67 -> 0 bytes ...f2ade6ce09237358b89c95f20a74.0000613c.honggfuzz.cov | Bin 0 -> 24892 bytes ...7e254163c6db81e9b60d7238319e.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...e1ebe0a79c096fec47eb64a32b5f.00000351.honggfuzz.cov | Bin 0 -> 849 bytes ...08017ff4766e6ccc4b0cef79bdb4.000001d0.honggfuzz.cov | Bin 464 -> 0 bytes ...3b6cd867b9865c05ca0cd22394c6.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...32868c4900de90bc52e5ad80dfa6.000000a0.honggfuzz.cov | Bin 160 -> 0 bytes ...40e7d46df0c972341f33be6e9d52.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...672153da52114263800952aca98e.000102cc.honggfuzz.cov | Bin 66252 -> 0 bytes ...705265c9c4bdb64eb314776b8326.0000fffb.honggfuzz.cov | Bin 0 -> 65531 bytes ...9a26fba857b6ca21e5ad47dd0766.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ccd9043b8caea720c8c8727f9561.00003302.honggfuzz.cov | Bin 13058 -> 0 bytes ...b5b664b5f1d1c167b705f7f410ad.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...02e2bc4691175840f4ebe260758d.00000043.honggfuzz.cov | Bin 0 -> 67 bytes ...4c8e32a1c821eac104918c846f46.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...6d78ba069542f594d9f6741414a3.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...363706a18d2cec4cbe94c4492e85.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...fc6414f200bc9f9cb8b6c78bb574.00000076.honggfuzz.cov | Bin 118 -> 0 bytes ...8dedb7af1b527168a243ffbce1d1.00000040.honggfuzz.cov | Bin 64 -> 0 bytes ...47b5b040aec2f5e53142dcd911c3.00000055.honggfuzz.cov | Bin 85 -> 0 bytes ...17aa24fba8851df5571b4b8d40bd.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ae526e85f449dad5169be5014b68.00000176.honggfuzz.cov | Bin 0 -> 374 bytes ...9d12d8b6eea150b75c4922164eb5.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...afbc04da6e89f22419d132ec771d.0000002d.honggfuzz.cov | Bin 0 -> 45 bytes ...afbcb2bcbe8902db16d132ec771d.0000002d.honggfuzz.cov | Bin 45 -> 0 bytes ...f7716ff639f10cdb519edd441f81.00000c65.honggfuzz.cov | Bin 3173 -> 0 bytes ...15762115e6651b33f82f0498a645.00000056.honggfuzz.cov | Bin 86 -> 0 bytes ...5cf474b7927a7a28f5746845fc18.0000022b.honggfuzz.cov | Bin 0 -> 555 bytes ...a5b8ecaeb0f578e13c09dbaa8272.00002516.honggfuzz.cov | Bin 9494 -> 0 bytes ...cd9e88442706cfdea36875100058.0000003f.honggfuzz.cov | Bin 63 -> 0 bytes ...1e49a658b60c2a1324e16bc0ffa0.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...554a43bc7128cb489f1e7f673d96.00000332.honggfuzz.cov | Bin 818 -> 0 bytes ...9f2773686087abb197e090798e05.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c701fe1cb0e975fdf18a2f0dab91.00001e1c.honggfuzz.cov | Bin 7708 -> 0 bytes ...93b2eaf4bbb31f655360acf6a0f5.00000251.honggfuzz.cov | Bin 0 -> 593 bytes ...f0c6ace52d43ca66cc1145b1d611.00005354.honggfuzz.cov | Bin 0 -> 21332 bytes ...4c9183eff6003b1ce3f7c6a1f50c.000000a8.honggfuzz.cov | Bin 0 -> 168 bytes ...2a315bad4a864a024fd1488ae4d3.0005d55b.honggfuzz.cov | Bin 382299 -> 0 bytes ...3c1116b80b77546bd5c28b833503.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...4944f71ba56896eb39cccb4facad.00001388.honggfuzz.cov | Bin 5000 -> 0 bytes ...4311ca3aee6a79a87ca173c63ba1.00000117.honggfuzz.cov | Bin 0 -> 279 bytes ...b8bc81d96b2ed6ee6b31da735580.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...0bb7e39c2bd09e135f86a60f1014.000000ef.honggfuzz.cov | Bin 0 -> 239 bytes ...9b51d731ba0018a43d7b4f55aa53.00011644.honggfuzz.cov | Bin 0 -> 71236 bytes ...a0624270385c0d5f39649af20ad4.000000f7.honggfuzz.cov | Bin 0 -> 247 bytes ...5922bdca8d8542c9fd19ea8907de.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...99f193f0d9ec486114401cab5abb.0000082d.honggfuzz.cov | Bin 0 -> 2093 bytes ...428d3bd61209bf8a54a0faf548cf.000009aa.honggfuzz.cov | Bin 2474 -> 0 bytes ...a7b12a47bb121efc94e7eec57c76.0001153e.honggfuzz.cov | Bin 0 -> 70974 bytes ...e7c4c27163883aacc43150e4d27f.000000d5.honggfuzz.cov | Bin 213 -> 0 bytes ...574a649775213e2181bd8c6f0208.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...403daa8c4b63f904bfd3b94ca492.000001b8.honggfuzz.cov | Bin 0 -> 440 bytes ...7407743ec47e8a2a3a441c2b8a95.0000010f.honggfuzz.cov | Bin 0 -> 271 bytes ...f3531ba0bddc0bb6d7dd77ccd6ad.000007a3.honggfuzz.cov | Bin 0 -> 1955 bytes ...93f94c82897a282e34c31c5b17e4.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...84eef2bd15cf4bad80c68ffecc87.0000009e.honggfuzz.cov | Bin 158 -> 0 bytes ...a788dedeec636073c9d7ec9436e3.00000091.honggfuzz.cov | Bin 145 -> 0 bytes ...e06e903742466c944a8922b9eb4c.00000147.honggfuzz.cov | Bin 0 -> 327 bytes ...4e9fb994209c72125898c35becf5.000000d5.honggfuzz.cov | Bin 0 -> 213 bytes ...8bb006603b7a33f42b3741b2d36c.00000e83.honggfuzz.cov | Bin 3715 -> 0 bytes ...d08f6f225aa6a78fc2aaedb560e0.00000252.honggfuzz.cov | Bin 594 -> 0 bytes ...d17800ce75714509f980adee62a5.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...f806073214448bbfb3e15f8081ce.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...95ee33d20b73955a5594a0193001.00002c0d.honggfuzz.cov | Bin 11277 -> 0 bytes ...e6f9a3d54cf3c535632cb57ee520.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...d4867f9696d97729332fb58ccec5.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...e0e60f7cc308645787c9a06ade0e.0000029e.honggfuzz.cov | Bin 670 -> 0 bytes ...1e678af322c69313e33ebf7fe457.00000186.honggfuzz.cov | Bin 390 -> 0 bytes ...d32fc026326e2e065df8934b80d3.00002cad.honggfuzz.cov | Bin 11437 -> 0 bytes ...61f2e417772c8e431872466f0d5b.000000a3.honggfuzz.cov | Bin 163 -> 0 bytes ...33e246a7417c9bf23bea0727b726.0000119b.honggfuzz.cov | Bin 0 -> 4507 bytes ...8c12b55369443ab5617b0f89384c.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...5a274758b939aeb92c15f9723b9e.00008d94.honggfuzz.cov | Bin 36244 -> 0 bytes ...e679cfb810e0ecef4a7159510b24.00000cbe.honggfuzz.cov | Bin 0 -> 3262 bytes ...1f12bff07291519165627cbf55df.00006e98.honggfuzz.cov | Bin 28312 -> 0 bytes ...f9519ebc7409ad8116e879e3ac05.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...737404475144a5dca394db75a6ab.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...64d31065542a5acc8d3717b8bf3f.0000033d.honggfuzz.cov | Bin 829 -> 0 bytes ...c8c4c63c7c6e6d12b064310be99a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a607a095579295aa490eb612faf9.00000497.honggfuzz.cov | Bin 0 -> 1175 bytes ...ec202b0822d5acf03a33504f4d5a.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...fe05b6aeb6d1a85a5faaf8996f41.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...5d0323ef2bb3627b9dfba78c39b0.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c5b597a68695b53a9ba931f960f4.0000019a.honggfuzz.cov | Bin 410 -> 0 bytes ...a42a8fe74d33e00c08e5d55f1907.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...dc0bd845dfd44badc3829e78dc7d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...3c87a3238d5e824e01bc860f40eb.00000087.honggfuzz.cov | Bin 0 -> 135 bytes ...c6b40953d14835de14973d08ab6e.000004a9.honggfuzz.cov | Bin 0 -> 1193 bytes ...4dca9921625f0f1c75e9469391b1.0000020a.honggfuzz.cov | Bin 0 -> 522 bytes ...254b72aa04799233614d54f7035c.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...7cd5681e5d76d79903f5f8b81778.00000032.honggfuzz.cov | Bin 0 -> 50 bytes ...9abb3b9b64eae6e3776db0bbb5f0.0000265a.honggfuzz.cov | Bin 9818 -> 0 bytes ...07ce73a72106b3515817e4ce07a0.00001877.honggfuzz.cov | Bin 0 -> 6263 bytes ...f60be76c2b693640175dc226202d.0000006a.honggfuzz.cov | Bin 106 -> 0 bytes ...91e3e2f625bac7b1fb42cde22c15.0000d011.honggfuzz.cov | Bin 53265 -> 0 bytes ...9975ebf198817b70affa6c577f76.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...21ddb316c99705a167a000d113c1.00000238.honggfuzz.cov | Bin 0 -> 568 bytes ...265a63f400e4f3277c6bad3d2332.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6a3be58856ec7fa7f9d7f3e8d735.00000063.honggfuzz.cov | Bin 0 -> 99 bytes ...8654b46e5295b61217dbb4794075.00000094.honggfuzz.cov | Bin 0 -> 148 bytes ...a2037602186af252df79ab6afb87.00000405.honggfuzz.cov | Bin 0 -> 1029 bytes ...c135ccce5f8f9c07969234081329.0000011e.honggfuzz.cov | Bin 0 -> 286 bytes ...af78238ff4a11450c3e902fb1d4e.00000200.honggfuzz.cov | Bin 0 -> 512 bytes ...2d59cbe07dbdaa8081fecf810288.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...82af8ec894031a1d3570e13ee389.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...f73b5a824ce34a882ce4a8b628db.00000052.honggfuzz.cov | Bin 82 -> 0 bytes ...fd0c390092b90d55e4ff3f857c72.0000028a.honggfuzz.cov | Bin 650 -> 0 bytes ...f2b68447c81b71e3adc3965fe36a.0000097b.honggfuzz.cov | Bin 2427 -> 0 bytes ...475d4da8bfe464d85f822fe3804b.000019a0.honggfuzz.cov | Bin 6560 -> 0 bytes ...646188ece5286ea43e6748f70e9d.00002710.honggfuzz.cov | Bin 10000 -> 0 bytes ...5a0b70b8201b13d07420380ab331.00001079.honggfuzz.cov | Bin 4217 -> 0 bytes ...99b2f5138af3050f6237851c4737.0000a74d.honggfuzz.cov | Bin 0 -> 42829 bytes ...c8283dca88344706e65677809500.0001b316.honggfuzz.cov | Bin 111382 -> 0 bytes ...a1283e158c20d5e5a29d26244231.00000021.honggfuzz.cov | Bin 33 -> 0 bytes ...f2f3f5b2fa6d71ee814a8d427f4b.0000006f.honggfuzz.cov | Bin 111 -> 0 bytes ...541656ac45ed18e912a1cd055063.000006b0.honggfuzz.cov | Bin 1712 -> 0 bytes ...7aa046413a5c3024bbbe582400f3.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...a0df7261dd861e049e02be5885a4.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...b1d30f7c539ec08696016c43f3f4.0001fc2a.honggfuzz.cov | Bin 130090 -> 0 bytes ...39c3a6f20db5359763919eecbcb3.00000fb4.honggfuzz.cov | Bin 4020 -> 0 bytes ...6814b4f1bff73073f08c226b433a.0000005a.honggfuzz.cov | Bin 0 -> 90 bytes ...c310b1a84d930235389cfc27db56.00000062.honggfuzz.cov | Bin 0 -> 98 bytes ...dcd856ce201da0efff7a3e030357.00002798.honggfuzz.cov | Bin 10136 -> 0 bytes ...90f55f0e33c12f36d00e405a7b6a.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...3e084ca2e1209d27136fd7d79247.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...4e8c637e2658f8e71e941fe3828c.00000239.honggfuzz.cov | Bin 0 -> 569 bytes ...8abb251beafc931ab77c94c6b09a.00004c1c.honggfuzz.cov | Bin 19484 -> 0 bytes ...2841efcaed8144a5a0b4321b1117.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...08b174f11f981973bfe4a203d6e8.0000088d.honggfuzz.cov | Bin 2189 -> 0 bytes ...874f255fa1243c84c705d29cc57a.00000219.honggfuzz.cov | Bin 537 -> 0 bytes ...9b3d63074b93c447c1810e3d9e7c.000002f3.honggfuzz.cov | Bin 0 -> 755 bytes ...4b6306ba36201e66f0a284f4a13b.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...46fb1204de1fa48a637aae39e4f1.000000ee.honggfuzz.cov | Bin 238 -> 0 bytes ...31a1354ccedec0c174691d07bc77.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...31a135567f75dbdbc5c207acbc66.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a4ccd84406566e7c3f6515099fda.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...b66127b2aea19082bf1c56d75a04.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...f0d9f5e87d4249827b2ad77f6274.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...a9fec288cdcfe4b1d54bfd94464c.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...9a00453019dbc9cb303bb5c52224.00000926.honggfuzz.cov | Bin 0 -> 2342 bytes ...4e8a9d4135240a342576f6e9dd3c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...7d7a901fedb42b5a14ca9672429e.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...e119e8e7670387690822f5decf6e.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...f3f3342d6824185709bd4bd594e0.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...bce3a91c0b2d00358479bdd5ce7d.000000fe.honggfuzz.cov | Bin 0 -> 254 bytes ...af6233bc2593daf970052f3a7f3d.000001e0.honggfuzz.cov | Bin 0 -> 480 bytes ...9cc1dbbb46cb011ddf7be1c40165.00003bc5.honggfuzz.cov | Bin 15301 -> 0 bytes ...ad6706242f44d41e24ca3ca89726.00004ce1.honggfuzz.cov | Bin 0 -> 19681 bytes ...5bf803e223a42c505ad3fa815090.0000001e.honggfuzz.cov | Bin 0 -> 30 bytes ...6c578f82939a77199090a3db933b.000003ab.honggfuzz.cov | Bin 0 -> 939 bytes ...5528c7704bbc5263698f23f93594.00000019.honggfuzz.cov | Bin 25 -> 0 bytes ...5040568596c93d7e81348bbf481a.000001b9.honggfuzz.cov | Bin 441 -> 0 bytes ...ba35f924d63ecd0b79de51c52305.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...4e55a893ccb58ca61acdce99f581.00000020.honggfuzz.cov | Bin 32 -> 0 bytes ...df869edc6dc77744782beb5a2fcb.0000050b.honggfuzz.cov | Bin 0 -> 1291 bytes ...29f739a5a12ce0a52659691bd4ac.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...202b639f5a0976d4815704e6d25c.0000065b.honggfuzz.cov | Bin 1627 -> 0 bytes ...471e63dbc7a736cb0cb19ba63692.0000283a.honggfuzz.cov | Bin 10298 -> 0 bytes ...6775c9ef1443b88cfe06f17ca5ff.0000059c.honggfuzz.cov | Bin 1436 -> 0 bytes ...4d810bee295451364d3f363db1b5.000000a0.honggfuzz.cov | Bin 160 -> 0 bytes ...b0374aadbde192c715892e8b55d2.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...727796babd4c3033a5beb4388eb1.000000d3.honggfuzz.cov | Bin 211 -> 0 bytes ...75d97144fcb7a9d319f0f02d4d60.0000c1d1.honggfuzz.cov | Bin 0 -> 49617 bytes ...af17571dd6d1dd83b07a2881a7ef.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...eecdc4dfb567addca9194403fecf.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...b5937210aa80d19ba38f6f931dd6.00000035.honggfuzz.cov | Bin 0 -> 53 bytes ...1acd732c72475ca6161eecfe2e51.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...129e23d722a91a33a4c69de76b37.0000c349.honggfuzz.cov | Bin 0 -> 49993 bytes ...0220cf7171e64c9630b9b9b769dc.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...1f11eb2ad2215562d873cddd2235.0000001e.honggfuzz.cov | Bin 0 -> 30 bytes ...576196d931efdcf94c7256ebf547.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...579169d631ef47e6704ea524c97b.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a114e7d7543c6bfc7bfdafb5bd23.0000180a.honggfuzz.cov | Bin 6154 -> 0 bytes ...73b0a35a49e6197991c6689e7dd7.000178d3.honggfuzz.cov | Bin 96467 -> 0 bytes ...965e86b6175b7680f07520290acd.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...798d4800670e742155dde04c603c.0000007e.honggfuzz.cov | Bin 126 -> 0 bytes ...5747bf0031ef470870a04bca27db.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...0a2d26b0fedeaf866a9dc072adc1.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...c4a12c5d6c57cbbeb1d398e708a5.00042674.honggfuzz.cov | Bin 271988 -> 0 bytes ...61981a04daa87a57dc1491e568c2.00000020.honggfuzz.cov | Bin 0 -> 32 bytes ...71f8f9bca8e14964cce206e2c272.00001d71.honggfuzz.cov | Bin 7537 -> 0 bytes ...2a8e53ad2c28c1ca12f20ff22487.0000005b.honggfuzz.cov | Bin 91 -> 0 bytes ...3a63325c6a6832b40fd4f0f231c6.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...6d3a2df85418cfd3d4c4a4b41167.0000002d.honggfuzz.cov | Bin 0 -> 45 bytes ...f551c16b16c89fa241aee1c823e8.0000011f.honggfuzz.cov | Bin 0 -> 287 bytes ...f0ceef870042f976b7feb590a75e.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...20b77fe217ed469dd4938fa8694a.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...846626d9aaa54b529d5be7e78611.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...8c5add6bf2d330631346ff562abb.00000129.honggfuzz.cov | Bin 0 -> 297 bytes ...a4ad4a0a6ae9572a424634726c59.00000516.honggfuzz.cov | Bin 0 -> 1302 bytes ...25353619f74c3af9edca58c318d9.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...b944ab6518b3a46174d03c5191ff.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...4dcc1bc79ac3f1d53a2b27689c8d.00000032.honggfuzz.cov | Bin 0 -> 50 bytes ...90191b2983ddae635c6d9b5ed3b2.00000079.honggfuzz.cov | Bin 121 -> 0 bytes ...02236eeb381fa696f1bfa53dfd2a.00006819.honggfuzz.cov | Bin 0 -> 26649 bytes ...c8542a25cf583fd23e814d179821.00000031.honggfuzz.cov | Bin 0 -> 49 bytes ...5a91a484c8acb76dd484156731f6.00000057.honggfuzz.cov | Bin 0 -> 87 bytes ...10ecab0cb4b20a037a60748d4d5b.00004238.honggfuzz.cov | Bin 16952 -> 0 bytes ...07fb656949ccd4230778f3e3bf77.00002ea8.honggfuzz.cov | Bin 11944 -> 0 bytes ...8617b0be184c36ce5daaf1cc2a11.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...eea3db4239b131c2f7d781f19c87.0000e12d.honggfuzz.cov | Bin 57645 -> 0 bytes ...a38f467b4cef4059a2bbb7cdb6b3.00000087.honggfuzz.cov | Bin 135 -> 0 bytes ...4563f4fd8aec016de9103b5ad465.00000046.honggfuzz.cov | Bin 0 -> 70 bytes ...6813ea898511afc4beb01dd099b7.00000d97.honggfuzz.cov | Bin 3479 -> 0 bytes ...350e3bcd5794610a17f948743bca.000008b9.honggfuzz.cov | Bin 2233 -> 0 bytes ...28b489db181278bd7c9ad0c0eaf1.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...b1aff0f7bc4c2e519f9dd6e7a547.00000219.honggfuzz.cov | Bin 537 -> 0 bytes ...669e0f93dbf1acd3be810bcaa5e6.0000f05e.honggfuzz.cov | Bin 61534 -> 0 bytes ...3e1101df76de089c5f225503339a.000002fd.honggfuzz.cov | Bin 0 -> 765 bytes ...524dddc15d0aabe9f03f685498a4.00000091.honggfuzz.cov | Bin 0 -> 145 bytes ...7a781d141d75e731daa4cd8e03d1.0000005c.honggfuzz.cov | Bin 0 -> 92 bytes ...654af3921ce567f9346cf2783993.00010ae8.honggfuzz.cov | Bin 0 -> 68328 bytes ...bb4eb9148dbbe50e26968e7b638c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c2a0352a8bf53128eff08374bd94.00000262.honggfuzz.cov | Bin 0 -> 610 bytes ...4cdd22179dec741f4d9fc1e9c013.00000e87.honggfuzz.cov | Bin 0 -> 3719 bytes ...0000000000002520000000000000.00000001.honggfuzz.cov | 1 + ...b2813b7d41648ff2bf4153250432.000008ff.honggfuzz.cov | Bin 2303 -> 0 bytes ...1e2248e282a2463c47f97eb11b45.0000055e.honggfuzz.cov | Bin 1374 -> 0 bytes ...d6d1c03259f1b14915edeed91065.00000048.honggfuzz.cov | Bin 72 -> 0 bytes ...14168eee874c12895ed3db700cab.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...1ad32daf1ee72d115f4f09c0c59c.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...903700f2e8a9b0c2e7ef64a4c19e.0001e987.honggfuzz.cov | Bin 125319 -> 0 bytes ...16849520244188ab8366035b8475.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...3906a6e3812781a4a71eb9d766ca.00000178.honggfuzz.cov | Bin 0 -> 376 bytes ...c2525caa5302704110915358b489.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...c4ba55e873344c26be181837f6d2.00018619.honggfuzz.cov | Bin 99865 -> 0 bytes ...c6225d3525618c869da176c79b02.00000c2e.honggfuzz.cov | Bin 3118 -> 0 bytes ...fca7b594196e2ac864c242fe450f.00000892.honggfuzz.cov | Bin 2194 -> 0 bytes ...a06b15717e12366f8b93f6d7e9ec.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...7318137ba501ba932ca525a0826b.0000d8f2.honggfuzz.cov | Bin 55538 -> 0 bytes ...91b1da8672d8a7494d84b9f25b0b.0000b857.honggfuzz.cov | Bin 47191 -> 0 bytes ...8c00de31a18e9a6983e1169b35a1.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...ea4a732d46765b07c2c334ee8c81.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...769857f6d81054725e2e52850bf9.000000b6.honggfuzz.cov | Bin 182 -> 0 bytes ...7739306571c2bf1233608dd2d78d.0000f3cb.honggfuzz.cov | Bin 62411 -> 0 bytes ...4d2a8ad8fdd58cda94bf75cce647.000001b0.honggfuzz.cov | Bin 432 -> 0 bytes ...8770aa3b294739db5db59c0f085d.00011949.honggfuzz.cov | Bin 72009 -> 0 bytes ...4ab0bd229aaadf13c251d74c2af0.000000a2.honggfuzz.cov | Bin 162 -> 0 bytes ...097000a6186a864d151ffa2bb4eb.00000319.honggfuzz.cov | Bin 0 -> 793 bytes ...c65a306a4aba522d21ec635a0963.0000004f.honggfuzz.cov | Bin 0 -> 79 bytes ...cf70996151e23ccc45b58eb072c2.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6fd1ac085caaf4e4fa2a99ff6759.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...26478210c4044f6d5eb807a9bd5b.00000456.honggfuzz.cov | Bin 0 -> 1110 bytes ...9486506a5f555d163b78a842f91c.00000090.honggfuzz.cov | Bin 144 -> 0 bytes ...0835b4b55e765cc302f2b7105d35.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...fb351896595c6071c51cda6eef43.00000020.honggfuzz.cov | Bin 0 -> 32 bytes ...b4ea27ed566dc39adf4629ec35e9.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...b4fa27ed567dc39adf5d29e735f9.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...fd341977b2fef1e4f98e809403d2.000007cd.honggfuzz.cov | Bin 0 -> 1997 bytes ...a131ed764fe19e8a288488a70287.0000007d.honggfuzz.cov | Bin 0 -> 125 bytes ...9230837a3526062735536fe0b144.0000001c.honggfuzz.cov | Bin 28 -> 0 bytes ...c979b37a3526b4db0a226fe0b144.0000001c.honggfuzz.cov | Bin 0 -> 28 bytes ...45a8b787295a774089a30a3e8bba.000000da.honggfuzz.cov | Bin 218 -> 0 bytes ...d593e5aeff1044ec45ee0e5c1129.00000037.honggfuzz.cov | Bin 55 -> 0 bytes ...1b48a585eeb51a7b39b1d24dccce.00000716.honggfuzz.cov | Bin 1814 -> 0 bytes ...6ab0230f4c3338005459f23d4466.0000001e.honggfuzz.cov | Bin 30 -> 0 bytes ...eb7e8f37b6446403b7d7ff72512c.000000d1.honggfuzz.cov | Bin 209 -> 0 bytes ...e153d5d7c0bc3158cb196db0b15a.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...2ab3d4cf271d2c8281560034f802.000000e9.honggfuzz.cov | Bin 233 -> 0 bytes ...51b223a32ef23fe5e83e5e9fab5e.000008e8.honggfuzz.cov | Bin 2280 -> 0 bytes ...aabae8f650ae14f9691c82825c5b.000001a0.honggfuzz.cov | Bin 0 -> 416 bytes ...be72f2301500f606f065d22c6024.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...f7416c770cfab0a9f6f153d791a9.000001eb.honggfuzz.cov | Bin 491 -> 0 bytes ...e1720fc4909943ec18eb10660442.000003a2.honggfuzz.cov | Bin 0 -> 930 bytes ...d582fc05458d26aa1bd96f063209.000001be.honggfuzz.cov | Bin 446 -> 0 bytes ...f3971061098706db6f6f2e3ab51a.0001b949.honggfuzz.cov | Bin 112969 -> 0 bytes ...de74379824fcd67238ec91502cee.000000c6.honggfuzz.cov | Bin 198 -> 0 bytes ...b171a5845f76b22dfcdf4b8f336f.0000009a.honggfuzz.cov | Bin 0 -> 154 bytes ...41033406d1beefc23f727964ee5a.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...d7e772b69baf81f73a0012d590eb.00000119.honggfuzz.cov | Bin 281 -> 0 bytes ...9aefa81d587b956b3d795a62f6f8.000002af.honggfuzz.cov | Bin 687 -> 0 bytes ...45d38ecda878a91b66a33b088a59.0000079b.honggfuzz.cov | Bin 1947 -> 0 bytes ...1176930c773d9a4aa7682ca1f9db.0000fc1b.honggfuzz.cov | Bin 64539 -> 0 bytes ...32af39c41b1a8d7fb2bbbf579be2.00000119.honggfuzz.cov | Bin 281 -> 0 bytes ...620533021214017d93fc8d47fda3.00001686.honggfuzz.cov | Bin 5766 -> 0 bytes ...df148e9d0a747bb4cf0efea8f22b.000105b8.honggfuzz.cov | Bin 0 -> 67000 bytes ...30cb432aa8fd3c4c254bc22f1d70.000000b2.honggfuzz.cov | Bin 178 -> 0 bytes ...b135a3164800c4d3c8e85633e6b0.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...ee1e139b45dd8bc34e7795989969.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c5f40f4c624f61fe64706f2bbb8f.00000200.honggfuzz.cov | Bin 0 -> 512 bytes ...21d72b151a8483a6df28caa96567.00001461.honggfuzz.cov | Bin 5217 -> 0 bytes ...eea3d4dfcf64fec86e05da464784.00000d60.honggfuzz.cov | Bin 3424 -> 0 bytes ...c13e1fe81c576582da806904d359.00000032.honggfuzz.cov | Bin 0 -> 50 bytes ...31ce9d0e4774054f6baeae93b59f.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...5ad6c26932799ae63513e0fbe409.0000c26e.honggfuzz.cov | Bin 49774 -> 0 bytes ...cf37dfcedf17abeb6285176a7f50.000002cb.honggfuzz.cov | Bin 0 -> 715 bytes ...fa3b54ef4289f5fd0417590f5939.00000375.honggfuzz.cov | Bin 885 -> 0 bytes ...5bc208b1d0a2439562b210e0cacf.00000040.honggfuzz.cov | Bin 64 -> 0 bytes ...ea1afbd263a5d9d69c5aec90024e.000000c7.honggfuzz.cov | Bin 0 -> 199 bytes ...17e028c926f4503b5cb7c846c4aa.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...1e928668741ee4e8e833422d6071.00006071.honggfuzz.cov | Bin 24689 -> 0 bytes ...6fc6b843dc19288c643a99fb1219.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...d10533c601fd95ddf27904ab773e.000000c3.honggfuzz.cov | Bin 0 -> 195 bytes ...1dbbd7b99bdd303238ba8e8f1208.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...21005e53728c8c2a937d4376d153.00000039.honggfuzz.cov | Bin 0 -> 57 bytes ...f26ce7962d812ba354cf7f74ea05.00000092.honggfuzz.cov | Bin 146 -> 0 bytes ...b97ff6782ff8548eef21c3088acc.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...7eab9dbeb18b7101b43cd89b90ef.0000041f.honggfuzz.cov | Bin 0 -> 1055 bytes ...d3bd1168e111ac1fe5c41dd4760b.00001327.honggfuzz.cov | Bin 4903 -> 0 bytes ...bc7870a9088e9d499214626169b1.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...f1b91c603059818dcdf840f672f3.00000254.honggfuzz.cov | Bin 0 -> 596 bytes ...4f69fcc929e897056c8028ead267.00008325.honggfuzz.cov | Bin 33573 -> 0 bytes ...8a21d73bd328b7e5b27f8bfb28dd.000126d3.honggfuzz.cov | Bin 75475 -> 0 bytes ...27776b71fbb314849ea1dcc673ad.00000033.honggfuzz.cov | Bin 0 -> 51 bytes ...3c7fe3493416890e0e2d1f8fe511.00000200.honggfuzz.cov | Bin 512 -> 0 bytes ...128875160abadd71fc3781035b23.000001db.honggfuzz.cov | Bin 475 -> 0 bytes ...9d21ccddb2aa11746920953de7d6.00001388.honggfuzz.cov | Bin 5000 -> 0 bytes ...95be8dfd5680b3c13f91c618c57e.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...deddb91faaeff5d25333e0861d9f.00000036.honggfuzz.cov | Bin 0 -> 54 bytes ...5f28e8441b334abbb78565bf16bf.0000003b.honggfuzz.cov | Bin 0 -> 59 bytes ...0fe160e9675226e59d51bdd3f739.000184e8.honggfuzz.cov | Bin 0 -> 99560 bytes ...a17dae7da8760d3507c974c579bd.0000011a.honggfuzz.cov | Bin 282 -> 0 bytes ...bfacf947453c3b1db7593e64fd01.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...5615c0f6d649db796627e280db47.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ab9c5c2e3653cd879deefb2872ea.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...aa7220743c267dedd778749703a1.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...968fc6c5be50d1a3715b0265abe5.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...db235247c83c6abae62f88ab34d6.00001e19.honggfuzz.cov | Bin 0 -> 7705 bytes ...74f63c97e2f92997ab8004c42845.00000153.honggfuzz.cov | Bin 0 -> 339 bytes ...c2171cd6dfc77ffb61adc568aab4.000014b5.honggfuzz.cov | Bin 5301 -> 0 bytes ...783c775910c3562f751089a4fcab.0000002f.honggfuzz.cov | Bin 0 -> 47 bytes ...c98000000000b9055d0000000000.00000003.honggfuzz.cov | 1 + ...b954ac288367a317e9a6acb93c66.00000043.honggfuzz.cov | Bin 67 -> 0 bytes ...3be786a5bbfc8a73609c59990e15.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...89976711bb17fb2ecb1c3557562a.0000576e.honggfuzz.cov | Bin 22382 -> 0 bytes ...76b3c4cf3337ea2fce0706aefa05.000000ff.honggfuzz.cov | Bin 255 -> 0 bytes ...1210b5e42edaa6aab5e979bcab0c.000008e6.honggfuzz.cov | Bin 2278 -> 0 bytes ...4b50f876da496f16b1fba14fd12e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...466e1e16db7ac34f1777764d47df.00000bb8.honggfuzz.cov | Bin 3000 -> 0 bytes ...8d8b9406da498e07b1fa7be4a0f4.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...240808ee18905a9b31fe415db66d.00000ac4.honggfuzz.cov | Bin 2756 -> 0 bytes ...e15bca01ffe0501804594cc7976f.0000047e.honggfuzz.cov | Bin 1150 -> 0 bytes ...bb6fe018e39229aa814859558bdd.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...ef030829ae64c8156222d19919a0.00000d70.honggfuzz.cov | Bin 3440 -> 0 bytes ...6b7652f36bfaf5f5076be0d331f2.0000017b.honggfuzz.cov | Bin 0 -> 379 bytes ...0b2b0816a86c0855bfebdb3ed461.0000044a.honggfuzz.cov | Bin 0 -> 1098 bytes ...21acf1da68daf735ebf7bc952556.0000d86d.honggfuzz.cov | Bin 55405 -> 0 bytes ...4c940f84cff423875811f204f5a6.00000049.honggfuzz.cov | Bin 0 -> 73 bytes ...3683a7401d30e862f3607735768c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e1d2672d9945488b18b922605884.00001bfb.honggfuzz.cov | Bin 7163 -> 0 bytes ...71cb5b39924eb167ea61435af114.0000029e.honggfuzz.cov | Bin 670 -> 0 bytes ...b04a3421dee580f35b98bb21747c.000105b8.honggfuzz.cov | Bin 0 -> 67000 bytes ...89a537cf304fdc56d8d5facbfb09.00000174.honggfuzz.cov | Bin 0 -> 372 bytes ...c6554bd3d18a7a63f9b62156aeaf.00009c97.honggfuzz.cov | Bin 0 -> 40087 bytes ...f9d97d6321a5bf67bbc8ea15fb0f.0000cc8d.honggfuzz.cov | Bin 52365 -> 0 bytes ...2a42676e6ec29c5aa02bf8562019.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...5536f3feb228b19b7683997f4f50.00000153.honggfuzz.cov | Bin 0 -> 339 bytes ...4fc3e7b49f9180369b02acc3ff65.00000299.honggfuzz.cov | Bin 665 -> 0 bytes ...37d792d33aab7bcca099f785ad6f.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...50da02a34c320d46e8a2d3338227.0000004d.honggfuzz.cov | Bin 0 -> 77 bytes ...78108fc83f1f4d67486f795e9df2.00000a03.honggfuzz.cov | Bin 0 -> 2563 bytes ...bd617ebec4fee6069003b4afb4cc.000000a1.honggfuzz.cov | Bin 161 -> 0 bytes ...6f165aaa1ca90b6ce1d60a11bd3b.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...f50d08f786bc293df846a8aedd25.00000045.honggfuzz.cov | Bin 0 -> 69 bytes ...cc7f749620012f5269143b56f053.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...f9c15da21d3a32e587e65456b031.000000b6.honggfuzz.cov | Bin 182 -> 0 bytes ...68fec4021416e845a0c736b9c163.00000020.honggfuzz.cov | Bin 0 -> 32 bytes ...440010d7b96e932775dab4ff1d25.00000107.honggfuzz.cov | Bin 0 -> 263 bytes ...644a0643d75d7021779ad242a428.0000c1d1.honggfuzz.cov | Bin 49617 -> 0 bytes ...af450d393ebfeebbf4c72f5cfbaa.0000033f.honggfuzz.cov | Bin 831 -> 0 bytes ...eb586cd6d4d261e845ac13c11321.00000295.honggfuzz.cov | Bin 661 -> 0 bytes ...8715bdefcfecc1c25e2b91a70691.0000006c.honggfuzz.cov | Bin 108 -> 0 bytes ...4d1b633ee14325679115f1e80a81.0001c2ad.honggfuzz.cov | Bin 115373 -> 0 bytes ...ab363c66a431550717cdca25d5d4.00001c2d.honggfuzz.cov | Bin 0 -> 7213 bytes ...ea07b61796407e5e230c074fa1d5.00000040.honggfuzz.cov | Bin 64 -> 0 bytes ...29660b07b857d424bd7fc13ec852.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...03e85b5cbee670eeecb52c1911fd.00000684.honggfuzz.cov | Bin 1668 -> 0 bytes ...2fd558a567a41d341af708251f6c.00000445.honggfuzz.cov | Bin 1093 -> 0 bytes ...63d9c8c4b015ed731b77c9eac0a1.00000d8a.honggfuzz.cov | Bin 3466 -> 0 bytes ...7593112cd999881f5fb5825b169b.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...68f35e73855ae47c775572036195.00000bb8.honggfuzz.cov | Bin 0 -> 3000 bytes ...e0bc2b0810d98d986bc743f7267b.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...15493707ad5a03a3d63cfb670583.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...3b03ada2c8e49389e059575afd92.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...448aed9b266128539c7ca229a8e3.00001814.honggfuzz.cov | Bin 6164 -> 0 bytes ...056954729b81812dbd1640812b46.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...32fad998256d964b2488e31d68f1.00000843.honggfuzz.cov | Bin 0 -> 2115 bytes ...e8449bc99094362077c25892ec04.00000040.honggfuzz.cov | Bin 64 -> 0 bytes ...e8463943ba94362077c25b240c04.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...bbffa170ae03c413b74d45c34ad9.000060c9.honggfuzz.cov | Bin 24777 -> 0 bytes ...ba92b494e5a1a3eacfbdc62d3d14.0002ffdb.honggfuzz.cov | Bin 196571 -> 0 bytes ...c58926d79636fb64c6907135bdd5.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...280343db800f7b444d09e7bb9262.000001db.honggfuzz.cov | Bin 475 -> 0 bytes ...56720c5f9cf78edc3337a974fa2f.000000d5.honggfuzz.cov | Bin 213 -> 0 bytes ...a2c94b763492a9a7bda2c29a5bc9.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...482041589d05723d6c01ee1e449e.00000485.honggfuzz.cov | Bin 1157 -> 0 bytes ...883b67f99a36b4919417ee63123c.000001b8.honggfuzz.cov | Bin 0 -> 440 bytes ...ad670310dc50cc776c92fc78c24a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6c6d4d548b30b156ad4193cc3948.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...fb8d0a481c85ff282372ae7629d2.000000d5.honggfuzz.cov | Bin 213 -> 0 bytes ...c33e58af277c23c885b904609b54.00000109.honggfuzz.cov | Bin 0 -> 265 bytes ...c519da2047ccf9cc1643add2c00e.0000004e.honggfuzz.cov | Bin 0 -> 78 bytes ...c56f6a2047ccf9cc5252f896d15b.0000004e.honggfuzz.cov | Bin 78 -> 0 bytes ...01cfff9764b169525fb844609d80.00000200.honggfuzz.cov | Bin 512 -> 0 bytes ...8d5b3e0b6412efefff90e116af6f.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...2fe28ad3dcb9437e651d2d380d18.00000bb8.honggfuzz.cov | Bin 0 -> 3000 bytes ...2f37fad03412fd901b40e1d8580c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...78f20a45fc144a82ead6ceb3ec9f.0000007d.honggfuzz.cov | Bin 125 -> 0 bytes ...e78f181d605668b3494feacec536.00000332.honggfuzz.cov | Bin 818 -> 0 bytes ...dcb85bf7fd8af2da970168b4fb57.0000029e.honggfuzz.cov | Bin 0 -> 670 bytes ...465328c0b02e38e501422f1c1f5f.00001aba.honggfuzz.cov | Bin 6842 -> 0 bytes ...4c422e84c892237cf91f4bb2239e.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...c1b7bf4c6ea674cfcff9052e7d5b.000002cb.honggfuzz.cov | Bin 715 -> 0 bytes ...8c138c3e957a0d0f1523f3854f7a.000007f1.honggfuzz.cov | Bin 0 -> 2033 bytes ...68cf76f7b08b97fb3cc95239ef3c.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...1259a401b49d62d690ebdabc0e2a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ed645d1b2386d7ef84ca14e60b5d.00006070.honggfuzz.cov | Bin 24688 -> 0 bytes ...2337569d5288a3e9fc66e937bb56.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...fc681f917fcdb6bb4d57497b1aee.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...b013a99ce1ea7a9a77b35702a841.00000124.honggfuzz.cov | Bin 0 -> 292 bytes ...793349c7af6952737f0bde8b375a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...35ce07bec437a4419b2eaef59487.00000de2.honggfuzz.cov | Bin 3554 -> 0 bytes ...f0cf7ded5f97e0a78e2af9423a0a.000000a8.honggfuzz.cov | Bin 0 -> 168 bytes ...88a01ab77c53ef8093d82db70e90.0000012e.honggfuzz.cov | Bin 0 -> 302 bytes ...9d6e3f77ef66364f0a5d656e53c3.000001b8.honggfuzz.cov | Bin 440 -> 0 bytes ...43c000440668c88596ace9f66ca5.00000098.honggfuzz.cov | Bin 152 -> 0 bytes ...9a06ed62d6a4d33c611ad78647b6.00000101.honggfuzz.cov | Bin 257 -> 0 bytes ...7afd777e16c9efb176dab9e6fc39.0000010f.honggfuzz.cov | Bin 271 -> 0 bytes ...b84a631fb5d86ccb44f83dff6361.0000001a.honggfuzz.cov | Bin 0 -> 26 bytes ...3e62578e8c33f0a1f9807dec9a35.0000003f.honggfuzz.cov | Bin 0 -> 63 bytes ...ad3edfadc58cc89aec6eebf63d98.000000b8.honggfuzz.cov | Bin 0 -> 184 bytes ...d117314a2c532a9fd919c3d81f96.000006d7.honggfuzz.cov | Bin 1751 -> 0 bytes ...59488722e0fa2f7797d7d8f9371d.00000941.honggfuzz.cov | Bin 2369 -> 0 bytes ...12717d8b5f4b03f2678bcac850fb.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...2c40ec04b5111b6cdb5a926f348e.000003c8.honggfuzz.cov | Bin 968 -> 0 bytes ...c1f4b25c02d04094588cf41312a6.00000e87.honggfuzz.cov | Bin 0 -> 3719 bytes ...798039439696feb41b7f08fc99b0.00000400.honggfuzz.cov | Bin 0 -> 1024 bytes ...164dc1925ecfdf2f04d89c13c8b2.00000084.honggfuzz.cov | Bin 0 -> 132 bytes ...1c09f64dbb3ca3f205cb1595b1f1.0000088c.honggfuzz.cov | Bin 2188 -> 0 bytes ...35a9d7f794d5123dc1a4555636cf.0000040e.honggfuzz.cov | Bin 0 -> 1038 bytes ...b4c0496e00b61a0a1308de3253a1.00000148.honggfuzz.cov | Bin 0 -> 328 bytes ...eb78e6d18434a05df93a04121e4a.00032915.honggfuzz.cov | Bin 207125 -> 0 bytes ...4e8b8a490bb8a5f7e11bca434b35.00017fef.honggfuzz.cov | Bin 98287 -> 0 bytes ...31bcc377b0bfd217062c53e08011.00000187.honggfuzz.cov | Bin 0 -> 391 bytes ...a653295796d8d6182ce711ce0d7e.0000002d.honggfuzz.cov | Bin 45 -> 0 bytes ...75cde3d79537a0f61a795da4f53a.000001e9.honggfuzz.cov | Bin 0 -> 489 bytes ...99553494da942dd8fc67a5b97f2f.0006a464.honggfuzz.cov | Bin 435300 -> 0 bytes ...231407cb13019327b4a10d7cdecb.000015c3.honggfuzz.cov | Bin 0 -> 5571 bytes ...aadbac652b08b8c0e1fddca16cf3.0000029e.honggfuzz.cov | Bin 670 -> 0 bytes ...97fe93a3db3c875b0ac16478be04.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...d261e3c75e4432d7879c20de7fa9.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...f30b92639351a6d0f93cb000665c.000000a3.honggfuzz.cov | Bin 0 -> 163 bytes ...b68421cada236a695f3d3de616a9.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a894b71d83577941889702056d88.00000053.honggfuzz.cov | Bin 83 -> 0 bytes ...4bdcc48ba14f0ead702a0cbe5925.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...daec954fe3303a6c49bb00974541.0000005a.honggfuzz.cov | Bin 0 -> 90 bytes ...85b5c219e6b3e8f6545c2312f37b.0000006e.honggfuzz.cov | Bin 0 -> 110 bytes ...03c91bce363b06da43e841e24852.00000933.honggfuzz.cov | Bin 2355 -> 0 bytes ...2dfc64dd9cdc43d98f92155b1c1f.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...e5ba9eef6c43d4c0537032509325.000000e9.honggfuzz.cov | Bin 0 -> 233 bytes ...119b52889d61e30a16a4ab201d41.0000a0d7.honggfuzz.cov | Bin 0 -> 41175 bytes ...a09dad4267c260f6eebb4cedffda.000006ab.honggfuzz.cov | Bin 1707 -> 0 bytes ...9224fe677984d807798864eae050.00000400.honggfuzz.cov | Bin 0 -> 1024 bytes ...2dce335c8c42d81f68fd02f7e122.000000ac.honggfuzz.cov | Bin 172 -> 0 bytes ...5dd5d50b43cc59974188b4db6808.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ccf2472d913603570ecb85411383.00001969.honggfuzz.cov | Bin 6505 -> 0 bytes ...4973be59b37b24be825f76ab672d.00000653.honggfuzz.cov | Bin 0 -> 1619 bytes ...0496b1efc7b8d3e32e7239d0423f.0001b355.honggfuzz.cov | Bin 0 -> 111445 bytes ...4096592817c63a609e489ef35afd.000000aa.honggfuzz.cov | Bin 170 -> 0 bytes ...6e35c45e8eecd1fdbbb990ab3098.0001c194.honggfuzz.cov | Bin 0 -> 115092 bytes ...5754253723250be738d24834c9d1.000000c0.honggfuzz.cov | Bin 0 -> 192 bytes ...3cd2fc3fc193a2dc2dc9ca160daa.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...5c838b1ca449d72ab362ca228414.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...37d1bbaaa4c5b59e184ff09a1e79.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...d8aab0d81be48810144c16dfe8cb.00000775.honggfuzz.cov | Bin 0 -> 1909 bytes ...ef85b3906520c00e967c919d90e6.0001a03f.honggfuzz.cov | Bin 106559 -> 0 bytes ...344b3c558004de76be954b598b48.00002265.honggfuzz.cov | Bin 8805 -> 0 bytes ...d2f1f1539b828de21655d520bdda.00002710.honggfuzz.cov | Bin 10000 -> 0 bytes ...9d908d4c900b5c012e26d13bebfc.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...3eeabc40333ea7faf1b8ad63c16e.000000b2.honggfuzz.cov | Bin 178 -> 0 bytes ...549478acb66b6d29cea978406340.0000005c.honggfuzz.cov | Bin 92 -> 0 bytes ...df8f794de619bfd106810042f00d.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...64e4ca99b1f2c5a9397a70fa9ba6.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...5c0b9349d10bce0012811b1f327a.0001a058.honggfuzz.cov | Bin 106584 -> 0 bytes ...a5a31d683f5c784fe3be36b50406.00000c7c.honggfuzz.cov | Bin 0 -> 3196 bytes ...ad6ef42aafa3de266a606f8c6d67.0000ed52.honggfuzz.cov | Bin 0 -> 60754 bytes ...c97727325abe1e171b16ce1fc4ac.000000a7.honggfuzz.cov | Bin 0 -> 167 bytes ...a09bfff185245e910e2c6bb67b78.00000d31.honggfuzz.cov | Bin 3377 -> 0 bytes ...6628f4079206cdc793c5c5e670d5.0000004f.honggfuzz.cov | Bin 0 -> 79 bytes ...2753b06d39bf0397fa093a660100.00001670.honggfuzz.cov | Bin 5744 -> 0 bytes ...543a66c62e98afebf4190740307e.0000003a.honggfuzz.cov | Bin 58 -> 0 bytes ...841e513f877fe1209101699135ca.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...365747eac056405f8b4c307010c1.0000007f.honggfuzz.cov | Bin 127 -> 0 bytes ...5fc156f84606286df0b6fa8b8d4d.0000192a.honggfuzz.cov | Bin 6442 -> 0 bytes ...1da061210ac4b5caf10e73ca472c.000004a0.honggfuzz.cov | Bin 0 -> 1184 bytes ...7763acd20259342d7e74481a4803.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...37d3553f9f36623a0b27873e09dc.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...e1a8a3c17e12112d2011ea02c4d3.00003e92.honggfuzz.cov | Bin 16018 -> 0 bytes ...fa2d7f0cad96bb325108082152fb.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...27bfb1ce4014555c1d8d34314044.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...ba801ebfceb9d234e61c5447b460.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...f3629f41428434fd01dd59dc046c.0000001a.honggfuzz.cov | Bin 26 -> 0 bytes ...2e12627283b647a884758569891f.000003de.honggfuzz.cov | Bin 0 -> 990 bytes ...a02051deb67c24c026798538707a.00000076.honggfuzz.cov | Bin 118 -> 0 bytes ...e39d6b60d1956c9a7cfdac411cb2.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...bd3abba668309bc77bb974ed7871.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...ea95816ba45a2f1309affdfaef9f.0000983d.honggfuzz.cov | Bin 38973 -> 0 bytes ...0a66eb8b9208a247f4c30e055a4c.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...0e75fac040dc8033109a408efa1e.00000902.honggfuzz.cov | Bin 2306 -> 0 bytes ...cba5e33ccf3454c7b16b3fb284b8.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6c2250903c1cfe1814827f71e209.0001e1e3.honggfuzz.cov | Bin 123363 -> 0 bytes ...8449ce4e5212a4c91e55cd8ccb15.00000022.honggfuzz.cov | Bin 0 -> 34 bytes ...22043a51e0adfa7b61b1af6462f7.000000de.honggfuzz.cov | Bin 222 -> 0 bytes ...64da4efb354f07d5913ac7974d9a.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...2177541b9fcd8391e4f2d80b5c63.0000011a.honggfuzz.cov | Bin 0 -> 282 bytes ...9bbb36ccb36cafcae393b97ac803.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...d1259ad079bef1ba39e08dc39649.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...4204d5a3105f342b6aa7febb2a32.0006703e.honggfuzz.cov | Bin 421950 -> 0 bytes ...c19cd86a4340644b727895c16c64.00000020.honggfuzz.cov | Bin 32 -> 0 bytes ...5dead80ce48aa7d95f325c871c9c.00010106.honggfuzz.cov | Bin 0 -> 65798 bytes ...367b0a7ac0799d857851469d98d0.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...0ff9f78e1db8adab84f9408bf5d7.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...f03a84df217ebc42958399f0507f.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...db7ec54732c675f31c231fd1b808.00039ae6.honggfuzz.cov | Bin 236262 -> 0 bytes ...e469f8dc28d49c33aa9f6b6ce37c.0000032e.honggfuzz.cov | Bin 0 -> 814 bytes ...8ea574a14a42325a95f0b1d007ba.000167d2.honggfuzz.cov | Bin 92114 -> 0 bytes ...e7b32ee85f127e28d1a69eb63641.00000145.honggfuzz.cov | Bin 325 -> 0 bytes ...f61b58ea78b748f3bd5cc21024ff.000101cb.honggfuzz.cov | Bin 0 -> 65995 bytes ...d027a5df2f689922ce7fe02c208e.000000a3.honggfuzz.cov | Bin 163 -> 0 bytes ...c6858ab4fb7a7f168105a685284f.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...a7c47e1c24782549a0d3fe02ed4e.00000101.honggfuzz.cov | Bin 257 -> 0 bytes ...456afe9745bb378facf69c9ea2ac.0000001c.honggfuzz.cov | Bin 0 -> 28 bytes ...5d7f7f658affe70fe60bd4f53729.00000281.honggfuzz.cov | Bin 0 -> 641 bytes ...6ca482329cc4d0de244347fdb506.00000097.honggfuzz.cov | Bin 151 -> 0 bytes ...d640d6bdd08daf2ce07a5affe51c.00001cc1.honggfuzz.cov | Bin 0 -> 7361 bytes ...68a6d72ef110d1a4040524ff6837.000000ce.honggfuzz.cov | Bin 206 -> 0 bytes ...ceb4cb77b640d8f10fac8f646859.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...be93cf138b79eb6ec27e98767b6f.000009ea.honggfuzz.cov | Bin 0 -> 2538 bytes ...052dc4ea9f1db17bdac297919440.00014292.honggfuzz.cov | Bin 82578 -> 0 bytes ...0dae205888746076c35bf8ede9a2.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...3da03601e0932eec4ecc97912712.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...d7cd2eb9461f65215cd8d1a6f73a.0000024d.honggfuzz.cov | Bin 0 -> 589 bytes ...69973be39612efde4b8284a02ef5.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...d97a723e3ce4265a925d7cf067a5.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...5c82dcfb35b2148cb07eab1a56fb.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c41196ba7c3a2d5d2ba03bb576da.00000081.honggfuzz.cov | Bin 129 -> 0 bytes ...fa32ec934e8311efc2bb87cebc78.00000bb8.honggfuzz.cov | Bin 0 -> 3000 bytes ...be4cd0dd3afd98a141ce891693bf.000037a1.honggfuzz.cov | Bin 14241 -> 0 bytes ...ad5dbb77468332ee265c509f4fe7.0001ecf3.honggfuzz.cov | Bin 126195 -> 0 bytes ...40cdf8f54bf5982ce825a1861715.00000094.honggfuzz.cov | Bin 0 -> 148 bytes ...0fa2fdf5a7d2f10337426ba58fed.0000001d.honggfuzz.cov | Bin 0 -> 29 bytes ...b5416d5426bf2671f4b270f29ff7.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...23a29dc4c016b1d8d1a8fede36f2.00000272.honggfuzz.cov | Bin 0 -> 626 bytes ...87e8dcb947ab5519a1aa44277fcf.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...60b11c4ea864d46ca0fa4df42f5f.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...1bd07df3d12bef68fa230fd14cca.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...1bd1a683d12bff683d3eb90a217d.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...5463a3dcb42149bd72265473ace7.000001b9.honggfuzz.cov | Bin 0 -> 441 bytes ...3263057262ce3ff68212468fff2a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...030043a3be262349a294338a82d0.0000077f.honggfuzz.cov | Bin 1919 -> 0 bytes ...baf13978fc0615f48f2b93a41498.00000094.honggfuzz.cov | Bin 148 -> 0 bytes ...3119090a061f16e71f8e4631071e.000001de.honggfuzz.cov | Bin 478 -> 0 bytes ...2ce44773804d4bd0ef560e413597.000001bc.honggfuzz.cov | Bin 0 -> 444 bytes ...d01eb754d5d933eb38223e11211b.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...c200013c494097a906a9c8f22282.00000083.honggfuzz.cov | Bin 131 -> 0 bytes ...3459cc25c1752ac40fb4c3aa4ac6.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...06f3610259749f5919efd3470aaa.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...0ff0478171b77f99b4a0caed2fcd.00002ac5.honggfuzz.cov | Bin 10949 -> 0 bytes ...1afcf6a46f5e264ab2b6549aaaeb.000002a9.honggfuzz.cov | Bin 0 -> 681 bytes ...dc5bc5fb9906c21dc393d23e8011.00000126.honggfuzz.cov | Bin 294 -> 0 bytes ...67fc09983ebb053c10eb0ed94375.000001d5.honggfuzz.cov | Bin 0 -> 469 bytes ...3d906949f2253ffdd5399658f98f.0000c1d1.honggfuzz.cov | Bin 49617 -> 0 bytes ...60d86480f74a5b15de449d78e26e.00000cd7.honggfuzz.cov | Bin 0 -> 3287 bytes ...53597fd42261fc5dcd63654ce0a8.0000030c.honggfuzz.cov | Bin 0 -> 780 bytes ...b2efc29cb3fed060562f6c2c74a2.0000097e.honggfuzz.cov | Bin 0 -> 2430 bytes ...2bf52aefe603c2996a3002e975f2.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...f9cb27dfb552e73e93765dca4171.0000031e.honggfuzz.cov | Bin 0 -> 798 bytes ...c136ee7d3b9584b4733f9d450b74.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...104a3f27a372f2fd547be0fe493b.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...da5cb9b5e02d5675a3823998436a.00000056.honggfuzz.cov | Bin 0 -> 86 bytes ...50feba77952af4bb1afa73ce647a.00000b55.honggfuzz.cov | Bin 2901 -> 0 bytes ...9aef3798a552e530c8baacc25d00.000000d5.honggfuzz.cov | Bin 0 -> 213 bytes ...cf2d91883eb4a4cbee52e664cc63.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...9916393cc55cc36bc8415061e0a2.00000024.honggfuzz.cov | Bin 0 -> 36 bytes ...40f33d97e9746f8106a1f2560a7e.000006a9.honggfuzz.cov | Bin 1705 -> 0 bytes ...299e5135fa18d852238df1fc5c6c.0000001d.honggfuzz.cov | Bin 29 -> 0 bytes ...4615e039fba82d89741e356c5db7.0000001d.honggfuzz.cov | Bin 0 -> 29 bytes ...9ed884d2baeacfb607ede2adb25f.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...166509a037316d74c321f2229d37.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...2c5be007f089d337f9003486c23d.00000092.honggfuzz.cov | Bin 146 -> 0 bytes ...351ad94b7d294b4c66860e603e67.0001a902.honggfuzz.cov | Bin 108802 -> 0 bytes ...9d2f7d09e817928cf596dcf284c3.0001153e.honggfuzz.cov | Bin 0 -> 70974 bytes ...9af825b6fce7ad74e0389a08ec37.00000035.honggfuzz.cov | Bin 53 -> 0 bytes ...bf6d585a717ec3a08c7ee2ae811d.00000bb8.honggfuzz.cov | Bin 0 -> 3000 bytes ...e80f6f84abc6d5ba454e3eeb99fc.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...06a599cc67a0df7130861ee6203e.0000002e.honggfuzz.cov | Bin 0 -> 46 bytes ...d0fac1901af468fe4ede4d18201e.00006b46.honggfuzz.cov | Bin 0 -> 27462 bytes ...34282efa920ff91bb1a9090dcb38.00000400.honggfuzz.cov | Bin 0 -> 1024 bytes ...8f7aadb49549bd9ffdaff74d8e06.000002e6.honggfuzz.cov | Bin 742 -> 0 bytes ...ddc7913676ede3291af866992142.00005312.honggfuzz.cov | Bin 21266 -> 0 bytes ...eb7b9ceb69f1dacba416541d8e18.000000f7.honggfuzz.cov | Bin 0 -> 247 bytes ...641aad7d2944826b6a2341024f8b.00000123.honggfuzz.cov | Bin 291 -> 0 bytes ...b1f340abbd60548df9b37c1ec674.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...d5be86fdb06b0b7a37bd90e63c11.000010cd.honggfuzz.cov | Bin 0 -> 4301 bytes ...3e50e582f0df31e5f6fb86e1a05f.00000181.honggfuzz.cov | Bin 385 -> 0 bytes ...2f51bbb6d50b9f1cac087165fe20.00002a10.honggfuzz.cov | Bin 0 -> 10768 bytes ...5818630eedb7b46f0f65c0769fc8.0000009c.honggfuzz.cov | Bin 0 -> 156 bytes ...0e23d5e688e007efe7db27cbc591.000000c0.honggfuzz.cov | Bin 192 -> 0 bytes ...a81f82c2b84f540c2e1825d657d3.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...d25eaa7baee41ed4cd8cf39d1305.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...007a83993129f3a4e9cf0b8d240c.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...e9cf22c1e65a82a461299af2334a.00001446.honggfuzz.cov | Bin 0 -> 5190 bytes ...bb0938b1f4ebda1f28d932aee917.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...21aae811e4b54092e121e08fd236.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...79eb7940c4ae01a1be3c3a6be5fd.0003f045.honggfuzz.cov | Bin 258117 -> 0 bytes ...d619f06192a7999e32028744b1cc.00000077.honggfuzz.cov | Bin 119 -> 0 bytes ...72bf5488ebe3c997d86b73325ab1.0000009e.honggfuzz.cov | Bin 158 -> 0 bytes ...43119187854774d25e2747a525db.0000001c.honggfuzz.cov | Bin 0 -> 28 bytes ...683c9eff9a494ea6c5b392a8e72e.0000049c.honggfuzz.cov | Bin 1180 -> 0 bytes ...3f4a2f4721ba7a4e2333ba3610db.00000127.honggfuzz.cov | Bin 0 -> 295 bytes ...91f48bbca11cd081ca87d11b72ad.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...95a9c718776b64fe97e5886c7b6d.000196e0.honggfuzz.cov | Bin 104160 -> 0 bytes ...3241981661605216da6cdbcbb2da.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...76b5147df29edf4773ec61e10ffd.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...bdaa69b1dbb46be9e02e00323f1a.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...b5f31d93aa4bb255d5a5b3cc4740.00001ffb.honggfuzz.cov | Bin 8187 -> 0 bytes ...4b7abb5dacf5f96d969d14fdb925.000075e1.honggfuzz.cov | Bin 0 -> 30177 bytes ...e311548f10ab95ed4a4fc521077d.0000004a.honggfuzz.cov | Bin 74 -> 0 bytes ...c5d3d73651da3a1a4416cd526d27.0000197d.honggfuzz.cov | Bin 6525 -> 0 bytes ...d8e468974403ab30bf1b76205448.0000e721.honggfuzz.cov | Bin 59169 -> 0 bytes ...46983793c5f4939156df3ec39189.00000133.honggfuzz.cov | Bin 0 -> 307 bytes ...adadef0a9d85d5d58bcf4da6bc0f.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...401958f19e6c0e39a41bc9561bf9.00045055.honggfuzz.cov | Bin 282709 -> 0 bytes ...642eed8d0e1ff2ac229ecc334e15.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...c0eb4ee53011f9e60fd4458daf72.000004e8.honggfuzz.cov | Bin 1256 -> 0 bytes ...da63684a6e47698826018138154c.000006a9.honggfuzz.cov | Bin 1705 -> 0 bytes ...3c1c72d304a014696e6bd70af54e.0000005f.honggfuzz.cov | Bin 0 -> 95 bytes ...ed66ea65707c4ceab99089454191.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...24916c45ae9e41fb0f6b3d630f02.00000892.honggfuzz.cov | Bin 2194 -> 0 bytes ...d6ad8e705f7a382d9aee9c370c13.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...71c3a3d9142679e6bdb5bba9e83f.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...bb4f6a765de37721f5c30b6206bf.0000002b.honggfuzz.cov | Bin 43 -> 0 bytes ...bf462e4f141a2eadf01acb8bad48.000000a6.honggfuzz.cov | Bin 0 -> 166 bytes ...60c88bcac1944a9543f1104d31ab.00000056.honggfuzz.cov | Bin 86 -> 0 bytes ...075307774d6afd3f46839df6fd28.00000118.honggfuzz.cov | Bin 0 -> 280 bytes ...f81722d2045a663d48e961145299.0007695a.honggfuzz.cov | Bin 485722 -> 0 bytes ...021b945b2ba1ce4707bd1d5fe4bd.000001ab.honggfuzz.cov | Bin 427 -> 0 bytes ...5209dc700c8c74bb31a6ba9754b2.00002710.honggfuzz.cov | Bin 0 -> 10000 bytes ...c146631215422ea57077a25940df.00002a35.honggfuzz.cov | Bin 10805 -> 0 bytes ...493408df9d1fc92f019e1f8a0bc2.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...5a9f5098e35d40444028c6c5ed1b.00001cf2.honggfuzz.cov | Bin 7410 -> 0 bytes ...5d7dc54cee73ddef31b34f521195.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...27a66a3a857bfa6c0a73db71c62d.00017c0f.honggfuzz.cov | Bin 0 -> 97295 bytes ...c67b35edb0d17da0de9749fdcffc.00000e7e.honggfuzz.cov | Bin 0 -> 3710 bytes ...9663dfb2b990f8a215279fb590e4.00000020.honggfuzz.cov | Bin 32 -> 0 bytes ...61d2a0cbebc3d178c2d1cfcbd00f.00002000.honggfuzz.cov | Bin 8192 -> 0 bytes ...03aac0c1ebcac3089c8a1e3c49b8.0001fc7b.honggfuzz.cov | Bin 130171 -> 0 bytes ...625f11431eebd738044a3900538d.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...e3dd43a50f992a241b15c10dcb03.0000e256.honggfuzz.cov | Bin 0 -> 57942 bytes ...9e926332df489da4108344370ce6.000038aa.honggfuzz.cov | Bin 0 -> 14506 bytes ...a0a6b40f2746bb4280dd54f7582b.00000a0b.honggfuzz.cov | Bin 0 -> 2571 bytes ...4a167d3083cd124440c3aad9587b.00000037.honggfuzz.cov | Bin 55 -> 0 bytes ...9c6d7ccf5f3c439ca10ead919a37.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...b2cca30644de3c657a98efa5e4fc.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e94e5e4794e6364a4035347b0122.00000933.honggfuzz.cov | Bin 0 -> 2355 bytes ...569898dabe2e83a33bd5b6548192.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...2846333f0830e948eb5b8ea43262.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...914b898b60eb2086dad4ac92cfc1.000001a5.honggfuzz.cov | Bin 0 -> 421 bytes ...f1ac3739be49b4c4ee8b16e61d18.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...5ebea6178f4a926ec6b36ec92615.0000002d.honggfuzz.cov | Bin 45 -> 0 bytes ...765eab9007d630e3b41071633424.0000007d.honggfuzz.cov | Bin 0 -> 125 bytes ...30a3dc9aa4b22d9ff9123e8f83f2.000008ec.honggfuzz.cov | Bin 2284 -> 0 bytes ...73a8821fe384b116c441c4d66b34.00012033.honggfuzz.cov | Bin 0 -> 73779 bytes ...746dbb2e2bfa2480a404685ff0da.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...880aa7dffb1e44b32e23dccf5fa6.000000a4.honggfuzz.cov | Bin 0 -> 164 bytes ...ba6dea19b8aad72042ccf4888a6f.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...d1269171afcf3b0f32b90dab3efd.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...4d0b97b17228cbcd63d68b8d4edf.00007b50.honggfuzz.cov | Bin 31568 -> 0 bytes ...d4589610c9970e468cfa912f7df3.00000b1e.honggfuzz.cov | Bin 2846 -> 0 bytes ...83350ef88a6bedbc688b0110bc79.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...1683ae8ea879a6a9246cb282f5e4.00000181.honggfuzz.cov | Bin 385 -> 0 bytes ...1a758429b4cf335f14a0d2265af7.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...300c4c7751b9aed67bad09fc84f8.00000f21.honggfuzz.cov | Bin 3873 -> 0 bytes ...f64bed44217c07524c39b10a9fd3.00000e0d.honggfuzz.cov | Bin 0 -> 3597 bytes ...13cf14108bb66997ad1bcaa0d6ac.00000033.honggfuzz.cov | Bin 0 -> 51 bytes ...4d40000000003d30392000000000.00000003.honggfuzz.cov | 1 + ...1e33f415641a351c13d827fee270.000097c6.honggfuzz.cov | Bin 38854 -> 0 bytes ...36b0b27e0e9d49b728b80c7b99ea.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...26255732a853f7ea9ba21b3e77c9.0000004c.honggfuzz.cov | Bin 76 -> 0 bytes ...0943aa1a16b297bdcffd8b23123e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...971984f61582a8184132586ca2ad.000000f7.honggfuzz.cov | Bin 0 -> 247 bytes ...6a4a1c80e3877ff421bfa6d45d5a.00000077.honggfuzz.cov | Bin 119 -> 0 bytes ...197b868320aa7260a160a0168316.00000038.honggfuzz.cov | Bin 0 -> 56 bytes ...6c13e693a46b06f540eeda37c210.000001c9.honggfuzz.cov | Bin 457 -> 0 bytes ...6f607004bd0323131c0a991f27f1.00000e06.honggfuzz.cov | Bin 3590 -> 0 bytes ...7125ce16f5c8057f2ca094c9f14f.0000679d.honggfuzz.cov | Bin 26525 -> 0 bytes ...276f74fad8f572846b45fae52f7b.0000007d.honggfuzz.cov | Bin 0 -> 125 bytes ...70c21396a9faba2aae1aa1a5a5de.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...5a909a0a76f75c80fd148740981a.000000be.honggfuzz.cov | Bin 190 -> 0 bytes ...965fed41471e7ab3ec991a48a713.00012fa2.honggfuzz.cov | Bin 77730 -> 0 bytes ...defefdd77c805a05e898aefdd08b.000070c6.honggfuzz.cov | Bin 28870 -> 0 bytes ...17e05af93bf973ccf5c0ecfd834b.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...110beab5caae5d12c2f3b4501a45.0000010f.honggfuzz.cov | Bin 0 -> 271 bytes ...944618b8af759de4cbade7cd6147.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...5b8449c3063bfde7b8630a2aa021.000000b2.honggfuzz.cov | Bin 178 -> 0 bytes ...2746a05782e0fb254325a2b7717b.0000004b.honggfuzz.cov | Bin 0 -> 75 bytes ...86f9c8aa90796f11da02aee15578.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...34acd747ff1fdfef1232d2eea64c.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...1eec50227ce38677382a0497d65b.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...1dd92ca7c0988d4fed2ab9970df3.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e16f03aa3031c6375d09c3089a34.000040c1.honggfuzz.cov | Bin 16577 -> 0 bytes ...af899e2cc0ccafb5b4c849482d5e.00000400.honggfuzz.cov | Bin 0 -> 1024 bytes ...392885fe89d5b2f776fca1319a02.000000a6.honggfuzz.cov | Bin 0 -> 166 bytes ...f6a189fecb553bd3ae6f52e771f3.0000006c.honggfuzz.cov | Bin 0 -> 108 bytes ...42c71a869445efc0e41dd835f576.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...39919146d871aed8915c2a6e1fcc.00000035.honggfuzz.cov | Bin 0 -> 53 bytes ...c077ffbd84d5d2a03d93642b67f1.0000091d.honggfuzz.cov | Bin 0 -> 2333 bytes ...ec7824a7171206d83d1b2fd5143a.00000171.honggfuzz.cov | Bin 369 -> 0 bytes ...87ba9ee089d34fa4e72e44da9737.0000003e.honggfuzz.cov | Bin 62 -> 0 bytes ...5a963583c69e3f949f3d0c0bd8f0.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...956dd9dba35dbe5bdeb8cfd07d73.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...45cc4e311814a0417093c4587097.000001b5.honggfuzz.cov | Bin 0 -> 437 bytes ...000b591c7eb418fdb0fdecb0dc2b.0000053d.honggfuzz.cov | Bin 0 -> 1341 bytes ...009f0f54e20958399ffd02b832d2.000037a0.honggfuzz.cov | Bin 0 -> 14240 bytes ...a8fd618e9e2ee35f54ba3fca2223.0001f8de.honggfuzz.cov | Bin 129246 -> 0 bytes ...cd371d7e86766fe0297647899790.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...580680b895b309d027b24d603546.000001c6.honggfuzz.cov | Bin 454 -> 0 bytes ...493d38669b3d389d5270b9344792.0001859c.honggfuzz.cov | Bin 99740 -> 0 bytes ...50143a3b41bbb05f7106da372ecc.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...a4ab1f6447f303b61215072be5b5.00000126.honggfuzz.cov | Bin 294 -> 0 bytes ...e1ab1f6447f3034c4db0076ab1a0.00000126.honggfuzz.cov | Bin 0 -> 294 bytes ...a173599108ac23ed5eda7f947ef1.0000fb97.honggfuzz.cov | Bin 0 -> 64407 bytes ...2135a3ea1c7e19581a57b6ced7d6.000147bf.honggfuzz.cov | Bin 83903 -> 0 bytes ...beedcaf6c07461f99fb9b85824c8.00000400.honggfuzz.cov | Bin 0 -> 1024 bytes ...669ff5409960ce6cdf1fff994817.0000003e.honggfuzz.cov | Bin 0 -> 62 bytes ...bf2e01bba341e9704b7c58475edc.0000025c.honggfuzz.cov | Bin 0 -> 604 bytes ...3e22b6eed86e37ad37e7c89b1993.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...7e30994435752377a5e45fa0f5d1.000000a4.honggfuzz.cov | Bin 164 -> 0 bytes ...23861177db48f6d3be5ca903d282.000000ac.honggfuzz.cov | Bin 172 -> 0 bytes ...023adfd6883d9b9062ab65e0dcc6.00002757.honggfuzz.cov | Bin 10071 -> 0 bytes ...da47780298e50237e146ce8062d5.00001552.honggfuzz.cov | Bin 0 -> 5458 bytes ...faa91257425b9261b98ca201a294.00000057.honggfuzz.cov | Bin 87 -> 0 bytes ...0caf29d5a55a08cd465bfe611b31.00000288.honggfuzz.cov | Bin 648 -> 0 bytes ...5892841884772605eff5aad27d28.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...d62dec17ce4d58ef952bbbfc146a.00000098.honggfuzz.cov | Bin 152 -> 0 bytes ...dc9ca346cb9593dfeb80ed41b54c.000105b8.honggfuzz.cov | Bin 0 -> 67000 bytes ...96a3a70a782efdf5de0cbdf81ccb.0000d0e4.honggfuzz.cov | Bin 53476 -> 0 bytes ...84c860227d84e8f4479042108a8e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...742b7e602ddeb664db4eadbd67e0.0000008c.honggfuzz.cov | Bin 140 -> 0 bytes ...6e71c9b4101de5d6c3c917c0f32c.0000121f.honggfuzz.cov | Bin 0 -> 4639 bytes ...9d70656e1147a6e5a7cc6131827b.00000124.honggfuzz.cov | Bin 0 -> 292 bytes ...d321931337cbbadea3536ff102c1.0000b9cb.honggfuzz.cov | Bin 0 -> 47563 bytes ...9c36421f5813183699282a053659.00000bb8.honggfuzz.cov | Bin 0 -> 3000 bytes ...8b29d981931978ef781acc2d2d00.000000a0.honggfuzz.cov | Bin 0 -> 160 bytes ...668bdd804e357c198bdcaaf167b8.000009de.honggfuzz.cov | Bin 0 -> 2526 bytes ...112c5afe26f494f0c2f770830a96.0001e290.honggfuzz.cov | Bin 123536 -> 0 bytes ...8ac130ad5b64625d86df7fee5c2e.00000707.honggfuzz.cov | Bin 1799 -> 0 bytes ...2d257363468eca0956b79e1c3529.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...15caf8bbefce83d12b0882b45b86.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...922109720b07aff98fad02309227.000005f4.honggfuzz.cov | Bin 0 -> 1524 bytes ...3cbafee5e7ad7771a238f2b59628.00000200.honggfuzz.cov | Bin 0 -> 512 bytes ...ff5416de115655f27e105a21cc91.0000001d.honggfuzz.cov | Bin 29 -> 0 bytes ...4d222f99c136bad64a58cd1729f6.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...41461e4109be73680caef108c964.0000006c.honggfuzz.cov | Bin 108 -> 0 bytes ...e685a3b8705cb49eab08437ada37.0000c36b.honggfuzz.cov | Bin 0 -> 50027 bytes ...042f4cff78de22f9de76c1974529.000001cf.honggfuzz.cov | Bin 463 -> 0 bytes ...1b4883dca77a6d3cf1106226e6d2.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...00710e2261c7c814fc1c152c0f04.00001a80.honggfuzz.cov | Bin 6784 -> 0 bytes ...b33a5307b4e4bd91821fef3be762.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...148f2ed4211fe06b51804006d537.000000eb.honggfuzz.cov | Bin 235 -> 0 bytes ...10a96556932b0b8a1bfbe2ea8046.0001f060.honggfuzz.cov | Bin 127072 -> 0 bytes ...d602a14c12fb335e6c14544e827c.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...1c6842e200d74252f27d65823a9a.000000c6.honggfuzz.cov | Bin 198 -> 0 bytes ...1c6842e2d5574faf72a89802ef47.000000c6.honggfuzz.cov | Bin 0 -> 198 bytes ...2116148214395aef5cd26b275a38.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...437f04db80c2c5be9420082c51f2.0000009f.honggfuzz.cov | Bin 159 -> 0 bytes ...7a1c80176c19ec5ef3f39c15179d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e180871a2cd45d3d4b4f52d643cd.00000d69.honggfuzz.cov | Bin 0 -> 3433 bytes ...cdf06668240bef0921af0396c4a1.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...01ed4efc90058ebe8159a29c0cf9.0000008e.honggfuzz.cov | Bin 142 -> 0 bytes ...f660eebcc44016515fcdf4bcbbba.00000581.honggfuzz.cov | Bin 0 -> 1409 bytes ...5f42e6579808f92310eb68eb87bc.000017ef.honggfuzz.cov | Bin 6127 -> 0 bytes ...eb4d54d92414884917e1cc559a69.0000003d.honggfuzz.cov | Bin 61 -> 0 bytes ...9950e4926e87bb4c877abca1abae.00000200.honggfuzz.cov | Bin 0 -> 512 bytes ...a51ce1af9329c34ce48d957204bc.000000f9.honggfuzz.cov | Bin 0 -> 249 bytes ...88aed921bbf4fd0caaf7393af7a9.00000308.honggfuzz.cov | Bin 776 -> 0 bytes ...c6a16c332ab20db9a52838642ee0.0000cca1.honggfuzz.cov | Bin 52385 -> 0 bytes ...a9d78e00e6087effe2f35a366bdc.00000034.honggfuzz.cov | Bin 0 -> 52 bytes ...562de9a53e0b5eec7294c64da728.00000c39.honggfuzz.cov | Bin 0 -> 3129 bytes ...657e5defd3b2305ca394c7b09ccf.00000453.honggfuzz.cov | Bin 0 -> 1107 bytes ...7183cb6b9df4b5c07b087bb1e047.0000001d.honggfuzz.cov | Bin 29 -> 0 bytes ...bc3daef02f9759d3dbfc535929e7.00018619.honggfuzz.cov | Bin 0 -> 99865 bytes ...b9bf195fc4780794fd724a066096.000002c8.honggfuzz.cov | Bin 0 -> 712 bytes ...e7f922e59f319763072c1b1c697c.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...73868e7ed53cf285366cec7196b1.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...b40f67913a8d94b570f40d0a3987.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...c32a750f1338bd781a6831729706.000000a4.honggfuzz.cov | Bin 0 -> 164 bytes ...e9b65c9e49cb4cf2f3744793725a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...29d3d5e8abc10d79481c9157f409.00001c53.honggfuzz.cov | Bin 7251 -> 0 bytes ...117fcee7fa21da6bfd765581cdfc.00000360.honggfuzz.cov | Bin 0 -> 864 bytes ...9e5bde2c703ea54208b617de0776.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...36facf15ff45405074ebca232db2.000007d6.honggfuzz.cov | Bin 0 -> 2006 bytes ...e85a0a0e6319d2fd97e517378e2c.00001bcf.honggfuzz.cov | Bin 7119 -> 0 bytes ...241853949cb2309dc58aa08d3688.0000001e.honggfuzz.cov | Bin 0 -> 30 bytes ...5d9185154dc643ecce8ee84f4604.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...e003db7bc7f5a6775b7b53605490.00000008.honggfuzz.cov | 1 + ...5b95c3e01439fc545ce16917228d.00004c27.honggfuzz.cov | Bin 19495 -> 0 bytes ...06900c080721b6a94749a6f9122d.00000186.honggfuzz.cov | Bin 0 -> 390 bytes ...aec5b51e74a7ff2188cdc575bc54.0000004f.honggfuzz.cov | Bin 79 -> 0 bytes ...ea11f65f5c22604ec9cc98357241.0002bfb4.honggfuzz.cov | Bin 180148 -> 0 bytes ...92813c0e10317af44fdfc1312df0.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...615a6adb5458cd72190112bbc5fa.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...37a667755e70457bb206fe61c413.00000138.honggfuzz.cov | Bin 0 -> 312 bytes ...c1800bbd12d1b5e654950e352bf5.0001153e.honggfuzz.cov | Bin 0 -> 70974 bytes ...322c1eafd07257323a8992c718b9.0000ffe6.honggfuzz.cov | Bin 65510 -> 0 bytes ...80c70c245bcf5f6ef21cf06fe550.00014ebc.honggfuzz.cov | Bin 85692 -> 0 bytes ...9e652c98f9912d99cc9c2ee05efb.00008b51.honggfuzz.cov | Bin 0 -> 35665 bytes ...3440fa8034af284649198a25c4f1.0000040a.honggfuzz.cov | Bin 1034 -> 0 bytes ...a525f6cdb5994c8a1355d5ff6d24.00000023.honggfuzz.cov | Bin 0 -> 35 bytes ...7d1208f4eedba41323c55ef0b434.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...7a5edbf75953e5e4b379a760d807.00000126.honggfuzz.cov | Bin 0 -> 294 bytes ...5ad29f1790ce1b3cb6cff1fa64e6.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...20caedd8c1a829bf89c04c4a2a5e.0000c006.honggfuzz.cov | Bin 49158 -> 0 bytes ...c3714eea78ee7e91d20363c943ea.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...cdaa03c243b6b09f9b6342eef744.00000037.honggfuzz.cov | Bin 55 -> 0 bytes ...f6536a433a3e8851c854954b80e5.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...b6547f38b685c12088f6128cf8a1.000000f2.honggfuzz.cov | Bin 242 -> 0 bytes ...d24b389335bc58fd28a4b7b87ff8.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...d129d111bdca4cb3d3127d6a9813.000148cb.honggfuzz.cov | Bin 0 -> 84171 bytes ...9e5936c4dd17168bf8995267fc92.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...8d9ed7a91ffc9154a6e06c341df3.0000004f.honggfuzz.cov | Bin 79 -> 0 bytes ...b58c7a1c24a4be962ce8016dd6c7.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...e96c404d27c25512529af63a54a7.00000090.honggfuzz.cov | Bin 0 -> 144 bytes ...b25c8b64e88b7e8b83a67260c304.00000035.honggfuzz.cov | Bin 53 -> 0 bytes ...3fb2adc0ab83c2d7fa19bda865db.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...96461d9141ed61869a58e7eff607.00000200.honggfuzz.cov | Bin 512 -> 0 bytes ...b8fa1444d7b97481590a3b542fa7.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ca2a777dc99610596492c93a9bb8.0000bcfb.honggfuzz.cov | Bin 48379 -> 0 bytes ...f0c1f70b65bdc235e59822fd611a.00000ab1.honggfuzz.cov | Bin 0 -> 2737 bytes ...8ba08eb3cc618acf68b4b8cc9d79.000000cb.honggfuzz.cov | Bin 0 -> 203 bytes ...43030195521e7947c2f29a576c2c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...d5ebe5cdd9a1a9ddea4731e544a3.00000092.honggfuzz.cov | Bin 146 -> 0 bytes ...690554f9f1647642e9472ee2c2c5.0000006c.honggfuzz.cov | Bin 0 -> 108 bytes ...d895744186f7a17b5598327d8dd1.00000181.honggfuzz.cov | Bin 385 -> 0 bytes ...c0d2c3b6c1be15562cfe6483d3bc.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...8169e9508b4b62f4158a74819042.00001aa8.honggfuzz.cov | Bin 0 -> 6824 bytes ...8ab9ee55815d95be43631a3bbdd2.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...a53586b15356b136eb20a0eb7672.0000054f.honggfuzz.cov | Bin 1359 -> 0 bytes ...87800f0a9dc4186a8755429aebf9.00000181.honggfuzz.cov | Bin 0 -> 385 bytes ...c32fa5e5260eeddd712f808cdcbe.0000024c.honggfuzz.cov | Bin 0 -> 588 bytes ...8c43484e444bb59afca0335fc3c3.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...53e720e69a015a0635d9650520fa.00012b85.honggfuzz.cov | Bin 76677 -> 0 bytes ...6f9cf77b29ea27026f27293cabff.00000168.honggfuzz.cov | Bin 360 -> 0 bytes ...1b143a6c1befb1d82e239741d6c2.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...8a2f12981a2cdd59bc9a7855d30d.000166db.honggfuzz.cov | Bin 91867 -> 0 bytes ...142f4809e2fa6deee243efc0543e.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...67f20eb4fd55d6a52aaf6f1031da.000000b0.honggfuzz.cov | Bin 0 -> 176 bytes ...0dfd64897c9dfdeaa51c4470fe07.0000770b.honggfuzz.cov | Bin 30475 -> 0 bytes ...961f6ff9997918bafcea2c4545e6.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...b0ce6dace3f4e75da451eab4b9a1.00000032.honggfuzz.cov | Bin 0 -> 50 bytes ...68544793add2e84a228e77ee1b57.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e80ad1032b57d87dae4e1224cfd1.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...0e0586dbf189c4c14ac8e9335b40.00000097.honggfuzz.cov | Bin 0 -> 151 bytes ...a5dfa6bc78784caf3b9584832fe7.000023d6.honggfuzz.cov | Bin 9174 -> 0 bytes ...0e3065d6039421b8800caa266a10.00002563.honggfuzz.cov | Bin 0 -> 9571 bytes ...680cf4bafb8d4a352302205132cd.00000086.honggfuzz.cov | Bin 134 -> 0 bytes ...2825a48f7cf159c782d89d5d3d17.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...efbcbc8915165dabb341f6a730e8.0000010f.honggfuzz.cov | Bin 0 -> 271 bytes ...4b9ae0aacd142a044ec266d06545.00008ffd.honggfuzz.cov | Bin 36861 -> 0 bytes ...58c3650085d29a907ba5321e3e69.000001fc.honggfuzz.cov | Bin 508 -> 0 bytes ...dd7ecf3b27d43f24bf60f1f87b34.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...7ac9f7ae19b8ce9475ef225f8f0e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a8b8f82b58e2a419aa63d4dc3410.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...cb590a4ca6d16d064407e6667ada.00000799.honggfuzz.cov | Bin 1945 -> 0 bytes ...33731a093aa0a5fd3045091dd8bf.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...f3e53bac943924c7285047865082.00000099.honggfuzz.cov | Bin 0 -> 153 bytes ...350998febbb5ca9a838c8defe6c3.000001b0.honggfuzz.cov | Bin 432 -> 0 bytes ...ac9c41fbae0b41502d84d2132ea5.00000127.honggfuzz.cov | Bin 295 -> 0 bytes ...1fcf803dfdd56eeb0ddcb4926855.000000e1.honggfuzz.cov | Bin 0 -> 225 bytes ...793d0ee14edf8d97bd6a2a359d9c.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...66f4032ec2e3fc2dd69e586270e4.0007d000.honggfuzz.cov | Bin 512000 -> 0 bytes ...a342f045bf9462417d105d3702d2.0000007e.honggfuzz.cov | Bin 126 -> 0 bytes ...66a9a1b615293e93c6be392e51c8.000001a5.honggfuzz.cov | Bin 421 -> 0 bytes ...2813e73cdb78bc36df4dc397e9c0.00000684.honggfuzz.cov | Bin 1668 -> 0 bytes ...5cbf61d5c9a46d3054d504d82e16.00000c35.honggfuzz.cov | Bin 3125 -> 0 bytes ...7ff0ad5d6fac7b2e11afb2cbf5c1.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...3b9ae0777ab6eee466eb17ac99fc.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...228f2e8c9453cae39d8b22445829.0000003a.honggfuzz.cov | Bin 0 -> 58 bytes ...30a2836d009255ffa50cb4eccc66.00000059.honggfuzz.cov | Bin 89 -> 0 bytes ...89b893feb5640b2e055c19eacfe5.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a582396182ecfd33f17c5d654faf.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...4f5000b2977854e107544258a8d1.00006322.honggfuzz.cov | Bin 0 -> 25378 bytes ...76d5cdb9f0f51a25908942d28819.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...2df507c2ba8a8c86e4ef43e0ec1f.00001c19.honggfuzz.cov | Bin 7193 -> 0 bytes ...05864e5b40d591b4f96366fe6601.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...2a2d8e0393b0f362fa63fe06e10a.0000ed53.honggfuzz.cov | Bin 0 -> 60755 bytes ...ced25da5edb44f1c285477b86507.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...2816924ee1956ef5f2c6ed08dd36.0000008a.honggfuzz.cov | Bin 138 -> 0 bytes ...0d1e644ad8e4d1174abc13039e1d.00002635.honggfuzz.cov | Bin 9781 -> 0 bytes ...dbb244230749d942622b24d36095.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...41f9d569884d681ae83f963d8b0f.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...4debf897250ecd3bbb8470779071.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...d42d23ee3d44e77c97f06de5fd60.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...47dcb57a64dc14a5495bd75e3ec1.000025d1.honggfuzz.cov | Bin 9681 -> 0 bytes ...7bcc83236e4c728d67b612817a65.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...f68318735a68013e75578054f382.00000130.honggfuzz.cov | Bin 304 -> 0 bytes ...789d196fcd75d5442cdee6d98a41.00000094.honggfuzz.cov | Bin 148 -> 0 bytes ...5bacbcb4c32f2a229f6c0f437417.00000220.honggfuzz.cov | Bin 0 -> 544 bytes ...f1712a647f8524c9d735af050771.000000d3.honggfuzz.cov | Bin 0 -> 211 bytes ...adbb0a64ae1161fcdd198023dfa8.00000041.honggfuzz.cov | Bin 65 -> 0 bytes ...ee484ba092664fc330ce43ea0699.0000002d.honggfuzz.cov | Bin 45 -> 0 bytes ...0ee62fb28d1187b5a10bb612ae05.000000b2.honggfuzz.cov | Bin 178 -> 0 bytes ...d3f40604101821d3e7f0c17899a5.00000294.honggfuzz.cov | Bin 660 -> 0 bytes ...3f5ed7d5f1967754822983095c22.00000078.honggfuzz.cov | Bin 0 -> 120 bytes ...9bc091be6aad83c83dc7b027a260.00001388.honggfuzz.cov | Bin 5000 -> 0 bytes ...a4dfc256e08cb9e457471379fe19.000002d6.honggfuzz.cov | Bin 0 -> 726 bytes ...b2982f84d830d6be298a41d07948.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a4475bd5057e6f7cb5b8963d0ca9.00000043.honggfuzz.cov | Bin 67 -> 0 bytes ...64f294f3c76c6f5f207f2a3fd653.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...01a45f711420757f54a6f9a2e9f0.000000f4.honggfuzz.cov | Bin 0 -> 244 bytes ...567c6ae1e1d13d559022112f4af0.00000200.honggfuzz.cov | Bin 512 -> 0 bytes ...5949bc3f38ea4f9e57389b5293e9.0001f52b.honggfuzz.cov | Bin 128299 -> 0 bytes ...47afbb216758addf25e83ff09744.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...277fb3abee97657b077a1d24585e.00000208.honggfuzz.cov | Bin 0 -> 520 bytes ...e52828eca9f8b940cdf1e7e7d1d1.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...f81420887cca1d456f5db00997d7.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...829e72fe88f3119373948fe586ff.0000054f.honggfuzz.cov | Bin 1359 -> 0 bytes ...2069d9717d03582b57b83017c5a4.00000154.honggfuzz.cov | Bin 340 -> 0 bytes ...03ca0c29407713cd53f060f41cf8.000003a1.honggfuzz.cov | Bin 929 -> 0 bytes ...955edac4115e81db82fa7de2f3ed.000003fe.honggfuzz.cov | Bin 0 -> 1022 bytes ...eaf13d49f5d56200c2c6c82b5bd3.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...017d814aeff1ed80d9b936fb24ed.00002615.honggfuzz.cov | Bin 0 -> 9749 bytes ...df7fe34fa5cf27bf74aa07834e66.0001d8f5.honggfuzz.cov | Bin 121077 -> 0 bytes ...5047867448ed298fd2963bde6de3.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...56349997ab8c33fe6540e0f77768.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...199ce55896d1f841e4a57ffc58ab.0000035a.honggfuzz.cov | Bin 0 -> 858 bytes ...309006e3a49e2da12e9b22032c72.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...df86604e766e0cabe8cad2f9591e.0000003c.honggfuzz.cov | Bin 60 -> 0 bytes ...5fb32d19ecdcf4eb12d7265e3348.00000200.honggfuzz.cov | Bin 0 -> 512 bytes ...0500755072d4dc3aea9ef98a35e1.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...2a50e18932fb682c82aae954c464.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...f011a86b631c522e1d06ebddf466.0000035d.honggfuzz.cov | Bin 861 -> 0 bytes ...3fb10aabb11524348a69265e5f6e.000000c0.honggfuzz.cov | Bin 192 -> 0 bytes ...75712e69697336c9eb99ff6f070a.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...ad670310dc50cc773dd2c138ae4a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...1916e5da504a0a02f7d481f24327.00000633.honggfuzz.cov | Bin 0 -> 1587 bytes ...0f9dc4c9508b01a6c50cf7b5b7b5.00001e0e.honggfuzz.cov | Bin 7694 -> 0 bytes ...04cfff7ae0726a7213675ab77311.000000f2.honggfuzz.cov | Bin 242 -> 0 bytes ...d6ea1f4498cb4e85e2b3ad3dc87d.00000217.honggfuzz.cov | Bin 0 -> 535 bytes ...451a0cf6e4fae794c887398fedae.00015905.honggfuzz.cov | Bin 88325 -> 0 bytes ...e3bf5ebeb88c3285b49e3ec4fb06.00000062.honggfuzz.cov | Bin 98 -> 0 bytes ...9c9b56be5fcc7499a4f074d15627.000000d7.honggfuzz.cov | Bin 215 -> 0 bytes ...db327b5cb79bc7b65d2229a18d41.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...7904eab4d455ee08237e03951a61.0000c349.honggfuzz.cov | Bin 0 -> 49993 bytes ...cb0411a5ab98e4690f3ecfc47f2f.000000d7.honggfuzz.cov | Bin 215 -> 0 bytes ...274361992b804b776a7af630d25e.00008517.honggfuzz.cov | Bin 34071 -> 0 bytes ...32bfeeb0eebcc6adccddfee3210b.000000ae.honggfuzz.cov | Bin 0 -> 174 bytes ...6f225199c1d567311c7fde7a6d7a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...93030445a35e819adb1e3d496325.0000013b.honggfuzz.cov | Bin 315 -> 0 bytes ...80dadba26fe97591cced553ddb54.000000ba.honggfuzz.cov | Bin 0 -> 186 bytes ...419ba91250b09b14d5b8cf10fd9c.000012bb.honggfuzz.cov | Bin 0 -> 4795 bytes ...9a42171abd75b20ecb9b90cbbc70.00014611.honggfuzz.cov | Bin 83473 -> 0 bytes ...ceab35a2538067590c0cd513ea99.000015da.honggfuzz.cov | Bin 5594 -> 0 bytes ...7610612b7c9174d94fb64fee8e4e.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...7b42c6314dfda3ae97a74ac62dbb.00005d00.honggfuzz.cov | Bin 23808 -> 0 bytes ...5c35aab659680aecd12f765c7ff9.000012bb.honggfuzz.cov | Bin 4795 -> 0 bytes ...618ca9196d1cc0e69e4df8812561.00000032.honggfuzz.cov | Bin 50 -> 0 bytes ...d5e1cff198ffa576508e48522c29.00000020.honggfuzz.cov | Bin 32 -> 0 bytes ...6fd74800ed14c4091a05d2b580e6.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...bf920a18d63a462d58c9b8c8fbdb.000007f9.honggfuzz.cov | Bin 0 -> 2041 bytes ...f39d53d6d9559e45c1be56e3ee89.00000037.honggfuzz.cov | Bin 0 -> 55 bytes ...5deab2c5fcdc746591bc231707e0.00000360.honggfuzz.cov | Bin 0 -> 864 bytes ...d532067f2fe7d5eab9cbf485bc77.00021bdd.honggfuzz.cov | Bin 138205 -> 0 bytes ...df7a7f764745e2ce0b4244d5e390.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...b26dd051a49e57d56440a2decca4.000001b8.honggfuzz.cov | Bin 0 -> 440 bytes ...6de5b5bf3bb3ca20efa48ef1acce.000002bd.honggfuzz.cov | Bin 701 -> 0 bytes ...2601b717a3b23d7f34dbd191c427.00000a9e.honggfuzz.cov | Bin 0 -> 2718 bytes ...5b7d7a95f9e4c924e28e71d48484.0000004c.honggfuzz.cov | Bin 0 -> 76 bytes ...09016a6ebfc5176d63d48a07dcda.00000570.honggfuzz.cov | Bin 0 -> 1392 bytes ...2598a8e26eb0860c53bbe92dc849.0001a6be.honggfuzz.cov | Bin 108222 -> 0 bytes ...061d936ea7a7f48db109318de491.00000239.honggfuzz.cov | Bin 0 -> 569 bytes ...bc52ab8e4f0a4d3a64dfd1d54e29.00006f66.honggfuzz.cov | Bin 28518 -> 0 bytes ...2c40b6603e6c6f81a0ea4da49ffa.000010c0.honggfuzz.cov | Bin 0 -> 4288 bytes ...587356d44bee4361945095d194b7.00000034.honggfuzz.cov | Bin 52 -> 0 bytes ...5b24985659c9150f54284b0d81f6.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...bb52c3b060a9349128748bb9e05e.000001cc.honggfuzz.cov | Bin 0 -> 460 bytes ...fbcdede41ae7902114d8bbb3a8e9.0000005f.honggfuzz.cov | Bin 0 -> 95 bytes ...e569202bb18ddedcf679c1645b32.00000046.honggfuzz.cov | Bin 70 -> 0 bytes ...9a4aea6ac8dda7228f3b9f78da3f.00001566.honggfuzz.cov | Bin 0 -> 5478 bytes ...516217719e22f37ffac9a4c79a33.000004f5.honggfuzz.cov | Bin 1269 -> 0 bytes ...d9affe270d6a95389310d8d16f41.00000469.honggfuzz.cov | Bin 1129 -> 0 bytes ...272dc57fdb4c8ae6e89c78d730be.0000025e.honggfuzz.cov | Bin 606 -> 0 bytes ...c0f45373fb81588487766e120c07.000002cd.honggfuzz.cov | Bin 717 -> 0 bytes ...d3b02aaeef6670516afbb727291b.00000980.honggfuzz.cov | Bin 2432 -> 0 bytes ...126e136b7fa3b2d0fa89c6bb9407.000000d6.honggfuzz.cov | Bin 214 -> 0 bytes ...f323c8e25d3cf32b0f40b885d50d.00001fdd.honggfuzz.cov | Bin 8157 -> 0 bytes ...8dcd92f36b8c8bd7526963bda4e4.000003e2.honggfuzz.cov | Bin 0 -> 994 bytes ...78aa017d75145e8e3a05594a5227.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...0aea7a4e9f57d559e454b3117020.00000049.honggfuzz.cov | Bin 73 -> 0 bytes ...f70d55e84e1b75a1da84dc720590.00000062.honggfuzz.cov | Bin 98 -> 0 bytes ...3a92b82fcadf31fbdc1a7f17ce32.00000041.honggfuzz.cov | Bin 0 -> 65 bytes ...af11b021c049e0fbdea3834b7a0b.0000bab2.honggfuzz.cov | Bin 47794 -> 0 bytes ...e48b97ed3490330534ff7187c389.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...0b7c979ec518ac9abc980154ad5f.0000010b.honggfuzz.cov | Bin 267 -> 0 bytes ...6a28eb99eb1aa36a11b82d47a3ee.00000059.honggfuzz.cov | Bin 89 -> 0 bytes ...2e0859c735a4291114697d82644b.000005f3.honggfuzz.cov | Bin 1523 -> 0 bytes ...957ae3eb697b7d4bc641adb66e19.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...2176e1c71170b5caf47e556a78f0.0006d1a1.honggfuzz.cov | Bin 446881 -> 0 bytes ...31d5459a10686412207710b1de72.0000005c.honggfuzz.cov | Bin 0 -> 92 bytes ...9c2b0a5a58d80b3aedbba245de72.0000005c.honggfuzz.cov | Bin 0 -> 92 bytes ...a19e5ee4f80072c37397a95ab0d9.00000b8d.honggfuzz.cov | Bin 2957 -> 0 bytes ...cb5eb2942ff167cd8660667e754d.00000058.honggfuzz.cov | Bin 0 -> 88 bytes ...3699eb55633525859b8fc8e74525.0000303b.honggfuzz.cov | Bin 12347 -> 0 bytes ...bf010db54d4be71a22fcf3c143b5.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...7313d7b3083f36d54dfcb89a4580.000000f6.honggfuzz.cov | Bin 246 -> 0 bytes ...03fe38feda59963e4e3672f95fd5.00000bb8.honggfuzz.cov | Bin 0 -> 3000 bytes ...434f429a3f453dc4b98799989d55.0000096c.honggfuzz.cov | Bin 0 -> 2412 bytes ...7458f6706c11211317637f121174.0001153e.honggfuzz.cov | Bin 0 -> 70974 bytes ...d5fe0a71e58684f35257b1ea8649.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...3626694ef8557e6c42ae20cbfb50.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...c9eebdbac1d3bcc81b6d5d3a022c.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...babc44c0410a037f909261e78569.00012b85.honggfuzz.cov | Bin 76677 -> 0 bytes ...85b59c69979499e43854a6eaac57.0000004a.honggfuzz.cov | Bin 0 -> 74 bytes ...0b1e21619171bd1954c8e69fb521.00010566.honggfuzz.cov | Bin 66918 -> 0 bytes ...ceb3faa165a30ba9cda4944cff97.0000040a.honggfuzz.cov | Bin 0 -> 1034 bytes ...bae06668531bf5b921af0396cd13.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...a0cd51cca222fc5a383358ce8986.00005e88.honggfuzz.cov | Bin 0 -> 24200 bytes ...849516bd0137edc8473701b81258.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...b1283bcda90905f9fd0a364a61f5.0001da18.honggfuzz.cov | Bin 121368 -> 0 bytes ...017900f2b959a4a6a8abc06ba645.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...b1147a3daf09fa7b288a784c951d.000000a3.honggfuzz.cov | Bin 163 -> 0 bytes ...d998bc5f35fae34e5b786d347ad5.0000004c.honggfuzz.cov | Bin 0 -> 76 bytes ...b0bd977396406dbb0ca7fb609072.00013e4c.honggfuzz.cov | Bin 81484 -> 0 bytes ...57d1a08899fd49f3e97c0418c406.00052e1d.honggfuzz.cov | Bin 339485 -> 0 bytes ...1fbfbc19381e9c575afc6d0f5be2.000001a5.honggfuzz.cov | Bin 421 -> 0 bytes ...ffa0799ad79da772be2793842e87.0000007f.honggfuzz.cov | Bin 127 -> 0 bytes ...e5f77e75dd42f4ccde92ba6bec8e.0000157e.honggfuzz.cov | Bin 5502 -> 0 bytes ...95d8f338b1a434339a6d5abd0808.00000063.honggfuzz.cov | Bin 99 -> 0 bytes ...d017955bf5a8900877f2fdcdde2e.00000138.honggfuzz.cov | Bin 312 -> 0 bytes ...fa95f39c408badeb48967754431b.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...eda2656235340e467dd10440f1a4.000072c4.honggfuzz.cov | Bin 0 -> 29380 bytes ...a56a51f07dcd1c8bd8a5574deaf9.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...b115b257d1ddf5af45de852d3ea5.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...50a3c8f45d10d5b6a6ce7fb123ef.000001a1.honggfuzz.cov | Bin 417 -> 0 bytes ...2dbcb9faab422f84f9dbc864a1c2.00000118.honggfuzz.cov | Bin 0 -> 280 bytes ...a7231cd2e444276f717f3098fdb2.00000200.honggfuzz.cov | Bin 512 -> 0 bytes ...00ed4ac567d16a5f8dd15737a3ef.00000f6f.honggfuzz.cov | Bin 0 -> 3951 bytes ...101f5e5763bbb5f8ccf91a89023d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...02f77cd3cd44cb59bee5e6d79c86.00000092.honggfuzz.cov | Bin 146 -> 0 bytes ...819a9d000c1f70ba2919948aef59.0000007a.honggfuzz.cov | Bin 0 -> 122 bytes ...31b2b20c8e796c17c4dc212e1545.0000001d.honggfuzz.cov | Bin 29 -> 0 bytes ...e80bdec64c38d8fcf326ebbf431c.00000283.honggfuzz.cov | Bin 0 -> 643 bytes ...d9ac37072e098a7d6c592c96ba1d.0001ef74.honggfuzz.cov | Bin 126836 -> 0 bytes ...64e8f3471310bfd3fc9ed1dff238.00000020.honggfuzz.cov | Bin 0 -> 32 bytes ...37e9b8c8b7bdb2b729106ac4ed10.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...9ed433bbc7713a9fc2e8feb6afd0.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a770b8c8b7bd42b8d6ebba72367d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a7a2aa60310958dae0305ee49b98.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...82ad383ab5a16ef73a850dfbeb26.00000440.honggfuzz.cov | Bin 0 -> 1088 bytes ...e085a123092f7bb597e59cd1cd7e.000000a0.honggfuzz.cov | Bin 0 -> 160 bytes ...3bb70f333163c78b0763630ae2e0.000000ac.honggfuzz.cov | Bin 0 -> 172 bytes ...f80b1e40be5de1ae6f6d8f837579.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6284a9bb53be576b375471ad3b99.00000400.honggfuzz.cov | Bin 0 -> 1024 bytes ...5bef7cf1de765b6d1580f4da0ba4.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...fba497cf20059b2c1bdc94abe8ee.0000d87d.honggfuzz.cov | Bin 0 -> 55421 bytes ...bd7bd8cbff130f45f7e0f8277fb2.0000004c.honggfuzz.cov | Bin 76 -> 0 bytes ...3757d76d287085f9ad6848a2a0cf.0000006e.honggfuzz.cov | Bin 110 -> 0 bytes ...bf29095499885f1fe71ae7a89a5e.000001b8.honggfuzz.cov | Bin 0 -> 440 bytes ...4fdd957a331492fea7cad461663c.00001f68.honggfuzz.cov | Bin 8040 -> 0 bytes ...e7ba960d55205d6b78116ffa9962.00000254.honggfuzz.cov | Bin 0 -> 596 bytes ...1e47d3d73a8cf7f86c614fe2a150.000003db.honggfuzz.cov | Bin 987 -> 0 bytes ...c0429333d6fac2c5994040f76544.00000094.honggfuzz.cov | Bin 148 -> 0 bytes ...b7e8d6587fbbd9705cf18cc4a7ea.000015dd.honggfuzz.cov | Bin 0 -> 5597 bytes ...f2c0303084d5bbc74a6c295770eb.0001102a.honggfuzz.cov | Bin 0 -> 69674 bytes ...3ba825786823c9e8f1a1d3a5c5fc.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...422da8296322a451f2e9fb8ef44f.0004b225.honggfuzz.cov | Bin 307749 -> 0 bytes ...c1d442fcb889cf7086789ff77514.0000033d.honggfuzz.cov | Bin 0 -> 829 bytes ...55757c2824bd043b3c6721fbc411.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...d7245d8f0e04477005bdbfb58375.000000e7.honggfuzz.cov | Bin 231 -> 0 bytes ...8d93e770853a82534f1cd082984b.0000c85c.honggfuzz.cov | Bin 51292 -> 0 bytes ...0f4b477a1cfca656b51f312d8d0a.000001e8.honggfuzz.cov | Bin 0 -> 488 bytes ...c390e3c91510975228f183cc4561.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ac3a1bb3beaa120e5cdb17c681f2.0000006e.honggfuzz.cov | Bin 0 -> 110 bytes ...99ca4811ae91bc39509b4c7b981d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...9d8a17100591ca168edab62426fc.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a73e6c24a6ed903cb94ae06ecbd1.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...b35ffa13f90a864837ac770d6012.000000ea.honggfuzz.cov | Bin 0 -> 234 bytes ...04a3ed5d35d22b1277f78e73e58f.0001d53c.honggfuzz.cov | Bin 120124 -> 0 bytes ...5d1a67f38e73db075e85724f5c9b.00044462.honggfuzz.cov | Bin 279650 -> 0 bytes ...f6ec3b18226d0e2ab611076f5c3e.000000a0.honggfuzz.cov | Bin 160 -> 0 bytes ...ccfa135ee13231bd7da084b674b5.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...3b90fa532ff3dfdda79ffd076cd8.00009727.honggfuzz.cov | Bin 38695 -> 0 bytes ...af557e11e2cd17a1f0fcdd85936d.0000bf17.honggfuzz.cov | Bin 48919 -> 0 bytes ...1b12e22f27498f9c11d93ba63a19.000002e6.honggfuzz.cov | Bin 742 -> 0 bytes ...0e1bf77e57415afd3259bc2d2732.00000020.honggfuzz.cov | Bin 0 -> 32 bytes ...bd8d1f98e9e744bd805b26c1a084.00000194.honggfuzz.cov | Bin 0 -> 404 bytes ...14d8b198e6e2735fc55caf73a56e.00000169.honggfuzz.cov | Bin 0 -> 361 bytes ...df8de43e2839f6163ae68fe04b7e.0000029e.honggfuzz.cov | Bin 0 -> 670 bytes ...c2eb93c0274c91aeffa07c9806dc.00000048.honggfuzz.cov | Bin 0 -> 72 bytes ...0ef09f286fdecbbcfaf349b77738.00000051.honggfuzz.cov | Bin 81 -> 0 bytes ...a621d778400ede0c6ef8908c8401.00000207.honggfuzz.cov | Bin 0 -> 519 bytes ...6c2fedb4d6cd9368ecb8edb4bbdb.00000125.honggfuzz.cov | Bin 0 -> 293 bytes ...e265d00bc4ccf018d6e36c835534.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...e486b5f12b680f500b16b6ec5e32.00001a1e.honggfuzz.cov | Bin 0 -> 6686 bytes ...a010fdd3ea52f7b30086eaae723c.00000081.honggfuzz.cov | Bin 0 -> 129 bytes ...bd6a103ae7003b2cb4d2e7fb31fd.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...5b658601c1b123e4f21af6cda09a.00000119.honggfuzz.cov | Bin 281 -> 0 bytes ...3d5cd1cf4217600696d6e6cfd040.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...cb826f225de968911d55a978d528.000000a7.honggfuzz.cov | Bin 0 -> 167 bytes ...3d0e82ae6653785ef52161d1b1e7.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...e460e726ade4ad8d746e2a242b6f.00000182.honggfuzz.cov | Bin 386 -> 0 bytes ...ebf6abb2e57bbd1f895ee538fefe.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...7b0a36ff8fcddb5b2b15a961edc4.0000012f.honggfuzz.cov | Bin 0 -> 303 bytes ...f135ba7c21915ddbdae2fea69d07.0000021c.honggfuzz.cov | Bin 540 -> 0 bytes ...702336bc5c3700fea726f03ff1aa.00000293.honggfuzz.cov | Bin 659 -> 0 bytes ...0617e6dca46a247740cf4eb10974.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...d0628cfb853194d54bf90c1dc5ff.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...72c7c02f995083dd1fe369b6547e.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...4732312980e5248ccbb375fe3f07.000000a7.honggfuzz.cov | Bin 167 -> 0 bytes ...d4b454806418ca513572da0374a2.00000175.honggfuzz.cov | Bin 0 -> 373 bytes ...b5de0a802ccf02cb44f0c5aa4b25.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...be8d112e69026ec2d7f2f96e1da0.00000626.honggfuzz.cov | Bin 0 -> 1574 bytes ...6239ddffc7665e237f44ee1ab2cd.000002e7.honggfuzz.cov | Bin 743 -> 0 bytes ...2f919cc76e1361629412e98a0fe7.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...c36fd86ebacefda9adf32c2a4db8.0000e77a.honggfuzz.cov | Bin 0 -> 59258 bytes ...6106b59002c3fedb8e1bb757eea8.00000497.honggfuzz.cov | Bin 1175 -> 0 bytes ...d6aec9ec8d5aa7c94609269abeba.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...4b7f407730f24803a785f332358f.00000032.honggfuzz.cov | Bin 0 -> 50 bytes ...3789606590e66342cf8e60c7d71e.000001de.honggfuzz.cov | Bin 0 -> 478 bytes ...11c842307ee74e3c0f58f6a1588e.00018f49.honggfuzz.cov | Bin 102217 -> 0 bytes ...9da4fd3135bafa1de65f10982aed.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...284a3d26f5e793ecbf7dd6048b8d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...284d50e6f5e7d3efa30b0d693d51.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...fc0859c31015b16b8bfc69b170d2.000000f7.honggfuzz.cov | Bin 0 -> 247 bytes ...1a01a4ee145bc17cb6f3f4d5da66.000097f3.honggfuzz.cov | Bin 38899 -> 0 bytes ...f6fee213a69a741db7ff5f142259.00000053.honggfuzz.cov | Bin 0 -> 83 bytes ...33cf5051d4947dfa6a65ae2d43ad.00000072.honggfuzz.cov | Bin 114 -> 0 bytes ...8dbd8d9ab6a2746eff5f6b0588a5.000000a5.honggfuzz.cov | Bin 165 -> 0 bytes ...f0ea5df2311fb96e16a896d38f8e.0000009b.honggfuzz.cov | Bin 0 -> 155 bytes ...0a5152d917fcee6c7340fe87f6da.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...965625f2293b76f015b48d3b21fd.0000002d.honggfuzz.cov | Bin 45 -> 0 bytes ...fcb8d20f16b7b7f5abc79bc3cee9.000000c9.honggfuzz.cov | Bin 201 -> 0 bytes ...1c88ec805c6186e07db0a5ff4193.00000060.honggfuzz.cov | Bin 0 -> 96 bytes ...70f7210b304817074a8d076277e2.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...47d1bff19b981645e03ee84ac7a0.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...47d1bff91b1066e76a164aca6fad.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...56b5ab01d6aa8b18de6ac2724d8c.00001331.honggfuzz.cov | Bin 0 -> 4913 bytes ...e147c686750bf605a7d72eccaa25.0000010f.honggfuzz.cov | Bin 271 -> 0 bytes ...6b9d0e7581c995080544ba63e130.00001d19.honggfuzz.cov | Bin 7449 -> 0 bytes ...d94332f0dd1b278e7410ac516054.00000cbe.honggfuzz.cov | Bin 3262 -> 0 bytes ...0e0fab55bc56011f38383628584f.00000b8e.honggfuzz.cov | Bin 0 -> 2958 bytes ...2461124209d78764bec2dfb23c2e.00000291.honggfuzz.cov | Bin 657 -> 0 bytes ...06c0bfb59cc6d5c9b971a66756ef.00000181.honggfuzz.cov | Bin 0 -> 385 bytes ...709d39de5dbc20324e1a2d12a7e9.00000128.honggfuzz.cov | Bin 0 -> 296 bytes ...dd14a811b7a87969fd242d82e6e9.0000029e.honggfuzz.cov | Bin 670 -> 0 bytes ...0b9d403d509458b9dfabb2bbe992.00005941.honggfuzz.cov | Bin 0 -> 22849 bytes ...0a19b406238dffad0bf4b6e09076.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...6dbcc4069eeb929a7d4b20b96c06.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...353ea115c6e3b82c263c80f60814.00000115.honggfuzz.cov | Bin 0 -> 277 bytes ...7b5f93ac20842b4a241a4f74f495.000013e8.honggfuzz.cov | Bin 0 -> 5096 bytes ...6893dea9f2708103f6807be5ea96.000002c6.honggfuzz.cov | Bin 0 -> 710 bytes ...a452732d4589541ff4a2728e3941.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...f911182c9390f5a2c786946e68ab.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...4d84721ef55c2aac4827b06504da.0000001f.honggfuzz.cov | Bin 0 -> 31 bytes ...052c6ccd6bfd0273129d184ba69c.00000041.honggfuzz.cov | Bin 65 -> 0 bytes ...27b6753effe2224fbc4a52a258c1.000000f7.honggfuzz.cov | Bin 0 -> 247 bytes ...9986679f256c74d490828fe33026.00000091.honggfuzz.cov | Bin 145 -> 0 bytes ...814eda7caff81ca205ffdc8f5835.000002cd.honggfuzz.cov | Bin 717 -> 0 bytes ...c0e6f6bda7d72618cf2275164bef.00000066.honggfuzz.cov | Bin 0 -> 102 bytes ...6e8defd86966d1b38000f8a7b1b2.0000020a.honggfuzz.cov | Bin 522 -> 0 bytes ...dfd4ef53b097b8fd2861aaa96a0e.00000150.honggfuzz.cov | Bin 336 -> 0 bytes ...e35980ee361847e81f8a8a752717.0000002e.honggfuzz.cov | Bin 0 -> 46 bytes ...f6cab319d7c15b38d37f35f12161.0000000e.honggfuzz.cov | Bin 0 -> 14 bytes ...2a62686fc0b159b522529b9c9737.00001187.honggfuzz.cov | Bin 4487 -> 0 bytes ...51d695a6d0b0903abf34916f7001.00000013.honggfuzz.cov | Bin 19 -> 0 bytes ...f22886f1f98b28cee278ca8703cd.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...7d53bff40a3179cbee6d9f705466.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...fce78223d28c8bb1eabc780e32ad.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...cef10f53805fd6a6bfa682c7384a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...1dacdd0d86076d3bc1776e0d30aa.000000ff.honggfuzz.cov | Bin 255 -> 0 bytes ...12fc033bd15b7d4f745e7add0f91.000003bd.honggfuzz.cov | Bin 957 -> 0 bytes ...8d7490f2b0d8f02a41d47c84c294.0000007d.honggfuzz.cov | Bin 0 -> 125 bytes ...1fff6bc129d667730f7704ce35b3.00008c2d.honggfuzz.cov | Bin 35885 -> 0 bytes ...57e1c39f6f92d07c4f94e7e37e1c.00000293.honggfuzz.cov | Bin 659 -> 0 bytes ...2723be2d405d2b8799918091d1d9.0000e948.honggfuzz.cov | Bin 59720 -> 0 bytes ...36ca8605e1b14821a814ada1d1b7.0000029e.honggfuzz.cov | Bin 0 -> 670 bytes ...5ae5fb6700e8761a42b017836d14.00006e85.honggfuzz.cov | Bin 28293 -> 0 bytes ...8c48eda881659124d2dc6c498017.000000d4.honggfuzz.cov | Bin 212 -> 0 bytes ...452f27926090a5c04a9c07a238f3.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...e4bdddab993f2d24ccf7981e057b.00000094.honggfuzz.cov | Bin 148 -> 0 bytes ...635489be4ba1c734bfaa607c2eee.000000b6.honggfuzz.cov | Bin 182 -> 0 bytes ...fa0ed2019202ae20a5103f2c0515.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...deec6d3c5235359adbfda07f0fdf.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...deedb64c5235259a1ce016a46268.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...052d04dd9016d3f8375c875540c3.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...3945315a2644a1185c9452ccbc8d.0000004e.honggfuzz.cov | Bin 78 -> 0 bytes ...5eac1e1cf9ef71298709d8fdbce3.00079a74.honggfuzz.cov | Bin 498292 -> 0 bytes ...5b89b95a19ee9e8c4a12435cfd26.0000007d.honggfuzz.cov | Bin 0 -> 125 bytes ...03dada916a6cb1a5fd58ebcb35df.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...db3093ecc187d802c92ab74c4bd1.00000025.honggfuzz.cov | Bin 0 -> 37 bytes ...e60b336319b58506e3f3d817db0d.00000c65.honggfuzz.cov | Bin 3173 -> 0 bytes ...c35670b893b95ee388b8a6c8bdb7.0000003a.honggfuzz.cov | Bin 0 -> 58 bytes ...c77da63e9f71ac32457c569fbe3d.000003a8.honggfuzz.cov | Bin 0 -> 936 bytes ...269a85dc7ab151c5d294b5310cee.0000029e.honggfuzz.cov | Bin 670 -> 0 bytes ...e192c64e9b46ee9e5bb757cdde84.00000081.honggfuzz.cov | Bin 129 -> 0 bytes ...1b27bea956cbe2318bac77ca8779.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...320e6f753dbbfe0c67e29d37a29e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...d0357f0ac76f2fe51c75363a05d3.00000ba2.honggfuzz.cov | Bin 0 -> 2978 bytes ...597de8c88cd81c84f18b0238fb8f.000016b7.honggfuzz.cov | Bin 0 -> 5815 bytes ...a986aed093ddd7c719dbabf4959a.0000daa2.honggfuzz.cov | Bin 0 -> 55970 bytes ...945bbff7f22175ecf6f2e54805b9.00000073.honggfuzz.cov | Bin 115 -> 0 bytes ...618399aa3b3edeb2772b1bd88ac9.0001ff84.honggfuzz.cov | Bin 130948 -> 0 bytes ...b5d1af8e3ede277d7c527df07ad4.00000061.honggfuzz.cov | Bin 0 -> 97 bytes ...94e89b18112cff677b9943d42b77.00015a30.honggfuzz.cov | Bin 88624 -> 0 bytes ...ede3b16e788b6f198487f8d4125a.00010001.honggfuzz.cov | Bin 0 -> 65537 bytes ...fb4733513ea0321e7a45d9f3bf70.0006b71e.honggfuzz.cov | Bin 440094 -> 0 bytes ...fee7a54c9468b4b6f8632f7561c8.0000a302.honggfuzz.cov | Bin 41730 -> 0 bytes ...7274007e6d2a5c3d6aee37eb88a8.00001093.honggfuzz.cov | Bin 4243 -> 0 bytes ...455c7ea960652f9d41c68680ac82.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...17cc4834c0fc2f20fc638380c6b7.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...92c40be00da25e37e6f383c8a059.00012ca1.honggfuzz.cov | Bin 76961 -> 0 bytes ...79e78bf44cd998ca869b1e819c21.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...19a4f62c63749b9572169ae96132.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...667d8e52b00686298a00a15c8edc.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a6c63deabe51b15bb7f8e3b41c75.0001533c.honggfuzz.cov | Bin 86844 -> 0 bytes ...c1da55a776fc60b3cb34966a6047.0000009a.honggfuzz.cov | Bin 154 -> 0 bytes ...4ea147c946668480d506d52421e8.00004c7e.honggfuzz.cov | Bin 0 -> 19582 bytes ...35cbfa9b61e4ecb06dd9ff569e42.00000083.honggfuzz.cov | Bin 131 -> 0 bytes ...059003c6c19c016293201e026f2d.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...b2c3c6c5b62f9cad899f0a944b57.0000010f.honggfuzz.cov | Bin 0 -> 271 bytes ...ec2fb901f51fa565f7a00714de01.000004af.honggfuzz.cov | Bin 1199 -> 0 bytes ...97db7fe6da42aab83095485e041d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ae96686e339da7b8023b4c61ea96.00009fe6.honggfuzz.cov | Bin 0 -> 40934 bytes ...83de8015654a5fc1e7f40216fdf0.00000115.honggfuzz.cov | Bin 0 -> 277 bytes ...ebdfe20a5c4c32403274abeac42b.000000a6.honggfuzz.cov | Bin 166 -> 0 bytes ...1924746149531e4d3b2e22e8f329.000000a3.honggfuzz.cov | Bin 163 -> 0 bytes ...b913b689077f07648b38e9a3d1a3.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...320e6f753dbbfe0c62f69ee3a45e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...9a08b5da3a103e1e838dc2f1441f.0000fffc.honggfuzz.cov | Bin 0 -> 65532 bytes ...d0d0e53a87b569e4c891d9f70dc2.0000039c.honggfuzz.cov | Bin 0 -> 924 bytes ...5266df4faa97ea31ef024831774e.00000d98.honggfuzz.cov | Bin 3480 -> 0 bytes ...9aaf83b5eef5e3efc8514ed70a69.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...0aa390390bc960136fbaaa4525fb.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...75bf62387111d966ca6b91145fb6.00000040.honggfuzz.cov | Bin 64 -> 0 bytes ...5bd99650381e73d8d56ad255409c.00000993.honggfuzz.cov | Bin 2451 -> 0 bytes ...f6f4680f1107a83377f22dcb701f.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...6725aab0a55255f1bbecd63255d2.00001e5b.honggfuzz.cov | Bin 0 -> 7771 bytes ...7a0c76203d64c32d4382d8fa2408.0000054f.honggfuzz.cov | Bin 1359 -> 0 bytes ...0f2abde8ffb7e862907ff6b5b686.00000bb8.honggfuzz.cov | Bin 0 -> 3000 bytes ...aed0f6c8b21033f7965cf2af392c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...eca4a44749637479b9d1a287a97f.0000011f.honggfuzz.cov | Bin 287 -> 0 bytes ...66994683605ae22514144bdcfe60.000001c7.honggfuzz.cov | Bin 0 -> 455 bytes ...767b0d141c9ace374ff7c5dc3ec9.000010f8.honggfuzz.cov | Bin 4344 -> 0 bytes ...85a95e61b02de3f51f6e78b48af5.0000136f.honggfuzz.cov | Bin 0 -> 4975 bytes ...6bd45a2c281f4c8b24ed385326c9.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...bf3b9791b889904a00af90bf5100.00000bb8.honggfuzz.cov | Bin 0 -> 3000 bytes ...41a0f5145cdf112310a902c19e29.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...ed943de4a198f0ebf82660bd48c5.00000021.honggfuzz.cov | Bin 33 -> 0 bytes ...48f043aeec02ed83120d66d08942.000000ac.honggfuzz.cov | Bin 172 -> 0 bytes ...b4fa76ad6b3db25db2ebf28af2e5.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...e6b85f81f30d58b0e9c3656ce93e.0000040a.honggfuzz.cov | Bin 0 -> 1034 bytes ...7c38c34c83ec4c58b6f647c35aa5.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...4303011cf9042095e90b48fb6cca.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ab4f5091539d5dda5a439e1af0ee.00000071.honggfuzz.cov | Bin 113 -> 0 bytes ...5f8ff2733bbc60d1cfb56f7dd9ca.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...76a9b70a1a59d1af1ba928043f8e.00000035.honggfuzz.cov | Bin 0 -> 53 bytes ...ba79cb85136c511ef447ffbbaa8d.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...362f7f634f7b49e3db99936217e0.00001823.honggfuzz.cov | Bin 6179 -> 0 bytes ...c9ed7c614e1a58d84360f448132e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...780f9712535fb5ca1e2208bb9cc6.00018ff0.honggfuzz.cov | Bin 102384 -> 0 bytes ...bf466e4f7600552f90d482a7e5bc.0000032e.honggfuzz.cov | Bin 814 -> 0 bytes ...711f0c17f130c8d38dadd1a84213.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e9ed7c614e1a58fd557bc276332e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...80d63702c357e0ef86a211583cfb.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...91cfcf244c572991923b84e11c3a.000001a5.honggfuzz.cov | Bin 0 -> 421 bytes ...77bf5bce5727b3dfc1555e38f9d5.000018b9.honggfuzz.cov | Bin 6329 -> 0 bytes ...e3d7ada13df5ad234375314df1ac.0000008a.honggfuzz.cov | Bin 0 -> 138 bytes ...a9d02e7ca813ada23d054d300c7a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...5129fdca8abf31c800d2c44f22a8.00000097.honggfuzz.cov | Bin 151 -> 0 bytes ...438012920b81d4c524026fc9972c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...fb2dc1e8631c11d6cdd19908a68d.000037d3.honggfuzz.cov | Bin 14291 -> 0 bytes ...7a6260a37655dc8bce4db4ae686e.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...dfbd50c5c1981f11ff062343068d.00010e2b.honggfuzz.cov | Bin 69163 -> 0 bytes ...89077a6f07896688cd2829af7a57.000001db.honggfuzz.cov | Bin 475 -> 0 bytes ...01de4ac84bcc67b21ba013800cda.000003ab.honggfuzz.cov | Bin 939 -> 0 bytes ...15b94639d160373af752a4242f4b.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...3bd6a4894af5bf6ff81b0e6a6567.00000905.honggfuzz.cov | Bin 2309 -> 0 bytes ...47ab83c8799f0ff03269e68a8ac7.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...9d8b576ccae97d9b0252e7ce08c1.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...1cfd9d645fcaa29147b4713b5db5.00000305.honggfuzz.cov | Bin 0 -> 773 bytes ...6792b5dcf0eb7fb9f5e32ad1f0b5.000000c0.honggfuzz.cov | Bin 192 -> 0 bytes ...d3ca732b3d696566237dbb5b7a45.00000040.honggfuzz.cov | Bin 64 -> 0 bytes ...a4c72f5eee08d7ae9cb7e5f7a6a8.00000200.honggfuzz.cov | Bin 0 -> 512 bytes ...6584ed9a34f7dffc6e471287cdb1.00000072.honggfuzz.cov | Bin 114 -> 0 bytes ...def0c06cbc5371f88ee425dd5f1a.000004f1.honggfuzz.cov | Bin 1265 -> 0 bytes ...8fb589a0e052265ff587eaff6920.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...84e399c6a512a3b5a3deb6013a7f.00000b57.honggfuzz.cov | Bin 2903 -> 0 bytes ...646b809efb055187b87bf06cc542.00000042.honggfuzz.cov | Bin 66 -> 0 bytes ...e1dd7f55ae0ca9fc994b48b36f36.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...12b64e066d51b566861a6645171c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...b9a822445f35bd65e5536fc98f65.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ebe7822d34f38bab169a632877c2.000000d5.honggfuzz.cov | Bin 0 -> 213 bytes ...c5e3a67337673c85aae4eff9e80e.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...09256d8a53804ae7c99da98ffdd9.00000f03.honggfuzz.cov | Bin 0 -> 3843 bytes ...5c62b3ea5465d75913fc12c0d4c1.000002f0.honggfuzz.cov | Bin 752 -> 0 bytes ...dbdedf1c5d6d5db76b555b6a254b.00010566.honggfuzz.cov | Bin 0 -> 66918 bytes ...2b651e23a5e67cda51699282bc54.00000bb8.honggfuzz.cov | Bin 0 -> 3000 bytes ...b5985c5f3bc116c640afee5fd6bf.00000230.honggfuzz.cov | Bin 0 -> 560 bytes ...0e0c219da01e275c7c3e3ad09937.00000042.honggfuzz.cov | Bin 0 -> 66 bytes ...8ff8261f850aaecb77f33d08696f.00001484.honggfuzz.cov | Bin 5252 -> 0 bytes ...0158d3816560a29abff53a30ce54.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...a913a326fc05236b2560db4ec57a.0000005e.honggfuzz.cov | Bin 94 -> 0 bytes ...1061b71eb58fbf8aaf2732282a36.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...0ad7204f80d3cbed5c05b2764bce.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...d260cbba31f32dc0845dc16dfac8.00000099.honggfuzz.cov | Bin 153 -> 0 bytes ...4a4d10da15268ea6b118ff7c0eee.0000003d.honggfuzz.cov | Bin 61 -> 0 bytes ...000c051be55aec0d8bcf5af914dd.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...54a5de8f01b3e2bb0873b4286013.000002a9.honggfuzz.cov | Bin 681 -> 0 bytes ...ec3cca898f6092638d24f37604d7.00000570.honggfuzz.cov | Bin 0 -> 1392 bytes ...47d3d1cc1d61c8e7f67fa0c6f22b.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...6409c62366c9605dccdb3574c053.00000020.honggfuzz.cov | Bin 32 -> 0 bytes ...6409c79366c9605dccda2565c053.00000020.honggfuzz.cov | Bin 0 -> 32 bytes ...f6c401ce79d93cf70ae0c3a1244f.0000006d.honggfuzz.cov | Bin 0 -> 109 bytes ...351f8658bff188becfd6ee4eae61.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...7362c3587ea43086f12efba698d1.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...8f803dba2218127e53d08150564a.00000336.honggfuzz.cov | Bin 822 -> 0 bytes ...9f30a10a4726d7d94499a6acf3b0.000000a0.honggfuzz.cov | Bin 160 -> 0 bytes ...6061fa69cb6ab81083e471afc459.000000d7.honggfuzz.cov | Bin 0 -> 215 bytes ...cfd9ebcdcf25602aaafc379c19cf.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e663965fddafe313e94dd37f4131.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...090bcd16c68b271faf7fe780c5f7.00000b98.honggfuzz.cov | Bin 0 -> 2968 bytes ...4d887edbf8f17141f6f29a13ebd5.00000021.honggfuzz.cov | Bin 0 -> 33 bytes ...c8ff839eec5f5524850e2a767125.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...44b2861cb1ee0a901da0ce3fa7c7.0000128b.honggfuzz.cov | Bin 0 -> 4747 bytes ...2ed33477c3a469f4979eb5bf2fbb.000017b0.honggfuzz.cov | Bin 6064 -> 0 bytes ...b0e0e3abb7d92c3785bef85d087d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...03f812dfa5326bc366ccaf0e4060.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...5784e6561702aac396331b7330ab.0000012e.honggfuzz.cov | Bin 302 -> 0 bytes ...f1fdfa35320a925dbccc0d8fb283.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...ef2b4c134d51e7303a7481b65358.00000383.honggfuzz.cov | Bin 899 -> 0 bytes ...30e5aa9be771271c0e2b168a4bca.00000400.honggfuzz.cov | Bin 0 -> 1024 bytes ...7080364d4f1f97b4bb28f587535a.000000ab.honggfuzz.cov | Bin 0 -> 171 bytes ...fada41f0c93bf667711142e2ab9b.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...99399489aad72b47e2e7f83b3ad2.00000bb8.honggfuzz.cov | Bin 0 -> 3000 bytes ...43835f1f04dde778c484d13d6486.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...4c2fab7f0e0db8303c74f0b71a2e.00000207.honggfuzz.cov | Bin 0 -> 519 bytes ...6adf26ad234af9ca9c8d2356a607.00007b4e.honggfuzz.cov | Bin 31566 -> 0 bytes ...bd92bf9cb36f878f70f5aac874ad.0000c8de.honggfuzz.cov | Bin 51422 -> 0 bytes ...39518fbad0d2f93a829d6c7ace21.000000b4.honggfuzz.cov | Bin 180 -> 0 bytes ...5a2e3370e3a3e4cc077dec9a9ed6.00000042.honggfuzz.cov | Bin 0 -> 66 bytes ...92cfbd058b1db6e0cf6d41df6c50.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...a4abcfd789ea1d0efcc38709c429.000003eb.honggfuzz.cov | Bin 1003 -> 0 bytes ...5baacf728cd2b5686ac88502837c.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...b27fb2964aa1b9b47837b6b5215e.0000140e.honggfuzz.cov | Bin 0 -> 5134 bytes ...6d245433c4fbd483248c5d54730e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...aa034797e04af24aae5e0d3f4396.000001ee.honggfuzz.cov | Bin 0 -> 494 bytes ...89c9077026f5b6071178fa41c5c6.000016e6.honggfuzz.cov | Bin 5862 -> 0 bytes ...d85efb32fccbe7ba7ff3d22f6957.00000059.honggfuzz.cov | Bin 0 -> 89 bytes ...adfb174419a24368eb0d95bb2a4d.000004e3.honggfuzz.cov | Bin 1251 -> 0 bytes ...d7d6d39195eee9ed2b1798f75977.0000037e.honggfuzz.cov | Bin 894 -> 0 bytes ...6ef8298ac94747a0214665b269d8.0000002d.honggfuzz.cov | Bin 0 -> 45 bytes ...41bda6212eac459e6c82da2c936b.0000003e.honggfuzz.cov | Bin 62 -> 0 bytes ...78ab97181ec669d6ff1b2ab74347.00000087.honggfuzz.cov | Bin 135 -> 0 bytes ...1a918fd47d48c3888aef1c852297.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...918cc47c2193dd913087c7d929fe.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...722d9ffa6e887a4aef924ff720cd.000002a9.honggfuzz.cov | Bin 681 -> 0 bytes ...0683bdd349b034c46a9b75f7f79d.0000001f.honggfuzz.cov | Bin 0 -> 31 bytes ...c6f97a61a67ee714ae46810a7f92.0000175f.honggfuzz.cov | Bin 5983 -> 0 bytes ...881c8f33d398e8b4b20d95d77cac.00016095.honggfuzz.cov | Bin 90261 -> 0 bytes ...052f4dcfdd47edafc59bbdceab05.0000f0a4.honggfuzz.cov | Bin 0 -> 61604 bytes ...d7069fd46452d7386344515c361c.00000244.honggfuzz.cov | Bin 580 -> 0 bytes ...722afcb81e4068b2e50a8c90e4b8.0000079e.honggfuzz.cov | Bin 0 -> 1950 bytes ...767e308ea12240e221fc31ce96ce.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...9cecf1bfcb4923fb2046b8d2073e.00000039.honggfuzz.cov | Bin 57 -> 0 bytes ...b2dc010467931bddb68ef8842225.00000f8e.honggfuzz.cov | Bin 0 -> 3982 bytes ...2f202b56834f01f84a2ada553ed2.00002265.honggfuzz.cov | Bin 0 -> 8805 bytes ...a17317195f4562d1cde1a03adbc5.00013d1e.honggfuzz.cov | Bin 81182 -> 0 bytes ...82bc4772ac8504e6a438b32cbb48.00001b5a.honggfuzz.cov | Bin 7002 -> 0 bytes ...05420ffcee74b134c7d9a90bf6a2.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...f0d8ed28aa7915e0512653dbd499.00000174.honggfuzz.cov | Bin 372 -> 0 bytes ...2972c114eaaeba257da9826774af.00001b5a.honggfuzz.cov | Bin 0 -> 7002 bytes ...e46f8b61180e8463e0fddc3bf974.00000208.honggfuzz.cov | Bin 0 -> 520 bytes ...61d2d5d5c675b263c54b8fd9a3dc.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...4afcced90a253caf503c31c4b459.00000129.honggfuzz.cov | Bin 0 -> 297 bytes ...942d73dcf6457be9214f8cf02531.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...3947a2e8cff29617e685b762ed42.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...ffb07a56364fc6cba90d3dda34c5.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...5b03352c2304de1b454bc1028b33.00000b9f.honggfuzz.cov | Bin 2975 -> 0 bytes ...f72ccc040c429c37aa67dbee955b.00000076.honggfuzz.cov | Bin 118 -> 0 bytes ...b2cc5cf94979f23d6cd6bae6ec74.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e32a691082775ca1a4698a60bafa.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...a119b728dc309280efeb259060f6.00000175.honggfuzz.cov | Bin 0 -> 373 bytes ...67a01b4e548f34939b9f5f9ba021.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...7e7e62c6202ac57a419124290dbb.0000005f.honggfuzz.cov | Bin 95 -> 0 bytes ...39b963ad41794aafe896fadaa522.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...4743decd9e5dccaf75a5e0fea830.000005e6.honggfuzz.cov | Bin 0 -> 1510 bytes ...0874ba52675d29cd41afbe769afa.00015d1d.honggfuzz.cov | Bin 89373 -> 0 bytes ...219d730f3689f6dec3e901ef9af0.000000b4.honggfuzz.cov | Bin 0 -> 180 bytes ...2ef9d4ddde6a7f43eb7e571d4610.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...d2b3d73a1a6780b48f41da3be44a.0000008b.honggfuzz.cov | Bin 139 -> 0 bytes ...e75dc69bbfa8b5d04f3c3eda366e.0000c856.honggfuzz.cov | Bin 51286 -> 0 bytes ...932e9c77739be5a0599e477400ab.000187a9.honggfuzz.cov | Bin 100265 -> 0 bytes ...6ef2a758ce6284425ad8c1014725.00001ff2.honggfuzz.cov | Bin 8178 -> 0 bytes ...d4add1dc4a128e70cc0b995a952d.00000035.honggfuzz.cov | Bin 53 -> 0 bytes ...a33c370c55e84135a3a45aaf5d01.0000021a.honggfuzz.cov | Bin 0 -> 538 bytes ...def104377a1a56d8e76d895a2dbd.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...55f472f4377e52e9ad8927cfd078.00001602.honggfuzz.cov | Bin 5634 -> 0 bytes ...8d9095cf5d63db030f4c196d71bc.000018f4.honggfuzz.cov | Bin 0 -> 6388 bytes ...68f8dbdd431dacaef3910c91df52.00000028.honggfuzz.cov | Bin 0 -> 40 bytes ...c7a58c19c932716061c23589567f.00000051.honggfuzz.cov | Bin 0 -> 81 bytes ...e7fb2d6deab1eebbfb4d5637aca9.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...773a3256d1ecdbf12fd84689a2ec.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...351b11d1a642ecd9a82c16c619b9.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ad2b5059f175c5ab86dfcc2c3244.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...9a3339e25f52d76ba45d3cba82a8.00002020.honggfuzz.cov | Bin 8224 -> 0 bytes ...255822e46407e6eafb3dda510a49.000024bc.honggfuzz.cov | Bin 0 -> 9404 bytes ...4627e5e69a8ed944af00b9729ccd.0001c8b4.honggfuzz.cov | Bin 116916 -> 0 bytes ...e6467d568c3ceef41aad7a8c7b4c.000000df.honggfuzz.cov | Bin 223 -> 0 bytes ...f3a8b117c8724ecb49b9bdca7fba.0000004b.honggfuzz.cov | Bin 0 -> 75 bytes ...6d1aad446893c1b116fe45c3425e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...11aef9413de0fba0ba44ecf57b30.0000007b.honggfuzz.cov | Bin 0 -> 123 bytes ...e9f142155b105eec071d79895ee8.00000116.honggfuzz.cov | Bin 278 -> 0 bytes ...554245edab19eeb3844ec51e0ad0.000001b5.honggfuzz.cov | Bin 0 -> 437 bytes ...32b320f9527d43e4746f6d417a69.0000003a.honggfuzz.cov | Bin 0 -> 58 bytes ...a1d69285eec4d8dd1ab3f5f72f53.00000bd2.honggfuzz.cov | Bin 3026 -> 0 bytes ...9b6f061bffae1fc13eaf1aa65c5f.0000004a.honggfuzz.cov | Bin 0 -> 74 bytes ...cf86d52a29bcdba19ff3cae6feaa.00000036.honggfuzz.cov | Bin 0 -> 54 bytes ...a11c3452802ae51837f130afefe1.00000261.honggfuzz.cov | Bin 609 -> 0 bytes ...840e72d45247f8389568bd927819.00000a89.honggfuzz.cov | Bin 0 -> 2697 bytes ...25990d8db8decb3f2835aa95eaff.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...4e893b6b32064e7f2473940739c6.000006c8.honggfuzz.cov | Bin 1736 -> 0 bytes ...5ec58090c8ea1df4eaaa9190afac.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...db9e0c2ba20fce672f81b95cf0bd.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...b3bce5d7c3a9e0f8e93d1021b01f.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...967d07e57c1d126f476040d45676.000001f8.honggfuzz.cov | Bin 504 -> 0 bytes ...32a1f78e0f126dd8cef801f64ac8.00000ded.honggfuzz.cov | Bin 3565 -> 0 bytes ...6eff99c56f21e674ae36ae386004.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...26c575757285843a4d70a9ca10e6.0000002d.honggfuzz.cov | Bin 45 -> 0 bytes ...67f3b9fe84d13cd5f09e8b98019b.00000037.honggfuzz.cov | Bin 0 -> 55 bytes ...121ef65d4911cad763497feab920.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a03250ade32d2c21706f38d20749.0001c2ad.honggfuzz.cov | Bin 115373 -> 0 bytes ...ff09e85830a4f5b41cd5f3a5722e.0000001d.honggfuzz.cov | Bin 0 -> 29 bytes ...ae28585830a4f5b5fd2fade1722e.0000001d.honggfuzz.cov | Bin 0 -> 29 bytes ...ae28591d30a4f46e8d2fade1722e.0000001d.honggfuzz.cov | Bin 0 -> 29 bytes ...9fe237e2ae7ef9194ed2fa3c3b38.00000acd.honggfuzz.cov | Bin 2765 -> 0 bytes ...ae2a885830a4f5b6cd1cacf1632e.0000001d.honggfuzz.cov | Bin 0 -> 29 bytes ...23772e0827b0f344086164027093.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...590c392c66f0ef9915192c4362f4.000002a9.honggfuzz.cov | Bin 0 -> 681 bytes ...b980b170a23109214187cc6933b6.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...fefa6c9ee05568c1f418cff1495e.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...d7395f2c38f64108dbc2bdf4b240.00000530.honggfuzz.cov | Bin 1328 -> 0 bytes ...ca4947e95b10065791f81440d7e4.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...f9aa8ed8ce389c9b833e5521e3ff.000000ee.honggfuzz.cov | Bin 238 -> 0 bytes ...9a512e2fea24677defcae36cadb2.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...d1c0797aca712cf3837f95398859.000000a0.honggfuzz.cov | Bin 160 -> 0 bytes ...175e9f8fa8210176bac055492333.000000c7.honggfuzz.cov | Bin 0 -> 199 bytes ...1c2e1ba8b1c09d9c6bea3d05d306.00000037.honggfuzz.cov | Bin 55 -> 0 bytes ...060bf9b28b17482b6a0b8f99292d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...06ddaab288f27bf82843071f5101.000000da.honggfuzz.cov | Bin 218 -> 0 bytes ...18f3b5a7edd5f691bf0a05a782bb.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...2cb8779df6f1396d0c02bb4416d0.00000153.honggfuzz.cov | Bin 339 -> 0 bytes ...329ae95e5a3fe8492598d992a4a0.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...1dc081dc8a3f4a77183945e873fb.00000084.honggfuzz.cov | Bin 0 -> 132 bytes ...b3a393e4b8ceb52f98cbd9c73cab.00000686.honggfuzz.cov | Bin 1670 -> 0 bytes ...2f4305dd21bbbb0fdbd3fcc8a14b.00000034.honggfuzz.cov | Bin 0 -> 52 bytes ...f083cb6b9df4b5c07b0cb86c8747.0000001d.honggfuzz.cov | Bin 0 -> 29 bytes ...3083cb6b9df4b5c07b08f8288747.0000001d.honggfuzz.cov | Bin 29 -> 0 bytes ...59e0acd0ded3bab59fe1ee37fa5f.00000db9.honggfuzz.cov | Bin 0 -> 3513 bytes ...8e99bdbc9402894e63fe236ad3e7.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...bafb234a914d68c1ff96f68f6a48.00000092.honggfuzz.cov | Bin 0 -> 146 bytes ...b60d941ac5737441e529a84ea043.00000175.honggfuzz.cov | Bin 0 -> 373 bytes ...7a017fdf9d8d85b2a2b8c8ac0c46.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ebb9144ae6659c88bcfb3dd7f5d4.00000021.honggfuzz.cov | Bin 0 -> 33 bytes ...ffc9cb7705088adf8876a4a84459.00000510.honggfuzz.cov | Bin 1296 -> 0 bytes ...7cb8115119cc4dda6f02f86a96e6.0001f4ac.honggfuzz.cov | Bin 0 -> 128172 bytes ...a3f30eec3970566192f915fcddf5.00000040.honggfuzz.cov | Bin 64 -> 0 bytes ...6a5f26d204de49f82f1d14107d5e.00001b62.honggfuzz.cov | Bin 7010 -> 0 bytes ...abf118d301cf308f37b1852c33cc.0000db04.honggfuzz.cov | Bin 56068 -> 0 bytes ...13dd0c0c48af071a134574c88fdd.00000b91.honggfuzz.cov | Bin 0 -> 2961 bytes ...0e64eb4549e72e4904ac64c21d30.0000087c.honggfuzz.cov | Bin 2172 -> 0 bytes ...9e6b35e5acb7b0a8f4342875824f.0000091e.honggfuzz.cov | Bin 2334 -> 0 bytes ...482a4e27d08e7c7732fcd5cc268a.0004f2c6.honggfuzz.cov | Bin 324294 -> 0 bytes ...07d5e63c00d362b0a6f5f0c36f44.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...97b7e37a1ef8e5f13d4ffa6765e4.0000002b.honggfuzz.cov | Bin 0 -> 43 bytes ...f59000000000658218f000000000.00000003.honggfuzz.cov | 1 - ...61be93c7069fad5e4599942ff487.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...db77d3df1b09b7d0819321d65fb5.0000051a.honggfuzz.cov | Bin 0 -> 1306 bytes ...e37a9d5824a3c5430cb0274bf0b6.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...bbbc9139008e674690d5175896c2.00004036.honggfuzz.cov | Bin 0 -> 16438 bytes ...186109d2897aec17259feca2a8f5.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...7d77264ed80dd3576f602962f2d1.0000045a.honggfuzz.cov | Bin 0 -> 1114 bytes ...df56847067699820742bbc6c7d39.000006c6.honggfuzz.cov | Bin 0 -> 1734 bytes ...19674d4658aec75c6c97332106f4.00007fef.honggfuzz.cov | Bin 32751 -> 0 bytes ...04c333fd4cbc0980bc8c17310c21.00016922.honggfuzz.cov | Bin 92450 -> 0 bytes ...592a58006f8eafe93fb338ab753e.000181bb.honggfuzz.cov | Bin 98747 -> 0 bytes ...5b55d031eef49ab188cd64670ff5.0000004f.honggfuzz.cov | Bin 0 -> 79 bytes ...fce144e3d471b0da9a9ff0e2f027.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...4800068f1d6d6b54b23d112d3499.000001db.honggfuzz.cov | Bin 475 -> 0 bytes ...a13cbcc34eaad2672168032a1220.00000065.honggfuzz.cov | Bin 101 -> 0 bytes ...97c619632fd0f96256273d074b54.00001139.honggfuzz.cov | Bin 4409 -> 0 bytes ...13b478a6a8f5765e496ceaf57df7.000017b0.honggfuzz.cov | Bin 0 -> 6064 bytes ...1ed7dbb863b627cb62e6d2609dd5.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...82cec318c9065d1fd183cef61f06.00003965.honggfuzz.cov | Bin 0 -> 14693 bytes ...bae1633e082932657fc31c8c9af1.00000078.honggfuzz.cov | Bin 0 -> 120 bytes ...8a5d73bc724dac6516167cf8862c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...463e9918c0ac01ecb5af57a0efb6.00002000.honggfuzz.cov | Bin 8192 -> 0 bytes ...a7ef742395d50d9e7ae0b231e870.00000119.honggfuzz.cov | Bin 281 -> 0 bytes ...e9725697d97515d172b4f9a0508a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...efe0633aad5ea7e8b144bfcbbc6f.00000088.honggfuzz.cov | Bin 0 -> 136 bytes ...b7aa701b777b80e69481e4814415.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...41a72f2bc9285a6159a386672072.00000087.honggfuzz.cov | Bin 0 -> 135 bytes ...fb26d7736869150c483c2e78c48b.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...a34d94805769d667c29e8226284c.00001eab.honggfuzz.cov | Bin 7851 -> 0 bytes ...943c412b23978b2843b16e8915ad.00000222.honggfuzz.cov | Bin 546 -> 0 bytes ...3d785ae3273c171d9e56f56a66a1.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...17a04ca7f69c839f02a59b24bcc9.00000288.honggfuzz.cov | Bin 648 -> 0 bytes ...b1077dc6d0a32186ed85b2ab41b3.000001e3.honggfuzz.cov | Bin 483 -> 0 bytes ...57a8a24d0055e5466098ffe6b49f.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...e6d82b20d0f810377dc0c79fa46a.0000008f.honggfuzz.cov | Bin 0 -> 143 bytes ...793d3277e084786166e517daef60.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...377b50e01a12fd2742b205c6c5f8.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...edc689c9cdb64c14164067903059.000189f6.honggfuzz.cov | Bin 100854 -> 0 bytes ...730ef34e0c4679974be067f069e4.00000049.honggfuzz.cov | Bin 0 -> 73 bytes ...6db9c69eab5d0ce9020f4cdbdbba.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...1e60c608335af8585e5dd26edb21.00000040.honggfuzz.cov | 1 + ...f4041f8034de2025399e5fa4dacf.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...0b152fd65d42c0b3485c40fd3c7b.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c007a30c17c611fe6397361b787d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e5852a8b01f7f9fe7ca79be48a26.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...7855a1f6d156512dfee5c9d71c91.0000001d.honggfuzz.cov | Bin 29 -> 0 bytes ...5080953abfa96f5fd9de0dd76446.00000374.honggfuzz.cov | Bin 884 -> 0 bytes ...8cdb7115fe564211e10515c06aca.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...5848a84d531274ea1f459aa04b08.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...5848a84d9ef2b90a1f4557401ce8.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...5dea49e26bd100c2e75562317d93.000001bc.honggfuzz.cov | Bin 0 -> 444 bytes ...9708fd2464a0344491a941185a74.0000a1b4.honggfuzz.cov | Bin 0 -> 41396 bytes ...097958007c74a2527ef1c5974815.00000020.honggfuzz.cov | Bin 32 -> 0 bytes ...2a9bce5c2f75621688e00e3db3ca.00006b6a.honggfuzz.cov | Bin 27498 -> 0 bytes ...ffe02e6b67a1d99fb533c0b460af.00000021.honggfuzz.cov | Bin 33 -> 0 bytes ...cdf4548719d9e227a45320bbfc4a.0001e987.honggfuzz.cov | Bin 125319 -> 0 bytes ...bbb36e8e8216e6769355db8375bf.00001065.honggfuzz.cov | Bin 4197 -> 0 bytes ...69c8210376c98626f0b21682f918.0000366f.honggfuzz.cov | Bin 13935 -> 0 bytes ...6741a3dcb79e9c1f604fcc972b36.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...9f3bad73d178334581831006ff71.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...2b03f605b5d94b09143c362ab815.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...e6f88e704da48c2d9e103ad07fd2.000001db.honggfuzz.cov | Bin 0 -> 475 bytes ...a0544ada7cf768f7982b19842fa6.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...f628769657f656059e6e9a65c4e9.00000bb8.honggfuzz.cov | Bin 0 -> 3000 bytes ...a8e977b43744388a45622f6aabba.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...7bbc72690684896a1361e3c6b593.00000295.honggfuzz.cov | Bin 661 -> 0 bytes ...31d6a07ceae91f71ac56c98ed1da.00000065.honggfuzz.cov | Bin 0 -> 101 bytes ...1ac9e8c531bc69790be5e589e81c.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...e855c53731255295aac9d646ca45.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...0d50ccde8f1ad3cc3a681ef66281.00000065.honggfuzz.cov | Bin 0 -> 101 bytes ...f4405f9951f9c88bb087851bacf6.00000021.honggfuzz.cov | Bin 33 -> 0 bytes ...3bc6496ec438a27bea0190e4b50b.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...86e2174ba76f2552ff558808c64f.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...3d423d37ee9f10ec3714d7172c8e.00005759.honggfuzz.cov | Bin 22361 -> 0 bytes ...d97e4bb0f7b8a2149af2014aa111.00000063.honggfuzz.cov | Bin 99 -> 0 bytes ...527640f6a31a7fc7e81c60b14a93.0000008f.honggfuzz.cov | Bin 143 -> 0 bytes ...d6ffa0fc6915cba4127bc92a4507.00000326.honggfuzz.cov | Bin 0 -> 806 bytes ...f767e0e9075479edce63f311c097.0001c767.honggfuzz.cov | Bin 116583 -> 0 bytes ...4b1293c543b79938cf50c07278a7.000002b0.honggfuzz.cov | Bin 688 -> 0 bytes ...ffe23a9566015ae75c2578a8b045.00000056.honggfuzz.cov | Bin 86 -> 0 bytes ...ffe32a8466015ae75d2478a9b145.00000056.honggfuzz.cov | Bin 86 -> 0 bytes ...ea62eeb938a5f25eff42dc5a5f78.000000c0.honggfuzz.cov | Bin 192 -> 0 bytes ...87e7ca94e53b6637ea50f3561cc4.00000089.honggfuzz.cov | Bin 137 -> 0 bytes ...c6b18af6d5581672333629d8b797.00000031.honggfuzz.cov | Bin 49 -> 0 bytes ...6494e6ce2a1371732dee517149d3.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...417c3116753f49e3f7c29342d3a9.0000004a.honggfuzz.cov | Bin 0 -> 74 bytes ...39ed6e5e8b09049f99a228cd8458.00000102.honggfuzz.cov | Bin 258 -> 0 bytes ...28ec4fdcbc21f1f4330367650979.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...336ebebd0b94aa7d62c24c53c479.000105b8.honggfuzz.cov | Bin 0 -> 67000 bytes ...7120f745d2c5a39a4baf26dbac5c.000000c0.honggfuzz.cov | Bin 192 -> 0 bytes ...b1ce928d07ad0bffbd29a7a69052.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...01f4543b281df576340ba1fc4746.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...f71ded7b494c032123b4c37bb1fa.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...1aa324849164483b5e97cb4d9629.0000018a.honggfuzz.cov | Bin 394 -> 0 bytes ...de24e48429e56d1edff79dec680e.0000004c.honggfuzz.cov | Bin 76 -> 0 bytes ...0000000000009090000000000000.00000001.honggfuzz.cov | 1 + ...e0db1f1a763ab101c0d73c29ec7e.0001df73.honggfuzz.cov | Bin 0 -> 122739 bytes ...209c5a9a8cef9ffe561ee261bd0d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...eb4b9843f32ab429672e283f3f2d.0000b104.honggfuzz.cov | Bin 45316 -> 0 bytes ...284791570a314882c4b1d6ff3e72.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...97cc58c4a8810b5acc2516513347.00000037.honggfuzz.cov | Bin 55 -> 0 bytes ...fa6bcc8a4c77672cd0a003580687.000001a6.honggfuzz.cov | Bin 0 -> 422 bytes ...61589d72ecdec29d99d0d01178e4.000003ad.honggfuzz.cov | Bin 0 -> 941 bytes ...70449f4cc0dfdff5444962429b75.00000081.honggfuzz.cov | Bin 0 -> 129 bytes ...e7a6a67246fdd7d527af29936c0c.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...0ca751fc2e1d1abbb96ee752cffc.00005ccd.honggfuzz.cov | Bin 23757 -> 0 bytes ...ad005dd611620fdfe37084aa3c59.00000200.honggfuzz.cov | Bin 0 -> 512 bytes ...50ca60b4c55c9d714b2939775da8.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...de48f43dcdb4f3d8d337e289c395.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...012ffa39b893bdf3cc26001fe2cb.0000026a.honggfuzz.cov | Bin 0 -> 618 bytes ...e88c7eb6ecc5299ce23009957251.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...542c6d3c52d15204a78444516b17.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...3a820550cb11ec6ef68c987e88e3.00005ad5.honggfuzz.cov | Bin 0 -> 23253 bytes ...b2e00cb00703bd7f480a85881b29.000002e0.honggfuzz.cov | Bin 0 -> 736 bytes ...070ee27759ad812d25a579137143.000000d4.honggfuzz.cov | Bin 212 -> 0 bytes ...771b6d5ac3eb893a40e6eeeff2ee.000012cd.honggfuzz.cov | Bin 4813 -> 0 bytes ...cf9e4164a1010c5b452c587bf6ad.00005759.honggfuzz.cov | Bin 0 -> 22361 bytes ...f42cc672f2075af65025bdb95d47.00001242.honggfuzz.cov | Bin 4674 -> 0 bytes ...75c2e41607b099cf9e946f683e9e.0000005d.honggfuzz.cov | Bin 0 -> 93 bytes ...e29345732f5868d1f839832c0503.00000ed5.honggfuzz.cov | Bin 0 -> 3797 bytes ...ebc8c8fe689386952e035a9496e9.000000a9.honggfuzz.cov | Bin 169 -> 0 bytes ...da9325ed8026454b4a9ed1832345.000001e6.honggfuzz.cov | Bin 0 -> 486 bytes ...b9705fc23dc73b4d508e4627eb80.00001f69.honggfuzz.cov | Bin 0 -> 8041 bytes ...a23dff41b57cab7c11598115d55f.00000057.honggfuzz.cov | Bin 0 -> 87 bytes ...38601b41da51b1747103ff5f18a9.00000046.honggfuzz.cov | Bin 0 -> 70 bytes ...1e603d67da51b1747103d06118a9.00000046.honggfuzz.cov | Bin 0 -> 70 bytes ...2818dca200542bc77c82a71bd5b2.000000ab.honggfuzz.cov | Bin 171 -> 0 bytes ...1cca1abdd7831713493b0a4ef993.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...3a101379b0b273f28adf3222dcfb.0000001e.honggfuzz.cov | Bin 30 -> 0 bytes ...091973747a1b6aa04b15bb8ac656.000001e3.honggfuzz.cov | Bin 0 -> 483 bytes ...dcf56119b49735f6e43f968e5659.00074f81.honggfuzz.cov | Bin 479105 -> 0 bytes ...bb6040ae8ddda5d6f9701a489a7f.00008b51.honggfuzz.cov | Bin 35665 -> 0 bytes ...08eb1e836e310f00d2ca9816b263.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...1a83bd36f4e43641894212b25229.000000f9.honggfuzz.cov | Bin 0 -> 249 bytes ...52da1d695dcfc800b6ff1cbc0195.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...2c4bdd5453f97b0238191bf30464.0000010f.honggfuzz.cov | Bin 0 -> 271 bytes ...25597112611aa0c43723a7e39005.000005d0.honggfuzz.cov | Bin 0 -> 1488 bytes ...46f003bc95d4b64189c42807592c.00000126.honggfuzz.cov | Bin 294 -> 0 bytes ...40c58aa95847c3775da2f6b5e29f.00000e1c.honggfuzz.cov | Bin 3612 -> 0 bytes ...a0e9009ecc5f80407042ed11562a.0000008c.honggfuzz.cov | Bin 0 -> 140 bytes ...4ef8f0084949209a11b2000d5d3e.00002000.honggfuzz.cov | Bin 8192 -> 0 bytes ...5962cc21c1e9fe0ed832e26498ed.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...60ff5d60f62a4f13ead1dedd17c6.000544ba.honggfuzz.cov | Bin 345274 -> 0 bytes ...12c472f653461d2c79c6bf4f748c.0000042a.honggfuzz.cov | Bin 0 -> 1066 bytes ...9e94dcda06de7b7b34ee2c512257.000015e9.honggfuzz.cov | Bin 5609 -> 0 bytes ...bf15077a0ff9e5b6fd4fee3765e4.0000002b.honggfuzz.cov | Bin 0 -> 43 bytes ...481570c02c9a1ad813f67c2bdce5.0000157e.honggfuzz.cov | Bin 5502 -> 0 bytes ...63dc6d0e49e1b93b21cbeadf51eb.00000787.honggfuzz.cov | Bin 1927 -> 0 bytes ...4f1749d9387989bf175ce4e21922.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...80f8e5c5dd6d8b5723fb4782bfdf.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...25de3e1e0dca6770375d7cf9fbea.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...7708b1895fe3be689d08e3bda039.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...f1d957d8fa048bd0f9563920f3e6.00000151.honggfuzz.cov | Bin 337 -> 0 bytes ...a98267020fd8a201e1d1e0732159.0000009d.honggfuzz.cov | Bin 0 -> 157 bytes ...b6b1c032cbf6994cf5bb1cd858b9.00000041.honggfuzz.cov | Bin 0 -> 65 bytes ...028c5de02f5c83c890b1a74c2249.0004a295.honggfuzz.cov | Bin 303765 -> 0 bytes ...1c7a71e50d5a32d57d346c19577e.00000565.honggfuzz.cov | Bin 1381 -> 0 bytes ...62936e3454e03f35e7e6d1f66960.00018619.honggfuzz.cov | Bin 99865 -> 0 bytes ...1f64bfa8fc2845e481d7111a13da.00000112.honggfuzz.cov | Bin 0 -> 274 bytes ...8e277cbccee08f05f51c1204fbd8.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...2d7b1318eaa30af9dd5b2bb97543.000003ed.honggfuzz.cov | Bin 1005 -> 0 bytes ...0474421ba46a30288be5a7b1e024.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...0f945505af54c5a1bd88391ce256.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...d4c8fd8d9ebaba64d392e71c65fc.0000151e.honggfuzz.cov | Bin 5406 -> 0 bytes ...eaba9f0a853a30cfabc81b452aaf.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6c0097b91d989b231fafd3d5c5b1.0000009c.honggfuzz.cov | Bin 156 -> 0 bytes ...647e9f3d12394ff676dec29fd637.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...37b649c9de2bc39536fe7e78bd25.000000f9.honggfuzz.cov | Bin 0 -> 249 bytes ...21af735be8f079a05ccffd9f65e6.000000b4.honggfuzz.cov | Bin 180 -> 0 bytes ...6bd17e89c70af8a1cf572e90e493.0000017a.honggfuzz.cov | Bin 378 -> 0 bytes ...87813436c2da99728f77e2e1aef3.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6bc8194a5500f783a60225a3de76.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...a987d2ffc685f3381a7ee915425b.00000035.honggfuzz.cov | Bin 0 -> 53 bytes ...5756e9b5bf58668328e700073a9c.00000131.honggfuzz.cov | Bin 0 -> 305 bytes ...ea0e3b9156fdc4743e11090a9cb4.000001df.honggfuzz.cov | Bin 479 -> 0 bytes ...fabd8f3301fbef168661f3287239.00000169.honggfuzz.cov | Bin 0 -> 361 bytes ...d21cf4aab97fee02124c20e64e9e.00000380.honggfuzz.cov | Bin 896 -> 0 bytes ...74269834e8da4771698f1f83843f.00000bb8.honggfuzz.cov | Bin 3000 -> 0 bytes ...18cbbe73e1872400d275feea9ea3.00000962.honggfuzz.cov | Bin 2402 -> 0 bytes ...501017dc1365286e9955a7b36373.0000008a.honggfuzz.cov | Bin 0 -> 138 bytes ...699f08a018a06c79d41ef81a75ca.00001748.honggfuzz.cov | Bin 0 -> 5960 bytes ...245b6a3c52840701f784443a0017.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a123038506666abbcc568bf81854.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...ebf91ce49da502d53a318bfdb29b.0001a1d1.honggfuzz.cov | Bin 106961 -> 0 bytes ...d863368939e72c32b19350a7ff6a.000000ef.honggfuzz.cov | Bin 239 -> 0 bytes ...da5931a8fa27ff6f0ac9908f1df2.00001d71.honggfuzz.cov | Bin 0 -> 7537 bytes ...e74ccf02a348e748dc38f3143cd7.00000131.honggfuzz.cov | Bin 0 -> 305 bytes ...628eb1637fbe61684f80c48420a1.00000124.honggfuzz.cov | Bin 0 -> 292 bytes ...badb92f966eb8a733d7a7745767e.00000188.honggfuzz.cov | Bin 392 -> 0 bytes ...e704e36a32be1d96018045b82ec5.00000dff.honggfuzz.cov | Bin 0 -> 3583 bytes ...8c8e07fc20644ca2537e107a6e08.00007b69.honggfuzz.cov | Bin 0 -> 31593 bytes ...3a78d208663782c4d27673bd653e.00001969.honggfuzz.cov | Bin 6505 -> 0 bytes ...10df86609a71de4f9320ad5d0282.0000010f.honggfuzz.cov | Bin 271 -> 0 bytes ...a09d638cfc47576ec63e4a04a65f.00000053.honggfuzz.cov | Bin 0 -> 83 bytes ...e7f31b17723c574d7f8b7c0487f8.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6c489b77a6b365ea9b98c5a62cd7.000456df.honggfuzz.cov | Bin 284383 -> 0 bytes ...77e9261eb3a01a440e184ea27e05.0000054f.honggfuzz.cov | Bin 1359 -> 0 bytes ...54946fa7dbca4d8bd529f048e3db.0000005c.honggfuzz.cov | Bin 92 -> 0 bytes ...04dac8bc7885136700a279e19144.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...28de87d3bcffed4475018a2019bf.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e55e98256d0b66e71e4188c1f8ec.0001d067.honggfuzz.cov | Bin 118887 -> 0 bytes ...66cc545692d01f44e037bae9df0e.00000e03.honggfuzz.cov | Bin 3587 -> 0 bytes ...b765c4113abf600e77c85009eac9.00000036.honggfuzz.cov | Bin 0 -> 54 bytes ...8a339cc208d082c792c01cd3f245.0000031d.honggfuzz.cov | Bin 797 -> 0 bytes ...78d006d8074d0b6b712a26e7228d.000000e0.honggfuzz.cov | Bin 224 -> 0 bytes ...082e6786baa217ec1a16b5f9d748.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...693e51cc097dd701541d41a30c50.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...a7c4654a8043caf1cd872cf88dee.0000037e.honggfuzz.cov | Bin 0 -> 894 bytes ...103e52ea19f04e025531f3f04cce.000000b5.honggfuzz.cov | Bin 0 -> 181 bytes ...68fe51ccc526276b288a1408d291.00000088.honggfuzz.cov | Bin 0 -> 136 bytes ...afae1a9d02ca0e54688e116bffd9.00000089.honggfuzz.cov | Bin 0 -> 137 bytes ...7da863275b2aaf55e69f4ac36c72.00000050.honggfuzz.cov | Bin 80 -> 0 bytes ...ef7d192c1fd79eb48dfb4c6aaf19.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...bcf703c4ceb57a9a8dbc5dda819b.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...8f9561bf8c543ccedd4fb8223020.00000124.honggfuzz.cov | Bin 0 -> 292 bytes ...60534c0298f3be18174bc7d5b972.000003db.honggfuzz.cov | Bin 987 -> 0 bytes ...25012506923e38144bc109a9a7f0.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...565a33a685b9522d233c635a0963.0000004f.honggfuzz.cov | Bin 79 -> 0 bytes ...8f422e82c649d7b3629ac84bdbb9.000000f7.honggfuzz.cov | Bin 0 -> 247 bytes ...953d5606f6a84b1c7aad5191513f.00000040.honggfuzz.cov | Bin 64 -> 0 bytes ...97e9af1046d681e7958dc7a039b0.0000001d.honggfuzz.cov | Bin 29 -> 0 bytes ...fd7ecd3d8ca5b72baa27ba559c77.00000326.honggfuzz.cov | Bin 0 -> 806 bytes ...2b4c6bca8179c62dc69a91305a8f.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...55000104000a76b00af0b401b000.0000000a.honggfuzz.cov | Bin 10 -> 0 bytes ...c9dd88302bf900ed58b4bcb90ad6.000000b3.honggfuzz.cov | Bin 179 -> 0 bytes ...361c34599bfa7cd2f70ec596c64d.00000057.honggfuzz.cov | Bin 87 -> 0 bytes ...92c59877e864c67102e65529973b.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...335543d270da97ab62db0274214a.00000053.honggfuzz.cov | Bin 0 -> 83 bytes ...d897c47779f8ab48e3df7e63674d.00000137.honggfuzz.cov | Bin 311 -> 0 bytes ...af298af65377ad1c67fdabd5ec1c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...00b32888c18306a9768fe28c6e9b.000001e8.honggfuzz.cov | Bin 0 -> 488 bytes ...5b3f28ba751caadee34552d96dde.00000133.honggfuzz.cov | Bin 0 -> 307 bytes ...658ec91b3d2ee9b447e5e7aa41dc.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...9a7957856720248d03f177622590.0000ffff.honggfuzz.cov | Bin 0 -> 65535 bytes ...60c83f77ba8fc6413297ac542acc.00000084.honggfuzz.cov | Bin 0 -> 132 bytes ...bcf2c3c6cf1917cdcb372cb16035.000001e6.honggfuzz.cov | Bin 486 -> 0 bytes ...e0f5e967016222485d751d249678.00000c2b.honggfuzz.cov | Bin 0 -> 3115 bytes ...93f94cb9e4ccfef55975c70df7cc.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...8e850a78330bcd9743b98d046c2f.00000813.honggfuzz.cov | Bin 2067 -> 0 bytes ...0f2d0c1f58cce8b3accb44c8b887.00037bf1.honggfuzz.cov | Bin 228337 -> 0 bytes ...4b5e74ec2c5a25dd15af8f5fd1ee.0000b904.honggfuzz.cov | Bin 47364 -> 0 bytes ...671aa4e307ba305444ff8887dc95.0000186a.honggfuzz.cov | Bin 6250 -> 0 bytes ...7f2b92f2954753e4675843752342.0000ede4.honggfuzz.cov | Bin 60900 -> 0 bytes ...43619d28ceedb8f72e81fc8b8cbe.00000020.honggfuzz.cov | Bin 0 -> 32 bytes ...c693d7d3b6e2c9c513c1c7e721a7.00000e87.honggfuzz.cov | Bin 0 -> 3719 bytes ...d278c1a511ce63340baa622b4753.0000008a.honggfuzz.cov | Bin 0 -> 138 bytes ...d3f7695b86bf7e41c45ffbe1852d.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...fd19ca9863238dfc9be0a7382581.000000d9.honggfuzz.cov | Bin 217 -> 0 bytes ...5eeb980a9ad76a34bd8c99308fce.0000001e.honggfuzz.cov | Bin 30 -> 0 bytes ...5eeb987a9dd72b30ad8c99308fce.0000001e.honggfuzz.cov | Bin 0 -> 30 bytes ...c9513718fdc00c99462caed3e098.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...2673b5faa7933f968fd8321b5ad4.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e3b49b565dc489e467751d1fdc00.0000001b.honggfuzz.cov | Bin 0 -> 27 bytes ...37c11d190ea979a53ff8adea77c8.00005435.honggfuzz.cov | Bin 21557 -> 0 bytes ...6a09601c4c98344091ac62b3e07c.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...99351050881042d56a4f699a2221.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a82f2f7d8974d4e72ea43f59c22a.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...664f0e69819678e5f9cd014e1b5e.0000014c.honggfuzz.cov | Bin 0 -> 332 bytes ...6e300dc89572c75a0899523a542b.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...f13aa2e8ee4e2813a7d017617426.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...50fb65acf65e4c4db33d25f586fc.00000086.honggfuzz.cov | Bin 0 -> 134 bytes ...2fa396722ba4eb5a3e8f29a8db4b.00000b97.honggfuzz.cov | Bin 2967 -> 0 bytes ...75bcd684bd8b34a6624b75008047.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...aa454702d942ab3924ffa9151a6a.00006dc8.honggfuzz.cov | Bin 28104 -> 0 bytes ...335ea3609683fc18182f80b12b89.00010c3b.honggfuzz.cov | Bin 68667 -> 0 bytes ...b20f8ee99a46a205af03cd2e70f3.0000009e.honggfuzz.cov | Bin 0 -> 158 bytes ...d5a293e3adb4287e03e1f894a70a.0000247f.honggfuzz.cov | Bin 0 -> 9343 bytes ...49c4e931d4dafcbac4f9de7ab8b7.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...cd5eb79ade22542c2f5e489b5785.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ea7d0f7b68d34de54376f92c96ad.0000012f.honggfuzz.cov | Bin 0 -> 303 bytes ...5dd9b675b931019346240deae7d4.00000186.honggfuzz.cov | Bin 390 -> 0 bytes ...3355a6126742306cd9453d7fdc09.00001b82.honggfuzz.cov | Bin 7042 -> 0 bytes ...8baf4e5f90aec3b087960eb86762.0000002a.honggfuzz.cov | Bin 42 -> 0 bytes ...ef3a552018671669aef008bf6f6c.00000473.honggfuzz.cov | Bin 0 -> 1139 bytes ...116f64df445f99934cfe8c2c3293.00000026.honggfuzz.cov | Bin 0 -> 38 bytes ...cbb4c83bff2386b60f660f522a99.00000078.honggfuzz.cov | Bin 0 -> 120 bytes ...18b9c4c10aaa8f908c8b61f62305.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a82dec679c40e63331e6c94d5dc3.000078f9.honggfuzz.cov | Bin 0 -> 30969 bytes ...a165ea39b21e452491d68a3bb3e3.00000040.honggfuzz.cov | Bin 64 -> 0 bytes ...2bd31d2bbf73732818bd287206a7.00018619.honggfuzz.cov | Bin 99865 -> 0 bytes ...33d6102cb04a88d65f9b9a501103.000003e3.honggfuzz.cov | Bin 0 -> 995 bytes ...586cd6caea6ffd7f74c954fcbf10.0000006e.honggfuzz.cov | Bin 0 -> 110 bytes ...5e73092d6e284c3fee11ba83d176.0000194e.honggfuzz.cov | Bin 0 -> 6478 bytes ...854e19a7fe05057a9daedc94161a.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...c045275ee624b19de2a84e680087.00000077.honggfuzz.cov | Bin 119 -> 0 bytes ...a3a8f891dc44d9d03e03a8df852f.0000009e.honggfuzz.cov | Bin 0 -> 158 bytes ...64677cc44ff31785fb27e05abb75.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...8877f540261791c5dae38711a84c.00017634.honggfuzz.cov | Bin 95796 -> 0 bytes ...a110d1319cfee1215191794d6dc0.0000da9a.honggfuzz.cov | Bin 0 -> 55962 bytes ...131428060500feb7cbc0f4371104.00000153.honggfuzz.cov | Bin 339 -> 0 bytes ...d371c555969656596667d63d9696.0000000d.honggfuzz.cov | Bin 0 -> 13 bytes ...b3840b9c0decfd984009cf844c26.0000006e.honggfuzz.cov | Bin 110 -> 0 bytes ...bef6c3c0fb81fa2f099fae2a1483.00001876.honggfuzz.cov | Bin 0 -> 6262 bytes ...97835860d90892a0b0774a0fd116.00000ffe.honggfuzz.cov | Bin 0 -> 4094 bytes ...fde9dc4fce6fd2a3330606e88ca1.000000db.honggfuzz.cov | Bin 0 -> 219 bytes ...d0993ee77df183fa6204b8d5d063.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...32fc1396702b7f6687d6d07a3a76.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...84c1312657f0ba21044ff6c4d555.000000c5.honggfuzz.cov | Bin 0 -> 197 bytes ...7c2d45b74eaca2fbba5dac45567a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a44f3459579c7293fd82f91886a5.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...27d7f6dda107436104a9316a80bc.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...80fd79741ae30f8933edb5931850.000007ec.honggfuzz.cov | Bin 2028 -> 0 bytes ...6b6bbf73575d92070667871a01d8.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...70c4c76199261050f365a0440e0f.0000006c.honggfuzz.cov | Bin 108 -> 0 bytes ...409e68c5a67dac21d6d03853a649.00001c32.honggfuzz.cov | Bin 7218 -> 0 bytes ...0c220f6c517431d71d4e08ae8738.00000131.honggfuzz.cov | Bin 305 -> 0 bytes ...2121381f43142bdf5172b9525bd6.00002f8b.honggfuzz.cov | Bin 0 -> 12171 bytes ...f7eacae98612255422419adb4275.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...0bab8818e85f40a3d259cee1c1f4.000003db.honggfuzz.cov | Bin 987 -> 0 bytes ...657d9a60bac7a329c42339c31397.00004436.honggfuzz.cov | Bin 17462 -> 0 bytes ...883a1efa1dbfe31704cc95c5436f.00001cf2.honggfuzz.cov | Bin 7410 -> 0 bytes ...a46f8c98bf93f69d2d5f437fd264.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...0d317226629c1ccdc39d7766ddd0.000003a2.honggfuzz.cov | Bin 930 -> 0 bytes ...33d0ab17015fea3c248cbd109424.00002000.honggfuzz.cov | Bin 8192 -> 0 bytes ...c1f611ea4f2a92273d317a872a69.0000021c.honggfuzz.cov | Bin 540 -> 0 bytes ...24871c5f0f69408ad3bd4e619889.000001c0.honggfuzz.cov | Bin 448 -> 0 bytes ...fe637a1b8c9c0c9f64fefdc8301a.00000028.honggfuzz.cov | Bin 0 -> 40 bytes ...3ddf42aedd0f602fb9ac6f62d7bc.00000037.honggfuzz.cov | Bin 0 -> 55 bytes ...1b98a888cea5675269f56a178fb8.00007d13.honggfuzz.cov | Bin 0 -> 32019 bytes ...6d24f1faef19fa6bff3dfdae9b42.000000da.honggfuzz.cov | Bin 218 -> 0 bytes ...0991170e2e6b6743b9f334f3d3c7.0000002d.honggfuzz.cov | Bin 45 -> 0 bytes ...77b289961561be9774c612d5adab.00000040.honggfuzz.cov | Bin 64 -> 0 bytes ...cfcde57fa35e0c1e2c7b491475b2.00000098.honggfuzz.cov | Bin 152 -> 0 bytes ...62f089ab39b6b35deefeb0a51912.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...4fbad6746111920f68bed16b421e.00001ff2.honggfuzz.cov | Bin 8178 -> 0 bytes ...083b07210c657d90e9433932b822.000000d6.honggfuzz.cov | Bin 0 -> 214 bytes ...23958f0e9098a51f927ffee515e8.0001380f.honggfuzz.cov | Bin 79887 -> 0 bytes ...1bd6b842a5d1064e602e7d629a10.000001b4.honggfuzz.cov | Bin 0 -> 436 bytes ...d633271fe1918f6402844e039d37.0000149e.honggfuzz.cov | Bin 5278 -> 0 bytes ...766662ea031a57db264ac2b68da3.0000015c.honggfuzz.cov | Bin 0 -> 348 bytes ...42623d6f0b0be45c19242f117008.00000230.honggfuzz.cov | Bin 0 -> 560 bytes ...b4888ed00161535073c521c43acb.0000007e.honggfuzz.cov | Bin 0 -> 126 bytes ...a0e8906407ea8cf819772a2d2770.000000ac.honggfuzz.cov | Bin 172 -> 0 bytes ...023c9881ad336c71c7965b5fb811.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...0014fa1a91308a596eca526293cc.0000039a.honggfuzz.cov | Bin 922 -> 0 bytes ...f91aae7df9c662b5970f58e40fc0.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...b1238e5d652e93ad8c2701606cbf.0000003c.honggfuzz.cov | Bin 60 -> 0 bytes ...07f8e55d652e93ad892751606cbf.0000003c.honggfuzz.cov | Bin 0 -> 60 bytes ...76867a0858992450d51accce24fd.000096fd.honggfuzz.cov | Bin 38653 -> 0 bytes ...1ef4cb3878b4a5ea20e2d32fd8b2.0000e677.honggfuzz.cov | Bin 0 -> 58999 bytes ...eaf03d52bdc99714fc6e3c1d873a.0000004a.honggfuzz.cov | Bin 0 -> 74 bytes ...b4fcfd1df76ebdeedba8141b86f0.0000091b.honggfuzz.cov | Bin 2331 -> 0 bytes ...8dc41862a398b452010f3138e9f2.000146cd.honggfuzz.cov | Bin 83661 -> 0 bytes ...0d2cc00127a1069205e74da35ba4.00000c65.honggfuzz.cov | Bin 3173 -> 0 bytes ...4df5950d8893695d45a1ad2a4ee5.0001faa6.honggfuzz.cov | Bin 129702 -> 0 bytes ...e21a5f1bf603384b86868ad94b99.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...e2d99c1bf603382416798ad94b66.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...d48e076c397c9f80b1e46a2f56a4.0000038d.honggfuzz.cov | Bin 0 -> 909 bytes ...f1f5b014f447a9779dc0f4864919.0000039a.honggfuzz.cov | Bin 922 -> 0 bytes ...b994608af2bf5489d548eef4060c.00000129.honggfuzz.cov | Bin 0 -> 297 bytes ...737b4dc154113190625af3156a82.0000027d.honggfuzz.cov | Bin 637 -> 0 bytes ...a9018c5a82ee603fcc52078f8d9d.000000b6.honggfuzz.cov | Bin 0 -> 182 bytes ...b686fd4486a146823e3d26ec1c49.00000034.honggfuzz.cov | Bin 0 -> 52 bytes ...730ae32b007c7c225eaa02f02c19.0001cbf4.honggfuzz.cov | Bin 117748 -> 0 bytes ...30a1e40b96e849837eff7d004256.0000008f.honggfuzz.cov | Bin 0 -> 143 bytes ...96d84a4bae6024247360f3dc8d65.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...03ac907c84180fe232380200ef78.00000265.honggfuzz.cov | Bin 613 -> 0 bytes ...036e2df89b92c5d4cf77ec98c9d6.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...464b15e2eb82eda192d71e1410c4.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...695ea153abb52e242c78714783a5.00000037.honggfuzz.cov | Bin 55 -> 0 bytes ...5d2384c4caf67052e0d235e3e134.0000022b.honggfuzz.cov | Bin 555 -> 0 bytes ...c25a58020f7195782b4a320bacc0.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...f043460f6fc163d5574b59368a54.00000ccd.honggfuzz.cov | Bin 0 -> 3277 bytes ...8d129540fd864ecee210b7eabecc.0000005c.honggfuzz.cov | Bin 92 -> 0 bytes ...205bfc05635b8f76c4bfb897e0b5.00077ae3.honggfuzz.cov | Bin 490211 -> 0 bytes ...8db1fba63fe82d616271044ac3f9.000000c8.honggfuzz.cov | Bin 0 -> 200 bytes ...d6a5b5fee2161c53f3c543605b91.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...764f01f4960bdd1eaf8e7a82e8c8.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...40d13ead8df3426e4ef739c9e7a8.000105b8.honggfuzz.cov | Bin 0 -> 67000 bytes ...17770dec3e7122dbff082f104d87.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...738f467b6310ef59a2bbb7cd9bb1.00000087.honggfuzz.cov | Bin 135 -> 0 bytes ...e1f6b7cd8cb755916ee8392cfdfe.0000a1cf.honggfuzz.cov | Bin 0 -> 41423 bytes ...871ca6e39a5932ce36bd02b710e4.00000a33.honggfuzz.cov | Bin 2611 -> 0 bytes ...5545071862e7883e1de4a819e1fa.000016f9.honggfuzz.cov | Bin 5881 -> 0 bytes ...98fa080ac273d85c4b924f4d9a30.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...3a4da91168704315144e987010b4.000001c7.honggfuzz.cov | Bin 455 -> 0 bytes ...d5705a8e9999204b6f5c95f1a25b.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...6273edde37853cb6c497ca8b49f2.000001e2.honggfuzz.cov | Bin 482 -> 0 bytes ...114d451292f77b58fa70a4b26584.000006ae.honggfuzz.cov | 1 - ...56f0dd6f5b8543d1587201b2b0fc.0000af89.honggfuzz.cov | Bin 44937 -> 0 bytes ...fd6d3b3dc89b3b101275a61d4a1d.0000078f.honggfuzz.cov | Bin 1935 -> 0 bytes ...39d169c09338a9daabdd9c18b054.0000e3cf.honggfuzz.cov | Bin 58319 -> 0 bytes ...657e175b46ee07fe21bdc9499348.000000de.honggfuzz.cov | Bin 222 -> 0 bytes ...482c6a8fd55ddca9e1b2cd29de1d.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...ae3fdd5f4efaa50456bf9cd53617.000000a6.honggfuzz.cov | Bin 166 -> 0 bytes ...3430a5d3043b151e8504cfe3c460.0000007c.honggfuzz.cov | Bin 124 -> 0 bytes ...2f65f8b007f5e39f886cb69dab05.000004d9.honggfuzz.cov | Bin 1241 -> 0 bytes ...dadffe3493ac1cfc7355d46a822e.0000defe.honggfuzz.cov | Bin 57086 -> 0 bytes ...4ae45c6bb41b65829f8ce97e9b57.0000001f.honggfuzz.cov | Bin 31 -> 0 bytes ...97b3d4133241aa806b8ed44d2722.00000052.honggfuzz.cov | Bin 82 -> 0 bytes ...a21fbdb995841a928321c1bedaaf.00000ba2.honggfuzz.cov | Bin 2978 -> 0 bytes ...357e5defd3a841866495d2b5c99e.00000453.honggfuzz.cov | Bin 1107 -> 0 bytes ...95c9c6c382f2c17b7482029244cc.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ade9db3696c322cbaf0a6a0940a6.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...f3bb99f5c2cb19be95b7799e16ba.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...fb79517c53037a2590c8477683fc.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...748d5c8f230abf863aae3abc14e2.00000034.honggfuzz.cov | Bin 52 -> 0 bytes ...2060631e85d9ec6f3e1dac46622e.00000240.honggfuzz.cov | Bin 576 -> 0 bytes ...77018755d91bbcfa61606e1f5e36.000002a4.honggfuzz.cov | Bin 676 -> 0 bytes ...3770f800997332041141a4329b0b.00000196.honggfuzz.cov | Bin 406 -> 0 bytes ...d5b18102f37035a2e6afe93452b2.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...998c9e976fb5c6ed6d139041ac87.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...87dfe85db0f2010180b1c537830c.0000002d.honggfuzz.cov | Bin 0 -> 45 bytes ...1abe721cb324d2a91528b9efce6b.00002dd8.honggfuzz.cov | Bin 11736 -> 0 bytes ...d8df4164270433e188b786ea91af.00000288.honggfuzz.cov | Bin 648 -> 0 bytes ...220bd01ebf7bf13306803ecbb380.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...292a4e976fb599b92f9b5c5ac131.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ee1b52778c6a405b8efecb8dc1fc.00000081.honggfuzz.cov | Bin 129 -> 0 bytes ...ad3dc8f7a87be53324228917b388.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ac560ae42f6b88320055613c9090.00000088.honggfuzz.cov | Bin 136 -> 0 bytes ...1a74a50ec5ebd50d14bc5e0b2505.00003524.honggfuzz.cov | Bin 0 -> 13604 bytes ...1f67a217672f66f788892796d94d.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...5e0a1783fe9a0e90efcfe9a68fc4.00013860.honggfuzz.cov | Bin 79968 -> 0 bytes ...754f4c26b71510f1f726b656e37d.00000332.honggfuzz.cov | Bin 0 -> 818 bytes ...1905aed9969e7950c50906efe939.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...82564b37eaa40d5ac0fd3bc8457e.0000010f.honggfuzz.cov | Bin 0 -> 271 bytes ...99a201d54a41cd00a8e8ecc2dbc0.000004f2.honggfuzz.cov | Bin 1266 -> 0 bytes ...de6ae19f3b4535b47ace604dc1d3.000002cf.honggfuzz.cov | Bin 0 -> 719 bytes ...457a922809bd9e8b0302999817b4.000002cb.honggfuzz.cov | Bin 715 -> 0 bytes ...4bde94f160360d94aec807d3cd47.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...e0a83f2f5a4f76f1b047b0ce11ae.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...b65b5d7db4ffe35862899942f29f.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...ea92f0b1c67308782d63de9772bb.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...f7cce6883b33969187d85c26173f.0000022b.honggfuzz.cov | Bin 0 -> 555 bytes ...60674dc6f87b21f5dc3cf7f1388a.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...706707e9002b414f56a851207576.00000020.honggfuzz.cov | Bin 32 -> 0 bytes ...228134c06b9470e53e480bbda078.00000086.honggfuzz.cov | Bin 0 -> 134 bytes ...beadd76ad4cf421f6c96ff64755b.0000008f.honggfuzz.cov | Bin 143 -> 0 bytes ...404ceba1714ed169b15f76808e29.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...de393abbacc72d9c252f08da804c.00000444.honggfuzz.cov | Bin 0 -> 1092 bytes ...f9b5d5be3f2212888209e65973fa.00000414.honggfuzz.cov | Bin 1044 -> 0 bytes ...f3cc6f8554bbd541113af1d49ff3.000019cb.honggfuzz.cov | Bin 0 -> 6603 bytes ...13c0eba0b148488ee20bce7525f5.000012a3.honggfuzz.cov | Bin 0 -> 4771 bytes ...1953481fdbed7c58939f3aeae057.000002a7.honggfuzz.cov | Bin 0 -> 679 bytes ...56d999eb81f82d8cebf2b62ac61d.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...5d8658338a6d17af6ffc2dbd1aff.000000f9.honggfuzz.cov | Bin 0 -> 249 bytes ...bfc01d808ac82d0820f845e0d314.00000113.honggfuzz.cov | Bin 0 -> 275 bytes ...d0ce390511287f3ec06196d75a25.00001fcd.honggfuzz.cov | Bin 0 -> 8141 bytes ...ba6fb91d456b30f82f33e13a1714.000148c5.honggfuzz.cov | Bin 0 -> 84165 bytes ...a0127e6a311a0390ab5588b1d292.0000ffff.honggfuzz.cov | Bin 0 -> 65535 bytes ...4ae5ff1ed4052f5795fc6ec23e9b.000713ab.honggfuzz.cov | Bin 463787 -> 0 bytes ...da3ce23c478b6bcbbd69369365b7.00000023.honggfuzz.cov | Bin 35 -> 0 bytes ...d511aa1e76e2d50c59c697d90662.000007bb.honggfuzz.cov | Bin 1979 -> 0 bytes ...b0468ba4cedc3c657abaed85e4fc.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...91da097b35b234247ae8760d653d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...9c82dcfb35b2448c77bdfb55b0b0.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...644ed8271b293df69d959b7ed715.0000c95f.honggfuzz.cov | Bin 51551 -> 0 bytes ...39f0a4d8ec422b90efa1069e891e.000000f2.honggfuzz.cov | Bin 0 -> 242 bytes ...ae70e9e91d808e78d701fba06988.00000041.honggfuzz.cov | Bin 65 -> 0 bytes ...ae8b382bdfa40b4614e10e6a4819.0000ffe6.honggfuzz.cov | Bin 0 -> 65510 bytes ...c21b86f772422c1dacfc0b82553d.000015c7.honggfuzz.cov | Bin 5575 -> 0 bytes ...dd739a97e880bf7ba9f3a2ba3ca6.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...f95f503503920d0ce6ae48ffc663.00000335.honggfuzz.cov | Bin 821 -> 0 bytes ...fdef2ec5803a2edd283331cc6b47.000005f3.honggfuzz.cov | Bin 1523 -> 0 bytes ...39e0e298f044fcc802a5027d1c4f.0000004d.honggfuzz.cov | Bin 77 -> 0 bytes ...1f027e14508db49d56035a61ab1c.000004a7.honggfuzz.cov | Bin 1191 -> 0 bytes ...ca005f5b90e023ca523324e28b40.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...078948126370912a164bed876734.000062be.honggfuzz.cov | Bin 25278 -> 0 bytes ...1b78b00c5f80aeb34d7e61f02d55.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...dd43e0c22b157937dfb613997139.00000967.honggfuzz.cov | Bin 2407 -> 0 bytes ...e8f75bfc75c08821addc7d3ae0cb.00000115.honggfuzz.cov | Bin 277 -> 0 bytes ...d84ffe624670c48c93c74fe28f75.00000217.honggfuzz.cov | Bin 0 -> 535 bytes ...9ac820068c21c13a0b93940dcb16.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...03934f7925de9abdde611fc01c86.000000f9.honggfuzz.cov | Bin 0 -> 249 bytes ...9bae14aa2df1fcc289470a186b76.00016710.honggfuzz.cov | Bin 91920 -> 0 bytes ...6af181e00cb1d8bfdb02a824ee09.0000e687.honggfuzz.cov | Bin 59015 -> 0 bytes ...f73167cd5f353fea714d3129949b.00000157.honggfuzz.cov | Bin 343 -> 0 bytes ...f197dd8d090ef36521f5aa892da1.0000004c.honggfuzz.cov | Bin 0 -> 76 bytes ...8a0f38d07ca394281b848c91cee5.00000040.honggfuzz.cov | Bin 64 -> 0 bytes ...4f42c3587ec8640c0f5a7158b8d1.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...67e7a52ea56d73dc33f8ed760841.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...90328dbfde33b258489262ecf4a9.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...33efaebb7cf4440fc11289921cb1.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...7e8e1ba8b1c069986bea3d02e0cb.00000037.honggfuzz.cov | Bin 0 -> 55 bytes ...b2cc5c6fe8d295a31531b055d408.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...8191cb61106741060c23bdb253b2.000000a5.honggfuzz.cov | Bin 0 -> 165 bytes ...9e42579e338a4a7c1d57f99b65ea.0000c8de.honggfuzz.cov | Bin 51422 -> 0 bytes ...79336cae9aac9770835deaa5575f.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...781cffbc0749fad8702f1c1e4d8a.0000012f.honggfuzz.cov | Bin 0 -> 303 bytes ...decc5c6fa89295f20471b055b864.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...1bdf9147618d72e56faed8141696.00000146.honggfuzz.cov | Bin 326 -> 0 bytes ...b23869341e07e86fdc48d464147a.000006a9.honggfuzz.cov | Bin 1705 -> 0 bytes ...a8a4d56858bf3c58897fc9b0a67b.00000042.honggfuzz.cov | Bin 0 -> 66 bytes ...ca1eaf6462bd9e26ed80df4abc0e.00000f3a.honggfuzz.cov | Bin 0 -> 3898 bytes ...43462e2d49e92d34feb369c83bd3.000005df.honggfuzz.cov | Bin 0 -> 1503 bytes ...11f3dcbf2e8db7d8a193019cbc26.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...0b8ae8a900e724565e83d4c764cf.00000019.honggfuzz.cov | Bin 0 -> 25 bytes ...82e1229712beb14b46f22c3378a9.0000005f.honggfuzz.cov | Bin 95 -> 0 bytes ...fc0e578446234c6170a1ce1bc031.000170df.honggfuzz.cov | Bin 94431 -> 0 bytes ...1051483316fa6aa4749bd47ae70b.0001153e.honggfuzz.cov | Bin 0 -> 70974 bytes ...4f05cdc080cbe47693cad1d281fd.000054d1.honggfuzz.cov | Bin 0 -> 21713 bytes ...2f2ad48c2a8abfece2185e486e6b.00000138.honggfuzz.cov | Bin 0 -> 312 bytes ...5ee03821b5280b5fadfa8b789846.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...7cf216469cd95774c8c8a3d1555a.0000007a.honggfuzz.cov | Bin 0 -> 122 bytes ...de096ab6a515a16963dad1dab1b7.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c552d1b1015bce88c8b20f15dc44.000003fc.honggfuzz.cov | Bin 0 -> 1020 bytes ...3d9d1ed8d656945185e747c1e9b6.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6a5591f1db0be44831e0f63d877f.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ab37623f2bed45f7991bfd3a8046.00000062.honggfuzz.cov | Bin 98 -> 0 bytes ...a88f58f26bcf7092222bcf23327b.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ab7c97cd6bcf5f422118cc130178.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...214e2b3fce73c34c8b99d8795f3a.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...809e18932f15cdca5ee0e1cc13cb.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...809e88032f159e99ce70e1cc835b.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...8da36274c6f17c8e03ce53c91745.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...e4483133e242046cb6a74eec66b4.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...1ba143edb0fc421d949f1c2f0be2.0001102a.honggfuzz.cov | Bin 0 -> 69674 bytes ...a9952a82f2ad168a70de869f2aef.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...4555e0bf4fd677f8423306837763.00000b01.honggfuzz.cov | Bin 2817 -> 0 bytes ...d0e9faef86e3b8c4abfac060f499.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...075f3adcf392d7fa6295b3974203.00000336.honggfuzz.cov | Bin 0 -> 822 bytes ...8ce1f8f5928c746248d76b986e8a.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...de728207e0e8b3869153d0d91203.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...de7282b1863895e04a3e66bfc91c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a4a363ae942e76488103e27febc3.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...26fdcc6cd5127ff576512301b7bc.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e5475b797e7a5762a4513c5b282f.00000069.honggfuzz.cov | Bin 105 -> 0 bytes ...570db528d6637bec1c2426767198.00000020.honggfuzz.cov | Bin 0 -> 32 bytes ...93ce03083861e2b311549e8e2556.0000021f.honggfuzz.cov | Bin 543 -> 0 bytes ...aea56756f4b71b4b7773206feef0.0000a0a1.honggfuzz.cov | Bin 41121 -> 0 bytes ...b9a8215b103243cbe8739d7cf98a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...297769f91e45d093dd57c0bd169d.00000ffe.honggfuzz.cov | Bin 0 -> 4094 bytes ...7917bdf4de6dae98141e3feaf9e7.00002000.honggfuzz.cov | Bin 8192 -> 0 bytes ...0b8af11a93f50cdad39bb5ab2c57.00000051.honggfuzz.cov | Bin 81 -> 0 bytes ...ab50cbdd36211cc989424f064fb0.00000546.honggfuzz.cov | Bin 1350 -> 0 bytes ...5f7ecce9ce32cec800a2ab26e066.00000037.honggfuzz.cov | Bin 55 -> 0 bytes ...d63c99df24404300897180614a6e.000000e1.honggfuzz.cov | Bin 0 -> 225 bytes ...f4d79d86d98a6c0e6883e8e83ab3.0001153e.honggfuzz.cov | Bin 0 -> 70974 bytes ...44d032ada918e1510e5e804ef610.0000092c.honggfuzz.cov | Bin 0 -> 2348 bytes ...0225f53e5f3c7a4d7f8b58b25cb1.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...04685d68e685b3c9a19e6e28de29.0000151b.honggfuzz.cov | Bin 5403 -> 0 bytes ...efa10c25bcff4f44e699f40ca1e5.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...ba286b2eb85b308effadf5e594a6.000000ae.honggfuzz.cov | Bin 174 -> 0 bytes ...22361d7f05bd3d7a6b88ff385499.00015ac8.honggfuzz.cov | Bin 88776 -> 0 bytes ...ec9e1d03cbe1bb341fd4fa22f856.000002e6.honggfuzz.cov | Bin 0 -> 742 bytes ...e5be8b59746d420ac966ca8c4f47.00000040.honggfuzz.cov | Bin 64 -> 0 bytes ...1af1b58e937a89a0219e62d8c88c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...9afd155f4497fb941b457f515014.000000c6.honggfuzz.cov | Bin 0 -> 198 bytes ...7ab3c886f2ca483ab8e660092254.000061c9.honggfuzz.cov | Bin 25033 -> 0 bytes ...4abaeb367ce74924cbdbad22ebf8.00000176.honggfuzz.cov | Bin 0 -> 374 bytes ...e31ab4c38b0069437ee8fa34ad93.0000006a.honggfuzz.cov | Bin 0 -> 106 bytes ...e31b6fb38b0088536fe9eb34ac49.0000006a.honggfuzz.cov | Bin 106 -> 0 bytes ...d594813768bbfe3495c48174d150.000000f9.honggfuzz.cov | Bin 0 -> 249 bytes ...5853452c9abf16761b2200734b22.00000084.honggfuzz.cov | Bin 0 -> 132 bytes ...7d89bb4a1e8e2af0d80f34b12d30.0000025f.honggfuzz.cov | Bin 0 -> 607 bytes ...c744521fc8efffda6d6205c6c5f8.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...837c85d9596f3bcfb45c7fdae7e6.0000052e.honggfuzz.cov | Bin 0 -> 1326 bytes ...c2146c7d11d6bea01d0f32975c15.00000239.honggfuzz.cov | Bin 569 -> 0 bytes ...72fe02b2bf2428f7acc5d9b439a1.00014294.honggfuzz.cov | Bin 82580 -> 0 bytes ...4c2e82c59c3ca0a4919bb3df6cd6.0005eb74.honggfuzz.cov | Bin 387956 -> 0 bytes ...cf29d6a400a3d325daccf00d0648.000006ae.honggfuzz.cov | Bin 1710 -> 0 bytes ...2d2e02c879d7f05f1aad8f36cc57.000003ad.honggfuzz.cov | Bin 941 -> 0 bytes ...c2fd219a8ebe57284ffd03ee73c9.00000455.honggfuzz.cov | Bin 0 -> 1109 bytes ...83abca7bde3e0a00ede9f3209df9.00002407.honggfuzz.cov | Bin 9223 -> 0 bytes ...f814cc3c3086897b8a3a05b18648.0000338a.honggfuzz.cov | Bin 13194 -> 0 bytes ...a4d40a8bb4efbfa392aee5a14f52.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...19b71417aa44bf1bf5d428766940.00000100.honggfuzz.cov | Bin 0 -> 256 bytes ...5564d0636ce893298cf03a4ab089.00000265.honggfuzz.cov | Bin 613 -> 0 bytes ...76b02ed25880e6b99d4a1a2954f4.00000350.honggfuzz.cov | Bin 0 -> 848 bytes ...e83f600a097014e90740bcba4777.000001cc.honggfuzz.cov | Bin 460 -> 0 bytes ...d31a004896f970183415ef0f8b66.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e3128b59746d456778a6ca8c0b46.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...6925ee3a29c86cb708582491c5ae.00000e83.honggfuzz.cov | Bin 3715 -> 0 bytes ...3b6149f9a5a9cccbce8e6bfbd7b3.0002da95.honggfuzz.cov | Bin 187029 -> 0 bytes ...4876d679c5c39d3d36bab536382e.00005fff.honggfuzz.cov | Bin 24575 -> 0 bytes ...c1fa932337f8d9a54b07abb888df.0000000e.honggfuzz.cov | Bin 0 -> 14 bytes ...31d2ef4f39c3c411e0d12f3bd0f8.000105b8.honggfuzz.cov | Bin 0 -> 67000 bytes ...a6d79d778094d62a9a8687b74714.000538ff.honggfuzz.cov | Bin 342271 -> 0 bytes ...cac71550d9821071bc5f355c46ea.00000c31.honggfuzz.cov | Bin 0 -> 3121 bytes ...68d6893b707d4ff99fb2159e848b.000000de.honggfuzz.cov | Bin 0 -> 222 bytes ...3e7300f824719673fb74c18af774.00018619.honggfuzz.cov | Bin 99865 -> 0 bytes ...a3ef60e4b9b9661dbcd36fd9f5a0.00014294.honggfuzz.cov | Bin 0 -> 82580 bytes ...43f1e50341c74074313dcc2e3427.00000086.honggfuzz.cov | Bin 134 -> 0 bytes ...1e711317b6d9772d08153b41595a.0000005e.honggfuzz.cov | Bin 0 -> 94 bytes ...41818f36127c69fdefe9f16acc70.0000149a.honggfuzz.cov | Bin 0 -> 5274 bytes ...9ff02fcc8af9326dc0505793a0c0.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...6fad9e8591bc5c5dbb8dc074a4ac.00000200.honggfuzz.cov | Bin 0 -> 512 bytes ...1ce87951054860ba291fb344a7f2.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...bd522c35692d54626a783502e56a.0000efd9.honggfuzz.cov | Bin 0 -> 61401 bytes ...b72d4b906317012e0405d766d9e6.000053c3.honggfuzz.cov | Bin 21443 -> 0 bytes ...39629e1b9869cf8753daf412bd79.000054d1.honggfuzz.cov | Bin 21713 -> 0 bytes ...a9ff0bc952297fe43912df7147cc.00002319.honggfuzz.cov | Bin 0 -> 8985 bytes ...2c5aa3fafa7b814ae86f63d4d738.00000092.honggfuzz.cov | Bin 146 -> 0 bytes ...2e6386c733fba476fc6b412e0f99.00000244.honggfuzz.cov | Bin 580 -> 0 bytes ...a10e94231ff2895d7d2b24d3779e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...36631f0175312bcab5e20598a4ad.000000d4.honggfuzz.cov | Bin 212 -> 0 bytes ...8437123d108f8d8c5a4306bdf67d.000014ec.honggfuzz.cov | Bin 5356 -> 0 bytes ...f3b1eecaba25d984bcdc9b67301d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...575e57440b789251a6c2a5c0966b.000006eb.honggfuzz.cov | Bin 1771 -> 0 bytes ...236eb492e7051966bf64e2da088b.0000015a.honggfuzz.cov | Bin 346 -> 0 bytes ...2cacf554166d093f892756c00c35.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...acb9f9fd7123ee288a663f5a1438.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...332980e9ac8962057405a5b84e9d.000006c8.honggfuzz.cov | Bin 0 -> 1736 bytes ...77de4d642c4cbb6c4a04176514a4.000002c4.honggfuzz.cov | Bin 708 -> 0 bytes ...6f075be845f512257856f2c43f35.00000029.honggfuzz.cov | Bin 0 -> 41 bytes ...073e8601e77c399560924663837a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ac7425b22b8b1e5df5963968df05.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...cb4de8cc39570b8461ee86bcbb67.00000138.honggfuzz.cov | Bin 0 -> 312 bytes ...ffce899a7a063a600962cb273699.000001ed.honggfuzz.cov | Bin 0 -> 493 bytes ...1cd7ff4037f0b0227895773cc814.00000029.honggfuzz.cov | Bin 0 -> 41 bytes ...f7a4b691745ab6d8df74c68e4779.00004236.honggfuzz.cov | Bin 16950 -> 0 bytes ...b7cdcdd0ae60b0227895e7acd30f.00000029.honggfuzz.cov | Bin 41 -> 0 bytes ...d2c7dd2049103115ee638b068251.00000032.honggfuzz.cov | Bin 0 -> 50 bytes ...1819f0da19a1b5dde1182a0f662e.000000c0.honggfuzz.cov | Bin 192 -> 0 bytes ...b1eaeb2f50bdf1faf168cbb6ee93.00000214.honggfuzz.cov | Bin 532 -> 0 bytes ...cb8ed475b450dd29702a60be6392.00005407.honggfuzz.cov | Bin 21511 -> 0 bytes ...c0af68f5f897982cfed4a3361715.00000094.honggfuzz.cov | Bin 148 -> 0 bytes ...64427d6298091371d60dd1680520.0000005a.honggfuzz.cov | Bin 0 -> 90 bytes ...e5a819d5c793b38869dd73554d25.000002a2.honggfuzz.cov | Bin 674 -> 0 bytes ...5265e0ecc69da9848641d5f2cbe6.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...558c9a228c4d1aace64d5c2bc9b5.0000019a.honggfuzz.cov | Bin 410 -> 0 bytes ...6c2349759c8bdcc18db8a36dba79.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ea29cd44532f9b266092aaa21f9e.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...126414bf4dd5b92cb9e24fa8dcac.0003f787.honggfuzz.cov | Bin 259975 -> 0 bytes ...160a6ecd923f4fae6e46b6f68767.0000387b.honggfuzz.cov | Bin 14459 -> 0 bytes ...284e2b50372256539529a73575d2.000000b6.honggfuzz.cov | Bin 182 -> 0 bytes ...a94ec9d285b3fe5fe8ef9b9398bf.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...08423b74ba0803a1a5ff54049b01.00000fa5.honggfuzz.cov | Bin 0 -> 4005 bytes ...9306dc5df06723a747fc4a415779.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...07bd26221965693c48ed36c981e7.000003ab.honggfuzz.cov | Bin 939 -> 0 bytes ...93710af12364582ecd98b32a333e.00002eb9.honggfuzz.cov | Bin 11961 -> 0 bytes ...117bb1faeec934bbea5fbad2533e.00000174.honggfuzz.cov | Bin 372 -> 0 bytes ...eb74c3bbe0a7d3c2822201766f1b.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...8222943d7cb42c953a39c152ad05.0000030b.honggfuzz.cov | Bin 779 -> 0 bytes ...2c14172f1ed3cefe97e03399732d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...35ff2ddb4d4554ed76460330bb7e.00000e87.honggfuzz.cov | Bin 0 -> 3719 bytes ...ebc8edb731066cdd56e892f87ee0.00000400.honggfuzz.cov | Bin 0 -> 1024 bytes ...a4167fca063aff5d78ef7cdf41f7.00000452.honggfuzz.cov | Bin 1106 -> 0 bytes ...d4757a86fa06d493c658d4fdc8d9.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...de06604954c868e4f02d8200d3fb.000157e9.honggfuzz.cov | Bin 88041 -> 0 bytes ...000000000000bae0000000000000.00000001.honggfuzz.cov | 1 - ...badd85c94ad4852f5b7749f1bb1f.000003ea.honggfuzz.cov | Bin 0 -> 1002 bytes ...bef8ce7f4b9c5eb8edefdc28e547.00000050.honggfuzz.cov | Bin 80 -> 0 bytes ...df19b1747fb54f59d9e7f08ab334.00000116.honggfuzz.cov | Bin 278 -> 0 bytes ...273b3b449360d4a4f326ad592cea.0001ce8d.honggfuzz.cov | Bin 0 -> 118413 bytes ...fbeabf2d8c32f39f607c3872445f.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...af34bdabdac41c0bf798cec20579.00000276.honggfuzz.cov | Bin 630 -> 0 bytes ...f69075e63d91a6c01ace6fd827a3.000004d7.honggfuzz.cov | Bin 0 -> 1239 bytes ...1efe718730162c065082bd7d08c2.00000017.honggfuzz.cov | Bin 0 -> 23 bytes ...07210393e5193fc2ddf3d13a923f.0000006c.honggfuzz.cov | Bin 108 -> 0 bytes ...1b00166a5eedb4d13e74118f3e28.000000b0.honggfuzz.cov | Bin 0 -> 176 bytes ...7a99b99b71db48d3f0202cdf3c3c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...2db547a6351c6d062f433987b71a.0000025e.honggfuzz.cov | Bin 0 -> 606 bytes ...85a3d449b049814bcfe3690ba373.00000097.honggfuzz.cov | Bin 151 -> 0 bytes ...7fd0687109d0b2cdcf8536e54ea8.0000002b.honggfuzz.cov | Bin 0 -> 43 bytes ...4af6dd2035f67db2d730b8a507f9.00000e63.honggfuzz.cov | Bin 3683 -> 0 bytes ...8bf2d76fd74c2969bf4af10da08d.00000187.honggfuzz.cov | Bin 0 -> 391 bytes ...6a5d9522e03be28930883b38adc2.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...ea41eaa98df4a66defed5ba55486.0001c2a7.honggfuzz.cov | Bin 0 -> 115367 bytes ...3a8e77544979e20ddfa85851216f.000006a8.honggfuzz.cov | Bin 0 -> 1704 bytes ...88aa3dd8a33e8207984fe0392587.00000384.honggfuzz.cov | Bin 0 -> 900 bytes ...68979db7f7b89acfc9afec4aa111.00000063.honggfuzz.cov | Bin 99 -> 0 bytes ...317b044b91671e95c0d33bc6c054.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...2c36715c16f839818daa263e2630.0005fc5b.honggfuzz.cov | Bin 392283 -> 0 bytes ...baa4c6885edb4ff91255e242803f.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...2b1d3169311bdee580f20d56fea4.0000666c.honggfuzz.cov | Bin 0 -> 26220 bytes ...ecc195f05554b02a12dbb2740065.000000a3.honggfuzz.cov | Bin 163 -> 0 bytes ...f177e4c32a218e0fbff7f742660c.0000018a.honggfuzz.cov | Bin 0 -> 394 bytes ...d5dcebe97649bd5386b3d65a04c5.00000787.honggfuzz.cov | Bin 0 -> 1927 bytes ...4fce6ae5181dc38d14f0c5ab0fb3.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...7ddfbbb8516fd6549e72ca6746dd.00000169.honggfuzz.cov | Bin 0 -> 361 bytes ...4da86c91f1946c30a58ecdab6677.00000905.honggfuzz.cov | Bin 2309 -> 0 bytes ...aa480e1a9a8d70385c4eb3eaba9e.00000029.honggfuzz.cov | Bin 41 -> 0 bytes ...86d68ce794bde6e8ae83975a79ce.00000020.honggfuzz.cov | Bin 0 -> 32 bytes ...8640fdf5c2da69fa6b3ad27a03dc.00000442.honggfuzz.cov | Bin 0 -> 1090 bytes ...b369fc2ebbe0e891b890e54c3e8e.00000012.honggfuzz.cov | Bin 0 -> 18 bytes ...b299c90fb415145d572b831ee917.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...70d8646dff614a72ec4832b6940a.0000002f.honggfuzz.cov | Bin 0 -> 47 bytes ...1a7de373a3a75eea84e0f9207472.000069de.honggfuzz.cov | Bin 0 -> 27102 bytes ...fcf365e1f5ad5ca9728da8b05884.00000086.honggfuzz.cov | Bin 134 -> 0 bytes ...8478253eb58302b2cc6c1fd1cf46.00000126.honggfuzz.cov | Bin 0 -> 294 bytes ...d930b10ce086d0d9a3e1ba8ed958.00000244.honggfuzz.cov | Bin 0 -> 580 bytes ...f4fe301c6be6668e19d08d812a98.00001c13.honggfuzz.cov | Bin 0 -> 7187 bytes ...595706034c8f656e5b3ffb7884bb.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a8fe826d791974d0f71bac881587.00000265.honggfuzz.cov | Bin 0 -> 613 bytes ...78dd9222a3840c41880f9a793914.00001121.honggfuzz.cov | Bin 4385 -> 0 bytes ...a9e552e8419e64cabdbe597192fc.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...d424feac7429a626145356274213.00019549.honggfuzz.cov | Bin 103753 -> 0 bytes ...2c7a700178b786d8a062c504a22b.00000049.honggfuzz.cov | Bin 0 -> 73 bytes ...dc05f557bfe390143ea804378faf.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...f259fd385157378d6a021707cf66.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...7275fabeefdc25d6e32021e3dc50.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...37db1d3e4430b5768d23fb543a03.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...9856ab2d80415800ce3aff78a2f0.00000785.honggfuzz.cov | Bin 1925 -> 0 bytes ...fb1e76658909ed73a8739d683e45.00000182.honggfuzz.cov | Bin 386 -> 0 bytes ...ed20a74c224700252be57108031d.0000070e.honggfuzz.cov | Bin 1806 -> 0 bytes ...c110ff7c1070756a9b1974708e51.00000945.honggfuzz.cov | Bin 0 -> 2373 bytes ...041696e9b49154173fdb4c179bb0.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...f70276651b8532a1d5609c790aa4.000012fb.honggfuzz.cov | Bin 4859 -> 0 bytes ...d9e894c65848b476e90838a9cdf0.00000143.honggfuzz.cov | Bin 323 -> 0 bytes ...2c9e254cc7d493cd9db6cba6c593.00000f03.honggfuzz.cov | Bin 3843 -> 0 bytes ...5f996aaebc429eaf0526f2d879c9.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...77eb8b2fb8ecb3e9bcd5e478d9aa.0000001b.honggfuzz.cov | Bin 0 -> 27 bytes ...f1657cfaf7897038d59d391215c7.0000df9c.honggfuzz.cov | Bin 57244 -> 0 bytes ...30ea6294204d532cb3e076623234.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...9a652033a60ce6a77d07229d1931.000025e7.honggfuzz.cov | Bin 0 -> 9703 bytes ...f7ef719bb935257325328a8ee77d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...9d525e9a7d2d8b7cb953c1a6a28b.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...548fe3ede4d1b25ec31bf7bab9e5.0000001a.honggfuzz.cov | Bin 0 -> 26 bytes ...25f9d9f8f99956db58a92514ee1e.000713ab.honggfuzz.cov | Bin 463787 -> 0 bytes ...e205576369b03e044965fc08e25c.00000a03.honggfuzz.cov | Bin 2563 -> 0 bytes ...436dc16226e23b50115c6c3dc66b.00000df7.honggfuzz.cov | Bin 3575 -> 0 bytes ...af4cd2a993c18d8557b03c7e7236.000001e1.honggfuzz.cov | Bin 481 -> 0 bytes ...407ba4e80ee733e5d15f12fe3a10.00006a67.honggfuzz.cov | Bin 27239 -> 0 bytes ...8f0359798c164d80783349bb42f9.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...cc834e95e4e063963b0b3b93f1b4.00000116.honggfuzz.cov | Bin 0 -> 278 bytes ...f9ae1554f02c8152b7030890d735.000000a2.honggfuzz.cov | Bin 162 -> 0 bytes ...a32d91d566e2845df795c7a91593.0000f1d1.honggfuzz.cov | Bin 61905 -> 0 bytes ...9449dfed25a2c018a4f9436e9ccd.00000048.honggfuzz.cov | Bin 0 -> 72 bytes ...7768a7e7d403e4771e2e39e09a85.0000009e.honggfuzz.cov | Bin 0 -> 158 bytes ...4dced5e2f9e6f652ff0edb68200d.00000808.honggfuzz.cov | Bin 0 -> 2056 bytes ...1aa27b5a328900aa72826199cf00.000000be.honggfuzz.cov | Bin 190 -> 0 bytes ...37d83f410e726241599fa5bc8868.00018619.honggfuzz.cov | Bin 99865 -> 0 bytes ...c015c73ae72bd6fee3a05cd9c766.0001fc7b.honggfuzz.cov | Bin 130171 -> 0 bytes ...b405a7cf5bf5d805a54ee9ec4c15.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...45362da9cbd579d21b62e9d1f5cb.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...cf4eff2fd51dd2c9ecf5bbc242c4.0000013c.honggfuzz.cov | Bin 316 -> 0 bytes ...8fc71463420beabac142e256f10c.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...3b935edf887e01a5b0e172323f20.0001cd47.honggfuzz.cov | Bin 118087 -> 0 bytes ...c8341fa4c20a44aa6dcf34e34b0d.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...13eb3a55fd7ee8f084aa76b01437.00001afe.honggfuzz.cov | Bin 0 -> 6910 bytes ...725bdfcae86d9dced35a984687bc.00000331.honggfuzz.cov | Bin 0 -> 817 bytes ...1c5b0fc39fe3cfede887ad5d1e56.00000124.honggfuzz.cov | Bin 0 -> 292 bytes ...d02905604d6ebebec877e7481100.000000d4.honggfuzz.cov | Bin 0 -> 212 bytes ...811ec8ae99d522d911423fa745d8.00000b04.honggfuzz.cov | Bin 0 -> 2820 bytes ...a6d71789e776b2919a38d5e3e519.0000017f.honggfuzz.cov | Bin 0 -> 383 bytes ...7076237b357bfc4bae03cf514bc0.0000029e.honggfuzz.cov | Bin 670 -> 0 bytes ...aaa06946f156fcd3fd56df2fbd82.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...3deb937a8a479118287b6c9806dc.00000048.honggfuzz.cov | Bin 72 -> 0 bytes ...0c516787ce48039c977da94ed904.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...bd15f179dbbcd0c104f631e9a13a.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...450845b5de9803b32bde1e061aaa.0000737a.honggfuzz.cov | Bin 29562 -> 0 bytes ...ffbaff16c551c2a623910d6d3962.00000353.honggfuzz.cov | Bin 0 -> 851 bytes ...ad6b04b158f8984d959423f6ee5b.000054bb.honggfuzz.cov | Bin 21691 -> 0 bytes ...dc7b69c9781a7d49f44ea92326d2.00000130.honggfuzz.cov | Bin 304 -> 0 bytes ...d0b0fdcbd54559bbcf5c237d5a4d.0000bd6c.honggfuzz.cov | Bin 48492 -> 0 bytes ...40d9e170ec695faade616e7bf696.0000003e.honggfuzz.cov | Bin 62 -> 0 bytes ...04950dbfb2cac9091beb66f3e6e4.0000007e.honggfuzz.cov | Bin 126 -> 0 bytes ...d50c3bf3277d0f54397e4443e31a.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...49a4c538bd7575c0218d6ee3e7e6.00000ebf.honggfuzz.cov | Bin 0 -> 3775 bytes ...1ead84267952848c1ae65e722fbc.0001ef20.honggfuzz.cov | Bin 126752 -> 0 bytes ...bf849d2a1cd7be344f060cfed578.00000400.honggfuzz.cov | Bin 0 -> 1024 bytes ...20e2dc12c527e7366b9f5c515221.00000040.honggfuzz.cov | Bin 0 -> 64 bytes ...e0d33a86e8d91479a977a1b6da33.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...a77520df937063df715e186232e8.0000001c.honggfuzz.cov | Bin 0 -> 28 bytes ...d07fe50e1c660b67a8973c0feb7b.00000e87.honggfuzz.cov | Bin 3719 -> 0 bytes ...fcc8efdaae895222aac80f3e0564.00014d82.honggfuzz.cov | Bin 0 -> 85378 bytes ...bd17f07ee2a00e0e05bcdfdf3218.00000200.honggfuzz.cov | Bin 0 -> 512 bytes ...62ee88ce22f7b01424a49fdc3539.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...01314ca010438980fb48c134b702.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...ca52730916005263b0ef8f86035a.0000024d.honggfuzz.cov | Bin 0 -> 589 bytes ...2f0fb4529d247fd1aac37a6bd8ce.000001cf.honggfuzz.cov | Bin 463 -> 0 bytes ...a1088e989198d5d540e96b4931df.00000063.honggfuzz.cov | Bin 0 -> 99 bytes ...1663aba5d4b94383caafcd1ed211.0000005c.honggfuzz.cov | Bin 0 -> 92 bytes ...5808cf857f03585b890918735b3c.0000a15f.honggfuzz.cov | Bin 41311 -> 0 bytes ...e544304291c1767162bc40267b04.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...0a3e0afdbf376979c104088b5d8d.0000032d.honggfuzz.cov | Bin 0 -> 813 bytes ...9cdbf36d1e393f4e0bf1ec3ccc66.00000059.honggfuzz.cov | Bin 89 -> 0 bytes ...167314303b4496549c276f855fe1.00000041.honggfuzz.cov | Bin 65 -> 0 bytes ...526f154fd68905cb5ad209ae0dac.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...000000000000c5c0000000000000.00000001.honggfuzz.cov | 1 + ...533a85f6487a6af280a7c7cdbb06.00000052.honggfuzz.cov | Bin 82 -> 0 bytes ...eb691eae3c5642d72bdf1cfc2ef7.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...f51bab7b0fb0d396ed591eb9ac19.0000054f.honggfuzz.cov | Bin 1359 -> 0 bytes ...f81c06e5d798823e5acd2827b20e.0000c77f.honggfuzz.cov | Bin 0 -> 51071 bytes ...c0c4b3283539869b49f514cd4870.00000061.honggfuzz.cov | Bin 0 -> 97 bytes ...fa3a97a28ab92c4db520988aa28a.0000000c.honggfuzz.cov | 1 - ...70b0ab4da4fa55409a3c8b2038dd.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...c5d3c66f9096b3e1d2e74957b4c5.0000005f.honggfuzz.cov | Bin 0 -> 95 bytes ...3c0680d72bc8c32f5bb6783e7de5.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e780425fb5123cb1950ebd02bf0b.0000cc97.honggfuzz.cov | Bin 52375 -> 0 bytes ...4dce11682d9e08bede84b70b2905.000099b3.honggfuzz.cov | Bin 0 -> 39347 bytes ...6f58ce2be1525efad2af1e894e3b.000000e4.honggfuzz.cov | Bin 228 -> 0 bytes ...bbeda1eb708000779d4d357ebe48.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...3ace7a951745baf1e9527d8fc0ef.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...4fb2de90201c3d189c95a48708ba.0000008b.honggfuzz.cov | Bin 0 -> 139 bytes ...1607d2ab6f24204f9caf5cb3eb4f.00000062.honggfuzz.cov | Bin 98 -> 0 bytes ...4a71eeae0e99a0c28f9d8caaf99f.00000bc4.honggfuzz.cov | Bin 0 -> 3012 bytes ...0397e9c64b0976fadbc77a4a609a.0000c791.honggfuzz.cov | Bin 51089 -> 0 bytes ...f4f2797812a54aa10dfd1ed27fcb.00008ff8.honggfuzz.cov | Bin 36856 -> 0 bytes ...2c69c030c1d8299c4ea90e916c0e.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...d3dbc6cbbe69b99c2be02cd801f1.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...800a6841b9e01de4f47766c1c05d.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...63a0800000007ed1d800000020a0.0000000a.honggfuzz.cov | Bin 0 -> 10 bytes ...ebe7bdbaf68dc8ef33789624b451.00000c65.honggfuzz.cov | Bin 3173 -> 0 bytes ...35629f354651c2cbcb23f676600a.00000295.honggfuzz.cov | Bin 0 -> 661 bytes ...6a772baddcc6f55cddff7b1ba28e.00000050.honggfuzz.cov | Bin 80 -> 0 bytes ...1ed3fc2e3e6685f23400b0da6678.00001732.honggfuzz.cov | Bin 5938 -> 0 bytes ...c2f0d5dba19717a2669361cd5b2c.000000bc.honggfuzz.cov | Bin 0 -> 188 bytes ...cbbf7ed4040fc45df855c1668736.00000691.honggfuzz.cov | Bin 1681 -> 0 bytes ...165f2863bd6f6a55da93a903a88c.00000150.honggfuzz.cov | Bin 0 -> 336 bytes ...497a36b413c1998b7e5e28445218.00007697.honggfuzz.cov | Bin 0 -> 30359 bytes ...48e1e5e87968fdfc37d3e3352b91.0007819e.honggfuzz.cov | Bin 491934 -> 0 bytes ...4dcc1b2e33daf1d5619d57f15fd3.00000032.honggfuzz.cov | Bin 0 -> 50 bytes ...b603b64d9deb29f6ba7fa347fe56.00006cff.honggfuzz.cov | Bin 27903 -> 0 bytes ...db4fca48e294d1d645095edf070b.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...edea1c75401128275eb9b852b36e.000001cc.honggfuzz.cov | Bin 460 -> 0 bytes ...0edc214bcce107fcd62fe72c1298.0001e46a.honggfuzz.cov | Bin 124010 -> 0 bytes ...1107327ace1b9aa83d2690de9876.000001d3.honggfuzz.cov | Bin 467 -> 0 bytes ...51c86c37c97bc14aaadeb93ee00e.0000017b.honggfuzz.cov | Bin 0 -> 379 bytes ...a234adc3365e48dc893918bc612a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...f910a162d1fa0d656b027abdb655.000001a4.honggfuzz.cov | Bin 0 -> 420 bytes ...d1bbdbd806cf1a0ab75135ce5ef1.00001998.honggfuzz.cov | Bin 6552 -> 0 bytes ...d42a9b7a3be0e7312da3baa083b9.00000037.honggfuzz.cov | Bin 0 -> 55 bytes ...a0d2a4dff2cc423696b4f029a83d.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...7b25709de11042ed17be62ff7af3.00010001.honggfuzz.cov | Bin 65537 -> 0 bytes ...f7d955b351963ae1b83454300dc2.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...2381fdca111084e75a4aecf74d61.00003a0b.honggfuzz.cov | Bin 14859 -> 0 bytes ...e5e16636a33306cd3ff869ad29a9.0000085d.honggfuzz.cov | Bin 0 -> 2141 bytes ...8d0a6cd95279c157ee732ae159c8.00000190.honggfuzz.cov | Bin 400 -> 0 bytes ...ec1f92d6578198f2fbe66910290f.00000110.honggfuzz.cov | Bin 0 -> 272 bytes ...dee91acc1c8927ae5595fd81e7de.00000197.honggfuzz.cov | Bin 0 -> 407 bytes ...5adf1fbd82d1beb391904b72a412.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c49376f193778ed6183379d6bcf7.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...17bcfccb582147f57a973303b8f4.000006a6.honggfuzz.cov | Bin 1702 -> 0 bytes ...bff43198bc617016db73e5dac093.000014e4.honggfuzz.cov | Bin 5348 -> 0 bytes ...c0def2fea8c9fc534624ff07b006.00000871.honggfuzz.cov | Bin 0 -> 2161 bytes ...c1cee5ead6d0218b99ca90412155.0000002c.honggfuzz.cov | Bin 44 -> 0 bytes ...60feac639b1d6f0f0ec74b3fd12e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6f7219bf3b8c6c7f5dc21fb9b8f7.000039d2.honggfuzz.cov | Bin 14802 -> 0 bytes ...a5c766ba68171f234f3c915b032c.0000a2fb.honggfuzz.cov | Bin 0 -> 41723 bytes ...feb608a501ffaa85dfcd4cde0871.00015a10.honggfuzz.cov | Bin 88592 -> 0 bytes ...4bdc71cb60365d8aacecdd0a9bb0.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...3139daaced7471af4ffbfba7d822.000000f7.honggfuzz.cov | Bin 0 -> 247 bytes ...6b2f6595f7d9eeecd00065d71f25.00000020.honggfuzz.cov | Bin 0 -> 32 bytes ...31bdf4d2637dd981c70f3553b2be.000000bc.honggfuzz.cov | Bin 0 -> 188 bytes ...811f2bafbc6f05dfebc32941a6e7.000008c2.honggfuzz.cov | Bin 0 -> 2242 bytes ...0e90e7a9a25c96626f2d8ff07359.00018acd.honggfuzz.cov | Bin 101069 -> 0 bytes ...e96dcabf60572db395a7848ad58b.00000135.honggfuzz.cov | Bin 309 -> 0 bytes ...176923f1f8134766843fba972056.00000062.honggfuzz.cov | Bin 98 -> 0 bytes ...9d2ee3695f0988b197f251ee0491.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c308697f141c2996d52e1597419f.00000199.honggfuzz.cov | Bin 409 -> 0 bytes ...a3aadcf97c1d123bceea45b6f132.000105b8.honggfuzz.cov | Bin 0 -> 67000 bytes ...5fdd4c16860c9c4ee69ce0862a35.0001e987.honggfuzz.cov | Bin 125319 -> 0 bytes ...c713a896c05c8d5f252cfe78ad10.000002fa.honggfuzz.cov | Bin 762 -> 0 bytes ...a400a53b9bd11e3f5c8998feba56.000004d2.honggfuzz.cov | Bin 1234 -> 0 bytes ...d586c41643bb5467cd41d0aa1af3.000000c6.honggfuzz.cov | Bin 0 -> 198 bytes ...d045957bf810aa0a3430b6b42980.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...0163e0e36333baa88f8a3f9afcc2.00000655.honggfuzz.cov | Bin 0 -> 1621 bytes ...f542802d078034560f284ee0045c.0000008d.honggfuzz.cov | Bin 141 -> 0 bytes ...cd2f5c9d588bab2cb937bf20521e.00002501.honggfuzz.cov | Bin 9473 -> 0 bytes ...9076878adaf98eadd14a64b5f4ca.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...95779f9f7bb93b7e666d593ec1ae.000001c9.honggfuzz.cov | Bin 457 -> 0 bytes ...2f14f673a44087a5fd58ebf6f403.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...c585c0f042f2cc2afdbae7c8e83c.000000c3.honggfuzz.cov | Bin 195 -> 0 bytes ...b8bf18698fe8207660134cc49130.00000c22.honggfuzz.cov | Bin 3106 -> 0 bytes ...cb11509c0a6eecf621ec6a67736f.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...59df4c77ad999921642549c9808e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...d125e19b3de345ff1c67baab2449.00000b31.honggfuzz.cov | Bin 2865 -> 0 bytes ...04c9068def838a4cb53059aa678e.00000100.honggfuzz.cov | Bin 256 -> 0 bytes ...0f8f36589d6b5bd8eafbc3921514.0000010f.honggfuzz.cov | Bin 0 -> 271 bytes ...49961872f51c11faf0ecaac67f0c.000000be.honggfuzz.cov | Bin 190 -> 0 bytes ...59871872f51c04eff1bdef292102.000000be.honggfuzz.cov | Bin 190 -> 0 bytes ...4294053554b6b2371f0ef0a08051.00000066.honggfuzz.cov | Bin 0 -> 102 bytes ...9abb1de2f00c8a5bc3501f0c9d62.000004c9.honggfuzz.cov | Bin 0 -> 1225 bytes ...9441bc84107ee7da4635f776e1f8.000003e5.honggfuzz.cov | Bin 997 -> 0 bytes ...81bccfcc2b5fd6648a52a19e9f94.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...8cdb5f02184a3f7ac8b47c510220.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...d1681c4658a5e2ad8496e944d36a.00000143.honggfuzz.cov | Bin 323 -> 0 bytes ...c8d0e85c0b9a41289115bfbbd133.0000938a.honggfuzz.cov | Bin 0 -> 37770 bytes ...5a90d9151fa05d9cfc6f8124b7e4.000000c6.honggfuzz.cov | Bin 198 -> 0 bytes ...234100d5e3b04d62e7ceb8d63f01.0001f5dd.honggfuzz.cov | Bin 128477 -> 0 bytes ...634329096218249a046069654bc0.000000ad.honggfuzz.cov | Bin 173 -> 0 bytes ...81bc4494fa46d67506c3d880f3a6.0001e97f.honggfuzz.cov | Bin 0 -> 125311 bytes ...9ea47532fdec1707d68bfebbcbaa.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...aa1dd3cddd01672c4cdab9c93817.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...5c436d9da44a8d3bb4103a9975ca.00000091.honggfuzz.cov | Bin 0 -> 145 bytes ...68b5963fa24e649ed267aea51dc8.00000f70.honggfuzz.cov | Bin 3952 -> 0 bytes ...d0a4050df1231a634bb094bfc2d2.0000192a.honggfuzz.cov | Bin 6442 -> 0 bytes ...e705bf6b86ba02eeff8140769e9e.00000021.honggfuzz.cov | Bin 0 -> 33 bytes ...e70ffbdb970a02eefe5ae1c08e43.00000021.honggfuzz.cov | Bin 33 -> 0 bytes ...a11ce3943189b30e8924df6e0361.000185aa.honggfuzz.cov | Bin 99754 -> 0 bytes ...ef96b337720c31a896c912156730.00000f86.honggfuzz.cov | Bin 0 -> 3974 bytes ...645c97c7fde044f0f521cebe67b6.00000288.honggfuzz.cov | Bin 648 -> 0 bytes ...e14be26d2d79b8dd86d8a36a8534.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...9f0ec6eb79d387ecf48c55820b82.0000008c.honggfuzz.cov | Bin 140 -> 0 bytes ...fae924b46f5c028ba1d85c7d932a.000000de.honggfuzz.cov | Bin 222 -> 0 bytes ...e076429a27662a692e4eafdeecee.000000da.honggfuzz.cov | Bin 218 -> 0 bytes ...32866fce3ec82416aadf85ccb68d.0000195d.honggfuzz.cov | Bin 6493 -> 0 bytes ...6bd11dca23bf3295993b96cb0b36.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...7c74c93a62541f8f695bdbb4eaa7.00007d13.honggfuzz.cov | Bin 32019 -> 0 bytes ...709987e1ea64dff5229b44eac1e0.00000129.honggfuzz.cov | Bin 0 -> 297 bytes ...fc5853d5b17ef801252a08032c0c.000000b7.honggfuzz.cov | Bin 0 -> 183 bytes ...98f05df5f9e3d23a417cde6aeaa0.0000003d.honggfuzz.cov | Bin 0 -> 61 bytes ...c349e1aa0caed70db1aced72dce3.00000052.honggfuzz.cov | Bin 0 -> 82 bytes ...7b36e9338d51f7e7575b5c2bc72d.00000037.honggfuzz.cov | Bin 55 -> 0 bytes ...3ecea5c71ebd46c91a05a8cc5ba0.000001ae.honggfuzz.cov | Bin 430 -> 0 bytes ...3f6e871e272166fb38626c3eda94.00000046.honggfuzz.cov | Bin 0 -> 70 bytes ...a77d5334bb59ee38345ae613869f.00005f6e.honggfuzz.cov | Bin 24430 -> 0 bytes ...15c78aa758dfbee2fc471fcfee19.000002d6.honggfuzz.cov | Bin 726 -> 0 bytes ...fc5cef7288b2009b31f2942dcd01.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...7e543a17b495c3b6be3ebcebafc9.00001502.honggfuzz.cov | Bin 5378 -> 0 bytes ...582d6bb9da77da5405a375e5c47d.000148cb.honggfuzz.cov | Bin 0 -> 84171 bytes ...1632954713a1de65e093de248a56.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...685901f6792aadd2d9c228a55dac.000090f3.honggfuzz.cov | Bin 0 -> 37107 bytes ...c4b54d40cc32c2a0c3b33c17ba1f.000000e5.honggfuzz.cov | Bin 0 -> 229 bytes ...323b617550ed9e7a012164796f9b.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...95c8cc9590791bfe0130dee64423.0000008e.honggfuzz.cov | Bin 0 -> 142 bytes ...d3a80d0481465f897df07986b956.000074be.honggfuzz.cov | Bin 0 -> 29886 bytes ...4b7e659a4bd10c3412d8d242456f.00000400.honggfuzz.cov | Bin 0 -> 1024 bytes ...f2d485d755153cc2942e4d5b67fc.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...3215b5fdc1950fe5417d88e1bbcc.00000fa8.honggfuzz.cov | Bin 0 -> 4008 bytes ...9bbdd718e7bf2e5a101de9b82030.00019b12.honggfuzz.cov | Bin 105234 -> 0 bytes ...ca30c5d21eaf7f3697f40dc94beb.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...0b19170e204c2db3f676fde4ed05.000000ff.honggfuzz.cov | Bin 0 -> 255 bytes ...c6a50fd8e6b7fc115b2014e0f2b9.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...0ec2802f7320aeb0baa799afdf31.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e72bc5fcb020fe24dd7c566c2cbc.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...0fb4f0e895ef30a81cfbaeaf4dc7.00001dcd.honggfuzz.cov | Bin 7629 -> 0 bytes ...6d79bdb61fb4502dc1c98bab73c4.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...bae576b281a1dd243205c2655a9c.00000bdb.honggfuzz.cov | Bin 3035 -> 0 bytes ...44e0fa91c75f999d6b00f5056a2a.000000f7.honggfuzz.cov | Bin 0 -> 247 bytes ...c8fb309b58c6fe47c06357c1d435.0000007d.honggfuzz.cov | Bin 0 -> 125 bytes ...7f97d9a177b4e918bf883a07cbbe.00000020.honggfuzz.cov | Bin 32 -> 0 bytes ...2999e78a6401bef5b13cff53316c.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...d9588142d34904aaf74d076e76e6.0000005e.honggfuzz.cov | Bin 0 -> 94 bytes ...9114b7b2b9b4efd8a6e46b4e53fe.00000020.honggfuzz.cov | Bin 0 -> 32 bytes ...912fd9b2b9b4efd8a6e443ee53fe.00000020.honggfuzz.cov | Bin 32 -> 0 bytes ...cdf69ec71cefe5944bcd28aea34b.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...d1791ccbf50b280cd609fe6f8e0e.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...9b3ac7d2cbe040b26925b13136eb.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...15377f2db03212eec70819beb4fd.0000098f.honggfuzz.cov | Bin 2447 -> 0 bytes ...68db53c81a45efa38757c0aadd5e.0000fe29.honggfuzz.cov | Bin 0 -> 65065 bytes ...84f39e6128f62f274fd2bc96b07f.0001caea.honggfuzz.cov | Bin 117482 -> 0 bytes ...695a02da6a8eb8d289a7c451be24.000000ff.honggfuzz.cov | Bin 0 -> 255 bytes ...345eb447bbc0f312be75791a1c01.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...d71c60e11bb4aa5565801727ca0d.000000f9.honggfuzz.cov | Bin 0 -> 249 bytes ...da4ed2d3a31f5f16088dbfacac6c.00000f78.honggfuzz.cov | Bin 3960 -> 0 bytes ...36c915fcbf127d3ef7f3bfc47ec4.0000101f.honggfuzz.cov | Bin 0 -> 4127 bytes ...cc435aed7af3cd7629d31b7bcc23.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...819d730f3670c0de3a86d7e69596.000000b4.honggfuzz.cov | Bin 180 -> 0 bytes ...4dff4a3de1b267221a3a6a88f27a.00000032.honggfuzz.cov | Bin 0 -> 50 bytes ...eebd1f6d3089871934f7575eb084.0000d376.honggfuzz.cov | Bin 54134 -> 0 bytes ...08af3bcefff2fb7e34f1b40f0919.00004481.honggfuzz.cov | Bin 0 -> 17537 bytes ...56271a1ee4e27b5a0dae5e72f6d4.00000074.honggfuzz.cov | Bin 0 -> 116 bytes ...3f93b77c8b5b037d12101700dce4.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...26c9ebfebee0c93b61aae1ad3d09.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...ce3ebd645b5fb7aaa83b8a3f1767.0000007d.honggfuzz.cov | Bin 0 -> 125 bytes ...e7e7cd189a40aa4d07a70cc1cb85.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...8a27686479ed7af8c5b43cccf4c0.000000d9.honggfuzz.cov | Bin 0 -> 217 bytes ...5b6696dd80a71847e7e1584388e5.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...471b88a7b5f739d71e6d193d6a64.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...8b2e6fc6ece623c654bdb5ebb03f.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...a945b8f801d966a349c79a582f10.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...b33b610bf84246c24e9f3938bace.0000002d.honggfuzz.cov | Bin 0 -> 45 bytes ...f9e5240f3097465458a051fd1c48.0000029e.honggfuzz.cov | Bin 0 -> 670 bytes ...24f25ae212d516ec81661470face.000000f9.honggfuzz.cov | Bin 0 -> 249 bytes ...44e63d273494480b5ddec8819cf3.000001e3.honggfuzz.cov | Bin 483 -> 0 bytes ...f2ad12d20935231d547056bb32be.00000020.honggfuzz.cov | Bin 32 -> 0 bytes ...871bfebe7f0d26ac27f17cb57d6f.000003ed.honggfuzz.cov | Bin 1005 -> 0 bytes ...c7c3e46ad0427217556b3b43d5c4.0000ffff.honggfuzz.cov | Bin 0 -> 65535 bytes ...c0773e0c878768fd89f6ed98a552.0000014e.honggfuzz.cov | Bin 0 -> 334 bytes ...4a427768375524c3c19193c81f28.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...79f6f42b316f9ffb328099b50644.000000b4.honggfuzz.cov | Bin 180 -> 0 bytes ...9822fca7f772601a95c3076a98ce.00001be6.honggfuzz.cov | Bin 0 -> 7142 bytes ...57b2bda433ff3476385a3b3b15d5.0000010f.honggfuzz.cov | Bin 0 -> 271 bytes ...5cacf3479ea6afedaead6aa8494b.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...9ce84e904b5a85a6d6fad3fb58a3.00000fd7.honggfuzz.cov | Bin 4055 -> 0 bytes ...d53b5cb290365b3984b6e6dc8bbe.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...85fbd11dbc7bb6d68ee2c6a2a573.00000f92.honggfuzz.cov | Bin 3986 -> 0 bytes ...00ba348df8134444c86c7369b757.00000119.honggfuzz.cov | Bin 0 -> 281 bytes ...040dcc49ffcba0c43a7b72639005.000005d0.honggfuzz.cov | Bin 1488 -> 0 bytes ...14b167c9a86f277c5238f8190eb5.0000005d.honggfuzz.cov | Bin 93 -> 0 bytes ...5a0894ba6651cfb50447fb5bfa8c.00013e4f.honggfuzz.cov | Bin 0 -> 81487 bytes ...bc0ec3d2f1638cc5ab4f7031130a.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...235e545d3d9eb6587312a2dafeb1.0001c2ad.honggfuzz.cov | Bin 115373 -> 0 bytes ...29fbac4e066c51920024f5458ac8.00001eeb.honggfuzz.cov | Bin 7915 -> 0 bytes ...a5c5b4a770e860f0b009b4a1bfc3.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...10da7fd521db9c0c4922bc5987d8.00000039.honggfuzz.cov | Bin 0 -> 57 bytes ...2df31b1148b879f1dd2090fbe82b.000011c6.honggfuzz.cov | Bin 4550 -> 0 bytes ...a7c1b9aebec5258096e66df76c36.0000023f.honggfuzz.cov | Bin 575 -> 0 bytes ...95c9352e37229810a958cca6221d.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...ecbdde788defd1524ae406f62a5d.000019fe.honggfuzz.cov | Bin 0 -> 6654 bytes ...2b439fc94f33550c029592ecd4df.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...e993e07a7f838bcb92a7a58fb5fd.00000288.honggfuzz.cov | Bin 648 -> 0 bytes ...d8b1ce158a59481bb4b9e706f297.00000096.honggfuzz.cov | Bin 150 -> 0 bytes ...1868b1e1394c53b15c8d2f8bfda2.000001ae.honggfuzz.cov | Bin 430 -> 0 bytes ...ed6117c82bdc3606c5352f442714.0000005c.honggfuzz.cov | Bin 92 -> 0 bytes ...dab2c43435106039523416b91ade.0000010e.honggfuzz.cov | Bin 0 -> 270 bytes ...aaa06946f0fdfcd2ed47df2fbd82.00000040.honggfuzz.cov | Bin 64 -> 0 bytes ...74bb8e51c790ccbb525f2b90950b.000000d9.honggfuzz.cov | Bin 0 -> 217 bytes ...8dad213d1553c714aa72490f90c3.00004c84.honggfuzz.cov | Bin 19588 -> 0 bytes ...06826120ce4c09ce02c2ee61c04d.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...cceede47b3660b0e466512cfcc43.00000126.honggfuzz.cov | Bin 294 -> 0 bytes ...7f66e3f52235f42ffab93611b269.0000107c.honggfuzz.cov | Bin 4220 -> 0 bytes ...823b99eec750063f12aaf2d90805.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...d91bf1e964c9ed0c69684cbfb421.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...9a755d80741e94a5c549459ebffd.000000f9.honggfuzz.cov | Bin 0 -> 249 bytes ...deba2a221b1b1b53770526aed19b.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...3547d48db9adfed968f859d0ee23.000001e3.honggfuzz.cov | Bin 0 -> 483 bytes ...46a2cfb3694169cb24a1aa880abd.00000020.honggfuzz.cov | Bin 32 -> 0 bytes ...1a0fba2f1c36f86cbd4fd81d7725.0000053b.honggfuzz.cov | Bin 0 -> 1339 bytes ...565159586c06f829e591905556a8.00000096.honggfuzz.cov | Bin 0 -> 150 bytes ...9c61829eabcbb0339cd8c72f5b1e.00000d02.honggfuzz.cov | Bin 3330 -> 0 bytes ...f482f6ed039920120dd624e5511a.0000db22.honggfuzz.cov | Bin 56098 -> 0 bytes ...eaa49fd26675ec09ebbda2325d8d.0000030b.honggfuzz.cov | Bin 0 -> 779 bytes ...a649f80a5f510e5d191900b730b4.0000010f.honggfuzz.cov | Bin 0 -> 271 bytes ...0dd26aafef49c83b15327009e75d.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...23f8c7759a7ec05c7123c5db9e0f.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...c8db4a868f052cf719e17fad017d.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...72de62eaa73ba7876fae68760f80.00001a4a.honggfuzz.cov | Bin 0 -> 6730 bytes ...9e64dcfb2c7efc12da4aff0867c9.0000015c.honggfuzz.cov | Bin 348 -> 0 bytes ...6ef9b2fbc11a8cafbe851b7ad187.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...8d1e2120cececa918d5bf9e2be11.000101c9.honggfuzz.cov | Bin 0 -> 65993 bytes ...08cc1a8c807a39a034866d739a66.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...358861caebe4d8f87ca29a8ad404.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...3b127d7f14883e52edd79a4ac2a6.000002b5.honggfuzz.cov | Bin 693 -> 0 bytes ...8136fc8b09dc2405adf656f73b7f.00001620.honggfuzz.cov | Bin 0 -> 5664 bytes ...de3913ba935cecfce3ed70982e7c.00000e0d.honggfuzz.cov | Bin 3597 -> 0 bytes ...8d978ad0c60649559277efa32486.00002000.honggfuzz.cov | Bin 8192 -> 0 bytes ...460868677a9cbfa6c9ce034b28ca.00000094.honggfuzz.cov | Bin 148 -> 0 bytes ...ce5f2c8c8c196e6dcc64bc7b89b4.0000e399.honggfuzz.cov | Bin 58265 -> 0 bytes ...9f8baaf627e8cc35085a1e868e71.000003a2.honggfuzz.cov | Bin 0 -> 930 bytes ...4975097a00fcdfcb641062c0e9b3.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...8c809aecdd2158ee6ee2d92a55f0.00077c14.honggfuzz.cov | Bin 490516 -> 0 bytes ...3e7bc34aeb9fde78e4d83f330e7f.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...3f73a17e80b877dcc5b923d3f9ec.000000ab.honggfuzz.cov | Bin 171 -> 0 bytes ...d25908af22e539b4e196816f3303.000002d0.honggfuzz.cov | Bin 720 -> 0 bytes ...ecc97b9870f444881dfcb0090358.0000d7be.honggfuzz.cov | Bin 0 -> 55230 bytes ...efa2cdd05d4e6dbc6a05e22b43bd.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...903bdc5e2bf9c9f718841797ecf4.0000f0b4.honggfuzz.cov | Bin 61620 -> 0 bytes ...ce6eeb14ccd1325b4253a0ee4a6f.00000020.honggfuzz.cov | Bin 32 -> 0 bytes ...76480c8737910b49cc0ab3e20cd4.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...d546963cb75dce7b6d991f4e1e64.00000094.honggfuzz.cov | Bin 148 -> 0 bytes ...04cbfcbd333e4506efb3d96bdcf5.000003cc.honggfuzz.cov | Bin 972 -> 0 bytes ...1309f15c48586ff9ba6cacf8b183.000000d7.honggfuzz.cov | Bin 215 -> 0 bytes ...659c89e1ab6e74391e4bbe66a7e5.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...d895ac6c23518941f8803464addf.00003a0b.honggfuzz.cov | Bin 14859 -> 0 bytes ...c7dda72036d80ac3566d6d025e08.0000e43b.honggfuzz.cov | Bin 58427 -> 0 bytes ...49667340431a603be44cc5f73031.00000037.honggfuzz.cov | Bin 0 -> 55 bytes ...ebc299f4338397a26032279d0632.0000001d.honggfuzz.cov | Bin 29 -> 0 bytes ...b4d3e2d77beff7915e7beee64826.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...1765ad4273a29c198ee6f8b6e28d.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...ae2a12a57f469c6e44cc4b52cdb3.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...9527e76a93a5875ac6764f391c09.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...70a1fe83b9f43ef07f7ab4a84d88.0006071f.honggfuzz.cov | Bin 395039 -> 0 bytes ...a1f7adb0d323bca16b04b306466b.000012a3.honggfuzz.cov | Bin 0 -> 4771 bytes ...21ccb1569b70cb15ebe7aa9f285b.000003f3.honggfuzz.cov | Bin 0 -> 1011 bytes ...7e466d8392dffd9a6fa19e9bec97.0000a1aa.honggfuzz.cov | Bin 0 -> 41386 bytes ...9545ea316f7581e79299c7d6b11b.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...032a093b8b898258a3326da9eb44.00003037.honggfuzz.cov | Bin 12343 -> 0 bytes ...5ce71ca8fb0ab32ce90c8f9960c8.0000c006.honggfuzz.cov | Bin 49158 -> 0 bytes ...e296671ebedf643388072c915575.00000200.honggfuzz.cov | Bin 0 -> 512 bytes ...e80a2265bb1b49956173c79c28b1.00002272.honggfuzz.cov | Bin 0 -> 8818 bytes ...3e33be9646859e6963f0d8c98e03.00001f4c.honggfuzz.cov | Bin 0 -> 8012 bytes ...5c3b22e190ea85e4a0df1737844c.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...0c8772b53b8d8d5d9dbb7f6eb637.000001b0.honggfuzz.cov | Bin 432 -> 0 bytes ...599ead00696f6ab0854fe422135d.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...7b5c65700009c2c0afb56c1326ca.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...a3fb52d61a554eba4219cd88e5e4.0000bcd6.honggfuzz.cov | Bin 0 -> 48342 bytes ...bc3b54117c1147eb6a3cb8571fa6.00000359.honggfuzz.cov | Bin 857 -> 0 bytes ...1545270ffaf17b22e19d60acabf9.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...687e1e5d4e83b5a403000d41bd73.00001616.honggfuzz.cov | Bin 0 -> 5654 bytes ...7d28f0247402306b637beb3cd061.00000288.honggfuzz.cov | Bin 648 -> 0 bytes ...040a1eb2538e17a0ee68d325149f.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...59b4ca3f16e9bde4c822e4d5b957.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...35a2abd56c328e4a99d06d205df2.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...70da93cb529cd01efbdae53f186a.0000ba11.honggfuzz.cov | Bin 47633 -> 0 bytes ...28ccb8f4a6557dc30e216b353524.000000be.honggfuzz.cov | Bin 0 -> 190 bytes ...6c5a323c478bddad1bb5369365b7.00000023.honggfuzz.cov | Bin 0 -> 35 bytes ...10b3ec6abecbe53bb4d2f62ad2a0.0000f77d.honggfuzz.cov | Bin 63357 -> 0 bytes ...fef554c20fbdcc9911b652a0b4f8.00000517.honggfuzz.cov | Bin 0 -> 1303 bytes ...e7caa4cab8ff8ba933c62d57ed3b.00000226.honggfuzz.cov | Bin 0 -> 550 bytes ...21091370538c255186803c894e5b.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...5ec260c5fd3092949b7bd92fbf58.00000200.honggfuzz.cov | Bin 0 -> 512 bytes ...503c056cb8d216b9bba372752653.00000b91.honggfuzz.cov | Bin 0 -> 2961 bytes ...df8fed1fdf12a87918c214c4806a.000000f9.honggfuzz.cov | Bin 0 -> 249 bytes ...9cb6f1d30ae6a969985d11cbba49.00000dc6.honggfuzz.cov | Bin 3526 -> 0 bytes ...d9a59a44ff6d17a1dc8e4b910797.00000086.honggfuzz.cov | Bin 134 -> 0 bytes ...3923bdd5200b5500926379e4605a.00000b86.honggfuzz.cov | Bin 2950 -> 0 bytes ...017fe14356458b94ab873f6bd8cf.000001cf.honggfuzz.cov | Bin 0 -> 463 bytes ...4b58834856c8686041e806297959.0000004c.honggfuzz.cov | Bin 76 -> 0 bytes ...1ee63a79b73ce10845cb17da2508.00000318.honggfuzz.cov | Bin 792 -> 0 bytes ...173370fe97b7bbd6fcbb33806b7b.000000f7.honggfuzz.cov | Bin 0 -> 247 bytes ...ff827dd1f5c1fcc1f1b08fbe8ac9.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...d530c015f9eb501386c36410deeb.00016340.honggfuzz.cov | Bin 90944 -> 0 bytes ...dbd91f664538332e77f8dbca3dc7.0001e145.honggfuzz.cov | Bin 123205 -> 0 bytes ...c5ec79a91a192e6d9db7aab7bae2.000001b0.honggfuzz.cov | Bin 432 -> 0 bytes ...12c2e347b5b0e731185be39b1b06.00000037.honggfuzz.cov | Bin 55 -> 0 bytes ...f8cd4a90cfe051a3b54f70264239.00000c2e.honggfuzz.cov | Bin 3118 -> 0 bytes ...cc557f0897df1a9dc490071a88a1.00000200.honggfuzz.cov | Bin 0 -> 512 bytes ...76d5011db4ade5828833da4f2065.00002710.honggfuzz.cov | Bin 0 -> 10000 bytes ...aa20c62228babae0061650de2911.000001bd.honggfuzz.cov | Bin 0 -> 445 bytes ...0637c6d08d0e160c2d7bebdb7896.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...5dc91ec9d9baa40725d4ae86d310.00002000.honggfuzz.cov | Bin 8192 -> 0 bytes ...ac3ca5ac017a33e66b4aa945fc54.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...be8168b4359c4d6a2628605d9d42.0000001d.honggfuzz.cov | Bin 0 -> 29 bytes ...6d5836b26e66c43d4a5fdbaf78f1.00000086.honggfuzz.cov | Bin 134 -> 0 bytes ...ba4612299409392a1e3ce9efd845.00016ced.honggfuzz.cov | Bin 93421 -> 0 bytes ...d2bfa3786c0294d437bdc6909ec1.00002000.honggfuzz.cov | Bin 0 -> 8192 bytes ...3285bce6b8d42c362b14102ff2ba.00018619.honggfuzz.cov | Bin 99865 -> 0 bytes ...1dddbc44f5ae5a61e55ee1d0ef51.000063a4.honggfuzz.cov | Bin 25508 -> 0 bytes ...ac4dcda61fcaa94bf2dd38398b4e.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...de865a77188ae78dddb7f9ebc872.0000021f.honggfuzz.cov | Bin 543 -> 0 bytes ...774af62ad91abdedf30a5489a8ca.0000022b.honggfuzz.cov | Bin 555 -> 0 bytes ...f4a0763a8b7ef2dd744b80479f86.00000175.honggfuzz.cov | Bin 0 -> 373 bytes ...76133776e945d3dc85ffdda35185.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...b900ab238467a0c0c23376fac25c.00000210.honggfuzz.cov | Bin 0 -> 528 bytes ...a8c0ec7a66bdac6896ccd0acb14f.0001000b.honggfuzz.cov | Bin 0 -> 65547 bytes ...f0ec9fa1484c3dd66e0156ce2554.000000d9.honggfuzz.cov | Bin 0 -> 217 bytes ...77fec6be6293f70ed2e5612c9716.000105b8.honggfuzz.cov | Bin 0 -> 67000 bytes ...4ab56584b4d2a0b9573eb67820d2.0000012e.honggfuzz.cov | Bin 0 -> 302 bytes ...3bb44b637c89c66ef100b8695ddb.00000083.honggfuzz.cov | Bin 131 -> 0 bytes ...b89c20934b04c2bf95f8ecd1b6ac.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...a596e577222c865c13a0bb85047b.000000f9.honggfuzz.cov | Bin 0 -> 249 bytes ...d1ec72a1a699e820e62f59322a04.00000110.honggfuzz.cov | Bin 0 -> 272 bytes ...1fad240336449a58b5af97548e62.000002a7.honggfuzz.cov | Bin 0 -> 679 bytes ...9a616f8fb966a2e10578da44c125.00000042.honggfuzz.cov | Bin 66 -> 0 bytes ...aab1ef8fb966a1f1a9c7da44698d.00000042.honggfuzz.cov | Bin 0 -> 66 bytes ...026af2b87ac48894e4fd7430cb8f.00000017.honggfuzz.cov | Bin 0 -> 23 bytes ...95729383ba480da2f85e80036cb6.00000049.honggfuzz.cov | Bin 0 -> 73 bytes ...f66c1d17a7ceb4804cc654085250.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...0eb91b28e455c03fa1f496019c6a.0004d423.honggfuzz.cov | Bin 316451 -> 0 bytes ...a58f91fe107685f79af2a91ffb18.00000041.honggfuzz.cov | Bin 0 -> 65 bytes ...1e83a39746dadfdea9704b59692e.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...d36edb6a29520bf6339c23bd0e11.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...240ef10e8919ce54e9ec3f4423e0.0000005c.honggfuzz.cov | Bin 0 -> 92 bytes ...948b9439e1e9a42cd25cb1820a92.00000206.honggfuzz.cov | Bin 0 -> 518 bytes ...5fb941b81c6e23e5c71f9a462f87.0000ba65.honggfuzz.cov | Bin 47717 -> 0 bytes ...15fc99f56b1f15f50ba6da868586.0000003b.honggfuzz.cov | Bin 0 -> 59 bytes ...96994d9e8d130e73a2ee600cda25.0000007a.honggfuzz.cov | Bin 122 -> 0 bytes ...47a8039f14881d4504bd4e3ecf3a.00000076.honggfuzz.cov | Bin 0 -> 118 bytes ...6c2bbf18b2e867c8ee137151011a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...70c044eda9b6574b880bfc107e16.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...079712bfb0886adcd1cca75e6c0a.0000eb12.honggfuzz.cov | Bin 60178 -> 0 bytes ...f817b8f167e4d05ba08c8202eab6.00000042.honggfuzz.cov | Bin 66 -> 0 bytes ...f237eb74fc5c4bc190faf11b2d6c.00000216.honggfuzz.cov | Bin 0 -> 534 bytes ...35285c414f1325733b870cabbb97.00000100.honggfuzz.cov | Bin 256 -> 0 bytes ...98885427b71f95b66cc83c8c1749.0000004b.honggfuzz.cov | Bin 0 -> 75 bytes ...98928ee7b71fd1b678dc3c8c1752.0000004b.honggfuzz.cov | Bin 75 -> 0 bytes ...c9bbbb19036fc66e8aada680b58e.00000bfa.honggfuzz.cov | Bin 3066 -> 0 bytes ...3983c75b7c946bb39ddfecb2d8f3.00001413.honggfuzz.cov | Bin 0 -> 5139 bytes ...0d4932e719a94eff1df0b7aa03b8.00000041.honggfuzz.cov | Bin 0 -> 65 bytes ...3e08ddac030dd8fad092af33d0ce.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...0ec894b4b5b4d27c2dc36bfef15e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...fb8ab9f4d37c7d54cec834b1cad8.00000458.honggfuzz.cov | Bin 0 -> 1112 bytes ...6751a1444d5989ecf08f6d486253.00000020.honggfuzz.cov | Bin 0 -> 32 bytes ...87c22447fe487e1b793ec1d2b395.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...c2751df92050055841638ff6d26c.00000291.honggfuzz.cov | Bin 657 -> 0 bytes ...3951ab225c861ec8eb0a92257ff6.000014e4.honggfuzz.cov | Bin 0 -> 5348 bytes ...208179dbf5916e089caa57666a73.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6ff821ce9fd7f6262a3b5d8c3250.00001a79.honggfuzz.cov | Bin 0 -> 6777 bytes ...6643e77bcaaeb96247f173c16ce6.0000025b.honggfuzz.cov | Bin 0 -> 603 bytes ...2d4f28c02fa19138b07892d76c60.00010566.honggfuzz.cov | Bin 66918 -> 0 bytes ...76b149e5d1eeb42a29fc2b1cf0e9.00000208.honggfuzz.cov | Bin 520 -> 0 bytes ...f36535dee8e0d4a47489ba55595e.00000c08.honggfuzz.cov | Bin 0 -> 3080 bytes ...36f711471f5d23353cf0d8fbb608.00000081.honggfuzz.cov | Bin 129 -> 0 bytes ...4181183e330e549eb3550bca21cd.000000b1.honggfuzz.cov | Bin 0 -> 177 bytes ...662904254d6e489d750e3b7a9297.000000d4.honggfuzz.cov | Bin 212 -> 0 bytes ...99428ab1ea83b31dbbaf91b21a43.00000c71.honggfuzz.cov | Bin 0 -> 3185 bytes ...0edf1a3aae2aa9ff9ce7f0a3a813.000000c7.honggfuzz.cov | Bin 199 -> 0 bytes ...469303db389e4abfa947b2aa42ed.0000001a.honggfuzz.cov | Bin 0 -> 26 bytes ...dc4c82ff8806bd67b05995354db8.00011f85.honggfuzz.cov | Bin 73605 -> 0 bytes ...a6ee87a764fdbb599c19e4d4bcf8.000069e6.honggfuzz.cov | Bin 27110 -> 0 bytes ...36e07d1975400a1c3acedd063c0e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...4856366b923c6d48ddcae1e6825d.00001350.honggfuzz.cov | Bin 4944 -> 0 bytes ...475a3634268ab8b8906fc88e07ab.00000233.honggfuzz.cov | Bin 563 -> 0 bytes ...e4cb8896bf4912f908950d789a7a.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e665048cff95d178de5be40dfeb2.0000d5a9.honggfuzz.cov | Bin 54697 -> 0 bytes ...f617c1f3a82aa25f9630fbd6dc40.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...2652b41b68494fa80f9748925741.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...644a5a9b34351ee16fdbb504de55.00001be6.honggfuzz.cov | Bin 7142 -> 0 bytes ...793f1de534c06076206508be80c7.00001057.honggfuzz.cov | Bin 4183 -> 0 bytes ...0236c743eafe1a72e8e974a6647f.00000081.honggfuzz.cov | Bin 129 -> 0 bytes ...1fbcf16adc64b47a6ff636dccf5b.000001db.honggfuzz.cov | Bin 0 -> 475 bytes ...90c2ea56655ce290bd5140333aba.0000f785.honggfuzz.cov | Bin 0 -> 63365 bytes ...c900eb006e99be9fb96b60dd14be.00000eb8.honggfuzz.cov | Bin 3768 -> 0 bytes ...8cad5cb1666d0a02e0eb27c5cafb.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...97b4f11ee86241ffb5bc742be6f8.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...a7d35e8812f96ed1dd24be1c5b5e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...82468d4c2bb516c3880eb571b629.00009303.honggfuzz.cov | Bin 37635 -> 0 bytes ...840ac8c09bddfd44bdeaf3a04732.00000089.honggfuzz.cov | Bin 137 -> 0 bytes ...5cb4ba67acdefa4635e3ef287022.0000010f.honggfuzz.cov | Bin 0 -> 271 bytes ...f4ad565a0a5708647943feea2a4e.000004e9.honggfuzz.cov | Bin 0 -> 1257 bytes ...000000000000e790000000000000.00000001.honggfuzz.cov | 1 + ...90dfe77e053a6c2cb4e304b52f76.00000389.honggfuzz.cov | Bin 0 -> 905 bytes ...9f5015837df9b384b3d75f9f4339.000000a6.honggfuzz.cov | Bin 0 -> 166 bytes ...22070adc31fb43e9fe67553b3e1b.00000084.honggfuzz.cov | Bin 0 -> 132 bytes ...36edf09a420ed1ac527e4f7bb0ff.0000c5fb.honggfuzz.cov | Bin 0 -> 50683 bytes ...0885ffd4891123b0f1caab581e79.000000db.honggfuzz.cov | Bin 219 -> 0 bytes ...7fcf82ef74362678d931b3c01c69.0000006c.honggfuzz.cov | Bin 108 -> 0 bytes ...a40a1b87f9110924286e8eaec056.000000db.honggfuzz.cov | Bin 219 -> 0 bytes ...296dc0578b6f2d56eec89e724cde.00000dab.honggfuzz.cov | Bin 3499 -> 0 bytes ...a4f90d9ef23e8ec904affce7412d.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...565b75f09080ffdb323ffb4b58e7.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...2693f32986e917121697b1eca21f.0000323f.honggfuzz.cov | Bin 12863 -> 0 bytes ...b3698449254387374517d2044a62.000070f7.honggfuzz.cov | Bin 28919 -> 0 bytes ...7a48dd99528181b1bbc367abeb53.00000181.honggfuzz.cov | Bin 385 -> 0 bytes ...6866c0b9d594cf2e4a990ea878c5.000000ba.honggfuzz.cov | Bin 186 -> 0 bytes ...7e806fc2c5eeb31da22e70735948.0000d83a.honggfuzz.cov | Bin 55354 -> 0 bytes ...800c8a3cde6e0e2f96643e7713fb.00000402.honggfuzz.cov | Bin 0 -> 1026 bytes ...03c1e3e984d517c4e877d77c771f.00000c1d.honggfuzz.cov | Bin 3101 -> 0 bytes ...2e18577c612f0e9e16d376bfb4e0.00000280.honggfuzz.cov | Bin 0 -> 640 bytes ...fa5fc4a80d64454b5368671f3c68.00000127.honggfuzz.cov | Bin 295 -> 0 bytes ...c86a48be60f03d06cb7d57afdbdf.000000c7.honggfuzz.cov | Bin 0 -> 199 bytes ...7f0f90fb97b2fc961df4329df815.0000083d.honggfuzz.cov | Bin 2109 -> 0 bytes ...4feb4a157f319e6dc037adf9a36b.0001c109.honggfuzz.cov | Bin 114953 -> 0 bytes ...15caf8bbbecb544a46ffcfb4f1bf.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c7229e934969da0028b8b96c4cef.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...a65787a6dc39601800e35cee2c58.00010cd8.honggfuzz.cov | Bin 68824 -> 0 bytes ...b7ee33dff52a44fa05441355b9a6.00005bea.honggfuzz.cov | Bin 0 -> 23530 bytes ...dbea72d357d454af3f854c51d191.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...9255f54d516be932fefd86915d09.000000ac.honggfuzz.cov | Bin 172 -> 0 bytes ...fba7d173117ce4b36355e384e802.00000239.honggfuzz.cov | Bin 569 -> 0 bytes ...b58f7bfd7670c69fcbd0653bd85e.0000006c.honggfuzz.cov | Bin 108 -> 0 bytes ...aedd13792a40ae7fe257c1191840.000003ab.honggfuzz.cov | Bin 939 -> 0 bytes ...4fb8effe1dbc1e9fb043474f6229.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...0742310c5a4f3d4c54c1bf2b09c6.00017ac6.honggfuzz.cov | Bin 96966 -> 0 bytes ...32491f5f32995ec87572d62e8958.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...fe631da633b8b45ffb60260608f7.000000ba.honggfuzz.cov | Bin 186 -> 0 bytes ...dbb3a3f606cc620f810b0f7fe4c3.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...b88d907ec07873c49e47c5359e6e.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...faaf7d0090c6910be83837e4b384.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...8ec2a81fa5818e67b85b65be6d05.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...7b84daf825b55da104e9f2a0ba40.0000003e.honggfuzz.cov | Bin 62 -> 0 bytes ...8841ec9bb08b55dd067d8cfd0c51.000024bd.honggfuzz.cov | Bin 9405 -> 0 bytes ...28f0b3f6c42b9a452ff31e0b896e.000000e1.honggfuzz.cov | Bin 0 -> 225 bytes ...21bab4f4b79f9cf02b946b740f52.0000004c.honggfuzz.cov | Bin 76 -> 0 bytes ...cf4c8ea1fce8876dfa7915e6876f.00000233.honggfuzz.cov | Bin 0 -> 563 bytes ...94374ce3e4e970536c6ccd8103f9.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...76728cee48756a4b279e60cd2d69.00000941.honggfuzz.cov | Bin 0 -> 2369 bytes ...1aa3e5e1d4ded7d7dd64a5899e93.00018619.honggfuzz.cov | Bin 99865 -> 0 bytes ...7ff6bb647d9a716316e7e17af54f.0000e4af.honggfuzz.cov | Bin 58543 -> 0 bytes ...f64980fd3649eaa0e1c807e103d9.0000033e.honggfuzz.cov | Bin 0 -> 830 bytes ...30ae8361135f69415994cadcd195.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6b8e474519216eb44dc90e9a43a0.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...92aa8cc1975311fa8ab16102bf17.000001db.honggfuzz.cov | Bin 475 -> 0 bytes ...567c6ae1e112aa469b4fa7f42746.00000200.honggfuzz.cov | Bin 0 -> 512 bytes ...f932bd3135957d4efc1ddbd48d53.0000004c.honggfuzz.cov | Bin 76 -> 0 bytes ...2f644de7f54893736d37b9a0798e.0000010e.honggfuzz.cov | Bin 0 -> 270 bytes ...83b8d6c73c1cc3d8831ed04f472e.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...cf4d5cc73c1cbb89c04c8b4f472c.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...470b25c04bf57db65925e888e1d8.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c1fffa372c37f3487def01971114.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...206601d50ba0628852b8e54ed169.00000593.honggfuzz.cov | Bin 1427 -> 0 bytes ...551cacf2cabf009b8cc4d3cc1db8.000000f7.honggfuzz.cov | Bin 0 -> 247 bytes ...d873a2b4bbfdf4664cc60e45ab18.0000609b.honggfuzz.cov | Bin 24731 -> 0 bytes ...24ed9c45b209d5c15a96529b9ece.0000ffe1.honggfuzz.cov | Bin 0 -> 65505 bytes ...ee4e6f4a4b98d596646251532c58.0000025b.honggfuzz.cov | Bin 0 -> 603 bytes ...12b0ddd3a653a5c2ae12c752bf5d.00014294.honggfuzz.cov | Bin 82580 -> 0 bytes ...0e486861d9992fa9294b52c66f95.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...cb99403f1ebcad1c2c0553e1762a.00001327.honggfuzz.cov | Bin 0 -> 4903 bytes ...b7bc83630416810c163abf0a89f8.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...d4e389d7062eebab11854a152c9a.000000b6.honggfuzz.cov | Bin 182 -> 0 bytes ...301c527322f552294cc7367cb4b9.00001408.honggfuzz.cov | Bin 0 -> 5128 bytes ...c434c076c95ca965692931fd43ae.00000072.honggfuzz.cov | Bin 0 -> 114 bytes ...ef401127a321fee32e68365f3eb7.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...b1e415ecb5899b1f9d56aead7e31.000000dc.honggfuzz.cov | Bin 220 -> 0 bytes ...daa088da0cf624bcf08abec81738.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...4f11c03259f1728691edeed910ac.00000048.honggfuzz.cov | Bin 72 -> 0 bytes ...6f191e0e9df34d1a3b4cba231bf3.000399a6.honggfuzz.cov | Bin 235942 -> 0 bytes ...f86532b0f20b64369a4e05ffd408.000000c6.honggfuzz.cov | Bin 198 -> 0 bytes ...a7169c22fc84b2c08ebdb53b1945.000018a9.honggfuzz.cov | Bin 6313 -> 0 bytes ...ee63e1c515beb7a82f3d9e91c525.0001ecf3.honggfuzz.cov | Bin 126195 -> 0 bytes ...9fd46e1b12b0108539ec3bf65866.000000a6.honggfuzz.cov | Bin 166 -> 0 bytes ...3e48b3d245f26c73f1061faa80a7.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...93f94cb6413604aafc8f98a7a7c7.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c7ccd9a2c437a6bebe0db4ba7bf0.0000d87d.honggfuzz.cov | Bin 55421 -> 0 bytes ...e4bcbf158e97a2bdbdc76bcc5dba.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6884cfab97eec1487fe97ab98af6.000016c8.honggfuzz.cov | Bin 5832 -> 0 bytes ...f7da1060f20bab2149e6008d840c.00019216.honggfuzz.cov | Bin 102934 -> 0 bytes ...e97646ead7953202d47ec3703144.0000002c.honggfuzz.cov | Bin 44 -> 0 bytes ...426b73390bbd42f1dbd1fb36c5f9.00000026.honggfuzz.cov | Bin 38 -> 0 bytes ...1561aaaa772269709210088ce0b1.0000dba9.honggfuzz.cov | Bin 56233 -> 0 bytes ...ae25c01a4c195ba6697958969857.0000281a.honggfuzz.cov | Bin 0 -> 10266 bytes ...a2134b3b9b15418328e7be909a9d.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...98659460ac4bd2dd01f128205892.00002015.honggfuzz.cov | Bin 8213 -> 0 bytes ...fb2288a97a79c53e612318a9afae.0000018d.honggfuzz.cov | Bin 0 -> 397 bytes ...8d6bd1d9486cd139e0a9f712a246.000000de.honggfuzz.cov | Bin 0 -> 222 bytes ...0c909b838caa2f534699fd4ebaf2.00000091.honggfuzz.cov | Bin 145 -> 0 bytes ...f974930cd03c03e6d038cf3e8fb1.00000049.honggfuzz.cov | Bin 73 -> 0 bytes ...ea64cc8a9bfc069588aee93f12c5.00000048.honggfuzz.cov | Bin 72 -> 0 bytes ...0ebb6864ab28421862f358ba9ff1.0000554a.honggfuzz.cov | Bin 0 -> 21834 bytes ...7314a7f548c0d425f9be506b2a00.0000003c.honggfuzz.cov | Bin 0 -> 60 bytes ...a33027e7aaa19a5fb4baf58268d4.00000230.honggfuzz.cov | Bin 560 -> 0 bytes ...516b5326aaedb6a8f3372e0746df.000000ff.honggfuzz.cov | Bin 0 -> 255 bytes ...ced9d7716a3a53a44121ee0e2edf.000001e1.honggfuzz.cov | Bin 0 -> 481 bytes ...3d7032a411912dc26146267aa04a.00000187.honggfuzz.cov | Bin 0 -> 391 bytes ...7e64fa0fd9d3120dcc5d17c1d097.0000d3e3.honggfuzz.cov | Bin 54243 -> 0 bytes ...d35857e8bcdf075761887d911328.0000dfb5.honggfuzz.cov | Bin 57269 -> 0 bytes ...e5547f36251c2060c4523dcd5d4a.00000034.honggfuzz.cov | Bin 0 -> 52 bytes ...6739cac4781ab57f46dfee7a42a6.0000d20e.honggfuzz.cov | Bin 53774 -> 0 bytes ...1dfc92b0761f6f16b1c7cb89412e.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...ebacc409aa86f5d8fb7a5b2b1be4.000006a1.honggfuzz.cov | Bin 0 -> 1697 bytes ...3b405c42086a90b6b31e4ee5e8e1.000001b0.honggfuzz.cov | Bin 432 -> 0 bytes ...d2fe0ec6611db209e2912385e45e.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...dd65bc240319c532c349b2fcb7bd.000000f9.honggfuzz.cov | Bin 0 -> 249 bytes ...337c5592eeb4f5abf801c7228c05.000000a1.honggfuzz.cov | Bin 0 -> 161 bytes ...866071cf5b98a61f2e7b334d6f5f.0000005e.honggfuzz.cov | Bin 0 -> 94 bytes ...451a56123b384f58d9105f697d4a.0000004c.honggfuzz.cov | Bin 76 -> 0 bytes ...09ae2c782231e591602ff8c09247.00000081.honggfuzz.cov | Bin 129 -> 0 bytes ...328521315b0b35445afd91b49a75.00000101.honggfuzz.cov | Bin 0 -> 257 bytes ...5abe69951008f2170fb9f3552468.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...0de559b2ad45122f17cec605518f.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...1cae733e8718ccb0c18dbabe2249.00001cf2.honggfuzz.cov | Bin 0 -> 7410 bytes ...5d91eb56c783ecd7d82ed56af4dd.0000004f.honggfuzz.cov | Bin 79 -> 0 bytes ...312053c837fcda038dfdc1847f6a.000000b0.honggfuzz.cov | Bin 176 -> 0 bytes ...35775004fa6ece6dc502db93f0a1.00007b9b.honggfuzz.cov | Bin 31643 -> 0 bytes ...b25ddc98ffa9aea4acc630cbee9d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...5e16ff0b44e330eff66490115fe4.0000045a.honggfuzz.cov | Bin 0 -> 1114 bytes ...48c8db282b4237ea336e5cdf6bfc.00000400.honggfuzz.cov | Bin 0 -> 1024 bytes ...19208f03b548a0521615ff2c0794.00000173.honggfuzz.cov | Bin 371 -> 0 bytes ...879431b4eaf5a89d6626f20e4612.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6a2e1e19a0910253bc8b2b9390c4.0000016e.honggfuzz.cov | Bin 366 -> 0 bytes ...256bd845dfd4a57389d8afa91c7d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...d17fbb9160be65bfe9ffb8fbe324.000000f7.honggfuzz.cov | Bin 0 -> 247 bytes ...6338723709671a435e9c762ff574.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...bac30fe24c05cca6c6b2dc07f329.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...7543afecbcbaa1ff074deba97e82.00000123.honggfuzz.cov | Bin 291 -> 0 bytes ...591d980fd5502a6584bfd7c3e5b8.00000075.honggfuzz.cov | Bin 0 -> 117 bytes ...0f18ca6273c08b50a937b8c00f0d.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...eedff7d4f32a51583189dfd48fa0.000000c0.honggfuzz.cov | Bin 192 -> 0 bytes ...fa09473335c1ce239aa57a008ece.0000aae3.honggfuzz.cov | Bin 0 -> 43747 bytes ...5ae4ed2aa44b350dae46943467bf.00000b91.honggfuzz.cov | Bin 2961 -> 0 bytes ...77e268665f3ba32aaafc378fa1f4.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...221901fb7fe27c07ac2b64b28b5b.000008a2.honggfuzz.cov | Bin 2210 -> 0 bytes ...69caba98b346a7654ce2f0ecb588.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...57a610d3e86d1577a59414c9fddc.000096fd.honggfuzz.cov | Bin 38653 -> 0 bytes ...b16570e19a1358825f240191b5b8.0000023e.honggfuzz.cov | Bin 0 -> 574 bytes ...336d256b290d40ad3dbc4509b2f6.00003e92.honggfuzz.cov | Bin 16018 -> 0 bytes ...f986351a80ad5ead5f1d61bbaa31.00000f16.honggfuzz.cov | Bin 0 -> 3862 bytes ...1093bbb879b40b56f57a65cbd188.0000d7e3.honggfuzz.cov | Bin 0 -> 55267 bytes ...0e646642b0ac6fc36168417c954b.000004ff.honggfuzz.cov | Bin 0 -> 1279 bytes ...6c3818181339680b150ad2cba8e5.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...06d1092c30c29ce7387679856472.00000278.honggfuzz.cov | Bin 632 -> 0 bytes ...a1b59f55d7e9cccead99972fca78.000000e0.honggfuzz.cov | Bin 224 -> 0 bytes ...746109302b5d369b8954f1e1ceb5.00003984.honggfuzz.cov | Bin 0 -> 14724 bytes ...f8202f23e9f183bd2f10846cd249.00016b89.honggfuzz.cov | Bin 0 -> 93065 bytes ...bb8104876685cd824ddfd38881bb.00018619.honggfuzz.cov | Bin 99865 -> 0 bytes ...a995e634b923318893dd69bedfa1.0000004d.honggfuzz.cov | Bin 0 -> 77 bytes ...eb587f4f888f657d16a283225001.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...a64c7e3eeebaa1ff04d8957ed997.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...5bf4aa1aac01ad4ec4ccf58f1cab.0000838f.honggfuzz.cov | Bin 0 -> 33679 bytes ...31da30ac869b631147624147d6d1.00010001.honggfuzz.cov | Bin 65537 -> 0 bytes ...80f2b450b9676c28a06b36f2dcd3.00009fe6.honggfuzz.cov | Bin 40934 -> 0 bytes ...15430a3cd87b031df84c6a417366.0000149e.honggfuzz.cov | Bin 0 -> 5278 bytes ...ae3e4f4716be87d43650c6f76d5d.00000155.honggfuzz.cov | Bin 341 -> 0 bytes ...1a7c98d7bb07154e60d83840e9a0.000004df.honggfuzz.cov | Bin 1247 -> 0 bytes ...a3878fb73eb6b8db45c5bcda4cd5.0000007e.honggfuzz.cov | Bin 126 -> 0 bytes ...369e9587cd31f8ab24aaeca0ee2a.0000002b.honggfuzz.cov | Bin 0 -> 43 bytes ...db62091005add30023ebed06517e.00000042.honggfuzz.cov | Bin 0 -> 66 bytes ...75f1d06ce8a9211338e45b212ba4.0000017d.honggfuzz.cov | Bin 381 -> 0 bytes ...19966bc1baf890474643129ad296.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...04ba256e3c37aca0b22d970c3e1a.00000191.honggfuzz.cov | Bin 0 -> 401 bytes ...e4dab116e4d55a6600cea105a8fd.0000104a.honggfuzz.cov | Bin 4170 -> 0 bytes ...a48044f5e99a22eec4b1df61290e.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...343b33e5604e3485bb594553c0d6.00000c06.honggfuzz.cov | Bin 3078 -> 0 bytes ...e4db2c2db8f9292caf94af438bf8.00010394.honggfuzz.cov | Bin 66452 -> 0 bytes ...a16608edff47a8098a0a23b80f58.0000007e.honggfuzz.cov | Bin 0 -> 126 bytes ...e8cc4c4ffc00b3098e2341cc768b.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...2edeebcb401e6dc8a4896b37c4c5.00000132.honggfuzz.cov | Bin 0 -> 306 bytes ...c3589fe361215ee1553f43f00064.000000a0.honggfuzz.cov | Bin 0 -> 160 bytes ...89a5b5554ea67d4ec63d43d80008.00000038.honggfuzz.cov | Bin 0 -> 56 bytes ...fa645166ba4fe0193b53fb29dcd3.000001e7.honggfuzz.cov | Bin 0 -> 487 bytes ...b094378539d030e4aff3e225e03f.00001275.honggfuzz.cov | Bin 4725 -> 0 bytes ...e255f1d1fa436aa159b7e0941dcf.0000377a.honggfuzz.cov | Bin 0 -> 14202 bytes ...59aa0da7cc6c2d8bc43a6ab67f93.00000200.honggfuzz.cov | Bin 0 -> 512 bytes ...abcaa8a7a1a1645b1856d0242f76.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...32a0858e9837ee97565beac0abb6.0000109a.honggfuzz.cov | Bin 4250 -> 0 bytes ...73d0140efd30f9baa22a4987a813.00000051.honggfuzz.cov | Bin 0 -> 81 bytes ...c4950f5a492b9b8d915d3bb267fd.0000005c.honggfuzz.cov | Bin 92 -> 0 bytes ...b0918dc83c14ce7409101c89e3ec.000002ab.honggfuzz.cov | Bin 683 -> 0 bytes ...11c92d42126f75f4f4c1d5997809.0002297c.honggfuzz.cov | Bin 141692 -> 0 bytes ...4a051c2a9abb4a425d07cdb66942.000001c7.honggfuzz.cov | Bin 455 -> 0 bytes ...4fb57ccc866594589faaba05e1e6.000000f7.honggfuzz.cov | Bin 0 -> 247 bytes ...0a430169b575708fae0977a31375.000003ed.honggfuzz.cov | Bin 1005 -> 0 bytes ...1ef9a8e49592edc0766d97ba4555.00000175.honggfuzz.cov | Bin 373 -> 0 bytes ...c60765f2293b769ad3b994c84fd8.0000002d.honggfuzz.cov | Bin 0 -> 45 bytes ...c65625f2293b76f0151594c84fd8.0000002d.honggfuzz.cov | Bin 45 -> 0 bytes ...d75735f2293b76f008a294c84fd8.0000002d.honggfuzz.cov | Bin 0 -> 45 bytes ...df0b07d217ff50a7f031e0df47ec.000000a7.honggfuzz.cov | Bin 0 -> 167 bytes ...7f7cb95a89bfa47959d91e5d7355.00000085.honggfuzz.cov | Bin 0 -> 133 bytes ...b2f0e0a0ad3fb18a725e07f7d91a.00000d98.honggfuzz.cov | Bin 3480 -> 0 bytes ...b4953ce805e926293a3ce779ff37.000001e6.honggfuzz.cov | Bin 0 -> 486 bytes ...c4ef7df7f0d473eee269aee7e70a.0000bb6c.honggfuzz.cov | Bin 47980 -> 0 bytes ...065fbfeca4c61367c94755eaf841.0000298f.honggfuzz.cov | Bin 10639 -> 0 bytes ...796b2b98e92d31871c2396856909.00007f30.honggfuzz.cov | Bin 0 -> 32560 bytes ...f0410173785e9c332f1dfbbfb07d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...6f1a8e7e1e29a731292d57e245a9.00000e6e.honggfuzz.cov | Bin 3694 -> 0 bytes ...3142f11e419105f107d795e75acd.00000164.honggfuzz.cov | Bin 0 -> 356 bytes ...3db78d896936867cb29e7740fa94.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...03fd3976a1db3797a04cd2ba5089.000093ce.honggfuzz.cov | Bin 37838 -> 0 bytes ...1712445cd1bc46e3ba3929528583.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...fa2d7f0c340622a2c80101b1a2f4.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...e0cac2fc0c3c0c635982480b8f97.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...01bb5464967a23e4520ec29ae1db.00000181.honggfuzz.cov | Bin 385 -> 0 bytes ...135cfc81f35822ddb1d1437f69f4.00000129.honggfuzz.cov | Bin 0 -> 297 bytes ...ba82c44e352b1c3dba272825cbc1.00006f8e.honggfuzz.cov | Bin 28558 -> 0 bytes ...ce1c2c2322352014938644c0fcb3.0004dd7b.honggfuzz.cov | Bin 318843 -> 0 bytes ...4f96792253af939851d700e853c0.0000969b.honggfuzz.cov | Bin 38555 -> 0 bytes ...fb7695e3f7a8d92e3c00eea6b3b8.00001d3b.honggfuzz.cov | Bin 0 -> 7483 bytes ...bd8ce61eaf4ad35660cac9807ce3.0001d687.honggfuzz.cov | Bin 120455 -> 0 bytes ...a543f7256ac49983fe7ccf0893bc.0000150f.honggfuzz.cov | Bin 5391 -> 0 bytes ...11b6765c8cc822f7b4fd7133769b.000000ff.honggfuzz.cov | Bin 0 -> 255 bytes ...7854be7fc596dee59c52f46d144f.0000abd4.honggfuzz.cov | Bin 43988 -> 0 bytes ...a6738f0aa768848361ed0fbad7d1.00000018.honggfuzz.cov | Bin 24 -> 0 bytes ...089dd8032f2f7b0f91fb70249e08.000020e4.honggfuzz.cov | Bin 8420 -> 0 bytes ...9fb07da1a6434dd9a93ccc6cb2c8.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...89884b0188bdd4dd0dafbcdd0a29.00000094.honggfuzz.cov | Bin 148 -> 0 bytes ...e9cd5a6c423814662f4939b371b5.00000200.honggfuzz.cov | Bin 512 -> 0 bytes ...7d59d47482a104015659abd550a2.0000050d.honggfuzz.cov | Bin 0 -> 1293 bytes ...01a23e251148e6d8c9c999706098.0000247f.honggfuzz.cov | Bin 9343 -> 0 bytes ...874673189fc3c64b43bb270e67b2.00000137.honggfuzz.cov | Bin 0 -> 311 bytes ...59ea95aec7e5f887d801fda26139.000000ec.honggfuzz.cov | Bin 0 -> 236 bytes ...105840f1276413a4731a533826d7.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...ad46949b19e971f8bc2c02350911.0000040a.honggfuzz.cov | Bin 1034 -> 0 bytes ...00670de4c6a20e39af8f41bce45e.000002c6.honggfuzz.cov | Bin 710 -> 0 bytes ...943bb720ae6a8d3e1b41b120d4a2.000010c7.honggfuzz.cov | Bin 0 -> 4295 bytes ...8ab2484e26ead46d1da31105628e.0000793c.honggfuzz.cov | Bin 31036 -> 0 bytes ...a84dbe8d0726d94654e995e6f798.000022a3.honggfuzz.cov | Bin 0 -> 8867 bytes ...06b5dbacb681141410030101d9f1.000000c0.honggfuzz.cov | Bin 0 -> 192 bytes ...29f0ea8b0b02f171d5aafdb05e05.00000028.honggfuzz.cov | Bin 40 -> 0 bytes ...283d7953165bc6822b141a641c95.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...67e7a52feb6c6db6f55592adb7e2.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...c28da73049237aff6bbf57d74938.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...08c13390e729a5e5ffb03df48d3d.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...132bbff11340eeb065879b74223a.000000b1.honggfuzz.cov | Bin 0 -> 177 bytes ...94909c777978044ca0eda88dc199.00000104.honggfuzz.cov | Bin 0 -> 260 bytes ...82b2d04ba8bdcd58881b6b6d8a31.00000110.honggfuzz.cov | Bin 272 -> 0 bytes ...9e8d71d84a8ef89ffa1e92eb54eb.0001f7e8.honggfuzz.cov | Bin 0 -> 129000 bytes ...8f6bbbcd692b490421f3de60f00f.0000004d.honggfuzz.cov | Bin 0 -> 77 bytes ...5569f1acd42595414a9965492c8b.00008ec8.honggfuzz.cov | Bin 36552 -> 0 bytes ...3f5e4d252794c5036321e738c562.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...e42ca1c71bf68294080739592cba.00000181.honggfuzz.cov | Bin 385 -> 0 bytes ...6a7e37e36658c9dbf410e1240c4c.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...a402de884c3e414c9ca47c341f42.00000205.honggfuzz.cov | Bin 0 -> 517 bytes ...082c4f83534aeefb74f130eb53df.00000113.honggfuzz.cov | Bin 275 -> 0 bytes ...7d159c363aa2b2f7e3039a193537.0000eac3.honggfuzz.cov | Bin 60099 -> 0 bytes ...c1065acb8fb226c730b65446ead8.000000df.honggfuzz.cov | Bin 223 -> 0 bytes ...046093318646fd66d90f84ec7396.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...ed38742d0d8fd08b8f602e65dd52.000101d0.honggfuzz.cov | Bin 0 -> 66000 bytes ...33a5d99addbd65cfd5322ad0314c.000000b0.honggfuzz.cov | Bin 176 -> 0 bytes ...380f11097de2e72b2779339b99b8.0000f634.honggfuzz.cov | Bin 0 -> 63028 bytes ...d276685d3c59554ca2a4c2fc20ad.00000fa2.honggfuzz.cov | Bin 4002 -> 0 bytes ...7b628ef09b1e3afbc6264bb83363.00000e87.honggfuzz.cov | Bin 3719 -> 0 bytes ...e6f5cb9edac6174e596dec6f38df.000001b8.honggfuzz.cov | Bin 440 -> 0 bytes ...9df68a40f42f4c8dcd8e3f803499.000000be.honggfuzz.cov | Bin 190 -> 0 bytes ...df496ca9c95812896cd5c9e67a04.000017b0.honggfuzz.cov | Bin 0 -> 6064 bytes ...00fbec17cff60f4bdcf1e0f5233d.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...61e49e3f097bae421d2397228c32.0000056d.honggfuzz.cov | Bin 1389 -> 0 bytes ...5c5ebc931bb6551d0c46e583fc5a.00000119.honggfuzz.cov | Bin 0 -> 281 bytes ...457cd5e9d6830b4a014ce9678b33.000000c3.honggfuzz.cov | Bin 0 -> 195 bytes ...4f4cd15910d72b59c7311ddb5a00.00000113.honggfuzz.cov | Bin 275 -> 0 bytes ...2ee67ea16902fe2d5d094da0c0de.000000f7.honggfuzz.cov | Bin 247 -> 0 bytes ...2e4f866bc795c62ca90549498d99.00000317.honggfuzz.cov | Bin 791 -> 0 bytes ...3459be8e525b649a68f9f05f6c7a.0000005f.honggfuzz.cov | Bin 95 -> 0 bytes ...13b35e5f14d5c8a028a0999b2c3d.0000024f.honggfuzz.cov | Bin 591 -> 0 bytes ...befebf26d41fccadc09beba27f26.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...57ca18f22403c2af0cf041f43368.00000067.honggfuzz.cov | Bin 0 -> 103 bytes ...f828a85460ba3ff90b348344b176.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...91ae7bced45f1b070f9408c20fde.000000b8.honggfuzz.cov | Bin 0 -> 184 bytes ...9dafe85386facc9aa78317051ac1.0001bd8e.honggfuzz.cov | Bin 114062 -> 0 bytes ...34d90b64110eb354aaacbad3f5a2.00013ce0.honggfuzz.cov | Bin 0 -> 81120 bytes ...f08f9c54ed33be31e43f3c859026.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...3112e82960fe1304acf163a9fa1f.000004df.honggfuzz.cov | Bin 0 -> 1247 bytes ...8b19e48ccdd2eef84ba4b2d981de.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...52f3c04d593396e1f2e5688fbfc0.0000002f.honggfuzz.cov | Bin 0 -> 47 bytes ...1c196a001586f48266511a345371.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...1f471e3f3b66f3920c4af2407f87.00000096.honggfuzz.cov | Bin 150 -> 0 bytes ...d4ac40ee20e40549a5d61df888a8.00001bfb.honggfuzz.cov | Bin 7163 -> 0 bytes ...4f7c4ce2c9c4ff5eb550fc1a6388.00000080.honggfuzz.cov | Bin 0 -> 128 bytes ...3aad2a8ad8fd921d16d435804745.000001b1.honggfuzz.cov | Bin 0 -> 433 bytes ...1242fcb6b32294210ecc3ae07720.000000b2.honggfuzz.cov | Bin 0 -> 178 bytes ...547a43fb3a6a05cf13c2b4ebce06.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...9a138bfa54516e260e55e1a9ce74.00001142.honggfuzz.cov | Bin 4418 -> 0 bytes ...b543538eada195770eead539d558.00000085.honggfuzz.cov | Bin 133 -> 0 bytes ...5a256e80e897a7e6b166e9ec29be.000001b8.honggfuzz.cov | Bin 440 -> 0 bytes ...e5779ac66dcce0104d8f31b79d55.000000f9.honggfuzz.cov | Bin 249 -> 0 bytes ...f5e723de0a0bc08381324d0f9e22.00004e4b.honggfuzz.cov | Bin 20043 -> 0 bytes ...10b0472467895f6124b4cb6a7b6e.0000012f.honggfuzz.cov | Bin 303 -> 0 bytes ...ae759a08e4c402d8513c15c8ef8e.000022cc.honggfuzz.cov | Bin 8908 -> 0 bytes ...a8d0adf613424d42d25cef308e59.00000263.honggfuzz.cov | Bin 611 -> 0 bytes ...fb8f2a71231f925507a4f1a2fd22.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...1871839b02fd5e0082dfe0e1b046.000093c5.honggfuzz.cov | Bin 37829 -> 0 bytes ...720d902699e8ec6d7e24df090fc8.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...322d08cccee3c61b419854d2133c.00000bb8.honggfuzz.cov | Bin 0 -> 3000 bytes ...e787beca9b8e965316385cbf14c1.00020000.honggfuzz.cov | Bin 131072 -> 0 bytes ...6885c60456d39bca4d499ef5c6f3.00000400.honggfuzz.cov | Bin 1024 -> 0 bytes ...a39e44eb771d1bbb850c2d2c24dc.00000092.honggfuzz.cov | Bin 146 -> 0 bytes ...3b1caa43e741a0468960c69780a0.00000080.honggfuzz.cov | Bin 128 -> 0 bytes ...ce9e56996ef42fa16b2a0aeb1a3d.00000056.honggfuzz.cov | Bin 0 -> 86 bytes ...ac6135cb5be2bc759621a495a9ea.0000cd57.honggfuzz.cov | Bin 52567 -> 0 bytes ...b98b91efb3e1672ba4319e1424b9.0001153e.honggfuzz.cov | Bin 70974 -> 0 bytes ...88391895cb0d0e985919c2ed17a7.00000b33.honggfuzz.cov | Bin 0 -> 2867 bytes ...d302acebbbec6f9bf8d7e02e4a05.00000343.honggfuzz.cov | Bin 0 -> 835 bytes ...2b6d3051c4eac1ff0ded946693f4.00004f3a.honggfuzz.cov | Bin 0 -> 20282 bytes ...1cfe77fdfaaf1d2186547d679331.000713ab.honggfuzz.cov | Bin 463787 -> 0 bytes ...f78df5231e979de3a0d806b7d9a8.000000e0.honggfuzz.cov | Bin 0 -> 224 bytes ...c22de9a0e43c2a1bf125c222f988.00000085.honggfuzz.cov | Bin 133 -> 0 bytes 3176 files changed, 8 insertions(+), 4 deletions(-) create mode 100644 examples/bind/corpus/00000000016c87e0973c11b000000000.00000007.honggfuzz.cov delete mode 100644 examples/bind/corpus/00185cee2e16acb6dd8220b9abdade32.0001fabb.honggfuzz.cov create mode 100644 examples/bind/corpus/004cd8346486e4fc3376edca420c4f70.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/005856df0e0348abb829cb360bb03890.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/005c065362942dedcf16f957ce516f6b.0000090a.honggfuzz.cov delete mode 100644 examples/bind/corpus/006d38e4a56c2644ecc7e2314239203c.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/0075a250ec8d8e24071fec461d8db524.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/00833c160350d8acc52a0b4785ce153a.0000008b.honggfuzz.cov create mode 100644 examples/bind/corpus/00a1fdfcf3686e22ecd0ab99cb4495c8.00001107.honggfuzz.cov delete mode 100644 examples/bind/corpus/00c6602d60fe8da4594c750dfd2dbeec.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/00cf5c04078e1b783ea8c31a7236da05.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/00dabb4f6a765a937721f5c30db906bf.0000002b.honggfuzz.cov create mode 100644 examples/bind/corpus/00f56cc3d80000009027f9000000d800.0000000b.honggfuzz.cov delete mode 100644 examples/bind/corpus/0105fbacae172dfeb1a273216d2284a9.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/012bfd44645573c0fcbbf0d631e53924.00001b19.honggfuzz.cov delete mode 100644 examples/bind/corpus/0145002696cf4e1c65835f267400011f.0000000f.honggfuzz.cov create mode 100644 examples/bind/corpus/01485340feb13bc02306206c0411b006.0000000e.honggfuzz.cov delete mode 100644 examples/bind/corpus/016a65c28e6f56b44b36f6e4c25cc942.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/0174222e635e85976000f50a80a5b309.00001586.honggfuzz.cov delete mode 100644 examples/bind/corpus/0185ad61208b1b839c06102fddd6a552.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/019ec271bdfaecf37de413ee13e0d3e9.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/01b0000194e0f4c000014584b05491b0.0000000a.honggfuzz.cov delete mode 100644 examples/bind/corpus/01b0d88a32f5900065821af80001b000.00000006.honggfuzz.cov create mode 100644 examples/bind/corpus/01f15bb45e19f3982569beb11d7ef40e.0000015c.honggfuzz.cov create mode 100644 examples/bind/corpus/02276ef9b2f6411754a23e889b72d18a.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/02276ef9b2fbc1178cafbe889b7f518f.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/0233512da6e187e776cf3e16db8d6331.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/02411752993e0b12b737b88d85db6de5.00000967.honggfuzz.cov create mode 100644 examples/bind/corpus/0286da715da021d46db3bfa4cf0baa63.000003bd.honggfuzz.cov delete mode 100644 examples/bind/corpus/02ae81f0e22c782acc357c2e705e1f3d.000473b4.honggfuzz.cov delete mode 100644 examples/bind/corpus/031a4ad5078e1db8231fdf6b24e28b40.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/031b5ac4078e1db83ea8c31a74f6da05.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/031f2a3cd68b3e540e65e4250b444c88.0000070e.honggfuzz.cov delete mode 100644 examples/bind/corpus/032b3f29d3eb16fc50c5f5881f0008ac.0001eeea.honggfuzz.cov delete mode 100644 examples/bind/corpus/03504e2bd2d3ad3913a1b4dbc1f6fbb6.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/036be44e1a651c6848c79513d1a84895.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/039e8342ccc89fe80342aaa5c426e4d9.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/03a0add27499334b6b6452249a32abdb.000002ac.honggfuzz.cov delete mode 100644 examples/bind/corpus/03fca16b5aaff09845842edcdca274a1.000014a0.honggfuzz.cov delete mode 100644 examples/bind/corpus/0439f3ebca033876eab4ef36125124f9.00018619.honggfuzz.cov delete mode 100644 examples/bind/corpus/044c9f680edfd8d47b4fae9cc8d69736.0001f52b.honggfuzz.cov delete mode 100644 examples/bind/corpus/046b2d2afd14bc164b6359f3ef4dbb92.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/046e5ccad957c89db319d7344355b90b.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/0477b165c0dca41b363118a175bbee6b.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/0484b182c2d174c9ea853a04e9f7fa5d.000004ee.honggfuzz.cov delete mode 100644 examples/bind/corpus/0491107018be60f2dc941ca56a90ab06.000000c7.honggfuzz.cov delete mode 100644 examples/bind/corpus/04e3ff7364e96506c14c9950f7563f2b.00000ce3.honggfuzz.cov delete mode 100644 examples/bind/corpus/04eaae12ceb9ca0a2d86ffe5fef22d22.00000086.honggfuzz.cov delete mode 100644 examples/bind/corpus/04fdd0ad7ab47e95a010e26d0057293a.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/051ca3e63a219bbc88e2ed9143b8bf3a.0000004e.honggfuzz.cov delete mode 100644 examples/bind/corpus/05304b960798cb314372535218f97e02.00000041.honggfuzz.cov delete mode 100644 examples/bind/corpus/05390c4017721cb60db16647d8ecd5ec.000190ff.honggfuzz.cov create mode 100644 examples/bind/corpus/054f0591f1a6509f250b8c5986005346.00000ee1.honggfuzz.cov create mode 100644 examples/bind/corpus/05657dd5c6e8d886cb500c2546a1f86c.00000037.honggfuzz.cov create mode 100644 examples/bind/corpus/0594b30762d0a2641fa398062e9945cf.000002c2.honggfuzz.cov delete mode 100644 examples/bind/corpus/05a38663f9db591fdead41e0d829b949.00000097.honggfuzz.cov create mode 100644 examples/bind/corpus/05ef1c69711d9b662470d4e606dac682.00000090.honggfuzz.cov delete mode 100644 examples/bind/corpus/05f233968370f70a91e192ae77cdc0e7.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/05f3684977aad8f8131f5e163a5934e4.00000314.honggfuzz.cov create mode 100644 examples/bind/corpus/060f93b08ade3ee505288479ef463100.000008c6.honggfuzz.cov delete mode 100644 examples/bind/corpus/0629416d9af2c3a195b635b27bec6550.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/0642820d2c9dd04e41f94e26cf1f1cb9.0000077b.honggfuzz.cov delete mode 100644 examples/bind/corpus/064fe37f7bba2c807a91825d12f6c94a.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/06a3b684ac3d708fd211cbfec6f95c01.000000c7.honggfuzz.cov create mode 100644 examples/bind/corpus/06b99f99703e630f1f83e4b25db29e4e.00000048.honggfuzz.cov delete mode 100644 examples/bind/corpus/06e1fab65f8910c3dce7b510cf0b214c.0000002f.honggfuzz.cov delete mode 100644 examples/bind/corpus/07405aa278de8d4e52548fb115426371.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/0758a302d8d606a40b464af7806e4e1d.0001b92d.honggfuzz.cov delete mode 100644 examples/bind/corpus/0768c0663854da37c9af0d681ed4f5d6.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/0773ae3737a346d4664c1c82b23420cf.0000005e.honggfuzz.cov create mode 100644 examples/bind/corpus/077cce50c7979ca44564775b6d3175fb.00000062.honggfuzz.cov create mode 100644 examples/bind/corpus/07ae3b524b024885cbab5cf7f18bc267.00002165.honggfuzz.cov delete mode 100644 examples/bind/corpus/07c17c44b7760947006d2667ced9adb4.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/07f44f19626bc2b2f60e9d7a1f54bb5b.000000c7.honggfuzz.cov delete mode 100644 examples/bind/corpus/07f72011fba935cb3df86f3bfc57cc49.000002a9.honggfuzz.cov create mode 100644 examples/bind/corpus/08371c39ecdcb2f170d4bc71cc13fa3f.000001e0.honggfuzz.cov create mode 100644 examples/bind/corpus/08498e8fa663cdbc7f6e89b804f72e2b.00000038.honggfuzz.cov create mode 100644 examples/bind/corpus/085665123029ec38afd5d8a1066ccc9b.00002de2.honggfuzz.cov create mode 100644 examples/bind/corpus/08634ff71ec88f7548b08747828b4475.00000295.honggfuzz.cov create mode 100644 examples/bind/corpus/0873d780bc7692fecaeed453421fc897.000007b4.honggfuzz.cov create mode 100644 examples/bind/corpus/088d326b47b25cfe99b1f3c8eff19b48.0000010f.honggfuzz.cov create mode 100644 examples/bind/corpus/088fe11b508095c021ce89b9d038ece7.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/0896dd6cc0f9d7e04527ab93bbf654fa.00000034.honggfuzz.cov delete mode 100644 examples/bind/corpus/08a1f0bc0d813f4bd85fcb92c92e1319.0000003e.honggfuzz.cov delete mode 100644 examples/bind/corpus/08a6929fac9194f6795c4b38c3cfd9d1.000093e3.honggfuzz.cov delete mode 100644 examples/bind/corpus/08b3951c43a52d111538529ae08c7975.000713ab.honggfuzz.cov delete mode 100644 examples/bind/corpus/08f5a0893201b7598e57b83827589091.000016dc.honggfuzz.cov delete mode 100644 examples/bind/corpus/092b8a5a996ca1d7e76e48c73a69a2be.00000119.honggfuzz.cov create mode 100644 examples/bind/corpus/0931ac2ae90b098a8269288a30bec312.000002e5.honggfuzz.cov create mode 100644 examples/bind/corpus/093dab3424bccff1a2c6a944ae189ab9.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/09577dd67e73bc1f11bbdf993fd73ae4.00000a66.honggfuzz.cov create mode 100644 examples/bind/corpus/099e49220e657d044b75a1fe8290ac9d.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/09a96dd73191f9e1c5a8da459f621d2c.0007791c.honggfuzz.cov delete mode 100644 examples/bind/corpus/09e7e50bd1ca5a459850a0a8cbf32d9e.00000106.honggfuzz.cov create mode 100644 examples/bind/corpus/0a0070379e90a67fc808678bf3c37e62.000000ea.honggfuzz.cov delete mode 100644 examples/bind/corpus/0a04daffa299b9a21592f186301f4a67.00000565.honggfuzz.cov create mode 100644 examples/bind/corpus/0a12f5412fae03be9dad27588404dcc5.0000078f.honggfuzz.cov delete mode 100644 examples/bind/corpus/0a2ec7a27dd217d1d0c65db6690d2f22.0000f931.honggfuzz.cov delete mode 100644 examples/bind/corpus/0a4e3fddddab425f2d24cc1996fe057b.00000094.honggfuzz.cov delete mode 100644 examples/bind/corpus/0a8002924f03522baaed2de00b58ddeb.00016ced.honggfuzz.cov create mode 100644 examples/bind/corpus/0a89ef3f73c17f47e05b09d6606c98a7.00000051.honggfuzz.cov delete mode 100644 examples/bind/corpus/0a8a56cf4e1c01b065835ff80d80011f.0000000d.honggfuzz.cov delete mode 100644 examples/bind/corpus/0a995b3ccb7005ee144a5af6e188d3c9.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/0afbeede2b76610be79ff89ebd0877eb.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/0b00df52b41ed824b945fd817ecb9278.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/0b2489f1d0afe5ce752cb9a426ca9682.000011b3.honggfuzz.cov delete mode 100644 examples/bind/corpus/0b2e570d2cd92d887504b2b7229e6cc8.0000014e.honggfuzz.cov create mode 100644 examples/bind/corpus/0b3a1b4242b748bf7302f25d9a77f172.00000167.honggfuzz.cov delete mode 100644 examples/bind/corpus/0b621a3ef32b7e8afbeded2a0b2676df.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/0b6ca9fec2927dcffe007e514c24465c.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/0b6da72ac769556b92dbdf7e232a43a6.00000bb8.honggfuzz.cov delete mode 100644 examples/bind/corpus/0bd3dacbed2ff3ba228484485a84ded8.00001c73.honggfuzz.cov delete mode 100644 examples/bind/corpus/0c05dacea2443a91924b5546df865acf.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/0c1901fe57315e49ea7f3222eab4b6d3.00000bca.honggfuzz.cov delete mode 100644 examples/bind/corpus/0c23cb482323a79fd548ceca1b5fbff7.000000bd.honggfuzz.cov create mode 100644 examples/bind/corpus/0c460fb5a14f4fdbb9e67e5ac2eb7675.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/0c4d0f8deb5941f51a670a04bf87e88e.00000351.honggfuzz.cov create mode 100644 examples/bind/corpus/0c5d76506f02a926ab0df0b296561fff.00008b64.honggfuzz.cov delete mode 100644 examples/bind/corpus/0c684e5bc63de7a5dcdb9abd5609d645.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/0c869db6879c6642cd694bb3372ab42b.000003f5.honggfuzz.cov create mode 100644 examples/bind/corpus/0c8e8d1b845d598f043bb6f88ca74757.0000018c.honggfuzz.cov create mode 100644 examples/bind/corpus/0ca49a4f7266fd4e4970ee8c0f23d1f0.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/0ca79f47c42c1a7289aac0cc2a1c7ec8.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/0caa78ad43bd22f6da2599ce5ad875a3.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/0cb150e8f003084dabaad5d333cb66b3.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/0cc21f34be053024cedc283c9dfebf6a.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/0cc85eaf5cec582b081c8370703fda6e.00006828.honggfuzz.cov create mode 100644 examples/bind/corpus/0ce49d08fb8b47ef8007696e3e415fd8.00000033.honggfuzz.cov create mode 100644 examples/bind/corpus/0d45d9addb4fe4d4b7ab861ceee08654.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/0d4c1016dab5139842d3ca47caacf98d.0000008f.honggfuzz.cov delete mode 100644 examples/bind/corpus/0d635bbe823b24cb032d3dccc405f827.00000110.honggfuzz.cov delete mode 100644 examples/bind/corpus/0d6dd8c7b773f0d7b396b2a368243a11.000000b0.honggfuzz.cov create mode 100644 examples/bind/corpus/0da385bf51ab1e297b55ef262cdb0a0f.00003422.honggfuzz.cov delete mode 100644 examples/bind/corpus/0dae96a1216c461700a302854d0a2c15.00019747.honggfuzz.cov delete mode 100644 examples/bind/corpus/0daf52c049333bb3666068b59ae387de.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/0dc4dfded76df1b753bf1f5f0bc14ff9.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/0df8ce84b34840f138195bc73c716576.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/0e0683884b58b552aa17b6500d15be38.00000032.honggfuzz.cov delete mode 100644 examples/bind/corpus/0e165dcef75c57d54fc223ac76430bd7.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/0e16dcb17d5ddea0de26fc6edfd41d04.00000044.honggfuzz.cov create mode 100644 examples/bind/corpus/0e3f94cfc1582063ff7713a8d6d1e357.000000f2.honggfuzz.cov delete mode 100644 examples/bind/corpus/0e3f94cfc15c3063087713a8d7618851.000000f2.honggfuzz.cov delete mode 100644 examples/bind/corpus/0e4c7b607e05a625c4319c11141e65df.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/0e50120ee93a36d6dd45b14b8337b739.0004a501.honggfuzz.cov delete mode 100644 examples/bind/corpus/0e51e2787b190d9455a71358cc994ce5.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/0e615ba7b1eda89d478faeb623f18732.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/0e62e33efa7e2b5fb41443deb04a0156.000001b8.honggfuzz.cov create mode 100644 examples/bind/corpus/0e6c56d56719cad21c2ee353578386e1.000000bf.honggfuzz.cov create mode 100644 examples/bind/corpus/0eb4aa6a65592f0c4b9fdc85580220ed.00000372.honggfuzz.cov create mode 100644 examples/bind/corpus/0ebef042e9576343d0cfca7132b4a115.00000030.honggfuzz.cov create mode 100644 examples/bind/corpus/0edb1d88e0fa62f5b8ad8e5d91fc5d40.00000020.honggfuzz.cov delete mode 100644 examples/bind/corpus/0ef9aef1352cbeceedc7177ff7dcd42a.00000d98.honggfuzz.cov create mode 100644 examples/bind/corpus/0f444081717ef774e39ddd757dbab867.000013ef.honggfuzz.cov delete mode 100644 examples/bind/corpus/0f4980611072520dbbc381bb43396b51.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/0f4b02b196088a86714af6b1fa590d92.000000eb.honggfuzz.cov delete mode 100644 examples/bind/corpus/0fb059c44f60936977b16041ea8b649c.00016ced.honggfuzz.cov delete mode 100644 examples/bind/corpus/0fc75203ce5ba7f1ee6bd62ad646f776.000001fc.honggfuzz.cov delete mode 100644 examples/bind/corpus/0fcf92734da36ec163964cf2e552d369.00000b95.honggfuzz.cov create mode 100644 examples/bind/corpus/0fd25165b9b2b284c91ec6010762d59a.00000ea9.honggfuzz.cov delete mode 100644 examples/bind/corpus/0fde45071a52c7da860e1607f186912d.0000054f.honggfuzz.cov delete mode 100644 examples/bind/corpus/0feea58835352511790fac1199a3df80.00000ad5.honggfuzz.cov create mode 100644 examples/bind/corpus/100d1a29105a90b255f7804d9b7636d5.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/10157e342ba8b42b57264c09f5d689ef.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/101a8d145380fb404a8ea610b7eabecc.0000005c.honggfuzz.cov delete mode 100644 examples/bind/corpus/1023491ede448e66c83d5272847f3286.00000059.honggfuzz.cov delete mode 100644 examples/bind/corpus/1024fe8c2d18974b054aadd645889463.00016ced.honggfuzz.cov create mode 100644 examples/bind/corpus/102e7153749821c50b78114d6f8ae4ef.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/10354d06cfcb9c33badd615251709875.0007d000.honggfuzz.cov create mode 100644 examples/bind/corpus/1065b8c3b3416f5dd3a84eaf837412a7.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/10c15bad7e33b44ac42b7306f17e309c.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/10d0b86f8fbb5293f1341b727ae9d9e2.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/1105bccc4c4ffc06b74d8a6305c8328b.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/110942843dff902bf2914042b85571d9.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/110ec2c6b8e9ec924a6b25f802476cda.0000051e.honggfuzz.cov delete mode 100644 examples/bind/corpus/111f71fa6ca637be16f2d509a5e4db76.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/112e3a868c4908deea94fae5ad80dfab.000000a0.honggfuzz.cov delete mode 100644 examples/bind/corpus/114e333e28400776138586fa6148c24a.000001e6.honggfuzz.cov delete mode 100644 examples/bind/corpus/114eb449d067c91fad4ea58f2480c6e4.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1192b5cefab691287f45f928ce290b84.00000276.honggfuzz.cov create mode 100644 examples/bind/corpus/11a0812509f2bd5883d1f474f44c8dc5.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/11aa93f4cd0e80e5073b8fa86527b27e.00004ff5.honggfuzz.cov create mode 100644 examples/bind/corpus/11cdd9823df1caf7e05ab54e03b2ec19.00002c73.honggfuzz.cov create mode 100644 examples/bind/corpus/11d32f95ef1e4406e767c88cdac5cf3d.000002a6.honggfuzz.cov delete mode 100644 examples/bind/corpus/11dec28bbad84647163aade4f2ae06cf.000000d1.honggfuzz.cov create mode 100644 examples/bind/corpus/11fc36ae0a76ca2e6891b644d750fec0.00000065.honggfuzz.cov create mode 100644 examples/bind/corpus/12228ef2bfe591f3119c62ded93d1b0d.0000019a.honggfuzz.cov create mode 100644 examples/bind/corpus/124c5dfacf1f70f96bd7bc64db356abd.000003ee.honggfuzz.cov delete mode 100644 examples/bind/corpus/124e89d8f338b1f034339a1cec661408.00000063.honggfuzz.cov create mode 100644 examples/bind/corpus/1285456ca759ffc94b79da4f62bc497a.000004c9.honggfuzz.cov delete mode 100644 examples/bind/corpus/1285722585495197ea80d3bc54ef97ad.00006796.honggfuzz.cov delete mode 100644 examples/bind/corpus/1291de3285977ef3accee21e840d1d39.0000014a.honggfuzz.cov delete mode 100644 examples/bind/corpus/12b155c629761260ec3d83b8ad7c493a.000019da.honggfuzz.cov delete mode 100644 examples/bind/corpus/12b9671f4003b211ea5720834e1758e7.00000fc5.honggfuzz.cov delete mode 100644 examples/bind/corpus/12bfe90f07dec33d4da7684409f11460.00009349.honggfuzz.cov create mode 100644 examples/bind/corpus/12e0c05c44ca61b962893f6f3c853f55.00000091.honggfuzz.cov delete mode 100644 examples/bind/corpus/1330e34663c07d8c20fbe40c80af893f.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/13433c0592e6b3331c766ee87a0c60ce.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/1346a636beec78c748cd9d2f044880d6.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/13554cb96da506a30babdc8aa1c77371.00016592.honggfuzz.cov delete mode 100644 examples/bind/corpus/136163c5234e54c70548444a72775905.0000005e.honggfuzz.cov delete mode 100644 examples/bind/corpus/137f61170a51eeda057a1b692a773436.000000a1.honggfuzz.cov create mode 100644 examples/bind/corpus/138d551195ea6a24311bd4207f9a16c3.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/13904515854f398884fada54bf3bcc95.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/13b32871b91111463305b1b8a2557f31.0000011f.honggfuzz.cov create mode 100644 examples/bind/corpus/13c15306159de46e63de526ac4fe9049.000002d8.honggfuzz.cov create mode 100644 examples/bind/corpus/13e65d645fc1ca0ef3b57dcbd8ba5e15.0000026f.honggfuzz.cov delete mode 100644 examples/bind/corpus/13f32641ec5794427911c6f328dac0cf.0000009e.honggfuzz.cov create mode 100644 examples/bind/corpus/13facbf932995646f1b0b3aeff10ee93.00000020.honggfuzz.cov delete mode 100644 examples/bind/corpus/140f239f687ffadbe56fbe2682f36f72.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/141722f28a94b9749ecd71f4b5845707.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/142b005b297a146cfe3128534c252fc6.0000010f.honggfuzz.cov delete mode 100644 examples/bind/corpus/143e9e9daa0fb94fe90e2657a51e9d31.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1440ed96d7b89de068e63dcc57449e16.000168e9.honggfuzz.cov delete mode 100644 examples/bind/corpus/14564d08be93279850dfa557af1d377d.00000043.honggfuzz.cov create mode 100644 examples/bind/corpus/1463f2ade6ce09237358b89c95f20a74.0000613c.honggfuzz.cov create mode 100644 examples/bind/corpus/14717e254163c6db81e9b60d7238319e.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/1483e1ebe0a79c096fec47eb64a32b5f.00000351.honggfuzz.cov delete mode 100644 examples/bind/corpus/149208017ff4766e6ccc4b0cef79bdb4.000001d0.honggfuzz.cov create mode 100644 examples/bind/corpus/14a83b6cd867b9865c05ca0cd22394c6.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/14ae32868c4900de90bc52e5ad80dfa6.000000a0.honggfuzz.cov delete mode 100644 examples/bind/corpus/14ba40e7d46df0c972341f33be6e9d52.00016ced.honggfuzz.cov delete mode 100644 examples/bind/corpus/1510672153da52114263800952aca98e.000102cc.honggfuzz.cov create mode 100644 examples/bind/corpus/151e705265c9c4bdb64eb314776b8326.0000fffb.honggfuzz.cov delete mode 100644 examples/bind/corpus/153a9a26fba857b6ca21e5ad47dd0766.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/153cccd9043b8caea720c8c8727f9561.00003302.honggfuzz.cov create mode 100644 examples/bind/corpus/1556b5b664b5f1d1c167b705f7f410ad.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/155f02e2bc4691175840f4ebe260758d.00000043.honggfuzz.cov create mode 100644 examples/bind/corpus/15804c8e32a1c821eac104918c846f46.00002000.honggfuzz.cov create mode 100644 examples/bind/corpus/158f6d78ba069542f594d9f6741414a3.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/15ce363706a18d2cec4cbe94c4492e85.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/15f4fc6414f200bc9f9cb8b6c78bb574.00000076.honggfuzz.cov delete mode 100644 examples/bind/corpus/15f68dedb7af1b527168a243ffbce1d1.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/162447b5b040aec2f5e53142dcd911c3.00000055.honggfuzz.cov delete mode 100644 examples/bind/corpus/162c17aa24fba8851df5571b4b8d40bd.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/162dae526e85f449dad5169be5014b68.00000176.honggfuzz.cov delete mode 100644 examples/bind/corpus/16359d12d8b6eea150b75c4922164eb5.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1639afbc04da6e89f22419d132ec771d.0000002d.honggfuzz.cov delete mode 100644 examples/bind/corpus/1639afbcb2bcbe8902db16d132ec771d.0000002d.honggfuzz.cov delete mode 100644 examples/bind/corpus/1641f7716ff639f10cdb519edd441f81.00000c65.honggfuzz.cov delete mode 100644 examples/bind/corpus/165815762115e6651b33f82f0498a645.00000056.honggfuzz.cov create mode 100644 examples/bind/corpus/165c5cf474b7927a7a28f5746845fc18.0000022b.honggfuzz.cov delete mode 100644 examples/bind/corpus/1676a5b8ecaeb0f578e13c09dbaa8272.00002516.honggfuzz.cov delete mode 100644 examples/bind/corpus/1687cd9e88442706cfdea36875100058.0000003f.honggfuzz.cov delete mode 100644 examples/bind/corpus/168a1e49a658b60c2a1324e16bc0ffa0.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/169c554a43bc7128cb489f1e7f673d96.00000332.honggfuzz.cov delete mode 100644 examples/bind/corpus/16a79f2773686087abb197e090798e05.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/16aec701fe1cb0e975fdf18a2f0dab91.00001e1c.honggfuzz.cov create mode 100644 examples/bind/corpus/16b593b2eaf4bbb31f655360acf6a0f5.00000251.honggfuzz.cov create mode 100644 examples/bind/corpus/16c7f0c6ace52d43ca66cc1145b1d611.00005354.honggfuzz.cov create mode 100644 examples/bind/corpus/16f24c9183eff6003b1ce3f7c6a1f50c.000000a8.honggfuzz.cov delete mode 100644 examples/bind/corpus/171e2a315bad4a864a024fd1488ae4d3.0005d55b.honggfuzz.cov create mode 100644 examples/bind/corpus/17313c1116b80b77546bd5c28b833503.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/17754944f71ba56896eb39cccb4facad.00001388.honggfuzz.cov create mode 100644 examples/bind/corpus/17914311ca3aee6a79a87ca173c63ba1.00000117.honggfuzz.cov delete mode 100644 examples/bind/corpus/1796b8bc81d96b2ed6ee6b31da735580.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/17a90bb7e39c2bd09e135f86a60f1014.000000ef.honggfuzz.cov create mode 100644 examples/bind/corpus/17c99b51d731ba0018a43d7b4f55aa53.00011644.honggfuzz.cov create mode 100644 examples/bind/corpus/17cca0624270385c0d5f39649af20ad4.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/17d25922bdca8d8542c9fd19ea8907de.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/17df99f193f0d9ec486114401cab5abb.0000082d.honggfuzz.cov delete mode 100644 examples/bind/corpus/17e0428d3bd61209bf8a54a0faf548cf.000009aa.honggfuzz.cov create mode 100644 examples/bind/corpus/17efa7b12a47bb121efc94e7eec57c76.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/17f4e7c4c27163883aacc43150e4d27f.000000d5.honggfuzz.cov delete mode 100644 examples/bind/corpus/1807574a649775213e2181bd8c6f0208.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1821403daa8c4b63f904bfd3b94ca492.000001b8.honggfuzz.cov create mode 100644 examples/bind/corpus/18227407743ec47e8a2a3a441c2b8a95.0000010f.honggfuzz.cov create mode 100644 examples/bind/corpus/182cf3531ba0bddc0bb6d7dd77ccd6ad.000007a3.honggfuzz.cov delete mode 100644 examples/bind/corpus/182e93f94c82897a282e34c31c5b17e4.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/183684eef2bd15cf4bad80c68ffecc87.0000009e.honggfuzz.cov delete mode 100644 examples/bind/corpus/1837a788dedeec636073c9d7ec9436e3.00000091.honggfuzz.cov create mode 100644 examples/bind/corpus/184ee06e903742466c944a8922b9eb4c.00000147.honggfuzz.cov create mode 100644 examples/bind/corpus/18834e9fb994209c72125898c35becf5.000000d5.honggfuzz.cov delete mode 100644 examples/bind/corpus/18868bb006603b7a33f42b3741b2d36c.00000e83.honggfuzz.cov delete mode 100644 examples/bind/corpus/1896d08f6f225aa6a78fc2aaedb560e0.00000252.honggfuzz.cov create mode 100644 examples/bind/corpus/18a8d17800ce75714509f980adee62a5.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/18acf806073214448bbfb3e15f8081ce.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/18ad95ee33d20b73955a5594a0193001.00002c0d.honggfuzz.cov delete mode 100644 examples/bind/corpus/18bae6f9a3d54cf3c535632cb57ee520.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1901d4867f9696d97729332fb58ccec5.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/1920e0e60f7cc308645787c9a06ade0e.0000029e.honggfuzz.cov delete mode 100644 examples/bind/corpus/19271e678af322c69313e33ebf7fe457.00000186.honggfuzz.cov delete mode 100644 examples/bind/corpus/1935d32fc026326e2e065df8934b80d3.00002cad.honggfuzz.cov delete mode 100644 examples/bind/corpus/194061f2e417772c8e431872466f0d5b.000000a3.honggfuzz.cov create mode 100644 examples/bind/corpus/195a33e246a7417c9bf23bea0727b726.0000119b.honggfuzz.cov create mode 100644 examples/bind/corpus/19628c12b55369443ab5617b0f89384c.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/196d5a274758b939aeb92c15f9723b9e.00008d94.honggfuzz.cov create mode 100644 examples/bind/corpus/1970e679cfb810e0ecef4a7159510b24.00000cbe.honggfuzz.cov delete mode 100644 examples/bind/corpus/19721f12bff07291519165627cbf55df.00006e98.honggfuzz.cov create mode 100644 examples/bind/corpus/1994f9519ebc7409ad8116e879e3ac05.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/19ea737404475144a5dca394db75a6ab.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/1a0c64d31065542a5acc8d3717b8bf3f.0000033d.honggfuzz.cov delete mode 100644 examples/bind/corpus/1a13c8c4c63c7c6e6d12b064310be99a.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1a17a607a095579295aa490eb612faf9.00000497.honggfuzz.cov delete mode 100644 examples/bind/corpus/1a1aec202b0822d5acf03a33504f4d5a.000000f7.honggfuzz.cov create mode 100644 examples/bind/corpus/1a29fe05b6aeb6d1a85a5faaf8996f41.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/1a355d0323ef2bb3627b9dfba78c39b0.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/1a37c5b597a68695b53a9ba931f960f4.0000019a.honggfuzz.cov create mode 100644 examples/bind/corpus/1a39a42a8fe74d33e00c08e5d55f1907.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/1a4fdc0bd845dfd44badc3829e78dc7d.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1a5c3c87a3238d5e824e01bc860f40eb.00000087.honggfuzz.cov create mode 100644 examples/bind/corpus/1a6ac6b40953d14835de14973d08ab6e.000004a9.honggfuzz.cov create mode 100644 examples/bind/corpus/1a6d4dca9921625f0f1c75e9469391b1.0000020a.honggfuzz.cov delete mode 100644 examples/bind/corpus/1a71254b72aa04799233614d54f7035c.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/1abe7cd5681e5d76d79903f5f8b81778.00000032.honggfuzz.cov delete mode 100644 examples/bind/corpus/1ac79abb3b9b64eae6e3776db0bbb5f0.0000265a.honggfuzz.cov create mode 100644 examples/bind/corpus/1aca07ce73a72106b3515817e4ce07a0.00001877.honggfuzz.cov delete mode 100644 examples/bind/corpus/1ad4f60be76c2b693640175dc226202d.0000006a.honggfuzz.cov delete mode 100644 examples/bind/corpus/1ae891e3e2f625bac7b1fb42cde22c15.0000d011.honggfuzz.cov delete mode 100644 examples/bind/corpus/1aea9975ebf198817b70affa6c577f76.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1b0b21ddb316c99705a167a000d113c1.00000238.honggfuzz.cov delete mode 100644 examples/bind/corpus/1b3f265a63f400e4f3277c6bad3d2332.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1b496a3be58856ec7fa7f9d7f3e8d735.00000063.honggfuzz.cov create mode 100644 examples/bind/corpus/1b6f8654b46e5295b61217dbb4794075.00000094.honggfuzz.cov create mode 100644 examples/bind/corpus/1b81a2037602186af252df79ab6afb87.00000405.honggfuzz.cov create mode 100644 examples/bind/corpus/1b81c135ccce5f8f9c07969234081329.0000011e.honggfuzz.cov create mode 100644 examples/bind/corpus/1b83af78238ff4a11450c3e902fb1d4e.00000200.honggfuzz.cov delete mode 100644 examples/bind/corpus/1b852d59cbe07dbdaa8081fecf810288.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/1bbc82af8ec894031a1d3570e13ee389.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/1bbdf73b5a824ce34a882ce4a8b628db.00000052.honggfuzz.cov delete mode 100644 examples/bind/corpus/1bf5fd0c390092b90d55e4ff3f857c72.0000028a.honggfuzz.cov delete mode 100644 examples/bind/corpus/1c01f2b68447c81b71e3adc3965fe36a.0000097b.honggfuzz.cov delete mode 100644 examples/bind/corpus/1c0b475d4da8bfe464d85f822fe3804b.000019a0.honggfuzz.cov delete mode 100644 examples/bind/corpus/1c11646188ece5286ea43e6748f70e9d.00002710.honggfuzz.cov delete mode 100644 examples/bind/corpus/1c225a0b70b8201b13d07420380ab331.00001079.honggfuzz.cov create mode 100644 examples/bind/corpus/1c2899b2f5138af3050f6237851c4737.0000a74d.honggfuzz.cov delete mode 100644 examples/bind/corpus/1c29c8283dca88344706e65677809500.0001b316.honggfuzz.cov delete mode 100644 examples/bind/corpus/1c66a1283e158c20d5e5a29d26244231.00000021.honggfuzz.cov delete mode 100644 examples/bind/corpus/1c77f2f3f5b2fa6d71ee814a8d427f4b.0000006f.honggfuzz.cov delete mode 100644 examples/bind/corpus/1c80541656ac45ed18e912a1cd055063.000006b0.honggfuzz.cov delete mode 100644 examples/bind/corpus/1ca57aa046413a5c3024bbbe582400f3.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/1cbda0df7261dd861e049e02be5885a4.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/1cd6b1d30f7c539ec08696016c43f3f4.0001fc2a.honggfuzz.cov delete mode 100644 examples/bind/corpus/1cd739c3a6f20db5359763919eecbcb3.00000fb4.honggfuzz.cov create mode 100644 examples/bind/corpus/1d056814b4f1bff73073f08c226b433a.0000005a.honggfuzz.cov create mode 100644 examples/bind/corpus/1d22c310b1a84d930235389cfc27db56.00000062.honggfuzz.cov delete mode 100644 examples/bind/corpus/1d33dcd856ce201da0efff7a3e030357.00002798.honggfuzz.cov delete mode 100644 examples/bind/corpus/1d4390f55f0e33c12f36d00e405a7b6a.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/1d733e084ca2e1209d27136fd7d79247.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1d8b4e8c637e2658f8e71e941fe3828c.00000239.honggfuzz.cov delete mode 100644 examples/bind/corpus/1de48abb251beafc931ab77c94c6b09a.00004c1c.honggfuzz.cov delete mode 100644 examples/bind/corpus/1dfb2841efcaed8144a5a0b4321b1117.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/1e0808b174f11f981973bfe4a203d6e8.0000088d.honggfuzz.cov delete mode 100644 examples/bind/corpus/1e0a874f255fa1243c84c705d29cc57a.00000219.honggfuzz.cov create mode 100644 examples/bind/corpus/1e159b3d63074b93c447c1810e3d9e7c.000002f3.honggfuzz.cov delete mode 100644 examples/bind/corpus/1e1e4b6306ba36201e66f0a284f4a13b.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/1e2146fb1204de1fa48a637aae39e4f1.000000ee.honggfuzz.cov delete mode 100644 examples/bind/corpus/1e2331a1354ccedec0c174691d07bc77.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/1e2331a135567f75dbdbc5c207acbc66.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1e26a4ccd84406566e7c3f6515099fda.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/1e43b66127b2aea19082bf1c56d75a04.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1e5ff0d9f5e87d4249827b2ad77f6274.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1e79a9fec288cdcfe4b1d54bfd94464c.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1e899a00453019dbc9cb303bb5c52224.00000926.honggfuzz.cov delete mode 100644 examples/bind/corpus/1eac4e8a9d4135240a342576f6e9dd3c.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1eb27d7a901fedb42b5a14ca9672429e.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/1ecae119e8e7670387690822f5decf6e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/1ed3f3f3342d6824185709bd4bd594e0.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/1ed6bce3a91c0b2d00358479bdd5ce7d.000000fe.honggfuzz.cov create mode 100644 examples/bind/corpus/1ef1af6233bc2593daf970052f3a7f3d.000001e0.honggfuzz.cov delete mode 100644 examples/bind/corpus/1f0e9cc1dbbb46cb011ddf7be1c40165.00003bc5.honggfuzz.cov create mode 100644 examples/bind/corpus/1f0ead6706242f44d41e24ca3ca89726.00004ce1.honggfuzz.cov create mode 100644 examples/bind/corpus/1f0f5bf803e223a42c505ad3fa815090.0000001e.honggfuzz.cov create mode 100644 examples/bind/corpus/1f6b6c578f82939a77199090a3db933b.000003ab.honggfuzz.cov delete mode 100644 examples/bind/corpus/1f855528c7704bbc5263698f23f93594.00000019.honggfuzz.cov delete mode 100644 examples/bind/corpus/1faa5040568596c93d7e81348bbf481a.000001b9.honggfuzz.cov delete mode 100644 examples/bind/corpus/1fb0ba35f924d63ecd0b79de51c52305.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/1fbc4e55a893ccb58ca61acdce99f581.00000020.honggfuzz.cov create mode 100644 examples/bind/corpus/1fbedf869edc6dc77744782beb5a2fcb.0000050b.honggfuzz.cov delete mode 100644 examples/bind/corpus/1fbf29f739a5a12ce0a52659691bd4ac.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/1fdf202b639f5a0976d4815704e6d25c.0000065b.honggfuzz.cov delete mode 100644 examples/bind/corpus/1fec471e63dbc7a736cb0cb19ba63692.0000283a.honggfuzz.cov delete mode 100644 examples/bind/corpus/1ff56775c9ef1443b88cfe06f17ca5ff.0000059c.honggfuzz.cov delete mode 100644 examples/bind/corpus/200e4d810bee295451364d3f363db1b5.000000a0.honggfuzz.cov delete mode 100644 examples/bind/corpus/2018b0374aadbde192c715892e8b55d2.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/2040727796babd4c3033a5beb4388eb1.000000d3.honggfuzz.cov create mode 100644 examples/bind/corpus/204275d97144fcb7a9d319f0f02d4d60.0000c1d1.honggfuzz.cov delete mode 100644 examples/bind/corpus/2048af17571dd6d1dd83b07a2881a7ef.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/2093eecdc4dfb567addca9194403fecf.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/2108b5937210aa80d19ba38f6f931dd6.00000035.honggfuzz.cov delete mode 100644 examples/bind/corpus/211d1acd732c72475ca6161eecfe2e51.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/2123129e23d722a91a33a4c69de76b37.0000c349.honggfuzz.cov delete mode 100644 examples/bind/corpus/21300220cf7171e64c9630b9b9b769dc.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/21491f11eb2ad2215562d873cddd2235.0000001e.honggfuzz.cov delete mode 100644 examples/bind/corpus/217b576196d931efdcf94c7256ebf547.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/217b579169d631ef47e6704ea524c97b.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/217ba114e7d7543c6bfc7bfdafb5bd23.0000180a.honggfuzz.cov delete mode 100644 examples/bind/corpus/217c73b0a35a49e6197991c6689e7dd7.000178d3.honggfuzz.cov delete mode 100644 examples/bind/corpus/2182965e86b6175b7680f07520290acd.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/21a8798d4800670e742155dde04c603c.0000007e.honggfuzz.cov delete mode 100644 examples/bind/corpus/21ad5747bf0031ef470870a04bca27db.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/22270a2d26b0fedeaf866a9dc072adc1.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/2237c4a12c5d6c57cbbeb1d398e708a5.00042674.honggfuzz.cov create mode 100644 examples/bind/corpus/227961981a04daa87a57dc1491e568c2.00000020.honggfuzz.cov delete mode 100644 examples/bind/corpus/229a71f8f9bca8e14964cce206e2c272.00001d71.honggfuzz.cov delete mode 100644 examples/bind/corpus/229c2a8e53ad2c28c1ca12f20ff22487.0000005b.honggfuzz.cov delete mode 100644 examples/bind/corpus/22c03a63325c6a6832b40fd4f0f231c6.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/22c36d3a2df85418cfd3d4c4a4b41167.0000002d.honggfuzz.cov create mode 100644 examples/bind/corpus/22dff551c16b16c89fa241aee1c823e8.0000011f.honggfuzz.cov create mode 100644 examples/bind/corpus/22fdf0ceef870042f976b7feb590a75e.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/231820b77fe217ed469dd4938fa8694a.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/2325846626d9aaa54b529d5be7e78611.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/233b8c5add6bf2d330631346ff562abb.00000129.honggfuzz.cov create mode 100644 examples/bind/corpus/2342a4ad4a0a6ae9572a424634726c59.00000516.honggfuzz.cov delete mode 100644 examples/bind/corpus/234325353619f74c3af9edca58c318d9.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/235fb944ab6518b3a46174d03c5191ff.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/23874dcc1bc79ac3f1d53a2b27689c8d.00000032.honggfuzz.cov delete mode 100644 examples/bind/corpus/239b90191b2983ddae635c6d9b5ed3b2.00000079.honggfuzz.cov create mode 100644 examples/bind/corpus/23b702236eeb381fa696f1bfa53dfd2a.00006819.honggfuzz.cov create mode 100644 examples/bind/corpus/23e2c8542a25cf583fd23e814d179821.00000031.honggfuzz.cov create mode 100644 examples/bind/corpus/24015a91a484c8acb76dd484156731f6.00000057.honggfuzz.cov delete mode 100644 examples/bind/corpus/240810ecab0cb4b20a037a60748d4d5b.00004238.honggfuzz.cov delete mode 100644 examples/bind/corpus/240c07fb656949ccd4230778f3e3bf77.00002ea8.honggfuzz.cov create mode 100644 examples/bind/corpus/24228617b0be184c36ce5daaf1cc2a11.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/243deea3db4239b131c2f7d781f19c87.0000e12d.honggfuzz.cov delete mode 100644 examples/bind/corpus/2441a38f467b4cef4059a2bbb7cdb6b3.00000087.honggfuzz.cov create mode 100644 examples/bind/corpus/244e4563f4fd8aec016de9103b5ad465.00000046.honggfuzz.cov delete mode 100644 examples/bind/corpus/24586813ea898511afc4beb01dd099b7.00000d97.honggfuzz.cov delete mode 100644 examples/bind/corpus/2469350e3bcd5794610a17f948743bca.000008b9.honggfuzz.cov create mode 100644 examples/bind/corpus/247728b489db181278bd7c9ad0c0eaf1.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/247db1aff0f7bc4c2e519f9dd6e7a547.00000219.honggfuzz.cov delete mode 100644 examples/bind/corpus/248d669e0f93dbf1acd3be810bcaa5e6.0000f05e.honggfuzz.cov create mode 100644 examples/bind/corpus/24a63e1101df76de089c5f225503339a.000002fd.honggfuzz.cov create mode 100644 examples/bind/corpus/24ad524dddc15d0aabe9f03f685498a4.00000091.honggfuzz.cov create mode 100644 examples/bind/corpus/24b57a781d141d75e731daa4cd8e03d1.0000005c.honggfuzz.cov create mode 100644 examples/bind/corpus/24d3654af3921ce567f9346cf2783993.00010ae8.honggfuzz.cov delete mode 100644 examples/bind/corpus/24ddbb4eb9148dbbe50e26968e7b638c.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/24f8c2a0352a8bf53128eff08374bd94.00000262.honggfuzz.cov create mode 100644 examples/bind/corpus/25154cdd22179dec741f4d9fc1e9c013.00000e87.honggfuzz.cov create mode 100644 examples/bind/corpus/25200000000000002520000000000000.00000001.honggfuzz.cov delete mode 100644 examples/bind/corpus/2520b2813b7d41648ff2bf4153250432.000008ff.honggfuzz.cov delete mode 100644 examples/bind/corpus/253b1e2248e282a2463c47f97eb11b45.0000055e.honggfuzz.cov delete mode 100644 examples/bind/corpus/255ad6d1c03259f1b14915edeed91065.00000048.honggfuzz.cov create mode 100644 examples/bind/corpus/256314168eee874c12895ed3db700cab.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/25911ad32daf1ee72d115f4f09c0c59c.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/25ce903700f2e8a9b0c2e7ef64a4c19e.0001e987.honggfuzz.cov delete mode 100644 examples/bind/corpus/25d416849520244188ab8366035b8475.000000f7.honggfuzz.cov create mode 100644 examples/bind/corpus/26063906a6e3812781a4a71eb9d766ca.00000178.honggfuzz.cov create mode 100644 examples/bind/corpus/2613c2525caa5302704110915358b489.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/2620c4ba55e873344c26be181837f6d2.00018619.honggfuzz.cov delete mode 100644 examples/bind/corpus/2630c6225d3525618c869da176c79b02.00000c2e.honggfuzz.cov delete mode 100644 examples/bind/corpus/2637fca7b594196e2ac864c242fe450f.00000892.honggfuzz.cov delete mode 100644 examples/bind/corpus/263ba06b15717e12366f8b93f6d7e9ec.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/264e7318137ba501ba932ca525a0826b.0000d8f2.honggfuzz.cov delete mode 100644 examples/bind/corpus/265391b1da8672d8a7494d84b9f25b0b.0000b857.honggfuzz.cov delete mode 100644 examples/bind/corpus/267b8c00de31a18e9a6983e1169b35a1.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/2698ea4a732d46765b07c2c334ee8c81.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/26a2769857f6d81054725e2e52850bf9.000000b6.honggfuzz.cov delete mode 100644 examples/bind/corpus/26cb7739306571c2bf1233608dd2d78d.0000f3cb.honggfuzz.cov delete mode 100644 examples/bind/corpus/26cd4d2a8ad8fdd58cda94bf75cce647.000001b0.honggfuzz.cov delete mode 100644 examples/bind/corpus/26ce8770aa3b294739db5db59c0f085d.00011949.honggfuzz.cov delete mode 100644 examples/bind/corpus/26e64ab0bd229aaadf13c251d74c2af0.000000a2.honggfuzz.cov create mode 100644 examples/bind/corpus/26ea097000a6186a864d151ffa2bb4eb.00000319.honggfuzz.cov create mode 100644 examples/bind/corpus/26f6c65a306a4aba522d21ec635a0963.0000004f.honggfuzz.cov delete mode 100644 examples/bind/corpus/2703cf70996151e23ccc45b58eb072c2.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/270c6fd1ac085caaf4e4fa2a99ff6759.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/274a26478210c4044f6d5eb807a9bd5b.00000456.honggfuzz.cov delete mode 100644 examples/bind/corpus/27579486506a5f555d163b78a842f91c.00000090.honggfuzz.cov delete mode 100644 examples/bind/corpus/27c80835b4b55e765cc302f2b7105d35.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/27cffb351896595c6071c51cda6eef43.00000020.honggfuzz.cov delete mode 100644 examples/bind/corpus/27e3b4ea27ed566dc39adf4629ec35e9.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/27e8b4fa27ed567dc39adf5d29e735f9.000000f7.honggfuzz.cov create mode 100644 examples/bind/corpus/27f7fd341977b2fef1e4f98e809403d2.000007cd.honggfuzz.cov create mode 100644 examples/bind/corpus/2806a131ed764fe19e8a288488a70287.0000007d.honggfuzz.cov delete mode 100644 examples/bind/corpus/28169230837a3526062735536fe0b144.0000001c.honggfuzz.cov create mode 100644 examples/bind/corpus/2816c979b37a3526b4db0a226fe0b144.0000001c.honggfuzz.cov delete mode 100644 examples/bind/corpus/286245a8b787295a774089a30a3e8bba.000000da.honggfuzz.cov delete mode 100644 examples/bind/corpus/2864d593e5aeff1044ec45ee0e5c1129.00000037.honggfuzz.cov delete mode 100644 examples/bind/corpus/28681b48a585eeb51a7b39b1d24dccce.00000716.honggfuzz.cov delete mode 100644 examples/bind/corpus/288a6ab0230f4c3338005459f23d4466.0000001e.honggfuzz.cov delete mode 100644 examples/bind/corpus/288beb7e8f37b6446403b7d7ff72512c.000000d1.honggfuzz.cov create mode 100644 examples/bind/corpus/2890e153d5d7c0bc3158cb196db0b15a.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/28c12ab3d4cf271d2c8281560034f802.000000e9.honggfuzz.cov delete mode 100644 examples/bind/corpus/290251b223a32ef23fe5e83e5e9fab5e.000008e8.honggfuzz.cov create mode 100644 examples/bind/corpus/290eaabae8f650ae14f9691c82825c5b.000001a0.honggfuzz.cov create mode 100644 examples/bind/corpus/2927be72f2301500f606f065d22c6024.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/2934f7416c770cfab0a9f6f153d791a9.000001eb.honggfuzz.cov create mode 100644 examples/bind/corpus/2935e1720fc4909943ec18eb10660442.000003a2.honggfuzz.cov delete mode 100644 examples/bind/corpus/2951d582fc05458d26aa1bd96f063209.000001be.honggfuzz.cov delete mode 100644 examples/bind/corpus/2951f3971061098706db6f6f2e3ab51a.0001b949.honggfuzz.cov delete mode 100644 examples/bind/corpus/2958de74379824fcd67238ec91502cee.000000c6.honggfuzz.cov create mode 100644 examples/bind/corpus/2959b171a5845f76b22dfcdf4b8f336f.0000009a.honggfuzz.cov create mode 100644 examples/bind/corpus/296341033406d1beefc23f727964ee5a.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/29a1d7e772b69baf81f73a0012d590eb.00000119.honggfuzz.cov delete mode 100644 examples/bind/corpus/29b49aefa81d587b956b3d795a62f6f8.000002af.honggfuzz.cov delete mode 100644 examples/bind/corpus/29c645d38ecda878a91b66a33b088a59.0000079b.honggfuzz.cov delete mode 100644 examples/bind/corpus/29d11176930c773d9a4aa7682ca1f9db.0000fc1b.honggfuzz.cov delete mode 100644 examples/bind/corpus/29fa32af39c41b1a8d7fb2bbbf579be2.00000119.honggfuzz.cov delete mode 100644 examples/bind/corpus/2a1b620533021214017d93fc8d47fda3.00001686.honggfuzz.cov create mode 100644 examples/bind/corpus/2a25df148e9d0a747bb4cf0efea8f22b.000105b8.honggfuzz.cov delete mode 100644 examples/bind/corpus/2a5130cb432aa8fd3c4c254bc22f1d70.000000b2.honggfuzz.cov create mode 100644 examples/bind/corpus/2a58b135a3164800c4d3c8e85633e6b0.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/2a6dee1e139b45dd8bc34e7795989969.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/2a88c5f40f4c624f61fe64706f2bbb8f.00000200.honggfuzz.cov delete mode 100644 examples/bind/corpus/2a9321d72b151a8483a6df28caa96567.00001461.honggfuzz.cov delete mode 100644 examples/bind/corpus/2a99eea3d4dfcf64fec86e05da464784.00000d60.honggfuzz.cov create mode 100644 examples/bind/corpus/2aa1c13e1fe81c576582da806904d359.00000032.honggfuzz.cov delete mode 100644 examples/bind/corpus/2ab531ce9d0e4774054f6baeae93b59f.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/2abf5ad6c26932799ae63513e0fbe409.0000c26e.honggfuzz.cov create mode 100644 examples/bind/corpus/2acbcf37dfcedf17abeb6285176a7f50.000002cb.honggfuzz.cov delete mode 100644 examples/bind/corpus/2ae7fa3b54ef4289f5fd0417590f5939.00000375.honggfuzz.cov delete mode 100644 examples/bind/corpus/2ae85bc208b1d0a2439562b210e0cacf.00000040.honggfuzz.cov create mode 100644 examples/bind/corpus/2b03ea1afbd263a5d9d69c5aec90024e.000000c7.honggfuzz.cov create mode 100644 examples/bind/corpus/2b0f17e028c926f4503b5cb7c846c4aa.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/2b161e928668741ee4e8e833422d6071.00006071.honggfuzz.cov delete mode 100644 examples/bind/corpus/2b5e6fc6b843dc19288c643a99fb1219.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/2b6ad10533c601fd95ddf27904ab773e.000000c3.honggfuzz.cov create mode 100644 examples/bind/corpus/2b841dbbd7b99bdd303238ba8e8f1208.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/2b9121005e53728c8c2a937d4376d153.00000039.honggfuzz.cov delete mode 100644 examples/bind/corpus/2babf26ce7962d812ba354cf7f74ea05.00000092.honggfuzz.cov delete mode 100644 examples/bind/corpus/2bbab97ff6782ff8548eef21c3088acc.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/2bc67eab9dbeb18b7101b43cd89b90ef.0000041f.honggfuzz.cov delete mode 100644 examples/bind/corpus/2be2d3bd1168e111ac1fe5c41dd4760b.00001327.honggfuzz.cov create mode 100644 examples/bind/corpus/2c03bc7870a9088e9d499214626169b1.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/2c27f1b91c603059818dcdf840f672f3.00000254.honggfuzz.cov delete mode 100644 examples/bind/corpus/2c314f69fcc929e897056c8028ead267.00008325.honggfuzz.cov delete mode 100644 examples/bind/corpus/2c448a21d73bd328b7e5b27f8bfb28dd.000126d3.honggfuzz.cov create mode 100644 examples/bind/corpus/2c4627776b71fbb314849ea1dcc673ad.00000033.honggfuzz.cov delete mode 100644 examples/bind/corpus/2c783c7fe3493416890e0e2d1f8fe511.00000200.honggfuzz.cov delete mode 100644 examples/bind/corpus/2c7a128875160abadd71fc3781035b23.000001db.honggfuzz.cov delete mode 100644 examples/bind/corpus/2c859d21ccddb2aa11746920953de7d6.00001388.honggfuzz.cov create mode 100644 examples/bind/corpus/2c8995be8dfd5680b3c13f91c618c57e.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/2caddeddb91faaeff5d25333e0861d9f.00000036.honggfuzz.cov create mode 100644 examples/bind/corpus/2cc95f28e8441b334abbb78565bf16bf.0000003b.honggfuzz.cov create mode 100644 examples/bind/corpus/2ce70fe160e9675226e59d51bdd3f739.000184e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/2ceaa17dae7da8760d3507c974c579bd.0000011a.honggfuzz.cov delete mode 100644 examples/bind/corpus/2cf4bfacf947453c3b1db7593e64fd01.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/2cf85615c0f6d649db796627e280db47.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/2cfcab9c5c2e3653cd879deefb2872ea.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/2cffaa7220743c267dedd778749703a1.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/2d16968fc6c5be50d1a3715b0265abe5.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/2d34db235247c83c6abae62f88ab34d6.00001e19.honggfuzz.cov create mode 100644 examples/bind/corpus/2d5874f63c97e2f92997ab8004c42845.00000153.honggfuzz.cov delete mode 100644 examples/bind/corpus/2d5ec2171cd6dfc77ffb61adc568aab4.000014b5.honggfuzz.cov create mode 100644 examples/bind/corpus/2d71783c775910c3562f751089a4fcab.0000002f.honggfuzz.cov create mode 100644 examples/bind/corpus/2d85c98000000000b9055d0000000000.00000003.honggfuzz.cov delete mode 100644 examples/bind/corpus/2da5b954ac288367a317e9a6acb93c66.00000043.honggfuzz.cov delete mode 100644 examples/bind/corpus/2dad3be786a5bbfc8a73609c59990e15.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/2db889976711bb17fb2ecb1c3557562a.0000576e.honggfuzz.cov delete mode 100644 examples/bind/corpus/2dbb76b3c4cf3337ea2fce0706aefa05.000000ff.honggfuzz.cov delete mode 100644 examples/bind/corpus/2dcc1210b5e42edaa6aab5e979bcab0c.000008e6.honggfuzz.cov delete mode 100644 examples/bind/corpus/2dfc4b50f876da496f16b1fba14fd12e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/2dfd466e1e16db7ac34f1777764d47df.00000bb8.honggfuzz.cov delete mode 100644 examples/bind/corpus/2dfd8d8b9406da498e07b1fa7be4a0f4.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/2e0f240808ee18905a9b31fe415db66d.00000ac4.honggfuzz.cov delete mode 100644 examples/bind/corpus/2e1fe15bca01ffe0501804594cc7976f.0000047e.honggfuzz.cov delete mode 100644 examples/bind/corpus/2e46bb6fe018e39229aa814859558bdd.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/2e69ef030829ae64c8156222d19919a0.00000d70.honggfuzz.cov create mode 100644 examples/bind/corpus/2e786b7652f36bfaf5f5076be0d331f2.0000017b.honggfuzz.cov create mode 100644 examples/bind/corpus/2e790b2b0816a86c0855bfebdb3ed461.0000044a.honggfuzz.cov delete mode 100644 examples/bind/corpus/2e7921acf1da68daf735ebf7bc952556.0000d86d.honggfuzz.cov create mode 100644 examples/bind/corpus/2e894c940f84cff423875811f204f5a6.00000049.honggfuzz.cov delete mode 100644 examples/bind/corpus/2eab3683a7401d30e862f3607735768c.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/2eafe1d2672d9945488b18b922605884.00001bfb.honggfuzz.cov delete mode 100644 examples/bind/corpus/2ed471cb5b39924eb167ea61435af114.0000029e.honggfuzz.cov create mode 100644 examples/bind/corpus/2ee1b04a3421dee580f35b98bb21747c.000105b8.honggfuzz.cov create mode 100644 examples/bind/corpus/2ef889a537cf304fdc56d8d5facbfb09.00000174.honggfuzz.cov create mode 100644 examples/bind/corpus/2f03c6554bd3d18a7a63f9b62156aeaf.00009c97.honggfuzz.cov delete mode 100644 examples/bind/corpus/2f03f9d97d6321a5bf67bbc8ea15fb0f.0000cc8d.honggfuzz.cov create mode 100644 examples/bind/corpus/2f1b2a42676e6ec29c5aa02bf8562019.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/2f245536f3feb228b19b7683997f4f50.00000153.honggfuzz.cov delete mode 100644 examples/bind/corpus/2f4a4fc3e7b49f9180369b02acc3ff65.00000299.honggfuzz.cov create mode 100644 examples/bind/corpus/2f5537d792d33aab7bcca099f785ad6f.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/2f5a50da02a34c320d46e8a2d3338227.0000004d.honggfuzz.cov create mode 100644 examples/bind/corpus/2f5b78108fc83f1f4d67486f795e9df2.00000a03.honggfuzz.cov delete mode 100644 examples/bind/corpus/2f5dbd617ebec4fee6069003b4afb4cc.000000a1.honggfuzz.cov delete mode 100644 examples/bind/corpus/2f686f165aaa1ca90b6ce1d60a11bd3b.00020000.honggfuzz.cov create mode 100644 examples/bind/corpus/2f84f50d08f786bc293df846a8aedd25.00000045.honggfuzz.cov delete mode 100644 examples/bind/corpus/2f94cc7f749620012f5269143b56f053.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/2f98f9c15da21d3a32e587e65456b031.000000b6.honggfuzz.cov create mode 100644 examples/bind/corpus/2fcb68fec4021416e845a0c736b9c163.00000020.honggfuzz.cov create mode 100644 examples/bind/corpus/2fcc440010d7b96e932775dab4ff1d25.00000107.honggfuzz.cov delete mode 100644 examples/bind/corpus/2fe2644a0643d75d7021779ad242a428.0000c1d1.honggfuzz.cov delete mode 100644 examples/bind/corpus/2fe5af450d393ebfeebbf4c72f5cfbaa.0000033f.honggfuzz.cov delete mode 100644 examples/bind/corpus/2ff2eb586cd6d4d261e845ac13c11321.00000295.honggfuzz.cov delete mode 100644 examples/bind/corpus/301a8715bdefcfecc1c25e2b91a70691.0000006c.honggfuzz.cov delete mode 100644 examples/bind/corpus/303f4d1b633ee14325679115f1e80a81.0001c2ad.honggfuzz.cov create mode 100644 examples/bind/corpus/3080ab363c66a431550717cdca25d5d4.00001c2d.honggfuzz.cov delete mode 100644 examples/bind/corpus/30bbea07b61796407e5e230c074fa1d5.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/30be29660b07b857d424bd7fc13ec852.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/30cc03e85b5cbee670eeecb52c1911fd.00000684.honggfuzz.cov delete mode 100644 examples/bind/corpus/30d22fd558a567a41d341af708251f6c.00000445.honggfuzz.cov delete mode 100644 examples/bind/corpus/30d563d9c8c4b015ed731b77c9eac0a1.00000d8a.honggfuzz.cov delete mode 100644 examples/bind/corpus/30d77593112cd999881f5fb5825b169b.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/30e168f35e73855ae47c775572036195.00000bb8.honggfuzz.cov delete mode 100644 examples/bind/corpus/30e9e0bc2b0810d98d986bc743f7267b.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/310b15493707ad5a03a3d63cfb670583.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/31213b03ada2c8e49389e059575afd92.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/3128448aed9b266128539c7ca229a8e3.00001814.honggfuzz.cov delete mode 100644 examples/bind/corpus/3145056954729b81812dbd1640812b46.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/315832fad998256d964b2488e31d68f1.00000843.honggfuzz.cov delete mode 100644 examples/bind/corpus/3184e8449bc99094362077c25892ec04.00000040.honggfuzz.cov create mode 100644 examples/bind/corpus/3184e8463943ba94362077c25b240c04.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/3189bbffa170ae03c413b74d45c34ad9.000060c9.honggfuzz.cov delete mode 100644 examples/bind/corpus/319aba92b494e5a1a3eacfbdc62d3d14.0002ffdb.honggfuzz.cov delete mode 100644 examples/bind/corpus/31a0c58926d79636fb64c6907135bdd5.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/31ab280343db800f7b444d09e7bb9262.000001db.honggfuzz.cov delete mode 100644 examples/bind/corpus/31ab56720c5f9cf78edc3337a974fa2f.000000d5.honggfuzz.cov delete mode 100644 examples/bind/corpus/31b0a2c94b763492a9a7bda2c29a5bc9.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/31c2482041589d05723d6c01ee1e449e.00000485.honggfuzz.cov create mode 100644 examples/bind/corpus/31e8883b67f99a36b4919417ee63123c.000001b8.honggfuzz.cov delete mode 100644 examples/bind/corpus/31f2ad670310dc50cc776c92fc78c24a.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/323d6c6d4d548b30b156ad4193cc3948.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/324afb8d0a481c85ff282372ae7629d2.000000d5.honggfuzz.cov create mode 100644 examples/bind/corpus/326ec33e58af277c23c885b904609b54.00000109.honggfuzz.cov create mode 100644 examples/bind/corpus/327fc519da2047ccf9cc1643add2c00e.0000004e.honggfuzz.cov delete mode 100644 examples/bind/corpus/327fc56f6a2047ccf9cc5252f896d15b.0000004e.honggfuzz.cov delete mode 100644 examples/bind/corpus/328701cfff9764b169525fb844609d80.00000200.honggfuzz.cov delete mode 100644 examples/bind/corpus/32c48d5b3e0b6412efefff90e116af6f.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/32d02fe28ad3dcb9437e651d2d380d18.00000bb8.honggfuzz.cov delete mode 100644 examples/bind/corpus/32e32f37fad03412fd901b40e1d8580c.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/32f378f20a45fc144a82ead6ceb3ec9f.0000007d.honggfuzz.cov delete mode 100644 examples/bind/corpus/330ae78f181d605668b3494feacec536.00000332.honggfuzz.cov create mode 100644 examples/bind/corpus/3310dcb85bf7fd8af2da970168b4fb57.0000029e.honggfuzz.cov delete mode 100644 examples/bind/corpus/3320465328c0b02e38e501422f1c1f5f.00001aba.honggfuzz.cov delete mode 100644 examples/bind/corpus/33264c422e84c892237cf91f4bb2239e.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/334fc1b7bf4c6ea674cfcff9052e7d5b.000002cb.honggfuzz.cov create mode 100644 examples/bind/corpus/339c8c138c3e957a0d0f1523f3854f7a.000007f1.honggfuzz.cov create mode 100644 examples/bind/corpus/339f68cf76f7b08b97fb3cc95239ef3c.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/33ce1259a401b49d62d690ebdabc0e2a.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/33dbed645d1b2386d7ef84ca14e60b5d.00006070.honggfuzz.cov create mode 100644 examples/bind/corpus/340d2337569d5288a3e9fc66e937bb56.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/340dfc681f917fcdb6bb4d57497b1aee.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/3414b013a99ce1ea7a9a77b35702a841.00000124.honggfuzz.cov delete mode 100644 examples/bind/corpus/3425793349c7af6952737f0bde8b375a.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/343c35ce07bec437a4419b2eaef59487.00000de2.honggfuzz.cov create mode 100644 examples/bind/corpus/3442f0cf7ded5f97e0a78e2af9423a0a.000000a8.honggfuzz.cov create mode 100644 examples/bind/corpus/344588a01ab77c53ef8093d82db70e90.0000012e.honggfuzz.cov delete mode 100644 examples/bind/corpus/344b9d6e3f77ef66364f0a5d656e53c3.000001b8.honggfuzz.cov delete mode 100644 examples/bind/corpus/346c43c000440668c88596ace9f66ca5.00000098.honggfuzz.cov delete mode 100644 examples/bind/corpus/348f9a06ed62d6a4d33c611ad78647b6.00000101.honggfuzz.cov delete mode 100644 examples/bind/corpus/349c7afd777e16c9efb176dab9e6fc39.0000010f.honggfuzz.cov create mode 100644 examples/bind/corpus/3504b84a631fb5d86ccb44f83dff6361.0000001a.honggfuzz.cov create mode 100644 examples/bind/corpus/35133e62578e8c33f0a1f9807dec9a35.0000003f.honggfuzz.cov create mode 100644 examples/bind/corpus/355dad3edfadc58cc89aec6eebf63d98.000000b8.honggfuzz.cov delete mode 100644 examples/bind/corpus/3566d117314a2c532a9fd919c3d81f96.000006d7.honggfuzz.cov delete mode 100644 examples/bind/corpus/357c59488722e0fa2f7797d7d8f9371d.00000941.honggfuzz.cov create mode 100644 examples/bind/corpus/358312717d8b5f4b03f2678bcac850fb.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/35942c40ec04b5111b6cdb5a926f348e.000003c8.honggfuzz.cov create mode 100644 examples/bind/corpus/35acc1f4b25c02d04094588cf41312a6.00000e87.honggfuzz.cov create mode 100644 examples/bind/corpus/35ae798039439696feb41b7f08fc99b0.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/35b2164dc1925ecfdf2f04d89c13c8b2.00000084.honggfuzz.cov delete mode 100644 examples/bind/corpus/35ba1c09f64dbb3ca3f205cb1595b1f1.0000088c.honggfuzz.cov create mode 100644 examples/bind/corpus/35c535a9d7f794d5123dc1a4555636cf.0000040e.honggfuzz.cov create mode 100644 examples/bind/corpus/35c8b4c0496e00b61a0a1308de3253a1.00000148.honggfuzz.cov delete mode 100644 examples/bind/corpus/35d6eb78e6d18434a05df93a04121e4a.00032915.honggfuzz.cov delete mode 100644 examples/bind/corpus/36024e8b8a490bb8a5f7e11bca434b35.00017fef.honggfuzz.cov create mode 100644 examples/bind/corpus/361431bcc377b0bfd217062c53e08011.00000187.honggfuzz.cov delete mode 100644 examples/bind/corpus/3618a653295796d8d6182ce711ce0d7e.0000002d.honggfuzz.cov create mode 100644 examples/bind/corpus/362875cde3d79537a0f61a795da4f53a.000001e9.honggfuzz.cov delete mode 100644 examples/bind/corpus/362c99553494da942dd8fc67a5b97f2f.0006a464.honggfuzz.cov create mode 100644 examples/bind/corpus/3635231407cb13019327b4a10d7cdecb.000015c3.honggfuzz.cov delete mode 100644 examples/bind/corpus/3639aadbac652b08b8c0e1fddca16cf3.0000029e.honggfuzz.cov delete mode 100644 examples/bind/corpus/363f97fe93a3db3c875b0ac16478be04.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/3647d261e3c75e4432d7879c20de7fa9.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/367df30b92639351a6d0f93cb000665c.000000a3.honggfuzz.cov delete mode 100644 examples/bind/corpus/367eb68421cada236a695f3d3de616a9.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/36a4a894b71d83577941889702056d88.00000053.honggfuzz.cov create mode 100644 examples/bind/corpus/36b64bdcc48ba14f0ead702a0cbe5925.00002000.honggfuzz.cov create mode 100644 examples/bind/corpus/36c9daec954fe3303a6c49bb00974541.0000005a.honggfuzz.cov create mode 100644 examples/bind/corpus/36db85b5c219e6b3e8f6545c2312f37b.0000006e.honggfuzz.cov delete mode 100644 examples/bind/corpus/371a03c91bce363b06da43e841e24852.00000933.honggfuzz.cov delete mode 100644 examples/bind/corpus/371a2dfc64dd9cdc43d98f92155b1c1f.000000f7.honggfuzz.cov create mode 100644 examples/bind/corpus/3733e5ba9eef6c43d4c0537032509325.000000e9.honggfuzz.cov create mode 100644 examples/bind/corpus/3747119b52889d61e30a16a4ab201d41.0000a0d7.honggfuzz.cov delete mode 100644 examples/bind/corpus/374ba09dad4267c260f6eebb4cedffda.000006ab.honggfuzz.cov create mode 100644 examples/bind/corpus/37799224fe677984d807798864eae050.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/37942dce335c8c42d81f68fd02f7e122.000000ac.honggfuzz.cov delete mode 100644 examples/bind/corpus/37a45dd5d50b43cc59974188b4db6808.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/37cbccf2472d913603570ecb85411383.00001969.honggfuzz.cov create mode 100644 examples/bind/corpus/37d04973be59b37b24be825f76ab672d.00000653.honggfuzz.cov create mode 100644 examples/bind/corpus/37d10496b1efc7b8d3e32e7239d0423f.0001b355.honggfuzz.cov delete mode 100644 examples/bind/corpus/37f14096592817c63a609e489ef35afd.000000aa.honggfuzz.cov create mode 100644 examples/bind/corpus/38046e35c45e8eecd1fdbbb990ab3098.0001c194.honggfuzz.cov create mode 100644 examples/bind/corpus/381b5754253723250be738d24834c9d1.000000c0.honggfuzz.cov delete mode 100644 examples/bind/corpus/382b3cd2fc3fc193a2dc2dc9ca160daa.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/383c5c838b1ca449d72ab362ca228414.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/384a37d1bbaaa4c5b59e184ff09a1e79.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/3850d8aab0d81be48810144c16dfe8cb.00000775.honggfuzz.cov delete mode 100644 examples/bind/corpus/386bef85b3906520c00e967c919d90e6.0001a03f.honggfuzz.cov delete mode 100644 examples/bind/corpus/3878344b3c558004de76be954b598b48.00002265.honggfuzz.cov delete mode 100644 examples/bind/corpus/3879d2f1f1539b828de21655d520bdda.00002710.honggfuzz.cov create mode 100644 examples/bind/corpus/387b9d908d4c900b5c012e26d13bebfc.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/38803eeabc40333ea7faf1b8ad63c16e.000000b2.honggfuzz.cov delete mode 100644 examples/bind/corpus/388e549478acb66b6d29cea978406340.0000005c.honggfuzz.cov delete mode 100644 examples/bind/corpus/38a0df8f794de619bfd106810042f00d.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/38cb64e4ca99b1f2c5a9397a70fa9ba6.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/38db5c0b9349d10bce0012811b1f327a.0001a058.honggfuzz.cov create mode 100644 examples/bind/corpus/38dba5a31d683f5c784fe3be36b50406.00000c7c.honggfuzz.cov create mode 100644 examples/bind/corpus/38dfad6ef42aafa3de266a606f8c6d67.0000ed52.honggfuzz.cov create mode 100644 examples/bind/corpus/38dfc97727325abe1e171b16ce1fc4ac.000000a7.honggfuzz.cov delete mode 100644 examples/bind/corpus/38f1a09bfff185245e910e2c6bb67b78.00000d31.honggfuzz.cov create mode 100644 examples/bind/corpus/38f96628f4079206cdc793c5c5e670d5.0000004f.honggfuzz.cov delete mode 100644 examples/bind/corpus/39002753b06d39bf0397fa093a660100.00001670.honggfuzz.cov delete mode 100644 examples/bind/corpus/3900543a66c62e98afebf4190740307e.0000003a.honggfuzz.cov create mode 100644 examples/bind/corpus/3905841e513f877fe1209101699135ca.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/3913365747eac056405f8b4c307010c1.0000007f.honggfuzz.cov delete mode 100644 examples/bind/corpus/39245fc156f84606286df0b6fa8b8d4d.0000192a.honggfuzz.cov create mode 100644 examples/bind/corpus/392f1da061210ac4b5caf10e73ca472c.000004a0.honggfuzz.cov delete mode 100644 examples/bind/corpus/39737763acd20259342d7e74481a4803.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/399237d3553f9f36623a0b27873e09dc.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/3996e1a8a3c17e12112d2011ea02c4d3.00003e92.honggfuzz.cov delete mode 100644 examples/bind/corpus/39a3fa2d7f0cad96bb325108082152fb.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/39dd27bfb1ce4014555c1d8d34314044.00020000.honggfuzz.cov create mode 100644 examples/bind/corpus/39e9ba801ebfceb9d234e61c5447b460.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/39f0f3629f41428434fd01dd59dc046c.0000001a.honggfuzz.cov create mode 100644 examples/bind/corpus/3a0a2e12627283b647a884758569891f.000003de.honggfuzz.cov delete mode 100644 examples/bind/corpus/3a0ea02051deb67c24c026798538707a.00000076.honggfuzz.cov delete mode 100644 examples/bind/corpus/3a16e39d6b60d1956c9a7cfdac411cb2.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/3a28bd3abba668309bc77bb974ed7871.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/3a32ea95816ba45a2f1309affdfaef9f.0000983d.honggfuzz.cov create mode 100644 examples/bind/corpus/3a630a66eb8b9208a247f4c30e055a4c.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/3a870e75fac040dc8033109a408efa1e.00000902.honggfuzz.cov delete mode 100644 examples/bind/corpus/3a99cba5e33ccf3454c7b16b3fb284b8.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/3a9d6c2250903c1cfe1814827f71e209.0001e1e3.honggfuzz.cov create mode 100644 examples/bind/corpus/3acf8449ce4e5212a4c91e55cd8ccb15.00000022.honggfuzz.cov delete mode 100644 examples/bind/corpus/3aeb22043a51e0adfa7b61b1af6462f7.000000de.honggfuzz.cov delete mode 100644 examples/bind/corpus/3b0464da4efb354f07d5913ac7974d9a.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/3b112177541b9fcd8391e4f2d80b5c63.0000011a.honggfuzz.cov delete mode 100644 examples/bind/corpus/3b219bbb36ccb36cafcae393b97ac803.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/3b26d1259ad079bef1ba39e08dc39649.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/3b484204d5a3105f342b6aa7febb2a32.0006703e.honggfuzz.cov delete mode 100644 examples/bind/corpus/3b6bc19cd86a4340644b727895c16c64.00000020.honggfuzz.cov create mode 100644 examples/bind/corpus/3b765dead80ce48aa7d95f325c871c9c.00010106.honggfuzz.cov delete mode 100644 examples/bind/corpus/3b85367b0a7ac0799d857851469d98d0.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/3bbb0ff9f78e1db8adab84f9408bf5d7.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/3bbcf03a84df217ebc42958399f0507f.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/3bbedb7ec54732c675f31c231fd1b808.00039ae6.honggfuzz.cov create mode 100644 examples/bind/corpus/3beae469f8dc28d49c33aa9f6b6ce37c.0000032e.honggfuzz.cov delete mode 100644 examples/bind/corpus/3c058ea574a14a42325a95f0b1d007ba.000167d2.honggfuzz.cov delete mode 100644 examples/bind/corpus/3c21e7b32ee85f127e28d1a69eb63641.00000145.honggfuzz.cov create mode 100644 examples/bind/corpus/3c76f61b58ea78b748f3bd5cc21024ff.000101cb.honggfuzz.cov delete mode 100644 examples/bind/corpus/3ca4d027a5df2f689922ce7fe02c208e.000000a3.honggfuzz.cov create mode 100644 examples/bind/corpus/3cd5c6858ab4fb7a7f168105a685284f.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/3cdda7c47e1c24782549a0d3fe02ed4e.00000101.honggfuzz.cov create mode 100644 examples/bind/corpus/3cdf456afe9745bb378facf69c9ea2ac.0000001c.honggfuzz.cov create mode 100644 examples/bind/corpus/3cf15d7f7f658affe70fe60bd4f53729.00000281.honggfuzz.cov delete mode 100644 examples/bind/corpus/3d206ca482329cc4d0de244347fdb506.00000097.honggfuzz.cov create mode 100644 examples/bind/corpus/3d2cd640d6bdd08daf2ce07a5affe51c.00001cc1.honggfuzz.cov delete mode 100644 examples/bind/corpus/3d3c68a6d72ef110d1a4040524ff6837.000000ce.honggfuzz.cov delete mode 100644 examples/bind/corpus/3d88ceb4cb77b640d8f10fac8f646859.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/3d97be93cf138b79eb6ec27e98767b6f.000009ea.honggfuzz.cov delete mode 100644 examples/bind/corpus/3da3052dc4ea9f1db17bdac297919440.00014292.honggfuzz.cov delete mode 100644 examples/bind/corpus/3dba0dae205888746076c35bf8ede9a2.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/3ddc3da03601e0932eec4ecc97912712.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/3de8d7cd2eb9461f65215cd8d1a6f73a.0000024d.honggfuzz.cov delete mode 100644 examples/bind/corpus/3df069973be39612efde4b8284a02ef5.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/3e0fd97a723e3ce4265a925d7cf067a5.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/3e135c82dcfb35b2148cb07eab1a56fb.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/3e18c41196ba7c3a2d5d2ba03bb576da.00000081.honggfuzz.cov create mode 100644 examples/bind/corpus/3e5afa32ec934e8311efc2bb87cebc78.00000bb8.honggfuzz.cov delete mode 100644 examples/bind/corpus/3e77be4cd0dd3afd98a141ce891693bf.000037a1.honggfuzz.cov delete mode 100644 examples/bind/corpus/3e8cad5dbb77468332ee265c509f4fe7.0001ecf3.honggfuzz.cov create mode 100644 examples/bind/corpus/3e9840cdf8f54bf5982ce825a1861715.00000094.honggfuzz.cov create mode 100644 examples/bind/corpus/3e9c0fa2fdf5a7d2f10337426ba58fed.0000001d.honggfuzz.cov create mode 100644 examples/bind/corpus/3e9eb5416d5426bf2671f4b270f29ff7.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/3eb723a29dc4c016b1d8d1a8fede36f2.00000272.honggfuzz.cov delete mode 100644 examples/bind/corpus/3ebb87e8dcb947ab5519a1aa44277fcf.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/3f0060b11c4ea864d46ca0fa4df42f5f.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/3f091bd07df3d12bef68fa230fd14cca.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/3f091bd1a683d12bff683d3eb90a217d.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/3f0b5463a3dcb42149bd72265473ace7.000001b9.honggfuzz.cov delete mode 100644 examples/bind/corpus/3f233263057262ce3ff68212468fff2a.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/3f3c030043a3be262349a294338a82d0.0000077f.honggfuzz.cov delete mode 100644 examples/bind/corpus/3f45baf13978fc0615f48f2b93a41498.00000094.honggfuzz.cov delete mode 100644 examples/bind/corpus/3f4c3119090a061f16e71f8e4631071e.000001de.honggfuzz.cov create mode 100644 examples/bind/corpus/3f5c2ce44773804d4bd0ef560e413597.000001bc.honggfuzz.cov delete mode 100644 examples/bind/corpus/3f5ed01eb754d5d933eb38223e11211b.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/3f7ec200013c494097a906a9c8f22282.00000083.honggfuzz.cov delete mode 100644 examples/bind/corpus/3f803459cc25c1752ac40fb4c3aa4ac6.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/3f8c06f3610259749f5919efd3470aaa.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/3fa40ff0478171b77f99b4a0caed2fcd.00002ac5.honggfuzz.cov create mode 100644 examples/bind/corpus/3fa91afcf6a46f5e264ab2b6549aaaeb.000002a9.honggfuzz.cov delete mode 100644 examples/bind/corpus/3faedc5bc5fb9906c21dc393d23e8011.00000126.honggfuzz.cov create mode 100644 examples/bind/corpus/3fc667fc09983ebb053c10eb0ed94375.000001d5.honggfuzz.cov delete mode 100644 examples/bind/corpus/3fcb3d906949f2253ffdd5399658f98f.0000c1d1.honggfuzz.cov create mode 100644 examples/bind/corpus/3fd160d86480f74a5b15de449d78e26e.00000cd7.honggfuzz.cov create mode 100644 examples/bind/corpus/3ffe53597fd42261fc5dcd63654ce0a8.0000030c.honggfuzz.cov create mode 100644 examples/bind/corpus/4016b2efc29cb3fed060562f6c2c74a2.0000097e.honggfuzz.cov create mode 100644 examples/bind/corpus/402a2bf52aefe603c2996a3002e975f2.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/402df9cb27dfb552e73e93765dca4171.0000031e.honggfuzz.cov create mode 100644 examples/bind/corpus/4058c136ee7d3b9584b4733f9d450b74.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/405d104a3f27a372f2fd547be0fe493b.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/406cda5cb9b5e02d5675a3823998436a.00000056.honggfuzz.cov delete mode 100644 examples/bind/corpus/408550feba77952af4bb1afa73ce647a.00000b55.honggfuzz.cov create mode 100644 examples/bind/corpus/40989aef3798a552e530c8baacc25d00.000000d5.honggfuzz.cov create mode 100644 examples/bind/corpus/4098cf2d91883eb4a4cbee52e664cc63.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/40b09916393cc55cc36bc8415061e0a2.00000024.honggfuzz.cov delete mode 100644 examples/bind/corpus/40cd40f33d97e9746f8106a1f2560a7e.000006a9.honggfuzz.cov delete mode 100644 examples/bind/corpus/40d5299e5135fa18d852238df1fc5c6c.0000001d.honggfuzz.cov create mode 100644 examples/bind/corpus/40ea4615e039fba82d89741e356c5db7.0000001d.honggfuzz.cov delete mode 100644 examples/bind/corpus/41079ed884d2baeacfb607ede2adb25f.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/4113166509a037316d74c321f2229d37.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/41282c5be007f089d337f9003486c23d.00000092.honggfuzz.cov delete mode 100644 examples/bind/corpus/4147351ad94b7d294b4c66860e603e67.0001a902.honggfuzz.cov create mode 100644 examples/bind/corpus/414c9d2f7d09e817928cf596dcf284c3.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/41899af825b6fce7ad74e0389a08ec37.00000035.honggfuzz.cov create mode 100644 examples/bind/corpus/41b2bf6d585a717ec3a08c7ee2ae811d.00000bb8.honggfuzz.cov delete mode 100644 examples/bind/corpus/41dbe80f6f84abc6d5ba454e3eeb99fc.00016ced.honggfuzz.cov create mode 100644 examples/bind/corpus/420306a599cc67a0df7130861ee6203e.0000002e.honggfuzz.cov create mode 100644 examples/bind/corpus/4216d0fac1901af468fe4ede4d18201e.00006b46.honggfuzz.cov create mode 100644 examples/bind/corpus/422b34282efa920ff91bb1a9090dcb38.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/42368f7aadb49549bd9ffdaff74d8e06.000002e6.honggfuzz.cov delete mode 100644 examples/bind/corpus/423addc7913676ede3291af866992142.00005312.honggfuzz.cov create mode 100644 examples/bind/corpus/4266eb7b9ceb69f1dacba416541d8e18.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/42a7641aad7d2944826b6a2341024f8b.00000123.honggfuzz.cov create mode 100644 examples/bind/corpus/42c9b1f340abbd60548df9b37c1ec674.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/42ccd5be86fdb06b0b7a37bd90e63c11.000010cd.honggfuzz.cov delete mode 100644 examples/bind/corpus/42cf3e50e582f0df31e5f6fb86e1a05f.00000181.honggfuzz.cov create mode 100644 examples/bind/corpus/42dd2f51bbb6d50b9f1cac087165fe20.00002a10.honggfuzz.cov create mode 100644 examples/bind/corpus/42f75818630eedb7b46f0f65c0769fc8.0000009c.honggfuzz.cov delete mode 100644 examples/bind/corpus/43050e23d5e688e007efe7db27cbc591.000000c0.honggfuzz.cov delete mode 100644 examples/bind/corpus/4308a81f82c2b84f540c2e1825d657d3.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/431cd25eaa7baee41ed4cd8cf39d1305.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/4326007a83993129f3a4e9cf0b8d240c.00000040.honggfuzz.cov create mode 100644 examples/bind/corpus/4340e9cf22c1e65a82a461299af2334a.00001446.honggfuzz.cov delete mode 100644 examples/bind/corpus/434cbb0938b1f4ebda1f28d932aee917.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/435421aae811e4b54092e121e08fd236.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/436079eb7940c4ae01a1be3c3a6be5fd.0003f045.honggfuzz.cov delete mode 100644 examples/bind/corpus/4361d619f06192a7999e32028744b1cc.00000077.honggfuzz.cov delete mode 100644 examples/bind/corpus/437d72bf5488ebe3c997d86b73325ab1.0000009e.honggfuzz.cov create mode 100644 examples/bind/corpus/438b43119187854774d25e2747a525db.0000001c.honggfuzz.cov delete mode 100644 examples/bind/corpus/43ac683c9eff9a494ea6c5b392a8e72e.0000049c.honggfuzz.cov create mode 100644 examples/bind/corpus/43b73f4a2f4721ba7a4e2333ba3610db.00000127.honggfuzz.cov create mode 100644 examples/bind/corpus/43bb91f48bbca11cd081ca87d11b72ad.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/43e895a9c718776b64fe97e5886c7b6d.000196e0.honggfuzz.cov delete mode 100644 examples/bind/corpus/43eb3241981661605216da6cdbcbb2da.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/43ec76b5147df29edf4773ec61e10ffd.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/43f4bdaa69b1dbb46be9e02e00323f1a.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/4470b5f31d93aa4bb255d5a5b3cc4740.00001ffb.honggfuzz.cov create mode 100644 examples/bind/corpus/44884b7abb5dacf5f96d969d14fdb925.000075e1.honggfuzz.cov delete mode 100644 examples/bind/corpus/4492e311548f10ab95ed4a4fc521077d.0000004a.honggfuzz.cov delete mode 100644 examples/bind/corpus/44aec5d3d73651da3a1a4416cd526d27.0000197d.honggfuzz.cov delete mode 100644 examples/bind/corpus/44bdd8e468974403ab30bf1b76205448.0000e721.honggfuzz.cov create mode 100644 examples/bind/corpus/44cd46983793c5f4939156df3ec39189.00000133.honggfuzz.cov delete mode 100644 examples/bind/corpus/44dbadadef0a9d85d5d58bcf4da6bc0f.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/44e4401958f19e6c0e39a41bc9561bf9.00045055.honggfuzz.cov delete mode 100644 examples/bind/corpus/450a642eed8d0e1ff2ac229ecc334e15.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/4517c0eb4ee53011f9e60fd4458daf72.000004e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/452fda63684a6e47698826018138154c.000006a9.honggfuzz.cov create mode 100644 examples/bind/corpus/455b3c1c72d304a014696e6bd70af54e.0000005f.honggfuzz.cov delete mode 100644 examples/bind/corpus/455ced66ea65707c4ceab99089454191.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/457b24916c45ae9e41fb0f6b3d630f02.00000892.honggfuzz.cov delete mode 100644 examples/bind/corpus/4583d6ad8e705f7a382d9aee9c370c13.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/45ba71c3a3d9142679e6bdb5bba9e83f.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/45cabb4f6a765de37721f5c30b6206bf.0000002b.honggfuzz.cov create mode 100644 examples/bind/corpus/45e1bf462e4f141a2eadf01acb8bad48.000000a6.honggfuzz.cov delete mode 100644 examples/bind/corpus/460b60c88bcac1944a9543f1104d31ab.00000056.honggfuzz.cov create mode 100644 examples/bind/corpus/4614075307774d6afd3f46839df6fd28.00000118.honggfuzz.cov delete mode 100644 examples/bind/corpus/463cf81722d2045a663d48e961145299.0007695a.honggfuzz.cov delete mode 100644 examples/bind/corpus/463d021b945b2ba1ce4707bd1d5fe4bd.000001ab.honggfuzz.cov create mode 100644 examples/bind/corpus/46515209dc700c8c74bb31a6ba9754b2.00002710.honggfuzz.cov delete mode 100644 examples/bind/corpus/465ac146631215422ea57077a25940df.00002a35.honggfuzz.cov create mode 100644 examples/bind/corpus/4667493408df9d1fc92f019e1f8a0bc2.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/466d5a9f5098e35d40444028c6c5ed1b.00001cf2.honggfuzz.cov delete mode 100644 examples/bind/corpus/467c5d7dc54cee73ddef31b34f521195.00016ced.honggfuzz.cov create mode 100644 examples/bind/corpus/46d027a66a3a857bfa6c0a73db71c62d.00017c0f.honggfuzz.cov create mode 100644 examples/bind/corpus/46eec67b35edb0d17da0de9749fdcffc.00000e7e.honggfuzz.cov delete mode 100644 examples/bind/corpus/46ef9663dfb2b990f8a215279fb590e4.00000020.honggfuzz.cov delete mode 100644 examples/bind/corpus/470e61d2a0cbebc3d178c2d1cfcbd00f.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/472a03aac0c1ebcac3089c8a1e3c49b8.0001fc7b.honggfuzz.cov delete mode 100644 examples/bind/corpus/4754625f11431eebd738044a3900538d.00016ced.honggfuzz.cov create mode 100644 examples/bind/corpus/4756e3dd43a50f992a241b15c10dcb03.0000e256.honggfuzz.cov create mode 100644 examples/bind/corpus/47779e926332df489da4108344370ce6.000038aa.honggfuzz.cov create mode 100644 examples/bind/corpus/4780a0a6b40f2746bb4280dd54f7582b.00000a0b.honggfuzz.cov delete mode 100644 examples/bind/corpus/47824a167d3083cd124440c3aad9587b.00000037.honggfuzz.cov create mode 100644 examples/bind/corpus/47be9c6d7ccf5f3c439ca10ead919a37.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/47ffb2cca30644de3c657a98efa5e4fc.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/480ae94e5e4794e6364a4035347b0122.00000933.honggfuzz.cov create mode 100644 examples/bind/corpus/4816569898dabe2e83a33bd5b6548192.00000040.honggfuzz.cov create mode 100644 examples/bind/corpus/48182846333f0830e948eb5b8ea43262.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/4825914b898b60eb2086dad4ac92cfc1.000001a5.honggfuzz.cov delete mode 100644 examples/bind/corpus/4826f1ac3739be49b4c4ee8b16e61d18.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/486f5ebea6178f4a926ec6b36ec92615.0000002d.honggfuzz.cov create mode 100644 examples/bind/corpus/4870765eab9007d630e3b41071633424.0000007d.honggfuzz.cov delete mode 100644 examples/bind/corpus/487430a3dc9aa4b22d9ff9123e8f83f2.000008ec.honggfuzz.cov create mode 100644 examples/bind/corpus/489073a8821fe384b116c441c4d66b34.00012033.honggfuzz.cov delete mode 100644 examples/bind/corpus/48a5746dbb2e2bfa2480a404685ff0da.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/48ae880aa7dffb1e44b32e23dccf5fa6.000000a4.honggfuzz.cov delete mode 100644 examples/bind/corpus/48cdba6dea19b8aad72042ccf4888a6f.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/48e4d1269171afcf3b0f32b90dab3efd.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/48ea4d0b97b17228cbcd63d68b8d4edf.00007b50.honggfuzz.cov delete mode 100644 examples/bind/corpus/48fdd4589610c9970e468cfa912f7df3.00000b1e.honggfuzz.cov delete mode 100644 examples/bind/corpus/490983350ef88a6bedbc688b0110bc79.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/490c1683ae8ea879a6a9246cb282f5e4.00000181.honggfuzz.cov delete mode 100644 examples/bind/corpus/491c1a758429b4cf335f14a0d2265af7.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/4924300c4c7751b9aed67bad09fc84f8.00000f21.honggfuzz.cov create mode 100644 examples/bind/corpus/492ff64bed44217c07524c39b10a9fd3.00000e0d.honggfuzz.cov create mode 100644 examples/bind/corpus/494313cf14108bb66997ad1bcaa0d6ac.00000033.honggfuzz.cov create mode 100644 examples/bind/corpus/49504d40000000003d30392000000000.00000003.honggfuzz.cov delete mode 100644 examples/bind/corpus/49531e33f415641a351c13d827fee270.000097c6.honggfuzz.cov delete mode 100644 examples/bind/corpus/497136b0b27e0e9d49b728b80c7b99ea.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/498126255732a853f7ea9ba21b3e77c9.0000004c.honggfuzz.cov delete mode 100644 examples/bind/corpus/49c50943aa1a16b297bdcffd8b23123e.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/49cb971984f61582a8184132586ca2ad.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/49ce6a4a1c80e3877ff421bfa6d45d5a.00000077.honggfuzz.cov create mode 100644 examples/bind/corpus/49da197b868320aa7260a160a0168316.00000038.honggfuzz.cov delete mode 100644 examples/bind/corpus/49f06c13e693a46b06f540eeda37c210.000001c9.honggfuzz.cov delete mode 100644 examples/bind/corpus/49f26f607004bd0323131c0a991f27f1.00000e06.honggfuzz.cov delete mode 100644 examples/bind/corpus/49fd7125ce16f5c8057f2ca094c9f14f.0000679d.honggfuzz.cov create mode 100644 examples/bind/corpus/4a2f276f74fad8f572846b45fae52f7b.0000007d.honggfuzz.cov delete mode 100644 examples/bind/corpus/4a7770c21396a9faba2aae1aa1a5a5de.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/4a835a909a0a76f75c80fd148740981a.000000be.honggfuzz.cov delete mode 100644 examples/bind/corpus/4a88965fed41471e7ab3ec991a48a713.00012fa2.honggfuzz.cov delete mode 100644 examples/bind/corpus/4a91defefdd77c805a05e898aefdd08b.000070c6.honggfuzz.cov delete mode 100644 examples/bind/corpus/4a9317e05af93bf973ccf5c0ecfd834b.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/4ab4110beab5caae5d12c2f3b4501a45.0000010f.honggfuzz.cov delete mode 100644 examples/bind/corpus/4af2944618b8af759de4cbade7cd6147.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/4b225b8449c3063bfde7b8630a2aa021.000000b2.honggfuzz.cov create mode 100644 examples/bind/corpus/4b352746a05782e0fb254325a2b7717b.0000004b.honggfuzz.cov create mode 100644 examples/bind/corpus/4b4d86f9c8aa90796f11da02aee15578.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/4b5434acd747ff1fdfef1232d2eea64c.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/4b551eec50227ce38677382a0497d65b.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/4b911dd92ca7c0988d4fed2ab9970df3.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/4b91e16f03aa3031c6375d09c3089a34.000040c1.honggfuzz.cov create mode 100644 examples/bind/corpus/4b95af899e2cc0ccafb5b4c849482d5e.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/4ba5392885fe89d5b2f776fca1319a02.000000a6.honggfuzz.cov create mode 100644 examples/bind/corpus/4bb7f6a189fecb553bd3ae6f52e771f3.0000006c.honggfuzz.cov delete mode 100644 examples/bind/corpus/4bc542c71a869445efc0e41dd835f576.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/4bc639919146d871aed8915c2a6e1fcc.00000035.honggfuzz.cov create mode 100644 examples/bind/corpus/4be6c077ffbd84d5d2a03d93642b67f1.0000091d.honggfuzz.cov delete mode 100644 examples/bind/corpus/4bffec7824a7171206d83d1b2fd5143a.00000171.honggfuzz.cov delete mode 100644 examples/bind/corpus/4c2587ba9ee089d34fa4e72e44da9737.0000003e.honggfuzz.cov delete mode 100644 examples/bind/corpus/4c385a963583c69e3f949f3d0c0bd8f0.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/4c78956dd9dba35dbe5bdeb8cfd07d73.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/4c9b45cc4e311814a0417093c4587097.000001b5.honggfuzz.cov create mode 100644 examples/bind/corpus/4c9f000b591c7eb418fdb0fdecb0dc2b.0000053d.honggfuzz.cov create mode 100644 examples/bind/corpus/4cb3009f0f54e20958399ffd02b832d2.000037a0.honggfuzz.cov delete mode 100644 examples/bind/corpus/4cbea8fd618e9e2ee35f54ba3fca2223.0001f8de.honggfuzz.cov delete mode 100644 examples/bind/corpus/4cd5cd371d7e86766fe0297647899790.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/4cf4580680b895b309d027b24d603546.000001c6.honggfuzz.cov delete mode 100644 examples/bind/corpus/4d2b493d38669b3d389d5270b9344792.0001859c.honggfuzz.cov create mode 100644 examples/bind/corpus/4d4650143a3b41bbb05f7106da372ecc.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/4d4ea4ab1f6447f303b61215072be5b5.00000126.honggfuzz.cov create mode 100644 examples/bind/corpus/4d4fe1ab1f6447f3034c4db0076ab1a0.00000126.honggfuzz.cov create mode 100644 examples/bind/corpus/4d53a173599108ac23ed5eda7f947ef1.0000fb97.honggfuzz.cov delete mode 100644 examples/bind/corpus/4d762135a3ea1c7e19581a57b6ced7d6.000147bf.honggfuzz.cov create mode 100644 examples/bind/corpus/4d92beedcaf6c07461f99fb9b85824c8.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/4dc4669ff5409960ce6cdf1fff994817.0000003e.honggfuzz.cov create mode 100644 examples/bind/corpus/4deebf2e01bba341e9704b7c58475edc.0000025c.honggfuzz.cov delete mode 100644 examples/bind/corpus/4e463e22b6eed86e37ad37e7c89b1993.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/4e477e30994435752377a5e45fa0f5d1.000000a4.honggfuzz.cov delete mode 100644 examples/bind/corpus/4e8623861177db48f6d3be5ca903d282.000000ac.honggfuzz.cov delete mode 100644 examples/bind/corpus/4e8f023adfd6883d9b9062ab65e0dcc6.00002757.honggfuzz.cov create mode 100644 examples/bind/corpus/4eadda47780298e50237e146ce8062d5.00001552.honggfuzz.cov delete mode 100644 examples/bind/corpus/4eccfaa91257425b9261b98ca201a294.00000057.honggfuzz.cov delete mode 100644 examples/bind/corpus/4efa0caf29d5a55a08cd465bfe611b31.00000288.honggfuzz.cov delete mode 100644 examples/bind/corpus/4f145892841884772605eff5aad27d28.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/4f1cd62dec17ce4d58ef952bbbfc146a.00000098.honggfuzz.cov create mode 100644 examples/bind/corpus/4f2adc9ca346cb9593dfeb80ed41b54c.000105b8.honggfuzz.cov delete mode 100644 examples/bind/corpus/4f4396a3a70a782efdf5de0cbdf81ccb.0000d0e4.honggfuzz.cov delete mode 100644 examples/bind/corpus/4f4d84c860227d84e8f4479042108a8e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/4f5d742b7e602ddeb664db4eadbd67e0.0000008c.honggfuzz.cov create mode 100644 examples/bind/corpus/4f636e71c9b4101de5d6c3c917c0f32c.0000121f.honggfuzz.cov create mode 100644 examples/bind/corpus/4fa29d70656e1147a6e5a7cc6131827b.00000124.honggfuzz.cov create mode 100644 examples/bind/corpus/4fb0d321931337cbbadea3536ff102c1.0000b9cb.honggfuzz.cov create mode 100644 examples/bind/corpus/4fb49c36421f5813183699282a053659.00000bb8.honggfuzz.cov create mode 100644 examples/bind/corpus/4fbc8b29d981931978ef781acc2d2d00.000000a0.honggfuzz.cov create mode 100644 examples/bind/corpus/4fd3668bdd804e357c198bdcaaf167b8.000009de.honggfuzz.cov delete mode 100644 examples/bind/corpus/4fd4112c5afe26f494f0c2f770830a96.0001e290.honggfuzz.cov delete mode 100644 examples/bind/corpus/4fd58ac130ad5b64625d86df7fee5c2e.00000707.honggfuzz.cov create mode 100644 examples/bind/corpus/4fdf2d257363468eca0956b79e1c3529.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/4fe515caf8bbefce83d12b0882b45b86.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/4ff1922109720b07aff98fad02309227.000005f4.honggfuzz.cov create mode 100644 examples/bind/corpus/50223cbafee5e7ad7771a238f2b59628.00000200.honggfuzz.cov delete mode 100644 examples/bind/corpus/5029ff5416de115655f27e105a21cc91.0000001d.honggfuzz.cov delete mode 100644 examples/bind/corpus/50504d222f99c136bad64a58cd1729f6.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/508141461e4109be73680caef108c964.0000006c.honggfuzz.cov create mode 100644 examples/bind/corpus/50dfe685a3b8705cb49eab08437ada37.0000c36b.honggfuzz.cov delete mode 100644 examples/bind/corpus/50f3042f4cff78de22f9de76c1974529.000001cf.honggfuzz.cov delete mode 100644 examples/bind/corpus/50f31b4883dca77a6d3cf1106226e6d2.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/510a00710e2261c7c814fc1c152c0f04.00001a80.honggfuzz.cov create mode 100644 examples/bind/corpus/5137b33a5307b4e4bd91821fef3be762.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/5138148f2ed4211fe06b51804006d537.000000eb.honggfuzz.cov delete mode 100644 examples/bind/corpus/514510a96556932b0b8a1bfbe2ea8046.0001f060.honggfuzz.cov create mode 100644 examples/bind/corpus/514dd602a14c12fb335e6c14544e827c.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/51561c6842e200d74252f27d65823a9a.000000c6.honggfuzz.cov create mode 100644 examples/bind/corpus/51561c6842e2d5574faf72a89802ef47.000000c6.honggfuzz.cov delete mode 100644 examples/bind/corpus/515c2116148214395aef5cd26b275a38.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/5177437f04db80c2c5be9420082c51f2.0000009f.honggfuzz.cov delete mode 100644 examples/bind/corpus/51817a1c80176c19ec5ef3f39c15179d.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/5197e180871a2cd45d3d4b4f52d643cd.00000d69.honggfuzz.cov create mode 100644 examples/bind/corpus/51b0cdf06668240bef0921af0396c4a1.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/51b201ed4efc90058ebe8159a29c0cf9.0000008e.honggfuzz.cov create mode 100644 examples/bind/corpus/51bbf660eebcc44016515fcdf4bcbbba.00000581.honggfuzz.cov delete mode 100644 examples/bind/corpus/51bc5f42e6579808f92310eb68eb87bc.000017ef.honggfuzz.cov delete mode 100644 examples/bind/corpus/51ddeb4d54d92414884917e1cc559a69.0000003d.honggfuzz.cov create mode 100644 examples/bind/corpus/51df9950e4926e87bb4c877abca1abae.00000200.honggfuzz.cov create mode 100644 examples/bind/corpus/51eca51ce1af9329c34ce48d957204bc.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/520188aed921bbf4fd0caaf7393af7a9.00000308.honggfuzz.cov delete mode 100644 examples/bind/corpus/5225c6a16c332ab20db9a52838642ee0.0000cca1.honggfuzz.cov create mode 100644 examples/bind/corpus/522fa9d78e00e6087effe2f35a366bdc.00000034.honggfuzz.cov create mode 100644 examples/bind/corpus/523e562de9a53e0b5eec7294c64da728.00000c39.honggfuzz.cov create mode 100644 examples/bind/corpus/5241657e5defd3b2305ca394c7b09ccf.00000453.honggfuzz.cov delete mode 100644 examples/bind/corpus/525b7183cb6b9df4b5c07b087bb1e047.0000001d.honggfuzz.cov create mode 100644 examples/bind/corpus/5265bc3daef02f9759d3dbfc535929e7.00018619.honggfuzz.cov create mode 100644 examples/bind/corpus/526eb9bf195fc4780794fd724a066096.000002c8.honggfuzz.cov create mode 100644 examples/bind/corpus/5273e7f922e59f319763072c1b1c697c.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/528773868e7ed53cf285366cec7196b1.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/52a0b40f67913a8d94b570f40d0a3987.00000040.honggfuzz.cov create mode 100644 examples/bind/corpus/52afc32a750f1338bd781a6831729706.000000a4.honggfuzz.cov delete mode 100644 examples/bind/corpus/52c8e9b65c9e49cb4cf2f3744793725a.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/52db29d3d5e8abc10d79481c9157f409.00001c53.honggfuzz.cov create mode 100644 examples/bind/corpus/52e3117fcee7fa21da6bfd765581cdfc.00000360.honggfuzz.cov delete mode 100644 examples/bind/corpus/52eb9e5bde2c703ea54208b617de0776.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/52f036facf15ff45405074ebca232db2.000007d6.honggfuzz.cov delete mode 100644 examples/bind/corpus/52fee85a0a0e6319d2fd97e517378e2c.00001bcf.honggfuzz.cov create mode 100644 examples/bind/corpus/5305241853949cb2309dc58aa08d3688.0000001e.honggfuzz.cov delete mode 100644 examples/bind/corpus/530e5d9185154dc643ecce8ee84f4604.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/5324e003db7bc7f5a6775b7b53605490.00000008.honggfuzz.cov delete mode 100644 examples/bind/corpus/53375b95c3e01439fc545ce16917228d.00004c27.honggfuzz.cov create mode 100644 examples/bind/corpus/534a06900c080721b6a94749a6f9122d.00000186.honggfuzz.cov delete mode 100644 examples/bind/corpus/5360aec5b51e74a7ff2188cdc575bc54.0000004f.honggfuzz.cov delete mode 100644 examples/bind/corpus/5377ea11f65f5c22604ec9cc98357241.0002bfb4.honggfuzz.cov delete mode 100644 examples/bind/corpus/537c92813c0e10317af44fdfc1312df0.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/5394615a6adb5458cd72190112bbc5fa.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/539937a667755e70457bb206fe61c413.00000138.honggfuzz.cov create mode 100644 examples/bind/corpus/53adc1800bbd12d1b5e654950e352bf5.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/53b8322c1eafd07257323a8992c718b9.0000ffe6.honggfuzz.cov delete mode 100644 examples/bind/corpus/53fd80c70c245bcf5f6ef21cf06fe550.00014ebc.honggfuzz.cov create mode 100644 examples/bind/corpus/53ff9e652c98f9912d99cc9c2ee05efb.00008b51.honggfuzz.cov delete mode 100644 examples/bind/corpus/54203440fa8034af284649198a25c4f1.0000040a.honggfuzz.cov create mode 100644 examples/bind/corpus/543aa525f6cdb5994c8a1355d5ff6d24.00000023.honggfuzz.cov delete mode 100644 examples/bind/corpus/543d7d1208f4eedba41323c55ef0b434.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/54637a5edbf75953e5e4b379a760d807.00000126.honggfuzz.cov delete mode 100644 examples/bind/corpus/54805ad29f1790ce1b3cb6cff1fa64e6.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/54a420caedd8c1a829bf89c04c4a2a5e.0000c006.honggfuzz.cov delete mode 100644 examples/bind/corpus/54afc3714eea78ee7e91d20363c943ea.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/54cecdaa03c243b6b09f9b6342eef744.00000037.honggfuzz.cov delete mode 100644 examples/bind/corpus/54dff6536a433a3e8851c854954b80e5.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/54e2b6547f38b685c12088f6128cf8a1.000000f2.honggfuzz.cov delete mode 100644 examples/bind/corpus/54f0d24b389335bc58fd28a4b7b87ff8.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/54f2d129d111bdca4cb3d3127d6a9813.000148cb.honggfuzz.cov create mode 100644 examples/bind/corpus/55099e5936c4dd17168bf8995267fc92.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/55278d9ed7a91ffc9154a6e06c341df3.0000004f.honggfuzz.cov delete mode 100644 examples/bind/corpus/5540b58c7a1c24a4be962ce8016dd6c7.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/5548e96c404d27c25512529af63a54a7.00000090.honggfuzz.cov delete mode 100644 examples/bind/corpus/5592b25c8b64e88b7e8b83a67260c304.00000035.honggfuzz.cov delete mode 100644 examples/bind/corpus/55de3fb2adc0ab83c2d7fa19bda865db.00016ced.honggfuzz.cov delete mode 100644 examples/bind/corpus/55f496461d9141ed61869a58e7eff607.00000200.honggfuzz.cov delete mode 100644 examples/bind/corpus/55fab8fa1444d7b97481590a3b542fa7.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/55fbca2a777dc99610596492c93a9bb8.0000bcfb.honggfuzz.cov create mode 100644 examples/bind/corpus/5617f0c1f70b65bdc235e59822fd611a.00000ab1.honggfuzz.cov create mode 100644 examples/bind/corpus/56188ba08eb3cc618acf68b4b8cc9d79.000000cb.honggfuzz.cov delete mode 100644 examples/bind/corpus/563e43030195521e7947c2f29a576c2c.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/5657d5ebe5cdd9a1a9ddea4731e544a3.00000092.honggfuzz.cov create mode 100644 examples/bind/corpus/5660690554f9f1647642e9472ee2c2c5.0000006c.honggfuzz.cov delete mode 100644 examples/bind/corpus/5689d895744186f7a17b5598327d8dd1.00000181.honggfuzz.cov delete mode 100644 examples/bind/corpus/5692c0d2c3b6c1be15562cfe6483d3bc.00020000.honggfuzz.cov create mode 100644 examples/bind/corpus/56a18169e9508b4b62f4158a74819042.00001aa8.honggfuzz.cov create mode 100644 examples/bind/corpus/56b38ab9ee55815d95be43631a3bbdd2.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/56bea53586b15356b136eb20a0eb7672.0000054f.honggfuzz.cov create mode 100644 examples/bind/corpus/56c487800f0a9dc4186a8755429aebf9.00000181.honggfuzz.cov create mode 100644 examples/bind/corpus/56efc32fa5e5260eeddd712f808cdcbe.0000024c.honggfuzz.cov create mode 100644 examples/bind/corpus/56f18c43484e444bb59afca0335fc3c3.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/571b53e720e69a015a0635d9650520fa.00012b85.honggfuzz.cov delete mode 100644 examples/bind/corpus/57956f9cf77b29ea27026f27293cabff.00000168.honggfuzz.cov delete mode 100644 examples/bind/corpus/579d1b143a6c1befb1d82e239741d6c2.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/57cb8a2f12981a2cdd59bc9a7855d30d.000166db.honggfuzz.cov create mode 100644 examples/bind/corpus/57d0142f4809e2fa6deee243efc0543e.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/57d867f20eb4fd55d6a52aaf6f1031da.000000b0.honggfuzz.cov delete mode 100644 examples/bind/corpus/57e70dfd64897c9dfdeaa51c4470fe07.0000770b.honggfuzz.cov create mode 100644 examples/bind/corpus/5801961f6ff9997918bafcea2c4545e6.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/5819b0ce6dace3f4e75da451eab4b9a1.00000032.honggfuzz.cov delete mode 100644 examples/bind/corpus/581b68544793add2e84a228e77ee1b57.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/581be80ad1032b57d87dae4e1224cfd1.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/58530e0586dbf189c4c14ac8e9335b40.00000097.honggfuzz.cov delete mode 100644 examples/bind/corpus/5853a5dfa6bc78784caf3b9584832fe7.000023d6.honggfuzz.cov create mode 100644 examples/bind/corpus/58650e3065d6039421b8800caa266a10.00002563.honggfuzz.cov delete mode 100644 examples/bind/corpus/5870680cf4bafb8d4a352302205132cd.00000086.honggfuzz.cov create mode 100644 examples/bind/corpus/58822825a48f7cf159c782d89d5d3d17.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/5887efbcbc8915165dabb341f6a730e8.0000010f.honggfuzz.cov delete mode 100644 examples/bind/corpus/588b4b9ae0aacd142a044ec266d06545.00008ffd.honggfuzz.cov delete mode 100644 examples/bind/corpus/588c58c3650085d29a907ba5321e3e69.000001fc.honggfuzz.cov delete mode 100644 examples/bind/corpus/588cdd7ecf3b27d43f24bf60f1f87b34.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/58927ac9f7ae19b8ce9475ef225f8f0e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/58a0a8b8f82b58e2a419aa63d4dc3410.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/58d6cb590a4ca6d16d064407e6667ada.00000799.honggfuzz.cov delete mode 100644 examples/bind/corpus/58ee33731a093aa0a5fd3045091dd8bf.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/593bf3e53bac943924c7285047865082.00000099.honggfuzz.cov delete mode 100644 examples/bind/corpus/5976350998febbb5ca9a838c8defe6c3.000001b0.honggfuzz.cov delete mode 100644 examples/bind/corpus/597cac9c41fbae0b41502d84d2132ea5.00000127.honggfuzz.cov create mode 100644 examples/bind/corpus/59871fcf803dfdd56eeb0ddcb4926855.000000e1.honggfuzz.cov delete mode 100644 examples/bind/corpus/5992793d0ee14edf8d97bd6a2a359d9c.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/59a166f4032ec2e3fc2dd69e586270e4.0007d000.honggfuzz.cov delete mode 100644 examples/bind/corpus/59b0a342f045bf9462417d105d3702d2.0000007e.honggfuzz.cov delete mode 100644 examples/bind/corpus/59bd66a9a1b615293e93c6be392e51c8.000001a5.honggfuzz.cov delete mode 100644 examples/bind/corpus/59df2813e73cdb78bc36df4dc397e9c0.00000684.honggfuzz.cov delete mode 100644 examples/bind/corpus/59df5cbf61d5c9a46d3054d504d82e16.00000c35.honggfuzz.cov create mode 100644 examples/bind/corpus/59f27ff0ad5d6fac7b2e11afb2cbf5c1.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/59fe3b9ae0777ab6eee466eb17ac99fc.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/5a12228f2e8c9453cae39d8b22445829.0000003a.honggfuzz.cov delete mode 100644 examples/bind/corpus/5a2d30a2836d009255ffa50cb4eccc66.00000059.honggfuzz.cov delete mode 100644 examples/bind/corpus/5a4e89b893feb5640b2e055c19eacfe5.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/5a60a582396182ecfd33f17c5d654faf.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/5a7d4f5000b2977854e107544258a8d1.00006322.honggfuzz.cov delete mode 100644 examples/bind/corpus/5abc76d5cdb9f0f51a25908942d28819.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/5acb2df507c2ba8a8c86e4ef43e0ec1f.00001c19.honggfuzz.cov delete mode 100644 examples/bind/corpus/5ad905864e5b40d591b4f96366fe6601.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/5ae52a2d8e0393b0f362fa63fe06e10a.0000ed53.honggfuzz.cov create mode 100644 examples/bind/corpus/5af6ced25da5edb44f1c285477b86507.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/5afc2816924ee1956ef5f2c6ed08dd36.0000008a.honggfuzz.cov delete mode 100644 examples/bind/corpus/5b1f0d1e644ad8e4d1174abc13039e1d.00002635.honggfuzz.cov create mode 100644 examples/bind/corpus/5b20dbb244230749d942622b24d36095.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/5b2341f9d569884d681ae83f963d8b0f.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/5b6b4debf897250ecd3bbb8470779071.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/5b85d42d23ee3d44e77c97f06de5fd60.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/5bb047dcb57a64dc14a5495bd75e3ec1.000025d1.honggfuzz.cov delete mode 100644 examples/bind/corpus/5bc87bcc83236e4c728d67b612817a65.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/5bf6f68318735a68013e75578054f382.00000130.honggfuzz.cov delete mode 100644 examples/bind/corpus/5bf8789d196fcd75d5442cdee6d98a41.00000094.honggfuzz.cov create mode 100644 examples/bind/corpus/5c065bacbcb4c32f2a229f6c0f437417.00000220.honggfuzz.cov create mode 100644 examples/bind/corpus/5c09f1712a647f8524c9d735af050771.000000d3.honggfuzz.cov delete mode 100644 examples/bind/corpus/5c14adbb0a64ae1161fcdd198023dfa8.00000041.honggfuzz.cov delete mode 100644 examples/bind/corpus/5c23ee484ba092664fc330ce43ea0699.0000002d.honggfuzz.cov delete mode 100644 examples/bind/corpus/5c3e0ee62fb28d1187b5a10bb612ae05.000000b2.honggfuzz.cov delete mode 100644 examples/bind/corpus/5c74d3f40604101821d3e7f0c17899a5.00000294.honggfuzz.cov create mode 100644 examples/bind/corpus/5c753f5ed7d5f1967754822983095c22.00000078.honggfuzz.cov delete mode 100644 examples/bind/corpus/5c879bc091be6aad83c83dc7b027a260.00001388.honggfuzz.cov create mode 100644 examples/bind/corpus/5cb0a4dfc256e08cb9e457471379fe19.000002d6.honggfuzz.cov delete mode 100644 examples/bind/corpus/5cc0b2982f84d830d6be298a41d07948.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/5ceea4475bd5057e6f7cb5b8963d0ca9.00000043.honggfuzz.cov create mode 100644 examples/bind/corpus/5d1164f294f3c76c6f5f207f2a3fd653.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/5d1b01a45f711420757f54a6f9a2e9f0.000000f4.honggfuzz.cov delete mode 100644 examples/bind/corpus/5d1f567c6ae1e1d13d559022112f4af0.00000200.honggfuzz.cov delete mode 100644 examples/bind/corpus/5d1f5949bc3f38ea4f9e57389b5293e9.0001f52b.honggfuzz.cov delete mode 100644 examples/bind/corpus/5d2047afbb216758addf25e83ff09744.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/5d21277fb3abee97657b077a1d24585e.00000208.honggfuzz.cov delete mode 100644 examples/bind/corpus/5d3be52828eca9f8b940cdf1e7e7d1d1.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/5d43f81420887cca1d456f5db00997d7.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/5d46829e72fe88f3119373948fe586ff.0000054f.honggfuzz.cov delete mode 100644 examples/bind/corpus/5d4b2069d9717d03582b57b83017c5a4.00000154.honggfuzz.cov delete mode 100644 examples/bind/corpus/5d4f03ca0c29407713cd53f060f41cf8.000003a1.honggfuzz.cov create mode 100644 examples/bind/corpus/5d5c955edac4115e81db82fa7de2f3ed.000003fe.honggfuzz.cov delete mode 100644 examples/bind/corpus/5d69eaf13d49f5d56200c2c6c82b5bd3.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/5d6f017d814aeff1ed80d9b936fb24ed.00002615.honggfuzz.cov delete mode 100644 examples/bind/corpus/5d74df7fe34fa5cf27bf74aa07834e66.0001d8f5.honggfuzz.cov delete mode 100644 examples/bind/corpus/5d775047867448ed298fd2963bde6de3.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/5d7956349997ab8c33fe6540e0f77768.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/5d8e199ce55896d1f841e4a57ffc58ab.0000035a.honggfuzz.cov delete mode 100644 examples/bind/corpus/5d90309006e3a49e2da12e9b22032c72.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/5d95df86604e766e0cabe8cad2f9591e.0000003c.honggfuzz.cov create mode 100644 examples/bind/corpus/5d9c5fb32d19ecdcf4eb12d7265e3348.00000200.honggfuzz.cov delete mode 100644 examples/bind/corpus/5d9e0500755072d4dc3aea9ef98a35e1.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/5db22a50e18932fb682c82aae954c464.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/5db7f011a86b631c522e1d06ebddf466.0000035d.honggfuzz.cov delete mode 100644 examples/bind/corpus/5dc33fb10aabb11524348a69265e5f6e.000000c0.honggfuzz.cov create mode 100644 examples/bind/corpus/5de675712e69697336c9eb99ff6f070a.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/5df2ad670310dc50cc773dd2c138ae4a.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/5e091916e5da504a0a02f7d481f24327.00000633.honggfuzz.cov delete mode 100644 examples/bind/corpus/5e180f9dc4c9508b01a6c50cf7b5b7b5.00001e0e.honggfuzz.cov delete mode 100644 examples/bind/corpus/5e2804cfff7ae0726a7213675ab77311.000000f2.honggfuzz.cov create mode 100644 examples/bind/corpus/5e37d6ea1f4498cb4e85e2b3ad3dc87d.00000217.honggfuzz.cov delete mode 100644 examples/bind/corpus/5e38451a0cf6e4fae794c887398fedae.00015905.honggfuzz.cov delete mode 100644 examples/bind/corpus/5e3fe3bf5ebeb88c3285b49e3ec4fb06.00000062.honggfuzz.cov delete mode 100644 examples/bind/corpus/5e539c9b56be5fcc7499a4f074d15627.000000d7.honggfuzz.cov delete mode 100644 examples/bind/corpus/5e53db327b5cb79bc7b65d2229a18d41.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/5e647904eab4d455ee08237e03951a61.0000c349.honggfuzz.cov delete mode 100644 examples/bind/corpus/5e73cb0411a5ab98e4690f3ecfc47f2f.000000d7.honggfuzz.cov delete mode 100644 examples/bind/corpus/5e79274361992b804b776a7af630d25e.00008517.honggfuzz.cov create mode 100644 examples/bind/corpus/5e9132bfeeb0eebcc6adccddfee3210b.000000ae.honggfuzz.cov delete mode 100644 examples/bind/corpus/5ed16f225199c1d567311c7fde7a6d7a.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/5ed593030445a35e819adb1e3d496325.0000013b.honggfuzz.cov create mode 100644 examples/bind/corpus/5ee080dadba26fe97591cced553ddb54.000000ba.honggfuzz.cov create mode 100644 examples/bind/corpus/5eea419ba91250b09b14d5b8cf10fd9c.000012bb.honggfuzz.cov delete mode 100644 examples/bind/corpus/5f059a42171abd75b20ecb9b90cbbc70.00014611.honggfuzz.cov delete mode 100644 examples/bind/corpus/5f2bceab35a2538067590c0cd513ea99.000015da.honggfuzz.cov create mode 100644 examples/bind/corpus/5f327610612b7c9174d94fb64fee8e4e.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/5f3a7b42c6314dfda3ae97a74ac62dbb.00005d00.honggfuzz.cov delete mode 100644 examples/bind/corpus/5f6f5c35aab659680aecd12f765c7ff9.000012bb.honggfuzz.cov delete mode 100644 examples/bind/corpus/5f86618ca9196d1cc0e69e4df8812561.00000032.honggfuzz.cov delete mode 100644 examples/bind/corpus/5f92d5e1cff198ffa576508e48522c29.00000020.honggfuzz.cov create mode 100644 examples/bind/corpus/5fb36fd74800ed14c4091a05d2b580e6.00002000.honggfuzz.cov create mode 100644 examples/bind/corpus/5fc2bf920a18d63a462d58c9b8c8fbdb.000007f9.honggfuzz.cov create mode 100644 examples/bind/corpus/5fd4f39d53d6d9559e45c1be56e3ee89.00000037.honggfuzz.cov create mode 100644 examples/bind/corpus/5fef5deab2c5fcdc746591bc231707e0.00000360.honggfuzz.cov delete mode 100644 examples/bind/corpus/5ff8d532067f2fe7d5eab9cbf485bc77.00021bdd.honggfuzz.cov delete mode 100644 examples/bind/corpus/6025df7a7f764745e2ce0b4244d5e390.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/602eb26dd051a49e57d56440a2decca4.000001b8.honggfuzz.cov delete mode 100644 examples/bind/corpus/60516de5b5bf3bb3ca20efa48ef1acce.000002bd.honggfuzz.cov create mode 100644 examples/bind/corpus/605f2601b717a3b23d7f34dbd191c427.00000a9e.honggfuzz.cov create mode 100644 examples/bind/corpus/60685b7d7a95f9e4c924e28e71d48484.0000004c.honggfuzz.cov create mode 100644 examples/bind/corpus/607509016a6ebfc5176d63d48a07dcda.00000570.honggfuzz.cov delete mode 100644 examples/bind/corpus/60922598a8e26eb0860c53bbe92dc849.0001a6be.honggfuzz.cov create mode 100644 examples/bind/corpus/60a1061d936ea7a7f48db109318de491.00000239.honggfuzz.cov delete mode 100644 examples/bind/corpus/60a2bc52ab8e4f0a4d3a64dfd1d54e29.00006f66.honggfuzz.cov create mode 100644 examples/bind/corpus/60aa2c40b6603e6c6f81a0ea4da49ffa.000010c0.honggfuzz.cov delete mode 100644 examples/bind/corpus/60ca587356d44bee4361945095d194b7.00000034.honggfuzz.cov delete mode 100644 examples/bind/corpus/60ce5b24985659c9150f54284b0d81f6.00020000.honggfuzz.cov create mode 100644 examples/bind/corpus/60d6bb52c3b060a9349128748bb9e05e.000001cc.honggfuzz.cov create mode 100644 examples/bind/corpus/60d8fbcdede41ae7902114d8bbb3a8e9.0000005f.honggfuzz.cov delete mode 100644 examples/bind/corpus/60ece569202bb18ddedcf679c1645b32.00000046.honggfuzz.cov create mode 100644 examples/bind/corpus/60ed9a4aea6ac8dda7228f3b9f78da3f.00001566.honggfuzz.cov delete mode 100644 examples/bind/corpus/6101516217719e22f37ffac9a4c79a33.000004f5.honggfuzz.cov delete mode 100644 examples/bind/corpus/6107d9affe270d6a95389310d8d16f41.00000469.honggfuzz.cov delete mode 100644 examples/bind/corpus/6119272dc57fdb4c8ae6e89c78d730be.0000025e.honggfuzz.cov delete mode 100644 examples/bind/corpus/6132c0f45373fb81588487766e120c07.000002cd.honggfuzz.cov delete mode 100644 examples/bind/corpus/613ed3b02aaeef6670516afbb727291b.00000980.honggfuzz.cov delete mode 100644 examples/bind/corpus/6163126e136b7fa3b2d0fa89c6bb9407.000000d6.honggfuzz.cov delete mode 100644 examples/bind/corpus/6165f323c8e25d3cf32b0f40b885d50d.00001fdd.honggfuzz.cov create mode 100644 examples/bind/corpus/617d8dcd92f36b8c8bd7526963bda4e4.000003e2.honggfuzz.cov create mode 100644 examples/bind/corpus/619078aa017d75145e8e3a05594a5227.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/61da0aea7a4e9f57d559e454b3117020.00000049.honggfuzz.cov delete mode 100644 examples/bind/corpus/6214f70d55e84e1b75a1da84dc720590.00000062.honggfuzz.cov create mode 100644 examples/bind/corpus/621a3a92b82fcadf31fbdc1a7f17ce32.00000041.honggfuzz.cov delete mode 100644 examples/bind/corpus/6242af11b021c049e0fbdea3834b7a0b.0000bab2.honggfuzz.cov delete mode 100644 examples/bind/corpus/6242e48b97ed3490330534ff7187c389.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/624b0b7c979ec518ac9abc980154ad5f.0000010b.honggfuzz.cov delete mode 100644 examples/bind/corpus/62556a28eb99eb1aa36a11b82d47a3ee.00000059.honggfuzz.cov delete mode 100644 examples/bind/corpus/62642e0859c735a4291114697d82644b.000005f3.honggfuzz.cov delete mode 100644 examples/bind/corpus/6264957ae3eb697b7d4bc641adb66e19.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/62742176e1c71170b5caf47e556a78f0.0006d1a1.honggfuzz.cov create mode 100644 examples/bind/corpus/628531d5459a10686412207710b1de72.0000005c.honggfuzz.cov create mode 100644 examples/bind/corpus/62a19c2b0a5a58d80b3aedbba245de72.0000005c.honggfuzz.cov delete mode 100644 examples/bind/corpus/62a8a19e5ee4f80072c37397a95ab0d9.00000b8d.honggfuzz.cov create mode 100644 examples/bind/corpus/62b2cb5eb2942ff167cd8660667e754d.00000058.honggfuzz.cov delete mode 100644 examples/bind/corpus/62bc3699eb55633525859b8fc8e74525.0000303b.honggfuzz.cov create mode 100644 examples/bind/corpus/62c9bf010db54d4be71a22fcf3c143b5.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/63117313d7b3083f36d54dfcb89a4580.000000f6.honggfuzz.cov create mode 100644 examples/bind/corpus/631d03fe38feda59963e4e3672f95fd5.00000bb8.honggfuzz.cov create mode 100644 examples/bind/corpus/6323434f429a3f453dc4b98799989d55.0000096c.honggfuzz.cov create mode 100644 examples/bind/corpus/63347458f6706c11211317637f121174.0001153e.honggfuzz.cov create mode 100644 examples/bind/corpus/6347d5fe0a71e58684f35257b1ea8649.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/635b3626694ef8557e6c42ae20cbfb50.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/637ac9eebdbac1d3bcc81b6d5d3a022c.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/6383babc44c0410a037f909261e78569.00012b85.honggfuzz.cov create mode 100644 examples/bind/corpus/638b85b59c69979499e43854a6eaac57.0000004a.honggfuzz.cov delete mode 100644 examples/bind/corpus/63980b1e21619171bd1954c8e69fb521.00010566.honggfuzz.cov create mode 100644 examples/bind/corpus/63a7ceb3faa165a30ba9cda4944cff97.0000040a.honggfuzz.cov delete mode 100644 examples/bind/corpus/63abbae06668531bf5b921af0396cd13.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/63c6a0cd51cca222fc5a383358ce8986.00005e88.honggfuzz.cov delete mode 100644 examples/bind/corpus/63cd849516bd0137edc8473701b81258.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/63e0b1283bcda90905f9fd0a364a61f5.0001da18.honggfuzz.cov delete mode 100644 examples/bind/corpus/63ec017900f2b959a4a6a8abc06ba645.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/6405b1147a3daf09fa7b288a784c951d.000000a3.honggfuzz.cov create mode 100644 examples/bind/corpus/6406d998bc5f35fae34e5b786d347ad5.0000004c.honggfuzz.cov delete mode 100644 examples/bind/corpus/6425b0bd977396406dbb0ca7fb609072.00013e4c.honggfuzz.cov delete mode 100644 examples/bind/corpus/643557d1a08899fd49f3e97c0418c406.00052e1d.honggfuzz.cov delete mode 100644 examples/bind/corpus/64581fbfbc19381e9c575afc6d0f5be2.000001a5.honggfuzz.cov delete mode 100644 examples/bind/corpus/6474ffa0799ad79da772be2793842e87.0000007f.honggfuzz.cov delete mode 100644 examples/bind/corpus/6476e5f77e75dd42f4ccde92ba6bec8e.0000157e.honggfuzz.cov delete mode 100644 examples/bind/corpus/649595d8f338b1a434339a6d5abd0808.00000063.honggfuzz.cov delete mode 100644 examples/bind/corpus/64cad017955bf5a8900877f2fdcdde2e.00000138.honggfuzz.cov delete mode 100644 examples/bind/corpus/64f7fa95f39c408badeb48967754431b.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/650beda2656235340e467dd10440f1a4.000072c4.honggfuzz.cov create mode 100644 examples/bind/corpus/6527a56a51f07dcd1c8bd8a5574deaf9.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/6527b115b257d1ddf5af45de852d3ea5.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/653b50a3c8f45d10d5b6a6ce7fb123ef.000001a1.honggfuzz.cov create mode 100644 examples/bind/corpus/65902dbcb9faab422f84f9dbc864a1c2.00000118.honggfuzz.cov delete mode 100644 examples/bind/corpus/6591a7231cd2e444276f717f3098fdb2.00000200.honggfuzz.cov create mode 100644 examples/bind/corpus/65a800ed4ac567d16a5f8dd15737a3ef.00000f6f.honggfuzz.cov delete mode 100644 examples/bind/corpus/65b6101f5e5763bbb5f8ccf91a89023d.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/65c002f77cd3cd44cb59bee5e6d79c86.00000092.honggfuzz.cov create mode 100644 examples/bind/corpus/65c0819a9d000c1f70ba2919948aef59.0000007a.honggfuzz.cov delete mode 100644 examples/bind/corpus/65d231b2b20c8e796c17c4dc212e1545.0000001d.honggfuzz.cov create mode 100644 examples/bind/corpus/65d7e80bdec64c38d8fcf326ebbf431c.00000283.honggfuzz.cov delete mode 100644 examples/bind/corpus/65e3d9ac37072e098a7d6c592c96ba1d.0001ef74.honggfuzz.cov create mode 100644 examples/bind/corpus/65f964e8f3471310bfd3fc9ed1dff238.00000020.honggfuzz.cov create mode 100644 examples/bind/corpus/660537e9b8c8b7bdb2b729106ac4ed10.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/660a9ed433bbc7713a9fc2e8feb6afd0.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/660ca770b8c8b7bd42b8d6ebba72367d.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/6632a7a2aa60310958dae0305ee49b98.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/664f82ad383ab5a16ef73a850dfbeb26.00000440.honggfuzz.cov create mode 100644 examples/bind/corpus/6658e085a123092f7bb597e59cd1cd7e.000000a0.honggfuzz.cov create mode 100644 examples/bind/corpus/66643bb70f333163c78b0763630ae2e0.000000ac.honggfuzz.cov delete mode 100644 examples/bind/corpus/66cdf80b1e40be5de1ae6f6d8f837579.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/66d76284a9bb53be576b375471ad3b99.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/66db5bef7cf1de765b6d1580f4da0ba4.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/66dcfba497cf20059b2c1bdc94abe8ee.0000d87d.honggfuzz.cov delete mode 100644 examples/bind/corpus/66e4bd7bd8cbff130f45f7e0f8277fb2.0000004c.honggfuzz.cov delete mode 100644 examples/bind/corpus/66e63757d76d287085f9ad6848a2a0cf.0000006e.honggfuzz.cov create mode 100644 examples/bind/corpus/66e6bf29095499885f1fe71ae7a89a5e.000001b8.honggfuzz.cov delete mode 100644 examples/bind/corpus/66ed4fdd957a331492fea7cad461663c.00001f68.honggfuzz.cov create mode 100644 examples/bind/corpus/66fee7ba960d55205d6b78116ffa9962.00000254.honggfuzz.cov delete mode 100644 examples/bind/corpus/670b1e47d3d73a8cf7f86c614fe2a150.000003db.honggfuzz.cov delete mode 100644 examples/bind/corpus/6714c0429333d6fac2c5994040f76544.00000094.honggfuzz.cov create mode 100644 examples/bind/corpus/6715b7e8d6587fbbd9705cf18cc4a7ea.000015dd.honggfuzz.cov create mode 100644 examples/bind/corpus/6726f2c0303084d5bbc74a6c295770eb.0001102a.honggfuzz.cov delete mode 100644 examples/bind/corpus/67493ba825786823c9e8f1a1d3a5c5fc.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/6765422da8296322a451f2e9fb8ef44f.0004b225.honggfuzz.cov create mode 100644 examples/bind/corpus/676fc1d442fcb889cf7086789ff77514.0000033d.honggfuzz.cov delete mode 100644 examples/bind/corpus/677455757c2824bd043b3c6721fbc411.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/6780d7245d8f0e04477005bdbfb58375.000000e7.honggfuzz.cov delete mode 100644 examples/bind/corpus/67838d93e770853a82534f1cd082984b.0000c85c.honggfuzz.cov create mode 100644 examples/bind/corpus/67b00f4b477a1cfca656b51f312d8d0a.000001e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/67c1c390e3c91510975228f183cc4561.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/67cfac3a1bb3beaa120e5cdb17c681f2.0000006e.honggfuzz.cov delete mode 100644 examples/bind/corpus/67eb99ca4811ae91bc39509b4c7b981d.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/67eb9d8a17100591ca168edab62426fc.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/67efa73e6c24a6ed903cb94ae06ecbd1.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/680bb35ffa13f90a864837ac770d6012.000000ea.honggfuzz.cov delete mode 100644 examples/bind/corpus/681304a3ed5d35d22b1277f78e73e58f.0001d53c.honggfuzz.cov delete mode 100644 examples/bind/corpus/682a5d1a67f38e73db075e85724f5c9b.00044462.honggfuzz.cov delete mode 100644 examples/bind/corpus/6853f6ec3b18226d0e2ab611076f5c3e.000000a0.honggfuzz.cov delete mode 100644 examples/bind/corpus/6875ccfa135ee13231bd7da084b674b5.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/68be3b90fa532ff3dfdda79ffd076cd8.00009727.honggfuzz.cov delete mode 100644 examples/bind/corpus/68c0af557e11e2cd17a1f0fcdd85936d.0000bf17.honggfuzz.cov delete mode 100644 examples/bind/corpus/68c41b12e22f27498f9c11d93ba63a19.000002e6.honggfuzz.cov create mode 100644 examples/bind/corpus/68cf0e1bf77e57415afd3259bc2d2732.00000020.honggfuzz.cov create mode 100644 examples/bind/corpus/6963bd8d1f98e9e744bd805b26c1a084.00000194.honggfuzz.cov create mode 100644 examples/bind/corpus/69b414d8b198e6e2735fc55caf73a56e.00000169.honggfuzz.cov create mode 100644 examples/bind/corpus/69ccdf8de43e2839f6163ae68fe04b7e.0000029e.honggfuzz.cov create mode 100644 examples/bind/corpus/69d0c2eb93c0274c91aeffa07c9806dc.00000048.honggfuzz.cov delete mode 100644 examples/bind/corpus/69d10ef09f286fdecbbcfaf349b77738.00000051.honggfuzz.cov create mode 100644 examples/bind/corpus/69d7a621d778400ede0c6ef8908c8401.00000207.honggfuzz.cov create mode 100644 examples/bind/corpus/69ee6c2fedb4d6cd9368ecb8edb4bbdb.00000125.honggfuzz.cov create mode 100644 examples/bind/corpus/69eee265d00bc4ccf018d6e36c835534.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/69f0e486b5f12b680f500b16b6ec5e32.00001a1e.honggfuzz.cov create mode 100644 examples/bind/corpus/69f4a010fdd3ea52f7b30086eaae723c.00000081.honggfuzz.cov delete mode 100644 examples/bind/corpus/6a49bd6a103ae7003b2cb4d2e7fb31fd.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/6a5e5b658601c1b123e4f21af6cda09a.00000119.honggfuzz.cov create mode 100644 examples/bind/corpus/6a603d5cd1cf4217600696d6e6cfd040.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/6a68cb826f225de968911d55a978d528.000000a7.honggfuzz.cov delete mode 100644 examples/bind/corpus/6a703d0e82ae6653785ef52161d1b1e7.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/6a94e460e726ade4ad8d746e2a242b6f.00000182.honggfuzz.cov create mode 100644 examples/bind/corpus/6ac2ebf6abb2e57bbd1f895ee538fefe.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/6acf7b0a36ff8fcddb5b2b15a961edc4.0000012f.honggfuzz.cov delete mode 100644 examples/bind/corpus/6ad6f135ba7c21915ddbdae2fea69d07.0000021c.honggfuzz.cov delete mode 100644 examples/bind/corpus/6aef702336bc5c3700fea726f03ff1aa.00000293.honggfuzz.cov create mode 100644 examples/bind/corpus/6af00617e6dca46a247740cf4eb10974.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/6b1dd0628cfb853194d54bf90c1dc5ff.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/6b1f72c7c02f995083dd1fe369b6547e.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/6b404732312980e5248ccbb375fe3f07.000000a7.honggfuzz.cov create mode 100644 examples/bind/corpus/6b4dd4b454806418ca513572da0374a2.00000175.honggfuzz.cov delete mode 100644 examples/bind/corpus/6b6fb5de0a802ccf02cb44f0c5aa4b25.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/6b85be8d112e69026ec2d7f2f96e1da0.00000626.honggfuzz.cov delete mode 100644 examples/bind/corpus/6b9f6239ddffc7665e237f44ee1ab2cd.000002e7.honggfuzz.cov create mode 100644 examples/bind/corpus/6ba12f919cc76e1361629412e98a0fe7.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/6ba5c36fd86ebacefda9adf32c2a4db8.0000e77a.honggfuzz.cov delete mode 100644 examples/bind/corpus/6bcd6106b59002c3fedb8e1bb757eea8.00000497.honggfuzz.cov delete mode 100644 examples/bind/corpus/6bebd6aec9ec8d5aa7c94609269abeba.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/6bf54b7f407730f24803a785f332358f.00000032.honggfuzz.cov create mode 100644 examples/bind/corpus/6c253789606590e66342cf8e60c7d71e.000001de.honggfuzz.cov delete mode 100644 examples/bind/corpus/6c3311c842307ee74e3c0f58f6a1588e.00018f49.honggfuzz.cov create mode 100644 examples/bind/corpus/6c4a9da4fd3135bafa1de65f10982aed.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/6c53284a3d26f5e793ecbf7dd6048b8d.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/6c53284d50e6f5e7d3efa30b0d693d51.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/6c5ffc0859c31015b16b8bfc69b170d2.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/6c651a01a4ee145bc17cb6f3f4d5da66.000097f3.honggfuzz.cov create mode 100644 examples/bind/corpus/6cacf6fee213a69a741db7ff5f142259.00000053.honggfuzz.cov delete mode 100644 examples/bind/corpus/6cbf33cf5051d4947dfa6a65ae2d43ad.00000072.honggfuzz.cov delete mode 100644 examples/bind/corpus/6cd48dbd8d9ab6a2746eff5f6b0588a5.000000a5.honggfuzz.cov create mode 100644 examples/bind/corpus/6cd8f0ea5df2311fb96e16a896d38f8e.0000009b.honggfuzz.cov delete mode 100644 examples/bind/corpus/6d140a5152d917fcee6c7340fe87f6da.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/6d3b965625f2293b76f015b48d3b21fd.0000002d.honggfuzz.cov delete mode 100644 examples/bind/corpus/6d3bfcb8d20f16b7b7f5abc79bc3cee9.000000c9.honggfuzz.cov create mode 100644 examples/bind/corpus/6d521c88ec805c6186e07db0a5ff4193.00000060.honggfuzz.cov delete mode 100644 examples/bind/corpus/6d6370f7210b304817074a8d076277e2.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/6d8547d1bff19b981645e03ee84ac7a0.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/6d8547d1bff91b1066e76a164aca6fad.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/6d8656b5ab01d6aa8b18de6ac2724d8c.00001331.honggfuzz.cov delete mode 100644 examples/bind/corpus/6d94e147c686750bf605a7d72eccaa25.0000010f.honggfuzz.cov delete mode 100644 examples/bind/corpus/6da46b9d0e7581c995080544ba63e130.00001d19.honggfuzz.cov delete mode 100644 examples/bind/corpus/6dbfd94332f0dd1b278e7410ac516054.00000cbe.honggfuzz.cov create mode 100644 examples/bind/corpus/6dcd0e0fab55bc56011f38383628584f.00000b8e.honggfuzz.cov delete mode 100644 examples/bind/corpus/6dd92461124209d78764bec2dfb23c2e.00000291.honggfuzz.cov create mode 100644 examples/bind/corpus/6de506c0bfb59cc6d5c9b971a66756ef.00000181.honggfuzz.cov create mode 100644 examples/bind/corpus/6e27709d39de5dbc20324e1a2d12a7e9.00000128.honggfuzz.cov delete mode 100644 examples/bind/corpus/6e2bdd14a811b7a87969fd242d82e6e9.0000029e.honggfuzz.cov create mode 100644 examples/bind/corpus/6e440b9d403d509458b9dfabb2bbe992.00005941.honggfuzz.cov create mode 100644 examples/bind/corpus/6e4f0a19b406238dffad0bf4b6e09076.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/6e866dbcc4069eeb929a7d4b20b96c06.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/6e89353ea115c6e3b82c263c80f60814.00000115.honggfuzz.cov create mode 100644 examples/bind/corpus/6e9b7b5f93ac20842b4a241a4f74f495.000013e8.honggfuzz.cov create mode 100644 examples/bind/corpus/6ebc6893dea9f2708103f6807be5ea96.000002c6.honggfuzz.cov create mode 100644 examples/bind/corpus/6ee2a452732d4589541ff4a2728e3941.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/6ee6f911182c9390f5a2c786946e68ab.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/6ee74d84721ef55c2aac4827b06504da.0000001f.honggfuzz.cov delete mode 100644 examples/bind/corpus/6f1a052c6ccd6bfd0273129d184ba69c.00000041.honggfuzz.cov create mode 100644 examples/bind/corpus/6f1a27b6753effe2224fbc4a52a258c1.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/6f2b9986679f256c74d490828fe33026.00000091.honggfuzz.cov delete mode 100644 examples/bind/corpus/6f3a814eda7caff81ca205ffdc8f5835.000002cd.honggfuzz.cov create mode 100644 examples/bind/corpus/6f55c0e6f6bda7d72618cf2275164bef.00000066.honggfuzz.cov delete mode 100644 examples/bind/corpus/6f696e8defd86966d1b38000f8a7b1b2.0000020a.honggfuzz.cov delete mode 100644 examples/bind/corpus/6f7edfd4ef53b097b8fd2861aaa96a0e.00000150.honggfuzz.cov create mode 100644 examples/bind/corpus/6fb1e35980ee361847e81f8a8a752717.0000002e.honggfuzz.cov create mode 100644 examples/bind/corpus/6fb2f6cab319d7c15b38d37f35f12161.0000000e.honggfuzz.cov delete mode 100644 examples/bind/corpus/6fc72a62686fc0b159b522529b9c9737.00001187.honggfuzz.cov delete mode 100644 examples/bind/corpus/6fc951d695a6d0b0903abf34916f7001.00000013.honggfuzz.cov create mode 100644 examples/bind/corpus/6fccf22886f1f98b28cee278ca8703cd.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/6ff57d53bff40a3179cbee6d9f705466.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/6ffafce78223d28c8bb1eabc780e32ad.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/703bcef10f53805fd6a6bfa682c7384a.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/70461dacdd0d86076d3bc1776e0d30aa.000000ff.honggfuzz.cov delete mode 100644 examples/bind/corpus/706312fc033bd15b7d4f745e7add0f91.000003bd.honggfuzz.cov create mode 100644 examples/bind/corpus/706e8d7490f2b0d8f02a41d47c84c294.0000007d.honggfuzz.cov delete mode 100644 examples/bind/corpus/70801fff6bc129d667730f7704ce35b3.00008c2d.honggfuzz.cov delete mode 100644 examples/bind/corpus/70b557e1c39f6f92d07c4f94e7e37e1c.00000293.honggfuzz.cov delete mode 100644 examples/bind/corpus/70da2723be2d405d2b8799918091d1d9.0000e948.honggfuzz.cov create mode 100644 examples/bind/corpus/70ee36ca8605e1b14821a814ada1d1b7.0000029e.honggfuzz.cov delete mode 100644 examples/bind/corpus/70fb5ae5fb6700e8761a42b017836d14.00006e85.honggfuzz.cov delete mode 100644 examples/bind/corpus/71128c48eda881659124d2dc6c498017.000000d4.honggfuzz.cov create mode 100644 examples/bind/corpus/7123452f27926090a5c04a9c07a238f3.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/7124e4bdddab993f2d24ccf7981e057b.00000094.honggfuzz.cov delete mode 100644 examples/bind/corpus/712d635489be4ba1c734bfaa607c2eee.000000b6.honggfuzz.cov create mode 100644 examples/bind/corpus/7168fa0ed2019202ae20a5103f2c0515.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/718adeec6d3c5235359adbfda07f0fdf.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/718adeedb64c5235259a1ce016a46268.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/7194052d04dd9016d3f8375c875540c3.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/71953945315a2644a1185c9452ccbc8d.0000004e.honggfuzz.cov delete mode 100644 examples/bind/corpus/71aa5eac1e1cf9ef71298709d8fdbce3.00079a74.honggfuzz.cov create mode 100644 examples/bind/corpus/71b55b89b95a19ee9e8c4a12435cfd26.0000007d.honggfuzz.cov delete mode 100644 examples/bind/corpus/71d103dada916a6cb1a5fd58ebcb35df.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/71fadb3093ecc187d802c92ab74c4bd1.00000025.honggfuzz.cov delete mode 100644 examples/bind/corpus/7200e60b336319b58506e3f3d817db0d.00000c65.honggfuzz.cov create mode 100644 examples/bind/corpus/7207c35670b893b95ee388b8a6c8bdb7.0000003a.honggfuzz.cov create mode 100644 examples/bind/corpus/7221c77da63e9f71ac32457c569fbe3d.000003a8.honggfuzz.cov delete mode 100644 examples/bind/corpus/7224269a85dc7ab151c5d294b5310cee.0000029e.honggfuzz.cov delete mode 100644 examples/bind/corpus/723be192c64e9b46ee9e5bb757cdde84.00000081.honggfuzz.cov delete mode 100644 examples/bind/corpus/72431b27bea956cbe2318bac77ca8779.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/7253320e6f753dbbfe0c67e29d37a29e.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/725dd0357f0ac76f2fe51c75363a05d3.00000ba2.honggfuzz.cov create mode 100644 examples/bind/corpus/72a0597de8c88cd81c84f18b0238fb8f.000016b7.honggfuzz.cov create mode 100644 examples/bind/corpus/72d4a986aed093ddd7c719dbabf4959a.0000daa2.honggfuzz.cov delete mode 100644 examples/bind/corpus/72de945bbff7f22175ecf6f2e54805b9.00000073.honggfuzz.cov delete mode 100644 examples/bind/corpus/72f8618399aa3b3edeb2772b1bd88ac9.0001ff84.honggfuzz.cov create mode 100644 examples/bind/corpus/7301b5d1af8e3ede277d7c527df07ad4.00000061.honggfuzz.cov delete mode 100644 examples/bind/corpus/730594e89b18112cff677b9943d42b77.00015a30.honggfuzz.cov create mode 100644 examples/bind/corpus/7305ede3b16e788b6f198487f8d4125a.00010001.honggfuzz.cov delete mode 100644 examples/bind/corpus/7316fb4733513ea0321e7a45d9f3bf70.0006b71e.honggfuzz.cov delete mode 100644 examples/bind/corpus/7322fee7a54c9468b4b6f8632f7561c8.0000a302.honggfuzz.cov delete mode 100644 examples/bind/corpus/734d7274007e6d2a5c3d6aee37eb88a8.00001093.honggfuzz.cov delete mode 100644 examples/bind/corpus/7358455c7ea960652f9d41c68680ac82.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/736e17cc4834c0fc2f20fc638380c6b7.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/736e92c40be00da25e37e6f383c8a059.00012ca1.honggfuzz.cov delete mode 100644 examples/bind/corpus/737279e78bf44cd998ca869b1e819c21.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/737c19a4f62c63749b9572169ae96132.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/73b3667d8e52b00686298a00a15c8edc.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/73c8a6c63deabe51b15bb7f8e3b41c75.0001533c.honggfuzz.cov delete mode 100644 examples/bind/corpus/73e0c1da55a776fc60b3cb34966a6047.0000009a.honggfuzz.cov create mode 100644 examples/bind/corpus/73e54ea147c946668480d506d52421e8.00004c7e.honggfuzz.cov delete mode 100644 examples/bind/corpus/740035cbfa9b61e4ecb06dd9ff569e42.00000083.honggfuzz.cov delete mode 100644 examples/bind/corpus/7408059003c6c19c016293201e026f2d.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/7418b2c3c6c5b62f9cad899f0a944b57.0000010f.honggfuzz.cov delete mode 100644 examples/bind/corpus/741eec2fb901f51fa565f7a00714de01.000004af.honggfuzz.cov delete mode 100644 examples/bind/corpus/742d97db7fe6da42aab83095485e041d.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/744eae96686e339da7b8023b4c61ea96.00009fe6.honggfuzz.cov create mode 100644 examples/bind/corpus/746783de8015654a5fc1e7f40216fdf0.00000115.honggfuzz.cov delete mode 100644 examples/bind/corpus/7469ebdfe20a5c4c32403274abeac42b.000000a6.honggfuzz.cov delete mode 100644 examples/bind/corpus/74721924746149531e4d3b2e22e8f329.000000a3.honggfuzz.cov delete mode 100644 examples/bind/corpus/747ab913b689077f07648b38e9a3d1a3.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/7493320e6f753dbbfe0c62f69ee3a45e.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/74999a08b5da3a103e1e838dc2f1441f.0000fffc.honggfuzz.cov create mode 100644 examples/bind/corpus/74bfd0d0e53a87b569e4c891d9f70dc2.0000039c.honggfuzz.cov delete mode 100644 examples/bind/corpus/75325266df4faa97ea31ef024831774e.00000d98.honggfuzz.cov delete mode 100644 examples/bind/corpus/75369aaf83b5eef5e3efc8514ed70a69.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/753e0aa390390bc960136fbaaa4525fb.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/757075bf62387111d966ca6b91145fb6.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/758b5bd99650381e73d8d56ad255409c.00000993.honggfuzz.cov create mode 100644 examples/bind/corpus/75a2f6f4680f1107a83377f22dcb701f.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/75a66725aab0a55255f1bbecd63255d2.00001e5b.honggfuzz.cov delete mode 100644 examples/bind/corpus/75ac7a0c76203d64c32d4382d8fa2408.0000054f.honggfuzz.cov create mode 100644 examples/bind/corpus/75c30f2abde8ffb7e862907ff6b5b686.00000bb8.honggfuzz.cov delete mode 100644 examples/bind/corpus/75c4aed0f6c8b21033f7965cf2af392c.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/75d4eca4a44749637479b9d1a287a97f.0000011f.honggfuzz.cov create mode 100644 examples/bind/corpus/761866994683605ae22514144bdcfe60.000001c7.honggfuzz.cov delete mode 100644 examples/bind/corpus/765c767b0d141c9ace374ff7c5dc3ec9.000010f8.honggfuzz.cov create mode 100644 examples/bind/corpus/765e85a95e61b02de3f51f6e78b48af5.0000136f.honggfuzz.cov delete mode 100644 examples/bind/corpus/76676bd45a2c281f4c8b24ed385326c9.00020000.honggfuzz.cov create mode 100644 examples/bind/corpus/7669bf3b9791b889904a00af90bf5100.00000bb8.honggfuzz.cov delete mode 100644 examples/bind/corpus/767341a0f5145cdf112310a902c19e29.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/767aed943de4a198f0ebf82660bd48c5.00000021.honggfuzz.cov delete mode 100644 examples/bind/corpus/768348f043aeec02ed83120d66d08942.000000ac.honggfuzz.cov delete mode 100644 examples/bind/corpus/76a8b4fa76ad6b3db25db2ebf28af2e5.000000f7.honggfuzz.cov create mode 100644 examples/bind/corpus/76b9e6b85f81f30d58b0e9c3656ce93e.0000040a.honggfuzz.cov delete mode 100644 examples/bind/corpus/76ba7c38c34c83ec4c58b6f647c35aa5.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/76be4303011cf9042095e90b48fb6cca.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/76dbab4f5091539d5dda5a439e1af0ee.00000071.honggfuzz.cov delete mode 100644 examples/bind/corpus/76e35f8ff2733bbc60d1cfb56f7dd9ca.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/770e76a9b70a1a59d1af1ba928043f8e.00000035.honggfuzz.cov create mode 100644 examples/bind/corpus/771cba79cb85136c511ef447ffbbaa8d.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/7740362f7f634f7b49e3db99936217e0.00001823.honggfuzz.cov delete mode 100644 examples/bind/corpus/774bc9ed7c614e1a58d84360f448132e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/7752780f9712535fb5ca1e2208bb9cc6.00018ff0.honggfuzz.cov delete mode 100644 examples/bind/corpus/7759bf466e4f7600552f90d482a7e5bc.0000032e.honggfuzz.cov delete mode 100644 examples/bind/corpus/7766711f0c17f130c8d38dadd1a84213.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/7775e9ed7c614e1a58fd557bc276332e.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/779080d63702c357e0ef86a211583cfb.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/779491cfcf244c572991923b84e11c3a.000001a5.honggfuzz.cov delete mode 100644 examples/bind/corpus/779a77bf5bce5727b3dfc1555e38f9d5.000018b9.honggfuzz.cov create mode 100644 examples/bind/corpus/779ce3d7ada13df5ad234375314df1ac.0000008a.honggfuzz.cov delete mode 100644 examples/bind/corpus/77a5a9d02e7ca813ada23d054d300c7a.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/77b75129fdca8abf31c800d2c44f22a8.00000097.honggfuzz.cov delete mode 100644 examples/bind/corpus/77b8438012920b81d4c524026fc9972c.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/77d4fb2dc1e8631c11d6cdd19908a68d.000037d3.honggfuzz.cov create mode 100644 examples/bind/corpus/77e17a6260a37655dc8bce4db4ae686e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/7814dfbd50c5c1981f11ff062343068d.00010e2b.honggfuzz.cov delete mode 100644 examples/bind/corpus/781689077a6f07896688cd2829af7a57.000001db.honggfuzz.cov delete mode 100644 examples/bind/corpus/781d01de4ac84bcc67b21ba013800cda.000003ab.honggfuzz.cov delete mode 100644 examples/bind/corpus/782e15b94639d160373af752a4242f4b.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/783b3bd6a4894af5bf6ff81b0e6a6567.00000905.honggfuzz.cov delete mode 100644 examples/bind/corpus/785447ab83c8799f0ff03269e68a8ac7.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/785c9d8b576ccae97d9b0252e7ce08c1.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/78631cfd9d645fcaa29147b4713b5db5.00000305.honggfuzz.cov delete mode 100644 examples/bind/corpus/78646792b5dcf0eb7fb9f5e32ad1f0b5.000000c0.honggfuzz.cov delete mode 100644 examples/bind/corpus/7865d3ca732b3d696566237dbb5b7a45.00000040.honggfuzz.cov create mode 100644 examples/bind/corpus/787aa4c72f5eee08d7ae9cb7e5f7a6a8.00000200.honggfuzz.cov delete mode 100644 examples/bind/corpus/788e6584ed9a34f7dffc6e471287cdb1.00000072.honggfuzz.cov delete mode 100644 examples/bind/corpus/78a6def0c06cbc5371f88ee425dd5f1a.000004f1.honggfuzz.cov delete mode 100644 examples/bind/corpus/78e68fb589a0e052265ff587eaff6920.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/78e884e399c6a512a3b5a3deb6013a7f.00000b57.honggfuzz.cov delete mode 100644 examples/bind/corpus/78ea646b809efb055187b87bf06cc542.00000042.honggfuzz.cov delete mode 100644 examples/bind/corpus/78f2e1dd7f55ae0ca9fc994b48b36f36.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/790f12b64e066d51b566861a6645171c.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/7920b9a822445f35bd65e5536fc98f65.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/792bebe7822d34f38bab169a632877c2.000000d5.honggfuzz.cov create mode 100644 examples/bind/corpus/792cc5e3a67337673c85aae4eff9e80e.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/795209256d8a53804ae7c99da98ffdd9.00000f03.honggfuzz.cov delete mode 100644 examples/bind/corpus/79565c62b3ea5465d75913fc12c0d4c1.000002f0.honggfuzz.cov create mode 100644 examples/bind/corpus/7960dbdedf1c5d6d5db76b555b6a254b.00010566.honggfuzz.cov create mode 100644 examples/bind/corpus/798d2b651e23a5e67cda51699282bc54.00000bb8.honggfuzz.cov create mode 100644 examples/bind/corpus/7998b5985c5f3bc116c640afee5fd6bf.00000230.honggfuzz.cov create mode 100644 examples/bind/corpus/79ad0e0c219da01e275c7c3e3ad09937.00000042.honggfuzz.cov delete mode 100644 examples/bind/corpus/79b28ff8261f850aaecb77f33d08696f.00001484.honggfuzz.cov create mode 100644 examples/bind/corpus/79c00158d3816560a29abff53a30ce54.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/79d0a913a326fc05236b2560db4ec57a.0000005e.honggfuzz.cov delete mode 100644 examples/bind/corpus/79ec1061b71eb58fbf8aaf2732282a36.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/7a080ad7204f80d3cbed5c05b2764bce.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/7a17d260cbba31f32dc0845dc16dfac8.00000099.honggfuzz.cov delete mode 100644 examples/bind/corpus/7a254a4d10da15268ea6b118ff7c0eee.0000003d.honggfuzz.cov create mode 100644 examples/bind/corpus/7a2b000c051be55aec0d8bcf5af914dd.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/7a2d54a5de8f01b3e2bb0873b4286013.000002a9.honggfuzz.cov create mode 100644 examples/bind/corpus/7a38ec3cca898f6092638d24f37604d7.00000570.honggfuzz.cov delete mode 100644 examples/bind/corpus/7a9347d3d1cc1d61c8e7f67fa0c6f22b.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/7ab56409c62366c9605dccdb3574c053.00000020.honggfuzz.cov create mode 100644 examples/bind/corpus/7ab56409c79366c9605dccda2565c053.00000020.honggfuzz.cov create mode 100644 examples/bind/corpus/7ac5f6c401ce79d93cf70ae0c3a1244f.0000006d.honggfuzz.cov delete mode 100644 examples/bind/corpus/7ace351f8658bff188becfd6ee4eae61.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/7ad37362c3587ea43086f12efba698d1.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/7adb8f803dba2218127e53d08150564a.00000336.honggfuzz.cov delete mode 100644 examples/bind/corpus/7b5d9f30a10a4726d7d94499a6acf3b0.000000a0.honggfuzz.cov create mode 100644 examples/bind/corpus/7b696061fa69cb6ab81083e471afc459.000000d7.honggfuzz.cov delete mode 100644 examples/bind/corpus/7b79cfd9ebcdcf25602aaafc379c19cf.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/7b9ae663965fddafe313e94dd37f4131.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/7bb1090bcd16c68b271faf7fe780c5f7.00000b98.honggfuzz.cov create mode 100644 examples/bind/corpus/7bde4d887edbf8f17141f6f29a13ebd5.00000021.honggfuzz.cov delete mode 100644 examples/bind/corpus/7be4c8ff839eec5f5524850e2a767125.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/7bf744b2861cb1ee0a901da0ce3fa7c7.0000128b.honggfuzz.cov delete mode 100644 examples/bind/corpus/7bf82ed33477c3a469f4979eb5bf2fbb.000017b0.honggfuzz.cov delete mode 100644 examples/bind/corpus/7c01b0e0e3abb7d92c3785bef85d087d.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/7c0b03f812dfa5326bc366ccaf0e4060.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/7c0f5784e6561702aac396331b7330ab.0000012e.honggfuzz.cov create mode 100644 examples/bind/corpus/7c1af1fdfa35320a925dbccc0d8fb283.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/7c20ef2b4c134d51e7303a7481b65358.00000383.honggfuzz.cov create mode 100644 examples/bind/corpus/7c3d30e5aa9be771271c0e2b168a4bca.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/7c427080364d4f1f97b4bb28f587535a.000000ab.honggfuzz.cov delete mode 100644 examples/bind/corpus/7c4ffada41f0c93bf667711142e2ab9b.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/7c6c99399489aad72b47e2e7f83b3ad2.00000bb8.honggfuzz.cov create mode 100644 examples/bind/corpus/7c8043835f1f04dde778c484d13d6486.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/7c874c2fab7f0e0db8303c74f0b71a2e.00000207.honggfuzz.cov delete mode 100644 examples/bind/corpus/7c876adf26ad234af9ca9c8d2356a607.00007b4e.honggfuzz.cov delete mode 100644 examples/bind/corpus/7c89bd92bf9cb36f878f70f5aac874ad.0000c8de.honggfuzz.cov delete mode 100644 examples/bind/corpus/7cbd39518fbad0d2f93a829d6c7ace21.000000b4.honggfuzz.cov create mode 100644 examples/bind/corpus/7cc55a2e3370e3a3e4cc077dec9a9ed6.00000042.honggfuzz.cov create mode 100644 examples/bind/corpus/7cf892cfbd058b1db6e0cf6d41df6c50.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/7d36a4abcfd789ea1d0efcc38709c429.000003eb.honggfuzz.cov delete mode 100644 examples/bind/corpus/7d495baacf728cd2b5686ac88502837c.00020000.honggfuzz.cov create mode 100644 examples/bind/corpus/7d5cb27fb2964aa1b9b47837b6b5215e.0000140e.honggfuzz.cov delete mode 100644 examples/bind/corpus/7d606d245433c4fbd483248c5d54730e.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/7d60aa034797e04af24aae5e0d3f4396.000001ee.honggfuzz.cov delete mode 100644 examples/bind/corpus/7d6589c9077026f5b6071178fa41c5c6.000016e6.honggfuzz.cov create mode 100644 examples/bind/corpus/7d65d85efb32fccbe7ba7ff3d22f6957.00000059.honggfuzz.cov delete mode 100644 examples/bind/corpus/7d7eadfb174419a24368eb0d95bb2a4d.000004e3.honggfuzz.cov delete mode 100644 examples/bind/corpus/7d84d7d6d39195eee9ed2b1798f75977.0000037e.honggfuzz.cov create mode 100644 examples/bind/corpus/7dba6ef8298ac94747a0214665b269d8.0000002d.honggfuzz.cov delete mode 100644 examples/bind/corpus/7dd441bda6212eac459e6c82da2c936b.0000003e.honggfuzz.cov delete mode 100644 examples/bind/corpus/7df078ab97181ec669d6ff1b2ab74347.00000087.honggfuzz.cov delete mode 100644 examples/bind/corpus/7dfe1a918fd47d48c3888aef1c852297.00016ced.honggfuzz.cov delete mode 100644 examples/bind/corpus/7e16918cc47c2193dd913087c7d929fe.00016ced.honggfuzz.cov delete mode 100644 examples/bind/corpus/7e1e722d9ffa6e887a4aef924ff720cd.000002a9.honggfuzz.cov create mode 100644 examples/bind/corpus/7e6e0683bdd349b034c46a9b75f7f79d.0000001f.honggfuzz.cov delete mode 100644 examples/bind/corpus/7e71c6f97a61a67ee714ae46810a7f92.0000175f.honggfuzz.cov delete mode 100644 examples/bind/corpus/7e7a881c8f33d398e8b4b20d95d77cac.00016095.honggfuzz.cov create mode 100644 examples/bind/corpus/7e7e052f4dcfdd47edafc59bbdceab05.0000f0a4.honggfuzz.cov delete mode 100644 examples/bind/corpus/7e83d7069fd46452d7386344515c361c.00000244.honggfuzz.cov create mode 100644 examples/bind/corpus/7e88722afcb81e4068b2e50a8c90e4b8.0000079e.honggfuzz.cov delete mode 100644 examples/bind/corpus/7e9c767e308ea12240e221fc31ce96ce.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/7e9c9cecf1bfcb4923fb2046b8d2073e.00000039.honggfuzz.cov create mode 100644 examples/bind/corpus/7ea8b2dc010467931bddb68ef8842225.00000f8e.honggfuzz.cov create mode 100644 examples/bind/corpus/7ec92f202b56834f01f84a2ada553ed2.00002265.honggfuzz.cov delete mode 100644 examples/bind/corpus/7efba17317195f4562d1cde1a03adbc5.00013d1e.honggfuzz.cov delete mode 100644 examples/bind/corpus/7efd82bc4772ac8504e6a438b32cbb48.00001b5a.honggfuzz.cov delete mode 100644 examples/bind/corpus/7eff05420ffcee74b134c7d9a90bf6a2.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/7f00f0d8ed28aa7915e0512653dbd499.00000174.honggfuzz.cov create mode 100644 examples/bind/corpus/7f012972c114eaaeba257da9826774af.00001b5a.honggfuzz.cov create mode 100644 examples/bind/corpus/7f18e46f8b61180e8463e0fddc3bf974.00000208.honggfuzz.cov create mode 100644 examples/bind/corpus/7f3961d2d5d5c675b263c54b8fd9a3dc.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/7f544afcced90a253caf503c31c4b459.00000129.honggfuzz.cov delete mode 100644 examples/bind/corpus/7f9b942d73dcf6457be9214f8cf02531.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/7fa43947a2e8cff29617e685b762ed42.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/7fa6ffb07a56364fc6cba90d3dda34c5.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/7faa5b03352c2304de1b454bc1028b33.00000b9f.honggfuzz.cov delete mode 100644 examples/bind/corpus/7fb0f72ccc040c429c37aa67dbee955b.00000076.honggfuzz.cov delete mode 100644 examples/bind/corpus/7fc7b2cc5cf94979f23d6cd6bae6ec74.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/7fe7e32a691082775ca1a4698a60bafa.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/7feda119b728dc309280efeb259060f6.00000175.honggfuzz.cov delete mode 100644 examples/bind/corpus/7ff167a01b4e548f34939b9f5f9ba021.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/7ff27e7e62c6202ac57a419124290dbb.0000005f.honggfuzz.cov delete mode 100644 examples/bind/corpus/7ffc39b963ad41794aafe896fadaa522.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/7ffc4743decd9e5dccaf75a5e0fea830.000005e6.honggfuzz.cov delete mode 100644 examples/bind/corpus/801b0874ba52675d29cd41afbe769afa.00015d1d.honggfuzz.cov create mode 100644 examples/bind/corpus/8021219d730f3689f6dec3e901ef9af0.000000b4.honggfuzz.cov delete mode 100644 examples/bind/corpus/805f2ef9d4ddde6a7f43eb7e571d4610.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/8091d2b3d73a1a6780b48f41da3be44a.0000008b.honggfuzz.cov delete mode 100644 examples/bind/corpus/809de75dc69bbfa8b5d04f3c3eda366e.0000c856.honggfuzz.cov delete mode 100644 examples/bind/corpus/809e932e9c77739be5a0599e477400ab.000187a9.honggfuzz.cov delete mode 100644 examples/bind/corpus/80a46ef2a758ce6284425ad8c1014725.00001ff2.honggfuzz.cov delete mode 100644 examples/bind/corpus/80a9d4add1dc4a128e70cc0b995a952d.00000035.honggfuzz.cov create mode 100644 examples/bind/corpus/80dfa33c370c55e84135a3a45aaf5d01.0000021a.honggfuzz.cov delete mode 100644 examples/bind/corpus/80fadef104377a1a56d8e76d895a2dbd.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/813155f472f4377e52e9ad8927cfd078.00001602.honggfuzz.cov create mode 100644 examples/bind/corpus/81398d9095cf5d63db030f4c196d71bc.000018f4.honggfuzz.cov create mode 100644 examples/bind/corpus/816a68f8dbdd431dacaef3910c91df52.00000028.honggfuzz.cov create mode 100644 examples/bind/corpus/8173c7a58c19c932716061c23589567f.00000051.honggfuzz.cov create mode 100644 examples/bind/corpus/81a0e7fb2d6deab1eebbfb4d5637aca9.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/81a6773a3256d1ecdbf12fd84689a2ec.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/81af351b11d1a642ecd9a82c16c619b9.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/81bdad2b5059f175c5ab86dfcc2c3244.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/81be9a3339e25f52d76ba45d3cba82a8.00002020.honggfuzz.cov create mode 100644 examples/bind/corpus/81d5255822e46407e6eafb3dda510a49.000024bc.honggfuzz.cov delete mode 100644 examples/bind/corpus/81fe4627e5e69a8ed944af00b9729ccd.0001c8b4.honggfuzz.cov delete mode 100644 examples/bind/corpus/8242e6467d568c3ceef41aad7a8c7b4c.000000df.honggfuzz.cov create mode 100644 examples/bind/corpus/8246f3a8b117c8724ecb49b9bdca7fba.0000004b.honggfuzz.cov delete mode 100644 examples/bind/corpus/824d6d1aad446893c1b116fe45c3425e.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/826c11aef9413de0fba0ba44ecf57b30.0000007b.honggfuzz.cov delete mode 100644 examples/bind/corpus/829ce9f142155b105eec071d79895ee8.00000116.honggfuzz.cov create mode 100644 examples/bind/corpus/82b7554245edab19eeb3844ec51e0ad0.000001b5.honggfuzz.cov create mode 100644 examples/bind/corpus/82ca32b320f9527d43e4746f6d417a69.0000003a.honggfuzz.cov delete mode 100644 examples/bind/corpus/82f2a1d69285eec4d8dd1ab3f5f72f53.00000bd2.honggfuzz.cov create mode 100644 examples/bind/corpus/83239b6f061bffae1fc13eaf1aa65c5f.0000004a.honggfuzz.cov create mode 100644 examples/bind/corpus/832bcf86d52a29bcdba19ff3cae6feaa.00000036.honggfuzz.cov delete mode 100644 examples/bind/corpus/8352a11c3452802ae51837f130afefe1.00000261.honggfuzz.cov create mode 100644 examples/bind/corpus/8357840e72d45247f8389568bd927819.00000a89.honggfuzz.cov delete mode 100644 examples/bind/corpus/836825990d8db8decb3f2835aa95eaff.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/83684e893b6b32064e7f2473940739c6.000006c8.honggfuzz.cov create mode 100644 examples/bind/corpus/83805ec58090c8ea1df4eaaa9190afac.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/8388db9e0c2ba20fce672f81b95cf0bd.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/8408b3bce5d7c3a9e0f8e93d1021b01f.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/841f967d07e57c1d126f476040d45676.000001f8.honggfuzz.cov delete mode 100644 examples/bind/corpus/842532a1f78e0f126dd8cef801f64ac8.00000ded.honggfuzz.cov delete mode 100644 examples/bind/corpus/846c6eff99c56f21e674ae36ae386004.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/847b26c575757285843a4d70a9ca10e6.0000002d.honggfuzz.cov create mode 100644 examples/bind/corpus/849167f3b9fe84d13cd5f09e8b98019b.00000037.honggfuzz.cov delete mode 100644 examples/bind/corpus/84a4121ef65d4911cad763497feab920.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/84aea03250ade32d2c21706f38d20749.0001c2ad.honggfuzz.cov create mode 100644 examples/bind/corpus/84b1ff09e85830a4f5b41cd5f3a5722e.0000001d.honggfuzz.cov create mode 100644 examples/bind/corpus/84b7ae28585830a4f5b5fd2fade1722e.0000001d.honggfuzz.cov create mode 100644 examples/bind/corpus/84b7ae28591d30a4f46e8d2fade1722e.0000001d.honggfuzz.cov delete mode 100644 examples/bind/corpus/84ba9fe237e2ae7ef9194ed2fa3c3b38.00000acd.honggfuzz.cov create mode 100644 examples/bind/corpus/8507ae2a885830a4f5b6cd1cacf1632e.0000001d.honggfuzz.cov delete mode 100644 examples/bind/corpus/850a23772e0827b0f344086164027093.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/851b590c392c66f0ef9915192c4362f4.000002a9.honggfuzz.cov delete mode 100644 examples/bind/corpus/8547b980b170a23109214187cc6933b6.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/8548fefa6c9ee05568c1f418cff1495e.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/8568d7395f2c38f64108dbc2bdf4b240.00000530.honggfuzz.cov delete mode 100644 examples/bind/corpus/856dca4947e95b10065791f81440d7e4.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/857ef9aa8ed8ce389c9b833e5521e3ff.000000ee.honggfuzz.cov create mode 100644 examples/bind/corpus/85bf9a512e2fea24677defcae36cadb2.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/85f4d1c0797aca712cf3837f95398859.000000a0.honggfuzz.cov create mode 100644 examples/bind/corpus/861d175e9f8fa8210176bac055492333.000000c7.honggfuzz.cov delete mode 100644 examples/bind/corpus/864b1c2e1ba8b1c09d9c6bea3d05d306.00000037.honggfuzz.cov delete mode 100644 examples/bind/corpus/864e060bf9b28b17482b6a0b8f99292d.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/864e06ddaab288f27bf82843071f5101.000000da.honggfuzz.cov delete mode 100644 examples/bind/corpus/865118f3b5a7edd5f691bf0a05a782bb.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/865f2cb8779df6f1396d0c02bb4416d0.00000153.honggfuzz.cov delete mode 100644 examples/bind/corpus/8671329ae95e5a3fe8492598d992a4a0.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/86851dc081dc8a3f4a77183945e873fb.00000084.honggfuzz.cov delete mode 100644 examples/bind/corpus/8686b3a393e4b8ceb52f98cbd9c73cab.00000686.honggfuzz.cov create mode 100644 examples/bind/corpus/86b12f4305dd21bbbb0fdbd3fcc8a14b.00000034.honggfuzz.cov create mode 100644 examples/bind/corpus/86c2f083cb6b9df4b5c07b0cb86c8747.0000001d.honggfuzz.cov delete mode 100644 examples/bind/corpus/86c43083cb6b9df4b5c07b08f8288747.0000001d.honggfuzz.cov create mode 100644 examples/bind/corpus/86e459e0acd0ded3bab59fe1ee37fa5f.00000db9.honggfuzz.cov delete mode 100644 examples/bind/corpus/87038e99bdbc9402894e63fe236ad3e7.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/8705bafb234a914d68c1ff96f68f6a48.00000092.honggfuzz.cov create mode 100644 examples/bind/corpus/87d0b60d941ac5737441e529a84ea043.00000175.honggfuzz.cov delete mode 100644 examples/bind/corpus/87d27a017fdf9d8d85b2a2b8c8ac0c46.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/87ecebb9144ae6659c88bcfb3dd7f5d4.00000021.honggfuzz.cov delete mode 100644 examples/bind/corpus/87efffc9cb7705088adf8876a4a84459.00000510.honggfuzz.cov create mode 100644 examples/bind/corpus/882c7cb8115119cc4dda6f02f86a96e6.0001f4ac.honggfuzz.cov delete mode 100644 examples/bind/corpus/882da3f30eec3970566192f915fcddf5.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/88386a5f26d204de49f82f1d14107d5e.00001b62.honggfuzz.cov delete mode 100644 examples/bind/corpus/883cabf118d301cf308f37b1852c33cc.0000db04.honggfuzz.cov create mode 100644 examples/bind/corpus/884613dd0c0c48af071a134574c88fdd.00000b91.honggfuzz.cov delete mode 100644 examples/bind/corpus/885d0e64eb4549e72e4904ac64c21d30.0000087c.honggfuzz.cov delete mode 100644 examples/bind/corpus/88679e6b35e5acb7b0a8f4342875824f.0000091e.honggfuzz.cov delete mode 100644 examples/bind/corpus/8873482a4e27d08e7c7732fcd5cc268a.0004f2c6.honggfuzz.cov delete mode 100644 examples/bind/corpus/88c407d5e63c00d362b0a6f5f0c36f44.00020000.honggfuzz.cov create mode 100644 examples/bind/corpus/88d097b7e37a1ef8e5f13d4ffa6765e4.0000002b.honggfuzz.cov delete mode 100644 examples/bind/corpus/88e2f59000000000658218f000000000.00000003.honggfuzz.cov create mode 100644 examples/bind/corpus/88e561be93c7069fad5e4599942ff487.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/891edb77d3df1b09b7d0819321d65fb5.0000051a.honggfuzz.cov create mode 100644 examples/bind/corpus/8935e37a9d5824a3c5430cb0274bf0b6.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/893bbbbc9139008e674690d5175896c2.00004036.honggfuzz.cov delete mode 100644 examples/bind/corpus/8949186109d2897aec17259feca2a8f5.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/895e7d77264ed80dd3576f602962f2d1.0000045a.honggfuzz.cov create mode 100644 examples/bind/corpus/896ddf56847067699820742bbc6c7d39.000006c6.honggfuzz.cov delete mode 100644 examples/bind/corpus/897e19674d4658aec75c6c97332106f4.00007fef.honggfuzz.cov delete mode 100644 examples/bind/corpus/89bb04c333fd4cbc0980bc8c17310c21.00016922.honggfuzz.cov delete mode 100644 examples/bind/corpus/89c5592a58006f8eafe93fb338ab753e.000181bb.honggfuzz.cov create mode 100644 examples/bind/corpus/89d55b55d031eef49ab188cd64670ff5.0000004f.honggfuzz.cov delete mode 100644 examples/bind/corpus/89dafce144e3d471b0da9a9ff0e2f027.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/89e34800068f1d6d6b54b23d112d3499.000001db.honggfuzz.cov delete mode 100644 examples/bind/corpus/89f6a13cbcc34eaad2672168032a1220.00000065.honggfuzz.cov delete mode 100644 examples/bind/corpus/8a3e97c619632fd0f96256273d074b54.00001139.honggfuzz.cov create mode 100644 examples/bind/corpus/8a4c13b478a6a8f5765e496ceaf57df7.000017b0.honggfuzz.cov delete mode 100644 examples/bind/corpus/8a4d1ed7dbb863b627cb62e6d2609dd5.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/8a6b82cec318c9065d1fd183cef61f06.00003965.honggfuzz.cov create mode 100644 examples/bind/corpus/8a79bae1633e082932657fc31c8c9af1.00000078.honggfuzz.cov delete mode 100644 examples/bind/corpus/8a9d8a5d73bc724dac6516167cf8862c.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/8ab2463e9918c0ac01ecb5af57a0efb6.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/8ad7a7ef742395d50d9e7ae0b231e870.00000119.honggfuzz.cov delete mode 100644 examples/bind/corpus/8af8e9725697d97515d172b4f9a0508a.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/8afaefe0633aad5ea7e8b144bfcbbc6f.00000088.honggfuzz.cov delete mode 100644 examples/bind/corpus/8afcb7aa701b777b80e69481e4814415.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/8b1841a72f2bc9285a6159a386672072.00000087.honggfuzz.cov delete mode 100644 examples/bind/corpus/8b32fb26d7736869150c483c2e78c48b.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/8b41a34d94805769d667c29e8226284c.00001eab.honggfuzz.cov delete mode 100644 examples/bind/corpus/8b64943c412b23978b2843b16e8915ad.00000222.honggfuzz.cov create mode 100644 examples/bind/corpus/8b673d785ae3273c171d9e56f56a66a1.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/8b7517a04ca7f69c839f02a59b24bcc9.00000288.honggfuzz.cov delete mode 100644 examples/bind/corpus/8b75b1077dc6d0a32186ed85b2ab41b3.000001e3.honggfuzz.cov create mode 100644 examples/bind/corpus/8b7b57a8a24d0055e5466098ffe6b49f.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/8b92e6d82b20d0f810377dc0c79fa46a.0000008f.honggfuzz.cov delete mode 100644 examples/bind/corpus/8c06793d3277e084786166e517daef60.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/8c1a377b50e01a12fd2742b205c6c5f8.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/8c36edc689c9cdb64c14164067903059.000189f6.honggfuzz.cov create mode 100644 examples/bind/corpus/8c3f730ef34e0c4679974be067f069e4.00000049.honggfuzz.cov delete mode 100644 examples/bind/corpus/8c496db9c69eab5d0ce9020f4cdbdbba.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/8c631e60c608335af8585e5dd26edb21.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/8c67f4041f8034de2025399e5fa4dacf.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/8c740b152fd65d42c0b3485c40fd3c7b.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/8c8ac007a30c17c611fe6397361b787d.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/8cf2e5852a8b01f7f9fe7ca79be48a26.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/8d1b7855a1f6d156512dfee5c9d71c91.0000001d.honggfuzz.cov delete mode 100644 examples/bind/corpus/8d3f5080953abfa96f5fd9de0dd76446.00000374.honggfuzz.cov delete mode 100644 examples/bind/corpus/8d408cdb7115fe564211e10515c06aca.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/8d495848a84d531274ea1f459aa04b08.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/8d495848a84d9ef2b90a1f4557401ce8.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/8d4b5dea49e26bd100c2e75562317d93.000001bc.honggfuzz.cov create mode 100644 examples/bind/corpus/8d539708fd2464a0344491a941185a74.0000a1b4.honggfuzz.cov delete mode 100644 examples/bind/corpus/8d55097958007c74a2527ef1c5974815.00000020.honggfuzz.cov delete mode 100644 examples/bind/corpus/8d592a9bce5c2f75621688e00e3db3ca.00006b6a.honggfuzz.cov delete mode 100644 examples/bind/corpus/8d70ffe02e6b67a1d99fb533c0b460af.00000021.honggfuzz.cov delete mode 100644 examples/bind/corpus/8d8bcdf4548719d9e227a45320bbfc4a.0001e987.honggfuzz.cov delete mode 100644 examples/bind/corpus/8da1bbb36e8e8216e6769355db8375bf.00001065.honggfuzz.cov delete mode 100644 examples/bind/corpus/8dce69c8210376c98626f0b21682f918.0000366f.honggfuzz.cov delete mode 100644 examples/bind/corpus/8dd66741a3dcb79e9c1f604fcc972b36.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/8dfe9f3bad73d178334581831006ff71.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/8e082b03f605b5d94b09143c362ab815.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/8e38e6f88e704da48c2d9e103ad07fd2.000001db.honggfuzz.cov delete mode 100644 examples/bind/corpus/8e45a0544ada7cf768f7982b19842fa6.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/8e60f628769657f656059e6e9a65c4e9.00000bb8.honggfuzz.cov delete mode 100644 examples/bind/corpus/8e6ba8e977b43744388a45622f6aabba.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/8e717bbc72690684896a1361e3c6b593.00000295.honggfuzz.cov create mode 100644 examples/bind/corpus/8e7b31d6a07ceae91f71ac56c98ed1da.00000065.honggfuzz.cov create mode 100644 examples/bind/corpus/8e861ac9e8c531bc69790be5e589e81c.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/8e8ae855c53731255295aac9d646ca45.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/8e9c0d50ccde8f1ad3cc3a681ef66281.00000065.honggfuzz.cov delete mode 100644 examples/bind/corpus/8ea9f4405f9951f9c88bb087851bacf6.00000021.honggfuzz.cov delete mode 100644 examples/bind/corpus/8eae3bc6496ec438a27bea0190e4b50b.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/8eba86e2174ba76f2552ff558808c64f.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/8ede3d423d37ee9f10ec3714d7172c8e.00005759.honggfuzz.cov delete mode 100644 examples/bind/corpus/8ef1d97e4bb0f7b8a2149af2014aa111.00000063.honggfuzz.cov delete mode 100644 examples/bind/corpus/8f13527640f6a31a7fc7e81c60b14a93.0000008f.honggfuzz.cov create mode 100644 examples/bind/corpus/8f1cd6ffa0fc6915cba4127bc92a4507.00000326.honggfuzz.cov delete mode 100644 examples/bind/corpus/8f42f767e0e9075479edce63f311c097.0001c767.honggfuzz.cov delete mode 100644 examples/bind/corpus/8f5f4b1293c543b79938cf50c07278a7.000002b0.honggfuzz.cov delete mode 100644 examples/bind/corpus/8f62ffe23a9566015ae75c2578a8b045.00000056.honggfuzz.cov delete mode 100644 examples/bind/corpus/8f62ffe32a8466015ae75d2478a9b145.00000056.honggfuzz.cov delete mode 100644 examples/bind/corpus/8f64ea62eeb938a5f25eff42dc5a5f78.000000c0.honggfuzz.cov delete mode 100644 examples/bind/corpus/8f7187e7ca94e53b6637ea50f3561cc4.00000089.honggfuzz.cov delete mode 100644 examples/bind/corpus/8f82c6b18af6d5581672333629d8b797.00000031.honggfuzz.cov delete mode 100644 examples/bind/corpus/8f866494e6ce2a1371732dee517149d3.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/8fac417c3116753f49e3f7c29342d3a9.0000004a.honggfuzz.cov delete mode 100644 examples/bind/corpus/8fba39ed6e5e8b09049f99a228cd8458.00000102.honggfuzz.cov create mode 100644 examples/bind/corpus/8fcd28ec4fdcbc21f1f4330367650979.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/900d336ebebd0b94aa7d62c24c53c479.000105b8.honggfuzz.cov delete mode 100644 examples/bind/corpus/90157120f745d2c5a39a4baf26dbac5c.000000c0.honggfuzz.cov delete mode 100644 examples/bind/corpus/901db1ce928d07ad0bffbd29a7a69052.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/902701f4543b281df576340ba1fc4746.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/903df71ded7b494c032123b4c37bb1fa.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/90621aa324849164483b5e97cb4d9629.0000018a.honggfuzz.cov delete mode 100644 examples/bind/corpus/907bde24e48429e56d1edff79dec680e.0000004c.honggfuzz.cov create mode 100644 examples/bind/corpus/90900000000000009090000000000000.00000001.honggfuzz.cov create mode 100644 examples/bind/corpus/90afe0db1f1a763ab101c0d73c29ec7e.0001df73.honggfuzz.cov delete mode 100644 examples/bind/corpus/90ba209c5a9a8cef9ffe561ee261bd0d.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/90c4eb4b9843f32ab429672e283f3f2d.0000b104.honggfuzz.cov delete mode 100644 examples/bind/corpus/90d4284791570a314882c4b1d6ff3e72.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/90d597cc58c4a8810b5acc2516513347.00000037.honggfuzz.cov create mode 100644 examples/bind/corpus/90e0fa6bcc8a4c77672cd0a003580687.000001a6.honggfuzz.cov create mode 100644 examples/bind/corpus/90e161589d72ecdec29d99d0d01178e4.000003ad.honggfuzz.cov create mode 100644 examples/bind/corpus/90e270449f4cc0dfdff5444962429b75.00000081.honggfuzz.cov create mode 100644 examples/bind/corpus/90f2e7a6a67246fdd7d527af29936c0c.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/91030ca751fc2e1d1abbb96ee752cffc.00005ccd.honggfuzz.cov create mode 100644 examples/bind/corpus/9110ad005dd611620fdfe37084aa3c59.00000200.honggfuzz.cov delete mode 100644 examples/bind/corpus/912850ca60b4c55c9d714b2939775da8.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/912ade48f43dcdb4f3d8d337e289c395.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/914f012ffa39b893bdf3cc26001fe2cb.0000026a.honggfuzz.cov delete mode 100644 examples/bind/corpus/9157e88c7eb6ecc5299ce23009957251.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/9164542c6d3c52d15204a78444516b17.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/917b3a820550cb11ec6ef68c987e88e3.00005ad5.honggfuzz.cov create mode 100644 examples/bind/corpus/9184b2e00cb00703bd7f480a85881b29.000002e0.honggfuzz.cov delete mode 100644 examples/bind/corpus/9194070ee27759ad812d25a579137143.000000d4.honggfuzz.cov delete mode 100644 examples/bind/corpus/9198771b6d5ac3eb893a40e6eeeff2ee.000012cd.honggfuzz.cov create mode 100644 examples/bind/corpus/919bcf9e4164a1010c5b452c587bf6ad.00005759.honggfuzz.cov delete mode 100644 examples/bind/corpus/91b8f42cc672f2075af65025bdb95d47.00001242.honggfuzz.cov create mode 100644 examples/bind/corpus/91bc75c2e41607b099cf9e946f683e9e.0000005d.honggfuzz.cov create mode 100644 examples/bind/corpus/91c6e29345732f5868d1f839832c0503.00000ed5.honggfuzz.cov delete mode 100644 examples/bind/corpus/91ccebc8c8fe689386952e035a9496e9.000000a9.honggfuzz.cov create mode 100644 examples/bind/corpus/91ceda9325ed8026454b4a9ed1832345.000001e6.honggfuzz.cov create mode 100644 examples/bind/corpus/91fab9705fc23dc73b4d508e4627eb80.00001f69.honggfuzz.cov create mode 100644 examples/bind/corpus/920da23dff41b57cab7c11598115d55f.00000057.honggfuzz.cov create mode 100644 examples/bind/corpus/921938601b41da51b1747103ff5f18a9.00000046.honggfuzz.cov create mode 100644 examples/bind/corpus/923f1e603d67da51b1747103d06118a9.00000046.honggfuzz.cov delete mode 100644 examples/bind/corpus/92582818dca200542bc77c82a71bd5b2.000000ab.honggfuzz.cov delete mode 100644 examples/bind/corpus/925b1cca1abdd7831713493b0a4ef993.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/92663a101379b0b273f28adf3222dcfb.0000001e.honggfuzz.cov create mode 100644 examples/bind/corpus/9279091973747a1b6aa04b15bb8ac656.000001e3.honggfuzz.cov delete mode 100644 examples/bind/corpus/9288dcf56119b49735f6e43f968e5659.00074f81.honggfuzz.cov delete mode 100644 examples/bind/corpus/92b5bb6040ae8ddda5d6f9701a489a7f.00008b51.honggfuzz.cov create mode 100644 examples/bind/corpus/92cb08eb1e836e310f00d2ca9816b263.00000040.honggfuzz.cov create mode 100644 examples/bind/corpus/92df1a83bd36f4e43641894212b25229.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/931352da1d695dcfc800b6ff1cbc0195.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/93192c4bdd5453f97b0238191bf30464.0000010f.honggfuzz.cov create mode 100644 examples/bind/corpus/934e25597112611aa0c43723a7e39005.000005d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/936246f003bc95d4b64189c42807592c.00000126.honggfuzz.cov delete mode 100644 examples/bind/corpus/939540c58aa95847c3775da2f6b5e29f.00000e1c.honggfuzz.cov create mode 100644 examples/bind/corpus/9396a0e9009ecc5f80407042ed11562a.0000008c.honggfuzz.cov delete mode 100644 examples/bind/corpus/939d4ef8f0084949209a11b2000d5d3e.00002000.honggfuzz.cov create mode 100644 examples/bind/corpus/93ab5962cc21c1e9fe0ed832e26498ed.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/93ae60ff5d60f62a4f13ead1dedd17c6.000544ba.honggfuzz.cov create mode 100644 examples/bind/corpus/93b912c472f653461d2c79c6bf4f748c.0000042a.honggfuzz.cov delete mode 100644 examples/bind/corpus/93bd9e94dcda06de7b7b34ee2c512257.000015e9.honggfuzz.cov create mode 100644 examples/bind/corpus/93bebf15077a0ff9e5b6fd4fee3765e4.0000002b.honggfuzz.cov delete mode 100644 examples/bind/corpus/93c5481570c02c9a1ad813f67c2bdce5.0000157e.honggfuzz.cov delete mode 100644 examples/bind/corpus/93c963dc6d0e49e1b93b21cbeadf51eb.00000787.honggfuzz.cov create mode 100644 examples/bind/corpus/93ee4f1749d9387989bf175ce4e21922.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/93f280f8e5c5dd6d8b5723fb4782bfdf.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/941c25de3e1e0dca6770375d7cf9fbea.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/943a7708b1895fe3be689d08e3bda039.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/943ef1d957d8fa048bd0f9563920f3e6.00000151.honggfuzz.cov create mode 100644 examples/bind/corpus/9442a98267020fd8a201e1d1e0732159.0000009d.honggfuzz.cov create mode 100644 examples/bind/corpus/945eb6b1c032cbf6994cf5bb1cd858b9.00000041.honggfuzz.cov delete mode 100644 examples/bind/corpus/948c028c5de02f5c83c890b1a74c2249.0004a295.honggfuzz.cov delete mode 100644 examples/bind/corpus/948d1c7a71e50d5a32d57d346c19577e.00000565.honggfuzz.cov delete mode 100644 examples/bind/corpus/94ab62936e3454e03f35e7e6d1f66960.00018619.honggfuzz.cov create mode 100644 examples/bind/corpus/94d21f64bfa8fc2845e481d7111a13da.00000112.honggfuzz.cov delete mode 100644 examples/bind/corpus/94e18e277cbccee08f05f51c1204fbd8.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/95082d7b1318eaa30af9dd5b2bb97543.000003ed.honggfuzz.cov create mode 100644 examples/bind/corpus/950d0474421ba46a30288be5a7b1e024.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/952c0f945505af54c5a1bd88391ce256.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/9553d4c8fd8d9ebaba64d392e71c65fc.0000151e.honggfuzz.cov delete mode 100644 examples/bind/corpus/9579eaba9f0a853a30cfabc81b452aaf.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/957b6c0097b91d989b231fafd3d5c5b1.0000009c.honggfuzz.cov create mode 100644 examples/bind/corpus/958b647e9f3d12394ff676dec29fd637.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/958e37b649c9de2bc39536fe7e78bd25.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/959221af735be8f079a05ccffd9f65e6.000000b4.honggfuzz.cov delete mode 100644 examples/bind/corpus/95966bd17e89c70af8a1cf572e90e493.0000017a.honggfuzz.cov delete mode 100644 examples/bind/corpus/95ad87813436c2da99728f77e2e1aef3.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/95c36bc8194a5500f783a60225a3de76.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/95cfa987d2ffc685f3381a7ee915425b.00000035.honggfuzz.cov create mode 100644 examples/bind/corpus/95d75756e9b5bf58668328e700073a9c.00000131.honggfuzz.cov delete mode 100644 examples/bind/corpus/95dcea0e3b9156fdc4743e11090a9cb4.000001df.honggfuzz.cov create mode 100644 examples/bind/corpus/95e8fabd8f3301fbef168661f3287239.00000169.honggfuzz.cov delete mode 100644 examples/bind/corpus/95edd21cf4aab97fee02124c20e64e9e.00000380.honggfuzz.cov delete mode 100644 examples/bind/corpus/961874269834e8da4771698f1f83843f.00000bb8.honggfuzz.cov delete mode 100644 examples/bind/corpus/962d18cbbe73e1872400d275feea9ea3.00000962.honggfuzz.cov create mode 100644 examples/bind/corpus/9632501017dc1365286e9955a7b36373.0000008a.honggfuzz.cov create mode 100644 examples/bind/corpus/9654699f08a018a06c79d41ef81a75ca.00001748.honggfuzz.cov delete mode 100644 examples/bind/corpus/9663245b6a3c52840701f784443a0017.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/9678a123038506666abbcc568bf81854.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/9684ebf91ce49da502d53a318bfdb29b.0001a1d1.honggfuzz.cov delete mode 100644 examples/bind/corpus/9690d863368939e72c32b19350a7ff6a.000000ef.honggfuzz.cov create mode 100644 examples/bind/corpus/9692da5931a8fa27ff6f0ac9908f1df2.00001d71.honggfuzz.cov create mode 100644 examples/bind/corpus/96a1e74ccf02a348e748dc38f3143cd7.00000131.honggfuzz.cov create mode 100644 examples/bind/corpus/96a3628eb1637fbe61684f80c48420a1.00000124.honggfuzz.cov delete mode 100644 examples/bind/corpus/96a4badb92f966eb8a733d7a7745767e.00000188.honggfuzz.cov create mode 100644 examples/bind/corpus/96b1e704e36a32be1d96018045b82ec5.00000dff.honggfuzz.cov create mode 100644 examples/bind/corpus/96d38c8e07fc20644ca2537e107a6e08.00007b69.honggfuzz.cov delete mode 100644 examples/bind/corpus/96dd3a78d208663782c4d27673bd653e.00001969.honggfuzz.cov delete mode 100644 examples/bind/corpus/96e510df86609a71de4f9320ad5d0282.0000010f.honggfuzz.cov create mode 100644 examples/bind/corpus/9700a09d638cfc47576ec63e4a04a65f.00000053.honggfuzz.cov delete mode 100644 examples/bind/corpus/972ee7f31b17723c574d7f8b7c0487f8.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/97316c489b77a6b365ea9b98c5a62cd7.000456df.honggfuzz.cov delete mode 100644 examples/bind/corpus/974a77e9261eb3a01a440e184ea27e05.0000054f.honggfuzz.cov delete mode 100644 examples/bind/corpus/975654946fa7dbca4d8bd529f048e3db.0000005c.honggfuzz.cov create mode 100644 examples/bind/corpus/975e04dac8bc7885136700a279e19144.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/976c28de87d3bcffed4475018a2019bf.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/97bbe55e98256d0b66e71e4188c1f8ec.0001d067.honggfuzz.cov delete mode 100644 examples/bind/corpus/97d466cc545692d01f44e037bae9df0e.00000e03.honggfuzz.cov create mode 100644 examples/bind/corpus/97d4b765c4113abf600e77c85009eac9.00000036.honggfuzz.cov delete mode 100644 examples/bind/corpus/97d88a339cc208d082c792c01cd3f245.0000031d.honggfuzz.cov delete mode 100644 examples/bind/corpus/97e178d006d8074d0b6b712a26e7228d.000000e0.honggfuzz.cov create mode 100644 examples/bind/corpus/97e2082e6786baa217ec1a16b5f9d748.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/97e2693e51cc097dd701541d41a30c50.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/9807a7c4654a8043caf1cd872cf88dee.0000037e.honggfuzz.cov create mode 100644 examples/bind/corpus/9816103e52ea19f04e025531f3f04cce.000000b5.honggfuzz.cov create mode 100644 examples/bind/corpus/984768fe51ccc526276b288a1408d291.00000088.honggfuzz.cov create mode 100644 examples/bind/corpus/988aafae1a9d02ca0e54688e116bffd9.00000089.honggfuzz.cov delete mode 100644 examples/bind/corpus/98a47da863275b2aaf55e69f4ac36c72.00000050.honggfuzz.cov delete mode 100644 examples/bind/corpus/98b7ef7d192c1fd79eb48dfb4c6aaf19.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/98c6bcf703c4ceb57a9a8dbc5dda819b.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/98da8f9561bf8c543ccedd4fb8223020.00000124.honggfuzz.cov delete mode 100644 examples/bind/corpus/98e060534c0298f3be18174bc7d5b972.000003db.honggfuzz.cov create mode 100644 examples/bind/corpus/98f825012506923e38144bc109a9a7f0.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/990b565a33a685b9522d233c635a0963.0000004f.honggfuzz.cov create mode 100644 examples/bind/corpus/99148f422e82c649d7b3629ac84bdbb9.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/9914953d5606f6a84b1c7aad5191513f.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/992e97e9af1046d681e7958dc7a039b0.0000001d.honggfuzz.cov create mode 100644 examples/bind/corpus/9936fd7ecd3d8ca5b72baa27ba559c77.00000326.honggfuzz.cov delete mode 100644 examples/bind/corpus/99442b4c6bca8179c62dc69a91305a8f.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/994455000104000a76b00af0b401b000.0000000a.honggfuzz.cov delete mode 100644 examples/bind/corpus/994ec9dd88302bf900ed58b4bcb90ad6.000000b3.honggfuzz.cov delete mode 100644 examples/bind/corpus/997e361c34599bfa7cd2f70ec596c64d.00000057.honggfuzz.cov delete mode 100644 examples/bind/corpus/998092c59877e864c67102e65529973b.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/9988335543d270da97ab62db0274214a.00000053.honggfuzz.cov delete mode 100644 examples/bind/corpus/9993d897c47779f8ab48e3df7e63674d.00000137.honggfuzz.cov delete mode 100644 examples/bind/corpus/99a4af298af65377ad1c67fdabd5ec1c.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/99b900b32888c18306a9768fe28c6e9b.000001e8.honggfuzz.cov create mode 100644 examples/bind/corpus/99be5b3f28ba751caadee34552d96dde.00000133.honggfuzz.cov delete mode 100644 examples/bind/corpus/99c8658ec91b3d2ee9b447e5e7aa41dc.00016ced.honggfuzz.cov create mode 100644 examples/bind/corpus/99f79a7957856720248d03f177622590.0000ffff.honggfuzz.cov create mode 100644 examples/bind/corpus/9a0160c83f77ba8fc6413297ac542acc.00000084.honggfuzz.cov delete mode 100644 examples/bind/corpus/9a20bcf2c3c6cf1917cdcb372cb16035.000001e6.honggfuzz.cov create mode 100644 examples/bind/corpus/9a24e0f5e967016222485d751d249678.00000c2b.honggfuzz.cov delete mode 100644 examples/bind/corpus/9a2e93f94cb9e4ccfef55975c70df7cc.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/9a478e850a78330bcd9743b98d046c2f.00000813.honggfuzz.cov delete mode 100644 examples/bind/corpus/9a4c0f2d0c1f58cce8b3accb44c8b887.00037bf1.honggfuzz.cov delete mode 100644 examples/bind/corpus/9a524b5e74ec2c5a25dd15af8f5fd1ee.0000b904.honggfuzz.cov delete mode 100644 examples/bind/corpus/9a5b671aa4e307ba305444ff8887dc95.0000186a.honggfuzz.cov delete mode 100644 examples/bind/corpus/9a847f2b92f2954753e4675843752342.0000ede4.honggfuzz.cov create mode 100644 examples/bind/corpus/9a9e43619d28ceedb8f72e81fc8b8cbe.00000020.honggfuzz.cov create mode 100644 examples/bind/corpus/9aafc693d7d3b6e2c9c513c1c7e721a7.00000e87.honggfuzz.cov create mode 100644 examples/bind/corpus/9acad278c1a511ce63340baa622b4753.0000008a.honggfuzz.cov delete mode 100644 examples/bind/corpus/9accd3f7695b86bf7e41c45ffbe1852d.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/9acdfd19ca9863238dfc9be0a7382581.000000d9.honggfuzz.cov delete mode 100644 examples/bind/corpus/9ae15eeb980a9ad76a34bd8c99308fce.0000001e.honggfuzz.cov create mode 100644 examples/bind/corpus/9ae15eeb987a9dd72b30ad8c99308fce.0000001e.honggfuzz.cov delete mode 100644 examples/bind/corpus/9af6c9513718fdc00c99462caed3e098.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/9afb2673b5faa7933f968fd8321b5ad4.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/9b04e3b49b565dc489e467751d1fdc00.0000001b.honggfuzz.cov delete mode 100644 examples/bind/corpus/9b0937c11d190ea979a53ff8adea77c8.00005435.honggfuzz.cov create mode 100644 examples/bind/corpus/9b146a09601c4c98344091ac62b3e07c.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/9b2f99351050881042d56a4f699a2221.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/9b4fa82f2f7d8974d4e72ea43f59c22a.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/9b50664f0e69819678e5f9cd014e1b5e.0000014c.honggfuzz.cov create mode 100644 examples/bind/corpus/9b526e300dc89572c75a0899523a542b.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/9b53f13aa2e8ee4e2813a7d017617426.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/9bd050fb65acf65e4c4db33d25f586fc.00000086.honggfuzz.cov delete mode 100644 examples/bind/corpus/9bd92fa396722ba4eb5a3e8f29a8db4b.00000b97.honggfuzz.cov delete mode 100644 examples/bind/corpus/9bef75bcd684bd8b34a6624b75008047.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/9c04aa454702d942ab3924ffa9151a6a.00006dc8.honggfuzz.cov delete mode 100644 examples/bind/corpus/9c06335ea3609683fc18182f80b12b89.00010c3b.honggfuzz.cov create mode 100644 examples/bind/corpus/9c16b20f8ee99a46a205af03cd2e70f3.0000009e.honggfuzz.cov create mode 100644 examples/bind/corpus/9c1fd5a293e3adb4287e03e1f894a70a.0000247f.honggfuzz.cov delete mode 100644 examples/bind/corpus/9c3749c4e931d4dafcbac4f9de7ab8b7.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/9c3fcd5eb79ade22542c2f5e489b5785.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/9c48ea7d0f7b68d34de54376f92c96ad.0000012f.honggfuzz.cov delete mode 100644 examples/bind/corpus/9c4c5dd9b675b931019346240deae7d4.00000186.honggfuzz.cov delete mode 100644 examples/bind/corpus/9c5d3355a6126742306cd9453d7fdc09.00001b82.honggfuzz.cov delete mode 100644 examples/bind/corpus/9c6c8baf4e5f90aec3b087960eb86762.0000002a.honggfuzz.cov create mode 100644 examples/bind/corpus/9c7eef3a552018671669aef008bf6f6c.00000473.honggfuzz.cov create mode 100644 examples/bind/corpus/9c80116f64df445f99934cfe8c2c3293.00000026.honggfuzz.cov create mode 100644 examples/bind/corpus/9c8ccbb4c83bff2386b60f660f522a99.00000078.honggfuzz.cov delete mode 100644 examples/bind/corpus/9c9118b9c4c10aaa8f908c8b61f62305.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/9ca7a82dec679c40e63331e6c94d5dc3.000078f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/9caba165ea39b21e452491d68a3bb3e3.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/9cb02bd31d2bbf73732818bd287206a7.00018619.honggfuzz.cov create mode 100644 examples/bind/corpus/9cc433d6102cb04a88d65f9b9a501103.000003e3.honggfuzz.cov create mode 100644 examples/bind/corpus/9cd4586cd6caea6ffd7f74c954fcbf10.0000006e.honggfuzz.cov create mode 100644 examples/bind/corpus/9cfa5e73092d6e284c3fee11ba83d176.0000194e.honggfuzz.cov create mode 100644 examples/bind/corpus/9cfc854e19a7fe05057a9daedc94161a.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/9d19c045275ee624b19de2a84e680087.00000077.honggfuzz.cov create mode 100644 examples/bind/corpus/9d26a3a8f891dc44d9d03e03a8df852f.0000009e.honggfuzz.cov delete mode 100644 examples/bind/corpus/9d3a64677cc44ff31785fb27e05abb75.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/9d4b8877f540261791c5dae38711a84c.00017634.honggfuzz.cov create mode 100644 examples/bind/corpus/9d63a110d1319cfee1215191794d6dc0.0000da9a.honggfuzz.cov delete mode 100644 examples/bind/corpus/9d97131428060500feb7cbc0f4371104.00000153.honggfuzz.cov create mode 100644 examples/bind/corpus/9d97d371c555969656596667d63d9696.0000000d.honggfuzz.cov delete mode 100644 examples/bind/corpus/9da9b3840b9c0decfd984009cf844c26.0000006e.honggfuzz.cov create mode 100644 examples/bind/corpus/9dc0bef6c3c0fb81fa2f099fae2a1483.00001876.honggfuzz.cov create mode 100644 examples/bind/corpus/9e3197835860d90892a0b0774a0fd116.00000ffe.honggfuzz.cov create mode 100644 examples/bind/corpus/9e54fde9dc4fce6fd2a3330606e88ca1.000000db.honggfuzz.cov delete mode 100644 examples/bind/corpus/9e5bd0993ee77df183fa6204b8d5d063.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/9e5d32fc1396702b7f6687d6d07a3a76.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/9e9b84c1312657f0ba21044ff6c4d555.000000c5.honggfuzz.cov delete mode 100644 examples/bind/corpus/9e9c7c2d45b74eaca2fbba5dac45567a.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/9ed7a44f3459579c7293fd82f91886a5.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/9ef327d7f6dda107436104a9316a80bc.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/9ef880fd79741ae30f8933edb5931850.000007ec.honggfuzz.cov create mode 100644 examples/bind/corpus/9efd6b6bbf73575d92070667871a01d8.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/9f1870c4c76199261050f365a0440e0f.0000006c.honggfuzz.cov delete mode 100644 examples/bind/corpus/9f1b409e68c5a67dac21d6d03853a649.00001c32.honggfuzz.cov delete mode 100644 examples/bind/corpus/9f220c220f6c517431d71d4e08ae8738.00000131.honggfuzz.cov create mode 100644 examples/bind/corpus/9f292121381f43142bdf5172b9525bd6.00002f8b.honggfuzz.cov create mode 100644 examples/bind/corpus/9f34f7eacae98612255422419adb4275.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/9f3b0bab8818e85f40a3d259cee1c1f4.000003db.honggfuzz.cov delete mode 100644 examples/bind/corpus/9f40657d9a60bac7a329c42339c31397.00004436.honggfuzz.cov delete mode 100644 examples/bind/corpus/9f49883a1efa1dbfe31704cc95c5436f.00001cf2.honggfuzz.cov delete mode 100644 examples/bind/corpus/9f4ca46f8c98bf93f69d2d5f437fd264.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/9f940d317226629c1ccdc39d7766ddd0.000003a2.honggfuzz.cov delete mode 100644 examples/bind/corpus/9fa933d0ab17015fea3c248cbd109424.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/9fb9c1f611ea4f2a92273d317a872a69.0000021c.honggfuzz.cov delete mode 100644 examples/bind/corpus/9fbb24871c5f0f69408ad3bd4e619889.000001c0.honggfuzz.cov create mode 100644 examples/bind/corpus/a016fe637a1b8c9c0c9f64fefdc8301a.00000028.honggfuzz.cov create mode 100644 examples/bind/corpus/a01c3ddf42aedd0f602fb9ac6f62d7bc.00000037.honggfuzz.cov create mode 100644 examples/bind/corpus/a03b1b98a888cea5675269f56a178fb8.00007d13.honggfuzz.cov delete mode 100644 examples/bind/corpus/a03b6d24f1faef19fa6bff3dfdae9b42.000000da.honggfuzz.cov delete mode 100644 examples/bind/corpus/a0520991170e2e6b6743b9f334f3d3c7.0000002d.honggfuzz.cov delete mode 100644 examples/bind/corpus/a05777b289961561be9774c612d5adab.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/a064cfcde57fa35e0c1e2c7b491475b2.00000098.honggfuzz.cov create mode 100644 examples/bind/corpus/a07e62f089ab39b6b35deefeb0a51912.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/a0b24fbad6746111920f68bed16b421e.00001ff2.honggfuzz.cov create mode 100644 examples/bind/corpus/a0bb083b07210c657d90e9433932b822.000000d6.honggfuzz.cov delete mode 100644 examples/bind/corpus/a0be23958f0e9098a51f927ffee515e8.0001380f.honggfuzz.cov create mode 100644 examples/bind/corpus/a0d71bd6b842a5d1064e602e7d629a10.000001b4.honggfuzz.cov delete mode 100644 examples/bind/corpus/a10cd633271fe1918f6402844e039d37.0000149e.honggfuzz.cov create mode 100644 examples/bind/corpus/a14c766662ea031a57db264ac2b68da3.0000015c.honggfuzz.cov create mode 100644 examples/bind/corpus/a15442623d6f0b0be45c19242f117008.00000230.honggfuzz.cov create mode 100644 examples/bind/corpus/a183b4888ed00161535073c521c43acb.0000007e.honggfuzz.cov delete mode 100644 examples/bind/corpus/a185a0e8906407ea8cf819772a2d2770.000000ac.honggfuzz.cov delete mode 100644 examples/bind/corpus/a1a3023c9881ad336c71c7965b5fb811.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/a1a60014fa1a91308a596eca526293cc.0000039a.honggfuzz.cov delete mode 100644 examples/bind/corpus/a1a7f91aae7df9c662b5970f58e40fc0.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/a1b0b1238e5d652e93ad8c2701606cbf.0000003c.honggfuzz.cov create mode 100644 examples/bind/corpus/a1b607f8e55d652e93ad892751606cbf.0000003c.honggfuzz.cov delete mode 100644 examples/bind/corpus/a1dc76867a0858992450d51accce24fd.000096fd.honggfuzz.cov create mode 100644 examples/bind/corpus/a1eb1ef4cb3878b4a5ea20e2d32fd8b2.0000e677.honggfuzz.cov create mode 100644 examples/bind/corpus/a218eaf03d52bdc99714fc6e3c1d873a.0000004a.honggfuzz.cov delete mode 100644 examples/bind/corpus/a21ab4fcfd1df76ebdeedba8141b86f0.0000091b.honggfuzz.cov delete mode 100644 examples/bind/corpus/a2478dc41862a398b452010f3138e9f2.000146cd.honggfuzz.cov delete mode 100644 examples/bind/corpus/a2500d2cc00127a1069205e74da35ba4.00000c65.honggfuzz.cov delete mode 100644 examples/bind/corpus/a2674df5950d8893695d45a1ad2a4ee5.0001faa6.honggfuzz.cov create mode 100644 examples/bind/corpus/a27de21a5f1bf603384b86868ad94b99.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/a27de2d99c1bf603382416798ad94b66.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/a28dd48e076c397c9f80b1e46a2f56a4.0000038d.honggfuzz.cov delete mode 100644 examples/bind/corpus/a295f1f5b014f447a9779dc0f4864919.0000039a.honggfuzz.cov create mode 100644 examples/bind/corpus/a2aab994608af2bf5489d548eef4060c.00000129.honggfuzz.cov delete mode 100644 examples/bind/corpus/a2ad737b4dc154113190625af3156a82.0000027d.honggfuzz.cov create mode 100644 examples/bind/corpus/a30aa9018c5a82ee603fcc52078f8d9d.000000b6.honggfuzz.cov create mode 100644 examples/bind/corpus/a30bb686fd4486a146823e3d26ec1c49.00000034.honggfuzz.cov delete mode 100644 examples/bind/corpus/a368730ae32b007c7c225eaa02f02c19.0001cbf4.honggfuzz.cov create mode 100644 examples/bind/corpus/a37d30a1e40b96e849837eff7d004256.0000008f.honggfuzz.cov delete mode 100644 examples/bind/corpus/a39096d84a4bae6024247360f3dc8d65.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/a39103ac907c84180fe232380200ef78.00000265.honggfuzz.cov delete mode 100644 examples/bind/corpus/a396036e2df89b92c5d4cf77ec98c9d6.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/a3a1464b15e2eb82eda192d71e1410c4.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/a3b0695ea153abb52e242c78714783a5.00000037.honggfuzz.cov delete mode 100644 examples/bind/corpus/a3b95d2384c4caf67052e0d235e3e134.0000022b.honggfuzz.cov delete mode 100644 examples/bind/corpus/a3cbc25a58020f7195782b4a320bacc0.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/a3e4f043460f6fc163d5574b59368a54.00000ccd.honggfuzz.cov delete mode 100644 examples/bind/corpus/a41a8d129540fd864ecee210b7eabecc.0000005c.honggfuzz.cov delete mode 100644 examples/bind/corpus/a420205bfc05635b8f76c4bfb897e0b5.00077ae3.honggfuzz.cov create mode 100644 examples/bind/corpus/a43d8db1fba63fe82d616271044ac3f9.000000c8.honggfuzz.cov delete mode 100644 examples/bind/corpus/a447d6a5b5fee2161c53f3c543605b91.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/a458764f01f4960bdd1eaf8e7a82e8c8.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/a49840d13ead8df3426e4ef739c9e7a8.000105b8.honggfuzz.cov delete mode 100644 examples/bind/corpus/a4b817770dec3e7122dbff082f104d87.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/a4be738f467b6310ef59a2bbb7cd9bb1.00000087.honggfuzz.cov create mode 100644 examples/bind/corpus/a4d1e1f6b7cd8cb755916ee8392cfdfe.0000a1cf.honggfuzz.cov delete mode 100644 examples/bind/corpus/a505871ca6e39a5932ce36bd02b710e4.00000a33.honggfuzz.cov delete mode 100644 examples/bind/corpus/a5115545071862e7883e1de4a819e1fa.000016f9.honggfuzz.cov create mode 100644 examples/bind/corpus/a52598fa080ac273d85c4b924f4d9a30.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/a5283a4da91168704315144e987010b4.000001c7.honggfuzz.cov create mode 100644 examples/bind/corpus/a53dd5705a8e9999204b6f5c95f1a25b.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/a5426273edde37853cb6c497ca8b49f2.000001e2.honggfuzz.cov delete mode 100644 examples/bind/corpus/a55e114d451292f77b58fa70a4b26584.000006ae.honggfuzz.cov delete mode 100644 examples/bind/corpus/a56e56f0dd6f5b8543d1587201b2b0fc.0000af89.honggfuzz.cov delete mode 100644 examples/bind/corpus/a57bfd6d3b3dc89b3b101275a61d4a1d.0000078f.honggfuzz.cov delete mode 100644 examples/bind/corpus/a58239d169c09338a9daabdd9c18b054.0000e3cf.honggfuzz.cov delete mode 100644 examples/bind/corpus/a58a657e175b46ee07fe21bdc9499348.000000de.honggfuzz.cov delete mode 100644 examples/bind/corpus/a598482c6a8fd55ddca9e1b2cd29de1d.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/a59dae3fdd5f4efaa50456bf9cd53617.000000a6.honggfuzz.cov delete mode 100644 examples/bind/corpus/a5a23430a5d3043b151e8504cfe3c460.0000007c.honggfuzz.cov delete mode 100644 examples/bind/corpus/a5a32f65f8b007f5e39f886cb69dab05.000004d9.honggfuzz.cov delete mode 100644 examples/bind/corpus/a5c2dadffe3493ac1cfc7355d46a822e.0000defe.honggfuzz.cov delete mode 100644 examples/bind/corpus/a5d94ae45c6bb41b65829f8ce97e9b57.0000001f.honggfuzz.cov delete mode 100644 examples/bind/corpus/a5f197b3d4133241aa806b8ed44d2722.00000052.honggfuzz.cov delete mode 100644 examples/bind/corpus/a5fca21fbdb995841a928321c1bedaaf.00000ba2.honggfuzz.cov delete mode 100644 examples/bind/corpus/a610357e5defd3a841866495d2b5c99e.00000453.honggfuzz.cov delete mode 100644 examples/bind/corpus/a61895c9c6c382f2c17b7482029244cc.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/a631ade9db3696c322cbaf0a6a0940a6.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/a63df3bb99f5c2cb19be95b7799e16ba.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/a64afb79517c53037a2590c8477683fc.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/a658748d5c8f230abf863aae3abc14e2.00000034.honggfuzz.cov delete mode 100644 examples/bind/corpus/a65d2060631e85d9ec6f3e1dac46622e.00000240.honggfuzz.cov delete mode 100644 examples/bind/corpus/a66577018755d91bbcfa61606e1f5e36.000002a4.honggfuzz.cov delete mode 100644 examples/bind/corpus/a67e3770f800997332041141a4329b0b.00000196.honggfuzz.cov create mode 100644 examples/bind/corpus/a68ad5b18102f37035a2e6afe93452b2.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/a6a6998c9e976fb5c6ed6d139041ac87.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/a6b187dfe85db0f2010180b1c537830c.0000002d.honggfuzz.cov delete mode 100644 examples/bind/corpus/a6c01abe721cb324d2a91528b9efce6b.00002dd8.honggfuzz.cov delete mode 100644 examples/bind/corpus/a6c3d8df4164270433e188b786ea91af.00000288.honggfuzz.cov delete mode 100644 examples/bind/corpus/a6c7220bd01ebf7bf13306803ecbb380.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/a6ca292a4e976fb599b92f9b5c5ac131.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/a6d3ee1b52778c6a405b8efecb8dc1fc.00000081.honggfuzz.cov delete mode 100644 examples/bind/corpus/a6dcad3dc8f7a87be53324228917b388.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/a6eaac560ae42f6b88320055613c9090.00000088.honggfuzz.cov create mode 100644 examples/bind/corpus/a6fc1a74a50ec5ebd50d14bc5e0b2505.00003524.honggfuzz.cov delete mode 100644 examples/bind/corpus/a6ff1f67a217672f66f788892796d94d.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/a7015e0a1783fe9a0e90efcfe9a68fc4.00013860.honggfuzz.cov create mode 100644 examples/bind/corpus/a70b754f4c26b71510f1f726b656e37d.00000332.honggfuzz.cov delete mode 100644 examples/bind/corpus/a7151905aed9969e7950c50906efe939.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/a72882564b37eaa40d5ac0fd3bc8457e.0000010f.honggfuzz.cov delete mode 100644 examples/bind/corpus/a72999a201d54a41cd00a8e8ecc2dbc0.000004f2.honggfuzz.cov create mode 100644 examples/bind/corpus/a779de6ae19f3b4535b47ace604dc1d3.000002cf.honggfuzz.cov delete mode 100644 examples/bind/corpus/a77b457a922809bd9e8b0302999817b4.000002cb.honggfuzz.cov create mode 100644 examples/bind/corpus/a7804bde94f160360d94aec807d3cd47.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/a788e0a83f2f5a4f76f1b047b0ce11ae.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/a790b65b5d7db4ffe35862899942f29f.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/a7a2ea92f0b1c67308782d63de9772bb.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/a7a5f7cce6883b33969187d85c26173f.0000022b.honggfuzz.cov create mode 100644 examples/bind/corpus/a7af60674dc6f87b21f5dc3cf7f1388a.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/a7f2706707e9002b414f56a851207576.00000020.honggfuzz.cov create mode 100644 examples/bind/corpus/a811228134c06b9470e53e480bbda078.00000086.honggfuzz.cov delete mode 100644 examples/bind/corpus/a863beadd76ad4cf421f6c96ff64755b.0000008f.honggfuzz.cov create mode 100644 examples/bind/corpus/a888404ceba1714ed169b15f76808e29.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/a895de393abbacc72d9c252f08da804c.00000444.honggfuzz.cov delete mode 100644 examples/bind/corpus/a896f9b5d5be3f2212888209e65973fa.00000414.honggfuzz.cov create mode 100644 examples/bind/corpus/a8a2f3cc6f8554bbd541113af1d49ff3.000019cb.honggfuzz.cov create mode 100644 examples/bind/corpus/a8ab13c0eba0b148488ee20bce7525f5.000012a3.honggfuzz.cov create mode 100644 examples/bind/corpus/a8c31953481fdbed7c58939f3aeae057.000002a7.honggfuzz.cov delete mode 100644 examples/bind/corpus/a8d956d999eb81f82d8cebf2b62ac61d.0001153e.honggfuzz.cov create mode 100644 examples/bind/corpus/a8fa5d8658338a6d17af6ffc2dbd1aff.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/a8fabfc01d808ac82d0820f845e0d314.00000113.honggfuzz.cov create mode 100644 examples/bind/corpus/a905d0ce390511287f3ec06196d75a25.00001fcd.honggfuzz.cov create mode 100644 examples/bind/corpus/a918ba6fb91d456b30f82f33e13a1714.000148c5.honggfuzz.cov create mode 100644 examples/bind/corpus/a940a0127e6a311a0390ab5588b1d292.0000ffff.honggfuzz.cov delete mode 100644 examples/bind/corpus/a9984ae5ff1ed4052f5795fc6ec23e9b.000713ab.honggfuzz.cov delete mode 100644 examples/bind/corpus/a9b5da3ce23c478b6bcbbd69369365b7.00000023.honggfuzz.cov delete mode 100644 examples/bind/corpus/a9c6d511aa1e76e2d50c59c697d90662.000007bb.honggfuzz.cov create mode 100644 examples/bind/corpus/a9d5b0468ba4cedc3c657abaed85e4fc.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/a9ee91da097b35b234247ae8760d653d.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/a9ee9c82dcfb35b2448c77bdfb55b0b0.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/a9f1644ed8271b293df69d959b7ed715.0000c95f.honggfuzz.cov create mode 100644 examples/bind/corpus/a9f239f0a4d8ec422b90efa1069e891e.000000f2.honggfuzz.cov delete mode 100644 examples/bind/corpus/aa14ae70e9e91d808e78d701fba06988.00000041.honggfuzz.cov create mode 100644 examples/bind/corpus/aa43ae8b382bdfa40b4614e10e6a4819.0000ffe6.honggfuzz.cov delete mode 100644 examples/bind/corpus/aa5dc21b86f772422c1dacfc0b82553d.000015c7.honggfuzz.cov create mode 100644 examples/bind/corpus/aa5fdd739a97e880bf7ba9f3a2ba3ca6.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/aa8bf95f503503920d0ce6ae48ffc663.00000335.honggfuzz.cov delete mode 100644 examples/bind/corpus/aaabfdef2ec5803a2edd283331cc6b47.000005f3.honggfuzz.cov delete mode 100644 examples/bind/corpus/aaac39e0e298f044fcc802a5027d1c4f.0000004d.honggfuzz.cov delete mode 100644 examples/bind/corpus/aaf91f027e14508db49d56035a61ab1c.000004a7.honggfuzz.cov delete mode 100644 examples/bind/corpus/ab10ca005f5b90e023ca523324e28b40.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ab2a078948126370912a164bed876734.000062be.honggfuzz.cov delete mode 100644 examples/bind/corpus/ab5d1b78b00c5f80aeb34d7e61f02d55.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/ab5edd43e0c22b157937dfb613997139.00000967.honggfuzz.cov delete mode 100644 examples/bind/corpus/ab5ee8f75bfc75c08821addc7d3ae0cb.00000115.honggfuzz.cov create mode 100644 examples/bind/corpus/ab5fd84ffe624670c48c93c74fe28f75.00000217.honggfuzz.cov delete mode 100644 examples/bind/corpus/ab819ac820068c21c13a0b93940dcb16.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/ab8a03934f7925de9abdde611fc01c86.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/ab979bae14aa2df1fcc289470a186b76.00016710.honggfuzz.cov delete mode 100644 examples/bind/corpus/aba86af181e00cb1d8bfdb02a824ee09.0000e687.honggfuzz.cov delete mode 100644 examples/bind/corpus/abb5f73167cd5f353fea714d3129949b.00000157.honggfuzz.cov create mode 100644 examples/bind/corpus/abbdf197dd8d090ef36521f5aa892da1.0000004c.honggfuzz.cov delete mode 100644 examples/bind/corpus/abf48a0f38d07ca394281b848c91cee5.00000040.honggfuzz.cov create mode 100644 examples/bind/corpus/ac084f42c3587ec8640c0f5a7158b8d1.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/ac2367e7a52ea56d73dc33f8ed760841.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/ac3390328dbfde33b258489262ecf4a9.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/ac3f33efaebb7cf4440fc11289921cb1.00002000.honggfuzz.cov create mode 100644 examples/bind/corpus/ac657e8e1ba8b1c069986bea3d02e0cb.00000037.honggfuzz.cov delete mode 100644 examples/bind/corpus/ac9cb2cc5c6fe8d295a31531b055d408.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/acc38191cb61106741060c23bdb253b2.000000a5.honggfuzz.cov delete mode 100644 examples/bind/corpus/acc99e42579e338a4a7c1d57f99b65ea.0000c8de.honggfuzz.cov delete mode 100644 examples/bind/corpus/accb79336cae9aac9770835deaa5575f.00020000.honggfuzz.cov create mode 100644 examples/bind/corpus/ace4781cffbc0749fad8702f1c1e4d8a.0000012f.honggfuzz.cov delete mode 100644 examples/bind/corpus/acf0decc5c6fa89295f20471b055b864.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/acf81bdf9147618d72e56faed8141696.00000146.honggfuzz.cov delete mode 100644 examples/bind/corpus/ad03b23869341e07e86fdc48d464147a.000006a9.honggfuzz.cov create mode 100644 examples/bind/corpus/ad2da8a4d56858bf3c58897fc9b0a67b.00000042.honggfuzz.cov create mode 100644 examples/bind/corpus/ad5aca1eaf6462bd9e26ed80df4abc0e.00000f3a.honggfuzz.cov create mode 100644 examples/bind/corpus/ad5c43462e2d49e92d34feb369c83bd3.000005df.honggfuzz.cov delete mode 100644 examples/bind/corpus/ad7611f3dcbf2e8db7d8a193019cbc26.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/ad8b0b8ae8a900e724565e83d4c764cf.00000019.honggfuzz.cov delete mode 100644 examples/bind/corpus/ada082e1229712beb14b46f22c3378a9.0000005f.honggfuzz.cov delete mode 100644 examples/bind/corpus/ade9fc0e578446234c6170a1ce1bc031.000170df.honggfuzz.cov create mode 100644 examples/bind/corpus/adfa1051483316fa6aa4749bd47ae70b.0001153e.honggfuzz.cov create mode 100644 examples/bind/corpus/adfc4f05cdc080cbe47693cad1d281fd.000054d1.honggfuzz.cov create mode 100644 examples/bind/corpus/ae182f2ad48c2a8abfece2185e486e6b.00000138.honggfuzz.cov create mode 100644 examples/bind/corpus/ae225ee03821b5280b5fadfa8b789846.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/ae227cf216469cd95774c8c8a3d1555a.0000007a.honggfuzz.cov delete mode 100644 examples/bind/corpus/ae3ade096ab6a515a16963dad1dab1b7.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/ae3cc552d1b1015bce88c8b20f15dc44.000003fc.honggfuzz.cov delete mode 100644 examples/bind/corpus/ae3d3d9d1ed8d656945185e747c1e9b6.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ae7b6a5591f1db0be44831e0f63d877f.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ae7cab37623f2bed45f7991bfd3a8046.00000062.honggfuzz.cov delete mode 100644 examples/bind/corpus/ae91a88f58f26bcf7092222bcf23327b.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ae91ab7c97cd6bcf5f422118cc130178.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ae9e214e2b3fce73c34c8b99d8795f3a.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/aea1809e18932f15cdca5ee0e1cc13cb.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/aea1809e88032f159e99ce70e1cc835b.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/aeb68da36274c6f17c8e03ce53c91745.00016ced.honggfuzz.cov create mode 100644 examples/bind/corpus/aec9e4483133e242046cb6a74eec66b4.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/aee51ba143edb0fc421d949f1c2f0be2.0001102a.honggfuzz.cov delete mode 100644 examples/bind/corpus/af0ba9952a82f2ad168a70de869f2aef.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/af134555e0bf4fd677f8423306837763.00000b01.honggfuzz.cov create mode 100644 examples/bind/corpus/af56d0e9faef86e3b8c4abfac060f499.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/af6e075f3adcf392d7fa6295b3974203.00000336.honggfuzz.cov delete mode 100644 examples/bind/corpus/af6e8ce1f8f5928c746248d76b986e8a.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/afa3de728207e0e8b3869153d0d91203.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/afa3de7282b1863895e04a3e66bfc91c.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/afa7a4a363ae942e76488103e27febc3.00016ced.honggfuzz.cov delete mode 100644 examples/bind/corpus/afd426fdcc6cd5127ff576512301b7bc.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/afd6e5475b797e7a5762a4513c5b282f.00000069.honggfuzz.cov create mode 100644 examples/bind/corpus/b01a570db528d6637bec1c2426767198.00000020.honggfuzz.cov delete mode 100644 examples/bind/corpus/b03293ce03083861e2b311549e8e2556.0000021f.honggfuzz.cov delete mode 100644 examples/bind/corpus/b045aea56756f4b71b4b7773206feef0.0000a0a1.honggfuzz.cov delete mode 100644 examples/bind/corpus/b04fb9a8215b103243cbe8739d7cf98a.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/b061297769f91e45d093dd57c0bd169d.00000ffe.honggfuzz.cov delete mode 100644 examples/bind/corpus/b08c7917bdf4de6dae98141e3feaf9e7.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/b0ac0b8af11a93f50cdad39bb5ab2c57.00000051.honggfuzz.cov delete mode 100644 examples/bind/corpus/b0c2ab50cbdd36211cc989424f064fb0.00000546.honggfuzz.cov delete mode 100644 examples/bind/corpus/b0e15f7ecce9ce32cec800a2ab26e066.00000037.honggfuzz.cov create mode 100644 examples/bind/corpus/b1aed63c99df24404300897180614a6e.000000e1.honggfuzz.cov create mode 100644 examples/bind/corpus/b1b4f4d79d86d98a6c0e6883e8e83ab3.0001153e.honggfuzz.cov create mode 100644 examples/bind/corpus/b1bf44d032ada918e1510e5e804ef610.0000092c.honggfuzz.cov delete mode 100644 examples/bind/corpus/b1d10225f53e5f3c7a4d7f8b58b25cb1.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/b1d404685d68e685b3c9a19e6e28de29.0000151b.honggfuzz.cov delete mode 100644 examples/bind/corpus/b1d5efa10c25bcff4f44e699f40ca1e5.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/b1edba286b2eb85b308effadf5e594a6.000000ae.honggfuzz.cov delete mode 100644 examples/bind/corpus/b1fd22361d7f05bd3d7a6b88ff385499.00015ac8.honggfuzz.cov create mode 100644 examples/bind/corpus/b224ec9e1d03cbe1bb341fd4fa22f856.000002e6.honggfuzz.cov delete mode 100644 examples/bind/corpus/b243e5be8b59746d420ac966ca8c4f47.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/b2711af1b58e937a89a0219e62d8c88c.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/b2959afd155f4497fb941b457f515014.000000c6.honggfuzz.cov delete mode 100644 examples/bind/corpus/b2a37ab3c886f2ca483ab8e660092254.000061c9.honggfuzz.cov create mode 100644 examples/bind/corpus/b2ae4abaeb367ce74924cbdbad22ebf8.00000176.honggfuzz.cov create mode 100644 examples/bind/corpus/b2b4e31ab4c38b0069437ee8fa34ad93.0000006a.honggfuzz.cov delete mode 100644 examples/bind/corpus/b2b4e31b6fb38b0088536fe9eb34ac49.0000006a.honggfuzz.cov create mode 100644 examples/bind/corpus/b2ced594813768bbfe3495c48174d150.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/b2d55853452c9abf16761b2200734b22.00000084.honggfuzz.cov create mode 100644 examples/bind/corpus/b2d87d89bb4a1e8e2af0d80f34b12d30.0000025f.honggfuzz.cov delete mode 100644 examples/bind/corpus/b326c744521fc8efffda6d6205c6c5f8.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/b32e837c85d9596f3bcfb45c7fdae7e6.0000052e.honggfuzz.cov delete mode 100644 examples/bind/corpus/b33dc2146c7d11d6bea01d0f32975c15.00000239.honggfuzz.cov delete mode 100644 examples/bind/corpus/b35f72fe02b2bf2428f7acc5d9b439a1.00014294.honggfuzz.cov delete mode 100644 examples/bind/corpus/b3804c2e82c59c3ca0a4919bb3df6cd6.0005eb74.honggfuzz.cov delete mode 100644 examples/bind/corpus/b3bacf29d6a400a3d325daccf00d0648.000006ae.honggfuzz.cov delete mode 100644 examples/bind/corpus/b4082d2e02c879d7f05f1aad8f36cc57.000003ad.honggfuzz.cov create mode 100644 examples/bind/corpus/b419c2fd219a8ebe57284ffd03ee73c9.00000455.honggfuzz.cov delete mode 100644 examples/bind/corpus/b42083abca7bde3e0a00ede9f3209df9.00002407.honggfuzz.cov delete mode 100644 examples/bind/corpus/b42cf814cc3c3086897b8a3a05b18648.0000338a.honggfuzz.cov create mode 100644 examples/bind/corpus/b48aa4d40a8bb4efbfa392aee5a14f52.00000040.honggfuzz.cov create mode 100644 examples/bind/corpus/b4b919b71417aa44bf1bf5d428766940.00000100.honggfuzz.cov delete mode 100644 examples/bind/corpus/b4f15564d0636ce893298cf03a4ab089.00000265.honggfuzz.cov create mode 100644 examples/bind/corpus/b4f376b02ed25880e6b99d4a1a2954f4.00000350.honggfuzz.cov delete mode 100644 examples/bind/corpus/b50be83f600a097014e90740bcba4777.000001cc.honggfuzz.cov delete mode 100644 examples/bind/corpus/b532d31a004896f970183415ef0f8b66.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/b544e3128b59746d456778a6ca8c0b46.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/b5526925ee3a29c86cb708582491c5ae.00000e83.honggfuzz.cov delete mode 100644 examples/bind/corpus/b5aa3b6149f9a5a9cccbce8e6bfbd7b3.0002da95.honggfuzz.cov delete mode 100644 examples/bind/corpus/b5b54876d679c5c39d3d36bab536382e.00005fff.honggfuzz.cov create mode 100644 examples/bind/corpus/b603c1fa932337f8d9a54b07abb888df.0000000e.honggfuzz.cov create mode 100644 examples/bind/corpus/b61731d2ef4f39c3c411e0d12f3bd0f8.000105b8.honggfuzz.cov delete mode 100644 examples/bind/corpus/b617a6d79d778094d62a9a8687b74714.000538ff.honggfuzz.cov create mode 100644 examples/bind/corpus/b682cac71550d9821071bc5f355c46ea.00000c31.honggfuzz.cov create mode 100644 examples/bind/corpus/b68e68d6893b707d4ff99fb2159e848b.000000de.honggfuzz.cov delete mode 100644 examples/bind/corpus/b6ac3e7300f824719673fb74c18af774.00018619.honggfuzz.cov create mode 100644 examples/bind/corpus/b6b5a3ef60e4b9b9661dbcd36fd9f5a0.00014294.honggfuzz.cov delete mode 100644 examples/bind/corpus/b6c743f1e50341c74074313dcc2e3427.00000086.honggfuzz.cov create mode 100644 examples/bind/corpus/b6cc1e711317b6d9772d08153b41595a.0000005e.honggfuzz.cov create mode 100644 examples/bind/corpus/b6e041818f36127c69fdefe9f16acc70.0000149a.honggfuzz.cov create mode 100644 examples/bind/corpus/b6f29ff02fcc8af9326dc0505793a0c0.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/b7096fad9e8591bc5c5dbb8dc074a4ac.00000200.honggfuzz.cov delete mode 100644 examples/bind/corpus/b71c1ce87951054860ba291fb344a7f2.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/b730bd522c35692d54626a783502e56a.0000efd9.honggfuzz.cov delete mode 100644 examples/bind/corpus/b75eb72d4b906317012e0405d766d9e6.000053c3.honggfuzz.cov delete mode 100644 examples/bind/corpus/b79239629e1b9869cf8753daf412bd79.000054d1.honggfuzz.cov create mode 100644 examples/bind/corpus/b793a9ff0bc952297fe43912df7147cc.00002319.honggfuzz.cov delete mode 100644 examples/bind/corpus/b7a62c5aa3fafa7b814ae86f63d4d738.00000092.honggfuzz.cov delete mode 100644 examples/bind/corpus/b7d42e6386c733fba476fc6b412e0f99.00000244.honggfuzz.cov delete mode 100644 examples/bind/corpus/b7e6a10e94231ff2895d7d2b24d3779e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/b7ea36631f0175312bcab5e20598a4ad.000000d4.honggfuzz.cov delete mode 100644 examples/bind/corpus/b8048437123d108f8d8c5a4306bdf67d.000014ec.honggfuzz.cov delete mode 100644 examples/bind/corpus/b815f3b1eecaba25d984bcdc9b67301d.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/b871575e57440b789251a6c2a5c0966b.000006eb.honggfuzz.cov delete mode 100644 examples/bind/corpus/b87c236eb492e7051966bf64e2da088b.0000015a.honggfuzz.cov delete mode 100644 examples/bind/corpus/b87e2cacf554166d093f892756c00c35.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/b886acb9f9fd7123ee288a663f5a1438.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/b89f332980e9ac8962057405a5b84e9d.000006c8.honggfuzz.cov delete mode 100644 examples/bind/corpus/b8af77de4d642c4cbb6c4a04176514a4.000002c4.honggfuzz.cov create mode 100644 examples/bind/corpus/b8b26f075be845f512257856f2c43f35.00000029.honggfuzz.cov delete mode 100644 examples/bind/corpus/b8c2073e8601e77c399560924663837a.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/b8d5ac7425b22b8b1e5df5963968df05.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/b8d7cb4de8cc39570b8461ee86bcbb67.00000138.honggfuzz.cov create mode 100644 examples/bind/corpus/b8dfffce899a7a063a600962cb273699.000001ed.honggfuzz.cov create mode 100644 examples/bind/corpus/b8e71cd7ff4037f0b0227895773cc814.00000029.honggfuzz.cov delete mode 100644 examples/bind/corpus/b8f9f7a4b691745ab6d8df74c68e4779.00004236.honggfuzz.cov delete mode 100644 examples/bind/corpus/b8fdb7cdcdd0ae60b0227895e7acd30f.00000029.honggfuzz.cov create mode 100644 examples/bind/corpus/b924d2c7dd2049103115ee638b068251.00000032.honggfuzz.cov delete mode 100644 examples/bind/corpus/b9301819f0da19a1b5dde1182a0f662e.000000c0.honggfuzz.cov delete mode 100644 examples/bind/corpus/b95ab1eaeb2f50bdf1faf168cbb6ee93.00000214.honggfuzz.cov delete mode 100644 examples/bind/corpus/b970cb8ed475b450dd29702a60be6392.00005407.honggfuzz.cov delete mode 100644 examples/bind/corpus/b973c0af68f5f897982cfed4a3361715.00000094.honggfuzz.cov create mode 100644 examples/bind/corpus/b99564427d6298091371d60dd1680520.0000005a.honggfuzz.cov delete mode 100644 examples/bind/corpus/b99ae5a819d5c793b38869dd73554d25.000002a2.honggfuzz.cov delete mode 100644 examples/bind/corpus/b99b5265e0ecc69da9848641d5f2cbe6.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/b99c558c9a228c4d1aace64d5c2bc9b5.0000019a.honggfuzz.cov delete mode 100644 examples/bind/corpus/b9e46c2349759c8bdcc18db8a36dba79.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/b9e7ea29cd44532f9b266092aaa21f9e.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/b9e8126414bf4dd5b92cb9e24fa8dcac.0003f787.honggfuzz.cov delete mode 100644 examples/bind/corpus/b9f1160a6ecd923f4fae6e46b6f68767.0000387b.honggfuzz.cov delete mode 100644 examples/bind/corpus/ba12284e2b50372256539529a73575d2.000000b6.honggfuzz.cov delete mode 100644 examples/bind/corpus/ba23a94ec9d285b3fe5fe8ef9b9398bf.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/ba2c08423b74ba0803a1a5ff54049b01.00000fa5.honggfuzz.cov delete mode 100644 examples/bind/corpus/ba459306dc5df06723a747fc4a415779.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ba4d07bd26221965693c48ed36c981e7.000003ab.honggfuzz.cov delete mode 100644 examples/bind/corpus/ba5f93710af12364582ecd98b32a333e.00002eb9.honggfuzz.cov delete mode 100644 examples/bind/corpus/ba67117bb1faeec934bbea5fbad2533e.00000174.honggfuzz.cov delete mode 100644 examples/bind/corpus/ba6beb74c3bbe0a7d3c2822201766f1b.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/ba7b8222943d7cb42c953a39c152ad05.0000030b.honggfuzz.cov delete mode 100644 examples/bind/corpus/ba932c14172f1ed3cefe97e03399732d.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/ba9835ff2ddb4d4554ed76460330bb7e.00000e87.honggfuzz.cov create mode 100644 examples/bind/corpus/bab3ebc8edb731066cdd56e892f87ee0.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/babaa4167fca063aff5d78ef7cdf41f7.00000452.honggfuzz.cov delete mode 100644 examples/bind/corpus/bac9d4757a86fa06d493c658d4fdc8d9.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/bac9de06604954c868e4f02d8200d3fb.000157e9.honggfuzz.cov delete mode 100644 examples/bind/corpus/bae0000000000000bae0000000000000.00000001.honggfuzz.cov create mode 100644 examples/bind/corpus/baecbadd85c94ad4852f5b7749f1bb1f.000003ea.honggfuzz.cov delete mode 100644 examples/bind/corpus/baf2bef8ce7f4b9c5eb8edefdc28e547.00000050.honggfuzz.cov delete mode 100644 examples/bind/corpus/bb02df19b1747fb54f59d9e7f08ab334.00000116.honggfuzz.cov create mode 100644 examples/bind/corpus/bb15273b3b449360d4a4f326ad592cea.0001ce8d.honggfuzz.cov delete mode 100644 examples/bind/corpus/bb19fbeabf2d8c32f39f607c3872445f.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/bb2aaf34bdabdac41c0bf798cec20579.00000276.honggfuzz.cov create mode 100644 examples/bind/corpus/bb4ff69075e63d91a6c01ace6fd827a3.000004d7.honggfuzz.cov create mode 100644 examples/bind/corpus/bb5f1efe718730162c065082bd7d08c2.00000017.honggfuzz.cov delete mode 100644 examples/bind/corpus/bb7107210393e5193fc2ddf3d13a923f.0000006c.honggfuzz.cov create mode 100644 examples/bind/corpus/bb7c1b00166a5eedb4d13e74118f3e28.000000b0.honggfuzz.cov delete mode 100644 examples/bind/corpus/bb9d7a99b99b71db48d3f0202cdf3c3c.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/bba62db547a6351c6d062f433987b71a.0000025e.honggfuzz.cov delete mode 100644 examples/bind/corpus/bba785a3d449b049814bcfe3690ba373.00000097.honggfuzz.cov create mode 100644 examples/bind/corpus/bbbc7fd0687109d0b2cdcf8536e54ea8.0000002b.honggfuzz.cov delete mode 100644 examples/bind/corpus/bbbf4af6dd2035f67db2d730b8a507f9.00000e63.honggfuzz.cov create mode 100644 examples/bind/corpus/bbea8bf2d76fd74c2969bf4af10da08d.00000187.honggfuzz.cov create mode 100644 examples/bind/corpus/bbf36a5d9522e03be28930883b38adc2.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/bc19ea41eaa98df4a66defed5ba55486.0001c2a7.honggfuzz.cov create mode 100644 examples/bind/corpus/bc3d3a8e77544979e20ddfa85851216f.000006a8.honggfuzz.cov create mode 100644 examples/bind/corpus/bc4388aa3dd8a33e8207984fe0392587.00000384.honggfuzz.cov delete mode 100644 examples/bind/corpus/bc4a68979db7f7b89acfc9afec4aa111.00000063.honggfuzz.cov delete mode 100644 examples/bind/corpus/bc5c317b044b91671e95c0d33bc6c054.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/bc912c36715c16f839818daa263e2630.0005fc5b.honggfuzz.cov delete mode 100644 examples/bind/corpus/bc9fbaa4c6885edb4ff91255e242803f.0001153e.honggfuzz.cov create mode 100644 examples/bind/corpus/bcb42b1d3169311bdee580f20d56fea4.0000666c.honggfuzz.cov delete mode 100644 examples/bind/corpus/bcbeecc195f05554b02a12dbb2740065.000000a3.honggfuzz.cov create mode 100644 examples/bind/corpus/bcf1f177e4c32a218e0fbff7f742660c.0000018a.honggfuzz.cov create mode 100644 examples/bind/corpus/bcfdd5dcebe97649bd5386b3d65a04c5.00000787.honggfuzz.cov delete mode 100644 examples/bind/corpus/bd234fce6ae5181dc38d14f0c5ab0fb3.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/bd277ddfbbb8516fd6549e72ca6746dd.00000169.honggfuzz.cov delete mode 100644 examples/bind/corpus/bd4e4da86c91f1946c30a58ecdab6677.00000905.honggfuzz.cov delete mode 100644 examples/bind/corpus/bd5aaa480e1a9a8d70385c4eb3eaba9e.00000029.honggfuzz.cov create mode 100644 examples/bind/corpus/bd8686d68ce794bde6e8ae83975a79ce.00000020.honggfuzz.cov create mode 100644 examples/bind/corpus/bd968640fdf5c2da69fa6b3ad27a03dc.00000442.honggfuzz.cov create mode 100644 examples/bind/corpus/bdc2b369fc2ebbe0e891b890e54c3e8e.00000012.honggfuzz.cov create mode 100644 examples/bind/corpus/be00b299c90fb415145d572b831ee917.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/be1070d8646dff614a72ec4832b6940a.0000002f.honggfuzz.cov create mode 100644 examples/bind/corpus/be141a7de373a3a75eea84e0f9207472.000069de.honggfuzz.cov delete mode 100644 examples/bind/corpus/be23fcf365e1f5ad5ca9728da8b05884.00000086.honggfuzz.cov create mode 100644 examples/bind/corpus/be638478253eb58302b2cc6c1fd1cf46.00000126.honggfuzz.cov create mode 100644 examples/bind/corpus/be64d930b10ce086d0d9a3e1ba8ed958.00000244.honggfuzz.cov create mode 100644 examples/bind/corpus/be6cf4fe301c6be6668e19d08d812a98.00001c13.honggfuzz.cov delete mode 100644 examples/bind/corpus/be77595706034c8f656e5b3ffb7884bb.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/be8da8fe826d791974d0f71bac881587.00000265.honggfuzz.cov delete mode 100644 examples/bind/corpus/be9278dd9222a3840c41880f9a793914.00001121.honggfuzz.cov delete mode 100644 examples/bind/corpus/bea0a9e552e8419e64cabdbe597192fc.00016ced.honggfuzz.cov delete mode 100644 examples/bind/corpus/bec0d424feac7429a626145356274213.00019549.honggfuzz.cov create mode 100644 examples/bind/corpus/bed72c7a700178b786d8a062c504a22b.00000049.honggfuzz.cov delete mode 100644 examples/bind/corpus/bef1dc05f557bfe390143ea804378faf.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/bf06f259fd385157378d6a021707cf66.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/bf147275fabeefdc25d6e32021e3dc50.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/bf2637db1d3e4430b5768d23fb543a03.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/bf579856ab2d80415800ce3aff78a2f0.00000785.honggfuzz.cov delete mode 100644 examples/bind/corpus/bf58fb1e76658909ed73a8739d683e45.00000182.honggfuzz.cov delete mode 100644 examples/bind/corpus/bf6eed20a74c224700252be57108031d.0000070e.honggfuzz.cov create mode 100644 examples/bind/corpus/bf80c110ff7c1070756a9b1974708e51.00000945.honggfuzz.cov create mode 100644 examples/bind/corpus/bf86041696e9b49154173fdb4c179bb0.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/bfa1f70276651b8532a1d5609c790aa4.000012fb.honggfuzz.cov delete mode 100644 examples/bind/corpus/bfadd9e894c65848b476e90838a9cdf0.00000143.honggfuzz.cov delete mode 100644 examples/bind/corpus/bfae2c9e254cc7d493cd9db6cba6c593.00000f03.honggfuzz.cov delete mode 100644 examples/bind/corpus/bfc05f996aaebc429eaf0526f2d879c9.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/bfe477eb8b2fb8ecb3e9bcd5e478d9aa.0000001b.honggfuzz.cov delete mode 100644 examples/bind/corpus/bfecf1657cfaf7897038d59d391215c7.0000df9c.honggfuzz.cov delete mode 100644 examples/bind/corpus/bff330ea6294204d532cb3e076623234.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/c0069a652033a60ce6a77d07229d1931.000025e7.honggfuzz.cov delete mode 100644 examples/bind/corpus/c025f7ef719bb935257325328a8ee77d.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/c02a9d525e9a7d2d8b7cb953c1a6a28b.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/c02b548fe3ede4d1b25ec31bf7bab9e5.0000001a.honggfuzz.cov delete mode 100644 examples/bind/corpus/c03f25f9d9f8f99956db58a92514ee1e.000713ab.honggfuzz.cov delete mode 100644 examples/bind/corpus/c046e205576369b03e044965fc08e25c.00000a03.honggfuzz.cov delete mode 100644 examples/bind/corpus/c08f436dc16226e23b50115c6c3dc66b.00000df7.honggfuzz.cov delete mode 100644 examples/bind/corpus/c0a1af4cd2a993c18d8557b03c7e7236.000001e1.honggfuzz.cov delete mode 100644 examples/bind/corpus/c0a6407ba4e80ee733e5d15f12fe3a10.00006a67.honggfuzz.cov create mode 100644 examples/bind/corpus/c0a88f0359798c164d80783349bb42f9.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/c0a8cc834e95e4e063963b0b3b93f1b4.00000116.honggfuzz.cov delete mode 100644 examples/bind/corpus/c0fcf9ae1554f02c8152b7030890d735.000000a2.honggfuzz.cov delete mode 100644 examples/bind/corpus/c102a32d91d566e2845df795c7a91593.0000f1d1.honggfuzz.cov create mode 100644 examples/bind/corpus/c1229449dfed25a2c018a4f9436e9ccd.00000048.honggfuzz.cov create mode 100644 examples/bind/corpus/c1397768a7e7d403e4771e2e39e09a85.0000009e.honggfuzz.cov create mode 100644 examples/bind/corpus/c1564dced5e2f9e6f652ff0edb68200d.00000808.honggfuzz.cov delete mode 100644 examples/bind/corpus/c15f1aa27b5a328900aa72826199cf00.000000be.honggfuzz.cov delete mode 100644 examples/bind/corpus/c18e37d83f410e726241599fa5bc8868.00018619.honggfuzz.cov delete mode 100644 examples/bind/corpus/c19bc015c73ae72bd6fee3a05cd9c766.0001fc7b.honggfuzz.cov create mode 100644 examples/bind/corpus/c1b4b405a7cf5bf5d805a54ee9ec4c15.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/c1ca45362da9cbd579d21b62e9d1f5cb.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/c1d1cf4eff2fd51dd2c9ecf5bbc242c4.0000013c.honggfuzz.cov create mode 100644 examples/bind/corpus/c1df8fc71463420beabac142e256f10c.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/c2063b935edf887e01a5b0e172323f20.0001cd47.honggfuzz.cov delete mode 100644 examples/bind/corpus/c206c8341fa4c20a44aa6dcf34e34b0d.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/c22d13eb3a55fd7ee8f084aa76b01437.00001afe.honggfuzz.cov create mode 100644 examples/bind/corpus/c25e725bdfcae86d9dced35a984687bc.00000331.honggfuzz.cov create mode 100644 examples/bind/corpus/c2621c5b0fc39fe3cfede887ad5d1e56.00000124.honggfuzz.cov create mode 100644 examples/bind/corpus/c264d02905604d6ebebec877e7481100.000000d4.honggfuzz.cov create mode 100644 examples/bind/corpus/c28c811ec8ae99d522d911423fa745d8.00000b04.honggfuzz.cov create mode 100644 examples/bind/corpus/c28ea6d71789e776b2919a38d5e3e519.0000017f.honggfuzz.cov delete mode 100644 examples/bind/corpus/c2987076237b357bfc4bae03cf514bc0.0000029e.honggfuzz.cov create mode 100644 examples/bind/corpus/c2a5aaa06946f156fcd3fd56df2fbd82.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/c2d43deb937a8a479118287b6c9806dc.00000048.honggfuzz.cov delete mode 100644 examples/bind/corpus/c3190c516787ce48039c977da94ed904.00016ced.honggfuzz.cov create mode 100644 examples/bind/corpus/c321bd15f179dbbcd0c104f631e9a13a.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/c335450845b5de9803b32bde1e061aaa.0000737a.honggfuzz.cov create mode 100644 examples/bind/corpus/c357ffbaff16c551c2a623910d6d3962.00000353.honggfuzz.cov delete mode 100644 examples/bind/corpus/c37dad6b04b158f8984d959423f6ee5b.000054bb.honggfuzz.cov delete mode 100644 examples/bind/corpus/c3b6dc7b69c9781a7d49f44ea92326d2.00000130.honggfuzz.cov delete mode 100644 examples/bind/corpus/c3ddd0b0fdcbd54559bbcf5c237d5a4d.0000bd6c.honggfuzz.cov delete mode 100644 examples/bind/corpus/c3e640d9e170ec695faade616e7bf696.0000003e.honggfuzz.cov delete mode 100644 examples/bind/corpus/c41404950dbfb2cac9091beb66f3e6e4.0000007e.honggfuzz.cov create mode 100644 examples/bind/corpus/c415d50c3bf3277d0f54397e4443e31a.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/c44949a4c538bd7575c0218d6ee3e7e6.00000ebf.honggfuzz.cov delete mode 100644 examples/bind/corpus/c4561ead84267952848c1ae65e722fbc.0001ef20.honggfuzz.cov create mode 100644 examples/bind/corpus/c478bf849d2a1cd7be344f060cfed578.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/c4a420e2dc12c527e7366b9f5c515221.00000040.honggfuzz.cov delete mode 100644 examples/bind/corpus/c4a4e0d33a86e8d91479a977a1b6da33.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/c4a7a77520df937063df715e186232e8.0000001c.honggfuzz.cov delete mode 100644 examples/bind/corpus/c4e1d07fe50e1c660b67a8973c0feb7b.00000e87.honggfuzz.cov create mode 100644 examples/bind/corpus/c4eefcc8efdaae895222aac80f3e0564.00014d82.honggfuzz.cov create mode 100644 examples/bind/corpus/c518bd17f07ee2a00e0e05bcdfdf3218.00000200.honggfuzz.cov create mode 100644 examples/bind/corpus/c51e62ee88ce22f7b01424a49fdc3539.00002000.honggfuzz.cov create mode 100644 examples/bind/corpus/c53901314ca010438980fb48c134b702.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/c547ca52730916005263b0ef8f86035a.0000024d.honggfuzz.cov delete mode 100644 examples/bind/corpus/c5492f0fb4529d247fd1aac37a6bd8ce.000001cf.honggfuzz.cov create mode 100644 examples/bind/corpus/c54ea1088e989198d5d540e96b4931df.00000063.honggfuzz.cov create mode 100644 examples/bind/corpus/c5591663aba5d4b94383caafcd1ed211.0000005c.honggfuzz.cov delete mode 100644 examples/bind/corpus/c55a5808cf857f03585b890918735b3c.0000a15f.honggfuzz.cov create mode 100644 examples/bind/corpus/c576e544304291c1767162bc40267b04.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/c58f0a3e0afdbf376979c104088b5d8d.0000032d.honggfuzz.cov delete mode 100644 examples/bind/corpus/c5959cdbf36d1e393f4e0bf1ec3ccc66.00000059.honggfuzz.cov delete mode 100644 examples/bind/corpus/c59a167314303b4496549c276f855fe1.00000041.honggfuzz.cov create mode 100644 examples/bind/corpus/c59f526f154fd68905cb5ad209ae0dac.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/c5c0000000000000c5c0000000000000.00000001.honggfuzz.cov delete mode 100644 examples/bind/corpus/c5cd533a85f6487a6af280a7c7cdbb06.00000052.honggfuzz.cov delete mode 100644 examples/bind/corpus/c5e4eb691eae3c5642d72bdf1cfc2ef7.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/c605f51bab7b0fb0d396ed591eb9ac19.0000054f.honggfuzz.cov create mode 100644 examples/bind/corpus/c634f81c06e5d798823e5acd2827b20e.0000c77f.honggfuzz.cov create mode 100644 examples/bind/corpus/c635c0c4b3283539869b49f514cd4870.00000061.honggfuzz.cov delete mode 100644 examples/bind/corpus/c63cfa3a97a28ab92c4db520988aa28a.0000000c.honggfuzz.cov delete mode 100644 examples/bind/corpus/c65770b0ab4da4fa55409a3c8b2038dd.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/c6b0c5d3c66f9096b3e1d2e74957b4c5.0000005f.honggfuzz.cov delete mode 100644 examples/bind/corpus/c6b73c0680d72bc8c32f5bb6783e7de5.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/c6fae780425fb5123cb1950ebd02bf0b.0000cc97.honggfuzz.cov create mode 100644 examples/bind/corpus/c6ff4dce11682d9e08bede84b70b2905.000099b3.honggfuzz.cov delete mode 100644 examples/bind/corpus/c7026f58ce2be1525efad2af1e894e3b.000000e4.honggfuzz.cov delete mode 100644 examples/bind/corpus/c75fbbeda1eb708000779d4d357ebe48.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/c7703ace7a951745baf1e9527d8fc0ef.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/c7734fb2de90201c3d189c95a48708ba.0000008b.honggfuzz.cov delete mode 100644 examples/bind/corpus/c77f1607d2ab6f24204f9caf5cb3eb4f.00000062.honggfuzz.cov create mode 100644 examples/bind/corpus/c7834a71eeae0e99a0c28f9d8caaf99f.00000bc4.honggfuzz.cov delete mode 100644 examples/bind/corpus/c7a10397e9c64b0976fadbc77a4a609a.0000c791.honggfuzz.cov delete mode 100644 examples/bind/corpus/c7a9f4f2797812a54aa10dfd1ed27fcb.00008ff8.honggfuzz.cov create mode 100644 examples/bind/corpus/c7ae2c69c030c1d8299c4ea90e916c0e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/c7e3d3dbc6cbbe69b99c2be02cd801f1.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/c7ee800a6841b9e01de4f47766c1c05d.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/c7f363a0800000007ed1d800000020a0.0000000a.honggfuzz.cov delete mode 100644 examples/bind/corpus/c7f8ebe7bdbaf68dc8ef33789624b451.00000c65.honggfuzz.cov create mode 100644 examples/bind/corpus/c85e35629f354651c2cbcb23f676600a.00000295.honggfuzz.cov delete mode 100644 examples/bind/corpus/c85e6a772baddcc6f55cddff7b1ba28e.00000050.honggfuzz.cov delete mode 100644 examples/bind/corpus/c8631ed3fc2e3e6685f23400b0da6678.00001732.honggfuzz.cov create mode 100644 examples/bind/corpus/c867c2f0d5dba19717a2669361cd5b2c.000000bc.honggfuzz.cov delete mode 100644 examples/bind/corpus/c878cbbf7ed4040fc45df855c1668736.00000691.honggfuzz.cov create mode 100644 examples/bind/corpus/c87d165f2863bd6f6a55da93a903a88c.00000150.honggfuzz.cov create mode 100644 examples/bind/corpus/c890497a36b413c1998b7e5e28445218.00007697.honggfuzz.cov delete mode 100644 examples/bind/corpus/c89d48e1e5e87968fdfc37d3e3352b91.0007819e.honggfuzz.cov create mode 100644 examples/bind/corpus/c8be4dcc1b2e33daf1d5619d57f15fd3.00000032.honggfuzz.cov delete mode 100644 examples/bind/corpus/c914b603b64d9deb29f6ba7fa347fe56.00006cff.honggfuzz.cov create mode 100644 examples/bind/corpus/c920db4fca48e294d1d645095edf070b.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/c93aedea1c75401128275eb9b852b36e.000001cc.honggfuzz.cov delete mode 100644 examples/bind/corpus/c93f0edc214bcce107fcd62fe72c1298.0001e46a.honggfuzz.cov delete mode 100644 examples/bind/corpus/c9561107327ace1b9aa83d2690de9876.000001d3.honggfuzz.cov create mode 100644 examples/bind/corpus/c96551c86c37c97bc14aaadeb93ee00e.0000017b.honggfuzz.cov delete mode 100644 examples/bind/corpus/c97da234adc3365e48dc893918bc612a.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/c983f910a162d1fa0d656b027abdb655.000001a4.honggfuzz.cov delete mode 100644 examples/bind/corpus/c99fd1bbdbd806cf1a0ab75135ce5ef1.00001998.honggfuzz.cov create mode 100644 examples/bind/corpus/c9c5d42a9b7a3be0e7312da3baa083b9.00000037.honggfuzz.cov delete mode 100644 examples/bind/corpus/c9dfa0d2a4dff2cc423696b4f029a83d.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/ca067b25709de11042ed17be62ff7af3.00010001.honggfuzz.cov delete mode 100644 examples/bind/corpus/ca18f7d955b351963ae1b83454300dc2.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/ca252381fdca111084e75a4aecf74d61.00003a0b.honggfuzz.cov create mode 100644 examples/bind/corpus/ca5fe5e16636a33306cd3ff869ad29a9.0000085d.honggfuzz.cov delete mode 100644 examples/bind/corpus/ca668d0a6cd95279c157ee732ae159c8.00000190.honggfuzz.cov create mode 100644 examples/bind/corpus/ca6cec1f92d6578198f2fbe66910290f.00000110.honggfuzz.cov create mode 100644 examples/bind/corpus/ca74dee91acc1c8927ae5595fd81e7de.00000197.honggfuzz.cov delete mode 100644 examples/bind/corpus/cae15adf1fbd82d1beb391904b72a412.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/cae6c49376f193778ed6183379d6bcf7.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/cb0117bcfccb582147f57a973303b8f4.000006a6.honggfuzz.cov delete mode 100644 examples/bind/corpus/cb17bff43198bc617016db73e5dac093.000014e4.honggfuzz.cov create mode 100644 examples/bind/corpus/cb2dc0def2fea8c9fc534624ff07b006.00000871.honggfuzz.cov delete mode 100644 examples/bind/corpus/cb48c1cee5ead6d0218b99ca90412155.0000002c.honggfuzz.cov delete mode 100644 examples/bind/corpus/cb5760feac639b1d6f0f0ec74b3fd12e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/cb5b6f7219bf3b8c6c7f5dc21fb9b8f7.000039d2.honggfuzz.cov create mode 100644 examples/bind/corpus/cb5fa5c766ba68171f234f3c915b032c.0000a2fb.honggfuzz.cov delete mode 100644 examples/bind/corpus/cb76feb608a501ffaa85dfcd4cde0871.00015a10.honggfuzz.cov delete mode 100644 examples/bind/corpus/cb804bdc71cb60365d8aacecdd0a9bb0.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/cb8b3139daaced7471af4ffbfba7d822.000000f7.honggfuzz.cov create mode 100644 examples/bind/corpus/cbd56b2f6595f7d9eeecd00065d71f25.00000020.honggfuzz.cov create mode 100644 examples/bind/corpus/cc0931bdf4d2637dd981c70f3553b2be.000000bc.honggfuzz.cov create mode 100644 examples/bind/corpus/cc32811f2bafbc6f05dfebc32941a6e7.000008c2.honggfuzz.cov delete mode 100644 examples/bind/corpus/cc3d0e90e7a9a25c96626f2d8ff07359.00018acd.honggfuzz.cov delete mode 100644 examples/bind/corpus/cc4de96dcabf60572db395a7848ad58b.00000135.honggfuzz.cov delete mode 100644 examples/bind/corpus/cc9d176923f1f8134766843fba972056.00000062.honggfuzz.cov delete mode 100644 examples/bind/corpus/ccac9d2ee3695f0988b197f251ee0491.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ccb1c308697f141c2996d52e1597419f.00000199.honggfuzz.cov create mode 100644 examples/bind/corpus/ccfba3aadcf97c1d123bceea45b6f132.000105b8.honggfuzz.cov delete mode 100644 examples/bind/corpus/cd285fdd4c16860c9c4ee69ce0862a35.0001e987.honggfuzz.cov delete mode 100644 examples/bind/corpus/cd29c713a896c05c8d5f252cfe78ad10.000002fa.honggfuzz.cov delete mode 100644 examples/bind/corpus/cd33a400a53b9bd11e3f5c8998feba56.000004d2.honggfuzz.cov create mode 100644 examples/bind/corpus/cd5ad586c41643bb5467cd41d0aa1af3.000000c6.honggfuzz.cov delete mode 100644 examples/bind/corpus/cd8cd045957bf810aa0a3430b6b42980.000000f7.honggfuzz.cov create mode 100644 examples/bind/corpus/cd8d0163e0e36333baa88f8a3f9afcc2.00000655.honggfuzz.cov delete mode 100644 examples/bind/corpus/cd8ff542802d078034560f284ee0045c.0000008d.honggfuzz.cov delete mode 100644 examples/bind/corpus/cda0cd2f5c9d588bab2cb937bf20521e.00002501.honggfuzz.cov delete mode 100644 examples/bind/corpus/cdc49076878adaf98eadd14a64b5f4ca.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/cdc695779f9f7bb93b7e666d593ec1ae.000001c9.honggfuzz.cov create mode 100644 examples/bind/corpus/cdf12f14f673a44087a5fd58ebf6f403.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/ce04c585c0f042f2cc2afdbae7c8e83c.000000c3.honggfuzz.cov delete mode 100644 examples/bind/corpus/ce1eb8bf18698fe8207660134cc49130.00000c22.honggfuzz.cov delete mode 100644 examples/bind/corpus/ce2fcb11509c0a6eecf621ec6a67736f.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/ce6f59df4c77ad999921642549c9808e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/cea7d125e19b3de345ff1c67baab2449.00000b31.honggfuzz.cov delete mode 100644 examples/bind/corpus/cec004c9068def838a4cb53059aa678e.00000100.honggfuzz.cov create mode 100644 examples/bind/corpus/cec70f8f36589d6b5bd8eafbc3921514.0000010f.honggfuzz.cov delete mode 100644 examples/bind/corpus/ced849961872f51c11faf0ecaac67f0c.000000be.honggfuzz.cov delete mode 100644 examples/bind/corpus/ced959871872f51c04eff1bdef292102.000000be.honggfuzz.cov create mode 100644 examples/bind/corpus/cedd4294053554b6b2371f0ef0a08051.00000066.honggfuzz.cov create mode 100644 examples/bind/corpus/ceeb9abb1de2f00c8a5bc3501f0c9d62.000004c9.honggfuzz.cov delete mode 100644 examples/bind/corpus/cef69441bc84107ee7da4635f776e1f8.000003e5.honggfuzz.cov delete mode 100644 examples/bind/corpus/cf1a81bccfcc2b5fd6648a52a19e9f94.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/cf208cdb5f02184a3f7ac8b47c510220.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/cf25d1681c4658a5e2ad8496e944d36a.00000143.honggfuzz.cov create mode 100644 examples/bind/corpus/cf2dc8d0e85c0b9a41289115bfbbd133.0000938a.honggfuzz.cov delete mode 100644 examples/bind/corpus/cf455a90d9151fa05d9cfc6f8124b7e4.000000c6.honggfuzz.cov delete mode 100644 examples/bind/corpus/cf46234100d5e3b04d62e7ceb8d63f01.0001f5dd.honggfuzz.cov delete mode 100644 examples/bind/corpus/cf51634329096218249a046069654bc0.000000ad.honggfuzz.cov create mode 100644 examples/bind/corpus/cf7e81bc4494fa46d67506c3d880f3a6.0001e97f.honggfuzz.cov delete mode 100644 examples/bind/corpus/cf7e9ea47532fdec1707d68bfebbcbaa.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/cf80aa1dd3cddd01672c4cdab9c93817.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/cfaf5c436d9da44a8d3bb4103a9975ca.00000091.honggfuzz.cov delete mode 100644 examples/bind/corpus/cfaf68b5963fa24e649ed267aea51dc8.00000f70.honggfuzz.cov delete mode 100644 examples/bind/corpus/cfb5d0a4050df1231a634bb094bfc2d2.0000192a.honggfuzz.cov create mode 100644 examples/bind/corpus/cfb9e705bf6b86ba02eeff8140769e9e.00000021.honggfuzz.cov delete mode 100644 examples/bind/corpus/cfb9e70ffbdb970a02eefe5ae1c08e43.00000021.honggfuzz.cov delete mode 100644 examples/bind/corpus/cfc9a11ce3943189b30e8924df6e0361.000185aa.honggfuzz.cov create mode 100644 examples/bind/corpus/cfc9ef96b337720c31a896c912156730.00000f86.honggfuzz.cov delete mode 100644 examples/bind/corpus/cfcb645c97c7fde044f0f521cebe67b6.00000288.honggfuzz.cov create mode 100644 examples/bind/corpus/cfede14be26d2d79b8dd86d8a36a8534.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/cff49f0ec6eb79d387ecf48c55820b82.0000008c.honggfuzz.cov delete mode 100644 examples/bind/corpus/cff5fae924b46f5c028ba1d85c7d932a.000000de.honggfuzz.cov delete mode 100644 examples/bind/corpus/cff6e076429a27662a692e4eafdeecee.000000da.honggfuzz.cov delete mode 100644 examples/bind/corpus/d00832866fce3ec82416aadf85ccb68d.0000195d.honggfuzz.cov delete mode 100644 examples/bind/corpus/d00c6bd11dca23bf3295993b96cb0b36.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/d0167c74c93a62541f8f695bdbb4eaa7.00007d13.honggfuzz.cov create mode 100644 examples/bind/corpus/d01d709987e1ea64dff5229b44eac1e0.00000129.honggfuzz.cov create mode 100644 examples/bind/corpus/d03cfc5853d5b17ef801252a08032c0c.000000b7.honggfuzz.cov create mode 100644 examples/bind/corpus/d06298f05df5f9e3d23a417cde6aeaa0.0000003d.honggfuzz.cov create mode 100644 examples/bind/corpus/d072c349e1aa0caed70db1aced72dce3.00000052.honggfuzz.cov delete mode 100644 examples/bind/corpus/d0837b36e9338d51f7e7575b5c2bc72d.00000037.honggfuzz.cov delete mode 100644 examples/bind/corpus/d0943ecea5c71ebd46c91a05a8cc5ba0.000001ae.honggfuzz.cov create mode 100644 examples/bind/corpus/d09b3f6e871e272166fb38626c3eda94.00000046.honggfuzz.cov delete mode 100644 examples/bind/corpus/d0b5a77d5334bb59ee38345ae613869f.00005f6e.honggfuzz.cov delete mode 100644 examples/bind/corpus/d0bc15c78aa758dfbee2fc471fcfee19.000002d6.honggfuzz.cov create mode 100644 examples/bind/corpus/d0e9fc5cef7288b2009b31f2942dcd01.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/d0f57e543a17b495c3b6be3ebcebafc9.00001502.honggfuzz.cov create mode 100644 examples/bind/corpus/d105582d6bb9da77da5405a375e5c47d.000148cb.honggfuzz.cov delete mode 100644 examples/bind/corpus/d10a1632954713a1de65e093de248a56.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/d10b685901f6792aadd2d9c228a55dac.000090f3.honggfuzz.cov create mode 100644 examples/bind/corpus/d10cc4b54d40cc32c2a0c3b33c17ba1f.000000e5.honggfuzz.cov create mode 100644 examples/bind/corpus/d118323b617550ed9e7a012164796f9b.000101d0.honggfuzz.cov create mode 100644 examples/bind/corpus/d11b95c8cc9590791bfe0130dee64423.0000008e.honggfuzz.cov create mode 100644 examples/bind/corpus/d125d3a80d0481465f897df07986b956.000074be.honggfuzz.cov create mode 100644 examples/bind/corpus/d1284b7e659a4bd10c3412d8d242456f.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/d139f2d485d755153cc2942e4d5b67fc.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/d13f3215b5fdc1950fe5417d88e1bbcc.00000fa8.honggfuzz.cov delete mode 100644 examples/bind/corpus/d1499bbdd718e7bf2e5a101de9b82030.00019b12.honggfuzz.cov create mode 100644 examples/bind/corpus/d170ca30c5d21eaf7f3697f40dc94beb.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/d1a20b19170e204c2db3f676fde4ed05.000000ff.honggfuzz.cov delete mode 100644 examples/bind/corpus/d1a2c6a50fd8e6b7fc115b2014e0f2b9.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/d1df0ec2802f7320aeb0baa799afdf31.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/d1dfe72bc5fcb020fe24dd7c566c2cbc.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/d1e30fb4f0e895ef30a81cfbaeaf4dc7.00001dcd.honggfuzz.cov create mode 100644 examples/bind/corpus/d1e46d79bdb61fb4502dc1c98bab73c4.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/d1eebae576b281a1dd243205c2655a9c.00000bdb.honggfuzz.cov create mode 100644 examples/bind/corpus/d1f144e0fa91c75f999d6b00f5056a2a.000000f7.honggfuzz.cov create mode 100644 examples/bind/corpus/d1f8c8fb309b58c6fe47c06357c1d435.0000007d.honggfuzz.cov delete mode 100644 examples/bind/corpus/d21c7f97d9a177b4e918bf883a07cbbe.00000020.honggfuzz.cov delete mode 100644 examples/bind/corpus/d2712999e78a6401bef5b13cff53316c.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/d271d9588142d34904aaf74d076e76e6.0000005e.honggfuzz.cov create mode 100644 examples/bind/corpus/d2769114b7b2b9b4efd8a6e46b4e53fe.00000020.honggfuzz.cov delete mode 100644 examples/bind/corpus/d276912fd9b2b9b4efd8a6e443ee53fe.00000020.honggfuzz.cov delete mode 100644 examples/bind/corpus/d28bcdf69ec71cefe5944bcd28aea34b.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/d2a5d1791ccbf50b280cd609fe6f8e0e.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/d2c89b3ac7d2cbe040b26925b13136eb.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/d2cd15377f2db03212eec70819beb4fd.0000098f.honggfuzz.cov create mode 100644 examples/bind/corpus/d2da68db53c81a45efa38757c0aadd5e.0000fe29.honggfuzz.cov delete mode 100644 examples/bind/corpus/d30584f39e6128f62f274fd2bc96b07f.0001caea.honggfuzz.cov create mode 100644 examples/bind/corpus/d31c695a02da6a8eb8d289a7c451be24.000000ff.honggfuzz.cov delete mode 100644 examples/bind/corpus/d337345eb447bbc0f312be75791a1c01.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/d33cd71c60e11bb4aa5565801727ca0d.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/d33eda4ed2d3a31f5f16088dbfacac6c.00000f78.honggfuzz.cov create mode 100644 examples/bind/corpus/d35236c915fcbf127d3ef7f3bfc47ec4.0000101f.honggfuzz.cov delete mode 100644 examples/bind/corpus/d374cc435aed7af3cd7629d31b7bcc23.00016ced.honggfuzz.cov delete mode 100644 examples/bind/corpus/d377819d730f3670c0de3a86d7e69596.000000b4.honggfuzz.cov create mode 100644 examples/bind/corpus/d3934dff4a3de1b267221a3a6a88f27a.00000032.honggfuzz.cov delete mode 100644 examples/bind/corpus/d3a0eebd1f6d3089871934f7575eb084.0000d376.honggfuzz.cov create mode 100644 examples/bind/corpus/d3c408af3bcefff2fb7e34f1b40f0919.00004481.honggfuzz.cov create mode 100644 examples/bind/corpus/d40756271a1ee4e27b5a0dae5e72f6d4.00000074.honggfuzz.cov delete mode 100644 examples/bind/corpus/d4123f93b77c8b5b037d12101700dce4.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/d42326c9ebfebee0c93b61aae1ad3d09.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/d42ace3ebd645b5fb7aaa83b8a3f1767.0000007d.honggfuzz.cov create mode 100644 examples/bind/corpus/d447e7e7cd189a40aa4d07a70cc1cb85.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/d4498a27686479ed7af8c5b43cccf4c0.000000d9.honggfuzz.cov delete mode 100644 examples/bind/corpus/d4575b6696dd80a71847e7e1584388e5.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/d47f471b88a7b5f739d71e6d193d6a64.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/d4918b2e6fc6ece623c654bdb5ebb03f.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/d4c0a945b8f801d966a349c79a582f10.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/d4c3b33b610bf84246c24e9f3938bace.0000002d.honggfuzz.cov create mode 100644 examples/bind/corpus/d4d0f9e5240f3097465458a051fd1c48.0000029e.honggfuzz.cov create mode 100644 examples/bind/corpus/d4ea24f25ae212d516ec81661470face.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/d56a44e63d273494480b5ddec8819cf3.000001e3.honggfuzz.cov delete mode 100644 examples/bind/corpus/d56af2ad12d20935231d547056bb32be.00000020.honggfuzz.cov delete mode 100644 examples/bind/corpus/d58b871bfebe7f0d26ac27f17cb57d6f.000003ed.honggfuzz.cov create mode 100644 examples/bind/corpus/d5cac7c3e46ad0427217556b3b43d5c4.0000ffff.honggfuzz.cov create mode 100644 examples/bind/corpus/d5e6c0773e0c878768fd89f6ed98a552.0000014e.honggfuzz.cov delete mode 100644 examples/bind/corpus/d5fa4a427768375524c3c19193c81f28.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/d60379f6f42b316f9ffb328099b50644.000000b4.honggfuzz.cov create mode 100644 examples/bind/corpus/d6159822fca7f772601a95c3076a98ce.00001be6.honggfuzz.cov create mode 100644 examples/bind/corpus/d61b57b2bda433ff3476385a3b3b15d5.0000010f.honggfuzz.cov delete mode 100644 examples/bind/corpus/d6335cacf3479ea6afedaead6aa8494b.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/d6529ce84e904b5a85a6d6fad3fb58a3.00000fd7.honggfuzz.cov delete mode 100644 examples/bind/corpus/d652d53b5cb290365b3984b6e6dc8bbe.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/d65685fbd11dbc7bb6d68ee2c6a2a573.00000f92.honggfuzz.cov create mode 100644 examples/bind/corpus/d66100ba348df8134444c86c7369b757.00000119.honggfuzz.cov delete mode 100644 examples/bind/corpus/d66a040dcc49ffcba0c43a7b72639005.000005d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/d6ae14b167c9a86f277c5238f8190eb5.0000005d.honggfuzz.cov create mode 100644 examples/bind/corpus/d6c65a0894ba6651cfb50447fb5bfa8c.00013e4f.honggfuzz.cov delete mode 100644 examples/bind/corpus/d6d0bc0ec3d2f1638cc5ab4f7031130a.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/d6df235e545d3d9eb6587312a2dafeb1.0001c2ad.honggfuzz.cov delete mode 100644 examples/bind/corpus/d6e329fbac4e066c51920024f5458ac8.00001eeb.honggfuzz.cov delete mode 100644 examples/bind/corpus/d724a5c5b4a770e860f0b009b4a1bfc3.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/d72610da7fd521db9c0c4922bc5987d8.00000039.honggfuzz.cov delete mode 100644 examples/bind/corpus/d7442df31b1148b879f1dd2090fbe82b.000011c6.honggfuzz.cov delete mode 100644 examples/bind/corpus/d74da7c1b9aebec5258096e66df76c36.0000023f.honggfuzz.cov create mode 100644 examples/bind/corpus/d75195c9352e37229810a958cca6221d.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/d75becbdde788defd1524ae406f62a5d.000019fe.honggfuzz.cov create mode 100644 examples/bind/corpus/d7792b439fc94f33550c029592ecd4df.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/d782e993e07a7f838bcb92a7a58fb5fd.00000288.honggfuzz.cov delete mode 100644 examples/bind/corpus/d784d8b1ce158a59481bb4b9e706f297.00000096.honggfuzz.cov delete mode 100644 examples/bind/corpus/d7951868b1e1394c53b15c8d2f8bfda2.000001ae.honggfuzz.cov delete mode 100644 examples/bind/corpus/d79ded6117c82bdc3606c5352f442714.0000005c.honggfuzz.cov create mode 100644 examples/bind/corpus/d7a0dab2c43435106039523416b91ade.0000010e.honggfuzz.cov delete mode 100644 examples/bind/corpus/d7b0aaa06946f0fdfcd2ed47df2fbd82.00000040.honggfuzz.cov create mode 100644 examples/bind/corpus/d7b374bb8e51c790ccbb525f2b90950b.000000d9.honggfuzz.cov delete mode 100644 examples/bind/corpus/d7d48dad213d1553c714aa72490f90c3.00004c84.honggfuzz.cov delete mode 100644 examples/bind/corpus/d7f306826120ce4c09ce02c2ee61c04d.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/d7fecceede47b3660b0e466512cfcc43.00000126.honggfuzz.cov delete mode 100644 examples/bind/corpus/d8207f66e3f52235f42ffab93611b269.0000107c.honggfuzz.cov delete mode 100644 examples/bind/corpus/d860823b99eec750063f12aaf2d90805.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/d865d91bf1e964c9ed0c69684cbfb421.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/d88b9a755d80741e94a5c549459ebffd.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/d892deba2a221b1b1b53770526aed19b.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/d8a43547d48db9adfed968f859d0ee23.000001e3.honggfuzz.cov delete mode 100644 examples/bind/corpus/d8b246a2cfb3694169cb24a1aa880abd.00000020.honggfuzz.cov create mode 100644 examples/bind/corpus/d8d51a0fba2f1c36f86cbd4fd81d7725.0000053b.honggfuzz.cov create mode 100644 examples/bind/corpus/d8e0565159586c06f829e591905556a8.00000096.honggfuzz.cov delete mode 100644 examples/bind/corpus/d9169c61829eabcbb0339cd8c72f5b1e.00000d02.honggfuzz.cov delete mode 100644 examples/bind/corpus/d930f482f6ed039920120dd624e5511a.0000db22.honggfuzz.cov create mode 100644 examples/bind/corpus/d944eaa49fd26675ec09ebbda2325d8d.0000030b.honggfuzz.cov create mode 100644 examples/bind/corpus/d94ca649f80a5f510e5d191900b730b4.0000010f.honggfuzz.cov delete mode 100644 examples/bind/corpus/d98b0dd26aafef49c83b15327009e75d.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/d9ee23f8c7759a7ec05c7123c5db9e0f.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/d9f6c8db4a868f052cf719e17fad017d.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/da0d72de62eaa73ba7876fae68760f80.00001a4a.honggfuzz.cov delete mode 100644 examples/bind/corpus/da189e64dcfb2c7efc12da4aff0867c9.0000015c.honggfuzz.cov create mode 100644 examples/bind/corpus/da276ef9b2fbc11a8cafbe851b7ad187.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/da328d1e2120cececa918d5bf9e2be11.000101c9.honggfuzz.cov delete mode 100644 examples/bind/corpus/da4f08cc1a8c807a39a034866d739a66.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/da5a358861caebe4d8f87ca29a8ad404.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/da5a3b127d7f14883e52edd79a4ac2a6.000002b5.honggfuzz.cov create mode 100644 examples/bind/corpus/da678136fc8b09dc2405adf656f73b7f.00001620.honggfuzz.cov delete mode 100644 examples/bind/corpus/da7ade3913ba935cecfce3ed70982e7c.00000e0d.honggfuzz.cov delete mode 100644 examples/bind/corpus/da7c8d978ad0c60649559277efa32486.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/da92460868677a9cbfa6c9ce034b28ca.00000094.honggfuzz.cov delete mode 100644 examples/bind/corpus/dab2ce5f2c8c8c196e6dcc64bc7b89b4.0000e399.honggfuzz.cov create mode 100644 examples/bind/corpus/dac69f8baaf627e8cc35085a1e868e71.000003a2.honggfuzz.cov delete mode 100644 examples/bind/corpus/dafc4975097a00fcdfcb641062c0e9b3.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/db028c809aecdd2158ee6ee2d92a55f0.00077c14.honggfuzz.cov delete mode 100644 examples/bind/corpus/db0f3e7bc34aeb9fde78e4d83f330e7f.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/db0f3f73a17e80b877dcc5b923d3f9ec.000000ab.honggfuzz.cov delete mode 100644 examples/bind/corpus/db1dd25908af22e539b4e196816f3303.000002d0.honggfuzz.cov create mode 100644 examples/bind/corpus/db53ecc97b9870f444881dfcb0090358.0000d7be.honggfuzz.cov delete mode 100644 examples/bind/corpus/dbacefa2cdd05d4e6dbc6a05e22b43bd.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/dbcf903bdc5e2bf9c9f718841797ecf4.0000f0b4.honggfuzz.cov delete mode 100644 examples/bind/corpus/dbf7ce6eeb14ccd1325b4253a0ee4a6f.00000020.honggfuzz.cov delete mode 100644 examples/bind/corpus/dc1c76480c8737910b49cc0ab3e20cd4.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/dc27d546963cb75dce7b6d991f4e1e64.00000094.honggfuzz.cov delete mode 100644 examples/bind/corpus/dc3204cbfcbd333e4506efb3d96bdcf5.000003cc.honggfuzz.cov delete mode 100644 examples/bind/corpus/dc481309f15c48586ff9ba6cacf8b183.000000d7.honggfuzz.cov create mode 100644 examples/bind/corpus/dc52659c89e1ab6e74391e4bbe66a7e5.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/dc6bd895ac6c23518941f8803464addf.00003a0b.honggfuzz.cov delete mode 100644 examples/bind/corpus/dcb9c7dda72036d80ac3566d6d025e08.0000e43b.honggfuzz.cov create mode 100644 examples/bind/corpus/dcd549667340431a603be44cc5f73031.00000037.honggfuzz.cov delete mode 100644 examples/bind/corpus/dcd9ebc299f4338397a26032279d0632.0000001d.honggfuzz.cov delete mode 100644 examples/bind/corpus/dcdfb4d3e2d77beff7915e7beee64826.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/dce11765ad4273a29c198ee6f8b6e28d.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/dcfcae2a12a57f469c6e44cc4b52cdb3.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/dcfd9527e76a93a5875ac6764f391c09.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/dd3b70a1fe83b9f43ef07f7ab4a84d88.0006071f.honggfuzz.cov create mode 100644 examples/bind/corpus/dd51a1f7adb0d323bca16b04b306466b.000012a3.honggfuzz.cov create mode 100644 examples/bind/corpus/dd5f21ccb1569b70cb15ebe7aa9f285b.000003f3.honggfuzz.cov create mode 100644 examples/bind/corpus/dd607e466d8392dffd9a6fa19e9bec97.0000a1aa.honggfuzz.cov delete mode 100644 examples/bind/corpus/dd709545ea316f7581e79299c7d6b11b.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/dd8d032a093b8b898258a3326da9eb44.00003037.honggfuzz.cov delete mode 100644 examples/bind/corpus/dd905ce71ca8fb0ab32ce90c8f9960c8.0000c006.honggfuzz.cov create mode 100644 examples/bind/corpus/dd94e296671ebedf643388072c915575.00000200.honggfuzz.cov create mode 100644 examples/bind/corpus/dda3e80a2265bb1b49956173c79c28b1.00002272.honggfuzz.cov create mode 100644 examples/bind/corpus/ddaf3e33be9646859e6963f0d8c98e03.00001f4c.honggfuzz.cov delete mode 100644 examples/bind/corpus/ddcc5c3b22e190ea85e4a0df1737844c.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/de2b0c8772b53b8d8d5d9dbb7f6eb637.000001b0.honggfuzz.cov create mode 100644 examples/bind/corpus/de32599ead00696f6ab0854fe422135d.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/de497b5c65700009c2c0afb56c1326ca.00016ced.honggfuzz.cov create mode 100644 examples/bind/corpus/de64a3fb52d61a554eba4219cd88e5e4.0000bcd6.honggfuzz.cov delete mode 100644 examples/bind/corpus/de71bc3b54117c1147eb6a3cb8571fa6.00000359.honggfuzz.cov create mode 100644 examples/bind/corpus/de851545270ffaf17b22e19d60acabf9.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/de86687e1e5d4e83b5a403000d41bd73.00001616.honggfuzz.cov delete mode 100644 examples/bind/corpus/de867d28f0247402306b637beb3cd061.00000288.honggfuzz.cov create mode 100644 examples/bind/corpus/de88040a1eb2538e17a0ee68d325149f.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/ded859b4ca3f16e9bde4c822e4d5b957.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/def935a2abd56c328e4a99d06d205df2.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/defb70da93cb529cd01efbdae53f186a.0000ba11.honggfuzz.cov create mode 100644 examples/bind/corpus/df4228ccb8f4a6557dc30e216b353524.000000be.honggfuzz.cov create mode 100644 examples/bind/corpus/df696c5a323c478bddad1bb5369365b7.00000023.honggfuzz.cov delete mode 100644 examples/bind/corpus/df7910b3ec6abecbe53bb4d2f62ad2a0.0000f77d.honggfuzz.cov create mode 100644 examples/bind/corpus/df87fef554c20fbdcc9911b652a0b4f8.00000517.honggfuzz.cov create mode 100644 examples/bind/corpus/df9de7caa4cab8ff8ba933c62d57ed3b.00000226.honggfuzz.cov delete mode 100644 examples/bind/corpus/df9e21091370538c255186803c894e5b.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/dfb95ec260c5fd3092949b7bd92fbf58.00000200.honggfuzz.cov create mode 100644 examples/bind/corpus/dfe7503c056cb8d216b9bba372752653.00000b91.honggfuzz.cov create mode 100644 examples/bind/corpus/e012df8fed1fdf12a87918c214c4806a.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/e01e9cb6f1d30ae6a969985d11cbba49.00000dc6.honggfuzz.cov delete mode 100644 examples/bind/corpus/e028d9a59a44ff6d17a1dc8e4b910797.00000086.honggfuzz.cov delete mode 100644 examples/bind/corpus/e02b3923bdd5200b5500926379e4605a.00000b86.honggfuzz.cov create mode 100644 examples/bind/corpus/e032017fe14356458b94ab873f6bd8cf.000001cf.honggfuzz.cov delete mode 100644 examples/bind/corpus/e0344b58834856c8686041e806297959.0000004c.honggfuzz.cov delete mode 100644 examples/bind/corpus/e0381ee63a79b73ce10845cb17da2508.00000318.honggfuzz.cov create mode 100644 examples/bind/corpus/e042173370fe97b7bbd6fcbb33806b7b.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/e042ff827dd1f5c1fcc1f1b08fbe8ac9.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/e045d530c015f9eb501386c36410deeb.00016340.honggfuzz.cov delete mode 100644 examples/bind/corpus/e053dbd91f664538332e77f8dbca3dc7.0001e145.honggfuzz.cov delete mode 100644 examples/bind/corpus/e058c5ec79a91a192e6d9db7aab7bae2.000001b0.honggfuzz.cov delete mode 100644 examples/bind/corpus/e05912c2e347b5b0e731185be39b1b06.00000037.honggfuzz.cov delete mode 100644 examples/bind/corpus/e090f8cd4a90cfe051a3b54f70264239.00000c2e.honggfuzz.cov create mode 100644 examples/bind/corpus/e095cc557f0897df1a9dc490071a88a1.00000200.honggfuzz.cov create mode 100644 examples/bind/corpus/e0a976d5011db4ade5828833da4f2065.00002710.honggfuzz.cov create mode 100644 examples/bind/corpus/e0aeaa20c62228babae0061650de2911.000001bd.honggfuzz.cov create mode 100644 examples/bind/corpus/e0d00637c6d08d0e160c2d7bebdb7896.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/e0ef5dc91ec9d9baa40725d4ae86d310.00002000.honggfuzz.cov create mode 100644 examples/bind/corpus/e0f0ac3ca5ac017a33e66b4aa945fc54.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/e12bbe8168b4359c4d6a2628605d9d42.0000001d.honggfuzz.cov delete mode 100644 examples/bind/corpus/e12f6d5836b26e66c43d4a5fdbaf78f1.00000086.honggfuzz.cov delete mode 100644 examples/bind/corpus/e131ba4612299409392a1e3ce9efd845.00016ced.honggfuzz.cov create mode 100644 examples/bind/corpus/e168d2bfa3786c0294d437bdc6909ec1.00002000.honggfuzz.cov delete mode 100644 examples/bind/corpus/e1bd3285bce6b8d42c362b14102ff2ba.00018619.honggfuzz.cov delete mode 100644 examples/bind/corpus/e1ca1dddbc44f5ae5a61e55ee1d0ef51.000063a4.honggfuzz.cov create mode 100644 examples/bind/corpus/e1d8ac4dcda61fcaa94bf2dd38398b4e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/e1ebde865a77188ae78dddb7f9ebc872.0000021f.honggfuzz.cov delete mode 100644 examples/bind/corpus/e1f4774af62ad91abdedf30a5489a8ca.0000022b.honggfuzz.cov create mode 100644 examples/bind/corpus/e1fff4a0763a8b7ef2dd744b80479f86.00000175.honggfuzz.cov delete mode 100644 examples/bind/corpus/e20a76133776e945d3dc85ffdda35185.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/e210b900ab238467a0c0c23376fac25c.00000210.honggfuzz.cov create mode 100644 examples/bind/corpus/e23ea8c0ec7a66bdac6896ccd0acb14f.0001000b.honggfuzz.cov create mode 100644 examples/bind/corpus/e241f0ec9fa1484c3dd66e0156ce2554.000000d9.honggfuzz.cov create mode 100644 examples/bind/corpus/e26777fec6be6293f70ed2e5612c9716.000105b8.honggfuzz.cov create mode 100644 examples/bind/corpus/e27c4ab56584b4d2a0b9573eb67820d2.0000012e.honggfuzz.cov delete mode 100644 examples/bind/corpus/e28c3bb44b637c89c66ef100b8695ddb.00000083.honggfuzz.cov delete mode 100644 examples/bind/corpus/e2f6b89c20934b04c2bf95f8ecd1b6ac.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/e30da596e577222c865c13a0bb85047b.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/e319d1ec72a1a699e820e62f59322a04.00000110.honggfuzz.cov create mode 100644 examples/bind/corpus/e3231fad240336449a58b5af97548e62.000002a7.honggfuzz.cov delete mode 100644 examples/bind/corpus/e3259a616f8fb966a2e10578da44c125.00000042.honggfuzz.cov create mode 100644 examples/bind/corpus/e326aab1ef8fb966a1f1a9c7da44698d.00000042.honggfuzz.cov create mode 100644 examples/bind/corpus/e327026af2b87ac48894e4fd7430cb8f.00000017.honggfuzz.cov create mode 100644 examples/bind/corpus/e34295729383ba480da2f85e80036cb6.00000049.honggfuzz.cov delete mode 100644 examples/bind/corpus/e35df66c1d17a7ceb4804cc654085250.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/e3710eb91b28e455c03fa1f496019c6a.0004d423.honggfuzz.cov create mode 100644 examples/bind/corpus/e376a58f91fe107685f79af2a91ffb18.00000041.honggfuzz.cov delete mode 100644 examples/bind/corpus/e3851e83a39746dadfdea9704b59692e.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/e3bad36edb6a29520bf6339c23bd0e11.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/e3bf240ef10e8919ce54e9ec3f4423e0.0000005c.honggfuzz.cov create mode 100644 examples/bind/corpus/e3d7948b9439e1e9a42cd25cb1820a92.00000206.honggfuzz.cov delete mode 100644 examples/bind/corpus/e3e35fb941b81c6e23e5c71f9a462f87.0000ba65.honggfuzz.cov create mode 100644 examples/bind/corpus/e3eb15fc99f56b1f15f50ba6da868586.0000003b.honggfuzz.cov delete mode 100644 examples/bind/corpus/e3f196994d9e8d130e73a2ee600cda25.0000007a.honggfuzz.cov create mode 100644 examples/bind/corpus/e3fa47a8039f14881d4504bd4e3ecf3a.00000076.honggfuzz.cov delete mode 100644 examples/bind/corpus/e4066c2bbf18b2e867c8ee137151011a.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/e49670c044eda9b6574b880bfc107e16.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/e499079712bfb0886adcd1cca75e6c0a.0000eb12.honggfuzz.cov delete mode 100644 examples/bind/corpus/e4a5f817b8f167e4d05ba08c8202eab6.00000042.honggfuzz.cov create mode 100644 examples/bind/corpus/e4adf237eb74fc5c4bc190faf11b2d6c.00000216.honggfuzz.cov delete mode 100644 examples/bind/corpus/e4b035285c414f1325733b870cabbb97.00000100.honggfuzz.cov create mode 100644 examples/bind/corpus/e4ba98885427b71f95b66cc83c8c1749.0000004b.honggfuzz.cov delete mode 100644 examples/bind/corpus/e4ba98928ee7b71fd1b678dc3c8c1752.0000004b.honggfuzz.cov delete mode 100644 examples/bind/corpus/e4d4c9bbbb19036fc66e8aada680b58e.00000bfa.honggfuzz.cov create mode 100644 examples/bind/corpus/e4db3983c75b7c946bb39ddfecb2d8f3.00001413.honggfuzz.cov create mode 100644 examples/bind/corpus/e4e20d4932e719a94eff1df0b7aa03b8.00000041.honggfuzz.cov delete mode 100644 examples/bind/corpus/e5173e08ddac030dd8fad092af33d0ce.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/e51e0ec894b4b5b4d27c2dc36bfef15e.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/e522fb8ab9f4d37c7d54cec834b1cad8.00000458.honggfuzz.cov create mode 100644 examples/bind/corpus/e5386751a1444d5989ecf08f6d486253.00000020.honggfuzz.cov delete mode 100644 examples/bind/corpus/e53e87c22447fe487e1b793ec1d2b395.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/e55ec2751df92050055841638ff6d26c.00000291.honggfuzz.cov create mode 100644 examples/bind/corpus/e56b3951ab225c861ec8eb0a92257ff6.000014e4.honggfuzz.cov delete mode 100644 examples/bind/corpus/e572208179dbf5916e089caa57666a73.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/e57e6ff821ce9fd7f6262a3b5d8c3250.00001a79.honggfuzz.cov create mode 100644 examples/bind/corpus/e5996643e77bcaaeb96247f173c16ce6.0000025b.honggfuzz.cov delete mode 100644 examples/bind/corpus/e5a42d4f28c02fa19138b07892d76c60.00010566.honggfuzz.cov delete mode 100644 examples/bind/corpus/e5a776b149e5d1eeb42a29fc2b1cf0e9.00000208.honggfuzz.cov create mode 100644 examples/bind/corpus/e5b9f36535dee8e0d4a47489ba55595e.00000c08.honggfuzz.cov delete mode 100644 examples/bind/corpus/e5ee36f711471f5d23353cf0d8fbb608.00000081.honggfuzz.cov create mode 100644 examples/bind/corpus/e5ee4181183e330e549eb3550bca21cd.000000b1.honggfuzz.cov delete mode 100644 examples/bind/corpus/e5f5662904254d6e489d750e3b7a9297.000000d4.honggfuzz.cov create mode 100644 examples/bind/corpus/e5fd99428ab1ea83b31dbbaf91b21a43.00000c71.honggfuzz.cov delete mode 100644 examples/bind/corpus/e61f0edf1a3aae2aa9ff9ce7f0a3a813.000000c7.honggfuzz.cov create mode 100644 examples/bind/corpus/e627469303db389e4abfa947b2aa42ed.0000001a.honggfuzz.cov delete mode 100644 examples/bind/corpus/e64fdc4c82ff8806bd67b05995354db8.00011f85.honggfuzz.cov delete mode 100644 examples/bind/corpus/e672a6ee87a764fdbb599c19e4d4bcf8.000069e6.honggfuzz.cov delete mode 100644 examples/bind/corpus/e67436e07d1975400a1c3acedd063c0e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/e6854856366b923c6d48ddcae1e6825d.00001350.honggfuzz.cov delete mode 100644 examples/bind/corpus/e68a475a3634268ab8b8906fc88e07ab.00000233.honggfuzz.cov delete mode 100644 examples/bind/corpus/e68be4cb8896bf4912f908950d789a7a.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/e6b5e665048cff95d178de5be40dfeb2.0000d5a9.honggfuzz.cov create mode 100644 examples/bind/corpus/e6bcf617c1f3a82aa25f9630fbd6dc40.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/e6c22652b41b68494fa80f9748925741.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/e6cf644a5a9b34351ee16fdbb504de55.00001be6.honggfuzz.cov delete mode 100644 examples/bind/corpus/e6cf793f1de534c06076206508be80c7.00001057.honggfuzz.cov delete mode 100644 examples/bind/corpus/e6d70236c743eafe1a72e8e974a6647f.00000081.honggfuzz.cov create mode 100644 examples/bind/corpus/e6f01fbcf16adc64b47a6ff636dccf5b.000001db.honggfuzz.cov create mode 100644 examples/bind/corpus/e6f890c2ea56655ce290bd5140333aba.0000f785.honggfuzz.cov delete mode 100644 examples/bind/corpus/e71cc900eb006e99be9fb96b60dd14be.00000eb8.honggfuzz.cov create mode 100644 examples/bind/corpus/e7248cad5cb1666d0a02e0eb27c5cafb.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/e72d97b4f11ee86241ffb5bc742be6f8.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/e73aa7d35e8812f96ed1dd24be1c5b5e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/e73f82468d4c2bb516c3880eb571b629.00009303.honggfuzz.cov delete mode 100644 examples/bind/corpus/e749840ac8c09bddfd44bdeaf3a04732.00000089.honggfuzz.cov create mode 100644 examples/bind/corpus/e7575cb4ba67acdefa4635e3ef287022.0000010f.honggfuzz.cov create mode 100644 examples/bind/corpus/e77af4ad565a0a5708647943feea2a4e.000004e9.honggfuzz.cov create mode 100644 examples/bind/corpus/e790000000000000e790000000000000.00000001.honggfuzz.cov create mode 100644 examples/bind/corpus/e7b590dfe77e053a6c2cb4e304b52f76.00000389.honggfuzz.cov create mode 100644 examples/bind/corpus/e7ba9f5015837df9b384b3d75f9f4339.000000a6.honggfuzz.cov create mode 100644 examples/bind/corpus/e7e222070adc31fb43e9fe67553b3e1b.00000084.honggfuzz.cov create mode 100644 examples/bind/corpus/e7e836edf09a420ed1ac527e4f7bb0ff.0000c5fb.honggfuzz.cov delete mode 100644 examples/bind/corpus/e8060885ffd4891123b0f1caab581e79.000000db.honggfuzz.cov delete mode 100644 examples/bind/corpus/e81b7fcf82ef74362678d931b3c01c69.0000006c.honggfuzz.cov delete mode 100644 examples/bind/corpus/e81da40a1b87f9110924286e8eaec056.000000db.honggfuzz.cov delete mode 100644 examples/bind/corpus/e823296dc0578b6f2d56eec89e724cde.00000dab.honggfuzz.cov create mode 100644 examples/bind/corpus/e85ca4f90d9ef23e8ec904affce7412d.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/e861565b75f09080ffdb323ffb4b58e7.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/e8662693f32986e917121697b1eca21f.0000323f.honggfuzz.cov delete mode 100644 examples/bind/corpus/e895b3698449254387374517d2044a62.000070f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/e89a7a48dd99528181b1bbc367abeb53.00000181.honggfuzz.cov delete mode 100644 examples/bind/corpus/e89c6866c0b9d594cf2e4a990ea878c5.000000ba.honggfuzz.cov delete mode 100644 examples/bind/corpus/e8a37e806fc2c5eeb31da22e70735948.0000d83a.honggfuzz.cov create mode 100644 examples/bind/corpus/e8a4800c8a3cde6e0e2f96643e7713fb.00000402.honggfuzz.cov delete mode 100644 examples/bind/corpus/e8f403c1e3e984d517c4e877d77c771f.00000c1d.honggfuzz.cov create mode 100644 examples/bind/corpus/e9152e18577c612f0e9e16d376bfb4e0.00000280.honggfuzz.cov delete mode 100644 examples/bind/corpus/e926fa5fc4a80d64454b5368671f3c68.00000127.honggfuzz.cov create mode 100644 examples/bind/corpus/e927c86a48be60f03d06cb7d57afdbdf.000000c7.honggfuzz.cov delete mode 100644 examples/bind/corpus/e9387f0f90fb97b2fc961df4329df815.0000083d.honggfuzz.cov delete mode 100644 examples/bind/corpus/e9464feb4a157f319e6dc037adf9a36b.0001c109.honggfuzz.cov delete mode 100644 examples/bind/corpus/e95815caf8bbbecb544a46ffcfb4f1bf.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/e96dc7229e934969da0028b8b96c4cef.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/e980a65787a6dc39601800e35cee2c58.00010cd8.honggfuzz.cov create mode 100644 examples/bind/corpus/e98eb7ee33dff52a44fa05441355b9a6.00005bea.honggfuzz.cov delete mode 100644 examples/bind/corpus/e99fdbea72d357d454af3f854c51d191.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/e9a79255f54d516be932fefd86915d09.000000ac.honggfuzz.cov delete mode 100644 examples/bind/corpus/e9d9fba7d173117ce4b36355e384e802.00000239.honggfuzz.cov delete mode 100644 examples/bind/corpus/ea04b58f7bfd7670c69fcbd0653bd85e.0000006c.honggfuzz.cov delete mode 100644 examples/bind/corpus/ea09aedd13792a40ae7fe257c1191840.000003ab.honggfuzz.cov delete mode 100644 examples/bind/corpus/ea114fb8effe1dbc1e9fb043474f6229.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/ea180742310c5a4f3d4c54c1bf2b09c6.00017ac6.honggfuzz.cov create mode 100644 examples/bind/corpus/ea1932491f5f32995ec87572d62e8958.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ea1ffe631da633b8b45ffb60260608f7.000000ba.honggfuzz.cov create mode 100644 examples/bind/corpus/ea24dbb3a3f606cc620f810b0f7fe4c3.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ea4ab88d907ec07873c49e47c5359e6e.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/ea4afaaf7d0090c6910be83837e4b384.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/ea5d8ec2a81fa5818e67b85b65be6d05.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ea797b84daf825b55da104e9f2a0ba40.0000003e.honggfuzz.cov delete mode 100644 examples/bind/corpus/ea7a8841ec9bb08b55dd067d8cfd0c51.000024bd.honggfuzz.cov create mode 100644 examples/bind/corpus/ead228f0b3f6c42b9a452ff31e0b896e.000000e1.honggfuzz.cov delete mode 100644 examples/bind/corpus/eb0621bab4f4b79f9cf02b946b740f52.0000004c.honggfuzz.cov create mode 100644 examples/bind/corpus/eb10cf4c8ea1fce8876dfa7915e6876f.00000233.honggfuzz.cov delete mode 100644 examples/bind/corpus/eb1394374ce3e4e970536c6ccd8103f9.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/eb2276728cee48756a4b279e60cd2d69.00000941.honggfuzz.cov delete mode 100644 examples/bind/corpus/eb2b1aa3e5e1d4ded7d7dd64a5899e93.00018619.honggfuzz.cov delete mode 100644 examples/bind/corpus/eb687ff6bb647d9a716316e7e17af54f.0000e4af.honggfuzz.cov create mode 100644 examples/bind/corpus/eb94f64980fd3649eaa0e1c807e103d9.0000033e.honggfuzz.cov delete mode 100644 examples/bind/corpus/eba030ae8361135f69415994cadcd195.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ebb36b8e474519216eb44dc90e9a43a0.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ebcd92aa8cc1975311fa8ab16102bf17.000001db.honggfuzz.cov create mode 100644 examples/bind/corpus/ebcf567c6ae1e112aa469b4fa7f42746.00000200.honggfuzz.cov delete mode 100644 examples/bind/corpus/ebdef932bd3135957d4efc1ddbd48d53.0000004c.honggfuzz.cov create mode 100644 examples/bind/corpus/ebdf2f644de7f54893736d37b9a0798e.0000010e.honggfuzz.cov delete mode 100644 examples/bind/corpus/ebe783b8d6c73c1cc3d8831ed04f472e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ebe7cf4d5cc73c1cbb89c04c8b4f472c.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ec0d470b25c04bf57db65925e888e1d8.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ec0dc1fffa372c37f3487def01971114.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ec20206601d50ba0628852b8e54ed169.00000593.honggfuzz.cov create mode 100644 examples/bind/corpus/ec2b551cacf2cabf009b8cc4d3cc1db8.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/ec2dd873a2b4bbfdf4664cc60e45ab18.0000609b.honggfuzz.cov create mode 100644 examples/bind/corpus/ec3424ed9c45b209d5c15a96529b9ece.0000ffe1.honggfuzz.cov create mode 100644 examples/bind/corpus/ec47ee4e6f4a4b98d596646251532c58.0000025b.honggfuzz.cov delete mode 100644 examples/bind/corpus/ec5712b0ddd3a653a5c2ae12c752bf5d.00014294.honggfuzz.cov delete mode 100644 examples/bind/corpus/ec5a0e486861d9992fa9294b52c66f95.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/ec66cb99403f1ebcad1c2c0553e1762a.00001327.honggfuzz.cov create mode 100644 examples/bind/corpus/ec70b7bc83630416810c163abf0a89f8.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/ec72d4e389d7062eebab11854a152c9a.000000b6.honggfuzz.cov create mode 100644 examples/bind/corpus/ec77301c527322f552294cc7367cb4b9.00001408.honggfuzz.cov create mode 100644 examples/bind/corpus/ec8bc434c076c95ca965692931fd43ae.00000072.honggfuzz.cov delete mode 100644 examples/bind/corpus/ec90ef401127a321fee32e68365f3eb7.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ecbcb1e415ecb5899b1f9d56aead7e31.000000dc.honggfuzz.cov create mode 100644 examples/bind/corpus/ecc0daa088da0cf624bcf08abec81738.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ecca4f11c03259f1728691edeed910ac.00000048.honggfuzz.cov delete mode 100644 examples/bind/corpus/ecd36f191e0e9df34d1a3b4cba231bf3.000399a6.honggfuzz.cov delete mode 100644 examples/bind/corpus/ecdff86532b0f20b64369a4e05ffd408.000000c6.honggfuzz.cov delete mode 100644 examples/bind/corpus/ed0ca7169c22fc84b2c08ebdb53b1945.000018a9.honggfuzz.cov delete mode 100644 examples/bind/corpus/ed0dee63e1c515beb7a82f3d9e91c525.0001ecf3.honggfuzz.cov delete mode 100644 examples/bind/corpus/ed0e9fd46e1b12b0108539ec3bf65866.000000a6.honggfuzz.cov delete mode 100644 examples/bind/corpus/ed273e48b3d245f26c73f1061faa80a7.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/ed2e93f94cb6413604aafc8f98a7a7c7.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ed3dc7ccd9a2c437a6bebe0db4ba7bf0.0000d87d.honggfuzz.cov delete mode 100644 examples/bind/corpus/ed4ce4bcbf158e97a2bdbdc76bcc5dba.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/ed4f6884cfab97eec1487fe97ab98af6.000016c8.honggfuzz.cov delete mode 100644 examples/bind/corpus/ed66f7da1060f20bab2149e6008d840c.00019216.honggfuzz.cov delete mode 100644 examples/bind/corpus/ed91e97646ead7953202d47ec3703144.0000002c.honggfuzz.cov delete mode 100644 examples/bind/corpus/eda6426b73390bbd42f1dbd1fb36c5f9.00000026.honggfuzz.cov delete mode 100644 examples/bind/corpus/edb71561aaaa772269709210088ce0b1.0000dba9.honggfuzz.cov create mode 100644 examples/bind/corpus/edb7ae25c01a4c195ba6697958969857.0000281a.honggfuzz.cov delete mode 100644 examples/bind/corpus/eddea2134b3b9b15418328e7be909a9d.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/ede498659460ac4bd2dd01f128205892.00002015.honggfuzz.cov create mode 100644 examples/bind/corpus/edf0fb2288a97a79c53e612318a9afae.0000018d.honggfuzz.cov create mode 100644 examples/bind/corpus/ee088d6bd1d9486cd139e0a9f712a246.000000de.honggfuzz.cov delete mode 100644 examples/bind/corpus/ee200c909b838caa2f534699fd4ebaf2.00000091.honggfuzz.cov delete mode 100644 examples/bind/corpus/ee21f974930cd03c03e6d038cf3e8fb1.00000049.honggfuzz.cov delete mode 100644 examples/bind/corpus/ee2cea64cc8a9bfc069588aee93f12c5.00000048.honggfuzz.cov create mode 100644 examples/bind/corpus/ee340ebb6864ab28421862f358ba9ff1.0000554a.honggfuzz.cov create mode 100644 examples/bind/corpus/ee437314a7f548c0d425f9be506b2a00.0000003c.honggfuzz.cov delete mode 100644 examples/bind/corpus/ee4ba33027e7aaa19a5fb4baf58268d4.00000230.honggfuzz.cov create mode 100644 examples/bind/corpus/ee4d516b5326aaedb6a8f3372e0746df.000000ff.honggfuzz.cov create mode 100644 examples/bind/corpus/ee4eced9d7716a3a53a44121ee0e2edf.000001e1.honggfuzz.cov create mode 100644 examples/bind/corpus/ee503d7032a411912dc26146267aa04a.00000187.honggfuzz.cov delete mode 100644 examples/bind/corpus/ee6c7e64fa0fd9d3120dcc5d17c1d097.0000d3e3.honggfuzz.cov delete mode 100644 examples/bind/corpus/ee8bd35857e8bcdf075761887d911328.0000dfb5.honggfuzz.cov create mode 100644 examples/bind/corpus/ee8fe5547f36251c2060c4523dcd5d4a.00000034.honggfuzz.cov delete mode 100644 examples/bind/corpus/ee9b6739cac4781ab57f46dfee7a42a6.0000d20e.honggfuzz.cov create mode 100644 examples/bind/corpus/eec01dfc92b0761f6f16b1c7cb89412e.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/eecdebacc409aa86f5d8fb7a5b2b1be4.000006a1.honggfuzz.cov delete mode 100644 examples/bind/corpus/eed33b405c42086a90b6b31e4ee5e8e1.000001b0.honggfuzz.cov delete mode 100644 examples/bind/corpus/eed3d2fe0ec6611db209e2912385e45e.0001153e.honggfuzz.cov create mode 100644 examples/bind/corpus/eededd65bc240319c532c349b2fcb7bd.000000f9.honggfuzz.cov create mode 100644 examples/bind/corpus/eef0337c5592eeb4f5abf801c7228c05.000000a1.honggfuzz.cov create mode 100644 examples/bind/corpus/ef06866071cf5b98a61f2e7b334d6f5f.0000005e.honggfuzz.cov delete mode 100644 examples/bind/corpus/ef10451a56123b384f58d9105f697d4a.0000004c.honggfuzz.cov delete mode 100644 examples/bind/corpus/ef1209ae2c782231e591602ff8c09247.00000081.honggfuzz.cov create mode 100644 examples/bind/corpus/ef40328521315b0b35445afd91b49a75.00000101.honggfuzz.cov create mode 100644 examples/bind/corpus/ef555abe69951008f2170fb9f3552468.0001f7e8.honggfuzz.cov delete mode 100644 examples/bind/corpus/ef720de559b2ad45122f17cec605518f.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/ef7a1cae733e8718ccb0c18dbabe2249.00001cf2.honggfuzz.cov delete mode 100644 examples/bind/corpus/ef7c5d91eb56c783ecd7d82ed56af4dd.0000004f.honggfuzz.cov delete mode 100644 examples/bind/corpus/ef97312053c837fcda038dfdc1847f6a.000000b0.honggfuzz.cov delete mode 100644 examples/bind/corpus/efa435775004fa6ece6dc502db93f0a1.00007b9b.honggfuzz.cov delete mode 100644 examples/bind/corpus/efb5b25ddc98ffa9aea4acc630cbee9d.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/efc95e16ff0b44e330eff66490115fe4.0000045a.honggfuzz.cov create mode 100644 examples/bind/corpus/efcb48c8db282b4237ea336e5cdf6bfc.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/efeb19208f03b548a0521615ff2c0794.00000173.honggfuzz.cov delete mode 100644 examples/bind/corpus/f003879431b4eaf5a89d6626f20e4612.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/f0196a2e1e19a0910253bc8b2b9390c4.0000016e.honggfuzz.cov delete mode 100644 examples/bind/corpus/f01b256bd845dfd4a57389d8afa91c7d.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/f01bd17fbb9160be65bfe9ffb8fbe324.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/f01c6338723709671a435e9c762ff574.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/f031bac30fe24c05cca6c6b2dc07f329.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/f0837543afecbcbaa1ff074deba97e82.00000123.honggfuzz.cov create mode 100644 examples/bind/corpus/f08c591d980fd5502a6584bfd7c3e5b8.00000075.honggfuzz.cov create mode 100644 examples/bind/corpus/f0990f18ca6273c08b50a937b8c00f0d.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/f0a5eedff7d4f32a51583189dfd48fa0.000000c0.honggfuzz.cov create mode 100644 examples/bind/corpus/f0d3fa09473335c1ce239aa57a008ece.0000aae3.honggfuzz.cov delete mode 100644 examples/bind/corpus/f0de5ae4ed2aa44b350dae46943467bf.00000b91.honggfuzz.cov delete mode 100644 examples/bind/corpus/f0fa77e268665f3ba32aaafc378fa1f4.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/f0fd221901fb7fe27c07ac2b64b28b5b.000008a2.honggfuzz.cov delete mode 100644 examples/bind/corpus/f11069caba98b346a7654ce2f0ecb588.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/f13057a610d3e86d1577a59414c9fddc.000096fd.honggfuzz.cov create mode 100644 examples/bind/corpus/f14eb16570e19a1358825f240191b5b8.0000023e.honggfuzz.cov delete mode 100644 examples/bind/corpus/f174336d256b290d40ad3dbc4509b2f6.00003e92.honggfuzz.cov create mode 100644 examples/bind/corpus/f193f986351a80ad5ead5f1d61bbaa31.00000f16.honggfuzz.cov create mode 100644 examples/bind/corpus/f1b21093bbb879b40b56f57a65cbd188.0000d7e3.honggfuzz.cov create mode 100644 examples/bind/corpus/f1b80e646642b0ac6fc36168417c954b.000004ff.honggfuzz.cov delete mode 100644 examples/bind/corpus/f1bd6c3818181339680b150ad2cba8e5.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/f1c006d1092c30c29ce7387679856472.00000278.honggfuzz.cov delete mode 100644 examples/bind/corpus/f1daa1b59f55d7e9cccead99972fca78.000000e0.honggfuzz.cov create mode 100644 examples/bind/corpus/f1dc746109302b5d369b8954f1e1ceb5.00003984.honggfuzz.cov create mode 100644 examples/bind/corpus/f1e0f8202f23e9f183bd2f10846cd249.00016b89.honggfuzz.cov delete mode 100644 examples/bind/corpus/f202bb8104876685cd824ddfd38881bb.00018619.honggfuzz.cov create mode 100644 examples/bind/corpus/f27ca995e634b923318893dd69bedfa1.0000004d.honggfuzz.cov delete mode 100644 examples/bind/corpus/f27ceb587f4f888f657d16a283225001.00020000.honggfuzz.cov create mode 100644 examples/bind/corpus/f287a64c7e3eeebaa1ff04d8957ed997.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/f28d5bf4aa1aac01ad4ec4ccf58f1cab.0000838f.honggfuzz.cov delete mode 100644 examples/bind/corpus/f29731da30ac869b631147624147d6d1.00010001.honggfuzz.cov delete mode 100644 examples/bind/corpus/f29980f2b450b9676c28a06b36f2dcd3.00009fe6.honggfuzz.cov create mode 100644 examples/bind/corpus/f2de15430a3cd87b031df84c6a417366.0000149e.honggfuzz.cov delete mode 100644 examples/bind/corpus/f303ae3e4f4716be87d43650c6f76d5d.00000155.honggfuzz.cov delete mode 100644 examples/bind/corpus/f3221a7c98d7bb07154e60d83840e9a0.000004df.honggfuzz.cov delete mode 100644 examples/bind/corpus/f341a3878fb73eb6b8db45c5bcda4cd5.0000007e.honggfuzz.cov create mode 100644 examples/bind/corpus/f346369e9587cd31f8ab24aaeca0ee2a.0000002b.honggfuzz.cov create mode 100644 examples/bind/corpus/f35fdb62091005add30023ebed06517e.00000042.honggfuzz.cov delete mode 100644 examples/bind/corpus/f36775f1d06ce8a9211338e45b212ba4.0000017d.honggfuzz.cov delete mode 100644 examples/bind/corpus/f37a19966bc1baf890474643129ad296.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/f39804ba256e3c37aca0b22d970c3e1a.00000191.honggfuzz.cov delete mode 100644 examples/bind/corpus/f3aae4dab116e4d55a6600cea105a8fd.0000104a.honggfuzz.cov create mode 100644 examples/bind/corpus/f3d6a48044f5e99a22eec4b1df61290e.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/f3d9343b33e5604e3485bb594553c0d6.00000c06.honggfuzz.cov delete mode 100644 examples/bind/corpus/f3dae4db2c2db8f9292caf94af438bf8.00010394.honggfuzz.cov create mode 100644 examples/bind/corpus/f408a16608edff47a8098a0a23b80f58.0000007e.honggfuzz.cov create mode 100644 examples/bind/corpus/f411e8cc4c4ffc00b3098e2341cc768b.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/f4172edeebcb401e6dc8a4896b37c4c5.00000132.honggfuzz.cov create mode 100644 examples/bind/corpus/f419c3589fe361215ee1553f43f00064.000000a0.honggfuzz.cov create mode 100644 examples/bind/corpus/f45a89a5b5554ea67d4ec63d43d80008.00000038.honggfuzz.cov create mode 100644 examples/bind/corpus/f45cfa645166ba4fe0193b53fb29dcd3.000001e7.honggfuzz.cov delete mode 100644 examples/bind/corpus/f460b094378539d030e4aff3e225e03f.00001275.honggfuzz.cov create mode 100644 examples/bind/corpus/f467e255f1d1fa436aa159b7e0941dcf.0000377a.honggfuzz.cov create mode 100644 examples/bind/corpus/f4a459aa0da7cc6c2d8bc43a6ab67f93.00000200.honggfuzz.cov delete mode 100644 examples/bind/corpus/f4b9abcaa8a7a1a1645b1856d0242f76.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/f4db32a0858e9837ee97565beac0abb6.0000109a.honggfuzz.cov create mode 100644 examples/bind/corpus/f4e473d0140efd30f9baa22a4987a813.00000051.honggfuzz.cov delete mode 100644 examples/bind/corpus/f508c4950f5a492b9b8d915d3bb267fd.0000005c.honggfuzz.cov delete mode 100644 examples/bind/corpus/f51cb0918dc83c14ce7409101c89e3ec.000002ab.honggfuzz.cov delete mode 100644 examples/bind/corpus/f51d11c92d42126f75f4f4c1d5997809.0002297c.honggfuzz.cov delete mode 100644 examples/bind/corpus/f51d4a051c2a9abb4a425d07cdb66942.000001c7.honggfuzz.cov create mode 100644 examples/bind/corpus/f5314fb57ccc866594589faaba05e1e6.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/f5390a430169b575708fae0977a31375.000003ed.honggfuzz.cov delete mode 100644 examples/bind/corpus/f5491ef9a8e49592edc0766d97ba4555.00000175.honggfuzz.cov create mode 100644 examples/bind/corpus/f55cc60765f2293b769ad3b994c84fd8.0000002d.honggfuzz.cov delete mode 100644 examples/bind/corpus/f55cc65625f2293b76f0151594c84fd8.0000002d.honggfuzz.cov create mode 100644 examples/bind/corpus/f55cd75735f2293b76f008a294c84fd8.0000002d.honggfuzz.cov create mode 100644 examples/bind/corpus/f55fdf0b07d217ff50a7f031e0df47ec.000000a7.honggfuzz.cov create mode 100644 examples/bind/corpus/f5747f7cb95a89bfa47959d91e5d7355.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/f58db2f0e0a0ad3fb18a725e07f7d91a.00000d98.honggfuzz.cov create mode 100644 examples/bind/corpus/f59bb4953ce805e926293a3ce779ff37.000001e6.honggfuzz.cov delete mode 100644 examples/bind/corpus/f5b5c4ef7df7f0d473eee269aee7e70a.0000bb6c.honggfuzz.cov delete mode 100644 examples/bind/corpus/f5d5065fbfeca4c61367c94755eaf841.0000298f.honggfuzz.cov create mode 100644 examples/bind/corpus/f601796b2b98e92d31871c2396856909.00007f30.honggfuzz.cov delete mode 100644 examples/bind/corpus/f608f0410173785e9c332f1dfbbfb07d.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/f6276f1a8e7e1e29a731292d57e245a9.00000e6e.honggfuzz.cov create mode 100644 examples/bind/corpus/f63d3142f11e419105f107d795e75acd.00000164.honggfuzz.cov create mode 100644 examples/bind/corpus/f63f3db78d896936867cb29e7740fa94.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/f64b03fd3976a1db3797a04cd2ba5089.000093ce.honggfuzz.cov delete mode 100644 examples/bind/corpus/f64f1712445cd1bc46e3ba3929528583.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/f650fa2d7f0c340622a2c80101b1a2f4.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/f6b8e0cac2fc0c3c0c635982480b8f97.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/f6c101bb5464967a23e4520ec29ae1db.00000181.honggfuzz.cov create mode 100644 examples/bind/corpus/f6c7135cfc81f35822ddb1d1437f69f4.00000129.honggfuzz.cov delete mode 100644 examples/bind/corpus/f6d7ba82c44e352b1c3dba272825cbc1.00006f8e.honggfuzz.cov delete mode 100644 examples/bind/corpus/f6ecce1c2c2322352014938644c0fcb3.0004dd7b.honggfuzz.cov delete mode 100644 examples/bind/corpus/f6ef4f96792253af939851d700e853c0.0000969b.honggfuzz.cov create mode 100644 examples/bind/corpus/f721fb7695e3f7a8d92e3c00eea6b3b8.00001d3b.honggfuzz.cov delete mode 100644 examples/bind/corpus/f72abd8ce61eaf4ad35660cac9807ce3.0001d687.honggfuzz.cov delete mode 100644 examples/bind/corpus/f732a543f7256ac49983fe7ccf0893bc.0000150f.honggfuzz.cov create mode 100644 examples/bind/corpus/f73c11b6765c8cc822f7b4fd7133769b.000000ff.honggfuzz.cov delete mode 100644 examples/bind/corpus/f7537854be7fc596dee59c52f46d144f.0000abd4.honggfuzz.cov delete mode 100644 examples/bind/corpus/f76ba6738f0aa768848361ed0fbad7d1.00000018.honggfuzz.cov delete mode 100644 examples/bind/corpus/f773089dd8032f2f7b0f91fb70249e08.000020e4.honggfuzz.cov delete mode 100644 examples/bind/corpus/f7759fb07da1a6434dd9a93ccc6cb2c8.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/f79289884b0188bdd4dd0dafbcdd0a29.00000094.honggfuzz.cov delete mode 100644 examples/bind/corpus/f7bbe9cd5a6c423814662f4939b371b5.00000200.honggfuzz.cov create mode 100644 examples/bind/corpus/f7be7d59d47482a104015659abd550a2.0000050d.honggfuzz.cov delete mode 100644 examples/bind/corpus/f7ca01a23e251148e6d8c9c999706098.0000247f.honggfuzz.cov create mode 100644 examples/bind/corpus/f7e4874673189fc3c64b43bb270e67b2.00000137.honggfuzz.cov create mode 100644 examples/bind/corpus/f7ed59ea95aec7e5f887d801fda26139.000000ec.honggfuzz.cov delete mode 100644 examples/bind/corpus/f7f4105840f1276413a4731a533826d7.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/f823ad46949b19e971f8bc2c02350911.0000040a.honggfuzz.cov delete mode 100644 examples/bind/corpus/f83300670de4c6a20e39af8f41bce45e.000002c6.honggfuzz.cov create mode 100644 examples/bind/corpus/f856943bb720ae6a8d3e1b41b120d4a2.000010c7.honggfuzz.cov delete mode 100644 examples/bind/corpus/f8878ab2484e26ead46d1da31105628e.0000793c.honggfuzz.cov create mode 100644 examples/bind/corpus/f8a1a84dbe8d0726d94654e995e6f798.000022a3.honggfuzz.cov create mode 100644 examples/bind/corpus/f8e706b5dbacb681141410030101d9f1.000000c0.honggfuzz.cov delete mode 100644 examples/bind/corpus/f92c29f0ea8b0b02f171d5aafdb05e05.00000028.honggfuzz.cov delete mode 100644 examples/bind/corpus/f930283d7953165bc6822b141a641c95.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/f93267e7a52feb6c6db6f55592adb7e2.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/f942c28da73049237aff6bbf57d74938.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/f94508c13390e729a5e5ffb03df48d3d.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/f958132bbff11340eeb065879b74223a.000000b1.honggfuzz.cov create mode 100644 examples/bind/corpus/f95b94909c777978044ca0eda88dc199.00000104.honggfuzz.cov delete mode 100644 examples/bind/corpus/f96c82b2d04ba8bdcd58881b6b6d8a31.00000110.honggfuzz.cov create mode 100644 examples/bind/corpus/f9789e8d71d84a8ef89ffa1e92eb54eb.0001f7e8.honggfuzz.cov create mode 100644 examples/bind/corpus/f99a8f6bbbcd692b490421f3de60f00f.0000004d.honggfuzz.cov delete mode 100644 examples/bind/corpus/f9b05569f1acd42595414a9965492c8b.00008ec8.honggfuzz.cov delete mode 100644 examples/bind/corpus/f9b23f5e4d252794c5036321e738c562.0001153e.honggfuzz.cov delete mode 100644 examples/bind/corpus/f9b7e42ca1c71bf68294080739592cba.00000181.honggfuzz.cov delete mode 100644 examples/bind/corpus/f9f16a7e37e36658c9dbf410e1240c4c.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/f9f8a402de884c3e414c9ca47c341f42.00000205.honggfuzz.cov delete mode 100644 examples/bind/corpus/fa56082c4f83534aeefb74f130eb53df.00000113.honggfuzz.cov delete mode 100644 examples/bind/corpus/fa927d159c363aa2b2f7e3039a193537.0000eac3.honggfuzz.cov delete mode 100644 examples/bind/corpus/fa9dc1065acb8fb226c730b65446ead8.000000df.honggfuzz.cov delete mode 100644 examples/bind/corpus/fadf046093318646fd66d90f84ec7396.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/fb4ced38742d0d8fd08b8f602e65dd52.000101d0.honggfuzz.cov delete mode 100644 examples/bind/corpus/fb6133a5d99addbd65cfd5322ad0314c.000000b0.honggfuzz.cov create mode 100644 examples/bind/corpus/fbb2380f11097de2e72b2779339b99b8.0000f634.honggfuzz.cov delete mode 100644 examples/bind/corpus/fbcad276685d3c59554ca2a4c2fc20ad.00000fa2.honggfuzz.cov delete mode 100644 examples/bind/corpus/fbf17b628ef09b1e3afbc6264bb83363.00000e87.honggfuzz.cov delete mode 100644 examples/bind/corpus/fc04e6f5cb9edac6174e596dec6f38df.000001b8.honggfuzz.cov delete mode 100644 examples/bind/corpus/fc069df68a40f42f4c8dcd8e3f803499.000000be.honggfuzz.cov create mode 100644 examples/bind/corpus/fc0cdf496ca9c95812896cd5c9e67a04.000017b0.honggfuzz.cov delete mode 100644 examples/bind/corpus/fc0f00fbec17cff60f4bdcf1e0f5233d.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/fc1561e49e3f097bae421d2397228c32.0000056d.honggfuzz.cov create mode 100644 examples/bind/corpus/fc1f5c5ebc931bb6551d0c46e583fc5a.00000119.honggfuzz.cov create mode 100644 examples/bind/corpus/fc28457cd5e9d6830b4a014ce9678b33.000000c3.honggfuzz.cov delete mode 100644 examples/bind/corpus/fc464f4cd15910d72b59c7311ddb5a00.00000113.honggfuzz.cov delete mode 100644 examples/bind/corpus/fc542ee67ea16902fe2d5d094da0c0de.000000f7.honggfuzz.cov delete mode 100644 examples/bind/corpus/fc552e4f866bc795c62ca90549498d99.00000317.honggfuzz.cov delete mode 100644 examples/bind/corpus/fc6b3459be8e525b649a68f9f05f6c7a.0000005f.honggfuzz.cov delete mode 100644 examples/bind/corpus/fc8513b35e5f14d5c8a028a0999b2c3d.0000024f.honggfuzz.cov delete mode 100644 examples/bind/corpus/fc8cbefebf26d41fccadc09beba27f26.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/fc9657ca18f22403c2af0cf041f43368.00000067.honggfuzz.cov delete mode 100644 examples/bind/corpus/fc98f828a85460ba3ff90b348344b176.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/fc9a91ae7bced45f1b070f9408c20fde.000000b8.honggfuzz.cov delete mode 100644 examples/bind/corpus/fceb9dafe85386facc9aa78317051ac1.0001bd8e.honggfuzz.cov create mode 100644 examples/bind/corpus/fd0334d90b64110eb354aaacbad3f5a2.00013ce0.honggfuzz.cov delete mode 100644 examples/bind/corpus/fd03f08f9c54ed33be31e43f3c859026.00000085.honggfuzz.cov create mode 100644 examples/bind/corpus/fd193112e82960fe1304acf163a9fa1f.000004df.honggfuzz.cov delete mode 100644 examples/bind/corpus/fd498b19e48ccdd2eef84ba4b2d981de.0001153e.honggfuzz.cov create mode 100644 examples/bind/corpus/fd4a52f3c04d593396e1f2e5688fbfc0.0000002f.honggfuzz.cov delete mode 100644 examples/bind/corpus/fd5b1c196a001586f48266511a345371.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/fd901f471e3f3b66f3920c4af2407f87.00000096.honggfuzz.cov delete mode 100644 examples/bind/corpus/fdaad4ac40ee20e40549a5d61df888a8.00001bfb.honggfuzz.cov create mode 100644 examples/bind/corpus/fdb04f7c4ce2c9c4ff5eb550fc1a6388.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/fdb13aad2a8ad8fd921d16d435804745.000001b1.honggfuzz.cov create mode 100644 examples/bind/corpus/fdb21242fcb6b32294210ecc3ae07720.000000b2.honggfuzz.cov delete mode 100644 examples/bind/corpus/fddf547a43fb3a6a05cf13c2b4ebce06.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/fdee9a138bfa54516e260e55e1a9ce74.00001142.honggfuzz.cov delete mode 100644 examples/bind/corpus/fe60b543538eada195770eead539d558.00000085.honggfuzz.cov delete mode 100644 examples/bind/corpus/fe685a256e80e897a7e6b166e9ec29be.000001b8.honggfuzz.cov delete mode 100644 examples/bind/corpus/fe6fe5779ac66dcce0104d8f31b79d55.000000f9.honggfuzz.cov delete mode 100644 examples/bind/corpus/fe96f5e723de0a0bc08381324d0f9e22.00004e4b.honggfuzz.cov delete mode 100644 examples/bind/corpus/feb410b0472467895f6124b4cb6a7b6e.0000012f.honggfuzz.cov delete mode 100644 examples/bind/corpus/fee9ae759a08e4c402d8513c15c8ef8e.000022cc.honggfuzz.cov delete mode 100644 examples/bind/corpus/feefa8d0adf613424d42d25cef308e59.00000263.honggfuzz.cov delete mode 100644 examples/bind/corpus/ff0bfb8f2a71231f925507a4f1a2fd22.00000080.honggfuzz.cov delete mode 100644 examples/bind/corpus/ff2c1871839b02fd5e0082dfe0e1b046.000093c5.honggfuzz.cov delete mode 100644 examples/bind/corpus/ff43720d902699e8ec6d7e24df090fc8.00000400.honggfuzz.cov create mode 100644 examples/bind/corpus/ff4d322d08cccee3c61b419854d2133c.00000bb8.honggfuzz.cov delete mode 100644 examples/bind/corpus/ff61e787beca9b8e965316385cbf14c1.00020000.honggfuzz.cov delete mode 100644 examples/bind/corpus/ff786885c60456d39bca4d499ef5c6f3.00000400.honggfuzz.cov delete mode 100644 examples/bind/corpus/ff7ea39e44eb771d1bbb850c2d2c24dc.00000092.honggfuzz.cov delete mode 100644 examples/bind/corpus/ffa13b1caa43e741a0468960c69780a0.00000080.honggfuzz.cov create mode 100644 examples/bind/corpus/ffa4ce9e56996ef42fa16b2a0aeb1a3d.00000056.honggfuzz.cov delete mode 100644 examples/bind/corpus/ffb7ac6135cb5be2bc759621a495a9ea.0000cd57.honggfuzz.cov delete mode 100644 examples/bind/corpus/ffb7b98b91efb3e1672ba4319e1424b9.0001153e.honggfuzz.cov create mode 100644 examples/bind/corpus/ffbf88391895cb0d0e985919c2ed17a7.00000b33.honggfuzz.cov create mode 100644 examples/bind/corpus/ffbfd302acebbbec6f9bf8d7e02e4a05.00000343.honggfuzz.cov create mode 100644 examples/bind/corpus/ffd52b6d3051c4eac1ff0ded946693f4.00004f3a.honggfuzz.cov delete mode 100644 examples/bind/corpus/ffed1cfe77fdfaaf1d2186547d679331.000713ab.honggfuzz.cov create mode 100644 examples/bind/corpus/fff9f78df5231e979de3a0d806b7d9a8.000000e0.honggfuzz.cov delete mode 100644 examples/bind/corpus/fffac22de9a0e43c2a1bf125c222f988.00000085.honggfuzz.cov diff --git a/examples/bind/corpus/00000000016c87e0973c11b000000000.00000007.honggfuzz.cov b/examples/bind/corpus/00000000016c87e0973c11b000000000.00000007.honggfuzz.cov new file mode 100644 index 00000000..dffe423c Binary files /dev/null and b/examples/bind/corpus/00000000016c87e0973c11b000000000.00000007.honggfuzz.cov differ diff --git a/examples/bind/corpus/00185cee2e16acb6dd8220b9abdade32.0001fabb.honggfuzz.cov b/examples/bind/corpus/00185cee2e16acb6dd8220b9abdade32.0001fabb.honggfuzz.cov deleted file mode 100644 index 23d3cef8..00000000 Binary files a/examples/bind/corpus/00185cee2e16acb6dd8220b9abdade32.0001fabb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/004cd8346486e4fc3376edca420c4f70.000101d0.honggfuzz.cov b/examples/bind/corpus/004cd8346486e4fc3376edca420c4f70.000101d0.honggfuzz.cov new file mode 100644 index 00000000..bb1568a4 Binary files /dev/null and b/examples/bind/corpus/004cd8346486e4fc3376edca420c4f70.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/005856df0e0348abb829cb360bb03890.00000085.honggfuzz.cov b/examples/bind/corpus/005856df0e0348abb829cb360bb03890.00000085.honggfuzz.cov deleted file mode 100644 index d908a3df..00000000 Binary files a/examples/bind/corpus/005856df0e0348abb829cb360bb03890.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/005c065362942dedcf16f957ce516f6b.0000090a.honggfuzz.cov b/examples/bind/corpus/005c065362942dedcf16f957ce516f6b.0000090a.honggfuzz.cov deleted file mode 100644 index 928d8ab6..00000000 Binary files a/examples/bind/corpus/005c065362942dedcf16f957ce516f6b.0000090a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/006d38e4a56c2644ecc7e2314239203c.000000f9.honggfuzz.cov b/examples/bind/corpus/006d38e4a56c2644ecc7e2314239203c.000000f9.honggfuzz.cov deleted file mode 100644 index 780287d8..00000000 Binary files a/examples/bind/corpus/006d38e4a56c2644ecc7e2314239203c.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0075a250ec8d8e24071fec461d8db524.000101d0.honggfuzz.cov b/examples/bind/corpus/0075a250ec8d8e24071fec461d8db524.000101d0.honggfuzz.cov new file mode 100644 index 00000000..0337e2cc Binary files /dev/null and b/examples/bind/corpus/0075a250ec8d8e24071fec461d8db524.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/00833c160350d8acc52a0b4785ce153a.0000008b.honggfuzz.cov b/examples/bind/corpus/00833c160350d8acc52a0b4785ce153a.0000008b.honggfuzz.cov deleted file mode 100644 index a4ca2cd1..00000000 Binary files a/examples/bind/corpus/00833c160350d8acc52a0b4785ce153a.0000008b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/00a1fdfcf3686e22ecd0ab99cb4495c8.00001107.honggfuzz.cov b/examples/bind/corpus/00a1fdfcf3686e22ecd0ab99cb4495c8.00001107.honggfuzz.cov new file mode 100644 index 00000000..148bcc3f Binary files /dev/null and b/examples/bind/corpus/00a1fdfcf3686e22ecd0ab99cb4495c8.00001107.honggfuzz.cov differ diff --git a/examples/bind/corpus/00c6602d60fe8da4594c750dfd2dbeec.00000400.honggfuzz.cov b/examples/bind/corpus/00c6602d60fe8da4594c750dfd2dbeec.00000400.honggfuzz.cov deleted file mode 100644 index a325378d..00000000 Binary files a/examples/bind/corpus/00c6602d60fe8da4594c750dfd2dbeec.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/00cf5c04078e1b783ea8c31a7236da05.00000085.honggfuzz.cov b/examples/bind/corpus/00cf5c04078e1b783ea8c31a7236da05.00000085.honggfuzz.cov new file mode 100644 index 00000000..00403c09 Binary files /dev/null and b/examples/bind/corpus/00cf5c04078e1b783ea8c31a7236da05.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/00dabb4f6a765a937721f5c30db906bf.0000002b.honggfuzz.cov b/examples/bind/corpus/00dabb4f6a765a937721f5c30db906bf.0000002b.honggfuzz.cov deleted file mode 100644 index 3060947d..00000000 Binary files a/examples/bind/corpus/00dabb4f6a765a937721f5c30db906bf.0000002b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/00f56cc3d80000009027f9000000d800.0000000b.honggfuzz.cov b/examples/bind/corpus/00f56cc3d80000009027f9000000d800.0000000b.honggfuzz.cov new file mode 100644 index 00000000..c0cf2da9 Binary files /dev/null and b/examples/bind/corpus/00f56cc3d80000009027f9000000d800.0000000b.honggfuzz.cov differ diff --git a/examples/bind/corpus/0105fbacae172dfeb1a273216d2284a9.00000085.honggfuzz.cov b/examples/bind/corpus/0105fbacae172dfeb1a273216d2284a9.00000085.honggfuzz.cov deleted file mode 100644 index 87dc1261..00000000 Binary files a/examples/bind/corpus/0105fbacae172dfeb1a273216d2284a9.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/012bfd44645573c0fcbbf0d631e53924.00001b19.honggfuzz.cov b/examples/bind/corpus/012bfd44645573c0fcbbf0d631e53924.00001b19.honggfuzz.cov deleted file mode 100644 index 56c861fc..00000000 Binary files a/examples/bind/corpus/012bfd44645573c0fcbbf0d631e53924.00001b19.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0145002696cf4e1c65835f267400011f.0000000f.honggfuzz.cov b/examples/bind/corpus/0145002696cf4e1c65835f267400011f.0000000f.honggfuzz.cov deleted file mode 100644 index 50b63e95..00000000 Binary files a/examples/bind/corpus/0145002696cf4e1c65835f267400011f.0000000f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/01485340feb13bc02306206c0411b006.0000000e.honggfuzz.cov b/examples/bind/corpus/01485340feb13bc02306206c0411b006.0000000e.honggfuzz.cov new file mode 100644 index 00000000..55f1f55c Binary files /dev/null and b/examples/bind/corpus/01485340feb13bc02306206c0411b006.0000000e.honggfuzz.cov differ diff --git a/examples/bind/corpus/016a65c28e6f56b44b36f6e4c25cc942.000000f9.honggfuzz.cov b/examples/bind/corpus/016a65c28e6f56b44b36f6e4c25cc942.000000f9.honggfuzz.cov deleted file mode 100644 index 98a4a2ac..00000000 Binary files a/examples/bind/corpus/016a65c28e6f56b44b36f6e4c25cc942.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0174222e635e85976000f50a80a5b309.00001586.honggfuzz.cov b/examples/bind/corpus/0174222e635e85976000f50a80a5b309.00001586.honggfuzz.cov deleted file mode 100644 index 1146853a..00000000 Binary files a/examples/bind/corpus/0174222e635e85976000f50a80a5b309.00001586.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0185ad61208b1b839c06102fddd6a552.00000085.honggfuzz.cov b/examples/bind/corpus/0185ad61208b1b839c06102fddd6a552.00000085.honggfuzz.cov deleted file mode 100644 index 7e3515a9..00000000 Binary files a/examples/bind/corpus/0185ad61208b1b839c06102fddd6a552.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/019ec271bdfaecf37de413ee13e0d3e9.00000085.honggfuzz.cov b/examples/bind/corpus/019ec271bdfaecf37de413ee13e0d3e9.00000085.honggfuzz.cov new file mode 100644 index 00000000..65a5f685 Binary files /dev/null and b/examples/bind/corpus/019ec271bdfaecf37de413ee13e0d3e9.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/01b0000194e0f4c000014584b05491b0.0000000a.honggfuzz.cov b/examples/bind/corpus/01b0000194e0f4c000014584b05491b0.0000000a.honggfuzz.cov new file mode 100644 index 00000000..2a588764 Binary files /dev/null and b/examples/bind/corpus/01b0000194e0f4c000014584b05491b0.0000000a.honggfuzz.cov differ diff --git a/examples/bind/corpus/01b0d88a32f5900065821af80001b000.00000006.honggfuzz.cov b/examples/bind/corpus/01b0d88a32f5900065821af80001b000.00000006.honggfuzz.cov deleted file mode 100644 index e05ba387..00000000 Binary files a/examples/bind/corpus/01b0d88a32f5900065821af80001b000.00000006.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/01f15bb45e19f3982569beb11d7ef40e.0000015c.honggfuzz.cov b/examples/bind/corpus/01f15bb45e19f3982569beb11d7ef40e.0000015c.honggfuzz.cov new file mode 100644 index 00000000..1ffec2a5 Binary files /dev/null and b/examples/bind/corpus/01f15bb45e19f3982569beb11d7ef40e.0000015c.honggfuzz.cov differ diff --git a/examples/bind/corpus/02276ef9b2f6411754a23e889b72d18a.00000085.honggfuzz.cov b/examples/bind/corpus/02276ef9b2f6411754a23e889b72d18a.00000085.honggfuzz.cov new file mode 100644 index 00000000..c9a77f86 Binary files /dev/null and b/examples/bind/corpus/02276ef9b2f6411754a23e889b72d18a.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/02276ef9b2fbc1178cafbe889b7f518f.00000085.honggfuzz.cov b/examples/bind/corpus/02276ef9b2fbc1178cafbe889b7f518f.00000085.honggfuzz.cov new file mode 100644 index 00000000..f3446d2c Binary files /dev/null and b/examples/bind/corpus/02276ef9b2fbc1178cafbe889b7f518f.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/0233512da6e187e776cf3e16db8d6331.00000085.honggfuzz.cov b/examples/bind/corpus/0233512da6e187e776cf3e16db8d6331.00000085.honggfuzz.cov new file mode 100644 index 00000000..d3f27296 Binary files /dev/null and b/examples/bind/corpus/0233512da6e187e776cf3e16db8d6331.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/02411752993e0b12b737b88d85db6de5.00000967.honggfuzz.cov b/examples/bind/corpus/02411752993e0b12b737b88d85db6de5.00000967.honggfuzz.cov deleted file mode 100644 index 8dcf9c66..00000000 Binary files a/examples/bind/corpus/02411752993e0b12b737b88d85db6de5.00000967.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0286da715da021d46db3bfa4cf0baa63.000003bd.honggfuzz.cov b/examples/bind/corpus/0286da715da021d46db3bfa4cf0baa63.000003bd.honggfuzz.cov new file mode 100644 index 00000000..c30427d9 Binary files /dev/null and b/examples/bind/corpus/0286da715da021d46db3bfa4cf0baa63.000003bd.honggfuzz.cov differ diff --git a/examples/bind/corpus/02ae81f0e22c782acc357c2e705e1f3d.000473b4.honggfuzz.cov b/examples/bind/corpus/02ae81f0e22c782acc357c2e705e1f3d.000473b4.honggfuzz.cov deleted file mode 100644 index e6e1576f..00000000 Binary files a/examples/bind/corpus/02ae81f0e22c782acc357c2e705e1f3d.000473b4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/031a4ad5078e1db8231fdf6b24e28b40.00000085.honggfuzz.cov b/examples/bind/corpus/031a4ad5078e1db8231fdf6b24e28b40.00000085.honggfuzz.cov deleted file mode 100644 index b33264b2..00000000 Binary files a/examples/bind/corpus/031a4ad5078e1db8231fdf6b24e28b40.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/031b5ac4078e1db83ea8c31a74f6da05.00000085.honggfuzz.cov b/examples/bind/corpus/031b5ac4078e1db83ea8c31a74f6da05.00000085.honggfuzz.cov deleted file mode 100644 index 47af39d6..00000000 Binary files a/examples/bind/corpus/031b5ac4078e1db83ea8c31a74f6da05.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/031f2a3cd68b3e540e65e4250b444c88.0000070e.honggfuzz.cov b/examples/bind/corpus/031f2a3cd68b3e540e65e4250b444c88.0000070e.honggfuzz.cov deleted file mode 100644 index 6869777a..00000000 Binary files a/examples/bind/corpus/031f2a3cd68b3e540e65e4250b444c88.0000070e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/032b3f29d3eb16fc50c5f5881f0008ac.0001eeea.honggfuzz.cov b/examples/bind/corpus/032b3f29d3eb16fc50c5f5881f0008ac.0001eeea.honggfuzz.cov deleted file mode 100644 index 6229edc9..00000000 Binary files a/examples/bind/corpus/032b3f29d3eb16fc50c5f5881f0008ac.0001eeea.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/03504e2bd2d3ad3913a1b4dbc1f6fbb6.00000085.honggfuzz.cov b/examples/bind/corpus/03504e2bd2d3ad3913a1b4dbc1f6fbb6.00000085.honggfuzz.cov deleted file mode 100644 index cc95cefc..00000000 Binary files a/examples/bind/corpus/03504e2bd2d3ad3913a1b4dbc1f6fbb6.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/036be44e1a651c6848c79513d1a84895.00000085.honggfuzz.cov b/examples/bind/corpus/036be44e1a651c6848c79513d1a84895.00000085.honggfuzz.cov new file mode 100644 index 00000000..9375c3a9 Binary files /dev/null and b/examples/bind/corpus/036be44e1a651c6848c79513d1a84895.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/039e8342ccc89fe80342aaa5c426e4d9.0001f7e8.honggfuzz.cov b/examples/bind/corpus/039e8342ccc89fe80342aaa5c426e4d9.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..07eb5196 Binary files /dev/null and b/examples/bind/corpus/039e8342ccc89fe80342aaa5c426e4d9.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/03a0add27499334b6b6452249a32abdb.000002ac.honggfuzz.cov b/examples/bind/corpus/03a0add27499334b6b6452249a32abdb.000002ac.honggfuzz.cov new file mode 100644 index 00000000..a824d67f Binary files /dev/null and b/examples/bind/corpus/03a0add27499334b6b6452249a32abdb.000002ac.honggfuzz.cov differ diff --git a/examples/bind/corpus/03fca16b5aaff09845842edcdca274a1.000014a0.honggfuzz.cov b/examples/bind/corpus/03fca16b5aaff09845842edcdca274a1.000014a0.honggfuzz.cov deleted file mode 100644 index 9731af22..00000000 Binary files a/examples/bind/corpus/03fca16b5aaff09845842edcdca274a1.000014a0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0439f3ebca033876eab4ef36125124f9.00018619.honggfuzz.cov b/examples/bind/corpus/0439f3ebca033876eab4ef36125124f9.00018619.honggfuzz.cov deleted file mode 100644 index 2b432312..00000000 Binary files a/examples/bind/corpus/0439f3ebca033876eab4ef36125124f9.00018619.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/044c9f680edfd8d47b4fae9cc8d69736.0001f52b.honggfuzz.cov b/examples/bind/corpus/044c9f680edfd8d47b4fae9cc8d69736.0001f52b.honggfuzz.cov deleted file mode 100644 index 24b36317..00000000 Binary files a/examples/bind/corpus/044c9f680edfd8d47b4fae9cc8d69736.0001f52b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/046b2d2afd14bc164b6359f3ef4dbb92.00000085.honggfuzz.cov b/examples/bind/corpus/046b2d2afd14bc164b6359f3ef4dbb92.00000085.honggfuzz.cov deleted file mode 100644 index 97e4d838..00000000 Binary files a/examples/bind/corpus/046b2d2afd14bc164b6359f3ef4dbb92.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/046e5ccad957c89db319d7344355b90b.00000085.honggfuzz.cov b/examples/bind/corpus/046e5ccad957c89db319d7344355b90b.00000085.honggfuzz.cov deleted file mode 100644 index 603257cf..00000000 Binary files a/examples/bind/corpus/046e5ccad957c89db319d7344355b90b.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0477b165c0dca41b363118a175bbee6b.00000085.honggfuzz.cov b/examples/bind/corpus/0477b165c0dca41b363118a175bbee6b.00000085.honggfuzz.cov new file mode 100644 index 00000000..1953ec0d Binary files /dev/null and b/examples/bind/corpus/0477b165c0dca41b363118a175bbee6b.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/0484b182c2d174c9ea853a04e9f7fa5d.000004ee.honggfuzz.cov b/examples/bind/corpus/0484b182c2d174c9ea853a04e9f7fa5d.000004ee.honggfuzz.cov deleted file mode 100644 index 148e2c7f..00000000 Binary files a/examples/bind/corpus/0484b182c2d174c9ea853a04e9f7fa5d.000004ee.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0491107018be60f2dc941ca56a90ab06.000000c7.honggfuzz.cov b/examples/bind/corpus/0491107018be60f2dc941ca56a90ab06.000000c7.honggfuzz.cov deleted file mode 100644 index 65defc9d..00000000 Binary files a/examples/bind/corpus/0491107018be60f2dc941ca56a90ab06.000000c7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/04e3ff7364e96506c14c9950f7563f2b.00000ce3.honggfuzz.cov b/examples/bind/corpus/04e3ff7364e96506c14c9950f7563f2b.00000ce3.honggfuzz.cov deleted file mode 100644 index 2ca633dd..00000000 Binary files a/examples/bind/corpus/04e3ff7364e96506c14c9950f7563f2b.00000ce3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/04eaae12ceb9ca0a2d86ffe5fef22d22.00000086.honggfuzz.cov b/examples/bind/corpus/04eaae12ceb9ca0a2d86ffe5fef22d22.00000086.honggfuzz.cov deleted file mode 100644 index 79a3ac20..00000000 Binary files a/examples/bind/corpus/04eaae12ceb9ca0a2d86ffe5fef22d22.00000086.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/04fdd0ad7ab47e95a010e26d0057293a.00020000.honggfuzz.cov b/examples/bind/corpus/04fdd0ad7ab47e95a010e26d0057293a.00020000.honggfuzz.cov deleted file mode 100644 index b15d33af..00000000 Binary files a/examples/bind/corpus/04fdd0ad7ab47e95a010e26d0057293a.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/051ca3e63a219bbc88e2ed9143b8bf3a.0000004e.honggfuzz.cov b/examples/bind/corpus/051ca3e63a219bbc88e2ed9143b8bf3a.0000004e.honggfuzz.cov deleted file mode 100644 index f53db90b..00000000 Binary files a/examples/bind/corpus/051ca3e63a219bbc88e2ed9143b8bf3a.0000004e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/05304b960798cb314372535218f97e02.00000041.honggfuzz.cov b/examples/bind/corpus/05304b960798cb314372535218f97e02.00000041.honggfuzz.cov deleted file mode 100644 index 762145da..00000000 Binary files a/examples/bind/corpus/05304b960798cb314372535218f97e02.00000041.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/05390c4017721cb60db16647d8ecd5ec.000190ff.honggfuzz.cov b/examples/bind/corpus/05390c4017721cb60db16647d8ecd5ec.000190ff.honggfuzz.cov deleted file mode 100644 index 4cfbfe77..00000000 Binary files a/examples/bind/corpus/05390c4017721cb60db16647d8ecd5ec.000190ff.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/054f0591f1a6509f250b8c5986005346.00000ee1.honggfuzz.cov b/examples/bind/corpus/054f0591f1a6509f250b8c5986005346.00000ee1.honggfuzz.cov new file mode 100644 index 00000000..118ecc0e Binary files /dev/null and b/examples/bind/corpus/054f0591f1a6509f250b8c5986005346.00000ee1.honggfuzz.cov differ diff --git a/examples/bind/corpus/05657dd5c6e8d886cb500c2546a1f86c.00000037.honggfuzz.cov b/examples/bind/corpus/05657dd5c6e8d886cb500c2546a1f86c.00000037.honggfuzz.cov new file mode 100644 index 00000000..30a33934 Binary files /dev/null and b/examples/bind/corpus/05657dd5c6e8d886cb500c2546a1f86c.00000037.honggfuzz.cov differ diff --git a/examples/bind/corpus/0594b30762d0a2641fa398062e9945cf.000002c2.honggfuzz.cov b/examples/bind/corpus/0594b30762d0a2641fa398062e9945cf.000002c2.honggfuzz.cov new file mode 100644 index 00000000..4ee6b98f Binary files /dev/null and b/examples/bind/corpus/0594b30762d0a2641fa398062e9945cf.000002c2.honggfuzz.cov differ diff --git a/examples/bind/corpus/05a38663f9db591fdead41e0d829b949.00000097.honggfuzz.cov b/examples/bind/corpus/05a38663f9db591fdead41e0d829b949.00000097.honggfuzz.cov deleted file mode 100644 index a1b2ea86..00000000 Binary files a/examples/bind/corpus/05a38663f9db591fdead41e0d829b949.00000097.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/05ef1c69711d9b662470d4e606dac682.00000090.honggfuzz.cov b/examples/bind/corpus/05ef1c69711d9b662470d4e606dac682.00000090.honggfuzz.cov new file mode 100644 index 00000000..7a631551 Binary files /dev/null and b/examples/bind/corpus/05ef1c69711d9b662470d4e606dac682.00000090.honggfuzz.cov differ diff --git a/examples/bind/corpus/05f233968370f70a91e192ae77cdc0e7.00000400.honggfuzz.cov b/examples/bind/corpus/05f233968370f70a91e192ae77cdc0e7.00000400.honggfuzz.cov deleted file mode 100644 index bd44ee5f..00000000 Binary files a/examples/bind/corpus/05f233968370f70a91e192ae77cdc0e7.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/05f3684977aad8f8131f5e163a5934e4.00000314.honggfuzz.cov b/examples/bind/corpus/05f3684977aad8f8131f5e163a5934e4.00000314.honggfuzz.cov new file mode 100644 index 00000000..6a842dfe Binary files /dev/null and b/examples/bind/corpus/05f3684977aad8f8131f5e163a5934e4.00000314.honggfuzz.cov differ diff --git a/examples/bind/corpus/060f93b08ade3ee505288479ef463100.000008c6.honggfuzz.cov b/examples/bind/corpus/060f93b08ade3ee505288479ef463100.000008c6.honggfuzz.cov new file mode 100644 index 00000000..7f24bc43 Binary files /dev/null and b/examples/bind/corpus/060f93b08ade3ee505288479ef463100.000008c6.honggfuzz.cov differ diff --git a/examples/bind/corpus/0629416d9af2c3a195b635b27bec6550.00000085.honggfuzz.cov b/examples/bind/corpus/0629416d9af2c3a195b635b27bec6550.00000085.honggfuzz.cov deleted file mode 100644 index 80d76747..00000000 Binary files a/examples/bind/corpus/0629416d9af2c3a195b635b27bec6550.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0642820d2c9dd04e41f94e26cf1f1cb9.0000077b.honggfuzz.cov b/examples/bind/corpus/0642820d2c9dd04e41f94e26cf1f1cb9.0000077b.honggfuzz.cov new file mode 100644 index 00000000..b7d73894 Binary files /dev/null and b/examples/bind/corpus/0642820d2c9dd04e41f94e26cf1f1cb9.0000077b.honggfuzz.cov differ diff --git a/examples/bind/corpus/064fe37f7bba2c807a91825d12f6c94a.00000080.honggfuzz.cov b/examples/bind/corpus/064fe37f7bba2c807a91825d12f6c94a.00000080.honggfuzz.cov deleted file mode 100644 index e47c9e08..00000000 Binary files a/examples/bind/corpus/064fe37f7bba2c807a91825d12f6c94a.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/06a3b684ac3d708fd211cbfec6f95c01.000000c7.honggfuzz.cov b/examples/bind/corpus/06a3b684ac3d708fd211cbfec6f95c01.000000c7.honggfuzz.cov new file mode 100644 index 00000000..9981c1a7 Binary files /dev/null and b/examples/bind/corpus/06a3b684ac3d708fd211cbfec6f95c01.000000c7.honggfuzz.cov differ diff --git a/examples/bind/corpus/06b99f99703e630f1f83e4b25db29e4e.00000048.honggfuzz.cov b/examples/bind/corpus/06b99f99703e630f1f83e4b25db29e4e.00000048.honggfuzz.cov new file mode 100644 index 00000000..d62f2773 Binary files /dev/null and b/examples/bind/corpus/06b99f99703e630f1f83e4b25db29e4e.00000048.honggfuzz.cov differ diff --git a/examples/bind/corpus/06e1fab65f8910c3dce7b510cf0b214c.0000002f.honggfuzz.cov b/examples/bind/corpus/06e1fab65f8910c3dce7b510cf0b214c.0000002f.honggfuzz.cov deleted file mode 100644 index 9ce37a23..00000000 Binary files a/examples/bind/corpus/06e1fab65f8910c3dce7b510cf0b214c.0000002f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/07405aa278de8d4e52548fb115426371.00000085.honggfuzz.cov b/examples/bind/corpus/07405aa278de8d4e52548fb115426371.00000085.honggfuzz.cov deleted file mode 100644 index 5b666864..00000000 Binary files a/examples/bind/corpus/07405aa278de8d4e52548fb115426371.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0758a302d8d606a40b464af7806e4e1d.0001b92d.honggfuzz.cov b/examples/bind/corpus/0758a302d8d606a40b464af7806e4e1d.0001b92d.honggfuzz.cov deleted file mode 100644 index 696fe960..00000000 Binary files a/examples/bind/corpus/0758a302d8d606a40b464af7806e4e1d.0001b92d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0768c0663854da37c9af0d681ed4f5d6.00000085.honggfuzz.cov b/examples/bind/corpus/0768c0663854da37c9af0d681ed4f5d6.00000085.honggfuzz.cov deleted file mode 100644 index db22a3ac..00000000 Binary files a/examples/bind/corpus/0768c0663854da37c9af0d681ed4f5d6.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0773ae3737a346d4664c1c82b23420cf.0000005e.honggfuzz.cov b/examples/bind/corpus/0773ae3737a346d4664c1c82b23420cf.0000005e.honggfuzz.cov deleted file mode 100644 index dac29415..00000000 Binary files a/examples/bind/corpus/0773ae3737a346d4664c1c82b23420cf.0000005e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/077cce50c7979ca44564775b6d3175fb.00000062.honggfuzz.cov b/examples/bind/corpus/077cce50c7979ca44564775b6d3175fb.00000062.honggfuzz.cov new file mode 100644 index 00000000..19c17e44 Binary files /dev/null and b/examples/bind/corpus/077cce50c7979ca44564775b6d3175fb.00000062.honggfuzz.cov differ diff --git a/examples/bind/corpus/07ae3b524b024885cbab5cf7f18bc267.00002165.honggfuzz.cov b/examples/bind/corpus/07ae3b524b024885cbab5cf7f18bc267.00002165.honggfuzz.cov new file mode 100644 index 00000000..1a60260f Binary files /dev/null and b/examples/bind/corpus/07ae3b524b024885cbab5cf7f18bc267.00002165.honggfuzz.cov differ diff --git a/examples/bind/corpus/07c17c44b7760947006d2667ced9adb4.00000085.honggfuzz.cov b/examples/bind/corpus/07c17c44b7760947006d2667ced9adb4.00000085.honggfuzz.cov deleted file mode 100644 index f650d90e..00000000 Binary files a/examples/bind/corpus/07c17c44b7760947006d2667ced9adb4.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/07f44f19626bc2b2f60e9d7a1f54bb5b.000000c7.honggfuzz.cov b/examples/bind/corpus/07f44f19626bc2b2f60e9d7a1f54bb5b.000000c7.honggfuzz.cov new file mode 100644 index 00000000..ffeb6b12 Binary files /dev/null and b/examples/bind/corpus/07f44f19626bc2b2f60e9d7a1f54bb5b.000000c7.honggfuzz.cov differ diff --git a/examples/bind/corpus/07f72011fba935cb3df86f3bfc57cc49.000002a9.honggfuzz.cov b/examples/bind/corpus/07f72011fba935cb3df86f3bfc57cc49.000002a9.honggfuzz.cov deleted file mode 100644 index f7507682..00000000 Binary files a/examples/bind/corpus/07f72011fba935cb3df86f3bfc57cc49.000002a9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/08371c39ecdcb2f170d4bc71cc13fa3f.000001e0.honggfuzz.cov b/examples/bind/corpus/08371c39ecdcb2f170d4bc71cc13fa3f.000001e0.honggfuzz.cov new file mode 100644 index 00000000..4462bd7e Binary files /dev/null and b/examples/bind/corpus/08371c39ecdcb2f170d4bc71cc13fa3f.000001e0.honggfuzz.cov differ diff --git a/examples/bind/corpus/08498e8fa663cdbc7f6e89b804f72e2b.00000038.honggfuzz.cov b/examples/bind/corpus/08498e8fa663cdbc7f6e89b804f72e2b.00000038.honggfuzz.cov new file mode 100644 index 00000000..632baa63 Binary files /dev/null and b/examples/bind/corpus/08498e8fa663cdbc7f6e89b804f72e2b.00000038.honggfuzz.cov differ diff --git a/examples/bind/corpus/085665123029ec38afd5d8a1066ccc9b.00002de2.honggfuzz.cov b/examples/bind/corpus/085665123029ec38afd5d8a1066ccc9b.00002de2.honggfuzz.cov new file mode 100644 index 00000000..06bb9561 Binary files /dev/null and b/examples/bind/corpus/085665123029ec38afd5d8a1066ccc9b.00002de2.honggfuzz.cov differ diff --git a/examples/bind/corpus/08634ff71ec88f7548b08747828b4475.00000295.honggfuzz.cov b/examples/bind/corpus/08634ff71ec88f7548b08747828b4475.00000295.honggfuzz.cov new file mode 100644 index 00000000..3422d5b4 Binary files /dev/null and b/examples/bind/corpus/08634ff71ec88f7548b08747828b4475.00000295.honggfuzz.cov differ diff --git a/examples/bind/corpus/0873d780bc7692fecaeed453421fc897.000007b4.honggfuzz.cov b/examples/bind/corpus/0873d780bc7692fecaeed453421fc897.000007b4.honggfuzz.cov new file mode 100644 index 00000000..9ee861b5 Binary files /dev/null and b/examples/bind/corpus/0873d780bc7692fecaeed453421fc897.000007b4.honggfuzz.cov differ diff --git a/examples/bind/corpus/088d326b47b25cfe99b1f3c8eff19b48.0000010f.honggfuzz.cov b/examples/bind/corpus/088d326b47b25cfe99b1f3c8eff19b48.0000010f.honggfuzz.cov new file mode 100644 index 00000000..8d34da21 Binary files /dev/null and b/examples/bind/corpus/088d326b47b25cfe99b1f3c8eff19b48.0000010f.honggfuzz.cov differ diff --git a/examples/bind/corpus/088fe11b508095c021ce89b9d038ece7.00000040.honggfuzz.cov b/examples/bind/corpus/088fe11b508095c021ce89b9d038ece7.00000040.honggfuzz.cov new file mode 100644 index 00000000..9cf563d8 Binary files /dev/null and b/examples/bind/corpus/088fe11b508095c021ce89b9d038ece7.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/0896dd6cc0f9d7e04527ab93bbf654fa.00000034.honggfuzz.cov b/examples/bind/corpus/0896dd6cc0f9d7e04527ab93bbf654fa.00000034.honggfuzz.cov deleted file mode 100644 index b8f5e56e..00000000 Binary files a/examples/bind/corpus/0896dd6cc0f9d7e04527ab93bbf654fa.00000034.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/08a1f0bc0d813f4bd85fcb92c92e1319.0000003e.honggfuzz.cov b/examples/bind/corpus/08a1f0bc0d813f4bd85fcb92c92e1319.0000003e.honggfuzz.cov deleted file mode 100644 index 3c33ded8..00000000 Binary files a/examples/bind/corpus/08a1f0bc0d813f4bd85fcb92c92e1319.0000003e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/08a6929fac9194f6795c4b38c3cfd9d1.000093e3.honggfuzz.cov b/examples/bind/corpus/08a6929fac9194f6795c4b38c3cfd9d1.000093e3.honggfuzz.cov deleted file mode 100644 index a53beebc..00000000 Binary files a/examples/bind/corpus/08a6929fac9194f6795c4b38c3cfd9d1.000093e3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/08b3951c43a52d111538529ae08c7975.000713ab.honggfuzz.cov b/examples/bind/corpus/08b3951c43a52d111538529ae08c7975.000713ab.honggfuzz.cov deleted file mode 100644 index 1f0bc919..00000000 Binary files a/examples/bind/corpus/08b3951c43a52d111538529ae08c7975.000713ab.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/08f5a0893201b7598e57b83827589091.000016dc.honggfuzz.cov b/examples/bind/corpus/08f5a0893201b7598e57b83827589091.000016dc.honggfuzz.cov deleted file mode 100644 index 054d6682..00000000 Binary files a/examples/bind/corpus/08f5a0893201b7598e57b83827589091.000016dc.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/092b8a5a996ca1d7e76e48c73a69a2be.00000119.honggfuzz.cov b/examples/bind/corpus/092b8a5a996ca1d7e76e48c73a69a2be.00000119.honggfuzz.cov deleted file mode 100644 index 471726e8..00000000 Binary files a/examples/bind/corpus/092b8a5a996ca1d7e76e48c73a69a2be.00000119.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0931ac2ae90b098a8269288a30bec312.000002e5.honggfuzz.cov b/examples/bind/corpus/0931ac2ae90b098a8269288a30bec312.000002e5.honggfuzz.cov new file mode 100644 index 00000000..bb66cd0a Binary files /dev/null and b/examples/bind/corpus/0931ac2ae90b098a8269288a30bec312.000002e5.honggfuzz.cov differ diff --git a/examples/bind/corpus/093dab3424bccff1a2c6a944ae189ab9.00000080.honggfuzz.cov b/examples/bind/corpus/093dab3424bccff1a2c6a944ae189ab9.00000080.honggfuzz.cov new file mode 100644 index 00000000..320ebef3 Binary files /dev/null and b/examples/bind/corpus/093dab3424bccff1a2c6a944ae189ab9.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/09577dd67e73bc1f11bbdf993fd73ae4.00000a66.honggfuzz.cov b/examples/bind/corpus/09577dd67e73bc1f11bbdf993fd73ae4.00000a66.honggfuzz.cov new file mode 100644 index 00000000..f5761bf4 Binary files /dev/null and b/examples/bind/corpus/09577dd67e73bc1f11bbdf993fd73ae4.00000a66.honggfuzz.cov differ diff --git a/examples/bind/corpus/099e49220e657d044b75a1fe8290ac9d.00000085.honggfuzz.cov b/examples/bind/corpus/099e49220e657d044b75a1fe8290ac9d.00000085.honggfuzz.cov new file mode 100644 index 00000000..08abdb80 Binary files /dev/null and b/examples/bind/corpus/099e49220e657d044b75a1fe8290ac9d.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/09a96dd73191f9e1c5a8da459f621d2c.0007791c.honggfuzz.cov b/examples/bind/corpus/09a96dd73191f9e1c5a8da459f621d2c.0007791c.honggfuzz.cov deleted file mode 100644 index 5151ead4..00000000 Binary files a/examples/bind/corpus/09a96dd73191f9e1c5a8da459f621d2c.0007791c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/09e7e50bd1ca5a459850a0a8cbf32d9e.00000106.honggfuzz.cov b/examples/bind/corpus/09e7e50bd1ca5a459850a0a8cbf32d9e.00000106.honggfuzz.cov deleted file mode 100644 index ba74b3fc..00000000 Binary files a/examples/bind/corpus/09e7e50bd1ca5a459850a0a8cbf32d9e.00000106.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0a0070379e90a67fc808678bf3c37e62.000000ea.honggfuzz.cov b/examples/bind/corpus/0a0070379e90a67fc808678bf3c37e62.000000ea.honggfuzz.cov new file mode 100644 index 00000000..1a788652 Binary files /dev/null and b/examples/bind/corpus/0a0070379e90a67fc808678bf3c37e62.000000ea.honggfuzz.cov differ diff --git a/examples/bind/corpus/0a04daffa299b9a21592f186301f4a67.00000565.honggfuzz.cov b/examples/bind/corpus/0a04daffa299b9a21592f186301f4a67.00000565.honggfuzz.cov deleted file mode 100644 index b45a35fc..00000000 Binary files a/examples/bind/corpus/0a04daffa299b9a21592f186301f4a67.00000565.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0a12f5412fae03be9dad27588404dcc5.0000078f.honggfuzz.cov b/examples/bind/corpus/0a12f5412fae03be9dad27588404dcc5.0000078f.honggfuzz.cov new file mode 100644 index 00000000..5f345c41 Binary files /dev/null and b/examples/bind/corpus/0a12f5412fae03be9dad27588404dcc5.0000078f.honggfuzz.cov differ diff --git a/examples/bind/corpus/0a2ec7a27dd217d1d0c65db6690d2f22.0000f931.honggfuzz.cov b/examples/bind/corpus/0a2ec7a27dd217d1d0c65db6690d2f22.0000f931.honggfuzz.cov deleted file mode 100644 index 7961c68c..00000000 Binary files a/examples/bind/corpus/0a2ec7a27dd217d1d0c65db6690d2f22.0000f931.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0a4e3fddddab425f2d24cc1996fe057b.00000094.honggfuzz.cov b/examples/bind/corpus/0a4e3fddddab425f2d24cc1996fe057b.00000094.honggfuzz.cov deleted file mode 100644 index 889582dd..00000000 Binary files a/examples/bind/corpus/0a4e3fddddab425f2d24cc1996fe057b.00000094.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0a8002924f03522baaed2de00b58ddeb.00016ced.honggfuzz.cov b/examples/bind/corpus/0a8002924f03522baaed2de00b58ddeb.00016ced.honggfuzz.cov deleted file mode 100644 index b385a45d..00000000 Binary files a/examples/bind/corpus/0a8002924f03522baaed2de00b58ddeb.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0a89ef3f73c17f47e05b09d6606c98a7.00000051.honggfuzz.cov b/examples/bind/corpus/0a89ef3f73c17f47e05b09d6606c98a7.00000051.honggfuzz.cov new file mode 100644 index 00000000..112a175b Binary files /dev/null and b/examples/bind/corpus/0a89ef3f73c17f47e05b09d6606c98a7.00000051.honggfuzz.cov differ diff --git a/examples/bind/corpus/0a8a56cf4e1c01b065835ff80d80011f.0000000d.honggfuzz.cov b/examples/bind/corpus/0a8a56cf4e1c01b065835ff80d80011f.0000000d.honggfuzz.cov deleted file mode 100644 index 32462a18..00000000 Binary files a/examples/bind/corpus/0a8a56cf4e1c01b065835ff80d80011f.0000000d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0a995b3ccb7005ee144a5af6e188d3c9.00000085.honggfuzz.cov b/examples/bind/corpus/0a995b3ccb7005ee144a5af6e188d3c9.00000085.honggfuzz.cov deleted file mode 100644 index 979c5862..00000000 Binary files a/examples/bind/corpus/0a995b3ccb7005ee144a5af6e188d3c9.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0afbeede2b76610be79ff89ebd0877eb.000101d0.honggfuzz.cov b/examples/bind/corpus/0afbeede2b76610be79ff89ebd0877eb.000101d0.honggfuzz.cov new file mode 100644 index 00000000..1a7cbfa2 Binary files /dev/null and b/examples/bind/corpus/0afbeede2b76610be79ff89ebd0877eb.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/0b00df52b41ed824b945fd817ecb9278.00000085.honggfuzz.cov b/examples/bind/corpus/0b00df52b41ed824b945fd817ecb9278.00000085.honggfuzz.cov deleted file mode 100644 index 44a356f6..00000000 Binary files a/examples/bind/corpus/0b00df52b41ed824b945fd817ecb9278.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0b2489f1d0afe5ce752cb9a426ca9682.000011b3.honggfuzz.cov b/examples/bind/corpus/0b2489f1d0afe5ce752cb9a426ca9682.000011b3.honggfuzz.cov deleted file mode 100644 index 3867dd48..00000000 Binary files a/examples/bind/corpus/0b2489f1d0afe5ce752cb9a426ca9682.000011b3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0b2e570d2cd92d887504b2b7229e6cc8.0000014e.honggfuzz.cov b/examples/bind/corpus/0b2e570d2cd92d887504b2b7229e6cc8.0000014e.honggfuzz.cov deleted file mode 100644 index 31d2da55..00000000 Binary files a/examples/bind/corpus/0b2e570d2cd92d887504b2b7229e6cc8.0000014e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0b3a1b4242b748bf7302f25d9a77f172.00000167.honggfuzz.cov b/examples/bind/corpus/0b3a1b4242b748bf7302f25d9a77f172.00000167.honggfuzz.cov new file mode 100644 index 00000000..e0264347 Binary files /dev/null and b/examples/bind/corpus/0b3a1b4242b748bf7302f25d9a77f172.00000167.honggfuzz.cov differ diff --git a/examples/bind/corpus/0b621a3ef32b7e8afbeded2a0b2676df.000000f9.honggfuzz.cov b/examples/bind/corpus/0b621a3ef32b7e8afbeded2a0b2676df.000000f9.honggfuzz.cov deleted file mode 100644 index 39434290..00000000 Binary files a/examples/bind/corpus/0b621a3ef32b7e8afbeded2a0b2676df.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0b6ca9fec2927dcffe007e514c24465c.00000085.honggfuzz.cov b/examples/bind/corpus/0b6ca9fec2927dcffe007e514c24465c.00000085.honggfuzz.cov deleted file mode 100644 index 9235347a..00000000 Binary files a/examples/bind/corpus/0b6ca9fec2927dcffe007e514c24465c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0b6da72ac769556b92dbdf7e232a43a6.00000bb8.honggfuzz.cov b/examples/bind/corpus/0b6da72ac769556b92dbdf7e232a43a6.00000bb8.honggfuzz.cov new file mode 100644 index 00000000..d9392ff9 Binary files /dev/null and b/examples/bind/corpus/0b6da72ac769556b92dbdf7e232a43a6.00000bb8.honggfuzz.cov differ diff --git a/examples/bind/corpus/0bd3dacbed2ff3ba228484485a84ded8.00001c73.honggfuzz.cov b/examples/bind/corpus/0bd3dacbed2ff3ba228484485a84ded8.00001c73.honggfuzz.cov deleted file mode 100644 index d0579b80..00000000 Binary files a/examples/bind/corpus/0bd3dacbed2ff3ba228484485a84ded8.00001c73.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0c05dacea2443a91924b5546df865acf.00000085.honggfuzz.cov b/examples/bind/corpus/0c05dacea2443a91924b5546df865acf.00000085.honggfuzz.cov deleted file mode 100644 index 8490abdc..00000000 Binary files a/examples/bind/corpus/0c05dacea2443a91924b5546df865acf.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0c1901fe57315e49ea7f3222eab4b6d3.00000bca.honggfuzz.cov b/examples/bind/corpus/0c1901fe57315e49ea7f3222eab4b6d3.00000bca.honggfuzz.cov deleted file mode 100644 index 72b9e049..00000000 Binary files a/examples/bind/corpus/0c1901fe57315e49ea7f3222eab4b6d3.00000bca.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0c23cb482323a79fd548ceca1b5fbff7.000000bd.honggfuzz.cov b/examples/bind/corpus/0c23cb482323a79fd548ceca1b5fbff7.000000bd.honggfuzz.cov deleted file mode 100644 index 7cc10544..00000000 Binary files a/examples/bind/corpus/0c23cb482323a79fd548ceca1b5fbff7.000000bd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0c460fb5a14f4fdbb9e67e5ac2eb7675.0001153e.honggfuzz.cov b/examples/bind/corpus/0c460fb5a14f4fdbb9e67e5ac2eb7675.0001153e.honggfuzz.cov new file mode 100644 index 00000000..620474b1 Binary files /dev/null and b/examples/bind/corpus/0c460fb5a14f4fdbb9e67e5ac2eb7675.0001153e.honggfuzz.cov differ diff --git a/examples/bind/corpus/0c4d0f8deb5941f51a670a04bf87e88e.00000351.honggfuzz.cov b/examples/bind/corpus/0c4d0f8deb5941f51a670a04bf87e88e.00000351.honggfuzz.cov deleted file mode 100644 index 3e4ccccb..00000000 Binary files a/examples/bind/corpus/0c4d0f8deb5941f51a670a04bf87e88e.00000351.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0c5d76506f02a926ab0df0b296561fff.00008b64.honggfuzz.cov b/examples/bind/corpus/0c5d76506f02a926ab0df0b296561fff.00008b64.honggfuzz.cov new file mode 100644 index 00000000..46883d4d Binary files /dev/null and b/examples/bind/corpus/0c5d76506f02a926ab0df0b296561fff.00008b64.honggfuzz.cov differ diff --git a/examples/bind/corpus/0c684e5bc63de7a5dcdb9abd5609d645.00000400.honggfuzz.cov b/examples/bind/corpus/0c684e5bc63de7a5dcdb9abd5609d645.00000400.honggfuzz.cov deleted file mode 100644 index 548b1783..00000000 Binary files a/examples/bind/corpus/0c684e5bc63de7a5dcdb9abd5609d645.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0c869db6879c6642cd694bb3372ab42b.000003f5.honggfuzz.cov b/examples/bind/corpus/0c869db6879c6642cd694bb3372ab42b.000003f5.honggfuzz.cov new file mode 100644 index 00000000..daf5e326 Binary files /dev/null and b/examples/bind/corpus/0c869db6879c6642cd694bb3372ab42b.000003f5.honggfuzz.cov differ diff --git a/examples/bind/corpus/0c8e8d1b845d598f043bb6f88ca74757.0000018c.honggfuzz.cov b/examples/bind/corpus/0c8e8d1b845d598f043bb6f88ca74757.0000018c.honggfuzz.cov new file mode 100644 index 00000000..abcf77b4 Binary files /dev/null and b/examples/bind/corpus/0c8e8d1b845d598f043bb6f88ca74757.0000018c.honggfuzz.cov differ diff --git a/examples/bind/corpus/0ca49a4f7266fd4e4970ee8c0f23d1f0.00000080.honggfuzz.cov b/examples/bind/corpus/0ca49a4f7266fd4e4970ee8c0f23d1f0.00000080.honggfuzz.cov new file mode 100644 index 00000000..ba2ffb36 Binary files /dev/null and b/examples/bind/corpus/0ca49a4f7266fd4e4970ee8c0f23d1f0.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/0ca79f47c42c1a7289aac0cc2a1c7ec8.000000f9.honggfuzz.cov b/examples/bind/corpus/0ca79f47c42c1a7289aac0cc2a1c7ec8.000000f9.honggfuzz.cov deleted file mode 100644 index 73cf3d2b..00000000 Binary files a/examples/bind/corpus/0ca79f47c42c1a7289aac0cc2a1c7ec8.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0caa78ad43bd22f6da2599ce5ad875a3.000000f9.honggfuzz.cov b/examples/bind/corpus/0caa78ad43bd22f6da2599ce5ad875a3.000000f9.honggfuzz.cov deleted file mode 100644 index bf02e6c8..00000000 Binary files a/examples/bind/corpus/0caa78ad43bd22f6da2599ce5ad875a3.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0cb150e8f003084dabaad5d333cb66b3.000101d0.honggfuzz.cov b/examples/bind/corpus/0cb150e8f003084dabaad5d333cb66b3.000101d0.honggfuzz.cov new file mode 100644 index 00000000..c31dff19 Binary files /dev/null and b/examples/bind/corpus/0cb150e8f003084dabaad5d333cb66b3.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/0cc21f34be053024cedc283c9dfebf6a.00000085.honggfuzz.cov b/examples/bind/corpus/0cc21f34be053024cedc283c9dfebf6a.00000085.honggfuzz.cov deleted file mode 100644 index 6f6b7c7f..00000000 Binary files a/examples/bind/corpus/0cc21f34be053024cedc283c9dfebf6a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0cc85eaf5cec582b081c8370703fda6e.00006828.honggfuzz.cov b/examples/bind/corpus/0cc85eaf5cec582b081c8370703fda6e.00006828.honggfuzz.cov deleted file mode 100644 index 11305e42..00000000 Binary files a/examples/bind/corpus/0cc85eaf5cec582b081c8370703fda6e.00006828.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0ce49d08fb8b47ef8007696e3e415fd8.00000033.honggfuzz.cov b/examples/bind/corpus/0ce49d08fb8b47ef8007696e3e415fd8.00000033.honggfuzz.cov new file mode 100644 index 00000000..2dad5d72 Binary files /dev/null and b/examples/bind/corpus/0ce49d08fb8b47ef8007696e3e415fd8.00000033.honggfuzz.cov differ diff --git a/examples/bind/corpus/0d45d9addb4fe4d4b7ab861ceee08654.00002000.honggfuzz.cov b/examples/bind/corpus/0d45d9addb4fe4d4b7ab861ceee08654.00002000.honggfuzz.cov new file mode 100644 index 00000000..46635e0a Binary files /dev/null and b/examples/bind/corpus/0d45d9addb4fe4d4b7ab861ceee08654.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/0d4c1016dab5139842d3ca47caacf98d.0000008f.honggfuzz.cov b/examples/bind/corpus/0d4c1016dab5139842d3ca47caacf98d.0000008f.honggfuzz.cov deleted file mode 100644 index 81d77812..00000000 Binary files a/examples/bind/corpus/0d4c1016dab5139842d3ca47caacf98d.0000008f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0d635bbe823b24cb032d3dccc405f827.00000110.honggfuzz.cov b/examples/bind/corpus/0d635bbe823b24cb032d3dccc405f827.00000110.honggfuzz.cov deleted file mode 100644 index 5cc3c061..00000000 Binary files a/examples/bind/corpus/0d635bbe823b24cb032d3dccc405f827.00000110.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0d6dd8c7b773f0d7b396b2a368243a11.000000b0.honggfuzz.cov b/examples/bind/corpus/0d6dd8c7b773f0d7b396b2a368243a11.000000b0.honggfuzz.cov deleted file mode 100644 index 381b0fa3..00000000 Binary files a/examples/bind/corpus/0d6dd8c7b773f0d7b396b2a368243a11.000000b0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0da385bf51ab1e297b55ef262cdb0a0f.00003422.honggfuzz.cov b/examples/bind/corpus/0da385bf51ab1e297b55ef262cdb0a0f.00003422.honggfuzz.cov new file mode 100644 index 00000000..ecfd0b09 Binary files /dev/null and b/examples/bind/corpus/0da385bf51ab1e297b55ef262cdb0a0f.00003422.honggfuzz.cov differ diff --git a/examples/bind/corpus/0dae96a1216c461700a302854d0a2c15.00019747.honggfuzz.cov b/examples/bind/corpus/0dae96a1216c461700a302854d0a2c15.00019747.honggfuzz.cov deleted file mode 100644 index 0a2bb7a1..00000000 Binary files a/examples/bind/corpus/0dae96a1216c461700a302854d0a2c15.00019747.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0daf52c049333bb3666068b59ae387de.00000085.honggfuzz.cov b/examples/bind/corpus/0daf52c049333bb3666068b59ae387de.00000085.honggfuzz.cov deleted file mode 100644 index 3d3bc9bc..00000000 Binary files a/examples/bind/corpus/0daf52c049333bb3666068b59ae387de.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0dc4dfded76df1b753bf1f5f0bc14ff9.00000085.honggfuzz.cov b/examples/bind/corpus/0dc4dfded76df1b753bf1f5f0bc14ff9.00000085.honggfuzz.cov deleted file mode 100644 index c02fe17a..00000000 Binary files a/examples/bind/corpus/0dc4dfded76df1b753bf1f5f0bc14ff9.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0df8ce84b34840f138195bc73c716576.00000400.honggfuzz.cov b/examples/bind/corpus/0df8ce84b34840f138195bc73c716576.00000400.honggfuzz.cov deleted file mode 100644 index d3b4811c..00000000 Binary files a/examples/bind/corpus/0df8ce84b34840f138195bc73c716576.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0e0683884b58b552aa17b6500d15be38.00000032.honggfuzz.cov b/examples/bind/corpus/0e0683884b58b552aa17b6500d15be38.00000032.honggfuzz.cov new file mode 100644 index 00000000..3eaf91ca Binary files /dev/null and b/examples/bind/corpus/0e0683884b58b552aa17b6500d15be38.00000032.honggfuzz.cov differ diff --git a/examples/bind/corpus/0e165dcef75c57d54fc223ac76430bd7.00000400.honggfuzz.cov b/examples/bind/corpus/0e165dcef75c57d54fc223ac76430bd7.00000400.honggfuzz.cov deleted file mode 100644 index e96be79c..00000000 Binary files a/examples/bind/corpus/0e165dcef75c57d54fc223ac76430bd7.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0e16dcb17d5ddea0de26fc6edfd41d04.00000044.honggfuzz.cov b/examples/bind/corpus/0e16dcb17d5ddea0de26fc6edfd41d04.00000044.honggfuzz.cov new file mode 100644 index 00000000..6186f170 Binary files /dev/null and b/examples/bind/corpus/0e16dcb17d5ddea0de26fc6edfd41d04.00000044.honggfuzz.cov differ diff --git a/examples/bind/corpus/0e3f94cfc1582063ff7713a8d6d1e357.000000f2.honggfuzz.cov b/examples/bind/corpus/0e3f94cfc1582063ff7713a8d6d1e357.000000f2.honggfuzz.cov new file mode 100644 index 00000000..51aecd91 Binary files /dev/null and b/examples/bind/corpus/0e3f94cfc1582063ff7713a8d6d1e357.000000f2.honggfuzz.cov differ diff --git a/examples/bind/corpus/0e3f94cfc15c3063087713a8d7618851.000000f2.honggfuzz.cov b/examples/bind/corpus/0e3f94cfc15c3063087713a8d7618851.000000f2.honggfuzz.cov deleted file mode 100644 index df7440ed..00000000 Binary files a/examples/bind/corpus/0e3f94cfc15c3063087713a8d7618851.000000f2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0e4c7b607e05a625c4319c11141e65df.00000080.honggfuzz.cov b/examples/bind/corpus/0e4c7b607e05a625c4319c11141e65df.00000080.honggfuzz.cov deleted file mode 100644 index e6ec442e..00000000 Binary files a/examples/bind/corpus/0e4c7b607e05a625c4319c11141e65df.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0e50120ee93a36d6dd45b14b8337b739.0004a501.honggfuzz.cov b/examples/bind/corpus/0e50120ee93a36d6dd45b14b8337b739.0004a501.honggfuzz.cov deleted file mode 100644 index ba3ad9b4..00000000 Binary files a/examples/bind/corpus/0e50120ee93a36d6dd45b14b8337b739.0004a501.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0e51e2787b190d9455a71358cc994ce5.00000085.honggfuzz.cov b/examples/bind/corpus/0e51e2787b190d9455a71358cc994ce5.00000085.honggfuzz.cov deleted file mode 100644 index 61dd46ca..00000000 Binary files a/examples/bind/corpus/0e51e2787b190d9455a71358cc994ce5.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0e615ba7b1eda89d478faeb623f18732.000101d0.honggfuzz.cov b/examples/bind/corpus/0e615ba7b1eda89d478faeb623f18732.000101d0.honggfuzz.cov new file mode 100644 index 00000000..2a0c147f Binary files /dev/null and b/examples/bind/corpus/0e615ba7b1eda89d478faeb623f18732.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/0e62e33efa7e2b5fb41443deb04a0156.000001b8.honggfuzz.cov b/examples/bind/corpus/0e62e33efa7e2b5fb41443deb04a0156.000001b8.honggfuzz.cov new file mode 100644 index 00000000..00333c24 Binary files /dev/null and b/examples/bind/corpus/0e62e33efa7e2b5fb41443deb04a0156.000001b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/0e6c56d56719cad21c2ee353578386e1.000000bf.honggfuzz.cov b/examples/bind/corpus/0e6c56d56719cad21c2ee353578386e1.000000bf.honggfuzz.cov new file mode 100644 index 00000000..ea156d8f Binary files /dev/null and b/examples/bind/corpus/0e6c56d56719cad21c2ee353578386e1.000000bf.honggfuzz.cov differ diff --git a/examples/bind/corpus/0eb4aa6a65592f0c4b9fdc85580220ed.00000372.honggfuzz.cov b/examples/bind/corpus/0eb4aa6a65592f0c4b9fdc85580220ed.00000372.honggfuzz.cov new file mode 100644 index 00000000..2809d387 Binary files /dev/null and b/examples/bind/corpus/0eb4aa6a65592f0c4b9fdc85580220ed.00000372.honggfuzz.cov differ diff --git a/examples/bind/corpus/0ebef042e9576343d0cfca7132b4a115.00000030.honggfuzz.cov b/examples/bind/corpus/0ebef042e9576343d0cfca7132b4a115.00000030.honggfuzz.cov new file mode 100644 index 00000000..e5154b56 Binary files /dev/null and b/examples/bind/corpus/0ebef042e9576343d0cfca7132b4a115.00000030.honggfuzz.cov differ diff --git a/examples/bind/corpus/0edb1d88e0fa62f5b8ad8e5d91fc5d40.00000020.honggfuzz.cov b/examples/bind/corpus/0edb1d88e0fa62f5b8ad8e5d91fc5d40.00000020.honggfuzz.cov new file mode 100644 index 00000000..175d6a82 Binary files /dev/null and b/examples/bind/corpus/0edb1d88e0fa62f5b8ad8e5d91fc5d40.00000020.honggfuzz.cov differ diff --git a/examples/bind/corpus/0ef9aef1352cbeceedc7177ff7dcd42a.00000d98.honggfuzz.cov b/examples/bind/corpus/0ef9aef1352cbeceedc7177ff7dcd42a.00000d98.honggfuzz.cov deleted file mode 100644 index 34ad9893..00000000 Binary files a/examples/bind/corpus/0ef9aef1352cbeceedc7177ff7dcd42a.00000d98.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0f444081717ef774e39ddd757dbab867.000013ef.honggfuzz.cov b/examples/bind/corpus/0f444081717ef774e39ddd757dbab867.000013ef.honggfuzz.cov new file mode 100644 index 00000000..e9429e43 Binary files /dev/null and b/examples/bind/corpus/0f444081717ef774e39ddd757dbab867.000013ef.honggfuzz.cov differ diff --git a/examples/bind/corpus/0f4980611072520dbbc381bb43396b51.000000f9.honggfuzz.cov b/examples/bind/corpus/0f4980611072520dbbc381bb43396b51.000000f9.honggfuzz.cov deleted file mode 100644 index 48682780..00000000 Binary files a/examples/bind/corpus/0f4980611072520dbbc381bb43396b51.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0f4b02b196088a86714af6b1fa590d92.000000eb.honggfuzz.cov b/examples/bind/corpus/0f4b02b196088a86714af6b1fa590d92.000000eb.honggfuzz.cov new file mode 100644 index 00000000..e7694ee8 Binary files /dev/null and b/examples/bind/corpus/0f4b02b196088a86714af6b1fa590d92.000000eb.honggfuzz.cov differ diff --git a/examples/bind/corpus/0fb059c44f60936977b16041ea8b649c.00016ced.honggfuzz.cov b/examples/bind/corpus/0fb059c44f60936977b16041ea8b649c.00016ced.honggfuzz.cov deleted file mode 100644 index 0936103e..00000000 Binary files a/examples/bind/corpus/0fb059c44f60936977b16041ea8b649c.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0fc75203ce5ba7f1ee6bd62ad646f776.000001fc.honggfuzz.cov b/examples/bind/corpus/0fc75203ce5ba7f1ee6bd62ad646f776.000001fc.honggfuzz.cov deleted file mode 100644 index 7a3121d8..00000000 Binary files a/examples/bind/corpus/0fc75203ce5ba7f1ee6bd62ad646f776.000001fc.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0fcf92734da36ec163964cf2e552d369.00000b95.honggfuzz.cov b/examples/bind/corpus/0fcf92734da36ec163964cf2e552d369.00000b95.honggfuzz.cov deleted file mode 100644 index f33be9a1..00000000 Binary files a/examples/bind/corpus/0fcf92734da36ec163964cf2e552d369.00000b95.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0fd25165b9b2b284c91ec6010762d59a.00000ea9.honggfuzz.cov b/examples/bind/corpus/0fd25165b9b2b284c91ec6010762d59a.00000ea9.honggfuzz.cov new file mode 100644 index 00000000..5a408465 Binary files /dev/null and b/examples/bind/corpus/0fd25165b9b2b284c91ec6010762d59a.00000ea9.honggfuzz.cov differ diff --git a/examples/bind/corpus/0fde45071a52c7da860e1607f186912d.0000054f.honggfuzz.cov b/examples/bind/corpus/0fde45071a52c7da860e1607f186912d.0000054f.honggfuzz.cov deleted file mode 100644 index 7c521e57..00000000 Binary files a/examples/bind/corpus/0fde45071a52c7da860e1607f186912d.0000054f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/0feea58835352511790fac1199a3df80.00000ad5.honggfuzz.cov b/examples/bind/corpus/0feea58835352511790fac1199a3df80.00000ad5.honggfuzz.cov deleted file mode 100644 index a742b596..00000000 Binary files a/examples/bind/corpus/0feea58835352511790fac1199a3df80.00000ad5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/100d1a29105a90b255f7804d9b7636d5.000000f9.honggfuzz.cov b/examples/bind/corpus/100d1a29105a90b255f7804d9b7636d5.000000f9.honggfuzz.cov new file mode 100644 index 00000000..a1e63348 Binary files /dev/null and b/examples/bind/corpus/100d1a29105a90b255f7804d9b7636d5.000000f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/10157e342ba8b42b57264c09f5d689ef.000000f9.honggfuzz.cov b/examples/bind/corpus/10157e342ba8b42b57264c09f5d689ef.000000f9.honggfuzz.cov deleted file mode 100644 index 71522749..00000000 Binary files a/examples/bind/corpus/10157e342ba8b42b57264c09f5d689ef.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/101a8d145380fb404a8ea610b7eabecc.0000005c.honggfuzz.cov b/examples/bind/corpus/101a8d145380fb404a8ea610b7eabecc.0000005c.honggfuzz.cov deleted file mode 100644 index a262bf26..00000000 Binary files a/examples/bind/corpus/101a8d145380fb404a8ea610b7eabecc.0000005c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1023491ede448e66c83d5272847f3286.00000059.honggfuzz.cov b/examples/bind/corpus/1023491ede448e66c83d5272847f3286.00000059.honggfuzz.cov deleted file mode 100644 index 510edf57..00000000 Binary files a/examples/bind/corpus/1023491ede448e66c83d5272847f3286.00000059.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1024fe8c2d18974b054aadd645889463.00016ced.honggfuzz.cov b/examples/bind/corpus/1024fe8c2d18974b054aadd645889463.00016ced.honggfuzz.cov deleted file mode 100644 index 7cd3f8b5..00000000 Binary files a/examples/bind/corpus/1024fe8c2d18974b054aadd645889463.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/102e7153749821c50b78114d6f8ae4ef.00000080.honggfuzz.cov b/examples/bind/corpus/102e7153749821c50b78114d6f8ae4ef.00000080.honggfuzz.cov new file mode 100644 index 00000000..b8b39724 Binary files /dev/null and b/examples/bind/corpus/102e7153749821c50b78114d6f8ae4ef.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/10354d06cfcb9c33badd615251709875.0007d000.honggfuzz.cov b/examples/bind/corpus/10354d06cfcb9c33badd615251709875.0007d000.honggfuzz.cov deleted file mode 100644 index 18a50b4d..00000000 Binary files a/examples/bind/corpus/10354d06cfcb9c33badd615251709875.0007d000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1065b8c3b3416f5dd3a84eaf837412a7.00000085.honggfuzz.cov b/examples/bind/corpus/1065b8c3b3416f5dd3a84eaf837412a7.00000085.honggfuzz.cov new file mode 100644 index 00000000..c49d77ae Binary files /dev/null and b/examples/bind/corpus/1065b8c3b3416f5dd3a84eaf837412a7.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/10c15bad7e33b44ac42b7306f17e309c.00000085.honggfuzz.cov b/examples/bind/corpus/10c15bad7e33b44ac42b7306f17e309c.00000085.honggfuzz.cov deleted file mode 100644 index 7a390771..00000000 Binary files a/examples/bind/corpus/10c15bad7e33b44ac42b7306f17e309c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/10d0b86f8fbb5293f1341b727ae9d9e2.000101d0.honggfuzz.cov b/examples/bind/corpus/10d0b86f8fbb5293f1341b727ae9d9e2.000101d0.honggfuzz.cov new file mode 100644 index 00000000..f550e094 Binary files /dev/null and b/examples/bind/corpus/10d0b86f8fbb5293f1341b727ae9d9e2.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/1105bccc4c4ffc06b74d8a6305c8328b.00000080.honggfuzz.cov b/examples/bind/corpus/1105bccc4c4ffc06b74d8a6305c8328b.00000080.honggfuzz.cov deleted file mode 100644 index de3ee40d..00000000 Binary files a/examples/bind/corpus/1105bccc4c4ffc06b74d8a6305c8328b.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/110942843dff902bf2914042b85571d9.00000085.honggfuzz.cov b/examples/bind/corpus/110942843dff902bf2914042b85571d9.00000085.honggfuzz.cov deleted file mode 100644 index 6afc3b62..00000000 Binary files a/examples/bind/corpus/110942843dff902bf2914042b85571d9.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/110ec2c6b8e9ec924a6b25f802476cda.0000051e.honggfuzz.cov b/examples/bind/corpus/110ec2c6b8e9ec924a6b25f802476cda.0000051e.honggfuzz.cov deleted file mode 100644 index 11452138..00000000 Binary files a/examples/bind/corpus/110ec2c6b8e9ec924a6b25f802476cda.0000051e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/111f71fa6ca637be16f2d509a5e4db76.00000080.honggfuzz.cov b/examples/bind/corpus/111f71fa6ca637be16f2d509a5e4db76.00000080.honggfuzz.cov deleted file mode 100644 index 773abf80..00000000 Binary files a/examples/bind/corpus/111f71fa6ca637be16f2d509a5e4db76.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/112e3a868c4908deea94fae5ad80dfab.000000a0.honggfuzz.cov b/examples/bind/corpus/112e3a868c4908deea94fae5ad80dfab.000000a0.honggfuzz.cov deleted file mode 100644 index c483b47c..00000000 Binary files a/examples/bind/corpus/112e3a868c4908deea94fae5ad80dfab.000000a0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/114e333e28400776138586fa6148c24a.000001e6.honggfuzz.cov b/examples/bind/corpus/114e333e28400776138586fa6148c24a.000001e6.honggfuzz.cov deleted file mode 100644 index bf0dbe29..00000000 Binary files a/examples/bind/corpus/114e333e28400776138586fa6148c24a.000001e6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/114eb449d067c91fad4ea58f2480c6e4.00000085.honggfuzz.cov b/examples/bind/corpus/114eb449d067c91fad4ea58f2480c6e4.00000085.honggfuzz.cov deleted file mode 100644 index 15114d76..00000000 Binary files a/examples/bind/corpus/114eb449d067c91fad4ea58f2480c6e4.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1192b5cefab691287f45f928ce290b84.00000276.honggfuzz.cov b/examples/bind/corpus/1192b5cefab691287f45f928ce290b84.00000276.honggfuzz.cov new file mode 100644 index 00000000..ca896b29 Binary files /dev/null and b/examples/bind/corpus/1192b5cefab691287f45f928ce290b84.00000276.honggfuzz.cov differ diff --git a/examples/bind/corpus/11a0812509f2bd5883d1f474f44c8dc5.000101d0.honggfuzz.cov b/examples/bind/corpus/11a0812509f2bd5883d1f474f44c8dc5.000101d0.honggfuzz.cov new file mode 100644 index 00000000..41672af8 Binary files /dev/null and b/examples/bind/corpus/11a0812509f2bd5883d1f474f44c8dc5.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/11aa93f4cd0e80e5073b8fa86527b27e.00004ff5.honggfuzz.cov b/examples/bind/corpus/11aa93f4cd0e80e5073b8fa86527b27e.00004ff5.honggfuzz.cov new file mode 100644 index 00000000..73626d05 Binary files /dev/null and b/examples/bind/corpus/11aa93f4cd0e80e5073b8fa86527b27e.00004ff5.honggfuzz.cov differ diff --git a/examples/bind/corpus/11cdd9823df1caf7e05ab54e03b2ec19.00002c73.honggfuzz.cov b/examples/bind/corpus/11cdd9823df1caf7e05ab54e03b2ec19.00002c73.honggfuzz.cov new file mode 100644 index 00000000..ce867480 Binary files /dev/null and b/examples/bind/corpus/11cdd9823df1caf7e05ab54e03b2ec19.00002c73.honggfuzz.cov differ diff --git a/examples/bind/corpus/11d32f95ef1e4406e767c88cdac5cf3d.000002a6.honggfuzz.cov b/examples/bind/corpus/11d32f95ef1e4406e767c88cdac5cf3d.000002a6.honggfuzz.cov new file mode 100644 index 00000000..c6cc9f34 Binary files /dev/null and b/examples/bind/corpus/11d32f95ef1e4406e767c88cdac5cf3d.000002a6.honggfuzz.cov differ diff --git a/examples/bind/corpus/11dec28bbad84647163aade4f2ae06cf.000000d1.honggfuzz.cov b/examples/bind/corpus/11dec28bbad84647163aade4f2ae06cf.000000d1.honggfuzz.cov deleted file mode 100644 index 5188d7ae..00000000 Binary files a/examples/bind/corpus/11dec28bbad84647163aade4f2ae06cf.000000d1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/11fc36ae0a76ca2e6891b644d750fec0.00000065.honggfuzz.cov b/examples/bind/corpus/11fc36ae0a76ca2e6891b644d750fec0.00000065.honggfuzz.cov new file mode 100644 index 00000000..4e15f279 Binary files /dev/null and b/examples/bind/corpus/11fc36ae0a76ca2e6891b644d750fec0.00000065.honggfuzz.cov differ diff --git a/examples/bind/corpus/12228ef2bfe591f3119c62ded93d1b0d.0000019a.honggfuzz.cov b/examples/bind/corpus/12228ef2bfe591f3119c62ded93d1b0d.0000019a.honggfuzz.cov new file mode 100644 index 00000000..4ebf6b85 Binary files /dev/null and b/examples/bind/corpus/12228ef2bfe591f3119c62ded93d1b0d.0000019a.honggfuzz.cov differ diff --git a/examples/bind/corpus/124c5dfacf1f70f96bd7bc64db356abd.000003ee.honggfuzz.cov b/examples/bind/corpus/124c5dfacf1f70f96bd7bc64db356abd.000003ee.honggfuzz.cov new file mode 100644 index 00000000..8eac5180 Binary files /dev/null and b/examples/bind/corpus/124c5dfacf1f70f96bd7bc64db356abd.000003ee.honggfuzz.cov differ diff --git a/examples/bind/corpus/124e89d8f338b1f034339a1cec661408.00000063.honggfuzz.cov b/examples/bind/corpus/124e89d8f338b1f034339a1cec661408.00000063.honggfuzz.cov deleted file mode 100644 index 67d12d92..00000000 Binary files a/examples/bind/corpus/124e89d8f338b1f034339a1cec661408.00000063.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1285456ca759ffc94b79da4f62bc497a.000004c9.honggfuzz.cov b/examples/bind/corpus/1285456ca759ffc94b79da4f62bc497a.000004c9.honggfuzz.cov new file mode 100644 index 00000000..c7b00d8e Binary files /dev/null and b/examples/bind/corpus/1285456ca759ffc94b79da4f62bc497a.000004c9.honggfuzz.cov differ diff --git a/examples/bind/corpus/1285722585495197ea80d3bc54ef97ad.00006796.honggfuzz.cov b/examples/bind/corpus/1285722585495197ea80d3bc54ef97ad.00006796.honggfuzz.cov deleted file mode 100644 index 219ddb4a..00000000 Binary files a/examples/bind/corpus/1285722585495197ea80d3bc54ef97ad.00006796.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1291de3285977ef3accee21e840d1d39.0000014a.honggfuzz.cov b/examples/bind/corpus/1291de3285977ef3accee21e840d1d39.0000014a.honggfuzz.cov deleted file mode 100644 index b3a25a54..00000000 Binary files a/examples/bind/corpus/1291de3285977ef3accee21e840d1d39.0000014a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/12b155c629761260ec3d83b8ad7c493a.000019da.honggfuzz.cov b/examples/bind/corpus/12b155c629761260ec3d83b8ad7c493a.000019da.honggfuzz.cov deleted file mode 100644 index 646c88a3..00000000 Binary files a/examples/bind/corpus/12b155c629761260ec3d83b8ad7c493a.000019da.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/12b9671f4003b211ea5720834e1758e7.00000fc5.honggfuzz.cov b/examples/bind/corpus/12b9671f4003b211ea5720834e1758e7.00000fc5.honggfuzz.cov deleted file mode 100644 index 5aedde6b..00000000 Binary files a/examples/bind/corpus/12b9671f4003b211ea5720834e1758e7.00000fc5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/12bfe90f07dec33d4da7684409f11460.00009349.honggfuzz.cov b/examples/bind/corpus/12bfe90f07dec33d4da7684409f11460.00009349.honggfuzz.cov deleted file mode 100644 index d4e074db..00000000 Binary files a/examples/bind/corpus/12bfe90f07dec33d4da7684409f11460.00009349.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/12e0c05c44ca61b962893f6f3c853f55.00000091.honggfuzz.cov b/examples/bind/corpus/12e0c05c44ca61b962893f6f3c853f55.00000091.honggfuzz.cov new file mode 100644 index 00000000..7a90a9d2 Binary files /dev/null and b/examples/bind/corpus/12e0c05c44ca61b962893f6f3c853f55.00000091.honggfuzz.cov differ diff --git a/examples/bind/corpus/1330e34663c07d8c20fbe40c80af893f.0001153e.honggfuzz.cov b/examples/bind/corpus/1330e34663c07d8c20fbe40c80af893f.0001153e.honggfuzz.cov deleted file mode 100644 index 647bd180..00000000 Binary files a/examples/bind/corpus/1330e34663c07d8c20fbe40c80af893f.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/13433c0592e6b3331c766ee87a0c60ce.00000085.honggfuzz.cov b/examples/bind/corpus/13433c0592e6b3331c766ee87a0c60ce.00000085.honggfuzz.cov deleted file mode 100644 index 8278ac35..00000000 Binary files a/examples/bind/corpus/13433c0592e6b3331c766ee87a0c60ce.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1346a636beec78c748cd9d2f044880d6.00000085.honggfuzz.cov b/examples/bind/corpus/1346a636beec78c748cd9d2f044880d6.00000085.honggfuzz.cov deleted file mode 100644 index 75012596..00000000 Binary files a/examples/bind/corpus/1346a636beec78c748cd9d2f044880d6.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/13554cb96da506a30babdc8aa1c77371.00016592.honggfuzz.cov b/examples/bind/corpus/13554cb96da506a30babdc8aa1c77371.00016592.honggfuzz.cov deleted file mode 100644 index 27c7970a..00000000 Binary files a/examples/bind/corpus/13554cb96da506a30babdc8aa1c77371.00016592.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/136163c5234e54c70548444a72775905.0000005e.honggfuzz.cov b/examples/bind/corpus/136163c5234e54c70548444a72775905.0000005e.honggfuzz.cov deleted file mode 100644 index 9eaa7309..00000000 Binary files a/examples/bind/corpus/136163c5234e54c70548444a72775905.0000005e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/137f61170a51eeda057a1b692a773436.000000a1.honggfuzz.cov b/examples/bind/corpus/137f61170a51eeda057a1b692a773436.000000a1.honggfuzz.cov deleted file mode 100644 index 1bc64fb9..00000000 Binary files a/examples/bind/corpus/137f61170a51eeda057a1b692a773436.000000a1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/138d551195ea6a24311bd4207f9a16c3.00000080.honggfuzz.cov b/examples/bind/corpus/138d551195ea6a24311bd4207f9a16c3.00000080.honggfuzz.cov new file mode 100644 index 00000000..7c9822c5 Binary files /dev/null and b/examples/bind/corpus/138d551195ea6a24311bd4207f9a16c3.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/13904515854f398884fada54bf3bcc95.00000040.honggfuzz.cov b/examples/bind/corpus/13904515854f398884fada54bf3bcc95.00000040.honggfuzz.cov deleted file mode 100644 index 53d12709..00000000 Binary files a/examples/bind/corpus/13904515854f398884fada54bf3bcc95.00000040.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/13b32871b91111463305b1b8a2557f31.0000011f.honggfuzz.cov b/examples/bind/corpus/13b32871b91111463305b1b8a2557f31.0000011f.honggfuzz.cov deleted file mode 100644 index b8d85024..00000000 Binary files a/examples/bind/corpus/13b32871b91111463305b1b8a2557f31.0000011f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/13c15306159de46e63de526ac4fe9049.000002d8.honggfuzz.cov b/examples/bind/corpus/13c15306159de46e63de526ac4fe9049.000002d8.honggfuzz.cov new file mode 100644 index 00000000..0f721bc9 Binary files /dev/null and b/examples/bind/corpus/13c15306159de46e63de526ac4fe9049.000002d8.honggfuzz.cov differ diff --git a/examples/bind/corpus/13e65d645fc1ca0ef3b57dcbd8ba5e15.0000026f.honggfuzz.cov b/examples/bind/corpus/13e65d645fc1ca0ef3b57dcbd8ba5e15.0000026f.honggfuzz.cov new file mode 100644 index 00000000..688c01b0 Binary files /dev/null and b/examples/bind/corpus/13e65d645fc1ca0ef3b57dcbd8ba5e15.0000026f.honggfuzz.cov differ diff --git a/examples/bind/corpus/13f32641ec5794427911c6f328dac0cf.0000009e.honggfuzz.cov b/examples/bind/corpus/13f32641ec5794427911c6f328dac0cf.0000009e.honggfuzz.cov deleted file mode 100644 index 777d3f86..00000000 Binary files a/examples/bind/corpus/13f32641ec5794427911c6f328dac0cf.0000009e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/13facbf932995646f1b0b3aeff10ee93.00000020.honggfuzz.cov b/examples/bind/corpus/13facbf932995646f1b0b3aeff10ee93.00000020.honggfuzz.cov new file mode 100644 index 00000000..fdb57b06 Binary files /dev/null and b/examples/bind/corpus/13facbf932995646f1b0b3aeff10ee93.00000020.honggfuzz.cov differ diff --git a/examples/bind/corpus/140f239f687ffadbe56fbe2682f36f72.00000085.honggfuzz.cov b/examples/bind/corpus/140f239f687ffadbe56fbe2682f36f72.00000085.honggfuzz.cov deleted file mode 100644 index cb00e1bf..00000000 Binary files a/examples/bind/corpus/140f239f687ffadbe56fbe2682f36f72.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/141722f28a94b9749ecd71f4b5845707.00000085.honggfuzz.cov b/examples/bind/corpus/141722f28a94b9749ecd71f4b5845707.00000085.honggfuzz.cov deleted file mode 100644 index 33c0d0f1..00000000 Binary files a/examples/bind/corpus/141722f28a94b9749ecd71f4b5845707.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/142b005b297a146cfe3128534c252fc6.0000010f.honggfuzz.cov b/examples/bind/corpus/142b005b297a146cfe3128534c252fc6.0000010f.honggfuzz.cov new file mode 100644 index 00000000..ef6de505 Binary files /dev/null and b/examples/bind/corpus/142b005b297a146cfe3128534c252fc6.0000010f.honggfuzz.cov differ diff --git a/examples/bind/corpus/143e9e9daa0fb94fe90e2657a51e9d31.00000085.honggfuzz.cov b/examples/bind/corpus/143e9e9daa0fb94fe90e2657a51e9d31.00000085.honggfuzz.cov deleted file mode 100644 index d96acd71..00000000 Binary files a/examples/bind/corpus/143e9e9daa0fb94fe90e2657a51e9d31.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1440ed96d7b89de068e63dcc57449e16.000168e9.honggfuzz.cov b/examples/bind/corpus/1440ed96d7b89de068e63dcc57449e16.000168e9.honggfuzz.cov new file mode 100644 index 00000000..2d5d8505 Binary files /dev/null and b/examples/bind/corpus/1440ed96d7b89de068e63dcc57449e16.000168e9.honggfuzz.cov differ diff --git a/examples/bind/corpus/14564d08be93279850dfa557af1d377d.00000043.honggfuzz.cov b/examples/bind/corpus/14564d08be93279850dfa557af1d377d.00000043.honggfuzz.cov deleted file mode 100644 index 2147be94..00000000 Binary files a/examples/bind/corpus/14564d08be93279850dfa557af1d377d.00000043.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1463f2ade6ce09237358b89c95f20a74.0000613c.honggfuzz.cov b/examples/bind/corpus/1463f2ade6ce09237358b89c95f20a74.0000613c.honggfuzz.cov new file mode 100644 index 00000000..e83857f9 Binary files /dev/null and b/examples/bind/corpus/1463f2ade6ce09237358b89c95f20a74.0000613c.honggfuzz.cov differ diff --git a/examples/bind/corpus/14717e254163c6db81e9b60d7238319e.0001f7e8.honggfuzz.cov b/examples/bind/corpus/14717e254163c6db81e9b60d7238319e.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..010a8188 Binary files /dev/null and b/examples/bind/corpus/14717e254163c6db81e9b60d7238319e.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/1483e1ebe0a79c096fec47eb64a32b5f.00000351.honggfuzz.cov b/examples/bind/corpus/1483e1ebe0a79c096fec47eb64a32b5f.00000351.honggfuzz.cov new file mode 100644 index 00000000..e7aa44cd Binary files /dev/null and b/examples/bind/corpus/1483e1ebe0a79c096fec47eb64a32b5f.00000351.honggfuzz.cov differ diff --git a/examples/bind/corpus/149208017ff4766e6ccc4b0cef79bdb4.000001d0.honggfuzz.cov b/examples/bind/corpus/149208017ff4766e6ccc4b0cef79bdb4.000001d0.honggfuzz.cov deleted file mode 100644 index 961d42ab..00000000 Binary files a/examples/bind/corpus/149208017ff4766e6ccc4b0cef79bdb4.000001d0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/14a83b6cd867b9865c05ca0cd22394c6.0001f7e8.honggfuzz.cov b/examples/bind/corpus/14a83b6cd867b9865c05ca0cd22394c6.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..ea3baf50 Binary files /dev/null and b/examples/bind/corpus/14a83b6cd867b9865c05ca0cd22394c6.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/14ae32868c4900de90bc52e5ad80dfa6.000000a0.honggfuzz.cov b/examples/bind/corpus/14ae32868c4900de90bc52e5ad80dfa6.000000a0.honggfuzz.cov deleted file mode 100644 index dc754a27..00000000 Binary files a/examples/bind/corpus/14ae32868c4900de90bc52e5ad80dfa6.000000a0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/14ba40e7d46df0c972341f33be6e9d52.00016ced.honggfuzz.cov b/examples/bind/corpus/14ba40e7d46df0c972341f33be6e9d52.00016ced.honggfuzz.cov deleted file mode 100644 index 76e69d5b..00000000 Binary files a/examples/bind/corpus/14ba40e7d46df0c972341f33be6e9d52.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1510672153da52114263800952aca98e.000102cc.honggfuzz.cov b/examples/bind/corpus/1510672153da52114263800952aca98e.000102cc.honggfuzz.cov deleted file mode 100644 index daad168f..00000000 Binary files a/examples/bind/corpus/1510672153da52114263800952aca98e.000102cc.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/151e705265c9c4bdb64eb314776b8326.0000fffb.honggfuzz.cov b/examples/bind/corpus/151e705265c9c4bdb64eb314776b8326.0000fffb.honggfuzz.cov new file mode 100644 index 00000000..3506496c Binary files /dev/null and b/examples/bind/corpus/151e705265c9c4bdb64eb314776b8326.0000fffb.honggfuzz.cov differ diff --git a/examples/bind/corpus/153a9a26fba857b6ca21e5ad47dd0766.00000085.honggfuzz.cov b/examples/bind/corpus/153a9a26fba857b6ca21e5ad47dd0766.00000085.honggfuzz.cov deleted file mode 100644 index a91563b6..00000000 Binary files a/examples/bind/corpus/153a9a26fba857b6ca21e5ad47dd0766.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/153cccd9043b8caea720c8c8727f9561.00003302.honggfuzz.cov b/examples/bind/corpus/153cccd9043b8caea720c8c8727f9561.00003302.honggfuzz.cov deleted file mode 100644 index 9eacd352..00000000 Binary files a/examples/bind/corpus/153cccd9043b8caea720c8c8727f9561.00003302.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1556b5b664b5f1d1c167b705f7f410ad.000101d0.honggfuzz.cov b/examples/bind/corpus/1556b5b664b5f1d1c167b705f7f410ad.000101d0.honggfuzz.cov new file mode 100644 index 00000000..38bec47b Binary files /dev/null and b/examples/bind/corpus/1556b5b664b5f1d1c167b705f7f410ad.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/155f02e2bc4691175840f4ebe260758d.00000043.honggfuzz.cov b/examples/bind/corpus/155f02e2bc4691175840f4ebe260758d.00000043.honggfuzz.cov new file mode 100644 index 00000000..7fa723e3 Binary files /dev/null and b/examples/bind/corpus/155f02e2bc4691175840f4ebe260758d.00000043.honggfuzz.cov differ diff --git a/examples/bind/corpus/15804c8e32a1c821eac104918c846f46.00002000.honggfuzz.cov b/examples/bind/corpus/15804c8e32a1c821eac104918c846f46.00002000.honggfuzz.cov new file mode 100644 index 00000000..f0506adb Binary files /dev/null and b/examples/bind/corpus/15804c8e32a1c821eac104918c846f46.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/158f6d78ba069542f594d9f6741414a3.000101d0.honggfuzz.cov b/examples/bind/corpus/158f6d78ba069542f594d9f6741414a3.000101d0.honggfuzz.cov new file mode 100644 index 00000000..98ca22c1 Binary files /dev/null and b/examples/bind/corpus/158f6d78ba069542f594d9f6741414a3.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/15ce363706a18d2cec4cbe94c4492e85.00000080.honggfuzz.cov b/examples/bind/corpus/15ce363706a18d2cec4cbe94c4492e85.00000080.honggfuzz.cov deleted file mode 100644 index c3012f21..00000000 Binary files a/examples/bind/corpus/15ce363706a18d2cec4cbe94c4492e85.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/15f4fc6414f200bc9f9cb8b6c78bb574.00000076.honggfuzz.cov b/examples/bind/corpus/15f4fc6414f200bc9f9cb8b6c78bb574.00000076.honggfuzz.cov deleted file mode 100644 index 79fc0fee..00000000 Binary files a/examples/bind/corpus/15f4fc6414f200bc9f9cb8b6c78bb574.00000076.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/15f68dedb7af1b527168a243ffbce1d1.00000040.honggfuzz.cov b/examples/bind/corpus/15f68dedb7af1b527168a243ffbce1d1.00000040.honggfuzz.cov deleted file mode 100644 index 34cf87f3..00000000 Binary files a/examples/bind/corpus/15f68dedb7af1b527168a243ffbce1d1.00000040.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/162447b5b040aec2f5e53142dcd911c3.00000055.honggfuzz.cov b/examples/bind/corpus/162447b5b040aec2f5e53142dcd911c3.00000055.honggfuzz.cov deleted file mode 100644 index 48851921..00000000 Binary files a/examples/bind/corpus/162447b5b040aec2f5e53142dcd911c3.00000055.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/162c17aa24fba8851df5571b4b8d40bd.00000085.honggfuzz.cov b/examples/bind/corpus/162c17aa24fba8851df5571b4b8d40bd.00000085.honggfuzz.cov deleted file mode 100644 index cef8260e..00000000 Binary files a/examples/bind/corpus/162c17aa24fba8851df5571b4b8d40bd.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/162dae526e85f449dad5169be5014b68.00000176.honggfuzz.cov b/examples/bind/corpus/162dae526e85f449dad5169be5014b68.00000176.honggfuzz.cov new file mode 100644 index 00000000..9ed3dca3 Binary files /dev/null and b/examples/bind/corpus/162dae526e85f449dad5169be5014b68.00000176.honggfuzz.cov differ diff --git a/examples/bind/corpus/16359d12d8b6eea150b75c4922164eb5.00000085.honggfuzz.cov b/examples/bind/corpus/16359d12d8b6eea150b75c4922164eb5.00000085.honggfuzz.cov deleted file mode 100644 index 38e70ae8..00000000 Binary files a/examples/bind/corpus/16359d12d8b6eea150b75c4922164eb5.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1639afbc04da6e89f22419d132ec771d.0000002d.honggfuzz.cov b/examples/bind/corpus/1639afbc04da6e89f22419d132ec771d.0000002d.honggfuzz.cov new file mode 100644 index 00000000..3a452761 Binary files /dev/null and b/examples/bind/corpus/1639afbc04da6e89f22419d132ec771d.0000002d.honggfuzz.cov differ diff --git a/examples/bind/corpus/1639afbcb2bcbe8902db16d132ec771d.0000002d.honggfuzz.cov b/examples/bind/corpus/1639afbcb2bcbe8902db16d132ec771d.0000002d.honggfuzz.cov deleted file mode 100644 index 284ea12d..00000000 Binary files a/examples/bind/corpus/1639afbcb2bcbe8902db16d132ec771d.0000002d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1641f7716ff639f10cdb519edd441f81.00000c65.honggfuzz.cov b/examples/bind/corpus/1641f7716ff639f10cdb519edd441f81.00000c65.honggfuzz.cov deleted file mode 100644 index 0e6215be..00000000 Binary files a/examples/bind/corpus/1641f7716ff639f10cdb519edd441f81.00000c65.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/165815762115e6651b33f82f0498a645.00000056.honggfuzz.cov b/examples/bind/corpus/165815762115e6651b33f82f0498a645.00000056.honggfuzz.cov deleted file mode 100644 index 942a80be..00000000 Binary files a/examples/bind/corpus/165815762115e6651b33f82f0498a645.00000056.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/165c5cf474b7927a7a28f5746845fc18.0000022b.honggfuzz.cov b/examples/bind/corpus/165c5cf474b7927a7a28f5746845fc18.0000022b.honggfuzz.cov new file mode 100644 index 00000000..658e65a5 Binary files /dev/null and b/examples/bind/corpus/165c5cf474b7927a7a28f5746845fc18.0000022b.honggfuzz.cov differ diff --git a/examples/bind/corpus/1676a5b8ecaeb0f578e13c09dbaa8272.00002516.honggfuzz.cov b/examples/bind/corpus/1676a5b8ecaeb0f578e13c09dbaa8272.00002516.honggfuzz.cov deleted file mode 100644 index 50b31df3..00000000 Binary files a/examples/bind/corpus/1676a5b8ecaeb0f578e13c09dbaa8272.00002516.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1687cd9e88442706cfdea36875100058.0000003f.honggfuzz.cov b/examples/bind/corpus/1687cd9e88442706cfdea36875100058.0000003f.honggfuzz.cov deleted file mode 100644 index 3627918a..00000000 Binary files a/examples/bind/corpus/1687cd9e88442706cfdea36875100058.0000003f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/168a1e49a658b60c2a1324e16bc0ffa0.00000085.honggfuzz.cov b/examples/bind/corpus/168a1e49a658b60c2a1324e16bc0ffa0.00000085.honggfuzz.cov deleted file mode 100644 index 07dd6024..00000000 Binary files a/examples/bind/corpus/168a1e49a658b60c2a1324e16bc0ffa0.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/169c554a43bc7128cb489f1e7f673d96.00000332.honggfuzz.cov b/examples/bind/corpus/169c554a43bc7128cb489f1e7f673d96.00000332.honggfuzz.cov deleted file mode 100644 index dc83797f..00000000 Binary files a/examples/bind/corpus/169c554a43bc7128cb489f1e7f673d96.00000332.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/16a79f2773686087abb197e090798e05.00000085.honggfuzz.cov b/examples/bind/corpus/16a79f2773686087abb197e090798e05.00000085.honggfuzz.cov deleted file mode 100644 index f1ecb5ff..00000000 Binary files a/examples/bind/corpus/16a79f2773686087abb197e090798e05.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/16aec701fe1cb0e975fdf18a2f0dab91.00001e1c.honggfuzz.cov b/examples/bind/corpus/16aec701fe1cb0e975fdf18a2f0dab91.00001e1c.honggfuzz.cov deleted file mode 100644 index f4f842c0..00000000 Binary files a/examples/bind/corpus/16aec701fe1cb0e975fdf18a2f0dab91.00001e1c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/16b593b2eaf4bbb31f655360acf6a0f5.00000251.honggfuzz.cov b/examples/bind/corpus/16b593b2eaf4bbb31f655360acf6a0f5.00000251.honggfuzz.cov new file mode 100644 index 00000000..ec02c58a Binary files /dev/null and b/examples/bind/corpus/16b593b2eaf4bbb31f655360acf6a0f5.00000251.honggfuzz.cov differ diff --git a/examples/bind/corpus/16c7f0c6ace52d43ca66cc1145b1d611.00005354.honggfuzz.cov b/examples/bind/corpus/16c7f0c6ace52d43ca66cc1145b1d611.00005354.honggfuzz.cov new file mode 100644 index 00000000..eb1e7e2f Binary files /dev/null and b/examples/bind/corpus/16c7f0c6ace52d43ca66cc1145b1d611.00005354.honggfuzz.cov differ diff --git a/examples/bind/corpus/16f24c9183eff6003b1ce3f7c6a1f50c.000000a8.honggfuzz.cov b/examples/bind/corpus/16f24c9183eff6003b1ce3f7c6a1f50c.000000a8.honggfuzz.cov new file mode 100644 index 00000000..c129f00b Binary files /dev/null and b/examples/bind/corpus/16f24c9183eff6003b1ce3f7c6a1f50c.000000a8.honggfuzz.cov differ diff --git a/examples/bind/corpus/171e2a315bad4a864a024fd1488ae4d3.0005d55b.honggfuzz.cov b/examples/bind/corpus/171e2a315bad4a864a024fd1488ae4d3.0005d55b.honggfuzz.cov deleted file mode 100644 index 421ff24a..00000000 Binary files a/examples/bind/corpus/171e2a315bad4a864a024fd1488ae4d3.0005d55b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/17313c1116b80b77546bd5c28b833503.0001f7e8.honggfuzz.cov b/examples/bind/corpus/17313c1116b80b77546bd5c28b833503.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..1580386e Binary files /dev/null and b/examples/bind/corpus/17313c1116b80b77546bd5c28b833503.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/17754944f71ba56896eb39cccb4facad.00001388.honggfuzz.cov b/examples/bind/corpus/17754944f71ba56896eb39cccb4facad.00001388.honggfuzz.cov deleted file mode 100644 index 0d2ca422..00000000 Binary files a/examples/bind/corpus/17754944f71ba56896eb39cccb4facad.00001388.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/17914311ca3aee6a79a87ca173c63ba1.00000117.honggfuzz.cov b/examples/bind/corpus/17914311ca3aee6a79a87ca173c63ba1.00000117.honggfuzz.cov new file mode 100644 index 00000000..9e6652c7 Binary files /dev/null and b/examples/bind/corpus/17914311ca3aee6a79a87ca173c63ba1.00000117.honggfuzz.cov differ diff --git a/examples/bind/corpus/1796b8bc81d96b2ed6ee6b31da735580.00000085.honggfuzz.cov b/examples/bind/corpus/1796b8bc81d96b2ed6ee6b31da735580.00000085.honggfuzz.cov deleted file mode 100644 index abc19df4..00000000 Binary files a/examples/bind/corpus/1796b8bc81d96b2ed6ee6b31da735580.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/17a90bb7e39c2bd09e135f86a60f1014.000000ef.honggfuzz.cov b/examples/bind/corpus/17a90bb7e39c2bd09e135f86a60f1014.000000ef.honggfuzz.cov new file mode 100644 index 00000000..fee0b9c4 Binary files /dev/null and b/examples/bind/corpus/17a90bb7e39c2bd09e135f86a60f1014.000000ef.honggfuzz.cov differ diff --git a/examples/bind/corpus/17c99b51d731ba0018a43d7b4f55aa53.00011644.honggfuzz.cov b/examples/bind/corpus/17c99b51d731ba0018a43d7b4f55aa53.00011644.honggfuzz.cov new file mode 100644 index 00000000..7cb15d3e Binary files /dev/null and b/examples/bind/corpus/17c99b51d731ba0018a43d7b4f55aa53.00011644.honggfuzz.cov differ diff --git a/examples/bind/corpus/17cca0624270385c0d5f39649af20ad4.000000f7.honggfuzz.cov b/examples/bind/corpus/17cca0624270385c0d5f39649af20ad4.000000f7.honggfuzz.cov new file mode 100644 index 00000000..9d5bdeb0 Binary files /dev/null and b/examples/bind/corpus/17cca0624270385c0d5f39649af20ad4.000000f7.honggfuzz.cov differ diff --git a/examples/bind/corpus/17d25922bdca8d8542c9fd19ea8907de.000000f9.honggfuzz.cov b/examples/bind/corpus/17d25922bdca8d8542c9fd19ea8907de.000000f9.honggfuzz.cov deleted file mode 100644 index a1efc483..00000000 Binary files a/examples/bind/corpus/17d25922bdca8d8542c9fd19ea8907de.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/17df99f193f0d9ec486114401cab5abb.0000082d.honggfuzz.cov b/examples/bind/corpus/17df99f193f0d9ec486114401cab5abb.0000082d.honggfuzz.cov new file mode 100644 index 00000000..0198b536 Binary files /dev/null and b/examples/bind/corpus/17df99f193f0d9ec486114401cab5abb.0000082d.honggfuzz.cov differ diff --git a/examples/bind/corpus/17e0428d3bd61209bf8a54a0faf548cf.000009aa.honggfuzz.cov b/examples/bind/corpus/17e0428d3bd61209bf8a54a0faf548cf.000009aa.honggfuzz.cov deleted file mode 100644 index 18a15607..00000000 Binary files a/examples/bind/corpus/17e0428d3bd61209bf8a54a0faf548cf.000009aa.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/17efa7b12a47bb121efc94e7eec57c76.0001153e.honggfuzz.cov b/examples/bind/corpus/17efa7b12a47bb121efc94e7eec57c76.0001153e.honggfuzz.cov new file mode 100644 index 00000000..05a8150d Binary files /dev/null and b/examples/bind/corpus/17efa7b12a47bb121efc94e7eec57c76.0001153e.honggfuzz.cov differ diff --git a/examples/bind/corpus/17f4e7c4c27163883aacc43150e4d27f.000000d5.honggfuzz.cov b/examples/bind/corpus/17f4e7c4c27163883aacc43150e4d27f.000000d5.honggfuzz.cov deleted file mode 100644 index dd89bd1b..00000000 Binary files a/examples/bind/corpus/17f4e7c4c27163883aacc43150e4d27f.000000d5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1807574a649775213e2181bd8c6f0208.00000085.honggfuzz.cov b/examples/bind/corpus/1807574a649775213e2181bd8c6f0208.00000085.honggfuzz.cov deleted file mode 100644 index 9f175642..00000000 Binary files a/examples/bind/corpus/1807574a649775213e2181bd8c6f0208.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1821403daa8c4b63f904bfd3b94ca492.000001b8.honggfuzz.cov b/examples/bind/corpus/1821403daa8c4b63f904bfd3b94ca492.000001b8.honggfuzz.cov new file mode 100644 index 00000000..1b2eb270 Binary files /dev/null and b/examples/bind/corpus/1821403daa8c4b63f904bfd3b94ca492.000001b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/18227407743ec47e8a2a3a441c2b8a95.0000010f.honggfuzz.cov b/examples/bind/corpus/18227407743ec47e8a2a3a441c2b8a95.0000010f.honggfuzz.cov new file mode 100644 index 00000000..e18edb2d Binary files /dev/null and b/examples/bind/corpus/18227407743ec47e8a2a3a441c2b8a95.0000010f.honggfuzz.cov differ diff --git a/examples/bind/corpus/182cf3531ba0bddc0bb6d7dd77ccd6ad.000007a3.honggfuzz.cov b/examples/bind/corpus/182cf3531ba0bddc0bb6d7dd77ccd6ad.000007a3.honggfuzz.cov new file mode 100644 index 00000000..2799d43b Binary files /dev/null and b/examples/bind/corpus/182cf3531ba0bddc0bb6d7dd77ccd6ad.000007a3.honggfuzz.cov differ diff --git a/examples/bind/corpus/182e93f94c82897a282e34c31c5b17e4.00000085.honggfuzz.cov b/examples/bind/corpus/182e93f94c82897a282e34c31c5b17e4.00000085.honggfuzz.cov deleted file mode 100644 index 03087f3e..00000000 Binary files a/examples/bind/corpus/182e93f94c82897a282e34c31c5b17e4.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/183684eef2bd15cf4bad80c68ffecc87.0000009e.honggfuzz.cov b/examples/bind/corpus/183684eef2bd15cf4bad80c68ffecc87.0000009e.honggfuzz.cov deleted file mode 100644 index 9a5e4a1a..00000000 Binary files a/examples/bind/corpus/183684eef2bd15cf4bad80c68ffecc87.0000009e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1837a788dedeec636073c9d7ec9436e3.00000091.honggfuzz.cov b/examples/bind/corpus/1837a788dedeec636073c9d7ec9436e3.00000091.honggfuzz.cov deleted file mode 100644 index 7e523593..00000000 Binary files a/examples/bind/corpus/1837a788dedeec636073c9d7ec9436e3.00000091.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/184ee06e903742466c944a8922b9eb4c.00000147.honggfuzz.cov b/examples/bind/corpus/184ee06e903742466c944a8922b9eb4c.00000147.honggfuzz.cov new file mode 100644 index 00000000..1251b561 Binary files /dev/null and b/examples/bind/corpus/184ee06e903742466c944a8922b9eb4c.00000147.honggfuzz.cov differ diff --git a/examples/bind/corpus/18834e9fb994209c72125898c35becf5.000000d5.honggfuzz.cov b/examples/bind/corpus/18834e9fb994209c72125898c35becf5.000000d5.honggfuzz.cov new file mode 100644 index 00000000..4a7b20c9 Binary files /dev/null and b/examples/bind/corpus/18834e9fb994209c72125898c35becf5.000000d5.honggfuzz.cov differ diff --git a/examples/bind/corpus/18868bb006603b7a33f42b3741b2d36c.00000e83.honggfuzz.cov b/examples/bind/corpus/18868bb006603b7a33f42b3741b2d36c.00000e83.honggfuzz.cov deleted file mode 100644 index ec2f9e45..00000000 Binary files a/examples/bind/corpus/18868bb006603b7a33f42b3741b2d36c.00000e83.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1896d08f6f225aa6a78fc2aaedb560e0.00000252.honggfuzz.cov b/examples/bind/corpus/1896d08f6f225aa6a78fc2aaedb560e0.00000252.honggfuzz.cov deleted file mode 100644 index 8729c831..00000000 Binary files a/examples/bind/corpus/1896d08f6f225aa6a78fc2aaedb560e0.00000252.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/18a8d17800ce75714509f980adee62a5.00000040.honggfuzz.cov b/examples/bind/corpus/18a8d17800ce75714509f980adee62a5.00000040.honggfuzz.cov new file mode 100644 index 00000000..a80c0971 Binary files /dev/null and b/examples/bind/corpus/18a8d17800ce75714509f980adee62a5.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/18acf806073214448bbfb3e15f8081ce.00000400.honggfuzz.cov b/examples/bind/corpus/18acf806073214448bbfb3e15f8081ce.00000400.honggfuzz.cov deleted file mode 100644 index c07cedaa..00000000 Binary files a/examples/bind/corpus/18acf806073214448bbfb3e15f8081ce.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/18ad95ee33d20b73955a5594a0193001.00002c0d.honggfuzz.cov b/examples/bind/corpus/18ad95ee33d20b73955a5594a0193001.00002c0d.honggfuzz.cov deleted file mode 100644 index 56b1f72a..00000000 Binary files a/examples/bind/corpus/18ad95ee33d20b73955a5594a0193001.00002c0d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/18bae6f9a3d54cf3c535632cb57ee520.00000085.honggfuzz.cov b/examples/bind/corpus/18bae6f9a3d54cf3c535632cb57ee520.00000085.honggfuzz.cov deleted file mode 100644 index d460b34d..00000000 Binary files a/examples/bind/corpus/18bae6f9a3d54cf3c535632cb57ee520.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1901d4867f9696d97729332fb58ccec5.000101d0.honggfuzz.cov b/examples/bind/corpus/1901d4867f9696d97729332fb58ccec5.000101d0.honggfuzz.cov new file mode 100644 index 00000000..58ec0d19 Binary files /dev/null and b/examples/bind/corpus/1901d4867f9696d97729332fb58ccec5.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/1920e0e60f7cc308645787c9a06ade0e.0000029e.honggfuzz.cov b/examples/bind/corpus/1920e0e60f7cc308645787c9a06ade0e.0000029e.honggfuzz.cov deleted file mode 100644 index 7e4bd6d0..00000000 Binary files a/examples/bind/corpus/1920e0e60f7cc308645787c9a06ade0e.0000029e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/19271e678af322c69313e33ebf7fe457.00000186.honggfuzz.cov b/examples/bind/corpus/19271e678af322c69313e33ebf7fe457.00000186.honggfuzz.cov deleted file mode 100644 index f68ed17e..00000000 Binary files a/examples/bind/corpus/19271e678af322c69313e33ebf7fe457.00000186.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1935d32fc026326e2e065df8934b80d3.00002cad.honggfuzz.cov b/examples/bind/corpus/1935d32fc026326e2e065df8934b80d3.00002cad.honggfuzz.cov deleted file mode 100644 index 22152713..00000000 Binary files a/examples/bind/corpus/1935d32fc026326e2e065df8934b80d3.00002cad.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/194061f2e417772c8e431872466f0d5b.000000a3.honggfuzz.cov b/examples/bind/corpus/194061f2e417772c8e431872466f0d5b.000000a3.honggfuzz.cov deleted file mode 100644 index ae6ca365..00000000 Binary files a/examples/bind/corpus/194061f2e417772c8e431872466f0d5b.000000a3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/195a33e246a7417c9bf23bea0727b726.0000119b.honggfuzz.cov b/examples/bind/corpus/195a33e246a7417c9bf23bea0727b726.0000119b.honggfuzz.cov new file mode 100644 index 00000000..21138830 Binary files /dev/null and b/examples/bind/corpus/195a33e246a7417c9bf23bea0727b726.0000119b.honggfuzz.cov differ diff --git a/examples/bind/corpus/19628c12b55369443ab5617b0f89384c.0001f7e8.honggfuzz.cov b/examples/bind/corpus/19628c12b55369443ab5617b0f89384c.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..0d2cd833 Binary files /dev/null and b/examples/bind/corpus/19628c12b55369443ab5617b0f89384c.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/196d5a274758b939aeb92c15f9723b9e.00008d94.honggfuzz.cov b/examples/bind/corpus/196d5a274758b939aeb92c15f9723b9e.00008d94.honggfuzz.cov deleted file mode 100644 index 25ad1fac..00000000 Binary files a/examples/bind/corpus/196d5a274758b939aeb92c15f9723b9e.00008d94.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1970e679cfb810e0ecef4a7159510b24.00000cbe.honggfuzz.cov b/examples/bind/corpus/1970e679cfb810e0ecef4a7159510b24.00000cbe.honggfuzz.cov new file mode 100644 index 00000000..00fc475c Binary files /dev/null and b/examples/bind/corpus/1970e679cfb810e0ecef4a7159510b24.00000cbe.honggfuzz.cov differ diff --git a/examples/bind/corpus/19721f12bff07291519165627cbf55df.00006e98.honggfuzz.cov b/examples/bind/corpus/19721f12bff07291519165627cbf55df.00006e98.honggfuzz.cov deleted file mode 100644 index ebfaf1c8..00000000 Binary files a/examples/bind/corpus/19721f12bff07291519165627cbf55df.00006e98.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1994f9519ebc7409ad8116e879e3ac05.0001f7e8.honggfuzz.cov b/examples/bind/corpus/1994f9519ebc7409ad8116e879e3ac05.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..d654ce4b Binary files /dev/null and b/examples/bind/corpus/1994f9519ebc7409ad8116e879e3ac05.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/19ea737404475144a5dca394db75a6ab.00000085.honggfuzz.cov b/examples/bind/corpus/19ea737404475144a5dca394db75a6ab.00000085.honggfuzz.cov new file mode 100644 index 00000000..7c889e52 Binary files /dev/null and b/examples/bind/corpus/19ea737404475144a5dca394db75a6ab.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/1a0c64d31065542a5acc8d3717b8bf3f.0000033d.honggfuzz.cov b/examples/bind/corpus/1a0c64d31065542a5acc8d3717b8bf3f.0000033d.honggfuzz.cov deleted file mode 100644 index d94f57fd..00000000 Binary files a/examples/bind/corpus/1a0c64d31065542a5acc8d3717b8bf3f.0000033d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1a13c8c4c63c7c6e6d12b064310be99a.00000085.honggfuzz.cov b/examples/bind/corpus/1a13c8c4c63c7c6e6d12b064310be99a.00000085.honggfuzz.cov deleted file mode 100644 index 1c870b7b..00000000 Binary files a/examples/bind/corpus/1a13c8c4c63c7c6e6d12b064310be99a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1a17a607a095579295aa490eb612faf9.00000497.honggfuzz.cov b/examples/bind/corpus/1a17a607a095579295aa490eb612faf9.00000497.honggfuzz.cov new file mode 100644 index 00000000..121fedc0 Binary files /dev/null and b/examples/bind/corpus/1a17a607a095579295aa490eb612faf9.00000497.honggfuzz.cov differ diff --git a/examples/bind/corpus/1a1aec202b0822d5acf03a33504f4d5a.000000f7.honggfuzz.cov b/examples/bind/corpus/1a1aec202b0822d5acf03a33504f4d5a.000000f7.honggfuzz.cov deleted file mode 100644 index 8cd318c8..00000000 Binary files a/examples/bind/corpus/1a1aec202b0822d5acf03a33504f4d5a.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1a29fe05b6aeb6d1a85a5faaf8996f41.0001f7e8.honggfuzz.cov b/examples/bind/corpus/1a29fe05b6aeb6d1a85a5faaf8996f41.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..76eadb72 Binary files /dev/null and b/examples/bind/corpus/1a29fe05b6aeb6d1a85a5faaf8996f41.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/1a355d0323ef2bb3627b9dfba78c39b0.00000085.honggfuzz.cov b/examples/bind/corpus/1a355d0323ef2bb3627b9dfba78c39b0.00000085.honggfuzz.cov deleted file mode 100644 index e3cfcad7..00000000 Binary files a/examples/bind/corpus/1a355d0323ef2bb3627b9dfba78c39b0.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1a37c5b597a68695b53a9ba931f960f4.0000019a.honggfuzz.cov b/examples/bind/corpus/1a37c5b597a68695b53a9ba931f960f4.0000019a.honggfuzz.cov deleted file mode 100644 index 62597cb5..00000000 Binary files a/examples/bind/corpus/1a37c5b597a68695b53a9ba931f960f4.0000019a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1a39a42a8fe74d33e00c08e5d55f1907.0001f7e8.honggfuzz.cov b/examples/bind/corpus/1a39a42a8fe74d33e00c08e5d55f1907.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..0f5e5b01 Binary files /dev/null and b/examples/bind/corpus/1a39a42a8fe74d33e00c08e5d55f1907.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/1a4fdc0bd845dfd44badc3829e78dc7d.00000085.honggfuzz.cov b/examples/bind/corpus/1a4fdc0bd845dfd44badc3829e78dc7d.00000085.honggfuzz.cov deleted file mode 100644 index 5a99bdd2..00000000 Binary files a/examples/bind/corpus/1a4fdc0bd845dfd44badc3829e78dc7d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1a5c3c87a3238d5e824e01bc860f40eb.00000087.honggfuzz.cov b/examples/bind/corpus/1a5c3c87a3238d5e824e01bc860f40eb.00000087.honggfuzz.cov new file mode 100644 index 00000000..74463b09 Binary files /dev/null and b/examples/bind/corpus/1a5c3c87a3238d5e824e01bc860f40eb.00000087.honggfuzz.cov differ diff --git a/examples/bind/corpus/1a6ac6b40953d14835de14973d08ab6e.000004a9.honggfuzz.cov b/examples/bind/corpus/1a6ac6b40953d14835de14973d08ab6e.000004a9.honggfuzz.cov new file mode 100644 index 00000000..36ccd161 Binary files /dev/null and b/examples/bind/corpus/1a6ac6b40953d14835de14973d08ab6e.000004a9.honggfuzz.cov differ diff --git a/examples/bind/corpus/1a6d4dca9921625f0f1c75e9469391b1.0000020a.honggfuzz.cov b/examples/bind/corpus/1a6d4dca9921625f0f1c75e9469391b1.0000020a.honggfuzz.cov new file mode 100644 index 00000000..4720a0b0 Binary files /dev/null and b/examples/bind/corpus/1a6d4dca9921625f0f1c75e9469391b1.0000020a.honggfuzz.cov differ diff --git a/examples/bind/corpus/1a71254b72aa04799233614d54f7035c.00000400.honggfuzz.cov b/examples/bind/corpus/1a71254b72aa04799233614d54f7035c.00000400.honggfuzz.cov deleted file mode 100644 index b2c1e81a..00000000 Binary files a/examples/bind/corpus/1a71254b72aa04799233614d54f7035c.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1abe7cd5681e5d76d79903f5f8b81778.00000032.honggfuzz.cov b/examples/bind/corpus/1abe7cd5681e5d76d79903f5f8b81778.00000032.honggfuzz.cov new file mode 100644 index 00000000..ddd8605c Binary files /dev/null and b/examples/bind/corpus/1abe7cd5681e5d76d79903f5f8b81778.00000032.honggfuzz.cov differ diff --git a/examples/bind/corpus/1ac79abb3b9b64eae6e3776db0bbb5f0.0000265a.honggfuzz.cov b/examples/bind/corpus/1ac79abb3b9b64eae6e3776db0bbb5f0.0000265a.honggfuzz.cov deleted file mode 100644 index 7eee34e6..00000000 Binary files a/examples/bind/corpus/1ac79abb3b9b64eae6e3776db0bbb5f0.0000265a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1aca07ce73a72106b3515817e4ce07a0.00001877.honggfuzz.cov b/examples/bind/corpus/1aca07ce73a72106b3515817e4ce07a0.00001877.honggfuzz.cov new file mode 100644 index 00000000..838aa27a Binary files /dev/null and b/examples/bind/corpus/1aca07ce73a72106b3515817e4ce07a0.00001877.honggfuzz.cov differ diff --git a/examples/bind/corpus/1ad4f60be76c2b693640175dc226202d.0000006a.honggfuzz.cov b/examples/bind/corpus/1ad4f60be76c2b693640175dc226202d.0000006a.honggfuzz.cov deleted file mode 100644 index ae8bb371..00000000 Binary files a/examples/bind/corpus/1ad4f60be76c2b693640175dc226202d.0000006a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1ae891e3e2f625bac7b1fb42cde22c15.0000d011.honggfuzz.cov b/examples/bind/corpus/1ae891e3e2f625bac7b1fb42cde22c15.0000d011.honggfuzz.cov deleted file mode 100644 index 8172781a..00000000 Binary files a/examples/bind/corpus/1ae891e3e2f625bac7b1fb42cde22c15.0000d011.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1aea9975ebf198817b70affa6c577f76.00000085.honggfuzz.cov b/examples/bind/corpus/1aea9975ebf198817b70affa6c577f76.00000085.honggfuzz.cov deleted file mode 100644 index ba092584..00000000 Binary files a/examples/bind/corpus/1aea9975ebf198817b70affa6c577f76.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1b0b21ddb316c99705a167a000d113c1.00000238.honggfuzz.cov b/examples/bind/corpus/1b0b21ddb316c99705a167a000d113c1.00000238.honggfuzz.cov new file mode 100644 index 00000000..08c86229 Binary files /dev/null and b/examples/bind/corpus/1b0b21ddb316c99705a167a000d113c1.00000238.honggfuzz.cov differ diff --git a/examples/bind/corpus/1b3f265a63f400e4f3277c6bad3d2332.00000085.honggfuzz.cov b/examples/bind/corpus/1b3f265a63f400e4f3277c6bad3d2332.00000085.honggfuzz.cov deleted file mode 100644 index 0ec753d9..00000000 Binary files a/examples/bind/corpus/1b3f265a63f400e4f3277c6bad3d2332.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1b496a3be58856ec7fa7f9d7f3e8d735.00000063.honggfuzz.cov b/examples/bind/corpus/1b496a3be58856ec7fa7f9d7f3e8d735.00000063.honggfuzz.cov new file mode 100644 index 00000000..3c110324 Binary files /dev/null and b/examples/bind/corpus/1b496a3be58856ec7fa7f9d7f3e8d735.00000063.honggfuzz.cov differ diff --git a/examples/bind/corpus/1b6f8654b46e5295b61217dbb4794075.00000094.honggfuzz.cov b/examples/bind/corpus/1b6f8654b46e5295b61217dbb4794075.00000094.honggfuzz.cov new file mode 100644 index 00000000..f82d2dc6 Binary files /dev/null and b/examples/bind/corpus/1b6f8654b46e5295b61217dbb4794075.00000094.honggfuzz.cov differ diff --git a/examples/bind/corpus/1b81a2037602186af252df79ab6afb87.00000405.honggfuzz.cov b/examples/bind/corpus/1b81a2037602186af252df79ab6afb87.00000405.honggfuzz.cov new file mode 100644 index 00000000..7f984451 Binary files /dev/null and b/examples/bind/corpus/1b81a2037602186af252df79ab6afb87.00000405.honggfuzz.cov differ diff --git a/examples/bind/corpus/1b81c135ccce5f8f9c07969234081329.0000011e.honggfuzz.cov b/examples/bind/corpus/1b81c135ccce5f8f9c07969234081329.0000011e.honggfuzz.cov new file mode 100644 index 00000000..184e3e17 Binary files /dev/null and b/examples/bind/corpus/1b81c135ccce5f8f9c07969234081329.0000011e.honggfuzz.cov differ diff --git a/examples/bind/corpus/1b83af78238ff4a11450c3e902fb1d4e.00000200.honggfuzz.cov b/examples/bind/corpus/1b83af78238ff4a11450c3e902fb1d4e.00000200.honggfuzz.cov new file mode 100644 index 00000000..3b911c06 Binary files /dev/null and b/examples/bind/corpus/1b83af78238ff4a11450c3e902fb1d4e.00000200.honggfuzz.cov differ diff --git a/examples/bind/corpus/1b852d59cbe07dbdaa8081fecf810288.0001153e.honggfuzz.cov b/examples/bind/corpus/1b852d59cbe07dbdaa8081fecf810288.0001153e.honggfuzz.cov deleted file mode 100644 index be44d48c..00000000 Binary files a/examples/bind/corpus/1b852d59cbe07dbdaa8081fecf810288.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1bbc82af8ec894031a1d3570e13ee389.00000085.honggfuzz.cov b/examples/bind/corpus/1bbc82af8ec894031a1d3570e13ee389.00000085.honggfuzz.cov deleted file mode 100644 index 36f9dc66..00000000 Binary files a/examples/bind/corpus/1bbc82af8ec894031a1d3570e13ee389.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1bbdf73b5a824ce34a882ce4a8b628db.00000052.honggfuzz.cov b/examples/bind/corpus/1bbdf73b5a824ce34a882ce4a8b628db.00000052.honggfuzz.cov deleted file mode 100644 index 187eae18..00000000 Binary files a/examples/bind/corpus/1bbdf73b5a824ce34a882ce4a8b628db.00000052.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1bf5fd0c390092b90d55e4ff3f857c72.0000028a.honggfuzz.cov b/examples/bind/corpus/1bf5fd0c390092b90d55e4ff3f857c72.0000028a.honggfuzz.cov deleted file mode 100644 index 8071ac94..00000000 Binary files a/examples/bind/corpus/1bf5fd0c390092b90d55e4ff3f857c72.0000028a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1c01f2b68447c81b71e3adc3965fe36a.0000097b.honggfuzz.cov b/examples/bind/corpus/1c01f2b68447c81b71e3adc3965fe36a.0000097b.honggfuzz.cov deleted file mode 100644 index b03b821d..00000000 Binary files a/examples/bind/corpus/1c01f2b68447c81b71e3adc3965fe36a.0000097b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1c0b475d4da8bfe464d85f822fe3804b.000019a0.honggfuzz.cov b/examples/bind/corpus/1c0b475d4da8bfe464d85f822fe3804b.000019a0.honggfuzz.cov deleted file mode 100644 index 88cc9147..00000000 Binary files a/examples/bind/corpus/1c0b475d4da8bfe464d85f822fe3804b.000019a0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1c11646188ece5286ea43e6748f70e9d.00002710.honggfuzz.cov b/examples/bind/corpus/1c11646188ece5286ea43e6748f70e9d.00002710.honggfuzz.cov deleted file mode 100644 index c7363219..00000000 Binary files a/examples/bind/corpus/1c11646188ece5286ea43e6748f70e9d.00002710.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1c225a0b70b8201b13d07420380ab331.00001079.honggfuzz.cov b/examples/bind/corpus/1c225a0b70b8201b13d07420380ab331.00001079.honggfuzz.cov deleted file mode 100644 index 02353870..00000000 Binary files a/examples/bind/corpus/1c225a0b70b8201b13d07420380ab331.00001079.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1c2899b2f5138af3050f6237851c4737.0000a74d.honggfuzz.cov b/examples/bind/corpus/1c2899b2f5138af3050f6237851c4737.0000a74d.honggfuzz.cov new file mode 100644 index 00000000..7db5f131 Binary files /dev/null and b/examples/bind/corpus/1c2899b2f5138af3050f6237851c4737.0000a74d.honggfuzz.cov differ diff --git a/examples/bind/corpus/1c29c8283dca88344706e65677809500.0001b316.honggfuzz.cov b/examples/bind/corpus/1c29c8283dca88344706e65677809500.0001b316.honggfuzz.cov deleted file mode 100644 index 0c9e957f..00000000 Binary files a/examples/bind/corpus/1c29c8283dca88344706e65677809500.0001b316.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1c66a1283e158c20d5e5a29d26244231.00000021.honggfuzz.cov b/examples/bind/corpus/1c66a1283e158c20d5e5a29d26244231.00000021.honggfuzz.cov deleted file mode 100644 index 301be884..00000000 Binary files a/examples/bind/corpus/1c66a1283e158c20d5e5a29d26244231.00000021.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1c77f2f3f5b2fa6d71ee814a8d427f4b.0000006f.honggfuzz.cov b/examples/bind/corpus/1c77f2f3f5b2fa6d71ee814a8d427f4b.0000006f.honggfuzz.cov deleted file mode 100644 index c43e1aa7..00000000 Binary files a/examples/bind/corpus/1c77f2f3f5b2fa6d71ee814a8d427f4b.0000006f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1c80541656ac45ed18e912a1cd055063.000006b0.honggfuzz.cov b/examples/bind/corpus/1c80541656ac45ed18e912a1cd055063.000006b0.honggfuzz.cov deleted file mode 100644 index 5da6aa6c..00000000 Binary files a/examples/bind/corpus/1c80541656ac45ed18e912a1cd055063.000006b0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1ca57aa046413a5c3024bbbe582400f3.00000400.honggfuzz.cov b/examples/bind/corpus/1ca57aa046413a5c3024bbbe582400f3.00000400.honggfuzz.cov deleted file mode 100644 index 933cadd3..00000000 Binary files a/examples/bind/corpus/1ca57aa046413a5c3024bbbe582400f3.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1cbda0df7261dd861e049e02be5885a4.000101d0.honggfuzz.cov b/examples/bind/corpus/1cbda0df7261dd861e049e02be5885a4.000101d0.honggfuzz.cov new file mode 100644 index 00000000..bf04c6df Binary files /dev/null and b/examples/bind/corpus/1cbda0df7261dd861e049e02be5885a4.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/1cd6b1d30f7c539ec08696016c43f3f4.0001fc2a.honggfuzz.cov b/examples/bind/corpus/1cd6b1d30f7c539ec08696016c43f3f4.0001fc2a.honggfuzz.cov deleted file mode 100644 index d29bef33..00000000 Binary files a/examples/bind/corpus/1cd6b1d30f7c539ec08696016c43f3f4.0001fc2a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1cd739c3a6f20db5359763919eecbcb3.00000fb4.honggfuzz.cov b/examples/bind/corpus/1cd739c3a6f20db5359763919eecbcb3.00000fb4.honggfuzz.cov deleted file mode 100644 index 51d0acc0..00000000 Binary files a/examples/bind/corpus/1cd739c3a6f20db5359763919eecbcb3.00000fb4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1d056814b4f1bff73073f08c226b433a.0000005a.honggfuzz.cov b/examples/bind/corpus/1d056814b4f1bff73073f08c226b433a.0000005a.honggfuzz.cov new file mode 100644 index 00000000..45aa5842 Binary files /dev/null and b/examples/bind/corpus/1d056814b4f1bff73073f08c226b433a.0000005a.honggfuzz.cov differ diff --git a/examples/bind/corpus/1d22c310b1a84d930235389cfc27db56.00000062.honggfuzz.cov b/examples/bind/corpus/1d22c310b1a84d930235389cfc27db56.00000062.honggfuzz.cov new file mode 100644 index 00000000..30e4f2c0 Binary files /dev/null and b/examples/bind/corpus/1d22c310b1a84d930235389cfc27db56.00000062.honggfuzz.cov differ diff --git a/examples/bind/corpus/1d33dcd856ce201da0efff7a3e030357.00002798.honggfuzz.cov b/examples/bind/corpus/1d33dcd856ce201da0efff7a3e030357.00002798.honggfuzz.cov deleted file mode 100644 index 9c6e9f7b..00000000 Binary files a/examples/bind/corpus/1d33dcd856ce201da0efff7a3e030357.00002798.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1d4390f55f0e33c12f36d00e405a7b6a.00000400.honggfuzz.cov b/examples/bind/corpus/1d4390f55f0e33c12f36d00e405a7b6a.00000400.honggfuzz.cov deleted file mode 100644 index 1b9cfb47..00000000 Binary files a/examples/bind/corpus/1d4390f55f0e33c12f36d00e405a7b6a.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1d733e084ca2e1209d27136fd7d79247.00000085.honggfuzz.cov b/examples/bind/corpus/1d733e084ca2e1209d27136fd7d79247.00000085.honggfuzz.cov deleted file mode 100644 index e3d745f2..00000000 Binary files a/examples/bind/corpus/1d733e084ca2e1209d27136fd7d79247.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1d8b4e8c637e2658f8e71e941fe3828c.00000239.honggfuzz.cov b/examples/bind/corpus/1d8b4e8c637e2658f8e71e941fe3828c.00000239.honggfuzz.cov new file mode 100644 index 00000000..b0b643c5 Binary files /dev/null and b/examples/bind/corpus/1d8b4e8c637e2658f8e71e941fe3828c.00000239.honggfuzz.cov differ diff --git a/examples/bind/corpus/1de48abb251beafc931ab77c94c6b09a.00004c1c.honggfuzz.cov b/examples/bind/corpus/1de48abb251beafc931ab77c94c6b09a.00004c1c.honggfuzz.cov deleted file mode 100644 index ec7b0cd2..00000000 Binary files a/examples/bind/corpus/1de48abb251beafc931ab77c94c6b09a.00004c1c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1dfb2841efcaed8144a5a0b4321b1117.00000085.honggfuzz.cov b/examples/bind/corpus/1dfb2841efcaed8144a5a0b4321b1117.00000085.honggfuzz.cov deleted file mode 100644 index f8a5c954..00000000 Binary files a/examples/bind/corpus/1dfb2841efcaed8144a5a0b4321b1117.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1e0808b174f11f981973bfe4a203d6e8.0000088d.honggfuzz.cov b/examples/bind/corpus/1e0808b174f11f981973bfe4a203d6e8.0000088d.honggfuzz.cov deleted file mode 100644 index d70b6d3f..00000000 Binary files a/examples/bind/corpus/1e0808b174f11f981973bfe4a203d6e8.0000088d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1e0a874f255fa1243c84c705d29cc57a.00000219.honggfuzz.cov b/examples/bind/corpus/1e0a874f255fa1243c84c705d29cc57a.00000219.honggfuzz.cov deleted file mode 100644 index 363999dc..00000000 Binary files a/examples/bind/corpus/1e0a874f255fa1243c84c705d29cc57a.00000219.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1e159b3d63074b93c447c1810e3d9e7c.000002f3.honggfuzz.cov b/examples/bind/corpus/1e159b3d63074b93c447c1810e3d9e7c.000002f3.honggfuzz.cov new file mode 100644 index 00000000..9e16b242 Binary files /dev/null and b/examples/bind/corpus/1e159b3d63074b93c447c1810e3d9e7c.000002f3.honggfuzz.cov differ diff --git a/examples/bind/corpus/1e1e4b6306ba36201e66f0a284f4a13b.00000085.honggfuzz.cov b/examples/bind/corpus/1e1e4b6306ba36201e66f0a284f4a13b.00000085.honggfuzz.cov deleted file mode 100644 index d637507a..00000000 Binary files a/examples/bind/corpus/1e1e4b6306ba36201e66f0a284f4a13b.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1e2146fb1204de1fa48a637aae39e4f1.000000ee.honggfuzz.cov b/examples/bind/corpus/1e2146fb1204de1fa48a637aae39e4f1.000000ee.honggfuzz.cov deleted file mode 100644 index 7cfd2fed..00000000 Binary files a/examples/bind/corpus/1e2146fb1204de1fa48a637aae39e4f1.000000ee.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1e2331a1354ccedec0c174691d07bc77.00000085.honggfuzz.cov b/examples/bind/corpus/1e2331a1354ccedec0c174691d07bc77.00000085.honggfuzz.cov deleted file mode 100644 index 632a56e9..00000000 Binary files a/examples/bind/corpus/1e2331a1354ccedec0c174691d07bc77.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1e2331a135567f75dbdbc5c207acbc66.00000085.honggfuzz.cov b/examples/bind/corpus/1e2331a135567f75dbdbc5c207acbc66.00000085.honggfuzz.cov deleted file mode 100644 index 8c7c5e98..00000000 Binary files a/examples/bind/corpus/1e2331a135567f75dbdbc5c207acbc66.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1e26a4ccd84406566e7c3f6515099fda.00000040.honggfuzz.cov b/examples/bind/corpus/1e26a4ccd84406566e7c3f6515099fda.00000040.honggfuzz.cov new file mode 100644 index 00000000..2946ed34 Binary files /dev/null and b/examples/bind/corpus/1e26a4ccd84406566e7c3f6515099fda.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/1e43b66127b2aea19082bf1c56d75a04.00000085.honggfuzz.cov b/examples/bind/corpus/1e43b66127b2aea19082bf1c56d75a04.00000085.honggfuzz.cov deleted file mode 100644 index 7058a738..00000000 Binary files a/examples/bind/corpus/1e43b66127b2aea19082bf1c56d75a04.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1e5ff0d9f5e87d4249827b2ad77f6274.00000085.honggfuzz.cov b/examples/bind/corpus/1e5ff0d9f5e87d4249827b2ad77f6274.00000085.honggfuzz.cov new file mode 100644 index 00000000..8fb84e32 Binary files /dev/null and b/examples/bind/corpus/1e5ff0d9f5e87d4249827b2ad77f6274.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/1e79a9fec288cdcfe4b1d54bfd94464c.00000085.honggfuzz.cov b/examples/bind/corpus/1e79a9fec288cdcfe4b1d54bfd94464c.00000085.honggfuzz.cov new file mode 100644 index 00000000..07aa60db Binary files /dev/null and b/examples/bind/corpus/1e79a9fec288cdcfe4b1d54bfd94464c.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/1e899a00453019dbc9cb303bb5c52224.00000926.honggfuzz.cov b/examples/bind/corpus/1e899a00453019dbc9cb303bb5c52224.00000926.honggfuzz.cov new file mode 100644 index 00000000..b0107fca Binary files /dev/null and b/examples/bind/corpus/1e899a00453019dbc9cb303bb5c52224.00000926.honggfuzz.cov differ diff --git a/examples/bind/corpus/1eac4e8a9d4135240a342576f6e9dd3c.00000085.honggfuzz.cov b/examples/bind/corpus/1eac4e8a9d4135240a342576f6e9dd3c.00000085.honggfuzz.cov deleted file mode 100644 index f64f327a..00000000 Binary files a/examples/bind/corpus/1eac4e8a9d4135240a342576f6e9dd3c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1eb27d7a901fedb42b5a14ca9672429e.00000080.honggfuzz.cov b/examples/bind/corpus/1eb27d7a901fedb42b5a14ca9672429e.00000080.honggfuzz.cov new file mode 100644 index 00000000..4365ccd0 Binary files /dev/null and b/examples/bind/corpus/1eb27d7a901fedb42b5a14ca9672429e.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/1ecae119e8e7670387690822f5decf6e.00000085.honggfuzz.cov b/examples/bind/corpus/1ecae119e8e7670387690822f5decf6e.00000085.honggfuzz.cov new file mode 100644 index 00000000..abc7dd16 Binary files /dev/null and b/examples/bind/corpus/1ecae119e8e7670387690822f5decf6e.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/1ed3f3f3342d6824185709bd4bd594e0.00000085.honggfuzz.cov b/examples/bind/corpus/1ed3f3f3342d6824185709bd4bd594e0.00000085.honggfuzz.cov deleted file mode 100644 index d0623336..00000000 Binary files a/examples/bind/corpus/1ed3f3f3342d6824185709bd4bd594e0.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1ed6bce3a91c0b2d00358479bdd5ce7d.000000fe.honggfuzz.cov b/examples/bind/corpus/1ed6bce3a91c0b2d00358479bdd5ce7d.000000fe.honggfuzz.cov new file mode 100644 index 00000000..46c08218 Binary files /dev/null and b/examples/bind/corpus/1ed6bce3a91c0b2d00358479bdd5ce7d.000000fe.honggfuzz.cov differ diff --git a/examples/bind/corpus/1ef1af6233bc2593daf970052f3a7f3d.000001e0.honggfuzz.cov b/examples/bind/corpus/1ef1af6233bc2593daf970052f3a7f3d.000001e0.honggfuzz.cov new file mode 100644 index 00000000..5c3ac34d Binary files /dev/null and b/examples/bind/corpus/1ef1af6233bc2593daf970052f3a7f3d.000001e0.honggfuzz.cov differ diff --git a/examples/bind/corpus/1f0e9cc1dbbb46cb011ddf7be1c40165.00003bc5.honggfuzz.cov b/examples/bind/corpus/1f0e9cc1dbbb46cb011ddf7be1c40165.00003bc5.honggfuzz.cov deleted file mode 100644 index f844a570..00000000 Binary files a/examples/bind/corpus/1f0e9cc1dbbb46cb011ddf7be1c40165.00003bc5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1f0ead6706242f44d41e24ca3ca89726.00004ce1.honggfuzz.cov b/examples/bind/corpus/1f0ead6706242f44d41e24ca3ca89726.00004ce1.honggfuzz.cov new file mode 100644 index 00000000..dee1f94a Binary files /dev/null and b/examples/bind/corpus/1f0ead6706242f44d41e24ca3ca89726.00004ce1.honggfuzz.cov differ diff --git a/examples/bind/corpus/1f0f5bf803e223a42c505ad3fa815090.0000001e.honggfuzz.cov b/examples/bind/corpus/1f0f5bf803e223a42c505ad3fa815090.0000001e.honggfuzz.cov new file mode 100644 index 00000000..dc163394 Binary files /dev/null and b/examples/bind/corpus/1f0f5bf803e223a42c505ad3fa815090.0000001e.honggfuzz.cov differ diff --git a/examples/bind/corpus/1f6b6c578f82939a77199090a3db933b.000003ab.honggfuzz.cov b/examples/bind/corpus/1f6b6c578f82939a77199090a3db933b.000003ab.honggfuzz.cov new file mode 100644 index 00000000..7e112fc0 Binary files /dev/null and b/examples/bind/corpus/1f6b6c578f82939a77199090a3db933b.000003ab.honggfuzz.cov differ diff --git a/examples/bind/corpus/1f855528c7704bbc5263698f23f93594.00000019.honggfuzz.cov b/examples/bind/corpus/1f855528c7704bbc5263698f23f93594.00000019.honggfuzz.cov deleted file mode 100644 index 1efdd4c2..00000000 Binary files a/examples/bind/corpus/1f855528c7704bbc5263698f23f93594.00000019.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1faa5040568596c93d7e81348bbf481a.000001b9.honggfuzz.cov b/examples/bind/corpus/1faa5040568596c93d7e81348bbf481a.000001b9.honggfuzz.cov deleted file mode 100644 index d9146062..00000000 Binary files a/examples/bind/corpus/1faa5040568596c93d7e81348bbf481a.000001b9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1fb0ba35f924d63ecd0b79de51c52305.00000080.honggfuzz.cov b/examples/bind/corpus/1fb0ba35f924d63ecd0b79de51c52305.00000080.honggfuzz.cov deleted file mode 100644 index 489623b1..00000000 Binary files a/examples/bind/corpus/1fb0ba35f924d63ecd0b79de51c52305.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1fbc4e55a893ccb58ca61acdce99f581.00000020.honggfuzz.cov b/examples/bind/corpus/1fbc4e55a893ccb58ca61acdce99f581.00000020.honggfuzz.cov deleted file mode 100644 index b52cb401..00000000 Binary files a/examples/bind/corpus/1fbc4e55a893ccb58ca61acdce99f581.00000020.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1fbedf869edc6dc77744782beb5a2fcb.0000050b.honggfuzz.cov b/examples/bind/corpus/1fbedf869edc6dc77744782beb5a2fcb.0000050b.honggfuzz.cov new file mode 100644 index 00000000..71c2a8d1 Binary files /dev/null and b/examples/bind/corpus/1fbedf869edc6dc77744782beb5a2fcb.0000050b.honggfuzz.cov differ diff --git a/examples/bind/corpus/1fbf29f739a5a12ce0a52659691bd4ac.000000f9.honggfuzz.cov b/examples/bind/corpus/1fbf29f739a5a12ce0a52659691bd4ac.000000f9.honggfuzz.cov deleted file mode 100644 index bdaf83d3..00000000 Binary files a/examples/bind/corpus/1fbf29f739a5a12ce0a52659691bd4ac.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1fdf202b639f5a0976d4815704e6d25c.0000065b.honggfuzz.cov b/examples/bind/corpus/1fdf202b639f5a0976d4815704e6d25c.0000065b.honggfuzz.cov deleted file mode 100644 index 71e30f6d..00000000 Binary files a/examples/bind/corpus/1fdf202b639f5a0976d4815704e6d25c.0000065b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1fec471e63dbc7a736cb0cb19ba63692.0000283a.honggfuzz.cov b/examples/bind/corpus/1fec471e63dbc7a736cb0cb19ba63692.0000283a.honggfuzz.cov deleted file mode 100644 index 885bf076..00000000 Binary files a/examples/bind/corpus/1fec471e63dbc7a736cb0cb19ba63692.0000283a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/1ff56775c9ef1443b88cfe06f17ca5ff.0000059c.honggfuzz.cov b/examples/bind/corpus/1ff56775c9ef1443b88cfe06f17ca5ff.0000059c.honggfuzz.cov deleted file mode 100644 index c34165e7..00000000 Binary files a/examples/bind/corpus/1ff56775c9ef1443b88cfe06f17ca5ff.0000059c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/200e4d810bee295451364d3f363db1b5.000000a0.honggfuzz.cov b/examples/bind/corpus/200e4d810bee295451364d3f363db1b5.000000a0.honggfuzz.cov deleted file mode 100644 index 1c3c3640..00000000 Binary files a/examples/bind/corpus/200e4d810bee295451364d3f363db1b5.000000a0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2018b0374aadbde192c715892e8b55d2.00000400.honggfuzz.cov b/examples/bind/corpus/2018b0374aadbde192c715892e8b55d2.00000400.honggfuzz.cov deleted file mode 100644 index 985a89dd..00000000 Binary files a/examples/bind/corpus/2018b0374aadbde192c715892e8b55d2.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2040727796babd4c3033a5beb4388eb1.000000d3.honggfuzz.cov b/examples/bind/corpus/2040727796babd4c3033a5beb4388eb1.000000d3.honggfuzz.cov deleted file mode 100644 index 5e3fb337..00000000 Binary files a/examples/bind/corpus/2040727796babd4c3033a5beb4388eb1.000000d3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/204275d97144fcb7a9d319f0f02d4d60.0000c1d1.honggfuzz.cov b/examples/bind/corpus/204275d97144fcb7a9d319f0f02d4d60.0000c1d1.honggfuzz.cov new file mode 100644 index 00000000..f0025af1 Binary files /dev/null and b/examples/bind/corpus/204275d97144fcb7a9d319f0f02d4d60.0000c1d1.honggfuzz.cov differ diff --git a/examples/bind/corpus/2048af17571dd6d1dd83b07a2881a7ef.00000085.honggfuzz.cov b/examples/bind/corpus/2048af17571dd6d1dd83b07a2881a7ef.00000085.honggfuzz.cov deleted file mode 100644 index a5c77a8c..00000000 Binary files a/examples/bind/corpus/2048af17571dd6d1dd83b07a2881a7ef.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2093eecdc4dfb567addca9194403fecf.00000085.honggfuzz.cov b/examples/bind/corpus/2093eecdc4dfb567addca9194403fecf.00000085.honggfuzz.cov new file mode 100644 index 00000000..d4364305 Binary files /dev/null and b/examples/bind/corpus/2093eecdc4dfb567addca9194403fecf.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/2108b5937210aa80d19ba38f6f931dd6.00000035.honggfuzz.cov b/examples/bind/corpus/2108b5937210aa80d19ba38f6f931dd6.00000035.honggfuzz.cov new file mode 100644 index 00000000..0a7137e9 Binary files /dev/null and b/examples/bind/corpus/2108b5937210aa80d19ba38f6f931dd6.00000035.honggfuzz.cov differ diff --git a/examples/bind/corpus/211d1acd732c72475ca6161eecfe2e51.00000085.honggfuzz.cov b/examples/bind/corpus/211d1acd732c72475ca6161eecfe2e51.00000085.honggfuzz.cov deleted file mode 100644 index d8cb3ed2..00000000 Binary files a/examples/bind/corpus/211d1acd732c72475ca6161eecfe2e51.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2123129e23d722a91a33a4c69de76b37.0000c349.honggfuzz.cov b/examples/bind/corpus/2123129e23d722a91a33a4c69de76b37.0000c349.honggfuzz.cov new file mode 100644 index 00000000..162211b7 Binary files /dev/null and b/examples/bind/corpus/2123129e23d722a91a33a4c69de76b37.0000c349.honggfuzz.cov differ diff --git a/examples/bind/corpus/21300220cf7171e64c9630b9b9b769dc.00000085.honggfuzz.cov b/examples/bind/corpus/21300220cf7171e64c9630b9b9b769dc.00000085.honggfuzz.cov deleted file mode 100644 index 8bcf42fe..00000000 Binary files a/examples/bind/corpus/21300220cf7171e64c9630b9b9b769dc.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/21491f11eb2ad2215562d873cddd2235.0000001e.honggfuzz.cov b/examples/bind/corpus/21491f11eb2ad2215562d873cddd2235.0000001e.honggfuzz.cov new file mode 100644 index 00000000..1b4a8fca Binary files /dev/null and b/examples/bind/corpus/21491f11eb2ad2215562d873cddd2235.0000001e.honggfuzz.cov differ diff --git a/examples/bind/corpus/217b576196d931efdcf94c7256ebf547.00000085.honggfuzz.cov b/examples/bind/corpus/217b576196d931efdcf94c7256ebf547.00000085.honggfuzz.cov deleted file mode 100644 index 3fbe660d..00000000 Binary files a/examples/bind/corpus/217b576196d931efdcf94c7256ebf547.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/217b579169d631ef47e6704ea524c97b.00000085.honggfuzz.cov b/examples/bind/corpus/217b579169d631ef47e6704ea524c97b.00000085.honggfuzz.cov deleted file mode 100644 index 2b52e650..00000000 Binary files a/examples/bind/corpus/217b579169d631ef47e6704ea524c97b.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/217ba114e7d7543c6bfc7bfdafb5bd23.0000180a.honggfuzz.cov b/examples/bind/corpus/217ba114e7d7543c6bfc7bfdafb5bd23.0000180a.honggfuzz.cov deleted file mode 100644 index a76a0a9e..00000000 Binary files a/examples/bind/corpus/217ba114e7d7543c6bfc7bfdafb5bd23.0000180a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/217c73b0a35a49e6197991c6689e7dd7.000178d3.honggfuzz.cov b/examples/bind/corpus/217c73b0a35a49e6197991c6689e7dd7.000178d3.honggfuzz.cov deleted file mode 100644 index 6761fb79..00000000 Binary files a/examples/bind/corpus/217c73b0a35a49e6197991c6689e7dd7.000178d3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2182965e86b6175b7680f07520290acd.000000f9.honggfuzz.cov b/examples/bind/corpus/2182965e86b6175b7680f07520290acd.000000f9.honggfuzz.cov deleted file mode 100644 index 5d73ac19..00000000 Binary files a/examples/bind/corpus/2182965e86b6175b7680f07520290acd.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/21a8798d4800670e742155dde04c603c.0000007e.honggfuzz.cov b/examples/bind/corpus/21a8798d4800670e742155dde04c603c.0000007e.honggfuzz.cov deleted file mode 100644 index f5640b0d..00000000 Binary files a/examples/bind/corpus/21a8798d4800670e742155dde04c603c.0000007e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/21ad5747bf0031ef470870a04bca27db.00000085.honggfuzz.cov b/examples/bind/corpus/21ad5747bf0031ef470870a04bca27db.00000085.honggfuzz.cov deleted file mode 100644 index b1889232..00000000 Binary files a/examples/bind/corpus/21ad5747bf0031ef470870a04bca27db.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/22270a2d26b0fedeaf866a9dc072adc1.00000080.honggfuzz.cov b/examples/bind/corpus/22270a2d26b0fedeaf866a9dc072adc1.00000080.honggfuzz.cov deleted file mode 100644 index a83cbc3c..00000000 Binary files a/examples/bind/corpus/22270a2d26b0fedeaf866a9dc072adc1.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2237c4a12c5d6c57cbbeb1d398e708a5.00042674.honggfuzz.cov b/examples/bind/corpus/2237c4a12c5d6c57cbbeb1d398e708a5.00042674.honggfuzz.cov deleted file mode 100644 index 8ac9380e..00000000 Binary files a/examples/bind/corpus/2237c4a12c5d6c57cbbeb1d398e708a5.00042674.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/227961981a04daa87a57dc1491e568c2.00000020.honggfuzz.cov b/examples/bind/corpus/227961981a04daa87a57dc1491e568c2.00000020.honggfuzz.cov new file mode 100644 index 00000000..70706e0e Binary files /dev/null and b/examples/bind/corpus/227961981a04daa87a57dc1491e568c2.00000020.honggfuzz.cov differ diff --git a/examples/bind/corpus/229a71f8f9bca8e14964cce206e2c272.00001d71.honggfuzz.cov b/examples/bind/corpus/229a71f8f9bca8e14964cce206e2c272.00001d71.honggfuzz.cov deleted file mode 100644 index c9774381..00000000 Binary files a/examples/bind/corpus/229a71f8f9bca8e14964cce206e2c272.00001d71.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/229c2a8e53ad2c28c1ca12f20ff22487.0000005b.honggfuzz.cov b/examples/bind/corpus/229c2a8e53ad2c28c1ca12f20ff22487.0000005b.honggfuzz.cov deleted file mode 100644 index e799f6a1..00000000 Binary files a/examples/bind/corpus/229c2a8e53ad2c28c1ca12f20ff22487.0000005b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/22c03a63325c6a6832b40fd4f0f231c6.00000400.honggfuzz.cov b/examples/bind/corpus/22c03a63325c6a6832b40fd4f0f231c6.00000400.honggfuzz.cov deleted file mode 100644 index 820e9b40..00000000 Binary files a/examples/bind/corpus/22c03a63325c6a6832b40fd4f0f231c6.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/22c36d3a2df85418cfd3d4c4a4b41167.0000002d.honggfuzz.cov b/examples/bind/corpus/22c36d3a2df85418cfd3d4c4a4b41167.0000002d.honggfuzz.cov new file mode 100644 index 00000000..2ecc722f Binary files /dev/null and b/examples/bind/corpus/22c36d3a2df85418cfd3d4c4a4b41167.0000002d.honggfuzz.cov differ diff --git a/examples/bind/corpus/22dff551c16b16c89fa241aee1c823e8.0000011f.honggfuzz.cov b/examples/bind/corpus/22dff551c16b16c89fa241aee1c823e8.0000011f.honggfuzz.cov new file mode 100644 index 00000000..4b6a3464 Binary files /dev/null and b/examples/bind/corpus/22dff551c16b16c89fa241aee1c823e8.0000011f.honggfuzz.cov differ diff --git a/examples/bind/corpus/22fdf0ceef870042f976b7feb590a75e.000101d0.honggfuzz.cov b/examples/bind/corpus/22fdf0ceef870042f976b7feb590a75e.000101d0.honggfuzz.cov new file mode 100644 index 00000000..a702e541 Binary files /dev/null and b/examples/bind/corpus/22fdf0ceef870042f976b7feb590a75e.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/231820b77fe217ed469dd4938fa8694a.0001f7e8.honggfuzz.cov b/examples/bind/corpus/231820b77fe217ed469dd4938fa8694a.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..fb627d45 Binary files /dev/null and b/examples/bind/corpus/231820b77fe217ed469dd4938fa8694a.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/2325846626d9aaa54b529d5be7e78611.00000085.honggfuzz.cov b/examples/bind/corpus/2325846626d9aaa54b529d5be7e78611.00000085.honggfuzz.cov deleted file mode 100644 index 16d5b88d..00000000 Binary files a/examples/bind/corpus/2325846626d9aaa54b529d5be7e78611.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/233b8c5add6bf2d330631346ff562abb.00000129.honggfuzz.cov b/examples/bind/corpus/233b8c5add6bf2d330631346ff562abb.00000129.honggfuzz.cov new file mode 100644 index 00000000..31271c05 Binary files /dev/null and b/examples/bind/corpus/233b8c5add6bf2d330631346ff562abb.00000129.honggfuzz.cov differ diff --git a/examples/bind/corpus/2342a4ad4a0a6ae9572a424634726c59.00000516.honggfuzz.cov b/examples/bind/corpus/2342a4ad4a0a6ae9572a424634726c59.00000516.honggfuzz.cov new file mode 100644 index 00000000..3cfc397f Binary files /dev/null and b/examples/bind/corpus/2342a4ad4a0a6ae9572a424634726c59.00000516.honggfuzz.cov differ diff --git a/examples/bind/corpus/234325353619f74c3af9edca58c318d9.00000085.honggfuzz.cov b/examples/bind/corpus/234325353619f74c3af9edca58c318d9.00000085.honggfuzz.cov deleted file mode 100644 index c4f891a3..00000000 Binary files a/examples/bind/corpus/234325353619f74c3af9edca58c318d9.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/235fb944ab6518b3a46174d03c5191ff.000000f9.honggfuzz.cov b/examples/bind/corpus/235fb944ab6518b3a46174d03c5191ff.000000f9.honggfuzz.cov deleted file mode 100644 index 64b4daf1..00000000 Binary files a/examples/bind/corpus/235fb944ab6518b3a46174d03c5191ff.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/23874dcc1bc79ac3f1d53a2b27689c8d.00000032.honggfuzz.cov b/examples/bind/corpus/23874dcc1bc79ac3f1d53a2b27689c8d.00000032.honggfuzz.cov new file mode 100644 index 00000000..3aecd787 Binary files /dev/null and b/examples/bind/corpus/23874dcc1bc79ac3f1d53a2b27689c8d.00000032.honggfuzz.cov differ diff --git a/examples/bind/corpus/239b90191b2983ddae635c6d9b5ed3b2.00000079.honggfuzz.cov b/examples/bind/corpus/239b90191b2983ddae635c6d9b5ed3b2.00000079.honggfuzz.cov deleted file mode 100644 index e4a6456f..00000000 Binary files a/examples/bind/corpus/239b90191b2983ddae635c6d9b5ed3b2.00000079.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/23b702236eeb381fa696f1bfa53dfd2a.00006819.honggfuzz.cov b/examples/bind/corpus/23b702236eeb381fa696f1bfa53dfd2a.00006819.honggfuzz.cov new file mode 100644 index 00000000..071c0513 Binary files /dev/null and b/examples/bind/corpus/23b702236eeb381fa696f1bfa53dfd2a.00006819.honggfuzz.cov differ diff --git a/examples/bind/corpus/23e2c8542a25cf583fd23e814d179821.00000031.honggfuzz.cov b/examples/bind/corpus/23e2c8542a25cf583fd23e814d179821.00000031.honggfuzz.cov new file mode 100644 index 00000000..64ebb8bf Binary files /dev/null and b/examples/bind/corpus/23e2c8542a25cf583fd23e814d179821.00000031.honggfuzz.cov differ diff --git a/examples/bind/corpus/24015a91a484c8acb76dd484156731f6.00000057.honggfuzz.cov b/examples/bind/corpus/24015a91a484c8acb76dd484156731f6.00000057.honggfuzz.cov new file mode 100644 index 00000000..fc7d1f87 Binary files /dev/null and b/examples/bind/corpus/24015a91a484c8acb76dd484156731f6.00000057.honggfuzz.cov differ diff --git a/examples/bind/corpus/240810ecab0cb4b20a037a60748d4d5b.00004238.honggfuzz.cov b/examples/bind/corpus/240810ecab0cb4b20a037a60748d4d5b.00004238.honggfuzz.cov deleted file mode 100644 index 9a7e74ed..00000000 Binary files a/examples/bind/corpus/240810ecab0cb4b20a037a60748d4d5b.00004238.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/240c07fb656949ccd4230778f3e3bf77.00002ea8.honggfuzz.cov b/examples/bind/corpus/240c07fb656949ccd4230778f3e3bf77.00002ea8.honggfuzz.cov deleted file mode 100644 index 47a19199..00000000 Binary files a/examples/bind/corpus/240c07fb656949ccd4230778f3e3bf77.00002ea8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/24228617b0be184c36ce5daaf1cc2a11.00000085.honggfuzz.cov b/examples/bind/corpus/24228617b0be184c36ce5daaf1cc2a11.00000085.honggfuzz.cov new file mode 100644 index 00000000..32377cd5 Binary files /dev/null and b/examples/bind/corpus/24228617b0be184c36ce5daaf1cc2a11.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/243deea3db4239b131c2f7d781f19c87.0000e12d.honggfuzz.cov b/examples/bind/corpus/243deea3db4239b131c2f7d781f19c87.0000e12d.honggfuzz.cov deleted file mode 100644 index 217931bf..00000000 Binary files a/examples/bind/corpus/243deea3db4239b131c2f7d781f19c87.0000e12d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2441a38f467b4cef4059a2bbb7cdb6b3.00000087.honggfuzz.cov b/examples/bind/corpus/2441a38f467b4cef4059a2bbb7cdb6b3.00000087.honggfuzz.cov deleted file mode 100644 index 022a6050..00000000 Binary files a/examples/bind/corpus/2441a38f467b4cef4059a2bbb7cdb6b3.00000087.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/244e4563f4fd8aec016de9103b5ad465.00000046.honggfuzz.cov b/examples/bind/corpus/244e4563f4fd8aec016de9103b5ad465.00000046.honggfuzz.cov new file mode 100644 index 00000000..b514400b Binary files /dev/null and b/examples/bind/corpus/244e4563f4fd8aec016de9103b5ad465.00000046.honggfuzz.cov differ diff --git a/examples/bind/corpus/24586813ea898511afc4beb01dd099b7.00000d97.honggfuzz.cov b/examples/bind/corpus/24586813ea898511afc4beb01dd099b7.00000d97.honggfuzz.cov deleted file mode 100644 index a54ab77c..00000000 Binary files a/examples/bind/corpus/24586813ea898511afc4beb01dd099b7.00000d97.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2469350e3bcd5794610a17f948743bca.000008b9.honggfuzz.cov b/examples/bind/corpus/2469350e3bcd5794610a17f948743bca.000008b9.honggfuzz.cov deleted file mode 100644 index d8ba23c9..00000000 Binary files a/examples/bind/corpus/2469350e3bcd5794610a17f948743bca.000008b9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/247728b489db181278bd7c9ad0c0eaf1.00002000.honggfuzz.cov b/examples/bind/corpus/247728b489db181278bd7c9ad0c0eaf1.00002000.honggfuzz.cov new file mode 100644 index 00000000..eeea1b1e Binary files /dev/null and b/examples/bind/corpus/247728b489db181278bd7c9ad0c0eaf1.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/247db1aff0f7bc4c2e519f9dd6e7a547.00000219.honggfuzz.cov b/examples/bind/corpus/247db1aff0f7bc4c2e519f9dd6e7a547.00000219.honggfuzz.cov deleted file mode 100644 index f431bf0a..00000000 Binary files a/examples/bind/corpus/247db1aff0f7bc4c2e519f9dd6e7a547.00000219.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/248d669e0f93dbf1acd3be810bcaa5e6.0000f05e.honggfuzz.cov b/examples/bind/corpus/248d669e0f93dbf1acd3be810bcaa5e6.0000f05e.honggfuzz.cov deleted file mode 100644 index 1c452322..00000000 Binary files a/examples/bind/corpus/248d669e0f93dbf1acd3be810bcaa5e6.0000f05e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/24a63e1101df76de089c5f225503339a.000002fd.honggfuzz.cov b/examples/bind/corpus/24a63e1101df76de089c5f225503339a.000002fd.honggfuzz.cov new file mode 100644 index 00000000..efc43e09 Binary files /dev/null and b/examples/bind/corpus/24a63e1101df76de089c5f225503339a.000002fd.honggfuzz.cov differ diff --git a/examples/bind/corpus/24ad524dddc15d0aabe9f03f685498a4.00000091.honggfuzz.cov b/examples/bind/corpus/24ad524dddc15d0aabe9f03f685498a4.00000091.honggfuzz.cov new file mode 100644 index 00000000..597b34c6 Binary files /dev/null and b/examples/bind/corpus/24ad524dddc15d0aabe9f03f685498a4.00000091.honggfuzz.cov differ diff --git a/examples/bind/corpus/24b57a781d141d75e731daa4cd8e03d1.0000005c.honggfuzz.cov b/examples/bind/corpus/24b57a781d141d75e731daa4cd8e03d1.0000005c.honggfuzz.cov new file mode 100644 index 00000000..d2b9c039 Binary files /dev/null and b/examples/bind/corpus/24b57a781d141d75e731daa4cd8e03d1.0000005c.honggfuzz.cov differ diff --git a/examples/bind/corpus/24d3654af3921ce567f9346cf2783993.00010ae8.honggfuzz.cov b/examples/bind/corpus/24d3654af3921ce567f9346cf2783993.00010ae8.honggfuzz.cov new file mode 100644 index 00000000..d98a01b1 Binary files /dev/null and b/examples/bind/corpus/24d3654af3921ce567f9346cf2783993.00010ae8.honggfuzz.cov differ diff --git a/examples/bind/corpus/24ddbb4eb9148dbbe50e26968e7b638c.00000085.honggfuzz.cov b/examples/bind/corpus/24ddbb4eb9148dbbe50e26968e7b638c.00000085.honggfuzz.cov deleted file mode 100644 index e7bfb236..00000000 Binary files a/examples/bind/corpus/24ddbb4eb9148dbbe50e26968e7b638c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/24f8c2a0352a8bf53128eff08374bd94.00000262.honggfuzz.cov b/examples/bind/corpus/24f8c2a0352a8bf53128eff08374bd94.00000262.honggfuzz.cov new file mode 100644 index 00000000..8d6d3fe9 Binary files /dev/null and b/examples/bind/corpus/24f8c2a0352a8bf53128eff08374bd94.00000262.honggfuzz.cov differ diff --git a/examples/bind/corpus/25154cdd22179dec741f4d9fc1e9c013.00000e87.honggfuzz.cov b/examples/bind/corpus/25154cdd22179dec741f4d9fc1e9c013.00000e87.honggfuzz.cov new file mode 100644 index 00000000..a18ca897 Binary files /dev/null and b/examples/bind/corpus/25154cdd22179dec741f4d9fc1e9c013.00000e87.honggfuzz.cov differ diff --git a/examples/bind/corpus/25200000000000002520000000000000.00000001.honggfuzz.cov b/examples/bind/corpus/25200000000000002520000000000000.00000001.honggfuzz.cov new file mode 100644 index 00000000..0817502b --- /dev/null +++ b/examples/bind/corpus/25200000000000002520000000000000.00000001.honggfuzz.cov @@ -0,0 +1 @@ +> \ No newline at end of file diff --git a/examples/bind/corpus/2520b2813b7d41648ff2bf4153250432.000008ff.honggfuzz.cov b/examples/bind/corpus/2520b2813b7d41648ff2bf4153250432.000008ff.honggfuzz.cov deleted file mode 100644 index aa58ef40..00000000 Binary files a/examples/bind/corpus/2520b2813b7d41648ff2bf4153250432.000008ff.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/253b1e2248e282a2463c47f97eb11b45.0000055e.honggfuzz.cov b/examples/bind/corpus/253b1e2248e282a2463c47f97eb11b45.0000055e.honggfuzz.cov deleted file mode 100644 index 29687adc..00000000 Binary files a/examples/bind/corpus/253b1e2248e282a2463c47f97eb11b45.0000055e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/255ad6d1c03259f1b14915edeed91065.00000048.honggfuzz.cov b/examples/bind/corpus/255ad6d1c03259f1b14915edeed91065.00000048.honggfuzz.cov deleted file mode 100644 index a34fc10b..00000000 Binary files a/examples/bind/corpus/255ad6d1c03259f1b14915edeed91065.00000048.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/256314168eee874c12895ed3db700cab.00000085.honggfuzz.cov b/examples/bind/corpus/256314168eee874c12895ed3db700cab.00000085.honggfuzz.cov new file mode 100644 index 00000000..90b873cb Binary files /dev/null and b/examples/bind/corpus/256314168eee874c12895ed3db700cab.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/25911ad32daf1ee72d115f4f09c0c59c.00000080.honggfuzz.cov b/examples/bind/corpus/25911ad32daf1ee72d115f4f09c0c59c.00000080.honggfuzz.cov deleted file mode 100644 index efd8427a..00000000 Binary files a/examples/bind/corpus/25911ad32daf1ee72d115f4f09c0c59c.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/25ce903700f2e8a9b0c2e7ef64a4c19e.0001e987.honggfuzz.cov b/examples/bind/corpus/25ce903700f2e8a9b0c2e7ef64a4c19e.0001e987.honggfuzz.cov deleted file mode 100644 index e670457d..00000000 Binary files a/examples/bind/corpus/25ce903700f2e8a9b0c2e7ef64a4c19e.0001e987.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/25d416849520244188ab8366035b8475.000000f7.honggfuzz.cov b/examples/bind/corpus/25d416849520244188ab8366035b8475.000000f7.honggfuzz.cov deleted file mode 100644 index aa5a7ea5..00000000 Binary files a/examples/bind/corpus/25d416849520244188ab8366035b8475.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/26063906a6e3812781a4a71eb9d766ca.00000178.honggfuzz.cov b/examples/bind/corpus/26063906a6e3812781a4a71eb9d766ca.00000178.honggfuzz.cov new file mode 100644 index 00000000..e9adf425 Binary files /dev/null and b/examples/bind/corpus/26063906a6e3812781a4a71eb9d766ca.00000178.honggfuzz.cov differ diff --git a/examples/bind/corpus/2613c2525caa5302704110915358b489.0001f7e8.honggfuzz.cov b/examples/bind/corpus/2613c2525caa5302704110915358b489.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..5dd3af19 Binary files /dev/null and b/examples/bind/corpus/2613c2525caa5302704110915358b489.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/2620c4ba55e873344c26be181837f6d2.00018619.honggfuzz.cov b/examples/bind/corpus/2620c4ba55e873344c26be181837f6d2.00018619.honggfuzz.cov deleted file mode 100644 index e26d2a95..00000000 Binary files a/examples/bind/corpus/2620c4ba55e873344c26be181837f6d2.00018619.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2630c6225d3525618c869da176c79b02.00000c2e.honggfuzz.cov b/examples/bind/corpus/2630c6225d3525618c869da176c79b02.00000c2e.honggfuzz.cov deleted file mode 100644 index b4e4b7f4..00000000 Binary files a/examples/bind/corpus/2630c6225d3525618c869da176c79b02.00000c2e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2637fca7b594196e2ac864c242fe450f.00000892.honggfuzz.cov b/examples/bind/corpus/2637fca7b594196e2ac864c242fe450f.00000892.honggfuzz.cov deleted file mode 100644 index 314af20f..00000000 Binary files a/examples/bind/corpus/2637fca7b594196e2ac864c242fe450f.00000892.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/263ba06b15717e12366f8b93f6d7e9ec.00020000.honggfuzz.cov b/examples/bind/corpus/263ba06b15717e12366f8b93f6d7e9ec.00020000.honggfuzz.cov deleted file mode 100644 index 80e4b400..00000000 Binary files a/examples/bind/corpus/263ba06b15717e12366f8b93f6d7e9ec.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/264e7318137ba501ba932ca525a0826b.0000d8f2.honggfuzz.cov b/examples/bind/corpus/264e7318137ba501ba932ca525a0826b.0000d8f2.honggfuzz.cov deleted file mode 100644 index d2200a6c..00000000 Binary files a/examples/bind/corpus/264e7318137ba501ba932ca525a0826b.0000d8f2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/265391b1da8672d8a7494d84b9f25b0b.0000b857.honggfuzz.cov b/examples/bind/corpus/265391b1da8672d8a7494d84b9f25b0b.0000b857.honggfuzz.cov deleted file mode 100644 index 2a705897..00000000 Binary files a/examples/bind/corpus/265391b1da8672d8a7494d84b9f25b0b.0000b857.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/267b8c00de31a18e9a6983e1169b35a1.00000400.honggfuzz.cov b/examples/bind/corpus/267b8c00de31a18e9a6983e1169b35a1.00000400.honggfuzz.cov deleted file mode 100644 index 9046cf33..00000000 Binary files a/examples/bind/corpus/267b8c00de31a18e9a6983e1169b35a1.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2698ea4a732d46765b07c2c334ee8c81.000101d0.honggfuzz.cov b/examples/bind/corpus/2698ea4a732d46765b07c2c334ee8c81.000101d0.honggfuzz.cov new file mode 100644 index 00000000..23dba923 Binary files /dev/null and b/examples/bind/corpus/2698ea4a732d46765b07c2c334ee8c81.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/26a2769857f6d81054725e2e52850bf9.000000b6.honggfuzz.cov b/examples/bind/corpus/26a2769857f6d81054725e2e52850bf9.000000b6.honggfuzz.cov deleted file mode 100644 index 420f41aa..00000000 Binary files a/examples/bind/corpus/26a2769857f6d81054725e2e52850bf9.000000b6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/26cb7739306571c2bf1233608dd2d78d.0000f3cb.honggfuzz.cov b/examples/bind/corpus/26cb7739306571c2bf1233608dd2d78d.0000f3cb.honggfuzz.cov deleted file mode 100644 index 3c365d70..00000000 Binary files a/examples/bind/corpus/26cb7739306571c2bf1233608dd2d78d.0000f3cb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/26cd4d2a8ad8fdd58cda94bf75cce647.000001b0.honggfuzz.cov b/examples/bind/corpus/26cd4d2a8ad8fdd58cda94bf75cce647.000001b0.honggfuzz.cov deleted file mode 100644 index b360d443..00000000 Binary files a/examples/bind/corpus/26cd4d2a8ad8fdd58cda94bf75cce647.000001b0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/26ce8770aa3b294739db5db59c0f085d.00011949.honggfuzz.cov b/examples/bind/corpus/26ce8770aa3b294739db5db59c0f085d.00011949.honggfuzz.cov deleted file mode 100644 index db182fac..00000000 Binary files a/examples/bind/corpus/26ce8770aa3b294739db5db59c0f085d.00011949.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/26e64ab0bd229aaadf13c251d74c2af0.000000a2.honggfuzz.cov b/examples/bind/corpus/26e64ab0bd229aaadf13c251d74c2af0.000000a2.honggfuzz.cov deleted file mode 100644 index 10a16bfc..00000000 Binary files a/examples/bind/corpus/26e64ab0bd229aaadf13c251d74c2af0.000000a2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/26ea097000a6186a864d151ffa2bb4eb.00000319.honggfuzz.cov b/examples/bind/corpus/26ea097000a6186a864d151ffa2bb4eb.00000319.honggfuzz.cov new file mode 100644 index 00000000..08cd7cc5 Binary files /dev/null and b/examples/bind/corpus/26ea097000a6186a864d151ffa2bb4eb.00000319.honggfuzz.cov differ diff --git a/examples/bind/corpus/26f6c65a306a4aba522d21ec635a0963.0000004f.honggfuzz.cov b/examples/bind/corpus/26f6c65a306a4aba522d21ec635a0963.0000004f.honggfuzz.cov new file mode 100644 index 00000000..bef9d556 Binary files /dev/null and b/examples/bind/corpus/26f6c65a306a4aba522d21ec635a0963.0000004f.honggfuzz.cov differ diff --git a/examples/bind/corpus/2703cf70996151e23ccc45b58eb072c2.00000085.honggfuzz.cov b/examples/bind/corpus/2703cf70996151e23ccc45b58eb072c2.00000085.honggfuzz.cov deleted file mode 100644 index 806c612d..00000000 Binary files a/examples/bind/corpus/2703cf70996151e23ccc45b58eb072c2.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/270c6fd1ac085caaf4e4fa2a99ff6759.00000085.honggfuzz.cov b/examples/bind/corpus/270c6fd1ac085caaf4e4fa2a99ff6759.00000085.honggfuzz.cov deleted file mode 100644 index 56a10239..00000000 Binary files a/examples/bind/corpus/270c6fd1ac085caaf4e4fa2a99ff6759.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/274a26478210c4044f6d5eb807a9bd5b.00000456.honggfuzz.cov b/examples/bind/corpus/274a26478210c4044f6d5eb807a9bd5b.00000456.honggfuzz.cov new file mode 100644 index 00000000..e9221ca7 Binary files /dev/null and b/examples/bind/corpus/274a26478210c4044f6d5eb807a9bd5b.00000456.honggfuzz.cov differ diff --git a/examples/bind/corpus/27579486506a5f555d163b78a842f91c.00000090.honggfuzz.cov b/examples/bind/corpus/27579486506a5f555d163b78a842f91c.00000090.honggfuzz.cov deleted file mode 100644 index 9d53bd26..00000000 Binary files a/examples/bind/corpus/27579486506a5f555d163b78a842f91c.00000090.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/27c80835b4b55e765cc302f2b7105d35.00000085.honggfuzz.cov b/examples/bind/corpus/27c80835b4b55e765cc302f2b7105d35.00000085.honggfuzz.cov deleted file mode 100644 index 52b83401..00000000 Binary files a/examples/bind/corpus/27c80835b4b55e765cc302f2b7105d35.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/27cffb351896595c6071c51cda6eef43.00000020.honggfuzz.cov b/examples/bind/corpus/27cffb351896595c6071c51cda6eef43.00000020.honggfuzz.cov new file mode 100644 index 00000000..e90169e3 Binary files /dev/null and b/examples/bind/corpus/27cffb351896595c6071c51cda6eef43.00000020.honggfuzz.cov differ diff --git a/examples/bind/corpus/27e3b4ea27ed566dc39adf4629ec35e9.000000f7.honggfuzz.cov b/examples/bind/corpus/27e3b4ea27ed566dc39adf4629ec35e9.000000f7.honggfuzz.cov deleted file mode 100644 index 4b44c7f7..00000000 Binary files a/examples/bind/corpus/27e3b4ea27ed566dc39adf4629ec35e9.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/27e8b4fa27ed567dc39adf5d29e735f9.000000f7.honggfuzz.cov b/examples/bind/corpus/27e8b4fa27ed567dc39adf5d29e735f9.000000f7.honggfuzz.cov deleted file mode 100644 index 04beef4d..00000000 Binary files a/examples/bind/corpus/27e8b4fa27ed567dc39adf5d29e735f9.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/27f7fd341977b2fef1e4f98e809403d2.000007cd.honggfuzz.cov b/examples/bind/corpus/27f7fd341977b2fef1e4f98e809403d2.000007cd.honggfuzz.cov new file mode 100644 index 00000000..e2de79c7 Binary files /dev/null and b/examples/bind/corpus/27f7fd341977b2fef1e4f98e809403d2.000007cd.honggfuzz.cov differ diff --git a/examples/bind/corpus/2806a131ed764fe19e8a288488a70287.0000007d.honggfuzz.cov b/examples/bind/corpus/2806a131ed764fe19e8a288488a70287.0000007d.honggfuzz.cov new file mode 100644 index 00000000..15bcb623 Binary files /dev/null and b/examples/bind/corpus/2806a131ed764fe19e8a288488a70287.0000007d.honggfuzz.cov differ diff --git a/examples/bind/corpus/28169230837a3526062735536fe0b144.0000001c.honggfuzz.cov b/examples/bind/corpus/28169230837a3526062735536fe0b144.0000001c.honggfuzz.cov deleted file mode 100644 index 1042b223..00000000 Binary files a/examples/bind/corpus/28169230837a3526062735536fe0b144.0000001c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2816c979b37a3526b4db0a226fe0b144.0000001c.honggfuzz.cov b/examples/bind/corpus/2816c979b37a3526b4db0a226fe0b144.0000001c.honggfuzz.cov new file mode 100644 index 00000000..d549b3d9 Binary files /dev/null and b/examples/bind/corpus/2816c979b37a3526b4db0a226fe0b144.0000001c.honggfuzz.cov differ diff --git a/examples/bind/corpus/286245a8b787295a774089a30a3e8bba.000000da.honggfuzz.cov b/examples/bind/corpus/286245a8b787295a774089a30a3e8bba.000000da.honggfuzz.cov deleted file mode 100644 index caf8dca6..00000000 Binary files a/examples/bind/corpus/286245a8b787295a774089a30a3e8bba.000000da.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2864d593e5aeff1044ec45ee0e5c1129.00000037.honggfuzz.cov b/examples/bind/corpus/2864d593e5aeff1044ec45ee0e5c1129.00000037.honggfuzz.cov deleted file mode 100644 index 1037c632..00000000 Binary files a/examples/bind/corpus/2864d593e5aeff1044ec45ee0e5c1129.00000037.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/28681b48a585eeb51a7b39b1d24dccce.00000716.honggfuzz.cov b/examples/bind/corpus/28681b48a585eeb51a7b39b1d24dccce.00000716.honggfuzz.cov deleted file mode 100644 index affc324d..00000000 Binary files a/examples/bind/corpus/28681b48a585eeb51a7b39b1d24dccce.00000716.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/288a6ab0230f4c3338005459f23d4466.0000001e.honggfuzz.cov b/examples/bind/corpus/288a6ab0230f4c3338005459f23d4466.0000001e.honggfuzz.cov deleted file mode 100644 index 57590b25..00000000 Binary files a/examples/bind/corpus/288a6ab0230f4c3338005459f23d4466.0000001e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/288beb7e8f37b6446403b7d7ff72512c.000000d1.honggfuzz.cov b/examples/bind/corpus/288beb7e8f37b6446403b7d7ff72512c.000000d1.honggfuzz.cov deleted file mode 100644 index 1aab240e..00000000 Binary files a/examples/bind/corpus/288beb7e8f37b6446403b7d7ff72512c.000000d1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2890e153d5d7c0bc3158cb196db0b15a.0001f7e8.honggfuzz.cov b/examples/bind/corpus/2890e153d5d7c0bc3158cb196db0b15a.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..c414356b Binary files /dev/null and b/examples/bind/corpus/2890e153d5d7c0bc3158cb196db0b15a.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/28c12ab3d4cf271d2c8281560034f802.000000e9.honggfuzz.cov b/examples/bind/corpus/28c12ab3d4cf271d2c8281560034f802.000000e9.honggfuzz.cov deleted file mode 100644 index 42d2e19c..00000000 Binary files a/examples/bind/corpus/28c12ab3d4cf271d2c8281560034f802.000000e9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/290251b223a32ef23fe5e83e5e9fab5e.000008e8.honggfuzz.cov b/examples/bind/corpus/290251b223a32ef23fe5e83e5e9fab5e.000008e8.honggfuzz.cov deleted file mode 100644 index 7d7e6e60..00000000 Binary files a/examples/bind/corpus/290251b223a32ef23fe5e83e5e9fab5e.000008e8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/290eaabae8f650ae14f9691c82825c5b.000001a0.honggfuzz.cov b/examples/bind/corpus/290eaabae8f650ae14f9691c82825c5b.000001a0.honggfuzz.cov new file mode 100644 index 00000000..6c4a8b32 Binary files /dev/null and b/examples/bind/corpus/290eaabae8f650ae14f9691c82825c5b.000001a0.honggfuzz.cov differ diff --git a/examples/bind/corpus/2927be72f2301500f606f065d22c6024.00000085.honggfuzz.cov b/examples/bind/corpus/2927be72f2301500f606f065d22c6024.00000085.honggfuzz.cov new file mode 100644 index 00000000..5bc26dd1 Binary files /dev/null and b/examples/bind/corpus/2927be72f2301500f606f065d22c6024.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/2934f7416c770cfab0a9f6f153d791a9.000001eb.honggfuzz.cov b/examples/bind/corpus/2934f7416c770cfab0a9f6f153d791a9.000001eb.honggfuzz.cov deleted file mode 100644 index 73b6d2e7..00000000 Binary files a/examples/bind/corpus/2934f7416c770cfab0a9f6f153d791a9.000001eb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2935e1720fc4909943ec18eb10660442.000003a2.honggfuzz.cov b/examples/bind/corpus/2935e1720fc4909943ec18eb10660442.000003a2.honggfuzz.cov new file mode 100644 index 00000000..d5a93be7 Binary files /dev/null and b/examples/bind/corpus/2935e1720fc4909943ec18eb10660442.000003a2.honggfuzz.cov differ diff --git a/examples/bind/corpus/2951d582fc05458d26aa1bd96f063209.000001be.honggfuzz.cov b/examples/bind/corpus/2951d582fc05458d26aa1bd96f063209.000001be.honggfuzz.cov deleted file mode 100644 index ada7d5a3..00000000 Binary files a/examples/bind/corpus/2951d582fc05458d26aa1bd96f063209.000001be.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2951f3971061098706db6f6f2e3ab51a.0001b949.honggfuzz.cov b/examples/bind/corpus/2951f3971061098706db6f6f2e3ab51a.0001b949.honggfuzz.cov deleted file mode 100644 index 4d4a9c89..00000000 Binary files a/examples/bind/corpus/2951f3971061098706db6f6f2e3ab51a.0001b949.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2958de74379824fcd67238ec91502cee.000000c6.honggfuzz.cov b/examples/bind/corpus/2958de74379824fcd67238ec91502cee.000000c6.honggfuzz.cov deleted file mode 100644 index 41850024..00000000 Binary files a/examples/bind/corpus/2958de74379824fcd67238ec91502cee.000000c6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2959b171a5845f76b22dfcdf4b8f336f.0000009a.honggfuzz.cov b/examples/bind/corpus/2959b171a5845f76b22dfcdf4b8f336f.0000009a.honggfuzz.cov new file mode 100644 index 00000000..b3895ffd Binary files /dev/null and b/examples/bind/corpus/2959b171a5845f76b22dfcdf4b8f336f.0000009a.honggfuzz.cov differ diff --git a/examples/bind/corpus/296341033406d1beefc23f727964ee5a.00000040.honggfuzz.cov b/examples/bind/corpus/296341033406d1beefc23f727964ee5a.00000040.honggfuzz.cov new file mode 100644 index 00000000..51d73147 Binary files /dev/null and b/examples/bind/corpus/296341033406d1beefc23f727964ee5a.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/29a1d7e772b69baf81f73a0012d590eb.00000119.honggfuzz.cov b/examples/bind/corpus/29a1d7e772b69baf81f73a0012d590eb.00000119.honggfuzz.cov deleted file mode 100644 index 57655028..00000000 Binary files a/examples/bind/corpus/29a1d7e772b69baf81f73a0012d590eb.00000119.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/29b49aefa81d587b956b3d795a62f6f8.000002af.honggfuzz.cov b/examples/bind/corpus/29b49aefa81d587b956b3d795a62f6f8.000002af.honggfuzz.cov deleted file mode 100644 index 157f67ff..00000000 Binary files a/examples/bind/corpus/29b49aefa81d587b956b3d795a62f6f8.000002af.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/29c645d38ecda878a91b66a33b088a59.0000079b.honggfuzz.cov b/examples/bind/corpus/29c645d38ecda878a91b66a33b088a59.0000079b.honggfuzz.cov deleted file mode 100644 index f1055bc7..00000000 Binary files a/examples/bind/corpus/29c645d38ecda878a91b66a33b088a59.0000079b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/29d11176930c773d9a4aa7682ca1f9db.0000fc1b.honggfuzz.cov b/examples/bind/corpus/29d11176930c773d9a4aa7682ca1f9db.0000fc1b.honggfuzz.cov deleted file mode 100644 index 1ab1d2ba..00000000 Binary files a/examples/bind/corpus/29d11176930c773d9a4aa7682ca1f9db.0000fc1b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/29fa32af39c41b1a8d7fb2bbbf579be2.00000119.honggfuzz.cov b/examples/bind/corpus/29fa32af39c41b1a8d7fb2bbbf579be2.00000119.honggfuzz.cov deleted file mode 100644 index e547857c..00000000 Binary files a/examples/bind/corpus/29fa32af39c41b1a8d7fb2bbbf579be2.00000119.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2a1b620533021214017d93fc8d47fda3.00001686.honggfuzz.cov b/examples/bind/corpus/2a1b620533021214017d93fc8d47fda3.00001686.honggfuzz.cov deleted file mode 100644 index 3378cca2..00000000 Binary files a/examples/bind/corpus/2a1b620533021214017d93fc8d47fda3.00001686.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2a25df148e9d0a747bb4cf0efea8f22b.000105b8.honggfuzz.cov b/examples/bind/corpus/2a25df148e9d0a747bb4cf0efea8f22b.000105b8.honggfuzz.cov new file mode 100644 index 00000000..c49306de Binary files /dev/null and b/examples/bind/corpus/2a25df148e9d0a747bb4cf0efea8f22b.000105b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/2a5130cb432aa8fd3c4c254bc22f1d70.000000b2.honggfuzz.cov b/examples/bind/corpus/2a5130cb432aa8fd3c4c254bc22f1d70.000000b2.honggfuzz.cov deleted file mode 100644 index 16f044b9..00000000 Binary files a/examples/bind/corpus/2a5130cb432aa8fd3c4c254bc22f1d70.000000b2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2a58b135a3164800c4d3c8e85633e6b0.00000085.honggfuzz.cov b/examples/bind/corpus/2a58b135a3164800c4d3c8e85633e6b0.00000085.honggfuzz.cov new file mode 100644 index 00000000..a6fef5f1 Binary files /dev/null and b/examples/bind/corpus/2a58b135a3164800c4d3c8e85633e6b0.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/2a6dee1e139b45dd8bc34e7795989969.00000085.honggfuzz.cov b/examples/bind/corpus/2a6dee1e139b45dd8bc34e7795989969.00000085.honggfuzz.cov deleted file mode 100644 index 4080fb11..00000000 Binary files a/examples/bind/corpus/2a6dee1e139b45dd8bc34e7795989969.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2a88c5f40f4c624f61fe64706f2bbb8f.00000200.honggfuzz.cov b/examples/bind/corpus/2a88c5f40f4c624f61fe64706f2bbb8f.00000200.honggfuzz.cov new file mode 100644 index 00000000..8e14f555 Binary files /dev/null and b/examples/bind/corpus/2a88c5f40f4c624f61fe64706f2bbb8f.00000200.honggfuzz.cov differ diff --git a/examples/bind/corpus/2a9321d72b151a8483a6df28caa96567.00001461.honggfuzz.cov b/examples/bind/corpus/2a9321d72b151a8483a6df28caa96567.00001461.honggfuzz.cov deleted file mode 100644 index 462df17e..00000000 Binary files a/examples/bind/corpus/2a9321d72b151a8483a6df28caa96567.00001461.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2a99eea3d4dfcf64fec86e05da464784.00000d60.honggfuzz.cov b/examples/bind/corpus/2a99eea3d4dfcf64fec86e05da464784.00000d60.honggfuzz.cov deleted file mode 100644 index a001e864..00000000 Binary files a/examples/bind/corpus/2a99eea3d4dfcf64fec86e05da464784.00000d60.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2aa1c13e1fe81c576582da806904d359.00000032.honggfuzz.cov b/examples/bind/corpus/2aa1c13e1fe81c576582da806904d359.00000032.honggfuzz.cov new file mode 100644 index 00000000..ac868b14 Binary files /dev/null and b/examples/bind/corpus/2aa1c13e1fe81c576582da806904d359.00000032.honggfuzz.cov differ diff --git a/examples/bind/corpus/2ab531ce9d0e4774054f6baeae93b59f.00000085.honggfuzz.cov b/examples/bind/corpus/2ab531ce9d0e4774054f6baeae93b59f.00000085.honggfuzz.cov deleted file mode 100644 index ebba7719..00000000 Binary files a/examples/bind/corpus/2ab531ce9d0e4774054f6baeae93b59f.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2abf5ad6c26932799ae63513e0fbe409.0000c26e.honggfuzz.cov b/examples/bind/corpus/2abf5ad6c26932799ae63513e0fbe409.0000c26e.honggfuzz.cov deleted file mode 100644 index 9e30f4eb..00000000 Binary files a/examples/bind/corpus/2abf5ad6c26932799ae63513e0fbe409.0000c26e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2acbcf37dfcedf17abeb6285176a7f50.000002cb.honggfuzz.cov b/examples/bind/corpus/2acbcf37dfcedf17abeb6285176a7f50.000002cb.honggfuzz.cov new file mode 100644 index 00000000..91de8e2d Binary files /dev/null and b/examples/bind/corpus/2acbcf37dfcedf17abeb6285176a7f50.000002cb.honggfuzz.cov differ diff --git a/examples/bind/corpus/2ae7fa3b54ef4289f5fd0417590f5939.00000375.honggfuzz.cov b/examples/bind/corpus/2ae7fa3b54ef4289f5fd0417590f5939.00000375.honggfuzz.cov deleted file mode 100644 index 3955baba..00000000 Binary files a/examples/bind/corpus/2ae7fa3b54ef4289f5fd0417590f5939.00000375.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2ae85bc208b1d0a2439562b210e0cacf.00000040.honggfuzz.cov b/examples/bind/corpus/2ae85bc208b1d0a2439562b210e0cacf.00000040.honggfuzz.cov deleted file mode 100644 index da7efd1e..00000000 Binary files a/examples/bind/corpus/2ae85bc208b1d0a2439562b210e0cacf.00000040.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2b03ea1afbd263a5d9d69c5aec90024e.000000c7.honggfuzz.cov b/examples/bind/corpus/2b03ea1afbd263a5d9d69c5aec90024e.000000c7.honggfuzz.cov new file mode 100644 index 00000000..9ac60d23 Binary files /dev/null and b/examples/bind/corpus/2b03ea1afbd263a5d9d69c5aec90024e.000000c7.honggfuzz.cov differ diff --git a/examples/bind/corpus/2b0f17e028c926f4503b5cb7c846c4aa.00000080.honggfuzz.cov b/examples/bind/corpus/2b0f17e028c926f4503b5cb7c846c4aa.00000080.honggfuzz.cov new file mode 100644 index 00000000..3f62eb9c Binary files /dev/null and b/examples/bind/corpus/2b0f17e028c926f4503b5cb7c846c4aa.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/2b161e928668741ee4e8e833422d6071.00006071.honggfuzz.cov b/examples/bind/corpus/2b161e928668741ee4e8e833422d6071.00006071.honggfuzz.cov deleted file mode 100644 index 566b50dc..00000000 Binary files a/examples/bind/corpus/2b161e928668741ee4e8e833422d6071.00006071.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2b5e6fc6b843dc19288c643a99fb1219.00000085.honggfuzz.cov b/examples/bind/corpus/2b5e6fc6b843dc19288c643a99fb1219.00000085.honggfuzz.cov deleted file mode 100644 index fca243bc..00000000 Binary files a/examples/bind/corpus/2b5e6fc6b843dc19288c643a99fb1219.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2b6ad10533c601fd95ddf27904ab773e.000000c3.honggfuzz.cov b/examples/bind/corpus/2b6ad10533c601fd95ddf27904ab773e.000000c3.honggfuzz.cov new file mode 100644 index 00000000..444af470 Binary files /dev/null and b/examples/bind/corpus/2b6ad10533c601fd95ddf27904ab773e.000000c3.honggfuzz.cov differ diff --git a/examples/bind/corpus/2b841dbbd7b99bdd303238ba8e8f1208.00000085.honggfuzz.cov b/examples/bind/corpus/2b841dbbd7b99bdd303238ba8e8f1208.00000085.honggfuzz.cov new file mode 100644 index 00000000..f9531a22 Binary files /dev/null and b/examples/bind/corpus/2b841dbbd7b99bdd303238ba8e8f1208.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/2b9121005e53728c8c2a937d4376d153.00000039.honggfuzz.cov b/examples/bind/corpus/2b9121005e53728c8c2a937d4376d153.00000039.honggfuzz.cov new file mode 100644 index 00000000..cf3d8ba2 Binary files /dev/null and b/examples/bind/corpus/2b9121005e53728c8c2a937d4376d153.00000039.honggfuzz.cov differ diff --git a/examples/bind/corpus/2babf26ce7962d812ba354cf7f74ea05.00000092.honggfuzz.cov b/examples/bind/corpus/2babf26ce7962d812ba354cf7f74ea05.00000092.honggfuzz.cov deleted file mode 100644 index 5f1e7ff0..00000000 Binary files a/examples/bind/corpus/2babf26ce7962d812ba354cf7f74ea05.00000092.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2bbab97ff6782ff8548eef21c3088acc.00000085.honggfuzz.cov b/examples/bind/corpus/2bbab97ff6782ff8548eef21c3088acc.00000085.honggfuzz.cov deleted file mode 100644 index 438f8f39..00000000 Binary files a/examples/bind/corpus/2bbab97ff6782ff8548eef21c3088acc.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2bc67eab9dbeb18b7101b43cd89b90ef.0000041f.honggfuzz.cov b/examples/bind/corpus/2bc67eab9dbeb18b7101b43cd89b90ef.0000041f.honggfuzz.cov new file mode 100644 index 00000000..7263ea33 Binary files /dev/null and b/examples/bind/corpus/2bc67eab9dbeb18b7101b43cd89b90ef.0000041f.honggfuzz.cov differ diff --git a/examples/bind/corpus/2be2d3bd1168e111ac1fe5c41dd4760b.00001327.honggfuzz.cov b/examples/bind/corpus/2be2d3bd1168e111ac1fe5c41dd4760b.00001327.honggfuzz.cov deleted file mode 100644 index 82771f97..00000000 Binary files a/examples/bind/corpus/2be2d3bd1168e111ac1fe5c41dd4760b.00001327.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2c03bc7870a9088e9d499214626169b1.0001f7e8.honggfuzz.cov b/examples/bind/corpus/2c03bc7870a9088e9d499214626169b1.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..9c7ae75b Binary files /dev/null and b/examples/bind/corpus/2c03bc7870a9088e9d499214626169b1.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/2c27f1b91c603059818dcdf840f672f3.00000254.honggfuzz.cov b/examples/bind/corpus/2c27f1b91c603059818dcdf840f672f3.00000254.honggfuzz.cov new file mode 100644 index 00000000..70801b58 Binary files /dev/null and b/examples/bind/corpus/2c27f1b91c603059818dcdf840f672f3.00000254.honggfuzz.cov differ diff --git a/examples/bind/corpus/2c314f69fcc929e897056c8028ead267.00008325.honggfuzz.cov b/examples/bind/corpus/2c314f69fcc929e897056c8028ead267.00008325.honggfuzz.cov deleted file mode 100644 index 0e7ca022..00000000 Binary files a/examples/bind/corpus/2c314f69fcc929e897056c8028ead267.00008325.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2c448a21d73bd328b7e5b27f8bfb28dd.000126d3.honggfuzz.cov b/examples/bind/corpus/2c448a21d73bd328b7e5b27f8bfb28dd.000126d3.honggfuzz.cov deleted file mode 100644 index e3b99b26..00000000 Binary files a/examples/bind/corpus/2c448a21d73bd328b7e5b27f8bfb28dd.000126d3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2c4627776b71fbb314849ea1dcc673ad.00000033.honggfuzz.cov b/examples/bind/corpus/2c4627776b71fbb314849ea1dcc673ad.00000033.honggfuzz.cov new file mode 100644 index 00000000..64a6f4fb Binary files /dev/null and b/examples/bind/corpus/2c4627776b71fbb314849ea1dcc673ad.00000033.honggfuzz.cov differ diff --git a/examples/bind/corpus/2c783c7fe3493416890e0e2d1f8fe511.00000200.honggfuzz.cov b/examples/bind/corpus/2c783c7fe3493416890e0e2d1f8fe511.00000200.honggfuzz.cov deleted file mode 100644 index e62a511f..00000000 Binary files a/examples/bind/corpus/2c783c7fe3493416890e0e2d1f8fe511.00000200.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2c7a128875160abadd71fc3781035b23.000001db.honggfuzz.cov b/examples/bind/corpus/2c7a128875160abadd71fc3781035b23.000001db.honggfuzz.cov deleted file mode 100644 index 2766cc25..00000000 Binary files a/examples/bind/corpus/2c7a128875160abadd71fc3781035b23.000001db.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2c859d21ccddb2aa11746920953de7d6.00001388.honggfuzz.cov b/examples/bind/corpus/2c859d21ccddb2aa11746920953de7d6.00001388.honggfuzz.cov deleted file mode 100644 index 2c39ba9d..00000000 Binary files a/examples/bind/corpus/2c859d21ccddb2aa11746920953de7d6.00001388.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2c8995be8dfd5680b3c13f91c618c57e.00000085.honggfuzz.cov b/examples/bind/corpus/2c8995be8dfd5680b3c13f91c618c57e.00000085.honggfuzz.cov new file mode 100644 index 00000000..2da633a8 Binary files /dev/null and b/examples/bind/corpus/2c8995be8dfd5680b3c13f91c618c57e.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/2caddeddb91faaeff5d25333e0861d9f.00000036.honggfuzz.cov b/examples/bind/corpus/2caddeddb91faaeff5d25333e0861d9f.00000036.honggfuzz.cov new file mode 100644 index 00000000..1a2d902f Binary files /dev/null and b/examples/bind/corpus/2caddeddb91faaeff5d25333e0861d9f.00000036.honggfuzz.cov differ diff --git a/examples/bind/corpus/2cc95f28e8441b334abbb78565bf16bf.0000003b.honggfuzz.cov b/examples/bind/corpus/2cc95f28e8441b334abbb78565bf16bf.0000003b.honggfuzz.cov new file mode 100644 index 00000000..a2197e18 Binary files /dev/null and b/examples/bind/corpus/2cc95f28e8441b334abbb78565bf16bf.0000003b.honggfuzz.cov differ diff --git a/examples/bind/corpus/2ce70fe160e9675226e59d51bdd3f739.000184e8.honggfuzz.cov b/examples/bind/corpus/2ce70fe160e9675226e59d51bdd3f739.000184e8.honggfuzz.cov new file mode 100644 index 00000000..49ecd79d Binary files /dev/null and b/examples/bind/corpus/2ce70fe160e9675226e59d51bdd3f739.000184e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/2ceaa17dae7da8760d3507c974c579bd.0000011a.honggfuzz.cov b/examples/bind/corpus/2ceaa17dae7da8760d3507c974c579bd.0000011a.honggfuzz.cov deleted file mode 100644 index 00cdbfb2..00000000 Binary files a/examples/bind/corpus/2ceaa17dae7da8760d3507c974c579bd.0000011a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2cf4bfacf947453c3b1db7593e64fd01.00000400.honggfuzz.cov b/examples/bind/corpus/2cf4bfacf947453c3b1db7593e64fd01.00000400.honggfuzz.cov deleted file mode 100644 index 972d9e18..00000000 Binary files a/examples/bind/corpus/2cf4bfacf947453c3b1db7593e64fd01.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2cf85615c0f6d649db796627e280db47.00000085.honggfuzz.cov b/examples/bind/corpus/2cf85615c0f6d649db796627e280db47.00000085.honggfuzz.cov deleted file mode 100644 index 880701cb..00000000 Binary files a/examples/bind/corpus/2cf85615c0f6d649db796627e280db47.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2cfcab9c5c2e3653cd879deefb2872ea.00000085.honggfuzz.cov b/examples/bind/corpus/2cfcab9c5c2e3653cd879deefb2872ea.00000085.honggfuzz.cov deleted file mode 100644 index 1fd96fbc..00000000 Binary files a/examples/bind/corpus/2cfcab9c5c2e3653cd879deefb2872ea.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2cffaa7220743c267dedd778749703a1.000101d0.honggfuzz.cov b/examples/bind/corpus/2cffaa7220743c267dedd778749703a1.000101d0.honggfuzz.cov new file mode 100644 index 00000000..4b68969d Binary files /dev/null and b/examples/bind/corpus/2cffaa7220743c267dedd778749703a1.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/2d16968fc6c5be50d1a3715b0265abe5.00000400.honggfuzz.cov b/examples/bind/corpus/2d16968fc6c5be50d1a3715b0265abe5.00000400.honggfuzz.cov deleted file mode 100644 index 0c3f239f..00000000 Binary files a/examples/bind/corpus/2d16968fc6c5be50d1a3715b0265abe5.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2d34db235247c83c6abae62f88ab34d6.00001e19.honggfuzz.cov b/examples/bind/corpus/2d34db235247c83c6abae62f88ab34d6.00001e19.honggfuzz.cov new file mode 100644 index 00000000..1fe1a4e0 Binary files /dev/null and b/examples/bind/corpus/2d34db235247c83c6abae62f88ab34d6.00001e19.honggfuzz.cov differ diff --git a/examples/bind/corpus/2d5874f63c97e2f92997ab8004c42845.00000153.honggfuzz.cov b/examples/bind/corpus/2d5874f63c97e2f92997ab8004c42845.00000153.honggfuzz.cov new file mode 100644 index 00000000..7623511e Binary files /dev/null and b/examples/bind/corpus/2d5874f63c97e2f92997ab8004c42845.00000153.honggfuzz.cov differ diff --git a/examples/bind/corpus/2d5ec2171cd6dfc77ffb61adc568aab4.000014b5.honggfuzz.cov b/examples/bind/corpus/2d5ec2171cd6dfc77ffb61adc568aab4.000014b5.honggfuzz.cov deleted file mode 100644 index 72138350..00000000 Binary files a/examples/bind/corpus/2d5ec2171cd6dfc77ffb61adc568aab4.000014b5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2d71783c775910c3562f751089a4fcab.0000002f.honggfuzz.cov b/examples/bind/corpus/2d71783c775910c3562f751089a4fcab.0000002f.honggfuzz.cov new file mode 100644 index 00000000..c29eb28b Binary files /dev/null and b/examples/bind/corpus/2d71783c775910c3562f751089a4fcab.0000002f.honggfuzz.cov differ diff --git a/examples/bind/corpus/2d85c98000000000b9055d0000000000.00000003.honggfuzz.cov b/examples/bind/corpus/2d85c98000000000b9055d0000000000.00000003.honggfuzz.cov new file mode 100644 index 00000000..6d1b4be3 --- /dev/null +++ b/examples/bind/corpus/2d85c98000000000b9055d0000000000.00000003.honggfuzz.cov @@ -0,0 +1 @@ +Èå0 \ No newline at end of file diff --git a/examples/bind/corpus/2da5b954ac288367a317e9a6acb93c66.00000043.honggfuzz.cov b/examples/bind/corpus/2da5b954ac288367a317e9a6acb93c66.00000043.honggfuzz.cov deleted file mode 100644 index d97fb459..00000000 Binary files a/examples/bind/corpus/2da5b954ac288367a317e9a6acb93c66.00000043.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2dad3be786a5bbfc8a73609c59990e15.0001153e.honggfuzz.cov b/examples/bind/corpus/2dad3be786a5bbfc8a73609c59990e15.0001153e.honggfuzz.cov deleted file mode 100644 index 953c192c..00000000 Binary files a/examples/bind/corpus/2dad3be786a5bbfc8a73609c59990e15.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2db889976711bb17fb2ecb1c3557562a.0000576e.honggfuzz.cov b/examples/bind/corpus/2db889976711bb17fb2ecb1c3557562a.0000576e.honggfuzz.cov deleted file mode 100644 index 35efd936..00000000 Binary files a/examples/bind/corpus/2db889976711bb17fb2ecb1c3557562a.0000576e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2dbb76b3c4cf3337ea2fce0706aefa05.000000ff.honggfuzz.cov b/examples/bind/corpus/2dbb76b3c4cf3337ea2fce0706aefa05.000000ff.honggfuzz.cov deleted file mode 100644 index 5b27f8ba..00000000 Binary files a/examples/bind/corpus/2dbb76b3c4cf3337ea2fce0706aefa05.000000ff.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2dcc1210b5e42edaa6aab5e979bcab0c.000008e6.honggfuzz.cov b/examples/bind/corpus/2dcc1210b5e42edaa6aab5e979bcab0c.000008e6.honggfuzz.cov deleted file mode 100644 index d82e227a..00000000 Binary files a/examples/bind/corpus/2dcc1210b5e42edaa6aab5e979bcab0c.000008e6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2dfc4b50f876da496f16b1fba14fd12e.00000085.honggfuzz.cov b/examples/bind/corpus/2dfc4b50f876da496f16b1fba14fd12e.00000085.honggfuzz.cov deleted file mode 100644 index 7167e309..00000000 Binary files a/examples/bind/corpus/2dfc4b50f876da496f16b1fba14fd12e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2dfd466e1e16db7ac34f1777764d47df.00000bb8.honggfuzz.cov b/examples/bind/corpus/2dfd466e1e16db7ac34f1777764d47df.00000bb8.honggfuzz.cov deleted file mode 100644 index f2b61401..00000000 Binary files a/examples/bind/corpus/2dfd466e1e16db7ac34f1777764d47df.00000bb8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2dfd8d8b9406da498e07b1fa7be4a0f4.00000085.honggfuzz.cov b/examples/bind/corpus/2dfd8d8b9406da498e07b1fa7be4a0f4.00000085.honggfuzz.cov deleted file mode 100644 index 3e28597e..00000000 Binary files a/examples/bind/corpus/2dfd8d8b9406da498e07b1fa7be4a0f4.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2e0f240808ee18905a9b31fe415db66d.00000ac4.honggfuzz.cov b/examples/bind/corpus/2e0f240808ee18905a9b31fe415db66d.00000ac4.honggfuzz.cov deleted file mode 100644 index 7cd529a1..00000000 Binary files a/examples/bind/corpus/2e0f240808ee18905a9b31fe415db66d.00000ac4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2e1fe15bca01ffe0501804594cc7976f.0000047e.honggfuzz.cov b/examples/bind/corpus/2e1fe15bca01ffe0501804594cc7976f.0000047e.honggfuzz.cov deleted file mode 100644 index 4e1361ad..00000000 Binary files a/examples/bind/corpus/2e1fe15bca01ffe0501804594cc7976f.0000047e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2e46bb6fe018e39229aa814859558bdd.00020000.honggfuzz.cov b/examples/bind/corpus/2e46bb6fe018e39229aa814859558bdd.00020000.honggfuzz.cov deleted file mode 100644 index 687cf219..00000000 Binary files a/examples/bind/corpus/2e46bb6fe018e39229aa814859558bdd.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2e69ef030829ae64c8156222d19919a0.00000d70.honggfuzz.cov b/examples/bind/corpus/2e69ef030829ae64c8156222d19919a0.00000d70.honggfuzz.cov deleted file mode 100644 index 62b8c947..00000000 Binary files a/examples/bind/corpus/2e69ef030829ae64c8156222d19919a0.00000d70.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2e786b7652f36bfaf5f5076be0d331f2.0000017b.honggfuzz.cov b/examples/bind/corpus/2e786b7652f36bfaf5f5076be0d331f2.0000017b.honggfuzz.cov new file mode 100644 index 00000000..69543761 Binary files /dev/null and b/examples/bind/corpus/2e786b7652f36bfaf5f5076be0d331f2.0000017b.honggfuzz.cov differ diff --git a/examples/bind/corpus/2e790b2b0816a86c0855bfebdb3ed461.0000044a.honggfuzz.cov b/examples/bind/corpus/2e790b2b0816a86c0855bfebdb3ed461.0000044a.honggfuzz.cov new file mode 100644 index 00000000..560aa355 Binary files /dev/null and b/examples/bind/corpus/2e790b2b0816a86c0855bfebdb3ed461.0000044a.honggfuzz.cov differ diff --git a/examples/bind/corpus/2e7921acf1da68daf735ebf7bc952556.0000d86d.honggfuzz.cov b/examples/bind/corpus/2e7921acf1da68daf735ebf7bc952556.0000d86d.honggfuzz.cov deleted file mode 100644 index 757ee885..00000000 Binary files a/examples/bind/corpus/2e7921acf1da68daf735ebf7bc952556.0000d86d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2e894c940f84cff423875811f204f5a6.00000049.honggfuzz.cov b/examples/bind/corpus/2e894c940f84cff423875811f204f5a6.00000049.honggfuzz.cov new file mode 100644 index 00000000..ffe9f78e Binary files /dev/null and b/examples/bind/corpus/2e894c940f84cff423875811f204f5a6.00000049.honggfuzz.cov differ diff --git a/examples/bind/corpus/2eab3683a7401d30e862f3607735768c.00000085.honggfuzz.cov b/examples/bind/corpus/2eab3683a7401d30e862f3607735768c.00000085.honggfuzz.cov deleted file mode 100644 index c8e12d86..00000000 Binary files a/examples/bind/corpus/2eab3683a7401d30e862f3607735768c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2eafe1d2672d9945488b18b922605884.00001bfb.honggfuzz.cov b/examples/bind/corpus/2eafe1d2672d9945488b18b922605884.00001bfb.honggfuzz.cov deleted file mode 100644 index e36b5e0d..00000000 Binary files a/examples/bind/corpus/2eafe1d2672d9945488b18b922605884.00001bfb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2ed471cb5b39924eb167ea61435af114.0000029e.honggfuzz.cov b/examples/bind/corpus/2ed471cb5b39924eb167ea61435af114.0000029e.honggfuzz.cov deleted file mode 100644 index 5d80c0d8..00000000 Binary files a/examples/bind/corpus/2ed471cb5b39924eb167ea61435af114.0000029e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2ee1b04a3421dee580f35b98bb21747c.000105b8.honggfuzz.cov b/examples/bind/corpus/2ee1b04a3421dee580f35b98bb21747c.000105b8.honggfuzz.cov new file mode 100644 index 00000000..f6e86ece Binary files /dev/null and b/examples/bind/corpus/2ee1b04a3421dee580f35b98bb21747c.000105b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/2ef889a537cf304fdc56d8d5facbfb09.00000174.honggfuzz.cov b/examples/bind/corpus/2ef889a537cf304fdc56d8d5facbfb09.00000174.honggfuzz.cov new file mode 100644 index 00000000..391d2464 Binary files /dev/null and b/examples/bind/corpus/2ef889a537cf304fdc56d8d5facbfb09.00000174.honggfuzz.cov differ diff --git a/examples/bind/corpus/2f03c6554bd3d18a7a63f9b62156aeaf.00009c97.honggfuzz.cov b/examples/bind/corpus/2f03c6554bd3d18a7a63f9b62156aeaf.00009c97.honggfuzz.cov new file mode 100644 index 00000000..6bea3e5f Binary files /dev/null and b/examples/bind/corpus/2f03c6554bd3d18a7a63f9b62156aeaf.00009c97.honggfuzz.cov differ diff --git a/examples/bind/corpus/2f03f9d97d6321a5bf67bbc8ea15fb0f.0000cc8d.honggfuzz.cov b/examples/bind/corpus/2f03f9d97d6321a5bf67bbc8ea15fb0f.0000cc8d.honggfuzz.cov deleted file mode 100644 index 9f4862e4..00000000 Binary files a/examples/bind/corpus/2f03f9d97d6321a5bf67bbc8ea15fb0f.0000cc8d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2f1b2a42676e6ec29c5aa02bf8562019.00000085.honggfuzz.cov b/examples/bind/corpus/2f1b2a42676e6ec29c5aa02bf8562019.00000085.honggfuzz.cov new file mode 100644 index 00000000..0b2c8775 Binary files /dev/null and b/examples/bind/corpus/2f1b2a42676e6ec29c5aa02bf8562019.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/2f245536f3feb228b19b7683997f4f50.00000153.honggfuzz.cov b/examples/bind/corpus/2f245536f3feb228b19b7683997f4f50.00000153.honggfuzz.cov new file mode 100644 index 00000000..30893d9f Binary files /dev/null and b/examples/bind/corpus/2f245536f3feb228b19b7683997f4f50.00000153.honggfuzz.cov differ diff --git a/examples/bind/corpus/2f4a4fc3e7b49f9180369b02acc3ff65.00000299.honggfuzz.cov b/examples/bind/corpus/2f4a4fc3e7b49f9180369b02acc3ff65.00000299.honggfuzz.cov deleted file mode 100644 index 41f285d4..00000000 Binary files a/examples/bind/corpus/2f4a4fc3e7b49f9180369b02acc3ff65.00000299.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2f5537d792d33aab7bcca099f785ad6f.000101d0.honggfuzz.cov b/examples/bind/corpus/2f5537d792d33aab7bcca099f785ad6f.000101d0.honggfuzz.cov new file mode 100644 index 00000000..43038dee Binary files /dev/null and b/examples/bind/corpus/2f5537d792d33aab7bcca099f785ad6f.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/2f5a50da02a34c320d46e8a2d3338227.0000004d.honggfuzz.cov b/examples/bind/corpus/2f5a50da02a34c320d46e8a2d3338227.0000004d.honggfuzz.cov new file mode 100644 index 00000000..384b8bfc Binary files /dev/null and b/examples/bind/corpus/2f5a50da02a34c320d46e8a2d3338227.0000004d.honggfuzz.cov differ diff --git a/examples/bind/corpus/2f5b78108fc83f1f4d67486f795e9df2.00000a03.honggfuzz.cov b/examples/bind/corpus/2f5b78108fc83f1f4d67486f795e9df2.00000a03.honggfuzz.cov new file mode 100644 index 00000000..337fd07f Binary files /dev/null and b/examples/bind/corpus/2f5b78108fc83f1f4d67486f795e9df2.00000a03.honggfuzz.cov differ diff --git a/examples/bind/corpus/2f5dbd617ebec4fee6069003b4afb4cc.000000a1.honggfuzz.cov b/examples/bind/corpus/2f5dbd617ebec4fee6069003b4afb4cc.000000a1.honggfuzz.cov deleted file mode 100644 index f55abf23..00000000 Binary files a/examples/bind/corpus/2f5dbd617ebec4fee6069003b4afb4cc.000000a1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2f686f165aaa1ca90b6ce1d60a11bd3b.00020000.honggfuzz.cov b/examples/bind/corpus/2f686f165aaa1ca90b6ce1d60a11bd3b.00020000.honggfuzz.cov deleted file mode 100644 index 836cc64a..00000000 Binary files a/examples/bind/corpus/2f686f165aaa1ca90b6ce1d60a11bd3b.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2f84f50d08f786bc293df846a8aedd25.00000045.honggfuzz.cov b/examples/bind/corpus/2f84f50d08f786bc293df846a8aedd25.00000045.honggfuzz.cov new file mode 100644 index 00000000..c5f7f5a6 Binary files /dev/null and b/examples/bind/corpus/2f84f50d08f786bc293df846a8aedd25.00000045.honggfuzz.cov differ diff --git a/examples/bind/corpus/2f94cc7f749620012f5269143b56f053.00000085.honggfuzz.cov b/examples/bind/corpus/2f94cc7f749620012f5269143b56f053.00000085.honggfuzz.cov deleted file mode 100644 index 4a7ac949..00000000 Binary files a/examples/bind/corpus/2f94cc7f749620012f5269143b56f053.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2f98f9c15da21d3a32e587e65456b031.000000b6.honggfuzz.cov b/examples/bind/corpus/2f98f9c15da21d3a32e587e65456b031.000000b6.honggfuzz.cov deleted file mode 100644 index 4fc2d083..00000000 Binary files a/examples/bind/corpus/2f98f9c15da21d3a32e587e65456b031.000000b6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2fcb68fec4021416e845a0c736b9c163.00000020.honggfuzz.cov b/examples/bind/corpus/2fcb68fec4021416e845a0c736b9c163.00000020.honggfuzz.cov new file mode 100644 index 00000000..d5bb4e7c Binary files /dev/null and b/examples/bind/corpus/2fcb68fec4021416e845a0c736b9c163.00000020.honggfuzz.cov differ diff --git a/examples/bind/corpus/2fcc440010d7b96e932775dab4ff1d25.00000107.honggfuzz.cov b/examples/bind/corpus/2fcc440010d7b96e932775dab4ff1d25.00000107.honggfuzz.cov new file mode 100644 index 00000000..a8657ff3 Binary files /dev/null and b/examples/bind/corpus/2fcc440010d7b96e932775dab4ff1d25.00000107.honggfuzz.cov differ diff --git a/examples/bind/corpus/2fe2644a0643d75d7021779ad242a428.0000c1d1.honggfuzz.cov b/examples/bind/corpus/2fe2644a0643d75d7021779ad242a428.0000c1d1.honggfuzz.cov deleted file mode 100644 index 228ee625..00000000 Binary files a/examples/bind/corpus/2fe2644a0643d75d7021779ad242a428.0000c1d1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2fe5af450d393ebfeebbf4c72f5cfbaa.0000033f.honggfuzz.cov b/examples/bind/corpus/2fe5af450d393ebfeebbf4c72f5cfbaa.0000033f.honggfuzz.cov deleted file mode 100644 index 2c30896d..00000000 Binary files a/examples/bind/corpus/2fe5af450d393ebfeebbf4c72f5cfbaa.0000033f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/2ff2eb586cd6d4d261e845ac13c11321.00000295.honggfuzz.cov b/examples/bind/corpus/2ff2eb586cd6d4d261e845ac13c11321.00000295.honggfuzz.cov deleted file mode 100644 index 12d84eea..00000000 Binary files a/examples/bind/corpus/2ff2eb586cd6d4d261e845ac13c11321.00000295.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/301a8715bdefcfecc1c25e2b91a70691.0000006c.honggfuzz.cov b/examples/bind/corpus/301a8715bdefcfecc1c25e2b91a70691.0000006c.honggfuzz.cov deleted file mode 100644 index 1c58113f..00000000 Binary files a/examples/bind/corpus/301a8715bdefcfecc1c25e2b91a70691.0000006c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/303f4d1b633ee14325679115f1e80a81.0001c2ad.honggfuzz.cov b/examples/bind/corpus/303f4d1b633ee14325679115f1e80a81.0001c2ad.honggfuzz.cov deleted file mode 100644 index 44f891b7..00000000 Binary files a/examples/bind/corpus/303f4d1b633ee14325679115f1e80a81.0001c2ad.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3080ab363c66a431550717cdca25d5d4.00001c2d.honggfuzz.cov b/examples/bind/corpus/3080ab363c66a431550717cdca25d5d4.00001c2d.honggfuzz.cov new file mode 100644 index 00000000..19a85f85 Binary files /dev/null and b/examples/bind/corpus/3080ab363c66a431550717cdca25d5d4.00001c2d.honggfuzz.cov differ diff --git a/examples/bind/corpus/30bbea07b61796407e5e230c074fa1d5.00000040.honggfuzz.cov b/examples/bind/corpus/30bbea07b61796407e5e230c074fa1d5.00000040.honggfuzz.cov deleted file mode 100644 index ebe54cae..00000000 Binary files a/examples/bind/corpus/30bbea07b61796407e5e230c074fa1d5.00000040.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/30be29660b07b857d424bd7fc13ec852.00000400.honggfuzz.cov b/examples/bind/corpus/30be29660b07b857d424bd7fc13ec852.00000400.honggfuzz.cov deleted file mode 100644 index dbe35d91..00000000 Binary files a/examples/bind/corpus/30be29660b07b857d424bd7fc13ec852.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/30cc03e85b5cbee670eeecb52c1911fd.00000684.honggfuzz.cov b/examples/bind/corpus/30cc03e85b5cbee670eeecb52c1911fd.00000684.honggfuzz.cov deleted file mode 100644 index 622c02c6..00000000 Binary files a/examples/bind/corpus/30cc03e85b5cbee670eeecb52c1911fd.00000684.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/30d22fd558a567a41d341af708251f6c.00000445.honggfuzz.cov b/examples/bind/corpus/30d22fd558a567a41d341af708251f6c.00000445.honggfuzz.cov deleted file mode 100644 index f4bff3e2..00000000 Binary files a/examples/bind/corpus/30d22fd558a567a41d341af708251f6c.00000445.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/30d563d9c8c4b015ed731b77c9eac0a1.00000d8a.honggfuzz.cov b/examples/bind/corpus/30d563d9c8c4b015ed731b77c9eac0a1.00000d8a.honggfuzz.cov deleted file mode 100644 index e1c82efa..00000000 Binary files a/examples/bind/corpus/30d563d9c8c4b015ed731b77c9eac0a1.00000d8a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/30d77593112cd999881f5fb5825b169b.00000085.honggfuzz.cov b/examples/bind/corpus/30d77593112cd999881f5fb5825b169b.00000085.honggfuzz.cov deleted file mode 100644 index 994a7170..00000000 Binary files a/examples/bind/corpus/30d77593112cd999881f5fb5825b169b.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/30e168f35e73855ae47c775572036195.00000bb8.honggfuzz.cov b/examples/bind/corpus/30e168f35e73855ae47c775572036195.00000bb8.honggfuzz.cov new file mode 100644 index 00000000..57e501c8 Binary files /dev/null and b/examples/bind/corpus/30e168f35e73855ae47c775572036195.00000bb8.honggfuzz.cov differ diff --git a/examples/bind/corpus/30e9e0bc2b0810d98d986bc743f7267b.00000085.honggfuzz.cov b/examples/bind/corpus/30e9e0bc2b0810d98d986bc743f7267b.00000085.honggfuzz.cov deleted file mode 100644 index d7063fa4..00000000 Binary files a/examples/bind/corpus/30e9e0bc2b0810d98d986bc743f7267b.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/310b15493707ad5a03a3d63cfb670583.00000085.honggfuzz.cov b/examples/bind/corpus/310b15493707ad5a03a3d63cfb670583.00000085.honggfuzz.cov deleted file mode 100644 index a83150d4..00000000 Binary files a/examples/bind/corpus/310b15493707ad5a03a3d63cfb670583.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/31213b03ada2c8e49389e059575afd92.00000085.honggfuzz.cov b/examples/bind/corpus/31213b03ada2c8e49389e059575afd92.00000085.honggfuzz.cov deleted file mode 100644 index dfe10f26..00000000 Binary files a/examples/bind/corpus/31213b03ada2c8e49389e059575afd92.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3128448aed9b266128539c7ca229a8e3.00001814.honggfuzz.cov b/examples/bind/corpus/3128448aed9b266128539c7ca229a8e3.00001814.honggfuzz.cov deleted file mode 100644 index d62879ef..00000000 Binary files a/examples/bind/corpus/3128448aed9b266128539c7ca229a8e3.00001814.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3145056954729b81812dbd1640812b46.00000085.honggfuzz.cov b/examples/bind/corpus/3145056954729b81812dbd1640812b46.00000085.honggfuzz.cov deleted file mode 100644 index 8256169c..00000000 Binary files a/examples/bind/corpus/3145056954729b81812dbd1640812b46.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/315832fad998256d964b2488e31d68f1.00000843.honggfuzz.cov b/examples/bind/corpus/315832fad998256d964b2488e31d68f1.00000843.honggfuzz.cov new file mode 100644 index 00000000..26ce89eb Binary files /dev/null and b/examples/bind/corpus/315832fad998256d964b2488e31d68f1.00000843.honggfuzz.cov differ diff --git a/examples/bind/corpus/3184e8449bc99094362077c25892ec04.00000040.honggfuzz.cov b/examples/bind/corpus/3184e8449bc99094362077c25892ec04.00000040.honggfuzz.cov deleted file mode 100644 index 8415a8e9..00000000 Binary files a/examples/bind/corpus/3184e8449bc99094362077c25892ec04.00000040.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3184e8463943ba94362077c25b240c04.00000040.honggfuzz.cov b/examples/bind/corpus/3184e8463943ba94362077c25b240c04.00000040.honggfuzz.cov new file mode 100644 index 00000000..6730f63e Binary files /dev/null and b/examples/bind/corpus/3184e8463943ba94362077c25b240c04.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/3189bbffa170ae03c413b74d45c34ad9.000060c9.honggfuzz.cov b/examples/bind/corpus/3189bbffa170ae03c413b74d45c34ad9.000060c9.honggfuzz.cov deleted file mode 100644 index 14f2d356..00000000 Binary files a/examples/bind/corpus/3189bbffa170ae03c413b74d45c34ad9.000060c9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/319aba92b494e5a1a3eacfbdc62d3d14.0002ffdb.honggfuzz.cov b/examples/bind/corpus/319aba92b494e5a1a3eacfbdc62d3d14.0002ffdb.honggfuzz.cov deleted file mode 100644 index 77086318..00000000 Binary files a/examples/bind/corpus/319aba92b494e5a1a3eacfbdc62d3d14.0002ffdb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/31a0c58926d79636fb64c6907135bdd5.00000085.honggfuzz.cov b/examples/bind/corpus/31a0c58926d79636fb64c6907135bdd5.00000085.honggfuzz.cov deleted file mode 100644 index f0dba50d..00000000 Binary files a/examples/bind/corpus/31a0c58926d79636fb64c6907135bdd5.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/31ab280343db800f7b444d09e7bb9262.000001db.honggfuzz.cov b/examples/bind/corpus/31ab280343db800f7b444d09e7bb9262.000001db.honggfuzz.cov deleted file mode 100644 index e0cd0ab1..00000000 Binary files a/examples/bind/corpus/31ab280343db800f7b444d09e7bb9262.000001db.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/31ab56720c5f9cf78edc3337a974fa2f.000000d5.honggfuzz.cov b/examples/bind/corpus/31ab56720c5f9cf78edc3337a974fa2f.000000d5.honggfuzz.cov deleted file mode 100644 index ae2682eb..00000000 Binary files a/examples/bind/corpus/31ab56720c5f9cf78edc3337a974fa2f.000000d5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/31b0a2c94b763492a9a7bda2c29a5bc9.000000f7.honggfuzz.cov b/examples/bind/corpus/31b0a2c94b763492a9a7bda2c29a5bc9.000000f7.honggfuzz.cov deleted file mode 100644 index 6c4db498..00000000 Binary files a/examples/bind/corpus/31b0a2c94b763492a9a7bda2c29a5bc9.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/31c2482041589d05723d6c01ee1e449e.00000485.honggfuzz.cov b/examples/bind/corpus/31c2482041589d05723d6c01ee1e449e.00000485.honggfuzz.cov deleted file mode 100644 index 4b297747..00000000 Binary files a/examples/bind/corpus/31c2482041589d05723d6c01ee1e449e.00000485.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/31e8883b67f99a36b4919417ee63123c.000001b8.honggfuzz.cov b/examples/bind/corpus/31e8883b67f99a36b4919417ee63123c.000001b8.honggfuzz.cov new file mode 100644 index 00000000..5ea34100 Binary files /dev/null and b/examples/bind/corpus/31e8883b67f99a36b4919417ee63123c.000001b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/31f2ad670310dc50cc776c92fc78c24a.00000085.honggfuzz.cov b/examples/bind/corpus/31f2ad670310dc50cc776c92fc78c24a.00000085.honggfuzz.cov deleted file mode 100644 index c5bcbb99..00000000 Binary files a/examples/bind/corpus/31f2ad670310dc50cc776c92fc78c24a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/323d6c6d4d548b30b156ad4193cc3948.00000085.honggfuzz.cov b/examples/bind/corpus/323d6c6d4d548b30b156ad4193cc3948.00000085.honggfuzz.cov deleted file mode 100644 index 9bf75165..00000000 Binary files a/examples/bind/corpus/323d6c6d4d548b30b156ad4193cc3948.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/324afb8d0a481c85ff282372ae7629d2.000000d5.honggfuzz.cov b/examples/bind/corpus/324afb8d0a481c85ff282372ae7629d2.000000d5.honggfuzz.cov deleted file mode 100644 index 924fdf3f..00000000 Binary files a/examples/bind/corpus/324afb8d0a481c85ff282372ae7629d2.000000d5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/326ec33e58af277c23c885b904609b54.00000109.honggfuzz.cov b/examples/bind/corpus/326ec33e58af277c23c885b904609b54.00000109.honggfuzz.cov new file mode 100644 index 00000000..7642cd75 Binary files /dev/null and b/examples/bind/corpus/326ec33e58af277c23c885b904609b54.00000109.honggfuzz.cov differ diff --git a/examples/bind/corpus/327fc519da2047ccf9cc1643add2c00e.0000004e.honggfuzz.cov b/examples/bind/corpus/327fc519da2047ccf9cc1643add2c00e.0000004e.honggfuzz.cov new file mode 100644 index 00000000..ff9ee3b9 Binary files /dev/null and b/examples/bind/corpus/327fc519da2047ccf9cc1643add2c00e.0000004e.honggfuzz.cov differ diff --git a/examples/bind/corpus/327fc56f6a2047ccf9cc5252f896d15b.0000004e.honggfuzz.cov b/examples/bind/corpus/327fc56f6a2047ccf9cc5252f896d15b.0000004e.honggfuzz.cov deleted file mode 100644 index fd89b141..00000000 Binary files a/examples/bind/corpus/327fc56f6a2047ccf9cc5252f896d15b.0000004e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/328701cfff9764b169525fb844609d80.00000200.honggfuzz.cov b/examples/bind/corpus/328701cfff9764b169525fb844609d80.00000200.honggfuzz.cov deleted file mode 100644 index 2c1c5037..00000000 Binary files a/examples/bind/corpus/328701cfff9764b169525fb844609d80.00000200.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/32c48d5b3e0b6412efefff90e116af6f.00000085.honggfuzz.cov b/examples/bind/corpus/32c48d5b3e0b6412efefff90e116af6f.00000085.honggfuzz.cov deleted file mode 100644 index 805aea9c..00000000 Binary files a/examples/bind/corpus/32c48d5b3e0b6412efefff90e116af6f.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/32d02fe28ad3dcb9437e651d2d380d18.00000bb8.honggfuzz.cov b/examples/bind/corpus/32d02fe28ad3dcb9437e651d2d380d18.00000bb8.honggfuzz.cov new file mode 100644 index 00000000..ff071faa Binary files /dev/null and b/examples/bind/corpus/32d02fe28ad3dcb9437e651d2d380d18.00000bb8.honggfuzz.cov differ diff --git a/examples/bind/corpus/32e32f37fad03412fd901b40e1d8580c.00000085.honggfuzz.cov b/examples/bind/corpus/32e32f37fad03412fd901b40e1d8580c.00000085.honggfuzz.cov deleted file mode 100644 index ce533333..00000000 Binary files a/examples/bind/corpus/32e32f37fad03412fd901b40e1d8580c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/32f378f20a45fc144a82ead6ceb3ec9f.0000007d.honggfuzz.cov b/examples/bind/corpus/32f378f20a45fc144a82ead6ceb3ec9f.0000007d.honggfuzz.cov deleted file mode 100644 index e61ea8d7..00000000 Binary files a/examples/bind/corpus/32f378f20a45fc144a82ead6ceb3ec9f.0000007d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/330ae78f181d605668b3494feacec536.00000332.honggfuzz.cov b/examples/bind/corpus/330ae78f181d605668b3494feacec536.00000332.honggfuzz.cov deleted file mode 100644 index 3038b906..00000000 Binary files a/examples/bind/corpus/330ae78f181d605668b3494feacec536.00000332.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3310dcb85bf7fd8af2da970168b4fb57.0000029e.honggfuzz.cov b/examples/bind/corpus/3310dcb85bf7fd8af2da970168b4fb57.0000029e.honggfuzz.cov new file mode 100644 index 00000000..94545aeb Binary files /dev/null and b/examples/bind/corpus/3310dcb85bf7fd8af2da970168b4fb57.0000029e.honggfuzz.cov differ diff --git a/examples/bind/corpus/3320465328c0b02e38e501422f1c1f5f.00001aba.honggfuzz.cov b/examples/bind/corpus/3320465328c0b02e38e501422f1c1f5f.00001aba.honggfuzz.cov deleted file mode 100644 index 2f09e71f..00000000 Binary files a/examples/bind/corpus/3320465328c0b02e38e501422f1c1f5f.00001aba.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/33264c422e84c892237cf91f4bb2239e.00020000.honggfuzz.cov b/examples/bind/corpus/33264c422e84c892237cf91f4bb2239e.00020000.honggfuzz.cov deleted file mode 100644 index 6fede89a..00000000 Binary files a/examples/bind/corpus/33264c422e84c892237cf91f4bb2239e.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/334fc1b7bf4c6ea674cfcff9052e7d5b.000002cb.honggfuzz.cov b/examples/bind/corpus/334fc1b7bf4c6ea674cfcff9052e7d5b.000002cb.honggfuzz.cov deleted file mode 100644 index 7c5ce9a8..00000000 Binary files a/examples/bind/corpus/334fc1b7bf4c6ea674cfcff9052e7d5b.000002cb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/339c8c138c3e957a0d0f1523f3854f7a.000007f1.honggfuzz.cov b/examples/bind/corpus/339c8c138c3e957a0d0f1523f3854f7a.000007f1.honggfuzz.cov new file mode 100644 index 00000000..3492a47b Binary files /dev/null and b/examples/bind/corpus/339c8c138c3e957a0d0f1523f3854f7a.000007f1.honggfuzz.cov differ diff --git a/examples/bind/corpus/339f68cf76f7b08b97fb3cc95239ef3c.00000040.honggfuzz.cov b/examples/bind/corpus/339f68cf76f7b08b97fb3cc95239ef3c.00000040.honggfuzz.cov new file mode 100644 index 00000000..8a0e1655 Binary files /dev/null and b/examples/bind/corpus/339f68cf76f7b08b97fb3cc95239ef3c.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/33ce1259a401b49d62d690ebdabc0e2a.00000085.honggfuzz.cov b/examples/bind/corpus/33ce1259a401b49d62d690ebdabc0e2a.00000085.honggfuzz.cov deleted file mode 100644 index 495438c4..00000000 Binary files a/examples/bind/corpus/33ce1259a401b49d62d690ebdabc0e2a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/33dbed645d1b2386d7ef84ca14e60b5d.00006070.honggfuzz.cov b/examples/bind/corpus/33dbed645d1b2386d7ef84ca14e60b5d.00006070.honggfuzz.cov deleted file mode 100644 index a04feaf5..00000000 Binary files a/examples/bind/corpus/33dbed645d1b2386d7ef84ca14e60b5d.00006070.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/340d2337569d5288a3e9fc66e937bb56.00000085.honggfuzz.cov b/examples/bind/corpus/340d2337569d5288a3e9fc66e937bb56.00000085.honggfuzz.cov new file mode 100644 index 00000000..f8b57864 Binary files /dev/null and b/examples/bind/corpus/340d2337569d5288a3e9fc66e937bb56.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/340dfc681f917fcdb6bb4d57497b1aee.00000085.honggfuzz.cov b/examples/bind/corpus/340dfc681f917fcdb6bb4d57497b1aee.00000085.honggfuzz.cov deleted file mode 100644 index 2e0f580d..00000000 Binary files a/examples/bind/corpus/340dfc681f917fcdb6bb4d57497b1aee.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3414b013a99ce1ea7a9a77b35702a841.00000124.honggfuzz.cov b/examples/bind/corpus/3414b013a99ce1ea7a9a77b35702a841.00000124.honggfuzz.cov new file mode 100644 index 00000000..b6062492 Binary files /dev/null and b/examples/bind/corpus/3414b013a99ce1ea7a9a77b35702a841.00000124.honggfuzz.cov differ diff --git a/examples/bind/corpus/3425793349c7af6952737f0bde8b375a.00000085.honggfuzz.cov b/examples/bind/corpus/3425793349c7af6952737f0bde8b375a.00000085.honggfuzz.cov deleted file mode 100644 index c481d4e9..00000000 Binary files a/examples/bind/corpus/3425793349c7af6952737f0bde8b375a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/343c35ce07bec437a4419b2eaef59487.00000de2.honggfuzz.cov b/examples/bind/corpus/343c35ce07bec437a4419b2eaef59487.00000de2.honggfuzz.cov deleted file mode 100644 index 2dd3e452..00000000 Binary files a/examples/bind/corpus/343c35ce07bec437a4419b2eaef59487.00000de2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3442f0cf7ded5f97e0a78e2af9423a0a.000000a8.honggfuzz.cov b/examples/bind/corpus/3442f0cf7ded5f97e0a78e2af9423a0a.000000a8.honggfuzz.cov new file mode 100644 index 00000000..b4711b39 Binary files /dev/null and b/examples/bind/corpus/3442f0cf7ded5f97e0a78e2af9423a0a.000000a8.honggfuzz.cov differ diff --git a/examples/bind/corpus/344588a01ab77c53ef8093d82db70e90.0000012e.honggfuzz.cov b/examples/bind/corpus/344588a01ab77c53ef8093d82db70e90.0000012e.honggfuzz.cov new file mode 100644 index 00000000..bd228424 Binary files /dev/null and b/examples/bind/corpus/344588a01ab77c53ef8093d82db70e90.0000012e.honggfuzz.cov differ diff --git a/examples/bind/corpus/344b9d6e3f77ef66364f0a5d656e53c3.000001b8.honggfuzz.cov b/examples/bind/corpus/344b9d6e3f77ef66364f0a5d656e53c3.000001b8.honggfuzz.cov deleted file mode 100644 index 1ff9e09c..00000000 Binary files a/examples/bind/corpus/344b9d6e3f77ef66364f0a5d656e53c3.000001b8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/346c43c000440668c88596ace9f66ca5.00000098.honggfuzz.cov b/examples/bind/corpus/346c43c000440668c88596ace9f66ca5.00000098.honggfuzz.cov deleted file mode 100644 index 6da4939f..00000000 Binary files a/examples/bind/corpus/346c43c000440668c88596ace9f66ca5.00000098.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/348f9a06ed62d6a4d33c611ad78647b6.00000101.honggfuzz.cov b/examples/bind/corpus/348f9a06ed62d6a4d33c611ad78647b6.00000101.honggfuzz.cov deleted file mode 100644 index f2c43cb6..00000000 Binary files a/examples/bind/corpus/348f9a06ed62d6a4d33c611ad78647b6.00000101.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/349c7afd777e16c9efb176dab9e6fc39.0000010f.honggfuzz.cov b/examples/bind/corpus/349c7afd777e16c9efb176dab9e6fc39.0000010f.honggfuzz.cov deleted file mode 100644 index 961a903d..00000000 Binary files a/examples/bind/corpus/349c7afd777e16c9efb176dab9e6fc39.0000010f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3504b84a631fb5d86ccb44f83dff6361.0000001a.honggfuzz.cov b/examples/bind/corpus/3504b84a631fb5d86ccb44f83dff6361.0000001a.honggfuzz.cov new file mode 100644 index 00000000..e5b85073 Binary files /dev/null and b/examples/bind/corpus/3504b84a631fb5d86ccb44f83dff6361.0000001a.honggfuzz.cov differ diff --git a/examples/bind/corpus/35133e62578e8c33f0a1f9807dec9a35.0000003f.honggfuzz.cov b/examples/bind/corpus/35133e62578e8c33f0a1f9807dec9a35.0000003f.honggfuzz.cov new file mode 100644 index 00000000..8f64e1f2 Binary files /dev/null and b/examples/bind/corpus/35133e62578e8c33f0a1f9807dec9a35.0000003f.honggfuzz.cov differ diff --git a/examples/bind/corpus/355dad3edfadc58cc89aec6eebf63d98.000000b8.honggfuzz.cov b/examples/bind/corpus/355dad3edfadc58cc89aec6eebf63d98.000000b8.honggfuzz.cov new file mode 100644 index 00000000..0830c615 Binary files /dev/null and b/examples/bind/corpus/355dad3edfadc58cc89aec6eebf63d98.000000b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/3566d117314a2c532a9fd919c3d81f96.000006d7.honggfuzz.cov b/examples/bind/corpus/3566d117314a2c532a9fd919c3d81f96.000006d7.honggfuzz.cov deleted file mode 100644 index 178cec2d..00000000 Binary files a/examples/bind/corpus/3566d117314a2c532a9fd919c3d81f96.000006d7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/357c59488722e0fa2f7797d7d8f9371d.00000941.honggfuzz.cov b/examples/bind/corpus/357c59488722e0fa2f7797d7d8f9371d.00000941.honggfuzz.cov deleted file mode 100644 index ed01cb73..00000000 Binary files a/examples/bind/corpus/357c59488722e0fa2f7797d7d8f9371d.00000941.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/358312717d8b5f4b03f2678bcac850fb.00000085.honggfuzz.cov b/examples/bind/corpus/358312717d8b5f4b03f2678bcac850fb.00000085.honggfuzz.cov new file mode 100644 index 00000000..c8d86d8f Binary files /dev/null and b/examples/bind/corpus/358312717d8b5f4b03f2678bcac850fb.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/35942c40ec04b5111b6cdb5a926f348e.000003c8.honggfuzz.cov b/examples/bind/corpus/35942c40ec04b5111b6cdb5a926f348e.000003c8.honggfuzz.cov deleted file mode 100644 index ed46a4e3..00000000 Binary files a/examples/bind/corpus/35942c40ec04b5111b6cdb5a926f348e.000003c8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/35acc1f4b25c02d04094588cf41312a6.00000e87.honggfuzz.cov b/examples/bind/corpus/35acc1f4b25c02d04094588cf41312a6.00000e87.honggfuzz.cov new file mode 100644 index 00000000..80e4a26b Binary files /dev/null and b/examples/bind/corpus/35acc1f4b25c02d04094588cf41312a6.00000e87.honggfuzz.cov differ diff --git a/examples/bind/corpus/35ae798039439696feb41b7f08fc99b0.00000400.honggfuzz.cov b/examples/bind/corpus/35ae798039439696feb41b7f08fc99b0.00000400.honggfuzz.cov new file mode 100644 index 00000000..b38a6aaa Binary files /dev/null and b/examples/bind/corpus/35ae798039439696feb41b7f08fc99b0.00000400.honggfuzz.cov differ diff --git a/examples/bind/corpus/35b2164dc1925ecfdf2f04d89c13c8b2.00000084.honggfuzz.cov b/examples/bind/corpus/35b2164dc1925ecfdf2f04d89c13c8b2.00000084.honggfuzz.cov new file mode 100644 index 00000000..7c3a7bff Binary files /dev/null and b/examples/bind/corpus/35b2164dc1925ecfdf2f04d89c13c8b2.00000084.honggfuzz.cov differ diff --git a/examples/bind/corpus/35ba1c09f64dbb3ca3f205cb1595b1f1.0000088c.honggfuzz.cov b/examples/bind/corpus/35ba1c09f64dbb3ca3f205cb1595b1f1.0000088c.honggfuzz.cov deleted file mode 100644 index 0ce74ece..00000000 Binary files a/examples/bind/corpus/35ba1c09f64dbb3ca3f205cb1595b1f1.0000088c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/35c535a9d7f794d5123dc1a4555636cf.0000040e.honggfuzz.cov b/examples/bind/corpus/35c535a9d7f794d5123dc1a4555636cf.0000040e.honggfuzz.cov new file mode 100644 index 00000000..5c703026 Binary files /dev/null and b/examples/bind/corpus/35c535a9d7f794d5123dc1a4555636cf.0000040e.honggfuzz.cov differ diff --git a/examples/bind/corpus/35c8b4c0496e00b61a0a1308de3253a1.00000148.honggfuzz.cov b/examples/bind/corpus/35c8b4c0496e00b61a0a1308de3253a1.00000148.honggfuzz.cov new file mode 100644 index 00000000..f714a952 Binary files /dev/null and b/examples/bind/corpus/35c8b4c0496e00b61a0a1308de3253a1.00000148.honggfuzz.cov differ diff --git a/examples/bind/corpus/35d6eb78e6d18434a05df93a04121e4a.00032915.honggfuzz.cov b/examples/bind/corpus/35d6eb78e6d18434a05df93a04121e4a.00032915.honggfuzz.cov deleted file mode 100644 index db6f3577..00000000 Binary files a/examples/bind/corpus/35d6eb78e6d18434a05df93a04121e4a.00032915.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/36024e8b8a490bb8a5f7e11bca434b35.00017fef.honggfuzz.cov b/examples/bind/corpus/36024e8b8a490bb8a5f7e11bca434b35.00017fef.honggfuzz.cov deleted file mode 100644 index cedbd238..00000000 Binary files a/examples/bind/corpus/36024e8b8a490bb8a5f7e11bca434b35.00017fef.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/361431bcc377b0bfd217062c53e08011.00000187.honggfuzz.cov b/examples/bind/corpus/361431bcc377b0bfd217062c53e08011.00000187.honggfuzz.cov new file mode 100644 index 00000000..9309181a Binary files /dev/null and b/examples/bind/corpus/361431bcc377b0bfd217062c53e08011.00000187.honggfuzz.cov differ diff --git a/examples/bind/corpus/3618a653295796d8d6182ce711ce0d7e.0000002d.honggfuzz.cov b/examples/bind/corpus/3618a653295796d8d6182ce711ce0d7e.0000002d.honggfuzz.cov deleted file mode 100644 index c20eaae7..00000000 Binary files a/examples/bind/corpus/3618a653295796d8d6182ce711ce0d7e.0000002d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/362875cde3d79537a0f61a795da4f53a.000001e9.honggfuzz.cov b/examples/bind/corpus/362875cde3d79537a0f61a795da4f53a.000001e9.honggfuzz.cov new file mode 100644 index 00000000..610532db Binary files /dev/null and b/examples/bind/corpus/362875cde3d79537a0f61a795da4f53a.000001e9.honggfuzz.cov differ diff --git a/examples/bind/corpus/362c99553494da942dd8fc67a5b97f2f.0006a464.honggfuzz.cov b/examples/bind/corpus/362c99553494da942dd8fc67a5b97f2f.0006a464.honggfuzz.cov deleted file mode 100644 index 85b5ed8b..00000000 Binary files a/examples/bind/corpus/362c99553494da942dd8fc67a5b97f2f.0006a464.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3635231407cb13019327b4a10d7cdecb.000015c3.honggfuzz.cov b/examples/bind/corpus/3635231407cb13019327b4a10d7cdecb.000015c3.honggfuzz.cov new file mode 100644 index 00000000..627fa924 Binary files /dev/null and b/examples/bind/corpus/3635231407cb13019327b4a10d7cdecb.000015c3.honggfuzz.cov differ diff --git a/examples/bind/corpus/3639aadbac652b08b8c0e1fddca16cf3.0000029e.honggfuzz.cov b/examples/bind/corpus/3639aadbac652b08b8c0e1fddca16cf3.0000029e.honggfuzz.cov deleted file mode 100644 index df36b43a..00000000 Binary files a/examples/bind/corpus/3639aadbac652b08b8c0e1fddca16cf3.0000029e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/363f97fe93a3db3c875b0ac16478be04.00000400.honggfuzz.cov b/examples/bind/corpus/363f97fe93a3db3c875b0ac16478be04.00000400.honggfuzz.cov deleted file mode 100644 index 72cacca1..00000000 Binary files a/examples/bind/corpus/363f97fe93a3db3c875b0ac16478be04.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3647d261e3c75e4432d7879c20de7fa9.000000f9.honggfuzz.cov b/examples/bind/corpus/3647d261e3c75e4432d7879c20de7fa9.000000f9.honggfuzz.cov deleted file mode 100644 index d51ad43f..00000000 Binary files a/examples/bind/corpus/3647d261e3c75e4432d7879c20de7fa9.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/367df30b92639351a6d0f93cb000665c.000000a3.honggfuzz.cov b/examples/bind/corpus/367df30b92639351a6d0f93cb000665c.000000a3.honggfuzz.cov new file mode 100644 index 00000000..ee42f784 Binary files /dev/null and b/examples/bind/corpus/367df30b92639351a6d0f93cb000665c.000000a3.honggfuzz.cov differ diff --git a/examples/bind/corpus/367eb68421cada236a695f3d3de616a9.00000085.honggfuzz.cov b/examples/bind/corpus/367eb68421cada236a695f3d3de616a9.00000085.honggfuzz.cov deleted file mode 100644 index 0f3d0775..00000000 Binary files a/examples/bind/corpus/367eb68421cada236a695f3d3de616a9.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/36a4a894b71d83577941889702056d88.00000053.honggfuzz.cov b/examples/bind/corpus/36a4a894b71d83577941889702056d88.00000053.honggfuzz.cov deleted file mode 100644 index 61c9c8f2..00000000 Binary files a/examples/bind/corpus/36a4a894b71d83577941889702056d88.00000053.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/36b64bdcc48ba14f0ead702a0cbe5925.00002000.honggfuzz.cov b/examples/bind/corpus/36b64bdcc48ba14f0ead702a0cbe5925.00002000.honggfuzz.cov new file mode 100644 index 00000000..9bd884ba Binary files /dev/null and b/examples/bind/corpus/36b64bdcc48ba14f0ead702a0cbe5925.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/36c9daec954fe3303a6c49bb00974541.0000005a.honggfuzz.cov b/examples/bind/corpus/36c9daec954fe3303a6c49bb00974541.0000005a.honggfuzz.cov new file mode 100644 index 00000000..7ee601e6 Binary files /dev/null and b/examples/bind/corpus/36c9daec954fe3303a6c49bb00974541.0000005a.honggfuzz.cov differ diff --git a/examples/bind/corpus/36db85b5c219e6b3e8f6545c2312f37b.0000006e.honggfuzz.cov b/examples/bind/corpus/36db85b5c219e6b3e8f6545c2312f37b.0000006e.honggfuzz.cov new file mode 100644 index 00000000..0352e363 Binary files /dev/null and b/examples/bind/corpus/36db85b5c219e6b3e8f6545c2312f37b.0000006e.honggfuzz.cov differ diff --git a/examples/bind/corpus/371a03c91bce363b06da43e841e24852.00000933.honggfuzz.cov b/examples/bind/corpus/371a03c91bce363b06da43e841e24852.00000933.honggfuzz.cov deleted file mode 100644 index 06456c00..00000000 Binary files a/examples/bind/corpus/371a03c91bce363b06da43e841e24852.00000933.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/371a2dfc64dd9cdc43d98f92155b1c1f.000000f7.honggfuzz.cov b/examples/bind/corpus/371a2dfc64dd9cdc43d98f92155b1c1f.000000f7.honggfuzz.cov deleted file mode 100644 index aa291670..00000000 Binary files a/examples/bind/corpus/371a2dfc64dd9cdc43d98f92155b1c1f.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3733e5ba9eef6c43d4c0537032509325.000000e9.honggfuzz.cov b/examples/bind/corpus/3733e5ba9eef6c43d4c0537032509325.000000e9.honggfuzz.cov new file mode 100644 index 00000000..1b8fcda0 Binary files /dev/null and b/examples/bind/corpus/3733e5ba9eef6c43d4c0537032509325.000000e9.honggfuzz.cov differ diff --git a/examples/bind/corpus/3747119b52889d61e30a16a4ab201d41.0000a0d7.honggfuzz.cov b/examples/bind/corpus/3747119b52889d61e30a16a4ab201d41.0000a0d7.honggfuzz.cov new file mode 100644 index 00000000..8d4287d2 Binary files /dev/null and b/examples/bind/corpus/3747119b52889d61e30a16a4ab201d41.0000a0d7.honggfuzz.cov differ diff --git a/examples/bind/corpus/374ba09dad4267c260f6eebb4cedffda.000006ab.honggfuzz.cov b/examples/bind/corpus/374ba09dad4267c260f6eebb4cedffda.000006ab.honggfuzz.cov deleted file mode 100644 index 76592fc0..00000000 Binary files a/examples/bind/corpus/374ba09dad4267c260f6eebb4cedffda.000006ab.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/37799224fe677984d807798864eae050.00000400.honggfuzz.cov b/examples/bind/corpus/37799224fe677984d807798864eae050.00000400.honggfuzz.cov new file mode 100644 index 00000000..91faf38e Binary files /dev/null and b/examples/bind/corpus/37799224fe677984d807798864eae050.00000400.honggfuzz.cov differ diff --git a/examples/bind/corpus/37942dce335c8c42d81f68fd02f7e122.000000ac.honggfuzz.cov b/examples/bind/corpus/37942dce335c8c42d81f68fd02f7e122.000000ac.honggfuzz.cov deleted file mode 100644 index 5eeb4e7c..00000000 Binary files a/examples/bind/corpus/37942dce335c8c42d81f68fd02f7e122.000000ac.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/37a45dd5d50b43cc59974188b4db6808.00000085.honggfuzz.cov b/examples/bind/corpus/37a45dd5d50b43cc59974188b4db6808.00000085.honggfuzz.cov deleted file mode 100644 index d9831ce2..00000000 Binary files a/examples/bind/corpus/37a45dd5d50b43cc59974188b4db6808.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/37cbccf2472d913603570ecb85411383.00001969.honggfuzz.cov b/examples/bind/corpus/37cbccf2472d913603570ecb85411383.00001969.honggfuzz.cov deleted file mode 100644 index 58b4c0e4..00000000 Binary files a/examples/bind/corpus/37cbccf2472d913603570ecb85411383.00001969.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/37d04973be59b37b24be825f76ab672d.00000653.honggfuzz.cov b/examples/bind/corpus/37d04973be59b37b24be825f76ab672d.00000653.honggfuzz.cov new file mode 100644 index 00000000..b444c73d Binary files /dev/null and b/examples/bind/corpus/37d04973be59b37b24be825f76ab672d.00000653.honggfuzz.cov differ diff --git a/examples/bind/corpus/37d10496b1efc7b8d3e32e7239d0423f.0001b355.honggfuzz.cov b/examples/bind/corpus/37d10496b1efc7b8d3e32e7239d0423f.0001b355.honggfuzz.cov new file mode 100644 index 00000000..c79fc091 Binary files /dev/null and b/examples/bind/corpus/37d10496b1efc7b8d3e32e7239d0423f.0001b355.honggfuzz.cov differ diff --git a/examples/bind/corpus/37f14096592817c63a609e489ef35afd.000000aa.honggfuzz.cov b/examples/bind/corpus/37f14096592817c63a609e489ef35afd.000000aa.honggfuzz.cov deleted file mode 100644 index 81b9b45f..00000000 Binary files a/examples/bind/corpus/37f14096592817c63a609e489ef35afd.000000aa.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/38046e35c45e8eecd1fdbbb990ab3098.0001c194.honggfuzz.cov b/examples/bind/corpus/38046e35c45e8eecd1fdbbb990ab3098.0001c194.honggfuzz.cov new file mode 100644 index 00000000..2baf3622 Binary files /dev/null and b/examples/bind/corpus/38046e35c45e8eecd1fdbbb990ab3098.0001c194.honggfuzz.cov differ diff --git a/examples/bind/corpus/381b5754253723250be738d24834c9d1.000000c0.honggfuzz.cov b/examples/bind/corpus/381b5754253723250be738d24834c9d1.000000c0.honggfuzz.cov new file mode 100644 index 00000000..9bc82f2c Binary files /dev/null and b/examples/bind/corpus/381b5754253723250be738d24834c9d1.000000c0.honggfuzz.cov differ diff --git a/examples/bind/corpus/382b3cd2fc3fc193a2dc2dc9ca160daa.00000085.honggfuzz.cov b/examples/bind/corpus/382b3cd2fc3fc193a2dc2dc9ca160daa.00000085.honggfuzz.cov deleted file mode 100644 index 2add531a..00000000 Binary files a/examples/bind/corpus/382b3cd2fc3fc193a2dc2dc9ca160daa.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/383c5c838b1ca449d72ab362ca228414.00000085.honggfuzz.cov b/examples/bind/corpus/383c5c838b1ca449d72ab362ca228414.00000085.honggfuzz.cov deleted file mode 100644 index 93b2787f..00000000 Binary files a/examples/bind/corpus/383c5c838b1ca449d72ab362ca228414.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/384a37d1bbaaa4c5b59e184ff09a1e79.00000085.honggfuzz.cov b/examples/bind/corpus/384a37d1bbaaa4c5b59e184ff09a1e79.00000085.honggfuzz.cov deleted file mode 100644 index 9b62a292..00000000 Binary files a/examples/bind/corpus/384a37d1bbaaa4c5b59e184ff09a1e79.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3850d8aab0d81be48810144c16dfe8cb.00000775.honggfuzz.cov b/examples/bind/corpus/3850d8aab0d81be48810144c16dfe8cb.00000775.honggfuzz.cov new file mode 100644 index 00000000..cd9dda29 Binary files /dev/null and b/examples/bind/corpus/3850d8aab0d81be48810144c16dfe8cb.00000775.honggfuzz.cov differ diff --git a/examples/bind/corpus/386bef85b3906520c00e967c919d90e6.0001a03f.honggfuzz.cov b/examples/bind/corpus/386bef85b3906520c00e967c919d90e6.0001a03f.honggfuzz.cov deleted file mode 100644 index 2954fed0..00000000 Binary files a/examples/bind/corpus/386bef85b3906520c00e967c919d90e6.0001a03f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3878344b3c558004de76be954b598b48.00002265.honggfuzz.cov b/examples/bind/corpus/3878344b3c558004de76be954b598b48.00002265.honggfuzz.cov deleted file mode 100644 index 8ab9154f..00000000 Binary files a/examples/bind/corpus/3878344b3c558004de76be954b598b48.00002265.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3879d2f1f1539b828de21655d520bdda.00002710.honggfuzz.cov b/examples/bind/corpus/3879d2f1f1539b828de21655d520bdda.00002710.honggfuzz.cov deleted file mode 100644 index d1213bc2..00000000 Binary files a/examples/bind/corpus/3879d2f1f1539b828de21655d520bdda.00002710.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/387b9d908d4c900b5c012e26d13bebfc.00000085.honggfuzz.cov b/examples/bind/corpus/387b9d908d4c900b5c012e26d13bebfc.00000085.honggfuzz.cov new file mode 100644 index 00000000..14bc09ee Binary files /dev/null and b/examples/bind/corpus/387b9d908d4c900b5c012e26d13bebfc.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/38803eeabc40333ea7faf1b8ad63c16e.000000b2.honggfuzz.cov b/examples/bind/corpus/38803eeabc40333ea7faf1b8ad63c16e.000000b2.honggfuzz.cov deleted file mode 100644 index ff5a2038..00000000 Binary files a/examples/bind/corpus/38803eeabc40333ea7faf1b8ad63c16e.000000b2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/388e549478acb66b6d29cea978406340.0000005c.honggfuzz.cov b/examples/bind/corpus/388e549478acb66b6d29cea978406340.0000005c.honggfuzz.cov deleted file mode 100644 index 1e3f28fe..00000000 Binary files a/examples/bind/corpus/388e549478acb66b6d29cea978406340.0000005c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/38a0df8f794de619bfd106810042f00d.00000080.honggfuzz.cov b/examples/bind/corpus/38a0df8f794de619bfd106810042f00d.00000080.honggfuzz.cov deleted file mode 100644 index 78481206..00000000 Binary files a/examples/bind/corpus/38a0df8f794de619bfd106810042f00d.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/38cb64e4ca99b1f2c5a9397a70fa9ba6.00000040.honggfuzz.cov b/examples/bind/corpus/38cb64e4ca99b1f2c5a9397a70fa9ba6.00000040.honggfuzz.cov new file mode 100644 index 00000000..35f9396c Binary files /dev/null and b/examples/bind/corpus/38cb64e4ca99b1f2c5a9397a70fa9ba6.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/38db5c0b9349d10bce0012811b1f327a.0001a058.honggfuzz.cov b/examples/bind/corpus/38db5c0b9349d10bce0012811b1f327a.0001a058.honggfuzz.cov deleted file mode 100644 index f398c811..00000000 Binary files a/examples/bind/corpus/38db5c0b9349d10bce0012811b1f327a.0001a058.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/38dba5a31d683f5c784fe3be36b50406.00000c7c.honggfuzz.cov b/examples/bind/corpus/38dba5a31d683f5c784fe3be36b50406.00000c7c.honggfuzz.cov new file mode 100644 index 00000000..7b8219b5 Binary files /dev/null and b/examples/bind/corpus/38dba5a31d683f5c784fe3be36b50406.00000c7c.honggfuzz.cov differ diff --git a/examples/bind/corpus/38dfad6ef42aafa3de266a606f8c6d67.0000ed52.honggfuzz.cov b/examples/bind/corpus/38dfad6ef42aafa3de266a606f8c6d67.0000ed52.honggfuzz.cov new file mode 100644 index 00000000..6f0bb851 Binary files /dev/null and b/examples/bind/corpus/38dfad6ef42aafa3de266a606f8c6d67.0000ed52.honggfuzz.cov differ diff --git a/examples/bind/corpus/38dfc97727325abe1e171b16ce1fc4ac.000000a7.honggfuzz.cov b/examples/bind/corpus/38dfc97727325abe1e171b16ce1fc4ac.000000a7.honggfuzz.cov new file mode 100644 index 00000000..d00dfb7a Binary files /dev/null and b/examples/bind/corpus/38dfc97727325abe1e171b16ce1fc4ac.000000a7.honggfuzz.cov differ diff --git a/examples/bind/corpus/38f1a09bfff185245e910e2c6bb67b78.00000d31.honggfuzz.cov b/examples/bind/corpus/38f1a09bfff185245e910e2c6bb67b78.00000d31.honggfuzz.cov deleted file mode 100644 index 77077eb1..00000000 Binary files a/examples/bind/corpus/38f1a09bfff185245e910e2c6bb67b78.00000d31.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/38f96628f4079206cdc793c5c5e670d5.0000004f.honggfuzz.cov b/examples/bind/corpus/38f96628f4079206cdc793c5c5e670d5.0000004f.honggfuzz.cov new file mode 100644 index 00000000..2d9e6c84 Binary files /dev/null and b/examples/bind/corpus/38f96628f4079206cdc793c5c5e670d5.0000004f.honggfuzz.cov differ diff --git a/examples/bind/corpus/39002753b06d39bf0397fa093a660100.00001670.honggfuzz.cov b/examples/bind/corpus/39002753b06d39bf0397fa093a660100.00001670.honggfuzz.cov deleted file mode 100644 index 0dac03b8..00000000 Binary files a/examples/bind/corpus/39002753b06d39bf0397fa093a660100.00001670.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3900543a66c62e98afebf4190740307e.0000003a.honggfuzz.cov b/examples/bind/corpus/3900543a66c62e98afebf4190740307e.0000003a.honggfuzz.cov deleted file mode 100644 index 5f952c36..00000000 Binary files a/examples/bind/corpus/3900543a66c62e98afebf4190740307e.0000003a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3905841e513f877fe1209101699135ca.0001f7e8.honggfuzz.cov b/examples/bind/corpus/3905841e513f877fe1209101699135ca.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..a382b001 Binary files /dev/null and b/examples/bind/corpus/3905841e513f877fe1209101699135ca.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/3913365747eac056405f8b4c307010c1.0000007f.honggfuzz.cov b/examples/bind/corpus/3913365747eac056405f8b4c307010c1.0000007f.honggfuzz.cov deleted file mode 100644 index 452115c6..00000000 Binary files a/examples/bind/corpus/3913365747eac056405f8b4c307010c1.0000007f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/39245fc156f84606286df0b6fa8b8d4d.0000192a.honggfuzz.cov b/examples/bind/corpus/39245fc156f84606286df0b6fa8b8d4d.0000192a.honggfuzz.cov deleted file mode 100644 index efb0b5a6..00000000 Binary files a/examples/bind/corpus/39245fc156f84606286df0b6fa8b8d4d.0000192a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/392f1da061210ac4b5caf10e73ca472c.000004a0.honggfuzz.cov b/examples/bind/corpus/392f1da061210ac4b5caf10e73ca472c.000004a0.honggfuzz.cov new file mode 100644 index 00000000..659c924b Binary files /dev/null and b/examples/bind/corpus/392f1da061210ac4b5caf10e73ca472c.000004a0.honggfuzz.cov differ diff --git a/examples/bind/corpus/39737763acd20259342d7e74481a4803.000000f9.honggfuzz.cov b/examples/bind/corpus/39737763acd20259342d7e74481a4803.000000f9.honggfuzz.cov deleted file mode 100644 index 6fdbc2d8..00000000 Binary files a/examples/bind/corpus/39737763acd20259342d7e74481a4803.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/399237d3553f9f36623a0b27873e09dc.00002000.honggfuzz.cov b/examples/bind/corpus/399237d3553f9f36623a0b27873e09dc.00002000.honggfuzz.cov new file mode 100644 index 00000000..aeefc837 Binary files /dev/null and b/examples/bind/corpus/399237d3553f9f36623a0b27873e09dc.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/3996e1a8a3c17e12112d2011ea02c4d3.00003e92.honggfuzz.cov b/examples/bind/corpus/3996e1a8a3c17e12112d2011ea02c4d3.00003e92.honggfuzz.cov deleted file mode 100644 index db3ff5d0..00000000 Binary files a/examples/bind/corpus/3996e1a8a3c17e12112d2011ea02c4d3.00003e92.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/39a3fa2d7f0cad96bb325108082152fb.00000085.honggfuzz.cov b/examples/bind/corpus/39a3fa2d7f0cad96bb325108082152fb.00000085.honggfuzz.cov deleted file mode 100644 index 9235059e..00000000 Binary files a/examples/bind/corpus/39a3fa2d7f0cad96bb325108082152fb.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/39dd27bfb1ce4014555c1d8d34314044.00020000.honggfuzz.cov b/examples/bind/corpus/39dd27bfb1ce4014555c1d8d34314044.00020000.honggfuzz.cov deleted file mode 100644 index f06fca04..00000000 Binary files a/examples/bind/corpus/39dd27bfb1ce4014555c1d8d34314044.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/39e9ba801ebfceb9d234e61c5447b460.00000040.honggfuzz.cov b/examples/bind/corpus/39e9ba801ebfceb9d234e61c5447b460.00000040.honggfuzz.cov new file mode 100644 index 00000000..b3bc1c7b Binary files /dev/null and b/examples/bind/corpus/39e9ba801ebfceb9d234e61c5447b460.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/39f0f3629f41428434fd01dd59dc046c.0000001a.honggfuzz.cov b/examples/bind/corpus/39f0f3629f41428434fd01dd59dc046c.0000001a.honggfuzz.cov deleted file mode 100644 index 27954e7a..00000000 Binary files a/examples/bind/corpus/39f0f3629f41428434fd01dd59dc046c.0000001a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3a0a2e12627283b647a884758569891f.000003de.honggfuzz.cov b/examples/bind/corpus/3a0a2e12627283b647a884758569891f.000003de.honggfuzz.cov new file mode 100644 index 00000000..5080d7d0 Binary files /dev/null and b/examples/bind/corpus/3a0a2e12627283b647a884758569891f.000003de.honggfuzz.cov differ diff --git a/examples/bind/corpus/3a0ea02051deb67c24c026798538707a.00000076.honggfuzz.cov b/examples/bind/corpus/3a0ea02051deb67c24c026798538707a.00000076.honggfuzz.cov deleted file mode 100644 index ccdf557a..00000000 Binary files a/examples/bind/corpus/3a0ea02051deb67c24c026798538707a.00000076.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3a16e39d6b60d1956c9a7cfdac411cb2.00000085.honggfuzz.cov b/examples/bind/corpus/3a16e39d6b60d1956c9a7cfdac411cb2.00000085.honggfuzz.cov deleted file mode 100644 index 0fee56e5..00000000 Binary files a/examples/bind/corpus/3a16e39d6b60d1956c9a7cfdac411cb2.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3a28bd3abba668309bc77bb974ed7871.00000085.honggfuzz.cov b/examples/bind/corpus/3a28bd3abba668309bc77bb974ed7871.00000085.honggfuzz.cov new file mode 100644 index 00000000..4ae57364 Binary files /dev/null and b/examples/bind/corpus/3a28bd3abba668309bc77bb974ed7871.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/3a32ea95816ba45a2f1309affdfaef9f.0000983d.honggfuzz.cov b/examples/bind/corpus/3a32ea95816ba45a2f1309affdfaef9f.0000983d.honggfuzz.cov deleted file mode 100644 index 779bd10b..00000000 Binary files a/examples/bind/corpus/3a32ea95816ba45a2f1309affdfaef9f.0000983d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3a630a66eb8b9208a247f4c30e055a4c.00000080.honggfuzz.cov b/examples/bind/corpus/3a630a66eb8b9208a247f4c30e055a4c.00000080.honggfuzz.cov new file mode 100644 index 00000000..9910d00b Binary files /dev/null and b/examples/bind/corpus/3a630a66eb8b9208a247f4c30e055a4c.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/3a870e75fac040dc8033109a408efa1e.00000902.honggfuzz.cov b/examples/bind/corpus/3a870e75fac040dc8033109a408efa1e.00000902.honggfuzz.cov deleted file mode 100644 index 28720bff..00000000 Binary files a/examples/bind/corpus/3a870e75fac040dc8033109a408efa1e.00000902.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3a99cba5e33ccf3454c7b16b3fb284b8.00000085.honggfuzz.cov b/examples/bind/corpus/3a99cba5e33ccf3454c7b16b3fb284b8.00000085.honggfuzz.cov deleted file mode 100644 index 6d236e01..00000000 Binary files a/examples/bind/corpus/3a99cba5e33ccf3454c7b16b3fb284b8.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3a9d6c2250903c1cfe1814827f71e209.0001e1e3.honggfuzz.cov b/examples/bind/corpus/3a9d6c2250903c1cfe1814827f71e209.0001e1e3.honggfuzz.cov deleted file mode 100644 index 72eedf1a..00000000 Binary files a/examples/bind/corpus/3a9d6c2250903c1cfe1814827f71e209.0001e1e3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3acf8449ce4e5212a4c91e55cd8ccb15.00000022.honggfuzz.cov b/examples/bind/corpus/3acf8449ce4e5212a4c91e55cd8ccb15.00000022.honggfuzz.cov new file mode 100644 index 00000000..a30330d7 Binary files /dev/null and b/examples/bind/corpus/3acf8449ce4e5212a4c91e55cd8ccb15.00000022.honggfuzz.cov differ diff --git a/examples/bind/corpus/3aeb22043a51e0adfa7b61b1af6462f7.000000de.honggfuzz.cov b/examples/bind/corpus/3aeb22043a51e0adfa7b61b1af6462f7.000000de.honggfuzz.cov deleted file mode 100644 index 4c2488bd..00000000 Binary files a/examples/bind/corpus/3aeb22043a51e0adfa7b61b1af6462f7.000000de.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3b0464da4efb354f07d5913ac7974d9a.00000080.honggfuzz.cov b/examples/bind/corpus/3b0464da4efb354f07d5913ac7974d9a.00000080.honggfuzz.cov deleted file mode 100644 index 1b3023b4..00000000 Binary files a/examples/bind/corpus/3b0464da4efb354f07d5913ac7974d9a.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3b112177541b9fcd8391e4f2d80b5c63.0000011a.honggfuzz.cov b/examples/bind/corpus/3b112177541b9fcd8391e4f2d80b5c63.0000011a.honggfuzz.cov new file mode 100644 index 00000000..74cddf31 Binary files /dev/null and b/examples/bind/corpus/3b112177541b9fcd8391e4f2d80b5c63.0000011a.honggfuzz.cov differ diff --git a/examples/bind/corpus/3b219bbb36ccb36cafcae393b97ac803.00000400.honggfuzz.cov b/examples/bind/corpus/3b219bbb36ccb36cafcae393b97ac803.00000400.honggfuzz.cov deleted file mode 100644 index b08d9b29..00000000 Binary files a/examples/bind/corpus/3b219bbb36ccb36cafcae393b97ac803.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3b26d1259ad079bef1ba39e08dc39649.0001f7e8.honggfuzz.cov b/examples/bind/corpus/3b26d1259ad079bef1ba39e08dc39649.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..514718c4 Binary files /dev/null and b/examples/bind/corpus/3b26d1259ad079bef1ba39e08dc39649.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/3b484204d5a3105f342b6aa7febb2a32.0006703e.honggfuzz.cov b/examples/bind/corpus/3b484204d5a3105f342b6aa7febb2a32.0006703e.honggfuzz.cov deleted file mode 100644 index 40c6d6af..00000000 Binary files a/examples/bind/corpus/3b484204d5a3105f342b6aa7febb2a32.0006703e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3b6bc19cd86a4340644b727895c16c64.00000020.honggfuzz.cov b/examples/bind/corpus/3b6bc19cd86a4340644b727895c16c64.00000020.honggfuzz.cov deleted file mode 100644 index 3bc220f9..00000000 Binary files a/examples/bind/corpus/3b6bc19cd86a4340644b727895c16c64.00000020.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3b765dead80ce48aa7d95f325c871c9c.00010106.honggfuzz.cov b/examples/bind/corpus/3b765dead80ce48aa7d95f325c871c9c.00010106.honggfuzz.cov new file mode 100644 index 00000000..89757756 Binary files /dev/null and b/examples/bind/corpus/3b765dead80ce48aa7d95f325c871c9c.00010106.honggfuzz.cov differ diff --git a/examples/bind/corpus/3b85367b0a7ac0799d857851469d98d0.00000085.honggfuzz.cov b/examples/bind/corpus/3b85367b0a7ac0799d857851469d98d0.00000085.honggfuzz.cov deleted file mode 100644 index 77d970d6..00000000 Binary files a/examples/bind/corpus/3b85367b0a7ac0799d857851469d98d0.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3bbb0ff9f78e1db8adab84f9408bf5d7.00000085.honggfuzz.cov b/examples/bind/corpus/3bbb0ff9f78e1db8adab84f9408bf5d7.00000085.honggfuzz.cov deleted file mode 100644 index 7cd6f379..00000000 Binary files a/examples/bind/corpus/3bbb0ff9f78e1db8adab84f9408bf5d7.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3bbcf03a84df217ebc42958399f0507f.00000085.honggfuzz.cov b/examples/bind/corpus/3bbcf03a84df217ebc42958399f0507f.00000085.honggfuzz.cov new file mode 100644 index 00000000..c291af7d Binary files /dev/null and b/examples/bind/corpus/3bbcf03a84df217ebc42958399f0507f.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/3bbedb7ec54732c675f31c231fd1b808.00039ae6.honggfuzz.cov b/examples/bind/corpus/3bbedb7ec54732c675f31c231fd1b808.00039ae6.honggfuzz.cov deleted file mode 100644 index b8f9141e..00000000 Binary files a/examples/bind/corpus/3bbedb7ec54732c675f31c231fd1b808.00039ae6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3beae469f8dc28d49c33aa9f6b6ce37c.0000032e.honggfuzz.cov b/examples/bind/corpus/3beae469f8dc28d49c33aa9f6b6ce37c.0000032e.honggfuzz.cov new file mode 100644 index 00000000..577bca2b Binary files /dev/null and b/examples/bind/corpus/3beae469f8dc28d49c33aa9f6b6ce37c.0000032e.honggfuzz.cov differ diff --git a/examples/bind/corpus/3c058ea574a14a42325a95f0b1d007ba.000167d2.honggfuzz.cov b/examples/bind/corpus/3c058ea574a14a42325a95f0b1d007ba.000167d2.honggfuzz.cov deleted file mode 100644 index c87a4c76..00000000 Binary files a/examples/bind/corpus/3c058ea574a14a42325a95f0b1d007ba.000167d2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3c21e7b32ee85f127e28d1a69eb63641.00000145.honggfuzz.cov b/examples/bind/corpus/3c21e7b32ee85f127e28d1a69eb63641.00000145.honggfuzz.cov deleted file mode 100644 index 58503827..00000000 Binary files a/examples/bind/corpus/3c21e7b32ee85f127e28d1a69eb63641.00000145.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3c76f61b58ea78b748f3bd5cc21024ff.000101cb.honggfuzz.cov b/examples/bind/corpus/3c76f61b58ea78b748f3bd5cc21024ff.000101cb.honggfuzz.cov new file mode 100644 index 00000000..7040e51b Binary files /dev/null and b/examples/bind/corpus/3c76f61b58ea78b748f3bd5cc21024ff.000101cb.honggfuzz.cov differ diff --git a/examples/bind/corpus/3ca4d027a5df2f689922ce7fe02c208e.000000a3.honggfuzz.cov b/examples/bind/corpus/3ca4d027a5df2f689922ce7fe02c208e.000000a3.honggfuzz.cov deleted file mode 100644 index 4acf88ec..00000000 Binary files a/examples/bind/corpus/3ca4d027a5df2f689922ce7fe02c208e.000000a3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3cd5c6858ab4fb7a7f168105a685284f.000101d0.honggfuzz.cov b/examples/bind/corpus/3cd5c6858ab4fb7a7f168105a685284f.000101d0.honggfuzz.cov new file mode 100644 index 00000000..7de20750 Binary files /dev/null and b/examples/bind/corpus/3cd5c6858ab4fb7a7f168105a685284f.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/3cdda7c47e1c24782549a0d3fe02ed4e.00000101.honggfuzz.cov b/examples/bind/corpus/3cdda7c47e1c24782549a0d3fe02ed4e.00000101.honggfuzz.cov deleted file mode 100644 index 72727742..00000000 Binary files a/examples/bind/corpus/3cdda7c47e1c24782549a0d3fe02ed4e.00000101.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3cdf456afe9745bb378facf69c9ea2ac.0000001c.honggfuzz.cov b/examples/bind/corpus/3cdf456afe9745bb378facf69c9ea2ac.0000001c.honggfuzz.cov new file mode 100644 index 00000000..7a25ab11 Binary files /dev/null and b/examples/bind/corpus/3cdf456afe9745bb378facf69c9ea2ac.0000001c.honggfuzz.cov differ diff --git a/examples/bind/corpus/3cf15d7f7f658affe70fe60bd4f53729.00000281.honggfuzz.cov b/examples/bind/corpus/3cf15d7f7f658affe70fe60bd4f53729.00000281.honggfuzz.cov new file mode 100644 index 00000000..66c994b3 Binary files /dev/null and b/examples/bind/corpus/3cf15d7f7f658affe70fe60bd4f53729.00000281.honggfuzz.cov differ diff --git a/examples/bind/corpus/3d206ca482329cc4d0de244347fdb506.00000097.honggfuzz.cov b/examples/bind/corpus/3d206ca482329cc4d0de244347fdb506.00000097.honggfuzz.cov deleted file mode 100644 index c6ff9660..00000000 Binary files a/examples/bind/corpus/3d206ca482329cc4d0de244347fdb506.00000097.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3d2cd640d6bdd08daf2ce07a5affe51c.00001cc1.honggfuzz.cov b/examples/bind/corpus/3d2cd640d6bdd08daf2ce07a5affe51c.00001cc1.honggfuzz.cov new file mode 100644 index 00000000..222336b0 Binary files /dev/null and b/examples/bind/corpus/3d2cd640d6bdd08daf2ce07a5affe51c.00001cc1.honggfuzz.cov differ diff --git a/examples/bind/corpus/3d3c68a6d72ef110d1a4040524ff6837.000000ce.honggfuzz.cov b/examples/bind/corpus/3d3c68a6d72ef110d1a4040524ff6837.000000ce.honggfuzz.cov deleted file mode 100644 index a87c3eee..00000000 Binary files a/examples/bind/corpus/3d3c68a6d72ef110d1a4040524ff6837.000000ce.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3d88ceb4cb77b640d8f10fac8f646859.00000085.honggfuzz.cov b/examples/bind/corpus/3d88ceb4cb77b640d8f10fac8f646859.00000085.honggfuzz.cov deleted file mode 100644 index 34d1a700..00000000 Binary files a/examples/bind/corpus/3d88ceb4cb77b640d8f10fac8f646859.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3d97be93cf138b79eb6ec27e98767b6f.000009ea.honggfuzz.cov b/examples/bind/corpus/3d97be93cf138b79eb6ec27e98767b6f.000009ea.honggfuzz.cov new file mode 100644 index 00000000..bff09eab Binary files /dev/null and b/examples/bind/corpus/3d97be93cf138b79eb6ec27e98767b6f.000009ea.honggfuzz.cov differ diff --git a/examples/bind/corpus/3da3052dc4ea9f1db17bdac297919440.00014292.honggfuzz.cov b/examples/bind/corpus/3da3052dc4ea9f1db17bdac297919440.00014292.honggfuzz.cov deleted file mode 100644 index ce3017b4..00000000 Binary files a/examples/bind/corpus/3da3052dc4ea9f1db17bdac297919440.00014292.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3dba0dae205888746076c35bf8ede9a2.000000f9.honggfuzz.cov b/examples/bind/corpus/3dba0dae205888746076c35bf8ede9a2.000000f9.honggfuzz.cov deleted file mode 100644 index 226d8016..00000000 Binary files a/examples/bind/corpus/3dba0dae205888746076c35bf8ede9a2.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3ddc3da03601e0932eec4ecc97912712.00000085.honggfuzz.cov b/examples/bind/corpus/3ddc3da03601e0932eec4ecc97912712.00000085.honggfuzz.cov new file mode 100644 index 00000000..f7cc4719 Binary files /dev/null and b/examples/bind/corpus/3ddc3da03601e0932eec4ecc97912712.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/3de8d7cd2eb9461f65215cd8d1a6f73a.0000024d.honggfuzz.cov b/examples/bind/corpus/3de8d7cd2eb9461f65215cd8d1a6f73a.0000024d.honggfuzz.cov new file mode 100644 index 00000000..96314f66 Binary files /dev/null and b/examples/bind/corpus/3de8d7cd2eb9461f65215cd8d1a6f73a.0000024d.honggfuzz.cov differ diff --git a/examples/bind/corpus/3df069973be39612efde4b8284a02ef5.000000f9.honggfuzz.cov b/examples/bind/corpus/3df069973be39612efde4b8284a02ef5.000000f9.honggfuzz.cov deleted file mode 100644 index e81c391b..00000000 Binary files a/examples/bind/corpus/3df069973be39612efde4b8284a02ef5.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3e0fd97a723e3ce4265a925d7cf067a5.000101d0.honggfuzz.cov b/examples/bind/corpus/3e0fd97a723e3ce4265a925d7cf067a5.000101d0.honggfuzz.cov new file mode 100644 index 00000000..ad1ea4b1 Binary files /dev/null and b/examples/bind/corpus/3e0fd97a723e3ce4265a925d7cf067a5.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/3e135c82dcfb35b2148cb07eab1a56fb.00000085.honggfuzz.cov b/examples/bind/corpus/3e135c82dcfb35b2148cb07eab1a56fb.00000085.honggfuzz.cov deleted file mode 100644 index daa7b7c3..00000000 Binary files a/examples/bind/corpus/3e135c82dcfb35b2148cb07eab1a56fb.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3e18c41196ba7c3a2d5d2ba03bb576da.00000081.honggfuzz.cov b/examples/bind/corpus/3e18c41196ba7c3a2d5d2ba03bb576da.00000081.honggfuzz.cov deleted file mode 100644 index f0616986..00000000 Binary files a/examples/bind/corpus/3e18c41196ba7c3a2d5d2ba03bb576da.00000081.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3e5afa32ec934e8311efc2bb87cebc78.00000bb8.honggfuzz.cov b/examples/bind/corpus/3e5afa32ec934e8311efc2bb87cebc78.00000bb8.honggfuzz.cov new file mode 100644 index 00000000..c1018721 Binary files /dev/null and b/examples/bind/corpus/3e5afa32ec934e8311efc2bb87cebc78.00000bb8.honggfuzz.cov differ diff --git a/examples/bind/corpus/3e77be4cd0dd3afd98a141ce891693bf.000037a1.honggfuzz.cov b/examples/bind/corpus/3e77be4cd0dd3afd98a141ce891693bf.000037a1.honggfuzz.cov deleted file mode 100644 index d9ba434a..00000000 Binary files a/examples/bind/corpus/3e77be4cd0dd3afd98a141ce891693bf.000037a1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3e8cad5dbb77468332ee265c509f4fe7.0001ecf3.honggfuzz.cov b/examples/bind/corpus/3e8cad5dbb77468332ee265c509f4fe7.0001ecf3.honggfuzz.cov deleted file mode 100644 index 78294901..00000000 Binary files a/examples/bind/corpus/3e8cad5dbb77468332ee265c509f4fe7.0001ecf3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3e9840cdf8f54bf5982ce825a1861715.00000094.honggfuzz.cov b/examples/bind/corpus/3e9840cdf8f54bf5982ce825a1861715.00000094.honggfuzz.cov new file mode 100644 index 00000000..3f036c07 Binary files /dev/null and b/examples/bind/corpus/3e9840cdf8f54bf5982ce825a1861715.00000094.honggfuzz.cov differ diff --git a/examples/bind/corpus/3e9c0fa2fdf5a7d2f10337426ba58fed.0000001d.honggfuzz.cov b/examples/bind/corpus/3e9c0fa2fdf5a7d2f10337426ba58fed.0000001d.honggfuzz.cov new file mode 100644 index 00000000..2f8fcb58 Binary files /dev/null and b/examples/bind/corpus/3e9c0fa2fdf5a7d2f10337426ba58fed.0000001d.honggfuzz.cov differ diff --git a/examples/bind/corpus/3e9eb5416d5426bf2671f4b270f29ff7.000101d0.honggfuzz.cov b/examples/bind/corpus/3e9eb5416d5426bf2671f4b270f29ff7.000101d0.honggfuzz.cov new file mode 100644 index 00000000..f4f5e151 Binary files /dev/null and b/examples/bind/corpus/3e9eb5416d5426bf2671f4b270f29ff7.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/3eb723a29dc4c016b1d8d1a8fede36f2.00000272.honggfuzz.cov b/examples/bind/corpus/3eb723a29dc4c016b1d8d1a8fede36f2.00000272.honggfuzz.cov new file mode 100644 index 00000000..f0aa9eb9 Binary files /dev/null and b/examples/bind/corpus/3eb723a29dc4c016b1d8d1a8fede36f2.00000272.honggfuzz.cov differ diff --git a/examples/bind/corpus/3ebb87e8dcb947ab5519a1aa44277fcf.00000080.honggfuzz.cov b/examples/bind/corpus/3ebb87e8dcb947ab5519a1aa44277fcf.00000080.honggfuzz.cov deleted file mode 100644 index 42ce310c..00000000 Binary files a/examples/bind/corpus/3ebb87e8dcb947ab5519a1aa44277fcf.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3f0060b11c4ea864d46ca0fa4df42f5f.00000085.honggfuzz.cov b/examples/bind/corpus/3f0060b11c4ea864d46ca0fa4df42f5f.00000085.honggfuzz.cov deleted file mode 100644 index b3b3b5af..00000000 Binary files a/examples/bind/corpus/3f0060b11c4ea864d46ca0fa4df42f5f.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3f091bd07df3d12bef68fa230fd14cca.00000085.honggfuzz.cov b/examples/bind/corpus/3f091bd07df3d12bef68fa230fd14cca.00000085.honggfuzz.cov deleted file mode 100644 index 0031d549..00000000 Binary files a/examples/bind/corpus/3f091bd07df3d12bef68fa230fd14cca.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3f091bd1a683d12bff683d3eb90a217d.00000085.honggfuzz.cov b/examples/bind/corpus/3f091bd1a683d12bff683d3eb90a217d.00000085.honggfuzz.cov new file mode 100644 index 00000000..88e9175d Binary files /dev/null and b/examples/bind/corpus/3f091bd1a683d12bff683d3eb90a217d.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/3f0b5463a3dcb42149bd72265473ace7.000001b9.honggfuzz.cov b/examples/bind/corpus/3f0b5463a3dcb42149bd72265473ace7.000001b9.honggfuzz.cov new file mode 100644 index 00000000..78f28eab Binary files /dev/null and b/examples/bind/corpus/3f0b5463a3dcb42149bd72265473ace7.000001b9.honggfuzz.cov differ diff --git a/examples/bind/corpus/3f233263057262ce3ff68212468fff2a.00000085.honggfuzz.cov b/examples/bind/corpus/3f233263057262ce3ff68212468fff2a.00000085.honggfuzz.cov deleted file mode 100644 index 79cd454d..00000000 Binary files a/examples/bind/corpus/3f233263057262ce3ff68212468fff2a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3f3c030043a3be262349a294338a82d0.0000077f.honggfuzz.cov b/examples/bind/corpus/3f3c030043a3be262349a294338a82d0.0000077f.honggfuzz.cov deleted file mode 100644 index 56554494..00000000 Binary files a/examples/bind/corpus/3f3c030043a3be262349a294338a82d0.0000077f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3f45baf13978fc0615f48f2b93a41498.00000094.honggfuzz.cov b/examples/bind/corpus/3f45baf13978fc0615f48f2b93a41498.00000094.honggfuzz.cov deleted file mode 100644 index 9bdadc33..00000000 Binary files a/examples/bind/corpus/3f45baf13978fc0615f48f2b93a41498.00000094.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3f4c3119090a061f16e71f8e4631071e.000001de.honggfuzz.cov b/examples/bind/corpus/3f4c3119090a061f16e71f8e4631071e.000001de.honggfuzz.cov deleted file mode 100644 index 07d7ec2d..00000000 Binary files a/examples/bind/corpus/3f4c3119090a061f16e71f8e4631071e.000001de.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3f5c2ce44773804d4bd0ef560e413597.000001bc.honggfuzz.cov b/examples/bind/corpus/3f5c2ce44773804d4bd0ef560e413597.000001bc.honggfuzz.cov new file mode 100644 index 00000000..ae455104 Binary files /dev/null and b/examples/bind/corpus/3f5c2ce44773804d4bd0ef560e413597.000001bc.honggfuzz.cov differ diff --git a/examples/bind/corpus/3f5ed01eb754d5d933eb38223e11211b.000000f9.honggfuzz.cov b/examples/bind/corpus/3f5ed01eb754d5d933eb38223e11211b.000000f9.honggfuzz.cov deleted file mode 100644 index 7b113706..00000000 Binary files a/examples/bind/corpus/3f5ed01eb754d5d933eb38223e11211b.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3f7ec200013c494097a906a9c8f22282.00000083.honggfuzz.cov b/examples/bind/corpus/3f7ec200013c494097a906a9c8f22282.00000083.honggfuzz.cov deleted file mode 100644 index 9e91f16c..00000000 Binary files a/examples/bind/corpus/3f7ec200013c494097a906a9c8f22282.00000083.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3f803459cc25c1752ac40fb4c3aa4ac6.000000f9.honggfuzz.cov b/examples/bind/corpus/3f803459cc25c1752ac40fb4c3aa4ac6.000000f9.honggfuzz.cov deleted file mode 100644 index 6614d5f2..00000000 Binary files a/examples/bind/corpus/3f803459cc25c1752ac40fb4c3aa4ac6.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3f8c06f3610259749f5919efd3470aaa.00020000.honggfuzz.cov b/examples/bind/corpus/3f8c06f3610259749f5919efd3470aaa.00020000.honggfuzz.cov deleted file mode 100644 index b262a820..00000000 Binary files a/examples/bind/corpus/3f8c06f3610259749f5919efd3470aaa.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3fa40ff0478171b77f99b4a0caed2fcd.00002ac5.honggfuzz.cov b/examples/bind/corpus/3fa40ff0478171b77f99b4a0caed2fcd.00002ac5.honggfuzz.cov deleted file mode 100644 index 0756e39f..00000000 Binary files a/examples/bind/corpus/3fa40ff0478171b77f99b4a0caed2fcd.00002ac5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3fa91afcf6a46f5e264ab2b6549aaaeb.000002a9.honggfuzz.cov b/examples/bind/corpus/3fa91afcf6a46f5e264ab2b6549aaaeb.000002a9.honggfuzz.cov new file mode 100644 index 00000000..3f001b56 Binary files /dev/null and b/examples/bind/corpus/3fa91afcf6a46f5e264ab2b6549aaaeb.000002a9.honggfuzz.cov differ diff --git a/examples/bind/corpus/3faedc5bc5fb9906c21dc393d23e8011.00000126.honggfuzz.cov b/examples/bind/corpus/3faedc5bc5fb9906c21dc393d23e8011.00000126.honggfuzz.cov deleted file mode 100644 index a2da0c55..00000000 Binary files a/examples/bind/corpus/3faedc5bc5fb9906c21dc393d23e8011.00000126.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3fc667fc09983ebb053c10eb0ed94375.000001d5.honggfuzz.cov b/examples/bind/corpus/3fc667fc09983ebb053c10eb0ed94375.000001d5.honggfuzz.cov new file mode 100644 index 00000000..1e98cbbf Binary files /dev/null and b/examples/bind/corpus/3fc667fc09983ebb053c10eb0ed94375.000001d5.honggfuzz.cov differ diff --git a/examples/bind/corpus/3fcb3d906949f2253ffdd5399658f98f.0000c1d1.honggfuzz.cov b/examples/bind/corpus/3fcb3d906949f2253ffdd5399658f98f.0000c1d1.honggfuzz.cov deleted file mode 100644 index b4fef8b2..00000000 Binary files a/examples/bind/corpus/3fcb3d906949f2253ffdd5399658f98f.0000c1d1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/3fd160d86480f74a5b15de449d78e26e.00000cd7.honggfuzz.cov b/examples/bind/corpus/3fd160d86480f74a5b15de449d78e26e.00000cd7.honggfuzz.cov new file mode 100644 index 00000000..21e0cb95 Binary files /dev/null and b/examples/bind/corpus/3fd160d86480f74a5b15de449d78e26e.00000cd7.honggfuzz.cov differ diff --git a/examples/bind/corpus/3ffe53597fd42261fc5dcd63654ce0a8.0000030c.honggfuzz.cov b/examples/bind/corpus/3ffe53597fd42261fc5dcd63654ce0a8.0000030c.honggfuzz.cov new file mode 100644 index 00000000..33292341 Binary files /dev/null and b/examples/bind/corpus/3ffe53597fd42261fc5dcd63654ce0a8.0000030c.honggfuzz.cov differ diff --git a/examples/bind/corpus/4016b2efc29cb3fed060562f6c2c74a2.0000097e.honggfuzz.cov b/examples/bind/corpus/4016b2efc29cb3fed060562f6c2c74a2.0000097e.honggfuzz.cov new file mode 100644 index 00000000..fbaa9101 Binary files /dev/null and b/examples/bind/corpus/4016b2efc29cb3fed060562f6c2c74a2.0000097e.honggfuzz.cov differ diff --git a/examples/bind/corpus/402a2bf52aefe603c2996a3002e975f2.00000080.honggfuzz.cov b/examples/bind/corpus/402a2bf52aefe603c2996a3002e975f2.00000080.honggfuzz.cov new file mode 100644 index 00000000..9a7d87a7 Binary files /dev/null and b/examples/bind/corpus/402a2bf52aefe603c2996a3002e975f2.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/402df9cb27dfb552e73e93765dca4171.0000031e.honggfuzz.cov b/examples/bind/corpus/402df9cb27dfb552e73e93765dca4171.0000031e.honggfuzz.cov new file mode 100644 index 00000000..63287044 Binary files /dev/null and b/examples/bind/corpus/402df9cb27dfb552e73e93765dca4171.0000031e.honggfuzz.cov differ diff --git a/examples/bind/corpus/4058c136ee7d3b9584b4733f9d450b74.00000085.honggfuzz.cov b/examples/bind/corpus/4058c136ee7d3b9584b4733f9d450b74.00000085.honggfuzz.cov new file mode 100644 index 00000000..bf0d3be9 Binary files /dev/null and b/examples/bind/corpus/4058c136ee7d3b9584b4733f9d450b74.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/405d104a3f27a372f2fd547be0fe493b.0001f7e8.honggfuzz.cov b/examples/bind/corpus/405d104a3f27a372f2fd547be0fe493b.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..ccf1fc47 Binary files /dev/null and b/examples/bind/corpus/405d104a3f27a372f2fd547be0fe493b.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/406cda5cb9b5e02d5675a3823998436a.00000056.honggfuzz.cov b/examples/bind/corpus/406cda5cb9b5e02d5675a3823998436a.00000056.honggfuzz.cov new file mode 100644 index 00000000..690f2f54 Binary files /dev/null and b/examples/bind/corpus/406cda5cb9b5e02d5675a3823998436a.00000056.honggfuzz.cov differ diff --git a/examples/bind/corpus/408550feba77952af4bb1afa73ce647a.00000b55.honggfuzz.cov b/examples/bind/corpus/408550feba77952af4bb1afa73ce647a.00000b55.honggfuzz.cov deleted file mode 100644 index 39952d4c..00000000 Binary files a/examples/bind/corpus/408550feba77952af4bb1afa73ce647a.00000b55.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/40989aef3798a552e530c8baacc25d00.000000d5.honggfuzz.cov b/examples/bind/corpus/40989aef3798a552e530c8baacc25d00.000000d5.honggfuzz.cov new file mode 100644 index 00000000..556135d9 Binary files /dev/null and b/examples/bind/corpus/40989aef3798a552e530c8baacc25d00.000000d5.honggfuzz.cov differ diff --git a/examples/bind/corpus/4098cf2d91883eb4a4cbee52e664cc63.00000080.honggfuzz.cov b/examples/bind/corpus/4098cf2d91883eb4a4cbee52e664cc63.00000080.honggfuzz.cov new file mode 100644 index 00000000..d202fc83 Binary files /dev/null and b/examples/bind/corpus/4098cf2d91883eb4a4cbee52e664cc63.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/40b09916393cc55cc36bc8415061e0a2.00000024.honggfuzz.cov b/examples/bind/corpus/40b09916393cc55cc36bc8415061e0a2.00000024.honggfuzz.cov new file mode 100644 index 00000000..d2373bd6 Binary files /dev/null and b/examples/bind/corpus/40b09916393cc55cc36bc8415061e0a2.00000024.honggfuzz.cov differ diff --git a/examples/bind/corpus/40cd40f33d97e9746f8106a1f2560a7e.000006a9.honggfuzz.cov b/examples/bind/corpus/40cd40f33d97e9746f8106a1f2560a7e.000006a9.honggfuzz.cov deleted file mode 100644 index 23809746..00000000 Binary files a/examples/bind/corpus/40cd40f33d97e9746f8106a1f2560a7e.000006a9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/40d5299e5135fa18d852238df1fc5c6c.0000001d.honggfuzz.cov b/examples/bind/corpus/40d5299e5135fa18d852238df1fc5c6c.0000001d.honggfuzz.cov deleted file mode 100644 index 276a7fe4..00000000 Binary files a/examples/bind/corpus/40d5299e5135fa18d852238df1fc5c6c.0000001d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/40ea4615e039fba82d89741e356c5db7.0000001d.honggfuzz.cov b/examples/bind/corpus/40ea4615e039fba82d89741e356c5db7.0000001d.honggfuzz.cov new file mode 100644 index 00000000..112e3364 Binary files /dev/null and b/examples/bind/corpus/40ea4615e039fba82d89741e356c5db7.0000001d.honggfuzz.cov differ diff --git a/examples/bind/corpus/41079ed884d2baeacfb607ede2adb25f.00000085.honggfuzz.cov b/examples/bind/corpus/41079ed884d2baeacfb607ede2adb25f.00000085.honggfuzz.cov deleted file mode 100644 index 37e3446d..00000000 Binary files a/examples/bind/corpus/41079ed884d2baeacfb607ede2adb25f.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4113166509a037316d74c321f2229d37.00020000.honggfuzz.cov b/examples/bind/corpus/4113166509a037316d74c321f2229d37.00020000.honggfuzz.cov deleted file mode 100644 index 051e8a1a..00000000 Binary files a/examples/bind/corpus/4113166509a037316d74c321f2229d37.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/41282c5be007f089d337f9003486c23d.00000092.honggfuzz.cov b/examples/bind/corpus/41282c5be007f089d337f9003486c23d.00000092.honggfuzz.cov deleted file mode 100644 index 3aa5391d..00000000 Binary files a/examples/bind/corpus/41282c5be007f089d337f9003486c23d.00000092.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4147351ad94b7d294b4c66860e603e67.0001a902.honggfuzz.cov b/examples/bind/corpus/4147351ad94b7d294b4c66860e603e67.0001a902.honggfuzz.cov deleted file mode 100644 index 9a70da67..00000000 Binary files a/examples/bind/corpus/4147351ad94b7d294b4c66860e603e67.0001a902.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/414c9d2f7d09e817928cf596dcf284c3.0001153e.honggfuzz.cov b/examples/bind/corpus/414c9d2f7d09e817928cf596dcf284c3.0001153e.honggfuzz.cov new file mode 100644 index 00000000..756b534d Binary files /dev/null and b/examples/bind/corpus/414c9d2f7d09e817928cf596dcf284c3.0001153e.honggfuzz.cov differ diff --git a/examples/bind/corpus/41899af825b6fce7ad74e0389a08ec37.00000035.honggfuzz.cov b/examples/bind/corpus/41899af825b6fce7ad74e0389a08ec37.00000035.honggfuzz.cov deleted file mode 100644 index 8c21406a..00000000 Binary files a/examples/bind/corpus/41899af825b6fce7ad74e0389a08ec37.00000035.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/41b2bf6d585a717ec3a08c7ee2ae811d.00000bb8.honggfuzz.cov b/examples/bind/corpus/41b2bf6d585a717ec3a08c7ee2ae811d.00000bb8.honggfuzz.cov new file mode 100644 index 00000000..89d0a481 Binary files /dev/null and b/examples/bind/corpus/41b2bf6d585a717ec3a08c7ee2ae811d.00000bb8.honggfuzz.cov differ diff --git a/examples/bind/corpus/41dbe80f6f84abc6d5ba454e3eeb99fc.00016ced.honggfuzz.cov b/examples/bind/corpus/41dbe80f6f84abc6d5ba454e3eeb99fc.00016ced.honggfuzz.cov deleted file mode 100644 index 89380e2a..00000000 Binary files a/examples/bind/corpus/41dbe80f6f84abc6d5ba454e3eeb99fc.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/420306a599cc67a0df7130861ee6203e.0000002e.honggfuzz.cov b/examples/bind/corpus/420306a599cc67a0df7130861ee6203e.0000002e.honggfuzz.cov new file mode 100644 index 00000000..3c9dc973 Binary files /dev/null and b/examples/bind/corpus/420306a599cc67a0df7130861ee6203e.0000002e.honggfuzz.cov differ diff --git a/examples/bind/corpus/4216d0fac1901af468fe4ede4d18201e.00006b46.honggfuzz.cov b/examples/bind/corpus/4216d0fac1901af468fe4ede4d18201e.00006b46.honggfuzz.cov new file mode 100644 index 00000000..4662fd26 Binary files /dev/null and b/examples/bind/corpus/4216d0fac1901af468fe4ede4d18201e.00006b46.honggfuzz.cov differ diff --git a/examples/bind/corpus/422b34282efa920ff91bb1a9090dcb38.00000400.honggfuzz.cov b/examples/bind/corpus/422b34282efa920ff91bb1a9090dcb38.00000400.honggfuzz.cov new file mode 100644 index 00000000..050beb6f Binary files /dev/null and b/examples/bind/corpus/422b34282efa920ff91bb1a9090dcb38.00000400.honggfuzz.cov differ diff --git a/examples/bind/corpus/42368f7aadb49549bd9ffdaff74d8e06.000002e6.honggfuzz.cov b/examples/bind/corpus/42368f7aadb49549bd9ffdaff74d8e06.000002e6.honggfuzz.cov deleted file mode 100644 index 6f9c00a4..00000000 Binary files a/examples/bind/corpus/42368f7aadb49549bd9ffdaff74d8e06.000002e6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/423addc7913676ede3291af866992142.00005312.honggfuzz.cov b/examples/bind/corpus/423addc7913676ede3291af866992142.00005312.honggfuzz.cov deleted file mode 100644 index 5ba37957..00000000 Binary files a/examples/bind/corpus/423addc7913676ede3291af866992142.00005312.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4266eb7b9ceb69f1dacba416541d8e18.000000f7.honggfuzz.cov b/examples/bind/corpus/4266eb7b9ceb69f1dacba416541d8e18.000000f7.honggfuzz.cov new file mode 100644 index 00000000..721f232b Binary files /dev/null and b/examples/bind/corpus/4266eb7b9ceb69f1dacba416541d8e18.000000f7.honggfuzz.cov differ diff --git a/examples/bind/corpus/42a7641aad7d2944826b6a2341024f8b.00000123.honggfuzz.cov b/examples/bind/corpus/42a7641aad7d2944826b6a2341024f8b.00000123.honggfuzz.cov deleted file mode 100644 index 3ab8ea94..00000000 Binary files a/examples/bind/corpus/42a7641aad7d2944826b6a2341024f8b.00000123.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/42c9b1f340abbd60548df9b37c1ec674.00000080.honggfuzz.cov b/examples/bind/corpus/42c9b1f340abbd60548df9b37c1ec674.00000080.honggfuzz.cov new file mode 100644 index 00000000..24a96ee2 Binary files /dev/null and b/examples/bind/corpus/42c9b1f340abbd60548df9b37c1ec674.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/42ccd5be86fdb06b0b7a37bd90e63c11.000010cd.honggfuzz.cov b/examples/bind/corpus/42ccd5be86fdb06b0b7a37bd90e63c11.000010cd.honggfuzz.cov new file mode 100644 index 00000000..f2f5b128 Binary files /dev/null and b/examples/bind/corpus/42ccd5be86fdb06b0b7a37bd90e63c11.000010cd.honggfuzz.cov differ diff --git a/examples/bind/corpus/42cf3e50e582f0df31e5f6fb86e1a05f.00000181.honggfuzz.cov b/examples/bind/corpus/42cf3e50e582f0df31e5f6fb86e1a05f.00000181.honggfuzz.cov deleted file mode 100644 index 17720bd6..00000000 Binary files a/examples/bind/corpus/42cf3e50e582f0df31e5f6fb86e1a05f.00000181.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/42dd2f51bbb6d50b9f1cac087165fe20.00002a10.honggfuzz.cov b/examples/bind/corpus/42dd2f51bbb6d50b9f1cac087165fe20.00002a10.honggfuzz.cov new file mode 100644 index 00000000..01487a43 Binary files /dev/null and b/examples/bind/corpus/42dd2f51bbb6d50b9f1cac087165fe20.00002a10.honggfuzz.cov differ diff --git a/examples/bind/corpus/42f75818630eedb7b46f0f65c0769fc8.0000009c.honggfuzz.cov b/examples/bind/corpus/42f75818630eedb7b46f0f65c0769fc8.0000009c.honggfuzz.cov new file mode 100644 index 00000000..afac4f6e Binary files /dev/null and b/examples/bind/corpus/42f75818630eedb7b46f0f65c0769fc8.0000009c.honggfuzz.cov differ diff --git a/examples/bind/corpus/43050e23d5e688e007efe7db27cbc591.000000c0.honggfuzz.cov b/examples/bind/corpus/43050e23d5e688e007efe7db27cbc591.000000c0.honggfuzz.cov deleted file mode 100644 index ffa9afe0..00000000 Binary files a/examples/bind/corpus/43050e23d5e688e007efe7db27cbc591.000000c0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4308a81f82c2b84f540c2e1825d657d3.00000400.honggfuzz.cov b/examples/bind/corpus/4308a81f82c2b84f540c2e1825d657d3.00000400.honggfuzz.cov deleted file mode 100644 index e6977275..00000000 Binary files a/examples/bind/corpus/4308a81f82c2b84f540c2e1825d657d3.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/431cd25eaa7baee41ed4cd8cf39d1305.00000085.honggfuzz.cov b/examples/bind/corpus/431cd25eaa7baee41ed4cd8cf39d1305.00000085.honggfuzz.cov deleted file mode 100644 index f29d43e5..00000000 Binary files a/examples/bind/corpus/431cd25eaa7baee41ed4cd8cf39d1305.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4326007a83993129f3a4e9cf0b8d240c.00000040.honggfuzz.cov b/examples/bind/corpus/4326007a83993129f3a4e9cf0b8d240c.00000040.honggfuzz.cov new file mode 100644 index 00000000..cc083ff0 Binary files /dev/null and b/examples/bind/corpus/4326007a83993129f3a4e9cf0b8d240c.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/4340e9cf22c1e65a82a461299af2334a.00001446.honggfuzz.cov b/examples/bind/corpus/4340e9cf22c1e65a82a461299af2334a.00001446.honggfuzz.cov new file mode 100644 index 00000000..89c8b85b Binary files /dev/null and b/examples/bind/corpus/4340e9cf22c1e65a82a461299af2334a.00001446.honggfuzz.cov differ diff --git a/examples/bind/corpus/434cbb0938b1f4ebda1f28d932aee917.00000085.honggfuzz.cov b/examples/bind/corpus/434cbb0938b1f4ebda1f28d932aee917.00000085.honggfuzz.cov deleted file mode 100644 index 34e7b32f..00000000 Binary files a/examples/bind/corpus/434cbb0938b1f4ebda1f28d932aee917.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/435421aae811e4b54092e121e08fd236.00000085.honggfuzz.cov b/examples/bind/corpus/435421aae811e4b54092e121e08fd236.00000085.honggfuzz.cov deleted file mode 100644 index 06f2570f..00000000 Binary files a/examples/bind/corpus/435421aae811e4b54092e121e08fd236.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/436079eb7940c4ae01a1be3c3a6be5fd.0003f045.honggfuzz.cov b/examples/bind/corpus/436079eb7940c4ae01a1be3c3a6be5fd.0003f045.honggfuzz.cov deleted file mode 100644 index 9aa8e154..00000000 Binary files a/examples/bind/corpus/436079eb7940c4ae01a1be3c3a6be5fd.0003f045.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4361d619f06192a7999e32028744b1cc.00000077.honggfuzz.cov b/examples/bind/corpus/4361d619f06192a7999e32028744b1cc.00000077.honggfuzz.cov deleted file mode 100644 index 4572d330..00000000 Binary files a/examples/bind/corpus/4361d619f06192a7999e32028744b1cc.00000077.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/437d72bf5488ebe3c997d86b73325ab1.0000009e.honggfuzz.cov b/examples/bind/corpus/437d72bf5488ebe3c997d86b73325ab1.0000009e.honggfuzz.cov deleted file mode 100644 index 4ddf9727..00000000 Binary files a/examples/bind/corpus/437d72bf5488ebe3c997d86b73325ab1.0000009e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/438b43119187854774d25e2747a525db.0000001c.honggfuzz.cov b/examples/bind/corpus/438b43119187854774d25e2747a525db.0000001c.honggfuzz.cov new file mode 100644 index 00000000..950b2799 Binary files /dev/null and b/examples/bind/corpus/438b43119187854774d25e2747a525db.0000001c.honggfuzz.cov differ diff --git a/examples/bind/corpus/43ac683c9eff9a494ea6c5b392a8e72e.0000049c.honggfuzz.cov b/examples/bind/corpus/43ac683c9eff9a494ea6c5b392a8e72e.0000049c.honggfuzz.cov deleted file mode 100644 index 8750e158..00000000 Binary files a/examples/bind/corpus/43ac683c9eff9a494ea6c5b392a8e72e.0000049c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/43b73f4a2f4721ba7a4e2333ba3610db.00000127.honggfuzz.cov b/examples/bind/corpus/43b73f4a2f4721ba7a4e2333ba3610db.00000127.honggfuzz.cov new file mode 100644 index 00000000..ac9f7fd9 Binary files /dev/null and b/examples/bind/corpus/43b73f4a2f4721ba7a4e2333ba3610db.00000127.honggfuzz.cov differ diff --git a/examples/bind/corpus/43bb91f48bbca11cd081ca87d11b72ad.00002000.honggfuzz.cov b/examples/bind/corpus/43bb91f48bbca11cd081ca87d11b72ad.00002000.honggfuzz.cov new file mode 100644 index 00000000..c42da7a4 Binary files /dev/null and b/examples/bind/corpus/43bb91f48bbca11cd081ca87d11b72ad.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/43e895a9c718776b64fe97e5886c7b6d.000196e0.honggfuzz.cov b/examples/bind/corpus/43e895a9c718776b64fe97e5886c7b6d.000196e0.honggfuzz.cov deleted file mode 100644 index 5bc61693..00000000 Binary files a/examples/bind/corpus/43e895a9c718776b64fe97e5886c7b6d.000196e0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/43eb3241981661605216da6cdbcbb2da.00000085.honggfuzz.cov b/examples/bind/corpus/43eb3241981661605216da6cdbcbb2da.00000085.honggfuzz.cov deleted file mode 100644 index 6d7ba332..00000000 Binary files a/examples/bind/corpus/43eb3241981661605216da6cdbcbb2da.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/43ec76b5147df29edf4773ec61e10ffd.00000080.honggfuzz.cov b/examples/bind/corpus/43ec76b5147df29edf4773ec61e10ffd.00000080.honggfuzz.cov new file mode 100644 index 00000000..32ea90ad Binary files /dev/null and b/examples/bind/corpus/43ec76b5147df29edf4773ec61e10ffd.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/43f4bdaa69b1dbb46be9e02e00323f1a.000000f7.honggfuzz.cov b/examples/bind/corpus/43f4bdaa69b1dbb46be9e02e00323f1a.000000f7.honggfuzz.cov deleted file mode 100644 index 36773056..00000000 Binary files a/examples/bind/corpus/43f4bdaa69b1dbb46be9e02e00323f1a.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4470b5f31d93aa4bb255d5a5b3cc4740.00001ffb.honggfuzz.cov b/examples/bind/corpus/4470b5f31d93aa4bb255d5a5b3cc4740.00001ffb.honggfuzz.cov deleted file mode 100644 index cad47191..00000000 Binary files a/examples/bind/corpus/4470b5f31d93aa4bb255d5a5b3cc4740.00001ffb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/44884b7abb5dacf5f96d969d14fdb925.000075e1.honggfuzz.cov b/examples/bind/corpus/44884b7abb5dacf5f96d969d14fdb925.000075e1.honggfuzz.cov new file mode 100644 index 00000000..79b31306 Binary files /dev/null and b/examples/bind/corpus/44884b7abb5dacf5f96d969d14fdb925.000075e1.honggfuzz.cov differ diff --git a/examples/bind/corpus/4492e311548f10ab95ed4a4fc521077d.0000004a.honggfuzz.cov b/examples/bind/corpus/4492e311548f10ab95ed4a4fc521077d.0000004a.honggfuzz.cov deleted file mode 100644 index 36969bed..00000000 Binary files a/examples/bind/corpus/4492e311548f10ab95ed4a4fc521077d.0000004a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/44aec5d3d73651da3a1a4416cd526d27.0000197d.honggfuzz.cov b/examples/bind/corpus/44aec5d3d73651da3a1a4416cd526d27.0000197d.honggfuzz.cov deleted file mode 100644 index 29bd8d2c..00000000 Binary files a/examples/bind/corpus/44aec5d3d73651da3a1a4416cd526d27.0000197d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/44bdd8e468974403ab30bf1b76205448.0000e721.honggfuzz.cov b/examples/bind/corpus/44bdd8e468974403ab30bf1b76205448.0000e721.honggfuzz.cov deleted file mode 100644 index ca178c86..00000000 Binary files a/examples/bind/corpus/44bdd8e468974403ab30bf1b76205448.0000e721.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/44cd46983793c5f4939156df3ec39189.00000133.honggfuzz.cov b/examples/bind/corpus/44cd46983793c5f4939156df3ec39189.00000133.honggfuzz.cov new file mode 100644 index 00000000..b1a5a72d Binary files /dev/null and b/examples/bind/corpus/44cd46983793c5f4939156df3ec39189.00000133.honggfuzz.cov differ diff --git a/examples/bind/corpus/44dbadadef0a9d85d5d58bcf4da6bc0f.00000400.honggfuzz.cov b/examples/bind/corpus/44dbadadef0a9d85d5d58bcf4da6bc0f.00000400.honggfuzz.cov deleted file mode 100644 index b3a608c8..00000000 Binary files a/examples/bind/corpus/44dbadadef0a9d85d5d58bcf4da6bc0f.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/44e4401958f19e6c0e39a41bc9561bf9.00045055.honggfuzz.cov b/examples/bind/corpus/44e4401958f19e6c0e39a41bc9561bf9.00045055.honggfuzz.cov deleted file mode 100644 index e437aa23..00000000 Binary files a/examples/bind/corpus/44e4401958f19e6c0e39a41bc9561bf9.00045055.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/450a642eed8d0e1ff2ac229ecc334e15.00000400.honggfuzz.cov b/examples/bind/corpus/450a642eed8d0e1ff2ac229ecc334e15.00000400.honggfuzz.cov deleted file mode 100644 index c710006b..00000000 Binary files a/examples/bind/corpus/450a642eed8d0e1ff2ac229ecc334e15.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4517c0eb4ee53011f9e60fd4458daf72.000004e8.honggfuzz.cov b/examples/bind/corpus/4517c0eb4ee53011f9e60fd4458daf72.000004e8.honggfuzz.cov deleted file mode 100644 index 9d94a3c0..00000000 Binary files a/examples/bind/corpus/4517c0eb4ee53011f9e60fd4458daf72.000004e8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/452fda63684a6e47698826018138154c.000006a9.honggfuzz.cov b/examples/bind/corpus/452fda63684a6e47698826018138154c.000006a9.honggfuzz.cov deleted file mode 100644 index ff766e48..00000000 Binary files a/examples/bind/corpus/452fda63684a6e47698826018138154c.000006a9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/455b3c1c72d304a014696e6bd70af54e.0000005f.honggfuzz.cov b/examples/bind/corpus/455b3c1c72d304a014696e6bd70af54e.0000005f.honggfuzz.cov new file mode 100644 index 00000000..32361e17 Binary files /dev/null and b/examples/bind/corpus/455b3c1c72d304a014696e6bd70af54e.0000005f.honggfuzz.cov differ diff --git a/examples/bind/corpus/455ced66ea65707c4ceab99089454191.00000400.honggfuzz.cov b/examples/bind/corpus/455ced66ea65707c4ceab99089454191.00000400.honggfuzz.cov deleted file mode 100644 index e3b1ea7a..00000000 Binary files a/examples/bind/corpus/455ced66ea65707c4ceab99089454191.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/457b24916c45ae9e41fb0f6b3d630f02.00000892.honggfuzz.cov b/examples/bind/corpus/457b24916c45ae9e41fb0f6b3d630f02.00000892.honggfuzz.cov deleted file mode 100644 index 5ec58451..00000000 Binary files a/examples/bind/corpus/457b24916c45ae9e41fb0f6b3d630f02.00000892.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4583d6ad8e705f7a382d9aee9c370c13.00000085.honggfuzz.cov b/examples/bind/corpus/4583d6ad8e705f7a382d9aee9c370c13.00000085.honggfuzz.cov deleted file mode 100644 index 570e1306..00000000 Binary files a/examples/bind/corpus/4583d6ad8e705f7a382d9aee9c370c13.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/45ba71c3a3d9142679e6bdb5bba9e83f.00000085.honggfuzz.cov b/examples/bind/corpus/45ba71c3a3d9142679e6bdb5bba9e83f.00000085.honggfuzz.cov deleted file mode 100644 index e694a73c..00000000 Binary files a/examples/bind/corpus/45ba71c3a3d9142679e6bdb5bba9e83f.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/45cabb4f6a765de37721f5c30b6206bf.0000002b.honggfuzz.cov b/examples/bind/corpus/45cabb4f6a765de37721f5c30b6206bf.0000002b.honggfuzz.cov deleted file mode 100644 index 2842dc7c..00000000 Binary files a/examples/bind/corpus/45cabb4f6a765de37721f5c30b6206bf.0000002b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/45e1bf462e4f141a2eadf01acb8bad48.000000a6.honggfuzz.cov b/examples/bind/corpus/45e1bf462e4f141a2eadf01acb8bad48.000000a6.honggfuzz.cov new file mode 100644 index 00000000..c56d7bba Binary files /dev/null and b/examples/bind/corpus/45e1bf462e4f141a2eadf01acb8bad48.000000a6.honggfuzz.cov differ diff --git a/examples/bind/corpus/460b60c88bcac1944a9543f1104d31ab.00000056.honggfuzz.cov b/examples/bind/corpus/460b60c88bcac1944a9543f1104d31ab.00000056.honggfuzz.cov deleted file mode 100644 index 9e1c27aa..00000000 Binary files a/examples/bind/corpus/460b60c88bcac1944a9543f1104d31ab.00000056.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4614075307774d6afd3f46839df6fd28.00000118.honggfuzz.cov b/examples/bind/corpus/4614075307774d6afd3f46839df6fd28.00000118.honggfuzz.cov new file mode 100644 index 00000000..39f48557 Binary files /dev/null and b/examples/bind/corpus/4614075307774d6afd3f46839df6fd28.00000118.honggfuzz.cov differ diff --git a/examples/bind/corpus/463cf81722d2045a663d48e961145299.0007695a.honggfuzz.cov b/examples/bind/corpus/463cf81722d2045a663d48e961145299.0007695a.honggfuzz.cov deleted file mode 100644 index bebee3a9..00000000 Binary files a/examples/bind/corpus/463cf81722d2045a663d48e961145299.0007695a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/463d021b945b2ba1ce4707bd1d5fe4bd.000001ab.honggfuzz.cov b/examples/bind/corpus/463d021b945b2ba1ce4707bd1d5fe4bd.000001ab.honggfuzz.cov deleted file mode 100644 index cac74d3c..00000000 Binary files a/examples/bind/corpus/463d021b945b2ba1ce4707bd1d5fe4bd.000001ab.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/46515209dc700c8c74bb31a6ba9754b2.00002710.honggfuzz.cov b/examples/bind/corpus/46515209dc700c8c74bb31a6ba9754b2.00002710.honggfuzz.cov new file mode 100644 index 00000000..16c68782 Binary files /dev/null and b/examples/bind/corpus/46515209dc700c8c74bb31a6ba9754b2.00002710.honggfuzz.cov differ diff --git a/examples/bind/corpus/465ac146631215422ea57077a25940df.00002a35.honggfuzz.cov b/examples/bind/corpus/465ac146631215422ea57077a25940df.00002a35.honggfuzz.cov deleted file mode 100644 index 77fc1202..00000000 Binary files a/examples/bind/corpus/465ac146631215422ea57077a25940df.00002a35.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4667493408df9d1fc92f019e1f8a0bc2.00000040.honggfuzz.cov b/examples/bind/corpus/4667493408df9d1fc92f019e1f8a0bc2.00000040.honggfuzz.cov new file mode 100644 index 00000000..5968c78a Binary files /dev/null and b/examples/bind/corpus/4667493408df9d1fc92f019e1f8a0bc2.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/466d5a9f5098e35d40444028c6c5ed1b.00001cf2.honggfuzz.cov b/examples/bind/corpus/466d5a9f5098e35d40444028c6c5ed1b.00001cf2.honggfuzz.cov deleted file mode 100644 index 0e2d73c9..00000000 Binary files a/examples/bind/corpus/466d5a9f5098e35d40444028c6c5ed1b.00001cf2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/467c5d7dc54cee73ddef31b34f521195.00016ced.honggfuzz.cov b/examples/bind/corpus/467c5d7dc54cee73ddef31b34f521195.00016ced.honggfuzz.cov deleted file mode 100644 index ddefd6c7..00000000 Binary files a/examples/bind/corpus/467c5d7dc54cee73ddef31b34f521195.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/46d027a66a3a857bfa6c0a73db71c62d.00017c0f.honggfuzz.cov b/examples/bind/corpus/46d027a66a3a857bfa6c0a73db71c62d.00017c0f.honggfuzz.cov new file mode 100644 index 00000000..b8f722a6 Binary files /dev/null and b/examples/bind/corpus/46d027a66a3a857bfa6c0a73db71c62d.00017c0f.honggfuzz.cov differ diff --git a/examples/bind/corpus/46eec67b35edb0d17da0de9749fdcffc.00000e7e.honggfuzz.cov b/examples/bind/corpus/46eec67b35edb0d17da0de9749fdcffc.00000e7e.honggfuzz.cov new file mode 100644 index 00000000..49c377d8 Binary files /dev/null and b/examples/bind/corpus/46eec67b35edb0d17da0de9749fdcffc.00000e7e.honggfuzz.cov differ diff --git a/examples/bind/corpus/46ef9663dfb2b990f8a215279fb590e4.00000020.honggfuzz.cov b/examples/bind/corpus/46ef9663dfb2b990f8a215279fb590e4.00000020.honggfuzz.cov deleted file mode 100644 index b60e4da6..00000000 Binary files a/examples/bind/corpus/46ef9663dfb2b990f8a215279fb590e4.00000020.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/470e61d2a0cbebc3d178c2d1cfcbd00f.00002000.honggfuzz.cov b/examples/bind/corpus/470e61d2a0cbebc3d178c2d1cfcbd00f.00002000.honggfuzz.cov deleted file mode 100644 index 83e5a5af..00000000 Binary files a/examples/bind/corpus/470e61d2a0cbebc3d178c2d1cfcbd00f.00002000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/472a03aac0c1ebcac3089c8a1e3c49b8.0001fc7b.honggfuzz.cov b/examples/bind/corpus/472a03aac0c1ebcac3089c8a1e3c49b8.0001fc7b.honggfuzz.cov deleted file mode 100644 index 71968ec1..00000000 Binary files a/examples/bind/corpus/472a03aac0c1ebcac3089c8a1e3c49b8.0001fc7b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4754625f11431eebd738044a3900538d.00016ced.honggfuzz.cov b/examples/bind/corpus/4754625f11431eebd738044a3900538d.00016ced.honggfuzz.cov deleted file mode 100644 index 5c143fb7..00000000 Binary files a/examples/bind/corpus/4754625f11431eebd738044a3900538d.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4756e3dd43a50f992a241b15c10dcb03.0000e256.honggfuzz.cov b/examples/bind/corpus/4756e3dd43a50f992a241b15c10dcb03.0000e256.honggfuzz.cov new file mode 100644 index 00000000..dc47cee4 Binary files /dev/null and b/examples/bind/corpus/4756e3dd43a50f992a241b15c10dcb03.0000e256.honggfuzz.cov differ diff --git a/examples/bind/corpus/47779e926332df489da4108344370ce6.000038aa.honggfuzz.cov b/examples/bind/corpus/47779e926332df489da4108344370ce6.000038aa.honggfuzz.cov new file mode 100644 index 00000000..5dad29da Binary files /dev/null and b/examples/bind/corpus/47779e926332df489da4108344370ce6.000038aa.honggfuzz.cov differ diff --git a/examples/bind/corpus/4780a0a6b40f2746bb4280dd54f7582b.00000a0b.honggfuzz.cov b/examples/bind/corpus/4780a0a6b40f2746bb4280dd54f7582b.00000a0b.honggfuzz.cov new file mode 100644 index 00000000..558cccd0 Binary files /dev/null and b/examples/bind/corpus/4780a0a6b40f2746bb4280dd54f7582b.00000a0b.honggfuzz.cov differ diff --git a/examples/bind/corpus/47824a167d3083cd124440c3aad9587b.00000037.honggfuzz.cov b/examples/bind/corpus/47824a167d3083cd124440c3aad9587b.00000037.honggfuzz.cov deleted file mode 100644 index c8519668..00000000 Binary files a/examples/bind/corpus/47824a167d3083cd124440c3aad9587b.00000037.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/47be9c6d7ccf5f3c439ca10ead919a37.00002000.honggfuzz.cov b/examples/bind/corpus/47be9c6d7ccf5f3c439ca10ead919a37.00002000.honggfuzz.cov new file mode 100644 index 00000000..e17d1371 Binary files /dev/null and b/examples/bind/corpus/47be9c6d7ccf5f3c439ca10ead919a37.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/47ffb2cca30644de3c657a98efa5e4fc.00000085.honggfuzz.cov b/examples/bind/corpus/47ffb2cca30644de3c657a98efa5e4fc.00000085.honggfuzz.cov deleted file mode 100644 index ffbc38ea..00000000 Binary files a/examples/bind/corpus/47ffb2cca30644de3c657a98efa5e4fc.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/480ae94e5e4794e6364a4035347b0122.00000933.honggfuzz.cov b/examples/bind/corpus/480ae94e5e4794e6364a4035347b0122.00000933.honggfuzz.cov new file mode 100644 index 00000000..3665b3c6 Binary files /dev/null and b/examples/bind/corpus/480ae94e5e4794e6364a4035347b0122.00000933.honggfuzz.cov differ diff --git a/examples/bind/corpus/4816569898dabe2e83a33bd5b6548192.00000040.honggfuzz.cov b/examples/bind/corpus/4816569898dabe2e83a33bd5b6548192.00000040.honggfuzz.cov new file mode 100644 index 00000000..b6116972 Binary files /dev/null and b/examples/bind/corpus/4816569898dabe2e83a33bd5b6548192.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/48182846333f0830e948eb5b8ea43262.00000085.honggfuzz.cov b/examples/bind/corpus/48182846333f0830e948eb5b8ea43262.00000085.honggfuzz.cov new file mode 100644 index 00000000..ea371233 Binary files /dev/null and b/examples/bind/corpus/48182846333f0830e948eb5b8ea43262.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/4825914b898b60eb2086dad4ac92cfc1.000001a5.honggfuzz.cov b/examples/bind/corpus/4825914b898b60eb2086dad4ac92cfc1.000001a5.honggfuzz.cov new file mode 100644 index 00000000..b3cb7516 Binary files /dev/null and b/examples/bind/corpus/4825914b898b60eb2086dad4ac92cfc1.000001a5.honggfuzz.cov differ diff --git a/examples/bind/corpus/4826f1ac3739be49b4c4ee8b16e61d18.00000085.honggfuzz.cov b/examples/bind/corpus/4826f1ac3739be49b4c4ee8b16e61d18.00000085.honggfuzz.cov deleted file mode 100644 index 1f756b8e..00000000 Binary files a/examples/bind/corpus/4826f1ac3739be49b4c4ee8b16e61d18.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/486f5ebea6178f4a926ec6b36ec92615.0000002d.honggfuzz.cov b/examples/bind/corpus/486f5ebea6178f4a926ec6b36ec92615.0000002d.honggfuzz.cov deleted file mode 100644 index 106c9e81..00000000 Binary files a/examples/bind/corpus/486f5ebea6178f4a926ec6b36ec92615.0000002d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4870765eab9007d630e3b41071633424.0000007d.honggfuzz.cov b/examples/bind/corpus/4870765eab9007d630e3b41071633424.0000007d.honggfuzz.cov new file mode 100644 index 00000000..10a97edd Binary files /dev/null and b/examples/bind/corpus/4870765eab9007d630e3b41071633424.0000007d.honggfuzz.cov differ diff --git a/examples/bind/corpus/487430a3dc9aa4b22d9ff9123e8f83f2.000008ec.honggfuzz.cov b/examples/bind/corpus/487430a3dc9aa4b22d9ff9123e8f83f2.000008ec.honggfuzz.cov deleted file mode 100644 index 2ddeba29..00000000 Binary files a/examples/bind/corpus/487430a3dc9aa4b22d9ff9123e8f83f2.000008ec.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/489073a8821fe384b116c441c4d66b34.00012033.honggfuzz.cov b/examples/bind/corpus/489073a8821fe384b116c441c4d66b34.00012033.honggfuzz.cov new file mode 100644 index 00000000..5272a00a Binary files /dev/null and b/examples/bind/corpus/489073a8821fe384b116c441c4d66b34.00012033.honggfuzz.cov differ diff --git a/examples/bind/corpus/48a5746dbb2e2bfa2480a404685ff0da.00000085.honggfuzz.cov b/examples/bind/corpus/48a5746dbb2e2bfa2480a404685ff0da.00000085.honggfuzz.cov deleted file mode 100644 index 873b4ec2..00000000 Binary files a/examples/bind/corpus/48a5746dbb2e2bfa2480a404685ff0da.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/48ae880aa7dffb1e44b32e23dccf5fa6.000000a4.honggfuzz.cov b/examples/bind/corpus/48ae880aa7dffb1e44b32e23dccf5fa6.000000a4.honggfuzz.cov new file mode 100644 index 00000000..aa703618 Binary files /dev/null and b/examples/bind/corpus/48ae880aa7dffb1e44b32e23dccf5fa6.000000a4.honggfuzz.cov differ diff --git a/examples/bind/corpus/48cdba6dea19b8aad72042ccf4888a6f.00000085.honggfuzz.cov b/examples/bind/corpus/48cdba6dea19b8aad72042ccf4888a6f.00000085.honggfuzz.cov deleted file mode 100644 index d4d1f52d..00000000 Binary files a/examples/bind/corpus/48cdba6dea19b8aad72042ccf4888a6f.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/48e4d1269171afcf3b0f32b90dab3efd.0001f7e8.honggfuzz.cov b/examples/bind/corpus/48e4d1269171afcf3b0f32b90dab3efd.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..25b9fd5e Binary files /dev/null and b/examples/bind/corpus/48e4d1269171afcf3b0f32b90dab3efd.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/48ea4d0b97b17228cbcd63d68b8d4edf.00007b50.honggfuzz.cov b/examples/bind/corpus/48ea4d0b97b17228cbcd63d68b8d4edf.00007b50.honggfuzz.cov deleted file mode 100644 index 5a751633..00000000 Binary files a/examples/bind/corpus/48ea4d0b97b17228cbcd63d68b8d4edf.00007b50.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/48fdd4589610c9970e468cfa912f7df3.00000b1e.honggfuzz.cov b/examples/bind/corpus/48fdd4589610c9970e468cfa912f7df3.00000b1e.honggfuzz.cov deleted file mode 100644 index 727e2bce..00000000 Binary files a/examples/bind/corpus/48fdd4589610c9970e468cfa912f7df3.00000b1e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/490983350ef88a6bedbc688b0110bc79.00000085.honggfuzz.cov b/examples/bind/corpus/490983350ef88a6bedbc688b0110bc79.00000085.honggfuzz.cov deleted file mode 100644 index a80d5e4b..00000000 Binary files a/examples/bind/corpus/490983350ef88a6bedbc688b0110bc79.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/490c1683ae8ea879a6a9246cb282f5e4.00000181.honggfuzz.cov b/examples/bind/corpus/490c1683ae8ea879a6a9246cb282f5e4.00000181.honggfuzz.cov deleted file mode 100644 index 935d4f46..00000000 Binary files a/examples/bind/corpus/490c1683ae8ea879a6a9246cb282f5e4.00000181.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/491c1a758429b4cf335f14a0d2265af7.000000f9.honggfuzz.cov b/examples/bind/corpus/491c1a758429b4cf335f14a0d2265af7.000000f9.honggfuzz.cov deleted file mode 100644 index a3bc2e00..00000000 Binary files a/examples/bind/corpus/491c1a758429b4cf335f14a0d2265af7.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4924300c4c7751b9aed67bad09fc84f8.00000f21.honggfuzz.cov b/examples/bind/corpus/4924300c4c7751b9aed67bad09fc84f8.00000f21.honggfuzz.cov deleted file mode 100644 index ea6da7ff..00000000 Binary files a/examples/bind/corpus/4924300c4c7751b9aed67bad09fc84f8.00000f21.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/492ff64bed44217c07524c39b10a9fd3.00000e0d.honggfuzz.cov b/examples/bind/corpus/492ff64bed44217c07524c39b10a9fd3.00000e0d.honggfuzz.cov new file mode 100644 index 00000000..b7c8959f Binary files /dev/null and b/examples/bind/corpus/492ff64bed44217c07524c39b10a9fd3.00000e0d.honggfuzz.cov differ diff --git a/examples/bind/corpus/494313cf14108bb66997ad1bcaa0d6ac.00000033.honggfuzz.cov b/examples/bind/corpus/494313cf14108bb66997ad1bcaa0d6ac.00000033.honggfuzz.cov new file mode 100644 index 00000000..dcdc7d8e Binary files /dev/null and b/examples/bind/corpus/494313cf14108bb66997ad1bcaa0d6ac.00000033.honggfuzz.cov differ diff --git a/examples/bind/corpus/49504d40000000003d30392000000000.00000003.honggfuzz.cov b/examples/bind/corpus/49504d40000000003d30392000000000.00000003.honggfuzz.cov new file mode 100644 index 00000000..dbba767d --- /dev/null +++ b/examples/bind/corpus/49504d40000000003d30392000000000.00000003.honggfuzz.cov @@ -0,0 +1 @@ +,U~ \ No newline at end of file diff --git a/examples/bind/corpus/49531e33f415641a351c13d827fee270.000097c6.honggfuzz.cov b/examples/bind/corpus/49531e33f415641a351c13d827fee270.000097c6.honggfuzz.cov deleted file mode 100644 index 924e4a17..00000000 Binary files a/examples/bind/corpus/49531e33f415641a351c13d827fee270.000097c6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/497136b0b27e0e9d49b728b80c7b99ea.00000400.honggfuzz.cov b/examples/bind/corpus/497136b0b27e0e9d49b728b80c7b99ea.00000400.honggfuzz.cov deleted file mode 100644 index f01fc7c1..00000000 Binary files a/examples/bind/corpus/497136b0b27e0e9d49b728b80c7b99ea.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/498126255732a853f7ea9ba21b3e77c9.0000004c.honggfuzz.cov b/examples/bind/corpus/498126255732a853f7ea9ba21b3e77c9.0000004c.honggfuzz.cov deleted file mode 100644 index 9f4d4a67..00000000 Binary files a/examples/bind/corpus/498126255732a853f7ea9ba21b3e77c9.0000004c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/49c50943aa1a16b297bdcffd8b23123e.00000085.honggfuzz.cov b/examples/bind/corpus/49c50943aa1a16b297bdcffd8b23123e.00000085.honggfuzz.cov deleted file mode 100644 index 46df8d75..00000000 Binary files a/examples/bind/corpus/49c50943aa1a16b297bdcffd8b23123e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/49cb971984f61582a8184132586ca2ad.000000f7.honggfuzz.cov b/examples/bind/corpus/49cb971984f61582a8184132586ca2ad.000000f7.honggfuzz.cov new file mode 100644 index 00000000..c0890d05 Binary files /dev/null and b/examples/bind/corpus/49cb971984f61582a8184132586ca2ad.000000f7.honggfuzz.cov differ diff --git a/examples/bind/corpus/49ce6a4a1c80e3877ff421bfa6d45d5a.00000077.honggfuzz.cov b/examples/bind/corpus/49ce6a4a1c80e3877ff421bfa6d45d5a.00000077.honggfuzz.cov deleted file mode 100644 index 26654ce8..00000000 Binary files a/examples/bind/corpus/49ce6a4a1c80e3877ff421bfa6d45d5a.00000077.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/49da197b868320aa7260a160a0168316.00000038.honggfuzz.cov b/examples/bind/corpus/49da197b868320aa7260a160a0168316.00000038.honggfuzz.cov new file mode 100644 index 00000000..dbd81754 Binary files /dev/null and b/examples/bind/corpus/49da197b868320aa7260a160a0168316.00000038.honggfuzz.cov differ diff --git a/examples/bind/corpus/49f06c13e693a46b06f540eeda37c210.000001c9.honggfuzz.cov b/examples/bind/corpus/49f06c13e693a46b06f540eeda37c210.000001c9.honggfuzz.cov deleted file mode 100644 index 975262f4..00000000 Binary files a/examples/bind/corpus/49f06c13e693a46b06f540eeda37c210.000001c9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/49f26f607004bd0323131c0a991f27f1.00000e06.honggfuzz.cov b/examples/bind/corpus/49f26f607004bd0323131c0a991f27f1.00000e06.honggfuzz.cov deleted file mode 100644 index 9937fac7..00000000 Binary files a/examples/bind/corpus/49f26f607004bd0323131c0a991f27f1.00000e06.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/49fd7125ce16f5c8057f2ca094c9f14f.0000679d.honggfuzz.cov b/examples/bind/corpus/49fd7125ce16f5c8057f2ca094c9f14f.0000679d.honggfuzz.cov deleted file mode 100644 index 0516ffd8..00000000 Binary files a/examples/bind/corpus/49fd7125ce16f5c8057f2ca094c9f14f.0000679d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4a2f276f74fad8f572846b45fae52f7b.0000007d.honggfuzz.cov b/examples/bind/corpus/4a2f276f74fad8f572846b45fae52f7b.0000007d.honggfuzz.cov new file mode 100644 index 00000000..46ee644e Binary files /dev/null and b/examples/bind/corpus/4a2f276f74fad8f572846b45fae52f7b.0000007d.honggfuzz.cov differ diff --git a/examples/bind/corpus/4a7770c21396a9faba2aae1aa1a5a5de.00000400.honggfuzz.cov b/examples/bind/corpus/4a7770c21396a9faba2aae1aa1a5a5de.00000400.honggfuzz.cov deleted file mode 100644 index bc02642e..00000000 Binary files a/examples/bind/corpus/4a7770c21396a9faba2aae1aa1a5a5de.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4a835a909a0a76f75c80fd148740981a.000000be.honggfuzz.cov b/examples/bind/corpus/4a835a909a0a76f75c80fd148740981a.000000be.honggfuzz.cov deleted file mode 100644 index f4d78bd2..00000000 Binary files a/examples/bind/corpus/4a835a909a0a76f75c80fd148740981a.000000be.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4a88965fed41471e7ab3ec991a48a713.00012fa2.honggfuzz.cov b/examples/bind/corpus/4a88965fed41471e7ab3ec991a48a713.00012fa2.honggfuzz.cov deleted file mode 100644 index f903fd64..00000000 Binary files a/examples/bind/corpus/4a88965fed41471e7ab3ec991a48a713.00012fa2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4a91defefdd77c805a05e898aefdd08b.000070c6.honggfuzz.cov b/examples/bind/corpus/4a91defefdd77c805a05e898aefdd08b.000070c6.honggfuzz.cov deleted file mode 100644 index 5cc50745..00000000 Binary files a/examples/bind/corpus/4a91defefdd77c805a05e898aefdd08b.000070c6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4a9317e05af93bf973ccf5c0ecfd834b.00000085.honggfuzz.cov b/examples/bind/corpus/4a9317e05af93bf973ccf5c0ecfd834b.00000085.honggfuzz.cov deleted file mode 100644 index 9696447c..00000000 Binary files a/examples/bind/corpus/4a9317e05af93bf973ccf5c0ecfd834b.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4ab4110beab5caae5d12c2f3b4501a45.0000010f.honggfuzz.cov b/examples/bind/corpus/4ab4110beab5caae5d12c2f3b4501a45.0000010f.honggfuzz.cov new file mode 100644 index 00000000..d01e0f0a Binary files /dev/null and b/examples/bind/corpus/4ab4110beab5caae5d12c2f3b4501a45.0000010f.honggfuzz.cov differ diff --git a/examples/bind/corpus/4af2944618b8af759de4cbade7cd6147.00000085.honggfuzz.cov b/examples/bind/corpus/4af2944618b8af759de4cbade7cd6147.00000085.honggfuzz.cov deleted file mode 100644 index a2a2c955..00000000 Binary files a/examples/bind/corpus/4af2944618b8af759de4cbade7cd6147.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4b225b8449c3063bfde7b8630a2aa021.000000b2.honggfuzz.cov b/examples/bind/corpus/4b225b8449c3063bfde7b8630a2aa021.000000b2.honggfuzz.cov deleted file mode 100644 index f0d10c47..00000000 Binary files a/examples/bind/corpus/4b225b8449c3063bfde7b8630a2aa021.000000b2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4b352746a05782e0fb254325a2b7717b.0000004b.honggfuzz.cov b/examples/bind/corpus/4b352746a05782e0fb254325a2b7717b.0000004b.honggfuzz.cov new file mode 100644 index 00000000..42621db6 Binary files /dev/null and b/examples/bind/corpus/4b352746a05782e0fb254325a2b7717b.0000004b.honggfuzz.cov differ diff --git a/examples/bind/corpus/4b4d86f9c8aa90796f11da02aee15578.00000085.honggfuzz.cov b/examples/bind/corpus/4b4d86f9c8aa90796f11da02aee15578.00000085.honggfuzz.cov new file mode 100644 index 00000000..db3437e8 Binary files /dev/null and b/examples/bind/corpus/4b4d86f9c8aa90796f11da02aee15578.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/4b5434acd747ff1fdfef1232d2eea64c.00000085.honggfuzz.cov b/examples/bind/corpus/4b5434acd747ff1fdfef1232d2eea64c.00000085.honggfuzz.cov new file mode 100644 index 00000000..f90bbae0 Binary files /dev/null and b/examples/bind/corpus/4b5434acd747ff1fdfef1232d2eea64c.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/4b551eec50227ce38677382a0497d65b.00000085.honggfuzz.cov b/examples/bind/corpus/4b551eec50227ce38677382a0497d65b.00000085.honggfuzz.cov deleted file mode 100644 index b74460b4..00000000 Binary files a/examples/bind/corpus/4b551eec50227ce38677382a0497d65b.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4b911dd92ca7c0988d4fed2ab9970df3.00000085.honggfuzz.cov b/examples/bind/corpus/4b911dd92ca7c0988d4fed2ab9970df3.00000085.honggfuzz.cov deleted file mode 100644 index 87703145..00000000 Binary files a/examples/bind/corpus/4b911dd92ca7c0988d4fed2ab9970df3.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4b91e16f03aa3031c6375d09c3089a34.000040c1.honggfuzz.cov b/examples/bind/corpus/4b91e16f03aa3031c6375d09c3089a34.000040c1.honggfuzz.cov deleted file mode 100644 index 6ae5f4c4..00000000 Binary files a/examples/bind/corpus/4b91e16f03aa3031c6375d09c3089a34.000040c1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4b95af899e2cc0ccafb5b4c849482d5e.00000400.honggfuzz.cov b/examples/bind/corpus/4b95af899e2cc0ccafb5b4c849482d5e.00000400.honggfuzz.cov new file mode 100644 index 00000000..467d210d Binary files /dev/null and b/examples/bind/corpus/4b95af899e2cc0ccafb5b4c849482d5e.00000400.honggfuzz.cov differ diff --git a/examples/bind/corpus/4ba5392885fe89d5b2f776fca1319a02.000000a6.honggfuzz.cov b/examples/bind/corpus/4ba5392885fe89d5b2f776fca1319a02.000000a6.honggfuzz.cov new file mode 100644 index 00000000..e3d29d4e Binary files /dev/null and b/examples/bind/corpus/4ba5392885fe89d5b2f776fca1319a02.000000a6.honggfuzz.cov differ diff --git a/examples/bind/corpus/4bb7f6a189fecb553bd3ae6f52e771f3.0000006c.honggfuzz.cov b/examples/bind/corpus/4bb7f6a189fecb553bd3ae6f52e771f3.0000006c.honggfuzz.cov new file mode 100644 index 00000000..b423d364 Binary files /dev/null and b/examples/bind/corpus/4bb7f6a189fecb553bd3ae6f52e771f3.0000006c.honggfuzz.cov differ diff --git a/examples/bind/corpus/4bc542c71a869445efc0e41dd835f576.00000085.honggfuzz.cov b/examples/bind/corpus/4bc542c71a869445efc0e41dd835f576.00000085.honggfuzz.cov deleted file mode 100644 index a9212192..00000000 Binary files a/examples/bind/corpus/4bc542c71a869445efc0e41dd835f576.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4bc639919146d871aed8915c2a6e1fcc.00000035.honggfuzz.cov b/examples/bind/corpus/4bc639919146d871aed8915c2a6e1fcc.00000035.honggfuzz.cov new file mode 100644 index 00000000..f507482e Binary files /dev/null and b/examples/bind/corpus/4bc639919146d871aed8915c2a6e1fcc.00000035.honggfuzz.cov differ diff --git a/examples/bind/corpus/4be6c077ffbd84d5d2a03d93642b67f1.0000091d.honggfuzz.cov b/examples/bind/corpus/4be6c077ffbd84d5d2a03d93642b67f1.0000091d.honggfuzz.cov new file mode 100644 index 00000000..2c296b3e Binary files /dev/null and b/examples/bind/corpus/4be6c077ffbd84d5d2a03d93642b67f1.0000091d.honggfuzz.cov differ diff --git a/examples/bind/corpus/4bffec7824a7171206d83d1b2fd5143a.00000171.honggfuzz.cov b/examples/bind/corpus/4bffec7824a7171206d83d1b2fd5143a.00000171.honggfuzz.cov deleted file mode 100644 index 3249e9a9..00000000 Binary files a/examples/bind/corpus/4bffec7824a7171206d83d1b2fd5143a.00000171.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4c2587ba9ee089d34fa4e72e44da9737.0000003e.honggfuzz.cov b/examples/bind/corpus/4c2587ba9ee089d34fa4e72e44da9737.0000003e.honggfuzz.cov deleted file mode 100644 index 12bbaabf..00000000 Binary files a/examples/bind/corpus/4c2587ba9ee089d34fa4e72e44da9737.0000003e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4c385a963583c69e3f949f3d0c0bd8f0.00000085.honggfuzz.cov b/examples/bind/corpus/4c385a963583c69e3f949f3d0c0bd8f0.00000085.honggfuzz.cov deleted file mode 100644 index 11fc4be5..00000000 Binary files a/examples/bind/corpus/4c385a963583c69e3f949f3d0c0bd8f0.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4c78956dd9dba35dbe5bdeb8cfd07d73.0001f7e8.honggfuzz.cov b/examples/bind/corpus/4c78956dd9dba35dbe5bdeb8cfd07d73.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..a396f39a Binary files /dev/null and b/examples/bind/corpus/4c78956dd9dba35dbe5bdeb8cfd07d73.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/4c9b45cc4e311814a0417093c4587097.000001b5.honggfuzz.cov b/examples/bind/corpus/4c9b45cc4e311814a0417093c4587097.000001b5.honggfuzz.cov new file mode 100644 index 00000000..943235ac Binary files /dev/null and b/examples/bind/corpus/4c9b45cc4e311814a0417093c4587097.000001b5.honggfuzz.cov differ diff --git a/examples/bind/corpus/4c9f000b591c7eb418fdb0fdecb0dc2b.0000053d.honggfuzz.cov b/examples/bind/corpus/4c9f000b591c7eb418fdb0fdecb0dc2b.0000053d.honggfuzz.cov new file mode 100644 index 00000000..f08d89bf Binary files /dev/null and b/examples/bind/corpus/4c9f000b591c7eb418fdb0fdecb0dc2b.0000053d.honggfuzz.cov differ diff --git a/examples/bind/corpus/4cb3009f0f54e20958399ffd02b832d2.000037a0.honggfuzz.cov b/examples/bind/corpus/4cb3009f0f54e20958399ffd02b832d2.000037a0.honggfuzz.cov new file mode 100644 index 00000000..f2863d25 Binary files /dev/null and b/examples/bind/corpus/4cb3009f0f54e20958399ffd02b832d2.000037a0.honggfuzz.cov differ diff --git a/examples/bind/corpus/4cbea8fd618e9e2ee35f54ba3fca2223.0001f8de.honggfuzz.cov b/examples/bind/corpus/4cbea8fd618e9e2ee35f54ba3fca2223.0001f8de.honggfuzz.cov deleted file mode 100644 index 1ac404be..00000000 Binary files a/examples/bind/corpus/4cbea8fd618e9e2ee35f54ba3fca2223.0001f8de.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4cd5cd371d7e86766fe0297647899790.00000085.honggfuzz.cov b/examples/bind/corpus/4cd5cd371d7e86766fe0297647899790.00000085.honggfuzz.cov deleted file mode 100644 index c1cca686..00000000 Binary files a/examples/bind/corpus/4cd5cd371d7e86766fe0297647899790.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4cf4580680b895b309d027b24d603546.000001c6.honggfuzz.cov b/examples/bind/corpus/4cf4580680b895b309d027b24d603546.000001c6.honggfuzz.cov deleted file mode 100644 index f87000a5..00000000 Binary files a/examples/bind/corpus/4cf4580680b895b309d027b24d603546.000001c6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4d2b493d38669b3d389d5270b9344792.0001859c.honggfuzz.cov b/examples/bind/corpus/4d2b493d38669b3d389d5270b9344792.0001859c.honggfuzz.cov deleted file mode 100644 index 1490e82b..00000000 Binary files a/examples/bind/corpus/4d2b493d38669b3d389d5270b9344792.0001859c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4d4650143a3b41bbb05f7106da372ecc.00000085.honggfuzz.cov b/examples/bind/corpus/4d4650143a3b41bbb05f7106da372ecc.00000085.honggfuzz.cov new file mode 100644 index 00000000..97ec1b5d Binary files /dev/null and b/examples/bind/corpus/4d4650143a3b41bbb05f7106da372ecc.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/4d4ea4ab1f6447f303b61215072be5b5.00000126.honggfuzz.cov b/examples/bind/corpus/4d4ea4ab1f6447f303b61215072be5b5.00000126.honggfuzz.cov deleted file mode 100644 index 9b974dcf..00000000 Binary files a/examples/bind/corpus/4d4ea4ab1f6447f303b61215072be5b5.00000126.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4d4fe1ab1f6447f3034c4db0076ab1a0.00000126.honggfuzz.cov b/examples/bind/corpus/4d4fe1ab1f6447f3034c4db0076ab1a0.00000126.honggfuzz.cov new file mode 100644 index 00000000..702fd1e3 Binary files /dev/null and b/examples/bind/corpus/4d4fe1ab1f6447f3034c4db0076ab1a0.00000126.honggfuzz.cov differ diff --git a/examples/bind/corpus/4d53a173599108ac23ed5eda7f947ef1.0000fb97.honggfuzz.cov b/examples/bind/corpus/4d53a173599108ac23ed5eda7f947ef1.0000fb97.honggfuzz.cov new file mode 100644 index 00000000..b31d0d97 Binary files /dev/null and b/examples/bind/corpus/4d53a173599108ac23ed5eda7f947ef1.0000fb97.honggfuzz.cov differ diff --git a/examples/bind/corpus/4d762135a3ea1c7e19581a57b6ced7d6.000147bf.honggfuzz.cov b/examples/bind/corpus/4d762135a3ea1c7e19581a57b6ced7d6.000147bf.honggfuzz.cov deleted file mode 100644 index 3bfa9a2d..00000000 Binary files a/examples/bind/corpus/4d762135a3ea1c7e19581a57b6ced7d6.000147bf.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4d92beedcaf6c07461f99fb9b85824c8.00000400.honggfuzz.cov b/examples/bind/corpus/4d92beedcaf6c07461f99fb9b85824c8.00000400.honggfuzz.cov new file mode 100644 index 00000000..f2c4a54e Binary files /dev/null and b/examples/bind/corpus/4d92beedcaf6c07461f99fb9b85824c8.00000400.honggfuzz.cov differ diff --git a/examples/bind/corpus/4dc4669ff5409960ce6cdf1fff994817.0000003e.honggfuzz.cov b/examples/bind/corpus/4dc4669ff5409960ce6cdf1fff994817.0000003e.honggfuzz.cov new file mode 100644 index 00000000..50d6ba3c Binary files /dev/null and b/examples/bind/corpus/4dc4669ff5409960ce6cdf1fff994817.0000003e.honggfuzz.cov differ diff --git a/examples/bind/corpus/4deebf2e01bba341e9704b7c58475edc.0000025c.honggfuzz.cov b/examples/bind/corpus/4deebf2e01bba341e9704b7c58475edc.0000025c.honggfuzz.cov new file mode 100644 index 00000000..dae73c77 Binary files /dev/null and b/examples/bind/corpus/4deebf2e01bba341e9704b7c58475edc.0000025c.honggfuzz.cov differ diff --git a/examples/bind/corpus/4e463e22b6eed86e37ad37e7c89b1993.00000085.honggfuzz.cov b/examples/bind/corpus/4e463e22b6eed86e37ad37e7c89b1993.00000085.honggfuzz.cov deleted file mode 100644 index 8f258e13..00000000 Binary files a/examples/bind/corpus/4e463e22b6eed86e37ad37e7c89b1993.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4e477e30994435752377a5e45fa0f5d1.000000a4.honggfuzz.cov b/examples/bind/corpus/4e477e30994435752377a5e45fa0f5d1.000000a4.honggfuzz.cov deleted file mode 100644 index a26a4aab..00000000 Binary files a/examples/bind/corpus/4e477e30994435752377a5e45fa0f5d1.000000a4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4e8623861177db48f6d3be5ca903d282.000000ac.honggfuzz.cov b/examples/bind/corpus/4e8623861177db48f6d3be5ca903d282.000000ac.honggfuzz.cov deleted file mode 100644 index 32e8e634..00000000 Binary files a/examples/bind/corpus/4e8623861177db48f6d3be5ca903d282.000000ac.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4e8f023adfd6883d9b9062ab65e0dcc6.00002757.honggfuzz.cov b/examples/bind/corpus/4e8f023adfd6883d9b9062ab65e0dcc6.00002757.honggfuzz.cov deleted file mode 100644 index 0d16e5dc..00000000 Binary files a/examples/bind/corpus/4e8f023adfd6883d9b9062ab65e0dcc6.00002757.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4eadda47780298e50237e146ce8062d5.00001552.honggfuzz.cov b/examples/bind/corpus/4eadda47780298e50237e146ce8062d5.00001552.honggfuzz.cov new file mode 100644 index 00000000..47d1e83d Binary files /dev/null and b/examples/bind/corpus/4eadda47780298e50237e146ce8062d5.00001552.honggfuzz.cov differ diff --git a/examples/bind/corpus/4eccfaa91257425b9261b98ca201a294.00000057.honggfuzz.cov b/examples/bind/corpus/4eccfaa91257425b9261b98ca201a294.00000057.honggfuzz.cov deleted file mode 100644 index a6b604a4..00000000 Binary files a/examples/bind/corpus/4eccfaa91257425b9261b98ca201a294.00000057.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4efa0caf29d5a55a08cd465bfe611b31.00000288.honggfuzz.cov b/examples/bind/corpus/4efa0caf29d5a55a08cd465bfe611b31.00000288.honggfuzz.cov deleted file mode 100644 index e51935a4..00000000 Binary files a/examples/bind/corpus/4efa0caf29d5a55a08cd465bfe611b31.00000288.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4f145892841884772605eff5aad27d28.00000400.honggfuzz.cov b/examples/bind/corpus/4f145892841884772605eff5aad27d28.00000400.honggfuzz.cov deleted file mode 100644 index 6953d3ec..00000000 Binary files a/examples/bind/corpus/4f145892841884772605eff5aad27d28.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4f1cd62dec17ce4d58ef952bbbfc146a.00000098.honggfuzz.cov b/examples/bind/corpus/4f1cd62dec17ce4d58ef952bbbfc146a.00000098.honggfuzz.cov deleted file mode 100644 index 9469a7cf..00000000 Binary files a/examples/bind/corpus/4f1cd62dec17ce4d58ef952bbbfc146a.00000098.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4f2adc9ca346cb9593dfeb80ed41b54c.000105b8.honggfuzz.cov b/examples/bind/corpus/4f2adc9ca346cb9593dfeb80ed41b54c.000105b8.honggfuzz.cov new file mode 100644 index 00000000..5670a276 Binary files /dev/null and b/examples/bind/corpus/4f2adc9ca346cb9593dfeb80ed41b54c.000105b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/4f4396a3a70a782efdf5de0cbdf81ccb.0000d0e4.honggfuzz.cov b/examples/bind/corpus/4f4396a3a70a782efdf5de0cbdf81ccb.0000d0e4.honggfuzz.cov deleted file mode 100644 index 6810d383..00000000 Binary files a/examples/bind/corpus/4f4396a3a70a782efdf5de0cbdf81ccb.0000d0e4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4f4d84c860227d84e8f4479042108a8e.00000085.honggfuzz.cov b/examples/bind/corpus/4f4d84c860227d84e8f4479042108a8e.00000085.honggfuzz.cov deleted file mode 100644 index e366d092..00000000 Binary files a/examples/bind/corpus/4f4d84c860227d84e8f4479042108a8e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4f5d742b7e602ddeb664db4eadbd67e0.0000008c.honggfuzz.cov b/examples/bind/corpus/4f5d742b7e602ddeb664db4eadbd67e0.0000008c.honggfuzz.cov deleted file mode 100644 index 71f9cd20..00000000 Binary files a/examples/bind/corpus/4f5d742b7e602ddeb664db4eadbd67e0.0000008c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4f636e71c9b4101de5d6c3c917c0f32c.0000121f.honggfuzz.cov b/examples/bind/corpus/4f636e71c9b4101de5d6c3c917c0f32c.0000121f.honggfuzz.cov new file mode 100644 index 00000000..a96b5b32 Binary files /dev/null and b/examples/bind/corpus/4f636e71c9b4101de5d6c3c917c0f32c.0000121f.honggfuzz.cov differ diff --git a/examples/bind/corpus/4fa29d70656e1147a6e5a7cc6131827b.00000124.honggfuzz.cov b/examples/bind/corpus/4fa29d70656e1147a6e5a7cc6131827b.00000124.honggfuzz.cov new file mode 100644 index 00000000..30bd9574 Binary files /dev/null and b/examples/bind/corpus/4fa29d70656e1147a6e5a7cc6131827b.00000124.honggfuzz.cov differ diff --git a/examples/bind/corpus/4fb0d321931337cbbadea3536ff102c1.0000b9cb.honggfuzz.cov b/examples/bind/corpus/4fb0d321931337cbbadea3536ff102c1.0000b9cb.honggfuzz.cov new file mode 100644 index 00000000..5addba66 Binary files /dev/null and b/examples/bind/corpus/4fb0d321931337cbbadea3536ff102c1.0000b9cb.honggfuzz.cov differ diff --git a/examples/bind/corpus/4fb49c36421f5813183699282a053659.00000bb8.honggfuzz.cov b/examples/bind/corpus/4fb49c36421f5813183699282a053659.00000bb8.honggfuzz.cov new file mode 100644 index 00000000..60a2ecb5 Binary files /dev/null and b/examples/bind/corpus/4fb49c36421f5813183699282a053659.00000bb8.honggfuzz.cov differ diff --git a/examples/bind/corpus/4fbc8b29d981931978ef781acc2d2d00.000000a0.honggfuzz.cov b/examples/bind/corpus/4fbc8b29d981931978ef781acc2d2d00.000000a0.honggfuzz.cov new file mode 100644 index 00000000..5d0822c0 Binary files /dev/null and b/examples/bind/corpus/4fbc8b29d981931978ef781acc2d2d00.000000a0.honggfuzz.cov differ diff --git a/examples/bind/corpus/4fd3668bdd804e357c198bdcaaf167b8.000009de.honggfuzz.cov b/examples/bind/corpus/4fd3668bdd804e357c198bdcaaf167b8.000009de.honggfuzz.cov new file mode 100644 index 00000000..26789969 Binary files /dev/null and b/examples/bind/corpus/4fd3668bdd804e357c198bdcaaf167b8.000009de.honggfuzz.cov differ diff --git a/examples/bind/corpus/4fd4112c5afe26f494f0c2f770830a96.0001e290.honggfuzz.cov b/examples/bind/corpus/4fd4112c5afe26f494f0c2f770830a96.0001e290.honggfuzz.cov deleted file mode 100644 index a2cd020f..00000000 Binary files a/examples/bind/corpus/4fd4112c5afe26f494f0c2f770830a96.0001e290.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4fd58ac130ad5b64625d86df7fee5c2e.00000707.honggfuzz.cov b/examples/bind/corpus/4fd58ac130ad5b64625d86df7fee5c2e.00000707.honggfuzz.cov deleted file mode 100644 index a72926bb..00000000 Binary files a/examples/bind/corpus/4fd58ac130ad5b64625d86df7fee5c2e.00000707.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4fdf2d257363468eca0956b79e1c3529.0001f7e8.honggfuzz.cov b/examples/bind/corpus/4fdf2d257363468eca0956b79e1c3529.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..061d087c Binary files /dev/null and b/examples/bind/corpus/4fdf2d257363468eca0956b79e1c3529.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/4fe515caf8bbefce83d12b0882b45b86.00000085.honggfuzz.cov b/examples/bind/corpus/4fe515caf8bbefce83d12b0882b45b86.00000085.honggfuzz.cov deleted file mode 100644 index 93e4bc07..00000000 Binary files a/examples/bind/corpus/4fe515caf8bbefce83d12b0882b45b86.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/4ff1922109720b07aff98fad02309227.000005f4.honggfuzz.cov b/examples/bind/corpus/4ff1922109720b07aff98fad02309227.000005f4.honggfuzz.cov new file mode 100644 index 00000000..f323a877 Binary files /dev/null and b/examples/bind/corpus/4ff1922109720b07aff98fad02309227.000005f4.honggfuzz.cov differ diff --git a/examples/bind/corpus/50223cbafee5e7ad7771a238f2b59628.00000200.honggfuzz.cov b/examples/bind/corpus/50223cbafee5e7ad7771a238f2b59628.00000200.honggfuzz.cov new file mode 100644 index 00000000..9d28f59f Binary files /dev/null and b/examples/bind/corpus/50223cbafee5e7ad7771a238f2b59628.00000200.honggfuzz.cov differ diff --git a/examples/bind/corpus/5029ff5416de115655f27e105a21cc91.0000001d.honggfuzz.cov b/examples/bind/corpus/5029ff5416de115655f27e105a21cc91.0000001d.honggfuzz.cov deleted file mode 100644 index e955aac4..00000000 Binary files a/examples/bind/corpus/5029ff5416de115655f27e105a21cc91.0000001d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/50504d222f99c136bad64a58cd1729f6.00000085.honggfuzz.cov b/examples/bind/corpus/50504d222f99c136bad64a58cd1729f6.00000085.honggfuzz.cov deleted file mode 100644 index 3b83f95a..00000000 Binary files a/examples/bind/corpus/50504d222f99c136bad64a58cd1729f6.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/508141461e4109be73680caef108c964.0000006c.honggfuzz.cov b/examples/bind/corpus/508141461e4109be73680caef108c964.0000006c.honggfuzz.cov deleted file mode 100644 index 0ba903cc..00000000 Binary files a/examples/bind/corpus/508141461e4109be73680caef108c964.0000006c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/50dfe685a3b8705cb49eab08437ada37.0000c36b.honggfuzz.cov b/examples/bind/corpus/50dfe685a3b8705cb49eab08437ada37.0000c36b.honggfuzz.cov new file mode 100644 index 00000000..735ba82c Binary files /dev/null and b/examples/bind/corpus/50dfe685a3b8705cb49eab08437ada37.0000c36b.honggfuzz.cov differ diff --git a/examples/bind/corpus/50f3042f4cff78de22f9de76c1974529.000001cf.honggfuzz.cov b/examples/bind/corpus/50f3042f4cff78de22f9de76c1974529.000001cf.honggfuzz.cov deleted file mode 100644 index f0b92f48..00000000 Binary files a/examples/bind/corpus/50f3042f4cff78de22f9de76c1974529.000001cf.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/50f31b4883dca77a6d3cf1106226e6d2.00000085.honggfuzz.cov b/examples/bind/corpus/50f31b4883dca77a6d3cf1106226e6d2.00000085.honggfuzz.cov deleted file mode 100644 index 6cbf79d0..00000000 Binary files a/examples/bind/corpus/50f31b4883dca77a6d3cf1106226e6d2.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/510a00710e2261c7c814fc1c152c0f04.00001a80.honggfuzz.cov b/examples/bind/corpus/510a00710e2261c7c814fc1c152c0f04.00001a80.honggfuzz.cov deleted file mode 100644 index 25004016..00000000 Binary files a/examples/bind/corpus/510a00710e2261c7c814fc1c152c0f04.00001a80.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5137b33a5307b4e4bd91821fef3be762.000101d0.honggfuzz.cov b/examples/bind/corpus/5137b33a5307b4e4bd91821fef3be762.000101d0.honggfuzz.cov new file mode 100644 index 00000000..daf5782b Binary files /dev/null and b/examples/bind/corpus/5137b33a5307b4e4bd91821fef3be762.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/5138148f2ed4211fe06b51804006d537.000000eb.honggfuzz.cov b/examples/bind/corpus/5138148f2ed4211fe06b51804006d537.000000eb.honggfuzz.cov deleted file mode 100644 index 55a8adbc..00000000 Binary files a/examples/bind/corpus/5138148f2ed4211fe06b51804006d537.000000eb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/514510a96556932b0b8a1bfbe2ea8046.0001f060.honggfuzz.cov b/examples/bind/corpus/514510a96556932b0b8a1bfbe2ea8046.0001f060.honggfuzz.cov deleted file mode 100644 index 14801660..00000000 Binary files a/examples/bind/corpus/514510a96556932b0b8a1bfbe2ea8046.0001f060.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/514dd602a14c12fb335e6c14544e827c.000101d0.honggfuzz.cov b/examples/bind/corpus/514dd602a14c12fb335e6c14544e827c.000101d0.honggfuzz.cov new file mode 100644 index 00000000..7994fcbd Binary files /dev/null and b/examples/bind/corpus/514dd602a14c12fb335e6c14544e827c.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/51561c6842e200d74252f27d65823a9a.000000c6.honggfuzz.cov b/examples/bind/corpus/51561c6842e200d74252f27d65823a9a.000000c6.honggfuzz.cov deleted file mode 100644 index 000dfaee..00000000 Binary files a/examples/bind/corpus/51561c6842e200d74252f27d65823a9a.000000c6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/51561c6842e2d5574faf72a89802ef47.000000c6.honggfuzz.cov b/examples/bind/corpus/51561c6842e2d5574faf72a89802ef47.000000c6.honggfuzz.cov new file mode 100644 index 00000000..552a834d Binary files /dev/null and b/examples/bind/corpus/51561c6842e2d5574faf72a89802ef47.000000c6.honggfuzz.cov differ diff --git a/examples/bind/corpus/515c2116148214395aef5cd26b275a38.00000400.honggfuzz.cov b/examples/bind/corpus/515c2116148214395aef5cd26b275a38.00000400.honggfuzz.cov deleted file mode 100644 index 23885283..00000000 Binary files a/examples/bind/corpus/515c2116148214395aef5cd26b275a38.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5177437f04db80c2c5be9420082c51f2.0000009f.honggfuzz.cov b/examples/bind/corpus/5177437f04db80c2c5be9420082c51f2.0000009f.honggfuzz.cov deleted file mode 100644 index 4ca85042..00000000 Binary files a/examples/bind/corpus/5177437f04db80c2c5be9420082c51f2.0000009f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/51817a1c80176c19ec5ef3f39c15179d.00000085.honggfuzz.cov b/examples/bind/corpus/51817a1c80176c19ec5ef3f39c15179d.00000085.honggfuzz.cov deleted file mode 100644 index e7fbe0e5..00000000 Binary files a/examples/bind/corpus/51817a1c80176c19ec5ef3f39c15179d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5197e180871a2cd45d3d4b4f52d643cd.00000d69.honggfuzz.cov b/examples/bind/corpus/5197e180871a2cd45d3d4b4f52d643cd.00000d69.honggfuzz.cov new file mode 100644 index 00000000..1bf492a4 Binary files /dev/null and b/examples/bind/corpus/5197e180871a2cd45d3d4b4f52d643cd.00000d69.honggfuzz.cov differ diff --git a/examples/bind/corpus/51b0cdf06668240bef0921af0396c4a1.00000080.honggfuzz.cov b/examples/bind/corpus/51b0cdf06668240bef0921af0396c4a1.00000080.honggfuzz.cov new file mode 100644 index 00000000..a190e5ec Binary files /dev/null and b/examples/bind/corpus/51b0cdf06668240bef0921af0396c4a1.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/51b201ed4efc90058ebe8159a29c0cf9.0000008e.honggfuzz.cov b/examples/bind/corpus/51b201ed4efc90058ebe8159a29c0cf9.0000008e.honggfuzz.cov deleted file mode 100644 index 3d1060b3..00000000 Binary files a/examples/bind/corpus/51b201ed4efc90058ebe8159a29c0cf9.0000008e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/51bbf660eebcc44016515fcdf4bcbbba.00000581.honggfuzz.cov b/examples/bind/corpus/51bbf660eebcc44016515fcdf4bcbbba.00000581.honggfuzz.cov new file mode 100644 index 00000000..9524a934 Binary files /dev/null and b/examples/bind/corpus/51bbf660eebcc44016515fcdf4bcbbba.00000581.honggfuzz.cov differ diff --git a/examples/bind/corpus/51bc5f42e6579808f92310eb68eb87bc.000017ef.honggfuzz.cov b/examples/bind/corpus/51bc5f42e6579808f92310eb68eb87bc.000017ef.honggfuzz.cov deleted file mode 100644 index be037ffe..00000000 Binary files a/examples/bind/corpus/51bc5f42e6579808f92310eb68eb87bc.000017ef.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/51ddeb4d54d92414884917e1cc559a69.0000003d.honggfuzz.cov b/examples/bind/corpus/51ddeb4d54d92414884917e1cc559a69.0000003d.honggfuzz.cov deleted file mode 100644 index 17dea98e..00000000 Binary files a/examples/bind/corpus/51ddeb4d54d92414884917e1cc559a69.0000003d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/51df9950e4926e87bb4c877abca1abae.00000200.honggfuzz.cov b/examples/bind/corpus/51df9950e4926e87bb4c877abca1abae.00000200.honggfuzz.cov new file mode 100644 index 00000000..0589a38f Binary files /dev/null and b/examples/bind/corpus/51df9950e4926e87bb4c877abca1abae.00000200.honggfuzz.cov differ diff --git a/examples/bind/corpus/51eca51ce1af9329c34ce48d957204bc.000000f9.honggfuzz.cov b/examples/bind/corpus/51eca51ce1af9329c34ce48d957204bc.000000f9.honggfuzz.cov new file mode 100644 index 00000000..f4f7f8b3 Binary files /dev/null and b/examples/bind/corpus/51eca51ce1af9329c34ce48d957204bc.000000f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/520188aed921bbf4fd0caaf7393af7a9.00000308.honggfuzz.cov b/examples/bind/corpus/520188aed921bbf4fd0caaf7393af7a9.00000308.honggfuzz.cov deleted file mode 100644 index edebc7b6..00000000 Binary files a/examples/bind/corpus/520188aed921bbf4fd0caaf7393af7a9.00000308.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5225c6a16c332ab20db9a52838642ee0.0000cca1.honggfuzz.cov b/examples/bind/corpus/5225c6a16c332ab20db9a52838642ee0.0000cca1.honggfuzz.cov deleted file mode 100644 index ae688262..00000000 Binary files a/examples/bind/corpus/5225c6a16c332ab20db9a52838642ee0.0000cca1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/522fa9d78e00e6087effe2f35a366bdc.00000034.honggfuzz.cov b/examples/bind/corpus/522fa9d78e00e6087effe2f35a366bdc.00000034.honggfuzz.cov new file mode 100644 index 00000000..02c122f5 Binary files /dev/null and b/examples/bind/corpus/522fa9d78e00e6087effe2f35a366bdc.00000034.honggfuzz.cov differ diff --git a/examples/bind/corpus/523e562de9a53e0b5eec7294c64da728.00000c39.honggfuzz.cov b/examples/bind/corpus/523e562de9a53e0b5eec7294c64da728.00000c39.honggfuzz.cov new file mode 100644 index 00000000..98d34df4 Binary files /dev/null and b/examples/bind/corpus/523e562de9a53e0b5eec7294c64da728.00000c39.honggfuzz.cov differ diff --git a/examples/bind/corpus/5241657e5defd3b2305ca394c7b09ccf.00000453.honggfuzz.cov b/examples/bind/corpus/5241657e5defd3b2305ca394c7b09ccf.00000453.honggfuzz.cov new file mode 100644 index 00000000..ae7dc90b Binary files /dev/null and b/examples/bind/corpus/5241657e5defd3b2305ca394c7b09ccf.00000453.honggfuzz.cov differ diff --git a/examples/bind/corpus/525b7183cb6b9df4b5c07b087bb1e047.0000001d.honggfuzz.cov b/examples/bind/corpus/525b7183cb6b9df4b5c07b087bb1e047.0000001d.honggfuzz.cov deleted file mode 100644 index b00b7e0b..00000000 Binary files a/examples/bind/corpus/525b7183cb6b9df4b5c07b087bb1e047.0000001d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5265bc3daef02f9759d3dbfc535929e7.00018619.honggfuzz.cov b/examples/bind/corpus/5265bc3daef02f9759d3dbfc535929e7.00018619.honggfuzz.cov new file mode 100644 index 00000000..d49c2830 Binary files /dev/null and b/examples/bind/corpus/5265bc3daef02f9759d3dbfc535929e7.00018619.honggfuzz.cov differ diff --git a/examples/bind/corpus/526eb9bf195fc4780794fd724a066096.000002c8.honggfuzz.cov b/examples/bind/corpus/526eb9bf195fc4780794fd724a066096.000002c8.honggfuzz.cov new file mode 100644 index 00000000..26de1d2b Binary files /dev/null and b/examples/bind/corpus/526eb9bf195fc4780794fd724a066096.000002c8.honggfuzz.cov differ diff --git a/examples/bind/corpus/5273e7f922e59f319763072c1b1c697c.00002000.honggfuzz.cov b/examples/bind/corpus/5273e7f922e59f319763072c1b1c697c.00002000.honggfuzz.cov new file mode 100644 index 00000000..a59fde12 Binary files /dev/null and b/examples/bind/corpus/5273e7f922e59f319763072c1b1c697c.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/528773868e7ed53cf285366cec7196b1.00000085.honggfuzz.cov b/examples/bind/corpus/528773868e7ed53cf285366cec7196b1.00000085.honggfuzz.cov deleted file mode 100644 index c1df2cd1..00000000 Binary files a/examples/bind/corpus/528773868e7ed53cf285366cec7196b1.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/52a0b40f67913a8d94b570f40d0a3987.00000040.honggfuzz.cov b/examples/bind/corpus/52a0b40f67913a8d94b570f40d0a3987.00000040.honggfuzz.cov new file mode 100644 index 00000000..d4d23dc0 Binary files /dev/null and b/examples/bind/corpus/52a0b40f67913a8d94b570f40d0a3987.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/52afc32a750f1338bd781a6831729706.000000a4.honggfuzz.cov b/examples/bind/corpus/52afc32a750f1338bd781a6831729706.000000a4.honggfuzz.cov new file mode 100644 index 00000000..c861c395 Binary files /dev/null and b/examples/bind/corpus/52afc32a750f1338bd781a6831729706.000000a4.honggfuzz.cov differ diff --git a/examples/bind/corpus/52c8e9b65c9e49cb4cf2f3744793725a.00000085.honggfuzz.cov b/examples/bind/corpus/52c8e9b65c9e49cb4cf2f3744793725a.00000085.honggfuzz.cov deleted file mode 100644 index b4479414..00000000 Binary files a/examples/bind/corpus/52c8e9b65c9e49cb4cf2f3744793725a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/52db29d3d5e8abc10d79481c9157f409.00001c53.honggfuzz.cov b/examples/bind/corpus/52db29d3d5e8abc10d79481c9157f409.00001c53.honggfuzz.cov deleted file mode 100644 index 7f8d71bf..00000000 Binary files a/examples/bind/corpus/52db29d3d5e8abc10d79481c9157f409.00001c53.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/52e3117fcee7fa21da6bfd765581cdfc.00000360.honggfuzz.cov b/examples/bind/corpus/52e3117fcee7fa21da6bfd765581cdfc.00000360.honggfuzz.cov new file mode 100644 index 00000000..e8ff4dcc Binary files /dev/null and b/examples/bind/corpus/52e3117fcee7fa21da6bfd765581cdfc.00000360.honggfuzz.cov differ diff --git a/examples/bind/corpus/52eb9e5bde2c703ea54208b617de0776.00000085.honggfuzz.cov b/examples/bind/corpus/52eb9e5bde2c703ea54208b617de0776.00000085.honggfuzz.cov deleted file mode 100644 index 6c82cece..00000000 Binary files a/examples/bind/corpus/52eb9e5bde2c703ea54208b617de0776.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/52f036facf15ff45405074ebca232db2.000007d6.honggfuzz.cov b/examples/bind/corpus/52f036facf15ff45405074ebca232db2.000007d6.honggfuzz.cov new file mode 100644 index 00000000..f4c4e2f0 Binary files /dev/null and b/examples/bind/corpus/52f036facf15ff45405074ebca232db2.000007d6.honggfuzz.cov differ diff --git a/examples/bind/corpus/52fee85a0a0e6319d2fd97e517378e2c.00001bcf.honggfuzz.cov b/examples/bind/corpus/52fee85a0a0e6319d2fd97e517378e2c.00001bcf.honggfuzz.cov deleted file mode 100644 index 0049fa90..00000000 Binary files a/examples/bind/corpus/52fee85a0a0e6319d2fd97e517378e2c.00001bcf.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5305241853949cb2309dc58aa08d3688.0000001e.honggfuzz.cov b/examples/bind/corpus/5305241853949cb2309dc58aa08d3688.0000001e.honggfuzz.cov new file mode 100644 index 00000000..4319386e Binary files /dev/null and b/examples/bind/corpus/5305241853949cb2309dc58aa08d3688.0000001e.honggfuzz.cov differ diff --git a/examples/bind/corpus/530e5d9185154dc643ecce8ee84f4604.00000400.honggfuzz.cov b/examples/bind/corpus/530e5d9185154dc643ecce8ee84f4604.00000400.honggfuzz.cov deleted file mode 100644 index 76eb2c28..00000000 Binary files a/examples/bind/corpus/530e5d9185154dc643ecce8ee84f4604.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5324e003db7bc7f5a6775b7b53605490.00000008.honggfuzz.cov b/examples/bind/corpus/5324e003db7bc7f5a6775b7b53605490.00000008.honggfuzz.cov new file mode 100644 index 00000000..c0bd3817 --- /dev/null +++ b/examples/bind/corpus/5324e003db7bc7f5a6775b7b53605490.00000008.honggfuzz.cov @@ -0,0 +1 @@ +O¯ža¨ªÀÿ \ No newline at end of file diff --git a/examples/bind/corpus/53375b95c3e01439fc545ce16917228d.00004c27.honggfuzz.cov b/examples/bind/corpus/53375b95c3e01439fc545ce16917228d.00004c27.honggfuzz.cov deleted file mode 100644 index 587a698f..00000000 Binary files a/examples/bind/corpus/53375b95c3e01439fc545ce16917228d.00004c27.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/534a06900c080721b6a94749a6f9122d.00000186.honggfuzz.cov b/examples/bind/corpus/534a06900c080721b6a94749a6f9122d.00000186.honggfuzz.cov new file mode 100644 index 00000000..b4290b19 Binary files /dev/null and b/examples/bind/corpus/534a06900c080721b6a94749a6f9122d.00000186.honggfuzz.cov differ diff --git a/examples/bind/corpus/5360aec5b51e74a7ff2188cdc575bc54.0000004f.honggfuzz.cov b/examples/bind/corpus/5360aec5b51e74a7ff2188cdc575bc54.0000004f.honggfuzz.cov deleted file mode 100644 index f3c65fdc..00000000 Binary files a/examples/bind/corpus/5360aec5b51e74a7ff2188cdc575bc54.0000004f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5377ea11f65f5c22604ec9cc98357241.0002bfb4.honggfuzz.cov b/examples/bind/corpus/5377ea11f65f5c22604ec9cc98357241.0002bfb4.honggfuzz.cov deleted file mode 100644 index 0d551e4e..00000000 Binary files a/examples/bind/corpus/5377ea11f65f5c22604ec9cc98357241.0002bfb4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/537c92813c0e10317af44fdfc1312df0.00000080.honggfuzz.cov b/examples/bind/corpus/537c92813c0e10317af44fdfc1312df0.00000080.honggfuzz.cov deleted file mode 100644 index 5f2080ca..00000000 Binary files a/examples/bind/corpus/537c92813c0e10317af44fdfc1312df0.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5394615a6adb5458cd72190112bbc5fa.00000080.honggfuzz.cov b/examples/bind/corpus/5394615a6adb5458cd72190112bbc5fa.00000080.honggfuzz.cov deleted file mode 100644 index b806187c..00000000 Binary files a/examples/bind/corpus/5394615a6adb5458cd72190112bbc5fa.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/539937a667755e70457bb206fe61c413.00000138.honggfuzz.cov b/examples/bind/corpus/539937a667755e70457bb206fe61c413.00000138.honggfuzz.cov new file mode 100644 index 00000000..ccc70037 Binary files /dev/null and b/examples/bind/corpus/539937a667755e70457bb206fe61c413.00000138.honggfuzz.cov differ diff --git a/examples/bind/corpus/53adc1800bbd12d1b5e654950e352bf5.0001153e.honggfuzz.cov b/examples/bind/corpus/53adc1800bbd12d1b5e654950e352bf5.0001153e.honggfuzz.cov new file mode 100644 index 00000000..2aecf2eb Binary files /dev/null and b/examples/bind/corpus/53adc1800bbd12d1b5e654950e352bf5.0001153e.honggfuzz.cov differ diff --git a/examples/bind/corpus/53b8322c1eafd07257323a8992c718b9.0000ffe6.honggfuzz.cov b/examples/bind/corpus/53b8322c1eafd07257323a8992c718b9.0000ffe6.honggfuzz.cov deleted file mode 100644 index 3d4258ef..00000000 Binary files a/examples/bind/corpus/53b8322c1eafd07257323a8992c718b9.0000ffe6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/53fd80c70c245bcf5f6ef21cf06fe550.00014ebc.honggfuzz.cov b/examples/bind/corpus/53fd80c70c245bcf5f6ef21cf06fe550.00014ebc.honggfuzz.cov deleted file mode 100644 index 4c0be1b1..00000000 Binary files a/examples/bind/corpus/53fd80c70c245bcf5f6ef21cf06fe550.00014ebc.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/53ff9e652c98f9912d99cc9c2ee05efb.00008b51.honggfuzz.cov b/examples/bind/corpus/53ff9e652c98f9912d99cc9c2ee05efb.00008b51.honggfuzz.cov new file mode 100644 index 00000000..7e149892 Binary files /dev/null and b/examples/bind/corpus/53ff9e652c98f9912d99cc9c2ee05efb.00008b51.honggfuzz.cov differ diff --git a/examples/bind/corpus/54203440fa8034af284649198a25c4f1.0000040a.honggfuzz.cov b/examples/bind/corpus/54203440fa8034af284649198a25c4f1.0000040a.honggfuzz.cov deleted file mode 100644 index 25d31b08..00000000 Binary files a/examples/bind/corpus/54203440fa8034af284649198a25c4f1.0000040a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/543aa525f6cdb5994c8a1355d5ff6d24.00000023.honggfuzz.cov b/examples/bind/corpus/543aa525f6cdb5994c8a1355d5ff6d24.00000023.honggfuzz.cov new file mode 100644 index 00000000..23d1bfc3 Binary files /dev/null and b/examples/bind/corpus/543aa525f6cdb5994c8a1355d5ff6d24.00000023.honggfuzz.cov differ diff --git a/examples/bind/corpus/543d7d1208f4eedba41323c55ef0b434.000000f9.honggfuzz.cov b/examples/bind/corpus/543d7d1208f4eedba41323c55ef0b434.000000f9.honggfuzz.cov deleted file mode 100644 index 3aacc59e..00000000 Binary files a/examples/bind/corpus/543d7d1208f4eedba41323c55ef0b434.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/54637a5edbf75953e5e4b379a760d807.00000126.honggfuzz.cov b/examples/bind/corpus/54637a5edbf75953e5e4b379a760d807.00000126.honggfuzz.cov new file mode 100644 index 00000000..04decf46 Binary files /dev/null and b/examples/bind/corpus/54637a5edbf75953e5e4b379a760d807.00000126.honggfuzz.cov differ diff --git a/examples/bind/corpus/54805ad29f1790ce1b3cb6cff1fa64e6.00000400.honggfuzz.cov b/examples/bind/corpus/54805ad29f1790ce1b3cb6cff1fa64e6.00000400.honggfuzz.cov deleted file mode 100644 index 94c08456..00000000 Binary files a/examples/bind/corpus/54805ad29f1790ce1b3cb6cff1fa64e6.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/54a420caedd8c1a829bf89c04c4a2a5e.0000c006.honggfuzz.cov b/examples/bind/corpus/54a420caedd8c1a829bf89c04c4a2a5e.0000c006.honggfuzz.cov deleted file mode 100644 index a4e1e55d..00000000 Binary files a/examples/bind/corpus/54a420caedd8c1a829bf89c04c4a2a5e.0000c006.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/54afc3714eea78ee7e91d20363c943ea.00000085.honggfuzz.cov b/examples/bind/corpus/54afc3714eea78ee7e91d20363c943ea.00000085.honggfuzz.cov deleted file mode 100644 index e7688bf0..00000000 Binary files a/examples/bind/corpus/54afc3714eea78ee7e91d20363c943ea.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/54cecdaa03c243b6b09f9b6342eef744.00000037.honggfuzz.cov b/examples/bind/corpus/54cecdaa03c243b6b09f9b6342eef744.00000037.honggfuzz.cov deleted file mode 100644 index 3e6ac08b..00000000 Binary files a/examples/bind/corpus/54cecdaa03c243b6b09f9b6342eef744.00000037.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/54dff6536a433a3e8851c854954b80e5.000000f9.honggfuzz.cov b/examples/bind/corpus/54dff6536a433a3e8851c854954b80e5.000000f9.honggfuzz.cov deleted file mode 100644 index 6339290a..00000000 Binary files a/examples/bind/corpus/54dff6536a433a3e8851c854954b80e5.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/54e2b6547f38b685c12088f6128cf8a1.000000f2.honggfuzz.cov b/examples/bind/corpus/54e2b6547f38b685c12088f6128cf8a1.000000f2.honggfuzz.cov deleted file mode 100644 index 955d626f..00000000 Binary files a/examples/bind/corpus/54e2b6547f38b685c12088f6128cf8a1.000000f2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/54f0d24b389335bc58fd28a4b7b87ff8.00000400.honggfuzz.cov b/examples/bind/corpus/54f0d24b389335bc58fd28a4b7b87ff8.00000400.honggfuzz.cov deleted file mode 100644 index 3684be04..00000000 Binary files a/examples/bind/corpus/54f0d24b389335bc58fd28a4b7b87ff8.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/54f2d129d111bdca4cb3d3127d6a9813.000148cb.honggfuzz.cov b/examples/bind/corpus/54f2d129d111bdca4cb3d3127d6a9813.000148cb.honggfuzz.cov new file mode 100644 index 00000000..3301b170 Binary files /dev/null and b/examples/bind/corpus/54f2d129d111bdca4cb3d3127d6a9813.000148cb.honggfuzz.cov differ diff --git a/examples/bind/corpus/55099e5936c4dd17168bf8995267fc92.00000085.honggfuzz.cov b/examples/bind/corpus/55099e5936c4dd17168bf8995267fc92.00000085.honggfuzz.cov new file mode 100644 index 00000000..5f26b8a6 Binary files /dev/null and b/examples/bind/corpus/55099e5936c4dd17168bf8995267fc92.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/55278d9ed7a91ffc9154a6e06c341df3.0000004f.honggfuzz.cov b/examples/bind/corpus/55278d9ed7a91ffc9154a6e06c341df3.0000004f.honggfuzz.cov deleted file mode 100644 index ccbe8ea5..00000000 Binary files a/examples/bind/corpus/55278d9ed7a91ffc9154a6e06c341df3.0000004f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5540b58c7a1c24a4be962ce8016dd6c7.00000400.honggfuzz.cov b/examples/bind/corpus/5540b58c7a1c24a4be962ce8016dd6c7.00000400.honggfuzz.cov deleted file mode 100644 index d0a2452e..00000000 Binary files a/examples/bind/corpus/5540b58c7a1c24a4be962ce8016dd6c7.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5548e96c404d27c25512529af63a54a7.00000090.honggfuzz.cov b/examples/bind/corpus/5548e96c404d27c25512529af63a54a7.00000090.honggfuzz.cov new file mode 100644 index 00000000..3dd301a9 Binary files /dev/null and b/examples/bind/corpus/5548e96c404d27c25512529af63a54a7.00000090.honggfuzz.cov differ diff --git a/examples/bind/corpus/5592b25c8b64e88b7e8b83a67260c304.00000035.honggfuzz.cov b/examples/bind/corpus/5592b25c8b64e88b7e8b83a67260c304.00000035.honggfuzz.cov deleted file mode 100644 index f9a6129e..00000000 Binary files a/examples/bind/corpus/5592b25c8b64e88b7e8b83a67260c304.00000035.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/55de3fb2adc0ab83c2d7fa19bda865db.00016ced.honggfuzz.cov b/examples/bind/corpus/55de3fb2adc0ab83c2d7fa19bda865db.00016ced.honggfuzz.cov deleted file mode 100644 index 8c79edb4..00000000 Binary files a/examples/bind/corpus/55de3fb2adc0ab83c2d7fa19bda865db.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/55f496461d9141ed61869a58e7eff607.00000200.honggfuzz.cov b/examples/bind/corpus/55f496461d9141ed61869a58e7eff607.00000200.honggfuzz.cov deleted file mode 100644 index 26398034..00000000 Binary files a/examples/bind/corpus/55f496461d9141ed61869a58e7eff607.00000200.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/55fab8fa1444d7b97481590a3b542fa7.00000085.honggfuzz.cov b/examples/bind/corpus/55fab8fa1444d7b97481590a3b542fa7.00000085.honggfuzz.cov deleted file mode 100644 index 6c1757a4..00000000 Binary files a/examples/bind/corpus/55fab8fa1444d7b97481590a3b542fa7.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/55fbca2a777dc99610596492c93a9bb8.0000bcfb.honggfuzz.cov b/examples/bind/corpus/55fbca2a777dc99610596492c93a9bb8.0000bcfb.honggfuzz.cov deleted file mode 100644 index 039c1565..00000000 Binary files a/examples/bind/corpus/55fbca2a777dc99610596492c93a9bb8.0000bcfb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5617f0c1f70b65bdc235e59822fd611a.00000ab1.honggfuzz.cov b/examples/bind/corpus/5617f0c1f70b65bdc235e59822fd611a.00000ab1.honggfuzz.cov new file mode 100644 index 00000000..9e2daf71 Binary files /dev/null and b/examples/bind/corpus/5617f0c1f70b65bdc235e59822fd611a.00000ab1.honggfuzz.cov differ diff --git a/examples/bind/corpus/56188ba08eb3cc618acf68b4b8cc9d79.000000cb.honggfuzz.cov b/examples/bind/corpus/56188ba08eb3cc618acf68b4b8cc9d79.000000cb.honggfuzz.cov new file mode 100644 index 00000000..58a66b57 Binary files /dev/null and b/examples/bind/corpus/56188ba08eb3cc618acf68b4b8cc9d79.000000cb.honggfuzz.cov differ diff --git a/examples/bind/corpus/563e43030195521e7947c2f29a576c2c.00000085.honggfuzz.cov b/examples/bind/corpus/563e43030195521e7947c2f29a576c2c.00000085.honggfuzz.cov deleted file mode 100644 index 4296c293..00000000 Binary files a/examples/bind/corpus/563e43030195521e7947c2f29a576c2c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5657d5ebe5cdd9a1a9ddea4731e544a3.00000092.honggfuzz.cov b/examples/bind/corpus/5657d5ebe5cdd9a1a9ddea4731e544a3.00000092.honggfuzz.cov deleted file mode 100644 index e9bfe374..00000000 Binary files a/examples/bind/corpus/5657d5ebe5cdd9a1a9ddea4731e544a3.00000092.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5660690554f9f1647642e9472ee2c2c5.0000006c.honggfuzz.cov b/examples/bind/corpus/5660690554f9f1647642e9472ee2c2c5.0000006c.honggfuzz.cov new file mode 100644 index 00000000..a532efe1 Binary files /dev/null and b/examples/bind/corpus/5660690554f9f1647642e9472ee2c2c5.0000006c.honggfuzz.cov differ diff --git a/examples/bind/corpus/5689d895744186f7a17b5598327d8dd1.00000181.honggfuzz.cov b/examples/bind/corpus/5689d895744186f7a17b5598327d8dd1.00000181.honggfuzz.cov deleted file mode 100644 index 3ca22888..00000000 Binary files a/examples/bind/corpus/5689d895744186f7a17b5598327d8dd1.00000181.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5692c0d2c3b6c1be15562cfe6483d3bc.00020000.honggfuzz.cov b/examples/bind/corpus/5692c0d2c3b6c1be15562cfe6483d3bc.00020000.honggfuzz.cov deleted file mode 100644 index adb69030..00000000 Binary files a/examples/bind/corpus/5692c0d2c3b6c1be15562cfe6483d3bc.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/56a18169e9508b4b62f4158a74819042.00001aa8.honggfuzz.cov b/examples/bind/corpus/56a18169e9508b4b62f4158a74819042.00001aa8.honggfuzz.cov new file mode 100644 index 00000000..98d19a92 Binary files /dev/null and b/examples/bind/corpus/56a18169e9508b4b62f4158a74819042.00001aa8.honggfuzz.cov differ diff --git a/examples/bind/corpus/56b38ab9ee55815d95be43631a3bbdd2.0001f7e8.honggfuzz.cov b/examples/bind/corpus/56b38ab9ee55815d95be43631a3bbdd2.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..2945dd2f Binary files /dev/null and b/examples/bind/corpus/56b38ab9ee55815d95be43631a3bbdd2.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/56bea53586b15356b136eb20a0eb7672.0000054f.honggfuzz.cov b/examples/bind/corpus/56bea53586b15356b136eb20a0eb7672.0000054f.honggfuzz.cov deleted file mode 100644 index 2d0d6b97..00000000 Binary files a/examples/bind/corpus/56bea53586b15356b136eb20a0eb7672.0000054f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/56c487800f0a9dc4186a8755429aebf9.00000181.honggfuzz.cov b/examples/bind/corpus/56c487800f0a9dc4186a8755429aebf9.00000181.honggfuzz.cov new file mode 100644 index 00000000..1ad597e7 Binary files /dev/null and b/examples/bind/corpus/56c487800f0a9dc4186a8755429aebf9.00000181.honggfuzz.cov differ diff --git a/examples/bind/corpus/56efc32fa5e5260eeddd712f808cdcbe.0000024c.honggfuzz.cov b/examples/bind/corpus/56efc32fa5e5260eeddd712f808cdcbe.0000024c.honggfuzz.cov new file mode 100644 index 00000000..33919c94 Binary files /dev/null and b/examples/bind/corpus/56efc32fa5e5260eeddd712f808cdcbe.0000024c.honggfuzz.cov differ diff --git a/examples/bind/corpus/56f18c43484e444bb59afca0335fc3c3.00000040.honggfuzz.cov b/examples/bind/corpus/56f18c43484e444bb59afca0335fc3c3.00000040.honggfuzz.cov new file mode 100644 index 00000000..624bf448 Binary files /dev/null and b/examples/bind/corpus/56f18c43484e444bb59afca0335fc3c3.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/571b53e720e69a015a0635d9650520fa.00012b85.honggfuzz.cov b/examples/bind/corpus/571b53e720e69a015a0635d9650520fa.00012b85.honggfuzz.cov deleted file mode 100644 index ea859b1e..00000000 Binary files a/examples/bind/corpus/571b53e720e69a015a0635d9650520fa.00012b85.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/57956f9cf77b29ea27026f27293cabff.00000168.honggfuzz.cov b/examples/bind/corpus/57956f9cf77b29ea27026f27293cabff.00000168.honggfuzz.cov deleted file mode 100644 index 501267da..00000000 Binary files a/examples/bind/corpus/57956f9cf77b29ea27026f27293cabff.00000168.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/579d1b143a6c1befb1d82e239741d6c2.000000f9.honggfuzz.cov b/examples/bind/corpus/579d1b143a6c1befb1d82e239741d6c2.000000f9.honggfuzz.cov deleted file mode 100644 index d47fc452..00000000 Binary files a/examples/bind/corpus/579d1b143a6c1befb1d82e239741d6c2.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/57cb8a2f12981a2cdd59bc9a7855d30d.000166db.honggfuzz.cov b/examples/bind/corpus/57cb8a2f12981a2cdd59bc9a7855d30d.000166db.honggfuzz.cov deleted file mode 100644 index 1fadfa36..00000000 Binary files a/examples/bind/corpus/57cb8a2f12981a2cdd59bc9a7855d30d.000166db.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/57d0142f4809e2fa6deee243efc0543e.00000085.honggfuzz.cov b/examples/bind/corpus/57d0142f4809e2fa6deee243efc0543e.00000085.honggfuzz.cov new file mode 100644 index 00000000..aef96b78 Binary files /dev/null and b/examples/bind/corpus/57d0142f4809e2fa6deee243efc0543e.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/57d867f20eb4fd55d6a52aaf6f1031da.000000b0.honggfuzz.cov b/examples/bind/corpus/57d867f20eb4fd55d6a52aaf6f1031da.000000b0.honggfuzz.cov new file mode 100644 index 00000000..e89e6730 Binary files /dev/null and b/examples/bind/corpus/57d867f20eb4fd55d6a52aaf6f1031da.000000b0.honggfuzz.cov differ diff --git a/examples/bind/corpus/57e70dfd64897c9dfdeaa51c4470fe07.0000770b.honggfuzz.cov b/examples/bind/corpus/57e70dfd64897c9dfdeaa51c4470fe07.0000770b.honggfuzz.cov deleted file mode 100644 index 45620a65..00000000 Binary files a/examples/bind/corpus/57e70dfd64897c9dfdeaa51c4470fe07.0000770b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5801961f6ff9997918bafcea2c4545e6.000101d0.honggfuzz.cov b/examples/bind/corpus/5801961f6ff9997918bafcea2c4545e6.000101d0.honggfuzz.cov new file mode 100644 index 00000000..5ff8a4fc Binary files /dev/null and b/examples/bind/corpus/5801961f6ff9997918bafcea2c4545e6.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/5819b0ce6dace3f4e75da451eab4b9a1.00000032.honggfuzz.cov b/examples/bind/corpus/5819b0ce6dace3f4e75da451eab4b9a1.00000032.honggfuzz.cov new file mode 100644 index 00000000..fa0f6e8c Binary files /dev/null and b/examples/bind/corpus/5819b0ce6dace3f4e75da451eab4b9a1.00000032.honggfuzz.cov differ diff --git a/examples/bind/corpus/581b68544793add2e84a228e77ee1b57.00000085.honggfuzz.cov b/examples/bind/corpus/581b68544793add2e84a228e77ee1b57.00000085.honggfuzz.cov deleted file mode 100644 index 1b73627a..00000000 Binary files a/examples/bind/corpus/581b68544793add2e84a228e77ee1b57.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/581be80ad1032b57d87dae4e1224cfd1.00000080.honggfuzz.cov b/examples/bind/corpus/581be80ad1032b57d87dae4e1224cfd1.00000080.honggfuzz.cov new file mode 100644 index 00000000..4667e022 Binary files /dev/null and b/examples/bind/corpus/581be80ad1032b57d87dae4e1224cfd1.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/58530e0586dbf189c4c14ac8e9335b40.00000097.honggfuzz.cov b/examples/bind/corpus/58530e0586dbf189c4c14ac8e9335b40.00000097.honggfuzz.cov new file mode 100644 index 00000000..8cc49eef Binary files /dev/null and b/examples/bind/corpus/58530e0586dbf189c4c14ac8e9335b40.00000097.honggfuzz.cov differ diff --git a/examples/bind/corpus/5853a5dfa6bc78784caf3b9584832fe7.000023d6.honggfuzz.cov b/examples/bind/corpus/5853a5dfa6bc78784caf3b9584832fe7.000023d6.honggfuzz.cov deleted file mode 100644 index 19a0cf51..00000000 Binary files a/examples/bind/corpus/5853a5dfa6bc78784caf3b9584832fe7.000023d6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/58650e3065d6039421b8800caa266a10.00002563.honggfuzz.cov b/examples/bind/corpus/58650e3065d6039421b8800caa266a10.00002563.honggfuzz.cov new file mode 100644 index 00000000..a2d552d1 Binary files /dev/null and b/examples/bind/corpus/58650e3065d6039421b8800caa266a10.00002563.honggfuzz.cov differ diff --git a/examples/bind/corpus/5870680cf4bafb8d4a352302205132cd.00000086.honggfuzz.cov b/examples/bind/corpus/5870680cf4bafb8d4a352302205132cd.00000086.honggfuzz.cov deleted file mode 100644 index 39ce1eb5..00000000 Binary files a/examples/bind/corpus/5870680cf4bafb8d4a352302205132cd.00000086.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/58822825a48f7cf159c782d89d5d3d17.000101d0.honggfuzz.cov b/examples/bind/corpus/58822825a48f7cf159c782d89d5d3d17.000101d0.honggfuzz.cov new file mode 100644 index 00000000..748b3ffc Binary files /dev/null and b/examples/bind/corpus/58822825a48f7cf159c782d89d5d3d17.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/5887efbcbc8915165dabb341f6a730e8.0000010f.honggfuzz.cov b/examples/bind/corpus/5887efbcbc8915165dabb341f6a730e8.0000010f.honggfuzz.cov new file mode 100644 index 00000000..a4936adc Binary files /dev/null and b/examples/bind/corpus/5887efbcbc8915165dabb341f6a730e8.0000010f.honggfuzz.cov differ diff --git a/examples/bind/corpus/588b4b9ae0aacd142a044ec266d06545.00008ffd.honggfuzz.cov b/examples/bind/corpus/588b4b9ae0aacd142a044ec266d06545.00008ffd.honggfuzz.cov deleted file mode 100644 index dfc93ab7..00000000 Binary files a/examples/bind/corpus/588b4b9ae0aacd142a044ec266d06545.00008ffd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/588c58c3650085d29a907ba5321e3e69.000001fc.honggfuzz.cov b/examples/bind/corpus/588c58c3650085d29a907ba5321e3e69.000001fc.honggfuzz.cov deleted file mode 100644 index bbd8669c..00000000 Binary files a/examples/bind/corpus/588c58c3650085d29a907ba5321e3e69.000001fc.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/588cdd7ecf3b27d43f24bf60f1f87b34.0001153e.honggfuzz.cov b/examples/bind/corpus/588cdd7ecf3b27d43f24bf60f1f87b34.0001153e.honggfuzz.cov deleted file mode 100644 index ea51a85f..00000000 Binary files a/examples/bind/corpus/588cdd7ecf3b27d43f24bf60f1f87b34.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/58927ac9f7ae19b8ce9475ef225f8f0e.00000085.honggfuzz.cov b/examples/bind/corpus/58927ac9f7ae19b8ce9475ef225f8f0e.00000085.honggfuzz.cov deleted file mode 100644 index 9d3bbecb..00000000 Binary files a/examples/bind/corpus/58927ac9f7ae19b8ce9475ef225f8f0e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/58a0a8b8f82b58e2a419aa63d4dc3410.00000400.honggfuzz.cov b/examples/bind/corpus/58a0a8b8f82b58e2a419aa63d4dc3410.00000400.honggfuzz.cov deleted file mode 100644 index e8458c80..00000000 Binary files a/examples/bind/corpus/58a0a8b8f82b58e2a419aa63d4dc3410.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/58d6cb590a4ca6d16d064407e6667ada.00000799.honggfuzz.cov b/examples/bind/corpus/58d6cb590a4ca6d16d064407e6667ada.00000799.honggfuzz.cov deleted file mode 100644 index 61848deb..00000000 Binary files a/examples/bind/corpus/58d6cb590a4ca6d16d064407e6667ada.00000799.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/58ee33731a093aa0a5fd3045091dd8bf.000000f9.honggfuzz.cov b/examples/bind/corpus/58ee33731a093aa0a5fd3045091dd8bf.000000f9.honggfuzz.cov deleted file mode 100644 index 740d4a9a..00000000 Binary files a/examples/bind/corpus/58ee33731a093aa0a5fd3045091dd8bf.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/593bf3e53bac943924c7285047865082.00000099.honggfuzz.cov b/examples/bind/corpus/593bf3e53bac943924c7285047865082.00000099.honggfuzz.cov new file mode 100644 index 00000000..3ecb4045 Binary files /dev/null and b/examples/bind/corpus/593bf3e53bac943924c7285047865082.00000099.honggfuzz.cov differ diff --git a/examples/bind/corpus/5976350998febbb5ca9a838c8defe6c3.000001b0.honggfuzz.cov b/examples/bind/corpus/5976350998febbb5ca9a838c8defe6c3.000001b0.honggfuzz.cov deleted file mode 100644 index d5a15633..00000000 Binary files a/examples/bind/corpus/5976350998febbb5ca9a838c8defe6c3.000001b0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/597cac9c41fbae0b41502d84d2132ea5.00000127.honggfuzz.cov b/examples/bind/corpus/597cac9c41fbae0b41502d84d2132ea5.00000127.honggfuzz.cov deleted file mode 100644 index 540f74c9..00000000 Binary files a/examples/bind/corpus/597cac9c41fbae0b41502d84d2132ea5.00000127.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/59871fcf803dfdd56eeb0ddcb4926855.000000e1.honggfuzz.cov b/examples/bind/corpus/59871fcf803dfdd56eeb0ddcb4926855.000000e1.honggfuzz.cov new file mode 100644 index 00000000..0876fd59 Binary files /dev/null and b/examples/bind/corpus/59871fcf803dfdd56eeb0ddcb4926855.000000e1.honggfuzz.cov differ diff --git a/examples/bind/corpus/5992793d0ee14edf8d97bd6a2a359d9c.00000400.honggfuzz.cov b/examples/bind/corpus/5992793d0ee14edf8d97bd6a2a359d9c.00000400.honggfuzz.cov deleted file mode 100644 index 0d501cf3..00000000 Binary files a/examples/bind/corpus/5992793d0ee14edf8d97bd6a2a359d9c.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/59a166f4032ec2e3fc2dd69e586270e4.0007d000.honggfuzz.cov b/examples/bind/corpus/59a166f4032ec2e3fc2dd69e586270e4.0007d000.honggfuzz.cov deleted file mode 100644 index fc37ab90..00000000 Binary files a/examples/bind/corpus/59a166f4032ec2e3fc2dd69e586270e4.0007d000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/59b0a342f045bf9462417d105d3702d2.0000007e.honggfuzz.cov b/examples/bind/corpus/59b0a342f045bf9462417d105d3702d2.0000007e.honggfuzz.cov deleted file mode 100644 index 4fea8f77..00000000 Binary files a/examples/bind/corpus/59b0a342f045bf9462417d105d3702d2.0000007e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/59bd66a9a1b615293e93c6be392e51c8.000001a5.honggfuzz.cov b/examples/bind/corpus/59bd66a9a1b615293e93c6be392e51c8.000001a5.honggfuzz.cov deleted file mode 100644 index ef12e9e4..00000000 Binary files a/examples/bind/corpus/59bd66a9a1b615293e93c6be392e51c8.000001a5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/59df2813e73cdb78bc36df4dc397e9c0.00000684.honggfuzz.cov b/examples/bind/corpus/59df2813e73cdb78bc36df4dc397e9c0.00000684.honggfuzz.cov deleted file mode 100644 index 0865ef02..00000000 Binary files a/examples/bind/corpus/59df2813e73cdb78bc36df4dc397e9c0.00000684.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/59df5cbf61d5c9a46d3054d504d82e16.00000c35.honggfuzz.cov b/examples/bind/corpus/59df5cbf61d5c9a46d3054d504d82e16.00000c35.honggfuzz.cov deleted file mode 100644 index e51d3497..00000000 Binary files a/examples/bind/corpus/59df5cbf61d5c9a46d3054d504d82e16.00000c35.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/59f27ff0ad5d6fac7b2e11afb2cbf5c1.0001f7e8.honggfuzz.cov b/examples/bind/corpus/59f27ff0ad5d6fac7b2e11afb2cbf5c1.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..e7563ef0 Binary files /dev/null and b/examples/bind/corpus/59f27ff0ad5d6fac7b2e11afb2cbf5c1.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/59fe3b9ae0777ab6eee466eb17ac99fc.00000085.honggfuzz.cov b/examples/bind/corpus/59fe3b9ae0777ab6eee466eb17ac99fc.00000085.honggfuzz.cov deleted file mode 100644 index 9ec466c9..00000000 Binary files a/examples/bind/corpus/59fe3b9ae0777ab6eee466eb17ac99fc.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5a12228f2e8c9453cae39d8b22445829.0000003a.honggfuzz.cov b/examples/bind/corpus/5a12228f2e8c9453cae39d8b22445829.0000003a.honggfuzz.cov new file mode 100644 index 00000000..ae0bee12 Binary files /dev/null and b/examples/bind/corpus/5a12228f2e8c9453cae39d8b22445829.0000003a.honggfuzz.cov differ diff --git a/examples/bind/corpus/5a2d30a2836d009255ffa50cb4eccc66.00000059.honggfuzz.cov b/examples/bind/corpus/5a2d30a2836d009255ffa50cb4eccc66.00000059.honggfuzz.cov deleted file mode 100644 index 7af5ea4a..00000000 Binary files a/examples/bind/corpus/5a2d30a2836d009255ffa50cb4eccc66.00000059.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5a4e89b893feb5640b2e055c19eacfe5.00000085.honggfuzz.cov b/examples/bind/corpus/5a4e89b893feb5640b2e055c19eacfe5.00000085.honggfuzz.cov deleted file mode 100644 index c800af0a..00000000 Binary files a/examples/bind/corpus/5a4e89b893feb5640b2e055c19eacfe5.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5a60a582396182ecfd33f17c5d654faf.00000085.honggfuzz.cov b/examples/bind/corpus/5a60a582396182ecfd33f17c5d654faf.00000085.honggfuzz.cov deleted file mode 100644 index 715c6014..00000000 Binary files a/examples/bind/corpus/5a60a582396182ecfd33f17c5d654faf.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5a7d4f5000b2977854e107544258a8d1.00006322.honggfuzz.cov b/examples/bind/corpus/5a7d4f5000b2977854e107544258a8d1.00006322.honggfuzz.cov new file mode 100644 index 00000000..dc76634a Binary files /dev/null and b/examples/bind/corpus/5a7d4f5000b2977854e107544258a8d1.00006322.honggfuzz.cov differ diff --git a/examples/bind/corpus/5abc76d5cdb9f0f51a25908942d28819.00000080.honggfuzz.cov b/examples/bind/corpus/5abc76d5cdb9f0f51a25908942d28819.00000080.honggfuzz.cov deleted file mode 100644 index 142e2c38..00000000 Binary files a/examples/bind/corpus/5abc76d5cdb9f0f51a25908942d28819.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5acb2df507c2ba8a8c86e4ef43e0ec1f.00001c19.honggfuzz.cov b/examples/bind/corpus/5acb2df507c2ba8a8c86e4ef43e0ec1f.00001c19.honggfuzz.cov deleted file mode 100644 index d9bf9c4f..00000000 Binary files a/examples/bind/corpus/5acb2df507c2ba8a8c86e4ef43e0ec1f.00001c19.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5ad905864e5b40d591b4f96366fe6601.000000f9.honggfuzz.cov b/examples/bind/corpus/5ad905864e5b40d591b4f96366fe6601.000000f9.honggfuzz.cov deleted file mode 100644 index bd3aeea0..00000000 Binary files a/examples/bind/corpus/5ad905864e5b40d591b4f96366fe6601.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5ae52a2d8e0393b0f362fa63fe06e10a.0000ed53.honggfuzz.cov b/examples/bind/corpus/5ae52a2d8e0393b0f362fa63fe06e10a.0000ed53.honggfuzz.cov new file mode 100644 index 00000000..3c4f753c Binary files /dev/null and b/examples/bind/corpus/5ae52a2d8e0393b0f362fa63fe06e10a.0000ed53.honggfuzz.cov differ diff --git a/examples/bind/corpus/5af6ced25da5edb44f1c285477b86507.0001f7e8.honggfuzz.cov b/examples/bind/corpus/5af6ced25da5edb44f1c285477b86507.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..a3534634 Binary files /dev/null and b/examples/bind/corpus/5af6ced25da5edb44f1c285477b86507.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/5afc2816924ee1956ef5f2c6ed08dd36.0000008a.honggfuzz.cov b/examples/bind/corpus/5afc2816924ee1956ef5f2c6ed08dd36.0000008a.honggfuzz.cov deleted file mode 100644 index e39eaa87..00000000 Binary files a/examples/bind/corpus/5afc2816924ee1956ef5f2c6ed08dd36.0000008a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5b1f0d1e644ad8e4d1174abc13039e1d.00002635.honggfuzz.cov b/examples/bind/corpus/5b1f0d1e644ad8e4d1174abc13039e1d.00002635.honggfuzz.cov deleted file mode 100644 index a44aad69..00000000 Binary files a/examples/bind/corpus/5b1f0d1e644ad8e4d1174abc13039e1d.00002635.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5b20dbb244230749d942622b24d36095.00000085.honggfuzz.cov b/examples/bind/corpus/5b20dbb244230749d942622b24d36095.00000085.honggfuzz.cov new file mode 100644 index 00000000..b91e595e Binary files /dev/null and b/examples/bind/corpus/5b20dbb244230749d942622b24d36095.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/5b2341f9d569884d681ae83f963d8b0f.00000080.honggfuzz.cov b/examples/bind/corpus/5b2341f9d569884d681ae83f963d8b0f.00000080.honggfuzz.cov deleted file mode 100644 index 92c258e4..00000000 Binary files a/examples/bind/corpus/5b2341f9d569884d681ae83f963d8b0f.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5b6b4debf897250ecd3bbb8470779071.000101d0.honggfuzz.cov b/examples/bind/corpus/5b6b4debf897250ecd3bbb8470779071.000101d0.honggfuzz.cov new file mode 100644 index 00000000..a7700f67 Binary files /dev/null and b/examples/bind/corpus/5b6b4debf897250ecd3bbb8470779071.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/5b85d42d23ee3d44e77c97f06de5fd60.00000080.honggfuzz.cov b/examples/bind/corpus/5b85d42d23ee3d44e77c97f06de5fd60.00000080.honggfuzz.cov deleted file mode 100644 index 87e70127..00000000 Binary files a/examples/bind/corpus/5b85d42d23ee3d44e77c97f06de5fd60.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5bb047dcb57a64dc14a5495bd75e3ec1.000025d1.honggfuzz.cov b/examples/bind/corpus/5bb047dcb57a64dc14a5495bd75e3ec1.000025d1.honggfuzz.cov deleted file mode 100644 index a9758e29..00000000 Binary files a/examples/bind/corpus/5bb047dcb57a64dc14a5495bd75e3ec1.000025d1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5bc87bcc83236e4c728d67b612817a65.00000080.honggfuzz.cov b/examples/bind/corpus/5bc87bcc83236e4c728d67b612817a65.00000080.honggfuzz.cov deleted file mode 100644 index 46bb15d8..00000000 Binary files a/examples/bind/corpus/5bc87bcc83236e4c728d67b612817a65.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5bf6f68318735a68013e75578054f382.00000130.honggfuzz.cov b/examples/bind/corpus/5bf6f68318735a68013e75578054f382.00000130.honggfuzz.cov deleted file mode 100644 index 44bfbb15..00000000 Binary files a/examples/bind/corpus/5bf6f68318735a68013e75578054f382.00000130.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5bf8789d196fcd75d5442cdee6d98a41.00000094.honggfuzz.cov b/examples/bind/corpus/5bf8789d196fcd75d5442cdee6d98a41.00000094.honggfuzz.cov deleted file mode 100644 index 5220e332..00000000 Binary files a/examples/bind/corpus/5bf8789d196fcd75d5442cdee6d98a41.00000094.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5c065bacbcb4c32f2a229f6c0f437417.00000220.honggfuzz.cov b/examples/bind/corpus/5c065bacbcb4c32f2a229f6c0f437417.00000220.honggfuzz.cov new file mode 100644 index 00000000..b6c36034 Binary files /dev/null and b/examples/bind/corpus/5c065bacbcb4c32f2a229f6c0f437417.00000220.honggfuzz.cov differ diff --git a/examples/bind/corpus/5c09f1712a647f8524c9d735af050771.000000d3.honggfuzz.cov b/examples/bind/corpus/5c09f1712a647f8524c9d735af050771.000000d3.honggfuzz.cov new file mode 100644 index 00000000..c876d2ba Binary files /dev/null and b/examples/bind/corpus/5c09f1712a647f8524c9d735af050771.000000d3.honggfuzz.cov differ diff --git a/examples/bind/corpus/5c14adbb0a64ae1161fcdd198023dfa8.00000041.honggfuzz.cov b/examples/bind/corpus/5c14adbb0a64ae1161fcdd198023dfa8.00000041.honggfuzz.cov deleted file mode 100644 index 4d76cde5..00000000 Binary files a/examples/bind/corpus/5c14adbb0a64ae1161fcdd198023dfa8.00000041.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5c23ee484ba092664fc330ce43ea0699.0000002d.honggfuzz.cov b/examples/bind/corpus/5c23ee484ba092664fc330ce43ea0699.0000002d.honggfuzz.cov deleted file mode 100644 index a212515f..00000000 Binary files a/examples/bind/corpus/5c23ee484ba092664fc330ce43ea0699.0000002d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5c3e0ee62fb28d1187b5a10bb612ae05.000000b2.honggfuzz.cov b/examples/bind/corpus/5c3e0ee62fb28d1187b5a10bb612ae05.000000b2.honggfuzz.cov deleted file mode 100644 index 149eabf3..00000000 Binary files a/examples/bind/corpus/5c3e0ee62fb28d1187b5a10bb612ae05.000000b2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5c74d3f40604101821d3e7f0c17899a5.00000294.honggfuzz.cov b/examples/bind/corpus/5c74d3f40604101821d3e7f0c17899a5.00000294.honggfuzz.cov deleted file mode 100644 index 4fa9116b..00000000 Binary files a/examples/bind/corpus/5c74d3f40604101821d3e7f0c17899a5.00000294.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5c753f5ed7d5f1967754822983095c22.00000078.honggfuzz.cov b/examples/bind/corpus/5c753f5ed7d5f1967754822983095c22.00000078.honggfuzz.cov new file mode 100644 index 00000000..61bcc318 Binary files /dev/null and b/examples/bind/corpus/5c753f5ed7d5f1967754822983095c22.00000078.honggfuzz.cov differ diff --git a/examples/bind/corpus/5c879bc091be6aad83c83dc7b027a260.00001388.honggfuzz.cov b/examples/bind/corpus/5c879bc091be6aad83c83dc7b027a260.00001388.honggfuzz.cov deleted file mode 100644 index a2913eef..00000000 Binary files a/examples/bind/corpus/5c879bc091be6aad83c83dc7b027a260.00001388.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5cb0a4dfc256e08cb9e457471379fe19.000002d6.honggfuzz.cov b/examples/bind/corpus/5cb0a4dfc256e08cb9e457471379fe19.000002d6.honggfuzz.cov new file mode 100644 index 00000000..46defe1c Binary files /dev/null and b/examples/bind/corpus/5cb0a4dfc256e08cb9e457471379fe19.000002d6.honggfuzz.cov differ diff --git a/examples/bind/corpus/5cc0b2982f84d830d6be298a41d07948.00000085.honggfuzz.cov b/examples/bind/corpus/5cc0b2982f84d830d6be298a41d07948.00000085.honggfuzz.cov deleted file mode 100644 index 39e92a98..00000000 Binary files a/examples/bind/corpus/5cc0b2982f84d830d6be298a41d07948.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5ceea4475bd5057e6f7cb5b8963d0ca9.00000043.honggfuzz.cov b/examples/bind/corpus/5ceea4475bd5057e6f7cb5b8963d0ca9.00000043.honggfuzz.cov deleted file mode 100644 index 8a0701b0..00000000 Binary files a/examples/bind/corpus/5ceea4475bd5057e6f7cb5b8963d0ca9.00000043.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5d1164f294f3c76c6f5f207f2a3fd653.000101d0.honggfuzz.cov b/examples/bind/corpus/5d1164f294f3c76c6f5f207f2a3fd653.000101d0.honggfuzz.cov new file mode 100644 index 00000000..70cdab30 Binary files /dev/null and b/examples/bind/corpus/5d1164f294f3c76c6f5f207f2a3fd653.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/5d1b01a45f711420757f54a6f9a2e9f0.000000f4.honggfuzz.cov b/examples/bind/corpus/5d1b01a45f711420757f54a6f9a2e9f0.000000f4.honggfuzz.cov new file mode 100644 index 00000000..7e3fe792 Binary files /dev/null and b/examples/bind/corpus/5d1b01a45f711420757f54a6f9a2e9f0.000000f4.honggfuzz.cov differ diff --git a/examples/bind/corpus/5d1f567c6ae1e1d13d559022112f4af0.00000200.honggfuzz.cov b/examples/bind/corpus/5d1f567c6ae1e1d13d559022112f4af0.00000200.honggfuzz.cov deleted file mode 100644 index d0028eb3..00000000 Binary files a/examples/bind/corpus/5d1f567c6ae1e1d13d559022112f4af0.00000200.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5d1f5949bc3f38ea4f9e57389b5293e9.0001f52b.honggfuzz.cov b/examples/bind/corpus/5d1f5949bc3f38ea4f9e57389b5293e9.0001f52b.honggfuzz.cov deleted file mode 100644 index 1b61c916..00000000 Binary files a/examples/bind/corpus/5d1f5949bc3f38ea4f9e57389b5293e9.0001f52b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5d2047afbb216758addf25e83ff09744.00000085.honggfuzz.cov b/examples/bind/corpus/5d2047afbb216758addf25e83ff09744.00000085.honggfuzz.cov deleted file mode 100644 index ce5bd9b9..00000000 Binary files a/examples/bind/corpus/5d2047afbb216758addf25e83ff09744.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5d21277fb3abee97657b077a1d24585e.00000208.honggfuzz.cov b/examples/bind/corpus/5d21277fb3abee97657b077a1d24585e.00000208.honggfuzz.cov new file mode 100644 index 00000000..ac55ca9d Binary files /dev/null and b/examples/bind/corpus/5d21277fb3abee97657b077a1d24585e.00000208.honggfuzz.cov differ diff --git a/examples/bind/corpus/5d3be52828eca9f8b940cdf1e7e7d1d1.00000085.honggfuzz.cov b/examples/bind/corpus/5d3be52828eca9f8b940cdf1e7e7d1d1.00000085.honggfuzz.cov deleted file mode 100644 index d54455cf..00000000 Binary files a/examples/bind/corpus/5d3be52828eca9f8b940cdf1e7e7d1d1.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5d43f81420887cca1d456f5db00997d7.00000085.honggfuzz.cov b/examples/bind/corpus/5d43f81420887cca1d456f5db00997d7.00000085.honggfuzz.cov new file mode 100644 index 00000000..bfd9ce96 Binary files /dev/null and b/examples/bind/corpus/5d43f81420887cca1d456f5db00997d7.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/5d46829e72fe88f3119373948fe586ff.0000054f.honggfuzz.cov b/examples/bind/corpus/5d46829e72fe88f3119373948fe586ff.0000054f.honggfuzz.cov deleted file mode 100644 index f394a6c4..00000000 Binary files a/examples/bind/corpus/5d46829e72fe88f3119373948fe586ff.0000054f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5d4b2069d9717d03582b57b83017c5a4.00000154.honggfuzz.cov b/examples/bind/corpus/5d4b2069d9717d03582b57b83017c5a4.00000154.honggfuzz.cov deleted file mode 100644 index 3c46ec7d..00000000 Binary files a/examples/bind/corpus/5d4b2069d9717d03582b57b83017c5a4.00000154.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5d4f03ca0c29407713cd53f060f41cf8.000003a1.honggfuzz.cov b/examples/bind/corpus/5d4f03ca0c29407713cd53f060f41cf8.000003a1.honggfuzz.cov deleted file mode 100644 index ab3e60cd..00000000 Binary files a/examples/bind/corpus/5d4f03ca0c29407713cd53f060f41cf8.000003a1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5d5c955edac4115e81db82fa7de2f3ed.000003fe.honggfuzz.cov b/examples/bind/corpus/5d5c955edac4115e81db82fa7de2f3ed.000003fe.honggfuzz.cov new file mode 100644 index 00000000..5f79b752 Binary files /dev/null and b/examples/bind/corpus/5d5c955edac4115e81db82fa7de2f3ed.000003fe.honggfuzz.cov differ diff --git a/examples/bind/corpus/5d69eaf13d49f5d56200c2c6c82b5bd3.00000085.honggfuzz.cov b/examples/bind/corpus/5d69eaf13d49f5d56200c2c6c82b5bd3.00000085.honggfuzz.cov deleted file mode 100644 index 3ca11a27..00000000 Binary files a/examples/bind/corpus/5d69eaf13d49f5d56200c2c6c82b5bd3.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5d6f017d814aeff1ed80d9b936fb24ed.00002615.honggfuzz.cov b/examples/bind/corpus/5d6f017d814aeff1ed80d9b936fb24ed.00002615.honggfuzz.cov new file mode 100644 index 00000000..2e136f10 Binary files /dev/null and b/examples/bind/corpus/5d6f017d814aeff1ed80d9b936fb24ed.00002615.honggfuzz.cov differ diff --git a/examples/bind/corpus/5d74df7fe34fa5cf27bf74aa07834e66.0001d8f5.honggfuzz.cov b/examples/bind/corpus/5d74df7fe34fa5cf27bf74aa07834e66.0001d8f5.honggfuzz.cov deleted file mode 100644 index 3c1f8dc6..00000000 Binary files a/examples/bind/corpus/5d74df7fe34fa5cf27bf74aa07834e66.0001d8f5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5d775047867448ed298fd2963bde6de3.00000080.honggfuzz.cov b/examples/bind/corpus/5d775047867448ed298fd2963bde6de3.00000080.honggfuzz.cov deleted file mode 100644 index 51a73d9d..00000000 Binary files a/examples/bind/corpus/5d775047867448ed298fd2963bde6de3.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5d7956349997ab8c33fe6540e0f77768.00000085.honggfuzz.cov b/examples/bind/corpus/5d7956349997ab8c33fe6540e0f77768.00000085.honggfuzz.cov deleted file mode 100644 index a934f349..00000000 Binary files a/examples/bind/corpus/5d7956349997ab8c33fe6540e0f77768.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5d8e199ce55896d1f841e4a57ffc58ab.0000035a.honggfuzz.cov b/examples/bind/corpus/5d8e199ce55896d1f841e4a57ffc58ab.0000035a.honggfuzz.cov new file mode 100644 index 00000000..665eed89 Binary files /dev/null and b/examples/bind/corpus/5d8e199ce55896d1f841e4a57ffc58ab.0000035a.honggfuzz.cov differ diff --git a/examples/bind/corpus/5d90309006e3a49e2da12e9b22032c72.00000400.honggfuzz.cov b/examples/bind/corpus/5d90309006e3a49e2da12e9b22032c72.00000400.honggfuzz.cov deleted file mode 100644 index f8c552c9..00000000 Binary files a/examples/bind/corpus/5d90309006e3a49e2da12e9b22032c72.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5d95df86604e766e0cabe8cad2f9591e.0000003c.honggfuzz.cov b/examples/bind/corpus/5d95df86604e766e0cabe8cad2f9591e.0000003c.honggfuzz.cov deleted file mode 100644 index 2a441d63..00000000 Binary files a/examples/bind/corpus/5d95df86604e766e0cabe8cad2f9591e.0000003c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5d9c5fb32d19ecdcf4eb12d7265e3348.00000200.honggfuzz.cov b/examples/bind/corpus/5d9c5fb32d19ecdcf4eb12d7265e3348.00000200.honggfuzz.cov new file mode 100644 index 00000000..d04b1c9e Binary files /dev/null and b/examples/bind/corpus/5d9c5fb32d19ecdcf4eb12d7265e3348.00000200.honggfuzz.cov differ diff --git a/examples/bind/corpus/5d9e0500755072d4dc3aea9ef98a35e1.00000085.honggfuzz.cov b/examples/bind/corpus/5d9e0500755072d4dc3aea9ef98a35e1.00000085.honggfuzz.cov deleted file mode 100644 index 04c856cc..00000000 Binary files a/examples/bind/corpus/5d9e0500755072d4dc3aea9ef98a35e1.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5db22a50e18932fb682c82aae954c464.000000f9.honggfuzz.cov b/examples/bind/corpus/5db22a50e18932fb682c82aae954c464.000000f9.honggfuzz.cov deleted file mode 100644 index cb2e4c96..00000000 Binary files a/examples/bind/corpus/5db22a50e18932fb682c82aae954c464.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5db7f011a86b631c522e1d06ebddf466.0000035d.honggfuzz.cov b/examples/bind/corpus/5db7f011a86b631c522e1d06ebddf466.0000035d.honggfuzz.cov deleted file mode 100644 index ce70f19e..00000000 Binary files a/examples/bind/corpus/5db7f011a86b631c522e1d06ebddf466.0000035d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5dc33fb10aabb11524348a69265e5f6e.000000c0.honggfuzz.cov b/examples/bind/corpus/5dc33fb10aabb11524348a69265e5f6e.000000c0.honggfuzz.cov deleted file mode 100644 index e1f145ef..00000000 Binary files a/examples/bind/corpus/5dc33fb10aabb11524348a69265e5f6e.000000c0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5de675712e69697336c9eb99ff6f070a.00000085.honggfuzz.cov b/examples/bind/corpus/5de675712e69697336c9eb99ff6f070a.00000085.honggfuzz.cov new file mode 100644 index 00000000..0f1c4e97 Binary files /dev/null and b/examples/bind/corpus/5de675712e69697336c9eb99ff6f070a.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/5df2ad670310dc50cc773dd2c138ae4a.00000085.honggfuzz.cov b/examples/bind/corpus/5df2ad670310dc50cc773dd2c138ae4a.00000085.honggfuzz.cov deleted file mode 100644 index 8e33d6e5..00000000 Binary files a/examples/bind/corpus/5df2ad670310dc50cc773dd2c138ae4a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5e091916e5da504a0a02f7d481f24327.00000633.honggfuzz.cov b/examples/bind/corpus/5e091916e5da504a0a02f7d481f24327.00000633.honggfuzz.cov new file mode 100644 index 00000000..daaa9bc9 Binary files /dev/null and b/examples/bind/corpus/5e091916e5da504a0a02f7d481f24327.00000633.honggfuzz.cov differ diff --git a/examples/bind/corpus/5e180f9dc4c9508b01a6c50cf7b5b7b5.00001e0e.honggfuzz.cov b/examples/bind/corpus/5e180f9dc4c9508b01a6c50cf7b5b7b5.00001e0e.honggfuzz.cov deleted file mode 100644 index 81000f6c..00000000 Binary files a/examples/bind/corpus/5e180f9dc4c9508b01a6c50cf7b5b7b5.00001e0e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5e2804cfff7ae0726a7213675ab77311.000000f2.honggfuzz.cov b/examples/bind/corpus/5e2804cfff7ae0726a7213675ab77311.000000f2.honggfuzz.cov deleted file mode 100644 index a4f70a2e..00000000 Binary files a/examples/bind/corpus/5e2804cfff7ae0726a7213675ab77311.000000f2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5e37d6ea1f4498cb4e85e2b3ad3dc87d.00000217.honggfuzz.cov b/examples/bind/corpus/5e37d6ea1f4498cb4e85e2b3ad3dc87d.00000217.honggfuzz.cov new file mode 100644 index 00000000..7ec64758 Binary files /dev/null and b/examples/bind/corpus/5e37d6ea1f4498cb4e85e2b3ad3dc87d.00000217.honggfuzz.cov differ diff --git a/examples/bind/corpus/5e38451a0cf6e4fae794c887398fedae.00015905.honggfuzz.cov b/examples/bind/corpus/5e38451a0cf6e4fae794c887398fedae.00015905.honggfuzz.cov deleted file mode 100644 index 1534e432..00000000 Binary files a/examples/bind/corpus/5e38451a0cf6e4fae794c887398fedae.00015905.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5e3fe3bf5ebeb88c3285b49e3ec4fb06.00000062.honggfuzz.cov b/examples/bind/corpus/5e3fe3bf5ebeb88c3285b49e3ec4fb06.00000062.honggfuzz.cov deleted file mode 100644 index dbba4af0..00000000 Binary files a/examples/bind/corpus/5e3fe3bf5ebeb88c3285b49e3ec4fb06.00000062.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5e539c9b56be5fcc7499a4f074d15627.000000d7.honggfuzz.cov b/examples/bind/corpus/5e539c9b56be5fcc7499a4f074d15627.000000d7.honggfuzz.cov deleted file mode 100644 index c96c6492..00000000 Binary files a/examples/bind/corpus/5e539c9b56be5fcc7499a4f074d15627.000000d7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5e53db327b5cb79bc7b65d2229a18d41.00000085.honggfuzz.cov b/examples/bind/corpus/5e53db327b5cb79bc7b65d2229a18d41.00000085.honggfuzz.cov deleted file mode 100644 index f43f5cd7..00000000 Binary files a/examples/bind/corpus/5e53db327b5cb79bc7b65d2229a18d41.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5e647904eab4d455ee08237e03951a61.0000c349.honggfuzz.cov b/examples/bind/corpus/5e647904eab4d455ee08237e03951a61.0000c349.honggfuzz.cov new file mode 100644 index 00000000..aac8f485 Binary files /dev/null and b/examples/bind/corpus/5e647904eab4d455ee08237e03951a61.0000c349.honggfuzz.cov differ diff --git a/examples/bind/corpus/5e73cb0411a5ab98e4690f3ecfc47f2f.000000d7.honggfuzz.cov b/examples/bind/corpus/5e73cb0411a5ab98e4690f3ecfc47f2f.000000d7.honggfuzz.cov deleted file mode 100644 index 88a73f32..00000000 Binary files a/examples/bind/corpus/5e73cb0411a5ab98e4690f3ecfc47f2f.000000d7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5e79274361992b804b776a7af630d25e.00008517.honggfuzz.cov b/examples/bind/corpus/5e79274361992b804b776a7af630d25e.00008517.honggfuzz.cov deleted file mode 100644 index 4f8b581a..00000000 Binary files a/examples/bind/corpus/5e79274361992b804b776a7af630d25e.00008517.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5e9132bfeeb0eebcc6adccddfee3210b.000000ae.honggfuzz.cov b/examples/bind/corpus/5e9132bfeeb0eebcc6adccddfee3210b.000000ae.honggfuzz.cov new file mode 100644 index 00000000..63e5510f Binary files /dev/null and b/examples/bind/corpus/5e9132bfeeb0eebcc6adccddfee3210b.000000ae.honggfuzz.cov differ diff --git a/examples/bind/corpus/5ed16f225199c1d567311c7fde7a6d7a.00000085.honggfuzz.cov b/examples/bind/corpus/5ed16f225199c1d567311c7fde7a6d7a.00000085.honggfuzz.cov deleted file mode 100644 index cc8f2110..00000000 Binary files a/examples/bind/corpus/5ed16f225199c1d567311c7fde7a6d7a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5ed593030445a35e819adb1e3d496325.0000013b.honggfuzz.cov b/examples/bind/corpus/5ed593030445a35e819adb1e3d496325.0000013b.honggfuzz.cov deleted file mode 100644 index dddb035d..00000000 Binary files a/examples/bind/corpus/5ed593030445a35e819adb1e3d496325.0000013b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5ee080dadba26fe97591cced553ddb54.000000ba.honggfuzz.cov b/examples/bind/corpus/5ee080dadba26fe97591cced553ddb54.000000ba.honggfuzz.cov new file mode 100644 index 00000000..18969498 Binary files /dev/null and b/examples/bind/corpus/5ee080dadba26fe97591cced553ddb54.000000ba.honggfuzz.cov differ diff --git a/examples/bind/corpus/5eea419ba91250b09b14d5b8cf10fd9c.000012bb.honggfuzz.cov b/examples/bind/corpus/5eea419ba91250b09b14d5b8cf10fd9c.000012bb.honggfuzz.cov new file mode 100644 index 00000000..625eb995 Binary files /dev/null and b/examples/bind/corpus/5eea419ba91250b09b14d5b8cf10fd9c.000012bb.honggfuzz.cov differ diff --git a/examples/bind/corpus/5f059a42171abd75b20ecb9b90cbbc70.00014611.honggfuzz.cov b/examples/bind/corpus/5f059a42171abd75b20ecb9b90cbbc70.00014611.honggfuzz.cov deleted file mode 100644 index d4a3115a..00000000 Binary files a/examples/bind/corpus/5f059a42171abd75b20ecb9b90cbbc70.00014611.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5f2bceab35a2538067590c0cd513ea99.000015da.honggfuzz.cov b/examples/bind/corpus/5f2bceab35a2538067590c0cd513ea99.000015da.honggfuzz.cov deleted file mode 100644 index d2d0707a..00000000 Binary files a/examples/bind/corpus/5f2bceab35a2538067590c0cd513ea99.000015da.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5f327610612b7c9174d94fb64fee8e4e.0001f7e8.honggfuzz.cov b/examples/bind/corpus/5f327610612b7c9174d94fb64fee8e4e.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..3794a65d Binary files /dev/null and b/examples/bind/corpus/5f327610612b7c9174d94fb64fee8e4e.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/5f3a7b42c6314dfda3ae97a74ac62dbb.00005d00.honggfuzz.cov b/examples/bind/corpus/5f3a7b42c6314dfda3ae97a74ac62dbb.00005d00.honggfuzz.cov deleted file mode 100644 index 1f7ca06e..00000000 Binary files a/examples/bind/corpus/5f3a7b42c6314dfda3ae97a74ac62dbb.00005d00.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5f6f5c35aab659680aecd12f765c7ff9.000012bb.honggfuzz.cov b/examples/bind/corpus/5f6f5c35aab659680aecd12f765c7ff9.000012bb.honggfuzz.cov deleted file mode 100644 index 6a6676bf..00000000 Binary files a/examples/bind/corpus/5f6f5c35aab659680aecd12f765c7ff9.000012bb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5f86618ca9196d1cc0e69e4df8812561.00000032.honggfuzz.cov b/examples/bind/corpus/5f86618ca9196d1cc0e69e4df8812561.00000032.honggfuzz.cov deleted file mode 100644 index 54f4f31e..00000000 Binary files a/examples/bind/corpus/5f86618ca9196d1cc0e69e4df8812561.00000032.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5f92d5e1cff198ffa576508e48522c29.00000020.honggfuzz.cov b/examples/bind/corpus/5f92d5e1cff198ffa576508e48522c29.00000020.honggfuzz.cov deleted file mode 100644 index e3164500..00000000 Binary files a/examples/bind/corpus/5f92d5e1cff198ffa576508e48522c29.00000020.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/5fb36fd74800ed14c4091a05d2b580e6.00002000.honggfuzz.cov b/examples/bind/corpus/5fb36fd74800ed14c4091a05d2b580e6.00002000.honggfuzz.cov new file mode 100644 index 00000000..cf0eb7f6 Binary files /dev/null and b/examples/bind/corpus/5fb36fd74800ed14c4091a05d2b580e6.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/5fc2bf920a18d63a462d58c9b8c8fbdb.000007f9.honggfuzz.cov b/examples/bind/corpus/5fc2bf920a18d63a462d58c9b8c8fbdb.000007f9.honggfuzz.cov new file mode 100644 index 00000000..effef8f4 Binary files /dev/null and b/examples/bind/corpus/5fc2bf920a18d63a462d58c9b8c8fbdb.000007f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/5fd4f39d53d6d9559e45c1be56e3ee89.00000037.honggfuzz.cov b/examples/bind/corpus/5fd4f39d53d6d9559e45c1be56e3ee89.00000037.honggfuzz.cov new file mode 100644 index 00000000..ba744d6d Binary files /dev/null and b/examples/bind/corpus/5fd4f39d53d6d9559e45c1be56e3ee89.00000037.honggfuzz.cov differ diff --git a/examples/bind/corpus/5fef5deab2c5fcdc746591bc231707e0.00000360.honggfuzz.cov b/examples/bind/corpus/5fef5deab2c5fcdc746591bc231707e0.00000360.honggfuzz.cov new file mode 100644 index 00000000..93887a26 Binary files /dev/null and b/examples/bind/corpus/5fef5deab2c5fcdc746591bc231707e0.00000360.honggfuzz.cov differ diff --git a/examples/bind/corpus/5ff8d532067f2fe7d5eab9cbf485bc77.00021bdd.honggfuzz.cov b/examples/bind/corpus/5ff8d532067f2fe7d5eab9cbf485bc77.00021bdd.honggfuzz.cov deleted file mode 100644 index 65bf25ae..00000000 Binary files a/examples/bind/corpus/5ff8d532067f2fe7d5eab9cbf485bc77.00021bdd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6025df7a7f764745e2ce0b4244d5e390.00000085.honggfuzz.cov b/examples/bind/corpus/6025df7a7f764745e2ce0b4244d5e390.00000085.honggfuzz.cov deleted file mode 100644 index d8335d47..00000000 Binary files a/examples/bind/corpus/6025df7a7f764745e2ce0b4244d5e390.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/602eb26dd051a49e57d56440a2decca4.000001b8.honggfuzz.cov b/examples/bind/corpus/602eb26dd051a49e57d56440a2decca4.000001b8.honggfuzz.cov new file mode 100644 index 00000000..90064c59 Binary files /dev/null and b/examples/bind/corpus/602eb26dd051a49e57d56440a2decca4.000001b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/60516de5b5bf3bb3ca20efa48ef1acce.000002bd.honggfuzz.cov b/examples/bind/corpus/60516de5b5bf3bb3ca20efa48ef1acce.000002bd.honggfuzz.cov deleted file mode 100644 index 48985e5c..00000000 Binary files a/examples/bind/corpus/60516de5b5bf3bb3ca20efa48ef1acce.000002bd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/605f2601b717a3b23d7f34dbd191c427.00000a9e.honggfuzz.cov b/examples/bind/corpus/605f2601b717a3b23d7f34dbd191c427.00000a9e.honggfuzz.cov new file mode 100644 index 00000000..619fd277 Binary files /dev/null and b/examples/bind/corpus/605f2601b717a3b23d7f34dbd191c427.00000a9e.honggfuzz.cov differ diff --git a/examples/bind/corpus/60685b7d7a95f9e4c924e28e71d48484.0000004c.honggfuzz.cov b/examples/bind/corpus/60685b7d7a95f9e4c924e28e71d48484.0000004c.honggfuzz.cov new file mode 100644 index 00000000..77857afe Binary files /dev/null and b/examples/bind/corpus/60685b7d7a95f9e4c924e28e71d48484.0000004c.honggfuzz.cov differ diff --git a/examples/bind/corpus/607509016a6ebfc5176d63d48a07dcda.00000570.honggfuzz.cov b/examples/bind/corpus/607509016a6ebfc5176d63d48a07dcda.00000570.honggfuzz.cov new file mode 100644 index 00000000..4fe62d4c Binary files /dev/null and b/examples/bind/corpus/607509016a6ebfc5176d63d48a07dcda.00000570.honggfuzz.cov differ diff --git a/examples/bind/corpus/60922598a8e26eb0860c53bbe92dc849.0001a6be.honggfuzz.cov b/examples/bind/corpus/60922598a8e26eb0860c53bbe92dc849.0001a6be.honggfuzz.cov deleted file mode 100644 index 92609f15..00000000 Binary files a/examples/bind/corpus/60922598a8e26eb0860c53bbe92dc849.0001a6be.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/60a1061d936ea7a7f48db109318de491.00000239.honggfuzz.cov b/examples/bind/corpus/60a1061d936ea7a7f48db109318de491.00000239.honggfuzz.cov new file mode 100644 index 00000000..4e43e137 Binary files /dev/null and b/examples/bind/corpus/60a1061d936ea7a7f48db109318de491.00000239.honggfuzz.cov differ diff --git a/examples/bind/corpus/60a2bc52ab8e4f0a4d3a64dfd1d54e29.00006f66.honggfuzz.cov b/examples/bind/corpus/60a2bc52ab8e4f0a4d3a64dfd1d54e29.00006f66.honggfuzz.cov deleted file mode 100644 index d7c4e7fa..00000000 Binary files a/examples/bind/corpus/60a2bc52ab8e4f0a4d3a64dfd1d54e29.00006f66.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/60aa2c40b6603e6c6f81a0ea4da49ffa.000010c0.honggfuzz.cov b/examples/bind/corpus/60aa2c40b6603e6c6f81a0ea4da49ffa.000010c0.honggfuzz.cov new file mode 100644 index 00000000..91f9ee05 Binary files /dev/null and b/examples/bind/corpus/60aa2c40b6603e6c6f81a0ea4da49ffa.000010c0.honggfuzz.cov differ diff --git a/examples/bind/corpus/60ca587356d44bee4361945095d194b7.00000034.honggfuzz.cov b/examples/bind/corpus/60ca587356d44bee4361945095d194b7.00000034.honggfuzz.cov deleted file mode 100644 index e3f56f9c..00000000 Binary files a/examples/bind/corpus/60ca587356d44bee4361945095d194b7.00000034.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/60ce5b24985659c9150f54284b0d81f6.00020000.honggfuzz.cov b/examples/bind/corpus/60ce5b24985659c9150f54284b0d81f6.00020000.honggfuzz.cov deleted file mode 100644 index 50eb7479..00000000 Binary files a/examples/bind/corpus/60ce5b24985659c9150f54284b0d81f6.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/60d6bb52c3b060a9349128748bb9e05e.000001cc.honggfuzz.cov b/examples/bind/corpus/60d6bb52c3b060a9349128748bb9e05e.000001cc.honggfuzz.cov new file mode 100644 index 00000000..25c52dc4 Binary files /dev/null and b/examples/bind/corpus/60d6bb52c3b060a9349128748bb9e05e.000001cc.honggfuzz.cov differ diff --git a/examples/bind/corpus/60d8fbcdede41ae7902114d8bbb3a8e9.0000005f.honggfuzz.cov b/examples/bind/corpus/60d8fbcdede41ae7902114d8bbb3a8e9.0000005f.honggfuzz.cov new file mode 100644 index 00000000..5b9fd07f Binary files /dev/null and b/examples/bind/corpus/60d8fbcdede41ae7902114d8bbb3a8e9.0000005f.honggfuzz.cov differ diff --git a/examples/bind/corpus/60ece569202bb18ddedcf679c1645b32.00000046.honggfuzz.cov b/examples/bind/corpus/60ece569202bb18ddedcf679c1645b32.00000046.honggfuzz.cov deleted file mode 100644 index a5b5087d..00000000 Binary files a/examples/bind/corpus/60ece569202bb18ddedcf679c1645b32.00000046.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/60ed9a4aea6ac8dda7228f3b9f78da3f.00001566.honggfuzz.cov b/examples/bind/corpus/60ed9a4aea6ac8dda7228f3b9f78da3f.00001566.honggfuzz.cov new file mode 100644 index 00000000..b6840fd6 Binary files /dev/null and b/examples/bind/corpus/60ed9a4aea6ac8dda7228f3b9f78da3f.00001566.honggfuzz.cov differ diff --git a/examples/bind/corpus/6101516217719e22f37ffac9a4c79a33.000004f5.honggfuzz.cov b/examples/bind/corpus/6101516217719e22f37ffac9a4c79a33.000004f5.honggfuzz.cov deleted file mode 100644 index 39d50cb4..00000000 Binary files a/examples/bind/corpus/6101516217719e22f37ffac9a4c79a33.000004f5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6107d9affe270d6a95389310d8d16f41.00000469.honggfuzz.cov b/examples/bind/corpus/6107d9affe270d6a95389310d8d16f41.00000469.honggfuzz.cov deleted file mode 100644 index 04729361..00000000 Binary files a/examples/bind/corpus/6107d9affe270d6a95389310d8d16f41.00000469.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6119272dc57fdb4c8ae6e89c78d730be.0000025e.honggfuzz.cov b/examples/bind/corpus/6119272dc57fdb4c8ae6e89c78d730be.0000025e.honggfuzz.cov deleted file mode 100644 index b2f69f47..00000000 Binary files a/examples/bind/corpus/6119272dc57fdb4c8ae6e89c78d730be.0000025e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6132c0f45373fb81588487766e120c07.000002cd.honggfuzz.cov b/examples/bind/corpus/6132c0f45373fb81588487766e120c07.000002cd.honggfuzz.cov deleted file mode 100644 index 3e5281a7..00000000 Binary files a/examples/bind/corpus/6132c0f45373fb81588487766e120c07.000002cd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/613ed3b02aaeef6670516afbb727291b.00000980.honggfuzz.cov b/examples/bind/corpus/613ed3b02aaeef6670516afbb727291b.00000980.honggfuzz.cov deleted file mode 100644 index 162a5151..00000000 Binary files a/examples/bind/corpus/613ed3b02aaeef6670516afbb727291b.00000980.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6163126e136b7fa3b2d0fa89c6bb9407.000000d6.honggfuzz.cov b/examples/bind/corpus/6163126e136b7fa3b2d0fa89c6bb9407.000000d6.honggfuzz.cov deleted file mode 100644 index 1d65af8a..00000000 Binary files a/examples/bind/corpus/6163126e136b7fa3b2d0fa89c6bb9407.000000d6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6165f323c8e25d3cf32b0f40b885d50d.00001fdd.honggfuzz.cov b/examples/bind/corpus/6165f323c8e25d3cf32b0f40b885d50d.00001fdd.honggfuzz.cov deleted file mode 100644 index a6f516db..00000000 Binary files a/examples/bind/corpus/6165f323c8e25d3cf32b0f40b885d50d.00001fdd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/617d8dcd92f36b8c8bd7526963bda4e4.000003e2.honggfuzz.cov b/examples/bind/corpus/617d8dcd92f36b8c8bd7526963bda4e4.000003e2.honggfuzz.cov new file mode 100644 index 00000000..fd445429 Binary files /dev/null and b/examples/bind/corpus/617d8dcd92f36b8c8bd7526963bda4e4.000003e2.honggfuzz.cov differ diff --git a/examples/bind/corpus/619078aa017d75145e8e3a05594a5227.000101d0.honggfuzz.cov b/examples/bind/corpus/619078aa017d75145e8e3a05594a5227.000101d0.honggfuzz.cov new file mode 100644 index 00000000..d234da41 Binary files /dev/null and b/examples/bind/corpus/619078aa017d75145e8e3a05594a5227.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/61da0aea7a4e9f57d559e454b3117020.00000049.honggfuzz.cov b/examples/bind/corpus/61da0aea7a4e9f57d559e454b3117020.00000049.honggfuzz.cov deleted file mode 100644 index cacd683a..00000000 Binary files a/examples/bind/corpus/61da0aea7a4e9f57d559e454b3117020.00000049.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6214f70d55e84e1b75a1da84dc720590.00000062.honggfuzz.cov b/examples/bind/corpus/6214f70d55e84e1b75a1da84dc720590.00000062.honggfuzz.cov deleted file mode 100644 index e1c8ad67..00000000 Binary files a/examples/bind/corpus/6214f70d55e84e1b75a1da84dc720590.00000062.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/621a3a92b82fcadf31fbdc1a7f17ce32.00000041.honggfuzz.cov b/examples/bind/corpus/621a3a92b82fcadf31fbdc1a7f17ce32.00000041.honggfuzz.cov new file mode 100644 index 00000000..c0d719c9 Binary files /dev/null and b/examples/bind/corpus/621a3a92b82fcadf31fbdc1a7f17ce32.00000041.honggfuzz.cov differ diff --git a/examples/bind/corpus/6242af11b021c049e0fbdea3834b7a0b.0000bab2.honggfuzz.cov b/examples/bind/corpus/6242af11b021c049e0fbdea3834b7a0b.0000bab2.honggfuzz.cov deleted file mode 100644 index 1c525a8f..00000000 Binary files a/examples/bind/corpus/6242af11b021c049e0fbdea3834b7a0b.0000bab2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6242e48b97ed3490330534ff7187c389.00020000.honggfuzz.cov b/examples/bind/corpus/6242e48b97ed3490330534ff7187c389.00020000.honggfuzz.cov deleted file mode 100644 index 96f6c7ad..00000000 Binary files a/examples/bind/corpus/6242e48b97ed3490330534ff7187c389.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/624b0b7c979ec518ac9abc980154ad5f.0000010b.honggfuzz.cov b/examples/bind/corpus/624b0b7c979ec518ac9abc980154ad5f.0000010b.honggfuzz.cov deleted file mode 100644 index 11e2b0ee..00000000 Binary files a/examples/bind/corpus/624b0b7c979ec518ac9abc980154ad5f.0000010b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/62556a28eb99eb1aa36a11b82d47a3ee.00000059.honggfuzz.cov b/examples/bind/corpus/62556a28eb99eb1aa36a11b82d47a3ee.00000059.honggfuzz.cov deleted file mode 100644 index a85a4089..00000000 Binary files a/examples/bind/corpus/62556a28eb99eb1aa36a11b82d47a3ee.00000059.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/62642e0859c735a4291114697d82644b.000005f3.honggfuzz.cov b/examples/bind/corpus/62642e0859c735a4291114697d82644b.000005f3.honggfuzz.cov deleted file mode 100644 index 9899edbd..00000000 Binary files a/examples/bind/corpus/62642e0859c735a4291114697d82644b.000005f3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6264957ae3eb697b7d4bc641adb66e19.00000400.honggfuzz.cov b/examples/bind/corpus/6264957ae3eb697b7d4bc641adb66e19.00000400.honggfuzz.cov deleted file mode 100644 index 78817af8..00000000 Binary files a/examples/bind/corpus/6264957ae3eb697b7d4bc641adb66e19.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/62742176e1c71170b5caf47e556a78f0.0006d1a1.honggfuzz.cov b/examples/bind/corpus/62742176e1c71170b5caf47e556a78f0.0006d1a1.honggfuzz.cov deleted file mode 100644 index 5551bf19..00000000 Binary files a/examples/bind/corpus/62742176e1c71170b5caf47e556a78f0.0006d1a1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/628531d5459a10686412207710b1de72.0000005c.honggfuzz.cov b/examples/bind/corpus/628531d5459a10686412207710b1de72.0000005c.honggfuzz.cov new file mode 100644 index 00000000..572ff8f3 Binary files /dev/null and b/examples/bind/corpus/628531d5459a10686412207710b1de72.0000005c.honggfuzz.cov differ diff --git a/examples/bind/corpus/62a19c2b0a5a58d80b3aedbba245de72.0000005c.honggfuzz.cov b/examples/bind/corpus/62a19c2b0a5a58d80b3aedbba245de72.0000005c.honggfuzz.cov new file mode 100644 index 00000000..8305eb13 Binary files /dev/null and b/examples/bind/corpus/62a19c2b0a5a58d80b3aedbba245de72.0000005c.honggfuzz.cov differ diff --git a/examples/bind/corpus/62a8a19e5ee4f80072c37397a95ab0d9.00000b8d.honggfuzz.cov b/examples/bind/corpus/62a8a19e5ee4f80072c37397a95ab0d9.00000b8d.honggfuzz.cov deleted file mode 100644 index 80df8b12..00000000 Binary files a/examples/bind/corpus/62a8a19e5ee4f80072c37397a95ab0d9.00000b8d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/62b2cb5eb2942ff167cd8660667e754d.00000058.honggfuzz.cov b/examples/bind/corpus/62b2cb5eb2942ff167cd8660667e754d.00000058.honggfuzz.cov new file mode 100644 index 00000000..f881359c Binary files /dev/null and b/examples/bind/corpus/62b2cb5eb2942ff167cd8660667e754d.00000058.honggfuzz.cov differ diff --git a/examples/bind/corpus/62bc3699eb55633525859b8fc8e74525.0000303b.honggfuzz.cov b/examples/bind/corpus/62bc3699eb55633525859b8fc8e74525.0000303b.honggfuzz.cov deleted file mode 100644 index afed32ff..00000000 Binary files a/examples/bind/corpus/62bc3699eb55633525859b8fc8e74525.0000303b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/62c9bf010db54d4be71a22fcf3c143b5.00000085.honggfuzz.cov b/examples/bind/corpus/62c9bf010db54d4be71a22fcf3c143b5.00000085.honggfuzz.cov new file mode 100644 index 00000000..0122005d Binary files /dev/null and b/examples/bind/corpus/62c9bf010db54d4be71a22fcf3c143b5.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/63117313d7b3083f36d54dfcb89a4580.000000f6.honggfuzz.cov b/examples/bind/corpus/63117313d7b3083f36d54dfcb89a4580.000000f6.honggfuzz.cov deleted file mode 100644 index 5f81d8aa..00000000 Binary files a/examples/bind/corpus/63117313d7b3083f36d54dfcb89a4580.000000f6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/631d03fe38feda59963e4e3672f95fd5.00000bb8.honggfuzz.cov b/examples/bind/corpus/631d03fe38feda59963e4e3672f95fd5.00000bb8.honggfuzz.cov new file mode 100644 index 00000000..1a68daa1 Binary files /dev/null and b/examples/bind/corpus/631d03fe38feda59963e4e3672f95fd5.00000bb8.honggfuzz.cov differ diff --git a/examples/bind/corpus/6323434f429a3f453dc4b98799989d55.0000096c.honggfuzz.cov b/examples/bind/corpus/6323434f429a3f453dc4b98799989d55.0000096c.honggfuzz.cov new file mode 100644 index 00000000..1d6d70c6 Binary files /dev/null and b/examples/bind/corpus/6323434f429a3f453dc4b98799989d55.0000096c.honggfuzz.cov differ diff --git a/examples/bind/corpus/63347458f6706c11211317637f121174.0001153e.honggfuzz.cov b/examples/bind/corpus/63347458f6706c11211317637f121174.0001153e.honggfuzz.cov new file mode 100644 index 00000000..c88568ca Binary files /dev/null and b/examples/bind/corpus/63347458f6706c11211317637f121174.0001153e.honggfuzz.cov differ diff --git a/examples/bind/corpus/6347d5fe0a71e58684f35257b1ea8649.00000085.honggfuzz.cov b/examples/bind/corpus/6347d5fe0a71e58684f35257b1ea8649.00000085.honggfuzz.cov new file mode 100644 index 00000000..473e4630 Binary files /dev/null and b/examples/bind/corpus/6347d5fe0a71e58684f35257b1ea8649.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/635b3626694ef8557e6c42ae20cbfb50.00020000.honggfuzz.cov b/examples/bind/corpus/635b3626694ef8557e6c42ae20cbfb50.00020000.honggfuzz.cov deleted file mode 100644 index c7189a37..00000000 Binary files a/examples/bind/corpus/635b3626694ef8557e6c42ae20cbfb50.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/637ac9eebdbac1d3bcc81b6d5d3a022c.000000f9.honggfuzz.cov b/examples/bind/corpus/637ac9eebdbac1d3bcc81b6d5d3a022c.000000f9.honggfuzz.cov deleted file mode 100644 index ba5c05a1..00000000 Binary files a/examples/bind/corpus/637ac9eebdbac1d3bcc81b6d5d3a022c.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6383babc44c0410a037f909261e78569.00012b85.honggfuzz.cov b/examples/bind/corpus/6383babc44c0410a037f909261e78569.00012b85.honggfuzz.cov deleted file mode 100644 index d380c413..00000000 Binary files a/examples/bind/corpus/6383babc44c0410a037f909261e78569.00012b85.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/638b85b59c69979499e43854a6eaac57.0000004a.honggfuzz.cov b/examples/bind/corpus/638b85b59c69979499e43854a6eaac57.0000004a.honggfuzz.cov new file mode 100644 index 00000000..ecd3e3b9 Binary files /dev/null and b/examples/bind/corpus/638b85b59c69979499e43854a6eaac57.0000004a.honggfuzz.cov differ diff --git a/examples/bind/corpus/63980b1e21619171bd1954c8e69fb521.00010566.honggfuzz.cov b/examples/bind/corpus/63980b1e21619171bd1954c8e69fb521.00010566.honggfuzz.cov deleted file mode 100644 index 714a4560..00000000 Binary files a/examples/bind/corpus/63980b1e21619171bd1954c8e69fb521.00010566.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/63a7ceb3faa165a30ba9cda4944cff97.0000040a.honggfuzz.cov b/examples/bind/corpus/63a7ceb3faa165a30ba9cda4944cff97.0000040a.honggfuzz.cov new file mode 100644 index 00000000..6d7852b3 Binary files /dev/null and b/examples/bind/corpus/63a7ceb3faa165a30ba9cda4944cff97.0000040a.honggfuzz.cov differ diff --git a/examples/bind/corpus/63abbae06668531bf5b921af0396cd13.00000080.honggfuzz.cov b/examples/bind/corpus/63abbae06668531bf5b921af0396cd13.00000080.honggfuzz.cov deleted file mode 100644 index 91508d03..00000000 Binary files a/examples/bind/corpus/63abbae06668531bf5b921af0396cd13.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/63c6a0cd51cca222fc5a383358ce8986.00005e88.honggfuzz.cov b/examples/bind/corpus/63c6a0cd51cca222fc5a383358ce8986.00005e88.honggfuzz.cov new file mode 100644 index 00000000..a75a64f0 Binary files /dev/null and b/examples/bind/corpus/63c6a0cd51cca222fc5a383358ce8986.00005e88.honggfuzz.cov differ diff --git a/examples/bind/corpus/63cd849516bd0137edc8473701b81258.00020000.honggfuzz.cov b/examples/bind/corpus/63cd849516bd0137edc8473701b81258.00020000.honggfuzz.cov deleted file mode 100644 index cd78d250..00000000 Binary files a/examples/bind/corpus/63cd849516bd0137edc8473701b81258.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/63e0b1283bcda90905f9fd0a364a61f5.0001da18.honggfuzz.cov b/examples/bind/corpus/63e0b1283bcda90905f9fd0a364a61f5.0001da18.honggfuzz.cov deleted file mode 100644 index 544ea0cd..00000000 Binary files a/examples/bind/corpus/63e0b1283bcda90905f9fd0a364a61f5.0001da18.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/63ec017900f2b959a4a6a8abc06ba645.00000085.honggfuzz.cov b/examples/bind/corpus/63ec017900f2b959a4a6a8abc06ba645.00000085.honggfuzz.cov deleted file mode 100644 index b281f388..00000000 Binary files a/examples/bind/corpus/63ec017900f2b959a4a6a8abc06ba645.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6405b1147a3daf09fa7b288a784c951d.000000a3.honggfuzz.cov b/examples/bind/corpus/6405b1147a3daf09fa7b288a784c951d.000000a3.honggfuzz.cov deleted file mode 100644 index 89de67f9..00000000 Binary files a/examples/bind/corpus/6405b1147a3daf09fa7b288a784c951d.000000a3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6406d998bc5f35fae34e5b786d347ad5.0000004c.honggfuzz.cov b/examples/bind/corpus/6406d998bc5f35fae34e5b786d347ad5.0000004c.honggfuzz.cov new file mode 100644 index 00000000..db972f0d Binary files /dev/null and b/examples/bind/corpus/6406d998bc5f35fae34e5b786d347ad5.0000004c.honggfuzz.cov differ diff --git a/examples/bind/corpus/6425b0bd977396406dbb0ca7fb609072.00013e4c.honggfuzz.cov b/examples/bind/corpus/6425b0bd977396406dbb0ca7fb609072.00013e4c.honggfuzz.cov deleted file mode 100644 index 5c4ce6f3..00000000 Binary files a/examples/bind/corpus/6425b0bd977396406dbb0ca7fb609072.00013e4c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/643557d1a08899fd49f3e97c0418c406.00052e1d.honggfuzz.cov b/examples/bind/corpus/643557d1a08899fd49f3e97c0418c406.00052e1d.honggfuzz.cov deleted file mode 100644 index bd4cfd32..00000000 Binary files a/examples/bind/corpus/643557d1a08899fd49f3e97c0418c406.00052e1d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/64581fbfbc19381e9c575afc6d0f5be2.000001a5.honggfuzz.cov b/examples/bind/corpus/64581fbfbc19381e9c575afc6d0f5be2.000001a5.honggfuzz.cov deleted file mode 100644 index f7853973..00000000 Binary files a/examples/bind/corpus/64581fbfbc19381e9c575afc6d0f5be2.000001a5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6474ffa0799ad79da772be2793842e87.0000007f.honggfuzz.cov b/examples/bind/corpus/6474ffa0799ad79da772be2793842e87.0000007f.honggfuzz.cov deleted file mode 100644 index 43f64d8d..00000000 Binary files a/examples/bind/corpus/6474ffa0799ad79da772be2793842e87.0000007f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6476e5f77e75dd42f4ccde92ba6bec8e.0000157e.honggfuzz.cov b/examples/bind/corpus/6476e5f77e75dd42f4ccde92ba6bec8e.0000157e.honggfuzz.cov deleted file mode 100644 index 69842d96..00000000 Binary files a/examples/bind/corpus/6476e5f77e75dd42f4ccde92ba6bec8e.0000157e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/649595d8f338b1a434339a6d5abd0808.00000063.honggfuzz.cov b/examples/bind/corpus/649595d8f338b1a434339a6d5abd0808.00000063.honggfuzz.cov deleted file mode 100644 index b17238b9..00000000 Binary files a/examples/bind/corpus/649595d8f338b1a434339a6d5abd0808.00000063.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/64cad017955bf5a8900877f2fdcdde2e.00000138.honggfuzz.cov b/examples/bind/corpus/64cad017955bf5a8900877f2fdcdde2e.00000138.honggfuzz.cov deleted file mode 100644 index 48603822..00000000 Binary files a/examples/bind/corpus/64cad017955bf5a8900877f2fdcdde2e.00000138.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/64f7fa95f39c408badeb48967754431b.000000f9.honggfuzz.cov b/examples/bind/corpus/64f7fa95f39c408badeb48967754431b.000000f9.honggfuzz.cov deleted file mode 100644 index b8305a3e..00000000 Binary files a/examples/bind/corpus/64f7fa95f39c408badeb48967754431b.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/650beda2656235340e467dd10440f1a4.000072c4.honggfuzz.cov b/examples/bind/corpus/650beda2656235340e467dd10440f1a4.000072c4.honggfuzz.cov new file mode 100644 index 00000000..cc990a93 Binary files /dev/null and b/examples/bind/corpus/650beda2656235340e467dd10440f1a4.000072c4.honggfuzz.cov differ diff --git a/examples/bind/corpus/6527a56a51f07dcd1c8bd8a5574deaf9.00000085.honggfuzz.cov b/examples/bind/corpus/6527a56a51f07dcd1c8bd8a5574deaf9.00000085.honggfuzz.cov new file mode 100644 index 00000000..24804146 Binary files /dev/null and b/examples/bind/corpus/6527a56a51f07dcd1c8bd8a5574deaf9.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/6527b115b257d1ddf5af45de852d3ea5.00000085.honggfuzz.cov b/examples/bind/corpus/6527b115b257d1ddf5af45de852d3ea5.00000085.honggfuzz.cov deleted file mode 100644 index 3e3e1cf4..00000000 Binary files a/examples/bind/corpus/6527b115b257d1ddf5af45de852d3ea5.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/653b50a3c8f45d10d5b6a6ce7fb123ef.000001a1.honggfuzz.cov b/examples/bind/corpus/653b50a3c8f45d10d5b6a6ce7fb123ef.000001a1.honggfuzz.cov deleted file mode 100644 index a0d9ce88..00000000 Binary files a/examples/bind/corpus/653b50a3c8f45d10d5b6a6ce7fb123ef.000001a1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/65902dbcb9faab422f84f9dbc864a1c2.00000118.honggfuzz.cov b/examples/bind/corpus/65902dbcb9faab422f84f9dbc864a1c2.00000118.honggfuzz.cov new file mode 100644 index 00000000..b65d9599 Binary files /dev/null and b/examples/bind/corpus/65902dbcb9faab422f84f9dbc864a1c2.00000118.honggfuzz.cov differ diff --git a/examples/bind/corpus/6591a7231cd2e444276f717f3098fdb2.00000200.honggfuzz.cov b/examples/bind/corpus/6591a7231cd2e444276f717f3098fdb2.00000200.honggfuzz.cov deleted file mode 100644 index 9631845c..00000000 Binary files a/examples/bind/corpus/6591a7231cd2e444276f717f3098fdb2.00000200.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/65a800ed4ac567d16a5f8dd15737a3ef.00000f6f.honggfuzz.cov b/examples/bind/corpus/65a800ed4ac567d16a5f8dd15737a3ef.00000f6f.honggfuzz.cov new file mode 100644 index 00000000..c749894a Binary files /dev/null and b/examples/bind/corpus/65a800ed4ac567d16a5f8dd15737a3ef.00000f6f.honggfuzz.cov differ diff --git a/examples/bind/corpus/65b6101f5e5763bbb5f8ccf91a89023d.00000085.honggfuzz.cov b/examples/bind/corpus/65b6101f5e5763bbb5f8ccf91a89023d.00000085.honggfuzz.cov deleted file mode 100644 index ac8f47c0..00000000 Binary files a/examples/bind/corpus/65b6101f5e5763bbb5f8ccf91a89023d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/65c002f77cd3cd44cb59bee5e6d79c86.00000092.honggfuzz.cov b/examples/bind/corpus/65c002f77cd3cd44cb59bee5e6d79c86.00000092.honggfuzz.cov deleted file mode 100644 index 264e5b1c..00000000 Binary files a/examples/bind/corpus/65c002f77cd3cd44cb59bee5e6d79c86.00000092.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/65c0819a9d000c1f70ba2919948aef59.0000007a.honggfuzz.cov b/examples/bind/corpus/65c0819a9d000c1f70ba2919948aef59.0000007a.honggfuzz.cov new file mode 100644 index 00000000..85e11222 Binary files /dev/null and b/examples/bind/corpus/65c0819a9d000c1f70ba2919948aef59.0000007a.honggfuzz.cov differ diff --git a/examples/bind/corpus/65d231b2b20c8e796c17c4dc212e1545.0000001d.honggfuzz.cov b/examples/bind/corpus/65d231b2b20c8e796c17c4dc212e1545.0000001d.honggfuzz.cov deleted file mode 100644 index d745e081..00000000 Binary files a/examples/bind/corpus/65d231b2b20c8e796c17c4dc212e1545.0000001d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/65d7e80bdec64c38d8fcf326ebbf431c.00000283.honggfuzz.cov b/examples/bind/corpus/65d7e80bdec64c38d8fcf326ebbf431c.00000283.honggfuzz.cov new file mode 100644 index 00000000..e23485a4 Binary files /dev/null and b/examples/bind/corpus/65d7e80bdec64c38d8fcf326ebbf431c.00000283.honggfuzz.cov differ diff --git a/examples/bind/corpus/65e3d9ac37072e098a7d6c592c96ba1d.0001ef74.honggfuzz.cov b/examples/bind/corpus/65e3d9ac37072e098a7d6c592c96ba1d.0001ef74.honggfuzz.cov deleted file mode 100644 index f52a8c55..00000000 Binary files a/examples/bind/corpus/65e3d9ac37072e098a7d6c592c96ba1d.0001ef74.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/65f964e8f3471310bfd3fc9ed1dff238.00000020.honggfuzz.cov b/examples/bind/corpus/65f964e8f3471310bfd3fc9ed1dff238.00000020.honggfuzz.cov new file mode 100644 index 00000000..f5cb9e4a Binary files /dev/null and b/examples/bind/corpus/65f964e8f3471310bfd3fc9ed1dff238.00000020.honggfuzz.cov differ diff --git a/examples/bind/corpus/660537e9b8c8b7bdb2b729106ac4ed10.00000085.honggfuzz.cov b/examples/bind/corpus/660537e9b8c8b7bdb2b729106ac4ed10.00000085.honggfuzz.cov new file mode 100644 index 00000000..40f6358c Binary files /dev/null and b/examples/bind/corpus/660537e9b8c8b7bdb2b729106ac4ed10.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/660a9ed433bbc7713a9fc2e8feb6afd0.00000085.honggfuzz.cov b/examples/bind/corpus/660a9ed433bbc7713a9fc2e8feb6afd0.00000085.honggfuzz.cov deleted file mode 100644 index eb04bd06..00000000 Binary files a/examples/bind/corpus/660a9ed433bbc7713a9fc2e8feb6afd0.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/660ca770b8c8b7bd42b8d6ebba72367d.00000085.honggfuzz.cov b/examples/bind/corpus/660ca770b8c8b7bd42b8d6ebba72367d.00000085.honggfuzz.cov deleted file mode 100644 index d040e49b..00000000 Binary files a/examples/bind/corpus/660ca770b8c8b7bd42b8d6ebba72367d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6632a7a2aa60310958dae0305ee49b98.00000085.honggfuzz.cov b/examples/bind/corpus/6632a7a2aa60310958dae0305ee49b98.00000085.honggfuzz.cov deleted file mode 100644 index 2021d8ed..00000000 Binary files a/examples/bind/corpus/6632a7a2aa60310958dae0305ee49b98.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/664f82ad383ab5a16ef73a850dfbeb26.00000440.honggfuzz.cov b/examples/bind/corpus/664f82ad383ab5a16ef73a850dfbeb26.00000440.honggfuzz.cov new file mode 100644 index 00000000..17c289d1 Binary files /dev/null and b/examples/bind/corpus/664f82ad383ab5a16ef73a850dfbeb26.00000440.honggfuzz.cov differ diff --git a/examples/bind/corpus/6658e085a123092f7bb597e59cd1cd7e.000000a0.honggfuzz.cov b/examples/bind/corpus/6658e085a123092f7bb597e59cd1cd7e.000000a0.honggfuzz.cov new file mode 100644 index 00000000..e9632ab1 Binary files /dev/null and b/examples/bind/corpus/6658e085a123092f7bb597e59cd1cd7e.000000a0.honggfuzz.cov differ diff --git a/examples/bind/corpus/66643bb70f333163c78b0763630ae2e0.000000ac.honggfuzz.cov b/examples/bind/corpus/66643bb70f333163c78b0763630ae2e0.000000ac.honggfuzz.cov new file mode 100644 index 00000000..c1ba9bd3 Binary files /dev/null and b/examples/bind/corpus/66643bb70f333163c78b0763630ae2e0.000000ac.honggfuzz.cov differ diff --git a/examples/bind/corpus/66cdf80b1e40be5de1ae6f6d8f837579.00000085.honggfuzz.cov b/examples/bind/corpus/66cdf80b1e40be5de1ae6f6d8f837579.00000085.honggfuzz.cov deleted file mode 100644 index d2ea8e6e..00000000 Binary files a/examples/bind/corpus/66cdf80b1e40be5de1ae6f6d8f837579.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/66d76284a9bb53be576b375471ad3b99.00000400.honggfuzz.cov b/examples/bind/corpus/66d76284a9bb53be576b375471ad3b99.00000400.honggfuzz.cov new file mode 100644 index 00000000..11e727a3 Binary files /dev/null and b/examples/bind/corpus/66d76284a9bb53be576b375471ad3b99.00000400.honggfuzz.cov differ diff --git a/examples/bind/corpus/66db5bef7cf1de765b6d1580f4da0ba4.00000085.honggfuzz.cov b/examples/bind/corpus/66db5bef7cf1de765b6d1580f4da0ba4.00000085.honggfuzz.cov new file mode 100644 index 00000000..0678e8b3 Binary files /dev/null and b/examples/bind/corpus/66db5bef7cf1de765b6d1580f4da0ba4.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/66dcfba497cf20059b2c1bdc94abe8ee.0000d87d.honggfuzz.cov b/examples/bind/corpus/66dcfba497cf20059b2c1bdc94abe8ee.0000d87d.honggfuzz.cov new file mode 100644 index 00000000..ed1ba079 Binary files /dev/null and b/examples/bind/corpus/66dcfba497cf20059b2c1bdc94abe8ee.0000d87d.honggfuzz.cov differ diff --git a/examples/bind/corpus/66e4bd7bd8cbff130f45f7e0f8277fb2.0000004c.honggfuzz.cov b/examples/bind/corpus/66e4bd7bd8cbff130f45f7e0f8277fb2.0000004c.honggfuzz.cov deleted file mode 100644 index bae0e54c..00000000 Binary files a/examples/bind/corpus/66e4bd7bd8cbff130f45f7e0f8277fb2.0000004c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/66e63757d76d287085f9ad6848a2a0cf.0000006e.honggfuzz.cov b/examples/bind/corpus/66e63757d76d287085f9ad6848a2a0cf.0000006e.honggfuzz.cov deleted file mode 100644 index 34d4ebb2..00000000 Binary files a/examples/bind/corpus/66e63757d76d287085f9ad6848a2a0cf.0000006e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/66e6bf29095499885f1fe71ae7a89a5e.000001b8.honggfuzz.cov b/examples/bind/corpus/66e6bf29095499885f1fe71ae7a89a5e.000001b8.honggfuzz.cov new file mode 100644 index 00000000..48e25550 Binary files /dev/null and b/examples/bind/corpus/66e6bf29095499885f1fe71ae7a89a5e.000001b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/66ed4fdd957a331492fea7cad461663c.00001f68.honggfuzz.cov b/examples/bind/corpus/66ed4fdd957a331492fea7cad461663c.00001f68.honggfuzz.cov deleted file mode 100644 index 74467968..00000000 Binary files a/examples/bind/corpus/66ed4fdd957a331492fea7cad461663c.00001f68.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/66fee7ba960d55205d6b78116ffa9962.00000254.honggfuzz.cov b/examples/bind/corpus/66fee7ba960d55205d6b78116ffa9962.00000254.honggfuzz.cov new file mode 100644 index 00000000..41ffbe59 Binary files /dev/null and b/examples/bind/corpus/66fee7ba960d55205d6b78116ffa9962.00000254.honggfuzz.cov differ diff --git a/examples/bind/corpus/670b1e47d3d73a8cf7f86c614fe2a150.000003db.honggfuzz.cov b/examples/bind/corpus/670b1e47d3d73a8cf7f86c614fe2a150.000003db.honggfuzz.cov deleted file mode 100644 index d00ea3aa..00000000 Binary files a/examples/bind/corpus/670b1e47d3d73a8cf7f86c614fe2a150.000003db.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6714c0429333d6fac2c5994040f76544.00000094.honggfuzz.cov b/examples/bind/corpus/6714c0429333d6fac2c5994040f76544.00000094.honggfuzz.cov deleted file mode 100644 index fcd17c94..00000000 Binary files a/examples/bind/corpus/6714c0429333d6fac2c5994040f76544.00000094.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6715b7e8d6587fbbd9705cf18cc4a7ea.000015dd.honggfuzz.cov b/examples/bind/corpus/6715b7e8d6587fbbd9705cf18cc4a7ea.000015dd.honggfuzz.cov new file mode 100644 index 00000000..a3e3f407 Binary files /dev/null and b/examples/bind/corpus/6715b7e8d6587fbbd9705cf18cc4a7ea.000015dd.honggfuzz.cov differ diff --git a/examples/bind/corpus/6726f2c0303084d5bbc74a6c295770eb.0001102a.honggfuzz.cov b/examples/bind/corpus/6726f2c0303084d5bbc74a6c295770eb.0001102a.honggfuzz.cov new file mode 100644 index 00000000..9d631686 Binary files /dev/null and b/examples/bind/corpus/6726f2c0303084d5bbc74a6c295770eb.0001102a.honggfuzz.cov differ diff --git a/examples/bind/corpus/67493ba825786823c9e8f1a1d3a5c5fc.00000085.honggfuzz.cov b/examples/bind/corpus/67493ba825786823c9e8f1a1d3a5c5fc.00000085.honggfuzz.cov deleted file mode 100644 index 308802c7..00000000 Binary files a/examples/bind/corpus/67493ba825786823c9e8f1a1d3a5c5fc.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6765422da8296322a451f2e9fb8ef44f.0004b225.honggfuzz.cov b/examples/bind/corpus/6765422da8296322a451f2e9fb8ef44f.0004b225.honggfuzz.cov deleted file mode 100644 index cdb72cdd..00000000 Binary files a/examples/bind/corpus/6765422da8296322a451f2e9fb8ef44f.0004b225.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/676fc1d442fcb889cf7086789ff77514.0000033d.honggfuzz.cov b/examples/bind/corpus/676fc1d442fcb889cf7086789ff77514.0000033d.honggfuzz.cov new file mode 100644 index 00000000..c438aa28 Binary files /dev/null and b/examples/bind/corpus/676fc1d442fcb889cf7086789ff77514.0000033d.honggfuzz.cov differ diff --git a/examples/bind/corpus/677455757c2824bd043b3c6721fbc411.00000085.honggfuzz.cov b/examples/bind/corpus/677455757c2824bd043b3c6721fbc411.00000085.honggfuzz.cov deleted file mode 100644 index 486deb5f..00000000 Binary files a/examples/bind/corpus/677455757c2824bd043b3c6721fbc411.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6780d7245d8f0e04477005bdbfb58375.000000e7.honggfuzz.cov b/examples/bind/corpus/6780d7245d8f0e04477005bdbfb58375.000000e7.honggfuzz.cov deleted file mode 100644 index c5a8bd69..00000000 Binary files a/examples/bind/corpus/6780d7245d8f0e04477005bdbfb58375.000000e7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/67838d93e770853a82534f1cd082984b.0000c85c.honggfuzz.cov b/examples/bind/corpus/67838d93e770853a82534f1cd082984b.0000c85c.honggfuzz.cov deleted file mode 100644 index 37212230..00000000 Binary files a/examples/bind/corpus/67838d93e770853a82534f1cd082984b.0000c85c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/67b00f4b477a1cfca656b51f312d8d0a.000001e8.honggfuzz.cov b/examples/bind/corpus/67b00f4b477a1cfca656b51f312d8d0a.000001e8.honggfuzz.cov new file mode 100644 index 00000000..24f8f341 Binary files /dev/null and b/examples/bind/corpus/67b00f4b477a1cfca656b51f312d8d0a.000001e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/67c1c390e3c91510975228f183cc4561.00000085.honggfuzz.cov b/examples/bind/corpus/67c1c390e3c91510975228f183cc4561.00000085.honggfuzz.cov deleted file mode 100644 index a590f6c8..00000000 Binary files a/examples/bind/corpus/67c1c390e3c91510975228f183cc4561.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/67cfac3a1bb3beaa120e5cdb17c681f2.0000006e.honggfuzz.cov b/examples/bind/corpus/67cfac3a1bb3beaa120e5cdb17c681f2.0000006e.honggfuzz.cov new file mode 100644 index 00000000..64123b7a Binary files /dev/null and b/examples/bind/corpus/67cfac3a1bb3beaa120e5cdb17c681f2.0000006e.honggfuzz.cov differ diff --git a/examples/bind/corpus/67eb99ca4811ae91bc39509b4c7b981d.00000085.honggfuzz.cov b/examples/bind/corpus/67eb99ca4811ae91bc39509b4c7b981d.00000085.honggfuzz.cov deleted file mode 100644 index c056d441..00000000 Binary files a/examples/bind/corpus/67eb99ca4811ae91bc39509b4c7b981d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/67eb9d8a17100591ca168edab62426fc.00000085.honggfuzz.cov b/examples/bind/corpus/67eb9d8a17100591ca168edab62426fc.00000085.honggfuzz.cov deleted file mode 100644 index 915e58df..00000000 Binary files a/examples/bind/corpus/67eb9d8a17100591ca168edab62426fc.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/67efa73e6c24a6ed903cb94ae06ecbd1.00000085.honggfuzz.cov b/examples/bind/corpus/67efa73e6c24a6ed903cb94ae06ecbd1.00000085.honggfuzz.cov deleted file mode 100644 index 02838d7b..00000000 Binary files a/examples/bind/corpus/67efa73e6c24a6ed903cb94ae06ecbd1.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/680bb35ffa13f90a864837ac770d6012.000000ea.honggfuzz.cov b/examples/bind/corpus/680bb35ffa13f90a864837ac770d6012.000000ea.honggfuzz.cov new file mode 100644 index 00000000..1fb06821 Binary files /dev/null and b/examples/bind/corpus/680bb35ffa13f90a864837ac770d6012.000000ea.honggfuzz.cov differ diff --git a/examples/bind/corpus/681304a3ed5d35d22b1277f78e73e58f.0001d53c.honggfuzz.cov b/examples/bind/corpus/681304a3ed5d35d22b1277f78e73e58f.0001d53c.honggfuzz.cov deleted file mode 100644 index 0fc514bf..00000000 Binary files a/examples/bind/corpus/681304a3ed5d35d22b1277f78e73e58f.0001d53c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/682a5d1a67f38e73db075e85724f5c9b.00044462.honggfuzz.cov b/examples/bind/corpus/682a5d1a67f38e73db075e85724f5c9b.00044462.honggfuzz.cov deleted file mode 100644 index 39dc2f55..00000000 Binary files a/examples/bind/corpus/682a5d1a67f38e73db075e85724f5c9b.00044462.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6853f6ec3b18226d0e2ab611076f5c3e.000000a0.honggfuzz.cov b/examples/bind/corpus/6853f6ec3b18226d0e2ab611076f5c3e.000000a0.honggfuzz.cov deleted file mode 100644 index 5d243bba..00000000 Binary files a/examples/bind/corpus/6853f6ec3b18226d0e2ab611076f5c3e.000000a0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6875ccfa135ee13231bd7da084b674b5.000000f9.honggfuzz.cov b/examples/bind/corpus/6875ccfa135ee13231bd7da084b674b5.000000f9.honggfuzz.cov deleted file mode 100644 index ce9f8130..00000000 Binary files a/examples/bind/corpus/6875ccfa135ee13231bd7da084b674b5.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/68be3b90fa532ff3dfdda79ffd076cd8.00009727.honggfuzz.cov b/examples/bind/corpus/68be3b90fa532ff3dfdda79ffd076cd8.00009727.honggfuzz.cov deleted file mode 100644 index e29409de..00000000 Binary files a/examples/bind/corpus/68be3b90fa532ff3dfdda79ffd076cd8.00009727.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/68c0af557e11e2cd17a1f0fcdd85936d.0000bf17.honggfuzz.cov b/examples/bind/corpus/68c0af557e11e2cd17a1f0fcdd85936d.0000bf17.honggfuzz.cov deleted file mode 100644 index 0efa4db3..00000000 Binary files a/examples/bind/corpus/68c0af557e11e2cd17a1f0fcdd85936d.0000bf17.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/68c41b12e22f27498f9c11d93ba63a19.000002e6.honggfuzz.cov b/examples/bind/corpus/68c41b12e22f27498f9c11d93ba63a19.000002e6.honggfuzz.cov deleted file mode 100644 index 6e27b465..00000000 Binary files a/examples/bind/corpus/68c41b12e22f27498f9c11d93ba63a19.000002e6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/68cf0e1bf77e57415afd3259bc2d2732.00000020.honggfuzz.cov b/examples/bind/corpus/68cf0e1bf77e57415afd3259bc2d2732.00000020.honggfuzz.cov new file mode 100644 index 00000000..618526c4 Binary files /dev/null and b/examples/bind/corpus/68cf0e1bf77e57415afd3259bc2d2732.00000020.honggfuzz.cov differ diff --git a/examples/bind/corpus/6963bd8d1f98e9e744bd805b26c1a084.00000194.honggfuzz.cov b/examples/bind/corpus/6963bd8d1f98e9e744bd805b26c1a084.00000194.honggfuzz.cov new file mode 100644 index 00000000..795cff69 Binary files /dev/null and b/examples/bind/corpus/6963bd8d1f98e9e744bd805b26c1a084.00000194.honggfuzz.cov differ diff --git a/examples/bind/corpus/69b414d8b198e6e2735fc55caf73a56e.00000169.honggfuzz.cov b/examples/bind/corpus/69b414d8b198e6e2735fc55caf73a56e.00000169.honggfuzz.cov new file mode 100644 index 00000000..ffa7cd1a Binary files /dev/null and b/examples/bind/corpus/69b414d8b198e6e2735fc55caf73a56e.00000169.honggfuzz.cov differ diff --git a/examples/bind/corpus/69ccdf8de43e2839f6163ae68fe04b7e.0000029e.honggfuzz.cov b/examples/bind/corpus/69ccdf8de43e2839f6163ae68fe04b7e.0000029e.honggfuzz.cov new file mode 100644 index 00000000..aa236163 Binary files /dev/null and b/examples/bind/corpus/69ccdf8de43e2839f6163ae68fe04b7e.0000029e.honggfuzz.cov differ diff --git a/examples/bind/corpus/69d0c2eb93c0274c91aeffa07c9806dc.00000048.honggfuzz.cov b/examples/bind/corpus/69d0c2eb93c0274c91aeffa07c9806dc.00000048.honggfuzz.cov new file mode 100644 index 00000000..8a15d690 Binary files /dev/null and b/examples/bind/corpus/69d0c2eb93c0274c91aeffa07c9806dc.00000048.honggfuzz.cov differ diff --git a/examples/bind/corpus/69d10ef09f286fdecbbcfaf349b77738.00000051.honggfuzz.cov b/examples/bind/corpus/69d10ef09f286fdecbbcfaf349b77738.00000051.honggfuzz.cov deleted file mode 100644 index d37e2059..00000000 Binary files a/examples/bind/corpus/69d10ef09f286fdecbbcfaf349b77738.00000051.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/69d7a621d778400ede0c6ef8908c8401.00000207.honggfuzz.cov b/examples/bind/corpus/69d7a621d778400ede0c6ef8908c8401.00000207.honggfuzz.cov new file mode 100644 index 00000000..7447278d Binary files /dev/null and b/examples/bind/corpus/69d7a621d778400ede0c6ef8908c8401.00000207.honggfuzz.cov differ diff --git a/examples/bind/corpus/69ee6c2fedb4d6cd9368ecb8edb4bbdb.00000125.honggfuzz.cov b/examples/bind/corpus/69ee6c2fedb4d6cd9368ecb8edb4bbdb.00000125.honggfuzz.cov new file mode 100644 index 00000000..4660a695 Binary files /dev/null and b/examples/bind/corpus/69ee6c2fedb4d6cd9368ecb8edb4bbdb.00000125.honggfuzz.cov differ diff --git a/examples/bind/corpus/69eee265d00bc4ccf018d6e36c835534.000101d0.honggfuzz.cov b/examples/bind/corpus/69eee265d00bc4ccf018d6e36c835534.000101d0.honggfuzz.cov new file mode 100644 index 00000000..4ac9dfd8 Binary files /dev/null and b/examples/bind/corpus/69eee265d00bc4ccf018d6e36c835534.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/69f0e486b5f12b680f500b16b6ec5e32.00001a1e.honggfuzz.cov b/examples/bind/corpus/69f0e486b5f12b680f500b16b6ec5e32.00001a1e.honggfuzz.cov new file mode 100644 index 00000000..daee5fbb Binary files /dev/null and b/examples/bind/corpus/69f0e486b5f12b680f500b16b6ec5e32.00001a1e.honggfuzz.cov differ diff --git a/examples/bind/corpus/69f4a010fdd3ea52f7b30086eaae723c.00000081.honggfuzz.cov b/examples/bind/corpus/69f4a010fdd3ea52f7b30086eaae723c.00000081.honggfuzz.cov new file mode 100644 index 00000000..652e701a Binary files /dev/null and b/examples/bind/corpus/69f4a010fdd3ea52f7b30086eaae723c.00000081.honggfuzz.cov differ diff --git a/examples/bind/corpus/6a49bd6a103ae7003b2cb4d2e7fb31fd.00000085.honggfuzz.cov b/examples/bind/corpus/6a49bd6a103ae7003b2cb4d2e7fb31fd.00000085.honggfuzz.cov deleted file mode 100644 index f5105d34..00000000 Binary files a/examples/bind/corpus/6a49bd6a103ae7003b2cb4d2e7fb31fd.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6a5e5b658601c1b123e4f21af6cda09a.00000119.honggfuzz.cov b/examples/bind/corpus/6a5e5b658601c1b123e4f21af6cda09a.00000119.honggfuzz.cov deleted file mode 100644 index 609d5f67..00000000 Binary files a/examples/bind/corpus/6a5e5b658601c1b123e4f21af6cda09a.00000119.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6a603d5cd1cf4217600696d6e6cfd040.000101d0.honggfuzz.cov b/examples/bind/corpus/6a603d5cd1cf4217600696d6e6cfd040.000101d0.honggfuzz.cov new file mode 100644 index 00000000..2b278309 Binary files /dev/null and b/examples/bind/corpus/6a603d5cd1cf4217600696d6e6cfd040.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/6a68cb826f225de968911d55a978d528.000000a7.honggfuzz.cov b/examples/bind/corpus/6a68cb826f225de968911d55a978d528.000000a7.honggfuzz.cov new file mode 100644 index 00000000..595504ba Binary files /dev/null and b/examples/bind/corpus/6a68cb826f225de968911d55a978d528.000000a7.honggfuzz.cov differ diff --git a/examples/bind/corpus/6a703d0e82ae6653785ef52161d1b1e7.000000f9.honggfuzz.cov b/examples/bind/corpus/6a703d0e82ae6653785ef52161d1b1e7.000000f9.honggfuzz.cov deleted file mode 100644 index 03a3400d..00000000 Binary files a/examples/bind/corpus/6a703d0e82ae6653785ef52161d1b1e7.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6a94e460e726ade4ad8d746e2a242b6f.00000182.honggfuzz.cov b/examples/bind/corpus/6a94e460e726ade4ad8d746e2a242b6f.00000182.honggfuzz.cov deleted file mode 100644 index f56ff732..00000000 Binary files a/examples/bind/corpus/6a94e460e726ade4ad8d746e2a242b6f.00000182.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6ac2ebf6abb2e57bbd1f895ee538fefe.00000080.honggfuzz.cov b/examples/bind/corpus/6ac2ebf6abb2e57bbd1f895ee538fefe.00000080.honggfuzz.cov new file mode 100644 index 00000000..6c784359 Binary files /dev/null and b/examples/bind/corpus/6ac2ebf6abb2e57bbd1f895ee538fefe.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/6acf7b0a36ff8fcddb5b2b15a961edc4.0000012f.honggfuzz.cov b/examples/bind/corpus/6acf7b0a36ff8fcddb5b2b15a961edc4.0000012f.honggfuzz.cov new file mode 100644 index 00000000..85f45f6a Binary files /dev/null and b/examples/bind/corpus/6acf7b0a36ff8fcddb5b2b15a961edc4.0000012f.honggfuzz.cov differ diff --git a/examples/bind/corpus/6ad6f135ba7c21915ddbdae2fea69d07.0000021c.honggfuzz.cov b/examples/bind/corpus/6ad6f135ba7c21915ddbdae2fea69d07.0000021c.honggfuzz.cov deleted file mode 100644 index 2e9d307e..00000000 Binary files a/examples/bind/corpus/6ad6f135ba7c21915ddbdae2fea69d07.0000021c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6aef702336bc5c3700fea726f03ff1aa.00000293.honggfuzz.cov b/examples/bind/corpus/6aef702336bc5c3700fea726f03ff1aa.00000293.honggfuzz.cov deleted file mode 100644 index f9983dba..00000000 Binary files a/examples/bind/corpus/6aef702336bc5c3700fea726f03ff1aa.00000293.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6af00617e6dca46a247740cf4eb10974.00000085.honggfuzz.cov b/examples/bind/corpus/6af00617e6dca46a247740cf4eb10974.00000085.honggfuzz.cov new file mode 100644 index 00000000..eb809b64 Binary files /dev/null and b/examples/bind/corpus/6af00617e6dca46a247740cf4eb10974.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/6b1dd0628cfb853194d54bf90c1dc5ff.000000f9.honggfuzz.cov b/examples/bind/corpus/6b1dd0628cfb853194d54bf90c1dc5ff.000000f9.honggfuzz.cov deleted file mode 100644 index 36aaa775..00000000 Binary files a/examples/bind/corpus/6b1dd0628cfb853194d54bf90c1dc5ff.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6b1f72c7c02f995083dd1fe369b6547e.00000080.honggfuzz.cov b/examples/bind/corpus/6b1f72c7c02f995083dd1fe369b6547e.00000080.honggfuzz.cov new file mode 100644 index 00000000..11e8e2f1 Binary files /dev/null and b/examples/bind/corpus/6b1f72c7c02f995083dd1fe369b6547e.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/6b404732312980e5248ccbb375fe3f07.000000a7.honggfuzz.cov b/examples/bind/corpus/6b404732312980e5248ccbb375fe3f07.000000a7.honggfuzz.cov deleted file mode 100644 index e74b2c03..00000000 Binary files a/examples/bind/corpus/6b404732312980e5248ccbb375fe3f07.000000a7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6b4dd4b454806418ca513572da0374a2.00000175.honggfuzz.cov b/examples/bind/corpus/6b4dd4b454806418ca513572da0374a2.00000175.honggfuzz.cov new file mode 100644 index 00000000..3b6122c3 Binary files /dev/null and b/examples/bind/corpus/6b4dd4b454806418ca513572da0374a2.00000175.honggfuzz.cov differ diff --git a/examples/bind/corpus/6b6fb5de0a802ccf02cb44f0c5aa4b25.00000085.honggfuzz.cov b/examples/bind/corpus/6b6fb5de0a802ccf02cb44f0c5aa4b25.00000085.honggfuzz.cov deleted file mode 100644 index 8260b28a..00000000 Binary files a/examples/bind/corpus/6b6fb5de0a802ccf02cb44f0c5aa4b25.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6b85be8d112e69026ec2d7f2f96e1da0.00000626.honggfuzz.cov b/examples/bind/corpus/6b85be8d112e69026ec2d7f2f96e1da0.00000626.honggfuzz.cov new file mode 100644 index 00000000..86eec38d Binary files /dev/null and b/examples/bind/corpus/6b85be8d112e69026ec2d7f2f96e1da0.00000626.honggfuzz.cov differ diff --git a/examples/bind/corpus/6b9f6239ddffc7665e237f44ee1ab2cd.000002e7.honggfuzz.cov b/examples/bind/corpus/6b9f6239ddffc7665e237f44ee1ab2cd.000002e7.honggfuzz.cov deleted file mode 100644 index c8501136..00000000 Binary files a/examples/bind/corpus/6b9f6239ddffc7665e237f44ee1ab2cd.000002e7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6ba12f919cc76e1361629412e98a0fe7.000101d0.honggfuzz.cov b/examples/bind/corpus/6ba12f919cc76e1361629412e98a0fe7.000101d0.honggfuzz.cov new file mode 100644 index 00000000..d1de7b3b Binary files /dev/null and b/examples/bind/corpus/6ba12f919cc76e1361629412e98a0fe7.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/6ba5c36fd86ebacefda9adf32c2a4db8.0000e77a.honggfuzz.cov b/examples/bind/corpus/6ba5c36fd86ebacefda9adf32c2a4db8.0000e77a.honggfuzz.cov new file mode 100644 index 00000000..c2a65122 Binary files /dev/null and b/examples/bind/corpus/6ba5c36fd86ebacefda9adf32c2a4db8.0000e77a.honggfuzz.cov differ diff --git a/examples/bind/corpus/6bcd6106b59002c3fedb8e1bb757eea8.00000497.honggfuzz.cov b/examples/bind/corpus/6bcd6106b59002c3fedb8e1bb757eea8.00000497.honggfuzz.cov deleted file mode 100644 index 45b3af69..00000000 Binary files a/examples/bind/corpus/6bcd6106b59002c3fedb8e1bb757eea8.00000497.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6bebd6aec9ec8d5aa7c94609269abeba.00000400.honggfuzz.cov b/examples/bind/corpus/6bebd6aec9ec8d5aa7c94609269abeba.00000400.honggfuzz.cov deleted file mode 100644 index 6bf473a7..00000000 Binary files a/examples/bind/corpus/6bebd6aec9ec8d5aa7c94609269abeba.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6bf54b7f407730f24803a785f332358f.00000032.honggfuzz.cov b/examples/bind/corpus/6bf54b7f407730f24803a785f332358f.00000032.honggfuzz.cov new file mode 100644 index 00000000..388f6e39 Binary files /dev/null and b/examples/bind/corpus/6bf54b7f407730f24803a785f332358f.00000032.honggfuzz.cov differ diff --git a/examples/bind/corpus/6c253789606590e66342cf8e60c7d71e.000001de.honggfuzz.cov b/examples/bind/corpus/6c253789606590e66342cf8e60c7d71e.000001de.honggfuzz.cov new file mode 100644 index 00000000..f90c8047 Binary files /dev/null and b/examples/bind/corpus/6c253789606590e66342cf8e60c7d71e.000001de.honggfuzz.cov differ diff --git a/examples/bind/corpus/6c3311c842307ee74e3c0f58f6a1588e.00018f49.honggfuzz.cov b/examples/bind/corpus/6c3311c842307ee74e3c0f58f6a1588e.00018f49.honggfuzz.cov deleted file mode 100644 index 355db50e..00000000 Binary files a/examples/bind/corpus/6c3311c842307ee74e3c0f58f6a1588e.00018f49.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6c4a9da4fd3135bafa1de65f10982aed.00000085.honggfuzz.cov b/examples/bind/corpus/6c4a9da4fd3135bafa1de65f10982aed.00000085.honggfuzz.cov new file mode 100644 index 00000000..cd18edf8 Binary files /dev/null and b/examples/bind/corpus/6c4a9da4fd3135bafa1de65f10982aed.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/6c53284a3d26f5e793ecbf7dd6048b8d.00000085.honggfuzz.cov b/examples/bind/corpus/6c53284a3d26f5e793ecbf7dd6048b8d.00000085.honggfuzz.cov deleted file mode 100644 index 34673cea..00000000 Binary files a/examples/bind/corpus/6c53284a3d26f5e793ecbf7dd6048b8d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6c53284d50e6f5e7d3efa30b0d693d51.00000085.honggfuzz.cov b/examples/bind/corpus/6c53284d50e6f5e7d3efa30b0d693d51.00000085.honggfuzz.cov deleted file mode 100644 index 741ca925..00000000 Binary files a/examples/bind/corpus/6c53284d50e6f5e7d3efa30b0d693d51.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6c5ffc0859c31015b16b8bfc69b170d2.000000f7.honggfuzz.cov b/examples/bind/corpus/6c5ffc0859c31015b16b8bfc69b170d2.000000f7.honggfuzz.cov new file mode 100644 index 00000000..73009465 Binary files /dev/null and b/examples/bind/corpus/6c5ffc0859c31015b16b8bfc69b170d2.000000f7.honggfuzz.cov differ diff --git a/examples/bind/corpus/6c651a01a4ee145bc17cb6f3f4d5da66.000097f3.honggfuzz.cov b/examples/bind/corpus/6c651a01a4ee145bc17cb6f3f4d5da66.000097f3.honggfuzz.cov deleted file mode 100644 index 6e0264d9..00000000 Binary files a/examples/bind/corpus/6c651a01a4ee145bc17cb6f3f4d5da66.000097f3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6cacf6fee213a69a741db7ff5f142259.00000053.honggfuzz.cov b/examples/bind/corpus/6cacf6fee213a69a741db7ff5f142259.00000053.honggfuzz.cov new file mode 100644 index 00000000..3e9cd593 Binary files /dev/null and b/examples/bind/corpus/6cacf6fee213a69a741db7ff5f142259.00000053.honggfuzz.cov differ diff --git a/examples/bind/corpus/6cbf33cf5051d4947dfa6a65ae2d43ad.00000072.honggfuzz.cov b/examples/bind/corpus/6cbf33cf5051d4947dfa6a65ae2d43ad.00000072.honggfuzz.cov deleted file mode 100644 index 1f8ff12b..00000000 Binary files a/examples/bind/corpus/6cbf33cf5051d4947dfa6a65ae2d43ad.00000072.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6cd48dbd8d9ab6a2746eff5f6b0588a5.000000a5.honggfuzz.cov b/examples/bind/corpus/6cd48dbd8d9ab6a2746eff5f6b0588a5.000000a5.honggfuzz.cov deleted file mode 100644 index 173212e9..00000000 Binary files a/examples/bind/corpus/6cd48dbd8d9ab6a2746eff5f6b0588a5.000000a5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6cd8f0ea5df2311fb96e16a896d38f8e.0000009b.honggfuzz.cov b/examples/bind/corpus/6cd8f0ea5df2311fb96e16a896d38f8e.0000009b.honggfuzz.cov new file mode 100644 index 00000000..39db91a8 Binary files /dev/null and b/examples/bind/corpus/6cd8f0ea5df2311fb96e16a896d38f8e.0000009b.honggfuzz.cov differ diff --git a/examples/bind/corpus/6d140a5152d917fcee6c7340fe87f6da.0001153e.honggfuzz.cov b/examples/bind/corpus/6d140a5152d917fcee6c7340fe87f6da.0001153e.honggfuzz.cov deleted file mode 100644 index bfe73d90..00000000 Binary files a/examples/bind/corpus/6d140a5152d917fcee6c7340fe87f6da.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6d3b965625f2293b76f015b48d3b21fd.0000002d.honggfuzz.cov b/examples/bind/corpus/6d3b965625f2293b76f015b48d3b21fd.0000002d.honggfuzz.cov deleted file mode 100644 index 2580547f..00000000 Binary files a/examples/bind/corpus/6d3b965625f2293b76f015b48d3b21fd.0000002d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6d3bfcb8d20f16b7b7f5abc79bc3cee9.000000c9.honggfuzz.cov b/examples/bind/corpus/6d3bfcb8d20f16b7b7f5abc79bc3cee9.000000c9.honggfuzz.cov deleted file mode 100644 index dd9d9c55..00000000 Binary files a/examples/bind/corpus/6d3bfcb8d20f16b7b7f5abc79bc3cee9.000000c9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6d521c88ec805c6186e07db0a5ff4193.00000060.honggfuzz.cov b/examples/bind/corpus/6d521c88ec805c6186e07db0a5ff4193.00000060.honggfuzz.cov new file mode 100644 index 00000000..a67cb237 Binary files /dev/null and b/examples/bind/corpus/6d521c88ec805c6186e07db0a5ff4193.00000060.honggfuzz.cov differ diff --git a/examples/bind/corpus/6d6370f7210b304817074a8d076277e2.00000085.honggfuzz.cov b/examples/bind/corpus/6d6370f7210b304817074a8d076277e2.00000085.honggfuzz.cov deleted file mode 100644 index f079fefc..00000000 Binary files a/examples/bind/corpus/6d6370f7210b304817074a8d076277e2.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6d8547d1bff19b981645e03ee84ac7a0.00000085.honggfuzz.cov b/examples/bind/corpus/6d8547d1bff19b981645e03ee84ac7a0.00000085.honggfuzz.cov deleted file mode 100644 index db2988e3..00000000 Binary files a/examples/bind/corpus/6d8547d1bff19b981645e03ee84ac7a0.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6d8547d1bff91b1066e76a164aca6fad.00000085.honggfuzz.cov b/examples/bind/corpus/6d8547d1bff91b1066e76a164aca6fad.00000085.honggfuzz.cov deleted file mode 100644 index b2dfab9c..00000000 Binary files a/examples/bind/corpus/6d8547d1bff91b1066e76a164aca6fad.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6d8656b5ab01d6aa8b18de6ac2724d8c.00001331.honggfuzz.cov b/examples/bind/corpus/6d8656b5ab01d6aa8b18de6ac2724d8c.00001331.honggfuzz.cov new file mode 100644 index 00000000..bc6fd84c Binary files /dev/null and b/examples/bind/corpus/6d8656b5ab01d6aa8b18de6ac2724d8c.00001331.honggfuzz.cov differ diff --git a/examples/bind/corpus/6d94e147c686750bf605a7d72eccaa25.0000010f.honggfuzz.cov b/examples/bind/corpus/6d94e147c686750bf605a7d72eccaa25.0000010f.honggfuzz.cov deleted file mode 100644 index 5d5f7ba0..00000000 Binary files a/examples/bind/corpus/6d94e147c686750bf605a7d72eccaa25.0000010f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6da46b9d0e7581c995080544ba63e130.00001d19.honggfuzz.cov b/examples/bind/corpus/6da46b9d0e7581c995080544ba63e130.00001d19.honggfuzz.cov deleted file mode 100644 index 7a59f7ac..00000000 Binary files a/examples/bind/corpus/6da46b9d0e7581c995080544ba63e130.00001d19.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6dbfd94332f0dd1b278e7410ac516054.00000cbe.honggfuzz.cov b/examples/bind/corpus/6dbfd94332f0dd1b278e7410ac516054.00000cbe.honggfuzz.cov deleted file mode 100644 index d98d3b23..00000000 Binary files a/examples/bind/corpus/6dbfd94332f0dd1b278e7410ac516054.00000cbe.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6dcd0e0fab55bc56011f38383628584f.00000b8e.honggfuzz.cov b/examples/bind/corpus/6dcd0e0fab55bc56011f38383628584f.00000b8e.honggfuzz.cov new file mode 100644 index 00000000..bdf0a1e5 Binary files /dev/null and b/examples/bind/corpus/6dcd0e0fab55bc56011f38383628584f.00000b8e.honggfuzz.cov differ diff --git a/examples/bind/corpus/6dd92461124209d78764bec2dfb23c2e.00000291.honggfuzz.cov b/examples/bind/corpus/6dd92461124209d78764bec2dfb23c2e.00000291.honggfuzz.cov deleted file mode 100644 index 3474eda9..00000000 Binary files a/examples/bind/corpus/6dd92461124209d78764bec2dfb23c2e.00000291.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6de506c0bfb59cc6d5c9b971a66756ef.00000181.honggfuzz.cov b/examples/bind/corpus/6de506c0bfb59cc6d5c9b971a66756ef.00000181.honggfuzz.cov new file mode 100644 index 00000000..6f8dbf0b Binary files /dev/null and b/examples/bind/corpus/6de506c0bfb59cc6d5c9b971a66756ef.00000181.honggfuzz.cov differ diff --git a/examples/bind/corpus/6e27709d39de5dbc20324e1a2d12a7e9.00000128.honggfuzz.cov b/examples/bind/corpus/6e27709d39de5dbc20324e1a2d12a7e9.00000128.honggfuzz.cov new file mode 100644 index 00000000..7e65fcd9 Binary files /dev/null and b/examples/bind/corpus/6e27709d39de5dbc20324e1a2d12a7e9.00000128.honggfuzz.cov differ diff --git a/examples/bind/corpus/6e2bdd14a811b7a87969fd242d82e6e9.0000029e.honggfuzz.cov b/examples/bind/corpus/6e2bdd14a811b7a87969fd242d82e6e9.0000029e.honggfuzz.cov deleted file mode 100644 index 5a963b2d..00000000 Binary files a/examples/bind/corpus/6e2bdd14a811b7a87969fd242d82e6e9.0000029e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6e440b9d403d509458b9dfabb2bbe992.00005941.honggfuzz.cov b/examples/bind/corpus/6e440b9d403d509458b9dfabb2bbe992.00005941.honggfuzz.cov new file mode 100644 index 00000000..34117196 Binary files /dev/null and b/examples/bind/corpus/6e440b9d403d509458b9dfabb2bbe992.00005941.honggfuzz.cov differ diff --git a/examples/bind/corpus/6e4f0a19b406238dffad0bf4b6e09076.000101d0.honggfuzz.cov b/examples/bind/corpus/6e4f0a19b406238dffad0bf4b6e09076.000101d0.honggfuzz.cov new file mode 100644 index 00000000..922c4e13 Binary files /dev/null and b/examples/bind/corpus/6e4f0a19b406238dffad0bf4b6e09076.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/6e866dbcc4069eeb929a7d4b20b96c06.000000f9.honggfuzz.cov b/examples/bind/corpus/6e866dbcc4069eeb929a7d4b20b96c06.000000f9.honggfuzz.cov deleted file mode 100644 index ce19ccf0..00000000 Binary files a/examples/bind/corpus/6e866dbcc4069eeb929a7d4b20b96c06.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6e89353ea115c6e3b82c263c80f60814.00000115.honggfuzz.cov b/examples/bind/corpus/6e89353ea115c6e3b82c263c80f60814.00000115.honggfuzz.cov new file mode 100644 index 00000000..80b6e8e5 Binary files /dev/null and b/examples/bind/corpus/6e89353ea115c6e3b82c263c80f60814.00000115.honggfuzz.cov differ diff --git a/examples/bind/corpus/6e9b7b5f93ac20842b4a241a4f74f495.000013e8.honggfuzz.cov b/examples/bind/corpus/6e9b7b5f93ac20842b4a241a4f74f495.000013e8.honggfuzz.cov new file mode 100644 index 00000000..b719bf95 Binary files /dev/null and b/examples/bind/corpus/6e9b7b5f93ac20842b4a241a4f74f495.000013e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/6ebc6893dea9f2708103f6807be5ea96.000002c6.honggfuzz.cov b/examples/bind/corpus/6ebc6893dea9f2708103f6807be5ea96.000002c6.honggfuzz.cov new file mode 100644 index 00000000..3c53b09d Binary files /dev/null and b/examples/bind/corpus/6ebc6893dea9f2708103f6807be5ea96.000002c6.honggfuzz.cov differ diff --git a/examples/bind/corpus/6ee2a452732d4589541ff4a2728e3941.00000085.honggfuzz.cov b/examples/bind/corpus/6ee2a452732d4589541ff4a2728e3941.00000085.honggfuzz.cov new file mode 100644 index 00000000..d0c379cb Binary files /dev/null and b/examples/bind/corpus/6ee2a452732d4589541ff4a2728e3941.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/6ee6f911182c9390f5a2c786946e68ab.0001f7e8.honggfuzz.cov b/examples/bind/corpus/6ee6f911182c9390f5a2c786946e68ab.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..0f01feb5 Binary files /dev/null and b/examples/bind/corpus/6ee6f911182c9390f5a2c786946e68ab.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/6ee74d84721ef55c2aac4827b06504da.0000001f.honggfuzz.cov b/examples/bind/corpus/6ee74d84721ef55c2aac4827b06504da.0000001f.honggfuzz.cov new file mode 100644 index 00000000..8839e5b9 Binary files /dev/null and b/examples/bind/corpus/6ee74d84721ef55c2aac4827b06504da.0000001f.honggfuzz.cov differ diff --git a/examples/bind/corpus/6f1a052c6ccd6bfd0273129d184ba69c.00000041.honggfuzz.cov b/examples/bind/corpus/6f1a052c6ccd6bfd0273129d184ba69c.00000041.honggfuzz.cov deleted file mode 100644 index 3cae84c5..00000000 Binary files a/examples/bind/corpus/6f1a052c6ccd6bfd0273129d184ba69c.00000041.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6f1a27b6753effe2224fbc4a52a258c1.000000f7.honggfuzz.cov b/examples/bind/corpus/6f1a27b6753effe2224fbc4a52a258c1.000000f7.honggfuzz.cov new file mode 100644 index 00000000..1999d2ad Binary files /dev/null and b/examples/bind/corpus/6f1a27b6753effe2224fbc4a52a258c1.000000f7.honggfuzz.cov differ diff --git a/examples/bind/corpus/6f2b9986679f256c74d490828fe33026.00000091.honggfuzz.cov b/examples/bind/corpus/6f2b9986679f256c74d490828fe33026.00000091.honggfuzz.cov deleted file mode 100644 index 3017384a..00000000 Binary files a/examples/bind/corpus/6f2b9986679f256c74d490828fe33026.00000091.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6f3a814eda7caff81ca205ffdc8f5835.000002cd.honggfuzz.cov b/examples/bind/corpus/6f3a814eda7caff81ca205ffdc8f5835.000002cd.honggfuzz.cov deleted file mode 100644 index 8d535ebd..00000000 Binary files a/examples/bind/corpus/6f3a814eda7caff81ca205ffdc8f5835.000002cd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6f55c0e6f6bda7d72618cf2275164bef.00000066.honggfuzz.cov b/examples/bind/corpus/6f55c0e6f6bda7d72618cf2275164bef.00000066.honggfuzz.cov new file mode 100644 index 00000000..550fd514 Binary files /dev/null and b/examples/bind/corpus/6f55c0e6f6bda7d72618cf2275164bef.00000066.honggfuzz.cov differ diff --git a/examples/bind/corpus/6f696e8defd86966d1b38000f8a7b1b2.0000020a.honggfuzz.cov b/examples/bind/corpus/6f696e8defd86966d1b38000f8a7b1b2.0000020a.honggfuzz.cov deleted file mode 100644 index e0664d45..00000000 Binary files a/examples/bind/corpus/6f696e8defd86966d1b38000f8a7b1b2.0000020a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6f7edfd4ef53b097b8fd2861aaa96a0e.00000150.honggfuzz.cov b/examples/bind/corpus/6f7edfd4ef53b097b8fd2861aaa96a0e.00000150.honggfuzz.cov deleted file mode 100644 index ea602773..00000000 Binary files a/examples/bind/corpus/6f7edfd4ef53b097b8fd2861aaa96a0e.00000150.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6fb1e35980ee361847e81f8a8a752717.0000002e.honggfuzz.cov b/examples/bind/corpus/6fb1e35980ee361847e81f8a8a752717.0000002e.honggfuzz.cov new file mode 100644 index 00000000..b3e60419 Binary files /dev/null and b/examples/bind/corpus/6fb1e35980ee361847e81f8a8a752717.0000002e.honggfuzz.cov differ diff --git a/examples/bind/corpus/6fb2f6cab319d7c15b38d37f35f12161.0000000e.honggfuzz.cov b/examples/bind/corpus/6fb2f6cab319d7c15b38d37f35f12161.0000000e.honggfuzz.cov new file mode 100644 index 00000000..3a892eb9 Binary files /dev/null and b/examples/bind/corpus/6fb2f6cab319d7c15b38d37f35f12161.0000000e.honggfuzz.cov differ diff --git a/examples/bind/corpus/6fc72a62686fc0b159b522529b9c9737.00001187.honggfuzz.cov b/examples/bind/corpus/6fc72a62686fc0b159b522529b9c9737.00001187.honggfuzz.cov deleted file mode 100644 index 1ac3c1b0..00000000 Binary files a/examples/bind/corpus/6fc72a62686fc0b159b522529b9c9737.00001187.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6fc951d695a6d0b0903abf34916f7001.00000013.honggfuzz.cov b/examples/bind/corpus/6fc951d695a6d0b0903abf34916f7001.00000013.honggfuzz.cov deleted file mode 100644 index 016ea3e7..00000000 Binary files a/examples/bind/corpus/6fc951d695a6d0b0903abf34916f7001.00000013.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6fccf22886f1f98b28cee278ca8703cd.00000085.honggfuzz.cov b/examples/bind/corpus/6fccf22886f1f98b28cee278ca8703cd.00000085.honggfuzz.cov new file mode 100644 index 00000000..4aa10097 Binary files /dev/null and b/examples/bind/corpus/6fccf22886f1f98b28cee278ca8703cd.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/6ff57d53bff40a3179cbee6d9f705466.00000085.honggfuzz.cov b/examples/bind/corpus/6ff57d53bff40a3179cbee6d9f705466.00000085.honggfuzz.cov deleted file mode 100644 index de25298a..00000000 Binary files a/examples/bind/corpus/6ff57d53bff40a3179cbee6d9f705466.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/6ffafce78223d28c8bb1eabc780e32ad.00000085.honggfuzz.cov b/examples/bind/corpus/6ffafce78223d28c8bb1eabc780e32ad.00000085.honggfuzz.cov deleted file mode 100644 index 05d99b64..00000000 Binary files a/examples/bind/corpus/6ffafce78223d28c8bb1eabc780e32ad.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/703bcef10f53805fd6a6bfa682c7384a.00000085.honggfuzz.cov b/examples/bind/corpus/703bcef10f53805fd6a6bfa682c7384a.00000085.honggfuzz.cov deleted file mode 100644 index 9f3d43b9..00000000 Binary files a/examples/bind/corpus/703bcef10f53805fd6a6bfa682c7384a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/70461dacdd0d86076d3bc1776e0d30aa.000000ff.honggfuzz.cov b/examples/bind/corpus/70461dacdd0d86076d3bc1776e0d30aa.000000ff.honggfuzz.cov deleted file mode 100644 index e34851da..00000000 Binary files a/examples/bind/corpus/70461dacdd0d86076d3bc1776e0d30aa.000000ff.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/706312fc033bd15b7d4f745e7add0f91.000003bd.honggfuzz.cov b/examples/bind/corpus/706312fc033bd15b7d4f745e7add0f91.000003bd.honggfuzz.cov deleted file mode 100644 index f3ad4971..00000000 Binary files a/examples/bind/corpus/706312fc033bd15b7d4f745e7add0f91.000003bd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/706e8d7490f2b0d8f02a41d47c84c294.0000007d.honggfuzz.cov b/examples/bind/corpus/706e8d7490f2b0d8f02a41d47c84c294.0000007d.honggfuzz.cov new file mode 100644 index 00000000..31866571 Binary files /dev/null and b/examples/bind/corpus/706e8d7490f2b0d8f02a41d47c84c294.0000007d.honggfuzz.cov differ diff --git a/examples/bind/corpus/70801fff6bc129d667730f7704ce35b3.00008c2d.honggfuzz.cov b/examples/bind/corpus/70801fff6bc129d667730f7704ce35b3.00008c2d.honggfuzz.cov deleted file mode 100644 index 1eee2fea..00000000 Binary files a/examples/bind/corpus/70801fff6bc129d667730f7704ce35b3.00008c2d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/70b557e1c39f6f92d07c4f94e7e37e1c.00000293.honggfuzz.cov b/examples/bind/corpus/70b557e1c39f6f92d07c4f94e7e37e1c.00000293.honggfuzz.cov deleted file mode 100644 index b3acd184..00000000 Binary files a/examples/bind/corpus/70b557e1c39f6f92d07c4f94e7e37e1c.00000293.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/70da2723be2d405d2b8799918091d1d9.0000e948.honggfuzz.cov b/examples/bind/corpus/70da2723be2d405d2b8799918091d1d9.0000e948.honggfuzz.cov deleted file mode 100644 index 32bfe59b..00000000 Binary files a/examples/bind/corpus/70da2723be2d405d2b8799918091d1d9.0000e948.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/70ee36ca8605e1b14821a814ada1d1b7.0000029e.honggfuzz.cov b/examples/bind/corpus/70ee36ca8605e1b14821a814ada1d1b7.0000029e.honggfuzz.cov new file mode 100644 index 00000000..92091a2e Binary files /dev/null and b/examples/bind/corpus/70ee36ca8605e1b14821a814ada1d1b7.0000029e.honggfuzz.cov differ diff --git a/examples/bind/corpus/70fb5ae5fb6700e8761a42b017836d14.00006e85.honggfuzz.cov b/examples/bind/corpus/70fb5ae5fb6700e8761a42b017836d14.00006e85.honggfuzz.cov deleted file mode 100644 index 234cefb4..00000000 Binary files a/examples/bind/corpus/70fb5ae5fb6700e8761a42b017836d14.00006e85.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/71128c48eda881659124d2dc6c498017.000000d4.honggfuzz.cov b/examples/bind/corpus/71128c48eda881659124d2dc6c498017.000000d4.honggfuzz.cov deleted file mode 100644 index 7d7944cd..00000000 Binary files a/examples/bind/corpus/71128c48eda881659124d2dc6c498017.000000d4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7123452f27926090a5c04a9c07a238f3.00000085.honggfuzz.cov b/examples/bind/corpus/7123452f27926090a5c04a9c07a238f3.00000085.honggfuzz.cov new file mode 100644 index 00000000..7f5f36df Binary files /dev/null and b/examples/bind/corpus/7123452f27926090a5c04a9c07a238f3.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/7124e4bdddab993f2d24ccf7981e057b.00000094.honggfuzz.cov b/examples/bind/corpus/7124e4bdddab993f2d24ccf7981e057b.00000094.honggfuzz.cov deleted file mode 100644 index c0a3f0d5..00000000 Binary files a/examples/bind/corpus/7124e4bdddab993f2d24ccf7981e057b.00000094.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/712d635489be4ba1c734bfaa607c2eee.000000b6.honggfuzz.cov b/examples/bind/corpus/712d635489be4ba1c734bfaa607c2eee.000000b6.honggfuzz.cov deleted file mode 100644 index c1270787..00000000 Binary files a/examples/bind/corpus/712d635489be4ba1c734bfaa607c2eee.000000b6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7168fa0ed2019202ae20a5103f2c0515.00000080.honggfuzz.cov b/examples/bind/corpus/7168fa0ed2019202ae20a5103f2c0515.00000080.honggfuzz.cov new file mode 100644 index 00000000..ed1d93ad Binary files /dev/null and b/examples/bind/corpus/7168fa0ed2019202ae20a5103f2c0515.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/718adeec6d3c5235359adbfda07f0fdf.00000085.honggfuzz.cov b/examples/bind/corpus/718adeec6d3c5235359adbfda07f0fdf.00000085.honggfuzz.cov new file mode 100644 index 00000000..5b9802c3 Binary files /dev/null and b/examples/bind/corpus/718adeec6d3c5235359adbfda07f0fdf.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/718adeedb64c5235259a1ce016a46268.00000085.honggfuzz.cov b/examples/bind/corpus/718adeedb64c5235259a1ce016a46268.00000085.honggfuzz.cov new file mode 100644 index 00000000..81f875e9 Binary files /dev/null and b/examples/bind/corpus/718adeedb64c5235259a1ce016a46268.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/7194052d04dd9016d3f8375c875540c3.00000085.honggfuzz.cov b/examples/bind/corpus/7194052d04dd9016d3f8375c875540c3.00000085.honggfuzz.cov deleted file mode 100644 index 9c532751..00000000 Binary files a/examples/bind/corpus/7194052d04dd9016d3f8375c875540c3.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/71953945315a2644a1185c9452ccbc8d.0000004e.honggfuzz.cov b/examples/bind/corpus/71953945315a2644a1185c9452ccbc8d.0000004e.honggfuzz.cov deleted file mode 100644 index a75719f9..00000000 Binary files a/examples/bind/corpus/71953945315a2644a1185c9452ccbc8d.0000004e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/71aa5eac1e1cf9ef71298709d8fdbce3.00079a74.honggfuzz.cov b/examples/bind/corpus/71aa5eac1e1cf9ef71298709d8fdbce3.00079a74.honggfuzz.cov deleted file mode 100644 index 2cd252d5..00000000 Binary files a/examples/bind/corpus/71aa5eac1e1cf9ef71298709d8fdbce3.00079a74.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/71b55b89b95a19ee9e8c4a12435cfd26.0000007d.honggfuzz.cov b/examples/bind/corpus/71b55b89b95a19ee9e8c4a12435cfd26.0000007d.honggfuzz.cov new file mode 100644 index 00000000..ff991cdb Binary files /dev/null and b/examples/bind/corpus/71b55b89b95a19ee9e8c4a12435cfd26.0000007d.honggfuzz.cov differ diff --git a/examples/bind/corpus/71d103dada916a6cb1a5fd58ebcb35df.00000080.honggfuzz.cov b/examples/bind/corpus/71d103dada916a6cb1a5fd58ebcb35df.00000080.honggfuzz.cov deleted file mode 100644 index 095967cb..00000000 Binary files a/examples/bind/corpus/71d103dada916a6cb1a5fd58ebcb35df.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/71fadb3093ecc187d802c92ab74c4bd1.00000025.honggfuzz.cov b/examples/bind/corpus/71fadb3093ecc187d802c92ab74c4bd1.00000025.honggfuzz.cov new file mode 100644 index 00000000..8e142f19 Binary files /dev/null and b/examples/bind/corpus/71fadb3093ecc187d802c92ab74c4bd1.00000025.honggfuzz.cov differ diff --git a/examples/bind/corpus/7200e60b336319b58506e3f3d817db0d.00000c65.honggfuzz.cov b/examples/bind/corpus/7200e60b336319b58506e3f3d817db0d.00000c65.honggfuzz.cov deleted file mode 100644 index 2702c880..00000000 Binary files a/examples/bind/corpus/7200e60b336319b58506e3f3d817db0d.00000c65.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7207c35670b893b95ee388b8a6c8bdb7.0000003a.honggfuzz.cov b/examples/bind/corpus/7207c35670b893b95ee388b8a6c8bdb7.0000003a.honggfuzz.cov new file mode 100644 index 00000000..41148a44 Binary files /dev/null and b/examples/bind/corpus/7207c35670b893b95ee388b8a6c8bdb7.0000003a.honggfuzz.cov differ diff --git a/examples/bind/corpus/7221c77da63e9f71ac32457c569fbe3d.000003a8.honggfuzz.cov b/examples/bind/corpus/7221c77da63e9f71ac32457c569fbe3d.000003a8.honggfuzz.cov new file mode 100644 index 00000000..8751a07d Binary files /dev/null and b/examples/bind/corpus/7221c77da63e9f71ac32457c569fbe3d.000003a8.honggfuzz.cov differ diff --git a/examples/bind/corpus/7224269a85dc7ab151c5d294b5310cee.0000029e.honggfuzz.cov b/examples/bind/corpus/7224269a85dc7ab151c5d294b5310cee.0000029e.honggfuzz.cov deleted file mode 100644 index 014aed59..00000000 Binary files a/examples/bind/corpus/7224269a85dc7ab151c5d294b5310cee.0000029e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/723be192c64e9b46ee9e5bb757cdde84.00000081.honggfuzz.cov b/examples/bind/corpus/723be192c64e9b46ee9e5bb757cdde84.00000081.honggfuzz.cov deleted file mode 100644 index 9b78c19a..00000000 Binary files a/examples/bind/corpus/723be192c64e9b46ee9e5bb757cdde84.00000081.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/72431b27bea956cbe2318bac77ca8779.00000085.honggfuzz.cov b/examples/bind/corpus/72431b27bea956cbe2318bac77ca8779.00000085.honggfuzz.cov deleted file mode 100644 index c6995d24..00000000 Binary files a/examples/bind/corpus/72431b27bea956cbe2318bac77ca8779.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7253320e6f753dbbfe0c67e29d37a29e.00000085.honggfuzz.cov b/examples/bind/corpus/7253320e6f753dbbfe0c67e29d37a29e.00000085.honggfuzz.cov deleted file mode 100644 index 749254a6..00000000 Binary files a/examples/bind/corpus/7253320e6f753dbbfe0c67e29d37a29e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/725dd0357f0ac76f2fe51c75363a05d3.00000ba2.honggfuzz.cov b/examples/bind/corpus/725dd0357f0ac76f2fe51c75363a05d3.00000ba2.honggfuzz.cov new file mode 100644 index 00000000..1894289c Binary files /dev/null and b/examples/bind/corpus/725dd0357f0ac76f2fe51c75363a05d3.00000ba2.honggfuzz.cov differ diff --git a/examples/bind/corpus/72a0597de8c88cd81c84f18b0238fb8f.000016b7.honggfuzz.cov b/examples/bind/corpus/72a0597de8c88cd81c84f18b0238fb8f.000016b7.honggfuzz.cov new file mode 100644 index 00000000..e3191426 Binary files /dev/null and b/examples/bind/corpus/72a0597de8c88cd81c84f18b0238fb8f.000016b7.honggfuzz.cov differ diff --git a/examples/bind/corpus/72d4a986aed093ddd7c719dbabf4959a.0000daa2.honggfuzz.cov b/examples/bind/corpus/72d4a986aed093ddd7c719dbabf4959a.0000daa2.honggfuzz.cov new file mode 100644 index 00000000..d00fbe6c Binary files /dev/null and b/examples/bind/corpus/72d4a986aed093ddd7c719dbabf4959a.0000daa2.honggfuzz.cov differ diff --git a/examples/bind/corpus/72de945bbff7f22175ecf6f2e54805b9.00000073.honggfuzz.cov b/examples/bind/corpus/72de945bbff7f22175ecf6f2e54805b9.00000073.honggfuzz.cov deleted file mode 100644 index c497b276..00000000 Binary files a/examples/bind/corpus/72de945bbff7f22175ecf6f2e54805b9.00000073.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/72f8618399aa3b3edeb2772b1bd88ac9.0001ff84.honggfuzz.cov b/examples/bind/corpus/72f8618399aa3b3edeb2772b1bd88ac9.0001ff84.honggfuzz.cov deleted file mode 100644 index f3cbfdca..00000000 Binary files a/examples/bind/corpus/72f8618399aa3b3edeb2772b1bd88ac9.0001ff84.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7301b5d1af8e3ede277d7c527df07ad4.00000061.honggfuzz.cov b/examples/bind/corpus/7301b5d1af8e3ede277d7c527df07ad4.00000061.honggfuzz.cov new file mode 100644 index 00000000..aece0100 Binary files /dev/null and b/examples/bind/corpus/7301b5d1af8e3ede277d7c527df07ad4.00000061.honggfuzz.cov differ diff --git a/examples/bind/corpus/730594e89b18112cff677b9943d42b77.00015a30.honggfuzz.cov b/examples/bind/corpus/730594e89b18112cff677b9943d42b77.00015a30.honggfuzz.cov deleted file mode 100644 index 476c6890..00000000 Binary files a/examples/bind/corpus/730594e89b18112cff677b9943d42b77.00015a30.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7305ede3b16e788b6f198487f8d4125a.00010001.honggfuzz.cov b/examples/bind/corpus/7305ede3b16e788b6f198487f8d4125a.00010001.honggfuzz.cov new file mode 100644 index 00000000..b854e8ca Binary files /dev/null and b/examples/bind/corpus/7305ede3b16e788b6f198487f8d4125a.00010001.honggfuzz.cov differ diff --git a/examples/bind/corpus/7316fb4733513ea0321e7a45d9f3bf70.0006b71e.honggfuzz.cov b/examples/bind/corpus/7316fb4733513ea0321e7a45d9f3bf70.0006b71e.honggfuzz.cov deleted file mode 100644 index 2cd0096a..00000000 Binary files a/examples/bind/corpus/7316fb4733513ea0321e7a45d9f3bf70.0006b71e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7322fee7a54c9468b4b6f8632f7561c8.0000a302.honggfuzz.cov b/examples/bind/corpus/7322fee7a54c9468b4b6f8632f7561c8.0000a302.honggfuzz.cov deleted file mode 100644 index 9b48502b..00000000 Binary files a/examples/bind/corpus/7322fee7a54c9468b4b6f8632f7561c8.0000a302.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/734d7274007e6d2a5c3d6aee37eb88a8.00001093.honggfuzz.cov b/examples/bind/corpus/734d7274007e6d2a5c3d6aee37eb88a8.00001093.honggfuzz.cov deleted file mode 100644 index b780ee9b..00000000 Binary files a/examples/bind/corpus/734d7274007e6d2a5c3d6aee37eb88a8.00001093.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7358455c7ea960652f9d41c68680ac82.00000085.honggfuzz.cov b/examples/bind/corpus/7358455c7ea960652f9d41c68680ac82.00000085.honggfuzz.cov deleted file mode 100644 index 70489a61..00000000 Binary files a/examples/bind/corpus/7358455c7ea960652f9d41c68680ac82.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/736e17cc4834c0fc2f20fc638380c6b7.00000085.honggfuzz.cov b/examples/bind/corpus/736e17cc4834c0fc2f20fc638380c6b7.00000085.honggfuzz.cov deleted file mode 100644 index 1d8e84b5..00000000 Binary files a/examples/bind/corpus/736e17cc4834c0fc2f20fc638380c6b7.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/736e92c40be00da25e37e6f383c8a059.00012ca1.honggfuzz.cov b/examples/bind/corpus/736e92c40be00da25e37e6f383c8a059.00012ca1.honggfuzz.cov deleted file mode 100644 index 66574a31..00000000 Binary files a/examples/bind/corpus/736e92c40be00da25e37e6f383c8a059.00012ca1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/737279e78bf44cd998ca869b1e819c21.00000085.honggfuzz.cov b/examples/bind/corpus/737279e78bf44cd998ca869b1e819c21.00000085.honggfuzz.cov deleted file mode 100644 index aedaa6a5..00000000 Binary files a/examples/bind/corpus/737279e78bf44cd998ca869b1e819c21.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/737c19a4f62c63749b9572169ae96132.00000040.honggfuzz.cov b/examples/bind/corpus/737c19a4f62c63749b9572169ae96132.00000040.honggfuzz.cov new file mode 100644 index 00000000..af87e9ad Binary files /dev/null and b/examples/bind/corpus/737c19a4f62c63749b9572169ae96132.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/73b3667d8e52b00686298a00a15c8edc.00000085.honggfuzz.cov b/examples/bind/corpus/73b3667d8e52b00686298a00a15c8edc.00000085.honggfuzz.cov deleted file mode 100644 index 8e811974..00000000 Binary files a/examples/bind/corpus/73b3667d8e52b00686298a00a15c8edc.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/73c8a6c63deabe51b15bb7f8e3b41c75.0001533c.honggfuzz.cov b/examples/bind/corpus/73c8a6c63deabe51b15bb7f8e3b41c75.0001533c.honggfuzz.cov deleted file mode 100644 index 192a3820..00000000 Binary files a/examples/bind/corpus/73c8a6c63deabe51b15bb7f8e3b41c75.0001533c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/73e0c1da55a776fc60b3cb34966a6047.0000009a.honggfuzz.cov b/examples/bind/corpus/73e0c1da55a776fc60b3cb34966a6047.0000009a.honggfuzz.cov deleted file mode 100644 index b6ad24e5..00000000 Binary files a/examples/bind/corpus/73e0c1da55a776fc60b3cb34966a6047.0000009a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/73e54ea147c946668480d506d52421e8.00004c7e.honggfuzz.cov b/examples/bind/corpus/73e54ea147c946668480d506d52421e8.00004c7e.honggfuzz.cov new file mode 100644 index 00000000..d4f62dba Binary files /dev/null and b/examples/bind/corpus/73e54ea147c946668480d506d52421e8.00004c7e.honggfuzz.cov differ diff --git a/examples/bind/corpus/740035cbfa9b61e4ecb06dd9ff569e42.00000083.honggfuzz.cov b/examples/bind/corpus/740035cbfa9b61e4ecb06dd9ff569e42.00000083.honggfuzz.cov deleted file mode 100644 index 38ffdbe2..00000000 Binary files a/examples/bind/corpus/740035cbfa9b61e4ecb06dd9ff569e42.00000083.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7408059003c6c19c016293201e026f2d.000000f9.honggfuzz.cov b/examples/bind/corpus/7408059003c6c19c016293201e026f2d.000000f9.honggfuzz.cov deleted file mode 100644 index 285ce871..00000000 Binary files a/examples/bind/corpus/7408059003c6c19c016293201e026f2d.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7418b2c3c6c5b62f9cad899f0a944b57.0000010f.honggfuzz.cov b/examples/bind/corpus/7418b2c3c6c5b62f9cad899f0a944b57.0000010f.honggfuzz.cov new file mode 100644 index 00000000..691c5d91 Binary files /dev/null and b/examples/bind/corpus/7418b2c3c6c5b62f9cad899f0a944b57.0000010f.honggfuzz.cov differ diff --git a/examples/bind/corpus/741eec2fb901f51fa565f7a00714de01.000004af.honggfuzz.cov b/examples/bind/corpus/741eec2fb901f51fa565f7a00714de01.000004af.honggfuzz.cov deleted file mode 100644 index 56644071..00000000 Binary files a/examples/bind/corpus/741eec2fb901f51fa565f7a00714de01.000004af.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/742d97db7fe6da42aab83095485e041d.00000085.honggfuzz.cov b/examples/bind/corpus/742d97db7fe6da42aab83095485e041d.00000085.honggfuzz.cov deleted file mode 100644 index 525814a4..00000000 Binary files a/examples/bind/corpus/742d97db7fe6da42aab83095485e041d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/744eae96686e339da7b8023b4c61ea96.00009fe6.honggfuzz.cov b/examples/bind/corpus/744eae96686e339da7b8023b4c61ea96.00009fe6.honggfuzz.cov new file mode 100644 index 00000000..d55e59ea Binary files /dev/null and b/examples/bind/corpus/744eae96686e339da7b8023b4c61ea96.00009fe6.honggfuzz.cov differ diff --git a/examples/bind/corpus/746783de8015654a5fc1e7f40216fdf0.00000115.honggfuzz.cov b/examples/bind/corpus/746783de8015654a5fc1e7f40216fdf0.00000115.honggfuzz.cov new file mode 100644 index 00000000..52c06f4d Binary files /dev/null and b/examples/bind/corpus/746783de8015654a5fc1e7f40216fdf0.00000115.honggfuzz.cov differ diff --git a/examples/bind/corpus/7469ebdfe20a5c4c32403274abeac42b.000000a6.honggfuzz.cov b/examples/bind/corpus/7469ebdfe20a5c4c32403274abeac42b.000000a6.honggfuzz.cov deleted file mode 100644 index 18e676c0..00000000 Binary files a/examples/bind/corpus/7469ebdfe20a5c4c32403274abeac42b.000000a6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/74721924746149531e4d3b2e22e8f329.000000a3.honggfuzz.cov b/examples/bind/corpus/74721924746149531e4d3b2e22e8f329.000000a3.honggfuzz.cov deleted file mode 100644 index 38726d67..00000000 Binary files a/examples/bind/corpus/74721924746149531e4d3b2e22e8f329.000000a3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/747ab913b689077f07648b38e9a3d1a3.00000085.honggfuzz.cov b/examples/bind/corpus/747ab913b689077f07648b38e9a3d1a3.00000085.honggfuzz.cov deleted file mode 100644 index 3ca4a750..00000000 Binary files a/examples/bind/corpus/747ab913b689077f07648b38e9a3d1a3.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7493320e6f753dbbfe0c62f69ee3a45e.00000085.honggfuzz.cov b/examples/bind/corpus/7493320e6f753dbbfe0c62f69ee3a45e.00000085.honggfuzz.cov deleted file mode 100644 index c9aa0901..00000000 Binary files a/examples/bind/corpus/7493320e6f753dbbfe0c62f69ee3a45e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/74999a08b5da3a103e1e838dc2f1441f.0000fffc.honggfuzz.cov b/examples/bind/corpus/74999a08b5da3a103e1e838dc2f1441f.0000fffc.honggfuzz.cov new file mode 100644 index 00000000..ff9fe8be Binary files /dev/null and b/examples/bind/corpus/74999a08b5da3a103e1e838dc2f1441f.0000fffc.honggfuzz.cov differ diff --git a/examples/bind/corpus/74bfd0d0e53a87b569e4c891d9f70dc2.0000039c.honggfuzz.cov b/examples/bind/corpus/74bfd0d0e53a87b569e4c891d9f70dc2.0000039c.honggfuzz.cov new file mode 100644 index 00000000..fb4fb5e9 Binary files /dev/null and b/examples/bind/corpus/74bfd0d0e53a87b569e4c891d9f70dc2.0000039c.honggfuzz.cov differ diff --git a/examples/bind/corpus/75325266df4faa97ea31ef024831774e.00000d98.honggfuzz.cov b/examples/bind/corpus/75325266df4faa97ea31ef024831774e.00000d98.honggfuzz.cov deleted file mode 100644 index 4a36fd45..00000000 Binary files a/examples/bind/corpus/75325266df4faa97ea31ef024831774e.00000d98.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/75369aaf83b5eef5e3efc8514ed70a69.00000085.honggfuzz.cov b/examples/bind/corpus/75369aaf83b5eef5e3efc8514ed70a69.00000085.honggfuzz.cov deleted file mode 100644 index 04d8cea2..00000000 Binary files a/examples/bind/corpus/75369aaf83b5eef5e3efc8514ed70a69.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/753e0aa390390bc960136fbaaa4525fb.00000085.honggfuzz.cov b/examples/bind/corpus/753e0aa390390bc960136fbaaa4525fb.00000085.honggfuzz.cov deleted file mode 100644 index 40e8fdec..00000000 Binary files a/examples/bind/corpus/753e0aa390390bc960136fbaaa4525fb.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/757075bf62387111d966ca6b91145fb6.00000040.honggfuzz.cov b/examples/bind/corpus/757075bf62387111d966ca6b91145fb6.00000040.honggfuzz.cov deleted file mode 100644 index adc115d4..00000000 Binary files a/examples/bind/corpus/757075bf62387111d966ca6b91145fb6.00000040.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/758b5bd99650381e73d8d56ad255409c.00000993.honggfuzz.cov b/examples/bind/corpus/758b5bd99650381e73d8d56ad255409c.00000993.honggfuzz.cov deleted file mode 100644 index 9b915e38..00000000 Binary files a/examples/bind/corpus/758b5bd99650381e73d8d56ad255409c.00000993.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/75a2f6f4680f1107a83377f22dcb701f.00000085.honggfuzz.cov b/examples/bind/corpus/75a2f6f4680f1107a83377f22dcb701f.00000085.honggfuzz.cov new file mode 100644 index 00000000..4448f9f2 Binary files /dev/null and b/examples/bind/corpus/75a2f6f4680f1107a83377f22dcb701f.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/75a66725aab0a55255f1bbecd63255d2.00001e5b.honggfuzz.cov b/examples/bind/corpus/75a66725aab0a55255f1bbecd63255d2.00001e5b.honggfuzz.cov new file mode 100644 index 00000000..293e5b8e Binary files /dev/null and b/examples/bind/corpus/75a66725aab0a55255f1bbecd63255d2.00001e5b.honggfuzz.cov differ diff --git a/examples/bind/corpus/75ac7a0c76203d64c32d4382d8fa2408.0000054f.honggfuzz.cov b/examples/bind/corpus/75ac7a0c76203d64c32d4382d8fa2408.0000054f.honggfuzz.cov deleted file mode 100644 index 8f2ce243..00000000 Binary files a/examples/bind/corpus/75ac7a0c76203d64c32d4382d8fa2408.0000054f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/75c30f2abde8ffb7e862907ff6b5b686.00000bb8.honggfuzz.cov b/examples/bind/corpus/75c30f2abde8ffb7e862907ff6b5b686.00000bb8.honggfuzz.cov new file mode 100644 index 00000000..91c8fc8b Binary files /dev/null and b/examples/bind/corpus/75c30f2abde8ffb7e862907ff6b5b686.00000bb8.honggfuzz.cov differ diff --git a/examples/bind/corpus/75c4aed0f6c8b21033f7965cf2af392c.00000085.honggfuzz.cov b/examples/bind/corpus/75c4aed0f6c8b21033f7965cf2af392c.00000085.honggfuzz.cov deleted file mode 100644 index 396daccc..00000000 Binary files a/examples/bind/corpus/75c4aed0f6c8b21033f7965cf2af392c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/75d4eca4a44749637479b9d1a287a97f.0000011f.honggfuzz.cov b/examples/bind/corpus/75d4eca4a44749637479b9d1a287a97f.0000011f.honggfuzz.cov deleted file mode 100644 index e31bad34..00000000 Binary files a/examples/bind/corpus/75d4eca4a44749637479b9d1a287a97f.0000011f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/761866994683605ae22514144bdcfe60.000001c7.honggfuzz.cov b/examples/bind/corpus/761866994683605ae22514144bdcfe60.000001c7.honggfuzz.cov new file mode 100644 index 00000000..f04e3cd7 Binary files /dev/null and b/examples/bind/corpus/761866994683605ae22514144bdcfe60.000001c7.honggfuzz.cov differ diff --git a/examples/bind/corpus/765c767b0d141c9ace374ff7c5dc3ec9.000010f8.honggfuzz.cov b/examples/bind/corpus/765c767b0d141c9ace374ff7c5dc3ec9.000010f8.honggfuzz.cov deleted file mode 100644 index e04730f7..00000000 Binary files a/examples/bind/corpus/765c767b0d141c9ace374ff7c5dc3ec9.000010f8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/765e85a95e61b02de3f51f6e78b48af5.0000136f.honggfuzz.cov b/examples/bind/corpus/765e85a95e61b02de3f51f6e78b48af5.0000136f.honggfuzz.cov new file mode 100644 index 00000000..1b1bfa89 Binary files /dev/null and b/examples/bind/corpus/765e85a95e61b02de3f51f6e78b48af5.0000136f.honggfuzz.cov differ diff --git a/examples/bind/corpus/76676bd45a2c281f4c8b24ed385326c9.00020000.honggfuzz.cov b/examples/bind/corpus/76676bd45a2c281f4c8b24ed385326c9.00020000.honggfuzz.cov deleted file mode 100644 index 523ec80a..00000000 Binary files a/examples/bind/corpus/76676bd45a2c281f4c8b24ed385326c9.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7669bf3b9791b889904a00af90bf5100.00000bb8.honggfuzz.cov b/examples/bind/corpus/7669bf3b9791b889904a00af90bf5100.00000bb8.honggfuzz.cov new file mode 100644 index 00000000..c0f6d9f9 Binary files /dev/null and b/examples/bind/corpus/7669bf3b9791b889904a00af90bf5100.00000bb8.honggfuzz.cov differ diff --git a/examples/bind/corpus/767341a0f5145cdf112310a902c19e29.000000f9.honggfuzz.cov b/examples/bind/corpus/767341a0f5145cdf112310a902c19e29.000000f9.honggfuzz.cov deleted file mode 100644 index 97c77461..00000000 Binary files a/examples/bind/corpus/767341a0f5145cdf112310a902c19e29.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/767aed943de4a198f0ebf82660bd48c5.00000021.honggfuzz.cov b/examples/bind/corpus/767aed943de4a198f0ebf82660bd48c5.00000021.honggfuzz.cov deleted file mode 100644 index bc1200dc..00000000 Binary files a/examples/bind/corpus/767aed943de4a198f0ebf82660bd48c5.00000021.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/768348f043aeec02ed83120d66d08942.000000ac.honggfuzz.cov b/examples/bind/corpus/768348f043aeec02ed83120d66d08942.000000ac.honggfuzz.cov deleted file mode 100644 index c6fe7253..00000000 Binary files a/examples/bind/corpus/768348f043aeec02ed83120d66d08942.000000ac.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/76a8b4fa76ad6b3db25db2ebf28af2e5.000000f7.honggfuzz.cov b/examples/bind/corpus/76a8b4fa76ad6b3db25db2ebf28af2e5.000000f7.honggfuzz.cov deleted file mode 100644 index 2bd78eff..00000000 Binary files a/examples/bind/corpus/76a8b4fa76ad6b3db25db2ebf28af2e5.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/76b9e6b85f81f30d58b0e9c3656ce93e.0000040a.honggfuzz.cov b/examples/bind/corpus/76b9e6b85f81f30d58b0e9c3656ce93e.0000040a.honggfuzz.cov new file mode 100644 index 00000000..eae645c8 Binary files /dev/null and b/examples/bind/corpus/76b9e6b85f81f30d58b0e9c3656ce93e.0000040a.honggfuzz.cov differ diff --git a/examples/bind/corpus/76ba7c38c34c83ec4c58b6f647c35aa5.00000085.honggfuzz.cov b/examples/bind/corpus/76ba7c38c34c83ec4c58b6f647c35aa5.00000085.honggfuzz.cov deleted file mode 100644 index 6f517fec..00000000 Binary files a/examples/bind/corpus/76ba7c38c34c83ec4c58b6f647c35aa5.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/76be4303011cf9042095e90b48fb6cca.00000085.honggfuzz.cov b/examples/bind/corpus/76be4303011cf9042095e90b48fb6cca.00000085.honggfuzz.cov deleted file mode 100644 index e4db2348..00000000 Binary files a/examples/bind/corpus/76be4303011cf9042095e90b48fb6cca.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/76dbab4f5091539d5dda5a439e1af0ee.00000071.honggfuzz.cov b/examples/bind/corpus/76dbab4f5091539d5dda5a439e1af0ee.00000071.honggfuzz.cov deleted file mode 100644 index c3c2dc5a..00000000 Binary files a/examples/bind/corpus/76dbab4f5091539d5dda5a439e1af0ee.00000071.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/76e35f8ff2733bbc60d1cfb56f7dd9ca.00000085.honggfuzz.cov b/examples/bind/corpus/76e35f8ff2733bbc60d1cfb56f7dd9ca.00000085.honggfuzz.cov deleted file mode 100644 index cab596cf..00000000 Binary files a/examples/bind/corpus/76e35f8ff2733bbc60d1cfb56f7dd9ca.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/770e76a9b70a1a59d1af1ba928043f8e.00000035.honggfuzz.cov b/examples/bind/corpus/770e76a9b70a1a59d1af1ba928043f8e.00000035.honggfuzz.cov new file mode 100644 index 00000000..1ad87cd2 Binary files /dev/null and b/examples/bind/corpus/770e76a9b70a1a59d1af1ba928043f8e.00000035.honggfuzz.cov differ diff --git a/examples/bind/corpus/771cba79cb85136c511ef447ffbbaa8d.000101d0.honggfuzz.cov b/examples/bind/corpus/771cba79cb85136c511ef447ffbbaa8d.000101d0.honggfuzz.cov new file mode 100644 index 00000000..7a096cf6 Binary files /dev/null and b/examples/bind/corpus/771cba79cb85136c511ef447ffbbaa8d.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/7740362f7f634f7b49e3db99936217e0.00001823.honggfuzz.cov b/examples/bind/corpus/7740362f7f634f7b49e3db99936217e0.00001823.honggfuzz.cov deleted file mode 100644 index 0c6ee581..00000000 Binary files a/examples/bind/corpus/7740362f7f634f7b49e3db99936217e0.00001823.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/774bc9ed7c614e1a58d84360f448132e.00000085.honggfuzz.cov b/examples/bind/corpus/774bc9ed7c614e1a58d84360f448132e.00000085.honggfuzz.cov deleted file mode 100644 index 9c6e2747..00000000 Binary files a/examples/bind/corpus/774bc9ed7c614e1a58d84360f448132e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7752780f9712535fb5ca1e2208bb9cc6.00018ff0.honggfuzz.cov b/examples/bind/corpus/7752780f9712535fb5ca1e2208bb9cc6.00018ff0.honggfuzz.cov deleted file mode 100644 index c9ec711b..00000000 Binary files a/examples/bind/corpus/7752780f9712535fb5ca1e2208bb9cc6.00018ff0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7759bf466e4f7600552f90d482a7e5bc.0000032e.honggfuzz.cov b/examples/bind/corpus/7759bf466e4f7600552f90d482a7e5bc.0000032e.honggfuzz.cov deleted file mode 100644 index 37b96d79..00000000 Binary files a/examples/bind/corpus/7759bf466e4f7600552f90d482a7e5bc.0000032e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7766711f0c17f130c8d38dadd1a84213.00000085.honggfuzz.cov b/examples/bind/corpus/7766711f0c17f130c8d38dadd1a84213.00000085.honggfuzz.cov deleted file mode 100644 index 37bf2b8c..00000000 Binary files a/examples/bind/corpus/7766711f0c17f130c8d38dadd1a84213.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7775e9ed7c614e1a58fd557bc276332e.00000085.honggfuzz.cov b/examples/bind/corpus/7775e9ed7c614e1a58fd557bc276332e.00000085.honggfuzz.cov deleted file mode 100644 index 5621dd44..00000000 Binary files a/examples/bind/corpus/7775e9ed7c614e1a58fd557bc276332e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/779080d63702c357e0ef86a211583cfb.0001f7e8.honggfuzz.cov b/examples/bind/corpus/779080d63702c357e0ef86a211583cfb.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..e7efd01f Binary files /dev/null and b/examples/bind/corpus/779080d63702c357e0ef86a211583cfb.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/779491cfcf244c572991923b84e11c3a.000001a5.honggfuzz.cov b/examples/bind/corpus/779491cfcf244c572991923b84e11c3a.000001a5.honggfuzz.cov new file mode 100644 index 00000000..7cb26f14 Binary files /dev/null and b/examples/bind/corpus/779491cfcf244c572991923b84e11c3a.000001a5.honggfuzz.cov differ diff --git a/examples/bind/corpus/779a77bf5bce5727b3dfc1555e38f9d5.000018b9.honggfuzz.cov b/examples/bind/corpus/779a77bf5bce5727b3dfc1555e38f9d5.000018b9.honggfuzz.cov deleted file mode 100644 index 81765bdf..00000000 Binary files a/examples/bind/corpus/779a77bf5bce5727b3dfc1555e38f9d5.000018b9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/779ce3d7ada13df5ad234375314df1ac.0000008a.honggfuzz.cov b/examples/bind/corpus/779ce3d7ada13df5ad234375314df1ac.0000008a.honggfuzz.cov new file mode 100644 index 00000000..0c0e20fd Binary files /dev/null and b/examples/bind/corpus/779ce3d7ada13df5ad234375314df1ac.0000008a.honggfuzz.cov differ diff --git a/examples/bind/corpus/77a5a9d02e7ca813ada23d054d300c7a.00000085.honggfuzz.cov b/examples/bind/corpus/77a5a9d02e7ca813ada23d054d300c7a.00000085.honggfuzz.cov deleted file mode 100644 index 27230fb4..00000000 Binary files a/examples/bind/corpus/77a5a9d02e7ca813ada23d054d300c7a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/77b75129fdca8abf31c800d2c44f22a8.00000097.honggfuzz.cov b/examples/bind/corpus/77b75129fdca8abf31c800d2c44f22a8.00000097.honggfuzz.cov deleted file mode 100644 index 899a2457..00000000 Binary files a/examples/bind/corpus/77b75129fdca8abf31c800d2c44f22a8.00000097.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/77b8438012920b81d4c524026fc9972c.00000085.honggfuzz.cov b/examples/bind/corpus/77b8438012920b81d4c524026fc9972c.00000085.honggfuzz.cov deleted file mode 100644 index 34c3b059..00000000 Binary files a/examples/bind/corpus/77b8438012920b81d4c524026fc9972c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/77d4fb2dc1e8631c11d6cdd19908a68d.000037d3.honggfuzz.cov b/examples/bind/corpus/77d4fb2dc1e8631c11d6cdd19908a68d.000037d3.honggfuzz.cov deleted file mode 100644 index ccacad8c..00000000 Binary files a/examples/bind/corpus/77d4fb2dc1e8631c11d6cdd19908a68d.000037d3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/77e17a6260a37655dc8bce4db4ae686e.00000085.honggfuzz.cov b/examples/bind/corpus/77e17a6260a37655dc8bce4db4ae686e.00000085.honggfuzz.cov new file mode 100644 index 00000000..a18d456a Binary files /dev/null and b/examples/bind/corpus/77e17a6260a37655dc8bce4db4ae686e.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/7814dfbd50c5c1981f11ff062343068d.00010e2b.honggfuzz.cov b/examples/bind/corpus/7814dfbd50c5c1981f11ff062343068d.00010e2b.honggfuzz.cov deleted file mode 100644 index c8bc4486..00000000 Binary files a/examples/bind/corpus/7814dfbd50c5c1981f11ff062343068d.00010e2b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/781689077a6f07896688cd2829af7a57.000001db.honggfuzz.cov b/examples/bind/corpus/781689077a6f07896688cd2829af7a57.000001db.honggfuzz.cov deleted file mode 100644 index b1e8b04c..00000000 Binary files a/examples/bind/corpus/781689077a6f07896688cd2829af7a57.000001db.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/781d01de4ac84bcc67b21ba013800cda.000003ab.honggfuzz.cov b/examples/bind/corpus/781d01de4ac84bcc67b21ba013800cda.000003ab.honggfuzz.cov deleted file mode 100644 index 898ea50c..00000000 Binary files a/examples/bind/corpus/781d01de4ac84bcc67b21ba013800cda.000003ab.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/782e15b94639d160373af752a4242f4b.00020000.honggfuzz.cov b/examples/bind/corpus/782e15b94639d160373af752a4242f4b.00020000.honggfuzz.cov deleted file mode 100644 index 071e1282..00000000 Binary files a/examples/bind/corpus/782e15b94639d160373af752a4242f4b.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/783b3bd6a4894af5bf6ff81b0e6a6567.00000905.honggfuzz.cov b/examples/bind/corpus/783b3bd6a4894af5bf6ff81b0e6a6567.00000905.honggfuzz.cov deleted file mode 100644 index 70ad5cbf..00000000 Binary files a/examples/bind/corpus/783b3bd6a4894af5bf6ff81b0e6a6567.00000905.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/785447ab83c8799f0ff03269e68a8ac7.000000f9.honggfuzz.cov b/examples/bind/corpus/785447ab83c8799f0ff03269e68a8ac7.000000f9.honggfuzz.cov deleted file mode 100644 index 80bfef16..00000000 Binary files a/examples/bind/corpus/785447ab83c8799f0ff03269e68a8ac7.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/785c9d8b576ccae97d9b0252e7ce08c1.0001f7e8.honggfuzz.cov b/examples/bind/corpus/785c9d8b576ccae97d9b0252e7ce08c1.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..c2e28459 Binary files /dev/null and b/examples/bind/corpus/785c9d8b576ccae97d9b0252e7ce08c1.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/78631cfd9d645fcaa29147b4713b5db5.00000305.honggfuzz.cov b/examples/bind/corpus/78631cfd9d645fcaa29147b4713b5db5.00000305.honggfuzz.cov new file mode 100644 index 00000000..22a058af Binary files /dev/null and b/examples/bind/corpus/78631cfd9d645fcaa29147b4713b5db5.00000305.honggfuzz.cov differ diff --git a/examples/bind/corpus/78646792b5dcf0eb7fb9f5e32ad1f0b5.000000c0.honggfuzz.cov b/examples/bind/corpus/78646792b5dcf0eb7fb9f5e32ad1f0b5.000000c0.honggfuzz.cov deleted file mode 100644 index 178496a3..00000000 Binary files a/examples/bind/corpus/78646792b5dcf0eb7fb9f5e32ad1f0b5.000000c0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7865d3ca732b3d696566237dbb5b7a45.00000040.honggfuzz.cov b/examples/bind/corpus/7865d3ca732b3d696566237dbb5b7a45.00000040.honggfuzz.cov deleted file mode 100644 index 06fc9a75..00000000 Binary files a/examples/bind/corpus/7865d3ca732b3d696566237dbb5b7a45.00000040.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/787aa4c72f5eee08d7ae9cb7e5f7a6a8.00000200.honggfuzz.cov b/examples/bind/corpus/787aa4c72f5eee08d7ae9cb7e5f7a6a8.00000200.honggfuzz.cov new file mode 100644 index 00000000..6b9849ab Binary files /dev/null and b/examples/bind/corpus/787aa4c72f5eee08d7ae9cb7e5f7a6a8.00000200.honggfuzz.cov differ diff --git a/examples/bind/corpus/788e6584ed9a34f7dffc6e471287cdb1.00000072.honggfuzz.cov b/examples/bind/corpus/788e6584ed9a34f7dffc6e471287cdb1.00000072.honggfuzz.cov deleted file mode 100644 index a0d3a688..00000000 Binary files a/examples/bind/corpus/788e6584ed9a34f7dffc6e471287cdb1.00000072.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/78a6def0c06cbc5371f88ee425dd5f1a.000004f1.honggfuzz.cov b/examples/bind/corpus/78a6def0c06cbc5371f88ee425dd5f1a.000004f1.honggfuzz.cov deleted file mode 100644 index 141d0321..00000000 Binary files a/examples/bind/corpus/78a6def0c06cbc5371f88ee425dd5f1a.000004f1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/78e68fb589a0e052265ff587eaff6920.00000080.honggfuzz.cov b/examples/bind/corpus/78e68fb589a0e052265ff587eaff6920.00000080.honggfuzz.cov deleted file mode 100644 index 8fa6f8ec..00000000 Binary files a/examples/bind/corpus/78e68fb589a0e052265ff587eaff6920.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/78e884e399c6a512a3b5a3deb6013a7f.00000b57.honggfuzz.cov b/examples/bind/corpus/78e884e399c6a512a3b5a3deb6013a7f.00000b57.honggfuzz.cov deleted file mode 100644 index 769138da..00000000 Binary files a/examples/bind/corpus/78e884e399c6a512a3b5a3deb6013a7f.00000b57.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/78ea646b809efb055187b87bf06cc542.00000042.honggfuzz.cov b/examples/bind/corpus/78ea646b809efb055187b87bf06cc542.00000042.honggfuzz.cov deleted file mode 100644 index 2157e1b6..00000000 Binary files a/examples/bind/corpus/78ea646b809efb055187b87bf06cc542.00000042.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/78f2e1dd7f55ae0ca9fc994b48b36f36.00000085.honggfuzz.cov b/examples/bind/corpus/78f2e1dd7f55ae0ca9fc994b48b36f36.00000085.honggfuzz.cov deleted file mode 100644 index c0fecb9f..00000000 Binary files a/examples/bind/corpus/78f2e1dd7f55ae0ca9fc994b48b36f36.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/790f12b64e066d51b566861a6645171c.00000085.honggfuzz.cov b/examples/bind/corpus/790f12b64e066d51b566861a6645171c.00000085.honggfuzz.cov deleted file mode 100644 index 53f6f9a8..00000000 Binary files a/examples/bind/corpus/790f12b64e066d51b566861a6645171c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7920b9a822445f35bd65e5536fc98f65.00000085.honggfuzz.cov b/examples/bind/corpus/7920b9a822445f35bd65e5536fc98f65.00000085.honggfuzz.cov deleted file mode 100644 index f8f59003..00000000 Binary files a/examples/bind/corpus/7920b9a822445f35bd65e5536fc98f65.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/792bebe7822d34f38bab169a632877c2.000000d5.honggfuzz.cov b/examples/bind/corpus/792bebe7822d34f38bab169a632877c2.000000d5.honggfuzz.cov new file mode 100644 index 00000000..b9da18c9 Binary files /dev/null and b/examples/bind/corpus/792bebe7822d34f38bab169a632877c2.000000d5.honggfuzz.cov differ diff --git a/examples/bind/corpus/792cc5e3a67337673c85aae4eff9e80e.0001f7e8.honggfuzz.cov b/examples/bind/corpus/792cc5e3a67337673c85aae4eff9e80e.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..9c78ca3c Binary files /dev/null and b/examples/bind/corpus/792cc5e3a67337673c85aae4eff9e80e.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/795209256d8a53804ae7c99da98ffdd9.00000f03.honggfuzz.cov b/examples/bind/corpus/795209256d8a53804ae7c99da98ffdd9.00000f03.honggfuzz.cov new file mode 100644 index 00000000..336b82ca Binary files /dev/null and b/examples/bind/corpus/795209256d8a53804ae7c99da98ffdd9.00000f03.honggfuzz.cov differ diff --git a/examples/bind/corpus/79565c62b3ea5465d75913fc12c0d4c1.000002f0.honggfuzz.cov b/examples/bind/corpus/79565c62b3ea5465d75913fc12c0d4c1.000002f0.honggfuzz.cov deleted file mode 100644 index 15278961..00000000 Binary files a/examples/bind/corpus/79565c62b3ea5465d75913fc12c0d4c1.000002f0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7960dbdedf1c5d6d5db76b555b6a254b.00010566.honggfuzz.cov b/examples/bind/corpus/7960dbdedf1c5d6d5db76b555b6a254b.00010566.honggfuzz.cov new file mode 100644 index 00000000..813580d8 Binary files /dev/null and b/examples/bind/corpus/7960dbdedf1c5d6d5db76b555b6a254b.00010566.honggfuzz.cov differ diff --git a/examples/bind/corpus/798d2b651e23a5e67cda51699282bc54.00000bb8.honggfuzz.cov b/examples/bind/corpus/798d2b651e23a5e67cda51699282bc54.00000bb8.honggfuzz.cov new file mode 100644 index 00000000..84fb937d Binary files /dev/null and b/examples/bind/corpus/798d2b651e23a5e67cda51699282bc54.00000bb8.honggfuzz.cov differ diff --git a/examples/bind/corpus/7998b5985c5f3bc116c640afee5fd6bf.00000230.honggfuzz.cov b/examples/bind/corpus/7998b5985c5f3bc116c640afee5fd6bf.00000230.honggfuzz.cov new file mode 100644 index 00000000..3588a2dd Binary files /dev/null and b/examples/bind/corpus/7998b5985c5f3bc116c640afee5fd6bf.00000230.honggfuzz.cov differ diff --git a/examples/bind/corpus/79ad0e0c219da01e275c7c3e3ad09937.00000042.honggfuzz.cov b/examples/bind/corpus/79ad0e0c219da01e275c7c3e3ad09937.00000042.honggfuzz.cov new file mode 100644 index 00000000..3cb4835d Binary files /dev/null and b/examples/bind/corpus/79ad0e0c219da01e275c7c3e3ad09937.00000042.honggfuzz.cov differ diff --git a/examples/bind/corpus/79b28ff8261f850aaecb77f33d08696f.00001484.honggfuzz.cov b/examples/bind/corpus/79b28ff8261f850aaecb77f33d08696f.00001484.honggfuzz.cov deleted file mode 100644 index 277a2cb4..00000000 Binary files a/examples/bind/corpus/79b28ff8261f850aaecb77f33d08696f.00001484.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/79c00158d3816560a29abff53a30ce54.00002000.honggfuzz.cov b/examples/bind/corpus/79c00158d3816560a29abff53a30ce54.00002000.honggfuzz.cov new file mode 100644 index 00000000..5261607c Binary files /dev/null and b/examples/bind/corpus/79c00158d3816560a29abff53a30ce54.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/79d0a913a326fc05236b2560db4ec57a.0000005e.honggfuzz.cov b/examples/bind/corpus/79d0a913a326fc05236b2560db4ec57a.0000005e.honggfuzz.cov deleted file mode 100644 index 919debce..00000000 Binary files a/examples/bind/corpus/79d0a913a326fc05236b2560db4ec57a.0000005e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/79ec1061b71eb58fbf8aaf2732282a36.00000400.honggfuzz.cov b/examples/bind/corpus/79ec1061b71eb58fbf8aaf2732282a36.00000400.honggfuzz.cov deleted file mode 100644 index 9ab7a8b9..00000000 Binary files a/examples/bind/corpus/79ec1061b71eb58fbf8aaf2732282a36.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7a080ad7204f80d3cbed5c05b2764bce.000000f7.honggfuzz.cov b/examples/bind/corpus/7a080ad7204f80d3cbed5c05b2764bce.000000f7.honggfuzz.cov deleted file mode 100644 index 974ec81b..00000000 Binary files a/examples/bind/corpus/7a080ad7204f80d3cbed5c05b2764bce.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7a17d260cbba31f32dc0845dc16dfac8.00000099.honggfuzz.cov b/examples/bind/corpus/7a17d260cbba31f32dc0845dc16dfac8.00000099.honggfuzz.cov deleted file mode 100644 index 4d5f64a2..00000000 Binary files a/examples/bind/corpus/7a17d260cbba31f32dc0845dc16dfac8.00000099.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7a254a4d10da15268ea6b118ff7c0eee.0000003d.honggfuzz.cov b/examples/bind/corpus/7a254a4d10da15268ea6b118ff7c0eee.0000003d.honggfuzz.cov deleted file mode 100644 index ceeb2396..00000000 Binary files a/examples/bind/corpus/7a254a4d10da15268ea6b118ff7c0eee.0000003d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7a2b000c051be55aec0d8bcf5af914dd.00000040.honggfuzz.cov b/examples/bind/corpus/7a2b000c051be55aec0d8bcf5af914dd.00000040.honggfuzz.cov new file mode 100644 index 00000000..795b01c5 Binary files /dev/null and b/examples/bind/corpus/7a2b000c051be55aec0d8bcf5af914dd.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/7a2d54a5de8f01b3e2bb0873b4286013.000002a9.honggfuzz.cov b/examples/bind/corpus/7a2d54a5de8f01b3e2bb0873b4286013.000002a9.honggfuzz.cov deleted file mode 100644 index 4d64651f..00000000 Binary files a/examples/bind/corpus/7a2d54a5de8f01b3e2bb0873b4286013.000002a9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7a38ec3cca898f6092638d24f37604d7.00000570.honggfuzz.cov b/examples/bind/corpus/7a38ec3cca898f6092638d24f37604d7.00000570.honggfuzz.cov new file mode 100644 index 00000000..8b552c9b Binary files /dev/null and b/examples/bind/corpus/7a38ec3cca898f6092638d24f37604d7.00000570.honggfuzz.cov differ diff --git a/examples/bind/corpus/7a9347d3d1cc1d61c8e7f67fa0c6f22b.000000f9.honggfuzz.cov b/examples/bind/corpus/7a9347d3d1cc1d61c8e7f67fa0c6f22b.000000f9.honggfuzz.cov deleted file mode 100644 index 47569d17..00000000 Binary files a/examples/bind/corpus/7a9347d3d1cc1d61c8e7f67fa0c6f22b.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7ab56409c62366c9605dccdb3574c053.00000020.honggfuzz.cov b/examples/bind/corpus/7ab56409c62366c9605dccdb3574c053.00000020.honggfuzz.cov deleted file mode 100644 index 879ce3aa..00000000 Binary files a/examples/bind/corpus/7ab56409c62366c9605dccdb3574c053.00000020.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7ab56409c79366c9605dccda2565c053.00000020.honggfuzz.cov b/examples/bind/corpus/7ab56409c79366c9605dccda2565c053.00000020.honggfuzz.cov new file mode 100644 index 00000000..2a424db5 Binary files /dev/null and b/examples/bind/corpus/7ab56409c79366c9605dccda2565c053.00000020.honggfuzz.cov differ diff --git a/examples/bind/corpus/7ac5f6c401ce79d93cf70ae0c3a1244f.0000006d.honggfuzz.cov b/examples/bind/corpus/7ac5f6c401ce79d93cf70ae0c3a1244f.0000006d.honggfuzz.cov new file mode 100644 index 00000000..ce733004 Binary files /dev/null and b/examples/bind/corpus/7ac5f6c401ce79d93cf70ae0c3a1244f.0000006d.honggfuzz.cov differ diff --git a/examples/bind/corpus/7ace351f8658bff188becfd6ee4eae61.00000400.honggfuzz.cov b/examples/bind/corpus/7ace351f8658bff188becfd6ee4eae61.00000400.honggfuzz.cov deleted file mode 100644 index 8bf291bc..00000000 Binary files a/examples/bind/corpus/7ace351f8658bff188becfd6ee4eae61.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7ad37362c3587ea43086f12efba698d1.00000080.honggfuzz.cov b/examples/bind/corpus/7ad37362c3587ea43086f12efba698d1.00000080.honggfuzz.cov deleted file mode 100644 index 472e4976..00000000 Binary files a/examples/bind/corpus/7ad37362c3587ea43086f12efba698d1.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7adb8f803dba2218127e53d08150564a.00000336.honggfuzz.cov b/examples/bind/corpus/7adb8f803dba2218127e53d08150564a.00000336.honggfuzz.cov deleted file mode 100644 index d892d2ba..00000000 Binary files a/examples/bind/corpus/7adb8f803dba2218127e53d08150564a.00000336.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7b5d9f30a10a4726d7d94499a6acf3b0.000000a0.honggfuzz.cov b/examples/bind/corpus/7b5d9f30a10a4726d7d94499a6acf3b0.000000a0.honggfuzz.cov deleted file mode 100644 index d185b428..00000000 Binary files a/examples/bind/corpus/7b5d9f30a10a4726d7d94499a6acf3b0.000000a0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7b696061fa69cb6ab81083e471afc459.000000d7.honggfuzz.cov b/examples/bind/corpus/7b696061fa69cb6ab81083e471afc459.000000d7.honggfuzz.cov new file mode 100644 index 00000000..52789132 Binary files /dev/null and b/examples/bind/corpus/7b696061fa69cb6ab81083e471afc459.000000d7.honggfuzz.cov differ diff --git a/examples/bind/corpus/7b79cfd9ebcdcf25602aaafc379c19cf.00000085.honggfuzz.cov b/examples/bind/corpus/7b79cfd9ebcdcf25602aaafc379c19cf.00000085.honggfuzz.cov deleted file mode 100644 index b65983bd..00000000 Binary files a/examples/bind/corpus/7b79cfd9ebcdcf25602aaafc379c19cf.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7b9ae663965fddafe313e94dd37f4131.00000085.honggfuzz.cov b/examples/bind/corpus/7b9ae663965fddafe313e94dd37f4131.00000085.honggfuzz.cov new file mode 100644 index 00000000..54c499b5 Binary files /dev/null and b/examples/bind/corpus/7b9ae663965fddafe313e94dd37f4131.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/7bb1090bcd16c68b271faf7fe780c5f7.00000b98.honggfuzz.cov b/examples/bind/corpus/7bb1090bcd16c68b271faf7fe780c5f7.00000b98.honggfuzz.cov new file mode 100644 index 00000000..a615c5f0 Binary files /dev/null and b/examples/bind/corpus/7bb1090bcd16c68b271faf7fe780c5f7.00000b98.honggfuzz.cov differ diff --git a/examples/bind/corpus/7bde4d887edbf8f17141f6f29a13ebd5.00000021.honggfuzz.cov b/examples/bind/corpus/7bde4d887edbf8f17141f6f29a13ebd5.00000021.honggfuzz.cov new file mode 100644 index 00000000..41767443 Binary files /dev/null and b/examples/bind/corpus/7bde4d887edbf8f17141f6f29a13ebd5.00000021.honggfuzz.cov differ diff --git a/examples/bind/corpus/7be4c8ff839eec5f5524850e2a767125.00000085.honggfuzz.cov b/examples/bind/corpus/7be4c8ff839eec5f5524850e2a767125.00000085.honggfuzz.cov deleted file mode 100644 index 3ab08bbc..00000000 Binary files a/examples/bind/corpus/7be4c8ff839eec5f5524850e2a767125.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7bf744b2861cb1ee0a901da0ce3fa7c7.0000128b.honggfuzz.cov b/examples/bind/corpus/7bf744b2861cb1ee0a901da0ce3fa7c7.0000128b.honggfuzz.cov new file mode 100644 index 00000000..f130f1fb Binary files /dev/null and b/examples/bind/corpus/7bf744b2861cb1ee0a901da0ce3fa7c7.0000128b.honggfuzz.cov differ diff --git a/examples/bind/corpus/7bf82ed33477c3a469f4979eb5bf2fbb.000017b0.honggfuzz.cov b/examples/bind/corpus/7bf82ed33477c3a469f4979eb5bf2fbb.000017b0.honggfuzz.cov deleted file mode 100644 index 86690a87..00000000 Binary files a/examples/bind/corpus/7bf82ed33477c3a469f4979eb5bf2fbb.000017b0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7c01b0e0e3abb7d92c3785bef85d087d.00000085.honggfuzz.cov b/examples/bind/corpus/7c01b0e0e3abb7d92c3785bef85d087d.00000085.honggfuzz.cov deleted file mode 100644 index 05228be5..00000000 Binary files a/examples/bind/corpus/7c01b0e0e3abb7d92c3785bef85d087d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7c0b03f812dfa5326bc366ccaf0e4060.00000085.honggfuzz.cov b/examples/bind/corpus/7c0b03f812dfa5326bc366ccaf0e4060.00000085.honggfuzz.cov new file mode 100644 index 00000000..7b39f3ef Binary files /dev/null and b/examples/bind/corpus/7c0b03f812dfa5326bc366ccaf0e4060.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/7c0f5784e6561702aac396331b7330ab.0000012e.honggfuzz.cov b/examples/bind/corpus/7c0f5784e6561702aac396331b7330ab.0000012e.honggfuzz.cov deleted file mode 100644 index af33b890..00000000 Binary files a/examples/bind/corpus/7c0f5784e6561702aac396331b7330ab.0000012e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7c1af1fdfa35320a925dbccc0d8fb283.00000080.honggfuzz.cov b/examples/bind/corpus/7c1af1fdfa35320a925dbccc0d8fb283.00000080.honggfuzz.cov new file mode 100644 index 00000000..e33b754a Binary files /dev/null and b/examples/bind/corpus/7c1af1fdfa35320a925dbccc0d8fb283.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/7c20ef2b4c134d51e7303a7481b65358.00000383.honggfuzz.cov b/examples/bind/corpus/7c20ef2b4c134d51e7303a7481b65358.00000383.honggfuzz.cov deleted file mode 100644 index 96220c67..00000000 Binary files a/examples/bind/corpus/7c20ef2b4c134d51e7303a7481b65358.00000383.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7c3d30e5aa9be771271c0e2b168a4bca.00000400.honggfuzz.cov b/examples/bind/corpus/7c3d30e5aa9be771271c0e2b168a4bca.00000400.honggfuzz.cov new file mode 100644 index 00000000..d2efec18 Binary files /dev/null and b/examples/bind/corpus/7c3d30e5aa9be771271c0e2b168a4bca.00000400.honggfuzz.cov differ diff --git a/examples/bind/corpus/7c427080364d4f1f97b4bb28f587535a.000000ab.honggfuzz.cov b/examples/bind/corpus/7c427080364d4f1f97b4bb28f587535a.000000ab.honggfuzz.cov new file mode 100644 index 00000000..f40f5767 Binary files /dev/null and b/examples/bind/corpus/7c427080364d4f1f97b4bb28f587535a.000000ab.honggfuzz.cov differ diff --git a/examples/bind/corpus/7c4ffada41f0c93bf667711142e2ab9b.000000f9.honggfuzz.cov b/examples/bind/corpus/7c4ffada41f0c93bf667711142e2ab9b.000000f9.honggfuzz.cov deleted file mode 100644 index 29c8b18b..00000000 Binary files a/examples/bind/corpus/7c4ffada41f0c93bf667711142e2ab9b.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7c6c99399489aad72b47e2e7f83b3ad2.00000bb8.honggfuzz.cov b/examples/bind/corpus/7c6c99399489aad72b47e2e7f83b3ad2.00000bb8.honggfuzz.cov new file mode 100644 index 00000000..5910d110 Binary files /dev/null and b/examples/bind/corpus/7c6c99399489aad72b47e2e7f83b3ad2.00000bb8.honggfuzz.cov differ diff --git a/examples/bind/corpus/7c8043835f1f04dde778c484d13d6486.00000085.honggfuzz.cov b/examples/bind/corpus/7c8043835f1f04dde778c484d13d6486.00000085.honggfuzz.cov new file mode 100644 index 00000000..97089585 Binary files /dev/null and b/examples/bind/corpus/7c8043835f1f04dde778c484d13d6486.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/7c874c2fab7f0e0db8303c74f0b71a2e.00000207.honggfuzz.cov b/examples/bind/corpus/7c874c2fab7f0e0db8303c74f0b71a2e.00000207.honggfuzz.cov new file mode 100644 index 00000000..6aa34915 Binary files /dev/null and b/examples/bind/corpus/7c874c2fab7f0e0db8303c74f0b71a2e.00000207.honggfuzz.cov differ diff --git a/examples/bind/corpus/7c876adf26ad234af9ca9c8d2356a607.00007b4e.honggfuzz.cov b/examples/bind/corpus/7c876adf26ad234af9ca9c8d2356a607.00007b4e.honggfuzz.cov deleted file mode 100644 index e1eb014e..00000000 Binary files a/examples/bind/corpus/7c876adf26ad234af9ca9c8d2356a607.00007b4e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7c89bd92bf9cb36f878f70f5aac874ad.0000c8de.honggfuzz.cov b/examples/bind/corpus/7c89bd92bf9cb36f878f70f5aac874ad.0000c8de.honggfuzz.cov deleted file mode 100644 index d5622683..00000000 Binary files a/examples/bind/corpus/7c89bd92bf9cb36f878f70f5aac874ad.0000c8de.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7cbd39518fbad0d2f93a829d6c7ace21.000000b4.honggfuzz.cov b/examples/bind/corpus/7cbd39518fbad0d2f93a829d6c7ace21.000000b4.honggfuzz.cov deleted file mode 100644 index 12a6f1e4..00000000 Binary files a/examples/bind/corpus/7cbd39518fbad0d2f93a829d6c7ace21.000000b4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7cc55a2e3370e3a3e4cc077dec9a9ed6.00000042.honggfuzz.cov b/examples/bind/corpus/7cc55a2e3370e3a3e4cc077dec9a9ed6.00000042.honggfuzz.cov new file mode 100644 index 00000000..e1dcd30d Binary files /dev/null and b/examples/bind/corpus/7cc55a2e3370e3a3e4cc077dec9a9ed6.00000042.honggfuzz.cov differ diff --git a/examples/bind/corpus/7cf892cfbd058b1db6e0cf6d41df6c50.00000040.honggfuzz.cov b/examples/bind/corpus/7cf892cfbd058b1db6e0cf6d41df6c50.00000040.honggfuzz.cov new file mode 100644 index 00000000..70f8c9e2 Binary files /dev/null and b/examples/bind/corpus/7cf892cfbd058b1db6e0cf6d41df6c50.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/7d36a4abcfd789ea1d0efcc38709c429.000003eb.honggfuzz.cov b/examples/bind/corpus/7d36a4abcfd789ea1d0efcc38709c429.000003eb.honggfuzz.cov deleted file mode 100644 index 5e742f61..00000000 Binary files a/examples/bind/corpus/7d36a4abcfd789ea1d0efcc38709c429.000003eb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7d495baacf728cd2b5686ac88502837c.00020000.honggfuzz.cov b/examples/bind/corpus/7d495baacf728cd2b5686ac88502837c.00020000.honggfuzz.cov deleted file mode 100644 index ea285d89..00000000 Binary files a/examples/bind/corpus/7d495baacf728cd2b5686ac88502837c.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7d5cb27fb2964aa1b9b47837b6b5215e.0000140e.honggfuzz.cov b/examples/bind/corpus/7d5cb27fb2964aa1b9b47837b6b5215e.0000140e.honggfuzz.cov new file mode 100644 index 00000000..7a01ea9a Binary files /dev/null and b/examples/bind/corpus/7d5cb27fb2964aa1b9b47837b6b5215e.0000140e.honggfuzz.cov differ diff --git a/examples/bind/corpus/7d606d245433c4fbd483248c5d54730e.00000085.honggfuzz.cov b/examples/bind/corpus/7d606d245433c4fbd483248c5d54730e.00000085.honggfuzz.cov deleted file mode 100644 index 43d0c52a..00000000 Binary files a/examples/bind/corpus/7d606d245433c4fbd483248c5d54730e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7d60aa034797e04af24aae5e0d3f4396.000001ee.honggfuzz.cov b/examples/bind/corpus/7d60aa034797e04af24aae5e0d3f4396.000001ee.honggfuzz.cov new file mode 100644 index 00000000..bf6f7e48 Binary files /dev/null and b/examples/bind/corpus/7d60aa034797e04af24aae5e0d3f4396.000001ee.honggfuzz.cov differ diff --git a/examples/bind/corpus/7d6589c9077026f5b6071178fa41c5c6.000016e6.honggfuzz.cov b/examples/bind/corpus/7d6589c9077026f5b6071178fa41c5c6.000016e6.honggfuzz.cov deleted file mode 100644 index 206d2d7e..00000000 Binary files a/examples/bind/corpus/7d6589c9077026f5b6071178fa41c5c6.000016e6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7d65d85efb32fccbe7ba7ff3d22f6957.00000059.honggfuzz.cov b/examples/bind/corpus/7d65d85efb32fccbe7ba7ff3d22f6957.00000059.honggfuzz.cov new file mode 100644 index 00000000..71035b59 Binary files /dev/null and b/examples/bind/corpus/7d65d85efb32fccbe7ba7ff3d22f6957.00000059.honggfuzz.cov differ diff --git a/examples/bind/corpus/7d7eadfb174419a24368eb0d95bb2a4d.000004e3.honggfuzz.cov b/examples/bind/corpus/7d7eadfb174419a24368eb0d95bb2a4d.000004e3.honggfuzz.cov deleted file mode 100644 index 4b7b6164..00000000 Binary files a/examples/bind/corpus/7d7eadfb174419a24368eb0d95bb2a4d.000004e3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7d84d7d6d39195eee9ed2b1798f75977.0000037e.honggfuzz.cov b/examples/bind/corpus/7d84d7d6d39195eee9ed2b1798f75977.0000037e.honggfuzz.cov deleted file mode 100644 index 1cd2138f..00000000 Binary files a/examples/bind/corpus/7d84d7d6d39195eee9ed2b1798f75977.0000037e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7dba6ef8298ac94747a0214665b269d8.0000002d.honggfuzz.cov b/examples/bind/corpus/7dba6ef8298ac94747a0214665b269d8.0000002d.honggfuzz.cov new file mode 100644 index 00000000..65c098e9 Binary files /dev/null and b/examples/bind/corpus/7dba6ef8298ac94747a0214665b269d8.0000002d.honggfuzz.cov differ diff --git a/examples/bind/corpus/7dd441bda6212eac459e6c82da2c936b.0000003e.honggfuzz.cov b/examples/bind/corpus/7dd441bda6212eac459e6c82da2c936b.0000003e.honggfuzz.cov deleted file mode 100644 index efea7a01..00000000 Binary files a/examples/bind/corpus/7dd441bda6212eac459e6c82da2c936b.0000003e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7df078ab97181ec669d6ff1b2ab74347.00000087.honggfuzz.cov b/examples/bind/corpus/7df078ab97181ec669d6ff1b2ab74347.00000087.honggfuzz.cov deleted file mode 100644 index eb0c84a5..00000000 Binary files a/examples/bind/corpus/7df078ab97181ec669d6ff1b2ab74347.00000087.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7dfe1a918fd47d48c3888aef1c852297.00016ced.honggfuzz.cov b/examples/bind/corpus/7dfe1a918fd47d48c3888aef1c852297.00016ced.honggfuzz.cov deleted file mode 100644 index 4b7d53ef..00000000 Binary files a/examples/bind/corpus/7dfe1a918fd47d48c3888aef1c852297.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7e16918cc47c2193dd913087c7d929fe.00016ced.honggfuzz.cov b/examples/bind/corpus/7e16918cc47c2193dd913087c7d929fe.00016ced.honggfuzz.cov deleted file mode 100644 index 47d3712c..00000000 Binary files a/examples/bind/corpus/7e16918cc47c2193dd913087c7d929fe.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7e1e722d9ffa6e887a4aef924ff720cd.000002a9.honggfuzz.cov b/examples/bind/corpus/7e1e722d9ffa6e887a4aef924ff720cd.000002a9.honggfuzz.cov deleted file mode 100644 index 2366483d..00000000 Binary files a/examples/bind/corpus/7e1e722d9ffa6e887a4aef924ff720cd.000002a9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7e6e0683bdd349b034c46a9b75f7f79d.0000001f.honggfuzz.cov b/examples/bind/corpus/7e6e0683bdd349b034c46a9b75f7f79d.0000001f.honggfuzz.cov new file mode 100644 index 00000000..8c8ed1cd Binary files /dev/null and b/examples/bind/corpus/7e6e0683bdd349b034c46a9b75f7f79d.0000001f.honggfuzz.cov differ diff --git a/examples/bind/corpus/7e71c6f97a61a67ee714ae46810a7f92.0000175f.honggfuzz.cov b/examples/bind/corpus/7e71c6f97a61a67ee714ae46810a7f92.0000175f.honggfuzz.cov deleted file mode 100644 index 8f7b9fd7..00000000 Binary files a/examples/bind/corpus/7e71c6f97a61a67ee714ae46810a7f92.0000175f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7e7a881c8f33d398e8b4b20d95d77cac.00016095.honggfuzz.cov b/examples/bind/corpus/7e7a881c8f33d398e8b4b20d95d77cac.00016095.honggfuzz.cov deleted file mode 100644 index ca1f9f48..00000000 Binary files a/examples/bind/corpus/7e7a881c8f33d398e8b4b20d95d77cac.00016095.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7e7e052f4dcfdd47edafc59bbdceab05.0000f0a4.honggfuzz.cov b/examples/bind/corpus/7e7e052f4dcfdd47edafc59bbdceab05.0000f0a4.honggfuzz.cov new file mode 100644 index 00000000..cda9fda6 Binary files /dev/null and b/examples/bind/corpus/7e7e052f4dcfdd47edafc59bbdceab05.0000f0a4.honggfuzz.cov differ diff --git a/examples/bind/corpus/7e83d7069fd46452d7386344515c361c.00000244.honggfuzz.cov b/examples/bind/corpus/7e83d7069fd46452d7386344515c361c.00000244.honggfuzz.cov deleted file mode 100644 index f01f0b65..00000000 Binary files a/examples/bind/corpus/7e83d7069fd46452d7386344515c361c.00000244.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7e88722afcb81e4068b2e50a8c90e4b8.0000079e.honggfuzz.cov b/examples/bind/corpus/7e88722afcb81e4068b2e50a8c90e4b8.0000079e.honggfuzz.cov new file mode 100644 index 00000000..7ad6ea2e Binary files /dev/null and b/examples/bind/corpus/7e88722afcb81e4068b2e50a8c90e4b8.0000079e.honggfuzz.cov differ diff --git a/examples/bind/corpus/7e9c767e308ea12240e221fc31ce96ce.00000085.honggfuzz.cov b/examples/bind/corpus/7e9c767e308ea12240e221fc31ce96ce.00000085.honggfuzz.cov deleted file mode 100644 index e088af26..00000000 Binary files a/examples/bind/corpus/7e9c767e308ea12240e221fc31ce96ce.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7e9c9cecf1bfcb4923fb2046b8d2073e.00000039.honggfuzz.cov b/examples/bind/corpus/7e9c9cecf1bfcb4923fb2046b8d2073e.00000039.honggfuzz.cov deleted file mode 100644 index 4eea39d6..00000000 Binary files a/examples/bind/corpus/7e9c9cecf1bfcb4923fb2046b8d2073e.00000039.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7ea8b2dc010467931bddb68ef8842225.00000f8e.honggfuzz.cov b/examples/bind/corpus/7ea8b2dc010467931bddb68ef8842225.00000f8e.honggfuzz.cov new file mode 100644 index 00000000..6f4b5290 Binary files /dev/null and b/examples/bind/corpus/7ea8b2dc010467931bddb68ef8842225.00000f8e.honggfuzz.cov differ diff --git a/examples/bind/corpus/7ec92f202b56834f01f84a2ada553ed2.00002265.honggfuzz.cov b/examples/bind/corpus/7ec92f202b56834f01f84a2ada553ed2.00002265.honggfuzz.cov new file mode 100644 index 00000000..86c8e93b Binary files /dev/null and b/examples/bind/corpus/7ec92f202b56834f01f84a2ada553ed2.00002265.honggfuzz.cov differ diff --git a/examples/bind/corpus/7efba17317195f4562d1cde1a03adbc5.00013d1e.honggfuzz.cov b/examples/bind/corpus/7efba17317195f4562d1cde1a03adbc5.00013d1e.honggfuzz.cov deleted file mode 100644 index 4b823d05..00000000 Binary files a/examples/bind/corpus/7efba17317195f4562d1cde1a03adbc5.00013d1e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7efd82bc4772ac8504e6a438b32cbb48.00001b5a.honggfuzz.cov b/examples/bind/corpus/7efd82bc4772ac8504e6a438b32cbb48.00001b5a.honggfuzz.cov deleted file mode 100644 index a796d5ce..00000000 Binary files a/examples/bind/corpus/7efd82bc4772ac8504e6a438b32cbb48.00001b5a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7eff05420ffcee74b134c7d9a90bf6a2.000000f7.honggfuzz.cov b/examples/bind/corpus/7eff05420ffcee74b134c7d9a90bf6a2.000000f7.honggfuzz.cov deleted file mode 100644 index ea593890..00000000 Binary files a/examples/bind/corpus/7eff05420ffcee74b134c7d9a90bf6a2.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7f00f0d8ed28aa7915e0512653dbd499.00000174.honggfuzz.cov b/examples/bind/corpus/7f00f0d8ed28aa7915e0512653dbd499.00000174.honggfuzz.cov deleted file mode 100644 index bb125512..00000000 Binary files a/examples/bind/corpus/7f00f0d8ed28aa7915e0512653dbd499.00000174.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7f012972c114eaaeba257da9826774af.00001b5a.honggfuzz.cov b/examples/bind/corpus/7f012972c114eaaeba257da9826774af.00001b5a.honggfuzz.cov new file mode 100644 index 00000000..71c37d56 Binary files /dev/null and b/examples/bind/corpus/7f012972c114eaaeba257da9826774af.00001b5a.honggfuzz.cov differ diff --git a/examples/bind/corpus/7f18e46f8b61180e8463e0fddc3bf974.00000208.honggfuzz.cov b/examples/bind/corpus/7f18e46f8b61180e8463e0fddc3bf974.00000208.honggfuzz.cov new file mode 100644 index 00000000..efb0e182 Binary files /dev/null and b/examples/bind/corpus/7f18e46f8b61180e8463e0fddc3bf974.00000208.honggfuzz.cov differ diff --git a/examples/bind/corpus/7f3961d2d5d5c675b263c54b8fd9a3dc.00000085.honggfuzz.cov b/examples/bind/corpus/7f3961d2d5d5c675b263c54b8fd9a3dc.00000085.honggfuzz.cov new file mode 100644 index 00000000..e55e6171 Binary files /dev/null and b/examples/bind/corpus/7f3961d2d5d5c675b263c54b8fd9a3dc.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/7f544afcced90a253caf503c31c4b459.00000129.honggfuzz.cov b/examples/bind/corpus/7f544afcced90a253caf503c31c4b459.00000129.honggfuzz.cov new file mode 100644 index 00000000..96361c42 Binary files /dev/null and b/examples/bind/corpus/7f544afcced90a253caf503c31c4b459.00000129.honggfuzz.cov differ diff --git a/examples/bind/corpus/7f9b942d73dcf6457be9214f8cf02531.00000085.honggfuzz.cov b/examples/bind/corpus/7f9b942d73dcf6457be9214f8cf02531.00000085.honggfuzz.cov deleted file mode 100644 index 7c697f50..00000000 Binary files a/examples/bind/corpus/7f9b942d73dcf6457be9214f8cf02531.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7fa43947a2e8cff29617e685b762ed42.00000080.honggfuzz.cov b/examples/bind/corpus/7fa43947a2e8cff29617e685b762ed42.00000080.honggfuzz.cov deleted file mode 100644 index 7611c60c..00000000 Binary files a/examples/bind/corpus/7fa43947a2e8cff29617e685b762ed42.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7fa6ffb07a56364fc6cba90d3dda34c5.00000085.honggfuzz.cov b/examples/bind/corpus/7fa6ffb07a56364fc6cba90d3dda34c5.00000085.honggfuzz.cov deleted file mode 100644 index 76488137..00000000 Binary files a/examples/bind/corpus/7fa6ffb07a56364fc6cba90d3dda34c5.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7faa5b03352c2304de1b454bc1028b33.00000b9f.honggfuzz.cov b/examples/bind/corpus/7faa5b03352c2304de1b454bc1028b33.00000b9f.honggfuzz.cov deleted file mode 100644 index d9a68bb2..00000000 Binary files a/examples/bind/corpus/7faa5b03352c2304de1b454bc1028b33.00000b9f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7fb0f72ccc040c429c37aa67dbee955b.00000076.honggfuzz.cov b/examples/bind/corpus/7fb0f72ccc040c429c37aa67dbee955b.00000076.honggfuzz.cov deleted file mode 100644 index 5d1eaec8..00000000 Binary files a/examples/bind/corpus/7fb0f72ccc040c429c37aa67dbee955b.00000076.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7fc7b2cc5cf94979f23d6cd6bae6ec74.00000085.honggfuzz.cov b/examples/bind/corpus/7fc7b2cc5cf94979f23d6cd6bae6ec74.00000085.honggfuzz.cov deleted file mode 100644 index d703a5bb..00000000 Binary files a/examples/bind/corpus/7fc7b2cc5cf94979f23d6cd6bae6ec74.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7fe7e32a691082775ca1a4698a60bafa.00000085.honggfuzz.cov b/examples/bind/corpus/7fe7e32a691082775ca1a4698a60bafa.00000085.honggfuzz.cov new file mode 100644 index 00000000..bafa9525 Binary files /dev/null and b/examples/bind/corpus/7fe7e32a691082775ca1a4698a60bafa.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/7feda119b728dc309280efeb259060f6.00000175.honggfuzz.cov b/examples/bind/corpus/7feda119b728dc309280efeb259060f6.00000175.honggfuzz.cov new file mode 100644 index 00000000..5d200ab2 Binary files /dev/null and b/examples/bind/corpus/7feda119b728dc309280efeb259060f6.00000175.honggfuzz.cov differ diff --git a/examples/bind/corpus/7ff167a01b4e548f34939b9f5f9ba021.0001153e.honggfuzz.cov b/examples/bind/corpus/7ff167a01b4e548f34939b9f5f9ba021.0001153e.honggfuzz.cov deleted file mode 100644 index 8315524a..00000000 Binary files a/examples/bind/corpus/7ff167a01b4e548f34939b9f5f9ba021.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7ff27e7e62c6202ac57a419124290dbb.0000005f.honggfuzz.cov b/examples/bind/corpus/7ff27e7e62c6202ac57a419124290dbb.0000005f.honggfuzz.cov deleted file mode 100644 index 2a868a81..00000000 Binary files a/examples/bind/corpus/7ff27e7e62c6202ac57a419124290dbb.0000005f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7ffc39b963ad41794aafe896fadaa522.00000085.honggfuzz.cov b/examples/bind/corpus/7ffc39b963ad41794aafe896fadaa522.00000085.honggfuzz.cov deleted file mode 100644 index 12774431..00000000 Binary files a/examples/bind/corpus/7ffc39b963ad41794aafe896fadaa522.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/7ffc4743decd9e5dccaf75a5e0fea830.000005e6.honggfuzz.cov b/examples/bind/corpus/7ffc4743decd9e5dccaf75a5e0fea830.000005e6.honggfuzz.cov new file mode 100644 index 00000000..23bfa70c Binary files /dev/null and b/examples/bind/corpus/7ffc4743decd9e5dccaf75a5e0fea830.000005e6.honggfuzz.cov differ diff --git a/examples/bind/corpus/801b0874ba52675d29cd41afbe769afa.00015d1d.honggfuzz.cov b/examples/bind/corpus/801b0874ba52675d29cd41afbe769afa.00015d1d.honggfuzz.cov deleted file mode 100644 index 7dc12273..00000000 Binary files a/examples/bind/corpus/801b0874ba52675d29cd41afbe769afa.00015d1d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8021219d730f3689f6dec3e901ef9af0.000000b4.honggfuzz.cov b/examples/bind/corpus/8021219d730f3689f6dec3e901ef9af0.000000b4.honggfuzz.cov new file mode 100644 index 00000000..3d730438 Binary files /dev/null and b/examples/bind/corpus/8021219d730f3689f6dec3e901ef9af0.000000b4.honggfuzz.cov differ diff --git a/examples/bind/corpus/805f2ef9d4ddde6a7f43eb7e571d4610.00000080.honggfuzz.cov b/examples/bind/corpus/805f2ef9d4ddde6a7f43eb7e571d4610.00000080.honggfuzz.cov deleted file mode 100644 index 0ab296ba..00000000 Binary files a/examples/bind/corpus/805f2ef9d4ddde6a7f43eb7e571d4610.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8091d2b3d73a1a6780b48f41da3be44a.0000008b.honggfuzz.cov b/examples/bind/corpus/8091d2b3d73a1a6780b48f41da3be44a.0000008b.honggfuzz.cov deleted file mode 100644 index 1038f1fa..00000000 Binary files a/examples/bind/corpus/8091d2b3d73a1a6780b48f41da3be44a.0000008b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/809de75dc69bbfa8b5d04f3c3eda366e.0000c856.honggfuzz.cov b/examples/bind/corpus/809de75dc69bbfa8b5d04f3c3eda366e.0000c856.honggfuzz.cov deleted file mode 100644 index 432060c5..00000000 Binary files a/examples/bind/corpus/809de75dc69bbfa8b5d04f3c3eda366e.0000c856.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/809e932e9c77739be5a0599e477400ab.000187a9.honggfuzz.cov b/examples/bind/corpus/809e932e9c77739be5a0599e477400ab.000187a9.honggfuzz.cov deleted file mode 100644 index d690042b..00000000 Binary files a/examples/bind/corpus/809e932e9c77739be5a0599e477400ab.000187a9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/80a46ef2a758ce6284425ad8c1014725.00001ff2.honggfuzz.cov b/examples/bind/corpus/80a46ef2a758ce6284425ad8c1014725.00001ff2.honggfuzz.cov deleted file mode 100644 index 8b6882e4..00000000 Binary files a/examples/bind/corpus/80a46ef2a758ce6284425ad8c1014725.00001ff2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/80a9d4add1dc4a128e70cc0b995a952d.00000035.honggfuzz.cov b/examples/bind/corpus/80a9d4add1dc4a128e70cc0b995a952d.00000035.honggfuzz.cov deleted file mode 100644 index 800146de..00000000 Binary files a/examples/bind/corpus/80a9d4add1dc4a128e70cc0b995a952d.00000035.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/80dfa33c370c55e84135a3a45aaf5d01.0000021a.honggfuzz.cov b/examples/bind/corpus/80dfa33c370c55e84135a3a45aaf5d01.0000021a.honggfuzz.cov new file mode 100644 index 00000000..c543a7c2 Binary files /dev/null and b/examples/bind/corpus/80dfa33c370c55e84135a3a45aaf5d01.0000021a.honggfuzz.cov differ diff --git a/examples/bind/corpus/80fadef104377a1a56d8e76d895a2dbd.00000085.honggfuzz.cov b/examples/bind/corpus/80fadef104377a1a56d8e76d895a2dbd.00000085.honggfuzz.cov deleted file mode 100644 index 64c2973e..00000000 Binary files a/examples/bind/corpus/80fadef104377a1a56d8e76d895a2dbd.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/813155f472f4377e52e9ad8927cfd078.00001602.honggfuzz.cov b/examples/bind/corpus/813155f472f4377e52e9ad8927cfd078.00001602.honggfuzz.cov deleted file mode 100644 index 1b56b55e..00000000 Binary files a/examples/bind/corpus/813155f472f4377e52e9ad8927cfd078.00001602.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/81398d9095cf5d63db030f4c196d71bc.000018f4.honggfuzz.cov b/examples/bind/corpus/81398d9095cf5d63db030f4c196d71bc.000018f4.honggfuzz.cov new file mode 100644 index 00000000..62069db0 Binary files /dev/null and b/examples/bind/corpus/81398d9095cf5d63db030f4c196d71bc.000018f4.honggfuzz.cov differ diff --git a/examples/bind/corpus/816a68f8dbdd431dacaef3910c91df52.00000028.honggfuzz.cov b/examples/bind/corpus/816a68f8dbdd431dacaef3910c91df52.00000028.honggfuzz.cov new file mode 100644 index 00000000..fae90239 Binary files /dev/null and b/examples/bind/corpus/816a68f8dbdd431dacaef3910c91df52.00000028.honggfuzz.cov differ diff --git a/examples/bind/corpus/8173c7a58c19c932716061c23589567f.00000051.honggfuzz.cov b/examples/bind/corpus/8173c7a58c19c932716061c23589567f.00000051.honggfuzz.cov new file mode 100644 index 00000000..78abbab3 Binary files /dev/null and b/examples/bind/corpus/8173c7a58c19c932716061c23589567f.00000051.honggfuzz.cov differ diff --git a/examples/bind/corpus/81a0e7fb2d6deab1eebbfb4d5637aca9.00002000.honggfuzz.cov b/examples/bind/corpus/81a0e7fb2d6deab1eebbfb4d5637aca9.00002000.honggfuzz.cov new file mode 100644 index 00000000..a8f57cfa Binary files /dev/null and b/examples/bind/corpus/81a0e7fb2d6deab1eebbfb4d5637aca9.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/81a6773a3256d1ecdbf12fd84689a2ec.00000085.honggfuzz.cov b/examples/bind/corpus/81a6773a3256d1ecdbf12fd84689a2ec.00000085.honggfuzz.cov deleted file mode 100644 index 59bf1caf..00000000 Binary files a/examples/bind/corpus/81a6773a3256d1ecdbf12fd84689a2ec.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/81af351b11d1a642ecd9a82c16c619b9.00000085.honggfuzz.cov b/examples/bind/corpus/81af351b11d1a642ecd9a82c16c619b9.00000085.honggfuzz.cov deleted file mode 100644 index 15797f6b..00000000 Binary files a/examples/bind/corpus/81af351b11d1a642ecd9a82c16c619b9.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/81bdad2b5059f175c5ab86dfcc2c3244.00000080.honggfuzz.cov b/examples/bind/corpus/81bdad2b5059f175c5ab86dfcc2c3244.00000080.honggfuzz.cov deleted file mode 100644 index bf14b1cd..00000000 Binary files a/examples/bind/corpus/81bdad2b5059f175c5ab86dfcc2c3244.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/81be9a3339e25f52d76ba45d3cba82a8.00002020.honggfuzz.cov b/examples/bind/corpus/81be9a3339e25f52d76ba45d3cba82a8.00002020.honggfuzz.cov deleted file mode 100644 index f8cb6e95..00000000 Binary files a/examples/bind/corpus/81be9a3339e25f52d76ba45d3cba82a8.00002020.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/81d5255822e46407e6eafb3dda510a49.000024bc.honggfuzz.cov b/examples/bind/corpus/81d5255822e46407e6eafb3dda510a49.000024bc.honggfuzz.cov new file mode 100644 index 00000000..14a5d1f2 Binary files /dev/null and b/examples/bind/corpus/81d5255822e46407e6eafb3dda510a49.000024bc.honggfuzz.cov differ diff --git a/examples/bind/corpus/81fe4627e5e69a8ed944af00b9729ccd.0001c8b4.honggfuzz.cov b/examples/bind/corpus/81fe4627e5e69a8ed944af00b9729ccd.0001c8b4.honggfuzz.cov deleted file mode 100644 index 8ab3c49e..00000000 Binary files a/examples/bind/corpus/81fe4627e5e69a8ed944af00b9729ccd.0001c8b4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8242e6467d568c3ceef41aad7a8c7b4c.000000df.honggfuzz.cov b/examples/bind/corpus/8242e6467d568c3ceef41aad7a8c7b4c.000000df.honggfuzz.cov deleted file mode 100644 index 6c6d201e..00000000 Binary files a/examples/bind/corpus/8242e6467d568c3ceef41aad7a8c7b4c.000000df.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8246f3a8b117c8724ecb49b9bdca7fba.0000004b.honggfuzz.cov b/examples/bind/corpus/8246f3a8b117c8724ecb49b9bdca7fba.0000004b.honggfuzz.cov new file mode 100644 index 00000000..1da88507 Binary files /dev/null and b/examples/bind/corpus/8246f3a8b117c8724ecb49b9bdca7fba.0000004b.honggfuzz.cov differ diff --git a/examples/bind/corpus/824d6d1aad446893c1b116fe45c3425e.00000085.honggfuzz.cov b/examples/bind/corpus/824d6d1aad446893c1b116fe45c3425e.00000085.honggfuzz.cov deleted file mode 100644 index 91033a01..00000000 Binary files a/examples/bind/corpus/824d6d1aad446893c1b116fe45c3425e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/826c11aef9413de0fba0ba44ecf57b30.0000007b.honggfuzz.cov b/examples/bind/corpus/826c11aef9413de0fba0ba44ecf57b30.0000007b.honggfuzz.cov new file mode 100644 index 00000000..bde96a37 Binary files /dev/null and b/examples/bind/corpus/826c11aef9413de0fba0ba44ecf57b30.0000007b.honggfuzz.cov differ diff --git a/examples/bind/corpus/829ce9f142155b105eec071d79895ee8.00000116.honggfuzz.cov b/examples/bind/corpus/829ce9f142155b105eec071d79895ee8.00000116.honggfuzz.cov deleted file mode 100644 index 3792d890..00000000 Binary files a/examples/bind/corpus/829ce9f142155b105eec071d79895ee8.00000116.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/82b7554245edab19eeb3844ec51e0ad0.000001b5.honggfuzz.cov b/examples/bind/corpus/82b7554245edab19eeb3844ec51e0ad0.000001b5.honggfuzz.cov new file mode 100644 index 00000000..07ac6ece Binary files /dev/null and b/examples/bind/corpus/82b7554245edab19eeb3844ec51e0ad0.000001b5.honggfuzz.cov differ diff --git a/examples/bind/corpus/82ca32b320f9527d43e4746f6d417a69.0000003a.honggfuzz.cov b/examples/bind/corpus/82ca32b320f9527d43e4746f6d417a69.0000003a.honggfuzz.cov new file mode 100644 index 00000000..e6783a0e Binary files /dev/null and b/examples/bind/corpus/82ca32b320f9527d43e4746f6d417a69.0000003a.honggfuzz.cov differ diff --git a/examples/bind/corpus/82f2a1d69285eec4d8dd1ab3f5f72f53.00000bd2.honggfuzz.cov b/examples/bind/corpus/82f2a1d69285eec4d8dd1ab3f5f72f53.00000bd2.honggfuzz.cov deleted file mode 100644 index 8e945c6b..00000000 Binary files a/examples/bind/corpus/82f2a1d69285eec4d8dd1ab3f5f72f53.00000bd2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/83239b6f061bffae1fc13eaf1aa65c5f.0000004a.honggfuzz.cov b/examples/bind/corpus/83239b6f061bffae1fc13eaf1aa65c5f.0000004a.honggfuzz.cov new file mode 100644 index 00000000..3dd785b6 Binary files /dev/null and b/examples/bind/corpus/83239b6f061bffae1fc13eaf1aa65c5f.0000004a.honggfuzz.cov differ diff --git a/examples/bind/corpus/832bcf86d52a29bcdba19ff3cae6feaa.00000036.honggfuzz.cov b/examples/bind/corpus/832bcf86d52a29bcdba19ff3cae6feaa.00000036.honggfuzz.cov new file mode 100644 index 00000000..2b62124d Binary files /dev/null and b/examples/bind/corpus/832bcf86d52a29bcdba19ff3cae6feaa.00000036.honggfuzz.cov differ diff --git a/examples/bind/corpus/8352a11c3452802ae51837f130afefe1.00000261.honggfuzz.cov b/examples/bind/corpus/8352a11c3452802ae51837f130afefe1.00000261.honggfuzz.cov deleted file mode 100644 index 7995bdca..00000000 Binary files a/examples/bind/corpus/8352a11c3452802ae51837f130afefe1.00000261.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8357840e72d45247f8389568bd927819.00000a89.honggfuzz.cov b/examples/bind/corpus/8357840e72d45247f8389568bd927819.00000a89.honggfuzz.cov new file mode 100644 index 00000000..66080a67 Binary files /dev/null and b/examples/bind/corpus/8357840e72d45247f8389568bd927819.00000a89.honggfuzz.cov differ diff --git a/examples/bind/corpus/836825990d8db8decb3f2835aa95eaff.00000080.honggfuzz.cov b/examples/bind/corpus/836825990d8db8decb3f2835aa95eaff.00000080.honggfuzz.cov deleted file mode 100644 index a937297b..00000000 Binary files a/examples/bind/corpus/836825990d8db8decb3f2835aa95eaff.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/83684e893b6b32064e7f2473940739c6.000006c8.honggfuzz.cov b/examples/bind/corpus/83684e893b6b32064e7f2473940739c6.000006c8.honggfuzz.cov deleted file mode 100644 index 2d6d75d0..00000000 Binary files a/examples/bind/corpus/83684e893b6b32064e7f2473940739c6.000006c8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/83805ec58090c8ea1df4eaaa9190afac.00000085.honggfuzz.cov b/examples/bind/corpus/83805ec58090c8ea1df4eaaa9190afac.00000085.honggfuzz.cov new file mode 100644 index 00000000..94f4b20e Binary files /dev/null and b/examples/bind/corpus/83805ec58090c8ea1df4eaaa9190afac.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/8388db9e0c2ba20fce672f81b95cf0bd.00000085.honggfuzz.cov b/examples/bind/corpus/8388db9e0c2ba20fce672f81b95cf0bd.00000085.honggfuzz.cov deleted file mode 100644 index 3e828b9e..00000000 Binary files a/examples/bind/corpus/8388db9e0c2ba20fce672f81b95cf0bd.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8408b3bce5d7c3a9e0f8e93d1021b01f.00000400.honggfuzz.cov b/examples/bind/corpus/8408b3bce5d7c3a9e0f8e93d1021b01f.00000400.honggfuzz.cov deleted file mode 100644 index 8a6ef8b9..00000000 Binary files a/examples/bind/corpus/8408b3bce5d7c3a9e0f8e93d1021b01f.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/841f967d07e57c1d126f476040d45676.000001f8.honggfuzz.cov b/examples/bind/corpus/841f967d07e57c1d126f476040d45676.000001f8.honggfuzz.cov deleted file mode 100644 index 6ef87bfd..00000000 Binary files a/examples/bind/corpus/841f967d07e57c1d126f476040d45676.000001f8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/842532a1f78e0f126dd8cef801f64ac8.00000ded.honggfuzz.cov b/examples/bind/corpus/842532a1f78e0f126dd8cef801f64ac8.00000ded.honggfuzz.cov deleted file mode 100644 index e30ee30d..00000000 Binary files a/examples/bind/corpus/842532a1f78e0f126dd8cef801f64ac8.00000ded.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/846c6eff99c56f21e674ae36ae386004.000000f9.honggfuzz.cov b/examples/bind/corpus/846c6eff99c56f21e674ae36ae386004.000000f9.honggfuzz.cov deleted file mode 100644 index 3a3044a5..00000000 Binary files a/examples/bind/corpus/846c6eff99c56f21e674ae36ae386004.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/847b26c575757285843a4d70a9ca10e6.0000002d.honggfuzz.cov b/examples/bind/corpus/847b26c575757285843a4d70a9ca10e6.0000002d.honggfuzz.cov deleted file mode 100644 index 3d89160c..00000000 Binary files a/examples/bind/corpus/847b26c575757285843a4d70a9ca10e6.0000002d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/849167f3b9fe84d13cd5f09e8b98019b.00000037.honggfuzz.cov b/examples/bind/corpus/849167f3b9fe84d13cd5f09e8b98019b.00000037.honggfuzz.cov new file mode 100644 index 00000000..427588ea Binary files /dev/null and b/examples/bind/corpus/849167f3b9fe84d13cd5f09e8b98019b.00000037.honggfuzz.cov differ diff --git a/examples/bind/corpus/84a4121ef65d4911cad763497feab920.00000085.honggfuzz.cov b/examples/bind/corpus/84a4121ef65d4911cad763497feab920.00000085.honggfuzz.cov deleted file mode 100644 index 55841941..00000000 Binary files a/examples/bind/corpus/84a4121ef65d4911cad763497feab920.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/84aea03250ade32d2c21706f38d20749.0001c2ad.honggfuzz.cov b/examples/bind/corpus/84aea03250ade32d2c21706f38d20749.0001c2ad.honggfuzz.cov deleted file mode 100644 index 5e16df64..00000000 Binary files a/examples/bind/corpus/84aea03250ade32d2c21706f38d20749.0001c2ad.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/84b1ff09e85830a4f5b41cd5f3a5722e.0000001d.honggfuzz.cov b/examples/bind/corpus/84b1ff09e85830a4f5b41cd5f3a5722e.0000001d.honggfuzz.cov new file mode 100644 index 00000000..7f740d6e Binary files /dev/null and b/examples/bind/corpus/84b1ff09e85830a4f5b41cd5f3a5722e.0000001d.honggfuzz.cov differ diff --git a/examples/bind/corpus/84b7ae28585830a4f5b5fd2fade1722e.0000001d.honggfuzz.cov b/examples/bind/corpus/84b7ae28585830a4f5b5fd2fade1722e.0000001d.honggfuzz.cov new file mode 100644 index 00000000..a7eb0665 Binary files /dev/null and b/examples/bind/corpus/84b7ae28585830a4f5b5fd2fade1722e.0000001d.honggfuzz.cov differ diff --git a/examples/bind/corpus/84b7ae28591d30a4f46e8d2fade1722e.0000001d.honggfuzz.cov b/examples/bind/corpus/84b7ae28591d30a4f46e8d2fade1722e.0000001d.honggfuzz.cov new file mode 100644 index 00000000..ee635312 Binary files /dev/null and b/examples/bind/corpus/84b7ae28591d30a4f46e8d2fade1722e.0000001d.honggfuzz.cov differ diff --git a/examples/bind/corpus/84ba9fe237e2ae7ef9194ed2fa3c3b38.00000acd.honggfuzz.cov b/examples/bind/corpus/84ba9fe237e2ae7ef9194ed2fa3c3b38.00000acd.honggfuzz.cov deleted file mode 100644 index 73975b40..00000000 Binary files a/examples/bind/corpus/84ba9fe237e2ae7ef9194ed2fa3c3b38.00000acd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8507ae2a885830a4f5b6cd1cacf1632e.0000001d.honggfuzz.cov b/examples/bind/corpus/8507ae2a885830a4f5b6cd1cacf1632e.0000001d.honggfuzz.cov new file mode 100644 index 00000000..34979540 Binary files /dev/null and b/examples/bind/corpus/8507ae2a885830a4f5b6cd1cacf1632e.0000001d.honggfuzz.cov differ diff --git a/examples/bind/corpus/850a23772e0827b0f344086164027093.00000085.honggfuzz.cov b/examples/bind/corpus/850a23772e0827b0f344086164027093.00000085.honggfuzz.cov deleted file mode 100644 index 45fc1ba6..00000000 Binary files a/examples/bind/corpus/850a23772e0827b0f344086164027093.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/851b590c392c66f0ef9915192c4362f4.000002a9.honggfuzz.cov b/examples/bind/corpus/851b590c392c66f0ef9915192c4362f4.000002a9.honggfuzz.cov new file mode 100644 index 00000000..2eb51f26 Binary files /dev/null and b/examples/bind/corpus/851b590c392c66f0ef9915192c4362f4.000002a9.honggfuzz.cov differ diff --git a/examples/bind/corpus/8547b980b170a23109214187cc6933b6.000000f9.honggfuzz.cov b/examples/bind/corpus/8547b980b170a23109214187cc6933b6.000000f9.honggfuzz.cov deleted file mode 100644 index 99bc0350..00000000 Binary files a/examples/bind/corpus/8547b980b170a23109214187cc6933b6.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8548fefa6c9ee05568c1f418cff1495e.000101d0.honggfuzz.cov b/examples/bind/corpus/8548fefa6c9ee05568c1f418cff1495e.000101d0.honggfuzz.cov new file mode 100644 index 00000000..b4f4f338 Binary files /dev/null and b/examples/bind/corpus/8548fefa6c9ee05568c1f418cff1495e.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/8568d7395f2c38f64108dbc2bdf4b240.00000530.honggfuzz.cov b/examples/bind/corpus/8568d7395f2c38f64108dbc2bdf4b240.00000530.honggfuzz.cov deleted file mode 100644 index 69981a1b..00000000 Binary files a/examples/bind/corpus/8568d7395f2c38f64108dbc2bdf4b240.00000530.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/856dca4947e95b10065791f81440d7e4.00000085.honggfuzz.cov b/examples/bind/corpus/856dca4947e95b10065791f81440d7e4.00000085.honggfuzz.cov deleted file mode 100644 index 03f3c78f..00000000 Binary files a/examples/bind/corpus/856dca4947e95b10065791f81440d7e4.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/857ef9aa8ed8ce389c9b833e5521e3ff.000000ee.honggfuzz.cov b/examples/bind/corpus/857ef9aa8ed8ce389c9b833e5521e3ff.000000ee.honggfuzz.cov deleted file mode 100644 index 8275b89b..00000000 Binary files a/examples/bind/corpus/857ef9aa8ed8ce389c9b833e5521e3ff.000000ee.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/85bf9a512e2fea24677defcae36cadb2.00000085.honggfuzz.cov b/examples/bind/corpus/85bf9a512e2fea24677defcae36cadb2.00000085.honggfuzz.cov new file mode 100644 index 00000000..fc325d89 Binary files /dev/null and b/examples/bind/corpus/85bf9a512e2fea24677defcae36cadb2.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/85f4d1c0797aca712cf3837f95398859.000000a0.honggfuzz.cov b/examples/bind/corpus/85f4d1c0797aca712cf3837f95398859.000000a0.honggfuzz.cov deleted file mode 100644 index 401d682f..00000000 Binary files a/examples/bind/corpus/85f4d1c0797aca712cf3837f95398859.000000a0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/861d175e9f8fa8210176bac055492333.000000c7.honggfuzz.cov b/examples/bind/corpus/861d175e9f8fa8210176bac055492333.000000c7.honggfuzz.cov new file mode 100644 index 00000000..f1f68e85 Binary files /dev/null and b/examples/bind/corpus/861d175e9f8fa8210176bac055492333.000000c7.honggfuzz.cov differ diff --git a/examples/bind/corpus/864b1c2e1ba8b1c09d9c6bea3d05d306.00000037.honggfuzz.cov b/examples/bind/corpus/864b1c2e1ba8b1c09d9c6bea3d05d306.00000037.honggfuzz.cov deleted file mode 100644 index 0d09b97b..00000000 Binary files a/examples/bind/corpus/864b1c2e1ba8b1c09d9c6bea3d05d306.00000037.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/864e060bf9b28b17482b6a0b8f99292d.00000085.honggfuzz.cov b/examples/bind/corpus/864e060bf9b28b17482b6a0b8f99292d.00000085.honggfuzz.cov deleted file mode 100644 index 9c03bcc3..00000000 Binary files a/examples/bind/corpus/864e060bf9b28b17482b6a0b8f99292d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/864e06ddaab288f27bf82843071f5101.000000da.honggfuzz.cov b/examples/bind/corpus/864e06ddaab288f27bf82843071f5101.000000da.honggfuzz.cov deleted file mode 100644 index cf299e96..00000000 Binary files a/examples/bind/corpus/864e06ddaab288f27bf82843071f5101.000000da.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/865118f3b5a7edd5f691bf0a05a782bb.00000085.honggfuzz.cov b/examples/bind/corpus/865118f3b5a7edd5f691bf0a05a782bb.00000085.honggfuzz.cov deleted file mode 100644 index c3961703..00000000 Binary files a/examples/bind/corpus/865118f3b5a7edd5f691bf0a05a782bb.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/865f2cb8779df6f1396d0c02bb4416d0.00000153.honggfuzz.cov b/examples/bind/corpus/865f2cb8779df6f1396d0c02bb4416d0.00000153.honggfuzz.cov deleted file mode 100644 index 6960ae59..00000000 Binary files a/examples/bind/corpus/865f2cb8779df6f1396d0c02bb4416d0.00000153.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8671329ae95e5a3fe8492598d992a4a0.00000085.honggfuzz.cov b/examples/bind/corpus/8671329ae95e5a3fe8492598d992a4a0.00000085.honggfuzz.cov deleted file mode 100644 index 7589b2a7..00000000 Binary files a/examples/bind/corpus/8671329ae95e5a3fe8492598d992a4a0.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/86851dc081dc8a3f4a77183945e873fb.00000084.honggfuzz.cov b/examples/bind/corpus/86851dc081dc8a3f4a77183945e873fb.00000084.honggfuzz.cov new file mode 100644 index 00000000..99035a8d Binary files /dev/null and b/examples/bind/corpus/86851dc081dc8a3f4a77183945e873fb.00000084.honggfuzz.cov differ diff --git a/examples/bind/corpus/8686b3a393e4b8ceb52f98cbd9c73cab.00000686.honggfuzz.cov b/examples/bind/corpus/8686b3a393e4b8ceb52f98cbd9c73cab.00000686.honggfuzz.cov deleted file mode 100644 index d3444809..00000000 Binary files a/examples/bind/corpus/8686b3a393e4b8ceb52f98cbd9c73cab.00000686.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/86b12f4305dd21bbbb0fdbd3fcc8a14b.00000034.honggfuzz.cov b/examples/bind/corpus/86b12f4305dd21bbbb0fdbd3fcc8a14b.00000034.honggfuzz.cov new file mode 100644 index 00000000..28c2dc0b Binary files /dev/null and b/examples/bind/corpus/86b12f4305dd21bbbb0fdbd3fcc8a14b.00000034.honggfuzz.cov differ diff --git a/examples/bind/corpus/86c2f083cb6b9df4b5c07b0cb86c8747.0000001d.honggfuzz.cov b/examples/bind/corpus/86c2f083cb6b9df4b5c07b0cb86c8747.0000001d.honggfuzz.cov new file mode 100644 index 00000000..db0f2240 Binary files /dev/null and b/examples/bind/corpus/86c2f083cb6b9df4b5c07b0cb86c8747.0000001d.honggfuzz.cov differ diff --git a/examples/bind/corpus/86c43083cb6b9df4b5c07b08f8288747.0000001d.honggfuzz.cov b/examples/bind/corpus/86c43083cb6b9df4b5c07b08f8288747.0000001d.honggfuzz.cov deleted file mode 100644 index 748d43de..00000000 Binary files a/examples/bind/corpus/86c43083cb6b9df4b5c07b08f8288747.0000001d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/86e459e0acd0ded3bab59fe1ee37fa5f.00000db9.honggfuzz.cov b/examples/bind/corpus/86e459e0acd0ded3bab59fe1ee37fa5f.00000db9.honggfuzz.cov new file mode 100644 index 00000000..a3c9b5a2 Binary files /dev/null and b/examples/bind/corpus/86e459e0acd0ded3bab59fe1ee37fa5f.00000db9.honggfuzz.cov differ diff --git a/examples/bind/corpus/87038e99bdbc9402894e63fe236ad3e7.00000400.honggfuzz.cov b/examples/bind/corpus/87038e99bdbc9402894e63fe236ad3e7.00000400.honggfuzz.cov deleted file mode 100644 index 7aac5c30..00000000 Binary files a/examples/bind/corpus/87038e99bdbc9402894e63fe236ad3e7.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8705bafb234a914d68c1ff96f68f6a48.00000092.honggfuzz.cov b/examples/bind/corpus/8705bafb234a914d68c1ff96f68f6a48.00000092.honggfuzz.cov new file mode 100644 index 00000000..d59a2fd7 Binary files /dev/null and b/examples/bind/corpus/8705bafb234a914d68c1ff96f68f6a48.00000092.honggfuzz.cov differ diff --git a/examples/bind/corpus/87d0b60d941ac5737441e529a84ea043.00000175.honggfuzz.cov b/examples/bind/corpus/87d0b60d941ac5737441e529a84ea043.00000175.honggfuzz.cov new file mode 100644 index 00000000..d6ec5ef2 Binary files /dev/null and b/examples/bind/corpus/87d0b60d941ac5737441e529a84ea043.00000175.honggfuzz.cov differ diff --git a/examples/bind/corpus/87d27a017fdf9d8d85b2a2b8c8ac0c46.00000085.honggfuzz.cov b/examples/bind/corpus/87d27a017fdf9d8d85b2a2b8c8ac0c46.00000085.honggfuzz.cov deleted file mode 100644 index fbaa5a9f..00000000 Binary files a/examples/bind/corpus/87d27a017fdf9d8d85b2a2b8c8ac0c46.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/87ecebb9144ae6659c88bcfb3dd7f5d4.00000021.honggfuzz.cov b/examples/bind/corpus/87ecebb9144ae6659c88bcfb3dd7f5d4.00000021.honggfuzz.cov new file mode 100644 index 00000000..03928503 Binary files /dev/null and b/examples/bind/corpus/87ecebb9144ae6659c88bcfb3dd7f5d4.00000021.honggfuzz.cov differ diff --git a/examples/bind/corpus/87efffc9cb7705088adf8876a4a84459.00000510.honggfuzz.cov b/examples/bind/corpus/87efffc9cb7705088adf8876a4a84459.00000510.honggfuzz.cov deleted file mode 100644 index 46215a15..00000000 Binary files a/examples/bind/corpus/87efffc9cb7705088adf8876a4a84459.00000510.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/882c7cb8115119cc4dda6f02f86a96e6.0001f4ac.honggfuzz.cov b/examples/bind/corpus/882c7cb8115119cc4dda6f02f86a96e6.0001f4ac.honggfuzz.cov new file mode 100644 index 00000000..1d51ae23 Binary files /dev/null and b/examples/bind/corpus/882c7cb8115119cc4dda6f02f86a96e6.0001f4ac.honggfuzz.cov differ diff --git a/examples/bind/corpus/882da3f30eec3970566192f915fcddf5.00000040.honggfuzz.cov b/examples/bind/corpus/882da3f30eec3970566192f915fcddf5.00000040.honggfuzz.cov deleted file mode 100644 index 450236df..00000000 Binary files a/examples/bind/corpus/882da3f30eec3970566192f915fcddf5.00000040.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/88386a5f26d204de49f82f1d14107d5e.00001b62.honggfuzz.cov b/examples/bind/corpus/88386a5f26d204de49f82f1d14107d5e.00001b62.honggfuzz.cov deleted file mode 100644 index 9e91171e..00000000 Binary files a/examples/bind/corpus/88386a5f26d204de49f82f1d14107d5e.00001b62.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/883cabf118d301cf308f37b1852c33cc.0000db04.honggfuzz.cov b/examples/bind/corpus/883cabf118d301cf308f37b1852c33cc.0000db04.honggfuzz.cov deleted file mode 100644 index 274c7069..00000000 Binary files a/examples/bind/corpus/883cabf118d301cf308f37b1852c33cc.0000db04.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/884613dd0c0c48af071a134574c88fdd.00000b91.honggfuzz.cov b/examples/bind/corpus/884613dd0c0c48af071a134574c88fdd.00000b91.honggfuzz.cov new file mode 100644 index 00000000..5d1ea600 Binary files /dev/null and b/examples/bind/corpus/884613dd0c0c48af071a134574c88fdd.00000b91.honggfuzz.cov differ diff --git a/examples/bind/corpus/885d0e64eb4549e72e4904ac64c21d30.0000087c.honggfuzz.cov b/examples/bind/corpus/885d0e64eb4549e72e4904ac64c21d30.0000087c.honggfuzz.cov deleted file mode 100644 index 49a278ea..00000000 Binary files a/examples/bind/corpus/885d0e64eb4549e72e4904ac64c21d30.0000087c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/88679e6b35e5acb7b0a8f4342875824f.0000091e.honggfuzz.cov b/examples/bind/corpus/88679e6b35e5acb7b0a8f4342875824f.0000091e.honggfuzz.cov deleted file mode 100644 index 70c67335..00000000 Binary files a/examples/bind/corpus/88679e6b35e5acb7b0a8f4342875824f.0000091e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8873482a4e27d08e7c7732fcd5cc268a.0004f2c6.honggfuzz.cov b/examples/bind/corpus/8873482a4e27d08e7c7732fcd5cc268a.0004f2c6.honggfuzz.cov deleted file mode 100644 index ba64631d..00000000 Binary files a/examples/bind/corpus/8873482a4e27d08e7c7732fcd5cc268a.0004f2c6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/88c407d5e63c00d362b0a6f5f0c36f44.00020000.honggfuzz.cov b/examples/bind/corpus/88c407d5e63c00d362b0a6f5f0c36f44.00020000.honggfuzz.cov deleted file mode 100644 index 97571ec8..00000000 Binary files a/examples/bind/corpus/88c407d5e63c00d362b0a6f5f0c36f44.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/88d097b7e37a1ef8e5f13d4ffa6765e4.0000002b.honggfuzz.cov b/examples/bind/corpus/88d097b7e37a1ef8e5f13d4ffa6765e4.0000002b.honggfuzz.cov new file mode 100644 index 00000000..f1e62ada Binary files /dev/null and b/examples/bind/corpus/88d097b7e37a1ef8e5f13d4ffa6765e4.0000002b.honggfuzz.cov differ diff --git a/examples/bind/corpus/88e2f59000000000658218f000000000.00000003.honggfuzz.cov b/examples/bind/corpus/88e2f59000000000658218f000000000.00000003.honggfuzz.cov deleted file mode 100644 index c27e9dd8..00000000 --- a/examples/bind/corpus/88e2f59000000000658218f000000000.00000003.honggfuzz.cov +++ /dev/null @@ -1 +0,0 @@ -Oí \ No newline at end of file diff --git a/examples/bind/corpus/88e561be93c7069fad5e4599942ff487.000101d0.honggfuzz.cov b/examples/bind/corpus/88e561be93c7069fad5e4599942ff487.000101d0.honggfuzz.cov new file mode 100644 index 00000000..dd906397 Binary files /dev/null and b/examples/bind/corpus/88e561be93c7069fad5e4599942ff487.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/891edb77d3df1b09b7d0819321d65fb5.0000051a.honggfuzz.cov b/examples/bind/corpus/891edb77d3df1b09b7d0819321d65fb5.0000051a.honggfuzz.cov new file mode 100644 index 00000000..fc214ed3 Binary files /dev/null and b/examples/bind/corpus/891edb77d3df1b09b7d0819321d65fb5.0000051a.honggfuzz.cov differ diff --git a/examples/bind/corpus/8935e37a9d5824a3c5430cb0274bf0b6.00000080.honggfuzz.cov b/examples/bind/corpus/8935e37a9d5824a3c5430cb0274bf0b6.00000080.honggfuzz.cov new file mode 100644 index 00000000..c579ccdd Binary files /dev/null and b/examples/bind/corpus/8935e37a9d5824a3c5430cb0274bf0b6.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/893bbbbc9139008e674690d5175896c2.00004036.honggfuzz.cov b/examples/bind/corpus/893bbbbc9139008e674690d5175896c2.00004036.honggfuzz.cov new file mode 100644 index 00000000..3ab09c85 Binary files /dev/null and b/examples/bind/corpus/893bbbbc9139008e674690d5175896c2.00004036.honggfuzz.cov differ diff --git a/examples/bind/corpus/8949186109d2897aec17259feca2a8f5.00000085.honggfuzz.cov b/examples/bind/corpus/8949186109d2897aec17259feca2a8f5.00000085.honggfuzz.cov deleted file mode 100644 index 3c866875..00000000 Binary files a/examples/bind/corpus/8949186109d2897aec17259feca2a8f5.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/895e7d77264ed80dd3576f602962f2d1.0000045a.honggfuzz.cov b/examples/bind/corpus/895e7d77264ed80dd3576f602962f2d1.0000045a.honggfuzz.cov new file mode 100644 index 00000000..0973b6f6 Binary files /dev/null and b/examples/bind/corpus/895e7d77264ed80dd3576f602962f2d1.0000045a.honggfuzz.cov differ diff --git a/examples/bind/corpus/896ddf56847067699820742bbc6c7d39.000006c6.honggfuzz.cov b/examples/bind/corpus/896ddf56847067699820742bbc6c7d39.000006c6.honggfuzz.cov new file mode 100644 index 00000000..67b15cf0 Binary files /dev/null and b/examples/bind/corpus/896ddf56847067699820742bbc6c7d39.000006c6.honggfuzz.cov differ diff --git a/examples/bind/corpus/897e19674d4658aec75c6c97332106f4.00007fef.honggfuzz.cov b/examples/bind/corpus/897e19674d4658aec75c6c97332106f4.00007fef.honggfuzz.cov deleted file mode 100644 index 60a8b18f..00000000 Binary files a/examples/bind/corpus/897e19674d4658aec75c6c97332106f4.00007fef.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/89bb04c333fd4cbc0980bc8c17310c21.00016922.honggfuzz.cov b/examples/bind/corpus/89bb04c333fd4cbc0980bc8c17310c21.00016922.honggfuzz.cov deleted file mode 100644 index fac08f52..00000000 Binary files a/examples/bind/corpus/89bb04c333fd4cbc0980bc8c17310c21.00016922.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/89c5592a58006f8eafe93fb338ab753e.000181bb.honggfuzz.cov b/examples/bind/corpus/89c5592a58006f8eafe93fb338ab753e.000181bb.honggfuzz.cov deleted file mode 100644 index ed3c472e..00000000 Binary files a/examples/bind/corpus/89c5592a58006f8eafe93fb338ab753e.000181bb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/89d55b55d031eef49ab188cd64670ff5.0000004f.honggfuzz.cov b/examples/bind/corpus/89d55b55d031eef49ab188cd64670ff5.0000004f.honggfuzz.cov new file mode 100644 index 00000000..c7dffbcc Binary files /dev/null and b/examples/bind/corpus/89d55b55d031eef49ab188cd64670ff5.0000004f.honggfuzz.cov differ diff --git a/examples/bind/corpus/89dafce144e3d471b0da9a9ff0e2f027.00000085.honggfuzz.cov b/examples/bind/corpus/89dafce144e3d471b0da9a9ff0e2f027.00000085.honggfuzz.cov deleted file mode 100644 index 1724179f..00000000 Binary files a/examples/bind/corpus/89dafce144e3d471b0da9a9ff0e2f027.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/89e34800068f1d6d6b54b23d112d3499.000001db.honggfuzz.cov b/examples/bind/corpus/89e34800068f1d6d6b54b23d112d3499.000001db.honggfuzz.cov deleted file mode 100644 index ef682740..00000000 Binary files a/examples/bind/corpus/89e34800068f1d6d6b54b23d112d3499.000001db.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/89f6a13cbcc34eaad2672168032a1220.00000065.honggfuzz.cov b/examples/bind/corpus/89f6a13cbcc34eaad2672168032a1220.00000065.honggfuzz.cov deleted file mode 100644 index f002efc5..00000000 Binary files a/examples/bind/corpus/89f6a13cbcc34eaad2672168032a1220.00000065.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8a3e97c619632fd0f96256273d074b54.00001139.honggfuzz.cov b/examples/bind/corpus/8a3e97c619632fd0f96256273d074b54.00001139.honggfuzz.cov deleted file mode 100644 index 5ea6c469..00000000 Binary files a/examples/bind/corpus/8a3e97c619632fd0f96256273d074b54.00001139.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8a4c13b478a6a8f5765e496ceaf57df7.000017b0.honggfuzz.cov b/examples/bind/corpus/8a4c13b478a6a8f5765e496ceaf57df7.000017b0.honggfuzz.cov new file mode 100644 index 00000000..e96298c3 Binary files /dev/null and b/examples/bind/corpus/8a4c13b478a6a8f5765e496ceaf57df7.000017b0.honggfuzz.cov differ diff --git a/examples/bind/corpus/8a4d1ed7dbb863b627cb62e6d2609dd5.000000f9.honggfuzz.cov b/examples/bind/corpus/8a4d1ed7dbb863b627cb62e6d2609dd5.000000f9.honggfuzz.cov deleted file mode 100644 index 7250ad12..00000000 Binary files a/examples/bind/corpus/8a4d1ed7dbb863b627cb62e6d2609dd5.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8a6b82cec318c9065d1fd183cef61f06.00003965.honggfuzz.cov b/examples/bind/corpus/8a6b82cec318c9065d1fd183cef61f06.00003965.honggfuzz.cov new file mode 100644 index 00000000..a2497d99 Binary files /dev/null and b/examples/bind/corpus/8a6b82cec318c9065d1fd183cef61f06.00003965.honggfuzz.cov differ diff --git a/examples/bind/corpus/8a79bae1633e082932657fc31c8c9af1.00000078.honggfuzz.cov b/examples/bind/corpus/8a79bae1633e082932657fc31c8c9af1.00000078.honggfuzz.cov new file mode 100644 index 00000000..adb9459f Binary files /dev/null and b/examples/bind/corpus/8a79bae1633e082932657fc31c8c9af1.00000078.honggfuzz.cov differ diff --git a/examples/bind/corpus/8a9d8a5d73bc724dac6516167cf8862c.00000085.honggfuzz.cov b/examples/bind/corpus/8a9d8a5d73bc724dac6516167cf8862c.00000085.honggfuzz.cov deleted file mode 100644 index 6956abef..00000000 Binary files a/examples/bind/corpus/8a9d8a5d73bc724dac6516167cf8862c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8ab2463e9918c0ac01ecb5af57a0efb6.00002000.honggfuzz.cov b/examples/bind/corpus/8ab2463e9918c0ac01ecb5af57a0efb6.00002000.honggfuzz.cov deleted file mode 100644 index 6b715508..00000000 Binary files a/examples/bind/corpus/8ab2463e9918c0ac01ecb5af57a0efb6.00002000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8ad7a7ef742395d50d9e7ae0b231e870.00000119.honggfuzz.cov b/examples/bind/corpus/8ad7a7ef742395d50d9e7ae0b231e870.00000119.honggfuzz.cov deleted file mode 100644 index 8e936e78..00000000 Binary files a/examples/bind/corpus/8ad7a7ef742395d50d9e7ae0b231e870.00000119.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8af8e9725697d97515d172b4f9a0508a.00000085.honggfuzz.cov b/examples/bind/corpus/8af8e9725697d97515d172b4f9a0508a.00000085.honggfuzz.cov deleted file mode 100644 index a06cfea7..00000000 Binary files a/examples/bind/corpus/8af8e9725697d97515d172b4f9a0508a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8afaefe0633aad5ea7e8b144bfcbbc6f.00000088.honggfuzz.cov b/examples/bind/corpus/8afaefe0633aad5ea7e8b144bfcbbc6f.00000088.honggfuzz.cov new file mode 100644 index 00000000..4e3564c9 Binary files /dev/null and b/examples/bind/corpus/8afaefe0633aad5ea7e8b144bfcbbc6f.00000088.honggfuzz.cov differ diff --git a/examples/bind/corpus/8afcb7aa701b777b80e69481e4814415.00000085.honggfuzz.cov b/examples/bind/corpus/8afcb7aa701b777b80e69481e4814415.00000085.honggfuzz.cov deleted file mode 100644 index f7c7e8ff..00000000 Binary files a/examples/bind/corpus/8afcb7aa701b777b80e69481e4814415.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8b1841a72f2bc9285a6159a386672072.00000087.honggfuzz.cov b/examples/bind/corpus/8b1841a72f2bc9285a6159a386672072.00000087.honggfuzz.cov new file mode 100644 index 00000000..c34635b6 Binary files /dev/null and b/examples/bind/corpus/8b1841a72f2bc9285a6159a386672072.00000087.honggfuzz.cov differ diff --git a/examples/bind/corpus/8b32fb26d7736869150c483c2e78c48b.000000f9.honggfuzz.cov b/examples/bind/corpus/8b32fb26d7736869150c483c2e78c48b.000000f9.honggfuzz.cov deleted file mode 100644 index 01f5fc8a..00000000 Binary files a/examples/bind/corpus/8b32fb26d7736869150c483c2e78c48b.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8b41a34d94805769d667c29e8226284c.00001eab.honggfuzz.cov b/examples/bind/corpus/8b41a34d94805769d667c29e8226284c.00001eab.honggfuzz.cov deleted file mode 100644 index a225fec9..00000000 Binary files a/examples/bind/corpus/8b41a34d94805769d667c29e8226284c.00001eab.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8b64943c412b23978b2843b16e8915ad.00000222.honggfuzz.cov b/examples/bind/corpus/8b64943c412b23978b2843b16e8915ad.00000222.honggfuzz.cov deleted file mode 100644 index 303bdc88..00000000 Binary files a/examples/bind/corpus/8b64943c412b23978b2843b16e8915ad.00000222.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8b673d785ae3273c171d9e56f56a66a1.000101d0.honggfuzz.cov b/examples/bind/corpus/8b673d785ae3273c171d9e56f56a66a1.000101d0.honggfuzz.cov new file mode 100644 index 00000000..85d82ae1 Binary files /dev/null and b/examples/bind/corpus/8b673d785ae3273c171d9e56f56a66a1.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/8b7517a04ca7f69c839f02a59b24bcc9.00000288.honggfuzz.cov b/examples/bind/corpus/8b7517a04ca7f69c839f02a59b24bcc9.00000288.honggfuzz.cov deleted file mode 100644 index 495c5704..00000000 Binary files a/examples/bind/corpus/8b7517a04ca7f69c839f02a59b24bcc9.00000288.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8b75b1077dc6d0a32186ed85b2ab41b3.000001e3.honggfuzz.cov b/examples/bind/corpus/8b75b1077dc6d0a32186ed85b2ab41b3.000001e3.honggfuzz.cov deleted file mode 100644 index 7e07e4f2..00000000 Binary files a/examples/bind/corpus/8b75b1077dc6d0a32186ed85b2ab41b3.000001e3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8b7b57a8a24d0055e5466098ffe6b49f.000101d0.honggfuzz.cov b/examples/bind/corpus/8b7b57a8a24d0055e5466098ffe6b49f.000101d0.honggfuzz.cov new file mode 100644 index 00000000..df1fff81 Binary files /dev/null and b/examples/bind/corpus/8b7b57a8a24d0055e5466098ffe6b49f.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/8b92e6d82b20d0f810377dc0c79fa46a.0000008f.honggfuzz.cov b/examples/bind/corpus/8b92e6d82b20d0f810377dc0c79fa46a.0000008f.honggfuzz.cov new file mode 100644 index 00000000..2ab48303 Binary files /dev/null and b/examples/bind/corpus/8b92e6d82b20d0f810377dc0c79fa46a.0000008f.honggfuzz.cov differ diff --git a/examples/bind/corpus/8c06793d3277e084786166e517daef60.0001153e.honggfuzz.cov b/examples/bind/corpus/8c06793d3277e084786166e517daef60.0001153e.honggfuzz.cov deleted file mode 100644 index 4615e07c..00000000 Binary files a/examples/bind/corpus/8c06793d3277e084786166e517daef60.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8c1a377b50e01a12fd2742b205c6c5f8.00000085.honggfuzz.cov b/examples/bind/corpus/8c1a377b50e01a12fd2742b205c6c5f8.00000085.honggfuzz.cov deleted file mode 100644 index 957fa206..00000000 Binary files a/examples/bind/corpus/8c1a377b50e01a12fd2742b205c6c5f8.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8c36edc689c9cdb64c14164067903059.000189f6.honggfuzz.cov b/examples/bind/corpus/8c36edc689c9cdb64c14164067903059.000189f6.honggfuzz.cov deleted file mode 100644 index fd0b9e15..00000000 Binary files a/examples/bind/corpus/8c36edc689c9cdb64c14164067903059.000189f6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8c3f730ef34e0c4679974be067f069e4.00000049.honggfuzz.cov b/examples/bind/corpus/8c3f730ef34e0c4679974be067f069e4.00000049.honggfuzz.cov new file mode 100644 index 00000000..cac032ac Binary files /dev/null and b/examples/bind/corpus/8c3f730ef34e0c4679974be067f069e4.00000049.honggfuzz.cov differ diff --git a/examples/bind/corpus/8c496db9c69eab5d0ce9020f4cdbdbba.00000085.honggfuzz.cov b/examples/bind/corpus/8c496db9c69eab5d0ce9020f4cdbdbba.00000085.honggfuzz.cov deleted file mode 100644 index 627ed2d2..00000000 Binary files a/examples/bind/corpus/8c496db9c69eab5d0ce9020f4cdbdbba.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8c631e60c608335af8585e5dd26edb21.00000040.honggfuzz.cov b/examples/bind/corpus/8c631e60c608335af8585e5dd26edb21.00000040.honggfuzz.cov new file mode 100644 index 00000000..e469e77e --- /dev/null +++ b/examples/bind/corpus/8c631e60c608335af8585e5dd26edb21.00000040.honggfuzz.cov @@ -0,0 +1 @@ +%52Ÿ[/&1÷‰†Ë<*‰(-JN£ÓÐȪ¯ì8¡TŒüPVDsÒ:<—áñ5+++e`eÅgó©B+ê \ No newline at end of file diff --git a/examples/bind/corpus/8c67f4041f8034de2025399e5fa4dacf.00000400.honggfuzz.cov b/examples/bind/corpus/8c67f4041f8034de2025399e5fa4dacf.00000400.honggfuzz.cov deleted file mode 100644 index 757b2c57..00000000 Binary files a/examples/bind/corpus/8c67f4041f8034de2025399e5fa4dacf.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8c740b152fd65d42c0b3485c40fd3c7b.00000085.honggfuzz.cov b/examples/bind/corpus/8c740b152fd65d42c0b3485c40fd3c7b.00000085.honggfuzz.cov deleted file mode 100644 index 0254f9a0..00000000 Binary files a/examples/bind/corpus/8c740b152fd65d42c0b3485c40fd3c7b.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8c8ac007a30c17c611fe6397361b787d.00000085.honggfuzz.cov b/examples/bind/corpus/8c8ac007a30c17c611fe6397361b787d.00000085.honggfuzz.cov deleted file mode 100644 index b7f57946..00000000 Binary files a/examples/bind/corpus/8c8ac007a30c17c611fe6397361b787d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8cf2e5852a8b01f7f9fe7ca79be48a26.00000085.honggfuzz.cov b/examples/bind/corpus/8cf2e5852a8b01f7f9fe7ca79be48a26.00000085.honggfuzz.cov new file mode 100644 index 00000000..58ae76a4 Binary files /dev/null and b/examples/bind/corpus/8cf2e5852a8b01f7f9fe7ca79be48a26.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/8d1b7855a1f6d156512dfee5c9d71c91.0000001d.honggfuzz.cov b/examples/bind/corpus/8d1b7855a1f6d156512dfee5c9d71c91.0000001d.honggfuzz.cov deleted file mode 100644 index c0cb5d38..00000000 Binary files a/examples/bind/corpus/8d1b7855a1f6d156512dfee5c9d71c91.0000001d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8d3f5080953abfa96f5fd9de0dd76446.00000374.honggfuzz.cov b/examples/bind/corpus/8d3f5080953abfa96f5fd9de0dd76446.00000374.honggfuzz.cov deleted file mode 100644 index 1343cbd5..00000000 Binary files a/examples/bind/corpus/8d3f5080953abfa96f5fd9de0dd76446.00000374.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8d408cdb7115fe564211e10515c06aca.00000080.honggfuzz.cov b/examples/bind/corpus/8d408cdb7115fe564211e10515c06aca.00000080.honggfuzz.cov deleted file mode 100644 index 43deda4c..00000000 Binary files a/examples/bind/corpus/8d408cdb7115fe564211e10515c06aca.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8d495848a84d531274ea1f459aa04b08.00000085.honggfuzz.cov b/examples/bind/corpus/8d495848a84d531274ea1f459aa04b08.00000085.honggfuzz.cov new file mode 100644 index 00000000..31bb3c51 Binary files /dev/null and b/examples/bind/corpus/8d495848a84d531274ea1f459aa04b08.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/8d495848a84d9ef2b90a1f4557401ce8.00000085.honggfuzz.cov b/examples/bind/corpus/8d495848a84d9ef2b90a1f4557401ce8.00000085.honggfuzz.cov new file mode 100644 index 00000000..921a0ba7 Binary files /dev/null and b/examples/bind/corpus/8d495848a84d9ef2b90a1f4557401ce8.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/8d4b5dea49e26bd100c2e75562317d93.000001bc.honggfuzz.cov b/examples/bind/corpus/8d4b5dea49e26bd100c2e75562317d93.000001bc.honggfuzz.cov new file mode 100644 index 00000000..fdffd315 Binary files /dev/null and b/examples/bind/corpus/8d4b5dea49e26bd100c2e75562317d93.000001bc.honggfuzz.cov differ diff --git a/examples/bind/corpus/8d539708fd2464a0344491a941185a74.0000a1b4.honggfuzz.cov b/examples/bind/corpus/8d539708fd2464a0344491a941185a74.0000a1b4.honggfuzz.cov new file mode 100644 index 00000000..772b2ef9 Binary files /dev/null and b/examples/bind/corpus/8d539708fd2464a0344491a941185a74.0000a1b4.honggfuzz.cov differ diff --git a/examples/bind/corpus/8d55097958007c74a2527ef1c5974815.00000020.honggfuzz.cov b/examples/bind/corpus/8d55097958007c74a2527ef1c5974815.00000020.honggfuzz.cov deleted file mode 100644 index cc0b217f..00000000 Binary files a/examples/bind/corpus/8d55097958007c74a2527ef1c5974815.00000020.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8d592a9bce5c2f75621688e00e3db3ca.00006b6a.honggfuzz.cov b/examples/bind/corpus/8d592a9bce5c2f75621688e00e3db3ca.00006b6a.honggfuzz.cov deleted file mode 100644 index e51311f3..00000000 Binary files a/examples/bind/corpus/8d592a9bce5c2f75621688e00e3db3ca.00006b6a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8d70ffe02e6b67a1d99fb533c0b460af.00000021.honggfuzz.cov b/examples/bind/corpus/8d70ffe02e6b67a1d99fb533c0b460af.00000021.honggfuzz.cov deleted file mode 100644 index aeefe365..00000000 Binary files a/examples/bind/corpus/8d70ffe02e6b67a1d99fb533c0b460af.00000021.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8d8bcdf4548719d9e227a45320bbfc4a.0001e987.honggfuzz.cov b/examples/bind/corpus/8d8bcdf4548719d9e227a45320bbfc4a.0001e987.honggfuzz.cov deleted file mode 100644 index cc17f4fd..00000000 Binary files a/examples/bind/corpus/8d8bcdf4548719d9e227a45320bbfc4a.0001e987.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8da1bbb36e8e8216e6769355db8375bf.00001065.honggfuzz.cov b/examples/bind/corpus/8da1bbb36e8e8216e6769355db8375bf.00001065.honggfuzz.cov deleted file mode 100644 index 87f85514..00000000 Binary files a/examples/bind/corpus/8da1bbb36e8e8216e6769355db8375bf.00001065.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8dce69c8210376c98626f0b21682f918.0000366f.honggfuzz.cov b/examples/bind/corpus/8dce69c8210376c98626f0b21682f918.0000366f.honggfuzz.cov deleted file mode 100644 index 25b8c15b..00000000 Binary files a/examples/bind/corpus/8dce69c8210376c98626f0b21682f918.0000366f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8dd66741a3dcb79e9c1f604fcc972b36.00000085.honggfuzz.cov b/examples/bind/corpus/8dd66741a3dcb79e9c1f604fcc972b36.00000085.honggfuzz.cov deleted file mode 100644 index 4bb415ce..00000000 Binary files a/examples/bind/corpus/8dd66741a3dcb79e9c1f604fcc972b36.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8dfe9f3bad73d178334581831006ff71.00000080.honggfuzz.cov b/examples/bind/corpus/8dfe9f3bad73d178334581831006ff71.00000080.honggfuzz.cov new file mode 100644 index 00000000..f95f2af2 Binary files /dev/null and b/examples/bind/corpus/8dfe9f3bad73d178334581831006ff71.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/8e082b03f605b5d94b09143c362ab815.00000400.honggfuzz.cov b/examples/bind/corpus/8e082b03f605b5d94b09143c362ab815.00000400.honggfuzz.cov deleted file mode 100644 index fa06b678..00000000 Binary files a/examples/bind/corpus/8e082b03f605b5d94b09143c362ab815.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8e38e6f88e704da48c2d9e103ad07fd2.000001db.honggfuzz.cov b/examples/bind/corpus/8e38e6f88e704da48c2d9e103ad07fd2.000001db.honggfuzz.cov new file mode 100644 index 00000000..f6042bed Binary files /dev/null and b/examples/bind/corpus/8e38e6f88e704da48c2d9e103ad07fd2.000001db.honggfuzz.cov differ diff --git a/examples/bind/corpus/8e45a0544ada7cf768f7982b19842fa6.00000085.honggfuzz.cov b/examples/bind/corpus/8e45a0544ada7cf768f7982b19842fa6.00000085.honggfuzz.cov deleted file mode 100644 index 15a790ce..00000000 Binary files a/examples/bind/corpus/8e45a0544ada7cf768f7982b19842fa6.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8e60f628769657f656059e6e9a65c4e9.00000bb8.honggfuzz.cov b/examples/bind/corpus/8e60f628769657f656059e6e9a65c4e9.00000bb8.honggfuzz.cov new file mode 100644 index 00000000..6793bb1e Binary files /dev/null and b/examples/bind/corpus/8e60f628769657f656059e6e9a65c4e9.00000bb8.honggfuzz.cov differ diff --git a/examples/bind/corpus/8e6ba8e977b43744388a45622f6aabba.00000085.honggfuzz.cov b/examples/bind/corpus/8e6ba8e977b43744388a45622f6aabba.00000085.honggfuzz.cov deleted file mode 100644 index fc4cd685..00000000 Binary files a/examples/bind/corpus/8e6ba8e977b43744388a45622f6aabba.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8e717bbc72690684896a1361e3c6b593.00000295.honggfuzz.cov b/examples/bind/corpus/8e717bbc72690684896a1361e3c6b593.00000295.honggfuzz.cov deleted file mode 100644 index 2f645e5c..00000000 Binary files a/examples/bind/corpus/8e717bbc72690684896a1361e3c6b593.00000295.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8e7b31d6a07ceae91f71ac56c98ed1da.00000065.honggfuzz.cov b/examples/bind/corpus/8e7b31d6a07ceae91f71ac56c98ed1da.00000065.honggfuzz.cov new file mode 100644 index 00000000..6b6b93db Binary files /dev/null and b/examples/bind/corpus/8e7b31d6a07ceae91f71ac56c98ed1da.00000065.honggfuzz.cov differ diff --git a/examples/bind/corpus/8e861ac9e8c531bc69790be5e589e81c.000101d0.honggfuzz.cov b/examples/bind/corpus/8e861ac9e8c531bc69790be5e589e81c.000101d0.honggfuzz.cov new file mode 100644 index 00000000..bc8190e4 Binary files /dev/null and b/examples/bind/corpus/8e861ac9e8c531bc69790be5e589e81c.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/8e8ae855c53731255295aac9d646ca45.00000085.honggfuzz.cov b/examples/bind/corpus/8e8ae855c53731255295aac9d646ca45.00000085.honggfuzz.cov new file mode 100644 index 00000000..3d7f079b Binary files /dev/null and b/examples/bind/corpus/8e8ae855c53731255295aac9d646ca45.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/8e9c0d50ccde8f1ad3cc3a681ef66281.00000065.honggfuzz.cov b/examples/bind/corpus/8e9c0d50ccde8f1ad3cc3a681ef66281.00000065.honggfuzz.cov new file mode 100644 index 00000000..3f28fe3b Binary files /dev/null and b/examples/bind/corpus/8e9c0d50ccde8f1ad3cc3a681ef66281.00000065.honggfuzz.cov differ diff --git a/examples/bind/corpus/8ea9f4405f9951f9c88bb087851bacf6.00000021.honggfuzz.cov b/examples/bind/corpus/8ea9f4405f9951f9c88bb087851bacf6.00000021.honggfuzz.cov deleted file mode 100644 index dff123ec..00000000 Binary files a/examples/bind/corpus/8ea9f4405f9951f9c88bb087851bacf6.00000021.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8eae3bc6496ec438a27bea0190e4b50b.000000f9.honggfuzz.cov b/examples/bind/corpus/8eae3bc6496ec438a27bea0190e4b50b.000000f9.honggfuzz.cov deleted file mode 100644 index 3fa57542..00000000 Binary files a/examples/bind/corpus/8eae3bc6496ec438a27bea0190e4b50b.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8eba86e2174ba76f2552ff558808c64f.00000085.honggfuzz.cov b/examples/bind/corpus/8eba86e2174ba76f2552ff558808c64f.00000085.honggfuzz.cov deleted file mode 100644 index b911f909..00000000 Binary files a/examples/bind/corpus/8eba86e2174ba76f2552ff558808c64f.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8ede3d423d37ee9f10ec3714d7172c8e.00005759.honggfuzz.cov b/examples/bind/corpus/8ede3d423d37ee9f10ec3714d7172c8e.00005759.honggfuzz.cov deleted file mode 100644 index 56db5f87..00000000 Binary files a/examples/bind/corpus/8ede3d423d37ee9f10ec3714d7172c8e.00005759.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8ef1d97e4bb0f7b8a2149af2014aa111.00000063.honggfuzz.cov b/examples/bind/corpus/8ef1d97e4bb0f7b8a2149af2014aa111.00000063.honggfuzz.cov deleted file mode 100644 index ec5b034f..00000000 Binary files a/examples/bind/corpus/8ef1d97e4bb0f7b8a2149af2014aa111.00000063.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8f13527640f6a31a7fc7e81c60b14a93.0000008f.honggfuzz.cov b/examples/bind/corpus/8f13527640f6a31a7fc7e81c60b14a93.0000008f.honggfuzz.cov deleted file mode 100644 index be52f276..00000000 Binary files a/examples/bind/corpus/8f13527640f6a31a7fc7e81c60b14a93.0000008f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8f1cd6ffa0fc6915cba4127bc92a4507.00000326.honggfuzz.cov b/examples/bind/corpus/8f1cd6ffa0fc6915cba4127bc92a4507.00000326.honggfuzz.cov new file mode 100644 index 00000000..641514e5 Binary files /dev/null and b/examples/bind/corpus/8f1cd6ffa0fc6915cba4127bc92a4507.00000326.honggfuzz.cov differ diff --git a/examples/bind/corpus/8f42f767e0e9075479edce63f311c097.0001c767.honggfuzz.cov b/examples/bind/corpus/8f42f767e0e9075479edce63f311c097.0001c767.honggfuzz.cov deleted file mode 100644 index f9863b56..00000000 Binary files a/examples/bind/corpus/8f42f767e0e9075479edce63f311c097.0001c767.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8f5f4b1293c543b79938cf50c07278a7.000002b0.honggfuzz.cov b/examples/bind/corpus/8f5f4b1293c543b79938cf50c07278a7.000002b0.honggfuzz.cov deleted file mode 100644 index 6e16ec14..00000000 Binary files a/examples/bind/corpus/8f5f4b1293c543b79938cf50c07278a7.000002b0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8f62ffe23a9566015ae75c2578a8b045.00000056.honggfuzz.cov b/examples/bind/corpus/8f62ffe23a9566015ae75c2578a8b045.00000056.honggfuzz.cov deleted file mode 100644 index ba7bb4de..00000000 Binary files a/examples/bind/corpus/8f62ffe23a9566015ae75c2578a8b045.00000056.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8f62ffe32a8466015ae75d2478a9b145.00000056.honggfuzz.cov b/examples/bind/corpus/8f62ffe32a8466015ae75d2478a9b145.00000056.honggfuzz.cov deleted file mode 100644 index b0dc21ed..00000000 Binary files a/examples/bind/corpus/8f62ffe32a8466015ae75d2478a9b145.00000056.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8f64ea62eeb938a5f25eff42dc5a5f78.000000c0.honggfuzz.cov b/examples/bind/corpus/8f64ea62eeb938a5f25eff42dc5a5f78.000000c0.honggfuzz.cov deleted file mode 100644 index 66bbf1db..00000000 Binary files a/examples/bind/corpus/8f64ea62eeb938a5f25eff42dc5a5f78.000000c0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8f7187e7ca94e53b6637ea50f3561cc4.00000089.honggfuzz.cov b/examples/bind/corpus/8f7187e7ca94e53b6637ea50f3561cc4.00000089.honggfuzz.cov deleted file mode 100644 index 5af71e88..00000000 Binary files a/examples/bind/corpus/8f7187e7ca94e53b6637ea50f3561cc4.00000089.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8f82c6b18af6d5581672333629d8b797.00000031.honggfuzz.cov b/examples/bind/corpus/8f82c6b18af6d5581672333629d8b797.00000031.honggfuzz.cov deleted file mode 100644 index f83ca100..00000000 Binary files a/examples/bind/corpus/8f82c6b18af6d5581672333629d8b797.00000031.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8f866494e6ce2a1371732dee517149d3.000000f9.honggfuzz.cov b/examples/bind/corpus/8f866494e6ce2a1371732dee517149d3.000000f9.honggfuzz.cov deleted file mode 100644 index b434ac09..00000000 Binary files a/examples/bind/corpus/8f866494e6ce2a1371732dee517149d3.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8fac417c3116753f49e3f7c29342d3a9.0000004a.honggfuzz.cov b/examples/bind/corpus/8fac417c3116753f49e3f7c29342d3a9.0000004a.honggfuzz.cov new file mode 100644 index 00000000..081d9c2d Binary files /dev/null and b/examples/bind/corpus/8fac417c3116753f49e3f7c29342d3a9.0000004a.honggfuzz.cov differ diff --git a/examples/bind/corpus/8fba39ed6e5e8b09049f99a228cd8458.00000102.honggfuzz.cov b/examples/bind/corpus/8fba39ed6e5e8b09049f99a228cd8458.00000102.honggfuzz.cov deleted file mode 100644 index 5196fd08..00000000 Binary files a/examples/bind/corpus/8fba39ed6e5e8b09049f99a228cd8458.00000102.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/8fcd28ec4fdcbc21f1f4330367650979.00000080.honggfuzz.cov b/examples/bind/corpus/8fcd28ec4fdcbc21f1f4330367650979.00000080.honggfuzz.cov new file mode 100644 index 00000000..b0d6e355 Binary files /dev/null and b/examples/bind/corpus/8fcd28ec4fdcbc21f1f4330367650979.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/900d336ebebd0b94aa7d62c24c53c479.000105b8.honggfuzz.cov b/examples/bind/corpus/900d336ebebd0b94aa7d62c24c53c479.000105b8.honggfuzz.cov new file mode 100644 index 00000000..9a325e97 Binary files /dev/null and b/examples/bind/corpus/900d336ebebd0b94aa7d62c24c53c479.000105b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/90157120f745d2c5a39a4baf26dbac5c.000000c0.honggfuzz.cov b/examples/bind/corpus/90157120f745d2c5a39a4baf26dbac5c.000000c0.honggfuzz.cov deleted file mode 100644 index 22708dfa..00000000 Binary files a/examples/bind/corpus/90157120f745d2c5a39a4baf26dbac5c.000000c0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/901db1ce928d07ad0bffbd29a7a69052.00000085.honggfuzz.cov b/examples/bind/corpus/901db1ce928d07ad0bffbd29a7a69052.00000085.honggfuzz.cov deleted file mode 100644 index 5597dbbb..00000000 Binary files a/examples/bind/corpus/901db1ce928d07ad0bffbd29a7a69052.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/902701f4543b281df576340ba1fc4746.00000085.honggfuzz.cov b/examples/bind/corpus/902701f4543b281df576340ba1fc4746.00000085.honggfuzz.cov deleted file mode 100644 index c44f4631..00000000 Binary files a/examples/bind/corpus/902701f4543b281df576340ba1fc4746.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/903df71ded7b494c032123b4c37bb1fa.00000085.honggfuzz.cov b/examples/bind/corpus/903df71ded7b494c032123b4c37bb1fa.00000085.honggfuzz.cov deleted file mode 100644 index 90d0b660..00000000 Binary files a/examples/bind/corpus/903df71ded7b494c032123b4c37bb1fa.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/90621aa324849164483b5e97cb4d9629.0000018a.honggfuzz.cov b/examples/bind/corpus/90621aa324849164483b5e97cb4d9629.0000018a.honggfuzz.cov deleted file mode 100644 index cbb870ae..00000000 Binary files a/examples/bind/corpus/90621aa324849164483b5e97cb4d9629.0000018a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/907bde24e48429e56d1edff79dec680e.0000004c.honggfuzz.cov b/examples/bind/corpus/907bde24e48429e56d1edff79dec680e.0000004c.honggfuzz.cov deleted file mode 100644 index 4a8ef97a..00000000 Binary files a/examples/bind/corpus/907bde24e48429e56d1edff79dec680e.0000004c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/90900000000000009090000000000000.00000001.honggfuzz.cov b/examples/bind/corpus/90900000000000009090000000000000.00000001.honggfuzz.cov new file mode 100644 index 00000000..ce542efa --- /dev/null +++ b/examples/bind/corpus/90900000000000009090000000000000.00000001.honggfuzz.cov @@ -0,0 +1 @@ +ÿ \ No newline at end of file diff --git a/examples/bind/corpus/90afe0db1f1a763ab101c0d73c29ec7e.0001df73.honggfuzz.cov b/examples/bind/corpus/90afe0db1f1a763ab101c0d73c29ec7e.0001df73.honggfuzz.cov new file mode 100644 index 00000000..0d220d8f Binary files /dev/null and b/examples/bind/corpus/90afe0db1f1a763ab101c0d73c29ec7e.0001df73.honggfuzz.cov differ diff --git a/examples/bind/corpus/90ba209c5a9a8cef9ffe561ee261bd0d.00000085.honggfuzz.cov b/examples/bind/corpus/90ba209c5a9a8cef9ffe561ee261bd0d.00000085.honggfuzz.cov deleted file mode 100644 index e2366b22..00000000 Binary files a/examples/bind/corpus/90ba209c5a9a8cef9ffe561ee261bd0d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/90c4eb4b9843f32ab429672e283f3f2d.0000b104.honggfuzz.cov b/examples/bind/corpus/90c4eb4b9843f32ab429672e283f3f2d.0000b104.honggfuzz.cov deleted file mode 100644 index 4fa7d514..00000000 Binary files a/examples/bind/corpus/90c4eb4b9843f32ab429672e283f3f2d.0000b104.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/90d4284791570a314882c4b1d6ff3e72.00000085.honggfuzz.cov b/examples/bind/corpus/90d4284791570a314882c4b1d6ff3e72.00000085.honggfuzz.cov deleted file mode 100644 index f8afa0a9..00000000 Binary files a/examples/bind/corpus/90d4284791570a314882c4b1d6ff3e72.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/90d597cc58c4a8810b5acc2516513347.00000037.honggfuzz.cov b/examples/bind/corpus/90d597cc58c4a8810b5acc2516513347.00000037.honggfuzz.cov deleted file mode 100644 index 75f07e2b..00000000 Binary files a/examples/bind/corpus/90d597cc58c4a8810b5acc2516513347.00000037.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/90e0fa6bcc8a4c77672cd0a003580687.000001a6.honggfuzz.cov b/examples/bind/corpus/90e0fa6bcc8a4c77672cd0a003580687.000001a6.honggfuzz.cov new file mode 100644 index 00000000..f41ea8cb Binary files /dev/null and b/examples/bind/corpus/90e0fa6bcc8a4c77672cd0a003580687.000001a6.honggfuzz.cov differ diff --git a/examples/bind/corpus/90e161589d72ecdec29d99d0d01178e4.000003ad.honggfuzz.cov b/examples/bind/corpus/90e161589d72ecdec29d99d0d01178e4.000003ad.honggfuzz.cov new file mode 100644 index 00000000..6195606f Binary files /dev/null and b/examples/bind/corpus/90e161589d72ecdec29d99d0d01178e4.000003ad.honggfuzz.cov differ diff --git a/examples/bind/corpus/90e270449f4cc0dfdff5444962429b75.00000081.honggfuzz.cov b/examples/bind/corpus/90e270449f4cc0dfdff5444962429b75.00000081.honggfuzz.cov new file mode 100644 index 00000000..cb056217 Binary files /dev/null and b/examples/bind/corpus/90e270449f4cc0dfdff5444962429b75.00000081.honggfuzz.cov differ diff --git a/examples/bind/corpus/90f2e7a6a67246fdd7d527af29936c0c.00000085.honggfuzz.cov b/examples/bind/corpus/90f2e7a6a67246fdd7d527af29936c0c.00000085.honggfuzz.cov new file mode 100644 index 00000000..6be1dc43 Binary files /dev/null and b/examples/bind/corpus/90f2e7a6a67246fdd7d527af29936c0c.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/91030ca751fc2e1d1abbb96ee752cffc.00005ccd.honggfuzz.cov b/examples/bind/corpus/91030ca751fc2e1d1abbb96ee752cffc.00005ccd.honggfuzz.cov deleted file mode 100644 index 8de55f68..00000000 Binary files a/examples/bind/corpus/91030ca751fc2e1d1abbb96ee752cffc.00005ccd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9110ad005dd611620fdfe37084aa3c59.00000200.honggfuzz.cov b/examples/bind/corpus/9110ad005dd611620fdfe37084aa3c59.00000200.honggfuzz.cov new file mode 100644 index 00000000..bd03aa2e Binary files /dev/null and b/examples/bind/corpus/9110ad005dd611620fdfe37084aa3c59.00000200.honggfuzz.cov differ diff --git a/examples/bind/corpus/912850ca60b4c55c9d714b2939775da8.00000085.honggfuzz.cov b/examples/bind/corpus/912850ca60b4c55c9d714b2939775da8.00000085.honggfuzz.cov deleted file mode 100644 index cc31c3ec..00000000 Binary files a/examples/bind/corpus/912850ca60b4c55c9d714b2939775da8.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/912ade48f43dcdb4f3d8d337e289c395.00000085.honggfuzz.cov b/examples/bind/corpus/912ade48f43dcdb4f3d8d337e289c395.00000085.honggfuzz.cov deleted file mode 100644 index 88083052..00000000 Binary files a/examples/bind/corpus/912ade48f43dcdb4f3d8d337e289c395.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/914f012ffa39b893bdf3cc26001fe2cb.0000026a.honggfuzz.cov b/examples/bind/corpus/914f012ffa39b893bdf3cc26001fe2cb.0000026a.honggfuzz.cov new file mode 100644 index 00000000..f524d60d Binary files /dev/null and b/examples/bind/corpus/914f012ffa39b893bdf3cc26001fe2cb.0000026a.honggfuzz.cov differ diff --git a/examples/bind/corpus/9157e88c7eb6ecc5299ce23009957251.00000400.honggfuzz.cov b/examples/bind/corpus/9157e88c7eb6ecc5299ce23009957251.00000400.honggfuzz.cov deleted file mode 100644 index 8dfe874d..00000000 Binary files a/examples/bind/corpus/9157e88c7eb6ecc5299ce23009957251.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9164542c6d3c52d15204a78444516b17.00000085.honggfuzz.cov b/examples/bind/corpus/9164542c6d3c52d15204a78444516b17.00000085.honggfuzz.cov deleted file mode 100644 index b03b46af..00000000 Binary files a/examples/bind/corpus/9164542c6d3c52d15204a78444516b17.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/917b3a820550cb11ec6ef68c987e88e3.00005ad5.honggfuzz.cov b/examples/bind/corpus/917b3a820550cb11ec6ef68c987e88e3.00005ad5.honggfuzz.cov new file mode 100644 index 00000000..4ba9135c Binary files /dev/null and b/examples/bind/corpus/917b3a820550cb11ec6ef68c987e88e3.00005ad5.honggfuzz.cov differ diff --git a/examples/bind/corpus/9184b2e00cb00703bd7f480a85881b29.000002e0.honggfuzz.cov b/examples/bind/corpus/9184b2e00cb00703bd7f480a85881b29.000002e0.honggfuzz.cov new file mode 100644 index 00000000..f87d0f25 Binary files /dev/null and b/examples/bind/corpus/9184b2e00cb00703bd7f480a85881b29.000002e0.honggfuzz.cov differ diff --git a/examples/bind/corpus/9194070ee27759ad812d25a579137143.000000d4.honggfuzz.cov b/examples/bind/corpus/9194070ee27759ad812d25a579137143.000000d4.honggfuzz.cov deleted file mode 100644 index 7023553a..00000000 Binary files a/examples/bind/corpus/9194070ee27759ad812d25a579137143.000000d4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9198771b6d5ac3eb893a40e6eeeff2ee.000012cd.honggfuzz.cov b/examples/bind/corpus/9198771b6d5ac3eb893a40e6eeeff2ee.000012cd.honggfuzz.cov deleted file mode 100644 index 821765ba..00000000 Binary files a/examples/bind/corpus/9198771b6d5ac3eb893a40e6eeeff2ee.000012cd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/919bcf9e4164a1010c5b452c587bf6ad.00005759.honggfuzz.cov b/examples/bind/corpus/919bcf9e4164a1010c5b452c587bf6ad.00005759.honggfuzz.cov new file mode 100644 index 00000000..24c6bfab Binary files /dev/null and b/examples/bind/corpus/919bcf9e4164a1010c5b452c587bf6ad.00005759.honggfuzz.cov differ diff --git a/examples/bind/corpus/91b8f42cc672f2075af65025bdb95d47.00001242.honggfuzz.cov b/examples/bind/corpus/91b8f42cc672f2075af65025bdb95d47.00001242.honggfuzz.cov deleted file mode 100644 index a6856ad0..00000000 Binary files a/examples/bind/corpus/91b8f42cc672f2075af65025bdb95d47.00001242.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/91bc75c2e41607b099cf9e946f683e9e.0000005d.honggfuzz.cov b/examples/bind/corpus/91bc75c2e41607b099cf9e946f683e9e.0000005d.honggfuzz.cov new file mode 100644 index 00000000..9070e305 Binary files /dev/null and b/examples/bind/corpus/91bc75c2e41607b099cf9e946f683e9e.0000005d.honggfuzz.cov differ diff --git a/examples/bind/corpus/91c6e29345732f5868d1f839832c0503.00000ed5.honggfuzz.cov b/examples/bind/corpus/91c6e29345732f5868d1f839832c0503.00000ed5.honggfuzz.cov new file mode 100644 index 00000000..65d835af Binary files /dev/null and b/examples/bind/corpus/91c6e29345732f5868d1f839832c0503.00000ed5.honggfuzz.cov differ diff --git a/examples/bind/corpus/91ccebc8c8fe689386952e035a9496e9.000000a9.honggfuzz.cov b/examples/bind/corpus/91ccebc8c8fe689386952e035a9496e9.000000a9.honggfuzz.cov deleted file mode 100644 index 25eb6af3..00000000 Binary files a/examples/bind/corpus/91ccebc8c8fe689386952e035a9496e9.000000a9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/91ceda9325ed8026454b4a9ed1832345.000001e6.honggfuzz.cov b/examples/bind/corpus/91ceda9325ed8026454b4a9ed1832345.000001e6.honggfuzz.cov new file mode 100644 index 00000000..634c0bbe Binary files /dev/null and b/examples/bind/corpus/91ceda9325ed8026454b4a9ed1832345.000001e6.honggfuzz.cov differ diff --git a/examples/bind/corpus/91fab9705fc23dc73b4d508e4627eb80.00001f69.honggfuzz.cov b/examples/bind/corpus/91fab9705fc23dc73b4d508e4627eb80.00001f69.honggfuzz.cov new file mode 100644 index 00000000..f7d1bf9d Binary files /dev/null and b/examples/bind/corpus/91fab9705fc23dc73b4d508e4627eb80.00001f69.honggfuzz.cov differ diff --git a/examples/bind/corpus/920da23dff41b57cab7c11598115d55f.00000057.honggfuzz.cov b/examples/bind/corpus/920da23dff41b57cab7c11598115d55f.00000057.honggfuzz.cov new file mode 100644 index 00000000..a2cfa56d Binary files /dev/null and b/examples/bind/corpus/920da23dff41b57cab7c11598115d55f.00000057.honggfuzz.cov differ diff --git a/examples/bind/corpus/921938601b41da51b1747103ff5f18a9.00000046.honggfuzz.cov b/examples/bind/corpus/921938601b41da51b1747103ff5f18a9.00000046.honggfuzz.cov new file mode 100644 index 00000000..649d985d Binary files /dev/null and b/examples/bind/corpus/921938601b41da51b1747103ff5f18a9.00000046.honggfuzz.cov differ diff --git a/examples/bind/corpus/923f1e603d67da51b1747103d06118a9.00000046.honggfuzz.cov b/examples/bind/corpus/923f1e603d67da51b1747103d06118a9.00000046.honggfuzz.cov new file mode 100644 index 00000000..92ac4825 Binary files /dev/null and b/examples/bind/corpus/923f1e603d67da51b1747103d06118a9.00000046.honggfuzz.cov differ diff --git a/examples/bind/corpus/92582818dca200542bc77c82a71bd5b2.000000ab.honggfuzz.cov b/examples/bind/corpus/92582818dca200542bc77c82a71bd5b2.000000ab.honggfuzz.cov deleted file mode 100644 index f948709a..00000000 Binary files a/examples/bind/corpus/92582818dca200542bc77c82a71bd5b2.000000ab.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/925b1cca1abdd7831713493b0a4ef993.00000085.honggfuzz.cov b/examples/bind/corpus/925b1cca1abdd7831713493b0a4ef993.00000085.honggfuzz.cov deleted file mode 100644 index 56bfe016..00000000 Binary files a/examples/bind/corpus/925b1cca1abdd7831713493b0a4ef993.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/92663a101379b0b273f28adf3222dcfb.0000001e.honggfuzz.cov b/examples/bind/corpus/92663a101379b0b273f28adf3222dcfb.0000001e.honggfuzz.cov deleted file mode 100644 index 47a5f0be..00000000 Binary files a/examples/bind/corpus/92663a101379b0b273f28adf3222dcfb.0000001e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9279091973747a1b6aa04b15bb8ac656.000001e3.honggfuzz.cov b/examples/bind/corpus/9279091973747a1b6aa04b15bb8ac656.000001e3.honggfuzz.cov new file mode 100644 index 00000000..cb0895ae Binary files /dev/null and b/examples/bind/corpus/9279091973747a1b6aa04b15bb8ac656.000001e3.honggfuzz.cov differ diff --git a/examples/bind/corpus/9288dcf56119b49735f6e43f968e5659.00074f81.honggfuzz.cov b/examples/bind/corpus/9288dcf56119b49735f6e43f968e5659.00074f81.honggfuzz.cov deleted file mode 100644 index 66bc4f45..00000000 Binary files a/examples/bind/corpus/9288dcf56119b49735f6e43f968e5659.00074f81.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/92b5bb6040ae8ddda5d6f9701a489a7f.00008b51.honggfuzz.cov b/examples/bind/corpus/92b5bb6040ae8ddda5d6f9701a489a7f.00008b51.honggfuzz.cov deleted file mode 100644 index 4af21855..00000000 Binary files a/examples/bind/corpus/92b5bb6040ae8ddda5d6f9701a489a7f.00008b51.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/92cb08eb1e836e310f00d2ca9816b263.00000040.honggfuzz.cov b/examples/bind/corpus/92cb08eb1e836e310f00d2ca9816b263.00000040.honggfuzz.cov new file mode 100644 index 00000000..c1232e6a Binary files /dev/null and b/examples/bind/corpus/92cb08eb1e836e310f00d2ca9816b263.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/92df1a83bd36f4e43641894212b25229.000000f9.honggfuzz.cov b/examples/bind/corpus/92df1a83bd36f4e43641894212b25229.000000f9.honggfuzz.cov new file mode 100644 index 00000000..247120d5 Binary files /dev/null and b/examples/bind/corpus/92df1a83bd36f4e43641894212b25229.000000f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/931352da1d695dcfc800b6ff1cbc0195.00000085.honggfuzz.cov b/examples/bind/corpus/931352da1d695dcfc800b6ff1cbc0195.00000085.honggfuzz.cov new file mode 100644 index 00000000..f89229a3 Binary files /dev/null and b/examples/bind/corpus/931352da1d695dcfc800b6ff1cbc0195.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/93192c4bdd5453f97b0238191bf30464.0000010f.honggfuzz.cov b/examples/bind/corpus/93192c4bdd5453f97b0238191bf30464.0000010f.honggfuzz.cov new file mode 100644 index 00000000..172d2d5b Binary files /dev/null and b/examples/bind/corpus/93192c4bdd5453f97b0238191bf30464.0000010f.honggfuzz.cov differ diff --git a/examples/bind/corpus/934e25597112611aa0c43723a7e39005.000005d0.honggfuzz.cov b/examples/bind/corpus/934e25597112611aa0c43723a7e39005.000005d0.honggfuzz.cov new file mode 100644 index 00000000..23920cc5 Binary files /dev/null and b/examples/bind/corpus/934e25597112611aa0c43723a7e39005.000005d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/936246f003bc95d4b64189c42807592c.00000126.honggfuzz.cov b/examples/bind/corpus/936246f003bc95d4b64189c42807592c.00000126.honggfuzz.cov deleted file mode 100644 index b0006fee..00000000 Binary files a/examples/bind/corpus/936246f003bc95d4b64189c42807592c.00000126.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/939540c58aa95847c3775da2f6b5e29f.00000e1c.honggfuzz.cov b/examples/bind/corpus/939540c58aa95847c3775da2f6b5e29f.00000e1c.honggfuzz.cov deleted file mode 100644 index 8bb9196d..00000000 Binary files a/examples/bind/corpus/939540c58aa95847c3775da2f6b5e29f.00000e1c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9396a0e9009ecc5f80407042ed11562a.0000008c.honggfuzz.cov b/examples/bind/corpus/9396a0e9009ecc5f80407042ed11562a.0000008c.honggfuzz.cov new file mode 100644 index 00000000..c5eb59b8 Binary files /dev/null and b/examples/bind/corpus/9396a0e9009ecc5f80407042ed11562a.0000008c.honggfuzz.cov differ diff --git a/examples/bind/corpus/939d4ef8f0084949209a11b2000d5d3e.00002000.honggfuzz.cov b/examples/bind/corpus/939d4ef8f0084949209a11b2000d5d3e.00002000.honggfuzz.cov deleted file mode 100644 index 7c93574d..00000000 Binary files a/examples/bind/corpus/939d4ef8f0084949209a11b2000d5d3e.00002000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/93ab5962cc21c1e9fe0ed832e26498ed.00000085.honggfuzz.cov b/examples/bind/corpus/93ab5962cc21c1e9fe0ed832e26498ed.00000085.honggfuzz.cov new file mode 100644 index 00000000..ef63db8a Binary files /dev/null and b/examples/bind/corpus/93ab5962cc21c1e9fe0ed832e26498ed.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/93ae60ff5d60f62a4f13ead1dedd17c6.000544ba.honggfuzz.cov b/examples/bind/corpus/93ae60ff5d60f62a4f13ead1dedd17c6.000544ba.honggfuzz.cov deleted file mode 100644 index f5c4f97b..00000000 Binary files a/examples/bind/corpus/93ae60ff5d60f62a4f13ead1dedd17c6.000544ba.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/93b912c472f653461d2c79c6bf4f748c.0000042a.honggfuzz.cov b/examples/bind/corpus/93b912c472f653461d2c79c6bf4f748c.0000042a.honggfuzz.cov new file mode 100644 index 00000000..4ff5097a Binary files /dev/null and b/examples/bind/corpus/93b912c472f653461d2c79c6bf4f748c.0000042a.honggfuzz.cov differ diff --git a/examples/bind/corpus/93bd9e94dcda06de7b7b34ee2c512257.000015e9.honggfuzz.cov b/examples/bind/corpus/93bd9e94dcda06de7b7b34ee2c512257.000015e9.honggfuzz.cov deleted file mode 100644 index 0afd8fdc..00000000 Binary files a/examples/bind/corpus/93bd9e94dcda06de7b7b34ee2c512257.000015e9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/93bebf15077a0ff9e5b6fd4fee3765e4.0000002b.honggfuzz.cov b/examples/bind/corpus/93bebf15077a0ff9e5b6fd4fee3765e4.0000002b.honggfuzz.cov new file mode 100644 index 00000000..e4efadf0 Binary files /dev/null and b/examples/bind/corpus/93bebf15077a0ff9e5b6fd4fee3765e4.0000002b.honggfuzz.cov differ diff --git a/examples/bind/corpus/93c5481570c02c9a1ad813f67c2bdce5.0000157e.honggfuzz.cov b/examples/bind/corpus/93c5481570c02c9a1ad813f67c2bdce5.0000157e.honggfuzz.cov deleted file mode 100644 index ee31f035..00000000 Binary files a/examples/bind/corpus/93c5481570c02c9a1ad813f67c2bdce5.0000157e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/93c963dc6d0e49e1b93b21cbeadf51eb.00000787.honggfuzz.cov b/examples/bind/corpus/93c963dc6d0e49e1b93b21cbeadf51eb.00000787.honggfuzz.cov deleted file mode 100644 index a024b7da..00000000 Binary files a/examples/bind/corpus/93c963dc6d0e49e1b93b21cbeadf51eb.00000787.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/93ee4f1749d9387989bf175ce4e21922.00000085.honggfuzz.cov b/examples/bind/corpus/93ee4f1749d9387989bf175ce4e21922.00000085.honggfuzz.cov new file mode 100644 index 00000000..68126eb6 Binary files /dev/null and b/examples/bind/corpus/93ee4f1749d9387989bf175ce4e21922.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/93f280f8e5c5dd6d8b5723fb4782bfdf.00000080.honggfuzz.cov b/examples/bind/corpus/93f280f8e5c5dd6d8b5723fb4782bfdf.00000080.honggfuzz.cov deleted file mode 100644 index 00799160..00000000 Binary files a/examples/bind/corpus/93f280f8e5c5dd6d8b5723fb4782bfdf.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/941c25de3e1e0dca6770375d7cf9fbea.0001f7e8.honggfuzz.cov b/examples/bind/corpus/941c25de3e1e0dca6770375d7cf9fbea.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..58221ae0 Binary files /dev/null and b/examples/bind/corpus/941c25de3e1e0dca6770375d7cf9fbea.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/943a7708b1895fe3be689d08e3bda039.00000085.honggfuzz.cov b/examples/bind/corpus/943a7708b1895fe3be689d08e3bda039.00000085.honggfuzz.cov deleted file mode 100644 index 4b9cb813..00000000 Binary files a/examples/bind/corpus/943a7708b1895fe3be689d08e3bda039.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/943ef1d957d8fa048bd0f9563920f3e6.00000151.honggfuzz.cov b/examples/bind/corpus/943ef1d957d8fa048bd0f9563920f3e6.00000151.honggfuzz.cov deleted file mode 100644 index 2feb18a4..00000000 Binary files a/examples/bind/corpus/943ef1d957d8fa048bd0f9563920f3e6.00000151.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9442a98267020fd8a201e1d1e0732159.0000009d.honggfuzz.cov b/examples/bind/corpus/9442a98267020fd8a201e1d1e0732159.0000009d.honggfuzz.cov new file mode 100644 index 00000000..7fd89342 Binary files /dev/null and b/examples/bind/corpus/9442a98267020fd8a201e1d1e0732159.0000009d.honggfuzz.cov differ diff --git a/examples/bind/corpus/945eb6b1c032cbf6994cf5bb1cd858b9.00000041.honggfuzz.cov b/examples/bind/corpus/945eb6b1c032cbf6994cf5bb1cd858b9.00000041.honggfuzz.cov new file mode 100644 index 00000000..7ba58ce5 Binary files /dev/null and b/examples/bind/corpus/945eb6b1c032cbf6994cf5bb1cd858b9.00000041.honggfuzz.cov differ diff --git a/examples/bind/corpus/948c028c5de02f5c83c890b1a74c2249.0004a295.honggfuzz.cov b/examples/bind/corpus/948c028c5de02f5c83c890b1a74c2249.0004a295.honggfuzz.cov deleted file mode 100644 index 2dec9fe4..00000000 Binary files a/examples/bind/corpus/948c028c5de02f5c83c890b1a74c2249.0004a295.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/948d1c7a71e50d5a32d57d346c19577e.00000565.honggfuzz.cov b/examples/bind/corpus/948d1c7a71e50d5a32d57d346c19577e.00000565.honggfuzz.cov deleted file mode 100644 index 1d7c1a6a..00000000 Binary files a/examples/bind/corpus/948d1c7a71e50d5a32d57d346c19577e.00000565.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/94ab62936e3454e03f35e7e6d1f66960.00018619.honggfuzz.cov b/examples/bind/corpus/94ab62936e3454e03f35e7e6d1f66960.00018619.honggfuzz.cov deleted file mode 100644 index 3fd97f85..00000000 Binary files a/examples/bind/corpus/94ab62936e3454e03f35e7e6d1f66960.00018619.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/94d21f64bfa8fc2845e481d7111a13da.00000112.honggfuzz.cov b/examples/bind/corpus/94d21f64bfa8fc2845e481d7111a13da.00000112.honggfuzz.cov new file mode 100644 index 00000000..3b522122 Binary files /dev/null and b/examples/bind/corpus/94d21f64bfa8fc2845e481d7111a13da.00000112.honggfuzz.cov differ diff --git a/examples/bind/corpus/94e18e277cbccee08f05f51c1204fbd8.0001153e.honggfuzz.cov b/examples/bind/corpus/94e18e277cbccee08f05f51c1204fbd8.0001153e.honggfuzz.cov deleted file mode 100644 index 3278292b..00000000 Binary files a/examples/bind/corpus/94e18e277cbccee08f05f51c1204fbd8.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/95082d7b1318eaa30af9dd5b2bb97543.000003ed.honggfuzz.cov b/examples/bind/corpus/95082d7b1318eaa30af9dd5b2bb97543.000003ed.honggfuzz.cov deleted file mode 100644 index d4679de4..00000000 Binary files a/examples/bind/corpus/95082d7b1318eaa30af9dd5b2bb97543.000003ed.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/950d0474421ba46a30288be5a7b1e024.00000085.honggfuzz.cov b/examples/bind/corpus/950d0474421ba46a30288be5a7b1e024.00000085.honggfuzz.cov new file mode 100644 index 00000000..036c7fc2 Binary files /dev/null and b/examples/bind/corpus/950d0474421ba46a30288be5a7b1e024.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/952c0f945505af54c5a1bd88391ce256.00000085.honggfuzz.cov b/examples/bind/corpus/952c0f945505af54c5a1bd88391ce256.00000085.honggfuzz.cov deleted file mode 100644 index fb45d91c..00000000 Binary files a/examples/bind/corpus/952c0f945505af54c5a1bd88391ce256.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9553d4c8fd8d9ebaba64d392e71c65fc.0000151e.honggfuzz.cov b/examples/bind/corpus/9553d4c8fd8d9ebaba64d392e71c65fc.0000151e.honggfuzz.cov deleted file mode 100644 index 30a4fedd..00000000 Binary files a/examples/bind/corpus/9553d4c8fd8d9ebaba64d392e71c65fc.0000151e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9579eaba9f0a853a30cfabc81b452aaf.00000085.honggfuzz.cov b/examples/bind/corpus/9579eaba9f0a853a30cfabc81b452aaf.00000085.honggfuzz.cov deleted file mode 100644 index 57eb3649..00000000 Binary files a/examples/bind/corpus/9579eaba9f0a853a30cfabc81b452aaf.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/957b6c0097b91d989b231fafd3d5c5b1.0000009c.honggfuzz.cov b/examples/bind/corpus/957b6c0097b91d989b231fafd3d5c5b1.0000009c.honggfuzz.cov deleted file mode 100644 index a9a4da5a..00000000 Binary files a/examples/bind/corpus/957b6c0097b91d989b231fafd3d5c5b1.0000009c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/958b647e9f3d12394ff676dec29fd637.0001f7e8.honggfuzz.cov b/examples/bind/corpus/958b647e9f3d12394ff676dec29fd637.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..bfbc3829 Binary files /dev/null and b/examples/bind/corpus/958b647e9f3d12394ff676dec29fd637.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/958e37b649c9de2bc39536fe7e78bd25.000000f9.honggfuzz.cov b/examples/bind/corpus/958e37b649c9de2bc39536fe7e78bd25.000000f9.honggfuzz.cov new file mode 100644 index 00000000..9078f65c Binary files /dev/null and b/examples/bind/corpus/958e37b649c9de2bc39536fe7e78bd25.000000f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/959221af735be8f079a05ccffd9f65e6.000000b4.honggfuzz.cov b/examples/bind/corpus/959221af735be8f079a05ccffd9f65e6.000000b4.honggfuzz.cov deleted file mode 100644 index 7a2c4d3b..00000000 Binary files a/examples/bind/corpus/959221af735be8f079a05ccffd9f65e6.000000b4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/95966bd17e89c70af8a1cf572e90e493.0000017a.honggfuzz.cov b/examples/bind/corpus/95966bd17e89c70af8a1cf572e90e493.0000017a.honggfuzz.cov deleted file mode 100644 index c99fa19a..00000000 Binary files a/examples/bind/corpus/95966bd17e89c70af8a1cf572e90e493.0000017a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/95ad87813436c2da99728f77e2e1aef3.00000085.honggfuzz.cov b/examples/bind/corpus/95ad87813436c2da99728f77e2e1aef3.00000085.honggfuzz.cov deleted file mode 100644 index 92de86ce..00000000 Binary files a/examples/bind/corpus/95ad87813436c2da99728f77e2e1aef3.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/95c36bc8194a5500f783a60225a3de76.000000f9.honggfuzz.cov b/examples/bind/corpus/95c36bc8194a5500f783a60225a3de76.000000f9.honggfuzz.cov deleted file mode 100644 index 78e5da99..00000000 Binary files a/examples/bind/corpus/95c36bc8194a5500f783a60225a3de76.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/95cfa987d2ffc685f3381a7ee915425b.00000035.honggfuzz.cov b/examples/bind/corpus/95cfa987d2ffc685f3381a7ee915425b.00000035.honggfuzz.cov new file mode 100644 index 00000000..fa1ba955 Binary files /dev/null and b/examples/bind/corpus/95cfa987d2ffc685f3381a7ee915425b.00000035.honggfuzz.cov differ diff --git a/examples/bind/corpus/95d75756e9b5bf58668328e700073a9c.00000131.honggfuzz.cov b/examples/bind/corpus/95d75756e9b5bf58668328e700073a9c.00000131.honggfuzz.cov new file mode 100644 index 00000000..d2b8715d Binary files /dev/null and b/examples/bind/corpus/95d75756e9b5bf58668328e700073a9c.00000131.honggfuzz.cov differ diff --git a/examples/bind/corpus/95dcea0e3b9156fdc4743e11090a9cb4.000001df.honggfuzz.cov b/examples/bind/corpus/95dcea0e3b9156fdc4743e11090a9cb4.000001df.honggfuzz.cov deleted file mode 100644 index 1cd8957c..00000000 Binary files a/examples/bind/corpus/95dcea0e3b9156fdc4743e11090a9cb4.000001df.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/95e8fabd8f3301fbef168661f3287239.00000169.honggfuzz.cov b/examples/bind/corpus/95e8fabd8f3301fbef168661f3287239.00000169.honggfuzz.cov new file mode 100644 index 00000000..0f92cd1b Binary files /dev/null and b/examples/bind/corpus/95e8fabd8f3301fbef168661f3287239.00000169.honggfuzz.cov differ diff --git a/examples/bind/corpus/95edd21cf4aab97fee02124c20e64e9e.00000380.honggfuzz.cov b/examples/bind/corpus/95edd21cf4aab97fee02124c20e64e9e.00000380.honggfuzz.cov deleted file mode 100644 index 2701700b..00000000 Binary files a/examples/bind/corpus/95edd21cf4aab97fee02124c20e64e9e.00000380.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/961874269834e8da4771698f1f83843f.00000bb8.honggfuzz.cov b/examples/bind/corpus/961874269834e8da4771698f1f83843f.00000bb8.honggfuzz.cov deleted file mode 100644 index 1a909572..00000000 Binary files a/examples/bind/corpus/961874269834e8da4771698f1f83843f.00000bb8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/962d18cbbe73e1872400d275feea9ea3.00000962.honggfuzz.cov b/examples/bind/corpus/962d18cbbe73e1872400d275feea9ea3.00000962.honggfuzz.cov deleted file mode 100644 index 8b5cc7d7..00000000 Binary files a/examples/bind/corpus/962d18cbbe73e1872400d275feea9ea3.00000962.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9632501017dc1365286e9955a7b36373.0000008a.honggfuzz.cov b/examples/bind/corpus/9632501017dc1365286e9955a7b36373.0000008a.honggfuzz.cov new file mode 100644 index 00000000..24231f6b Binary files /dev/null and b/examples/bind/corpus/9632501017dc1365286e9955a7b36373.0000008a.honggfuzz.cov differ diff --git a/examples/bind/corpus/9654699f08a018a06c79d41ef81a75ca.00001748.honggfuzz.cov b/examples/bind/corpus/9654699f08a018a06c79d41ef81a75ca.00001748.honggfuzz.cov new file mode 100644 index 00000000..e409d523 Binary files /dev/null and b/examples/bind/corpus/9654699f08a018a06c79d41ef81a75ca.00001748.honggfuzz.cov differ diff --git a/examples/bind/corpus/9663245b6a3c52840701f784443a0017.00000085.honggfuzz.cov b/examples/bind/corpus/9663245b6a3c52840701f784443a0017.00000085.honggfuzz.cov deleted file mode 100644 index dff536bd..00000000 Binary files a/examples/bind/corpus/9663245b6a3c52840701f784443a0017.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9678a123038506666abbcc568bf81854.00000400.honggfuzz.cov b/examples/bind/corpus/9678a123038506666abbcc568bf81854.00000400.honggfuzz.cov deleted file mode 100644 index 820e41f5..00000000 Binary files a/examples/bind/corpus/9678a123038506666abbcc568bf81854.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9684ebf91ce49da502d53a318bfdb29b.0001a1d1.honggfuzz.cov b/examples/bind/corpus/9684ebf91ce49da502d53a318bfdb29b.0001a1d1.honggfuzz.cov deleted file mode 100644 index ca432c7a..00000000 Binary files a/examples/bind/corpus/9684ebf91ce49da502d53a318bfdb29b.0001a1d1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9690d863368939e72c32b19350a7ff6a.000000ef.honggfuzz.cov b/examples/bind/corpus/9690d863368939e72c32b19350a7ff6a.000000ef.honggfuzz.cov deleted file mode 100644 index 1801338c..00000000 Binary files a/examples/bind/corpus/9690d863368939e72c32b19350a7ff6a.000000ef.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9692da5931a8fa27ff6f0ac9908f1df2.00001d71.honggfuzz.cov b/examples/bind/corpus/9692da5931a8fa27ff6f0ac9908f1df2.00001d71.honggfuzz.cov new file mode 100644 index 00000000..8203fa1b Binary files /dev/null and b/examples/bind/corpus/9692da5931a8fa27ff6f0ac9908f1df2.00001d71.honggfuzz.cov differ diff --git a/examples/bind/corpus/96a1e74ccf02a348e748dc38f3143cd7.00000131.honggfuzz.cov b/examples/bind/corpus/96a1e74ccf02a348e748dc38f3143cd7.00000131.honggfuzz.cov new file mode 100644 index 00000000..3bf6de11 Binary files /dev/null and b/examples/bind/corpus/96a1e74ccf02a348e748dc38f3143cd7.00000131.honggfuzz.cov differ diff --git a/examples/bind/corpus/96a3628eb1637fbe61684f80c48420a1.00000124.honggfuzz.cov b/examples/bind/corpus/96a3628eb1637fbe61684f80c48420a1.00000124.honggfuzz.cov new file mode 100644 index 00000000..b8714785 Binary files /dev/null and b/examples/bind/corpus/96a3628eb1637fbe61684f80c48420a1.00000124.honggfuzz.cov differ diff --git a/examples/bind/corpus/96a4badb92f966eb8a733d7a7745767e.00000188.honggfuzz.cov b/examples/bind/corpus/96a4badb92f966eb8a733d7a7745767e.00000188.honggfuzz.cov deleted file mode 100644 index bdb0ee54..00000000 Binary files a/examples/bind/corpus/96a4badb92f966eb8a733d7a7745767e.00000188.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/96b1e704e36a32be1d96018045b82ec5.00000dff.honggfuzz.cov b/examples/bind/corpus/96b1e704e36a32be1d96018045b82ec5.00000dff.honggfuzz.cov new file mode 100644 index 00000000..ead8b589 Binary files /dev/null and b/examples/bind/corpus/96b1e704e36a32be1d96018045b82ec5.00000dff.honggfuzz.cov differ diff --git a/examples/bind/corpus/96d38c8e07fc20644ca2537e107a6e08.00007b69.honggfuzz.cov b/examples/bind/corpus/96d38c8e07fc20644ca2537e107a6e08.00007b69.honggfuzz.cov new file mode 100644 index 00000000..ffd473be Binary files /dev/null and b/examples/bind/corpus/96d38c8e07fc20644ca2537e107a6e08.00007b69.honggfuzz.cov differ diff --git a/examples/bind/corpus/96dd3a78d208663782c4d27673bd653e.00001969.honggfuzz.cov b/examples/bind/corpus/96dd3a78d208663782c4d27673bd653e.00001969.honggfuzz.cov deleted file mode 100644 index 74c474f4..00000000 Binary files a/examples/bind/corpus/96dd3a78d208663782c4d27673bd653e.00001969.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/96e510df86609a71de4f9320ad5d0282.0000010f.honggfuzz.cov b/examples/bind/corpus/96e510df86609a71de4f9320ad5d0282.0000010f.honggfuzz.cov deleted file mode 100644 index cd27b737..00000000 Binary files a/examples/bind/corpus/96e510df86609a71de4f9320ad5d0282.0000010f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9700a09d638cfc47576ec63e4a04a65f.00000053.honggfuzz.cov b/examples/bind/corpus/9700a09d638cfc47576ec63e4a04a65f.00000053.honggfuzz.cov new file mode 100644 index 00000000..710c00ad Binary files /dev/null and b/examples/bind/corpus/9700a09d638cfc47576ec63e4a04a65f.00000053.honggfuzz.cov differ diff --git a/examples/bind/corpus/972ee7f31b17723c574d7f8b7c0487f8.00000085.honggfuzz.cov b/examples/bind/corpus/972ee7f31b17723c574d7f8b7c0487f8.00000085.honggfuzz.cov deleted file mode 100644 index 183d9762..00000000 Binary files a/examples/bind/corpus/972ee7f31b17723c574d7f8b7c0487f8.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/97316c489b77a6b365ea9b98c5a62cd7.000456df.honggfuzz.cov b/examples/bind/corpus/97316c489b77a6b365ea9b98c5a62cd7.000456df.honggfuzz.cov deleted file mode 100644 index 18461042..00000000 Binary files a/examples/bind/corpus/97316c489b77a6b365ea9b98c5a62cd7.000456df.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/974a77e9261eb3a01a440e184ea27e05.0000054f.honggfuzz.cov b/examples/bind/corpus/974a77e9261eb3a01a440e184ea27e05.0000054f.honggfuzz.cov deleted file mode 100644 index d84e59af..00000000 Binary files a/examples/bind/corpus/974a77e9261eb3a01a440e184ea27e05.0000054f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/975654946fa7dbca4d8bd529f048e3db.0000005c.honggfuzz.cov b/examples/bind/corpus/975654946fa7dbca4d8bd529f048e3db.0000005c.honggfuzz.cov deleted file mode 100644 index a6a65ab1..00000000 Binary files a/examples/bind/corpus/975654946fa7dbca4d8bd529f048e3db.0000005c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/975e04dac8bc7885136700a279e19144.00002000.honggfuzz.cov b/examples/bind/corpus/975e04dac8bc7885136700a279e19144.00002000.honggfuzz.cov new file mode 100644 index 00000000..3685a5d8 Binary files /dev/null and b/examples/bind/corpus/975e04dac8bc7885136700a279e19144.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/976c28de87d3bcffed4475018a2019bf.00000085.honggfuzz.cov b/examples/bind/corpus/976c28de87d3bcffed4475018a2019bf.00000085.honggfuzz.cov deleted file mode 100644 index a7f55d39..00000000 Binary files a/examples/bind/corpus/976c28de87d3bcffed4475018a2019bf.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/97bbe55e98256d0b66e71e4188c1f8ec.0001d067.honggfuzz.cov b/examples/bind/corpus/97bbe55e98256d0b66e71e4188c1f8ec.0001d067.honggfuzz.cov deleted file mode 100644 index 2cbbe2c4..00000000 Binary files a/examples/bind/corpus/97bbe55e98256d0b66e71e4188c1f8ec.0001d067.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/97d466cc545692d01f44e037bae9df0e.00000e03.honggfuzz.cov b/examples/bind/corpus/97d466cc545692d01f44e037bae9df0e.00000e03.honggfuzz.cov deleted file mode 100644 index f11528af..00000000 Binary files a/examples/bind/corpus/97d466cc545692d01f44e037bae9df0e.00000e03.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/97d4b765c4113abf600e77c85009eac9.00000036.honggfuzz.cov b/examples/bind/corpus/97d4b765c4113abf600e77c85009eac9.00000036.honggfuzz.cov new file mode 100644 index 00000000..0309a6e7 Binary files /dev/null and b/examples/bind/corpus/97d4b765c4113abf600e77c85009eac9.00000036.honggfuzz.cov differ diff --git a/examples/bind/corpus/97d88a339cc208d082c792c01cd3f245.0000031d.honggfuzz.cov b/examples/bind/corpus/97d88a339cc208d082c792c01cd3f245.0000031d.honggfuzz.cov deleted file mode 100644 index 5c3a9db3..00000000 Binary files a/examples/bind/corpus/97d88a339cc208d082c792c01cd3f245.0000031d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/97e178d006d8074d0b6b712a26e7228d.000000e0.honggfuzz.cov b/examples/bind/corpus/97e178d006d8074d0b6b712a26e7228d.000000e0.honggfuzz.cov deleted file mode 100644 index 4873ecfa..00000000 Binary files a/examples/bind/corpus/97e178d006d8074d0b6b712a26e7228d.000000e0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/97e2082e6786baa217ec1a16b5f9d748.00000085.honggfuzz.cov b/examples/bind/corpus/97e2082e6786baa217ec1a16b5f9d748.00000085.honggfuzz.cov new file mode 100644 index 00000000..3203f5bf Binary files /dev/null and b/examples/bind/corpus/97e2082e6786baa217ec1a16b5f9d748.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/97e2693e51cc097dd701541d41a30c50.000101d0.honggfuzz.cov b/examples/bind/corpus/97e2693e51cc097dd701541d41a30c50.000101d0.honggfuzz.cov new file mode 100644 index 00000000..2ff0703f Binary files /dev/null and b/examples/bind/corpus/97e2693e51cc097dd701541d41a30c50.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/9807a7c4654a8043caf1cd872cf88dee.0000037e.honggfuzz.cov b/examples/bind/corpus/9807a7c4654a8043caf1cd872cf88dee.0000037e.honggfuzz.cov new file mode 100644 index 00000000..3ec4672e Binary files /dev/null and b/examples/bind/corpus/9807a7c4654a8043caf1cd872cf88dee.0000037e.honggfuzz.cov differ diff --git a/examples/bind/corpus/9816103e52ea19f04e025531f3f04cce.000000b5.honggfuzz.cov b/examples/bind/corpus/9816103e52ea19f04e025531f3f04cce.000000b5.honggfuzz.cov new file mode 100644 index 00000000..0c47b22d Binary files /dev/null and b/examples/bind/corpus/9816103e52ea19f04e025531f3f04cce.000000b5.honggfuzz.cov differ diff --git a/examples/bind/corpus/984768fe51ccc526276b288a1408d291.00000088.honggfuzz.cov b/examples/bind/corpus/984768fe51ccc526276b288a1408d291.00000088.honggfuzz.cov new file mode 100644 index 00000000..4eb6555f Binary files /dev/null and b/examples/bind/corpus/984768fe51ccc526276b288a1408d291.00000088.honggfuzz.cov differ diff --git a/examples/bind/corpus/988aafae1a9d02ca0e54688e116bffd9.00000089.honggfuzz.cov b/examples/bind/corpus/988aafae1a9d02ca0e54688e116bffd9.00000089.honggfuzz.cov new file mode 100644 index 00000000..894a97d1 Binary files /dev/null and b/examples/bind/corpus/988aafae1a9d02ca0e54688e116bffd9.00000089.honggfuzz.cov differ diff --git a/examples/bind/corpus/98a47da863275b2aaf55e69f4ac36c72.00000050.honggfuzz.cov b/examples/bind/corpus/98a47da863275b2aaf55e69f4ac36c72.00000050.honggfuzz.cov deleted file mode 100644 index bcb1d20b..00000000 Binary files a/examples/bind/corpus/98a47da863275b2aaf55e69f4ac36c72.00000050.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/98b7ef7d192c1fd79eb48dfb4c6aaf19.00000085.honggfuzz.cov b/examples/bind/corpus/98b7ef7d192c1fd79eb48dfb4c6aaf19.00000085.honggfuzz.cov deleted file mode 100644 index c7b49fd8..00000000 Binary files a/examples/bind/corpus/98b7ef7d192c1fd79eb48dfb4c6aaf19.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/98c6bcf703c4ceb57a9a8dbc5dda819b.00000085.honggfuzz.cov b/examples/bind/corpus/98c6bcf703c4ceb57a9a8dbc5dda819b.00000085.honggfuzz.cov deleted file mode 100644 index ce5ebc8b..00000000 Binary files a/examples/bind/corpus/98c6bcf703c4ceb57a9a8dbc5dda819b.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/98da8f9561bf8c543ccedd4fb8223020.00000124.honggfuzz.cov b/examples/bind/corpus/98da8f9561bf8c543ccedd4fb8223020.00000124.honggfuzz.cov new file mode 100644 index 00000000..c22216c1 Binary files /dev/null and b/examples/bind/corpus/98da8f9561bf8c543ccedd4fb8223020.00000124.honggfuzz.cov differ diff --git a/examples/bind/corpus/98e060534c0298f3be18174bc7d5b972.000003db.honggfuzz.cov b/examples/bind/corpus/98e060534c0298f3be18174bc7d5b972.000003db.honggfuzz.cov deleted file mode 100644 index af8c604b..00000000 Binary files a/examples/bind/corpus/98e060534c0298f3be18174bc7d5b972.000003db.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/98f825012506923e38144bc109a9a7f0.00000040.honggfuzz.cov b/examples/bind/corpus/98f825012506923e38144bc109a9a7f0.00000040.honggfuzz.cov new file mode 100644 index 00000000..3dd907ac Binary files /dev/null and b/examples/bind/corpus/98f825012506923e38144bc109a9a7f0.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/990b565a33a685b9522d233c635a0963.0000004f.honggfuzz.cov b/examples/bind/corpus/990b565a33a685b9522d233c635a0963.0000004f.honggfuzz.cov deleted file mode 100644 index 86b02c1d..00000000 Binary files a/examples/bind/corpus/990b565a33a685b9522d233c635a0963.0000004f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/99148f422e82c649d7b3629ac84bdbb9.000000f7.honggfuzz.cov b/examples/bind/corpus/99148f422e82c649d7b3629ac84bdbb9.000000f7.honggfuzz.cov new file mode 100644 index 00000000..40a7e2f7 Binary files /dev/null and b/examples/bind/corpus/99148f422e82c649d7b3629ac84bdbb9.000000f7.honggfuzz.cov differ diff --git a/examples/bind/corpus/9914953d5606f6a84b1c7aad5191513f.00000040.honggfuzz.cov b/examples/bind/corpus/9914953d5606f6a84b1c7aad5191513f.00000040.honggfuzz.cov deleted file mode 100644 index c80f1a81..00000000 Binary files a/examples/bind/corpus/9914953d5606f6a84b1c7aad5191513f.00000040.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/992e97e9af1046d681e7958dc7a039b0.0000001d.honggfuzz.cov b/examples/bind/corpus/992e97e9af1046d681e7958dc7a039b0.0000001d.honggfuzz.cov deleted file mode 100644 index 352acfb5..00000000 Binary files a/examples/bind/corpus/992e97e9af1046d681e7958dc7a039b0.0000001d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9936fd7ecd3d8ca5b72baa27ba559c77.00000326.honggfuzz.cov b/examples/bind/corpus/9936fd7ecd3d8ca5b72baa27ba559c77.00000326.honggfuzz.cov new file mode 100644 index 00000000..07ab4f1b Binary files /dev/null and b/examples/bind/corpus/9936fd7ecd3d8ca5b72baa27ba559c77.00000326.honggfuzz.cov differ diff --git a/examples/bind/corpus/99442b4c6bca8179c62dc69a91305a8f.00000085.honggfuzz.cov b/examples/bind/corpus/99442b4c6bca8179c62dc69a91305a8f.00000085.honggfuzz.cov deleted file mode 100644 index 9f1591d1..00000000 Binary files a/examples/bind/corpus/99442b4c6bca8179c62dc69a91305a8f.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/994455000104000a76b00af0b401b000.0000000a.honggfuzz.cov b/examples/bind/corpus/994455000104000a76b00af0b401b000.0000000a.honggfuzz.cov deleted file mode 100644 index b4475e42..00000000 Binary files a/examples/bind/corpus/994455000104000a76b00af0b401b000.0000000a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/994ec9dd88302bf900ed58b4bcb90ad6.000000b3.honggfuzz.cov b/examples/bind/corpus/994ec9dd88302bf900ed58b4bcb90ad6.000000b3.honggfuzz.cov deleted file mode 100644 index c349db8a..00000000 Binary files a/examples/bind/corpus/994ec9dd88302bf900ed58b4bcb90ad6.000000b3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/997e361c34599bfa7cd2f70ec596c64d.00000057.honggfuzz.cov b/examples/bind/corpus/997e361c34599bfa7cd2f70ec596c64d.00000057.honggfuzz.cov deleted file mode 100644 index 8d7ae27a..00000000 Binary files a/examples/bind/corpus/997e361c34599bfa7cd2f70ec596c64d.00000057.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/998092c59877e864c67102e65529973b.000000f9.honggfuzz.cov b/examples/bind/corpus/998092c59877e864c67102e65529973b.000000f9.honggfuzz.cov deleted file mode 100644 index 5011da23..00000000 Binary files a/examples/bind/corpus/998092c59877e864c67102e65529973b.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9988335543d270da97ab62db0274214a.00000053.honggfuzz.cov b/examples/bind/corpus/9988335543d270da97ab62db0274214a.00000053.honggfuzz.cov new file mode 100644 index 00000000..307fdbe9 Binary files /dev/null and b/examples/bind/corpus/9988335543d270da97ab62db0274214a.00000053.honggfuzz.cov differ diff --git a/examples/bind/corpus/9993d897c47779f8ab48e3df7e63674d.00000137.honggfuzz.cov b/examples/bind/corpus/9993d897c47779f8ab48e3df7e63674d.00000137.honggfuzz.cov deleted file mode 100644 index 146b51a1..00000000 Binary files a/examples/bind/corpus/9993d897c47779f8ab48e3df7e63674d.00000137.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/99a4af298af65377ad1c67fdabd5ec1c.00000085.honggfuzz.cov b/examples/bind/corpus/99a4af298af65377ad1c67fdabd5ec1c.00000085.honggfuzz.cov deleted file mode 100644 index 71590446..00000000 Binary files a/examples/bind/corpus/99a4af298af65377ad1c67fdabd5ec1c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/99b900b32888c18306a9768fe28c6e9b.000001e8.honggfuzz.cov b/examples/bind/corpus/99b900b32888c18306a9768fe28c6e9b.000001e8.honggfuzz.cov new file mode 100644 index 00000000..4c92eab0 Binary files /dev/null and b/examples/bind/corpus/99b900b32888c18306a9768fe28c6e9b.000001e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/99be5b3f28ba751caadee34552d96dde.00000133.honggfuzz.cov b/examples/bind/corpus/99be5b3f28ba751caadee34552d96dde.00000133.honggfuzz.cov new file mode 100644 index 00000000..c123de4e Binary files /dev/null and b/examples/bind/corpus/99be5b3f28ba751caadee34552d96dde.00000133.honggfuzz.cov differ diff --git a/examples/bind/corpus/99c8658ec91b3d2ee9b447e5e7aa41dc.00016ced.honggfuzz.cov b/examples/bind/corpus/99c8658ec91b3d2ee9b447e5e7aa41dc.00016ced.honggfuzz.cov deleted file mode 100644 index e5649467..00000000 Binary files a/examples/bind/corpus/99c8658ec91b3d2ee9b447e5e7aa41dc.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/99f79a7957856720248d03f177622590.0000ffff.honggfuzz.cov b/examples/bind/corpus/99f79a7957856720248d03f177622590.0000ffff.honggfuzz.cov new file mode 100644 index 00000000..9e8ec43f Binary files /dev/null and b/examples/bind/corpus/99f79a7957856720248d03f177622590.0000ffff.honggfuzz.cov differ diff --git a/examples/bind/corpus/9a0160c83f77ba8fc6413297ac542acc.00000084.honggfuzz.cov b/examples/bind/corpus/9a0160c83f77ba8fc6413297ac542acc.00000084.honggfuzz.cov new file mode 100644 index 00000000..fc7a2286 Binary files /dev/null and b/examples/bind/corpus/9a0160c83f77ba8fc6413297ac542acc.00000084.honggfuzz.cov differ diff --git a/examples/bind/corpus/9a20bcf2c3c6cf1917cdcb372cb16035.000001e6.honggfuzz.cov b/examples/bind/corpus/9a20bcf2c3c6cf1917cdcb372cb16035.000001e6.honggfuzz.cov deleted file mode 100644 index 7b57211f..00000000 Binary files a/examples/bind/corpus/9a20bcf2c3c6cf1917cdcb372cb16035.000001e6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9a24e0f5e967016222485d751d249678.00000c2b.honggfuzz.cov b/examples/bind/corpus/9a24e0f5e967016222485d751d249678.00000c2b.honggfuzz.cov new file mode 100644 index 00000000..8e903fa4 Binary files /dev/null and b/examples/bind/corpus/9a24e0f5e967016222485d751d249678.00000c2b.honggfuzz.cov differ diff --git a/examples/bind/corpus/9a2e93f94cb9e4ccfef55975c70df7cc.00000085.honggfuzz.cov b/examples/bind/corpus/9a2e93f94cb9e4ccfef55975c70df7cc.00000085.honggfuzz.cov deleted file mode 100644 index eb4af64e..00000000 Binary files a/examples/bind/corpus/9a2e93f94cb9e4ccfef55975c70df7cc.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9a478e850a78330bcd9743b98d046c2f.00000813.honggfuzz.cov b/examples/bind/corpus/9a478e850a78330bcd9743b98d046c2f.00000813.honggfuzz.cov deleted file mode 100644 index 05f096a2..00000000 Binary files a/examples/bind/corpus/9a478e850a78330bcd9743b98d046c2f.00000813.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9a4c0f2d0c1f58cce8b3accb44c8b887.00037bf1.honggfuzz.cov b/examples/bind/corpus/9a4c0f2d0c1f58cce8b3accb44c8b887.00037bf1.honggfuzz.cov deleted file mode 100644 index 8313cd0e..00000000 Binary files a/examples/bind/corpus/9a4c0f2d0c1f58cce8b3accb44c8b887.00037bf1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9a524b5e74ec2c5a25dd15af8f5fd1ee.0000b904.honggfuzz.cov b/examples/bind/corpus/9a524b5e74ec2c5a25dd15af8f5fd1ee.0000b904.honggfuzz.cov deleted file mode 100644 index 98e0b564..00000000 Binary files a/examples/bind/corpus/9a524b5e74ec2c5a25dd15af8f5fd1ee.0000b904.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9a5b671aa4e307ba305444ff8887dc95.0000186a.honggfuzz.cov b/examples/bind/corpus/9a5b671aa4e307ba305444ff8887dc95.0000186a.honggfuzz.cov deleted file mode 100644 index f042b3b7..00000000 Binary files a/examples/bind/corpus/9a5b671aa4e307ba305444ff8887dc95.0000186a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9a847f2b92f2954753e4675843752342.0000ede4.honggfuzz.cov b/examples/bind/corpus/9a847f2b92f2954753e4675843752342.0000ede4.honggfuzz.cov deleted file mode 100644 index 0bbe8a15..00000000 Binary files a/examples/bind/corpus/9a847f2b92f2954753e4675843752342.0000ede4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9a9e43619d28ceedb8f72e81fc8b8cbe.00000020.honggfuzz.cov b/examples/bind/corpus/9a9e43619d28ceedb8f72e81fc8b8cbe.00000020.honggfuzz.cov new file mode 100644 index 00000000..746dc4c3 Binary files /dev/null and b/examples/bind/corpus/9a9e43619d28ceedb8f72e81fc8b8cbe.00000020.honggfuzz.cov differ diff --git a/examples/bind/corpus/9aafc693d7d3b6e2c9c513c1c7e721a7.00000e87.honggfuzz.cov b/examples/bind/corpus/9aafc693d7d3b6e2c9c513c1c7e721a7.00000e87.honggfuzz.cov new file mode 100644 index 00000000..0c80b858 Binary files /dev/null and b/examples/bind/corpus/9aafc693d7d3b6e2c9c513c1c7e721a7.00000e87.honggfuzz.cov differ diff --git a/examples/bind/corpus/9acad278c1a511ce63340baa622b4753.0000008a.honggfuzz.cov b/examples/bind/corpus/9acad278c1a511ce63340baa622b4753.0000008a.honggfuzz.cov new file mode 100644 index 00000000..11084bcf Binary files /dev/null and b/examples/bind/corpus/9acad278c1a511ce63340baa622b4753.0000008a.honggfuzz.cov differ diff --git a/examples/bind/corpus/9accd3f7695b86bf7e41c45ffbe1852d.000000f9.honggfuzz.cov b/examples/bind/corpus/9accd3f7695b86bf7e41c45ffbe1852d.000000f9.honggfuzz.cov deleted file mode 100644 index 8d72517b..00000000 Binary files a/examples/bind/corpus/9accd3f7695b86bf7e41c45ffbe1852d.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9acdfd19ca9863238dfc9be0a7382581.000000d9.honggfuzz.cov b/examples/bind/corpus/9acdfd19ca9863238dfc9be0a7382581.000000d9.honggfuzz.cov deleted file mode 100644 index 64aea5ff..00000000 Binary files a/examples/bind/corpus/9acdfd19ca9863238dfc9be0a7382581.000000d9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9ae15eeb980a9ad76a34bd8c99308fce.0000001e.honggfuzz.cov b/examples/bind/corpus/9ae15eeb980a9ad76a34bd8c99308fce.0000001e.honggfuzz.cov deleted file mode 100644 index dc697707..00000000 Binary files a/examples/bind/corpus/9ae15eeb980a9ad76a34bd8c99308fce.0000001e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9ae15eeb987a9dd72b30ad8c99308fce.0000001e.honggfuzz.cov b/examples/bind/corpus/9ae15eeb987a9dd72b30ad8c99308fce.0000001e.honggfuzz.cov new file mode 100644 index 00000000..582ae281 Binary files /dev/null and b/examples/bind/corpus/9ae15eeb987a9dd72b30ad8c99308fce.0000001e.honggfuzz.cov differ diff --git a/examples/bind/corpus/9af6c9513718fdc00c99462caed3e098.00000400.honggfuzz.cov b/examples/bind/corpus/9af6c9513718fdc00c99462caed3e098.00000400.honggfuzz.cov deleted file mode 100644 index 81bc3f94..00000000 Binary files a/examples/bind/corpus/9af6c9513718fdc00c99462caed3e098.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9afb2673b5faa7933f968fd8321b5ad4.00000085.honggfuzz.cov b/examples/bind/corpus/9afb2673b5faa7933f968fd8321b5ad4.00000085.honggfuzz.cov deleted file mode 100644 index 6f6b8b7f..00000000 Binary files a/examples/bind/corpus/9afb2673b5faa7933f968fd8321b5ad4.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9b04e3b49b565dc489e467751d1fdc00.0000001b.honggfuzz.cov b/examples/bind/corpus/9b04e3b49b565dc489e467751d1fdc00.0000001b.honggfuzz.cov new file mode 100644 index 00000000..e4a289e3 Binary files /dev/null and b/examples/bind/corpus/9b04e3b49b565dc489e467751d1fdc00.0000001b.honggfuzz.cov differ diff --git a/examples/bind/corpus/9b0937c11d190ea979a53ff8adea77c8.00005435.honggfuzz.cov b/examples/bind/corpus/9b0937c11d190ea979a53ff8adea77c8.00005435.honggfuzz.cov deleted file mode 100644 index c1f23422..00000000 Binary files a/examples/bind/corpus/9b0937c11d190ea979a53ff8adea77c8.00005435.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9b146a09601c4c98344091ac62b3e07c.0001f7e8.honggfuzz.cov b/examples/bind/corpus/9b146a09601c4c98344091ac62b3e07c.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..0c88deff Binary files /dev/null and b/examples/bind/corpus/9b146a09601c4c98344091ac62b3e07c.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/9b2f99351050881042d56a4f699a2221.00000085.honggfuzz.cov b/examples/bind/corpus/9b2f99351050881042d56a4f699a2221.00000085.honggfuzz.cov deleted file mode 100644 index 6d82b8f5..00000000 Binary files a/examples/bind/corpus/9b2f99351050881042d56a4f699a2221.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9b4fa82f2f7d8974d4e72ea43f59c22a.00000080.honggfuzz.cov b/examples/bind/corpus/9b4fa82f2f7d8974d4e72ea43f59c22a.00000080.honggfuzz.cov new file mode 100644 index 00000000..4027717a Binary files /dev/null and b/examples/bind/corpus/9b4fa82f2f7d8974d4e72ea43f59c22a.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/9b50664f0e69819678e5f9cd014e1b5e.0000014c.honggfuzz.cov b/examples/bind/corpus/9b50664f0e69819678e5f9cd014e1b5e.0000014c.honggfuzz.cov new file mode 100644 index 00000000..0a44d7f6 Binary files /dev/null and b/examples/bind/corpus/9b50664f0e69819678e5f9cd014e1b5e.0000014c.honggfuzz.cov differ diff --git a/examples/bind/corpus/9b526e300dc89572c75a0899523a542b.00000085.honggfuzz.cov b/examples/bind/corpus/9b526e300dc89572c75a0899523a542b.00000085.honggfuzz.cov new file mode 100644 index 00000000..76d39498 Binary files /dev/null and b/examples/bind/corpus/9b526e300dc89572c75a0899523a542b.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/9b53f13aa2e8ee4e2813a7d017617426.00000085.honggfuzz.cov b/examples/bind/corpus/9b53f13aa2e8ee4e2813a7d017617426.00000085.honggfuzz.cov deleted file mode 100644 index 2f708986..00000000 Binary files a/examples/bind/corpus/9b53f13aa2e8ee4e2813a7d017617426.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9bd050fb65acf65e4c4db33d25f586fc.00000086.honggfuzz.cov b/examples/bind/corpus/9bd050fb65acf65e4c4db33d25f586fc.00000086.honggfuzz.cov new file mode 100644 index 00000000..f92fd24b Binary files /dev/null and b/examples/bind/corpus/9bd050fb65acf65e4c4db33d25f586fc.00000086.honggfuzz.cov differ diff --git a/examples/bind/corpus/9bd92fa396722ba4eb5a3e8f29a8db4b.00000b97.honggfuzz.cov b/examples/bind/corpus/9bd92fa396722ba4eb5a3e8f29a8db4b.00000b97.honggfuzz.cov deleted file mode 100644 index 1a2affb0..00000000 Binary files a/examples/bind/corpus/9bd92fa396722ba4eb5a3e8f29a8db4b.00000b97.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9bef75bcd684bd8b34a6624b75008047.00000085.honggfuzz.cov b/examples/bind/corpus/9bef75bcd684bd8b34a6624b75008047.00000085.honggfuzz.cov deleted file mode 100644 index dd93ee4b..00000000 Binary files a/examples/bind/corpus/9bef75bcd684bd8b34a6624b75008047.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9c04aa454702d942ab3924ffa9151a6a.00006dc8.honggfuzz.cov b/examples/bind/corpus/9c04aa454702d942ab3924ffa9151a6a.00006dc8.honggfuzz.cov deleted file mode 100644 index d892b033..00000000 Binary files a/examples/bind/corpus/9c04aa454702d942ab3924ffa9151a6a.00006dc8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9c06335ea3609683fc18182f80b12b89.00010c3b.honggfuzz.cov b/examples/bind/corpus/9c06335ea3609683fc18182f80b12b89.00010c3b.honggfuzz.cov deleted file mode 100644 index cedf1b8c..00000000 Binary files a/examples/bind/corpus/9c06335ea3609683fc18182f80b12b89.00010c3b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9c16b20f8ee99a46a205af03cd2e70f3.0000009e.honggfuzz.cov b/examples/bind/corpus/9c16b20f8ee99a46a205af03cd2e70f3.0000009e.honggfuzz.cov new file mode 100644 index 00000000..005f2292 Binary files /dev/null and b/examples/bind/corpus/9c16b20f8ee99a46a205af03cd2e70f3.0000009e.honggfuzz.cov differ diff --git a/examples/bind/corpus/9c1fd5a293e3adb4287e03e1f894a70a.0000247f.honggfuzz.cov b/examples/bind/corpus/9c1fd5a293e3adb4287e03e1f894a70a.0000247f.honggfuzz.cov new file mode 100644 index 00000000..ed801836 Binary files /dev/null and b/examples/bind/corpus/9c1fd5a293e3adb4287e03e1f894a70a.0000247f.honggfuzz.cov differ diff --git a/examples/bind/corpus/9c3749c4e931d4dafcbac4f9de7ab8b7.00000400.honggfuzz.cov b/examples/bind/corpus/9c3749c4e931d4dafcbac4f9de7ab8b7.00000400.honggfuzz.cov deleted file mode 100644 index 00dc19ac..00000000 Binary files a/examples/bind/corpus/9c3749c4e931d4dafcbac4f9de7ab8b7.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9c3fcd5eb79ade22542c2f5e489b5785.00000085.honggfuzz.cov b/examples/bind/corpus/9c3fcd5eb79ade22542c2f5e489b5785.00000085.honggfuzz.cov deleted file mode 100644 index c0cf3ce1..00000000 Binary files a/examples/bind/corpus/9c3fcd5eb79ade22542c2f5e489b5785.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9c48ea7d0f7b68d34de54376f92c96ad.0000012f.honggfuzz.cov b/examples/bind/corpus/9c48ea7d0f7b68d34de54376f92c96ad.0000012f.honggfuzz.cov new file mode 100644 index 00000000..a8a6f93f Binary files /dev/null and b/examples/bind/corpus/9c48ea7d0f7b68d34de54376f92c96ad.0000012f.honggfuzz.cov differ diff --git a/examples/bind/corpus/9c4c5dd9b675b931019346240deae7d4.00000186.honggfuzz.cov b/examples/bind/corpus/9c4c5dd9b675b931019346240deae7d4.00000186.honggfuzz.cov deleted file mode 100644 index d54b1393..00000000 Binary files a/examples/bind/corpus/9c4c5dd9b675b931019346240deae7d4.00000186.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9c5d3355a6126742306cd9453d7fdc09.00001b82.honggfuzz.cov b/examples/bind/corpus/9c5d3355a6126742306cd9453d7fdc09.00001b82.honggfuzz.cov deleted file mode 100644 index 47a00966..00000000 Binary files a/examples/bind/corpus/9c5d3355a6126742306cd9453d7fdc09.00001b82.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9c6c8baf4e5f90aec3b087960eb86762.0000002a.honggfuzz.cov b/examples/bind/corpus/9c6c8baf4e5f90aec3b087960eb86762.0000002a.honggfuzz.cov deleted file mode 100644 index 1a0e476a..00000000 Binary files a/examples/bind/corpus/9c6c8baf4e5f90aec3b087960eb86762.0000002a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9c7eef3a552018671669aef008bf6f6c.00000473.honggfuzz.cov b/examples/bind/corpus/9c7eef3a552018671669aef008bf6f6c.00000473.honggfuzz.cov new file mode 100644 index 00000000..a3fe50de Binary files /dev/null and b/examples/bind/corpus/9c7eef3a552018671669aef008bf6f6c.00000473.honggfuzz.cov differ diff --git a/examples/bind/corpus/9c80116f64df445f99934cfe8c2c3293.00000026.honggfuzz.cov b/examples/bind/corpus/9c80116f64df445f99934cfe8c2c3293.00000026.honggfuzz.cov new file mode 100644 index 00000000..4b0cd09b Binary files /dev/null and b/examples/bind/corpus/9c80116f64df445f99934cfe8c2c3293.00000026.honggfuzz.cov differ diff --git a/examples/bind/corpus/9c8ccbb4c83bff2386b60f660f522a99.00000078.honggfuzz.cov b/examples/bind/corpus/9c8ccbb4c83bff2386b60f660f522a99.00000078.honggfuzz.cov new file mode 100644 index 00000000..fa30d7a7 Binary files /dev/null and b/examples/bind/corpus/9c8ccbb4c83bff2386b60f660f522a99.00000078.honggfuzz.cov differ diff --git a/examples/bind/corpus/9c9118b9c4c10aaa8f908c8b61f62305.00000085.honggfuzz.cov b/examples/bind/corpus/9c9118b9c4c10aaa8f908c8b61f62305.00000085.honggfuzz.cov deleted file mode 100644 index a3ffea9d..00000000 Binary files a/examples/bind/corpus/9c9118b9c4c10aaa8f908c8b61f62305.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9ca7a82dec679c40e63331e6c94d5dc3.000078f9.honggfuzz.cov b/examples/bind/corpus/9ca7a82dec679c40e63331e6c94d5dc3.000078f9.honggfuzz.cov new file mode 100644 index 00000000..9362ed98 Binary files /dev/null and b/examples/bind/corpus/9ca7a82dec679c40e63331e6c94d5dc3.000078f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/9caba165ea39b21e452491d68a3bb3e3.00000040.honggfuzz.cov b/examples/bind/corpus/9caba165ea39b21e452491d68a3bb3e3.00000040.honggfuzz.cov deleted file mode 100644 index f2c1a7c6..00000000 Binary files a/examples/bind/corpus/9caba165ea39b21e452491d68a3bb3e3.00000040.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9cb02bd31d2bbf73732818bd287206a7.00018619.honggfuzz.cov b/examples/bind/corpus/9cb02bd31d2bbf73732818bd287206a7.00018619.honggfuzz.cov deleted file mode 100644 index 6d2749d9..00000000 Binary files a/examples/bind/corpus/9cb02bd31d2bbf73732818bd287206a7.00018619.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9cc433d6102cb04a88d65f9b9a501103.000003e3.honggfuzz.cov b/examples/bind/corpus/9cc433d6102cb04a88d65f9b9a501103.000003e3.honggfuzz.cov new file mode 100644 index 00000000..732379a0 Binary files /dev/null and b/examples/bind/corpus/9cc433d6102cb04a88d65f9b9a501103.000003e3.honggfuzz.cov differ diff --git a/examples/bind/corpus/9cd4586cd6caea6ffd7f74c954fcbf10.0000006e.honggfuzz.cov b/examples/bind/corpus/9cd4586cd6caea6ffd7f74c954fcbf10.0000006e.honggfuzz.cov new file mode 100644 index 00000000..f529f1c9 Binary files /dev/null and b/examples/bind/corpus/9cd4586cd6caea6ffd7f74c954fcbf10.0000006e.honggfuzz.cov differ diff --git a/examples/bind/corpus/9cfa5e73092d6e284c3fee11ba83d176.0000194e.honggfuzz.cov b/examples/bind/corpus/9cfa5e73092d6e284c3fee11ba83d176.0000194e.honggfuzz.cov new file mode 100644 index 00000000..a0692a48 Binary files /dev/null and b/examples/bind/corpus/9cfa5e73092d6e284c3fee11ba83d176.0000194e.honggfuzz.cov differ diff --git a/examples/bind/corpus/9cfc854e19a7fe05057a9daedc94161a.00002000.honggfuzz.cov b/examples/bind/corpus/9cfc854e19a7fe05057a9daedc94161a.00002000.honggfuzz.cov new file mode 100644 index 00000000..63464034 Binary files /dev/null and b/examples/bind/corpus/9cfc854e19a7fe05057a9daedc94161a.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/9d19c045275ee624b19de2a84e680087.00000077.honggfuzz.cov b/examples/bind/corpus/9d19c045275ee624b19de2a84e680087.00000077.honggfuzz.cov deleted file mode 100644 index b933c302..00000000 Binary files a/examples/bind/corpus/9d19c045275ee624b19de2a84e680087.00000077.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9d26a3a8f891dc44d9d03e03a8df852f.0000009e.honggfuzz.cov b/examples/bind/corpus/9d26a3a8f891dc44d9d03e03a8df852f.0000009e.honggfuzz.cov new file mode 100644 index 00000000..5bee337c Binary files /dev/null and b/examples/bind/corpus/9d26a3a8f891dc44d9d03e03a8df852f.0000009e.honggfuzz.cov differ diff --git a/examples/bind/corpus/9d3a64677cc44ff31785fb27e05abb75.00000085.honggfuzz.cov b/examples/bind/corpus/9d3a64677cc44ff31785fb27e05abb75.00000085.honggfuzz.cov deleted file mode 100644 index a3ba5642..00000000 Binary files a/examples/bind/corpus/9d3a64677cc44ff31785fb27e05abb75.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9d4b8877f540261791c5dae38711a84c.00017634.honggfuzz.cov b/examples/bind/corpus/9d4b8877f540261791c5dae38711a84c.00017634.honggfuzz.cov deleted file mode 100644 index d1ea6ab0..00000000 Binary files a/examples/bind/corpus/9d4b8877f540261791c5dae38711a84c.00017634.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9d63a110d1319cfee1215191794d6dc0.0000da9a.honggfuzz.cov b/examples/bind/corpus/9d63a110d1319cfee1215191794d6dc0.0000da9a.honggfuzz.cov new file mode 100644 index 00000000..8cc2fa64 Binary files /dev/null and b/examples/bind/corpus/9d63a110d1319cfee1215191794d6dc0.0000da9a.honggfuzz.cov differ diff --git a/examples/bind/corpus/9d97131428060500feb7cbc0f4371104.00000153.honggfuzz.cov b/examples/bind/corpus/9d97131428060500feb7cbc0f4371104.00000153.honggfuzz.cov deleted file mode 100644 index 6676d922..00000000 Binary files a/examples/bind/corpus/9d97131428060500feb7cbc0f4371104.00000153.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9d97d371c555969656596667d63d9696.0000000d.honggfuzz.cov b/examples/bind/corpus/9d97d371c555969656596667d63d9696.0000000d.honggfuzz.cov new file mode 100644 index 00000000..9e2c6f27 Binary files /dev/null and b/examples/bind/corpus/9d97d371c555969656596667d63d9696.0000000d.honggfuzz.cov differ diff --git a/examples/bind/corpus/9da9b3840b9c0decfd984009cf844c26.0000006e.honggfuzz.cov b/examples/bind/corpus/9da9b3840b9c0decfd984009cf844c26.0000006e.honggfuzz.cov deleted file mode 100644 index c80fcf58..00000000 Binary files a/examples/bind/corpus/9da9b3840b9c0decfd984009cf844c26.0000006e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9dc0bef6c3c0fb81fa2f099fae2a1483.00001876.honggfuzz.cov b/examples/bind/corpus/9dc0bef6c3c0fb81fa2f099fae2a1483.00001876.honggfuzz.cov new file mode 100644 index 00000000..617912c7 Binary files /dev/null and b/examples/bind/corpus/9dc0bef6c3c0fb81fa2f099fae2a1483.00001876.honggfuzz.cov differ diff --git a/examples/bind/corpus/9e3197835860d90892a0b0774a0fd116.00000ffe.honggfuzz.cov b/examples/bind/corpus/9e3197835860d90892a0b0774a0fd116.00000ffe.honggfuzz.cov new file mode 100644 index 00000000..ba883899 Binary files /dev/null and b/examples/bind/corpus/9e3197835860d90892a0b0774a0fd116.00000ffe.honggfuzz.cov differ diff --git a/examples/bind/corpus/9e54fde9dc4fce6fd2a3330606e88ca1.000000db.honggfuzz.cov b/examples/bind/corpus/9e54fde9dc4fce6fd2a3330606e88ca1.000000db.honggfuzz.cov new file mode 100644 index 00000000..287aa312 Binary files /dev/null and b/examples/bind/corpus/9e54fde9dc4fce6fd2a3330606e88ca1.000000db.honggfuzz.cov differ diff --git a/examples/bind/corpus/9e5bd0993ee77df183fa6204b8d5d063.00000085.honggfuzz.cov b/examples/bind/corpus/9e5bd0993ee77df183fa6204b8d5d063.00000085.honggfuzz.cov deleted file mode 100644 index ffdeda86..00000000 Binary files a/examples/bind/corpus/9e5bd0993ee77df183fa6204b8d5d063.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9e5d32fc1396702b7f6687d6d07a3a76.00000085.honggfuzz.cov b/examples/bind/corpus/9e5d32fc1396702b7f6687d6d07a3a76.00000085.honggfuzz.cov deleted file mode 100644 index 708f47ff..00000000 Binary files a/examples/bind/corpus/9e5d32fc1396702b7f6687d6d07a3a76.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9e9b84c1312657f0ba21044ff6c4d555.000000c5.honggfuzz.cov b/examples/bind/corpus/9e9b84c1312657f0ba21044ff6c4d555.000000c5.honggfuzz.cov new file mode 100644 index 00000000..def530af Binary files /dev/null and b/examples/bind/corpus/9e9b84c1312657f0ba21044ff6c4d555.000000c5.honggfuzz.cov differ diff --git a/examples/bind/corpus/9e9c7c2d45b74eaca2fbba5dac45567a.00000085.honggfuzz.cov b/examples/bind/corpus/9e9c7c2d45b74eaca2fbba5dac45567a.00000085.honggfuzz.cov deleted file mode 100644 index 6a8dd864..00000000 Binary files a/examples/bind/corpus/9e9c7c2d45b74eaca2fbba5dac45567a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9ed7a44f3459579c7293fd82f91886a5.00000085.honggfuzz.cov b/examples/bind/corpus/9ed7a44f3459579c7293fd82f91886a5.00000085.honggfuzz.cov deleted file mode 100644 index 00e80dc8..00000000 Binary files a/examples/bind/corpus/9ed7a44f3459579c7293fd82f91886a5.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9ef327d7f6dda107436104a9316a80bc.00000085.honggfuzz.cov b/examples/bind/corpus/9ef327d7f6dda107436104a9316a80bc.00000085.honggfuzz.cov deleted file mode 100644 index 4aea34f5..00000000 Binary files a/examples/bind/corpus/9ef327d7f6dda107436104a9316a80bc.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9ef880fd79741ae30f8933edb5931850.000007ec.honggfuzz.cov b/examples/bind/corpus/9ef880fd79741ae30f8933edb5931850.000007ec.honggfuzz.cov deleted file mode 100644 index d5269381..00000000 Binary files a/examples/bind/corpus/9ef880fd79741ae30f8933edb5931850.000007ec.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9efd6b6bbf73575d92070667871a01d8.00002000.honggfuzz.cov b/examples/bind/corpus/9efd6b6bbf73575d92070667871a01d8.00002000.honggfuzz.cov new file mode 100644 index 00000000..1a11c052 Binary files /dev/null and b/examples/bind/corpus/9efd6b6bbf73575d92070667871a01d8.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/9f1870c4c76199261050f365a0440e0f.0000006c.honggfuzz.cov b/examples/bind/corpus/9f1870c4c76199261050f365a0440e0f.0000006c.honggfuzz.cov deleted file mode 100644 index a1eb54ec..00000000 Binary files a/examples/bind/corpus/9f1870c4c76199261050f365a0440e0f.0000006c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9f1b409e68c5a67dac21d6d03853a649.00001c32.honggfuzz.cov b/examples/bind/corpus/9f1b409e68c5a67dac21d6d03853a649.00001c32.honggfuzz.cov deleted file mode 100644 index 744066cb..00000000 Binary files a/examples/bind/corpus/9f1b409e68c5a67dac21d6d03853a649.00001c32.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9f220c220f6c517431d71d4e08ae8738.00000131.honggfuzz.cov b/examples/bind/corpus/9f220c220f6c517431d71d4e08ae8738.00000131.honggfuzz.cov deleted file mode 100644 index a56afb45..00000000 Binary files a/examples/bind/corpus/9f220c220f6c517431d71d4e08ae8738.00000131.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9f292121381f43142bdf5172b9525bd6.00002f8b.honggfuzz.cov b/examples/bind/corpus/9f292121381f43142bdf5172b9525bd6.00002f8b.honggfuzz.cov new file mode 100644 index 00000000..98ebb79b Binary files /dev/null and b/examples/bind/corpus/9f292121381f43142bdf5172b9525bd6.00002f8b.honggfuzz.cov differ diff --git a/examples/bind/corpus/9f34f7eacae98612255422419adb4275.00000085.honggfuzz.cov b/examples/bind/corpus/9f34f7eacae98612255422419adb4275.00000085.honggfuzz.cov new file mode 100644 index 00000000..9271e4d6 Binary files /dev/null and b/examples/bind/corpus/9f34f7eacae98612255422419adb4275.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/9f3b0bab8818e85f40a3d259cee1c1f4.000003db.honggfuzz.cov b/examples/bind/corpus/9f3b0bab8818e85f40a3d259cee1c1f4.000003db.honggfuzz.cov deleted file mode 100644 index 6efc300e..00000000 Binary files a/examples/bind/corpus/9f3b0bab8818e85f40a3d259cee1c1f4.000003db.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9f40657d9a60bac7a329c42339c31397.00004436.honggfuzz.cov b/examples/bind/corpus/9f40657d9a60bac7a329c42339c31397.00004436.honggfuzz.cov deleted file mode 100644 index 79a2938f..00000000 Binary files a/examples/bind/corpus/9f40657d9a60bac7a329c42339c31397.00004436.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9f49883a1efa1dbfe31704cc95c5436f.00001cf2.honggfuzz.cov b/examples/bind/corpus/9f49883a1efa1dbfe31704cc95c5436f.00001cf2.honggfuzz.cov deleted file mode 100644 index d919825e..00000000 Binary files a/examples/bind/corpus/9f49883a1efa1dbfe31704cc95c5436f.00001cf2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9f4ca46f8c98bf93f69d2d5f437fd264.00000080.honggfuzz.cov b/examples/bind/corpus/9f4ca46f8c98bf93f69d2d5f437fd264.00000080.honggfuzz.cov deleted file mode 100644 index 96de4197..00000000 Binary files a/examples/bind/corpus/9f4ca46f8c98bf93f69d2d5f437fd264.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9f940d317226629c1ccdc39d7766ddd0.000003a2.honggfuzz.cov b/examples/bind/corpus/9f940d317226629c1ccdc39d7766ddd0.000003a2.honggfuzz.cov deleted file mode 100644 index 781ee2da..00000000 Binary files a/examples/bind/corpus/9f940d317226629c1ccdc39d7766ddd0.000003a2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9fa933d0ab17015fea3c248cbd109424.00002000.honggfuzz.cov b/examples/bind/corpus/9fa933d0ab17015fea3c248cbd109424.00002000.honggfuzz.cov deleted file mode 100644 index fc7d107f..00000000 Binary files a/examples/bind/corpus/9fa933d0ab17015fea3c248cbd109424.00002000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9fb9c1f611ea4f2a92273d317a872a69.0000021c.honggfuzz.cov b/examples/bind/corpus/9fb9c1f611ea4f2a92273d317a872a69.0000021c.honggfuzz.cov deleted file mode 100644 index 2335f9ee..00000000 Binary files a/examples/bind/corpus/9fb9c1f611ea4f2a92273d317a872a69.0000021c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/9fbb24871c5f0f69408ad3bd4e619889.000001c0.honggfuzz.cov b/examples/bind/corpus/9fbb24871c5f0f69408ad3bd4e619889.000001c0.honggfuzz.cov deleted file mode 100644 index d8cbf0c2..00000000 Binary files a/examples/bind/corpus/9fbb24871c5f0f69408ad3bd4e619889.000001c0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a016fe637a1b8c9c0c9f64fefdc8301a.00000028.honggfuzz.cov b/examples/bind/corpus/a016fe637a1b8c9c0c9f64fefdc8301a.00000028.honggfuzz.cov new file mode 100644 index 00000000..0047ce9d Binary files /dev/null and b/examples/bind/corpus/a016fe637a1b8c9c0c9f64fefdc8301a.00000028.honggfuzz.cov differ diff --git a/examples/bind/corpus/a01c3ddf42aedd0f602fb9ac6f62d7bc.00000037.honggfuzz.cov b/examples/bind/corpus/a01c3ddf42aedd0f602fb9ac6f62d7bc.00000037.honggfuzz.cov new file mode 100644 index 00000000..baf982bb Binary files /dev/null and b/examples/bind/corpus/a01c3ddf42aedd0f602fb9ac6f62d7bc.00000037.honggfuzz.cov differ diff --git a/examples/bind/corpus/a03b1b98a888cea5675269f56a178fb8.00007d13.honggfuzz.cov b/examples/bind/corpus/a03b1b98a888cea5675269f56a178fb8.00007d13.honggfuzz.cov new file mode 100644 index 00000000..3fbfe685 Binary files /dev/null and b/examples/bind/corpus/a03b1b98a888cea5675269f56a178fb8.00007d13.honggfuzz.cov differ diff --git a/examples/bind/corpus/a03b6d24f1faef19fa6bff3dfdae9b42.000000da.honggfuzz.cov b/examples/bind/corpus/a03b6d24f1faef19fa6bff3dfdae9b42.000000da.honggfuzz.cov deleted file mode 100644 index d9fa2ff7..00000000 Binary files a/examples/bind/corpus/a03b6d24f1faef19fa6bff3dfdae9b42.000000da.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a0520991170e2e6b6743b9f334f3d3c7.0000002d.honggfuzz.cov b/examples/bind/corpus/a0520991170e2e6b6743b9f334f3d3c7.0000002d.honggfuzz.cov deleted file mode 100644 index d0fe489c..00000000 Binary files a/examples/bind/corpus/a0520991170e2e6b6743b9f334f3d3c7.0000002d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a05777b289961561be9774c612d5adab.00000040.honggfuzz.cov b/examples/bind/corpus/a05777b289961561be9774c612d5adab.00000040.honggfuzz.cov deleted file mode 100644 index 994cc827..00000000 Binary files a/examples/bind/corpus/a05777b289961561be9774c612d5adab.00000040.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a064cfcde57fa35e0c1e2c7b491475b2.00000098.honggfuzz.cov b/examples/bind/corpus/a064cfcde57fa35e0c1e2c7b491475b2.00000098.honggfuzz.cov deleted file mode 100644 index 9a3d8071..00000000 Binary files a/examples/bind/corpus/a064cfcde57fa35e0c1e2c7b491475b2.00000098.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a07e62f089ab39b6b35deefeb0a51912.00000085.honggfuzz.cov b/examples/bind/corpus/a07e62f089ab39b6b35deefeb0a51912.00000085.honggfuzz.cov new file mode 100644 index 00000000..6b8d724e Binary files /dev/null and b/examples/bind/corpus/a07e62f089ab39b6b35deefeb0a51912.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/a0b24fbad6746111920f68bed16b421e.00001ff2.honggfuzz.cov b/examples/bind/corpus/a0b24fbad6746111920f68bed16b421e.00001ff2.honggfuzz.cov deleted file mode 100644 index 15e9b12f..00000000 Binary files a/examples/bind/corpus/a0b24fbad6746111920f68bed16b421e.00001ff2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a0bb083b07210c657d90e9433932b822.000000d6.honggfuzz.cov b/examples/bind/corpus/a0bb083b07210c657d90e9433932b822.000000d6.honggfuzz.cov new file mode 100644 index 00000000..46efe94f Binary files /dev/null and b/examples/bind/corpus/a0bb083b07210c657d90e9433932b822.000000d6.honggfuzz.cov differ diff --git a/examples/bind/corpus/a0be23958f0e9098a51f927ffee515e8.0001380f.honggfuzz.cov b/examples/bind/corpus/a0be23958f0e9098a51f927ffee515e8.0001380f.honggfuzz.cov deleted file mode 100644 index 164de40f..00000000 Binary files a/examples/bind/corpus/a0be23958f0e9098a51f927ffee515e8.0001380f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a0d71bd6b842a5d1064e602e7d629a10.000001b4.honggfuzz.cov b/examples/bind/corpus/a0d71bd6b842a5d1064e602e7d629a10.000001b4.honggfuzz.cov new file mode 100644 index 00000000..7599c6a4 Binary files /dev/null and b/examples/bind/corpus/a0d71bd6b842a5d1064e602e7d629a10.000001b4.honggfuzz.cov differ diff --git a/examples/bind/corpus/a10cd633271fe1918f6402844e039d37.0000149e.honggfuzz.cov b/examples/bind/corpus/a10cd633271fe1918f6402844e039d37.0000149e.honggfuzz.cov deleted file mode 100644 index c247f1b8..00000000 Binary files a/examples/bind/corpus/a10cd633271fe1918f6402844e039d37.0000149e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a14c766662ea031a57db264ac2b68da3.0000015c.honggfuzz.cov b/examples/bind/corpus/a14c766662ea031a57db264ac2b68da3.0000015c.honggfuzz.cov new file mode 100644 index 00000000..f852e9cc Binary files /dev/null and b/examples/bind/corpus/a14c766662ea031a57db264ac2b68da3.0000015c.honggfuzz.cov differ diff --git a/examples/bind/corpus/a15442623d6f0b0be45c19242f117008.00000230.honggfuzz.cov b/examples/bind/corpus/a15442623d6f0b0be45c19242f117008.00000230.honggfuzz.cov new file mode 100644 index 00000000..2480e41b Binary files /dev/null and b/examples/bind/corpus/a15442623d6f0b0be45c19242f117008.00000230.honggfuzz.cov differ diff --git a/examples/bind/corpus/a183b4888ed00161535073c521c43acb.0000007e.honggfuzz.cov b/examples/bind/corpus/a183b4888ed00161535073c521c43acb.0000007e.honggfuzz.cov new file mode 100644 index 00000000..3997810d Binary files /dev/null and b/examples/bind/corpus/a183b4888ed00161535073c521c43acb.0000007e.honggfuzz.cov differ diff --git a/examples/bind/corpus/a185a0e8906407ea8cf819772a2d2770.000000ac.honggfuzz.cov b/examples/bind/corpus/a185a0e8906407ea8cf819772a2d2770.000000ac.honggfuzz.cov deleted file mode 100644 index 3919c8ce..00000000 Binary files a/examples/bind/corpus/a185a0e8906407ea8cf819772a2d2770.000000ac.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a1a3023c9881ad336c71c7965b5fb811.00000085.honggfuzz.cov b/examples/bind/corpus/a1a3023c9881ad336c71c7965b5fb811.00000085.honggfuzz.cov deleted file mode 100644 index 6521776d..00000000 Binary files a/examples/bind/corpus/a1a3023c9881ad336c71c7965b5fb811.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a1a60014fa1a91308a596eca526293cc.0000039a.honggfuzz.cov b/examples/bind/corpus/a1a60014fa1a91308a596eca526293cc.0000039a.honggfuzz.cov deleted file mode 100644 index 1f02edde..00000000 Binary files a/examples/bind/corpus/a1a60014fa1a91308a596eca526293cc.0000039a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a1a7f91aae7df9c662b5970f58e40fc0.00000085.honggfuzz.cov b/examples/bind/corpus/a1a7f91aae7df9c662b5970f58e40fc0.00000085.honggfuzz.cov deleted file mode 100644 index 20682dd8..00000000 Binary files a/examples/bind/corpus/a1a7f91aae7df9c662b5970f58e40fc0.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a1b0b1238e5d652e93ad8c2701606cbf.0000003c.honggfuzz.cov b/examples/bind/corpus/a1b0b1238e5d652e93ad8c2701606cbf.0000003c.honggfuzz.cov deleted file mode 100644 index c5787a82..00000000 Binary files a/examples/bind/corpus/a1b0b1238e5d652e93ad8c2701606cbf.0000003c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a1b607f8e55d652e93ad892751606cbf.0000003c.honggfuzz.cov b/examples/bind/corpus/a1b607f8e55d652e93ad892751606cbf.0000003c.honggfuzz.cov new file mode 100644 index 00000000..d241c367 Binary files /dev/null and b/examples/bind/corpus/a1b607f8e55d652e93ad892751606cbf.0000003c.honggfuzz.cov differ diff --git a/examples/bind/corpus/a1dc76867a0858992450d51accce24fd.000096fd.honggfuzz.cov b/examples/bind/corpus/a1dc76867a0858992450d51accce24fd.000096fd.honggfuzz.cov deleted file mode 100644 index 98d95e93..00000000 Binary files a/examples/bind/corpus/a1dc76867a0858992450d51accce24fd.000096fd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a1eb1ef4cb3878b4a5ea20e2d32fd8b2.0000e677.honggfuzz.cov b/examples/bind/corpus/a1eb1ef4cb3878b4a5ea20e2d32fd8b2.0000e677.honggfuzz.cov new file mode 100644 index 00000000..5c984296 Binary files /dev/null and b/examples/bind/corpus/a1eb1ef4cb3878b4a5ea20e2d32fd8b2.0000e677.honggfuzz.cov differ diff --git a/examples/bind/corpus/a218eaf03d52bdc99714fc6e3c1d873a.0000004a.honggfuzz.cov b/examples/bind/corpus/a218eaf03d52bdc99714fc6e3c1d873a.0000004a.honggfuzz.cov new file mode 100644 index 00000000..cd46cb7f Binary files /dev/null and b/examples/bind/corpus/a218eaf03d52bdc99714fc6e3c1d873a.0000004a.honggfuzz.cov differ diff --git a/examples/bind/corpus/a21ab4fcfd1df76ebdeedba8141b86f0.0000091b.honggfuzz.cov b/examples/bind/corpus/a21ab4fcfd1df76ebdeedba8141b86f0.0000091b.honggfuzz.cov deleted file mode 100644 index b422381a..00000000 Binary files a/examples/bind/corpus/a21ab4fcfd1df76ebdeedba8141b86f0.0000091b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a2478dc41862a398b452010f3138e9f2.000146cd.honggfuzz.cov b/examples/bind/corpus/a2478dc41862a398b452010f3138e9f2.000146cd.honggfuzz.cov deleted file mode 100644 index 528bce6e..00000000 Binary files a/examples/bind/corpus/a2478dc41862a398b452010f3138e9f2.000146cd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a2500d2cc00127a1069205e74da35ba4.00000c65.honggfuzz.cov b/examples/bind/corpus/a2500d2cc00127a1069205e74da35ba4.00000c65.honggfuzz.cov deleted file mode 100644 index aa2cca32..00000000 Binary files a/examples/bind/corpus/a2500d2cc00127a1069205e74da35ba4.00000c65.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a2674df5950d8893695d45a1ad2a4ee5.0001faa6.honggfuzz.cov b/examples/bind/corpus/a2674df5950d8893695d45a1ad2a4ee5.0001faa6.honggfuzz.cov deleted file mode 100644 index d7d818f5..00000000 Binary files a/examples/bind/corpus/a2674df5950d8893695d45a1ad2a4ee5.0001faa6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a27de21a5f1bf603384b86868ad94b99.00000085.honggfuzz.cov b/examples/bind/corpus/a27de21a5f1bf603384b86868ad94b99.00000085.honggfuzz.cov new file mode 100644 index 00000000..bc6c17d0 Binary files /dev/null and b/examples/bind/corpus/a27de21a5f1bf603384b86868ad94b99.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/a27de2d99c1bf603382416798ad94b66.00000085.honggfuzz.cov b/examples/bind/corpus/a27de2d99c1bf603382416798ad94b66.00000085.honggfuzz.cov deleted file mode 100644 index 4cf59e43..00000000 Binary files a/examples/bind/corpus/a27de2d99c1bf603382416798ad94b66.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a28dd48e076c397c9f80b1e46a2f56a4.0000038d.honggfuzz.cov b/examples/bind/corpus/a28dd48e076c397c9f80b1e46a2f56a4.0000038d.honggfuzz.cov new file mode 100644 index 00000000..0eb25090 Binary files /dev/null and b/examples/bind/corpus/a28dd48e076c397c9f80b1e46a2f56a4.0000038d.honggfuzz.cov differ diff --git a/examples/bind/corpus/a295f1f5b014f447a9779dc0f4864919.0000039a.honggfuzz.cov b/examples/bind/corpus/a295f1f5b014f447a9779dc0f4864919.0000039a.honggfuzz.cov deleted file mode 100644 index c87450b2..00000000 Binary files a/examples/bind/corpus/a295f1f5b014f447a9779dc0f4864919.0000039a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a2aab994608af2bf5489d548eef4060c.00000129.honggfuzz.cov b/examples/bind/corpus/a2aab994608af2bf5489d548eef4060c.00000129.honggfuzz.cov new file mode 100644 index 00000000..504b3672 Binary files /dev/null and b/examples/bind/corpus/a2aab994608af2bf5489d548eef4060c.00000129.honggfuzz.cov differ diff --git a/examples/bind/corpus/a2ad737b4dc154113190625af3156a82.0000027d.honggfuzz.cov b/examples/bind/corpus/a2ad737b4dc154113190625af3156a82.0000027d.honggfuzz.cov deleted file mode 100644 index 155de39e..00000000 Binary files a/examples/bind/corpus/a2ad737b4dc154113190625af3156a82.0000027d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a30aa9018c5a82ee603fcc52078f8d9d.000000b6.honggfuzz.cov b/examples/bind/corpus/a30aa9018c5a82ee603fcc52078f8d9d.000000b6.honggfuzz.cov new file mode 100644 index 00000000..bc030281 Binary files /dev/null and b/examples/bind/corpus/a30aa9018c5a82ee603fcc52078f8d9d.000000b6.honggfuzz.cov differ diff --git a/examples/bind/corpus/a30bb686fd4486a146823e3d26ec1c49.00000034.honggfuzz.cov b/examples/bind/corpus/a30bb686fd4486a146823e3d26ec1c49.00000034.honggfuzz.cov new file mode 100644 index 00000000..8444fd3f Binary files /dev/null and b/examples/bind/corpus/a30bb686fd4486a146823e3d26ec1c49.00000034.honggfuzz.cov differ diff --git a/examples/bind/corpus/a368730ae32b007c7c225eaa02f02c19.0001cbf4.honggfuzz.cov b/examples/bind/corpus/a368730ae32b007c7c225eaa02f02c19.0001cbf4.honggfuzz.cov deleted file mode 100644 index 4af51cdf..00000000 Binary files a/examples/bind/corpus/a368730ae32b007c7c225eaa02f02c19.0001cbf4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a37d30a1e40b96e849837eff7d004256.0000008f.honggfuzz.cov b/examples/bind/corpus/a37d30a1e40b96e849837eff7d004256.0000008f.honggfuzz.cov new file mode 100644 index 00000000..1e1cb014 Binary files /dev/null and b/examples/bind/corpus/a37d30a1e40b96e849837eff7d004256.0000008f.honggfuzz.cov differ diff --git a/examples/bind/corpus/a39096d84a4bae6024247360f3dc8d65.00000085.honggfuzz.cov b/examples/bind/corpus/a39096d84a4bae6024247360f3dc8d65.00000085.honggfuzz.cov deleted file mode 100644 index 2087e57e..00000000 Binary files a/examples/bind/corpus/a39096d84a4bae6024247360f3dc8d65.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a39103ac907c84180fe232380200ef78.00000265.honggfuzz.cov b/examples/bind/corpus/a39103ac907c84180fe232380200ef78.00000265.honggfuzz.cov deleted file mode 100644 index b62df865..00000000 Binary files a/examples/bind/corpus/a39103ac907c84180fe232380200ef78.00000265.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a396036e2df89b92c5d4cf77ec98c9d6.00000080.honggfuzz.cov b/examples/bind/corpus/a396036e2df89b92c5d4cf77ec98c9d6.00000080.honggfuzz.cov deleted file mode 100644 index d90a8e00..00000000 Binary files a/examples/bind/corpus/a396036e2df89b92c5d4cf77ec98c9d6.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a3a1464b15e2eb82eda192d71e1410c4.000000f9.honggfuzz.cov b/examples/bind/corpus/a3a1464b15e2eb82eda192d71e1410c4.000000f9.honggfuzz.cov deleted file mode 100644 index 66881b2f..00000000 Binary files a/examples/bind/corpus/a3a1464b15e2eb82eda192d71e1410c4.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a3b0695ea153abb52e242c78714783a5.00000037.honggfuzz.cov b/examples/bind/corpus/a3b0695ea153abb52e242c78714783a5.00000037.honggfuzz.cov deleted file mode 100644 index d33737e1..00000000 Binary files a/examples/bind/corpus/a3b0695ea153abb52e242c78714783a5.00000037.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a3b95d2384c4caf67052e0d235e3e134.0000022b.honggfuzz.cov b/examples/bind/corpus/a3b95d2384c4caf67052e0d235e3e134.0000022b.honggfuzz.cov deleted file mode 100644 index faf406f2..00000000 Binary files a/examples/bind/corpus/a3b95d2384c4caf67052e0d235e3e134.0000022b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a3cbc25a58020f7195782b4a320bacc0.00000085.honggfuzz.cov b/examples/bind/corpus/a3cbc25a58020f7195782b4a320bacc0.00000085.honggfuzz.cov deleted file mode 100644 index 1effeb05..00000000 Binary files a/examples/bind/corpus/a3cbc25a58020f7195782b4a320bacc0.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a3e4f043460f6fc163d5574b59368a54.00000ccd.honggfuzz.cov b/examples/bind/corpus/a3e4f043460f6fc163d5574b59368a54.00000ccd.honggfuzz.cov new file mode 100644 index 00000000..d759890d Binary files /dev/null and b/examples/bind/corpus/a3e4f043460f6fc163d5574b59368a54.00000ccd.honggfuzz.cov differ diff --git a/examples/bind/corpus/a41a8d129540fd864ecee210b7eabecc.0000005c.honggfuzz.cov b/examples/bind/corpus/a41a8d129540fd864ecee210b7eabecc.0000005c.honggfuzz.cov deleted file mode 100644 index f8ccafd6..00000000 Binary files a/examples/bind/corpus/a41a8d129540fd864ecee210b7eabecc.0000005c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a420205bfc05635b8f76c4bfb897e0b5.00077ae3.honggfuzz.cov b/examples/bind/corpus/a420205bfc05635b8f76c4bfb897e0b5.00077ae3.honggfuzz.cov deleted file mode 100644 index 0bff4cfb..00000000 Binary files a/examples/bind/corpus/a420205bfc05635b8f76c4bfb897e0b5.00077ae3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a43d8db1fba63fe82d616271044ac3f9.000000c8.honggfuzz.cov b/examples/bind/corpus/a43d8db1fba63fe82d616271044ac3f9.000000c8.honggfuzz.cov new file mode 100644 index 00000000..db844e0c Binary files /dev/null and b/examples/bind/corpus/a43d8db1fba63fe82d616271044ac3f9.000000c8.honggfuzz.cov differ diff --git a/examples/bind/corpus/a447d6a5b5fee2161c53f3c543605b91.00020000.honggfuzz.cov b/examples/bind/corpus/a447d6a5b5fee2161c53f3c543605b91.00020000.honggfuzz.cov deleted file mode 100644 index 8590528a..00000000 Binary files a/examples/bind/corpus/a447d6a5b5fee2161c53f3c543605b91.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a458764f01f4960bdd1eaf8e7a82e8c8.00000080.honggfuzz.cov b/examples/bind/corpus/a458764f01f4960bdd1eaf8e7a82e8c8.00000080.honggfuzz.cov deleted file mode 100644 index bb82d3a8..00000000 Binary files a/examples/bind/corpus/a458764f01f4960bdd1eaf8e7a82e8c8.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a49840d13ead8df3426e4ef739c9e7a8.000105b8.honggfuzz.cov b/examples/bind/corpus/a49840d13ead8df3426e4ef739c9e7a8.000105b8.honggfuzz.cov new file mode 100644 index 00000000..1170b1e1 Binary files /dev/null and b/examples/bind/corpus/a49840d13ead8df3426e4ef739c9e7a8.000105b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/a4b817770dec3e7122dbff082f104d87.00000080.honggfuzz.cov b/examples/bind/corpus/a4b817770dec3e7122dbff082f104d87.00000080.honggfuzz.cov deleted file mode 100644 index 7732254e..00000000 Binary files a/examples/bind/corpus/a4b817770dec3e7122dbff082f104d87.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a4be738f467b6310ef59a2bbb7cd9bb1.00000087.honggfuzz.cov b/examples/bind/corpus/a4be738f467b6310ef59a2bbb7cd9bb1.00000087.honggfuzz.cov deleted file mode 100644 index 7ced81b2..00000000 Binary files a/examples/bind/corpus/a4be738f467b6310ef59a2bbb7cd9bb1.00000087.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a4d1e1f6b7cd8cb755916ee8392cfdfe.0000a1cf.honggfuzz.cov b/examples/bind/corpus/a4d1e1f6b7cd8cb755916ee8392cfdfe.0000a1cf.honggfuzz.cov new file mode 100644 index 00000000..13eb9fba Binary files /dev/null and b/examples/bind/corpus/a4d1e1f6b7cd8cb755916ee8392cfdfe.0000a1cf.honggfuzz.cov differ diff --git a/examples/bind/corpus/a505871ca6e39a5932ce36bd02b710e4.00000a33.honggfuzz.cov b/examples/bind/corpus/a505871ca6e39a5932ce36bd02b710e4.00000a33.honggfuzz.cov deleted file mode 100644 index 80b44ba0..00000000 Binary files a/examples/bind/corpus/a505871ca6e39a5932ce36bd02b710e4.00000a33.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a5115545071862e7883e1de4a819e1fa.000016f9.honggfuzz.cov b/examples/bind/corpus/a5115545071862e7883e1de4a819e1fa.000016f9.honggfuzz.cov deleted file mode 100644 index c175a65e..00000000 Binary files a/examples/bind/corpus/a5115545071862e7883e1de4a819e1fa.000016f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a52598fa080ac273d85c4b924f4d9a30.000101d0.honggfuzz.cov b/examples/bind/corpus/a52598fa080ac273d85c4b924f4d9a30.000101d0.honggfuzz.cov new file mode 100644 index 00000000..eeed3c2e Binary files /dev/null and b/examples/bind/corpus/a52598fa080ac273d85c4b924f4d9a30.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/a5283a4da91168704315144e987010b4.000001c7.honggfuzz.cov b/examples/bind/corpus/a5283a4da91168704315144e987010b4.000001c7.honggfuzz.cov deleted file mode 100644 index 3240c848..00000000 Binary files a/examples/bind/corpus/a5283a4da91168704315144e987010b4.000001c7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a53dd5705a8e9999204b6f5c95f1a25b.0001f7e8.honggfuzz.cov b/examples/bind/corpus/a53dd5705a8e9999204b6f5c95f1a25b.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..94435309 Binary files /dev/null and b/examples/bind/corpus/a53dd5705a8e9999204b6f5c95f1a25b.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/a5426273edde37853cb6c497ca8b49f2.000001e2.honggfuzz.cov b/examples/bind/corpus/a5426273edde37853cb6c497ca8b49f2.000001e2.honggfuzz.cov deleted file mode 100644 index 164716ec..00000000 Binary files a/examples/bind/corpus/a5426273edde37853cb6c497ca8b49f2.000001e2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a55e114d451292f77b58fa70a4b26584.000006ae.honggfuzz.cov b/examples/bind/corpus/a55e114d451292f77b58fa70a4b26584.000006ae.honggfuzz.cov deleted file mode 100644 index 1d31cb47..00000000 --- a/examples/bind/corpus/a55e114d451292f77b58fa70a4b26584.000006ae.honggfuzz.cov +++ /dev/null @@ -1 +0,0 @@ -8293560290375332107ê•_________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ \ No newline at end of file diff --git a/examples/bind/corpus/a56e56f0dd6f5b8543d1587201b2b0fc.0000af89.honggfuzz.cov b/examples/bind/corpus/a56e56f0dd6f5b8543d1587201b2b0fc.0000af89.honggfuzz.cov deleted file mode 100644 index 0f96acff..00000000 Binary files a/examples/bind/corpus/a56e56f0dd6f5b8543d1587201b2b0fc.0000af89.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a57bfd6d3b3dc89b3b101275a61d4a1d.0000078f.honggfuzz.cov b/examples/bind/corpus/a57bfd6d3b3dc89b3b101275a61d4a1d.0000078f.honggfuzz.cov deleted file mode 100644 index ca3caac0..00000000 Binary files a/examples/bind/corpus/a57bfd6d3b3dc89b3b101275a61d4a1d.0000078f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a58239d169c09338a9daabdd9c18b054.0000e3cf.honggfuzz.cov b/examples/bind/corpus/a58239d169c09338a9daabdd9c18b054.0000e3cf.honggfuzz.cov deleted file mode 100644 index 3ca29716..00000000 Binary files a/examples/bind/corpus/a58239d169c09338a9daabdd9c18b054.0000e3cf.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a58a657e175b46ee07fe21bdc9499348.000000de.honggfuzz.cov b/examples/bind/corpus/a58a657e175b46ee07fe21bdc9499348.000000de.honggfuzz.cov deleted file mode 100644 index 243aa440..00000000 Binary files a/examples/bind/corpus/a58a657e175b46ee07fe21bdc9499348.000000de.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a598482c6a8fd55ddca9e1b2cd29de1d.00000080.honggfuzz.cov b/examples/bind/corpus/a598482c6a8fd55ddca9e1b2cd29de1d.00000080.honggfuzz.cov deleted file mode 100644 index 1fba07ee..00000000 Binary files a/examples/bind/corpus/a598482c6a8fd55ddca9e1b2cd29de1d.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a59dae3fdd5f4efaa50456bf9cd53617.000000a6.honggfuzz.cov b/examples/bind/corpus/a59dae3fdd5f4efaa50456bf9cd53617.000000a6.honggfuzz.cov deleted file mode 100644 index 81b1c2c1..00000000 Binary files a/examples/bind/corpus/a59dae3fdd5f4efaa50456bf9cd53617.000000a6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a5a23430a5d3043b151e8504cfe3c460.0000007c.honggfuzz.cov b/examples/bind/corpus/a5a23430a5d3043b151e8504cfe3c460.0000007c.honggfuzz.cov deleted file mode 100644 index 8f97145e..00000000 Binary files a/examples/bind/corpus/a5a23430a5d3043b151e8504cfe3c460.0000007c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a5a32f65f8b007f5e39f886cb69dab05.000004d9.honggfuzz.cov b/examples/bind/corpus/a5a32f65f8b007f5e39f886cb69dab05.000004d9.honggfuzz.cov deleted file mode 100644 index 5bc3a66a..00000000 Binary files a/examples/bind/corpus/a5a32f65f8b007f5e39f886cb69dab05.000004d9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a5c2dadffe3493ac1cfc7355d46a822e.0000defe.honggfuzz.cov b/examples/bind/corpus/a5c2dadffe3493ac1cfc7355d46a822e.0000defe.honggfuzz.cov deleted file mode 100644 index f789e1d5..00000000 Binary files a/examples/bind/corpus/a5c2dadffe3493ac1cfc7355d46a822e.0000defe.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a5d94ae45c6bb41b65829f8ce97e9b57.0000001f.honggfuzz.cov b/examples/bind/corpus/a5d94ae45c6bb41b65829f8ce97e9b57.0000001f.honggfuzz.cov deleted file mode 100644 index 1760d2b5..00000000 Binary files a/examples/bind/corpus/a5d94ae45c6bb41b65829f8ce97e9b57.0000001f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a5f197b3d4133241aa806b8ed44d2722.00000052.honggfuzz.cov b/examples/bind/corpus/a5f197b3d4133241aa806b8ed44d2722.00000052.honggfuzz.cov deleted file mode 100644 index f3825af7..00000000 Binary files a/examples/bind/corpus/a5f197b3d4133241aa806b8ed44d2722.00000052.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a5fca21fbdb995841a928321c1bedaaf.00000ba2.honggfuzz.cov b/examples/bind/corpus/a5fca21fbdb995841a928321c1bedaaf.00000ba2.honggfuzz.cov deleted file mode 100644 index 8bffbafb..00000000 Binary files a/examples/bind/corpus/a5fca21fbdb995841a928321c1bedaaf.00000ba2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a610357e5defd3a841866495d2b5c99e.00000453.honggfuzz.cov b/examples/bind/corpus/a610357e5defd3a841866495d2b5c99e.00000453.honggfuzz.cov deleted file mode 100644 index 89d2b5b0..00000000 Binary files a/examples/bind/corpus/a610357e5defd3a841866495d2b5c99e.00000453.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a61895c9c6c382f2c17b7482029244cc.00000085.honggfuzz.cov b/examples/bind/corpus/a61895c9c6c382f2c17b7482029244cc.00000085.honggfuzz.cov deleted file mode 100644 index 61cf3e50..00000000 Binary files a/examples/bind/corpus/a61895c9c6c382f2c17b7482029244cc.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a631ade9db3696c322cbaf0a6a0940a6.0001f7e8.honggfuzz.cov b/examples/bind/corpus/a631ade9db3696c322cbaf0a6a0940a6.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..982eaf2d Binary files /dev/null and b/examples/bind/corpus/a631ade9db3696c322cbaf0a6a0940a6.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/a63df3bb99f5c2cb19be95b7799e16ba.000000f9.honggfuzz.cov b/examples/bind/corpus/a63df3bb99f5c2cb19be95b7799e16ba.000000f9.honggfuzz.cov deleted file mode 100644 index 7e9cd481..00000000 Binary files a/examples/bind/corpus/a63df3bb99f5c2cb19be95b7799e16ba.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a64afb79517c53037a2590c8477683fc.00000400.honggfuzz.cov b/examples/bind/corpus/a64afb79517c53037a2590c8477683fc.00000400.honggfuzz.cov deleted file mode 100644 index e829f769..00000000 Binary files a/examples/bind/corpus/a64afb79517c53037a2590c8477683fc.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a658748d5c8f230abf863aae3abc14e2.00000034.honggfuzz.cov b/examples/bind/corpus/a658748d5c8f230abf863aae3abc14e2.00000034.honggfuzz.cov deleted file mode 100644 index 022c0889..00000000 Binary files a/examples/bind/corpus/a658748d5c8f230abf863aae3abc14e2.00000034.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a65d2060631e85d9ec6f3e1dac46622e.00000240.honggfuzz.cov b/examples/bind/corpus/a65d2060631e85d9ec6f3e1dac46622e.00000240.honggfuzz.cov deleted file mode 100644 index 901e3c84..00000000 Binary files a/examples/bind/corpus/a65d2060631e85d9ec6f3e1dac46622e.00000240.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a66577018755d91bbcfa61606e1f5e36.000002a4.honggfuzz.cov b/examples/bind/corpus/a66577018755d91bbcfa61606e1f5e36.000002a4.honggfuzz.cov deleted file mode 100644 index b1557403..00000000 Binary files a/examples/bind/corpus/a66577018755d91bbcfa61606e1f5e36.000002a4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a67e3770f800997332041141a4329b0b.00000196.honggfuzz.cov b/examples/bind/corpus/a67e3770f800997332041141a4329b0b.00000196.honggfuzz.cov deleted file mode 100644 index a0462437..00000000 Binary files a/examples/bind/corpus/a67e3770f800997332041141a4329b0b.00000196.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a68ad5b18102f37035a2e6afe93452b2.00000085.honggfuzz.cov b/examples/bind/corpus/a68ad5b18102f37035a2e6afe93452b2.00000085.honggfuzz.cov new file mode 100644 index 00000000..6e633c7b Binary files /dev/null and b/examples/bind/corpus/a68ad5b18102f37035a2e6afe93452b2.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/a6a6998c9e976fb5c6ed6d139041ac87.00000085.honggfuzz.cov b/examples/bind/corpus/a6a6998c9e976fb5c6ed6d139041ac87.00000085.honggfuzz.cov deleted file mode 100644 index 19d01687..00000000 Binary files a/examples/bind/corpus/a6a6998c9e976fb5c6ed6d139041ac87.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a6b187dfe85db0f2010180b1c537830c.0000002d.honggfuzz.cov b/examples/bind/corpus/a6b187dfe85db0f2010180b1c537830c.0000002d.honggfuzz.cov new file mode 100644 index 00000000..43b1e9db Binary files /dev/null and b/examples/bind/corpus/a6b187dfe85db0f2010180b1c537830c.0000002d.honggfuzz.cov differ diff --git a/examples/bind/corpus/a6c01abe721cb324d2a91528b9efce6b.00002dd8.honggfuzz.cov b/examples/bind/corpus/a6c01abe721cb324d2a91528b9efce6b.00002dd8.honggfuzz.cov deleted file mode 100644 index 9cbbcafd..00000000 Binary files a/examples/bind/corpus/a6c01abe721cb324d2a91528b9efce6b.00002dd8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a6c3d8df4164270433e188b786ea91af.00000288.honggfuzz.cov b/examples/bind/corpus/a6c3d8df4164270433e188b786ea91af.00000288.honggfuzz.cov deleted file mode 100644 index cba251fd..00000000 Binary files a/examples/bind/corpus/a6c3d8df4164270433e188b786ea91af.00000288.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a6c7220bd01ebf7bf13306803ecbb380.00000085.honggfuzz.cov b/examples/bind/corpus/a6c7220bd01ebf7bf13306803ecbb380.00000085.honggfuzz.cov deleted file mode 100644 index b17ffa53..00000000 Binary files a/examples/bind/corpus/a6c7220bd01ebf7bf13306803ecbb380.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a6ca292a4e976fb599b92f9b5c5ac131.00000085.honggfuzz.cov b/examples/bind/corpus/a6ca292a4e976fb599b92f9b5c5ac131.00000085.honggfuzz.cov deleted file mode 100644 index 6ea11601..00000000 Binary files a/examples/bind/corpus/a6ca292a4e976fb599b92f9b5c5ac131.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a6d3ee1b52778c6a405b8efecb8dc1fc.00000081.honggfuzz.cov b/examples/bind/corpus/a6d3ee1b52778c6a405b8efecb8dc1fc.00000081.honggfuzz.cov deleted file mode 100644 index c2e15ff7..00000000 Binary files a/examples/bind/corpus/a6d3ee1b52778c6a405b8efecb8dc1fc.00000081.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a6dcad3dc8f7a87be53324228917b388.00000085.honggfuzz.cov b/examples/bind/corpus/a6dcad3dc8f7a87be53324228917b388.00000085.honggfuzz.cov deleted file mode 100644 index 0217eec4..00000000 Binary files a/examples/bind/corpus/a6dcad3dc8f7a87be53324228917b388.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a6eaac560ae42f6b88320055613c9090.00000088.honggfuzz.cov b/examples/bind/corpus/a6eaac560ae42f6b88320055613c9090.00000088.honggfuzz.cov deleted file mode 100644 index 481e4fa2..00000000 Binary files a/examples/bind/corpus/a6eaac560ae42f6b88320055613c9090.00000088.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a6fc1a74a50ec5ebd50d14bc5e0b2505.00003524.honggfuzz.cov b/examples/bind/corpus/a6fc1a74a50ec5ebd50d14bc5e0b2505.00003524.honggfuzz.cov new file mode 100644 index 00000000..2365c15c Binary files /dev/null and b/examples/bind/corpus/a6fc1a74a50ec5ebd50d14bc5e0b2505.00003524.honggfuzz.cov differ diff --git a/examples/bind/corpus/a6ff1f67a217672f66f788892796d94d.000000f9.honggfuzz.cov b/examples/bind/corpus/a6ff1f67a217672f66f788892796d94d.000000f9.honggfuzz.cov deleted file mode 100644 index 3240c25a..00000000 Binary files a/examples/bind/corpus/a6ff1f67a217672f66f788892796d94d.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a7015e0a1783fe9a0e90efcfe9a68fc4.00013860.honggfuzz.cov b/examples/bind/corpus/a7015e0a1783fe9a0e90efcfe9a68fc4.00013860.honggfuzz.cov deleted file mode 100644 index d821206b..00000000 Binary files a/examples/bind/corpus/a7015e0a1783fe9a0e90efcfe9a68fc4.00013860.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a70b754f4c26b71510f1f726b656e37d.00000332.honggfuzz.cov b/examples/bind/corpus/a70b754f4c26b71510f1f726b656e37d.00000332.honggfuzz.cov new file mode 100644 index 00000000..22c094ac Binary files /dev/null and b/examples/bind/corpus/a70b754f4c26b71510f1f726b656e37d.00000332.honggfuzz.cov differ diff --git a/examples/bind/corpus/a7151905aed9969e7950c50906efe939.000000f9.honggfuzz.cov b/examples/bind/corpus/a7151905aed9969e7950c50906efe939.000000f9.honggfuzz.cov deleted file mode 100644 index 8275f5dc..00000000 Binary files a/examples/bind/corpus/a7151905aed9969e7950c50906efe939.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a72882564b37eaa40d5ac0fd3bc8457e.0000010f.honggfuzz.cov b/examples/bind/corpus/a72882564b37eaa40d5ac0fd3bc8457e.0000010f.honggfuzz.cov new file mode 100644 index 00000000..e928a2ac Binary files /dev/null and b/examples/bind/corpus/a72882564b37eaa40d5ac0fd3bc8457e.0000010f.honggfuzz.cov differ diff --git a/examples/bind/corpus/a72999a201d54a41cd00a8e8ecc2dbc0.000004f2.honggfuzz.cov b/examples/bind/corpus/a72999a201d54a41cd00a8e8ecc2dbc0.000004f2.honggfuzz.cov deleted file mode 100644 index e817a52b..00000000 Binary files a/examples/bind/corpus/a72999a201d54a41cd00a8e8ecc2dbc0.000004f2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a779de6ae19f3b4535b47ace604dc1d3.000002cf.honggfuzz.cov b/examples/bind/corpus/a779de6ae19f3b4535b47ace604dc1d3.000002cf.honggfuzz.cov new file mode 100644 index 00000000..f1f679bd Binary files /dev/null and b/examples/bind/corpus/a779de6ae19f3b4535b47ace604dc1d3.000002cf.honggfuzz.cov differ diff --git a/examples/bind/corpus/a77b457a922809bd9e8b0302999817b4.000002cb.honggfuzz.cov b/examples/bind/corpus/a77b457a922809bd9e8b0302999817b4.000002cb.honggfuzz.cov deleted file mode 100644 index e68df278..00000000 Binary files a/examples/bind/corpus/a77b457a922809bd9e8b0302999817b4.000002cb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a7804bde94f160360d94aec807d3cd47.00000080.honggfuzz.cov b/examples/bind/corpus/a7804bde94f160360d94aec807d3cd47.00000080.honggfuzz.cov new file mode 100644 index 00000000..a05d8a94 Binary files /dev/null and b/examples/bind/corpus/a7804bde94f160360d94aec807d3cd47.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/a788e0a83f2f5a4f76f1b047b0ce11ae.000000f9.honggfuzz.cov b/examples/bind/corpus/a788e0a83f2f5a4f76f1b047b0ce11ae.000000f9.honggfuzz.cov deleted file mode 100644 index df56d898..00000000 Binary files a/examples/bind/corpus/a788e0a83f2f5a4f76f1b047b0ce11ae.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a790b65b5d7db4ffe35862899942f29f.00000085.honggfuzz.cov b/examples/bind/corpus/a790b65b5d7db4ffe35862899942f29f.00000085.honggfuzz.cov new file mode 100644 index 00000000..94cfe0e2 Binary files /dev/null and b/examples/bind/corpus/a790b65b5d7db4ffe35862899942f29f.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/a7a2ea92f0b1c67308782d63de9772bb.000000f9.honggfuzz.cov b/examples/bind/corpus/a7a2ea92f0b1c67308782d63de9772bb.000000f9.honggfuzz.cov deleted file mode 100644 index 4f0822e7..00000000 Binary files a/examples/bind/corpus/a7a2ea92f0b1c67308782d63de9772bb.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a7a5f7cce6883b33969187d85c26173f.0000022b.honggfuzz.cov b/examples/bind/corpus/a7a5f7cce6883b33969187d85c26173f.0000022b.honggfuzz.cov new file mode 100644 index 00000000..4ed07e19 Binary files /dev/null and b/examples/bind/corpus/a7a5f7cce6883b33969187d85c26173f.0000022b.honggfuzz.cov differ diff --git a/examples/bind/corpus/a7af60674dc6f87b21f5dc3cf7f1388a.0001f7e8.honggfuzz.cov b/examples/bind/corpus/a7af60674dc6f87b21f5dc3cf7f1388a.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..4e52c87b Binary files /dev/null and b/examples/bind/corpus/a7af60674dc6f87b21f5dc3cf7f1388a.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/a7f2706707e9002b414f56a851207576.00000020.honggfuzz.cov b/examples/bind/corpus/a7f2706707e9002b414f56a851207576.00000020.honggfuzz.cov deleted file mode 100644 index 83968e57..00000000 Binary files a/examples/bind/corpus/a7f2706707e9002b414f56a851207576.00000020.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a811228134c06b9470e53e480bbda078.00000086.honggfuzz.cov b/examples/bind/corpus/a811228134c06b9470e53e480bbda078.00000086.honggfuzz.cov new file mode 100644 index 00000000..bea4d1c2 Binary files /dev/null and b/examples/bind/corpus/a811228134c06b9470e53e480bbda078.00000086.honggfuzz.cov differ diff --git a/examples/bind/corpus/a863beadd76ad4cf421f6c96ff64755b.0000008f.honggfuzz.cov b/examples/bind/corpus/a863beadd76ad4cf421f6c96ff64755b.0000008f.honggfuzz.cov deleted file mode 100644 index fbcfeffa..00000000 Binary files a/examples/bind/corpus/a863beadd76ad4cf421f6c96ff64755b.0000008f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a888404ceba1714ed169b15f76808e29.00000085.honggfuzz.cov b/examples/bind/corpus/a888404ceba1714ed169b15f76808e29.00000085.honggfuzz.cov new file mode 100644 index 00000000..06018afd Binary files /dev/null and b/examples/bind/corpus/a888404ceba1714ed169b15f76808e29.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/a895de393abbacc72d9c252f08da804c.00000444.honggfuzz.cov b/examples/bind/corpus/a895de393abbacc72d9c252f08da804c.00000444.honggfuzz.cov new file mode 100644 index 00000000..7624c337 Binary files /dev/null and b/examples/bind/corpus/a895de393abbacc72d9c252f08da804c.00000444.honggfuzz.cov differ diff --git a/examples/bind/corpus/a896f9b5d5be3f2212888209e65973fa.00000414.honggfuzz.cov b/examples/bind/corpus/a896f9b5d5be3f2212888209e65973fa.00000414.honggfuzz.cov deleted file mode 100644 index 5b3d6195..00000000 Binary files a/examples/bind/corpus/a896f9b5d5be3f2212888209e65973fa.00000414.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a8a2f3cc6f8554bbd541113af1d49ff3.000019cb.honggfuzz.cov b/examples/bind/corpus/a8a2f3cc6f8554bbd541113af1d49ff3.000019cb.honggfuzz.cov new file mode 100644 index 00000000..b780ba3d Binary files /dev/null and b/examples/bind/corpus/a8a2f3cc6f8554bbd541113af1d49ff3.000019cb.honggfuzz.cov differ diff --git a/examples/bind/corpus/a8ab13c0eba0b148488ee20bce7525f5.000012a3.honggfuzz.cov b/examples/bind/corpus/a8ab13c0eba0b148488ee20bce7525f5.000012a3.honggfuzz.cov new file mode 100644 index 00000000..67d189ac Binary files /dev/null and b/examples/bind/corpus/a8ab13c0eba0b148488ee20bce7525f5.000012a3.honggfuzz.cov differ diff --git a/examples/bind/corpus/a8c31953481fdbed7c58939f3aeae057.000002a7.honggfuzz.cov b/examples/bind/corpus/a8c31953481fdbed7c58939f3aeae057.000002a7.honggfuzz.cov new file mode 100644 index 00000000..7017f5a6 Binary files /dev/null and b/examples/bind/corpus/a8c31953481fdbed7c58939f3aeae057.000002a7.honggfuzz.cov differ diff --git a/examples/bind/corpus/a8d956d999eb81f82d8cebf2b62ac61d.0001153e.honggfuzz.cov b/examples/bind/corpus/a8d956d999eb81f82d8cebf2b62ac61d.0001153e.honggfuzz.cov deleted file mode 100644 index 3fa4a238..00000000 Binary files a/examples/bind/corpus/a8d956d999eb81f82d8cebf2b62ac61d.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a8fa5d8658338a6d17af6ffc2dbd1aff.000000f9.honggfuzz.cov b/examples/bind/corpus/a8fa5d8658338a6d17af6ffc2dbd1aff.000000f9.honggfuzz.cov new file mode 100644 index 00000000..63efe697 Binary files /dev/null and b/examples/bind/corpus/a8fa5d8658338a6d17af6ffc2dbd1aff.000000f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/a8fabfc01d808ac82d0820f845e0d314.00000113.honggfuzz.cov b/examples/bind/corpus/a8fabfc01d808ac82d0820f845e0d314.00000113.honggfuzz.cov new file mode 100644 index 00000000..1b9696a3 Binary files /dev/null and b/examples/bind/corpus/a8fabfc01d808ac82d0820f845e0d314.00000113.honggfuzz.cov differ diff --git a/examples/bind/corpus/a905d0ce390511287f3ec06196d75a25.00001fcd.honggfuzz.cov b/examples/bind/corpus/a905d0ce390511287f3ec06196d75a25.00001fcd.honggfuzz.cov new file mode 100644 index 00000000..102cb77a Binary files /dev/null and b/examples/bind/corpus/a905d0ce390511287f3ec06196d75a25.00001fcd.honggfuzz.cov differ diff --git a/examples/bind/corpus/a918ba6fb91d456b30f82f33e13a1714.000148c5.honggfuzz.cov b/examples/bind/corpus/a918ba6fb91d456b30f82f33e13a1714.000148c5.honggfuzz.cov new file mode 100644 index 00000000..258a4835 Binary files /dev/null and b/examples/bind/corpus/a918ba6fb91d456b30f82f33e13a1714.000148c5.honggfuzz.cov differ diff --git a/examples/bind/corpus/a940a0127e6a311a0390ab5588b1d292.0000ffff.honggfuzz.cov b/examples/bind/corpus/a940a0127e6a311a0390ab5588b1d292.0000ffff.honggfuzz.cov new file mode 100644 index 00000000..fd9dcc7e Binary files /dev/null and b/examples/bind/corpus/a940a0127e6a311a0390ab5588b1d292.0000ffff.honggfuzz.cov differ diff --git a/examples/bind/corpus/a9984ae5ff1ed4052f5795fc6ec23e9b.000713ab.honggfuzz.cov b/examples/bind/corpus/a9984ae5ff1ed4052f5795fc6ec23e9b.000713ab.honggfuzz.cov deleted file mode 100644 index 2797e790..00000000 Binary files a/examples/bind/corpus/a9984ae5ff1ed4052f5795fc6ec23e9b.000713ab.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a9b5da3ce23c478b6bcbbd69369365b7.00000023.honggfuzz.cov b/examples/bind/corpus/a9b5da3ce23c478b6bcbbd69369365b7.00000023.honggfuzz.cov deleted file mode 100644 index 11ccf91f..00000000 Binary files a/examples/bind/corpus/a9b5da3ce23c478b6bcbbd69369365b7.00000023.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a9c6d511aa1e76e2d50c59c697d90662.000007bb.honggfuzz.cov b/examples/bind/corpus/a9c6d511aa1e76e2d50c59c697d90662.000007bb.honggfuzz.cov deleted file mode 100644 index 901c0f5a..00000000 Binary files a/examples/bind/corpus/a9c6d511aa1e76e2d50c59c697d90662.000007bb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a9d5b0468ba4cedc3c657abaed85e4fc.00000085.honggfuzz.cov b/examples/bind/corpus/a9d5b0468ba4cedc3c657abaed85e4fc.00000085.honggfuzz.cov new file mode 100644 index 00000000..b367cf86 Binary files /dev/null and b/examples/bind/corpus/a9d5b0468ba4cedc3c657abaed85e4fc.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/a9ee91da097b35b234247ae8760d653d.00000085.honggfuzz.cov b/examples/bind/corpus/a9ee91da097b35b234247ae8760d653d.00000085.honggfuzz.cov deleted file mode 100644 index fa97cf45..00000000 Binary files a/examples/bind/corpus/a9ee91da097b35b234247ae8760d653d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a9ee9c82dcfb35b2448c77bdfb55b0b0.00000085.honggfuzz.cov b/examples/bind/corpus/a9ee9c82dcfb35b2448c77bdfb55b0b0.00000085.honggfuzz.cov deleted file mode 100644 index 20968689..00000000 Binary files a/examples/bind/corpus/a9ee9c82dcfb35b2448c77bdfb55b0b0.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a9f1644ed8271b293df69d959b7ed715.0000c95f.honggfuzz.cov b/examples/bind/corpus/a9f1644ed8271b293df69d959b7ed715.0000c95f.honggfuzz.cov deleted file mode 100644 index b3f563e1..00000000 Binary files a/examples/bind/corpus/a9f1644ed8271b293df69d959b7ed715.0000c95f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/a9f239f0a4d8ec422b90efa1069e891e.000000f2.honggfuzz.cov b/examples/bind/corpus/a9f239f0a4d8ec422b90efa1069e891e.000000f2.honggfuzz.cov new file mode 100644 index 00000000..2e69578d Binary files /dev/null and b/examples/bind/corpus/a9f239f0a4d8ec422b90efa1069e891e.000000f2.honggfuzz.cov differ diff --git a/examples/bind/corpus/aa14ae70e9e91d808e78d701fba06988.00000041.honggfuzz.cov b/examples/bind/corpus/aa14ae70e9e91d808e78d701fba06988.00000041.honggfuzz.cov deleted file mode 100644 index a6c19bdd..00000000 Binary files a/examples/bind/corpus/aa14ae70e9e91d808e78d701fba06988.00000041.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/aa43ae8b382bdfa40b4614e10e6a4819.0000ffe6.honggfuzz.cov b/examples/bind/corpus/aa43ae8b382bdfa40b4614e10e6a4819.0000ffe6.honggfuzz.cov new file mode 100644 index 00000000..087d3bda Binary files /dev/null and b/examples/bind/corpus/aa43ae8b382bdfa40b4614e10e6a4819.0000ffe6.honggfuzz.cov differ diff --git a/examples/bind/corpus/aa5dc21b86f772422c1dacfc0b82553d.000015c7.honggfuzz.cov b/examples/bind/corpus/aa5dc21b86f772422c1dacfc0b82553d.000015c7.honggfuzz.cov deleted file mode 100644 index c720bf8d..00000000 Binary files a/examples/bind/corpus/aa5dc21b86f772422c1dacfc0b82553d.000015c7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/aa5fdd739a97e880bf7ba9f3a2ba3ca6.0001f7e8.honggfuzz.cov b/examples/bind/corpus/aa5fdd739a97e880bf7ba9f3a2ba3ca6.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..dc3c0469 Binary files /dev/null and b/examples/bind/corpus/aa5fdd739a97e880bf7ba9f3a2ba3ca6.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/aa8bf95f503503920d0ce6ae48ffc663.00000335.honggfuzz.cov b/examples/bind/corpus/aa8bf95f503503920d0ce6ae48ffc663.00000335.honggfuzz.cov deleted file mode 100644 index f69a0df8..00000000 Binary files a/examples/bind/corpus/aa8bf95f503503920d0ce6ae48ffc663.00000335.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/aaabfdef2ec5803a2edd283331cc6b47.000005f3.honggfuzz.cov b/examples/bind/corpus/aaabfdef2ec5803a2edd283331cc6b47.000005f3.honggfuzz.cov deleted file mode 100644 index 180e4b6e..00000000 Binary files a/examples/bind/corpus/aaabfdef2ec5803a2edd283331cc6b47.000005f3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/aaac39e0e298f044fcc802a5027d1c4f.0000004d.honggfuzz.cov b/examples/bind/corpus/aaac39e0e298f044fcc802a5027d1c4f.0000004d.honggfuzz.cov deleted file mode 100644 index 1009ba76..00000000 Binary files a/examples/bind/corpus/aaac39e0e298f044fcc802a5027d1c4f.0000004d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/aaf91f027e14508db49d56035a61ab1c.000004a7.honggfuzz.cov b/examples/bind/corpus/aaf91f027e14508db49d56035a61ab1c.000004a7.honggfuzz.cov deleted file mode 100644 index 9311e2a1..00000000 Binary files a/examples/bind/corpus/aaf91f027e14508db49d56035a61ab1c.000004a7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ab10ca005f5b90e023ca523324e28b40.00000085.honggfuzz.cov b/examples/bind/corpus/ab10ca005f5b90e023ca523324e28b40.00000085.honggfuzz.cov deleted file mode 100644 index 9c4a55d6..00000000 Binary files a/examples/bind/corpus/ab10ca005f5b90e023ca523324e28b40.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ab2a078948126370912a164bed876734.000062be.honggfuzz.cov b/examples/bind/corpus/ab2a078948126370912a164bed876734.000062be.honggfuzz.cov deleted file mode 100644 index 8808aa64..00000000 Binary files a/examples/bind/corpus/ab2a078948126370912a164bed876734.000062be.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ab5d1b78b00c5f80aeb34d7e61f02d55.000000f9.honggfuzz.cov b/examples/bind/corpus/ab5d1b78b00c5f80aeb34d7e61f02d55.000000f9.honggfuzz.cov deleted file mode 100644 index 8526b98e..00000000 Binary files a/examples/bind/corpus/ab5d1b78b00c5f80aeb34d7e61f02d55.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ab5edd43e0c22b157937dfb613997139.00000967.honggfuzz.cov b/examples/bind/corpus/ab5edd43e0c22b157937dfb613997139.00000967.honggfuzz.cov deleted file mode 100644 index e48b1c96..00000000 Binary files a/examples/bind/corpus/ab5edd43e0c22b157937dfb613997139.00000967.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ab5ee8f75bfc75c08821addc7d3ae0cb.00000115.honggfuzz.cov b/examples/bind/corpus/ab5ee8f75bfc75c08821addc7d3ae0cb.00000115.honggfuzz.cov deleted file mode 100644 index cb265bff..00000000 Binary files a/examples/bind/corpus/ab5ee8f75bfc75c08821addc7d3ae0cb.00000115.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ab5fd84ffe624670c48c93c74fe28f75.00000217.honggfuzz.cov b/examples/bind/corpus/ab5fd84ffe624670c48c93c74fe28f75.00000217.honggfuzz.cov new file mode 100644 index 00000000..b3a1831a Binary files /dev/null and b/examples/bind/corpus/ab5fd84ffe624670c48c93c74fe28f75.00000217.honggfuzz.cov differ diff --git a/examples/bind/corpus/ab819ac820068c21c13a0b93940dcb16.00000085.honggfuzz.cov b/examples/bind/corpus/ab819ac820068c21c13a0b93940dcb16.00000085.honggfuzz.cov deleted file mode 100644 index edbbd156..00000000 Binary files a/examples/bind/corpus/ab819ac820068c21c13a0b93940dcb16.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ab8a03934f7925de9abdde611fc01c86.000000f9.honggfuzz.cov b/examples/bind/corpus/ab8a03934f7925de9abdde611fc01c86.000000f9.honggfuzz.cov new file mode 100644 index 00000000..6715e06c Binary files /dev/null and b/examples/bind/corpus/ab8a03934f7925de9abdde611fc01c86.000000f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/ab979bae14aa2df1fcc289470a186b76.00016710.honggfuzz.cov b/examples/bind/corpus/ab979bae14aa2df1fcc289470a186b76.00016710.honggfuzz.cov deleted file mode 100644 index d00b74ab..00000000 Binary files a/examples/bind/corpus/ab979bae14aa2df1fcc289470a186b76.00016710.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/aba86af181e00cb1d8bfdb02a824ee09.0000e687.honggfuzz.cov b/examples/bind/corpus/aba86af181e00cb1d8bfdb02a824ee09.0000e687.honggfuzz.cov deleted file mode 100644 index 0936b092..00000000 Binary files a/examples/bind/corpus/aba86af181e00cb1d8bfdb02a824ee09.0000e687.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/abb5f73167cd5f353fea714d3129949b.00000157.honggfuzz.cov b/examples/bind/corpus/abb5f73167cd5f353fea714d3129949b.00000157.honggfuzz.cov deleted file mode 100644 index d27bc7f7..00000000 Binary files a/examples/bind/corpus/abb5f73167cd5f353fea714d3129949b.00000157.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/abbdf197dd8d090ef36521f5aa892da1.0000004c.honggfuzz.cov b/examples/bind/corpus/abbdf197dd8d090ef36521f5aa892da1.0000004c.honggfuzz.cov new file mode 100644 index 00000000..3139aa5c Binary files /dev/null and b/examples/bind/corpus/abbdf197dd8d090ef36521f5aa892da1.0000004c.honggfuzz.cov differ diff --git a/examples/bind/corpus/abf48a0f38d07ca394281b848c91cee5.00000040.honggfuzz.cov b/examples/bind/corpus/abf48a0f38d07ca394281b848c91cee5.00000040.honggfuzz.cov deleted file mode 100644 index 634d0d6d..00000000 Binary files a/examples/bind/corpus/abf48a0f38d07ca394281b848c91cee5.00000040.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ac084f42c3587ec8640c0f5a7158b8d1.00000080.honggfuzz.cov b/examples/bind/corpus/ac084f42c3587ec8640c0f5a7158b8d1.00000080.honggfuzz.cov new file mode 100644 index 00000000..8357b439 Binary files /dev/null and b/examples/bind/corpus/ac084f42c3587ec8640c0f5a7158b8d1.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/ac2367e7a52ea56d73dc33f8ed760841.00000085.honggfuzz.cov b/examples/bind/corpus/ac2367e7a52ea56d73dc33f8ed760841.00000085.honggfuzz.cov deleted file mode 100644 index c228999d..00000000 Binary files a/examples/bind/corpus/ac2367e7a52ea56d73dc33f8ed760841.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ac3390328dbfde33b258489262ecf4a9.00000080.honggfuzz.cov b/examples/bind/corpus/ac3390328dbfde33b258489262ecf4a9.00000080.honggfuzz.cov new file mode 100644 index 00000000..97d04ca5 Binary files /dev/null and b/examples/bind/corpus/ac3390328dbfde33b258489262ecf4a9.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/ac3f33efaebb7cf4440fc11289921cb1.00002000.honggfuzz.cov b/examples/bind/corpus/ac3f33efaebb7cf4440fc11289921cb1.00002000.honggfuzz.cov new file mode 100644 index 00000000..0abfe2e7 Binary files /dev/null and b/examples/bind/corpus/ac3f33efaebb7cf4440fc11289921cb1.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/ac657e8e1ba8b1c069986bea3d02e0cb.00000037.honggfuzz.cov b/examples/bind/corpus/ac657e8e1ba8b1c069986bea3d02e0cb.00000037.honggfuzz.cov new file mode 100644 index 00000000..f512b9c4 Binary files /dev/null and b/examples/bind/corpus/ac657e8e1ba8b1c069986bea3d02e0cb.00000037.honggfuzz.cov differ diff --git a/examples/bind/corpus/ac9cb2cc5c6fe8d295a31531b055d408.00000085.honggfuzz.cov b/examples/bind/corpus/ac9cb2cc5c6fe8d295a31531b055d408.00000085.honggfuzz.cov deleted file mode 100644 index c5291c7c..00000000 Binary files a/examples/bind/corpus/ac9cb2cc5c6fe8d295a31531b055d408.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/acc38191cb61106741060c23bdb253b2.000000a5.honggfuzz.cov b/examples/bind/corpus/acc38191cb61106741060c23bdb253b2.000000a5.honggfuzz.cov new file mode 100644 index 00000000..38783911 Binary files /dev/null and b/examples/bind/corpus/acc38191cb61106741060c23bdb253b2.000000a5.honggfuzz.cov differ diff --git a/examples/bind/corpus/acc99e42579e338a4a7c1d57f99b65ea.0000c8de.honggfuzz.cov b/examples/bind/corpus/acc99e42579e338a4a7c1d57f99b65ea.0000c8de.honggfuzz.cov deleted file mode 100644 index 05e62bed..00000000 Binary files a/examples/bind/corpus/acc99e42579e338a4a7c1d57f99b65ea.0000c8de.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/accb79336cae9aac9770835deaa5575f.00020000.honggfuzz.cov b/examples/bind/corpus/accb79336cae9aac9770835deaa5575f.00020000.honggfuzz.cov deleted file mode 100644 index 643a9d46..00000000 Binary files a/examples/bind/corpus/accb79336cae9aac9770835deaa5575f.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ace4781cffbc0749fad8702f1c1e4d8a.0000012f.honggfuzz.cov b/examples/bind/corpus/ace4781cffbc0749fad8702f1c1e4d8a.0000012f.honggfuzz.cov new file mode 100644 index 00000000..9ba19538 Binary files /dev/null and b/examples/bind/corpus/ace4781cffbc0749fad8702f1c1e4d8a.0000012f.honggfuzz.cov differ diff --git a/examples/bind/corpus/acf0decc5c6fa89295f20471b055b864.00000085.honggfuzz.cov b/examples/bind/corpus/acf0decc5c6fa89295f20471b055b864.00000085.honggfuzz.cov deleted file mode 100644 index 59f43cd1..00000000 Binary files a/examples/bind/corpus/acf0decc5c6fa89295f20471b055b864.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/acf81bdf9147618d72e56faed8141696.00000146.honggfuzz.cov b/examples/bind/corpus/acf81bdf9147618d72e56faed8141696.00000146.honggfuzz.cov deleted file mode 100644 index 64e1710e..00000000 Binary files a/examples/bind/corpus/acf81bdf9147618d72e56faed8141696.00000146.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ad03b23869341e07e86fdc48d464147a.000006a9.honggfuzz.cov b/examples/bind/corpus/ad03b23869341e07e86fdc48d464147a.000006a9.honggfuzz.cov deleted file mode 100644 index 23114984..00000000 Binary files a/examples/bind/corpus/ad03b23869341e07e86fdc48d464147a.000006a9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ad2da8a4d56858bf3c58897fc9b0a67b.00000042.honggfuzz.cov b/examples/bind/corpus/ad2da8a4d56858bf3c58897fc9b0a67b.00000042.honggfuzz.cov new file mode 100644 index 00000000..811b4b52 Binary files /dev/null and b/examples/bind/corpus/ad2da8a4d56858bf3c58897fc9b0a67b.00000042.honggfuzz.cov differ diff --git a/examples/bind/corpus/ad5aca1eaf6462bd9e26ed80df4abc0e.00000f3a.honggfuzz.cov b/examples/bind/corpus/ad5aca1eaf6462bd9e26ed80df4abc0e.00000f3a.honggfuzz.cov new file mode 100644 index 00000000..48799e3b Binary files /dev/null and b/examples/bind/corpus/ad5aca1eaf6462bd9e26ed80df4abc0e.00000f3a.honggfuzz.cov differ diff --git a/examples/bind/corpus/ad5c43462e2d49e92d34feb369c83bd3.000005df.honggfuzz.cov b/examples/bind/corpus/ad5c43462e2d49e92d34feb369c83bd3.000005df.honggfuzz.cov new file mode 100644 index 00000000..d5090045 Binary files /dev/null and b/examples/bind/corpus/ad5c43462e2d49e92d34feb369c83bd3.000005df.honggfuzz.cov differ diff --git a/examples/bind/corpus/ad7611f3dcbf2e8db7d8a193019cbc26.00000085.honggfuzz.cov b/examples/bind/corpus/ad7611f3dcbf2e8db7d8a193019cbc26.00000085.honggfuzz.cov deleted file mode 100644 index 1eec2ee8..00000000 Binary files a/examples/bind/corpus/ad7611f3dcbf2e8db7d8a193019cbc26.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ad8b0b8ae8a900e724565e83d4c764cf.00000019.honggfuzz.cov b/examples/bind/corpus/ad8b0b8ae8a900e724565e83d4c764cf.00000019.honggfuzz.cov new file mode 100644 index 00000000..a91d3eed Binary files /dev/null and b/examples/bind/corpus/ad8b0b8ae8a900e724565e83d4c764cf.00000019.honggfuzz.cov differ diff --git a/examples/bind/corpus/ada082e1229712beb14b46f22c3378a9.0000005f.honggfuzz.cov b/examples/bind/corpus/ada082e1229712beb14b46f22c3378a9.0000005f.honggfuzz.cov deleted file mode 100644 index 26d77edb..00000000 Binary files a/examples/bind/corpus/ada082e1229712beb14b46f22c3378a9.0000005f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ade9fc0e578446234c6170a1ce1bc031.000170df.honggfuzz.cov b/examples/bind/corpus/ade9fc0e578446234c6170a1ce1bc031.000170df.honggfuzz.cov deleted file mode 100644 index 7616a805..00000000 Binary files a/examples/bind/corpus/ade9fc0e578446234c6170a1ce1bc031.000170df.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/adfa1051483316fa6aa4749bd47ae70b.0001153e.honggfuzz.cov b/examples/bind/corpus/adfa1051483316fa6aa4749bd47ae70b.0001153e.honggfuzz.cov new file mode 100644 index 00000000..22e2c838 Binary files /dev/null and b/examples/bind/corpus/adfa1051483316fa6aa4749bd47ae70b.0001153e.honggfuzz.cov differ diff --git a/examples/bind/corpus/adfc4f05cdc080cbe47693cad1d281fd.000054d1.honggfuzz.cov b/examples/bind/corpus/adfc4f05cdc080cbe47693cad1d281fd.000054d1.honggfuzz.cov new file mode 100644 index 00000000..0e1e6a5a Binary files /dev/null and b/examples/bind/corpus/adfc4f05cdc080cbe47693cad1d281fd.000054d1.honggfuzz.cov differ diff --git a/examples/bind/corpus/ae182f2ad48c2a8abfece2185e486e6b.00000138.honggfuzz.cov b/examples/bind/corpus/ae182f2ad48c2a8abfece2185e486e6b.00000138.honggfuzz.cov new file mode 100644 index 00000000..b8d52f93 Binary files /dev/null and b/examples/bind/corpus/ae182f2ad48c2a8abfece2185e486e6b.00000138.honggfuzz.cov differ diff --git a/examples/bind/corpus/ae225ee03821b5280b5fadfa8b789846.000101d0.honggfuzz.cov b/examples/bind/corpus/ae225ee03821b5280b5fadfa8b789846.000101d0.honggfuzz.cov new file mode 100644 index 00000000..de4c4adc Binary files /dev/null and b/examples/bind/corpus/ae225ee03821b5280b5fadfa8b789846.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/ae227cf216469cd95774c8c8a3d1555a.0000007a.honggfuzz.cov b/examples/bind/corpus/ae227cf216469cd95774c8c8a3d1555a.0000007a.honggfuzz.cov new file mode 100644 index 00000000..17c7e62e Binary files /dev/null and b/examples/bind/corpus/ae227cf216469cd95774c8c8a3d1555a.0000007a.honggfuzz.cov differ diff --git a/examples/bind/corpus/ae3ade096ab6a515a16963dad1dab1b7.00000085.honggfuzz.cov b/examples/bind/corpus/ae3ade096ab6a515a16963dad1dab1b7.00000085.honggfuzz.cov deleted file mode 100644 index f09bfe8c..00000000 Binary files a/examples/bind/corpus/ae3ade096ab6a515a16963dad1dab1b7.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ae3cc552d1b1015bce88c8b20f15dc44.000003fc.honggfuzz.cov b/examples/bind/corpus/ae3cc552d1b1015bce88c8b20f15dc44.000003fc.honggfuzz.cov new file mode 100644 index 00000000..1cef82a4 Binary files /dev/null and b/examples/bind/corpus/ae3cc552d1b1015bce88c8b20f15dc44.000003fc.honggfuzz.cov differ diff --git a/examples/bind/corpus/ae3d3d9d1ed8d656945185e747c1e9b6.00000085.honggfuzz.cov b/examples/bind/corpus/ae3d3d9d1ed8d656945185e747c1e9b6.00000085.honggfuzz.cov deleted file mode 100644 index 91917b80..00000000 Binary files a/examples/bind/corpus/ae3d3d9d1ed8d656945185e747c1e9b6.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ae7b6a5591f1db0be44831e0f63d877f.00000085.honggfuzz.cov b/examples/bind/corpus/ae7b6a5591f1db0be44831e0f63d877f.00000085.honggfuzz.cov deleted file mode 100644 index 36056e86..00000000 Binary files a/examples/bind/corpus/ae7b6a5591f1db0be44831e0f63d877f.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ae7cab37623f2bed45f7991bfd3a8046.00000062.honggfuzz.cov b/examples/bind/corpus/ae7cab37623f2bed45f7991bfd3a8046.00000062.honggfuzz.cov deleted file mode 100644 index 58cdf2a8..00000000 Binary files a/examples/bind/corpus/ae7cab37623f2bed45f7991bfd3a8046.00000062.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ae91a88f58f26bcf7092222bcf23327b.00000085.honggfuzz.cov b/examples/bind/corpus/ae91a88f58f26bcf7092222bcf23327b.00000085.honggfuzz.cov deleted file mode 100644 index 1d11729c..00000000 Binary files a/examples/bind/corpus/ae91a88f58f26bcf7092222bcf23327b.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ae91ab7c97cd6bcf5f422118cc130178.00000085.honggfuzz.cov b/examples/bind/corpus/ae91ab7c97cd6bcf5f422118cc130178.00000085.honggfuzz.cov deleted file mode 100644 index 5e045050..00000000 Binary files a/examples/bind/corpus/ae91ab7c97cd6bcf5f422118cc130178.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ae9e214e2b3fce73c34c8b99d8795f3a.00000400.honggfuzz.cov b/examples/bind/corpus/ae9e214e2b3fce73c34c8b99d8795f3a.00000400.honggfuzz.cov deleted file mode 100644 index 0390e6ba..00000000 Binary files a/examples/bind/corpus/ae9e214e2b3fce73c34c8b99d8795f3a.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/aea1809e18932f15cdca5ee0e1cc13cb.00000085.honggfuzz.cov b/examples/bind/corpus/aea1809e18932f15cdca5ee0e1cc13cb.00000085.honggfuzz.cov deleted file mode 100644 index 1284ff1e..00000000 Binary files a/examples/bind/corpus/aea1809e18932f15cdca5ee0e1cc13cb.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/aea1809e88032f159e99ce70e1cc835b.00000085.honggfuzz.cov b/examples/bind/corpus/aea1809e88032f159e99ce70e1cc835b.00000085.honggfuzz.cov new file mode 100644 index 00000000..949c1e06 Binary files /dev/null and b/examples/bind/corpus/aea1809e88032f159e99ce70e1cc835b.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/aeb68da36274c6f17c8e03ce53c91745.00016ced.honggfuzz.cov b/examples/bind/corpus/aeb68da36274c6f17c8e03ce53c91745.00016ced.honggfuzz.cov deleted file mode 100644 index e5c3e604..00000000 Binary files a/examples/bind/corpus/aeb68da36274c6f17c8e03ce53c91745.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/aec9e4483133e242046cb6a74eec66b4.000101d0.honggfuzz.cov b/examples/bind/corpus/aec9e4483133e242046cb6a74eec66b4.000101d0.honggfuzz.cov new file mode 100644 index 00000000..42a5eff9 Binary files /dev/null and b/examples/bind/corpus/aec9e4483133e242046cb6a74eec66b4.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/aee51ba143edb0fc421d949f1c2f0be2.0001102a.honggfuzz.cov b/examples/bind/corpus/aee51ba143edb0fc421d949f1c2f0be2.0001102a.honggfuzz.cov new file mode 100644 index 00000000..46a1e7d4 Binary files /dev/null and b/examples/bind/corpus/aee51ba143edb0fc421d949f1c2f0be2.0001102a.honggfuzz.cov differ diff --git a/examples/bind/corpus/af0ba9952a82f2ad168a70de869f2aef.00000085.honggfuzz.cov b/examples/bind/corpus/af0ba9952a82f2ad168a70de869f2aef.00000085.honggfuzz.cov deleted file mode 100644 index a13a45f2..00000000 Binary files a/examples/bind/corpus/af0ba9952a82f2ad168a70de869f2aef.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/af134555e0bf4fd677f8423306837763.00000b01.honggfuzz.cov b/examples/bind/corpus/af134555e0bf4fd677f8423306837763.00000b01.honggfuzz.cov deleted file mode 100644 index 92ab4696..00000000 Binary files a/examples/bind/corpus/af134555e0bf4fd677f8423306837763.00000b01.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/af56d0e9faef86e3b8c4abfac060f499.00000085.honggfuzz.cov b/examples/bind/corpus/af56d0e9faef86e3b8c4abfac060f499.00000085.honggfuzz.cov new file mode 100644 index 00000000..b426eddb Binary files /dev/null and b/examples/bind/corpus/af56d0e9faef86e3b8c4abfac060f499.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/af6e075f3adcf392d7fa6295b3974203.00000336.honggfuzz.cov b/examples/bind/corpus/af6e075f3adcf392d7fa6295b3974203.00000336.honggfuzz.cov new file mode 100644 index 00000000..775a711c Binary files /dev/null and b/examples/bind/corpus/af6e075f3adcf392d7fa6295b3974203.00000336.honggfuzz.cov differ diff --git a/examples/bind/corpus/af6e8ce1f8f5928c746248d76b986e8a.0001153e.honggfuzz.cov b/examples/bind/corpus/af6e8ce1f8f5928c746248d76b986e8a.0001153e.honggfuzz.cov deleted file mode 100644 index e7aad9a2..00000000 Binary files a/examples/bind/corpus/af6e8ce1f8f5928c746248d76b986e8a.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/afa3de728207e0e8b3869153d0d91203.00000085.honggfuzz.cov b/examples/bind/corpus/afa3de728207e0e8b3869153d0d91203.00000085.honggfuzz.cov deleted file mode 100644 index 132bc100..00000000 Binary files a/examples/bind/corpus/afa3de728207e0e8b3869153d0d91203.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/afa3de7282b1863895e04a3e66bfc91c.00000085.honggfuzz.cov b/examples/bind/corpus/afa3de7282b1863895e04a3e66bfc91c.00000085.honggfuzz.cov deleted file mode 100644 index 53980069..00000000 Binary files a/examples/bind/corpus/afa3de7282b1863895e04a3e66bfc91c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/afa7a4a363ae942e76488103e27febc3.00016ced.honggfuzz.cov b/examples/bind/corpus/afa7a4a363ae942e76488103e27febc3.00016ced.honggfuzz.cov deleted file mode 100644 index 046bca8a..00000000 Binary files a/examples/bind/corpus/afa7a4a363ae942e76488103e27febc3.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/afd426fdcc6cd5127ff576512301b7bc.00000085.honggfuzz.cov b/examples/bind/corpus/afd426fdcc6cd5127ff576512301b7bc.00000085.honggfuzz.cov deleted file mode 100644 index 69681570..00000000 Binary files a/examples/bind/corpus/afd426fdcc6cd5127ff576512301b7bc.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/afd6e5475b797e7a5762a4513c5b282f.00000069.honggfuzz.cov b/examples/bind/corpus/afd6e5475b797e7a5762a4513c5b282f.00000069.honggfuzz.cov deleted file mode 100644 index afca84e2..00000000 Binary files a/examples/bind/corpus/afd6e5475b797e7a5762a4513c5b282f.00000069.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b01a570db528d6637bec1c2426767198.00000020.honggfuzz.cov b/examples/bind/corpus/b01a570db528d6637bec1c2426767198.00000020.honggfuzz.cov new file mode 100644 index 00000000..9cc6baa3 Binary files /dev/null and b/examples/bind/corpus/b01a570db528d6637bec1c2426767198.00000020.honggfuzz.cov differ diff --git a/examples/bind/corpus/b03293ce03083861e2b311549e8e2556.0000021f.honggfuzz.cov b/examples/bind/corpus/b03293ce03083861e2b311549e8e2556.0000021f.honggfuzz.cov deleted file mode 100644 index 4488b105..00000000 Binary files a/examples/bind/corpus/b03293ce03083861e2b311549e8e2556.0000021f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b045aea56756f4b71b4b7773206feef0.0000a0a1.honggfuzz.cov b/examples/bind/corpus/b045aea56756f4b71b4b7773206feef0.0000a0a1.honggfuzz.cov deleted file mode 100644 index dfd5aa4d..00000000 Binary files a/examples/bind/corpus/b045aea56756f4b71b4b7773206feef0.0000a0a1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b04fb9a8215b103243cbe8739d7cf98a.00000085.honggfuzz.cov b/examples/bind/corpus/b04fb9a8215b103243cbe8739d7cf98a.00000085.honggfuzz.cov deleted file mode 100644 index 54cb037b..00000000 Binary files a/examples/bind/corpus/b04fb9a8215b103243cbe8739d7cf98a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b061297769f91e45d093dd57c0bd169d.00000ffe.honggfuzz.cov b/examples/bind/corpus/b061297769f91e45d093dd57c0bd169d.00000ffe.honggfuzz.cov new file mode 100644 index 00000000..d69c45ad Binary files /dev/null and b/examples/bind/corpus/b061297769f91e45d093dd57c0bd169d.00000ffe.honggfuzz.cov differ diff --git a/examples/bind/corpus/b08c7917bdf4de6dae98141e3feaf9e7.00002000.honggfuzz.cov b/examples/bind/corpus/b08c7917bdf4de6dae98141e3feaf9e7.00002000.honggfuzz.cov deleted file mode 100644 index 33e0b2e3..00000000 Binary files a/examples/bind/corpus/b08c7917bdf4de6dae98141e3feaf9e7.00002000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b0ac0b8af11a93f50cdad39bb5ab2c57.00000051.honggfuzz.cov b/examples/bind/corpus/b0ac0b8af11a93f50cdad39bb5ab2c57.00000051.honggfuzz.cov deleted file mode 100644 index c12e733f..00000000 Binary files a/examples/bind/corpus/b0ac0b8af11a93f50cdad39bb5ab2c57.00000051.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b0c2ab50cbdd36211cc989424f064fb0.00000546.honggfuzz.cov b/examples/bind/corpus/b0c2ab50cbdd36211cc989424f064fb0.00000546.honggfuzz.cov deleted file mode 100644 index 0a8cfb8a..00000000 Binary files a/examples/bind/corpus/b0c2ab50cbdd36211cc989424f064fb0.00000546.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b0e15f7ecce9ce32cec800a2ab26e066.00000037.honggfuzz.cov b/examples/bind/corpus/b0e15f7ecce9ce32cec800a2ab26e066.00000037.honggfuzz.cov deleted file mode 100644 index ceffb8fb..00000000 Binary files a/examples/bind/corpus/b0e15f7ecce9ce32cec800a2ab26e066.00000037.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b1aed63c99df24404300897180614a6e.000000e1.honggfuzz.cov b/examples/bind/corpus/b1aed63c99df24404300897180614a6e.000000e1.honggfuzz.cov new file mode 100644 index 00000000..c2df3571 Binary files /dev/null and b/examples/bind/corpus/b1aed63c99df24404300897180614a6e.000000e1.honggfuzz.cov differ diff --git a/examples/bind/corpus/b1b4f4d79d86d98a6c0e6883e8e83ab3.0001153e.honggfuzz.cov b/examples/bind/corpus/b1b4f4d79d86d98a6c0e6883e8e83ab3.0001153e.honggfuzz.cov new file mode 100644 index 00000000..d31d673b Binary files /dev/null and b/examples/bind/corpus/b1b4f4d79d86d98a6c0e6883e8e83ab3.0001153e.honggfuzz.cov differ diff --git a/examples/bind/corpus/b1bf44d032ada918e1510e5e804ef610.0000092c.honggfuzz.cov b/examples/bind/corpus/b1bf44d032ada918e1510e5e804ef610.0000092c.honggfuzz.cov new file mode 100644 index 00000000..94a80839 Binary files /dev/null and b/examples/bind/corpus/b1bf44d032ada918e1510e5e804ef610.0000092c.honggfuzz.cov differ diff --git a/examples/bind/corpus/b1d10225f53e5f3c7a4d7f8b58b25cb1.00000085.honggfuzz.cov b/examples/bind/corpus/b1d10225f53e5f3c7a4d7f8b58b25cb1.00000085.honggfuzz.cov deleted file mode 100644 index 1ee7a6c5..00000000 Binary files a/examples/bind/corpus/b1d10225f53e5f3c7a4d7f8b58b25cb1.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b1d404685d68e685b3c9a19e6e28de29.0000151b.honggfuzz.cov b/examples/bind/corpus/b1d404685d68e685b3c9a19e6e28de29.0000151b.honggfuzz.cov deleted file mode 100644 index 0812e3ed..00000000 Binary files a/examples/bind/corpus/b1d404685d68e685b3c9a19e6e28de29.0000151b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b1d5efa10c25bcff4f44e699f40ca1e5.00020000.honggfuzz.cov b/examples/bind/corpus/b1d5efa10c25bcff4f44e699f40ca1e5.00020000.honggfuzz.cov deleted file mode 100644 index 237bc750..00000000 Binary files a/examples/bind/corpus/b1d5efa10c25bcff4f44e699f40ca1e5.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b1edba286b2eb85b308effadf5e594a6.000000ae.honggfuzz.cov b/examples/bind/corpus/b1edba286b2eb85b308effadf5e594a6.000000ae.honggfuzz.cov deleted file mode 100644 index a7e48db1..00000000 Binary files a/examples/bind/corpus/b1edba286b2eb85b308effadf5e594a6.000000ae.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b1fd22361d7f05bd3d7a6b88ff385499.00015ac8.honggfuzz.cov b/examples/bind/corpus/b1fd22361d7f05bd3d7a6b88ff385499.00015ac8.honggfuzz.cov deleted file mode 100644 index dad0859f..00000000 Binary files a/examples/bind/corpus/b1fd22361d7f05bd3d7a6b88ff385499.00015ac8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b224ec9e1d03cbe1bb341fd4fa22f856.000002e6.honggfuzz.cov b/examples/bind/corpus/b224ec9e1d03cbe1bb341fd4fa22f856.000002e6.honggfuzz.cov new file mode 100644 index 00000000..d883a17f Binary files /dev/null and b/examples/bind/corpus/b224ec9e1d03cbe1bb341fd4fa22f856.000002e6.honggfuzz.cov differ diff --git a/examples/bind/corpus/b243e5be8b59746d420ac966ca8c4f47.00000040.honggfuzz.cov b/examples/bind/corpus/b243e5be8b59746d420ac966ca8c4f47.00000040.honggfuzz.cov deleted file mode 100644 index bd2bcdd4..00000000 Binary files a/examples/bind/corpus/b243e5be8b59746d420ac966ca8c4f47.00000040.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b2711af1b58e937a89a0219e62d8c88c.00000085.honggfuzz.cov b/examples/bind/corpus/b2711af1b58e937a89a0219e62d8c88c.00000085.honggfuzz.cov deleted file mode 100644 index 7762ab0b..00000000 Binary files a/examples/bind/corpus/b2711af1b58e937a89a0219e62d8c88c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b2959afd155f4497fb941b457f515014.000000c6.honggfuzz.cov b/examples/bind/corpus/b2959afd155f4497fb941b457f515014.000000c6.honggfuzz.cov new file mode 100644 index 00000000..626f7cfa Binary files /dev/null and b/examples/bind/corpus/b2959afd155f4497fb941b457f515014.000000c6.honggfuzz.cov differ diff --git a/examples/bind/corpus/b2a37ab3c886f2ca483ab8e660092254.000061c9.honggfuzz.cov b/examples/bind/corpus/b2a37ab3c886f2ca483ab8e660092254.000061c9.honggfuzz.cov deleted file mode 100644 index 31610d1f..00000000 Binary files a/examples/bind/corpus/b2a37ab3c886f2ca483ab8e660092254.000061c9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b2ae4abaeb367ce74924cbdbad22ebf8.00000176.honggfuzz.cov b/examples/bind/corpus/b2ae4abaeb367ce74924cbdbad22ebf8.00000176.honggfuzz.cov new file mode 100644 index 00000000..8e53ad39 Binary files /dev/null and b/examples/bind/corpus/b2ae4abaeb367ce74924cbdbad22ebf8.00000176.honggfuzz.cov differ diff --git a/examples/bind/corpus/b2b4e31ab4c38b0069437ee8fa34ad93.0000006a.honggfuzz.cov b/examples/bind/corpus/b2b4e31ab4c38b0069437ee8fa34ad93.0000006a.honggfuzz.cov new file mode 100644 index 00000000..ee1536a6 Binary files /dev/null and b/examples/bind/corpus/b2b4e31ab4c38b0069437ee8fa34ad93.0000006a.honggfuzz.cov differ diff --git a/examples/bind/corpus/b2b4e31b6fb38b0088536fe9eb34ac49.0000006a.honggfuzz.cov b/examples/bind/corpus/b2b4e31b6fb38b0088536fe9eb34ac49.0000006a.honggfuzz.cov deleted file mode 100644 index d79fe1b6..00000000 Binary files a/examples/bind/corpus/b2b4e31b6fb38b0088536fe9eb34ac49.0000006a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b2ced594813768bbfe3495c48174d150.000000f9.honggfuzz.cov b/examples/bind/corpus/b2ced594813768bbfe3495c48174d150.000000f9.honggfuzz.cov new file mode 100644 index 00000000..e7c5de15 Binary files /dev/null and b/examples/bind/corpus/b2ced594813768bbfe3495c48174d150.000000f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/b2d55853452c9abf16761b2200734b22.00000084.honggfuzz.cov b/examples/bind/corpus/b2d55853452c9abf16761b2200734b22.00000084.honggfuzz.cov new file mode 100644 index 00000000..2496dc0d Binary files /dev/null and b/examples/bind/corpus/b2d55853452c9abf16761b2200734b22.00000084.honggfuzz.cov differ diff --git a/examples/bind/corpus/b2d87d89bb4a1e8e2af0d80f34b12d30.0000025f.honggfuzz.cov b/examples/bind/corpus/b2d87d89bb4a1e8e2af0d80f34b12d30.0000025f.honggfuzz.cov new file mode 100644 index 00000000..6cda4a78 Binary files /dev/null and b/examples/bind/corpus/b2d87d89bb4a1e8e2af0d80f34b12d30.0000025f.honggfuzz.cov differ diff --git a/examples/bind/corpus/b326c744521fc8efffda6d6205c6c5f8.00000085.honggfuzz.cov b/examples/bind/corpus/b326c744521fc8efffda6d6205c6c5f8.00000085.honggfuzz.cov deleted file mode 100644 index 8562e7a3..00000000 Binary files a/examples/bind/corpus/b326c744521fc8efffda6d6205c6c5f8.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b32e837c85d9596f3bcfb45c7fdae7e6.0000052e.honggfuzz.cov b/examples/bind/corpus/b32e837c85d9596f3bcfb45c7fdae7e6.0000052e.honggfuzz.cov new file mode 100644 index 00000000..b8fd78e0 Binary files /dev/null and b/examples/bind/corpus/b32e837c85d9596f3bcfb45c7fdae7e6.0000052e.honggfuzz.cov differ diff --git a/examples/bind/corpus/b33dc2146c7d11d6bea01d0f32975c15.00000239.honggfuzz.cov b/examples/bind/corpus/b33dc2146c7d11d6bea01d0f32975c15.00000239.honggfuzz.cov deleted file mode 100644 index e35d40bb..00000000 Binary files a/examples/bind/corpus/b33dc2146c7d11d6bea01d0f32975c15.00000239.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b35f72fe02b2bf2428f7acc5d9b439a1.00014294.honggfuzz.cov b/examples/bind/corpus/b35f72fe02b2bf2428f7acc5d9b439a1.00014294.honggfuzz.cov deleted file mode 100644 index 96f6639c..00000000 Binary files a/examples/bind/corpus/b35f72fe02b2bf2428f7acc5d9b439a1.00014294.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b3804c2e82c59c3ca0a4919bb3df6cd6.0005eb74.honggfuzz.cov b/examples/bind/corpus/b3804c2e82c59c3ca0a4919bb3df6cd6.0005eb74.honggfuzz.cov deleted file mode 100644 index 32124e18..00000000 Binary files a/examples/bind/corpus/b3804c2e82c59c3ca0a4919bb3df6cd6.0005eb74.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b3bacf29d6a400a3d325daccf00d0648.000006ae.honggfuzz.cov b/examples/bind/corpus/b3bacf29d6a400a3d325daccf00d0648.000006ae.honggfuzz.cov deleted file mode 100644 index d58774c1..00000000 Binary files a/examples/bind/corpus/b3bacf29d6a400a3d325daccf00d0648.000006ae.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b4082d2e02c879d7f05f1aad8f36cc57.000003ad.honggfuzz.cov b/examples/bind/corpus/b4082d2e02c879d7f05f1aad8f36cc57.000003ad.honggfuzz.cov deleted file mode 100644 index 0c8447e9..00000000 Binary files a/examples/bind/corpus/b4082d2e02c879d7f05f1aad8f36cc57.000003ad.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b419c2fd219a8ebe57284ffd03ee73c9.00000455.honggfuzz.cov b/examples/bind/corpus/b419c2fd219a8ebe57284ffd03ee73c9.00000455.honggfuzz.cov new file mode 100644 index 00000000..6a5cad8d Binary files /dev/null and b/examples/bind/corpus/b419c2fd219a8ebe57284ffd03ee73c9.00000455.honggfuzz.cov differ diff --git a/examples/bind/corpus/b42083abca7bde3e0a00ede9f3209df9.00002407.honggfuzz.cov b/examples/bind/corpus/b42083abca7bde3e0a00ede9f3209df9.00002407.honggfuzz.cov deleted file mode 100644 index f36a1ae4..00000000 Binary files a/examples/bind/corpus/b42083abca7bde3e0a00ede9f3209df9.00002407.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b42cf814cc3c3086897b8a3a05b18648.0000338a.honggfuzz.cov b/examples/bind/corpus/b42cf814cc3c3086897b8a3a05b18648.0000338a.honggfuzz.cov deleted file mode 100644 index 4eca8428..00000000 Binary files a/examples/bind/corpus/b42cf814cc3c3086897b8a3a05b18648.0000338a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b48aa4d40a8bb4efbfa392aee5a14f52.00000040.honggfuzz.cov b/examples/bind/corpus/b48aa4d40a8bb4efbfa392aee5a14f52.00000040.honggfuzz.cov new file mode 100644 index 00000000..f0d6f4d5 Binary files /dev/null and b/examples/bind/corpus/b48aa4d40a8bb4efbfa392aee5a14f52.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/b4b919b71417aa44bf1bf5d428766940.00000100.honggfuzz.cov b/examples/bind/corpus/b4b919b71417aa44bf1bf5d428766940.00000100.honggfuzz.cov new file mode 100644 index 00000000..9ff3b6e8 Binary files /dev/null and b/examples/bind/corpus/b4b919b71417aa44bf1bf5d428766940.00000100.honggfuzz.cov differ diff --git a/examples/bind/corpus/b4f15564d0636ce893298cf03a4ab089.00000265.honggfuzz.cov b/examples/bind/corpus/b4f15564d0636ce893298cf03a4ab089.00000265.honggfuzz.cov deleted file mode 100644 index dcd61dc9..00000000 Binary files a/examples/bind/corpus/b4f15564d0636ce893298cf03a4ab089.00000265.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b4f376b02ed25880e6b99d4a1a2954f4.00000350.honggfuzz.cov b/examples/bind/corpus/b4f376b02ed25880e6b99d4a1a2954f4.00000350.honggfuzz.cov new file mode 100644 index 00000000..b232b8c3 Binary files /dev/null and b/examples/bind/corpus/b4f376b02ed25880e6b99d4a1a2954f4.00000350.honggfuzz.cov differ diff --git a/examples/bind/corpus/b50be83f600a097014e90740bcba4777.000001cc.honggfuzz.cov b/examples/bind/corpus/b50be83f600a097014e90740bcba4777.000001cc.honggfuzz.cov deleted file mode 100644 index 57207ddd..00000000 Binary files a/examples/bind/corpus/b50be83f600a097014e90740bcba4777.000001cc.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b532d31a004896f970183415ef0f8b66.00000085.honggfuzz.cov b/examples/bind/corpus/b532d31a004896f970183415ef0f8b66.00000085.honggfuzz.cov deleted file mode 100644 index 47b247be..00000000 Binary files a/examples/bind/corpus/b532d31a004896f970183415ef0f8b66.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b544e3128b59746d456778a6ca8c0b46.00000040.honggfuzz.cov b/examples/bind/corpus/b544e3128b59746d456778a6ca8c0b46.00000040.honggfuzz.cov new file mode 100644 index 00000000..a480eb22 Binary files /dev/null and b/examples/bind/corpus/b544e3128b59746d456778a6ca8c0b46.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/b5526925ee3a29c86cb708582491c5ae.00000e83.honggfuzz.cov b/examples/bind/corpus/b5526925ee3a29c86cb708582491c5ae.00000e83.honggfuzz.cov deleted file mode 100644 index 5d56176b..00000000 Binary files a/examples/bind/corpus/b5526925ee3a29c86cb708582491c5ae.00000e83.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b5aa3b6149f9a5a9cccbce8e6bfbd7b3.0002da95.honggfuzz.cov b/examples/bind/corpus/b5aa3b6149f9a5a9cccbce8e6bfbd7b3.0002da95.honggfuzz.cov deleted file mode 100644 index fb3a10c7..00000000 Binary files a/examples/bind/corpus/b5aa3b6149f9a5a9cccbce8e6bfbd7b3.0002da95.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b5b54876d679c5c39d3d36bab536382e.00005fff.honggfuzz.cov b/examples/bind/corpus/b5b54876d679c5c39d3d36bab536382e.00005fff.honggfuzz.cov deleted file mode 100644 index cf947a18..00000000 Binary files a/examples/bind/corpus/b5b54876d679c5c39d3d36bab536382e.00005fff.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b603c1fa932337f8d9a54b07abb888df.0000000e.honggfuzz.cov b/examples/bind/corpus/b603c1fa932337f8d9a54b07abb888df.0000000e.honggfuzz.cov new file mode 100644 index 00000000..2b5f1f04 Binary files /dev/null and b/examples/bind/corpus/b603c1fa932337f8d9a54b07abb888df.0000000e.honggfuzz.cov differ diff --git a/examples/bind/corpus/b61731d2ef4f39c3c411e0d12f3bd0f8.000105b8.honggfuzz.cov b/examples/bind/corpus/b61731d2ef4f39c3c411e0d12f3bd0f8.000105b8.honggfuzz.cov new file mode 100644 index 00000000..b0de7e35 Binary files /dev/null and b/examples/bind/corpus/b61731d2ef4f39c3c411e0d12f3bd0f8.000105b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/b617a6d79d778094d62a9a8687b74714.000538ff.honggfuzz.cov b/examples/bind/corpus/b617a6d79d778094d62a9a8687b74714.000538ff.honggfuzz.cov deleted file mode 100644 index 2594e042..00000000 Binary files a/examples/bind/corpus/b617a6d79d778094d62a9a8687b74714.000538ff.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b682cac71550d9821071bc5f355c46ea.00000c31.honggfuzz.cov b/examples/bind/corpus/b682cac71550d9821071bc5f355c46ea.00000c31.honggfuzz.cov new file mode 100644 index 00000000..ba94239f Binary files /dev/null and b/examples/bind/corpus/b682cac71550d9821071bc5f355c46ea.00000c31.honggfuzz.cov differ diff --git a/examples/bind/corpus/b68e68d6893b707d4ff99fb2159e848b.000000de.honggfuzz.cov b/examples/bind/corpus/b68e68d6893b707d4ff99fb2159e848b.000000de.honggfuzz.cov new file mode 100644 index 00000000..c9e8efb7 Binary files /dev/null and b/examples/bind/corpus/b68e68d6893b707d4ff99fb2159e848b.000000de.honggfuzz.cov differ diff --git a/examples/bind/corpus/b6ac3e7300f824719673fb74c18af774.00018619.honggfuzz.cov b/examples/bind/corpus/b6ac3e7300f824719673fb74c18af774.00018619.honggfuzz.cov deleted file mode 100644 index c7227a7b..00000000 Binary files a/examples/bind/corpus/b6ac3e7300f824719673fb74c18af774.00018619.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b6b5a3ef60e4b9b9661dbcd36fd9f5a0.00014294.honggfuzz.cov b/examples/bind/corpus/b6b5a3ef60e4b9b9661dbcd36fd9f5a0.00014294.honggfuzz.cov new file mode 100644 index 00000000..845674d0 Binary files /dev/null and b/examples/bind/corpus/b6b5a3ef60e4b9b9661dbcd36fd9f5a0.00014294.honggfuzz.cov differ diff --git a/examples/bind/corpus/b6c743f1e50341c74074313dcc2e3427.00000086.honggfuzz.cov b/examples/bind/corpus/b6c743f1e50341c74074313dcc2e3427.00000086.honggfuzz.cov deleted file mode 100644 index dbada1e8..00000000 Binary files a/examples/bind/corpus/b6c743f1e50341c74074313dcc2e3427.00000086.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b6cc1e711317b6d9772d08153b41595a.0000005e.honggfuzz.cov b/examples/bind/corpus/b6cc1e711317b6d9772d08153b41595a.0000005e.honggfuzz.cov new file mode 100644 index 00000000..1c97fef1 Binary files /dev/null and b/examples/bind/corpus/b6cc1e711317b6d9772d08153b41595a.0000005e.honggfuzz.cov differ diff --git a/examples/bind/corpus/b6e041818f36127c69fdefe9f16acc70.0000149a.honggfuzz.cov b/examples/bind/corpus/b6e041818f36127c69fdefe9f16acc70.0000149a.honggfuzz.cov new file mode 100644 index 00000000..9f71cfe6 Binary files /dev/null and b/examples/bind/corpus/b6e041818f36127c69fdefe9f16acc70.0000149a.honggfuzz.cov differ diff --git a/examples/bind/corpus/b6f29ff02fcc8af9326dc0505793a0c0.0001f7e8.honggfuzz.cov b/examples/bind/corpus/b6f29ff02fcc8af9326dc0505793a0c0.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..5aafcb69 Binary files /dev/null and b/examples/bind/corpus/b6f29ff02fcc8af9326dc0505793a0c0.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/b7096fad9e8591bc5c5dbb8dc074a4ac.00000200.honggfuzz.cov b/examples/bind/corpus/b7096fad9e8591bc5c5dbb8dc074a4ac.00000200.honggfuzz.cov new file mode 100644 index 00000000..9c0e95c1 Binary files /dev/null and b/examples/bind/corpus/b7096fad9e8591bc5c5dbb8dc074a4ac.00000200.honggfuzz.cov differ diff --git a/examples/bind/corpus/b71c1ce87951054860ba291fb344a7f2.00000085.honggfuzz.cov b/examples/bind/corpus/b71c1ce87951054860ba291fb344a7f2.00000085.honggfuzz.cov deleted file mode 100644 index b82c1ed7..00000000 Binary files a/examples/bind/corpus/b71c1ce87951054860ba291fb344a7f2.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b730bd522c35692d54626a783502e56a.0000efd9.honggfuzz.cov b/examples/bind/corpus/b730bd522c35692d54626a783502e56a.0000efd9.honggfuzz.cov new file mode 100644 index 00000000..ab8673e7 Binary files /dev/null and b/examples/bind/corpus/b730bd522c35692d54626a783502e56a.0000efd9.honggfuzz.cov differ diff --git a/examples/bind/corpus/b75eb72d4b906317012e0405d766d9e6.000053c3.honggfuzz.cov b/examples/bind/corpus/b75eb72d4b906317012e0405d766d9e6.000053c3.honggfuzz.cov deleted file mode 100644 index d915758f..00000000 Binary files a/examples/bind/corpus/b75eb72d4b906317012e0405d766d9e6.000053c3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b79239629e1b9869cf8753daf412bd79.000054d1.honggfuzz.cov b/examples/bind/corpus/b79239629e1b9869cf8753daf412bd79.000054d1.honggfuzz.cov deleted file mode 100644 index 3110bd3f..00000000 Binary files a/examples/bind/corpus/b79239629e1b9869cf8753daf412bd79.000054d1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b793a9ff0bc952297fe43912df7147cc.00002319.honggfuzz.cov b/examples/bind/corpus/b793a9ff0bc952297fe43912df7147cc.00002319.honggfuzz.cov new file mode 100644 index 00000000..d7aebd9c Binary files /dev/null and b/examples/bind/corpus/b793a9ff0bc952297fe43912df7147cc.00002319.honggfuzz.cov differ diff --git a/examples/bind/corpus/b7a62c5aa3fafa7b814ae86f63d4d738.00000092.honggfuzz.cov b/examples/bind/corpus/b7a62c5aa3fafa7b814ae86f63d4d738.00000092.honggfuzz.cov deleted file mode 100644 index 260fb3b7..00000000 Binary files a/examples/bind/corpus/b7a62c5aa3fafa7b814ae86f63d4d738.00000092.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b7d42e6386c733fba476fc6b412e0f99.00000244.honggfuzz.cov b/examples/bind/corpus/b7d42e6386c733fba476fc6b412e0f99.00000244.honggfuzz.cov deleted file mode 100644 index 6a51534c..00000000 Binary files a/examples/bind/corpus/b7d42e6386c733fba476fc6b412e0f99.00000244.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b7e6a10e94231ff2895d7d2b24d3779e.00000085.honggfuzz.cov b/examples/bind/corpus/b7e6a10e94231ff2895d7d2b24d3779e.00000085.honggfuzz.cov deleted file mode 100644 index 078e7371..00000000 Binary files a/examples/bind/corpus/b7e6a10e94231ff2895d7d2b24d3779e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b7ea36631f0175312bcab5e20598a4ad.000000d4.honggfuzz.cov b/examples/bind/corpus/b7ea36631f0175312bcab5e20598a4ad.000000d4.honggfuzz.cov deleted file mode 100644 index fa79cb71..00000000 Binary files a/examples/bind/corpus/b7ea36631f0175312bcab5e20598a4ad.000000d4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b8048437123d108f8d8c5a4306bdf67d.000014ec.honggfuzz.cov b/examples/bind/corpus/b8048437123d108f8d8c5a4306bdf67d.000014ec.honggfuzz.cov deleted file mode 100644 index b78cfa59..00000000 Binary files a/examples/bind/corpus/b8048437123d108f8d8c5a4306bdf67d.000014ec.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b815f3b1eecaba25d984bcdc9b67301d.00000085.honggfuzz.cov b/examples/bind/corpus/b815f3b1eecaba25d984bcdc9b67301d.00000085.honggfuzz.cov deleted file mode 100644 index 12eabafd..00000000 Binary files a/examples/bind/corpus/b815f3b1eecaba25d984bcdc9b67301d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b871575e57440b789251a6c2a5c0966b.000006eb.honggfuzz.cov b/examples/bind/corpus/b871575e57440b789251a6c2a5c0966b.000006eb.honggfuzz.cov deleted file mode 100644 index f84329b2..00000000 Binary files a/examples/bind/corpus/b871575e57440b789251a6c2a5c0966b.000006eb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b87c236eb492e7051966bf64e2da088b.0000015a.honggfuzz.cov b/examples/bind/corpus/b87c236eb492e7051966bf64e2da088b.0000015a.honggfuzz.cov deleted file mode 100644 index 59ec02ea..00000000 Binary files a/examples/bind/corpus/b87c236eb492e7051966bf64e2da088b.0000015a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b87e2cacf554166d093f892756c00c35.00000085.honggfuzz.cov b/examples/bind/corpus/b87e2cacf554166d093f892756c00c35.00000085.honggfuzz.cov deleted file mode 100644 index 96c0b88a..00000000 Binary files a/examples/bind/corpus/b87e2cacf554166d093f892756c00c35.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b886acb9f9fd7123ee288a663f5a1438.00000400.honggfuzz.cov b/examples/bind/corpus/b886acb9f9fd7123ee288a663f5a1438.00000400.honggfuzz.cov deleted file mode 100644 index 86c0d3ca..00000000 Binary files a/examples/bind/corpus/b886acb9f9fd7123ee288a663f5a1438.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b89f332980e9ac8962057405a5b84e9d.000006c8.honggfuzz.cov b/examples/bind/corpus/b89f332980e9ac8962057405a5b84e9d.000006c8.honggfuzz.cov new file mode 100644 index 00000000..a87ee2a0 Binary files /dev/null and b/examples/bind/corpus/b89f332980e9ac8962057405a5b84e9d.000006c8.honggfuzz.cov differ diff --git a/examples/bind/corpus/b8af77de4d642c4cbb6c4a04176514a4.000002c4.honggfuzz.cov b/examples/bind/corpus/b8af77de4d642c4cbb6c4a04176514a4.000002c4.honggfuzz.cov deleted file mode 100644 index 6a75b619..00000000 Binary files a/examples/bind/corpus/b8af77de4d642c4cbb6c4a04176514a4.000002c4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b8b26f075be845f512257856f2c43f35.00000029.honggfuzz.cov b/examples/bind/corpus/b8b26f075be845f512257856f2c43f35.00000029.honggfuzz.cov new file mode 100644 index 00000000..2f5b5845 Binary files /dev/null and b/examples/bind/corpus/b8b26f075be845f512257856f2c43f35.00000029.honggfuzz.cov differ diff --git a/examples/bind/corpus/b8c2073e8601e77c399560924663837a.00000085.honggfuzz.cov b/examples/bind/corpus/b8c2073e8601e77c399560924663837a.00000085.honggfuzz.cov deleted file mode 100644 index 3d6882b2..00000000 Binary files a/examples/bind/corpus/b8c2073e8601e77c399560924663837a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b8d5ac7425b22b8b1e5df5963968df05.00000080.honggfuzz.cov b/examples/bind/corpus/b8d5ac7425b22b8b1e5df5963968df05.00000080.honggfuzz.cov deleted file mode 100644 index bf9e8594..00000000 Binary files a/examples/bind/corpus/b8d5ac7425b22b8b1e5df5963968df05.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b8d7cb4de8cc39570b8461ee86bcbb67.00000138.honggfuzz.cov b/examples/bind/corpus/b8d7cb4de8cc39570b8461ee86bcbb67.00000138.honggfuzz.cov new file mode 100644 index 00000000..2cc6a1b2 Binary files /dev/null and b/examples/bind/corpus/b8d7cb4de8cc39570b8461ee86bcbb67.00000138.honggfuzz.cov differ diff --git a/examples/bind/corpus/b8dfffce899a7a063a600962cb273699.000001ed.honggfuzz.cov b/examples/bind/corpus/b8dfffce899a7a063a600962cb273699.000001ed.honggfuzz.cov new file mode 100644 index 00000000..2dc5b556 Binary files /dev/null and b/examples/bind/corpus/b8dfffce899a7a063a600962cb273699.000001ed.honggfuzz.cov differ diff --git a/examples/bind/corpus/b8e71cd7ff4037f0b0227895773cc814.00000029.honggfuzz.cov b/examples/bind/corpus/b8e71cd7ff4037f0b0227895773cc814.00000029.honggfuzz.cov new file mode 100644 index 00000000..76d54967 Binary files /dev/null and b/examples/bind/corpus/b8e71cd7ff4037f0b0227895773cc814.00000029.honggfuzz.cov differ diff --git a/examples/bind/corpus/b8f9f7a4b691745ab6d8df74c68e4779.00004236.honggfuzz.cov b/examples/bind/corpus/b8f9f7a4b691745ab6d8df74c68e4779.00004236.honggfuzz.cov deleted file mode 100644 index 3173c36e..00000000 Binary files a/examples/bind/corpus/b8f9f7a4b691745ab6d8df74c68e4779.00004236.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b8fdb7cdcdd0ae60b0227895e7acd30f.00000029.honggfuzz.cov b/examples/bind/corpus/b8fdb7cdcdd0ae60b0227895e7acd30f.00000029.honggfuzz.cov deleted file mode 100644 index 8228966f..00000000 Binary files a/examples/bind/corpus/b8fdb7cdcdd0ae60b0227895e7acd30f.00000029.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b924d2c7dd2049103115ee638b068251.00000032.honggfuzz.cov b/examples/bind/corpus/b924d2c7dd2049103115ee638b068251.00000032.honggfuzz.cov new file mode 100644 index 00000000..562ebf5f Binary files /dev/null and b/examples/bind/corpus/b924d2c7dd2049103115ee638b068251.00000032.honggfuzz.cov differ diff --git a/examples/bind/corpus/b9301819f0da19a1b5dde1182a0f662e.000000c0.honggfuzz.cov b/examples/bind/corpus/b9301819f0da19a1b5dde1182a0f662e.000000c0.honggfuzz.cov deleted file mode 100644 index b7feb496..00000000 Binary files a/examples/bind/corpus/b9301819f0da19a1b5dde1182a0f662e.000000c0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b95ab1eaeb2f50bdf1faf168cbb6ee93.00000214.honggfuzz.cov b/examples/bind/corpus/b95ab1eaeb2f50bdf1faf168cbb6ee93.00000214.honggfuzz.cov deleted file mode 100644 index 1bd91fe2..00000000 Binary files a/examples/bind/corpus/b95ab1eaeb2f50bdf1faf168cbb6ee93.00000214.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b970cb8ed475b450dd29702a60be6392.00005407.honggfuzz.cov b/examples/bind/corpus/b970cb8ed475b450dd29702a60be6392.00005407.honggfuzz.cov deleted file mode 100644 index b2d4745a..00000000 Binary files a/examples/bind/corpus/b970cb8ed475b450dd29702a60be6392.00005407.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b973c0af68f5f897982cfed4a3361715.00000094.honggfuzz.cov b/examples/bind/corpus/b973c0af68f5f897982cfed4a3361715.00000094.honggfuzz.cov deleted file mode 100644 index b107a1c4..00000000 Binary files a/examples/bind/corpus/b973c0af68f5f897982cfed4a3361715.00000094.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b99564427d6298091371d60dd1680520.0000005a.honggfuzz.cov b/examples/bind/corpus/b99564427d6298091371d60dd1680520.0000005a.honggfuzz.cov new file mode 100644 index 00000000..0ed8c9e5 Binary files /dev/null and b/examples/bind/corpus/b99564427d6298091371d60dd1680520.0000005a.honggfuzz.cov differ diff --git a/examples/bind/corpus/b99ae5a819d5c793b38869dd73554d25.000002a2.honggfuzz.cov b/examples/bind/corpus/b99ae5a819d5c793b38869dd73554d25.000002a2.honggfuzz.cov deleted file mode 100644 index e78249be..00000000 Binary files a/examples/bind/corpus/b99ae5a819d5c793b38869dd73554d25.000002a2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b99b5265e0ecc69da9848641d5f2cbe6.00000080.honggfuzz.cov b/examples/bind/corpus/b99b5265e0ecc69da9848641d5f2cbe6.00000080.honggfuzz.cov deleted file mode 100644 index 2c468902..00000000 Binary files a/examples/bind/corpus/b99b5265e0ecc69da9848641d5f2cbe6.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b99c558c9a228c4d1aace64d5c2bc9b5.0000019a.honggfuzz.cov b/examples/bind/corpus/b99c558c9a228c4d1aace64d5c2bc9b5.0000019a.honggfuzz.cov deleted file mode 100644 index 51e47f93..00000000 Binary files a/examples/bind/corpus/b99c558c9a228c4d1aace64d5c2bc9b5.0000019a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b9e46c2349759c8bdcc18db8a36dba79.00000085.honggfuzz.cov b/examples/bind/corpus/b9e46c2349759c8bdcc18db8a36dba79.00000085.honggfuzz.cov deleted file mode 100644 index 90ed35e7..00000000 Binary files a/examples/bind/corpus/b9e46c2349759c8bdcc18db8a36dba79.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b9e7ea29cd44532f9b266092aaa21f9e.000000f9.honggfuzz.cov b/examples/bind/corpus/b9e7ea29cd44532f9b266092aaa21f9e.000000f9.honggfuzz.cov deleted file mode 100644 index 7a0ce148..00000000 Binary files a/examples/bind/corpus/b9e7ea29cd44532f9b266092aaa21f9e.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b9e8126414bf4dd5b92cb9e24fa8dcac.0003f787.honggfuzz.cov b/examples/bind/corpus/b9e8126414bf4dd5b92cb9e24fa8dcac.0003f787.honggfuzz.cov deleted file mode 100644 index 1020eb10..00000000 Binary files a/examples/bind/corpus/b9e8126414bf4dd5b92cb9e24fa8dcac.0003f787.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/b9f1160a6ecd923f4fae6e46b6f68767.0000387b.honggfuzz.cov b/examples/bind/corpus/b9f1160a6ecd923f4fae6e46b6f68767.0000387b.honggfuzz.cov deleted file mode 100644 index ddd5bc73..00000000 Binary files a/examples/bind/corpus/b9f1160a6ecd923f4fae6e46b6f68767.0000387b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ba12284e2b50372256539529a73575d2.000000b6.honggfuzz.cov b/examples/bind/corpus/ba12284e2b50372256539529a73575d2.000000b6.honggfuzz.cov deleted file mode 100644 index 20fd2398..00000000 Binary files a/examples/bind/corpus/ba12284e2b50372256539529a73575d2.000000b6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ba23a94ec9d285b3fe5fe8ef9b9398bf.00000085.honggfuzz.cov b/examples/bind/corpus/ba23a94ec9d285b3fe5fe8ef9b9398bf.00000085.honggfuzz.cov deleted file mode 100644 index 3bbb2c76..00000000 Binary files a/examples/bind/corpus/ba23a94ec9d285b3fe5fe8ef9b9398bf.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ba2c08423b74ba0803a1a5ff54049b01.00000fa5.honggfuzz.cov b/examples/bind/corpus/ba2c08423b74ba0803a1a5ff54049b01.00000fa5.honggfuzz.cov new file mode 100644 index 00000000..cdccc39f Binary files /dev/null and b/examples/bind/corpus/ba2c08423b74ba0803a1a5ff54049b01.00000fa5.honggfuzz.cov differ diff --git a/examples/bind/corpus/ba459306dc5df06723a747fc4a415779.00000085.honggfuzz.cov b/examples/bind/corpus/ba459306dc5df06723a747fc4a415779.00000085.honggfuzz.cov deleted file mode 100644 index 50ea5caf..00000000 Binary files a/examples/bind/corpus/ba459306dc5df06723a747fc4a415779.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ba4d07bd26221965693c48ed36c981e7.000003ab.honggfuzz.cov b/examples/bind/corpus/ba4d07bd26221965693c48ed36c981e7.000003ab.honggfuzz.cov deleted file mode 100644 index 5f530669..00000000 Binary files a/examples/bind/corpus/ba4d07bd26221965693c48ed36c981e7.000003ab.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ba5f93710af12364582ecd98b32a333e.00002eb9.honggfuzz.cov b/examples/bind/corpus/ba5f93710af12364582ecd98b32a333e.00002eb9.honggfuzz.cov deleted file mode 100644 index c51f3b08..00000000 Binary files a/examples/bind/corpus/ba5f93710af12364582ecd98b32a333e.00002eb9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ba67117bb1faeec934bbea5fbad2533e.00000174.honggfuzz.cov b/examples/bind/corpus/ba67117bb1faeec934bbea5fbad2533e.00000174.honggfuzz.cov deleted file mode 100644 index db035a8c..00000000 Binary files a/examples/bind/corpus/ba67117bb1faeec934bbea5fbad2533e.00000174.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ba6beb74c3bbe0a7d3c2822201766f1b.00000080.honggfuzz.cov b/examples/bind/corpus/ba6beb74c3bbe0a7d3c2822201766f1b.00000080.honggfuzz.cov deleted file mode 100644 index 098d0f31..00000000 Binary files a/examples/bind/corpus/ba6beb74c3bbe0a7d3c2822201766f1b.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ba7b8222943d7cb42c953a39c152ad05.0000030b.honggfuzz.cov b/examples/bind/corpus/ba7b8222943d7cb42c953a39c152ad05.0000030b.honggfuzz.cov deleted file mode 100644 index 5dc165df..00000000 Binary files a/examples/bind/corpus/ba7b8222943d7cb42c953a39c152ad05.0000030b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ba932c14172f1ed3cefe97e03399732d.00000085.honggfuzz.cov b/examples/bind/corpus/ba932c14172f1ed3cefe97e03399732d.00000085.honggfuzz.cov deleted file mode 100644 index 94fef293..00000000 Binary files a/examples/bind/corpus/ba932c14172f1ed3cefe97e03399732d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ba9835ff2ddb4d4554ed76460330bb7e.00000e87.honggfuzz.cov b/examples/bind/corpus/ba9835ff2ddb4d4554ed76460330bb7e.00000e87.honggfuzz.cov new file mode 100644 index 00000000..4b7602fb Binary files /dev/null and b/examples/bind/corpus/ba9835ff2ddb4d4554ed76460330bb7e.00000e87.honggfuzz.cov differ diff --git a/examples/bind/corpus/bab3ebc8edb731066cdd56e892f87ee0.00000400.honggfuzz.cov b/examples/bind/corpus/bab3ebc8edb731066cdd56e892f87ee0.00000400.honggfuzz.cov new file mode 100644 index 00000000..181a2489 Binary files /dev/null and b/examples/bind/corpus/bab3ebc8edb731066cdd56e892f87ee0.00000400.honggfuzz.cov differ diff --git a/examples/bind/corpus/babaa4167fca063aff5d78ef7cdf41f7.00000452.honggfuzz.cov b/examples/bind/corpus/babaa4167fca063aff5d78ef7cdf41f7.00000452.honggfuzz.cov deleted file mode 100644 index 7fe02a82..00000000 Binary files a/examples/bind/corpus/babaa4167fca063aff5d78ef7cdf41f7.00000452.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bac9d4757a86fa06d493c658d4fdc8d9.00000085.honggfuzz.cov b/examples/bind/corpus/bac9d4757a86fa06d493c658d4fdc8d9.00000085.honggfuzz.cov deleted file mode 100644 index 41011cfa..00000000 Binary files a/examples/bind/corpus/bac9d4757a86fa06d493c658d4fdc8d9.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bac9de06604954c868e4f02d8200d3fb.000157e9.honggfuzz.cov b/examples/bind/corpus/bac9de06604954c868e4f02d8200d3fb.000157e9.honggfuzz.cov deleted file mode 100644 index 4a1a36f3..00000000 Binary files a/examples/bind/corpus/bac9de06604954c868e4f02d8200d3fb.000157e9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bae0000000000000bae0000000000000.00000001.honggfuzz.cov b/examples/bind/corpus/bae0000000000000bae0000000000000.00000001.honggfuzz.cov deleted file mode 100644 index cd571f46..00000000 --- a/examples/bind/corpus/bae0000000000000bae0000000000000.00000001.honggfuzz.cov +++ /dev/null @@ -1 +0,0 @@ -Ê \ No newline at end of file diff --git a/examples/bind/corpus/baecbadd85c94ad4852f5b7749f1bb1f.000003ea.honggfuzz.cov b/examples/bind/corpus/baecbadd85c94ad4852f5b7749f1bb1f.000003ea.honggfuzz.cov new file mode 100644 index 00000000..62678eca Binary files /dev/null and b/examples/bind/corpus/baecbadd85c94ad4852f5b7749f1bb1f.000003ea.honggfuzz.cov differ diff --git a/examples/bind/corpus/baf2bef8ce7f4b9c5eb8edefdc28e547.00000050.honggfuzz.cov b/examples/bind/corpus/baf2bef8ce7f4b9c5eb8edefdc28e547.00000050.honggfuzz.cov deleted file mode 100644 index 7b8472ce..00000000 Binary files a/examples/bind/corpus/baf2bef8ce7f4b9c5eb8edefdc28e547.00000050.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bb02df19b1747fb54f59d9e7f08ab334.00000116.honggfuzz.cov b/examples/bind/corpus/bb02df19b1747fb54f59d9e7f08ab334.00000116.honggfuzz.cov deleted file mode 100644 index 82d4dd9e..00000000 Binary files a/examples/bind/corpus/bb02df19b1747fb54f59d9e7f08ab334.00000116.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bb15273b3b449360d4a4f326ad592cea.0001ce8d.honggfuzz.cov b/examples/bind/corpus/bb15273b3b449360d4a4f326ad592cea.0001ce8d.honggfuzz.cov new file mode 100644 index 00000000..71992687 Binary files /dev/null and b/examples/bind/corpus/bb15273b3b449360d4a4f326ad592cea.0001ce8d.honggfuzz.cov differ diff --git a/examples/bind/corpus/bb19fbeabf2d8c32f39f607c3872445f.00000085.honggfuzz.cov b/examples/bind/corpus/bb19fbeabf2d8c32f39f607c3872445f.00000085.honggfuzz.cov deleted file mode 100644 index 99e21d7e..00000000 Binary files a/examples/bind/corpus/bb19fbeabf2d8c32f39f607c3872445f.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bb2aaf34bdabdac41c0bf798cec20579.00000276.honggfuzz.cov b/examples/bind/corpus/bb2aaf34bdabdac41c0bf798cec20579.00000276.honggfuzz.cov deleted file mode 100644 index 8a9d8337..00000000 Binary files a/examples/bind/corpus/bb2aaf34bdabdac41c0bf798cec20579.00000276.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bb4ff69075e63d91a6c01ace6fd827a3.000004d7.honggfuzz.cov b/examples/bind/corpus/bb4ff69075e63d91a6c01ace6fd827a3.000004d7.honggfuzz.cov new file mode 100644 index 00000000..482c94ea Binary files /dev/null and b/examples/bind/corpus/bb4ff69075e63d91a6c01ace6fd827a3.000004d7.honggfuzz.cov differ diff --git a/examples/bind/corpus/bb5f1efe718730162c065082bd7d08c2.00000017.honggfuzz.cov b/examples/bind/corpus/bb5f1efe718730162c065082bd7d08c2.00000017.honggfuzz.cov new file mode 100644 index 00000000..5824c142 Binary files /dev/null and b/examples/bind/corpus/bb5f1efe718730162c065082bd7d08c2.00000017.honggfuzz.cov differ diff --git a/examples/bind/corpus/bb7107210393e5193fc2ddf3d13a923f.0000006c.honggfuzz.cov b/examples/bind/corpus/bb7107210393e5193fc2ddf3d13a923f.0000006c.honggfuzz.cov deleted file mode 100644 index 4a2b47bc..00000000 Binary files a/examples/bind/corpus/bb7107210393e5193fc2ddf3d13a923f.0000006c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bb7c1b00166a5eedb4d13e74118f3e28.000000b0.honggfuzz.cov b/examples/bind/corpus/bb7c1b00166a5eedb4d13e74118f3e28.000000b0.honggfuzz.cov new file mode 100644 index 00000000..720d1ba7 Binary files /dev/null and b/examples/bind/corpus/bb7c1b00166a5eedb4d13e74118f3e28.000000b0.honggfuzz.cov differ diff --git a/examples/bind/corpus/bb9d7a99b99b71db48d3f0202cdf3c3c.00000085.honggfuzz.cov b/examples/bind/corpus/bb9d7a99b99b71db48d3f0202cdf3c3c.00000085.honggfuzz.cov deleted file mode 100644 index 65623091..00000000 Binary files a/examples/bind/corpus/bb9d7a99b99b71db48d3f0202cdf3c3c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bba62db547a6351c6d062f433987b71a.0000025e.honggfuzz.cov b/examples/bind/corpus/bba62db547a6351c6d062f433987b71a.0000025e.honggfuzz.cov new file mode 100644 index 00000000..a62f4da8 Binary files /dev/null and b/examples/bind/corpus/bba62db547a6351c6d062f433987b71a.0000025e.honggfuzz.cov differ diff --git a/examples/bind/corpus/bba785a3d449b049814bcfe3690ba373.00000097.honggfuzz.cov b/examples/bind/corpus/bba785a3d449b049814bcfe3690ba373.00000097.honggfuzz.cov deleted file mode 100644 index 88449e0e..00000000 Binary files a/examples/bind/corpus/bba785a3d449b049814bcfe3690ba373.00000097.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bbbc7fd0687109d0b2cdcf8536e54ea8.0000002b.honggfuzz.cov b/examples/bind/corpus/bbbc7fd0687109d0b2cdcf8536e54ea8.0000002b.honggfuzz.cov new file mode 100644 index 00000000..9fc93ec3 Binary files /dev/null and b/examples/bind/corpus/bbbc7fd0687109d0b2cdcf8536e54ea8.0000002b.honggfuzz.cov differ diff --git a/examples/bind/corpus/bbbf4af6dd2035f67db2d730b8a507f9.00000e63.honggfuzz.cov b/examples/bind/corpus/bbbf4af6dd2035f67db2d730b8a507f9.00000e63.honggfuzz.cov deleted file mode 100644 index 1043fe34..00000000 Binary files a/examples/bind/corpus/bbbf4af6dd2035f67db2d730b8a507f9.00000e63.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bbea8bf2d76fd74c2969bf4af10da08d.00000187.honggfuzz.cov b/examples/bind/corpus/bbea8bf2d76fd74c2969bf4af10da08d.00000187.honggfuzz.cov new file mode 100644 index 00000000..b4abca48 Binary files /dev/null and b/examples/bind/corpus/bbea8bf2d76fd74c2969bf4af10da08d.00000187.honggfuzz.cov differ diff --git a/examples/bind/corpus/bbf36a5d9522e03be28930883b38adc2.00000085.honggfuzz.cov b/examples/bind/corpus/bbf36a5d9522e03be28930883b38adc2.00000085.honggfuzz.cov new file mode 100644 index 00000000..c5b5c6b9 Binary files /dev/null and b/examples/bind/corpus/bbf36a5d9522e03be28930883b38adc2.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/bc19ea41eaa98df4a66defed5ba55486.0001c2a7.honggfuzz.cov b/examples/bind/corpus/bc19ea41eaa98df4a66defed5ba55486.0001c2a7.honggfuzz.cov new file mode 100644 index 00000000..53964756 Binary files /dev/null and b/examples/bind/corpus/bc19ea41eaa98df4a66defed5ba55486.0001c2a7.honggfuzz.cov differ diff --git a/examples/bind/corpus/bc3d3a8e77544979e20ddfa85851216f.000006a8.honggfuzz.cov b/examples/bind/corpus/bc3d3a8e77544979e20ddfa85851216f.000006a8.honggfuzz.cov new file mode 100644 index 00000000..75cf5801 Binary files /dev/null and b/examples/bind/corpus/bc3d3a8e77544979e20ddfa85851216f.000006a8.honggfuzz.cov differ diff --git a/examples/bind/corpus/bc4388aa3dd8a33e8207984fe0392587.00000384.honggfuzz.cov b/examples/bind/corpus/bc4388aa3dd8a33e8207984fe0392587.00000384.honggfuzz.cov new file mode 100644 index 00000000..75b50bf5 Binary files /dev/null and b/examples/bind/corpus/bc4388aa3dd8a33e8207984fe0392587.00000384.honggfuzz.cov differ diff --git a/examples/bind/corpus/bc4a68979db7f7b89acfc9afec4aa111.00000063.honggfuzz.cov b/examples/bind/corpus/bc4a68979db7f7b89acfc9afec4aa111.00000063.honggfuzz.cov deleted file mode 100644 index f420e9fd..00000000 Binary files a/examples/bind/corpus/bc4a68979db7f7b89acfc9afec4aa111.00000063.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bc5c317b044b91671e95c0d33bc6c054.00000080.honggfuzz.cov b/examples/bind/corpus/bc5c317b044b91671e95c0d33bc6c054.00000080.honggfuzz.cov deleted file mode 100644 index 20856ff9..00000000 Binary files a/examples/bind/corpus/bc5c317b044b91671e95c0d33bc6c054.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bc912c36715c16f839818daa263e2630.0005fc5b.honggfuzz.cov b/examples/bind/corpus/bc912c36715c16f839818daa263e2630.0005fc5b.honggfuzz.cov deleted file mode 100644 index 9b22b945..00000000 Binary files a/examples/bind/corpus/bc912c36715c16f839818daa263e2630.0005fc5b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bc9fbaa4c6885edb4ff91255e242803f.0001153e.honggfuzz.cov b/examples/bind/corpus/bc9fbaa4c6885edb4ff91255e242803f.0001153e.honggfuzz.cov deleted file mode 100644 index 72933ef2..00000000 Binary files a/examples/bind/corpus/bc9fbaa4c6885edb4ff91255e242803f.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bcb42b1d3169311bdee580f20d56fea4.0000666c.honggfuzz.cov b/examples/bind/corpus/bcb42b1d3169311bdee580f20d56fea4.0000666c.honggfuzz.cov new file mode 100644 index 00000000..8b224c59 Binary files /dev/null and b/examples/bind/corpus/bcb42b1d3169311bdee580f20d56fea4.0000666c.honggfuzz.cov differ diff --git a/examples/bind/corpus/bcbeecc195f05554b02a12dbb2740065.000000a3.honggfuzz.cov b/examples/bind/corpus/bcbeecc195f05554b02a12dbb2740065.000000a3.honggfuzz.cov deleted file mode 100644 index 2ad7b21e..00000000 Binary files a/examples/bind/corpus/bcbeecc195f05554b02a12dbb2740065.000000a3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bcf1f177e4c32a218e0fbff7f742660c.0000018a.honggfuzz.cov b/examples/bind/corpus/bcf1f177e4c32a218e0fbff7f742660c.0000018a.honggfuzz.cov new file mode 100644 index 00000000..3ad47c0f Binary files /dev/null and b/examples/bind/corpus/bcf1f177e4c32a218e0fbff7f742660c.0000018a.honggfuzz.cov differ diff --git a/examples/bind/corpus/bcfdd5dcebe97649bd5386b3d65a04c5.00000787.honggfuzz.cov b/examples/bind/corpus/bcfdd5dcebe97649bd5386b3d65a04c5.00000787.honggfuzz.cov new file mode 100644 index 00000000..56ba84f0 Binary files /dev/null and b/examples/bind/corpus/bcfdd5dcebe97649bd5386b3d65a04c5.00000787.honggfuzz.cov differ diff --git a/examples/bind/corpus/bd234fce6ae5181dc38d14f0c5ab0fb3.00000085.honggfuzz.cov b/examples/bind/corpus/bd234fce6ae5181dc38d14f0c5ab0fb3.00000085.honggfuzz.cov deleted file mode 100644 index bfb3cf42..00000000 Binary files a/examples/bind/corpus/bd234fce6ae5181dc38d14f0c5ab0fb3.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bd277ddfbbb8516fd6549e72ca6746dd.00000169.honggfuzz.cov b/examples/bind/corpus/bd277ddfbbb8516fd6549e72ca6746dd.00000169.honggfuzz.cov new file mode 100644 index 00000000..d7951b57 Binary files /dev/null and b/examples/bind/corpus/bd277ddfbbb8516fd6549e72ca6746dd.00000169.honggfuzz.cov differ diff --git a/examples/bind/corpus/bd4e4da86c91f1946c30a58ecdab6677.00000905.honggfuzz.cov b/examples/bind/corpus/bd4e4da86c91f1946c30a58ecdab6677.00000905.honggfuzz.cov deleted file mode 100644 index 8db90bab..00000000 Binary files a/examples/bind/corpus/bd4e4da86c91f1946c30a58ecdab6677.00000905.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bd5aaa480e1a9a8d70385c4eb3eaba9e.00000029.honggfuzz.cov b/examples/bind/corpus/bd5aaa480e1a9a8d70385c4eb3eaba9e.00000029.honggfuzz.cov deleted file mode 100644 index 78cf6ac8..00000000 Binary files a/examples/bind/corpus/bd5aaa480e1a9a8d70385c4eb3eaba9e.00000029.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bd8686d68ce794bde6e8ae83975a79ce.00000020.honggfuzz.cov b/examples/bind/corpus/bd8686d68ce794bde6e8ae83975a79ce.00000020.honggfuzz.cov new file mode 100644 index 00000000..fdf139fa Binary files /dev/null and b/examples/bind/corpus/bd8686d68ce794bde6e8ae83975a79ce.00000020.honggfuzz.cov differ diff --git a/examples/bind/corpus/bd968640fdf5c2da69fa6b3ad27a03dc.00000442.honggfuzz.cov b/examples/bind/corpus/bd968640fdf5c2da69fa6b3ad27a03dc.00000442.honggfuzz.cov new file mode 100644 index 00000000..c5bedaf6 Binary files /dev/null and b/examples/bind/corpus/bd968640fdf5c2da69fa6b3ad27a03dc.00000442.honggfuzz.cov differ diff --git a/examples/bind/corpus/bdc2b369fc2ebbe0e891b890e54c3e8e.00000012.honggfuzz.cov b/examples/bind/corpus/bdc2b369fc2ebbe0e891b890e54c3e8e.00000012.honggfuzz.cov new file mode 100644 index 00000000..3a990c4c Binary files /dev/null and b/examples/bind/corpus/bdc2b369fc2ebbe0e891b890e54c3e8e.00000012.honggfuzz.cov differ diff --git a/examples/bind/corpus/be00b299c90fb415145d572b831ee917.00000085.honggfuzz.cov b/examples/bind/corpus/be00b299c90fb415145d572b831ee917.00000085.honggfuzz.cov new file mode 100644 index 00000000..a61b58f9 Binary files /dev/null and b/examples/bind/corpus/be00b299c90fb415145d572b831ee917.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/be1070d8646dff614a72ec4832b6940a.0000002f.honggfuzz.cov b/examples/bind/corpus/be1070d8646dff614a72ec4832b6940a.0000002f.honggfuzz.cov new file mode 100644 index 00000000..04b93ebb Binary files /dev/null and b/examples/bind/corpus/be1070d8646dff614a72ec4832b6940a.0000002f.honggfuzz.cov differ diff --git a/examples/bind/corpus/be141a7de373a3a75eea84e0f9207472.000069de.honggfuzz.cov b/examples/bind/corpus/be141a7de373a3a75eea84e0f9207472.000069de.honggfuzz.cov new file mode 100644 index 00000000..461c183d Binary files /dev/null and b/examples/bind/corpus/be141a7de373a3a75eea84e0f9207472.000069de.honggfuzz.cov differ diff --git a/examples/bind/corpus/be23fcf365e1f5ad5ca9728da8b05884.00000086.honggfuzz.cov b/examples/bind/corpus/be23fcf365e1f5ad5ca9728da8b05884.00000086.honggfuzz.cov deleted file mode 100644 index 77f1dc5b..00000000 Binary files a/examples/bind/corpus/be23fcf365e1f5ad5ca9728da8b05884.00000086.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/be638478253eb58302b2cc6c1fd1cf46.00000126.honggfuzz.cov b/examples/bind/corpus/be638478253eb58302b2cc6c1fd1cf46.00000126.honggfuzz.cov new file mode 100644 index 00000000..85205152 Binary files /dev/null and b/examples/bind/corpus/be638478253eb58302b2cc6c1fd1cf46.00000126.honggfuzz.cov differ diff --git a/examples/bind/corpus/be64d930b10ce086d0d9a3e1ba8ed958.00000244.honggfuzz.cov b/examples/bind/corpus/be64d930b10ce086d0d9a3e1ba8ed958.00000244.honggfuzz.cov new file mode 100644 index 00000000..8cbe0331 Binary files /dev/null and b/examples/bind/corpus/be64d930b10ce086d0d9a3e1ba8ed958.00000244.honggfuzz.cov differ diff --git a/examples/bind/corpus/be6cf4fe301c6be6668e19d08d812a98.00001c13.honggfuzz.cov b/examples/bind/corpus/be6cf4fe301c6be6668e19d08d812a98.00001c13.honggfuzz.cov new file mode 100644 index 00000000..9ec52c8f Binary files /dev/null and b/examples/bind/corpus/be6cf4fe301c6be6668e19d08d812a98.00001c13.honggfuzz.cov differ diff --git a/examples/bind/corpus/be77595706034c8f656e5b3ffb7884bb.00000085.honggfuzz.cov b/examples/bind/corpus/be77595706034c8f656e5b3ffb7884bb.00000085.honggfuzz.cov deleted file mode 100644 index 59ade49a..00000000 Binary files a/examples/bind/corpus/be77595706034c8f656e5b3ffb7884bb.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/be8da8fe826d791974d0f71bac881587.00000265.honggfuzz.cov b/examples/bind/corpus/be8da8fe826d791974d0f71bac881587.00000265.honggfuzz.cov new file mode 100644 index 00000000..5bb5988d Binary files /dev/null and b/examples/bind/corpus/be8da8fe826d791974d0f71bac881587.00000265.honggfuzz.cov differ diff --git a/examples/bind/corpus/be9278dd9222a3840c41880f9a793914.00001121.honggfuzz.cov b/examples/bind/corpus/be9278dd9222a3840c41880f9a793914.00001121.honggfuzz.cov deleted file mode 100644 index 2e8033a0..00000000 Binary files a/examples/bind/corpus/be9278dd9222a3840c41880f9a793914.00001121.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bea0a9e552e8419e64cabdbe597192fc.00016ced.honggfuzz.cov b/examples/bind/corpus/bea0a9e552e8419e64cabdbe597192fc.00016ced.honggfuzz.cov deleted file mode 100644 index 98c45cc7..00000000 Binary files a/examples/bind/corpus/bea0a9e552e8419e64cabdbe597192fc.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bec0d424feac7429a626145356274213.00019549.honggfuzz.cov b/examples/bind/corpus/bec0d424feac7429a626145356274213.00019549.honggfuzz.cov deleted file mode 100644 index 60260686..00000000 Binary files a/examples/bind/corpus/bec0d424feac7429a626145356274213.00019549.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bed72c7a700178b786d8a062c504a22b.00000049.honggfuzz.cov b/examples/bind/corpus/bed72c7a700178b786d8a062c504a22b.00000049.honggfuzz.cov new file mode 100644 index 00000000..81c13332 Binary files /dev/null and b/examples/bind/corpus/bed72c7a700178b786d8a062c504a22b.00000049.honggfuzz.cov differ diff --git a/examples/bind/corpus/bef1dc05f557bfe390143ea804378faf.000000f9.honggfuzz.cov b/examples/bind/corpus/bef1dc05f557bfe390143ea804378faf.000000f9.honggfuzz.cov deleted file mode 100644 index 91da8265..00000000 Binary files a/examples/bind/corpus/bef1dc05f557bfe390143ea804378faf.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bf06f259fd385157378d6a021707cf66.00000085.honggfuzz.cov b/examples/bind/corpus/bf06f259fd385157378d6a021707cf66.00000085.honggfuzz.cov deleted file mode 100644 index e6deb773..00000000 Binary files a/examples/bind/corpus/bf06f259fd385157378d6a021707cf66.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bf147275fabeefdc25d6e32021e3dc50.000000f9.honggfuzz.cov b/examples/bind/corpus/bf147275fabeefdc25d6e32021e3dc50.000000f9.honggfuzz.cov deleted file mode 100644 index ad8f8ce5..00000000 Binary files a/examples/bind/corpus/bf147275fabeefdc25d6e32021e3dc50.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bf2637db1d3e4430b5768d23fb543a03.0001f7e8.honggfuzz.cov b/examples/bind/corpus/bf2637db1d3e4430b5768d23fb543a03.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..5c52ade7 Binary files /dev/null and b/examples/bind/corpus/bf2637db1d3e4430b5768d23fb543a03.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/bf579856ab2d80415800ce3aff78a2f0.00000785.honggfuzz.cov b/examples/bind/corpus/bf579856ab2d80415800ce3aff78a2f0.00000785.honggfuzz.cov deleted file mode 100644 index 282513fe..00000000 Binary files a/examples/bind/corpus/bf579856ab2d80415800ce3aff78a2f0.00000785.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bf58fb1e76658909ed73a8739d683e45.00000182.honggfuzz.cov b/examples/bind/corpus/bf58fb1e76658909ed73a8739d683e45.00000182.honggfuzz.cov deleted file mode 100644 index c8fc0489..00000000 Binary files a/examples/bind/corpus/bf58fb1e76658909ed73a8739d683e45.00000182.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bf6eed20a74c224700252be57108031d.0000070e.honggfuzz.cov b/examples/bind/corpus/bf6eed20a74c224700252be57108031d.0000070e.honggfuzz.cov deleted file mode 100644 index dd32ab15..00000000 Binary files a/examples/bind/corpus/bf6eed20a74c224700252be57108031d.0000070e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bf80c110ff7c1070756a9b1974708e51.00000945.honggfuzz.cov b/examples/bind/corpus/bf80c110ff7c1070756a9b1974708e51.00000945.honggfuzz.cov new file mode 100644 index 00000000..e17a28ad Binary files /dev/null and b/examples/bind/corpus/bf80c110ff7c1070756a9b1974708e51.00000945.honggfuzz.cov differ diff --git a/examples/bind/corpus/bf86041696e9b49154173fdb4c179bb0.000101d0.honggfuzz.cov b/examples/bind/corpus/bf86041696e9b49154173fdb4c179bb0.000101d0.honggfuzz.cov new file mode 100644 index 00000000..c6709f91 Binary files /dev/null and b/examples/bind/corpus/bf86041696e9b49154173fdb4c179bb0.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/bfa1f70276651b8532a1d5609c790aa4.000012fb.honggfuzz.cov b/examples/bind/corpus/bfa1f70276651b8532a1d5609c790aa4.000012fb.honggfuzz.cov deleted file mode 100644 index da5e99cc..00000000 Binary files a/examples/bind/corpus/bfa1f70276651b8532a1d5609c790aa4.000012fb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bfadd9e894c65848b476e90838a9cdf0.00000143.honggfuzz.cov b/examples/bind/corpus/bfadd9e894c65848b476e90838a9cdf0.00000143.honggfuzz.cov deleted file mode 100644 index 7e87221d..00000000 Binary files a/examples/bind/corpus/bfadd9e894c65848b476e90838a9cdf0.00000143.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bfae2c9e254cc7d493cd9db6cba6c593.00000f03.honggfuzz.cov b/examples/bind/corpus/bfae2c9e254cc7d493cd9db6cba6c593.00000f03.honggfuzz.cov deleted file mode 100644 index adb67a3c..00000000 Binary files a/examples/bind/corpus/bfae2c9e254cc7d493cd9db6cba6c593.00000f03.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bfc05f996aaebc429eaf0526f2d879c9.00000085.honggfuzz.cov b/examples/bind/corpus/bfc05f996aaebc429eaf0526f2d879c9.00000085.honggfuzz.cov deleted file mode 100644 index f4cf3a12..00000000 Binary files a/examples/bind/corpus/bfc05f996aaebc429eaf0526f2d879c9.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bfe477eb8b2fb8ecb3e9bcd5e478d9aa.0000001b.honggfuzz.cov b/examples/bind/corpus/bfe477eb8b2fb8ecb3e9bcd5e478d9aa.0000001b.honggfuzz.cov new file mode 100644 index 00000000..835c346f Binary files /dev/null and b/examples/bind/corpus/bfe477eb8b2fb8ecb3e9bcd5e478d9aa.0000001b.honggfuzz.cov differ diff --git a/examples/bind/corpus/bfecf1657cfaf7897038d59d391215c7.0000df9c.honggfuzz.cov b/examples/bind/corpus/bfecf1657cfaf7897038d59d391215c7.0000df9c.honggfuzz.cov deleted file mode 100644 index 95744734..00000000 Binary files a/examples/bind/corpus/bfecf1657cfaf7897038d59d391215c7.0000df9c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/bff330ea6294204d532cb3e076623234.00000085.honggfuzz.cov b/examples/bind/corpus/bff330ea6294204d532cb3e076623234.00000085.honggfuzz.cov deleted file mode 100644 index 934331a0..00000000 Binary files a/examples/bind/corpus/bff330ea6294204d532cb3e076623234.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c0069a652033a60ce6a77d07229d1931.000025e7.honggfuzz.cov b/examples/bind/corpus/c0069a652033a60ce6a77d07229d1931.000025e7.honggfuzz.cov new file mode 100644 index 00000000..24bb5b48 Binary files /dev/null and b/examples/bind/corpus/c0069a652033a60ce6a77d07229d1931.000025e7.honggfuzz.cov differ diff --git a/examples/bind/corpus/c025f7ef719bb935257325328a8ee77d.00000085.honggfuzz.cov b/examples/bind/corpus/c025f7ef719bb935257325328a8ee77d.00000085.honggfuzz.cov deleted file mode 100644 index e871ae56..00000000 Binary files a/examples/bind/corpus/c025f7ef719bb935257325328a8ee77d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c02a9d525e9a7d2d8b7cb953c1a6a28b.000000f9.honggfuzz.cov b/examples/bind/corpus/c02a9d525e9a7d2d8b7cb953c1a6a28b.000000f9.honggfuzz.cov deleted file mode 100644 index 3655e45c..00000000 Binary files a/examples/bind/corpus/c02a9d525e9a7d2d8b7cb953c1a6a28b.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c02b548fe3ede4d1b25ec31bf7bab9e5.0000001a.honggfuzz.cov b/examples/bind/corpus/c02b548fe3ede4d1b25ec31bf7bab9e5.0000001a.honggfuzz.cov new file mode 100644 index 00000000..b8f5685b Binary files /dev/null and b/examples/bind/corpus/c02b548fe3ede4d1b25ec31bf7bab9e5.0000001a.honggfuzz.cov differ diff --git a/examples/bind/corpus/c03f25f9d9f8f99956db58a92514ee1e.000713ab.honggfuzz.cov b/examples/bind/corpus/c03f25f9d9f8f99956db58a92514ee1e.000713ab.honggfuzz.cov deleted file mode 100644 index 516e9436..00000000 Binary files a/examples/bind/corpus/c03f25f9d9f8f99956db58a92514ee1e.000713ab.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c046e205576369b03e044965fc08e25c.00000a03.honggfuzz.cov b/examples/bind/corpus/c046e205576369b03e044965fc08e25c.00000a03.honggfuzz.cov deleted file mode 100644 index 7096a217..00000000 Binary files a/examples/bind/corpus/c046e205576369b03e044965fc08e25c.00000a03.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c08f436dc16226e23b50115c6c3dc66b.00000df7.honggfuzz.cov b/examples/bind/corpus/c08f436dc16226e23b50115c6c3dc66b.00000df7.honggfuzz.cov deleted file mode 100644 index 6c444943..00000000 Binary files a/examples/bind/corpus/c08f436dc16226e23b50115c6c3dc66b.00000df7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c0a1af4cd2a993c18d8557b03c7e7236.000001e1.honggfuzz.cov b/examples/bind/corpus/c0a1af4cd2a993c18d8557b03c7e7236.000001e1.honggfuzz.cov deleted file mode 100644 index efe080c7..00000000 Binary files a/examples/bind/corpus/c0a1af4cd2a993c18d8557b03c7e7236.000001e1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c0a6407ba4e80ee733e5d15f12fe3a10.00006a67.honggfuzz.cov b/examples/bind/corpus/c0a6407ba4e80ee733e5d15f12fe3a10.00006a67.honggfuzz.cov deleted file mode 100644 index 852632ee..00000000 Binary files a/examples/bind/corpus/c0a6407ba4e80ee733e5d15f12fe3a10.00006a67.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c0a88f0359798c164d80783349bb42f9.000101d0.honggfuzz.cov b/examples/bind/corpus/c0a88f0359798c164d80783349bb42f9.000101d0.honggfuzz.cov new file mode 100644 index 00000000..9a8b9418 Binary files /dev/null and b/examples/bind/corpus/c0a88f0359798c164d80783349bb42f9.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/c0a8cc834e95e4e063963b0b3b93f1b4.00000116.honggfuzz.cov b/examples/bind/corpus/c0a8cc834e95e4e063963b0b3b93f1b4.00000116.honggfuzz.cov new file mode 100644 index 00000000..3bc90942 Binary files /dev/null and b/examples/bind/corpus/c0a8cc834e95e4e063963b0b3b93f1b4.00000116.honggfuzz.cov differ diff --git a/examples/bind/corpus/c0fcf9ae1554f02c8152b7030890d735.000000a2.honggfuzz.cov b/examples/bind/corpus/c0fcf9ae1554f02c8152b7030890d735.000000a2.honggfuzz.cov deleted file mode 100644 index d6fbbace..00000000 Binary files a/examples/bind/corpus/c0fcf9ae1554f02c8152b7030890d735.000000a2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c102a32d91d566e2845df795c7a91593.0000f1d1.honggfuzz.cov b/examples/bind/corpus/c102a32d91d566e2845df795c7a91593.0000f1d1.honggfuzz.cov deleted file mode 100644 index 02a486aa..00000000 Binary files a/examples/bind/corpus/c102a32d91d566e2845df795c7a91593.0000f1d1.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c1229449dfed25a2c018a4f9436e9ccd.00000048.honggfuzz.cov b/examples/bind/corpus/c1229449dfed25a2c018a4f9436e9ccd.00000048.honggfuzz.cov new file mode 100644 index 00000000..661ea290 Binary files /dev/null and b/examples/bind/corpus/c1229449dfed25a2c018a4f9436e9ccd.00000048.honggfuzz.cov differ diff --git a/examples/bind/corpus/c1397768a7e7d403e4771e2e39e09a85.0000009e.honggfuzz.cov b/examples/bind/corpus/c1397768a7e7d403e4771e2e39e09a85.0000009e.honggfuzz.cov new file mode 100644 index 00000000..ac40f6dd Binary files /dev/null and b/examples/bind/corpus/c1397768a7e7d403e4771e2e39e09a85.0000009e.honggfuzz.cov differ diff --git a/examples/bind/corpus/c1564dced5e2f9e6f652ff0edb68200d.00000808.honggfuzz.cov b/examples/bind/corpus/c1564dced5e2f9e6f652ff0edb68200d.00000808.honggfuzz.cov new file mode 100644 index 00000000..8d710e2b Binary files /dev/null and b/examples/bind/corpus/c1564dced5e2f9e6f652ff0edb68200d.00000808.honggfuzz.cov differ diff --git a/examples/bind/corpus/c15f1aa27b5a328900aa72826199cf00.000000be.honggfuzz.cov b/examples/bind/corpus/c15f1aa27b5a328900aa72826199cf00.000000be.honggfuzz.cov deleted file mode 100644 index 60c26052..00000000 Binary files a/examples/bind/corpus/c15f1aa27b5a328900aa72826199cf00.000000be.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c18e37d83f410e726241599fa5bc8868.00018619.honggfuzz.cov b/examples/bind/corpus/c18e37d83f410e726241599fa5bc8868.00018619.honggfuzz.cov deleted file mode 100644 index a1254e22..00000000 Binary files a/examples/bind/corpus/c18e37d83f410e726241599fa5bc8868.00018619.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c19bc015c73ae72bd6fee3a05cd9c766.0001fc7b.honggfuzz.cov b/examples/bind/corpus/c19bc015c73ae72bd6fee3a05cd9c766.0001fc7b.honggfuzz.cov deleted file mode 100644 index 330d04ec..00000000 Binary files a/examples/bind/corpus/c19bc015c73ae72bd6fee3a05cd9c766.0001fc7b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c1b4b405a7cf5bf5d805a54ee9ec4c15.00000085.honggfuzz.cov b/examples/bind/corpus/c1b4b405a7cf5bf5d805a54ee9ec4c15.00000085.honggfuzz.cov new file mode 100644 index 00000000..1fb625fc Binary files /dev/null and b/examples/bind/corpus/c1b4b405a7cf5bf5d805a54ee9ec4c15.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/c1ca45362da9cbd579d21b62e9d1f5cb.00000085.honggfuzz.cov b/examples/bind/corpus/c1ca45362da9cbd579d21b62e9d1f5cb.00000085.honggfuzz.cov deleted file mode 100644 index a546595b..00000000 Binary files a/examples/bind/corpus/c1ca45362da9cbd579d21b62e9d1f5cb.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c1d1cf4eff2fd51dd2c9ecf5bbc242c4.0000013c.honggfuzz.cov b/examples/bind/corpus/c1d1cf4eff2fd51dd2c9ecf5bbc242c4.0000013c.honggfuzz.cov deleted file mode 100644 index bd47214f..00000000 Binary files a/examples/bind/corpus/c1d1cf4eff2fd51dd2c9ecf5bbc242c4.0000013c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c1df8fc71463420beabac142e256f10c.00000085.honggfuzz.cov b/examples/bind/corpus/c1df8fc71463420beabac142e256f10c.00000085.honggfuzz.cov new file mode 100644 index 00000000..290d49ff Binary files /dev/null and b/examples/bind/corpus/c1df8fc71463420beabac142e256f10c.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/c2063b935edf887e01a5b0e172323f20.0001cd47.honggfuzz.cov b/examples/bind/corpus/c2063b935edf887e01a5b0e172323f20.0001cd47.honggfuzz.cov deleted file mode 100644 index 9ea48dcd..00000000 Binary files a/examples/bind/corpus/c2063b935edf887e01a5b0e172323f20.0001cd47.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c206c8341fa4c20a44aa6dcf34e34b0d.00000400.honggfuzz.cov b/examples/bind/corpus/c206c8341fa4c20a44aa6dcf34e34b0d.00000400.honggfuzz.cov deleted file mode 100644 index c4bdeaae..00000000 Binary files a/examples/bind/corpus/c206c8341fa4c20a44aa6dcf34e34b0d.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c22d13eb3a55fd7ee8f084aa76b01437.00001afe.honggfuzz.cov b/examples/bind/corpus/c22d13eb3a55fd7ee8f084aa76b01437.00001afe.honggfuzz.cov new file mode 100644 index 00000000..9bee49aa Binary files /dev/null and b/examples/bind/corpus/c22d13eb3a55fd7ee8f084aa76b01437.00001afe.honggfuzz.cov differ diff --git a/examples/bind/corpus/c25e725bdfcae86d9dced35a984687bc.00000331.honggfuzz.cov b/examples/bind/corpus/c25e725bdfcae86d9dced35a984687bc.00000331.honggfuzz.cov new file mode 100644 index 00000000..9bb22753 Binary files /dev/null and b/examples/bind/corpus/c25e725bdfcae86d9dced35a984687bc.00000331.honggfuzz.cov differ diff --git a/examples/bind/corpus/c2621c5b0fc39fe3cfede887ad5d1e56.00000124.honggfuzz.cov b/examples/bind/corpus/c2621c5b0fc39fe3cfede887ad5d1e56.00000124.honggfuzz.cov new file mode 100644 index 00000000..e72d56fb Binary files /dev/null and b/examples/bind/corpus/c2621c5b0fc39fe3cfede887ad5d1e56.00000124.honggfuzz.cov differ diff --git a/examples/bind/corpus/c264d02905604d6ebebec877e7481100.000000d4.honggfuzz.cov b/examples/bind/corpus/c264d02905604d6ebebec877e7481100.000000d4.honggfuzz.cov new file mode 100644 index 00000000..0b9169a3 Binary files /dev/null and b/examples/bind/corpus/c264d02905604d6ebebec877e7481100.000000d4.honggfuzz.cov differ diff --git a/examples/bind/corpus/c28c811ec8ae99d522d911423fa745d8.00000b04.honggfuzz.cov b/examples/bind/corpus/c28c811ec8ae99d522d911423fa745d8.00000b04.honggfuzz.cov new file mode 100644 index 00000000..192bd680 Binary files /dev/null and b/examples/bind/corpus/c28c811ec8ae99d522d911423fa745d8.00000b04.honggfuzz.cov differ diff --git a/examples/bind/corpus/c28ea6d71789e776b2919a38d5e3e519.0000017f.honggfuzz.cov b/examples/bind/corpus/c28ea6d71789e776b2919a38d5e3e519.0000017f.honggfuzz.cov new file mode 100644 index 00000000..8aeb767b Binary files /dev/null and b/examples/bind/corpus/c28ea6d71789e776b2919a38d5e3e519.0000017f.honggfuzz.cov differ diff --git a/examples/bind/corpus/c2987076237b357bfc4bae03cf514bc0.0000029e.honggfuzz.cov b/examples/bind/corpus/c2987076237b357bfc4bae03cf514bc0.0000029e.honggfuzz.cov deleted file mode 100644 index 95bb66e5..00000000 Binary files a/examples/bind/corpus/c2987076237b357bfc4bae03cf514bc0.0000029e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c2a5aaa06946f156fcd3fd56df2fbd82.00000040.honggfuzz.cov b/examples/bind/corpus/c2a5aaa06946f156fcd3fd56df2fbd82.00000040.honggfuzz.cov new file mode 100644 index 00000000..b43a3d98 Binary files /dev/null and b/examples/bind/corpus/c2a5aaa06946f156fcd3fd56df2fbd82.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/c2d43deb937a8a479118287b6c9806dc.00000048.honggfuzz.cov b/examples/bind/corpus/c2d43deb937a8a479118287b6c9806dc.00000048.honggfuzz.cov deleted file mode 100644 index 9b23d49b..00000000 Binary files a/examples/bind/corpus/c2d43deb937a8a479118287b6c9806dc.00000048.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c3190c516787ce48039c977da94ed904.00016ced.honggfuzz.cov b/examples/bind/corpus/c3190c516787ce48039c977da94ed904.00016ced.honggfuzz.cov deleted file mode 100644 index 62a350bb..00000000 Binary files a/examples/bind/corpus/c3190c516787ce48039c977da94ed904.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c321bd15f179dbbcd0c104f631e9a13a.00002000.honggfuzz.cov b/examples/bind/corpus/c321bd15f179dbbcd0c104f631e9a13a.00002000.honggfuzz.cov new file mode 100644 index 00000000..d4ce4c9f Binary files /dev/null and b/examples/bind/corpus/c321bd15f179dbbcd0c104f631e9a13a.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/c335450845b5de9803b32bde1e061aaa.0000737a.honggfuzz.cov b/examples/bind/corpus/c335450845b5de9803b32bde1e061aaa.0000737a.honggfuzz.cov deleted file mode 100644 index e50d026b..00000000 Binary files a/examples/bind/corpus/c335450845b5de9803b32bde1e061aaa.0000737a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c357ffbaff16c551c2a623910d6d3962.00000353.honggfuzz.cov b/examples/bind/corpus/c357ffbaff16c551c2a623910d6d3962.00000353.honggfuzz.cov new file mode 100644 index 00000000..4fa20538 Binary files /dev/null and b/examples/bind/corpus/c357ffbaff16c551c2a623910d6d3962.00000353.honggfuzz.cov differ diff --git a/examples/bind/corpus/c37dad6b04b158f8984d959423f6ee5b.000054bb.honggfuzz.cov b/examples/bind/corpus/c37dad6b04b158f8984d959423f6ee5b.000054bb.honggfuzz.cov deleted file mode 100644 index a68c49da..00000000 Binary files a/examples/bind/corpus/c37dad6b04b158f8984d959423f6ee5b.000054bb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c3b6dc7b69c9781a7d49f44ea92326d2.00000130.honggfuzz.cov b/examples/bind/corpus/c3b6dc7b69c9781a7d49f44ea92326d2.00000130.honggfuzz.cov deleted file mode 100644 index bebe7ba4..00000000 Binary files a/examples/bind/corpus/c3b6dc7b69c9781a7d49f44ea92326d2.00000130.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c3ddd0b0fdcbd54559bbcf5c237d5a4d.0000bd6c.honggfuzz.cov b/examples/bind/corpus/c3ddd0b0fdcbd54559bbcf5c237d5a4d.0000bd6c.honggfuzz.cov deleted file mode 100644 index fef54040..00000000 Binary files a/examples/bind/corpus/c3ddd0b0fdcbd54559bbcf5c237d5a4d.0000bd6c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c3e640d9e170ec695faade616e7bf696.0000003e.honggfuzz.cov b/examples/bind/corpus/c3e640d9e170ec695faade616e7bf696.0000003e.honggfuzz.cov deleted file mode 100644 index c9869d77..00000000 Binary files a/examples/bind/corpus/c3e640d9e170ec695faade616e7bf696.0000003e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c41404950dbfb2cac9091beb66f3e6e4.0000007e.honggfuzz.cov b/examples/bind/corpus/c41404950dbfb2cac9091beb66f3e6e4.0000007e.honggfuzz.cov deleted file mode 100644 index 27488a26..00000000 Binary files a/examples/bind/corpus/c41404950dbfb2cac9091beb66f3e6e4.0000007e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c415d50c3bf3277d0f54397e4443e31a.00000085.honggfuzz.cov b/examples/bind/corpus/c415d50c3bf3277d0f54397e4443e31a.00000085.honggfuzz.cov new file mode 100644 index 00000000..c933e9e1 Binary files /dev/null and b/examples/bind/corpus/c415d50c3bf3277d0f54397e4443e31a.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/c44949a4c538bd7575c0218d6ee3e7e6.00000ebf.honggfuzz.cov b/examples/bind/corpus/c44949a4c538bd7575c0218d6ee3e7e6.00000ebf.honggfuzz.cov new file mode 100644 index 00000000..373002cf Binary files /dev/null and b/examples/bind/corpus/c44949a4c538bd7575c0218d6ee3e7e6.00000ebf.honggfuzz.cov differ diff --git a/examples/bind/corpus/c4561ead84267952848c1ae65e722fbc.0001ef20.honggfuzz.cov b/examples/bind/corpus/c4561ead84267952848c1ae65e722fbc.0001ef20.honggfuzz.cov deleted file mode 100644 index e4c8e8b9..00000000 Binary files a/examples/bind/corpus/c4561ead84267952848c1ae65e722fbc.0001ef20.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c478bf849d2a1cd7be344f060cfed578.00000400.honggfuzz.cov b/examples/bind/corpus/c478bf849d2a1cd7be344f060cfed578.00000400.honggfuzz.cov new file mode 100644 index 00000000..bd4e396d Binary files /dev/null and b/examples/bind/corpus/c478bf849d2a1cd7be344f060cfed578.00000400.honggfuzz.cov differ diff --git a/examples/bind/corpus/c4a420e2dc12c527e7366b9f5c515221.00000040.honggfuzz.cov b/examples/bind/corpus/c4a420e2dc12c527e7366b9f5c515221.00000040.honggfuzz.cov new file mode 100644 index 00000000..8bac9889 Binary files /dev/null and b/examples/bind/corpus/c4a420e2dc12c527e7366b9f5c515221.00000040.honggfuzz.cov differ diff --git a/examples/bind/corpus/c4a4e0d33a86e8d91479a977a1b6da33.00000080.honggfuzz.cov b/examples/bind/corpus/c4a4e0d33a86e8d91479a977a1b6da33.00000080.honggfuzz.cov deleted file mode 100644 index a7512de7..00000000 Binary files a/examples/bind/corpus/c4a4e0d33a86e8d91479a977a1b6da33.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c4a7a77520df937063df715e186232e8.0000001c.honggfuzz.cov b/examples/bind/corpus/c4a7a77520df937063df715e186232e8.0000001c.honggfuzz.cov new file mode 100644 index 00000000..727134f6 Binary files /dev/null and b/examples/bind/corpus/c4a7a77520df937063df715e186232e8.0000001c.honggfuzz.cov differ diff --git a/examples/bind/corpus/c4e1d07fe50e1c660b67a8973c0feb7b.00000e87.honggfuzz.cov b/examples/bind/corpus/c4e1d07fe50e1c660b67a8973c0feb7b.00000e87.honggfuzz.cov deleted file mode 100644 index 2ad3c8ec..00000000 Binary files a/examples/bind/corpus/c4e1d07fe50e1c660b67a8973c0feb7b.00000e87.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c4eefcc8efdaae895222aac80f3e0564.00014d82.honggfuzz.cov b/examples/bind/corpus/c4eefcc8efdaae895222aac80f3e0564.00014d82.honggfuzz.cov new file mode 100644 index 00000000..d3674c3e Binary files /dev/null and b/examples/bind/corpus/c4eefcc8efdaae895222aac80f3e0564.00014d82.honggfuzz.cov differ diff --git a/examples/bind/corpus/c518bd17f07ee2a00e0e05bcdfdf3218.00000200.honggfuzz.cov b/examples/bind/corpus/c518bd17f07ee2a00e0e05bcdfdf3218.00000200.honggfuzz.cov new file mode 100644 index 00000000..6b150f0d Binary files /dev/null and b/examples/bind/corpus/c518bd17f07ee2a00e0e05bcdfdf3218.00000200.honggfuzz.cov differ diff --git a/examples/bind/corpus/c51e62ee88ce22f7b01424a49fdc3539.00002000.honggfuzz.cov b/examples/bind/corpus/c51e62ee88ce22f7b01424a49fdc3539.00002000.honggfuzz.cov new file mode 100644 index 00000000..1a937b97 Binary files /dev/null and b/examples/bind/corpus/c51e62ee88ce22f7b01424a49fdc3539.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/c53901314ca010438980fb48c134b702.000101d0.honggfuzz.cov b/examples/bind/corpus/c53901314ca010438980fb48c134b702.000101d0.honggfuzz.cov new file mode 100644 index 00000000..6144ddb6 Binary files /dev/null and b/examples/bind/corpus/c53901314ca010438980fb48c134b702.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/c547ca52730916005263b0ef8f86035a.0000024d.honggfuzz.cov b/examples/bind/corpus/c547ca52730916005263b0ef8f86035a.0000024d.honggfuzz.cov new file mode 100644 index 00000000..3872aad4 Binary files /dev/null and b/examples/bind/corpus/c547ca52730916005263b0ef8f86035a.0000024d.honggfuzz.cov differ diff --git a/examples/bind/corpus/c5492f0fb4529d247fd1aac37a6bd8ce.000001cf.honggfuzz.cov b/examples/bind/corpus/c5492f0fb4529d247fd1aac37a6bd8ce.000001cf.honggfuzz.cov deleted file mode 100644 index 3a211879..00000000 Binary files a/examples/bind/corpus/c5492f0fb4529d247fd1aac37a6bd8ce.000001cf.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c54ea1088e989198d5d540e96b4931df.00000063.honggfuzz.cov b/examples/bind/corpus/c54ea1088e989198d5d540e96b4931df.00000063.honggfuzz.cov new file mode 100644 index 00000000..f60ace40 Binary files /dev/null and b/examples/bind/corpus/c54ea1088e989198d5d540e96b4931df.00000063.honggfuzz.cov differ diff --git a/examples/bind/corpus/c5591663aba5d4b94383caafcd1ed211.0000005c.honggfuzz.cov b/examples/bind/corpus/c5591663aba5d4b94383caafcd1ed211.0000005c.honggfuzz.cov new file mode 100644 index 00000000..ece85cd8 Binary files /dev/null and b/examples/bind/corpus/c5591663aba5d4b94383caafcd1ed211.0000005c.honggfuzz.cov differ diff --git a/examples/bind/corpus/c55a5808cf857f03585b890918735b3c.0000a15f.honggfuzz.cov b/examples/bind/corpus/c55a5808cf857f03585b890918735b3c.0000a15f.honggfuzz.cov deleted file mode 100644 index 0689dea5..00000000 Binary files a/examples/bind/corpus/c55a5808cf857f03585b890918735b3c.0000a15f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c576e544304291c1767162bc40267b04.00000080.honggfuzz.cov b/examples/bind/corpus/c576e544304291c1767162bc40267b04.00000080.honggfuzz.cov new file mode 100644 index 00000000..ba2038d8 Binary files /dev/null and b/examples/bind/corpus/c576e544304291c1767162bc40267b04.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/c58f0a3e0afdbf376979c104088b5d8d.0000032d.honggfuzz.cov b/examples/bind/corpus/c58f0a3e0afdbf376979c104088b5d8d.0000032d.honggfuzz.cov new file mode 100644 index 00000000..e5a7d7f2 Binary files /dev/null and b/examples/bind/corpus/c58f0a3e0afdbf376979c104088b5d8d.0000032d.honggfuzz.cov differ diff --git a/examples/bind/corpus/c5959cdbf36d1e393f4e0bf1ec3ccc66.00000059.honggfuzz.cov b/examples/bind/corpus/c5959cdbf36d1e393f4e0bf1ec3ccc66.00000059.honggfuzz.cov deleted file mode 100644 index 102fe278..00000000 Binary files a/examples/bind/corpus/c5959cdbf36d1e393f4e0bf1ec3ccc66.00000059.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c59a167314303b4496549c276f855fe1.00000041.honggfuzz.cov b/examples/bind/corpus/c59a167314303b4496549c276f855fe1.00000041.honggfuzz.cov deleted file mode 100644 index 5f383005..00000000 Binary files a/examples/bind/corpus/c59a167314303b4496549c276f855fe1.00000041.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c59f526f154fd68905cb5ad209ae0dac.000101d0.honggfuzz.cov b/examples/bind/corpus/c59f526f154fd68905cb5ad209ae0dac.000101d0.honggfuzz.cov new file mode 100644 index 00000000..c454da48 Binary files /dev/null and b/examples/bind/corpus/c59f526f154fd68905cb5ad209ae0dac.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/c5c0000000000000c5c0000000000000.00000001.honggfuzz.cov b/examples/bind/corpus/c5c0000000000000c5c0000000000000.00000001.honggfuzz.cov new file mode 100644 index 00000000..16e45d39 --- /dev/null +++ b/examples/bind/corpus/c5c0000000000000c5c0000000000000.00000001.honggfuzz.cov @@ -0,0 +1 @@ +” \ No newline at end of file diff --git a/examples/bind/corpus/c5cd533a85f6487a6af280a7c7cdbb06.00000052.honggfuzz.cov b/examples/bind/corpus/c5cd533a85f6487a6af280a7c7cdbb06.00000052.honggfuzz.cov deleted file mode 100644 index 04101b2e..00000000 Binary files a/examples/bind/corpus/c5cd533a85f6487a6af280a7c7cdbb06.00000052.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c5e4eb691eae3c5642d72bdf1cfc2ef7.00000085.honggfuzz.cov b/examples/bind/corpus/c5e4eb691eae3c5642d72bdf1cfc2ef7.00000085.honggfuzz.cov deleted file mode 100644 index 8fa6a4b8..00000000 Binary files a/examples/bind/corpus/c5e4eb691eae3c5642d72bdf1cfc2ef7.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c605f51bab7b0fb0d396ed591eb9ac19.0000054f.honggfuzz.cov b/examples/bind/corpus/c605f51bab7b0fb0d396ed591eb9ac19.0000054f.honggfuzz.cov deleted file mode 100644 index 5d38280a..00000000 Binary files a/examples/bind/corpus/c605f51bab7b0fb0d396ed591eb9ac19.0000054f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c634f81c06e5d798823e5acd2827b20e.0000c77f.honggfuzz.cov b/examples/bind/corpus/c634f81c06e5d798823e5acd2827b20e.0000c77f.honggfuzz.cov new file mode 100644 index 00000000..1476d8f5 Binary files /dev/null and b/examples/bind/corpus/c634f81c06e5d798823e5acd2827b20e.0000c77f.honggfuzz.cov differ diff --git a/examples/bind/corpus/c635c0c4b3283539869b49f514cd4870.00000061.honggfuzz.cov b/examples/bind/corpus/c635c0c4b3283539869b49f514cd4870.00000061.honggfuzz.cov new file mode 100644 index 00000000..b187296e Binary files /dev/null and b/examples/bind/corpus/c635c0c4b3283539869b49f514cd4870.00000061.honggfuzz.cov differ diff --git a/examples/bind/corpus/c63cfa3a97a28ab92c4db520988aa28a.0000000c.honggfuzz.cov b/examples/bind/corpus/c63cfa3a97a28ab92c4db520988aa28a.0000000c.honggfuzz.cov deleted file mode 100644 index 577aa240..00000000 --- a/examples/bind/corpus/c63cfa3a97a28ab92c4db520988aa28a.0000000c.honggfuzz.cov +++ /dev/null @@ -1 +0,0 @@ -É‘oðîàîh¤Å \ No newline at end of file diff --git a/examples/bind/corpus/c65770b0ab4da4fa55409a3c8b2038dd.00000080.honggfuzz.cov b/examples/bind/corpus/c65770b0ab4da4fa55409a3c8b2038dd.00000080.honggfuzz.cov deleted file mode 100644 index bc3e84c0..00000000 Binary files a/examples/bind/corpus/c65770b0ab4da4fa55409a3c8b2038dd.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c6b0c5d3c66f9096b3e1d2e74957b4c5.0000005f.honggfuzz.cov b/examples/bind/corpus/c6b0c5d3c66f9096b3e1d2e74957b4c5.0000005f.honggfuzz.cov new file mode 100644 index 00000000..d855c218 Binary files /dev/null and b/examples/bind/corpus/c6b0c5d3c66f9096b3e1d2e74957b4c5.0000005f.honggfuzz.cov differ diff --git a/examples/bind/corpus/c6b73c0680d72bc8c32f5bb6783e7de5.00000085.honggfuzz.cov b/examples/bind/corpus/c6b73c0680d72bc8c32f5bb6783e7de5.00000085.honggfuzz.cov deleted file mode 100644 index 70d341e4..00000000 Binary files a/examples/bind/corpus/c6b73c0680d72bc8c32f5bb6783e7de5.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c6fae780425fb5123cb1950ebd02bf0b.0000cc97.honggfuzz.cov b/examples/bind/corpus/c6fae780425fb5123cb1950ebd02bf0b.0000cc97.honggfuzz.cov deleted file mode 100644 index ed64b144..00000000 Binary files a/examples/bind/corpus/c6fae780425fb5123cb1950ebd02bf0b.0000cc97.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c6ff4dce11682d9e08bede84b70b2905.000099b3.honggfuzz.cov b/examples/bind/corpus/c6ff4dce11682d9e08bede84b70b2905.000099b3.honggfuzz.cov new file mode 100644 index 00000000..76a15438 Binary files /dev/null and b/examples/bind/corpus/c6ff4dce11682d9e08bede84b70b2905.000099b3.honggfuzz.cov differ diff --git a/examples/bind/corpus/c7026f58ce2be1525efad2af1e894e3b.000000e4.honggfuzz.cov b/examples/bind/corpus/c7026f58ce2be1525efad2af1e894e3b.000000e4.honggfuzz.cov deleted file mode 100644 index 45de3137..00000000 Binary files a/examples/bind/corpus/c7026f58ce2be1525efad2af1e894e3b.000000e4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c75fbbeda1eb708000779d4d357ebe48.00000085.honggfuzz.cov b/examples/bind/corpus/c75fbbeda1eb708000779d4d357ebe48.00000085.honggfuzz.cov deleted file mode 100644 index 134c04ba..00000000 Binary files a/examples/bind/corpus/c75fbbeda1eb708000779d4d357ebe48.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c7703ace7a951745baf1e9527d8fc0ef.000000f9.honggfuzz.cov b/examples/bind/corpus/c7703ace7a951745baf1e9527d8fc0ef.000000f9.honggfuzz.cov deleted file mode 100644 index e6f68814..00000000 Binary files a/examples/bind/corpus/c7703ace7a951745baf1e9527d8fc0ef.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c7734fb2de90201c3d189c95a48708ba.0000008b.honggfuzz.cov b/examples/bind/corpus/c7734fb2de90201c3d189c95a48708ba.0000008b.honggfuzz.cov new file mode 100644 index 00000000..7b1d10a9 Binary files /dev/null and b/examples/bind/corpus/c7734fb2de90201c3d189c95a48708ba.0000008b.honggfuzz.cov differ diff --git a/examples/bind/corpus/c77f1607d2ab6f24204f9caf5cb3eb4f.00000062.honggfuzz.cov b/examples/bind/corpus/c77f1607d2ab6f24204f9caf5cb3eb4f.00000062.honggfuzz.cov deleted file mode 100644 index 1a46e765..00000000 Binary files a/examples/bind/corpus/c77f1607d2ab6f24204f9caf5cb3eb4f.00000062.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c7834a71eeae0e99a0c28f9d8caaf99f.00000bc4.honggfuzz.cov b/examples/bind/corpus/c7834a71eeae0e99a0c28f9d8caaf99f.00000bc4.honggfuzz.cov new file mode 100644 index 00000000..05c5ec36 Binary files /dev/null and b/examples/bind/corpus/c7834a71eeae0e99a0c28f9d8caaf99f.00000bc4.honggfuzz.cov differ diff --git a/examples/bind/corpus/c7a10397e9c64b0976fadbc77a4a609a.0000c791.honggfuzz.cov b/examples/bind/corpus/c7a10397e9c64b0976fadbc77a4a609a.0000c791.honggfuzz.cov deleted file mode 100644 index 36c0d32b..00000000 Binary files a/examples/bind/corpus/c7a10397e9c64b0976fadbc77a4a609a.0000c791.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c7a9f4f2797812a54aa10dfd1ed27fcb.00008ff8.honggfuzz.cov b/examples/bind/corpus/c7a9f4f2797812a54aa10dfd1ed27fcb.00008ff8.honggfuzz.cov deleted file mode 100644 index a071cc8e..00000000 Binary files a/examples/bind/corpus/c7a9f4f2797812a54aa10dfd1ed27fcb.00008ff8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c7ae2c69c030c1d8299c4ea90e916c0e.00000085.honggfuzz.cov b/examples/bind/corpus/c7ae2c69c030c1d8299c4ea90e916c0e.00000085.honggfuzz.cov new file mode 100644 index 00000000..b9ec74f7 Binary files /dev/null and b/examples/bind/corpus/c7ae2c69c030c1d8299c4ea90e916c0e.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/c7e3d3dbc6cbbe69b99c2be02cd801f1.00000085.honggfuzz.cov b/examples/bind/corpus/c7e3d3dbc6cbbe69b99c2be02cd801f1.00000085.honggfuzz.cov deleted file mode 100644 index f66fa3da..00000000 Binary files a/examples/bind/corpus/c7e3d3dbc6cbbe69b99c2be02cd801f1.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c7ee800a6841b9e01de4f47766c1c05d.00000085.honggfuzz.cov b/examples/bind/corpus/c7ee800a6841b9e01de4f47766c1c05d.00000085.honggfuzz.cov new file mode 100644 index 00000000..501e8bbe Binary files /dev/null and b/examples/bind/corpus/c7ee800a6841b9e01de4f47766c1c05d.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/c7f363a0800000007ed1d800000020a0.0000000a.honggfuzz.cov b/examples/bind/corpus/c7f363a0800000007ed1d800000020a0.0000000a.honggfuzz.cov new file mode 100644 index 00000000..99447ed9 Binary files /dev/null and b/examples/bind/corpus/c7f363a0800000007ed1d800000020a0.0000000a.honggfuzz.cov differ diff --git a/examples/bind/corpus/c7f8ebe7bdbaf68dc8ef33789624b451.00000c65.honggfuzz.cov b/examples/bind/corpus/c7f8ebe7bdbaf68dc8ef33789624b451.00000c65.honggfuzz.cov deleted file mode 100644 index f8af235f..00000000 Binary files a/examples/bind/corpus/c7f8ebe7bdbaf68dc8ef33789624b451.00000c65.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c85e35629f354651c2cbcb23f676600a.00000295.honggfuzz.cov b/examples/bind/corpus/c85e35629f354651c2cbcb23f676600a.00000295.honggfuzz.cov new file mode 100644 index 00000000..9081e415 Binary files /dev/null and b/examples/bind/corpus/c85e35629f354651c2cbcb23f676600a.00000295.honggfuzz.cov differ diff --git a/examples/bind/corpus/c85e6a772baddcc6f55cddff7b1ba28e.00000050.honggfuzz.cov b/examples/bind/corpus/c85e6a772baddcc6f55cddff7b1ba28e.00000050.honggfuzz.cov deleted file mode 100644 index 6756e10f..00000000 Binary files a/examples/bind/corpus/c85e6a772baddcc6f55cddff7b1ba28e.00000050.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c8631ed3fc2e3e6685f23400b0da6678.00001732.honggfuzz.cov b/examples/bind/corpus/c8631ed3fc2e3e6685f23400b0da6678.00001732.honggfuzz.cov deleted file mode 100644 index 2910b5af..00000000 Binary files a/examples/bind/corpus/c8631ed3fc2e3e6685f23400b0da6678.00001732.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c867c2f0d5dba19717a2669361cd5b2c.000000bc.honggfuzz.cov b/examples/bind/corpus/c867c2f0d5dba19717a2669361cd5b2c.000000bc.honggfuzz.cov new file mode 100644 index 00000000..c050afb2 Binary files /dev/null and b/examples/bind/corpus/c867c2f0d5dba19717a2669361cd5b2c.000000bc.honggfuzz.cov differ diff --git a/examples/bind/corpus/c878cbbf7ed4040fc45df855c1668736.00000691.honggfuzz.cov b/examples/bind/corpus/c878cbbf7ed4040fc45df855c1668736.00000691.honggfuzz.cov deleted file mode 100644 index 2b46083b..00000000 Binary files a/examples/bind/corpus/c878cbbf7ed4040fc45df855c1668736.00000691.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c87d165f2863bd6f6a55da93a903a88c.00000150.honggfuzz.cov b/examples/bind/corpus/c87d165f2863bd6f6a55da93a903a88c.00000150.honggfuzz.cov new file mode 100644 index 00000000..89484900 Binary files /dev/null and b/examples/bind/corpus/c87d165f2863bd6f6a55da93a903a88c.00000150.honggfuzz.cov differ diff --git a/examples/bind/corpus/c890497a36b413c1998b7e5e28445218.00007697.honggfuzz.cov b/examples/bind/corpus/c890497a36b413c1998b7e5e28445218.00007697.honggfuzz.cov new file mode 100644 index 00000000..5b87b60a Binary files /dev/null and b/examples/bind/corpus/c890497a36b413c1998b7e5e28445218.00007697.honggfuzz.cov differ diff --git a/examples/bind/corpus/c89d48e1e5e87968fdfc37d3e3352b91.0007819e.honggfuzz.cov b/examples/bind/corpus/c89d48e1e5e87968fdfc37d3e3352b91.0007819e.honggfuzz.cov deleted file mode 100644 index 936410d0..00000000 Binary files a/examples/bind/corpus/c89d48e1e5e87968fdfc37d3e3352b91.0007819e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c8be4dcc1b2e33daf1d5619d57f15fd3.00000032.honggfuzz.cov b/examples/bind/corpus/c8be4dcc1b2e33daf1d5619d57f15fd3.00000032.honggfuzz.cov new file mode 100644 index 00000000..a777150a Binary files /dev/null and b/examples/bind/corpus/c8be4dcc1b2e33daf1d5619d57f15fd3.00000032.honggfuzz.cov differ diff --git a/examples/bind/corpus/c914b603b64d9deb29f6ba7fa347fe56.00006cff.honggfuzz.cov b/examples/bind/corpus/c914b603b64d9deb29f6ba7fa347fe56.00006cff.honggfuzz.cov deleted file mode 100644 index 0161b8d8..00000000 Binary files a/examples/bind/corpus/c914b603b64d9deb29f6ba7fa347fe56.00006cff.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c920db4fca48e294d1d645095edf070b.00000080.honggfuzz.cov b/examples/bind/corpus/c920db4fca48e294d1d645095edf070b.00000080.honggfuzz.cov new file mode 100644 index 00000000..ef23a02b Binary files /dev/null and b/examples/bind/corpus/c920db4fca48e294d1d645095edf070b.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/c93aedea1c75401128275eb9b852b36e.000001cc.honggfuzz.cov b/examples/bind/corpus/c93aedea1c75401128275eb9b852b36e.000001cc.honggfuzz.cov deleted file mode 100644 index 9920ecbf..00000000 Binary files a/examples/bind/corpus/c93aedea1c75401128275eb9b852b36e.000001cc.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c93f0edc214bcce107fcd62fe72c1298.0001e46a.honggfuzz.cov b/examples/bind/corpus/c93f0edc214bcce107fcd62fe72c1298.0001e46a.honggfuzz.cov deleted file mode 100644 index 874d9700..00000000 Binary files a/examples/bind/corpus/c93f0edc214bcce107fcd62fe72c1298.0001e46a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c9561107327ace1b9aa83d2690de9876.000001d3.honggfuzz.cov b/examples/bind/corpus/c9561107327ace1b9aa83d2690de9876.000001d3.honggfuzz.cov deleted file mode 100644 index dc358a16..00000000 Binary files a/examples/bind/corpus/c9561107327ace1b9aa83d2690de9876.000001d3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c96551c86c37c97bc14aaadeb93ee00e.0000017b.honggfuzz.cov b/examples/bind/corpus/c96551c86c37c97bc14aaadeb93ee00e.0000017b.honggfuzz.cov new file mode 100644 index 00000000..ee9d5277 Binary files /dev/null and b/examples/bind/corpus/c96551c86c37c97bc14aaadeb93ee00e.0000017b.honggfuzz.cov differ diff --git a/examples/bind/corpus/c97da234adc3365e48dc893918bc612a.00000085.honggfuzz.cov b/examples/bind/corpus/c97da234adc3365e48dc893918bc612a.00000085.honggfuzz.cov deleted file mode 100644 index ee85ff1a..00000000 Binary files a/examples/bind/corpus/c97da234adc3365e48dc893918bc612a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c983f910a162d1fa0d656b027abdb655.000001a4.honggfuzz.cov b/examples/bind/corpus/c983f910a162d1fa0d656b027abdb655.000001a4.honggfuzz.cov new file mode 100644 index 00000000..d71f6cca Binary files /dev/null and b/examples/bind/corpus/c983f910a162d1fa0d656b027abdb655.000001a4.honggfuzz.cov differ diff --git a/examples/bind/corpus/c99fd1bbdbd806cf1a0ab75135ce5ef1.00001998.honggfuzz.cov b/examples/bind/corpus/c99fd1bbdbd806cf1a0ab75135ce5ef1.00001998.honggfuzz.cov deleted file mode 100644 index 3f25b024..00000000 Binary files a/examples/bind/corpus/c99fd1bbdbd806cf1a0ab75135ce5ef1.00001998.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/c9c5d42a9b7a3be0e7312da3baa083b9.00000037.honggfuzz.cov b/examples/bind/corpus/c9c5d42a9b7a3be0e7312da3baa083b9.00000037.honggfuzz.cov new file mode 100644 index 00000000..302e77a5 Binary files /dev/null and b/examples/bind/corpus/c9c5d42a9b7a3be0e7312da3baa083b9.00000037.honggfuzz.cov differ diff --git a/examples/bind/corpus/c9dfa0d2a4dff2cc423696b4f029a83d.00000080.honggfuzz.cov b/examples/bind/corpus/c9dfa0d2a4dff2cc423696b4f029a83d.00000080.honggfuzz.cov deleted file mode 100644 index 38781678..00000000 Binary files a/examples/bind/corpus/c9dfa0d2a4dff2cc423696b4f029a83d.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ca067b25709de11042ed17be62ff7af3.00010001.honggfuzz.cov b/examples/bind/corpus/ca067b25709de11042ed17be62ff7af3.00010001.honggfuzz.cov deleted file mode 100644 index 1fc80608..00000000 Binary files a/examples/bind/corpus/ca067b25709de11042ed17be62ff7af3.00010001.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ca18f7d955b351963ae1b83454300dc2.00000400.honggfuzz.cov b/examples/bind/corpus/ca18f7d955b351963ae1b83454300dc2.00000400.honggfuzz.cov deleted file mode 100644 index 9ad5a4c4..00000000 Binary files a/examples/bind/corpus/ca18f7d955b351963ae1b83454300dc2.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ca252381fdca111084e75a4aecf74d61.00003a0b.honggfuzz.cov b/examples/bind/corpus/ca252381fdca111084e75a4aecf74d61.00003a0b.honggfuzz.cov deleted file mode 100644 index e3f080e9..00000000 Binary files a/examples/bind/corpus/ca252381fdca111084e75a4aecf74d61.00003a0b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ca5fe5e16636a33306cd3ff869ad29a9.0000085d.honggfuzz.cov b/examples/bind/corpus/ca5fe5e16636a33306cd3ff869ad29a9.0000085d.honggfuzz.cov new file mode 100644 index 00000000..20aed61e Binary files /dev/null and b/examples/bind/corpus/ca5fe5e16636a33306cd3ff869ad29a9.0000085d.honggfuzz.cov differ diff --git a/examples/bind/corpus/ca668d0a6cd95279c157ee732ae159c8.00000190.honggfuzz.cov b/examples/bind/corpus/ca668d0a6cd95279c157ee732ae159c8.00000190.honggfuzz.cov deleted file mode 100644 index 6b19e6e4..00000000 Binary files a/examples/bind/corpus/ca668d0a6cd95279c157ee732ae159c8.00000190.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ca6cec1f92d6578198f2fbe66910290f.00000110.honggfuzz.cov b/examples/bind/corpus/ca6cec1f92d6578198f2fbe66910290f.00000110.honggfuzz.cov new file mode 100644 index 00000000..7fcffae6 Binary files /dev/null and b/examples/bind/corpus/ca6cec1f92d6578198f2fbe66910290f.00000110.honggfuzz.cov differ diff --git a/examples/bind/corpus/ca74dee91acc1c8927ae5595fd81e7de.00000197.honggfuzz.cov b/examples/bind/corpus/ca74dee91acc1c8927ae5595fd81e7de.00000197.honggfuzz.cov new file mode 100644 index 00000000..3643b4f1 Binary files /dev/null and b/examples/bind/corpus/ca74dee91acc1c8927ae5595fd81e7de.00000197.honggfuzz.cov differ diff --git a/examples/bind/corpus/cae15adf1fbd82d1beb391904b72a412.00000085.honggfuzz.cov b/examples/bind/corpus/cae15adf1fbd82d1beb391904b72a412.00000085.honggfuzz.cov deleted file mode 100644 index 0b0dc747..00000000 Binary files a/examples/bind/corpus/cae15adf1fbd82d1beb391904b72a412.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cae6c49376f193778ed6183379d6bcf7.0001153e.honggfuzz.cov b/examples/bind/corpus/cae6c49376f193778ed6183379d6bcf7.0001153e.honggfuzz.cov deleted file mode 100644 index ccb293d7..00000000 Binary files a/examples/bind/corpus/cae6c49376f193778ed6183379d6bcf7.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cb0117bcfccb582147f57a973303b8f4.000006a6.honggfuzz.cov b/examples/bind/corpus/cb0117bcfccb582147f57a973303b8f4.000006a6.honggfuzz.cov deleted file mode 100644 index 8466d420..00000000 Binary files a/examples/bind/corpus/cb0117bcfccb582147f57a973303b8f4.000006a6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cb17bff43198bc617016db73e5dac093.000014e4.honggfuzz.cov b/examples/bind/corpus/cb17bff43198bc617016db73e5dac093.000014e4.honggfuzz.cov deleted file mode 100644 index 050ef7b4..00000000 Binary files a/examples/bind/corpus/cb17bff43198bc617016db73e5dac093.000014e4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cb2dc0def2fea8c9fc534624ff07b006.00000871.honggfuzz.cov b/examples/bind/corpus/cb2dc0def2fea8c9fc534624ff07b006.00000871.honggfuzz.cov new file mode 100644 index 00000000..0e4ce569 Binary files /dev/null and b/examples/bind/corpus/cb2dc0def2fea8c9fc534624ff07b006.00000871.honggfuzz.cov differ diff --git a/examples/bind/corpus/cb48c1cee5ead6d0218b99ca90412155.0000002c.honggfuzz.cov b/examples/bind/corpus/cb48c1cee5ead6d0218b99ca90412155.0000002c.honggfuzz.cov deleted file mode 100644 index edbe7bcd..00000000 Binary files a/examples/bind/corpus/cb48c1cee5ead6d0218b99ca90412155.0000002c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cb5760feac639b1d6f0f0ec74b3fd12e.00000085.honggfuzz.cov b/examples/bind/corpus/cb5760feac639b1d6f0f0ec74b3fd12e.00000085.honggfuzz.cov deleted file mode 100644 index cbe89b64..00000000 Binary files a/examples/bind/corpus/cb5760feac639b1d6f0f0ec74b3fd12e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cb5b6f7219bf3b8c6c7f5dc21fb9b8f7.000039d2.honggfuzz.cov b/examples/bind/corpus/cb5b6f7219bf3b8c6c7f5dc21fb9b8f7.000039d2.honggfuzz.cov deleted file mode 100644 index b4b1df95..00000000 Binary files a/examples/bind/corpus/cb5b6f7219bf3b8c6c7f5dc21fb9b8f7.000039d2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cb5fa5c766ba68171f234f3c915b032c.0000a2fb.honggfuzz.cov b/examples/bind/corpus/cb5fa5c766ba68171f234f3c915b032c.0000a2fb.honggfuzz.cov new file mode 100644 index 00000000..fb3cefcc Binary files /dev/null and b/examples/bind/corpus/cb5fa5c766ba68171f234f3c915b032c.0000a2fb.honggfuzz.cov differ diff --git a/examples/bind/corpus/cb76feb608a501ffaa85dfcd4cde0871.00015a10.honggfuzz.cov b/examples/bind/corpus/cb76feb608a501ffaa85dfcd4cde0871.00015a10.honggfuzz.cov deleted file mode 100644 index 14e0cc11..00000000 Binary files a/examples/bind/corpus/cb76feb608a501ffaa85dfcd4cde0871.00015a10.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cb804bdc71cb60365d8aacecdd0a9bb0.00000080.honggfuzz.cov b/examples/bind/corpus/cb804bdc71cb60365d8aacecdd0a9bb0.00000080.honggfuzz.cov deleted file mode 100644 index 06131b09..00000000 Binary files a/examples/bind/corpus/cb804bdc71cb60365d8aacecdd0a9bb0.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cb8b3139daaced7471af4ffbfba7d822.000000f7.honggfuzz.cov b/examples/bind/corpus/cb8b3139daaced7471af4ffbfba7d822.000000f7.honggfuzz.cov new file mode 100644 index 00000000..ad67b826 Binary files /dev/null and b/examples/bind/corpus/cb8b3139daaced7471af4ffbfba7d822.000000f7.honggfuzz.cov differ diff --git a/examples/bind/corpus/cbd56b2f6595f7d9eeecd00065d71f25.00000020.honggfuzz.cov b/examples/bind/corpus/cbd56b2f6595f7d9eeecd00065d71f25.00000020.honggfuzz.cov new file mode 100644 index 00000000..7bb42213 Binary files /dev/null and b/examples/bind/corpus/cbd56b2f6595f7d9eeecd00065d71f25.00000020.honggfuzz.cov differ diff --git a/examples/bind/corpus/cc0931bdf4d2637dd981c70f3553b2be.000000bc.honggfuzz.cov b/examples/bind/corpus/cc0931bdf4d2637dd981c70f3553b2be.000000bc.honggfuzz.cov new file mode 100644 index 00000000..cf019c90 Binary files /dev/null and b/examples/bind/corpus/cc0931bdf4d2637dd981c70f3553b2be.000000bc.honggfuzz.cov differ diff --git a/examples/bind/corpus/cc32811f2bafbc6f05dfebc32941a6e7.000008c2.honggfuzz.cov b/examples/bind/corpus/cc32811f2bafbc6f05dfebc32941a6e7.000008c2.honggfuzz.cov new file mode 100644 index 00000000..60754127 Binary files /dev/null and b/examples/bind/corpus/cc32811f2bafbc6f05dfebc32941a6e7.000008c2.honggfuzz.cov differ diff --git a/examples/bind/corpus/cc3d0e90e7a9a25c96626f2d8ff07359.00018acd.honggfuzz.cov b/examples/bind/corpus/cc3d0e90e7a9a25c96626f2d8ff07359.00018acd.honggfuzz.cov deleted file mode 100644 index 11b685a6..00000000 Binary files a/examples/bind/corpus/cc3d0e90e7a9a25c96626f2d8ff07359.00018acd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cc4de96dcabf60572db395a7848ad58b.00000135.honggfuzz.cov b/examples/bind/corpus/cc4de96dcabf60572db395a7848ad58b.00000135.honggfuzz.cov deleted file mode 100644 index 6bdad566..00000000 Binary files a/examples/bind/corpus/cc4de96dcabf60572db395a7848ad58b.00000135.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cc9d176923f1f8134766843fba972056.00000062.honggfuzz.cov b/examples/bind/corpus/cc9d176923f1f8134766843fba972056.00000062.honggfuzz.cov deleted file mode 100644 index c9ad04ae..00000000 Binary files a/examples/bind/corpus/cc9d176923f1f8134766843fba972056.00000062.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ccac9d2ee3695f0988b197f251ee0491.00000085.honggfuzz.cov b/examples/bind/corpus/ccac9d2ee3695f0988b197f251ee0491.00000085.honggfuzz.cov deleted file mode 100644 index 9429ac3e..00000000 Binary files a/examples/bind/corpus/ccac9d2ee3695f0988b197f251ee0491.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ccb1c308697f141c2996d52e1597419f.00000199.honggfuzz.cov b/examples/bind/corpus/ccb1c308697f141c2996d52e1597419f.00000199.honggfuzz.cov deleted file mode 100644 index d4b48c52..00000000 Binary files a/examples/bind/corpus/ccb1c308697f141c2996d52e1597419f.00000199.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ccfba3aadcf97c1d123bceea45b6f132.000105b8.honggfuzz.cov b/examples/bind/corpus/ccfba3aadcf97c1d123bceea45b6f132.000105b8.honggfuzz.cov new file mode 100644 index 00000000..c7844842 Binary files /dev/null and b/examples/bind/corpus/ccfba3aadcf97c1d123bceea45b6f132.000105b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/cd285fdd4c16860c9c4ee69ce0862a35.0001e987.honggfuzz.cov b/examples/bind/corpus/cd285fdd4c16860c9c4ee69ce0862a35.0001e987.honggfuzz.cov deleted file mode 100644 index f41ac86c..00000000 Binary files a/examples/bind/corpus/cd285fdd4c16860c9c4ee69ce0862a35.0001e987.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cd29c713a896c05c8d5f252cfe78ad10.000002fa.honggfuzz.cov b/examples/bind/corpus/cd29c713a896c05c8d5f252cfe78ad10.000002fa.honggfuzz.cov deleted file mode 100644 index 4aa5bf64..00000000 Binary files a/examples/bind/corpus/cd29c713a896c05c8d5f252cfe78ad10.000002fa.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cd33a400a53b9bd11e3f5c8998feba56.000004d2.honggfuzz.cov b/examples/bind/corpus/cd33a400a53b9bd11e3f5c8998feba56.000004d2.honggfuzz.cov deleted file mode 100644 index 97ff2499..00000000 Binary files a/examples/bind/corpus/cd33a400a53b9bd11e3f5c8998feba56.000004d2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cd5ad586c41643bb5467cd41d0aa1af3.000000c6.honggfuzz.cov b/examples/bind/corpus/cd5ad586c41643bb5467cd41d0aa1af3.000000c6.honggfuzz.cov new file mode 100644 index 00000000..a1aa0fd4 Binary files /dev/null and b/examples/bind/corpus/cd5ad586c41643bb5467cd41d0aa1af3.000000c6.honggfuzz.cov differ diff --git a/examples/bind/corpus/cd8cd045957bf810aa0a3430b6b42980.000000f7.honggfuzz.cov b/examples/bind/corpus/cd8cd045957bf810aa0a3430b6b42980.000000f7.honggfuzz.cov deleted file mode 100644 index 15bc421f..00000000 Binary files a/examples/bind/corpus/cd8cd045957bf810aa0a3430b6b42980.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cd8d0163e0e36333baa88f8a3f9afcc2.00000655.honggfuzz.cov b/examples/bind/corpus/cd8d0163e0e36333baa88f8a3f9afcc2.00000655.honggfuzz.cov new file mode 100644 index 00000000..9a94ed05 Binary files /dev/null and b/examples/bind/corpus/cd8d0163e0e36333baa88f8a3f9afcc2.00000655.honggfuzz.cov differ diff --git a/examples/bind/corpus/cd8ff542802d078034560f284ee0045c.0000008d.honggfuzz.cov b/examples/bind/corpus/cd8ff542802d078034560f284ee0045c.0000008d.honggfuzz.cov deleted file mode 100644 index 645895c3..00000000 Binary files a/examples/bind/corpus/cd8ff542802d078034560f284ee0045c.0000008d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cda0cd2f5c9d588bab2cb937bf20521e.00002501.honggfuzz.cov b/examples/bind/corpus/cda0cd2f5c9d588bab2cb937bf20521e.00002501.honggfuzz.cov deleted file mode 100644 index b9ef2cca..00000000 Binary files a/examples/bind/corpus/cda0cd2f5c9d588bab2cb937bf20521e.00002501.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cdc49076878adaf98eadd14a64b5f4ca.00000085.honggfuzz.cov b/examples/bind/corpus/cdc49076878adaf98eadd14a64b5f4ca.00000085.honggfuzz.cov deleted file mode 100644 index 3537b797..00000000 Binary files a/examples/bind/corpus/cdc49076878adaf98eadd14a64b5f4ca.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cdc695779f9f7bb93b7e666d593ec1ae.000001c9.honggfuzz.cov b/examples/bind/corpus/cdc695779f9f7bb93b7e666d593ec1ae.000001c9.honggfuzz.cov deleted file mode 100644 index d88bb739..00000000 Binary files a/examples/bind/corpus/cdc695779f9f7bb93b7e666d593ec1ae.000001c9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cdf12f14f673a44087a5fd58ebf6f403.00000080.honggfuzz.cov b/examples/bind/corpus/cdf12f14f673a44087a5fd58ebf6f403.00000080.honggfuzz.cov new file mode 100644 index 00000000..fbebea11 Binary files /dev/null and b/examples/bind/corpus/cdf12f14f673a44087a5fd58ebf6f403.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/ce04c585c0f042f2cc2afdbae7c8e83c.000000c3.honggfuzz.cov b/examples/bind/corpus/ce04c585c0f042f2cc2afdbae7c8e83c.000000c3.honggfuzz.cov deleted file mode 100644 index 21892720..00000000 Binary files a/examples/bind/corpus/ce04c585c0f042f2cc2afdbae7c8e83c.000000c3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ce1eb8bf18698fe8207660134cc49130.00000c22.honggfuzz.cov b/examples/bind/corpus/ce1eb8bf18698fe8207660134cc49130.00000c22.honggfuzz.cov deleted file mode 100644 index 5e1616b7..00000000 Binary files a/examples/bind/corpus/ce1eb8bf18698fe8207660134cc49130.00000c22.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ce2fcb11509c0a6eecf621ec6a67736f.000000f7.honggfuzz.cov b/examples/bind/corpus/ce2fcb11509c0a6eecf621ec6a67736f.000000f7.honggfuzz.cov deleted file mode 100644 index 5a36406b..00000000 Binary files a/examples/bind/corpus/ce2fcb11509c0a6eecf621ec6a67736f.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ce6f59df4c77ad999921642549c9808e.00000085.honggfuzz.cov b/examples/bind/corpus/ce6f59df4c77ad999921642549c9808e.00000085.honggfuzz.cov deleted file mode 100644 index a9b17d45..00000000 Binary files a/examples/bind/corpus/ce6f59df4c77ad999921642549c9808e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cea7d125e19b3de345ff1c67baab2449.00000b31.honggfuzz.cov b/examples/bind/corpus/cea7d125e19b3de345ff1c67baab2449.00000b31.honggfuzz.cov deleted file mode 100644 index d700d7c4..00000000 Binary files a/examples/bind/corpus/cea7d125e19b3de345ff1c67baab2449.00000b31.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cec004c9068def838a4cb53059aa678e.00000100.honggfuzz.cov b/examples/bind/corpus/cec004c9068def838a4cb53059aa678e.00000100.honggfuzz.cov deleted file mode 100644 index 9a40d214..00000000 Binary files a/examples/bind/corpus/cec004c9068def838a4cb53059aa678e.00000100.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cec70f8f36589d6b5bd8eafbc3921514.0000010f.honggfuzz.cov b/examples/bind/corpus/cec70f8f36589d6b5bd8eafbc3921514.0000010f.honggfuzz.cov new file mode 100644 index 00000000..d524c4f9 Binary files /dev/null and b/examples/bind/corpus/cec70f8f36589d6b5bd8eafbc3921514.0000010f.honggfuzz.cov differ diff --git a/examples/bind/corpus/ced849961872f51c11faf0ecaac67f0c.000000be.honggfuzz.cov b/examples/bind/corpus/ced849961872f51c11faf0ecaac67f0c.000000be.honggfuzz.cov deleted file mode 100644 index 8afb68b3..00000000 Binary files a/examples/bind/corpus/ced849961872f51c11faf0ecaac67f0c.000000be.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ced959871872f51c04eff1bdef292102.000000be.honggfuzz.cov b/examples/bind/corpus/ced959871872f51c04eff1bdef292102.000000be.honggfuzz.cov deleted file mode 100644 index 22f56547..00000000 Binary files a/examples/bind/corpus/ced959871872f51c04eff1bdef292102.000000be.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cedd4294053554b6b2371f0ef0a08051.00000066.honggfuzz.cov b/examples/bind/corpus/cedd4294053554b6b2371f0ef0a08051.00000066.honggfuzz.cov new file mode 100644 index 00000000..07693000 Binary files /dev/null and b/examples/bind/corpus/cedd4294053554b6b2371f0ef0a08051.00000066.honggfuzz.cov differ diff --git a/examples/bind/corpus/ceeb9abb1de2f00c8a5bc3501f0c9d62.000004c9.honggfuzz.cov b/examples/bind/corpus/ceeb9abb1de2f00c8a5bc3501f0c9d62.000004c9.honggfuzz.cov new file mode 100644 index 00000000..9c69515b Binary files /dev/null and b/examples/bind/corpus/ceeb9abb1de2f00c8a5bc3501f0c9d62.000004c9.honggfuzz.cov differ diff --git a/examples/bind/corpus/cef69441bc84107ee7da4635f776e1f8.000003e5.honggfuzz.cov b/examples/bind/corpus/cef69441bc84107ee7da4635f776e1f8.000003e5.honggfuzz.cov deleted file mode 100644 index b4855245..00000000 Binary files a/examples/bind/corpus/cef69441bc84107ee7da4635f776e1f8.000003e5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cf1a81bccfcc2b5fd6648a52a19e9f94.00000085.honggfuzz.cov b/examples/bind/corpus/cf1a81bccfcc2b5fd6648a52a19e9f94.00000085.honggfuzz.cov deleted file mode 100644 index 6a342577..00000000 Binary files a/examples/bind/corpus/cf1a81bccfcc2b5fd6648a52a19e9f94.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cf208cdb5f02184a3f7ac8b47c510220.00000080.honggfuzz.cov b/examples/bind/corpus/cf208cdb5f02184a3f7ac8b47c510220.00000080.honggfuzz.cov new file mode 100644 index 00000000..2f2adda2 Binary files /dev/null and b/examples/bind/corpus/cf208cdb5f02184a3f7ac8b47c510220.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/cf25d1681c4658a5e2ad8496e944d36a.00000143.honggfuzz.cov b/examples/bind/corpus/cf25d1681c4658a5e2ad8496e944d36a.00000143.honggfuzz.cov deleted file mode 100644 index 00923a0e..00000000 Binary files a/examples/bind/corpus/cf25d1681c4658a5e2ad8496e944d36a.00000143.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cf2dc8d0e85c0b9a41289115bfbbd133.0000938a.honggfuzz.cov b/examples/bind/corpus/cf2dc8d0e85c0b9a41289115bfbbd133.0000938a.honggfuzz.cov new file mode 100644 index 00000000..1d42944c Binary files /dev/null and b/examples/bind/corpus/cf2dc8d0e85c0b9a41289115bfbbd133.0000938a.honggfuzz.cov differ diff --git a/examples/bind/corpus/cf455a90d9151fa05d9cfc6f8124b7e4.000000c6.honggfuzz.cov b/examples/bind/corpus/cf455a90d9151fa05d9cfc6f8124b7e4.000000c6.honggfuzz.cov deleted file mode 100644 index f048061a..00000000 Binary files a/examples/bind/corpus/cf455a90d9151fa05d9cfc6f8124b7e4.000000c6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cf46234100d5e3b04d62e7ceb8d63f01.0001f5dd.honggfuzz.cov b/examples/bind/corpus/cf46234100d5e3b04d62e7ceb8d63f01.0001f5dd.honggfuzz.cov deleted file mode 100644 index fd15d061..00000000 Binary files a/examples/bind/corpus/cf46234100d5e3b04d62e7ceb8d63f01.0001f5dd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cf51634329096218249a046069654bc0.000000ad.honggfuzz.cov b/examples/bind/corpus/cf51634329096218249a046069654bc0.000000ad.honggfuzz.cov deleted file mode 100644 index b42f84cc..00000000 Binary files a/examples/bind/corpus/cf51634329096218249a046069654bc0.000000ad.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cf7e81bc4494fa46d67506c3d880f3a6.0001e97f.honggfuzz.cov b/examples/bind/corpus/cf7e81bc4494fa46d67506c3d880f3a6.0001e97f.honggfuzz.cov new file mode 100644 index 00000000..3d2170c6 Binary files /dev/null and b/examples/bind/corpus/cf7e81bc4494fa46d67506c3d880f3a6.0001e97f.honggfuzz.cov differ diff --git a/examples/bind/corpus/cf7e9ea47532fdec1707d68bfebbcbaa.00000085.honggfuzz.cov b/examples/bind/corpus/cf7e9ea47532fdec1707d68bfebbcbaa.00000085.honggfuzz.cov deleted file mode 100644 index bdcb6ba9..00000000 Binary files a/examples/bind/corpus/cf7e9ea47532fdec1707d68bfebbcbaa.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cf80aa1dd3cddd01672c4cdab9c93817.000101d0.honggfuzz.cov b/examples/bind/corpus/cf80aa1dd3cddd01672c4cdab9c93817.000101d0.honggfuzz.cov new file mode 100644 index 00000000..9b80f71a Binary files /dev/null and b/examples/bind/corpus/cf80aa1dd3cddd01672c4cdab9c93817.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/cfaf5c436d9da44a8d3bb4103a9975ca.00000091.honggfuzz.cov b/examples/bind/corpus/cfaf5c436d9da44a8d3bb4103a9975ca.00000091.honggfuzz.cov new file mode 100644 index 00000000..67b881f4 Binary files /dev/null and b/examples/bind/corpus/cfaf5c436d9da44a8d3bb4103a9975ca.00000091.honggfuzz.cov differ diff --git a/examples/bind/corpus/cfaf68b5963fa24e649ed267aea51dc8.00000f70.honggfuzz.cov b/examples/bind/corpus/cfaf68b5963fa24e649ed267aea51dc8.00000f70.honggfuzz.cov deleted file mode 100644 index 0d4e0c5b..00000000 Binary files a/examples/bind/corpus/cfaf68b5963fa24e649ed267aea51dc8.00000f70.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cfb5d0a4050df1231a634bb094bfc2d2.0000192a.honggfuzz.cov b/examples/bind/corpus/cfb5d0a4050df1231a634bb094bfc2d2.0000192a.honggfuzz.cov deleted file mode 100644 index b48fe077..00000000 Binary files a/examples/bind/corpus/cfb5d0a4050df1231a634bb094bfc2d2.0000192a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cfb9e705bf6b86ba02eeff8140769e9e.00000021.honggfuzz.cov b/examples/bind/corpus/cfb9e705bf6b86ba02eeff8140769e9e.00000021.honggfuzz.cov new file mode 100644 index 00000000..e15f2486 Binary files /dev/null and b/examples/bind/corpus/cfb9e705bf6b86ba02eeff8140769e9e.00000021.honggfuzz.cov differ diff --git a/examples/bind/corpus/cfb9e70ffbdb970a02eefe5ae1c08e43.00000021.honggfuzz.cov b/examples/bind/corpus/cfb9e70ffbdb970a02eefe5ae1c08e43.00000021.honggfuzz.cov deleted file mode 100644 index 22f3584f..00000000 Binary files a/examples/bind/corpus/cfb9e70ffbdb970a02eefe5ae1c08e43.00000021.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cfc9a11ce3943189b30e8924df6e0361.000185aa.honggfuzz.cov b/examples/bind/corpus/cfc9a11ce3943189b30e8924df6e0361.000185aa.honggfuzz.cov deleted file mode 100644 index 83d5a271..00000000 Binary files a/examples/bind/corpus/cfc9a11ce3943189b30e8924df6e0361.000185aa.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cfc9ef96b337720c31a896c912156730.00000f86.honggfuzz.cov b/examples/bind/corpus/cfc9ef96b337720c31a896c912156730.00000f86.honggfuzz.cov new file mode 100644 index 00000000..be0f13be Binary files /dev/null and b/examples/bind/corpus/cfc9ef96b337720c31a896c912156730.00000f86.honggfuzz.cov differ diff --git a/examples/bind/corpus/cfcb645c97c7fde044f0f521cebe67b6.00000288.honggfuzz.cov b/examples/bind/corpus/cfcb645c97c7fde044f0f521cebe67b6.00000288.honggfuzz.cov deleted file mode 100644 index 39f16b57..00000000 Binary files a/examples/bind/corpus/cfcb645c97c7fde044f0f521cebe67b6.00000288.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cfede14be26d2d79b8dd86d8a36a8534.00000085.honggfuzz.cov b/examples/bind/corpus/cfede14be26d2d79b8dd86d8a36a8534.00000085.honggfuzz.cov new file mode 100644 index 00000000..a3bc8062 Binary files /dev/null and b/examples/bind/corpus/cfede14be26d2d79b8dd86d8a36a8534.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/cff49f0ec6eb79d387ecf48c55820b82.0000008c.honggfuzz.cov b/examples/bind/corpus/cff49f0ec6eb79d387ecf48c55820b82.0000008c.honggfuzz.cov deleted file mode 100644 index beae027c..00000000 Binary files a/examples/bind/corpus/cff49f0ec6eb79d387ecf48c55820b82.0000008c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cff5fae924b46f5c028ba1d85c7d932a.000000de.honggfuzz.cov b/examples/bind/corpus/cff5fae924b46f5c028ba1d85c7d932a.000000de.honggfuzz.cov deleted file mode 100644 index 9319b855..00000000 Binary files a/examples/bind/corpus/cff5fae924b46f5c028ba1d85c7d932a.000000de.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/cff6e076429a27662a692e4eafdeecee.000000da.honggfuzz.cov b/examples/bind/corpus/cff6e076429a27662a692e4eafdeecee.000000da.honggfuzz.cov deleted file mode 100644 index 67ca6b78..00000000 Binary files a/examples/bind/corpus/cff6e076429a27662a692e4eafdeecee.000000da.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d00832866fce3ec82416aadf85ccb68d.0000195d.honggfuzz.cov b/examples/bind/corpus/d00832866fce3ec82416aadf85ccb68d.0000195d.honggfuzz.cov deleted file mode 100644 index 7b14994a..00000000 Binary files a/examples/bind/corpus/d00832866fce3ec82416aadf85ccb68d.0000195d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d00c6bd11dca23bf3295993b96cb0b36.000000f9.honggfuzz.cov b/examples/bind/corpus/d00c6bd11dca23bf3295993b96cb0b36.000000f9.honggfuzz.cov deleted file mode 100644 index cc554149..00000000 Binary files a/examples/bind/corpus/d00c6bd11dca23bf3295993b96cb0b36.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d0167c74c93a62541f8f695bdbb4eaa7.00007d13.honggfuzz.cov b/examples/bind/corpus/d0167c74c93a62541f8f695bdbb4eaa7.00007d13.honggfuzz.cov deleted file mode 100644 index 482366a2..00000000 Binary files a/examples/bind/corpus/d0167c74c93a62541f8f695bdbb4eaa7.00007d13.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d01d709987e1ea64dff5229b44eac1e0.00000129.honggfuzz.cov b/examples/bind/corpus/d01d709987e1ea64dff5229b44eac1e0.00000129.honggfuzz.cov new file mode 100644 index 00000000..35a4aad4 Binary files /dev/null and b/examples/bind/corpus/d01d709987e1ea64dff5229b44eac1e0.00000129.honggfuzz.cov differ diff --git a/examples/bind/corpus/d03cfc5853d5b17ef801252a08032c0c.000000b7.honggfuzz.cov b/examples/bind/corpus/d03cfc5853d5b17ef801252a08032c0c.000000b7.honggfuzz.cov new file mode 100644 index 00000000..9e07c946 Binary files /dev/null and b/examples/bind/corpus/d03cfc5853d5b17ef801252a08032c0c.000000b7.honggfuzz.cov differ diff --git a/examples/bind/corpus/d06298f05df5f9e3d23a417cde6aeaa0.0000003d.honggfuzz.cov b/examples/bind/corpus/d06298f05df5f9e3d23a417cde6aeaa0.0000003d.honggfuzz.cov new file mode 100644 index 00000000..9774e218 Binary files /dev/null and b/examples/bind/corpus/d06298f05df5f9e3d23a417cde6aeaa0.0000003d.honggfuzz.cov differ diff --git a/examples/bind/corpus/d072c349e1aa0caed70db1aced72dce3.00000052.honggfuzz.cov b/examples/bind/corpus/d072c349e1aa0caed70db1aced72dce3.00000052.honggfuzz.cov new file mode 100644 index 00000000..1197929a Binary files /dev/null and b/examples/bind/corpus/d072c349e1aa0caed70db1aced72dce3.00000052.honggfuzz.cov differ diff --git a/examples/bind/corpus/d0837b36e9338d51f7e7575b5c2bc72d.00000037.honggfuzz.cov b/examples/bind/corpus/d0837b36e9338d51f7e7575b5c2bc72d.00000037.honggfuzz.cov deleted file mode 100644 index 5874fe69..00000000 Binary files a/examples/bind/corpus/d0837b36e9338d51f7e7575b5c2bc72d.00000037.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d0943ecea5c71ebd46c91a05a8cc5ba0.000001ae.honggfuzz.cov b/examples/bind/corpus/d0943ecea5c71ebd46c91a05a8cc5ba0.000001ae.honggfuzz.cov deleted file mode 100644 index af4f786b..00000000 Binary files a/examples/bind/corpus/d0943ecea5c71ebd46c91a05a8cc5ba0.000001ae.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d09b3f6e871e272166fb38626c3eda94.00000046.honggfuzz.cov b/examples/bind/corpus/d09b3f6e871e272166fb38626c3eda94.00000046.honggfuzz.cov new file mode 100644 index 00000000..02dc0b0c Binary files /dev/null and b/examples/bind/corpus/d09b3f6e871e272166fb38626c3eda94.00000046.honggfuzz.cov differ diff --git a/examples/bind/corpus/d0b5a77d5334bb59ee38345ae613869f.00005f6e.honggfuzz.cov b/examples/bind/corpus/d0b5a77d5334bb59ee38345ae613869f.00005f6e.honggfuzz.cov deleted file mode 100644 index f16915a2..00000000 Binary files a/examples/bind/corpus/d0b5a77d5334bb59ee38345ae613869f.00005f6e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d0bc15c78aa758dfbee2fc471fcfee19.000002d6.honggfuzz.cov b/examples/bind/corpus/d0bc15c78aa758dfbee2fc471fcfee19.000002d6.honggfuzz.cov deleted file mode 100644 index a65b4f03..00000000 Binary files a/examples/bind/corpus/d0bc15c78aa758dfbee2fc471fcfee19.000002d6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d0e9fc5cef7288b2009b31f2942dcd01.00000085.honggfuzz.cov b/examples/bind/corpus/d0e9fc5cef7288b2009b31f2942dcd01.00000085.honggfuzz.cov new file mode 100644 index 00000000..9f075f2f Binary files /dev/null and b/examples/bind/corpus/d0e9fc5cef7288b2009b31f2942dcd01.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/d0f57e543a17b495c3b6be3ebcebafc9.00001502.honggfuzz.cov b/examples/bind/corpus/d0f57e543a17b495c3b6be3ebcebafc9.00001502.honggfuzz.cov deleted file mode 100644 index 5d9213f3..00000000 Binary files a/examples/bind/corpus/d0f57e543a17b495c3b6be3ebcebafc9.00001502.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d105582d6bb9da77da5405a375e5c47d.000148cb.honggfuzz.cov b/examples/bind/corpus/d105582d6bb9da77da5405a375e5c47d.000148cb.honggfuzz.cov new file mode 100644 index 00000000..20d3c5c6 Binary files /dev/null and b/examples/bind/corpus/d105582d6bb9da77da5405a375e5c47d.000148cb.honggfuzz.cov differ diff --git a/examples/bind/corpus/d10a1632954713a1de65e093de248a56.00000085.honggfuzz.cov b/examples/bind/corpus/d10a1632954713a1de65e093de248a56.00000085.honggfuzz.cov deleted file mode 100644 index 88715650..00000000 Binary files a/examples/bind/corpus/d10a1632954713a1de65e093de248a56.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d10b685901f6792aadd2d9c228a55dac.000090f3.honggfuzz.cov b/examples/bind/corpus/d10b685901f6792aadd2d9c228a55dac.000090f3.honggfuzz.cov new file mode 100644 index 00000000..a2b37c61 Binary files /dev/null and b/examples/bind/corpus/d10b685901f6792aadd2d9c228a55dac.000090f3.honggfuzz.cov differ diff --git a/examples/bind/corpus/d10cc4b54d40cc32c2a0c3b33c17ba1f.000000e5.honggfuzz.cov b/examples/bind/corpus/d10cc4b54d40cc32c2a0c3b33c17ba1f.000000e5.honggfuzz.cov new file mode 100644 index 00000000..366d25e4 Binary files /dev/null and b/examples/bind/corpus/d10cc4b54d40cc32c2a0c3b33c17ba1f.000000e5.honggfuzz.cov differ diff --git a/examples/bind/corpus/d118323b617550ed9e7a012164796f9b.000101d0.honggfuzz.cov b/examples/bind/corpus/d118323b617550ed9e7a012164796f9b.000101d0.honggfuzz.cov new file mode 100644 index 00000000..016eba4d Binary files /dev/null and b/examples/bind/corpus/d118323b617550ed9e7a012164796f9b.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/d11b95c8cc9590791bfe0130dee64423.0000008e.honggfuzz.cov b/examples/bind/corpus/d11b95c8cc9590791bfe0130dee64423.0000008e.honggfuzz.cov new file mode 100644 index 00000000..f5a09706 Binary files /dev/null and b/examples/bind/corpus/d11b95c8cc9590791bfe0130dee64423.0000008e.honggfuzz.cov differ diff --git a/examples/bind/corpus/d125d3a80d0481465f897df07986b956.000074be.honggfuzz.cov b/examples/bind/corpus/d125d3a80d0481465f897df07986b956.000074be.honggfuzz.cov new file mode 100644 index 00000000..fc27c98b Binary files /dev/null and b/examples/bind/corpus/d125d3a80d0481465f897df07986b956.000074be.honggfuzz.cov differ diff --git a/examples/bind/corpus/d1284b7e659a4bd10c3412d8d242456f.00000400.honggfuzz.cov b/examples/bind/corpus/d1284b7e659a4bd10c3412d8d242456f.00000400.honggfuzz.cov new file mode 100644 index 00000000..b479b61b Binary files /dev/null and b/examples/bind/corpus/d1284b7e659a4bd10c3412d8d242456f.00000400.honggfuzz.cov differ diff --git a/examples/bind/corpus/d139f2d485d755153cc2942e4d5b67fc.00000085.honggfuzz.cov b/examples/bind/corpus/d139f2d485d755153cc2942e4d5b67fc.00000085.honggfuzz.cov deleted file mode 100644 index 27012d73..00000000 Binary files a/examples/bind/corpus/d139f2d485d755153cc2942e4d5b67fc.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d13f3215b5fdc1950fe5417d88e1bbcc.00000fa8.honggfuzz.cov b/examples/bind/corpus/d13f3215b5fdc1950fe5417d88e1bbcc.00000fa8.honggfuzz.cov new file mode 100644 index 00000000..a869e1dd Binary files /dev/null and b/examples/bind/corpus/d13f3215b5fdc1950fe5417d88e1bbcc.00000fa8.honggfuzz.cov differ diff --git a/examples/bind/corpus/d1499bbdd718e7bf2e5a101de9b82030.00019b12.honggfuzz.cov b/examples/bind/corpus/d1499bbdd718e7bf2e5a101de9b82030.00019b12.honggfuzz.cov deleted file mode 100644 index a5e1df54..00000000 Binary files a/examples/bind/corpus/d1499bbdd718e7bf2e5a101de9b82030.00019b12.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d170ca30c5d21eaf7f3697f40dc94beb.00000085.honggfuzz.cov b/examples/bind/corpus/d170ca30c5d21eaf7f3697f40dc94beb.00000085.honggfuzz.cov new file mode 100644 index 00000000..8dc64dc2 Binary files /dev/null and b/examples/bind/corpus/d170ca30c5d21eaf7f3697f40dc94beb.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/d1a20b19170e204c2db3f676fde4ed05.000000ff.honggfuzz.cov b/examples/bind/corpus/d1a20b19170e204c2db3f676fde4ed05.000000ff.honggfuzz.cov new file mode 100644 index 00000000..ab50479c Binary files /dev/null and b/examples/bind/corpus/d1a20b19170e204c2db3f676fde4ed05.000000ff.honggfuzz.cov differ diff --git a/examples/bind/corpus/d1a2c6a50fd8e6b7fc115b2014e0f2b9.00000400.honggfuzz.cov b/examples/bind/corpus/d1a2c6a50fd8e6b7fc115b2014e0f2b9.00000400.honggfuzz.cov deleted file mode 100644 index 61e33eb1..00000000 Binary files a/examples/bind/corpus/d1a2c6a50fd8e6b7fc115b2014e0f2b9.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d1df0ec2802f7320aeb0baa799afdf31.00000085.honggfuzz.cov b/examples/bind/corpus/d1df0ec2802f7320aeb0baa799afdf31.00000085.honggfuzz.cov deleted file mode 100644 index 98a45693..00000000 Binary files a/examples/bind/corpus/d1df0ec2802f7320aeb0baa799afdf31.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d1dfe72bc5fcb020fe24dd7c566c2cbc.00000085.honggfuzz.cov b/examples/bind/corpus/d1dfe72bc5fcb020fe24dd7c566c2cbc.00000085.honggfuzz.cov deleted file mode 100644 index 7e1fbda6..00000000 Binary files a/examples/bind/corpus/d1dfe72bc5fcb020fe24dd7c566c2cbc.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d1e30fb4f0e895ef30a81cfbaeaf4dc7.00001dcd.honggfuzz.cov b/examples/bind/corpus/d1e30fb4f0e895ef30a81cfbaeaf4dc7.00001dcd.honggfuzz.cov deleted file mode 100644 index d0c0293d..00000000 Binary files a/examples/bind/corpus/d1e30fb4f0e895ef30a81cfbaeaf4dc7.00001dcd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d1e46d79bdb61fb4502dc1c98bab73c4.000101d0.honggfuzz.cov b/examples/bind/corpus/d1e46d79bdb61fb4502dc1c98bab73c4.000101d0.honggfuzz.cov new file mode 100644 index 00000000..a5318ecf Binary files /dev/null and b/examples/bind/corpus/d1e46d79bdb61fb4502dc1c98bab73c4.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/d1eebae576b281a1dd243205c2655a9c.00000bdb.honggfuzz.cov b/examples/bind/corpus/d1eebae576b281a1dd243205c2655a9c.00000bdb.honggfuzz.cov deleted file mode 100644 index 30a4d79e..00000000 Binary files a/examples/bind/corpus/d1eebae576b281a1dd243205c2655a9c.00000bdb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d1f144e0fa91c75f999d6b00f5056a2a.000000f7.honggfuzz.cov b/examples/bind/corpus/d1f144e0fa91c75f999d6b00f5056a2a.000000f7.honggfuzz.cov new file mode 100644 index 00000000..6de4b315 Binary files /dev/null and b/examples/bind/corpus/d1f144e0fa91c75f999d6b00f5056a2a.000000f7.honggfuzz.cov differ diff --git a/examples/bind/corpus/d1f8c8fb309b58c6fe47c06357c1d435.0000007d.honggfuzz.cov b/examples/bind/corpus/d1f8c8fb309b58c6fe47c06357c1d435.0000007d.honggfuzz.cov new file mode 100644 index 00000000..4efa9f0b Binary files /dev/null and b/examples/bind/corpus/d1f8c8fb309b58c6fe47c06357c1d435.0000007d.honggfuzz.cov differ diff --git a/examples/bind/corpus/d21c7f97d9a177b4e918bf883a07cbbe.00000020.honggfuzz.cov b/examples/bind/corpus/d21c7f97d9a177b4e918bf883a07cbbe.00000020.honggfuzz.cov deleted file mode 100644 index 88e9d0ae..00000000 Binary files a/examples/bind/corpus/d21c7f97d9a177b4e918bf883a07cbbe.00000020.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d2712999e78a6401bef5b13cff53316c.000000f9.honggfuzz.cov b/examples/bind/corpus/d2712999e78a6401bef5b13cff53316c.000000f9.honggfuzz.cov deleted file mode 100644 index 173a4751..00000000 Binary files a/examples/bind/corpus/d2712999e78a6401bef5b13cff53316c.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d271d9588142d34904aaf74d076e76e6.0000005e.honggfuzz.cov b/examples/bind/corpus/d271d9588142d34904aaf74d076e76e6.0000005e.honggfuzz.cov new file mode 100644 index 00000000..a0205c40 Binary files /dev/null and b/examples/bind/corpus/d271d9588142d34904aaf74d076e76e6.0000005e.honggfuzz.cov differ diff --git a/examples/bind/corpus/d2769114b7b2b9b4efd8a6e46b4e53fe.00000020.honggfuzz.cov b/examples/bind/corpus/d2769114b7b2b9b4efd8a6e46b4e53fe.00000020.honggfuzz.cov new file mode 100644 index 00000000..2cafc860 Binary files /dev/null and b/examples/bind/corpus/d2769114b7b2b9b4efd8a6e46b4e53fe.00000020.honggfuzz.cov differ diff --git a/examples/bind/corpus/d276912fd9b2b9b4efd8a6e443ee53fe.00000020.honggfuzz.cov b/examples/bind/corpus/d276912fd9b2b9b4efd8a6e443ee53fe.00000020.honggfuzz.cov deleted file mode 100644 index b85e68b2..00000000 Binary files a/examples/bind/corpus/d276912fd9b2b9b4efd8a6e443ee53fe.00000020.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d28bcdf69ec71cefe5944bcd28aea34b.00000085.honggfuzz.cov b/examples/bind/corpus/d28bcdf69ec71cefe5944bcd28aea34b.00000085.honggfuzz.cov deleted file mode 100644 index f9580b7b..00000000 Binary files a/examples/bind/corpus/d28bcdf69ec71cefe5944bcd28aea34b.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d2a5d1791ccbf50b280cd609fe6f8e0e.000000f9.honggfuzz.cov b/examples/bind/corpus/d2a5d1791ccbf50b280cd609fe6f8e0e.000000f9.honggfuzz.cov deleted file mode 100644 index c5743b59..00000000 Binary files a/examples/bind/corpus/d2a5d1791ccbf50b280cd609fe6f8e0e.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d2c89b3ac7d2cbe040b26925b13136eb.00000085.honggfuzz.cov b/examples/bind/corpus/d2c89b3ac7d2cbe040b26925b13136eb.00000085.honggfuzz.cov deleted file mode 100644 index 4d30f93a..00000000 Binary files a/examples/bind/corpus/d2c89b3ac7d2cbe040b26925b13136eb.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d2cd15377f2db03212eec70819beb4fd.0000098f.honggfuzz.cov b/examples/bind/corpus/d2cd15377f2db03212eec70819beb4fd.0000098f.honggfuzz.cov deleted file mode 100644 index 58fa1bd1..00000000 Binary files a/examples/bind/corpus/d2cd15377f2db03212eec70819beb4fd.0000098f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d2da68db53c81a45efa38757c0aadd5e.0000fe29.honggfuzz.cov b/examples/bind/corpus/d2da68db53c81a45efa38757c0aadd5e.0000fe29.honggfuzz.cov new file mode 100644 index 00000000..24ed90e7 Binary files /dev/null and b/examples/bind/corpus/d2da68db53c81a45efa38757c0aadd5e.0000fe29.honggfuzz.cov differ diff --git a/examples/bind/corpus/d30584f39e6128f62f274fd2bc96b07f.0001caea.honggfuzz.cov b/examples/bind/corpus/d30584f39e6128f62f274fd2bc96b07f.0001caea.honggfuzz.cov deleted file mode 100644 index 34e63390..00000000 Binary files a/examples/bind/corpus/d30584f39e6128f62f274fd2bc96b07f.0001caea.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d31c695a02da6a8eb8d289a7c451be24.000000ff.honggfuzz.cov b/examples/bind/corpus/d31c695a02da6a8eb8d289a7c451be24.000000ff.honggfuzz.cov new file mode 100644 index 00000000..2043b75b Binary files /dev/null and b/examples/bind/corpus/d31c695a02da6a8eb8d289a7c451be24.000000ff.honggfuzz.cov differ diff --git a/examples/bind/corpus/d337345eb447bbc0f312be75791a1c01.00000085.honggfuzz.cov b/examples/bind/corpus/d337345eb447bbc0f312be75791a1c01.00000085.honggfuzz.cov deleted file mode 100644 index e235e7d0..00000000 Binary files a/examples/bind/corpus/d337345eb447bbc0f312be75791a1c01.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d33cd71c60e11bb4aa5565801727ca0d.000000f9.honggfuzz.cov b/examples/bind/corpus/d33cd71c60e11bb4aa5565801727ca0d.000000f9.honggfuzz.cov new file mode 100644 index 00000000..5a5e5d27 Binary files /dev/null and b/examples/bind/corpus/d33cd71c60e11bb4aa5565801727ca0d.000000f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/d33eda4ed2d3a31f5f16088dbfacac6c.00000f78.honggfuzz.cov b/examples/bind/corpus/d33eda4ed2d3a31f5f16088dbfacac6c.00000f78.honggfuzz.cov deleted file mode 100644 index 8070f956..00000000 Binary files a/examples/bind/corpus/d33eda4ed2d3a31f5f16088dbfacac6c.00000f78.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d35236c915fcbf127d3ef7f3bfc47ec4.0000101f.honggfuzz.cov b/examples/bind/corpus/d35236c915fcbf127d3ef7f3bfc47ec4.0000101f.honggfuzz.cov new file mode 100644 index 00000000..cd922be8 Binary files /dev/null and b/examples/bind/corpus/d35236c915fcbf127d3ef7f3bfc47ec4.0000101f.honggfuzz.cov differ diff --git a/examples/bind/corpus/d374cc435aed7af3cd7629d31b7bcc23.00016ced.honggfuzz.cov b/examples/bind/corpus/d374cc435aed7af3cd7629d31b7bcc23.00016ced.honggfuzz.cov deleted file mode 100644 index 7e0de4ba..00000000 Binary files a/examples/bind/corpus/d374cc435aed7af3cd7629d31b7bcc23.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d377819d730f3670c0de3a86d7e69596.000000b4.honggfuzz.cov b/examples/bind/corpus/d377819d730f3670c0de3a86d7e69596.000000b4.honggfuzz.cov deleted file mode 100644 index dc3fe0b1..00000000 Binary files a/examples/bind/corpus/d377819d730f3670c0de3a86d7e69596.000000b4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d3934dff4a3de1b267221a3a6a88f27a.00000032.honggfuzz.cov b/examples/bind/corpus/d3934dff4a3de1b267221a3a6a88f27a.00000032.honggfuzz.cov new file mode 100644 index 00000000..73d21400 Binary files /dev/null and b/examples/bind/corpus/d3934dff4a3de1b267221a3a6a88f27a.00000032.honggfuzz.cov differ diff --git a/examples/bind/corpus/d3a0eebd1f6d3089871934f7575eb084.0000d376.honggfuzz.cov b/examples/bind/corpus/d3a0eebd1f6d3089871934f7575eb084.0000d376.honggfuzz.cov deleted file mode 100644 index 4d2b9089..00000000 Binary files a/examples/bind/corpus/d3a0eebd1f6d3089871934f7575eb084.0000d376.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d3c408af3bcefff2fb7e34f1b40f0919.00004481.honggfuzz.cov b/examples/bind/corpus/d3c408af3bcefff2fb7e34f1b40f0919.00004481.honggfuzz.cov new file mode 100644 index 00000000..82fcfa87 Binary files /dev/null and b/examples/bind/corpus/d3c408af3bcefff2fb7e34f1b40f0919.00004481.honggfuzz.cov differ diff --git a/examples/bind/corpus/d40756271a1ee4e27b5a0dae5e72f6d4.00000074.honggfuzz.cov b/examples/bind/corpus/d40756271a1ee4e27b5a0dae5e72f6d4.00000074.honggfuzz.cov new file mode 100644 index 00000000..a1172610 Binary files /dev/null and b/examples/bind/corpus/d40756271a1ee4e27b5a0dae5e72f6d4.00000074.honggfuzz.cov differ diff --git a/examples/bind/corpus/d4123f93b77c8b5b037d12101700dce4.00000085.honggfuzz.cov b/examples/bind/corpus/d4123f93b77c8b5b037d12101700dce4.00000085.honggfuzz.cov deleted file mode 100644 index 465632b1..00000000 Binary files a/examples/bind/corpus/d4123f93b77c8b5b037d12101700dce4.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d42326c9ebfebee0c93b61aae1ad3d09.00000085.honggfuzz.cov b/examples/bind/corpus/d42326c9ebfebee0c93b61aae1ad3d09.00000085.honggfuzz.cov deleted file mode 100644 index 1e3d5b1a..00000000 Binary files a/examples/bind/corpus/d42326c9ebfebee0c93b61aae1ad3d09.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d42ace3ebd645b5fb7aaa83b8a3f1767.0000007d.honggfuzz.cov b/examples/bind/corpus/d42ace3ebd645b5fb7aaa83b8a3f1767.0000007d.honggfuzz.cov new file mode 100644 index 00000000..8a8656e7 Binary files /dev/null and b/examples/bind/corpus/d42ace3ebd645b5fb7aaa83b8a3f1767.0000007d.honggfuzz.cov differ diff --git a/examples/bind/corpus/d447e7e7cd189a40aa4d07a70cc1cb85.00000080.honggfuzz.cov b/examples/bind/corpus/d447e7e7cd189a40aa4d07a70cc1cb85.00000080.honggfuzz.cov new file mode 100644 index 00000000..83b015e0 Binary files /dev/null and b/examples/bind/corpus/d447e7e7cd189a40aa4d07a70cc1cb85.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/d4498a27686479ed7af8c5b43cccf4c0.000000d9.honggfuzz.cov b/examples/bind/corpus/d4498a27686479ed7af8c5b43cccf4c0.000000d9.honggfuzz.cov new file mode 100644 index 00000000..b660e013 Binary files /dev/null and b/examples/bind/corpus/d4498a27686479ed7af8c5b43cccf4c0.000000d9.honggfuzz.cov differ diff --git a/examples/bind/corpus/d4575b6696dd80a71847e7e1584388e5.00000085.honggfuzz.cov b/examples/bind/corpus/d4575b6696dd80a71847e7e1584388e5.00000085.honggfuzz.cov deleted file mode 100644 index 05115fab..00000000 Binary files a/examples/bind/corpus/d4575b6696dd80a71847e7e1584388e5.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d47f471b88a7b5f739d71e6d193d6a64.00000085.honggfuzz.cov b/examples/bind/corpus/d47f471b88a7b5f739d71e6d193d6a64.00000085.honggfuzz.cov deleted file mode 100644 index 40821251..00000000 Binary files a/examples/bind/corpus/d47f471b88a7b5f739d71e6d193d6a64.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d4918b2e6fc6ece623c654bdb5ebb03f.0001153e.honggfuzz.cov b/examples/bind/corpus/d4918b2e6fc6ece623c654bdb5ebb03f.0001153e.honggfuzz.cov deleted file mode 100644 index d40e7931..00000000 Binary files a/examples/bind/corpus/d4918b2e6fc6ece623c654bdb5ebb03f.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d4c0a945b8f801d966a349c79a582f10.00000085.honggfuzz.cov b/examples/bind/corpus/d4c0a945b8f801d966a349c79a582f10.00000085.honggfuzz.cov deleted file mode 100644 index 25c1ba02..00000000 Binary files a/examples/bind/corpus/d4c0a945b8f801d966a349c79a582f10.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d4c3b33b610bf84246c24e9f3938bace.0000002d.honggfuzz.cov b/examples/bind/corpus/d4c3b33b610bf84246c24e9f3938bace.0000002d.honggfuzz.cov new file mode 100644 index 00000000..3ab80ac5 Binary files /dev/null and b/examples/bind/corpus/d4c3b33b610bf84246c24e9f3938bace.0000002d.honggfuzz.cov differ diff --git a/examples/bind/corpus/d4d0f9e5240f3097465458a051fd1c48.0000029e.honggfuzz.cov b/examples/bind/corpus/d4d0f9e5240f3097465458a051fd1c48.0000029e.honggfuzz.cov new file mode 100644 index 00000000..1383879d Binary files /dev/null and b/examples/bind/corpus/d4d0f9e5240f3097465458a051fd1c48.0000029e.honggfuzz.cov differ diff --git a/examples/bind/corpus/d4ea24f25ae212d516ec81661470face.000000f9.honggfuzz.cov b/examples/bind/corpus/d4ea24f25ae212d516ec81661470face.000000f9.honggfuzz.cov new file mode 100644 index 00000000..0779fbff Binary files /dev/null and b/examples/bind/corpus/d4ea24f25ae212d516ec81661470face.000000f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/d56a44e63d273494480b5ddec8819cf3.000001e3.honggfuzz.cov b/examples/bind/corpus/d56a44e63d273494480b5ddec8819cf3.000001e3.honggfuzz.cov deleted file mode 100644 index 45d796d5..00000000 Binary files a/examples/bind/corpus/d56a44e63d273494480b5ddec8819cf3.000001e3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d56af2ad12d20935231d547056bb32be.00000020.honggfuzz.cov b/examples/bind/corpus/d56af2ad12d20935231d547056bb32be.00000020.honggfuzz.cov deleted file mode 100644 index 56707475..00000000 Binary files a/examples/bind/corpus/d56af2ad12d20935231d547056bb32be.00000020.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d58b871bfebe7f0d26ac27f17cb57d6f.000003ed.honggfuzz.cov b/examples/bind/corpus/d58b871bfebe7f0d26ac27f17cb57d6f.000003ed.honggfuzz.cov deleted file mode 100644 index 2f526c61..00000000 Binary files a/examples/bind/corpus/d58b871bfebe7f0d26ac27f17cb57d6f.000003ed.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d5cac7c3e46ad0427217556b3b43d5c4.0000ffff.honggfuzz.cov b/examples/bind/corpus/d5cac7c3e46ad0427217556b3b43d5c4.0000ffff.honggfuzz.cov new file mode 100644 index 00000000..4c08a715 Binary files /dev/null and b/examples/bind/corpus/d5cac7c3e46ad0427217556b3b43d5c4.0000ffff.honggfuzz.cov differ diff --git a/examples/bind/corpus/d5e6c0773e0c878768fd89f6ed98a552.0000014e.honggfuzz.cov b/examples/bind/corpus/d5e6c0773e0c878768fd89f6ed98a552.0000014e.honggfuzz.cov new file mode 100644 index 00000000..5a6d1279 Binary files /dev/null and b/examples/bind/corpus/d5e6c0773e0c878768fd89f6ed98a552.0000014e.honggfuzz.cov differ diff --git a/examples/bind/corpus/d5fa4a427768375524c3c19193c81f28.00000085.honggfuzz.cov b/examples/bind/corpus/d5fa4a427768375524c3c19193c81f28.00000085.honggfuzz.cov deleted file mode 100644 index 12c8f928..00000000 Binary files a/examples/bind/corpus/d5fa4a427768375524c3c19193c81f28.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d60379f6f42b316f9ffb328099b50644.000000b4.honggfuzz.cov b/examples/bind/corpus/d60379f6f42b316f9ffb328099b50644.000000b4.honggfuzz.cov deleted file mode 100644 index 97938b2d..00000000 Binary files a/examples/bind/corpus/d60379f6f42b316f9ffb328099b50644.000000b4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d6159822fca7f772601a95c3076a98ce.00001be6.honggfuzz.cov b/examples/bind/corpus/d6159822fca7f772601a95c3076a98ce.00001be6.honggfuzz.cov new file mode 100644 index 00000000..7a4cfbe3 Binary files /dev/null and b/examples/bind/corpus/d6159822fca7f772601a95c3076a98ce.00001be6.honggfuzz.cov differ diff --git a/examples/bind/corpus/d61b57b2bda433ff3476385a3b3b15d5.0000010f.honggfuzz.cov b/examples/bind/corpus/d61b57b2bda433ff3476385a3b3b15d5.0000010f.honggfuzz.cov new file mode 100644 index 00000000..bd8ae13d Binary files /dev/null and b/examples/bind/corpus/d61b57b2bda433ff3476385a3b3b15d5.0000010f.honggfuzz.cov differ diff --git a/examples/bind/corpus/d6335cacf3479ea6afedaead6aa8494b.00000085.honggfuzz.cov b/examples/bind/corpus/d6335cacf3479ea6afedaead6aa8494b.00000085.honggfuzz.cov deleted file mode 100644 index 4883f397..00000000 Binary files a/examples/bind/corpus/d6335cacf3479ea6afedaead6aa8494b.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d6529ce84e904b5a85a6d6fad3fb58a3.00000fd7.honggfuzz.cov b/examples/bind/corpus/d6529ce84e904b5a85a6d6fad3fb58a3.00000fd7.honggfuzz.cov deleted file mode 100644 index fcfaaa12..00000000 Binary files a/examples/bind/corpus/d6529ce84e904b5a85a6d6fad3fb58a3.00000fd7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d652d53b5cb290365b3984b6e6dc8bbe.000000f9.honggfuzz.cov b/examples/bind/corpus/d652d53b5cb290365b3984b6e6dc8bbe.000000f9.honggfuzz.cov deleted file mode 100644 index 04fd1b07..00000000 Binary files a/examples/bind/corpus/d652d53b5cb290365b3984b6e6dc8bbe.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d65685fbd11dbc7bb6d68ee2c6a2a573.00000f92.honggfuzz.cov b/examples/bind/corpus/d65685fbd11dbc7bb6d68ee2c6a2a573.00000f92.honggfuzz.cov deleted file mode 100644 index 0da9c7db..00000000 Binary files a/examples/bind/corpus/d65685fbd11dbc7bb6d68ee2c6a2a573.00000f92.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d66100ba348df8134444c86c7369b757.00000119.honggfuzz.cov b/examples/bind/corpus/d66100ba348df8134444c86c7369b757.00000119.honggfuzz.cov new file mode 100644 index 00000000..7d537f77 Binary files /dev/null and b/examples/bind/corpus/d66100ba348df8134444c86c7369b757.00000119.honggfuzz.cov differ diff --git a/examples/bind/corpus/d66a040dcc49ffcba0c43a7b72639005.000005d0.honggfuzz.cov b/examples/bind/corpus/d66a040dcc49ffcba0c43a7b72639005.000005d0.honggfuzz.cov deleted file mode 100644 index 3e934ad2..00000000 Binary files a/examples/bind/corpus/d66a040dcc49ffcba0c43a7b72639005.000005d0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d6ae14b167c9a86f277c5238f8190eb5.0000005d.honggfuzz.cov b/examples/bind/corpus/d6ae14b167c9a86f277c5238f8190eb5.0000005d.honggfuzz.cov deleted file mode 100644 index 29079f0e..00000000 Binary files a/examples/bind/corpus/d6ae14b167c9a86f277c5238f8190eb5.0000005d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d6c65a0894ba6651cfb50447fb5bfa8c.00013e4f.honggfuzz.cov b/examples/bind/corpus/d6c65a0894ba6651cfb50447fb5bfa8c.00013e4f.honggfuzz.cov new file mode 100644 index 00000000..6ab051ca Binary files /dev/null and b/examples/bind/corpus/d6c65a0894ba6651cfb50447fb5bfa8c.00013e4f.honggfuzz.cov differ diff --git a/examples/bind/corpus/d6d0bc0ec3d2f1638cc5ab4f7031130a.00000400.honggfuzz.cov b/examples/bind/corpus/d6d0bc0ec3d2f1638cc5ab4f7031130a.00000400.honggfuzz.cov deleted file mode 100644 index dfbf3d38..00000000 Binary files a/examples/bind/corpus/d6d0bc0ec3d2f1638cc5ab4f7031130a.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d6df235e545d3d9eb6587312a2dafeb1.0001c2ad.honggfuzz.cov b/examples/bind/corpus/d6df235e545d3d9eb6587312a2dafeb1.0001c2ad.honggfuzz.cov deleted file mode 100644 index 5789140a..00000000 Binary files a/examples/bind/corpus/d6df235e545d3d9eb6587312a2dafeb1.0001c2ad.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d6e329fbac4e066c51920024f5458ac8.00001eeb.honggfuzz.cov b/examples/bind/corpus/d6e329fbac4e066c51920024f5458ac8.00001eeb.honggfuzz.cov deleted file mode 100644 index 74dc1363..00000000 Binary files a/examples/bind/corpus/d6e329fbac4e066c51920024f5458ac8.00001eeb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d724a5c5b4a770e860f0b009b4a1bfc3.000000f9.honggfuzz.cov b/examples/bind/corpus/d724a5c5b4a770e860f0b009b4a1bfc3.000000f9.honggfuzz.cov deleted file mode 100644 index 8a24af5b..00000000 Binary files a/examples/bind/corpus/d724a5c5b4a770e860f0b009b4a1bfc3.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d72610da7fd521db9c0c4922bc5987d8.00000039.honggfuzz.cov b/examples/bind/corpus/d72610da7fd521db9c0c4922bc5987d8.00000039.honggfuzz.cov new file mode 100644 index 00000000..81c94283 Binary files /dev/null and b/examples/bind/corpus/d72610da7fd521db9c0c4922bc5987d8.00000039.honggfuzz.cov differ diff --git a/examples/bind/corpus/d7442df31b1148b879f1dd2090fbe82b.000011c6.honggfuzz.cov b/examples/bind/corpus/d7442df31b1148b879f1dd2090fbe82b.000011c6.honggfuzz.cov deleted file mode 100644 index aacf619b..00000000 Binary files a/examples/bind/corpus/d7442df31b1148b879f1dd2090fbe82b.000011c6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d74da7c1b9aebec5258096e66df76c36.0000023f.honggfuzz.cov b/examples/bind/corpus/d74da7c1b9aebec5258096e66df76c36.0000023f.honggfuzz.cov deleted file mode 100644 index 4e56f82b..00000000 Binary files a/examples/bind/corpus/d74da7c1b9aebec5258096e66df76c36.0000023f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d75195c9352e37229810a958cca6221d.00000085.honggfuzz.cov b/examples/bind/corpus/d75195c9352e37229810a958cca6221d.00000085.honggfuzz.cov new file mode 100644 index 00000000..33503c16 Binary files /dev/null and b/examples/bind/corpus/d75195c9352e37229810a958cca6221d.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/d75becbdde788defd1524ae406f62a5d.000019fe.honggfuzz.cov b/examples/bind/corpus/d75becbdde788defd1524ae406f62a5d.000019fe.honggfuzz.cov new file mode 100644 index 00000000..635e592c Binary files /dev/null and b/examples/bind/corpus/d75becbdde788defd1524ae406f62a5d.000019fe.honggfuzz.cov differ diff --git a/examples/bind/corpus/d7792b439fc94f33550c029592ecd4df.00000085.honggfuzz.cov b/examples/bind/corpus/d7792b439fc94f33550c029592ecd4df.00000085.honggfuzz.cov new file mode 100644 index 00000000..85a3652e Binary files /dev/null and b/examples/bind/corpus/d7792b439fc94f33550c029592ecd4df.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/d782e993e07a7f838bcb92a7a58fb5fd.00000288.honggfuzz.cov b/examples/bind/corpus/d782e993e07a7f838bcb92a7a58fb5fd.00000288.honggfuzz.cov deleted file mode 100644 index 310d118e..00000000 Binary files a/examples/bind/corpus/d782e993e07a7f838bcb92a7a58fb5fd.00000288.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d784d8b1ce158a59481bb4b9e706f297.00000096.honggfuzz.cov b/examples/bind/corpus/d784d8b1ce158a59481bb4b9e706f297.00000096.honggfuzz.cov deleted file mode 100644 index 0b07282d..00000000 Binary files a/examples/bind/corpus/d784d8b1ce158a59481bb4b9e706f297.00000096.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d7951868b1e1394c53b15c8d2f8bfda2.000001ae.honggfuzz.cov b/examples/bind/corpus/d7951868b1e1394c53b15c8d2f8bfda2.000001ae.honggfuzz.cov deleted file mode 100644 index a465d45b..00000000 Binary files a/examples/bind/corpus/d7951868b1e1394c53b15c8d2f8bfda2.000001ae.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d79ded6117c82bdc3606c5352f442714.0000005c.honggfuzz.cov b/examples/bind/corpus/d79ded6117c82bdc3606c5352f442714.0000005c.honggfuzz.cov deleted file mode 100644 index e4071c02..00000000 Binary files a/examples/bind/corpus/d79ded6117c82bdc3606c5352f442714.0000005c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d7a0dab2c43435106039523416b91ade.0000010e.honggfuzz.cov b/examples/bind/corpus/d7a0dab2c43435106039523416b91ade.0000010e.honggfuzz.cov new file mode 100644 index 00000000..afc21024 Binary files /dev/null and b/examples/bind/corpus/d7a0dab2c43435106039523416b91ade.0000010e.honggfuzz.cov differ diff --git a/examples/bind/corpus/d7b0aaa06946f0fdfcd2ed47df2fbd82.00000040.honggfuzz.cov b/examples/bind/corpus/d7b0aaa06946f0fdfcd2ed47df2fbd82.00000040.honggfuzz.cov deleted file mode 100644 index ff63e9fa..00000000 Binary files a/examples/bind/corpus/d7b0aaa06946f0fdfcd2ed47df2fbd82.00000040.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d7b374bb8e51c790ccbb525f2b90950b.000000d9.honggfuzz.cov b/examples/bind/corpus/d7b374bb8e51c790ccbb525f2b90950b.000000d9.honggfuzz.cov new file mode 100644 index 00000000..eee2a8b5 Binary files /dev/null and b/examples/bind/corpus/d7b374bb8e51c790ccbb525f2b90950b.000000d9.honggfuzz.cov differ diff --git a/examples/bind/corpus/d7d48dad213d1553c714aa72490f90c3.00004c84.honggfuzz.cov b/examples/bind/corpus/d7d48dad213d1553c714aa72490f90c3.00004c84.honggfuzz.cov deleted file mode 100644 index a09eb086..00000000 Binary files a/examples/bind/corpus/d7d48dad213d1553c714aa72490f90c3.00004c84.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d7f306826120ce4c09ce02c2ee61c04d.0001153e.honggfuzz.cov b/examples/bind/corpus/d7f306826120ce4c09ce02c2ee61c04d.0001153e.honggfuzz.cov deleted file mode 100644 index d7f5b892..00000000 Binary files a/examples/bind/corpus/d7f306826120ce4c09ce02c2ee61c04d.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d7fecceede47b3660b0e466512cfcc43.00000126.honggfuzz.cov b/examples/bind/corpus/d7fecceede47b3660b0e466512cfcc43.00000126.honggfuzz.cov deleted file mode 100644 index 9b22959a..00000000 Binary files a/examples/bind/corpus/d7fecceede47b3660b0e466512cfcc43.00000126.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d8207f66e3f52235f42ffab93611b269.0000107c.honggfuzz.cov b/examples/bind/corpus/d8207f66e3f52235f42ffab93611b269.0000107c.honggfuzz.cov deleted file mode 100644 index 1ed7a483..00000000 Binary files a/examples/bind/corpus/d8207f66e3f52235f42ffab93611b269.0000107c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d860823b99eec750063f12aaf2d90805.000000f7.honggfuzz.cov b/examples/bind/corpus/d860823b99eec750063f12aaf2d90805.000000f7.honggfuzz.cov deleted file mode 100644 index 088f0cd4..00000000 Binary files a/examples/bind/corpus/d860823b99eec750063f12aaf2d90805.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d865d91bf1e964c9ed0c69684cbfb421.00000085.honggfuzz.cov b/examples/bind/corpus/d865d91bf1e964c9ed0c69684cbfb421.00000085.honggfuzz.cov deleted file mode 100644 index 7bdd1171..00000000 Binary files a/examples/bind/corpus/d865d91bf1e964c9ed0c69684cbfb421.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d88b9a755d80741e94a5c549459ebffd.000000f9.honggfuzz.cov b/examples/bind/corpus/d88b9a755d80741e94a5c549459ebffd.000000f9.honggfuzz.cov new file mode 100644 index 00000000..96c98537 Binary files /dev/null and b/examples/bind/corpus/d88b9a755d80741e94a5c549459ebffd.000000f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/d892deba2a221b1b1b53770526aed19b.000000f9.honggfuzz.cov b/examples/bind/corpus/d892deba2a221b1b1b53770526aed19b.000000f9.honggfuzz.cov deleted file mode 100644 index ff6c825e..00000000 Binary files a/examples/bind/corpus/d892deba2a221b1b1b53770526aed19b.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d8a43547d48db9adfed968f859d0ee23.000001e3.honggfuzz.cov b/examples/bind/corpus/d8a43547d48db9adfed968f859d0ee23.000001e3.honggfuzz.cov new file mode 100644 index 00000000..8c568c9a Binary files /dev/null and b/examples/bind/corpus/d8a43547d48db9adfed968f859d0ee23.000001e3.honggfuzz.cov differ diff --git a/examples/bind/corpus/d8b246a2cfb3694169cb24a1aa880abd.00000020.honggfuzz.cov b/examples/bind/corpus/d8b246a2cfb3694169cb24a1aa880abd.00000020.honggfuzz.cov deleted file mode 100644 index 6b75be19..00000000 Binary files a/examples/bind/corpus/d8b246a2cfb3694169cb24a1aa880abd.00000020.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d8d51a0fba2f1c36f86cbd4fd81d7725.0000053b.honggfuzz.cov b/examples/bind/corpus/d8d51a0fba2f1c36f86cbd4fd81d7725.0000053b.honggfuzz.cov new file mode 100644 index 00000000..a8b65142 Binary files /dev/null and b/examples/bind/corpus/d8d51a0fba2f1c36f86cbd4fd81d7725.0000053b.honggfuzz.cov differ diff --git a/examples/bind/corpus/d8e0565159586c06f829e591905556a8.00000096.honggfuzz.cov b/examples/bind/corpus/d8e0565159586c06f829e591905556a8.00000096.honggfuzz.cov new file mode 100644 index 00000000..15b60839 Binary files /dev/null and b/examples/bind/corpus/d8e0565159586c06f829e591905556a8.00000096.honggfuzz.cov differ diff --git a/examples/bind/corpus/d9169c61829eabcbb0339cd8c72f5b1e.00000d02.honggfuzz.cov b/examples/bind/corpus/d9169c61829eabcbb0339cd8c72f5b1e.00000d02.honggfuzz.cov deleted file mode 100644 index 8c9481d3..00000000 Binary files a/examples/bind/corpus/d9169c61829eabcbb0339cd8c72f5b1e.00000d02.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d930f482f6ed039920120dd624e5511a.0000db22.honggfuzz.cov b/examples/bind/corpus/d930f482f6ed039920120dd624e5511a.0000db22.honggfuzz.cov deleted file mode 100644 index c9351ef7..00000000 Binary files a/examples/bind/corpus/d930f482f6ed039920120dd624e5511a.0000db22.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d944eaa49fd26675ec09ebbda2325d8d.0000030b.honggfuzz.cov b/examples/bind/corpus/d944eaa49fd26675ec09ebbda2325d8d.0000030b.honggfuzz.cov new file mode 100644 index 00000000..0a4efcf9 Binary files /dev/null and b/examples/bind/corpus/d944eaa49fd26675ec09ebbda2325d8d.0000030b.honggfuzz.cov differ diff --git a/examples/bind/corpus/d94ca649f80a5f510e5d191900b730b4.0000010f.honggfuzz.cov b/examples/bind/corpus/d94ca649f80a5f510e5d191900b730b4.0000010f.honggfuzz.cov new file mode 100644 index 00000000..ea70d7b4 Binary files /dev/null and b/examples/bind/corpus/d94ca649f80a5f510e5d191900b730b4.0000010f.honggfuzz.cov differ diff --git a/examples/bind/corpus/d98b0dd26aafef49c83b15327009e75d.000000f7.honggfuzz.cov b/examples/bind/corpus/d98b0dd26aafef49c83b15327009e75d.000000f7.honggfuzz.cov deleted file mode 100644 index 07689795..00000000 Binary files a/examples/bind/corpus/d98b0dd26aafef49c83b15327009e75d.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d9ee23f8c7759a7ec05c7123c5db9e0f.00000080.honggfuzz.cov b/examples/bind/corpus/d9ee23f8c7759a7ec05c7123c5db9e0f.00000080.honggfuzz.cov deleted file mode 100644 index 7ee95ae3..00000000 Binary files a/examples/bind/corpus/d9ee23f8c7759a7ec05c7123c5db9e0f.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/d9f6c8db4a868f052cf719e17fad017d.0001f7e8.honggfuzz.cov b/examples/bind/corpus/d9f6c8db4a868f052cf719e17fad017d.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..db4e5769 Binary files /dev/null and b/examples/bind/corpus/d9f6c8db4a868f052cf719e17fad017d.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/da0d72de62eaa73ba7876fae68760f80.00001a4a.honggfuzz.cov b/examples/bind/corpus/da0d72de62eaa73ba7876fae68760f80.00001a4a.honggfuzz.cov new file mode 100644 index 00000000..d9363d3f Binary files /dev/null and b/examples/bind/corpus/da0d72de62eaa73ba7876fae68760f80.00001a4a.honggfuzz.cov differ diff --git a/examples/bind/corpus/da189e64dcfb2c7efc12da4aff0867c9.0000015c.honggfuzz.cov b/examples/bind/corpus/da189e64dcfb2c7efc12da4aff0867c9.0000015c.honggfuzz.cov deleted file mode 100644 index b991fa6b..00000000 Binary files a/examples/bind/corpus/da189e64dcfb2c7efc12da4aff0867c9.0000015c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/da276ef9b2fbc11a8cafbe851b7ad187.00000085.honggfuzz.cov b/examples/bind/corpus/da276ef9b2fbc11a8cafbe851b7ad187.00000085.honggfuzz.cov new file mode 100644 index 00000000..d9c12659 Binary files /dev/null and b/examples/bind/corpus/da276ef9b2fbc11a8cafbe851b7ad187.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/da328d1e2120cececa918d5bf9e2be11.000101c9.honggfuzz.cov b/examples/bind/corpus/da328d1e2120cececa918d5bf9e2be11.000101c9.honggfuzz.cov new file mode 100644 index 00000000..2eeaa44c Binary files /dev/null and b/examples/bind/corpus/da328d1e2120cececa918d5bf9e2be11.000101c9.honggfuzz.cov differ diff --git a/examples/bind/corpus/da4f08cc1a8c807a39a034866d739a66.00000085.honggfuzz.cov b/examples/bind/corpus/da4f08cc1a8c807a39a034866d739a66.00000085.honggfuzz.cov deleted file mode 100644 index 9d7ced0e..00000000 Binary files a/examples/bind/corpus/da4f08cc1a8c807a39a034866d739a66.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/da5a358861caebe4d8f87ca29a8ad404.0001f7e8.honggfuzz.cov b/examples/bind/corpus/da5a358861caebe4d8f87ca29a8ad404.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..8ff80426 Binary files /dev/null and b/examples/bind/corpus/da5a358861caebe4d8f87ca29a8ad404.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/da5a3b127d7f14883e52edd79a4ac2a6.000002b5.honggfuzz.cov b/examples/bind/corpus/da5a3b127d7f14883e52edd79a4ac2a6.000002b5.honggfuzz.cov deleted file mode 100644 index 55c164ee..00000000 Binary files a/examples/bind/corpus/da5a3b127d7f14883e52edd79a4ac2a6.000002b5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/da678136fc8b09dc2405adf656f73b7f.00001620.honggfuzz.cov b/examples/bind/corpus/da678136fc8b09dc2405adf656f73b7f.00001620.honggfuzz.cov new file mode 100644 index 00000000..2e528553 Binary files /dev/null and b/examples/bind/corpus/da678136fc8b09dc2405adf656f73b7f.00001620.honggfuzz.cov differ diff --git a/examples/bind/corpus/da7ade3913ba935cecfce3ed70982e7c.00000e0d.honggfuzz.cov b/examples/bind/corpus/da7ade3913ba935cecfce3ed70982e7c.00000e0d.honggfuzz.cov deleted file mode 100644 index 800b9ee2..00000000 Binary files a/examples/bind/corpus/da7ade3913ba935cecfce3ed70982e7c.00000e0d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/da7c8d978ad0c60649559277efa32486.00002000.honggfuzz.cov b/examples/bind/corpus/da7c8d978ad0c60649559277efa32486.00002000.honggfuzz.cov deleted file mode 100644 index 0ad7fd6e..00000000 Binary files a/examples/bind/corpus/da7c8d978ad0c60649559277efa32486.00002000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/da92460868677a9cbfa6c9ce034b28ca.00000094.honggfuzz.cov b/examples/bind/corpus/da92460868677a9cbfa6c9ce034b28ca.00000094.honggfuzz.cov deleted file mode 100644 index 99095f76..00000000 Binary files a/examples/bind/corpus/da92460868677a9cbfa6c9ce034b28ca.00000094.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dab2ce5f2c8c8c196e6dcc64bc7b89b4.0000e399.honggfuzz.cov b/examples/bind/corpus/dab2ce5f2c8c8c196e6dcc64bc7b89b4.0000e399.honggfuzz.cov deleted file mode 100644 index 9ef486a5..00000000 Binary files a/examples/bind/corpus/dab2ce5f2c8c8c196e6dcc64bc7b89b4.0000e399.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dac69f8baaf627e8cc35085a1e868e71.000003a2.honggfuzz.cov b/examples/bind/corpus/dac69f8baaf627e8cc35085a1e868e71.000003a2.honggfuzz.cov new file mode 100644 index 00000000..4888826b Binary files /dev/null and b/examples/bind/corpus/dac69f8baaf627e8cc35085a1e868e71.000003a2.honggfuzz.cov differ diff --git a/examples/bind/corpus/dafc4975097a00fcdfcb641062c0e9b3.000000f9.honggfuzz.cov b/examples/bind/corpus/dafc4975097a00fcdfcb641062c0e9b3.000000f9.honggfuzz.cov deleted file mode 100644 index a25b765d..00000000 Binary files a/examples/bind/corpus/dafc4975097a00fcdfcb641062c0e9b3.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/db028c809aecdd2158ee6ee2d92a55f0.00077c14.honggfuzz.cov b/examples/bind/corpus/db028c809aecdd2158ee6ee2d92a55f0.00077c14.honggfuzz.cov deleted file mode 100644 index b4e33365..00000000 Binary files a/examples/bind/corpus/db028c809aecdd2158ee6ee2d92a55f0.00077c14.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/db0f3e7bc34aeb9fde78e4d83f330e7f.00020000.honggfuzz.cov b/examples/bind/corpus/db0f3e7bc34aeb9fde78e4d83f330e7f.00020000.honggfuzz.cov deleted file mode 100644 index 24b51d8a..00000000 Binary files a/examples/bind/corpus/db0f3e7bc34aeb9fde78e4d83f330e7f.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/db0f3f73a17e80b877dcc5b923d3f9ec.000000ab.honggfuzz.cov b/examples/bind/corpus/db0f3f73a17e80b877dcc5b923d3f9ec.000000ab.honggfuzz.cov deleted file mode 100644 index 2fb9cd4a..00000000 Binary files a/examples/bind/corpus/db0f3f73a17e80b877dcc5b923d3f9ec.000000ab.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/db1dd25908af22e539b4e196816f3303.000002d0.honggfuzz.cov b/examples/bind/corpus/db1dd25908af22e539b4e196816f3303.000002d0.honggfuzz.cov deleted file mode 100644 index a08c204e..00000000 Binary files a/examples/bind/corpus/db1dd25908af22e539b4e196816f3303.000002d0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/db53ecc97b9870f444881dfcb0090358.0000d7be.honggfuzz.cov b/examples/bind/corpus/db53ecc97b9870f444881dfcb0090358.0000d7be.honggfuzz.cov new file mode 100644 index 00000000..e233815e Binary files /dev/null and b/examples/bind/corpus/db53ecc97b9870f444881dfcb0090358.0000d7be.honggfuzz.cov differ diff --git a/examples/bind/corpus/dbacefa2cdd05d4e6dbc6a05e22b43bd.00000085.honggfuzz.cov b/examples/bind/corpus/dbacefa2cdd05d4e6dbc6a05e22b43bd.00000085.honggfuzz.cov deleted file mode 100644 index 9d18a035..00000000 Binary files a/examples/bind/corpus/dbacefa2cdd05d4e6dbc6a05e22b43bd.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dbcf903bdc5e2bf9c9f718841797ecf4.0000f0b4.honggfuzz.cov b/examples/bind/corpus/dbcf903bdc5e2bf9c9f718841797ecf4.0000f0b4.honggfuzz.cov deleted file mode 100644 index 721f139d..00000000 Binary files a/examples/bind/corpus/dbcf903bdc5e2bf9c9f718841797ecf4.0000f0b4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dbf7ce6eeb14ccd1325b4253a0ee4a6f.00000020.honggfuzz.cov b/examples/bind/corpus/dbf7ce6eeb14ccd1325b4253a0ee4a6f.00000020.honggfuzz.cov deleted file mode 100644 index bb0954be..00000000 Binary files a/examples/bind/corpus/dbf7ce6eeb14ccd1325b4253a0ee4a6f.00000020.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dc1c76480c8737910b49cc0ab3e20cd4.00000085.honggfuzz.cov b/examples/bind/corpus/dc1c76480c8737910b49cc0ab3e20cd4.00000085.honggfuzz.cov deleted file mode 100644 index b1b6ccbb..00000000 Binary files a/examples/bind/corpus/dc1c76480c8737910b49cc0ab3e20cd4.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dc27d546963cb75dce7b6d991f4e1e64.00000094.honggfuzz.cov b/examples/bind/corpus/dc27d546963cb75dce7b6d991f4e1e64.00000094.honggfuzz.cov deleted file mode 100644 index 3cfe795c..00000000 Binary files a/examples/bind/corpus/dc27d546963cb75dce7b6d991f4e1e64.00000094.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dc3204cbfcbd333e4506efb3d96bdcf5.000003cc.honggfuzz.cov b/examples/bind/corpus/dc3204cbfcbd333e4506efb3d96bdcf5.000003cc.honggfuzz.cov deleted file mode 100644 index 4d9d4b35..00000000 Binary files a/examples/bind/corpus/dc3204cbfcbd333e4506efb3d96bdcf5.000003cc.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dc481309f15c48586ff9ba6cacf8b183.000000d7.honggfuzz.cov b/examples/bind/corpus/dc481309f15c48586ff9ba6cacf8b183.000000d7.honggfuzz.cov deleted file mode 100644 index b1149346..00000000 Binary files a/examples/bind/corpus/dc481309f15c48586ff9ba6cacf8b183.000000d7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dc52659c89e1ab6e74391e4bbe66a7e5.00000085.honggfuzz.cov b/examples/bind/corpus/dc52659c89e1ab6e74391e4bbe66a7e5.00000085.honggfuzz.cov new file mode 100644 index 00000000..ac19b8d6 Binary files /dev/null and b/examples/bind/corpus/dc52659c89e1ab6e74391e4bbe66a7e5.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/dc6bd895ac6c23518941f8803464addf.00003a0b.honggfuzz.cov b/examples/bind/corpus/dc6bd895ac6c23518941f8803464addf.00003a0b.honggfuzz.cov deleted file mode 100644 index 55b09721..00000000 Binary files a/examples/bind/corpus/dc6bd895ac6c23518941f8803464addf.00003a0b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dcb9c7dda72036d80ac3566d6d025e08.0000e43b.honggfuzz.cov b/examples/bind/corpus/dcb9c7dda72036d80ac3566d6d025e08.0000e43b.honggfuzz.cov deleted file mode 100644 index aaf49e81..00000000 Binary files a/examples/bind/corpus/dcb9c7dda72036d80ac3566d6d025e08.0000e43b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dcd549667340431a603be44cc5f73031.00000037.honggfuzz.cov b/examples/bind/corpus/dcd549667340431a603be44cc5f73031.00000037.honggfuzz.cov new file mode 100644 index 00000000..246e695b Binary files /dev/null and b/examples/bind/corpus/dcd549667340431a603be44cc5f73031.00000037.honggfuzz.cov differ diff --git a/examples/bind/corpus/dcd9ebc299f4338397a26032279d0632.0000001d.honggfuzz.cov b/examples/bind/corpus/dcd9ebc299f4338397a26032279d0632.0000001d.honggfuzz.cov deleted file mode 100644 index 675783e1..00000000 Binary files a/examples/bind/corpus/dcd9ebc299f4338397a26032279d0632.0000001d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dcdfb4d3e2d77beff7915e7beee64826.00000085.honggfuzz.cov b/examples/bind/corpus/dcdfb4d3e2d77beff7915e7beee64826.00000085.honggfuzz.cov deleted file mode 100644 index 7e349e65..00000000 Binary files a/examples/bind/corpus/dcdfb4d3e2d77beff7915e7beee64826.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dce11765ad4273a29c198ee6f8b6e28d.0001f7e8.honggfuzz.cov b/examples/bind/corpus/dce11765ad4273a29c198ee6f8b6e28d.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..57475e60 Binary files /dev/null and b/examples/bind/corpus/dce11765ad4273a29c198ee6f8b6e28d.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/dcfcae2a12a57f469c6e44cc4b52cdb3.00000085.honggfuzz.cov b/examples/bind/corpus/dcfcae2a12a57f469c6e44cc4b52cdb3.00000085.honggfuzz.cov deleted file mode 100644 index 70176b40..00000000 Binary files a/examples/bind/corpus/dcfcae2a12a57f469c6e44cc4b52cdb3.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dcfd9527e76a93a5875ac6764f391c09.00000085.honggfuzz.cov b/examples/bind/corpus/dcfd9527e76a93a5875ac6764f391c09.00000085.honggfuzz.cov deleted file mode 100644 index 15996a55..00000000 Binary files a/examples/bind/corpus/dcfd9527e76a93a5875ac6764f391c09.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dd3b70a1fe83b9f43ef07f7ab4a84d88.0006071f.honggfuzz.cov b/examples/bind/corpus/dd3b70a1fe83b9f43ef07f7ab4a84d88.0006071f.honggfuzz.cov deleted file mode 100644 index f27482c3..00000000 Binary files a/examples/bind/corpus/dd3b70a1fe83b9f43ef07f7ab4a84d88.0006071f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dd51a1f7adb0d323bca16b04b306466b.000012a3.honggfuzz.cov b/examples/bind/corpus/dd51a1f7adb0d323bca16b04b306466b.000012a3.honggfuzz.cov new file mode 100644 index 00000000..fa53bbca Binary files /dev/null and b/examples/bind/corpus/dd51a1f7adb0d323bca16b04b306466b.000012a3.honggfuzz.cov differ diff --git a/examples/bind/corpus/dd5f21ccb1569b70cb15ebe7aa9f285b.000003f3.honggfuzz.cov b/examples/bind/corpus/dd5f21ccb1569b70cb15ebe7aa9f285b.000003f3.honggfuzz.cov new file mode 100644 index 00000000..55778c0b Binary files /dev/null and b/examples/bind/corpus/dd5f21ccb1569b70cb15ebe7aa9f285b.000003f3.honggfuzz.cov differ diff --git a/examples/bind/corpus/dd607e466d8392dffd9a6fa19e9bec97.0000a1aa.honggfuzz.cov b/examples/bind/corpus/dd607e466d8392dffd9a6fa19e9bec97.0000a1aa.honggfuzz.cov new file mode 100644 index 00000000..6721123d Binary files /dev/null and b/examples/bind/corpus/dd607e466d8392dffd9a6fa19e9bec97.0000a1aa.honggfuzz.cov differ diff --git a/examples/bind/corpus/dd709545ea316f7581e79299c7d6b11b.00000085.honggfuzz.cov b/examples/bind/corpus/dd709545ea316f7581e79299c7d6b11b.00000085.honggfuzz.cov deleted file mode 100644 index d543768a..00000000 Binary files a/examples/bind/corpus/dd709545ea316f7581e79299c7d6b11b.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dd8d032a093b8b898258a3326da9eb44.00003037.honggfuzz.cov b/examples/bind/corpus/dd8d032a093b8b898258a3326da9eb44.00003037.honggfuzz.cov deleted file mode 100644 index 3d481dde..00000000 Binary files a/examples/bind/corpus/dd8d032a093b8b898258a3326da9eb44.00003037.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dd905ce71ca8fb0ab32ce90c8f9960c8.0000c006.honggfuzz.cov b/examples/bind/corpus/dd905ce71ca8fb0ab32ce90c8f9960c8.0000c006.honggfuzz.cov deleted file mode 100644 index 5a79eec7..00000000 Binary files a/examples/bind/corpus/dd905ce71ca8fb0ab32ce90c8f9960c8.0000c006.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dd94e296671ebedf643388072c915575.00000200.honggfuzz.cov b/examples/bind/corpus/dd94e296671ebedf643388072c915575.00000200.honggfuzz.cov new file mode 100644 index 00000000..3497d440 Binary files /dev/null and b/examples/bind/corpus/dd94e296671ebedf643388072c915575.00000200.honggfuzz.cov differ diff --git a/examples/bind/corpus/dda3e80a2265bb1b49956173c79c28b1.00002272.honggfuzz.cov b/examples/bind/corpus/dda3e80a2265bb1b49956173c79c28b1.00002272.honggfuzz.cov new file mode 100644 index 00000000..3d5ec225 Binary files /dev/null and b/examples/bind/corpus/dda3e80a2265bb1b49956173c79c28b1.00002272.honggfuzz.cov differ diff --git a/examples/bind/corpus/ddaf3e33be9646859e6963f0d8c98e03.00001f4c.honggfuzz.cov b/examples/bind/corpus/ddaf3e33be9646859e6963f0d8c98e03.00001f4c.honggfuzz.cov new file mode 100644 index 00000000..2868cdec Binary files /dev/null and b/examples/bind/corpus/ddaf3e33be9646859e6963f0d8c98e03.00001f4c.honggfuzz.cov differ diff --git a/examples/bind/corpus/ddcc5c3b22e190ea85e4a0df1737844c.00000080.honggfuzz.cov b/examples/bind/corpus/ddcc5c3b22e190ea85e4a0df1737844c.00000080.honggfuzz.cov deleted file mode 100644 index aca7ffc0..00000000 Binary files a/examples/bind/corpus/ddcc5c3b22e190ea85e4a0df1737844c.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/de2b0c8772b53b8d8d5d9dbb7f6eb637.000001b0.honggfuzz.cov b/examples/bind/corpus/de2b0c8772b53b8d8d5d9dbb7f6eb637.000001b0.honggfuzz.cov deleted file mode 100644 index eb13c382..00000000 Binary files a/examples/bind/corpus/de2b0c8772b53b8d8d5d9dbb7f6eb637.000001b0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/de32599ead00696f6ab0854fe422135d.000101d0.honggfuzz.cov b/examples/bind/corpus/de32599ead00696f6ab0854fe422135d.000101d0.honggfuzz.cov new file mode 100644 index 00000000..821cbd89 Binary files /dev/null and b/examples/bind/corpus/de32599ead00696f6ab0854fe422135d.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/de497b5c65700009c2c0afb56c1326ca.00016ced.honggfuzz.cov b/examples/bind/corpus/de497b5c65700009c2c0afb56c1326ca.00016ced.honggfuzz.cov deleted file mode 100644 index d6ce0997..00000000 Binary files a/examples/bind/corpus/de497b5c65700009c2c0afb56c1326ca.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/de64a3fb52d61a554eba4219cd88e5e4.0000bcd6.honggfuzz.cov b/examples/bind/corpus/de64a3fb52d61a554eba4219cd88e5e4.0000bcd6.honggfuzz.cov new file mode 100644 index 00000000..d82b62d3 Binary files /dev/null and b/examples/bind/corpus/de64a3fb52d61a554eba4219cd88e5e4.0000bcd6.honggfuzz.cov differ diff --git a/examples/bind/corpus/de71bc3b54117c1147eb6a3cb8571fa6.00000359.honggfuzz.cov b/examples/bind/corpus/de71bc3b54117c1147eb6a3cb8571fa6.00000359.honggfuzz.cov deleted file mode 100644 index a2ba7331..00000000 Binary files a/examples/bind/corpus/de71bc3b54117c1147eb6a3cb8571fa6.00000359.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/de851545270ffaf17b22e19d60acabf9.00000080.honggfuzz.cov b/examples/bind/corpus/de851545270ffaf17b22e19d60acabf9.00000080.honggfuzz.cov new file mode 100644 index 00000000..d8cb3f5a Binary files /dev/null and b/examples/bind/corpus/de851545270ffaf17b22e19d60acabf9.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/de86687e1e5d4e83b5a403000d41bd73.00001616.honggfuzz.cov b/examples/bind/corpus/de86687e1e5d4e83b5a403000d41bd73.00001616.honggfuzz.cov new file mode 100644 index 00000000..5465bfd4 Binary files /dev/null and b/examples/bind/corpus/de86687e1e5d4e83b5a403000d41bd73.00001616.honggfuzz.cov differ diff --git a/examples/bind/corpus/de867d28f0247402306b637beb3cd061.00000288.honggfuzz.cov b/examples/bind/corpus/de867d28f0247402306b637beb3cd061.00000288.honggfuzz.cov deleted file mode 100644 index 8dbd2c0f..00000000 Binary files a/examples/bind/corpus/de867d28f0247402306b637beb3cd061.00000288.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/de88040a1eb2538e17a0ee68d325149f.000101d0.honggfuzz.cov b/examples/bind/corpus/de88040a1eb2538e17a0ee68d325149f.000101d0.honggfuzz.cov new file mode 100644 index 00000000..a3dbe9f9 Binary files /dev/null and b/examples/bind/corpus/de88040a1eb2538e17a0ee68d325149f.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/ded859b4ca3f16e9bde4c822e4d5b957.00000400.honggfuzz.cov b/examples/bind/corpus/ded859b4ca3f16e9bde4c822e4d5b957.00000400.honggfuzz.cov deleted file mode 100644 index f482f7ca..00000000 Binary files a/examples/bind/corpus/ded859b4ca3f16e9bde4c822e4d5b957.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/def935a2abd56c328e4a99d06d205df2.00000400.honggfuzz.cov b/examples/bind/corpus/def935a2abd56c328e4a99d06d205df2.00000400.honggfuzz.cov deleted file mode 100644 index 27078fed..00000000 Binary files a/examples/bind/corpus/def935a2abd56c328e4a99d06d205df2.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/defb70da93cb529cd01efbdae53f186a.0000ba11.honggfuzz.cov b/examples/bind/corpus/defb70da93cb529cd01efbdae53f186a.0000ba11.honggfuzz.cov deleted file mode 100644 index 9346e93b..00000000 Binary files a/examples/bind/corpus/defb70da93cb529cd01efbdae53f186a.0000ba11.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/df4228ccb8f4a6557dc30e216b353524.000000be.honggfuzz.cov b/examples/bind/corpus/df4228ccb8f4a6557dc30e216b353524.000000be.honggfuzz.cov new file mode 100644 index 00000000..584f43ea Binary files /dev/null and b/examples/bind/corpus/df4228ccb8f4a6557dc30e216b353524.000000be.honggfuzz.cov differ diff --git a/examples/bind/corpus/df696c5a323c478bddad1bb5369365b7.00000023.honggfuzz.cov b/examples/bind/corpus/df696c5a323c478bddad1bb5369365b7.00000023.honggfuzz.cov new file mode 100644 index 00000000..4e560871 Binary files /dev/null and b/examples/bind/corpus/df696c5a323c478bddad1bb5369365b7.00000023.honggfuzz.cov differ diff --git a/examples/bind/corpus/df7910b3ec6abecbe53bb4d2f62ad2a0.0000f77d.honggfuzz.cov b/examples/bind/corpus/df7910b3ec6abecbe53bb4d2f62ad2a0.0000f77d.honggfuzz.cov deleted file mode 100644 index 59d67df8..00000000 Binary files a/examples/bind/corpus/df7910b3ec6abecbe53bb4d2f62ad2a0.0000f77d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/df87fef554c20fbdcc9911b652a0b4f8.00000517.honggfuzz.cov b/examples/bind/corpus/df87fef554c20fbdcc9911b652a0b4f8.00000517.honggfuzz.cov new file mode 100644 index 00000000..6d38d029 Binary files /dev/null and b/examples/bind/corpus/df87fef554c20fbdcc9911b652a0b4f8.00000517.honggfuzz.cov differ diff --git a/examples/bind/corpus/df9de7caa4cab8ff8ba933c62d57ed3b.00000226.honggfuzz.cov b/examples/bind/corpus/df9de7caa4cab8ff8ba933c62d57ed3b.00000226.honggfuzz.cov new file mode 100644 index 00000000..81948741 Binary files /dev/null and b/examples/bind/corpus/df9de7caa4cab8ff8ba933c62d57ed3b.00000226.honggfuzz.cov differ diff --git a/examples/bind/corpus/df9e21091370538c255186803c894e5b.00000400.honggfuzz.cov b/examples/bind/corpus/df9e21091370538c255186803c894e5b.00000400.honggfuzz.cov deleted file mode 100644 index 50b49a99..00000000 Binary files a/examples/bind/corpus/df9e21091370538c255186803c894e5b.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/dfb95ec260c5fd3092949b7bd92fbf58.00000200.honggfuzz.cov b/examples/bind/corpus/dfb95ec260c5fd3092949b7bd92fbf58.00000200.honggfuzz.cov new file mode 100644 index 00000000..6d810b4e Binary files /dev/null and b/examples/bind/corpus/dfb95ec260c5fd3092949b7bd92fbf58.00000200.honggfuzz.cov differ diff --git a/examples/bind/corpus/dfe7503c056cb8d216b9bba372752653.00000b91.honggfuzz.cov b/examples/bind/corpus/dfe7503c056cb8d216b9bba372752653.00000b91.honggfuzz.cov new file mode 100644 index 00000000..19669aca Binary files /dev/null and b/examples/bind/corpus/dfe7503c056cb8d216b9bba372752653.00000b91.honggfuzz.cov differ diff --git a/examples/bind/corpus/e012df8fed1fdf12a87918c214c4806a.000000f9.honggfuzz.cov b/examples/bind/corpus/e012df8fed1fdf12a87918c214c4806a.000000f9.honggfuzz.cov new file mode 100644 index 00000000..13a0561f Binary files /dev/null and b/examples/bind/corpus/e012df8fed1fdf12a87918c214c4806a.000000f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/e01e9cb6f1d30ae6a969985d11cbba49.00000dc6.honggfuzz.cov b/examples/bind/corpus/e01e9cb6f1d30ae6a969985d11cbba49.00000dc6.honggfuzz.cov deleted file mode 100644 index d35f6123..00000000 Binary files a/examples/bind/corpus/e01e9cb6f1d30ae6a969985d11cbba49.00000dc6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e028d9a59a44ff6d17a1dc8e4b910797.00000086.honggfuzz.cov b/examples/bind/corpus/e028d9a59a44ff6d17a1dc8e4b910797.00000086.honggfuzz.cov deleted file mode 100644 index 2deb719c..00000000 Binary files a/examples/bind/corpus/e028d9a59a44ff6d17a1dc8e4b910797.00000086.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e02b3923bdd5200b5500926379e4605a.00000b86.honggfuzz.cov b/examples/bind/corpus/e02b3923bdd5200b5500926379e4605a.00000b86.honggfuzz.cov deleted file mode 100644 index cb20c26e..00000000 Binary files a/examples/bind/corpus/e02b3923bdd5200b5500926379e4605a.00000b86.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e032017fe14356458b94ab873f6bd8cf.000001cf.honggfuzz.cov b/examples/bind/corpus/e032017fe14356458b94ab873f6bd8cf.000001cf.honggfuzz.cov new file mode 100644 index 00000000..433278b4 Binary files /dev/null and b/examples/bind/corpus/e032017fe14356458b94ab873f6bd8cf.000001cf.honggfuzz.cov differ diff --git a/examples/bind/corpus/e0344b58834856c8686041e806297959.0000004c.honggfuzz.cov b/examples/bind/corpus/e0344b58834856c8686041e806297959.0000004c.honggfuzz.cov deleted file mode 100644 index ae24d532..00000000 Binary files a/examples/bind/corpus/e0344b58834856c8686041e806297959.0000004c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e0381ee63a79b73ce10845cb17da2508.00000318.honggfuzz.cov b/examples/bind/corpus/e0381ee63a79b73ce10845cb17da2508.00000318.honggfuzz.cov deleted file mode 100644 index 06a9c774..00000000 Binary files a/examples/bind/corpus/e0381ee63a79b73ce10845cb17da2508.00000318.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e042173370fe97b7bbd6fcbb33806b7b.000000f7.honggfuzz.cov b/examples/bind/corpus/e042173370fe97b7bbd6fcbb33806b7b.000000f7.honggfuzz.cov new file mode 100644 index 00000000..99626cf0 Binary files /dev/null and b/examples/bind/corpus/e042173370fe97b7bbd6fcbb33806b7b.000000f7.honggfuzz.cov differ diff --git a/examples/bind/corpus/e042ff827dd1f5c1fcc1f1b08fbe8ac9.00000080.honggfuzz.cov b/examples/bind/corpus/e042ff827dd1f5c1fcc1f1b08fbe8ac9.00000080.honggfuzz.cov deleted file mode 100644 index 93c3b816..00000000 Binary files a/examples/bind/corpus/e042ff827dd1f5c1fcc1f1b08fbe8ac9.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e045d530c015f9eb501386c36410deeb.00016340.honggfuzz.cov b/examples/bind/corpus/e045d530c015f9eb501386c36410deeb.00016340.honggfuzz.cov deleted file mode 100644 index 9beb766b..00000000 Binary files a/examples/bind/corpus/e045d530c015f9eb501386c36410deeb.00016340.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e053dbd91f664538332e77f8dbca3dc7.0001e145.honggfuzz.cov b/examples/bind/corpus/e053dbd91f664538332e77f8dbca3dc7.0001e145.honggfuzz.cov deleted file mode 100644 index f362e4ed..00000000 Binary files a/examples/bind/corpus/e053dbd91f664538332e77f8dbca3dc7.0001e145.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e058c5ec79a91a192e6d9db7aab7bae2.000001b0.honggfuzz.cov b/examples/bind/corpus/e058c5ec79a91a192e6d9db7aab7bae2.000001b0.honggfuzz.cov deleted file mode 100644 index b94355bc..00000000 Binary files a/examples/bind/corpus/e058c5ec79a91a192e6d9db7aab7bae2.000001b0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e05912c2e347b5b0e731185be39b1b06.00000037.honggfuzz.cov b/examples/bind/corpus/e05912c2e347b5b0e731185be39b1b06.00000037.honggfuzz.cov deleted file mode 100644 index f054e57d..00000000 Binary files a/examples/bind/corpus/e05912c2e347b5b0e731185be39b1b06.00000037.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e090f8cd4a90cfe051a3b54f70264239.00000c2e.honggfuzz.cov b/examples/bind/corpus/e090f8cd4a90cfe051a3b54f70264239.00000c2e.honggfuzz.cov deleted file mode 100644 index 66e001a5..00000000 Binary files a/examples/bind/corpus/e090f8cd4a90cfe051a3b54f70264239.00000c2e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e095cc557f0897df1a9dc490071a88a1.00000200.honggfuzz.cov b/examples/bind/corpus/e095cc557f0897df1a9dc490071a88a1.00000200.honggfuzz.cov new file mode 100644 index 00000000..ce380ee8 Binary files /dev/null and b/examples/bind/corpus/e095cc557f0897df1a9dc490071a88a1.00000200.honggfuzz.cov differ diff --git a/examples/bind/corpus/e0a976d5011db4ade5828833da4f2065.00002710.honggfuzz.cov b/examples/bind/corpus/e0a976d5011db4ade5828833da4f2065.00002710.honggfuzz.cov new file mode 100644 index 00000000..db9b6697 Binary files /dev/null and b/examples/bind/corpus/e0a976d5011db4ade5828833da4f2065.00002710.honggfuzz.cov differ diff --git a/examples/bind/corpus/e0aeaa20c62228babae0061650de2911.000001bd.honggfuzz.cov b/examples/bind/corpus/e0aeaa20c62228babae0061650de2911.000001bd.honggfuzz.cov new file mode 100644 index 00000000..71bdd2cc Binary files /dev/null and b/examples/bind/corpus/e0aeaa20c62228babae0061650de2911.000001bd.honggfuzz.cov differ diff --git a/examples/bind/corpus/e0d00637c6d08d0e160c2d7bebdb7896.00000085.honggfuzz.cov b/examples/bind/corpus/e0d00637c6d08d0e160c2d7bebdb7896.00000085.honggfuzz.cov new file mode 100644 index 00000000..a594d062 Binary files /dev/null and b/examples/bind/corpus/e0d00637c6d08d0e160c2d7bebdb7896.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/e0ef5dc91ec9d9baa40725d4ae86d310.00002000.honggfuzz.cov b/examples/bind/corpus/e0ef5dc91ec9d9baa40725d4ae86d310.00002000.honggfuzz.cov deleted file mode 100644 index f2d622f7..00000000 Binary files a/examples/bind/corpus/e0ef5dc91ec9d9baa40725d4ae86d310.00002000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e0f0ac3ca5ac017a33e66b4aa945fc54.00000085.honggfuzz.cov b/examples/bind/corpus/e0f0ac3ca5ac017a33e66b4aa945fc54.00000085.honggfuzz.cov new file mode 100644 index 00000000..d1f1c2ef Binary files /dev/null and b/examples/bind/corpus/e0f0ac3ca5ac017a33e66b4aa945fc54.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/e12bbe8168b4359c4d6a2628605d9d42.0000001d.honggfuzz.cov b/examples/bind/corpus/e12bbe8168b4359c4d6a2628605d9d42.0000001d.honggfuzz.cov new file mode 100644 index 00000000..d3e5eeda Binary files /dev/null and b/examples/bind/corpus/e12bbe8168b4359c4d6a2628605d9d42.0000001d.honggfuzz.cov differ diff --git a/examples/bind/corpus/e12f6d5836b26e66c43d4a5fdbaf78f1.00000086.honggfuzz.cov b/examples/bind/corpus/e12f6d5836b26e66c43d4a5fdbaf78f1.00000086.honggfuzz.cov deleted file mode 100644 index 9e08a02d..00000000 Binary files a/examples/bind/corpus/e12f6d5836b26e66c43d4a5fdbaf78f1.00000086.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e131ba4612299409392a1e3ce9efd845.00016ced.honggfuzz.cov b/examples/bind/corpus/e131ba4612299409392a1e3ce9efd845.00016ced.honggfuzz.cov deleted file mode 100644 index ebc75e6c..00000000 Binary files a/examples/bind/corpus/e131ba4612299409392a1e3ce9efd845.00016ced.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e168d2bfa3786c0294d437bdc6909ec1.00002000.honggfuzz.cov b/examples/bind/corpus/e168d2bfa3786c0294d437bdc6909ec1.00002000.honggfuzz.cov new file mode 100644 index 00000000..a284f556 Binary files /dev/null and b/examples/bind/corpus/e168d2bfa3786c0294d437bdc6909ec1.00002000.honggfuzz.cov differ diff --git a/examples/bind/corpus/e1bd3285bce6b8d42c362b14102ff2ba.00018619.honggfuzz.cov b/examples/bind/corpus/e1bd3285bce6b8d42c362b14102ff2ba.00018619.honggfuzz.cov deleted file mode 100644 index 24a4ee29..00000000 Binary files a/examples/bind/corpus/e1bd3285bce6b8d42c362b14102ff2ba.00018619.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e1ca1dddbc44f5ae5a61e55ee1d0ef51.000063a4.honggfuzz.cov b/examples/bind/corpus/e1ca1dddbc44f5ae5a61e55ee1d0ef51.000063a4.honggfuzz.cov deleted file mode 100644 index 75f93a81..00000000 Binary files a/examples/bind/corpus/e1ca1dddbc44f5ae5a61e55ee1d0ef51.000063a4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e1d8ac4dcda61fcaa94bf2dd38398b4e.00000085.honggfuzz.cov b/examples/bind/corpus/e1d8ac4dcda61fcaa94bf2dd38398b4e.00000085.honggfuzz.cov new file mode 100644 index 00000000..4c906efa Binary files /dev/null and b/examples/bind/corpus/e1d8ac4dcda61fcaa94bf2dd38398b4e.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/e1ebde865a77188ae78dddb7f9ebc872.0000021f.honggfuzz.cov b/examples/bind/corpus/e1ebde865a77188ae78dddb7f9ebc872.0000021f.honggfuzz.cov deleted file mode 100644 index 368e805d..00000000 Binary files a/examples/bind/corpus/e1ebde865a77188ae78dddb7f9ebc872.0000021f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e1f4774af62ad91abdedf30a5489a8ca.0000022b.honggfuzz.cov b/examples/bind/corpus/e1f4774af62ad91abdedf30a5489a8ca.0000022b.honggfuzz.cov deleted file mode 100644 index 0307940f..00000000 Binary files a/examples/bind/corpus/e1f4774af62ad91abdedf30a5489a8ca.0000022b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e1fff4a0763a8b7ef2dd744b80479f86.00000175.honggfuzz.cov b/examples/bind/corpus/e1fff4a0763a8b7ef2dd744b80479f86.00000175.honggfuzz.cov new file mode 100644 index 00000000..668c7850 Binary files /dev/null and b/examples/bind/corpus/e1fff4a0763a8b7ef2dd744b80479f86.00000175.honggfuzz.cov differ diff --git a/examples/bind/corpus/e20a76133776e945d3dc85ffdda35185.000000f9.honggfuzz.cov b/examples/bind/corpus/e20a76133776e945d3dc85ffdda35185.000000f9.honggfuzz.cov deleted file mode 100644 index 12716e97..00000000 Binary files a/examples/bind/corpus/e20a76133776e945d3dc85ffdda35185.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e210b900ab238467a0c0c23376fac25c.00000210.honggfuzz.cov b/examples/bind/corpus/e210b900ab238467a0c0c23376fac25c.00000210.honggfuzz.cov new file mode 100644 index 00000000..b2fe8ac1 Binary files /dev/null and b/examples/bind/corpus/e210b900ab238467a0c0c23376fac25c.00000210.honggfuzz.cov differ diff --git a/examples/bind/corpus/e23ea8c0ec7a66bdac6896ccd0acb14f.0001000b.honggfuzz.cov b/examples/bind/corpus/e23ea8c0ec7a66bdac6896ccd0acb14f.0001000b.honggfuzz.cov new file mode 100644 index 00000000..1d8f5582 Binary files /dev/null and b/examples/bind/corpus/e23ea8c0ec7a66bdac6896ccd0acb14f.0001000b.honggfuzz.cov differ diff --git a/examples/bind/corpus/e241f0ec9fa1484c3dd66e0156ce2554.000000d9.honggfuzz.cov b/examples/bind/corpus/e241f0ec9fa1484c3dd66e0156ce2554.000000d9.honggfuzz.cov new file mode 100644 index 00000000..ab9300e1 Binary files /dev/null and b/examples/bind/corpus/e241f0ec9fa1484c3dd66e0156ce2554.000000d9.honggfuzz.cov differ diff --git a/examples/bind/corpus/e26777fec6be6293f70ed2e5612c9716.000105b8.honggfuzz.cov b/examples/bind/corpus/e26777fec6be6293f70ed2e5612c9716.000105b8.honggfuzz.cov new file mode 100644 index 00000000..f34ee878 Binary files /dev/null and b/examples/bind/corpus/e26777fec6be6293f70ed2e5612c9716.000105b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/e27c4ab56584b4d2a0b9573eb67820d2.0000012e.honggfuzz.cov b/examples/bind/corpus/e27c4ab56584b4d2a0b9573eb67820d2.0000012e.honggfuzz.cov new file mode 100644 index 00000000..e3884d5f Binary files /dev/null and b/examples/bind/corpus/e27c4ab56584b4d2a0b9573eb67820d2.0000012e.honggfuzz.cov differ diff --git a/examples/bind/corpus/e28c3bb44b637c89c66ef100b8695ddb.00000083.honggfuzz.cov b/examples/bind/corpus/e28c3bb44b637c89c66ef100b8695ddb.00000083.honggfuzz.cov deleted file mode 100644 index 464e55b0..00000000 Binary files a/examples/bind/corpus/e28c3bb44b637c89c66ef100b8695ddb.00000083.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e2f6b89c20934b04c2bf95f8ecd1b6ac.00000400.honggfuzz.cov b/examples/bind/corpus/e2f6b89c20934b04c2bf95f8ecd1b6ac.00000400.honggfuzz.cov deleted file mode 100644 index 3c3b28fa..00000000 Binary files a/examples/bind/corpus/e2f6b89c20934b04c2bf95f8ecd1b6ac.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e30da596e577222c865c13a0bb85047b.000000f9.honggfuzz.cov b/examples/bind/corpus/e30da596e577222c865c13a0bb85047b.000000f9.honggfuzz.cov new file mode 100644 index 00000000..5339d2f5 Binary files /dev/null and b/examples/bind/corpus/e30da596e577222c865c13a0bb85047b.000000f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/e319d1ec72a1a699e820e62f59322a04.00000110.honggfuzz.cov b/examples/bind/corpus/e319d1ec72a1a699e820e62f59322a04.00000110.honggfuzz.cov new file mode 100644 index 00000000..02c755b9 Binary files /dev/null and b/examples/bind/corpus/e319d1ec72a1a699e820e62f59322a04.00000110.honggfuzz.cov differ diff --git a/examples/bind/corpus/e3231fad240336449a58b5af97548e62.000002a7.honggfuzz.cov b/examples/bind/corpus/e3231fad240336449a58b5af97548e62.000002a7.honggfuzz.cov new file mode 100644 index 00000000..ab5a6e6d Binary files /dev/null and b/examples/bind/corpus/e3231fad240336449a58b5af97548e62.000002a7.honggfuzz.cov differ diff --git a/examples/bind/corpus/e3259a616f8fb966a2e10578da44c125.00000042.honggfuzz.cov b/examples/bind/corpus/e3259a616f8fb966a2e10578da44c125.00000042.honggfuzz.cov deleted file mode 100644 index 0500ae6b..00000000 Binary files a/examples/bind/corpus/e3259a616f8fb966a2e10578da44c125.00000042.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e326aab1ef8fb966a1f1a9c7da44698d.00000042.honggfuzz.cov b/examples/bind/corpus/e326aab1ef8fb966a1f1a9c7da44698d.00000042.honggfuzz.cov new file mode 100644 index 00000000..a2b9e8a9 Binary files /dev/null and b/examples/bind/corpus/e326aab1ef8fb966a1f1a9c7da44698d.00000042.honggfuzz.cov differ diff --git a/examples/bind/corpus/e327026af2b87ac48894e4fd7430cb8f.00000017.honggfuzz.cov b/examples/bind/corpus/e327026af2b87ac48894e4fd7430cb8f.00000017.honggfuzz.cov new file mode 100644 index 00000000..cdaa0aec Binary files /dev/null and b/examples/bind/corpus/e327026af2b87ac48894e4fd7430cb8f.00000017.honggfuzz.cov differ diff --git a/examples/bind/corpus/e34295729383ba480da2f85e80036cb6.00000049.honggfuzz.cov b/examples/bind/corpus/e34295729383ba480da2f85e80036cb6.00000049.honggfuzz.cov new file mode 100644 index 00000000..c1a77485 Binary files /dev/null and b/examples/bind/corpus/e34295729383ba480da2f85e80036cb6.00000049.honggfuzz.cov differ diff --git a/examples/bind/corpus/e35df66c1d17a7ceb4804cc654085250.00000085.honggfuzz.cov b/examples/bind/corpus/e35df66c1d17a7ceb4804cc654085250.00000085.honggfuzz.cov deleted file mode 100644 index ecc8ad61..00000000 Binary files a/examples/bind/corpus/e35df66c1d17a7ceb4804cc654085250.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e3710eb91b28e455c03fa1f496019c6a.0004d423.honggfuzz.cov b/examples/bind/corpus/e3710eb91b28e455c03fa1f496019c6a.0004d423.honggfuzz.cov deleted file mode 100644 index a2099e74..00000000 Binary files a/examples/bind/corpus/e3710eb91b28e455c03fa1f496019c6a.0004d423.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e376a58f91fe107685f79af2a91ffb18.00000041.honggfuzz.cov b/examples/bind/corpus/e376a58f91fe107685f79af2a91ffb18.00000041.honggfuzz.cov new file mode 100644 index 00000000..7229c1b0 Binary files /dev/null and b/examples/bind/corpus/e376a58f91fe107685f79af2a91ffb18.00000041.honggfuzz.cov differ diff --git a/examples/bind/corpus/e3851e83a39746dadfdea9704b59692e.00000400.honggfuzz.cov b/examples/bind/corpus/e3851e83a39746dadfdea9704b59692e.00000400.honggfuzz.cov deleted file mode 100644 index b2f9e46b..00000000 Binary files a/examples/bind/corpus/e3851e83a39746dadfdea9704b59692e.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e3bad36edb6a29520bf6339c23bd0e11.00000400.honggfuzz.cov b/examples/bind/corpus/e3bad36edb6a29520bf6339c23bd0e11.00000400.honggfuzz.cov deleted file mode 100644 index 144f5844..00000000 Binary files a/examples/bind/corpus/e3bad36edb6a29520bf6339c23bd0e11.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e3bf240ef10e8919ce54e9ec3f4423e0.0000005c.honggfuzz.cov b/examples/bind/corpus/e3bf240ef10e8919ce54e9ec3f4423e0.0000005c.honggfuzz.cov new file mode 100644 index 00000000..c7cac975 Binary files /dev/null and b/examples/bind/corpus/e3bf240ef10e8919ce54e9ec3f4423e0.0000005c.honggfuzz.cov differ diff --git a/examples/bind/corpus/e3d7948b9439e1e9a42cd25cb1820a92.00000206.honggfuzz.cov b/examples/bind/corpus/e3d7948b9439e1e9a42cd25cb1820a92.00000206.honggfuzz.cov new file mode 100644 index 00000000..6d5d68b7 Binary files /dev/null and b/examples/bind/corpus/e3d7948b9439e1e9a42cd25cb1820a92.00000206.honggfuzz.cov differ diff --git a/examples/bind/corpus/e3e35fb941b81c6e23e5c71f9a462f87.0000ba65.honggfuzz.cov b/examples/bind/corpus/e3e35fb941b81c6e23e5c71f9a462f87.0000ba65.honggfuzz.cov deleted file mode 100644 index 3e24a3b9..00000000 Binary files a/examples/bind/corpus/e3e35fb941b81c6e23e5c71f9a462f87.0000ba65.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e3eb15fc99f56b1f15f50ba6da868586.0000003b.honggfuzz.cov b/examples/bind/corpus/e3eb15fc99f56b1f15f50ba6da868586.0000003b.honggfuzz.cov new file mode 100644 index 00000000..0e44cc5c Binary files /dev/null and b/examples/bind/corpus/e3eb15fc99f56b1f15f50ba6da868586.0000003b.honggfuzz.cov differ diff --git a/examples/bind/corpus/e3f196994d9e8d130e73a2ee600cda25.0000007a.honggfuzz.cov b/examples/bind/corpus/e3f196994d9e8d130e73a2ee600cda25.0000007a.honggfuzz.cov deleted file mode 100644 index 0bdcb5bc..00000000 Binary files a/examples/bind/corpus/e3f196994d9e8d130e73a2ee600cda25.0000007a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e3fa47a8039f14881d4504bd4e3ecf3a.00000076.honggfuzz.cov b/examples/bind/corpus/e3fa47a8039f14881d4504bd4e3ecf3a.00000076.honggfuzz.cov new file mode 100644 index 00000000..b7456570 Binary files /dev/null and b/examples/bind/corpus/e3fa47a8039f14881d4504bd4e3ecf3a.00000076.honggfuzz.cov differ diff --git a/examples/bind/corpus/e4066c2bbf18b2e867c8ee137151011a.00000085.honggfuzz.cov b/examples/bind/corpus/e4066c2bbf18b2e867c8ee137151011a.00000085.honggfuzz.cov deleted file mode 100644 index 7b5b438d..00000000 Binary files a/examples/bind/corpus/e4066c2bbf18b2e867c8ee137151011a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e49670c044eda9b6574b880bfc107e16.00000085.honggfuzz.cov b/examples/bind/corpus/e49670c044eda9b6574b880bfc107e16.00000085.honggfuzz.cov deleted file mode 100644 index b6939380..00000000 Binary files a/examples/bind/corpus/e49670c044eda9b6574b880bfc107e16.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e499079712bfb0886adcd1cca75e6c0a.0000eb12.honggfuzz.cov b/examples/bind/corpus/e499079712bfb0886adcd1cca75e6c0a.0000eb12.honggfuzz.cov deleted file mode 100644 index 27b2c5ac..00000000 Binary files a/examples/bind/corpus/e499079712bfb0886adcd1cca75e6c0a.0000eb12.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e4a5f817b8f167e4d05ba08c8202eab6.00000042.honggfuzz.cov b/examples/bind/corpus/e4a5f817b8f167e4d05ba08c8202eab6.00000042.honggfuzz.cov deleted file mode 100644 index 5d8a4138..00000000 Binary files a/examples/bind/corpus/e4a5f817b8f167e4d05ba08c8202eab6.00000042.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e4adf237eb74fc5c4bc190faf11b2d6c.00000216.honggfuzz.cov b/examples/bind/corpus/e4adf237eb74fc5c4bc190faf11b2d6c.00000216.honggfuzz.cov new file mode 100644 index 00000000..edde333a Binary files /dev/null and b/examples/bind/corpus/e4adf237eb74fc5c4bc190faf11b2d6c.00000216.honggfuzz.cov differ diff --git a/examples/bind/corpus/e4b035285c414f1325733b870cabbb97.00000100.honggfuzz.cov b/examples/bind/corpus/e4b035285c414f1325733b870cabbb97.00000100.honggfuzz.cov deleted file mode 100644 index e88dfe11..00000000 Binary files a/examples/bind/corpus/e4b035285c414f1325733b870cabbb97.00000100.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e4ba98885427b71f95b66cc83c8c1749.0000004b.honggfuzz.cov b/examples/bind/corpus/e4ba98885427b71f95b66cc83c8c1749.0000004b.honggfuzz.cov new file mode 100644 index 00000000..b3ee5415 Binary files /dev/null and b/examples/bind/corpus/e4ba98885427b71f95b66cc83c8c1749.0000004b.honggfuzz.cov differ diff --git a/examples/bind/corpus/e4ba98928ee7b71fd1b678dc3c8c1752.0000004b.honggfuzz.cov b/examples/bind/corpus/e4ba98928ee7b71fd1b678dc3c8c1752.0000004b.honggfuzz.cov deleted file mode 100644 index 9a9f9b05..00000000 Binary files a/examples/bind/corpus/e4ba98928ee7b71fd1b678dc3c8c1752.0000004b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e4d4c9bbbb19036fc66e8aada680b58e.00000bfa.honggfuzz.cov b/examples/bind/corpus/e4d4c9bbbb19036fc66e8aada680b58e.00000bfa.honggfuzz.cov deleted file mode 100644 index eb3fb45a..00000000 Binary files a/examples/bind/corpus/e4d4c9bbbb19036fc66e8aada680b58e.00000bfa.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e4db3983c75b7c946bb39ddfecb2d8f3.00001413.honggfuzz.cov b/examples/bind/corpus/e4db3983c75b7c946bb39ddfecb2d8f3.00001413.honggfuzz.cov new file mode 100644 index 00000000..1fa9bfe1 Binary files /dev/null and b/examples/bind/corpus/e4db3983c75b7c946bb39ddfecb2d8f3.00001413.honggfuzz.cov differ diff --git a/examples/bind/corpus/e4e20d4932e719a94eff1df0b7aa03b8.00000041.honggfuzz.cov b/examples/bind/corpus/e4e20d4932e719a94eff1df0b7aa03b8.00000041.honggfuzz.cov new file mode 100644 index 00000000..3f56df60 Binary files /dev/null and b/examples/bind/corpus/e4e20d4932e719a94eff1df0b7aa03b8.00000041.honggfuzz.cov differ diff --git a/examples/bind/corpus/e5173e08ddac030dd8fad092af33d0ce.00000085.honggfuzz.cov b/examples/bind/corpus/e5173e08ddac030dd8fad092af33d0ce.00000085.honggfuzz.cov deleted file mode 100644 index 443524e5..00000000 Binary files a/examples/bind/corpus/e5173e08ddac030dd8fad092af33d0ce.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e51e0ec894b4b5b4d27c2dc36bfef15e.00000085.honggfuzz.cov b/examples/bind/corpus/e51e0ec894b4b5b4d27c2dc36bfef15e.00000085.honggfuzz.cov deleted file mode 100644 index 3386cb13..00000000 Binary files a/examples/bind/corpus/e51e0ec894b4b5b4d27c2dc36bfef15e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e522fb8ab9f4d37c7d54cec834b1cad8.00000458.honggfuzz.cov b/examples/bind/corpus/e522fb8ab9f4d37c7d54cec834b1cad8.00000458.honggfuzz.cov new file mode 100644 index 00000000..38f32326 Binary files /dev/null and b/examples/bind/corpus/e522fb8ab9f4d37c7d54cec834b1cad8.00000458.honggfuzz.cov differ diff --git a/examples/bind/corpus/e5386751a1444d5989ecf08f6d486253.00000020.honggfuzz.cov b/examples/bind/corpus/e5386751a1444d5989ecf08f6d486253.00000020.honggfuzz.cov new file mode 100644 index 00000000..8d85b510 Binary files /dev/null and b/examples/bind/corpus/e5386751a1444d5989ecf08f6d486253.00000020.honggfuzz.cov differ diff --git a/examples/bind/corpus/e53e87c22447fe487e1b793ec1d2b395.000000f9.honggfuzz.cov b/examples/bind/corpus/e53e87c22447fe487e1b793ec1d2b395.000000f9.honggfuzz.cov deleted file mode 100644 index 3500cd6d..00000000 Binary files a/examples/bind/corpus/e53e87c22447fe487e1b793ec1d2b395.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e55ec2751df92050055841638ff6d26c.00000291.honggfuzz.cov b/examples/bind/corpus/e55ec2751df92050055841638ff6d26c.00000291.honggfuzz.cov deleted file mode 100644 index b34938a5..00000000 Binary files a/examples/bind/corpus/e55ec2751df92050055841638ff6d26c.00000291.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e56b3951ab225c861ec8eb0a92257ff6.000014e4.honggfuzz.cov b/examples/bind/corpus/e56b3951ab225c861ec8eb0a92257ff6.000014e4.honggfuzz.cov new file mode 100644 index 00000000..3b71ed0b Binary files /dev/null and b/examples/bind/corpus/e56b3951ab225c861ec8eb0a92257ff6.000014e4.honggfuzz.cov differ diff --git a/examples/bind/corpus/e572208179dbf5916e089caa57666a73.00000085.honggfuzz.cov b/examples/bind/corpus/e572208179dbf5916e089caa57666a73.00000085.honggfuzz.cov deleted file mode 100644 index bc8dfd52..00000000 Binary files a/examples/bind/corpus/e572208179dbf5916e089caa57666a73.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e57e6ff821ce9fd7f6262a3b5d8c3250.00001a79.honggfuzz.cov b/examples/bind/corpus/e57e6ff821ce9fd7f6262a3b5d8c3250.00001a79.honggfuzz.cov new file mode 100644 index 00000000..4412bba0 Binary files /dev/null and b/examples/bind/corpus/e57e6ff821ce9fd7f6262a3b5d8c3250.00001a79.honggfuzz.cov differ diff --git a/examples/bind/corpus/e5996643e77bcaaeb96247f173c16ce6.0000025b.honggfuzz.cov b/examples/bind/corpus/e5996643e77bcaaeb96247f173c16ce6.0000025b.honggfuzz.cov new file mode 100644 index 00000000..dda73a9e Binary files /dev/null and b/examples/bind/corpus/e5996643e77bcaaeb96247f173c16ce6.0000025b.honggfuzz.cov differ diff --git a/examples/bind/corpus/e5a42d4f28c02fa19138b07892d76c60.00010566.honggfuzz.cov b/examples/bind/corpus/e5a42d4f28c02fa19138b07892d76c60.00010566.honggfuzz.cov deleted file mode 100644 index 41e21491..00000000 Binary files a/examples/bind/corpus/e5a42d4f28c02fa19138b07892d76c60.00010566.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e5a776b149e5d1eeb42a29fc2b1cf0e9.00000208.honggfuzz.cov b/examples/bind/corpus/e5a776b149e5d1eeb42a29fc2b1cf0e9.00000208.honggfuzz.cov deleted file mode 100644 index 9f8148c3..00000000 Binary files a/examples/bind/corpus/e5a776b149e5d1eeb42a29fc2b1cf0e9.00000208.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e5b9f36535dee8e0d4a47489ba55595e.00000c08.honggfuzz.cov b/examples/bind/corpus/e5b9f36535dee8e0d4a47489ba55595e.00000c08.honggfuzz.cov new file mode 100644 index 00000000..adc94e54 Binary files /dev/null and b/examples/bind/corpus/e5b9f36535dee8e0d4a47489ba55595e.00000c08.honggfuzz.cov differ diff --git a/examples/bind/corpus/e5ee36f711471f5d23353cf0d8fbb608.00000081.honggfuzz.cov b/examples/bind/corpus/e5ee36f711471f5d23353cf0d8fbb608.00000081.honggfuzz.cov deleted file mode 100644 index b954eb60..00000000 Binary files a/examples/bind/corpus/e5ee36f711471f5d23353cf0d8fbb608.00000081.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e5ee4181183e330e549eb3550bca21cd.000000b1.honggfuzz.cov b/examples/bind/corpus/e5ee4181183e330e549eb3550bca21cd.000000b1.honggfuzz.cov new file mode 100644 index 00000000..eb6b26a2 Binary files /dev/null and b/examples/bind/corpus/e5ee4181183e330e549eb3550bca21cd.000000b1.honggfuzz.cov differ diff --git a/examples/bind/corpus/e5f5662904254d6e489d750e3b7a9297.000000d4.honggfuzz.cov b/examples/bind/corpus/e5f5662904254d6e489d750e3b7a9297.000000d4.honggfuzz.cov deleted file mode 100644 index 4c014a79..00000000 Binary files a/examples/bind/corpus/e5f5662904254d6e489d750e3b7a9297.000000d4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e5fd99428ab1ea83b31dbbaf91b21a43.00000c71.honggfuzz.cov b/examples/bind/corpus/e5fd99428ab1ea83b31dbbaf91b21a43.00000c71.honggfuzz.cov new file mode 100644 index 00000000..df99c8f8 Binary files /dev/null and b/examples/bind/corpus/e5fd99428ab1ea83b31dbbaf91b21a43.00000c71.honggfuzz.cov differ diff --git a/examples/bind/corpus/e61f0edf1a3aae2aa9ff9ce7f0a3a813.000000c7.honggfuzz.cov b/examples/bind/corpus/e61f0edf1a3aae2aa9ff9ce7f0a3a813.000000c7.honggfuzz.cov deleted file mode 100644 index 0dc7f8ad..00000000 Binary files a/examples/bind/corpus/e61f0edf1a3aae2aa9ff9ce7f0a3a813.000000c7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e627469303db389e4abfa947b2aa42ed.0000001a.honggfuzz.cov b/examples/bind/corpus/e627469303db389e4abfa947b2aa42ed.0000001a.honggfuzz.cov new file mode 100644 index 00000000..fbffa56d Binary files /dev/null and b/examples/bind/corpus/e627469303db389e4abfa947b2aa42ed.0000001a.honggfuzz.cov differ diff --git a/examples/bind/corpus/e64fdc4c82ff8806bd67b05995354db8.00011f85.honggfuzz.cov b/examples/bind/corpus/e64fdc4c82ff8806bd67b05995354db8.00011f85.honggfuzz.cov deleted file mode 100644 index 894e0326..00000000 Binary files a/examples/bind/corpus/e64fdc4c82ff8806bd67b05995354db8.00011f85.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e672a6ee87a764fdbb599c19e4d4bcf8.000069e6.honggfuzz.cov b/examples/bind/corpus/e672a6ee87a764fdbb599c19e4d4bcf8.000069e6.honggfuzz.cov deleted file mode 100644 index f3e95d30..00000000 Binary files a/examples/bind/corpus/e672a6ee87a764fdbb599c19e4d4bcf8.000069e6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e67436e07d1975400a1c3acedd063c0e.00000085.honggfuzz.cov b/examples/bind/corpus/e67436e07d1975400a1c3acedd063c0e.00000085.honggfuzz.cov deleted file mode 100644 index 8b3e3f60..00000000 Binary files a/examples/bind/corpus/e67436e07d1975400a1c3acedd063c0e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e6854856366b923c6d48ddcae1e6825d.00001350.honggfuzz.cov b/examples/bind/corpus/e6854856366b923c6d48ddcae1e6825d.00001350.honggfuzz.cov deleted file mode 100644 index 3f624ec8..00000000 Binary files a/examples/bind/corpus/e6854856366b923c6d48ddcae1e6825d.00001350.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e68a475a3634268ab8b8906fc88e07ab.00000233.honggfuzz.cov b/examples/bind/corpus/e68a475a3634268ab8b8906fc88e07ab.00000233.honggfuzz.cov deleted file mode 100644 index 5541ccb3..00000000 Binary files a/examples/bind/corpus/e68a475a3634268ab8b8906fc88e07ab.00000233.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e68be4cb8896bf4912f908950d789a7a.00000085.honggfuzz.cov b/examples/bind/corpus/e68be4cb8896bf4912f908950d789a7a.00000085.honggfuzz.cov deleted file mode 100644 index 2e4099da..00000000 Binary files a/examples/bind/corpus/e68be4cb8896bf4912f908950d789a7a.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e6b5e665048cff95d178de5be40dfeb2.0000d5a9.honggfuzz.cov b/examples/bind/corpus/e6b5e665048cff95d178de5be40dfeb2.0000d5a9.honggfuzz.cov deleted file mode 100644 index c349b1c1..00000000 Binary files a/examples/bind/corpus/e6b5e665048cff95d178de5be40dfeb2.0000d5a9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e6bcf617c1f3a82aa25f9630fbd6dc40.000101d0.honggfuzz.cov b/examples/bind/corpus/e6bcf617c1f3a82aa25f9630fbd6dc40.000101d0.honggfuzz.cov new file mode 100644 index 00000000..4a289ea1 Binary files /dev/null and b/examples/bind/corpus/e6bcf617c1f3a82aa25f9630fbd6dc40.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/e6c22652b41b68494fa80f9748925741.00000085.honggfuzz.cov b/examples/bind/corpus/e6c22652b41b68494fa80f9748925741.00000085.honggfuzz.cov deleted file mode 100644 index b7c94634..00000000 Binary files a/examples/bind/corpus/e6c22652b41b68494fa80f9748925741.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e6cf644a5a9b34351ee16fdbb504de55.00001be6.honggfuzz.cov b/examples/bind/corpus/e6cf644a5a9b34351ee16fdbb504de55.00001be6.honggfuzz.cov deleted file mode 100644 index 75370725..00000000 Binary files a/examples/bind/corpus/e6cf644a5a9b34351ee16fdbb504de55.00001be6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e6cf793f1de534c06076206508be80c7.00001057.honggfuzz.cov b/examples/bind/corpus/e6cf793f1de534c06076206508be80c7.00001057.honggfuzz.cov deleted file mode 100644 index 52c5309b..00000000 Binary files a/examples/bind/corpus/e6cf793f1de534c06076206508be80c7.00001057.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e6d70236c743eafe1a72e8e974a6647f.00000081.honggfuzz.cov b/examples/bind/corpus/e6d70236c743eafe1a72e8e974a6647f.00000081.honggfuzz.cov deleted file mode 100644 index 6f951358..00000000 Binary files a/examples/bind/corpus/e6d70236c743eafe1a72e8e974a6647f.00000081.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e6f01fbcf16adc64b47a6ff636dccf5b.000001db.honggfuzz.cov b/examples/bind/corpus/e6f01fbcf16adc64b47a6ff636dccf5b.000001db.honggfuzz.cov new file mode 100644 index 00000000..5191a1c4 Binary files /dev/null and b/examples/bind/corpus/e6f01fbcf16adc64b47a6ff636dccf5b.000001db.honggfuzz.cov differ diff --git a/examples/bind/corpus/e6f890c2ea56655ce290bd5140333aba.0000f785.honggfuzz.cov b/examples/bind/corpus/e6f890c2ea56655ce290bd5140333aba.0000f785.honggfuzz.cov new file mode 100644 index 00000000..e8babccf Binary files /dev/null and b/examples/bind/corpus/e6f890c2ea56655ce290bd5140333aba.0000f785.honggfuzz.cov differ diff --git a/examples/bind/corpus/e71cc900eb006e99be9fb96b60dd14be.00000eb8.honggfuzz.cov b/examples/bind/corpus/e71cc900eb006e99be9fb96b60dd14be.00000eb8.honggfuzz.cov deleted file mode 100644 index 83b2f041..00000000 Binary files a/examples/bind/corpus/e71cc900eb006e99be9fb96b60dd14be.00000eb8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e7248cad5cb1666d0a02e0eb27c5cafb.0001f7e8.honggfuzz.cov b/examples/bind/corpus/e7248cad5cb1666d0a02e0eb27c5cafb.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..7354100f Binary files /dev/null and b/examples/bind/corpus/e7248cad5cb1666d0a02e0eb27c5cafb.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/e72d97b4f11ee86241ffb5bc742be6f8.00000085.honggfuzz.cov b/examples/bind/corpus/e72d97b4f11ee86241ffb5bc742be6f8.00000085.honggfuzz.cov deleted file mode 100644 index 0b659d82..00000000 Binary files a/examples/bind/corpus/e72d97b4f11ee86241ffb5bc742be6f8.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e73aa7d35e8812f96ed1dd24be1c5b5e.00000085.honggfuzz.cov b/examples/bind/corpus/e73aa7d35e8812f96ed1dd24be1c5b5e.00000085.honggfuzz.cov deleted file mode 100644 index 2042431c..00000000 Binary files a/examples/bind/corpus/e73aa7d35e8812f96ed1dd24be1c5b5e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e73f82468d4c2bb516c3880eb571b629.00009303.honggfuzz.cov b/examples/bind/corpus/e73f82468d4c2bb516c3880eb571b629.00009303.honggfuzz.cov deleted file mode 100644 index 4393751c..00000000 Binary files a/examples/bind/corpus/e73f82468d4c2bb516c3880eb571b629.00009303.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e749840ac8c09bddfd44bdeaf3a04732.00000089.honggfuzz.cov b/examples/bind/corpus/e749840ac8c09bddfd44bdeaf3a04732.00000089.honggfuzz.cov deleted file mode 100644 index ff06a5b6..00000000 Binary files a/examples/bind/corpus/e749840ac8c09bddfd44bdeaf3a04732.00000089.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e7575cb4ba67acdefa4635e3ef287022.0000010f.honggfuzz.cov b/examples/bind/corpus/e7575cb4ba67acdefa4635e3ef287022.0000010f.honggfuzz.cov new file mode 100644 index 00000000..e53216ef Binary files /dev/null and b/examples/bind/corpus/e7575cb4ba67acdefa4635e3ef287022.0000010f.honggfuzz.cov differ diff --git a/examples/bind/corpus/e77af4ad565a0a5708647943feea2a4e.000004e9.honggfuzz.cov b/examples/bind/corpus/e77af4ad565a0a5708647943feea2a4e.000004e9.honggfuzz.cov new file mode 100644 index 00000000..bd5db586 Binary files /dev/null and b/examples/bind/corpus/e77af4ad565a0a5708647943feea2a4e.000004e9.honggfuzz.cov differ diff --git a/examples/bind/corpus/e790000000000000e790000000000000.00000001.honggfuzz.cov b/examples/bind/corpus/e790000000000000e790000000000000.00000001.honggfuzz.cov new file mode 100644 index 00000000..bd97d753 --- /dev/null +++ b/examples/bind/corpus/e790000000000000e790000000000000.00000001.honggfuzz.cov @@ -0,0 +1 @@ +¯ \ No newline at end of file diff --git a/examples/bind/corpus/e7b590dfe77e053a6c2cb4e304b52f76.00000389.honggfuzz.cov b/examples/bind/corpus/e7b590dfe77e053a6c2cb4e304b52f76.00000389.honggfuzz.cov new file mode 100644 index 00000000..90b3a862 Binary files /dev/null and b/examples/bind/corpus/e7b590dfe77e053a6c2cb4e304b52f76.00000389.honggfuzz.cov differ diff --git a/examples/bind/corpus/e7ba9f5015837df9b384b3d75f9f4339.000000a6.honggfuzz.cov b/examples/bind/corpus/e7ba9f5015837df9b384b3d75f9f4339.000000a6.honggfuzz.cov new file mode 100644 index 00000000..14b3ff71 Binary files /dev/null and b/examples/bind/corpus/e7ba9f5015837df9b384b3d75f9f4339.000000a6.honggfuzz.cov differ diff --git a/examples/bind/corpus/e7e222070adc31fb43e9fe67553b3e1b.00000084.honggfuzz.cov b/examples/bind/corpus/e7e222070adc31fb43e9fe67553b3e1b.00000084.honggfuzz.cov new file mode 100644 index 00000000..aaf94137 Binary files /dev/null and b/examples/bind/corpus/e7e222070adc31fb43e9fe67553b3e1b.00000084.honggfuzz.cov differ diff --git a/examples/bind/corpus/e7e836edf09a420ed1ac527e4f7bb0ff.0000c5fb.honggfuzz.cov b/examples/bind/corpus/e7e836edf09a420ed1ac527e4f7bb0ff.0000c5fb.honggfuzz.cov new file mode 100644 index 00000000..35312d18 Binary files /dev/null and b/examples/bind/corpus/e7e836edf09a420ed1ac527e4f7bb0ff.0000c5fb.honggfuzz.cov differ diff --git a/examples/bind/corpus/e8060885ffd4891123b0f1caab581e79.000000db.honggfuzz.cov b/examples/bind/corpus/e8060885ffd4891123b0f1caab581e79.000000db.honggfuzz.cov deleted file mode 100644 index 7aef9a86..00000000 Binary files a/examples/bind/corpus/e8060885ffd4891123b0f1caab581e79.000000db.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e81b7fcf82ef74362678d931b3c01c69.0000006c.honggfuzz.cov b/examples/bind/corpus/e81b7fcf82ef74362678d931b3c01c69.0000006c.honggfuzz.cov deleted file mode 100644 index 1adde691..00000000 Binary files a/examples/bind/corpus/e81b7fcf82ef74362678d931b3c01c69.0000006c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e81da40a1b87f9110924286e8eaec056.000000db.honggfuzz.cov b/examples/bind/corpus/e81da40a1b87f9110924286e8eaec056.000000db.honggfuzz.cov deleted file mode 100644 index 9395295a..00000000 Binary files a/examples/bind/corpus/e81da40a1b87f9110924286e8eaec056.000000db.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e823296dc0578b6f2d56eec89e724cde.00000dab.honggfuzz.cov b/examples/bind/corpus/e823296dc0578b6f2d56eec89e724cde.00000dab.honggfuzz.cov deleted file mode 100644 index 23f87838..00000000 Binary files a/examples/bind/corpus/e823296dc0578b6f2d56eec89e724cde.00000dab.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e85ca4f90d9ef23e8ec904affce7412d.00000085.honggfuzz.cov b/examples/bind/corpus/e85ca4f90d9ef23e8ec904affce7412d.00000085.honggfuzz.cov new file mode 100644 index 00000000..a5e658b7 Binary files /dev/null and b/examples/bind/corpus/e85ca4f90d9ef23e8ec904affce7412d.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/e861565b75f09080ffdb323ffb4b58e7.000000f9.honggfuzz.cov b/examples/bind/corpus/e861565b75f09080ffdb323ffb4b58e7.000000f9.honggfuzz.cov deleted file mode 100644 index e0f257be..00000000 Binary files a/examples/bind/corpus/e861565b75f09080ffdb323ffb4b58e7.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e8662693f32986e917121697b1eca21f.0000323f.honggfuzz.cov b/examples/bind/corpus/e8662693f32986e917121697b1eca21f.0000323f.honggfuzz.cov deleted file mode 100644 index fe884dcc..00000000 Binary files a/examples/bind/corpus/e8662693f32986e917121697b1eca21f.0000323f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e895b3698449254387374517d2044a62.000070f7.honggfuzz.cov b/examples/bind/corpus/e895b3698449254387374517d2044a62.000070f7.honggfuzz.cov deleted file mode 100644 index 703ac0a9..00000000 Binary files a/examples/bind/corpus/e895b3698449254387374517d2044a62.000070f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e89a7a48dd99528181b1bbc367abeb53.00000181.honggfuzz.cov b/examples/bind/corpus/e89a7a48dd99528181b1bbc367abeb53.00000181.honggfuzz.cov deleted file mode 100644 index 819ecfff..00000000 Binary files a/examples/bind/corpus/e89a7a48dd99528181b1bbc367abeb53.00000181.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e89c6866c0b9d594cf2e4a990ea878c5.000000ba.honggfuzz.cov b/examples/bind/corpus/e89c6866c0b9d594cf2e4a990ea878c5.000000ba.honggfuzz.cov deleted file mode 100644 index add71a31..00000000 Binary files a/examples/bind/corpus/e89c6866c0b9d594cf2e4a990ea878c5.000000ba.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e8a37e806fc2c5eeb31da22e70735948.0000d83a.honggfuzz.cov b/examples/bind/corpus/e8a37e806fc2c5eeb31da22e70735948.0000d83a.honggfuzz.cov deleted file mode 100644 index 71e2280f..00000000 Binary files a/examples/bind/corpus/e8a37e806fc2c5eeb31da22e70735948.0000d83a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e8a4800c8a3cde6e0e2f96643e7713fb.00000402.honggfuzz.cov b/examples/bind/corpus/e8a4800c8a3cde6e0e2f96643e7713fb.00000402.honggfuzz.cov new file mode 100644 index 00000000..352983dc Binary files /dev/null and b/examples/bind/corpus/e8a4800c8a3cde6e0e2f96643e7713fb.00000402.honggfuzz.cov differ diff --git a/examples/bind/corpus/e8f403c1e3e984d517c4e877d77c771f.00000c1d.honggfuzz.cov b/examples/bind/corpus/e8f403c1e3e984d517c4e877d77c771f.00000c1d.honggfuzz.cov deleted file mode 100644 index c4573a6d..00000000 Binary files a/examples/bind/corpus/e8f403c1e3e984d517c4e877d77c771f.00000c1d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e9152e18577c612f0e9e16d376bfb4e0.00000280.honggfuzz.cov b/examples/bind/corpus/e9152e18577c612f0e9e16d376bfb4e0.00000280.honggfuzz.cov new file mode 100644 index 00000000..d7cbaed8 Binary files /dev/null and b/examples/bind/corpus/e9152e18577c612f0e9e16d376bfb4e0.00000280.honggfuzz.cov differ diff --git a/examples/bind/corpus/e926fa5fc4a80d64454b5368671f3c68.00000127.honggfuzz.cov b/examples/bind/corpus/e926fa5fc4a80d64454b5368671f3c68.00000127.honggfuzz.cov deleted file mode 100644 index 36839594..00000000 Binary files a/examples/bind/corpus/e926fa5fc4a80d64454b5368671f3c68.00000127.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e927c86a48be60f03d06cb7d57afdbdf.000000c7.honggfuzz.cov b/examples/bind/corpus/e927c86a48be60f03d06cb7d57afdbdf.000000c7.honggfuzz.cov new file mode 100644 index 00000000..a6f631bc Binary files /dev/null and b/examples/bind/corpus/e927c86a48be60f03d06cb7d57afdbdf.000000c7.honggfuzz.cov differ diff --git a/examples/bind/corpus/e9387f0f90fb97b2fc961df4329df815.0000083d.honggfuzz.cov b/examples/bind/corpus/e9387f0f90fb97b2fc961df4329df815.0000083d.honggfuzz.cov deleted file mode 100644 index b20c0211..00000000 Binary files a/examples/bind/corpus/e9387f0f90fb97b2fc961df4329df815.0000083d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e9464feb4a157f319e6dc037adf9a36b.0001c109.honggfuzz.cov b/examples/bind/corpus/e9464feb4a157f319e6dc037adf9a36b.0001c109.honggfuzz.cov deleted file mode 100644 index 2ed909af..00000000 Binary files a/examples/bind/corpus/e9464feb4a157f319e6dc037adf9a36b.0001c109.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e95815caf8bbbecb544a46ffcfb4f1bf.00000085.honggfuzz.cov b/examples/bind/corpus/e95815caf8bbbecb544a46ffcfb4f1bf.00000085.honggfuzz.cov deleted file mode 100644 index 88b940b6..00000000 Binary files a/examples/bind/corpus/e95815caf8bbbecb544a46ffcfb4f1bf.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e96dc7229e934969da0028b8b96c4cef.00000080.honggfuzz.cov b/examples/bind/corpus/e96dc7229e934969da0028b8b96c4cef.00000080.honggfuzz.cov deleted file mode 100644 index 28e6a166..00000000 Binary files a/examples/bind/corpus/e96dc7229e934969da0028b8b96c4cef.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e980a65787a6dc39601800e35cee2c58.00010cd8.honggfuzz.cov b/examples/bind/corpus/e980a65787a6dc39601800e35cee2c58.00010cd8.honggfuzz.cov deleted file mode 100644 index 19d430f8..00000000 Binary files a/examples/bind/corpus/e980a65787a6dc39601800e35cee2c58.00010cd8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e98eb7ee33dff52a44fa05441355b9a6.00005bea.honggfuzz.cov b/examples/bind/corpus/e98eb7ee33dff52a44fa05441355b9a6.00005bea.honggfuzz.cov new file mode 100644 index 00000000..948c24a2 Binary files /dev/null and b/examples/bind/corpus/e98eb7ee33dff52a44fa05441355b9a6.00005bea.honggfuzz.cov differ diff --git a/examples/bind/corpus/e99fdbea72d357d454af3f854c51d191.000000f9.honggfuzz.cov b/examples/bind/corpus/e99fdbea72d357d454af3f854c51d191.000000f9.honggfuzz.cov deleted file mode 100644 index 2fe01a0e..00000000 Binary files a/examples/bind/corpus/e99fdbea72d357d454af3f854c51d191.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e9a79255f54d516be932fefd86915d09.000000ac.honggfuzz.cov b/examples/bind/corpus/e9a79255f54d516be932fefd86915d09.000000ac.honggfuzz.cov deleted file mode 100644 index c16f5757..00000000 Binary files a/examples/bind/corpus/e9a79255f54d516be932fefd86915d09.000000ac.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/e9d9fba7d173117ce4b36355e384e802.00000239.honggfuzz.cov b/examples/bind/corpus/e9d9fba7d173117ce4b36355e384e802.00000239.honggfuzz.cov deleted file mode 100644 index f641749b..00000000 Binary files a/examples/bind/corpus/e9d9fba7d173117ce4b36355e384e802.00000239.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ea04b58f7bfd7670c69fcbd0653bd85e.0000006c.honggfuzz.cov b/examples/bind/corpus/ea04b58f7bfd7670c69fcbd0653bd85e.0000006c.honggfuzz.cov deleted file mode 100644 index d617044b..00000000 Binary files a/examples/bind/corpus/ea04b58f7bfd7670c69fcbd0653bd85e.0000006c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ea09aedd13792a40ae7fe257c1191840.000003ab.honggfuzz.cov b/examples/bind/corpus/ea09aedd13792a40ae7fe257c1191840.000003ab.honggfuzz.cov deleted file mode 100644 index d37c5886..00000000 Binary files a/examples/bind/corpus/ea09aedd13792a40ae7fe257c1191840.000003ab.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ea114fb8effe1dbc1e9fb043474f6229.00000400.honggfuzz.cov b/examples/bind/corpus/ea114fb8effe1dbc1e9fb043474f6229.00000400.honggfuzz.cov deleted file mode 100644 index b250b066..00000000 Binary files a/examples/bind/corpus/ea114fb8effe1dbc1e9fb043474f6229.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ea180742310c5a4f3d4c54c1bf2b09c6.00017ac6.honggfuzz.cov b/examples/bind/corpus/ea180742310c5a4f3d4c54c1bf2b09c6.00017ac6.honggfuzz.cov deleted file mode 100644 index 8503e8f2..00000000 Binary files a/examples/bind/corpus/ea180742310c5a4f3d4c54c1bf2b09c6.00017ac6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ea1932491f5f32995ec87572d62e8958.00000085.honggfuzz.cov b/examples/bind/corpus/ea1932491f5f32995ec87572d62e8958.00000085.honggfuzz.cov new file mode 100644 index 00000000..b93d78ca Binary files /dev/null and b/examples/bind/corpus/ea1932491f5f32995ec87572d62e8958.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/ea1ffe631da633b8b45ffb60260608f7.000000ba.honggfuzz.cov b/examples/bind/corpus/ea1ffe631da633b8b45ffb60260608f7.000000ba.honggfuzz.cov deleted file mode 100644 index 7e980b6b..00000000 Binary files a/examples/bind/corpus/ea1ffe631da633b8b45ffb60260608f7.000000ba.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ea24dbb3a3f606cc620f810b0f7fe4c3.00000085.honggfuzz.cov b/examples/bind/corpus/ea24dbb3a3f606cc620f810b0f7fe4c3.00000085.honggfuzz.cov new file mode 100644 index 00000000..ffb96998 Binary files /dev/null and b/examples/bind/corpus/ea24dbb3a3f606cc620f810b0f7fe4c3.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/ea4ab88d907ec07873c49e47c5359e6e.000000f7.honggfuzz.cov b/examples/bind/corpus/ea4ab88d907ec07873c49e47c5359e6e.000000f7.honggfuzz.cov deleted file mode 100644 index 69807765..00000000 Binary files a/examples/bind/corpus/ea4ab88d907ec07873c49e47c5359e6e.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ea4afaaf7d0090c6910be83837e4b384.00000085.honggfuzz.cov b/examples/bind/corpus/ea4afaaf7d0090c6910be83837e4b384.00000085.honggfuzz.cov deleted file mode 100644 index 2b5ae737..00000000 Binary files a/examples/bind/corpus/ea4afaaf7d0090c6910be83837e4b384.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ea5d8ec2a81fa5818e67b85b65be6d05.00000085.honggfuzz.cov b/examples/bind/corpus/ea5d8ec2a81fa5818e67b85b65be6d05.00000085.honggfuzz.cov new file mode 100644 index 00000000..b657d7aa Binary files /dev/null and b/examples/bind/corpus/ea5d8ec2a81fa5818e67b85b65be6d05.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/ea797b84daf825b55da104e9f2a0ba40.0000003e.honggfuzz.cov b/examples/bind/corpus/ea797b84daf825b55da104e9f2a0ba40.0000003e.honggfuzz.cov deleted file mode 100644 index 72722b34..00000000 Binary files a/examples/bind/corpus/ea797b84daf825b55da104e9f2a0ba40.0000003e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ea7a8841ec9bb08b55dd067d8cfd0c51.000024bd.honggfuzz.cov b/examples/bind/corpus/ea7a8841ec9bb08b55dd067d8cfd0c51.000024bd.honggfuzz.cov deleted file mode 100644 index c3f97a24..00000000 Binary files a/examples/bind/corpus/ea7a8841ec9bb08b55dd067d8cfd0c51.000024bd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ead228f0b3f6c42b9a452ff31e0b896e.000000e1.honggfuzz.cov b/examples/bind/corpus/ead228f0b3f6c42b9a452ff31e0b896e.000000e1.honggfuzz.cov new file mode 100644 index 00000000..b7c9e69d Binary files /dev/null and b/examples/bind/corpus/ead228f0b3f6c42b9a452ff31e0b896e.000000e1.honggfuzz.cov differ diff --git a/examples/bind/corpus/eb0621bab4f4b79f9cf02b946b740f52.0000004c.honggfuzz.cov b/examples/bind/corpus/eb0621bab4f4b79f9cf02b946b740f52.0000004c.honggfuzz.cov deleted file mode 100644 index b9de45c4..00000000 Binary files a/examples/bind/corpus/eb0621bab4f4b79f9cf02b946b740f52.0000004c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/eb10cf4c8ea1fce8876dfa7915e6876f.00000233.honggfuzz.cov b/examples/bind/corpus/eb10cf4c8ea1fce8876dfa7915e6876f.00000233.honggfuzz.cov new file mode 100644 index 00000000..ce1130ec Binary files /dev/null and b/examples/bind/corpus/eb10cf4c8ea1fce8876dfa7915e6876f.00000233.honggfuzz.cov differ diff --git a/examples/bind/corpus/eb1394374ce3e4e970536c6ccd8103f9.00000085.honggfuzz.cov b/examples/bind/corpus/eb1394374ce3e4e970536c6ccd8103f9.00000085.honggfuzz.cov deleted file mode 100644 index 6dd1a2d1..00000000 Binary files a/examples/bind/corpus/eb1394374ce3e4e970536c6ccd8103f9.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/eb2276728cee48756a4b279e60cd2d69.00000941.honggfuzz.cov b/examples/bind/corpus/eb2276728cee48756a4b279e60cd2d69.00000941.honggfuzz.cov new file mode 100644 index 00000000..13e10808 Binary files /dev/null and b/examples/bind/corpus/eb2276728cee48756a4b279e60cd2d69.00000941.honggfuzz.cov differ diff --git a/examples/bind/corpus/eb2b1aa3e5e1d4ded7d7dd64a5899e93.00018619.honggfuzz.cov b/examples/bind/corpus/eb2b1aa3e5e1d4ded7d7dd64a5899e93.00018619.honggfuzz.cov deleted file mode 100644 index 2df96e4e..00000000 Binary files a/examples/bind/corpus/eb2b1aa3e5e1d4ded7d7dd64a5899e93.00018619.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/eb687ff6bb647d9a716316e7e17af54f.0000e4af.honggfuzz.cov b/examples/bind/corpus/eb687ff6bb647d9a716316e7e17af54f.0000e4af.honggfuzz.cov deleted file mode 100644 index aa525d18..00000000 Binary files a/examples/bind/corpus/eb687ff6bb647d9a716316e7e17af54f.0000e4af.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/eb94f64980fd3649eaa0e1c807e103d9.0000033e.honggfuzz.cov b/examples/bind/corpus/eb94f64980fd3649eaa0e1c807e103d9.0000033e.honggfuzz.cov new file mode 100644 index 00000000..9bcd09b4 Binary files /dev/null and b/examples/bind/corpus/eb94f64980fd3649eaa0e1c807e103d9.0000033e.honggfuzz.cov differ diff --git a/examples/bind/corpus/eba030ae8361135f69415994cadcd195.00000085.honggfuzz.cov b/examples/bind/corpus/eba030ae8361135f69415994cadcd195.00000085.honggfuzz.cov deleted file mode 100644 index 03a91980..00000000 Binary files a/examples/bind/corpus/eba030ae8361135f69415994cadcd195.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ebb36b8e474519216eb44dc90e9a43a0.00000085.honggfuzz.cov b/examples/bind/corpus/ebb36b8e474519216eb44dc90e9a43a0.00000085.honggfuzz.cov deleted file mode 100644 index dd15c8e3..00000000 Binary files a/examples/bind/corpus/ebb36b8e474519216eb44dc90e9a43a0.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ebcd92aa8cc1975311fa8ab16102bf17.000001db.honggfuzz.cov b/examples/bind/corpus/ebcd92aa8cc1975311fa8ab16102bf17.000001db.honggfuzz.cov deleted file mode 100644 index edd9b7e2..00000000 Binary files a/examples/bind/corpus/ebcd92aa8cc1975311fa8ab16102bf17.000001db.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ebcf567c6ae1e112aa469b4fa7f42746.00000200.honggfuzz.cov b/examples/bind/corpus/ebcf567c6ae1e112aa469b4fa7f42746.00000200.honggfuzz.cov new file mode 100644 index 00000000..a9732698 Binary files /dev/null and b/examples/bind/corpus/ebcf567c6ae1e112aa469b4fa7f42746.00000200.honggfuzz.cov differ diff --git a/examples/bind/corpus/ebdef932bd3135957d4efc1ddbd48d53.0000004c.honggfuzz.cov b/examples/bind/corpus/ebdef932bd3135957d4efc1ddbd48d53.0000004c.honggfuzz.cov deleted file mode 100644 index db6b3595..00000000 Binary files a/examples/bind/corpus/ebdef932bd3135957d4efc1ddbd48d53.0000004c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ebdf2f644de7f54893736d37b9a0798e.0000010e.honggfuzz.cov b/examples/bind/corpus/ebdf2f644de7f54893736d37b9a0798e.0000010e.honggfuzz.cov new file mode 100644 index 00000000..eb6bb022 Binary files /dev/null and b/examples/bind/corpus/ebdf2f644de7f54893736d37b9a0798e.0000010e.honggfuzz.cov differ diff --git a/examples/bind/corpus/ebe783b8d6c73c1cc3d8831ed04f472e.00000085.honggfuzz.cov b/examples/bind/corpus/ebe783b8d6c73c1cc3d8831ed04f472e.00000085.honggfuzz.cov deleted file mode 100644 index 8338661b..00000000 Binary files a/examples/bind/corpus/ebe783b8d6c73c1cc3d8831ed04f472e.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ebe7cf4d5cc73c1cbb89c04c8b4f472c.00000085.honggfuzz.cov b/examples/bind/corpus/ebe7cf4d5cc73c1cbb89c04c8b4f472c.00000085.honggfuzz.cov deleted file mode 100644 index 581225e8..00000000 Binary files a/examples/bind/corpus/ebe7cf4d5cc73c1cbb89c04c8b4f472c.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ec0d470b25c04bf57db65925e888e1d8.00000085.honggfuzz.cov b/examples/bind/corpus/ec0d470b25c04bf57db65925e888e1d8.00000085.honggfuzz.cov deleted file mode 100644 index 74104138..00000000 Binary files a/examples/bind/corpus/ec0d470b25c04bf57db65925e888e1d8.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ec0dc1fffa372c37f3487def01971114.00000085.honggfuzz.cov b/examples/bind/corpus/ec0dc1fffa372c37f3487def01971114.00000085.honggfuzz.cov deleted file mode 100644 index f576b6d0..00000000 Binary files a/examples/bind/corpus/ec0dc1fffa372c37f3487def01971114.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ec20206601d50ba0628852b8e54ed169.00000593.honggfuzz.cov b/examples/bind/corpus/ec20206601d50ba0628852b8e54ed169.00000593.honggfuzz.cov deleted file mode 100644 index abc6fb33..00000000 Binary files a/examples/bind/corpus/ec20206601d50ba0628852b8e54ed169.00000593.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ec2b551cacf2cabf009b8cc4d3cc1db8.000000f7.honggfuzz.cov b/examples/bind/corpus/ec2b551cacf2cabf009b8cc4d3cc1db8.000000f7.honggfuzz.cov new file mode 100644 index 00000000..bb66d24d Binary files /dev/null and b/examples/bind/corpus/ec2b551cacf2cabf009b8cc4d3cc1db8.000000f7.honggfuzz.cov differ diff --git a/examples/bind/corpus/ec2dd873a2b4bbfdf4664cc60e45ab18.0000609b.honggfuzz.cov b/examples/bind/corpus/ec2dd873a2b4bbfdf4664cc60e45ab18.0000609b.honggfuzz.cov deleted file mode 100644 index 17cae4e5..00000000 Binary files a/examples/bind/corpus/ec2dd873a2b4bbfdf4664cc60e45ab18.0000609b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ec3424ed9c45b209d5c15a96529b9ece.0000ffe1.honggfuzz.cov b/examples/bind/corpus/ec3424ed9c45b209d5c15a96529b9ece.0000ffe1.honggfuzz.cov new file mode 100644 index 00000000..075794b6 Binary files /dev/null and b/examples/bind/corpus/ec3424ed9c45b209d5c15a96529b9ece.0000ffe1.honggfuzz.cov differ diff --git a/examples/bind/corpus/ec47ee4e6f4a4b98d596646251532c58.0000025b.honggfuzz.cov b/examples/bind/corpus/ec47ee4e6f4a4b98d596646251532c58.0000025b.honggfuzz.cov new file mode 100644 index 00000000..1de7e954 Binary files /dev/null and b/examples/bind/corpus/ec47ee4e6f4a4b98d596646251532c58.0000025b.honggfuzz.cov differ diff --git a/examples/bind/corpus/ec5712b0ddd3a653a5c2ae12c752bf5d.00014294.honggfuzz.cov b/examples/bind/corpus/ec5712b0ddd3a653a5c2ae12c752bf5d.00014294.honggfuzz.cov deleted file mode 100644 index c80bd7a6..00000000 Binary files a/examples/bind/corpus/ec5712b0ddd3a653a5c2ae12c752bf5d.00014294.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ec5a0e486861d9992fa9294b52c66f95.00000085.honggfuzz.cov b/examples/bind/corpus/ec5a0e486861d9992fa9294b52c66f95.00000085.honggfuzz.cov deleted file mode 100644 index b6cf5cf9..00000000 Binary files a/examples/bind/corpus/ec5a0e486861d9992fa9294b52c66f95.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ec66cb99403f1ebcad1c2c0553e1762a.00001327.honggfuzz.cov b/examples/bind/corpus/ec66cb99403f1ebcad1c2c0553e1762a.00001327.honggfuzz.cov new file mode 100644 index 00000000..8d8a299e Binary files /dev/null and b/examples/bind/corpus/ec66cb99403f1ebcad1c2c0553e1762a.00001327.honggfuzz.cov differ diff --git a/examples/bind/corpus/ec70b7bc83630416810c163abf0a89f8.000101d0.honggfuzz.cov b/examples/bind/corpus/ec70b7bc83630416810c163abf0a89f8.000101d0.honggfuzz.cov new file mode 100644 index 00000000..7de29b45 Binary files /dev/null and b/examples/bind/corpus/ec70b7bc83630416810c163abf0a89f8.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/ec72d4e389d7062eebab11854a152c9a.000000b6.honggfuzz.cov b/examples/bind/corpus/ec72d4e389d7062eebab11854a152c9a.000000b6.honggfuzz.cov deleted file mode 100644 index 76757ba5..00000000 Binary files a/examples/bind/corpus/ec72d4e389d7062eebab11854a152c9a.000000b6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ec77301c527322f552294cc7367cb4b9.00001408.honggfuzz.cov b/examples/bind/corpus/ec77301c527322f552294cc7367cb4b9.00001408.honggfuzz.cov new file mode 100644 index 00000000..b66656b3 Binary files /dev/null and b/examples/bind/corpus/ec77301c527322f552294cc7367cb4b9.00001408.honggfuzz.cov differ diff --git a/examples/bind/corpus/ec8bc434c076c95ca965692931fd43ae.00000072.honggfuzz.cov b/examples/bind/corpus/ec8bc434c076c95ca965692931fd43ae.00000072.honggfuzz.cov new file mode 100644 index 00000000..5afac7e3 Binary files /dev/null and b/examples/bind/corpus/ec8bc434c076c95ca965692931fd43ae.00000072.honggfuzz.cov differ diff --git a/examples/bind/corpus/ec90ef401127a321fee32e68365f3eb7.00000085.honggfuzz.cov b/examples/bind/corpus/ec90ef401127a321fee32e68365f3eb7.00000085.honggfuzz.cov deleted file mode 100644 index 9b0dde16..00000000 Binary files a/examples/bind/corpus/ec90ef401127a321fee32e68365f3eb7.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ecbcb1e415ecb5899b1f9d56aead7e31.000000dc.honggfuzz.cov b/examples/bind/corpus/ecbcb1e415ecb5899b1f9d56aead7e31.000000dc.honggfuzz.cov deleted file mode 100644 index 9de0f63a..00000000 Binary files a/examples/bind/corpus/ecbcb1e415ecb5899b1f9d56aead7e31.000000dc.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ecc0daa088da0cf624bcf08abec81738.00000085.honggfuzz.cov b/examples/bind/corpus/ecc0daa088da0cf624bcf08abec81738.00000085.honggfuzz.cov new file mode 100644 index 00000000..ebef2881 Binary files /dev/null and b/examples/bind/corpus/ecc0daa088da0cf624bcf08abec81738.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/ecca4f11c03259f1728691edeed910ac.00000048.honggfuzz.cov b/examples/bind/corpus/ecca4f11c03259f1728691edeed910ac.00000048.honggfuzz.cov deleted file mode 100644 index 98acce7d..00000000 Binary files a/examples/bind/corpus/ecca4f11c03259f1728691edeed910ac.00000048.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ecd36f191e0e9df34d1a3b4cba231bf3.000399a6.honggfuzz.cov b/examples/bind/corpus/ecd36f191e0e9df34d1a3b4cba231bf3.000399a6.honggfuzz.cov deleted file mode 100644 index 2a2a34a4..00000000 Binary files a/examples/bind/corpus/ecd36f191e0e9df34d1a3b4cba231bf3.000399a6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ecdff86532b0f20b64369a4e05ffd408.000000c6.honggfuzz.cov b/examples/bind/corpus/ecdff86532b0f20b64369a4e05ffd408.000000c6.honggfuzz.cov deleted file mode 100644 index 9a6381a5..00000000 Binary files a/examples/bind/corpus/ecdff86532b0f20b64369a4e05ffd408.000000c6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ed0ca7169c22fc84b2c08ebdb53b1945.000018a9.honggfuzz.cov b/examples/bind/corpus/ed0ca7169c22fc84b2c08ebdb53b1945.000018a9.honggfuzz.cov deleted file mode 100644 index 68f3227c..00000000 Binary files a/examples/bind/corpus/ed0ca7169c22fc84b2c08ebdb53b1945.000018a9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ed0dee63e1c515beb7a82f3d9e91c525.0001ecf3.honggfuzz.cov b/examples/bind/corpus/ed0dee63e1c515beb7a82f3d9e91c525.0001ecf3.honggfuzz.cov deleted file mode 100644 index 739a6529..00000000 Binary files a/examples/bind/corpus/ed0dee63e1c515beb7a82f3d9e91c525.0001ecf3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ed0e9fd46e1b12b0108539ec3bf65866.000000a6.honggfuzz.cov b/examples/bind/corpus/ed0e9fd46e1b12b0108539ec3bf65866.000000a6.honggfuzz.cov deleted file mode 100644 index bec3df26..00000000 Binary files a/examples/bind/corpus/ed0e9fd46e1b12b0108539ec3bf65866.000000a6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ed273e48b3d245f26c73f1061faa80a7.000000f9.honggfuzz.cov b/examples/bind/corpus/ed273e48b3d245f26c73f1061faa80a7.000000f9.honggfuzz.cov deleted file mode 100644 index 71009d56..00000000 Binary files a/examples/bind/corpus/ed273e48b3d245f26c73f1061faa80a7.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ed2e93f94cb6413604aafc8f98a7a7c7.00000085.honggfuzz.cov b/examples/bind/corpus/ed2e93f94cb6413604aafc8f98a7a7c7.00000085.honggfuzz.cov deleted file mode 100644 index 6c4e4002..00000000 Binary files a/examples/bind/corpus/ed2e93f94cb6413604aafc8f98a7a7c7.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ed3dc7ccd9a2c437a6bebe0db4ba7bf0.0000d87d.honggfuzz.cov b/examples/bind/corpus/ed3dc7ccd9a2c437a6bebe0db4ba7bf0.0000d87d.honggfuzz.cov deleted file mode 100644 index e1fd7288..00000000 Binary files a/examples/bind/corpus/ed3dc7ccd9a2c437a6bebe0db4ba7bf0.0000d87d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ed4ce4bcbf158e97a2bdbdc76bcc5dba.00000085.honggfuzz.cov b/examples/bind/corpus/ed4ce4bcbf158e97a2bdbdc76bcc5dba.00000085.honggfuzz.cov deleted file mode 100644 index 2221540f..00000000 Binary files a/examples/bind/corpus/ed4ce4bcbf158e97a2bdbdc76bcc5dba.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ed4f6884cfab97eec1487fe97ab98af6.000016c8.honggfuzz.cov b/examples/bind/corpus/ed4f6884cfab97eec1487fe97ab98af6.000016c8.honggfuzz.cov deleted file mode 100644 index bd43601b..00000000 Binary files a/examples/bind/corpus/ed4f6884cfab97eec1487fe97ab98af6.000016c8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ed66f7da1060f20bab2149e6008d840c.00019216.honggfuzz.cov b/examples/bind/corpus/ed66f7da1060f20bab2149e6008d840c.00019216.honggfuzz.cov deleted file mode 100644 index 54fcc032..00000000 Binary files a/examples/bind/corpus/ed66f7da1060f20bab2149e6008d840c.00019216.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ed91e97646ead7953202d47ec3703144.0000002c.honggfuzz.cov b/examples/bind/corpus/ed91e97646ead7953202d47ec3703144.0000002c.honggfuzz.cov deleted file mode 100644 index 5455ed29..00000000 Binary files a/examples/bind/corpus/ed91e97646ead7953202d47ec3703144.0000002c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/eda6426b73390bbd42f1dbd1fb36c5f9.00000026.honggfuzz.cov b/examples/bind/corpus/eda6426b73390bbd42f1dbd1fb36c5f9.00000026.honggfuzz.cov deleted file mode 100644 index d8514213..00000000 Binary files a/examples/bind/corpus/eda6426b73390bbd42f1dbd1fb36c5f9.00000026.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/edb71561aaaa772269709210088ce0b1.0000dba9.honggfuzz.cov b/examples/bind/corpus/edb71561aaaa772269709210088ce0b1.0000dba9.honggfuzz.cov deleted file mode 100644 index ef55d0fc..00000000 Binary files a/examples/bind/corpus/edb71561aaaa772269709210088ce0b1.0000dba9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/edb7ae25c01a4c195ba6697958969857.0000281a.honggfuzz.cov b/examples/bind/corpus/edb7ae25c01a4c195ba6697958969857.0000281a.honggfuzz.cov new file mode 100644 index 00000000..847f9121 Binary files /dev/null and b/examples/bind/corpus/edb7ae25c01a4c195ba6697958969857.0000281a.honggfuzz.cov differ diff --git a/examples/bind/corpus/eddea2134b3b9b15418328e7be909a9d.00000080.honggfuzz.cov b/examples/bind/corpus/eddea2134b3b9b15418328e7be909a9d.00000080.honggfuzz.cov deleted file mode 100644 index 9a539980..00000000 Binary files a/examples/bind/corpus/eddea2134b3b9b15418328e7be909a9d.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ede498659460ac4bd2dd01f128205892.00002015.honggfuzz.cov b/examples/bind/corpus/ede498659460ac4bd2dd01f128205892.00002015.honggfuzz.cov deleted file mode 100644 index 0c224852..00000000 Binary files a/examples/bind/corpus/ede498659460ac4bd2dd01f128205892.00002015.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/edf0fb2288a97a79c53e612318a9afae.0000018d.honggfuzz.cov b/examples/bind/corpus/edf0fb2288a97a79c53e612318a9afae.0000018d.honggfuzz.cov new file mode 100644 index 00000000..4e404c42 Binary files /dev/null and b/examples/bind/corpus/edf0fb2288a97a79c53e612318a9afae.0000018d.honggfuzz.cov differ diff --git a/examples/bind/corpus/ee088d6bd1d9486cd139e0a9f712a246.000000de.honggfuzz.cov b/examples/bind/corpus/ee088d6bd1d9486cd139e0a9f712a246.000000de.honggfuzz.cov new file mode 100644 index 00000000..b02dfb5a Binary files /dev/null and b/examples/bind/corpus/ee088d6bd1d9486cd139e0a9f712a246.000000de.honggfuzz.cov differ diff --git a/examples/bind/corpus/ee200c909b838caa2f534699fd4ebaf2.00000091.honggfuzz.cov b/examples/bind/corpus/ee200c909b838caa2f534699fd4ebaf2.00000091.honggfuzz.cov deleted file mode 100644 index 089a04cd..00000000 Binary files a/examples/bind/corpus/ee200c909b838caa2f534699fd4ebaf2.00000091.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ee21f974930cd03c03e6d038cf3e8fb1.00000049.honggfuzz.cov b/examples/bind/corpus/ee21f974930cd03c03e6d038cf3e8fb1.00000049.honggfuzz.cov deleted file mode 100644 index 1d77f628..00000000 Binary files a/examples/bind/corpus/ee21f974930cd03c03e6d038cf3e8fb1.00000049.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ee2cea64cc8a9bfc069588aee93f12c5.00000048.honggfuzz.cov b/examples/bind/corpus/ee2cea64cc8a9bfc069588aee93f12c5.00000048.honggfuzz.cov deleted file mode 100644 index d3567d44..00000000 Binary files a/examples/bind/corpus/ee2cea64cc8a9bfc069588aee93f12c5.00000048.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ee340ebb6864ab28421862f358ba9ff1.0000554a.honggfuzz.cov b/examples/bind/corpus/ee340ebb6864ab28421862f358ba9ff1.0000554a.honggfuzz.cov new file mode 100644 index 00000000..5ebd3762 Binary files /dev/null and b/examples/bind/corpus/ee340ebb6864ab28421862f358ba9ff1.0000554a.honggfuzz.cov differ diff --git a/examples/bind/corpus/ee437314a7f548c0d425f9be506b2a00.0000003c.honggfuzz.cov b/examples/bind/corpus/ee437314a7f548c0d425f9be506b2a00.0000003c.honggfuzz.cov new file mode 100644 index 00000000..4a478885 Binary files /dev/null and b/examples/bind/corpus/ee437314a7f548c0d425f9be506b2a00.0000003c.honggfuzz.cov differ diff --git a/examples/bind/corpus/ee4ba33027e7aaa19a5fb4baf58268d4.00000230.honggfuzz.cov b/examples/bind/corpus/ee4ba33027e7aaa19a5fb4baf58268d4.00000230.honggfuzz.cov deleted file mode 100644 index d6142c11..00000000 Binary files a/examples/bind/corpus/ee4ba33027e7aaa19a5fb4baf58268d4.00000230.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ee4d516b5326aaedb6a8f3372e0746df.000000ff.honggfuzz.cov b/examples/bind/corpus/ee4d516b5326aaedb6a8f3372e0746df.000000ff.honggfuzz.cov new file mode 100644 index 00000000..7e71749a Binary files /dev/null and b/examples/bind/corpus/ee4d516b5326aaedb6a8f3372e0746df.000000ff.honggfuzz.cov differ diff --git a/examples/bind/corpus/ee4eced9d7716a3a53a44121ee0e2edf.000001e1.honggfuzz.cov b/examples/bind/corpus/ee4eced9d7716a3a53a44121ee0e2edf.000001e1.honggfuzz.cov new file mode 100644 index 00000000..3952eb5a Binary files /dev/null and b/examples/bind/corpus/ee4eced9d7716a3a53a44121ee0e2edf.000001e1.honggfuzz.cov differ diff --git a/examples/bind/corpus/ee503d7032a411912dc26146267aa04a.00000187.honggfuzz.cov b/examples/bind/corpus/ee503d7032a411912dc26146267aa04a.00000187.honggfuzz.cov new file mode 100644 index 00000000..118c41de Binary files /dev/null and b/examples/bind/corpus/ee503d7032a411912dc26146267aa04a.00000187.honggfuzz.cov differ diff --git a/examples/bind/corpus/ee6c7e64fa0fd9d3120dcc5d17c1d097.0000d3e3.honggfuzz.cov b/examples/bind/corpus/ee6c7e64fa0fd9d3120dcc5d17c1d097.0000d3e3.honggfuzz.cov deleted file mode 100644 index d5386e45..00000000 Binary files a/examples/bind/corpus/ee6c7e64fa0fd9d3120dcc5d17c1d097.0000d3e3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ee8bd35857e8bcdf075761887d911328.0000dfb5.honggfuzz.cov b/examples/bind/corpus/ee8bd35857e8bcdf075761887d911328.0000dfb5.honggfuzz.cov deleted file mode 100644 index ab11ef42..00000000 Binary files a/examples/bind/corpus/ee8bd35857e8bcdf075761887d911328.0000dfb5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ee8fe5547f36251c2060c4523dcd5d4a.00000034.honggfuzz.cov b/examples/bind/corpus/ee8fe5547f36251c2060c4523dcd5d4a.00000034.honggfuzz.cov new file mode 100644 index 00000000..8cbba521 Binary files /dev/null and b/examples/bind/corpus/ee8fe5547f36251c2060c4523dcd5d4a.00000034.honggfuzz.cov differ diff --git a/examples/bind/corpus/ee9b6739cac4781ab57f46dfee7a42a6.0000d20e.honggfuzz.cov b/examples/bind/corpus/ee9b6739cac4781ab57f46dfee7a42a6.0000d20e.honggfuzz.cov deleted file mode 100644 index 02e2ec2b..00000000 Binary files a/examples/bind/corpus/ee9b6739cac4781ab57f46dfee7a42a6.0000d20e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/eec01dfc92b0761f6f16b1c7cb89412e.00000085.honggfuzz.cov b/examples/bind/corpus/eec01dfc92b0761f6f16b1c7cb89412e.00000085.honggfuzz.cov new file mode 100644 index 00000000..c9884834 Binary files /dev/null and b/examples/bind/corpus/eec01dfc92b0761f6f16b1c7cb89412e.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/eecdebacc409aa86f5d8fb7a5b2b1be4.000006a1.honggfuzz.cov b/examples/bind/corpus/eecdebacc409aa86f5d8fb7a5b2b1be4.000006a1.honggfuzz.cov new file mode 100644 index 00000000..2e5baf6b Binary files /dev/null and b/examples/bind/corpus/eecdebacc409aa86f5d8fb7a5b2b1be4.000006a1.honggfuzz.cov differ diff --git a/examples/bind/corpus/eed33b405c42086a90b6b31e4ee5e8e1.000001b0.honggfuzz.cov b/examples/bind/corpus/eed33b405c42086a90b6b31e4ee5e8e1.000001b0.honggfuzz.cov deleted file mode 100644 index 664955f1..00000000 Binary files a/examples/bind/corpus/eed33b405c42086a90b6b31e4ee5e8e1.000001b0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/eed3d2fe0ec6611db209e2912385e45e.0001153e.honggfuzz.cov b/examples/bind/corpus/eed3d2fe0ec6611db209e2912385e45e.0001153e.honggfuzz.cov deleted file mode 100644 index 911e0a3e..00000000 Binary files a/examples/bind/corpus/eed3d2fe0ec6611db209e2912385e45e.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/eededd65bc240319c532c349b2fcb7bd.000000f9.honggfuzz.cov b/examples/bind/corpus/eededd65bc240319c532c349b2fcb7bd.000000f9.honggfuzz.cov new file mode 100644 index 00000000..af02383b Binary files /dev/null and b/examples/bind/corpus/eededd65bc240319c532c349b2fcb7bd.000000f9.honggfuzz.cov differ diff --git a/examples/bind/corpus/eef0337c5592eeb4f5abf801c7228c05.000000a1.honggfuzz.cov b/examples/bind/corpus/eef0337c5592eeb4f5abf801c7228c05.000000a1.honggfuzz.cov new file mode 100644 index 00000000..6c91b04c Binary files /dev/null and b/examples/bind/corpus/eef0337c5592eeb4f5abf801c7228c05.000000a1.honggfuzz.cov differ diff --git a/examples/bind/corpus/ef06866071cf5b98a61f2e7b334d6f5f.0000005e.honggfuzz.cov b/examples/bind/corpus/ef06866071cf5b98a61f2e7b334d6f5f.0000005e.honggfuzz.cov new file mode 100644 index 00000000..c2072ad2 Binary files /dev/null and b/examples/bind/corpus/ef06866071cf5b98a61f2e7b334d6f5f.0000005e.honggfuzz.cov differ diff --git a/examples/bind/corpus/ef10451a56123b384f58d9105f697d4a.0000004c.honggfuzz.cov b/examples/bind/corpus/ef10451a56123b384f58d9105f697d4a.0000004c.honggfuzz.cov deleted file mode 100644 index 44eb70d4..00000000 Binary files a/examples/bind/corpus/ef10451a56123b384f58d9105f697d4a.0000004c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ef1209ae2c782231e591602ff8c09247.00000081.honggfuzz.cov b/examples/bind/corpus/ef1209ae2c782231e591602ff8c09247.00000081.honggfuzz.cov deleted file mode 100644 index d9526932..00000000 Binary files a/examples/bind/corpus/ef1209ae2c782231e591602ff8c09247.00000081.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ef40328521315b0b35445afd91b49a75.00000101.honggfuzz.cov b/examples/bind/corpus/ef40328521315b0b35445afd91b49a75.00000101.honggfuzz.cov new file mode 100644 index 00000000..6955a52f Binary files /dev/null and b/examples/bind/corpus/ef40328521315b0b35445afd91b49a75.00000101.honggfuzz.cov differ diff --git a/examples/bind/corpus/ef555abe69951008f2170fb9f3552468.0001f7e8.honggfuzz.cov b/examples/bind/corpus/ef555abe69951008f2170fb9f3552468.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..4337db13 Binary files /dev/null and b/examples/bind/corpus/ef555abe69951008f2170fb9f3552468.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/ef720de559b2ad45122f17cec605518f.00000085.honggfuzz.cov b/examples/bind/corpus/ef720de559b2ad45122f17cec605518f.00000085.honggfuzz.cov deleted file mode 100644 index 5356942b..00000000 Binary files a/examples/bind/corpus/ef720de559b2ad45122f17cec605518f.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ef7a1cae733e8718ccb0c18dbabe2249.00001cf2.honggfuzz.cov b/examples/bind/corpus/ef7a1cae733e8718ccb0c18dbabe2249.00001cf2.honggfuzz.cov new file mode 100644 index 00000000..fab8868a Binary files /dev/null and b/examples/bind/corpus/ef7a1cae733e8718ccb0c18dbabe2249.00001cf2.honggfuzz.cov differ diff --git a/examples/bind/corpus/ef7c5d91eb56c783ecd7d82ed56af4dd.0000004f.honggfuzz.cov b/examples/bind/corpus/ef7c5d91eb56c783ecd7d82ed56af4dd.0000004f.honggfuzz.cov deleted file mode 100644 index ef224391..00000000 Binary files a/examples/bind/corpus/ef7c5d91eb56c783ecd7d82ed56af4dd.0000004f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ef97312053c837fcda038dfdc1847f6a.000000b0.honggfuzz.cov b/examples/bind/corpus/ef97312053c837fcda038dfdc1847f6a.000000b0.honggfuzz.cov deleted file mode 100644 index 9d8ec740..00000000 Binary files a/examples/bind/corpus/ef97312053c837fcda038dfdc1847f6a.000000b0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/efa435775004fa6ece6dc502db93f0a1.00007b9b.honggfuzz.cov b/examples/bind/corpus/efa435775004fa6ece6dc502db93f0a1.00007b9b.honggfuzz.cov deleted file mode 100644 index 4a315a58..00000000 Binary files a/examples/bind/corpus/efa435775004fa6ece6dc502db93f0a1.00007b9b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/efb5b25ddc98ffa9aea4acc630cbee9d.00000085.honggfuzz.cov b/examples/bind/corpus/efb5b25ddc98ffa9aea4acc630cbee9d.00000085.honggfuzz.cov deleted file mode 100644 index f710e038..00000000 Binary files a/examples/bind/corpus/efb5b25ddc98ffa9aea4acc630cbee9d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/efc95e16ff0b44e330eff66490115fe4.0000045a.honggfuzz.cov b/examples/bind/corpus/efc95e16ff0b44e330eff66490115fe4.0000045a.honggfuzz.cov new file mode 100644 index 00000000..afde6ab0 Binary files /dev/null and b/examples/bind/corpus/efc95e16ff0b44e330eff66490115fe4.0000045a.honggfuzz.cov differ diff --git a/examples/bind/corpus/efcb48c8db282b4237ea336e5cdf6bfc.00000400.honggfuzz.cov b/examples/bind/corpus/efcb48c8db282b4237ea336e5cdf6bfc.00000400.honggfuzz.cov new file mode 100644 index 00000000..8ad1a792 Binary files /dev/null and b/examples/bind/corpus/efcb48c8db282b4237ea336e5cdf6bfc.00000400.honggfuzz.cov differ diff --git a/examples/bind/corpus/efeb19208f03b548a0521615ff2c0794.00000173.honggfuzz.cov b/examples/bind/corpus/efeb19208f03b548a0521615ff2c0794.00000173.honggfuzz.cov deleted file mode 100644 index 034c4a64..00000000 Binary files a/examples/bind/corpus/efeb19208f03b548a0521615ff2c0794.00000173.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f003879431b4eaf5a89d6626f20e4612.00000085.honggfuzz.cov b/examples/bind/corpus/f003879431b4eaf5a89d6626f20e4612.00000085.honggfuzz.cov deleted file mode 100644 index 91b49af5..00000000 Binary files a/examples/bind/corpus/f003879431b4eaf5a89d6626f20e4612.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f0196a2e1e19a0910253bc8b2b9390c4.0000016e.honggfuzz.cov b/examples/bind/corpus/f0196a2e1e19a0910253bc8b2b9390c4.0000016e.honggfuzz.cov deleted file mode 100644 index 62929df2..00000000 Binary files a/examples/bind/corpus/f0196a2e1e19a0910253bc8b2b9390c4.0000016e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f01b256bd845dfd4a57389d8afa91c7d.00000085.honggfuzz.cov b/examples/bind/corpus/f01b256bd845dfd4a57389d8afa91c7d.00000085.honggfuzz.cov deleted file mode 100644 index 0a2f8520..00000000 Binary files a/examples/bind/corpus/f01b256bd845dfd4a57389d8afa91c7d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f01bd17fbb9160be65bfe9ffb8fbe324.000000f7.honggfuzz.cov b/examples/bind/corpus/f01bd17fbb9160be65bfe9ffb8fbe324.000000f7.honggfuzz.cov new file mode 100644 index 00000000..e2f7bba1 Binary files /dev/null and b/examples/bind/corpus/f01bd17fbb9160be65bfe9ffb8fbe324.000000f7.honggfuzz.cov differ diff --git a/examples/bind/corpus/f01c6338723709671a435e9c762ff574.00000085.honggfuzz.cov b/examples/bind/corpus/f01c6338723709671a435e9c762ff574.00000085.honggfuzz.cov deleted file mode 100644 index fbd3e7d5..00000000 Binary files a/examples/bind/corpus/f01c6338723709671a435e9c762ff574.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f031bac30fe24c05cca6c6b2dc07f329.00000085.honggfuzz.cov b/examples/bind/corpus/f031bac30fe24c05cca6c6b2dc07f329.00000085.honggfuzz.cov new file mode 100644 index 00000000..859ce1b2 Binary files /dev/null and b/examples/bind/corpus/f031bac30fe24c05cca6c6b2dc07f329.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/f0837543afecbcbaa1ff074deba97e82.00000123.honggfuzz.cov b/examples/bind/corpus/f0837543afecbcbaa1ff074deba97e82.00000123.honggfuzz.cov deleted file mode 100644 index c12eae0d..00000000 Binary files a/examples/bind/corpus/f0837543afecbcbaa1ff074deba97e82.00000123.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f08c591d980fd5502a6584bfd7c3e5b8.00000075.honggfuzz.cov b/examples/bind/corpus/f08c591d980fd5502a6584bfd7c3e5b8.00000075.honggfuzz.cov new file mode 100644 index 00000000..62f7e385 Binary files /dev/null and b/examples/bind/corpus/f08c591d980fd5502a6584bfd7c3e5b8.00000075.honggfuzz.cov differ diff --git a/examples/bind/corpus/f0990f18ca6273c08b50a937b8c00f0d.00000080.honggfuzz.cov b/examples/bind/corpus/f0990f18ca6273c08b50a937b8c00f0d.00000080.honggfuzz.cov new file mode 100644 index 00000000..49e8bded Binary files /dev/null and b/examples/bind/corpus/f0990f18ca6273c08b50a937b8c00f0d.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/f0a5eedff7d4f32a51583189dfd48fa0.000000c0.honggfuzz.cov b/examples/bind/corpus/f0a5eedff7d4f32a51583189dfd48fa0.000000c0.honggfuzz.cov deleted file mode 100644 index daafcaaf..00000000 Binary files a/examples/bind/corpus/f0a5eedff7d4f32a51583189dfd48fa0.000000c0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f0d3fa09473335c1ce239aa57a008ece.0000aae3.honggfuzz.cov b/examples/bind/corpus/f0d3fa09473335c1ce239aa57a008ece.0000aae3.honggfuzz.cov new file mode 100644 index 00000000..825cb720 Binary files /dev/null and b/examples/bind/corpus/f0d3fa09473335c1ce239aa57a008ece.0000aae3.honggfuzz.cov differ diff --git a/examples/bind/corpus/f0de5ae4ed2aa44b350dae46943467bf.00000b91.honggfuzz.cov b/examples/bind/corpus/f0de5ae4ed2aa44b350dae46943467bf.00000b91.honggfuzz.cov deleted file mode 100644 index 2a73389a..00000000 Binary files a/examples/bind/corpus/f0de5ae4ed2aa44b350dae46943467bf.00000b91.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f0fa77e268665f3ba32aaafc378fa1f4.00000085.honggfuzz.cov b/examples/bind/corpus/f0fa77e268665f3ba32aaafc378fa1f4.00000085.honggfuzz.cov deleted file mode 100644 index 1cf3a6c4..00000000 Binary files a/examples/bind/corpus/f0fa77e268665f3ba32aaafc378fa1f4.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f0fd221901fb7fe27c07ac2b64b28b5b.000008a2.honggfuzz.cov b/examples/bind/corpus/f0fd221901fb7fe27c07ac2b64b28b5b.000008a2.honggfuzz.cov deleted file mode 100644 index 947c10e6..00000000 Binary files a/examples/bind/corpus/f0fd221901fb7fe27c07ac2b64b28b5b.000008a2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f11069caba98b346a7654ce2f0ecb588.000000f9.honggfuzz.cov b/examples/bind/corpus/f11069caba98b346a7654ce2f0ecb588.000000f9.honggfuzz.cov deleted file mode 100644 index 9818620b..00000000 Binary files a/examples/bind/corpus/f11069caba98b346a7654ce2f0ecb588.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f13057a610d3e86d1577a59414c9fddc.000096fd.honggfuzz.cov b/examples/bind/corpus/f13057a610d3e86d1577a59414c9fddc.000096fd.honggfuzz.cov deleted file mode 100644 index 81f131be..00000000 Binary files a/examples/bind/corpus/f13057a610d3e86d1577a59414c9fddc.000096fd.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f14eb16570e19a1358825f240191b5b8.0000023e.honggfuzz.cov b/examples/bind/corpus/f14eb16570e19a1358825f240191b5b8.0000023e.honggfuzz.cov new file mode 100644 index 00000000..c5c97984 Binary files /dev/null and b/examples/bind/corpus/f14eb16570e19a1358825f240191b5b8.0000023e.honggfuzz.cov differ diff --git a/examples/bind/corpus/f174336d256b290d40ad3dbc4509b2f6.00003e92.honggfuzz.cov b/examples/bind/corpus/f174336d256b290d40ad3dbc4509b2f6.00003e92.honggfuzz.cov deleted file mode 100644 index 7559c803..00000000 Binary files a/examples/bind/corpus/f174336d256b290d40ad3dbc4509b2f6.00003e92.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f193f986351a80ad5ead5f1d61bbaa31.00000f16.honggfuzz.cov b/examples/bind/corpus/f193f986351a80ad5ead5f1d61bbaa31.00000f16.honggfuzz.cov new file mode 100644 index 00000000..c9caa5d1 Binary files /dev/null and b/examples/bind/corpus/f193f986351a80ad5ead5f1d61bbaa31.00000f16.honggfuzz.cov differ diff --git a/examples/bind/corpus/f1b21093bbb879b40b56f57a65cbd188.0000d7e3.honggfuzz.cov b/examples/bind/corpus/f1b21093bbb879b40b56f57a65cbd188.0000d7e3.honggfuzz.cov new file mode 100644 index 00000000..552bf4ce Binary files /dev/null and b/examples/bind/corpus/f1b21093bbb879b40b56f57a65cbd188.0000d7e3.honggfuzz.cov differ diff --git a/examples/bind/corpus/f1b80e646642b0ac6fc36168417c954b.000004ff.honggfuzz.cov b/examples/bind/corpus/f1b80e646642b0ac6fc36168417c954b.000004ff.honggfuzz.cov new file mode 100644 index 00000000..ba228c3a Binary files /dev/null and b/examples/bind/corpus/f1b80e646642b0ac6fc36168417c954b.000004ff.honggfuzz.cov differ diff --git a/examples/bind/corpus/f1bd6c3818181339680b150ad2cba8e5.00020000.honggfuzz.cov b/examples/bind/corpus/f1bd6c3818181339680b150ad2cba8e5.00020000.honggfuzz.cov deleted file mode 100644 index 067a64ca..00000000 Binary files a/examples/bind/corpus/f1bd6c3818181339680b150ad2cba8e5.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f1c006d1092c30c29ce7387679856472.00000278.honggfuzz.cov b/examples/bind/corpus/f1c006d1092c30c29ce7387679856472.00000278.honggfuzz.cov deleted file mode 100644 index 70294dad..00000000 Binary files a/examples/bind/corpus/f1c006d1092c30c29ce7387679856472.00000278.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f1daa1b59f55d7e9cccead99972fca78.000000e0.honggfuzz.cov b/examples/bind/corpus/f1daa1b59f55d7e9cccead99972fca78.000000e0.honggfuzz.cov deleted file mode 100644 index e3866c81..00000000 Binary files a/examples/bind/corpus/f1daa1b59f55d7e9cccead99972fca78.000000e0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f1dc746109302b5d369b8954f1e1ceb5.00003984.honggfuzz.cov b/examples/bind/corpus/f1dc746109302b5d369b8954f1e1ceb5.00003984.honggfuzz.cov new file mode 100644 index 00000000..bdfeeb34 Binary files /dev/null and b/examples/bind/corpus/f1dc746109302b5d369b8954f1e1ceb5.00003984.honggfuzz.cov differ diff --git a/examples/bind/corpus/f1e0f8202f23e9f183bd2f10846cd249.00016b89.honggfuzz.cov b/examples/bind/corpus/f1e0f8202f23e9f183bd2f10846cd249.00016b89.honggfuzz.cov new file mode 100644 index 00000000..b37fb99e Binary files /dev/null and b/examples/bind/corpus/f1e0f8202f23e9f183bd2f10846cd249.00016b89.honggfuzz.cov differ diff --git a/examples/bind/corpus/f202bb8104876685cd824ddfd38881bb.00018619.honggfuzz.cov b/examples/bind/corpus/f202bb8104876685cd824ddfd38881bb.00018619.honggfuzz.cov deleted file mode 100644 index fcd1c3e1..00000000 Binary files a/examples/bind/corpus/f202bb8104876685cd824ddfd38881bb.00018619.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f27ca995e634b923318893dd69bedfa1.0000004d.honggfuzz.cov b/examples/bind/corpus/f27ca995e634b923318893dd69bedfa1.0000004d.honggfuzz.cov new file mode 100644 index 00000000..d4c379ab Binary files /dev/null and b/examples/bind/corpus/f27ca995e634b923318893dd69bedfa1.0000004d.honggfuzz.cov differ diff --git a/examples/bind/corpus/f27ceb587f4f888f657d16a283225001.00020000.honggfuzz.cov b/examples/bind/corpus/f27ceb587f4f888f657d16a283225001.00020000.honggfuzz.cov deleted file mode 100644 index d7bb2faf..00000000 Binary files a/examples/bind/corpus/f27ceb587f4f888f657d16a283225001.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f287a64c7e3eeebaa1ff04d8957ed997.00000085.honggfuzz.cov b/examples/bind/corpus/f287a64c7e3eeebaa1ff04d8957ed997.00000085.honggfuzz.cov new file mode 100644 index 00000000..c0d1f481 Binary files /dev/null and b/examples/bind/corpus/f287a64c7e3eeebaa1ff04d8957ed997.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/f28d5bf4aa1aac01ad4ec4ccf58f1cab.0000838f.honggfuzz.cov b/examples/bind/corpus/f28d5bf4aa1aac01ad4ec4ccf58f1cab.0000838f.honggfuzz.cov new file mode 100644 index 00000000..e5c56a71 Binary files /dev/null and b/examples/bind/corpus/f28d5bf4aa1aac01ad4ec4ccf58f1cab.0000838f.honggfuzz.cov differ diff --git a/examples/bind/corpus/f29731da30ac869b631147624147d6d1.00010001.honggfuzz.cov b/examples/bind/corpus/f29731da30ac869b631147624147d6d1.00010001.honggfuzz.cov deleted file mode 100644 index 742ee98b..00000000 Binary files a/examples/bind/corpus/f29731da30ac869b631147624147d6d1.00010001.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f29980f2b450b9676c28a06b36f2dcd3.00009fe6.honggfuzz.cov b/examples/bind/corpus/f29980f2b450b9676c28a06b36f2dcd3.00009fe6.honggfuzz.cov deleted file mode 100644 index f4a2358e..00000000 Binary files a/examples/bind/corpus/f29980f2b450b9676c28a06b36f2dcd3.00009fe6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f2de15430a3cd87b031df84c6a417366.0000149e.honggfuzz.cov b/examples/bind/corpus/f2de15430a3cd87b031df84c6a417366.0000149e.honggfuzz.cov new file mode 100644 index 00000000..7cb37ff5 Binary files /dev/null and b/examples/bind/corpus/f2de15430a3cd87b031df84c6a417366.0000149e.honggfuzz.cov differ diff --git a/examples/bind/corpus/f303ae3e4f4716be87d43650c6f76d5d.00000155.honggfuzz.cov b/examples/bind/corpus/f303ae3e4f4716be87d43650c6f76d5d.00000155.honggfuzz.cov deleted file mode 100644 index 81fdf0c7..00000000 Binary files a/examples/bind/corpus/f303ae3e4f4716be87d43650c6f76d5d.00000155.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f3221a7c98d7bb07154e60d83840e9a0.000004df.honggfuzz.cov b/examples/bind/corpus/f3221a7c98d7bb07154e60d83840e9a0.000004df.honggfuzz.cov deleted file mode 100644 index 3e406760..00000000 Binary files a/examples/bind/corpus/f3221a7c98d7bb07154e60d83840e9a0.000004df.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f341a3878fb73eb6b8db45c5bcda4cd5.0000007e.honggfuzz.cov b/examples/bind/corpus/f341a3878fb73eb6b8db45c5bcda4cd5.0000007e.honggfuzz.cov deleted file mode 100644 index 85f9c996..00000000 Binary files a/examples/bind/corpus/f341a3878fb73eb6b8db45c5bcda4cd5.0000007e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f346369e9587cd31f8ab24aaeca0ee2a.0000002b.honggfuzz.cov b/examples/bind/corpus/f346369e9587cd31f8ab24aaeca0ee2a.0000002b.honggfuzz.cov new file mode 100644 index 00000000..210f931b Binary files /dev/null and b/examples/bind/corpus/f346369e9587cd31f8ab24aaeca0ee2a.0000002b.honggfuzz.cov differ diff --git a/examples/bind/corpus/f35fdb62091005add30023ebed06517e.00000042.honggfuzz.cov b/examples/bind/corpus/f35fdb62091005add30023ebed06517e.00000042.honggfuzz.cov new file mode 100644 index 00000000..995b368f Binary files /dev/null and b/examples/bind/corpus/f35fdb62091005add30023ebed06517e.00000042.honggfuzz.cov differ diff --git a/examples/bind/corpus/f36775f1d06ce8a9211338e45b212ba4.0000017d.honggfuzz.cov b/examples/bind/corpus/f36775f1d06ce8a9211338e45b212ba4.0000017d.honggfuzz.cov deleted file mode 100644 index 4ce5914e..00000000 Binary files a/examples/bind/corpus/f36775f1d06ce8a9211338e45b212ba4.0000017d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f37a19966bc1baf890474643129ad296.00000085.honggfuzz.cov b/examples/bind/corpus/f37a19966bc1baf890474643129ad296.00000085.honggfuzz.cov deleted file mode 100644 index 89d2a1b4..00000000 Binary files a/examples/bind/corpus/f37a19966bc1baf890474643129ad296.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f39804ba256e3c37aca0b22d970c3e1a.00000191.honggfuzz.cov b/examples/bind/corpus/f39804ba256e3c37aca0b22d970c3e1a.00000191.honggfuzz.cov new file mode 100644 index 00000000..07c1601d Binary files /dev/null and b/examples/bind/corpus/f39804ba256e3c37aca0b22d970c3e1a.00000191.honggfuzz.cov differ diff --git a/examples/bind/corpus/f3aae4dab116e4d55a6600cea105a8fd.0000104a.honggfuzz.cov b/examples/bind/corpus/f3aae4dab116e4d55a6600cea105a8fd.0000104a.honggfuzz.cov deleted file mode 100644 index 678daded..00000000 Binary files a/examples/bind/corpus/f3aae4dab116e4d55a6600cea105a8fd.0000104a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f3d6a48044f5e99a22eec4b1df61290e.00000085.honggfuzz.cov b/examples/bind/corpus/f3d6a48044f5e99a22eec4b1df61290e.00000085.honggfuzz.cov new file mode 100644 index 00000000..e095eb45 Binary files /dev/null and b/examples/bind/corpus/f3d6a48044f5e99a22eec4b1df61290e.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/f3d9343b33e5604e3485bb594553c0d6.00000c06.honggfuzz.cov b/examples/bind/corpus/f3d9343b33e5604e3485bb594553c0d6.00000c06.honggfuzz.cov deleted file mode 100644 index 9a2f615c..00000000 Binary files a/examples/bind/corpus/f3d9343b33e5604e3485bb594553c0d6.00000c06.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f3dae4db2c2db8f9292caf94af438bf8.00010394.honggfuzz.cov b/examples/bind/corpus/f3dae4db2c2db8f9292caf94af438bf8.00010394.honggfuzz.cov deleted file mode 100644 index 368d2200..00000000 Binary files a/examples/bind/corpus/f3dae4db2c2db8f9292caf94af438bf8.00010394.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f408a16608edff47a8098a0a23b80f58.0000007e.honggfuzz.cov b/examples/bind/corpus/f408a16608edff47a8098a0a23b80f58.0000007e.honggfuzz.cov new file mode 100644 index 00000000..84d38289 Binary files /dev/null and b/examples/bind/corpus/f408a16608edff47a8098a0a23b80f58.0000007e.honggfuzz.cov differ diff --git a/examples/bind/corpus/f411e8cc4c4ffc00b3098e2341cc768b.00000080.honggfuzz.cov b/examples/bind/corpus/f411e8cc4c4ffc00b3098e2341cc768b.00000080.honggfuzz.cov new file mode 100644 index 00000000..7e194e26 Binary files /dev/null and b/examples/bind/corpus/f411e8cc4c4ffc00b3098e2341cc768b.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/f4172edeebcb401e6dc8a4896b37c4c5.00000132.honggfuzz.cov b/examples/bind/corpus/f4172edeebcb401e6dc8a4896b37c4c5.00000132.honggfuzz.cov new file mode 100644 index 00000000..e090302d Binary files /dev/null and b/examples/bind/corpus/f4172edeebcb401e6dc8a4896b37c4c5.00000132.honggfuzz.cov differ diff --git a/examples/bind/corpus/f419c3589fe361215ee1553f43f00064.000000a0.honggfuzz.cov b/examples/bind/corpus/f419c3589fe361215ee1553f43f00064.000000a0.honggfuzz.cov new file mode 100644 index 00000000..5e11b8d8 Binary files /dev/null and b/examples/bind/corpus/f419c3589fe361215ee1553f43f00064.000000a0.honggfuzz.cov differ diff --git a/examples/bind/corpus/f45a89a5b5554ea67d4ec63d43d80008.00000038.honggfuzz.cov b/examples/bind/corpus/f45a89a5b5554ea67d4ec63d43d80008.00000038.honggfuzz.cov new file mode 100644 index 00000000..bbaada8f Binary files /dev/null and b/examples/bind/corpus/f45a89a5b5554ea67d4ec63d43d80008.00000038.honggfuzz.cov differ diff --git a/examples/bind/corpus/f45cfa645166ba4fe0193b53fb29dcd3.000001e7.honggfuzz.cov b/examples/bind/corpus/f45cfa645166ba4fe0193b53fb29dcd3.000001e7.honggfuzz.cov new file mode 100644 index 00000000..f73e55a5 Binary files /dev/null and b/examples/bind/corpus/f45cfa645166ba4fe0193b53fb29dcd3.000001e7.honggfuzz.cov differ diff --git a/examples/bind/corpus/f460b094378539d030e4aff3e225e03f.00001275.honggfuzz.cov b/examples/bind/corpus/f460b094378539d030e4aff3e225e03f.00001275.honggfuzz.cov deleted file mode 100644 index dbc45ff5..00000000 Binary files a/examples/bind/corpus/f460b094378539d030e4aff3e225e03f.00001275.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f467e255f1d1fa436aa159b7e0941dcf.0000377a.honggfuzz.cov b/examples/bind/corpus/f467e255f1d1fa436aa159b7e0941dcf.0000377a.honggfuzz.cov new file mode 100644 index 00000000..e2e36551 Binary files /dev/null and b/examples/bind/corpus/f467e255f1d1fa436aa159b7e0941dcf.0000377a.honggfuzz.cov differ diff --git a/examples/bind/corpus/f4a459aa0da7cc6c2d8bc43a6ab67f93.00000200.honggfuzz.cov b/examples/bind/corpus/f4a459aa0da7cc6c2d8bc43a6ab67f93.00000200.honggfuzz.cov new file mode 100644 index 00000000..fc83c248 Binary files /dev/null and b/examples/bind/corpus/f4a459aa0da7cc6c2d8bc43a6ab67f93.00000200.honggfuzz.cov differ diff --git a/examples/bind/corpus/f4b9abcaa8a7a1a1645b1856d0242f76.00000085.honggfuzz.cov b/examples/bind/corpus/f4b9abcaa8a7a1a1645b1856d0242f76.00000085.honggfuzz.cov deleted file mode 100644 index d188293a..00000000 Binary files a/examples/bind/corpus/f4b9abcaa8a7a1a1645b1856d0242f76.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f4db32a0858e9837ee97565beac0abb6.0000109a.honggfuzz.cov b/examples/bind/corpus/f4db32a0858e9837ee97565beac0abb6.0000109a.honggfuzz.cov deleted file mode 100644 index 9ac94b65..00000000 Binary files a/examples/bind/corpus/f4db32a0858e9837ee97565beac0abb6.0000109a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f4e473d0140efd30f9baa22a4987a813.00000051.honggfuzz.cov b/examples/bind/corpus/f4e473d0140efd30f9baa22a4987a813.00000051.honggfuzz.cov new file mode 100644 index 00000000..093a2c62 Binary files /dev/null and b/examples/bind/corpus/f4e473d0140efd30f9baa22a4987a813.00000051.honggfuzz.cov differ diff --git a/examples/bind/corpus/f508c4950f5a492b9b8d915d3bb267fd.0000005c.honggfuzz.cov b/examples/bind/corpus/f508c4950f5a492b9b8d915d3bb267fd.0000005c.honggfuzz.cov deleted file mode 100644 index 19d24f15..00000000 Binary files a/examples/bind/corpus/f508c4950f5a492b9b8d915d3bb267fd.0000005c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f51cb0918dc83c14ce7409101c89e3ec.000002ab.honggfuzz.cov b/examples/bind/corpus/f51cb0918dc83c14ce7409101c89e3ec.000002ab.honggfuzz.cov deleted file mode 100644 index ea932b34..00000000 Binary files a/examples/bind/corpus/f51cb0918dc83c14ce7409101c89e3ec.000002ab.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f51d11c92d42126f75f4f4c1d5997809.0002297c.honggfuzz.cov b/examples/bind/corpus/f51d11c92d42126f75f4f4c1d5997809.0002297c.honggfuzz.cov deleted file mode 100644 index 51500e47..00000000 Binary files a/examples/bind/corpus/f51d11c92d42126f75f4f4c1d5997809.0002297c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f51d4a051c2a9abb4a425d07cdb66942.000001c7.honggfuzz.cov b/examples/bind/corpus/f51d4a051c2a9abb4a425d07cdb66942.000001c7.honggfuzz.cov deleted file mode 100644 index 90f3c4ff..00000000 Binary files a/examples/bind/corpus/f51d4a051c2a9abb4a425d07cdb66942.000001c7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f5314fb57ccc866594589faaba05e1e6.000000f7.honggfuzz.cov b/examples/bind/corpus/f5314fb57ccc866594589faaba05e1e6.000000f7.honggfuzz.cov new file mode 100644 index 00000000..872696a5 Binary files /dev/null and b/examples/bind/corpus/f5314fb57ccc866594589faaba05e1e6.000000f7.honggfuzz.cov differ diff --git a/examples/bind/corpus/f5390a430169b575708fae0977a31375.000003ed.honggfuzz.cov b/examples/bind/corpus/f5390a430169b575708fae0977a31375.000003ed.honggfuzz.cov deleted file mode 100644 index 703032c1..00000000 Binary files a/examples/bind/corpus/f5390a430169b575708fae0977a31375.000003ed.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f5491ef9a8e49592edc0766d97ba4555.00000175.honggfuzz.cov b/examples/bind/corpus/f5491ef9a8e49592edc0766d97ba4555.00000175.honggfuzz.cov deleted file mode 100644 index 98bf509b..00000000 Binary files a/examples/bind/corpus/f5491ef9a8e49592edc0766d97ba4555.00000175.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f55cc60765f2293b769ad3b994c84fd8.0000002d.honggfuzz.cov b/examples/bind/corpus/f55cc60765f2293b769ad3b994c84fd8.0000002d.honggfuzz.cov new file mode 100644 index 00000000..384e2fce Binary files /dev/null and b/examples/bind/corpus/f55cc60765f2293b769ad3b994c84fd8.0000002d.honggfuzz.cov differ diff --git a/examples/bind/corpus/f55cc65625f2293b76f0151594c84fd8.0000002d.honggfuzz.cov b/examples/bind/corpus/f55cc65625f2293b76f0151594c84fd8.0000002d.honggfuzz.cov deleted file mode 100644 index 471e0bac..00000000 Binary files a/examples/bind/corpus/f55cc65625f2293b76f0151594c84fd8.0000002d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f55cd75735f2293b76f008a294c84fd8.0000002d.honggfuzz.cov b/examples/bind/corpus/f55cd75735f2293b76f008a294c84fd8.0000002d.honggfuzz.cov new file mode 100644 index 00000000..dbad7a3a Binary files /dev/null and b/examples/bind/corpus/f55cd75735f2293b76f008a294c84fd8.0000002d.honggfuzz.cov differ diff --git a/examples/bind/corpus/f55fdf0b07d217ff50a7f031e0df47ec.000000a7.honggfuzz.cov b/examples/bind/corpus/f55fdf0b07d217ff50a7f031e0df47ec.000000a7.honggfuzz.cov new file mode 100644 index 00000000..e6d1b94f Binary files /dev/null and b/examples/bind/corpus/f55fdf0b07d217ff50a7f031e0df47ec.000000a7.honggfuzz.cov differ diff --git a/examples/bind/corpus/f5747f7cb95a89bfa47959d91e5d7355.00000085.honggfuzz.cov b/examples/bind/corpus/f5747f7cb95a89bfa47959d91e5d7355.00000085.honggfuzz.cov new file mode 100644 index 00000000..a084d8bc Binary files /dev/null and b/examples/bind/corpus/f5747f7cb95a89bfa47959d91e5d7355.00000085.honggfuzz.cov differ diff --git a/examples/bind/corpus/f58db2f0e0a0ad3fb18a725e07f7d91a.00000d98.honggfuzz.cov b/examples/bind/corpus/f58db2f0e0a0ad3fb18a725e07f7d91a.00000d98.honggfuzz.cov deleted file mode 100644 index 8eae0401..00000000 Binary files a/examples/bind/corpus/f58db2f0e0a0ad3fb18a725e07f7d91a.00000d98.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f59bb4953ce805e926293a3ce779ff37.000001e6.honggfuzz.cov b/examples/bind/corpus/f59bb4953ce805e926293a3ce779ff37.000001e6.honggfuzz.cov new file mode 100644 index 00000000..5b195d13 Binary files /dev/null and b/examples/bind/corpus/f59bb4953ce805e926293a3ce779ff37.000001e6.honggfuzz.cov differ diff --git a/examples/bind/corpus/f5b5c4ef7df7f0d473eee269aee7e70a.0000bb6c.honggfuzz.cov b/examples/bind/corpus/f5b5c4ef7df7f0d473eee269aee7e70a.0000bb6c.honggfuzz.cov deleted file mode 100644 index c8f065ad..00000000 Binary files a/examples/bind/corpus/f5b5c4ef7df7f0d473eee269aee7e70a.0000bb6c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f5d5065fbfeca4c61367c94755eaf841.0000298f.honggfuzz.cov b/examples/bind/corpus/f5d5065fbfeca4c61367c94755eaf841.0000298f.honggfuzz.cov deleted file mode 100644 index 72f3297e..00000000 Binary files a/examples/bind/corpus/f5d5065fbfeca4c61367c94755eaf841.0000298f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f601796b2b98e92d31871c2396856909.00007f30.honggfuzz.cov b/examples/bind/corpus/f601796b2b98e92d31871c2396856909.00007f30.honggfuzz.cov new file mode 100644 index 00000000..4f94e140 Binary files /dev/null and b/examples/bind/corpus/f601796b2b98e92d31871c2396856909.00007f30.honggfuzz.cov differ diff --git a/examples/bind/corpus/f608f0410173785e9c332f1dfbbfb07d.00000085.honggfuzz.cov b/examples/bind/corpus/f608f0410173785e9c332f1dfbbfb07d.00000085.honggfuzz.cov deleted file mode 100644 index ca435a9f..00000000 Binary files a/examples/bind/corpus/f608f0410173785e9c332f1dfbbfb07d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f6276f1a8e7e1e29a731292d57e245a9.00000e6e.honggfuzz.cov b/examples/bind/corpus/f6276f1a8e7e1e29a731292d57e245a9.00000e6e.honggfuzz.cov deleted file mode 100644 index 329afac8..00000000 Binary files a/examples/bind/corpus/f6276f1a8e7e1e29a731292d57e245a9.00000e6e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f63d3142f11e419105f107d795e75acd.00000164.honggfuzz.cov b/examples/bind/corpus/f63d3142f11e419105f107d795e75acd.00000164.honggfuzz.cov new file mode 100644 index 00000000..c3ff2aea Binary files /dev/null and b/examples/bind/corpus/f63d3142f11e419105f107d795e75acd.00000164.honggfuzz.cov differ diff --git a/examples/bind/corpus/f63f3db78d896936867cb29e7740fa94.000101d0.honggfuzz.cov b/examples/bind/corpus/f63f3db78d896936867cb29e7740fa94.000101d0.honggfuzz.cov new file mode 100644 index 00000000..8d74e604 Binary files /dev/null and b/examples/bind/corpus/f63f3db78d896936867cb29e7740fa94.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/f64b03fd3976a1db3797a04cd2ba5089.000093ce.honggfuzz.cov b/examples/bind/corpus/f64b03fd3976a1db3797a04cd2ba5089.000093ce.honggfuzz.cov deleted file mode 100644 index d477fb7b..00000000 Binary files a/examples/bind/corpus/f64b03fd3976a1db3797a04cd2ba5089.000093ce.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f64f1712445cd1bc46e3ba3929528583.000000f9.honggfuzz.cov b/examples/bind/corpus/f64f1712445cd1bc46e3ba3929528583.000000f9.honggfuzz.cov deleted file mode 100644 index 2ccfad04..00000000 Binary files a/examples/bind/corpus/f64f1712445cd1bc46e3ba3929528583.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f650fa2d7f0c340622a2c80101b1a2f4.00000085.honggfuzz.cov b/examples/bind/corpus/f650fa2d7f0c340622a2c80101b1a2f4.00000085.honggfuzz.cov deleted file mode 100644 index 424aa0a9..00000000 Binary files a/examples/bind/corpus/f650fa2d7f0c340622a2c80101b1a2f4.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f6b8e0cac2fc0c3c0c635982480b8f97.00000080.honggfuzz.cov b/examples/bind/corpus/f6b8e0cac2fc0c3c0c635982480b8f97.00000080.honggfuzz.cov deleted file mode 100644 index 720bce9c..00000000 Binary files a/examples/bind/corpus/f6b8e0cac2fc0c3c0c635982480b8f97.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f6c101bb5464967a23e4520ec29ae1db.00000181.honggfuzz.cov b/examples/bind/corpus/f6c101bb5464967a23e4520ec29ae1db.00000181.honggfuzz.cov deleted file mode 100644 index 1edb9e25..00000000 Binary files a/examples/bind/corpus/f6c101bb5464967a23e4520ec29ae1db.00000181.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f6c7135cfc81f35822ddb1d1437f69f4.00000129.honggfuzz.cov b/examples/bind/corpus/f6c7135cfc81f35822ddb1d1437f69f4.00000129.honggfuzz.cov new file mode 100644 index 00000000..151e7e9e Binary files /dev/null and b/examples/bind/corpus/f6c7135cfc81f35822ddb1d1437f69f4.00000129.honggfuzz.cov differ diff --git a/examples/bind/corpus/f6d7ba82c44e352b1c3dba272825cbc1.00006f8e.honggfuzz.cov b/examples/bind/corpus/f6d7ba82c44e352b1c3dba272825cbc1.00006f8e.honggfuzz.cov deleted file mode 100644 index c4d1dae7..00000000 Binary files a/examples/bind/corpus/f6d7ba82c44e352b1c3dba272825cbc1.00006f8e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f6ecce1c2c2322352014938644c0fcb3.0004dd7b.honggfuzz.cov b/examples/bind/corpus/f6ecce1c2c2322352014938644c0fcb3.0004dd7b.honggfuzz.cov deleted file mode 100644 index cb4af179..00000000 Binary files a/examples/bind/corpus/f6ecce1c2c2322352014938644c0fcb3.0004dd7b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f6ef4f96792253af939851d700e853c0.0000969b.honggfuzz.cov b/examples/bind/corpus/f6ef4f96792253af939851d700e853c0.0000969b.honggfuzz.cov deleted file mode 100644 index 6e609bb4..00000000 Binary files a/examples/bind/corpus/f6ef4f96792253af939851d700e853c0.0000969b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f721fb7695e3f7a8d92e3c00eea6b3b8.00001d3b.honggfuzz.cov b/examples/bind/corpus/f721fb7695e3f7a8d92e3c00eea6b3b8.00001d3b.honggfuzz.cov new file mode 100644 index 00000000..c23300af Binary files /dev/null and b/examples/bind/corpus/f721fb7695e3f7a8d92e3c00eea6b3b8.00001d3b.honggfuzz.cov differ diff --git a/examples/bind/corpus/f72abd8ce61eaf4ad35660cac9807ce3.0001d687.honggfuzz.cov b/examples/bind/corpus/f72abd8ce61eaf4ad35660cac9807ce3.0001d687.honggfuzz.cov deleted file mode 100644 index d509599d..00000000 Binary files a/examples/bind/corpus/f72abd8ce61eaf4ad35660cac9807ce3.0001d687.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f732a543f7256ac49983fe7ccf0893bc.0000150f.honggfuzz.cov b/examples/bind/corpus/f732a543f7256ac49983fe7ccf0893bc.0000150f.honggfuzz.cov deleted file mode 100644 index 3d117484..00000000 Binary files a/examples/bind/corpus/f732a543f7256ac49983fe7ccf0893bc.0000150f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f73c11b6765c8cc822f7b4fd7133769b.000000ff.honggfuzz.cov b/examples/bind/corpus/f73c11b6765c8cc822f7b4fd7133769b.000000ff.honggfuzz.cov new file mode 100644 index 00000000..d4f65c1c Binary files /dev/null and b/examples/bind/corpus/f73c11b6765c8cc822f7b4fd7133769b.000000ff.honggfuzz.cov differ diff --git a/examples/bind/corpus/f7537854be7fc596dee59c52f46d144f.0000abd4.honggfuzz.cov b/examples/bind/corpus/f7537854be7fc596dee59c52f46d144f.0000abd4.honggfuzz.cov deleted file mode 100644 index 5496ac84..00000000 Binary files a/examples/bind/corpus/f7537854be7fc596dee59c52f46d144f.0000abd4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f76ba6738f0aa768848361ed0fbad7d1.00000018.honggfuzz.cov b/examples/bind/corpus/f76ba6738f0aa768848361ed0fbad7d1.00000018.honggfuzz.cov deleted file mode 100644 index 4033bc3b..00000000 Binary files a/examples/bind/corpus/f76ba6738f0aa768848361ed0fbad7d1.00000018.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f773089dd8032f2f7b0f91fb70249e08.000020e4.honggfuzz.cov b/examples/bind/corpus/f773089dd8032f2f7b0f91fb70249e08.000020e4.honggfuzz.cov deleted file mode 100644 index 7b57f6aa..00000000 Binary files a/examples/bind/corpus/f773089dd8032f2f7b0f91fb70249e08.000020e4.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f7759fb07da1a6434dd9a93ccc6cb2c8.00000085.honggfuzz.cov b/examples/bind/corpus/f7759fb07da1a6434dd9a93ccc6cb2c8.00000085.honggfuzz.cov deleted file mode 100644 index 98a45a3b..00000000 Binary files a/examples/bind/corpus/f7759fb07da1a6434dd9a93ccc6cb2c8.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f79289884b0188bdd4dd0dafbcdd0a29.00000094.honggfuzz.cov b/examples/bind/corpus/f79289884b0188bdd4dd0dafbcdd0a29.00000094.honggfuzz.cov deleted file mode 100644 index c330ffc5..00000000 Binary files a/examples/bind/corpus/f79289884b0188bdd4dd0dafbcdd0a29.00000094.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f7bbe9cd5a6c423814662f4939b371b5.00000200.honggfuzz.cov b/examples/bind/corpus/f7bbe9cd5a6c423814662f4939b371b5.00000200.honggfuzz.cov deleted file mode 100644 index f730fb22..00000000 Binary files a/examples/bind/corpus/f7bbe9cd5a6c423814662f4939b371b5.00000200.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f7be7d59d47482a104015659abd550a2.0000050d.honggfuzz.cov b/examples/bind/corpus/f7be7d59d47482a104015659abd550a2.0000050d.honggfuzz.cov new file mode 100644 index 00000000..bbd03b8b Binary files /dev/null and b/examples/bind/corpus/f7be7d59d47482a104015659abd550a2.0000050d.honggfuzz.cov differ diff --git a/examples/bind/corpus/f7ca01a23e251148e6d8c9c999706098.0000247f.honggfuzz.cov b/examples/bind/corpus/f7ca01a23e251148e6d8c9c999706098.0000247f.honggfuzz.cov deleted file mode 100644 index f904a46b..00000000 Binary files a/examples/bind/corpus/f7ca01a23e251148e6d8c9c999706098.0000247f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f7e4874673189fc3c64b43bb270e67b2.00000137.honggfuzz.cov b/examples/bind/corpus/f7e4874673189fc3c64b43bb270e67b2.00000137.honggfuzz.cov new file mode 100644 index 00000000..9f789a7e Binary files /dev/null and b/examples/bind/corpus/f7e4874673189fc3c64b43bb270e67b2.00000137.honggfuzz.cov differ diff --git a/examples/bind/corpus/f7ed59ea95aec7e5f887d801fda26139.000000ec.honggfuzz.cov b/examples/bind/corpus/f7ed59ea95aec7e5f887d801fda26139.000000ec.honggfuzz.cov new file mode 100644 index 00000000..4e65cc23 Binary files /dev/null and b/examples/bind/corpus/f7ed59ea95aec7e5f887d801fda26139.000000ec.honggfuzz.cov differ diff --git a/examples/bind/corpus/f7f4105840f1276413a4731a533826d7.000000f9.honggfuzz.cov b/examples/bind/corpus/f7f4105840f1276413a4731a533826d7.000000f9.honggfuzz.cov deleted file mode 100644 index ec412abe..00000000 Binary files a/examples/bind/corpus/f7f4105840f1276413a4731a533826d7.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f823ad46949b19e971f8bc2c02350911.0000040a.honggfuzz.cov b/examples/bind/corpus/f823ad46949b19e971f8bc2c02350911.0000040a.honggfuzz.cov deleted file mode 100644 index 6b2f534d..00000000 Binary files a/examples/bind/corpus/f823ad46949b19e971f8bc2c02350911.0000040a.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f83300670de4c6a20e39af8f41bce45e.000002c6.honggfuzz.cov b/examples/bind/corpus/f83300670de4c6a20e39af8f41bce45e.000002c6.honggfuzz.cov deleted file mode 100644 index fc621c90..00000000 Binary files a/examples/bind/corpus/f83300670de4c6a20e39af8f41bce45e.000002c6.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f856943bb720ae6a8d3e1b41b120d4a2.000010c7.honggfuzz.cov b/examples/bind/corpus/f856943bb720ae6a8d3e1b41b120d4a2.000010c7.honggfuzz.cov new file mode 100644 index 00000000..b7be7132 Binary files /dev/null and b/examples/bind/corpus/f856943bb720ae6a8d3e1b41b120d4a2.000010c7.honggfuzz.cov differ diff --git a/examples/bind/corpus/f8878ab2484e26ead46d1da31105628e.0000793c.honggfuzz.cov b/examples/bind/corpus/f8878ab2484e26ead46d1da31105628e.0000793c.honggfuzz.cov deleted file mode 100644 index b311ce41..00000000 Binary files a/examples/bind/corpus/f8878ab2484e26ead46d1da31105628e.0000793c.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f8a1a84dbe8d0726d94654e995e6f798.000022a3.honggfuzz.cov b/examples/bind/corpus/f8a1a84dbe8d0726d94654e995e6f798.000022a3.honggfuzz.cov new file mode 100644 index 00000000..2e4ea502 Binary files /dev/null and b/examples/bind/corpus/f8a1a84dbe8d0726d94654e995e6f798.000022a3.honggfuzz.cov differ diff --git a/examples/bind/corpus/f8e706b5dbacb681141410030101d9f1.000000c0.honggfuzz.cov b/examples/bind/corpus/f8e706b5dbacb681141410030101d9f1.000000c0.honggfuzz.cov new file mode 100644 index 00000000..40c0677a Binary files /dev/null and b/examples/bind/corpus/f8e706b5dbacb681141410030101d9f1.000000c0.honggfuzz.cov differ diff --git a/examples/bind/corpus/f92c29f0ea8b0b02f171d5aafdb05e05.00000028.honggfuzz.cov b/examples/bind/corpus/f92c29f0ea8b0b02f171d5aafdb05e05.00000028.honggfuzz.cov deleted file mode 100644 index 2228b33e..00000000 Binary files a/examples/bind/corpus/f92c29f0ea8b0b02f171d5aafdb05e05.00000028.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f930283d7953165bc6822b141a641c95.00000080.honggfuzz.cov b/examples/bind/corpus/f930283d7953165bc6822b141a641c95.00000080.honggfuzz.cov deleted file mode 100644 index 657d1de2..00000000 Binary files a/examples/bind/corpus/f930283d7953165bc6822b141a641c95.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f93267e7a52feb6c6db6f55592adb7e2.00000085.honggfuzz.cov b/examples/bind/corpus/f93267e7a52feb6c6db6f55592adb7e2.00000085.honggfuzz.cov deleted file mode 100644 index 9ac4d0dd..00000000 Binary files a/examples/bind/corpus/f93267e7a52feb6c6db6f55592adb7e2.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f942c28da73049237aff6bbf57d74938.0001f7e8.honggfuzz.cov b/examples/bind/corpus/f942c28da73049237aff6bbf57d74938.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..165ad403 Binary files /dev/null and b/examples/bind/corpus/f942c28da73049237aff6bbf57d74938.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/f94508c13390e729a5e5ffb03df48d3d.00000080.honggfuzz.cov b/examples/bind/corpus/f94508c13390e729a5e5ffb03df48d3d.00000080.honggfuzz.cov new file mode 100644 index 00000000..73a6d773 Binary files /dev/null and b/examples/bind/corpus/f94508c13390e729a5e5ffb03df48d3d.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/f958132bbff11340eeb065879b74223a.000000b1.honggfuzz.cov b/examples/bind/corpus/f958132bbff11340eeb065879b74223a.000000b1.honggfuzz.cov new file mode 100644 index 00000000..a0959819 Binary files /dev/null and b/examples/bind/corpus/f958132bbff11340eeb065879b74223a.000000b1.honggfuzz.cov differ diff --git a/examples/bind/corpus/f95b94909c777978044ca0eda88dc199.00000104.honggfuzz.cov b/examples/bind/corpus/f95b94909c777978044ca0eda88dc199.00000104.honggfuzz.cov new file mode 100644 index 00000000..4f4cb6cd Binary files /dev/null and b/examples/bind/corpus/f95b94909c777978044ca0eda88dc199.00000104.honggfuzz.cov differ diff --git a/examples/bind/corpus/f96c82b2d04ba8bdcd58881b6b6d8a31.00000110.honggfuzz.cov b/examples/bind/corpus/f96c82b2d04ba8bdcd58881b6b6d8a31.00000110.honggfuzz.cov deleted file mode 100644 index c8699e82..00000000 Binary files a/examples/bind/corpus/f96c82b2d04ba8bdcd58881b6b6d8a31.00000110.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f9789e8d71d84a8ef89ffa1e92eb54eb.0001f7e8.honggfuzz.cov b/examples/bind/corpus/f9789e8d71d84a8ef89ffa1e92eb54eb.0001f7e8.honggfuzz.cov new file mode 100644 index 00000000..2f82b1fd Binary files /dev/null and b/examples/bind/corpus/f9789e8d71d84a8ef89ffa1e92eb54eb.0001f7e8.honggfuzz.cov differ diff --git a/examples/bind/corpus/f99a8f6bbbcd692b490421f3de60f00f.0000004d.honggfuzz.cov b/examples/bind/corpus/f99a8f6bbbcd692b490421f3de60f00f.0000004d.honggfuzz.cov new file mode 100644 index 00000000..5e43fc6b Binary files /dev/null and b/examples/bind/corpus/f99a8f6bbbcd692b490421f3de60f00f.0000004d.honggfuzz.cov differ diff --git a/examples/bind/corpus/f9b05569f1acd42595414a9965492c8b.00008ec8.honggfuzz.cov b/examples/bind/corpus/f9b05569f1acd42595414a9965492c8b.00008ec8.honggfuzz.cov deleted file mode 100644 index 6dff8a45..00000000 Binary files a/examples/bind/corpus/f9b05569f1acd42595414a9965492c8b.00008ec8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f9b23f5e4d252794c5036321e738c562.0001153e.honggfuzz.cov b/examples/bind/corpus/f9b23f5e4d252794c5036321e738c562.0001153e.honggfuzz.cov deleted file mode 100644 index fded942a..00000000 Binary files a/examples/bind/corpus/f9b23f5e4d252794c5036321e738c562.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f9b7e42ca1c71bf68294080739592cba.00000181.honggfuzz.cov b/examples/bind/corpus/f9b7e42ca1c71bf68294080739592cba.00000181.honggfuzz.cov deleted file mode 100644 index 9254b31d..00000000 Binary files a/examples/bind/corpus/f9b7e42ca1c71bf68294080739592cba.00000181.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f9f16a7e37e36658c9dbf410e1240c4c.00000400.honggfuzz.cov b/examples/bind/corpus/f9f16a7e37e36658c9dbf410e1240c4c.00000400.honggfuzz.cov deleted file mode 100644 index ec15f391..00000000 Binary files a/examples/bind/corpus/f9f16a7e37e36658c9dbf410e1240c4c.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/f9f8a402de884c3e414c9ca47c341f42.00000205.honggfuzz.cov b/examples/bind/corpus/f9f8a402de884c3e414c9ca47c341f42.00000205.honggfuzz.cov new file mode 100644 index 00000000..5d99966b Binary files /dev/null and b/examples/bind/corpus/f9f8a402de884c3e414c9ca47c341f42.00000205.honggfuzz.cov differ diff --git a/examples/bind/corpus/fa56082c4f83534aeefb74f130eb53df.00000113.honggfuzz.cov b/examples/bind/corpus/fa56082c4f83534aeefb74f130eb53df.00000113.honggfuzz.cov deleted file mode 100644 index 5ff30236..00000000 Binary files a/examples/bind/corpus/fa56082c4f83534aeefb74f130eb53df.00000113.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fa927d159c363aa2b2f7e3039a193537.0000eac3.honggfuzz.cov b/examples/bind/corpus/fa927d159c363aa2b2f7e3039a193537.0000eac3.honggfuzz.cov deleted file mode 100644 index 3fda8a4a..00000000 Binary files a/examples/bind/corpus/fa927d159c363aa2b2f7e3039a193537.0000eac3.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fa9dc1065acb8fb226c730b65446ead8.000000df.honggfuzz.cov b/examples/bind/corpus/fa9dc1065acb8fb226c730b65446ead8.000000df.honggfuzz.cov deleted file mode 100644 index 06fca415..00000000 Binary files a/examples/bind/corpus/fa9dc1065acb8fb226c730b65446ead8.000000df.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fadf046093318646fd66d90f84ec7396.00000080.honggfuzz.cov b/examples/bind/corpus/fadf046093318646fd66d90f84ec7396.00000080.honggfuzz.cov deleted file mode 100644 index 26e45053..00000000 Binary files a/examples/bind/corpus/fadf046093318646fd66d90f84ec7396.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fb4ced38742d0d8fd08b8f602e65dd52.000101d0.honggfuzz.cov b/examples/bind/corpus/fb4ced38742d0d8fd08b8f602e65dd52.000101d0.honggfuzz.cov new file mode 100644 index 00000000..14437d12 Binary files /dev/null and b/examples/bind/corpus/fb4ced38742d0d8fd08b8f602e65dd52.000101d0.honggfuzz.cov differ diff --git a/examples/bind/corpus/fb6133a5d99addbd65cfd5322ad0314c.000000b0.honggfuzz.cov b/examples/bind/corpus/fb6133a5d99addbd65cfd5322ad0314c.000000b0.honggfuzz.cov deleted file mode 100644 index 18efc5e4..00000000 Binary files a/examples/bind/corpus/fb6133a5d99addbd65cfd5322ad0314c.000000b0.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fbb2380f11097de2e72b2779339b99b8.0000f634.honggfuzz.cov b/examples/bind/corpus/fbb2380f11097de2e72b2779339b99b8.0000f634.honggfuzz.cov new file mode 100644 index 00000000..d89a7c61 Binary files /dev/null and b/examples/bind/corpus/fbb2380f11097de2e72b2779339b99b8.0000f634.honggfuzz.cov differ diff --git a/examples/bind/corpus/fbcad276685d3c59554ca2a4c2fc20ad.00000fa2.honggfuzz.cov b/examples/bind/corpus/fbcad276685d3c59554ca2a4c2fc20ad.00000fa2.honggfuzz.cov deleted file mode 100644 index 8cbf41af..00000000 Binary files a/examples/bind/corpus/fbcad276685d3c59554ca2a4c2fc20ad.00000fa2.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fbf17b628ef09b1e3afbc6264bb83363.00000e87.honggfuzz.cov b/examples/bind/corpus/fbf17b628ef09b1e3afbc6264bb83363.00000e87.honggfuzz.cov deleted file mode 100644 index 388aff3a..00000000 Binary files a/examples/bind/corpus/fbf17b628ef09b1e3afbc6264bb83363.00000e87.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fc04e6f5cb9edac6174e596dec6f38df.000001b8.honggfuzz.cov b/examples/bind/corpus/fc04e6f5cb9edac6174e596dec6f38df.000001b8.honggfuzz.cov deleted file mode 100644 index c9bfcfbf..00000000 Binary files a/examples/bind/corpus/fc04e6f5cb9edac6174e596dec6f38df.000001b8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fc069df68a40f42f4c8dcd8e3f803499.000000be.honggfuzz.cov b/examples/bind/corpus/fc069df68a40f42f4c8dcd8e3f803499.000000be.honggfuzz.cov deleted file mode 100644 index 94c14893..00000000 Binary files a/examples/bind/corpus/fc069df68a40f42f4c8dcd8e3f803499.000000be.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fc0cdf496ca9c95812896cd5c9e67a04.000017b0.honggfuzz.cov b/examples/bind/corpus/fc0cdf496ca9c95812896cd5c9e67a04.000017b0.honggfuzz.cov new file mode 100644 index 00000000..b8117b20 Binary files /dev/null and b/examples/bind/corpus/fc0cdf496ca9c95812896cd5c9e67a04.000017b0.honggfuzz.cov differ diff --git a/examples/bind/corpus/fc0f00fbec17cff60f4bdcf1e0f5233d.00000085.honggfuzz.cov b/examples/bind/corpus/fc0f00fbec17cff60f4bdcf1e0f5233d.00000085.honggfuzz.cov deleted file mode 100644 index ff22fb46..00000000 Binary files a/examples/bind/corpus/fc0f00fbec17cff60f4bdcf1e0f5233d.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fc1561e49e3f097bae421d2397228c32.0000056d.honggfuzz.cov b/examples/bind/corpus/fc1561e49e3f097bae421d2397228c32.0000056d.honggfuzz.cov deleted file mode 100644 index d6248d5b..00000000 Binary files a/examples/bind/corpus/fc1561e49e3f097bae421d2397228c32.0000056d.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fc1f5c5ebc931bb6551d0c46e583fc5a.00000119.honggfuzz.cov b/examples/bind/corpus/fc1f5c5ebc931bb6551d0c46e583fc5a.00000119.honggfuzz.cov new file mode 100644 index 00000000..9a018e72 Binary files /dev/null and b/examples/bind/corpus/fc1f5c5ebc931bb6551d0c46e583fc5a.00000119.honggfuzz.cov differ diff --git a/examples/bind/corpus/fc28457cd5e9d6830b4a014ce9678b33.000000c3.honggfuzz.cov b/examples/bind/corpus/fc28457cd5e9d6830b4a014ce9678b33.000000c3.honggfuzz.cov new file mode 100644 index 00000000..345d615b Binary files /dev/null and b/examples/bind/corpus/fc28457cd5e9d6830b4a014ce9678b33.000000c3.honggfuzz.cov differ diff --git a/examples/bind/corpus/fc464f4cd15910d72b59c7311ddb5a00.00000113.honggfuzz.cov b/examples/bind/corpus/fc464f4cd15910d72b59c7311ddb5a00.00000113.honggfuzz.cov deleted file mode 100644 index f092a916..00000000 Binary files a/examples/bind/corpus/fc464f4cd15910d72b59c7311ddb5a00.00000113.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fc542ee67ea16902fe2d5d094da0c0de.000000f7.honggfuzz.cov b/examples/bind/corpus/fc542ee67ea16902fe2d5d094da0c0de.000000f7.honggfuzz.cov deleted file mode 100644 index 39f91337..00000000 Binary files a/examples/bind/corpus/fc542ee67ea16902fe2d5d094da0c0de.000000f7.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fc552e4f866bc795c62ca90549498d99.00000317.honggfuzz.cov b/examples/bind/corpus/fc552e4f866bc795c62ca90549498d99.00000317.honggfuzz.cov deleted file mode 100644 index a5d9ba5e..00000000 Binary files a/examples/bind/corpus/fc552e4f866bc795c62ca90549498d99.00000317.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fc6b3459be8e525b649a68f9f05f6c7a.0000005f.honggfuzz.cov b/examples/bind/corpus/fc6b3459be8e525b649a68f9f05f6c7a.0000005f.honggfuzz.cov deleted file mode 100644 index 466c5293..00000000 Binary files a/examples/bind/corpus/fc6b3459be8e525b649a68f9f05f6c7a.0000005f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fc8513b35e5f14d5c8a028a0999b2c3d.0000024f.honggfuzz.cov b/examples/bind/corpus/fc8513b35e5f14d5c8a028a0999b2c3d.0000024f.honggfuzz.cov deleted file mode 100644 index 9a59666b..00000000 Binary files a/examples/bind/corpus/fc8513b35e5f14d5c8a028a0999b2c3d.0000024f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fc8cbefebf26d41fccadc09beba27f26.00000400.honggfuzz.cov b/examples/bind/corpus/fc8cbefebf26d41fccadc09beba27f26.00000400.honggfuzz.cov deleted file mode 100644 index 9fbfc1d7..00000000 Binary files a/examples/bind/corpus/fc8cbefebf26d41fccadc09beba27f26.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fc9657ca18f22403c2af0cf041f43368.00000067.honggfuzz.cov b/examples/bind/corpus/fc9657ca18f22403c2af0cf041f43368.00000067.honggfuzz.cov new file mode 100644 index 00000000..16a04941 Binary files /dev/null and b/examples/bind/corpus/fc9657ca18f22403c2af0cf041f43368.00000067.honggfuzz.cov differ diff --git a/examples/bind/corpus/fc98f828a85460ba3ff90b348344b176.00000085.honggfuzz.cov b/examples/bind/corpus/fc98f828a85460ba3ff90b348344b176.00000085.honggfuzz.cov deleted file mode 100644 index 12e7572f..00000000 Binary files a/examples/bind/corpus/fc98f828a85460ba3ff90b348344b176.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fc9a91ae7bced45f1b070f9408c20fde.000000b8.honggfuzz.cov b/examples/bind/corpus/fc9a91ae7bced45f1b070f9408c20fde.000000b8.honggfuzz.cov new file mode 100644 index 00000000..86d0f8e9 Binary files /dev/null and b/examples/bind/corpus/fc9a91ae7bced45f1b070f9408c20fde.000000b8.honggfuzz.cov differ diff --git a/examples/bind/corpus/fceb9dafe85386facc9aa78317051ac1.0001bd8e.honggfuzz.cov b/examples/bind/corpus/fceb9dafe85386facc9aa78317051ac1.0001bd8e.honggfuzz.cov deleted file mode 100644 index 3af37774..00000000 Binary files a/examples/bind/corpus/fceb9dafe85386facc9aa78317051ac1.0001bd8e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fd0334d90b64110eb354aaacbad3f5a2.00013ce0.honggfuzz.cov b/examples/bind/corpus/fd0334d90b64110eb354aaacbad3f5a2.00013ce0.honggfuzz.cov new file mode 100644 index 00000000..2cc643e8 Binary files /dev/null and b/examples/bind/corpus/fd0334d90b64110eb354aaacbad3f5a2.00013ce0.honggfuzz.cov differ diff --git a/examples/bind/corpus/fd03f08f9c54ed33be31e43f3c859026.00000085.honggfuzz.cov b/examples/bind/corpus/fd03f08f9c54ed33be31e43f3c859026.00000085.honggfuzz.cov deleted file mode 100644 index 242f64db..00000000 Binary files a/examples/bind/corpus/fd03f08f9c54ed33be31e43f3c859026.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fd193112e82960fe1304acf163a9fa1f.000004df.honggfuzz.cov b/examples/bind/corpus/fd193112e82960fe1304acf163a9fa1f.000004df.honggfuzz.cov new file mode 100644 index 00000000..82cfbfae Binary files /dev/null and b/examples/bind/corpus/fd193112e82960fe1304acf163a9fa1f.000004df.honggfuzz.cov differ diff --git a/examples/bind/corpus/fd498b19e48ccdd2eef84ba4b2d981de.0001153e.honggfuzz.cov b/examples/bind/corpus/fd498b19e48ccdd2eef84ba4b2d981de.0001153e.honggfuzz.cov deleted file mode 100644 index db8d7ccd..00000000 Binary files a/examples/bind/corpus/fd498b19e48ccdd2eef84ba4b2d981de.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fd4a52f3c04d593396e1f2e5688fbfc0.0000002f.honggfuzz.cov b/examples/bind/corpus/fd4a52f3c04d593396e1f2e5688fbfc0.0000002f.honggfuzz.cov new file mode 100644 index 00000000..49aa3588 Binary files /dev/null and b/examples/bind/corpus/fd4a52f3c04d593396e1f2e5688fbfc0.0000002f.honggfuzz.cov differ diff --git a/examples/bind/corpus/fd5b1c196a001586f48266511a345371.00000085.honggfuzz.cov b/examples/bind/corpus/fd5b1c196a001586f48266511a345371.00000085.honggfuzz.cov deleted file mode 100644 index 8952f897..00000000 Binary files a/examples/bind/corpus/fd5b1c196a001586f48266511a345371.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fd901f471e3f3b66f3920c4af2407f87.00000096.honggfuzz.cov b/examples/bind/corpus/fd901f471e3f3b66f3920c4af2407f87.00000096.honggfuzz.cov deleted file mode 100644 index 7762b0bd..00000000 Binary files a/examples/bind/corpus/fd901f471e3f3b66f3920c4af2407f87.00000096.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fdaad4ac40ee20e40549a5d61df888a8.00001bfb.honggfuzz.cov b/examples/bind/corpus/fdaad4ac40ee20e40549a5d61df888a8.00001bfb.honggfuzz.cov deleted file mode 100644 index 736ad182..00000000 Binary files a/examples/bind/corpus/fdaad4ac40ee20e40549a5d61df888a8.00001bfb.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fdb04f7c4ce2c9c4ff5eb550fc1a6388.00000080.honggfuzz.cov b/examples/bind/corpus/fdb04f7c4ce2c9c4ff5eb550fc1a6388.00000080.honggfuzz.cov new file mode 100644 index 00000000..d3e004f0 Binary files /dev/null and b/examples/bind/corpus/fdb04f7c4ce2c9c4ff5eb550fc1a6388.00000080.honggfuzz.cov differ diff --git a/examples/bind/corpus/fdb13aad2a8ad8fd921d16d435804745.000001b1.honggfuzz.cov b/examples/bind/corpus/fdb13aad2a8ad8fd921d16d435804745.000001b1.honggfuzz.cov new file mode 100644 index 00000000..7661fe6a Binary files /dev/null and b/examples/bind/corpus/fdb13aad2a8ad8fd921d16d435804745.000001b1.honggfuzz.cov differ diff --git a/examples/bind/corpus/fdb21242fcb6b32294210ecc3ae07720.000000b2.honggfuzz.cov b/examples/bind/corpus/fdb21242fcb6b32294210ecc3ae07720.000000b2.honggfuzz.cov new file mode 100644 index 00000000..4f7731f6 Binary files /dev/null and b/examples/bind/corpus/fdb21242fcb6b32294210ecc3ae07720.000000b2.honggfuzz.cov differ diff --git a/examples/bind/corpus/fddf547a43fb3a6a05cf13c2b4ebce06.00000085.honggfuzz.cov b/examples/bind/corpus/fddf547a43fb3a6a05cf13c2b4ebce06.00000085.honggfuzz.cov deleted file mode 100644 index cd456687..00000000 Binary files a/examples/bind/corpus/fddf547a43fb3a6a05cf13c2b4ebce06.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fdee9a138bfa54516e260e55e1a9ce74.00001142.honggfuzz.cov b/examples/bind/corpus/fdee9a138bfa54516e260e55e1a9ce74.00001142.honggfuzz.cov deleted file mode 100644 index 1ddfec9d..00000000 Binary files a/examples/bind/corpus/fdee9a138bfa54516e260e55e1a9ce74.00001142.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fe60b543538eada195770eead539d558.00000085.honggfuzz.cov b/examples/bind/corpus/fe60b543538eada195770eead539d558.00000085.honggfuzz.cov deleted file mode 100644 index fc053c58..00000000 Binary files a/examples/bind/corpus/fe60b543538eada195770eead539d558.00000085.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fe685a256e80e897a7e6b166e9ec29be.000001b8.honggfuzz.cov b/examples/bind/corpus/fe685a256e80e897a7e6b166e9ec29be.000001b8.honggfuzz.cov deleted file mode 100644 index 4dfae625..00000000 Binary files a/examples/bind/corpus/fe685a256e80e897a7e6b166e9ec29be.000001b8.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fe6fe5779ac66dcce0104d8f31b79d55.000000f9.honggfuzz.cov b/examples/bind/corpus/fe6fe5779ac66dcce0104d8f31b79d55.000000f9.honggfuzz.cov deleted file mode 100644 index dfa31f4e..00000000 Binary files a/examples/bind/corpus/fe6fe5779ac66dcce0104d8f31b79d55.000000f9.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fe96f5e723de0a0bc08381324d0f9e22.00004e4b.honggfuzz.cov b/examples/bind/corpus/fe96f5e723de0a0bc08381324d0f9e22.00004e4b.honggfuzz.cov deleted file mode 100644 index 31fc919f..00000000 Binary files a/examples/bind/corpus/fe96f5e723de0a0bc08381324d0f9e22.00004e4b.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/feb410b0472467895f6124b4cb6a7b6e.0000012f.honggfuzz.cov b/examples/bind/corpus/feb410b0472467895f6124b4cb6a7b6e.0000012f.honggfuzz.cov deleted file mode 100644 index 71374cf7..00000000 Binary files a/examples/bind/corpus/feb410b0472467895f6124b4cb6a7b6e.0000012f.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fee9ae759a08e4c402d8513c15c8ef8e.000022cc.honggfuzz.cov b/examples/bind/corpus/fee9ae759a08e4c402d8513c15c8ef8e.000022cc.honggfuzz.cov deleted file mode 100644 index 0afb2699..00000000 Binary files a/examples/bind/corpus/fee9ae759a08e4c402d8513c15c8ef8e.000022cc.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/feefa8d0adf613424d42d25cef308e59.00000263.honggfuzz.cov b/examples/bind/corpus/feefa8d0adf613424d42d25cef308e59.00000263.honggfuzz.cov deleted file mode 100644 index 291516c3..00000000 Binary files a/examples/bind/corpus/feefa8d0adf613424d42d25cef308e59.00000263.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ff0bfb8f2a71231f925507a4f1a2fd22.00000080.honggfuzz.cov b/examples/bind/corpus/ff0bfb8f2a71231f925507a4f1a2fd22.00000080.honggfuzz.cov deleted file mode 100644 index 973c98a1..00000000 Binary files a/examples/bind/corpus/ff0bfb8f2a71231f925507a4f1a2fd22.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ff2c1871839b02fd5e0082dfe0e1b046.000093c5.honggfuzz.cov b/examples/bind/corpus/ff2c1871839b02fd5e0082dfe0e1b046.000093c5.honggfuzz.cov deleted file mode 100644 index 10fd2b39..00000000 Binary files a/examples/bind/corpus/ff2c1871839b02fd5e0082dfe0e1b046.000093c5.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ff43720d902699e8ec6d7e24df090fc8.00000400.honggfuzz.cov b/examples/bind/corpus/ff43720d902699e8ec6d7e24df090fc8.00000400.honggfuzz.cov deleted file mode 100644 index eb3d760d..00000000 Binary files a/examples/bind/corpus/ff43720d902699e8ec6d7e24df090fc8.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ff4d322d08cccee3c61b419854d2133c.00000bb8.honggfuzz.cov b/examples/bind/corpus/ff4d322d08cccee3c61b419854d2133c.00000bb8.honggfuzz.cov new file mode 100644 index 00000000..8c1b4f02 Binary files /dev/null and b/examples/bind/corpus/ff4d322d08cccee3c61b419854d2133c.00000bb8.honggfuzz.cov differ diff --git a/examples/bind/corpus/ff61e787beca9b8e965316385cbf14c1.00020000.honggfuzz.cov b/examples/bind/corpus/ff61e787beca9b8e965316385cbf14c1.00020000.honggfuzz.cov deleted file mode 100644 index e37c6d17..00000000 Binary files a/examples/bind/corpus/ff61e787beca9b8e965316385cbf14c1.00020000.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ff786885c60456d39bca4d499ef5c6f3.00000400.honggfuzz.cov b/examples/bind/corpus/ff786885c60456d39bca4d499ef5c6f3.00000400.honggfuzz.cov deleted file mode 100644 index 7414ddb2..00000000 Binary files a/examples/bind/corpus/ff786885c60456d39bca4d499ef5c6f3.00000400.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ff7ea39e44eb771d1bbb850c2d2c24dc.00000092.honggfuzz.cov b/examples/bind/corpus/ff7ea39e44eb771d1bbb850c2d2c24dc.00000092.honggfuzz.cov deleted file mode 100644 index d019a52d..00000000 Binary files a/examples/bind/corpus/ff7ea39e44eb771d1bbb850c2d2c24dc.00000092.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ffa13b1caa43e741a0468960c69780a0.00000080.honggfuzz.cov b/examples/bind/corpus/ffa13b1caa43e741a0468960c69780a0.00000080.honggfuzz.cov deleted file mode 100644 index 37901deb..00000000 Binary files a/examples/bind/corpus/ffa13b1caa43e741a0468960c69780a0.00000080.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ffa4ce9e56996ef42fa16b2a0aeb1a3d.00000056.honggfuzz.cov b/examples/bind/corpus/ffa4ce9e56996ef42fa16b2a0aeb1a3d.00000056.honggfuzz.cov new file mode 100644 index 00000000..8663c7ba Binary files /dev/null and b/examples/bind/corpus/ffa4ce9e56996ef42fa16b2a0aeb1a3d.00000056.honggfuzz.cov differ diff --git a/examples/bind/corpus/ffb7ac6135cb5be2bc759621a495a9ea.0000cd57.honggfuzz.cov b/examples/bind/corpus/ffb7ac6135cb5be2bc759621a495a9ea.0000cd57.honggfuzz.cov deleted file mode 100644 index 0ea1fb30..00000000 Binary files a/examples/bind/corpus/ffb7ac6135cb5be2bc759621a495a9ea.0000cd57.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ffb7b98b91efb3e1672ba4319e1424b9.0001153e.honggfuzz.cov b/examples/bind/corpus/ffb7b98b91efb3e1672ba4319e1424b9.0001153e.honggfuzz.cov deleted file mode 100644 index a44a60e8..00000000 Binary files a/examples/bind/corpus/ffb7b98b91efb3e1672ba4319e1424b9.0001153e.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/ffbf88391895cb0d0e985919c2ed17a7.00000b33.honggfuzz.cov b/examples/bind/corpus/ffbf88391895cb0d0e985919c2ed17a7.00000b33.honggfuzz.cov new file mode 100644 index 00000000..35add60f Binary files /dev/null and b/examples/bind/corpus/ffbf88391895cb0d0e985919c2ed17a7.00000b33.honggfuzz.cov differ diff --git a/examples/bind/corpus/ffbfd302acebbbec6f9bf8d7e02e4a05.00000343.honggfuzz.cov b/examples/bind/corpus/ffbfd302acebbbec6f9bf8d7e02e4a05.00000343.honggfuzz.cov new file mode 100644 index 00000000..b969d207 Binary files /dev/null and b/examples/bind/corpus/ffbfd302acebbbec6f9bf8d7e02e4a05.00000343.honggfuzz.cov differ diff --git a/examples/bind/corpus/ffd52b6d3051c4eac1ff0ded946693f4.00004f3a.honggfuzz.cov b/examples/bind/corpus/ffd52b6d3051c4eac1ff0ded946693f4.00004f3a.honggfuzz.cov new file mode 100644 index 00000000..12931e31 Binary files /dev/null and b/examples/bind/corpus/ffd52b6d3051c4eac1ff0ded946693f4.00004f3a.honggfuzz.cov differ diff --git a/examples/bind/corpus/ffed1cfe77fdfaaf1d2186547d679331.000713ab.honggfuzz.cov b/examples/bind/corpus/ffed1cfe77fdfaaf1d2186547d679331.000713ab.honggfuzz.cov deleted file mode 100644 index 1d9a5c85..00000000 Binary files a/examples/bind/corpus/ffed1cfe77fdfaaf1d2186547d679331.000713ab.honggfuzz.cov and /dev/null differ diff --git a/examples/bind/corpus/fff9f78df5231e979de3a0d806b7d9a8.000000e0.honggfuzz.cov b/examples/bind/corpus/fff9f78df5231e979de3a0d806b7d9a8.000000e0.honggfuzz.cov new file mode 100644 index 00000000..a6a6b1ca Binary files /dev/null and b/examples/bind/corpus/fff9f78df5231e979de3a0d806b7d9a8.000000e0.honggfuzz.cov differ diff --git a/examples/bind/corpus/fffac22de9a0e43c2a1bf125c222f988.00000085.honggfuzz.cov b/examples/bind/corpus/fffac22de9a0e43c2a1bf125c222f988.00000085.honggfuzz.cov deleted file mode 100644 index 7148a0cb..00000000 Binary files a/examples/bind/corpus/fffac22de9a0e43c2a1bf125c222f988.00000085.honggfuzz.cov and /dev/null differ -- cgit v1.2.3 From 6040b13eb6277147d36190bc1e0aa96b2c07a37d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 9 Oct 2019 14:53:43 +0200 Subject: examples/bind: +bind-9.15.4.patch #2 --- examples/bind/bind-9.15.4.patch | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/examples/bind/bind-9.15.4.patch b/examples/bind/bind-9.15.4.patch index 7ddeb2f6..42428e74 100644 --- a/examples/bind/bind-9.15.4.patch +++ b/examples/bind/bind-9.15.4.patch @@ -1,6 +1,18 @@ +diff -Nur ORIG.bind-9.15.4/bin/named/fuzz.c bind-9.15.4/bin/named/fuzz.c +--- ORIG.bind-9.15.4/bin/named/fuzz.c 2019-09-09 16:52:45.000000000 +0200 ++++ bind-9.15.4/bin/named/fuzz.c 2019-10-09 14:52:41.025018879 +0200 +@@ -736,7 +736,7 @@ + */ + void + named_fuzz_notify(void) { +-#ifdef ENABLE_AFL ++#if 0 + if (getenv("AFL_CMIN")) { + named_server_flushonshutdown(named_g_server, false); + isc_app_shutdown(); diff -Nur ORIG.bind-9.15.4/bin/named/main.c bind-9.15.4/bin/named/main.c --- ORIG.bind-9.15.4/bin/named/main.c 2019-09-09 16:52:45.000000000 +0200 -+++ bind-9.15.4/bin/named/main.c 2019-10-09 14:38:44.369350853 +0200 ++++ bind-9.15.4/bin/named/main.c 2019-10-09 14:52:21.993025966 +0200 @@ -1385,11 +1385,285 @@ } #endif /* HAVE_LIBSCF */ @@ -292,7 +304,7 @@ diff -Nur ORIG.bind-9.15.4/bin/named/main.c bind-9.15.4/bin/named/main.c #endif diff -Nur ORIG.bind-9.15.4/compile.sh bind-9.15.4/compile.sh --- ORIG.bind-9.15.4/compile.sh 1970-01-01 01:00:00.000000000 +0100 -+++ bind-9.15.4/compile.sh 2019-10-09 14:38:44.369350853 +0200 ++++ bind-9.15.4/compile.sh 2019-10-09 14:52:21.993025966 +0200 @@ -0,0 +1,20 @@ +#!/bin/sh + @@ -316,7 +328,7 @@ diff -Nur ORIG.bind-9.15.4/compile.sh bind-9.15.4/compile.sh +make -j$(nproc) diff -Nur ORIG.bind-9.15.4/lib/dns/request.c bind-9.15.4/lib/dns/request.c --- ORIG.bind-9.15.4/lib/dns/request.c 2019-09-09 16:52:45.000000000 +0200 -+++ bind-9.15.4/lib/dns/request.c 2019-10-09 14:38:44.369350853 +0200 ++++ bind-9.15.4/lib/dns/request.c 2019-10-09 14:52:21.997025964 +0200 @@ -747,7 +747,7 @@ goto cleanup; } @@ -337,7 +349,7 @@ diff -Nur ORIG.bind-9.15.4/lib/dns/request.c bind-9.15.4/lib/dns/request.c req_log(ISC_LOG_DEBUG(3), "request_render"); diff -Nur ORIG.bind-9.15.4/lib/dns/resolver.c bind-9.15.4/lib/dns/resolver.c --- ORIG.bind-9.15.4/lib/dns/resolver.c 2019-09-09 16:52:45.000000000 +0200 -+++ bind-9.15.4/lib/dns/resolver.c 2019-10-09 14:38:44.377350850 +0200 ++++ bind-9.15.4/lib/dns/resolver.c 2019-10-09 14:52:22.001025962 +0200 @@ -1946,7 +1946,7 @@ query = isc_mem_get(fctx->mctx, sizeof(*query)); @@ -349,7 +361,7 @@ diff -Nur ORIG.bind-9.15.4/lib/dns/resolver.c bind-9.15.4/lib/dns/resolver.c query->connects = 0; diff -Nur ORIG.bind-9.15.4/lib/isc/random.c bind-9.15.4/lib/isc/random.c --- ORIG.bind-9.15.4/lib/isc/random.c 2019-09-09 16:52:45.000000000 +0200 -+++ bind-9.15.4/lib/isc/random.c 2019-10-09 14:38:44.377350850 +0200 ++++ bind-9.15.4/lib/isc/random.c 2019-10-09 14:52:22.001025962 +0200 @@ -94,6 +94,7 @@ isc_random8(void) { RUNTIME_CHECK(isc_once_do(&isc_random_once, -- cgit v1.2.3 From 8ea96a844e84399942524bf3834b02ce6f0cdcc7 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Wed, 9 Oct 2019 14:58:41 +0200 Subject: Update README.md --- examples/bind/README.md | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/examples/bind/README.md b/examples/bind/README.md index 129645ae..aca5ffcc 100644 --- a/examples/bind/README.md +++ b/examples/bind/README.md @@ -1,40 +1,45 @@ -# Fuzzing ISC BIND 9.11.1 # +# Fuzzing ISC BIND (verified with 9.15.4) # **Requirements** * honggfuzz (1.1 or from the master branch) * clang-4.0, or newer (5.0 works as well) - * ISC BIND (e.g.: 9.11.1 or newer) + * ISC Bind (verified with 9.15.4) **Preparation** Note: The examples provided below use hardcoded paths (here to: _/home/jagger/_). These will have to be modified, so they reflect your actual build environment. 1. Compile honggfuzz -2. Download and unpack bind-9.11.\*.tgz -3. Patch ISC BIND - ``` -$ cd bind-9.11.1-P3 -$ patch -p1 < honggfuzz/examples/bind/patch-bind-9.11.1-P3 - ``` +2. Download and unpack bind-9.15.4.tgz +3. Unpack bind, and patch it + +```shell +$ cd +$ tar -xvzf bind-9.15.4.tar.gz +$ cd bind-9.15.4 +$ patch -p1 < /examples/bind/bind-9.15.4.patch +$ chmod 755 compile.sh +``` -4. Configure, compile and install ISC BIND +4. Configure, compile and install ISC Bind -* edit _compile.sh_, so it contains correct dist path - ``` +* edit _compile.sh_, so it contains the correct dist (_--prefix_) path + + ```shell $ ./compile.sh $ make install ``` -5. Copy the custom configuration files to ```/home/jagger/fuzz/bind/dist/etc/named.conf``` (i.e. to your bind/named dist directory) +5. Copy the custom configuration files to ```/bind/dist/etc/named.conf``` (i.e. to your bind/named dist directory) -``` -$ cp honggfuzz/examples/bind/named.conf /home/jagger/fuzz/bind/dist/etc/ -$ cp honggfuzz/examples/bind/test.zone /home/jagger/fuzz/bind/dist/etc/ +```shell +$ cp honggfuzz/examples/bind/named.conf /bind/dist/etc/ +$ cp honggfuzz/examples/bind/test.zone /bind/dist/etc/ ``` -6. **Go** +6. **Fuzz it!** -``` -$ honggfuzz/honggfuzz -i input_corpus -z -P -- ./dist/sbin/named -c /home/jagger/fuzz/bind/dist/etc/named.conf -g +```shell +$ /honggfuzz -i input_corpus -- ./dist/sbin/named -c /home/jagger/fuzz/bind/dist/etc/named.conf -g ``` -- cgit v1.2.3 From ac731e9b9e64f90d3b4d16614241064edbc3c147 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Wed, 9 Oct 2019 15:03:11 +0200 Subject: Update README.md --- examples/bind/README.md | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/examples/bind/README.md b/examples/bind/README.md index aca5ffcc..d81804b3 100644 --- a/examples/bind/README.md +++ b/examples/bind/README.md @@ -2,17 +2,15 @@ **Requirements** - * honggfuzz (1.1 or from the master branch) - * clang-4.0, or newer (5.0 works as well) - * ISC Bind (verified with 9.15.4) + * honggfuzz (1.9 or from the master branch) + * clang-5.0 or newer (the newer, the better) + * ISC Bind (tested with 9.15.4) **Preparation** -Note: The examples provided below use hardcoded paths (here to: _/home/jagger/_). These will have to be modified, so they reflect your actual build environment. - -1. Compile honggfuzz -2. Download and unpack bind-9.15.4.tgz -3. Unpack bind, and patch it +*** 1. Compile honggfuzz +*** 2. Download and unpack bind-9.15.4.tgz +*** 3. Unpack bind, and patch it ```shell $ cd @@ -22,23 +20,30 @@ $ patch -p1 < /examples/bind/bind-9.15.4.patch $ chmod 755 compile.sh ``` -4. Configure, compile and install ISC Bind +*** 4. Configure, compile and install ISC Bind * edit _compile.sh_, so it contains the correct dist (_--prefix_) path ```shell +$ vim compile.sh # [edit the --prefix] $ ./compile.sh $ make install ``` -5. Copy the custom configuration files to ```/bind/dist/etc/named.conf``` (i.e. to your bind/named dist directory) +*** 5. Copy the custom configuration files to ```/bind/dist/etc/named.conf``` (i.e. to your bind/named dist directory) ```shell $ cp honggfuzz/examples/bind/named.conf /bind/dist/etc/ $ cp honggfuzz/examples/bind/test.zone /bind/dist/etc/ ``` + +*** 6. Fix the _directory_ configuration directive inside your /bind/dist/etc/named.conf + +```shell +$ vim /bind/dist/etc/named.conf # [edit the *directory* directive] +``` -6. **Fuzz it!** +*** 7. **Fuzz it!** ```shell $ /honggfuzz -i input_corpus -- ./dist/sbin/named -c /home/jagger/fuzz/bind/dist/etc/named.conf -g -- cgit v1.2.3 From 1859eadd32cea6aca8063a017289be51eac3a8c2 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Wed, 9 Oct 2019 15:04:42 +0200 Subject: Update README.md --- examples/bind/README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/examples/bind/README.md b/examples/bind/README.md index d81804b3..91958be4 100644 --- a/examples/bind/README.md +++ b/examples/bind/README.md @@ -9,8 +9,8 @@ **Preparation** *** 1. Compile honggfuzz -*** 2. Download and unpack bind-9.15.4.tgz -*** 3. Unpack bind, and patch it +2. Download bind-9.15.4.tgz from https://downloads.isc.org/isc/bind9/ +3. Decompress/unpack and patch it ```shell $ cd @@ -20,7 +20,7 @@ $ patch -p1 < /examples/bind/bind-9.15.4.patch $ chmod 755 compile.sh ``` -*** 4. Configure, compile and install ISC Bind +4. Configure, compile and install ISC Bind * edit _compile.sh_, so it contains the correct dist (_--prefix_) path @@ -30,20 +30,20 @@ $ ./compile.sh $ make install ``` -*** 5. Copy the custom configuration files to ```/bind/dist/etc/named.conf``` (i.e. to your bind/named dist directory) +5. Copy the custom configuration files to ```/bind/dist/etc/named.conf``` (i.e. to your bind/named dist directory) ```shell $ cp honggfuzz/examples/bind/named.conf /bind/dist/etc/ $ cp honggfuzz/examples/bind/test.zone /bind/dist/etc/ ``` -*** 6. Fix the _directory_ configuration directive inside your /bind/dist/etc/named.conf +6. Fix the _directory_ configuration directive inside your /bind/dist/etc/named.conf ```shell $ vim /bind/dist/etc/named.conf # [edit the *directory* directive] ``` -*** 7. **Fuzz it!** +7. **Fuzz it!** ```shell $ /honggfuzz -i input_corpus -- ./dist/sbin/named -c /home/jagger/fuzz/bind/dist/etc/named.conf -g -- cgit v1.2.3 From 255596d6ef6aacd72eeed9e6f29dc0fb8ef09ad5 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Wed, 9 Oct 2019 15:04:53 +0200 Subject: Update README.md --- examples/bind/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/bind/README.md b/examples/bind/README.md index 91958be4..a3ec1e7f 100644 --- a/examples/bind/README.md +++ b/examples/bind/README.md @@ -8,7 +8,7 @@ **Preparation** -*** 1. Compile honggfuzz +1. Compile honggfuzz 2. Download bind-9.15.4.tgz from https://downloads.isc.org/isc/bind9/ 3. Decompress/unpack and patch it -- cgit v1.2.3 From 5efceec2504d25786bd015fc97e36f11f5a84d51 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Wed, 9 Oct 2019 15:05:55 +0200 Subject: Update README.md --- examples/bind/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/bind/README.md b/examples/bind/README.md index a3ec1e7f..93c6bbce 100644 --- a/examples/bind/README.md +++ b/examples/bind/README.md @@ -46,5 +46,5 @@ $ vim /bind/dist/etc/named.conf # [edit the *directory* direc 7. **Fuzz it!** ```shell -$ /honggfuzz -i input_corpus -- ./dist/sbin/named -c /home/jagger/fuzz/bind/dist/etc/named.conf -g +$ /honggfuzz -i input_corpus -- ./dist/sbin/named -c /bind/dist/etc/named.conf -g ``` -- cgit v1.2.3 From 4f47580a5155e7d20a30b73e1884a1123e153110 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 9 Oct 2019 23:24:38 +0200 Subject: input: add empty file instead of 1-byte file --- fuzz.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fuzz.c b/fuzz.c index 2ba35fbb..253156bc 100644 --- a/fuzz.c +++ b/fuzz.c @@ -123,12 +123,11 @@ static void fuzz_setDynamicMainState(run_t* run) { } /* - * If the initial fuzzing yielded no useful coverage, just add a single 1-byte file to the + * If the initial fuzzing yielded no useful coverage, just add a single empty file to the * dynamic corpus, so the dynamic phase doesn't fail because of lack of useful inputs */ if (run->global->io.dynfileqCnt == 0) { - const char* single_byte = run->global->cfg.only_printable ? " " : "\0"; - input_addDynamicInput(run->global, (const uint8_t*)single_byte, /* size= */ 1U, + input_addDynamicInput(run->global, (const uint8_t*)"", /* size= */ 0U, /* cov */ (uint64_t[4]){0, 0, 0, 0}, /* path= */ "[DYNAMIC]"); } snprintf(run->origFileName, sizeof(run->origFileName), "[DYNAMIC]"); -- cgit v1.2.3 From 93e285b944530e8b8658c18dcb6ed17b9c7fcb47 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 9 Oct 2019 23:51:25 +0200 Subject: input: make the locked piece of code smaller --- input.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/input.c b/input.c index f6321c87..f21f2370 100644 --- a/input.c +++ b/input.c @@ -405,13 +405,13 @@ void input_addDynamicInput( bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { struct dynfile_t* current = NULL; + if (ATOMIC_GET(run->global->io.dynfileqCnt) == 0) { + LOG_F("The dynamic file corpus is empty. This shouldn't happen"); + } + { MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); - if (run->global->io.dynfileqCnt == 0) { - LOG_F("The dynamic file corpus is empty. This shouldn't happen"); - } - if (run->global->io.dynfileqCurrent == NULL) { run->global->io.dynfileqCurrent = TAILQ_FIRST(&run->global->io.dynfileq); } -- cgit v1.2.3 From b2bf061ce3bbeb35df4a08ee448b41a7ac6a5b02 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 10 Oct 2019 17:13:29 +0200 Subject: examples/bind: add patch for 9.11.11 --- examples/bind/bind-9.11.11.patch | 487 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 487 insertions(+) create mode 100644 examples/bind/bind-9.11.11.patch diff --git a/examples/bind/bind-9.11.11.patch b/examples/bind/bind-9.11.11.patch new file mode 100644 index 00000000..c55968c1 --- /dev/null +++ b/examples/bind/bind-9.11.11.patch @@ -0,0 +1,487 @@ +diff -Nur ORIG.bind-9.11.11/bin/named/fuzz.c bind-9.11.11/bin/named/fuzz.c +--- ORIG.bind-9.11.11/bin/named/fuzz.c 2019-09-09 16:48:35.000000000 +0200 ++++ bind-9.11.11/bin/named/fuzz.c 2019-10-10 17:12:21.797312932 +0200 +@@ -36,10 +36,6 @@ + #include + #include + +-#ifndef __AFL_LOOP +-#error To use American Fuzzy Lop you have to set CC to afl-clang-fast!!! +-#endif +- + /* + * We are using pthreads directly because we might be using it with unthreaded + * version of BIND, where all thread functions are mocks. Since AFL for now only +@@ -317,7 +313,6 @@ + * It's here just for the signature, that's how AFL detects if it's + * a 'persistent mode' binary. + */ +- __AFL_LOOP(0); + + return (NULL); + } +@@ -433,6 +428,7 @@ + + void + named_fuzz_notify(void) { ++#if 0 + #ifdef ENABLE_AFL + if (getenv("AFL_CMIN")) { + ns_server_flushonshutdown(ns_g_server, false); +@@ -440,7 +436,9 @@ + return; + } + ++#if 0 + raise(SIGSTOP); ++#endif + + RUNTIME_CHECK(pthread_mutex_lock(&mutex) == 0); + +@@ -449,12 +447,12 @@ + RUNTIME_CHECK(pthread_cond_signal(&cond) == 0); + RUNTIME_CHECK(pthread_mutex_unlock(&mutex) == 0); + #endif /* ENABLE_AFL */ ++#endif + } + + void + named_fuzz_setup(void) { +-#ifdef ENABLE_AFL +- if (getenv("__AFL_PERSISTENT") || getenv("AFL_CMIN")) { ++#if 0 + pthread_t thread; + void *(fn) = NULL; + +@@ -478,6 +476,5 @@ + RUNTIME_CHECK(pthread_mutex_init(&mutex, NULL) == 0); + RUNTIME_CHECK(pthread_cond_init(&cond, NULL) == 0); + RUNTIME_CHECK(pthread_create(&thread, NULL, fn, NULL) == 0); +- } + #endif /* ENABLE_AFL */ + } +diff -Nur ORIG.bind-9.11.11/bin/named/main.c bind-9.11.11/bin/named/main.c +--- ORIG.bind-9.11.11/bin/named/main.c 2019-09-09 16:48:35.000000000 +0200 ++++ bind-9.11.11/bin/named/main.c 2019-10-10 17:12:14.509316056 +0200 +@@ -1401,13 +1401,288 @@ + } + #endif /* HAVE_LIBSCF */ + ++ ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static void enter_namespaces(void) ++{ ++ if (linuxEnterNs(CLONE_NEWUSER | CLONE_NEWNET | CLONE_NEWNS | CLONE_NEWIPC) == false) { ++ exit(1); ++ } ++ if (linuxIfaceUp("lo") == false) { ++ exit(1); ++ } ++ if (linuxMountTmpfs("/tmp") == false) { ++ exit(1); ++ } ++} ++ ++static size_t rlen = 0; ++static const uint8_t* rbuf = NULL; ++ ++__attribute__((no_sanitize("memory"))) ++__attribute__((no_sanitize("address"))) static void* ++bind_thr(void* unused __attribute__((unused))) ++{ ++ while (!ns_g_run_done) { ++ usleep(100000); ++ } ++ ++ int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); ++ if (myfd == -1) { ++ perror("socket"); ++ exit(1); ++ } ++ int val = 1; ++ if (setsockopt(myfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) { ++ perror("setsockopt(SO_REUSEADDR)"); ++ } ++ ++ const struct sockaddr_in saddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(53), ++ .sin_addr.s_addr = inet_addr("127.0.0.2"), ++ }; ++ if (bind(myfd, &saddr, sizeof(saddr)) == -1) { ++ perror("bind"); ++ exit(1); ++ } ++ ++ if (listen(myfd, SOMAXCONN) == -1) { ++ perror("listen"); ++ exit(1); ++ } ++ ++ for (;;) { ++ struct sockaddr_in cli; ++ socklen_t cli_len = sizeof(cli); ++ ++ int nfd = accept(myfd, &cli, &cli_len); ++ if (nfd == -1) { ++ perror("accept"); ++ exit(1); ++ } ++ ++ static char b[1024 * 1024]; ++ ssize_t sz = recv(nfd, b, sizeof(b), 0); ++ if (sz <= 0) { ++ perror("recv"); ++ _exit(1); ++ } ++ if (sz < 4) { ++ close(nfd); ++ continue; ++ } ++ if (rlen < 1) { ++ close(nfd); ++ continue; ++ } ++ ++ /* It's a response, so set QR bit to 1 */ ++ uint8_t qr = rbuf[0] | 0x80; ++ ++ uint16_t t_l = htons(rlen + 2); ++ const struct iovec iov[] = { ++ { ++ .iov_base = &t_l, ++ .iov_len = sizeof(t_l), ++ }, ++ { ++ .iov_base = &b[2], ++ .iov_len = 2, ++ }, ++ { ++ .iov_base = &qr, ++ .iov_len = 1, ++ }, ++ { ++ .iov_base = (void*)&rbuf[1], ++ .iov_len = rlen - 1, ++ }, ++ }; ++ ++ if (writev(nfd, iov, 4) == -1) { ++ perror("writev() failed"); ++ } ++ ++ close(nfd); ++ } ++ ++ return NULL; ++} ++ ++static void rndloop(int sock) ++{ ++ const struct sockaddr_in bsaddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(0), ++ .sin_addr.s_addr = htonl((((uint32_t)util_rnd64()) & 0x00FFFFFF) | 0x7F000000), ++ }; ++ if (bind(sock, (const struct sockaddr*)&bsaddr, sizeof(bsaddr)) == -1) { ++ perror("bind"); ++ } ++} ++ ++__attribute__((no_sanitize("memory"))) ++__attribute__((no_sanitize("address"))) static void* ++connect_thr(void* unused __attribute__((unused))) ++{ ++ while (!ns_g_run_done) { ++ usleep(100000); ++ } ++ ++ for (;;) { ++ int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); ++ if (myfd == -1) { ++ perror("socket"); ++ exit(1); ++ } ++ int val = 1; ++ if (setsockopt(myfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) { ++ perror("setsockopt(SO_REUSEADDR)"); ++ } ++ ++ rndloop(myfd); ++ ++ const struct sockaddr_in saddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(53), ++ .sin_addr.s_addr = htonl(INADDR_LOOPBACK), ++ }; ++ if (connect(myfd, &saddr, sizeof(saddr)) == -1) { ++ close(myfd); ++ continue; ++ } ++ ++ const uint8_t* buf; ++ size_t len; ++ ++ if (ns_g_fuzz_type == ns_fuzz_client) { ++ HF_ITER(&buf, &len); ++ ++ rlen = 0; ++ rbuf = NULL; ++ ++ if (len < 32) { ++ close(myfd); ++ continue; ++ } ++ ++ uint32_t tmplen = *((const uint32_t*)buf); ++ ++ buf = &buf[sizeof(uint32_t)]; ++ len -= sizeof(uint32_t); ++ ++ tmplen %= len; ++ ++ rbuf = &buf[tmplen]; ++ rlen = len - tmplen; ++ len = tmplen; ++ } else { ++ static const uint8_t qbuf[] = { ++ 0x88, 0x0c, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x01, 0x0a, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, ++ 0x61, 0x61, 0x61, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, ++ 0x65, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x29, 0x10, ++ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00 ++ }; ++ buf = qbuf; ++ len = sizeof(qbuf); ++ HF_ITER(&rbuf, &rlen); ++ } ++ ++ uint16_t t_l = htons(len); ++ const struct iovec iov[] = { ++ { ++ .iov_base = &t_l, ++ .iov_len = sizeof(t_l), ++ }, ++ { ++ .iov_base = (void*)buf, ++ .iov_len = len, ++ }, ++ }; ++ ++ if (writev(myfd, iov, 2) == -1) { ++ perror("write"); ++ close(myfd); ++ continue; ++ } ++ ++ if (shutdown(myfd, SHUT_WR) == -1) { ++ if (errno == ENOTCONN) { ++ close(myfd); ++ continue; ++ } ++ perror("shutdown"); ++ _exit(1); ++ } ++ ++ uint8_t b[1024 * 512]; ++ while (recv(myfd, b, sizeof(b), 0) > 0) ++ ; ++ close(myfd); ++ } ++} ++ ++static void launch_thr(void) ++{ ++ pthread_attr_t attr; ++ pthread_attr_init(&attr); ++ pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); ++ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); ++ ++ pthread_t t; ++ if (pthread_create(&t, &attr, bind_thr, NULL) < 0) { ++ perror("pthread_create(bind_thr)"); ++ exit(1); ++ } ++ ++ pthread_attr_init(&attr); ++ pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); ++ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); ++ if (pthread_create(&t, &attr, connect_thr, NULL) < 0) { ++ perror("pthread_create(connect_thr)"); ++ exit(1); ++ } ++} ++ + /* main entry point, possibly hooked */ + +-int +-main(int argc, char *argv[]) { +- isc_result_t result; ++int main(int argc, char* argv[]) ++{ ++ if (!getenv("NO_FUZZ")) { ++ ns_g_fuzz_named_addr = "127.0.0.1:53"; ++ ns_g_fuzz_type = ns_fuzz_client; ++ enter_namespaces(); ++ launch_thr(); ++ } ++ ++ isc_result_t result; + #ifdef HAVE_LIBSCF +- char *instance = NULL; ++ char *instance = NULL; + #endif + + #ifdef HAVE_GPERFTOOLS_PROFILER +diff -Nur ORIG.bind-9.11.11/compile.sh bind-9.11.11/compile.sh +--- ORIG.bind-9.11.11/compile.sh 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.11.11/compile.sh 2019-10-10 17:01:02.537600110 +0200 +@@ -0,0 +1,20 @@ ++#!/bin/sh ++ ++set -ex ++ ++export CC="$HOME"/src/honggfuzz/hfuzz_cc/hfuzz-clang ++export CXX="$HOME"/src/honggfuzz/hfuzz_cc/hfuzz-clang++ ++export CFLAGS="-fsanitize=address -Wno-shift-negative-value -Wno-logical-not-parentheses -g -ggdb -O0 -D__AFL_COMPILER" ++./configure \ ++ --prefix="$HOME"/fuzz/bind/dist/ \ ++ --without-gssapi \ ++ --disable-chroot \ ++ --disable-linux-caps \ ++ --without-libtool \ ++ --enable-epoll \ ++ --enable-fuzzing=afl \ ++ --disable-backtrace \ ++ --with-openssl=yes ++ ++make clean ++make -j$(nproc) +diff -Nur ORIG.bind-9.11.11/lib/dns/request.c bind-9.11.11/lib/dns/request.c +--- ORIG.bind-9.11.11/lib/dns/request.c 2019-09-09 16:48:35.000000000 +0200 ++++ bind-9.11.11/lib/dns/request.c 2019-10-10 16:58:01.385685064 +0200 +@@ -749,8 +749,8 @@ + isc_result_t result; + isc_mem_t *mctx; + dns_messageid_t id; +- bool tcp = false; +- bool newtcp = false; ++ bool tcp = true; ++ bool newtcp = true; + bool share = false; + isc_region_t r; + bool connected = false; +@@ -997,6 +997,8 @@ + REQUIRE(requestp != NULL && *requestp == NULL); + REQUIRE(timeout > 0); + ++ options |= DNS_REQUESTOPT_TCP; ++ + mctx = requestmgr->mctx; + + req_log(ISC_LOG_DEBUG(3), "dns_request_createvia"); +@@ -1140,11 +1142,13 @@ + req_render(dns_message_t *message, isc_buffer_t **bufferp, + unsigned int options, isc_mem_t *mctx) + { ++ options |= DNS_REQUESTOPT_TCP; ++ + isc_buffer_t *buf1 = NULL; + isc_buffer_t *buf2 = NULL; + isc_result_t result; + isc_region_t r; +- bool tcp = false; ++ bool tcp = true; + dns_compress_t cctx; + bool cleanup_cctx = false; + +diff -Nur ORIG.bind-9.11.11/lib/dns/resolver.c bind-9.11.11/lib/dns/resolver.c +--- ORIG.bind-9.11.11/lib/dns/resolver.c 2019-09-09 16:48:35.000000000 +0200 ++++ bind-9.11.11/lib/dns/resolver.c 2019-10-10 16:46:22.370051194 +0200 +@@ -1691,6 +1691,7 @@ + } + query->mctx = fctx->mctx; + query->options = options; ++ query->options = options | DNS_FETCHOPT_TCP; + query->attributes = 0; + query->sends = 0; + query->connects = 0; +diff -Nur ORIG.bind-9.11.11/lib/isc/random.c bind-9.11.11/lib/isc/random.c +--- ORIG.bind-9.11.11/lib/isc/random.c 2019-09-09 16:48:35.000000000 +0200 ++++ bind-9.11.11/lib/isc/random.c 2019-10-10 16:51:36.281886984 +0200 +@@ -126,6 +126,9 @@ + + void + isc_random_get(uint32_t *val) { ++ *val = 1; ++ return; ++ + REQUIRE(val != NULL); + + initialize(); +@@ -153,6 +156,8 @@ + + uint32_t + isc_random_jitter(uint32_t max, uint32_t jitter) { ++ return 1; ++ + uint32_t rnd; + + REQUIRE(jitter < max || (jitter == 0 && max == 0)); +@@ -306,6 +311,7 @@ + + static inline uint16_t + chacha_getuint16(isc_rng_t *rng) { ++ return 1; + uint16_t val; + + REQUIRE(VALID_RNG(rng)); +@@ -364,6 +370,8 @@ + + uint16_t + isc_rng_random(isc_rng_t *rng) { ++ return 1; ++ + uint16_t result; + + REQUIRE(VALID_RNG(rng)); +@@ -382,6 +390,7 @@ + + uint16_t + isc_rng_uniformrandom(isc_rng_t *rng, uint16_t upper_bound) { ++ + uint16_t min, r; + + REQUIRE(VALID_RNG(rng)); +@@ -389,6 +398,8 @@ + if (upper_bound < 2) + return (0); + ++ return 1; ++ + /* + * Ensure the range of random numbers [min, 0xffff] be a multiple of + * upper_bound and contain at least a half of the 16 bit range. -- cgit v1.2.3 From 927055ec1eb4d8e2c74c628746f979c7b2d2160e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 12 Oct 2019 00:19:43 +0200 Subject: sanitizer-coverage-level seems to be sancov option only --- hfuzz_cc/hfuzz-cc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 57827608..d23116a6 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -313,7 +313,7 @@ static void commonOpts(int* j, char** args) { args[(*j)++] = "-Wno-unused-command-line-argument"; args[(*j)++] = "-fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div,indirect-calls"; args[(*j)++] = "-mllvm"; - args[(*j)++] = "-sanitizer-coverage-level=3"; + args[(*j)++] = "-sanitizer-coverage-prune-blocks=1"; } /* -- cgit v1.2.3 From 5aa9892e3fad268e093e5d642d48474fa83b1fe3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 14 Oct 2019 01:36:15 +0200 Subject: examples/openssl: assume TLS1_3_VERSION is defined everywhere --- examples/openssl/client.c | 2 -- examples/openssl/server.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/examples/openssl/client.c b/examples/openssl/client.c index e2d7a636..91cd3bc3 100644 --- a/examples/openssl/client.c +++ b/examples/openssl/client.c @@ -556,10 +556,8 @@ int LLVMFuzzerInitialize(int* argc, char*** argv) { #endif /* defined(HF_SSL_IS_BORINGSSL) */ SSL_CTX_set_ecdh_auto(ctx, 1); -#if defined(TLS1_3_VERSION) SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION); SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); -#endif /* defined(TLS1_3_VERSION) */ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH); SSL_CTX_set_timeout(ctx, 3); diff --git a/examples/openssl/server.c b/examples/openssl/server.c index 17426e1f..3fd15b42 100644 --- a/examples/openssl/server.c +++ b/examples/openssl/server.c @@ -612,10 +612,8 @@ int LLVMFuzzerInitialize(int* argc, char*** argv) { SSL_CTX_set_alpn_select_cb(ctx, alpn_callback, NULL); SSL_CTX_set_next_protos_advertised_cb(ctx, npn_callback, NULL); SSL_CTX_set_ecdh_auto(ctx, 1); -#if defined(TLS1_3_VERSION) SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION); SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); -#endif /* defined(TLS1_3_VERSION) */ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH); SSL_CTX_set_timeout(ctx, 3); -- cgit v1.2.3 From 252245f141e31ea54a7de26f022a3f10941a53d2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 17 Oct 2019 16:24:43 +0200 Subject: Readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 911e0e29..1c09d6b1 100644 --- a/README.md +++ b/README.md @@ -113,7 +113,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__Owl__: a system for finding concurrency attacks](https://github.com/hku-systems/owl) * [__honggfuzz-docker-apps__](https://github.com/skysider/honggfuzz_docker_apps) * [__FFW - Fuzzing For Worms__](https://github.com/dobin/ffw) - * [__honggfuzz-rs__: fuzzing Rust with Honggfuzz](https://github.com/rust-fuzz/honggfuzz-rs) + * [__honggfuzz-rs__: fuzzing Rust with Honggfuzz](https://docs.rs/honggfuzz/) * [__roughenough-fuzz__](https://github.com/int08h/roughenough-fuzz) * [__Monkey__: a HTTP server](https://github.com/monkey/monkey/blob/master/FUZZ.md) * [__Killerbeez API__](https://github.com/grimm-co/killerbeez-mutators) -- cgit v1.2.3 From 47fe879255d3b1caac17f188c68fa6f1d6684b9d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 18 Oct 2019 19:51:19 +0200 Subject: mangle: add mangle_Resize explicity --- mangle.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mangle.c b/mangle.c index 1245bc53..1b88494a 100644 --- a/mangle.c +++ b/mangle.c @@ -621,6 +621,7 @@ void mangle_mangleContent(run_t* run) { mangle_Expand, mangle_Shrink, mangle_ASCIIVal, + mangle_Resize, }; if (run->mutationsPerRun == 0U) { -- cgit v1.2.3 From 8c13ae045d2abca38b07589539c3e9c7ff20ed9e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 20 Oct 2019 14:35:05 +0200 Subject: mangle: don't change filesz in 50% of cases --- mangle.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mangle.c b/mangle.c index 1b88494a..c69d5fb0 100644 --- a/mangle.c +++ b/mangle.c @@ -561,7 +561,7 @@ static void mangle_Shrink(run_t* run, bool printable HF_ATTR_UNUSED) { static void mangle_Resize(run_t* run, bool printable) { size_t oldsz = run->dynamicFileSz; - uint64_t v = util_rndGet(0, 16); + uint64_t v = util_rndGet(0, 32); ssize_t newsz = 0; switch (v) { @@ -574,6 +574,9 @@ static void mangle_Resize(run_t* run, bool printable) { case 9 ... 16: newsz = oldsz + 8 - v; break; + case 17 ... 32: + newsz = run->dynamicFileSz; + break; default: LOG_F("Illegal value from util_rndGet: %" PRIu64, v); break; @@ -621,7 +624,6 @@ void mangle_mangleContent(run_t* run) { mangle_Expand, mangle_Shrink, mangle_ASCIIVal, - mangle_Resize, }; if (run->mutationsPerRun == 0U) { -- cgit v1.2.3 From e7d3dab29d32563ec803600d1a0f7ea6288cfbf5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 21 Oct 2019 14:10:54 +0200 Subject: mangle: use mangle_Resize --- mangle.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mangle.c b/mangle.c index c69d5fb0..3ef3c0d8 100644 --- a/mangle.c +++ b/mangle.c @@ -624,6 +624,7 @@ void mangle_mangleContent(run_t* run) { mangle_Expand, mangle_Shrink, mangle_ASCIIVal, + mangle_Resize, }; if (run->mutationsPerRun == 0U) { -- cgit v1.2.3 From c320ffad8dac4c920de6ac2b8e41b9fe7835cfc8 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 21 Oct 2019 14:12:43 +0200 Subject: mangle: use oldsz instead of run->dynamicFileSz --- mangle.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mangle.c b/mangle.c index 3ef3c0d8..97240e27 100644 --- a/mangle.c +++ b/mangle.c @@ -575,7 +575,7 @@ static void mangle_Resize(run_t* run, bool printable) { newsz = oldsz + 8 - v; break; case 17 ... 32: - newsz = run->dynamicFileSz; + newsz = oldsz; break; default: LOG_F("Illegal value from util_rndGet: %" PRIu64, v); -- cgit v1.2.3 From 074b52764ae3eade85073e6633091c7d4a99dd19 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 21 Oct 2019 14:17:39 +0200 Subject: mangle: change file size by bigger values --- mangle.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/mangle.c b/mangle.c index 97240e27..e7149ef1 100644 --- a/mangle.c +++ b/mangle.c @@ -561,20 +561,20 @@ static void mangle_Shrink(run_t* run, bool printable HF_ATTR_UNUSED) { static void mangle_Resize(run_t* run, bool printable) { size_t oldsz = run->dynamicFileSz; - uint64_t v = util_rndGet(0, 32); + uint64_t v = util_rndGet(0, 512); ssize_t newsz = 0; switch (v) { case 0: newsz = (ssize_t)util_rndGet(1, run->global->mutate.maxFileSz); break; - case 1 ... 8: + case 1 ... 128: newsz = oldsz + v; break; - case 9 ... 16: - newsz = oldsz + 8 - v; + case 129 ... 256: + newsz = oldsz + 128 - v; break; - case 17 ... 32: + case 257 ... 512: newsz = oldsz; break; default: -- cgit v1.2.3 From b6305c5b5f3689462ada0007473118aa4310cf67 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 21 Oct 2019 16:06:03 +0200 Subject: input: free dictionary after use --- honggfuzz.c | 3 +++ input.c | 9 +++++++++ input.h | 1 + 3 files changed, 13 insertions(+) diff --git a/honggfuzz.c b/honggfuzz.c index daf599d5..feb6523f 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -379,6 +379,9 @@ int main(int argc, char** argv) { if (hfuzz.feedback.blacklist) { free(hfuzz.feedback.blacklist); } + if (hfuzz.mutate.dictionaryCnt) { + input_freeDictionary(&hfuzz); + } #if defined(_HF_ARCH_LINUX) if (hfuzz.linux.symsBl) { free(hfuzz.linux.symsBl); diff --git a/input.c b/input.c index f21f2370..9f573f8e 100644 --- a/input.c +++ b/input.c @@ -256,6 +256,15 @@ bool input_parseDictionary(honggfuzz_t* hfuzz) { return true; } +void input_freeDictionary(honggfuzz_t* hfuzz) { + while (!TAILQ_EMPTY(&hfuzz->mutate.dictq)) { + struct strings_t* str = TAILQ_FIRST(&hfuzz->mutate.dictq); + TAILQ_REMOVE(&hfuzz->mutate.dictq, str, pointers); + free(str); + hfuzz->mutate.dictionaryCnt--; + } +} + bool input_parseBlacklist(honggfuzz_t* hfuzz) { FILE* fBl = fopen(hfuzz->feedback.blacklistFile, "rb"); if (fBl == NULL) { diff --git a/input.h b/input.h index 3f4cab40..a8e330c5 100644 --- a/input.h +++ b/input.h @@ -32,6 +32,7 @@ extern void input_setSize(run_t* run, size_t sz); extern bool input_getNext(run_t* run, char fname[PATH_MAX], bool rewind); extern bool input_init(honggfuzz_t* hfuzz); extern bool input_parseDictionary(honggfuzz_t* hfuzz); +extern void input_freeDictionary(honggfuzz_t* hfuzz); extern bool input_parseBlacklist(honggfuzz_t* hfuzz); extern bool input_writeCovFile(const char* dir, const uint8_t* data, size_t len); extern void input_addDynamicInput( -- cgit v1.2.3 From 55f9ded0cb52f5fbb9d198967f43a2ab0da76658 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 22 Oct 2019 17:07:32 +0200 Subject: mangle: simplify mangle_Resize --- mangle.c | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/mangle.c b/mangle.c index e7149ef1..9129463d 100644 --- a/mangle.c +++ b/mangle.c @@ -560,25 +560,31 @@ static void mangle_Shrink(run_t* run, bool printable HF_ATTR_UNUSED) { } static void mangle_Resize(run_t* run, bool printable) { - size_t oldsz = run->dynamicFileSz; - uint64_t v = util_rndGet(0, 512); + ssize_t oldsz = run->dynamicFileSz; ssize_t newsz = 0; - switch (v) { - case 0: + uint64_t choice = util_rndGet(0, 12); + switch (choice) { + case 0 ... 7: /* Do nothing */ + newsz = oldsz; + break; + case 8: /* Set new size arbitrarily */ newsz = (ssize_t)util_rndGet(1, run->global->mutate.maxFileSz); break; - case 1 ... 128: - newsz = oldsz + v; + case 9: /* Increase size by a small value */ + newsz = oldsz + (ssize_t)util_rndGet(1, 8); break; - case 129 ... 256: - newsz = oldsz + 128 - v; + case 10: /* Increase size by a larger value */ + newsz = oldsz + (ssize_t)util_rndGet(9, 128); break; - case 257 ... 512: - newsz = oldsz; + case 11: /* Decrease size by a small value */ + newsz = oldsz - (ssize_t)util_rndGet(1, 8); + break; + case 12: /* Decrease size by a larger value */ + newsz = oldsz - (ssize_t)util_rndGet(9, 128); break; default: - LOG_F("Illegal value from util_rndGet: %" PRIu64, v); + LOG_F("Illegal value from util_rndGet: %" PRIu64, choice); break; } if (newsz < 1) { @@ -589,7 +595,7 @@ static void mangle_Resize(run_t* run, bool printable) { } input_setSize(run, (size_t)newsz); - if (newsz > (ssize_t)oldsz) { + if (newsz > oldsz) { if (printable) { util_rndBufPrintable(&run->dynamicFile[oldsz], newsz - oldsz); } else { -- cgit v1.2.3 From c78a41293a95391a3a5cdb9e78391f689c378f38 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 23 Oct 2019 22:19:03 +0200 Subject: examples/jpeg: change libjpg example a bit --- examples/libjpeg/persistent-jpeg.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/examples/libjpeg/persistent-jpeg.c b/examples/libjpeg/persistent-jpeg.c index 00bfc1ea..6e41bc56 100644 --- a/examples/libjpeg/persistent-jpeg.c +++ b/examples/libjpeg/persistent-jpeg.c @@ -35,7 +35,7 @@ static const char* const cdjpeg_message_table[] = { #include "cderror.h" NULL}; -static uint64_t max_total_pixels = 1000000000ULL; /* 1G */ +static uint64_t max_hv_size = 10000; int LLVMFuzzerInitialize(int* argc, char*** argv) { null_fd = open("/dev/null", O_WRONLY); @@ -50,7 +50,7 @@ int LLVMFuzzerInitialize(int* argc, char*** argv) { /* If there are any arguments provided, limit width*height to this value */ if (*argc > 1) { - max_total_pixels = strtoull((*argv)[1], NULL, 0); + max_hv_size = strtoull((*argv)[1], NULL, 0); } return 0; } @@ -65,7 +65,10 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { /* Limit total number of pixels to decode to 50M */ uint64_t total_pix = (uint64_t)cinfo.output_height * (uint64_t)cinfo.output_width; - if (total_pix > max_total_pixels) { + if ((uint64_t)cinfo.output_height > max_hv_size) { + goto out; + } + if ((uint64_t)cinfo.output_width > max_hv_size) { goto out; } -- cgit v1.2.3 From 2825c9496978ab6d2a620da3e1399d7d4dbdbbd5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 23 Oct 2019 22:20:10 +0200 Subject: examples/jpeg: change libjpg example a bit #2 --- examples/libjpeg/persistent-jpeg.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/examples/libjpeg/persistent-jpeg.c b/examples/libjpeg/persistent-jpeg.c index 6e41bc56..80142271 100644 --- a/examples/libjpeg/persistent-jpeg.c +++ b/examples/libjpeg/persistent-jpeg.c @@ -63,8 +63,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { jpeg_mem_src(&cinfo, buf, len); jpeg_read_header(&cinfo, TRUE); - /* Limit total number of pixels to decode to 50M */ - uint64_t total_pix = (uint64_t)cinfo.output_height * (uint64_t)cinfo.output_width; + /* Make sure the picture's resultion is reasonable */ if ((uint64_t)cinfo.output_height > max_hv_size) { goto out; } @@ -72,6 +71,8 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { goto out; } + abort(); + cinfo.mem->max_memory_to_use = (1024ULL * 1024ULL * 1024ULL); cinfo.mem->max_alloc_chunk = (1024ULL * 1024ULL * 1024ULL); -- cgit v1.2.3 From 2d38d44777b31e27d227b7ac90e2a0a654dc8b7b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 23 Oct 2019 22:20:49 +0200 Subject: examples/jpeg: change libjpg example a bit #3 --- examples/libjpeg/persistent-jpeg.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/examples/libjpeg/persistent-jpeg.c b/examples/libjpeg/persistent-jpeg.c index 80142271..5e33efac 100644 --- a/examples/libjpeg/persistent-jpeg.c +++ b/examples/libjpeg/persistent-jpeg.c @@ -71,8 +71,6 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { goto out; } - abort(); - cinfo.mem->max_memory_to_use = (1024ULL * 1024ULL * 1024ULL); cinfo.mem->max_alloc_chunk = (1024ULL * 1024ULL * 1024ULL); -- cgit v1.2.3 From f3553b77a62be72d8dbef82c2fde3fd53f39739e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 25 Oct 2019 01:16:00 +0200 Subject: input: use calloc instead of malloc for dictionary entries --- input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/input.c b/input.c index 9f573f8e..6f1859c1 100644 --- a/input.c +++ b/input.c @@ -244,7 +244,7 @@ bool input_parseDictionary(honggfuzz_t* hfuzz) { LOG_D("Parsing word: '%s'", bufv); len = util_decodeCString(bufv); - struct strings_t* str = (struct strings_t*)util_Malloc(sizeof(struct strings_t) + len + 1); + struct strings_t* str = (struct strings_t*)util_Calloc(sizeof(struct strings_t) + len + 1); memcpy(str->s, bufv, len); str->len = len; hfuzz->mutate.dictionaryCnt++; -- cgit v1.2.3 From 059ac62d0c331dda2a07d50ae9ea195e3ba8ef03 Mon Sep 17 00:00:00 2001 From: "Yury V. Zaytsev" Date: Fri, 25 Oct 2019 23:41:40 +0200 Subject: Update PersistentFuzzing.md Fix code block formatting --- docs/PersistentFuzzing.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/PersistentFuzzing.md b/docs/PersistentFuzzing.md index 8dd13e53..7a8a05e6 100644 --- a/docs/PersistentFuzzing.md +++ b/docs/PersistentFuzzing.md @@ -14,13 +14,13 @@ Prepare a binary in the two following ways: Two functions must be provided ```c -int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)``` +int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) ```` and optionally ```c -int LLVMFuzzerInitialize(int *argc, char ***argv)``` +int LLVMFuzzerInitialize(int *argc, char ***argv) ``` ### Example (test.c): -- cgit v1.2.3 From dae3b697c1de7a495c028c334da09c5d05046138 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 26 Oct 2019 01:22:53 +0200 Subject: readme --- docs/PersistentFuzzing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/PersistentFuzzing.md b/docs/PersistentFuzzing.md index 7a8a05e6..f3907163 100644 --- a/docs/PersistentFuzzing.md +++ b/docs/PersistentFuzzing.md @@ -67,7 +67,7 @@ int main(void) { ### Compilation ```shell -$ hfuzz_cc/hfuzz-clang test.c -o test ~/honggfuzz/libfuzz/libfuzz.a +$ hfuzz_cc/hfuzz-clang test.c -o test ``` ## Fuzzing -- cgit v1.2.3 From c980deb15aa6d80cfef931a2150061b517fb5cbf Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 26 Oct 2019 23:21:36 +0200 Subject: readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1c09d6b1..bea3eff6 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [Crash in __MPV__](https://github.com/mpv-player/mpv/issues/6808) * [Heap buffer-overflow in __picoc__](https://gitlab.com/zsaleeba/picoc/issues/44) * Crashes in __OpenCOBOL__: [#1](https://sourceforge.net/p/open-cobol/bugs/586/), [#2](https://sourceforge.net/p/open-cobol/bugs/587/) + * DoS in __ProFTPD__: [#1](https://twitter.com/SecReLabs/status/1186548245553483783), [#2](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18217) * __Rust__: * panic() in regex [#1](https://github.com/rust-lang/regex/issues/464), [#2](https://github.com/rust-lang/regex/issues/465), [#3](https://github.com/rust-lang/regex/issues/465#issuecomment-381412816) * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) -- cgit v1.2.3 From 903d0712a90e71ed39ef219c040e03fedb24df56 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 26 Oct 2019 23:23:49 +0200 Subject: readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bea3eff6..e89633d1 100644 --- a/README.md +++ b/README.md @@ -126,7 +126,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__DeepState__: by Trail-of-Bits](https://github.com/trailofbits/deepstate) * [__DeepState__: by Trail-of-Bits](https://github.com/trailofbits/deepstate) * [__Quiche-HTTP/3__: by Cloudflare](https://github.com/cloudflare/quiche/pull/179) - * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) + * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) # Fuzzing examples -- cgit v1.2.3 From 9c005619a66e007cac65357f63f1d5bc310242f9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 26 Oct 2019 23:24:36 +0200 Subject: readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index e89633d1..ded51978 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,6 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__QDBI__: by Quarkslab](https://project.inria.fr/FranceJapanICST/files/2019/04/19-Kyoto-Fuzzing_Binaries_using_Dynamic_Instrumentation.pdf) * [__fuzzer-test-suite__: by Google](https://github.com/google/fuzzer-test-suite) * [__DeepState__: by Trail-of-Bits](https://github.com/trailofbits/deepstate) - * [__DeepState__: by Trail-of-Bits](https://github.com/trailofbits/deepstate) * [__Quiche-HTTP/3__: by Cloudflare](https://github.com/cloudflare/quiche/pull/179) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From 9f03228cb4e50bd6ae4e3f1a99914cb50d722bb2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 26 Oct 2019 23:33:23 +0200 Subject: readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ded51978..c1838bcb 100644 --- a/README.md +++ b/README.md @@ -125,6 +125,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__fuzzer-test-suite__: by Google](https://github.com/google/fuzzer-test-suite) * [__DeepState__: by Trail-of-Bits](https://github.com/trailofbits/deepstate) * [__Quiche-HTTP/3__: by Cloudflare](https://github.com/cloudflare/quiche/pull/179) + * [__Bolero__: fuzz and property testing framework](https://github.com/camshaft/bolero) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From 89f68fd6ca40c59dbb59df5ed41006ba26f9a58f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 26 Oct 2019 23:37:49 +0200 Subject: readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c1838bcb..e1caa252 100644 --- a/README.md +++ b/README.md @@ -92,6 +92,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [Heap buffer-overflow in __picoc__](https://gitlab.com/zsaleeba/picoc/issues/44) * Crashes in __OpenCOBOL__: [#1](https://sourceforge.net/p/open-cobol/bugs/586/), [#2](https://sourceforge.net/p/open-cobol/bugs/587/) * DoS in __ProFTPD__: [#1](https://twitter.com/SecReLabs/status/1186548245553483783), [#2](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18217) + * [Crash](https://github.com/Perl/perl5/issues/16468) in Perl5 * __Rust__: * panic() in regex [#1](https://github.com/rust-lang/regex/issues/464), [#2](https://github.com/rust-lang/regex/issues/465), [#3](https://github.com/rust-lang/regex/issues/465#issuecomment-381412816) * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) -- cgit v1.2.3 From 33037cc7233f483ecf1e471d19fef231192be651 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 26 Oct 2019 23:48:52 +0200 Subject: readme --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index e1caa252..989ea84d 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__PHP/Python/Ruby__](https://github.com/dyjakan/interpreter-bugs) * [PHP WDDX](https://bugs.php.net/bug.php?id=74145) * [PHP](https://bugs.php.net/bug.php?id=74194) - * [Perl](https://www.nntp.perl.org/group/perl.perl5.porters/2018/03/msg250072.html) + * [Perl]: [#1](https://www.nntp.perl.org/group/perl.perl5.porters/2018/03/msg250072.html), [#2](https://github.com/Perl/perl5/issues/16468), [#3](https://github.com/Perl/perl5/issues/16015) * [Double-free in __LibXMP__](https://github.com/cmatsuoka/libxmp/commit/bd1eb5cfcd802820073504c234c3f735e96c3355) * [Heap buffer overflow in SAPCAR • CVE-2017-8852](https://www.coresecurity.com/blog/sapcar-heap-buffer-overflow-crash-exploit) * [Crashes in __libbass__](http://seclists.org/oss-sec/2017/q4/185) @@ -92,7 +92,6 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [Heap buffer-overflow in __picoc__](https://gitlab.com/zsaleeba/picoc/issues/44) * Crashes in __OpenCOBOL__: [#1](https://sourceforge.net/p/open-cobol/bugs/586/), [#2](https://sourceforge.net/p/open-cobol/bugs/587/) * DoS in __ProFTPD__: [#1](https://twitter.com/SecReLabs/status/1186548245553483783), [#2](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18217) - * [Crash](https://github.com/Perl/perl5/issues/16468) in Perl5 * __Rust__: * panic() in regex [#1](https://github.com/rust-lang/regex/issues/464), [#2](https://github.com/rust-lang/regex/issues/465), [#3](https://github.com/rust-lang/regex/issues/465#issuecomment-381412816) * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) -- cgit v1.2.3 From 52bf711bba2bd159ca06fca8364524a84f22df08 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 26 Oct 2019 23:50:49 +0200 Subject: readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 989ea84d..bf606df6 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__PHP/Python/Ruby__](https://github.com/dyjakan/interpreter-bugs) * [PHP WDDX](https://bugs.php.net/bug.php?id=74145) * [PHP](https://bugs.php.net/bug.php?id=74194) - * [Perl]: [#1](https://www.nntp.perl.org/group/perl.perl5.porters/2018/03/msg250072.html), [#2](https://github.com/Perl/perl5/issues/16468), [#3](https://github.com/Perl/perl5/issues/16015) + * Perl: [#1](https://www.nntp.perl.org/group/perl.perl5.porters/2018/03/msg250072.html), [#2](https://github.com/Perl/perl5/issues/16468), [#3](https://github.com/Perl/perl5/issues/16015) * [Double-free in __LibXMP__](https://github.com/cmatsuoka/libxmp/commit/bd1eb5cfcd802820073504c234c3f735e96c3355) * [Heap buffer overflow in SAPCAR • CVE-2017-8852](https://www.coresecurity.com/blog/sapcar-heap-buffer-overflow-crash-exploit) * [Crashes in __libbass__](http://seclists.org/oss-sec/2017/q4/185) -- cgit v1.2.3 From 73bdbfeb32994b2b472c9f1ae47b20ced8dd0782 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 26 Oct 2019 23:57:59 +0200 Subject: readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index bf606df6..a67c09aa 100644 --- a/README.md +++ b/README.md @@ -126,6 +126,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__DeepState__: by Trail-of-Bits](https://github.com/trailofbits/deepstate) * [__Quiche-HTTP/3__: by Cloudflare](https://github.com/cloudflare/quiche/pull/179) * [__Bolero__: fuzz and property testing framework](https://github.com/camshaft/bolero) + * [__pwnmachine__](https://github.com/kapaw/pwnmachine/commit/9cbfc6f1f9547ed2d2a5d296f6d6cd8fac0bb7e1) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From acf9f2fddce98f997d33b2e95b9f7d150c055cbe Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 27 Oct 2019 01:33:47 +0200 Subject: hfuzz-cc: incorrect instrumentation for gcc --- hfuzz_cc/hfuzz-cc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index d23116a6..df985482 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -304,10 +304,10 @@ static void commonOpts(int* j, char** args) { if (isGCC) { if (useBelowGCC8()) { /* trace-pc is the best that gcc-6/7 currently offers */ - args[(*j)++] = "-fsanitize-coverage=trace-pc,trace-cmp"; + args[(*j)++] = "-fsanitize-coverage=trace-pc"; } else { /* gcc-8+ offers trace-cmp as well, but it's not that widely used yet */ - args[(*j)++] = "-fsanitize-coverage=trace-pc"; + args[(*j)++] = "-fsanitize-coverage=trace-pc,trace-cmp"; } } else { args[(*j)++] = "-Wno-unused-command-line-argument"; -- cgit v1.2.3 From b5ce28d5fcd09756b854be8fd04000991e028840 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 28 Oct 2019 23:38:13 +0100 Subject: readme --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index a67c09aa..3e94af0f 100644 --- a/README.md +++ b/README.md @@ -127,6 +127,9 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__Quiche-HTTP/3__: by Cloudflare](https://github.com/cloudflare/quiche/pull/179) * [__Bolero__: fuzz and property testing framework](https://github.com/camshaft/bolero) * [__pwnmachine__](https://github.com/kapaw/pwnmachine/commit/9cbfc6f1f9547ed2d2a5d296f6d6cd8fac0bb7e1) + * [__Quick700__](https://github.com/Quick700/Quick700) + * [__python-fuzz__](https://github.com/thebabush/python-hfuzz) + * [__Magma__: A Ground-Truth Fuzzing Benchmark](https://github.com/HexHive/magma) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From 16f7c711ff8adb210e4f36f394f66b6ed1861bbb Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 28 Oct 2019 23:53:54 +0100 Subject: readme --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3e94af0f..eea698fe 100644 --- a/README.md +++ b/README.md @@ -102,7 +102,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * crashes in rust-bitcoin/rust-lightning [#1](https://github.com/rust-bitcoin/rust-lightning/commit/a9aa3c37fe182dd266e0faebc788e0c9ee724783) * ... and more -# Projects utilizing Honggfuzz +# Projects which make use of Honggfuzz * [__QuickFuzz__ by CIFASIS](http://quickfuzz.org) * [__OSS-Fuzz__](https://github.com/google/oss-fuzz) @@ -130,6 +130,8 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__Quick700__](https://github.com/Quick700/Quick700) * [__python-fuzz__](https://github.com/thebabush/python-hfuzz) * [__Magma__: A Ground-Truth Fuzzing Benchmark](https://github.com/HexHive/magma) + * [__arbitrary-model-tests__: a procedural macro for testing stateful models](https://github.com/jakubadamw/arbitrary-model-tests) + * [__Clusterfuzz__: the fuzzing engine behind OSS-fuzz/Chrome-fuzzing](https://github.com/google/clusterfuzz/issues/1128) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From a369c32807f809c3da38f2f1417b528271c8a468 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 28 Oct 2019 23:55:50 +0100 Subject: readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index eea698fe..54b388ca 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__QuickFuzz__ by CIFASIS](http://quickfuzz.org) * [__OSS-Fuzz__](https://github.com/google/oss-fuzz) * [__Frog And Fuzz__](https://github.com/warsang/FrogAndFuzz/tree/develop) - * [dyjakan's __interpreters fuzzing__ project](https://github.com/dyjakan/interpreter-bugs) + * [__interpreters fuzzing__ by dyjakan](https://github.com/dyjakan/interpreter-bugs) * [__riufuzz__: honggfuzz with AFL-like UI](https://github.com/riusksk/riufuzz) * [__h2fuzz__: fuzzing Apache's HTTP/2 implementation](https://github.com/icing/h2fuzz) * [__honggfuzz-dharma__: honggfuzz with dharma grammar fuzzer](https://github.com/Sbouber/honggfuzz-dharma) @@ -129,7 +129,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__pwnmachine__](https://github.com/kapaw/pwnmachine/commit/9cbfc6f1f9547ed2d2a5d296f6d6cd8fac0bb7e1) * [__Quick700__](https://github.com/Quick700/Quick700) * [__python-fuzz__](https://github.com/thebabush/python-hfuzz) - * [__Magma__: A Ground-Truth Fuzzing Benchmark](https://github.com/HexHive/magma) + * [__Magma__: a ground-truth fuzzing benchmark](https://github.com/HexHive/magma) * [__arbitrary-model-tests__: a procedural macro for testing stateful models](https://github.com/jakubadamw/arbitrary-model-tests) * [__Clusterfuzz__: the fuzzing engine behind OSS-fuzz/Chrome-fuzzing](https://github.com/google/clusterfuzz/issues/1128) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) -- cgit v1.2.3 From 433b68f3724081b467b54a7ef8b62d08e3522c04 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 00:01:17 +0100 Subject: readme --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 54b388ca..0a6f1fd3 100644 --- a/README.md +++ b/README.md @@ -107,13 +107,13 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__QuickFuzz__ by CIFASIS](http://quickfuzz.org) * [__OSS-Fuzz__](https://github.com/google/oss-fuzz) * [__Frog And Fuzz__](https://github.com/warsang/FrogAndFuzz/tree/develop) - * [__interpreters fuzzing__ by dyjakan](https://github.com/dyjakan/interpreter-bugs) + * [__interpreters fuzzing__: by dyjakan](https://github.com/dyjakan/interpreter-bugs) * [__riufuzz__: honggfuzz with AFL-like UI](https://github.com/riusksk/riufuzz) * [__h2fuzz__: fuzzing Apache's HTTP/2 implementation](https://github.com/icing/h2fuzz) * [__honggfuzz-dharma__: honggfuzz with dharma grammar fuzzer](https://github.com/Sbouber/honggfuzz-dharma) * [__Owl__: a system for finding concurrency attacks](https://github.com/hku-systems/owl) * [__honggfuzz-docker-apps__](https://github.com/skysider/honggfuzz_docker_apps) - * [__FFW - Fuzzing For Worms__](https://github.com/dobin/ffw) + * [__FFW__: Fuzzing For Worms](https://github.com/dobin/ffw) * [__honggfuzz-rs__: fuzzing Rust with Honggfuzz](https://docs.rs/honggfuzz/) * [__roughenough-fuzz__](https://github.com/int08h/roughenough-fuzz) * [__Monkey__: a HTTP server](https://github.com/monkey/monkey/blob/master/FUZZ.md) @@ -132,6 +132,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__Magma__: a ground-truth fuzzing benchmark](https://github.com/HexHive/magma) * [__arbitrary-model-tests__: a procedural macro for testing stateful models](https://github.com/jakubadamw/arbitrary-model-tests) * [__Clusterfuzz__: the fuzzing engine behind OSS-fuzz/Chrome-fuzzing](https://github.com/google/clusterfuzz/issues/1128) + * [__Apache HTTP Server__](https://github.com/apache/httpd/commit/d7328a07d7d293deb5ce62a60c2ce6029104ebad) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From 054881b72f4f8ed18d4684454f389a697a0d7055 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 00:13:04 +0100 Subject: readme --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 0a6f1fd3..ea826edd 100644 --- a/README.md +++ b/README.md @@ -133,6 +133,10 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__arbitrary-model-tests__: a procedural macro for testing stateful models](https://github.com/jakubadamw/arbitrary-model-tests) * [__Clusterfuzz__: the fuzzing engine behind OSS-fuzz/Chrome-fuzzing](https://github.com/google/clusterfuzz/issues/1128) * [__Apache HTTP Server__](https://github.com/apache/httpd/commit/d7328a07d7d293deb5ce62a60c2ce6029104ebad) + * [__centos-fuzz__](https://github.com/truelq/centos-fuzz) + * [__FLUFFI__: Fully Localized Utility For Fuzzing Instantaneously by Siemens](https://github.com/siemens/fluffi) + * [__Fluent Bit__: a fast log processor and forwarder for Linux](https://github.com/fluent/fluent-bit/search?q=honggfuzz&unscoped_q=honggfuzz) + * [__Samba__: a SMB server](https://github.com/samba-team/samba/blob/2a90202052558c945e02675d1331e65aeb15f9fa/lib/fuzzing/README.md) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From 6b8a5d9df187348cc107c5be22a1522d19556739 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 00:22:36 +0100 Subject: readme --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index ea826edd..993f1334 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [CVE-2010-2519](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2519) * [CVE-2010-2520](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2520) * [CVE-2010-2527](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2527) + * [Stack corruption in the Windows OpenType parser](https://github.com/xinali/AfdkoFuzz/blob/master/CVE-2019-1117/README.md) * [Infinite loop in __NGINX Unit__](https://github.com/nginx/unit/commit/477e8177b70acb694759e62d830b8a311a736324) * A couple of problems in the [__MATLAB MAT File I/O Library__](https://sourceforge.net/projects/matio): [#1](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#2](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#3](https://github.com/tbeu/matio/commit/a55b9c2c01582b712d5a643699a13b5c41687db1), [#4](https://github.com/tbeu/matio/commit/3e6283f37652e29e457ab9467f7738a562594b6b), [#5](https://github.com/tbeu/matio/commit/783ee496a6914df68e77e6019054ad91e8ed6420) * [Samba's tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206) @@ -137,6 +138,9 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__FLUFFI__: Fully Localized Utility For Fuzzing Instantaneously by Siemens](https://github.com/siemens/fluffi) * [__Fluent Bit__: a fast log processor and forwarder for Linux](https://github.com/fluent/fluent-bit/search?q=honggfuzz&unscoped_q=honggfuzz) * [__Samba__: a SMB server](https://github.com/samba-team/samba/blob/2a90202052558c945e02675d1331e65aeb15f9fa/lib/fuzzing/README.md) + * [__universal-fuzzing-docker__: by nnamon](https://github.com/nnamon/universal-fuzzing-docker) + * [__orion__: a monorepo for building and publishing multiple Docker containers as microservices by Mozilla Security](https://github.com/MozillaSecurity/orion/search?q=honggfuzz&unscoped_q=honggfuzz) + * [__Canokey Core__: core implementations of an open-source secure key](https://github.com/canokeys/canokey-core/search?q=honggfuzz&unscoped_q=honggfuzz) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From dbc396c2e9dca1470f5b515f5354495dff3ba9b4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 00:24:02 +0100 Subject: readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 993f1334..d99aef5a 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [CVE-2010-2519](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2519) * [CVE-2010-2520](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2520) * [CVE-2010-2527](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2527) - * [Stack corruption in the Windows OpenType parser](https://github.com/xinali/AfdkoFuzz/blob/master/CVE-2019-1117/README.md) + * Stack corruption in the Windows OpenType parser: [#1](https://github.com/xinali/AfdkoFuzz/blob/master/CVE-2019-1117/README.md), [#2](https://github.com/xinali/AfdkoFuzz/tree/f6d6562dd19403cc5a1f8cef603ee69425b68b20/CVE-2019-1118) * [Infinite loop in __NGINX Unit__](https://github.com/nginx/unit/commit/477e8177b70acb694759e62d830b8a311a736324) * A couple of problems in the [__MATLAB MAT File I/O Library__](https://sourceforge.net/projects/matio): [#1](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#2](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#3](https://github.com/tbeu/matio/commit/a55b9c2c01582b712d5a643699a13b5c41687db1), [#4](https://github.com/tbeu/matio/commit/3e6283f37652e29e457ab9467f7738a562594b6b), [#5](https://github.com/tbeu/matio/commit/783ee496a6914df68e77e6019054ad91e8ed6420) * [Samba's tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206) -- cgit v1.2.3 From 215f3ee72f0e6d667a09f695e37505e346abac95 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 00:25:20 +0100 Subject: readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d99aef5a..c3b9de53 100644 --- a/README.md +++ b/README.md @@ -141,6 +141,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__universal-fuzzing-docker__: by nnamon](https://github.com/nnamon/universal-fuzzing-docker) * [__orion__: a monorepo for building and publishing multiple Docker containers as microservices by Mozilla Security](https://github.com/MozillaSecurity/orion/search?q=honggfuzz&unscoped_q=honggfuzz) * [__Canokey Core__: core implementations of an open-source secure key](https://github.com/canokeys/canokey-core/search?q=honggfuzz&unscoped_q=honggfuzz) + * [__uberfuzz2__: a cooperative fuzzing framework](https://github.com/acidghost/uberfuzz2) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From 4653c595059d2188e49dbb6d72b72da5bfb06492 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 00:26:42 +0100 Subject: readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c3b9de53..0985b3d5 100644 --- a/README.md +++ b/README.md @@ -142,6 +142,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__orion__: a monorepo for building and publishing multiple Docker containers as microservices by Mozilla Security](https://github.com/MozillaSecurity/orion/search?q=honggfuzz&unscoped_q=honggfuzz) * [__Canokey Core__: core implementations of an open-source secure key](https://github.com/canokeys/canokey-core/search?q=honggfuzz&unscoped_q=honggfuzz) * [__uberfuzz2__: a cooperative fuzzing framework](https://github.com/acidghost/uberfuzz2) + * [__TiKV__: a distributed transactional key-value database](https://github.com/tikv/tikv/tree/99a922564face31bdb59b5b38962339f79e0015c/fuzz) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From 44609d51065b5f62861ba4f821cc39a5ec749fc1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 12:26:37 +0100 Subject: examples/openssl: update make.sh --- examples/openssl/make.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/examples/openssl/make.sh b/examples/openssl/make.sh index 19d499c0..2eafe3e6 100755 --- a/examples/openssl/make.sh +++ b/examples/openssl/make.sh @@ -42,14 +42,20 @@ if [ -n "$SAN" ]; then SAN=".$SAN" fi +echo "Building honggfuzz fuzzers" for x in x509 privkey client server; do $CC $COMMON_FLAGS -g "$HFUZZ_SRC/examples/openssl/$x.c" -o "$TYPE$SAN.$x$SUFFIX" "$LIBSSL" "$LIBCRYPTO" $COMMON_LDFLAGS $SAN_COMPILE done +# We only need the part above, the rest is for debugging +exit 0 + +echo "Building fuzzers which accept input from stdin - for special purposes only" for x in x509 privkey client server; do $CC $COMMON_FLAGS -DHF_SSL_FROM_STDIN -g "$HFUZZ_SRC/examples/openssl/$x.c" -o "stdin.$TYPE$SAN.$x" "$LIBSSL" "$LIBCRYPTO" $COMMON_LDFLAGS $SAN_COMPILE done +echo "Building libFuzzer fuzzers" for x in x509 privkey client server; do clang++ $COMMON_FLAGS -g "$HFUZZ_SRC/examples/openssl/$x.c" -o "libfuzzer.$TYPE$SAN.$x$SUFFIX" "$LIBSSL" "$LIBCRYPTO" $COMMON_LDFLAGS $SAN_COMPILE -lFuzzer done -- cgit v1.2.3 From 77cf8b7319e932753e9cceb6934d35816865e293 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 12:29:37 +0100 Subject: example/openssl: readme --- examples/openssl/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/openssl/README.md b/examples/openssl/README.md index 0a5906a0..b948d8c5 100644 --- a/examples/openssl/README.md +++ b/examples/openssl/README.md @@ -3,9 +3,9 @@ **Requirements** * honggfuzz - * clang-4.0, or newer (5.0/6.0 work as well) - * openssl 1.1.0 (or, the master branch from git) - * libressl/boringssl/openssl-1.0.2 work as well, though they might require specific building instructions + * clang-5.0, or + * openssl 1.1.0 (or the github's master branch) + * libressl/boringssl should work as well, though they might require more specific building instructions **Preparation (for OpenSSL 1.1.0/master)** -- cgit v1.2.3 From 3e756b5e5b84161ebdb22c00a59aef021b1825a9 Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 29 Oct 2019 12:31:53 +0100 Subject: Update README.md --- examples/openssl/README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/examples/openssl/README.md b/examples/openssl/README.md index b948d8c5..fa9fcbee 100644 --- a/examples/openssl/README.md +++ b/examples/openssl/README.md @@ -3,7 +3,7 @@ **Requirements** * honggfuzz - * clang-5.0, or + * clang-5.0 or newer * openssl 1.1.0 (or the github's master branch) * libressl/boringssl should work as well, though they might require more specific building instructions @@ -21,13 +21,13 @@ $ mv openssl openssl-master ```shell $ cd openssl-master -$ /home/jagger/src/honggfuzz/examples/openssl/compile_hfuzz_openssl_master.sh [enable-asan|enable-msan|enable-ubsan] +$ /examples/openssl/compile_hfuzz_openssl_master.sh [enable-asan|enable-msan|enable-ubsan] ``` 4. Compile OpenSSL ```shell -$ make +$ make -j$(nproc) ``` 5. Prepare fuzzing binaries @@ -35,19 +35,19 @@ $ make The _make.sh_ script will compile honggfuzz and libFuzzer binaries. Syntax: ```shell -make.sh [address|memory|undefined] +/examples/openssl/make.sh [address|memory|undefined] ``` ```shell $ cd .. -$ /home/jagger/src/honggfuzz/examples/openssl/make.sh openssl-master address +$ /examples/openssl/make.sh openssl-master address ``` **Fuzzing** ```shell -$ /home/jagger/src/honggfuzz/honggfuzz -i corpus_server/ -P -- ./openssl-master.address.server -$ /home/jagger/src/honggfuzz/honggfuzz -i corpus_client/ -P -- ./openssl-master.address.client -$ /home/jagger/src/honggfuzz/honggfuzz -i corpus_x509/ -P -- ./openssl-master.address.x509 -$ /home/jagger/src/honggfuzz/honggfuzz -i corpus_privkey/ -P -- ./openssl-master.address.privkey +$ /examples/openssl/honggfuzz --input corpus_server/ -- ./openssl-master.address.server +$ /examples/openssl/honggfuzz --input corpus_client/ -- ./openssl-master.address.client +$ /examples/openssl/honggfuzz --input corpus_x509/ -- ./openssl-master.address.x509 +$ /examples/openssl/honggfuzz --input corpus_privkey/ -- ./openssl-master.address.privkey ``` -- cgit v1.2.3 From 3d78e4b5555cf2ba533124b5b4ec41bec6659a35 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 12:33:26 +0100 Subject: examples/openssl: fix compile_hfuzz_openssl_master.sh for openssl-master --- examples/openssl/compile_hfuzz_openssl_master.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/openssl/compile_hfuzz_openssl_master.sh b/examples/openssl/compile_hfuzz_openssl_master.sh index f64b6c61..6b77b095 100755 --- a/examples/openssl/compile_hfuzz_openssl_master.sh +++ b/examples/openssl/compile_hfuzz_openssl_master.sh @@ -4,6 +4,6 @@ CC=~/src/honggfuzz/hfuzz_cc/hfuzz-clang CXX="$CC"++ ./config \ -DPEDANTIC no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -O0 \ -fno-sanitize=alignment -lm -ggdb -gdwarf-4 --debug -fno-omit-frame-pointer \ enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 \ - enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-heartbeats enable-tls13downgrade \ + enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-heartbeats \ enable-aria enable-zlib enable-egd \ $@ -- cgit v1.2.3 From e68cf8f344163a9e199e5f608f585646ea81a385 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 12:35:41 +0100 Subject: examples/openssl: update make.sh --- examples/openssl/make.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/examples/openssl/make.sh b/examples/openssl/make.sh index 2eafe3e6..53d4f8d8 100755 --- a/examples/openssl/make.sh +++ b/examples/openssl/make.sh @@ -48,7 +48,9 @@ for x in x509 privkey client server; do done # We only need the part above, the rest is for debugging -exit 0 +if [ -z "$DEBUG" ]; then + exit 0 +fi echo "Building fuzzers which accept input from stdin - for special purposes only" for x in x509 privkey client server; do -- cgit v1.2.3 From 61d67cf427c2972f9805a69533bd4a739bde8cac Mon Sep 17 00:00:00 2001 From: robertswiecki Date: Tue, 29 Oct 2019 12:36:20 +0100 Subject: Update README.md --- examples/openssl/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/openssl/README.md b/examples/openssl/README.md index fa9fcbee..fde13da4 100644 --- a/examples/openssl/README.md +++ b/examples/openssl/README.md @@ -46,8 +46,8 @@ $ /examples/openssl/make.sh openssl-master address **Fuzzing** ```shell -$ /examples/openssl/honggfuzz --input corpus_server/ -- ./openssl-master.address.server -$ /examples/openssl/honggfuzz --input corpus_client/ -- ./openssl-master.address.client -$ /examples/openssl/honggfuzz --input corpus_x509/ -- ./openssl-master.address.x509 -$ /examples/openssl/honggfuzz --input corpus_privkey/ -- ./openssl-master.address.privkey +$ /honggfuzz --input corpus_server/ -- ./openssl-master.address.server +$ /honggfuzz --input corpus_client/ -- ./openssl-master.address.client +$ /honggfuzz --input corpus_x509/ -- ./openssl-master.address.x509 +$ /honggfuzz --input corpus_privkey/ -- ./openssl-master.address.privkey ``` -- cgit v1.2.3 From d52255c3134c452c6183ea82dbe87dad336ad966 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 16:52:24 +0100 Subject: readme --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 0985b3d5..fb42919c 100644 --- a/README.md +++ b/README.md @@ -118,7 +118,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__honggfuzz-rs__: fuzzing Rust with Honggfuzz](https://docs.rs/honggfuzz/) * [__roughenough-fuzz__](https://github.com/int08h/roughenough-fuzz) * [__Monkey__: a HTTP server](https://github.com/monkey/monkey/blob/master/FUZZ.md) - * [__Killerbeez API__](https://github.com/grimm-co/killerbeez-mutators) + * [__Killerbeez API__: a modular fuzzing framework bringing tools together into a standard format](https://github.com/grimm-co/killerbeez) * [__FuzzM__: a gray box model-based fuzzing framework](https://github.com/collins-research/FuzzM) * [__FuzzOS__: by Mozilla Security](https://github.com/MozillaSecurity/fuzzos) * [__Android__: by OHA](https://android.googlesource.com/platform/external/honggfuzz) @@ -127,9 +127,9 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__DeepState__: by Trail-of-Bits](https://github.com/trailofbits/deepstate) * [__Quiche-HTTP/3__: by Cloudflare](https://github.com/cloudflare/quiche/pull/179) * [__Bolero__: fuzz and property testing framework](https://github.com/camshaft/bolero) - * [__pwnmachine__](https://github.com/kapaw/pwnmachine/commit/9cbfc6f1f9547ed2d2a5d296f6d6cd8fac0bb7e1) - * [__Quick700__](https://github.com/Quick700/Quick700) - * [__python-fuzz__](https://github.com/thebabush/python-hfuzz) + * [__pwnmachine__: a vagrantfile for exploit development on Linux](https://github.com/kapaw/pwnmachine/commit/9cbfc6f1f9547ed2d2a5d296f6d6cd8fac0bb7e1) + * [__Quick700__: analyzing effectiveness of fuzzers on web browsers and web servers](https://github.com/Quick700/Quick700) + * [__python-fuzz__: gluing honggfuzz and python3](https://github.com/thebabush/python-hfuzz) * [__Magma__: a ground-truth fuzzing benchmark](https://github.com/HexHive/magma) * [__arbitrary-model-tests__: a procedural macro for testing stateful models](https://github.com/jakubadamw/arbitrary-model-tests) * [__Clusterfuzz__: the fuzzing engine behind OSS-fuzz/Chrome-fuzzing](https://github.com/google/clusterfuzz/issues/1128) -- cgit v1.2.3 From 2936a26c61c63e1a3a9e472f4669e085734821bf Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 17:50:20 +0100 Subject: readme --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fb42919c..6ddd8305 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [CVE-2010-2519](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2519) * [CVE-2010-2520](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2520) * [CVE-2010-2527](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2527) - * Stack corruption in the Windows OpenType parser: [#1](https://github.com/xinali/AfdkoFuzz/blob/master/CVE-2019-1117/README.md), [#2](https://github.com/xinali/AfdkoFuzz/tree/f6d6562dd19403cc5a1f8cef603ee69425b68b20/CVE-2019-1118) + * Stack corruption issues in the Windows OpenType parser: [#1](https://github.com/xinali/AfdkoFuzz/blob/4eadcb19eacb2fb73e4b0f0b34f382a9331bb3b4/CrashesAnalysis/CrashesAnalysis_3/README.md), [#2](https://github.com/xinali/AfdkoFuzz/blob/master/CVE-2019-1117/README.md), [#3](https://github.com/xinali/AfdkoFuzz/tree/f6d6562dd19403cc5a1f8cef603ee69425b68b20/CVE-2019-1118) * [Infinite loop in __NGINX Unit__](https://github.com/nginx/unit/commit/477e8177b70acb694759e62d830b8a311a736324) * A couple of problems in the [__MATLAB MAT File I/O Library__](https://sourceforge.net/projects/matio): [#1](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#2](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#3](https://github.com/tbeu/matio/commit/a55b9c2c01582b712d5a643699a13b5c41687db1), [#4](https://github.com/tbeu/matio/commit/3e6283f37652e29e457ab9467f7738a562594b6b), [#5](https://github.com/tbeu/matio/commit/783ee496a6914df68e77e6019054ad91e8ed6420) * [Samba's tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206) @@ -103,7 +103,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * crashes in rust-bitcoin/rust-lightning [#1](https://github.com/rust-bitcoin/rust-lightning/commit/a9aa3c37fe182dd266e0faebc788e0c9ee724783) * ... and more -# Projects which make use of Honggfuzz +# Projects utilizing or inspired-by Honggfuzz * [__QuickFuzz__ by CIFASIS](http://quickfuzz.org) * [__OSS-Fuzz__](https://github.com/google/oss-fuzz) @@ -143,6 +143,8 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__Canokey Core__: core implementations of an open-source secure key](https://github.com/canokeys/canokey-core/search?q=honggfuzz&unscoped_q=honggfuzz) * [__uberfuzz2__: a cooperative fuzzing framework](https://github.com/acidghost/uberfuzz2) * [__TiKV__: a distributed transactional key-value database](https://github.com/tikv/tikv/tree/99a922564face31bdb59b5b38962339f79e0015c/fuzz) + * [__fuzz-monitor__](https://github.com/acidghost/fuzz-monitor/search?q=honggfuzz&unscoped_q=honggfuzz) + * [__libmutator__: a C library intended to generate random test cases by mutating legitimate test cases](https://github.com/denandz/libmutator) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From 5e2367c1c38f3008fcec374f6e1bff6221084e1d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 17:53:02 +0100 Subject: readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6ddd8305..26e67704 100644 --- a/README.md +++ b/README.md @@ -13,12 +13,12 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte * It's blazingly fast when the [persistent fuzzing mode](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md)) is used. A simple/empty _LLVMFuzzerTestOneInput_ function can be tested with __up to 1mo iterations per second__ on a relatively modern CPU (e.g. i7-6700K). * Has a [solid track record](#trophies) of uncovered security bugs: the __only__ (to the date) __vulnerability in OpenSSL with the [critical](https://www.openssl.org/news/secadv/20160926.txt) score mark__ was discovered by honggfuzz. See the [Trophies](#trophies) paragraph for the summary of findings to the date. * Uses low-level interfaces to monitor processes (e.g. _ptrace_ under Linux and NetBSD). As opposed to other fuzzers, it __will discover and report hijacked/ignored signals from crashes__ (intercepted and potentially hidden by a fuzzed program). - * Easy-to-use, feed it a simple corpus directory (can even be empty for [feedback-driven fuzzing]) and it will work its way up, expanding it by utilizing feedback-based coverage metrics. + * Easy-to-use, feed it a simple corpus directory (can even be empty for the [feedback-driven fuzzing](https://github.com/google/honggfuzz/blob/master/docs/FeedbackDrivenFuzzing.md)), and it will work its way up, expanding it by utilizing feedback-based coverage metrics. * Supports several (more than any other coverage-based feedback-driven fuzzer) hardware-based (CPU: branch/instruction counting, __Intel BTS__, __Intel PT__) and software-based [feedback-driven fuzzing](https://github.com/google/honggfuzz/blob/master/docs/FeedbackDrivenFuzzing.md) modes. Also, see the new __[qemu mode](https://github.com/google/honggfuzz/tree/master/qemu_mode)__ for blackbox binary fuzzing. * Works (at least) under GNU/Linux, FreeBSD, NetBSD, Mac OS X, Windows/CygWin and [Android](https://github.com/google/honggfuzz/blob/master/docs/Android.md). * Supports the __persistent fuzzing mode__ (long-lived process calling a fuzzed API repeatedly). More on that can be found [here](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md). * It comes with the __[examples](https://github.com/google/honggfuzz/tree/master/examples) directory__, consisting of real world fuzz setups for widely-used software (e.g. Apache HTTPS, OpenSSL, libjpeg etc.). - * Provides __[corpus minimization](https://github.com/google/honggfuzz/blob/master/docs/USAGE.md#corpus-minimization--m)__ modes. + * Provides a __[corpus minimization](https://github.com/google/honggfuzz/blob/master/docs/USAGE.md#corpus-minimization--m)__ mode. --- -- cgit v1.2.3 From 6022885156e1a5eac1c4a42285bb69d905427b39 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 17:54:51 +0100 Subject: readme --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 26e67704..bf6eff3c 100644 --- a/README.md +++ b/README.md @@ -118,7 +118,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__honggfuzz-rs__: fuzzing Rust with Honggfuzz](https://docs.rs/honggfuzz/) * [__roughenough-fuzz__](https://github.com/int08h/roughenough-fuzz) * [__Monkey__: a HTTP server](https://github.com/monkey/monkey/blob/master/FUZZ.md) - * [__Killerbeez API__: a modular fuzzing framework bringing tools together into a standard format](https://github.com/grimm-co/killerbeez) + * [__Killerbeez API__: a modular fuzzing framework](https://github.com/grimm-co/killerbeez) * [__FuzzM__: a gray box model-based fuzzing framework](https://github.com/collins-research/FuzzM) * [__FuzzOS__: by Mozilla Security](https://github.com/MozillaSecurity/fuzzos) * [__Android__: by OHA](https://android.googlesource.com/platform/external/honggfuzz) @@ -139,7 +139,6 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__Fluent Bit__: a fast log processor and forwarder for Linux](https://github.com/fluent/fluent-bit/search?q=honggfuzz&unscoped_q=honggfuzz) * [__Samba__: a SMB server](https://github.com/samba-team/samba/blob/2a90202052558c945e02675d1331e65aeb15f9fa/lib/fuzzing/README.md) * [__universal-fuzzing-docker__: by nnamon](https://github.com/nnamon/universal-fuzzing-docker) - * [__orion__: a monorepo for building and publishing multiple Docker containers as microservices by Mozilla Security](https://github.com/MozillaSecurity/orion/search?q=honggfuzz&unscoped_q=honggfuzz) * [__Canokey Core__: core implementations of an open-source secure key](https://github.com/canokeys/canokey-core/search?q=honggfuzz&unscoped_q=honggfuzz) * [__uberfuzz2__: a cooperative fuzzing framework](https://github.com/acidghost/uberfuzz2) * [__TiKV__: a distributed transactional key-value database](https://github.com/tikv/tikv/tree/99a922564face31bdb59b5b38962339f79e0015c/fuzz) -- cgit v1.2.3 From a460d179d2a0f9491c4b7dca9945534fcecbbd3e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 29 Oct 2019 20:28:42 +0100 Subject: readme --- README.md | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 0985b3d5..f03cc486 100644 --- a/README.md +++ b/README.md @@ -30,19 +30,19 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte # Requirements - * **Linux** - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev), clang-4.0 or higher for software-based coverage modes - * **FreeBSD** - gmake, clang-3.6 or newer (clang-devel/4.0 suggested) + * **Linux** - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev), clang-5.0 or higher for software-based coverage modes + * **FreeBSD** - gmake, clang-5.0 or newer * **NetBSD** - gmake, clang, capstone, libBlocksRuntime * **Android** - Android SDK/NDK. Also see [this detailed doc](https://github.com/google/honggfuzz/blob/master/docs/Android.md) on how to build and run it * **Windows** - CygWin * **Darwin/OS X** - Xcode 10.8+ * if **Clang/LLVM** is used to compile honggfuzz - link it with the BlocksRuntime Library (libblocksruntime-dev) - # Trophies Honggfuzz has been used to find a few interesting security problems in major software packages; An incomplete list: + * [Pre-auth remote crash in __OpenSSH__](https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737) * __Apache HTTPD__ * [Remote crash in __mod\_http2__ • CVE-2017-7659](http://seclists.org/oss-sec/2017/q2/504) @@ -146,14 +146,6 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -# Fuzzing examples - -The [examples](https://github.com/google/honggfuzz/tree/master/examples/) -directory contains code demonstrating (among others) how to use honggfuzz to find bugs in the -[OpenSSL](https://github.com/google/honggfuzz/tree/master/examples/openssl) -library and in the [Apache](https://github.com/google/honggfuzz/tree/master/examples/apache-httpd) -HTTPD web server. - # Contact * User mailing list: [honggfuzz@googlegroups.com](mailto:honggfuzz@googlegroups.com), sign up with [this link](https://groups.google.com/forum/#!forum/honggfuzz). -- cgit v1.2.3 From ac7df4eddcbf10a870e94933e13405544550bac4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 30 Oct 2019 00:38:09 +0100 Subject: android: make make android-all work --- Makefile | 66 +++++++++--------------- android/Android.mk | 5 +- linux/trace.c | 4 +- third_party/android/scripts/compile-capstone.sh | 4 +- third_party/android/scripts/compile-libunwind.sh | 36 ++++--------- 5 files changed, 40 insertions(+), 75 deletions(-) diff --git a/Makefile b/Makefile index 6436ac5f..1f696046 100644 --- a/Makefile +++ b/Makefile @@ -196,7 +196,6 @@ endif # Control Android builds ANDROID_API ?= android-26 ANDROID_DEBUG_ENABLED ?= false -ANDROID_CLANG ?= true ANDROID_APP_ABI ?= armeabi-v7a ANDROID_SKIP_CLEAN ?= false NDK_BUILD_ARGS := @@ -213,41 +212,26 @@ ifeq ($(ANDROID_SKIP_CLEAN),true) NDK_BUILD_ARGS += NDK_APP.local.cleaned_binaries=true endif -ifeq ($(ANDROID_CLANG),true) - ANDROID_NDK_TOOLCHAIN_VER := clang - # clang works only against APIs >= 23 - ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),armeabi armeabi-v7a)) - ANDROID_NDK_TOOLCHAIN ?= arm-linux-androideabi-clang - ANDROID_ARCH_CPU := arm - else ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),x86)) - ANDROID_NDK_TOOLCHAIN ?= x86-clang - ANDROID_ARCH_CPU := x86 - else ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),arm64-v8a)) - ANDROID_NDK_TOOLCHAIN ?= aarch64-linux-android-clang - ANDROID_ARCH_CPU := arm64 - else ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),x86_64)) - ANDROID_NDK_TOOLCHAIN ?= x86_64-clang - ANDROID_ARCH_CPU := x86_64 - else - $(error Unsuported / Unknown APP_API '$(ANDROID_APP_ABI)') - endif +ANDROID_NDK_TOOLCHAIN_VER := clang +# clang works only against APIs >= 23 +ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),armeabi-v7a)) + ANDROID_NDK_TOOLCHAIN ?= arm-linux-androideabi-clang + ANDROID_ARCH_CPU := arm + ANDROID_CLANG_PREFIX := armv7a +else ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),x86)) + ANDROID_NDK_TOOLCHAIN ?= x86-clang + ANDROID_ARCH_CPU := x86 + ANDROID_CLANG_PREFIX := i686 +else ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),arm64-v8a)) + ANDROID_NDK_TOOLCHAIN ?= aarch64-linux-android-clang + ANDROID_ARCH_CPU := arm64 + ANDROID_CLANG_PREFIX := aarch64 +else ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),x86_64)) + ANDROID_NDK_TOOLCHAIN ?= x86_64-clang + ANDROID_ARCH_CPU := x86_64 + ANDROID_CLANG_PREFIX := x86_64 else - ANDROID_NDK_TOOLCHAIN_VER := 4.9 - ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),armeabi armeabi-v7a)) - ANDROID_NDK_TOOLCHAIN ?= arm-linux-androideabi-4.9 - ANDROID_ARCH_CPU := arm - else ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),x86)) - ANDROID_NDK_TOOLCHAIN ?= x86-4.9 - ANDROID_ARCH_CPU := x86 - else ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),arm64-v8a)) - ANDROID_NDK_TOOLCHAIN ?= aarch64-linux-android-4.9 - ANDROID_ARCH_CPU := arm64 - else ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),x86_64)) - ANDROID_NDK_TOOLCHAIN ?= x86_64-4.9 - ANDROID_ARCH_CPU := x86_64 - else - $(error Unsuported / Unknown APP_API '$(ANDROID_APP_ABI)') - endif + $(error Unsuported / Unknown APP_API '$(ANDROID_APP_ABI)') endif SUBDIR_ROOTS := linux mac netbsd posix libhfuzz libhfcommon libhfnetdriver @@ -314,7 +298,7 @@ depend: all .PHONY: android android: $(info ***************************************************************) - $(info * Use Android NDK 15 or newer *) + $(info * Use Android NDK 20 or newer *) $(info ***************************************************************) @ANDROID_API=$(ANDROID_API) third_party/android/scripts/compile-libunwind.sh \ third_party/android/libunwind $(ANDROID_ARCH_CPU) @@ -322,10 +306,8 @@ android: @ANDROID_API=$(ANDROID_API) third_party/android/scripts/compile-capstone.sh \ third_party/android/capstone $(ANDROID_ARCH_CPU) - ifeq ($(ANDROID_CLANG),true) - @ANDROID_API=$(ANDROID_API) third_party/android/scripts/compile-libBlocksRuntime.sh \ - third_party/android/libBlocksRuntime $(ANDROID_ARCH_CPU) - endif + @ANDROID_API=$(ANDROID_API) third_party/android/scripts/compile-libBlocksRuntime.sh \ + third_party/android/libBlocksRuntime $(ANDROID_ARCH_CPU) ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./android/Android.mk \ APP_PLATFORM=$(ANDROID_API) APP_ABI=$(ANDROID_APP_ABI) \ @@ -339,8 +321,8 @@ android-all: $(MAKE) clean @echo "" - @for abi in armeabi armeabi-v7a arm64-v8a x86 x86_64; do \ - ANDROID_APP_ABI=$$abi ANDROID_SKIP_CLEAN=true ANDROID_CLANG=$(ANDROID_CLANG) \ + for abi in armeabi-v7a arm64-v8a x86 x86_64; do \ + ANDROID_APP_ABI=$$abi ANDROID_SKIP_CLEAN=true ANDROID_CLANG_PREFIX=$(ANDROID_CLANG_PREFIX) \ ANDROID_API=$(ANDROID_API) ANDROID_DEBUG_ENABLED=$(ANDROID_DEBUG_ENABLED) \ $(MAKE) android || { \ echo "Recursive make failed"; exit 1; }; \ diff --git a/android/Android.mk b/android/Android.mk index 280695d9..d1135ef4 100644 --- a/android/Android.mk +++ b/android/Android.mk @@ -135,8 +135,9 @@ endif COMMON_CFLAGS := -std=c11 \ -D_GNU_SOURCE \ -Wall -Wextra -Wno-initializer-overrides -Wno-override-init \ - -Wno-unknown-warning-option -Werror -funroll-loops -O2 \ - -Wframe-larger-than=60000 -Wno-format-truncation + -Wno-atomic-alignment -Wno-unknown-warning-option \ + -Werror -funroll-loops -O2 \ + -Wframe-larger-than=60000 -Wno-format-truncation \ ifneq (,$(findstring clang,$(NDK_TOOLCHAIN))) COMMON_CFLAGS += -fblocks -fno-sanitize=address,undefined,memory,thread -fsanitize-coverage=0 diff --git a/linux/trace.c b/linux/trace.c index 3d827ee2..46495cf8 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -582,8 +582,8 @@ static void arch_traceGenerateReport( util_ssnprintf( run->report, sizeof(run->report), " <" REG_PD REG_PM "> ", (REG_TYPE)(long)funcs[i].pc); if (funcs[i].func[0] != '\0') - util_ssnprintf(run->report, sizeof(run->report), "[%s() + 0x%x at %s]\n", funcs[i].func, - funcs[i].line, funcs[i].mapName); + util_ssnprintf(run->report, sizeof(run->report), "[%s() + 0x%tx at %s]\n", + funcs[i].func, funcs[i].line, funcs[i].mapName); else util_ssnprintf(run->report, sizeof(run->report), "[]\n"); #else diff --git a/third_party/android/scripts/compile-capstone.sh b/third_party/android/scripts/compile-capstone.sh index 82c7d22c..830c522d 100755 --- a/third_party/android/scripts/compile-capstone.sh +++ b/third_party/android/scripts/compile-capstone.sh @@ -145,8 +145,8 @@ HOST_OS=$(uname -s | tr '[:upper:]' '[:lower:]') HOST_ARCH=$(uname -m) SYSROOT="$NDK/platforms/$ANDROID_API/arch-$ARCH" -export CC="$NDK/toolchains/$TOOLCHAIN_S/prebuilt/$HOST_OS-$HOST_ARCH/bin/$TOOLCHAIN-gcc --sysroot=$SYSROOT -isystem $NDK/sysroot/usr/include/$TOOLCHAIN -isystem $NDK/sysroot/usr/include/ -D__ANDROID_API__=$ANDROID_API_V" -export CXX="$NDK/toolchains/$TOOLCHAIN_S/prebuilt/$HOST_OS-$HOST_ARCH/bin/$TOOLCHAIN-g++ --sysroot=$SYSROOT -isystem $NDK/sysroot/usr/include/$TOOLCHAIN -isystem $NDK/sysroot/usr/include/ -D__ANDROID_API__=$ANDROID_API_V" +export CC=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-*-clang | sort -n | tail -n1` +export CXX=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-*-clang++ | sort -n | tail -n1` export PATH="$NDK/toolchains/$TOOLCHAIN_S/prebuilt/$HOST_OS-$HOST_ARCH/bin":$PATH # We need to construct a cross variable that capstone Makefile can pick ar, strip & ranlib from diff --git a/third_party/android/scripts/compile-libunwind.sh b/third_party/android/scripts/compile-libunwind.sh index 53d2eaf5..4a4a246d 100755 --- a/third_party/android/scripts/compile-libunwind.sh +++ b/third_party/android/scripts/compile-libunwind.sh @@ -15,24 +15,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -#set -x # debug +set -x # debug readonly JOBS=$(getconf _NPROCESSORS_ONLN) abort() { - # Revert patches if not debugging - if [[ "$-" == *x* ]]; then - echo "[!] git patches are not reverted since running under debug mode" - else - # Extra care to ensure we're under expected project - if [[ $# -eq 1 && "$(basename $(git rev-parse --show-toplevel))" == "libunwind" ]]; then - echo "[*] Resetting locally applied patches" - git reset --hard &>/dev/null || { - echo "[-] git reset failed" - } - fi - fi - cd - &>/dev/null exit "$1" } @@ -147,6 +134,8 @@ esac # TODO: Automate global patching when all archs have been tested # Ptrace patches due to Android incompatibilities +git reset --hard + git apply --check ../patches/libunwind.patch if [ $? -eq 0 ]; then git apply ../patches/libunwind.patch @@ -165,20 +154,20 @@ HOST_ARCH=$(uname -m) SYSROOT="$NDK/platforms/$ANDROID_API/arch-$ARCH" -export CC="$NDK/toolchains/$TOOLCHAIN_S/prebuilt/$HOST_OS-$HOST_ARCH/bin/$TOOLCHAIN-gcc" -export CXX="$NDK/toolchains/$TOOLCHAIN_S/prebuilt/$HOST_OS-$HOST_ARCH/bin/$TOOLCHAIN-g++" +export CC=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-*-clang | sort -n | tail -n1` +export CXX=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-*-clang++ | sort -n | tail -n1` export PATH="$NDK/toolchains/$TOOLCHAIN_S/prebuilt/$HOST_OS-$HOST_ARCH/bin":$PATH if [ ! -x "$CC" ]; then - echo "[-] gcc doesn't exist: $CC" + echo "[-] clang doesn't exist: $CC" abort 1 elif [ ! -x "$CXX" ]; then - echo "[-] g++ doesn't exist: $CXX" + echo "[-] clang++ doesn't exist: $CXX" abort 1 fi -export CC="$CC --sysroot=$SYSROOT -isystem $NDK/sysroot/usr/include/$TOOLCHAIN -isystem $NDK/sysroot/usr/include/ -D__ANDROID_API__=$ANDROID_API_V" -export CXX="$CXX --sysroot=$SYSROOT -isystem $NDK/sysroot/usr/include/$TOOLCHAIN -isystem $NDK/sysroot/usr/include/ -D__ANDROID_API__=$ANDROID_API_V" +export CC +export CXX if [ ! -f configure ]; then NOCONFIGURE=true ./autogen.sh @@ -198,13 +187,6 @@ if [ $? -ne 0 ]; then abort 1 fi -# Fix stuff that configure failed to detect -# TODO: Investigate for more elegant patches -if [ "$ARCH" == "arm64" ]; then - sed -i -e 's/#define HAVE_DECL_PTRACE_POKEUSER 1/#define HAVE_DECL_PTRACE_POKEUSER 0/g' include/config.h - echo "#define HAVE_DECL_PT_GETREGSET 1" >> include/config.h -fi - make -j"$JOBS" CFLAGS="$LC_CFLAGS" LDFLAGS="$LC_LDFLAGS" if [ $? -ne 0 ]; then echo "[-] Compilation failed" -- cgit v1.2.3 From ca85ae00e4b1558c6674c5b2571dc4376d1ae060 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 30 Oct 2019 01:20:03 +0100 Subject: make android-all work --- Makefile | 6 ++-- android/Android.mk | 16 +++++------ third_party/android/scripts/compile-capstone.sh | 33 +--------------------- .../android/scripts/compile-libBlocksRuntime.sh | 12 +------- third_party/android/scripts/compile-libunwind.sh | 32 +-------------------- 5 files changed, 14 insertions(+), 85 deletions(-) diff --git a/Makefile b/Makefile index 1f696046..86ce747d 100644 --- a/Makefile +++ b/Makefile @@ -300,13 +300,13 @@ android: $(info ***************************************************************) $(info * Use Android NDK 20 or newer *) $(info ***************************************************************) - @ANDROID_API=$(ANDROID_API) third_party/android/scripts/compile-libunwind.sh \ + @ANDROID_API=$(ANDROID_API) ANDROID_CLANG_PREFIX=$(ANDROID_CLANG_PREFIX) third_party/android/scripts/compile-libunwind.sh \ third_party/android/libunwind $(ANDROID_ARCH_CPU) - @ANDROID_API=$(ANDROID_API) third_party/android/scripts/compile-capstone.sh \ + @ANDROID_API=$(ANDROID_API) ANDROID_CLANG_PREFIX=$(ANDROID_CLANG_PREFIX) third_party/android/scripts/compile-capstone.sh \ third_party/android/capstone $(ANDROID_ARCH_CPU) - @ANDROID_API=$(ANDROID_API) third_party/android/scripts/compile-libBlocksRuntime.sh \ + @ANDROID_API=$(ANDROID_API) ANDROID_CLANG_PREFIX=$(ANDROID_CLANG_PREFIX) third_party/android/scripts/compile-libBlocksRuntime.sh \ third_party/android/libBlocksRuntime $(ANDROID_ARCH_CPU) ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./android/Android.mk \ diff --git a/android/Android.mk b/android/Android.mk index d1135ef4..f3aa4078 100644 --- a/android/Android.mk +++ b/android/Android.mk @@ -45,7 +45,7 @@ ifeq ($(APP_ABI),$(filter $(APP_ABI),armeabi armeabi-v7a)) else ifeq ($(APP_ABI),$(filter $(APP_ABI),x86)) ARCH_ABI := x86 else ifeq ($(APP_ABI),$(filter $(APP_ABI),arm64-v8a)) - ARCH_ABI := arm64 + ARCH_ABI := aarch64 else ifeq ($(APP_ABI),$(filter $(APP_ABI),x86_64)) ARCH_ABI := x86_64 else @@ -64,7 +64,7 @@ ifeq ($(ANDROID_WITH_PTRACE),true) endif # Upstream libunwind compiled from sources with Android NDK toolchain - LIBUNWIND_A := third_party/android/libunwind/$(ARCH_ABI)/libunwind-$(ARCH_ABI).a + LIBUNWIND_A := third_party/android/libunwind/src/.libs/libunwind-$(ARCH_ABI).a ifeq ("$(wildcard $(LIBUNWIND_A))","") $(error libunwind-$(ARCH_ABI) is missing - to build execute \ 'third_party/android/scripts/compile-libunwind.sh third_party/android/libunwind $(ARCH_ABI)') @@ -72,29 +72,29 @@ ifeq ($(ANDROID_WITH_PTRACE),true) include $(CLEAR_VARS) LOCAL_MODULE := libunwind - LOCAL_SRC_FILES := third_party/android/libunwind/$(ARCH_ABI)/libunwind.a + LOCAL_SRC_FILES := third_party/android/libunwind/src/.libs/libunwind.a LOCAL_EXPORT_C_INCLUDES := third_party/android/libunwind/include include $(PREBUILT_STATIC_LIBRARY) include $(CLEAR_VARS) LOCAL_MODULE := libunwind-arch - LOCAL_SRC_FILES := third_party/android/libunwind/$(ARCH_ABI)/libunwind-$(ARCH_ABI).a + LOCAL_SRC_FILES := third_party/android/libunwind/src/.libs/libunwind-$(ARCH_ABI).a LOCAL_EXPORT_C_INCLUDES := third_party/android/libunwind/include include $(PREBUILT_STATIC_LIBRARY) include $(CLEAR_VARS) LOCAL_MODULE := libunwind-ptrace - LOCAL_SRC_FILES := third_party/android/libunwind/$(ARCH_ABI)/libunwind-ptrace.a + LOCAL_SRC_FILES := third_party/android/libunwind/src/.libs/libunwind-ptrace.a LOCAL_EXPORT_C_INCLUDES := third_party/android/libunwind/include include $(PREBUILT_STATIC_LIBRARY) LOCAL_MODULE := libunwind-dwarf-generic - LOCAL_SRC_FILES := third_party/android/libunwind/$(ARCH_ABI)/libunwind-dwarf-generic.a + LOCAL_SRC_FILES := third_party/android/libunwind/src/.libs/libunwind-dwarf-generic.a LOCAL_EXPORT_C_INCLUDES := third_party/android/libunwind/include include $(PREBUILT_STATIC_LIBRARY) # Upstream capstone compiled from sources with Android NDK toolchain - LIBCAPSTONE_A := third_party/android/capstone/$(ARCH_ABI)/libcapstone.a + LIBCAPSTONE_A := third_party/android/capstone/libcapstone.a ifeq ("$(wildcard $(LIBCAPSTONE_A))","") $(error libcapstone is missing - to build execute \ 'third_party/android/scripts/compile-capstone.sh third_party/android/capstone $(ARCH_ABI)') @@ -107,7 +107,7 @@ ifeq ($(ANDROID_WITH_PTRACE),true) endif ifneq (,$(findstring clang,$(NDK_TOOLCHAIN))) - LIBBRT_A := third_party/android/libBlocksRuntime/$(ARCH_ABI)/libblocksruntime.a + LIBBRT_A := third_party/android/libBlocksRuntime/obj/local/$(APP_ABI)/libblocksruntime.a ifeq ("$(wildcard $(LIBBRT_A))","") $(error libBlocksRuntime is missing - to build execute \ 'third_party/android/scripts/compile-libBlocksRuntime.sh third_party/android/libBlocksRuntime $(ARCH_ABI)') diff --git a/third_party/android/scripts/compile-capstone.sh b/third_party/android/scripts/compile-capstone.sh index 830c522d..cb071b0a 100755 --- a/third_party/android/scripts/compile-capstone.sh +++ b/third_party/android/scripts/compile-capstone.sh @@ -48,10 +48,6 @@ if [ ! -f "$hooksDir/post-checkout" ]; then cat > "$hooksDir/post-checkout" <<'endmsg' #!/usr/bin/env bash -rm -f arm/*.a -rm -f arm64/*.a -rm -f x86/*.a -rm -f x86_64/*.a endmsg chmod +x "$hooksDir/post-checkout" fi @@ -69,28 +65,7 @@ if [ -z "$NDK" ]; then fi fi -case "$2" in - arm|arm64|x86|x86_64) - readonly ARCH=$2 - if [ ! -d $ARCH ] ; then mkdir -p $ARCH; fi - ;; - *) - echo "[-] Invalid CPU architecture" - abort 1 - ;; -esac - -# Check if previous build exists and matches selected ANDROID_API level -# If API cache file not there always rebuild -if [ -f "$ARCH/libcapstone.a" ]; then - if [ -f "$ARCH/android_api.txt" ]; then - old_api=$(cat "$ARCH/android_api.txt") - if [[ "$old_api" == "$ANDROID_API" ]]; then - # No need to recompile - abort 0 - fi - fi -fi +ARCH="$2" case "$ARCH" in arm) @@ -149,9 +124,6 @@ export CC=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_P export CXX=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-*-clang++ | sort -n | tail -n1` export PATH="$NDK/toolchains/$TOOLCHAIN_S/prebuilt/$HOST_OS-$HOST_ARCH/bin":$PATH -# We need to construct a cross variable that capstone Makefile can pick ar, strip & ranlib from -export CROSS="$NDK/toolchains/$TOOLCHAIN_S/prebuilt/$HOST_OS-$HOST_ARCH/bin/$TOOLCHAIN-" CFLAGS="--sysroot=$SYSROOT -isystem $NDK/sysroot/usr/include/$TOOLCHAIN -isystem $NDK/sysroot/usr/include/" LDFLAGS="--sysroot=$SYSROOT -isystem $NDK/sysroot/usr/include/$TOOLCHAIN -isystem $NDK/sysroot/usr/include/" - # Build it make clean @@ -165,7 +137,4 @@ else echo "[*] '$ARCH' libcapstone available at '$CAPSTONE_DIR/$ARCH'" fi -cp libcapstone.a "$ARCH/" -echo "$ANDROID_API" > "$ARCH/android_api.txt" - abort 0 diff --git a/third_party/android/scripts/compile-libBlocksRuntime.sh b/third_party/android/scripts/compile-libBlocksRuntime.sh index aa28f233..95a50488 100755 --- a/third_party/android/scripts/compile-libBlocksRuntime.sh +++ b/third_party/android/scripts/compile-libBlocksRuntime.sh @@ -53,17 +53,7 @@ case "$2" in ;; esac -# Check if previous build exists and matches selected ANDROID_API level -# If API cache file not there always rebuild -if [ -f "$BRT_DIR/$ARCH/libblocksruntime.a" ]; then - if [ -f "$BRT_DIR/$ARCH/android_api.txt" ]; then - old_api=$(cat "$BRT_DIR/$ARCH/android_api.txt") - if [[ "$old_api" == "$ANDROID_API" ]]; then - # No need to recompile - exit 0 - fi - fi -fi +ARCH="$2" case "$ARCH" in arm) diff --git a/third_party/android/scripts/compile-libunwind.sh b/third_party/android/scripts/compile-libunwind.sh index 4a4a246d..4a01ed5a 100755 --- a/third_party/android/scripts/compile-libunwind.sh +++ b/third_party/android/scripts/compile-libunwind.sh @@ -50,10 +50,6 @@ if [ ! -f "$hooksDir/post-checkout" ]; then cat > "$hooksDir/post-checkout" <<'endmsg' #!/usr/bin/env bash -rm -f arm/*.a -rm -f arm64/*.a -rm -f x86/*.a -rm -f x86_64/*.a endmsg chmod +x "$hooksDir/post-checkout" fi @@ -80,35 +76,9 @@ if ! echo "$ANDROID_API" | grep -qoE 'android-[0-9]{1,2}'; then fi ANDROID_API_V=$(echo "$ANDROID_API" | grep -oE '[0-9]{1,2}$') -case "$2" in - arm|arm64|x86|x86_64) - readonly ARCH="$2" - if [ ! -d "$ARCH" ] ; then mkdir -p "$ARCH"; fi - ;; - *) - echo "[-] Invalid architecture" - abort 1 - ;; -esac - -# Check if previous build exists and matches selected ANDROID_API level -# If API cache file not there always rebuild -if [ -f "$ARCH/libunwind-$ARCH.a" ]; then - if [ -f "$ARCH/android_api.txt" ]; then - old_api=$(cat "$ARCH/android_api.txt") - if [[ "$old_api" == "$ANDROID_API" ]]; then - # No need to recompile - abort 0 true - fi - fi -fi - LC_LDFLAGS="-static" -# For debugging -# Remember to export UNW_DEBUG_LEVEL= -# where 1 < level < 16 (usually values up to 5 are enough) -#LC_CFLAGS="$LC_FLAGS -DDEBUG" +ARCH="$2" # Prepare toolchain case "$ARCH" in -- cgit v1.2.3 From ba75578081d06e10cb7e4db4d7b130c93eab6d97 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 30 Oct 2019 01:26:33 +0100 Subject: make android-all work with proper API level --- third_party/android/scripts/compile-capstone.sh | 4 ++-- third_party/android/scripts/compile-libunwind.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/third_party/android/scripts/compile-capstone.sh b/third_party/android/scripts/compile-capstone.sh index cb071b0a..08fa0aa3 100755 --- a/third_party/android/scripts/compile-capstone.sh +++ b/third_party/android/scripts/compile-capstone.sh @@ -120,8 +120,8 @@ HOST_OS=$(uname -s | tr '[:upper:]' '[:lower:]') HOST_ARCH=$(uname -m) SYSROOT="$NDK/platforms/$ANDROID_API/arch-$ARCH" -export CC=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-*-clang | sort -n | tail -n1` -export CXX=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-*-clang++ | sort -n | tail -n1` +export CC=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-android*"$ANDROID_API_V"-clang` +export CXX=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-android*"$ANDROID_API_V"-clang++` export PATH="$NDK/toolchains/$TOOLCHAIN_S/prebuilt/$HOST_OS-$HOST_ARCH/bin":$PATH # Build it diff --git a/third_party/android/scripts/compile-libunwind.sh b/third_party/android/scripts/compile-libunwind.sh index 4a01ed5a..1dc51e23 100755 --- a/third_party/android/scripts/compile-libunwind.sh +++ b/third_party/android/scripts/compile-libunwind.sh @@ -124,8 +124,8 @@ HOST_ARCH=$(uname -m) SYSROOT="$NDK/platforms/$ANDROID_API/arch-$ARCH" -export CC=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-*-clang | sort -n | tail -n1` -export CXX=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-*-clang++ | sort -n | tail -n1` +export CC=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-android*"$ANDROID_API_V"-clang` +export CXX=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-android*"$ANDROID_API_V"-clang++` export PATH="$NDK/toolchains/$TOOLCHAIN_S/prebuilt/$HOST_OS-$HOST_ARCH/bin":$PATH if [ ! -x "$CC" ]; then -- cgit v1.2.3 From 63720249060b28e837a8eea9a59eb8b9a3118416 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 30 Oct 2019 09:37:51 +0100 Subject: readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1bc755e1..27db4960 100644 --- a/README.md +++ b/README.md @@ -145,6 +145,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__TiKV__: a distributed transactional key-value database](https://github.com/tikv/tikv/tree/99a922564face31bdb59b5b38962339f79e0015c/fuzz) * [__fuzz-monitor__](https://github.com/acidghost/fuzz-monitor/search?q=honggfuzz&unscoped_q=honggfuzz) * [__libmutator__: a C library intended to generate random test cases by mutating legitimate test cases](https://github.com/denandz/libmutator) + * [__StatZone__: a DNS zone file analyzer](https://github.com/fcambus/statzone) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From 890fb6830f5c2dcf2c642ffa185b63c06c3186c2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 30 Oct 2019 09:54:01 +0100 Subject: android: use better logic for finding the compiler --- Makefile | 17 +++++++++-------- third_party/android/scripts/compile-capstone.sh | 14 ++------------ third_party/android/scripts/compile-libunwind.sh | 10 ++-------- 3 files changed, 13 insertions(+), 28 deletions(-) diff --git a/Makefile b/Makefile index 86ce747d..471ee2a2 100644 --- a/Makefile +++ b/Makefile @@ -216,24 +216,25 @@ ANDROID_NDK_TOOLCHAIN_VER := clang # clang works only against APIs >= 23 ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),armeabi-v7a)) ANDROID_NDK_TOOLCHAIN ?= arm-linux-androideabi-clang + ANDROID_NDK_COMPILER_PREFIX := armv7a-linux-androideabi ANDROID_ARCH_CPU := arm - ANDROID_CLANG_PREFIX := armv7a else ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),x86)) ANDROID_NDK_TOOLCHAIN ?= x86-clang + ANDROID_NDK_COMPILER_PREFIX := i686-linux-android ANDROID_ARCH_CPU := x86 - ANDROID_CLANG_PREFIX := i686 else ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),arm64-v8a)) ANDROID_NDK_TOOLCHAIN ?= aarch64-linux-android-clang + ANDROID_NDK_COMPILER_PREFIX := aarch64-linux-android ANDROID_ARCH_CPU := arm64 - ANDROID_CLANG_PREFIX := aarch64 else ifeq ($(ANDROID_APP_ABI),$(filter $(ANDROID_APP_ABI),x86_64)) ANDROID_NDK_TOOLCHAIN ?= x86_64-clang + ANDROID_NDK_COMPILER_PREFIX := x86_64-linux-android ANDROID_ARCH_CPU := x86_64 - ANDROID_CLANG_PREFIX := x86_64 else $(error Unsuported / Unknown APP_API '$(ANDROID_APP_ABI)') endif + SUBDIR_ROOTS := linux mac netbsd posix libhfuzz libhfcommon libhfnetdriver DIRS := . $(shell find $(SUBDIR_ROOTS) -type d) CLEAN_PATTERNS := *.o *~ core *.a *.dSYM *.la *.so *.dylib @@ -300,13 +301,13 @@ android: $(info ***************************************************************) $(info * Use Android NDK 20 or newer *) $(info ***************************************************************) - @ANDROID_API=$(ANDROID_API) ANDROID_CLANG_PREFIX=$(ANDROID_CLANG_PREFIX) third_party/android/scripts/compile-libunwind.sh \ + @ANDROID_API=$(ANDROID_API) ANDROID_NDK_COMPILER_PREFIX=$(ANDROID_NDK_COMPILER_PREFIX) third_party/android/scripts/compile-libunwind.sh \ third_party/android/libunwind $(ANDROID_ARCH_CPU) - @ANDROID_API=$(ANDROID_API) ANDROID_CLANG_PREFIX=$(ANDROID_CLANG_PREFIX) third_party/android/scripts/compile-capstone.sh \ + @ANDROID_API=$(ANDROID_API) ANDROID_NDK_COMPILER_PREFIX=$(ANDROID_NDK_COMPILER_PREFIX) third_party/android/scripts/compile-capstone.sh \ third_party/android/capstone $(ANDROID_ARCH_CPU) - @ANDROID_API=$(ANDROID_API) ANDROID_CLANG_PREFIX=$(ANDROID_CLANG_PREFIX) third_party/android/scripts/compile-libBlocksRuntime.sh \ + @ANDROID_API=$(ANDROID_API) ANDROID_NDK_COMPILER_PREFIX=$(ANDROID_NDK_COMPILER_PREFIX) third_party/android/scripts/compile-libBlocksRuntime.sh \ third_party/android/libBlocksRuntime $(ANDROID_ARCH_CPU) ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./android/Android.mk \ @@ -322,7 +323,7 @@ android-all: @echo "" for abi in armeabi-v7a arm64-v8a x86 x86_64; do \ - ANDROID_APP_ABI=$$abi ANDROID_SKIP_CLEAN=true ANDROID_CLANG_PREFIX=$(ANDROID_CLANG_PREFIX) \ + ANDROID_APP_ABI=$$abi ANDROID_SKIP_CLEAN=true \ ANDROID_API=$(ANDROID_API) ANDROID_DEBUG_ENABLED=$(ANDROID_DEBUG_ENABLED) \ $(MAKE) android || { \ echo "Recursive make failed"; exit 1; }; \ diff --git a/third_party/android/scripts/compile-capstone.sh b/third_party/android/scripts/compile-capstone.sh index 08fa0aa3..4c6debd7 100755 --- a/third_party/android/scripts/compile-capstone.sh +++ b/third_party/android/scripts/compile-capstone.sh @@ -71,26 +71,18 @@ case "$ARCH" in arm) CS_ARCH="arm" CS_BUILD_BIN="make" - TOOLCHAIN=arm-linux-androideabi - TOOLCHAIN_S=arm-linux-androideabi-4.9 ;; arm64) CS_ARCH="arm aarch64" CS_BUILD_BIN="make" - TOOLCHAIN=aarch64-linux-android - TOOLCHAIN_S=aarch64-linux-android-4.9 ;; x86) CS_ARCH="x86" CS_BUILD_BIN="make" - TOOLCHAIN=i686-linux-android - TOOLCHAIN_S=x86-4.9 ;; x86_64) CS_ARCH="x86" CS_BUILD_BIN="make" - TOOLCHAIN=x86_64-linux-android - TOOLCHAIN_S=x86_64-4.9 ;; esac @@ -119,10 +111,8 @@ ANDROID_API_V=$(echo "$ANDROID_API" | grep -oE '[0-9]{1,2}$') HOST_OS=$(uname -s | tr '[:upper:]' '[:lower:]') HOST_ARCH=$(uname -m) -SYSROOT="$NDK/platforms/$ANDROID_API/arch-$ARCH" -export CC=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-android*"$ANDROID_API_V"-clang` -export CXX=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-android*"$ANDROID_API_V"-clang++` -export PATH="$NDK/toolchains/$TOOLCHAIN_S/prebuilt/$HOST_OS-$HOST_ARCH/bin":$PATH +export CC="$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_NDK_COMPILER_PREFIX""$ANDROID_API_V"-clang +export CXX="$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_NDK_COMPILER_PREFIX""$ANDROID_API_V"-clang++ # Build it make clean diff --git a/third_party/android/scripts/compile-libunwind.sh b/third_party/android/scripts/compile-libunwind.sh index 1dc51e23..6f9fe78e 100755 --- a/third_party/android/scripts/compile-libunwind.sh +++ b/third_party/android/scripts/compile-libunwind.sh @@ -84,19 +84,15 @@ ARCH="$2" case "$ARCH" in arm) TOOLCHAIN=arm-linux-androideabi - TOOLCHAIN_S=arm-linux-androideabi-4.9 ;; arm64) TOOLCHAIN=aarch64-linux-android - TOOLCHAIN_S=aarch64-linux-android-4.9 ;; x86) TOOLCHAIN=i686-linux-android - TOOLCHAIN_S=x86-4.9 ;; x86_64) TOOLCHAIN=x86_64-linux-android - TOOLCHAIN_S=x86_64-4.9 ;; esac @@ -123,10 +119,8 @@ HOST_OS=$(uname -s | tr '[:upper:]' '[:lower:]') HOST_ARCH=$(uname -m) -SYSROOT="$NDK/platforms/$ANDROID_API/arch-$ARCH" -export CC=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-android*"$ANDROID_API_V"-clang` -export CXX=`ls "$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_CLANG_PREFIX"-linux-android*"$ANDROID_API_V"-clang++` -export PATH="$NDK/toolchains/$TOOLCHAIN_S/prebuilt/$HOST_OS-$HOST_ARCH/bin":$PATH +export CC="$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_NDK_COMPILER_PREFIX""$ANDROID_API_V"-clang +export CXX="$NDK"/toolchains/llvm/prebuilt/linux-x86_64/bin/"$ANDROID_NDK_COMPILER_PREFIX""$ANDROID_API_V"-clang++ if [ ! -x "$CC" ]; then echo "[-] clang doesn't exist: $CC" -- cgit v1.2.3 From e91323c2a682c3847052c0ff2e324fa75ef2aec8 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 30 Oct 2019 10:00:04 +0100 Subject: android: compile hfnetdriver --- Makefile | 2 +- android/Android.mk | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 471ee2a2..b985f426 100644 --- a/Makefile +++ b/Makefile @@ -313,7 +313,7 @@ android: ndk-build NDK_PROJECT_PATH=. APP_BUILD_SCRIPT=./android/Android.mk \ APP_PLATFORM=$(ANDROID_API) APP_ABI=$(ANDROID_APP_ABI) \ NDK_TOOLCHAIN=$(ANDROID_NDK_TOOLCHAIN) NDK_TOOLCHAIN_VERSION=$(ANDROID_NDK_TOOLCHAIN_VER) \ - $(NDK_BUILD_ARGS) APP_MODULES='honggfuzz hfuzz' + $(NDK_BUILD_ARGS) APP_MODULES='honggfuzz hfuzz hfnetdriver' # Loop all ABIs and pass-through flags since visibility is lost due to sub-process .PHONY: android-all diff --git a/android/Android.mk b/android/Android.mk index f3aa4078..b419c338 100644 --- a/android/Android.mk +++ b/android/Android.mk @@ -161,6 +161,15 @@ LOCAL_CFLAGS := -D_HF_ARCH_${ARCH} $(COMMON_CFLAGS) \ LOCAL_STATIC_LIBRARIES := $(COMMON_STATIC_LIBS) include $(BUILD_STATIC_LIBRARY) +# libhfnetdriver module +include $(CLEAR_VARS) +LOCAL_MODULE := hfnetdriver +LOCAL_SRC_FILES := $(wildcard libhfnetdriver/*.c) +LOCAL_CFLAGS := -D_HF_ARCH_${ARCH} $(COMMON_CFLAGS) \ + -fPIC -fno-builtin +LOCAL_STATIC_LIBRARIES := $(COMMON_STATIC_LIBS) +include $(BUILD_STATIC_LIBRARY) + # Main honggfuzz module include $(CLEAR_VARS) LOCAL_MODULE := honggfuzz -- cgit v1.2.3 From ffcb52f4f85aeebb7ef49cb1bb0872bb4c49ea5a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 30 Oct 2019 23:02:59 +0100 Subject: readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 27db4960..930cda2a 100644 --- a/README.md +++ b/README.md @@ -146,6 +146,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__fuzz-monitor__](https://github.com/acidghost/fuzz-monitor/search?q=honggfuzz&unscoped_q=honggfuzz) * [__libmutator__: a C library intended to generate random test cases by mutating legitimate test cases](https://github.com/denandz/libmutator) * [__StatZone__: a DNS zone file analyzer](https://github.com/fcambus/statzone) + * [__shub-fuzz/honggfuzz__: singularity image for honggfuzz](https://github.com/shub-fuzz/honggfuzz) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From 9c40a320171a4b14e5e697db8fbd23bbb15314a8 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 30 Oct 2019 23:08:38 +0100 Subject: makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b985f426..c014ad25 100644 --- a/Makefile +++ b/Makefile @@ -194,7 +194,7 @@ ifeq ($(DEBUG),true) endif # Control Android builds -ANDROID_API ?= android-26 +ANDROID_API ?= android-26 # Minimal working version is android-23 ANDROID_DEBUG_ENABLED ?= false ANDROID_APP_ABI ?= armeabi-v7a ANDROID_SKIP_CLEAN ?= false -- cgit v1.2.3 From 6e6d35853a6327e98fa236793db0aa59175240cb Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 30 Oct 2019 23:11:51 +0100 Subject: readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 930cda2a..6a355dbe 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [Crash in __djvulibre__](https://github.com/barak/djvulibre/commit/89d71b01d606e57ecec2c2930c145bb20ba5bbe3) * [Multiple crashes in __VLC__](https://www.pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to/) * [Buffer overflow in __ClassiCube__](https://github.com/UnknownShadow200/ClassiCube/issues/591) - * [Crash in __MPV__](https://github.com/mpv-player/mpv/issues/6808) + * [Heap buffer-overflow (or UAF) in __MPV__](https://github.com/mpv-player/mpv/issues/6808) * [Heap buffer-overflow in __picoc__](https://gitlab.com/zsaleeba/picoc/issues/44) * Crashes in __OpenCOBOL__: [#1](https://sourceforge.net/p/open-cobol/bugs/586/), [#2](https://sourceforge.net/p/open-cobol/bugs/587/) * DoS in __ProFTPD__: [#1](https://twitter.com/SecReLabs/status/1186548245553483783), [#2](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18217) -- cgit v1.2.3 From 71be116282533bd1684430017f8ede4b69bb3299 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 30 Oct 2019 23:33:40 +0100 Subject: examples/jpg/png: better width+height limnits --- examples/libjpeg/persistent-jpeg.c | 2 +- examples/libpng/persistent-png.c | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/examples/libjpeg/persistent-jpeg.c b/examples/libjpeg/persistent-jpeg.c index 5e33efac..6301a8b2 100644 --- a/examples/libjpeg/persistent-jpeg.c +++ b/examples/libjpeg/persistent-jpeg.c @@ -48,7 +48,7 @@ int LLVMFuzzerInitialize(int* argc, char*** argv) { jpeg_create_decompress(&cinfo); - /* If there are any arguments provided, limit width*height to this value */ + /* If there are any arguments provided, limit width and height to this value */ if (*argc > 1) { max_hv_size = strtoull((*argv)[1], NULL, 0); } diff --git a/examples/libpng/persistent-png.c b/examples/libpng/persistent-png.c index c93b461f..69971616 100644 --- a/examples/libpng/persistent-png.c +++ b/examples/libpng/persistent-png.c @@ -4,6 +4,7 @@ extern "C" { #include #include +#include #include #include #include @@ -12,8 +13,6 @@ extern "C" { #include #include -#include - #include "png.h" #include "pngpriv.h" #include "pngstruct.h" @@ -41,6 +40,7 @@ typedef struct { size_t total_alloc = 0ULL; int null_fd = -1; +size_t max_hv_size = 1000000000UL; void png_user_read_data(png_structp png_ptr, png_bytep data, png_size_t length) { #if defined(__clang__) @@ -62,6 +62,11 @@ void png_user_read_data(png_structp png_ptr, png_bytep data, png_size_t length) int LLVMFuzzerInitialize(int* argc, char*** argv) { null_fd = open("/dev/null", O_WRONLY); + /* If there are any arguments provided, limit width and height to this value */ + if (*argc > 1) { + max_hv_size = strtoull((*argv)[1], NULL, 0); + } + return 0; } @@ -119,6 +124,12 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { png_timep mod_time; png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, &interlace_method, &compression_method, &filter_method); + + if (width > max_hv_size || height > max_hv_size) { + png_destroy_read_struct(&png_ptr, &info_ptr, NULL); + return 0; + } + ret = png_get_gAMA(png_ptr, info_ptr, &file_gamma); ret = png_get_hIST(png_ptr, info_ptr, &hist); ret = png_get_pHYs(png_ptr, info_ptr, &res_x, &res_y, &unit_type); -- cgit v1.2.3 From c6e7397f8a9f70ee451f232dfadd7d007dfdb8eb Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 1 Nov 2019 19:35:40 +0100 Subject: examples/file --- examples/file/persistent-file.c | 56 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 examples/file/persistent-file.c diff --git a/examples/file/persistent-file.c b/examples/file/persistent-file.c new file mode 100644 index 00000000..37c5102d --- /dev/null +++ b/examples/file/persistent-file.c @@ -0,0 +1,56 @@ +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "magic.h" + +/* + * Compile as: + * honggfuzz/hfuzz_cc/hfuzz-clang -I ./file-5.37/ honggfuzz/examples/file/persistent-file.c -o + * persistent-file ./file-5.37/src/.libs/libmagic.a -lz + */ + +magic_t ms = NULL; +int LLVMFuzzerInitialize(int* argc, char*** argv) { + ms = magic_open(MAGIC_CONTINUE | MAGIC_CHECK); + if (ms == NULL) { + fprintf(stderr, "magic_open() failed\n"); + abort(); + return 1; + } + const char* magic_file = "/usr/share/misc/magic.mgc"; + if (*argc > 1) { + magic_file = (*argv)[1]; + } + if (magic_load(ms, magic_file) == -1) { + fprintf(stderr, "magic_load() failed: %s\n", magic_error(ms)); + magic_close(ms); + abort(); + return 1; + } + return 0; +} + +int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { + const char* type = magic_buffer(ms, buf, len); + if (type == NULL) { + printf("Type: [unknown]: %s\n", magic_error(ms)); + } else { + printf("Type: '%s'\n", type); + } + return 0; +} + +#ifdef __cplusplus +} +#endif -- cgit v1.2.3 From 39c8f9beecd34449ef14ef87a3745aeac5be7ef4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 1 Nov 2019 19:45:27 +0100 Subject: examples/file: +MAGIC_COMPRESS --- examples/file/persistent-file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/file/persistent-file.c b/examples/file/persistent-file.c index 37c5102d..205c9e4f 100644 --- a/examples/file/persistent-file.c +++ b/examples/file/persistent-file.c @@ -22,7 +22,7 @@ extern "C" { magic_t ms = NULL; int LLVMFuzzerInitialize(int* argc, char*** argv) { - ms = magic_open(MAGIC_CONTINUE | MAGIC_CHECK); + ms = magic_open(MAGIC_CONTINUE | MAGIC_CHECK | MAGIC_COMPRESS); if (ms == NULL) { fprintf(stderr, "magic_open() failed\n"); abort(); -- cgit v1.2.3 From 399063fe718983898b9e8530528280a2e1eb3ea3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 1 Nov 2019 19:57:41 +0100 Subject: readme --- examples/file/README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 examples/file/README.md diff --git a/examples/file/README.md b/examples/file/README.md new file mode 100644 index 00000000..4a79457b --- /dev/null +++ b/examples/file/README.md @@ -0,0 +1,19 @@ +1. Compile file/libmagic + +```shell +$ cd file-5.37/ +$ CC="honggfuzz/hfuzz_cc/hfuzz-clang" ./configure --enable-static --disable-shared +$ make -j$(nproc) +``` + +2. Compile/link the persistent-file + +```shell +$ honggfuzz/hfuzz_cc/hfuzz-clang -I ./file-5.37/ honggfuzz/examples/file/persistent-file.c -o persistent-file ./file-5.37/src/.libs/libmagic.a -lz +``` + +3. Fuzz it! + +```shell +$ honggfuzz/honggfuzz --input inputs/ -- ./persistent-file ./file-5.37/magic/magic.mgc +``` -- cgit v1.2.3 From 083ec72f6d6c74bb3aa85dc4e6b8af5e88fa2ed1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 2 Nov 2019 12:50:50 +0100 Subject: android: remove unnecessary operations from *.sh files --- mangle.c | 1 - third_party/android/scripts/compile-libBlocksRuntime.sh | 3 --- third_party/android/scripts/compile-libunwind.sh | 4 ---- 3 files changed, 8 deletions(-) diff --git a/mangle.c b/mangle.c index 9129463d..e3f4e187 100644 --- a/mangle.c +++ b/mangle.c @@ -630,7 +630,6 @@ void mangle_mangleContent(run_t* run) { mangle_Expand, mangle_Shrink, mangle_ASCIIVal, - mangle_Resize, }; if (run->mutationsPerRun == 0U) { diff --git a/third_party/android/scripts/compile-libBlocksRuntime.sh b/third_party/android/scripts/compile-libBlocksRuntime.sh index 95a50488..c8b42d78 100755 --- a/third_party/android/scripts/compile-libBlocksRuntime.sh +++ b/third_party/android/scripts/compile-libBlocksRuntime.sh @@ -93,8 +93,5 @@ fi # Change workdir to simplify args cd $BRT_DIR -cp obj/local/$BRT_ARCH/libblocksruntime.a "$ARCH/" -echo "$ANDROID_API" > "$ARCH/android_api.txt" - # Revert workdir to caller cd - &>/dev/null diff --git a/third_party/android/scripts/compile-libunwind.sh b/third_party/android/scripts/compile-libunwind.sh index 6f9fe78e..8e38c68b 100755 --- a/third_party/android/scripts/compile-libunwind.sh +++ b/third_party/android/scripts/compile-libunwind.sh @@ -158,10 +158,6 @@ if [ $? -ne 0 ]; then abort 1 fi -echo "[*] '$ARCH' libunwind available at '$LIBUNWIND_DIR/$ARCH'" -cp src/.libs/*.a "$ARCH" -echo "$ANDROID_API" > "$ARCH/android_api.txt" - # Naming conventions for arm64 if [[ "$ARCH" == "arm64" ]]; then cd "$ARCH" -- cgit v1.2.3 From 1499722206f3e58aba257fad70a570fd1eb1d819 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Samuel=20Gro=C3=9F?= Date: Mon, 4 Nov 2019 13:26:01 +0100 Subject: Added option to export the feedback struct to disk --- cmdline.c | 5 +++++ fuzz.c | 2 +- honggfuzz.c | 2 +- honggfuzz.h | 1 + libhfcommon/files.c | 15 +++++++++++++-- libhfcommon/files.h | 2 +- 6 files changed, 22 insertions(+), 5 deletions(-) diff --git a/cmdline.c b/cmdline.c index 08c8d10f..d47ee88f 100644 --- a/cmdline.c +++ b/cmdline.c @@ -261,6 +261,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .dynfileqCnt = 0U, .dynfileq_mutex = PTHREAD_RWLOCK_INITIALIZER, .dynfileqCurrent = NULL, + .exportFeedback = false, }, .exe = { @@ -442,6 +443,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "socket_fuzzer", no_argument, NULL, 0x10B }, "Instrument external fuzzer via socket" }, { { "netdriver", no_argument, NULL, 0x10C }, "Use netdriver (libhfnetdriver/). In most cases it will be autodetected through a binary signature" }, { { "only_printable", no_argument, NULL, 0x10D }, "Only generate printable inputs" }, + { { "export_feedback", no_argument, NULL, 0x10E }, "Export the coverage feedback structure as ./hfuzz-feedback" }, #if defined(_HF_ARCH_LINUX) { { "linux_symbols_bl", required_argument, NULL, 0x504 }, "Symbols blacklist filter file (one entry per line)" }, @@ -551,6 +553,9 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { case 0x10D: hfuzz->cfg.only_printable = true; break; + case 0x10E: + hfuzz->io.exportFeedback = true; + break; case 'z': hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_SOFT; break; diff --git a/fuzz.c b/fuzz.c index 253156bc..94e38779 100644 --- a/fuzz.c +++ b/fuzz.c @@ -492,7 +492,7 @@ static void* fuzz_threadNew(void* arg) { /* Do not try to handle input files with socketfuzzer */ if (!hfuzz->socketFuzzer.enabled) { if (!(run.dynamicFile = files_mapSharedMem(hfuzz->mutate.maxFileSz, &run.dynamicFileFd, - "hfuzz-input", /* nocore= */ true))) { + "hfuzz-input", /* nocore= */ true, /* export= */ false))) { LOG_F("Couldn't create an input file of size: %zu", hfuzz->mutate.maxFileSz); } } diff --git a/honggfuzz.c b/honggfuzz.c index feb6523f..1a0a23f6 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -360,7 +360,7 @@ int main(int argc, char** argv) { } if (!(hfuzz.feedback.feedbackMap = files_mapSharedMem( - sizeof(feedback_t), &hfuzz.feedback.bbFd, "hfuzz-feedback", /* nocore= */ true))) { + sizeof(feedback_t), &hfuzz.feedback.bbFd, "hfuzz-feedback", /* nocore= */ true, /* export= */ hfuzz.io.exportFeedback))) { LOG_F("files_mapSharedMem(sz=%zu, dir='%s') failed", sizeof(feedback_t), hfuzz.io.workDir); } diff --git a/honggfuzz.h b/honggfuzz.h index 19104a33..8b24f906 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -202,6 +202,7 @@ typedef struct { pthread_rwlock_t dynfileq_mutex; struct dynfile_t* dynfileqCurrent; TAILQ_HEAD(dyns_t, dynfile_t) dynfileq; + bool exportFeedback; } io; struct { int argc; diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 86681e74..6f03588b 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -311,9 +311,18 @@ int files_getTmpMapFlags(int flag, bool nocore) { return flag; } -void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore) { +void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore, bool export) { *fd = -1; + if (export) { + char path[PATH_MAX]; + snprintf(path, sizeof(path), "./%s", name); + if ((*fd = open(path, O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, 0644)) == -1) { + PLOG_W("open('%s')", path); + return NULL; + } + } + #if defined(_HF_ARCH_LINUX) #if !defined(MFD_CLOEXEC) /* sys/memfd.h is not always present */ @@ -327,7 +336,9 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore) { #endif /* !defined(__NR_memfd_create) */ #if defined(__NR_memfd_create) - *fd = syscall(__NR_memfd_create, name, (uintptr_t)MFD_CLOEXEC); + if (*fd == -1) { + *fd = syscall(__NR_memfd_create, name, (uintptr_t)MFD_CLOEXEC); + } #endif /* defined__NR_memfd_create) */ #endif /* defined(_HF_ARCH_LINUX) */ diff --git a/libhfcommon/files.h b/libhfcommon/files.h index 8d01e9e3..e19c5d2a 100644 --- a/libhfcommon/files.h +++ b/libhfcommon/files.h @@ -60,7 +60,7 @@ extern uint8_t* files_mapFile(const char* fileName, off_t* fileSz, int* fd, bool extern int files_getTmpMapFlags(int flag, bool nocore); -extern void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore); +extern void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore, bool export); extern size_t files_parseSymbolFilter(const char* inFIle, char*** filterList); -- cgit v1.2.3 From 62b4886758602537a2c37990bf57fbbe40f99ef0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 4 Nov 2019 16:02:27 +0100 Subject: make ident --- honggfuzz.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/honggfuzz.c b/honggfuzz.c index 1a0a23f6..812a80f8 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -359,8 +359,8 @@ int main(int argc, char** argv) { LOG_F("Couldn't parse symbols whitelist file ('%s')", hfuzzl.symsWlFile); } - if (!(hfuzz.feedback.feedbackMap = files_mapSharedMem( - sizeof(feedback_t), &hfuzz.feedback.bbFd, "hfuzz-feedback", /* nocore= */ true, /* export= */ hfuzz.io.exportFeedback))) { + if (!(hfuzz.feedback.feedbackMap = files_mapSharedMem(sizeof(feedback_t), &hfuzz.feedback.bbFd, + "hfuzz-feedback", /* nocore= */ true, /* export= */ hfuzz.io.exportFeedback))) { LOG_F("files_mapSharedMem(sz=%zu, dir='%s') failed", sizeof(feedback_t), hfuzz.io.workDir); } -- cgit v1.2.3 From 48316af259df48143dbb5000c7737cf12f1e4299 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 4 Nov 2019 16:48:56 +0100 Subject: version: 2.0rc --- display.c | 2 +- honggfuzz.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/display.c b/display.c index a02e6ee4..cc108e42 100644 --- a/display.c +++ b/display.c @@ -264,7 +264,7 @@ static void display_displayLocked(honggfuzz_t* hfuzz) { } display_put("\n---------------------------------- [ " ESC_BOLD "LOGS" ESC_RESET - " ] ------------------/ " ESC_BOLD "%s %s " ESC_RESET "/-", + " ] ----------------/ " ESC_BOLD "%s %s " ESC_RESET "/-", PROG_NAME, PROG_VERSION); display_put(ESC_SCROLL_REGION(13, ) ESC_NAV_HORIZ(1) ESC_NAV_DOWN(500)); } diff --git a/honggfuzz.h b/honggfuzz.h index 8b24f906..2951a007 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -38,7 +38,7 @@ #include "libhfcommon/util.h" #define PROG_NAME "honggfuzz" -#define PROG_VERSION "1.9" +#define PROG_VERSION "2.0rc" /* Name of the template which will be replaced with the proper name of the file */ #define _HF_FILE_PLACEHOLDER "___FILE___" -- cgit v1.2.3 From 26d0e9b5aa21e3fa5ae639380d502eee81813fb9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 4 Nov 2019 17:17:23 +0100 Subject: qemu- compile both x86 and amd64 archs --- qemu_mode/Makefile | 2 +- third_party/android/scripts/compile-libunwind.sh | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/qemu_mode/Makefile b/qemu_mode/Makefile index b5c1ae9b..f996c180 100644 --- a/qemu_mode/Makefile +++ b/qemu_mode/Makefile @@ -1,7 +1,7 @@ .PHONY: clean qemu_bin -TARGETS ?= x86_64-linux-user +TARGETS ?= i386-linux-user x86_64-linux-user qemu_bin: honggfuzz-qemu/config.status @echo "\nRun \"cd honggfuzz-qemu/ && make\"." diff --git a/third_party/android/scripts/compile-libunwind.sh b/third_party/android/scripts/compile-libunwind.sh index 8e38c68b..517e0689 100755 --- a/third_party/android/scripts/compile-libunwind.sh +++ b/third_party/android/scripts/compile-libunwind.sh @@ -130,9 +130,6 @@ elif [ ! -x "$CXX" ]; then abort 1 fi -export CC -export CXX - if [ ! -f configure ]; then NOCONFIGURE=true ./autogen.sh if [ $? -ne 0 ]; then -- cgit v1.2.3 From 539eb5f0f65d14da148fb93cc0767e68a7bcacde Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 11 Nov 2019 22:36:27 +0100 Subject: Makefile: add static build for oss-fuzz --- Makefile | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index c014ad25..626d5e94 100644 --- a/Makefile +++ b/Makefile @@ -33,6 +33,7 @@ CFLAGS ?= -O3 -mtune=native LDFLAGS ?= LIBS_CFLAGS ?= -fPIC -fno-stack-protector GREP_COLOR ?= +BUILD_OSSFUZZ_STATIC ?= false # for https://github.com/google/oss-fuzz OS ?= $(shell uname -s) MARCH ?= $(shell uname -m) @@ -45,20 +46,27 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes -Wextra -Wno-override-init \ -funroll-loops \ -D_FILE_OFFSET_BITS=64 - ARCH_LDFLAGS := -L/usr/local/include \ - -pthread -lunwind-ptrace -lunwind-generic -lbfd -lopcodes -lrt -ldl -lm ARCH_SRCS := $(sort $(wildcard linux/*.c)) LIBS_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 - - ifeq ("$(wildcard /usr/local/include/intel-pt.h)","/usr/local/include/intel-pt.h") - ARCH_CFLAGS += -D_HF_LINUX_INTEL_PT_LIB - ARCH_CFLAGS += -I/usr/local/include - ARCH_LDFLAGS += -L/usr/local/lib -lipt -Wl,--rpath=/usr/local/lib - endif - ifeq ("$(wildcard /usr/include/intel-pt.h)","/usr/include/intel-pt.h") - ARCH_CFLAGS += -D_HF_LINUX_INTEL_PT_LIB - ARCH_LDFLAGS += -lipt + ifeq ($(BUILD_OSSFUZZ_STATIC),true) + ARCH_LDFLAGS := -L/usr/local/include \ + -pthread -static \ + `pkg-config --libs libunwind-ptrace libunwind-generic` \ + -lopcodes -lbfd -liberty -llzma -lz -lrt -ldl -lm + else + ARCH_LDFLAGS := -L/usr/local/include \ + -pthread -lunwind-ptrace -lunwind-generic -lbfd -lopcodes -lrt -ldl -lm + ifeq ("$(wildcard /usr/local/include/intel-pt.h)","/usr/local/include/intel-pt.h") + ARCH_CFLAGS += -D_HF_LINUX_INTEL_PT_LIB + ARCH_CFLAGS += -I/usr/local/include + ARCH_LDFLAGS += -L/usr/local/lib -lipt -Wl,--rpath=/usr/local/lib + endif + ifeq ("$(wildcard /usr/include/intel-pt.h)","/usr/include/intel-pt.h") + ARCH_CFLAGS += -D_HF_LINUX_INTEL_PT_LIB + ARCH_LDFLAGS += -lipt + endif endif + # OS Linux else ifeq ($(OS),Darwin) ARCH := DARWIN -- cgit v1.2.3 From d530bb1395fe28195f18cc1b4f6ebd8199bef275 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 11 Nov 2019 22:47:49 +0100 Subject: Makefile: add static build for oss-fuzz - make it semi-static --- Makefile | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 626d5e94..4d8e59df 100644 --- a/Makefile +++ b/Makefile @@ -49,10 +49,12 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes ARCH_SRCS := $(sort $(wildcard linux/*.c)) LIBS_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 ifeq ($(BUILD_OSSFUZZ_STATIC),true) - ARCH_LDFLAGS := -L/usr/local/include \ - -pthread -static \ - `pkg-config --libs libunwind-ptrace libunwind-generic` \ - -lopcodes -lbfd -liberty -llzma -lz -lrt -ldl -lm + ARCH_LDFLAGS := -L/usr/local/include -pthread \ + -Wl,-Bstatic \ + `pkg-config --libs --static libunwind-ptrace libunwind-generic` \ + -lopcodes -lbfd -liberty -lz \ + -Wl,-Bdynamic \ + -lrt -ldl -lm else ARCH_LDFLAGS := -L/usr/local/include \ -pthread -lunwind-ptrace -lunwind-generic -lbfd -lopcodes -lrt -ldl -lm -- cgit v1.2.3 From 545a23faa67694c9f8cd4707909f30d0116efc8d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 12 Nov 2019 09:26:49 +0100 Subject: Makefile: add static build for oss-fuzz - make it semi-static + libBlocksRuntime --- Makefile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 4d8e59df..bd146c67 100644 --- a/Makefile +++ b/Makefile @@ -174,7 +174,11 @@ ifeq ($(COMPILER),clang) CFLAGS_BLOCKS = -fblocks ifneq ($(OS),Darwin) - ARCH_LDFLAGS += -lBlocksRuntime + ifeq ($(BUILD_OSSFUZZ_STATIC),true) + ARCH_LDFLAGS += -Wl,-Bstatic -lBlocksRuntime -Wl,-Bdynamic + else + ARCH_LDFLAGS += -lBlocksRuntime + endif endif endif -- cgit v1.2.3 From 61e95c3e39a35221e2790dafab2998182780171c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 12 Nov 2019 09:41:18 +0100 Subject: libhfuzz/instrument: add popcnt to attributes --- libhfuzz/instrument.c | 49 ++++++++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index fa0a39b0..46be8d8f 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -28,9 +28,9 @@ const char* const LIBHFUZZ_module_instrument = "LIBHFUZZ_module_instrument"; * emulation of gcc/clang */ #if defined(__x86_64__) || defined(__i386__) -#define ATTRIBUTE_X86_REQUIRE_SSE42 __attribute__((__target__("sse4.2"))) +#define HF_REQUIRE_SSE42_POPCNT __attribute__((__target__("sse4.2,popcnt"))) #else -#define ATTRIBUTE_X86_REQUIRE_SSE42 +#define HF_REQUIRE_SSE42_POPCNT #endif /* defined(__x86_64__) || defined(__i386__) */ /* @@ -101,7 +101,7 @@ void instrumentClearNewCov() { /* * -finstrument-functions */ -ATTRIBUTE_X86_REQUIRE_SSE42 void __cyg_profile_func_enter(void* func, void* caller) { +HF_REQUIRE_SSE42_POPCNT void __cyg_profile_func_enter(void* func, void* caller) { register size_t pos = (((uintptr_t)func << 12) | ((uintptr_t)caller & 0xFFF)) & _HF_PERF_BITMAP_BITSZ_MASK; register uint8_t prev = ATOMIC_BTS(feedback->bbMapPc, pos); @@ -110,7 +110,7 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __cyg_profile_func_enter(void* func, void* call } } -ATTRIBUTE_X86_REQUIRE_SSE42 void __cyg_profile_func_exit( +HF_REQUIRE_SSE42_POPCNT void __cyg_profile_func_exit( void* func HF_ATTR_UNUSED, void* caller HF_ATTR_UNUSED) { return; } @@ -118,7 +118,7 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __cyg_profile_func_exit( /* * -fsanitize-coverage=trace-pc */ -ATTRIBUTE_X86_REQUIRE_SSE42 static inline void hfuzz_trace_pc_internal(uintptr_t pc) { +HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_pc_internal(uintptr_t pc) { register uintptr_t ret = pc & _HF_PERF_BITMAP_BITSZ_MASK; register uint8_t prev = ATOMIC_BTS(feedback->bbMapPc, ret); if (!prev) { @@ -126,18 +126,18 @@ ATTRIBUTE_X86_REQUIRE_SSE42 static inline void hfuzz_trace_pc_internal(uintptr_t } } -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc(void) { +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc(void) { hfuzz_trace_pc_internal((uintptr_t)__builtin_return_address(0)); } -ATTRIBUTE_X86_REQUIRE_SSE42 void hfuzz_trace_pc(uintptr_t pc) { +HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_pc(uintptr_t pc) { hfuzz_trace_pc_internal(pc); } /* * -fsanitize-coverage=trace-cmp */ -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp1(uint8_t Arg1, uint8_t Arg2) { +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp1(uint8_t Arg1, uint8_t Arg2) { uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); uint8_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); @@ -147,7 +147,7 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp1(uint8_t Arg1, uint8_ } } -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); uint8_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); @@ -157,7 +157,7 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint1 } } -ATTRIBUTE_X86_REQUIRE_SSE42 static inline void hfuzz_trace_cmp4_internal( +HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp4_internal( uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); @@ -168,15 +168,16 @@ ATTRIBUTE_X86_REQUIRE_SSE42 static inline void hfuzz_trace_cmp4_internal( } } -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { hfuzz_trace_cmp4_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } -ATTRIBUTE_X86_REQUIRE_SSE42 void hfuzz_trace_cmp4(uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { +HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_cmp4( + uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { hfuzz_trace_cmp4_internal(pc, Arg1, Arg2); } -ATTRIBUTE_X86_REQUIRE_SSE42 static inline void hfuzz_trace_cmp8_internal( +HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp8_internal( uintptr_t pc, uint64_t Arg1, uint64_t Arg2) { uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcountll(Arg1 ^ Arg2)); @@ -187,11 +188,12 @@ ATTRIBUTE_X86_REQUIRE_SSE42 static inline void hfuzz_trace_cmp8_internal( } } -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { hfuzz_trace_cmp8_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } -ATTRIBUTE_X86_REQUIRE_SSE42 void hfuzz_trace_cmp8(uintptr_t pc, uint64_t Arg1, uint64_t Arg2) { +HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_cmp8( + uintptr_t pc, uint64_t Arg1, uint64_t Arg2) { hfuzz_trace_cmp8_internal(pc, Arg1, Arg2); } @@ -221,7 +223,8 @@ void __sanitizer_cov_trace_const_cmp8(uint64_t Arg1, uint64_t Arg2) * Cases[0] is number of comparison entries * Cases[1] is length of Val in bits */ -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t* Cases) { +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_switch( + uint64_t Val, uint64_t* Cases) { for (uint64_t i = 0; i < Cases[0]; i++) { uintptr_t pos = ((uintptr_t)__builtin_return_address(0) + i) % _HF_PERF_BITMAP_SIZE_16M; uint8_t v = (uint8_t)Cases[1] - __builtin_popcountll(Val ^ Cases[i + 2]); @@ -236,7 +239,7 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_switch(uint64_t Val, uint /* * Old version of __sanitizer_cov_trace_cmp[n]. Remove it at some point */ -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp( +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp( uint64_t SizeAndType, uint64_t Arg1, uint64_t Arg2) { uint64_t CmpSize = (SizeAndType >> 32) / 8; switch (CmpSize) { @@ -259,10 +262,10 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmp( * gcc-8 -fsanitize-coverage=trace-cmp trace hooks * TODO: evaluate, whether it makes sense to implement them */ -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmpf( +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmpf( float Arg1 HF_ATTR_UNUSED, float Arg2 HF_ATTR_UNUSED) { } -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_cmpd( +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmpd( double Arg1 HF_ATTR_UNUSED, double Arg2 HF_ATTR_UNUSED) { } @@ -292,7 +295,7 @@ void __sanitizer_cov_trace_div4(uint32_t Val) { /* * -fsanitize-coverage=indirect-calls */ -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_indir(uintptr_t callee) { +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_indir(uintptr_t callee) { register size_t pos1 = (uintptr_t)__builtin_return_address(0) << 12; register size_t pos2 = callee & 0xFFF; register size_t pos = (pos1 | pos2) & _HF_PERF_BITMAP_BITSZ_MASK; @@ -307,7 +310,7 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_indir(uintptr_t callee * In LLVM-4.0 it's marked (probably mistakenly) as non-weak symbol, so we need to mark it as weak * here */ -__attribute__((weak)) ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_indir_call16( +__attribute__((weak)) HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_indir_call16( void* callee, void* callee_cache16[] HF_ATTR_UNUSED) { register size_t pos1 = (uintptr_t)__builtin_return_address(0) << 12; register size_t pos2 = (uintptr_t)callee & 0xFFF; @@ -323,7 +326,7 @@ __attribute__((weak)) ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_indir_cal * -fsanitize-coverage=trace-pc-guard */ static bool guards_initialized = false; -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard_init( +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init( uint32_t* start, uint32_t* stop) { guards_initialized = true; static uint32_t n = 1U; @@ -352,7 +355,7 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard_init( } } -ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { #if defined(__ANDROID__) // ANDROID: Bionic invokes routines that Honggfuzz wraps, before either // *SAN or Honggfuzz have initialized. Check to see if Honggfuzz -- cgit v1.2.3 From 78a6a5114c63948d115e8f025614f6a8afeba0db Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 12 Nov 2019 09:42:33 +0100 Subject: libhfuzz/instrument: require popcnt for more functions --- libhfuzz/instrument.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 46be8d8f..2ba03b9a 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -272,7 +272,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmpd( /* * -fsanitize-coverage=trace-div */ -void __sanitizer_cov_trace_div8(uint64_t Val) { +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div8(uint64_t Val) { uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; uint8_t v = ((sizeof(Val) * 8) - __builtin_popcountll(Val)); uint8_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); @@ -282,7 +282,7 @@ void __sanitizer_cov_trace_div8(uint64_t Val) { } } -void __sanitizer_cov_trace_div4(uint32_t Val) { +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div4(uint32_t Val) { uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; uint8_t v = ((sizeof(Val) * 8) - __builtin_popcount(Val)); uint8_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); -- cgit v1.2.3 From 017349bbca1d80914d91a4d62e0f5b3db4b1ff24 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 12 Nov 2019 10:39:34 +0100 Subject: Makefile: use pkg-config for ptrace libs --- Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index bd146c67..fa0315ca 100644 --- a/Makefile +++ b/Makefile @@ -56,8 +56,9 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes -Wl,-Bdynamic \ -lrt -ldl -lm else - ARCH_LDFLAGS := -L/usr/local/include \ - -pthread -lunwind-ptrace -lunwind-generic -lbfd -lopcodes -lrt -ldl -lm + ARCH_LDFLAGS := -L/usr/local/include -pthread \ + `pkg-config --libs libunwind-ptrace libunwind-generic` \ + -lbfd -lopcodes -lrt -ldl -lm ifeq ("$(wildcard /usr/local/include/intel-pt.h)","/usr/local/include/intel-pt.h") ARCH_CFLAGS += -D_HF_LINUX_INTEL_PT_LIB ARCH_CFLAGS += -I/usr/local/include -- cgit v1.2.3 From 6c6f7a1467d4c439b33a71725eb5ec2d5392ced6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 12 Nov 2019 10:57:43 +0100 Subject: makefile: install includes as well --- Makefile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index fa0315ca..a7c04870 100644 --- a/Makefile +++ b/Makefile @@ -358,7 +358,8 @@ android-clean-deps: done PREFIX ?= /usr/local -BIN_PATH =$(PREFIX)/bin +BIN_PATH = $(PREFIX)/bin +INC_PATH = $(PREFIX)/include install: all mkdir -p -m 755 $${DESTDIR}$(BIN_PATH) @@ -368,6 +369,9 @@ install: all install -m 755 hfuzz_cc/hfuzz-clang++ $${DESTDIR}$(BIN_PATH) install -m 755 hfuzz_cc/hfuzz-gcc $${DESTDIR}$(BIN_PATH) install -m 755 hfuzz_cc/hfuzz-g++ $${DESTDIR}$(BIN_PATH) + install -m 755 -t $${DESTDIR}$(INC_PATH)/libhfcommon -D includes/libhfcommon/*.h + install -m 755 -t $${DESTDIR}$(INC_PATH)/libhfuzz -D includes/libhfuzz/*.h + install -m 755 -t $${DESTDIR}$(INC_PATH)/libhnetdriver -D includes/libhfnetdriver/*.h # DO NOT DELETE -- cgit v1.2.3 From 204c422fb1cb214e971a85b4d617b242fa71f245 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 12 Nov 2019 12:19:27 +0100 Subject: Makefile: preinitialize ARCH_CFLAGS --- Makefile | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index a7c04870..65d802d4 100644 --- a/Makefile +++ b/Makefile @@ -29,6 +29,7 @@ HFUZZ_CC_SRCS := hfuzz_cc/hfuzz-cc.c COMMON_CFLAGS := -D_GNU_SOURCE -Wall -Werror -Wno-format-truncation -I. COMMON_LDFLAGS := -lm libhfcommon/libhfcommon.a COMMON_SRCS := $(sort $(wildcard *.c)) +ARCH_CFLAGS := -std=c11 -I/usr/local/include CFLAGS ?= -O3 -mtune=native LDFLAGS ?= LIBS_CFLAGS ?= -fPIC -fno-stack-protector @@ -42,8 +43,7 @@ KERNEL ?= $(shell uname -r) ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes WSL (Windows Subsystem for Linux) ARCH := LINUX - ARCH_CFLAGS := -std=c11 -I/usr/local/include \ - -Wextra -Wno-override-init \ + ARCH_CFLAGS += -Wextra -Wno-override-init \ -funroll-loops \ -D_FILE_OFFSET_BITS=64 ARCH_SRCS := $(sort $(wildcard linux/*.c)) @@ -108,7 +108,7 @@ else ifeq ($(OS),Darwin) CC := $(shell xcrun --sdk $(SDK_NAME) --find cc) LD := $(shell xcrun --sdk $(SDK_NAME) --find cc) - ARCH_CFLAGS := -arch x86_64 -std=c99 -isysroot $(SDK) \ + ARCH_CFLAGS += -arch x86_64 -isysroot $(SDK) \ -x objective-c -pedantic -fblocks \ -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized \ -Wreturn-type -Wpointer-arith -Wno-gnu-case-range -Wno-gnu-designator \ @@ -139,7 +139,7 @@ else ifeq ($(OS),NetBSD) ARCH := NETBSD ARCH_SRCS := $(sort $(wildcard netbsd/*.c)) - ARCH_CFLAGS := -std=c11 -I/usr/local/include -I/usr/pkg/include \ + ARCH_CFLAGS += -I/usr/pkg/include \ -Wextra -Wno-override-init \ -funroll-loops -D_KERNTYPES ARCH_LDFLAGS := -L/usr/local/lib -L/usr/pkg/lib \ @@ -151,8 +151,7 @@ else ARCH := POSIX ARCH_SRCS := $(sort $(wildcard posix/*.c)) - ARCH_CFLAGS := -std=c11 -I/usr/local/include \ - -Wextra -Wno-initializer-overrides -Wno-override-init \ + ARCH_CFLAGS += -Wextra -Wno-initializer-overrides -Wno-override-init \ -Wno-unknown-warning-option -Wno-unknown-pragmas \ -funroll-loops ifeq ($(OS),OpenBSD) -- cgit v1.2.3 From 8b4d2233b7e89fad35380a2451f2b7170a8d0c20 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 12 Nov 2019 12:27:11 +0100 Subject: Makefile: simplify darwin build --- Makefile | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 65d802d4..8b6a9d27 100644 --- a/Makefile +++ b/Makefile @@ -108,7 +108,7 @@ else ifeq ($(OS),Darwin) CC := $(shell xcrun --sdk $(SDK_NAME) --find cc) LD := $(shell xcrun --sdk $(SDK_NAME) --find cc) - ARCH_CFLAGS += -arch x86_64 -isysroot $(SDK) \ + ARCH_CFLAGS += -isysroot $(SDK) \ -x objective-c -pedantic -fblocks \ -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized \ -Wreturn-type -Wpointer-arith -Wno-gnu-case-range -Wno-gnu-designator \ @@ -122,11 +122,6 @@ else ifeq ($(OS),Darwin) -framework CommerceKit $(CRASH_REPORT) XCODE_VER := $(shell xcodebuild -version | grep $(GREP_COLOR) "^Xcode" | cut -d " " -f2) - ifeq "8.3" "$(word 1, $(sort 8.3 $(XCODE_VER)))" - ARCH_LDFLAGS += -F/Applications/Xcode.app/Contents/SharedFrameworks \ - -framework CoreSymbolicationDT \ - -Wl,-rpath,/Applications/Xcode.app/Contents/SharedFrameworks - endif MIG_RET := $(shell mig -header mac/mach_exc.h -user mac/mach_excUser.c -sheader mac/mach_excServer.h \ -server mac/mach_excServer.c $(SDK)/usr/include/mach/mach_exc.defs &>/dev/null; echo $$?) -- cgit v1.2.3 From fbe8e2cb65c348cc0d5a34b09b810cb45b104254 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 12 Nov 2019 13:23:34 +0100 Subject: Makefile: always link-in libunwind and libbfd+libopcode statically on Linux --- Makefile | 43 ++++++++++++++++--------------------------- 1 file changed, 16 insertions(+), 27 deletions(-) diff --git a/Makefile b/Makefile index 8b6a9d27..e32d7e7e 100644 --- a/Makefile +++ b/Makefile @@ -26,15 +26,14 @@ LD = $(CC) BIN := honggfuzz HFUZZ_CC_BIN := hfuzz_cc/hfuzz-cc HFUZZ_CC_SRCS := hfuzz_cc/hfuzz-cc.c -COMMON_CFLAGS := -D_GNU_SOURCE -Wall -Werror -Wno-format-truncation -I. -COMMON_LDFLAGS := -lm libhfcommon/libhfcommon.a +COMMON_CFLAGS := -std=c11 -I/usr/local/include -D_GNU_SOURCE -Wall -Werror -Wno-format-truncation -I. +COMMON_LDFLAGS := -pthread libhfcommon/libhfcommon.a -lm COMMON_SRCS := $(sort $(wildcard *.c)) -ARCH_CFLAGS := -std=c11 -I/usr/local/include +ARCH_CFLAGS ?= CFLAGS ?= -O3 -mtune=native LDFLAGS ?= LIBS_CFLAGS ?= -fPIC -fno-stack-protector GREP_COLOR ?= -BUILD_OSSFUZZ_STATIC ?= false # for https://github.com/google/oss-fuzz OS ?= $(shell uname -s) MARCH ?= $(shell uname -m) @@ -48,26 +47,20 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes -D_FILE_OFFSET_BITS=64 ARCH_SRCS := $(sort $(wildcard linux/*.c)) LIBS_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 - ifeq ($(BUILD_OSSFUZZ_STATIC),true) - ARCH_LDFLAGS := -L/usr/local/include -pthread \ + ARCH_LDFLAGS := -L/usr/local/include \ -Wl,-Bstatic \ `pkg-config --libs --static libunwind-ptrace libunwind-generic` \ -lopcodes -lbfd -liberty -lz \ -Wl,-Bdynamic \ -lrt -ldl -lm - else - ARCH_LDFLAGS := -L/usr/local/include -pthread \ - `pkg-config --libs libunwind-ptrace libunwind-generic` \ - -lbfd -lopcodes -lrt -ldl -lm - ifeq ("$(wildcard /usr/local/include/intel-pt.h)","/usr/local/include/intel-pt.h") - ARCH_CFLAGS += -D_HF_LINUX_INTEL_PT_LIB - ARCH_CFLAGS += -I/usr/local/include - ARCH_LDFLAGS += -L/usr/local/lib -lipt -Wl,--rpath=/usr/local/lib - endif - ifeq ("$(wildcard /usr/include/intel-pt.h)","/usr/include/intel-pt.h") - ARCH_CFLAGS += -D_HF_LINUX_INTEL_PT_LIB - ARCH_LDFLAGS += -lipt - endif + ifeq ("$(wildcard /usr/local/include/intel-pt.h)","/usr/local/include/intel-pt.h") + ARCH_CFLAGS += -D_HF_LINUX_INTEL_PT_LIB + ARCH_CFLAGS += -I/usr/local/include + ARCH_LDFLAGS += -L/usr/local/lib -lipt -Wl,--rpath=/usr/local/lib + endif + ifeq ("$(wildcard /usr/include/intel-pt.h)","/usr/include/intel-pt.h") + ARCH_CFLAGS += -D_HF_LINUX_INTEL_PT_LIB + ARCH_LDFLAGS += -lipt endif # OS Linux @@ -138,7 +131,7 @@ else ifeq ($(OS),NetBSD) -Wextra -Wno-override-init \ -funroll-loops -D_KERNTYPES ARCH_LDFLAGS := -L/usr/local/lib -L/usr/pkg/lib \ - -pthread -lcapstone -lrt -lm \ + -lcapstone -lrt -lm \ -Wl,--rpath=/usr/pkg/lib # OS NetBSD @@ -150,9 +143,9 @@ else -Wno-unknown-warning-option -Wno-unknown-pragmas \ -funroll-loops ifeq ($(OS),OpenBSD) - ARCH_LDFLAGS := -L/usr/local/lib -pthread -lm + ARCH_LDFLAGS := -L/usr/local/lib -lm else - ARCH_LDFLAGS := -L/usr/local/lib -pthread -lrt -lm + ARCH_LDFLAGS := -L/usr/local/lib -lrt -lm # OS OpenBSD endif # OS Posix @@ -169,11 +162,7 @@ ifeq ($(COMPILER),clang) CFLAGS_BLOCKS = -fblocks ifneq ($(OS),Darwin) - ifeq ($(BUILD_OSSFUZZ_STATIC),true) - ARCH_LDFLAGS += -Wl,-Bstatic -lBlocksRuntime -Wl,-Bdynamic - else - ARCH_LDFLAGS += -lBlocksRuntime - endif + ARCH_LDFLAGS += -Wl,-Bstatic -lBlocksRuntime -Wl,-Bdynamic endif endif -- cgit v1.2.3 From 4329bfa551b02de7d6fa0033f8c5cbc7b4c46fef Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 12 Nov 2019 13:41:09 +0100 Subject: Makefile: create the mach_exc.h each time on MacOSX --- Makefile | 18 ++++++++++++------ libhfuzz/instrument.c | 12 ++++-------- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index e32d7e7e..d74e203c 100644 --- a/Makefile +++ b/Makefile @@ -116,11 +116,6 @@ else ifeq ($(OS),Darwin) XCODE_VER := $(shell xcodebuild -version | grep $(GREP_COLOR) "^Xcode" | cut -d " " -f2) - MIG_RET := $(shell mig -header mac/mach_exc.h -user mac/mach_excUser.c -sheader mac/mach_excServer.h \ - -server mac/mach_excServer.c $(SDK)/usr/include/mach/mach_exc.defs &>/dev/null; echo $$?) - ifeq ($(MIG_RET),1) - $(error mig failed to generate RPC code) - endif ARCH_SRCS := $(sort $(wildcard mac/*.c)) # OS Darwin else ifeq ($(OS),NetBSD) @@ -258,7 +253,7 @@ all: $(BIN) $(HFUZZ_CC_BIN) $(LHFUZZ_ARCH) $(LCOMMON_ARCH) $(LNETDRIVER_ARCH) %.dylib: %.c $(CC) -fPIC -shared $(CFLAGS) -o $@ $< -$(BIN): $(OBJS) $(LCOMMON_ARCH) +$(BIN): macmigheader $(OBJS) $(LCOMMON_ARCH) $(LD) -o $(BIN) $(OBJS) $(LDFLAGS) $(HFUZZ_CC_BIN): $(LCOMMON_ARCH) $(LHFUZZ_ARCH) $(LNETDRIVER_ARCH) $(HFUZZ_CC_SRCS) @@ -290,6 +285,17 @@ clean: indent: clang-format -style="{BasedOnStyle: Google, IndentWidth: 4, ColumnLimit: 100, AlignAfterOpenBracket: DontAlign, AllowShortFunctionsOnASingleLine: false, AlwaysBreakBeforeMultilineStrings: false}" -i -sort-includes *.c *.h */*.c */*.h +.PHONY: macmigheader +macmigheader: +ifeq ($(OS),Darwin) + MIG_RET := $(shell mig -header mac/mach_exc.h -user mac/mach_excUser.c -sheader mac/mach_excServer.h \ + -server mac/mach_excServer.c $(SDK)/usr/include/mach/mach_exc.defs &>/dev/null; echo $$?) + ifeq ($(MIG_RET),1) + $(error mig failed to generate RPC code) + endif +else +endif + .PHONY: depend depend: all makedepend -Y. -Y* -- *.c */*.c diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 2ba03b9a..2b7f18f7 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -172,8 +172,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t hfuzz_trace_cmp4_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } -HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_cmp4( - uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { +HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_cmp4(uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { hfuzz_trace_cmp4_internal(pc, Arg1, Arg2); } @@ -192,8 +191,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t hfuzz_trace_cmp8_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } -HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_cmp8( - uintptr_t pc, uint64_t Arg1, uint64_t Arg2) { +HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_cmp8(uintptr_t pc, uint64_t Arg1, uint64_t Arg2) { hfuzz_trace_cmp8_internal(pc, Arg1, Arg2); } @@ -223,8 +221,7 @@ void __sanitizer_cov_trace_const_cmp8(uint64_t Arg1, uint64_t Arg2) * Cases[0] is number of comparison entries * Cases[1] is length of Val in bits */ -HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_switch( - uint64_t Val, uint64_t* Cases) { +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t* Cases) { for (uint64_t i = 0; i < Cases[0]; i++) { uintptr_t pos = ((uintptr_t)__builtin_return_address(0) + i) % _HF_PERF_BITMAP_SIZE_16M; uint8_t v = (uint8_t)Cases[1] - __builtin_popcountll(Val ^ Cases[i + 2]); @@ -326,8 +323,7 @@ __attribute__((weak)) HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_indir_call16( * -fsanitize-coverage=trace-pc-guard */ static bool guards_initialized = false; -HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init( - uint32_t* start, uint32_t* stop) { +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start, uint32_t* stop) { guards_initialized = true; static uint32_t n = 1U; -- cgit v1.2.3 From ef1116898186089fae1be188fe1f9a56da98db65 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 12 Nov 2019 13:48:26 +0100 Subject: Makefile: create the mach_exc.h each time on MacOSX #2 --- Makefile | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index d74e203c..ed181fb6 100644 --- a/Makefile +++ b/Makefile @@ -286,14 +286,9 @@ indent: clang-format -style="{BasedOnStyle: Google, IndentWidth: 4, ColumnLimit: 100, AlignAfterOpenBracket: DontAlign, AllowShortFunctionsOnASingleLine: false, AlwaysBreakBeforeMultilineStrings: false}" -i -sort-includes *.c *.h */*.c */*.h .PHONY: macmigheader -macmigheader: ifeq ($(OS),Darwin) - MIG_RET := $(shell mig -header mac/mach_exc.h -user mac/mach_excUser.c -sheader mac/mach_excServer.h \ - -server mac/mach_excServer.c $(SDK)/usr/include/mach/mach_exc.defs &>/dev/null; echo $$?) - ifeq ($(MIG_RET),1) - $(error mig failed to generate RPC code) - endif -else + mig -header mac/mach_exc.h -user mac/mach_excUser.c -sheader mac/mach_excServer.h \ + -server mac/mach_excServer.c $(SDK)/usr/include/mach/mach_exc.defs endif .PHONY: depend -- cgit v1.2.3 From 71987a51259aec845b1a63ea920fc3f71330c475 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 12 Nov 2019 13:52:38 +0100 Subject: Makefile: create the mach_exc.h each time on MacOSX #3 --- Makefile | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index ed181fb6..dce77dc7 100644 --- a/Makefile +++ b/Makefile @@ -247,13 +247,18 @@ all: $(BIN) $(HFUZZ_CC_BIN) $(LHFUZZ_ARCH) $(LCOMMON_ARCH) $(LNETDRIVER_ARCH) %.o: %.c $(CC) -c $(CFLAGS) $(CFLAGS_BLOCKS) -o $@ $< +mac/arch.o: mac/arch.c + mig -header mac/mach_exc.h -user mac/mach_excUser.c -sheader mac/mach_excServer.h \ + -server mac/mach_excServer.c $(SDK)/usr/include/mach/mach_exc.defs + $(CC) -c $(CFLAGS) $(CFLAGS_BLOCKS) -o $@ $< + %.so: %.c $(CC) -fPIC -shared $(CFLAGS) -o $@ $< %.dylib: %.c $(CC) -fPIC -shared $(CFLAGS) -o $@ $< -$(BIN): macmigheader $(OBJS) $(LCOMMON_ARCH) +$(BIN): $(OBJS) $(LCOMMON_ARCH) $(LD) -o $(BIN) $(OBJS) $(LDFLAGS) $(HFUZZ_CC_BIN): $(LCOMMON_ARCH) $(LHFUZZ_ARCH) $(LNETDRIVER_ARCH) $(HFUZZ_CC_SRCS) @@ -285,12 +290,6 @@ clean: indent: clang-format -style="{BasedOnStyle: Google, IndentWidth: 4, ColumnLimit: 100, AlignAfterOpenBracket: DontAlign, AllowShortFunctionsOnASingleLine: false, AlwaysBreakBeforeMultilineStrings: false}" -i -sort-includes *.c *.h */*.c */*.h -.PHONY: macmigheader -ifeq ($(OS),Darwin) - mig -header mac/mach_exc.h -user mac/mach_excUser.c -sheader mac/mach_excServer.h \ - -server mac/mach_excServer.c $(SDK)/usr/include/mach/mach_exc.defs -endif - .PHONY: depend depend: all makedepend -Y. -Y* -- *.c */*.c -- cgit v1.2.3 From 18413c77a879f387fdb7a9135c95064a6a73857e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 12 Nov 2019 14:05:06 +0100 Subject: Makefile: cleanups --- Makefile | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index dce77dc7..dfd4420d 100644 --- a/Makefile +++ b/Makefile @@ -63,7 +63,7 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes ARCH_LDFLAGS += -lipt endif - # OS Linux +# OS Linux else ifeq ($(OS),Darwin) ARCH := DARWIN @@ -117,7 +117,7 @@ else ifeq ($(OS),Darwin) XCODE_VER := $(shell xcodebuild -version | grep $(GREP_COLOR) "^Xcode" | cut -d " " -f2) ARCH_SRCS := $(sort $(wildcard mac/*.c)) - # OS Darwin +# OS Darwin else ifeq ($(OS),NetBSD) ARCH := NETBSD @@ -129,7 +129,7 @@ else ifeq ($(OS),NetBSD) -lcapstone -lrt -lm \ -Wl,--rpath=/usr/pkg/lib - # OS NetBSD +# OS NetBSD else ARCH := POSIX @@ -137,13 +137,11 @@ else ARCH_CFLAGS += -Wextra -Wno-initializer-overrides -Wno-override-init \ -Wno-unknown-warning-option -Wno-unknown-pragmas \ -funroll-loops -ifeq ($(OS),OpenBSD) ARCH_LDFLAGS := -L/usr/local/lib -lm -else - ARCH_LDFLAGS := -L/usr/local/lib -lrt -lm - # OS OpenBSD -endif - # OS Posix + ifneq ($(OS),OpenBSD) + ARCH_LDFLAGS += -lrt + endif +# OS Posix endif CFLAGS_BLOCKS = -- cgit v1.2.3 From a87f2a8b6415dd36089704a10d55308bccc363b9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 12 Nov 2019 16:06:07 +0100 Subject: Makefile/linux: Fedora doesn't seem to provide libunwind static libs correctly --- Makefile | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index dfd4420d..af829826 100644 --- a/Makefile +++ b/Makefile @@ -30,10 +30,12 @@ COMMON_CFLAGS := -std=c11 -I/usr/local/include -D_GNU_SOURCE -Wall -Werror -Wno- COMMON_LDFLAGS := -pthread libhfcommon/libhfcommon.a -lm COMMON_SRCS := $(sort $(wildcard *.c)) ARCH_CFLAGS ?= +ARCH_LDFLAGS ?= CFLAGS ?= -O3 -mtune=native LDFLAGS ?= LIBS_CFLAGS ?= -fPIC -fno-stack-protector GREP_COLOR ?= +BUILD_OSSFUZZ_STATIC ?= false OS ?= $(shell uname -s) MARCH ?= $(shell uname -m) @@ -47,12 +49,18 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes -D_FILE_OFFSET_BITS=64 ARCH_SRCS := $(sort $(wildcard linux/*.c)) LIBS_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 - ARCH_LDFLAGS := -L/usr/local/include \ - -Wl,-Bstatic \ - `pkg-config --libs --static libunwind-ptrace libunwind-generic` \ - -lopcodes -lbfd -liberty -lz \ - -Wl,-Bdynamic \ - -lrt -ldl -lm + ARCH_LDFLAGS += -L/usr/local/include + ifeq ($(BUILD_OSSFUZZ_STATIC),true) + ARCH_LDFLAGS += -Wl,-Bstatic \ + `pkg-config --libs --static libunwind-ptrace libunwind-generic` \ + -lopcodes -lbfd -liberty -lz \ + -Wl,-Bdynamic + else + ARCH_LDFLAGS += `pkg-config --libs libunwind-ptrace libunwind-generic` \ + -lopcodes -lbfd + endif + ARCH_LDFLAGS += -lrt -ldl -lm + ifeq ("$(wildcard /usr/local/include/intel-pt.h)","/usr/local/include/intel-pt.h") ARCH_CFLAGS += -D_HF_LINUX_INTEL_PT_LIB ARCH_CFLAGS += -I/usr/local/include @@ -107,7 +115,7 @@ else ifeq ($(OS),Darwin) -Wreturn-type -Wpointer-arith -Wno-gnu-case-range -Wno-gnu-designator \ -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-attributes \ -Wno-embedded-directive - ARCH_LDFLAGS := -F/System/Library/PrivateFrameworks -framework CoreSymbolication -framework IOKit \ + ARCH_LDFLAGS += -F/System/Library/PrivateFrameworks -framework CoreSymbolication -framework IOKit \ -F$(SDK_V)/System/Library/Frameworks -F$(SDK_V)/System/Library/PrivateFrameworks \ -F$(SDK)/System/Library/Frameworks \ -framework Foundation -framework ApplicationServices -framework Symbolication \ @@ -125,7 +133,7 @@ else ifeq ($(OS),NetBSD) ARCH_CFLAGS += -I/usr/pkg/include \ -Wextra -Wno-override-init \ -funroll-loops -D_KERNTYPES - ARCH_LDFLAGS := -L/usr/local/lib -L/usr/pkg/lib \ + ARCH_LDFLAGS += -L/usr/local/lib -L/usr/pkg/lib \ -lcapstone -lrt -lm \ -Wl,--rpath=/usr/pkg/lib @@ -137,7 +145,7 @@ else ARCH_CFLAGS += -Wextra -Wno-initializer-overrides -Wno-override-init \ -Wno-unknown-warning-option -Wno-unknown-pragmas \ -funroll-loops - ARCH_LDFLAGS := -L/usr/local/lib -lm + ARCH_LDFLAGS += -L/usr/local/lib -lm ifneq ($(OS),OpenBSD) ARCH_LDFLAGS += -lrt endif -- cgit v1.2.3 From eec78de3577e1d085e79666779bc5f3590b91006 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 13 Nov 2019 00:11:43 +0100 Subject: Makefile: set common options earlier --- Makefile | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index af829826..15cb9337 100644 --- a/Makefile +++ b/Makefile @@ -26,12 +26,12 @@ LD = $(CC) BIN := honggfuzz HFUZZ_CC_BIN := hfuzz_cc/hfuzz-cc HFUZZ_CC_SRCS := hfuzz_cc/hfuzz-cc.c -COMMON_CFLAGS := -std=c11 -I/usr/local/include -D_GNU_SOURCE -Wall -Werror -Wno-format-truncation -I. +COMMON_CFLAGS := -std=c11 -I/usr/local/include -D_GNU_SOURCE -Wall -Wextra -Werror -Wno-format-truncation -Wno-override-init -I. COMMON_LDFLAGS := -pthread libhfcommon/libhfcommon.a -lm COMMON_SRCS := $(sort $(wildcard *.c)) ARCH_CFLAGS ?= ARCH_LDFLAGS ?= -CFLAGS ?= -O3 -mtune=native +CFLAGS ?= -O3 -mtune=native -funroll-loops LDFLAGS ?= LIBS_CFLAGS ?= -fPIC -fno-stack-protector GREP_COLOR ?= @@ -44,9 +44,7 @@ KERNEL ?= $(shell uname -r) ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes WSL (Windows Subsystem for Linux) ARCH := LINUX - ARCH_CFLAGS += -Wextra -Wno-override-init \ - -funroll-loops \ - -D_FILE_OFFSET_BITS=64 + ARCH_CFLAGS += -D_FILE_OFFSET_BITS=64 ARCH_SRCS := $(sort $(wildcard linux/*.c)) LIBS_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 ARCH_LDFLAGS += -L/usr/local/include @@ -111,6 +109,7 @@ else ifeq ($(OS),Darwin) LD := $(shell xcrun --sdk $(SDK_NAME) --find cc) ARCH_CFLAGS += -isysroot $(SDK) \ -x objective-c -pedantic -fblocks \ + -Wno-unused-parameter \ -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized \ -Wreturn-type -Wpointer-arith -Wno-gnu-case-range -Wno-gnu-designator \ -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-attributes \ @@ -131,8 +130,7 @@ else ifeq ($(OS),NetBSD) ARCH_SRCS := $(sort $(wildcard netbsd/*.c)) ARCH_CFLAGS += -I/usr/pkg/include \ - -Wextra -Wno-override-init \ - -funroll-loops -D_KERNTYPES + -D_KERNTYPES ARCH_LDFLAGS += -L/usr/local/lib -L/usr/pkg/lib \ -lcapstone -lrt -lm \ -Wl,--rpath=/usr/pkg/lib @@ -142,9 +140,8 @@ else ARCH := POSIX ARCH_SRCS := $(sort $(wildcard posix/*.c)) - ARCH_CFLAGS += -Wextra -Wno-initializer-overrides -Wno-override-init \ - -Wno-unknown-warning-option -Wno-unknown-pragmas \ - -funroll-loops + ARCH_CFLAGS += -Wno-initializer-overrides \ + -Wno-unknown-warning-option -Wno-unknown-pragmas ARCH_LDFLAGS += -L/usr/local/lib -lm ifneq ($(OS),OpenBSD) ARCH_LDFLAGS += -lrt -- cgit v1.2.3 From f01b85aabdeac9a9fde283e9f88ea919f2a00865 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 13 Nov 2019 00:14:00 +0100 Subject: Makefile: ARCH_*FLAGS envs are local --- Makefile | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index 15cb9337..a2047411 100644 --- a/Makefile +++ b/Makefile @@ -29,8 +29,6 @@ HFUZZ_CC_SRCS := hfuzz_cc/hfuzz-cc.c COMMON_CFLAGS := -std=c11 -I/usr/local/include -D_GNU_SOURCE -Wall -Wextra -Werror -Wno-format-truncation -Wno-override-init -I. COMMON_LDFLAGS := -pthread libhfcommon/libhfcommon.a -lm COMMON_SRCS := $(sort $(wildcard *.c)) -ARCH_CFLAGS ?= -ARCH_LDFLAGS ?= CFLAGS ?= -O3 -mtune=native -funroll-loops LDFLAGS ?= LIBS_CFLAGS ?= -fPIC -fno-stack-protector @@ -44,10 +42,10 @@ KERNEL ?= $(shell uname -r) ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes WSL (Windows Subsystem for Linux) ARCH := LINUX - ARCH_CFLAGS += -D_FILE_OFFSET_BITS=64 + ARCH_CFLAGS := -D_FILE_OFFSET_BITS=64 ARCH_SRCS := $(sort $(wildcard linux/*.c)) LIBS_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 - ARCH_LDFLAGS += -L/usr/local/include + ARCH_LDFLAGS := -L/usr/local/include ifeq ($(BUILD_OSSFUZZ_STATIC),true) ARCH_LDFLAGS += -Wl,-Bstatic \ `pkg-config --libs --static libunwind-ptrace libunwind-generic` \ @@ -107,14 +105,14 @@ else ifeq ($(OS),Darwin) CC := $(shell xcrun --sdk $(SDK_NAME) --find cc) LD := $(shell xcrun --sdk $(SDK_NAME) --find cc) - ARCH_CFLAGS += -isysroot $(SDK) \ + ARCH_CFLAGS := -isysroot $(SDK) \ -x objective-c -pedantic -fblocks \ -Wno-unused-parameter \ -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized \ -Wreturn-type -Wpointer-arith -Wno-gnu-case-range -Wno-gnu-designator \ -Wno-deprecated-declarations -Wno-unknown-pragmas -Wno-attributes \ -Wno-embedded-directive - ARCH_LDFLAGS += -F/System/Library/PrivateFrameworks -framework CoreSymbolication -framework IOKit \ + ARCH_LDFLAGS := -F/System/Library/PrivateFrameworks -framework CoreSymbolication -framework IOKit \ -F$(SDK_V)/System/Library/Frameworks -F$(SDK_V)/System/Library/PrivateFrameworks \ -F$(SDK)/System/Library/Frameworks \ -framework Foundation -framework ApplicationServices -framework Symbolication \ @@ -129,9 +127,9 @@ else ifeq ($(OS),NetBSD) ARCH := NETBSD ARCH_SRCS := $(sort $(wildcard netbsd/*.c)) - ARCH_CFLAGS += -I/usr/pkg/include \ + ARCH_CFLAGS := -I/usr/pkg/include \ -D_KERNTYPES - ARCH_LDFLAGS += -L/usr/local/lib -L/usr/pkg/lib \ + ARCH_LDFLAGS := -L/usr/local/lib -L/usr/pkg/lib \ -lcapstone -lrt -lm \ -Wl,--rpath=/usr/pkg/lib @@ -140,9 +138,9 @@ else ARCH := POSIX ARCH_SRCS := $(sort $(wildcard posix/*.c)) - ARCH_CFLAGS += -Wno-initializer-overrides \ + ARCH_CFLAGS := -Wno-initializer-overrides \ -Wno-unknown-warning-option -Wno-unknown-pragmas - ARCH_LDFLAGS += -L/usr/local/lib -lm + ARCH_LDFLAGS := -L/usr/local/lib -lm ifneq ($(OS),OpenBSD) ARCH_LDFLAGS += -lrt endif -- cgit v1.2.3 From 8014c7d6756e20d0ee9a8b0604c7d7c9266ca1c6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 13 Nov 2019 07:23:33 +0100 Subject: Makefile: don't require pkg-config for Linux --- Makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index a2047411..424ce57e 100644 --- a/Makefile +++ b/Makefile @@ -31,7 +31,7 @@ COMMON_LDFLAGS := -pthread libhfcommon/libhfcommon.a -lm COMMON_SRCS := $(sort $(wildcard *.c)) CFLAGS ?= -O3 -mtune=native -funroll-loops LDFLAGS ?= -LIBS_CFLAGS ?= -fPIC -fno-stack-protector +LIBS_CFLAGS ?= -fPIC -fno-stack-protector -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 # fortify-source intercepts some functions, so we disable it for libraries GREP_COLOR ?= BUILD_OSSFUZZ_STATIC ?= false @@ -44,7 +44,6 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes ARCH_CFLAGS := -D_FILE_OFFSET_BITS=64 ARCH_SRCS := $(sort $(wildcard linux/*.c)) - LIBS_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 ARCH_LDFLAGS := -L/usr/local/include ifeq ($(BUILD_OSSFUZZ_STATIC),true) ARCH_LDFLAGS += -Wl,-Bstatic \ @@ -52,7 +51,7 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes -lopcodes -lbfd -liberty -lz \ -Wl,-Bdynamic else - ARCH_LDFLAGS += `pkg-config --libs libunwind-ptrace libunwind-generic` \ + ARCH_LDFLAGS += -lunwind-ptrace -lunwind-generic -lunwind \ -lopcodes -lbfd endif ARCH_LDFLAGS += -lrt -ldl -lm -- cgit v1.2.3 From cd2bd5558b91a9998f24b00aa681d12a7db20f0d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 13 Nov 2019 07:27:27 +0100 Subject: Makefile/mac: sort vars --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 424ce57e..ce6e7330 100644 --- a/Makefile +++ b/Makefile @@ -70,6 +70,8 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes else ifeq ($(OS),Darwin) ARCH := DARWIN + ARCH_SRCS := $(sort $(wildcard mac/*.c)) + # MacOS-X grep seem to use colors unconditionally GREP_COLOR = --color=never @@ -119,8 +121,6 @@ else ifeq ($(OS),Darwin) -framework CommerceKit $(CRASH_REPORT) XCODE_VER := $(shell xcodebuild -version | grep $(GREP_COLOR) "^Xcode" | cut -d " " -f2) - - ARCH_SRCS := $(sort $(wildcard mac/*.c)) # OS Darwin else ifeq ($(OS),NetBSD) ARCH := NETBSD -- cgit v1.2.3 From 9e312d1a98c1a4479f3f8d3aea46f14e712c7a3f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 13 Nov 2019 07:28:09 +0100 Subject: Makefile: comment --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index ce6e7330..17f17324 100644 --- a/Makefile +++ b/Makefile @@ -33,7 +33,7 @@ CFLAGS ?= -O3 -mtune=native -funroll-loops LDFLAGS ?= LIBS_CFLAGS ?= -fPIC -fno-stack-protector -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 # fortify-source intercepts some functions, so we disable it for libraries GREP_COLOR ?= -BUILD_OSSFUZZ_STATIC ?= false +BUILD_OSSFUZZ_STATIC ?= false # for https://github.com/google/oss-fuzz OS ?= $(shell uname -s) MARCH ?= $(shell uname -m) -- cgit v1.2.3 From d1ae147b03299671f3a44c7d8518ffe6d192d0cf Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 13 Nov 2019 09:26:48 +0100 Subject: Makefile: simplify debugging --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 17f17324..0e8727f0 100644 --- a/Makefile +++ b/Makefile @@ -181,9 +181,9 @@ LNETDRIVER_ARCH := libhfnetdriver/libhfnetdriver.a CFLAGS += $(COMMON_CFLAGS) $(ARCH_CFLAGS) -D_HF_ARCH_${ARCH} LDFLAGS += $(COMMON_LDFLAGS) $(ARCH_LDFLAGS) -ifeq ($(DEBUG),true) - CFLAGS += -g -ggdb - LDFLAGS += -g -ggdb +ifdef DEBUG + CFLAGS += -g -ggdb -g3 + LDFLAGS += -g -ggdb -g3 endif # Control Android builds -- cgit v1.2.3 From 701235db1094933b5d7bfba535428b4374bcfda0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 13 Nov 2019 09:31:12 +0100 Subject: Makefile: typo --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0e8727f0..d9642988 100644 --- a/Makefile +++ b/Makefile @@ -146,7 +146,7 @@ else # OS Posix endif -CFLAGS_BLOCKS = +CFLAGS_BLOCKS := COMPILER = $(shell $(CC) -v 2>&1 | \ grep $(GREP_COLOR) -oE '((gcc|clang) version|LLVM version.*clang)' | \ grep $(GREP_COLOR) -oE '(clang|gcc)' | head -n1) -- cgit v1.2.3 From 6d85e0cd2cdb45987cdf8de264f8ef90b841e2be Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 14 Nov 2019 00:29:43 +0100 Subject: examples/jpeg: add test for libjpegturbo --- examples/libjpeg/persistent-jpeg.c | 2 +- examples/libjpeg/persistent-jpegturbo.c | 38 +++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 examples/libjpeg/persistent-jpegturbo.c diff --git a/examples/libjpeg/persistent-jpeg.c b/examples/libjpeg/persistent-jpeg.c index 6301a8b2..e40d1093 100644 --- a/examples/libjpeg/persistent-jpeg.c +++ b/examples/libjpeg/persistent-jpeg.c @@ -63,7 +63,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { jpeg_mem_src(&cinfo, buf, len); jpeg_read_header(&cinfo, TRUE); - /* Make sure the picture's resultion is reasonable */ + /* Make sure the picture's resultion is reasonable */ if ((uint64_t)cinfo.output_height > max_hv_size) { goto out; } diff --git a/examples/libjpeg/persistent-jpegturbo.c b/examples/libjpeg/persistent-jpegturbo.c new file mode 100644 index 00000000..232ed73d --- /dev/null +++ b/examples/libjpeg/persistent-jpegturbo.c @@ -0,0 +1,38 @@ +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include +#include +#include +#include +#include + +#include + +#include "turbojpeg.h" + +int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { + tjhandle tjh = tjInitDecompress(); + + int width, height, jpegSubsamp, jpegColorspace; + if (tjDecompressHeader3(tjh, buf, len, &width, &height, &jpegSubsamp, &jpegColorspace) < 0) { + tjDestroy(tjh); + return 0; + } + unsigned char* dstBuf = tjAlloc(tjBufSizeYUV2(width, 4, height, jpegSubsamp)); + if (!dstBuf) { + tjDestroy(tjh); + return 0; + } + tjDecompressToYUV2(tjh, buf, len, dstBuf, width, 4, height, 0); + tjFree(dstBuf); + tjDestroy(tjh); + + return 0; +} + +#ifdef __cplusplus +} +#endif -- cgit v1.2.3 From 358dd7c54c923281b3e5357bd1aea5f247bb688d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 14 Nov 2019 10:43:03 +0100 Subject: examples/jpeg: decode both to yuv and to rgb --- examples/libjpeg/persistent-jpegturbo.c | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/examples/libjpeg/persistent-jpegturbo.c b/examples/libjpeg/persistent-jpegturbo.c index 232ed73d..cb23fb3d 100644 --- a/examples/libjpeg/persistent-jpegturbo.c +++ b/examples/libjpeg/persistent-jpegturbo.c @@ -13,6 +13,28 @@ extern "C" { #include "turbojpeg.h" +void decompressToYUV( + tjhandle tjh, unsigned char* buf, size_t len, int width, int height, int jpegSubsamp) { + unsigned char* dstBuf = tjAlloc(tjBufSizeYUV2(width, 4, height, jpegSubsamp)); + if (!dstBuf) { + return; + } + tjDecompressToYUV2(tjh, buf, len, dstBuf, width, 4, height, 0); + tjFree(dstBuf); +} + +void decompressToRGB( + tjhandle tjh, unsigned char* buf, size_t len, int width, int height, int jpegSubsamp) { + int pitch = width * tjPixelSize[TJPF_RGB]; + + unsigned char* dstBuf = tjAlloc(pitch * height + 1); + if (!dstBuf) { + return; + } + tjDecompress2(tjh, buf, len, dstBuf, width, pitch, height, TJPF_RGB, 0); + tjFree(dstBuf); +} + int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { tjhandle tjh = tjInitDecompress(); @@ -21,13 +43,10 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { tjDestroy(tjh); return 0; } - unsigned char* dstBuf = tjAlloc(tjBufSizeYUV2(width, 4, height, jpegSubsamp)); - if (!dstBuf) { - tjDestroy(tjh); - return 0; - } - tjDecompressToYUV2(tjh, buf, len, dstBuf, width, 4, height, 0); - tjFree(dstBuf); + + decompressToYUV(tjh, (unsigned char*)buf, len, width, height, jpegSubsamp); + decompressToRGB(tjh, (unsigned char*)buf, len, width, height, jpegSubsamp); + tjDestroy(tjh); return 0; -- cgit v1.2.3 From 7b458230f56cd7a15fe480414ea4da20c4dccae2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 14 Nov 2019 10:51:26 +0100 Subject: examples/jpeg: use flags --- examples/libjpeg/persistent-jpegturbo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/libjpeg/persistent-jpegturbo.c b/examples/libjpeg/persistent-jpegturbo.c index cb23fb3d..c0b01a14 100644 --- a/examples/libjpeg/persistent-jpegturbo.c +++ b/examples/libjpeg/persistent-jpegturbo.c @@ -19,7 +19,7 @@ void decompressToYUV( if (!dstBuf) { return; } - tjDecompressToYUV2(tjh, buf, len, dstBuf, width, 4, height, 0); + tjDecompressToYUV2(tjh, buf, len, dstBuf, width, 4, height, TJFLAG_NOREALLOC); tjFree(dstBuf); } @@ -31,7 +31,7 @@ void decompressToRGB( if (!dstBuf) { return; } - tjDecompress2(tjh, buf, len, dstBuf, width, pitch, height, TJPF_RGB, 0); + tjDecompress2(tjh, buf, len, dstBuf, width, pitch, height, TJPF_RGB, TJFLAG_NOREALLOC); tjFree(dstBuf); } -- cgit v1.2.3 From e01efede0a1cfeb257c96f86ca6889dbac689365 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 14 Nov 2019 19:14:08 +0100 Subject: examples/jpeg: no need for flags --- examples/libjpeg/persistent-jpegturbo.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/libjpeg/persistent-jpegturbo.c b/examples/libjpeg/persistent-jpegturbo.c index c0b01a14..fe5d0b1b 100644 --- a/examples/libjpeg/persistent-jpegturbo.c +++ b/examples/libjpeg/persistent-jpegturbo.c @@ -19,7 +19,7 @@ void decompressToYUV( if (!dstBuf) { return; } - tjDecompressToYUV2(tjh, buf, len, dstBuf, width, 4, height, TJFLAG_NOREALLOC); + tjDecompressToYUV2(tjh, buf, len, dstBuf, width, 4, height, 0); tjFree(dstBuf); } @@ -27,11 +27,11 @@ void decompressToRGB( tjhandle tjh, unsigned char* buf, size_t len, int width, int height, int jpegSubsamp) { int pitch = width * tjPixelSize[TJPF_RGB]; - unsigned char* dstBuf = tjAlloc(pitch * height + 1); + unsigned char* dstBuf = tjAlloc(pitch * height); if (!dstBuf) { return; } - tjDecompress2(tjh, buf, len, dstBuf, width, pitch, height, TJPF_RGB, TJFLAG_NOREALLOC); + tjDecompress2(tjh, buf, len, dstBuf, width, pitch, height, TJPF_RGB, 0); tjFree(dstBuf); } @@ -44,8 +44,8 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { return 0; } - decompressToYUV(tjh, (unsigned char*)buf, len, width, height, jpegSubsamp); decompressToRGB(tjh, (unsigned char*)buf, len, width, height, jpegSubsamp); + decompressToYUV(tjh, (unsigned char*)buf, len, width, height, jpegSubsamp); tjDestroy(tjh); -- cgit v1.2.3 From 363209e02f6535ddbdcbc920597b2129b5198376 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 14 Nov 2019 19:25:00 +0100 Subject: examples/jpeg: no need to define pitch --- examples/libjpeg/persistent-jpegturbo.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/examples/libjpeg/persistent-jpegturbo.c b/examples/libjpeg/persistent-jpegturbo.c index fe5d0b1b..b7e0b50b 100644 --- a/examples/libjpeg/persistent-jpegturbo.c +++ b/examples/libjpeg/persistent-jpegturbo.c @@ -25,13 +25,12 @@ void decompressToYUV( void decompressToRGB( tjhandle tjh, unsigned char* buf, size_t len, int width, int height, int jpegSubsamp) { - int pitch = width * tjPixelSize[TJPF_RGB]; - - unsigned char* dstBuf = tjAlloc(pitch * height); + int dstBufSz = width * tjPixelSize[TJPF_RGB] * height; + unsigned char* dstBuf = tjAlloc(dstBufSz); if (!dstBuf) { return; } - tjDecompress2(tjh, buf, len, dstBuf, width, pitch, height, TJPF_RGB, 0); + tjDecompress2(tjh, buf, len, dstBuf, width, 0, height, TJPF_RGB, 0); tjFree(dstBuf); } -- cgit v1.2.3 From d292115711af834e20af3af4db446919dc52e32f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 15 Nov 2019 21:06:00 +0100 Subject: examples/jpeg: indent --- examples/libjpeg/persistent-jpegturbo.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/examples/libjpeg/persistent-jpegturbo.c b/examples/libjpeg/persistent-jpegturbo.c index b7e0b50b..ac2089a8 100644 --- a/examples/libjpeg/persistent-jpegturbo.c +++ b/examples/libjpeg/persistent-jpegturbo.c @@ -43,8 +43,10 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { return 0; } - decompressToRGB(tjh, (unsigned char*)buf, len, width, height, jpegSubsamp); - decompressToYUV(tjh, (unsigned char*)buf, len, width, height, jpegSubsamp); + if (((uint64_t)width * (uint64_t)height) <= (1024ULL * 1024ULL)) { + decompressToRGB(tjh, (unsigned char*)buf, len, width, height, jpegSubsamp); + decompressToYUV(tjh, (unsigned char*)buf, len, width, height, jpegSubsamp); + } tjDestroy(tjh); -- cgit v1.2.3 From 16e004ccbe00f1d99f0eaa17e93db558869a6e11 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 18 Nov 2019 14:30:56 +0100 Subject: examples/libjpeg: use malloc/free --- examples/libjpeg/persistent-jpegturbo.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/examples/libjpeg/persistent-jpegturbo.c b/examples/libjpeg/persistent-jpegturbo.c index ac2089a8..f241c530 100644 --- a/examples/libjpeg/persistent-jpegturbo.c +++ b/examples/libjpeg/persistent-jpegturbo.c @@ -15,23 +15,23 @@ extern "C" { void decompressToYUV( tjhandle tjh, unsigned char* buf, size_t len, int width, int height, int jpegSubsamp) { - unsigned char* dstBuf = tjAlloc(tjBufSizeYUV2(width, 4, height, jpegSubsamp)); + unsigned char* dstBuf = malloc(tjBufSizeYUV2(width, 4, height, jpegSubsamp)); if (!dstBuf) { return; } tjDecompressToYUV2(tjh, buf, len, dstBuf, width, 4, height, 0); - tjFree(dstBuf); + free(dstBuf); } void decompressToRGB( tjhandle tjh, unsigned char* buf, size_t len, int width, int height, int jpegSubsamp) { - int dstBufSz = width * tjPixelSize[TJPF_RGB] * height; - unsigned char* dstBuf = tjAlloc(dstBufSz); + size_t dstBufSz = (size_t)width * tjPixelSize[TJPF_RGB] * height; + unsigned char* dstBuf = malloc(dstBufSz); if (!dstBuf) { return; } tjDecompress2(tjh, buf, len, dstBuf, width, 0, height, TJPF_RGB, 0); - tjFree(dstBuf); + free(dstBuf); } int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { -- cgit v1.2.3 From 40ed748957308b225d89656357266d7167a76846 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 19 Nov 2019 16:15:33 +0100 Subject: Readme: +samba --- README.md | 2 +- examples/libjpeg/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index cf12ff82..3ddee6cd 100644 --- a/README.md +++ b/README.md @@ -85,7 +85,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * Stack corruption issues in the Windows OpenType parser: [#1](https://github.com/xinali/AfdkoFuzz/blob/4eadcb19eacb2fb73e4b0f0b34f382a9331bb3b4/CrashesAnalysis/CrashesAnalysis_3/README.md), [#2](https://github.com/xinali/AfdkoFuzz/blob/master/CVE-2019-1117/README.md), [#3](https://github.com/xinali/AfdkoFuzz/tree/f6d6562dd19403cc5a1f8cef603ee69425b68b20/CVE-2019-1118) * [Infinite loop in __NGINX Unit__](https://github.com/nginx/unit/commit/477e8177b70acb694759e62d830b8a311a736324) * A couple of problems in the [__MATLAB MAT File I/O Library__](https://sourceforge.net/projects/matio): [#1](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#2](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#3](https://github.com/tbeu/matio/commit/a55b9c2c01582b712d5a643699a13b5c41687db1), [#4](https://github.com/tbeu/matio/commit/3e6283f37652e29e457ab9467f7738a562594b6b), [#5](https://github.com/tbeu/matio/commit/783ee496a6914df68e77e6019054ad91e8ed6420) - * [Samba's tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206) + * __Samba__ [tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206), [#2](https://github.com/samba-team/samba/commit/183da1f9fda6f58cdff5cefad133a86462d5942a) * [Crash in __djvulibre__](https://github.com/barak/djvulibre/commit/89d71b01d606e57ecec2c2930c145bb20ba5bbe3) * [Multiple crashes in __VLC__](https://www.pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to/) * [Buffer overflow in __ClassiCube__](https://github.com/UnknownShadow200/ClassiCube/issues/591) diff --git a/examples/libjpeg/README.md b/examples/libjpeg/README.md index 29246129..10dc2918 100644 --- a/examples/libjpeg/README.md +++ b/examples/libjpeg/README.md @@ -24,7 +24,7 @@ make -j$(nproc) $ /hfuzz_cc/hfuzz-clang -I ./jpeg-9c/ /examples/libjpeg/persistent-jpeg.c -o persistent.jpeg9.address jpeg-9c/.libs/libjpeg.a -fsanitize=address ``` -or +or ```shell $ /hfuzz_cc/hfuzz-clang -I ./libjpeg-turbo-2.0.3/ -I ./libjpeg-turbo-2.0.3/out/ /examples/libjpeg/persistent-jpeg.c -o persistent.jpeg-turbo.address libjpeg-turbo-2.0.3/out/libjpeg.a -fsanitize=address -- cgit v1.2.3 From c7cb5c52180bcd15917914ce97aaee68af5ff0ed Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 20 Nov 2019 14:36:49 +0100 Subject: readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ddee6cd..844664b8 100644 --- a/README.md +++ b/README.md @@ -85,7 +85,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * Stack corruption issues in the Windows OpenType parser: [#1](https://github.com/xinali/AfdkoFuzz/blob/4eadcb19eacb2fb73e4b0f0b34f382a9331bb3b4/CrashesAnalysis/CrashesAnalysis_3/README.md), [#2](https://github.com/xinali/AfdkoFuzz/blob/master/CVE-2019-1117/README.md), [#3](https://github.com/xinali/AfdkoFuzz/tree/f6d6562dd19403cc5a1f8cef603ee69425b68b20/CVE-2019-1118) * [Infinite loop in __NGINX Unit__](https://github.com/nginx/unit/commit/477e8177b70acb694759e62d830b8a311a736324) * A couple of problems in the [__MATLAB MAT File I/O Library__](https://sourceforge.net/projects/matio): [#1](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#2](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#3](https://github.com/tbeu/matio/commit/a55b9c2c01582b712d5a643699a13b5c41687db1), [#4](https://github.com/tbeu/matio/commit/3e6283f37652e29e457ab9467f7738a562594b6b), [#5](https://github.com/tbeu/matio/commit/783ee496a6914df68e77e6019054ad91e8ed6420) - * __Samba__ [tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206), [#2](https://github.com/samba-team/samba/commit/183da1f9fda6f58cdff5cefad133a86462d5942a) + * __Samba__ [tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206), [#2](https://github.com/samba-team/samba/commit/183da1f9fda6f58cdff5cefad133a86462d5942a), [#3](https://github.com/samba-team/samba/commit/33e9021cbee4c17ee2f11d02b99902a742d77293), [#4](https://github.com/samba-team/samba/commit/ac1be895d2501dc79dcff2c1e03549fe5b5a930c), [#5](https://github.com/samba-team/samba/commit/b1eda993b658590ebb0a8225e448ce399946ed83) * [Crash in __djvulibre__](https://github.com/barak/djvulibre/commit/89d71b01d606e57ecec2c2930c145bb20ba5bbe3) * [Multiple crashes in __VLC__](https://www.pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to/) * [Buffer overflow in __ClassiCube__](https://github.com/UnknownShadow200/ClassiCube/issues/591) -- cgit v1.2.3 From aec06497a7be2c1284ddaf82748beab4ec2ac011 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 20 Nov 2019 16:20:13 +0100 Subject: Readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 844664b8..cdded71d 100644 --- a/README.md +++ b/README.md @@ -85,7 +85,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * Stack corruption issues in the Windows OpenType parser: [#1](https://github.com/xinali/AfdkoFuzz/blob/4eadcb19eacb2fb73e4b0f0b34f382a9331bb3b4/CrashesAnalysis/CrashesAnalysis_3/README.md), [#2](https://github.com/xinali/AfdkoFuzz/blob/master/CVE-2019-1117/README.md), [#3](https://github.com/xinali/AfdkoFuzz/tree/f6d6562dd19403cc5a1f8cef603ee69425b68b20/CVE-2019-1118) * [Infinite loop in __NGINX Unit__](https://github.com/nginx/unit/commit/477e8177b70acb694759e62d830b8a311a736324) * A couple of problems in the [__MATLAB MAT File I/O Library__](https://sourceforge.net/projects/matio): [#1](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#2](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#3](https://github.com/tbeu/matio/commit/a55b9c2c01582b712d5a643699a13b5c41687db1), [#4](https://github.com/tbeu/matio/commit/3e6283f37652e29e457ab9467f7738a562594b6b), [#5](https://github.com/tbeu/matio/commit/783ee496a6914df68e77e6019054ad91e8ed6420) - * __Samba__ [tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206), [#2](https://github.com/samba-team/samba/commit/183da1f9fda6f58cdff5cefad133a86462d5942a), [#3](https://github.com/samba-team/samba/commit/33e9021cbee4c17ee2f11d02b99902a742d77293), [#4](https://github.com/samba-team/samba/commit/ac1be895d2501dc79dcff2c1e03549fe5b5a930c), [#5](https://github.com/samba-team/samba/commit/b1eda993b658590ebb0a8225e448ce399946ed83) + * __Samba__ [tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206), [#2](https://github.com/samba-team/samba/commit/183da1f9fda6f58cdff5cefad133a86462d5942a), [#3](https://github.com/samba-team/samba/commit/33e9021cbee4c17ee2f11d02b99902a742d77293), [#4](https://github.com/samba-team/samba/commit/ac1be895d2501dc79dcff2c1e03549fe5b5a930c), [#5](https://github.com/samba-team/samba/commit/b1eda993b658590ebb0a8225e448ce399946ed83), [#6](https://github.com/samba-team/samba/commit/f7f92803f600f8d302cdbb668c42ca8b186a797f) * [Crash in __djvulibre__](https://github.com/barak/djvulibre/commit/89d71b01d606e57ecec2c2930c145bb20ba5bbe3) * [Multiple crashes in __VLC__](https://www.pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to/) * [Buffer overflow in __ClassiCube__](https://github.com/UnknownShadow200/ClassiCube/issues/591) -- cgit v1.2.3 From c27c95614c5a6fa475a161bc0b58fbfafd5e49c9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 21 Nov 2019 23:02:39 +0100 Subject: libhfcommon/linux: allow to specify mount options for tmpfs --- libhfcommon/ns.c | 4 ++-- libhfcommon/ns.h | 2 +- libhfnetdriver/netdriver.c | 4 ++-- libhfuzz/libhfuzz.h | 5 +++-- libhfuzz/linux.c | 4 ++-- 5 files changed, 10 insertions(+), 9 deletions(-) diff --git a/libhfcommon/ns.c b/libhfcommon/ns.c index a56baa4c..4c11b6a1 100644 --- a/libhfcommon/ns.c +++ b/libhfcommon/ns.c @@ -121,8 +121,8 @@ bool nsIfaceUp(const char* ifacename) { return true; } -bool nsMountTmpfs(const char* dst) { - if (mount(NULL, dst, "tmpfs", 0, NULL) == -1) { +bool nsMountTmpfs(const char* dst, const char* opts) { + if (mount(NULL, dst, "tmpfs", 0, opts) == -1) { PLOG_E("mount(dst='%s', tmpfs)", dst); return false; } diff --git a/libhfcommon/ns.h b/libhfcommon/ns.h index 882f7547..6e78895f 100644 --- a/libhfcommon/ns.h +++ b/libhfcommon/ns.h @@ -31,7 +31,7 @@ bool nsEnter(uintptr_t cloneFlags); bool nsIfaceUp(const char* ifacename); -bool nsMountTmpfs(const char* dst); +bool nsMountTmpfs(const char* dst, const char* opts); #endif /* defined(_HF_ARCH_LINUX) */ diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 0dbde609..59bcca55 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -86,10 +86,10 @@ static void netDriver_initNsIfNeeded(void) { if (mkdir(HFND_TMP_DIR, 0755) == -1 && errno != EEXIST) { PLOG_F("mkdir('%s', 0755)", HFND_TMP_DIR); } - if (!nsMountTmpfs(HFND_TMP_DIR_OLD)) { + if (!nsMountTmpfs(HFND_TMP_DIR_OLD, NULL)) { LOG_F("nsMountTmpfs('%s') failed", HFND_TMP_DIR_OLD); } - if (!nsMountTmpfs(HFND_TMP_DIR)) { + if (!nsMountTmpfs(HFND_TMP_DIR, NULL)) { LOG_F("nsMountTmpfs('%s') failed", HFND_TMP_DIR); } return; diff --git a/libhfuzz/libhfuzz.h b/libhfuzz/libhfuzz.h index 1b6e0dfe..42373178 100644 --- a/libhfuzz/libhfuzz.h +++ b/libhfuzz/libhfuzz.h @@ -60,9 +60,10 @@ bool linuxIfaceUp(const char* ifacename); /* * Mount tmpfs over a mount point * - * dst: mount point for tmfs + * dst: mount point for tmfps + * opts: options, as per tmpfs(5), can be NULL */ -bool linuxMountTmpfs(const char* dst); +bool linuxMountTmpfs(const char* dst, const char* opts); #endif /* defined(__linux__) */ diff --git a/libhfuzz/linux.c b/libhfuzz/linux.c index 1550d0d5..862d4f9d 100644 --- a/libhfuzz/linux.c +++ b/libhfuzz/linux.c @@ -14,8 +14,8 @@ bool linuxIfaceUp(const char* ifacename) { return nsIfaceUp(ifacename); } -bool linuxMountTmpfs(const char* dst) { - return nsMountTmpfs(dst); +bool linuxMountTmpfs(const char* dst, const char* opts) { + return nsMountTmpfs(dst, opts); } #endif /* defined(_HF_ARCH_LINUX) */ -- cgit v1.2.3 From 9179921f83ffcf8fe6ccc22461c9ad577539d2e7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 25 Nov 2019 17:34:21 +0100 Subject: libhfuzz: more debug info about module initialization --- libhfuzz/instrument.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 2b7f18f7..a60415c5 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -332,9 +332,11 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start /* If this module was already initialized, skip it */ if (*start > 0) { + LOG_D("Module %p-%p is already initialized", start, stop); return; } + LOG_D("Module initialization: %p-%p at %" PRId32, start, stop, n); for (uint32_t* x = start; x < stop; x++, n++) { if (n >= _HF_PC_GUARD_MAX) { LOG_F("This process has too many PC guards:%" PRIu32 -- cgit v1.2.3 From bfed5ea505d0490b86ef094bc1d1315312769901 Mon Sep 17 00:00:00 2001 From: Michael Hanselmann Date: Mon, 25 Nov 2019 21:48:34 +0100 Subject: netdriver: Make temporary directory overridable Commit 627189739 changed the name of the path at which a tmpfs is mounted for the duration of a main program from "/tmp/FUZZ" to "/tmp/HFND_TMP_DIR". This change adds a weak-linked function allowing fuzzers to override the temporary directory, e.g.: int HonggfuzzNetDriverTempdir(char *str, size_t size) { return snprintf(str, size, "/tmp/foo.%d", getpid()); } This is particularily useful when multiple users share a system and shouldn't each other. A future change could make the code use mkdtemp(3). The default path remains "/tmp/HFND_TMP_DIR" and the "/tmp/FUZZ" directory isn't affected by this change. Signed-off-by: Michael Hanselmann --- libhfnetdriver/netdriver.c | 42 ++++++++++++++++++++++++++++++++---------- libhfnetdriver/netdriver.h | 5 +++++ 2 files changed, 37 insertions(+), 10 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 59bcca55..681b7be7 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -66,6 +66,15 @@ static void netDriver_startOriginalProgramInThread(void) { } } +static void netDriver_mountTmpfs(const char *path) { + if (mkdir(path, 0755) == -1 && errno != EEXIST) { + PLOG_F("mkdir('%s', 0755)", path); + } + if (!nsMountTmpfs(path, NULL)) { + LOG_F("nsMountTmpfs('%s') failed", path); + } +} + static void netDriver_initNsIfNeeded(void) { static bool initialized = false; if (initialized) { @@ -80,18 +89,22 @@ static void netDriver_initNsIfNeeded(void) { if (!nsIfaceUp("lo")) { LOG_F("nsIfaceUp('lo') failed"); } - if (mkdir(HFND_TMP_DIR_OLD, 0755) == -1 && errno != EEXIST) { - PLOG_F("mkdir('%s', 0755)", HFND_TMP_DIR_OLD); - } - if (mkdir(HFND_TMP_DIR, 0755) == -1 && errno != EEXIST) { - PLOG_F("mkdir('%s', 0755)", HFND_TMP_DIR); - } - if (!nsMountTmpfs(HFND_TMP_DIR_OLD, NULL)) { - LOG_F("nsMountTmpfs('%s') failed", HFND_TMP_DIR_OLD); + + char tmpdir[PATH_MAX]; + int ret; + + ret = HonggfuzzNetDriverTempdir(tmpdir, sizeof(tmpdir)); + if (ret < 0) { + LOG_F("HonggfuzzNetDriverTempdir failed"); } - if (!nsMountTmpfs(HFND_TMP_DIR, NULL)) { - LOG_F("nsMountTmpfs('%s') failed", HFND_TMP_DIR); + + if (strlen(tmpdir) > 0) { + netDriver_mountTmpfs(tmpdir); } + + /* Legacy path */ + netDriver_mountTmpfs(HFND_TMP_DIR_OLD); + return; #endif /* defined(_HF_ARCH_LINUX) */ LOG_W("Honggfuzz Net Driver (pid=%d): Namespaces not enabled for this OS platform", @@ -234,6 +247,15 @@ __attribute__((weak)) int HonggfuzzNetDriverArgsForServer( return argc; } +/* + * Retrieve path where to mount temporary filesystem (tmpfs) for the duration + * of a main program. Return empty array (length 0) to not use tmpfs. + */ +__attribute__((weak)) int HonggfuzzNetDriverTempdir(char *str, size_t size) +{ + return util_ssnprintf(str, size, "%s", HFND_TMP_DIR); +} + static void netDriver_waitForServerReady(uint16_t portno) { for (;;) { int fd = -1; diff --git a/libhfnetdriver/netdriver.h b/libhfnetdriver/netdriver.h index 4dcaab63..b4ad2a0b 100644 --- a/libhfnetdriver/netdriver.h +++ b/libhfnetdriver/netdriver.h @@ -3,6 +3,7 @@ #include #include +#include #ifdef __cplusplus extern "C" { @@ -20,6 +21,10 @@ int HonggfuzzNetDriverArgsForServer(int argc, char** argv, int* server_argc, cha * TCP port that the fuzzed data inputs will be sent to */ uint16_t HonggfuzzNetDriverPort(int argc, char** argv); +/* + * Mount point for temporary filesystem + */ +int HonggfuzzNetDriverTempdir(char *str, size_t size); #ifdef __cplusplus } -- cgit v1.2.3 From dbef0d4dd0ef21589e025968ee19b3b13cb0a33f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 25 Nov 2019 22:54:13 +0100 Subject: libhfnetdriver: use snprintf instead of util_ssnprintf as the buffer passed might not be initialized --- libhfnetdriver/netdriver.c | 6 +++--- libhfnetdriver/netdriver.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 681b7be7..0dc19d88 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -7,6 +7,7 @@ #include #include #include +#include #include #include #include @@ -251,9 +252,8 @@ __attribute__((weak)) int HonggfuzzNetDriverArgsForServer( * Retrieve path where to mount temporary filesystem (tmpfs) for the duration * of a main program. Return empty array (length 0) to not use tmpfs. */ -__attribute__((weak)) int HonggfuzzNetDriverTempdir(char *str, size_t size) -{ - return util_ssnprintf(str, size, "%s", HFND_TMP_DIR); +__attribute__((weak)) int HonggfuzzNetDriverTempdir(char *str, size_t size) { + return snprintf(str, size, "%s", HFND_TMP_DIR); } static void netDriver_waitForServerReady(uint16_t portno) { diff --git a/libhfnetdriver/netdriver.h b/libhfnetdriver/netdriver.h index b4ad2a0b..d9f0a798 100644 --- a/libhfnetdriver/netdriver.h +++ b/libhfnetdriver/netdriver.h @@ -2,8 +2,8 @@ #define _HF_NETDRIVER_NETDRIVER_H #include -#include #include +#include #ifdef __cplusplus extern "C" { @@ -24,7 +24,7 @@ uint16_t HonggfuzzNetDriverPort(int argc, char** argv); /* * Mount point for temporary filesystem */ -int HonggfuzzNetDriverTempdir(char *str, size_t size); +int HonggfuzzNetDriverTempdir(char* str, size_t size); #ifdef __cplusplus } -- cgit v1.2.3 From ef2b602ebe9368e1d2441e57d65558efb512043d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 26 Nov 2019 00:31:36 +0100 Subject: cmdline: deprecate --sanitizers --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index d47ee88f..26ce201e 100644 --- a/cmdline.c +++ b/cmdline.c @@ -436,7 +436,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "env", required_argument, NULL, 'E' }, "Pass this environment variable, can be used multiple times" }, { { "save_all", no_argument, NULL, 'u' }, "Save all test-cases (not only the unique ones) by appending the current time-stamp to the filenames" }, { { "tmout_sigvtalrm", no_argument, NULL, 'T' }, "Use SIGVTALRM to kill timeouting processes (default: use SIGKILL)" }, - { { "sanitizers", no_argument, NULL, 'S' }, "Enable sanitizers settings (default: false)" }, + { { "sanitizers", no_argument, NULL, 'S' }, "** DEPRECATED ** Enable sanitizers settings (default: false)" }, { { "monitor_sigabrt", required_argument, NULL, 0x105 }, "Monitor SIGABRT (default: false for Android, true for other platforms)" }, { { "no_fb_timeout", required_argument, NULL, 0x106 }, "Skip feedback if the process has timeouted (default: false)" }, { { "exit_upon_crash", no_argument, NULL, 0x107 }, "Exit upon seeing the first crash (default: false)" }, -- cgit v1.2.3 From ec7cd34f18e9ad16c6871ab1707e8ccb747247b6 Mon Sep 17 00:00:00 2001 From: Michael Hanselmann Date: Wed, 27 Nov 2019 02:12:57 +0100 Subject: Support AF_UNIX address formatting The forthcoming introduction of AF_UNIX support in libhfnetdriver requires the ability to format such addresses via the "files_sockAddrToStr" function. Signed-off-by: Michael Hanselmann --- libhfcommon/files.c | 37 ++++++++++++++++++++++++++++++++++++- libhfcommon/files.h | 2 +- libhfnetdriver/netdriver.c | 6 +++--- 3 files changed, 40 insertions(+), 5 deletions(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 6f03588b..7da42074 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -34,10 +34,12 @@ #include #include #include +#include #include #include #include #include +#include #if defined(_HF_ARCH_LINUX) #include #endif /* defined(_HF_ARCH_LINUX) */ @@ -419,7 +421,7 @@ sa_family_t files_sockFamily(int sock) { return addr.sa_family; } -const char* files_sockAddrToStr(const struct sockaddr* sa) { +const char* files_sockAddrToStr(const struct sockaddr* sa, const socklen_t len) { static __thread char str[4096]; if (sa->sa_family == AF_INET) { @@ -441,6 +443,39 @@ const char* files_sockAddrToStr(const struct sockaddr* sa) { return str; } + if (sa->sa_family == AF_UNIX) { + if (len == sizeof(sa_family_t)) { + /* Unnamed socket */ + snprintf(str, sizeof(str), "unix:(unnamed)"); + return str; + } + + if (len == sizeof(struct sockaddr_un)) { + struct sockaddr_un* sun = (struct sockaddr_un*)sa; + int pathlen; + + if (sun->sun_path[0] == '\0') { + /* Abstract socket + * + * TODO: Handle null bytes in sun->sun_path (they have no + * special significance unlike in C char arrays, see unix(7)) + */ + pathlen = strnlen(&sun->sun_path[1], + len - offsetof(struct sockaddr_un, sun_path) - 1); + + snprintf(str, sizeof(str), "unix:abstract:%-*s", + pathlen, &sun->sun_path[1]); + return str; + } + + pathlen = strnlen(sun->sun_path, + len - offsetof(struct sockaddr_un, sun_path)); + + snprintf(str, sizeof(str), "unix:%-*s", pathlen, sun->sun_path); + return str; + } + } + snprintf(str, sizeof(str), "Unsupported sockaddr family=%d", (int)sa->sa_family); return str; } diff --git a/libhfcommon/files.h b/libhfcommon/files.h index e19c5d2a..093b28d6 100644 --- a/libhfcommon/files.h +++ b/libhfcommon/files.h @@ -66,6 +66,6 @@ extern size_t files_parseSymbolFilter(const char* inFIle, char*** filterList); extern sa_family_t files_sockFamily(int sock); -extern const char* files_sockAddrToStr(const struct sockaddr* sa); +extern const char* files_sockAddrToStr(const struct sockaddr* sa, const socklen_t len); #endif /* ifndef HF_COMMON_FILES */ diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 0dc19d88..1286acd6 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -136,7 +136,7 @@ static int netDriver_sockConnAddr(const struct sockaddr *addr, socklen_t socklen int sock = socket(addr->sa_family, SOCK_STREAM, 0); if (sock == -1) { PLOG_D("socket(type=%d for dst_addr='%s', SOCK_STREAM, 0)", addr->sa_family, - files_sockAddrToStr(addr)); + files_sockAddrToStr(addr, socklen)); return -1; } int val = 1; @@ -158,9 +158,9 @@ static int netDriver_sockConnAddr(const struct sockaddr *addr, socklen_t socklen netDriver_bindToRndLoopback(sock, addr->sa_family); - LOG_D("Connecting to '%s'", files_sockAddrToStr(addr)); + LOG_D("Connecting to '%s'", files_sockAddrToStr(addr, socklen)); if (TEMP_FAILURE_RETRY(connect(sock, addr, socklen)) == -1) { - PLOG_W("connect(addr='%s')", files_sockAddrToStr(addr)); + PLOG_W("connect(addr='%s')", files_sockAddrToStr(addr, socklen)); close(sock); return -1; } -- cgit v1.2.3 From f1d827dce6bb826ef9d3c7bf7b168b7a4f6e1d69 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 27 Nov 2019 12:38:35 +0100 Subject: make indent depend --- libhfcommon/files.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 7da42074..676001ec 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -31,10 +31,10 @@ #include #include #include +#include #include #include #include -#include #include #include #include @@ -460,16 +460,14 @@ const char* files_sockAddrToStr(const struct sockaddr* sa, const socklen_t len) * TODO: Handle null bytes in sun->sun_path (they have no * special significance unlike in C char arrays, see unix(7)) */ - pathlen = strnlen(&sun->sun_path[1], - len - offsetof(struct sockaddr_un, sun_path) - 1); + pathlen = + strnlen(&sun->sun_path[1], len - offsetof(struct sockaddr_un, sun_path) - 1); - snprintf(str, sizeof(str), "unix:abstract:%-*s", - pathlen, &sun->sun_path[1]); + snprintf(str, sizeof(str), "unix:abstract:%-*s", pathlen, &sun->sun_path[1]); return str; } - pathlen = strnlen(sun->sun_path, - len - offsetof(struct sockaddr_un, sun_path)); + pathlen = strnlen(sun->sun_path, len - offsetof(struct sockaddr_un, sun_path)); snprintf(str, sizeof(str), "unix:%-*s", pathlen, sun->sun_path); return str; -- cgit v1.2.3 From f61cc7e3918db684bf73e4ee6984a09cc5f67a16 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 27 Nov 2019 21:56:03 +0100 Subject: hfuzz-cc: -shared is used with linking mode actually --- hfuzz_cc/hfuzz-cc.c | 4 +--- libhfnetdriver/netdriver.c | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index df985482..92a8fd63 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -103,9 +103,6 @@ static bool isLDMode(int argc, char** argv) { if (strcmp(argv[i], "-S") == 0) { return false; } - if (strcmp(argv[i], "-shared") == 0) { - return false; - } } return true; } @@ -438,6 +435,7 @@ static int ldMode(int argc, char** argv) { /* Needed by the libhfcommon */ args[j++] = "-pthread"; + args[j++] = "-ldl"; #if !defined(_HF_ARCH_DARWIN) && !defined(__OpenBSD__) args[j++] = "-lrt"; #endif /* !defined(_HF_ARCH_DARWIN) && !defined(__OpenBSD__) */ diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 1286acd6..956e3f27 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -67,6 +67,7 @@ static void netDriver_startOriginalProgramInThread(void) { } } +#if defined(_HF_ARCH_LINUX) static void netDriver_mountTmpfs(const char *path) { if (mkdir(path, 0755) == -1 && errno != EEXIST) { PLOG_F("mkdir('%s', 0755)", path); @@ -75,6 +76,7 @@ static void netDriver_mountTmpfs(const char *path) { LOG_F("nsMountTmpfs('%s') failed", path); } } +#endif /* defined(_HF_ARCH_LINUX) */ static void netDriver_initNsIfNeeded(void) { static bool initialized = false; -- cgit v1.2.3 From e5cb6a081182f32a174659fb74c893e785a6c69f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 28 Nov 2019 14:15:15 +0100 Subject: libhfnetdriver: initialize tmpdir to NULs --- libhfnetdriver/netdriver.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 956e3f27..76f2be19 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -93,10 +93,8 @@ static void netDriver_initNsIfNeeded(void) { LOG_F("nsIfaceUp('lo') failed"); } - char tmpdir[PATH_MAX]; - int ret; - - ret = HonggfuzzNetDriverTempdir(tmpdir, sizeof(tmpdir)); + char tmpdir[PATH_MAX] = {}; + int ret = HonggfuzzNetDriverTempdir(tmpdir, sizeof(tmpdir)); if (ret < 0) { LOG_F("HonggfuzzNetDriverTempdir failed"); } -- cgit v1.2.3 From 1ea443f8cf676129ddba5327f41a97f565b0c3a9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 28 Nov 2019 16:20:21 +0100 Subject: libhfnetdriver: allow to use HonggfuzzNetDriverServerAddress for custom destination addresses --- libhfnetdriver/netdriver.c | 148 +++++++++++++++++++++++---------------------- libhfnetdriver/netdriver.h | 6 ++ 2 files changed, 82 insertions(+), 72 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 76f2be19..fde4cc97 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -36,13 +36,13 @@ static char *initial_server_argv[] = {"fuzzer", NULL}; static struct { int argc_server; char **argv_server; - uint16_t tcp_port; - sa_family_t sa_family; + struct sockaddr *saddr; + socklen_t slen; } hfnd_globals = { .argc_server = 1, .argv_server = initial_server_argv, - .tcp_port = 0, - .sa_family = AF_UNSPEC, + .saddr = NULL, + .slen = 0, }; extern int HonggfuzzNetDriver_main(int argc, char **argv); @@ -167,37 +167,6 @@ static int netDriver_sockConnAddr(const struct sockaddr *addr, socklen_t socklen return sock; } -int netDriver_sockConnLoopback(sa_family_t sa_family, uint16_t portno) { - if (portno < 1) { - LOG_F("Specified TCP port (%d) cannot be < 1", portno); - } - - if (sa_family == AF_INET) { - /* IPv4's 127.0.0.1 */ - const struct sockaddr_in saddr4 = { - .sin_family = AF_INET, - .sin_port = htons(portno), - .sin_addr.s_addr = htonl(INADDR_LOOPBACK), - }; - return netDriver_sockConnAddr((const struct sockaddr *)&saddr4, sizeof(saddr4)); - } - - if (sa_family == AF_INET6) { - /* IPv6's ::1 */ - const struct sockaddr_in6 saddr6 = { - .sin6_family = AF_INET6, - .sin6_port = htons(portno), - .sin6_flowinfo = 0, - .sin6_addr = in6addr_loopback, - .sin6_scope_id = 0, - }; - return netDriver_sockConnAddr((const struct sockaddr *)&saddr6, sizeof(saddr6)); - } - - LOG_E("Unknown SA_FAMILY=%d specified", (int)sa_family); - return -1; -} - /* * Decide which TCP port should be used for sending inputs */ @@ -256,29 +225,12 @@ __attribute__((weak)) int HonggfuzzNetDriverTempdir(char *str, size_t size) { return snprintf(str, size, "%s", HFND_TMP_DIR); } -static void netDriver_waitForServerReady(uint16_t portno) { - for (;;) { - int fd = -1; - fd = netDriver_sockConnLoopback(AF_INET, portno); - if (fd >= 0) { - hfnd_globals.sa_family = AF_INET; - close(fd); - return; - } - fd = netDriver_sockConnLoopback(AF_INET6, portno); - if (fd >= 0) { - hfnd_globals.sa_family = AF_INET6; - close(fd); - return; - } - LOG_I( - "Honggfuzz Net Driver (pid=%d): Waiting for the TCP server process to start accepting " - "connections at TCP4:127.0.0.1:%" PRIu16 " or at TCP6:[::1]:%" PRIu16 - ". Sleeping for 0.5 seconds ...", - (int)getpid(), portno, portno); - - util_sleepForMSec(500); - } +/* + * Put a custom sockaddr here (e.g. based on AF_UNIX + */ +__attribute__((weak)) socklen_t HonggfuzzNetDriverServerAddress(struct sockaddr **addr) { + *addr = NULL; + return 0; } uint16_t netDriver_getTCPPort(int argc, char **argv) { @@ -303,6 +255,63 @@ uint16_t netDriver_getTCPPort(int argc, char **argv) { return HonggfuzzNetDriverPort(argc, argv); } +static void netDriver_waitForServerReady(int argc, char **argv) { + for (;;) { + struct sockaddr *addr; + socklen_t slen = HonggfuzzNetDriverServerAddress(&addr); + if (slen > 0) { + /* User provided a specific destination address */ + int fd = netDriver_sockConnAddr(addr, sizeof(addr)); + if (fd >= 0) { + close(fd); + hfnd_globals.saddr = addr; + hfnd_globals.slen = slen; + return; + } + LOG_I("Honggfuzz Net Driver (pid=%d): Waiting for the server process to start " + "accepting connections at '%s'", + (int)getpid(), files_sockAddrToStr(addr, slen)); + } else { + /* Try generic TCP connections */ + static __thread struct sockaddr_in addr4 = { + .sin_family = PF_INET, + .sin_port = 0, + .sin_addr.s_addr = 0, + }; + addr4.sin_port = htons(netDriver_getTCPPort(argc, argv)); + addr4.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + int fd = netDriver_sockConnAddr((struct sockaddr *)&addr4, sizeof(addr4)); + if (fd >= 0) { + close(fd); + hfnd_globals.saddr = (struct sockaddr *)&addr4; + hfnd_globals.slen = sizeof(addr4); + return; + } + static __thread struct sockaddr_in6 addr6 = { + .sin6_family = PF_INET6, + .sin6_port = 0, + .sin6_flowinfo = 0, + .sin6_addr = {}, + .sin6_scope_id = 0, + }; + addr6.sin6_port = htons(netDriver_getTCPPort(argc, argv)); + addr6.sin6_addr = in6addr_loopback; + fd = netDriver_sockConnAddr((struct sockaddr *)&addr6, sizeof(addr6)); + if (fd >= 0) { + close(fd); + hfnd_globals.saddr = (struct sockaddr *)&addr6; + hfnd_globals.slen = sizeof(addr6); + return; + } + LOG_I("Honggfuzz Net Driver (pid=%d): Waiting for the TCP server process to start " + "accepting " + "connections at TCP port: %hu", + (int)getpid(), netDriver_getTCPPort(argc, argv)); + } + util_sleepForMSec(500); + } +} + int LLVMFuzzerInitialize(int *argc, char ***argv) { if (getenv(HFND_SKIP_FUZZING_ENV)) { LOG_I( @@ -314,34 +323,29 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) { /* Make sure LIBHFNETDRIVER_module_netdriver (NetDriver signature) is used */ LOG_D("Module: %s", LIBHFNETDRIVER_module_netdriver); - hfnd_globals.tcp_port = netDriver_getTCPPort(*argc, *argv); *argc = HonggfuzzNetDriverArgsForServer( *argc, *argv, &hfnd_globals.argc_server, &hfnd_globals.argv_server); - LOG_I( - "Honggfuzz Net Driver (pid=%d): TCP port %d will be used. You can change the server's TCP " - "port by setting the %s envvar", - (int)getpid(), hfnd_globals.tcp_port, HFND_TCP_PORT_ENV); - netDriver_initNsIfNeeded(); netDriver_startOriginalProgramInThread(); - netDriver_waitForServerReady(hfnd_globals.tcp_port); + netDriver_waitForServerReady(*argc, *argv); - LOG_I("Honggfuzz Net Driver (pid=%d): The TCP server process is ready to accept connections at " - "%s:%" PRIu16 ". TCP fuzzing starts now!", - (int)getpid(), (hfnd_globals.sa_family == AF_INET ? "TCP4:127.0.0.1" : "TCP6:[::1]"), - hfnd_globals.tcp_port); + LOG_I("Honggfuzz Net Driver (pid=%d): The server process is ready to accept connections at " + "'%s'. Fuzzing starts now!", + (int)getpid(), files_sockAddrToStr(hfnd_globals.saddr, hfnd_globals.slen)); return 0; } int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { - int sock = netDriver_sockConnLoopback(hfnd_globals.sa_family, hfnd_globals.tcp_port); + int sock = netDriver_sockConnAddr(hfnd_globals.saddr, hfnd_globals.slen); if (sock == -1) { - LOG_F("Couldn't connect to the server TCP port"); + LOG_F("Couldn't connect to the server socket at '%s'", + files_sockAddrToStr(hfnd_globals.saddr, hfnd_globals.slen)); } if (!files_sendToSocket(sock, buf, len)) { - PLOG_W("files_sendToSocket(sock=%d, len=%zu) failed", sock, len); + PLOG_W("files_sendToSocket(addr='%s', sock=%d, len=%zu) failed", + files_sockAddrToStr(hfnd_globals.saddr, hfnd_globals.slen), sock, len); close(sock); return 0; } diff --git a/libhfnetdriver/netdriver.h b/libhfnetdriver/netdriver.h index d9f0a798..78a39d15 100644 --- a/libhfnetdriver/netdriver.h +++ b/libhfnetdriver/netdriver.h @@ -4,6 +4,8 @@ #include #include #include +#include +#include #ifdef __cplusplus extern "C" { @@ -25,6 +27,10 @@ uint16_t HonggfuzzNetDriverPort(int argc, char** argv); * Mount point for temporary filesystem */ int HonggfuzzNetDriverTempdir(char* str, size_t size); +/* + * Provide your own connection address, could be e.g. a AF_UNIX socket. + */ +socklen_t HonggfuzzNetDriverServerAddress(struct sockaddr** addr); #ifdef __cplusplus } -- cgit v1.2.3 From 6796e6a98202ea5b32aadfbca1d9985fd60004eb Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 28 Nov 2019 16:22:49 +0100 Subject: libhfnetdriver: typos --- libhfnetdriver/netdriver.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index fde4cc97..fb641e74 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -260,7 +260,7 @@ static void netDriver_waitForServerReady(int argc, char **argv) { struct sockaddr *addr; socklen_t slen = HonggfuzzNetDriverServerAddress(&addr); if (slen > 0) { - /* User provided a specific destination address */ + /* User provided specific destination address */ int fd = netDriver_sockConnAddr(addr, sizeof(addr)); if (fd >= 0) { close(fd); @@ -272,7 +272,7 @@ static void netDriver_waitForServerReady(int argc, char **argv) { "accepting connections at '%s'", (int)getpid(), files_sockAddrToStr(addr, slen)); } else { - /* Try generic TCP connections */ + /* Try TCP4 and TCP6 connections */ static __thread struct sockaddr_in addr4 = { .sin_family = PF_INET, .sin_port = 0, @@ -303,9 +303,9 @@ static void netDriver_waitForServerReady(int argc, char **argv) { hfnd_globals.slen = sizeof(addr6); return; } + /* Other default protocols (e.g. AF_UNIX) can be added below */ LOG_I("Honggfuzz Net Driver (pid=%d): Waiting for the TCP server process to start " - "accepting " - "connections at TCP port: %hu", + "accepting connections at TCP port: %hu", (int)getpid(), netDriver_getTCPPort(argc, argv)); } util_sleepForMSec(500); -- cgit v1.2.3 From 6500781606ade05f120a73c73a8ab8fbe0b27918 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 28 Nov 2019 16:42:06 +0100 Subject: libhfnetdriver: a few cleanups around setting options for TCP sockets --- libhfcommon/files.c | 38 +++++++++++++++++--------------------- libhfnetdriver/netdriver.c | 32 +++++++++++++++++--------------- 2 files changed, 34 insertions(+), 36 deletions(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 676001ec..8ba99f3a 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -444,34 +444,30 @@ const char* files_sockAddrToStr(const struct sockaddr* sa, const socklen_t len) } if (sa->sa_family == AF_UNIX) { - if (len == sizeof(sa_family_t)) { - /* Unnamed socket */ - snprintf(str, sizeof(str), "unix:(unnamed)"); + if (len <= offsetof(struct sockaddr_un, sun_path)) { + snprintf(str, sizeof(str), "unix:", (unsigned)len); return str; } - if (len == sizeof(struct sockaddr_un)) { - struct sockaddr_un* sun = (struct sockaddr_un*)sa; - int pathlen; + struct sockaddr_un* sun = (struct sockaddr_un*)sa; + int pathlen; - if (sun->sun_path[0] == '\0') { - /* Abstract socket - * - * TODO: Handle null bytes in sun->sun_path (they have no - * special significance unlike in C char arrays, see unix(7)) - */ - pathlen = - strnlen(&sun->sun_path[1], len - offsetof(struct sockaddr_un, sun_path) - 1); + if (sun->sun_path[0] == '\0') { + /* Abstract socket + * + * TODO: Handle null bytes in sun->sun_path (they have no + * special significance unlike in C char arrays, see unix(7)) + */ + pathlen = strnlen(&sun->sun_path[1], len - offsetof(struct sockaddr_un, sun_path) - 1); - snprintf(str, sizeof(str), "unix:abstract:%-*s", pathlen, &sun->sun_path[1]); - return str; - } - - pathlen = strnlen(sun->sun_path, len - offsetof(struct sockaddr_un, sun_path)); - - snprintf(str, sizeof(str), "unix:%-*s", pathlen, sun->sun_path); + snprintf(str, sizeof(str), "unix:abstract:%-*s", pathlen, &sun->sun_path[1]); return str; } + + pathlen = strnlen(sun->sun_path, len - offsetof(struct sockaddr_un, sun_path)); + + snprintf(str, sizeof(str), "unix:%-*s", pathlen, sun->sun_path); + return str; } snprintf(str, sizeof(str), "Unsupported sockaddr family=%d", (int)sa->sa_family); diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index fb641e74..5ceb16fa 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #if defined(_HF_ARCH_LINUX) #include @@ -135,26 +136,28 @@ static void netDriver_bindToRndLoopback(int sock, sa_family_t sa_family) { static int netDriver_sockConnAddr(const struct sockaddr *addr, socklen_t socklen) { int sock = socket(addr->sa_family, SOCK_STREAM, 0); if (sock == -1) { - PLOG_D("socket(type=%d for dst_addr='%s', SOCK_STREAM, 0)", addr->sa_family, + PLOG_W("socket(type=%d for dst_addr='%s', SOCK_STREAM, 0)", addr->sa_family, files_sockAddrToStr(addr, socklen)); return -1; } - int val = 1; - if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &val, (socklen_t)sizeof(val)) == -1) { - PLOG_W("setsockopt(sock=%d, SOL_SOCKET, SO_REUSEADDR, %d)", sock, val); - } + if (addr->sa_family == AF_INET || addr->sa_family == AF_INET6) { + int val = 1; + if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &val, (socklen_t)sizeof(val)) == -1) { + PLOG_W("setsockopt(sock=%d, SOL_SOCKET, SO_REUSEADDR, %d)", sock, val); + } #if defined(SOL_TCP) && defined(TCP_NODELAY) - val = 1; - if (setsockopt(sock, SOL_TCP, TCP_NODELAY, &val, (socklen_t)sizeof(val)) == -1) { - PLOG_W("setsockopt(sock=%d, SOL_TCP, TCP_NODELAY, %d)", sock, val); - } + val = 1; + if (setsockopt(sock, SOL_TCP, TCP_NODELAY, &val, (socklen_t)sizeof(val)) == -1) { + PLOG_W("setsockopt(sock=%d, SOL_TCP, TCP_NODELAY, %d)", sock, val); + } #endif /* defined(SOL_TCP) && defined(TCP_NODELAY) */ #if defined(SOL_TCP) && defined(TCP_QUICKACK) - val = 1; - if (setsockopt(sock, SOL_TCP, TCP_QUICKACK, &val, (socklen_t)sizeof(val)) == -1) { - PLOG_D("setsockopt(sock=%d, SOL_TCP, TCP_QUICKACK, %d)", sock, val); - } + val = 1; + if (setsockopt(sock, SOL_TCP, TCP_QUICKACK, &val, (socklen_t)sizeof(val)) == -1) { + PLOG_D("setsockopt(sock=%d, SOL_TCP, TCP_QUICKACK, %d)", sock, val); + } #endif /* defined(SOL_TCP) && defined(TCP_QUICKACK) */ + } netDriver_bindToRndLoopback(sock, addr->sa_family); @@ -172,7 +175,6 @@ static int netDriver_sockConnAddr(const struct sockaddr *addr, socklen_t socklen */ __attribute__((weak)) uint16_t HonggfuzzNetDriverPort( int argc HF_ATTR_UNUSED, char **argv HF_ATTR_UNUSED) { - /* Return the default port (8080) */ return 8080; } @@ -226,7 +228,7 @@ __attribute__((weak)) int HonggfuzzNetDriverTempdir(char *str, size_t size) { } /* - * Put a custom sockaddr here (e.g. based on AF_UNIX + * Put a custom sockaddr here (e.g. based on AF_UNIX) */ __attribute__((weak)) socklen_t HonggfuzzNetDriverServerAddress(struct sockaddr **addr) { *addr = NULL; -- cgit v1.2.3 From 6814cb6a032ab0963bc37493ec4f7f640389daaf Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 28 Nov 2019 19:22:57 +0100 Subject: libhfnetdriver: Add support for the default AF_UNIX sockets. Currently the netdriver connects to TCP4/TCP6 loopback addresses at the port 8080 (or, at whatever is returned by the HonggfuzzNetDriverPort()) This change will also make the netdriver to connect to the socket (AF_UNIX) at HonggfuzzNetDriverTempdir()/pipe, which in most cases will evaluate to '/tmp/HFND_TMP_DIR/pipe' (unless a custom HonggfuzzNetDriverTempdir() func is defined) Heavily inspired by https://github.com/hansmi 's https://github.com/google/honggfuzz/pull/291 --- libhfnetdriver/netdriver.c | 131 ++++++++++++++++++++++++++------------------- libhfnetdriver/netdriver.h | 5 +- 2 files changed, 80 insertions(+), 56 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 5ceb16fa..bf162391 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -257,68 +257,83 @@ uint16_t netDriver_getTCPPort(int argc, char **argv) { return HonggfuzzNetDriverPort(argc, argv); } -static void netDriver_waitForServerReady(int argc, char **argv) { - for (;;) { - struct sockaddr *addr; - socklen_t slen = HonggfuzzNetDriverServerAddress(&addr); - if (slen > 0) { - /* User provided specific destination address */ - int fd = netDriver_sockConnAddr(addr, sizeof(addr)); - if (fd >= 0) { - close(fd); - hfnd_globals.saddr = addr; - hfnd_globals.slen = slen; - return; - } - LOG_I("Honggfuzz Net Driver (pid=%d): Waiting for the server process to start " - "accepting connections at '%s'", - (int)getpid(), files_sockAddrToStr(addr, slen)); - } else { - /* Try TCP4 and TCP6 connections */ - static __thread struct sockaddr_in addr4 = { - .sin_family = PF_INET, - .sin_port = 0, - .sin_addr.s_addr = 0, - }; - addr4.sin_port = htons(netDriver_getTCPPort(argc, argv)); - addr4.sin_addr.s_addr = htonl(INADDR_LOOPBACK); - int fd = netDriver_sockConnAddr((struct sockaddr *)&addr4, sizeof(addr4)); - if (fd >= 0) { - close(fd); - hfnd_globals.saddr = (struct sockaddr *)&addr4; - hfnd_globals.slen = sizeof(addr4); - return; - } - static __thread struct sockaddr_in6 addr6 = { - .sin6_family = PF_INET6, - .sin6_port = 0, - .sin6_flowinfo = 0, - .sin6_addr = {}, - .sin6_scope_id = 0, - }; - addr6.sin6_port = htons(netDriver_getTCPPort(argc, argv)); - addr6.sin6_addr = in6addr_loopback; - fd = netDriver_sockConnAddr((struct sockaddr *)&addr6, sizeof(addr6)); - if (fd >= 0) { - close(fd); - hfnd_globals.saddr = (struct sockaddr *)&addr6; - hfnd_globals.slen = sizeof(addr6); - return; - } - /* Other default protocols (e.g. AF_UNIX) can be added below */ - LOG_I("Honggfuzz Net Driver (pid=%d): Waiting for the TCP server process to start " - "accepting connections at TCP port: %hu", - (int)getpid(), netDriver_getTCPPort(argc, argv)); +static bool netDriver_checkIfServerReady(int argc, char **argv) { + struct sockaddr *addr; + socklen_t slen = HonggfuzzNetDriverServerAddress(&addr); + if (slen > 0) { + /* User provided specific destination address */ + int fd = netDriver_sockConnAddr(addr, sizeof(addr)); + if (fd >= 0) { + close(fd); + hfnd_globals.saddr = addr; + hfnd_globals.slen = slen; + return true; } - util_sleepForMSec(500); + + LOG_I("Honggfuzz Net Driver (pid=%d): Waiting for the server process to start " + "accepting connections at '%s'", + (int)getpid(), files_sockAddrToStr(addr, slen)); + return false; + } + + /* Try to connect to ${HFND_TMP_DIR}/pipe first via a PF_UNIX socket */ + static __thread struct sockaddr_un sun = { + .sun_family = PF_UNIX, + .sun_path = {}, + }; + if (HonggfuzzNetDriverTempdir(sun.sun_path, sizeof(sun.sun_path)) < 0) { + snprintf(sun.sun_path, sizeof(sun.sun_path), "%s/%s", HFND_TMP_DIR, "pipe"); + } + int fd = netDriver_sockConnAddr((struct sockaddr *)&sun, sizeof(sun)); + if (fd >= 0) { + close(fd); + hfnd_globals.saddr = (struct sockaddr *)&sun; + hfnd_globals.slen = sizeof(sun); + return true; + } + /* Next, try TCP4 and TCP6 connections to the localhost */ + static __thread struct sockaddr_in addr4 = { + .sin_family = PF_INET, + .sin_port = 0, + .sin_addr.s_addr = 0, + }; + addr4.sin_port = htons(netDriver_getTCPPort(argc, argv)); + addr4.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + fd = netDriver_sockConnAddr((struct sockaddr *)&addr4, sizeof(addr4)); + if (fd >= 0) { + close(fd); + hfnd_globals.saddr = (struct sockaddr *)&addr4; + hfnd_globals.slen = sizeof(addr4); + return true; + } + static __thread struct sockaddr_in6 addr6 = { + .sin6_family = PF_INET6, + .sin6_port = 0, + .sin6_flowinfo = 0, + .sin6_addr = {}, + .sin6_scope_id = 0, + }; + addr6.sin6_port = htons(netDriver_getTCPPort(argc, argv)); + addr6.sin6_addr = in6addr_loopback; + fd = netDriver_sockConnAddr((struct sockaddr *)&addr6, sizeof(addr6)); + if (fd >= 0) { + close(fd); + hfnd_globals.saddr = (struct sockaddr *)&addr6; + hfnd_globals.slen = sizeof(addr6); + return true; } + + LOG_I("Honggfuzz Net Driver (pid=%d): Waiting for the TCP server process to start " + "accepting connections at TCP4 and TCP6 port: %hu and at the socket path: '%s'", + (int)getpid(), netDriver_getTCPPort(argc, argv), sun.sun_path); + return false; } int LLVMFuzzerInitialize(int *argc, char ***argv) { if (getenv(HFND_SKIP_FUZZING_ENV)) { LOG_I( "Honggfuzz Net Driver (pid=%d): '%s' is set, skipping fuzzing, calling main() directly", - getpid(), HFND_SKIP_FUZZING_ENV); + (int)getpid(), HFND_SKIP_FUZZING_ENV); exit(HonggfuzzNetDriver_main(*argc, *argv)); } @@ -330,7 +345,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) { netDriver_initNsIfNeeded(); netDriver_startOriginalProgramInThread(); - netDriver_waitForServerReady(*argc, *argv); + for (;;) { + if (netDriver_checkIfServerReady(*argc, *argv)) { + break; + } + LOG_I("Honggfuzz Net Driver (pid=%d): Sleeping for 0.5s", (int)getpid()); + util_sleepForMSec(500); + } LOG_I("Honggfuzz Net Driver (pid=%d): The server process is ready to accept connections at " "'%s'. Fuzzing starts now!", diff --git a/libhfnetdriver/netdriver.h b/libhfnetdriver/netdriver.h index 78a39d15..e89a3157 100644 --- a/libhfnetdriver/netdriver.h +++ b/libhfnetdriver/netdriver.h @@ -28,7 +28,10 @@ uint16_t HonggfuzzNetDriverPort(int argc, char** argv); */ int HonggfuzzNetDriverTempdir(char* str, size_t size); /* - * Provide your own connection address, could be e.g. a AF_UNIX socket. + * Provide your own connection address, could be e.g. an AF_UNIX socket. + * + * Return 0 if only the standard connection protocols should be used (i.e. currently TCP4/TCP6 and + * PF_UNIX via a set of standardized TCP ports (e.g. 8080) and paths) */ socklen_t HonggfuzzNetDriverServerAddress(struct sockaddr** addr); -- cgit v1.2.3 From ad3749d0d124936b00428eaf5520ccd9e59a84fe Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 28 Nov 2019 19:37:42 +0100 Subject: libhfnetdriver: use correct path to ${HonggfuzzNetDriverTempdir()}/pipe - add missing "/pipe" --- libhfnetdriver/netdriver.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index bf162391..5f546599 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -281,7 +281,10 @@ static bool netDriver_checkIfServerReady(int argc, char **argv) { .sun_family = PF_UNIX, .sun_path = {}, }; - if (HonggfuzzNetDriverTempdir(sun.sun_path, sizeof(sun.sun_path)) < 0) { + char tmpdir[PATH_MAX] = {}; + if (HonggfuzzNetDriverTempdir(tmpdir, sizeof(tmpdir)) >= 0) { + snprintf(sun.sun_path, sizeof(sun.sun_path), "%s/%s", tmpdir, "pipe"); + } else { snprintf(sun.sun_path, sizeof(sun.sun_path), "%s/%s", HFND_TMP_DIR, "pipe"); } int fd = netDriver_sockConnAddr((struct sockaddr *)&sun, sizeof(sun)); -- cgit v1.2.3 From 11520e2504f3cb63b49b36044b7f047e72c4ed19 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 28 Nov 2019 21:52:26 +0100 Subject: netdriver: use HFND_SOCK_PATH to modify netdriver's socket path --- libhfnetdriver/netdriver.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 5f546599..06aaf289 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -30,6 +30,7 @@ __attribute__((visibility("default"))) __attribute__((used)) const char *const LIBHFNETDRIVER_module_netdriver = _HF_NETDRIVER_SIG; #define HFND_TCP_PORT_ENV "HFND_TCP_PORT" +#define HFND_SOCK_PATH_ENV "HFND_SOCK_PATH" #define HFND_SKIP_FUZZING_ENV "HFND_SKIP_FUZZING" static char *initial_server_argv[] = {"fuzzer", NULL}; @@ -257,6 +258,22 @@ uint16_t netDriver_getTCPPort(int argc, char **argv) { return HonggfuzzNetDriverPort(argc, argv); } +const char *netDriver_getSockPath(int argc HF_ATTR_UNUSED, char **argv HF_ATTR_UNUSED) { + char tmpdir[PATH_MAX] = {}; + if (HonggfuzzNetDriverTempdir(tmpdir, sizeof(tmpdir)) >= 0) { + snprintf(tmpdir, sizeof(tmpdir), HFND_TMP_DIR); + } + + static __thread char path[PATH_MAX] = {}; + const char *sock_path = getenv(HFND_SOCK_PATH_ENV); + if (sock_path) { + snprintf(path, sizeof(path), "%s/%s", tmpdir, sock_path); + } else { + snprintf(path, sizeof(path), "%s/%s", tmpdir, "pipe"); + } + return path; +} + static bool netDriver_checkIfServerReady(int argc, char **argv) { struct sockaddr *addr; socklen_t slen = HonggfuzzNetDriverServerAddress(&addr); @@ -281,12 +298,7 @@ static bool netDriver_checkIfServerReady(int argc, char **argv) { .sun_family = PF_UNIX, .sun_path = {}, }; - char tmpdir[PATH_MAX] = {}; - if (HonggfuzzNetDriverTempdir(tmpdir, sizeof(tmpdir)) >= 0) { - snprintf(sun.sun_path, sizeof(sun.sun_path), "%s/%s", tmpdir, "pipe"); - } else { - snprintf(sun.sun_path, sizeof(sun.sun_path), "%s/%s", HFND_TMP_DIR, "pipe"); - } + snprintf(sun.sun_path, sizeof(sun.sun_path), "%s", netDriver_getSockPath(argc, argv)); int fd = netDriver_sockConnAddr((struct sockaddr *)&sun, sizeof(sun)); if (fd >= 0) { close(fd); -- cgit v1.2.3 From 75e9a131c11ca2c2ed96a65666a6627cad14889b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 28 Nov 2019 21:56:05 +0100 Subject: libhnetdriver: treat HFND_SOCK_PATH specially if the first char is '/': treat it as absolute path then --- libhfnetdriver/netdriver.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 06aaf289..bdb912e0 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -266,7 +266,9 @@ const char *netDriver_getSockPath(int argc HF_ATTR_UNUSED, char **argv HF_ATTR_U static __thread char path[PATH_MAX] = {}; const char *sock_path = getenv(HFND_SOCK_PATH_ENV); - if (sock_path) { + if (sock_path && sock_path[0] == '/') { + snprintf(path, sizeof(path), "%s", sock_path); + } else if (sock_path) { snprintf(path, sizeof(path), "%s/%s", tmpdir, sock_path); } else { snprintf(path, sizeof(path), "%s/%s", tmpdir, "pipe"); -- cgit v1.2.3 From bbc88cf0356f3e8fcaf6f24200dc5c043a8299c1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 28 Nov 2019 21:58:35 +0100 Subject: libhfnetdriver: use correct check for HonggfuzzNetDriverTempdir retval --- libhfnetdriver/netdriver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index bdb912e0..d341fa4d 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -260,7 +260,7 @@ uint16_t netDriver_getTCPPort(int argc, char **argv) { const char *netDriver_getSockPath(int argc HF_ATTR_UNUSED, char **argv HF_ATTR_UNUSED) { char tmpdir[PATH_MAX] = {}; - if (HonggfuzzNetDriverTempdir(tmpdir, sizeof(tmpdir)) >= 0) { + if (HonggfuzzNetDriverTempdir(tmpdir, sizeof(tmpdir)) == -1) { snprintf(tmpdir, sizeof(tmpdir), HFND_TMP_DIR); } -- cgit v1.2.3 From aedc2266676560bb1884d1c5fc3ead224fcd5738 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 28 Nov 2019 22:10:48 +0100 Subject: libhfnetdriver: use defines for some constant values like ports and paths --- libhfnetdriver/netdriver.c | 6 +++--- libhfnetdriver/netdriver.h | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index d341fa4d..583a5788 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -176,7 +176,7 @@ static int netDriver_sockConnAddr(const struct sockaddr *addr, socklen_t socklen */ __attribute__((weak)) uint16_t HonggfuzzNetDriverPort( int argc HF_ATTR_UNUSED, char **argv HF_ATTR_UNUSED) { - return 8080; + return HFND_DEFAULT_TCP_PORT; } /* @@ -271,7 +271,7 @@ const char *netDriver_getSockPath(int argc HF_ATTR_UNUSED, char **argv HF_ATTR_U } else if (sock_path) { snprintf(path, sizeof(path), "%s/%s", tmpdir, sock_path); } else { - snprintf(path, sizeof(path), "%s/%s", tmpdir, "pipe"); + snprintf(path, sizeof(path), "%s/%s", tmpdir, HFND_DEFAULT_SOCK_PATH); } return path; } @@ -295,7 +295,7 @@ static bool netDriver_checkIfServerReady(int argc, char **argv) { return false; } - /* Try to connect to ${HFND_TMP_DIR}/pipe first via a PF_UNIX socket */ + /* Try to connect to ${HFND_TMP_DIR}/${HFND_DEFAULT_SOCK_PATH} first via a PF_UNIX socket */ static __thread struct sockaddr_un sun = { .sun_family = PF_UNIX, .sun_path = {}, diff --git a/libhfnetdriver/netdriver.h b/libhfnetdriver/netdriver.h index e89a3157..3b9237c1 100644 --- a/libhfnetdriver/netdriver.h +++ b/libhfnetdriver/netdriver.h @@ -13,6 +13,8 @@ extern "C" { #define HFND_TMP_DIR_OLD "/tmp/FUZZ" #define HFND_TMP_DIR "/tmp/HFND_TMP_DIR" +#define HFND_DEFAULT_TCP_PORT 8080 +#define HFND_DEFAULT_SOCK_PATH "pipe" /* * Flags which will be passed to the original program running in a separate thread should go into -- cgit v1.2.3 From 845fa0e35935aface5c049499ad3febb79df010a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 28 Nov 2019 23:19:59 +0100 Subject: libhfnetdriver: more comments --- libhfnetdriver/netdriver.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 583a5788..24321677 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -228,15 +228,19 @@ __attribute__((weak)) int HonggfuzzNetDriverTempdir(char *str, size_t size) { return snprintf(str, size, "%s", HFND_TMP_DIR); } -/* - * Put a custom sockaddr here (e.g. based on AF_UNIX) - */ +/* Put a custom sockaddr here (e.g. based on AF_UNIX) */ __attribute__((weak)) socklen_t HonggfuzzNetDriverServerAddress(struct sockaddr **addr) { + /* + * Use a non-stack based struct, e.g. with + * static __thread struct something sthig = { .sth_family = PF_SOMETHING, ... }; + * *addr = &sthig; + * return sizeof(sthing); + */ *addr = NULL; return 0; } -uint16_t netDriver_getTCPPort(int argc, char **argv) { +static uint16_t netDriver_getTCPPort(int argc, char **argv) { const char *port_str = getenv(HFND_TCP_PORT_ENV); if (port_str) { errno = 0; @@ -258,7 +262,7 @@ uint16_t netDriver_getTCPPort(int argc, char **argv) { return HonggfuzzNetDriverPort(argc, argv); } -const char *netDriver_getSockPath(int argc HF_ATTR_UNUSED, char **argv HF_ATTR_UNUSED) { +static const char *netDriver_getSockPath(int argc HF_ATTR_UNUSED, char **argv HF_ATTR_UNUSED) { char tmpdir[PATH_MAX] = {}; if (HonggfuzzNetDriverTempdir(tmpdir, sizeof(tmpdir)) == -1) { snprintf(tmpdir, sizeof(tmpdir), HFND_TMP_DIR); @@ -266,6 +270,7 @@ const char *netDriver_getSockPath(int argc HF_ATTR_UNUSED, char **argv HF_ATTR_U static __thread char path[PATH_MAX] = {}; const char *sock_path = getenv(HFND_SOCK_PATH_ENV); + /* If it starts with '/' it's an absolute path */ if (sock_path && sock_path[0] == '/') { snprintf(path, sizeof(path), "%s", sock_path); } else if (sock_path) { -- cgit v1.2.3 From 50e14d9bc2b94ac71367b6d407f204afff0fcbe0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 29 Nov 2019 07:09:20 +0100 Subject: libhfcommon/log: save/restore errno --- libhfcommon/log.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libhfcommon/log.c b/libhfcommon/log.c index c4f15c3e..5f2c8e85 100644 --- a/libhfcommon/log.c +++ b/libhfcommon/log.c @@ -83,9 +83,10 @@ void logInitLogFile(const char* logfile, int fd, enum llevel_t ll) { } void logLog(enum llevel_t ll, const char* fn, int ln, bool perr, const char* fmt, ...) { + int saved_errno = errno; char strerr[512]; if (perr == true) { - snprintf(strerr, sizeof(strerr), "%s", strerror(errno)); + snprintf(strerr, sizeof(strerr), "%s", strerror(saved_errno)); } struct ll_t { const char* descr; @@ -142,6 +143,7 @@ void logLog(enum llevel_t ll, const char* fn, int ln, bool perr, const char* fmt } /* End printing logs */ + errno = saved_errno; if (ll == FATAL) { exit(EXIT_FAILURE); } -- cgit v1.2.3 From 9f6a653555bbfd292cf1e62cf35b2d13c7cc1db1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 29 Nov 2019 16:52:42 +0100 Subject: libhfnetdriver: preserve errno in netDriver_sockConnAddr() --- libhfnetdriver/netdriver.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 24321677..4a638721 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -164,8 +164,10 @@ static int netDriver_sockConnAddr(const struct sockaddr *addr, socklen_t socklen LOG_D("Connecting to '%s'", files_sockAddrToStr(addr, socklen)); if (TEMP_FAILURE_RETRY(connect(sock, addr, socklen)) == -1) { - PLOG_W("connect(addr='%s')", files_sockAddrToStr(addr, socklen)); + int saved_errno = errno; + PLOG_D("connect(addr='%s')", files_sockAddrToStr(addr, socklen)); close(sock); + errno = saved_errno; return -1; } return sock; @@ -385,7 +387,8 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) { int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { int sock = netDriver_sockConnAddr(hfnd_globals.saddr, hfnd_globals.slen); if (sock == -1) { - LOG_F("Couldn't connect to the server socket at '%s'", + /* netDriver_sockConnAddr() preserves errno */ + PLOG_F("Couldn't connect to the server socket at '%s'", files_sockAddrToStr(hfnd_globals.saddr, hfnd_globals.slen)); } if (!files_sendToSocket(sock, buf, len)) { -- cgit v1.2.3 From e8ac344b584576eb3c91c60b8967d1157b573a37 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 29 Nov 2019 17:48:03 +0100 Subject: sanitizers/cmdline: rework sanitizer support so with -S it makes *san responsible for handling/reporting crashes --- cmdline.c | 21 ++++++++++-------- honggfuzz.h | 3 ++- sanitizers.c | 69 ++++++++++++++++++++++-------------------------------------- subproc.c | 5 +++-- 4 files changed, 42 insertions(+), 56 deletions(-) diff --git a/cmdline.c b/cmdline.c index 26ce201e..15e9efbc 100644 --- a/cmdline.c +++ b/cmdline.c @@ -143,19 +143,21 @@ bool cmdlineAddEnv(honggfuzz_t* hfuzz, char* env) { enveqlen = (uintptr_t)eqpos - (uintptr_t)env + 1; } - for (size_t i = 0; i < ARRAYSIZE(hfuzz->exe.envs); i++) { - if (hfuzz->exe.envs[i] == NULL) { - LOG_D("Adding envar '%s'", env); - hfuzz->exe.envs[i] = env; + for (size_t i = 0; i < ARRAYSIZE(hfuzz->exe.env_ptrs); i++) { + if (hfuzz->exe.env_ptrs[i] == NULL) { + LOG_D("Adding envar '%s' at pos: %zu", env, i); + hfuzz->exe.env_ptrs[i] = hfuzz->exe.env_vals[i]; + snprintf(hfuzz->exe.env_vals[i], sizeof(hfuzz->exe.env_vals[i]), "%s", env); return true; } - if (strncmp(hfuzz->exe.envs[i], env, enveqlen) == 0) { - LOG_W("Replacing envar '%s' with '%s'", hfuzz->exe.envs[i], env); - hfuzz->exe.envs[i] = env; + if (strncmp(hfuzz->exe.env_vals[i], env, enveqlen) == 0) { + LOG_W("Replacing envar '%s' with '%s'", hfuzz->exe.env_vals[i], env); + snprintf(hfuzz->exe.env_vals[i], sizeof(hfuzz->exe.env_vals[i]), "%s", env); + hfuzz->exe.env_ptrs[i] = hfuzz->exe.env_vals[i]; return true; } } - LOG_E("No more space for new envars (max.%zu)", ARRAYSIZE(hfuzz->exe.envs)); + LOG_E("No more space for new envars (max.%zu)", ARRAYSIZE(hfuzz->exe.env_ptrs)); return false; } @@ -278,7 +280,8 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .rssLimit = 0U, .dataLimit = 0U, .clearEnv = false, - .envs = {}, + .env_ptrs = {}, + .env_vals = {}, }, .timing = { diff --git a/honggfuzz.h b/honggfuzz.h index 2951a007..a89f6345 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -219,7 +219,8 @@ typedef struct { uint64_t dataLimit; uint64_t coreLimit; bool clearEnv; - char* envs[128]; + char* env_ptrs[128]; + char env_vals[128][4096]; sigset_t waitSigSet; } exe; struct { diff --git a/sanitizers.c b/sanitizers.c index 554dbf33..1bff06ce 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -58,64 +58,49 @@ * * symbolize: Disable symbolication since it changes logs (which are parsed) format */ -#define kSAN_COMMON "symbolize=0" +#define kSAN_COMMON \ + "symbolize=1:" \ + "detect_odr_violation=0:" \ + "detect_leaks=0:" \ + "allocator_may_return_null=1:" \ + "allow_user_segv_handler=0:" \ + "exitcode=" HF_XSTR(HF_SAN_EXIT_CODE) /* --{ ASan }-- */ /* - *Sanitizer specific flags (notice that if enabled 'abort_on_error' has priority + * Sanitizer specific flags (notice that if enabled 'abort_on_error' has priority * over exitcode') */ -#define kASAN_COMMON_OPTS \ - "allow_user_segv_handler=1:" \ - "handle_segv=0:" \ - "allocator_may_return_null=1:" kSAN_COMMON ":exitcode=" HF_XSTR(HF_SAN_EXIT_CODE) -/* Platform specific flags */ -#if defined(__ANDROID__) -/* - * start_deactivated: Enable on Android to reduce memory usage (useful when not all - * target's DSOs are compiled with sanitizer enabled - */ -#define kASAN_OPTS kASAN_COMMON_OPTS ":start_deactivated=1" -#else -#define kASAN_OPTS kASAN_COMMON_OPTS -#endif +#define kASAN_OPTS kSAN_COMMON /* --{ UBSan }-- */ -#define kUBSAN_OPTS kSAN_COMMON ":exitcode=" STR(HF_SAN_EXIT_CODE) +#define kUBSAN_OPTS kSAN_COMMON /* --{ MSan }-- */ -#define kMSAN_OPTS \ - kSAN_COMMON ":exit_code=" STR(HF_SAN_EXIT_CODE) ":" \ - "wrap_signals=0:print_stats=1" +#define kMSAN_OPTS kSAN_COMMON ":wrap_signals=0:print_stats=1" + +/* --{ LSan }-- */ +#define kLSAN_OPTS kSAN_COMMON /* If no sanitzer support was requested, simply make it use abort() on errors */ #define kSAN_REGULAR \ "abort_on_error=1:handle_segv=0:handle_sigbus=0:handle_abort=0:" \ "handle_sigill=0:handle_sigfpe=0:allocator_may_return_null=1:" \ - "symbolize=1:detect_leaks=0:disable_coredump=0:" \ + "symbolize=0:detect_leaks=0:disable_coredump=0:" \ "detect_odr_violation=0" -/* - * If the program ends with a signal that ASan does not handle (or can not - * handle at all, like SIGKILL), coverage data will be lost. This is a big - * problem on Android, where SIGKILL is a normal way of evicting applications - * from memory. With 'coverage_direct=1' coverage data is written to a - * memory-mapped file as soon as it collected. Non-Android targets can disable - * coverage direct when more coverage data collection methods are implemented. - */ -#define kSAN_COV_OPTS "coverage=1:coverage_direct=1" - -static void sanitizers_AddFlag(honggfuzz_t* hfuzz, const char* env, char* buf, size_t buflen) { +static void sanitizers_AddFlag(honggfuzz_t* hfuzz, const char* env, const char* val) { const char* abortFlag = hfuzz->cfg.monitorSIGABRT ? kABORT_ENABLED : kABORT_DISABLED; if (getenv(env)) { LOG_W("The '%s' envar is already set. Not overriding it!", env); return; } + char buf[4096] = {}; if (!hfuzz->sanitizer.enable) { - snprintf(buf, buflen, "%s=%s", env, kSAN_REGULAR); + snprintf(buf, sizeof(buf), "%s=%s", env, kSAN_REGULAR); } else { - snprintf(buf, buflen, "%s=%s:%s:%s%s/%s", env, kASAN_OPTS, abortFlag, kSANLOGDIR, + snprintf(buf, sizeof(buf), "%s=%s:%s:%s%s/%s", env, val, abortFlag, kSANLOGDIR, hfuzz->io.workDir, kLOGPREFIX); } /* @@ -124,22 +109,18 @@ static void sanitizers_AddFlag(honggfuzz_t* hfuzz, const char* env, char* buf, s * be used in multi-threaded contexts */ if (!hfuzz->exe.netDriver && hfuzz->exe.rssLimit) { - util_ssnprintf(buf, buflen, ":soft_rss_limit_mb=%" PRId64, hfuzz->exe.rssLimit); + util_ssnprintf(buf, sizeof(buf), ":soft_rss_limit_mb=%" PRId64, hfuzz->exe.rssLimit); } cmdlineAddEnv(hfuzz, buf); - LOG_D("%s", env); + LOG_D("%s", buf); } bool sanitizers_Init(honggfuzz_t* hfuzz) { - static char asanOpts[4096]; - sanitizers_AddFlag(hfuzz, "ASAN_OPTIONS", asanOpts, sizeof(asanOpts)); - static char ubsanOpts[4096]; - sanitizers_AddFlag(hfuzz, "UBSAN_OPTIONS", ubsanOpts, sizeof(ubsanOpts)); - static char msanOpts[4096]; - sanitizers_AddFlag(hfuzz, "MSAN_OPTIONS", msanOpts, sizeof(msanOpts)); - static char lsanOpts[4096]; - sanitizers_AddFlag(hfuzz, "LSAN_OPTIONS", lsanOpts, sizeof(lsanOpts)); + sanitizers_AddFlag(hfuzz, "ASAN_OPTIONS", kASAN_OPTS); + sanitizers_AddFlag(hfuzz, "UBSAN_OPTIONS", kUBSAN_OPTS); + sanitizers_AddFlag(hfuzz, "MSAN_OPTIONS", kMSAN_OPTS); + sanitizers_AddFlag(hfuzz, "LSAN_OPTIONS", kLSAN_OPTS); return true; } diff --git a/subproc.c b/subproc.c index defcbd97..492911e0 100644 --- a/subproc.c +++ b/subproc.c @@ -233,8 +233,9 @@ static bool subproc_PrepareExecv(run_t* run) { if (run->global->exe.clearEnv) { environ = NULL; } - for (size_t i = 0; i < ARRAYSIZE(run->global->exe.envs) && run->global->exe.envs[i]; i++) { - putenv(run->global->exe.envs[i]); + for (size_t i = 0; i < ARRAYSIZE(run->global->exe.env_ptrs) && run->global->exe.env_ptrs[i]; + i++) { + putenv(run->global->exe.env_ptrs[i]); } char fuzzNo[128]; snprintf(fuzzNo, sizeof(fuzzNo), "%" PRId32, run->fuzzNo); -- cgit v1.2.3 From 76db6f5f001e67a9e9e3721514e2de05728be4ae Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 29 Nov 2019 18:03:40 +0100 Subject: sanitizers: use handle_sig*=2 explicitly, so *san handle thos --- sanitizers.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sanitizers.c b/sanitizers.c index 1bff06ce..8da07961 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -64,6 +64,10 @@ "detect_leaks=0:" \ "allocator_may_return_null=1:" \ "allow_user_segv_handler=0:" \ + "handle_segv=2:" \ + "handle_sigbus=2:" \ + "handle_sigill=2:" \ + "handle_sigfpe=2:" \ "exitcode=" HF_XSTR(HF_SAN_EXIT_CODE) /* --{ ASan }-- */ -- cgit v1.2.3 From 7a1d2d6e0f711cca95ab6166e1c7db60223c087f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 29 Nov 2019 18:11:08 +0100 Subject: linux/trace: don't handle SIGSEGV/SIGBUS/SIGILL/SIGFPE is -S is enabled --- linux/trace.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/linux/trace.c b/linux/trace.c index 46495cf8..a443911f 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -1381,4 +1381,14 @@ void arch_traceSignalsInit(honggfuzz_t* hfuzz) { /* Default is false */ arch_sigs[SIGVTALRM].important = hfuzz->timing.tmoutVTALRM; + + /* Let *SAN handle it, if it's enabled */ + if (hfuzz->sanitizer.enable) { + LOG_I("Sanitizer support enabled. SIGSEGV/SIGBUS/SIGILL/SIGFPE should be handled by *SAN " + "code"); + arch_sigs[SIGSEGV].important = false; + arch_sigs[SIGBUS].important = false; + arch_sigs[SIGILL].important = false; + arch_sigs[SIGFPE].important = false; + } } -- cgit v1.2.3 From 6fccfa5f3af9f5ad1462d1d4b03cf72df4ff008e Mon Sep 17 00:00:00 2001 From: Michael Hanselmann Date: Fri, 29 Nov 2019 18:28:54 +0100 Subject: Use sockaddr length from fuzzer Commit 6814cb6a0 made major changes and introduced the "HonggfuzzNetDriverServerAddress" function which can be defined by a fuzzer. Unfortunately the connection attempt didn't use the fuzzer-provided length and thus truncated longer socket address structures such as "sockaddr_un". Signed-off-by: Michael Hanselmann --- libhfnetdriver/netdriver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 4a638721..30f53e5c 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -288,7 +288,7 @@ static bool netDriver_checkIfServerReady(int argc, char **argv) { socklen_t slen = HonggfuzzNetDriverServerAddress(&addr); if (slen > 0) { /* User provided specific destination address */ - int fd = netDriver_sockConnAddr(addr, sizeof(addr)); + int fd = netDriver_sockConnAddr(addr, slen); if (fd >= 0) { close(fd); hfnd_globals.saddr = addr; -- cgit v1.2.3 From 5a52d5e34c977725c1f14d0b0b2321aa3d6b0537 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 29 Nov 2019 20:56:22 +0100 Subject: linux/trace: debug msg --- linux/trace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/linux/trace.c b/linux/trace.c index a443911f..aeecccf2 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -1384,8 +1384,8 @@ void arch_traceSignalsInit(honggfuzz_t* hfuzz) { /* Let *SAN handle it, if it's enabled */ if (hfuzz->sanitizer.enable) { - LOG_I("Sanitizer support enabled. SIGSEGV/SIGBUS/SIGILL/SIGFPE should be handled by *SAN " - "code"); + LOG_I("Sanitizer support enabled. SIGSEGV/SIGBUS/SIGILL/SIGFPE will not be reported, and " + "should be handled by *SAN code internally"); arch_sigs[SIGSEGV].important = false; arch_sigs[SIGBUS].important = false; arch_sigs[SIGILL].important = false; -- cgit v1.2.3 From eca95ba5cb95beff5dd0d874c40ec3b30b0efee2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 29 Nov 2019 23:45:56 +0100 Subject: libhfnetdriver: dbg message --- libhfnetdriver/netdriver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 30f53e5c..7a2337c2 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -348,7 +348,7 @@ static bool netDriver_checkIfServerReady(int argc, char **argv) { } LOG_I("Honggfuzz Net Driver (pid=%d): Waiting for the TCP server process to start " - "accepting connections at TCP4 and TCP6 port: %hu and at the socket path: '%s'", + "accepting connections at TCP4/TCP6 port: %hu or at the socket path: '%s'", (int)getpid(), netDriver_getTCPPort(argc, argv), sun.sun_path); return false; } -- cgit v1.2.3 From fbed255969c5c16f6fd9472db460c020761e4682 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 30 Nov 2019 01:02:26 +0100 Subject: linux/trace: save multiple crashes per run --- linux/trace.c | 4 ++-- report.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/linux/trace.c b/linux/trace.c index aeecccf2..d3cfb326 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -565,7 +565,7 @@ static void arch_hashCallstack(run_t* run, funcs_t* funcs, size_t funcCnt, bool static void arch_traceGenerateReport( pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, siginfo_t* si, const char* instr) { - run->report[0] = '\0'; + util_ssnprintf(run->report, sizeof(run->report), "CRASH:\n"); util_ssnprintf(run->report, sizeof(run->report), "ORIG_FNAME: %s\n", run->origFileName); util_ssnprintf(run->report, sizeof(run->report), "FUZZ_FNAME: %s\n", run->crashFileName); util_ssnprintf(run->report, sizeof(run->report), "PID: %d\n", pid); @@ -1082,7 +1082,7 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { } /* Generate report */ - run->report[0] = '\0'; + util_ssnprintf(run->report, sizeof(run->report), "CRASH:\n"); util_ssnprintf(run->report, sizeof(run->report), "EXIT_CODE: %d\n", HF_SAN_EXIT_CODE); util_ssnprintf(run->report, sizeof(run->report), "ORIG_FNAME: %s\n", run->origFileName); util_ssnprintf(run->report, sizeof(run->report), "FUZZ_FNAME: %s\n", run->crashFileName); diff --git a/report.c b/report.c index 034a1868..d3136f35 100644 --- a/report.c +++ b/report.c @@ -38,7 +38,7 @@ static int reportFD = -1; #if defined(_HF_ARCH_LINUX) static void report_printdynFileMethod(run_t* run) { - dprintf(reportFD, " dynFileMethod: "); + dprintf(reportFD, " dynFileMethod : "); if (run->global->feedback.dynFileMethod == 0) dprintf(reportFD, "NONE\n"); else { @@ -57,7 +57,7 @@ static void report_printdynFileMethod(run_t* run) { #endif static void report_printTargetCmd(run_t* run) { - dprintf(reportFD, " fuzzTarget : "); + dprintf(reportFD, " fuzzTarget : "); for (int x = 0; run->global->exe.cmdline[x]; x++) { dprintf(reportFD, "%s ", run->global->exe.cmdline[x]); } -- cgit v1.2.3 From b0eb49d21074b44e742bbceca62a7af0c4e69c2d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 30 Nov 2019 02:10:30 +0100 Subject: linux/trace: simplify poarsing asan reports --- linux/trace.c | 122 ++++++++++++++++++++++------------------------------------ 1 file changed, 46 insertions(+), 76 deletions(-) diff --git a/linux/trace.c b/linux/trace.c index d3cfb326..c8a2ee72 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -844,8 +844,8 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { } /* TODO: Add report parsing support for other sanitizers too */ -static int arch_parseAsanReport( - run_t* run, pid_t pid, funcs_t* funcs, void** crashAddr, char** op) { +static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, void** crashAddr, void** pc, + char** op, char* description) { char crashReport[PATH_MAX] = {0}; const char* const crashReportCpy = crashReport; snprintf( @@ -863,14 +863,8 @@ static int arch_parseAsanReport( unlink(crashReportCpy); }; - char header[35] = {0}; - snprintf(header, sizeof(header), "==%d==ERROR: AddressSanitizer:", pid); - size_t headerSz = strlen(header); bool headerFound = false; - - uint8_t frameIdx = 0; - char framePrefix[5] = {0}; - snprintf(framePrefix, sizeof(framePrefix), "#%" PRIu8, frameIdx); + unsigned int frameIdx = 0; char *lineptr = NULL, *cAddr = NULL; size_t n = 0; @@ -884,21 +878,21 @@ static int arch_parseAsanReport( /* First step is to identify header */ if (!headerFound) { - if ((strlen(lineptr) > headerSz) && (strncmp(header, lineptr, headerSz) == 0)) { - headerFound = true; - - /* Parse crash address */ - cAddr = strstr(lineptr, "address 0x"); - if (cAddr) { - cAddr = cAddr + strlen("address "); - char* endOff = strchr(cAddr, ' '); - cAddr[endOff - cAddr] = '\0'; - *crashAddr = (void*)((size_t)strtoull(cAddr, NULL, 16)); - } else { - *crashAddr = 0x0; - } + int reportpid = 0; + if (sscanf(lineptr, "==%d==ERROR: AddressSanitizer:", &reportpid) != 1) { + continue; } - continue; + if (reportpid != pid) { + LOG_W( + "SAN report found in '%s', but its PID:%d is different from the needed PID:%d", + crashReport, reportpid, pid); + break; + } + headerFound = true; + sscanf(lineptr, + "==%d==ERROR: AddressSanitizer: %" HF_XSTR( + PATH_MAX) "[^ ] on address 0x%p at pc 0x%p", + &reportpid, description, pc, crashAddr); } else { char* pLineLC = lineptr; /* Trim leading spaces */ @@ -911,11 +905,6 @@ static int arch_parseAsanReport( break; } - /* Basic length checks */ - if (strlen(pLineLC) < 10) { - continue; - } - /* If available parse the type of error (READ/WRITE) */ if (cAddr && strstr(pLineLC, cAddr)) { if (strncmp(pLineLC, "READ", 4) == 0) { @@ -926,41 +915,23 @@ static int arch_parseAsanReport( cAddr = NULL; } - /* Check for crash thread frames */ - if (strncmp(pLineLC, framePrefix, strlen(framePrefix)) == 0) { - /* Abort if max depth */ - if (frameIdx >= _HF_MAX_FUNCS) { - break; - } - - /* - * Frames have following format: - #0 0xaa860177 (/system/lib/libc.so+0x196177) - */ - char* savePtr = NULL; - strtok_r(pLineLC, " ", &savePtr); - funcs[frameIdx].pc = - (void*)((size_t)strtoull(strtok_r(NULL, " ", &savePtr), NULL, 16)); - - /* DSO & code offset parsing */ - char* targetStr = strtok_r(NULL, " ", &savePtr); - char* startOff = strchr(targetStr, '(') + 1; - char* plusOff = strchr(targetStr, '+'); - char* endOff = strrchr(targetStr, ')'); - targetStr[endOff - startOff] = '\0'; - if ((startOff == NULL) || (endOff == NULL) || (plusOff == NULL)) { - LOG_D("Invalid ASan report entry (%s)", lineptr); - } else { - size_t dsoSz = - MIN(sizeof(funcs[frameIdx].mapName), (size_t)(plusOff - startOff)); - memcpy(funcs[frameIdx].mapName, startOff, dsoSz); - char* codeOff = targetStr + (plusOff - startOff) + 1; - funcs[frameIdx].line = strtoull(codeOff, NULL, 16); - } + /* + * Frames have following format: + #0 0x1e94738 in smb2_signing_decrypt_pdu /home/test/libcli/smb/smb2_signing.c:617:3 + */ - frameIdx++; - snprintf(framePrefix, sizeof(framePrefix), "#%" PRIu8, frameIdx); + if (sscanf(pLineLC, "#%u", &frameIdx) != 1) { + continue; } + if (frameIdx >= _HF_MAX_FUNCS) { + frameIdx = _HF_MAX_FUNCS - 1; + break; + } + unsigned int frameIdxCpy; + sscanf(pLineLC, + "#%u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ) "[^ ] %" HF_XSTR(PATH_MAX) "[^:\n]:%zu", + &frameIdxCpy, &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName, + &funcs[frameIdx].line); } } @@ -973,7 +944,7 @@ static int arch_parseAsanReport( * the same format for compatibility with post campaign tools. */ static void arch_traceExitSaveData(run_t* run, pid_t pid) { - REG_TYPE pc = 0; + void* pc = NULL; void* crashAddr = 0; char* op = "UNKNOWN"; @@ -994,11 +965,8 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { }; memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t)); - /* Sanitizers save reports against parent PID */ - if (run->pid != pid) { - return; - } - funcCnt = arch_parseAsanReport(run, pid, funcs, &crashAddr, &op); + char description[PATH_MAX] = {}; + funcCnt = arch_parseAsanReport(run, pid, funcs, &pc, &crashAddr, &op, description); /* * -1 error indicates a file not found for report. This is expected to happen often since @@ -1019,7 +987,6 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { /* If frames successfully recovered, calculate stack hash & populate crash PC */ arch_hashCallstack(run, funcs, funcCnt, false); - pc = (uintptr_t)funcs[0].pc; /* * Check if stackhash is blacklisted @@ -1040,17 +1007,17 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { /* Keep the crashes file name format identical */ if (run->backtrace != 0ULL && run->global->io.saveUnique) { snprintf(run->crashFileName, sizeof(run->crashFileName), - "%s/%s.PC.%" REG_PM ".STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s", - run->global->io.crashDir, "SAN", pc, run->backtrace, op, crashAddr, "[UNKNOWN]", - run->global->io.fileExtn); + "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s", + run->global->io.crashDir, "SAN", (uint64_t)pc, run->backtrace, op, crashAddr, + "[UNKNOWN]", run->global->io.fileExtn); } else { /* If no stack hash available, all crashes treated as unique */ char localtmstr[PATH_MAX]; util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL)); snprintf(run->crashFileName, sizeof(run->crashFileName), - "%s/%s.PC.%" REG_PM ".STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s.%s", - run->global->io.crashDir, "SAN", pc, run->backtrace, op, crashAddr, "[UNKNOWN]", - localtmstr, run->global->io.fileExtn); + "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s.%s", + run->global->io.crashDir, "SAN", (uint64_t)pc, run->backtrace, op, crashAddr, + "[UNKNOWN]", localtmstr, run->global->io.fileExtn); } } @@ -1089,6 +1056,7 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { util_ssnprintf(run->report, sizeof(run->report), "PID: %d\n", pid); util_ssnprintf(run->report, sizeof(run->report), "OPERATION: %s\n", op); util_ssnprintf(run->report, sizeof(run->report), "FAULT ADDRESS: %p\n", crashAddr); + util_ssnprintf(run->report, sizeof(run->report), "DESCRIPTION: %s\n", description); if (funcCnt > 0) { util_ssnprintf( run->report, sizeof(run->report), "STACK HASH: %016" PRIx64 "\n", run->backtrace); @@ -1097,7 +1065,7 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { util_ssnprintf(run->report, sizeof(run->report), " <" REG_PD REG_PM "> ", (REG_TYPE)(long)funcs[i].pc); if (funcs[i].mapName[0] != '\0') { - util_ssnprintf(run->report, sizeof(run->report), "[%s + 0x%zx]\n", funcs[i].mapName, + util_ssnprintf(run->report, sizeof(run->report), "[%s:%zu]\n", funcs[i].mapName, funcs[i].line); } else { util_ssnprintf(run->report, sizeof(run->report), "[]\n"); @@ -1116,7 +1084,9 @@ static void arch_traceExitAnalyzeData(run_t* run, pid_t pid) { }; memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t)); - funcCnt = arch_parseAsanReport(run, pid, funcs, &crashAddr, &op); + char description[PATH_MAX] = {}; + void* pc = NULL; + funcCnt = arch_parseAsanReport(run, pid, funcs, &pc, &crashAddr, &op, description); /* * -1 error indicates a file not found for report. This is expected to happen often since -- cgit v1.2.3 From dbeed2c03102e67fe321a05258b8396796eec6e4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 30 Nov 2019 02:12:35 +0100 Subject: linux/trace: use longer description for the report --- linux/trace.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/linux/trace.c b/linux/trace.c index c8a2ee72..89078ca2 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -893,6 +893,8 @@ static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, void** cr "==%d==ERROR: AddressSanitizer: %" HF_XSTR( PATH_MAX) "[^ ] on address 0x%p at pc 0x%p", &reportpid, description, pc, crashAddr); + sscanf(lineptr, "==%d==ERROR: AddressSanitizer: %" HF_XSTR(PATH_MAX) "[^\n]", + &reportpid, description); } else { char* pLineLC = lineptr; /* Trim leading spaces */ -- cgit v1.2.3 From e7539135146927747cd2b5b7cc722b1a6917679e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 30 Nov 2019 02:16:12 +0100 Subject: linux/trace: save backtrace for the report --- linux/trace.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/linux/trace.c b/linux/trace.c index 89078ca2..08a87357 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -1023,6 +1023,7 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { } } + uintptr_t savedBacktrace = run->backtrace; int fd = TEMP_FAILURE_RETRY(open(run->crashFileName, O_WRONLY | O_EXCL | O_CREAT, 0600)); if (fd == -1 && errno == EEXIST) { LOG_I("It seems that '%s' already exists, skipping", run->crashFileName); @@ -1061,7 +1062,7 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { util_ssnprintf(run->report, sizeof(run->report), "DESCRIPTION: %s\n", description); if (funcCnt > 0) { util_ssnprintf( - run->report, sizeof(run->report), "STACK HASH: %016" PRIx64 "\n", run->backtrace); + run->report, sizeof(run->report), "STACK HASH: %016" PRIx64 "\n", savedBacktrace); util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); for (int i = 0; i < funcCnt; i++) { util_ssnprintf(run->report, sizeof(run->report), " <" REG_PD REG_PM "> ", -- cgit v1.2.3 From 83cd9336887c764d84dd3e351a279c015e7aa49a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 30 Nov 2019 14:48:30 +0100 Subject: libhfnetdriver: use 'socket' instead of 'pipe' for the default socket name --- libhfnetdriver/netdriver.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfnetdriver/netdriver.h b/libhfnetdriver/netdriver.h index 3b9237c1..01037bc3 100644 --- a/libhfnetdriver/netdriver.h +++ b/libhfnetdriver/netdriver.h @@ -14,7 +14,7 @@ extern "C" { #define HFND_TMP_DIR_OLD "/tmp/FUZZ" #define HFND_TMP_DIR "/tmp/HFND_TMP_DIR" #define HFND_DEFAULT_TCP_PORT 8080 -#define HFND_DEFAULT_SOCK_PATH "pipe" +#define HFND_DEFAULT_SOCK_PATH "socket" /* * Flags which will be passed to the original program running in a separate thread should go into -- cgit v1.2.3 From 7ea9265f4900b30b1a21f20bab882ba0a35144ae Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 1 Dec 2019 18:37:39 +0100 Subject: sanitizers: clean up san_options for various cases --- sanitizers.c | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/sanitizers.c b/sanitizers.c index 8da07961..9c35ad06 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -51,7 +51,7 @@ /* Raise SIGABRT on error or continue with exitcode logic */ #define kABORT_ENABLED "abort_on_error=1" -#define kABORT_DISABLED "abort_on_error=0" +#define kABORT_DISABLED "abort_on_error=0:exitcode=" HF_XSTR(HF_SAN_EXIT_CODE) /* * Common sanitizer flags @@ -60,15 +60,16 @@ */ #define kSAN_COMMON \ "symbolize=1:" \ - "detect_odr_violation=0:" \ "detect_leaks=0:" \ + "disable_coredump=0:" \ + "detect_odr_violation=0:" \ "allocator_may_return_null=1:" \ "allow_user_segv_handler=0:" \ "handle_segv=2:" \ "handle_sigbus=2:" \ + "handle_abort=2:" \ "handle_sigill=2:" \ - "handle_sigfpe=2:" \ - "exitcode=" HF_XSTR(HF_SAN_EXIT_CODE) + "handle_sigfpe=2" /* --{ ASan }-- */ /* @@ -86,12 +87,20 @@ /* --{ LSan }-- */ #define kLSAN_OPTS kSAN_COMMON -/* If no sanitzer support was requested, simply make it use abort() on errors */ -#define kSAN_REGULAR \ - "abort_on_error=1:handle_segv=0:handle_sigbus=0:handle_abort=0:" \ - "handle_sigill=0:handle_sigfpe=0:allocator_may_return_null=1:" \ - "symbolize=0:detect_leaks=0:disable_coredump=0:" \ - "detect_odr_violation=0" +/* If no sanitzer support was requested, simply abort() on errors */ +#define kSAN_REGULAR \ + "symbolize=0:" \ + "detect_leaks=0:" \ + "disable_coredump=0:" \ + "detect_odr_violation=0:" \ + "allocator_may_return_null=1:" \ + "allow_user_segv_handler=1:" \ + "handle_segv=0:" \ + "handle_sigbus=0:" \ + "handle_abort=0:" \ + "handle_sigill=0:" \ + "handle_sigfpe=0:" \ + "abort_on_error=1" static void sanitizers_AddFlag(honggfuzz_t* hfuzz, const char* env, const char* val) { const char* abortFlag = hfuzz->cfg.monitorSIGABRT ? kABORT_ENABLED : kABORT_DISABLED; -- cgit v1.2.3 From 5cd9b5e998c8f95d04d51929fa47773dceca86ec Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 1 Dec 2019 22:09:11 +0100 Subject: netdriver: make it possible to specify both type (e.g. SOCK_DGRAM) and protocol for the destination address. This requires change to the HonggfuzzNetDriverServerAddress() declaration, as it needs to enable its users to specify those two additional params. Additionally, pass struct sockaddr_storage to HonggfuzzNetDriverServerAddress(), as this will prevent this func for owning storage for the used sockaddr. It was not a bug, but this semantics should be more familiar for C coders. --- libhfnetdriver/netdriver.c | 134 +++++++++++++++++++++++++-------------------- libhfnetdriver/netdriver.h | 2 +- 2 files changed, 77 insertions(+), 59 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 7a2337c2..0b0585b0 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -38,13 +38,19 @@ static char *initial_server_argv[] = {"fuzzer", NULL}; static struct { int argc_server; char **argv_server; - struct sockaddr *saddr; - socklen_t slen; + struct { + struct sockaddr_storage addr; + socklen_t slen; + int type; /* as per man 2 socket */ + int protocol; /* as per man 2 socket */ + } dest_addr; } hfnd_globals = { .argc_server = 1, .argv_server = initial_server_argv, - .saddr = NULL, - .slen = 0, + .dest_addr = + { + .addr.ss_family = AF_UNSPEC, + }, }; extern int HonggfuzzNetDriver_main(int argc, char **argv); @@ -134,11 +140,12 @@ static void netDriver_bindToRndLoopback(int sock, sa_family_t sa_family) { } } -static int netDriver_sockConnAddr(const struct sockaddr *addr, socklen_t socklen) { - int sock = socket(addr->sa_family, SOCK_STREAM, 0); +static int netDriver_sockConnAddr( + const struct sockaddr *addr, socklen_t socklen, int type, int protocol) { + int sock = socket(addr->sa_family, type, protocol); if (sock == -1) { - PLOG_W("socket(type=%d for dst_addr='%s', SOCK_STREAM, 0)", addr->sa_family, - files_sockAddrToStr(addr, socklen)); + PLOG_W("socket(family=%d for dst_addr='%s', type=%d, protocol=%d)", addr->sa_family, + files_sockAddrToStr(addr, socklen), type, protocol); return -1; } if (addr->sa_family == AF_INET || addr->sa_family == AF_INET6) { @@ -165,7 +172,8 @@ static int netDriver_sockConnAddr(const struct sockaddr *addr, socklen_t socklen LOG_D("Connecting to '%s'", files_sockAddrToStr(addr, socklen)); if (TEMP_FAILURE_RETRY(connect(sock, addr, socklen)) == -1) { int saved_errno = errno; - PLOG_D("connect(addr='%s')", files_sockAddrToStr(addr, socklen)); + PLOG_D("connect(addr='%s', type=%d protocol=%d)", files_sockAddrToStr(addr, socklen), type, + protocol); close(sock); errno = saved_errno; return -1; @@ -230,15 +238,11 @@ __attribute__((weak)) int HonggfuzzNetDriverTempdir(char *str, size_t size) { return snprintf(str, size, "%s", HFND_TMP_DIR); } -/* Put a custom sockaddr here (e.g. based on AF_UNIX) */ -__attribute__((weak)) socklen_t HonggfuzzNetDriverServerAddress(struct sockaddr **addr) { - /* - * Use a non-stack based struct, e.g. with - * static __thread struct something sthig = { .sth_family = PF_SOMETHING, ... }; - * *addr = &sthig; - * return sizeof(sthing); - */ - *addr = NULL; +/* Put a custom sockaddr here (e.g. based on AF_UNIX), sety *type and *protocol as per man 2 socket + */ +__attribute__((weak)) socklen_t HonggfuzzNetDriverServerAddress( + struct sockaddr_storage *addr HF_ATTR_UNUSED, int *type HF_ATTR_UNUSED, + int *protocol HF_ATTR_UNUSED) { return 0; } @@ -283,72 +287,80 @@ static const char *netDriver_getSockPath(int argc HF_ATTR_UNUSED, char **argv HF return path; } +static bool netDriver_connAndAssign( + const struct sockaddr *addr, socklen_t slen, int type, int protocol) { + if (slen > sizeof(hfnd_globals.dest_addr.addr)) { + LOG_F("Provided address '%s' is bigger than sizeof(struct sockaddr_storage): %zu > %zu", + files_sockAddrToStr(addr, slen), (size_t)slen, sizeof(hfnd_globals.dest_addr.addr)); + } + int fd = netDriver_sockConnAddr(addr, slen, type, protocol); + if (fd >= 0) { + close(fd); + memcpy(&hfnd_globals.dest_addr.addr, addr, slen); + hfnd_globals.dest_addr.slen = slen; + hfnd_globals.dest_addr.type = type; + hfnd_globals.dest_addr.protocol = protocol; + return true; + } + return false; +} + static bool netDriver_checkIfServerReady(int argc, char **argv) { - struct sockaddr *addr; - socklen_t slen = HonggfuzzNetDriverServerAddress(&addr); + struct sockaddr_storage addr = {.ss_family = AF_UNSPEC}; + int type = SOCK_STREAM; + int protocol = 0; + socklen_t slen = HonggfuzzNetDriverServerAddress(&addr, &type, &protocol); + /* User provided specific destination address */ if (slen > 0) { - /* User provided specific destination address */ - int fd = netDriver_sockConnAddr(addr, slen); - if (fd >= 0) { - close(fd); - hfnd_globals.saddr = addr; - hfnd_globals.slen = slen; + if (netDriver_connAndAssign((struct sockaddr *)&addr, slen, type, protocol)) { return true; } LOG_I("Honggfuzz Net Driver (pid=%d): Waiting for the server process to start " "accepting connections at '%s'", - (int)getpid(), files_sockAddrToStr(addr, slen)); + (int)getpid(), files_sockAddrToStr((struct sockaddr *)&addr, slen)); return false; } /* Try to connect to ${HFND_TMP_DIR}/${HFND_DEFAULT_SOCK_PATH} first via a PF_UNIX socket */ - static __thread struct sockaddr_un sun = { + struct sockaddr_un sun = { .sun_family = PF_UNIX, .sun_path = {}, }; snprintf(sun.sun_path, sizeof(sun.sun_path), "%s", netDriver_getSockPath(argc, argv)); - int fd = netDriver_sockConnAddr((struct sockaddr *)&sun, sizeof(sun)); - if (fd >= 0) { - close(fd); - hfnd_globals.saddr = (struct sockaddr *)&sun; - hfnd_globals.slen = sizeof(sun); + if (netDriver_connAndAssign((const struct sockaddr *)&sun, sizeof(sun), SOCK_STREAM, 0)) { + return true; + } + if (netDriver_connAndAssign((const struct sockaddr *)&sun, sizeof(sun), SOCK_DGRAM, 0)) { + return true; + } +#if defined(SOCK_SEQPACKET) + if (netDriver_connAndAssign((const struct sockaddr *)&sun, sizeof(sun), SOCK_SEQPACKET, 0)) { return true; } +#endif /* defined(SOCK_SEQPACKET) */ /* Next, try TCP4 and TCP6 connections to the localhost */ - static __thread struct sockaddr_in addr4 = { + const struct sockaddr_in addr4 = { .sin_family = PF_INET, - .sin_port = 0, - .sin_addr.s_addr = 0, + .sin_port = htons(netDriver_getTCPPort(argc, argv)), + .sin_addr.s_addr = htonl(INADDR_LOOPBACK), }; - addr4.sin_port = htons(netDriver_getTCPPort(argc, argv)); - addr4.sin_addr.s_addr = htonl(INADDR_LOOPBACK); - fd = netDriver_sockConnAddr((struct sockaddr *)&addr4, sizeof(addr4)); - if (fd >= 0) { - close(fd); - hfnd_globals.saddr = (struct sockaddr *)&addr4; - hfnd_globals.slen = sizeof(addr4); + if (netDriver_connAndAssign((const struct sockaddr *)&addr4, sizeof(addr4), SOCK_STREAM, 0)) { return true; } - static __thread struct sockaddr_in6 addr6 = { + const struct sockaddr_in6 addr6 = { .sin6_family = PF_INET6, - .sin6_port = 0, + .sin6_port = htons(netDriver_getTCPPort(argc, argv)), .sin6_flowinfo = 0, - .sin6_addr = {}, + .sin6_addr = in6addr_loopback, .sin6_scope_id = 0, }; - addr6.sin6_port = htons(netDriver_getTCPPort(argc, argv)); - addr6.sin6_addr = in6addr_loopback; - fd = netDriver_sockConnAddr((struct sockaddr *)&addr6, sizeof(addr6)); - if (fd >= 0) { - close(fd); - hfnd_globals.saddr = (struct sockaddr *)&addr6; - hfnd_globals.slen = sizeof(addr6); + if (netDriver_connAndAssign((const struct sockaddr *)&addr6, sizeof(addr6), SOCK_STREAM, 0)) { return true; } LOG_I("Honggfuzz Net Driver (pid=%d): Waiting for the TCP server process to start " - "accepting connections at TCP4/TCP6 port: %hu or at the socket path: '%s'", + "accepting connections at TCP4/TCP6 port: %hu or at the socket path: '%.108s'", (int)getpid(), netDriver_getTCPPort(argc, argv), sun.sun_path); return false; } @@ -379,21 +391,27 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) { LOG_I("Honggfuzz Net Driver (pid=%d): The server process is ready to accept connections at " "'%s'. Fuzzing starts now!", - (int)getpid(), files_sockAddrToStr(hfnd_globals.saddr, hfnd_globals.slen)); + (int)getpid(), + files_sockAddrToStr( + (const struct sockaddr *)&hfnd_globals.dest_addr.addr, hfnd_globals.dest_addr.slen)); return 0; } int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { - int sock = netDriver_sockConnAddr(hfnd_globals.saddr, hfnd_globals.slen); + int sock = netDriver_sockConnAddr((const struct sockaddr *)&hfnd_globals.dest_addr.addr, + hfnd_globals.dest_addr.slen, hfnd_globals.dest_addr.type, hfnd_globals.dest_addr.protocol); if (sock == -1) { /* netDriver_sockConnAddr() preserves errno */ PLOG_F("Couldn't connect to the server socket at '%s'", - files_sockAddrToStr(hfnd_globals.saddr, hfnd_globals.slen)); + files_sockAddrToStr((const struct sockaddr *)&hfnd_globals.dest_addr.addr, + hfnd_globals.dest_addr.slen)); } if (!files_sendToSocket(sock, buf, len)) { PLOG_W("files_sendToSocket(addr='%s', sock=%d, len=%zu) failed", - files_sockAddrToStr(hfnd_globals.saddr, hfnd_globals.slen), sock, len); + files_sockAddrToStr( + (const struct sockaddr *)&hfnd_globals.dest_addr.addr, hfnd_globals.dest_addr.slen), + sock, len); close(sock); return 0; } diff --git a/libhfnetdriver/netdriver.h b/libhfnetdriver/netdriver.h index 01037bc3..bf8b5a5b 100644 --- a/libhfnetdriver/netdriver.h +++ b/libhfnetdriver/netdriver.h @@ -35,7 +35,7 @@ int HonggfuzzNetDriverTempdir(char* str, size_t size); * Return 0 if only the standard connection protocols should be used (i.e. currently TCP4/TCP6 and * PF_UNIX via a set of standardized TCP ports (e.g. 8080) and paths) */ -socklen_t HonggfuzzNetDriverServerAddress(struct sockaddr** addr); +socklen_t HonggfuzzNetDriverServerAddress(struct sockaddr_storage* addr, int* type, int* protocol); #ifdef __cplusplus } -- cgit v1.2.3 From 30c769b8023c2828337f767a7fe2fcfa6a18630c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 2 Dec 2019 19:55:59 +0100 Subject: examples/terminal-emulators: add 1021 to the prevented set in libclose.so --- examples/terminal-emulators/libclose.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/terminal-emulators/libclose.c b/examples/terminal-emulators/libclose.c index c394e43e..5620d754 100644 --- a/examples/terminal-emulators/libclose.c +++ b/examples/terminal-emulators/libclose.c @@ -11,7 +11,7 @@ #include int close(int fd) { - if (fd == 1022 || fd == 1023) { + if (fd == 1021 || fd == 1022 || fd == 1023) { return 0; } return syscall(__NR_close, fd); @@ -26,7 +26,7 @@ int fcntl(int __fd, int __cmd, ...) { int a4 = va_arg(ap, int); va_end(ap); - if (__fd == 1022 || __fd == 1023) { + if (__fd == 1021 || __fd == 1022 || __fd == 1023) { if (__cmd == F_SETFD) { a1 &= ~(FD_CLOEXEC); } -- cgit v1.2.3 From c3d238a36d13fcb413406321fbc637ad2fae31e1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 2 Dec 2019 22:01:33 +0100 Subject: examples/terminal-emulator: emulate fcntl64 in libclose.so --- examples/terminal-emulators/libclose.c | 18 ++++++++++++++++++ examples/terminal-emulators/terminal-test.c | 3 +-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/examples/terminal-emulators/libclose.c b/examples/terminal-emulators/libclose.c index 5620d754..3d09bdb0 100644 --- a/examples/terminal-emulators/libclose.c +++ b/examples/terminal-emulators/libclose.c @@ -17,6 +17,24 @@ int close(int fd) { return syscall(__NR_close, fd); } +int fcntl64(int __fd, int __cmd, ...) { + va_list ap; + va_start(ap, __cmd); + int a1 = va_arg(ap, int); + int a2 = va_arg(ap, int); + int a3 = va_arg(ap, int); + int a4 = va_arg(ap, int); + va_end(ap); + + if (__fd == 1021 || __fd == 1022 || __fd == 1023) { + if (__cmd == F_SETFD) { + a1 &= ~(FD_CLOEXEC); + } + } + + return syscall(__NR_fcntl, __fd, __cmd, a1, a2, a3, a4); +} + int fcntl(int __fd, int __cmd, ...) { va_list ap; va_start(ap, __cmd); diff --git a/examples/terminal-emulators/terminal-test.c b/examples/terminal-emulators/terminal-test.c index 2e5ebc31..3614f098 100644 --- a/examples/terminal-emulators/terminal-test.c +++ b/examples/terminal-emulators/terminal-test.c @@ -5,6 +5,7 @@ #include #include #include +#include #include #include #include @@ -13,8 +14,6 @@ #include #include -#include - #define ARRAYSIZE(x) (sizeof(x) / sizeof(*x)) static int fd_tty_write; -- cgit v1.2.3 From 603c77545bb471b5ec76140ce5339d3ce46eb19c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 2 Dec 2019 22:10:56 +0100 Subject: Fixes for https://github.com/google/honggfuzz/pull/293 --- libhfnetdriver/netdriver.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 0b0585b0..3d03a9da 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -150,7 +150,8 @@ static int netDriver_sockConnAddr( } if (addr->sa_family == AF_INET || addr->sa_family == AF_INET6) { int val = 1; - if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &val, (socklen_t)sizeof(val)) == -1) { + if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &val, (socklen_t)sizeof(val)) == -1 && + errno == ENOPROTOOPT) { PLOG_W("setsockopt(sock=%d, SOL_SOCKET, SO_REUSEADDR, %d)", sock, val); } #if defined(SOL_TCP) && defined(TCP_NODELAY) @@ -339,10 +340,11 @@ static bool netDriver_checkIfServerReady(int argc, char **argv) { return true; } #endif /* defined(SOCK_SEQPACKET) */ - /* Next, try TCP4 and TCP6 connections to the localhost */ + /* Next, try TCP4 and TCP6 connections to the localhost */ + const uint16_t tcp_port = netDriver_getTCPPort(argc, argv); const struct sockaddr_in addr4 = { .sin_family = PF_INET, - .sin_port = htons(netDriver_getTCPPort(argc, argv)), + .sin_port = htons(tcp_port), .sin_addr.s_addr = htonl(INADDR_LOOPBACK), }; if (netDriver_connAndAssign((const struct sockaddr *)&addr4, sizeof(addr4), SOCK_STREAM, 0)) { @@ -350,7 +352,7 @@ static bool netDriver_checkIfServerReady(int argc, char **argv) { } const struct sockaddr_in6 addr6 = { .sin6_family = PF_INET6, - .sin6_port = htons(netDriver_getTCPPort(argc, argv)), + .sin6_port = htons(tcp_port), .sin6_flowinfo = 0, .sin6_addr = in6addr_loopback, .sin6_scope_id = 0, @@ -360,8 +362,9 @@ static bool netDriver_checkIfServerReady(int argc, char **argv) { } LOG_I("Honggfuzz Net Driver (pid=%d): Waiting for the TCP server process to start " - "accepting connections at TCP4/TCP6 port: %hu or at the socket path: '%.108s'", - (int)getpid(), netDriver_getTCPPort(argc, argv), sun.sun_path); + "accepting connections at TCP4/TCP6 port: %hu or at the socket path: '%*s'", + (int)getpid(), tcp_port, + (int)strnlen(sun.sun_path, slen - offsetof(struct sockaddr_un, sun_path)), sun.sun_path); return false; } -- cgit v1.2.3 From 885310c652df1125ce141383dd5cd72dacda4ef1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Dec 2019 16:06:49 +0100 Subject: android: fixes for Android --- android/Android.mk | 2 +- libhfcommon/files.c | 2 +- libhfnetdriver/netdriver.c | 2 +- linux/trace.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/android/Android.mk b/android/Android.mk index b419c338..e7be0f2f 100644 --- a/android/Android.mk +++ b/android/Android.mk @@ -137,7 +137,7 @@ COMMON_CFLAGS := -std=c11 \ -Wall -Wextra -Wno-initializer-overrides -Wno-override-init \ -Wno-atomic-alignment -Wno-unknown-warning-option \ -Werror -funroll-loops -O2 \ - -Wframe-larger-than=60000 -Wno-format-truncation \ + -Wframe-larger-than=1048576 -Wno-format-truncation \ ifneq (,$(findstring clang,$(NDK_TOOLCHAIN))) COMMON_CFLAGS += -fblocks -fno-sanitize=address,undefined,memory,thread -fsanitize-coverage=0 diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 8ba99f3a..35d0c7ef 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -444,7 +444,7 @@ const char* files_sockAddrToStr(const struct sockaddr* sa, const socklen_t len) } if (sa->sa_family == AF_UNIX) { - if (len <= offsetof(struct sockaddr_un, sun_path)) { + if ((size_t)len <= offsetof(struct sockaddr_un, sun_path)) { snprintf(str, sizeof(str), "unix:", (unsigned)len); return str; } diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 3d03a9da..a0e7d7b5 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -290,7 +290,7 @@ static const char *netDriver_getSockPath(int argc HF_ATTR_UNUSED, char **argv HF static bool netDriver_connAndAssign( const struct sockaddr *addr, socklen_t slen, int type, int protocol) { - if (slen > sizeof(hfnd_globals.dest_addr.addr)) { + if ((size_t)slen > sizeof(hfnd_globals.dest_addr.addr)) { LOG_F("Provided address '%s' is bigger than sizeof(struct sockaddr_storage): %zu > %zu", files_sockAddrToStr(addr, slen), (size_t)slen, sizeof(hfnd_globals.dest_addr.addr)); } diff --git a/linux/trace.c b/linux/trace.c index 08a87357..bd46e47e 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -1062,7 +1062,7 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { util_ssnprintf(run->report, sizeof(run->report), "DESCRIPTION: %s\n", description); if (funcCnt > 0) { util_ssnprintf( - run->report, sizeof(run->report), "STACK HASH: %016" PRIx64 "\n", savedBacktrace); + run->report, sizeof(run->report), "STACK HASH: %016zu\n", savedBacktrace); util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); for (int i = 0; i < funcCnt; i++) { util_ssnprintf(run->report, sizeof(run->report), " <" REG_PD REG_PM "> ", -- cgit v1.2.3 From 96438de7e2d245dfc0d9bb986b1dbe0f982de3a5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Dec 2019 16:07:36 +0100 Subject: Bump to 4.0.1 --- third_party/android/capstone | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/third_party/android/capstone b/third_party/android/capstone index 65319525..f9c6a904 160000 --- a/third_party/android/capstone +++ b/third_party/android/capstone @@ -1 +1 @@ -Subproject commit 65319525ef51714a782650961fc9ea5552d41eef +Subproject commit f9c6a90489be7b3637ff1c7298e45efafe7cf1b9 -- cgit v1.2.3 From 0f2d5e488c54215b6bc7fc8ea19a86e19e3a0f41 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Dec 2019 16:10:25 +0100 Subject: capstone -> 4.0.1 --- .gitmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index 48f0aa80..9e99046e 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,7 +1,7 @@ [submodule "third_party/android/capstone"] path = third_party/android/capstone url = https://github.com/aquynh/capstone - branch = 3.0.4 + branch = 4.0.1 [submodule "third_party/android/libunwind"] path = third_party/android/libunwind url = git://git.sv.gnu.org/libunwind.git -- cgit v1.2.3 From efa3cd166310040ba6dde3cebe2049e9ddbb4a70 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Dec 2019 16:12:41 +0100 Subject: linux/trace: make android compile with capstone 4.0.1 --- linux/trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux/trace.c b/linux/trace.c index bd46e47e..ea970529 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -59,7 +59,7 @@ #include "subproc.h" #if defined(__ANDROID__) -#include "capstone.h" +#include "capstone/capstone.h" #endif #if defined(__i386__) || defined(__arm__) || defined(__powerpc__) -- cgit v1.2.3 From b578b0b373493e14f60c52d3094fb0e722a11bc2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Dec 2019 16:15:58 +0100 Subject: linux/trace: make it compile with -m32 --- linux/trace.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/linux/trace.c b/linux/trace.c index ea970529..5bda9bcd 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -1009,16 +1009,16 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { /* Keep the crashes file name format identical */ if (run->backtrace != 0ULL && run->global->io.saveUnique) { snprintf(run->crashFileName, sizeof(run->crashFileName), - "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s", - run->global->io.crashDir, "SAN", (uint64_t)pc, run->backtrace, op, crashAddr, + "%s/%s.PC.%tx.STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s", + run->global->io.crashDir, "SAN", (uintptr_t)pc, run->backtrace, op, crashAddr, "[UNKNOWN]", run->global->io.fileExtn); } else { /* If no stack hash available, all crashes treated as unique */ char localtmstr[PATH_MAX]; util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL)); snprintf(run->crashFileName, sizeof(run->crashFileName), - "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s.%s", - run->global->io.crashDir, "SAN", (uint64_t)pc, run->backtrace, op, crashAddr, + "%s/%s.PC.%tx.STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s.%s", + run->global->io.crashDir, "SAN", (uintptr_t)pc, run->backtrace, op, crashAddr, "[UNKNOWN]", localtmstr, run->global->io.fileExtn); } } -- cgit v1.2.3 From 781650acd5f53b37360af03b9e631478d582b5f7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Dec 2019 16:30:05 +0100 Subject: linux/trace: sscanf is tricky, add 1 byte so the scanning doesn't overflow buffers --- linux/trace.c | 5 ++--- linux/unwind.h | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/linux/trace.c b/linux/trace.c index 5bda9bcd..c7cd88a5 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -967,7 +967,7 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { }; memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t)); - char description[PATH_MAX] = {}; + char description[PATH_MAX + 1] = {}; funcCnt = arch_parseAsanReport(run, pid, funcs, &pc, &crashAddr, &op, description); /* @@ -1061,8 +1061,7 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { util_ssnprintf(run->report, sizeof(run->report), "FAULT ADDRESS: %p\n", crashAddr); util_ssnprintf(run->report, sizeof(run->report), "DESCRIPTION: %s\n", description); if (funcCnt > 0) { - util_ssnprintf( - run->report, sizeof(run->report), "STACK HASH: %016zu\n", savedBacktrace); + util_ssnprintf(run->report, sizeof(run->report), "STACK HASH: %016zu\n", savedBacktrace); util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); for (int i = 0; i < funcCnt; i++) { util_ssnprintf(run->report, sizeof(run->report), " <" REG_PD REG_PM "> ", diff --git a/linux/unwind.h b/linux/unwind.h index cdec2e97..c44f4991 100644 --- a/linux/unwind.h +++ b/linux/unwind.h @@ -35,13 +35,13 @@ typedef struct { void* pc; /* If ASan custom parsing, function not available without symbolication */ - char func[_HF_FUNC_NAME_SZ]; + char func[_HF_FUNC_NAME_SZ + 1]; /* * If libuwind proc maps is used to retrieve map name * If ASan custom parsing it's retrieved from generated report file */ - char mapName[PATH_MAX]; + char mapName[PATH_MAX + 1]; /* * If libunwind + bfd symbolizer, line is actual symbol file line -- cgit v1.2.3 From f8eb7411feee54973595b7e0baaf218544eec5ea Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Dec 2019 19:50:43 +0100 Subject: linux/trace: use HF_STR_LEN instead PATH_MAX for some non-path strings --- Makefile | 4 ++-- libhfcommon/util.h | 3 +++ linux/trace.c | 24 +++++++++++------------- linux/unwind.h | 9 ++++++--- report.c | 2 +- 5 files changed, 23 insertions(+), 19 deletions(-) diff --git a/Makefile b/Makefile index d9642988..1a7bbbca 100644 --- a/Makefile +++ b/Makefile @@ -420,7 +420,7 @@ linux/arch.o: arch.h honggfuzz.h libhfcommon/util.h fuzz.h linux/arch.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h linux/arch.o: libhfcommon/log.h libhfcommon/ns.h linux/perf.h linux/trace.h linux/arch.o: sanitizers.h subproc.h -linux/bfd.o: linux/bfd.h linux/unwind.h honggfuzz.h libhfcommon/util.h +linux/bfd.o: linux/bfd.h linux/unwind.h libhfcommon/util.h honggfuzz.h linux/bfd.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h linux/bfd.o: libhfcommon/log.h linux/perf.o: linux/perf.h honggfuzz.h libhfcommon/util.h @@ -432,7 +432,7 @@ linux/trace.o: linux/trace.h honggfuzz.h libhfcommon/util.h linux/trace.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h linux/trace.o: libhfcommon/log.h linux/bfd.h linux/unwind.h sanitizers.h linux/trace.o: socketfuzzer.h subproc.h -linux/unwind.o: linux/unwind.h honggfuzz.h libhfcommon/util.h +linux/unwind.o: linux/unwind.h libhfcommon/util.h honggfuzz.h linux/unwind.o: libhfcommon/common.h libhfcommon/log.h mac/arch.o: arch.h honggfuzz.h libhfcommon/util.h fuzz.h libhfcommon/common.h mac/arch.o: libhfcommon/files.h libhfcommon/common.h libhfcommon/log.h diff --git a/libhfcommon/util.h b/libhfcommon/util.h index fd389712..3a2a4bc7 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -33,6 +33,9 @@ #include #include +#define HF_STR_LEN 8192 +#define HF_STR_LEN_MINUS_1 8191 + #define MX_LOCK(m) util_mutexLock(m, __func__, __LINE__) #define MX_UNLOCK(m) util_mutexUnlock(m, __func__, __LINE__) #define MX_RWLOCK_READ(m) util_mutexRWLockRead(m, __func__, __LINE__) diff --git a/linux/trace.c b/linux/trace.c index c7cd88a5..f7de8c4a 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -803,7 +803,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { run->global->io.crashDir, arch_sigName(si.si_signo), pc, run->backtrace, si.si_code, sig_addr, instr, run->global->io.fileExtn); } else { - char localtmstr[PATH_MAX]; + char localtmstr[HF_STR_LEN]; util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL)); snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s.PC.%" REG_PM ".STACK.%" PRIx64 ".CODE.%d.ADDR.%p.INSTR.%s.%s.%d.%s", @@ -889,12 +889,10 @@ static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, void** cr break; } headerFound = true; - sscanf(lineptr, - "==%d==ERROR: AddressSanitizer: %" HF_XSTR( - PATH_MAX) "[^ ] on address 0x%p at pc 0x%p", - &reportpid, description, pc, crashAddr); - sscanf(lineptr, "==%d==ERROR: AddressSanitizer: %" HF_XSTR(PATH_MAX) "[^\n]", - &reportpid, description); + sscanf(lineptr, "==%*d==ERROR: AddressSanitizer: %*[^ ] on address 0x%p at pc 0x%p", pc, + crashAddr); + sscanf(lineptr, "==%*d==ERROR: AddressSanitizer: %" HF_XSTR(HF_STR_LEN_MINUS_1) "[^\n]", + description); } else { char* pLineLC = lineptr; /* Trim leading spaces */ @@ -929,10 +927,10 @@ static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, void** cr frameIdx = _HF_MAX_FUNCS - 1; break; } - unsigned int frameIdxCpy; sscanf(pLineLC, - "#%u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ) "[^ ] %" HF_XSTR(PATH_MAX) "[^:\n]:%zu", - &frameIdxCpy, &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName, + "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "[^ ] %" HF_XSTR( + HF_STR_LEN_MINUS_1) "[^:\n]:%zu", + &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName, &funcs[frameIdx].line); } } @@ -967,7 +965,7 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { }; memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t)); - char description[PATH_MAX + 1] = {}; + char description[HF_STR_LEN] = {}; funcCnt = arch_parseAsanReport(run, pid, funcs, &pc, &crashAddr, &op, description); /* @@ -1014,7 +1012,7 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { "[UNKNOWN]", run->global->io.fileExtn); } else { /* If no stack hash available, all crashes treated as unique */ - char localtmstr[PATH_MAX]; + char localtmstr[HF_STR_LEN]; util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL)); snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s.PC.%tx.STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s.%s", @@ -1086,7 +1084,7 @@ static void arch_traceExitAnalyzeData(run_t* run, pid_t pid) { }; memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t)); - char description[PATH_MAX] = {}; + char description[HF_STR_LEN] = {}; void* pc = NULL; funcCnt = arch_parseAsanReport(run, pid, funcs, &pc, &crashAddr, &op, description); diff --git a/linux/unwind.h b/linux/unwind.h index c44f4991..40ef4d60 100644 --- a/linux/unwind.h +++ b/linux/unwind.h @@ -27,21 +27,24 @@ #include #include +#include "libhfcommon/util.h" + /* String buffer size for function names in stack traces produced from libunwind */ -#define _HF_FUNC_NAME_SZ 256 // Should be alright for mangled C++ procs too +#define _HF_FUNC_NAME_SZ 256 // Should be alright for mangled C++ procs too +#define _HF_FUNC_NAME_SZ_MINUS_1 255 // For scanf() #define _HF_MAX_FUNCS 80 typedef struct { void* pc; /* If ASan custom parsing, function not available without symbolication */ - char func[_HF_FUNC_NAME_SZ + 1]; + char func[_HF_FUNC_NAME_SZ]; /* * If libuwind proc maps is used to retrieve map name * If ASan custom parsing it's retrieved from generated report file */ - char mapName[PATH_MAX + 1]; + char mapName[HF_STR_LEN]; /* * If libunwind + bfd symbolizer, line is actual symbol file line diff --git a/report.c b/report.c index d3136f35..21b83dfe 100644 --- a/report.c +++ b/report.c @@ -87,7 +87,7 @@ void report_Report(run_t* run) { } } - char localtmstr[PATH_MAX]; + char localtmstr[HF_STR_LEN]; util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL)); dprintf(reportFD, -- cgit v1.2.3 From 848da247e5ed1a9eb8cbc9e39e3489f864c484df Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Dec 2019 20:42:16 +0100 Subject: honggfuzz: android's bionic seems to return errno=0 with failing pthread_kill --- honggfuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/honggfuzz.c b/honggfuzz.c index 812a80f8..30e2e7ad 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -217,7 +217,7 @@ static void printSummary(honggfuzz_t* hfuzz) { static void pingThreads(honggfuzz_t* hfuzz) { for (size_t i = 0; i < hfuzz->threads.threadsMax; i++) { - if (pthread_kill(hfuzz->threads.threads[i], SIGCHLD) != 0 && errno != EINTR) { + if (pthread_kill(hfuzz->threads.threads[i], SIGCHLD) != 0 && errno != EINTR && errno != 0) { PLOG_W("pthread_kill(thread=%zu, SIGCHLD)", i); } } -- cgit v1.2.3 From 3b12270fa225c41b5c78c0ced7984420ca8ff1c0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Dec 2019 23:20:25 +0100 Subject: linux/trace: assume all registers are uint64_t --- linux/trace.c | 51 +++++++++++++++++++++++---------------------------- 1 file changed, 23 insertions(+), 28 deletions(-) diff --git a/linux/trace.c b/linux/trace.c index f7de8c4a..5236421b 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -62,22 +62,11 @@ #include "capstone/capstone.h" #endif -#if defined(__i386__) || defined(__arm__) || defined(__powerpc__) -#define REG_TYPE uint32_t -#define REG_PM PRIx32 -#define REG_PD "0x%08" -#elif defined(__x86_64__) || defined(__aarch64__) || defined(__powerpc64__) || \ - defined(__mips__) || defined(__mips64__) -#define REG_TYPE uint64_t -#define REG_PM PRIx64 -#define REG_PD "0x%016" -#endif - /* * Size in characters required to store a string representation of a * register value (0xdeadbeef style)) */ -#define REGSIZEINCHAR (2 * sizeof(REG_TYPE) + 3) +#define REGSIZEINCHAR (2 * sizeof(uint64_t) + 3) #if defined(__i386__) || defined(__x86_64__) #define MAX_INSTR_SZ 16 @@ -308,7 +297,7 @@ static const char* arch_sigName(int signo) { #endif /* __ANDROID__ */ } -static size_t arch_getProcMem(pid_t pid, uint8_t* buf, size_t len, REG_TYPE pc) { +static size_t arch_getProcMem(pid_t pid, uint8_t* buf, size_t len, uint64_t pc) { /* * Let's try process_vm_readv first */ @@ -348,7 +337,7 @@ static size_t arch_getProcMem(pid_t pid, uint8_t* buf, size_t len, REG_TYPE pc) return memsz; } -static size_t arch_getPC(pid_t pid, REG_TYPE* pc, REG_TYPE* status_reg HF_ATTR_UNUSED) { +static size_t arch_getPC(pid_t pid, uint64_t* pc, uint64_t* status_reg HF_ATTR_UNUSED) { /* * Some old ARM android kernels are failing with PTRACE_GETREGS to extract * the correct register values if struct size is bigger than expected. As such the @@ -465,14 +454,14 @@ static size_t arch_getPC(pid_t pid, REG_TYPE* pc, REG_TYPE* status_reg HF_ATTR_U return 0; } -static void arch_getInstrStr(pid_t pid, REG_TYPE* pc, char* instr) { +static void arch_getInstrStr(pid_t pid, uint64_t* pc, char* instr) { /* * We need a value aligned to 8 * which is sizeof(long) on 64bit CPU archs (on most of them, I hope;) */ uint8_t buf[MAX_INSTR_SZ]; size_t memsz; - REG_TYPE status_reg = 0; + uint64_t status_reg = 0; snprintf(instr, _HF_INSTR_SZ, "%s", "[UNKNOWN]"); @@ -543,7 +532,7 @@ static void arch_hashCallstack(run_t* run, funcs_t* funcs, size_t funcCnt, bool * Convert PC to char array to be compatible with hash function */ char pcStr[REGSIZEINCHAR] = {0}; - snprintf(pcStr, REGSIZEINCHAR, REG_PD REG_PM, (REG_TYPE)(long)funcs[i].pc); + snprintf(pcStr, REGSIZEINCHAR, "0x%016" PRIx64, (uint64_t)(long)funcs[i].pc); /* * Hash the last three nibbles @@ -579,16 +568,20 @@ static void arch_traceGenerateReport( util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); for (size_t i = 0; i < funcCnt; i++) { #ifdef __HF_USE_CAPSTONE__ - util_ssnprintf( - run->report, sizeof(run->report), " <" REG_PD REG_PM "> ", (REG_TYPE)(long)funcs[i].pc); + util_ssnprintf(run->report, sizeof(run->report), + " <" + "0x%016" PRIx64 "> ", + (uint64_t)(long)funcs[i].pc); if (funcs[i].func[0] != '\0') util_ssnprintf(run->report, sizeof(run->report), "[%s() + 0x%tx at %s]\n", funcs[i].func, funcs[i].line, funcs[i].mapName); else util_ssnprintf(run->report, sizeof(run->report), "[]\n"); #else - util_ssnprintf(run->report, sizeof(run->report), " <" REG_PD REG_PM "> [%s():%zu at %s]\n", - (REG_TYPE)(long)funcs[i].pc, funcs[i].func, funcs[i].line, funcs[i].mapName); + util_ssnprintf(run->report, sizeof(run->report), + " <" + "0x%016" PRIx64 "> [%s():%zu at %s]\n", + (uint64_t)(long)funcs[i].pc, funcs[i].func, funcs[i].line, funcs[i].mapName); #endif } @@ -605,7 +598,7 @@ static void arch_traceGenerateReport( } static void arch_traceAnalyzeData(run_t* run, pid_t pid) { - REG_TYPE pc = 0, status_reg = 0; + uint64_t pc = 0, status_reg = 0; size_t pcRegSz = arch_getPC(pid, &pc, &status_reg); if (!pcRegSz) { LOG_W("ptrace arch_getPC failed"); @@ -649,7 +642,7 @@ static void arch_traceAnalyzeData(run_t* run, pid_t pid) { } static void arch_traceSaveData(run_t* run, pid_t pid) { - REG_TYPE pc = 0; + uint64_t pc = 0; /* Local copy since flag is overridden for some crashes */ bool saveUnique = run->global->io.saveUnique; @@ -664,7 +657,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { arch_getInstrStr(pid, &pc, instr); - LOG_D("Pid: %d, signo: %d, errno: %d, code: %d, addr: %p, pc: %" REG_PM ", instr: '%s'", pid, + LOG_D("Pid: %d, signo: %d, errno: %d, code: %d, addr: %p, pc: %" PRIx64 ", instr: '%s'", pid, si.si_signo, si.si_errno, si.si_code, si.si_addr, pc, instr); if (!SI_FROMUSER(&si) && pc && si.si_addr < run->global->linux.ignoreAddr) { @@ -799,14 +792,14 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { run->origFileName); } else if (saveUnique) { snprintf(run->crashFileName, sizeof(run->crashFileName), - "%s/%s.PC.%" REG_PM ".STACK.%" PRIx64 ".CODE.%d.ADDR.%p.INSTR.%s.%s", + "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%d.ADDR.%p.INSTR.%s.%s", run->global->io.crashDir, arch_sigName(si.si_signo), pc, run->backtrace, si.si_code, sig_addr, instr, run->global->io.fileExtn); } else { char localtmstr[HF_STR_LEN]; util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL)); snprintf(run->crashFileName, sizeof(run->crashFileName), - "%s/%s.PC.%" REG_PM ".STACK.%" PRIx64 ".CODE.%d.ADDR.%p.INSTR.%s.%s.%d.%s", + "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%d.ADDR.%p.INSTR.%s.%s.%d.%s", run->global->io.crashDir, arch_sigName(si.si_signo), pc, run->backtrace, si.si_code, sig_addr, instr, localtmstr, pid, run->global->io.fileExtn); } @@ -1062,8 +1055,10 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { util_ssnprintf(run->report, sizeof(run->report), "STACK HASH: %016zu\n", savedBacktrace); util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); for (int i = 0; i < funcCnt; i++) { - util_ssnprintf(run->report, sizeof(run->report), " <" REG_PD REG_PM "> ", - (REG_TYPE)(long)funcs[i].pc); + util_ssnprintf(run->report, sizeof(run->report), + " <" + "0x%016" PRIx64 "> ", + (uint64_t)(long)funcs[i].pc); if (funcs[i].mapName[0] != '\0') { util_ssnprintf(run->report, sizeof(run->report), "[%s:%zu]\n", funcs[i].mapName, funcs[i].line); -- cgit v1.2.3 From 6038ae35c0e375e66e421ef4ed24fc8f5ccfc4bd Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Dec 2019 23:33:37 +0100 Subject: linux/trace: assume all registers are uint64_t +asan parsing --- linux/trace.c | 43 +++++++++++++++++++------------------------ 1 file changed, 19 insertions(+), 24 deletions(-) diff --git a/linux/trace.c b/linux/trace.c index 5236421b..ec90f348 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -837,10 +837,10 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { } /* TODO: Add report parsing support for other sanitizers too */ -static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, void** crashAddr, void** pc, - char** op, char* description) { - char crashReport[PATH_MAX] = {0}; - const char* const crashReportCpy = crashReport; +static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* crashAddr, uint64_t* pc, + const char** op, char description[HF_STR_LEN]) { + char crashReport[PATH_MAX]; + const char *crashReportCpy = crashReport; snprintf( crashReport, sizeof(crashReport), "%s/%s.%d", run->global->io.workDir, kLOGPREFIX, pid); @@ -851,8 +851,6 @@ static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, void** cr } defer { fclose(fReport); - }; - defer { unlink(crashReportCpy); }; @@ -882,8 +880,7 @@ static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, void** cr break; } headerFound = true; - sscanf(lineptr, "==%*d==ERROR: AddressSanitizer: %*[^ ] on address 0x%p at pc 0x%p", pc, - crashAddr); + sscanf(lineptr, "==%*d==ERROR: AddressSanitizer: %*[^ ] on address 0x%" PRIx64 " at pc 0x%" PRIx64, pc, crashAddr); sscanf(lineptr, "==%*d==ERROR: AddressSanitizer: %" HF_XSTR(HF_STR_LEN_MINUS_1) "[^\n]", description); } else { @@ -920,9 +917,7 @@ static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, void** cr frameIdx = _HF_MAX_FUNCS - 1; break; } - sscanf(pLineLC, - "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "[^ ] %" HF_XSTR( - HF_STR_LEN_MINUS_1) "[^:\n]:%zu", + sscanf(pLineLC, "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "[^ ] %" HF_XSTR(HF_STR_LEN_MINUS_1) "[^:\n]:%zu", &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName, &funcs[frameIdx].line); } @@ -937,9 +932,9 @@ static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, void** cr * the same format for compatibility with post campaign tools. */ static void arch_traceExitSaveData(run_t* run, pid_t pid) { - void* pc = NULL; - void* crashAddr = 0; - char* op = "UNKNOWN"; + uint64_t pc = 0; + uint64_t crashAddr = 0; + const char* op = "UNKNOWN"; /* Save only the first hit for each worker */ if (run->crashFileName[0] != '\0') { @@ -972,8 +967,8 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { } /* Since crash address is available, apply ignoreAddr filters */ - if (crashAddr < run->global->linux.ignoreAddr) { - LOG_I("Input is interesting, but the crash addr is %p (below %p), skipping", crashAddr, + if (crashAddr < (uintptr_t)run->global->linux.ignoreAddr) { + LOG_I("Input is interesting, but the crash addr is %" PRIx64 " (below %p), skipping", crashAddr, run->global->linux.ignoreAddr); return; } @@ -1000,16 +995,16 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { /* Keep the crashes file name format identical */ if (run->backtrace != 0ULL && run->global->io.saveUnique) { snprintf(run->crashFileName, sizeof(run->crashFileName), - "%s/%s.PC.%tx.STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s", - run->global->io.crashDir, "SAN", (uintptr_t)pc, run->backtrace, op, crashAddr, + "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%s.ADDR.%" PRIx64 ".INSTR.%s.%s", + run->global->io.crashDir, "SAN", pc, run->backtrace, op, crashAddr, "[UNKNOWN]", run->global->io.fileExtn); } else { /* If no stack hash available, all crashes treated as unique */ char localtmstr[HF_STR_LEN]; util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL)); snprintf(run->crashFileName, sizeof(run->crashFileName), - "%s/%s.PC.%tx.STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s.%s", - run->global->io.crashDir, "SAN", (uintptr_t)pc, run->backtrace, op, crashAddr, + "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%s.ADDR.%" PRIx64 ".INSTR.%s.%s.%s", + run->global->io.crashDir, "SAN", pc, run->backtrace, op, crashAddr, "[UNKNOWN]", localtmstr, run->global->io.fileExtn); } } @@ -1049,7 +1044,7 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { util_ssnprintf(run->report, sizeof(run->report), "FUZZ_FNAME: %s\n", run->crashFileName); util_ssnprintf(run->report, sizeof(run->report), "PID: %d\n", pid); util_ssnprintf(run->report, sizeof(run->report), "OPERATION: %s\n", op); - util_ssnprintf(run->report, sizeof(run->report), "FAULT ADDRESS: %p\n", crashAddr); + util_ssnprintf(run->report, sizeof(run->report), "FAULT ADDRESS: %" PRIx64 "\n", crashAddr); util_ssnprintf(run->report, sizeof(run->report), "DESCRIPTION: %s\n", description); if (funcCnt > 0) { util_ssnprintf(run->report, sizeof(run->report), "STACK HASH: %016zu\n", savedBacktrace); @@ -1070,8 +1065,6 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { } static void arch_traceExitAnalyzeData(run_t* run, pid_t pid) { - void* crashAddr = 0; - char* op = "UNKNOWN"; int funcCnt = 0; funcs_t* funcs = util_Malloc(_HF_MAX_FUNCS * sizeof(funcs_t)); defer { @@ -1079,8 +1072,10 @@ static void arch_traceExitAnalyzeData(run_t* run, pid_t pid) { }; memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t)); + uint64_t pc = 0; + uint64_t crashAddr = 0; + const char* op = "UNKNOWN"; char description[HF_STR_LEN] = {}; - void* pc = NULL; funcCnt = arch_parseAsanReport(run, pid, funcs, &pc, &crashAddr, &op, description); /* -- cgit v1.2.3 From 19bfddf25bcabbfd1f108abcfa41ccb17e68e3d4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Dec 2019 23:34:05 +0100 Subject: make indent depend --- linux/trace.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/linux/trace.c b/linux/trace.c index ec90f348..413c81e1 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -837,10 +837,10 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { } /* TODO: Add report parsing support for other sanitizers too */ -static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* crashAddr, uint64_t* pc, - const char** op, char description[HF_STR_LEN]) { +static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* crashAddr, + uint64_t* pc, const char** op, char description[HF_STR_LEN]) { char crashReport[PATH_MAX]; - const char *crashReportCpy = crashReport; + const char* crashReportCpy = crashReport; snprintf( crashReport, sizeof(crashReport), "%s/%s.%d", run->global->io.workDir, kLOGPREFIX, pid); @@ -880,7 +880,9 @@ static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* break; } headerFound = true; - sscanf(lineptr, "==%*d==ERROR: AddressSanitizer: %*[^ ] on address 0x%" PRIx64 " at pc 0x%" PRIx64, pc, crashAddr); + sscanf(lineptr, + "==%*d==ERROR: AddressSanitizer: %*[^ ] on address 0x%" PRIx64 " at pc 0x%" PRIx64, + pc, crashAddr); sscanf(lineptr, "==%*d==ERROR: AddressSanitizer: %" HF_XSTR(HF_STR_LEN_MINUS_1) "[^\n]", description); } else { @@ -917,7 +919,9 @@ static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* frameIdx = _HF_MAX_FUNCS - 1; break; } - sscanf(pLineLC, "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "[^ ] %" HF_XSTR(HF_STR_LEN_MINUS_1) "[^:\n]:%zu", + sscanf(pLineLC, + "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "[^ ] %" HF_XSTR( + HF_STR_LEN_MINUS_1) "[^:\n]:%zu", &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName, &funcs[frameIdx].line); } @@ -968,8 +972,8 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { /* Since crash address is available, apply ignoreAddr filters */ if (crashAddr < (uintptr_t)run->global->linux.ignoreAddr) { - LOG_I("Input is interesting, but the crash addr is %" PRIx64 " (below %p), skipping", crashAddr, - run->global->linux.ignoreAddr); + LOG_I("Input is interesting, but the crash addr is %" PRIx64 " (below %p), skipping", + crashAddr, run->global->linux.ignoreAddr); return; } @@ -996,16 +1000,16 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { if (run->backtrace != 0ULL && run->global->io.saveUnique) { snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%s.ADDR.%" PRIx64 ".INSTR.%s.%s", - run->global->io.crashDir, "SAN", pc, run->backtrace, op, crashAddr, - "[UNKNOWN]", run->global->io.fileExtn); + run->global->io.crashDir, "SAN", pc, run->backtrace, op, crashAddr, "[UNKNOWN]", + run->global->io.fileExtn); } else { /* If no stack hash available, all crashes treated as unique */ char localtmstr[HF_STR_LEN]; util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL)); snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%s.ADDR.%" PRIx64 ".INSTR.%s.%s.%s", - run->global->io.crashDir, "SAN", pc, run->backtrace, op, crashAddr, - "[UNKNOWN]", localtmstr, run->global->io.fileExtn); + run->global->io.crashDir, "SAN", pc, run->backtrace, op, crashAddr, "[UNKNOWN]", + localtmstr, run->global->io.fileExtn); } } -- cgit v1.2.3 From 4e125a09664f062827f133d16ed513c79100ca77 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Dec 2019 07:25:42 +0100 Subject: hfuzz-cc: link with -latomic for Android --- hfuzz_cc/hfuzz-cc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 92a8fd63..dddb40b5 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -439,6 +439,9 @@ static int ldMode(int argc, char** argv) { #if !defined(_HF_ARCH_DARWIN) && !defined(__OpenBSD__) args[j++] = "-lrt"; #endif /* !defined(_HF_ARCH_DARWIN) && !defined(__OpenBSD__) */ +#if defined(__ANDROID__) + args[j++] = "-latomic"; +#endif /* Disable -fsanitize=fuzzer */ if (isFSanitizeFuzzer(argc, argv)) { -- cgit v1.2.3 From c73676e9d788af6137d1d9d2d2f1c7a78d11c302 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Dec 2019 07:49:34 +0100 Subject: linux/trace: android's version of asan --- linux/trace.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/linux/trace.c b/linux/trace.c index 413c81e1..20ac35d5 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -919,11 +919,19 @@ static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* frameIdx = _HF_MAX_FUNCS - 1; break; } - sscanf(pLineLC, - "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "[^ ] %" HF_XSTR( - HF_STR_LEN_MINUS_1) "[^:\n]:%zu", - &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName, - &funcs[frameIdx].line); + if (sscanf(pLineLC, + "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "[^ ] %" HF_XSTR( + HF_STR_LEN_MINUS_1) "[^:\n]:%zu", + &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName, + &funcs[frameIdx].line) > 2) { + continue; + } + /* + * Android version: + * #2 0x565584f4 (/mnt/z/test+0x34f4) + */ + sscanf(pLineLC, "#%*u 0x%p%*[^(](%" HF_XSTR(HF_STR_LEN_MINUS_1) "[^)\n]", + &funcs[frameIdx].pc, funcs[frameIdx].mapName); } } -- cgit v1.2.3 From 66d8bcd37ce94703f7d8f005bb859e26a8623f27 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Dec 2019 09:56:24 +0100 Subject: linux/trace: parse various asan reports --- linux/trace.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/linux/trace.c b/linux/trace.c index 20ac35d5..a54eee85 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -907,11 +907,6 @@ static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* cAddr = NULL; } - /* - * Frames have following format: - #0 0x1e94738 in smb2_signing_decrypt_pdu /home/test/libcli/smb/smb2_signing.c:617:3 - */ - if (sscanf(pLineLC, "#%u", &frameIdx) != 1) { continue; } @@ -919,19 +914,37 @@ static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* frameIdx = _HF_MAX_FUNCS - 1; break; } + + /* + * Frames with symbols but w/o debug info + * #33 0x7ffff59a3668 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9668) + */ + if (sscanf(pLineLC, + "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "s%*[^(](%" HF_XSTR( + HF_STR_LEN_MINUS_1) "s", + &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName) == 3) { + continue; + } + /* + * Frames with symbols and with debug info + * #0 0x1e94738 in smb2_signing_decrypt_pdu + * /home/test/libcli/smb/smb2_signing.c:617:3 + */ if (sscanf(pLineLC, "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "[^ ] %" HF_XSTR( HF_STR_LEN_MINUS_1) "[^:\n]:%zu", &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName, - &funcs[frameIdx].line) > 2) { + &funcs[frameIdx].line) == 4) { continue; } /* - * Android version: + * Frames w/o symbols * #2 0x565584f4 (/mnt/z/test+0x34f4) */ - sscanf(pLineLC, "#%*u 0x%p%*[^(](%" HF_XSTR(HF_STR_LEN_MINUS_1) "[^)\n]", - &funcs[frameIdx].pc, funcs[frameIdx].mapName); + if (sscanf(pLineLC, "#%*u 0x%p%*[^(](%" HF_XSTR(HF_STR_LEN_MINUS_1) "[^)\n]", + &funcs[frameIdx].pc, funcs[frameIdx].mapName) == 2) { + continue; + } } } @@ -1067,10 +1080,10 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { "0x%016" PRIx64 "> ", (uint64_t)(long)funcs[i].pc); if (funcs[i].mapName[0] != '\0') { - util_ssnprintf(run->report, sizeof(run->report), "[%s:%zu]\n", funcs[i].mapName, - funcs[i].line); + util_ssnprintf(run->report, sizeof(run->report), "%s [%s:%zu]\n", funcs[i].func, + funcs[i].mapName, funcs[i].line); } else { - util_ssnprintf(run->report, sizeof(run->report), "[]\n"); + util_ssnprintf(run->report, sizeof(run->report), "%s []\n", funcs[i].func); } } } -- cgit v1.2.3 From 57e970c59abffcc9a1794f0bf286e57547642076 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Dec 2019 16:30:57 +0100 Subject: cmdline/sanitizers: add option to delete/retain asan report, as well as move asan report parsing bits to sanitizers.c --- Makefile | 8 ++-- cmdline.c | 9 +++++ honggfuzz.h | 1 + linux/trace.c | 119 +-------------------------------------------------------- linux/unwind.h | 30 +-------------- sanitizers.c | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ sanitizers.h | 27 +++++++++++++ 7 files changed, 160 insertions(+), 150 deletions(-) diff --git a/Makefile b/Makefile index 1a7bbbca..e20e9555 100644 --- a/Makefile +++ b/Makefile @@ -420,9 +420,9 @@ linux/arch.o: arch.h honggfuzz.h libhfcommon/util.h fuzz.h linux/arch.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h linux/arch.o: libhfcommon/log.h libhfcommon/ns.h linux/perf.h linux/trace.h linux/arch.o: sanitizers.h subproc.h -linux/bfd.o: linux/bfd.h linux/unwind.h libhfcommon/util.h honggfuzz.h -linux/bfd.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h -linux/bfd.o: libhfcommon/log.h +linux/bfd.o: linux/bfd.h linux/unwind.h sanitizers.h honggfuzz.h +linux/bfd.o: libhfcommon/util.h libhfcommon/common.h libhfcommon/files.h +linux/bfd.o: libhfcommon/common.h libhfcommon/log.h linux/perf.o: linux/perf.h honggfuzz.h libhfcommon/util.h linux/perf.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h linux/perf.o: libhfcommon/log.h linux/pt.h @@ -432,7 +432,7 @@ linux/trace.o: linux/trace.h honggfuzz.h libhfcommon/util.h linux/trace.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h linux/trace.o: libhfcommon/log.h linux/bfd.h linux/unwind.h sanitizers.h linux/trace.o: socketfuzzer.h subproc.h -linux/unwind.o: linux/unwind.h libhfcommon/util.h honggfuzz.h +linux/unwind.o: linux/unwind.h sanitizers.h honggfuzz.h libhfcommon/util.h linux/unwind.o: libhfcommon/common.h libhfcommon/log.h mac/arch.o: arch.h honggfuzz.h libhfcommon/util.h fuzz.h libhfcommon/common.h mac/arch.o: libhfcommon/files.h libhfcommon/common.h libhfcommon/log.h diff --git a/cmdline.c b/cmdline.c index 15e9efbc..3939edc2 100644 --- a/cmdline.c +++ b/cmdline.c @@ -325,6 +325,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .sanitizer = { .enable = false, + .del_report = false, }, .feedback = { @@ -440,6 +441,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "save_all", no_argument, NULL, 'u' }, "Save all test-cases (not only the unique ones) by appending the current time-stamp to the filenames" }, { { "tmout_sigvtalrm", no_argument, NULL, 'T' }, "Use SIGVTALRM to kill timeouting processes (default: use SIGKILL)" }, { { "sanitizers", no_argument, NULL, 'S' }, "** DEPRECATED ** Enable sanitizers settings (default: false)" }, + { { "sanitizer_del_report", required_argument, NULL, 0x10F }, "Delete sanitizer report after use (default: false)" }, { { "monitor_sigabrt", required_argument, NULL, 0x105 }, "Monitor SIGABRT (default: false for Android, true for other platforms)" }, { { "no_fb_timeout", required_argument, NULL, 0x106 }, "Skip feedback if the process has timeouted (default: false)" }, { { "exit_upon_crash", no_argument, NULL, 0x107 }, "Exit upon seeing the first crash (default: false)" }, @@ -546,6 +548,13 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { case 'S': hfuzz->sanitizer.enable = true; break; + case 0x10F: + if ((strcasecmp(optarg, "0") == 0) || (strcasecmp(optarg, "false") == 0)) { + hfuzz->sanitizer.del_report = false; + } else { + hfuzz->sanitizer.del_report = true; + } + break; case 0x10B: hfuzz->socketFuzzer.enabled = true; hfuzz->timing.tmOut = 0; /* Disable process timeout checks */ diff --git a/honggfuzz.h b/honggfuzz.h index a89f6345..a55e23e0 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -257,6 +257,7 @@ typedef struct { } cfg; struct { bool enable; + bool del_report; } sanitizer; struct { fuzzState_t state; diff --git a/linux/trace.c b/linux/trace.c index a54eee85..20544827 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -836,121 +836,6 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { arch_traceGenerateReport(pid, run, funcs, funcCnt, &si, instr); } -/* TODO: Add report parsing support for other sanitizers too */ -static int arch_parseAsanReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* crashAddr, - uint64_t* pc, const char** op, char description[HF_STR_LEN]) { - char crashReport[PATH_MAX]; - const char* crashReportCpy = crashReport; - snprintf( - crashReport, sizeof(crashReport), "%s/%s.%d", run->global->io.workDir, kLOGPREFIX, pid); - - FILE* fReport = fopen(crashReport, "rb"); - if (fReport == NULL) { - PLOG_D("Couldn't open '%s' - R/O mode", crashReport); - return -1; - } - defer { - fclose(fReport); - unlink(crashReportCpy); - }; - - bool headerFound = false; - unsigned int frameIdx = 0; - - char *lineptr = NULL, *cAddr = NULL; - size_t n = 0; - defer { - free(lineptr); - }; - for (;;) { - if (getline(&lineptr, &n, fReport) == -1) { - break; - } - - /* First step is to identify header */ - if (!headerFound) { - int reportpid = 0; - if (sscanf(lineptr, "==%d==ERROR: AddressSanitizer:", &reportpid) != 1) { - continue; - } - if (reportpid != pid) { - LOG_W( - "SAN report found in '%s', but its PID:%d is different from the needed PID:%d", - crashReport, reportpid, pid); - break; - } - headerFound = true; - sscanf(lineptr, - "==%*d==ERROR: AddressSanitizer: %*[^ ] on address 0x%" PRIx64 " at pc 0x%" PRIx64, - pc, crashAddr); - sscanf(lineptr, "==%*d==ERROR: AddressSanitizer: %" HF_XSTR(HF_STR_LEN_MINUS_1) "[^\n]", - description); - } else { - char* pLineLC = lineptr; - /* Trim leading spaces */ - while (*pLineLC != '\0' && isspace(*pLineLC)) { - ++pLineLC; - } - - /* End separator for crash thread stack trace is an empty line */ - if ((*pLineLC == '\0') && (frameIdx != 0)) { - break; - } - - /* If available parse the type of error (READ/WRITE) */ - if (cAddr && strstr(pLineLC, cAddr)) { - if (strncmp(pLineLC, "READ", 4) == 0) { - *op = "READ"; - } else if (strncmp(pLineLC, "WRITE", 5) == 0) { - *op = "WRITE"; - } - cAddr = NULL; - } - - if (sscanf(pLineLC, "#%u", &frameIdx) != 1) { - continue; - } - if (frameIdx >= _HF_MAX_FUNCS) { - frameIdx = _HF_MAX_FUNCS - 1; - break; - } - - /* - * Frames with symbols but w/o debug info - * #33 0x7ffff59a3668 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9668) - */ - if (sscanf(pLineLC, - "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "s%*[^(](%" HF_XSTR( - HF_STR_LEN_MINUS_1) "s", - &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName) == 3) { - continue; - } - /* - * Frames with symbols and with debug info - * #0 0x1e94738 in smb2_signing_decrypt_pdu - * /home/test/libcli/smb/smb2_signing.c:617:3 - */ - if (sscanf(pLineLC, - "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "[^ ] %" HF_XSTR( - HF_STR_LEN_MINUS_1) "[^:\n]:%zu", - &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName, - &funcs[frameIdx].line) == 4) { - continue; - } - /* - * Frames w/o symbols - * #2 0x565584f4 (/mnt/z/test+0x34f4) - */ - if (sscanf(pLineLC, "#%*u 0x%p%*[^(](%" HF_XSTR(HF_STR_LEN_MINUS_1) "[^)\n]", - &funcs[frameIdx].pc, funcs[frameIdx].mapName) == 2) { - continue; - } - } - } - - return frameIdx; -} - /* * Special book keeping for cases where crashes are detected based on exitcode and not * a raised signal. Such case is the ASan fuzzing for Android. Crash file name maintains @@ -979,7 +864,7 @@ static void arch_traceExitSaveData(run_t* run, pid_t pid) { memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t)); char description[HF_STR_LEN] = {}; - funcCnt = arch_parseAsanReport(run, pid, funcs, &pc, &crashAddr, &op, description); + funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, &op, description); /* * -1 error indicates a file not found for report. This is expected to happen often since @@ -1101,7 +986,7 @@ static void arch_traceExitAnalyzeData(run_t* run, pid_t pid) { uint64_t crashAddr = 0; const char* op = "UNKNOWN"; char description[HF_STR_LEN] = {}; - funcCnt = arch_parseAsanReport(run, pid, funcs, &pc, &crashAddr, &op, description); + funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, &op, description); /* * -1 error indicates a file not found for report. This is expected to happen often since diff --git a/linux/unwind.h b/linux/unwind.h index 40ef4d60..4e6faed8 100644 --- a/linux/unwind.h +++ b/linux/unwind.h @@ -24,35 +24,7 @@ #ifndef _HF_LINUX_UNWIND_H_ #define _HF_LINUX_UNWIND_H_ -#include -#include - -#include "libhfcommon/util.h" - -/* String buffer size for function names in stack traces produced from libunwind */ -#define _HF_FUNC_NAME_SZ 256 // Should be alright for mangled C++ procs too -#define _HF_FUNC_NAME_SZ_MINUS_1 255 // For scanf() - -#define _HF_MAX_FUNCS 80 -typedef struct { - void* pc; - - /* If ASan custom parsing, function not available without symbolication */ - char func[_HF_FUNC_NAME_SZ]; - - /* - * If libuwind proc maps is used to retrieve map name - * If ASan custom parsing it's retrieved from generated report file - */ - char mapName[HF_STR_LEN]; - - /* - * If libunwind + bfd symbolizer, line is actual symbol file line - * If libunwind + custom (e.g. Android), line is offset from function symbol - * If ASan custom parsing, line is offset from matching map load base address - */ - size_t line; -} funcs_t; +#include "sanitizers.h" extern size_t arch_unwindStack(pid_t pid, funcs_t* funcs); extern char* arch_btContainsSymbol( diff --git a/sanitizers.c b/sanitizers.c index 9c35ad06..6788e2f4 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -137,3 +137,119 @@ bool sanitizers_Init(honggfuzz_t* hfuzz) { return true; } + +int sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* crashAddr, uint64_t* pc, + const char** op, char description[HF_STR_LEN]) { + char crashReport[PATH_MAX]; + const char* crashReportCpy = crashReport; + snprintf( + crashReport, sizeof(crashReport), "%s/%s.%d", run->global->io.workDir, kLOGPREFIX, pid); + + FILE* fReport = fopen(crashReport, "rb"); + if (fReport == NULL) { + PLOG_D("Couldn't open '%s' - R/O mode", crashReport); + return -1; + } + defer { + fclose(fReport); + if (run->global->sanitizer.del_report) { + unlink(crashReportCpy); + } + }; + + bool headerFound = false; + unsigned int frameIdx = 0; + + char *lineptr = NULL, *cAddr = NULL; + size_t n = 0; + defer { + free(lineptr); + }; + for (;;) { + if (getline(&lineptr, &n, fReport) == -1) { + break; + } + + /* First step is to identify header */ + if (!headerFound) { + int reportpid = 0; + if (sscanf(lineptr, "==%d==ERROR: AddressSanitizer:", &reportpid) != 1) { + continue; + } + if (reportpid != pid) { + LOG_W( + "SAN report found in '%s', but its PID:%d is different from the needed PID:%d", + crashReport, reportpid, pid); + break; + } + headerFound = true; + sscanf(lineptr, + "==%*d==ERROR: AddressSanitizer: %*[^ ] on address 0x%" PRIx64 " at pc 0x%" PRIx64, + pc, crashAddr); + sscanf(lineptr, "==%*d==ERROR: AddressSanitizer: %" HF_XSTR(HF_STR_LEN_MINUS_1) "[^\n]", + description); + } else { + char* pLineLC = lineptr; + /* Trim leading spaces */ + while (*pLineLC != '\0' && isspace(*pLineLC)) { + ++pLineLC; + } + + /* End separator for crash thread stack trace is an empty line */ + if ((*pLineLC == '\0') && (frameIdx != 0)) { + break; + } + + /* If available parse the type of error (READ/WRITE) */ + if (cAddr && strstr(pLineLC, cAddr)) { + if (strncmp(pLineLC, "READ", 4) == 0) { + *op = "READ"; + } else if (strncmp(pLineLC, "WRITE", 5) == 0) { + *op = "WRITE"; + } + cAddr = NULL; + } + + if (sscanf(pLineLC, "#%u", &frameIdx) != 1) { + continue; + } + if (frameIdx >= _HF_MAX_FUNCS) { + frameIdx = _HF_MAX_FUNCS - 1; + break; + } + + /* + * Frames with symbols but w/o debug info + * #33 0x7ffff59a3668 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9668) + */ + if (sscanf(pLineLC, + "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "s%*[^(](%" HF_XSTR( + HF_STR_LEN_MINUS_1) "s", + &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName) == 3) { + continue; + } + /* + * Frames with symbols and with debug info + * #0 0x1e94738 in smb2_signing_decrypt_pdu + * /home/test/libcli/smb/smb2_signing.c:617:3 + */ + if (sscanf(pLineLC, + "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "[^ ] %" HF_XSTR( + HF_STR_LEN_MINUS_1) "[^:\n]:%zu", + &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName, + &funcs[frameIdx].line) == 4) { + continue; + } + /* + * Frames w/o symbols + * #2 0x565584f4 (/mnt/z/test+0x34f4) + */ + if (sscanf(pLineLC, "#%*u 0x%p%*[^(](%" HF_XSTR(HF_STR_LEN_MINUS_1) "[^)\n]", + &funcs[frameIdx].pc, funcs[frameIdx].mapName) == 2) { + continue; + } + } + } + + return frameIdx; +} diff --git a/sanitizers.h b/sanitizers.h index 02f85c82..068b6a6a 100644 --- a/sanitizers.h +++ b/sanitizers.h @@ -28,6 +28,33 @@ /* Prefix for sanitizer report files */ #define kLOGPREFIX "HF.sanitizer.log" +/* String buffer size for function names in stack traces produced from libunwind */ +#define _HF_FUNC_NAME_SZ 256 // Should be alright for mangled C++ procs too +#define _HF_FUNC_NAME_SZ_MINUS_1 255 // For scanf() +#define _HF_MAX_FUNCS 80 + +typedef struct { + void* pc; + + /* If ASan custom parsing, function not available without symbolication */ + char func[_HF_FUNC_NAME_SZ]; + + /* + * If libuwind proc maps is used to retrieve map name + * If ASan custom parsing it's retrieved from generated report file + */ + char mapName[HF_STR_LEN]; + + /* + * If libunwind + bfd symbolizer, line is actual symbol file line + * If libunwind + custom (e.g. Android), line is offset from function symbol + * If ASan custom parsing, line is offset from matching map load base address + */ + size_t line; +} funcs_t; + extern bool sanitizers_Init(honggfuzz_t* hfuzz); +extern int sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* crashAddr, + uint64_t* pc, const char** op, char description[HF_STR_LEN]); #endif /* _HF_SANITIZERS_H_ */ -- cgit v1.2.3 From a46cf59a294f02f0c27f484b1afd10c4867b2734 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Dec 2019 16:42:53 +0100 Subject: sanitizers: correctly parse pc/crashAddr --- sanitizers.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sanitizers.c b/sanitizers.c index 6788e2f4..c07118d4 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -138,7 +138,7 @@ bool sanitizers_Init(honggfuzz_t* hfuzz) { return true; } -int sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* crashAddr, uint64_t* pc, +int sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* pc, uint64_t* crashAddr, const char** op, char description[HF_STR_LEN]) { char crashReport[PATH_MAX]; const char* crashReportCpy = crashReport; @@ -186,6 +186,10 @@ int sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* cras sscanf(lineptr, "==%*d==ERROR: AddressSanitizer: %*[^ ] on address 0x%" PRIx64 " at pc 0x%" PRIx64, pc, crashAddr); + sscanf(lineptr, + "==%*d==ERROR: AddressSanitizer: %*[^ ] on %*s address 0x%" PRIx64 + " (pc 0x%" PRIx64, + crashAddr, pc); sscanf(lineptr, "==%*d==ERROR: AddressSanitizer: %" HF_XSTR(HF_STR_LEN_MINUS_1) "[^\n]", description); } else { -- cgit v1.2.3 From 199428ed6fd32958eb90f88c6137864c2103bff5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Dec 2019 17:45:12 +0100 Subject: sanitizers/linux: remove monitorSIGABRT convention: now SIGABRT is always monitored. For Android another option will be implemented to avoid extensive SIGABRT system logging - 'kill upon SIGABRT' --- cmdline.c | 14 +-- honggfuzz.h | 1 - linux/arch.c | 22 +---- linux/trace.c | 307 +++++++++++---------------------------------------------- linux/trace.h | 1 - mac/arch.c | 5 - netbsd/trace.c | 6 +- posix/arch.c | 10 +- sanitizers.c | 25 ++--- sanitizers.h | 7 +- 10 files changed, 75 insertions(+), 323 deletions(-) diff --git a/cmdline.c b/cmdline.c index 3939edc2..8601c18e 100644 --- a/cmdline.c +++ b/cmdline.c @@ -313,11 +313,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .report_mutex = PTHREAD_MUTEX_INITIALIZER, .reportFile = NULL, .dynFileIterExpire = 0, -#if defined(__ANDROID__) - .monitorSIGABRT = false, -#else - .monitorSIGABRT = true, -#endif .only_printable = false, .minimize = false, .switchingToFDM = false, @@ -442,7 +437,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "tmout_sigvtalrm", no_argument, NULL, 'T' }, "Use SIGVTALRM to kill timeouting processes (default: use SIGKILL)" }, { { "sanitizers", no_argument, NULL, 'S' }, "** DEPRECATED ** Enable sanitizers settings (default: false)" }, { { "sanitizer_del_report", required_argument, NULL, 0x10F }, "Delete sanitizer report after use (default: false)" }, - { { "monitor_sigabrt", required_argument, NULL, 0x105 }, "Monitor SIGABRT (default: false for Android, true for other platforms)" }, + { { "monitor_sigabrt", required_argument, NULL, 0x105 }, "*DEPRECATED* SIGABRT is always monitored" }, { { "no_fb_timeout", required_argument, NULL, 0x106 }, "Skip feedback if the process has timeouted (default: false)" }, { { "exit_upon_crash", no_argument, NULL, 0x107 }, "Exit upon seeing the first crash (default: false)" }, { { "socket_fuzzer", no_argument, NULL, 0x10B }, "Instrument external fuzzer via socket" }, @@ -618,13 +613,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { case 0x110: hfuzz->exe.feedbackMutateCommand = optarg; break; - case 0x105: - if ((strcasecmp(optarg, "0") == 0) || (strcasecmp(optarg, "false") == 0)) { - hfuzz->cfg.monitorSIGABRT = false; - } else { - hfuzz->cfg.monitorSIGABRT = true; - } - break; case 0x106: hfuzz->feedback.skipFeedbackOnTimeout = true; break; diff --git a/honggfuzz.h b/honggfuzz.h index a55e23e0..e7289a98 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -249,7 +249,6 @@ typedef struct { bool exitUponCrash; const char* reportFile; pthread_mutex_t report_mutex; - bool monitorSIGABRT; size_t dynFileIterExpire; bool only_printable; bool minimize; diff --git a/linux/arch.c b/linux/arch.c index b25a7ce2..2496a8cb 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -285,21 +285,6 @@ void arch_reapChild(run_t* run) { break; } } - if (run->global->sanitizer.enable) { - char crashReport[PATH_MAX]; - snprintf(crashReport, sizeof(crashReport), "%s/%s.%d", run->global->io.workDir, kLOGPREFIX, - run->pid); - if (files_exists(crashReport)) { - if (run->backtrace) { - unlink(crashReport); - } else { - LOG_W("Un-handled ASan report due to compiler-rt internal error - retry with '%s'", - crashReport); - /* Try to parse report file */ - arch_traceExitAnalyze(run, run->pid); - } - } - } arch_perfAnalyze(run); } @@ -408,11 +393,10 @@ bool arch_archInit(honggfuzz_t* hfuzz) { arch_traceSignalsInit(hfuzz); /* - * If sanitizer fuzzing enabled and SIGABRT is monitored (abort_on_error=1), - * increase number of major frames, since top 7-9 frames will be occupied - * with sanitizer runtime library & libc symbols + * If sanitizer fuzzing enabled increase number of major frames, since top 7-9 frames will be + * occupied with sanitizer runtime library & libc symbols */ - if (hfuzz->sanitizer.enable && hfuzz->cfg.monitorSIGABRT) { + if (hfuzz->sanitizer.enable) { hfuzz->linux.numMajorFrames = 14; } diff --git a/linux/trace.c b/linux/trace.c index 20544827..4179d395 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -256,8 +256,7 @@ static struct { [SIGBUS].important = true, [SIGBUS].descr = "SIGBUS", - /* Is affected from monitorSIGABRT flag */ - [SIGABRT].important = false, + [SIGABRT].important = true, [SIGABRT].descr = "SIGABRT", /* Is affected from tmoutVTALRM flag */ @@ -454,24 +453,18 @@ static size_t arch_getPC(pid_t pid, uint64_t* pc, uint64_t* status_reg HF_ATTR_U return 0; } -static void arch_getInstrStr(pid_t pid, uint64_t* pc, char* instr) { +static void arch_getInstrStr( + pid_t pid, uint64_t pc, uint64_t status_reg HF_ATTR_UNUSED, char* instr) { /* * We need a value aligned to 8 * which is sizeof(long) on 64bit CPU archs (on most of them, I hope;) */ uint8_t buf[MAX_INSTR_SZ]; size_t memsz; - uint64_t status_reg = 0; snprintf(instr, _HF_INSTR_SZ, "%s", "[UNKNOWN]"); - size_t pcRegSz = arch_getPC(pid, pc, &status_reg); - if (!pcRegSz) { - LOG_W("Current architecture not supported for disassembly"); - return; - } - - if ((memsz = arch_getProcMem(pid, buf, sizeof(buf), *pc)) == 0) { + if ((memsz = arch_getProcMem(pid, buf, sizeof(buf), pc)) == 0) { snprintf(instr, _HF_INSTR_SZ, "%s", "[NOT_MMAPED]"); return; } @@ -502,7 +495,7 @@ static void arch_getInstrStr(pid_t pid, uint64_t* pc, char* instr) { } cs_insn* insn; - size_t count = cs_disasm(handle, buf, sizeof(buf), *pc, 0, &insn); + size_t count = cs_disasm(handle, buf, sizeof(buf), pc, 0, &insn); if (count < 1) { LOG_W("Couldn't disassemble the assembler instructions' stream: '%s'", @@ -552,9 +545,10 @@ static void arch_hashCallstack(run_t* run, funcs_t* funcs, size_t funcCnt, bool run->backtrace = hash; } -static void arch_traceGenerateReport( - pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, siginfo_t* si, const char* instr) { +static void arch_traceGenerateReport(pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, + siginfo_t* si, const char* instr, const char description[HF_STR_LEN]) { util_ssnprintf(run->report, sizeof(run->report), "CRASH:\n"); + util_ssnprintf(run->report, sizeof(run->report), "DESCRIPTION: %s\n", description); util_ssnprintf(run->report, sizeof(run->report), "ORIG_FNAME: %s\n", run->origFileName); util_ssnprintf(run->report, sizeof(run->report), "FUZZ_FNAME: %s\n", run->crashFileName); util_ssnprintf(run->report, sizeof(run->report), "PID: %d\n", pid); @@ -598,41 +592,38 @@ static void arch_traceGenerateReport( } static void arch_traceAnalyzeData(run_t* run, pid_t pid) { - uint64_t pc = 0, status_reg = 0; - size_t pcRegSz = arch_getPC(pid, &pc, &status_reg); - if (!pcRegSz) { - LOG_W("ptrace arch_getPC failed"); - return; - } - - /* - * Unwind and resolve symbols - */ - funcs_t* funcs = util_Malloc(_HF_MAX_FUNCS * sizeof(funcs_t)); + funcs_t* funcs = util_Calloc(_HF_MAX_FUNCS * sizeof(funcs_t)); defer { free(funcs); }; - memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t)); + uint64_t pc = 0, crashAddr = 0; + const char* op = "UNKNOWN"; + char description[HF_STR_LEN] = {}; + size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, &op, description); + + if (funcCnt <= 0) { + funcCnt = arch_unwindStack(pid, funcs); #if !defined(__ANDROID__) - size_t funcCnt = arch_unwindStack(pid, funcs); - arch_bfdResolveSyms(pid, funcs, funcCnt); -#else - size_t funcCnt = arch_unwindStack(pid, funcs); -#endif + arch_bfdResolveSyms(pid, funcs, funcCnt); +#endif /* !defined(__ANDROID__) */ + + uint64_t status_reg = 0; + size_t pcRegSz = arch_getPC(pid, &pc, &status_reg); + if (!pcRegSz) { + LOG_W("ptrace arch_getPC failed"); + return; + } + } /* * If unwinder failed (zero frames), use PC from ptrace GETREGS if not zero. * If PC reg zero return and callers should handle zero hash case. */ - if (funcCnt == 0) { - if (pc) { - /* Manually update major frame PC & frames counter */ - funcs[0].pc = (void*)(uintptr_t)pc; - funcCnt = 1; - } else { - return; - } + if (funcCnt <= 0) { + /* Manually update major frame PC & frames counter */ + funcs[0].pc = (void*)(uintptr_t)pc; + funcCnt = 1; } /* @@ -642,20 +633,24 @@ static void arch_traceAnalyzeData(run_t* run, pid_t pid) { } static void arch_traceSaveData(run_t* run, pid_t pid) { - uint64_t pc = 0; - /* Local copy since flag is overridden for some crashes */ bool saveUnique = run->global->io.saveUnique; char instr[_HF_INSTR_SZ] = "\x00"; - siginfo_t si; - bzero(&si, sizeof(si)); + siginfo_t si = {}; if (ptrace(PTRACE_GETSIGINFO, pid, 0, &si) == -1) { PLOG_W("Couldn't get siginfo for pid %d", pid); } - arch_getInstrStr(pid, &pc, instr); + uint64_t pc = 0; + uint64_t status_reg = 0; + size_t pcRegSz = arch_getPC(pid, &pc, &status_reg); + if (!pcRegSz) { + LOG_W("ptrace arch_getPC failed"); + return; + } + arch_getInstrStr(pid, pc, status_reg, instr); LOG_D("Pid: %d, signo: %d, errno: %d, code: %d, addr: %p, pc: %" PRIx64 ", instr: '%s'", pid, si.si_signo, si.si_errno, si.si_code, si.si_addr, pc, instr); @@ -669,32 +664,32 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* * Unwind and resolve symbols */ - funcs_t* funcs = util_Malloc(_HF_MAX_FUNCS * sizeof(funcs_t)); + funcs_t* funcs = util_Calloc(_HF_MAX_FUNCS * sizeof(funcs_t)); defer { free(funcs); }; - memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t)); + uint64_t crashAddr = 0; + const char* op = "UNKNOWN"; + char description[HF_STR_LEN] = {}; + size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, &op, description); + + if (funcCnt <= 0) { + funcCnt = arch_unwindStack(pid, funcs); #if !defined(__ANDROID__) - size_t funcCnt = arch_unwindStack(pid, funcs); - arch_bfdResolveSyms(pid, funcs, funcCnt); -#else - size_t funcCnt = arch_unwindStack(pid, funcs); -#endif + arch_bfdResolveSyms(pid, funcs, funcCnt); +#endif /* !defined(__ANDROID__) */ + } /* * If unwinder failed (zero frames), use PC from ptrace GETREGS if not zero. * If PC reg zero, temporarily disable uniqueness flag since callstack * hash will be also zero, thus not safe for unique decisions. */ - if (funcCnt == 0) { - if (pc) { - /* Manually update major frame PC & frames counter */ - funcs[0].pc = (void*)(uintptr_t)pc; - funcCnt = 1; - } else { - saveUnique = false; - } + if (funcCnt <= 0) { + /* Manually update major frame PC & frames counter */ + funcs[0].pc = (void*)(uintptr_t)pc; + funcCnt = 1; } /* @@ -833,187 +828,11 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* If unique crash found, reset dynFile counter */ ATOMIC_CLEAR(run->global->cfg.dynFileIterExpire); - arch_traceGenerateReport(pid, run, funcs, funcCnt, &si, instr); -} - -/* - * Special book keeping for cases where crashes are detected based on exitcode and not - * a raised signal. Such case is the ASan fuzzing for Android. Crash file name maintains - * the same format for compatibility with post campaign tools. - */ -static void arch_traceExitSaveData(run_t* run, pid_t pid) { - uint64_t pc = 0; - uint64_t crashAddr = 0; - const char* op = "UNKNOWN"; - - /* Save only the first hit for each worker */ - if (run->crashFileName[0] != '\0') { - return; - } - - /* Increase global crashes counter */ - ATOMIC_POST_INC(run->global->cnts.crashesCnt); - ATOMIC_POST_AND(run->global->cfg.dynFileIterExpire, _HF_DYNFILE_SUB_MASK); - - /* If sanitizer produces reports with stack traces (e.g. ASan), they're parsed manually */ - int funcCnt = 0; - funcs_t* funcs = util_Malloc(_HF_MAX_FUNCS * sizeof(funcs_t)); - defer { - free(funcs); - }; - memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t)); - - char description[HF_STR_LEN] = {}; - funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, &op, description); - - /* - * -1 error indicates a file not found for report. This is expected to happen often since - * ASan report is generated once for crashing TID. Ptrace arch is not guaranteed to parse - * that TID first. Not setting the 'crashFileName' variable will ensure that this branch - * is executed again for all TIDs until the matching report is found - */ - if (funcCnt == -1) { - return; - } - - /* Since crash address is available, apply ignoreAddr filters */ - if (crashAddr < (uintptr_t)run->global->linux.ignoreAddr) { - LOG_I("Input is interesting, but the crash addr is %" PRIx64 " (below %p), skipping", - crashAddr, run->global->linux.ignoreAddr); - return; - } - - /* If frames successfully recovered, calculate stack hash & populate crash PC */ - arch_hashCallstack(run, funcs, funcCnt, false); - - /* - * Check if stackhash is blacklisted - */ - if (run->global->feedback.blacklist && - (fastArray64Search(run->global->feedback.blacklist, run->global->feedback.blacklistCnt, - run->backtrace) != -1)) { - LOG_I("Blacklisted stack hash '%" PRIx64 "', skipping", run->backtrace); - ATOMIC_POST_INC(run->global->cnts.blCrashesCnt); - return; - } - - /* If dry run mode, copy file with same name into workspace */ - if (run->global->mutate.mutationsPerRun == 0U && run->global->cfg.useVerifier) { - snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s", run->global->io.crashDir, - run->origFileName); - } else { - /* Keep the crashes file name format identical */ - if (run->backtrace != 0ULL && run->global->io.saveUnique) { - snprintf(run->crashFileName, sizeof(run->crashFileName), - "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%s.ADDR.%" PRIx64 ".INSTR.%s.%s", - run->global->io.crashDir, "SAN", pc, run->backtrace, op, crashAddr, "[UNKNOWN]", - run->global->io.fileExtn); - } else { - /* If no stack hash available, all crashes treated as unique */ - char localtmstr[HF_STR_LEN]; - util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL)); - snprintf(run->crashFileName, sizeof(run->crashFileName), - "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%s.ADDR.%" PRIx64 ".INSTR.%s.%s.%s", - run->global->io.crashDir, "SAN", pc, run->backtrace, op, crashAddr, "[UNKNOWN]", - localtmstr, run->global->io.fileExtn); - } - } - - uintptr_t savedBacktrace = run->backtrace; - int fd = TEMP_FAILURE_RETRY(open(run->crashFileName, O_WRONLY | O_EXCL | O_CREAT, 0600)); - if (fd == -1 && errno == EEXIST) { - LOG_I("It seems that '%s' already exists, skipping", run->crashFileName); - return; - } else if (fd == -1) { - PLOG_E("Cannot create output file '%s'", run->crashFileName); - return; - } else { - defer { - close(fd); - }; - if (files_writeToFd(fd, run->dynamicFile, run->dynamicFileSz)) { - LOG_I("Ok, that's interesting, saved new crash as '%s'", run->crashFileName); - /* Clear stack hash so that verifier can understand we hit a duplicate */ - run->backtrace = 0ULL; - /* Increase unique crashes counters */ - ATOMIC_POST_INC(run->global->cnts.uniqueCrashesCnt); - ATOMIC_CLEAR(run->global->cfg.dynFileIterExpire); - } else { - LOG_E("Couldn't save crash to '%s'", run->crashFileName); - /* In case of write error, clear crashFileName to so that other monitored TIDs can retry - */ - memset(run->crashFileName, 0, sizeof(run->crashFileName)); - return; - } - } - - /* Generate report */ - util_ssnprintf(run->report, sizeof(run->report), "CRASH:\n"); - util_ssnprintf(run->report, sizeof(run->report), "EXIT_CODE: %d\n", HF_SAN_EXIT_CODE); - util_ssnprintf(run->report, sizeof(run->report), "ORIG_FNAME: %s\n", run->origFileName); - util_ssnprintf(run->report, sizeof(run->report), "FUZZ_FNAME: %s\n", run->crashFileName); - util_ssnprintf(run->report, sizeof(run->report), "PID: %d\n", pid); - util_ssnprintf(run->report, sizeof(run->report), "OPERATION: %s\n", op); - util_ssnprintf(run->report, sizeof(run->report), "FAULT ADDRESS: %" PRIx64 "\n", crashAddr); - util_ssnprintf(run->report, sizeof(run->report), "DESCRIPTION: %s\n", description); - if (funcCnt > 0) { - util_ssnprintf(run->report, sizeof(run->report), "STACK HASH: %016zu\n", savedBacktrace); - util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); - for (int i = 0; i < funcCnt; i++) { - util_ssnprintf(run->report, sizeof(run->report), - " <" - "0x%016" PRIx64 "> ", - (uint64_t)(long)funcs[i].pc); - if (funcs[i].mapName[0] != '\0') { - util_ssnprintf(run->report, sizeof(run->report), "%s [%s:%zu]\n", funcs[i].func, - funcs[i].mapName, funcs[i].line); - } else { - util_ssnprintf(run->report, sizeof(run->report), "%s []\n", funcs[i].func); - } - } - } -} - -static void arch_traceExitAnalyzeData(run_t* run, pid_t pid) { - int funcCnt = 0; - funcs_t* funcs = util_Malloc(_HF_MAX_FUNCS * sizeof(funcs_t)); - defer { - free(funcs); - }; - memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t)); - - uint64_t pc = 0; - uint64_t crashAddr = 0; - const char* op = "UNKNOWN"; - char description[HF_STR_LEN] = {}; - funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, &op, description); - - /* - * -1 error indicates a file not found for report. This is expected to happen often since - * ASan report is generated once for crashing TID. Ptrace arch is not guaranteed to parse - * that TID first. Not setting the 'crashFileName' variable will ensure that this branch - * is executed again for all TIDs until the matching report is found - */ - if (funcCnt == -1) { - return; - } - - /* If frames successfully recovered, calculate stack hash & populate crash PC */ - arch_hashCallstack(run, funcs, funcCnt, false); -} - -void arch_traceExitAnalyze(run_t* run, pid_t pid) { - if (run->mainWorker) { - /* Main fuzzing threads */ - arch_traceExitSaveData(run, pid); - } else { - /* Post crash analysis (e.g. crashes verifier) */ - arch_traceExitAnalyzeData(run, pid); - } + arch_traceGenerateReport(pid, run, funcs, funcCnt, &si, instr, description); } #define __WEVENT(status) ((status & 0xFF0000) >> 16) -static void arch_traceEvent(run_t* run, int status, pid_t pid) { +static void arch_traceEvent(int status, pid_t pid) { LOG_D("PID: %d, Ptrace event: %d", pid, __WEVENT(status)); switch (__WEVENT(status)) { case PTRACE_EVENT_EXIT: { @@ -1026,9 +845,6 @@ static void arch_traceEvent(run_t* run, int status, pid_t pid) { if (WIFEXITED(event_msg)) { LOG_D("PID: %d exited with exit_code: %lu", pid, (unsigned long)WEXITSTATUS(event_msg)); - if (WEXITSTATUS(event_msg) == (unsigned long)HF_SAN_EXIT_CODE) { - arch_traceExitAnalyze(run, pid); - } } else if (WIFSIGNALED(event_msg)) { LOG_D( "PID: %d terminated with signal: %lu", pid, (unsigned long)WTERMSIG(event_msg)); @@ -1048,7 +864,7 @@ void arch_traceAnalyze(run_t* run, int status, pid_t pid) { * It's a ptrace event, deal with it elsewhere */ if (WIFSTOPPED(status) && __WEVENT(status)) { - return arch_traceEvent(run, status, pid); + return arch_traceEvent(status, pid); } if (WIFSTOPPED(status)) { @@ -1083,12 +899,6 @@ void arch_traceAnalyze(run_t* run, int status, pid_t pid) { * Process exited */ if (WIFEXITED(status)) { - /* - * Target exited with sanitizer defined exitcode (used when SIGABRT is not monitored) - */ - if (WEXITSTATUS(status) == (unsigned long)HF_SAN_EXIT_CODE) { - arch_traceExitAnalyze(run, pid); - } return; } @@ -1246,9 +1056,6 @@ void arch_traceDetach(pid_t pid) { } void arch_traceSignalsInit(honggfuzz_t* hfuzz) { - /* Default is true for all platforms except Android */ - arch_sigs[SIGABRT].important = hfuzz->cfg.monitorSIGABRT; - /* Default is false */ arch_sigs[SIGVTALRM].important = hfuzz->timing.tmoutVTALRM; diff --git a/linux/trace.h b/linux/trace.h index 277f1bf5..40b12f47 100644 --- a/linux/trace.h +++ b/linux/trace.h @@ -36,7 +36,6 @@ extern bool arch_traceWaitForPidStop(pid_t pid); extern bool arch_traceEnable(run_t* run); extern void arch_traceAnalyze(run_t* run, int status, pid_t pid); -extern void arch_traceExitAnalyze(run_t* run, pid_t pid); extern bool arch_traceAttach(run_t* run); extern void arch_traceDetach(pid_t pid); extern void arch_traceGetCustomPerf(run_t* run, pid_t pid, uint64_t* cnt); diff --git a/mac/arch.c b/mac/arch.c index ca896714..49075725 100644 --- a/mac/arch.c +++ b/mac/arch.c @@ -117,8 +117,6 @@ __attribute__((constructor)) void arch_initSigs(void) { arch_sigs[SIGSEGV].descr = "SIGSEGV"; arch_sigs[SIGBUS].important = true; arch_sigs[SIGBUS].descr = "SIGBUS"; - - /* Is affected from monitorSIGABRT flag */ arch_sigs[SIGABRT].important = true; arch_sigs[SIGABRT].descr = "SIGABRT"; @@ -490,9 +488,6 @@ bool arch_archInit(honggfuzz_t* hfuzz) { return false; } - /* Default is true for all platforms except Android */ - arch_sigs[SIGABRT].important = hfuzz->cfg.monitorSIGABRT; - /* Default is false */ arch_sigs[SIGVTALRM].important = hfuzz->timing.tmoutVTALRM; diff --git a/netbsd/trace.c b/netbsd/trace.c index f98240f7..15efe91d 100644 --- a/netbsd/trace.c +++ b/netbsd/trace.c @@ -100,8 +100,7 @@ static struct { [SIGBUS].important = true, [SIGBUS].descr = "SIGBUS", - /* Is affected from monitorSIGABRT flag */ - [SIGABRT].important = false, + [SIGABRT].important = true, [SIGABRT].descr = "SIGABRT", /* Is affected from tmoutVTALRM flag */ @@ -698,9 +697,6 @@ void arch_traceDetach(pid_t pid) { } void arch_traceSignalsInit(honggfuzz_t* hfuzz) { - /* Default is true for all platforms except Android */ - arch_sigs[SIGABRT].important = hfuzz->cfg.monitorSIGABRT; - /* Default is false */ arch_sigs[SIGVTALRM].important = hfuzz->timing.tmoutVTALRM; } diff --git a/posix/arch.c b/posix/arch.c index d553b1d7..f7ab0ede 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -67,8 +67,7 @@ struct { [SIGBUS].important = true, [SIGBUS].descr = "SIGBUS", - /* Is affected from monitorSIGABRT flag */ - [SIGABRT].important = false, + [SIGABRT].important = true, [SIGABRT].descr = "SIGABRT", /* Is affected from tmout_vtalrm flag */ @@ -249,12 +248,7 @@ void arch_reapChild(run_t* run) { } } -bool arch_archInit(honggfuzz_t* hfuzz) { - /* Default is true for all platforms except Android */ - arch_sigs[SIGABRT].important = hfuzz->cfg.monitorSIGABRT; - /* Default is false */ - arch_sigs[SIGVTALRM].important = hfuzz->timing.tmoutVTALRM; - +bool arch_archInit(honggfuzz_t* hfuzz HF_ATTR_UNUSED) { /* Make %'d work */ setlocale(LC_NUMERIC, "en_US.UTF-8"); diff --git a/sanitizers.c b/sanitizers.c index c07118d4..ab9f64a0 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -46,13 +46,6 @@ * will get caught from ptrace API, handling the discovered ASan internal crash. */ -/* 'log_path' output directory for sanitizer reports */ -#define kSANLOGDIR "log_path=" - -/* Raise SIGABRT on error or continue with exitcode logic */ -#define kABORT_ENABLED "abort_on_error=1" -#define kABORT_DISABLED "abort_on_error=0:exitcode=" HF_XSTR(HF_SAN_EXIT_CODE) - /* * Common sanitizer flags * @@ -69,7 +62,8 @@ "handle_sigbus=2:" \ "handle_abort=2:" \ "handle_sigill=2:" \ - "handle_sigfpe=2" + "handle_sigfpe=2:" \ + "abort_on_error=1" /* --{ ASan }-- */ /* @@ -103,18 +97,17 @@ "abort_on_error=1" static void sanitizers_AddFlag(honggfuzz_t* hfuzz, const char* env, const char* val) { - const char* abortFlag = hfuzz->cfg.monitorSIGABRT ? kABORT_ENABLED : kABORT_DISABLED; if (getenv(env)) { LOG_W("The '%s' envar is already set. Not overriding it!", env); return; } char buf[4096] = {}; - if (!hfuzz->sanitizer.enable) { - snprintf(buf, sizeof(buf), "%s=%s", env, kSAN_REGULAR); + if (hfuzz->sanitizer.enable) { + snprintf(buf, sizeof(buf), "%s=%s:log_path=%s/%s", env, val, hfuzz->io.workDir, kLOGPREFIX); } else { - snprintf(buf, sizeof(buf), "%s=%s:%s:%s%s/%s", env, val, abortFlag, kSANLOGDIR, - hfuzz->io.workDir, kLOGPREFIX); + snprintf(buf, sizeof(buf), "%s=%s:log_path=%s/%s", env, kSAN_REGULAR, hfuzz->io.workDir, + kLOGPREFIX); } /* * It will make ASAN to start background thread to check RSS mem use, which @@ -138,8 +131,8 @@ bool sanitizers_Init(honggfuzz_t* hfuzz) { return true; } -int sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* pc, uint64_t* crashAddr, - const char** op, char description[HF_STR_LEN]) { +size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* pc, + uint64_t* crashAddr, const char** op, char description[HF_STR_LEN]) { char crashReport[PATH_MAX]; const char* crashReportCpy = crashReport; snprintf( @@ -148,7 +141,7 @@ int sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* pc, FILE* fReport = fopen(crashReport, "rb"); if (fReport == NULL) { PLOG_D("Couldn't open '%s' - R/O mode", crashReport); - return -1; + return 0; } defer { fclose(fReport); diff --git a/sanitizers.h b/sanitizers.h index 068b6a6a..6fde4019 100644 --- a/sanitizers.h +++ b/sanitizers.h @@ -22,9 +22,6 @@ #include "honggfuzz.h" -/* Exit code is common for all sanitizers */ -#define HF_SAN_EXIT_CODE 103 - /* Prefix for sanitizer report files */ #define kLOGPREFIX "HF.sanitizer.log" @@ -54,7 +51,7 @@ typedef struct { } funcs_t; extern bool sanitizers_Init(honggfuzz_t* hfuzz); -extern int sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* crashAddr, - uint64_t* pc, const char** op, char description[HF_STR_LEN]); +extern size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* pc, + uint64_t* crashAddr, const char** op, char description[HF_STR_LEN]); #endif /* _HF_SANITIZERS_H_ */ -- cgit v1.2.3 From 749eea52e310f252a0073fd870e6d430a9907135 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Dec 2019 21:17:50 +0100 Subject: sanitizers: move arch_hashCallstack to sanitizers --- Makefile | 2 +- cmdline.c | 2 -- honggfuzz.h | 2 -- linux/arch.c | 8 -------- linux/trace.c | 37 ++----------------------------------- linux/trace.h | 3 --- netbsd/trace.c | 33 +++------------------------------ netbsd/trace.h | 3 --- sanitizers.c | 47 +++++++++++++++++++++++++++++++++++++++++++++-- sanitizers.h | 5 +++++ 10 files changed, 56 insertions(+), 86 deletions(-) diff --git a/Makefile b/Makefile index e20e9555..d6bc5812 100644 --- a/Makefile +++ b/Makefile @@ -442,7 +442,7 @@ netbsd/arch.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h netbsd/arch.o: libhfcommon/log.h libhfcommon/ns.h netbsd/trace.h subproc.h netbsd/trace.o: netbsd/trace.h honggfuzz.h libhfcommon/util.h netbsd/trace.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h -netbsd/trace.o: libhfcommon/log.h netbsd/unwind.h subproc.h +netbsd/trace.o: libhfcommon/log.h netbsd/unwind.h sanitizers.h subproc.h netbsd/unwind.o: netbsd/unwind.h honggfuzz.h libhfcommon/util.h netbsd/unwind.o: libhfcommon/common.h libhfcommon/log.h posix/arch.o: arch.h honggfuzz.h libhfcommon/util.h fuzz.h diff --git a/cmdline.c b/cmdline.c index 8601c18e..60a76ffd 100644 --- a/cmdline.c +++ b/cmdline.c @@ -366,7 +366,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .dynamicCutOffAddr = ~(0ULL), .disableRandomization = true, .ignoreAddr = NULL, - .numMajorFrames = 7, .symsBlFile = NULL, .symsBlCnt = 0, .symsBl = NULL, @@ -381,7 +380,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .netbsd = { .ignoreAddr = NULL, - .numMajorFrames = 7, .symsBlFile = NULL, .symsBlCnt = 0, .symsBl = NULL, diff --git a/honggfuzz.h b/honggfuzz.h index e7289a98..c508945b 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -289,7 +289,6 @@ typedef struct { uint64_t dynamicCutOffAddr; bool disableRandomization; void* ignoreAddr; - size_t numMajorFrames; const char* symsBlFile; char** symsBl; size_t symsBlCnt; @@ -303,7 +302,6 @@ typedef struct { /* For the NetBSD code */ struct { void* ignoreAddr; - size_t numMajorFrames; const char* symsBlFile; char** symsBl; size_t symsBlCnt; diff --git a/linux/arch.c b/linux/arch.c index 2496a8cb..526058ed 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -392,14 +392,6 @@ bool arch_archInit(honggfuzz_t* hfuzz) { /* Updates the important signal array based on input args */ arch_traceSignalsInit(hfuzz); - /* - * If sanitizer fuzzing enabled increase number of major frames, since top 7-9 frames will be - * occupied with sanitizer runtime library & libc symbols - */ - if (hfuzz->sanitizer.enable) { - hfuzz->linux.numMajorFrames = 14; - } - if (hfuzz->linux.cloneFlags && unshare(hfuzz->linux.cloneFlags) == -1) { LOG_E("unshare(%tx)", hfuzz->linux.cloneFlags); return false; diff --git a/linux/trace.c b/linux/trace.c index 4179d395..e0b5bcd9 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -62,12 +62,6 @@ #include "capstone/capstone.h" #endif -/* - * Size in characters required to store a string representation of a - * register value (0xdeadbeef style)) - */ -#define REGSIZEINCHAR (2 * sizeof(uint64_t) + 3) - #if defined(__i386__) || defined(__x86_64__) #define MAX_INSTR_SZ 16 #elif defined(__arm__) || defined(__powerpc__) || defined(__powerpc64__) @@ -518,33 +512,6 @@ static void arch_getInstrStr( return; } -static void arch_hashCallstack(run_t* run, funcs_t* funcs, size_t funcCnt, bool enableMasking) { - uint64_t hash = 0; - for (size_t i = 0; i < funcCnt && i < run->global->linux.numMajorFrames; i++) { - /* - * Convert PC to char array to be compatible with hash function - */ - char pcStr[REGSIZEINCHAR] = {0}; - snprintf(pcStr, REGSIZEINCHAR, "0x%016" PRIx64, (uint64_t)(long)funcs[i].pc); - - /* - * Hash the last three nibbles - */ - hash ^= util_hash(&pcStr[strlen(pcStr) - 3], 3); - } - - /* - * If only one frame, hash is not safe to be used for uniqueness. We mask it - * here with a constant prefix, so analyzers can pick it up and create filenames - * accordingly. 'enableMasking' is controlling masking for cases where it should - * not be enabled (e.g. fuzzer worker is from verifier). - */ - if (enableMasking && funcCnt == 1) { - hash |= _HF_SINGLE_FRAME_MASK; - } - run->backtrace = hash; -} - static void arch_traceGenerateReport(pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, siginfo_t* si, const char* instr, const char description[HF_STR_LEN]) { util_ssnprintf(run->report, sizeof(run->report), "CRASH:\n"); @@ -629,7 +596,7 @@ static void arch_traceAnalyzeData(run_t* run, pid_t pid) { /* * Calculate backtrace callstack hash signature */ - arch_hashCallstack(run, funcs, funcCnt, false); + run->backtrace = sanitizers_hashCallstack(run, funcs, funcCnt, false); } static void arch_traceSaveData(run_t* run, pid_t pid) { @@ -701,7 +668,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* * Calculate backtrace callstack hash signature */ - arch_hashCallstack(run, funcs, funcCnt, saveUnique); + run->backtrace = sanitizers_hashCallstack(run, funcs, funcCnt, saveUnique); /* * If unique flag is set and single frame crash, disable uniqueness for this crash diff --git a/linux/trace.h b/linux/trace.h index 40b12f47..35b2c987 100644 --- a/linux/trace.h +++ b/linux/trace.h @@ -30,9 +30,6 @@ #define _HF_DYNFILE_SUB_MASK 0xFFFUL // Zero-set two MSB -/* Constant prefix used for single frame crashes stackhash masking */ -#define _HF_SINGLE_FRAME_MASK 0xBADBAD0000000000 - extern bool arch_traceWaitForPidStop(pid_t pid); extern bool arch_traceEnable(run_t* run); extern void arch_traceAnalyze(run_t* run, int status, pid_t pid); diff --git a/netbsd/trace.c b/netbsd/trace.c index 15efe91d..acb38949 100644 --- a/netbsd/trace.c +++ b/netbsd/trace.c @@ -56,6 +56,7 @@ #include "libhfcommon/log.h" #include "libhfcommon/util.h" #include "netbsd/unwind.h" +#include "sanitizers.h" #include "subproc.h" #include @@ -234,34 +235,6 @@ static void arch_getInstrStr(pid_t pid, lwpid_t lwp, register_t* pc, char* instr return; } -static void arch_hashCallstack( - run_t* run, funcs_t* funcs HF_ATTR_UNUSED, size_t funcCnt, bool enableMasking) { - uint64_t hash = 0; - for (size_t i = 0; i < funcCnt && i < run->global->netbsd.numMajorFrames; i++) { - /* - * Convert PC to char array to be compatible with hash function - */ - char pcStr[REGSIZEINCHAR] = {0}; - snprintf(pcStr, REGSIZEINCHAR, "%" PRIxREGISTER, (register_t)(long)funcs[i].pc); - - /* - * Hash the last three nibbles - */ - hash ^= util_hash(&pcStr[strlen(pcStr) - 3], 3); - } - - /* - * If only one frame, hash is not safe to be used for uniqueness. We mask it - * here with a constant prefix, so analyzers can pick it up and create filenames - * accordingly. 'enableMasking' is controlling masking for cases where it should - * not be enabled (e.g. fuzzer worker is from verifier). - */ - if (enableMasking && funcCnt == 1) { - hash |= _HF_SINGLE_FRAME_MASK; - } - run->backtrace = hash; -} - static void arch_traceGenerateReport( pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, siginfo_t* si, const char* instr) { run->report[0] = '\0'; @@ -324,7 +297,7 @@ static void arch_traceAnalyzeData(run_t* run, pid_t pid) { /* * Calculate backtrace callstack hash signature */ - arch_hashCallstack(run, funcs, funcCnt, false); + run->backtrace = sanitizers_hashCallstack(run, funcs, funcCnt, false); } static void arch_traceSaveData(run_t* run, pid_t pid) { @@ -388,7 +361,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* * Calculate backtrace callstack hash signature */ - arch_hashCallstack(run, funcs, funcCnt, saveUnique); + run->backtrace = sanitizers_hashCallstack(run, funcs, funcCnt, saveUnique); /* * If unique flag is set and single frame crash, disable uniqueness for this crash diff --git a/netbsd/trace.h b/netbsd/trace.h index 73bf63ef..04f63cc6 100644 --- a/netbsd/trace.h +++ b/netbsd/trace.h @@ -30,9 +30,6 @@ #define _HF_DYNFILE_SUB_MASK 0xFFFUL // Zero-set two MSB -/* Constant prefix used for single frame crashes stackhash masking */ -#define _HF_SINGLE_FRAME_MASK 0xBADBAD0000000000 - extern bool arch_traceWaitForPidStop(pid_t pid); extern bool arch_traceEnable(run_t* run); extern void arch_traceAnalyze(run_t* run, int status, pid_t pid); diff --git a/sanitizers.c b/sanitizers.c index ab9f64a0..da268d5b 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -83,7 +83,7 @@ /* If no sanitzer support was requested, simply abort() on errors */ #define kSAN_REGULAR \ - "symbolize=0:" \ + "symbolize=1:" \ "detect_leaks=0:" \ "disable_coredump=0:" \ "detect_odr_violation=0:" \ @@ -248,5 +248,48 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p } } - return frameIdx; + return (frameIdx + 1); +} + +/* + * Size in characters required to store a string representation of a + * register value (0xdeadbeef style)) + */ +#define REGSIZEINCHAR (2 * sizeof(uint64_t) + 3) + +uint64_t sanitizers_hashCallstack(run_t* run, funcs_t* funcs, size_t funcCnt, bool enableMasking) { + size_t numFrames = 7; + /* + * If sanitizer fuzzing enabled increase number of major frames, since top 7-9 frames will be + * occupied with sanitizer runtime library & libc symbols + */ + if (run->global->sanitizer.enable) { + numFrames = 14; + } + + uint64_t hash = 0; + for (size_t i = 0; i < funcCnt && i < numFrames; i++) { + /* + * Convert PC to char array to be compatible with hash function + */ + char pcStr[REGSIZEINCHAR] = {0}; + snprintf(pcStr, REGSIZEINCHAR, "0x%016" PRIx64, (uint64_t)(long)funcs[i].pc); + + /* + * Hash the last three nibbles + */ + hash ^= util_hash(&pcStr[strlen(pcStr) - 3], 3); + } + + /* + * If only one frame, hash is not safe to be used for uniqueness. We mask it + * here with a constant prefix, so analyzers can pick it up and create filenames + * accordingly. 'enableMasking' is controlling masking for cases where it should + * not be enabled (e.g. fuzzer worker is from verifier). + */ + if (enableMasking && funcCnt == 1) { + hash |= _HF_SINGLE_FRAME_MASK; + } + + return hash; } diff --git a/sanitizers.h b/sanitizers.h index 6fde4019..f98551f8 100644 --- a/sanitizers.h +++ b/sanitizers.h @@ -30,6 +30,9 @@ #define _HF_FUNC_NAME_SZ_MINUS_1 255 // For scanf() #define _HF_MAX_FUNCS 80 +/* Constant prefix used for single frame crashes stackhash masking */ +#define _HF_SINGLE_FRAME_MASK 0xBADBAD0000000000 + typedef struct { void* pc; @@ -53,5 +56,7 @@ typedef struct { extern bool sanitizers_Init(honggfuzz_t* hfuzz); extern size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* pc, uint64_t* crashAddr, const char** op, char description[HF_STR_LEN]); +extern uint64_t sanitizers_hashCallstack( + run_t* run, funcs_t* funcs, size_t funcCnt, bool enableMasking); #endif /* _HF_SANITIZERS_H_ */ -- cgit v1.2.3 From 0dcbf330df7f4f6d1f849aecbfc19dc75961c3a1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Dec 2019 21:40:30 +0100 Subject: linux/trace: pass pcRegSz to arch_getInstrStr --- linux/trace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/linux/trace.c b/linux/trace.c index e0b5bcd9..9f920c3f 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -448,7 +448,7 @@ static size_t arch_getPC(pid_t pid, uint64_t* pc, uint64_t* status_reg HF_ATTR_U } static void arch_getInstrStr( - pid_t pid, uint64_t pc, uint64_t status_reg HF_ATTR_UNUSED, char* instr) { + pid_t pid, uint64_t pc, uint64_t status_reg HF_ATTR_UNUSED, size_t pcRegSz HF_ATTR_UNUSED, char* instr) { /* * We need a value aligned to 8 * which is sizeof(long) on 64bit CPU archs (on most of them, I hope;) @@ -617,7 +617,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { LOG_W("ptrace arch_getPC failed"); return; } - arch_getInstrStr(pid, pc, status_reg, instr); + arch_getInstrStr(pid, pc, status_reg, pcRegSz, instr); LOG_D("Pid: %d, signo: %d, errno: %d, code: %d, addr: %p, pc: %" PRIx64 ", instr: '%s'", pid, si.si_signo, si.si_errno, si.si_code, si.si_addr, pc, instr); -- cgit v1.2.3 From 4987bb9ca0dbd9755b0db08319b4d6b233634d2d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Dec 2019 21:58:58 +0100 Subject: cmdline: add cmdlineParseTrueFalse() to parse true/false arguments --- cmdline.c | 36 ++++++++++++++++++++++++++---------- linux/trace.c | 4 ++-- 2 files changed, 28 insertions(+), 12 deletions(-) diff --git a/cmdline.c b/cmdline.c index 60a76ffd..6b90e208 100644 --- a/cmdline.c +++ b/cmdline.c @@ -161,6 +161,26 @@ bool cmdlineAddEnv(honggfuzz_t* hfuzz, char* env) { return false; } +bool cmdlineParseTrueFalse(const char* optname, const char* optarg) { + if (!optarg) { + LOG_F("Option '--%s' needs an argument (true|false)", optname); + } + /* Probably '-' belong to the next option */ + if (optarg[0] == '-') { + LOG_F("Option '--%s' needs an argument (true|false)", optname); + } + if ((strcasecmp(optarg, "0") == 0) || (strcasecmp(optarg, "false") == 0) || + (strcasecmp(optarg, "n") == 0) || (strcasecmp(optarg, "no") == 0)) { + return false; + } + if ((strcasecmp(optarg, "1") == 0) || (strcasecmp(optarg, "true") == 0) || + (strcasecmp(optarg, "y") == 0) || (strcasecmp(optarg, "yes") == 0)) { + return true; + } + LOG_F("Unknown value for option --%s=%s. Use true or false", optname, optarg); + return false; +} + rlim_t cmdlineParseRLimit(int res, const char* optarg, unsigned long mul) { struct rlimit cur; if (getrlimit(res, &cur) == -1) { @@ -396,7 +416,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { struct custom_option custom_opts[] = { { { "help", no_argument, NULL, 'h' }, "Help plz.." }, { { "input", required_argument, NULL, 'i' }, "Path to a directory containing initial file corpus" }, - { { "output", required_argument, NULL, 0x601 }, "Output data (new dynamic coverage corpus, or the minimized coverage corpus) is written to this directory (default: input directory is used)" }, + { { "output", required_argument, NULL, 'o' }, "Output data (new dynamic coverage corpus, or the minimized coverage corpus) is written to this directory (default: input directory is re-used)" }, { { "persistent", no_argument, NULL, 'P' }, "Enable persistent fuzzing (use hfuzz_cc/hfuzz-clang to compile code). This will be auto-detected!!!" }, { { "instrument", no_argument, NULL, 'z' }, "*DEFAULT-MODE-BY-DEFAULT* Enable compile-time instrumentation (use hfuzz_cc/hfuzz-clang to compile code)" }, { { "minimize", no_argument, NULL, 'M' }, "Minimize the input corpus. It will most likely delete some corpus files (from the --input directory) if no --output is used!" }, @@ -404,7 +424,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "keep_output", no_argument, NULL, 'Q' }, "Don't close children's stdin, stdout, stderr; can be noisy" }, { { "timeout", required_argument, NULL, 't' }, "Timeout in seconds (default: 10)" }, { { "threads", required_argument, NULL, 'n' }, "Number of concurrent fuzzing threads (default: number of CPUs / 2)" }, - { { "stdin_input", no_argument, NULL, 's' }, "Provide fuzzing input on STDIN, instead of ___FILE___" }, + { { "stdin_input", no_argument, NULL, 's' }, "Provide fuzzing input on STDIN, instead of " _HF_FILE_PLACEHOLDER }, { { "mutations_per_run", required_argument, NULL, 'r' }, "Maximal number of mutations per one run (default: 6)" }, { { "logfile", required_argument, NULL, 'l' }, "Log file" }, { { "verbose", no_argument, NULL, 'v' }, "Disable ANSI console; use simple log output" }, @@ -414,7 +434,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "extension", required_argument, NULL, 'e' }, "Input file extension (e.g. 'swf'), (default: 'fuzz')" }, { { "workspace", required_argument, NULL, 'W' }, "Workspace directory to save crashes & runtime files (default: '.')" }, { { "crashdir", required_argument, NULL, 0x600 }, "Directory where crashes are saved to (default: workspace directory)" }, - { { "covdir_all", required_argument, NULL, 0x601 }, "** DEPRECATED ** use --output" }, + { { "covdir_all", required_argument, NULL, 'o' }, "** DEPRECATED ** use --output" }, { { "covdir_new", required_argument, NULL, 0x602 }, "New coverage (beyond the dry-run fuzzing phase) is written to this separate directory" }, { { "dict", required_argument, NULL, 'w' }, "Dictionary file. Format:http://llvm.org/docs/LibFuzzer.html#dictionaries" }, { { "stackhash_bl", required_argument, NULL, 'B' }, "Stackhashes blacklist file (one entry per line)" }, @@ -435,7 +455,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "tmout_sigvtalrm", no_argument, NULL, 'T' }, "Use SIGVTALRM to kill timeouting processes (default: use SIGKILL)" }, { { "sanitizers", no_argument, NULL, 'S' }, "** DEPRECATED ** Enable sanitizers settings (default: false)" }, { { "sanitizer_del_report", required_argument, NULL, 0x10F }, "Delete sanitizer report after use (default: false)" }, - { { "monitor_sigabrt", required_argument, NULL, 0x105 }, "*DEPRECATED* SIGABRT is always monitored" }, + { { "monitor_sigabrt", required_argument, NULL, 0x105 }, "** DEPRECATED ** SIGABRT is always monitored" }, { { "no_fb_timeout", required_argument, NULL, 0x106 }, "Skip feedback if the process has timeouted (default: false)" }, { { "exit_upon_crash", no_argument, NULL, 0x107 }, "Exit upon seeing the first crash (default: false)" }, { { "socket_fuzzer", no_argument, NULL, 0x10B }, "Instrument external fuzzer via socket" }, @@ -526,7 +546,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { case 0x600: hfuzz->io.crashDir = optarg; break; - case 0x601: + case 'o': hfuzz->io.outputDir = optarg; break; case 0x602: @@ -542,11 +562,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { hfuzz->sanitizer.enable = true; break; case 0x10F: - if ((strcasecmp(optarg, "0") == 0) || (strcasecmp(optarg, "false") == 0)) { - hfuzz->sanitizer.del_report = false; - } else { - hfuzz->sanitizer.del_report = true; - } + hfuzz->sanitizer.del_report = cmdlineParseTrueFalse(opts[opt_index].name, optarg); break; case 0x10B: hfuzz->socketFuzzer.enabled = true; diff --git a/linux/trace.c b/linux/trace.c index 9f920c3f..7a3a4060 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -447,8 +447,8 @@ static size_t arch_getPC(pid_t pid, uint64_t* pc, uint64_t* status_reg HF_ATTR_U return 0; } -static void arch_getInstrStr( - pid_t pid, uint64_t pc, uint64_t status_reg HF_ATTR_UNUSED, size_t pcRegSz HF_ATTR_UNUSED, char* instr) { +static void arch_getInstrStr(pid_t pid, uint64_t pc, uint64_t status_reg HF_ATTR_UNUSED, + size_t pcRegSz HF_ATTR_UNUSED, char* instr) { /* * We need a value aligned to 8 * which is sizeof(long) on 64bit CPU archs (on most of them, I hope;) -- cgit v1.2.3 From 5915799152df4aee2cd36db4fadfe905e018adf9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Dec 2019 23:14:38 +0100 Subject: linux/unwind: use also dynamic symbol table --- linux/bfd.c | 47 +++++++++++++++++++++++++++++++++++++---------- 1 file changed, 37 insertions(+), 10 deletions(-) diff --git a/linux/bfd.c b/linux/bfd.c index cfa55ecd..b5e7aa34 100644 --- a/linux/bfd.c +++ b/linux/bfd.c @@ -42,8 +42,8 @@ typedef struct { bfd* bfdh; - asection* section; asymbol** syms; + asymbol** dsyms; } bfd_t; /* @@ -74,14 +74,16 @@ static bool arch_bfdInit(pid_t pid, bfd_t* bfdParams) { LOG_E("bfd_get_symtab_upper_bound() returned '%d'", storage_needed); return false; } - - bfdParams->syms = (asymbol**)util_Malloc(storage_needed); + bfdParams->syms = (asymbol**)util_Calloc(storage_needed); bfd_canonicalize_symtab(bfdParams->bfdh, bfdParams->syms); - if ((bfdParams->section = bfd_get_section_by_name(bfdParams->bfdh, ".text")) == NULL) { - LOG_E("bfd_get_section_by_name('.text') failed"); + storage_needed = bfd_get_dynamic_symtab_upper_bound(bfdParams->bfdh); + if (storage_needed <= 0) { + LOG_E("bfd_get_dynamic_symtab_upper_bound() returned '%d'", storage_needed); return false; } + bfdParams->dsyms = (asymbol**)util_Calloc(storage_needed); + bfd_canonicalize_dynamic_symtab(bfdParams->bfdh, bfdParams->dsyms); return true; } @@ -89,10 +91,27 @@ static bool arch_bfdInit(pid_t pid, bfd_t* bfdParams) { static void arch_bfdDestroy(bfd_t* bfdParams) { if (bfdParams->syms) { free(bfdParams->syms); + bfdParams->syms = NULL; + } + if (bfdParams->dsyms) { + free(bfdParams->dsyms); + bfdParams->dsyms = NULL; } if (bfdParams->bfdh) { bfd_close(bfdParams->bfdh); + bfdParams->bfdh = NULL; + } +} + +static struct bfd_section* arch_getSectionForPc(bfd* bfdh, uint64_t pc) { + for (struct bfd_section* section = bfdh->sections; section; section = section->next) { + uintptr_t vma = (uintptr_t)bfd_get_section_vma(bfdh, section); + uintptr_t sz = (uintptr_t)bfd_get_section_size(section); + if ((pc > vma) && (pc < (vma + sz))) { + return section; + } } + return NULL; } void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num) { @@ -103,8 +122,8 @@ void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num) { __block bfd_t bfdParams = { .bfdh = NULL, - .section = NULL, .syms = NULL, + .dsyms = NULL, }; if (arch_bfdInit(pid, &bfdParams) == false) { @@ -115,16 +134,24 @@ void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num) { const char* file; unsigned int line; for (unsigned int i = 0; i < num; i++) { - snprintf(funcs[i].func, sizeof(funcs->func), "[UNKNOWN]"); + snprintf(funcs[i].func, sizeof(funcs->func), "UNKNOWN"); if (funcs[i].pc == NULL) { continue; } - long offset = (long)funcs[i].pc - bfdParams.section->vma; - if ((offset < 0 || (unsigned long)offset > bfdParams.section->size)) { + struct bfd_section* section = arch_getSectionForPc(bfdParams.bfdh, (uintptr_t)funcs[i].pc); + if (section == NULL) { continue; } + + long sec_offset = (long)funcs[i].pc - bfd_get_section_vma(bfdParams.bfdh, section); + + if (bfd_find_nearest_line( + bfdParams.bfdh, section, bfdParams.syms, sec_offset, &file, &func, &line) == TRUE) { + snprintf(funcs[i].func, sizeof(funcs->func), "%s", func); + funcs[i].line = line; + } if (bfd_find_nearest_line( - bfdParams.bfdh, bfdParams.section, bfdParams.syms, offset, &file, &func, &line)) { + bfdParams.bfdh, section, bfdParams.syms, sec_offset, &file, &func, &line) == TRUE) { snprintf(funcs[i].func, sizeof(funcs->func), "%s", func); funcs[i].line = line; } -- cgit v1.2.3 From 4ac34a6e489d429b0d2f88f018e6099c9e6949e5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Dec 2019 23:21:00 +0100 Subject: sanitizer: make parser memory|address|undefined|.etc aware --- sanitizers.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sanitizers.c b/sanitizers.c index da268d5b..fa0df59e 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -177,13 +177,13 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p } headerFound = true; sscanf(lineptr, - "==%*d==ERROR: AddressSanitizer: %*[^ ] on address 0x%" PRIx64 " at pc 0x%" PRIx64, + "==%*d==ERROR: %*[^:]: %*[^ ] on address 0x%" PRIx64 " at pc 0x%" PRIx64, pc, crashAddr); sscanf(lineptr, - "==%*d==ERROR: AddressSanitizer: %*[^ ] on %*s address 0x%" PRIx64 + "==%*d==ERROR: %*[^:]: %*[^ ] on %*s address 0x%" PRIx64 " (pc 0x%" PRIx64, crashAddr, pc); - sscanf(lineptr, "==%*d==ERROR: AddressSanitizer: %" HF_XSTR(HF_STR_LEN_MINUS_1) "[^\n]", + sscanf(lineptr, "==%*d==ERROR: %" HF_XSTR(HF_STR_LEN_MINUS_1) "[^\n]", description); } else { char* pLineLC = lineptr; -- cgit v1.2.3 From 5a1adc2c8a512615ad43fa8dcae993a6ca53b199 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Dec 2019 23:21:39 +0100 Subject: sanitizer: make parser memory|address|undefined|.etc aware #2 --- sanitizers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sanitizers.c b/sanitizers.c index fa0df59e..8b11aba4 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -166,7 +166,7 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p /* First step is to identify header */ if (!headerFound) { int reportpid = 0; - if (sscanf(lineptr, "==%d==ERROR: AddressSanitizer:", &reportpid) != 1) { + if (sscanf(lineptr, "==%d==ERROR: ", &reportpid) != 1) { continue; } if (reportpid != pid) { -- cgit v1.2.3 From 1586d05ebbb7ab57011416369b576cf53bd2db82 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Dec 2019 23:28:30 +0100 Subject: netbsd: use funcs_t from sanitizers.h --- netbsd/unwind.h | 23 ++--------------------- 1 file changed, 2 insertions(+), 21 deletions(-) diff --git a/netbsd/unwind.h b/netbsd/unwind.h index 133e2615..e681f57e 100644 --- a/netbsd/unwind.h +++ b/netbsd/unwind.h @@ -27,30 +27,11 @@ #include #include +#include "sanitizers.h" + /* String buffer size for function names in stack traces produced from libunwind */ #define _HF_FUNC_NAME_SZ 256 // Should be alright for mangled C++ procs too -#define _HF_MAX_FUNCS 80 -typedef struct { - void* pc; - - /* If ASan custom parsing, function not available without symbolication */ - char func[_HF_FUNC_NAME_SZ]; - - /* - * If libuwind proc maps is used to retrieve map name - * If ASan custom parsing it's retrieved from generated report file - */ - char mapName[PATH_MAX]; - - /* - * If libunwind + bfd symbolizer, line is actual symbol file line - * If libunwind + custom (e.g. Android), line is offset from function symbol - * If ASan custom parsing, line is offset from matching map load base address - */ - size_t line; -} funcs_t; - extern char* arch_btContainsSymbol( size_t symbolsListSz, char** symbolsList, size_t num_frames, funcs_t* funcs); -- cgit v1.2.3 From 5a7b224a58dbda409684f423bfd1334ae8ba6f2a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 00:03:23 +0100 Subject: make indent depend --- Makefile | 2 +- sanitizers.c | 10 ++++------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index d6bc5812..1c7f2e80 100644 --- a/Makefile +++ b/Makefile @@ -443,7 +443,7 @@ netbsd/arch.o: libhfcommon/log.h libhfcommon/ns.h netbsd/trace.h subproc.h netbsd/trace.o: netbsd/trace.h honggfuzz.h libhfcommon/util.h netbsd/trace.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h netbsd/trace.o: libhfcommon/log.h netbsd/unwind.h sanitizers.h subproc.h -netbsd/unwind.o: netbsd/unwind.h honggfuzz.h libhfcommon/util.h +netbsd/unwind.o: netbsd/unwind.h sanitizers.h honggfuzz.h libhfcommon/util.h netbsd/unwind.o: libhfcommon/common.h libhfcommon/log.h posix/arch.o: arch.h honggfuzz.h libhfcommon/util.h fuzz.h posix/arch.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h diff --git a/sanitizers.c b/sanitizers.c index 8b11aba4..9683aa5f 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -177,14 +177,12 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p } headerFound = true; sscanf(lineptr, - "==%*d==ERROR: %*[^:]: %*[^ ] on address 0x%" PRIx64 " at pc 0x%" PRIx64, - pc, crashAddr); + "==%*d==ERROR: %*[^:]: %*[^ ] on address 0x%" PRIx64 " at pc 0x%" PRIx64, pc, + crashAddr); sscanf(lineptr, - "==%*d==ERROR: %*[^:]: %*[^ ] on %*s address 0x%" PRIx64 - " (pc 0x%" PRIx64, + "==%*d==ERROR: %*[^:]: %*[^ ] on %*s address 0x%" PRIx64 " (pc 0x%" PRIx64, crashAddr, pc); - sscanf(lineptr, "==%*d==ERROR: %" HF_XSTR(HF_STR_LEN_MINUS_1) "[^\n]", - description); + sscanf(lineptr, "==%*d==ERROR: %" HF_XSTR(HF_STR_LEN_MINUS_1) "[^\n]", description); } else { char* pLineLC = lineptr; /* Trim leading spaces */ -- cgit v1.2.3 From 278374c74e70b7f5f8a250612717e73e02a95eaa Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 01:58:05 +0100 Subject: sanitizers+linux/trace: add another asan report parsing format, and simplify generated report --- linux/bfd.c | 2 ++ linux/trace.c | 16 +++------------- sanitizers.c | 21 +++++++++++++++------ sanitizers.h | 5 +++++ 4 files changed, 25 insertions(+), 19 deletions(-) diff --git a/linux/bfd.c b/linux/bfd.c index b5e7aa34..5d8eeb1d 100644 --- a/linux/bfd.c +++ b/linux/bfd.c @@ -148,11 +148,13 @@ void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num) { if (bfd_find_nearest_line( bfdParams.bfdh, section, bfdParams.syms, sec_offset, &file, &func, &line) == TRUE) { snprintf(funcs[i].func, sizeof(funcs->func), "%s", func); + snprintf(funcs[i].file, sizeof(funcs->file), "%s", file); funcs[i].line = line; } if (bfd_find_nearest_line( bfdParams.bfdh, section, bfdParams.syms, sec_offset, &file, &func, &line) == TRUE) { snprintf(funcs[i].func, sizeof(funcs->func), "%s", func); + snprintf(funcs[i].file, sizeof(funcs->file), "%s", file); funcs[i].line = line; } } diff --git a/linux/trace.c b/linux/trace.c index 7a3a4060..44ceec43 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -528,22 +528,12 @@ static void arch_traceGenerateReport(pid_t pid, run_t* run, funcs_t* funcs, size run->report, sizeof(run->report), "STACK HASH: %016" PRIx64 "\n", run->backtrace); util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); for (size_t i = 0; i < funcCnt; i++) { -#ifdef __HF_USE_CAPSTONE__ util_ssnprintf(run->report, sizeof(run->report), " <" "0x%016" PRIx64 "> ", - (uint64_t)(long)funcs[i].pc); - if (funcs[i].func[0] != '\0') - util_ssnprintf(run->report, sizeof(run->report), "[%s() + 0x%tx at %s]\n", - funcs[i].func, funcs[i].line, funcs[i].mapName); - else - util_ssnprintf(run->report, sizeof(run->report), "[]\n"); -#else - util_ssnprintf(run->report, sizeof(run->report), - " <" - "0x%016" PRIx64 "> [%s():%zu at %s]\n", - (uint64_t)(long)funcs[i].pc, funcs[i].func, funcs[i].line, funcs[i].mapName); -#endif + (uint64_t)funcs[i].pc); + util_ssnprintf(run->report, sizeof(run->report), "[%s():%zu module:%s file:%s]\n", + funcs[i].func, funcs[i].line, funcs[i].mapName, funcs[i].file); } // libunwind is not working for 32bit targets in 64bit systems diff --git a/sanitizers.c b/sanitizers.c index 9683aa5f..ea388617 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -213,36 +213,45 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p break; } + snprintf(funcs[frameIdx].func, sizeof(funcs[frameIdx].func), "UNKNOWN"); + /* * Frames with symbols but w/o debug info - * #33 0x7ffff59a3668 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9668) + * #0 0x7ffff59a3668 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9668) */ if (sscanf(pLineLC, "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "s%*[^(](%" HF_XSTR( - HF_STR_LEN_MINUS_1) "s", + HF_STR_LEN_MINUS_1) "[^)]", &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName) == 3) { continue; } /* * Frames with symbols and with debug info - * #0 0x1e94738 in smb2_signing_decrypt_pdu - * /home/test/libcli/smb/smb2_signing.c:617:3 + * #0 0x1e94738 in smb2_signing_decrypt_pdu /home/test/signing.c:617:3 */ if (sscanf(pLineLC, "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "[^ ] %" HF_XSTR( HF_STR_LEN_MINUS_1) "[^:\n]:%zu", - &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName, + &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].file, &funcs[frameIdx].line) == 4) { continue; } /* * Frames w/o symbols - * #2 0x565584f4 (/mnt/z/test+0x34f4) + * #0 0x565584f4 (/mnt/z/test+0x34f4) */ if (sscanf(pLineLC, "#%*u 0x%p%*[^(](%" HF_XSTR(HF_STR_LEN_MINUS_1) "[^)\n]", &funcs[frameIdx].pc, funcs[frameIdx].mapName) == 2) { continue; } + /* + * Frames w/o symbols, but with debug info + * #0 0x7ffff57cf08f * /build/glibc-bBRi4l/.../erms.S:199 + */ + if (sscanf(pLineLC, "#%*u 0x%p %" HF_XSTR(HF_STR_LEN_MINUS_1) "[^:]:%zu", + &funcs[frameIdx].pc, funcs[frameIdx].file, &funcs[frameIdx].line) == 3) { + continue; + } } } diff --git a/sanitizers.h b/sanitizers.h index f98551f8..7d26297a 100644 --- a/sanitizers.h +++ b/sanitizers.h @@ -45,6 +45,11 @@ typedef struct { */ char mapName[HF_STR_LEN]; + /* + * Original source file + */ + char file[HF_STR_LEN]; + /* * If libunwind + bfd symbolizer, line is actual symbol file line * If libunwind + custom (e.g. Android), line is offset from function symbol -- cgit v1.2.3 From 602602416b3d0914dc52523950bb06f7dc5c14ab Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 02:00:02 +0100 Subject: honggfuzz: increase size of a report --- honggfuzz.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/honggfuzz.h b/honggfuzz.h index c508945b..ff7046bf 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -62,7 +62,7 @@ #define _HF_VERIFIER_ITER 5 /* Size (in bytes) for report data to be stored in stack before written to file */ -#define _HF_REPORT_SIZE 8192 +#define _HF_REPORT_SIZE 32768 /* Perf bitmap size */ #define _HF_PERF_BITMAP_SIZE_16M (1024U * 1024U * 16U) -- cgit v1.2.3 From 1a86ee8c27ee696a03abbff2acacc1281ec444eb Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 07:37:24 +0100 Subject: sanitizers: simplify asan report parsing (no need for READ/WRITE parsing any more) --- linux/trace.c | 6 ++---- sanitizers.c | 48 +++--------------------------------------------- sanitizers.h | 2 +- 3 files changed, 6 insertions(+), 50 deletions(-) diff --git a/linux/trace.c b/linux/trace.c index 44ceec43..8476585d 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -555,9 +555,8 @@ static void arch_traceAnalyzeData(run_t* run, pid_t pid) { }; uint64_t pc = 0, crashAddr = 0; - const char* op = "UNKNOWN"; char description[HF_STR_LEN] = {}; - size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, &op, description); + size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, description); if (funcCnt <= 0) { funcCnt = arch_unwindStack(pid, funcs); @@ -627,9 +626,8 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { }; uint64_t crashAddr = 0; - const char* op = "UNKNOWN"; char description[HF_STR_LEN] = {}; - size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, &op, description); + size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, description); if (funcCnt <= 0) { funcCnt = arch_unwindStack(pid, funcs); diff --git a/sanitizers.c b/sanitizers.c index ea388617..6a36822a 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -17,39 +17,7 @@ #include "libhfcommon/util.h" /* - * All clang sanitizers, except ASan, can be activated for target binaries - * with or without the matching runtime library (libcompiler_rt). If runtime - * libraries are included in target fuzzing environment, we can benefit from the - * various Die() callbacks and abort/exit logic manipulation. However, some - * setups (e.g. Android production ARM/ARM64 devices) enable sanitizers, such as - * UBSan, without the runtime libraries. As such, their default ftrap is activated - * which is for most cases a SIGABRT. For these cases end-user needs to enable - * SIGABRT monitoring flag, otherwise these crashes will be missed. - * - * Normally SIGABRT is not a wanted signal to monitor for Android, since it produces - * lots of useless crashes due to way Android process termination hacks work. As - * a result the sanitizer's 'abort_on_error' flag cannot be utilized since it - * invokes abort() internally. In order to not lose crashes a custom exitcode can - * be registered and monitored. Since exitcode is a global flag, it's assumed - * that target is compiled with only one sanitizer type enabled at a time. - * - * For cases where clang runtime library linking is not an option, SIGABRT should - * be monitored even for noisy targets, such as the Android OS, since no viable - * alternative exists. - * - * There might be cases where ASan instrumented targets crash while generating - * reports for detected errors (inside __asan_report_error() proc). Under such - * scenarios target fails to exit or SIGABRT (AsanDie() proc) as defined in - * ASAN_OPTIONS flags, leaving garbage logs. An attempt is made to parse such - * logs for cases where enough data are written to identify potentially missed - * crashes. If ASan internal error results into a SIGSEGV being raised, it - * will get caught from ptrace API, handling the discovered ASan internal crash. - */ - -/* - * Common sanitizer flags - * - * symbolize: Disable symbolication since it changes logs (which are parsed) format + * Common sanitizer flags if --sanitizers is enabled */ #define kSAN_COMMON \ "symbolize=1:" \ @@ -132,7 +100,7 @@ bool sanitizers_Init(honggfuzz_t* hfuzz) { } size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* pc, - uint64_t* crashAddr, const char** op, char description[HF_STR_LEN]) { + uint64_t* crashAddr, char description[HF_STR_LEN]) { char crashReport[PATH_MAX]; const char* crashReportCpy = crashReport; snprintf( @@ -153,7 +121,7 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p bool headerFound = false; unsigned int frameIdx = 0; - char *lineptr = NULL, *cAddr = NULL; + char *lineptr = NULL; size_t n = 0; defer { free(lineptr); @@ -195,16 +163,6 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p break; } - /* If available parse the type of error (READ/WRITE) */ - if (cAddr && strstr(pLineLC, cAddr)) { - if (strncmp(pLineLC, "READ", 4) == 0) { - *op = "READ"; - } else if (strncmp(pLineLC, "WRITE", 5) == 0) { - *op = "WRITE"; - } - cAddr = NULL; - } - if (sscanf(pLineLC, "#%u", &frameIdx) != 1) { continue; } diff --git a/sanitizers.h b/sanitizers.h index 7d26297a..7925993c 100644 --- a/sanitizers.h +++ b/sanitizers.h @@ -60,7 +60,7 @@ typedef struct { extern bool sanitizers_Init(honggfuzz_t* hfuzz); extern size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* pc, - uint64_t* crashAddr, const char** op, char description[HF_STR_LEN]); + uint64_t* crashAddr, char description[HF_STR_LEN]); extern uint64_t sanitizers_hashCallstack( run_t* run, funcs_t* funcs, size_t funcCnt, bool enableMasking); -- cgit v1.2.3 From 8393e6bb12a761bce4899e66142f189f54125d17 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 07:41:30 +0100 Subject: cmdline: rename sanitizer_del_report -> sanitizers_del_report for consistency with --sanitizers --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index 6b90e208..86eee42d 100644 --- a/cmdline.c +++ b/cmdline.c @@ -454,7 +454,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "save_all", no_argument, NULL, 'u' }, "Save all test-cases (not only the unique ones) by appending the current time-stamp to the filenames" }, { { "tmout_sigvtalrm", no_argument, NULL, 'T' }, "Use SIGVTALRM to kill timeouting processes (default: use SIGKILL)" }, { { "sanitizers", no_argument, NULL, 'S' }, "** DEPRECATED ** Enable sanitizers settings (default: false)" }, - { { "sanitizer_del_report", required_argument, NULL, 0x10F }, "Delete sanitizer report after use (default: false)" }, + { { "sanitizers_del_report", required_argument, NULL, 0x10F }, "Delete sanitizer report after use (default: false)" }, { { "monitor_sigabrt", required_argument, NULL, 0x105 }, "** DEPRECATED ** SIGABRT is always monitored" }, { { "no_fb_timeout", required_argument, NULL, 0x106 }, "Skip feedback if the process has timeouted (default: false)" }, { { "exit_upon_crash", no_argument, NULL, 0x107 }, "Exit upon seeing the first crash (default: false)" }, -- cgit v1.2.3 From 63bf69261cd75c0a62cec75758179105451e2988 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 08:38:53 +0100 Subject: Makefile: also build libhfuzz for dynamic preloading --- Makefile | 8 ++++++-- sanitizers.c | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 1c7f2e80..b7dc9434 100644 --- a/Makefile +++ b/Makefile @@ -167,6 +167,7 @@ OBJS := $(SRCS:.c=.o) LHFUZZ_SRCS := $(sort $(wildcard libhfuzz/*.c)) LHFUZZ_OBJS := $(LHFUZZ_SRCS:.c=.o) LHFUZZ_ARCH := libhfuzz/libhfuzz.a +LHFUZZ_SHARED := libhfuzz/libhfuzz.so HFUZZ_INC ?= $(shell pwd) LCOMMON_SRCS := $(sort $(wildcard libhfcommon/*.c)) @@ -237,12 +238,12 @@ ANDROID_GARBAGE := obj libs CLEAN_TARGETS := core Makefile.bak \ $(OBJS) $(BIN) $(HFUZZ_CC_BIN) \ - $(LHFUZZ_ARCH) $(LHFUZZ_OBJS) \ + $(LHFUZZ_ARCH) $(LHFUZZ_SHARED) $(LHFUZZ_OBJS) \ $(LCOMMON_ARCH) $(LCOMMON_OBJS) \ $(LNETDRIVER_ARCH) $(LNETDRIVER_OBJS) \ $(MAC_GARGBAGE) $(ANDROID_GARBAGE) $(SUBDIR_GARBAGE) -all: $(BIN) $(HFUZZ_CC_BIN) $(LHFUZZ_ARCH) $(LCOMMON_ARCH) $(LNETDRIVER_ARCH) +all: $(BIN) $(HFUZZ_CC_BIN) $(LHFUZZ_ARCH) $(LHFUZZ_SHARED) $(LCOMMON_ARCH) $(LNETDRIVER_ARCH) %.o: %.c $(CC) -c $(CFLAGS) $(CFLAGS_BLOCKS) -o $@ $< @@ -276,6 +277,9 @@ $(LHFUZZ_OBJS): $(LHFUZZ_SRCS) $(LHFUZZ_ARCH): $(LHFUZZ_OBJS) $(AR) rcs $(LHFUZZ_ARCH) $(LHFUZZ_OBJS) +$(LHFUZZ_SHARED): $(LHFUZZ_OBJS) $(LCOMMON_OBJS) + $(LD) -shared $(LDFLAGS) $(LHFUZZ_OBJS) $(LCOMMON_OBJS) -o $@ + $(LNETDRIVER_OBJS): $(LNETDRIVER_SRCS) $(CC) -c $(CFLAGS) $(LIBS_CFLAGS) -o $@ $(@:.o=.c) diff --git a/sanitizers.c b/sanitizers.c index 6a36822a..96cdd5d2 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -121,7 +121,7 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p bool headerFound = false; unsigned int frameIdx = 0; - char *lineptr = NULL; + char* lineptr = NULL; size_t n = 0; defer { free(lineptr); -- cgit v1.2.3 From c5e281a7359f69f457859015d07b6c30a4dfa939 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 15:08:23 +0100 Subject: sanitizers: return 0 from sanitizers_parseReport if no frames were found --- sanitizers.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sanitizers.c b/sanitizers.c index 96cdd5d2..b44b71cd 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -119,6 +119,7 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p }; bool headerFound = false; + bool frameFound = false; unsigned int frameIdx = 0; char* lineptr = NULL; @@ -171,6 +172,7 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p break; } + frameFound = true; snprintf(funcs[frameIdx].func, sizeof(funcs[frameIdx].func), "UNKNOWN"); /* @@ -213,7 +215,7 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p } } - return (frameIdx + 1); + return (frameFound == false) ? 0 : (frameIdx + 1); } /* -- cgit v1.2.3 From 9eafcc6813970777423da79f94f3f3305744c5bf Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 15:53:39 +0100 Subject: report: move report generating to report.c --- Makefile | 6 +-- fuzz.c | 4 +- honggfuzz.h | 8 ++-- libhfcommon/util.c | 124 +++++++++++++++++++++++++++++++++++++++++++++++++++++ libhfcommon/util.h | 2 + linux/trace.c | 102 ++++++++++++++----------------------------- linux/unwind.c | 16 +++---- netbsd/trace.c | 16 +++---- posix/arch.c | 4 -- report.c | 39 ++++++++++++++++- report.h | 5 ++- sanitizers.c | 4 +- sanitizers.h | 2 +- 13 files changed, 224 insertions(+), 108 deletions(-) diff --git a/Makefile b/Makefile index b7dc9434..7ff94ed5 100644 --- a/Makefile +++ b/Makefile @@ -379,8 +379,8 @@ input.o: libhfcommon/files.h libhfcommon/common.h libhfcommon/log.h mangle.h input.o: subproc.h mangle.o: mangle.h honggfuzz.h libhfcommon/util.h input.h mangle.o: libhfcommon/common.h libhfcommon/log.h -report.o: report.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h -report.o: libhfcommon/log.h +report.o: report.h honggfuzz.h libhfcommon/util.h sanitizers.h +report.o: libhfcommon/common.h libhfcommon/log.h sanitizers.o: sanitizers.h honggfuzz.h libhfcommon/util.h cmdline.h sanitizers.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h sanitizers.o: libhfcommon/log.h @@ -435,7 +435,7 @@ linux/pt.o: libhfcommon/log.h linux/trace.o: linux/trace.h honggfuzz.h libhfcommon/util.h linux/trace.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h linux/trace.o: libhfcommon/log.h linux/bfd.h linux/unwind.h sanitizers.h -linux/trace.o: socketfuzzer.h subproc.h +linux/trace.o: report.h socketfuzzer.h subproc.h linux/unwind.o: linux/unwind.h sanitizers.h honggfuzz.h libhfcommon/util.h linux/unwind.o: libhfcommon/common.h libhfcommon/log.h mac/arch.o: arch.h honggfuzz.h libhfcommon/util.h fuzz.h libhfcommon/common.h diff --git a/fuzz.c b/fuzz.c index 94e38779..cd1ea9f5 100644 --- a/fuzz.c +++ b/fuzz.c @@ -416,7 +416,7 @@ static void fuzz_fuzzLoop(run_t* run) { if (run->global->cfg.useVerifier && !fuzz_runVerifier(run)) { return; } - report_Report(run); + report_saveReport(run); } static void fuzz_fuzzLoopSocket(run_t* run) { @@ -470,7 +470,7 @@ static void fuzz_fuzzLoopSocket(run_t* run) { return; } - report_Report(run); + report_saveReport(run); } static void* fuzz_threadNew(void* arg) { diff --git a/honggfuzz.h b/honggfuzz.h index ff7046bf..5d118fc1 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -120,10 +120,10 @@ typedef struct { /* Memory map struct */ typedef struct __attribute__((packed)) { - uint64_t start; // region start addr - uint64_t end; // region end addr - uint64_t base; // region base addr - char mapName[NAME_MAX]; // bin/DSO name + uint64_t start; // region start addr + uint64_t end; // region end addr + uint64_t base; // region base addr + char module[NAME_MAX]; // bin/DSO name uint64_t bbCnt; uint64_t newBBCnt; } memMap_t; diff --git a/libhfcommon/util.c b/libhfcommon/util.c index eadefaa7..c3f97509 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include #include @@ -661,3 +662,126 @@ uint64_t util_CRC64Rev(const uint8_t* buf, size_t len) { return res; } + +static const struct { + const int signo; + const char* const signame; +} sigNames[] = { +#if defined(SIGHUP) + {SIGHUP, "SIGHUP"}, +#endif +#if defined(SIGINT) + {SIGINT, "SIGINT"}, +#endif +#if defined(SIGQUIT) + {SIGQUIT, "SIGQUIT"}, +#endif +#if defined(SIGILL) + {SIGILL, "SIGILL"}, +#endif +#if defined(SIGTRAP) + {SIGTRAP, "SIGTRAP"}, +#endif +#if defined(SIGABRT) + {SIGABRT, "SIGABRT"}, +#endif +#if defined(SIGIOT) + {SIGIOT, "SIGIOT"}, +#endif +#if defined(SIGBUS) + {SIGBUS, "SIGBUS"}, +#endif +#if defined(SIGFPE) + {SIGFPE, "SIGFPE"}, +#endif +#if defined(SIGKILL) + {SIGKILL, "SIGKILL"}, +#endif +#if defined(SIGUSR1) + {SIGUSR1, "SIGUSR1"}, +#endif +#if defined(SIGSEGV) + {SIGSEGV, "SIGSEGV"}, +#endif +#if defined(SIGUSR2) + {SIGUSR2, "SIGUSR2"}, +#endif +#if defined(SIGPIPE) + {SIGPIPE, "SIGPIPE"}, +#endif +#if defined(SIGALRM) + {SIGALRM, "SIGALRM"}, +#endif +#if defined(SIGTERM) + {SIGTERM, "SIGTERM"}, +#endif +#if defined(SIGSTKFLT) + {SIGSTKFLT, "SIGSTKFLT"}, +#endif +#if defined(SIGCHLD) + {SIGCHLD, "SIGCHLD"}, +#endif +#if defined(SIGCONT) + {SIGCONT, "SIGCONT"}, +#endif +#if defined(SIGSTOP) + {SIGSTOP, "SIGSTOP"}, +#endif +#if defined(SIGTSTP) + {SIGTSTP, "SIGTSTP"}, +#endif +#if defined(SIGTTIN) + {SIGTTIN, "SIGTTIN"}, +#endif +#if defined(SIGTTOU) + {SIGTTOU, "SIGTTOU"}, +#endif +#if defined(SIGURG) + {SIGURG, "SIGURG"}, +#endif +#if defined(SIGXCPU) + {SIGXCPU, "SIGXCPU"}, +#endif +#if defined(SIGXFSZ) + {SIGXFSZ, "SIGXFSZ"}, +#endif +#if defined(SIGVTALRM) + {SIGVTALRM, "SIGVTALRM"}, +#endif +#if defined(SIGPROF) + {SIGPROF, "SIGPROF"}, +#endif +#if defined(SIGWINCH) + {SIGWINCH, "SIGWINCH"}, +#endif +#if defined(SIGIO) + {SIGIO, "SIGIO"}, +#endif +#if defined(SIGPOLL) + {SIGPOLL, "SIGPOLL"}, +#endif +#if defined(SIGLOST) + {SIGLOST, "SIGLOST"}, +#endif +#if defined(SIGPWR) + {SIGPWR, "SIGPWR"}, +#endif +#if defined(SIGSYS) + {SIGSYS, "SIGSYS"}, +#endif +}; + +const char* util_sigName(int signo) { + static __thread char signame[32]; + for (size_t i = 0; i < ARRAYSIZE(sigNames); i++) { + if (signo == sigNames[i].signo) { + return sigNames[i].signame; + } + } + if (signo >= SIGRTMIN && signo <= SIGRTMAX) { + snprintf(signame, sizeof(signame), "SIG%d-RTMIN+%d", signo, signo - __SIGRTMIN); + return signame; + } + snprintf(signame, sizeof(signame), "UNKNOWN-%d", signo); + return signame; +} diff --git a/libhfcommon/util.h b/libhfcommon/util.h index 3a2a4bc7..3295c56f 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -133,4 +133,6 @@ extern size_t util_decodeCString(char* s); extern uint64_t util_CRC64(const uint8_t* buf, size_t len); extern uint64_t util_CRC64Rev(const uint8_t* buf, size_t len); +extern const char* util_sigName(int signo); + #endif /* ifndef _HF_COMMON_UTIL_H_ */ diff --git a/linux/trace.c b/linux/trace.c index 8476585d..634e49b9 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -54,6 +54,7 @@ #include "libhfcommon/util.h" #include "linux/bfd.h" #include "linux/unwind.h" +#include "report.h" #include "sanitizers.h" #include "socketfuzzer.h" #include "subproc.h" @@ -512,64 +513,28 @@ static void arch_getInstrStr(pid_t pid, uint64_t pc, uint64_t status_reg HF_ATTR return; } -static void arch_traceGenerateReport(pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, - siginfo_t* si, const char* instr, const char description[HF_STR_LEN]) { - util_ssnprintf(run->report, sizeof(run->report), "CRASH:\n"); - util_ssnprintf(run->report, sizeof(run->report), "DESCRIPTION: %s\n", description); - util_ssnprintf(run->report, sizeof(run->report), "ORIG_FNAME: %s\n", run->origFileName); - util_ssnprintf(run->report, sizeof(run->report), "FUZZ_FNAME: %s\n", run->crashFileName); - util_ssnprintf(run->report, sizeof(run->report), "PID: %d\n", pid); - util_ssnprintf(run->report, sizeof(run->report), "SIGNAL: %s (%d)\n", - arch_sigName(si->si_signo), si->si_signo); - util_ssnprintf(run->report, sizeof(run->report), "FAULT ADDRESS: %p\n", - SI_FROMUSER(si) ? NULL : si->si_addr); - util_ssnprintf(run->report, sizeof(run->report), "INSTRUCTION: %s\n", instr); - util_ssnprintf( - run->report, sizeof(run->report), "STACK HASH: %016" PRIx64 "\n", run->backtrace); - util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); - for (size_t i = 0; i < funcCnt; i++) { - util_ssnprintf(run->report, sizeof(run->report), - " <" - "0x%016" PRIx64 "> ", - (uint64_t)funcs[i].pc); - util_ssnprintf(run->report, sizeof(run->report), "[%s():%zu module:%s file:%s]\n", - funcs[i].func, funcs[i].line, funcs[i].mapName, funcs[i].file); - } - -// libunwind is not working for 32bit targets in 64bit systems -#if defined(__aarch64__) - if (funcCnt == 0) { - util_ssnprintf(run->report, sizeof(run->report), - " !ERROR: If 32bit fuzz target" - " in aarch64 system, try ARM 32bit build\n"); - } -#endif - - return; -} - static void arch_traceAnalyzeData(run_t* run, pid_t pid) { funcs_t* funcs = util_Calloc(_HF_MAX_FUNCS * sizeof(funcs_t)); defer { free(funcs); }; - uint64_t pc = 0, crashAddr = 0; + uint64_t pc = 0; + uint64_t status_reg = 0; + size_t pcRegSz = arch_getPC(pid, &pc, &status_reg); + if (!pcRegSz) { + LOG_W("ptrace arch_getPC failed"); + return; + } + + uint64_t crashAddr = 0; char description[HF_STR_LEN] = {}; size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, description); - if (funcCnt <= 0) { funcCnt = arch_unwindStack(pid, funcs); #if !defined(__ANDROID__) arch_bfdResolveSyms(pid, funcs, funcCnt); #endif /* !defined(__ANDROID__) */ - - uint64_t status_reg = 0; - size_t pcRegSz = arch_getPC(pid, &pc, &status_reg); - if (!pcRegSz) { - LOG_W("ptrace arch_getPC failed"); - return; - } } /* @@ -601,21 +566,12 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { uint64_t pc = 0; uint64_t status_reg = 0; + uint64_t crashAddr = (uint64_t)si.si_addr; size_t pcRegSz = arch_getPC(pid, &pc, &status_reg); if (!pcRegSz) { LOG_W("ptrace arch_getPC failed"); return; } - arch_getInstrStr(pid, pc, status_reg, pcRegSz, instr); - - LOG_D("Pid: %d, signo: %d, errno: %d, code: %d, addr: %p, pc: %" PRIx64 ", instr: '%s'", pid, - si.si_signo, si.si_errno, si.si_code, si.si_addr, pc, instr); - - if (!SI_FROMUSER(&si) && pc && si.si_addr < run->global->linux.ignoreAddr) { - LOG_I("Input is interesting (%s), but the si.si_addr is %p (below %p), skipping", - arch_sigName(si.si_signo), si.si_addr, run->global->linux.ignoreAddr); - return; - } /* * Unwind and resolve symbols @@ -625,17 +581,27 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { free(funcs); }; - uint64_t crashAddr = 0; char description[HF_STR_LEN] = {}; size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, description); - - if (funcCnt <= 0) { + if (funcCnt == 0) { funcCnt = arch_unwindStack(pid, funcs); #if !defined(__ANDROID__) arch_bfdResolveSyms(pid, funcs, funcCnt); #endif /* !defined(__ANDROID__) */ } + arch_getInstrStr(pid, pc, status_reg, pcRegSz, instr); + + LOG_D("Pid: %d, signo: %d, errno: %d, code: %d, addr: %p, pc: %" PRIx64 ", crashAddr: %" PRIx64 + " instr: '%s'", + pid, si.si_signo, si.si_errno, si.si_code, si.si_addr, pc, crashAddr, instr); + + if (!SI_FROMUSER(&si) && pc && crashAddr < (uint64_t)run->global->linux.ignoreAddr) { + LOG_I("Input is interesting (%s), but the si.si_addr is %p (below %p), skipping", + arch_sigName(si.si_signo), si.si_addr, run->global->linux.ignoreAddr); + return; + } + /* * If unwinder failed (zero frames), use PC from ptrace GETREGS if not zero. * If PC reg zero, temporarily disable uniqueness flag since callstack @@ -725,15 +691,9 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* If non-blacklisted crash detected, zero set two MSB */ ATOMIC_POST_ADD(run->global->cfg.dynFileIterExpire, _HF_DYNFILE_SUB_MASK); - void* sig_addr = si.si_addr; if (!run->global->linux.disableRandomization) { pc = 0UL; - sig_addr = NULL; - } - - /* User-induced signals don't set si.si_addr */ - if (SI_FROMUSER(&si)) { - sig_addr = NULL; + crashAddr = 0UL; } /* If dry run mode, copy file with same name into workspace */ @@ -742,16 +702,16 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { run->origFileName); } else if (saveUnique) { snprintf(run->crashFileName, sizeof(run->crashFileName), - "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%d.ADDR.%p.INSTR.%s.%s", + "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%d.ADDR.%" PRIx64 ".INSTR.%s.%s", run->global->io.crashDir, arch_sigName(si.si_signo), pc, run->backtrace, si.si_code, - sig_addr, instr, run->global->io.fileExtn); + crashAddr, instr, run->global->io.fileExtn); } else { char localtmstr[HF_STR_LEN]; util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL)); snprintf(run->crashFileName, sizeof(run->crashFileName), - "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%d.ADDR.%p.INSTR.%s.%s.%d.%s", + "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%d.ADDR.%" PRIx64 ".INSTR.%s.%s.%d.%s", run->global->io.crashDir, arch_sigName(si.si_signo), pc, run->backtrace, si.si_code, - sig_addr, instr, localtmstr, pid, run->global->io.fileExtn); + crashAddr, instr, localtmstr, pid, run->global->io.fileExtn); } /* Target crashed (no duplicate detection yet) */ @@ -761,7 +721,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { if (files_exists(run->crashFileName)) { LOG_I("Crash (dup): '%s' already exists, skipping", run->crashFileName); - // Clear filename so that verifier can understand we hit a duplicate + /* Clear filename so that verifier can understand we hit a duplicate */ memset(run->crashFileName, 0, sizeof(run->crashFileName)); return; } @@ -783,7 +743,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* If unique crash found, reset dynFile counter */ ATOMIC_CLEAR(run->global->cfg.dynFileIterExpire); - arch_traceGenerateReport(pid, run, funcs, funcCnt, &si, instr, description); + report_appendReport(pid, run, funcs, funcCnt, pc, crashAddr, &si, instr, description); } #define __WEVENT(status) ((status & 0xFF0000) >> 16) diff --git a/linux/unwind.c b/linux/unwind.c index a71e8ff2..2c8f7dc4 100644 --- a/linux/unwind.c +++ b/linux/unwind.c @@ -154,7 +154,7 @@ size_t arch_unwindStack(pid_t pid, funcs_t* funcs) { for (num_frames = 0; unw_step(&c) > 0 && num_frames < _HF_MAX_FUNCS; num_frames++) { unw_word_t ip; - char* mapName = NULL; + char* module = NULL; ret = unw_get_reg(&c, UNW_REG_IP, &ip); if (ret < 0) { LOG_E("[pid='%d'] [%zd] failed to read IP (%s)", pid, num_frames, UNW_ER[-ret]); @@ -162,10 +162,10 @@ size_t arch_unwindStack(pid_t pid, funcs_t* funcs) { } else { funcs[num_frames].pc = (void*)(uintptr_t)ip; } - if (mapsCnt > 0 && (mapName = arch_searchMaps(ip, mapsCnt, mapsList)) != NULL) { - memcpy(funcs[num_frames].mapName, mapName, sizeof(funcs[num_frames].mapName)); + if (mapsCnt > 0 && (module = arch_searchMaps(ip, mapsCnt, mapsList)) != NULL) { + memcpy(funcs[num_frames].module, module, sizeof(funcs[num_frames].module)); } else { - strncpy(funcs[num_frames].mapName, "UNKNOWN", sizeof(funcs[num_frames].mapName)); + strncpy(funcs[num_frames].module, "UNKNOWN", sizeof(funcs[num_frames].module)); } } @@ -206,7 +206,7 @@ size_t arch_unwindStack(pid_t pid, funcs_t* funcs) { } do { - char* mapName = NULL; + char* module = NULL; unw_word_t pc = 0, offset = 0; char buf[_HF_FUNC_NAME_SZ] = {0}; @@ -239,10 +239,10 @@ size_t arch_unwindStack(pid_t pid, funcs_t* funcs) { funcs[num_frames].line = offset; funcs[num_frames].pc = (void*)pc; memcpy(funcs[num_frames].func, buf, sizeof(funcs[num_frames].func)); - if (mapsCnt > 0 && (mapName = arch_searchMaps(pc, mapsCnt, mapsList)) != NULL) { - memcpy(funcs[num_frames].mapName, mapName, sizeof(funcs[num_frames].mapName)); + if (mapsCnt > 0 && (module = arch_searchMaps(pc, mapsCnt, mapsList)) != NULL) { + memcpy(funcs[num_frames].module, module, sizeof(funcs[num_frames].module)); } else { - strncpy(funcs[num_frames].mapName, "UNKNOWN", sizeof(funcs[num_frames].mapName)); + strncpy(funcs[num_frames].module, "UNKNOWN", sizeof(funcs[num_frames].module)); } num_frames++; diff --git a/netbsd/trace.c b/netbsd/trace.c index acb38949..03921ee3 100644 --- a/netbsd/trace.c +++ b/netbsd/trace.c @@ -117,12 +117,6 @@ static struct { #define SI_FROMUSER(siptr) ((siptr)->si_code == SI_USER) #endif /* SI_FROMUSER */ -static __thread char arch_signame[32]; -static const char* arch_sigName(int signo) { - snprintf(arch_signame, sizeof(arch_signame), "SIG%s", signalname(signo)); - return arch_signame; -} - static size_t arch_getProcMem(pid_t pid, uint8_t* buf, size_t len, register_t pc) { struct ptrace_io_desc io; size_t bytes_read; @@ -242,7 +236,7 @@ static void arch_traceGenerateReport( util_ssnprintf(run->report, sizeof(run->report), "FUZZ_FNAME: %s\n", run->crashFileName); util_ssnprintf(run->report, sizeof(run->report), "PID: %d\n", pid); util_ssnprintf(run->report, sizeof(run->report), "SIGNAL: %s (%d)\n", - arch_sigName(si->si_signo), si->si_signo); + util_sigName(si->si_signo), si->si_signo); util_ssnprintf(run->report, sizeof(run->report), "FAULT ADDRESS: %p\n", SI_FROMUSER(si) ? NULL : si->si_addr); util_ssnprintf(run->report, sizeof(run->report), "INSTRUCTION: %s\n", instr); @@ -251,7 +245,7 @@ static void arch_traceGenerateReport( util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); for (size_t i = 0; i < funcCnt; i++) { util_ssnprintf(run->report, sizeof(run->report), " <%" PRIxREGISTER "> [%s():%zu at %s]\n", - (register_t)(long)funcs[i].pc, funcs[i].func, funcs[i].line, funcs[i].mapName); + (register_t)(long)funcs[i].pc, funcs[i].func, funcs[i].line, funcs[i].module); } return; @@ -323,7 +317,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { if (!SI_FROMUSER(&info.psi_siginfo) && pc && info.psi_siginfo.si_addr < run->global->netbsd.ignoreAddr) { LOG_I("Input is interesting (%s), but the si.si_addr is %p (below %p), skipping", - arch_sigName(info.psi_siginfo.si_signo), info.psi_siginfo.si_addr, + util_sigName(info.psi_siginfo.si_signo), info.psi_siginfo.si_addr, run->global->netbsd.ignoreAddr); return; } @@ -446,14 +440,14 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { } else if (saveUnique) { snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s.PC.%" PRIxREGISTER ".STACK.%" PRIx64 ".CODE.%d.ADDR.%p.INSTR.%s.%s", - run->global->io.crashDir, arch_sigName(info.psi_siginfo.si_signo), pc, run->backtrace, + run->global->io.crashDir, util_sigName(info.psi_siginfo.si_signo), pc, run->backtrace, info.psi_siginfo.si_code, sig_addr, instr, run->global->io.fileExtn); } else { char localtmstr[PATH_MAX]; util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL)); snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s.PC.%" PRIxREGISTER ".STACK.%" PRIx64 ".CODE.%d.ADDR.%p.INSTR.%s.%s.%d.%s", - run->global->io.crashDir, arch_sigName(info.psi_siginfo.si_signo), pc, run->backtrace, + run->global->io.crashDir, util_sigName(info.psi_siginfo.si_signo), pc, run->backtrace, info.psi_siginfo.si_code, sig_addr, instr, localtmstr, pid, run->global->io.fileExtn); } diff --git a/posix/arch.c b/posix/arch.c index f7ab0ede..d677f326 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -255,10 +255,6 @@ bool arch_archInit(honggfuzz_t* hfuzz HF_ATTR_UNUSED) { return true; } -void arch_sigFunc(int sig HF_ATTR_UNUSED) { - return; -} - bool arch_archThreadInit(run_t* fuzzer HF_ATTR_UNUSED) { return true; } diff --git a/report.c b/report.c index 21b83dfe..8d0f0185 100644 --- a/report.c +++ b/report.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -64,7 +65,7 @@ static void report_printTargetCmd(run_t* run) { dprintf(reportFD, "\n"); } -void report_Report(run_t* run) { +void report_saveReport(run_t* run) { if (run->report[0] == '\0') { return; } @@ -128,3 +129,39 @@ void report_Report(run_t* run) { "=====================================================================\n", run->report); } + +void report_appendReport(pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, uint64_t pc, + uint64_t crashAddr, siginfo_t* si, const char* instr, const char description[HF_STR_LEN]) { + util_ssnprintf(run->report, sizeof(run->report), "CRASH:\n"); + util_ssnprintf(run->report, sizeof(run->report), "DESCRIPTION: %s\n", description); + util_ssnprintf(run->report, sizeof(run->report), "ORIG_FNAME: %s\n", run->origFileName); + util_ssnprintf(run->report, sizeof(run->report), "FUZZ_FNAME: %s\n", run->crashFileName); + util_ssnprintf(run->report, sizeof(run->report), "PID: %d\n", pid); + util_ssnprintf(run->report, sizeof(run->report), "SIGNAL: %s (%d)\n", + util_sigName(si->si_signo), si->si_signo); + util_ssnprintf(run->report, sizeof(run->report), "PC: 0x%" PRIx64 "\n", pc); + util_ssnprintf(run->report, sizeof(run->report), "FAULT ADDRESS: 0x%" PRIx64 "\n", crashAddr); + util_ssnprintf(run->report, sizeof(run->report), "INSTRUCTION: %s\n", instr); + util_ssnprintf( + run->report, sizeof(run->report), "STACK HASH: %016" PRIx64 "\n", run->backtrace); + util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); + for (size_t i = 0; i < funcCnt; i++) { + util_ssnprintf(run->report, sizeof(run->report), + " <" + "0x%016" PRIx64 "> ", + (uint64_t)funcs[i].pc); + util_ssnprintf(run->report, sizeof(run->report), "[func:%s file:%s line:%zu module:%s]\n", + funcs[i].func, funcs[i].file, funcs[i].line, funcs[i].module); + } + +// libunwind is not working for 32bit targets in 64bit systems +#if defined(__aarch64__) + if (funcCnt == 0) { + util_ssnprintf(run->report, sizeof(run->report), + " !ERROR: If 32bit fuzz target" + " in aarch64 system, try ARM 32bit build\n"); + } +#endif + + return; +} diff --git a/report.h b/report.h index 9083ba98..062b87fa 100644 --- a/report.h +++ b/report.h @@ -25,7 +25,10 @@ #define _HF_REPORT_H_ #include "honggfuzz.h" +#include "sanitizers.h" -extern void report_Report(run_t* run); +extern void report_saveReport(run_t* run); +extern void report_appendReport(pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, uint64_t pc, + uint64_t crashAddr, siginfo_t* si, const char* instr, const char description[HF_STR_LEN]); #endif diff --git a/sanitizers.c b/sanitizers.c index b44b71cd..fc22f256 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -182,7 +182,7 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p if (sscanf(pLineLC, "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "s%*[^(](%" HF_XSTR( HF_STR_LEN_MINUS_1) "[^)]", - &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].mapName) == 3) { + &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].module) == 3) { continue; } /* @@ -201,7 +201,7 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p * #0 0x565584f4 (/mnt/z/test+0x34f4) */ if (sscanf(pLineLC, "#%*u 0x%p%*[^(](%" HF_XSTR(HF_STR_LEN_MINUS_1) "[^)\n]", - &funcs[frameIdx].pc, funcs[frameIdx].mapName) == 2) { + &funcs[frameIdx].pc, funcs[frameIdx].module) == 2) { continue; } /* diff --git a/sanitizers.h b/sanitizers.h index 7925993c..70b41222 100644 --- a/sanitizers.h +++ b/sanitizers.h @@ -43,7 +43,7 @@ typedef struct { * If libuwind proc maps is used to retrieve map name * If ASan custom parsing it's retrieved from generated report file */ - char mapName[HF_STR_LEN]; + char module[HF_STR_LEN]; /* * Original source file -- cgit v1.2.3 From ab0d86bb91cf5f6780a564f53f881236ed642e8d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 15:54:43 +0100 Subject: libhfcommon/util: use SIGRTMIN instead of __SIGRTMIN for posix --- libhfcommon/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index c3f97509..810a2025 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -779,7 +779,7 @@ const char* util_sigName(int signo) { } } if (signo >= SIGRTMIN && signo <= SIGRTMAX) { - snprintf(signame, sizeof(signame), "SIG%d-RTMIN+%d", signo, signo - __SIGRTMIN); + snprintf(signame, sizeof(signame), "SIG%d-RTMIN+%d", signo, signo - SIGRTMIN); return signame; } snprintf(signame, sizeof(signame), "UNKNOWN-%d", signo); -- cgit v1.2.3 From bf7e34c2c811051b1b81fae53afd71b0cc8da5f2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 16:00:05 +0100 Subject: Makefile: don't use arch name in COMMON_LDFLAGS --- Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 7ff94ed5..479169b0 100644 --- a/Makefile +++ b/Makefile @@ -27,7 +27,7 @@ BIN := honggfuzz HFUZZ_CC_BIN := hfuzz_cc/hfuzz-cc HFUZZ_CC_SRCS := hfuzz_cc/hfuzz-cc.c COMMON_CFLAGS := -std=c11 -I/usr/local/include -D_GNU_SOURCE -Wall -Wextra -Werror -Wno-format-truncation -Wno-override-init -I. -COMMON_LDFLAGS := -pthread libhfcommon/libhfcommon.a -lm +COMMON_LDFLAGS := -pthread -lm COMMON_SRCS := $(sort $(wildcard *.c)) CFLAGS ?= -O3 -mtune=native -funroll-loops LDFLAGS ?= @@ -260,10 +260,10 @@ mac/arch.o: mac/arch.c $(CC) -fPIC -shared $(CFLAGS) -o $@ $< $(BIN): $(OBJS) $(LCOMMON_ARCH) - $(LD) -o $(BIN) $(OBJS) $(LDFLAGS) + $(LD) -o $(BIN) $(OBJS) $(LCOMMON_ARCH) $(LDFLAGS) $(HFUZZ_CC_BIN): $(LCOMMON_ARCH) $(LHFUZZ_ARCH) $(LNETDRIVER_ARCH) $(HFUZZ_CC_SRCS) - $(LD) -o $@ $(HFUZZ_CC_SRCS) $(LDFLAGS) $(CFLAGS) $(CFLAGS_BLOCKS) -D_HFUZZ_INC_PATH=$(HFUZZ_INC) + $(LD) -o $@ $(HFUZZ_CC_SRCS) $(LCOMMON_ARCH) $(LDFLAGS) $(CFLAGS) $(CFLAGS_BLOCKS) -D_HFUZZ_INC_PATH=$(HFUZZ_INC) $(LCOMMON_OBJS): $(LCOMMON_SRCS) $(CC) -c $(CFLAGS) $(LIBS_CFLAGS) -o $@ $(@:.o=.c) -- cgit v1.2.3 From 59c20cc8d96b042e2e3241aee460c7e822246d96 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 16:15:13 +0100 Subject: posix: add san log parsing --- Makefile | 2 +- linux/trace.c | 30 +++-------------------- posix/arch.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++------------- 3 files changed, 64 insertions(+), 45 deletions(-) diff --git a/Makefile b/Makefile index 479169b0..984f2734 100644 --- a/Makefile +++ b/Makefile @@ -451,4 +451,4 @@ netbsd/unwind.o: netbsd/unwind.h sanitizers.h honggfuzz.h libhfcommon/util.h netbsd/unwind.o: libhfcommon/common.h libhfcommon/log.h posix/arch.o: arch.h honggfuzz.h libhfcommon/util.h fuzz.h posix/arch.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h -posix/arch.o: libhfcommon/log.h subproc.h +posix/arch.o: libhfcommon/log.h sanitizers.h subproc.h diff --git a/linux/trace.c b/linux/trace.c index 634e49b9..e1e5fb0d 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -267,30 +267,6 @@ static struct { #define SI_FROMUSER(siptr) ((siptr)->si_code <= 0) #endif /* SI_FROMUSER */ -extern const char* sys_sigabbrev[]; - -static __thread char arch_signame[32]; -static const char* arch_sigName(int signo) { - if (signo < 0 || signo > _NSIG) { - snprintf(arch_signame, sizeof(arch_signame), "UNKNOWN-%d", signo); - return arch_signame; - } - if (signo > __SIGRTMIN) { - snprintf(arch_signame, sizeof(arch_signame), "SIG%d-RTMIN+%d", signo, signo - __SIGRTMIN); - return arch_signame; - } -#ifdef __ANDROID__ - return arch_sigs[signo].descr; -#else - if (sys_sigabbrev[signo] == NULL) { - snprintf(arch_signame, sizeof(arch_signame), "SIG%d", signo); - } else { - snprintf(arch_signame, sizeof(arch_signame), "SIG%s", sys_sigabbrev[signo]); - } - return arch_signame; -#endif /* __ANDROID__ */ -} - static size_t arch_getProcMem(pid_t pid, uint8_t* buf, size_t len, uint64_t pc) { /* * Let's try process_vm_readv first @@ -598,7 +574,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { if (!SI_FROMUSER(&si) && pc && crashAddr < (uint64_t)run->global->linux.ignoreAddr) { LOG_I("Input is interesting (%s), but the si.si_addr is %p (below %p), skipping", - arch_sigName(si.si_signo), si.si_addr, run->global->linux.ignoreAddr); + util_sigName(si.si_signo), si.si_addr, run->global->linux.ignoreAddr); return; } @@ -703,14 +679,14 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { } else if (saveUnique) { snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%d.ADDR.%" PRIx64 ".INSTR.%s.%s", - run->global->io.crashDir, arch_sigName(si.si_signo), pc, run->backtrace, si.si_code, + run->global->io.crashDir, util_sigName(si.si_signo), pc, run->backtrace, si.si_code, crashAddr, instr, run->global->io.fileExtn); } else { char localtmstr[HF_STR_LEN]; util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL)); snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%d.ADDR.%" PRIx64 ".INSTR.%s.%s.%d.%s", - run->global->io.crashDir, arch_sigName(si.si_signo), pc, run->backtrace, si.si_code, + run->global->io.crashDir, util_sigName(si.si_signo), pc, run->backtrace, si.si_code, crashAddr, instr, localtmstr, pid, run->global->io.fileExtn); } diff --git a/posix/arch.c b/posix/arch.c index d677f326..2373ce0f 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -46,6 +46,7 @@ #include "libhfcommon/files.h" #include "libhfcommon/log.h" #include "libhfcommon/util.h" +#include "sanitizers.h" #include "subproc.h" struct { @@ -79,7 +80,7 @@ struct { * Returns true if a process exited (so, presumably, we can delete an input * file) */ -static void arch_analyzeSignal(run_t* run, int status) { +static void arch_analyzeSignal(run_t* run, pid_t pid, int status) { /* * Resumed by delivery of SIGCONT */ @@ -91,7 +92,7 @@ static void arch_analyzeSignal(run_t* run, int status) { * Boring, the process just exited */ if (WIFEXITED(status)) { - LOG_D("Process (pid %d) exited normally with status %d", run->pid, WEXITSTATUS(status)); + LOG_D("Process (pid %d) exited normally with status %d", pid, WEXITSTATUS(status)); return; } @@ -100,40 +101,82 @@ static void arch_analyzeSignal(run_t* run, int status) { */ if (!WIFSIGNALED(status)) { LOG_E("Process (pid %d) exited with the following status %d, please report that as a bug", - run->pid, status); + pid, status); return; } int termsig = WTERMSIG(status); - LOG_D("Process (pid %d) killed by signal %d '%s'", run->pid, termsig, strsignal(termsig)); + LOG_D("Process (pid %d) killed by signal %d '%s'", pid, termsig, strsignal(termsig)); if (!arch_sigs[termsig].important) { LOG_D("It's not that important signal, skipping"); return; } - char localtmstr[PATH_MAX]; - util_getLocalTime("%F.%H.%M.%S", localtmstr, sizeof(localtmstr), time(NULL)); + funcs_t* funcs = util_Calloc(_HF_MAX_FUNCS * sizeof(funcs_t)); + defer { + free(funcs); + }; + uint64_t pc = 0; + uint64_t crashAddr = 0; + char description[HF_STR_LEN] = {}; + size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, description); + /* + * If unwinder failed (zero frames), use PC from ptrace GETREGS if not zero. + * If PC reg zero return and callers should handle zero hash case. + */ + if (funcCnt <= 0) { + /* Manually update major frame PC & frames counter */ + funcs[0].pc = (void*)(uintptr_t)pc; + funcCnt = 1; + } - char newname[PATH_MAX]; + /* + * Calculate backtrace callstack hash signature + */ + run->backtrace = sanitizers_hashCallstack(run, funcs, funcCnt, false); + + /* + * If unique flag is set and single frame crash, disable uniqueness for this crash + * to always save (timestamp will be added to the filename) + */ + bool saveUnique = run->global->io.saveUnique; + if (saveUnique && (funcCnt == 1)) { + saveUnique = false; + } /* If dry run mode, copy file with same name into workspace */ if (run->global->mutate.mutationsPerRun == 0U && run->global->cfg.useVerifier) { - snprintf(newname, sizeof(newname), "%s", run->origFileName); + snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s", run->global->io.crashDir, + run->origFileName); + } else if (saveUnique) { + snprintf(run->crashFileName, sizeof(run->crashFileName), + "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".ADDR.%" PRIx64 ".%s", run->global->io.crashDir, + util_sigName(termsig), pc, run->backtrace, crashAddr, run->global->io.fileExtn); } else { - snprintf(newname, sizeof(newname), "%s/%s.PID.%d.TIME.%s.%s", run->global->io.crashDir, - arch_sigs[termsig].descr, run->pid, localtmstr, run->global->io.fileExtn); + char localtmstr[HF_STR_LEN]; + util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL)); + snprintf(run->crashFileName, sizeof(run->crashFileName), + "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".ADDR.%" PRIx64 ".%s.%d.%s", + run->global->io.crashDir, util_sigName(termsig), pc, run->backtrace, crashAddr, + localtmstr, pid, run->global->io.fileExtn); } - LOG_I("Ok, that's interesting, saving input '%s'", newname); + if (files_exists(run->crashFileName)) { + LOG_I("Crash (dup): '%s' already exists, skipping", run->crashFileName); + /* Clear filename so that verifier can understand we hit a duplicate */ + memset(run->crashFileName, 0, sizeof(run->crashFileName)); + return; + } + + LOG_I("Ok, that's interesting, saving input '%s'", run->crashFileName); - /* - * All crashes are marked as unique due to lack of information in POSIX arch - */ ATOMIC_POST_INC(run->global->cnts.crashesCnt); ATOMIC_POST_INC(run->global->cnts.uniqueCrashesCnt); + /* If unique crash found, reset dynFile counter */ + ATOMIC_CLEAR(run->global->cfg.dynFileIterExpire); - if (files_writeBufToFile( - newname, run->dynamicFile, run->dynamicFileSz, O_CREAT | O_EXCL | O_WRONLY) == false) { + if (files_writeBufToFile(run->crashFileName, run->dynamicFile, run->dynamicFileSz, + O_CREAT | O_EXCL | O_WRONLY) == false) { LOG_E("Couldn't save crash to '%s'", run->crashFileName); } } @@ -199,7 +242,7 @@ static bool arch_checkWait(run_t* run) { LOG_D("pid=%d returned with status: %s", pid, subproc_StatusToStr(status, statusStr, sizeof(statusStr))); - arch_analyzeSignal(run, status); + arch_analyzeSignal(run, pid, status); if (pid == run->pid && (WIFEXITED(status) || WIFSIGNALED(status))) { if (run->global->exe.persistent) { -- cgit v1.2.3 From 7bea63e9e04fb0d00ad06b287fd366d5385e832f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 16:19:19 +0100 Subject: */trace: don't fake frames if asan log parsing fails --- linux/trace.c | 23 +---------------------- posix/arch.c | 11 +---------- 2 files changed, 2 insertions(+), 32 deletions(-) diff --git a/linux/trace.c b/linux/trace.c index e1e5fb0d..746be4f1 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -513,16 +513,6 @@ static void arch_traceAnalyzeData(run_t* run, pid_t pid) { #endif /* !defined(__ANDROID__) */ } - /* - * If unwinder failed (zero frames), use PC from ptrace GETREGS if not zero. - * If PC reg zero return and callers should handle zero hash case. - */ - if (funcCnt <= 0) { - /* Manually update major frame PC & frames counter */ - funcs[0].pc = (void*)(uintptr_t)pc; - funcCnt = 1; - } - /* * Calculate backtrace callstack hash signature */ @@ -578,17 +568,6 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { return; } - /* - * If unwinder failed (zero frames), use PC from ptrace GETREGS if not zero. - * If PC reg zero, temporarily disable uniqueness flag since callstack - * hash will be also zero, thus not safe for unique decisions. - */ - if (funcCnt <= 0) { - /* Manually update major frame PC & frames counter */ - funcs[0].pc = (void*)(uintptr_t)pc; - funcCnt = 1; - } - /* * Temp local copy of previous backtrace value in case worker hit crashes into multiple * tids for same target master thread. Will be 0 for first crash against target. @@ -604,7 +583,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { * If unique flag is set and single frame crash, disable uniqueness for this crash * to always save (timestamp will be added to the filename) */ - if (saveUnique && (funcCnt == 1)) { + if (saveUnique && (funcCnt == 0)) { saveUnique = false; } diff --git a/posix/arch.c b/posix/arch.c index 2373ce0f..930af3b2 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -120,15 +120,6 @@ static void arch_analyzeSignal(run_t* run, pid_t pid, int status) { uint64_t crashAddr = 0; char description[HF_STR_LEN] = {}; size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, description); - /* - * If unwinder failed (zero frames), use PC from ptrace GETREGS if not zero. - * If PC reg zero return and callers should handle zero hash case. - */ - if (funcCnt <= 0) { - /* Manually update major frame PC & frames counter */ - funcs[0].pc = (void*)(uintptr_t)pc; - funcCnt = 1; - } /* * Calculate backtrace callstack hash signature @@ -140,7 +131,7 @@ static void arch_analyzeSignal(run_t* run, pid_t pid, int status) { * to always save (timestamp will be added to the filename) */ bool saveUnique = run->global->io.saveUnique; - if (saveUnique && (funcCnt == 1)) { + if (saveUnique && (funcCnt == 0)) { saveUnique = false; } -- cgit v1.2.3 From ae2b66ca0415a5dc0a085ac1adf995daa3efa3c7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 16:24:03 +0100 Subject: posix: generate report --- Makefile | 2 +- linux/trace.c | 2 +- posix/arch.c | 3 +++ report.c | 6 +++--- report.h | 2 +- 5 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 984f2734..562a77f6 100644 --- a/Makefile +++ b/Makefile @@ -451,4 +451,4 @@ netbsd/unwind.o: netbsd/unwind.h sanitizers.h honggfuzz.h libhfcommon/util.h netbsd/unwind.o: libhfcommon/common.h libhfcommon/log.h posix/arch.o: arch.h honggfuzz.h libhfcommon/util.h fuzz.h posix/arch.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h -posix/arch.o: libhfcommon/log.h sanitizers.h subproc.h +posix/arch.o: libhfcommon/log.h report.h sanitizers.h subproc.h diff --git a/linux/trace.c b/linux/trace.c index 746be4f1..ac9ead33 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -698,7 +698,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* If unique crash found, reset dynFile counter */ ATOMIC_CLEAR(run->global->cfg.dynFileIterExpire); - report_appendReport(pid, run, funcs, funcCnt, pc, crashAddr, &si, instr, description); + report_appendReport(pid, run, funcs, funcCnt, pc, si.si_signo, crashAddr, instr, description); } #define __WEVENT(status) ((status & 0xFF0000) >> 16) diff --git a/posix/arch.c b/posix/arch.c index 930af3b2..1e87b9bd 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -46,6 +46,7 @@ #include "libhfcommon/files.h" #include "libhfcommon/log.h" #include "libhfcommon/util.h" +#include "report.h" #include "sanitizers.h" #include "subproc.h" @@ -170,6 +171,8 @@ static void arch_analyzeSignal(run_t* run, pid_t pid, int status) { O_CREAT | O_EXCL | O_WRONLY) == false) { LOG_E("Couldn't save crash to '%s'", run->crashFileName); } + + report_appendReport(pid, run, funcs, funcCnt, pc, crashAddr, termsig, "", description); } pid_t arch_fork(run_t* fuzzer HF_ATTR_UNUSED) { diff --git a/report.c b/report.c index 8d0f0185..d624ec4b 100644 --- a/report.c +++ b/report.c @@ -131,14 +131,14 @@ void report_saveReport(run_t* run) { } void report_appendReport(pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, uint64_t pc, - uint64_t crashAddr, siginfo_t* si, const char* instr, const char description[HF_STR_LEN]) { + uint64_t crashAddr, int signo, const char* instr, const char description[HF_STR_LEN]) { util_ssnprintf(run->report, sizeof(run->report), "CRASH:\n"); util_ssnprintf(run->report, sizeof(run->report), "DESCRIPTION: %s\n", description); util_ssnprintf(run->report, sizeof(run->report), "ORIG_FNAME: %s\n", run->origFileName); util_ssnprintf(run->report, sizeof(run->report), "FUZZ_FNAME: %s\n", run->crashFileName); util_ssnprintf(run->report, sizeof(run->report), "PID: %d\n", pid); - util_ssnprintf(run->report, sizeof(run->report), "SIGNAL: %s (%d)\n", - util_sigName(si->si_signo), si->si_signo); + util_ssnprintf( + run->report, sizeof(run->report), "SIGNAL: %s (%d)\n", util_sigName(signo), signo); util_ssnprintf(run->report, sizeof(run->report), "PC: 0x%" PRIx64 "\n", pc); util_ssnprintf(run->report, sizeof(run->report), "FAULT ADDRESS: 0x%" PRIx64 "\n", crashAddr); util_ssnprintf(run->report, sizeof(run->report), "INSTRUCTION: %s\n", instr); diff --git a/report.h b/report.h index 062b87fa..22eaf4e4 100644 --- a/report.h +++ b/report.h @@ -29,6 +29,6 @@ extern void report_saveReport(run_t* run); extern void report_appendReport(pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, uint64_t pc, - uint64_t crashAddr, siginfo_t* si, const char* instr, const char description[HF_STR_LEN]); + uint64_t crashAddr, int signo, const char* instr, const char description[HF_STR_LEN]); #endif -- cgit v1.2.3 From 58874e1098277af16f9649f933d218d347dddd12 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 16:46:14 +0100 Subject: netbsd: generate report --- Makefile | 3 ++- netbsd/trace.c | 26 +++----------------------- 2 files changed, 5 insertions(+), 24 deletions(-) diff --git a/Makefile b/Makefile index 562a77f6..a4ca14cc 100644 --- a/Makefile +++ b/Makefile @@ -446,7 +446,8 @@ netbsd/arch.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h netbsd/arch.o: libhfcommon/log.h libhfcommon/ns.h netbsd/trace.h subproc.h netbsd/trace.o: netbsd/trace.h honggfuzz.h libhfcommon/util.h netbsd/trace.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h -netbsd/trace.o: libhfcommon/log.h netbsd/unwind.h sanitizers.h subproc.h +netbsd/trace.o: libhfcommon/log.h netbsd/unwind.h sanitizers.h report.h +netbsd/trace.o: subproc.h netbsd/unwind.o: netbsd/unwind.h sanitizers.h honggfuzz.h libhfcommon/util.h netbsd/unwind.o: libhfcommon/common.h libhfcommon/log.h posix/arch.o: arch.h honggfuzz.h libhfcommon/util.h fuzz.h diff --git a/netbsd/trace.c b/netbsd/trace.c index 03921ee3..b34374dd 100644 --- a/netbsd/trace.c +++ b/netbsd/trace.c @@ -56,6 +56,7 @@ #include "libhfcommon/log.h" #include "libhfcommon/util.h" #include "netbsd/unwind.h" +#include "report.h" #include "sanitizers.h" #include "subproc.h" @@ -229,28 +230,6 @@ static void arch_getInstrStr(pid_t pid, lwpid_t lwp, register_t* pc, char* instr return; } -static void arch_traceGenerateReport( - pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, siginfo_t* si, const char* instr) { - run->report[0] = '\0'; - util_ssnprintf(run->report, sizeof(run->report), "ORIG_FNAME: %s\n", run->origFileName); - util_ssnprintf(run->report, sizeof(run->report), "FUZZ_FNAME: %s\n", run->crashFileName); - util_ssnprintf(run->report, sizeof(run->report), "PID: %d\n", pid); - util_ssnprintf(run->report, sizeof(run->report), "SIGNAL: %s (%d)\n", - util_sigName(si->si_signo), si->si_signo); - util_ssnprintf(run->report, sizeof(run->report), "FAULT ADDRESS: %p\n", - SI_FROMUSER(si) ? NULL : si->si_addr); - util_ssnprintf(run->report, sizeof(run->report), "INSTRUCTION: %s\n", instr); - util_ssnprintf( - run->report, sizeof(run->report), "STACK HASH: %016" PRIx64 "\n", run->backtrace); - util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); - for (size_t i = 0; i < funcCnt; i++) { - util_ssnprintf(run->report, sizeof(run->report), " <%" PRIxREGISTER "> [%s():%zu at %s]\n", - (register_t)(long)funcs[i].pc, funcs[i].func, funcs[i].line, funcs[i].module); - } - - return; -} - static void arch_traceAnalyzeData(run_t* run, pid_t pid) { ptrace_siginfo_t info; register_t pc = 0, status_reg = 0; @@ -470,7 +449,8 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* If unique crash found, reset dynFile counter */ ATOMIC_CLEAR(run->global->cfg.dynFileIterExpire); - arch_traceGenerateReport(pid, run, funcs, funcCnt, &info.psi_siginfo, instr); + report_appendReport(pid, run, funcs, funcCnt, pc, (uint64_t)info.psi_siginfo.si_addr, + info.psi_siginfo.si_signo, instr, ""); } static void arch_traceEvent(run_t* run HF_ATTR_UNUSED, pid_t pid) { -- cgit v1.2.3 From c51cb50e6c8bac6070e70a5578cc1196baf4b2fc Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 16:52:22 +0100 Subject: libhfcommon/util: SIGRT(MIN|MAX) is not defined under openbsd --- libhfcommon/util.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index 810a2025..a86d6b25 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -769,6 +769,12 @@ static const struct { #if defined(SIGSYS) {SIGSYS, "SIGSYS"}, #endif +#if defined(SIGTHR) + {SIGTHR, "SIGTHR"}, +#endif +#if defined(SIGEMT) + {SIGEMT, "SIGEMT"}, +#endif }; const char* util_sigName(int signo) { @@ -778,10 +784,12 @@ const char* util_sigName(int signo) { return sigNames[i].signame; } } +#if defined(SIGRTMIN) && defined(SIGRTMAX) if (signo >= SIGRTMIN && signo <= SIGRTMAX) { snprintf(signame, sizeof(signame), "SIG%d-RTMIN+%d", signo, signo - SIGRTMIN); return signame; } +#endif /* defined(SIGRTMIN) && defined(SIGRTMAX) */ snprintf(signame, sizeof(signame), "UNKNOWN-%d", signo); return signame; } -- cgit v1.2.3 From aaa5b541e444c3972fb99c155713a535b1fbb0a6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 16:58:22 +0100 Subject: libhfcommon/util: add SIGINFO to the list of known signals --- libhfcommon/util.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index a86d6b25..79e1e30c 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -775,6 +775,9 @@ static const struct { #if defined(SIGEMT) {SIGEMT, "SIGEMT"}, #endif +#if defined(SIGINFO) + {SIGINFO, "SIGINFO"}, +#endif }; const char* util_sigName(int signo) { -- cgit v1.2.3 From 414a230da52d21f32d7b9ff427edfa65c1b1ab68 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 16:59:15 +0100 Subject: libhfcommon/util: add SIGLIBRT to the list of known signals --- libhfcommon/util.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index 79e1e30c..87939bbd 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -778,6 +778,9 @@ static const struct { #if defined(SIGINFO) {SIGINFO, "SIGINFO"}, #endif +#if defined(SIGLIBRT) + {SIGLIBRT, "SIGLIBRT"}, +#endif }; const char* util_sigName(int signo) { -- cgit v1.2.3 From 564b783a60fbc21b2452d74c5e2904b2a936a7bc Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 17:22:22 +0100 Subject: examples/bind: patch for bind-9.15.6 --- examples/bind/bind-9.15.6.patch | 402 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 402 insertions(+) create mode 100644 examples/bind/bind-9.15.6.patch diff --git a/examples/bind/bind-9.15.6.patch b/examples/bind/bind-9.15.6.patch new file mode 100644 index 00000000..0cffed4b --- /dev/null +++ b/examples/bind/bind-9.15.6.patch @@ -0,0 +1,402 @@ +diff -Nur ORIG.bind-9.15.4/bin/named/fuzz.c bind-9.15.4/bin/named/fuzz.c +--- ORIG.bind-9.15.4/bin/named/fuzz.c 2019-09-09 16:52:45.000000000 +0200 ++++ bind-9.15.4/bin/named/fuzz.c 2019-10-09 14:52:41.025018879 +0200 +@@ -736,7 +736,7 @@ + */ + void + named_fuzz_notify(void) { +-#ifdef ENABLE_AFL ++#if 0 + if (getenv("AFL_CMIN")) { + named_server_flushonshutdown(named_g_server, false); + isc_app_shutdown(); +diff -Nur ORIG.bind-9.15.4/bin/named/main.c bind-9.15.4/bin/named/main.c +--- ORIG.bind-9.15.4/bin/named/main.c 2019-09-09 16:52:45.000000000 +0200 ++++ bind-9.15.4/bin/named/main.c 2019-10-09 14:52:21.993025966 +0200 +@@ -1385,11 +1385,285 @@ + } + #endif /* HAVE_LIBSCF */ + ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static void enter_namespaces(void) ++{ ++ if (linuxEnterNs(CLONE_NEWUSER | CLONE_NEWNET | CLONE_NEWNS | CLONE_NEWIPC) == false) { ++ exit(1); ++ } ++ if (linuxIfaceUp("lo") == false) { ++ exit(1); ++ } ++ if (linuxMountTmpfs("/tmp", "size=10000000") == false) { ++ exit(1); ++ } ++} ++ ++static size_t rlen = 0; ++static const uint8_t* rbuf = NULL; ++ ++__attribute__((no_sanitize("memory"))) ++__attribute__((no_sanitize("address"))) static void* ++bind_thr(void* unused __attribute__((unused))) ++{ ++ while (!named_g_run_done) { ++ usleep(300000); ++ } ++ ++ int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); ++ if (myfd == -1) { ++ perror("socket"); ++ exit(1); ++ } ++ int val = 1; ++ if (setsockopt(myfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) { ++ perror("setsockopt(SO_REUSEADDR)"); ++ } ++ ++ const struct sockaddr_in saddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(5353), ++ .sin_addr.s_addr = inet_addr("127.0.0.2"), ++ }; ++ if (bind(myfd, &saddr, sizeof(saddr)) == -1) { ++ perror("bind"); ++ exit(1); ++ } ++ ++ if (listen(myfd, SOMAXCONN) == -1) { ++ perror("listen"); ++ exit(1); ++ } ++ ++ for (;;) { ++ struct sockaddr_in cli; ++ socklen_t cli_len = sizeof(cli); ++ ++ int nfd = accept(myfd, &cli, &cli_len); ++ if (nfd == -1) { ++ perror("accept"); ++ exit(1); ++ } ++ ++ static char b[1024 * 1024]; ++ ssize_t sz = recv(nfd, b, sizeof(b), 0); ++ if (sz <= 0) { ++ perror("recv"); ++ _exit(1); ++ } ++ if (sz < 4) { ++ close(nfd); ++ continue; ++ } ++ if (rlen < 1) { ++ close(nfd); ++ continue; ++ } ++ ++ /* It's a response, so set QR bit to 1 */ ++ uint8_t qr = rbuf[0] | 0x80; ++ ++ uint16_t t_l = htons(rlen + 2); ++ const struct iovec iov[] = { ++ { ++ .iov_base = &t_l, ++ .iov_len = sizeof(t_l), ++ }, ++ { ++ .iov_base = &b[2], ++ .iov_len = 2, ++ }, ++ { ++ .iov_base = &qr, ++ .iov_len = 1, ++ }, ++ { ++ .iov_base = (void*)&rbuf[1], ++ .iov_len = rlen - 1, ++ }, ++ }; ++ ++ if (writev(nfd, iov, 4) == -1) { ++ perror("writev() failed"); ++ } ++ ++ close(nfd); ++ } ++ ++ return NULL; ++} ++ ++static void rndloop(int sock) ++{ ++ const struct sockaddr_in bsaddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(0), ++ .sin_addr.s_addr = htonl((((uint32_t)util_rnd64()) & 0x00FFFFFF) | 0x7F000000), ++ }; ++ if (bind(sock, (const struct sockaddr*)&bsaddr, sizeof(bsaddr)) == -1) { ++ perror("bind"); ++ } ++} ++ ++__attribute__((no_sanitize("memory"))) ++__attribute__((no_sanitize("address"))) static void* ++connect_thr(void* unused __attribute__((unused))) ++{ ++ while (!named_g_run_done) { ++ usleep(300000); ++ } ++ ++ for (;;) { ++ int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); ++ if (myfd == -1) { ++ perror("socket"); ++ exit(1); ++ } ++ int val = 1; ++ if (setsockopt(myfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) { ++ perror("setsockopt(SO_REUSEADDR)"); ++ } ++ ++ rndloop(myfd); ++ ++ const struct sockaddr_in saddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(53), ++ .sin_addr.s_addr = htonl(INADDR_LOOPBACK), ++ }; ++ if (connect(myfd, &saddr, sizeof(saddr)) == -1) { ++ close(myfd); ++ continue; ++ } ++ ++ const uint8_t* buf; ++ size_t len; ++ ++ if (named_g_fuzz_type == isc_fuzz_client) { ++ HF_ITER(&buf, &len); ++ ++ rlen = 0; ++ rbuf = NULL; ++ ++ if (len < 32) { ++ close(myfd); ++ continue; ++ } ++ ++ uint32_t tmplen = *((const uint32_t*)buf); ++ ++ buf = &buf[sizeof(uint32_t)]; ++ len -= sizeof(uint32_t); ++ ++ tmplen %= len; ++ ++ rbuf = &buf[tmplen]; ++ rlen = len - tmplen; ++ len = tmplen; ++ } else { ++ static const uint8_t qbuf[] = { ++ 0x88, 0x0c, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x01, 0x0a, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, ++ 0x61, 0x61, 0x61, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, ++ 0x65, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x29, 0x10, ++ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00 ++ }; ++ buf = qbuf; ++ len = sizeof(qbuf); ++ HF_ITER(&rbuf, &rlen); ++ } ++ ++ uint16_t t_l = htons(len); ++ const struct iovec iov[] = { ++ { ++ .iov_base = &t_l, ++ .iov_len = sizeof(t_l), ++ }, ++ { ++ .iov_base = (void*)buf, ++ .iov_len = len, ++ }, ++ }; ++ ++ if (writev(myfd, iov, 2) == -1) { ++ perror("write"); ++ close(myfd); ++ continue; ++ } ++ ++ if (shutdown(myfd, SHUT_WR) == -1) { ++ if (errno == ENOTCONN) { ++ close(myfd); ++ continue; ++ } ++ perror("shutdown"); ++ _exit(1); ++ } ++ ++ uint8_t b[1024 * 512]; ++ while (recv(myfd, b, sizeof(b), 0) > 0) ++ ; ++ close(myfd); ++ } ++} ++ ++static void launch_thr(void) ++{ ++ pthread_attr_t attr; ++ pthread_attr_init(&attr); ++ pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); ++ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); ++ ++ pthread_t t; ++ if (pthread_create(&t, &attr, bind_thr, NULL) < 0) { ++ perror("pthread_create(bind_thr)"); ++ exit(1); ++ } ++ ++ pthread_attr_init(&attr); ++ pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); ++ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); ++ if (pthread_create(&t, &attr, connect_thr, NULL) < 0) { ++ perror("pthread_create(connect_thr)"); ++ exit(1); ++ } ++} ++ + /* main entry point, possibly hooked */ + +-int +-main(int argc, char *argv[]) { +- isc_result_t result; ++int main(int argc, char* argv[]) ++{ ++ if (!getenv("NO_FUZZ")) { ++ named_g_fuzz_addr = "127.0.0.1:53"; ++ named_g_fuzz_type = isc_fuzz_client; ++ enter_namespaces(); ++ launch_thr(); ++ } ++ ++ isc_result_t result; + #ifdef HAVE_LIBSCF + char *instance = NULL; + #endif +diff -Nur ORIG.bind-9.15.4/compile.sh bind-9.15.4/compile.sh +--- ORIG.bind-9.15.4/compile.sh 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.15.4/compile.sh 2019-10-09 14:52:21.993025966 +0200 +@@ -0,0 +1,20 @@ ++#!/bin/sh ++ ++set -ex ++ ++export CC="$HOME"/src/honggfuzz/hfuzz_cc/hfuzz-clang ++export CXX="$HOME"/src/honggfuzz/hfuzz_cc/hfuzz-clang++ ++export CFLAGS="-fsanitize=address -Wno-shift-negative-value -Wno-logical-not-parentheses -g -ggdb -O0 -D__AFL_COMPILER" ++./configure \ ++ --prefix="$HOME"/fuzz/bind/dist/ \ ++ --without-gssapi \ ++ --disable-chroot \ ++ --disable-linux-caps \ ++ --without-libtool \ ++ --enable-epoll \ ++ --enable-fuzzing=afl \ ++ --disable-backtrace \ ++ --with-openssl=yes ++ ++make clean ++make -j$(nproc) +diff -Nur ORIG.bind-9.15.4/lib/dns/request.c bind-9.15.4/lib/dns/request.c +--- ORIG.bind-9.15.4/lib/dns/request.c 2019-09-09 16:52:45.000000000 +0200 ++++ bind-9.15.4/lib/dns/request.c 2019-10-09 14:52:21.997025964 +0200 +@@ -747,7 +747,7 @@ + goto cleanup; + } + +- if ((options & DNS_REQUESTOPT_TCP) != 0 || r.length > 512) ++ if ((options & DNS_REQUESTOPT_TCP) != 0 || r.length >= 0) + tcp = true; + share = (options & DNS_REQUESTOPT_SHARE); + +@@ -1033,6 +1033,8 @@ + dns_compress_t cctx; + bool cleanup_cctx = false; + ++ options |= DNS_REQUESTOPT_TCP; ++ + REQUIRE(bufferp != NULL && *bufferp == NULL); + + req_log(ISC_LOG_DEBUG(3), "request_render"); +diff -Nur ORIG.bind-9.15.4/lib/dns/resolver.c bind-9.15.4/lib/dns/resolver.c +--- ORIG.bind-9.15.4/lib/dns/resolver.c 2019-09-09 16:52:45.000000000 +0200 ++++ bind-9.15.4/lib/dns/resolver.c 2019-10-09 14:52:22.001025962 +0200 +@@ -1946,7 +1946,7 @@ + + query = isc_mem_get(fctx->mctx, sizeof(*query)); + query->mctx = fctx->mctx; +- query->options = options; ++ query->options = options | DNS_FETCHOPT_TCP; + query->attributes = 0; + query->sends = 0; + query->connects = 0; +diff -Nur ORIG.bind-9.15.4/lib/isc/random.c bind-9.15.4/lib/isc/random.c +--- ORIG.bind-9.15.4/lib/isc/random.c 2019-09-09 16:52:45.000000000 +0200 ++++ bind-9.15.4/lib/isc/random.c 2019-10-09 14:52:22.001025962 +0200 +@@ -94,6 +94,7 @@ + isc_random8(void) { + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); ++ return 1; + return (next() & 0xff); + } + +@@ -101,6 +102,7 @@ + isc_random16(void) { + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); ++ return 1; + return (next() & 0xffff); + } + +@@ -108,6 +110,7 @@ + isc_random32(void) { + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); ++ return 1; + return (next()); + } + +@@ -122,6 +125,13 @@ + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); + ++ for (size_t z = 0; z < buflen; z++) { ++ char * b = (char*)buf; ++ b[z] = z + 1; ++ } ++ return; ++ ++ + for (i = 0; i + sizeof(r) <= buflen; i += sizeof(r)) { + r = next(); + memmove((uint8_t *)buf + i, &r, sizeof(r)); -- cgit v1.2.3 From 7d35b28aa2ab851044bf614f1c9c67386c529fd3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 17:22:51 +0100 Subject: examples/bind: use 5353 with 9.15.6 --- examples/bind/named.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/bind/named.conf b/examples/bind/named.conf index dbb6158d..2b60962f 100644 --- a/examples/bind/named.conf +++ b/examples/bind/named.conf @@ -62,7 +62,7 @@ options { forward only; forwarders { - 127.0.0.2 port 53; + 127.0.0.2 port 5353; }; rate-limit { -- cgit v1.2.3 From 5ad7a5ea148a3edbf42aeb14b82eacb657392404 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Dec 2019 23:48:35 +0100 Subject: linux: implement function demangling --- linux/bfd.c | 28 ++++++++++++++++++++++++++++ linux/bfd.h | 1 + linux/trace.c | 13 ++++++++++--- 3 files changed, 39 insertions(+), 3 deletions(-) diff --git a/linux/bfd.c b/linux/bfd.c index 5d8eeb1d..2644ba56 100644 --- a/linux/bfd.c +++ b/linux/bfd.c @@ -103,6 +103,34 @@ static void arch_bfdDestroy(bfd_t* bfdParams) { } } +void arch_bfdDemangle(pid_t pid, funcs_t* funcs, size_t funcCnt) { + /* Guess what? libbfd is not multi-threading safe */ + MX_SCOPED_LOCK(&arch_bfd_mutex); + + bfd_init(); + + __block bfd_t bfdParams = { + .bfdh = NULL, + .syms = NULL, + .dsyms = NULL, + }; + + if (arch_bfdInit(pid, &bfdParams) == false) { + return; + } + + for (size_t i = 0; i < funcCnt; i++) { + if (funcs[i].func && strncmp(funcs[i].func, "_Z", 2) == 0) { + const char* new_name = bfd_demangle(bfdParams.bfdh, funcs[i].func, 0); + if (new_name) { + snprintf(funcs[i].func, sizeof(funcs[i].func), "%s", new_name); + } + } + } + + arch_bfdDestroy(&bfdParams); +} + static struct bfd_section* arch_getSectionForPc(bfd* bfdh, uint64_t pc) { for (struct bfd_section* section = bfdh->sections; section; section = section->next) { uintptr_t vma = (uintptr_t)bfd_get_section_vma(bfdh, section); diff --git a/linux/bfd.h b/linux/bfd.h index 7425eff1..a9cde9e9 100644 --- a/linux/bfd.h +++ b/linux/bfd.h @@ -36,6 +36,7 @@ #define PACKAGE 1 #define PACKAGE_VERSION 1 +extern void arch_bfdDemangle(pid_t pid, funcs_t* funcs, size_t funcCnt); extern void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num); extern void arch_bfdDisasm(pid_t pid, uint8_t* mem, size_t size, char* instr); diff --git a/linux/trace.c b/linux/trace.c index ac9ead33..7ab71723 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -513,6 +513,10 @@ static void arch_traceAnalyzeData(run_t* run, pid_t pid) { #endif /* !defined(__ANDROID__) */ } +#if !defined(__ANDROID__) + arch_bfdDemangle(pid, funcs, funcCnt); +#endif /* !defined(__ANDROID__) */ + /* * Calculate backtrace callstack hash signature */ @@ -520,9 +524,6 @@ static void arch_traceAnalyzeData(run_t* run, pid_t pid) { } static void arch_traceSaveData(run_t* run, pid_t pid) { - /* Local copy since flag is overridden for some crashes */ - bool saveUnique = run->global->io.saveUnique; - char instr[_HF_INSTR_SZ] = "\x00"; siginfo_t si = {}; @@ -556,6 +557,9 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { #endif /* !defined(__ANDROID__) */ } +#if !defined(__ANDROID__) + arch_bfdDemangle(pid, funcs, funcCnt); +#endif /* !defined(__ANDROID__) */ arch_getInstrStr(pid, pc, status_reg, pcRegSz, instr); LOG_D("Pid: %d, signo: %d, errno: %d, code: %d, addr: %p, pc: %" PRIx64 ", crashAddr: %" PRIx64 @@ -574,6 +578,9 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { */ uint64_t oldBacktrace = run->backtrace; + /* Local copy since flag is overridden for some crashes */ + bool saveUnique = run->global->io.saveUnique; + /* * Calculate backtrace callstack hash signature */ -- cgit v1.2.3 From f983e01b9e06eaddc40799797a95f3dcd29ec2aa Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Dec 2019 00:02:32 +0100 Subject: linux/trace: swapped arguments to report_appendReport() --- linux/trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux/trace.c b/linux/trace.c index 7ab71723..76944e68 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -705,7 +705,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* If unique crash found, reset dynFile counter */ ATOMIC_CLEAR(run->global->cfg.dynFileIterExpire); - report_appendReport(pid, run, funcs, funcCnt, pc, si.si_signo, crashAddr, instr, description); + report_appendReport(pid, run, funcs, funcCnt, pc, crashAddr, si.si_signo, instr, description); } #define __WEVENT(status) ((status & 0xFF0000) >> 16) -- cgit v1.2.3 From 9ac9bb9f2096479661f9ecaf98ef1ab2535ed171 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Dec 2019 00:15:04 +0100 Subject: bfd_demangle returns allocated buf --- linux/bfd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/linux/bfd.c b/linux/bfd.c index 2644ba56..63956c38 100644 --- a/linux/bfd.c +++ b/linux/bfd.c @@ -121,9 +121,10 @@ void arch_bfdDemangle(pid_t pid, funcs_t* funcs, size_t funcCnt) { for (size_t i = 0; i < funcCnt; i++) { if (funcs[i].func && strncmp(funcs[i].func, "_Z", 2) == 0) { - const char* new_name = bfd_demangle(bfdParams.bfdh, funcs[i].func, 0); + char* new_name = bfd_demangle(bfdParams.bfdh, funcs[i].func, 0); if (new_name) { snprintf(funcs[i].func, sizeof(funcs[i].func), "%s", new_name); + free(new_name); } } } -- cgit v1.2.3 From 78ca2aacda35f9ef1f671d10622187632edec8b7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Dec 2019 00:17:00 +0100 Subject: linux/trace: remove incorrect check --- linux/bfd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux/bfd.c b/linux/bfd.c index 63956c38..19ad1547 100644 --- a/linux/bfd.c +++ b/linux/bfd.c @@ -120,7 +120,7 @@ void arch_bfdDemangle(pid_t pid, funcs_t* funcs, size_t funcCnt) { } for (size_t i = 0; i < funcCnt; i++) { - if (funcs[i].func && strncmp(funcs[i].func, "_Z", 2) == 0) { + if (strncmp(funcs[i].func, "_Z", 2) == 0) { char* new_name = bfd_demangle(bfdParams.bfdh, funcs[i].func, 0); if (new_name) { snprintf(funcs[i].func, sizeof(funcs[i].func), "%s", new_name); -- cgit v1.2.3 From 576906d567dceb04a8af63ed1f2b91ca2405b252 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Dec 2019 10:20:46 +0100 Subject: linux/bfd: use c++ demangler with liberty --- linux/bfd.c | 24 ++++++------------------ linux/bfd.h | 2 +- linux/trace.c | 4 ++-- 3 files changed, 9 insertions(+), 21 deletions(-) diff --git a/linux/bfd.c b/linux/bfd.c index 19ad1547..8dce6902 100644 --- a/linux/bfd.c +++ b/linux/bfd.c @@ -103,33 +103,21 @@ static void arch_bfdDestroy(bfd_t* bfdParams) { } } -void arch_bfdDemangle(pid_t pid, funcs_t* funcs, size_t funcCnt) { - /* Guess what? libbfd is not multi-threading safe */ - MX_SCOPED_LOCK(&arch_bfd_mutex); - - bfd_init(); - - __block bfd_t bfdParams = { - .bfdh = NULL, - .syms = NULL, - .dsyms = NULL, - }; - - if (arch_bfdInit(pid, &bfdParams) == false) { - return; +void arch_bfdDemangle(funcs_t* funcs, size_t funcCnt) { + /* From -liberty, should be depended on by (included with) libbfd */ + __attribute__((weak)) char * cplus_demangle (const char *mangled, int options); + if (!cplus_demangle) { + return; } - for (size_t i = 0; i < funcCnt; i++) { if (strncmp(funcs[i].func, "_Z", 2) == 0) { - char* new_name = bfd_demangle(bfdParams.bfdh, funcs[i].func, 0); + char* new_name = cplus_demangle(funcs[i].func, 0); if (new_name) { snprintf(funcs[i].func, sizeof(funcs[i].func), "%s", new_name); free(new_name); } } } - - arch_bfdDestroy(&bfdParams); } static struct bfd_section* arch_getSectionForPc(bfd* bfdh, uint64_t pc) { diff --git a/linux/bfd.h b/linux/bfd.h index a9cde9e9..3a607e69 100644 --- a/linux/bfd.h +++ b/linux/bfd.h @@ -36,7 +36,7 @@ #define PACKAGE 1 #define PACKAGE_VERSION 1 -extern void arch_bfdDemangle(pid_t pid, funcs_t* funcs, size_t funcCnt); +extern void arch_bfdDemangle(funcs_t* funcs, size_t funcCnt); extern void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num); extern void arch_bfdDisasm(pid_t pid, uint8_t* mem, size_t size, char* instr); diff --git a/linux/trace.c b/linux/trace.c index 76944e68..6b499319 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -514,7 +514,7 @@ static void arch_traceAnalyzeData(run_t* run, pid_t pid) { } #if !defined(__ANDROID__) - arch_bfdDemangle(pid, funcs, funcCnt); + arch_bfdDemangle(funcs, funcCnt); #endif /* !defined(__ANDROID__) */ /* @@ -558,7 +558,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { } #if !defined(__ANDROID__) - arch_bfdDemangle(pid, funcs, funcCnt); + arch_bfdDemangle(funcs, funcCnt); #endif /* !defined(__ANDROID__) */ arch_getInstrStr(pid, pc, status_reg, pcRegSz, instr); -- cgit v1.2.3 From 160695a709fe2535e73844c7eedb32f338317f74 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Dec 2019 10:29:00 +0100 Subject: linux/trace: don't use si.si_addr if it's SI_FROMUSER() --- linux/bfd.c | 8 ++++---- linux/trace.c | 10 +++++++--- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/linux/bfd.c b/linux/bfd.c index 8dce6902..5b07b8b0 100644 --- a/linux/bfd.c +++ b/linux/bfd.c @@ -104,10 +104,10 @@ static void arch_bfdDestroy(bfd_t* bfdParams) { } void arch_bfdDemangle(funcs_t* funcs, size_t funcCnt) { - /* From -liberty, should be depended on by (included with) libbfd */ - __attribute__((weak)) char * cplus_demangle (const char *mangled, int options); - if (!cplus_demangle) { - return; + /* From -liberty, should be depended on by (included with) libbfd */ + __attribute__((weak)) char* cplus_demangle(const char* mangled, int options); + if (!cplus_demangle) { + return; } for (size_t i = 0; i < funcCnt; i++) { if (strncmp(funcs[i].func, "_Z", 2) == 0) { diff --git a/linux/trace.c b/linux/trace.c index 6b499319..910aff97 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -531,9 +531,15 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { PLOG_W("Couldn't get siginfo for pid %d", pid); } + uint64_t crashAddr = (uint64_t)si.si_addr; + /* User-induced signals don't set si.si_addr */ + if (SI_FROMUSER(&si)) { + crashAddr = 0UL; + } + uint64_t pc = 0; uint64_t status_reg = 0; - uint64_t crashAddr = (uint64_t)si.si_addr; + /* If dry run mode, copy file with same name into workspace */ size_t pcRegSz = arch_getPC(pid, &pc, &status_reg); if (!pcRegSz) { LOG_W("ptrace arch_getPC failed"); @@ -657,8 +663,6 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { pc = 0UL; crashAddr = 0UL; } - - /* If dry run mode, copy file with same name into workspace */ if (run->global->mutate.mutationsPerRun == 0U && run->global->cfg.useVerifier) { snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s", run->global->io.crashDir, run->origFileName); -- cgit v1.2.3 From 05a11b93f4d3c54cf367cfe2ee95d60f05f289fb Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Dec 2019 10:32:13 +0100 Subject: linux/trace: comments --- linux/trace.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/linux/trace.c b/linux/trace.c index 910aff97..81209003 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -539,7 +539,6 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { uint64_t pc = 0; uint64_t status_reg = 0; - /* If dry run mode, copy file with same name into workspace */ size_t pcRegSz = arch_getPC(pid, &pc, &status_reg); if (!pcRegSz) { LOG_W("ptrace arch_getPC failed"); @@ -659,10 +658,13 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* If non-blacklisted crash detected, zero set two MSB */ ATOMIC_POST_ADD(run->global->cfg.dynFileIterExpire, _HF_DYNFILE_SUB_MASK); + /* Those addresses will be random, depend on stack-traces for uniqueness */ if (!run->global->linux.disableRandomization) { pc = 0UL; crashAddr = 0UL; } + + /* If dry run mode, copy file with same name into workspace */ if (run->global->mutate.mutationsPerRun == 0U && run->global->cfg.useVerifier) { snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s", run->global->io.crashDir, run->origFileName); -- cgit v1.2.3 From bbebcb73aa6b895f73ddd817084851e07743d1ce Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Dec 2019 10:35:10 +0100 Subject: linux/trace: check for func/file == NULL --- linux/bfd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/linux/bfd.c b/linux/bfd.c index 5b07b8b0..b387d405 100644 --- a/linux/bfd.c +++ b/linux/bfd.c @@ -164,14 +164,14 @@ void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num) { if (bfd_find_nearest_line( bfdParams.bfdh, section, bfdParams.syms, sec_offset, &file, &func, &line) == TRUE) { - snprintf(funcs[i].func, sizeof(funcs->func), "%s", func); - snprintf(funcs[i].file, sizeof(funcs->file), "%s", file); + snprintf(funcs[i].func, sizeof(funcs->func), "%s", func ? func : ""); + snprintf(funcs[i].file, sizeof(funcs->file), "%s", file ? file : ""); funcs[i].line = line; } if (bfd_find_nearest_line( bfdParams.bfdh, section, bfdParams.syms, sec_offset, &file, &func, &line) == TRUE) { - snprintf(funcs[i].func, sizeof(funcs->func), "%s", func); - snprintf(funcs[i].file, sizeof(funcs->file), "%s", file); + snprintf(funcs[i].func, sizeof(funcs->func), "%s", func ? func : ""); + snprintf(funcs[i].file, sizeof(funcs->file), "%s", file ? file : ""); funcs[i].line = line; } } -- cgit v1.2.3 From 7e8c3e5ad7642e9b9a15ea3a3d9b6f0c04b599d0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Dec 2019 10:48:41 +0100 Subject: cmdline: evaluate cwd, instead of using '.' --- cmdline.c | 11 +++++++---- honggfuzz.h | 2 +- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/cmdline.c b/cmdline.c index 86eee42d..28367ad6 100644 --- a/cmdline.c +++ b/cmdline.c @@ -226,8 +226,11 @@ static bool cmdlineVerify(honggfuzz_t* hfuzz) { return false; } - if (hfuzz->io.workDir == NULL) { - hfuzz->io.workDir = "."; + if (strlen(hfuzz->io.workDir) == 0) { + if (getcwd(hfuzz->io.workDir, sizeof(hfuzz->io.workDir)) == NULL) { + PLOG_W("getcwd() failed. Using '.'"); + snprintf(hfuzz->io.workDir, sizeof(hfuzz->io.workDir), "."); + } } if (mkdir(hfuzz->io.workDir, 0700) == -1 && errno != EEXIST) { PLOG_E("Couldn't create the workspace directory '%s'", hfuzz->io.workDir); @@ -276,7 +279,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .fileCntDone = false, .newUnitsAdded = 0, .fileExtn = "fuzz", - .workDir = NULL, + .workDir = {}, .crashDir = NULL, .covDirNew = NULL, .saveUnique = true, @@ -541,7 +544,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { hfuzz->io.fileExtn = optarg; break; case 'W': - hfuzz->io.workDir = optarg; + snprintf(hfuzz->io.workDir, sizeof(hfuzz->io.workDir), "%s", optarg); break; case 0x600: hfuzz->io.crashDir = optarg; diff --git a/honggfuzz.h b/honggfuzz.h index 5d118fc1..9e5ba8e9 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -194,7 +194,7 @@ typedef struct { const char* fileExtn; bool fileCntDone; size_t newUnitsAdded; - const char* workDir; + char workDir[PATH_MAX]; const char* crashDir; const char* covDirNew; bool saveUnique; -- cgit v1.2.3 From a18c2bd5eafa1226aaf00fdd2ac0abbb157933e6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Dec 2019 10:52:02 +0100 Subject: sanitizers: swapped pc and crashAddr in san parsing --- sanitizers.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sanitizers.c b/sanitizers.c index fc22f256..ff5946a5 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -146,8 +146,8 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p } headerFound = true; sscanf(lineptr, - "==%*d==ERROR: %*[^:]: %*[^ ] on address 0x%" PRIx64 " at pc 0x%" PRIx64, pc, - crashAddr); + "==%*d==ERROR: %*[^:]: %*[^ ] on address 0x%" PRIx64 " at pc 0x%" PRIx64, crashAddr, + pc); sscanf(lineptr, "==%*d==ERROR: %*[^:]: %*[^ ] on %*s address 0x%" PRIx64 " (pc 0x%" PRIx64, crashAddr, pc); -- cgit v1.2.3 From 65a9631c4dbcd8502f9a694e52ab7b8b23b868a3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Dec 2019 20:16:51 +0100 Subject: sanitizers: add demangled symbol parsing --- linux/trace.c | 6 +++++- sanitizers.c | 11 +++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/linux/trace.c b/linux/trace.c index 81209003..5a993630 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -658,11 +658,15 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* If non-blacklisted crash detected, zero set two MSB */ ATOMIC_POST_ADD(run->global->cfg.dynFileIterExpire, _HF_DYNFILE_SUB_MASK); - /* Those addresses will be random, depend on stack-traces for uniqueness */ + /* Those addresses will be random, so depend on stack-traces for uniqueness */ if (!run->global->linux.disableRandomization) { pc = 0UL; crashAddr = 0UL; } + /* crashAddr (si.si_addr) never makes sense for SIGABRT */ + if (si.si_signo == SIGABRT) { + crashAddr = 0UL; + } /* If dry run mode, copy file with same name into workspace */ if (run->global->mutate.mutationsPerRun == 0U && run->global->cfg.useVerifier) { diff --git a/sanitizers.c b/sanitizers.c index ff5946a5..8a709fa0 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -175,6 +175,17 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p frameFound = true; snprintf(funcs[frameIdx].func, sizeof(funcs[frameIdx].func), "UNKNOWN"); + /* + * Frames with demangled symbols but w/o debug info + * #0 0x59d74e in printf_common(void*, char const*, __va_list_tag*) + * (/home/smbd/smbd+0x59d74e) + */ + if (sscanf(pLineLC, "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "[^)]) (%[^)])", + &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].module) == 3) { + util_ssnprintf(funcs[frameIdx].func, sizeof(funcs[frameIdx].func), ")"); + continue; + } + /* * Frames with symbols but w/o debug info * #0 0x7ffff59a3668 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9668) -- cgit v1.2.3 From d8b8b695b0344275d5be0cffde52a25d768bea5c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Dec 2019 23:28:38 +0100 Subject: sanitizer: Support C++ symbols with debug info --- sanitizers.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/sanitizers.c b/sanitizers.c index 8a709fa0..cf00b456 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -175,6 +175,21 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p frameFound = true; snprintf(funcs[frameIdx].func, sizeof(funcs[frameIdx].func), "UNKNOWN"); + /* + * Frames with demangled symbols and with debug info + * A::A(std::vector, + * std::allocator >, std::allocator, std::allocator > > >) /home/fuzz/test/fork.cc:12:51 + */ + if (sscanf(pLineLC, + "#%*u 0x%p in %" HF_XSTR(_HF_FUNC_NAME_SZ_MINUS_1) "[^)]) %" HF_XSTR( + _HF_FUNC_NAME_SZ_MINUS_1) "[^:]:%zu", + &funcs[frameIdx].pc, funcs[frameIdx].func, funcs[frameIdx].file, + &funcs[frameIdx].line) == 4) { + util_ssnprintf(funcs[frameIdx].func, sizeof(funcs[frameIdx].func), ")"); + continue; + } + /* * Frames with demangled symbols but w/o debug info * #0 0x59d74e in printf_common(void*, char const*, __va_list_tag*) @@ -185,7 +200,6 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p util_ssnprintf(funcs[frameIdx].func, sizeof(funcs[frameIdx].func), ")"); continue; } - /* * Frames with symbols but w/o debug info * #0 0x7ffff59a3668 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x9668) @@ -217,7 +231,7 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p } /* * Frames w/o symbols, but with debug info - * #0 0x7ffff57cf08f * /build/glibc-bBRi4l/.../erms.S:199 + * #0 0x7ffff57cf08f /build/glibc-bBRi4l/.../erms.S:199 */ if (sscanf(pLineLC, "#%*u 0x%p %" HF_XSTR(HF_STR_LEN_MINUS_1) "[^:]:%zu", &funcs[frameIdx].pc, funcs[frameIdx].file, &funcs[frameIdx].line) == 3) { -- cgit v1.2.3 From 816b3f5699013855a5d3196b0a316867f3467152 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 7 Dec 2019 00:55:40 +0100 Subject: readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index cdded71d..65b9a2bf 100644 --- a/README.md +++ b/README.md @@ -93,6 +93,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [Heap buffer-overflow in __picoc__](https://gitlab.com/zsaleeba/picoc/issues/44) * Crashes in __OpenCOBOL__: [#1](https://sourceforge.net/p/open-cobol/bugs/586/), [#2](https://sourceforge.net/p/open-cobol/bugs/587/) * DoS in __ProFTPD__: [#1](https://twitter.com/SecReLabs/status/1186548245553483783), [#2](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18217) + * [Memory corruption in __htmldoc__](https://github.com/michaelrsweet/htmldoc/issues/370) * __Rust__: * panic() in regex [#1](https://github.com/rust-lang/regex/issues/464), [#2](https://github.com/rust-lang/regex/issues/465), [#3](https://github.com/rust-lang/regex/issues/465#issuecomment-381412816) * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) -- cgit v1.2.3 From d6473e701680a7d8409d295bf0631769c0e0f32f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 7 Dec 2019 00:56:37 +0100 Subject: readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 65b9a2bf..45abf493 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * Crashes in __OpenCOBOL__: [#1](https://sourceforge.net/p/open-cobol/bugs/586/), [#2](https://sourceforge.net/p/open-cobol/bugs/587/) * DoS in __ProFTPD__: [#1](https://twitter.com/SecReLabs/status/1186548245553483783), [#2](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18217) * [Memory corruption in __htmldoc__](https://github.com/michaelrsweet/htmldoc/issues/370) + * [Memory corruption in __OpenDetex__](https://github.com/pkubowicz/opendetex/issues/60) * __Rust__: * panic() in regex [#1](https://github.com/rust-lang/regex/issues/464), [#2](https://github.com/rust-lang/regex/issues/465), [#3](https://github.com/rust-lang/regex/issues/465#issuecomment-381412816) * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) -- cgit v1.2.3 From d1de86d03b2b4e332915ee1eda06e62c43daa9b6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 7 Dec 2019 16:31:40 +0100 Subject: Release version 2.0 --- CHANGELOG | 9 +++++++++ README.md | 2 +- display.c | 2 +- honggfuzz.h | 2 +- 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index dcd788ab..1b44b97c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,12 @@ +2019-12-07 - Version 2.0 + - Coverage-based corpus minimizer with '-M' + - QEmu mode: coverage feedback for Linux binaries + - *SAN sanitizer stack-parsing improved for Linux and for POSIX + - Move signal functionality to libhfcommon/ + - Fixed Android builds with newer unwind and capstone + - NetDriver: more functionality - e.g. specifying custom addresses and custom tmpfs mount points + - Examples: for /usr/bin/file, newer ISC Bind patch, improved OpenSSL code + 2019-05-22 - Version 1.9 - Don't include netdriver if not needed - Updated examples (bind/openssl) diff --git a/README.md b/README.md index 45abf493..1f2844d3 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte # Code - * Latest stable version: [1.9](https://github.com/google/honggfuzz/releases) + * Latest stable version: [2.0](https://github.com/google/honggfuzz/releases) * [Changelog](https://github.com/google/honggfuzz/blob/master/CHANGELOG) # Features diff --git a/display.c b/display.c index cc108e42..a02e6ee4 100644 --- a/display.c +++ b/display.c @@ -264,7 +264,7 @@ static void display_displayLocked(honggfuzz_t* hfuzz) { } display_put("\n---------------------------------- [ " ESC_BOLD "LOGS" ESC_RESET - " ] ----------------/ " ESC_BOLD "%s %s " ESC_RESET "/-", + " ] ------------------/ " ESC_BOLD "%s %s " ESC_RESET "/-", PROG_NAME, PROG_VERSION); display_put(ESC_SCROLL_REGION(13, ) ESC_NAV_HORIZ(1) ESC_NAV_DOWN(500)); } diff --git a/honggfuzz.h b/honggfuzz.h index 9e5ba8e9..c8f90594 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -38,7 +38,7 @@ #include "libhfcommon/util.h" #define PROG_NAME "honggfuzz" -#define PROG_VERSION "2.0rc" +#define PROG_VERSION "2.0" /* Name of the template which will be replaced with the proper name of the file */ #define _HF_FILE_PLACEHOLDER "___FILE___" -- cgit v1.2.3 From b99aa728fb21002a763e6be8c90c1c0a35225c0c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 7 Dec 2019 22:45:08 +0100 Subject: debug messages across the code --- report.c | 6 ++---- sanitizers.c | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/report.c b/report.c index d624ec4b..65af26d1 100644 --- a/report.c +++ b/report.c @@ -146,10 +146,8 @@ void report_appendReport(pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, run->report, sizeof(run->report), "STACK HASH: %016" PRIx64 "\n", run->backtrace); util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); for (size_t i = 0; i < funcCnt; i++) { - util_ssnprintf(run->report, sizeof(run->report), - " <" - "0x%016" PRIx64 "> ", - (uint64_t)funcs[i].pc); + util_ssnprintf( + run->report, sizeof(run->report), " <0x%016" PRIx64 "> ", (uint64_t)funcs[i].pc); util_ssnprintf(run->report, sizeof(run->report), "[func:%s file:%s line:%zu module:%s]\n", funcs[i].func, funcs[i].file, funcs[i].line, funcs[i].module); } diff --git a/sanitizers.c b/sanitizers.c index cf00b456..3ef16a8a 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -108,7 +108,7 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p FILE* fReport = fopen(crashReport, "rb"); if (fReport == NULL) { - PLOG_D("Couldn't open '%s' - R/O mode", crashReport); + PLOG_D("fopen('%s', 'rb')", crashReport); return 0; } defer { -- cgit v1.2.3 From 0a75e6e995160f8e4fc07ff5e8b743fbd54c6828 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 13 Dec 2019 15:53:54 +0100 Subject: Readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1f2844d3..6f173d2c 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * DoS in __ProFTPD__: [#1](https://twitter.com/SecReLabs/status/1186548245553483783), [#2](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18217) * [Memory corruption in __htmldoc__](https://github.com/michaelrsweet/htmldoc/issues/370) * [Memory corruption in __OpenDetex__](https://github.com/pkubowicz/opendetex/issues/60) + * [Memory corruption in __Yabasic__](https://github.com/marcIhm/yabasic/issues/36) * __Rust__: * panic() in regex [#1](https://github.com/rust-lang/regex/issues/464), [#2](https://github.com/rust-lang/regex/issues/465), [#3](https://github.com/rust-lang/regex/issues/465#issuecomment-381412816) * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) -- cgit v1.2.3 From 0a3ee89a4b75b6e73081e9be471ae77c8c96586d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 18 Dec 2019 16:09:18 +0100 Subject: Makefile: indent --- Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a4ca14cc..2e5c3ea1 100644 --- a/Makefile +++ b/Makefile @@ -292,7 +292,9 @@ clean: .PHONY: indent indent: - clang-format -style="{BasedOnStyle: Google, IndentWidth: 4, ColumnLimit: 100, AlignAfterOpenBracket: DontAlign, AllowShortFunctionsOnASingleLine: false, AlwaysBreakBeforeMultilineStrings: false}" -i -sort-includes *.c *.h */*.c */*.h + clang-format \ + -style="{BasedOnStyle: Google, IndentWidth: 4, ColumnLimit: 100, AlignAfterOpenBracket: DontAlign, AllowShortFunctionsOnASingleLine: false, AlwaysBreakBeforeMultilineStrings: false}" \ + -i -sort-includes *.c *.h */*.c */*.h .PHONY: depend depend: all -- cgit v1.2.3 From fc9701f1b4b86f7bc107c7d7eee4b4feb402b949 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 18 Dec 2019 23:35:40 +0100 Subject: readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6f173d2c..3be369ed 100644 --- a/README.md +++ b/README.md @@ -96,6 +96,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [Memory corruption in __htmldoc__](https://github.com/michaelrsweet/htmldoc/issues/370) * [Memory corruption in __OpenDetex__](https://github.com/pkubowicz/opendetex/issues/60) * [Memory corruption in __Yabasic__](https://github.com/marcIhm/yabasic/issues/36) + * [Memory corruption in __Xfig__](https://sourceforge.net/p/mcj/tickets/67/) * __Rust__: * panic() in regex [#1](https://github.com/rust-lang/regex/issues/464), [#2](https://github.com/rust-lang/regex/issues/465), [#3](https://github.com/rust-lang/regex/issues/465#issuecomment-381412816) * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) -- cgit v1.2.3 From 25bf48351536e6d4bcef86af53226fb02919b81e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 19 Dec 2019 19:51:43 +0100 Subject: examples/bind: +patch for 9.15.7 --- examples/bind/bind-9.15.7.patch | 425 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 425 insertions(+) create mode 100644 examples/bind/bind-9.15.7.patch diff --git a/examples/bind/bind-9.15.7.patch b/examples/bind/bind-9.15.7.patch new file mode 100644 index 00000000..8868ab79 --- /dev/null +++ b/examples/bind/bind-9.15.7.patch @@ -0,0 +1,425 @@ +diff -Nur ORIG.bind-9.15.7/bin/named/fuzz.c bind-9.15.7/bin/named/fuzz.c +--- ORIG.bind-9.15.7/bin/named/fuzz.c 2019-12-13 01:00:45.000000000 +0100 ++++ bind-9.15.7/bin/named/fuzz.c 2019-12-19 19:34:07.643059383 +0100 +@@ -737,7 +737,7 @@ + */ + void + named_fuzz_notify(void) { +-#ifdef ENABLE_AFL ++#if 0 + if (getenv("AFL_CMIN")) { + named_server_flushonshutdown(named_g_server, false); + isc_app_shutdown(); +@@ -757,7 +757,7 @@ + + void + named_fuzz_setup(void) { +-#ifdef ENABLE_AFL ++#if 0 + if (getenv("__AFL_PERSISTENT") || getenv("AFL_CMIN")) { + pthread_t thread; + void *(fn) = NULL; +diff -Nur ORIG.bind-9.15.7/bin/named/main.c bind-9.15.7/bin/named/main.c +--- ORIG.bind-9.15.7/bin/named/main.c 2019-12-13 01:00:45.000000000 +0100 ++++ bind-9.15.7/bin/named/main.c 2019-12-19 19:33:29.090385315 +0100 +@@ -1417,11 +1417,285 @@ + } + #endif /* HAVE_LIBSCF */ + ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++static void enter_namespaces(void) ++{ ++ if (linuxEnterNs(CLONE_NEWUSER | CLONE_NEWNET | CLONE_NEWNS | CLONE_NEWIPC) == false) { ++ exit(1); ++ } ++ if (linuxIfaceUp("lo") == false) { ++ exit(1); ++ } ++ if (linuxMountTmpfs("/tmp", "size=10000000") == false) { ++ exit(1); ++ } ++} ++ ++static size_t rlen = 0; ++static const uint8_t* rbuf = NULL; ++ ++__attribute__((no_sanitize("memory"))) ++__attribute__((no_sanitize("address"))) static void* ++bind_thr(void* unused __attribute__((unused))) ++{ ++ while (!named_g_run_done) { ++ usleep(300000); ++ } ++ ++ int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); ++ if (myfd == -1) { ++ perror("socket"); ++ exit(1); ++ } ++ int val = 1; ++ if (setsockopt(myfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) { ++ perror("setsockopt(SO_REUSEADDR)"); ++ } ++ ++ const struct sockaddr_in saddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(5353), ++ .sin_addr.s_addr = inet_addr("127.0.0.2"), ++ }; ++ if (bind(myfd, &saddr, sizeof(saddr)) == -1) { ++ perror("bind"); ++ exit(1); ++ } ++ ++ if (listen(myfd, SOMAXCONN) == -1) { ++ perror("listen"); ++ exit(1); ++ } ++ ++ for (;;) { ++ struct sockaddr_in cli; ++ socklen_t cli_len = sizeof(cli); ++ ++ int nfd = accept(myfd, &cli, &cli_len); ++ if (nfd == -1) { ++ perror("accept"); ++ exit(1); ++ } ++ ++ static char b[1024 * 1024]; ++ ssize_t sz = recv(nfd, b, sizeof(b), 0); ++ if (sz <= 0) { ++ perror("recv"); ++ _exit(1); ++ } ++ if (sz < 4) { ++ close(nfd); ++ continue; ++ } ++ if (rlen < 1) { ++ close(nfd); ++ continue; ++ } ++ ++ /* It's a response, so set QR bit to 1 */ ++ uint8_t qr = rbuf[0] | 0x80; ++ ++ uint16_t t_l = htons(rlen + 2); ++ const struct iovec iov[] = { ++ { ++ .iov_base = &t_l, ++ .iov_len = sizeof(t_l), ++ }, ++ { ++ .iov_base = &b[2], ++ .iov_len = 2, ++ }, ++ { ++ .iov_base = &qr, ++ .iov_len = 1, ++ }, ++ { ++ .iov_base = (void*)&rbuf[1], ++ .iov_len = rlen - 1, ++ }, ++ }; ++ ++ if (writev(nfd, iov, 4) == -1) { ++ perror("writev() failed"); ++ } ++ ++ close(nfd); ++ } ++ ++ return NULL; ++} ++ ++static void rndloop(int sock) ++{ ++ const struct sockaddr_in bsaddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(0), ++ .sin_addr.s_addr = htonl((((uint32_t)util_rnd64()) & 0x00FFFFFF) | 0x7F000000), ++ }; ++ if (bind(sock, (const struct sockaddr*)&bsaddr, sizeof(bsaddr)) == -1) { ++ perror("bind"); ++ } ++} ++ ++__attribute__((no_sanitize("memory"))) ++__attribute__((no_sanitize("address"))) static void* ++connect_thr(void* unused __attribute__((unused))) ++{ ++ while (!named_g_run_done) { ++ usleep(300000); ++ } ++ ++ for (;;) { ++ int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); ++ if (myfd == -1) { ++ perror("socket"); ++ exit(1); ++ } ++ int val = 1; ++ if (setsockopt(myfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) { ++ perror("setsockopt(SO_REUSEADDR)"); ++ } ++ ++ rndloop(myfd); ++ ++ const struct sockaddr_in saddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(53), ++ .sin_addr.s_addr = htonl(INADDR_LOOPBACK), ++ }; ++ if (connect(myfd, &saddr, sizeof(saddr)) == -1) { ++ close(myfd); ++ continue; ++ } ++ ++ const uint8_t* buf; ++ size_t len; ++ ++ if (named_g_fuzz_type == isc_fuzz_client) { ++ HF_ITER(&buf, &len); ++ ++ rlen = 0; ++ rbuf = NULL; ++ ++ if (len < 32) { ++ close(myfd); ++ continue; ++ } ++ ++ uint32_t tmplen = *((const uint32_t*)buf); ++ ++ buf = &buf[sizeof(uint32_t)]; ++ len -= sizeof(uint32_t); ++ ++ tmplen %= len; ++ ++ rbuf = &buf[tmplen]; ++ rlen = len - tmplen; ++ len = tmplen; ++ } else { ++ static const uint8_t qbuf[] = { ++ 0x88, 0x0c, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, ++ 0x00, 0x01, 0x0a, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, ++ 0x61, 0x61, 0x61, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, ++ 0x65, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x29, 0x10, ++ 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00 ++ }; ++ buf = qbuf; ++ len = sizeof(qbuf); ++ HF_ITER(&rbuf, &rlen); ++ } ++ ++ uint16_t t_l = htons(len); ++ const struct iovec iov[] = { ++ { ++ .iov_base = &t_l, ++ .iov_len = sizeof(t_l), ++ }, ++ { ++ .iov_base = (void*)buf, ++ .iov_len = len, ++ }, ++ }; ++ ++ if (writev(myfd, iov, 2) == -1) { ++ perror("write"); ++ close(myfd); ++ continue; ++ } ++ ++ if (shutdown(myfd, SHUT_WR) == -1) { ++ if (errno == ENOTCONN) { ++ close(myfd); ++ continue; ++ } ++ perror("shutdown"); ++ _exit(1); ++ } ++ ++ uint8_t b[1024 * 512]; ++ while (recv(myfd, b, sizeof(b), 0) > 0) ++ ; ++ close(myfd); ++ } ++} ++ ++static void launch_thr(void) ++{ ++ pthread_attr_t attr; ++ pthread_attr_init(&attr); ++ pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); ++ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); ++ ++ pthread_t t; ++ if (pthread_create(&t, &attr, bind_thr, NULL) < 0) { ++ perror("pthread_create(bind_thr)"); ++ exit(1); ++ } ++ ++ pthread_attr_init(&attr); ++ pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); ++ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); ++ if (pthread_create(&t, &attr, connect_thr, NULL) < 0) { ++ perror("pthread_create(connect_thr)"); ++ exit(1); ++ } ++} ++ + /* main entry point, possibly hooked */ + +-int +-main(int argc, char *argv[]) { +- isc_result_t result; ++int main(int argc, char* argv[]) ++{ ++ if (!getenv("NO_FUZZ")) { ++ named_g_fuzz_addr = "127.0.0.1:53"; ++ named_g_fuzz_type = isc_fuzz_client; ++ enter_namespaces(); ++ launch_thr(); ++ } ++ ++ isc_result_t result; + #ifdef HAVE_LIBSCF + char *instance = NULL; + #endif +diff -Nur ORIG.bind-9.15.7/compile.sh bind-9.15.7/compile.sh +--- ORIG.bind-9.15.7/compile.sh 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.15.7/compile.sh 2019-12-19 19:33:29.091385332 +0100 +@@ -0,0 +1,20 @@ ++#!/bin/sh ++ ++set -ex ++ ++export CC="$HOME"/src/honggfuzz/hfuzz_cc/hfuzz-clang ++export CXX="$HOME"/src/honggfuzz/hfuzz_cc/hfuzz-clang++ ++export CFLAGS="-fsanitize=address -Wno-shift-negative-value -Wno-logical-not-parentheses -g -ggdb -O0 -D__AFL_COMPILER" ++./configure \ ++ --prefix="$HOME"/fuzz/bind/dist/ \ ++ --without-gssapi \ ++ --disable-chroot \ ++ --disable-linux-caps \ ++ --without-libtool \ ++ --enable-epoll \ ++ --enable-fuzzing=afl \ ++ --disable-backtrace \ ++ --with-openssl=yes ++ ++make clean ++make -j$(nproc) +diff -Nur ORIG.bind-9.15.7/lib/dns/request.c bind-9.15.7/lib/dns/request.c +--- ORIG.bind-9.15.7/lib/dns/request.c 2019-12-13 01:00:45.000000000 +0100 ++++ bind-9.15.7/lib/dns/request.c 2019-12-19 19:33:29.091385332 +0100 +@@ -747,7 +747,7 @@ + goto cleanup; + } + +- if ((options & DNS_REQUESTOPT_TCP) != 0 || r.length > 512) ++ if ((options & DNS_REQUESTOPT_TCP) != 0 || r.length >= 0) + tcp = true; + share = (options & DNS_REQUESTOPT_SHARE); + +@@ -1033,6 +1033,8 @@ + dns_compress_t cctx; + bool cleanup_cctx = false; + ++ options |= DNS_REQUESTOPT_TCP; ++ + REQUIRE(bufferp != NULL && *bufferp == NULL); + + req_log(ISC_LOG_DEBUG(3), "request_render"); +diff -Nur ORIG.bind-9.15.7/lib/dns/resolver.c bind-9.15.7/lib/dns/resolver.c +--- ORIG.bind-9.15.7/lib/dns/resolver.c 2019-12-13 01:00:45.000000000 +0100 ++++ bind-9.15.7/lib/dns/resolver.c 2019-12-19 19:33:29.094385384 +0100 +@@ -1969,7 +1969,7 @@ + + query = isc_mem_get(fctx->mctx, sizeof(*query)); + query->mctx = fctx->mctx; +- query->options = options; ++ query->options = options | DNS_FETCHOPT_TCP; + query->attributes = 0; + query->sends = 0; + query->connects = 0; +diff -Nur ORIG.bind-9.15.7/lib/isc/netmgr/netmgr.c bind-9.15.7/lib/isc/netmgr/netmgr.c +--- ORIG.bind-9.15.7/lib/isc/netmgr/netmgr.c 2019-12-13 01:00:45.000000000 +0100 ++++ bind-9.15.7/lib/isc/netmgr/netmgr.c 2019-12-19 19:34:56.037905540 +0100 +@@ -861,8 +861,9 @@ + * different unit tests running at the same time, where the PRNG + * is initialized to a constant seed. + */ ++ static int cnt = 1; + snprintf(sock->ipc_pipe_name, sizeof(sock->ipc_pipe_name), +- NAMED_PIPE_PATTERN, getpid(), isc_random32()); ++ NAMED_PIPE_PATTERN, getpid(), cnt++); + sock->ipc_pipe_name[sizeof(sock->ipc_pipe_name) - 1] = '\0'; + + isc_mutex_init(&sock->lock); +diff -Nur ORIG.bind-9.15.7/lib/isc/random.c bind-9.15.7/lib/isc/random.c +--- ORIG.bind-9.15.7/lib/isc/random.c 2019-12-13 01:00:45.000000000 +0100 ++++ bind-9.15.7/lib/isc/random.c 2019-12-19 19:33:29.094385384 +0100 +@@ -82,6 +82,7 @@ + isc_random8(void) { + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); ++ return 1; + return (next() & 0xff); + } + +@@ -89,6 +90,7 @@ + isc_random16(void) { + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); ++ return 1; + return (next() & 0xffff); + } + +@@ -96,6 +98,7 @@ + isc_random32(void) { + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); ++ return 1; + return (next()); + } + +@@ -110,6 +113,13 @@ + RUNTIME_CHECK(isc_once_do(&isc_random_once, + isc_random_initialize) == ISC_R_SUCCESS); + ++ for (size_t z = 0; z < buflen; z++) { ++ char * b = (char*)buf; ++ b[z] = z + 1; ++ } ++ return; ++ ++ + for (i = 0; i + sizeof(r) <= buflen; i += sizeof(r)) { + r = next(); + memmove((uint8_t *)buf + i, &r, sizeof(r)); -- cgit v1.2.3 From e64761afe4b5f79b9452cf23ea7d9394e07766ff Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 28 Dec 2019 20:28:46 +0100 Subject: cmdline: a couple of small fixes --- cmdline.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/cmdline.c b/cmdline.c index 28367ad6..383b9ab9 100644 --- a/cmdline.c +++ b/cmdline.c @@ -54,7 +54,9 @@ struct custom_option { static bool checkFor_FILE_PLACEHOLDER(const char* const* args) { for (int x = 0; args[x]; x++) { - if (strstr(args[x], _HF_FILE_PLACEHOLDER)) return true; + if (strstr(args[x], _HF_FILE_PLACEHOLDER)) { + return true; + } } return false; } @@ -492,7 +494,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { // clang-format on struct option opts[ARRAYSIZE(custom_opts)]; - for (unsigned i = 0; i < ARRAYSIZE(custom_opts); i++) { + for (size_t i = 0; i < ARRAYSIZE(custom_opts); i++) { opts[i] = custom_opts[i].opt; } @@ -735,11 +737,10 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { display_createTargetStr(hfuzz); LOG_I("cmdline:'%s', bin:'%s' inputDir:'%s', fuzzStdin:%s, mutationsPerRun:%u, " - "externalCommand:'%s', timeout:%ld, mutationsMax:%zu, threadsMax:%zu", + "timeout:%ld, mutationsMax:%zu, threadsMax:%zu", hfuzz->display.cmdline_txt, hfuzz->exe.cmdline[0], hfuzz->io.inputDir, cmdlineYesNo(hfuzz->exe.fuzzStdin), hfuzz->mutate.mutationsPerRun, - !hfuzz->exe.externalCommand ? "" : hfuzz->exe.externalCommand, (long)hfuzz->timing.tmOut, - hfuzz->mutate.mutationsMax, hfuzz->threads.threadsMax); + (long)hfuzz->timing.tmOut, hfuzz->mutate.mutationsMax, hfuzz->threads.threadsMax); return true; } -- cgit v1.2.3 From 571a81f80fff6c47d79a4ca13b755e21e8ebe5b8 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 28 Dec 2019 20:29:56 +0100 Subject: cmdline: a couple of small fixes #2 --- cmdline.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index 383b9ab9..88f06738 100644 --- a/cmdline.c +++ b/cmdline.c @@ -504,7 +504,9 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { for (;;) { int c = getopt_long( argc, argv, "-?hQvVsuPxf:i:dqe:W:r:c:F:t:R:n:N:l:p:g:E:w:B:zMTS", opts, &opt_index); - if (c < 0) break; + if (c < 0) { + break; + } switch (c) { case 'h': -- cgit v1.2.3 From d7bb4fec07615eb6f66a6a19e7bcd0a8adbe67d1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 4 Jan 2020 16:12:34 +0100 Subject: Readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3be369ed..830acbdb 100644 --- a/README.md +++ b/README.md @@ -150,6 +150,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__libmutator__: a C library intended to generate random test cases by mutating legitimate test cases](https://github.com/denandz/libmutator) * [__StatZone__: a DNS zone file analyzer](https://github.com/fcambus/statzone) * [__shub-fuzz/honggfuzz__: singularity image for honggfuzz](https://github.com/shub-fuzz/honggfuzz) + * [__Code Intelligence__: fuzzing-as-a-service](https://www.code-intelligence.com/technology.html) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From 72229ad39fd4ffc947f8be2c06c59f5b7ab9fca0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 6 Jan 2020 22:24:30 +0100 Subject: input: use %* with scanf --- input.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/input.c b/input.c index 6f1859c1..fb782854 100644 --- a/input.c +++ b/input.c @@ -119,7 +119,7 @@ static bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) { LOG_W("No usable files in the input directory '%s'", hfuzz->io.inputDir); } - LOG_D("Re-read the '%s', maxFileSz:%zu, number of usable files:%zu", hfuzz->io.inputDir, + LOG_D("Analyzed '%s' directory: maxFileSz:%zu, number of usable files:%zu", hfuzz->io.inputDir, hfuzz->mutate.maxFileSz, hfuzz->io.fileCnt); rewinddir(hfuzz->io.inputDirPtr); @@ -201,6 +201,8 @@ bool input_init(honggfuzz_t* hfuzz) { } bool input_parseDictionary(honggfuzz_t* hfuzz) { + LOG_I("Parsing dictionary file '%s'", hfuzz->mutate.dictionaryFile); + FILE* fDict = fopen(hfuzz->mutate.dictionaryFile, "rb"); if (fDict == NULL) { PLOG_W("Couldn't open '%s' - R/O mode", hfuzz->mutate.dictionaryFile); @@ -233,15 +235,14 @@ bool input_parseDictionary(honggfuzz_t* hfuzz) { if (lineptr[0] == '\0') { continue; } - char bufn[1025] = {}; char bufv[1025] = {}; if (sscanf(lineptr, "\"%1024[^\"]", bufv) != 1 && - sscanf(lineptr, "%1024[^=]=\"%1024[^\"]", bufn, bufv) != 2) { + sscanf(lineptr, "%*1024[^=]=\"%1024[^\"]", bufv) != 1) { LOG_W("Incorrect dictionary entry: '%s'. Skipping", lineptr); continue; } - LOG_D("Parsing word: '%s'", bufv); + LOG_D("Parsing dictionary word: '%s'", bufv); len = util_decodeCString(bufv); struct strings_t* str = (struct strings_t*)util_Calloc(sizeof(struct strings_t) + len + 1); @@ -252,7 +253,8 @@ bool input_parseDictionary(honggfuzz_t* hfuzz) { LOG_D("Dictionary: loaded word: '%s' (len=%zu)", str->s, str->len); } - LOG_I("Loaded %zu words from the dictionary", hfuzz->mutate.dictionaryCnt); + LOG_I("Loaded %zu words from the dictionary '%s'", hfuzz->mutate.dictionaryCnt, + hfuzz->mutate.dictionaryFile); return true; } -- cgit v1.2.3 From 352fe4d0cb0831f157056007e722efa7e455787f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 7 Jan 2020 17:37:53 +0100 Subject: cmdline: check for -n value --- cmdline.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cmdline.c b/cmdline.c index 88f06738..bd4bd752 100644 --- a/cmdline.c +++ b/cmdline.c @@ -222,6 +222,10 @@ static bool cmdlineVerify(honggfuzz_t* hfuzz) { hfuzz->threads.threadsMax, _HF_THREAD_MAX); return false; } + if (hfuzz->threads.threadsMax == 0) { + LOG_E("Too few fuzzing threads specified: %zu)", hfuzz->threads.threadsMax); + return false; + } if (strchr(hfuzz->io.fileExtn, '/')) { LOG_E("The file extension contains the '/' character: '%s'", hfuzz->io.fileExtn); @@ -604,6 +608,10 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { long ncpus = sysconf(_SC_NPROCESSORS_ONLN); hfuzz->threads.threadsMax = (ncpus < 1 ? 1 : ncpus); } else { + if (!util_isANumber(optarg)) { + LOG_E("'-n %s' is not a number", optarg); + return false; + } hfuzz->threads.threadsMax = atol(optarg); } break; -- cgit v1.2.3 From 44e8b8d04a661ee0b6468f582fa341fba5ba9ed9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 7 Jan 2020 17:38:31 +0100 Subject: cmdline: check for -n value #2 - typo --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index bd4bd752..c9d78243 100644 --- a/cmdline.c +++ b/cmdline.c @@ -223,7 +223,7 @@ static bool cmdlineVerify(honggfuzz_t* hfuzz) { return false; } if (hfuzz->threads.threadsMax == 0) { - LOG_E("Too few fuzzing threads specified: %zu)", hfuzz->threads.threadsMax); + LOG_E("Too few fuzzing threads specified: %zu", hfuzz->threads.threadsMax); return false; } -- cgit v1.2.3 From f74ecab420f87839b5f4249a4b5200fd111e9b39 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 7 Jan 2020 17:40:15 +0100 Subject: cmdline: accept hex values for -n --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index c9d78243..d95a9c13 100644 --- a/cmdline.c +++ b/cmdline.c @@ -612,7 +612,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { LOG_E("'-n %s' is not a number", optarg); return false; } - hfuzz->threads.threadsMax = atol(optarg); + hfuzz->threads.threadsMax = strtoul(optarg, NULL, 0); } break; case 0x109: { -- cgit v1.2.3 From 91e437185e7e83811b8385d0db66923ce874bdc5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 8 Jan 2020 23:26:20 +0100 Subject: linux/bfd: make it work with bfd-2.33 --- linux/bfd.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/linux/bfd.c b/linux/bfd.c index b387d405..bcdd7f75 100644 --- a/linux/bfd.c +++ b/linux/bfd.c @@ -122,8 +122,13 @@ void arch_bfdDemangle(funcs_t* funcs, size_t funcCnt) { static struct bfd_section* arch_getSectionForPc(bfd* bfdh, uint64_t pc) { for (struct bfd_section* section = bfdh->sections; section; section = section->next) { +#if defined(bfd_get_section_vma) uintptr_t vma = (uintptr_t)bfd_get_section_vma(bfdh, section); uintptr_t sz = (uintptr_t)bfd_get_section_size(section); +#else /* defined(bfd_get_section_vma) */ + uintptr_t vma = (uintptr_t)bfd_section_vma(section); + uintptr_t sz = (uintptr_t)bfd_section_size(section); +#endif /* defined(bfd_get_section_vma) */ if ((pc > vma) && (pc < (vma + sz))) { return section; } @@ -160,7 +165,11 @@ void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num) { continue; } +#if defined(bfd_get_section_vma) long sec_offset = (long)funcs[i].pc - bfd_get_section_vma(bfdParams.bfdh, section); +#else /* defined(bfd_get_section_vma) */ + long sec_offset = (long)funcs[i].pc - bfd_section_vma(section); +#endif /* defined(bfd_get_section_vma) */ if (bfd_find_nearest_line( bfdParams.bfdh, section, bfdParams.syms, sec_offset, &file, &func, &line) == TRUE) { -- cgit v1.2.3 From 525515613aad443b80e10019db18bf48766857b4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 8 Jan 2020 23:37:04 +0100 Subject: linux/bfd: make it work with bfd-2.33 - simpler solution --- linux/bfd.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/linux/bfd.c b/linux/bfd.c index bcdd7f75..ebe38a60 100644 --- a/linux/bfd.c +++ b/linux/bfd.c @@ -40,6 +40,13 @@ #include "libhfcommon/log.h" #include "libhfcommon/util.h" +#if !defined(bfd_get_section_size) +#define bfd_get_section_size(section) bfd_section_size(section) +#endif /* !defined(bfd_get_section_size) */ +#if !defined(bfd_get_section_vma) +#define bfd_get_section_vma(ptr, section) bfd_section_vma(section) +#endif /* !defined(bfd_get_section_size) */ + typedef struct { bfd* bfdh; asymbol** syms; @@ -122,13 +129,8 @@ void arch_bfdDemangle(funcs_t* funcs, size_t funcCnt) { static struct bfd_section* arch_getSectionForPc(bfd* bfdh, uint64_t pc) { for (struct bfd_section* section = bfdh->sections; section; section = section->next) { -#if defined(bfd_get_section_vma) uintptr_t vma = (uintptr_t)bfd_get_section_vma(bfdh, section); uintptr_t sz = (uintptr_t)bfd_get_section_size(section); -#else /* defined(bfd_get_section_vma) */ - uintptr_t vma = (uintptr_t)bfd_section_vma(section); - uintptr_t sz = (uintptr_t)bfd_section_size(section); -#endif /* defined(bfd_get_section_vma) */ if ((pc > vma) && (pc < (vma + sz))) { return section; } @@ -165,11 +167,7 @@ void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num) { continue; } -#if defined(bfd_get_section_vma) long sec_offset = (long)funcs[i].pc - bfd_get_section_vma(bfdParams.bfdh, section); -#else /* defined(bfd_get_section_vma) */ - long sec_offset = (long)funcs[i].pc - bfd_section_vma(section); -#endif /* defined(bfd_get_section_vma) */ if (bfd_find_nearest_line( bfdParams.bfdh, section, bfdParams.syms, sec_offset, &file, &func, &line) == TRUE) { -- cgit v1.2.3 From 67db30a280ff46335b2ef9aaf71fa4c8cb89005b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 9 Jan 2020 15:23:44 +0100 Subject: make instrumentUpdateCmpMap return a value of whether updated cmp goodness was better --- libhfuzz/instrument.c | 4 +++- libhfuzz/instrument.h | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index a60415c5..70de9c02 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -388,11 +388,13 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { } } -void instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { +bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { uintptr_t pos = addr % _HF_PERF_BITMAP_SIZE_16M; uint32_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(feedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(feedback->pidFeedbackCmp[my_thread_no], v - prev); + return true; } + return false; } diff --git a/libhfuzz/instrument.h b/libhfuzz/instrument.h index 87647fce..c8b09390 100644 --- a/libhfuzz/instrument.h +++ b/libhfuzz/instrument.h @@ -25,8 +25,10 @@ #define _HF_LIBHFUZZ_INSTRUMENT_H_ #include +#include -void instrumentUpdateCmpMap(uintptr_t addr, uint32_t v); +/* Returns true if the new value is better */ +bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v); void instrumentClearNewCov(); #endif /* ifdef _HF_LIBHFUZZ_INSTRUMENT_H_ */ -- cgit v1.2.3 From b469fd844d093c37ffd81922262627163b7ea73e Mon Sep 17 00:00:00 2001 From: alexandru totolici Date: Thu, 9 Jan 2020 15:01:53 -0800 Subject: Support compilation on macOS 10.15 (Catalina) Apple didn't change the CrashReporter for Catalina (verified via Apple Dev download of the zip file containing these) therefore this change should be sufficient to support 10.15. Fixes #294 --- Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 2e5c3ea1..f1e63cfe 100644 --- a/Makefile +++ b/Makefile @@ -78,7 +78,9 @@ else ifeq ($(OS),Darwin) # Figure out which crash reporter to use. CRASHWRANGLER := third_party/mac OS_VERSION := $(shell sw_vers -productVersion) - ifneq (,$(findstring 10.14,$(OS_VERSION))) + ifneq (,$(findstring 10.15,$(OS_VERSION))) + CRASH_REPORT := $(CRASHWRANGLER)/CrashReport_Sierra.o + else ifneq (,$(findstring 10.14,$(OS_VERSION))) CRASH_REPORT := $(CRASHWRANGLER)/CrashReport_Sierra.o else ifneq (,$(findstring 10.13,$(OS_VERSION))) CRASH_REPORT := $(CRASHWRANGLER)/CrashReport_Sierra.o -- cgit v1.2.3 From 09aa445897d7650d3cac23865a13a5926ac10dd1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 17 Jan 2020 23:55:50 +0100 Subject: Fix regression described in https://github.com/google/honggfuzz/issues/299 Using MAP_POPULATE makes it slower to run fuzzing when execve is called repeatedly (in non-persistent modes). --- libhfcommon/files.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 35d0c7ef..e644dc49 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -299,9 +299,6 @@ int files_getTmpMapFlags(int flag, bool nocore) { #if defined(MAP_PREFAULT_READ) flag |= MAP_PREFAULT_READ; #endif /* defined(MAP_PREFAULT_READ) */ -#if defined(MAP_POPULATE) - flag |= MAP_POPULATE; -#endif /* defined(MAP_POPULATE) */ if (nocore) { #if defined(MAP_CONCEAL) flag |= MAP_CONCEAL; -- cgit v1.2.3 From c2e80779a414c473df0bff88e3e130548665cc60 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 18 Jan 2020 00:01:04 +0100 Subject: libhfcommon/files: pre-faulting memory is not a good idea if repeated exeve is called in non-persistent modes. Remove it then alltogether --- libhfcommon/files.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index e644dc49..076fc41a 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -295,10 +295,6 @@ int files_getTmpMapFlags(int flag, bool nocore) { /* Our shared/mmap'd pages can have mutexes in them */ flag |= MAP_HASSEMAPHORE; #endif /* defined(MAP_HASSEMAPHORE) */ - /* Avoid mapping the memory lazily */ -#if defined(MAP_PREFAULT_READ) - flag |= MAP_PREFAULT_READ; -#endif /* defined(MAP_PREFAULT_READ) */ if (nocore) { #if defined(MAP_CONCEAL) flag |= MAP_CONCEAL; -- cgit v1.2.3 From ce13a2f0e0b8f487d6707a0de94b0b99328002b3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 18 Jan 2020 00:06:04 +0100 Subject: socketfuzzer/vulnserver_cov: check for failing malloc() --- socketfuzzer/vulnserver_cov.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/socketfuzzer/vulnserver_cov.c b/socketfuzzer/vulnserver_cov.c index 89c7c716..cd34efd3 100644 --- a/socketfuzzer/vulnserver_cov.c +++ b/socketfuzzer/vulnserver_cov.c @@ -24,6 +24,9 @@ void handleData1(char *data, int len) { /* Third message is heap overflow */ void handleData2(char *data, int len) { char *buff = malloc(8); + if (!buff) { + abort(); + } bzero(buff, 8); memcpy(buff, data, len); printf("# vulnserver_cov: Handledata2: %s\n", buff); -- cgit v1.2.3 From 36ddc3bbc4402a7a1a680986cb40e963f4aa1311 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 19 Jan 2020 20:08:01 +0100 Subject: */arch.c: fix https://github.com/google/honggfuzz/issues/302 - check ret value of strstr --- linux/arch.c | 9 +++++---- mac/arch.c | 9 +++++---- netbsd/arch.c | 9 +++++---- posix/arch.c | 9 +++++---- 4 files changed, 20 insertions(+), 16 deletions(-) diff --git a/linux/arch.c b/linux/arch.c index 526058ed..a18175d5 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -146,12 +146,13 @@ bool arch_launchChild(run_t* run) { int x = 0; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { + const char* ph_str = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { args[x] = inputFile; - } else if (strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { - const char* off = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); - snprintf(argData, sizeof(argData), "%.*s%s", (int)(off - run->global->exe.cmdline[x]), - run->global->exe.cmdline[x], inputFile); + } else if (ph_str) { + snprintf(argData, sizeof(argData), "%.*s%s", + (int)(ph_str - run->global->exe.cmdline[x]), run->global->exe.cmdline[x], + inputFile); args[x] = argData; } else { args[x] = run->global->exe.cmdline[x]; diff --git a/mac/arch.c b/mac/arch.c index 49075725..cd392b7c 100644 --- a/mac/arch.c +++ b/mac/arch.c @@ -296,12 +296,13 @@ bool arch_launchChild(run_t* run) { int x; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { + const char* ph_str = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { args[x] = inputFile; - } else if (strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { - const char* off = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); - snprintf(argData, sizeof(argData), "%.*s%s", (int)(off - run->global->exe.cmdline[x]), - run->global->exe.cmdline[x], inputFile); + } else if (ph_str) { + snprintf(argData, sizeof(argData), "%.*s%s", + (int)(ph_str - run->global->exe.cmdline[x]), run->global->exe.cmdline[x], + inputFile); args[x] = argData; } else { args[x] = run->global->exe.cmdline[x]; diff --git a/netbsd/arch.c b/netbsd/arch.c index d11bdf1b..d6d5440c 100644 --- a/netbsd/arch.c +++ b/netbsd/arch.c @@ -81,12 +81,13 @@ bool arch_launchChild(run_t* run) { int x = 0; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { + const char* ph_str = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { args[x] = inputFile; - } else if (strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { - const char* off = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); - snprintf(argData, sizeof(argData), "%.*s%s", (int)(off - run->global->exe.cmdline[x]), - run->global->exe.cmdline[x], inputFile); + } else if (ph_str) { + snprintf(argData, sizeof(argData), "%.*s%s", + (int)(ph_str - run->global->exe.cmdline[x]), run->global->exe.cmdline[x], + inputFile); args[x] = argData; } else { args[x] = run->global->exe.cmdline[x]; diff --git a/posix/arch.c b/posix/arch.c index 1e87b9bd..cdf48659 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -187,12 +187,13 @@ bool arch_launchChild(run_t* run) { int x; for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { + const char* ph_str = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { args[x] = inputFile; - } else if (strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { - const char* off = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); - snprintf(argData, sizeof(argData), "%.*s%s", (int)(off - run->global->exe.cmdline[x]), - run->global->exe.cmdline[x], inputFile); + } else if (ph_str) { + snprintf(argData, sizeof(argData), "%.*s%s", + (int)(ph_str - run->global->exe.cmdline[x]), run->global->exe.cmdline[x], + inputFile); args[x] = argData; } else { args[x] = run->global->exe.cmdline[x]; -- cgit v1.2.3 From 9d11e5aeb7e654db9c9c877980fcb4497bd81c3c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 20 Jan 2020 00:50:54 +0100 Subject: subproc: move argument generation to subproc.c --- honggfuzz.h | 7 +++++++ linux/arch.c | 31 +++++-------------------------- mac/arch.c | 26 +++----------------------- netbsd/arch.c | 29 ++++------------------------- posix/arch.c | 26 +++----------------------- subproc.c | 17 +++++++++++++++++ 6 files changed, 39 insertions(+), 97 deletions(-) diff --git a/honggfuzz.h b/honggfuzz.h index c8f90594..5266d7c1 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -82,6 +82,12 @@ /* FD used to pass data to a persistent process */ #define _HF_PERSISTENT_FD 1023 +/* Input file as a string */ +#define _HF_INPUT_FILE_PATH "/dev/fd/" HF_XSTR(_HF_INPUT_FD) + +/* Maximum number of supported execve() args */ +#define _HF_ARGS_MAX 512 + /* Message indicating that the fuzzed process is ready for new data */ static const uint8_t HFReadyTag = 'R'; @@ -339,6 +345,7 @@ typedef struct { bool waitingForReady; runState_t runState; bool tmOutSignaled; + char* args[_HF_ARGS_MAX + 1]; #if !defined(_HF_ARCH_DARWIN) timer_t timerId; #endif // !defined(_HF_ARCH_DARWIN) diff --git a/linux/arch.c b/linux/arch.c index a18175d5..42699ecc 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -139,29 +139,8 @@ bool arch_launchChild(run_t* run) { PLOG_D("personality(ADDR_NO_RANDOMIZE) failed"); } -#define ARGS_MAX 512 - const char* args[ARGS_MAX + 2]; - char argData[PATH_MAX]; - const char inputFile[] = "/dev/fd/" HF_XSTR(_HF_INPUT_FD); - - int x = 0; - for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { - const char* ph_str = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); - if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { - args[x] = inputFile; - } else if (ph_str) { - snprintf(argData, sizeof(argData), "%.*s%s", - (int)(ph_str - run->global->exe.cmdline[x]), run->global->exe.cmdline[x], - inputFile); - args[x] = argData; - } else { - args[x] = run->global->exe.cmdline[x]; - } - } - args[x++] = NULL; - - LOG_D("Launching '%s' on file '%s'", args[0], - run->global->exe.persistent ? "PERSISTENT_MODE" : inputFile); + LOG_D("Launching '%s' on file '%s'", run->args[0], + run->global->exe.persistent ? "PERSISTENT_MODE" : _HF_INPUT_FILE_PATH); /* alarms persist across execve(), so disable it here */ alarm(0); @@ -171,13 +150,13 @@ bool arch_launchChild(run_t* run) { LOG_F("Couldn't stop itself"); } #if defined(__NR_execveat) - syscall(__NR_execveat, run->global->linux.exeFd, "", args, environ, AT_EMPTY_PATH); + syscall(__NR_execveat, run->global->linux.exeFd, "", run->args, environ, AT_EMPTY_PATH); #endif /* defined__NR_execveat) */ - execve(args[0], (char* const*)args, environ); + execve(run->args[0], (char* const*)run->args, environ); int errno_cpy = errno; alarm(1); - LOG_E("execve('%s', fd=%d): %s", args[0], run->global->linux.exeFd, strerror(errno_cpy)); + LOG_E("execve('%s', fd=%d): %s", run->args[0], run->global->linux.exeFd, strerror(errno_cpy)); return false; } diff --git a/mac/arch.c b/mac/arch.c index cd392b7c..82e52f7e 100644 --- a/mac/arch.c +++ b/mac/arch.c @@ -289,28 +289,8 @@ pid_t arch_fork(run_t* run HF_ATTR_UNUSED) { } bool arch_launchChild(run_t* run) { -#define ARGS_MAX 512 - const char* args[ARGS_MAX + 2]; - char argData[PATH_MAX]; - const char inputFile[] = "/dev/fd/" HF_XSTR(_HF_INPUT_FD); - - int x; - for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { - const char* ph_str = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); - if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { - args[x] = inputFile; - } else if (ph_str) { - snprintf(argData, sizeof(argData), "%.*s%s", - (int)(ph_str - run->global->exe.cmdline[x]), run->global->exe.cmdline[x], - inputFile); - args[x] = argData; - } else { - args[x] = run->global->exe.cmdline[x]; - } - } - args[x++] = NULL; - - LOG_D("Launching '%s'", args[0]); + LOG_D("Launching '%s' on file '%s'", run->args[0], + run->global->exe.persistent ? "PERSISTENT_MODE" : _HF_INPUT_FILE_PATH); /* * Get child's bootstrap port. @@ -340,7 +320,7 @@ bool arch_launchChild(run_t* run) { /* alarm persists across forks, so disable it here */ alarm(0); - execvp(args[0], (char* const*)args); + execvp(run->args[0], (char* const*)run->args); alarm(1); return false; diff --git a/netbsd/arch.c b/netbsd/arch.c index d6d5440c..ad1b8e96 100644 --- a/netbsd/arch.c +++ b/netbsd/arch.c @@ -74,29 +74,8 @@ pid_t arch_fork(run_t* run HF_ATTR_UNUSED) { } bool arch_launchChild(run_t* run) { -#define ARGS_MAX 512 - const char* args[ARGS_MAX + 2]; - char argData[PATH_MAX]; - const char inputFile[] = "/dev/fd/" HF_XSTR(_HF_INPUT_FD); - - int x = 0; - for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { - const char* ph_str = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); - if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { - args[x] = inputFile; - } else if (ph_str) { - snprintf(argData, sizeof(argData), "%.*s%s", - (int)(ph_str - run->global->exe.cmdline[x]), run->global->exe.cmdline[x], - inputFile); - args[x] = argData; - } else { - args[x] = run->global->exe.cmdline[x]; - } - } - args[x++] = NULL; - - LOG_D("Launching '%s' on file '%s'", args[0], - run->global->exe.persistent ? "PERSISTENT_MODE" : inputFile); + LOG_D("Launching '%s' on file '%s'", run->args[0], + run->global->exe.persistent ? "PERSISTENT_MODE" : _HF_INPUT_FILE_PATH); /* alarms persist across execve(), so disable it here */ alarm(0); @@ -106,11 +85,11 @@ bool arch_launchChild(run_t* run) { LOG_F("Couldn't stop itself"); } - execve(args[0], (char* const*)args, environ); + execve(run->args[0], (char* const*)run->args, environ); int errno_cpy = errno; alarm(1); - LOG_E("execve('%s'): %s", args[0], strerror(errno_cpy)); + LOG_E("execve('%s'): %s", run->args[0], strerror(errno_cpy)); return false; } diff --git a/posix/arch.c b/posix/arch.c index cdf48659..9b0d8831 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -180,32 +180,12 @@ pid_t arch_fork(run_t* fuzzer HF_ATTR_UNUSED) { } bool arch_launchChild(run_t* run) { -#define ARGS_MAX 512 - const char* args[ARGS_MAX + 2]; - char argData[PATH_MAX]; - const char inputFile[] = "/dev/fd/" HF_XSTR(_HF_INPUT_FD); - - int x; - for (x = 0; x < ARGS_MAX && x < run->global->exe.argc; x++) { - const char* ph_str = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); - if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { - args[x] = inputFile; - } else if (ph_str) { - snprintf(argData, sizeof(argData), "%.*s%s", - (int)(ph_str - run->global->exe.cmdline[x]), run->global->exe.cmdline[x], - inputFile); - args[x] = argData; - } else { - args[x] = run->global->exe.cmdline[x]; - } - } - args[x++] = NULL; - - LOG_D("Launching '%s' on file '%s'", args[0], inputFile); + LOG_D("Launching '%s' on file '%s'", run->args[0], + run->global->exe.persistent ? "PERSISTENT_MODE" : _HF_INPUT_FILE_PATH); /* alarm persists across forks, so disable it here */ alarm(0); - execvp(args[0], (char* const*)args); + execvp(run->args[0], (char* const*)run->args); alarm(1); return false; diff --git a/subproc.c b/subproc.c index 492911e0..6ecc611b 100644 --- a/subproc.c +++ b/subproc.c @@ -290,6 +290,23 @@ static bool subproc_PrepareExecv(run_t* run) { return false; } + static __thread char argData[PATH_MAX]; + int x = 0; + for (x = 0; x < _HF_ARGS_MAX && x < run->global->exe.argc; x++) { + const char* ph_str = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); + if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { + run->args[x] = _HF_INPUT_FILE_PATH; + } else if (ph_str) { + snprintf(argData, sizeof(argData), "%.*s%s", + (int)(ph_str - run->global->exe.cmdline[x]), run->global->exe.cmdline[x], + _HF_INPUT_FILE_PATH); + run->args[x] = argData; + } else { + run->args[x] = (char*)run->global->exe.cmdline[x]; + } + } + run->args[x++] = NULL; + return true; } -- cgit v1.2.3 From 903b627fde1a4a2dce85f65de43056f32bedb1b3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 20 Jan 2020 15:22:02 +0100 Subject: subproc: move execve argument preparation into a separate func --- linux/arch.c | 4 ++-- subproc.c | 38 +++++++++++++++++++++----------------- 2 files changed, 23 insertions(+), 19 deletions(-) diff --git a/linux/arch.c b/linux/arch.c index 42699ecc..8f1ee600 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -248,10 +248,10 @@ void arch_reapChild(run_t* run) { const struct timespec ts = { .tv_sec = 0ULL, - .tv_nsec = (1000ULL * 1000ULL * 250ULL), + .tv_nsec = (1000ULL * 1000ULL * 100ULL), }; /* Return with SIGIO, SIGCHLD */ - int sig = sigtimedwait(&run->global->exe.waitSigSet, NULL, &ts /* 0.25s */); + int sig = sigtimedwait(&run->global->exe.waitSigSet, NULL, &ts /* 0.1s */); if (sig == -1 && (errno != EAGAIN && errno != EINTR)) { PLOG_F("sigwaitinfo(SIGIO|SIGCHLD)"); } diff --git a/subproc.c b/subproc.c index 6ecc611b..9691af5d 100644 --- a/subproc.c +++ b/subproc.c @@ -183,6 +183,26 @@ bool subproc_persistentModeStateMachine(run_t* run) { } } +static void subproc_prepareExecvArgs(run_t* run) { + size_t x = 0; + for (x = 0; x < _HF_ARGS_MAX && x < (size_t)run->global->exe.argc; x++) { + const char* ph_str = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); + if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { + run->args[x] = _HF_INPUT_FILE_PATH; + } else if (ph_str) { + static __thread char argData[PATH_MAX]; + snprintf(argData, sizeof(argData), "%.*s%s", + (int)(ph_str - run->global->exe.cmdline[x]), run->global->exe.cmdline[x], + _HF_INPUT_FILE_PATH); + run->args[x] = argData; + } else { + run->args[x] = (char*)run->global->exe.cmdline[x]; + } + } + run->args[x] = NULL; +} + + static bool subproc_PrepareExecv(run_t* run) { /* * The address space limit. If big enough - roughly the size of RAM used @@ -290,23 +310,7 @@ static bool subproc_PrepareExecv(run_t* run) { return false; } - static __thread char argData[PATH_MAX]; - int x = 0; - for (x = 0; x < _HF_ARGS_MAX && x < run->global->exe.argc; x++) { - const char* ph_str = strstr(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER); - if (!strcmp(run->global->exe.cmdline[x], _HF_FILE_PLACEHOLDER)) { - run->args[x] = _HF_INPUT_FILE_PATH; - } else if (ph_str) { - snprintf(argData, sizeof(argData), "%.*s%s", - (int)(ph_str - run->global->exe.cmdline[x]), run->global->exe.cmdline[x], - _HF_INPUT_FILE_PATH); - run->args[x] = argData; - } else { - run->args[x] = (char*)run->global->exe.cmdline[x]; - } - } - run->args[x++] = NULL; - + subproc_prepareExecvArgs(run); return true; } -- cgit v1.2.3 From 365ca5be8626a65cc4fd398d14102a157aaa0264 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 20 Jan 2020 16:00:45 +0100 Subject: arch: move arch.c logging to subproc.c --- linux/arch.c | 3 --- mac/arch.c | 5 +++-- netbsd/arch.c | 3 --- posix/arch.c | 3 --- subproc.c | 6 +++++- 5 files changed, 8 insertions(+), 12 deletions(-) diff --git a/linux/arch.c b/linux/arch.c index 8f1ee600..d4a949c8 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -139,9 +139,6 @@ bool arch_launchChild(run_t* run) { PLOG_D("personality(ADDR_NO_RANDOMIZE) failed"); } - LOG_D("Launching '%s' on file '%s'", run->args[0], - run->global->exe.persistent ? "PERSISTENT_MODE" : _HF_INPUT_FILE_PATH); - /* alarms persist across execve(), so disable it here */ alarm(0); diff --git a/mac/arch.c b/mac/arch.c index 82e52f7e..b5f059c8 100644 --- a/mac/arch.c +++ b/mac/arch.c @@ -289,8 +289,9 @@ pid_t arch_fork(run_t* run HF_ATTR_UNUSED) { } bool arch_launchChild(run_t* run) { - LOG_D("Launching '%s' on file '%s'", run->args[0], - run->global->exe.persistent ? "PERSISTENT_MODE" : _HF_INPUT_FILE_PATH); + LOG_D("Launching '%s' on file '%s' (%s mode)", run->args[0], + run->global->exe.persistent ? "PERSISTENT_MODE" : _HF_INPUT_FILE_PATH, + run->global->exe.fuzzStdin ? "stdin" : "file"); /* * Get child's bootstrap port. diff --git a/netbsd/arch.c b/netbsd/arch.c index ad1b8e96..ab528557 100644 --- a/netbsd/arch.c +++ b/netbsd/arch.c @@ -74,9 +74,6 @@ pid_t arch_fork(run_t* run HF_ATTR_UNUSED) { } bool arch_launchChild(run_t* run) { - LOG_D("Launching '%s' on file '%s'", run->args[0], - run->global->exe.persistent ? "PERSISTENT_MODE" : _HF_INPUT_FILE_PATH); - /* alarms persist across execve(), so disable it here */ alarm(0); diff --git a/posix/arch.c b/posix/arch.c index 9b0d8831..738124d3 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -180,9 +180,6 @@ pid_t arch_fork(run_t* fuzzer HF_ATTR_UNUSED) { } bool arch_launchChild(run_t* run) { - LOG_D("Launching '%s' on file '%s'", run->args[0], - run->global->exe.persistent ? "PERSISTENT_MODE" : _HF_INPUT_FILE_PATH); - /* alarm persists across forks, so disable it here */ alarm(0); execvp(run->args[0], (char* const*)run->args); diff --git a/subproc.c b/subproc.c index 9691af5d..48ffd5c0 100644 --- a/subproc.c +++ b/subproc.c @@ -202,7 +202,6 @@ static void subproc_prepareExecvArgs(run_t* run) { run->args[x] = NULL; } - static bool subproc_PrepareExecv(run_t* run) { /* * The address space limit. If big enough - roughly the size of RAM used @@ -372,6 +371,11 @@ static bool subproc_New(run_t* run) { LOG_E("subproc_PrepareExecv() failed"); exit(EXIT_FAILURE); } + + LOG_D("Launching '%s' on file '%s' (%s mode)", run->args[0], + run->global->exe.persistent ? "PERSISTENT_MODE" : _HF_INPUT_FILE_PATH, + run->global->exe.fuzzStdin ? "stdin" : "file"); + if (!arch_launchChild(run)) { LOG_E("Error launching child process"); kill(run->global->threads.mainPid, SIGTERM); -- cgit v1.2.3 From 8c9fd73836d0e70b482a4ebbaa90787a8084eaac Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 20 Jan 2020 18:08:33 +0100 Subject: fuzz: correct LOG_E messages --- fuzz.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fuzz.c b/fuzz.c index cd1ea9f5..00a6cfe6 100644 --- a/fuzz.c +++ b/fuzz.c @@ -335,16 +335,16 @@ static bool fuzz_fetchInput(run_t* run) { if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MAIN) { if (run->global->exe.externalCommand) { if (!input_prepareExternalFile(run)) { - LOG_E("input_prepareFileExternally() failed"); + LOG_E("input_prepareExternalFile() failed"); return false; } } else if (run->global->exe.feedbackMutateCommand) { if (!input_prepareDynamicInput(run, false)) { - LOG_E("input_prepareFileDynamically() failed"); + LOG_E("input_prepareDynamicInput(() failed"); return false; } } else if (!input_prepareDynamicInput(run, true)) { - LOG_E("input_prepareFileDynamically() failed"); + LOG_E("input_prepareDynamicInput() failed"); return false; } } @@ -352,16 +352,16 @@ static bool fuzz_fetchInput(run_t* run) { if (fuzz_getState(run->global) == _HF_STATE_STATIC) { if (run->global->exe.externalCommand) { if (!input_prepareExternalFile(run)) { - LOG_E("input_prepareFileExternally() failed"); + LOG_E("input_prepareExternalFile() failed"); return false; } } else if (run->global->exe.feedbackMutateCommand) { if (!input_prepareStaticFile(run, true, false)) { - LOG_E("input_prepareFileDynamically() failed"); + LOG_E("input_prepareStaticFile() failed"); return false; } } else if (!input_prepareStaticFile(run, true /* rewind */, true)) { - LOG_E("input_prepareFile() failed"); + LOG_E("input_prepareStaticFile() failed"); return false; } } -- cgit v1.2.3 From f07067a69c9fc281f9aa30fdb57ab2ad5e398b6f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 31 Jan 2020 09:45:47 +0100 Subject: readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 830acbdb..0b4b7be1 100644 --- a/README.md +++ b/README.md @@ -151,6 +151,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__StatZone__: a DNS zone file analyzer](https://github.com/fcambus/statzone) * [__shub-fuzz/honggfuzz__: singularity image for honggfuzz](https://github.com/shub-fuzz/honggfuzz) * [__Code Intelligence__: fuzzing-as-a-service](https://www.code-intelligence.com/technology.html) + * [__SpecFuzz__: fuzzing for Spectre vulnerabilities](https://github.com/OleksiiOleksenko/SpecFuzz) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From fc4bd025e6b988f4f6960a7195f007b3fd06d8ff Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 4 Feb 2020 15:34:02 +0100 Subject: Readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0b4b7be1..d397007e 100644 --- a/README.md +++ b/README.md @@ -85,7 +85,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * Stack corruption issues in the Windows OpenType parser: [#1](https://github.com/xinali/AfdkoFuzz/blob/4eadcb19eacb2fb73e4b0f0b34f382a9331bb3b4/CrashesAnalysis/CrashesAnalysis_3/README.md), [#2](https://github.com/xinali/AfdkoFuzz/blob/master/CVE-2019-1117/README.md), [#3](https://github.com/xinali/AfdkoFuzz/tree/f6d6562dd19403cc5a1f8cef603ee69425b68b20/CVE-2019-1118) * [Infinite loop in __NGINX Unit__](https://github.com/nginx/unit/commit/477e8177b70acb694759e62d830b8a311a736324) * A couple of problems in the [__MATLAB MAT File I/O Library__](https://sourceforge.net/projects/matio): [#1](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#2](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#3](https://github.com/tbeu/matio/commit/a55b9c2c01582b712d5a643699a13b5c41687db1), [#4](https://github.com/tbeu/matio/commit/3e6283f37652e29e457ab9467f7738a562594b6b), [#5](https://github.com/tbeu/matio/commit/783ee496a6914df68e77e6019054ad91e8ed6420) - * __Samba__ [tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206), [#2](https://github.com/samba-team/samba/commit/183da1f9fda6f58cdff5cefad133a86462d5942a), [#3](https://github.com/samba-team/samba/commit/33e9021cbee4c17ee2f11d02b99902a742d77293), [#4](https://github.com/samba-team/samba/commit/ac1be895d2501dc79dcff2c1e03549fe5b5a930c), [#5](https://github.com/samba-team/samba/commit/b1eda993b658590ebb0a8225e448ce399946ed83), [#6](https://github.com/samba-team/samba/commit/f7f92803f600f8d302cdbb668c42ca8b186a797f) + * __Samba__ [tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206), [#2](https://github.com/samba-team/samba/commit/183da1f9fda6f58cdff5cefad133a86462d5942a), [#3](https://github.com/samba-team/samba/commit/33e9021cbee4c17ee2f11d02b99902a742d77293), [#4](https://github.com/samba-team/samba/commit/ac1be895d2501dc79dcff2c1e03549fe5b5a930c), [#5](https://github.com/samba-team/samba/commit/b1eda993b658590ebb0a8225e448ce399946ed83), [#6](https://github.com/samba-team/samba/commit/f7f92803f600f8d302cdbb668c42ca8b186a797f) [CVE-2019-14907](https://www.samba.org/samba/security/CVE-2019-14907.html) * [Crash in __djvulibre__](https://github.com/barak/djvulibre/commit/89d71b01d606e57ecec2c2930c145bb20ba5bbe3) * [Multiple crashes in __VLC__](https://www.pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to/) * [Buffer overflow in __ClassiCube__](https://github.com/UnknownShadow200/ClassiCube/issues/591) @@ -97,6 +97,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [Memory corruption in __OpenDetex__](https://github.com/pkubowicz/opendetex/issues/60) * [Memory corruption in __Yabasic__](https://github.com/marcIhm/yabasic/issues/36) * [Memory corruption in __Xfig__](https://sourceforge.net/p/mcj/tickets/67/) + * [Memory corruption in __LibreOffice__](https://github.com/LibreOffice/core/commit/0754e581b0d8569dd08cf26f88678754f249face) * __Rust__: * panic() in regex [#1](https://github.com/rust-lang/regex/issues/464), [#2](https://github.com/rust-lang/regex/issues/465), [#3](https://github.com/rust-lang/regex/issues/465#issuecomment-381412816) * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) -- cgit v1.2.3 From fac84e29ccc7040f81875b750e839a82086abab4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 4 Feb 2020 15:45:07 +0100 Subject: Readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d397007e..b7b8b04d 100644 --- a/README.md +++ b/README.md @@ -153,6 +153,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__shub-fuzz/honggfuzz__: singularity image for honggfuzz](https://github.com/shub-fuzz/honggfuzz) * [__Code Intelligence__: fuzzing-as-a-service](https://www.code-intelligence.com/technology.html) * [__SpecFuzz__: fuzzing for Spectre vulnerabilities](https://github.com/OleksiiOleksenko/SpecFuzz) + * [__EIP1962Fuzzing__: Fuzzy testing of various EIP1962 implementations](https://github.com/matter-labs/eip1962_fuzzing) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From a37add994f08106c507b889dbb7bba927314e682 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 5 Feb 2020 15:47:29 +0100 Subject: display: write the graphical output in one go --- display.c | 72 ++++++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 41 insertions(+), 31 deletions(-) diff --git a/display.c b/display.c index a02e6ee4..bd06baa3 100644 --- a/display.c +++ b/display.c @@ -55,10 +55,19 @@ /* printf() nonmonetary separator. According to MacOSX's man it's supported there as well */ #define _HF_NONMON_SEP "'" +static char displayBuf[1024 * 1024]; +static void display_start(void) { + memset(displayBuf, '\0', sizeof(displayBuf)); +} + +static void display_stop(void) { + write(logFd(), displayBuf, strlen(displayBuf)); +} + __attribute__((format(printf, 1, 2))) static void display_put(const char* fmt, ...) { va_list args; va_start(args, fmt); - vdprintf(logFd(), fmt, args); + util_vssnprintf(displayBuf, sizeof(displayBuf), fmt, args); va_end(args); } @@ -127,7 +136,34 @@ static void getDuration(time_t elapsed_second, char* buf, size_t bufSz) { snprintf(buf, bufSz, "%u days %02u hrs %02u mins %02u secs", day, hour, min, second); } -static void display_displayLocked(honggfuzz_t* hfuzz) { +void display_createTargetStr(honggfuzz_t* hfuzz) { + if (!hfuzz->exe.cmdline[0]) { + LOG_W("Your fuzzed binary is not specified"); + snprintf(hfuzz->display.cmdline_txt, sizeof(hfuzz->display.cmdline_txt), "[EMPTY]"); + return; + } + + static char tmpstr[1024 * 128] = {0}; + snprintf(tmpstr, sizeof(tmpstr), "%s", hfuzz->exe.cmdline[0]); + for (int i = 1; i < hfuzz->exe.argc; i++) { + util_ssnprintf(tmpstr, sizeof(tmpstr), " %s", hfuzz->exe.cmdline[i]); + } + + size_t len = strlen(tmpstr); + if (len <= (sizeof(hfuzz->display.cmdline_txt) - 1)) { + snprintf(hfuzz->display.cmdline_txt, sizeof(hfuzz->display.cmdline_txt), "%s", tmpstr); + return; + } + + snprintf(hfuzz->display.cmdline_txt, sizeof(hfuzz->display.cmdline_txt), "%.32s.....%s", tmpstr, + &tmpstr[len - 27]); +} + +void display_display(honggfuzz_t* hfuzz) { + if (logIsTTY() == false) { + return; + } + const time_t curr_sec = time(NULL); const time_t elapsed_sec = curr_sec - hfuzz->timing.timeStart; const int64_t curr_time_millis = util_timeNowMillis(); @@ -163,6 +199,8 @@ static void display_displayLocked(honggfuzz_t* hfuzz) { elapsed_millis ? ((curr_exec_cnt - prev_exec_cnt) * 1000) / elapsed_millis : 0; prev_exec_cnt = curr_exec_cnt; + display_start(); + display_put(ESC_NAV(13, 1) ESC_CLEAR_ABOVE ESC_NAV(1, 1)); display_put("------------------------[" ESC_BOLD "%31s " ESC_RESET "]----------------------\n", timeStr); @@ -267,37 +305,9 @@ static void display_displayLocked(honggfuzz_t* hfuzz) { " ] ------------------/ " ESC_BOLD "%s %s " ESC_RESET "/-", PROG_NAME, PROG_VERSION); display_put(ESC_SCROLL_REGION(13, ) ESC_NAV_HORIZ(1) ESC_NAV_DOWN(500)); -} - -void display_createTargetStr(honggfuzz_t* hfuzz) { - if (!hfuzz->exe.cmdline[0]) { - LOG_W("Your fuzzed binary is not specified"); - snprintf(hfuzz->display.cmdline_txt, sizeof(hfuzz->display.cmdline_txt), "[EMPTY]"); - return; - } - - static char tmpstr[1024 * 128] = {0}; - snprintf(tmpstr, sizeof(tmpstr), "%s", hfuzz->exe.cmdline[0]); - for (int i = 1; i < hfuzz->exe.argc; i++) { - util_ssnprintf(tmpstr, sizeof(tmpstr), " %s", hfuzz->exe.cmdline[i]); - } - - size_t len = strlen(tmpstr); - if (len <= (sizeof(hfuzz->display.cmdline_txt) - 1)) { - snprintf(hfuzz->display.cmdline_txt, sizeof(hfuzz->display.cmdline_txt), "%s", tmpstr); - return; - } - snprintf(hfuzz->display.cmdline_txt, sizeof(hfuzz->display.cmdline_txt), "%.32s.....%s", tmpstr, - &tmpstr[len - 27]); -} - -void display_display(honggfuzz_t* hfuzz) { - if (logIsTTY() == false) { - return; - } MX_SCOPED_LOCK(logMutexGet()); - display_displayLocked(hfuzz); + display_stop(); } void display_fini(void) { -- cgit v1.2.3 From dacf6547f15d720216a6dbab8c047586bb9c8a3e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 5 Feb 2020 20:14:06 +0100 Subject: display: check retvar of write() --- display.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/display.c b/display.c index bd06baa3..3e7d2781 100644 --- a/display.c +++ b/display.c @@ -25,6 +25,7 @@ #include "display.h" +#include #include #include #include @@ -61,7 +62,7 @@ static void display_start(void) { } static void display_stop(void) { - write(logFd(), displayBuf, strlen(displayBuf)); + TEMP_FAILURE_RETRY(write(logFd(), displayBuf, strlen(displayBuf))); } __attribute__((format(printf, 1, 2))) static void display_put(const char* fmt, ...) { -- cgit v1.2.3 From bc912c6f459ea01729f6a88b1c63c10101d25333 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 9 Feb 2020 16:13:12 +0100 Subject: Readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b7b8b04d..500c5b30 100644 --- a/README.md +++ b/README.md @@ -153,6 +153,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__shub-fuzz/honggfuzz__: singularity image for honggfuzz](https://github.com/shub-fuzz/honggfuzz) * [__Code Intelligence__: fuzzing-as-a-service](https://www.code-intelligence.com/technology.html) * [__SpecFuzz__: fuzzing for Spectre vulnerabilities](https://github.com/OleksiiOleksenko/SpecFuzz) + * [__rcc__: a Rust C compiler](https://github.com/jyn514/rcc#testing) * [__EIP1962Fuzzing__: Fuzzy testing of various EIP1962 implementations](https://github.com/matter-labs/eip1962_fuzzing) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From bc7ef0fd22913c50f589179266811a4c3ca686bc Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 11 Feb 2020 02:13:18 +0100 Subject: readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 500c5b30..61ba0580 100644 --- a/README.md +++ b/README.md @@ -98,6 +98,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [Memory corruption in __Yabasic__](https://github.com/marcIhm/yabasic/issues/36) * [Memory corruption in __Xfig__](https://sourceforge.net/p/mcj/tickets/67/) * [Memory corruption in __LibreOffice__](https://github.com/LibreOffice/core/commit/0754e581b0d8569dd08cf26f88678754f249face) + * [Memory corruption in __ATasm__](https://sourceforge.net/p/atasm/bugs/8/) * __Rust__: * panic() in regex [#1](https://github.com/rust-lang/regex/issues/464), [#2](https://github.com/rust-lang/regex/issues/465), [#3](https://github.com/rust-lang/regex/issues/465#issuecomment-381412816) * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) -- cgit v1.2.3 From 9eae695162ae220a7df23b8614512f1f7f6f0cf3 Mon Sep 17 00:00:00 2001 From: Mrmaxmeier Date: Mon, 17 Feb 2020 02:41:59 +0100 Subject: don't try to open file descriptors in socket fuzzer mode --- subproc.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/subproc.c b/subproc.c index 48ffd5c0..f202dee7 100644 --- a/subproc.c +++ b/subproc.c @@ -276,14 +276,17 @@ static bool subproc_PrepareExecv(run_t* run) { return false; } - /* The input file to _HF_INPUT_FD */ - if (TEMP_FAILURE_RETRY(dup2(run->dynamicFileFd, _HF_INPUT_FD)) == -1) { - PLOG_E("dup2('%d', _HF_INPUT_FD='%d')", run->dynamicFileFd, _HF_INPUT_FD); - return false; - } - if (lseek(_HF_INPUT_FD, 0, SEEK_SET) == (off_t)-1) { - PLOG_E("lseek(_HF_INPUT_FD=%d, 0, SEEK_SET)", _HF_INPUT_FD); - return false; + /* Do not try to handle input files with socketfuzzer */ + if (!run->global->socketFuzzer.enabled) { + /* The input file to _HF_INPUT_FD */ + if (TEMP_FAILURE_RETRY(dup2(run->dynamicFileFd, _HF_INPUT_FD)) == -1) { + PLOG_E("dup2('%d', _HF_INPUT_FD='%d')", run->dynamicFileFd, _HF_INPUT_FD); + return false; + } + if (lseek(_HF_INPUT_FD, 0, SEEK_SET) == (off_t)-1) { + PLOG_E("lseek(_HF_INPUT_FD=%d, 0, SEEK_SET)", _HF_INPUT_FD); + return false; + } } /* The log FD */ @@ -303,7 +306,8 @@ static bool subproc_PrepareExecv(run_t* run) { PLOG_W("sigprocmask(empty_set)"); } - if (run->global->exe.fuzzStdin && + if (!run->global->socketFuzzer.enabled && + run->global->exe.fuzzStdin && TEMP_FAILURE_RETRY(dup2(run->dynamicFileFd, STDIN_FILENO)) == -1) { PLOG_E("dup2(_HF_INPUT_FD=%d, STDIN_FILENO=%d)", run->dynamicFileFd, STDIN_FILENO); return false; -- cgit v1.2.3 From 85d323ce711124b1ba88cfca2d0249be175a1ba2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 18 Feb 2020 21:29:35 +0100 Subject: Readmer --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 61ba0580..e0e46afd 100644 --- a/README.md +++ b/README.md @@ -156,6 +156,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__SpecFuzz__: fuzzing for Spectre vulnerabilities](https://github.com/OleksiiOleksenko/SpecFuzz) * [__rcc__: a Rust C compiler](https://github.com/jyn514/rcc#testing) * [__EIP1962Fuzzing__: Fuzzy testing of various EIP1962 implementations](https://github.com/matter-labs/eip1962_fuzzing) + * [__wasm-fuzz__: Fuzzing of wasmer](https://github.com/wasmerio/wasm-fuzz/blob/master/honggfuzz.md), [blog post](https://medium.com/wasmer/fuzz-testing-in-webassembly-vms-3a301f982e5a) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From 07cc85f65a71c4426aaa295868df767a5ee0aede Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 22 Feb 2020 00:29:15 +0100 Subject: libhfuzz/persistent: reference LIBHFUZZ_module_memorycmp from libhfuzz/persisent --- libhfuzz/persistent.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c index 38f7d053..c7e55d57 100644 --- a/libhfuzz/persistent.c +++ b/libhfuzz/persistent.c @@ -56,9 +56,11 @@ void HF_ITER(const uint8_t** buf_ptr, size_t* len_ptr) { HonggfuzzFetchData(buf_ptr, len_ptr); } +extern const char* const LIBHFUZZ_module_memorycmp; static void HonggfuzzRunOneInput(const uint8_t* buf, size_t len) { int ret = LLVMFuzzerTestOneInput(buf, len); if (ret != 0) { + LOG_D("Dereferenced: %s", LIBHFUZZ_module_memorycmp); LOG_F("LLVMFuzzerTestOneInput() returned '%d' instead of '0'", ret); } } -- cgit v1.2.3 From 8c17d6de1a0a70cbe280a7fd2cbe855a481dad65 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 22 Feb 2020 01:24:48 +0100 Subject: libhfuzz/memcmp: intercept several memory comparison functions, which are already intercepted by *san --- libhfuzz/memorycmp.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 4a42ed95..9cfcaf88 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -145,34 +145,74 @@ static inline char* HF_strcpy(char* dest, const char* src, uintptr_t addr) { HF_WEAK_WRAP(int, strcmp, const char* s1, const char* s2) { return HF_strcmp(s1, s2, RET_CALL_CHAIN); } +void __sanitizer_weak_hook_strcmp( + uintptr_t pc, const char* s1, const char* s2, int result HF_ATTR_UNUSED) { + HF_strcmp(s1, s2, pc); +} HF_WEAK_WRAP(int, strcasecmp, const char* s1, const char* s2) { return HF_strcasecmp(s1, s2, RET_CALL_CHAIN); } +void __sanitizer_weak_hook_strcasecmp( + uintptr_t pc, const char* s1, const char* s2, int result HF_ATTR_UNUSED) { + HF_strcasecmp(s1, s2, pc); +} HF_WEAK_WRAP(int, strncmp, const char* s1, const char* s2, size_t n) { return HF_strncmp(s1, s2, n, RET_CALL_CHAIN); } +void __sanitizer_weak_hook_strncmp( + uintptr_t pc, const char* s1, const char* s2, size_t n, int result HF_ATTR_UNUSED) { + HF_strncmp(s1, s2, n, pc); +} HF_WEAK_WRAP(int, strncasecmp, const char* s1, const char* s2, size_t n) { return HF_strncasecmp(s1, s2, n, RET_CALL_CHAIN); } +void __sanitizer_weak_hook_strncasecmp( + uintptr_t pc, const char* s1, const char* s2, size_t n, int result HF_ATTR_UNUSED) { + HF_strncasecmp(s1, s2, n, pc); +} HF_WEAK_WRAP(char*, strstr, const char* haystack, const char* needle) { return HF_strstr(haystack, needle, RET_CALL_CHAIN); } +void __sanitizer_weak_hook_strstr( + uintptr_t pc, const char* haystack, const char* needle, char* result HF_ATTR_UNUSED) { + HF_strstr(haystack, needle, pc); +} HF_WEAK_WRAP(char*, strcasestr, const char* haystack, const char* needle) { return HF_strcasestr(haystack, needle, RET_CALL_CHAIN); } +void __sanitizer_weak_hook_strcasestr( + uintptr_t pc, const char* haystack, const char* needle, char* result HF_ATTR_UNUSED) { + HF_strcasestr(haystack, needle, pc); +} HF_WEAK_WRAP(int, memcmp, const void* m1, const void* m2, size_t n) { return HF_memcmp(m1, m2, n, RET_CALL_CHAIN); } +void __sanitizer_weak_hook_memcmp( + uintptr_t pc, const void* m1, const void* m2, size_t n, int result HF_ATTR_UNUSED) { + HF_memcmp(m1, m2, n, pc); +} HF_WEAK_WRAP(int, bcmp, const void* m1, const void* m2, size_t n) { return HF_memcmp(m1, m2, n, RET_CALL_CHAIN); } +void __sanitizer_weak_hook_bcmp( + uintptr_t pc, const void* m1, const void* m2, size_t n, int result HF_ATTR_UNUSED) { + HF_memcmp(m1, m2, n, pc); +} HF_WEAK_WRAP( void*, memmem, const void* haystack, size_t haystacklen, const void* needle, size_t needlelen) { return HF_memmem(haystack, haystacklen, needle, needlelen, RET_CALL_CHAIN); } +void __sanitizer_weak_hook_memmem(uintptr_t pc, const void* haystack, size_t haystacklen, + const void* needle, size_t needlelen, void* result HF_ATTR_UNUSED) { + HF_memmem(haystack, haystacklen, needle, needlelen, pc); +} HF_WEAK_WRAP(char*, strcpy, char* dest, const char* src) { return HF_strcpy(dest, src, RET_CALL_CHAIN); } +void __sanitizer_weak_hook_strcpy( + uintptr_t pc, char* dest, const char* src, char* result HF_ATTR_UNUSED) { + HF_strcpy(dest, src, pc); +} /* * Apache's httpd wrappers -- cgit v1.2.3 From d92d4836218716cb0536b45ce13870b33bba8ecf Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 22 Feb 2020 03:03:57 +0100 Subject: display: use unbuffered write for console steering --- display.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/display.c b/display.c index 3e7d2781..26197112 100644 --- a/display.c +++ b/display.c @@ -72,6 +72,10 @@ __attribute__((format(printf, 1, 2))) static void display_put(const char* fmt, . va_end(args); } +static void display_imm(const char* str) { + TEMP_FAILURE_RETRY(write(logFd(), str, strlen(str))); +} + static void display_printKMG(uint64_t val) { if (val >= 1000000000000ULL) { display_put(" [%.02LfT]", (long double)val / 1000000000.0L); @@ -312,12 +316,13 @@ void display_display(honggfuzz_t* hfuzz) { } void display_fini(void) { - display_put(ESC_SCROLL_RESET ESC_NAV_DOWN(500)); + display_imm(ESC_SCROLL_RESET ESC_NAV_DOWN(500)); + abort(); } void display_clear(void) { - display_put(ESC_CLEAR_ALL); - display_put(ESC_NAV_DOWN(500)); + display_imm(ESC_CLEAR_ALL); + display_imm(ESC_NAV_DOWN(500)); } void display_init(void) { -- cgit v1.2.3 From c71fc1b4458413bd8948bcd0dd1569ff34fc8620 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 22 Feb 2020 15:24:31 +0100 Subject: make indent --- subproc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/subproc.c b/subproc.c index f202dee7..2e3f0ac0 100644 --- a/subproc.c +++ b/subproc.c @@ -306,8 +306,7 @@ static bool subproc_PrepareExecv(run_t* run) { PLOG_W("sigprocmask(empty_set)"); } - if (!run->global->socketFuzzer.enabled && - run->global->exe.fuzzStdin && + if (!run->global->socketFuzzer.enabled && run->global->exe.fuzzStdin && TEMP_FAILURE_RETRY(dup2(run->dynamicFileFd, STDIN_FILENO)) == -1) { PLOG_E("dup2(_HF_INPUT_FD=%d, STDIN_FILENO=%d)", run->dynamicFileFd, STDIN_FILENO); return false; -- cgit v1.2.3 From 64af525d2f51eaeefb58f17b43b2a0d9a75f6bcb Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 23 Feb 2020 01:36:24 +0100 Subject: examples/bind: patch for 9.16.0 --- examples/bind/bind-9.16.0.patch | 342 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 342 insertions(+) create mode 100644 examples/bind/bind-9.16.0.patch diff --git a/examples/bind/bind-9.16.0.patch b/examples/bind/bind-9.16.0.patch new file mode 100644 index 00000000..2ddad066 --- /dev/null +++ b/examples/bind/bind-9.16.0.patch @@ -0,0 +1,342 @@ +diff -Nur ORIG.bind-9.16.0/bin/named/fuzz.c bind-9.16.0/bin/named/fuzz.c +--- ORIG.bind-9.16.0/bin/named/fuzz.c 2020-02-12 21:03:44.000000000 +0100 ++++ bind-9.16.0/bin/named/fuzz.c 2020-02-23 01:30:24.786425215 +0100 +@@ -724,7 +724,7 @@ + void + named_fuzz_notify(void) + { +-#ifdef ENABLE_AFL ++#if 0 + if (getenv("AFL_CMIN")) { + named_server_flushonshutdown(named_g_server, false); + isc_app_shutdown(); +@@ -745,7 +745,7 @@ + void + named_fuzz_setup(void) + { +-#ifdef ENABLE_AFL ++#if 0 + if (getenv("__AFL_PERSISTENT") || getenv("AFL_CMIN")) { + pthread_t thread; + void *(fn) = NULL; +diff -Nur ORIG.bind-9.16.0/bin/named/main.c bind-9.16.0/bin/named/main.c +--- ORIG.bind-9.16.0/bin/named/main.c 2020-02-12 21:03:44.000000000 +0100 ++++ bind-9.16.0/bin/named/main.c 2020-02-23 01:30:20.720359839 +0100 +@@ -1431,9 +1431,258 @@ + + /* main entry point, possibly hooked */ + +-int +-main(int argc, char *argv[]) +-{ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static void enter_namespaces(void) { ++ if (linuxEnterNs(CLONE_NEWUSER | CLONE_NEWNET | CLONE_NEWNS | CLONE_NEWIPC) == false) { ++ exit(1); ++ } ++ if (linuxIfaceUp("lo") == false) { ++ exit(1); ++ } ++ if (linuxMountTmpfs("/tmp", "size=10000000") == false) { ++ exit(1); ++ } ++} ++ ++static size_t rlen = 0; ++static const uint8_t *rbuf = NULL; ++ ++__attribute__((no_sanitize("memory"))) __attribute__((no_sanitize("address"))) static void * ++bind_thr(void *unused __attribute__((unused))) { ++ while (!named_g_run_done) { ++ usleep(300000); ++ } ++ ++ if (named_g_fuzz_type != isc_fuzz_resolver) { ++ for (;;) { ++ pause(); ++ } ++ } ++ ++ int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); ++ if (myfd == -1) { ++ perror("socket"); ++ exit(1); ++ } ++ int val = 1; ++ if (setsockopt(myfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) { ++ perror("setsockopt(SO_REUSEADDR)"); ++ } ++ ++ const struct sockaddr_in saddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(5353), ++ .sin_addr.s_addr = inet_addr("127.0.0.2"), ++ }; ++ if (bind(myfd, &saddr, sizeof(saddr)) == -1) { ++ perror("bind"); ++ exit(1); ++ } ++ ++ if (listen(myfd, SOMAXCONN) == -1) { ++ perror("listen"); ++ exit(1); ++ } ++ ++ for (;;) { ++ struct sockaddr_in cli; ++ socklen_t cli_len = sizeof(cli); ++ ++ int nfd = TEMP_FAILURE_RETRY(accept(myfd, &cli, &cli_len)); ++ if (nfd == -1) { ++ perror("accept"); ++ exit(1); ++ } ++ ++ static char b[1024 * 1024]; ++ ssize_t sz = TEMP_FAILURE_RETRY(recv(nfd, b, sizeof(b), 0)); ++ if (sz == -1) { ++ perror("recv"); ++ _exit(1); ++ } ++ if (sz < 4) { ++ close(nfd); ++ continue; ++ } ++ ++ HF_ITER(&rbuf, &rlen); ++ ++ uint16_t t_l = htons(rlen + 2); ++ const struct iovec iov[] = { ++ { ++ .iov_base = &t_l, ++ .iov_len = sizeof(t_l), ++ }, ++ { ++ .iov_base = &b[2], ++ .iov_len = 2, ++ }, ++ { ++ .iov_base = rbuf, ++ .iov_len = rlen, ++ }, ++ }; ++ ++ if (TEMP_FAILURE_RETRY(writev(nfd, iov, 3)) == -1) { ++ perror("writev() failed 1"); ++ } ++ ++ close(nfd); ++ } ++ ++ return NULL; ++} ++ ++static void rndloop(int sock) { ++ const struct sockaddr_in bsaddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(0), ++ .sin_addr.s_addr = htonl((((uint32_t)util_rnd64()) & 0x00FFFFFF) | 0x7F000000), ++ }; ++ if (TEMP_FAILURE_RETRY(bind(sock, (const struct sockaddr *)&bsaddr, sizeof(bsaddr))) == ++ -1) { ++ perror("bind"); ++ } ++} ++ ++__attribute__((no_sanitize("memory"))) __attribute__((no_sanitize("address"))) static void * ++connect_thr(void *unused __attribute__((unused))) { ++ while (!named_g_run_done) { ++ usleep(300000); ++ } ++ ++ for (;;) { ++ int myfd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP); ++ if (myfd == -1) { ++ perror("socket"); ++ exit(1); ++ } ++ int val = 1; ++ if (setsockopt(myfd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) { ++ perror("setsockopt(SO_REUSEADDR)"); ++ } ++ ++ rndloop(myfd); ++ ++ const struct sockaddr_in saddr = { ++ .sin_family = AF_INET, ++ .sin_port = htons(53), ++ .sin_addr.s_addr = htonl(INADDR_LOOPBACK), ++ }; ++ if (TEMP_FAILURE_RETRY(connect(myfd, &saddr, sizeof(saddr))) == -1) { ++ close(myfd); ++ continue; ++ } ++ ++ const uint8_t *buf; ++ size_t len; ++ ++ if (named_g_fuzz_type == isc_fuzz_client) { ++ HF_ITER(&buf, &len); ++ } else { ++ static uint8_t qbuf[] = {0x88, 0x0c, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, ++ 0x00, 0x00, 0x00, 0x01, 0x0a, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, 0x61, ++ 0x61, 0x61, 0x61, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x00, ++ 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x29, 0x10, 0x00, 0x00, 0x00, 0x80, ++ 0x00, 0x00, 0x00}; ++ ++ /* Randomize the query */ ++ uint64_t rnd; ++ getrandom(&rnd, sizeof(rnd), 0); ++ char tstr[32]; ++ snprintf(tstr, sizeof(tstr), "%09llx", rnd); ++ memcpy(&qbuf[14], tstr, 9); ++ ++ buf = qbuf; ++ len = sizeof(qbuf); ++ } ++ ++ uint16_t t_l = htons(len); ++ const struct iovec iov[] = { ++ { ++ .iov_base = &t_l, ++ .iov_len = sizeof(t_l), ++ }, ++ { ++ .iov_base = (void *)buf, ++ .iov_len = len, ++ }, ++ }; ++ ++ if (TEMP_FAILURE_RETRY(writev(myfd, iov, 2)) == -1) { ++ perror("write"); ++ close(myfd); ++ continue; ++ } ++ ++ if (shutdown(myfd, SHUT_WR) == -1) { ++ if (errno == ENOTCONN) { ++ close(myfd); ++ continue; ++ } ++ perror("shutdown"); ++ _exit(1); ++ } ++ ++ uint8_t b[1024 * 512]; ++ while (TEMP_FAILURE_RETRY(recv(myfd, b, sizeof(b), 0)) > 0) ++ ; ++ close(myfd); ++ } ++} ++ ++static void launch_thr(void) { ++ pthread_attr_t attr; ++ pthread_attr_init(&attr); ++ pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); ++ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); ++ ++ pthread_t t; ++ if (pthread_create(&t, &attr, bind_thr, NULL) < 0) { ++ perror("pthread_create(bind_thr)"); ++ exit(1); ++ } ++ ++ pthread_attr_init(&attr); ++ pthread_attr_setstacksize(&attr, 1024 * 1024 * 4); ++ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); ++ if (pthread_create(&t, &attr, connect_thr, NULL) < 0) { ++ perror("pthread_create(connect_thr)"); ++ exit(1); ++ } ++} ++ ++/* main entry point, possibly hooked */ ++ ++int main(int argc, char *argv[]) { ++ if (!getenv("NO_FUZZ")) { ++ named_g_fuzz_addr = "127.0.0.1:53"; ++ named_g_fuzz_type = isc_fuzz_client; ++ enter_namespaces(); ++ launch_thr(); ++ } ++ + isc_result_t result; + #ifdef HAVE_LIBSCF + char *instance = NULL; +diff -Nur ORIG.bind-9.16.0/compile.sh bind-9.16.0/compile.sh +--- ORIG.bind-9.16.0/compile.sh 1970-01-01 01:00:00.000000000 +0100 ++++ bind-9.16.0/compile.sh 2020-02-23 01:30:08.528163810 +0100 +@@ -0,0 +1,19 @@ ++#!/bin/sh ++ ++set -ex ++ ++export CC="$HOME"/src/honggfuzz/hfuzz_cc/hfuzz-clang ++export CXX="$HOME"/src/honggfuzz/hfuzz_cc/hfuzz-clang++ ++export CFLAGS="-fsanitize=address -Wno-shift-negative-value -Wno-logical-not-parentheses -g -ggdb -O3 -D__AFL_COMPILER" ++./configure \ ++ --prefix="$HOME"/fuzz/bind/dist/ \ ++ --without-gssapi \ ++ --disable-chroot \ ++ --disable-linux-caps \ ++ --without-libtool \ ++ --enable-fuzzing=afl \ ++ --disable-backtrace \ ++ --with-openssl=yes ++ ++make clean ++make -j$(nproc) +diff -Nur ORIG.bind-9.16.0/lib/dns/request.c bind-9.16.0/lib/dns/request.c +--- ORIG.bind-9.16.0/lib/dns/request.c 2020-02-12 21:03:44.000000000 +0100 ++++ bind-9.16.0/lib/dns/request.c 2020-02-23 01:30:47.162785069 +0100 +@@ -751,7 +751,7 @@ + goto cleanup; + } + +- if ((options & DNS_REQUESTOPT_TCP) != 0 || r.length > 512) ++ if ((options & DNS_REQUESTOPT_TCP) != 0 || r.length >= 0) + tcp = true; + share = (options & DNS_REQUESTOPT_SHARE); + +@@ -1025,6 +1025,8 @@ + dns_compress_t cctx; + bool cleanup_cctx = false; + ++ options |= DNS_REQUESTOPT_TCP; ++ + REQUIRE(bufferp != NULL && *bufferp == NULL); + + req_log(ISC_LOG_DEBUG(3), "request_render"); +diff -Nur ORIG.bind-9.16.0/lib/dns/resolver.c bind-9.16.0/lib/dns/resolver.c +--- ORIG.bind-9.16.0/lib/dns/resolver.c 2020-02-12 21:03:44.000000000 +0100 ++++ bind-9.16.0/lib/dns/resolver.c 2020-02-23 01:30:54.164897676 +0100 +@@ -1979,7 +1979,7 @@ + + query = isc_mem_get(fctx->mctx, sizeof(*query)); + query->mctx = fctx->mctx; +- query->options = options; ++ query->options = options | DNS_FETCHOPT_TCP; + query->attributes = 0; + query->sends = 0; + query->connects = 0; -- cgit v1.2.3 From 93d72b17067997a949f2b283140055003e772bf3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 23 Feb 2020 01:42:55 +0100 Subject: cmdline/subproc: allow to set RLIMIT_STACK --- cmdline.c | 13 +++++++++---- honggfuzz.h | 1 + subproc.c | 11 +++++++++++ 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/cmdline.c b/cmdline.c index d95a9c13..a79caf8a 100644 --- a/cmdline.c +++ b/cmdline.c @@ -308,6 +308,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .asLimit = 0U, .rssLimit = 0U, .dataLimit = 0U, + .stackLimit = 0U, .clearEnv = false, .env_ptrs = {}, .env_vals = {}, @@ -448,14 +449,15 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "dict", required_argument, NULL, 'w' }, "Dictionary file. Format:http://llvm.org/docs/LibFuzzer.html#dictionaries" }, { { "stackhash_bl", required_argument, NULL, 'B' }, "Stackhashes blacklist file (one entry per line)" }, { { "mutate_cmd", required_argument, NULL, 'c' }, "External command producing fuzz files (instead of internal mutators)" }, - { { "pprocess_cmd", required_argument, NULL, 0x104 }, "External command postprocessing files produced by internal mutators" }, + { { "pprocess_cmd", required_argument, NULL, 0x111 }, "External command postprocessing files produced by internal mutators" }, { { "ffmutate_cmd", required_argument, NULL, 0x110 }, "External command mutating files which have effective coverage feedback" }, { { "run_time", required_argument, NULL, 0x109 }, "Number of seconds this fuzzing session will last (default: 0 [no limit])" }, { { "iterations", required_argument, NULL, 'N' }, "Number of fuzzing iterations (default: 0 [no limit])" }, - { { "rlimit_as", required_argument, NULL, 0x100 }, "Per process RLIMIT_AS in MiB (default: 0 [no limit])" }, - { { "rlimit_rss", required_argument, NULL, 0x101 }, "Per process RLIMIT_RSS in MiB (default: 0 [no limit]). It will also set *SAN's soft_rss_limit_mb if used" }, - { { "rlimit_data", required_argument, NULL, 0x102 }, "Per process RLIMIT_DATA in MiB (default: 0 [no limit])" }, + { { "rlimit_as", required_argument, NULL, 0x100 }, "Per process RLIMIT_AS in MiB (default: 0 [default limit])" }, + { { "rlimit_rss", required_argument, NULL, 0x101 }, "Per process RLIMIT_RSS in MiB (default: 0 [default limit]). It will also set *SAN's soft_rss_limit_mb" }, + { { "rlimit_data", required_argument, NULL, 0x102 }, "Per process RLIMIT_DATA in MiB (default: 0 [default limit])" }, { { "rlimit_core", required_argument, NULL, 0x103 }, "Per process RLIMIT_CORE in MiB (default: 0 [no cores are produced])" }, + { { "rlimit_stack", required_argument, NULL, 0x104 }, "Per process RLIMIT_STACK in MiB (default: 0 [default limit])" }, { { "report", required_argument, NULL, 'R' }, "Write report to this file (default: '/" _HF_REPORT_FILE "')" }, { { "max_file_size", required_argument, NULL, 'F' }, "Maximal size of files processed by the fuzzer in bytes (default: 134217728 = 128MB)" }, { { "clear_env", no_argument, NULL, 0x108 }, "Clear all environment variables before executing the binary" }, @@ -637,6 +639,9 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { hfuzz->exe.coreLimit = strtoull(optarg, NULL, 0); break; case 0x104: + hfuzz->exe.stackLimit = strtoull(optarg, NULL, 0); + break; + case 0x111: hfuzz->exe.postExternalCommand = optarg; break; case 0x110: diff --git a/honggfuzz.h b/honggfuzz.h index 5266d7c1..748dab75 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -224,6 +224,7 @@ typedef struct { uint64_t rssLimit; uint64_t dataLimit; uint64_t coreLimit; + uint64_t stackLimit; bool clearEnv; char* env_ptrs[128]; char env_vals[128][4096]; diff --git a/subproc.c b/subproc.c index 2e3f0ac0..238e1ac4 100644 --- a/subproc.c +++ b/subproc.c @@ -248,6 +248,17 @@ static bool subproc_PrepareExecv(run_t* run) { PLOG_W("Couldn't enforce the RLIMIT_CORE resource limit, ignoring"); } #endif /* ifdef RLIMIT_CORE */ +#ifdef RLIMIT_STACK + if (run->global->exe.stackLimit) { + const struct rlimit rl = { + .rlim_cur = run->global->exe.stackLimit * 1024ULL * 1024ULL, + .rlim_max = run->global->exe.stackLimit * 1024ULL * 1024ULL, + }; + if (setrlimit(RLIMIT_STACK, &rl) == -1) { + PLOG_W("Couldn't enforce the RLIMIT_STACK resource limit, ignoring"); + } + } +#endif /* ifdef RLIMIT_STACK */ if (run->global->exe.clearEnv) { environ = NULL; -- cgit v1.2.3 From 2c666ab9118c2f0307387bb02af3927d187b0258 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 23 Feb 2020 08:14:58 +0100 Subject: subproc/libhfuzz: logging + putting non-socketfuzzer procedures in one place --- libhfuzz/instrument.c | 4 ++-- subproc.c | 11 +++++------ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 70de9c02..eddbd290 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -69,8 +69,8 @@ static void initializeInstrument(void) { } if (st.st_size != sizeof(feedback_t)) { LOG_F( - "size of the feedback structure mismatch: st.size != sizeof(feedback_t) (%zu != %zu). " - "Link your fuzzed binaries with the newest honggfuzz sources via hfuzz-clang(++)", + "Size of the feedback structure mismatch: st.size != sizeof(feedback_t) (%zu != %zu). " + "Link your fuzzed binaries with the newest honggfuzz and hfuzz-clang(++)", (size_t)st.st_size, sizeof(feedback_t)); } int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); diff --git a/subproc.c b/subproc.c index 238e1ac4..e9f3bd23 100644 --- a/subproc.c +++ b/subproc.c @@ -298,6 +298,11 @@ static bool subproc_PrepareExecv(run_t* run) { PLOG_E("lseek(_HF_INPUT_FD=%d, 0, SEEK_SET)", _HF_INPUT_FD); return false; } + if (run->global->exe.fuzzStdin && + TEMP_FAILURE_RETRY(dup2(run->dynamicFileFd, STDIN_FILENO)) == -1) { + PLOG_E("dup2(_HF_INPUT_FD=%d, STDIN_FILENO=%d)", run->dynamicFileFd, STDIN_FILENO); + return false; + } } /* The log FD */ @@ -317,12 +322,6 @@ static bool subproc_PrepareExecv(run_t* run) { PLOG_W("sigprocmask(empty_set)"); } - if (!run->global->socketFuzzer.enabled && run->global->exe.fuzzStdin && - TEMP_FAILURE_RETRY(dup2(run->dynamicFileFd, STDIN_FILENO)) == -1) { - PLOG_E("dup2(_HF_INPUT_FD=%d, STDIN_FILENO=%d)", run->dynamicFileFd, STDIN_FILENO); - return false; - } - subproc_prepareExecvArgs(run); return true; } -- cgit v1.2.3 From 4a6d8968c9d1ef5f5180c5b31399995ed0df3b78 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 23 Feb 2020 09:28:21 +0100 Subject: display: remove unnecessary abort() --- display.c | 1 - 1 file changed, 1 deletion(-) diff --git a/display.c b/display.c index 26197112..38c6c86e 100644 --- a/display.c +++ b/display.c @@ -317,7 +317,6 @@ void display_display(honggfuzz_t* hfuzz) { void display_fini(void) { display_imm(ESC_SCROLL_RESET ESC_NAV_DOWN(500)); - abort(); } void display_clear(void) { -- cgit v1.2.3 From 067f5d9a2d9d6a8f83d0d950e563d73d7a43a102 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 25 Feb 2020 08:36:58 +0100 Subject: sanitizers: use PID instead of TID for reports --- sanitizers.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/sanitizers.c b/sanitizers.c index 3ef16a8a..78d8fafc 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -99,10 +99,40 @@ bool sanitizers_Init(honggfuzz_t* hfuzz) { return true; } +/* Get numeric value of the /proc//status "Tgid: " field */ +static pid_t sanitizers_PidForTid(pid_t pid) { + char status_path[PATH_MAX]; + snprintf(status_path, sizeof(status_path), "/proc/%d/status", (int)pid); + FILE* f = fopen(status_path, "rb"); + if (!f) { + return pid; + } + defer { + fclose(f); + }; + char* lineptr = NULL; + size_t n = 0; + defer { + free(lineptr); + }; + + while (getline(&lineptr, &n, f) > 0) { + int retpid; + if (sscanf(lineptr, "Tgid:%d", &retpid) == 1) { + LOG_D("Tid %d has Pid %d", (int)pid, retpid); + return (pid_t)retpid; + } + } + return pid; +} + size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* pc, uint64_t* crashAddr, char description[HF_STR_LEN]) { char crashReport[PATH_MAX]; const char* crashReportCpy = crashReport; + + /* Under Linux the crash is seen in TID, but the sanitizer report is created for PID */ + pid = sanitizers_PidForTid(pid); snprintf( crashReport, sizeof(crashReport), "%s/%s.%d", run->global->io.workDir, kLOGPREFIX, pid); -- cgit v1.2.3 From 3e12a7be9fb87b1e39041fc75884088e377dc7ec Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 25 Feb 2020 22:49:01 +0100 Subject: hfuzz-cc: comments --- hfuzz_cc/hfuzz-cc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index dddb40b5..a15af694 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -23,7 +23,7 @@ static bool isCXX = false; static bool isGCC = false; -/* Embed libhfuzz.a inside this binary */ +/* Embed libhf/.a inside this binary */ __asm__("\n" " .global lhfuzz_start\n" " .global lhfuzz_end\n" @@ -158,7 +158,7 @@ static int execCC(int argc, char** argv) { } } else { if (isCXX) { - /* Try the default one, then newest ones (hopefully) first */ + /* Try the default one, then the newest ones (hopefully) in order */ hf_execvp("clang++", argv); hf_execvp("clang++-devel", argv); hf_execvp("clang++-10.0", argv); @@ -175,7 +175,7 @@ static int execCC(int argc, char** argv) { hf_execvp("clang++-5", argv); hf_execvp("clang", argv); } else { - /* Try the default one, then newest ones (hopefully) first */ + /* Try the default one, then the newest ones (hopefully) in order */ hf_execvp("clang", argv); hf_execvp("clang-devel", argv); hf_execvp("clang-10.0", argv); -- cgit v1.2.3 From 995db884421b5f5db9e96a99a19d85780730afcf Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 26 Feb 2020 17:32:18 +0100 Subject: introduce concept of cmpfeedback map which will be used to report back to the fuzzer const strings and integer values used in fuzzed processes --- cmdline.c | 8 +-- display.c | 2 +- fuzz.c | 40 +++++++------- honggfuzz.c | 18 +++++-- honggfuzz.h | 32 +++++++++-- libhfuzz/instrument.c | 147 ++++++++++++++++++++++++++++++-------------------- linux/perf.c | 2 +- linux/pt.c | 2 +- subproc.c | 13 +++-- 9 files changed, 168 insertions(+), 96 deletions(-) diff --git a/cmdline.c b/cmdline.c index a79caf8a..e558e129 100644 --- a/cmdline.c +++ b/cmdline.c @@ -354,9 +354,11 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { }, .feedback = { - .feedbackMap = NULL, - .feedback_mutex = PTHREAD_MUTEX_INITIALIZER, - .bbFd = -1, + .covFeedbackMap = NULL, + .covFeedbackFd = -1, + .covFeedback_mutex = PTHREAD_MUTEX_INITIALIZER, + .cmpFeedbackMap = NULL, + .cmpFeedbackFd = -1, .blacklistFile = NULL, .blacklist = NULL, .blacklistCnt = 0, diff --git a/display.c b/display.c index 38c6c86e..f86c0ecc 100644 --- a/display.c +++ b/display.c @@ -298,7 +298,7 @@ void display_display(honggfuzz_t* hfuzz) { uint64_t softCntPc = ATOMIC_GET(hfuzz->linux.hwCnts.softCntPc); uint64_t softCntEdge = ATOMIC_GET(hfuzz->linux.hwCnts.softCntEdge); uint64_t softCntCmp = ATOMIC_GET(hfuzz->linux.hwCnts.softCntCmp); - uint64_t guardNb = ATOMIC_GET(hfuzz->feedback.feedbackMap->guardNb); + uint64_t guardNb = ATOMIC_GET(hfuzz->feedback.covFeedbackMap->guardNb); display_put(" edge: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET "/" "%" _HF_NONMON_SEP PRIu64 " [%" PRId64 "%%]", softCntEdge, guardNb, guardNb ? ((softCntEdge * 100) / guardNb) : 0); diff --git a/fuzz.c b/fuzz.c index 00a6cfe6..003aaa21 100644 --- a/fuzz.c +++ b/fuzz.c @@ -136,11 +136,12 @@ static void fuzz_setDynamicMainState(run_t* run) { } static void fuzz_perfFeedbackForMinimization(run_t* run) { - uint64_t softCntPc = ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo]); + uint64_t softCntPc = + ATOMIC_GET(run->global->feedback.covFeedbackMap->pidFeedbackPc[run->fuzzNo]); uint64_t softCntEdge = - ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo]); + ATOMIC_GET(run->global->feedback.covFeedbackMap->pidFeedbackEdge[run->fuzzNo]); uint64_t softCntCmp = - ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo]); + ATOMIC_GET(run->global->feedback.covFeedbackMap->pidFeedbackCmp[run->fuzzNo]); uint64_t cpuInstr = run->linux.hwCnts.cpuInstrCnt; uint64_t cpuBranch = run->linux.hwCnts.cpuBranchCnt; @@ -157,17 +158,17 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { input_addDynamicInput( run->global, run->dynamicFile, run->dynamicFileSz, cov, run->origFileName); - ATOMIC_SET(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo], 0); - memset(run->global->feedback.feedbackMap->bbMapPc, '\0', - sizeof(run->global->feedback.feedbackMap->bbMapPc)); + ATOMIC_SET(run->global->feedback.covFeedbackMap->pidFeedbackPc[run->fuzzNo], 0); + memset(run->global->feedback.covFeedbackMap->bbMapPc, '\0', + sizeof(run->global->feedback.covFeedbackMap->bbMapPc)); - ATOMIC_SET(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo], 0); - memset(run->global->feedback.feedbackMap->pcGuardMap, '\0', - sizeof(run->global->feedback.feedbackMap->pcGuardMap)); + ATOMIC_SET(run->global->feedback.covFeedbackMap->pidFeedbackEdge[run->fuzzNo], 0); + memset(run->global->feedback.covFeedbackMap->pcGuardMap, '\0', + sizeof(run->global->feedback.covFeedbackMap->pcGuardMap)); - ATOMIC_SET(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo], 0); - memset(run->global->feedback.feedbackMap->bbMapCmp, '\0', - sizeof(run->global->feedback.feedbackMap->bbMapCmp)); + ATOMIC_SET(run->global->feedback.covFeedbackMap->pidFeedbackCmp[run->fuzzNo], 0); + memset(run->global->feedback.covFeedbackMap->bbMapCmp, '\0', + sizeof(run->global->feedback.covFeedbackMap->bbMapCmp)); memset(&run->global->linux.hwCnts, '\0', sizeof(run->global->linux.hwCnts)); } @@ -177,7 +178,7 @@ static void fuzz_perfFeedback(run_t* run) { return; } - MX_SCOPED_LOCK(&run->global->feedback.feedback_mutex); + MX_SCOPED_LOCK(&run->global->feedback.covFeedback_mutex); defer { wmb(); }; @@ -187,14 +188,15 @@ static void fuzz_perfFeedback(run_t* run) { return; } - uint64_t softCntPc = ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo]); - ATOMIC_CLEAR(run->global->feedback.feedbackMap->pidFeedbackPc[run->fuzzNo]); + uint64_t softCntPc = + ATOMIC_GET(run->global->feedback.covFeedbackMap->pidFeedbackPc[run->fuzzNo]); + ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidFeedbackPc[run->fuzzNo]); uint64_t softCntEdge = - ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo]); - ATOMIC_CLEAR(run->global->feedback.feedbackMap->pidFeedbackEdge[run->fuzzNo]); + ATOMIC_GET(run->global->feedback.covFeedbackMap->pidFeedbackEdge[run->fuzzNo]); + ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidFeedbackEdge[run->fuzzNo]); uint64_t softCntCmp = - ATOMIC_GET(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo]); - ATOMIC_CLEAR(run->global->feedback.feedbackMap->pidFeedbackCmp[run->fuzzNo]); + ATOMIC_GET(run->global->feedback.covFeedbackMap->pidFeedbackCmp[run->fuzzNo]); + ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidFeedbackCmp[run->fuzzNo]); int64_t diff0 = run->global->linux.hwCnts.cpuInstrCnt - run->linux.hwCnts.cpuInstrCnt; int64_t diff1 = run->global->linux.hwCnts.cpuBranchCnt - run->linux.hwCnts.cpuBranchCnt; diff --git a/honggfuzz.c b/honggfuzz.c index 30e2e7ad..e7956a7b 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -192,7 +192,7 @@ static void printSummary(honggfuzz_t* hfuzz) { if (elapsed_sec) { exec_per_sec = hfuzz->cnts.mutationsCnt / elapsed_sec; } - uint64_t guardNb = ATOMIC_GET(hfuzz->feedback.feedbackMap->guardNb); + uint64_t guardNb = ATOMIC_GET(hfuzz->feedback.covFeedbackMap->guardNb); uint64_t branch_percent_cov = guardNb ? ((100 * ATOMIC_GET(hfuzz->linux.hwCnts.softCntEdge)) / guardNb) : 0; struct rusage usage; @@ -211,7 +211,7 @@ static void printSummary(honggfuzz_t* hfuzz) { "peak_rss_mb:%lu", hfuzz->cnts.mutationsCnt, elapsed_sec, exec_per_sec, hfuzz->cnts.crashesCnt, hfuzz->cnts.timeoutedCnt, hfuzz->io.newUnitsAdded, - hfuzz->timing.timeOfLongestUnitInMilliseconds, hfuzz->feedback.feedbackMap->guardNb, + hfuzz->timing.timeOfLongestUnitInMilliseconds, hfuzz->feedback.covFeedbackMap->guardNb, branch_percent_cov, usage.ru_maxrss); } @@ -359,9 +359,17 @@ int main(int argc, char** argv) { LOG_F("Couldn't parse symbols whitelist file ('%s')", hfuzzl.symsWlFile); } - if (!(hfuzz.feedback.feedbackMap = files_mapSharedMem(sizeof(feedback_t), &hfuzz.feedback.bbFd, - "hfuzz-feedback", /* nocore= */ true, /* export= */ hfuzz.io.exportFeedback))) { - LOG_F("files_mapSharedMem(sz=%zu, dir='%s') failed", sizeof(feedback_t), hfuzz.io.workDir); + if (!(hfuzz.feedback.covFeedbackMap = + files_mapSharedMem(sizeof(feedback_t), &hfuzz.feedback.covFeedbackFd, + "hf-covfeedback", /* nocore= */ true, /* export= */ hfuzz.io.exportFeedback))) { + LOG_F("files_mapSharedMem(name='hf-covfeddback', sz=%zu, dir='%s') failed", + sizeof(feedback_t), hfuzz.io.workDir); + } + if (!(hfuzz.feedback.cmpFeedbackMap = + files_mapSharedMem(sizeof(cmpfeedback_t), &hfuzz.feedback.cmpFeedbackFd, + "hf-cmpfeedback", /* nocore= */ true, /* export= */ hfuzz.io.exportFeedback))) { + LOG_F("files_mapSharedMem(name='hf-cmpfeedback', sz=%zu, dir='%s') failed", + sizeof(cmpfeedback_t), hfuzz.io.workDir); } setupRLimits(); diff --git a/honggfuzz.h b/honggfuzz.h index 748dab75..62305e6e 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -73,12 +73,15 @@ /* Maximum size of the input file in bytes (128 MiB) */ #define _HF_INPUT_MAX_SIZE (1024ULL * 1024ULL * 128ULL) +/* FD used to report back used int/str constants from the fuzzed process */ +#define _HF_CMP_BITMAP_FD 1019 /* FD used to log inside the child process */ #define _HF_LOG_FD 1020 /* FD used to represent the input file */ #define _HF_INPUT_FD 1021 -/* FD used to pass feedback bitmap a process */ -#define _HF_BITMAP_FD 1022 +/* FD used to pass coverage feedback from the fuzzed process */ +#define _HF_COV_BITMAP_FD 1022 +#define _HF_BITMAP_FD _HF_COV_BITMAP_FD /* Old name for _HF_COV_BITMAP_FD */ /* FD used to pass data to a persistent process */ #define _HF_PERSISTENT_FD 1023 @@ -183,6 +186,23 @@ typedef struct { uint64_t guardNb; } feedback_t; +typedef struct { + uint32_t strCnt; + struct { + char str[128]; + } strArr[4096]; + uint32_t intCnt; + struct { + union { + uint8_t int1; + uint16_t int2; + uint32_t int4; + uint64_t int8; + }; + uint32_t len; + } intArr[4096]; +} cmpfeedback_t; + typedef struct { struct { size_t threadsMax; @@ -267,9 +287,11 @@ typedef struct { } sanitizer; struct { fuzzState_t state; - feedback_t* feedbackMap; - int bbFd; - pthread_mutex_t feedback_mutex; + feedback_t* covFeedbackMap; + int covFeedbackFd; + pthread_mutex_t covFeedback_mutex; + cmpfeedback_t* cmpFeedbackMap; + int cmpFeedbackFd; const char* blacklistFile; uint64_t* blacklist; size_t blacklistCnt; diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index eddbd290..5953b9ed 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -34,13 +34,58 @@ const char* const LIBHFUZZ_module_instrument = "LIBHFUZZ_module_instrument"; #endif /* defined(__x86_64__) || defined(__i386__) */ /* - * If there's no _HF_BITMAP_FD available (running without the honggfuzz + * If there's no _HF_COV_BITMAP_FD available (running without the honggfuzz * supervisor), use a dummy bitmap and control structure located in the BSS */ static feedback_t bbMapFb; -feedback_t* feedback = &bbMapFb; + +feedback_t* covFeedback = &bbMapFb; +cmpfeedback_t* cmpFeedback = NULL; + uint32_t my_thread_no = 0; +static void initializeCmpFeedback(void) { + struct stat st; + if (fstat(_HF_CMP_BITMAP_FD, &st) == -1) { + return; + } + if (st.st_size != sizeof(cmpfeedback_t)) { + LOG_W("Size of the cmpFeedback structure mismatch: st.size != sizeof(cmpfeedback_t) (%zu " + "!= %zu). " + "Link your fuzzed binaries with the newest honggfuzz and hfuzz-clang(++). Ignoring " + "for now.", + (size_t)st.st_size, sizeof(cmpfeedback_t)); + return; + } + int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); + if ((cmpFeedback = mmap(NULL, sizeof(cmpfeedback_t), PROT_READ | PROT_WRITE, mflags, + _HF_CMP_BITMAP_FD, 0)) == MAP_FAILED) { + PLOG_W("mmap(_HF_CMP_BITMAP_FD==%d, size=%zu) of the feedback structure failed", + _HF_CMP_BITMAP_FD, sizeof(cmpfeedback_t)); + cmpFeedback = NULL; + return; + } +} + +static void initializeCovFeedback(void) { + struct stat st; + if (fstat(_HF_COV_BITMAP_FD, &st) == -1) { + return; + } + if (st.st_size != sizeof(feedback_t)) { + LOG_F( + "Size of the feedback structure mismatch: st.size != sizeof(feedback_t) (%zu != %zu). " + "Link your fuzzed binaries with the newest honggfuzz and hfuzz-clang(++)", + (size_t)st.st_size, sizeof(feedback_t)); + } + int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); + if ((covFeedback = mmap(NULL, sizeof(feedback_t), PROT_READ | PROT_WRITE, mflags, + _HF_COV_BITMAP_FD, 0)) == MAP_FAILED) { + PLOG_F("mmap(_HF_COV_BITMAP_FD=%d, size=%zu) of the feedback structure failed", + _HF_COV_BITMAP_FD, sizeof(feedback_t)); + } +} + static void initializeInstrument(void) { if (fcntl(_HF_LOG_FD, F_GETFD) != -1) { enum llevel_t ll = INFO; @@ -63,22 +108,8 @@ static void initializeInstrument(void) { my_thread_no, _HF_THREAD_MAX); } - struct stat st; - if (fstat(_HF_BITMAP_FD, &st) == -1) { - return; - } - if (st.st_size != sizeof(feedback_t)) { - LOG_F( - "Size of the feedback structure mismatch: st.size != sizeof(feedback_t) (%zu != %zu). " - "Link your fuzzed binaries with the newest honggfuzz and hfuzz-clang(++)", - (size_t)st.st_size, sizeof(feedback_t)); - } - int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); - if ((feedback = mmap(NULL, sizeof(feedback_t), PROT_READ | PROT_WRITE, mflags, _HF_BITMAP_FD, - 0)) == MAP_FAILED) { - PLOG_F("mmap(fd=%d, size=%zu) of the feedback structure failed", _HF_BITMAP_FD, - sizeof(feedback_t)); - } + initializeCovFeedback(); + initializeCmpFeedback(); /* Reset coverage counters to their initial state */ instrumentClearNewCov(); @@ -93,9 +124,9 @@ __attribute__((constructor)) void hfuzzInstrumentInit(void) { /* Reset the counters of newly discovered edges/pcs/features */ void instrumentClearNewCov() { - feedback->pidFeedbackPc[my_thread_no] = 0U; - feedback->pidFeedbackEdge[my_thread_no] = 0U; - feedback->pidFeedbackCmp[my_thread_no] = 0U; + covFeedback->pidFeedbackPc[my_thread_no] = 0U; + covFeedback->pidFeedbackEdge[my_thread_no] = 0U; + covFeedback->pidFeedbackCmp[my_thread_no] = 0U; } /* @@ -104,9 +135,9 @@ void instrumentClearNewCov() { HF_REQUIRE_SSE42_POPCNT void __cyg_profile_func_enter(void* func, void* caller) { register size_t pos = (((uintptr_t)func << 12) | ((uintptr_t)caller & 0xFFF)) & _HF_PERF_BITMAP_BITSZ_MASK; - register uint8_t prev = ATOMIC_BTS(feedback->bbMapPc, pos); + register uint8_t prev = ATOMIC_BTS(covFeedback->bbMapPc, pos); if (!prev) { - ATOMIC_PRE_INC_RELAXED(feedback->pidFeedbackPc[my_thread_no]); + ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); } } @@ -120,9 +151,9 @@ HF_REQUIRE_SSE42_POPCNT void __cyg_profile_func_exit( */ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_pc_internal(uintptr_t pc) { register uintptr_t ret = pc & _HF_PERF_BITMAP_BITSZ_MASK; - register uint8_t prev = ATOMIC_BTS(feedback->bbMapPc, ret); + register uint8_t prev = ATOMIC_BTS(covFeedback->bbMapPc, ret); if (!prev) { - ATOMIC_PRE_INC_RELAXED(feedback->pidFeedbackPc[my_thread_no]); + ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); } } @@ -140,20 +171,20 @@ HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_pc(uintptr_t pc) { HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp1(uint8_t Arg1, uint8_t Arg2) { uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); - uint8_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); + uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(feedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(feedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_SET(covFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); } } HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); - uint8_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); + uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(feedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(feedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_SET(covFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); } } @@ -161,10 +192,10 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp4_internal( uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); - uint8_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); + uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(feedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(feedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_SET(covFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); } } @@ -180,10 +211,10 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp8_internal( uintptr_t pc, uint64_t Arg1, uint64_t Arg2) { uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcountll(Arg1 ^ Arg2)); - uint8_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); + uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(feedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(feedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_SET(covFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); } } @@ -225,10 +256,10 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t for (uint64_t i = 0; i < Cases[0]; i++) { uintptr_t pos = ((uintptr_t)__builtin_return_address(0) + i) % _HF_PERF_BITMAP_SIZE_16M; uint8_t v = (uint8_t)Cases[1] - __builtin_popcountll(Val ^ Cases[i + 2]); - uint8_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); + uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(feedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(feedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_SET(covFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); } } } @@ -272,20 +303,20 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmpd( HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div8(uint64_t Val) { uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; uint8_t v = ((sizeof(Val) * 8) - __builtin_popcountll(Val)); - uint8_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); + uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(feedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(feedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_SET(covFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); } } HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div4(uint32_t Val) { uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; uint8_t v = ((sizeof(Val) * 8) - __builtin_popcount(Val)); - uint8_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); + uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(feedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(feedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_SET(covFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); } } @@ -297,9 +328,9 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_indir(uintptr_t callee) { register size_t pos2 = callee & 0xFFF; register size_t pos = (pos1 | pos2) & _HF_PERF_BITMAP_BITSZ_MASK; - register uint8_t prev = ATOMIC_BTS(feedback->bbMapPc, pos); + register uint8_t prev = ATOMIC_BTS(covFeedback->bbMapPc, pos); if (!prev) { - ATOMIC_PRE_INC_RELAXED(feedback->pidFeedbackPc[my_thread_no]); + ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); } } @@ -313,9 +344,9 @@ __attribute__((weak)) HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_indir_call16( register size_t pos2 = (uintptr_t)callee & 0xFFF; register size_t pos = (pos1 | pos2) & _HF_PERF_BITMAP_BITSZ_MASK; - register uint8_t prev = ATOMIC_BTS(feedback->bbMapPc, pos); + register uint8_t prev = ATOMIC_BTS(covFeedback->bbMapPc, pos); if (!prev) { - ATOMIC_PRE_INC_RELAXED(feedback->pidFeedbackPc[my_thread_no]); + ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); } } @@ -344,12 +375,12 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start n, ((uintptr_t)stop - (uintptr_t)start) / sizeof(start), start, stop); } /* If the corresponding PC was already hit, map this specific guard as uninteresting (0) */ - *x = ATOMIC_GET(feedback->pcGuardMap[n]) ? 0U : n; + *x = ATOMIC_GET(covFeedback->pcGuardMap[n]) ? 0U : n; } /* Store number of guards for statistical purposes */ - if (ATOMIC_GET(feedback->guardNb) < n - 1) { - ATOMIC_SET(feedback->guardNb, n - 1); + if (ATOMIC_GET(covFeedback->guardNb) < n - 1) { + ATOMIC_SET(covFeedback->guardNb, n - 1); } } @@ -382,18 +413,18 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { return; } #endif /* defined(__ANDROID__) */ - bool prev = ATOMIC_XCHG(feedback->pcGuardMap[*guard], true); + bool prev = ATOMIC_XCHG(covFeedback->pcGuardMap[*guard], true); if (prev == false) { - ATOMIC_PRE_INC_RELAXED(feedback->pidFeedbackEdge[my_thread_no]); + ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackEdge[my_thread_no]); } } bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { uintptr_t pos = addr % _HF_PERF_BITMAP_SIZE_16M; - uint32_t prev = ATOMIC_GET(feedback->bbMapCmp[pos]); + uint32_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(feedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(feedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_SET(covFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); return true; } return false; diff --git a/linux/perf.c b/linux/perf.c index f3b805d7..6fb0506a 100644 --- a/linux/perf.c +++ b/linux/perf.c @@ -81,7 +81,7 @@ __attribute__((hot)) static inline void arch_perfBtsCount(run_t* run) { register size_t pos = ((br->from << 12) ^ (br->to & 0xFFF)); pos &= _HF_PERF_BITMAP_BITSZ_MASK; - register uint8_t prev = ATOMIC_BTS(run->global->feedback.feedbackMap->bbMapPc, pos); + register uint8_t prev = ATOMIC_BTS(run->global->feedback.covFeedbackMap->bbMapPc, pos); if (!prev) { run->linux.hwCnts.newBBCnt++; } diff --git a/linux/pt.c b/linux/pt.c index 0c20a610..8fcfdfd3 100644 --- a/linux/pt.c +++ b/linux/pt.c @@ -123,7 +123,7 @@ __attribute__((hot)) inline static void perf_ptAnalyzePkt(run_t* run, struct pt_ } ip &= _HF_PERF_BITMAP_BITSZ_MASK; - register uint8_t prev = ATOMIC_BTS(run->global->feedback.feedbackMap->bbMapPc, ip); + register uint8_t prev = ATOMIC_BTS(run->global->feedback.covFeedbackMap->bbMapPc, ip); if (!prev) { run->linux.hwCnts.newBBCnt++; } diff --git a/subproc.c b/subproc.c index e9f3bd23..12aedd10 100644 --- a/subproc.c +++ b/subproc.c @@ -281,9 +281,16 @@ static bool subproc_PrepareExecv(run_t* run) { /* close_stdout= */ run->global->exe.nullifyStdio, /* close_stderr= */ run->global->exe.nullifyStdio); - /* The bitmap/feedback structure */ - if (TEMP_FAILURE_RETRY(dup2(run->global->feedback.bbFd, _HF_BITMAP_FD)) == -1) { - PLOG_E("dup2(%d, _HF_BITMAP_FD=%d)", run->global->feedback.bbFd, _HF_BITMAP_FD); + /* The coverage bitmap/feedback structure */ + if (TEMP_FAILURE_RETRY(dup2(run->global->feedback.covFeedbackFd, _HF_COV_BITMAP_FD)) == -1) { + PLOG_E("dup2(%d, _HF_COV_BITMAP_FD=%d)", run->global->feedback.covFeedbackFd, + _HF_COV_BITMAP_FD); + return false; + } + /* The coverage bitmap/feedback structure */ + if (TEMP_FAILURE_RETRY(dup2(run->global->feedback.cmpFeedbackFd, _HF_CMP_BITMAP_FD)) == -1) { + PLOG_E("dup2(%d, _HF_CMP_BITMAP_FD=%d)", run->global->feedback.cmpFeedbackFd, + _HF_CMP_BITMAP_FD); return false; } -- cgit v1.2.3 From 94585ac0d5bf9f608564e50307c7a776e093959a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 26 Feb 2020 21:03:14 +0100 Subject: Add const cmp feedback functionality behind the --experimental_const_feedback flag --- cmdline.c | 5 +++ fuzz.c | 2 +- honggfuzz.c | 12 +++--- honggfuzz.h | 9 ++-- libhfuzz/instrument.c | 116 ++++++++++++++++++++++++++++++++++---------------- mangle.c | 28 ++++++++++++ subproc.c | 5 ++- 7 files changed, 128 insertions(+), 49 deletions(-) diff --git a/cmdline.c b/cmdline.c index e558e129..1ded601d 100644 --- a/cmdline.c +++ b/cmdline.c @@ -359,6 +359,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .covFeedback_mutex = PTHREAD_MUTEX_INITIALIZER, .cmpFeedbackMap = NULL, .cmpFeedbackFd = -1, + .cmpFeedback = false, .blacklistFile = NULL, .blacklist = NULL, .blacklistCnt = 0, @@ -475,6 +476,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "netdriver", no_argument, NULL, 0x10C }, "Use netdriver (libhfnetdriver/). In most cases it will be autodetected through a binary signature" }, { { "only_printable", no_argument, NULL, 0x10D }, "Only generate printable inputs" }, { { "export_feedback", no_argument, NULL, 0x10E }, "Export the coverage feedback structure as ./hfuzz-feedback" }, + { { "experimental_const_feedback", no_argument, NULL, 0x112 }, "*** EXPERIMENTAL *** Use constant integer/string values from fuzzed programs to mangle input files" }, #if defined(_HF_ARCH_LINUX) { { "linux_symbols_bl", required_argument, NULL, 0x504 }, "Symbols blacklist filter file (one entry per line)" }, @@ -592,6 +594,9 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { case 0x10E: hfuzz->io.exportFeedback = true; break; + case 0x112: + hfuzz->feedback.cmpFeedback = true; + break; case 'z': hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_SOFT; break; diff --git a/fuzz.c b/fuzz.c index 003aaa21..02714200 100644 --- a/fuzz.c +++ b/fuzz.c @@ -494,7 +494,7 @@ static void* fuzz_threadNew(void* arg) { /* Do not try to handle input files with socketfuzzer */ if (!hfuzz->socketFuzzer.enabled) { if (!(run.dynamicFile = files_mapSharedMem(hfuzz->mutate.maxFileSz, &run.dynamicFileFd, - "hfuzz-input", /* nocore= */ true, /* export= */ false))) { + "hf-input", /* nocore= */ true, /* export= */ false))) { LOG_F("Couldn't create an input file of size: %zu", hfuzz->mutate.maxFileSz); } } diff --git a/honggfuzz.c b/honggfuzz.c index e7956a7b..78f94a3b 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -365,11 +365,13 @@ int main(int argc, char** argv) { LOG_F("files_mapSharedMem(name='hf-covfeddback', sz=%zu, dir='%s') failed", sizeof(feedback_t), hfuzz.io.workDir); } - if (!(hfuzz.feedback.cmpFeedbackMap = - files_mapSharedMem(sizeof(cmpfeedback_t), &hfuzz.feedback.cmpFeedbackFd, - "hf-cmpfeedback", /* nocore= */ true, /* export= */ hfuzz.io.exportFeedback))) { - LOG_F("files_mapSharedMem(name='hf-cmpfeedback', sz=%zu, dir='%s') failed", - sizeof(cmpfeedback_t), hfuzz.io.workDir); + if (hfuzz.feedback.cmpFeedback) { + if (!(hfuzz.feedback.cmpFeedbackMap = files_mapSharedMem(sizeof(cmpfeedback_t), + &hfuzz.feedback.cmpFeedbackFd, "hf-cmpfeedback", /* nocore= */ true, + /* export= */ hfuzz.io.exportFeedback))) { + LOG_F("files_mapSharedMem(name='hf-cmpfeedback', sz=%zu, dir='%s') failed", + sizeof(cmpfeedback_t), hfuzz.io.workDir); + } } setupRLimits(); diff --git a/honggfuzz.h b/honggfuzz.h index 62305e6e..163f0d0f 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -189,15 +189,13 @@ typedef struct { typedef struct { uint32_t strCnt; struct { - char str[128]; + char val[32]; + uint32_t len; } strArr[4096]; uint32_t intCnt; struct { union { - uint8_t int1; - uint16_t int2; - uint32_t int4; - uint64_t int8; + uint8_t val[sizeof(uint64_t)]; }; uint32_t len; } intArr[4096]; @@ -292,6 +290,7 @@ typedef struct { pthread_mutex_t covFeedback_mutex; cmpfeedback_t* cmpFeedbackMap; int cmpFeedbackFd; + bool cmpFeedback; const char* blacklistFile; uint64_t* blacklist; size_t blacklistCnt; diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 5953b9ed..18a78d45 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -51,9 +51,7 @@ static void initializeCmpFeedback(void) { } if (st.st_size != sizeof(cmpfeedback_t)) { LOG_W("Size of the cmpFeedback structure mismatch: st.size != sizeof(cmpfeedback_t) (%zu " - "!= %zu). " - "Link your fuzzed binaries with the newest honggfuzz and hfuzz-clang(++). Ignoring " - "for now.", + "!= %zu). Link your fuzzed binaries with the newest honggfuzz and hfuzz-clang(++)", (size_t)st.st_size, sizeof(cmpfeedback_t)); return; } @@ -67,23 +65,25 @@ static void initializeCmpFeedback(void) { } } -static void initializeCovFeedback(void) { +static bool initializeCovFeedback(void) { struct stat st; if (fstat(_HF_COV_BITMAP_FD, &st) == -1) { - return; + return false; } if (st.st_size != sizeof(feedback_t)) { - LOG_F( - "Size of the feedback structure mismatch: st.size != sizeof(feedback_t) (%zu != %zu). " - "Link your fuzzed binaries with the newest honggfuzz and hfuzz-clang(++)", + LOG_W("Size of the feedback structure mismatch: st.size != sizeof(feedback_t) (%zu != " + "%zu). Link your fuzzed binaries with the newest honggfuzz and hfuzz-clang(++)", (size_t)st.st_size, sizeof(feedback_t)); + return false; } int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); if ((covFeedback = mmap(NULL, sizeof(feedback_t), PROT_READ | PROT_WRITE, mflags, _HF_COV_BITMAP_FD, 0)) == MAP_FAILED) { - PLOG_F("mmap(_HF_COV_BITMAP_FD=%d, size=%zu) of the feedback structure failed", + PLOG_W("mmap(_HF_COV_BITMAP_FD=%d, size=%zu) of the feedback structure failed", _HF_COV_BITMAP_FD, sizeof(feedback_t)); + return false; } + return true; } static void initializeInstrument(void) { @@ -108,7 +108,10 @@ static void initializeInstrument(void) { my_thread_no, _HF_THREAD_MAX); } - initializeCovFeedback(); + if (!initializeCovFeedback()) { + covFeedback = &bbMapFb; + LOG_F("Could not intialize the coverage feedback map"); + } initializeCmpFeedback(); /* Reset coverage counters to their initial state */ @@ -129,6 +132,31 @@ void instrumentClearNewCov() { covFeedback->pidFeedbackCmp[my_thread_no] = 0U; } +void instrument_addConstIntToMap(void* v, size_t len) { + if (!cmpFeedback) { + return; + } + + uint32_t curroff = ATOMIC_GET(cmpFeedback->intCnt); + if (curroff >= ARRAYSIZE(cmpFeedback->intArr)) { + return; + } + for (uint32_t i = 0; i < curroff; i++) { + if (memcmp(cmpFeedback->intArr[i].val, v, len) == 0) { + return; + } + } + + uint32_t newoff = ATOMIC_POST_INC(cmpFeedback->intCnt); + if (newoff >= ARRAYSIZE(cmpFeedback->intArr)) { + ATOMIC_SET(cmpFeedback->intCnt, ARRAYSIZE(cmpFeedback->intArr)); + return; + } + + memcpy(cmpFeedback->intArr[newoff].val, v, len); + cmpFeedback->intArr[newoff].len = len; +} + /* * -finstrument-functions */ @@ -168,8 +196,9 @@ HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_pc(uintptr_t pc) { /* * -fsanitize-coverage=trace-cmp */ -HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp1(uint8_t Arg1, uint8_t Arg2) { - uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; +HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp1_internal( + uintptr_t pc, uint8_t Arg1, uint8_t Arg2) { + uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { @@ -178,8 +207,22 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp1(uint8_t Arg1, uint8_t Ar } } -HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { - uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp1(uint8_t Arg1, uint8_t Arg2) { + hfuzz_trace_cmp1_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); +} + +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_const_cmp1(uint8_t Arg1, uint8_t Arg2) { + /* No need to report back 1 byte comparisons */ + hfuzz_trace_cmp1_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); +} + +HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_cmp1(uintptr_t pc, uint8_t Arg1, uint8_t Arg2) { + hfuzz_trace_cmp1_internal(pc, Arg1, Arg2); +} + +HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp2_internal( + uintptr_t pc, uint16_t Arg1, uint16_t Arg2) { + uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { @@ -188,6 +231,19 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t } } +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { + hfuzz_trace_cmp2_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); +} + +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_const_cmp2(uint16_t Arg1, uint16_t Arg2) { + instrument_addConstIntToMap(&Arg1, sizeof(Arg1)); + hfuzz_trace_cmp2_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); +} + +HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_cmp2(uintptr_t pc, uint16_t Arg1, uint16_t Arg2) { + hfuzz_trace_cmp2_internal(pc, Arg1, Arg2); +} + HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp4_internal( uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; @@ -203,6 +259,11 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t hfuzz_trace_cmp4_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_const_cmp4(uint32_t Arg1, uint32_t Arg2) { + instrument_addConstIntToMap(&Arg1, sizeof(Arg1)); + hfuzz_trace_cmp4_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); +} + HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_cmp4(uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { hfuzz_trace_cmp4_internal(pc, Arg1, Arg2); } @@ -222,32 +283,15 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t hfuzz_trace_cmp8_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_const_cmp8(uint64_t Arg1, uint64_t Arg2) { + instrument_addConstIntToMap(&Arg1, sizeof(Arg1)); + hfuzz_trace_cmp8_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); +} + HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_cmp8(uintptr_t pc, uint64_t Arg1, uint64_t Arg2) { hfuzz_trace_cmp8_internal(pc, Arg1, Arg2); } -/* - * Const versions of trace_cmp, we don't use any special handling for these - * - * For MacOS, these're weak aliases, as Darwin supports only them - */ - -#if defined(_HF_ARCH_DARWIN) -#pragma weak __sanitizer_cov_trace_const_cmp1 = __sanitizer_cov_trace_cmp1 -#pragma weak __sanitizer_cov_trace_const_cmp2 = __sanitizer_cov_trace_cmp2 -#pragma weak __sanitizer_cov_trace_const_cmp4 = __sanitizer_cov_trace_cmp4 -#pragma weak __sanitizer_cov_trace_const_cmp8 = __sanitizer_cov_trace_cmp8 -#else -void __sanitizer_cov_trace_const_cmp1(uint8_t Arg1, uint8_t Arg2) - __attribute__((alias("__sanitizer_cov_trace_cmp1"))); -void __sanitizer_cov_trace_const_cmp2(uint16_t Arg1, uint16_t Arg2) - __attribute__((alias("__sanitizer_cov_trace_cmp2"))); -void __sanitizer_cov_trace_const_cmp4(uint32_t Arg1, uint32_t Arg2) - __attribute__((alias("__sanitizer_cov_trace_cmp4"))); -void __sanitizer_cov_trace_const_cmp8(uint64_t Arg1, uint64_t Arg2) - __attribute__((alias("__sanitizer_cov_trace_cmp8"))); -#endif /* defined(_HF_ARCH_DARWIN) */ - /* * Cases[0] is number of comparison entries * Cases[1] is length of Val in bits diff --git a/mangle.c b/mangle.c index e3f4e187..aac9d805 100644 --- a/mangle.c +++ b/mangle.c @@ -405,6 +405,33 @@ static void mangle_Magic(run_t* run, bool printable) { } } +static void mangle_CmpFeedback(run_t* run, bool printable) { + if (!run->global->feedback.cmpFeedback) { + return mangle_Magic(run, printable); + } + uint32_t len = ATOMIC_GET(run->global->feedback.cmpFeedbackMap->intCnt); + if (len == 0) { + return mangle_Magic(run, printable); + } + if (len > ARRAYSIZE(run->global->feedback.cmpFeedbackMap->intArr)) { + len = ARRAYSIZE(run->global->feedback.cmpFeedbackMap->intArr); + } + + size_t off = util_rndGet(0, run->dynamicFileSz - 1); + uint32_t choice = util_rndGet(0, len - 1); + if (run->global->feedback.cmpFeedbackMap->intArr[choice].len == 0) { + return mangle_Magic(run, printable); + } + + mangle_Overwrite(run, run->global->feedback.cmpFeedbackMap->intArr[choice].val, off, + run->global->feedback.cmpFeedbackMap->intArr[choice].len); + + if (printable) { + util_turnToPrintable( + &run->dynamicFile[off], run->global->feedback.cmpFeedbackMap->intArr[choice].len); + } +} + static void mangle_MemSetWithVal(run_t* run, int val) { size_t off = util_rndGet(0, run->dynamicFileSz - 1); size_t sz = util_rndGet(1, run->dynamicFileSz - off); @@ -617,6 +644,7 @@ void mangle_mangleContent(run_t* run) { mangle_Bit, mangle_Bytes, mangle_Magic, + mangle_CmpFeedback, mangle_IncByte, mangle_DecByte, mangle_NegByte, diff --git a/subproc.c b/subproc.c index 12aedd10..80294ed7 100644 --- a/subproc.c +++ b/subproc.c @@ -287,8 +287,9 @@ static bool subproc_PrepareExecv(run_t* run) { _HF_COV_BITMAP_FD); return false; } - /* The coverage bitmap/feedback structure */ - if (TEMP_FAILURE_RETRY(dup2(run->global->feedback.cmpFeedbackFd, _HF_CMP_BITMAP_FD)) == -1) { + /* The const comparison bitmap/feedback structure */ + if (run->global->feedback.cmpFeedback && + TEMP_FAILURE_RETRY(dup2(run->global->feedback.cmpFeedbackFd, _HF_CMP_BITMAP_FD)) == -1) { PLOG_E("dup2(%d, _HF_CMP_BITMAP_FD=%d)", run->global->feedback.cmpFeedbackFd, _HF_CMP_BITMAP_FD); return false; -- cgit v1.2.3 From ed407f6a787080821ad8b2b2ba2154f58ebe6a26 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 26 Feb 2020 22:19:40 +0100 Subject: cmdline: require argument for --experimental_const_feedback --- cmdline.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmdline.c b/cmdline.c index 1ded601d..939df08b 100644 --- a/cmdline.c +++ b/cmdline.c @@ -476,7 +476,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "netdriver", no_argument, NULL, 0x10C }, "Use netdriver (libhfnetdriver/). In most cases it will be autodetected through a binary signature" }, { { "only_printable", no_argument, NULL, 0x10D }, "Only generate printable inputs" }, { { "export_feedback", no_argument, NULL, 0x10E }, "Export the coverage feedback structure as ./hfuzz-feedback" }, - { { "experimental_const_feedback", no_argument, NULL, 0x112 }, "*** EXPERIMENTAL *** Use constant integer/string values from fuzzed programs to mangle input files" }, + { { "experimental_const_feedback", required_argument, NULL, 0x112 }, "*** EXPERIMENTAL *** Use constant integer/string values from fuzzed programs to mangle input files (default: false)" }, #if defined(_HF_ARCH_LINUX) { { "linux_symbols_bl", required_argument, NULL, 0x504 }, "Symbols blacklist filter file (one entry per line)" }, @@ -595,7 +595,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { hfuzz->io.exportFeedback = true; break; case 0x112: - hfuzz->feedback.cmpFeedback = true; + hfuzz->feedback.cmpFeedback = cmdlineParseTrueFalse(opts[opt_index].name, optarg); break; case 'z': hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_SOFT; -- cgit v1.2.3 From 58930e8758ae36ff6d37e836f10d98ac3eeea54a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 26 Feb 2020 23:49:02 +0100 Subject: cmpConstFeedbackL unify infrastructure for integers and other memory --- Makefile | 3 +- honggfuzz.h | 13 ++------- libhfcommon/util.c | 21 ++++++++++++++ libhfcommon/util.h | 2 ++ libhfuzz/instrument.c | 33 +++++++++++++--------- libhfuzz/instrument.h | 2 ++ libhfuzz/memorycmp.c | 77 ++++++++++++++++++++++++++++++--------------------- mangle.c | 14 +++++----- 8 files changed, 103 insertions(+), 62 deletions(-) diff --git a/Makefile b/Makefile index f1e63cfe..ccf857ba 100644 --- a/Makefile +++ b/Makefile @@ -419,7 +419,8 @@ libhfuzz/instrument.o: libhfcommon/common.h libhfcommon/log.h libhfuzz/linux.o: libhfcommon/common.h libhfcommon/files.h libhfuzz/linux.o: libhfcommon/common.h libhfcommon/log.h libhfcommon/ns.h libhfuzz/linux.o: libhfuzz/libhfuzz.h -libhfuzz/memorycmp.o: libhfcommon/common.h libhfuzz/instrument.h +libhfuzz/memorycmp.o: libhfcommon/common.h libhfcommon/util.h +libhfuzz/memorycmp.o: libhfuzz/instrument.h libhfuzz/persistent.o: honggfuzz.h libhfcommon/util.h libhfcommon/common.h libhfuzz/persistent.o: libhfcommon/files.h libhfcommon/common.h libhfuzz/persistent.o: libhfcommon/log.h libhfuzz/fetch.h diff --git a/honggfuzz.h b/honggfuzz.h index 163f0d0f..0f7539bc 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -187,18 +187,11 @@ typedef struct { } feedback_t; typedef struct { - uint32_t strCnt; + uint32_t cnt; struct { - char val[32]; + uint8_t val[16]; uint32_t len; - } strArr[4096]; - uint32_t intCnt; - struct { - union { - uint8_t val[sizeof(uint64_t)]; - }; - uint32_t len; - } intArr[4096]; + } valArr[4096]; } cmpfeedback_t; typedef struct { diff --git a/libhfcommon/util.c b/libhfcommon/util.c index 87939bbd..8fde1a2e 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -799,3 +800,23 @@ const char* util_sigName(int signo) { snprintf(signame, sizeof(signame), "UNKNOWN-%d", signo); return signame; } + +static int addrRO_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { + for (size_t i = 0; i < info->dlpi_phnum; i++) { + uintptr_t addr_start = info->dlpi_addr + info->dlpi_phdr[i].p_vaddr; + uintptr_t addr_end = + info->dlpi_addr + info->dlpi_phdr[i].p_vaddr + info->dlpi_phdr[i].p_memsz; + if (((uintptr_t)data >= addr_start) && ((uintptr_t)data < addr_end)) { + if ((info->dlpi_phdr[i].p_flags & PF_W) == 0) { + return 1; + } else { + return 2; + } + } + } + return 0; +} + +bool util_isAddrRO(const void* addr) { + return (dl_iterate_phdr(addrRO_cb, (void*)addr) == 1); +} diff --git a/libhfcommon/util.h b/libhfcommon/util.h index 3295c56f..1cc3bc2b 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -135,4 +135,6 @@ extern uint64_t util_CRC64Rev(const uint8_t* buf, size_t len); extern const char* util_sigName(int signo); +extern bool util_isAddrRO(const void* addr); + #endif /* ifndef _HF_COMMON_UTIL_H_ */ diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 18a78d45..d015708c 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -132,29 +132,36 @@ void instrumentClearNewCov() { covFeedback->pidFeedbackCmp[my_thread_no] = 0U; } -void instrument_addConstIntToMap(void* v, size_t len) { +void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { if (!cmpFeedback) { return; } - - uint32_t curroff = ATOMIC_GET(cmpFeedback->intCnt); - if (curroff >= ARRAYSIZE(cmpFeedback->intArr)) { + if (len > sizeof(cmpFeedback->valArr[0].val)) { + len = sizeof(cmpFeedback->valArr[0].val); + } + uint32_t curroff = ATOMIC_GET(cmpFeedback->cnt); + if (curroff >= ARRAYSIZE(cmpFeedback->valArr)) { return; } + if (check_if_ro && !util_isAddrRO(mem)) { + return; + } + for (uint32_t i = 0; i < curroff; i++) { - if (memcmp(cmpFeedback->intArr[i].val, v, len) == 0) { + if ((len == cmpFeedback->valArr[i].len) && + memcmp(cmpFeedback->valArr[i].val, mem, len) == 0) { return; } } - uint32_t newoff = ATOMIC_POST_INC(cmpFeedback->intCnt); - if (newoff >= ARRAYSIZE(cmpFeedback->intArr)) { - ATOMIC_SET(cmpFeedback->intCnt, ARRAYSIZE(cmpFeedback->intArr)); + uint32_t newoff = ATOMIC_POST_INC(cmpFeedback->cnt); + if (newoff >= ARRAYSIZE(cmpFeedback->valArr)) { + ATOMIC_SET(cmpFeedback->cnt, ARRAYSIZE(cmpFeedback->valArr)); return; } - memcpy(cmpFeedback->intArr[newoff].val, v, len); - cmpFeedback->intArr[newoff].len = len; + memcpy(cmpFeedback->valArr[newoff].val, mem, len); + ATOMIC_SET(cmpFeedback->valArr[newoff].len, len); } /* @@ -236,7 +243,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t } HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_const_cmp2(uint16_t Arg1, uint16_t Arg2) { - instrument_addConstIntToMap(&Arg1, sizeof(Arg1)); + instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); hfuzz_trace_cmp2_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } @@ -260,7 +267,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t } HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_const_cmp4(uint32_t Arg1, uint32_t Arg2) { - instrument_addConstIntToMap(&Arg1, sizeof(Arg1)); + instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); hfuzz_trace_cmp4_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } @@ -284,7 +291,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t } HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_const_cmp8(uint64_t Arg1, uint64_t Arg2) { - instrument_addConstIntToMap(&Arg1, sizeof(Arg1)); + instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); hfuzz_trace_cmp8_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } diff --git a/libhfuzz/instrument.h b/libhfuzz/instrument.h index c8b09390..ba2e119b 100644 --- a/libhfuzz/instrument.h +++ b/libhfuzz/instrument.h @@ -26,9 +26,11 @@ #include #include +#include /* Returns true if the new value is better */ bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v); void instrumentClearNewCov(); +void instrumentAddConstMem(const void* m, size_t len, bool check_if_ro); #endif /* ifdef _HF_LIBHFUZZ_INSTRUMENT_H_ */ diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 9cfcaf88..94f709c3 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -2,16 +2,16 @@ #include #include #include +#include #include #include "libhfcommon/common.h" +#include "libhfcommon/util.h" #include "libhfuzz/instrument.h" __attribute__((visibility("default"))) __attribute__((used)) const char* const LIBHFUZZ_module_memorycmp = "LIBHFUZZ_module_memorycmp"; -#define RET_CALL_CHAIN (uintptr_t) __builtin_return_address(0) - static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { size_t i; for (i = 0; s1[i] == s2[i]; i++) { @@ -20,6 +20,8 @@ static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { } } instrumentUpdateCmpMap(addr, i); + instrumentAddConstMem(s1, __builtin_strlen(s1), /* check_if_ro= */ true); + instrumentAddConstMem(s2, __builtin_strlen(s2), /* check_if_ro= */ true); return ((unsigned char)s1[i] - (unsigned char)s2[i]); } @@ -31,6 +33,8 @@ static inline int HF_strcasecmp(const char* s1, const char* s2, uintptr_t addr) } } instrumentUpdateCmpMap(addr, i); + instrumentAddConstMem(s1, __builtin_strlen(s1), /* check_if_ro= */ true); + instrumentAddConstMem(s2, __builtin_strlen(s2), /* check_if_ro= */ true); return (tolower((unsigned char)s1[i]) - tolower((unsigned char)s2[i])); } @@ -43,6 +47,8 @@ static inline int HF_strncmp(const char* s1, const char* s2, size_t n, uintptr_t } instrumentUpdateCmpMap(addr, i); + instrumentAddConstMem(s1, __builtin_strnlen(s1, n), /* check_if_ro= */ true); + instrumentAddConstMem(s2, __builtin_strnlen(s2, n), /* check_if_ro= */ true); if (i == n) { return 0; } @@ -59,6 +65,9 @@ static inline int HF_strncasecmp(const char* s1, const char* s2, size_t n, uintp } instrumentUpdateCmpMap(addr, i); + instrumentAddConstMem(s1, __builtin_strnlen(s1, n), /* check_if_ro= */ true); + instrumentAddConstMem(s2, __builtin_strnlen(s2, n), /* check_if_ro= */ true); + if (i == n) { return 0; } @@ -102,6 +111,11 @@ static inline int HF_memcmp(const void* m1, const void* m2, size_t n, uintptr_t } instrumentUpdateCmpMap(addr, i); +#if 0 /* Enabling this would create a recursion, as instrumentAddConstMem uses memcmp() */ + instrumentAddConstMem(m1, n, /* check_if_ro= */ true); + instrumentAddConstMem(m2, n, /* check_if_ro= */ true);A +#endif + if (i == n) { return 0; } @@ -143,56 +157,56 @@ static inline char* HF_strcpy(char* dest, const char* src, uintptr_t addr) { /* Typical libc wrappers */ HF_WEAK_WRAP(int, strcmp, const char* s1, const char* s2) { - return HF_strcmp(s1, s2, RET_CALL_CHAIN); + return HF_strcmp(s1, s2, (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_strcmp( uintptr_t pc, const char* s1, const char* s2, int result HF_ATTR_UNUSED) { HF_strcmp(s1, s2, pc); } HF_WEAK_WRAP(int, strcasecmp, const char* s1, const char* s2) { - return HF_strcasecmp(s1, s2, RET_CALL_CHAIN); + return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_strcasecmp( uintptr_t pc, const char* s1, const char* s2, int result HF_ATTR_UNUSED) { HF_strcasecmp(s1, s2, pc); } HF_WEAK_WRAP(int, strncmp, const char* s1, const char* s2, size_t n) { - return HF_strncmp(s1, s2, n, RET_CALL_CHAIN); + return HF_strncmp(s1, s2, n, (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_strncmp( uintptr_t pc, const char* s1, const char* s2, size_t n, int result HF_ATTR_UNUSED) { HF_strncmp(s1, s2, n, pc); } HF_WEAK_WRAP(int, strncasecmp, const char* s1, const char* s2, size_t n) { - return HF_strncasecmp(s1, s2, n, RET_CALL_CHAIN); + return HF_strncasecmp(s1, s2, n, (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_strncasecmp( uintptr_t pc, const char* s1, const char* s2, size_t n, int result HF_ATTR_UNUSED) { HF_strncasecmp(s1, s2, n, pc); } HF_WEAK_WRAP(char*, strstr, const char* haystack, const char* needle) { - return HF_strstr(haystack, needle, RET_CALL_CHAIN); + return HF_strstr(haystack, needle, (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_strstr( uintptr_t pc, const char* haystack, const char* needle, char* result HF_ATTR_UNUSED) { HF_strstr(haystack, needle, pc); } HF_WEAK_WRAP(char*, strcasestr, const char* haystack, const char* needle) { - return HF_strcasestr(haystack, needle, RET_CALL_CHAIN); + return HF_strcasestr(haystack, needle, (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_strcasestr( uintptr_t pc, const char* haystack, const char* needle, char* result HF_ATTR_UNUSED) { HF_strcasestr(haystack, needle, pc); } HF_WEAK_WRAP(int, memcmp, const void* m1, const void* m2, size_t n) { - return HF_memcmp(m1, m2, n, RET_CALL_CHAIN); + return HF_memcmp(m1, m2, n, (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_memcmp( uintptr_t pc, const void* m1, const void* m2, size_t n, int result HF_ATTR_UNUSED) { HF_memcmp(m1, m2, n, pc); } HF_WEAK_WRAP(int, bcmp, const void* m1, const void* m2, size_t n) { - return HF_memcmp(m1, m2, n, RET_CALL_CHAIN); + return HF_memcmp(m1, m2, n, (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_bcmp( uintptr_t pc, const void* m1, const void* m2, size_t n, int result HF_ATTR_UNUSED) { @@ -200,14 +214,15 @@ void __sanitizer_weak_hook_bcmp( } HF_WEAK_WRAP( void*, memmem, const void* haystack, size_t haystacklen, const void* needle, size_t needlelen) { - return HF_memmem(haystack, haystacklen, needle, needlelen, RET_CALL_CHAIN); + return HF_memmem( + haystack, haystacklen, needle, needlelen, (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_memmem(uintptr_t pc, const void* haystack, size_t haystacklen, const void* needle, size_t needlelen, void* result HF_ATTR_UNUSED) { HF_memmem(haystack, haystacklen, needle, needlelen, pc); } HF_WEAK_WRAP(char*, strcpy, char* dest, const char* src) { - return HF_strcpy(dest, src, RET_CALL_CHAIN); + return HF_strcpy(dest, src, (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_strcpy( uintptr_t pc, char* dest, const char* src, char* result HF_ATTR_UNUSED) { @@ -218,46 +233,46 @@ void __sanitizer_weak_hook_strcpy( * Apache's httpd wrappers */ HF_WEAK_WRAP(int, ap_cstr_casecmp, const char* s1, const char* s2) { - return HF_strcasecmp(s1, s2, RET_CALL_CHAIN); + return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, ap_cstr_casecmpn, const char* s1, const char* s2, size_t n) { - return HF_strncasecmp(s1, s2, n, RET_CALL_CHAIN); + return HF_strncasecmp(s1, s2, n, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(const char*, ap_strcasestr, const char* s1, const char* s2) { - return HF_strcasestr(s1, s2, RET_CALL_CHAIN); + return HF_strcasestr(s1, s2, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, apr_cstr_casecmp, const char* s1, const char* s2) { - return HF_strcasecmp(s1, s2, RET_CALL_CHAIN); + return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, apr_cstr_casecmpn, const char* s1, const char* s2, size_t n) { - return HF_strncasecmp(s1, s2, n, RET_CALL_CHAIN); + return HF_strncasecmp(s1, s2, n, (uintptr_t)__builtin_return_address(0)); } /* * *SSL wrappers */ HF_WEAK_WRAP(int, CRYPTO_memcmp, const void* m1, const void* m2, size_t len) { - return HF_memcmp(m1, m2, len, RET_CALL_CHAIN); + return HF_memcmp(m1, m2, len, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, OPENSSL_memcmp, const void* m1, const void* m2, size_t len) { - return HF_memcmp(m1, m2, len, RET_CALL_CHAIN); + return HF_memcmp(m1, m2, len, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, OPENSSL_strcasecmp, const char* s1, const char* s2) { - return HF_strcasecmp(s1, s2, RET_CALL_CHAIN); + return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, OPENSSL_strncasecmp, const char* s1, const char* s2, size_t len) { - return HF_strncasecmp(s1, s2, len, RET_CALL_CHAIN); + return HF_strncasecmp(s1, s2, len, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int32_t, memcmpct, const void* s1, const void* s2, size_t len) { - return HF_memcmp(s1, s2, len, RET_CALL_CHAIN); + return HF_memcmp(s1, s2, len, (uintptr_t)__builtin_return_address(0)); } /* @@ -276,7 +291,7 @@ HF_WEAK_WRAP(int, xmlStrncmp, const char* s1, const char* s2, int len) { if (s2 == NULL) { return 1; } - return HF_strncmp(s1, s2, (size_t)len, RET_CALL_CHAIN); + return HF_strncmp(s1, s2, (size_t)len, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, xmlStrcmp, const char* s1, const char* s2) { @@ -289,7 +304,7 @@ HF_WEAK_WRAP(int, xmlStrcmp, const char* s1, const char* s2) { if (s2 == NULL) { return 1; } - return HF_strcmp(s1, s2, RET_CALL_CHAIN); + return HF_strcmp(s1, s2, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, xmlStrEqual, const char* s1, const char* s2) { @@ -302,7 +317,7 @@ HF_WEAK_WRAP(int, xmlStrEqual, const char* s1, const char* s2) { if (s2 == NULL) { return 0; } - if (HF_strcmp(s1, s2, RET_CALL_CHAIN) == 0) { + if (HF_strcmp(s1, s2, (uintptr_t)__builtin_return_address(0)) == 0) { return 1; } return 0; @@ -318,7 +333,7 @@ HF_WEAK_WRAP(int, xmlStrcasecmp, const char* s1, const char* s2) { if (s2 == NULL) { return 1; } - return HF_strcasecmp(s1, s2, RET_CALL_CHAIN); + return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, xmlStrncasecmp, const char* s1, const char* s2, int len) { @@ -334,7 +349,7 @@ HF_WEAK_WRAP(int, xmlStrncasecmp, const char* s1, const char* s2, int len) { if (s2 == NULL) { return 1; } - return HF_strncasecmp(s1, s2, (size_t)len, RET_CALL_CHAIN); + return HF_strncasecmp(s1, s2, (size_t)len, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(const char*, xmlStrstr, const char* haystack, const char* needle) { @@ -344,7 +359,7 @@ HF_WEAK_WRAP(const char*, xmlStrstr, const char* haystack, const char* needle) { if (needle == NULL) { return NULL; } - return HF_strstr(haystack, needle, RET_CALL_CHAIN); + return HF_strstr(haystack, needle, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(const char*, xmlStrcasestr, const char* haystack, const char* needle) { @@ -354,14 +369,14 @@ HF_WEAK_WRAP(const char*, xmlStrcasestr, const char* haystack, const char* needl if (needle == NULL) { return NULL; } - return HF_strcasestr(haystack, needle, RET_CALL_CHAIN); + return HF_strcasestr(haystack, needle, (uintptr_t)__builtin_return_address(0)); } /* * Samba wrappers */ HF_WEAK_WRAP(int, memcmp_const_time, const void* s1, const void* s2, size_t n) { - return HF_memcmp(s1, s2, n, RET_CALL_CHAIN); + return HF_memcmp(s1, s2, n, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(bool, strcsequal, const void* s1, const void* s2) { @@ -371,5 +386,5 @@ HF_WEAK_WRAP(bool, strcsequal, const void* s1, const void* s2) { if (!s1 || !s2) { return false; } - return (HF_strcmp(s1, s2, RET_CALL_CHAIN) == 0); + return (HF_strcmp(s1, s2, (uintptr_t)__builtin_return_address(0)) == 0); } diff --git a/mangle.c b/mangle.c index aac9d805..667bb22e 100644 --- a/mangle.c +++ b/mangle.c @@ -409,26 +409,26 @@ static void mangle_CmpFeedback(run_t* run, bool printable) { if (!run->global->feedback.cmpFeedback) { return mangle_Magic(run, printable); } - uint32_t len = ATOMIC_GET(run->global->feedback.cmpFeedbackMap->intCnt); + uint32_t len = ATOMIC_GET(run->global->feedback.cmpFeedbackMap->cnt); if (len == 0) { return mangle_Magic(run, printable); } - if (len > ARRAYSIZE(run->global->feedback.cmpFeedbackMap->intArr)) { - len = ARRAYSIZE(run->global->feedback.cmpFeedbackMap->intArr); + if (len > ARRAYSIZE(run->global->feedback.cmpFeedbackMap->valArr)) { + len = ARRAYSIZE(run->global->feedback.cmpFeedbackMap->valArr); } size_t off = util_rndGet(0, run->dynamicFileSz - 1); uint32_t choice = util_rndGet(0, len - 1); - if (run->global->feedback.cmpFeedbackMap->intArr[choice].len == 0) { + if (run->global->feedback.cmpFeedbackMap->valArr[choice].len == 0) { return mangle_Magic(run, printable); } - mangle_Overwrite(run, run->global->feedback.cmpFeedbackMap->intArr[choice].val, off, - run->global->feedback.cmpFeedbackMap->intArr[choice].len); + mangle_Overwrite(run, run->global->feedback.cmpFeedbackMap->valArr[choice].val, off, + run->global->feedback.cmpFeedbackMap->valArr[choice].len); if (printable) { util_turnToPrintable( - &run->dynamicFile[off], run->global->feedback.cmpFeedbackMap->intArr[choice].len); + &run->dynamicFile[off], run->global->feedback.cmpFeedbackMap->valArr[choice].len); } } -- cgit v1.2.3 From 135b57d60a77f1f92008e78f51f7936df358fabd Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 26 Feb 2020 23:50:52 +0100 Subject: libhfuzz/memorycmp: add declarations for __builtin_str(n)cmp --- libhfuzz/memorycmp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 94f709c3..c4366327 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -12,6 +12,9 @@ __attribute__((visibility("default"))) __attribute__((used)) const char* const LIBHFUZZ_module_memorycmp = "LIBHFUZZ_module_memorycmp"; +extern size_t __builtin_strlen(const char *s); +extern size_t __builtin_strnlen(const char *s, size_t maxlen); + static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { size_t i; for (i = 0; s1[i] == s2[i]; i++) { -- cgit v1.2.3 From 981150945bc6bd1a52772e5176d3f005b8f50676 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 26 Feb 2020 23:56:29 +0100 Subject: honggfuzz: set size of cmpFeedback strings to 32bytes max --- honggfuzz.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/honggfuzz.h b/honggfuzz.h index 0f7539bc..c6ac8da1 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -189,7 +189,7 @@ typedef struct { typedef struct { uint32_t cnt; struct { - uint8_t val[16]; + uint8_t val[32]; uint32_t len; } valArr[4096]; } cmpfeedback_t; -- cgit v1.2.3 From 2133f6780b0afb0c53147fec0e3f330cc03d333d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 27 Feb 2020 00:04:29 +0100 Subject: mangle: function name change --- mangle.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mangle.c b/mangle.c index 667bb22e..a651c931 100644 --- a/mangle.c +++ b/mangle.c @@ -405,7 +405,7 @@ static void mangle_Magic(run_t* run, bool printable) { } } -static void mangle_CmpFeedback(run_t* run, bool printable) { +static void mangle_ConstCmpFeedback(run_t* run, bool printable) { if (!run->global->feedback.cmpFeedback) { return mangle_Magic(run, printable); } @@ -644,7 +644,7 @@ void mangle_mangleContent(run_t* run) { mangle_Bit, mangle_Bytes, mangle_Magic, - mangle_CmpFeedback, + mangle_ConstCmpFeedback, mangle_IncByte, mangle_DecByte, mangle_NegByte, -- cgit v1.2.3 From 96de1be04c71e980362e8440035f4f764202a12e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 27 Feb 2020 00:10:55 +0100 Subject: libhfuzz: avoid __builtin_strnlen as it's not defined with some platforms --- libhfuzz/memorycmp.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index c4366327..b89c63fa 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -12,8 +12,8 @@ __attribute__((visibility("default"))) __attribute__((used)) const char* const LIBHFUZZ_module_memorycmp = "LIBHFUZZ_module_memorycmp"; -extern size_t __builtin_strlen(const char *s); -extern size_t __builtin_strnlen(const char *s, size_t maxlen); +extern size_t strlen(const char *s); +extern size_t strnlen(const char *s, size_t maxlen); static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { size_t i; @@ -23,8 +23,8 @@ static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { } } instrumentUpdateCmpMap(addr, i); - instrumentAddConstMem(s1, __builtin_strlen(s1), /* check_if_ro= */ true); - instrumentAddConstMem(s2, __builtin_strlen(s2), /* check_if_ro= */ true); + instrumentAddConstMem(s1, strlen(s1), /* check_if_ro= */ true); + instrumentAddConstMem(s2, strlen(s2), /* check_if_ro= */ true); return ((unsigned char)s1[i] - (unsigned char)s2[i]); } @@ -36,8 +36,8 @@ static inline int HF_strcasecmp(const char* s1, const char* s2, uintptr_t addr) } } instrumentUpdateCmpMap(addr, i); - instrumentAddConstMem(s1, __builtin_strlen(s1), /* check_if_ro= */ true); - instrumentAddConstMem(s2, __builtin_strlen(s2), /* check_if_ro= */ true); + instrumentAddConstMem(s1, strlen(s1), /* check_if_ro= */ true); + instrumentAddConstMem(s2, strlen(s2), /* check_if_ro= */ true); return (tolower((unsigned char)s1[i]) - tolower((unsigned char)s2[i])); } @@ -50,8 +50,8 @@ static inline int HF_strncmp(const char* s1, const char* s2, size_t n, uintptr_t } instrumentUpdateCmpMap(addr, i); - instrumentAddConstMem(s1, __builtin_strnlen(s1, n), /* check_if_ro= */ true); - instrumentAddConstMem(s2, __builtin_strnlen(s2, n), /* check_if_ro= */ true); + instrumentAddConstMem(s1, strnlen(s1, n), /* check_if_ro= */ true); + instrumentAddConstMem(s2, strnlen(s2, n), /* check_if_ro= */ true); if (i == n) { return 0; } @@ -68,8 +68,8 @@ static inline int HF_strncasecmp(const char* s1, const char* s2, size_t n, uintp } instrumentUpdateCmpMap(addr, i); - instrumentAddConstMem(s1, __builtin_strnlen(s1, n), /* check_if_ro= */ true); - instrumentAddConstMem(s2, __builtin_strnlen(s2, n), /* check_if_ro= */ true); + instrumentAddConstMem(s1, strnlen(s1, n), /* check_if_ro= */ true); + instrumentAddConstMem(s2, strnlen(s2, n), /* check_if_ro= */ true); if (i == n) { return 0; @@ -78,7 +78,7 @@ static inline int HF_strncasecmp(const char* s1, const char* s2, size_t n, uintp } static inline char* HF_strstr(const char* haystack, const char* needle, uintptr_t addr) { - size_t needle_len = __builtin_strlen(needle); + size_t needle_len = strlen(needle); if (needle_len == 0) { return (char*)haystack; } @@ -93,7 +93,7 @@ static inline char* HF_strstr(const char* haystack, const char* needle, uintptr_ } static inline char* HF_strcasestr(const char* haystack, const char* needle, uintptr_t addr) { - size_t needle_len = __builtin_strlen(needle); + size_t needle_len = strlen(needle); for (size_t i = 0; haystack[i]; i++) { if (HF_strncasecmp(&haystack[i], needle, needle_len, addr) == 0) { return (char*)(&haystack[i]); @@ -144,7 +144,7 @@ static inline void* HF_memmem(const void* haystack, size_t haystacklen, const vo } static inline char* HF_strcpy(char* dest, const char* src, uintptr_t addr) { - size_t len = __builtin_strlen(src); + size_t len = strlen(src); if (len > 0) { uint32_t level = (sizeof(len) * 8) - __builtin_clzl(len); instrumentUpdateCmpMap(addr, level); -- cgit v1.2.3 From 4df0e52b4a273c7cac55d68510a7f9537cbc32d4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 27 Feb 2020 00:12:15 +0100 Subject: mangle: don't return with function returning void --- libhfuzz/memorycmp.c | 4 +--- mangle.c | 9 ++++++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index b89c63fa..b18c2fc6 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -3,6 +3,7 @@ #include #include #include +#include #include #include "libhfcommon/common.h" @@ -12,9 +13,6 @@ __attribute__((visibility("default"))) __attribute__((used)) const char* const LIBHFUZZ_module_memorycmp = "LIBHFUZZ_module_memorycmp"; -extern size_t strlen(const char *s); -extern size_t strnlen(const char *s, size_t maxlen); - static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { size_t i; for (i = 0; s1[i] == s2[i]; i++) { diff --git a/mangle.c b/mangle.c index a651c931..311445e3 100644 --- a/mangle.c +++ b/mangle.c @@ -407,11 +407,13 @@ static void mangle_Magic(run_t* run, bool printable) { static void mangle_ConstCmpFeedback(run_t* run, bool printable) { if (!run->global->feedback.cmpFeedback) { - return mangle_Magic(run, printable); + mangle_Magic(run, printable); + return; } uint32_t len = ATOMIC_GET(run->global->feedback.cmpFeedbackMap->cnt); if (len == 0) { - return mangle_Magic(run, printable); + mangle_Magic(run, printable); + return; } if (len > ARRAYSIZE(run->global->feedback.cmpFeedbackMap->valArr)) { len = ARRAYSIZE(run->global->feedback.cmpFeedbackMap->valArr); @@ -420,7 +422,8 @@ static void mangle_ConstCmpFeedback(run_t* run, bool printable) { size_t off = util_rndGet(0, run->dynamicFileSz - 1); uint32_t choice = util_rndGet(0, len - 1); if (run->global->feedback.cmpFeedbackMap->valArr[choice].len == 0) { - return mangle_Magic(run, printable); + mangle_Magic(run, printable); + return; } mangle_Overwrite(run, run->global->feedback.cmpFeedbackMap->valArr[choice].val, off, -- cgit v1.2.3 From 02f37a6057414289c6ae507bce2106f88f0daa71 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 27 Feb 2020 00:14:17 +0100 Subject: libhfcommon: link.h is not defined with MacOSX --- libhfcommon/util.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index 8fde1a2e..c13080e9 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -27,7 +27,9 @@ #include #include #include +#if !defined(_HF_ARCH_DARWIN) #include +#endif #include #include #include @@ -801,6 +803,7 @@ const char* util_sigName(int signo) { return signame; } +#if !defined(_HF_ARCH_DARWIN) static int addrRO_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { for (size_t i = 0; i < info->dlpi_phnum; i++) { uintptr_t addr_start = info->dlpi_addr + info->dlpi_phdr[i].p_vaddr; @@ -820,3 +823,8 @@ static int addrRO_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void bool util_isAddrRO(const void* addr) { return (dl_iterate_phdr(addrRO_cb, (void*)addr) == 1); } +#else /* !defined(_HF_ARCH_DARWIN) */ +bool util_isAddrRO(const void* addr) { + return false; +} +#endif /* !defined(_HF_ARCH_DARWIN) */ -- cgit v1.2.3 From 775c0b11849722eef18515c504e8d727978ae77a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 27 Feb 2020 01:22:48 +0100 Subject: libhfuzz/memorycmp: instrument memcmp() for constCmpFeedback --- libhfuzz/instrument.c | 11 ++++++++++- libhfuzz/memorycmp.c | 4 +--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index d015708c..d83c1956 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -132,6 +132,15 @@ void instrumentClearNewCov() { covFeedback->pidFeedbackCmp[my_thread_no] = 0U; } +static int _memcmp(const uint8_t* m1, const uint8_t* m2, size_t n) { + for (size_t i = 0; i < n; i++) { + if (m1[i] != m2[i]) { + return (m1[i] - m2[i]); + } + } + return 0; +} + void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { if (!cmpFeedback) { return; @@ -149,7 +158,7 @@ void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { for (uint32_t i = 0; i < curroff; i++) { if ((len == cmpFeedback->valArr[i].len) && - memcmp(cmpFeedback->valArr[i].val, mem, len) == 0) { + _memcmp(cmpFeedback->valArr[i].val, mem, len) == 0) { return; } } diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index b18c2fc6..740b9b1b 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -112,10 +112,8 @@ static inline int HF_memcmp(const void* m1, const void* m2, size_t n, uintptr_t } instrumentUpdateCmpMap(addr, i); -#if 0 /* Enabling this would create a recursion, as instrumentAddConstMem uses memcmp() */ instrumentAddConstMem(m1, n, /* check_if_ro= */ true); - instrumentAddConstMem(m2, n, /* check_if_ro= */ true);A -#endif + instrumentAddConstMem(m2, n, /* check_if_ro= */ true); if (i == n) { return 0; -- cgit v1.2.3 From e0b2c0a66f14fe77f83f0ba85af850d94f93810e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 27 Feb 2020 01:32:55 +0100 Subject: hongfuzz.h: increase cmpMap to 16k entries --- honggfuzz.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/honggfuzz.h b/honggfuzz.h index c6ac8da1..c24161be 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -191,7 +191,7 @@ typedef struct { struct { uint8_t val[32]; uint32_t len; - } valArr[4096]; + } valArr[1024 * 16]; } cmpfeedback_t; typedef struct { -- cgit v1.2.3 From 9e9e990818719521d40211eaef97c1d2f698f66c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 27 Feb 2020 02:07:35 +0100 Subject: mangle: simplify mangle_ConstCmpFeedback --- mangle.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/mangle.c b/mangle.c index 311445e3..734514e9 100644 --- a/mangle.c +++ b/mangle.c @@ -406,32 +406,32 @@ static void mangle_Magic(run_t* run, bool printable) { } static void mangle_ConstCmpFeedback(run_t* run, bool printable) { - if (!run->global->feedback.cmpFeedback) { + cmpfeedback_t* cmpf = run->global->feedback.cmpFeedbackMap; + if (!cmpf) { mangle_Magic(run, printable); return; } - uint32_t len = ATOMIC_GET(run->global->feedback.cmpFeedbackMap->cnt); - if (len == 0) { + + uint32_t cnt = ATOMIC_GET(cmpf->cnt); + if (cnt == 0) { mangle_Magic(run, printable); return; } - if (len > ARRAYSIZE(run->global->feedback.cmpFeedbackMap->valArr)) { - len = ARRAYSIZE(run->global->feedback.cmpFeedbackMap->valArr); + if (cnt > ARRAYSIZE(cmpf->valArr)) { + cnt = ARRAYSIZE(cmpf->valArr); } size_t off = util_rndGet(0, run->dynamicFileSz - 1); - uint32_t choice = util_rndGet(0, len - 1); - if (run->global->feedback.cmpFeedbackMap->valArr[choice].len == 0) { + uint32_t choice = util_rndGet(0, cnt - 1); + if (cmpf->valArr[choice].len == 0) { mangle_Magic(run, printable); return; } - mangle_Overwrite(run, run->global->feedback.cmpFeedbackMap->valArr[choice].val, off, - run->global->feedback.cmpFeedbackMap->valArr[choice].len); + mangle_Overwrite(run, cmpf->valArr[choice].val, off, cmpf->valArr[choice].len); if (printable) { - util_turnToPrintable( - &run->dynamicFile[off], run->global->feedback.cmpFeedbackMap->valArr[choice].len); + util_turnToPrintable(&run->dynamicFile[off], cmpf->valArr[choice].len); } } -- cgit v1.2.3 From b8b299db098b0f8e535ba9ff722d80c060fae0c1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 27 Feb 2020 08:20:27 +0100 Subject: libhfuzz/instrument: sort the __sanitizer_cov_trace_cmp2 funcs --- libhfuzz/instrument.c | 204 +++++++++++++++++++++++++------------------------- 1 file changed, 103 insertions(+), 101 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index d83c1956..61034f53 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -125,13 +125,6 @@ __attribute__((constructor)) void hfuzzInstrumentInit(void) { pthread_once(&localInitOnce, initializeInstrument); } -/* Reset the counters of newly discovered edges/pcs/features */ -void instrumentClearNewCov() { - covFeedback->pidFeedbackPc[my_thread_no] = 0U; - covFeedback->pidFeedbackEdge[my_thread_no] = 0U; - covFeedback->pidFeedbackCmp[my_thread_no] = 0U; -} - static int _memcmp(const uint8_t* m1, const uint8_t* m2, size_t n) { for (size_t i = 0; i < n; i++) { if (m1[i] != m2[i]) { @@ -140,39 +133,6 @@ static int _memcmp(const uint8_t* m1, const uint8_t* m2, size_t n) { } return 0; } - -void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { - if (!cmpFeedback) { - return; - } - if (len > sizeof(cmpFeedback->valArr[0].val)) { - len = sizeof(cmpFeedback->valArr[0].val); - } - uint32_t curroff = ATOMIC_GET(cmpFeedback->cnt); - if (curroff >= ARRAYSIZE(cmpFeedback->valArr)) { - return; - } - if (check_if_ro && !util_isAddrRO(mem)) { - return; - } - - for (uint32_t i = 0; i < curroff; i++) { - if ((len == cmpFeedback->valArr[i].len) && - _memcmp(cmpFeedback->valArr[i].val, mem, len) == 0) { - return; - } - } - - uint32_t newoff = ATOMIC_POST_INC(cmpFeedback->cnt); - if (newoff >= ARRAYSIZE(cmpFeedback->valArr)) { - ATOMIC_SET(cmpFeedback->cnt, ARRAYSIZE(cmpFeedback->valArr)); - return; - } - - memcpy(cmpFeedback->valArr[newoff].val, mem, len); - ATOMIC_SET(cmpFeedback->valArr[newoff].len, len); -} - /* * -finstrument-functions */ @@ -223,19 +183,6 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp1_internal( } } -HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp1(uint8_t Arg1, uint8_t Arg2) { - hfuzz_trace_cmp1_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); -} - -HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_const_cmp1(uint8_t Arg1, uint8_t Arg2) { - /* No need to report back 1 byte comparisons */ - hfuzz_trace_cmp1_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); -} - -HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_cmp1(uintptr_t pc, uint8_t Arg1, uint8_t Arg2) { - hfuzz_trace_cmp1_internal(pc, Arg1, Arg2); -} - HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp2_internal( uintptr_t pc, uint16_t Arg1, uint16_t Arg2) { uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; @@ -247,19 +194,6 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp2_internal( } } -HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { - hfuzz_trace_cmp2_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); -} - -HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_const_cmp2(uint16_t Arg1, uint16_t Arg2) { - instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); - hfuzz_trace_cmp2_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); -} - -HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_cmp2(uintptr_t pc, uint16_t Arg1, uint16_t Arg2) { - hfuzz_trace_cmp2_internal(pc, Arg1, Arg2); -} - HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp4_internal( uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; @@ -271,19 +205,6 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp4_internal( } } -HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { - hfuzz_trace_cmp4_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); -} - -HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_const_cmp4(uint32_t Arg1, uint32_t Arg2) { - instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); - hfuzz_trace_cmp4_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); -} - -HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_cmp4(uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { - hfuzz_trace_cmp4_internal(pc, Arg1, Arg2); -} - HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp8_internal( uintptr_t pc, uint64_t Arg1, uint64_t Arg2) { uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; @@ -295,33 +216,59 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp8_internal( } } -HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { +/* Standard __sanitizer_cov_trace_cmp wrappers */ +void __sanitizer_cov_trace_cmp1(uint8_t Arg1, uint8_t Arg2) { + hfuzz_trace_cmp1_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); +} + +void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { + hfuzz_trace_cmp2_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); +} + +void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { + hfuzz_trace_cmp4_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); +} + +void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { hfuzz_trace_cmp8_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } -HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_const_cmp8(uint64_t Arg1, uint64_t Arg2) { +/* Standard __sanitizer_cov_trace_const_cmp wrappers */ +void __sanitizer_cov_trace_const_cmp1(uint8_t Arg1, uint8_t Arg2) { + /* No need to report back 1 byte comparisons */ + hfuzz_trace_cmp1_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); +} + +void __sanitizer_cov_trace_const_cmp2(uint16_t Arg1, uint16_t Arg2) { + instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); + hfuzz_trace_cmp2_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); +} + +void __sanitizer_cov_trace_const_cmp4(uint32_t Arg1, uint32_t Arg2) { + instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); + hfuzz_trace_cmp4_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); +} + +void __sanitizer_cov_trace_const_cmp8(uint64_t Arg1, uint64_t Arg2) { instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); hfuzz_trace_cmp8_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } -HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_cmp8(uintptr_t pc, uint64_t Arg1, uint64_t Arg2) { - hfuzz_trace_cmp8_internal(pc, Arg1, Arg2); +/* Custom functions for e.g. the qemu-honggfuzz code */ +void hfuzz_trace_cmp1(uintptr_t pc, uint8_t Arg1, uint8_t Arg2) { + hfuzz_trace_cmp1_internal(pc, Arg1, Arg2); } -/* - * Cases[0] is number of comparison entries - * Cases[1] is length of Val in bits - */ -HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t* Cases) { - for (uint64_t i = 0; i < Cases[0]; i++) { - uintptr_t pos = ((uintptr_t)__builtin_return_address(0) + i) % _HF_PERF_BITMAP_SIZE_16M; - uint8_t v = (uint8_t)Cases[1] - __builtin_popcountll(Val ^ Cases[i + 2]); - uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); - if (prev < v) { - ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); - } - } +void hfuzz_trace_cmp2(uintptr_t pc, uint16_t Arg1, uint16_t Arg2) { + hfuzz_trace_cmp2_internal(pc, Arg1, Arg2); +} + +void hfuzz_trace_cmp4(uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { + hfuzz_trace_cmp4_internal(pc, Arg1, Arg2); +} + +void hfuzz_trace_cmp8(uintptr_t pc, uint64_t Arg1, uint64_t Arg2) { + hfuzz_trace_cmp8_internal(pc, Arg1, Arg2); } /* @@ -332,20 +279,36 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp( uint64_t CmpSize = (SizeAndType >> 32) / 8; switch (CmpSize) { case (sizeof(uint8_t)): - __sanitizer_cov_trace_cmp1(Arg1, Arg2); + hfuzz_trace_cmp1_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); return; case (sizeof(uint16_t)): - __sanitizer_cov_trace_cmp2(Arg1, Arg2); + hfuzz_trace_cmp2_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); return; case (sizeof(uint32_t)): - __sanitizer_cov_trace_cmp4(Arg1, Arg2); + hfuzz_trace_cmp4_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); return; case (sizeof(uint64_t)): - __sanitizer_cov_trace_cmp8(Arg1, Arg2); + hfuzz_trace_cmp8_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); return; } } +/* + * Cases[0] is number of comparison entries + * Cases[1] is length of Val in bits + */ +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t* Cases) { + for (uint64_t i = 0; i < Cases[0]; i++) { + uintptr_t pos = ((uintptr_t)__builtin_return_address(0) + i) % _HF_PERF_BITMAP_SIZE_16M; + uint8_t v = (uint8_t)Cases[1] - __builtin_popcountll(Val ^ Cases[i + 2]); + uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); + if (prev < v) { + ATOMIC_SET(covFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + } + } +} + /* * gcc-8 -fsanitize-coverage=trace-cmp trace hooks * TODO: evaluate, whether it makes sense to implement them @@ -489,3 +452,42 @@ bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { } return false; } + +/* Reset the counters of newly discovered edges/pcs/features */ +void instrumentClearNewCov() { + covFeedback->pidFeedbackPc[my_thread_no] = 0U; + covFeedback->pidFeedbackEdge[my_thread_no] = 0U; + covFeedback->pidFeedbackCmp[my_thread_no] = 0U; +} + +void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { + if (!cmpFeedback) { + return; + } + if (len > sizeof(cmpFeedback->valArr[0].val)) { + len = sizeof(cmpFeedback->valArr[0].val); + } + uint32_t curroff = ATOMIC_GET(cmpFeedback->cnt); + if (curroff >= ARRAYSIZE(cmpFeedback->valArr)) { + return; + } + if (check_if_ro && !util_isAddrRO(mem)) { + return; + } + + for (uint32_t i = 0; i < curroff; i++) { + if ((len == cmpFeedback->valArr[i].len) && + _memcmp(cmpFeedback->valArr[i].val, mem, len) == 0) { + return; + } + } + + uint32_t newoff = ATOMIC_POST_INC(cmpFeedback->cnt); + if (newoff >= ARRAYSIZE(cmpFeedback->valArr)) { + ATOMIC_SET(cmpFeedback->cnt, ARRAYSIZE(cmpFeedback->valArr)); + return; + } + + memcpy(cmpFeedback->valArr[newoff].val, mem, len); + ATOMIC_SET(cmpFeedback->valArr[newoff].len, len); +} -- cgit v1.2.3 From 6efa9f61911c0a6ef8bc7c5752e8c44e523eed31 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 27 Feb 2020 15:35:57 +0100 Subject: mangle: better use of atomics --- mangle.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/mangle.c b/mangle.c index 734514e9..b072ceb0 100644 --- a/mangle.c +++ b/mangle.c @@ -406,12 +406,12 @@ static void mangle_Magic(run_t* run, bool printable) { } static void mangle_ConstCmpFeedback(run_t* run, bool printable) { - cmpfeedback_t* cmpf = run->global->feedback.cmpFeedbackMap; - if (!cmpf) { + if (!run->global->feedback.cmpFeedback) { mangle_Magic(run, printable); return; } + cmpfeedback_t* cmpf = run->global->feedback.cmpFeedbackMap; uint32_t cnt = ATOMIC_GET(cmpf->cnt); if (cnt == 0) { mangle_Magic(run, printable); @@ -423,15 +423,16 @@ static void mangle_ConstCmpFeedback(run_t* run, bool printable) { size_t off = util_rndGet(0, run->dynamicFileSz - 1); uint32_t choice = util_rndGet(0, cnt - 1); - if (cmpf->valArr[choice].len == 0) { + uint32_t len = ATOMIC_GET(cmpf->valArr[choice].len); + if (len == 0) { mangle_Magic(run, printable); return; } - mangle_Overwrite(run, cmpf->valArr[choice].val, off, cmpf->valArr[choice].len); + mangle_Overwrite(run, cmpf->valArr[choice].val, off, len); if (printable) { - util_turnToPrintable(&run->dynamicFile[off], cmpf->valArr[choice].len); + util_turnToPrintable(&run->dynamicFile[off], len); } } -- cgit v1.2.3 From edfb1e24dbe5a9ef022bae1f3a2ef3c4b15de4fa Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 29 Feb 2020 02:10:25 +0100 Subject: libhfuzz: newlines --- libhfuzz/memorycmp.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 740b9b1b..2822628b 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -20,9 +20,11 @@ static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { break; } } + instrumentUpdateCmpMap(addr, i); instrumentAddConstMem(s1, strlen(s1), /* check_if_ro= */ true); instrumentAddConstMem(s2, strlen(s2), /* check_if_ro= */ true); + return ((unsigned char)s1[i] - (unsigned char)s2[i]); } @@ -36,6 +38,7 @@ static inline int HF_strcasecmp(const char* s1, const char* s2, uintptr_t addr) instrumentUpdateCmpMap(addr, i); instrumentAddConstMem(s1, strlen(s1), /* check_if_ro= */ true); instrumentAddConstMem(s2, strlen(s2), /* check_if_ro= */ true); + return (tolower((unsigned char)s1[i]) - tolower((unsigned char)s2[i])); } @@ -50,6 +53,7 @@ static inline int HF_strncmp(const char* s1, const char* s2, size_t n, uintptr_t instrumentUpdateCmpMap(addr, i); instrumentAddConstMem(s1, strnlen(s1, n), /* check_if_ro= */ true); instrumentAddConstMem(s2, strnlen(s2, n), /* check_if_ro= */ true); + if (i == n) { return 0; } -- cgit v1.2.3 From fd4bd948c6ea08c749cd5a71128bf9c4ea871f36 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 29 Feb 2020 02:13:57 +0100 Subject: libhfuzz: improve _memcmp --- libhfuzz/instrument.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 61034f53..b6140ee9 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -128,7 +128,7 @@ __attribute__((constructor)) void hfuzzInstrumentInit(void) { static int _memcmp(const uint8_t* m1, const uint8_t* m2, size_t n) { for (size_t i = 0; i < n; i++) { if (m1[i] != m2[i]) { - return (m1[i] - m2[i]); + return ((int)m1[i] - (int)m2[i]); } } return 0; -- cgit v1.2.3 From 58e3156b984394fa0ed272a59534d240651918e3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 1 Mar 2020 02:48:20 +0100 Subject: libhfuzz: always test value with atomics before calling xchg --- libhfcommon/util.h | 11 +++++++---- libhfuzz/instrument.c | 18 +++++++++++------- linux/perf.c | 3 ++- linux/pt.c | 3 +-- 4 files changed, 21 insertions(+), 14 deletions(-) diff --git a/libhfcommon/util.h b/libhfcommon/util.h index 1cc3bc2b..ea13bc6d 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -69,11 +69,14 @@ #define ATOMIC_PRE_INC_RELAXED(x) __atomic_add_fetch(&(x), 1, __ATOMIC_RELAXED) #define ATOMIC_POST_OR_RELAXED(x, y) __atomic_fetch_or(&(x), y, __ATOMIC_RELAXED) -__attribute__((always_inline)) static inline uint8_t ATOMIC_BTS(uint8_t* addr, size_t offset) { - uint8_t oldbit; +__attribute__((always_inline)) static inline bool ATOMIC_BITMAP_SET(uint8_t* addr, size_t offset) { addr += (offset / 8); - oldbit = ATOMIC_POST_OR_RELAXED(*addr, ((uint8_t)1U << (offset % 8))); - return oldbit; + uint8_t mask = (1U << (offset % 8)); + + if (ATOMIC_GET(*addr) & mask) { + return true; + } + return (ATOMIC_POST_OR_RELAXED(*addr, mask) & mask); } extern void* util_Malloc(size_t sz); diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index b6140ee9..36aedd1a 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -139,7 +139,7 @@ static int _memcmp(const uint8_t* m1, const uint8_t* m2, size_t n) { HF_REQUIRE_SSE42_POPCNT void __cyg_profile_func_enter(void* func, void* caller) { register size_t pos = (((uintptr_t)func << 12) | ((uintptr_t)caller & 0xFFF)) & _HF_PERF_BITMAP_BITSZ_MASK; - register uint8_t prev = ATOMIC_BTS(covFeedback->bbMapPc, pos); + register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); } @@ -155,7 +155,8 @@ HF_REQUIRE_SSE42_POPCNT void __cyg_profile_func_exit( */ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_pc_internal(uintptr_t pc) { register uintptr_t ret = pc & _HF_PERF_BITMAP_BITSZ_MASK; - register uint8_t prev = ATOMIC_BTS(covFeedback->bbMapPc, ret); + + register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, ret); if (!prev) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); } @@ -346,12 +347,13 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div4(uint32_t Val) { /* * -fsanitize-coverage=indirect-calls */ + HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_indir(uintptr_t callee) { register size_t pos1 = (uintptr_t)__builtin_return_address(0) << 12; register size_t pos2 = callee & 0xFFF; register size_t pos = (pos1 | pos2) & _HF_PERF_BITMAP_BITSZ_MASK; - register uint8_t prev = ATOMIC_BTS(covFeedback->bbMapPc, pos); + register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); } @@ -367,7 +369,7 @@ __attribute__((weak)) HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_indir_call16( register size_t pos2 = (uintptr_t)callee & 0xFFF; register size_t pos = (pos1 | pos2) & _HF_PERF_BITMAP_BITSZ_MASK; - register uint8_t prev = ATOMIC_BTS(covFeedback->bbMapPc, pos); + register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); } @@ -436,9 +438,11 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { return; } #endif /* defined(__ANDROID__) */ - bool prev = ATOMIC_XCHG(covFeedback->pcGuardMap[*guard], true); - if (prev == false) { - ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackEdge[my_thread_no]); + if (!ATOMIC_GET(covFeedback->pcGuardMap[*guard])) { + bool prev = ATOMIC_XCHG(covFeedback->pcGuardMap[*guard], true); + if (prev == false) { + ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackEdge[my_thread_no]); + } } } diff --git a/linux/perf.c b/linux/perf.c index 6fb0506a..c8eea95b 100644 --- a/linux/perf.c +++ b/linux/perf.c @@ -81,7 +81,8 @@ __attribute__((hot)) static inline void arch_perfBtsCount(run_t* run) { register size_t pos = ((br->from << 12) ^ (br->to & 0xFFF)); pos &= _HF_PERF_BITMAP_BITSZ_MASK; - register uint8_t prev = ATOMIC_BTS(run->global->feedback.covFeedbackMap->bbMapPc, pos); + + register bool prev = ATOMIC_BITMAP_SET(run->global->feedback.covFeedbackMap->bbMapPc, pos); if (!prev) { run->linux.hwCnts.newBBCnt++; } diff --git a/linux/pt.c b/linux/pt.c index 8fcfdfd3..1231687f 100644 --- a/linux/pt.c +++ b/linux/pt.c @@ -123,11 +123,10 @@ __attribute__((hot)) inline static void perf_ptAnalyzePkt(run_t* run, struct pt_ } ip &= _HF_PERF_BITMAP_BITSZ_MASK; - register uint8_t prev = ATOMIC_BTS(run->global->feedback.covFeedbackMap->bbMapPc, ip); + register bool prev = ATOMIC_BITMAP_SET(run->global->feedback.covFeedbackMap->bbMapPc, ip); if (!prev) { run->linux.hwCnts.newBBCnt++; } - return; } void arch_ptAnalyze(run_t* run) { -- cgit v1.2.3 From f3ce969b2396dc11a5e22da0f2cc2c91d73ac1d3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 1 Mar 2020 10:53:24 +0100 Subject: libhfcommon/util: implement LOCK_BTS for x86(-64) specifically --- libhfcommon/util.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libhfcommon/util.h b/libhfcommon/util.h index ea13bc6d..23aecb9b 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -76,7 +76,17 @@ __attribute__((always_inline)) static inline bool ATOMIC_BITMAP_SET(uint8_t* add if (ATOMIC_GET(*addr) & mask) { return true; } + +#if defined(__x86_64__) || defined(__i386__) + bool old; + __asm__ __volatile__("lock bts %2, %0\n\t" + "sbb %1, %1\n\t" + : "+m"(*addr), "=r"(old) + : "Ir"(offset % 8)); + return old; +#else /* defined(__x86_64__) || defined(__i386__) */ return (ATOMIC_POST_OR_RELAXED(*addr, mask) & mask); +#endif /* defined(__x86_64__) || defined(__i386__) */ } extern void* util_Malloc(size_t sz); -- cgit v1.2.3 From 3e0d88be55666ff9897f9b0177bc1cb7b3cad26f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 2 Mar 2020 15:43:20 +0100 Subject: libhfuzz/memorycmp: allow for *cmp() functions to return negative values --- libhfuzz/memorycmp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 2822628b..253d9bf2 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -25,7 +25,7 @@ static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { instrumentAddConstMem(s1, strlen(s1), /* check_if_ro= */ true); instrumentAddConstMem(s2, strlen(s2), /* check_if_ro= */ true); - return ((unsigned char)s1[i] - (unsigned char)s2[i]); + return ((int)s1[i] - (int)s2[i]); } static inline int HF_strcasecmp(const char* s1, const char* s2, uintptr_t addr) { @@ -35,6 +35,7 @@ static inline int HF_strcasecmp(const char* s1, const char* s2, uintptr_t addr) break; } } + instrumentUpdateCmpMap(addr, i); instrumentAddConstMem(s1, strlen(s1), /* check_if_ro= */ true); instrumentAddConstMem(s2, strlen(s2), /* check_if_ro= */ true); @@ -57,7 +58,7 @@ static inline int HF_strncmp(const char* s1, const char* s2, size_t n, uintptr_t if (i == n) { return 0; } - return (unsigned char)s1[i] - (unsigned char)s2[i]; + return ((int)s1[i] - (int)s2[i]); } static inline int HF_strncasecmp(const char* s1, const char* s2, size_t n, uintptr_t addr) { @@ -122,7 +123,7 @@ static inline int HF_memcmp(const void* m1, const void* m2, size_t n, uintptr_t if (i == n) { return 0; } - return ((unsigned char)s1[i] - (unsigned char)s2[i]); + return ((int)s1[i] - (int)s2[i]); } static inline void* HF_memmem(const void* haystack, size_t haystacklen, const void* needle, -- cgit v1.2.3 From b09c6b922383771411745c9084a20d66bdbebdc4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Mar 2020 00:25:58 +0100 Subject: Prepare version 2.1 for release --- README.md | 2 +- honggfuzz.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e0e46afd..bd53669d 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte # Code - * Latest stable version: [2.0](https://github.com/google/honggfuzz/releases) + * Latest stable version: [2.1](https://github.com/google/honggfuzz/releases) * [Changelog](https://github.com/google/honggfuzz/blob/master/CHANGELOG) # Features diff --git a/honggfuzz.h b/honggfuzz.h index c24161be..46d15c5d 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -38,7 +38,7 @@ #include "libhfcommon/util.h" #define PROG_NAME "honggfuzz" -#define PROG_VERSION "2.0" +#define PROG_VERSION "2.1" /* Name of the template which will be replaced with the proper name of the file */ #define _HF_FILE_PLACEHOLDER "___FILE___" -- cgit v1.2.3 From 4b939625610263a41f9edec89b8e24d33330159b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Mar 2020 00:34:04 +0100 Subject: Prepare version 2.1 for release - CHANGELOG --- CHANGELOG | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 1b44b97c..8eefd586 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,14 @@ +2020-03-03 - Version 2.1 + - string/int comparison enabled for targets built with *SAN, but w/o hfuzz-cc + - parallel work made faster by using faster ATOMIC constructs (check first, then update) + - implement --experimental_const_feedback - const string/integer feedback (used as an additional dictionary) + - sanitizer report files are "better"-deleted (i.e. based on PID and not TID) + - new patches for fuzzing added (e.g. for bind-9.16.0/9.15.7) + - buffered output enabled in display.c + - some functions moved from per-arch arch.c to common subproc.c + - compilation under MacOS X 10.15 (Catalina) is now supported + - added suport for bfd/binutils-2.33 + 2019-12-07 - Version 2.0 - Coverage-based corpus minimizer with '-M' - QEmu mode: coverage feedback for Linux binaries -- cgit v1.2.3 From 2d66c385b5d7ef11a2ce0b94c16455850a220466 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Mar 2020 00:35:20 +0100 Subject: Prepare version 2.1 for release - CHANGELOG #2 --- CHANGELOG | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 8eefd586..2ae4ed19 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,13 +1,13 @@ 2020-03-03 - Version 2.1 - string/int comparison enabled for targets built with *SAN, but w/o hfuzz-cc - - parallel work made faster by using faster ATOMIC constructs (check first, then update) - - implement --experimental_const_feedback - const string/integer feedback (used as an additional dictionary) - - sanitizer report files are "better"-deleted (i.e. based on PID and not TID) - - new patches for fuzzing added (e.g. for bind-9.16.0/9.15.7) - - buffered output enabled in display.c - - some functions moved from per-arch arch.c to common subproc.c - - compilation under MacOS X 10.15 (Catalina) is now supported - - added suport for bfd/binutils-2.33 + - Parallel work made faster by using faster ATOMIC constructs (check first, then update) + - Implement --experimental_const_feedback - const string/integer feedback (used as an additional dictionary) + - Sanitizer report files are "better"-deleted (i.e. based on PID and not TID) + - New patches for fuzzing added (e.g. for bind-9.16.0/9.15.7) + - Buffered output enabled in display.c + - Some functions moved from per-arch arch.c to common subproc.c + - Compilation under MacOS X 10.15 (Catalina) is now supported + - Added suport for bfd/binutils-2.33 2019-12-07 - Version 2.0 - Coverage-based corpus minimizer with '-M' -- cgit v1.2.3 From e5efad690abf25e00742f4e0876f1fd56c58ae6f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Mar 2020 02:07:43 +0100 Subject: hfuzz-cc: instrument cmsstrcasecmp --- hfuzz_cc/hfuzz-cc.c | 2 ++ libhfuzz/memorycmp.c | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index a15af694..f6b756c4 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -411,6 +411,8 @@ static int ldMode(int argc, char** argv) { /* Some Samba functions */ args[j++] = "-Wl,--wrap=memcmp_const_time"; args[j++] = "-Wl,--wrap=strcsequal"; + /* LittleCMS wrappers */ + args[j++] = "-Wl,--wrap=cmsstrcasecmp"; #endif /* _HF_ARCH_DARWIN */ /* Pull modules defining the following symbols (if they exist) */ diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 253d9bf2..f3b33469 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -392,3 +392,10 @@ HF_WEAK_WRAP(bool, strcsequal, const void* s1, const void* s2) { } return (HF_strcmp(s1, s2, (uintptr_t)__builtin_return_address(0)) == 0); } + +/* + * LittleCMS wrappers + */ +HF_WEAK_WRAP(int, cmsstrcasecmp, const void* s1, const void* s2) { + return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); +} -- cgit v1.2.3 From 77ea4dc4b499799e20ba33ef5df0152ecd113925 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Mar 2020 15:40:08 +0100 Subject: hfuzz-cc: reference our standard libs twice, to prevent e.g. dynamic libs from providing their own definitions --- hfuzz_cc/hfuzz-cc.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index f6b756c4..0355b888 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -426,16 +426,25 @@ static int ldMode(int argc, char** argv) { args[j++] = "-Wl,-u,LIBHFUZZ_module_memorycmp"; #endif /* _HF_ARCH_DARWIN */ + /* Reference standard honggfuzz libraries first (libhfuzz, libhfcommon and libhfnetdriver) */ + args[j++] = "-Wl,--push-state,-Bsymbolic"; + args[j++] = getLibHFNetDriverPath(); + args[j++] = getLibHFuzzPath(); + args[j++] = getLibHFCommonPath(); + args[j++] = "-Wl,--pop-state"; + for (int i = 1; i < argc; i++) { args[j++] = argv[i]; } - /* Reference standard honggfuzz libraries (libhfuzz and libhfnetdriver) */ + /* Reference standard libs again, in case some symbols are still missing */ + args[j++] = "-Wl,--push-state,-Bsymbolic"; args[j++] = getLibHFNetDriverPath(); args[j++] = getLibHFuzzPath(); args[j++] = getLibHFCommonPath(); + args[j++] = "-Wl,--pop-state"; - /* Needed by the libhfcommon */ + /* Needed by libhfcommon */ args[j++] = "-pthread"; args[j++] = "-ldl"; #if !defined(_HF_ARCH_DARWIN) && !defined(__OpenBSD__) -- cgit v1.2.3 From 3e363b4ce0188de2d48d103ef6d8fe3c195489c7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Mar 2020 18:09:40 +0100 Subject: mangle: spend 2/3 on modifying offset ranges 8kB and smaller --- mangle.c | 68 +++++++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 42 insertions(+), 26 deletions(-) diff --git a/mangle.c b/mangle.c index b072ceb0..0d21c589 100644 --- a/mangle.c +++ b/mangle.c @@ -39,6 +39,26 @@ #include "libhfcommon/log.h" #include "libhfcommon/util.h" +/* Spend at least 2/3 of time on modifying the first 8kB of input */ +static size_t mangle_getOffSet(run_t* run) { + switch (util_rnd64() % 3) { + case 0: + if (run->dynamicFileSz <= 1024) { + break; + } + return util_rndGet(0, 1024); + case 1: + if (run->dynamicFileSz <= 8192) { + break; + } + return util_rndGet(0, 8192); + default: + break; + } + + return util_rndGet(0, run->dynamicFileSz - 1); +} + static inline void mangle_Overwrite(run_t* run, const uint8_t* src, size_t off, size_t sz) { size_t maxToCopy = run->dynamicFileSz - off; if (sz > maxToCopy) { @@ -80,22 +100,20 @@ static void mangle_Inflate(run_t* run, size_t off, size_t len, bool printable) { input_setSize(run, run->dynamicFileSz + len); mangle_Move(run, off, off + len, run->dynamicFileSz); if (printable) { - util_rndBufPrintable(&run->dynamicFile[off], len); - } else { - util_rndBuf(&run->dynamicFile[off], len); + memset(&run->dynamicFile[off], 'A', len); } } static void mangle_MemMove(run_t* run, bool printable HF_ATTR_UNUSED) { - size_t off_from = util_rndGet(0, run->dynamicFileSz - 1); - size_t off_to = util_rndGet(0, run->dynamicFileSz - 1); - size_t len = util_rndGet(0, run->dynamicFileSz); + size_t off_from = mangle_getOffSet(run); + size_t off_to = mangle_getOffSet(run); + size_t len = mangle_getOffSet(run); mangle_Move(run, off_from, off_to, len); } static void mangle_Bytes(run_t* run, bool printable) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + size_t off = mangle_getOffSet(run); uint64_t buf; if (printable) { @@ -110,7 +128,7 @@ static void mangle_Bytes(run_t* run, bool printable) { } static void mangle_Bit(run_t* run, bool printable) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + size_t off = mangle_getOffSet(run); run->dynamicFile[off] ^= (uint8_t)(1U << util_rndGet(0, 7)); if (printable) { util_turnToPrintable(&(run->dynamicFile[off]), 1); @@ -124,7 +142,7 @@ static void mangle_DictionaryInsertNoCheck(run_t* run, bool printable) { str = TAILQ_NEXT(str, pointers); } - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + size_t off = mangle_getOffSet(run); mangle_Inflate(run, off, str->len, printable); mangle_Overwrite(run, (uint8_t*)str->s, off, str->len); } @@ -138,7 +156,7 @@ static void mangle_DictionaryInsert(run_t* run, bool printable) { } static void mangle_DictionaryNoCheck(run_t* run) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + size_t off = mangle_getOffSet(run); uint64_t choice = util_rndGet(0, run->global->mutate.dictionaryCnt - 1); struct strings_t* str = TAILQ_FIRST(&run->global->mutate.dictq); @@ -396,7 +414,7 @@ static void mangle_Magic(run_t* run, bool printable) { {"\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, }; - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + size_t off = mangle_getOffSet(run); uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicVals) - 1); mangle_Overwrite(run, mangleMagicVals[choice].val, off, mangleMagicVals[choice].size); @@ -421,7 +439,7 @@ static void mangle_ConstCmpFeedback(run_t* run, bool printable) { cnt = ARRAYSIZE(cmpf->valArr); } - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + size_t off = mangle_getOffSet(run); uint32_t choice = util_rndGet(0, cnt - 1); uint32_t len = ATOMIC_GET(cmpf->valArr[choice].len); if (len == 0) { @@ -437,7 +455,7 @@ static void mangle_ConstCmpFeedback(run_t* run, bool printable) { } static void mangle_MemSetWithVal(run_t* run, int val) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + size_t off = mangle_getOffSet(run); size_t sz = util_rndGet(1, run->dynamicFileSz - off); memset(&run->dynamicFile[off], val, sz); @@ -449,7 +467,7 @@ static void mangle_MemSet(run_t* run, bool printable) { } static void mangle_Random(run_t* run, bool printable) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + size_t off = mangle_getOffSet(run); size_t len = util_rndGet(1, run->dynamicFileSz - off); if (printable) { util_rndBufPrintable(&run->dynamicFile[off], len); @@ -521,7 +539,7 @@ static void mangle_AddSubWithRange(run_t* run, size_t off, uint64_t varLen) { } static void mangle_AddSub(run_t* run, bool printable) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + size_t off = mangle_getOffSet(run); /* 1,2,4,8 */ uint64_t varLen = 1U << util_rndGet(0, 3); @@ -536,7 +554,7 @@ static void mangle_AddSub(run_t* run, bool printable) { } static void mangle_IncByte(run_t* run, bool printable) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + size_t off = mangle_getOffSet(run); if (printable) { run->dynamicFile[off] = (run->dynamicFile[off] - 32 + 1) % 95 + 32; } else { @@ -545,7 +563,7 @@ static void mangle_IncByte(run_t* run, bool printable) { } static void mangle_DecByte(run_t* run, bool printable) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + size_t off = mangle_getOffSet(run); if (printable) { run->dynamicFile[off] = (run->dynamicFile[off] - 32 + 94) % 95 + 32; } else { @@ -554,7 +572,7 @@ static void mangle_DecByte(run_t* run, bool printable) { } static void mangle_NegByte(run_t* run, bool printable) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + size_t off = mangle_getOffSet(run); if (printable) { run->dynamicFile[off] = 94 - (run->dynamicFile[off] - 32) + 32; } else { @@ -563,8 +581,8 @@ static void mangle_NegByte(run_t* run, bool printable) { } static void mangle_CloneByte(run_t* run, bool printable HF_ATTR_UNUSED) { - size_t off1 = util_rndGet(0, run->dynamicFileSz - 1); - size_t off2 = util_rndGet(0, run->dynamicFileSz - 1); + size_t off1 = mangle_getOffSet(run); + size_t off2 = mangle_getOffSet(run); uint8_t tmp = run->dynamicFile[off1]; run->dynamicFile[off1] = run->dynamicFile[off2]; @@ -572,7 +590,7 @@ static void mangle_CloneByte(run_t* run, bool printable HF_ATTR_UNUSED) { } static void mangle_Expand(run_t* run, bool printable) { - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + size_t off = mangle_getOffSet(run); size_t len = util_rndGet(1, run->dynamicFileSz - off); mangle_Inflate(run, off, len, printable); @@ -583,7 +601,7 @@ static void mangle_Shrink(run_t* run, bool printable HF_ATTR_UNUSED) { return; } - size_t len = util_rndGet(1, run->dynamicFileSz - 1); + size_t len = mangle_getOffSet(run); size_t off = util_rndGet(0, len); input_setSize(run, run->dynamicFileSz - len); @@ -628,9 +646,7 @@ static void mangle_Resize(run_t* run, bool printable) { input_setSize(run, (size_t)newsz); if (newsz > oldsz) { if (printable) { - util_rndBufPrintable(&run->dynamicFile[oldsz], newsz - oldsz); - } else { - util_rndBuf(&run->dynamicFile[oldsz], newsz - oldsz); + memset(&run->dynamicFile[oldsz], 'A', newsz - oldsz); } } } @@ -638,7 +654,7 @@ static void mangle_Resize(run_t* run, bool printable) { static void mangle_ASCIIVal(run_t* run, bool printable HF_ATTR_UNUSED) { char buf[32]; snprintf(buf, sizeof(buf), "%" PRId64, (int64_t)util_rnd64()); - size_t off = util_rndGet(0, run->dynamicFileSz - 1); + size_t off = mangle_getOffSet(run); mangle_Overwrite(run, (uint8_t*)buf, off, strlen(buf)); } -- cgit v1.2.3 From dbd2d05b7e4a871be7cb40116f957dc723f7cdd3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Mar 2020 22:55:21 +0100 Subject: fuzz: read input files in smaller chunks in the dynamic_dry_mode, to limit size of input files needed --- cmdline.c | 10 ++++--- display.c | 2 +- fuzz.c | 14 +++++++-- honggfuzz.h | 8 +++++- input.c | 83 +++++++++++++++++++++++++++++++++++++----------------- libhfcommon/util.h | 3 ++ mangle.c | 14 ++++----- 7 files changed, 93 insertions(+), 41 deletions(-) diff --git a/cmdline.c b/cmdline.c index 939df08b..f243c845 100644 --- a/cmdline.c +++ b/cmdline.c @@ -254,8 +254,8 @@ static bool cmdlineVerify(honggfuzz_t* hfuzz) { LOG_I("Verifier enabled with mutationsPerRun == 0, activating the dry run mode"); } - if (hfuzz->mutate.maxFileSz > _HF_INPUT_MAX_SIZE) { - LOG_E("Maximum file size '%zu' bigger than the maximum size '%zu'", hfuzz->mutate.maxFileSz, + if (hfuzz->io.maxFileSz > _HF_INPUT_MAX_SIZE) { + LOG_E("Maximum file size '%zu' bigger than the maximum size '%zu'", hfuzz->io.maxFileSz, (size_t)_HF_INPUT_MAX_SIZE); return false; } @@ -283,12 +283,14 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .inputDirPtr = NULL, .fileCnt = 0, .fileCntDone = false, + .maxFileSz = 0, .newUnitsAdded = 0, .fileExtn = "fuzz", .workDir = {}, .crashDir = NULL, .covDirNew = NULL, .saveUnique = true, + .dynfileqMaxSz = 0U, .dynfileqCnt = 0U, .dynfileq_mutex = PTHREAD_RWLOCK_INITIALIZER, .dynfileqCurrent = NULL, @@ -328,7 +330,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .dictionaryFile = NULL, .dictionaryCnt = 0, .mutationsPerRun = 6U, - .maxFileSz = 0UL, + .maxInputSz = 0, }, .display = { @@ -604,7 +606,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { hfuzz->cfg.minimize = true; break; case 'F': - hfuzz->mutate.maxFileSz = strtoul(optarg, NULL, 0); + hfuzz->io.maxFileSz = strtoul(optarg, NULL, 0); break; case 't': hfuzz->timing.tmOut = atol(optarg); diff --git a/display.c b/display.c index f86c0ecc..7e08603e 100644 --- a/display.c +++ b/display.c @@ -270,7 +270,7 @@ void display_display(honggfuzz_t* hfuzz) { display_put(" Corpus Size : " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET ", max: " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET " bytes, init: " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET " files\n", - hfuzz->io.dynfileqCnt, hfuzz->mutate.maxFileSz, ATOMIC_GET(hfuzz->io.fileCnt)); + hfuzz->io.dynfileqCnt, hfuzz->mutate.maxInputSz, ATOMIC_GET(hfuzz->io.fileCnt)); display_put(" Cov Update : " ESC_BOLD "%s" ESC_RESET " ago\n" ESC_RESET, lastCovStr); display_put(" Coverage :"); diff --git a/fuzz.c b/fuzz.c index 02714200..ab1a20ea 100644 --- a/fuzz.c +++ b/fuzz.c @@ -131,6 +131,16 @@ static void fuzz_setDynamicMainState(run_t* run) { /* cov */ (uint64_t[4]){0, 0, 0, 0}, /* path= */ "[DYNAMIC]"); } snprintf(run->origFileName, sizeof(run->origFileName), "[DYNAMIC]"); + + if (run->global->io.maxFileSz == 0 && run->global->mutate.maxInputSz > _HF_INPUT_DEFAULT_SIZE) { + size_t newsz = (run->global->io.dynfileqMaxSz >= _HF_INPUT_DEFAULT_SIZE) + ? run->global->io.dynfileqMaxSz + : _HF_INPUT_DEFAULT_SIZE; + LOG_I("Setting maximum input size to %zu bytes (previously %zu bytes)", newsz, + run->global->mutate.maxInputSz); + run->global->mutate.maxInputSz = newsz; + } + LOG_I("Entering phase 3/3: Dynamic Main (Feedback Driven Mode)"); ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MAIN); } @@ -493,9 +503,9 @@ static void* fuzz_threadNew(void* arg) { /* Do not try to handle input files with socketfuzzer */ if (!hfuzz->socketFuzzer.enabled) { - if (!(run.dynamicFile = files_mapSharedMem(hfuzz->mutate.maxFileSz, &run.dynamicFileFd, + if (!(run.dynamicFile = files_mapSharedMem(hfuzz->mutate.maxInputSz, &run.dynamicFileFd, "hf-input", /* nocore= */ true, /* export= */ false))) { - LOG_F("Couldn't create an input file of size: %zu", hfuzz->mutate.maxFileSz); + LOG_F("Couldn't create an input file of size: %zu", hfuzz->mutate.maxInputSz); } } defer { diff --git a/honggfuzz.h b/honggfuzz.h index 46d15c5d..aecd4b5f 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -73,6 +73,9 @@ /* Maximum size of the input file in bytes (128 MiB) */ #define _HF_INPUT_MAX_SIZE (1024ULL * 1024ULL * 128ULL) +/* Default maximum size of produced inputs */ +#define _HF_INPUT_DEFAULT_SIZE (1024ULL * 8) + /* FD used to report back used int/str constants from the fuzzed process */ #define _HF_CMP_BITMAP_FD 1019 /* FD used to log inside the child process */ @@ -210,11 +213,13 @@ typedef struct { size_t fileCnt; const char* fileExtn; bool fileCntDone; + size_t maxFileSz; size_t newUnitsAdded; char workDir[PATH_MAX]; const char* crashDir; const char* covDirNew; bool saveUnique; + size_t dynfileqMaxSz; size_t dynfileqCnt; pthread_rwlock_t dynfileq_mutex; struct dynfile_t* dynfileqCurrent; @@ -255,7 +260,7 @@ typedef struct { size_t dictionaryCnt; size_t mutationsMax; unsigned mutationsPerRun; - size_t maxFileSz; + size_t maxInputSz; } mutate; struct { bool useScreen; @@ -354,6 +359,7 @@ typedef struct { unsigned mutationsPerRun; uint8_t* dynamicFile; size_t dynamicFileSz; + bool staticFileTryMore; int dynamicFileFd; uint32_t fuzzNo; int persistentSock; diff --git a/input.c b/input.c index fb782854..96e1540c 100644 --- a/input.c +++ b/input.c @@ -49,8 +49,8 @@ void input_setSize(run_t* run, size_t sz) { if (run->dynamicFileSz == sz) { return; } - if (sz > run->global->mutate.maxFileSz) { - PLOG_F("Too large size requested: %zu > maxSize: %zu", sz, run->global->mutate.maxFileSz); + if (sz > run->global->mutate.maxInputSz) { + PLOG_F("Too large size requested: %zu > maxSize: %zu", sz, run->global->mutate.maxInputSz); } /* ftruncate of a mmaped file fails under CygWin, it's also painfully slow under MacOS X */ #if !defined(__CYGWIN__) && !defined(_HF_ARCH_DARWIN) @@ -64,7 +64,6 @@ void input_setSize(run_t* run, size_t sz) { static bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) { rewinddir(hfuzz->io.inputDirPtr); - size_t maxSize = 0U; size_t fileCnt = 0U; for (;;) { errno = 0; @@ -94,33 +93,32 @@ static bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) { LOG_D("'%s' is not a regular file, skipping", path); continue; } - if (hfuzz->mutate.maxFileSz != 0UL && st.st_size > (off_t)hfuzz->mutate.maxFileSz) { - LOG_D("File '%s' is bigger than maximal defined file size (-F): %" PRId64 " > %" PRId64, - path, (int64_t)st.st_size, (int64_t)hfuzz->mutate.maxFileSz); + if (hfuzz->io.maxFileSz && st.st_size > (off_t)hfuzz->io.maxFileSz) { + LOG_D("File '%s' is bigger than maximal defined file size (-F): %" PRIu64 " > %zu", + path, (uint64_t)st.st_size, (uint64_t)hfuzz->io.maxFileSz); } - if ((size_t)st.st_size > maxSize) { - maxSize = st.st_size; + if ((size_t)st.st_size > hfuzz->mutate.maxInputSz) { + hfuzz->mutate.maxInputSz = st.st_size; } fileCnt++; } ATOMIC_SET(hfuzz->io.fileCnt, fileCnt); - if (hfuzz->mutate.maxFileSz == 0U) { - if (maxSize < 8192) { - hfuzz->mutate.maxFileSz = 8192; - } else if (maxSize > _HF_INPUT_MAX_SIZE) { - hfuzz->mutate.maxFileSz = _HF_INPUT_MAX_SIZE; - } else { - hfuzz->mutate.maxFileSz = maxSize; - } + if (hfuzz->io.maxFileSz) { + hfuzz->mutate.maxInputSz = hfuzz->io.maxFileSz; + } + if (hfuzz->mutate.maxInputSz < _HF_INPUT_DEFAULT_SIZE) { + hfuzz->mutate.maxInputSz = _HF_INPUT_DEFAULT_SIZE; + } else if (hfuzz->mutate.maxInputSz > _HF_INPUT_MAX_SIZE) { + hfuzz->mutate.maxInputSz = _HF_INPUT_MAX_SIZE; } if (hfuzz->io.fileCnt == 0U) { LOG_W("No usable files in the input directory '%s'", hfuzz->io.inputDir); } - LOG_D("Analyzed '%s' directory: maxFileSz:%zu, number of usable files:%zu", hfuzz->io.inputDir, - hfuzz->mutate.maxFileSz, hfuzz->io.fileCnt); + LOG_D("Analyzed '%s' directory: maxInputSz:%zu, number of usable files:%zu", hfuzz->io.inputDir, + hfuzz->mutate.maxInputSz, hfuzz->io.fileCnt); rewinddir(hfuzz->io.inputDirPtr); @@ -386,6 +384,7 @@ void input_addDynamicInput( TAILQ_INSERT_TAIL(&hfuzz->io.dynfileq, dynfile, pointers); } hfuzz->io.dynfileqCnt++; + hfuzz->io.dynfileqMaxSz = HF_MAX(hfuzz->io.dynfileqMaxSz, len); if (hfuzz->socketFuzzer.enabled) { /* Don't add coverage data to files in socketFuzzer mode */ @@ -440,22 +439,54 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { return true; } +static bool input_readNewFileOrRepeat(run_t* run) { + if (fuzz_getState(run->global) != _HF_STATE_DYNAMIC_DRY_RUN || run->global->cfg.minimize) { + input_setSize(run, run->global->mutate.maxInputSz); + return true; + } + + if (!run->staticFileTryMore) { + run->staticFileTryMore = true; + input_setSize(run, HF_MIN(1024U, run->global->mutate.maxInputSz)); + return true; + } + + /* Don't read a new file, but increase size of a current file by 2 */ + size_t newsz = run->dynamicFileSz * 2; + if (newsz >= run->global->mutate.maxInputSz) { + /* That's the largest size for this file that will be used */ + newsz = run->global->mutate.maxInputSz; + run->staticFileTryMore = false; + } + + input_setSize(run, newsz); + return false; +} + bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { - if (!input_getNext(run, run->origFileName, /* rewind= */ rewind)) { - return false; + if (input_readNewFileOrRepeat(run)) { + if (!input_getNext(run, run->origFileName, /* rewind= */ rewind)) { + return false; + } } - input_setSize(run, run->global->mutate.maxFileSz); char path[PATH_MAX]; snprintf(path, sizeof(path), "%s/%s", run->global->io.inputDir, run->origFileName); - ssize_t fileSz = files_readFileToBufMax(path, run->dynamicFile, run->global->mutate.maxFileSz); + LOG_D("Will read up to %zu bytes from '%s'", run->dynamicFileSz, path); + ssize_t fileSz = files_readFileToBufMax(path, run->dynamicFile, run->dynamicFileSz); if (fileSz < 0) { LOG_E("Couldn't read contents of '%s'", path); return false; } + if ((size_t)fileSz < run->dynamicFileSz) { + /* The file is smaller than the requested size, no need to re-read it anymore */ + run->staticFileTryMore = false; + } + input_setSize(run, fileSz); + if (needs_mangle) { mangle_mangleContent(run); } @@ -493,8 +524,8 @@ bool input_prepareExternalFile(run_t* run) { } LOG_D("Subporcess '%s' finished with success", run->global->exe.externalCommand); - input_setSize(run, run->global->mutate.maxFileSz); - ssize_t sz = files_readFromFdSeek(fd, run->dynamicFile, run->global->mutate.maxFileSz, 0); + input_setSize(run, run->global->mutate.maxInputSz); + ssize_t sz = files_readFromFdSeek(fd, run->dynamicFile, run->global->mutate.maxInputSz, 0); if (sz == -1) { LOG_E("Couldn't read file from fd=%d", fd); return false; @@ -525,8 +556,8 @@ bool input_postProcessFile(run_t* run, const char* cmd) { } LOG_D("Subporcess '%s' finished with success", cmd); - input_setSize(run, run->global->mutate.maxFileSz); - ssize_t sz = files_readFromFdSeek(fd, run->dynamicFile, run->global->mutate.maxFileSz, 0); + input_setSize(run, run->global->mutate.maxInputSz); + ssize_t sz = files_readFromFdSeek(fd, run->dynamicFile, run->global->mutate.maxInputSz, 0); if (sz == -1) { LOG_E("Couldn't read file from fd=%d", fd); return false; diff --git a/libhfcommon/util.h b/libhfcommon/util.h index 23aecb9b..e59b3f25 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -89,6 +89,9 @@ __attribute__((always_inline)) static inline bool ATOMIC_BITMAP_SET(uint8_t* add #endif /* defined(__x86_64__) || defined(__i386__) */ } +#define HF_MAX(x, y) ((x > y) ? x : y) +#define HF_MIN(x, y) ((x < y) ? x : y) + extern void* util_Malloc(size_t sz); extern void* util_Calloc(size_t sz); diff --git a/mangle.c b/mangle.c index 0d21c589..19081445 100644 --- a/mangle.c +++ b/mangle.c @@ -40,7 +40,7 @@ #include "libhfcommon/util.h" /* Spend at least 2/3 of time on modifying the first 8kB of input */ -static size_t mangle_getOffSet(run_t* run) { +static inline size_t mangle_getOffSet(run_t* run) { switch (util_rnd64() % 3) { case 0: if (run->dynamicFileSz <= 1024) { @@ -90,11 +90,11 @@ static inline void mangle_Move(run_t* run, size_t off_from, size_t off_to, size_ } static void mangle_Inflate(run_t* run, size_t off, size_t len, bool printable) { - if (run->dynamicFileSz >= run->global->mutate.maxFileSz) { + if (run->dynamicFileSz >= run->global->mutate.maxInputSz) { return; } - if (len > (run->global->mutate.maxFileSz - run->dynamicFileSz)) { - len = run->global->mutate.maxFileSz - run->dynamicFileSz; + if (len > (run->global->mutate.maxInputSz - run->dynamicFileSz)) { + len = run->global->mutate.maxInputSz - run->dynamicFileSz; } input_setSize(run, run->dynamicFileSz + len); @@ -618,7 +618,7 @@ static void mangle_Resize(run_t* run, bool printable) { newsz = oldsz; break; case 8: /* Set new size arbitrarily */ - newsz = (ssize_t)util_rndGet(1, run->global->mutate.maxFileSz); + newsz = (ssize_t)util_rndGet(1, run->global->mutate.maxInputSz); break; case 9: /* Increase size by a small value */ newsz = oldsz + (ssize_t)util_rndGet(1, 8); @@ -639,8 +639,8 @@ static void mangle_Resize(run_t* run, bool printable) { if (newsz < 1) { newsz = 1; } - if (newsz > (ssize_t)run->global->mutate.maxFileSz) { - newsz = run->global->mutate.maxFileSz; + if (newsz > (ssize_t)run->global->mutate.maxInputSz) { + newsz = run->global->mutate.maxInputSz; } input_setSize(run, (size_t)newsz); -- cgit v1.2.3 From a9f4dfe523bc5e0fba35b44834071a97a59d636c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 3 Mar 2020 22:57:07 +0100 Subject: input: the size provided by -F always takes precedence --- input.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/input.c b/input.c index 96e1540c..d082336d 100644 --- a/input.c +++ b/input.c @@ -106,8 +106,7 @@ static bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) { ATOMIC_SET(hfuzz->io.fileCnt, fileCnt); if (hfuzz->io.maxFileSz) { hfuzz->mutate.maxInputSz = hfuzz->io.maxFileSz; - } - if (hfuzz->mutate.maxInputSz < _HF_INPUT_DEFAULT_SIZE) { + } else if (hfuzz->mutate.maxInputSz < _HF_INPUT_DEFAULT_SIZE) { hfuzz->mutate.maxInputSz = _HF_INPUT_DEFAULT_SIZE; } else if (hfuzz->mutate.maxInputSz > _HF_INPUT_MAX_SIZE) { hfuzz->mutate.maxInputSz = _HF_INPUT_MAX_SIZE; -- cgit v1.2.3 From 5b58a4055f8443cfcf7d2e383ae44c4b10e6b9cd Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Mar 2020 00:17:41 +0100 Subject: input: start with filesize of 8192 bytes first --- fuzz.c | 4 ++++ input.c | 5 ++--- libhfcommon/files.c | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/fuzz.c b/fuzz.c index ab1a20ea..fc35ccc8 100644 --- a/fuzz.c +++ b/fuzz.c @@ -136,6 +136,10 @@ static void fuzz_setDynamicMainState(run_t* run) { size_t newsz = (run->global->io.dynfileqMaxSz >= _HF_INPUT_DEFAULT_SIZE) ? run->global->io.dynfileqMaxSz : _HF_INPUT_DEFAULT_SIZE; + newsz = (newsz + newsz / 4); /* Add 25% overhead for growth */ + if (newsz > run->global->mutate.maxInputSz) { + newsz = run->global->mutate.maxInputSz; + } LOG_I("Setting maximum input size to %zu bytes (previously %zu bytes)", newsz, run->global->mutate.maxInputSz); run->global->mutate.maxInputSz = newsz; diff --git a/input.c b/input.c index d082336d..edf3d0c8 100644 --- a/input.c +++ b/input.c @@ -446,11 +446,11 @@ static bool input_readNewFileOrRepeat(run_t* run) { if (!run->staticFileTryMore) { run->staticFileTryMore = true; - input_setSize(run, HF_MIN(1024U, run->global->mutate.maxInputSz)); + input_setSize(run, HF_MIN(8192U, run->global->mutate.maxInputSz)); return true; } - /* Don't read a new file, but increase size of a current file by 2 */ + /* Increase size of the current file by 2, and try again */ size_t newsz = run->dynamicFileSz * 2; if (newsz >= run->global->mutate.maxInputSz) { /* That's the largest size for this file that will be used */ @@ -472,7 +472,6 @@ bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { char path[PATH_MAX]; snprintf(path, sizeof(path), "%s/%s", run->global->io.inputDir, run->origFileName); - LOG_D("Will read up to %zu bytes from '%s'", run->dynamicFileSz, path); ssize_t fileSz = files_readFileToBufMax(path, run->dynamicFile, run->dynamicFileSz); if (fileSz < 0) { LOG_E("Couldn't read contents of '%s'", path); diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 076fc41a..8d801ec0 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -64,7 +64,7 @@ ssize_t files_readFileToBufMax(const char* fileName, uint8_t* buf, size_t fileMa } close(fd); - LOG_D("Read '%zu' bytes from '%s'", readSz, fileName); + LOG_D("Read %zu bytes (%zu requested) from '%s'", (size_t)readSz, fileMaxSz, fileName); return readSz; } -- cgit v1.2.3 From 48ad501f4d31eec7b5294609b099594baf117fe4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Mar 2020 02:36:04 +0100 Subject: input: comments + function naming --- input.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/input.c b/input.c index edf3d0c8..8b69935f 100644 --- a/input.c +++ b/input.c @@ -438,7 +438,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { return true; } -static bool input_readNewFileOrRepeat(run_t* run) { +static bool input_shouldReadNewFile(run_t* run) { if (fuzz_getState(run->global) != _HF_STATE_DYNAMIC_DRY_RUN || run->global->cfg.minimize) { input_setSize(run, run->global->mutate.maxInputSz); return true; @@ -446,14 +446,15 @@ static bool input_readNewFileOrRepeat(run_t* run) { if (!run->staticFileTryMore) { run->staticFileTryMore = true; + /* Start with a 8kB beginning of a file, increase the size in following iterations */ input_setSize(run, HF_MIN(8192U, run->global->mutate.maxInputSz)); return true; } - /* Increase size of the current file by 2, and try again */ + /* Increase size of the current file by a factor of 2, and return it instead of a new file */ size_t newsz = run->dynamicFileSz * 2; if (newsz >= run->global->mutate.maxInputSz) { - /* That's the largest size for this file that will be used */ + /* That's the largest size for this specific file that will be ever used */ newsz = run->global->mutate.maxInputSz; run->staticFileTryMore = false; } @@ -463,7 +464,7 @@ static bool input_readNewFileOrRepeat(run_t* run) { } bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { - if (input_readNewFileOrRepeat(run)) { + if (input_shouldReadNewFile(run)) { if (!input_getNext(run, run->origFileName, /* rewind= */ rewind)) { return false; } -- cgit v1.2.3 From af1b7b21dca0bd7ee586c3f17524ee41c855c5a5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Mar 2020 02:58:29 +0100 Subject: hfuzz-cc: don't use -Bsymbolic as this might affect how shared libs are created --- hfuzz_cc/hfuzz-cc.c | 4 ---- libhfuzz/persistent.c | 3 ++- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 0355b888..f1396b95 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -427,22 +427,18 @@ static int ldMode(int argc, char** argv) { #endif /* _HF_ARCH_DARWIN */ /* Reference standard honggfuzz libraries first (libhfuzz, libhfcommon and libhfnetdriver) */ - args[j++] = "-Wl,--push-state,-Bsymbolic"; args[j++] = getLibHFNetDriverPath(); args[j++] = getLibHFuzzPath(); args[j++] = getLibHFCommonPath(); - args[j++] = "-Wl,--pop-state"; for (int i = 1; i < argc; i++) { args[j++] = argv[i]; } /* Reference standard libs again, in case some symbols are still missing */ - args[j++] = "-Wl,--push-state,-Bsymbolic"; args[j++] = getLibHFNetDriverPath(); args[j++] = getLibHFuzzPath(); args[j++] = getLibHFCommonPath(); - args[j++] = "-Wl,--pop-state"; /* Needed by libhfcommon */ args[j++] = "-pthread"; diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c index c7e55d57..93930afb 100644 --- a/libhfuzz/persistent.c +++ b/libhfuzz/persistent.c @@ -57,10 +57,11 @@ void HF_ITER(const uint8_t** buf_ptr, size_t* len_ptr) { } extern const char* const LIBHFUZZ_module_memorycmp; +extern const char* const LIBHFUZZ_module_instrument; static void HonggfuzzRunOneInput(const uint8_t* buf, size_t len) { int ret = LLVMFuzzerTestOneInput(buf, len); if (ret != 0) { - LOG_D("Dereferenced: %s", LIBHFUZZ_module_memorycmp); + LOG_D("Dereferenced: %s, %s", LIBHFUZZ_module_memorycmp, LIBHFUZZ_module_instrument); LOG_F("LLVMFuzzerTestOneInput() returned '%d' instead of '0'", ret); } } -- cgit v1.2.3 From 212e7967ad03b475cdaf15b6179feccae0d31b0f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 4 Mar 2020 17:55:32 +0100 Subject: input: set run->staticFileTryMore=false only if it's true --- input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/input.c b/input.c index 8b69935f..b6e2dee4 100644 --- a/input.c +++ b/input.c @@ -479,7 +479,7 @@ bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { return false; } - if ((size_t)fileSz < run->dynamicFileSz) { + if (run->staticFileTryMore && ((size_t)fileSz < run->dynamicFileSz)) { /* The file is smaller than the requested size, no need to re-read it anymore */ run->staticFileTryMore = false; } -- cgit v1.2.3 From 6d6f6547dd88ca767c33e4692d87f97bcb58930e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Mar 2020 08:14:55 +0100 Subject: libhfuzz: make string const feedback faster by not using str(n)len() until it's necessary --- libhfuzz/instrument.c | 38 +++++++++++++++++++++++++++++++------- libhfuzz/instrument.h | 2 ++ libhfuzz/memorycmp.c | 16 ++++++++-------- 3 files changed, 41 insertions(+), 15 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 36aedd1a..4eef157d 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -464,10 +464,7 @@ void instrumentClearNewCov() { covFeedback->pidFeedbackCmp[my_thread_no] = 0U; } -void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { - if (!cmpFeedback) { - return; - } +static inline void instrumentAddConstMemInternal(const void* mem, size_t len) { if (len > sizeof(cmpFeedback->valArr[0].val)) { len = sizeof(cmpFeedback->valArr[0].val); } @@ -475,9 +472,6 @@ void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { if (curroff >= ARRAYSIZE(cmpFeedback->valArr)) { return; } - if (check_if_ro && !util_isAddrRO(mem)) { - return; - } for (uint32_t i = 0; i < curroff; i++) { if ((len == cmpFeedback->valArr[i].len) && @@ -495,3 +489,33 @@ void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { memcpy(cmpFeedback->valArr[newoff].val, mem, len); ATOMIC_SET(cmpFeedback->valArr[newoff].len, len); } + +void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { + if (!cmpFeedback) { + return; + } + if (check_if_ro && !util_isAddrRO(mem)) { + return; + } + instrumentAddConstMemInternal(mem, len); +} + +void instrumentAddConstStr(const char* s) { + if (!cmpFeedback) { + return; + } + if (!util_isAddrRO(s)) { + return; + } + instrumentAddConstMemInternal(s, strlen(s)); +} + +void instrumentAddConstStrN(const char* s, size_t n) { + if (!cmpFeedback) { + return; + } + if (!util_isAddrRO(s)) { + return; + } + instrumentAddConstMemInternal(s, strnlen(s, n)); +} diff --git a/libhfuzz/instrument.h b/libhfuzz/instrument.h index ba2e119b..845ccec4 100644 --- a/libhfuzz/instrument.h +++ b/libhfuzz/instrument.h @@ -32,5 +32,7 @@ bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v); void instrumentClearNewCov(); void instrumentAddConstMem(const void* m, size_t len, bool check_if_ro); +void instrumentAddConstStr(const char* s); +void instrumentAddConstStrN(const char* s, size_t n); #endif /* ifdef _HF_LIBHFUZZ_INSTRUMENT_H_ */ diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index f3b33469..02eb9dc7 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -22,8 +22,8 @@ static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { } instrumentUpdateCmpMap(addr, i); - instrumentAddConstMem(s1, strlen(s1), /* check_if_ro= */ true); - instrumentAddConstMem(s2, strlen(s2), /* check_if_ro= */ true); + instrumentAddConstStr(s1); + instrumentAddConstStr(s2); return ((int)s1[i] - (int)s2[i]); } @@ -37,8 +37,8 @@ static inline int HF_strcasecmp(const char* s1, const char* s2, uintptr_t addr) } instrumentUpdateCmpMap(addr, i); - instrumentAddConstMem(s1, strlen(s1), /* check_if_ro= */ true); - instrumentAddConstMem(s2, strlen(s2), /* check_if_ro= */ true); + instrumentAddConstStr(s1); + instrumentAddConstStr(s2); return (tolower((unsigned char)s1[i]) - tolower((unsigned char)s2[i])); } @@ -52,8 +52,8 @@ static inline int HF_strncmp(const char* s1, const char* s2, size_t n, uintptr_t } instrumentUpdateCmpMap(addr, i); - instrumentAddConstMem(s1, strnlen(s1, n), /* check_if_ro= */ true); - instrumentAddConstMem(s2, strnlen(s2, n), /* check_if_ro= */ true); + instrumentAddConstStrN(s1, n); + instrumentAddConstStrN(s2, n); if (i == n) { return 0; @@ -71,8 +71,8 @@ static inline int HF_strncasecmp(const char* s1, const char* s2, size_t n, uintp } instrumentUpdateCmpMap(addr, i); - instrumentAddConstMem(s1, strnlen(s1, n), /* check_if_ro= */ true); - instrumentAddConstMem(s2, strnlen(s2, n), /* check_if_ro= */ true); + instrumentAddConstStrN(s1, n); + instrumentAddConstStrN(s2, n); if (i == n) { return 0; -- cgit v1.2.3 From f765a3238f2117070b0b36d8511db8e67b179faf Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Mar 2020 08:56:04 +0100 Subject: input: correct argument to printf-like func --- input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/input.c b/input.c index b6e2dee4..2d892241 100644 --- a/input.c +++ b/input.c @@ -95,7 +95,7 @@ static bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) { } if (hfuzz->io.maxFileSz && st.st_size > (off_t)hfuzz->io.maxFileSz) { LOG_D("File '%s' is bigger than maximal defined file size (-F): %" PRIu64 " > %zu", - path, (uint64_t)st.st_size, (uint64_t)hfuzz->io.maxFileSz); + path, (uint64_t)st.st_size, hfuzz->io.maxFileSz); } if ((size_t)st.st_size > hfuzz->mutate.maxInputSz) { hfuzz->mutate.maxInputSz = st.st_size; -- cgit v1.2.3 From 3c62c9b5814b7348c296990cf5663f1976cba8f7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Mar 2020 09:02:05 +0100 Subject: libhfuzz/instrument: ignore const values which are of len=0 --- libhfuzz/instrument.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 4eef157d..45803715 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -465,6 +465,9 @@ void instrumentClearNewCov() { } static inline void instrumentAddConstMemInternal(const void* mem, size_t len) { + if (len == 0) { + return; + } if (len > sizeof(cmpFeedback->valArr[0].val)) { len = sizeof(cmpFeedback->valArr[0].val); } @@ -494,6 +497,9 @@ void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { if (!cmpFeedback) { return; } + if (len == 0) { + return; + } if (check_if_ro && !util_isAddrRO(mem)) { return; } -- cgit v1.2.3 From 9d3b01cfe6ce65b53e6a0687a6b94143585b7fcf Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Mar 2020 09:45:47 +0100 Subject: libhfuzz: avoid extensive const instrumentation of strstr, strcasestr and memmem --- libhfuzz/instrument.c | 11 +++++-- libhfuzz/instrument.h | 1 + libhfuzz/memorycmp.c | 86 ++++++++++++++++++++++++++++++++++----------------- 3 files changed, 66 insertions(+), 32 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 45803715..c5f59afc 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -56,13 +56,14 @@ static void initializeCmpFeedback(void) { return; } int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); - if ((cmpFeedback = mmap(NULL, sizeof(cmpfeedback_t), PROT_READ | PROT_WRITE, mflags, - _HF_CMP_BITMAP_FD, 0)) == MAP_FAILED) { + void* ret = + mmap(NULL, sizeof(cmpfeedback_t), PROT_READ | PROT_WRITE, mflags, _HF_CMP_BITMAP_FD, 0); + if (ret == MAP_FAILED) { PLOG_W("mmap(_HF_CMP_BITMAP_FD==%d, size=%zu) of the feedback structure failed", _HF_CMP_BITMAP_FD, sizeof(cmpfeedback_t)); - cmpFeedback = NULL; return; } + ATOMIC_SET(cmpFeedback, ret); } static bool initializeCovFeedback(void) { @@ -525,3 +526,7 @@ void instrumentAddConstStrN(const char* s, size_t n) { } instrumentAddConstMemInternal(s, strnlen(s, n)); } + +bool instrumentConstAvail(void) { + return (ATOMIC_GET(cmpFeedback) != NULL); +} diff --git a/libhfuzz/instrument.h b/libhfuzz/instrument.h index 845ccec4..3c860929 100644 --- a/libhfuzz/instrument.h +++ b/libhfuzz/instrument.h @@ -34,5 +34,6 @@ void instrumentClearNewCov(); void instrumentAddConstMem(const void* m, size_t len, bool check_if_ro); void instrumentAddConstStr(const char* s); void instrumentAddConstStrN(const char* s, size_t n); +bool instrumentConstAvail(); #endif /* ifdef _HF_LIBHFUZZ_INSTRUMENT_H_ */ diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 02eb9dc7..657657b4 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -43,7 +43,8 @@ static inline int HF_strcasecmp(const char* s1, const char* s2, uintptr_t addr) return (tolower((unsigned char)s1[i]) - tolower((unsigned char)s2[i])); } -static inline int HF_strncmp(const char* s1, const char* s2, size_t n, uintptr_t addr) { +static inline int HF_strncmp( + const char* s1, const char* s2, size_t n, bool constfb, uintptr_t addr) { size_t i; for (i = 0; i < n; i++) { if ((s1[i] != s2[i]) || s1[i] == '\0' || s2[i] == '\0') { @@ -52,8 +53,10 @@ static inline int HF_strncmp(const char* s1, const char* s2, size_t n, uintptr_t } instrumentUpdateCmpMap(addr, i); - instrumentAddConstStrN(s1, n); - instrumentAddConstStrN(s2, n); + if (constfb) { + instrumentAddConstStrN(s1, n); + instrumentAddConstStrN(s2, n); + } if (i == n) { return 0; @@ -61,7 +64,8 @@ static inline int HF_strncmp(const char* s1, const char* s2, size_t n, uintptr_t return ((int)s1[i] - (int)s2[i]); } -static inline int HF_strncasecmp(const char* s1, const char* s2, size_t n, uintptr_t addr) { +static inline int HF_strncasecmp( + const char* s1, const char* s2, size_t n, bool constfb, uintptr_t addr) { size_t i; for (i = 0; i < n; i++) { if ((tolower((unsigned char)s1[i]) != tolower((unsigned char)s2[i])) || s1[i] == '\0' || @@ -71,8 +75,10 @@ static inline int HF_strncasecmp(const char* s1, const char* s2, size_t n, uintp } instrumentUpdateCmpMap(addr, i); - instrumentAddConstStrN(s1, n); - instrumentAddConstStrN(s2, n); + if (constfb) { + instrumentAddConstStrN(s1, n); + instrumentAddConstStrN(s2, n); + } if (i == n) { return 0; @@ -86,9 +92,12 @@ static inline char* HF_strstr(const char* haystack, const char* needle, uintptr_ return (char*)haystack; } + instrumentAddConstStr(haystack); + instrumentAddConstStr(needle); + const char* h = haystack; for (; (h = __builtin_strchr(h, needle[0])) != NULL; h++) { - if (HF_strncmp(h, needle, needle_len, addr) == 0) { + if (HF_strncmp(h, needle, needle_len, /* constfb= */ false, addr) == 0) { return (char*)h; } } @@ -97,15 +106,23 @@ static inline char* HF_strstr(const char* haystack, const char* needle, uintptr_ static inline char* HF_strcasestr(const char* haystack, const char* needle, uintptr_t addr) { size_t needle_len = strlen(needle); + if (needle_len == 0) { + return (char*)haystack; + } + + instrumentAddConstStr(haystack); + instrumentAddConstStr(needle); + for (size_t i = 0; haystack[i]; i++) { - if (HF_strncasecmp(&haystack[i], needle, needle_len, addr) == 0) { + if (HF_strncasecmp(&haystack[i], needle, needle_len, /* constfb= */ false, addr) == 0) { return (char*)(&haystack[i]); } } return NULL; } -static inline int HF_memcmp(const void* m1, const void* m2, size_t n, uintptr_t addr) { +static inline int HF_memcmp( + const void* m1, const void* m2, size_t n, bool constfb, uintptr_t addr) { const unsigned char* s1 = (const unsigned char*)m1; const unsigned char* s2 = (const unsigned char*)m2; @@ -117,8 +134,10 @@ static inline int HF_memcmp(const void* m1, const void* m2, size_t n, uintptr_t } instrumentUpdateCmpMap(addr, i); - instrumentAddConstMem(m1, n, /* check_if_ro= */ true); - instrumentAddConstMem(m2, n, /* check_if_ro= */ true); + if (constfb) { + instrumentAddConstMem(m1, n, /* check_if_ro= */ true); + instrumentAddConstMem(m2, n, /* check_if_ro= */ true); + } if (i == n) { return 0; @@ -135,9 +154,12 @@ static inline void* HF_memmem(const void* haystack, size_t haystacklen, const vo return (void*)haystack; } + instrumentAddConstMem(haystack, haystacklen, /* check_if_ro= */ true); + instrumentAddConstMem(needle, needlelen, /* check_if_ro= */ true); + const char* h = haystack; for (size_t i = 0; i <= (haystacklen - needlelen); i++) { - if (HF_memcmp(&h[i], needle, needlelen, addr) == 0) { + if (HF_memcmp(&h[i], needle, needlelen, /* constfb= */ false, addr) == 0) { return (void*)(&h[i]); } } @@ -175,18 +197,19 @@ void __sanitizer_weak_hook_strcasecmp( HF_strcasecmp(s1, s2, pc); } HF_WEAK_WRAP(int, strncmp, const char* s1, const char* s2, size_t n) { - return HF_strncmp(s1, s2, n, (uintptr_t)__builtin_return_address(0)); + return HF_strncmp(s1, s2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_strncmp( uintptr_t pc, const char* s1, const char* s2, size_t n, int result HF_ATTR_UNUSED) { - HF_strncmp(s1, s2, n, pc); + HF_strncmp(s1, s2, n, instrumentConstAvail(), pc); } HF_WEAK_WRAP(int, strncasecmp, const char* s1, const char* s2, size_t n) { - return HF_strncasecmp(s1, s2, n, (uintptr_t)__builtin_return_address(0)); + return HF_strncasecmp( + s1, s2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_strncasecmp( uintptr_t pc, const char* s1, const char* s2, size_t n, int result HF_ATTR_UNUSED) { - HF_strncasecmp(s1, s2, n, pc); + HF_strncasecmp(s1, s2, n, instrumentConstAvail(), pc); } HF_WEAK_WRAP(char*, strstr, const char* haystack, const char* needle) { return HF_strstr(haystack, needle, (uintptr_t)__builtin_return_address(0)); @@ -203,18 +226,18 @@ void __sanitizer_weak_hook_strcasestr( HF_strcasestr(haystack, needle, pc); } HF_WEAK_WRAP(int, memcmp, const void* m1, const void* m2, size_t n) { - return HF_memcmp(m1, m2, n, (uintptr_t)__builtin_return_address(0)); + return HF_memcmp(m1, m2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_memcmp( uintptr_t pc, const void* m1, const void* m2, size_t n, int result HF_ATTR_UNUSED) { - HF_memcmp(m1, m2, n, pc); + HF_memcmp(m1, m2, n, instrumentConstAvail(), pc); } HF_WEAK_WRAP(int, bcmp, const void* m1, const void* m2, size_t n) { - return HF_memcmp(m1, m2, n, (uintptr_t)__builtin_return_address(0)); + return HF_memcmp(m1, m2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_bcmp( uintptr_t pc, const void* m1, const void* m2, size_t n, int result HF_ATTR_UNUSED) { - HF_memcmp(m1, m2, n, pc); + HF_memcmp(m1, m2, n, instrumentConstAvail(), pc); } HF_WEAK_WRAP( void*, memmem, const void* haystack, size_t haystacklen, const void* needle, size_t needlelen) { @@ -241,7 +264,8 @@ HF_WEAK_WRAP(int, ap_cstr_casecmp, const char* s1, const char* s2) { } HF_WEAK_WRAP(int, ap_cstr_casecmpn, const char* s1, const char* s2, size_t n) { - return HF_strncasecmp(s1, s2, n, (uintptr_t)__builtin_return_address(0)); + return HF_strncasecmp( + s1, s2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(const char*, ap_strcasestr, const char* s1, const char* s2) { @@ -253,18 +277,19 @@ HF_WEAK_WRAP(int, apr_cstr_casecmp, const char* s1, const char* s2) { } HF_WEAK_WRAP(int, apr_cstr_casecmpn, const char* s1, const char* s2, size_t n) { - return HF_strncasecmp(s1, s2, n, (uintptr_t)__builtin_return_address(0)); + return HF_strncasecmp( + s1, s2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } /* * *SSL wrappers */ HF_WEAK_WRAP(int, CRYPTO_memcmp, const void* m1, const void* m2, size_t len) { - return HF_memcmp(m1, m2, len, (uintptr_t)__builtin_return_address(0)); + return HF_memcmp(m1, m2, len, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, OPENSSL_memcmp, const void* m1, const void* m2, size_t len) { - return HF_memcmp(m1, m2, len, (uintptr_t)__builtin_return_address(0)); + return HF_memcmp(m1, m2, len, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, OPENSSL_strcasecmp, const char* s1, const char* s2) { @@ -272,11 +297,12 @@ HF_WEAK_WRAP(int, OPENSSL_strcasecmp, const char* s1, const char* s2) { } HF_WEAK_WRAP(int, OPENSSL_strncasecmp, const char* s1, const char* s2, size_t len) { - return HF_strncasecmp(s1, s2, len, (uintptr_t)__builtin_return_address(0)); + return HF_strncasecmp( + s1, s2, len, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int32_t, memcmpct, const void* s1, const void* s2, size_t len) { - return HF_memcmp(s1, s2, len, (uintptr_t)__builtin_return_address(0)); + return HF_memcmp(s1, s2, len, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } /* @@ -295,7 +321,8 @@ HF_WEAK_WRAP(int, xmlStrncmp, const char* s1, const char* s2, int len) { if (s2 == NULL) { return 1; } - return HF_strncmp(s1, s2, (size_t)len, (uintptr_t)__builtin_return_address(0)); + return HF_strncmp( + s1, s2, (size_t)len, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, xmlStrcmp, const char* s1, const char* s2) { @@ -353,7 +380,8 @@ HF_WEAK_WRAP(int, xmlStrncasecmp, const char* s1, const char* s2, int len) { if (s2 == NULL) { return 1; } - return HF_strncasecmp(s1, s2, (size_t)len, (uintptr_t)__builtin_return_address(0)); + return HF_strncasecmp( + s1, s2, (size_t)len, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(const char*, xmlStrstr, const char* haystack, const char* needle) { @@ -380,7 +408,7 @@ HF_WEAK_WRAP(const char*, xmlStrcasestr, const char* haystack, const char* needl * Samba wrappers */ HF_WEAK_WRAP(int, memcmp_const_time, const void* s1, const void* s2, size_t n) { - return HF_memcmp(s1, s2, n, (uintptr_t)__builtin_return_address(0)); + return HF_memcmp(s1, s2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(bool, strcsequal, const void* s1, const void* s2) { -- cgit v1.2.3 From 62b67d224825cb8a34d490d1aa477e040da09b8d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Mar 2020 14:40:05 +0100 Subject: fix some -m32 compilation issues (type casting) --- linux/trace.c | 4 ++-- report.c | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/linux/trace.c b/linux/trace.c index 5a993630..3a22234c 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -531,7 +531,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { PLOG_W("Couldn't get siginfo for pid %d", pid); } - uint64_t crashAddr = (uint64_t)si.si_addr; + uint64_t crashAddr = (uint64_t)(uintptr_t)si.si_addr; /* User-induced signals don't set si.si_addr */ if (SI_FROMUSER(&si)) { crashAddr = 0UL; @@ -571,7 +571,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { " instr: '%s'", pid, si.si_signo, si.si_errno, si.si_code, si.si_addr, pc, crashAddr, instr); - if (!SI_FROMUSER(&si) && pc && crashAddr < (uint64_t)run->global->linux.ignoreAddr) { + if (!SI_FROMUSER(&si) && pc && crashAddr < (uint64_t)(uintptr_t)run->global->linux.ignoreAddr) { LOG_I("Input is interesting (%s), but the si.si_addr is %p (below %p), skipping", util_sigName(si.si_signo), si.si_addr, run->global->linux.ignoreAddr); return; diff --git a/report.c b/report.c index 65af26d1..383b273b 100644 --- a/report.c +++ b/report.c @@ -146,8 +146,7 @@ void report_appendReport(pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, run->report, sizeof(run->report), "STACK HASH: %016" PRIx64 "\n", run->backtrace); util_ssnprintf(run->report, sizeof(run->report), "STACK:\n"); for (size_t i = 0; i < funcCnt; i++) { - util_ssnprintf( - run->report, sizeof(run->report), " <0x%016" PRIx64 "> ", (uint64_t)funcs[i].pc); + util_ssnprintf(run->report, sizeof(run->report), " <0x%016tx> ", (uintptr_t)funcs[i].pc); util_ssnprintf(run->report, sizeof(run->report), "[func:%s file:%s line:%zu module:%s]\n", funcs[i].func, funcs[i].file, funcs[i].line, funcs[i].module); } -- cgit v1.2.3 From 81e9d08e766644c633fe774c450ba6b9bc115fc5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Mar 2020 17:52:43 +0100 Subject: libhfuzz: instrument comparisons only if the comparison itself failed --- libhfuzz/memorycmp.c | 113 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 70 insertions(+), 43 deletions(-) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 657657b4..a5d2f6bd 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -13,6 +13,16 @@ __attribute__((visibility("default"))) __attribute__((used)) const char* const LIBHFUZZ_module_memorycmp = "LIBHFUZZ_module_memorycmp"; +static inline uintptr_t HF_cmphash(uintptr_t addr, const void* s1, const void* s2) { + if (util_isAddrRO(s1)) { + addr ^= ((uintptr_t)s1 << 2); + } + if (util_isAddrRO(s2)) { + addr ^= ((uintptr_t)s2 << 4); + } + return addr; +} + static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { size_t i; for (i = 0; s1[i] == s2[i]; i++) { @@ -21,11 +31,14 @@ static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { } } - instrumentUpdateCmpMap(addr, i); - instrumentAddConstStr(s1); - instrumentAddConstStr(s2); - - return ((int)s1[i] - (int)s2[i]); + int ret = (int)s1[i] - (int)s2[i]; + ; + if (ret) { + instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); + instrumentAddConstStr(s1); + instrumentAddConstStr(s2); + } + return ret; } static inline int HF_strcasecmp(const char* s1, const char* s2, uintptr_t addr) { @@ -36,11 +49,13 @@ static inline int HF_strcasecmp(const char* s1, const char* s2, uintptr_t addr) } } - instrumentUpdateCmpMap(addr, i); - instrumentAddConstStr(s1); - instrumentAddConstStr(s2); - - return (tolower((unsigned char)s1[i]) - tolower((unsigned char)s2[i])); + int ret = tolower((unsigned char)s1[i]) - tolower((unsigned char)s2[i]); + if (ret) { + instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); + instrumentAddConstStr(s1); + instrumentAddConstStr(s2); + } + return ret; } static inline int HF_strncmp( @@ -52,16 +67,19 @@ static inline int HF_strncmp( } } - instrumentUpdateCmpMap(addr, i); - if (constfb) { - instrumentAddConstStrN(s1, n); - instrumentAddConstStrN(s2, n); - } - if (i == n) { return 0; } - return ((int)s1[i] - (int)s2[i]); + + int ret = (int)s1[i] - (int)s2[i]; + if (ret) { + instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); + if (constfb) { + instrumentAddConstStrN(s1, n); + instrumentAddConstStrN(s2, n); + } + } + return ret; } static inline int HF_strncasecmp( @@ -74,50 +92,55 @@ static inline int HF_strncasecmp( } } - instrumentUpdateCmpMap(addr, i); - if (constfb) { - instrumentAddConstStrN(s1, n); - instrumentAddConstStrN(s2, n); - } - if (i == n) { return 0; } - return tolower((unsigned char)s1[i]) - tolower((unsigned char)s2[i]); + + int ret = tolower((unsigned char)s1[i]) - tolower((unsigned char)s2[i]); + if (ret) { + instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); + if (constfb) { + instrumentAddConstStrN(s1, n); + instrumentAddConstStrN(s2, n); + } + } + return ret; } static inline char* HF_strstr(const char* haystack, const char* needle, uintptr_t addr) { - size_t needle_len = strlen(needle); + size_t needle_len = __builtin_strlen(needle); if (needle_len == 0) { return (char*)haystack; } - instrumentAddConstStr(haystack); - instrumentAddConstStr(needle); - const char* h = haystack; for (; (h = __builtin_strchr(h, needle[0])) != NULL; h++) { if (HF_strncmp(h, needle, needle_len, /* constfb= */ false, addr) == 0) { return (char*)h; } } + + instrumentAddConstStr(haystack); + instrumentAddConstStr(needle); + return NULL; } static inline char* HF_strcasestr(const char* haystack, const char* needle, uintptr_t addr) { - size_t needle_len = strlen(needle); + size_t needle_len = __builtin_strlen(needle); if (needle_len == 0) { return (char*)haystack; } - instrumentAddConstStr(haystack); - instrumentAddConstStr(needle); - for (size_t i = 0; haystack[i]; i++) { if (HF_strncasecmp(&haystack[i], needle, needle_len, /* constfb= */ false, addr) == 0) { return (char*)(&haystack[i]); } } + + instrumentAddConstStr(haystack); + instrumentAddConstStr(needle); + return NULL; } @@ -133,16 +156,19 @@ static inline int HF_memcmp( } } - instrumentUpdateCmpMap(addr, i); - if (constfb) { - instrumentAddConstMem(m1, n, /* check_if_ro= */ true); - instrumentAddConstMem(m2, n, /* check_if_ro= */ true); - } - if (i == n) { return 0; } - return ((int)s1[i] - (int)s2[i]); + + int ret = (int)s1[i] - (int)s2[i]; + if (ret) { + instrumentUpdateCmpMap(HF_cmphash(addr, m1, m2), i); + if (constfb) { + instrumentAddConstMem(m1, n, /* check_if_ro= */ true); + instrumentAddConstMem(m2, n, /* check_if_ro= */ true); + } + } + return ret; } static inline void* HF_memmem(const void* haystack, size_t haystacklen, const void* needle, @@ -154,20 +180,21 @@ static inline void* HF_memmem(const void* haystack, size_t haystacklen, const vo return (void*)haystack; } - instrumentAddConstMem(haystack, haystacklen, /* check_if_ro= */ true); - instrumentAddConstMem(needle, needlelen, /* check_if_ro= */ true); - const char* h = haystack; for (size_t i = 0; i <= (haystacklen - needlelen); i++) { if (HF_memcmp(&h[i], needle, needlelen, /* constfb= */ false, addr) == 0) { return (void*)(&h[i]); } } + + instrumentAddConstMem(haystack, haystacklen, /* check_if_ro= */ true); + instrumentAddConstMem(needle, needlelen, /* check_if_ro= */ true); + return NULL; } static inline char* HF_strcpy(char* dest, const char* src, uintptr_t addr) { - size_t len = strlen(src); + size_t len = __builtin_strlen(src); if (len > 0) { uint32_t level = (sizeof(len) * 8) - __builtin_clzl(len); instrumentUpdateCmpMap(addr, level); -- cgit v1.2.3 From 03e4fd48ffc78c5069de8fb2b6b0fe375bb832a7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 5 Mar 2020 23:45:25 +0100 Subject: libhfuzz/memcmp: remove lone ; --- libhfuzz/memorycmp.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index a5d2f6bd..a388531e 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -32,7 +32,6 @@ static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { } int ret = (int)s1[i] - (int)s2[i]; - ; if (ret) { instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); instrumentAddConstStr(s1); -- cgit v1.2.3 From 0e65697ad8db0f630b712ef2fd7dc18dedded822 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Mar 2020 14:07:15 +0100 Subject: mangle: mangling simplifications --- mangle.c | 32 +++++++++++--------------------- 1 file changed, 11 insertions(+), 21 deletions(-) diff --git a/mangle.c b/mangle.c index 19081445..6a088e2f 100644 --- a/mangle.c +++ b/mangle.c @@ -119,7 +119,7 @@ static void mangle_Bytes(run_t* run, bool printable) { if (printable) { util_rndBufPrintable((uint8_t*)&buf, sizeof(buf)); } else { - util_rndBuf((uint8_t*)&buf, sizeof(buf)); + buf = util_rnd64(); } /* Overwrite with random 1-8-byte values */ @@ -135,7 +135,7 @@ static void mangle_Bit(run_t* run, bool printable) { } } -static void mangle_DictionaryInsertNoCheck(run_t* run, bool printable) { +static void mangle_DictionaryNoCheck(run_t* run, bool printable, bool inflate) { uint64_t choice = util_rndGet(0, run->global->mutate.dictionaryCnt - 1); struct strings_t* str = TAILQ_FIRST(&run->global->mutate.dictq); for (uint64_t i = 0; i < choice; i++) { @@ -143,7 +143,9 @@ static void mangle_DictionaryInsertNoCheck(run_t* run, bool printable) { } size_t off = mangle_getOffSet(run); - mangle_Inflate(run, off, str->len, printable); + if (inflate) { + mangle_Inflate(run, off, str->len, printable); + } mangle_Overwrite(run, (uint8_t*)str->s, off, str->len); } @@ -152,19 +154,7 @@ static void mangle_DictionaryInsert(run_t* run, bool printable) { mangle_Bit(run, printable); return; } - mangle_DictionaryInsertNoCheck(run, printable); -} - -static void mangle_DictionaryNoCheck(run_t* run) { - size_t off = mangle_getOffSet(run); - - uint64_t choice = util_rndGet(0, run->global->mutate.dictionaryCnt - 1); - struct strings_t* str = TAILQ_FIRST(&run->global->mutate.dictq); - for (uint64_t i = 0; i < choice; i++) { - str = TAILQ_NEXT(str, pointers); - } - - mangle_Overwrite(run, (uint8_t*)str->s, off, str->len); + mangle_DictionaryNoCheck(run, printable, /* inflate= */ true); } static void mangle_Dictionary(run_t* run, bool printable) { @@ -173,7 +163,7 @@ static void mangle_Dictionary(run_t* run, bool printable) { return; } - mangle_DictionaryNoCheck(run); + mangle_DictionaryNoCheck(run, printable, /* inflate= */ false); } static void mangle_Magic(run_t* run, bool printable) { @@ -601,11 +591,11 @@ static void mangle_Shrink(run_t* run, bool printable HF_ATTR_UNUSED) { return; } - size_t len = mangle_getOffSet(run); - size_t off = util_rndGet(0, len); + size_t off_start = mangle_getOffSet(run); + size_t off_end = util_rndGet(0, off_start); - input_setSize(run, run->dynamicFileSz - len); - mangle_Move(run, off + len, off, run->dynamicFileSz); + mangle_Move(run, off_start, off_end, run->dynamicFileSz - off_start); + input_setSize(run, run->dynamicFileSz - (off_start - off_end)); } static void mangle_Resize(run_t* run, bool printable) { -- cgit v1.2.3 From 7f9f3d3be5264e9eee7d24c9fc4269effd0b0690 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Mar 2020 14:43:14 +0100 Subject: mangle: mangle_Bytes - limit size to 2 bytes --- mangle.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mangle.c b/mangle.c index 6a088e2f..6c84927f 100644 --- a/mangle.c +++ b/mangle.c @@ -115,15 +115,15 @@ static void mangle_MemMove(run_t* run, bool printable HF_ATTR_UNUSED) { static void mangle_Bytes(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - uint64_t buf; + uint16_t buf; if (printable) { util_rndBufPrintable((uint8_t*)&buf, sizeof(buf)); } else { buf = util_rnd64(); } - /* Overwrite with random 1-8-byte values */ - size_t toCopy = util_rndGet(1, 8); + /* Overwrite with random 1-2-byte values */ + size_t toCopy = util_rndGet(1, 2); mangle_Overwrite(run, (uint8_t*)&buf, off, toCopy); } -- cgit v1.2.3 From a8e08a1a2209f9fc8b645f764dd6b6ab65c9a1fd Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Mar 2020 16:34:05 +0100 Subject: libhfuzz: inline _memcmp --- libhfuzz/instrument.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index c5f59afc..77520c83 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -126,7 +126,7 @@ __attribute__((constructor)) void hfuzzInstrumentInit(void) { pthread_once(&localInitOnce, initializeInstrument); } -static int _memcmp(const uint8_t* m1, const uint8_t* m2, size_t n) { +static inline int _memcmp(const uint8_t* m1, const uint8_t* m2, size_t n) { for (size_t i = 0; i < n; i++) { if (m1[i] != m2[i]) { return ((int)m1[i] - (int)m2[i]); -- cgit v1.2.3 From 34e5dbc59ab672a1f8af133b307a65bf29ebd605 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 6 Mar 2020 16:42:21 +0100 Subject: Makefile: allow for more aggressive inlining, esp. of the libhfuzz/ functions --- Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Makefile b/Makefile index ccf857ba..596703c2 100644 --- a/Makefile +++ b/Makefile @@ -156,12 +156,16 @@ ifeq ($(COMPILER),clang) ARCH_CFLAGS += -Wno-initializer-overrides -Wno-unknown-warning-option ARCH_CFLAGS += -Wno-gnu-empty-initializer -Wno-format-pedantic ARCH_CFLAGS += -Wno-gnu-statement-expression + ARCH_CFLAGS += -mllvm -inline-threshold=2000 CFLAGS_BLOCKS = -fblocks ifneq ($(OS),Darwin) ARCH_LDFLAGS += -Wl,-Bstatic -lBlocksRuntime -Wl,-Bdynamic endif endif +ifeq ($(COMPILER),gcc) + ARCH_CFLAGS += --param max-inline-insns-single=2000 +endif SRCS := $(COMMON_SRCS) $(ARCH_SRCS) OBJS := $(SRCS:.c=.o) -- cgit v1.2.3 From 05ff725e83c7fefa67b42defcf10e8cb50f1d289 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 7 Mar 2020 23:18:59 +0100 Subject: libhfuzz: add ATOMIC --- libhfuzz/instrument.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 77520c83..9c774bf3 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -478,7 +478,7 @@ static inline void instrumentAddConstMemInternal(const void* mem, size_t len) { } for (uint32_t i = 0; i < curroff; i++) { - if ((len == cmpFeedback->valArr[i].len) && + if ((len == ATOMIC_GET(cmpFeedback->valArr[i].len)) && _memcmp(cmpFeedback->valArr[i].val, mem, len) == 0) { return; } -- cgit v1.2.3 From 7aa02a13298d90a5d6d4d76cafb51e03c17285c4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 7 Mar 2020 23:43:12 +0100 Subject: libhfuzz: add limitation (steps) to checks util_isAddrRO. Not every n-th (currently: 128th) value is checked and possibly added to the const dictionary --- libhfuzz/instrument.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 9c774bf3..a67c35bc 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -465,6 +465,15 @@ void instrumentClearNewCov() { covFeedback->pidFeedbackCmp[my_thread_no] = 0U; } +/* Used to limit certain expensive actions, like adding values to dictionaries */ +static inline bool instrumentLimitEvery(uint64_t step) { + static uint64_t staticCnt = 0; + if ((ATOMIC_POST_INC(staticCnt) % step) == 0) { + return true; + } + return false; +} + static inline void instrumentAddConstMemInternal(const void* mem, size_t len) { if (len == 0) { return; @@ -501,6 +510,9 @@ void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { if (len == 0) { return; } + if (!instrumentLimitEvery(128)) { + return; + } if (check_if_ro && !util_isAddrRO(mem)) { return; } @@ -511,6 +523,9 @@ void instrumentAddConstStr(const char* s) { if (!cmpFeedback) { return; } + if (!instrumentLimitEvery(128)) { + return; + } if (!util_isAddrRO(s)) { return; } @@ -521,6 +536,12 @@ void instrumentAddConstStrN(const char* s, size_t n) { if (!cmpFeedback) { return; } + if (n == 0) { + return; + } + if (!instrumentLimitEvery(128)) { + return; + } if (!util_isAddrRO(s)) { return; } -- cgit v1.2.3 From 0f454eccea31a5362c6a6bee52f48324e1e75ca6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 7 Mar 2020 23:53:38 +0100 Subject: Set --experimental_const_feedback to true, and rename it to const_feedback --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index f243c845..90deb3fa 100644 --- a/cmdline.c +++ b/cmdline.c @@ -478,7 +478,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "netdriver", no_argument, NULL, 0x10C }, "Use netdriver (libhfnetdriver/). In most cases it will be autodetected through a binary signature" }, { { "only_printable", no_argument, NULL, 0x10D }, "Only generate printable inputs" }, { { "export_feedback", no_argument, NULL, 0x10E }, "Export the coverage feedback structure as ./hfuzz-feedback" }, - { { "experimental_const_feedback", required_argument, NULL, 0x112 }, "*** EXPERIMENTAL *** Use constant integer/string values from fuzzed programs to mangle input files (default: false)" }, + { { "const_feedback", required_argument, NULL, 0x112 }, "Use constant integer/string values from fuzzed programs to mangle input files via a dynamic dictionary (default: true)" }, #if defined(_HF_ARCH_LINUX) { { "linux_symbols_bl", required_argument, NULL, 0x504 }, "Symbols blacklist filter file (one entry per line)" }, -- cgit v1.2.3 From 2403fbe410e6734afc301d8e6b952a8d62e089b7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 7 Mar 2020 23:55:21 +0100 Subject: Set --experimental_const_feedback to true, and rename it to const_feedback #2 --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index 90deb3fa..dfc3c4a5 100644 --- a/cmdline.c +++ b/cmdline.c @@ -361,7 +361,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .covFeedback_mutex = PTHREAD_MUTEX_INITIALIZER, .cmpFeedbackMap = NULL, .cmpFeedbackFd = -1, - .cmpFeedback = false, + .cmpFeedback = true, .blacklistFile = NULL, .blacklist = NULL, .blacklistCnt = 0, -- cgit v1.2.3 From 882fe7b97d30f984859afabb9ea0f1098885cf02 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 8 Mar 2020 01:34:44 +0100 Subject: input: lower the first chunk of the file to be tested from 8kB to 1kB --- input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/input.c b/input.c index 2d892241..fa6e2c7f 100644 --- a/input.c +++ b/input.c @@ -447,7 +447,7 @@ static bool input_shouldReadNewFile(run_t* run) { if (!run->staticFileTryMore) { run->staticFileTryMore = true; /* Start with a 8kB beginning of a file, increase the size in following iterations */ - input_setSize(run, HF_MIN(8192U, run->global->mutate.maxInputSz)); + input_setSize(run, HF_MIN(1024U, run->global->mutate.maxInputSz)); return true; } -- cgit v1.2.3 From 684cb20b30cb30be2d5177194205607751e5a45d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 8 Mar 2020 03:37:59 +0100 Subject: libhfuzz/hfuzz-cc: add glib memorycmp wrappers --- hfuzz_cc/hfuzz-cc.c | 3 +++ libhfuzz/memorycmp.c | 25 +++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index f1396b95..911715af 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -413,6 +413,9 @@ static int ldMode(int argc, char** argv) { args[j++] = "-Wl,--wrap=strcsequal"; /* LittleCMS wrappers */ args[j++] = "-Wl,--wrap=cmsstrcasecmp"; + /* GLib wrappers */ + args[j++] = "-Wl,--wrap=g_strcmp0"; + args[j++] = "-Wl,--wrap=g_strcasecmp", args[j++] = "-Wl,--wrap=g_strncasecmp", #endif /* _HF_ARCH_DARWIN */ /* Pull modules defining the following symbols (if they exist) */ diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index a388531e..f601e5f6 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -453,3 +453,28 @@ HF_WEAK_WRAP(bool, strcsequal, const void* s1, const void* s2) { HF_WEAK_WRAP(int, cmsstrcasecmp, const void* s1, const void* s2) { return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); } + +/* + * GLib wrappers + */ +HF_WEAK_WRAP(int, g_strcmp0, const char* s1, const char* s2) { + if (s1 == s2) { + return 0; + } + if (!s1 && s2) { + return 1; + } + if (!s2 && s1) { + return -1; + } + return HF_strcmp(s1, s2, (uintptr_t)__builtin_return_address(0)); +} + +HF_WEAK_WRAP(int, g_strcasecmp, const char* s1, const char* s2) { + return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); +} + +HF_WEAK_WRAP(int, g_strncasecmp, const char* s1, const char* s2, int n) { + return HF_strncasecmp( + s1, s2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); +} -- cgit v1.2.3 From fcacdbf39510939ebf316024cafa9ba0c77a0f78 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 8 Mar 2020 03:41:45 +0100 Subject: libhfuzz/hfuzz-cc: add glib memorycmp wrappers #2 --- hfuzz_cc/hfuzz-cc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 911715af..4a89f96f 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -415,7 +415,8 @@ static int ldMode(int argc, char** argv) { args[j++] = "-Wl,--wrap=cmsstrcasecmp"; /* GLib wrappers */ args[j++] = "-Wl,--wrap=g_strcmp0"; - args[j++] = "-Wl,--wrap=g_strcasecmp", args[j++] = "-Wl,--wrap=g_strncasecmp", + args[j++] = "-Wl,--wrap=g_strcasecmp"; + args[j++] = "-Wl,--wrap=g_strncasecmp"; #endif /* _HF_ARCH_DARWIN */ /* Pull modules defining the following symbols (if they exist) */ -- cgit v1.2.3 From a0896a35608798ea7bc5cc62fe3b5adef3cc5bc7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 8 Mar 2020 03:54:52 +0100 Subject: libhfuzz/hfuzz-cc: add glib memorycmp wrappers #3 --- hfuzz_cc/hfuzz-cc.c | 2 ++ libhfuzz/memorycmp.c | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 4a89f96f..a43ed56f 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -417,6 +417,8 @@ static int ldMode(int argc, char** argv) { args[j++] = "-Wl,--wrap=g_strcmp0"; args[j++] = "-Wl,--wrap=g_strcasecmp"; args[j++] = "-Wl,--wrap=g_strncasecmp"; + args[j++] = "-Wl,--wrap=g_strstr"; + args[j++] = "-Wl,--wrap=g_strstr_len"; #endif /* _HF_ARCH_DARWIN */ /* Pull modules defining the following symbols (if they exist) */ diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index f601e5f6..b12b8203 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -478,3 +478,12 @@ HF_WEAK_WRAP(int, g_strncasecmp, const char* s1, const char* s2, int n) { return HF_strncasecmp( s1, s2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } + +HF_WEAK_WRAP(char*, g_strstr, const char* haystack, const char* needle) { + return HF_strstr(haystack, needle, (uintptr_t)__builtin_return_address(0)); +} + +HF_WEAK_WRAP(char*, g_strstr_len, const char* haystack, size_t haystack_len, const char* needle) { + return HF_memmem(haystack, haystack_len, needle, __builtin_strlen(needle), + (uintptr_t)__builtin_return_address(0)); +} -- cgit v1.2.3 From 3a5682e8f49cd218ddd41620774ed6184fb82d3e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 8 Mar 2020 10:16:27 +0100 Subject: libhfuzz+hfuzz-cc: more and better glib string wrappers --- hfuzz_cc/hfuzz-cc.c | 3 +- libhfuzz/memorycmp.c | 101 +++++++++++++++++++++++++++++++++------------------ 2 files changed, 67 insertions(+), 37 deletions(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index a43ed56f..b62a8852 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -417,8 +417,9 @@ static int ldMode(int argc, char** argv) { args[j++] = "-Wl,--wrap=g_strcmp0"; args[j++] = "-Wl,--wrap=g_strcasecmp"; args[j++] = "-Wl,--wrap=g_strncasecmp"; - args[j++] = "-Wl,--wrap=g_strstr"; args[j++] = "-Wl,--wrap=g_strstr_len"; + args[j++] = "-Wl,--wrap=g_ascii_strcasecmp"; + args[j++] = "-Wl,--wrap=g_ascii_strncasecmp"; #endif /* _HF_ARCH_DARWIN */ /* Pull modules defining the following symbols (if they exist) */ diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index b12b8203..404783ee 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -40,15 +40,16 @@ static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { return ret; } -static inline int HF_strcasecmp(const char* s1, const char* s2, uintptr_t addr) { +static inline int HF_strcasecmp( + const char* s1, const char* s2, int (*tlower_func)(int), uintptr_t addr) { size_t i; - for (i = 0; tolower((unsigned char)s1[i]) == tolower((unsigned char)s2[i]); i++) { + for (i = 0; tlower_func((unsigned char)s1[i]) == tlower_func((unsigned char)s2[i]); i++) { if (s1[i] == '\0' || s2[i] == '\0') { break; } } - int ret = tolower((unsigned char)s1[i]) - tolower((unsigned char)s2[i]); + int ret = tlower_func((unsigned char)s1[i]) - tlower_func((unsigned char)s2[i]); if (ret) { instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); instrumentAddConstStr(s1); @@ -81,12 +82,12 @@ static inline int HF_strncmp( return ret; } -static inline int HF_strncasecmp( - const char* s1, const char* s2, size_t n, bool constfb, uintptr_t addr) { +static inline int HF_strncasecmp(const char* s1, const char* s2, size_t n, int (*tlower_func)(int), + bool constfb, uintptr_t addr) { size_t i; for (i = 0; i < n; i++) { - if ((tolower((unsigned char)s1[i]) != tolower((unsigned char)s2[i])) || s1[i] == '\0' || - s2[i] == '\0') { + if ((tlower_func((unsigned char)s1[i]) != tlower_func((unsigned char)s2[i])) || + s1[i] == '\0' || s2[i] == '\0') { break; } } @@ -95,7 +96,7 @@ static inline int HF_strncasecmp( return 0; } - int ret = tolower((unsigned char)s1[i]) - tolower((unsigned char)s2[i]); + int ret = tlower_func((unsigned char)s1[i]) - tlower_func((unsigned char)s2[i]); if (ret) { instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); if (constfb) { @@ -132,7 +133,8 @@ static inline char* HF_strcasestr(const char* haystack, const char* needle, uint } for (size_t i = 0; haystack[i]; i++) { - if (HF_strncasecmp(&haystack[i], needle, needle_len, /* constfb= */ false, addr) == 0) { + if (HF_strncasecmp(&haystack[i], needle, needle_len, tolower, /* constfb= */ false, addr) == + 0) { return (char*)(&haystack[i]); } } @@ -216,11 +218,11 @@ void __sanitizer_weak_hook_strcmp( HF_strcmp(s1, s2, pc); } HF_WEAK_WRAP(int, strcasecmp, const char* s1, const char* s2) { - return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); + return HF_strcasecmp(s1, s2, tolower, (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_strcasecmp( uintptr_t pc, const char* s1, const char* s2, int result HF_ATTR_UNUSED) { - HF_strcasecmp(s1, s2, pc); + HF_strcasecmp(s1, s2, tolower, pc); } HF_WEAK_WRAP(int, strncmp, const char* s1, const char* s2, size_t n) { return HF_strncmp(s1, s2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); @@ -231,11 +233,11 @@ void __sanitizer_weak_hook_strncmp( } HF_WEAK_WRAP(int, strncasecmp, const char* s1, const char* s2, size_t n) { return HF_strncasecmp( - s1, s2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); + s1, s2, n, tolower, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_strncasecmp( uintptr_t pc, const char* s1, const char* s2, size_t n, int result HF_ATTR_UNUSED) { - HF_strncasecmp(s1, s2, n, instrumentConstAvail(), pc); + HF_strncasecmp(s1, s2, n, tolower, instrumentConstAvail(), pc); } HF_WEAK_WRAP(char*, strstr, const char* haystack, const char* needle) { return HF_strstr(haystack, needle, (uintptr_t)__builtin_return_address(0)); @@ -286,12 +288,12 @@ void __sanitizer_weak_hook_strcpy( * Apache's httpd wrappers */ HF_WEAK_WRAP(int, ap_cstr_casecmp, const char* s1, const char* s2) { - return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); + return HF_strcasecmp(s1, s2, tolower, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, ap_cstr_casecmpn, const char* s1, const char* s2, size_t n) { return HF_strncasecmp( - s1, s2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); + s1, s2, n, tolower, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(const char*, ap_strcasestr, const char* s1, const char* s2) { @@ -299,12 +301,12 @@ HF_WEAK_WRAP(const char*, ap_strcasestr, const char* s1, const char* s2) { } HF_WEAK_WRAP(int, apr_cstr_casecmp, const char* s1, const char* s2) { - return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); + return HF_strcasecmp(s1, s2, tolower, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, apr_cstr_casecmpn, const char* s1, const char* s2, size_t n) { return HF_strncasecmp( - s1, s2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); + s1, s2, n, tolower, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } /* @@ -319,12 +321,12 @@ HF_WEAK_WRAP(int, OPENSSL_memcmp, const void* m1, const void* m2, size_t len) { } HF_WEAK_WRAP(int, OPENSSL_strcasecmp, const char* s1, const char* s2) { - return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); + return HF_strcasecmp(s1, s2, tolower, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, OPENSSL_strncasecmp, const char* s1, const char* s2, size_t len) { return HF_strncasecmp( - s1, s2, len, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); + s1, s2, len, tolower, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int32_t, memcmpct, const void* s1, const void* s2, size_t len) { @@ -390,7 +392,7 @@ HF_WEAK_WRAP(int, xmlStrcasecmp, const char* s1, const char* s2) { if (s2 == NULL) { return 1; } - return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); + return HF_strcasecmp(s1, s2, tolower, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, xmlStrncasecmp, const char* s1, const char* s2, int len) { @@ -406,8 +408,8 @@ HF_WEAK_WRAP(int, xmlStrncasecmp, const char* s1, const char* s2, int len) { if (s2 == NULL) { return 1; } - return HF_strncasecmp( - s1, s2, (size_t)len, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); + return HF_strncasecmp(s1, s2, (size_t)len, tolower, instrumentConstAvail(), + (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(const char*, xmlStrstr, const char* haystack, const char* needle) { @@ -451,39 +453,66 @@ HF_WEAK_WRAP(bool, strcsequal, const void* s1, const void* s2) { * LittleCMS wrappers */ HF_WEAK_WRAP(int, cmsstrcasecmp, const void* s1, const void* s2) { - return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); + return HF_strcasecmp(s1, s2, tolower, (uintptr_t)__builtin_return_address(0)); } /* * GLib wrappers */ HF_WEAK_WRAP(int, g_strcmp0, const char* s1, const char* s2) { - if (s1 == s2) { - return 0; - } - if (!s1 && s2) { - return 1; + if (!s1) { + return -(s1 != s2); } - if (!s2 && s1) { - return -1; + if (!s2) { + return s1 != s2; } return HF_strcmp(s1, s2, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, g_strcasecmp, const char* s1, const char* s2) { - return HF_strcasecmp(s1, s2, (uintptr_t)__builtin_return_address(0)); + if (!s1 || !s2) { + return 0; + } + return HF_strcasecmp(s1, s2, tolower, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, g_strncasecmp, const char* s1, const char* s2, int n) { + if (!s1 || !s2) { + return 0; + } return HF_strncasecmp( - s1, s2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); + s1, s2, n, tolower, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } -HF_WEAK_WRAP(char*, g_strstr, const char* haystack, const char* needle) { - return HF_strstr(haystack, needle, (uintptr_t)__builtin_return_address(0)); +HF_WEAK_WRAP(char*, g_strstr_len, const char* haystack, ssize_t haystack_len, const char* needle) { + if (!haystack || !needle) { + return NULL; + } + if (haystack_len < 0) { + return HF_strstr(haystack, needle, (uintptr_t)__builtin_return_address(0)); + } + return HF_memmem(haystack, (size_t)haystack_len, needle, __builtin_strlen(needle), + (uintptr_t)__builtin_return_address(0)); } -HF_WEAK_WRAP(char*, g_strstr_len, const char* haystack, size_t haystack_len, const char* needle) { - return HF_memmem(haystack, haystack_len, needle, __builtin_strlen(needle), +static inline int hf_glib_ascii_tolower(int c) { + if (c >= 'A' && c <= 'Z') { + return c - 'A' + 'a'; + } + return c; +} + +HF_WEAK_WRAP(int, g_ascii_strcasecmp, const char* s1, const char* s2) { + if (!s1 || !s2) { + return 0; + } + return HF_strcasecmp(s1, s2, hf_glib_ascii_tolower, (uintptr_t)__builtin_return_address(0)); +} + +HF_WEAK_WRAP(int, g_ascii_strncasecmp, const char* s1, const char* s2, size_t n) { + if (!s1 || !s2) { + return 0; + } + return HF_strncasecmp(s1, s2, n, hf_glib_ascii_tolower, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } -- cgit v1.2.3 From a4333f72b8e06ee25d75fdf65cb2ec729c99cd1f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 8 Mar 2020 16:50:16 +0100 Subject: dictionary: simplify wordlist and feedback list dictionary operations --- cmdline.c | 4 +-- honggfuzz.c | 3 -- honggfuzz.h | 7 +++-- input.c | 25 ++++++--------- mangle.c | 101 ++++++++++++++++++++++++++++++++---------------------------- 5 files changed, 71 insertions(+), 69 deletions(-) diff --git a/cmdline.c b/cmdline.c index dfc3c4a5..e96222f4 100644 --- a/cmdline.c +++ b/cmdline.c @@ -327,8 +327,9 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .mutate = { .mutationsMax = 0, - .dictionaryFile = NULL, + .dictionary = {}, .dictionaryCnt = 0, + .dictionaryFile = NULL, .mutationsPerRun = 6U, .maxInputSz = 0, }, @@ -425,7 +426,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { }; TAILQ_INIT(&hfuzz->io.dynfileq); - TAILQ_INIT(&hfuzz->mutate.dictq); // clang-format off struct custom_option custom_opts[] = { diff --git a/honggfuzz.c b/honggfuzz.c index 78f94a3b..1485c785 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -389,9 +389,6 @@ int main(int argc, char** argv) { if (hfuzz.feedback.blacklist) { free(hfuzz.feedback.blacklist); } - if (hfuzz.mutate.dictionaryCnt) { - input_freeDictionary(&hfuzz); - } #if defined(_HF_ARCH_LINUX) if (hfuzz.linux.symsBl) { free(hfuzz.linux.symsBl); diff --git a/honggfuzz.h b/honggfuzz.h index aecd4b5f..403eb124 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -255,9 +255,12 @@ typedef struct { bool tmoutVTALRM; } timing; struct { - const char* dictionaryFile; - TAILQ_HEAD(strq_t, strings_t) dictq; + struct { + uint8_t val[256]; + size_t len; + } dictionary[1024]; size_t dictionaryCnt; + const char* dictionaryFile; size_t mutationsMax; unsigned mutationsPerRun; size_t maxInputSz; diff --git a/input.c b/input.c index fa6e2c7f..fc7407c1 100644 --- a/input.c +++ b/input.c @@ -219,6 +219,11 @@ bool input_parseDictionary(honggfuzz_t* hfuzz) { if (len == -1) { break; } + if (hfuzz->mutate.dictionaryCnt == ARRAYSIZE(hfuzz->mutate.dictionary)) { + LOG_W("Maximum number of dictionary entries '%zu' alread loaded. Skipping the rest", + ARRAYSIZE(hfuzz->mutate.dictionary)); + break; + } if (len > 1 && lineptr[len - 1] == '\n') { lineptr[len - 1] = '\0'; len--; @@ -242,28 +247,18 @@ bool input_parseDictionary(honggfuzz_t* hfuzz) { LOG_D("Parsing dictionary word: '%s'", bufv); len = util_decodeCString(bufv); - struct strings_t* str = (struct strings_t*)util_Calloc(sizeof(struct strings_t) + len + 1); - memcpy(str->s, bufv, len); - str->len = len; - hfuzz->mutate.dictionaryCnt++; - TAILQ_INSERT_TAIL(&hfuzz->mutate.dictq, str, pointers); + size_t dictEntry = ATOMIC_POST_INC(hfuzz->mutate.dictionaryCnt); + len = HF_MIN((size_t)len, sizeof(hfuzz->mutate.dictionary[dictEntry].val)); + memcpy(hfuzz->mutate.dictionary[dictEntry].val, bufv, len); + hfuzz->mutate.dictionary[dictEntry].len = len; - LOG_D("Dictionary: loaded word: '%s' (len=%zu)", str->s, str->len); + LOG_D("Dictionary: loaded word: '%s' (len=%zd)", bufv, len); } LOG_I("Loaded %zu words from the dictionary '%s'", hfuzz->mutate.dictionaryCnt, hfuzz->mutate.dictionaryFile); return true; } -void input_freeDictionary(honggfuzz_t* hfuzz) { - while (!TAILQ_EMPTY(&hfuzz->mutate.dictq)) { - struct strings_t* str = TAILQ_FIRST(&hfuzz->mutate.dictq); - TAILQ_REMOVE(&hfuzz->mutate.dictq, str, pointers); - free(str); - hfuzz->mutate.dictionaryCnt--; - } -} - bool input_parseBlacklist(honggfuzz_t* hfuzz) { FILE* fBl = fopen(hfuzz->feedback.blacklistFile, "rb"); if (fBl == NULL) { diff --git a/mangle.c b/mangle.c index 6c84927f..0825d980 100644 --- a/mangle.c +++ b/mangle.c @@ -134,38 +134,6 @@ static void mangle_Bit(run_t* run, bool printable) { util_turnToPrintable(&(run->dynamicFile[off]), 1); } } - -static void mangle_DictionaryNoCheck(run_t* run, bool printable, bool inflate) { - uint64_t choice = util_rndGet(0, run->global->mutate.dictionaryCnt - 1); - struct strings_t* str = TAILQ_FIRST(&run->global->mutate.dictq); - for (uint64_t i = 0; i < choice; i++) { - str = TAILQ_NEXT(str, pointers); - } - - size_t off = mangle_getOffSet(run); - if (inflate) { - mangle_Inflate(run, off, str->len, printable); - } - mangle_Overwrite(run, (uint8_t*)str->s, off, str->len); -} - -static void mangle_DictionaryInsert(run_t* run, bool printable) { - if (run->global->mutate.dictionaryCnt == 0) { - mangle_Bit(run, printable); - return; - } - mangle_DictionaryNoCheck(run, printable, /* inflate= */ true); -} - -static void mangle_Dictionary(run_t* run, bool printable) { - if (run->global->mutate.dictionaryCnt == 0) { - mangle_Bit(run, printable); - return; - } - - mangle_DictionaryNoCheck(run, printable, /* inflate= */ false); -} - static void mangle_Magic(run_t* run, bool printable) { static const struct { const uint8_t val[8]; @@ -413,35 +381,73 @@ static void mangle_Magic(run_t* run, bool printable) { } } -static void mangle_ConstCmpFeedback(run_t* run, bool printable) { - if (!run->global->feedback.cmpFeedback) { - mangle_Magic(run, printable); +static void mangle_DictionaryNoCheck( + run_t* run, const uint8_t* val, size_t len, bool printable, bool inflate) { + size_t off = mangle_getOffSet(run); + if (inflate) { + mangle_Inflate(run, off, len, printable); + } + mangle_Overwrite(run, (const uint8_t*)val, off, len); +} + +static void mangle_DictionaryInsert(run_t* run, bool printable) { + if (run->global->mutate.dictionaryCnt == 0) { + mangle_Bytes(run, printable); return; } + uint64_t choice = util_rndGet(0, run->global->mutate.dictionaryCnt - 1); + mangle_DictionaryNoCheck(run, run->global->mutate.dictionary[choice].val, + run->global->mutate.dictionary[choice].len, printable, /* inflate= */ true); +} +static void mangle_DictionaryOverwrite(run_t* run, bool printable) { + if (run->global->mutate.dictionaryCnt == 0) { + mangle_Bytes(run, printable); + return; + } + uint64_t choice = util_rndGet(0, run->global->mutate.dictionaryCnt - 1); + mangle_DictionaryNoCheck(run, run->global->mutate.dictionary[choice].val, + run->global->mutate.dictionary[choice].len, printable, /* inflate= */ false); +} + +static const uint8_t* mangle_FeedbackDict(run_t* run, size_t* len) { + if (!run->global->feedback.cmpFeedback) { + return NULL; + } cmpfeedback_t* cmpf = run->global->feedback.cmpFeedbackMap; uint32_t cnt = ATOMIC_GET(cmpf->cnt); if (cnt == 0) { - mangle_Magic(run, printable); - return; + return NULL; } if (cnt > ARRAYSIZE(cmpf->valArr)) { cnt = ARRAYSIZE(cmpf->valArr); } - - size_t off = mangle_getOffSet(run); uint32_t choice = util_rndGet(0, cnt - 1); - uint32_t len = ATOMIC_GET(cmpf->valArr[choice].len); - if (len == 0) { + *len = (size_t)ATOMIC_GET(cmpf->valArr[choice].len); + if (*len == 0) { + return NULL; + } + return cmpf->valArr[choice].val; +} + +static void mangle_ConstFeedbackInsert(run_t* run, bool printable) { + size_t len; + const uint8_t* val = mangle_FeedbackDict(run, &len); + if (val == NULL) { mangle_Magic(run, printable); return; } + mangle_DictionaryNoCheck(run, val, len, printable, /* inflate= */ true); +} - mangle_Overwrite(run, cmpf->valArr[choice].val, off, len); - - if (printable) { - util_turnToPrintable(&run->dynamicFile[off], len); +static void mangle_ConstFeedbackOverwrite(run_t* run, bool printable) { + size_t len; + const uint8_t* val = mangle_FeedbackDict(run, &len); + if (val == NULL) { + mangle_Magic(run, printable); + return; } + mangle_DictionaryNoCheck(run, val, len, printable, /* inflate= */ false); } static void mangle_MemSetWithVal(run_t* run, int val) { @@ -654,13 +660,14 @@ void mangle_mangleContent(run_t* run) { mangle_Bit, mangle_Bytes, mangle_Magic, - mangle_ConstCmpFeedback, mangle_IncByte, mangle_DecByte, mangle_NegByte, mangle_AddSub, - mangle_Dictionary, + mangle_DictionaryOverwrite, mangle_DictionaryInsert, + mangle_ConstFeedbackOverwrite, + mangle_ConstFeedbackInsert, mangle_MemMove, mangle_MemSet, mangle_Random, -- cgit v1.2.3 From 35eba31e408ee25a449c9b12fc0199bf845bade1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 8 Mar 2020 22:28:41 +0100 Subject: libhfcommon/util: group funcs by function --- libhfcommon/util.c | 2 +- libhfcommon/util.h | 32 ++++++++------------------------ 2 files changed, 9 insertions(+), 25 deletions(-) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index c13080e9..ab46d5cf 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -162,7 +162,7 @@ void util_rndBuf(uint8_t* buf, size_t sz) { return; } for (size_t i = 0; i < sz; i++) { - buf[i] = (uint8_t)util_InternalRnd64(); + buf[i] = (uint8_t)(util_InternalRnd64() >> 40); } } diff --git a/libhfcommon/util.h b/libhfcommon/util.h index e59b3f25..5a5826e4 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -93,39 +93,33 @@ __attribute__((always_inline)) static inline bool ATOMIC_BITMAP_SET(uint8_t* add #define HF_MIN(x, y) ((x < y) ? x : y) extern void* util_Malloc(size_t sz); - extern void* util_Calloc(size_t sz); - extern void* util_MMap(size_t sz); - extern void* util_Realloc(void* ptr, size_t sz); -extern char* util_StrDup(const char* s); - extern uint64_t util_rndGet(uint64_t min, uint64_t max); - extern void util_rndBuf(uint8_t* buf, size_t sz); - extern void util_rndBufPrintable(uint8_t* buf, size_t sz); - extern uint64_t util_rnd64(void); - extern uint8_t util_rndPrintable(void); -extern void util_turnToPrintable(uint8_t* buf, size_t sz); - +extern char* util_StrDup(const char* s); extern int util_ssnprintf(char* str, size_t size, const char* format, ...) __attribute__((format(printf, 3, 4))); - extern int util_vssnprintf(char* str, size_t size, const char* format, va_list ap); - extern bool util_strStartsWith(const char* str, const char* tofind); - +extern bool util_isANumber(const char* s); +extern size_t util_decodeCString(char* s); extern void util_getLocalTime(const char* fmt, char* buf, size_t len, time_t tm); +extern const char* util_sigName(int signo); +extern void util_turnToPrintable(uint8_t* buf, size_t sz); extern void util_closeStdio(bool close_stdin, bool close_stdout, bool close_stderr); +extern bool util_isAddrRO(const void* addr); + extern uint64_t util_hash(const char* buf, size_t len); +extern int64_t fastArray64Search(uint64_t* array, size_t arraySz, uint64_t key); extern int64_t util_timeNowMillis(void); extern void util_sleepForMSec(uint64_t msec); @@ -140,17 +134,7 @@ extern void util_mutexRWLockRead(pthread_rwlock_t* mutex, const char* func, int extern void util_mutexRWLockWrite(pthread_rwlock_t* mutex, const char* func, int line); extern void util_mutexRWUnlock(pthread_rwlock_t* mutex, const char* func, int line); -extern int64_t fastArray64Search(uint64_t* array, size_t arraySz, uint64_t key); - -extern bool util_isANumber(const char* s); - -extern size_t util_decodeCString(char* s); - extern uint64_t util_CRC64(const uint8_t* buf, size_t len); extern uint64_t util_CRC64Rev(const uint8_t* buf, size_t len); -extern const char* util_sigName(int signo); - -extern bool util_isAddrRO(const void* addr); - #endif /* ifndef _HF_COMMON_UTIL_H_ */ -- cgit v1.2.3 From 2dabb73d2dde96c378f16f78cc1d6ee3a9ac9711 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 8 Mar 2020 23:04:28 +0100 Subject: mangle: resize, assign more weight to smaller changes --- mangle.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/mangle.c b/mangle.c index 0825d980..3a9a2ee0 100644 --- a/mangle.c +++ b/mangle.c @@ -608,24 +608,24 @@ static void mangle_Resize(run_t* run, bool printable) { ssize_t oldsz = run->dynamicFileSz; ssize_t newsz = 0; - uint64_t choice = util_rndGet(0, 12); + uint64_t choice = util_rndGet(0, 27); switch (choice) { - case 0 ... 7: /* Do nothing */ + case 0 ... 16: /* Do nothing */ newsz = oldsz; break; - case 8: /* Set new size arbitrarily */ + case 17: /* Set new size arbitrarily */ newsz = (ssize_t)util_rndGet(1, run->global->mutate.maxInputSz); break; - case 9: /* Increase size by a small value */ - newsz = oldsz + (ssize_t)util_rndGet(1, 8); + case 18 ... 21: /* Increase size by a small value */ + newsz = oldsz + (ssize_t)util_rndGet(0, 8); break; - case 10: /* Increase size by a larger value */ + case 22: /* Increase size by a larger value */ newsz = oldsz + (ssize_t)util_rndGet(9, 128); break; - case 11: /* Decrease size by a small value */ - newsz = oldsz - (ssize_t)util_rndGet(1, 8); + case 23 ... 26: /* Decrease size by a small value */ + newsz = oldsz - (ssize_t)util_rndGet(0, 8); break; - case 12: /* Decrease size by a larger value */ + case 27: /* Decrease size by a larger value */ newsz = oldsz - (ssize_t)util_rndGet(9, 128); break; default: -- cgit v1.2.3 From 1c1de25f4dbf2da8b23b6b7576d87ada516476b0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 8 Mar 2020 23:10:30 +0100 Subject: hfuzz: tlower_func -> tolower_func --- libhfuzz/memorycmp.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 404783ee..a394b274 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -41,15 +41,15 @@ static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { } static inline int HF_strcasecmp( - const char* s1, const char* s2, int (*tlower_func)(int), uintptr_t addr) { + const char* s1, const char* s2, int (*tolower_func)(int), uintptr_t addr) { size_t i; - for (i = 0; tlower_func((unsigned char)s1[i]) == tlower_func((unsigned char)s2[i]); i++) { + for (i = 0; tolower_func((unsigned char)s1[i]) == tolower_func((unsigned char)s2[i]); i++) { if (s1[i] == '\0' || s2[i] == '\0') { break; } } - int ret = tlower_func((unsigned char)s1[i]) - tlower_func((unsigned char)s2[i]); + int ret = tolower_func((unsigned char)s1[i]) - tolower_func((unsigned char)s2[i]); if (ret) { instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); instrumentAddConstStr(s1); @@ -82,11 +82,11 @@ static inline int HF_strncmp( return ret; } -static inline int HF_strncasecmp(const char* s1, const char* s2, size_t n, int (*tlower_func)(int), +static inline int HF_strncasecmp(const char* s1, const char* s2, size_t n, int (*tolower_func)(int), bool constfb, uintptr_t addr) { size_t i; for (i = 0; i < n; i++) { - if ((tlower_func((unsigned char)s1[i]) != tlower_func((unsigned char)s2[i])) || + if ((tolower_func((unsigned char)s1[i]) != tolower_func((unsigned char)s2[i])) || s1[i] == '\0' || s2[i] == '\0') { break; } @@ -96,7 +96,7 @@ static inline int HF_strncasecmp(const char* s1, const char* s2, size_t n, int ( return 0; } - int ret = tlower_func((unsigned char)s1[i]) - tlower_func((unsigned char)s2[i]); + int ret = tolower_func((unsigned char)s1[i]) - tolower_func((unsigned char)s2[i]); if (ret) { instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); if (constfb) { -- cgit v1.2.3 From 29e3eae236538df5e018549196b223eb066b548f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 8 Mar 2020 23:20:30 +0100 Subject: libhfuzz/memcmp+hfuzz-cc: more instrumented glib funcs --- hfuzz_cc/hfuzz-cc.c | 2 ++ libhfuzz/memorycmp.c | 22 ++++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index b62a8852..e75c5bd8 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -420,6 +420,8 @@ static int ldMode(int argc, char** argv) { args[j++] = "-Wl,--wrap=g_strstr_len"; args[j++] = "-Wl,--wrap=g_ascii_strcasecmp"; args[j++] = "-Wl,--wrap=g_ascii_strncasecmp"; + args[j++] = "-Wl,--wrap=g_str_has_prefix"; + args[j++] = "-Wl,--wrap=g_str_has_suffix"; #endif /* _HF_ARCH_DARWIN */ /* Pull modules defining the following symbols (if they exist) */ diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index a394b274..4b93752c 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -516,3 +516,25 @@ HF_WEAK_WRAP(int, g_ascii_strncasecmp, const char* s1, const char* s2, size_t n) return HF_strncasecmp(s1, s2, n, hf_glib_ascii_tolower, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } + +HF_WEAK_WRAP(bool, g_str_has_prefix, const char* str, const char* prefix) { + if (!str || !prefix) { + return false; + } + return (HF_strncmp(str, prefix, __builtin_strlen(prefix), instrumentConstAvail(), + (uintptr_t)__builtin_return_address(0)) == 0); +} + +HF_WEAK_WRAP(bool, g_str_has_suffix, const char* str, const char* suffix) { + if (!str || !suffix) { + return false; + } + size_t str_len = __builtin_strlen(str); + size_t suffix_len = __builtin_strlen(suffix); + if (str_len < suffix_len) { + return false; + } + + return ( + HF_strcmp(str + str_len - suffix_len, suffix, (uintptr_t)__builtin_return_address(0)) == 0); +} -- cgit v1.2.3 From df28db0d11281045e745ce1e32c647411d816cbf Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 9 Mar 2020 00:50:10 +0100 Subject: mangle: add Resize --- mangle.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mangle.c b/mangle.c index 3a9a2ee0..6f292b45 100644 --- a/mangle.c +++ b/mangle.c @@ -675,6 +675,7 @@ void mangle_mangleContent(run_t* run) { mangle_Expand, mangle_Shrink, mangle_ASCIIVal, + mangle_Resize, }; if (run->mutationsPerRun == 0U) { -- cgit v1.2.3 From dcef3daa32d80b508b0312f3ce7815826badd4a6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 9 Mar 2020 01:07:40 +0100 Subject: libhfuzz: cmsstrcasecmp uses toupper --- libhfuzz/memorycmp.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 4b93752c..5b712e6c 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -41,15 +41,15 @@ static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { } static inline int HF_strcasecmp( - const char* s1, const char* s2, int (*tolower_func)(int), uintptr_t addr) { + const char* s1, const char* s2, int (*cmp_func)(int), uintptr_t addr) { size_t i; - for (i = 0; tolower_func((unsigned char)s1[i]) == tolower_func((unsigned char)s2[i]); i++) { + for (i = 0; cmp_func((unsigned char)s1[i]) == cmp_func((unsigned char)s2[i]); i++) { if (s1[i] == '\0' || s2[i] == '\0') { break; } } - int ret = tolower_func((unsigned char)s1[i]) - tolower_func((unsigned char)s2[i]); + int ret = cmp_func((unsigned char)s1[i]) - cmp_func((unsigned char)s2[i]); if (ret) { instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); instrumentAddConstStr(s1); @@ -82,12 +82,12 @@ static inline int HF_strncmp( return ret; } -static inline int HF_strncasecmp(const char* s1, const char* s2, size_t n, int (*tolower_func)(int), - bool constfb, uintptr_t addr) { +static inline int HF_strncasecmp( + const char* s1, const char* s2, size_t n, int (*cmp_func)(int), bool constfb, uintptr_t addr) { size_t i; for (i = 0; i < n; i++) { - if ((tolower_func((unsigned char)s1[i]) != tolower_func((unsigned char)s2[i])) || - s1[i] == '\0' || s2[i] == '\0') { + if ((cmp_func((unsigned char)s1[i]) != cmp_func((unsigned char)s2[i])) || s1[i] == '\0' || + s2[i] == '\0') { break; } } @@ -96,7 +96,7 @@ static inline int HF_strncasecmp(const char* s1, const char* s2, size_t n, int ( return 0; } - int ret = tolower_func((unsigned char)s1[i]) - tolower_func((unsigned char)s2[i]); + int ret = cmp_func((unsigned char)s1[i]) - cmp_func((unsigned char)s2[i]); if (ret) { instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); if (constfb) { @@ -453,7 +453,7 @@ HF_WEAK_WRAP(bool, strcsequal, const void* s1, const void* s2) { * LittleCMS wrappers */ HF_WEAK_WRAP(int, cmsstrcasecmp, const void* s1, const void* s2) { - return HF_strcasecmp(s1, s2, tolower, (uintptr_t)__builtin_return_address(0)); + return HF_strcasecmp(s1, s2, toupper, (uintptr_t)__builtin_return_address(0)); } /* -- cgit v1.2.3 From 70277e8669a7429f9ba76684b476dba637c1ec47 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 9 Mar 2020 01:13:00 +0100 Subject: hfuzz/memorycmp: update cmp even if strings match --- libhfuzz/memorycmp.c | 61 ++++++++++++++++++++-------------------------------- 1 file changed, 23 insertions(+), 38 deletions(-) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 5b712e6c..5ed597e0 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -31,13 +31,10 @@ static inline int HF_strcmp(const char* s1, const char* s2, uintptr_t addr) { } } - int ret = (int)s1[i] - (int)s2[i]; - if (ret) { - instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); - instrumentAddConstStr(s1); - instrumentAddConstStr(s2); - } - return ret; + instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); + instrumentAddConstStr(s1); + instrumentAddConstStr(s2); + return (unsigned char)s1[i] - (unsigned char)s2[i]; } static inline int HF_strcasecmp( @@ -49,13 +46,10 @@ static inline int HF_strcasecmp( } } - int ret = cmp_func((unsigned char)s1[i]) - cmp_func((unsigned char)s2[i]); - if (ret) { - instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); - instrumentAddConstStr(s1); - instrumentAddConstStr(s2); - } - return ret; + instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); + instrumentAddConstStr(s1); + instrumentAddConstStr(s2); + return cmp_func((unsigned char)s1[i]) - cmp_func((unsigned char)s2[i]); } static inline int HF_strncmp( @@ -71,15 +65,12 @@ static inline int HF_strncmp( return 0; } - int ret = (int)s1[i] - (int)s2[i]; - if (ret) { - instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); - if (constfb) { - instrumentAddConstStrN(s1, n); - instrumentAddConstStrN(s2, n); - } + instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); + if (constfb) { + instrumentAddConstStrN(s1, n); + instrumentAddConstStrN(s2, n); } - return ret; + return (unsigned char)s1[i] - (unsigned char)s2[i]; } static inline int HF_strncasecmp( @@ -96,15 +87,12 @@ static inline int HF_strncasecmp( return 0; } - int ret = cmp_func((unsigned char)s1[i]) - cmp_func((unsigned char)s2[i]); - if (ret) { - instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); - if (constfb) { - instrumentAddConstStrN(s1, n); - instrumentAddConstStrN(s2, n); - } + instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); + if (constfb) { + instrumentAddConstStrN(s1, n); + instrumentAddConstStrN(s2, n); } - return ret; + return cmp_func((unsigned char)s1[i]) - cmp_func((unsigned char)s2[i]); } static inline char* HF_strstr(const char* haystack, const char* needle, uintptr_t addr) { @@ -161,15 +149,12 @@ static inline int HF_memcmp( return 0; } - int ret = (int)s1[i] - (int)s2[i]; - if (ret) { - instrumentUpdateCmpMap(HF_cmphash(addr, m1, m2), i); - if (constfb) { - instrumentAddConstMem(m1, n, /* check_if_ro= */ true); - instrumentAddConstMem(m2, n, /* check_if_ro= */ true); - } + instrumentUpdateCmpMap(HF_cmphash(addr, m1, m2), i); + if (constfb) { + instrumentAddConstMem(m1, n, /* check_if_ro= */ true); + instrumentAddConstMem(m2, n, /* check_if_ro= */ true); } - return ret; + return (unsigned char)s1[i] - (unsigned char)s2[i]; } static inline void* HF_memmem(const void* haystack, size_t haystacklen, const void* needle, -- cgit v1.2.3 From c8a8b280650a0b2817b403d8f65e1335efe107e0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 9 Mar 2020 01:30:51 +0100 Subject: libhfuzz/instrument: also instrument 1byte const value --- libhfuzz/instrument.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index a67c35bc..a8a643e8 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -237,7 +237,6 @@ void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { /* Standard __sanitizer_cov_trace_const_cmp wrappers */ void __sanitizer_cov_trace_const_cmp1(uint8_t Arg1, uint8_t Arg2) { - /* No need to report back 1 byte comparisons */ hfuzz_trace_cmp1_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } -- cgit v1.2.3 From ddb91272d6abdf82ad8374b1ba51e560cb9feeb3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 9 Mar 2020 11:02:23 +0100 Subject: libhfuzz/memcmp: instrument cmp map also if i==n for strncmp and memcmp --- libhfuzz/memorycmp.c | 45 ++++++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 5ed597e0..03f5aa9f 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -61,15 +61,16 @@ static inline int HF_strncmp( } } - if (i == n) { - return 0; - } - instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); if (constfb) { instrumentAddConstStrN(s1, n); instrumentAddConstStrN(s2, n); } + + if (i == n) { + return 0; + } + return (unsigned char)s1[i] - (unsigned char)s2[i]; } @@ -83,15 +84,16 @@ static inline int HF_strncasecmp( } } - if (i == n) { - return 0; - } - instrumentUpdateCmpMap(HF_cmphash(addr, s1, s2), i); if (constfb) { instrumentAddConstStrN(s1, n); instrumentAddConstStrN(s2, n); } + + if (i == n) { + return 0; + } + return cmp_func((unsigned char)s1[i]) - cmp_func((unsigned char)s2[i]); } @@ -101,6 +103,9 @@ static inline char* HF_strstr(const char* haystack, const char* needle, uintptr_ return (char*)haystack; } + instrumentAddConstStr(haystack); + instrumentAddConstStr(needle); + const char* h = haystack; for (; (h = __builtin_strchr(h, needle[0])) != NULL; h++) { if (HF_strncmp(h, needle, needle_len, /* constfb= */ false, addr) == 0) { @@ -108,9 +113,6 @@ static inline char* HF_strstr(const char* haystack, const char* needle, uintptr_ } } - instrumentAddConstStr(haystack); - instrumentAddConstStr(needle); - return NULL; } @@ -120,6 +122,9 @@ static inline char* HF_strcasestr(const char* haystack, const char* needle, uint return (char*)haystack; } + instrumentAddConstStr(haystack); + instrumentAddConstStr(needle); + for (size_t i = 0; haystack[i]; i++) { if (HF_strncasecmp(&haystack[i], needle, needle_len, tolower, /* constfb= */ false, addr) == 0) { @@ -127,9 +132,6 @@ static inline char* HF_strcasestr(const char* haystack, const char* needle, uint } } - instrumentAddConstStr(haystack); - instrumentAddConstStr(needle); - return NULL; } @@ -145,15 +147,16 @@ static inline int HF_memcmp( } } - if (i == n) { - return 0; - } - instrumentUpdateCmpMap(HF_cmphash(addr, m1, m2), i); if (constfb) { instrumentAddConstMem(m1, n, /* check_if_ro= */ true); instrumentAddConstMem(m2, n, /* check_if_ro= */ true); } + + if (i == n) { + return 0; + } + return (unsigned char)s1[i] - (unsigned char)s2[i]; } @@ -166,6 +169,9 @@ static inline void* HF_memmem(const void* haystack, size_t haystacklen, const vo return (void*)haystack; } + instrumentAddConstMem(haystack, haystacklen, /* check_if_ro= */ true); + instrumentAddConstMem(needle, needlelen, /* check_if_ro= */ true); + const char* h = haystack; for (size_t i = 0; i <= (haystacklen - needlelen); i++) { if (HF_memcmp(&h[i], needle, needlelen, /* constfb= */ false, addr) == 0) { @@ -173,9 +179,6 @@ static inline void* HF_memmem(const void* haystack, size_t haystacklen, const vo } } - instrumentAddConstMem(haystack, haystacklen, /* check_if_ro= */ true); - instrumentAddConstMem(needle, needlelen, /* check_if_ro= */ true); - return NULL; } -- cgit v1.2.3 From c12b8857425f22a99cda4f0e68dc797e9a122ce7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 9 Mar 2020 11:51:31 +0100 Subject: input: simpler dictioary parsing --- input.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/input.c b/input.c index fc7407c1..8366dffc 100644 --- a/input.c +++ b/input.c @@ -237,10 +237,22 @@ bool input_parseDictionary(honggfuzz_t* hfuzz) { if (lineptr[0] == '\0') { continue; } + + const char* start = strchr(lineptr, '"'); + char* end = strrchr(lineptr, '"'); + if (!start || !end) { + LOG_W("Malformed dictionary line '%s', skipping", lineptr); + continue; + } + if ((uintptr_t)start == (uintptr_t)end) { + LOG_W("Malformed dictionary line '%s', skipping", lineptr); + continue; + } + *end = '\0'; + char bufv[1025] = {}; - if (sscanf(lineptr, "\"%1024[^\"]", bufv) != 1 && - sscanf(lineptr, "%*1024[^=]=\"%1024[^\"]", bufv) != 1) { - LOG_W("Incorrect dictionary entry: '%s'. Skipping", lineptr); + if (sscanf(&start[1], "%1024c", bufv) != 1) { + LOG_W("Malformed dictionary line '%s', skipping", lineptr); continue; } -- cgit v1.2.3 From 815ccf8e9580b8c83ee673211da9fa217d354b5f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 9 Mar 2020 23:08:39 +0100 Subject: mangle: CloneByte seems useless, and improve ASCIIVal: --- mangle.c | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/mangle.c b/mangle.c index 6f292b45..61cf2627 100644 --- a/mangle.c +++ b/mangle.c @@ -576,15 +576,6 @@ static void mangle_NegByte(run_t* run, bool printable) { } } -static void mangle_CloneByte(run_t* run, bool printable HF_ATTR_UNUSED) { - size_t off1 = mangle_getOffSet(run); - size_t off2 = mangle_getOffSet(run); - - uint8_t tmp = run->dynamicFile[off1]; - run->dynamicFile[off1] = run->dynamicFile[off2]; - run->dynamicFile[off2] = tmp; -} - static void mangle_Expand(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); size_t len = util_rndGet(1, run->dynamicFileSz - off); @@ -648,11 +639,11 @@ static void mangle_Resize(run_t* run, bool printable) { } static void mangle_ASCIIVal(run_t* run, bool printable HF_ATTR_UNUSED) { - char buf[32]; - snprintf(buf, sizeof(buf), "%" PRId64, (int64_t)util_rnd64()); + char buf[20]; + snprintf(buf, sizeof(buf), "%-19" PRId64, (int64_t)util_rnd64()); size_t off = mangle_getOffSet(run); - mangle_Overwrite(run, (uint8_t*)buf, off, strlen(buf)); + mangle_Overwrite(run, (uint8_t*)buf, off, util_rndGet(1, sizeof(buf)) - 1); } void mangle_mangleContent(run_t* run) { @@ -671,7 +662,6 @@ void mangle_mangleContent(run_t* run) { mangle_MemMove, mangle_MemSet, mangle_Random, - mangle_CloneByte, mangle_Expand, mangle_Shrink, mangle_ASCIIVal, -- cgit v1.2.3 From bfd7d00698ff448d3a08bfcf1f11bc101142f6d2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 10 Mar 2020 11:19:07 +0100 Subject: mangle: ASCII val - overwrtie 2 to 8 bytes --- mangle.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mangle.c b/mangle.c index 61cf2627..265beeec 100644 --- a/mangle.c +++ b/mangle.c @@ -641,9 +641,9 @@ static void mangle_Resize(run_t* run, bool printable) { static void mangle_ASCIIVal(run_t* run, bool printable HF_ATTR_UNUSED) { char buf[20]; snprintf(buf, sizeof(buf), "%-19" PRId64, (int64_t)util_rnd64()); - size_t off = mangle_getOffSet(run); - mangle_Overwrite(run, (uint8_t*)buf, off, util_rndGet(1, sizeof(buf)) - 1); + size_t off = mangle_getOffSet(run); + mangle_Overwrite(run, (uint8_t*)buf, off, util_rndGet(2, 8)); } void mangle_mangleContent(run_t* run) { -- cgit v1.2.3 From 0021619f4e0383009dbbdbb231178f3061f05e59 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 10 Mar 2020 21:19:12 +0100 Subject: wrap str(n)icmp and sqlite3 string comparison funcs --- hfuzz_cc/hfuzz-cc.c | 5 +++++ libhfuzz/memorycmp.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index e75c5bd8..e4995be3 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -380,8 +380,10 @@ static int ldMode(int argc, char** argv) { /* Intercept common *cmp functions */ args[j++] = "-Wl,--wrap=strcmp"; args[j++] = "-Wl,--wrap=strcasecmp"; + args[j++] = "-Wl,--wrap=stricmp"; args[j++] = "-Wl,--wrap=strncmp"; args[j++] = "-Wl,--wrap=strncasecmp"; + args[j++] = "-Wl,--wrap=strnicmp"; args[j++] = "-Wl,--wrap=strstr"; args[j++] = "-Wl,--wrap=strcasestr"; args[j++] = "-Wl,--wrap=memcmp"; @@ -422,6 +424,9 @@ static int ldMode(int argc, char** argv) { args[j++] = "-Wl,--wrap=g_ascii_strncasecmp"; args[j++] = "-Wl,--wrap=g_str_has_prefix"; args[j++] = "-Wl,--wrap=g_str_has_suffix"; + /* SQLite3 wrappers */ + args[j++] = "-Wl,--wrap=sqlite3_stricmp"; + args[j++] = "-Wl,--wrap=sqlite3_strnicmp"; #endif /* _HF_ARCH_DARWIN */ /* Pull modules defining the following symbols (if they exist) */ diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 03f5aa9f..3a388c3f 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -212,6 +212,13 @@ void __sanitizer_weak_hook_strcasecmp( uintptr_t pc, const char* s1, const char* s2, int result HF_ATTR_UNUSED) { HF_strcasecmp(s1, s2, tolower, pc); } +HF_WEAK_WRAP(int, stricmp, const char* s1, const char* s2) { + return HF_strcasecmp(s1, s2, tolower, (uintptr_t)__builtin_return_address(0)); +} +void __sanitizer_weak_hook_stricmp( + uintptr_t pc, const char* s1, const char* s2, int result HF_ATTR_UNUSED) { + HF_strcasecmp(s1, s2, tolower, pc); +} HF_WEAK_WRAP(int, strncmp, const char* s1, const char* s2, size_t n) { return HF_strncmp(s1, s2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } @@ -227,6 +234,14 @@ void __sanitizer_weak_hook_strncasecmp( uintptr_t pc, const char* s1, const char* s2, size_t n, int result HF_ATTR_UNUSED) { HF_strncasecmp(s1, s2, n, tolower, instrumentConstAvail(), pc); } +HF_WEAK_WRAP(int, strnicmp, const char* s1, const char* s2, size_t n) { + return HF_strncasecmp( + s1, s2, n, tolower, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); +} +void __sanitizer_weak_hook_strnicmp( + uintptr_t pc, const char* s1, const char* s2, size_t n, int result HF_ATTR_UNUSED) { + HF_strncasecmp(s1, s2, n, tolower, instrumentConstAvail(), pc); +} HF_WEAK_WRAP(char*, strstr, const char* haystack, const char* needle) { return HF_strstr(haystack, needle, (uintptr_t)__builtin_return_address(0)); } @@ -526,3 +541,30 @@ HF_WEAK_WRAP(bool, g_str_has_suffix, const char* str, const char* suffix) { return ( HF_strcmp(str + str_len - suffix_len, suffix, (uintptr_t)__builtin_return_address(0)) == 0); } + +/* SQLite3 wrappers */ +HF_WEAK_WRAP(int, sqlite3_stricmp, const char* s1, const char* s2) { + if (!s1 && !s2) { + return 0; + } + if (!s1) { + return 1; + } + if (!s2) { + return -1; + } + return HF_strcasecmp(s1, s2, tolower, (uintptr_t)__builtin_return_address(0)); +} +HF_WEAK_WRAP(int, sqlite3_strnicmp, const char* s1, const char* s2, int n) { + if (!s1 && !s2) { + return 0; + } + if (!s1) { + return 1; + } + if (!s2) { + return -1; + } + return HF_strncasecmp( + s1, s2, n, tolower, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); +} -- cgit v1.2.3 From b7911294be9c0403c46883827f8f576e516adf4c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 12 Mar 2020 00:11:29 +0100 Subject: libhfuzz/hfuzz-cc: sqlite3 wrappers are not effective, cause it's just one *.o file internally resolved --- hfuzz_cc/hfuzz-cc.c | 3 --- libhfuzz/memorycmp.c | 27 --------------------------- 2 files changed, 30 deletions(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index e4995be3..42c98249 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -424,9 +424,6 @@ static int ldMode(int argc, char** argv) { args[j++] = "-Wl,--wrap=g_ascii_strncasecmp"; args[j++] = "-Wl,--wrap=g_str_has_prefix"; args[j++] = "-Wl,--wrap=g_str_has_suffix"; - /* SQLite3 wrappers */ - args[j++] = "-Wl,--wrap=sqlite3_stricmp"; - args[j++] = "-Wl,--wrap=sqlite3_strnicmp"; #endif /* _HF_ARCH_DARWIN */ /* Pull modules defining the following symbols (if they exist) */ diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 3a388c3f..03279900 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -541,30 +541,3 @@ HF_WEAK_WRAP(bool, g_str_has_suffix, const char* str, const char* suffix) { return ( HF_strcmp(str + str_len - suffix_len, suffix, (uintptr_t)__builtin_return_address(0)) == 0); } - -/* SQLite3 wrappers */ -HF_WEAK_WRAP(int, sqlite3_stricmp, const char* s1, const char* s2) { - if (!s1 && !s2) { - return 0; - } - if (!s1) { - return 1; - } - if (!s2) { - return -1; - } - return HF_strcasecmp(s1, s2, tolower, (uintptr_t)__builtin_return_address(0)); -} -HF_WEAK_WRAP(int, sqlite3_strnicmp, const char* s1, const char* s2, int n) { - if (!s1 && !s2) { - return 0; - } - if (!s1) { - return 1; - } - if (!s2) { - return -1; - } - return HF_strncasecmp( - s1, s2, n, tolower, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); -} -- cgit v1.2.3 From 40e1df6f8f3ecd11c9c8ab15679414d85df386a6 Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Thu, 12 Mar 2020 12:34:22 +1300 Subject: Makefile: libunwind 1.2.1 (Ubuntu 19.10) wants liblzma We see ld.lld: error: /usr/lib/gcc/x86_64-linux-gnu/9/../../../x86_64-linux-gnu/libunwind-ptrace.so: undefined reference to lzma_stream_buffer_decode and so forth. The BUILD_OSSFUZZ_STATIC branch doesn't need changing because pkgconfig adds the -llzma. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 596703c2..c757d566 100644 --- a/Makefile +++ b/Makefile @@ -51,7 +51,7 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes -lopcodes -lbfd -liberty -lz \ -Wl,-Bdynamic else - ARCH_LDFLAGS += -lunwind-ptrace -lunwind-generic -lunwind \ + ARCH_LDFLAGS += -lunwind-ptrace -lunwind-generic -lunwind -llzma \ -lopcodes -lbfd endif ARCH_LDFLAGS += -lrt -ldl -lm -- cgit v1.2.3 From 9feaac5d1885b13097da350949d6194b9801e9a2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 12 Mar 2020 07:45:51 +0100 Subject: libhfcommon/util: make util_getProgAddr return a tri-state value --- libhfcommon/util.c | 16 ++++++++-------- libhfcommon/util.h | 8 +++++++- libhfuzz/instrument.c | 6 +++--- libhfuzz/memorycmp.c | 4 ++-- 4 files changed, 20 insertions(+), 14 deletions(-) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index ab46d5cf..e7886f3f 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -804,27 +804,27 @@ const char* util_sigName(int signo) { } #if !defined(_HF_ARCH_DARWIN) -static int addrRO_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { +static int addrStatic_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { for (size_t i = 0; i < info->dlpi_phnum; i++) { uintptr_t addr_start = info->dlpi_addr + info->dlpi_phdr[i].p_vaddr; uintptr_t addr_end = info->dlpi_addr + info->dlpi_phdr[i].p_vaddr + info->dlpi_phdr[i].p_memsz; if (((uintptr_t)data >= addr_start) && ((uintptr_t)data < addr_end)) { if ((info->dlpi_phdr[i].p_flags & PF_W) == 0) { - return 1; + return LHFC_ADDR_RO; } else { - return 2; + return LHFC_ADDR_RW; } } } - return 0; + return LHFC_ADDR_NOTFOUND; } -bool util_isAddrRO(const void* addr) { - return (dl_iterate_phdr(addrRO_cb, (void*)addr) == 1); +lhfc_addr_t util_getProgAddr(const void* addr) { + return (lhfc_addr_t)dl_iterate_phdr(addrStatic_cb, (void*)addr); } #else /* !defined(_HF_ARCH_DARWIN) */ -bool util_isAddrRO(const void* addr) { - return false; +bool util_getProgAddr(const void* addr HF_ADDR_UNUSED) { + return LHFC_ADDR_NOTFOUND; } #endif /* !defined(_HF_ARCH_DARWIN) */ diff --git a/libhfcommon/util.h b/libhfcommon/util.h index 5a5826e4..0a20f9e3 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -92,6 +92,12 @@ __attribute__((always_inline)) static inline bool ATOMIC_BITMAP_SET(uint8_t* add #define HF_MAX(x, y) ((x > y) ? x : y) #define HF_MIN(x, y) ((x < y) ? x : y) +typedef enum { + LHFC_ADDR_NOTFOUND = 0, + LHFC_ADDR_RO = 1, + LHFC_ADDR_RW = 2, +} lhfc_addr_t; + extern void* util_Malloc(size_t sz); extern void* util_Calloc(size_t sz); extern void* util_MMap(size_t sz); @@ -116,7 +122,7 @@ extern void util_turnToPrintable(uint8_t* buf, size_t sz); extern void util_closeStdio(bool close_stdin, bool close_stdout, bool close_stderr); -extern bool util_isAddrRO(const void* addr); +extern lhfc_addr_t util_getProgAddr(const void* addr); extern uint64_t util_hash(const char* buf, size_t len); extern int64_t fastArray64Search(uint64_t* array, size_t arraySz, uint64_t key); diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index a8a643e8..04920315 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -512,7 +512,7 @@ void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { if (!instrumentLimitEvery(128)) { return; } - if (check_if_ro && !util_isAddrRO(mem)) { + if (check_if_ro && util_getProgAddr(mem) != LHFC_ADDR_RO) { return; } instrumentAddConstMemInternal(mem, len); @@ -525,7 +525,7 @@ void instrumentAddConstStr(const char* s) { if (!instrumentLimitEvery(128)) { return; } - if (!util_isAddrRO(s)) { + if (util_getProgAddr(s) != LHFC_ADDR_RO) { return; } instrumentAddConstMemInternal(s, strlen(s)); @@ -541,7 +541,7 @@ void instrumentAddConstStrN(const char* s, size_t n) { if (!instrumentLimitEvery(128)) { return; } - if (!util_isAddrRO(s)) { + if (util_getProgAddr(s) != LHFC_ADDR_RO) { return; } instrumentAddConstMemInternal(s, strnlen(s, n)); diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 03279900..e8293c17 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -14,10 +14,10 @@ __attribute__((visibility("default"))) __attribute__((used)) const char* const LIBHFUZZ_module_memorycmp = "LIBHFUZZ_module_memorycmp"; static inline uintptr_t HF_cmphash(uintptr_t addr, const void* s1, const void* s2) { - if (util_isAddrRO(s1)) { + if (util_getProgAddr(s1) == LHFC_ADDR_RO) { addr ^= ((uintptr_t)s1 << 2); } - if (util_isAddrRO(s2)) { + if (util_getProgAddr(s2) == LHFC_ADDR_RO) { addr ^= ((uintptr_t)s2 << 4); } return addr; -- cgit v1.2.3 From f0fc8f7056aa7ad74ad7074e05275d0580c7e159 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 12 Mar 2020 07:52:54 +0100 Subject: libhfcommon/util: correct declaration of util_getProgAddr for macos --- libhfcommon/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index e7886f3f..244bf677 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -824,7 +824,7 @@ lhfc_addr_t util_getProgAddr(const void* addr) { return (lhfc_addr_t)dl_iterate_phdr(addrStatic_cb, (void*)addr); } #else /* !defined(_HF_ARCH_DARWIN) */ -bool util_getProgAddr(const void* addr HF_ADDR_UNUSED) { +lhfc_addr_t util_getProgAddr(const void* addr) { return LHFC_ADDR_NOTFOUND; } #endif /* !defined(_HF_ARCH_DARWIN) */ -- cgit v1.2.3 From 4887bbeee207da835af743b9abcbb7f6fd6e54b4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 14 Mar 2020 13:37:33 +0100 Subject: hfuzz-cc: don't reference libhfuzz lib twice, only at the end of compilation cmdline. Also, make LIBHFUZZ_module modules hidden, so they stay inside DSOs --- hfuzz_cc/hfuzz-cc.c | 7 +------ libhfuzz/instrument.c | 2 +- libhfuzz/memorycmp.c | 2 +- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 42c98249..66592ff1 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -437,16 +437,11 @@ static int ldMode(int argc, char** argv) { args[j++] = "-Wl,-u,LIBHFUZZ_module_memorycmp"; #endif /* _HF_ARCH_DARWIN */ - /* Reference standard honggfuzz libraries first (libhfuzz, libhfcommon and libhfnetdriver) */ - args[j++] = getLibHFNetDriverPath(); - args[j++] = getLibHFuzzPath(); - args[j++] = getLibHFCommonPath(); - for (int i = 1; i < argc; i++) { args[j++] = argv[i]; } - /* Reference standard libs again, in case some symbols are still missing */ + /* Reference standard honggfuzz libraries first (libhfuzz, libhfcommon and libhfnetdriver) */ args[j++] = getLibHFNetDriverPath(); args[j++] = getLibHFuzzPath(); args[j++] = getLibHFCommonPath(); diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 04920315..cfcedf10 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -20,7 +20,7 @@ #include "libhfcommon/log.h" #include "libhfcommon/util.h" -__attribute__((visibility("default"))) __attribute__((used)) +__attribute__((visibility("hidden"))) __attribute__((used)) const char* const LIBHFUZZ_module_instrument = "LIBHFUZZ_module_instrument"; /* diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index e8293c17..69f48bc4 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -10,7 +10,7 @@ #include "libhfcommon/util.h" #include "libhfuzz/instrument.h" -__attribute__((visibility("default"))) __attribute__((used)) +__attribute__((visibility("hidden"))) __attribute__((used)) const char* const LIBHFUZZ_module_memorycmp = "LIBHFUZZ_module_memorycmp"; static inline uintptr_t HF_cmphash(uintptr_t addr, const void* s1, const void* s2) { -- cgit v1.2.3 From 5bc2e9b75c631e62d3b3e248330032b12c1786ab Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 14 Mar 2020 20:41:06 +0100 Subject: libhfuzz/hfuzz-cc: support -fsanitize=fuzzer-no-link instrumentation --- hfuzz_cc/hfuzz-cc.c | 14 +++++++- honggfuzz.h | 2 +- libhfcommon/util.h | 2 ++ libhfuzz/instrument.c | 96 +++++++++++++++++++++++++++++++++++++++++++-------- libhfuzz/instrument.h | 2 ++ libhfuzz/memorycmp.c | 4 +-- libhfuzz/persistent.c | 2 ++ 7 files changed, 102 insertions(+), 20 deletions(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 66592ff1..d5fb8331 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -86,6 +86,13 @@ static bool useBelowGCC8() { return false; } +static bool useClangFuzzerNoLink() { + if (getenv("HFUZZ_CLANG_USE_FUZZER_NO_LINK")) { + return true; + } + return false; +} + static bool isLDMode(int argc, char** argv) { for (int i = 1; i < argc; i++) { if (strcmp(argv[i], "--version") == 0) { @@ -308,7 +315,12 @@ static void commonOpts(int* j, char** args) { } } else { args[(*j)++] = "-Wno-unused-command-line-argument"; - args[(*j)++] = "-fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div,indirect-calls"; + if (useClangFuzzerNoLink()) { + args[(*j)++] = "-fsanitize=fuzzer-no-link"; + args[(*j)++] = "-fsanitize-coverage=trace-cmp,trace-div,indirect-calls"; + } else { + args[(*j)++] = "-fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div,indirect-calls"; + } args[(*j)++] = "-mllvm"; args[(*j)++] = "-sanitizer-coverage-prune-blocks=1"; } diff --git a/honggfuzz.h b/honggfuzz.h index 403eb124..08d9bcd5 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -180,7 +180,7 @@ struct strings_t { }; typedef struct { - bool pcGuardMap[_HF_PC_GUARD_MAX]; + uint8_t pcGuardMap[_HF_PC_GUARD_MAX]; uint8_t bbMapPc[_HF_PERF_BITMAP_SIZE_16M]; uint32_t bbMapCmp[_HF_PERF_BITMAP_SIZE_16M]; uint64_t pidFeedbackPc[_HF_THREAD_MAX]; diff --git a/libhfcommon/util.h b/libhfcommon/util.h index 0a20f9e3..a2bff96b 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -92,6 +92,8 @@ __attribute__((always_inline)) static inline bool ATOMIC_BITMAP_SET(uint8_t* add #define HF_MAX(x, y) ((x > y) ? x : y) #define HF_MIN(x, y) ((x < y) ? x : y) +#define util_Log2(v) ((sizeof(unsigned int) * 8) - __builtin_clz((unsigned int)v) - 1) + typedef enum { LHFC_ADDR_NOTFOUND = 0, LHFC_ADDR_RO = 1, diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index cfcedf10..901111f8 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -126,6 +126,19 @@ __attribute__((constructor)) void hfuzzInstrumentInit(void) { pthread_once(&localInitOnce, initializeInstrument); } +__attribute__((weak)) size_t instrumentReserveGuard(size_t cnt) { + static size_t guardCnt = 1; + size_t base = guardCnt; + guardCnt += cnt; + if (guardCnt >= _HF_PC_GUARD_MAX) { + LOG_F("This process requested too many PC-guards:%zu requested:%zu", guardCnt, cnt); + } + if (ATOMIC_GET(covFeedback->guardNb) < guardCnt) { + ATOMIC_SET(covFeedback->guardNb, guardCnt); + } + return base; +} + static inline int _memcmp(const uint8_t* m1, const uint8_t* m2, size_t n) { for (size_t i = 0; i < n; i++) { if (m1[i] != m2[i]) { @@ -347,7 +360,6 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div4(uint32_t Val) { /* * -fsanitize-coverage=indirect-calls */ - HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_indir(uintptr_t callee) { register size_t pos1 = (uintptr_t)__builtin_return_address(0) << 12; register size_t pos2 = callee & 0xFFF; @@ -381,7 +393,6 @@ __attribute__((weak)) HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_indir_call16( static bool guards_initialized = false; HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start, uint32_t* stop) { guards_initialized = true; - static uint32_t n = 1U; /* Make sure that the feedback struct is already mmap()'d */ hfuzzInstrumentInit(); @@ -392,20 +403,13 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start return; } - LOG_D("Module initialization: %p-%p at %" PRId32, start, stop, n); - for (uint32_t* x = start; x < stop; x++, n++) { - if (n >= _HF_PC_GUARD_MAX) { - LOG_F("This process has too many PC guards:%" PRIu32 - " (current module:%tu start:%p stop:%p)\n", - n, ((uintptr_t)stop - (uintptr_t)start) / sizeof(start), start, stop); - } - /* If the corresponding PC was already hit, map this specific guard as uninteresting (0) */ - *x = ATOMIC_GET(covFeedback->pcGuardMap[n]) ? 0U : n; - } + LOG_D("PC-Guard module initialization: %p-%p (count:%zu) at %" PRId64, start, stop, + ((uintptr_t)stop - (uintptr_t)start) / sizeof(*start), ATOMIC_GET(covFeedback->guardNb)); - /* Store number of guards for statistical purposes */ - if (ATOMIC_GET(covFeedback->guardNb) < n - 1) { - ATOMIC_SET(covFeedback->guardNb, n - 1); + for (uint32_t* x = start; x < stop; x++) { + uint32_t guardNo = instrumentReserveGuard(1); + /* If the corresponding PC was already hit, map this specific guard as uninteresting (0) */ + *x = ATOMIC_GET(covFeedback->pcGuardMap[guardNo]) ? 0U : guardNo; } } @@ -446,6 +450,68 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { } } +/* Support up to 128 DSO modules with separate 8bit counters */ +static struct { + uint8_t* start; + size_t cnt; + size_t guard; +} hf8bitcounters[128] = {}; + +void instrument8BitCountersCount(void) { + for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters) && hf8bitcounters[i].start; i++) { + for (size_t j = 0; j < hf8bitcounters[i].cnt; j++) { + uint8_t v = hf8bitcounters[i].start[j]; + if (!v) { + continue; + } + uint8_t new = 1U << util_Log2((unsigned int)v); + size_t guard = hf8bitcounters[i].guard + j; + + if ((ATOMIC_GET(covFeedback->pcGuardMap[guard]) & new) == 0) { + uint8_t prev = ATOMIC_POST_OR(covFeedback->pcGuardMap[guard], new); + if (!prev) { + ATOMIC_PRE_INC(covFeedback->pidFeedbackEdge[my_thread_no]); + } else if ((prev & new) == 0) { + ATOMIC_PRE_INC(covFeedback->pidFeedbackCmp[my_thread_no]); + } + } + } + memset(hf8bitcounters[i].start, '\0', hf8bitcounters[i].cnt); + } +} + +void instrument8BitCountersClear(void) { + for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters) && hf8bitcounters[i].start; i++) { + __builtin_memset(hf8bitcounters[i].start, '\0', hf8bitcounters[i].cnt); + } +} + +void __sanitizer_cov_8bit_counters_init(char* start, char* end) { + /* Make sure that the feedback struct is already mmap()'d */ + hfuzzInstrumentInit(); + + for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters); i++) { + if (hf8bitcounters[i].start == NULL) { + hf8bitcounters[i].start = (uint8_t*)start; + hf8bitcounters[i].cnt = (uintptr_t)end - (uintptr_t)start + 1; + hf8bitcounters[i].guard = instrumentReserveGuard(hf8bitcounters[i].cnt); + + LOG_D("8-bit module initialization %p-%p (count:%zu) at guard %zu", start, end, + hf8bitcounters[i].cnt, hf8bitcounters[i].guard); + + break; + } + } +} + +/* Not implemented yet */ +void __sanitizer_cov_pcs_init( + const uintptr_t* pcs_beg HF_ATTR_UNUSED, const uintptr_t* pcs_end HF_ATTR_UNUSED) { +} + +/* For some reason -fsanitize=fuzzer-no-link references this symbol */ +__attribute__((weak)) __thread uintptr_t __sancov_lowest_stack = 0; + bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { uintptr_t pos = addr % _HF_PERF_BITMAP_SIZE_16M; uint32_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); diff --git a/libhfuzz/instrument.h b/libhfuzz/instrument.h index 3c860929..08f84e55 100644 --- a/libhfuzz/instrument.h +++ b/libhfuzz/instrument.h @@ -29,6 +29,8 @@ #include /* Returns true if the new value is better */ +void instrument8BitCountersCount(void); +void instrument8BitCountersClear(void); bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v); void instrumentClearNewCov(); void instrumentAddConstMem(const void* m, size_t len, bool check_if_ro); diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 69f48bc4..436e4767 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -185,10 +185,8 @@ static inline void* HF_memmem(const void* haystack, size_t haystacklen, const vo static inline char* HF_strcpy(char* dest, const char* src, uintptr_t addr) { size_t len = __builtin_strlen(src); if (len > 0) { - uint32_t level = (sizeof(len) * 8) - __builtin_clzl(len); - instrumentUpdateCmpMap(addr, level); + instrumentUpdateCmpMap(addr, util_Log2(len)); } - return __builtin_memcpy(dest, src, len + 1); } diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c index 93930afb..c9891456 100644 --- a/libhfuzz/persistent.c +++ b/libhfuzz/persistent.c @@ -60,6 +60,7 @@ extern const char* const LIBHFUZZ_module_memorycmp; extern const char* const LIBHFUZZ_module_instrument; static void HonggfuzzRunOneInput(const uint8_t* buf, size_t len) { int ret = LLVMFuzzerTestOneInput(buf, len); + instrument8BitCountersCount(); if (ret != 0) { LOG_D("Dereferenced: %s, %s", LIBHFUZZ_module_memorycmp, LIBHFUZZ_module_instrument); LOG_F("LLVMFuzzerTestOneInput() returned '%d' instead of '0'", ret); @@ -67,6 +68,7 @@ static void HonggfuzzRunOneInput(const uint8_t* buf, size_t len) { } static void HonggfuzzPersistentLoop(void) { + instrument8BitCountersClear(); for (;;) { size_t len; const uint8_t* buf; -- cgit v1.2.3 From fca24caf1f7bfa476abce93f71ec0c30c52eec75 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 14 Mar 2020 21:14:51 +0100 Subject: libhfuzz/instrument: clear old map as it's being counted --- libhfuzz/instrument.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 901111f8..16713354 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -464,19 +464,20 @@ void instrument8BitCountersCount(void) { if (!v) { continue; } + hf8bitcounters[i].start[j] = 0; + uint8_t new = 1U << util_Log2((unsigned int)v); size_t guard = hf8bitcounters[i].guard + j; - if ((ATOMIC_GET(covFeedback->pcGuardMap[guard]) & new) == 0) { + if (ATOMIC_GET(covFeedback->pcGuardMap[guard]) < new) { uint8_t prev = ATOMIC_POST_OR(covFeedback->pcGuardMap[guard], new); if (!prev) { ATOMIC_PRE_INC(covFeedback->pidFeedbackEdge[my_thread_no]); - } else if ((prev & new) == 0) { + } else if (new > prev) { ATOMIC_PRE_INC(covFeedback->pidFeedbackCmp[my_thread_no]); } } } - memset(hf8bitcounters[i].start, '\0', hf8bitcounters[i].cnt); } } -- cgit v1.2.3 From fbc04dd216e5c54a21a7ea40bba8e041cd6323a9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 15 Mar 2020 01:10:23 +0100 Subject: libhfuzz/instrument: increase number of 8bit instrumented regions to 256 --- libhfuzz/instrument.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 16713354..9fb8dcdd 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -450,12 +450,12 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { } } -/* Support up to 128 DSO modules with separate 8bit counters */ +/* Support up to 256 DSO modules with separate 8bit counters */ static struct { uint8_t* start; size_t cnt; size_t guard; -} hf8bitcounters[128] = {}; +} hf8bitcounters[256] = {}; void instrument8BitCountersCount(void) { for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters) && hf8bitcounters[i].start; i++) { @@ -491,15 +491,17 @@ void __sanitizer_cov_8bit_counters_init(char* start, char* end) { /* Make sure that the feedback struct is already mmap()'d */ hfuzzInstrumentInit(); + if ((uintptr_t)start == (uintptr_t)end) { + return; + } + for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters); i++) { if (hf8bitcounters[i].start == NULL) { hf8bitcounters[i].start = (uint8_t*)start; hf8bitcounters[i].cnt = (uintptr_t)end - (uintptr_t)start + 1; hf8bitcounters[i].guard = instrumentReserveGuard(hf8bitcounters[i].cnt); - LOG_D("8-bit module initialization %p-%p (count:%zu) at guard %zu", start, end, hf8bitcounters[i].cnt, hf8bitcounters[i].guard); - break; } } -- cgit v1.2.3 From e98e71a32bda00fbe6c496294a099db796f53458 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 15 Mar 2020 01:15:06 +0100 Subject: libhfuzz/instrument: end of __sanitizer_cov_8bit_counters_init is not included --- libhfuzz/instrument.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 9fb8dcdd..f099ebbe 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -397,6 +397,9 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start /* Make sure that the feedback struct is already mmap()'d */ hfuzzInstrumentInit(); + if ((uintptr_t)start == (uintptr_t)stop) { + return; + } /* If this module was already initialized, skip it */ if (*start > 0) { LOG_D("Module %p-%p is already initialized", start, stop); @@ -498,7 +501,7 @@ void __sanitizer_cov_8bit_counters_init(char* start, char* end) { for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters); i++) { if (hf8bitcounters[i].start == NULL) { hf8bitcounters[i].start = (uint8_t*)start; - hf8bitcounters[i].cnt = (uintptr_t)end - (uintptr_t)start + 1; + hf8bitcounters[i].cnt = (uintptr_t)end - (uintptr_t)start; hf8bitcounters[i].guard = instrumentReserveGuard(hf8bitcounters[i].cnt); LOG_D("8-bit module initialization %p-%p (count:%zu) at guard %zu", start, end, hf8bitcounters[i].cnt, hf8bitcounters[i].guard); -- cgit v1.2.3 From b8de119fc3db841d8b858d508fca86c74b6e19be Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 15 Mar 2020 01:41:20 +0100 Subject: libhfuzz/instrument: don't add to const_dict if the value is 0 --- libhfuzz/instrument.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index f099ebbe..ddfa6cb6 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -254,17 +254,23 @@ void __sanitizer_cov_trace_const_cmp1(uint8_t Arg1, uint8_t Arg2) { } void __sanitizer_cov_trace_const_cmp2(uint16_t Arg1, uint16_t Arg2) { - instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); + if (Arg1) { + instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); + } hfuzz_trace_cmp2_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } void __sanitizer_cov_trace_const_cmp4(uint32_t Arg1, uint32_t Arg2) { - instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); + if (Arg1) { + instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); + } hfuzz_trace_cmp4_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } void __sanitizer_cov_trace_const_cmp8(uint64_t Arg1, uint64_t Arg2) { - instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); + if (Arg1) { + instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); + } hfuzz_trace_cmp8_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } -- cgit v1.2.3 From a60154ba99b8fd9370d3b485d69ef3238eb99ef9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 15 Mar 2020 02:02:52 +0100 Subject: libhfuzz/memcmp: no need to save haystacks --- libhfuzz/memorycmp.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 436e4767..a7f5b096 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -103,7 +103,6 @@ static inline char* HF_strstr(const char* haystack, const char* needle, uintptr_ return (char*)haystack; } - instrumentAddConstStr(haystack); instrumentAddConstStr(needle); const char* h = haystack; @@ -122,7 +121,6 @@ static inline char* HF_strcasestr(const char* haystack, const char* needle, uint return (char*)haystack; } - instrumentAddConstStr(haystack); instrumentAddConstStr(needle); for (size_t i = 0; haystack[i]; i++) { @@ -169,7 +167,6 @@ static inline void* HF_memmem(const void* haystack, size_t haystacklen, const vo return (void*)haystack; } - instrumentAddConstMem(haystack, haystacklen, /* check_if_ro= */ true); instrumentAddConstMem(needle, needlelen, /* check_if_ro= */ true); const char* h = haystack; -- cgit v1.2.3 From cc8783100bee6c551d3eb13bb27e5eddb696244d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 15 Mar 2020 02:31:08 +0100 Subject: libhfuzz/memory: add bswap'd values to the const feedback dict as well --- libhfuzz/instrument.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index ddfa6cb6..7ebc0005 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -255,6 +255,8 @@ void __sanitizer_cov_trace_const_cmp1(uint8_t Arg1, uint8_t Arg2) { void __sanitizer_cov_trace_const_cmp2(uint16_t Arg1, uint16_t Arg2) { if (Arg1) { + uint16_t bswp = __builtin_bswap16(Arg1); + instrumentAddConstMem(&bswp, sizeof(bswp), /* check_if_ro= */ false); instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); } hfuzz_trace_cmp2_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); @@ -262,6 +264,8 @@ void __sanitizer_cov_trace_const_cmp2(uint16_t Arg1, uint16_t Arg2) { void __sanitizer_cov_trace_const_cmp4(uint32_t Arg1, uint32_t Arg2) { if (Arg1) { + uint32_t bswp = __builtin_bswap32(Arg1); + instrumentAddConstMem(&bswp, sizeof(bswp), /* check_if_ro= */ false); instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); } hfuzz_trace_cmp4_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); @@ -269,6 +273,8 @@ void __sanitizer_cov_trace_const_cmp4(uint32_t Arg1, uint32_t Arg2) { void __sanitizer_cov_trace_const_cmp8(uint64_t Arg1, uint64_t Arg2) { if (Arg1) { + uint64_t bswp = __builtin_bswap64(Arg1); + instrumentAddConstMem(&bswp, sizeof(bswp), /* check_if_ro= */ false); instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); } hfuzz_trace_cmp8_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); @@ -587,7 +593,7 @@ void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { if (len == 0) { return; } - if (!instrumentLimitEvery(128)) { + if (!instrumentLimitEvery(127)) { return; } if (check_if_ro && util_getProgAddr(mem) != LHFC_ADDR_RO) { @@ -600,7 +606,7 @@ void instrumentAddConstStr(const char* s) { if (!cmpFeedback) { return; } - if (!instrumentLimitEvery(128)) { + if (!instrumentLimitEvery(127)) { return; } if (util_getProgAddr(s) != LHFC_ADDR_RO) { @@ -616,7 +622,7 @@ void instrumentAddConstStrN(const char* s, size_t n) { if (n == 0) { return; } - if (!instrumentLimitEvery(128)) { + if (!instrumentLimitEvery(127)) { return; } if (util_getProgAddr(s) != LHFC_ADDR_RO) { -- cgit v1.2.3 From 000e7837e6b72f05484f458893f165149022405c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 15 Mar 2020 12:12:40 +0100 Subject: libhfcommon/util: new func util_runForROSegments() --- libhfcommon/util.c | 25 +++++++++++++++++++++++++ libhfcommon/util.h | 1 + 2 files changed, 26 insertions(+) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index 244bf677..fa514520 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -806,6 +806,9 @@ const char* util_sigName(int signo) { #if !defined(_HF_ARCH_DARWIN) static int addrStatic_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { for (size_t i = 0; i < info->dlpi_phnum; i++) { + if (info->dlpi_phdr[i].p_type != PT_LOAD) { + continue; + } uintptr_t addr_start = info->dlpi_addr + info->dlpi_phdr[i].p_vaddr; uintptr_t addr_end = info->dlpi_addr + info->dlpi_phdr[i].p_vaddr + info->dlpi_phdr[i].p_memsz; @@ -820,11 +823,33 @@ static int addrStatic_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, return LHFC_ADDR_NOTFOUND; } +static int addrStaticRO_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { + void (*callback)(const char* name, uint8_t* start, size_t sz) = data; + for (size_t i = 0; i < info->dlpi_phnum; i++) { + if (info->dlpi_phdr[i].p_type != PT_LOAD) { + continue; + } + if (info->dlpi_phdr[i].p_flags != PF_R) { + continue; + } + callback(info->dlpi_name, (uint8_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr), + info->dlpi_phdr[i].p_memsz); + } + return 0; +} + lhfc_addr_t util_getProgAddr(const void* addr) { return (lhfc_addr_t)dl_iterate_phdr(addrStatic_cb, (void*)addr); } +void util_runForROSegments(void (*cb)(const char* name, uint8_t* start, size_t sz)) { + dl_iterate_phdr(addrStaticRO_cb, cb); + return; +} #else /* !defined(_HF_ARCH_DARWIN) */ lhfc_addr_t util_getProgAddr(const void* addr) { return LHFC_ADDR_NOTFOUND; } +void util_runForROSegments(void (*cb)(const char* name, uint8_t* start, size_t sz)) { + return; +} #endif /* !defined(_HF_ARCH_DARWIN) */ diff --git a/libhfcommon/util.h b/libhfcommon/util.h index a2bff96b..3d949628 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -125,6 +125,7 @@ extern void util_turnToPrintable(uint8_t* buf, size_t sz); extern void util_closeStdio(bool close_stdin, bool close_stdout, bool close_stderr); extern lhfc_addr_t util_getProgAddr(const void* addr); +extern void util_runForROSegments(void (*cb)(const char* name, uint8_t* start, size_t sz)); extern uint64_t util_hash(const char* buf, size_t len); extern int64_t fastArray64Search(uint64_t* array, size_t arraySz, uint64_t key); -- cgit v1.2.3 From 4ca2df51bd561c3e9ebc6aef117d8f7b9a182385 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 15 Mar 2020 21:00:18 +0100 Subject: libhfuzz/instrument: custom counter mapping map --- libhfuzz/instrument.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 7ebc0005..75ab6363 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -475,17 +475,28 @@ static struct { void instrument8BitCountersCount(void) { for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters) && hf8bitcounters[i].start; i++) { for (size_t j = 0; j < hf8bitcounters[i].cnt; j++) { - uint8_t v = hf8bitcounters[i].start[j]; + const uint8_t v = hf8bitcounters[i].start[j]; if (!v) { continue; } hf8bitcounters[i].start[j] = 0; - uint8_t new = 1U << util_Log2((unsigned int)v); - size_t guard = hf8bitcounters[i].guard + j; + /* Bucket number of visits to an edge, and assign a value 1<pcGuardMap[guard]) < new) { - uint8_t prev = ATOMIC_POST_OR(covFeedback->pcGuardMap[guard], new); + const uint8_t prev = ATOMIC_POST_OR(covFeedback->pcGuardMap[guard], new); if (!prev) { ATOMIC_PRE_INC(covFeedback->pidFeedbackEdge[my_thread_no]); } else if (new > prev) { -- cgit v1.2.3 From 5f411187b9c4590e4e1fbc02d07cdddba69f6fda Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 16 Mar 2020 16:14:06 +0100 Subject: libhfuzz/instrument: add tls_model attribute to __sancov_lowest_stack --- libhfuzz/instrument.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 75ab6363..7351fcd4 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -539,6 +539,7 @@ void __sanitizer_cov_pcs_init( } /* For some reason -fsanitize=fuzzer-no-link references this symbol */ +__attribute__((tls_model("initial-exec"))) __attribute__((weak)) __thread uintptr_t __sancov_lowest_stack = 0; bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { -- cgit v1.2.3 From aa508938c1eb870d316e60b9214bf8ead0139465 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 16 Mar 2020 22:49:47 +0100 Subject: libhfuzz/instrument: use all possible bits of the scaleMap --- libhfuzz/instrument.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 7351fcd4..27f39997 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -484,13 +484,14 @@ void instrument8BitCountersCount(void) { /* Bucket number of visits to an edge, and assign a value 1< Date: Tue, 17 Mar 2020 00:25:36 +0100 Subject: hfuzz-cc: don't link -ldl under NetBSD --- hfuzz_cc/hfuzz-cc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index d5fb8331..6dbfb3c0 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -460,7 +460,9 @@ static int ldMode(int argc, char** argv) { /* Needed by libhfcommon */ args[j++] = "-pthread"; +#if !defined(__NetBSD__) args[j++] = "-ldl"; +#endif /* !defined(__NetBSD__) */ #if !defined(_HF_ARCH_DARWIN) && !defined(__OpenBSD__) args[j++] = "-lrt"; #endif /* !defined(_HF_ARCH_DARWIN) && !defined(__OpenBSD__) */ -- cgit v1.2.3 From 0414a9934a507d3334f3101a14630ec15acda566 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 17 Mar 2020 01:09:54 +0100 Subject: Lower the technical maximum input file size to 1MB (from 128MB) --- honggfuzz.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/honggfuzz.h b/honggfuzz.h index 08d9bcd5..525cdf1f 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -70,8 +70,8 @@ /* Maximum number of PC guards (=trace-pc-guard) we support */ #define _HF_PC_GUARD_MAX (1024ULL * 1024ULL * 64ULL) -/* Maximum size of the input file in bytes (128 MiB) */ -#define _HF_INPUT_MAX_SIZE (1024ULL * 1024ULL * 128ULL) +/* Maximum size of the input file in bytes (1 MiB) */ +#define _HF_INPUT_MAX_SIZE (1024ULL * 1024ULL) /* Default maximum size of produced inputs */ #define _HF_INPUT_DEFAULT_SIZE (1024ULL * 8) -- cgit v1.2.3 From f6a667a511fbe200787dc92b58638592b1c52106 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 17 Mar 2020 02:21:39 +0100 Subject: hfuzz-cc: implement commonPostOpts --- hfuzz_cc/hfuzz-cc.c | 62 +++++++++++++++++++++++++++++------------------------ 1 file changed, 34 insertions(+), 28 deletions(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 6dbfb3c0..c73ced85 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -303,26 +303,11 @@ static char* getLibHFCommonPath() { return path; } -static void commonOpts(int* j, char** args) { +static void commonPreOpts(int* j, char** args) { args[(*j)++] = getIncPaths(); - if (isGCC) { - if (useBelowGCC8()) { - /* trace-pc is the best that gcc-6/7 currently offers */ - args[(*j)++] = "-fsanitize-coverage=trace-pc"; - } else { - /* gcc-8+ offers trace-cmp as well, but it's not that widely used yet */ - args[(*j)++] = "-fsanitize-coverage=trace-pc,trace-cmp"; - } - } else { + + if (!isGCC) { args[(*j)++] = "-Wno-unused-command-line-argument"; - if (useClangFuzzerNoLink()) { - args[(*j)++] = "-fsanitize=fuzzer-no-link"; - args[(*j)++] = "-fsanitize-coverage=trace-cmp,trace-div,indirect-calls"; - } else { - args[(*j)++] = "-fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div,indirect-calls"; - } - args[(*j)++] = "-mllvm"; - args[(*j)++] = "-sanitizer-coverage-prune-blocks=1"; } /* @@ -351,6 +336,33 @@ static void commonOpts(int* j, char** args) { } } +static void commonPostOpts(int* j, char** args, int argc, char** argv) { + if (isGCC) { + if (useBelowGCC8()) { + /* trace-pc is the best that gcc-6/7 currently offers */ + args[(*j)++] = "-fsanitize-coverage=trace-pc"; + } else { + /* gcc-8+ offers trace-cmp as well, but it's not that widely used yet */ + args[(*j)++] = "-fsanitize-coverage=trace-pc,trace-cmp"; + } + } else { + if (useClangFuzzerNoLink()) { + args[(*j)++] = "-fno-sanitize-coverage=trace-pc-guard"; + args[(*j)++] = "-fno-sanitize=fuzzer"; + args[(*j)++] = "-fsanitize=fuzzer-no-link"; + args[(*j)++] = "-fsanitize-coverage=trace-cmp,trace-div,indirect-calls"; + } else { + if (isFSanitizeFuzzer(argc, argv)) { + args[(*j)++] = "-fno-sanitize=fuzzer"; + args[(*j)++] = "-fno-sanitize=fuzzer-no-link"; + } + args[(*j)++] = "-fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div,indirect-calls"; + } + args[(*j)++] = "-mllvm"; + args[(*j)++] = "-sanitizer-coverage-prune-blocks=1"; + } +} + static int ccMode(int argc, char** argv) { char* args[ARGS_MAX]; @@ -361,16 +373,13 @@ static int ccMode(int argc, char** argv) { args[j++] = "cc"; } - commonOpts(&j, args); + commonPreOpts(&j, args); for (int i = 1; i < argc; i++) { args[j++] = argv[i]; } - /* Disable -fsanitize=fuzzer */ - if (isFSanitizeFuzzer(argc, argv)) { - args[j++] = "-fno-sanitize=fuzzer"; - } + commonPostOpts(&j, args, argc, argv); return execCC(j, args); } @@ -385,7 +394,7 @@ static int ldMode(int argc, char** argv) { args[j++] = "cc"; } - commonOpts(&j, args); + commonPreOpts(&j, args); /* MacOS X linker doesn't like those */ #ifndef _HF_ARCH_DARWIN @@ -470,10 +479,7 @@ static int ldMode(int argc, char** argv) { args[j++] = "-latomic"; #endif - /* Disable -fsanitize=fuzzer */ - if (isFSanitizeFuzzer(argc, argv)) { - args[j++] = "-fno-sanitize=fuzzer"; - } + commonPostOpts(&j, args, argc, argv); return execCC(j, args); } -- cgit v1.2.3 From f316276ee58c2339ce8505d58eaf63baa967ed1c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 17 Mar 2020 13:56:41 +0100 Subject: mangle: mangle_Resize() --- mangle.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/mangle.c b/mangle.c index 265beeec..8f8a876b 100644 --- a/mangle.c +++ b/mangle.c @@ -599,26 +599,26 @@ static void mangle_Resize(run_t* run, bool printable) { ssize_t oldsz = run->dynamicFileSz; ssize_t newsz = 0; - uint64_t choice = util_rndGet(0, 27); + uint64_t choice = util_rndGet(0, 32); switch (choice) { - case 0 ... 16: /* Do nothing */ - newsz = oldsz; - break; - case 17: /* Set new size arbitrarily */ + case 0: /* Set new size arbitrarily */ newsz = (ssize_t)util_rndGet(1, run->global->mutate.maxInputSz); break; - case 18 ... 21: /* Increase size by a small value */ + case 1 ... 4: /* Increase size by a small value */ newsz = oldsz + (ssize_t)util_rndGet(0, 8); break; - case 22: /* Increase size by a larger value */ + case 5: /* Increase size by a larger value */ newsz = oldsz + (ssize_t)util_rndGet(9, 128); break; - case 23 ... 26: /* Decrease size by a small value */ + case 6 ... 9: /* Decrease size by a small value */ newsz = oldsz - (ssize_t)util_rndGet(0, 8); break; - case 27: /* Decrease size by a larger value */ + case 10: /* Decrease size by a larger value */ newsz = oldsz - (ssize_t)util_rndGet(9, 128); break; + case 11 ... 32: /* Do nothing */ + newsz = oldsz; + break; default: LOG_F("Illegal value from util_rndGet: %" PRIu64, choice); break; -- cgit v1.2.3 From 1c5b64fa8023c5a508e71206e872317bf7e7335f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 17 Mar 2020 15:35:26 +0100 Subject: hfuzz-cc: update list of clang/clang++ --- hfuzz_cc/hfuzz-cc.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index c73ced85..d236dc37 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -167,36 +167,40 @@ static int execCC(int argc, char** argv) { if (isCXX) { /* Try the default one, then the newest ones (hopefully) in order */ hf_execvp("clang++", argv); - hf_execvp("clang++-devel", argv); + hf_execvp("clang++-11.0", argv); + hf_execvp("clang++-11", argv); + hf_execvp("clang++11", argv); hf_execvp("clang++-10.0", argv); hf_execvp("clang++-10", argv); + hf_execvp("clang++10", argv); hf_execvp("clang++-9.0", argv); hf_execvp("clang++-9", argv); + hf_execvp("clang++9", argv); hf_execvp("clang++-8.0", argv); hf_execvp("clang++-8", argv); + hf_execvp("clang++8", argv); hf_execvp("clang++-7.0", argv); hf_execvp("clang++-7", argv); - hf_execvp("clang++-6.0", argv); - hf_execvp("clang++-6", argv); - hf_execvp("clang++-5.0", argv); - hf_execvp("clang++-5", argv); + hf_execvp("clang++7", argv); hf_execvp("clang", argv); } else { /* Try the default one, then the newest ones (hopefully) in order */ hf_execvp("clang", argv); - hf_execvp("clang-devel", argv); + hf_execvp("clang-11.0", argv); + hf_execvp("clang-11", argv); + hf_execvp("clang11", argv); hf_execvp("clang-10.0", argv); hf_execvp("clang-10", argv); + hf_execvp("clang10", argv); hf_execvp("clang-9.0", argv); hf_execvp("clang-9", argv); + hf_execvp("clang9", argv); hf_execvp("clang-8.0", argv); hf_execvp("clang-8", argv); + hf_execvp("clang8", argv); hf_execvp("clang-7.0", argv); hf_execvp("clang-7", argv); - hf_execvp("clang-6.0", argv); - hf_execvp("clang-6", argv); - hf_execvp("clang-5.0", argv); - hf_execvp("clang-5", argv); + hf_execvp("clang7", argv); } } -- cgit v1.2.3 From 99134b24554e11859e97bc05365339e45dd28d85 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 17 Mar 2020 17:02:40 +0100 Subject: libhfuzz: add a flag to disable addr checks in HF_cmphash --- libhfuzz/memorycmp.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index a7f5b096..991d99e4 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -13,11 +13,17 @@ __attribute__((visibility("hidden"))) __attribute__((used)) const char* const LIBHFUZZ_module_memorycmp = "LIBHFUZZ_module_memorycmp"; +/* + * util_getProgAddr() check is quite costly, and it lowers the fuzzing speed typically by a factor + * of 2, but keep it true for now + */ +#define HF_TEST_ADDR_CMPHASH true + static inline uintptr_t HF_cmphash(uintptr_t addr, const void* s1, const void* s2) { - if (util_getProgAddr(s1) == LHFC_ADDR_RO) { + if (HF_TEST_ADDR_CMPHASH && util_getProgAddr(s1) == LHFC_ADDR_RO) { addr ^= ((uintptr_t)s1 << 2); } - if (util_getProgAddr(s2) == LHFC_ADDR_RO) { + if (HF_TEST_ADDR_CMPHASH && util_getProgAddr(s2) == LHFC_ADDR_RO) { addr ^= ((uintptr_t)s2 << 4); } return addr; -- cgit v1.2.3 From 209104db975208e3766212aa3904a534a49995b6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 17 Mar 2020 20:47:20 +0100 Subject: libhfuzz: more debug messages --- libhfuzz/instrument.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 27f39997..8483bb67 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -96,6 +96,7 @@ static void initializeInstrument(void) { } logInitLogFile(NULL, _HF_LOG_FD, ll); } + LOG_D("Initializing pid=%d", (int)getpid()); char* my_thread_no_str = getenv(_HF_THREAD_NO_ENV); if (my_thread_no_str == NULL) { -- cgit v1.2.3 From 5c6d8fc879e17b662a1c27a18df2781b426bcc4b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 17 Mar 2020 21:52:29 +0100 Subject: display: display number of tested files during the dry run --- cmdline.c | 2 +- display.c | 7 +++++-- honggfuzz.h | 2 +- input.c | 1 + 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/cmdline.c b/cmdline.c index e96222f4..320d9f2b 100644 --- a/cmdline.c +++ b/cmdline.c @@ -282,7 +282,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .outputDir = NULL, .inputDirPtr = NULL, .fileCnt = 0, - .fileCntDone = false, + .testedFileCnt = 0, .maxFileSz = 0, .newUnitsAdded = 0, .fileExtn = "fuzz", diff --git a/display.c b/display.c index 7e08603e..4f41e798 100644 --- a/display.c +++ b/display.c @@ -222,9 +222,12 @@ void display_display(honggfuzz_t* hfuzz) { case _HF_STATE_DYNAMIC_DRY_RUN: { if (ATOMIC_GET(hfuzz->cfg.switchingToFDM)) { display_put("\n Mode [2/3] : " ESC_BOLD - "Switching to the Feedback Driven Mode" ESC_RESET "\n"); + "Switching to the Feedback Driven Mode" ESC_RESET " [%zu/%zu]\n", + hfuzz->io.testedFileCnt, hfuzz->io.fileCnt); } else { - display_put("\n Mode [1/3] : " ESC_BOLD "Feedback Driven Dry Run" ESC_RESET "\n"); + display_put("\n Mode [1/3] : " ESC_BOLD "Feedback Driven Dry Run" ESC_RESET + " [%zu/%zu]\n", + hfuzz->io.testedFileCnt, hfuzz->io.fileCnt); } } break; case _HF_STATE_DYNAMIC_MAIN: diff --git a/honggfuzz.h b/honggfuzz.h index 525cdf1f..9a0457a4 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -211,8 +211,8 @@ typedef struct { const char* outputDir; DIR* inputDirPtr; size_t fileCnt; + size_t testedFileCnt; const char* fileExtn; - bool fileCntDone; size_t maxFileSz; size_t newUnitsAdded; char workDir[PATH_MAX]; diff --git a/input.c b/input.c index 8366dffc..79da35c0 100644 --- a/input.c +++ b/input.c @@ -475,6 +475,7 @@ bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { if (!input_getNext(run, run->origFileName, /* rewind= */ rewind)) { return false; } + run->global->io.testedFileCnt++; } char path[PATH_MAX]; -- cgit v1.2.3 From d82a16cde1a13e5da3caeeccf6fa5106a2ddfbc6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 18 Mar 2020 09:30:52 +0100 Subject: libhfuzz: improve debug messaging: --- libhfuzz/instrument.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 8483bb67..8a8a58d9 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -132,7 +132,8 @@ __attribute__((weak)) size_t instrumentReserveGuard(size_t cnt) { size_t base = guardCnt; guardCnt += cnt; if (guardCnt >= _HF_PC_GUARD_MAX) { - LOG_F("This process requested too many PC-guards:%zu requested:%zu", guardCnt, cnt); + LOG_F( + "This process requested too many PC-guards, total:%zu, requested:%zu)", guardCnt, cnt); } if (ATOMIC_GET(covFeedback->guardNb) < guardCnt) { ATOMIC_SET(covFeedback->guardNb, guardCnt); @@ -420,7 +421,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start } LOG_D("PC-Guard module initialization: %p-%p (count:%zu) at %" PRId64, start, stop, - ((uintptr_t)stop - (uintptr_t)start) / sizeof(*start), ATOMIC_GET(covFeedback->guardNb)); + ((uintptr_t)stop - (uintptr_t)start) / sizeof(*start), instrumentReserveGuard(0)); for (uint32_t* x = start; x < stop; x++) { uint32_t guardNo = instrumentReserveGuard(1); @@ -482,7 +483,7 @@ void instrument8BitCountersCount(void) { } hf8bitcounters[i].start[j] = 0; - /* Bucket number of visits to an edge, and assign a value 1< Date: Wed, 18 Mar 2020 10:04:02 +0100 Subject: input: when adding new dynamic input, add it to the head of the list, and reset it --- fuzz.c | 7 +++++-- honggfuzz.h | 2 ++ input.c | 52 ++++++++++++++++++++++++++++++++++++++++++---------- input.h | 1 + 4 files changed, 50 insertions(+), 12 deletions(-) diff --git a/fuzz.c b/fuzz.c index fc35ccc8..b5dc5c29 100644 --- a/fuzz.c +++ b/fuzz.c @@ -145,6 +145,8 @@ static void fuzz_setDynamicMainState(run_t* run) { run->global->mutate.maxInputSz = newsz; } + input_renumerateInputs(run->global); + LOG_I("Entering phase 3/3: Dynamic Main (Feedback Driven Mode)"); ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MAIN); } @@ -161,7 +163,7 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { uint64_t cov[4] = { [0] = softCntEdge + softCntPc, - [1] = run->dynamicFileSz ? (64 - (uint64_t)log2(run->dynamicFileSz)) + [1] = run->dynamicFileSz ? (64 - util_Log2(run->dynamicFileSz)) : 64, /* The smaller input size, the better */ [2] = cpuInstr + cpuBranch, [3] = softCntCmp, @@ -246,8 +248,9 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); + uint64_t cov = run->dynamicFileSz ? (64 - util_Log2(run->dynamicFileSz)) : 64; input_addDynamicInput(run->global, run->dynamicFile, run->dynamicFileSz, - (uint64_t[4]){0, 0, 0, 0}, "[DYNAMIC]"); + (uint64_t[4]){0, cov, 0, 0}, "[DYNAMIC]"); } if (run->global->socketFuzzer.enabled) { diff --git a/honggfuzz.h b/honggfuzz.h index 9a0457a4..ad47a6cd 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -168,6 +168,8 @@ typedef enum { struct dynfile_t { size_t size; uint64_t cov[4]; + size_t idx; + size_t tested; char path[PATH_MAX]; TAILQ_ENTRY(dynfile_t) pointers; uint8_t data[]; diff --git a/input.c b/input.c index 79da35c0..a90682eb 100644 --- a/input.c +++ b/input.c @@ -373,21 +373,29 @@ void input_addDynamicInput( dynfile->cov[i] = cov[i]; } dynfile->size = len; + dynfile->idx = hfuzz->io.dynfileqCnt; + dynfile->tested = 0; memcpy(dynfile->data, data, len); snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); MX_SCOPED_RWLOCK_WRITE(&hfuzz->io.dynfileq_mutex); - /* Sort it by coverage - put better coverage in front of the list */ - struct dynfile_t* iter = NULL; - TAILQ_FOREACH_HF(iter, &hfuzz->io.dynfileq, pointers) { - if (input_cmpCov(dynfile, iter)) { - TAILQ_INSERT_BEFORE(iter, dynfile, pointers); - break; + if (fuzz_getState(hfuzz) == _HF_STATE_DYNAMIC_MAIN) { + /* Add it in front with high idx, so it's tested next */ + TAILQ_INSERT_HEAD(&hfuzz->io.dynfileq, dynfile, pointers); + hfuzz->io.dynfileqCurrent = TAILQ_FIRST(&hfuzz->io.dynfileq); + } else { + /* Sort it by coverage - put better coverage earlier in the list */ + struct dynfile_t* iter = NULL; + TAILQ_FOREACH_HF(iter, &hfuzz->io.dynfileq, pointers) { + if (input_cmpCov(dynfile, iter)) { + TAILQ_INSERT_BEFORE(iter, dynfile, pointers); + break; + } + } + if (iter == NULL) { + TAILQ_INSERT_TAIL(&hfuzz->io.dynfileq, dynfile, pointers); } - } - if (iter == NULL) { - TAILQ_INSERT_TAIL(&hfuzz->io.dynfileq, dynfile, pointers); } hfuzz->io.dynfileqCnt++; hfuzz->io.dynfileqMaxSz = HF_MAX(hfuzz->io.dynfileqMaxSz, len); @@ -431,8 +439,23 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { if (run->global->io.dynfileqCurrent == NULL) { run->global->io.dynfileqCurrent = TAILQ_FIRST(&run->global->io.dynfileq); } + current = run->global->io.dynfileqCurrent; - run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); + + /* Number of tests per input depends on the 'idx' of the input */ + size_t testCnt = !current->idx ? 1 : (util_Log2(current->idx) + 1); + current->tested++; + + /* + * Testing routine: + * LOG_E("IDX: %zu (%zu/%zu)", current->idx, current->tested, testCnt); + */ + + /* If the current sample has been tested enough, move the pointer to the next sample */ + if (current->tested >= testCnt) { + current->tested = 0; + run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); + } } input_setSize(run, current->size); @@ -445,6 +468,15 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { return true; } +/* Assign idx to each input based on it's coverage: better coverage -> higher idx */ +void input_renumerateInputs(honggfuzz_t* hfuzz) { + size_t idx = hfuzz->io.dynfileqCnt; + struct dynfile_t* iter = NULL; + TAILQ_FOREACH_HF(iter, &hfuzz->io.dynfileq, pointers) { + iter->idx = idx--; + } +} + static bool input_shouldReadNewFile(run_t* run) { if (fuzz_getState(run->global) != _HF_STATE_DYNAMIC_DRY_RUN || run->global->cfg.minimize) { input_setSize(run, run->global->mutate.maxInputSz); diff --git a/input.h b/input.h index a8e330c5..2880c12d 100644 --- a/input.h +++ b/input.h @@ -37,6 +37,7 @@ extern bool input_parseBlacklist(honggfuzz_t* hfuzz); extern bool input_writeCovFile(const char* dir, const uint8_t* data, size_t len); extern void input_addDynamicInput( honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov[4], const char* path); +extern void input_renumerateInputs(honggfuzz_t* hfuzz); extern bool input_prepareDynamicInput(run_t* run, bool needs_mangle); extern bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle); extern void input_removeStaticFile(const char* dir, const char* name); -- cgit v1.2.3 From 413b78cc3519583e44e06321ff4b6f97512b4948 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 18 Mar 2020 17:37:40 +0100 Subject: input: use scalemap to decide how many tests per input to conduct --- input.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/input.c b/input.c index a90682eb..ddb26989 100644 --- a/input.c +++ b/input.c @@ -361,6 +361,23 @@ static bool input_cmpCov(struct dynfile_t* item1, struct dynfile_t* item2) { return false; } +/* Number of tests taken, based on belonging to a percentile bucket */ +static size_t input_numTests(size_t idx, size_t total) { + if (idx > total) { + LOG_F("idx (%zu) > total (%zu)", idx, total); + } + size_t percentile = (idx * 100) / total; + static size_t const scaleMap[101] = { + [0 ... 90] = 1, + [91 ... 92] = 2, + [93 ... 94] = 3, + [95 ... 96] = 4, + [97 ... 98] = 5, + [99 ... 100] = 10, + }; + return scaleMap[percentile]; +} + #define TAILQ_FOREACH_HF(var, head, field) \ for ((var) = TAILQ_FIRST((head)); (var); (var) = TAILQ_NEXT((var), field)) @@ -443,7 +460,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { current = run->global->io.dynfileqCurrent; /* Number of tests per input depends on the 'idx' of the input */ - size_t testCnt = !current->idx ? 1 : (util_Log2(current->idx) + 1); + size_t testCnt = input_numTests(current->idx, run->global->io.dynfileqCnt); current->tested++; /* -- cgit v1.2.3 From 4740e6c0c4e0a2f6cec1372ffcaad4402ea374d8 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 18 Mar 2020 17:41:05 +0100 Subject: fuzz: add coverage info to dynamic inputs --- fuzz.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fuzz.c b/fuzz.c index b5dc5c29..4d1134fa 100644 --- a/fuzz.c +++ b/fuzz.c @@ -248,9 +248,12 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); - uint64_t cov = run->dynamicFileSz ? (64 - util_Log2(run->dynamicFileSz)) : 64; + uint64_t cov0 = softCntPc + softCntEdge; + uint64_t cov1 = run->dynamicFileSz ? (64 - util_Log2(run->dynamicFileSz)) : 64; + uint64_t cov2 = run->linux.hwCnts.newBBCnt; + uint64_t cov3 = softCntCmp; input_addDynamicInput(run->global, run->dynamicFile, run->dynamicFileSz, - (uint64_t[4]){0, cov, 0, 0}, "[DYNAMIC]"); + (uint64_t[4]){cov0, cov1, cov2, cov3}, "[DYNAMIC]"); } if (run->global->socketFuzzer.enabled) { -- cgit v1.2.3 From c207dab201cc6f75e23d1ed599b4450d9a1491e1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 18 Mar 2020 19:27:37 +0100 Subject: input: remove input_renumerateInputs() as it doesn't bring much benefit --- fuzz.c | 8 +------- input.c | 9 --------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/fuzz.c b/fuzz.c index 4d1134fa..7c919069 100644 --- a/fuzz.c +++ b/fuzz.c @@ -145,8 +145,6 @@ static void fuzz_setDynamicMainState(run_t* run) { run->global->mutate.maxInputSz = newsz; } - input_renumerateInputs(run->global); - LOG_I("Entering phase 3/3: Dynamic Main (Feedback Driven Mode)"); ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MAIN); } @@ -248,12 +246,8 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); - uint64_t cov0 = softCntPc + softCntEdge; - uint64_t cov1 = run->dynamicFileSz ? (64 - util_Log2(run->dynamicFileSz)) : 64; - uint64_t cov2 = run->linux.hwCnts.newBBCnt; - uint64_t cov3 = softCntCmp; input_addDynamicInput(run->global, run->dynamicFile, run->dynamicFileSz, - (uint64_t[4]){cov0, cov1, cov2, cov3}, "[DYNAMIC]"); + (uint64_t[4]){0, 0, 0, 0}, "[DYNAMIC]"); } if (run->global->socketFuzzer.enabled) { diff --git a/input.c b/input.c index ddb26989..566f1146 100644 --- a/input.c +++ b/input.c @@ -485,15 +485,6 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { return true; } -/* Assign idx to each input based on it's coverage: better coverage -> higher idx */ -void input_renumerateInputs(honggfuzz_t* hfuzz) { - size_t idx = hfuzz->io.dynfileqCnt; - struct dynfile_t* iter = NULL; - TAILQ_FOREACH_HF(iter, &hfuzz->io.dynfileq, pointers) { - iter->idx = idx--; - } -} - static bool input_shouldReadNewFile(run_t* run) { if (fuzz_getState(run->global) != _HF_STATE_DYNAMIC_DRY_RUN || run->global->cfg.minimize) { input_setSize(run, run->global->mutate.maxInputSz); -- cgit v1.2.3 From 2fd44876f5ca5f1b72d2912418adb209d9715da5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 18 Mar 2020 19:33:13 +0100 Subject: input: update scaleMap --- input.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/input.c b/input.c index 566f1146..84141e11 100644 --- a/input.c +++ b/input.c @@ -366,16 +366,19 @@ static size_t input_numTests(size_t idx, size_t total) { if (idx > total) { LOG_F("idx (%zu) > total (%zu)", idx, total); } - size_t percentile = (idx * 100) / total; - static size_t const scaleMap[101] = { - [0 ... 90] = 1, - [91 ... 92] = 2, - [93 ... 94] = 3, - [95 ... 96] = 4, - [97 ... 98] = 5, - [99 ... 100] = 10, + if (idx == 0 || (total - idx) > 5) { + return 1; + } + + static size_t const scaleMap[] = { + [0] = 128, + [1] = 32, + [2] = 8, + [3] = 4, + [4] = 2, + [5] = 1, }; - return scaleMap[percentile]; + return scaleMap[total - idx]; } #define TAILQ_FOREACH_HF(var, head, field) \ @@ -390,18 +393,22 @@ void input_addDynamicInput( dynfile->cov[i] = cov[i]; } dynfile->size = len; - dynfile->idx = hfuzz->io.dynfileqCnt; dynfile->tested = 0; + dynfile->idx = 0; memcpy(dynfile->data, data, len); snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); MX_SCOPED_RWLOCK_WRITE(&hfuzz->io.dynfileq_mutex); + hfuzz->io.dynfileqCnt++; + hfuzz->io.dynfileqMaxSz = HF_MAX(hfuzz->io.dynfileqMaxSz, len); + if (fuzz_getState(hfuzz) == _HF_STATE_DYNAMIC_MAIN) { - /* Add it in front with high idx, so it's tested next */ + dynfile->idx = hfuzz->io.dynfileqCnt; + /* Add it with high idx */ TAILQ_INSERT_HEAD(&hfuzz->io.dynfileq, dynfile, pointers); - hfuzz->io.dynfileqCurrent = TAILQ_FIRST(&hfuzz->io.dynfileq); } else { + dynfile->idx = 0; /* Sort it by coverage - put better coverage earlier in the list */ struct dynfile_t* iter = NULL; TAILQ_FOREACH_HF(iter, &hfuzz->io.dynfileq, pointers) { @@ -414,8 +421,6 @@ void input_addDynamicInput( TAILQ_INSERT_TAIL(&hfuzz->io.dynfileq, dynfile, pointers); } } - hfuzz->io.dynfileqCnt++; - hfuzz->io.dynfileqMaxSz = HF_MAX(hfuzz->io.dynfileqMaxSz, len); if (hfuzz->socketFuzzer.enabled) { /* Don't add coverage data to files in socketFuzzer mode */ -- cgit v1.2.3 From 50d650dbfdfb8fda392f199be80cf30e62f93a55 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 19 Mar 2020 14:03:09 +0100 Subject: input: don't bump testing ratio for inputs older than 10 seconds --- fuzz.c | 6 +++--- honggfuzz.h | 1 + input.c | 20 +++++++++++++------- subproc.c | 2 -- 4 files changed, 17 insertions(+), 12 deletions(-) diff --git a/fuzz.c b/fuzz.c index 7c919069..0d30b261 100644 --- a/fuzz.c +++ b/fuzz.c @@ -284,7 +284,7 @@ static bool fuzz_runVerifier(run_t* run) { for (int i = 0; i < _HF_VERIFIER_ITER; i++) { LOG_I("Launching verifier for HASH: %" PRIx64 " (iteration: %d out of %d)", run->backtrace, i + 1, _HF_VERIFIER_ITER); - run->timeStartedMillis = 0; + run->timeStartedMillis = util_timeNowMillis(); run->backtrace = 0; run->access = 0; run->exception = 0; @@ -398,7 +398,7 @@ static bool fuzz_fetchInput(run_t* run) { } static void fuzz_fuzzLoop(run_t* run) { - run->timeStartedMillis = 0; + run->timeStartedMillis = util_timeNowMillis(); run->crashFileName[0] = '\0'; run->pc = 0; run->backtrace = 0; @@ -436,7 +436,7 @@ static void fuzz_fuzzLoop(run_t* run) { } static void fuzz_fuzzLoopSocket(run_t* run) { - run->timeStartedMillis = 0; + run->timeStartedMillis = util_timeNowMillis(); run->crashFileName[0] = '\0'; run->pc = 0; run->backtrace = 0; diff --git a/honggfuzz.h b/honggfuzz.h index ad47a6cd..7be07475 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -170,6 +170,7 @@ struct dynfile_t { uint64_t cov[4]; size_t idx; size_t tested; + int64_t timeAddedMillis; char path[PATH_MAX]; TAILQ_ENTRY(dynfile_t) pointers; uint8_t data[]; diff --git a/input.c b/input.c index 84141e11..b7d64e96 100644 --- a/input.c +++ b/input.c @@ -361,12 +361,17 @@ static bool input_cmpCov(struct dynfile_t* item1, struct dynfile_t* item2) { return false; } -/* Number of tests taken, based on belonging to a percentile bucket */ -static size_t input_numTests(size_t idx, size_t total) { - if (idx > total) { - LOG_F("idx (%zu) > total (%zu)", idx, total); +/* Number of tests taken, based on how fresh the input is */ +static size_t input_numTests(run_t* run, struct dynfile_t* dynfile) { + size_t total = run->global->io.dynfileqCnt; + if (dynfile->idx > total) { + LOG_F("idx (%zu) > total (%zu)", dynfile->idx, total); } - if (idx == 0 || (total - idx) > 5) { + if (dynfile->idx == 0 || (total - dynfile->idx) > 5) { + return 1; + } + /* If the sample is older than 10 seconds, don't bump its testing ratio */ + if ((run->timeStartedMillis - dynfile->timeAddedMillis) > (1000 * 10)) { return 1; } @@ -378,7 +383,7 @@ static size_t input_numTests(size_t idx, size_t total) { [4] = 2, [5] = 1, }; - return scaleMap[total - idx]; + return scaleMap[total - dynfile->idx]; } #define TAILQ_FOREACH_HF(var, head, field) \ @@ -395,6 +400,7 @@ void input_addDynamicInput( dynfile->size = len; dynfile->tested = 0; dynfile->idx = 0; + dynfile->timeAddedMillis = util_timeNowMillis(); memcpy(dynfile->data, data, len); snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); @@ -465,7 +471,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { current = run->global->io.dynfileqCurrent; /* Number of tests per input depends on the 'idx' of the input */ - size_t testCnt = input_numTests(current->idx, run->global->io.dynfileqCnt); + size_t testCnt = input_numTests(run, current); current->tested++; /* diff --git a/subproc.c b/subproc.c index 80294ed7..b83f5fe8 100644 --- a/subproc.c +++ b/subproc.c @@ -421,8 +421,6 @@ static bool subproc_New(run_t* run) { } bool subproc_Run(run_t* run) { - run->timeStartedMillis = util_timeNowMillis(); - if (!subproc_New(run)) { LOG_E("subproc_New()"); return false; -- cgit v1.2.3 From 539ea048d6273864e396ad95b08911c69cd2ac51 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 19 Mar 2020 15:01:34 +0100 Subject: input: move a static function close to its use --- input.c | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/input.c b/input.c index b7d64e96..4e601282 100644 --- a/input.c +++ b/input.c @@ -361,31 +361,6 @@ static bool input_cmpCov(struct dynfile_t* item1, struct dynfile_t* item2) { return false; } -/* Number of tests taken, based on how fresh the input is */ -static size_t input_numTests(run_t* run, struct dynfile_t* dynfile) { - size_t total = run->global->io.dynfileqCnt; - if (dynfile->idx > total) { - LOG_F("idx (%zu) > total (%zu)", dynfile->idx, total); - } - if (dynfile->idx == 0 || (total - dynfile->idx) > 5) { - return 1; - } - /* If the sample is older than 10 seconds, don't bump its testing ratio */ - if ((run->timeStartedMillis - dynfile->timeAddedMillis) > (1000 * 10)) { - return 1; - } - - static size_t const scaleMap[] = { - [0] = 128, - [1] = 32, - [2] = 8, - [3] = 4, - [4] = 2, - [5] = 1, - }; - return scaleMap[total - dynfile->idx]; -} - #define TAILQ_FOREACH_HF(var, head, field) \ for ((var) = TAILQ_FIRST((head)); (var); (var) = TAILQ_NEXT((var), field)) @@ -454,6 +429,31 @@ void input_addDynamicInput( } } +/* Number of tests taken, based on how 'fresh' the input is */ +static size_t input_numTests(run_t* run, struct dynfile_t* dynfile) { + size_t total = run->global->io.dynfileqCnt; + if (dynfile->idx > total) { + LOG_F("idx (%zu) > total (%zu)", dynfile->idx, total); + } + if (dynfile->idx == 0 || (total - dynfile->idx) > 5) { + return 1; + } + /* If the sample is older than 10 seconds, don't bump its testing ratio */ + if ((run->timeStartedMillis - dynfile->timeAddedMillis) > (1000 * 10)) { + return 1; + } + + static size_t const scaleMap[] = { + [0] = 128, + [1] = 32, + [2] = 8, + [3] = 4, + [4] = 2, + [5] = 1, + }; + return scaleMap[total - dynfile->idx]; +} + bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { struct dynfile_t* current = NULL; -- cgit v1.2.3 From 6c0200fb5200e57524c502a5666255d05f695236 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 19 Mar 2020 20:45:46 +0100 Subject: libhfuzz: make libraries more backwards-compatible with the honggfuzz binary --- libhfuzz/instrument.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 8a8a58d9..999ce34f 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -71,9 +71,9 @@ static bool initializeCovFeedback(void) { if (fstat(_HF_COV_BITMAP_FD, &st) == -1) { return false; } - if (st.st_size != sizeof(feedback_t)) { - LOG_W("Size of the feedback structure mismatch: st.size != sizeof(feedback_t) (%zu != " - "%zu). Link your fuzzed binaries with the newest honggfuzz and hfuzz-clang(++)", + if ((size_t)st.st_size < sizeof(feedback_t)) { + LOG_W("Size of the feedback structure mismatch: st.size < sizeof(feedback_t) (%zu < " + "%zu). Build your honggfuzz binary from newer sources", (size_t)st.st_size, sizeof(feedback_t)); return false; } -- cgit v1.2.3 From edaa144d6f34a96943517eaa92ee1480c3b36f89 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 20 Mar 2020 01:50:56 +0100 Subject: mangle: prefer modifications of the earlier parts of files --- mangle.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/mangle.c b/mangle.c index 8f8a876b..7f4bbc66 100644 --- a/mangle.c +++ b/mangle.c @@ -39,15 +39,20 @@ #include "libhfcommon/log.h" #include "libhfcommon/util.h" -/* Spend at least 2/3 of time on modifying the first 8kB of input */ +/* Spend at least 3/4 of time on modifying the first 8kB of input */ static inline size_t mangle_getOffSet(run_t* run) { - switch (util_rnd64() % 3) { + switch (util_rnd64() % 4) { case 0: + if (run->dynamicFileSz <= 128) { + break; + } + return util_rndGet(0, 128); + case 1: if (run->dynamicFileSz <= 1024) { break; } return util_rndGet(0, 1024); - case 1: + case 2: if (run->dynamicFileSz <= 8192) { break; } -- cgit v1.2.3 From b05d605af5f6feca382718d7ab81e058be6d93c7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 21 Mar 2020 02:25:21 +0100 Subject: libhfuzz/instrument: add 1byte values to the dynamic const dict as well --- libhfuzz/instrument.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 999ce34f..052e9c74 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -252,6 +252,7 @@ void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { /* Standard __sanitizer_cov_trace_const_cmp wrappers */ void __sanitizer_cov_trace_const_cmp1(uint8_t Arg1, uint8_t Arg2) { + instrumentAddConstMem(&Arg1, sizeof(Arg1), /* check_if_ro= */ false); hfuzz_trace_cmp1_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } -- cgit v1.2.3 From 5f11f9090fd2a9665906f531f3db68b78658da38 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 21 Mar 2020 02:37:05 +0100 Subject: hfuzz: don't use sanitizer-coverage-prune-blocks anymore. Use default value for that --- hfuzz_cc/hfuzz-cc.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index d236dc37..bc587155 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -362,8 +362,6 @@ static void commonPostOpts(int* j, char** args, int argc, char** argv) { } args[(*j)++] = "-fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div,indirect-calls"; } - args[(*j)++] = "-mllvm"; - args[(*j)++] = "-sanitizer-coverage-prune-blocks=1"; } } -- cgit v1.2.3 From 150cbd741c7346571e5a9c47b7819d2e37500a64 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 21 Mar 2020 12:40:39 +0100 Subject: mangle: add first version of cross-file splicing --- input.c | 27 +++++++++++++++++++++++++++ input.h | 1 + mangle.c | 36 +++++++++++++++++++++++++++++++----- 3 files changed, 59 insertions(+), 5 deletions(-) diff --git a/input.c b/input.c index 4e601282..5d37cece 100644 --- a/input.c +++ b/input.c @@ -496,6 +496,33 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { return true; } +size_t input_getRandomInputAsBuf(run_t* run, const uint8_t** buf) { + if (ATOMIC_GET(run->global->io.dynfileqCnt) == 0) { + *buf = NULL; + return 0; + } + + { + MX_SCOPED_RWLOCK_READ(&run->global->io.dynfileq_mutex); + + size_t fileIdx = util_rndGet(0, run->global->io.dynfileqCnt - 1); + struct dynfile_t* cur = TAILQ_FIRST(&run->global->io.dynfileq); + for (size_t i = 0; i < fileIdx; i++) { + cur = TAILQ_NEXT(cur, pointers); + if (cur == NULL) { + LOG_E("Dynamic file index is NULL when iterating through dynamic corpus, i:%zu, " + "idx:%zu, totalSize:%zu", + i, fileIdx, run->global->io.dynfileqCnt); + *buf = NULL; + return 0; + } + } + + *buf = cur->data; + return cur->size; + } +} + static bool input_shouldReadNewFile(run_t* run) { if (fuzz_getState(run->global) != _HF_STATE_DYNAMIC_DRY_RUN || run->global->cfg.minimize) { input_setSize(run, run->global->mutate.maxInputSz); diff --git a/input.h b/input.h index 2880c12d..4e8f2404 100644 --- a/input.h +++ b/input.h @@ -39,6 +39,7 @@ extern void input_addDynamicInput( honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov[4], const char* path); extern void input_renumerateInputs(honggfuzz_t* hfuzz); extern bool input_prepareDynamicInput(run_t* run, bool needs_mangle); +extern size_t input_getRandomInputAsBuf(run_t* run, const uint8_t** buf); extern bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle); extern void input_removeStaticFile(const char* dir, const char* name); extern bool input_prepareExternalFile(run_t* run); diff --git a/mangle.c b/mangle.c index 7f4bbc66..5cfbca2d 100644 --- a/mangle.c +++ b/mangle.c @@ -386,7 +386,7 @@ static void mangle_Magic(run_t* run, bool printable) { } } -static void mangle_DictionaryNoCheck( +static void mangle_Insert( run_t* run, const uint8_t* val, size_t len, bool printable, bool inflate) { size_t off = mangle_getOffSet(run); if (inflate) { @@ -401,7 +401,7 @@ static void mangle_DictionaryInsert(run_t* run, bool printable) { return; } uint64_t choice = util_rndGet(0, run->global->mutate.dictionaryCnt - 1); - mangle_DictionaryNoCheck(run, run->global->mutate.dictionary[choice].val, + mangle_Insert(run, run->global->mutate.dictionary[choice].val, run->global->mutate.dictionary[choice].len, printable, /* inflate= */ true); } @@ -411,7 +411,7 @@ static void mangle_DictionaryOverwrite(run_t* run, bool printable) { return; } uint64_t choice = util_rndGet(0, run->global->mutate.dictionaryCnt - 1); - mangle_DictionaryNoCheck(run, run->global->mutate.dictionary[choice].val, + mangle_Insert(run, run->global->mutate.dictionary[choice].val, run->global->mutate.dictionary[choice].len, printable, /* inflate= */ false); } @@ -442,7 +442,7 @@ static void mangle_ConstFeedbackInsert(run_t* run, bool printable) { mangle_Magic(run, printable); return; } - mangle_DictionaryNoCheck(run, val, len, printable, /* inflate= */ true); + mangle_Insert(run, val, len, printable, /* inflate= */ true); } static void mangle_ConstFeedbackOverwrite(run_t* run, bool printable) { @@ -452,7 +452,7 @@ static void mangle_ConstFeedbackOverwrite(run_t* run, bool printable) { mangle_Magic(run, printable); return; } - mangle_DictionaryNoCheck(run, val, len, printable, /* inflate= */ false); + mangle_Insert(run, val, len, printable, /* inflate= */ false); } static void mangle_MemSetWithVal(run_t* run, int val) { @@ -651,6 +651,30 @@ static void mangle_ASCIIVal(run_t* run, bool printable HF_ATTR_UNUSED) { mangle_Overwrite(run, (uint8_t*)buf, off, util_rndGet(2, 8)); } +static void mangle_SpliceOverwrite(run_t* run, bool printable) { + const uint8_t* buf; + size_t sz = input_getRandomInputAsBuf(run, &buf); + if (!sz) { + return mangle_Bytes(run, printable); + } + + size_t remoteOff = util_rndGet(0, sz - 1); + size_t remoteLen = util_rndGet(1, sz - remoteOff); + mangle_Insert(run, &buf[remoteOff], remoteLen, printable, /* inflate= */ false); +} + +static void mangle_SpliceInsert(run_t* run, bool printable) { + const uint8_t* buf; + size_t sz = input_getRandomInputAsBuf(run, &buf); + if (!sz) { + return mangle_Bytes(run, printable); + } + + size_t remoteOff = util_rndGet(0, sz - 1); + size_t remoteLen = util_rndGet(1, sz - remoteOff); + mangle_Insert(run, &buf[remoteOff], remoteLen, printable, /* inflate= */ true); +} + void mangle_mangleContent(run_t* run) { static void (*const mangleFuncs[])(run_t * run, bool printable) = { mangle_Bit, @@ -670,6 +694,8 @@ void mangle_mangleContent(run_t* run) { mangle_Expand, mangle_Shrink, mangle_ASCIIVal, + mangle_SpliceOverwrite, + mangle_SpliceInsert, mangle_Resize, }; -- cgit v1.2.3 From f597888a6a7780a016327676ea1b4cfc7b261794 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 21 Mar 2020 13:13:37 +0100 Subject: make indent --- input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/input.c b/input.c index 5d37cece..d1087266 100644 --- a/input.c +++ b/input.c @@ -505,7 +505,7 @@ size_t input_getRandomInputAsBuf(run_t* run, const uint8_t** buf) { { MX_SCOPED_RWLOCK_READ(&run->global->io.dynfileq_mutex); - size_t fileIdx = util_rndGet(0, run->global->io.dynfileqCnt - 1); + size_t fileIdx = util_rndGet(0, run->global->io.dynfileqCnt - 1); struct dynfile_t* cur = TAILQ_FIRST(&run->global->io.dynfileq); for (size_t i = 0; i < fileIdx; i++) { cur = TAILQ_NEXT(cur, pointers); -- cgit v1.2.3 From 082a200fa85f3af971b6b1c667e9d8baeb963a8e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 21 Mar 2020 17:50:13 +0100 Subject: mangle: add first version of cross-file splicing - make it faster by using a circular buffer --- cmdline.c | 2 ++ honggfuzz.h | 2 ++ input.c | 30 +++++++++++++----------------- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/cmdline.c b/cmdline.c index 320d9f2b..95c617c8 100644 --- a/cmdline.c +++ b/cmdline.c @@ -294,6 +294,8 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .dynfileqCnt = 0U, .dynfileq_mutex = PTHREAD_RWLOCK_INITIALIZER, .dynfileqCurrent = NULL, + .dynfileq2_mutex = PTHREAD_RWLOCK_INITIALIZER, + .dynfileq2Current = NULL, .exportFeedback = false, }, .exe = diff --git a/honggfuzz.h b/honggfuzz.h index 7be07475..295020ac 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -226,6 +226,8 @@ typedef struct { size_t dynfileqCnt; pthread_rwlock_t dynfileq_mutex; struct dynfile_t* dynfileqCurrent; + pthread_rwlock_t dynfileq2_mutex; + struct dynfile_t* dynfileq2Current; TAILQ_HEAD(dyns_t, dynfile_t) dynfileq; bool exportFeedback; } io; diff --git a/input.c b/input.c index d1087266..de7a85fe 100644 --- a/input.c +++ b/input.c @@ -502,25 +502,21 @@ size_t input_getRandomInputAsBuf(run_t* run, const uint8_t** buf) { return 0; } - { - MX_SCOPED_RWLOCK_READ(&run->global->io.dynfileq_mutex); - - size_t fileIdx = util_rndGet(0, run->global->io.dynfileqCnt - 1); - struct dynfile_t* cur = TAILQ_FIRST(&run->global->io.dynfileq); - for (size_t i = 0; i < fileIdx; i++) { - cur = TAILQ_NEXT(cur, pointers); - if (cur == NULL) { - LOG_E("Dynamic file index is NULL when iterating through dynamic corpus, i:%zu, " - "idx:%zu, totalSize:%zu", - i, fileIdx, run->global->io.dynfileqCnt); - *buf = NULL; - return 0; - } - } + MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq2_mutex); - *buf = cur->data; - return cur->size; + if (run->global->io.dynfileq2Current == NULL) { + run->global->io.dynfileq2Current = TAILQ_FIRST(&run->global->io.dynfileq); } + + struct dynfile_t* current = run->global->io.dynfileq2Current; + + run->global->io.dynfileq2Current = TAILQ_NEXT(run->global->io.dynfileq2Current, pointers); + if (run->global->io.dynfileq2Current == NULL) { + run->global->io.dynfileq2Current = TAILQ_FIRST(&run->global->io.dynfileq); + } + + *buf = current->data; + return current->size; } static bool input_shouldReadNewFile(run_t* run) { -- cgit v1.2.3 From e7d04b08f41fe7a65aa9c2c40cb4b02ff85cc5a1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 21 Mar 2020 23:12:27 +0100 Subject: input: simpler input_getRandomInputAsBuf --- cmdline.c | 1 - honggfuzz.h | 1 - input.c | 23 +++++++++++------------ 3 files changed, 11 insertions(+), 14 deletions(-) diff --git a/cmdline.c b/cmdline.c index 95c617c8..5b8dcc92 100644 --- a/cmdline.c +++ b/cmdline.c @@ -294,7 +294,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .dynfileqCnt = 0U, .dynfileq_mutex = PTHREAD_RWLOCK_INITIALIZER, .dynfileqCurrent = NULL, - .dynfileq2_mutex = PTHREAD_RWLOCK_INITIALIZER, .dynfileq2Current = NULL, .exportFeedback = false, }, diff --git a/honggfuzz.h b/honggfuzz.h index 295020ac..dc8fd778 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -226,7 +226,6 @@ typedef struct { size_t dynfileqCnt; pthread_rwlock_t dynfileq_mutex; struct dynfile_t* dynfileqCurrent; - pthread_rwlock_t dynfileq2_mutex; struct dynfile_t* dynfileq2Current; TAILQ_HEAD(dyns_t, dynfile_t) dynfileq; bool exportFeedback; diff --git a/input.c b/input.c index de7a85fe..a7a5da18 100644 --- a/input.c +++ b/input.c @@ -374,7 +374,6 @@ void input_addDynamicInput( } dynfile->size = len; dynfile->tested = 0; - dynfile->idx = 0; dynfile->timeAddedMillis = util_timeNowMillis(); memcpy(dynfile->data, data, len); snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); @@ -382,14 +381,14 @@ void input_addDynamicInput( MX_SCOPED_RWLOCK_WRITE(&hfuzz->io.dynfileq_mutex); hfuzz->io.dynfileqCnt++; + dynfile->idx = hfuzz->io.dynfileqCnt; + hfuzz->io.dynfileqMaxSz = HF_MAX(hfuzz->io.dynfileqMaxSz, len); if (fuzz_getState(hfuzz) == _HF_STATE_DYNAMIC_MAIN) { - dynfile->idx = hfuzz->io.dynfileqCnt; /* Add it with high idx */ TAILQ_INSERT_HEAD(&hfuzz->io.dynfileq, dynfile, pointers); } else { - dynfile->idx = 0; /* Sort it by coverage - put better coverage earlier in the list */ struct dynfile_t* iter = NULL; TAILQ_FOREACH_HF(iter, &hfuzz->io.dynfileq, pointers) { @@ -498,21 +497,21 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { size_t input_getRandomInputAsBuf(run_t* run, const uint8_t** buf) { if (ATOMIC_GET(run->global->io.dynfileqCnt) == 0) { + LOG_E("The dynamic input queue shouldn't be empty"); *buf = NULL; return 0; } - MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq2_mutex); - - if (run->global->io.dynfileq2Current == NULL) { - run->global->io.dynfileq2Current = TAILQ_FIRST(&run->global->io.dynfileq); - } + struct dynfile_t* current = NULL; + { + MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); - struct dynfile_t* current = run->global->io.dynfileq2Current; + if (run->global->io.dynfileq2Current == NULL) { + run->global->io.dynfileq2Current = TAILQ_FIRST(&run->global->io.dynfileq); + } - run->global->io.dynfileq2Current = TAILQ_NEXT(run->global->io.dynfileq2Current, pointers); - if (run->global->io.dynfileq2Current == NULL) { - run->global->io.dynfileq2Current = TAILQ_FIRST(&run->global->io.dynfileq); + current = run->global->io.dynfileq2Current; + run->global->io.dynfileq2Current = TAILQ_NEXT(run->global->io.dynfileq2Current, pointers); } *buf = current->data; -- cgit v1.2.3 From 8db2a2b8fe90d1bde58b5ee54c7d718da279f4d5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 22 Mar 2020 02:33:03 +0100 Subject: mangle: make mangle_AddSub use smaller ranges --- mangle.c | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/mangle.c b/mangle.c index 5cfbca2d..c4749751 100644 --- a/mangle.c +++ b/mangle.c @@ -477,14 +477,12 @@ static void mangle_Random(run_t* run, bool printable) { } } -static void mangle_AddSubWithRange(run_t* run, size_t off, uint64_t varLen) { - int delta = (int)util_rndGet(0, 8192); - delta -= 4096; +static void mangle_AddSubWithRange(run_t* run, size_t off, uint64_t varLen, uint64_t range) { + int64_t delta = (int64_t)util_rndGet(0, range * 2) - (int64_t)range; switch (varLen) { case 1: { run->dynamicFile[off] += delta; - return; break; } case 2: { @@ -499,7 +497,6 @@ static void mangle_AddSubWithRange(run_t* run, size_t off, uint64_t varLen) { val = __builtin_bswap16(val); } mangle_Overwrite(run, (uint8_t*)&val, off, varLen); - return; break; } case 4: { @@ -514,7 +511,6 @@ static void mangle_AddSubWithRange(run_t* run, size_t off, uint64_t varLen) { val = __builtin_bswap32(val); } mangle_Overwrite(run, (uint8_t*)&val, off, varLen); - return; break; } case 8: { @@ -529,12 +525,10 @@ static void mangle_AddSubWithRange(run_t* run, size_t off, uint64_t varLen) { val = __builtin_bswap64(val); } mangle_Overwrite(run, (uint8_t*)&val, off, varLen); - return; break; } default: { - LOG_F("Unknown variable length size: %" PRIu64, varLen); - break; + LOG_F("Unknown variable length size: %zu", varLen); } } } @@ -543,12 +537,30 @@ static void mangle_AddSub(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); /* 1,2,4,8 */ - uint64_t varLen = 1U << util_rndGet(0, 3); + size_t varLen = 1U << util_rndGet(0, 3); if ((run->dynamicFileSz - off) < varLen) { varLen = 1; } - mangle_AddSubWithRange(run, off, varLen); + uint64_t range; + switch (varLen) { + case 1: + range = 16; + break; + case 2: + range = 4096; + break; + case 4: + range = 1048576; + break; + case 8: + range = 268435456; + break; + default: + LOG_F("Invalid operand size: %zu", varLen); + } + + mangle_AddSubWithRange(run, off, varLen, range); if (printable) { util_turnToPrintable((uint8_t*)&run->dynamicFile[off], varLen); } -- cgit v1.2.3 From 4625e6b47437fc43745acd79cf0ca35f3b5eac5f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 22 Mar 2020 02:54:16 +0100 Subject: mangle: remove unnecessary cast to const --- mangle.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/mangle.c b/mangle.c index c4749751..5865ec02 100644 --- a/mangle.c +++ b/mangle.c @@ -386,13 +386,12 @@ static void mangle_Magic(run_t* run, bool printable) { } } -static void mangle_Insert( - run_t* run, const uint8_t* val, size_t len, bool printable, bool inflate) { +static void mangle_Insert(run_t* run, const uint8_t* val, size_t len, bool printable, bool inflate) { size_t off = mangle_getOffSet(run); if (inflate) { mangle_Inflate(run, off, len, printable); } - mangle_Overwrite(run, (const uint8_t*)val, off, len); + mangle_Overwrite(run, val, off, len); } static void mangle_DictionaryInsert(run_t* run, bool printable) { -- cgit v1.2.3 From 1969a32b4d6fcc31aa6af56250a5f92ba65e677f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 22 Mar 2020 12:03:28 +0100 Subject: mangle: add ByteRepeat* procedures --- mangle.c | 565 ++++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 303 insertions(+), 262 deletions(-) diff --git a/mangle.c b/mangle.c index 5865ec02..a797e2f6 100644 --- a/mangle.c +++ b/mangle.c @@ -64,13 +64,17 @@ static inline size_t mangle_getOffSet(run_t* run) { return util_rndGet(0, run->dynamicFileSz - 1); } -static inline void mangle_Overwrite(run_t* run, const uint8_t* src, size_t off, size_t sz) { +static inline void mangle_Overwrite( + run_t* run, const uint8_t* src, size_t off, size_t sz, bool printable) { size_t maxToCopy = run->dynamicFileSz - off; if (sz > maxToCopy) { sz = maxToCopy; } memmove(&run->dynamicFile[off], src, sz); + if (printable) { + util_turnToPrintable(&run->dynamicFile[off], sz); + } } static inline void mangle_Move(run_t* run, size_t off_from, size_t off_to, size_t len) { @@ -129,269 +133,303 @@ static void mangle_Bytes(run_t* run, bool printable) { /* Overwrite with random 1-2-byte values */ size_t toCopy = util_rndGet(1, 2); - mangle_Overwrite(run, (uint8_t*)&buf, off, toCopy); + mangle_Overwrite(run, (uint8_t*)&buf, off, toCopy, printable); } -static void mangle_Bit(run_t* run, bool printable) { +static void mangle_ByteRepeatOverwrite(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - run->dynamicFile[off] ^= (uint8_t)(1U << util_rndGet(0, 7)); - if (printable) { - util_turnToPrintable(&(run->dynamicFile[off]), 1); + size_t destOff = off + 1; + size_t maxSz = run->dynamicFileSz - destOff; + + /* No space to repeat */ + if (!maxSz) { + return mangle_Bytes(run, printable); } + + size_t len = util_rndGet(1, maxSz); + memset(&run->dynamicFile[destOff], run->dynamicFile[off], len); } -static void mangle_Magic(run_t* run, bool printable) { - static const struct { - const uint8_t val[8]; - const size_t size; - } mangleMagicVals[] = { - /* 1B - No endianness */ - {"\x00\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x01\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x02\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x03\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x04\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x05\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x06\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x07\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x08\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x09\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x0A\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x0B\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x0C\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x0D\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x0E\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x0F\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x10\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x20\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x40\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x7E\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x7F\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x80\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\x81\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\xC0\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\xFE\x00\x00\x00\x00\x00\x00\x00", 1}, - {"\xFF\x00\x00\x00\x00\x00\x00\x00", 1}, - /* 2B - NE */ - {"\x00\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x01\x01\x00\x00\x00\x00\x00\x00", 2}, - {"\x80\x80\x00\x00\x00\x00\x00\x00", 2}, - {"\xFF\xFF\x00\x00\x00\x00\x00\x00", 2}, - /* 2B - BE */ - {"\x00\x01\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x02\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x03\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x04\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x05\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x06\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x07\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x08\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x09\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x0A\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x0B\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x0C\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x0D\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x0E\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x0F\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x10\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x20\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x40\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x7E\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x7F\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x80\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x81\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\xC0\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\xFE\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\xFF\x00\x00\x00\x00\x00\x00", 2}, - {"\x7E\xFF\x00\x00\x00\x00\x00\x00", 2}, - {"\x7F\xFF\x00\x00\x00\x00\x00\x00", 2}, - {"\x80\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x80\x01\x00\x00\x00\x00\x00\x00", 2}, - {"\xFF\xFE\x00\x00\x00\x00\x00\x00", 2}, - /* 2B - LE */ - {"\x00\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x01\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x02\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x03\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x04\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x05\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x06\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x07\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x08\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x09\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x0A\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x0B\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x0C\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x0D\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x0E\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x0F\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x10\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x20\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x40\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x7E\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x7F\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x80\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\x81\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\xC0\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\xFE\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\xFF\x00\x00\x00\x00\x00\x00\x00", 2}, - {"\xFF\x7E\x00\x00\x00\x00\x00\x00", 2}, - {"\xFF\x7F\x00\x00\x00\x00\x00\x00", 2}, - {"\x00\x80\x00\x00\x00\x00\x00\x00", 2}, - {"\x01\x80\x00\x00\x00\x00\x00\x00", 2}, - {"\xFE\xFF\x00\x00\x00\x00\x00\x00", 2}, - /* 4B - NE */ - {"\x00\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x01\x01\x01\x01\x00\x00\x00\x00", 4}, - {"\x80\x80\x80\x80\x00\x00\x00\x00", 4}, - {"\xFF\xFF\xFF\xFF\x00\x00\x00\x00", 4}, - /* 4B - BE */ - {"\x00\x00\x00\x01\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x02\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x03\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x04\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x05\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x06\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x07\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x08\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x09\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x0A\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x0B\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x0C\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x0D\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x0E\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x0F\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x10\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x20\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x40\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x7E\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x7F\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x80\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x81\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\xC0\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\xFE\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\xFF\x00\x00\x00\x00", 4}, - {"\x7E\xFF\xFF\xFF\x00\x00\x00\x00", 4}, - {"\x7F\xFF\xFF\xFF\x00\x00\x00\x00", 4}, - {"\x80\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x80\x00\x00\x01\x00\x00\x00\x00", 4}, - {"\xFF\xFF\xFF\xFE\x00\x00\x00\x00", 4}, - /* 4B - LE */ - {"\x00\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x01\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x02\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x03\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x04\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x05\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x06\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x07\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x08\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x09\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x0A\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x0B\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x0C\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x0D\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x0E\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x0F\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x10\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x20\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x40\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x7E\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x7F\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x80\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\x81\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\xC0\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\xFE\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\xFF\x00\x00\x00\x00\x00\x00\x00", 4}, - {"\xFF\xFF\xFF\x7E\x00\x00\x00\x00", 4}, - {"\xFF\xFF\xFF\x7F\x00\x00\x00\x00", 4}, - {"\x00\x00\x00\x80\x00\x00\x00\x00", 4}, - {"\x01\x00\x00\x80\x00\x00\x00\x00", 4}, - {"\xFE\xFF\xFF\xFF\x00\x00\x00\x00", 4}, - /* 8B - NE */ - {"\x00\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x01\x01\x01\x01\x01\x01\x01\x01", 8}, - {"\x80\x80\x80\x80\x80\x80\x80\x80", 8}, - {"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, - /* 8B - BE */ - {"\x00\x00\x00\x00\x00\x00\x00\x01", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x02", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x03", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x04", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x05", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x06", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x07", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x08", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x09", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x0A", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x0B", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x0C", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x0D", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x0E", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x0F", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x10", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x20", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x40", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x7E", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x7F", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x80", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x81", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\xC0", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\xFE", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\xFF", 8}, - {"\x7E\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, - {"\x7F\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, - {"\x80\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x80\x00\x00\x00\x00\x00\x00\x01", 8}, - {"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE", 8}, - /* 8B - LE */ - {"\x00\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x01\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x02\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x03\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x04\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x05\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x06\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x07\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x08\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x09\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x0A\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x0B\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x0C\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x0D\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x0E\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x0F\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x10\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x20\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x40\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x7E\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x7F\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x80\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\x81\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\xC0\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\xFE\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\xFF\x00\x00\x00\x00\x00\x00\x00", 8}, - {"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x7E", 8}, - {"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x7F", 8}, - {"\x00\x00\x00\x00\x00\x00\x00\x80", 8}, - {"\x01\x00\x00\x00\x00\x00\x00\x80", 8}, - {"\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, - }; +static void mangle_ByteRepeatInsert(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicVals) - 1); - mangle_Overwrite(run, mangleMagicVals[choice].val, off, mangleMagicVals[choice].size); + size_t destOff = off + 1; + size_t maxSz = run->dynamicFileSz - destOff; + + /* No space to repeat */ + if (!maxSz) { + return mangle_Bytes(run, printable); + } + + size_t len = util_rndGet(1, maxSz); + mangle_Inflate(run, destOff, len, printable); + memset(&run->dynamicFile[destOff], run->dynamicFile[off], len); +} +static void mangle_Bit(run_t* run, bool printable) { + size_t off = mangle_getOffSet(run); + run->dynamicFile[off] ^= (uint8_t)(1U << util_rndGet(0, 7)); if (printable) { - util_turnToPrintable(&run->dynamicFile[off], mangleMagicVals[choice].size); + util_turnToPrintable(&(run->dynamicFile[off]), 1); } } -static void mangle_Insert(run_t* run, const uint8_t* val, size_t len, bool printable, bool inflate) { +static void mangle_Insert( + run_t* run, const uint8_t* val, size_t len, bool printable, bool inflate) { size_t off = mangle_getOffSet(run); if (inflate) { mangle_Inflate(run, off, len, printable); } - mangle_Overwrite(run, val, off, len); + mangle_Overwrite(run, val, off, len, printable); +} + +static const struct { + const uint8_t val[8]; + const size_t size; +} mangleMagicVals[] = { + /* 1B - No endianness */ + {"\x00\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x01\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x02\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x03\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x04\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x05\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x06\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x07\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x08\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x09\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x0A\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x0B\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x0C\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x0D\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x0E\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x0F\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x10\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x20\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x40\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x7E\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x7F\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x80\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\x81\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\xC0\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\xFE\x00\x00\x00\x00\x00\x00\x00", 1}, + {"\xFF\x00\x00\x00\x00\x00\x00\x00", 1}, + /* 2B - NE */ + {"\x00\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x01\x01\x00\x00\x00\x00\x00\x00", 2}, + {"\x80\x80\x00\x00\x00\x00\x00\x00", 2}, + {"\xFF\xFF\x00\x00\x00\x00\x00\x00", 2}, + /* 2B - BE */ + {"\x00\x01\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x02\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x03\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x04\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x05\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x06\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x07\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x08\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x09\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x0A\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x0B\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x0C\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x0D\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x0E\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x0F\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x10\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x20\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x40\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x7E\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x7F\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x80\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x81\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\xC0\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\xFE\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\xFF\x00\x00\x00\x00\x00\x00", 2}, + {"\x7E\xFF\x00\x00\x00\x00\x00\x00", 2}, + {"\x7F\xFF\x00\x00\x00\x00\x00\x00", 2}, + {"\x80\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x80\x01\x00\x00\x00\x00\x00\x00", 2}, + {"\xFF\xFE\x00\x00\x00\x00\x00\x00", 2}, + /* 2B - LE */ + {"\x00\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x01\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x02\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x03\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x04\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x05\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x06\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x07\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x08\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x09\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x0A\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x0B\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x0C\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x0D\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x0E\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x0F\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x10\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x20\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x40\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x7E\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x7F\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x80\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\x81\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\xC0\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\xFE\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\xFF\x00\x00\x00\x00\x00\x00\x00", 2}, + {"\xFF\x7E\x00\x00\x00\x00\x00\x00", 2}, + {"\xFF\x7F\x00\x00\x00\x00\x00\x00", 2}, + {"\x00\x80\x00\x00\x00\x00\x00\x00", 2}, + {"\x01\x80\x00\x00\x00\x00\x00\x00", 2}, + {"\xFE\xFF\x00\x00\x00\x00\x00\x00", 2}, + /* 4B - NE */ + {"\x00\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x01\x01\x01\x01\x00\x00\x00\x00", 4}, + {"\x80\x80\x80\x80\x00\x00\x00\x00", 4}, + {"\xFF\xFF\xFF\xFF\x00\x00\x00\x00", 4}, + /* 4B - BE */ + {"\x00\x00\x00\x01\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x02\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x03\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x04\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x05\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x06\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x07\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x08\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x09\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x0A\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x0B\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x0C\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x0D\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x0E\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x0F\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x10\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x20\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x40\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x7E\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x7F\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x80\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x81\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\xC0\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\xFE\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\xFF\x00\x00\x00\x00", 4}, + {"\x7E\xFF\xFF\xFF\x00\x00\x00\x00", 4}, + {"\x7F\xFF\xFF\xFF\x00\x00\x00\x00", 4}, + {"\x80\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x80\x00\x00\x01\x00\x00\x00\x00", 4}, + {"\xFF\xFF\xFF\xFE\x00\x00\x00\x00", 4}, + /* 4B - LE */ + {"\x00\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x01\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x02\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x03\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x04\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x05\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x06\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x07\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x08\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x09\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x0A\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x0B\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x0C\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x0D\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x0E\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x0F\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x10\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x20\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x40\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x7E\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x7F\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x80\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\x81\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\xC0\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\xFE\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\xFF\x00\x00\x00\x00\x00\x00\x00", 4}, + {"\xFF\xFF\xFF\x7E\x00\x00\x00\x00", 4}, + {"\xFF\xFF\xFF\x7F\x00\x00\x00\x00", 4}, + {"\x00\x00\x00\x80\x00\x00\x00\x00", 4}, + {"\x01\x00\x00\x80\x00\x00\x00\x00", 4}, + {"\xFE\xFF\xFF\xFF\x00\x00\x00\x00", 4}, + /* 8B - NE */ + {"\x00\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x01\x01\x01\x01\x01\x01\x01\x01", 8}, + {"\x80\x80\x80\x80\x80\x80\x80\x80", 8}, + {"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, + /* 8B - BE */ + {"\x00\x00\x00\x00\x00\x00\x00\x01", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x02", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x03", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x04", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x05", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x06", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x07", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x08", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x09", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x0A", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x0B", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x0C", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x0D", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x0E", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x0F", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x10", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x20", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x40", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x7E", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x7F", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x80", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x81", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\xC0", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\xFE", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\xFF", 8}, + {"\x7E\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, + {"\x7F\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, + {"\x80\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x80\x00\x00\x00\x00\x00\x00\x01", 8}, + {"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE", 8}, + /* 8B - LE */ + {"\x00\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x01\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x02\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x03\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x04\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x05\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x06\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x07\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x08\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x09\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x0A\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x0B\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x0C\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x0D\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x0E\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x0F\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x10\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x20\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x40\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x7E\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x7F\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x80\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\x81\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\xC0\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\xFE\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\xFF\x00\x00\x00\x00\x00\x00\x00", 8}, + {"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x7E", 8}, + {"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x7F", 8}, + {"\x00\x00\x00\x00\x00\x00\x00\x80", 8}, + {"\x01\x00\x00\x00\x00\x00\x00\x80", 8}, + {"\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, +}; + +static void mangle_MagicOverwrite(run_t* run, bool printable) { + size_t off = mangle_getOffSet(run); + uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicVals) - 1); + mangle_Overwrite( + run, mangleMagicVals[choice].val, off, mangleMagicVals[choice].size, printable); +} + +static void mangle_MagicInsert(run_t* run, bool printable) { + uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicVals) - 1); + mangle_Insert(run, mangleMagicVals[choice].val, mangleMagicVals[choice].size, printable, + /* inflate= */ true); } static void mangle_DictionaryInsert(run_t* run, bool printable) { @@ -438,7 +476,7 @@ static void mangle_ConstFeedbackInsert(run_t* run, bool printable) { size_t len; const uint8_t* val = mangle_FeedbackDict(run, &len); if (val == NULL) { - mangle_Magic(run, printable); + mangle_Bytes(run, printable); return; } mangle_Insert(run, val, len, printable, /* inflate= */ true); @@ -448,7 +486,7 @@ static void mangle_ConstFeedbackOverwrite(run_t* run, bool printable) { size_t len; const uint8_t* val = mangle_FeedbackDict(run, &len); if (val == NULL) { - mangle_Magic(run, printable); + mangle_Bytes(run, printable); return; } mangle_Insert(run, val, len, printable, /* inflate= */ false); @@ -476,7 +514,8 @@ static void mangle_Random(run_t* run, bool printable) { } } -static void mangle_AddSubWithRange(run_t* run, size_t off, uint64_t varLen, uint64_t range) { +static void mangle_AddSubWithRange( + run_t* run, size_t off, uint64_t varLen, uint64_t range, bool printable) { int64_t delta = (int64_t)util_rndGet(0, range * 2) - (int64_t)range; switch (varLen) { @@ -495,7 +534,7 @@ static void mangle_AddSubWithRange(run_t* run, size_t off, uint64_t varLen, uint val += delta; val = __builtin_bswap16(val); } - mangle_Overwrite(run, (uint8_t*)&val, off, varLen); + mangle_Overwrite(run, (uint8_t*)&val, off, varLen, printable); break; } case 4: { @@ -509,7 +548,7 @@ static void mangle_AddSubWithRange(run_t* run, size_t off, uint64_t varLen, uint val += delta; val = __builtin_bswap32(val); } - mangle_Overwrite(run, (uint8_t*)&val, off, varLen); + mangle_Overwrite(run, (uint8_t*)&val, off, varLen, printable); break; } case 8: { @@ -523,7 +562,7 @@ static void mangle_AddSubWithRange(run_t* run, size_t off, uint64_t varLen, uint val += delta; val = __builtin_bswap64(val); } - mangle_Overwrite(run, (uint8_t*)&val, off, varLen); + mangle_Overwrite(run, (uint8_t*)&val, off, varLen, printable); break; } default: { @@ -559,10 +598,7 @@ static void mangle_AddSub(run_t* run, bool printable) { LOG_F("Invalid operand size: %zu", varLen); } - mangle_AddSubWithRange(run, off, varLen, range); - if (printable) { - util_turnToPrintable((uint8_t*)&run->dynamicFile[off], varLen); - } + mangle_AddSubWithRange(run, off, varLen, range, printable); } static void mangle_IncByte(run_t* run, bool printable) { @@ -654,12 +690,12 @@ static void mangle_Resize(run_t* run, bool printable) { } } -static void mangle_ASCIIVal(run_t* run, bool printable HF_ATTR_UNUSED) { +static void mangle_ASCIIVal(run_t* run, bool printable) { char buf[20]; snprintf(buf, sizeof(buf), "%-19" PRId64, (int64_t)util_rnd64()); size_t off = mangle_getOffSet(run); - mangle_Overwrite(run, (uint8_t*)buf, off, util_rndGet(2, 8)); + mangle_Overwrite(run, (uint8_t*)buf, off, util_rndGet(2, 8), printable); } static void mangle_SpliceOverwrite(run_t* run, bool printable) { @@ -690,7 +726,10 @@ void mangle_mangleContent(run_t* run) { static void (*const mangleFuncs[])(run_t * run, bool printable) = { mangle_Bit, mangle_Bytes, - mangle_Magic, + mangle_ByteRepeatOverwrite, + mangle_ByteRepeatInsert, + mangle_MagicOverwrite, + mangle_MagicInsert, mangle_IncByte, mangle_DecByte, mangle_NegByte, @@ -714,7 +753,9 @@ void mangle_mangleContent(run_t* run) { return; } - mangle_Resize(run, /* printable= */ run->global->cfg.only_printable); + if (run->dynamicFileSz == 0) { + mangle_Resize(run, /* printable= */ run->global->cfg.only_printable); + } /* Max number of stacked changes is, by default, 6 */ uint64_t changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); -- cgit v1.2.3 From 973b4c2dfca1b2c0e6e9a842ec07a24109a996dc Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 22 Mar 2020 12:11:37 +0100 Subject: mangle: add some overwrite/insert versions --- mangle.c | 56 ++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 42 insertions(+), 14 deletions(-) diff --git a/mangle.c b/mangle.c index a797e2f6..c1a732a7 100644 --- a/mangle.c +++ b/mangle.c @@ -504,7 +504,7 @@ static void mangle_MemSet(run_t* run, bool printable) { run, printable ? (int)util_rndPrintable() : (int)util_rndGet(0, UINT8_MAX)); } -static void mangle_Random(run_t* run, bool printable) { +static void mangle_RandomOverwrite(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); size_t len = util_rndGet(1, run->dynamicFileSz - off); if (printable) { @@ -514,6 +514,19 @@ static void mangle_Random(run_t* run, bool printable) { } } +static void mangle_RandomInsert(run_t* run, bool printable) { + size_t off = mangle_getOffSet(run); + size_t len = util_rndGet(1, run->dynamicFileSz - off); + + mangle_Inflate(run, off, len, printable); + + if (printable) { + util_rndBufPrintable(&run->dynamicFile[off], len); + } else { + util_rndBuf(&run->dynamicFile[off], len); + } +} + static void mangle_AddSubWithRange( run_t* run, size_t off, uint64_t varLen, uint64_t range, bool printable) { int64_t delta = (int64_t)util_rndGet(0, range * 2) - (int64_t)range; @@ -690,12 +703,25 @@ static void mangle_Resize(run_t* run, bool printable) { } } -static void mangle_ASCIIVal(run_t* run, bool printable) { +static void mangle_ASCIIValOverwrite(run_t* run, bool printable) { + size_t off = mangle_getOffSet(run); + size_t len = util_rndGet(2, 8); + char buf[20]; snprintf(buf, sizeof(buf), "%-19" PRId64, (int64_t)util_rnd64()); + mangle_Overwrite(run, (uint8_t*)buf, off, len, printable); +} + +static void mangle_ASCIIValInsert(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - mangle_Overwrite(run, (uint8_t*)buf, off, util_rndGet(2, 8), printable); + size_t len = util_rndGet(2, 8); + + char buf[20]; + snprintf(buf, sizeof(buf), "%-19" PRId64, (int64_t)util_rnd64()); + + mangle_Inflate(run, off, len, printable); + mangle_Overwrite(run, (uint8_t*)buf, off, len, printable); } static void mangle_SpliceOverwrite(run_t* run, bool printable) { @@ -726,27 +752,29 @@ void mangle_mangleContent(run_t* run) { static void (*const mangleFuncs[])(run_t * run, bool printable) = { mangle_Bit, mangle_Bytes, - mangle_ByteRepeatOverwrite, - mangle_ByteRepeatInsert, - mangle_MagicOverwrite, - mangle_MagicInsert, mangle_IncByte, mangle_DecByte, mangle_NegByte, mangle_AddSub, - mangle_DictionaryOverwrite, - mangle_DictionaryInsert, - mangle_ConstFeedbackOverwrite, - mangle_ConstFeedbackInsert, mangle_MemMove, mangle_MemSet, - mangle_Random, mangle_Expand, mangle_Shrink, - mangle_ASCIIVal, + mangle_Resize, + mangle_ASCIIValOverwrite, + mangle_ASCIIValInsert, + mangle_ByteRepeatOverwrite, + mangle_ByteRepeatInsert, + mangle_MagicOverwrite, + mangle_MagicInsert, + mangle_DictionaryOverwrite, + mangle_DictionaryInsert, + mangle_ConstFeedbackOverwrite, + mangle_ConstFeedbackInsert, + mangle_RandomOverwrite, + mangle_RandomInsert, mangle_SpliceOverwrite, mangle_SpliceInsert, - mangle_Resize, }; if (run->mutationsPerRun == 0U) { -- cgit v1.2.3 From 204478e94e6b5dc018b0fef7cc6ab0bccbe520a0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 22 Mar 2020 19:41:35 +0100 Subject: mangle: make most functions depend on mangle_(Insert|Overwrite) --- mangle.c | 128 +++++++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 75 insertions(+), 53 deletions(-) diff --git a/mangle.c b/mangle.c index c1a732a7..adeaac42 100644 --- a/mangle.c +++ b/mangle.c @@ -65,15 +65,18 @@ static inline size_t mangle_getOffSet(run_t* run) { } static inline void mangle_Overwrite( - run_t* run, const uint8_t* src, size_t off, size_t sz, bool printable) { + run_t* run, size_t off, const uint8_t* src, size_t len, bool printable) { + if (len == 0) { + return; + } size_t maxToCopy = run->dynamicFileSz - off; - if (sz > maxToCopy) { - sz = maxToCopy; + if (len > maxToCopy) { + len = maxToCopy; } - memmove(&run->dynamicFile[off], src, sz); + memmove(&run->dynamicFile[off], src, len); if (printable) { - util_turnToPrintable(&run->dynamicFile[off], sz); + util_turnToPrintable(&run->dynamicFile[off], len); } } @@ -98,9 +101,9 @@ static inline void mangle_Move(run_t* run, size_t off_from, size_t off_to, size_ memmove(&run->dynamicFile[off_to], &run->dynamicFile[off_from], len); } -static void mangle_Inflate(run_t* run, size_t off, size_t len, bool printable) { +static inline size_t mangle_Inflate(run_t* run, size_t off, size_t len, bool printable) { if (run->dynamicFileSz >= run->global->mutate.maxInputSz) { - return; + return 0; } if (len > (run->global->mutate.maxInputSz - run->dynamicFileSz)) { len = run->global->mutate.maxInputSz - run->dynamicFileSz; @@ -109,8 +112,16 @@ static void mangle_Inflate(run_t* run, size_t off, size_t len, bool printable) { input_setSize(run, run->dynamicFileSz + len); mangle_Move(run, off, off + len, run->dynamicFileSz); if (printable) { - memset(&run->dynamicFile[off], 'A', len); + memset(&run->dynamicFile[off], ' ', len); } + + return len; +} + +static inline void mangle_Insert( + run_t* run, size_t off, const uint8_t* val, size_t len, bool printable) { + len = mangle_Inflate(run, off, len, printable); + mangle_Overwrite(run, off, val, len, printable); } static void mangle_MemMove(run_t* run, bool printable HF_ATTR_UNUSED) { @@ -121,7 +132,7 @@ static void mangle_MemMove(run_t* run, bool printable HF_ATTR_UNUSED) { mangle_Move(run, off_from, off_to, len); } -static void mangle_Bytes(run_t* run, bool printable) { +static void mangle_BytesOverwrite(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); uint16_t buf; @@ -133,7 +144,21 @@ static void mangle_Bytes(run_t* run, bool printable) { /* Overwrite with random 1-2-byte values */ size_t toCopy = util_rndGet(1, 2); - mangle_Overwrite(run, (uint8_t*)&buf, off, toCopy, printable); + mangle_Overwrite(run, off, (uint8_t*)&buf, toCopy, printable); +} + +static void mangle_BytesInsert(run_t* run, bool printable) { + uint16_t buf; + if (printable) { + util_rndBufPrintable((uint8_t*)&buf, sizeof(buf)); + } else { + buf = util_rnd64(); + } + + size_t off = mangle_getOffSet(run); + /* Insert random 1-2-byte values */ + size_t toCopy = util_rndGet(1, 2); + mangle_Insert(run, off, (uint8_t*)&buf, toCopy, printable); } static void mangle_ByteRepeatOverwrite(run_t* run, bool printable) { @@ -143,7 +168,7 @@ static void mangle_ByteRepeatOverwrite(run_t* run, bool printable) { /* No space to repeat */ if (!maxSz) { - return mangle_Bytes(run, printable); + return mangle_BytesOverwrite(run, printable); } size_t len = util_rndGet(1, maxSz); @@ -157,11 +182,11 @@ static void mangle_ByteRepeatInsert(run_t* run, bool printable) { /* No space to repeat */ if (!maxSz) { - return mangle_Bytes(run, printable); + return mangle_BytesInsert(run, printable); } size_t len = util_rndGet(1, maxSz); - mangle_Inflate(run, destOff, len, printable); + len = mangle_Inflate(run, destOff, len, printable); memset(&run->dynamicFile[destOff], run->dynamicFile[off], len); } @@ -173,15 +198,6 @@ static void mangle_Bit(run_t* run, bool printable) { } } -static void mangle_Insert( - run_t* run, const uint8_t* val, size_t len, bool printable, bool inflate) { - size_t off = mangle_getOffSet(run); - if (inflate) { - mangle_Inflate(run, off, len, printable); - } - mangle_Overwrite(run, val, off, len, printable); -} - static const struct { const uint8_t val[8]; const size_t size; @@ -423,33 +439,35 @@ static void mangle_MagicOverwrite(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicVals) - 1); mangle_Overwrite( - run, mangleMagicVals[choice].val, off, mangleMagicVals[choice].size, printable); + run, off, mangleMagicVals[choice].val, mangleMagicVals[choice].size, printable); } static void mangle_MagicInsert(run_t* run, bool printable) { uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicVals) - 1); - mangle_Insert(run, mangleMagicVals[choice].val, mangleMagicVals[choice].size, printable, - /* inflate= */ true); + size_t off = mangle_getOffSet(run); + mangle_Insert(run, off, mangleMagicVals[choice].val, mangleMagicVals[choice].size, printable); } -static void mangle_DictionaryInsert(run_t* run, bool printable) { +static void mangle_DictionaryOverwrite(run_t* run, bool printable) { if (run->global->mutate.dictionaryCnt == 0) { - mangle_Bytes(run, printable); + mangle_BytesOverwrite(run, printable); return; } + size_t off = mangle_getOffSet(run); uint64_t choice = util_rndGet(0, run->global->mutate.dictionaryCnt - 1); - mangle_Insert(run, run->global->mutate.dictionary[choice].val, - run->global->mutate.dictionary[choice].len, printable, /* inflate= */ true); + mangle_Overwrite(run, off, run->global->mutate.dictionary[choice].val, + run->global->mutate.dictionary[choice].len, printable); } -static void mangle_DictionaryOverwrite(run_t* run, bool printable) { +static void mangle_DictionaryInsert(run_t* run, bool printable) { if (run->global->mutate.dictionaryCnt == 0) { - mangle_Bytes(run, printable); + mangle_BytesInsert(run, printable); return; } uint64_t choice = util_rndGet(0, run->global->mutate.dictionaryCnt - 1); - mangle_Insert(run, run->global->mutate.dictionary[choice].val, - run->global->mutate.dictionary[choice].len, printable, /* inflate= */ false); + size_t off = mangle_getOffSet(run); + mangle_Insert(run, off, run->global->mutate.dictionary[choice].val, + run->global->mutate.dictionary[choice].len, printable); } static const uint8_t* mangle_FeedbackDict(run_t* run, size_t* len) { @@ -476,20 +494,22 @@ static void mangle_ConstFeedbackInsert(run_t* run, bool printable) { size_t len; const uint8_t* val = mangle_FeedbackDict(run, &len); if (val == NULL) { - mangle_Bytes(run, printable); + mangle_BytesInsert(run, printable); return; } - mangle_Insert(run, val, len, printable, /* inflate= */ true); + size_t off = mangle_getOffSet(run); + mangle_Insert(run, off, val, len, printable); } static void mangle_ConstFeedbackOverwrite(run_t* run, bool printable) { size_t len; const uint8_t* val = mangle_FeedbackDict(run, &len); if (val == NULL) { - mangle_Bytes(run, printable); + mangle_BytesOverwrite(run, printable); return; } - mangle_Insert(run, val, len, printable, /* inflate= */ false); + size_t off = mangle_getOffSet(run); + mangle_Overwrite(run, off, val, len, printable); } static void mangle_MemSetWithVal(run_t* run, int val) { @@ -518,7 +538,7 @@ static void mangle_RandomInsert(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); size_t len = util_rndGet(1, run->dynamicFileSz - off); - mangle_Inflate(run, off, len, printable); + len = mangle_Inflate(run, off, len, printable); if (printable) { util_rndBufPrintable(&run->dynamicFile[off], len); @@ -547,7 +567,7 @@ static void mangle_AddSubWithRange( val += delta; val = __builtin_bswap16(val); } - mangle_Overwrite(run, (uint8_t*)&val, off, varLen, printable); + mangle_Overwrite(run, off, (uint8_t*)&val, varLen, printable); break; } case 4: { @@ -561,7 +581,7 @@ static void mangle_AddSubWithRange( val += delta; val = __builtin_bswap32(val); } - mangle_Overwrite(run, (uint8_t*)&val, off, varLen, printable); + mangle_Overwrite(run, off, (uint8_t*)&val, varLen, printable); break; } case 8: { @@ -575,7 +595,7 @@ static void mangle_AddSubWithRange( val += delta; val = __builtin_bswap64(val); } - mangle_Overwrite(run, (uint8_t*)&val, off, varLen, printable); + mangle_Overwrite(run, off, (uint8_t*)&val, varLen, printable); break; } default: { @@ -703,55 +723,55 @@ static void mangle_Resize(run_t* run, bool printable) { } } -static void mangle_ASCIIValOverwrite(run_t* run, bool printable) { +static void mangle_ASCIINumOverwrite(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); size_t len = util_rndGet(2, 8); char buf[20]; snprintf(buf, sizeof(buf), "%-19" PRId64, (int64_t)util_rnd64()); - mangle_Overwrite(run, (uint8_t*)buf, off, len, printable); + mangle_Overwrite(run, off, (uint8_t*)buf, len, printable); } -static void mangle_ASCIIValInsert(run_t* run, bool printable) { +static void mangle_ASCIINumInsert(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); size_t len = util_rndGet(2, 8); char buf[20]; snprintf(buf, sizeof(buf), "%-19" PRId64, (int64_t)util_rnd64()); - mangle_Inflate(run, off, len, printable); - mangle_Overwrite(run, (uint8_t*)buf, off, len, printable); + mangle_Insert(run, off, (uint8_t*)buf, len, printable); } static void mangle_SpliceOverwrite(run_t* run, bool printable) { const uint8_t* buf; size_t sz = input_getRandomInputAsBuf(run, &buf); if (!sz) { - return mangle_Bytes(run, printable); + return mangle_BytesOverwrite(run, printable); } size_t remoteOff = util_rndGet(0, sz - 1); size_t remoteLen = util_rndGet(1, sz - remoteOff); - mangle_Insert(run, &buf[remoteOff], remoteLen, printable, /* inflate= */ false); + size_t off = mangle_getOffSet(run); + mangle_Overwrite(run, off, &buf[remoteOff], remoteLen, printable); } static void mangle_SpliceInsert(run_t* run, bool printable) { const uint8_t* buf; size_t sz = input_getRandomInputAsBuf(run, &buf); if (!sz) { - return mangle_Bytes(run, printable); + return mangle_BytesInsert(run, printable); } size_t remoteOff = util_rndGet(0, sz - 1); size_t remoteLen = util_rndGet(1, sz - remoteOff); - mangle_Insert(run, &buf[remoteOff], remoteLen, printable, /* inflate= */ true); + size_t off = mangle_getOffSet(run); + mangle_Insert(run, off, &buf[remoteOff], remoteLen, printable); } void mangle_mangleContent(run_t* run) { static void (*const mangleFuncs[])(run_t * run, bool printable) = { mangle_Bit, - mangle_Bytes, mangle_IncByte, mangle_DecByte, mangle_NegByte, @@ -761,8 +781,10 @@ void mangle_mangleContent(run_t* run) { mangle_Expand, mangle_Shrink, mangle_Resize, - mangle_ASCIIValOverwrite, - mangle_ASCIIValInsert, + mangle_BytesOverwrite, + mangle_BytesInsert, + mangle_ASCIINumOverwrite, + mangle_ASCIINumInsert, mangle_ByteRepeatOverwrite, mangle_ByteRepeatInsert, mangle_MagicOverwrite, -- cgit v1.2.3 From 939fb455e7a9b430f7751e0bd14e9f1c09eb0c47 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 22 Mar 2020 19:51:06 +0100 Subject: mangle: const-ize functions --- mangle.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/mangle.c b/mangle.c index adeaac42..fcb095a2 100644 --- a/mangle.c +++ b/mangle.c @@ -64,22 +64,6 @@ static inline size_t mangle_getOffSet(run_t* run) { return util_rndGet(0, run->dynamicFileSz - 1); } -static inline void mangle_Overwrite( - run_t* run, size_t off, const uint8_t* src, size_t len, bool printable) { - if (len == 0) { - return; - } - size_t maxToCopy = run->dynamicFileSz - off; - if (len > maxToCopy) { - len = maxToCopy; - } - - memmove(&run->dynamicFile[off], src, len); - if (printable) { - util_turnToPrintable(&run->dynamicFile[off], len); - } -} - static inline void mangle_Move(run_t* run, size_t off_from, size_t off_to, size_t len) { if (off_from >= run->dynamicFileSz) { return; @@ -101,6 +85,22 @@ static inline void mangle_Move(run_t* run, size_t off_from, size_t off_to, size_ memmove(&run->dynamicFile[off_to], &run->dynamicFile[off_from], len); } +static inline void mangle_Overwrite( + run_t* run, size_t off, const uint8_t* src, size_t len, bool printable) { + if (len == 0) { + return; + } + size_t maxToCopy = run->dynamicFileSz - off; + if (len > maxToCopy) { + len = maxToCopy; + } + + memmove(&run->dynamicFile[off], src, len); + if (printable) { + util_turnToPrintable(&run->dynamicFile[off], len); + } +} + static inline size_t mangle_Inflate(run_t* run, size_t off, size_t len, bool printable) { if (run->dynamicFileSz >= run->global->mutate.maxInputSz) { return 0; @@ -730,7 +730,7 @@ static void mangle_ASCIINumOverwrite(run_t* run, bool printable) { char buf[20]; snprintf(buf, sizeof(buf), "%-19" PRId64, (int64_t)util_rnd64()); - mangle_Overwrite(run, off, (uint8_t*)buf, len, printable); + mangle_Overwrite(run, off, (const uint8_t*)buf, len, printable); } static void mangle_ASCIINumInsert(run_t* run, bool printable) { @@ -740,7 +740,7 @@ static void mangle_ASCIINumInsert(run_t* run, bool printable) { char buf[20]; snprintf(buf, sizeof(buf), "%-19" PRId64, (int64_t)util_rnd64()); - mangle_Insert(run, off, (uint8_t*)buf, len, printable); + mangle_Insert(run, off, (const uint8_t*)buf, len, printable); } static void mangle_SpliceOverwrite(run_t* run, bool printable) { -- cgit v1.2.3 From 66ffec30dbd959841aad81e6eee358175c82bab8 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 22 Mar 2020 19:52:28 +0100 Subject: mangle: move functions around --- mangle.c | 87 ++++++++++++++++++++++++++++++++-------------------------------- 1 file changed, 43 insertions(+), 44 deletions(-) diff --git a/mangle.c b/mangle.c index fcb095a2..7752c63e 100644 --- a/mangle.c +++ b/mangle.c @@ -679,50 +679,6 @@ static void mangle_Shrink(run_t* run, bool printable HF_ATTR_UNUSED) { mangle_Move(run, off_start, off_end, run->dynamicFileSz - off_start); input_setSize(run, run->dynamicFileSz - (off_start - off_end)); } - -static void mangle_Resize(run_t* run, bool printable) { - ssize_t oldsz = run->dynamicFileSz; - ssize_t newsz = 0; - - uint64_t choice = util_rndGet(0, 32); - switch (choice) { - case 0: /* Set new size arbitrarily */ - newsz = (ssize_t)util_rndGet(1, run->global->mutate.maxInputSz); - break; - case 1 ... 4: /* Increase size by a small value */ - newsz = oldsz + (ssize_t)util_rndGet(0, 8); - break; - case 5: /* Increase size by a larger value */ - newsz = oldsz + (ssize_t)util_rndGet(9, 128); - break; - case 6 ... 9: /* Decrease size by a small value */ - newsz = oldsz - (ssize_t)util_rndGet(0, 8); - break; - case 10: /* Decrease size by a larger value */ - newsz = oldsz - (ssize_t)util_rndGet(9, 128); - break; - case 11 ... 32: /* Do nothing */ - newsz = oldsz; - break; - default: - LOG_F("Illegal value from util_rndGet: %" PRIu64, choice); - break; - } - if (newsz < 1) { - newsz = 1; - } - if (newsz > (ssize_t)run->global->mutate.maxInputSz) { - newsz = run->global->mutate.maxInputSz; - } - - input_setSize(run, (size_t)newsz); - if (newsz > oldsz) { - if (printable) { - memset(&run->dynamicFile[oldsz], 'A', newsz - oldsz); - } - } -} - static void mangle_ASCIINumOverwrite(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); size_t len = util_rndGet(2, 8); @@ -769,6 +725,49 @@ static void mangle_SpliceInsert(run_t* run, bool printable) { mangle_Insert(run, off, &buf[remoteOff], remoteLen, printable); } +static void mangle_Resize(run_t* run, bool printable) { + ssize_t oldsz = run->dynamicFileSz; + ssize_t newsz = 0; + + uint64_t choice = util_rndGet(0, 32); + switch (choice) { + case 0: /* Set new size arbitrarily */ + newsz = (ssize_t)util_rndGet(1, run->global->mutate.maxInputSz); + break; + case 1 ... 4: /* Increase size by a small value */ + newsz = oldsz + (ssize_t)util_rndGet(0, 8); + break; + case 5: /* Increase size by a larger value */ + newsz = oldsz + (ssize_t)util_rndGet(9, 128); + break; + case 6 ... 9: /* Decrease size by a small value */ + newsz = oldsz - (ssize_t)util_rndGet(0, 8); + break; + case 10: /* Decrease size by a larger value */ + newsz = oldsz - (ssize_t)util_rndGet(9, 128); + break; + case 11 ... 32: /* Do nothing */ + newsz = oldsz; + break; + default: + LOG_F("Illegal value from util_rndGet: %" PRIu64, choice); + break; + } + if (newsz < 1) { + newsz = 1; + } + if (newsz > (ssize_t)run->global->mutate.maxInputSz) { + newsz = run->global->mutate.maxInputSz; + } + + input_setSize(run, (size_t)newsz); + if (newsz > oldsz) { + if (printable) { + memset(&run->dynamicFile[oldsz], 'A', newsz - oldsz); + } + } +} + void mangle_mangleContent(run_t* run) { static void (*const mangleFuncs[])(run_t * run, bool printable) = { mangle_Bit, -- cgit v1.2.3 From 27c3ad6ae5fb234c1b8db19458f461ba6e7d6c2c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 22 Mar 2020 19:57:13 +0100 Subject: mangle: make getOffSet prefer lower values --- mangle.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/mangle.c b/mangle.c index 7752c63e..5595aa27 100644 --- a/mangle.c +++ b/mangle.c @@ -41,18 +41,28 @@ /* Spend at least 3/4 of time on modifying the first 8kB of input */ static inline size_t mangle_getOffSet(run_t* run) { - switch (util_rnd64() % 4) { + switch (util_rnd64() % 10) { case 0: - if (run->dynamicFileSz <= 128) { + if (run->dynamicFileSz <= 16) { break; } - return util_rndGet(0, 128); + return util_rndGet(0, 16); case 1: + if (run->dynamicFileSz <= 64) { + break; + } + return util_rndGet(0, 64); + case 2: + if (run->dynamicFileSz <= 256) { + break; + } + return util_rndGet(0, 256); + case 3: if (run->dynamicFileSz <= 1024) { break; } return util_rndGet(0, 1024); - case 2: + case 4: if (run->dynamicFileSz <= 8192) { break; } -- cgit v1.2.3 From bb63f44b2050c7bfe2f31a46e25e3e7e711d2148 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 00:27:34 +0100 Subject: mangle: split MemMove into MemCopyOverwrite and MemCopyInsert --- mangle.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/mangle.c b/mangle.c index 5595aa27..7293cb4d 100644 --- a/mangle.c +++ b/mangle.c @@ -134,12 +134,20 @@ static inline void mangle_Insert( mangle_Overwrite(run, off, val, len, printable); } -static void mangle_MemMove(run_t* run, bool printable HF_ATTR_UNUSED) { +static void mangle_MemCopyOverwrite(run_t* run, bool printable HF_ATTR_UNUSED) { size_t off_from = mangle_getOffSet(run); size_t off_to = mangle_getOffSet(run); - size_t len = mangle_getOffSet(run); + size_t len = util_rndGet(1, run->dynamicFileSz - off_from); - mangle_Move(run, off_from, off_to, len); + mangle_Overwrite(run, off_to, &run->dynamicFile[off_from], len, printable); +} + +static void mangle_MemCopyInsert(run_t* run, bool printable) { + size_t off_to = mangle_getOffSet(run); + size_t off_from = mangle_getOffSet(run); + size_t len = util_rndGet(1, run->dynamicFileSz - off_from); + + mangle_Insert(run, off_to, &run->dynamicFile[off_from], len, printable); } static void mangle_BytesOverwrite(run_t* run, bool printable) { @@ -785,11 +793,12 @@ void mangle_mangleContent(run_t* run) { mangle_DecByte, mangle_NegByte, mangle_AddSub, - mangle_MemMove, mangle_MemSet, mangle_Expand, mangle_Shrink, mangle_Resize, + mangle_MemCopyOverwrite, + mangle_MemCopyInsert, mangle_BytesOverwrite, mangle_BytesInsert, mangle_ASCIINumOverwrite, -- cgit v1.2.3 From 7a454d284234fda042f9ef1850d4cda712e04b5a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 02:23:45 +0100 Subject: libhfuzz/libhfcommon: add known (existing in the fuzzed binary) 32/64-bit values to the dynamic dictionary --- libhfcommon/util.c | 69 ++++++++++++++++++++++----- libhfcommon/util.h | 3 +- libhfuzz/instrument.c | 127 +++++++++++++++++++++++++++++++++++--------------- 3 files changed, 149 insertions(+), 50 deletions(-) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index fa514520..601e114a 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -823,33 +823,80 @@ static int addrStatic_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, return LHFC_ADDR_NOTFOUND; } -static int addrStaticRO_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { - void (*callback)(const char* name, uint8_t* start, size_t sz) = data; +lhfc_addr_t util_getProgAddr(const void* addr) { + return (lhfc_addr_t)dl_iterate_phdr(addrStatic_cb, (void*)addr); +} + +static int check32RO_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { + uint32_t v = *(uint32_t*)data; + for (size_t i = 0; i < info->dlpi_phnum; i++) { + /* Look only in the actual binary, and not in libraries */ + if (info->dlpi_name[0] != '\0') { + continue; + } if (info->dlpi_phdr[i].p_type != PT_LOAD) { continue; } if (info->dlpi_phdr[i].p_flags != PF_R) { continue; } - callback(info->dlpi_name, (uint8_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr), - info->dlpi_phdr[i].p_memsz); + uint32_t* start = (uint32_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr); + uint32_t* end = + (uint32_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr + info->dlpi_phdr[i].p_memsz); + /* Assume that the 32bit value looked for is also 32bit aligned */ + for (; start < end; start++) { + if (*start == v) { + return 1; + } + } } return 0; } -lhfc_addr_t util_getProgAddr(const void* addr) { - return (lhfc_addr_t)dl_iterate_phdr(addrStatic_cb, (void*)addr); +bool util_32bitValInRO(uint32_t v) { + return (dl_iterate_phdr(check32RO_cb, &v) == 1); } -void util_runForROSegments(void (*cb)(const char* name, uint8_t* start, size_t sz)) { - dl_iterate_phdr(addrStaticRO_cb, cb); - return; + +static int check64RO_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { + uint64_t v = *(uint64_t*)data; + + for (size_t i = 0; i < info->dlpi_phnum; i++) { + /* Look only in the actual binary, and not in libraries */ + if (info->dlpi_name[0] != '\0') { + continue; + } + if (info->dlpi_phdr[i].p_type != PT_LOAD) { + continue; + } + if (info->dlpi_phdr[i].p_flags != PF_R) { + continue; + } + uint64_t* start = (uint64_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr); + uint64_t* end = + (uint64_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr + info->dlpi_phdr[i].p_memsz); + /* Assume that the 64bit value looked for is also 64bit aligned */ + for (; start < end; start++) { + if (*start == v) { + return 1; + } + } + } + return 0; +} + +bool util_64bitValInRO(uint32_t v) { + return (dl_iterate_phdr(check64RO_cb, &v) == 1); } #else /* !defined(_HF_ARCH_DARWIN) */ +/* Darwin doesn't use ELF file format for binaries, so dl_iterate_phdr() cannot be used there */ lhfc_addr_t util_getProgAddr(const void* addr) { return LHFC_ADDR_NOTFOUND; } -void util_runForROSegments(void (*cb)(const char* name, uint8_t* start, size_t sz)) { - return; +bool util_32bitValInRO(uint32_t v) { + return false; +} +bool util_64bitValInRO(uint32_t v) { + return false; } #endif /* !defined(_HF_ARCH_DARWIN) */ diff --git a/libhfcommon/util.h b/libhfcommon/util.h index 3d949628..4d09229b 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -125,7 +125,8 @@ extern void util_turnToPrintable(uint8_t* buf, size_t sz); extern void util_closeStdio(bool close_stdin, bool close_stdout, bool close_stderr); extern lhfc_addr_t util_getProgAddr(const void* addr); -extern void util_runForROSegments(void (*cb)(const char* name, uint8_t* start, size_t sz)); +extern bool util_32bitValInRO(uint32_t v); +extern bool util_64bitValInRO(uint32_t v); extern uint64_t util_hash(const char* buf, size_t len); extern int64_t fastArray64Search(uint64_t* array, size_t arraySz, uint64_t key); diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 052e9c74..5aa87780 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -141,6 +141,15 @@ __attribute__((weak)) size_t instrumentReserveGuard(size_t cnt) { return base; } +/* Used to limit certain expensive actions, like adding values to dictionaries */ +static inline bool instrumentLimitEvery(uint64_t step) { + static uint64_t staticCnt = 0; + if ((ATOMIC_POST_INC(staticCnt) % step) == 0) { + return true; + } + return false; +} + static inline int _memcmp(const uint8_t* m1, const uint8_t* m2, size_t n) { for (size_t i = 0; i < n; i++) { if (m1[i] != m2[i]) { @@ -149,6 +158,36 @@ static inline int _memcmp(const uint8_t* m1, const uint8_t* m2, size_t n) { } return 0; } + +static inline void instrumentAddConstMemInternal(const void* mem, size_t len) { + if (len == 0) { + return; + } + if (len > sizeof(cmpFeedback->valArr[0].val)) { + len = sizeof(cmpFeedback->valArr[0].val); + } + uint32_t curroff = ATOMIC_GET(cmpFeedback->cnt); + if (curroff >= ARRAYSIZE(cmpFeedback->valArr)) { + return; + } + + for (uint32_t i = 0; i < curroff; i++) { + if ((len == ATOMIC_GET(cmpFeedback->valArr[i].len)) && + _memcmp(cmpFeedback->valArr[i].val, mem, len) == 0) { + return; + } + } + + uint32_t newoff = ATOMIC_POST_INC(cmpFeedback->cnt); + if (newoff >= ARRAYSIZE(cmpFeedback->valArr)) { + ATOMIC_SET(cmpFeedback->cnt, ARRAYSIZE(cmpFeedback->valArr)); + return; + } + + memcpy(cmpFeedback->valArr[newoff].val, mem, len); + ATOMIC_SET(cmpFeedback->valArr[newoff].len, len); +} + /* * -finstrument-functions */ @@ -243,10 +282,60 @@ void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { } void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { + if (instrumentLimitEvery(511)) { + if (Arg1 > 0xffff && Arg1 < 0xffff0000) { + uint32_t bswp = __builtin_bswap32(Arg1); + if (util_32bitValInRO(Arg1)) { + instrumentAddConstMemInternal(&Arg1, sizeof(Arg1)); + instrumentAddConstMemInternal(&bswp, sizeof(bswp)); + } + if (util_32bitValInRO(bswp)) { + instrumentAddConstMemInternal(&Arg1, sizeof(Arg1)); + instrumentAddConstMemInternal(&bswp, sizeof(bswp)); + } + } + if (Arg2 > 0xffff && Arg2 < 0xffff0000) { + uint32_t bswp = __builtin_bswap32(Arg2); + if (util_32bitValInRO(Arg2)) { + instrumentAddConstMemInternal(&Arg2, sizeof(Arg2)); + instrumentAddConstMemInternal(&bswp, sizeof(bswp)); + } + if (util_32bitValInRO(bswp)) { + instrumentAddConstMemInternal(&Arg2, sizeof(Arg2)); + instrumentAddConstMemInternal(&bswp, sizeof(bswp)); + } + } + } + hfuzz_trace_cmp4_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { + if (instrumentLimitEvery(511)) { + if (Arg1 > 0xffff && Arg1 < 0xffffffffffff0000) { + uint64_t bswp = __builtin_bswap64(Arg1); + if (util_64bitValInRO(Arg1)) { + instrumentAddConstMemInternal(&Arg1, sizeof(Arg1)); + instrumentAddConstMemInternal(&bswp, sizeof(bswp)); + } + if (util_64bitValInRO(bswp)) { + instrumentAddConstMemInternal(&Arg1, sizeof(Arg1)); + instrumentAddConstMemInternal(&bswp, sizeof(bswp)); + } + } + if (Arg2 > 0xffff && Arg2 < 0xffffffffffff0000) { + uint64_t bswp = __builtin_bswap64(Arg2); + if (util_64bitValInRO(Arg2)) { + instrumentAddConstMemInternal(&Arg2, sizeof(Arg2)); + instrumentAddConstMemInternal(&bswp, sizeof(bswp)); + } + if (util_64bitValInRO(bswp)) { + instrumentAddConstMemInternal(&Arg2, sizeof(Arg2)); + instrumentAddConstMemInternal(&bswp, sizeof(bswp)); + } + } + } + hfuzz_trace_cmp8_internal((uintptr_t)__builtin_return_address(0), Arg1, Arg2); } @@ -563,44 +652,6 @@ void instrumentClearNewCov() { covFeedback->pidFeedbackCmp[my_thread_no] = 0U; } -/* Used to limit certain expensive actions, like adding values to dictionaries */ -static inline bool instrumentLimitEvery(uint64_t step) { - static uint64_t staticCnt = 0; - if ((ATOMIC_POST_INC(staticCnt) % step) == 0) { - return true; - } - return false; -} - -static inline void instrumentAddConstMemInternal(const void* mem, size_t len) { - if (len == 0) { - return; - } - if (len > sizeof(cmpFeedback->valArr[0].val)) { - len = sizeof(cmpFeedback->valArr[0].val); - } - uint32_t curroff = ATOMIC_GET(cmpFeedback->cnt); - if (curroff >= ARRAYSIZE(cmpFeedback->valArr)) { - return; - } - - for (uint32_t i = 0; i < curroff; i++) { - if ((len == ATOMIC_GET(cmpFeedback->valArr[i].len)) && - _memcmp(cmpFeedback->valArr[i].val, mem, len) == 0) { - return; - } - } - - uint32_t newoff = ATOMIC_POST_INC(cmpFeedback->cnt); - if (newoff >= ARRAYSIZE(cmpFeedback->valArr)) { - ATOMIC_SET(cmpFeedback->cnt, ARRAYSIZE(cmpFeedback->valArr)); - return; - } - - memcpy(cmpFeedback->valArr[newoff].val, mem, len); - ATOMIC_SET(cmpFeedback->valArr[newoff].len, len); -} - void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { if (!cmpFeedback) { return; -- cgit v1.2.3 From 5a9a58569781ab48963a81b6dac967e0ffcdf6a1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 03:20:27 +0100 Subject: libhfcommon/util: look for known values in all loadable sections --- libhfcommon/util.c | 22 ++++++++++++---------- libhfcommon/util.h | 4 ++-- libhfuzz/instrument.c | 20 ++++++++++---------- 3 files changed, 24 insertions(+), 22 deletions(-) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index 601e114a..b12419ac 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -827,7 +827,7 @@ lhfc_addr_t util_getProgAddr(const void* addr) { return (lhfc_addr_t)dl_iterate_phdr(addrStatic_cb, (void*)addr); } -static int check32RO_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { +static int check32_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { uint32_t v = *(uint32_t*)data; for (size_t i = 0; i < info->dlpi_phnum; i++) { @@ -838,12 +838,13 @@ static int check32RO_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, v if (info->dlpi_phdr[i].p_type != PT_LOAD) { continue; } - if (info->dlpi_phdr[i].p_flags != PF_R) { + if (!(info->dlpi_phdr[i].p_flags & PF_R)) { continue; } uint32_t* start = (uint32_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr); uint32_t* end = - (uint32_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr + info->dlpi_phdr[i].p_memsz); + (uint32_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr + + HF_MIN(info->dlpi_phdr[i].p_memsz, info->dlpi_phdr[i].p_filesz)); /* Assume that the 32bit value looked for is also 32bit aligned */ for (; start < end; start++) { if (*start == v) { @@ -854,11 +855,11 @@ static int check32RO_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, v return 0; } -bool util_32bitValInRO(uint32_t v) { - return (dl_iterate_phdr(check32RO_cb, &v) == 1); +bool util_32bitValInBinary(uint32_t v) { + return (dl_iterate_phdr(check32_cb, &v) == 1); } -static int check64RO_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { +static int check64_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { uint64_t v = *(uint64_t*)data; for (size_t i = 0; i < info->dlpi_phnum; i++) { @@ -869,12 +870,13 @@ static int check64RO_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, v if (info->dlpi_phdr[i].p_type != PT_LOAD) { continue; } - if (info->dlpi_phdr[i].p_flags != PF_R) { + if (!(info->dlpi_phdr[i].p_flags & PF_R)) { continue; } uint64_t* start = (uint64_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr); uint64_t* end = - (uint64_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr + info->dlpi_phdr[i].p_memsz); + (uint64_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr + + HF_MIN(info->dlpi_phdr[i].p_memsz, info->dlpi_phdr[i].p_filesz)); /* Assume that the 64bit value looked for is also 64bit aligned */ for (; start < end; start++) { if (*start == v) { @@ -885,8 +887,8 @@ static int check64RO_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, v return 0; } -bool util_64bitValInRO(uint32_t v) { - return (dl_iterate_phdr(check64RO_cb, &v) == 1); +bool util_64bitValInBinary(uint32_t v) { + return (dl_iterate_phdr(check64_cb, &v) == 1); } #else /* !defined(_HF_ARCH_DARWIN) */ /* Darwin doesn't use ELF file format for binaries, so dl_iterate_phdr() cannot be used there */ diff --git a/libhfcommon/util.h b/libhfcommon/util.h index 4d09229b..fa0e150b 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -125,8 +125,8 @@ extern void util_turnToPrintable(uint8_t* buf, size_t sz); extern void util_closeStdio(bool close_stdin, bool close_stdout, bool close_stderr); extern lhfc_addr_t util_getProgAddr(const void* addr); -extern bool util_32bitValInRO(uint32_t v); -extern bool util_64bitValInRO(uint32_t v); +extern bool util_32bitValInBinary(uint32_t v); +extern bool util_64bitValInBinary(uint32_t v); extern uint64_t util_hash(const char* buf, size_t len); extern int64_t fastArray64Search(uint64_t* array, size_t arraySz, uint64_t key); diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 5aa87780..b194bfc7 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -282,25 +282,25 @@ void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { } void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { - if (instrumentLimitEvery(511)) { + if (instrumentLimitEvery(4095)) { if (Arg1 > 0xffff && Arg1 < 0xffff0000) { uint32_t bswp = __builtin_bswap32(Arg1); - if (util_32bitValInRO(Arg1)) { + if (util_32bitValInBinary(Arg1)) { instrumentAddConstMemInternal(&Arg1, sizeof(Arg1)); instrumentAddConstMemInternal(&bswp, sizeof(bswp)); } - if (util_32bitValInRO(bswp)) { + if (util_32bitValInBinary(bswp)) { instrumentAddConstMemInternal(&Arg1, sizeof(Arg1)); instrumentAddConstMemInternal(&bswp, sizeof(bswp)); } } if (Arg2 > 0xffff && Arg2 < 0xffff0000) { uint32_t bswp = __builtin_bswap32(Arg2); - if (util_32bitValInRO(Arg2)) { + if (util_32bitValInBinary(Arg2)) { instrumentAddConstMemInternal(&Arg2, sizeof(Arg2)); instrumentAddConstMemInternal(&bswp, sizeof(bswp)); } - if (util_32bitValInRO(bswp)) { + if (util_32bitValInBinary(bswp)) { instrumentAddConstMemInternal(&Arg2, sizeof(Arg2)); instrumentAddConstMemInternal(&bswp, sizeof(bswp)); } @@ -311,25 +311,25 @@ void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { } void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { - if (instrumentLimitEvery(511)) { + if (instrumentLimitEvery(4095)) { if (Arg1 > 0xffff && Arg1 < 0xffffffffffff0000) { uint64_t bswp = __builtin_bswap64(Arg1); - if (util_64bitValInRO(Arg1)) { + if (util_64bitValInBinary(Arg1)) { instrumentAddConstMemInternal(&Arg1, sizeof(Arg1)); instrumentAddConstMemInternal(&bswp, sizeof(bswp)); } - if (util_64bitValInRO(bswp)) { + if (util_64bitValInBinary(bswp)) { instrumentAddConstMemInternal(&Arg1, sizeof(Arg1)); instrumentAddConstMemInternal(&bswp, sizeof(bswp)); } } if (Arg2 > 0xffff && Arg2 < 0xffffffffffff0000) { uint64_t bswp = __builtin_bswap64(Arg2); - if (util_64bitValInRO(Arg2)) { + if (util_64bitValInBinary(Arg2)) { instrumentAddConstMemInternal(&Arg2, sizeof(Arg2)); instrumentAddConstMemInternal(&bswp, sizeof(bswp)); } - if (util_64bitValInRO(bswp)) { + if (util_64bitValInBinary(bswp)) { instrumentAddConstMemInternal(&Arg2, sizeof(Arg2)); instrumentAddConstMemInternal(&bswp, sizeof(bswp)); } -- cgit v1.2.3 From 745b8f6726d33e876afa055c73f99fd9ad878a31 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 03:32:31 +0100 Subject: libhfuzz/instrument: check for cmpFeedback existence before instrumenting cmp functions --- libhfuzz/instrument.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index b194bfc7..7c6d32c9 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -282,7 +282,7 @@ void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { } void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { - if (instrumentLimitEvery(4095)) { + if (cmpFeedback && instrumentLimitEvery(4095)) { if (Arg1 > 0xffff && Arg1 < 0xffff0000) { uint32_t bswp = __builtin_bswap32(Arg1); if (util_32bitValInBinary(Arg1)) { @@ -311,7 +311,7 @@ void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { } void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { - if (instrumentLimitEvery(4095)) { + if (cmpFeedback && instrumentLimitEvery(4095)) { if (Arg1 > 0xffff && Arg1 < 0xffffffffffff0000) { uint64_t bswp = __builtin_bswap64(Arg1); if (util_64bitValInBinary(Arg1)) { -- cgit v1.2.3 From 5470184385e9797db49be116691d1dd0424f9cff Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 13:20:57 +0100 Subject: libhfuzz/instruments: +comments --- libhfuzz/instrument.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 7c6d32c9..b1d3b08e 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -282,6 +282,7 @@ void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { } void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { + /* Add 4byte values to the const_dictionary if they exist within the binary */ if (cmpFeedback && instrumentLimitEvery(4095)) { if (Arg1 > 0xffff && Arg1 < 0xffff0000) { uint32_t bswp = __builtin_bswap32(Arg1); @@ -311,6 +312,7 @@ void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { } void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { + /* Add 8byte values to the const_dictionary if they exist within the binary */ if (cmpFeedback && instrumentLimitEvery(4095)) { if (Arg1 > 0xffff && Arg1 < 0xffffffffffff0000) { uint64_t bswp = __builtin_bswap64(Arg1); -- cgit v1.2.3 From dd31b84de1cc55a86348b2318026a0d683b03136 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 14:07:17 +0100 Subject: libhfuzz: use libc's memcmp for actual comparisons --- libhfuzz/instrument.c | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index b1d3b08e..2e817acc 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -1,6 +1,7 @@ #include "instrument.h" #include +#include #include #include #include @@ -44,6 +45,31 @@ cmpfeedback_t* cmpFeedback = NULL; uint32_t my_thread_no = 0; +extern int __wrap_memcmp(const void* s1, const void* s2, size_t n); +int (*libc_memcmp)(const void* s1, const void* s2, size_t n) = memcmp; + +static void* getsym(const char* sym) { +#if defined(RTLD_NEXT) + return dlsym(RTLD_NEXT, sym); +#else /* defined(RTLD_NEXT) */ + void* dlh = dlopen(NULL, RTLD_LAZY); + if (!dlh) { + return NULL; + } + return dlsym(dlh, sym); +#endif /* defined(RTLD_NEXT) */ +} + +static void initializeLibcFunctions(void) { + libc_memcmp = getsym("memcmp"); + if (!libc_memcmp) { + LOG_F("dlsym(memcmp) failed: %s", dlerror()); + } + if (libc_memcmp == __wrap_memcmp) { + LOG_F("libc_memcmp proxied to __wrap_memcmp"); + } +} + static void initializeCmpFeedback(void) { struct stat st; if (fstat(_HF_CMP_BITMAP_FD, &st) == -1) { @@ -116,6 +142,9 @@ static void initializeInstrument(void) { } initializeCmpFeedback(); + /* Initialize native functions found in libc */ + initializeLibcFunctions(); + /* Reset coverage counters to their initial state */ instrumentClearNewCov(); } @@ -150,15 +179,6 @@ static inline bool instrumentLimitEvery(uint64_t step) { return false; } -static inline int _memcmp(const uint8_t* m1, const uint8_t* m2, size_t n) { - for (size_t i = 0; i < n; i++) { - if (m1[i] != m2[i]) { - return ((int)m1[i] - (int)m2[i]); - } - } - return 0; -} - static inline void instrumentAddConstMemInternal(const void* mem, size_t len) { if (len == 0) { return; @@ -173,7 +193,7 @@ static inline void instrumentAddConstMemInternal(const void* mem, size_t len) { for (uint32_t i = 0; i < curroff; i++) { if ((len == ATOMIC_GET(cmpFeedback->valArr[i].len)) && - _memcmp(cmpFeedback->valArr[i].val, mem, len) == 0) { + libc_memcmp(cmpFeedback->valArr[i].val, mem, len) == 0) { return; } } -- cgit v1.2.3 From 35f68df88d7190b4fe6012c0c0f0fe5bf9a4c49d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 14:10:53 +0100 Subject: mangle: proper type for varLen --- mangle.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mangle.c b/mangle.c index 7293cb4d..a256adb7 100644 --- a/mangle.c +++ b/mangle.c @@ -566,7 +566,7 @@ static void mangle_RandomInsert(run_t* run, bool printable) { } static void mangle_AddSubWithRange( - run_t* run, size_t off, uint64_t varLen, uint64_t range, bool printable) { + run_t* run, size_t off, size_t varLen, uint64_t range, bool printable) { int64_t delta = (int64_t)util_rndGet(0, range * 2) - (int64_t)range; switch (varLen) { -- cgit v1.2.3 From 7bb6de3094b0e8d9dbb013150e17757d8d013542 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 14:11:33 +0100 Subject: mangle: don't return void --- mangle.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/mangle.c b/mangle.c index a256adb7..e351490d 100644 --- a/mangle.c +++ b/mangle.c @@ -186,7 +186,8 @@ static void mangle_ByteRepeatOverwrite(run_t* run, bool printable) { /* No space to repeat */ if (!maxSz) { - return mangle_BytesOverwrite(run, printable); + mangle_BytesOverwrite(run, printable); + return; } size_t len = util_rndGet(1, maxSz); @@ -200,7 +201,8 @@ static void mangle_ByteRepeatInsert(run_t* run, bool printable) { /* No space to repeat */ if (!maxSz) { - return mangle_BytesInsert(run, printable); + mangle_BytesInsert(run, printable); + return; } size_t len = util_rndGet(1, maxSz); @@ -721,7 +723,8 @@ static void mangle_SpliceOverwrite(run_t* run, bool printable) { const uint8_t* buf; size_t sz = input_getRandomInputAsBuf(run, &buf); if (!sz) { - return mangle_BytesOverwrite(run, printable); + mangle_BytesOverwrite(run, printable); + return; } size_t remoteOff = util_rndGet(0, sz - 1); @@ -734,7 +737,8 @@ static void mangle_SpliceInsert(run_t* run, bool printable) { const uint8_t* buf; size_t sz = input_getRandomInputAsBuf(run, &buf); if (!sz) { - return mangle_BytesInsert(run, printable); + mangle_BytesInsert(run, printable); + return; } size_t remoteOff = util_rndGet(0, sz - 1); -- cgit v1.2.3 From b6e3490f8e81aafd7439cc6bc01cfd7303cf64c3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 14:14:52 +0100 Subject: libhfuzz: proper casting of funcs --- libhfuzz/instrument.c | 4 ++-- mangle.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 2e817acc..5875ab4a 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -61,7 +61,7 @@ static void* getsym(const char* sym) { } static void initializeLibcFunctions(void) { - libc_memcmp = getsym("memcmp"); + libc_memcmp = (int (*)(const void* s1, const void* s2, size_t n))getsym("memcmp"); if (!libc_memcmp) { LOG_F("dlsym(memcmp) failed: %s", dlerror()); } @@ -532,7 +532,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start return; } - LOG_D("PC-Guard module initialization: %p-%p (count:%zu) at %" PRId64, start, stop, + LOG_D("PC-Guard module initialization: %p-%p (count:%tu) at %zu", start, stop, ((uintptr_t)stop - (uintptr_t)start) / sizeof(*start), instrumentReserveGuard(0)); for (uint32_t* x = start; x < stop; x++) { diff --git a/mangle.c b/mangle.c index e351490d..54a5d46f 100644 --- a/mangle.c +++ b/mangle.c @@ -187,7 +187,7 @@ static void mangle_ByteRepeatOverwrite(run_t* run, bool printable) { /* No space to repeat */ if (!maxSz) { mangle_BytesOverwrite(run, printable); - return; + return; } size_t len = util_rndGet(1, maxSz); @@ -202,7 +202,7 @@ static void mangle_ByteRepeatInsert(run_t* run, bool printable) { /* No space to repeat */ if (!maxSz) { mangle_BytesInsert(run, printable); - return; + return; } size_t len = util_rndGet(1, maxSz); @@ -724,7 +724,7 @@ static void mangle_SpliceOverwrite(run_t* run, bool printable) { size_t sz = input_getRandomInputAsBuf(run, &buf); if (!sz) { mangle_BytesOverwrite(run, printable); - return; + return; } size_t remoteOff = util_rndGet(0, sz - 1); @@ -738,7 +738,7 @@ static void mangle_SpliceInsert(run_t* run, bool printable) { size_t sz = input_getRandomInputAsBuf(run, &buf); if (!sz) { mangle_BytesInsert(run, printable); - return; + return; } size_t remoteOff = util_rndGet(0, sz - 1); -- cgit v1.2.3 From 6c54e9425e1edaaf39bef2f5d9431338dce46b77 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 14:18:33 +0100 Subject: libhfcommon/util: proper darvin version of funcs --- libhfcommon/util.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index b12419ac..8d7b71db 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -895,10 +895,10 @@ bool util_64bitValInBinary(uint32_t v) { lhfc_addr_t util_getProgAddr(const void* addr) { return LHFC_ADDR_NOTFOUND; } -bool util_32bitValInRO(uint32_t v) { +bool util_32bitValInBinary(uint32_t v) { return false; } -bool util_64bitValInRO(uint32_t v) { +bool util_64bitValInBinary(uint32_t v) { return false; } #endif /* !defined(_HF_ARCH_DARWIN) */ -- cgit v1.2.3 From d532b0e61fa34a46db9f5cf92a8c1351dd03f1b0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 14:21:02 +0100 Subject: libhfuzz/instrument: more dbg messaging --- libhfuzz/instrument.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 5875ab4a..91d60363 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -68,6 +68,7 @@ static void initializeLibcFunctions(void) { if (libc_memcmp == __wrap_memcmp) { LOG_F("libc_memcmp proxied to __wrap_memcmp"); } + LOG_D("libc_memcmp at %p", libc_memcmp); } static void initializeCmpFeedback(void) { -- cgit v1.2.3 From d2b796af4d775c3d07075db816481b99fb2dbdbd Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 15:11:05 +0100 Subject: libhfuzz/instrument: allow for all values found in loadable binaries --- libhfcommon/util.c | 3 +-- libhfuzz/instrument.c | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index 8d7b71db..bc1dd6a0 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -810,8 +810,7 @@ static int addrStatic_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, continue; } uintptr_t addr_start = info->dlpi_addr + info->dlpi_phdr[i].p_vaddr; - uintptr_t addr_end = - info->dlpi_addr + info->dlpi_phdr[i].p_vaddr + info->dlpi_phdr[i].p_memsz; + uintptr_t addr_end = addr_start + HF_MIN(info->dlpi_phdr[i].p_memsz, info->dlpi_phdr[i].p_filesz); if (((uintptr_t)data >= addr_start) && ((uintptr_t)data < addr_end)) { if ((info->dlpi_phdr[i].p_flags & PF_W) == 0) { return LHFC_ADDR_RO; diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 91d60363..9910009f 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -685,7 +685,7 @@ void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { if (!instrumentLimitEvery(127)) { return; } - if (check_if_ro && util_getProgAddr(mem) != LHFC_ADDR_RO) { + if (check_if_ro && util_getProgAddr(mem) == LHFC_ADDR_NOTFOUND) { return; } instrumentAddConstMemInternal(mem, len); @@ -698,7 +698,7 @@ void instrumentAddConstStr(const char* s) { if (!instrumentLimitEvery(127)) { return; } - if (util_getProgAddr(s) != LHFC_ADDR_RO) { + if (util_getProgAddr(s) == LHFC_ADDR_NOTFOUND) { return; } instrumentAddConstMemInternal(s, strlen(s)); @@ -714,7 +714,7 @@ void instrumentAddConstStrN(const char* s, size_t n) { if (!instrumentLimitEvery(127)) { return; } - if (util_getProgAddr(s) != LHFC_ADDR_RO) { + if (util_getProgAddr(s) == LHFC_ADDR_NOTFOUND) { return; } instrumentAddConstMemInternal(s, strnlen(s, n)); -- cgit v1.2.3 From 8c0808190bd10ae63b26853ca8ef29e5e17736fe Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 15:13:40 +0100 Subject: mangle: use direct mangle_Resize --- libhfcommon/util.c | 3 ++- mangle.c | 4 +--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index bc1dd6a0..54e2454d 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -810,7 +810,8 @@ static int addrStatic_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, continue; } uintptr_t addr_start = info->dlpi_addr + info->dlpi_phdr[i].p_vaddr; - uintptr_t addr_end = addr_start + HF_MIN(info->dlpi_phdr[i].p_memsz, info->dlpi_phdr[i].p_filesz); + uintptr_t addr_end = + addr_start + HF_MIN(info->dlpi_phdr[i].p_memsz, info->dlpi_phdr[i].p_filesz); if (((uintptr_t)data >= addr_start) && ((uintptr_t)data < addr_end)) { if ((info->dlpi_phdr[i].p_flags & PF_W) == 0) { return LHFC_ADDR_RO; diff --git a/mangle.c b/mangle.c index 54a5d46f..21fd7825 100644 --- a/mangle.c +++ b/mangle.c @@ -825,9 +825,7 @@ void mangle_mangleContent(run_t* run) { return; } - if (run->dynamicFileSz == 0) { - mangle_Resize(run, /* printable= */ run->global->cfg.only_printable); - } + mangle_Resize(run, /* printable= */ run->global->cfg.only_printable); /* Max number of stacked changes is, by default, 6 */ uint64_t changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); -- cgit v1.2.3 From 4c8fe93726fa3ea19daf4cf01e05ae309db1791b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 16:32:14 +0100 Subject: libhfuzz/instrument: faster check for util_XXbitValInBinary() --- libhfuzz/instrument.c | 24 ++++-------------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 9910009f..1ab6fee8 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -307,22 +307,14 @@ void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { if (cmpFeedback && instrumentLimitEvery(4095)) { if (Arg1 > 0xffff && Arg1 < 0xffff0000) { uint32_t bswp = __builtin_bswap32(Arg1); - if (util_32bitValInBinary(Arg1)) { - instrumentAddConstMemInternal(&Arg1, sizeof(Arg1)); - instrumentAddConstMemInternal(&bswp, sizeof(bswp)); - } - if (util_32bitValInBinary(bswp)) { + if (util_32bitValInBinary(Arg1) || util_32bitValInBinary(bswp)) { instrumentAddConstMemInternal(&Arg1, sizeof(Arg1)); instrumentAddConstMemInternal(&bswp, sizeof(bswp)); } } if (Arg2 > 0xffff && Arg2 < 0xffff0000) { uint32_t bswp = __builtin_bswap32(Arg2); - if (util_32bitValInBinary(Arg2)) { - instrumentAddConstMemInternal(&Arg2, sizeof(Arg2)); - instrumentAddConstMemInternal(&bswp, sizeof(bswp)); - } - if (util_32bitValInBinary(bswp)) { + if (util_32bitValInBinary(Arg2) || util_32bitValInBinary(bswp)) { instrumentAddConstMemInternal(&Arg2, sizeof(Arg2)); instrumentAddConstMemInternal(&bswp, sizeof(bswp)); } @@ -337,22 +329,14 @@ void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { if (cmpFeedback && instrumentLimitEvery(4095)) { if (Arg1 > 0xffff && Arg1 < 0xffffffffffff0000) { uint64_t bswp = __builtin_bswap64(Arg1); - if (util_64bitValInBinary(Arg1)) { - instrumentAddConstMemInternal(&Arg1, sizeof(Arg1)); - instrumentAddConstMemInternal(&bswp, sizeof(bswp)); - } - if (util_64bitValInBinary(bswp)) { + if (util_64bitValInBinary(Arg1) || util_64bitValInBinary(bswp)) { instrumentAddConstMemInternal(&Arg1, sizeof(Arg1)); instrumentAddConstMemInternal(&bswp, sizeof(bswp)); } } if (Arg2 > 0xffff && Arg2 < 0xffffffffffff0000) { uint64_t bswp = __builtin_bswap64(Arg2); - if (util_64bitValInBinary(Arg2)) { - instrumentAddConstMemInternal(&Arg2, sizeof(Arg2)); - instrumentAddConstMemInternal(&bswp, sizeof(bswp)); - } - if (util_64bitValInBinary(bswp)) { + if (util_64bitValInBinary(Arg2) || util_64bitValInBinary(bswp)) { instrumentAddConstMemInternal(&Arg2, sizeof(Arg2)); instrumentAddConstMemInternal(&bswp, sizeof(bswp)); } -- cgit v1.2.3 From 5a40d002370fdb26aeb2156bd062bae697ce925f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 17:22:57 +0100 Subject: libhfuzz: avoid bus locking in instrumentLimitEvery() --- libhfuzz/instrument.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 1ab6fee8..d52bb612 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -173,8 +173,8 @@ __attribute__((weak)) size_t instrumentReserveGuard(size_t cnt) { /* Used to limit certain expensive actions, like adding values to dictionaries */ static inline bool instrumentLimitEvery(uint64_t step) { - static uint64_t staticCnt = 0; - if ((ATOMIC_POST_INC(staticCnt) % step) == 0) { + static __thread uint64_t staticCnt = 0; + if (((staticCnt++) % step) == 0) { return true; } return false; -- cgit v1.2.3 From a1feff309a813a4878cd466dd7518372a6b64eae Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 23 Mar 2020 23:33:15 +0100 Subject: subproc: set nice(1) for fuzzed processes --- linux/arch.c | 2 +- subproc.c | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/linux/arch.c b/linux/arch.c index d4a949c8..f0ba38f7 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -253,7 +253,7 @@ void arch_reapChild(run_t* run) { PLOG_F("sigwaitinfo(SIGIO|SIGCHLD)"); } - if (arch_checkWait(run)) { + if (sig != SIGIO && arch_checkWait(run)) { run->pid = 0; break; } diff --git a/subproc.c b/subproc.c index b83f5fe8..da08a166 100644 --- a/subproc.c +++ b/subproc.c @@ -260,6 +260,13 @@ static bool subproc_PrepareExecv(run_t* run) { } #endif /* ifdef RLIMIT_STACK */ + /* Increase nice-ness by one */ + errno = 0; + int pval = nice(1); + if (errno != 0 && pval != 19) { + PLOG_W("nice(1) failed, prev:%d", pval); + } + if (run->global->exe.clearEnv) { environ = NULL; } -- cgit v1.2.3 From 341ff27f05390e41c92dde1d90bd0a2e113e361c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 24 Mar 2020 01:07:41 +0100 Subject: cmdline: clean-up initial LOG_I --- cmdline.c | 10 ---------- honggfuzz.c | 13 +++++++++++++ 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/cmdline.c b/cmdline.c index 5b8dcc92..afa8ac5a 100644 --- a/cmdline.c +++ b/cmdline.c @@ -88,10 +88,6 @@ static bool cmdlineCheckBinaryType(honggfuzz_t* hfuzz) { return true; } -static const char* cmdlineYesNo(bool yes) { - return (yes ? "true" : "false"); -} - static void cmdlineHelp(const char* pname, struct custom_option* opts) { LOG_HELP_BOLD("Usage: %s [options] -- path_to_command [args]", pname); LOG_HELP_BOLD("Options:"); @@ -761,11 +757,5 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { display_createTargetStr(hfuzz); - LOG_I("cmdline:'%s', bin:'%s' inputDir:'%s', fuzzStdin:%s, mutationsPerRun:%u, " - "timeout:%ld, mutationsMax:%zu, threadsMax:%zu", - hfuzz->display.cmdline_txt, hfuzz->exe.cmdline[0], hfuzz->io.inputDir, - cmdlineYesNo(hfuzz->exe.fuzzStdin), hfuzz->mutate.mutationsPerRun, - (long)hfuzz->timing.tmOut, hfuzz->mutate.mutationsMax, hfuzz->threads.threadsMax); - return true; } diff --git a/honggfuzz.c b/honggfuzz.c index 1485c785..8d0a1a73 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -295,6 +295,10 @@ static void mainThreadLoop(honggfuzz_t* hfuzz) { } } +static const char* strYesNo(bool yes) { + return (yes ? "true" : "false"); +} + int main(int argc, char** argv) { /* * Work around CygWin/MinGW @@ -324,6 +328,15 @@ int main(int argc, char** argv) { hfuzz.threads.threadsMax = 1; } + char tmstr[64]; + util_getLocalTime("%F.%H.%M.%S", tmstr, sizeof(tmstr), time(NULL)); + LOG_I("Start time:'%s' bin:'%s', input:'%s', output:'%s', persistent:%s, stdin:%s, " + "mutation_rate:%u, timeout:%ld, max_runs:%zu, threads:%zu, minimize:%s", + tmstr, hfuzz.exe.cmdline[0], hfuzz.io.inputDir, + hfuzz.io.outputDir ? hfuzz.io.outputDir : hfuzz.io.inputDir, strYesNo(hfuzz.exe.persistent), + strYesNo(hfuzz.exe.fuzzStdin), hfuzz.mutate.mutationsPerRun, (long)hfuzz.timing.tmOut, + hfuzz.mutate.mutationsMax, hfuzz.threads.threadsMax, strYesNo(hfuzz.cfg.minimize)); + sigemptyset(&hfuzz.exe.waitSigSet); sigaddset(&hfuzz.exe.waitSigSet, SIGIO); /* Persistent socket data */ sigaddset(&hfuzz.exe.waitSigSet, SIGCHLD); /* Ping from the signal thread */ -- cgit v1.2.3 From 6173d2893b79ff55b760e90325cd18e0cd47582f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 24 Mar 2020 02:44:56 +0100 Subject: mangle: inline local functions --- mangle.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mangle.c b/mangle.c index 21fd7825..56c6f4f9 100644 --- a/mangle.c +++ b/mangle.c @@ -490,7 +490,7 @@ static void mangle_DictionaryInsert(run_t* run, bool printable) { run->global->mutate.dictionary[choice].len, printable); } -static const uint8_t* mangle_FeedbackDict(run_t* run, size_t* len) { +static inline const uint8_t* mangle_FeedbackDict(run_t* run, size_t* len) { if (!run->global->feedback.cmpFeedback) { return NULL; } @@ -532,7 +532,7 @@ static void mangle_ConstFeedbackOverwrite(run_t* run, bool printable) { mangle_Overwrite(run, off, val, len, printable); } -static void mangle_MemSetWithVal(run_t* run, int val) { +static inline void mangle_MemSetWithVal(run_t* run, int val) { size_t off = mangle_getOffSet(run); size_t sz = util_rndGet(1, run->dynamicFileSz - off); @@ -567,7 +567,7 @@ static void mangle_RandomInsert(run_t* run, bool printable) { } } -static void mangle_AddSubWithRange( +static inline void mangle_AddSubWithRange( run_t* run, size_t off, size_t varLen, uint64_t range, bool printable) { int64_t delta = (int64_t)util_rndGet(0, range * 2) - (int64_t)range; -- cgit v1.2.3 From 0de0d743b35669e4212b229759457278201dce9d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 24 Mar 2020 10:41:21 +0100 Subject: subproc: don't change nice-ness, until all effects are understood --- subproc.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/subproc.c b/subproc.c index da08a166..b83f5fe8 100644 --- a/subproc.c +++ b/subproc.c @@ -260,13 +260,6 @@ static bool subproc_PrepareExecv(run_t* run) { } #endif /* ifdef RLIMIT_STACK */ - /* Increase nice-ness by one */ - errno = 0; - int pval = nice(1); - if (errno != 0 && pval != 19) { - PLOG_W("nice(1) failed, prev:%d", pval); - } - if (run->global->exe.clearEnv) { environ = NULL; } -- cgit v1.2.3 From 2310ab5f6954cbe4ebaca25ca0a52c72bd4103c5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 24 Mar 2020 15:08:16 +0100 Subject: honggfuzz: print git commit id during startup --- honggfuzz.c | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/honggfuzz.c b/honggfuzz.c index 8d0a1a73..188fb175 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -299,6 +299,36 @@ static const char* strYesNo(bool yes) { return (yes ? "true" : "false"); } +#if defined __has_include && __has_include(".git/refs/heads/master") +__asm__("\n" + " .global commitid_start\n" + " .global commitid_end\n" + "commitid_start:\n" + " .incbin \".git/refs/heads/master\"\n" + "commitid_end:\n" + "\n"); +#endif /* defined __has_include && __has_include() */ + +static const char* getGitVersion() { +#define HF_GIT_COMMIT_ID_LEN 40 + static char version[HF_GIT_COMMIT_ID_LEN + 1] = "UNKNOWN"; + + extern char commitid_start __asm__("commitid_start") __attribute__((weak)); + extern char commitid_end __asm__("commitid_end") __attribute__((weak)); + + if (&commitid_start == NULL || &commitid_end == NULL) { + return version; + } + size_t len = (uintptr_t)&commitid_end - (uintptr_t)&commitid_start; + if (len < HF_GIT_COMMIT_ID_LEN || len > (HF_GIT_COMMIT_ID_LEN + 1)) { + LOG_W( + "Incorrect .git/refs/heads/master size: %zu (expected: %d)", len, HF_GIT_COMMIT_ID_LEN); + return version; + } + strncpy(version, &commitid_start, HF_GIT_COMMIT_ID_LEN); + return version; +} + int main(int argc, char** argv) { /* * Work around CygWin/MinGW @@ -331,11 +361,12 @@ int main(int argc, char** argv) { char tmstr[64]; util_getLocalTime("%F.%H.%M.%S", tmstr, sizeof(tmstr), time(NULL)); LOG_I("Start time:'%s' bin:'%s', input:'%s', output:'%s', persistent:%s, stdin:%s, " - "mutation_rate:%u, timeout:%ld, max_runs:%zu, threads:%zu, minimize:%s", + "mutation_rate:%u, timeout:%ld, max_runs:%zu, threads:%zu, minimize:%s git_commit:%s", tmstr, hfuzz.exe.cmdline[0], hfuzz.io.inputDir, hfuzz.io.outputDir ? hfuzz.io.outputDir : hfuzz.io.inputDir, strYesNo(hfuzz.exe.persistent), strYesNo(hfuzz.exe.fuzzStdin), hfuzz.mutate.mutationsPerRun, (long)hfuzz.timing.tmOut, - hfuzz.mutate.mutationsMax, hfuzz.threads.threadsMax, strYesNo(hfuzz.cfg.minimize)); + hfuzz.mutate.mutationsMax, hfuzz.threads.threadsMax, strYesNo(hfuzz.cfg.minimize), + getGitVersion()); sigemptyset(&hfuzz.exe.waitSigSet); sigaddset(&hfuzz.exe.waitSigSet, SIGIO); /* Persistent socket data */ -- cgit v1.2.3 From ad696d46297136f00e7b6d205c99717aebcb6420 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 24 Mar 2020 15:28:40 +0100 Subject: hongguzz.c: missing comma --- honggfuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/honggfuzz.c b/honggfuzz.c index 188fb175..d7fd5999 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -361,7 +361,7 @@ int main(int argc, char** argv) { char tmstr[64]; util_getLocalTime("%F.%H.%M.%S", tmstr, sizeof(tmstr), time(NULL)); LOG_I("Start time:'%s' bin:'%s', input:'%s', output:'%s', persistent:%s, stdin:%s, " - "mutation_rate:%u, timeout:%ld, max_runs:%zu, threads:%zu, minimize:%s git_commit:%s", + "mutation_rate:%u, timeout:%ld, max_runs:%zu, threads:%zu, minimize:%s, git_commit:%s", tmstr, hfuzz.exe.cmdline[0], hfuzz.io.inputDir, hfuzz.io.outputDir ? hfuzz.io.outputDir : hfuzz.io.inputDir, strYesNo(hfuzz.exe.persistent), strYesNo(hfuzz.exe.fuzzStdin), hfuzz.mutate.mutationsPerRun, (long)hfuzz.timing.tmOut, -- cgit v1.2.3 From 67654b1144b37776c80bd9a4f4e86426368ef571 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 24 Mar 2020 17:58:22 +0100 Subject: mangle: use random function with quadratic distribution for offset/lengths (preferring smaller values) --- mangle.c | 79 +++++++++++++++++++++++++++++++--------------------------------- 1 file changed, 38 insertions(+), 41 deletions(-) diff --git a/mangle.c b/mangle.c index 56c6f4f9..ace28093 100644 --- a/mangle.c +++ b/mangle.c @@ -39,39 +39,36 @@ #include "libhfcommon/log.h" #include "libhfcommon/util.h" -/* Spend at least 3/4 of time on modifying the first 8kB of input */ -static inline size_t mangle_getOffSet(run_t* run) { - switch (util_rnd64() % 10) { - case 0: - if (run->dynamicFileSz <= 16) { - break; - } - return util_rndGet(0, 16); - case 1: - if (run->dynamicFileSz <= 64) { - break; - } - return util_rndGet(0, 64); - case 2: - if (run->dynamicFileSz <= 256) { - break; - } - return util_rndGet(0, 256); - case 3: - if (run->dynamicFileSz <= 1024) { - break; - } - return util_rndGet(0, 1024); - case 4: - if (run->dynamicFileSz <= 8192) { - break; - } - return util_rndGet(0, 8192); - default: - break; +/* Get a random value between <1:max> with x^2 distribution */ +static inline size_t mangle_getLen(size_t max) { + if (max > _HF_INPUT_MAX_SIZE) { + LOG_F("max (%zu) > _HF_INPUT_MAX_SIZE (%zu)", max, (size_t)_HF_INPUT_MAX_SIZE); + } + if (max == 1) { + return 1; + } + + const uint64_t max2 = (uint64_t)max * max; + const uint64_t max3 = (uint64_t)max * max * max; + const uint64_t rnd = util_rndGet(1, max2 - 1); + + uint64_t ret = rnd * rnd; + ret /= max3; + ret += 1; + + if (ret < 1) { + LOG_F("ret (%" PRIu64 ") < 1, max:%zu, rnd:%" PRIu64, ret, max, rnd); + } + if (ret > max) { + LOG_F("ret (%" PRIu64 ") > max (%zu), rnd:%" PRIu64, ret, max, rnd); } - return util_rndGet(0, run->dynamicFileSz - 1); + return (size_t)ret; +} + +/* Prefer smaller values here, so use mangle_getLen() */ +static inline size_t mangle_getOffSet(run_t* run) { + return mangle_getLen(run->dynamicFileSz) - 1; } static inline void mangle_Move(run_t* run, size_t off_from, size_t off_to, size_t len) { @@ -137,7 +134,7 @@ static inline void mangle_Insert( static void mangle_MemCopyOverwrite(run_t* run, bool printable HF_ATTR_UNUSED) { size_t off_from = mangle_getOffSet(run); size_t off_to = mangle_getOffSet(run); - size_t len = util_rndGet(1, run->dynamicFileSz - off_from); + size_t len = mangle_getLen(run->dynamicFileSz - off_from); mangle_Overwrite(run, off_to, &run->dynamicFile[off_from], len, printable); } @@ -145,7 +142,7 @@ static void mangle_MemCopyOverwrite(run_t* run, bool printable HF_ATTR_UNUSED) { static void mangle_MemCopyInsert(run_t* run, bool printable) { size_t off_to = mangle_getOffSet(run); size_t off_from = mangle_getOffSet(run); - size_t len = util_rndGet(1, run->dynamicFileSz - off_from); + size_t len = mangle_getLen(run->dynamicFileSz - off_from); mangle_Insert(run, off_to, &run->dynamicFile[off_from], len, printable); } @@ -190,7 +187,7 @@ static void mangle_ByteRepeatOverwrite(run_t* run, bool printable) { return; } - size_t len = util_rndGet(1, maxSz); + size_t len = mangle_getLen(maxSz); memset(&run->dynamicFile[destOff], run->dynamicFile[off], len); } @@ -205,7 +202,7 @@ static void mangle_ByteRepeatInsert(run_t* run, bool printable) { return; } - size_t len = util_rndGet(1, maxSz); + size_t len = mangle_getLen(maxSz); len = mangle_Inflate(run, destOff, len, printable); memset(&run->dynamicFile[destOff], run->dynamicFile[off], len); } @@ -534,9 +531,9 @@ static void mangle_ConstFeedbackOverwrite(run_t* run, bool printable) { static inline void mangle_MemSetWithVal(run_t* run, int val) { size_t off = mangle_getOffSet(run); - size_t sz = util_rndGet(1, run->dynamicFileSz - off); + size_t len = mangle_getLen(run->dynamicFileSz - off); - memset(&run->dynamicFile[off], val, sz); + memset(&run->dynamicFile[off], val, len); } static void mangle_MemSet(run_t* run, bool printable) { @@ -546,7 +543,7 @@ static void mangle_MemSet(run_t* run, bool printable) { static void mangle_RandomOverwrite(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - size_t len = util_rndGet(1, run->dynamicFileSz - off); + size_t len = mangle_getLen(run->dynamicFileSz - off); if (printable) { util_rndBufPrintable(&run->dynamicFile[off], len); } else { @@ -556,7 +553,7 @@ static void mangle_RandomOverwrite(run_t* run, bool printable) { static void mangle_RandomInsert(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - size_t len = util_rndGet(1, run->dynamicFileSz - off); + size_t len = mangle_getLen(run->dynamicFileSz - off); len = mangle_Inflate(run, off, len, printable); @@ -683,7 +680,7 @@ static void mangle_NegByte(run_t* run, bool printable) { static void mangle_Expand(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - size_t len = util_rndGet(1, run->dynamicFileSz - off); + size_t len = mangle_getLen(run->dynamicFileSz - off); mangle_Inflate(run, off, len, printable); } @@ -742,7 +739,7 @@ static void mangle_SpliceInsert(run_t* run, bool printable) { } size_t remoteOff = util_rndGet(0, sz - 1); - size_t remoteLen = util_rndGet(1, sz - remoteOff); + size_t remoteLen = mangle_getLen(sz - remoteOff); size_t off = mangle_getOffSet(run); mangle_Insert(run, off, &buf[remoteOff], remoteLen, printable); } -- cgit v1.2.3 From 84db5f6af223b60e16227c4ea0499e13030148a0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 24 Mar 2020 18:03:16 +0100 Subject: getGitVersion using \$Id\$ --- .gitattributes | 1 + honggfuzz.c | 31 +++++-------------------------- 2 files changed, 6 insertions(+), 26 deletions(-) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000..44aea7fa --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +honggfuzz.c ident diff --git a/honggfuzz.c b/honggfuzz.c index d7fd5999..4ac2ac5f 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -299,34 +299,13 @@ static const char* strYesNo(bool yes) { return (yes ? "true" : "false"); } -#if defined __has_include && __has_include(".git/refs/heads/master") -__asm__("\n" - " .global commitid_start\n" - " .global commitid_end\n" - "commitid_start:\n" - " .incbin \".git/refs/heads/master\"\n" - "commitid_end:\n" - "\n"); -#endif /* defined __has_include && __has_include() */ - static const char* getGitVersion() { -#define HF_GIT_COMMIT_ID_LEN 40 - static char version[HF_GIT_COMMIT_ID_LEN + 1] = "UNKNOWN"; - - extern char commitid_start __asm__("commitid_start") __attribute__((weak)); - extern char commitid_end __asm__("commitid_end") __attribute__((weak)); - - if (&commitid_start == NULL || &commitid_end == NULL) { - return version; - } - size_t len = (uintptr_t)&commitid_end - (uintptr_t)&commitid_start; - if (len < HF_GIT_COMMIT_ID_LEN || len > (HF_GIT_COMMIT_ID_LEN + 1)) { - LOG_W( - "Incorrect .git/refs/heads/master size: %zu (expected: %d)", len, HF_GIT_COMMIT_ID_LEN); - return version; + static char version[] = "$Id$"; + if (strlen(version) == 47) { + version[45] = '\0'; + return &version[5]; } - strncpy(version, &commitid_start, HF_GIT_COMMIT_ID_LEN); - return version; + return "UNKNOWN"; } int main(int argc, char** argv) { -- cgit v1.2.3 From aa72ab957df39e2db5f61121793821d1323b12d2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 02:46:44 +0100 Subject: libhfuzz: move 8bit bitmap clearing code to HonggfuzzRunOneInput() --- libhfuzz/instrument.c | 1 - libhfuzz/persistent.c | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index d52bb612..b6ec3bc2 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -578,7 +578,6 @@ void instrument8BitCountersCount(void) { if (!v) { continue; } - hf8bitcounters[i].start[j] = 0; /* Map number of visits to an edge into buckets */ static uint8_t const scaleMap[256] = { diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c index c9891456..370741a1 100644 --- a/libhfuzz/persistent.c +++ b/libhfuzz/persistent.c @@ -59,16 +59,16 @@ void HF_ITER(const uint8_t** buf_ptr, size_t* len_ptr) { extern const char* const LIBHFUZZ_module_memorycmp; extern const char* const LIBHFUZZ_module_instrument; static void HonggfuzzRunOneInput(const uint8_t* buf, size_t len) { + instrument8BitCountersClear(); int ret = LLVMFuzzerTestOneInput(buf, len); - instrument8BitCountersCount(); if (ret != 0) { LOG_D("Dereferenced: %s, %s", LIBHFUZZ_module_memorycmp, LIBHFUZZ_module_instrument); LOG_F("LLVMFuzzerTestOneInput() returned '%d' instead of '0'", ret); } + instrument8BitCountersCount(); } static void HonggfuzzPersistentLoop(void) { - instrument8BitCountersClear(); for (;;) { size_t len; const uint8_t* buf; -- cgit v1.2.3 From 3abbd085b57ba3c185f822bdb1560d1293a783c0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 03:00:08 +0100 Subject: libhfuzz: add memory barriers --- libhfuzz/instrument.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index b6ec3bc2..44341595 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -167,6 +167,7 @@ __attribute__((weak)) size_t instrumentReserveGuard(size_t cnt) { } if (ATOMIC_GET(covFeedback->guardNb) < guardCnt) { ATOMIC_SET(covFeedback->guardNb, guardCnt); + wmb(); } return base; } @@ -207,6 +208,7 @@ static inline void instrumentAddConstMemInternal(const void* mem, size_t len) { memcpy(cmpFeedback->valArr[newoff].val, mem, len); ATOMIC_SET(cmpFeedback->valArr[newoff].len, len); + wmb(); } /* @@ -218,6 +220,7 @@ HF_REQUIRE_SSE42_POPCNT void __cyg_profile_func_enter(void* func, void* caller) register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); + wmb(); } } @@ -235,6 +238,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_pc_internal(uintptr_t pc) register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, ret); if (!prev) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); + wmb(); } } @@ -257,6 +261,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp1_internal( if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); } } @@ -268,6 +273,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp2_internal( if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); } } @@ -279,6 +285,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp4_internal( if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); } } @@ -290,6 +297,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp8_internal( if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); } } @@ -430,6 +438,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); } } } @@ -455,6 +464,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div8(uint64_t Val) { if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); } } @@ -465,6 +475,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div4(uint32_t Val) { if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); } } @@ -479,6 +490,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_indir(uintptr_t callee) { register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); + wmb(); } } @@ -495,6 +507,7 @@ __attribute__((weak)) HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_indir_call16( register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); + wmb(); } } @@ -524,6 +537,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start uint32_t guardNo = instrumentReserveGuard(1); /* If the corresponding PC was already hit, map this specific guard as uninteresting (0) */ *x = ATOMIC_GET(covFeedback->pcGuardMap[guardNo]) ? 0U : guardNo; + wmb(); } } @@ -560,6 +574,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { bool prev = ATOMIC_XCHG(covFeedback->pcGuardMap[*guard], true); if (prev == false) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackEdge[my_thread_no]); + wmb(); } } } @@ -572,6 +587,8 @@ static struct { } hf8bitcounters[256] = {}; void instrument8BitCountersCount(void) { + rmb(); + for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters) && hf8bitcounters[i].start; i++) { for (size_t j = 0; j < hf8bitcounters[i].cnt; j++) { const uint8_t v = hf8bitcounters[i].start[j]; @@ -598,18 +615,20 @@ void instrument8BitCountersCount(void) { const uint8_t prev = ATOMIC_POST_OR(covFeedback->pcGuardMap[guard], new); if (!prev) { ATOMIC_PRE_INC(covFeedback->pidFeedbackEdge[my_thread_no]); - } else if (new > prev) { + } else if (prev < new) { ATOMIC_PRE_INC(covFeedback->pidFeedbackCmp[my_thread_no]); } } + wmb(); } } } void instrument8BitCountersClear(void) { for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters) && hf8bitcounters[i].start; i++) { - __builtin_memset(hf8bitcounters[i].start, '\0', hf8bitcounters[i].cnt); + memset(hf8bitcounters[i].start, '\0', hf8bitcounters[i].cnt); } + wmb(); } void __sanitizer_cov_8bit_counters_init(char* start, char* end) { -- cgit v1.2.3 From f23dbfe1899bcc160055a42e747b993135e90acd Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 03:00:08 +0100 Subject: libhfuzz: add memory barriers --- libhfuzz/instrument.c | 23 +++++++++++++++++++++-- mangle.c | 7 +++++-- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index b6ec3bc2..44341595 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -167,6 +167,7 @@ __attribute__((weak)) size_t instrumentReserveGuard(size_t cnt) { } if (ATOMIC_GET(covFeedback->guardNb) < guardCnt) { ATOMIC_SET(covFeedback->guardNb, guardCnt); + wmb(); } return base; } @@ -207,6 +208,7 @@ static inline void instrumentAddConstMemInternal(const void* mem, size_t len) { memcpy(cmpFeedback->valArr[newoff].val, mem, len); ATOMIC_SET(cmpFeedback->valArr[newoff].len, len); + wmb(); } /* @@ -218,6 +220,7 @@ HF_REQUIRE_SSE42_POPCNT void __cyg_profile_func_enter(void* func, void* caller) register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); + wmb(); } } @@ -235,6 +238,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_pc_internal(uintptr_t pc) register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, ret); if (!prev) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); + wmb(); } } @@ -257,6 +261,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp1_internal( if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); } } @@ -268,6 +273,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp2_internal( if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); } } @@ -279,6 +285,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp4_internal( if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); } } @@ -290,6 +297,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp8_internal( if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); } } @@ -430,6 +438,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); } } } @@ -455,6 +464,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div8(uint64_t Val) { if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); } } @@ -465,6 +475,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div4(uint32_t Val) { if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); } } @@ -479,6 +490,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_indir(uintptr_t callee) { register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); + wmb(); } } @@ -495,6 +507,7 @@ __attribute__((weak)) HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_indir_call16( register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); + wmb(); } } @@ -524,6 +537,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start uint32_t guardNo = instrumentReserveGuard(1); /* If the corresponding PC was already hit, map this specific guard as uninteresting (0) */ *x = ATOMIC_GET(covFeedback->pcGuardMap[guardNo]) ? 0U : guardNo; + wmb(); } } @@ -560,6 +574,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { bool prev = ATOMIC_XCHG(covFeedback->pcGuardMap[*guard], true); if (prev == false) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackEdge[my_thread_no]); + wmb(); } } } @@ -572,6 +587,8 @@ static struct { } hf8bitcounters[256] = {}; void instrument8BitCountersCount(void) { + rmb(); + for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters) && hf8bitcounters[i].start; i++) { for (size_t j = 0; j < hf8bitcounters[i].cnt; j++) { const uint8_t v = hf8bitcounters[i].start[j]; @@ -598,18 +615,20 @@ void instrument8BitCountersCount(void) { const uint8_t prev = ATOMIC_POST_OR(covFeedback->pcGuardMap[guard], new); if (!prev) { ATOMIC_PRE_INC(covFeedback->pidFeedbackEdge[my_thread_no]); - } else if (new > prev) { + } else if (prev < new) { ATOMIC_PRE_INC(covFeedback->pidFeedbackCmp[my_thread_no]); } } + wmb(); } } } void instrument8BitCountersClear(void) { for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters) && hf8bitcounters[i].start; i++) { - __builtin_memset(hf8bitcounters[i].start, '\0', hf8bitcounters[i].cnt); + memset(hf8bitcounters[i].start, '\0', hf8bitcounters[i].cnt); } + wmb(); } void __sanitizer_cov_8bit_counters_init(char* start, char* end) { diff --git a/mangle.c b/mangle.c index ace28093..d38c0d03 100644 --- a/mangle.c +++ b/mangle.c @@ -822,12 +822,15 @@ void mangle_mangleContent(run_t* run) { return; } - mangle_Resize(run, /* printable= */ run->global->cfg.only_printable); - + if (run->dynamicFileSz == 0U) { + mangle_Resize(run, /* printable= */ run->global->cfg.only_printable); + } /* Max number of stacked changes is, by default, 6 */ uint64_t changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); for (uint64_t x = 0; x < changesCnt; x++) { uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleFuncs) - 1); mangleFuncs[choice](run, /* printable= */ run->global->cfg.only_printable); } + + wmb(); } -- cgit v1.2.3 From 7c4292a2f579f41bd57d734c77e0597a874f7a3a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 03:10:46 +0100 Subject: input: remove the tested * - * Copyright 2010-2018 by Google Inc. All Rights Reserved. + * Copyright 2010-2020 by Google Inc. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. You may obtain @@ -373,7 +372,6 @@ void input_addDynamicInput( dynfile->cov[i] = cov[i]; } dynfile->size = len; - dynfile->tested = 0; dynfile->timeAddedMillis = util_timeNowMillis(); memcpy(dynfile->data, data, len); snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); @@ -428,31 +426,6 @@ void input_addDynamicInput( } } -/* Number of tests taken, based on how 'fresh' the input is */ -static size_t input_numTests(run_t* run, struct dynfile_t* dynfile) { - size_t total = run->global->io.dynfileqCnt; - if (dynfile->idx > total) { - LOG_F("idx (%zu) > total (%zu)", dynfile->idx, total); - } - if (dynfile->idx == 0 || (total - dynfile->idx) > 5) { - return 1; - } - /* If the sample is older than 10 seconds, don't bump its testing ratio */ - if ((run->timeStartedMillis - dynfile->timeAddedMillis) > (1000 * 10)) { - return 1; - } - - static size_t const scaleMap[] = { - [0] = 128, - [1] = 32, - [2] = 8, - [3] = 4, - [4] = 2, - [5] = 1, - }; - return scaleMap[total - dynfile->idx]; -} - bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { struct dynfile_t* current = NULL; @@ -468,21 +441,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { } current = run->global->io.dynfileqCurrent; - - /* Number of tests per input depends on the 'idx' of the input */ - size_t testCnt = input_numTests(run, current); - current->tested++; - - /* - * Testing routine: - * LOG_E("IDX: %zu (%zu/%zu)", current->idx, current->tested, testCnt); - */ - - /* If the current sample has been tested enough, move the pointer to the next sample */ - if (current->tested >= testCnt) { - current->tested = 0; - run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); - } + run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); } input_setSize(run, current->size); -- cgit v1.2.3 From 60d55009d4a7aba5f099a18041321a77d3fae7e1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 03:31:04 +0100 Subject: libhfuzz: +read memory barrier --- libhfuzz/persistent.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c index 370741a1..059ab2da 100644 --- a/libhfuzz/persistent.c +++ b/libhfuzz/persistent.c @@ -60,6 +60,7 @@ extern const char* const LIBHFUZZ_module_memorycmp; extern const char* const LIBHFUZZ_module_instrument; static void HonggfuzzRunOneInput(const uint8_t* buf, size_t len) { instrument8BitCountersClear(); + rmb(); int ret = LLVMFuzzerTestOneInput(buf, len); if (ret != 0) { LOG_D("Dereferenced: %s, %s", LIBHFUZZ_module_memorycmp, LIBHFUZZ_module_instrument); -- cgit v1.2.3 From 6e50875c2c413db83913c0ca7ab73e7503c7b176 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 11:05:33 +0100 Subject: mangle: increase mutation factor for slow inputs --- fuzz.c | 8 +++++--- honggfuzz.h | 1 + input.c | 19 +++++++++++++++---- input.h | 4 ++-- mangle.c | 26 +++++++++++++++++++++++--- mangle.h | 2 +- 6 files changed, 47 insertions(+), 13 deletions(-) diff --git a/fuzz.c b/fuzz.c index 0d30b261..8ab44a97 100644 --- a/fuzz.c +++ b/fuzz.c @@ -128,7 +128,7 @@ static void fuzz_setDynamicMainState(run_t* run) { */ if (run->global->io.dynfileqCnt == 0) { input_addDynamicInput(run->global, (const uint8_t*)"", /* size= */ 0U, - /* cov */ (uint64_t[4]){0, 0, 0, 0}, /* path= */ "[DYNAMIC]"); + /* cov */ (uint64_t[4]){0, 0, 0, 0}, /* path= */ "[DYNAMIC]", /* timeExecMillis*/ 1); } snprintf(run->origFileName, sizeof(run->origFileName), "[DYNAMIC]"); @@ -169,8 +169,9 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { LOG_I("Corpus Minimization: len:%zu, cov:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, run->dynamicFileSz, cov[0], cov[1], cov[2], cov[3]); + uint64_t timeExecMillis = util_timeNowMillis() - run->timeStartedMillis; input_addDynamicInput( - run->global, run->dynamicFile, run->dynamicFileSz, cov, run->origFileName); + run->global, run->dynamicFile, run->dynamicFileSz, cov, run->origFileName, timeExecMillis); ATOMIC_SET(run->global->feedback.covFeedbackMap->pidFeedbackPc[run->fuzzNo], 0); memset(run->global->feedback.covFeedbackMap->bbMapPc, '\0', @@ -246,8 +247,9 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); + uint64_t timeExecMillis = util_timeNowMillis() - run->timeStartedMillis; input_addDynamicInput(run->global, run->dynamicFile, run->dynamicFileSz, - (uint64_t[4]){0, 0, 0, 0}, "[DYNAMIC]"); + (uint64_t[4]){0, 0, 0, 0}, "[DYNAMIC]", timeExecMillis); } if (run->global->socketFuzzer.enabled) { diff --git a/honggfuzz.h b/honggfuzz.h index 932ea8d2..e55f6418 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -170,6 +170,7 @@ struct dynfile_t { uint64_t cov[4]; size_t idx; int64_t timeAddedMillis; + uint64_t timeExecMillis; char path[PATH_MAX]; TAILQ_ENTRY(dynfile_t) pointers; uint8_t data[]; diff --git a/input.c b/input.c index 8d70da9b..fd1b38b9 100644 --- a/input.c +++ b/input.c @@ -363,8 +363,8 @@ static bool input_cmpCov(struct dynfile_t* item1, struct dynfile_t* item2) { #define TAILQ_FOREACH_HF(var, head, field) \ for ((var) = TAILQ_FIRST((head)); (var); (var) = TAILQ_NEXT((var), field)) -void input_addDynamicInput( - honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov[4], const char* path) { +void input_addDynamicInput(honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov[4], + const char* path, uint64_t timeExecMillis) { ATOMIC_SET(hfuzz->timing.lastCovUpdate, time(NULL)); struct dynfile_t* dynfile = (struct dynfile_t*)util_Malloc(sizeof(struct dynfile_t) + len); @@ -373,6 +373,7 @@ void input_addDynamicInput( } dynfile->size = len; dynfile->timeAddedMillis = util_timeNowMillis(); + dynfile->timeExecMillis = timeExecMillis; memcpy(dynfile->data, data, len); snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); @@ -426,6 +427,16 @@ void input_addDynamicInput( } } +static inline unsigned input_slowFactor(run_t* run, struct dynfile_t* current) { + uint64_t msec_per_run = ((uint64_t)(time(NULL) - run->global->timing.timeStart) * 1000); + msec_per_run /= ATOMIC_GET(run->global->cnts.mutationsCnt); + msec_per_run /= run->global->threads.threadsMax; + if (msec_per_run == 0) { + msec_per_run = 1; + } + return (unsigned)(current->timeExecMillis / msec_per_run); +} + bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { struct dynfile_t* current = NULL; @@ -448,7 +459,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { memcpy(run->dynamicFile, current->data, current->size); if (needs_mangle) { - mangle_mangleContent(run); + mangle_mangleContent(run, input_slowFactor(run, current)); } return true; @@ -527,7 +538,7 @@ bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { input_setSize(run, fileSz); if (needs_mangle) { - mangle_mangleContent(run); + mangle_mangleContent(run, /* slow_factor= */ 0); } return true; diff --git a/input.h b/input.h index 4e8f2404..83f7c3f2 100644 --- a/input.h +++ b/input.h @@ -35,8 +35,8 @@ extern bool input_parseDictionary(honggfuzz_t* hfuzz); extern void input_freeDictionary(honggfuzz_t* hfuzz); extern bool input_parseBlacklist(honggfuzz_t* hfuzz); extern bool input_writeCovFile(const char* dir, const uint8_t* data, size_t len); -extern void input_addDynamicInput( - honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov[4], const char* path); +extern void input_addDynamicInput(honggfuzz_t* hfuzz, const uint8_t* data, size_t len, + uint64_t cov[4], const char* path, uint64_t timeExecMillis); extern void input_renumerateInputs(honggfuzz_t* hfuzz); extern bool input_prepareDynamicInput(run_t* run, bool needs_mangle); extern size_t input_getRandomInputAsBuf(run_t* run, const uint8_t** buf); diff --git a/mangle.c b/mangle.c index d38c0d03..e45b05a5 100644 --- a/mangle.c +++ b/mangle.c @@ -787,7 +787,7 @@ static void mangle_Resize(run_t* run, bool printable) { } } -void mangle_mangleContent(run_t* run) { +void mangle_mangleContent(run_t* run, unsigned slow_factor) { static void (*const mangleFuncs[])(run_t * run, bool printable) = { mangle_Bit, mangle_IncByte, @@ -825,8 +825,28 @@ void mangle_mangleContent(run_t* run) { if (run->dynamicFileSz == 0U) { mangle_Resize(run, /* printable= */ run->global->cfg.only_printable); } - /* Max number of stacked changes is, by default, 6 */ - uint64_t changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); + uint64_t changesCnt = run->global->mutate.mutationsPerRun; + /* Give it a good shake-up if it's a slow input */ + switch (slow_factor) { + case 0 ... 2: + changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); + break; + case 3 ... 4: + changesCnt = + (run->global->mutate.mutationsPerRun > 8) ? run->global->mutate.mutationsPerRun : 8; + break; + case 5 ... 10: + changesCnt = (run->global->mutate.mutationsPerRun > 16) + ? run->global->mutate.mutationsPerRun + : 16; + break; + default: + changesCnt = (run->global->mutate.mutationsPerRun > 32) + ? run->global->mutate.mutationsPerRun + : 32; + break; + } + for (uint64_t x = 0; x < changesCnt; x++) { uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleFuncs) - 1); mangleFuncs[choice](run, /* printable= */ run->global->cfg.only_printable); diff --git a/mangle.h b/mangle.h index e38f339e..0fccfcac 100644 --- a/mangle.h +++ b/mangle.h @@ -26,6 +26,6 @@ #include "honggfuzz.h" -extern void mangle_mangleContent(run_t* run); +extern void mangle_mangleContent(run_t* run, unsigned slow_factor); #endif -- cgit v1.2.3 From 7a70ed8311ec4367931e237af9e531a5ff59e316 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 15:14:14 +0100 Subject: cmdline: lower default timeout to 2 seconds --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index afa8ac5a..25d0dfe1 100644 --- a/cmdline.c +++ b/cmdline.c @@ -316,7 +316,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { .timeStart = time(NULL), .runEndTime = 0, - .tmOut = 10, + .tmOut = 2, .lastCovUpdate = time(NULL), .timeOfLongestUnitInMilliseconds = 0, .tmoutVTALRM = false, -- cgit v1.2.3 From b41782cbe95b53f281a9f3efe050923fbf62c5ae Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 15:15:17 +0100 Subject: cmdline: lower default number of mutations to 5 --- cmdline.c | 2 +- mangle.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index 25d0dfe1..72f6408a 100644 --- a/cmdline.c +++ b/cmdline.c @@ -327,7 +327,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .dictionary = {}, .dictionaryCnt = 0, .dictionaryFile = NULL, - .mutationsPerRun = 6U, + .mutationsPerRun = 5, .maxInputSz = 0, }, .display = diff --git a/mangle.c b/mangle.c index e45b05a5..803827c5 100644 --- a/mangle.c +++ b/mangle.c @@ -825,6 +825,7 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { if (run->dynamicFileSz == 0U) { mangle_Resize(run, /* printable= */ run->global->cfg.only_printable); } + uint64_t changesCnt = run->global->mutate.mutationsPerRun; /* Give it a good shake-up if it's a slow input */ switch (slow_factor) { -- cgit v1.2.3 From 6c71dfdf329a6171e7661313dfc462e8ce3f2b15 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 15:18:42 +0100 Subject: mangle: lower penalty for slow inputs --- mangle.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/mangle.c b/mangle.c index 803827c5..e5320a8c 100644 --- a/mangle.c +++ b/mangle.c @@ -834,17 +834,17 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { break; case 3 ... 4: changesCnt = - (run->global->mutate.mutationsPerRun > 8) ? run->global->mutate.mutationsPerRun : 8; + (run->global->mutate.mutationsPerRun > 5) ? run->global->mutate.mutationsPerRun : 5; break; case 5 ... 10: - changesCnt = (run->global->mutate.mutationsPerRun > 16) + changesCnt = (run->global->mutate.mutationsPerRun > 10) ? run->global->mutate.mutationsPerRun - : 16; + : 10; break; default: - changesCnt = (run->global->mutate.mutationsPerRun > 32) + changesCnt = (run->global->mutate.mutationsPerRun > 20) ? run->global->mutate.mutationsPerRun - : 32; + : 20; break; } -- cgit v1.2.3 From 6c70071872703e5ef4ec621a53842e6d3bb987a1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 15:46:33 +0100 Subject: all: use struct dynfile_t inside run_t --- fuzz.c | 67 ++++++++++++++++++++----------------- honggfuzz.h | 8 ++--- input.c | 99 +++++++++++++++++++++++++++++------------------------- input.h | 3 +- linux/trace.c | 4 +-- mac/arch.c | 6 ++-- mangle.c | 104 ++++++++++++++++++++++++++++----------------------------- netbsd/trace.c | 4 +-- posix/arch.c | 4 +-- report.c | 2 +- subproc.c | 10 +++--- 11 files changed, 162 insertions(+), 149 deletions(-) diff --git a/fuzz.c b/fuzz.c index 8ab44a97..3c20e39b 100644 --- a/fuzz.c +++ b/fuzz.c @@ -127,10 +127,22 @@ static void fuzz_setDynamicMainState(run_t* run) { * dynamic corpus, so the dynamic phase doesn't fail because of lack of useful inputs */ if (run->global->io.dynfileqCnt == 0) { - input_addDynamicInput(run->global, (const uint8_t*)"", /* size= */ 0U, - /* cov */ (uint64_t[4]){0, 0, 0, 0}, /* path= */ "[DYNAMIC]", /* timeExecMillis*/ 1); - } - snprintf(run->origFileName, sizeof(run->origFileName), "[DYNAMIC]"); + struct dynfile_t dynfile = { + .size = 0, + .cov = {}, + .idx = 0, + .fd = -1, + .timeAddedMillis = util_timeNowMillis(), + .timeExecMillis = 1, + .path = "[DYNAMIC-0-SIZE]", + .data = (uint8_t*)"", + }; + struct dynfile_t* tmp_dynfile = run->dynfile; + run->dynfile = &dynfile; + input_addDynamicInput(run); + run->dynfile = tmp_dynfile; + } + snprintf(run->dynfile->path, sizeof(run->dynfile->path), "[DYNAMIC]"); if (run->global->io.maxFileSz == 0 && run->global->mutate.maxInputSz > _HF_INPUT_DEFAULT_SIZE) { size_t newsz = (run->global->io.dynfileqMaxSz >= _HF_INPUT_DEFAULT_SIZE) @@ -159,19 +171,17 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { uint64_t cpuInstr = run->linux.hwCnts.cpuInstrCnt; uint64_t cpuBranch = run->linux.hwCnts.cpuBranchCnt; - uint64_t cov[4] = { - [0] = softCntEdge + softCntPc, - [1] = run->dynamicFileSz ? (64 - util_Log2(run->dynamicFileSz)) - : 64, /* The smaller input size, the better */ - [2] = cpuInstr + cpuBranch, - [3] = softCntCmp, - }; + run->dynfile->cov[0] = softCntEdge + softCntPc; + /* The smaller input size, the better */ + run->dynfile->cov[1] = run->dynfile->size ? (64 - util_Log2(run->dynfile->size)) : 64; + run->dynfile->cov[2] = cpuInstr + cpuBranch; + run->dynfile->cov[3] = softCntCmp; + LOG_I("Corpus Minimization: len:%zu, cov:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, - run->dynamicFileSz, cov[0], cov[1], cov[2], cov[3]); + run->dynfile->size, run->dynfile->cov[0], run->dynfile->cov[1], run->dynfile->cov[2], + run->dynfile->cov[3]); - uint64_t timeExecMillis = util_timeNowMillis() - run->timeStartedMillis; - input_addDynamicInput( - run->global, run->dynamicFile, run->dynamicFileSz, cov, run->origFileName, timeExecMillis); + input_addDynamicInput(run); ATOMIC_SET(run->global->feedback.covFeedbackMap->pidFeedbackPc[run->fuzzNo], 0); memset(run->global->feedback.covFeedbackMap->bbMapPc, '\0', @@ -186,6 +196,7 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { sizeof(run->global->feedback.covFeedbackMap->bbMapCmp)); memset(&run->global->linux.hwCnts, '\0', sizeof(run->global->linux.hwCnts)); + wmb(); } static void fuzz_perfFeedback(run_t* run) { @@ -231,25 +242,23 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.softCntCmp += softCntCmp; if (run->global->cfg.minimize) { - LOG_I("Keeping '%s' in '%s'", run->origFileName, + LOG_I("Keeping '%s' in '%s'", run->dynfile->path, run->global->io.outputDir ? run->global->io.outputDir : run->global->io.inputDir); if (run->global->io.outputDir && !input_writeCovFile(run->global->io.outputDir, - run->dynamicFile, run->dynamicFileSz)) { + run->dynfile->data, run->dynfile->size)) { LOG_E("Couldn't save the coverage data to '%s'", run->global->io.outputDir); } } else { LOG_I("Size:%zu (i,b,hw,ed,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 ", Tot:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, - run->dynamicFileSz, run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, + run->dynfile->size, run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, softCntCmp, run->global->linux.hwCnts.cpuInstrCnt, run->global->linux.hwCnts.cpuBranchCnt, run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); - uint64_t timeExecMillis = util_timeNowMillis() - run->timeStartedMillis; - input_addDynamicInput(run->global, run->dynamicFile, run->dynamicFileSz, - (uint64_t[4]){0, 0, 0, 0}, "[DYNAMIC]", timeExecMillis); + input_addDynamicInput(run); } if (run->global->socketFuzzer.enabled) { @@ -258,8 +267,8 @@ static void fuzz_perfFeedback(run_t* run) { } } else if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { if (run->global->io.outputDir == NULL) { - LOG_I("Removing '%s' from '%s'", run->origFileName, run->global->io.inputDir); - input_removeStaticFile(run->global->io.inputDir, run->origFileName); + LOG_I("Removing '%s' from '%s'", run->dynfile->path, run->global->io.inputDir); + input_removeStaticFile(run->global->io.inputDir, run->dynfile->path); } } } @@ -321,7 +330,7 @@ static bool fuzz_runVerifier(run_t* run) { defer { close(fd); }; - if (!files_writeToFd(fd, run->dynamicFile, run->dynamicFileSz)) { + if (!files_writeToFd(fd, run->dynfile->data, run->dynfile->size)) { LOG_E("Couldn't save verified file as '%s'", verFile); unlink(verFile); return true; @@ -499,24 +508,22 @@ static void* fuzz_threadNew(void* arg) { run_t run = { .global = hfuzz, .pid = 0, - .dynamicFile = NULL, - .dynamicFileFd = -1, + .dynfile = (struct dynfile_t*)util_Malloc(sizeof(struct dynfile_t) + hfuzz->io.maxFileSz), .fuzzNo = fuzzNo, .persistentSock = -1, .tmOutSignaled = false, - .origFileName = "[DYNAMIC]", }; /* Do not try to handle input files with socketfuzzer */ if (!hfuzz->socketFuzzer.enabled) { - if (!(run.dynamicFile = files_mapSharedMem(hfuzz->mutate.maxInputSz, &run.dynamicFileFd, + if (!(run.dynfile->data = files_mapSharedMem(hfuzz->mutate.maxInputSz, &(run.dynfile->fd), "hf-input", /* nocore= */ true, /* export= */ false))) { LOG_F("Couldn't create an input file of size: %zu", hfuzz->mutate.maxInputSz); } } defer { - if (run.dynamicFileFd != -1) { - close(run.dynamicFileFd); + if (run.dynfile->fd != -1) { + close(run.dynfile->fd); } }; diff --git a/honggfuzz.h b/honggfuzz.h index e55f6418..af36cf2b 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -169,11 +169,12 @@ struct dynfile_t { size_t size; uint64_t cov[4]; size_t idx; + int fd; int64_t timeAddedMillis; uint64_t timeExecMillis; char path[PATH_MAX]; + uint8_t* data; TAILQ_ENTRY(dynfile_t) pointers; - uint8_t data[]; }; struct strings_t { @@ -355,7 +356,6 @@ typedef struct { honggfuzz_t* global; pid_t pid; int64_t timeStartedMillis; - char origFileName[PATH_MAX]; char crashFileName[PATH_MAX]; uint64_t pc; uint64_t backtrace; @@ -364,10 +364,8 @@ typedef struct { char report[_HF_REPORT_SIZE]; bool mainWorker; unsigned mutationsPerRun; - uint8_t* dynamicFile; - size_t dynamicFileSz; + struct dynfile_t* dynfile; bool staticFileTryMore; - int dynamicFileFd; uint32_t fuzzNo; int persistentSock; bool waitingForReady; diff --git a/input.c b/input.c index fd1b38b9..7427173d 100644 --- a/input.c +++ b/input.c @@ -45,7 +45,7 @@ #include "subproc.h" void input_setSize(run_t* run, size_t sz) { - if (run->dynamicFileSz == sz) { + if (run->dynfile->size == sz) { return; } if (sz > run->global->mutate.maxInputSz) { @@ -53,11 +53,11 @@ void input_setSize(run_t* run, size_t sz) { } /* ftruncate of a mmaped file fails under CygWin, it's also painfully slow under MacOS X */ #if !defined(__CYGWIN__) && !defined(_HF_ARCH_DARWIN) - if (TEMP_FAILURE_RETRY(ftruncate(run->dynamicFileFd, sz)) == -1) { - PLOG_W("ftruncate(run->dynamicFileFd=%d, sz=%zu)", run->dynamicFileFd, sz); + if (TEMP_FAILURE_RETRY(ftruncate(run->dynfile->fd, sz)) == -1) { + PLOG_W("ftruncate(run->dynfile->fd=%d, sz=%zu)", run->dynfile->fd, sz); } #endif /* !defined(__CYGWIN__) && !defined(_HF_ARCH_DARWIN) */ - run->dynamicFileSz = sz; + run->dynfile->size = sz; } static bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) { @@ -363,67 +363,67 @@ static bool input_cmpCov(struct dynfile_t* item1, struct dynfile_t* item2) { #define TAILQ_FOREACH_HF(var, head, field) \ for ((var) = TAILQ_FIRST((head)); (var); (var) = TAILQ_NEXT((var), field)) -void input_addDynamicInput(honggfuzz_t* hfuzz, const uint8_t* data, size_t len, uint64_t cov[4], - const char* path, uint64_t timeExecMillis) { - ATOMIC_SET(hfuzz->timing.lastCovUpdate, time(NULL)); +void input_addDynamicInput(run_t* run) { + ATOMIC_SET(run->global->timing.lastCovUpdate, time(NULL)); - struct dynfile_t* dynfile = (struct dynfile_t*)util_Malloc(sizeof(struct dynfile_t) + len); - for (size_t i = 0; i < ARRAYSIZE(dynfile->cov); i++) { - dynfile->cov[i] = cov[i]; - } - dynfile->size = len; + struct dynfile_t* dynfile = (struct dynfile_t*)util_Malloc(sizeof(struct dynfile_t)); + dynfile->size = run->dynfile->size; + memcpy(dynfile->cov, run->dynfile->cov, sizeof(dynfile->cov)); dynfile->timeAddedMillis = util_timeNowMillis(); - dynfile->timeExecMillis = timeExecMillis; - memcpy(dynfile->data, data, len); - snprintf(dynfile->path, sizeof(dynfile->path), "%s", path); + dynfile->timeExecMillis = util_timeNowMillis() - run->dynfile->timeAddedMillis; + snprintf(dynfile->path, sizeof(dynfile->path), "%s", run->dynfile->path); + dynfile->data = (uint8_t*)util_Malloc(run->dynfile->size); + memcpy(dynfile->data, run->dynfile->data, run->dynfile->size); - MX_SCOPED_RWLOCK_WRITE(&hfuzz->io.dynfileq_mutex); + MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); - hfuzz->io.dynfileqCnt++; - dynfile->idx = hfuzz->io.dynfileqCnt; + run->global->io.dynfileqCnt++; + dynfile->idx = run->global->io.dynfileqCnt; - hfuzz->io.dynfileqMaxSz = HF_MAX(hfuzz->io.dynfileqMaxSz, len); + run->global->io.dynfileqMaxSz = HF_MAX(run->global->io.dynfileqMaxSz, dynfile->size); - if (fuzz_getState(hfuzz) == _HF_STATE_DYNAMIC_MAIN) { + if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MAIN) { /* Add it with high idx */ - TAILQ_INSERT_HEAD(&hfuzz->io.dynfileq, dynfile, pointers); + TAILQ_INSERT_HEAD(&run->global->io.dynfileq, dynfile, pointers); } else { /* Sort it by coverage - put better coverage earlier in the list */ struct dynfile_t* iter = NULL; - TAILQ_FOREACH_HF(iter, &hfuzz->io.dynfileq, pointers) { + TAILQ_FOREACH_HF(iter, &run->global->io.dynfileq, pointers) { if (input_cmpCov(dynfile, iter)) { TAILQ_INSERT_BEFORE(iter, dynfile, pointers); break; } } if (iter == NULL) { - TAILQ_INSERT_TAIL(&hfuzz->io.dynfileq, dynfile, pointers); + TAILQ_INSERT_TAIL(&run->global->io.dynfileq, dynfile, pointers); } } - if (hfuzz->socketFuzzer.enabled) { + if (run->global->socketFuzzer.enabled) { /* Don't add coverage data to files in socketFuzzer mode */ return; } - if (hfuzz->cfg.minimize) { + if (run->global->cfg.minimize) { /* When minimizing we should only delete files */ return; } - const char* outDir = hfuzz->io.outputDir ? hfuzz->io.outputDir : hfuzz->io.inputDir; - if (!input_writeCovFile(outDir, data, len)) { - LOG_E("Couldn't save the coverage data to '%s'", hfuzz->io.outputDir); + const char* outDir = + run->global->io.outputDir ? run->global->io.outputDir : run->global->io.inputDir; + if (!input_writeCovFile(outDir, dynfile->data, dynfile->size)) { + LOG_E("Couldn't save the coverage data to '%s'", run->global->io.outputDir); } /* No need to add files to the new coverage dir, if it's not the main phase */ - if (fuzz_getState(hfuzz) != _HF_STATE_DYNAMIC_MAIN) { + if (fuzz_getState(run->global) != _HF_STATE_DYNAMIC_MAIN) { return; } - hfuzz->io.newUnitsAdded++; + run->global->io.newUnitsAdded++; - if (hfuzz->io.covDirNew && !input_writeCovFile(hfuzz->io.covDirNew, data, len)) { - LOG_E("Couldn't save the new coverage data to '%s'", hfuzz->io.covDirNew); + if (run->global->io.covDirNew && + !input_writeCovFile(run->global->io.covDirNew, dynfile->data, dynfile->size)) { + LOG_E("Couldn't save the new coverage data to '%s'", run->global->io.covDirNew); } } @@ -456,7 +456,12 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { } input_setSize(run, current->size); - memcpy(run->dynamicFile, current->data, current->size); + memcpy(run->dynfile->cov, current->cov, sizeof(run->dynfile->cov)); + run->dynfile->idx = current->idx; + run->dynfile->timeAddedMillis = util_timeNowMillis(); + run->dynfile->timeExecMillis = current->timeExecMillis; + snprintf(run->dynfile->path, sizeof(run->dynfile->path), "%s", current->path); + memcpy(run->dynfile->data, current->data, current->size); if (needs_mangle) { mangle_mangleContent(run, input_slowFactor(run, current)); @@ -502,7 +507,7 @@ static bool input_shouldReadNewFile(run_t* run) { } /* Increase size of the current file by a factor of 2, and return it instead of a new file */ - size_t newsz = run->dynamicFileSz * 2; + size_t newsz = run->dynfile->size * 2; if (newsz >= run->global->mutate.maxInputSz) { /* That's the largest size for this specific file that will be ever used */ newsz = run->global->mutate.maxInputSz; @@ -515,22 +520,22 @@ static bool input_shouldReadNewFile(run_t* run) { bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { if (input_shouldReadNewFile(run)) { - if (!input_getNext(run, run->origFileName, /* rewind= */ rewind)) { + if (!input_getNext(run, run->dynfile->path, /* rewind= */ rewind)) { return false; } run->global->io.testedFileCnt++; } char path[PATH_MAX]; - snprintf(path, sizeof(path), "%s/%s", run->global->io.inputDir, run->origFileName); + snprintf(path, sizeof(path), "%s/%s", run->global->io.inputDir, run->dynfile->path); - ssize_t fileSz = files_readFileToBufMax(path, run->dynamicFile, run->dynamicFileSz); + ssize_t fileSz = files_readFileToBufMax(path, run->dynfile->data, run->dynfile->size); if (fileSz < 0) { LOG_E("Couldn't read contents of '%s'", path); return false; } - if (run->staticFileTryMore && ((size_t)fileSz < run->dynamicFileSz)) { + if (run->staticFileTryMore && ((size_t)fileSz < run->dynfile->size)) { /* The file is smaller than the requested size, no need to re-read it anymore */ run->staticFileTryMore = false; } @@ -553,7 +558,7 @@ void input_removeStaticFile(const char* dir, const char* name) { } bool input_prepareExternalFile(run_t* run) { - snprintf(run->origFileName, sizeof(run->origFileName), "[EXTERNAL]"); + snprintf(run->dynfile->path, sizeof(run->dynfile->path), "[EXTERNAL]"); int fd = files_writeBufToTmpFile(run->global->io.workDir, (const uint8_t*)"", 0, 0); if (fd == -1) { @@ -575,7 +580,7 @@ bool input_prepareExternalFile(run_t* run) { LOG_D("Subporcess '%s' finished with success", run->global->exe.externalCommand); input_setSize(run, run->global->mutate.maxInputSz); - ssize_t sz = files_readFromFdSeek(fd, run->dynamicFile, run->global->mutate.maxInputSz, 0); + ssize_t sz = files_readFromFdSeek(fd, run->dynfile->data, run->global->mutate.maxInputSz, 0); if (sz == -1) { LOG_E("Couldn't read file from fd=%d", fd); return false; @@ -587,7 +592,7 @@ bool input_prepareExternalFile(run_t* run) { bool input_postProcessFile(run_t* run, const char* cmd) { int fd = - files_writeBufToTmpFile(run->global->io.workDir, run->dynamicFile, run->dynamicFileSz, 0); + files_writeBufToTmpFile(run->global->io.workDir, run->dynfile->data, run->dynfile->size, 0); if (fd == -1) { LOG_E("Couldn't write input file to a temporary buffer"); return false; @@ -607,7 +612,7 @@ bool input_postProcessFile(run_t* run, const char* cmd) { LOG_D("Subporcess '%s' finished with success", cmd); input_setSize(run, run->global->mutate.maxInputSz); - ssize_t sz = files_readFromFdSeek(fd, run->dynamicFile, run->global->mutate.maxInputSz, 0); + ssize_t sz = files_readFromFdSeek(fd, run->dynfile->data, run->global->mutate.maxInputSz, 0); if (sz == -1) { LOG_E("Couldn't read file from fd=%d", fd); return false; @@ -634,10 +639,14 @@ bool input_prepareDynamicFileForMinimization(run_t* run) { } input_setSize(run, run->global->io.dynfileqCurrent->size); - memcpy(run->dynamicFile, run->global->io.dynfileqCurrent->data, + memcpy(run->dynfile->cov, run->global->io.dynfileqCurrent->cov, sizeof(run->dynfile->cov)); + run->dynfile->idx = run->global->io.dynfileqCurrent->idx; + run->dynfile->timeAddedMillis = util_timeNowMillis(); + run->dynfile->timeExecMillis = run->global->io.dynfileqCurrent->timeExecMillis; + snprintf(run->dynfile->path, sizeof(run->dynfile->path), "%s", + run->global->io.dynfileqCurrent->path); + memcpy(run->dynfile->data, run->global->io.dynfileqCurrent->data, run->global->io.dynfileqCurrent->size); - snprintf( - run->origFileName, sizeof(run->origFileName), "%s", run->global->io.dynfileqCurrent->path); LOG_D("Cov: %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, run->global->io.dynfileqCurrent->cov[0], run->global->io.dynfileqCurrent->cov[1], diff --git a/input.h b/input.h index 83f7c3f2..8682e49f 100644 --- a/input.h +++ b/input.h @@ -35,8 +35,7 @@ extern bool input_parseDictionary(honggfuzz_t* hfuzz); extern void input_freeDictionary(honggfuzz_t* hfuzz); extern bool input_parseBlacklist(honggfuzz_t* hfuzz); extern bool input_writeCovFile(const char* dir, const uint8_t* data, size_t len); -extern void input_addDynamicInput(honggfuzz_t* hfuzz, const uint8_t* data, size_t len, - uint64_t cov[4], const char* path, uint64_t timeExecMillis); +extern void input_addDynamicInput(run_t* run); extern void input_renumerateInputs(honggfuzz_t* hfuzz); extern bool input_prepareDynamicInput(run_t* run, bool needs_mangle); extern size_t input_getRandomInputAsBuf(run_t* run, const uint8_t** buf); diff --git a/linux/trace.c b/linux/trace.c index 3a22234c..c58d0263 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -671,7 +671,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* If dry run mode, copy file with same name into workspace */ if (run->global->mutate.mutationsPerRun == 0U && run->global->cfg.useVerifier) { snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s", run->global->io.crashDir, - run->origFileName); + run->dynfile->path); } else if (saveUnique) { snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".CODE.%d.ADDR.%" PRIx64 ".INSTR.%s.%s", @@ -698,7 +698,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { return; } - if (!files_writeBufToFile(run->crashFileName, run->dynamicFile, run->dynamicFileSz, + if (!files_writeBufToFile(run->crashFileName, run->dynfile->data, run->dynfile->size, O_CREAT | O_EXCL | O_WRONLY | O_CLOEXEC)) { LOG_E("Couldn't write to '%s'", run->crashFileName); return; diff --git a/mac/arch.c b/mac/arch.c index b5f059c8..9dcae154 100644 --- a/mac/arch.c +++ b/mac/arch.c @@ -153,7 +153,7 @@ const char* exception_to_string(int exception) { static void arch_generateReport(run_t* run, int termsig) { run->report[0] = '\0'; - util_ssnprintf(run->report, sizeof(run->report), "ORIG_FNAME: %s\n", run->origFileName); + util_ssnprintf(run->report, sizeof(run->report), "ORIG_FNAME: %s\n", run->dynfile->path); util_ssnprintf(run->report, sizeof(run->report), "FUZZ_FNAME: %s\n", run->crashFileName); util_ssnprintf(run->report, sizeof(run->report), "PID: %d\n", run->pid); util_ssnprintf( @@ -246,7 +246,7 @@ static void arch_analyzeSignal(run_t* run, int status) { /* If dry run mode, copy file with same name into workspace */ if (run->global->mutate.mutationsPerRun == 0U && run->global->cfg.useVerifier) { snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s", run->global->io.crashDir, - run->origFileName); + run->dynfile->path); } else if (run->global->io.saveUnique) { snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s.%s.PC.%.16llx.STACK.%.16llx.ADDR.%.16llx.%s", run->global->io.crashDir, @@ -269,7 +269,7 @@ static void arch_analyzeSignal(run_t* run, int status) { return; } - if (!files_writeBufToFile(run->crashFileName, run->dynamicFile, run->dynamicFileSz, + if (!files_writeBufToFile(run->crashFileName, run->dynfile->data, run->dynfile->size, O_CREAT | O_EXCL | O_WRONLY)) { LOG_E("Couldn't save crash as '%s'", run->crashFileName); return; diff --git a/mangle.c b/mangle.c index e5320a8c..46753aba 100644 --- a/mangle.c +++ b/mangle.c @@ -1,6 +1,6 @@ /* * - * honggfuzz - run->dynamicFilefer mangling routines + * honggfuzz - run->dynfile->datafer mangling routines * ----------------------------------------- * * Author: @@ -68,19 +68,19 @@ static inline size_t mangle_getLen(size_t max) { /* Prefer smaller values here, so use mangle_getLen() */ static inline size_t mangle_getOffSet(run_t* run) { - return mangle_getLen(run->dynamicFileSz) - 1; + return mangle_getLen(run->dynfile->size) - 1; } static inline void mangle_Move(run_t* run, size_t off_from, size_t off_to, size_t len) { - if (off_from >= run->dynamicFileSz) { + if (off_from >= run->dynfile->size) { return; } - if (off_to >= run->dynamicFileSz) { + if (off_to >= run->dynfile->size) { return; } - ssize_t len_from = (ssize_t)run->dynamicFileSz - off_from - 1; - ssize_t len_to = (ssize_t)run->dynamicFileSz - off_to - 1; + ssize_t len_from = (ssize_t)run->dynfile->size - off_from - 1; + ssize_t len_to = (ssize_t)run->dynfile->size - off_to - 1; if ((ssize_t)len > len_from) { len = len_from; @@ -89,7 +89,7 @@ static inline void mangle_Move(run_t* run, size_t off_from, size_t off_to, size_ len = len_to; } - memmove(&run->dynamicFile[off_to], &run->dynamicFile[off_from], len); + memmove(&run->dynfile->data[off_to], &run->dynfile->data[off_from], len); } static inline void mangle_Overwrite( @@ -97,29 +97,29 @@ static inline void mangle_Overwrite( if (len == 0) { return; } - size_t maxToCopy = run->dynamicFileSz - off; + size_t maxToCopy = run->dynfile->size - off; if (len > maxToCopy) { len = maxToCopy; } - memmove(&run->dynamicFile[off], src, len); + memmove(&run->dynfile->data[off], src, len); if (printable) { - util_turnToPrintable(&run->dynamicFile[off], len); + util_turnToPrintable(&run->dynfile->data[off], len); } } static inline size_t mangle_Inflate(run_t* run, size_t off, size_t len, bool printable) { - if (run->dynamicFileSz >= run->global->mutate.maxInputSz) { + if (run->dynfile->size >= run->global->mutate.maxInputSz) { return 0; } - if (len > (run->global->mutate.maxInputSz - run->dynamicFileSz)) { - len = run->global->mutate.maxInputSz - run->dynamicFileSz; + if (len > (run->global->mutate.maxInputSz - run->dynfile->size)) { + len = run->global->mutate.maxInputSz - run->dynfile->size; } - input_setSize(run, run->dynamicFileSz + len); - mangle_Move(run, off, off + len, run->dynamicFileSz); + input_setSize(run, run->dynfile->size + len); + mangle_Move(run, off, off + len, run->dynfile->size); if (printable) { - memset(&run->dynamicFile[off], ' ', len); + memset(&run->dynfile->data[off], ' ', len); } return len; @@ -134,17 +134,17 @@ static inline void mangle_Insert( static void mangle_MemCopyOverwrite(run_t* run, bool printable HF_ATTR_UNUSED) { size_t off_from = mangle_getOffSet(run); size_t off_to = mangle_getOffSet(run); - size_t len = mangle_getLen(run->dynamicFileSz - off_from); + size_t len = mangle_getLen(run->dynfile->size - off_from); - mangle_Overwrite(run, off_to, &run->dynamicFile[off_from], len, printable); + mangle_Overwrite(run, off_to, &run->dynfile->data[off_from], len, printable); } static void mangle_MemCopyInsert(run_t* run, bool printable) { size_t off_to = mangle_getOffSet(run); size_t off_from = mangle_getOffSet(run); - size_t len = mangle_getLen(run->dynamicFileSz - off_from); + size_t len = mangle_getLen(run->dynfile->size - off_from); - mangle_Insert(run, off_to, &run->dynamicFile[off_from], len, printable); + mangle_Insert(run, off_to, &run->dynfile->data[off_from], len, printable); } static void mangle_BytesOverwrite(run_t* run, bool printable) { @@ -179,7 +179,7 @@ static void mangle_BytesInsert(run_t* run, bool printable) { static void mangle_ByteRepeatOverwrite(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); size_t destOff = off + 1; - size_t maxSz = run->dynamicFileSz - destOff; + size_t maxSz = run->dynfile->size - destOff; /* No space to repeat */ if (!maxSz) { @@ -188,13 +188,13 @@ static void mangle_ByteRepeatOverwrite(run_t* run, bool printable) { } size_t len = mangle_getLen(maxSz); - memset(&run->dynamicFile[destOff], run->dynamicFile[off], len); + memset(&run->dynfile->data[destOff], run->dynfile->data[off], len); } static void mangle_ByteRepeatInsert(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); size_t destOff = off + 1; - size_t maxSz = run->dynamicFileSz - destOff; + size_t maxSz = run->dynfile->size - destOff; /* No space to repeat */ if (!maxSz) { @@ -204,14 +204,14 @@ static void mangle_ByteRepeatInsert(run_t* run, bool printable) { size_t len = mangle_getLen(maxSz); len = mangle_Inflate(run, destOff, len, printable); - memset(&run->dynamicFile[destOff], run->dynamicFile[off], len); + memset(&run->dynfile->data[destOff], run->dynfile->data[off], len); } static void mangle_Bit(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - run->dynamicFile[off] ^= (uint8_t)(1U << util_rndGet(0, 7)); + run->dynfile->data[off] ^= (uint8_t)(1U << util_rndGet(0, 7)); if (printable) { - util_turnToPrintable(&(run->dynamicFile[off]), 1); + util_turnToPrintable(&(run->dynfile->data[off]), 1); } } @@ -531,9 +531,9 @@ static void mangle_ConstFeedbackOverwrite(run_t* run, bool printable) { static inline void mangle_MemSetWithVal(run_t* run, int val) { size_t off = mangle_getOffSet(run); - size_t len = mangle_getLen(run->dynamicFileSz - off); + size_t len = mangle_getLen(run->dynfile->size - off); - memset(&run->dynamicFile[off], val, len); + memset(&run->dynfile->data[off], val, len); } static void mangle_MemSet(run_t* run, bool printable) { @@ -543,24 +543,24 @@ static void mangle_MemSet(run_t* run, bool printable) { static void mangle_RandomOverwrite(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - size_t len = mangle_getLen(run->dynamicFileSz - off); + size_t len = mangle_getLen(run->dynfile->size - off); if (printable) { - util_rndBufPrintable(&run->dynamicFile[off], len); + util_rndBufPrintable(&run->dynfile->data[off], len); } else { - util_rndBuf(&run->dynamicFile[off], len); + util_rndBuf(&run->dynfile->data[off], len); } } static void mangle_RandomInsert(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - size_t len = mangle_getLen(run->dynamicFileSz - off); + size_t len = mangle_getLen(run->dynfile->size - off); len = mangle_Inflate(run, off, len, printable); if (printable) { - util_rndBufPrintable(&run->dynamicFile[off], len); + util_rndBufPrintable(&run->dynfile->data[off], len); } else { - util_rndBuf(&run->dynamicFile[off], len); + util_rndBuf(&run->dynfile->data[off], len); } } @@ -570,12 +570,12 @@ static inline void mangle_AddSubWithRange( switch (varLen) { case 1: { - run->dynamicFile[off] += delta; + run->dynfile->data[off] += delta; break; } case 2: { int16_t val; - memcpy(&val, &run->dynamicFile[off], sizeof(val)); + memcpy(&val, &run->dynfile->data[off], sizeof(val)); if (util_rnd64() & 0x1) { val += delta; } else { @@ -589,7 +589,7 @@ static inline void mangle_AddSubWithRange( } case 4: { int32_t val; - memcpy(&val, &run->dynamicFile[off], sizeof(val)); + memcpy(&val, &run->dynfile->data[off], sizeof(val)); if (util_rnd64() & 0x1) { val += delta; } else { @@ -603,7 +603,7 @@ static inline void mangle_AddSubWithRange( } case 8: { int64_t val; - memcpy(&val, &run->dynamicFile[off], sizeof(val)); + memcpy(&val, &run->dynfile->data[off], sizeof(val)); if (util_rnd64() & 0x1) { val += delta; } else { @@ -626,7 +626,7 @@ static void mangle_AddSub(run_t* run, bool printable) { /* 1,2,4,8 */ size_t varLen = 1U << util_rndGet(0, 3); - if ((run->dynamicFileSz - off) < varLen) { + if ((run->dynfile->size - off) < varLen) { varLen = 1; } @@ -654,47 +654,47 @@ static void mangle_AddSub(run_t* run, bool printable) { static void mangle_IncByte(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); if (printable) { - run->dynamicFile[off] = (run->dynamicFile[off] - 32 + 1) % 95 + 32; + run->dynfile->data[off] = (run->dynfile->data[off] - 32 + 1) % 95 + 32; } else { - run->dynamicFile[off] += (uint8_t)1UL; + run->dynfile->data[off] += (uint8_t)1UL; } } static void mangle_DecByte(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); if (printable) { - run->dynamicFile[off] = (run->dynamicFile[off] - 32 + 94) % 95 + 32; + run->dynfile->data[off] = (run->dynfile->data[off] - 32 + 94) % 95 + 32; } else { - run->dynamicFile[off] -= (uint8_t)1UL; + run->dynfile->data[off] -= (uint8_t)1UL; } } static void mangle_NegByte(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); if (printable) { - run->dynamicFile[off] = 94 - (run->dynamicFile[off] - 32) + 32; + run->dynfile->data[off] = 94 - (run->dynfile->data[off] - 32) + 32; } else { - run->dynamicFile[off] = ~(run->dynamicFile[off]); + run->dynfile->data[off] = ~(run->dynfile->data[off]); } } static void mangle_Expand(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - size_t len = mangle_getLen(run->dynamicFileSz - off); + size_t len = mangle_getLen(run->dynfile->size - off); mangle_Inflate(run, off, len, printable); } static void mangle_Shrink(run_t* run, bool printable HF_ATTR_UNUSED) { - if (run->dynamicFileSz <= 1U) { + if (run->dynfile->size <= 1U) { return; } size_t off_start = mangle_getOffSet(run); size_t off_end = util_rndGet(0, off_start); - mangle_Move(run, off_start, off_end, run->dynamicFileSz - off_start); - input_setSize(run, run->dynamicFileSz - (off_start - off_end)); + mangle_Move(run, off_start, off_end, run->dynfile->size - off_start); + input_setSize(run, run->dynfile->size - (off_start - off_end)); } static void mangle_ASCIINumOverwrite(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); @@ -745,7 +745,7 @@ static void mangle_SpliceInsert(run_t* run, bool printable) { } static void mangle_Resize(run_t* run, bool printable) { - ssize_t oldsz = run->dynamicFileSz; + ssize_t oldsz = run->dynfile->size; ssize_t newsz = 0; uint64_t choice = util_rndGet(0, 32); @@ -782,7 +782,7 @@ static void mangle_Resize(run_t* run, bool printable) { input_setSize(run, (size_t)newsz); if (newsz > oldsz) { if (printable) { - memset(&run->dynamicFile[oldsz], 'A', newsz - oldsz); + memset(&run->dynfile->data[oldsz], 'A', newsz - oldsz); } } } @@ -822,7 +822,7 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { return; } - if (run->dynamicFileSz == 0U) { + if (run->dynfile->size == 0U) { mangle_Resize(run, /* printable= */ run->global->cfg.only_printable); } diff --git a/netbsd/trace.c b/netbsd/trace.c index b34374dd..dc89d5ba 100644 --- a/netbsd/trace.c +++ b/netbsd/trace.c @@ -415,7 +415,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* If dry run mode, copy file with same name into workspace */ if (run->global->mutate.mutationsPerRun == 0U && run->global->cfg.useVerifier) { snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s", run->global->io.crashDir, - run->origFileName); + run->dynfile->path); } else if (saveUnique) { snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s.PC.%" PRIxREGISTER ".STACK.%" PRIx64 ".CODE.%d.ADDR.%p.INSTR.%s.%s", @@ -437,7 +437,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { return; } - if (!files_writeBufToFile(run->crashFileName, run->dynamicFile, run->dynamicFileSz, + if (!files_writeBufToFile(run->crashFileName, run->dynfile->data, run->dynfile->size, O_CREAT | O_EXCL | O_WRONLY | O_CLOEXEC)) { LOG_E("Couldn't write to '%s'", run->crashFileName); return; diff --git a/posix/arch.c b/posix/arch.c index 738124d3..947dca9f 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -139,7 +139,7 @@ static void arch_analyzeSignal(run_t* run, pid_t pid, int status) { /* If dry run mode, copy file with same name into workspace */ if (run->global->mutate.mutationsPerRun == 0U && run->global->cfg.useVerifier) { snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s", run->global->io.crashDir, - run->origFileName); + run->dynfile->path); } else if (saveUnique) { snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s.PC.%" PRIx64 ".STACK.%" PRIx64 ".ADDR.%" PRIx64 ".%s", run->global->io.crashDir, @@ -167,7 +167,7 @@ static void arch_analyzeSignal(run_t* run, pid_t pid, int status) { /* If unique crash found, reset dynFile counter */ ATOMIC_CLEAR(run->global->cfg.dynFileIterExpire); - if (files_writeBufToFile(run->crashFileName, run->dynamicFile, run->dynamicFileSz, + if (files_writeBufToFile(run->crashFileName, run->dynfile->data, run->dynfile->size, O_CREAT | O_EXCL | O_WRONLY) == false) { LOG_E("Couldn't save crash to '%s'", run->crashFileName); } diff --git a/report.c b/report.c index 383b273b..6754b199 100644 --- a/report.c +++ b/report.c @@ -134,7 +134,7 @@ void report_appendReport(pid_t pid, run_t* run, funcs_t* funcs, size_t funcCnt, uint64_t crashAddr, int signo, const char* instr, const char description[HF_STR_LEN]) { util_ssnprintf(run->report, sizeof(run->report), "CRASH:\n"); util_ssnprintf(run->report, sizeof(run->report), "DESCRIPTION: %s\n", description); - util_ssnprintf(run->report, sizeof(run->report), "ORIG_FNAME: %s\n", run->origFileName); + util_ssnprintf(run->report, sizeof(run->report), "ORIG_FNAME: %s\n", run->dynfile->path); util_ssnprintf(run->report, sizeof(run->report), "FUZZ_FNAME: %s\n", run->crashFileName); util_ssnprintf(run->report, sizeof(run->report), "PID: %d\n", pid); util_ssnprintf( diff --git a/subproc.c b/subproc.c index b83f5fe8..04016b28 100644 --- a/subproc.c +++ b/subproc.c @@ -124,7 +124,7 @@ const char* subproc_StatusToStr(int status, char* str, size_t len) { } static bool subproc_persistentSendFileIndicator(run_t* run) { - uint64_t len = (uint64_t)run->dynamicFileSz; + uint64_t len = (uint64_t)run->dynfile->size; if (!files_sendToSocketNB(run->persistentSock, (uint8_t*)&len, sizeof(len))) { PLOG_W("files_sendToSocketNB(len=%zu)", sizeof(len)); return false; @@ -298,8 +298,8 @@ static bool subproc_PrepareExecv(run_t* run) { /* Do not try to handle input files with socketfuzzer */ if (!run->global->socketFuzzer.enabled) { /* The input file to _HF_INPUT_FD */ - if (TEMP_FAILURE_RETRY(dup2(run->dynamicFileFd, _HF_INPUT_FD)) == -1) { - PLOG_E("dup2('%d', _HF_INPUT_FD='%d')", run->dynamicFileFd, _HF_INPUT_FD); + if (TEMP_FAILURE_RETRY(dup2(run->dynfile->fd, _HF_INPUT_FD)) == -1) { + PLOG_E("dup2('%d', _HF_INPUT_FD='%d')", run->dynfile->fd, _HF_INPUT_FD); return false; } if (lseek(_HF_INPUT_FD, 0, SEEK_SET) == (off_t)-1) { @@ -307,8 +307,8 @@ static bool subproc_PrepareExecv(run_t* run) { return false; } if (run->global->exe.fuzzStdin && - TEMP_FAILURE_RETRY(dup2(run->dynamicFileFd, STDIN_FILENO)) == -1) { - PLOG_E("dup2(_HF_INPUT_FD=%d, STDIN_FILENO=%d)", run->dynamicFileFd, STDIN_FILENO); + TEMP_FAILURE_RETRY(dup2(run->dynfile->fd, STDIN_FILENO)) == -1) { + PLOG_E("dup2(_HF_INPUT_FD=%d, STDIN_FILENO=%d)", run->dynfile->fd, STDIN_FILENO); return false; } } -- cgit v1.2.3 From e676a55907a8a6a6f6c4d49645ae429057876101 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 16:34:23 +0100 Subject: input: make input_writeCovFile() use struct dynfile_t --- fuzz.c | 3 +-- input.c | 33 +++++++++++++++++++++------------ input.h | 2 +- 3 files changed, 23 insertions(+), 15 deletions(-) diff --git a/fuzz.c b/fuzz.c index 3c20e39b..431b9b8e 100644 --- a/fuzz.c +++ b/fuzz.c @@ -244,8 +244,7 @@ static void fuzz_perfFeedback(run_t* run) { if (run->global->cfg.minimize) { LOG_I("Keeping '%s' in '%s'", run->dynfile->path, run->global->io.outputDir ? run->global->io.outputDir : run->global->io.inputDir); - if (run->global->io.outputDir && !input_writeCovFile(run->global->io.outputDir, - run->dynfile->data, run->dynfile->size)) { + if (run->global->io.outputDir && !input_writeCovFile(run, run->global->io.outputDir)) { LOG_E("Couldn't save the coverage data to '%s'", run->global->io.outputDir); } } else { diff --git a/input.c b/input.c index 7427173d..116a59a6 100644 --- a/input.c +++ b/input.c @@ -323,13 +323,22 @@ bool input_parseBlacklist(honggfuzz_t* hfuzz) { return true; } -bool input_writeCovFile(const char* dir, const uint8_t* data, size_t len) { - char fname[PATH_MAX]; +static void input_generateFileName( + struct dynfile_t* dynfile, const char* dir, char fname[PATH_MAX]) { + uint64_t crc64f = util_CRC64(dynfile->data, dynfile->size); + uint64_t crc64r = util_CRC64Rev(dynfile->data, dynfile->size); + if (dir) { + snprintf(fname, PATH_MAX, "%s/%016" PRIx64 "%016" PRIx64 ".%08" PRIx32 ".honggfuzz.cov", + dir, crc64f, crc64r, (uint32_t)dynfile->size); + } else { + snprintf(fname, PATH_MAX, "%016" PRIx64 "%016" PRIx64 ".%08" PRIx32 ".honggfuzz.cov", + crc64f, crc64r, (uint32_t)dynfile->size); + } +} - uint64_t crc64f = util_CRC64(data, len); - uint64_t crc64r = util_CRC64Rev(data, len); - snprintf(fname, sizeof(fname), "%s/%016" PRIx64 "%016" PRIx64 ".%08" PRIx32 ".honggfuzz.cov", - dir, crc64f, crc64r, (uint32_t)len); +bool input_writeCovFile(run_t* run, const char* dir) { + char fname[PATH_MAX]; + input_generateFileName(run->dynfile, dir, fname); if (files_exists(fname)) { LOG_D("File '%s' already exists in the output corpus directory '%s'", fname, dir); @@ -338,8 +347,9 @@ bool input_writeCovFile(const char* dir, const uint8_t* data, size_t len) { LOG_D("Adding file '%s' to the corpus directory '%s'", fname, dir); - if (!files_writeBufToFile(fname, data, len, O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC)) { - LOG_W("Couldn't write buffer to file '%s'", fname); + if (!files_writeBufToFile(fname, run->dynfile->data, run->dynfile->size, + O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC)) { + LOG_W("Couldn't write buffer to file '%s' (sz=%zu)", fname, run->dynfile->size); return false; } @@ -371,7 +381,7 @@ void input_addDynamicInput(run_t* run) { memcpy(dynfile->cov, run->dynfile->cov, sizeof(dynfile->cov)); dynfile->timeAddedMillis = util_timeNowMillis(); dynfile->timeExecMillis = util_timeNowMillis() - run->dynfile->timeAddedMillis; - snprintf(dynfile->path, sizeof(dynfile->path), "%s", run->dynfile->path); + input_generateFileName(run->dynfile, NULL, run->dynfile->path); dynfile->data = (uint8_t*)util_Malloc(run->dynfile->size); memcpy(dynfile->data, run->dynfile->data, run->dynfile->size); @@ -410,7 +420,7 @@ void input_addDynamicInput(run_t* run) { const char* outDir = run->global->io.outputDir ? run->global->io.outputDir : run->global->io.inputDir; - if (!input_writeCovFile(outDir, dynfile->data, dynfile->size)) { + if (!input_writeCovFile(run, outDir)) { LOG_E("Couldn't save the coverage data to '%s'", run->global->io.outputDir); } @@ -421,8 +431,7 @@ void input_addDynamicInput(run_t* run) { run->global->io.newUnitsAdded++; - if (run->global->io.covDirNew && - !input_writeCovFile(run->global->io.covDirNew, dynfile->data, dynfile->size)) { + if (run->global->io.covDirNew && !input_writeCovFile(run, run->global->io.covDirNew)) { LOG_E("Couldn't save the new coverage data to '%s'", run->global->io.covDirNew); } } diff --git a/input.h b/input.h index 8682e49f..5d25f716 100644 --- a/input.h +++ b/input.h @@ -34,7 +34,7 @@ extern bool input_init(honggfuzz_t* hfuzz); extern bool input_parseDictionary(honggfuzz_t* hfuzz); extern void input_freeDictionary(honggfuzz_t* hfuzz); extern bool input_parseBlacklist(honggfuzz_t* hfuzz); -extern bool input_writeCovFile(const char* dir, const uint8_t* data, size_t len); +extern bool input_writeCovFile(run_t* run, const char* dir); extern void input_addDynamicInput(run_t* run); extern void input_renumerateInputs(honggfuzz_t* hfuzz); extern bool input_prepareDynamicInput(run_t* run, bool needs_mangle); -- cgit v1.2.3 From 74e541066b9dd0c1bb8b3c53e71642712a0d6cd3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 17:27:54 +0100 Subject: fuzz: simplified minimization --- fuzz.c | 60 ++++++++++++++++++++++++++++++++++++------------------------ input.c | 20 ++++++++++++++------ input.h | 2 ++ 3 files changed, 52 insertions(+), 30 deletions(-) diff --git a/fuzz.c b/fuzz.c index 431b9b8e..2a6250a1 100644 --- a/fuzz.c +++ b/fuzz.c @@ -161,6 +161,31 @@ static void fuzz_setDynamicMainState(run_t* run) { ATOMIC_SET(run->global->feedback.state, _HF_STATE_DYNAMIC_MAIN); } +static void fuzz_minimizeRemoveFiles(run_t* run) { + if (run->global->io.outputDir) { + LOG_I("Minimized files were copied to '%s'", run->global->io.outputDir); + return; + } + if (!input_getDirStatsAndRewind(run->global)) { + return; + } + for (;;) { + char fname[PATH_MAX]; + if (!input_getNext(run, fname, /* rewind= */ false)) { + break; + } + if (!input_inDynamicCorpus(run, fname)) { + char path[PATH_MAX]; + snprintf(path, sizeof(path), "%s/%s", run->global->io.inputDir, fname); + LOG_I("Removing unnecessary '%s'", path); + if (unlink(path) == -1 && errno != EEXIST) { + PLOG_E("Couldn't remove file '%s'", path); + } + } + } + LOG_I("Corpus minimization done"); +} + static void fuzz_perfFeedbackForMinimization(run_t* run) { uint64_t softCntPc = ATOMIC_GET(run->global->feedback.covFeedbackMap->pidFeedbackPc[run->fuzzNo]); @@ -241,34 +266,21 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.softCntEdge += softCntEdge; run->global->linux.hwCnts.softCntCmp += softCntCmp; - if (run->global->cfg.minimize) { - LOG_I("Keeping '%s' in '%s'", run->dynfile->path, - run->global->io.outputDir ? run->global->io.outputDir : run->global->io.inputDir); - if (run->global->io.outputDir && !input_writeCovFile(run, run->global->io.outputDir)) { - LOG_E("Couldn't save the coverage data to '%s'", run->global->io.outputDir); - } - } else { - LOG_I("Size:%zu (i,b,hw,ed,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 - "/%" PRIu64 "/%" PRIu64 ", Tot:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 - "/%" PRIu64 "/%" PRIu64, - run->dynfile->size, run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, - run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, softCntCmp, - run->global->linux.hwCnts.cpuInstrCnt, run->global->linux.hwCnts.cpuBranchCnt, - run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, - run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); - - input_addDynamicInput(run); - } + LOG_I("Size:%zu (i,b,hw,ed,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 + "/%" PRIu64 "/%" PRIu64 ", Tot:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 + "/%" PRIu64 "/%" PRIu64, + run->dynfile->size, run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, + run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, softCntCmp, + run->global->linux.hwCnts.cpuInstrCnt, run->global->linux.hwCnts.cpuBranchCnt, + run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, + run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); + + input_addDynamicInput(run); if (run->global->socketFuzzer.enabled) { LOG_D("SocketFuzzer: fuzz: new BB (perf)"); fuzz_notifySocketFuzzerNewCov(run->global); } - } else if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { - if (run->global->io.outputDir == NULL) { - LOG_I("Removing '%s' from '%s'", run->dynfile->path, run->global->io.inputDir); - input_removeStaticFile(run->global->io.inputDir, run->dynfile->path); - } } } @@ -426,8 +438,8 @@ static void fuzz_fuzzLoop(run_t* run) { if (!fuzz_fetchInput(run)) { if (run->global->cfg.minimize && fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { + fuzz_minimizeRemoveFiles(run); fuzz_setTerminating(); - LOG_I("Corpus minimization done!"); return; } LOG_F("Cound't prepare input for fuzzing"); diff --git a/input.c b/input.c index 116a59a6..cac9de88 100644 --- a/input.c +++ b/input.c @@ -60,7 +60,7 @@ void input_setSize(run_t* run, size_t sz) { run->dynfile->size = sz; } -static bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) { +bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) { rewinddir(hfuzz->io.inputDirPtr); size_t fileCnt = 0U; @@ -381,7 +381,7 @@ void input_addDynamicInput(run_t* run) { memcpy(dynfile->cov, run->dynfile->cov, sizeof(dynfile->cov)); dynfile->timeAddedMillis = util_timeNowMillis(); dynfile->timeExecMillis = util_timeNowMillis() - run->dynfile->timeAddedMillis; - input_generateFileName(run->dynfile, NULL, run->dynfile->path); + input_generateFileName(run->dynfile, NULL, dynfile->path); dynfile->data = (uint8_t*)util_Malloc(run->dynfile->size); memcpy(dynfile->data, run->dynfile->data, run->dynfile->size); @@ -413,10 +413,6 @@ void input_addDynamicInput(run_t* run) { /* Don't add coverage data to files in socketFuzzer mode */ return; } - if (run->global->cfg.minimize) { - /* When minimizing we should only delete files */ - return; - } const char* outDir = run->global->io.outputDir ? run->global->io.outputDir : run->global->io.inputDir; @@ -436,6 +432,18 @@ void input_addDynamicInput(run_t* run) { } } +bool input_inDynamicCorpus(run_t* run, const char* fname) { + MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); + + struct dynfile_t* iter = NULL; + TAILQ_FOREACH_HF(iter, &run->global->io.dynfileq, pointers) { + if (strncmp(iter->path, fname, PATH_MAX) == 0) { + return true; + } + } + return false; +} + static inline unsigned input_slowFactor(run_t* run, struct dynfile_t* current) { uint64_t msec_per_run = ((uint64_t)(time(NULL) - run->global->timing.timeStart) * 1000); msec_per_run /= ATOMIC_GET(run->global->cnts.mutationsCnt); diff --git a/input.h b/input.h index 5d25f716..6ee59c46 100644 --- a/input.h +++ b/input.h @@ -29,6 +29,7 @@ #include "honggfuzz.h" extern void input_setSize(run_t* run, size_t sz); +extern bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz); extern bool input_getNext(run_t* run, char fname[PATH_MAX], bool rewind); extern bool input_init(honggfuzz_t* hfuzz); extern bool input_parseDictionary(honggfuzz_t* hfuzz); @@ -36,6 +37,7 @@ extern void input_freeDictionary(honggfuzz_t* hfuzz); extern bool input_parseBlacklist(honggfuzz_t* hfuzz); extern bool input_writeCovFile(run_t* run, const char* dir); extern void input_addDynamicInput(run_t* run); +extern bool input_inDynamicCorpus(run_t* run, const char* fname); extern void input_renumerateInputs(honggfuzz_t* hfuzz); extern bool input_prepareDynamicInput(run_t* run, bool needs_mangle); extern size_t input_getRandomInputAsBuf(run_t* run, const uint8_t** buf); -- cgit v1.2.3 From 5501c4a4999bd6c185e0986a38d25a8135939520 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 19:54:52 +0100 Subject: subproc: guard changing a global var by a mutex --- subproc.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/subproc.c b/subproc.c index 04016b28..3c8549a3 100644 --- a/subproc.c +++ b/subproc.c @@ -430,8 +430,13 @@ bool subproc_Run(run_t* run) { arch_reapChild(run); int64_t diffMillis = util_timeNowMillis() - run->timeStartedMillis; - if (diffMillis >= run->global->timing.timeOfLongestUnitInMilliseconds) { - run->global->timing.timeOfLongestUnitInMilliseconds = diffMillis; + + { + static pthread_mutex_t local_mutex = PTHREAD_MUTEX_INITIALIZER; + MX_SCOPED_LOCK(&local_mutex) + if (diffMillis >= ATOMIC_GET(run->global->timing.timeOfLongestUnitInMilliseconds)) { + ATOMIC_SET(run->global->timing.timeOfLongestUnitInMilliseconds, diffMillis); + } } return true; -- cgit v1.2.3 From 9d706c7043dbb861233a77744214412ba0418d5c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 19:56:00 +0100 Subject: mangle: remove Resize from options --- mangle.c | 1 - 1 file changed, 1 deletion(-) diff --git a/mangle.c b/mangle.c index 46753aba..5fd8af92 100644 --- a/mangle.c +++ b/mangle.c @@ -797,7 +797,6 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { mangle_MemSet, mangle_Expand, mangle_Shrink, - mangle_Resize, mangle_MemCopyOverwrite, mangle_MemCopyInsert, mangle_BytesOverwrite, -- cgit v1.2.3 From b8b023dfc99578738332e7334b2d43a69d42167a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 19:59:42 +0100 Subject: libhfuzz: remove unnecessary read barrier --- libhfuzz/persistent.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c index 059ab2da..370741a1 100644 --- a/libhfuzz/persistent.c +++ b/libhfuzz/persistent.c @@ -60,7 +60,6 @@ extern const char* const LIBHFUZZ_module_memorycmp; extern const char* const LIBHFUZZ_module_instrument; static void HonggfuzzRunOneInput(const uint8_t* buf, size_t len) { instrument8BitCountersClear(); - rmb(); int ret = LLVMFuzzerTestOneInput(buf, len); if (ret != 0) { LOG_D("Dereferenced: %s, %s", LIBHFUZZ_module_memorycmp, LIBHFUZZ_module_instrument); -- cgit v1.2.3 From b935ffe93fa3e46ca079d26801e13728caec8d50 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 20:25:04 +0100 Subject: shorten struct _dynfile_t to dynfile_t --- fuzz.c | 10 +++++----- honggfuzz.h | 14 ++++++++------ input.c | 58 ++++++++++++++++++++++++++-------------------------------- input.h | 2 +- 4 files changed, 40 insertions(+), 44 deletions(-) diff --git a/fuzz.c b/fuzz.c index 2a6250a1..47f6c173 100644 --- a/fuzz.c +++ b/fuzz.c @@ -127,7 +127,7 @@ static void fuzz_setDynamicMainState(run_t* run) { * dynamic corpus, so the dynamic phase doesn't fail because of lack of useful inputs */ if (run->global->io.dynfileqCnt == 0) { - struct dynfile_t dynfile = { + dynfile_t dynfile = { .size = 0, .cov = {}, .idx = 0, @@ -137,7 +137,7 @@ static void fuzz_setDynamicMainState(run_t* run) { .path = "[DYNAMIC-0-SIZE]", .data = (uint8_t*)"", }; - struct dynfile_t* tmp_dynfile = run->dynfile; + dynfile_t* tmp_dynfile = run->dynfile; run->dynfile = &dynfile; input_addDynamicInput(run); run->dynfile = tmp_dynfile; @@ -199,8 +199,8 @@ static void fuzz_perfFeedbackForMinimization(run_t* run) { run->dynfile->cov[0] = softCntEdge + softCntPc; /* The smaller input size, the better */ run->dynfile->cov[1] = run->dynfile->size ? (64 - util_Log2(run->dynfile->size)) : 64; - run->dynfile->cov[2] = cpuInstr + cpuBranch; - run->dynfile->cov[3] = softCntCmp; + run->dynfile->cov[2] = cpuInstr + cpuBranch + softCntCmp; + run->dynfile->cov[3] = 0; /* reserved for idx */ LOG_I("Corpus Minimization: len:%zu, cov:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, run->dynfile->size, run->dynfile->cov[0], run->dynfile->cov[1], run->dynfile->cov[2], @@ -519,7 +519,7 @@ static void* fuzz_threadNew(void* arg) { run_t run = { .global = hfuzz, .pid = 0, - .dynfile = (struct dynfile_t*)util_Malloc(sizeof(struct dynfile_t) + hfuzz->io.maxFileSz), + .dynfile = (dynfile_t*)util_Malloc(sizeof(dynfile_t) + hfuzz->io.maxFileSz), .fuzzNo = fuzzNo, .persistentSock = -1, .tmOutSignaled = false, diff --git a/honggfuzz.h b/honggfuzz.h index af36cf2b..f6976683 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -165,7 +165,7 @@ typedef enum { _HF_STATE_DYNAMIC_MINIMIZE, } fuzzState_t; -struct dynfile_t { +struct _dynfile_t { size_t size; uint64_t cov[4]; size_t idx; @@ -174,9 +174,11 @@ struct dynfile_t { uint64_t timeExecMillis; char path[PATH_MAX]; uint8_t* data; - TAILQ_ENTRY(dynfile_t) pointers; + TAILQ_ENTRY(_dynfile_t) pointers; }; +typedef struct _dynfile_t dynfile_t; + struct strings_t { size_t len; TAILQ_ENTRY(strings_t) pointers; @@ -226,9 +228,9 @@ typedef struct { size_t dynfileqMaxSz; size_t dynfileqCnt; pthread_rwlock_t dynfileq_mutex; - struct dynfile_t* dynfileqCurrent; - struct dynfile_t* dynfileq2Current; - TAILQ_HEAD(dyns_t, dynfile_t) dynfileq; + dynfile_t* dynfileqCurrent; + dynfile_t* dynfileq2Current; + TAILQ_HEAD(dyns_t, _dynfile_t) dynfileq; bool exportFeedback; } io; struct { @@ -364,7 +366,7 @@ typedef struct { char report[_HF_REPORT_SIZE]; bool mainWorker; unsigned mutationsPerRun; - struct dynfile_t* dynfile; + dynfile_t* dynfile; bool staticFileTryMore; uint32_t fuzzNo; int persistentSock; diff --git a/input.c b/input.c index cac9de88..aeefc6ce 100644 --- a/input.c +++ b/input.c @@ -323,8 +323,7 @@ bool input_parseBlacklist(honggfuzz_t* hfuzz) { return true; } -static void input_generateFileName( - struct dynfile_t* dynfile, const char* dir, char fname[PATH_MAX]) { +static void input_generateFileName(dynfile_t* dynfile, const char* dir, char fname[PATH_MAX]) { uint64_t crc64f = util_CRC64(dynfile->data, dynfile->size); uint64_t crc64r = util_CRC64Rev(dynfile->data, dynfile->size); if (dir) { @@ -336,9 +335,9 @@ static void input_generateFileName( } } -bool input_writeCovFile(run_t* run, const char* dir) { +bool input_writeCovFile(const char* dir, dynfile_t* dynfile) { char fname[PATH_MAX]; - input_generateFileName(run->dynfile, dir, fname); + input_generateFileName(dynfile, dir, fname); if (files_exists(fname)) { LOG_D("File '%s' already exists in the output corpus directory '%s'", fname, dir); @@ -347,9 +346,9 @@ bool input_writeCovFile(run_t* run, const char* dir) { LOG_D("Adding file '%s' to the corpus directory '%s'", fname, dir); - if (!files_writeBufToFile(fname, run->dynfile->data, run->dynfile->size, - O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC)) { - LOG_W("Couldn't write buffer to file '%s' (sz=%zu)", fname, run->dynfile->size); + if (!files_writeBufToFile( + fname, dynfile->data, dynfile->size, O_WRONLY | O_CREAT | O_EXCL | O_CLOEXEC)) { + LOG_W("Couldn't write buffer to file '%s' (sz=%zu)", fname, dynfile->size); return false; } @@ -357,7 +356,7 @@ bool input_writeCovFile(run_t* run, const char* dir) { } /* true if item1 is bigger than item2 */ -static bool input_cmpCov(struct dynfile_t* item1, struct dynfile_t* item2) { +static bool input_cmpCov(dynfile_t* item1, dynfile_t* item2) { for (size_t j = 0; j < ARRAYSIZE(item1->cov); j++) { if (item1->cov[j] > item2->cov[j]) { return true; @@ -376,7 +375,7 @@ static bool input_cmpCov(struct dynfile_t* item1, struct dynfile_t* item2) { void input_addDynamicInput(run_t* run) { ATOMIC_SET(run->global->timing.lastCovUpdate, time(NULL)); - struct dynfile_t* dynfile = (struct dynfile_t*)util_Malloc(sizeof(struct dynfile_t)); + dynfile_t* dynfile = (dynfile_t*)util_Malloc(sizeof(dynfile_t)); dynfile->size = run->dynfile->size; memcpy(dynfile->cov, run->dynfile->cov, sizeof(dynfile->cov)); dynfile->timeAddedMillis = util_timeNowMillis(); @@ -387,27 +386,22 @@ void input_addDynamicInput(run_t* run) { MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); - run->global->io.dynfileqCnt++; - dynfile->idx = run->global->io.dynfileqCnt; + dynfile->idx = ATOMIC_PRE_INC(run->global->io.dynfileqCnt); + dynfile->cov[3] = dynfile->idx; run->global->io.dynfileqMaxSz = HF_MAX(run->global->io.dynfileqMaxSz, dynfile->size); - if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MAIN) { - /* Add it with high idx */ - TAILQ_INSERT_HEAD(&run->global->io.dynfileq, dynfile, pointers); - } else { - /* Sort it by coverage - put better coverage earlier in the list */ - struct dynfile_t* iter = NULL; - TAILQ_FOREACH_HF(iter, &run->global->io.dynfileq, pointers) { - if (input_cmpCov(dynfile, iter)) { - TAILQ_INSERT_BEFORE(iter, dynfile, pointers); - break; - } - } - if (iter == NULL) { - TAILQ_INSERT_TAIL(&run->global->io.dynfileq, dynfile, pointers); + /* Sort it by coverage - put better coverage earlier in the list */ + dynfile_t* iter = NULL; + TAILQ_FOREACH_HF(iter, &run->global->io.dynfileq, pointers) { + if (input_cmpCov(dynfile, iter)) { + TAILQ_INSERT_BEFORE(iter, dynfile, pointers); + break; } } + if (iter == NULL) { + TAILQ_INSERT_TAIL(&run->global->io.dynfileq, dynfile, pointers); + } if (run->global->socketFuzzer.enabled) { /* Don't add coverage data to files in socketFuzzer mode */ @@ -416,7 +410,7 @@ void input_addDynamicInput(run_t* run) { const char* outDir = run->global->io.outputDir ? run->global->io.outputDir : run->global->io.inputDir; - if (!input_writeCovFile(run, outDir)) { + if (!input_writeCovFile(outDir, dynfile)) { LOG_E("Couldn't save the coverage data to '%s'", run->global->io.outputDir); } @@ -425,9 +419,9 @@ void input_addDynamicInput(run_t* run) { return; } - run->global->io.newUnitsAdded++; + ATOMIC_POST_INC(run->global->io.newUnitsAdded); - if (run->global->io.covDirNew && !input_writeCovFile(run, run->global->io.covDirNew)) { + if (run->global->io.covDirNew && !input_writeCovFile(run->global->io.covDirNew, run->dynfile)) { LOG_E("Couldn't save the new coverage data to '%s'", run->global->io.covDirNew); } } @@ -435,7 +429,7 @@ void input_addDynamicInput(run_t* run) { bool input_inDynamicCorpus(run_t* run, const char* fname) { MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); - struct dynfile_t* iter = NULL; + dynfile_t* iter = NULL; TAILQ_FOREACH_HF(iter, &run->global->io.dynfileq, pointers) { if (strncmp(iter->path, fname, PATH_MAX) == 0) { return true; @@ -444,7 +438,7 @@ bool input_inDynamicCorpus(run_t* run, const char* fname) { return false; } -static inline unsigned input_slowFactor(run_t* run, struct dynfile_t* current) { +static inline unsigned input_slowFactor(run_t* run, dynfile_t* current) { uint64_t msec_per_run = ((uint64_t)(time(NULL) - run->global->timing.timeStart) * 1000); msec_per_run /= ATOMIC_GET(run->global->cnts.mutationsCnt); msec_per_run /= run->global->threads.threadsMax; @@ -455,7 +449,7 @@ static inline unsigned input_slowFactor(run_t* run, struct dynfile_t* current) { } bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { - struct dynfile_t* current = NULL; + dynfile_t* current = NULL; if (ATOMIC_GET(run->global->io.dynfileqCnt) == 0) { LOG_F("The dynamic file corpus is empty. This shouldn't happen"); @@ -494,7 +488,7 @@ size_t input_getRandomInputAsBuf(run_t* run, const uint8_t** buf) { return 0; } - struct dynfile_t* current = NULL; + dynfile_t* current = NULL; { MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); diff --git a/input.h b/input.h index 6ee59c46..cb140a66 100644 --- a/input.h +++ b/input.h @@ -35,7 +35,7 @@ extern bool input_init(honggfuzz_t* hfuzz); extern bool input_parseDictionary(honggfuzz_t* hfuzz); extern void input_freeDictionary(honggfuzz_t* hfuzz); extern bool input_parseBlacklist(honggfuzz_t* hfuzz); -extern bool input_writeCovFile(run_t* run, const char* dir); +extern bool input_writeCovFile(const char* dir, dynfile_t* dynfile); extern void input_addDynamicInput(run_t* run); extern bool input_inDynamicCorpus(run_t* run, const char* fname); extern void input_renumerateInputs(honggfuzz_t* hfuzz); -- cgit v1.2.3 From 57b43272426fe86fae32f64a4ba5b6d0274969e6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 21:23:31 +0100 Subject: fuzz: simplified minimization #2 --- fuzz.c | 47 ++--------------------------------------------- input.c | 33 --------------------------------- 2 files changed, 2 insertions(+), 78 deletions(-) diff --git a/fuzz.c b/fuzz.c index 47f6c173..cf15a443 100644 --- a/fuzz.c +++ b/fuzz.c @@ -186,44 +186,6 @@ static void fuzz_minimizeRemoveFiles(run_t* run) { LOG_I("Corpus minimization done"); } -static void fuzz_perfFeedbackForMinimization(run_t* run) { - uint64_t softCntPc = - ATOMIC_GET(run->global->feedback.covFeedbackMap->pidFeedbackPc[run->fuzzNo]); - uint64_t softCntEdge = - ATOMIC_GET(run->global->feedback.covFeedbackMap->pidFeedbackEdge[run->fuzzNo]); - uint64_t softCntCmp = - ATOMIC_GET(run->global->feedback.covFeedbackMap->pidFeedbackCmp[run->fuzzNo]); - uint64_t cpuInstr = run->linux.hwCnts.cpuInstrCnt; - uint64_t cpuBranch = run->linux.hwCnts.cpuBranchCnt; - - run->dynfile->cov[0] = softCntEdge + softCntPc; - /* The smaller input size, the better */ - run->dynfile->cov[1] = run->dynfile->size ? (64 - util_Log2(run->dynfile->size)) : 64; - run->dynfile->cov[2] = cpuInstr + cpuBranch + softCntCmp; - run->dynfile->cov[3] = 0; /* reserved for idx */ - - LOG_I("Corpus Minimization: len:%zu, cov:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, - run->dynfile->size, run->dynfile->cov[0], run->dynfile->cov[1], run->dynfile->cov[2], - run->dynfile->cov[3]); - - input_addDynamicInput(run); - - ATOMIC_SET(run->global->feedback.covFeedbackMap->pidFeedbackPc[run->fuzzNo], 0); - memset(run->global->feedback.covFeedbackMap->bbMapPc, '\0', - sizeof(run->global->feedback.covFeedbackMap->bbMapPc)); - - ATOMIC_SET(run->global->feedback.covFeedbackMap->pidFeedbackEdge[run->fuzzNo], 0); - memset(run->global->feedback.covFeedbackMap->pcGuardMap, '\0', - sizeof(run->global->feedback.covFeedbackMap->pcGuardMap)); - - ATOMIC_SET(run->global->feedback.covFeedbackMap->pidFeedbackCmp[run->fuzzNo], 0); - memset(run->global->feedback.covFeedbackMap->bbMapCmp, '\0', - sizeof(run->global->feedback.covFeedbackMap->bbMapCmp)); - - memset(&run->global->linux.hwCnts, '\0', sizeof(run->global->linux.hwCnts)); - wmb(); -} - static void fuzz_perfFeedback(run_t* run) { if (run->global->feedback.skipFeedbackOnTimeout && run->tmOutSignaled) { return; @@ -234,11 +196,6 @@ static void fuzz_perfFeedback(run_t* run) { wmb(); }; - if (run->global->cfg.minimize && fuzz_getState(run->global) == _HF_STATE_DYNAMIC_DRY_RUN) { - fuzz_perfFeedbackForMinimization(run); - return; - } - uint64_t softCntPc = ATOMIC_GET(run->global->feedback.covFeedbackMap->pidFeedbackPc[run->fuzzNo]); ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidFeedbackPc[run->fuzzNo]); @@ -367,7 +324,8 @@ static bool fuzz_fetchInput(run_t* run) { } if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { - return input_prepareDynamicFileForMinimization(run); + fuzz_minimizeRemoveFiles(run); + return false; } if (fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MAIN) { @@ -438,7 +396,6 @@ static void fuzz_fuzzLoop(run_t* run) { if (!fuzz_fetchInput(run)) { if (run->global->cfg.minimize && fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { - fuzz_minimizeRemoveFiles(run); fuzz_setTerminating(); return; } diff --git a/input.c b/input.c index aeefc6ce..761ae7c0 100644 --- a/input.c +++ b/input.c @@ -632,36 +632,3 @@ bool input_postProcessFile(run_t* run, const char* cmd) { input_setSize(run, (size_t)sz); return true; } - -bool input_prepareDynamicFileForMinimization(run_t* run) { - MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); - - if (run->global->io.dynfileqCnt == 0) { - LOG_F("The dynamic file corpus is empty (for minimization). This shouldn't happen"); - } - - if (run->global->io.dynfileqCurrent == NULL) { - run->global->io.dynfileqCurrent = TAILQ_FIRST(&run->global->io.dynfileq); - } else { - run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); - } - if (run->global->io.dynfileqCurrent == NULL) { - return false; - } - - input_setSize(run, run->global->io.dynfileqCurrent->size); - memcpy(run->dynfile->cov, run->global->io.dynfileqCurrent->cov, sizeof(run->dynfile->cov)); - run->dynfile->idx = run->global->io.dynfileqCurrent->idx; - run->dynfile->timeAddedMillis = util_timeNowMillis(); - run->dynfile->timeExecMillis = run->global->io.dynfileqCurrent->timeExecMillis; - snprintf(run->dynfile->path, sizeof(run->dynfile->path), "%s", - run->global->io.dynfileqCurrent->path); - memcpy(run->dynfile->data, run->global->io.dynfileqCurrent->data, - run->global->io.dynfileqCurrent->size); - - LOG_D("Cov: %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, - run->global->io.dynfileqCurrent->cov[0], run->global->io.dynfileqCurrent->cov[1], - run->global->io.dynfileqCurrent->cov[2], run->global->io.dynfileqCurrent->cov[3]); - - return true; -} -- cgit v1.2.3 From 197aab7b7ef6a40d9bb72dd015a8c925ac7830f8 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 21:24:49 +0100 Subject: fuzz: simplified minimization #3 --- input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/input.c b/input.c index 761ae7c0..3f555561 100644 --- a/input.c +++ b/input.c @@ -505,7 +505,7 @@ size_t input_getRandomInputAsBuf(run_t* run, const uint8_t** buf) { } static bool input_shouldReadNewFile(run_t* run) { - if (fuzz_getState(run->global) != _HF_STATE_DYNAMIC_DRY_RUN || run->global->cfg.minimize) { + if (fuzz_getState(run->global) != _HF_STATE_DYNAMIC_DRY_RUN) { input_setSize(run, run->global->mutate.maxInputSz); return true; } -- cgit v1.2.3 From f425842bab96f18159bdcf9dda4bc2b46cf66c84 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 21:37:01 +0100 Subject: remove timeAddedMillis from dynfile_t --- fuzz.c | 1 - honggfuzz.h | 1 - input.c | 7 ++++--- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/fuzz.c b/fuzz.c index cf15a443..83cbf871 100644 --- a/fuzz.c +++ b/fuzz.c @@ -132,7 +132,6 @@ static void fuzz_setDynamicMainState(run_t* run) { .cov = {}, .idx = 0, .fd = -1, - .timeAddedMillis = util_timeNowMillis(), .timeExecMillis = 1, .path = "[DYNAMIC-0-SIZE]", .data = (uint8_t*)"", diff --git a/honggfuzz.h b/honggfuzz.h index f6976683..96f8e1df 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -170,7 +170,6 @@ struct _dynfile_t { uint64_t cov[4]; size_t idx; int fd; - int64_t timeAddedMillis; uint64_t timeExecMillis; char path[PATH_MAX]; uint8_t* data; diff --git a/input.c b/input.c index 3f555561..9c115572 100644 --- a/input.c +++ b/input.c @@ -378,8 +378,7 @@ void input_addDynamicInput(run_t* run) { dynfile_t* dynfile = (dynfile_t*)util_Malloc(sizeof(dynfile_t)); dynfile->size = run->dynfile->size; memcpy(dynfile->cov, run->dynfile->cov, sizeof(dynfile->cov)); - dynfile->timeAddedMillis = util_timeNowMillis(); - dynfile->timeExecMillis = util_timeNowMillis() - run->dynfile->timeAddedMillis; + dynfile->timeExecMillis = util_timeNowMillis() - run->timeStartedMillis; input_generateFileName(run->dynfile, NULL, dynfile->path); dynfile->data = (uint8_t*)util_Malloc(run->dynfile->size); memcpy(dynfile->data, run->dynfile->data, run->dynfile->size); @@ -469,7 +468,6 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { input_setSize(run, current->size); memcpy(run->dynfile->cov, current->cov, sizeof(run->dynfile->cov)); run->dynfile->idx = current->idx; - run->dynfile->timeAddedMillis = util_timeNowMillis(); run->dynfile->timeExecMillis = current->timeExecMillis; snprintf(run->dynfile->path, sizeof(run->dynfile->path), "%s", current->path); memcpy(run->dynfile->data, current->data, current->size); @@ -630,5 +628,8 @@ bool input_postProcessFile(run_t* run, const char* cmd) { } input_setSize(run, (size_t)sz); + memset(run->dynfile->cov, '\0', sizeof(run->dynfile->cov)); + run->dynfile->idx = 0; + return true; } -- cgit v1.2.3 From 76df3718e1f392e422480e0f7dce6af2a8091326 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 21:44:22 +0100 Subject: fuzz: print execution time per added input --- fuzz.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/fuzz.c b/fuzz.c index 83cbf871..f3c7f113 100644 --- a/fuzz.c +++ b/fuzz.c @@ -222,10 +222,11 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.softCntEdge += softCntEdge; run->global->linux.hwCnts.softCntCmp += softCntCmp; - LOG_I("Size:%zu (i,b,hw,ed,ip,cmp): %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 - "/%" PRIu64 "/%" PRIu64 ", Tot:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 - "/%" PRIu64 "/%" PRIu64, - run->dynfile->size, run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, + LOG_I("Size:%zu Time:%" PRIu64 "ms (i/b/h/e/p/c): %" PRIu64 "/%" PRIu64 "/%" PRIu64 + "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 ", Tot:%" PRIu64 "/%" PRIu64 "/%" PRIu64 + "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, + run->dynfile->size, util_timeNowMillis() - run->timeStartedMillis, + run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, softCntCmp, run->global->linux.hwCnts.cpuInstrCnt, run->global->linux.hwCnts.cpuBranchCnt, run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, -- cgit v1.2.3 From 9cc1dbaab45b45877e13a4fce6767b8d53a50522 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 22:54:32 +0100 Subject: input: skip static files which are already in the dynamic corpus --- input.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/input.c b/input.c index 9c115572..5db7accc 100644 --- a/input.c +++ b/input.c @@ -529,8 +529,14 @@ static bool input_shouldReadNewFile(run_t* run) { bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { if (input_shouldReadNewFile(run)) { - if (!input_getNext(run, run->dynfile->path, /* rewind= */ rewind)) { - return false; + for (;;) { + if (!input_getNext(run, run->dynfile->path, /* rewind= */ rewind)) { + return false; + } + if (needs_mangle || !input_inDynamicCorpus(run, run->dynfile->path)) { + LOG_D("Skipping '%s' as it's already in the dynamic corpus", run->dynfile->path); + break; + } } run->global->io.testedFileCnt++; } -- cgit v1.2.3 From 50f4321d4f8291be6e7d636cb253d5e7d1abf4b7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 23:06:42 +0100 Subject: input: write correct file to the covdir_new --- input.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/input.c b/input.c index 5db7accc..a8970552 100644 --- a/input.c +++ b/input.c @@ -379,9 +379,9 @@ void input_addDynamicInput(run_t* run) { dynfile->size = run->dynfile->size; memcpy(dynfile->cov, run->dynfile->cov, sizeof(dynfile->cov)); dynfile->timeExecMillis = util_timeNowMillis() - run->timeStartedMillis; - input_generateFileName(run->dynfile, NULL, dynfile->path); dynfile->data = (uint8_t*)util_Malloc(run->dynfile->size); memcpy(dynfile->data, run->dynfile->data, run->dynfile->size); + input_generateFileName(dynfile, NULL, dynfile->path); MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); @@ -420,7 +420,7 @@ void input_addDynamicInput(run_t* run) { ATOMIC_POST_INC(run->global->io.newUnitsAdded); - if (run->global->io.covDirNew && !input_writeCovFile(run->global->io.covDirNew, run->dynfile)) { + if (run->global->io.covDirNew && !input_writeCovFile(run->global->io.covDirNew, dynfile)) { LOG_E("Couldn't save the new coverage data to '%s'", run->global->io.covDirNew); } } -- cgit v1.2.3 From 352aec756d89200d228395f4214cc05007a7d031 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 23:25:55 +0100 Subject: mangle: use more 'Shrink's --- mangle.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/mangle.c b/mangle.c index 5fd8af92..3ed43e69 100644 --- a/mangle.c +++ b/mangle.c @@ -782,21 +782,31 @@ static void mangle_Resize(run_t* run, bool printable) { input_setSize(run, (size_t)newsz); if (newsz > oldsz) { if (printable) { - memset(&run->dynfile->data[oldsz], 'A', newsz - oldsz); + memset(&run->dynfile->data[oldsz], ' ', newsz - oldsz); } } } void mangle_mangleContent(run_t* run, unsigned slow_factor) { static void (*const mangleFuncs[])(run_t * run, bool printable) = { + /* Every *Insert or Expand expands file, so add one Shrink for each */ + mangle_Shrink, + mangle_Shrink, + mangle_Shrink, + mangle_Shrink, + mangle_Shrink, + mangle_Shrink, + mangle_Shrink, + mangle_Shrink, + mangle_Shrink, + mangle_Shrink, + mangle_Expand, mangle_Bit, mangle_IncByte, mangle_DecByte, mangle_NegByte, mangle_AddSub, mangle_MemSet, - mangle_Expand, - mangle_Shrink, mangle_MemCopyOverwrite, mangle_MemCopyInsert, mangle_BytesOverwrite, -- cgit v1.2.3 From 65d4c749abdeaca0e601fb902d6ddb336b3064b1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 23:28:03 +0100 Subject: mangle: update slowness factors --- mangle.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mangle.c b/mangle.c index 3ed43e69..cffe4501 100644 --- a/mangle.c +++ b/mangle.c @@ -836,16 +836,16 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { } uint64_t changesCnt = run->global->mutate.mutationsPerRun; - /* Give it a good shake-up if it's a slow input */ + /* Give it a good shake-up, if it's a slow input */ switch (slow_factor) { - case 0 ... 2: + case 0 ... 5: changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); break; - case 3 ... 4: + case 6 ... 10: changesCnt = (run->global->mutate.mutationsPerRun > 5) ? run->global->mutate.mutationsPerRun : 5; break; - case 5 ... 10: + case 11 ... 15: changesCnt = (run->global->mutate.mutationsPerRun > 10) ? run->global->mutate.mutationsPerRun : 10; -- cgit v1.2.3 From 5b7d6f0d0e747d47c24e5e37ec4d4ac537e0ce1e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 25 Mar 2020 23:39:14 +0100 Subject: mangle: lower size of chunks to copy in Splice --- mangle.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/mangle.c b/mangle.c index cffe4501..4e0b4639 100644 --- a/mangle.c +++ b/mangle.c @@ -725,9 +725,9 @@ static void mangle_SpliceOverwrite(run_t* run, bool printable) { } size_t remoteOff = util_rndGet(0, sz - 1); - size_t remoteLen = util_rndGet(1, sz - remoteOff); - size_t off = mangle_getOffSet(run); - mangle_Overwrite(run, off, &buf[remoteOff], remoteLen, printable); + size_t localOff = mangle_getOffSet(run); + size_t len = mangle_getLen(HF_MIN(sz - remoteOff, run->dynfile->size - localOff)); + mangle_Overwrite(run, localOff, &buf[remoteOff], len, printable); } static void mangle_SpliceInsert(run_t* run, bool printable) { @@ -739,9 +739,9 @@ static void mangle_SpliceInsert(run_t* run, bool printable) { } size_t remoteOff = util_rndGet(0, sz - 1); - size_t remoteLen = mangle_getLen(sz - remoteOff); - size_t off = mangle_getOffSet(run); - mangle_Insert(run, off, &buf[remoteOff], remoteLen, printable); + size_t localOff = mangle_getOffSet(run); + size_t len = mangle_getLen(HF_MIN(sz - remoteOff, run->dynfile->size - localOff)); + mangle_Insert(run, localOff, &buf[remoteOff], len, printable); } static void mangle_Resize(run_t* run, bool printable) { -- cgit v1.2.3 From 8150d567193489fd139d9fe45b5af4f5421bef6a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 26 Mar 2020 00:32:16 +0100 Subject: input: start reading statc files at 4 bytes --- input.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/input.c b/input.c index a8970552..9dc546a3 100644 --- a/input.c +++ b/input.c @@ -510,8 +510,8 @@ static bool input_shouldReadNewFile(run_t* run) { if (!run->staticFileTryMore) { run->staticFileTryMore = true; - /* Start with a 8kB beginning of a file, increase the size in following iterations */ - input_setSize(run, HF_MIN(1024U, run->global->mutate.maxInputSz)); + /* Start with 4 bytes, increase the size in following iterations */ + input_setSize(run, HF_MIN(4U, run->global->mutate.maxInputSz)); return true; } -- cgit v1.2.3 From 8b332525fb5996ce842cf3ad7345b3dd2e137aff Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 26 Mar 2020 01:34:12 +0100 Subject: mangle: rework mutations, add limit of 512B for certain operations --- mangle.c | 63 +++++++++++++++++++++++++++++++++++---------------------------- 1 file changed, 35 insertions(+), 28 deletions(-) diff --git a/mangle.c b/mangle.c index 4e0b4639..469b1ded 100644 --- a/mangle.c +++ b/mangle.c @@ -39,11 +39,24 @@ #include "libhfcommon/log.h" #include "libhfcommon/util.h" +/* Maximum reasonable block size for many types of mutations (but not for all) */ +#define HF_MAX_LEN_BLOCK 512U + +static inline size_t mangle_LenLeft(run_t* run, size_t off) { + if (off >= run->dynfile->size) { + LOG_F("Offset is too large: off:%zu >= len:%zu", off, run->dynfile->size); + } + return (run->dynfile->size - off - 1); +} + /* Get a random value between <1:max> with x^2 distribution */ static inline size_t mangle_getLen(size_t max) { if (max > _HF_INPUT_MAX_SIZE) { LOG_F("max (%zu) > _HF_INPUT_MAX_SIZE (%zu)", max, (size_t)_HF_INPUT_MAX_SIZE); } + if (max == 0) { + LOG_F("max == 0"); + } if (max == 1) { return 1; } @@ -79,15 +92,11 @@ static inline void mangle_Move(run_t* run, size_t off_from, size_t off_to, size_ return; } - ssize_t len_from = (ssize_t)run->dynfile->size - off_from - 1; - ssize_t len_to = (ssize_t)run->dynfile->size - off_to - 1; + size_t len_from = run->dynfile->size - off_from; + len = HF_MIN(len, len_from); - if ((ssize_t)len > len_from) { - len = len_from; - } - if ((ssize_t)len > len_to) { - len = len_to; - } + size_t len_to = run->dynfile->size - off_to; + len = HF_MIN(len, len_to); memmove(&run->dynfile->data[off_to], &run->dynfile->data[off_from], len); } @@ -134,7 +143,7 @@ static inline void mangle_Insert( static void mangle_MemCopyOverwrite(run_t* run, bool printable HF_ATTR_UNUSED) { size_t off_from = mangle_getOffSet(run); size_t off_to = mangle_getOffSet(run); - size_t len = mangle_getLen(run->dynfile->size - off_from); + size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, run->dynfile->size - off_from)); mangle_Overwrite(run, off_to, &run->dynfile->data[off_from], len, printable); } @@ -142,7 +151,7 @@ static void mangle_MemCopyOverwrite(run_t* run, bool printable HF_ATTR_UNUSED) { static void mangle_MemCopyInsert(run_t* run, bool printable) { size_t off_to = mangle_getOffSet(run); size_t off_from = mangle_getOffSet(run); - size_t len = mangle_getLen(run->dynfile->size - off_from); + size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, run->dynfile->size - off_from)); mangle_Insert(run, off_to, &run->dynfile->data[off_from], len, printable); } @@ -187,7 +196,7 @@ static void mangle_ByteRepeatOverwrite(run_t* run, bool printable) { return; } - size_t len = mangle_getLen(maxSz); + size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, maxSz)); memset(&run->dynfile->data[destOff], run->dynfile->data[off], len); } @@ -202,7 +211,7 @@ static void mangle_ByteRepeatInsert(run_t* run, bool printable) { return; } - size_t len = mangle_getLen(maxSz); + size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, maxSz)); len = mangle_Inflate(run, destOff, len, printable); memset(&run->dynfile->data[destOff], run->dynfile->data[off], len); } @@ -529,21 +538,17 @@ static void mangle_ConstFeedbackOverwrite(run_t* run, bool printable) { mangle_Overwrite(run, off, val, len, printable); } -static inline void mangle_MemSetWithVal(run_t* run, int val) { +static void mangle_MemSet(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - size_t len = mangle_getLen(run->dynfile->size - off); + size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, run->dynfile->size - off)); + int val = printable ? (int)util_rndPrintable() : (int)util_rndGet(0, UINT8_MAX); memset(&run->dynfile->data[off], val, len); } -static void mangle_MemSet(run_t* run, bool printable) { - mangle_MemSetWithVal( - run, printable ? (int)util_rndPrintable() : (int)util_rndGet(0, UINT8_MAX)); -} - static void mangle_RandomOverwrite(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - size_t len = mangle_getLen(run->dynfile->size - off); + size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, run->dynfile->size - off)); if (printable) { util_rndBufPrintable(&run->dynfile->data[off], len); } else { @@ -553,7 +558,7 @@ static void mangle_RandomOverwrite(run_t* run, bool printable) { static void mangle_RandomInsert(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - size_t len = mangle_getLen(run->dynfile->size - off); + size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, run->dynfile->size - off)); len = mangle_Inflate(run, off, len, printable); @@ -680,21 +685,23 @@ static void mangle_NegByte(run_t* run, bool printable) { static void mangle_Expand(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - size_t len = mangle_getLen(run->dynfile->size - off); + size_t len = mangle_getLen(run->global->mutate.maxInputSz - off); mangle_Inflate(run, off, len, printable); } static void mangle_Shrink(run_t* run, bool printable HF_ATTR_UNUSED) { - if (run->dynfile->size <= 1U) { + if (run->dynfile->size <= 2U) { return; } size_t off_start = mangle_getOffSet(run); - size_t off_end = util_rndGet(0, off_start); + size_t len = mangle_LenLeft(run, off_start); + size_t off_end = off_start + len; + size_t len_to_move = run->dynfile->size - off_end; - mangle_Move(run, off_start, off_end, run->dynfile->size - off_start); - input_setSize(run, run->dynfile->size - (off_start - off_end)); + mangle_Move(run, off_end, off_start, len_to_move); + input_setSize(run, run->dynfile->size - len); } static void mangle_ASCIINumOverwrite(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); @@ -724,7 +731,7 @@ static void mangle_SpliceOverwrite(run_t* run, bool printable) { return; } - size_t remoteOff = util_rndGet(0, sz - 1); + size_t remoteOff = mangle_getLen(sz) - 1; size_t localOff = mangle_getOffSet(run); size_t len = mangle_getLen(HF_MIN(sz - remoteOff, run->dynfile->size - localOff)); mangle_Overwrite(run, localOff, &buf[remoteOff], len, printable); @@ -738,7 +745,7 @@ static void mangle_SpliceInsert(run_t* run, bool printable) { return; } - size_t remoteOff = util_rndGet(0, sz - 1); + size_t remoteOff = mangle_getLen(sz) - 1; size_t localOff = mangle_getOffSet(run); size_t len = mangle_getLen(HF_MIN(sz - remoteOff, run->dynfile->size - localOff)); mangle_Insert(run, localOff, &buf[remoteOff], len, printable); -- cgit v1.2.3 From 9c57375535f0f6753e82b166f15a34e5c417de3a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 26 Mar 2020 02:50:21 +0100 Subject: mangle: use HF_MAX whenever possible --- mangle.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/mangle.c b/mangle.c index 469b1ded..ce8193a2 100644 --- a/mangle.c +++ b/mangle.c @@ -849,18 +849,13 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); break; case 6 ... 10: - changesCnt = - (run->global->mutate.mutationsPerRun > 5) ? run->global->mutate.mutationsPerRun : 5; + changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 5); break; case 11 ... 15: - changesCnt = (run->global->mutate.mutationsPerRun > 10) - ? run->global->mutate.mutationsPerRun - : 10; + changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 10); break; default: - changesCnt = (run->global->mutate.mutationsPerRun > 20) - ? run->global->mutate.mutationsPerRun - : 20; + changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 20); break; } -- cgit v1.2.3 From 5f5ed6bdb1c1dd61edbd759eb54764a13aaa4941 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 26 Mar 2020 03:12:05 +0100 Subject: mangle: remove so many Shrink's --- mangle.c | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/mangle.c b/mangle.c index ce8193a2..8e76b624 100644 --- a/mangle.c +++ b/mangle.c @@ -685,7 +685,12 @@ static void mangle_NegByte(run_t* run, bool printable) { static void mangle_Expand(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - size_t len = mangle_getLen(run->global->mutate.maxInputSz - off); + size_t len; + if (util_rnd64() % 16) { + len = mangle_getLen(HF_MIN(16, run->global->mutate.maxInputSz - off)); + } else { + len = mangle_getLen(run->global->mutate.maxInputSz - off); + } mangle_Inflate(run, off, len, printable); } @@ -697,6 +702,14 @@ static void mangle_Shrink(run_t* run, bool printable HF_ATTR_UNUSED) { size_t off_start = mangle_getOffSet(run); size_t len = mangle_LenLeft(run, off_start); + if (len == 0) { + return; + } + if (util_rnd64() % 16) { + len = mangle_getLen(HF_MIN(16, len)); + } else { + len = mangle_getLen(len); + } size_t off_end = off_start + len; size_t len_to_move = run->dynfile->size - off_end; @@ -798,15 +811,6 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { static void (*const mangleFuncs[])(run_t * run, bool printable) = { /* Every *Insert or Expand expands file, so add one Shrink for each */ mangle_Shrink, - mangle_Shrink, - mangle_Shrink, - mangle_Shrink, - mangle_Shrink, - mangle_Shrink, - mangle_Shrink, - mangle_Shrink, - mangle_Shrink, - mangle_Shrink, mangle_Expand, mangle_Bit, mangle_IncByte, @@ -837,7 +841,6 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { if (run->mutationsPerRun == 0U) { return; } - if (run->dynfile->size == 0U) { mangle_Resize(run, /* printable= */ run->global->cfg.only_printable); } @@ -851,11 +854,11 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { case 6 ... 10: changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 5); break; - case 11 ... 15: + case 11 ... 20: changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 10); break; default: - changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 20); + changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 30); break; } -- cgit v1.2.3 From 613915a1924718345ebf7fffc0e3217342e3b039 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 26 Mar 2020 03:41:09 +0100 Subject: mangle: enable splicing if no new coverage was found for the last 1sec --- mangle.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/mangle.c b/mangle.c index 8e76b624..f93d6c30 100644 --- a/mangle.c +++ b/mangle.c @@ -858,10 +858,23 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 10); break; default: - changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 30); + changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 15); break; } + if ((util_timeNowMillis() - ATOMIC_GET(run->global->timing.lastCovUpdate)) > 1000) { + switch (util_rnd64() % 3) { + case 0: + mangle_SpliceOverwrite(run, run->global->cfg.only_printable); + break; + case 1: + mangle_SpliceInsert(run, run->global->cfg.only_printable); + break; + default: + break; + } + } + for (uint64_t x = 0; x < changesCnt; x++) { uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleFuncs) - 1); mangleFuncs[choice](run, /* printable= */ run->global->cfg.only_printable); -- cgit v1.2.3 From b4aad747d6b78c0c24ceba4dac664aa9ca38ec22 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 26 Mar 2020 11:18:36 +0100 Subject: libhfcommon/log: call global vars in a more unique way --- libhfcommon/log.c | 56 +++++++++++++++++++++++++++---------------------------- libhfcommon/log.h | 18 +++++++++--------- 2 files changed, 37 insertions(+), 37 deletions(-) diff --git a/libhfcommon/log.c b/libhfcommon/log.c index 5f2c8e85..7cdb1201 100644 --- a/libhfcommon/log.c +++ b/libhfcommon/log.c @@ -48,17 +48,17 @@ #define __hf_pid() getpid() #endif -static int log_fd = STDERR_FILENO; -static bool log_fd_isatty = false; -enum llevel_t log_level = INFO; +static int hf_log_fd = STDERR_FILENO; +static bool hf_log_fd_isatty = false; +enum llevel_t hf_log_level = INFO; static pthread_mutex_t log_mutex = PTHREAD_MUTEX_INITIALIZER; __attribute__((constructor)) static void log_init(void) { - log_fd = fcntl(log_fd, F_DUPFD_CLOEXEC, 0); - if (log_fd == -1) { - log_fd = STDERR_FILENO; + hf_log_fd = fcntl(hf_log_fd, F_DUPFD_CLOEXEC, 0); + if (hf_log_fd == -1) { + hf_log_fd = STDERR_FILENO; } - log_fd_isatty = isatty(log_fd); + hf_log_fd_isatty = isatty(hf_log_fd); } /* @@ -66,20 +66,20 @@ __attribute__((constructor)) static void log_init(void) { * connection socket with fd (0, 1, 2). */ void logInitLogFile(const char* logfile, int fd, enum llevel_t ll) { - log_level = ll; + hf_log_level = ll; if (logfile) { - log_fd = TEMP_FAILURE_RETRY(open(logfile, O_CREAT | O_RDWR | O_TRUNC, 0640)); - if (log_fd == -1) { - log_fd = STDERR_FILENO; + hf_log_fd = TEMP_FAILURE_RETRY(open(logfile, O_CREAT | O_RDWR | O_TRUNC, 0640)); + if (hf_log_fd == -1) { + hf_log_fd = STDERR_FILENO; PLOG_E("Couldn't open logfile open('%s')", logfile); } } if (fd != -1) { - log_fd = fd; + hf_log_fd = fd; } - log_fd_isatty = (isatty(log_fd) == 1 ? true : false); + hf_log_fd_isatty = (isatty(hf_log_fd) == 1 ? true : false); } void logLog(enum llevel_t ll, const char* fn, int ln, bool perr, const char* fmt, ...) { @@ -116,28 +116,28 @@ void logLog(enum llevel_t ll, const char* fn, int ln, bool perr, const char* fmt { MX_LOCK(&log_mutex); - if (log_fd_isatty) { - dprintf(log_fd, "%s", logLevels[ll].prefix); + if (hf_log_fd_isatty) { + dprintf(hf_log_fd, "%s", logLevels[ll].prefix); } if (logLevels[ll].print_time) { - dprintf(log_fd, "[%s][%s][%d] ", timestr, logLevels[ll].descr, __hf_pid()); + dprintf(hf_log_fd, "[%s][%s][%d] ", timestr, logLevels[ll].descr, __hf_pid()); } if (logLevels[ll].print_funcline) { - dprintf(log_fd, "%s():%d ", fn, ln); + dprintf(hf_log_fd, "%s():%d ", fn, ln); } va_list args; va_start(args, fmt); - vdprintf(log_fd, fmt, args); + vdprintf(hf_log_fd, fmt, args); va_end(args); if (perr == true) { - dprintf(log_fd, ": %s", strerr); + dprintf(hf_log_fd, ": %s", strerr); } - if (log_fd_isatty) { - dprintf(log_fd, "\033[0m"); + if (hf_log_fd_isatty) { + dprintf(hf_log_fd, "\033[0m"); } - dprintf(log_fd, "\n"); + dprintf(hf_log_fd, "\n"); MX_UNLOCK(&log_mutex); } @@ -154,12 +154,12 @@ void logStop(int sig) { } void logRedirectLogFD(int fd) { - log_fd = fd; - log_fd_isatty = isatty(log_fd); + hf_log_fd = fd; + hf_log_fd_isatty = isatty(hf_log_fd); } void logDirectlyToFD(const char* msg) { - dprintf(log_fd, "%s", msg); + dprintf(hf_log_fd, "%s", msg); } pthread_mutex_t* logMutexGet(void) { @@ -171,13 +171,13 @@ void logMutexReset(void) { } bool logIsTTY(void) { - return log_fd_isatty; + return hf_log_fd_isatty; } int logFd(void) { - return log_fd; + return hf_log_fd; } enum llevel_t logGetLevel(void) { - return log_level; + return hf_log_level; } diff --git a/libhfcommon/log.h b/libhfcommon/log.h index c7bb0a21..fd73c830 100644 --- a/libhfcommon/log.h +++ b/libhfcommon/log.h @@ -28,25 +28,25 @@ enum llevel_t { FATAL = 0, ERROR, WARNING, INFO, DEBUG, HELP, HELP_BOLD }; -extern enum llevel_t log_level; +extern enum llevel_t hf_log_level; #define LOG_HELP(...) logLog(HELP, __FUNCTION__, __LINE__, false, __VA_ARGS__); #define LOG_HELP_BOLD(...) logLog(HELP_BOLD, __FUNCTION__, __LINE__, false, __VA_ARGS__); #define LOG_D(...) \ - if (log_level >= DEBUG) { \ + if (hf_log_level >= DEBUG) { \ logLog(DEBUG, __FUNCTION__, __LINE__, false, __VA_ARGS__); \ } #define LOG_I(...) \ - if (log_level >= INFO) { \ + if (hf_log_level >= INFO) { \ logLog(INFO, __FUNCTION__, __LINE__, false, __VA_ARGS__); \ } #define LOG_W(...) \ - if (log_level >= WARNING) { \ + if (hf_log_level >= WARNING) { \ logLog(WARNING, __FUNCTION__, __LINE__, false, __VA_ARGS__); \ } #define LOG_E(...) \ - if (log_level >= ERROR) { \ + if (hf_log_level >= ERROR) { \ logLog(ERROR, __FUNCTION__, __LINE__, false, __VA_ARGS__); \ } #define LOG_F(...) \ @@ -54,19 +54,19 @@ extern enum llevel_t log_level; exit(EXIT_FAILURE); #define PLOG_D(...) \ - if (log_level >= DEBUG) { \ + if (hf_log_level >= DEBUG) { \ logLog(DEBUG, __FUNCTION__, __LINE__, true, __VA_ARGS__); \ } #define PLOG_I(...) \ - if (log_level >= INFO) { \ + if (hf_log_level >= INFO) { \ logLog(INFO, __FUNCTION__, __LINE__, true, __VA_ARGS__); \ } #define PLOG_W(...) \ - if (log_level >= WARNING) { \ + if (hf_log_level >= WARNING) { \ logLog(WARNING, __FUNCTION__, __LINE__, true, __VA_ARGS__); \ } #define PLOG_E(...) \ - if (log_level >= ERROR) { \ + if (hf_log_level >= ERROR) { \ logLog(ERROR, __FUNCTION__, __LINE__, true, __VA_ARGS__); \ } #define PLOG_F(...) \ -- cgit v1.2.3 From 98119f1cf532339c7741e0bedcbfee0c1498ae3d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 26 Mar 2020 11:55:44 +0100 Subject: Makefile/linux/bfd: give ability no to link against bfd/binutils --- Makefile | 4 ++++ linux/bfd.c | 4 ++++ linux/bfd.h | 4 ++++ linux/trace.c | 12 +++++++++++- 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index c757d566..ce2c757d 100644 --- a/Makefile +++ b/Makefile @@ -34,6 +34,7 @@ LDFLAGS ?= LIBS_CFLAGS ?= -fPIC -fno-stack-protector -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 # fortify-source intercepts some functions, so we disable it for libraries GREP_COLOR ?= BUILD_OSSFUZZ_STATIC ?= false # for https://github.com/google/oss-fuzz +BUILD_LINUX_NO_BFD ?= false # for users who don't want to use libbfd/binutils OS ?= $(shell uname -s) MARCH ?= $(shell uname -m) @@ -54,6 +55,9 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes ARCH_LDFLAGS += -lunwind-ptrace -lunwind-generic -lunwind -llzma \ -lopcodes -lbfd endif + ifeq ($(BUILD_LINUX_NO_BFD),true) + ARCH_CFLAGS += -D_HF_LINUX_NO_BFD + endif ARCH_LDFLAGS += -lrt -ldl -lm ifeq ("$(wildcard /usr/local/include/intel-pt.h)","/usr/local/include/intel-pt.h") diff --git a/linux/bfd.c b/linux/bfd.c index ebe38a60..7efcd1a4 100644 --- a/linux/bfd.c +++ b/linux/bfd.c @@ -21,6 +21,8 @@ * */ +#if !defined(_HF_LINUX_NO_BFD) + #include "linux/bfd.h" #include @@ -242,3 +244,5 @@ void arch_bfdDisasm(pid_t pid, uint8_t* mem, size_t size, char* instr) { bfd_close(bfdh); } + +#endif /* !defined(_HF_LINUX_NO_BFD) */ diff --git a/linux/bfd.h b/linux/bfd.h index 3a607e69..a1a42678 100644 --- a/linux/bfd.h +++ b/linux/bfd.h @@ -36,8 +36,12 @@ #define PACKAGE 1 #define PACKAGE_VERSION 1 +#if !defined(_HF_LINUX_NO_BFD) + extern void arch_bfdDemangle(funcs_t* funcs, size_t funcCnt); extern void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num); extern void arch_bfdDisasm(pid_t pid, uint8_t* mem, size_t size, char* instr); +#endif /* !defined(_HF_LINUX_NO_BFD) */ + #endif diff --git a/linux/trace.c b/linux/trace.c index c58d0263..77b4f23d 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -440,8 +440,10 @@ static void arch_getInstrStr(pid_t pid, uint64_t pc, uint64_t status_reg HF_ATTR return; } #if !defined(__ANDROID__) +#if !defined(_HF_LINUX_NO_BFD) arch_bfdDisasm(pid, buf, memsz, instr); -#else +#endif /* !defined(_HF_LINUX_NO_BFD) */ +#else /* !defined(__ANDROID__) */ cs_arch arch; cs_mode mode; #if defined(__arm__) || defined(__aarch64__) @@ -509,12 +511,16 @@ static void arch_traceAnalyzeData(run_t* run, pid_t pid) { if (funcCnt <= 0) { funcCnt = arch_unwindStack(pid, funcs); #if !defined(__ANDROID__) +#if !defined(_HF_LINUX_NO_BFD) arch_bfdResolveSyms(pid, funcs, funcCnt); +#endif /* !defined(_HF_LINUX_NO_BFD) */ #endif /* !defined(__ANDROID__) */ } #if !defined(__ANDROID__) +#if !defined(_HF_LINUX_NO_BFD) arch_bfdDemangle(funcs, funcCnt); +#endif /* !defined(_HF_LINUX_NO_BFD) */ #endif /* !defined(__ANDROID__) */ /* @@ -558,12 +564,16 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { if (funcCnt == 0) { funcCnt = arch_unwindStack(pid, funcs); #if !defined(__ANDROID__) +#if !defined(_HF_LINUX_NO_BFD) arch_bfdResolveSyms(pid, funcs, funcCnt); +#endif /* !defined(_HF_LINUX_NO_BFD) */ #endif /* !defined(__ANDROID__) */ } #if !defined(__ANDROID__) +#if !defined(_HF_LINUX_NO_BFD) arch_bfdDemangle(funcs, funcCnt); +#endif /* !defined(_HF_LINUX_NO_BFD) */ #endif /* !defined(__ANDROID__) */ arch_getInstrStr(pid, pc, status_reg, pcRegSz, instr); -- cgit v1.2.3 From 274f2f149237e412fb39cea407f0b19555cb6a35 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 26 Mar 2020 11:57:04 +0100 Subject: subproc: missing comma --- subproc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/subproc.c b/subproc.c index 3c8549a3..f903b456 100644 --- a/subproc.c +++ b/subproc.c @@ -433,7 +433,7 @@ bool subproc_Run(run_t* run) { { static pthread_mutex_t local_mutex = PTHREAD_MUTEX_INITIALIZER; - MX_SCOPED_LOCK(&local_mutex) + MX_SCOPED_LOCK(&local_mutex); if (diffMillis >= ATOMIC_GET(run->global->timing.timeOfLongestUnitInMilliseconds)) { ATOMIC_SET(run->global->timing.timeOfLongestUnitInMilliseconds, diffMillis); } -- cgit v1.2.3 From dc615f0e2e615a287d976efa307ba42257cf49c6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 26 Mar 2020 20:11:50 +0100 Subject: mangle: increase slowness factor mutation rates --- mangle.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mangle.c b/mangle.c index f93d6c30..acb385c1 100644 --- a/mangle.c +++ b/mangle.c @@ -858,7 +858,7 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 10); break; default: - changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 15); + changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 20); break; } -- cgit v1.2.3 From a6a959ce017a8ef3da40cbf8f8ca8d1beded560e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 27 Mar 2020 05:22:08 +0100 Subject: mangle: be muche more agressive about slow inputs --- mangle.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/mangle.c b/mangle.c index acb385c1..fee5fbf2 100644 --- a/mangle.c +++ b/mangle.c @@ -848,17 +848,14 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { uint64_t changesCnt = run->global->mutate.mutationsPerRun; /* Give it a good shake-up, if it's a slow input */ switch (slow_factor) { - case 0 ... 5: + case 0 ... 2: changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); break; - case 6 ... 10: - changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 5); - break; - case 11 ... 20: + case 3 ... 4: changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 10); break; default: - changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 20); + changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 30); break; } -- cgit v1.2.3 From ad3b23882f22a60e131fc559d60b63f639e4a5f1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 27 Mar 2020 06:18:20 +0100 Subject: input: delay testing of slow inputs --- input.c | 25 +++++++++++++++++++++++-- mangle.c | 7 +++++-- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/input.c b/input.c index 9dc546a3..0038d1c1 100644 --- a/input.c +++ b/input.c @@ -447,6 +447,21 @@ static inline unsigned input_slowFactor(run_t* run, dynfile_t* current) { return (unsigned)(current->timeExecMillis / msec_per_run); } +/* If an input is n-times slower than the average exec time, give it 1/n chance of being tested */ +static bool input_trySlowInput(unsigned slow_factor) { + if (slow_factor <= 1) { + return true; + } + + /* Be harsh towards offenders */ + slow_factor *= 10; + if (slow_factor > 1000) { + slow_factor = 1000; + } + + return ((util_rnd64() % slow_factor) == 0); +} + bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { dynfile_t* current = NULL; @@ -454,7 +469,8 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { LOG_F("The dynamic file corpus is empty. This shouldn't happen"); } - { + unsigned slow_factor = 0; + for (;;) { MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); if (run->global->io.dynfileqCurrent == NULL) { @@ -463,6 +479,11 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { current = run->global->io.dynfileqCurrent; run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); + + slow_factor = input_slowFactor(run, current); + if (input_trySlowInput(slow_factor)) { + break; + } } input_setSize(run, current->size); @@ -473,7 +494,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { memcpy(run->dynfile->data, current->data, current->size); if (needs_mangle) { - mangle_mangleContent(run, input_slowFactor(run, current)); + mangle_mangleContent(run, slow_factor); } return true; diff --git a/mangle.c b/mangle.c index fee5fbf2..bdd5b46a 100644 --- a/mangle.c +++ b/mangle.c @@ -852,10 +852,13 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); break; case 3 ... 4: - changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 10); + changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 5); + break; + case 5 ... 9: + changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 7); break; default: - changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 30); + changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 10); break; } -- cgit v1.2.3 From df32765afd2359e29d5eb41da961fbf469f4e84b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 27 Mar 2020 08:15:24 +0100 Subject: mangle: add Shrink's to counterbalance all Insert's --- mangle.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mangle.c b/mangle.c index bdd5b46a..a1333e47 100644 --- a/mangle.c +++ b/mangle.c @@ -809,7 +809,10 @@ static void mangle_Resize(run_t* run, bool printable) { void mangle_mangleContent(run_t* run, unsigned slow_factor) { static void (*const mangleFuncs[])(run_t * run, bool printable) = { - /* Every *Insert or Expand expands file, so add one Shrink for each */ + /* Every *Insert or Expand expands file, so add more Shrink's */ + mangle_Shrink, + mangle_Shrink, + mangle_Shrink, mangle_Shrink, mangle_Expand, mangle_Bit, -- cgit v1.2.3 From 0eeb8c7c1e91fb34ef3a29977c36f563fb7d4ab5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 27 Mar 2020 19:08:56 +0100 Subject: input: compute the likelyhood of an input being tested on the basis of more params (no. of backreferenced, exec time, and freshness) --- honggfuzz.h | 2 ++ input.c | 88 +++++++++++++++++++++++++++++++++++++++++++++---------------- mangle.c | 10 ++----- 3 files changed, 69 insertions(+), 31 deletions(-) diff --git a/honggfuzz.h b/honggfuzz.h index 96f8e1df..447cbd63 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -172,6 +172,8 @@ struct _dynfile_t { int fd; uint64_t timeExecMillis; char path[PATH_MAX]; + struct _dynfile_t* src; + uint32_t refs; uint8_t* data; TAILQ_ENTRY(_dynfile_t) pointers; }; diff --git a/input.c b/input.c index 0038d1c1..0969b28f 100644 --- a/input.c +++ b/input.c @@ -380,6 +380,10 @@ void input_addDynamicInput(run_t* run) { memcpy(dynfile->cov, run->dynfile->cov, sizeof(dynfile->cov)); dynfile->timeExecMillis = util_timeNowMillis() - run->timeStartedMillis; dynfile->data = (uint8_t*)util_Malloc(run->dynfile->size); + dynfile->src = run->dynfile->src; + if (run->dynfile->src) { + ATOMIC_POST_INC(run->dynfile->src->refs); + } memcpy(dynfile->data, run->dynfile->data, run->dynfile->size); input_generateFileName(dynfile, NULL, dynfile->path); @@ -437,29 +441,63 @@ bool input_inDynamicCorpus(run_t* run, const char* fname) { return false; } -static inline unsigned input_slowFactor(run_t* run, dynfile_t* current) { - uint64_t msec_per_run = ((uint64_t)(time(NULL) - run->global->timing.timeStart) * 1000); - msec_per_run /= ATOMIC_GET(run->global->cnts.mutationsCnt); - msec_per_run /= run->global->threads.threadsMax; - if (msec_per_run == 0) { - msec_per_run = 1; +static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile) { + int penalty = 1; + + { + uint64_t msec_per_run = ((uint64_t)(time(NULL) - run->global->timing.timeStart) * 1000); + msec_per_run /= ATOMIC_GET(run->global->cnts.mutationsCnt); + msec_per_run /= run->global->threads.threadsMax; + if (msec_per_run == 0) { + msec_per_run = 1; + } + const unsigned slow_factor = (unsigned)(dynfile->timeExecMillis / msec_per_run); + penalty += ((slow_factor - 2) * 5); } - return (unsigned)(current->timeExecMillis / msec_per_run); -} -/* If an input is n-times slower than the average exec time, give it 1/n chance of being tested */ -static bool input_trySlowInput(unsigned slow_factor) { - if (slow_factor <= 1) { - return true; + { + /* Older inputs -> lower chance of being tested */ + const int scaleMap[] = { + [99 ... 200] = -5, + [96 ... 98] = -2, + [91 ... 95] = -1, + [81 ... 90] = 0, + [71 ... 80] = 1, + [61 ... 70] = 3, + [41 ... 60] = 5, + [0 ... 40] = 10, + }; + + const unsigned percentile = (dynfile->idx * 100) / run->global->io.dynfileqCnt; + penalty += scaleMap[percentile]; + } + + { + /* If the input wasn't source of other inputs so far, make it less likely to be tested */ + switch (dynfile->refs) { + case 0: + penalty += 5; + break; + case 1: + break; + default: + penalty -= (dynfile->refs * 5); + break; + } } - /* Be harsh towards offenders */ - slow_factor *= 10; - if (slow_factor > 1000) { - slow_factor = 1000; + { + /* Add penalty for the input being too big, max 10 for 1MB files */ + if (dynfile->size > 8192) { + penalty += util_Log2(dynfile->size) / 10; + } } - return ((util_rnd64() % slow_factor) == 0); + if (penalty < 1) { + penalty = 1; + } + + return (unsigned)penalty; } bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { @@ -469,7 +507,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { LOG_F("The dynamic file corpus is empty. This shouldn't happen"); } - unsigned slow_factor = 0; + unsigned skip_factor = 0; for (;;) { MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); @@ -480,8 +518,8 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { current = run->global->io.dynfileqCurrent; run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); - slow_factor = input_slowFactor(run, current); - if (input_trySlowInput(slow_factor)) { + skip_factor = input_skipFactor(run, current); + if ((util_rnd64() % skip_factor) == 0) { break; } } @@ -491,10 +529,12 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { run->dynfile->idx = current->idx; run->dynfile->timeExecMillis = current->timeExecMillis; snprintf(run->dynfile->path, sizeof(run->dynfile->path), "%s", current->path); + run->dynfile->src = current; + run->dynfile->refs = 0; memcpy(run->dynfile->data, current->data, current->size); if (needs_mangle) { - mangle_mangleContent(run, slow_factor); + mangle_mangleContent(run, skip_factor); } return true; @@ -577,6 +617,10 @@ bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { } input_setSize(run, fileSz); + memset(run->dynfile->cov, '\0', sizeof(run->dynfile->cov)); + run->dynfile->idx = 0; + run->dynfile->src = NULL; + run->dynfile->refs = 0; if (needs_mangle) { mangle_mangleContent(run, /* slow_factor= */ 0); @@ -655,8 +699,6 @@ bool input_postProcessFile(run_t* run, const char* cmd) { } input_setSize(run, (size_t)sz); - memset(run->dynfile->cov, '\0', sizeof(run->dynfile->cov)); - run->dynfile->idx = 0; return true; } diff --git a/mangle.c b/mangle.c index a1333e47..e5b3747a 100644 --- a/mangle.c +++ b/mangle.c @@ -851,17 +851,11 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { uint64_t changesCnt = run->global->mutate.mutationsPerRun; /* Give it a good shake-up, if it's a slow input */ switch (slow_factor) { - case 0 ... 2: + case 0 ... 5: changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); break; - case 3 ... 4: - changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 5); - break; - case 5 ... 9: - changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 7); - break; default: - changesCnt = HF_MAX(run->global->mutate.mutationsPerRun, 10); + changesCnt = HF_MIN(slow_factor, 20); break; } -- cgit v1.2.3 From 5724e1262c11cf3362e9fac80f58422dfb1e19d7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 28 Mar 2020 01:32:40 +0100 Subject: mangle: add mangle_MemSwap --- mangle.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/mangle.c b/mangle.c index e5b3747a..e1cfc4c6 100644 --- a/mangle.c +++ b/mangle.c @@ -140,6 +140,24 @@ static inline void mangle_Insert( mangle_Overwrite(run, off, val, len, printable); } +static void mangle_MemSwap(run_t* run, bool printable HF_ATTR_UNUSED) { + size_t off1 = mangle_getOffSet(run); + size_t maxlen1 = run->dynfile->size - off1; + + size_t off2 = mangle_getOffSet(run); + size_t maxlen2 = run->dynfile->size - off2; + + size_t len = mangle_getLen(HF_MIN(maxlen1, maxlen2)); + uint8_t* tmp = (uint8_t*)util_Malloc(len); + defer { + free(tmp); + }; + + memcpy(tmp, &run->dynfile->data[off1], len); + memmove(&run->dynfile->data[off1], &run->dynfile->data[off2], len); + memcpy(&run->dynfile->data[off2], tmp, len); +} + static void mangle_MemCopyOverwrite(run_t* run, bool printable HF_ATTR_UNUSED) { size_t off_from = mangle_getOffSet(run); size_t off_to = mangle_getOffSet(run); @@ -821,6 +839,7 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { mangle_NegByte, mangle_AddSub, mangle_MemSet, + mangle_MemSwap, mangle_MemCopyOverwrite, mangle_MemCopyInsert, mangle_BytesOverwrite, @@ -859,8 +878,8 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { break; } - if ((util_timeNowMillis() - ATOMIC_GET(run->global->timing.lastCovUpdate)) > 1000) { - switch (util_rnd64() % 3) { + if ((util_timeNowMillis() - ATOMIC_GET(run->global->timing.lastCovUpdate)) > 5000) { + switch (util_rnd64() % 4) { case 0: mangle_SpliceOverwrite(run, run->global->cfg.only_printable); break; -- cgit v1.2.3 From 2316a7a2cd3084ace15d19832c4d987075700bc2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 28 Mar 2020 01:44:46 +0100 Subject: input: revert incorrect 'needs_mangle' check --- input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/input.c b/input.c index 0969b28f..b7b6812f 100644 --- a/input.c +++ b/input.c @@ -594,7 +594,7 @@ bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { if (!input_getNext(run, run->dynfile->path, /* rewind= */ rewind)) { return false; } - if (needs_mangle || !input_inDynamicCorpus(run, run->dynfile->path)) { + if (!needs_mangle || !input_inDynamicCorpus(run, run->dynfile->path)) { LOG_D("Skipping '%s' as it's already in the dynamic corpus", run->dynfile->path); break; } -- cgit v1.2.3 From 57b5ef16453dd457403ef4daada5536746e54e41 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 28 Mar 2020 03:18:29 +0100 Subject: libhfcommon/util: implement util_AllocCopy, and use util_Calloc instead of util_Malloc in a few places --- honggfuzz.c | 2 +- input.c | 5 ++--- libhfcommon/util.c | 8 +++++++- libhfcommon/util.h | 1 + libhfuzz/persistent.c | 2 +- 5 files changed, 12 insertions(+), 6 deletions(-) diff --git a/honggfuzz.c b/honggfuzz.c index 4ac2ac5f..519722cf 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -312,7 +312,7 @@ int main(int argc, char** argv) { /* * Work around CygWin/MinGW */ - char** myargs = (char**)util_Malloc(sizeof(char*) * (argc + 1)); + char** myargs = (char**)util_Calloc(sizeof(char*) * (argc + 1)); defer { free(myargs); }; diff --git a/input.c b/input.c index b7b6812f..f7b531e1 100644 --- a/input.c +++ b/input.c @@ -375,16 +375,15 @@ static bool input_cmpCov(dynfile_t* item1, dynfile_t* item2) { void input_addDynamicInput(run_t* run) { ATOMIC_SET(run->global->timing.lastCovUpdate, time(NULL)); - dynfile_t* dynfile = (dynfile_t*)util_Malloc(sizeof(dynfile_t)); + dynfile_t* dynfile = (dynfile_t*)util_Calloc(sizeof(dynfile_t)); dynfile->size = run->dynfile->size; memcpy(dynfile->cov, run->dynfile->cov, sizeof(dynfile->cov)); dynfile->timeExecMillis = util_timeNowMillis() - run->timeStartedMillis; - dynfile->data = (uint8_t*)util_Malloc(run->dynfile->size); + dynfile->data = (uint8_t*)util_AllocCopy(run->dynfile->data, run->dynfile->size); dynfile->src = run->dynfile->src; if (run->dynfile->src) { ATOMIC_POST_INC(run->dynfile->src->refs); } - memcpy(dynfile->data, run->dynfile->data, run->dynfile->size); input_generateFileName(dynfile, NULL, dynfile->path); MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); diff --git a/libhfcommon/util.c b/libhfcommon/util.c index 54e2454d..ac344ac4 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -63,7 +63,13 @@ void* util_Calloc(size_t sz) { return p; } -extern void* util_Realloc(void* ptr, size_t sz) { +void* util_AllocCopy(const uint8_t* ptr, size_t sz) { + void* p = util_Malloc(sz); + memcpy(p, ptr, sz); + return p; +} + +void* util_Realloc(void* ptr, size_t sz) { void* ret = realloc(ptr, sz); if (ret == NULL) { PLOG_W("realloc(%p, %zu)", ptr, sz); diff --git a/libhfcommon/util.h b/libhfcommon/util.h index fa0e150b..a89e5f51 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -102,6 +102,7 @@ typedef enum { extern void* util_Malloc(size_t sz); extern void* util_Calloc(size_t sz); +extern void* util_AllocCopy(const uint8_t* ptr, size_t sz); extern void* util_MMap(size_t sz); extern void* util_Realloc(void* ptr, size_t sz); diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c index 370741a1..05a3c8b8 100644 --- a/libhfuzz/persistent.c +++ b/libhfuzz/persistent.c @@ -93,7 +93,7 @@ static int HonggfuzzRunFromFile(int argc, char** argv) { LOG_I("Accepting input from '%s'", fname); LOG_I("Usage for fuzzing: honggfuzz -P [flags] -- %s", argv[0]); - uint8_t* buf = (uint8_t*)util_Malloc(_HF_INPUT_MAX_SIZE); + uint8_t* buf = (uint8_t*)util_Calloc(_HF_INPUT_MAX_SIZE); ssize_t len = files_readFromFd(in_fd, buf, _HF_INPUT_MAX_SIZE); if (len < 0) { LOG_E("Couldn't read data from stdin: %s", strerror(errno)); -- cgit v1.2.3 From 46c4598b8604cb288ed77816239933e4de80e44b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 28 Mar 2020 03:23:32 +0100 Subject: fuzz: use input_removeStaticFile instead of simple unlink() --- fuzz.c | 7 ++----- input.c | 6 ++++-- input.h | 2 +- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/fuzz.c b/fuzz.c index f3c7f113..997316fe 100644 --- a/fuzz.c +++ b/fuzz.c @@ -174,11 +174,8 @@ static void fuzz_minimizeRemoveFiles(run_t* run) { break; } if (!input_inDynamicCorpus(run, fname)) { - char path[PATH_MAX]; - snprintf(path, sizeof(path), "%s/%s", run->global->io.inputDir, fname); - LOG_I("Removing unnecessary '%s'", path); - if (unlink(path) == -1 && errno != EEXIST) { - PLOG_E("Couldn't remove file '%s'", path); + if (input_removeStaticFile(run->global->io.inputDir, fname)) { + LOG_I("Removed unnecessary '%s'", fname); } } } diff --git a/input.c b/input.c index f7b531e1..c7dd752e 100644 --- a/input.c +++ b/input.c @@ -628,12 +628,14 @@ bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { return true; } -void input_removeStaticFile(const char* dir, const char* name) { +bool input_removeStaticFile(const char* dir, const char* name) { char path[PATH_MAX]; snprintf(path, sizeof(path), "%s/%s", dir, name); - if (unlink(path) == -1) { + if (unlink(path) == -1 && errno != EEXIST) { PLOG_E("unlink('%s') failed", path); + return false; } + return true; } bool input_prepareExternalFile(run_t* run) { diff --git a/input.h b/input.h index cb140a66..1ea116a2 100644 --- a/input.h +++ b/input.h @@ -42,7 +42,7 @@ extern void input_renumerateInputs(honggfuzz_t* hfuzz); extern bool input_prepareDynamicInput(run_t* run, bool needs_mangle); extern size_t input_getRandomInputAsBuf(run_t* run, const uint8_t** buf); extern bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle); -extern void input_removeStaticFile(const char* dir, const char* name); +extern bool input_removeStaticFile(const char* dir, const char* name); extern bool input_prepareExternalFile(run_t* run); extern bool input_postProcessFile(run_t* run, const char* cmd); extern bool input_prepareDynamicFileForMinimization(run_t* run); -- cgit v1.2.3 From f461c8281941279e880edc6683a4ad4e985fc8b0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 28 Mar 2020 09:06:07 +0100 Subject: libhfcommon/files: implement files_writeStrToFile and move some callers of files_writeBufToFile to it --- libhfcommon/files.c | 40 ++++++++++++++++++++++------------------ libhfcommon/files.h | 32 ++++++++++---------------------- libhfcommon/ns.c | 10 +++------- linux/arch.c | 4 +--- 4 files changed, 36 insertions(+), 50 deletions(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 8d801ec0..6b97dac7 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -51,42 +51,46 @@ #include "libhfcommon/log.h" #include "libhfcommon/util.h" -ssize_t files_readFileToBufMax(const char* fileName, uint8_t* buf, size_t fileMaxSz) { - int fd = TEMP_FAILURE_RETRY(open(fileName, O_RDONLY | O_CLOEXEC)); +ssize_t files_readFileToBufMax(const char* fname, uint8_t* buf, size_t fileMaxSz) { + int fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY | O_CLOEXEC)); if (fd == -1) { - PLOG_W("Couldn't open '%s' for R/O", fileName); + PLOG_W("Couldn't open '%s' for R/O", fname); return -1; } ssize_t readSz = files_readFromFd(fd, buf, fileMaxSz); if (readSz < 0) { - LOG_W("Couldn't read '%s' to a buf", fileName); + LOG_W("Couldn't read '%s' to a buf", fname); } close(fd); - LOG_D("Read %zu bytes (%zu requested) from '%s'", (size_t)readSz, fileMaxSz, fileName); + LOG_D("Read %zu bytes (%zu requested) from '%s'", (size_t)readSz, fileMaxSz, fname); return readSz; } -bool files_writeBufToFile(const char* fileName, const uint8_t* buf, size_t fileSz, int flags) { - int fd = TEMP_FAILURE_RETRY(open(fileName, flags, 0644)); +bool files_writeBufToFile(const char* fname, const uint8_t* buf, size_t fileSz, int flags) { + int fd = TEMP_FAILURE_RETRY(open(fname, flags, 0644)); if (fd == -1) { - PLOG_W("Couldn't create/open '%s' for R/W", fileName); + PLOG_W("Couldn't create/open '%s' for R/W", fname); return false; } bool ret = files_writeToFd(fd, buf, fileSz); if (ret == false) { - PLOG_W("Couldn't write '%zu' bytes to file '%s' (fd='%d')", fileSz, fileName, fd); - unlink(fileName); + PLOG_W("Couldn't write '%zu' bytes to file '%s' (fd='%d')", fileSz, fname, fd); + unlink(fname); } else { - LOG_D("Written '%zu' bytes to '%s'", fileSz, fileName); + LOG_D("Written '%zu' bytes to '%s'", fileSz, fname); } close(fd); return ret; } +bool files_writeStrToFile(const char* fname, const char* str, int flags) { + return files_writeBufToFile(fname, (uint8_t*)str, strlen(str), flags); +} + int files_writeBufToTmpFile(const char* dir, const uint8_t* buf, size_t fileSz, int flags) { char template[PATH_MAX]; snprintf(template, sizeof(template), "%s/hfuzz.XXXXXX", dir); @@ -150,8 +154,8 @@ ssize_t files_readFromFdSeek(int fd, uint8_t* buf, size_t fileSz, off_t off) { return files_readFromFd(fd, buf, fileSz); } -bool files_exists(const char* fileName) { - return (access(fileName, F_OK) != -1); +bool files_exists(const char* fname) { + return (access(fname, F_OK) != -1); } bool files_writePatternToFd(int fd, off_t size, unsigned char p) { @@ -253,27 +257,27 @@ size_t files_parseSymbolFilter(const char* srcFile, char*** filterList) { return symbolsRead; } -uint8_t* files_mapFile(const char* fileName, off_t* fileSz, int* fd, bool isWritable) { +uint8_t* files_mapFile(const char* fname, off_t* fileSz, int* fd, bool isWritable) { int mmapProt = PROT_READ; if (isWritable) { mmapProt |= PROT_WRITE; } - if ((*fd = TEMP_FAILURE_RETRY(open(fileName, O_RDONLY))) == -1) { - PLOG_W("Couldn't open() '%s' file in R/O mode", fileName); + if ((*fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY))) == -1) { + PLOG_W("Couldn't open() '%s' file in R/O mode", fname); return NULL; } struct stat st; if (fstat(*fd, &st) == -1) { - PLOG_W("Couldn't stat() the '%s' file", fileName); + PLOG_W("Couldn't stat() the '%s' file", fname); close(*fd); return NULL; } uint8_t* buf; if ((buf = mmap(NULL, st.st_size, mmapProt, MAP_PRIVATE, *fd, 0)) == MAP_FAILED) { - PLOG_W("Couldn't mmap() the '%s' file", fileName); + PLOG_W("Couldn't mmap() the '%s' file", fname); close(*fd); return NULL; } diff --git a/libhfcommon/files.h b/libhfcommon/files.h index 093b28d6..f602eb28 100644 --- a/libhfcommon/files.h +++ b/libhfcommon/files.h @@ -31,41 +31,29 @@ #include "common.h" -extern ssize_t files_readFileToBufMax(const char* fileName, uint8_t* buf, size_t fileMaxSz); - -extern bool files_writeBufToFile( - const char* fileName, const uint8_t* buf, size_t fileSz, int flags); - -int files_writeBufToTmpFile(const char* dir, const uint8_t* buf, size_t fileSz, int flags); +extern ssize_t files_readFileToBufMax(const char* fname, uint8_t* buf, size_t fileMaxSz); +extern bool files_writeBufToFile(const char* fname, const uint8_t* buf, size_t fileSz, int flags); +extern bool files_writeStrToFile(const char* fname, const char* str, int flags); +extern int files_writeBufToTmpFile(const char* dir, const uint8_t* buf, size_t fileSz, int flags); extern bool files_writeToFd(int fd, const uint8_t* buf, size_t fileSz); - extern bool files_writeStrToFd(int fd, const char* str); - extern ssize_t files_readFromFd(int fd, uint8_t* buf, size_t fileSz); - extern ssize_t files_readFromFdSeek(int fd, uint8_t* buf, size_t fileSz, off_t pos); - extern bool files_writePatternToFd(int fd, off_t size, unsigned char p); -bool files_sendToSocketNB(int fd, const uint8_t* buf, size_t fileSz); - -bool files_sendToSocket(int fd, const uint8_t* buf, size_t fileSz); - -extern bool files_exists(const char* fileName); +extern bool files_sendToSocketNB(int fd, const uint8_t* buf, size_t fileSz); +extern bool files_sendToSocket(int fd, const uint8_t* buf, size_t fileSz); +extern sa_family_t files_sockFamily(int sock); +extern bool files_exists(const char* fname); extern const char* files_basename(const char* path); +extern const char* files_sockAddrToStr(const struct sockaddr* sa, const socklen_t len); -extern uint8_t* files_mapFile(const char* fileName, off_t* fileSz, int* fd, bool isWritable); - +extern uint8_t* files_mapFile(const char* fname, off_t* fileSz, int* fd, bool isWritable); extern int files_getTmpMapFlags(int flag, bool nocore); - extern void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore, bool export); extern size_t files_parseSymbolFilter(const char* inFIle, char*** filterList); -extern sa_family_t files_sockFamily(int sock); - -extern const char* files_sockAddrToStr(const struct sockaddr* sa, const socklen_t len); - #endif /* ifndef HF_COMMON_FILES */ diff --git a/libhfcommon/ns.c b/libhfcommon/ns.c index 4c11b6a1..aae3621b 100644 --- a/libhfcommon/ns.c +++ b/libhfcommon/ns.c @@ -55,25 +55,21 @@ bool nsEnter(uintptr_t cloneFlags) { return false; } - const char* deny_str = "deny"; - if (files_writeBufToFile("/proc/self/setgroups", (const uint8_t*)deny_str, strlen(deny_str), - O_WRONLY) == false) { + if (!files_writeStrToFile("/proc/self/setgroups", "deny", O_WRONLY)) { PLOG_E("Couldn't write to /proc/self/setgroups"); return false; } char gid_map[4096]; snprintf(gid_map, sizeof(gid_map), "%d %d 1", (int)current_gid, (int)current_gid); - if (files_writeBufToFile( - "/proc/self/gid_map", (const uint8_t*)gid_map, strlen(gid_map), O_WRONLY) == false) { + if (!files_writeStrToFile("/proc/self/gid_map", gid_map, O_WRONLY)) { PLOG_E("Couldn't write to /proc/self/gid_map"); return false; } char uid_map[4096]; snprintf(uid_map, sizeof(uid_map), "%d %d 1", (int)current_uid, (int)current_uid); - if (files_writeBufToFile( - "/proc/self/uid_map", (const uint8_t*)uid_map, strlen(uid_map), O_WRONLY) == false) { + if (!files_writeStrToFile("/proc/self/uid_map", uid_map, O_WRONLY)) { PLOG_E("Couldn't write to /proc/self/uid_map"); return false; } diff --git a/linux/arch.c b/linux/arch.c index f0ba38f7..f4708965 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -123,9 +123,7 @@ bool arch_launchChild(run_t* run) { } /* Increase our OOM score, so fuzzed processes die faster */ - static const char score100[] = "+500"; - if (!files_writeBufToFile( - "/proc/self/oom_score_adj", (uint8_t*)score100, strlen(score100), O_WRONLY)) { + if (!files_writeStrToFile("/proc/self/oom_score_adj", "+500", O_WRONLY)) { LOG_W("Couldn't increase our oom_score"); } -- cgit v1.2.3 From 5d72415ca4c65c5839396b4699221afea716d8b1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 28 Mar 2020 09:08:44 +0100 Subject: honggfuzz.h: remove unused struct definitions --- honggfuzz.h | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/honggfuzz.h b/honggfuzz.h index 447cbd63..88897bcf 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -124,39 +124,6 @@ typedef struct { uint64_t softCntCmp; } hwcnt_t; -typedef struct { - uint32_t capacity; - uint32_t* pChunks; - uint32_t nChunks; -} bitmap_t; - -/* Memory map struct */ -typedef struct __attribute__((packed)) { - uint64_t start; // region start addr - uint64_t end; // region end addr - uint64_t base; // region base addr - char module[NAME_MAX]; // bin/DSO name - uint64_t bbCnt; - uint64_t newBBCnt; -} memMap_t; - -/* Trie node data struct */ -typedef struct __attribute__((packed)) { - bitmap_t* pBM; -} trieData_t; - -/* Trie node struct */ -typedef struct node { - char key; - trieData_t data; - struct node* next; - struct node* prev; - struct node* children; - struct node* parent; -} node_t; - -/* EOF Sanitizer coverage specific data structures */ - typedef enum { _HF_STATE_UNSET = 0, _HF_STATE_STATIC, -- cgit v1.2.3 From 1ae551161e4c7377059b7aeca955c92726ef9d5c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 28 Mar 2020 09:57:45 +0100 Subject: cmdline: lower the default timeout to 1 second --- cmdline.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmdline.c b/cmdline.c index 72f6408a..1fdffe59 100644 --- a/cmdline.c +++ b/cmdline.c @@ -316,7 +316,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { .timeStart = time(NULL), .runEndTime = 0, - .tmOut = 2, + .tmOut = 1, .lastCovUpdate = time(NULL), .timeOfLongestUnitInMilliseconds = 0, .tmoutVTALRM = false, @@ -434,7 +434,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "minimize", no_argument, NULL, 'M' }, "Minimize the input corpus. It will most likely delete some corpus files (from the --input directory) if no --output is used!" }, { { "noinst", no_argument, NULL, 'x' }, "Static mode only, disable any instrumentation (hw/sw) feedback" }, { { "keep_output", no_argument, NULL, 'Q' }, "Don't close children's stdin, stdout, stderr; can be noisy" }, - { { "timeout", required_argument, NULL, 't' }, "Timeout in seconds (default: 10)" }, + { { "timeout", required_argument, NULL, 't' }, "Timeout in seconds (default: 1 (second))" }, { { "threads", required_argument, NULL, 'n' }, "Number of concurrent fuzzing threads (default: number of CPUs / 2)" }, { { "stdin_input", no_argument, NULL, 's' }, "Provide fuzzing input on STDIN, instead of " _HF_FILE_PLACEHOLDER }, { { "mutations_per_run", required_argument, NULL, 'r' }, "Maximal number of mutations per one run (default: 6)" }, -- cgit v1.2.3 From 7dbea4e3f8da2c52b5a169294ed2c1824c542fd9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 28 Mar 2020 10:04:47 +0100 Subject: hfuzz-cc: allow to use HFUZZ_CLANG_USE_PC_GUARDS for -fsanitize=trace-pc-guards --- hfuzz_cc/hfuzz-cc.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index bc587155..0f25783d 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -93,6 +93,13 @@ static bool useClangFuzzerNoLink() { return false; } +static bool useClangPCGuards() { + if (getenv("HFUZZ_CLANG_USE_PC_GUARDS")) { + return true; + } + return false; +} + static bool isLDMode(int argc, char** argv) { for (int i = 1; i < argc; i++) { if (strcmp(argv[i], "--version") == 0) { @@ -350,6 +357,11 @@ static void commonPostOpts(int* j, char** args, int argc, char** argv) { args[(*j)++] = "-fsanitize-coverage=trace-pc,trace-cmp"; } } else { + if (useClangFuzzerNoLink() && useClangPCGuards()) { + LOG_F("You cannot set HFUZZ_CLANG_USE_FUZZER_NO_LINK and HFUZZ_CLANG_USE_PC_GUARDS at " + "the same time"); + } + if (useClangFuzzerNoLink()) { args[(*j)++] = "-fno-sanitize-coverage=trace-pc-guard"; args[(*j)++] = "-fno-sanitize=fuzzer"; -- cgit v1.2.3 From 7a4aa9d0c93ba35fe79829947cdf4ef39c7ec4ac Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 28 Mar 2020 10:51:23 +0100 Subject: input: cap avg execution time to 1-10 ms --- input.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/input.c b/input.c index c7dd752e..8a939ff8 100644 --- a/input.c +++ b/input.c @@ -447,9 +447,9 @@ static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile) { uint64_t msec_per_run = ((uint64_t)(time(NULL) - run->global->timing.timeStart) * 1000); msec_per_run /= ATOMIC_GET(run->global->cnts.mutationsCnt); msec_per_run /= run->global->threads.threadsMax; - if (msec_per_run == 0) { - msec_per_run = 1; - } + /* Cap this to 1-10 ms */ + msec_per_run = HF_MAX(1, msec_per_run); + msec_per_run = HF_MIN(10, msec_per_run); const unsigned slow_factor = (unsigned)(dynfile->timeExecMillis / msec_per_run); penalty += ((slow_factor - 2) * 5); } -- cgit v1.2.3 From 855d5acf1e632141c194f2d2434282d9a8df5c5d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 28 Mar 2020 19:30:22 +0100 Subject: input: adjust per-input penalties --- input.c | 9 +++++---- mangle.c | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/input.c b/input.c index 8a939ff8..f6d0dc35 100644 --- a/input.c +++ b/input.c @@ -444,6 +444,7 @@ static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile) { int penalty = 1; { + /* Slower the input, lower the chance of it being tested */ uint64_t msec_per_run = ((uint64_t)(time(NULL) - run->global->timing.timeStart) * 1000); msec_per_run /= ATOMIC_GET(run->global->cnts.mutationsCnt); msec_per_run /= run->global->threads.threadsMax; @@ -451,7 +452,7 @@ static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile) { msec_per_run = HF_MAX(1, msec_per_run); msec_per_run = HF_MIN(10, msec_per_run); const unsigned slow_factor = (unsigned)(dynfile->timeExecMillis / msec_per_run); - penalty += ((slow_factor - 2) * 5); + penalty += (slow_factor - 3); } { @@ -486,9 +487,9 @@ static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile) { } { - /* Add penalty for the input being too big, max 10 for 1MB files */ - if (dynfile->size > 8192) { - penalty += util_Log2(dynfile->size) / 10; + /* Add penalty for the input being too big - 0 is for 1kB input */ + if (dynfile->size > 0) { + penalty += (util_Log2(dynfile->size) - 10); } } diff --git a/mangle.c b/mangle.c index e1cfc4c6..44c789ae 100644 --- a/mangle.c +++ b/mangle.c @@ -874,7 +874,7 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); break; default: - changesCnt = HF_MIN(slow_factor, 20); + changesCnt = HF_MIN(slow_factor * 10, 50); break; } -- cgit v1.2.3 From 254d2f005b81495079dce0a5f42e4feeb96d2de0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 28 Mar 2020 21:52:32 +0100 Subject: mangle: use actual slow_factor and not the skip_factor for counting number of necessary mutations --- input.c | 19 ++++++++++--------- libhfcommon/util.h | 1 + mangle.c | 7 ++++--- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/input.c b/input.c index f6d0dc35..93d5f236 100644 --- a/input.c +++ b/input.c @@ -440,7 +440,7 @@ bool input_inDynamicCorpus(run_t* run, const char* fname) { return false; } -static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile) { +static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile, unsigned* slow_factor) { int penalty = 1; { @@ -449,10 +449,11 @@ static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile) { msec_per_run /= ATOMIC_GET(run->global->cnts.mutationsCnt); msec_per_run /= run->global->threads.threadsMax; /* Cap this to 1-10 ms */ - msec_per_run = HF_MAX(1, msec_per_run); - msec_per_run = HF_MIN(10, msec_per_run); - const unsigned slow_factor = (unsigned)(dynfile->timeExecMillis / msec_per_run); - penalty += (slow_factor - 3); + msec_per_run = HF_CAP(msec_per_run, 1, 10); + + *slow_factor = (unsigned)(dynfile->timeExecMillis / msec_per_run); + *slow_factor = HF_MIN(*slow_factor, 20); + penalty += (*slow_factor - 3); } { @@ -481,7 +482,7 @@ static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile) { case 1: break; default: - penalty -= (dynfile->refs * 5); + penalty -= HF_MIN(dynfile->refs * 5, 20); break; } } @@ -507,7 +508,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { LOG_F("The dynamic file corpus is empty. This shouldn't happen"); } - unsigned skip_factor = 0; + unsigned slow_factor = 0; for (;;) { MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); @@ -518,7 +519,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { current = run->global->io.dynfileqCurrent; run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); - skip_factor = input_skipFactor(run, current); + unsigned skip_factor = input_skipFactor(run, current, &slow_factor); if ((util_rnd64() % skip_factor) == 0) { break; } @@ -534,7 +535,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { memcpy(run->dynfile->data, current->data, current->size); if (needs_mangle) { - mangle_mangleContent(run, skip_factor); + mangle_mangleContent(run, slow_factor); } return true; diff --git a/libhfcommon/util.h b/libhfcommon/util.h index a89e5f51..f1a7a869 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -91,6 +91,7 @@ __attribute__((always_inline)) static inline bool ATOMIC_BITMAP_SET(uint8_t* add #define HF_MAX(x, y) ((x > y) ? x : y) #define HF_MIN(x, y) ((x < y) ? x : y) +#define HF_CAP(v, x, y) HF_MAX(x, HF_MIN(y, v)) #define util_Log2(v) ((sizeof(unsigned int) * 8) - __builtin_clz((unsigned int)v) - 1) diff --git a/mangle.c b/mangle.c index 44c789ae..268b06f1 100644 --- a/mangle.c +++ b/mangle.c @@ -868,13 +868,14 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { } uint64_t changesCnt = run->global->mutate.mutationsPerRun; - /* Give it a good shake-up, if it's a slow input */ switch (slow_factor) { - case 0 ... 5: + case 0 ... 3: changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); break; default: - changesCnt = HF_MIN(slow_factor * 10, 50); + /* Give it a good shake-up, if it's a slow input */ + changesCnt = HF_MIN(slow_factor, 15); + changesCnt = HF_MAX(changesCnt, run->global->mutate.mutationsPerRun); break; } -- cgit v1.2.3 From 64295f5487ac60110f7a249e0e3feeb257ef8787 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 29 Mar 2020 00:16:00 +0100 Subject: hfuzz-cc: make use 8-bit counters by default. Add hfuzz-pcguards-clang(++) for the pc-guards version --- examples/apache-httpd/httpd-master.honggfuzz.patch | 8 ++-- hfuzz_cc/hfuzz-cc.c | 48 ++++++++-------------- hfuzz_cc/hfuzz-pcguard-clang | 1 + hfuzz_cc/hfuzz-pcguard-clang++ | 1 + 4 files changed, 24 insertions(+), 34 deletions(-) create mode 120000 hfuzz_cc/hfuzz-pcguard-clang create mode 120000 hfuzz_cc/hfuzz-pcguard-clang++ diff --git a/examples/apache-httpd/httpd-master.honggfuzz.patch b/examples/apache-httpd/httpd-master.honggfuzz.patch index 30482d5c..72b34645 100644 --- a/examples/apache-httpd/httpd-master.honggfuzz.patch +++ b/examples/apache-httpd/httpd-master.honggfuzz.patch @@ -25,8 +25,8 @@ index 0000000..f8a9a41 +HFUZZ_DIR="/home/jagger/src/honggfuzz" +# Change this to a directory where apache should be installed into +INSTALL_PREFIX="$(realpath "$PWD/../dist")" -+NGHTTP2_VER=1.33.0 -+APR_VER=1.6.5 ++NGHTTP2_VER=1.40.0 ++APR_VER=1.7.0 +APR_UTIL_VER=1.6.1 +CFLAGS_SAN="-fsanitize=address -O3 -ggdb" +# Another viable option: few @@ -36,8 +36,8 @@ index 0000000..f8a9a41 +APR_PATH="$(realpath "$PWD/../apr-$APR_VER")" +APR_UTIL_PATH="$(realpath "$PWD/../apr-util-$APR_UTIL_VER")/" + -+export CC="$HFUZZ_DIR/hfuzz_cc/hfuzz-clang" -+export CXX="$HFUZZ_DIR/hfuzz_cc/hfuzz-clang++" ++export CC="$HFUZZ_DIR/hfuzz_cc/hfuzz-pcguard-clang" ++export CXX="$HFUZZ_DIR/hfuzz_cc/hfuzz-pcguard-clang++" + +echo "Compiling APR" +cd "$APR_PATH" diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 0f25783d..2ad0634a 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -22,6 +22,8 @@ static bool isCXX = false; static bool isGCC = false; +static bool usePCGuard = false; +static bool hasCmdLineFSanitizeFuzzer = false; /* Embed libhf/.a inside this binary */ __asm__("\n" @@ -86,20 +88,6 @@ static bool useBelowGCC8() { return false; } -static bool useClangFuzzerNoLink() { - if (getenv("HFUZZ_CLANG_USE_FUZZER_NO_LINK")) { - return true; - } - return false; -} - -static bool useClangPCGuards() { - if (getenv("HFUZZ_CLANG_USE_PC_GUARDS")) { - return true; - } - return false; -} - static bool isLDMode(int argc, char** argv) { for (int i = 1; i < argc; i++) { if (strcmp(argv[i], "--version") == 0) { @@ -121,7 +109,7 @@ static bool isLDMode(int argc, char** argv) { return true; } -static bool isFSanitizeFuzzer(int argc, char** argv) { +static bool hasFSanitizeFuzzer(int argc, char** argv) { for (int i = 1; i < argc; i++) { if (util_strStartsWith(argv[i], "-fsanitize=") && strstr(argv[i], "fuzzer")) { return true; @@ -347,7 +335,7 @@ static void commonPreOpts(int* j, char** args) { } } -static void commonPostOpts(int* j, char** args, int argc, char** argv) { +static void commonPostOpts(int* j, char** args) { if (isGCC) { if (useBelowGCC8()) { /* trace-pc is the best that gcc-6/7 currently offers */ @@ -357,22 +345,17 @@ static void commonPostOpts(int* j, char** args, int argc, char** argv) { args[(*j)++] = "-fsanitize-coverage=trace-pc,trace-cmp"; } } else { - if (useClangFuzzerNoLink() && useClangPCGuards()) { - LOG_F("You cannot set HFUZZ_CLANG_USE_FUZZER_NO_LINK and HFUZZ_CLANG_USE_PC_GUARDS at " - "the same time"); - } - - if (useClangFuzzerNoLink()) { - args[(*j)++] = "-fno-sanitize-coverage=trace-pc-guard"; - args[(*j)++] = "-fno-sanitize=fuzzer"; - args[(*j)++] = "-fsanitize=fuzzer-no-link"; - args[(*j)++] = "-fsanitize-coverage=trace-cmp,trace-div,indirect-calls"; - } else { - if (isFSanitizeFuzzer(argc, argv)) { + if (usePCGuard) { + if (hasCmdLineFSanitizeFuzzer) { args[(*j)++] = "-fno-sanitize=fuzzer"; args[(*j)++] = "-fno-sanitize=fuzzer-no-link"; } args[(*j)++] = "-fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div,indirect-calls"; + } else { + args[(*j)++] = "-fno-sanitize-coverage=trace-pc-guard"; + args[(*j)++] = "-fno-sanitize=fuzzer"; + args[(*j)++] = "-fsanitize=fuzzer-no-link"; + args[(*j)++] = "-fsanitize-coverage=trace-cmp,trace-div,indirect-calls"; } } } @@ -393,7 +376,7 @@ static int ccMode(int argc, char** argv) { args[j++] = argv[i]; } - commonPostOpts(&j, args, argc, argv); + commonPostOpts(&j, args); return execCC(j, args); } @@ -493,7 +476,7 @@ static int ldMode(int argc, char** argv) { args[j++] = "-latomic"; #endif - commonPostOpts(&j, args, argc, argv); + commonPostOpts(&j, args); return execCC(j, args); } @@ -515,6 +498,11 @@ int main(int argc, char** argv) { if (baseNameContains(argv[0], "-g++")) { isGCC = true; } + if (baseNameContains(argv[0], "-pcguard-")) { + usePCGuard = true; + } + hasCmdLineFSanitizeFuzzer = hasFSanitizeFuzzer(argc, argv); + if (argc <= 1) { return execCC(argc, argv); } diff --git a/hfuzz_cc/hfuzz-pcguard-clang b/hfuzz_cc/hfuzz-pcguard-clang new file mode 120000 index 00000000..78d03419 --- /dev/null +++ b/hfuzz_cc/hfuzz-pcguard-clang @@ -0,0 +1 @@ +hfuzz-cc \ No newline at end of file diff --git a/hfuzz_cc/hfuzz-pcguard-clang++ b/hfuzz_cc/hfuzz-pcguard-clang++ new file mode 120000 index 00000000..78d03419 --- /dev/null +++ b/hfuzz_cc/hfuzz-pcguard-clang++ @@ -0,0 +1 @@ +hfuzz-cc \ No newline at end of file -- cgit v1.2.3 From d16a8efba8082d6f736f6a23a0f498c4e2ff8df3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 29 Mar 2020 00:32:23 +0100 Subject: examples/httpd: new apache-httpd patch --- examples/apache-httpd/httpd-master.honggfuzz.patch | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/examples/apache-httpd/httpd-master.honggfuzz.patch b/examples/apache-httpd/httpd-master.honggfuzz.patch index 72b34645..6570306c 100644 --- a/examples/apache-httpd/httpd-master.honggfuzz.patch +++ b/examples/apache-httpd/httpd-master.honggfuzz.patch @@ -1,9 +1,9 @@ diff --git a/configure.in b/configure.in -index b20aad0..eec5ba2 100644 +index 423d58d..4beea8c 100644 --- a/configure.in +++ b/configure.in -@@ -725,7 +725,7 @@ AC_MSG_CHECKING([for Check to enable unit tests]) - if test "x$PKGCONFIG" != "x" && `$PKGCONFIG --atleast-version='0.9.12' check`; then +@@ -769,7 +769,7 @@ AC_MSG_CHECKING([for Check to enable unit tests]) + if test "x$PKGCONFIG" != "x" -a "$ap_reduced_exports" = "no" && `$PKGCONFIG --atleast-version='0.9.12' check`; then UNITTEST_CFLAGS=`$PKGCONFIG --cflags check` UNITTEST_LIBS=`$PKGCONFIG --libs check` - other_targets="$other_targets test/httpdunit" @@ -13,7 +13,7 @@ index b20aad0..eec5ba2 100644 else diff --git a/hfuzz.compile_and_install.asan.sh b/hfuzz.compile_and_install.asan.sh new file mode 100755 -index 0000000..f8a9a41 +index 0000000..ad24349 --- /dev/null +++ b/hfuzz.compile_and_install.asan.sh @@ -0,0 +1,63 @@ @@ -81,7 +81,7 @@ index 0000000..f8a9a41 +make -j$(nproc) +make install diff --git a/modules/generators/mod_autoindex.c b/modules/generators/mod_autoindex.c -index c887056..1be2d16 100644 +index 21fc59a..3c67164 100644 --- a/modules/generators/mod_autoindex.c +++ b/modules/generators/mod_autoindex.c @@ -1907,6 +1907,8 @@ static void output_directories(struct ent **ar, int n, @@ -94,10 +94,10 @@ index c887056..1be2d16 100644 struct ent *c2; int result = 0; diff --git a/server/request.c b/server/request.c -index 70812fe..b62272e 100644 +index a448fa7..c4785d4 100644 --- a/server/request.c +++ b/server/request.c -@@ -1393,7 +1393,7 @@ AP_DECLARE(int) ap_directory_walk(request_rec *r) +@@ -1401,7 +1401,7 @@ AP_DECLARE(int) ap_directory_walk(request_rec *r) return OK; } @@ -107,10 +107,10 @@ index 70812fe..b62272e 100644 { ap_conf_vector_t *now_merged = NULL; diff --git a/server/util_pcre.c b/server/util_pcre.c -index 8254cc4..ef70c43 100644 +index fedf6e6..053eb77 100644 --- a/server/util_pcre.c +++ b/server/util_pcre.c -@@ -388,6 +388,7 @@ AP_DECLARE(int) ap_regexec_len(const ap_regex_t *preg, const char *buff, +@@ -390,6 +390,7 @@ AP_DECLARE(int) ap_regexec_len(const ap_regex_t *preg, const char *buff, } } -- cgit v1.2.3 From 5efe5529be8fab6180f690d22d9ac8c0ce9c73b1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 29 Mar 2020 04:15:13 +0200 Subject: libhfuzz: update scaleMap for counters --- libhfuzz/instrument.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 44341595..4a5fdc0f 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -574,8 +574,8 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { bool prev = ATOMIC_XCHG(covFeedback->pcGuardMap[*guard], true); if (prev == false) { ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackEdge[my_thread_no]); - wmb(); } + wmb(); } } @@ -602,31 +602,32 @@ void instrument8BitCountersCount(void) { [1] = 1U << 0, [2] = 1U << 1, [3] = 1U << 2, - [4] = 1U << 3, - [5 ... 6] = 1U << 4, - [7 ... 10] = 1U << 5, - [11 ... 20] = 1U << 6, - [21 ... 255] = 1U << 7, + [4 ... 5] = 1U << 3, + [6 ... 10] = 1U << 4, + [11 ... 32] = 1U << 5, + [33 ... 64] = 1U << 6, + [65 ... 255] = 1U << 7, }; - const uint8_t new = scaleMap[v]; - const size_t guard = hf8bitcounters[i].guard + j; + const uint8_t newval = scaleMap[v]; - if (ATOMIC_GET(covFeedback->pcGuardMap[guard]) < new) { - const uint8_t prev = ATOMIC_POST_OR(covFeedback->pcGuardMap[guard], new); - if (!prev) { + const size_t guard = hf8bitcounters[i].guard + j; + if (ATOMIC_GET(covFeedback->pcGuardMap[guard]) < newval) { + const uint8_t prevval = ATOMIC_POST_OR(covFeedback->pcGuardMap[guard], newval); + if (!prevval) { ATOMIC_PRE_INC(covFeedback->pidFeedbackEdge[my_thread_no]); - } else if (prev < new) { + } else if (prevval < newval) { ATOMIC_PRE_INC(covFeedback->pidFeedbackCmp[my_thread_no]); } } - wmb(); } } + + wmb(); } void instrument8BitCountersClear(void) { for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters) && hf8bitcounters[i].start; i++) { - memset(hf8bitcounters[i].start, '\0', hf8bitcounters[i].cnt); + bzero(hf8bitcounters[i].start, hf8bitcounters[i].cnt); } wmb(); } -- cgit v1.2.3 From f6149320712e265024bb8df9ba7459f76b699dc5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 29 Mar 2020 04:20:16 +0200 Subject: libhfuzz: missing write memory barriers --- libhfuzz/instrument.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 4a5fdc0f..c8716766 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -666,6 +666,7 @@ bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + wmb(); return true; } return false; @@ -676,6 +677,7 @@ void instrumentClearNewCov() { covFeedback->pidFeedbackPc[my_thread_no] = 0U; covFeedback->pidFeedbackEdge[my_thread_no] = 0U; covFeedback->pidFeedbackCmp[my_thread_no] = 0U; + wmb(); } void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { -- cgit v1.2.3 From 0930d199cbfb9b58e63141d5e9f0c3ce99caaea5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 29 Mar 2020 16:11:56 +0200 Subject: linux: enable network namespacing by default (if available) --- cmdline.c | 32 ++++++++++++++++++++++++++++++-- honggfuzz.h | 7 +++++++ input.c | 43 +++++++++++++++++++------------------------ linux/arch.c | 23 +++++++++++++++-------- mangle.c | 2 +- 5 files changed, 72 insertions(+), 35 deletions(-) diff --git a/cmdline.c b/cmdline.c index 1fdffe59..cbc5df56 100644 --- a/cmdline.c +++ b/cmdline.c @@ -159,6 +159,30 @@ bool cmdlineAddEnv(honggfuzz_t* hfuzz, char* env) { return false; } +tristate_t cmdlineParseTriState(const char* optname, const char* optarg) { + if (!optarg) { + LOG_F("Option '--%s' needs an argument (true|false|maybe)", optname); + } + /* Probably '-' belong to the next option */ + if (optarg[0] == '-') { + LOG_F("Option '--%s' needs an argument (true|false|maybe)", optname); + } + if ((strcasecmp(optarg, "0") == 0) || (strcasecmp(optarg, "false") == 0) || + (strcasecmp(optarg, "n") == 0) || (strcasecmp(optarg, "no") == 0)) { + return false; + } + if ((strcasecmp(optarg, "1") == 0) || (strcasecmp(optarg, "true") == 0) || + (strcasecmp(optarg, "y") == 0) || (strcasecmp(optarg, "yes") == 0)) { + return true; + } + if ((strcasecmp(optarg, "-1") == 0) || (strcasecmp(optarg, "maybe") == 0) || + (strcasecmp(optarg, "m") == 0) || (strcasecmp(optarg, "if_supported") == 0)) { + return true; + } + LOG_F("Unknown value for option --%s=%s. Use true, false or maybe", optname, optarg); + return false; +} + bool cmdlineParseTrueFalse(const char* optname, const char* optarg) { if (!optarg) { LOG_F("Option '--%s' needs an argument (true|false)", optname); @@ -406,6 +430,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .symsWlCnt = 0, .symsWl = NULL, .cloneFlags = 0, + .useNetNs = HF_MAYBE, .kernelOnly = false, .useClone = true, }, @@ -488,7 +513,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { { "linux_perf_bts_edge", no_argument, NULL, 0x513 }, "Use Intel BTS to count unique edges" }, { { "linux_perf_ipt_block", no_argument, NULL, 0x514 }, "Use Intel Processor Trace to count unique blocks (requires libipt.so)" }, { { "linux_perf_kernel_only", no_argument, NULL, 0x515 }, "Gather kernel-only coverage with Intel PT and with Intel BTS" }, - { { "linux_ns_net", no_argument, NULL, 0x0530 }, "Use Linux NET namespace isolation" }, + { { "linux_ns_net", required_argument, NULL, 0x0530 }, "Use Linux NET namespace isolation (yes/no/maybe [default:maybe/if_supported])" }, { { "linux_ns_pid", no_argument, NULL, 0x0531 }, "Use Linux PID namespace isolation" }, { { "linux_ns_ipc", no_argument, NULL, 0x0532 }, "Use Linux IPC namespace isolation" }, #endif // defined(_HF_ARCH_LINUX) @@ -711,7 +736,10 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { hfuzz->linux.kernelOnly = true; break; case 0x530: - hfuzz->linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWNET); + hfuzz->linux.useNetNs = cmdlineParseTriState(opts[opt_index].name, optarg); + if (hfuzz->linux.useNetNs == HF_YES) { + hfuzz->linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWNET); + } break; case 0x531: hfuzz->linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWPID); diff --git a/honggfuzz.h b/honggfuzz.h index 88897bcf..0011f3b2 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -132,6 +132,12 @@ typedef enum { _HF_STATE_DYNAMIC_MINIMIZE, } fuzzState_t; +typedef enum { + HF_MAYBE = -1, + HF_NO = 0, + HF_YES = 1, +} tristate_t; + struct _dynfile_t { size_t size; uint64_t cov[4]; @@ -300,6 +306,7 @@ typedef struct { char** symsWl; size_t symsWlCnt; uintptr_t cloneFlags; + tristate_t useNetNs; bool kernelOnly; bool useClone; } linux; diff --git a/input.c b/input.c index 93d5f236..f6768b3a 100644 --- a/input.c +++ b/input.c @@ -440,27 +440,31 @@ bool input_inDynamicCorpus(run_t* run, const char* fname) { return false; } +static inline unsigned input_slowFactor(run_t* run, dynfile_t* dynfile) { + /* Slower the input, lower the chance of it being tested */ + uint64_t msec_per_run = ((uint64_t)(time(NULL) - run->global->timing.timeStart) * 1000); + msec_per_run /= ATOMIC_GET(run->global->cnts.mutationsCnt); + msec_per_run /= run->global->threads.threadsMax; + /* Cap this to 1-10 ms */ + msec_per_run = HF_CAP(msec_per_run, 1, 10); + + unsigned slow_factor = (unsigned)(dynfile->timeExecMillis / msec_per_run); + return HF_MIN(slow_factor, 20); +} + static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile, unsigned* slow_factor) { int penalty = 1; { - /* Slower the input, lower the chance of it being tested */ - uint64_t msec_per_run = ((uint64_t)(time(NULL) - run->global->timing.timeStart) * 1000); - msec_per_run /= ATOMIC_GET(run->global->cnts.mutationsCnt); - msec_per_run /= run->global->threads.threadsMax; - /* Cap this to 1-10 ms */ - msec_per_run = HF_CAP(msec_per_run, 1, 10); - - *slow_factor = (unsigned)(dynfile->timeExecMillis / msec_per_run); - *slow_factor = HF_MIN(*slow_factor, 20); - penalty += (*slow_factor - 3); + *slow_factor = input_slowFactor(run, dynfile); + penalty += HF_CAP(((int)*slow_factor - 3), -15, 30); } { /* Older inputs -> lower chance of being tested */ const int scaleMap[] = { - [99 ... 200] = -5, - [96 ... 98] = -2, + [99 ... 200] = -10, + [96 ... 98] = -3, [91 ... 95] = -1, [81 ... 90] = 0, [71 ... 80] = 1, @@ -475,22 +479,13 @@ static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile, unsigned { /* If the input wasn't source of other inputs so far, make it less likely to be tested */ - switch (dynfile->refs) { - case 0: - penalty += 5; - break; - case 1: - break; - default: - penalty -= HF_MIN(dynfile->refs * 5, 20); - break; - } + penalty += HF_CAP((2 - (int)dynfile->refs * 5), -15, 15); } { - /* Add penalty for the input being too big - 0 is for 1kB input */ + /* Add penalty for the input being too big - 0 is for 256B input */ if (dynfile->size > 0) { - penalty += (util_Log2(dynfile->size) - 10); + penalty += HF_CAP(((int)util_Log2(dynfile->size) - 8), -15, 15); } } diff --git a/linux/arch.c b/linux/arch.c index f4708965..835443c0 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -98,21 +98,28 @@ pid_t arch_fork(run_t* run) { } bool arch_launchChild(run_t* run) { - if ((run->global->linux.cloneFlags & CLONE_NEWNET) && (nsIfaceUp("lo") == false)) { + if ((run->global->linux.cloneFlags & CLONE_NEWNET) && !nsIfaceUp("lo")) { LOG_W("Cannot bring interface 'lo' up"); } - /* - * Make it attach-able by ptrace() - */ + /* Try to enable network namespacing if requested */ + if (run->global->linux.useNetNs == HF_MAYBE) { + if (unshare(CLONE_NEWUSER | CLONE_NEWNET) == -1) { + PLOG_D("unshare((CLONE_NEWUSER|CLONE_NEWNS) failed"); + } else if (!nsIfaceUp("lo")) { + LOG_E("Network namespacing enabled, but couldn't bring interface 'lo' up"); + return false; + } + LOG_D("Network namespacing enabled, and the 'lo' interface is set up"); + } + + /* Make it attach-able by ptrace() */ if (prctl(PR_SET_DUMPABLE, 1UL, 0UL, 0UL, 0UL) == -1) { PLOG_E("prctl(PR_SET_DUMPABLE, 1)"); return false; } - /* - * Kill a process which corrupts its own heap (with ABRT) - */ + /* Kill rocess which corrupts its own heap (with ABRT) */ if (setenv("MALLOC_CHECK_", "7", 0) == -1) { PLOG_E("setenv(MALLOC_CHECK_=7) failed"); return false; @@ -137,7 +144,7 @@ bool arch_launchChild(run_t* run) { PLOG_D("personality(ADDR_NO_RANDOMIZE) failed"); } - /* alarms persist across execve(), so disable it here */ + /* Alarms persist across execve(), so disable them here */ alarm(0); /* Wait for the ptrace to attach now */ diff --git a/mangle.c b/mangle.c index 268b06f1..bcea4bae 100644 --- a/mangle.c +++ b/mangle.c @@ -874,7 +874,7 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { break; default: /* Give it a good shake-up, if it's a slow input */ - changesCnt = HF_MIN(slow_factor, 15); + changesCnt = HF_MIN(slow_factor, 20); changesCnt = HF_MAX(changesCnt, run->global->mutate.mutationsPerRun); break; } -- cgit v1.2.3 From efe02e41ca85bb8290f8b5e4821d6f104b0f9c7c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 29 Mar 2020 21:03:56 +0200 Subject: use usecs instead of msecs as the basic unit of time --- cmdline.c | 4 ++-- display.c | 12 ++++++------ fuzz.c | 12 ++++++------ honggfuzz.c | 2 +- honggfuzz.h | 8 ++++---- input.c | 39 ++++++++++++++++++++++----------------- libhfcommon/util.c | 4 ++-- libhfcommon/util.h | 2 +- mangle.c | 22 +++++++++++----------- mangle.h | 2 +- subproc.c | 14 +++++++------- 11 files changed, 63 insertions(+), 58 deletions(-) diff --git a/cmdline.c b/cmdline.c index cbc5df56..64532a69 100644 --- a/cmdline.c +++ b/cmdline.c @@ -342,7 +342,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .runEndTime = 0, .tmOut = 1, .lastCovUpdate = time(NULL), - .timeOfLongestUnitInMilliseconds = 0, + .timeOfLongestUnitUSecs = 0, .tmoutVTALRM = false, }, .mutate = @@ -357,7 +357,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .display = { .useScreen = true, - .lastDisplayMillis = util_timeNowMillis(), + .lastDisplayUSecs = util_timeNowUSecs(), .cmdline_txt[0] = '\0', }, .cfg = diff --git a/display.c b/display.c index 4f41e798..81baf3bf 100644 --- a/display.c +++ b/display.c @@ -171,9 +171,9 @@ void display_display(honggfuzz_t* hfuzz) { const time_t curr_sec = time(NULL); const time_t elapsed_sec = curr_sec - hfuzz->timing.timeStart; - const int64_t curr_time_millis = util_timeNowMillis(); - const int64_t elapsed_millis = curr_time_millis - hfuzz->display.lastDisplayMillis; - hfuzz->display.lastDisplayMillis = curr_time_millis; + const int64_t curr_time_usecs = util_timeNowUSecs(); + const int64_t elapsed_usecs = curr_time_usecs - hfuzz->display.lastDisplayUSecs; + hfuzz->display.lastDisplayUSecs = curr_time_usecs; char lastCovStr[64]; getDuration(curr_sec - ATOMIC_GET(hfuzz->timing.lastCovUpdate), lastCovStr, sizeof(lastCovStr)); @@ -200,8 +200,8 @@ void display_display(honggfuzz_t* hfuzz) { } static size_t prev_exec_cnt = 0UL; - size_t exec_per_millis = - elapsed_millis ? ((curr_exec_cnt - prev_exec_cnt) * 1000) / elapsed_millis : 0; + size_t exec_per_usecs = + elapsed_usecs ? ((curr_exec_cnt - prev_exec_cnt) * 1000000) / elapsed_usecs : 0; prev_exec_cnt = curr_exec_cnt; display_start(); @@ -257,7 +257,7 @@ void display_display(honggfuzz_t* hfuzz) { size_t tot_exec_per_sec = elapsed_sec ? (curr_exec_cnt / elapsed_sec) : 0; display_put(" Speed : " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET "/sec [avg: " ESC_BOLD "%" _HF_NONMON_SEP "zu" ESC_RESET "]\n", - exec_per_millis, tot_exec_per_sec); + exec_per_usecs, tot_exec_per_sec); uint64_t crashesCnt = ATOMIC_GET(hfuzz->cnts.crashesCnt); /* colored the crash count as red when exist crash */ diff --git a/fuzz.c b/fuzz.c index 997316fe..c505de3e 100644 --- a/fuzz.c +++ b/fuzz.c @@ -132,7 +132,7 @@ static void fuzz_setDynamicMainState(run_t* run) { .cov = {}, .idx = 0, .fd = -1, - .timeExecMillis = 1, + .timeExecUSecs = 1, .path = "[DYNAMIC-0-SIZE]", .data = (uint8_t*)"", }; @@ -219,10 +219,10 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.softCntEdge += softCntEdge; run->global->linux.hwCnts.softCntCmp += softCntCmp; - LOG_I("Size:%zu Time:%" PRIu64 "ms (i/b/h/e/p/c): %" PRIu64 "/%" PRIu64 "/%" PRIu64 + LOG_I("Size:%zu Time:%" PRIu64 "us (i/b/h/e/p/c): %" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 ", Tot:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, - run->dynfile->size, util_timeNowMillis() - run->timeStartedMillis, + run->dynfile->size, util_timeNowUSecs() - run->timeStartedUSecs, run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, softCntCmp, run->global->linux.hwCnts.cpuInstrCnt, run->global->linux.hwCnts.cpuBranchCnt, @@ -260,7 +260,7 @@ static bool fuzz_runVerifier(run_t* run) { for (int i = 0; i < _HF_VERIFIER_ITER; i++) { LOG_I("Launching verifier for HASH: %" PRIx64 " (iteration: %d out of %d)", run->backtrace, i + 1, _HF_VERIFIER_ITER); - run->timeStartedMillis = util_timeNowMillis(); + run->timeStartedUSecs = util_timeNowUSecs(); run->backtrace = 0; run->access = 0; run->exception = 0; @@ -375,7 +375,7 @@ static bool fuzz_fetchInput(run_t* run) { } static void fuzz_fuzzLoop(run_t* run) { - run->timeStartedMillis = util_timeNowMillis(); + run->timeStartedUSecs = util_timeNowUSecs(); run->crashFileName[0] = '\0'; run->pc = 0; run->backtrace = 0; @@ -412,7 +412,7 @@ static void fuzz_fuzzLoop(run_t* run) { } static void fuzz_fuzzLoopSocket(run_t* run) { - run->timeStartedMillis = util_timeNowMillis(); + run->timeStartedUSecs = util_timeNowUSecs(); run->crashFileName[0] = '\0'; run->pc = 0; run->backtrace = 0; diff --git a/honggfuzz.c b/honggfuzz.c index 519722cf..2b294b7c 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -211,7 +211,7 @@ static void printSummary(honggfuzz_t* hfuzz) { "peak_rss_mb:%lu", hfuzz->cnts.mutationsCnt, elapsed_sec, exec_per_sec, hfuzz->cnts.crashesCnt, hfuzz->cnts.timeoutedCnt, hfuzz->io.newUnitsAdded, - hfuzz->timing.timeOfLongestUnitInMilliseconds, hfuzz->feedback.covFeedbackMap->guardNb, + hfuzz->timing.timeOfLongestUnitUSecs / 1000U, hfuzz->feedback.covFeedbackMap->guardNb, branch_percent_cov, usage.ru_maxrss); } diff --git a/honggfuzz.h b/honggfuzz.h index 0011f3b2..692d1f44 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -143,7 +143,7 @@ struct _dynfile_t { uint64_t cov[4]; size_t idx; int fd; - uint64_t timeExecMillis; + uint64_t timeExecUSecs; char path[PATH_MAX]; struct _dynfile_t* src; uint32_t refs; @@ -232,7 +232,7 @@ typedef struct { time_t runEndTime; time_t tmOut; time_t lastCovUpdate; - int64_t timeOfLongestUnitInMilliseconds; + int64_t timeOfLongestUnitUSecs; bool tmoutVTALRM; } timing; struct { @@ -249,7 +249,7 @@ typedef struct { struct { bool useScreen; char cmdline_txt[65]; - int64_t lastDisplayMillis; + int64_t lastDisplayUSecs; } display; struct { bool useVerifier; @@ -332,7 +332,7 @@ typedef enum { typedef struct { honggfuzz_t* global; pid_t pid; - int64_t timeStartedMillis; + int64_t timeStartedUSecs; char crashFileName[PATH_MAX]; uint64_t pc; uint64_t backtrace; diff --git a/input.c b/input.c index f6768b3a..8b474463 100644 --- a/input.c +++ b/input.c @@ -378,7 +378,7 @@ void input_addDynamicInput(run_t* run) { dynfile_t* dynfile = (dynfile_t*)util_Calloc(sizeof(dynfile_t)); dynfile->size = run->dynfile->size; memcpy(dynfile->cov, run->dynfile->cov, sizeof(dynfile->cov)); - dynfile->timeExecMillis = util_timeNowMillis() - run->timeStartedMillis; + dynfile->timeExecUSecs = util_timeNowUSecs() - run->timeStartedUSecs; dynfile->data = (uint8_t*)util_AllocCopy(run->dynfile->data, run->dynfile->size); dynfile->src = run->dynfile->src; if (run->dynfile->src) { @@ -440,24 +440,29 @@ bool input_inDynamicCorpus(run_t* run, const char* fname) { return false; } -static inline unsigned input_slowFactor(run_t* run, dynfile_t* dynfile) { +static inline int input_speedFactor(run_t* run, dynfile_t* dynfile) { /* Slower the input, lower the chance of it being tested */ - uint64_t msec_per_run = ((uint64_t)(time(NULL) - run->global->timing.timeStart) * 1000); - msec_per_run /= ATOMIC_GET(run->global->cnts.mutationsCnt); - msec_per_run /= run->global->threads.threadsMax; - /* Cap this to 1-10 ms */ - msec_per_run = HF_CAP(msec_per_run, 1, 10); - - unsigned slow_factor = (unsigned)(dynfile->timeExecMillis / msec_per_run); - return HF_MIN(slow_factor, 20); + uint64_t usecs_per_run = ((uint64_t)(time(NULL) - run->global->timing.timeStart) * 1000000); + usecs_per_run /= ATOMIC_GET(run->global->cnts.mutationsCnt); + usecs_per_run /= run->global->threads.threadsMax; + + /* Cap both vals to 1us-1s */ + usecs_per_run = HF_CAP(usecs_per_run, 1U, 1000000U); + uint64_t sample_exec_usec = HF_CAP(dynfile->timeExecUSecs, 1U, 1000000U); + + if (sample_exec_usec >= usecs_per_run) { + return (int)(sample_exec_usec / usecs_per_run); + } else { + return -(int)(usecs_per_run / sample_exec_usec); + } } -static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile, unsigned* slow_factor) { +static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_factor) { int penalty = 1; { - *slow_factor = input_slowFactor(run, dynfile); - penalty += HF_CAP(((int)*slow_factor - 3), -15, 30); + *speed_factor = input_speedFactor(run, dynfile); + penalty += HF_CAP(*speed_factor, -30, 30); } { @@ -503,7 +508,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { LOG_F("The dynamic file corpus is empty. This shouldn't happen"); } - unsigned slow_factor = 0; + int speed_factor = 0; for (;;) { MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); @@ -514,7 +519,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { current = run->global->io.dynfileqCurrent; run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); - unsigned skip_factor = input_skipFactor(run, current, &slow_factor); + unsigned skip_factor = input_skipFactor(run, current, &speed_factor); if ((util_rnd64() % skip_factor) == 0) { break; } @@ -523,14 +528,14 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { input_setSize(run, current->size); memcpy(run->dynfile->cov, current->cov, sizeof(run->dynfile->cov)); run->dynfile->idx = current->idx; - run->dynfile->timeExecMillis = current->timeExecMillis; + run->dynfile->timeExecUSecs = current->timeExecUSecs; snprintf(run->dynfile->path, sizeof(run->dynfile->path), "%s", current->path); run->dynfile->src = current; run->dynfile->refs = 0; memcpy(run->dynfile->data, current->data, current->size); if (needs_mangle) { - mangle_mangleContent(run, slow_factor); + mangle_mangleContent(run, speed_factor); } return true; diff --git a/libhfcommon/util.c b/libhfcommon/util.c index ac344ac4..8733b1f9 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -243,13 +243,13 @@ uint64_t util_hash(const char* buf, size_t len) { return ret; } -int64_t util_timeNowMillis(void) { +int64_t util_timeNowUSecs(void) { struct timeval tv; if (gettimeofday(&tv, NULL) == -1) { PLOG_F("gettimeofday()"); } - return (((int64_t)tv.tv_sec * 1000LL) + ((int64_t)tv.tv_usec / 1000LL)); + return (((int64_t)tv.tv_sec * 1000000) + (int64_t)tv.tv_usec); } void util_sleepForMSec(uint64_t msec) { diff --git a/libhfcommon/util.h b/libhfcommon/util.h index f1a7a869..6002a1cf 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -133,7 +133,7 @@ extern bool util_64bitValInBinary(uint32_t v); extern uint64_t util_hash(const char* buf, size_t len); extern int64_t fastArray64Search(uint64_t* array, size_t arraySz, uint64_t key); -extern int64_t util_timeNowMillis(void); +extern int64_t util_timeNowUSecs(void); extern void util_sleepForMSec(uint64_t msec); extern uint64_t util_getUINT32(const uint8_t* buf); diff --git a/mangle.c b/mangle.c index bcea4bae..ed155103 100644 --- a/mangle.c +++ b/mangle.c @@ -825,7 +825,7 @@ static void mangle_Resize(run_t* run, bool printable) { } } -void mangle_mangleContent(run_t* run, unsigned slow_factor) { +void mangle_mangleContent(run_t* run, int speed_factor) { static void (*const mangleFuncs[])(run_t * run, bool printable) = { /* Every *Insert or Expand expands file, so add more Shrink's */ mangle_Shrink, @@ -868,18 +868,18 @@ void mangle_mangleContent(run_t* run, unsigned slow_factor) { } uint64_t changesCnt = run->global->mutate.mutationsPerRun; - switch (slow_factor) { - case 0 ... 3: - changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); - break; - default: - /* Give it a good shake-up, if it's a slow input */ - changesCnt = HF_MIN(slow_factor, 20); - changesCnt = HF_MAX(changesCnt, run->global->mutate.mutationsPerRun); - break; + + if (speed_factor <= 1) { + changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); + } else if (speed_factor <= 3) { + changesCnt = run->global->mutate.mutationsPerRun; + } else { + changesCnt = HF_MIN(speed_factor, 20); + changesCnt = HF_MAX(changesCnt, run->global->mutate.mutationsPerRun); } - if ((util_timeNowMillis() - ATOMIC_GET(run->global->timing.lastCovUpdate)) > 5000) { + /* If last coverage acquisition was mroe than 5 secs ago, use splicing more frequently */ + if ((util_timeNowUSecs() - ATOMIC_GET(run->global->timing.lastCovUpdate)) > 5000000) { switch (util_rnd64() % 4) { case 0: mangle_SpliceOverwrite(run, run->global->cfg.only_printable); diff --git a/mangle.h b/mangle.h index 0fccfcac..f8f3988c 100644 --- a/mangle.h +++ b/mangle.h @@ -26,6 +26,6 @@ #include "honggfuzz.h" -extern void mangle_mangleContent(run_t* run, unsigned slow_factor); +extern void mangle_mangleContent(run_t* run, int speed_factor); #endif diff --git a/subproc.c b/subproc.c index f903b456..7e2163fd 100644 --- a/subproc.c +++ b/subproc.c @@ -429,13 +429,13 @@ bool subproc_Run(run_t* run) { arch_prepareParent(run); arch_reapChild(run); - int64_t diffMillis = util_timeNowMillis() - run->timeStartedMillis; + int64_t diffUSecs = util_timeNowUSecs() - run->timeStartedUSecs; { static pthread_mutex_t local_mutex = PTHREAD_MUTEX_INITIALIZER; MX_SCOPED_LOCK(&local_mutex); - if (diffMillis >= ATOMIC_GET(run->global->timing.timeOfLongestUnitInMilliseconds)) { - ATOMIC_SET(run->global->timing.timeOfLongestUnitInMilliseconds, diffMillis); + if (diffUSecs >= ATOMIC_GET(run->global->timing.timeOfLongestUnitUSecs)) { + ATOMIC_SET(run->global->timing.timeOfLongestUnitUSecs, diffUSecs); } } @@ -506,17 +506,17 @@ void subproc_checkTimeLimit(run_t* run) { return; } - int64_t curMillis = util_timeNowMillis(); - int64_t diffMillis = curMillis - run->timeStartedMillis; + int64_t curUSecs = util_timeNowUSecs(); + int64_t diffUSecs = curUSecs - run->timeStartedUSecs; - if (run->tmOutSignaled && (diffMillis > ((run->global->timing.tmOut + 1) * 1000))) { + if (run->tmOutSignaled && (diffUSecs > ((run->global->timing.tmOut + 1) * 1000000))) { /* Has this instance been already signaled due to timeout? Just, SIGKILL it */ LOG_W("pid=%d has already been signaled due to timeout. Killing it with SIGKILL", run->pid); kill(run->pid, SIGKILL); return; } - if ((diffMillis > (run->global->timing.tmOut * 1000)) && !run->tmOutSignaled) { + if ((diffUSecs > (run->global->timing.tmOut * 1000000)) && !run->tmOutSignaled) { run->tmOutSignaled = true; LOG_W("pid=%d took too much time (limit %ld s). Killing it with %s", (int)run->pid, (long)run->global->timing.tmOut, -- cgit v1.2.3 From b7633138cff2db0bddcee7d6f5da031831557b23 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 29 Mar 2020 22:05:35 +0200 Subject: fuzz: use non-monetary printf separator --- display.c | 3 --- fuzz.c | 6 +++--- honggfuzz.h | 3 +++ 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/display.c b/display.c index 81baf3bf..dff8cde0 100644 --- a/display.c +++ b/display.c @@ -53,9 +53,6 @@ #define ESC_NAV_HORIZ(x) "\033[" #x "G" #define ESC_RESET_SETTINGS "\033[!p" -/* printf() nonmonetary separator. According to MacOSX's man it's supported there as well */ -#define _HF_NONMON_SEP "'" - static char displayBuf[1024 * 1024]; static void display_start(void) { memset(displayBuf, '\0', sizeof(displayBuf)); diff --git a/fuzz.c b/fuzz.c index c505de3e..4e1ea3f4 100644 --- a/fuzz.c +++ b/fuzz.c @@ -219,9 +219,9 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.softCntEdge += softCntEdge; run->global->linux.hwCnts.softCntCmp += softCntCmp; - LOG_I("Size:%zu Time:%" PRIu64 "us (i/b/h/e/p/c): %" PRIu64 "/%" PRIu64 "/%" PRIu64 - "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 ", Tot:%" PRIu64 "/%" PRIu64 "/%" PRIu64 - "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, + LOG_I("Size:%zu Time:%" _HF_NONMON_SEP PRIu64 "us (i/b/h/e/p/c): %" PRIu64 "/%" PRIu64 + "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 ", Tot:%" PRIu64 "/%" PRIu64 + "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, run->dynfile->size, util_timeNowUSecs() - run->timeStartedUSecs, run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, softCntCmp, diff --git a/honggfuzz.h b/honggfuzz.h index 692d1f44..2c184a18 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -105,6 +105,9 @@ static const uint8_t HFReadyTag = 'R'; /* HF NetDriver signature - if found within file, it means it's a NetDriver-based binary */ #define _HF_NETDRIVER_SIG "\x01_LIBHFUZZ_NETDRIVER_BINARY_SIGNATURE_\x02\xFF" +/* printf() nonmonetary separator. According to MacOSX's man it's supported there as well */ +#define _HF_NONMON_SEP "'" + typedef enum { _HF_DYNFILE_NONE = 0x0, _HF_DYNFILE_INSTR_COUNT = 0x1, -- cgit v1.2.3 From adcbaf3d27472b6908d00ef937ff2ed382950fb1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 29 Mar 2020 23:48:49 +0200 Subject: hfuzz-cc: add a C++ wrapper --- libhfuzz/memorycmp.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 991d99e4..420fcba9 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -542,3 +542,9 @@ HF_WEAK_WRAP(bool, g_str_has_suffix, const char* str, const char* suffix) { return ( HF_strcmp(str + str_len - suffix_len, suffix, (uintptr_t)__builtin_return_address(0)) == 0); } + +/* C++ wrappers */ +int _ZNSt11char_traitsIcE7compareEPKcS2_m(const char* s1, const char* s2, size_t count) { + return HF_memcmp( + s1, s2, count, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); +} -- cgit v1.2.3 From 4ff004700c3da264a2e8a867af1d97ed1d93ebd0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 30 Mar 2020 01:02:55 +0200 Subject: input: put tighter limits on the skip factor --- input.c | 35 ++++++++++++++++------------------- libhfuzz/memorycmp.c | 3 +-- 2 files changed, 17 insertions(+), 21 deletions(-) diff --git a/input.c b/input.c index 8b474463..8690fcdb 100644 --- a/input.c +++ b/input.c @@ -457,25 +457,26 @@ static inline int input_speedFactor(run_t* run, dynfile_t* dynfile) { } } -static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_factor) { - int penalty = 1; +static inline int input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_factor) { + int penalty = 0; { *speed_factor = input_speedFactor(run, dynfile); - penalty += HF_CAP(*speed_factor, -30, 30); + penalty += HF_CAP(*speed_factor, -15, 15); } { /* Older inputs -> lower chance of being tested */ - const int scaleMap[] = { - [99 ... 200] = -10, - [96 ... 98] = -3, + static const int scaleMap[] = { + [100 ... 200] = -15, + [98 ... 99] = -5, + [96 ... 97] = -2, [91 ... 95] = -1, [81 ... 90] = 0, [71 ... 80] = 1, - [61 ... 70] = 3, - [41 ... 60] = 5, - [0 ... 40] = 10, + [61 ... 70] = 2, + [41 ... 60] = 3, + [0 ... 40] = 5, }; const unsigned percentile = (dynfile->idx * 100) / run->global->io.dynfileqCnt; @@ -484,21 +485,17 @@ static inline unsigned input_skipFactor(run_t* run, dynfile_t* dynfile, int* spe { /* If the input wasn't source of other inputs so far, make it less likely to be tested */ - penalty += HF_CAP((2 - (int)dynfile->refs * 5), -15, 15); + penalty += HF_CAP((2 - (int)dynfile->refs) * 2, -15, 15); } { - /* Add penalty for the input being too big - 0 is for 256B input */ + /* Add penalty for the input being too big - 0 is for 256B inputs */ if (dynfile->size > 0) { - penalty += HF_CAP(((int)util_Log2(dynfile->size) - 8), -15, 15); + penalty += HF_CAP(((int)util_Log2(dynfile->size) - 8) / 4, -15, 15); } } - if (penalty < 1) { - penalty = 1; - } - - return (unsigned)penalty; + return penalty; } bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { @@ -519,8 +516,8 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { current = run->global->io.dynfileqCurrent; run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); - unsigned skip_factor = input_skipFactor(run, current, &speed_factor); - if ((util_rnd64() % skip_factor) == 0) { + int skip_factor = input_skipFactor(run, current, &speed_factor); + if (skip_factor <= 0 || (util_rnd64() % skip_factor) == 0) { break; } } diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 420fcba9..6feb3562 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -545,6 +545,5 @@ HF_WEAK_WRAP(bool, g_str_has_suffix, const char* str, const char* suffix) { /* C++ wrappers */ int _ZNSt11char_traitsIcE7compareEPKcS2_m(const char* s1, const char* s2, size_t count) { - return HF_memcmp( - s1, s2, count, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); + return HF_memcmp(s1, s2, count, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } -- cgit v1.2.3 From 622753574273ce8ea5bff33b46bca8213e1164a4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 30 Mar 2020 16:13:12 +0200 Subject: input: call vars in input_speedFactor in a more meaningful way --- input.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/input.c b/input.c index 8690fcdb..d204ffd5 100644 --- a/input.c +++ b/input.c @@ -442,18 +442,19 @@ bool input_inDynamicCorpus(run_t* run, const char* fname) { static inline int input_speedFactor(run_t* run, dynfile_t* dynfile) { /* Slower the input, lower the chance of it being tested */ - uint64_t usecs_per_run = ((uint64_t)(time(NULL) - run->global->timing.timeStart) * 1000000); - usecs_per_run /= ATOMIC_GET(run->global->cnts.mutationsCnt); - usecs_per_run /= run->global->threads.threadsMax; + uint64_t avg_usecs_per_input = + ((uint64_t)(time(NULL) - run->global->timing.timeStart) * 1000000); + avg_usecs_per_input /= ATOMIC_GET(run->global->cnts.mutationsCnt); + avg_usecs_per_input /= run->global->threads.threadsMax; /* Cap both vals to 1us-1s */ - usecs_per_run = HF_CAP(usecs_per_run, 1U, 1000000U); - uint64_t sample_exec_usec = HF_CAP(dynfile->timeExecUSecs, 1U, 1000000U); + avg_usecs_per_input = HF_CAP(avg_usecs_per_input, 1U, 1000000U); + uint64_t sample_usecs = HF_CAP(dynfile->timeExecUSecs, 1U, 1000000U); - if (sample_exec_usec >= usecs_per_run) { - return (int)(sample_exec_usec / usecs_per_run); + if (sample_usecs >= avg_usecs_per_input) { + return (int)(sample_usecs / avg_usecs_per_input); } else { - return -(int)(usecs_per_run / sample_exec_usec); + return -(int)(avg_usecs_per_input / sample_usecs); } } -- cgit v1.2.3 From 275bacf6284a467f161cc4734428afdf824b9a9a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 30 Mar 2020 16:22:03 +0200 Subject: honggfuzz: rename pidFeedback* to more correct pidNew* --- fuzz.c | 22 ++++++++++++++-------- honggfuzz.h | 9 ++++++--- libhfuzz/instrument.c | 36 ++++++++++++++++++------------------ 3 files changed, 38 insertions(+), 29 deletions(-) diff --git a/fuzz.c b/fuzz.c index 4e1ea3f4..42dbbe0f 100644 --- a/fuzz.c +++ b/fuzz.c @@ -192,15 +192,13 @@ static void fuzz_perfFeedback(run_t* run) { wmb(); }; - uint64_t softCntPc = - ATOMIC_GET(run->global->feedback.covFeedbackMap->pidFeedbackPc[run->fuzzNo]); - ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidFeedbackPc[run->fuzzNo]); + uint64_t softCntPc = ATOMIC_GET(run->global->feedback.covFeedbackMap->pidNewPC[run->fuzzNo]); + ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidNewPC[run->fuzzNo]); uint64_t softCntEdge = - ATOMIC_GET(run->global->feedback.covFeedbackMap->pidFeedbackEdge[run->fuzzNo]); - ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidFeedbackEdge[run->fuzzNo]); - uint64_t softCntCmp = - ATOMIC_GET(run->global->feedback.covFeedbackMap->pidFeedbackCmp[run->fuzzNo]); - ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidFeedbackCmp[run->fuzzNo]); + ATOMIC_GET(run->global->feedback.covFeedbackMap->pidNewEdge[run->fuzzNo]); + ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidNewEdge[run->fuzzNo]); + uint64_t softCntCmp = ATOMIC_GET(run->global->feedback.covFeedbackMap->pidNewCmp[run->fuzzNo]); + ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidNewCmp[run->fuzzNo]); int64_t diff0 = run->global->linux.hwCnts.cpuInstrCnt - run->linux.hwCnts.cpuInstrCnt; int64_t diff1 = run->global->linux.hwCnts.cpuBranchCnt - run->linux.hwCnts.cpuBranchCnt; @@ -229,6 +227,14 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); + /* Update per-input coverage metrics */ + run->dynfile->cov[0] = + ATOMIC_GET(run->global->feedback.covFeedbackMap->pidTotalPC[run->fuzzNo]) + + ATOMIC_GET(run->global->feedback.covFeedbackMap->pidTotalEdge[run->fuzzNo]); + run->dynfile->cov[1] = + ATOMIC_GET(run->global->feedback.covFeedbackMap->pidTotalCmp[run->fuzzNo]); + run->dynfile->cov[2] = run->linux.hwCnts.cpuInstrCnt + run->linux.hwCnts.cpuBranchCnt; + run->dynfile->cov[3] = run->dynfile->size ? (64 - util_Log2(run->dynfile->size)) : 64; input_addDynamicInput(run); if (run->global->socketFuzzer.enabled) { diff --git a/honggfuzz.h b/honggfuzz.h index 2c184a18..3e5b9add 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -166,10 +166,13 @@ typedef struct { uint8_t pcGuardMap[_HF_PC_GUARD_MAX]; uint8_t bbMapPc[_HF_PERF_BITMAP_SIZE_16M]; uint32_t bbMapCmp[_HF_PERF_BITMAP_SIZE_16M]; - uint64_t pidFeedbackPc[_HF_THREAD_MAX]; - uint64_t pidFeedbackEdge[_HF_THREAD_MAX]; - uint64_t pidFeedbackCmp[_HF_THREAD_MAX]; + uint64_t pidNewPC[_HF_THREAD_MAX]; + uint64_t pidNewEdge[_HF_THREAD_MAX]; + uint64_t pidNewCmp[_HF_THREAD_MAX]; uint64_t guardNb; + uint64_t pidTotalPC[_HF_THREAD_MAX]; + uint64_t pidTotalEdge[_HF_THREAD_MAX]; + uint64_t pidTotalCmp[_HF_THREAD_MAX]; } feedback_t; typedef struct { diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index c8716766..60f28672 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -219,7 +219,7 @@ HF_REQUIRE_SSE42_POPCNT void __cyg_profile_func_enter(void* func, void* caller) (((uintptr_t)func << 12) | ((uintptr_t)caller & 0xFFF)) & _HF_PERF_BITMAP_BITSZ_MASK; register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { - ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); + ATOMIC_PRE_INC_RELAXED(covFeedback->pidNewPC[my_thread_no]); wmb(); } } @@ -237,7 +237,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_pc_internal(uintptr_t pc) register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, ret); if (!prev) { - ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); + ATOMIC_PRE_INC_RELAXED(covFeedback->pidNewPC[my_thread_no]); wmb(); } } @@ -260,7 +260,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp1_internal( uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); } } @@ -272,7 +272,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp2_internal( uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); } } @@ -284,7 +284,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp4_internal( uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); } } @@ -296,7 +296,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp8_internal( uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); } } @@ -437,7 +437,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); } } @@ -463,7 +463,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div8(uint64_t Val) { uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); } } @@ -474,7 +474,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div4(uint32_t Val) { uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); } } @@ -489,7 +489,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_indir(uintptr_t callee) { register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { - ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); + ATOMIC_PRE_INC_RELAXED(covFeedback->pidNewPC[my_thread_no]); wmb(); } } @@ -506,7 +506,7 @@ __attribute__((weak)) HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_indir_call16( register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { - ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackPc[my_thread_no]); + ATOMIC_PRE_INC_RELAXED(covFeedback->pidNewPC[my_thread_no]); wmb(); } } @@ -573,7 +573,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { if (!ATOMIC_GET(covFeedback->pcGuardMap[*guard])) { bool prev = ATOMIC_XCHG(covFeedback->pcGuardMap[*guard], true); if (prev == false) { - ATOMIC_PRE_INC_RELAXED(covFeedback->pidFeedbackEdge[my_thread_no]); + ATOMIC_PRE_INC_RELAXED(covFeedback->pidNewEdge[my_thread_no]); } wmb(); } @@ -614,9 +614,9 @@ void instrument8BitCountersCount(void) { if (ATOMIC_GET(covFeedback->pcGuardMap[guard]) < newval) { const uint8_t prevval = ATOMIC_POST_OR(covFeedback->pcGuardMap[guard], newval); if (!prevval) { - ATOMIC_PRE_INC(covFeedback->pidFeedbackEdge[my_thread_no]); + ATOMIC_PRE_INC(covFeedback->pidNewEdge[my_thread_no]); } else if (prevval < newval) { - ATOMIC_PRE_INC(covFeedback->pidFeedbackCmp[my_thread_no]); + ATOMIC_PRE_INC(covFeedback->pidNewCmp[my_thread_no]); } } } @@ -665,7 +665,7 @@ bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { uint32_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidFeedbackCmp[my_thread_no], v - prev); + ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); return true; } @@ -674,9 +674,9 @@ bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { /* Reset the counters of newly discovered edges/pcs/features */ void instrumentClearNewCov() { - covFeedback->pidFeedbackPc[my_thread_no] = 0U; - covFeedback->pidFeedbackEdge[my_thread_no] = 0U; - covFeedback->pidFeedbackCmp[my_thread_no] = 0U; + covFeedback->pidNewPC[my_thread_no] = 0U; + covFeedback->pidNewEdge[my_thread_no] = 0U; + covFeedback->pidNewCmp[my_thread_no] = 0U; wmb(); } -- cgit v1.2.3 From 543b3168b36978f568e39583f9038088f0f434f1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 30 Mar 2020 17:32:13 +0200 Subject: fuzz/libhfuzz: set/analyze the number of total PC/EDGE/CMP values per input --- fuzz.c | 47 +++++++++++++++++++++++++++-------------------- libhfuzz/instrument.c | 22 +++++++++++++++++++++- 2 files changed, 48 insertions(+), 21 deletions(-) diff --git a/fuzz.c b/fuzz.c index 42dbbe0f..8929e03e 100644 --- a/fuzz.c +++ b/fuzz.c @@ -192,19 +192,30 @@ static void fuzz_perfFeedback(run_t* run) { wmb(); }; - uint64_t softCntPc = ATOMIC_GET(run->global->feedback.covFeedbackMap->pidNewPC[run->fuzzNo]); + uint64_t softNewPC = ATOMIC_GET(run->global->feedback.covFeedbackMap->pidNewPC[run->fuzzNo]); ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidNewPC[run->fuzzNo]); - uint64_t softCntEdge = + uint64_t softCurPC = ATOMIC_GET(run->global->feedback.covFeedbackMap->pidTotalPC[run->fuzzNo]); + ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidTotalPC[run->fuzzNo]); + + uint64_t softNewEdge = ATOMIC_GET(run->global->feedback.covFeedbackMap->pidNewEdge[run->fuzzNo]); ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidNewEdge[run->fuzzNo]); - uint64_t softCntCmp = ATOMIC_GET(run->global->feedback.covFeedbackMap->pidNewCmp[run->fuzzNo]); + uint64_t softCurEdge = + ATOMIC_GET(run->global->feedback.covFeedbackMap->pidTotalEdge[run->fuzzNo]); + ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidTotalEdge[run->fuzzNo]); + + uint64_t softNewCmp = ATOMIC_GET(run->global->feedback.covFeedbackMap->pidNewCmp[run->fuzzNo]); ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidNewCmp[run->fuzzNo]); + uint64_t softCurCmp = + ATOMIC_GET(run->global->feedback.covFeedbackMap->pidTotalCmp[run->fuzzNo]); + ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidTotalCmp[run->fuzzNo]); - int64_t diff0 = run->global->linux.hwCnts.cpuInstrCnt - run->linux.hwCnts.cpuInstrCnt; - int64_t diff1 = run->global->linux.hwCnts.cpuBranchCnt - run->linux.hwCnts.cpuBranchCnt; + int64_t diff0 = (int64_t)run->global->linux.hwCnts.cpuInstrCnt - run->linux.hwCnts.cpuInstrCnt; + int64_t diff1 = + (int64_t)run->global->linux.hwCnts.cpuBranchCnt - run->linux.hwCnts.cpuBranchCnt; /* Any increase in coverage (edge, pc, cmp, hw) counters forces adding input to the corpus */ - if (run->linux.hwCnts.newBBCnt > 0 || softCntPc > 0 || softCntEdge > 0 || softCntCmp > 0 || + if (run->linux.hwCnts.newBBCnt > 0 || softNewPC > 0 || softNewEdge > 0 || softNewCmp > 0 || diff0 < 0 || diff1 < 0) { if (diff0 < 0) { run->global->linux.hwCnts.cpuInstrCnt = run->linux.hwCnts.cpuInstrCnt; @@ -213,26 +224,22 @@ static void fuzz_perfFeedback(run_t* run) { run->global->linux.hwCnts.cpuBranchCnt = run->linux.hwCnts.cpuBranchCnt; } run->global->linux.hwCnts.bbCnt += run->linux.hwCnts.newBBCnt; - run->global->linux.hwCnts.softCntPc += softCntPc; - run->global->linux.hwCnts.softCntEdge += softCntEdge; - run->global->linux.hwCnts.softCntCmp += softCntCmp; + run->global->linux.hwCnts.softCntPc += softNewPC; + run->global->linux.hwCnts.softCntEdge += softNewEdge; + run->global->linux.hwCnts.softCntCmp += softNewCmp; - LOG_I("Size:%zu Time:%" _HF_NONMON_SEP PRIu64 "us (i/b/h/e/p/c): %" PRIu64 "/%" PRIu64 - "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 ", Tot:%" PRIu64 "/%" PRIu64 + LOG_I("Sz:%zu Tm:%" _HF_NONMON_SEP PRIu64 "us (i/b/h/e/p/c) New:%" PRIu64 "/%" PRIu64 + "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 ", Cur:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, run->dynfile->size, util_timeNowUSecs() - run->timeStartedUSecs, run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, - run->linux.hwCnts.newBBCnt, softCntEdge, softCntPc, softCntCmp, - run->global->linux.hwCnts.cpuInstrCnt, run->global->linux.hwCnts.cpuBranchCnt, - run->global->linux.hwCnts.bbCnt, run->global->linux.hwCnts.softCntEdge, - run->global->linux.hwCnts.softCntPc, run->global->linux.hwCnts.softCntCmp); + run->linux.hwCnts.newBBCnt, softNewEdge, softNewPC, softNewCmp, + run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, run->linux.hwCnts.bbCnt, + softCurEdge, softCurPC, softCurCmp); /* Update per-input coverage metrics */ - run->dynfile->cov[0] = - ATOMIC_GET(run->global->feedback.covFeedbackMap->pidTotalPC[run->fuzzNo]) + - ATOMIC_GET(run->global->feedback.covFeedbackMap->pidTotalEdge[run->fuzzNo]); - run->dynfile->cov[1] = - ATOMIC_GET(run->global->feedback.covFeedbackMap->pidTotalCmp[run->fuzzNo]); + run->dynfile->cov[0] = softCurEdge + softCurPC + run->linux.hwCnts.bbCnt; + run->dynfile->cov[1] = softCurCmp; run->dynfile->cov[2] = run->linux.hwCnts.cpuInstrCnt + run->linux.hwCnts.cpuBranchCnt; run->dynfile->cov[3] = run->dynfile->size ? (64 - util_Log2(run->dynfile->size)) : 64; input_addDynamicInput(run); diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 60f28672..dc9403a3 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -589,6 +589,13 @@ static struct { void instrument8BitCountersCount(void) { rmb(); + ATOMIC_CLEAR(covFeedback->pidTotalPC[my_thread_no]); + ATOMIC_CLEAR(covFeedback->pidTotalEdge[my_thread_no]); + ATOMIC_CLEAR(covFeedback->pidTotalCmp[my_thread_no]); + + uint64_t totalEdge = 0; + uint64_t totalCmp = 0; + for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters) && hf8bitcounters[i].start; i++) { for (size_t j = 0; j < hf8bitcounters[i].cnt; j++) { const uint8_t v = hf8bitcounters[i].start[j]; @@ -609,8 +616,9 @@ void instrument8BitCountersCount(void) { [65 ... 255] = 1U << 7, }; const uint8_t newval = scaleMap[v]; - const size_t guard = hf8bitcounters[i].guard + j; + + /* New hits */ if (ATOMIC_GET(covFeedback->pcGuardMap[guard]) < newval) { const uint8_t prevval = ATOMIC_POST_OR(covFeedback->pcGuardMap[guard], newval); if (!prevval) { @@ -619,9 +627,21 @@ void instrument8BitCountersCount(void) { ATOMIC_PRE_INC(covFeedback->pidNewCmp[my_thread_no]); } } + + /* Total hits */ + { + totalEdge++; + if (v > 1) { + totalCmp += newval; + } + } } } + ATOMIC_SET(covFeedback->pidTotalPC[my_thread_no], 0); + ATOMIC_SET(covFeedback->pidTotalEdge[my_thread_no], totalEdge); + ATOMIC_SET(covFeedback->pidTotalCmp[my_thread_no], totalCmp); + wmb(); } -- cgit v1.2.3 From 8e8f7f076725d3979bf34658054e6a312eee4e03 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 31 Mar 2020 01:11:43 +0200 Subject: libhfcommon: remove ATOMIC_POST_OR_RELAXED and adjust callers --- libhfcommon/util.h | 3 --- libhfuzz/instrument.c | 19 +++++++++---------- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/libhfcommon/util.h b/libhfcommon/util.h index 6002a1cf..a6d153b4 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -66,9 +66,6 @@ #define ATOMIC_PRE_OR(x, y) __atomic_or_fetch(&(x), y, __ATOMIC_RELAXED) #define ATOMIC_POST_OR(x, y) __atomic_fetch_or(&(x), y, __ATOMIC_RELAXED) -#define ATOMIC_PRE_INC_RELAXED(x) __atomic_add_fetch(&(x), 1, __ATOMIC_RELAXED) -#define ATOMIC_POST_OR_RELAXED(x, y) __atomic_fetch_or(&(x), y, __ATOMIC_RELAXED) - __attribute__((always_inline)) static inline bool ATOMIC_BITMAP_SET(uint8_t* addr, size_t offset) { addr += (offset / 8); uint8_t mask = (1U << (offset % 8)); diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index dc9403a3..260c4dbb 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -219,7 +219,7 @@ HF_REQUIRE_SSE42_POPCNT void __cyg_profile_func_enter(void* func, void* caller) (((uintptr_t)func << 12) | ((uintptr_t)caller & 0xFFF)) & _HF_PERF_BITMAP_BITSZ_MASK; register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { - ATOMIC_PRE_INC_RELAXED(covFeedback->pidNewPC[my_thread_no]); + ATOMIC_PRE_INC(covFeedback->pidNewPC[my_thread_no]); wmb(); } } @@ -237,7 +237,7 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_pc_internal(uintptr_t pc) register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, ret); if (!prev) { - ATOMIC_PRE_INC_RELAXED(covFeedback->pidNewPC[my_thread_no]); + ATOMIC_PRE_INC(covFeedback->pidNewPC[my_thread_no]); wmb(); } } @@ -489,7 +489,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_indir(uintptr_t callee) { register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { - ATOMIC_PRE_INC_RELAXED(covFeedback->pidNewPC[my_thread_no]); + ATOMIC_PRE_INC(covFeedback->pidNewPC[my_thread_no]); wmb(); } } @@ -506,7 +506,7 @@ __attribute__((weak)) HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_indir_call16( register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); if (!prev) { - ATOMIC_PRE_INC_RELAXED(covFeedback->pidNewPC[my_thread_no]); + ATOMIC_PRE_INC(covFeedback->pidNewPC[my_thread_no]); wmb(); } } @@ -573,7 +573,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { if (!ATOMIC_GET(covFeedback->pcGuardMap[*guard])) { bool prev = ATOMIC_XCHG(covFeedback->pcGuardMap[*guard], true); if (prev == false) { - ATOMIC_PRE_INC_RELAXED(covFeedback->pidNewEdge[my_thread_no]); + ATOMIC_PRE_INC(covFeedback->pidNewEdge[my_thread_no]); } wmb(); } @@ -624,7 +624,7 @@ void instrument8BitCountersCount(void) { if (!prevval) { ATOMIC_PRE_INC(covFeedback->pidNewEdge[my_thread_no]); } else if (prevval < newval) { - ATOMIC_PRE_INC(covFeedback->pidNewCmp[my_thread_no]); + ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], newval); } } @@ -638,7 +638,6 @@ void instrument8BitCountersCount(void) { } } - ATOMIC_SET(covFeedback->pidTotalPC[my_thread_no], 0); ATOMIC_SET(covFeedback->pidTotalEdge[my_thread_no], totalEdge); ATOMIC_SET(covFeedback->pidTotalCmp[my_thread_no], totalCmp); @@ -694,9 +693,9 @@ bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { /* Reset the counters of newly discovered edges/pcs/features */ void instrumentClearNewCov() { - covFeedback->pidNewPC[my_thread_no] = 0U; - covFeedback->pidNewEdge[my_thread_no] = 0U; - covFeedback->pidNewCmp[my_thread_no] = 0U; + ATOMIC_CLEAR(covFeedback->pidNewPC[my_thread_no]); + ATOMIC_CLEAR(covFeedback->pidNewEdge[my_thread_no]); + ATOMIC_CLEAR(covFeedback->pidNewCmp[my_thread_no]); wmb(); } -- cgit v1.2.3 From 0f3001e5b5407ae094781406361182ae151afdde Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 31 Mar 2020 16:37:41 +0200 Subject: hfuzz-cc: remove -fno-inline as it produces fewer pc-guards --- hfuzz_cc/hfuzz-cc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 2ad0634a..32b70f7d 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -313,7 +313,6 @@ static void commonPreOpts(int* j, char** args) { * Make the execution flow more explicit, allowing for more code blocks * (and better code coverage estimates) */ - args[(*j)++] = "-fno-inline"; args[(*j)++] = "-fno-builtin"; args[(*j)++] = "-fno-omit-frame-pointer"; args[(*j)++] = "-D__NO_STRING_INLINES"; -- cgit v1.2.3 From 7c34b297d365d1f9fbfc230db7504c8aca384608 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 31 Mar 2020 16:49:04 +0200 Subject: hfuzz-cc: set inlining threshold to 2000 insn --- hfuzz_cc/hfuzz-cc.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 32b70f7d..b0b152e8 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -313,6 +313,12 @@ static void commonPreOpts(int* j, char** args) { * Make the execution flow more explicit, allowing for more code blocks * (and better code coverage estimates) */ + if (isGCC) { + args[(*j)++] = "--param max-inline-insns-single=2000"; + } else { + args[(*j)++] = "-mllvm"; + args[(*j)++] = "-inline-threshold=2000"; + } args[(*j)++] = "-fno-builtin"; args[(*j)++] = "-fno-omit-frame-pointer"; args[(*j)++] = "-D__NO_STRING_INLINES"; -- cgit v1.2.3 From c7ce11b1a0f7ffbf54637ee5e02ab3ca4e35f9a4 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 31 Mar 2020 18:15:15 +0200 Subject: mangle: implement SpliceAppend() --- mangle.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/mangle.c b/mangle.c index ed155103..f7b92abb 100644 --- a/mangle.c +++ b/mangle.c @@ -764,7 +764,7 @@ static void mangle_SpliceOverwrite(run_t* run, bool printable) { size_t remoteOff = mangle_getLen(sz) - 1; size_t localOff = mangle_getOffSet(run); - size_t len = mangle_getLen(HF_MIN(sz - remoteOff, run->dynfile->size - localOff)); + size_t len = mangle_getLen(sz - remoteOff); mangle_Overwrite(run, localOff, &buf[remoteOff], len, printable); } @@ -778,7 +778,21 @@ static void mangle_SpliceInsert(run_t* run, bool printable) { size_t remoteOff = mangle_getLen(sz) - 1; size_t localOff = mangle_getOffSet(run); - size_t len = mangle_getLen(HF_MIN(sz - remoteOff, run->dynfile->size - localOff)); + size_t len = mangle_getLen(sz - remoteOff); + mangle_Insert(run, localOff, &buf[remoteOff], len, printable); +} + +static void mangle_SpliceAppend(run_t* run, bool printable) { + const uint8_t* buf; + size_t sz = input_getRandomInputAsBuf(run, &buf); + if (!sz) { + mangle_BytesInsert(run, printable); + return; + } + + size_t remoteOff = mangle_getLen(sz) - 1; + size_t localOff = run->dynfile->size; + size_t len = mangle_getLen(sz - remoteOff); mangle_Insert(run, localOff, &buf[remoteOff], len, printable); } @@ -858,6 +872,7 @@ void mangle_mangleContent(run_t* run, int speed_factor) { mangle_RandomInsert, mangle_SpliceOverwrite, mangle_SpliceInsert, + mangle_SpliceAppend, }; if (run->mutationsPerRun == 0U) { @@ -880,13 +895,16 @@ void mangle_mangleContent(run_t* run, int speed_factor) { /* If last coverage acquisition was mroe than 5 secs ago, use splicing more frequently */ if ((util_timeNowUSecs() - ATOMIC_GET(run->global->timing.lastCovUpdate)) > 5000000) { - switch (util_rnd64() % 4) { + switch (util_rnd64() % 6) { case 0: mangle_SpliceOverwrite(run, run->global->cfg.only_printable); break; case 1: mangle_SpliceInsert(run, run->global->cfg.only_printable); break; + case 2: + mangle_SpliceAppend(run, run->global->cfg.only_printable); + break; default: break; } -- cgit v1.2.3 From 686993f28338295f3e46185b5d6361c8a9987203 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 1 Apr 2020 17:50:52 +0200 Subject: Disable if_supported network namespace, if the binary has netdriver compiled in --- cmdline.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmdline.c b/cmdline.c index 64532a69..c93d568d 100644 --- a/cmdline.c +++ b/cmdline.c @@ -229,6 +229,10 @@ static bool cmdlineVerify(honggfuzz_t* hfuzz) { LOG_E("Couldn't test binary for signatures"); return false; } + if (hfuzz->exe.netDriver && hfuzz->linux.useNetNs == HF_MAYBE) { + LOG_I("The binary uses netdriver, disabling network namespacing"); + hfuzz->linux.useNetNs = HF_NO; + } if (!hfuzz->exe.fuzzStdin && !hfuzz->exe.persistent && !checkFor_FILE_PLACEHOLDER(hfuzz->exe.cmdline)) { -- cgit v1.2.3 From 4f0ea606fa880636b9bf0d8d94cd04b5fd237f3f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 2 Apr 2020 01:29:46 +0200 Subject: mangle: add mangle_ASCIINumChange() to manipulate values of integers --- mangle.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/mangle.c b/mangle.c index f7b92abb..aca42d78 100644 --- a/mangle.c +++ b/mangle.c @@ -24,6 +24,7 @@ #include "mangle.h" +#include #include #include #include @@ -754,6 +755,51 @@ static void mangle_ASCIINumInsert(run_t* run, bool printable) { mangle_Insert(run, off, (const uint8_t*)buf, len, printable); } +static void mangle_ASCIINumChange(run_t* run, bool printable) { + size_t off = mangle_getOffSet(run); + + /* Find a digit */ + for (; off < run->dynfile->size; off++) { + if (isdigit(run->dynfile->data[off])) { + break; + } + } + if (off == run->dynfile->size) { + return mangle_BytesOverwrite(run, printable); + } + + size_t len = HF_MIN(20, run->dynfile->size - off); + char numbuf[21] = {}; + strncpy(numbuf, (const char*)&run->dynfile->data[off], len); + uint64_t val = (uint64_t)strtoull(numbuf, NULL, 10); + + switch (util_rndGet(0, 5)) { + case 0: + val += util_rndGet(1, 256); + break; + case 1: + val -= util_rndGet(1, 256); + break; + case 2: + val *= util_rndGet(1, 256); + break; + case 3: + val /= util_rndGet(1, 256); + break; + case 4: + val = ~(val); + break; + case 5: + val = util_rnd64(); + break; + default: + LOG_F("Invalid choice"); + }; + + len = HF_MIN((size_t)snprintf(numbuf, sizeof(numbuf), "%" PRIu64, val), len); + mangle_Overwrite(run, off, (const uint8_t*)numbuf, len, printable); +} + static void mangle_SpliceOverwrite(run_t* run, bool printable) { const uint8_t* buf; size_t sz = input_getRandomInputAsBuf(run, &buf); @@ -860,6 +906,7 @@ void mangle_mangleContent(run_t* run, int speed_factor) { mangle_BytesInsert, mangle_ASCIINumOverwrite, mangle_ASCIINumInsert, + mangle_ASCIINumChange, mangle_ByteRepeatOverwrite, mangle_ByteRepeatInsert, mangle_MagicOverwrite, -- cgit v1.2.3 From 942c64b9ec4ea3e17d48a8e7475b4c888ee3b07b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 2 Apr 2020 16:09:28 +0200 Subject: mangle: implement mangle_UseValue and make other functions use it, to use overwrite/insert/append operations --- mangle.c | 197 +++++++++++++++++---------------------------------------------- 1 file changed, 52 insertions(+), 145 deletions(-) diff --git a/mangle.c b/mangle.c index aca42d78..c234b510 100644 --- a/mangle.c +++ b/mangle.c @@ -92,6 +92,9 @@ static inline void mangle_Move(run_t* run, size_t off_from, size_t off_to, size_ if (off_to >= run->dynfile->size) { return; } + if (off_from == off_to) { + return; + } size_t len_from = run->dynfile->size - off_from; len = HF_MIN(len, len_from); @@ -141,6 +144,25 @@ static inline void mangle_Insert( mangle_Overwrite(run, off, val, len, printable); } +static inline void mangle_Append(run_t* run, const uint8_t* val, size_t len, bool printable) { + size_t localOff = run->dynfile->size; + mangle_Insert(run, localOff, val, len, printable); +} + +static inline void mangle_UseValue(run_t* run, const uint8_t* val, size_t len, bool printable) { + switch (util_rnd64() % 3) { + case 0: + mangle_Insert(run, mangle_getOffSet(run), val, len, printable); + break; + case 1: + mangle_Overwrite(run, mangle_getOffSet(run), val, len, printable); + break; + case 2: + mangle_Append(run, val, len, printable); + break; + } +} + static void mangle_MemSwap(run_t* run, bool printable HF_ATTR_UNUSED) { size_t off1 = mangle_getOffSet(run); size_t maxlen1 = run->dynfile->size - off1; @@ -159,25 +181,14 @@ static void mangle_MemSwap(run_t* run, bool printable HF_ATTR_UNUSED) { memcpy(&run->dynfile->data[off2], tmp, len); } -static void mangle_MemCopyOverwrite(run_t* run, bool printable HF_ATTR_UNUSED) { +static void mangle_MemCopy(run_t* run, bool printable HF_ATTR_UNUSED) { size_t off_from = mangle_getOffSet(run); - size_t off_to = mangle_getOffSet(run); size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, run->dynfile->size - off_from)); - mangle_Overwrite(run, off_to, &run->dynfile->data[off_from], len, printable); + mangle_UseValue(run, &run->dynfile->data[off_from], len, printable); } -static void mangle_MemCopyInsert(run_t* run, bool printable) { - size_t off_to = mangle_getOffSet(run); - size_t off_from = mangle_getOffSet(run); - size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, run->dynfile->size - off_from)); - - mangle_Insert(run, off_to, &run->dynfile->data[off_from], len, printable); -} - -static void mangle_BytesOverwrite(run_t* run, bool printable) { - size_t off = mangle_getOffSet(run); - +static void mangle_Bytes(run_t* run, bool printable) { uint16_t buf; if (printable) { util_rndBufPrintable((uint8_t*)&buf, sizeof(buf)); @@ -187,21 +198,7 @@ static void mangle_BytesOverwrite(run_t* run, bool printable) { /* Overwrite with random 1-2-byte values */ size_t toCopy = util_rndGet(1, 2); - mangle_Overwrite(run, off, (uint8_t*)&buf, toCopy, printable); -} - -static void mangle_BytesInsert(run_t* run, bool printable) { - uint16_t buf; - if (printable) { - util_rndBufPrintable((uint8_t*)&buf, sizeof(buf)); - } else { - buf = util_rnd64(); - } - - size_t off = mangle_getOffSet(run); - /* Insert random 1-2-byte values */ - size_t toCopy = util_rndGet(1, 2); - mangle_Insert(run, off, (uint8_t*)&buf, toCopy, printable); + mangle_UseValue(run, (const uint8_t*)&buf, toCopy, printable); } static void mangle_ByteRepeatOverwrite(run_t* run, bool printable) { @@ -211,7 +208,7 @@ static void mangle_ByteRepeatOverwrite(run_t* run, bool printable) { /* No space to repeat */ if (!maxSz) { - mangle_BytesOverwrite(run, printable); + mangle_Bytes(run, printable); return; } @@ -226,7 +223,7 @@ static void mangle_ByteRepeatInsert(run_t* run, bool printable) { /* No space to repeat */ if (!maxSz) { - mangle_BytesInsert(run, printable); + mangle_Bytes(run, printable); return; } @@ -480,38 +477,18 @@ static const struct { {"\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF", 8}, }; -static void mangle_MagicOverwrite(run_t* run, bool printable) { - size_t off = mangle_getOffSet(run); +static void mangle_Magic(run_t* run, bool printable) { uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicVals) - 1); - mangle_Overwrite( - run, off, mangleMagicVals[choice].val, mangleMagicVals[choice].size, printable); -} - -static void mangle_MagicInsert(run_t* run, bool printable) { - uint64_t choice = util_rndGet(0, ARRAYSIZE(mangleMagicVals) - 1); - size_t off = mangle_getOffSet(run); - mangle_Insert(run, off, mangleMagicVals[choice].val, mangleMagicVals[choice].size, printable); -} - -static void mangle_DictionaryOverwrite(run_t* run, bool printable) { - if (run->global->mutate.dictionaryCnt == 0) { - mangle_BytesOverwrite(run, printable); - return; - } - size_t off = mangle_getOffSet(run); - uint64_t choice = util_rndGet(0, run->global->mutate.dictionaryCnt - 1); - mangle_Overwrite(run, off, run->global->mutate.dictionary[choice].val, - run->global->mutate.dictionary[choice].len, printable); + mangle_UseValue(run, mangleMagicVals[choice].val, mangleMagicVals[choice].size, printable); } -static void mangle_DictionaryInsert(run_t* run, bool printable) { +static void mangle_StaticDict(run_t* run, bool printable) { if (run->global->mutate.dictionaryCnt == 0) { - mangle_BytesInsert(run, printable); + mangle_Bytes(run, printable); return; } uint64_t choice = util_rndGet(0, run->global->mutate.dictionaryCnt - 1); - size_t off = mangle_getOffSet(run); - mangle_Insert(run, off, run->global->mutate.dictionary[choice].val, + mangle_UseValue(run, run->global->mutate.dictionary[choice].val, run->global->mutate.dictionary[choice].len, printable); } @@ -535,26 +512,14 @@ static inline const uint8_t* mangle_FeedbackDict(run_t* run, size_t* len) { return cmpf->valArr[choice].val; } -static void mangle_ConstFeedbackInsert(run_t* run, bool printable) { - size_t len; - const uint8_t* val = mangle_FeedbackDict(run, &len); - if (val == NULL) { - mangle_BytesInsert(run, printable); - return; - } - size_t off = mangle_getOffSet(run); - mangle_Insert(run, off, val, len, printable); -} - -static void mangle_ConstFeedbackOverwrite(run_t* run, bool printable) { +static void mangle_ConstFeedbackDict(run_t* run, bool printable) { size_t len; const uint8_t* val = mangle_FeedbackDict(run, &len); if (val == NULL) { - mangle_BytesOverwrite(run, printable); + mangle_Bytes(run, printable); return; } - size_t off = mangle_getOffSet(run); - mangle_Overwrite(run, off, val, len, printable); + mangle_UseValue(run, val, len, printable); } static void mangle_MemSet(run_t* run, bool printable) { @@ -735,24 +700,13 @@ static void mangle_Shrink(run_t* run, bool printable HF_ATTR_UNUSED) { mangle_Move(run, off_end, off_start, len_to_move); input_setSize(run, run->dynfile->size - len); } -static void mangle_ASCIINumOverwrite(run_t* run, bool printable) { - size_t off = mangle_getOffSet(run); - size_t len = util_rndGet(2, 8); - - char buf[20]; - snprintf(buf, sizeof(buf), "%-19" PRId64, (int64_t)util_rnd64()); - - mangle_Overwrite(run, off, (const uint8_t*)buf, len, printable); -} - -static void mangle_ASCIINumInsert(run_t* run, bool printable) { - size_t off = mangle_getOffSet(run); +static void mangle_ASCIINum(run_t* run, bool printable) { size_t len = util_rndGet(2, 8); char buf[20]; snprintf(buf, sizeof(buf), "%-19" PRId64, (int64_t)util_rnd64()); - mangle_Insert(run, off, (const uint8_t*)buf, len, printable); + mangle_UseValue(run, (const uint8_t*)buf, len, printable); } static void mangle_ASCIINumChange(run_t* run, bool printable) { @@ -765,7 +719,7 @@ static void mangle_ASCIINumChange(run_t* run, bool printable) { } } if (off == run->dynfile->size) { - return mangle_BytesOverwrite(run, printable); + return mangle_Bytes(run, printable); } size_t len = HF_MIN(20, run->dynfile->size - off); @@ -800,46 +754,17 @@ static void mangle_ASCIINumChange(run_t* run, bool printable) { mangle_Overwrite(run, off, (const uint8_t*)numbuf, len, printable); } -static void mangle_SpliceOverwrite(run_t* run, bool printable) { +static void mangle_Splice(run_t* run, bool printable) { const uint8_t* buf; size_t sz = input_getRandomInputAsBuf(run, &buf); if (!sz) { - mangle_BytesOverwrite(run, printable); + mangle_Bytes(run, printable); return; } size_t remoteOff = mangle_getLen(sz) - 1; - size_t localOff = mangle_getOffSet(run); - size_t len = mangle_getLen(sz - remoteOff); - mangle_Overwrite(run, localOff, &buf[remoteOff], len, printable); -} - -static void mangle_SpliceInsert(run_t* run, bool printable) { - const uint8_t* buf; - size_t sz = input_getRandomInputAsBuf(run, &buf); - if (!sz) { - mangle_BytesInsert(run, printable); - return; - } - - size_t remoteOff = mangle_getLen(sz) - 1; - size_t localOff = mangle_getOffSet(run); - size_t len = mangle_getLen(sz - remoteOff); - mangle_Insert(run, localOff, &buf[remoteOff], len, printable); -} - -static void mangle_SpliceAppend(run_t* run, bool printable) { - const uint8_t* buf; - size_t sz = input_getRandomInputAsBuf(run, &buf); - if (!sz) { - mangle_BytesInsert(run, printable); - return; - } - - size_t remoteOff = mangle_getLen(sz) - 1; - size_t localOff = run->dynfile->size; size_t len = mangle_getLen(sz - remoteOff); - mangle_Insert(run, localOff, &buf[remoteOff], len, printable); + mangle_UseValue(run, &buf[remoteOff], len, printable); } static void mangle_Resize(run_t* run, bool printable) { @@ -900,26 +825,18 @@ void mangle_mangleContent(run_t* run, int speed_factor) { mangle_AddSub, mangle_MemSet, mangle_MemSwap, - mangle_MemCopyOverwrite, - mangle_MemCopyInsert, - mangle_BytesOverwrite, - mangle_BytesInsert, - mangle_ASCIINumOverwrite, - mangle_ASCIINumInsert, + mangle_MemCopy, + mangle_Bytes, + mangle_ASCIINum, mangle_ASCIINumChange, mangle_ByteRepeatOverwrite, mangle_ByteRepeatInsert, - mangle_MagicOverwrite, - mangle_MagicInsert, - mangle_DictionaryOverwrite, - mangle_DictionaryInsert, - mangle_ConstFeedbackOverwrite, - mangle_ConstFeedbackInsert, + mangle_Magic, + mangle_StaticDict, + mangle_ConstFeedbackDict, mangle_RandomOverwrite, mangle_RandomInsert, - mangle_SpliceOverwrite, - mangle_SpliceInsert, - mangle_SpliceAppend, + mangle_Splice, }; if (run->mutationsPerRun == 0U) { @@ -941,19 +858,9 @@ void mangle_mangleContent(run_t* run, int speed_factor) { } /* If last coverage acquisition was mroe than 5 secs ago, use splicing more frequently */ - if ((util_timeNowUSecs() - ATOMIC_GET(run->global->timing.lastCovUpdate)) > 5000000) { - switch (util_rnd64() % 6) { - case 0: - mangle_SpliceOverwrite(run, run->global->cfg.only_printable); - break; - case 1: - mangle_SpliceInsert(run, run->global->cfg.only_printable); - break; - case 2: - mangle_SpliceAppend(run, run->global->cfg.only_printable); - break; - default: - break; + if ((time(NULL) - ATOMIC_GET(run->global->timing.lastCovUpdate)) > 5) { + if (util_rnd64() % 2) { + mangle_Splice(run, run->global->cfg.only_printable); } } -- cgit v1.2.3 From 1a25b3d8f4efbf1c89a4fbb9af94164f340d4d00 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 2 Apr 2020 17:33:30 +0200 Subject: libhfuzz: add performance monitoring module --- Makefile | 3 +++ libhfuzz/performance.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ libhfuzz/performance.h | 29 +++++++++++++++++++++++++++++ libhfuzz/persistent.c | 4 ++++ 4 files changed, 85 insertions(+) create mode 100644 libhfuzz/performance.c create mode 100644 libhfuzz/performance.h diff --git a/Makefile b/Makefile index ce2c757d..37050c38 100644 --- a/Makefile +++ b/Makefile @@ -429,10 +429,13 @@ libhfuzz/linux.o: libhfcommon/common.h libhfcommon/log.h libhfcommon/ns.h libhfuzz/linux.o: libhfuzz/libhfuzz.h libhfuzz/memorycmp.o: libhfcommon/common.h libhfcommon/util.h libhfuzz/memorycmp.o: libhfuzz/instrument.h +libhfuzz/performance.o: libhfuzz/performance.h honggfuzz.h libhfcommon/util.h +libhfuzz/performance.o: libhfcommon/log.h libhfuzz/persistent.o: honggfuzz.h libhfcommon/util.h libhfcommon/common.h libhfuzz/persistent.o: libhfcommon/files.h libhfcommon/common.h libhfuzz/persistent.o: libhfcommon/log.h libhfuzz/fetch.h libhfuzz/persistent.o: libhfuzz/instrument.h libhfuzz/libhfuzz.h +libhfuzz/persistent.o: libhfuzz/performance.h linux/arch.o: arch.h honggfuzz.h libhfcommon/util.h fuzz.h linux/arch.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h linux/arch.o: libhfcommon/log.h libhfcommon/ns.h linux/perf.h linux/trace.h diff --git a/libhfuzz/performance.c b/libhfuzz/performance.c new file mode 100644 index 00000000..5a4172ed --- /dev/null +++ b/libhfuzz/performance.c @@ -0,0 +1,49 @@ +#include "libhfuzz/performance.h" + +#include +#include +#include +#include +#include +#include + +#include "honggfuzz.h" +#include "libhfcommon/log.h" +#include "libhfcommon/util.h" + +#define HF_USEC_PER_SEC 1000000 +#define HF_CHECK_INTERVAL (HF_USEC_PER_SEC * 20) /* Peform check every 20 sec. */ + +static uint64_t iterCnt = 0; +static time_t firstInputUSecs = 0; +static uint64_t first1000USecsPerExec = 0; +static uint64_t lastCheckUSecs = 0; +static uint64_t lastCheckIters = 0; + +void performanceCheck(void) { + iterCnt += 1; + if (iterCnt == 1) { + firstInputUSecs = util_timeNowUSecs(); + } + if (iterCnt == 1000) { + first1000USecsPerExec = (util_timeNowUSecs() - firstInputUSecs) / 1000; + lastCheckUSecs = util_timeNowUSecs(); + lastCheckIters = 0; + } + if (iterCnt <= 1000) { + return; + } + + if ((util_timeNowUSecs() - lastCheckUSecs) > HF_CHECK_INTERVAL) { + uint64_t currentUSecsPerExec = + (util_timeNowUSecs() - lastCheckUSecs) / (iterCnt - lastCheckIters); + if (currentUSecsPerExec > (first1000USecsPerExec * 5)) { + LOG_W("PID %d became to slow, initial USecsPerExec:%" PRIu64 + " us. current: %" PRIu64 " us. Restaring!", + getpid(), first1000USecsPerExec, currentUSecsPerExec); + exit(0); + } + lastCheckIters = iterCnt; + lastCheckUSecs = util_timeNowUSecs(); + } +} diff --git a/libhfuzz/performance.h b/libhfuzz/performance.h new file mode 100644 index 00000000..00b27000 --- /dev/null +++ b/libhfuzz/performance.h @@ -0,0 +1,29 @@ +/* + * + * honggfuzz - assessing performance + * ----------------------------------------- + * + * Author: Robert Swiecki + * + * Copyright 2020 by Google Inc. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. You may obtain + * a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. See the License for the specific language governing + * permissions and limitations under the License. + * + */ + +#ifndef _HF_LIBHFUZZ_PERFORMANCE_H_ +#define _HF_LIBHFUZZ_PERFORMANCE_H_ + +extern void performanceCheck(void); + +#endif /* ifdef _HF_LIBHFUZZ_PERFORMANCE_H_ */ diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c index 05a3c8b8..79593c27 100644 --- a/libhfuzz/persistent.c +++ b/libhfuzz/persistent.c @@ -20,6 +20,7 @@ #include "libhfuzz/fetch.h" #include "libhfuzz/instrument.h" #include "libhfuzz/libhfuzz.h" +#include "libhfuzz/performance.h" __attribute__((weak)) int LLVMFuzzerInitialize( int* argc HF_ATTR_UNUSED, char*** argv HF_ATTR_UNUSED) { @@ -73,6 +74,9 @@ static void HonggfuzzPersistentLoop(void) { size_t len; const uint8_t* buf; + /* Check whether the current benchmark is fast enough, or maybe we should restart it */ + performanceCheck(); + HonggfuzzFetchData(&buf, &len); HonggfuzzRunOneInput(buf, len); } -- cgit v1.2.3 From 06e63e3f79dda264711e0ba380bf32511239d60e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 3 Apr 2020 22:56:21 +0200 Subject: libhfuzz/performance: don't allow for usec_per_exec to drop to 0 --- libhfuzz/performance.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libhfuzz/performance.c b/libhfuzz/performance.c index 5a4172ed..32309f63 100644 --- a/libhfuzz/performance.c +++ b/libhfuzz/performance.c @@ -27,6 +27,9 @@ void performanceCheck(void) { } if (iterCnt == 1000) { first1000USecsPerExec = (util_timeNowUSecs() - firstInputUSecs) / 1000; + if (first1000USecsPerExec == 0) { + first1000USecsPerExec = 1; + } lastCheckUSecs = util_timeNowUSecs(); lastCheckIters = 0; } @@ -38,8 +41,8 @@ void performanceCheck(void) { uint64_t currentUSecsPerExec = (util_timeNowUSecs() - lastCheckUSecs) / (iterCnt - lastCheckIters); if (currentUSecsPerExec > (first1000USecsPerExec * 5)) { - LOG_W("PID %d became to slow, initial USecsPerExec:%" PRIu64 - " us. current: %" PRIu64 " us. Restaring!", + LOG_W("pid=%d became to slow, initially: %" PRIu64 " us/exec, now: %" PRIu64 + " us/exec. Restaring!", getpid(), first1000USecsPerExec, currentUSecsPerExec); exit(0); } -- cgit v1.2.3 From 8d44e62d8d5ea843c15c44bf3d401e6030c66a89 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 4 Apr 2020 00:15:51 +0200 Subject: mangle: remove HF_MIN(HF_MAX_LEN_BLOCK, ) as it doesn't work well for zlib --- mangle.c | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/mangle.c b/mangle.c index c234b510..e63abd06 100644 --- a/mangle.c +++ b/mangle.c @@ -40,9 +40,6 @@ #include "libhfcommon/log.h" #include "libhfcommon/util.h" -/* Maximum reasonable block size for many types of mutations (but not for all) */ -#define HF_MAX_LEN_BLOCK 512U - static inline size_t mangle_LenLeft(run_t* run, size_t off) { if (off >= run->dynfile->size) { LOG_F("Offset is too large: off:%zu >= len:%zu", off, run->dynfile->size); @@ -171,21 +168,28 @@ static void mangle_MemSwap(run_t* run, bool printable HF_ATTR_UNUSED) { size_t maxlen2 = run->dynfile->size - off2; size_t len = mangle_getLen(HF_MIN(maxlen1, maxlen2)); - uint8_t* tmp = (uint8_t*)util_Malloc(len); + uint8_t* tmpbuf = (uint8_t*)util_Malloc(len); defer { - free(tmp); + free(tmpbuf); }; - memcpy(tmp, &run->dynfile->data[off1], len); + memcpy(tmpbuf, &run->dynfile->data[off1], len); memmove(&run->dynfile->data[off1], &run->dynfile->data[off2], len); - memcpy(&run->dynfile->data[off2], tmp, len); + memcpy(&run->dynfile->data[off2], tmpbuf, len); } static void mangle_MemCopy(run_t* run, bool printable HF_ATTR_UNUSED) { - size_t off_from = mangle_getOffSet(run); - size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, run->dynfile->size - off_from)); + size_t off = mangle_getOffSet(run); + size_t len = mangle_getLen(run->dynfile->size - off); + + /* Use a temp buf, as Insert/Inflate can change source bytes */ + uint8_t* tmpbuf = (uint8_t*)util_Malloc(len); + defer { + free(tmpbuf); + }; + memcpy(tmpbuf, &run->dynfile->data[off], len); - mangle_UseValue(run, &run->dynfile->data[off_from], len, printable); + mangle_UseValue(run, tmpbuf, len, printable); } static void mangle_Bytes(run_t* run, bool printable) { @@ -212,7 +216,7 @@ static void mangle_ByteRepeatOverwrite(run_t* run, bool printable) { return; } - size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, maxSz)); + size_t len = mangle_getLen(maxSz); memset(&run->dynfile->data[destOff], run->dynfile->data[off], len); } @@ -227,7 +231,7 @@ static void mangle_ByteRepeatInsert(run_t* run, bool printable) { return; } - size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, maxSz)); + size_t len = mangle_getLen(maxSz); len = mangle_Inflate(run, destOff, len, printable); memset(&run->dynfile->data[destOff], run->dynfile->data[off], len); } @@ -524,7 +528,7 @@ static void mangle_ConstFeedbackDict(run_t* run, bool printable) { static void mangle_MemSet(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, run->dynfile->size - off)); + size_t len = mangle_getLen(run->dynfile->size - off); int val = printable ? (int)util_rndPrintable() : (int)util_rndGet(0, UINT8_MAX); memset(&run->dynfile->data[off], val, len); @@ -532,7 +536,7 @@ static void mangle_MemSet(run_t* run, bool printable) { static void mangle_RandomOverwrite(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, run->dynfile->size - off)); + size_t len = mangle_getLen(run->dynfile->size - off); if (printable) { util_rndBufPrintable(&run->dynfile->data[off], len); } else { @@ -542,7 +546,7 @@ static void mangle_RandomOverwrite(run_t* run, bool printable) { static void mangle_RandomInsert(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); - size_t len = mangle_getLen(HF_MIN(HF_MAX_LEN_BLOCK, run->dynfile->size - off)); + size_t len = mangle_getLen(run->dynfile->size - off); len = mangle_Inflate(run, off, len, printable); -- cgit v1.2.3 From da1fe891a899615be969d962a2a1d292dbfaa1f1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 4 Apr 2020 01:37:46 +0200 Subject: libhfuzz/performance: split the main function into smaller ones --- libhfuzz/performance.c | 60 ++++++++++++++++++++++++++++++++------------------ 1 file changed, 39 insertions(+), 21 deletions(-) diff --git a/libhfuzz/performance.c b/libhfuzz/performance.c index 32309f63..0d367b69 100644 --- a/libhfuzz/performance.c +++ b/libhfuzz/performance.c @@ -12,41 +12,59 @@ #include "libhfcommon/util.h" #define HF_USEC_PER_SEC 1000000 -#define HF_CHECK_INTERVAL (HF_USEC_PER_SEC * 20) /* Peform check every 20 sec. */ +#define HF_CHECK_INTERVAL_USECS (HF_USEC_PER_SEC * 20) /* Peform check every 20 sec. */ static uint64_t iterCnt = 0; static time_t firstInputUSecs = 0; -static uint64_t first1000USecsPerExec = 0; + +static uint64_t initialUSecsPerExec = 0; + static uint64_t lastCheckUSecs = 0; static uint64_t lastCheckIters = 0; -void performanceCheck(void) { - iterCnt += 1; +static bool performanceInit(void) { if (iterCnt == 1) { firstInputUSecs = util_timeNowUSecs(); } - if (iterCnt == 1000) { - first1000USecsPerExec = (util_timeNowUSecs() - firstInputUSecs) / 1000; - if (first1000USecsPerExec == 0) { - first1000USecsPerExec = 1; - } + + uint64_t timeDiffUSecs = util_timeNowUSecs() - firstInputUSecs; + if (iterCnt == 5000 || timeDiffUSecs > HF_CHECK_INTERVAL_USECS) { + initialUSecsPerExec = timeDiffUSecs / iterCnt; lastCheckUSecs = util_timeNowUSecs(); - lastCheckIters = 0; - } - if (iterCnt <= 1000) { - return; + lastCheckIters = iterCnt; + return true; } - if ((util_timeNowUSecs() - lastCheckUSecs) > HF_CHECK_INTERVAL) { - uint64_t currentUSecsPerExec = - (util_timeNowUSecs() - lastCheckUSecs) / (iterCnt - lastCheckIters); - if (currentUSecsPerExec > (first1000USecsPerExec * 5)) { - LOG_W("pid=%d became to slow, initially: %" PRIu64 " us/exec, now: %" PRIu64 - " us/exec. Restaring!", - getpid(), first1000USecsPerExec, currentUSecsPerExec); - exit(0); + return false; +} + +bool performanceTooSlow(void) { + uint64_t timeDiffUSecs = util_timeNowUSecs() - lastCheckUSecs; + if (timeDiffUSecs > HF_CHECK_INTERVAL_USECS) { + uint64_t currentUSecsPerExec = timeDiffUSecs / (iterCnt - lastCheckIters); + if (currentUSecsPerExec > (initialUSecsPerExec * 5)) { + LOG_W("pid=%d became too slow to process fuzzing data, initial: %" PRIu64 + " us/exec, current: %" PRIu64 " us/exec. Restaring myself!", + getpid(), initialUSecsPerExec, currentUSecsPerExec); + return true; } lastCheckIters = iterCnt; lastCheckUSecs = util_timeNowUSecs(); } + + return false; +} + +void performanceCheck(void) { + iterCnt += 1; + + static bool initialized = false; + if (!initialized) { + initialized = performanceInit(); + return; + } + + if (performanceTooSlow()) { + exit(0); + } } -- cgit v1.2.3 From cdc1e13a2cb975b7c2801ecb16ba873955d66656 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 4 Apr 2020 08:44:43 +0200 Subject: libhfuzz/performance: lower the reset ratio from 5 to 10 --- libhfuzz/performance.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libhfuzz/performance.c b/libhfuzz/performance.c index 0d367b69..32b58fea 100644 --- a/libhfuzz/performance.c +++ b/libhfuzz/performance.c @@ -13,6 +13,7 @@ #define HF_USEC_PER_SEC 1000000 #define HF_CHECK_INTERVAL_USECS (HF_USEC_PER_SEC * 20) /* Peform check every 20 sec. */ +#define HF_RESET_RATIO 10 /* Reset if currently n times slower that at the beginning */ static uint64_t iterCnt = 0; static time_t firstInputUSecs = 0; @@ -42,10 +43,10 @@ bool performanceTooSlow(void) { uint64_t timeDiffUSecs = util_timeNowUSecs() - lastCheckUSecs; if (timeDiffUSecs > HF_CHECK_INTERVAL_USECS) { uint64_t currentUSecsPerExec = timeDiffUSecs / (iterCnt - lastCheckIters); - if (currentUSecsPerExec > (initialUSecsPerExec * 5)) { + if (currentUSecsPerExec > (initialUSecsPerExec * HF_RESET_RATIO)) { LOG_W("pid=%d became too slow to process fuzzing data, initial: %" PRIu64 - " us/exec, current: %" PRIu64 " us/exec. Restaring myself!", - getpid(), initialUSecsPerExec, currentUSecsPerExec); + " us/exec, current: %" PRIu64 " us/exec (reset ratio: %d). Restaring myself!", + getpid(), initialUSecsPerExec, currentUSecsPerExec, HF_RESET_RATIO); return true; } lastCheckIters = iterCnt; -- cgit v1.2.3 From d433282fb32e143e80eb666a4a7257e88798aa90 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 4 Apr 2020 08:56:44 +0200 Subject: libhfuzz/performance: print my_thread_no with debug messaging --- Makefile | 2 +- libhfuzz/instrument.c | 4 ++++ libhfuzz/instrument.h | 17 +++++++++-------- libhfuzz/performance.c | 10 +++++++--- 4 files changed, 21 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index 37050c38..a3eb13f4 100644 --- a/Makefile +++ b/Makefile @@ -430,7 +430,7 @@ libhfuzz/linux.o: libhfuzz/libhfuzz.h libhfuzz/memorycmp.o: libhfcommon/common.h libhfcommon/util.h libhfuzz/memorycmp.o: libhfuzz/instrument.h libhfuzz/performance.o: libhfuzz/performance.h honggfuzz.h libhfcommon/util.h -libhfuzz/performance.o: libhfcommon/log.h +libhfuzz/performance.o: libhfcommon/log.h libhfuzz/instrument.h libhfuzz/persistent.o: honggfuzz.h libhfcommon/util.h libhfcommon/common.h libhfuzz/persistent.o: libhfcommon/files.h libhfcommon/common.h libhfuzz/persistent.o: libhfcommon/log.h libhfuzz/fetch.h diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 260c4dbb..dfb42878 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -675,6 +675,10 @@ void __sanitizer_cov_pcs_init( const uintptr_t* pcs_beg HF_ATTR_UNUSED, const uintptr_t* pcs_end HF_ATTR_UNUSED) { } +unsigned instrumentThreadNo(void) { + return my_thread_no; +} + /* For some reason -fsanitize=fuzzer-no-link references this symbol */ __attribute__((tls_model("initial-exec"))) __attribute__((weak)) __thread uintptr_t __sancov_lowest_stack = 0; diff --git a/libhfuzz/instrument.h b/libhfuzz/instrument.h index 08f84e55..501b6bfc 100644 --- a/libhfuzz/instrument.h +++ b/libhfuzz/instrument.h @@ -29,13 +29,14 @@ #include /* Returns true if the new value is better */ -void instrument8BitCountersCount(void); -void instrument8BitCountersClear(void); -bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v); -void instrumentClearNewCov(); -void instrumentAddConstMem(const void* m, size_t len, bool check_if_ro); -void instrumentAddConstStr(const char* s); -void instrumentAddConstStrN(const char* s, size_t n); -bool instrumentConstAvail(); +extern void instrument8BitCountersCount(void); +extern void instrument8BitCountersClear(void); +extern unsigned instrumentThreadNo(void); +extern bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v); +extern void instrumentClearNewCov(); +extern void instrumentAddConstMem(const void* m, size_t len, bool check_if_ro); +extern void instrumentAddConstStr(const char* s); +extern void instrumentAddConstStrN(const char* s, size_t n); +extern bool instrumentConstAvail(); #endif /* ifdef _HF_LIBHFUZZ_INSTRUMENT_H_ */ diff --git a/libhfuzz/performance.c b/libhfuzz/performance.c index 32b58fea..97093efb 100644 --- a/libhfuzz/performance.c +++ b/libhfuzz/performance.c @@ -10,6 +10,7 @@ #include "honggfuzz.h" #include "libhfcommon/log.h" #include "libhfcommon/util.h" +#include "libhfuzz/instrument.h" #define HF_USEC_PER_SEC 1000000 #define HF_CHECK_INTERVAL_USECS (HF_USEC_PER_SEC * 20) /* Peform check every 20 sec. */ @@ -33,6 +34,9 @@ static bool performanceInit(void) { initialUSecsPerExec = timeDiffUSecs / iterCnt; lastCheckUSecs = util_timeNowUSecs(); lastCheckIters = iterCnt; + + LOG_I("Thread %u (pid=%d) initial speed set at %" PRIu64 " us/sec", instrumentThreadNo(), + (int)getpid(), initialUSecsPerExec); return true; } @@ -44,9 +48,9 @@ bool performanceTooSlow(void) { if (timeDiffUSecs > HF_CHECK_INTERVAL_USECS) { uint64_t currentUSecsPerExec = timeDiffUSecs / (iterCnt - lastCheckIters); if (currentUSecsPerExec > (initialUSecsPerExec * HF_RESET_RATIO)) { - LOG_W("pid=%d became too slow to process fuzzing data, initial: %" PRIu64 - " us/exec, current: %" PRIu64 " us/exec (reset ratio: %d). Restaring myself!", - getpid(), initialUSecsPerExec, currentUSecsPerExec, HF_RESET_RATIO); + LOG_W("Thread %u (pid=%d) became too slow to process fuzzing data, initial: %" PRIu64 + " us/exec, current: %" PRIu64 " us/exec. Restaring myself!", + instrumentThreadNo(), (int)getpid(), initialUSecsPerExec, currentUSecsPerExec); return true; } lastCheckIters = iterCnt; -- cgit v1.2.3 From 63047939af6fb64d934a48e9810742aa902b1e00 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 4 Apr 2020 09:00:23 +0200 Subject: libhfuzz/performance: typo == -> = --- libhfuzz/instrument.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index dfb42878..dc0b2be0 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -86,7 +86,7 @@ static void initializeCmpFeedback(void) { void* ret = mmap(NULL, sizeof(cmpfeedback_t), PROT_READ | PROT_WRITE, mflags, _HF_CMP_BITMAP_FD, 0); if (ret == MAP_FAILED) { - PLOG_W("mmap(_HF_CMP_BITMAP_FD==%d, size=%zu) of the feedback structure failed", + PLOG_W("mmap(_HF_CMP_BITMAP_FD=%d, size=%zu) of the feedback structure failed", _HF_CMP_BITMAP_FD, sizeof(cmpfeedback_t)); return; } -- cgit v1.2.3 From ad2603ee61aa944510d973f0ab5145adc7442e71 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 4 Apr 2020 17:08:18 +0200 Subject: mangle: remove explicit Append as it inflates files too much --- mangle.c | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/mangle.c b/mangle.c index e63abd06..7df536fa 100644 --- a/mangle.c +++ b/mangle.c @@ -82,6 +82,11 @@ static inline size_t mangle_getOffSet(run_t* run) { return mangle_getLen(run->dynfile->size) - 1; } +/* Offset which can be equal to the file size */ +static inline size_t mangle_getOffSetPlus1(run_t* run) { + return mangle_getLen(run->dynfile->size + 1) - 1; +} + static inline void mangle_Move(run_t* run, size_t off_from, size_t off_to, size_t len) { if (off_from >= run->dynfile->size) { return; @@ -141,22 +146,11 @@ static inline void mangle_Insert( mangle_Overwrite(run, off, val, len, printable); } -static inline void mangle_Append(run_t* run, const uint8_t* val, size_t len, bool printable) { - size_t localOff = run->dynfile->size; - mangle_Insert(run, localOff, val, len, printable); -} - static inline void mangle_UseValue(run_t* run, const uint8_t* val, size_t len, bool printable) { - switch (util_rnd64() % 3) { - case 0: - mangle_Insert(run, mangle_getOffSet(run), val, len, printable); - break; - case 1: - mangle_Overwrite(run, mangle_getOffSet(run), val, len, printable); - break; - case 2: - mangle_Append(run, val, len, printable); - break; + if (util_rnd64() % 2) { + mangle_Insert(run, mangle_getOffSetPlus1(run), val, len, printable); + } else { + mangle_Overwrite(run, mangle_getOffSet(run), val, len, printable); } } -- cgit v1.2.3 From 2c8e214230a164296c2a87f0b6b79a94eb13485b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 4 Apr 2020 19:22:53 +0200 Subject: libhfuzz/performance: typo \/sec -> \/exec --- libhfuzz/performance.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfuzz/performance.c b/libhfuzz/performance.c index 97093efb..d09fa6f9 100644 --- a/libhfuzz/performance.c +++ b/libhfuzz/performance.c @@ -35,7 +35,7 @@ static bool performanceInit(void) { lastCheckUSecs = util_timeNowUSecs(); lastCheckIters = iterCnt; - LOG_I("Thread %u (pid=%d) initial speed set at %" PRIu64 " us/sec", instrumentThreadNo(), + LOG_I("Thread %u (pid=%d) initial speed set at %" PRIu64 " us/exec", instrumentThreadNo(), (int)getpid(), initialUSecsPerExec); return true; } -- cgit v1.2.3 From 2ff8d89e27f69debb55bfc7a18a499c13d0d6284 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 4 Apr 2020 23:00:47 +0200 Subject: libhfuzz: clearing memory while it's cached is faster then with memset --- libhfuzz/instrument.c | 8 +------- libhfuzz/instrument.h | 1 - libhfuzz/persistent.c | 1 - 3 files changed, 1 insertion(+), 9 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index dc0b2be0..ae34d0d3 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -599,6 +599,7 @@ void instrument8BitCountersCount(void) { for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters) && hf8bitcounters[i].start; i++) { for (size_t j = 0; j < hf8bitcounters[i].cnt; j++) { const uint8_t v = hf8bitcounters[i].start[j]; + hf8bitcounters[i].start[j] = 0; if (!v) { continue; } @@ -644,13 +645,6 @@ void instrument8BitCountersCount(void) { wmb(); } -void instrument8BitCountersClear(void) { - for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters) && hf8bitcounters[i].start; i++) { - bzero(hf8bitcounters[i].start, hf8bitcounters[i].cnt); - } - wmb(); -} - void __sanitizer_cov_8bit_counters_init(char* start, char* end) { /* Make sure that the feedback struct is already mmap()'d */ hfuzzInstrumentInit(); diff --git a/libhfuzz/instrument.h b/libhfuzz/instrument.h index 501b6bfc..977d3a28 100644 --- a/libhfuzz/instrument.h +++ b/libhfuzz/instrument.h @@ -30,7 +30,6 @@ /* Returns true if the new value is better */ extern void instrument8BitCountersCount(void); -extern void instrument8BitCountersClear(void); extern unsigned instrumentThreadNo(void); extern bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v); extern void instrumentClearNewCov(); diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c index 79593c27..fb5f6488 100644 --- a/libhfuzz/persistent.c +++ b/libhfuzz/persistent.c @@ -60,7 +60,6 @@ void HF_ITER(const uint8_t** buf_ptr, size_t* len_ptr) { extern const char* const LIBHFUZZ_module_memorycmp; extern const char* const LIBHFUZZ_module_instrument; static void HonggfuzzRunOneInput(const uint8_t* buf, size_t len) { - instrument8BitCountersClear(); int ret = LLVMFuzzerTestOneInput(buf, len); if (ret != 0) { LOG_D("Dereferenced: %s, %s", LIBHFUZZ_module_memorycmp, LIBHFUZZ_module_instrument); -- cgit v1.2.3 From 30baf7ebb004e68b302d9f4b70ab294dcd5502bb Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 5 Apr 2020 14:39:36 +0200 Subject: libhfuzz+hfuzz-cc: add curl wrappers for str*cmp funcs --- hfuzz_cc/hfuzz-cc.c | 18 ++++++++++++------ libhfuzz/memorycmp.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 6 deletions(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index b0b152e8..91f6b7c8 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -413,19 +413,19 @@ static int ldMode(int argc, char** argv) { args[j++] = "-Wl,--wrap=bcmp"; args[j++] = "-Wl,--wrap=memmem"; args[j++] = "-Wl,--wrap=strcpy"; - /* Apache's httpd mem/str cmp functions */ + /* Apache httpd */ args[j++] = "-Wl,--wrap=ap_cstr_casecmp"; args[j++] = "-Wl,--wrap=ap_cstr_casecmpn"; args[j++] = "-Wl,--wrap=ap_strcasestr"; args[j++] = "-Wl,--wrap=apr_cstr_casecmp"; args[j++] = "-Wl,--wrap=apr_cstr_casecmpn"; - /* Frequently used time-constant *SSL functions */ + /* *SSL */ args[j++] = "-Wl,--wrap=CRYPTO_memcmp"; args[j++] = "-Wl,--wrap=OPENSSL_memcmp"; args[j++] = "-Wl,--wrap=OPENSSL_strcasecmp"; args[j++] = "-Wl,--wrap=OPENSSL_strncasecmp"; args[j++] = "-Wl,--wrap=memcmpct"; - /* Frequently used libXML2 functions */ + /* libXML2 */ args[j++] = "-Wl,--wrap=xmlStrncmp"; args[j++] = "-Wl,--wrap=xmlStrcmp"; args[j++] = "-Wl,--wrap=xmlStrEqual"; @@ -433,12 +433,12 @@ static int ldMode(int argc, char** argv) { args[j++] = "-Wl,--wrap=xmlStrncasecmp"; args[j++] = "-Wl,--wrap=xmlStrstr"; args[j++] = "-Wl,--wrap=xmlStrcasestr"; - /* Some Samba functions */ + /* Samba */ args[j++] = "-Wl,--wrap=memcmp_const_time"; args[j++] = "-Wl,--wrap=strcsequal"; - /* LittleCMS wrappers */ + /* LittleCMS */ args[j++] = "-Wl,--wrap=cmsstrcasecmp"; - /* GLib wrappers */ + /* GLib */ args[j++] = "-Wl,--wrap=g_strcmp0"; args[j++] = "-Wl,--wrap=g_strcasecmp"; args[j++] = "-Wl,--wrap=g_strncasecmp"; @@ -447,6 +447,12 @@ static int ldMode(int argc, char** argv) { args[j++] = "-Wl,--wrap=g_ascii_strncasecmp"; args[j++] = "-Wl,--wrap=g_str_has_prefix"; args[j++] = "-Wl,--wrap=g_str_has_suffix"; + /* CUrl */ + args[j++] = "-Wl,--wrap=Curl_strcasecompare"; + args[j++] = "-Wl,--wrap=curl_strequal"; + args[j++] = "-Wl,--wrap=Curl_safe_strcasecompare"; + args[j++] = "-Wl,--wrap=Curl_strncasecompare"; + args[j++] = "-Wl,--wrap=curl_strnequal"; #endif /* _HF_ARCH_DARWIN */ /* Pull modules defining the following symbols (if they exist) */ diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 6feb3562..1f5fc0e3 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -543,6 +543,57 @@ HF_WEAK_WRAP(bool, g_str_has_suffix, const char* str, const char* suffix) { HF_strcmp(str + str_len - suffix_len, suffix, (uintptr_t)__builtin_return_address(0)) == 0); } +/* CUrl wrappers */ +static int curl_toupper(int c) { + if (c >= 'a' && c <= 'z') { + return ('A' + c - 'a'); + } + return c; +} + +HF_WEAK_WRAP(int, Curl_strcasecompare, const char* first, const char* second) { + if (HF_strcasecmp(first, second, curl_toupper, (uintptr_t)__builtin_return_address(0)) == 0) { + return 1; + } + return 0; +} + +HF_WEAK_WRAP(int, curl_strequal, const char* first, const char* second) { + if (HF_strcasecmp(first, second, curl_toupper, (uintptr_t)__builtin_return_address(0)) == 0) { + return 1; + } + return 0; +} + +HF_WEAK_WRAP(int, Curl_safe_strcasecompare, const char* first, const char* second) { + if (!first && !second) { + return 1; + } + if (!first || !second) { + return 0; + } + if (HF_strcasecmp(first, second, curl_toupper, (uintptr_t)__builtin_return_address(0)) == 0) { + return 1; + } + return 0; +} + +HF_WEAK_WRAP(int, Curl_strncasecompare, const char* first, const char* second, size_t max) { + if (HF_strncasecmp(first, second, max, curl_toupper, instrumentConstAvail(), + (uintptr_t)__builtin_return_address(0)) == 0) { + return 1; + } + return 0; +} + +HF_WEAK_WRAP(int, curl_strnequal, const char* first, const char* second, size_t max) { + if (HF_strncasecmp(first, second, max, curl_toupper, instrumentConstAvail(), + (uintptr_t)__builtin_return_address(0)) == 0) { + return 1; + } + return 0; +} + /* C++ wrappers */ int _ZNSt11char_traitsIcE7compareEPKcS2_m(const char* s1, const char* s2, size_t count) { return HF_memcmp(s1, s2, count, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); -- cgit v1.2.3 From 01fcfc3359bb790016f3a6e37482334e33908237 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 5 Apr 2020 16:31:56 +0200 Subject: mangle: don't return void --- mangle.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mangle.c b/mangle.c index 7df536fa..7779541b 100644 --- a/mangle.c +++ b/mangle.c @@ -717,7 +717,8 @@ static void mangle_ASCIINumChange(run_t* run, bool printable) { } } if (off == run->dynfile->size) { - return mangle_Bytes(run, printable); + mangle_Bytes(run, printable); + return; } size_t len = HF_MIN(20, run->dynfile->size - off); -- cgit v1.2.3 From e0d47db4d0d775a3dc42120351a17c646b198beb Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 5 Apr 2020 17:10:03 +0200 Subject: libhfuzz/instrument: allow for more constdict values with cmp4 and with cmp8 --- libhfuzz/instrument.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index ae34d0d3..efe1d8fc 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -313,14 +313,14 @@ void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { /* Add 4byte values to the const_dictionary if they exist within the binary */ if (cmpFeedback && instrumentLimitEvery(4095)) { - if (Arg1 > 0xffff && Arg1 < 0xffff0000) { + if (Arg1 > 0xffff) { uint32_t bswp = __builtin_bswap32(Arg1); if (util_32bitValInBinary(Arg1) || util_32bitValInBinary(bswp)) { instrumentAddConstMemInternal(&Arg1, sizeof(Arg1)); instrumentAddConstMemInternal(&bswp, sizeof(bswp)); } } - if (Arg2 > 0xffff && Arg2 < 0xffff0000) { + if (Arg2 > 0xffff) { uint32_t bswp = __builtin_bswap32(Arg2); if (util_32bitValInBinary(Arg2) || util_32bitValInBinary(bswp)) { instrumentAddConstMemInternal(&Arg2, sizeof(Arg2)); @@ -335,14 +335,14 @@ void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { /* Add 8byte values to the const_dictionary if they exist within the binary */ if (cmpFeedback && instrumentLimitEvery(4095)) { - if (Arg1 > 0xffff && Arg1 < 0xffffffffffff0000) { + if (Arg1 > 0xffffff) { uint64_t bswp = __builtin_bswap64(Arg1); if (util_64bitValInBinary(Arg1) || util_64bitValInBinary(bswp)) { instrumentAddConstMemInternal(&Arg1, sizeof(Arg1)); instrumentAddConstMemInternal(&bswp, sizeof(bswp)); } } - if (Arg2 > 0xffff && Arg2 < 0xffffffffffff0000) { + if (Arg2 > 0xffffff) { uint64_t bswp = __builtin_bswap64(Arg2); if (util_64bitValInBinary(Arg2) || util_64bitValInBinary(bswp)) { instrumentAddConstMemInternal(&Arg2, sizeof(Arg2)); -- cgit v1.2.3 From 85b1f85bbeaaa14e3a6412861a98ad4bffcd17f6 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 5 Apr 2020 20:50:13 +0200 Subject: change perms of a *.o file to 0644 --- third_party/mac/CrashReport_Mountain_Lion.o | Bin 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 third_party/mac/CrashReport_Mountain_Lion.o diff --git a/third_party/mac/CrashReport_Mountain_Lion.o b/third_party/mac/CrashReport_Mountain_Lion.o old mode 100755 new mode 100644 -- cgit v1.2.3 From 8e76143f884cefd3054e352eccc09d550788dba0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 7 Apr 2020 17:31:59 +0200 Subject: mangle: limit mangle_getOffSetPlus1 to _HF_INPUT_MAX_SIZE --- mangle.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mangle.c b/mangle.c index 7779541b..0f367dff 100644 --- a/mangle.c +++ b/mangle.c @@ -84,7 +84,8 @@ static inline size_t mangle_getOffSet(run_t* run) { /* Offset which can be equal to the file size */ static inline size_t mangle_getOffSetPlus1(run_t* run) { - return mangle_getLen(run->dynfile->size + 1) - 1; + size_t reqlen = HF_MIN(run->dynfile->size + 1, _HF_INPUT_MAX_SIZE); + return mangle_getLen(reqlen) - 1; } static inline void mangle_Move(run_t* run, size_t off_from, size_t off_to, size_t len) { -- cgit v1.2.3 From 2751713e03e9733e01d84c4d31004e79c66e8ca9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 10 Apr 2020 16:49:36 +0200 Subject: Implement edge counting for PC-guards as well (in addition to 8-bit-counters) This is a fairly big change, which enabled edge counting for pc-guard (now, non-default) mode. --- fuzz.c | 26 +++++- honggfuzz.h | 3 + libhfcommon/files.c | 74 ++++++++------- libhfcommon/files.h | 5 +- libhfuzz/instrument.c | 249 ++++++++++++++++++++++++++++++-------------------- subproc.c | 7 ++ 6 files changed, 230 insertions(+), 134 deletions(-) diff --git a/fuzz.c b/fuzz.c index 8929e03e..52e88942 100644 --- a/fuzz.c +++ b/fuzz.c @@ -404,6 +404,11 @@ static void fuzz_fuzzLoop(run_t* run) { run->linux.hwCnts.bbCnt = 0; run->linux.hwCnts.newBBCnt = 0; + if (!files_resetFile(run->perThreadCovFeedbackFd, sizeof(feedback_t))) { + LOG_F("Couldn't reset the per-thread coverage file fd=%d sz=%zu", + run->perThreadCovFeedbackFd, sizeof(feedback_t)); + } + if (!fuzz_fetchInput(run)) { if (run->global->cfg.minimize && fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { fuzz_setTerminating(); @@ -481,7 +486,7 @@ static void fuzz_fuzzLoopSocket(run_t* run) { static void* fuzz_threadNew(void* arg) { honggfuzz_t* hfuzz = (honggfuzz_t*)arg; unsigned int fuzzNo = ATOMIC_POST_INC(hfuzz->threads.threadsActiveCnt); - LOG_I("Launched new fuzzing thread, no. #%" PRId32, fuzzNo); + LOG_I("Launched new fuzzing thread, no. #%u", fuzzNo); run_t run = { .global = hfuzz, @@ -493,10 +498,13 @@ static void* fuzz_threadNew(void* arg) { }; /* Do not try to handle input files with socketfuzzer */ + char mapname[32]; + snprintf(mapname, sizeof(mapname), "hf-%u-input", fuzzNo); if (!hfuzz->socketFuzzer.enabled) { if (!(run.dynfile->data = files_mapSharedMem(hfuzz->mutate.maxInputSz, &(run.dynfile->fd), - "hf-input", /* nocore= */ true, /* export= */ false))) { - LOG_F("Couldn't create an input file of size: %zu", hfuzz->mutate.maxInputSz); + mapname, /* nocore= */ true, /* exportmap= */ false))) { + LOG_F("Couldn't create an input file of size: %zu, name:'%s'", hfuzz->mutate.maxInputSz, + mapname); } } defer { @@ -505,6 +513,18 @@ static void* fuzz_threadNew(void* arg) { } }; + snprintf(mapname, sizeof(mapname), "hf-%u-perthreadmap", fuzzNo); + if ((run.perThreadCovFeedbackFd = files_createSharedMem(sizeof(feedback_t), mapname, + /* exportmap= */ run.global->io.exportFeedback)) == -1) { + LOG_F("files_createSharedMem(name='%s', sz=%zu, dir='%s') failed", mapname, + sizeof(feedback_t), run.global->io.workDir); + } + defer { + if (run.perThreadCovFeedbackFd != -1) { + close(run.perThreadCovFeedbackFd); + } + }; + if (!arch_archThreadInit(&run)) { LOG_F("Could not initialize the thread"); } diff --git a/honggfuzz.h b/honggfuzz.h index 3e5b9add..fd0b7c5e 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -76,6 +76,8 @@ /* Default maximum size of produced inputs */ #define _HF_INPUT_DEFAULT_SIZE (1024ULL * 8) +/* Per-thread bitmap */ +#define _HF_PERTHREAD_BITMAP_FD 1018 /* FD used to report back used int/str constants from the fuzzed process */ #define _HF_CMP_BITMAP_FD 1019 /* FD used to log inside the child process */ @@ -355,6 +357,7 @@ typedef struct { runState_t runState; bool tmOutSignaled; char* args[_HF_ARGS_MAX + 1]; + int perThreadCovFeedbackFd; #if !defined(_HF_ARCH_DARWIN) timer_t timerId; #endif // !defined(_HF_ARCH_DARWIN) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 6b97dac7..ba2a9dd6 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -29,6 +29,9 @@ #include #include #include +#if defined(_HF_ARCH_LINUX) +#include +#endif /* defined(_HF_ARCH_LINUX) */ #include #include #include @@ -210,6 +213,18 @@ const char* files_basename(const char* path) { return base ? base + 1 : path; } +bool files_resetFile(int fd, size_t sz) { + if (ftruncate(fd, (off_t)0) == -1) { + PLOG_W("ftruncate(fd=%d, sz=0)", fd); + return false; + } + if (ftruncate(fd, (off_t)sz) == -1) { + PLOG_W("ftruncate(fd=%d, sz=%zu)", fd, sz); + return false; + } + return true; +} + /* * Reads symbols from src file (one per line) and append them to filterList. The * total number of added symbols is returned. @@ -310,76 +325,71 @@ int files_getTmpMapFlags(int flag, bool nocore) { return flag; } -void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore, bool export) { - *fd = -1; +int files_createSharedMem(size_t sz, const char* name, bool exportmap) { + int fd = -1; - if (export) { + if (exportmap) { char path[PATH_MAX]; snprintf(path, sizeof(path), "./%s", name); - if ((*fd = open(path, O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, 0644)) == -1) { + if ((fd = open(path, O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, 0644)) == -1) { PLOG_W("open('%s')", path); - return NULL; + return -1; } } #if defined(_HF_ARCH_LINUX) - -#if !defined(MFD_CLOEXEC) /* sys/memfd.h is not always present */ -#define MFD_CLOEXEC 0x0001U -#endif /* !defined(MFD_CLOEXEC) */ - -#if !defined(__NR_memfd_create) -#if defined(__x86_64__) -#define __NR_memfd_create 319 -#endif /* defined(__x86_64__) */ -#endif /* !defined(__NR_memfd_create) */ - -#if defined(__NR_memfd_create) - if (*fd == -1) { - *fd = syscall(__NR_memfd_create, name, (uintptr_t)MFD_CLOEXEC); + if (fd == -1) { + fd = syscall(__NR_memfd_create, name, (uintptr_t)(MFD_CLOEXEC)); } -#endif /* defined__NR_memfd_create) */ - #endif /* defined(_HF_ARCH_LINUX) */ /* SHM_ANON is available with some *BSD OSes */ #if defined(SHM_ANON) - if (*fd == -1) { - if ((*fd = shm_open(SHM_ANON, O_RDWR | O_CLOEXEC, 0600)) == -1) { + if (fd == -1) { + if ((fd = shm_open(SHM_ANON, O_RDWR | O_CLOEXEC, 0600)) == -1) { PLOG_W("shm_open(SHM_ANON, O_RDWR|O_CLOEXEC, 0600)"); } } #endif /* defined(SHM_ANON) */ #if !defined(_HF_ARCH_DARWIN) && !defined(__ANDROID__) /* shm objects under MacOSX are 'a-typical' */ - if (*fd == -1) { + if (fd == -1) { char tmpname[PATH_MAX]; struct timeval tv; gettimeofday(&tv, NULL); snprintf(tmpname, sizeof(tmpname), "/%s%lx%lx%d", name, (unsigned long)tv.tv_sec, (unsigned long)tv.tv_usec, (int)getpid()); - if ((*fd = shm_open(tmpname, O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, 0600)) == -1) { + if ((fd = shm_open(tmpname, O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, 0600)) == -1) { PLOG_W("shm_open('%s', O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, 0600)", tmpname); } else { shm_unlink(tmpname); } } #endif /* !defined(_HF_ARCH_DARWIN) && !defined(__ANDROID__) */ - if (*fd == -1) { + if (fd == -1) { char template[PATH_MAX]; snprintf(template, sizeof(template), "/tmp/%s.XXXXXX", name); - if ((*fd = mkostemp(template, O_CLOEXEC)) == -1) { + if ((fd = mkostemp(template, O_CLOEXEC)) == -1) { PLOG_W("mkstemp('%s')", template); - return NULL; + return -1; } unlink(template); } - if (TEMP_FAILURE_RETRY(ftruncate(*fd, sz)) == -1) { - PLOG_W("ftruncate(%d, %zu)", *fd, sz); - close(*fd); - *fd = -1; + if (TEMP_FAILURE_RETRY(ftruncate(fd, sz)) == -1) { + PLOG_W("ftruncate(%d, %zu)", fd, sz); + close(fd); + return -1; + } + + return fd; +} + +void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore, bool exportmap) { + *fd = files_createSharedMem(sz, name, exportmap); + if (*fd == -1) { return NULL; } + int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); void* ret = mmap(NULL, sz, PROT_READ | PROT_WRITE, mflags, *fd, 0); if (ret == MAP_FAILED) { diff --git a/libhfcommon/files.h b/libhfcommon/files.h index f602eb28..21435c64 100644 --- a/libhfcommon/files.h +++ b/libhfcommon/files.h @@ -32,7 +32,6 @@ #include "common.h" extern ssize_t files_readFileToBufMax(const char* fname, uint8_t* buf, size_t fileMaxSz); - extern bool files_writeBufToFile(const char* fname, const uint8_t* buf, size_t fileSz, int flags); extern bool files_writeStrToFile(const char* fname, const char* str, int flags); extern int files_writeBufToTmpFile(const char* dir, const uint8_t* buf, size_t fileSz, int flags); @@ -45,13 +44,15 @@ extern bool files_writePatternToFd(int fd, off_t size, unsigned char p); extern bool files_sendToSocketNB(int fd, const uint8_t* buf, size_t fileSz); extern bool files_sendToSocket(int fd, const uint8_t* buf, size_t fileSz); extern sa_family_t files_sockFamily(int sock); +extern const char* files_sockAddrToStr(const struct sockaddr* sa, const socklen_t len); extern bool files_exists(const char* fname); extern const char* files_basename(const char* path); -extern const char* files_sockAddrToStr(const struct sockaddr* sa, const socklen_t len); +extern bool files_resetFile(int fd, size_t sz); extern uint8_t* files_mapFile(const char* fname, off_t* fileSz, int* fd, bool isWritable); extern int files_getTmpMapFlags(int flag, bool nocore); +extern int files_createSharedMem(size_t sz, const char* name, bool exportmap); extern void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore, bool export); extern size_t files_parseSymbolFilter(const char* inFIle, char*** filterList); diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index efe1d8fc..d1359d11 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -5,6 +5,9 @@ #include #include #include +#if defined(_HF_ARCH_LINUX) +#include +#endif /* defined(_HF_ARCH_LINUX) */ #include #include #include @@ -40,8 +43,9 @@ const char* const LIBHFUZZ_module_instrument = "LIBHFUZZ_module_instrument"; */ static feedback_t bbMapFb; -feedback_t* covFeedback = &bbMapFb; -cmpfeedback_t* cmpFeedback = NULL; +feedback_t* globalCovFeedback = &bbMapFb; +feedback_t* localCovFeedback = &bbMapFb; +cmpfeedback_t* globalCmpFeedback = NULL; uint32_t my_thread_no = 0; @@ -71,31 +75,49 @@ static void initializeLibcFunctions(void) { LOG_D("libc_memcmp at %p", libc_memcmp); } +static void* initialzeTryMapHugeTLB(int fd, size_t sz) { + int mflags = 0; + +#if defined(_HF_ARCH_LINUX) + /* + * Try to map the local structure using HugeTLB maps. It'll be way fatser later to clean it with + * { ftruncate(fd, 0); ftruncate(fd, size); } + */ + mflags = files_getTmpMapFlags(MAP_SHARED | MAP_HUGETLB, /* nocore= */ true); + void* ret = mmap(NULL, sz, PROT_READ | PROT_WRITE, mflags, fd, 0); + if (ret != MAP_FAILED) { + return ret; + } +#endif /* defined(_HF_ARCH_LINUX) */ + + mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); + return mmap(NULL, sz, PROT_READ | PROT_WRITE, mflags, fd, 0); +} + static void initializeCmpFeedback(void) { struct stat st; if (fstat(_HF_CMP_BITMAP_FD, &st) == -1) { return; } if (st.st_size != sizeof(cmpfeedback_t)) { - LOG_W("Size of the cmpFeedback structure mismatch: st.size != sizeof(cmpfeedback_t) (%zu " - "!= %zu). Link your fuzzed binaries with the newest honggfuzz and hfuzz-clang(++)", + LOG_W( + "Size of the globalCmpFeedback structure mismatch: st.size != sizeof(cmpfeedback_t) " + "(%zu != %zu). Link your fuzzed binaries with the newest honggfuzz and hfuzz-clang(++)", (size_t)st.st_size, sizeof(cmpfeedback_t)); return; } - int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); - void* ret = - mmap(NULL, sizeof(cmpfeedback_t), PROT_READ | PROT_WRITE, mflags, _HF_CMP_BITMAP_FD, 0); + void* ret = initialzeTryMapHugeTLB(_HF_CMP_BITMAP_FD, sizeof(cmpfeedback_t)); if (ret == MAP_FAILED) { PLOG_W("mmap(_HF_CMP_BITMAP_FD=%d, size=%zu) of the feedback structure failed", _HF_CMP_BITMAP_FD, sizeof(cmpfeedback_t)); return; } - ATOMIC_SET(cmpFeedback, ret); + ATOMIC_SET(globalCmpFeedback, ret); } -static bool initializeCovFeedback(void) { +static bool initializeLocalCovFeedback(void) { struct stat st; - if (fstat(_HF_COV_BITMAP_FD, &st) == -1) { + if (fstat(_HF_PERTHREAD_BITMAP_FD, &st) == -1) { return false; } if ((size_t)st.st_size < sizeof(feedback_t)) { @@ -104,9 +126,30 @@ static bool initializeCovFeedback(void) { (size_t)st.st_size, sizeof(feedback_t)); return false; } - int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); - if ((covFeedback = mmap(NULL, sizeof(feedback_t), PROT_READ | PROT_WRITE, mflags, - _HF_COV_BITMAP_FD, 0)) == MAP_FAILED) { + + localCovFeedback = initialzeTryMapHugeTLB(_HF_PERTHREAD_BITMAP_FD, sizeof(feedback_t)); + if (localCovFeedback == MAP_FAILED) { + PLOG_W("mmap(_HF_PERTHREAD_BITMAP_FD=%d, size=%zu) of the local feedback structure failed", + _HF_PERTHREAD_BITMAP_FD, sizeof(feedback_t)); + return false; + } + return true; +} + +static bool initializeGlobalCovFeedback(void) { + struct stat st; + if (fstat(_HF_COV_BITMAP_FD, &st) == -1) { + return false; + } + if ((size_t)st.st_size < sizeof(feedback_t)) { + LOG_W("Size of the feedback structure mismatch: st.size < sizeof(feedback_t) (%zu < %zu). " + "Build your honggfuzz binary from newer sources", + (size_t)st.st_size, sizeof(feedback_t)); + return false; + } + + globalCovFeedback = initialzeTryMapHugeTLB(_HF_COV_BITMAP_FD, sizeof(feedback_t)); + if (globalCovFeedback == MAP_FAILED) { PLOG_W("mmap(_HF_COV_BITMAP_FD=%d, size=%zu) of the feedback structure failed", _HF_COV_BITMAP_FD, sizeof(feedback_t)); return false; @@ -137,9 +180,13 @@ static void initializeInstrument(void) { my_thread_no, _HF_THREAD_MAX); } - if (!initializeCovFeedback()) { - covFeedback = &bbMapFb; - LOG_F("Could not intialize the coverage feedback map"); + if (!initializeGlobalCovFeedback()) { + globalCovFeedback = &bbMapFb; + LOG_F("Could not intialize the global coverage feedback map"); + } + if (!initializeLocalCovFeedback()) { + localCovFeedback = &bbMapFb; + LOG_F("Could not intialize the local coverage feedback map"); } initializeCmpFeedback(); @@ -165,8 +212,8 @@ __attribute__((weak)) size_t instrumentReserveGuard(size_t cnt) { LOG_F( "This process requested too many PC-guards, total:%zu, requested:%zu)", guardCnt, cnt); } - if (ATOMIC_GET(covFeedback->guardNb) < guardCnt) { - ATOMIC_SET(covFeedback->guardNb, guardCnt); + if (ATOMIC_GET(globalCovFeedback->guardNb) < guardCnt) { + ATOMIC_SET(globalCovFeedback->guardNb, guardCnt); wmb(); } return base; @@ -185,29 +232,29 @@ static inline void instrumentAddConstMemInternal(const void* mem, size_t len) { if (len == 0) { return; } - if (len > sizeof(cmpFeedback->valArr[0].val)) { - len = sizeof(cmpFeedback->valArr[0].val); + if (len > sizeof(globalCmpFeedback->valArr[0].val)) { + len = sizeof(globalCmpFeedback->valArr[0].val); } - uint32_t curroff = ATOMIC_GET(cmpFeedback->cnt); - if (curroff >= ARRAYSIZE(cmpFeedback->valArr)) { + uint32_t curroff = ATOMIC_GET(globalCmpFeedback->cnt); + if (curroff >= ARRAYSIZE(globalCmpFeedback->valArr)) { return; } for (uint32_t i = 0; i < curroff; i++) { - if ((len == ATOMIC_GET(cmpFeedback->valArr[i].len)) && - libc_memcmp(cmpFeedback->valArr[i].val, mem, len) == 0) { + if ((len == ATOMIC_GET(globalCmpFeedback->valArr[i].len)) && + libc_memcmp(globalCmpFeedback->valArr[i].val, mem, len) == 0) { return; } } - uint32_t newoff = ATOMIC_POST_INC(cmpFeedback->cnt); - if (newoff >= ARRAYSIZE(cmpFeedback->valArr)) { - ATOMIC_SET(cmpFeedback->cnt, ARRAYSIZE(cmpFeedback->valArr)); + uint32_t newoff = ATOMIC_POST_INC(globalCmpFeedback->cnt); + if (newoff >= ARRAYSIZE(globalCmpFeedback->valArr)) { + ATOMIC_SET(globalCmpFeedback->cnt, ARRAYSIZE(globalCmpFeedback->valArr)); return; } - memcpy(cmpFeedback->valArr[newoff].val, mem, len); - ATOMIC_SET(cmpFeedback->valArr[newoff].len, len); + memcpy(globalCmpFeedback->valArr[newoff].val, mem, len); + ATOMIC_SET(globalCmpFeedback->valArr[newoff].len, len); wmb(); } @@ -217,9 +264,9 @@ static inline void instrumentAddConstMemInternal(const void* mem, size_t len) { HF_REQUIRE_SSE42_POPCNT void __cyg_profile_func_enter(void* func, void* caller) { register size_t pos = (((uintptr_t)func << 12) | ((uintptr_t)caller & 0xFFF)) & _HF_PERF_BITMAP_BITSZ_MASK; - register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); + register bool prev = ATOMIC_BITMAP_SET(globalCovFeedback->bbMapPc, pos); if (!prev) { - ATOMIC_PRE_INC(covFeedback->pidNewPC[my_thread_no]); + ATOMIC_PRE_INC(globalCovFeedback->pidNewPC[my_thread_no]); wmb(); } } @@ -235,9 +282,9 @@ HF_REQUIRE_SSE42_POPCNT void __cyg_profile_func_exit( HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_pc_internal(uintptr_t pc) { register uintptr_t ret = pc & _HF_PERF_BITMAP_BITSZ_MASK; - register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, ret); + register bool prev = ATOMIC_BITMAP_SET(globalCovFeedback->bbMapPc, ret); if (!prev) { - ATOMIC_PRE_INC(covFeedback->pidNewPC[my_thread_no]); + ATOMIC_PRE_INC(globalCovFeedback->pidNewPC[my_thread_no]); wmb(); } } @@ -257,10 +304,10 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp1_internal( uintptr_t pc, uint8_t Arg1, uint8_t Arg2) { uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); - uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); + uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); + ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); } } @@ -269,10 +316,10 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp2_internal( uintptr_t pc, uint16_t Arg1, uint16_t Arg2) { uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); - uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); + uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); + ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); } } @@ -281,10 +328,10 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp4_internal( uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); - uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); + uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); + ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); } } @@ -293,10 +340,10 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp8_internal( uintptr_t pc, uint64_t Arg1, uint64_t Arg2) { uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcountll(Arg1 ^ Arg2)); - uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); + uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); + ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); } } @@ -312,7 +359,7 @@ void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { /* Add 4byte values to the const_dictionary if they exist within the binary */ - if (cmpFeedback && instrumentLimitEvery(4095)) { + if (globalCmpFeedback && instrumentLimitEvery(4095)) { if (Arg1 > 0xffff) { uint32_t bswp = __builtin_bswap32(Arg1); if (util_32bitValInBinary(Arg1) || util_32bitValInBinary(bswp)) { @@ -334,7 +381,7 @@ void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { /* Add 8byte values to the const_dictionary if they exist within the binary */ - if (cmpFeedback && instrumentLimitEvery(4095)) { + if (globalCmpFeedback && instrumentLimitEvery(4095)) { if (Arg1 > 0xffffff) { uint64_t bswp = __builtin_bswap64(Arg1); if (util_64bitValInBinary(Arg1) || util_64bitValInBinary(bswp)) { @@ -434,10 +481,10 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t for (uint64_t i = 0; i < Cases[0]; i++) { uintptr_t pos = ((uintptr_t)__builtin_return_address(0) + i) % _HF_PERF_BITMAP_SIZE_16M; uint8_t v = (uint8_t)Cases[1] - __builtin_popcountll(Val ^ Cases[i + 2]); - uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); + uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); + ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); } } @@ -460,10 +507,10 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmpd( HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div8(uint64_t Val) { uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; uint8_t v = ((sizeof(Val) * 8) - __builtin_popcountll(Val)); - uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); + uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); + ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); } } @@ -471,10 +518,10 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div8(uint64_t Val) { HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div4(uint32_t Val) { uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; uint8_t v = ((sizeof(Val) * 8) - __builtin_popcount(Val)); - uint8_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); + uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); + ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); } } @@ -487,9 +534,9 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_indir(uintptr_t callee) { register size_t pos2 = callee & 0xFFF; register size_t pos = (pos1 | pos2) & _HF_PERF_BITMAP_BITSZ_MASK; - register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); + register bool prev = ATOMIC_BITMAP_SET(globalCovFeedback->bbMapPc, pos); if (!prev) { - ATOMIC_PRE_INC(covFeedback->pidNewPC[my_thread_no]); + ATOMIC_PRE_INC(globalCovFeedback->pidNewPC[my_thread_no]); wmb(); } } @@ -504,9 +551,9 @@ __attribute__((weak)) HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_indir_call16( register size_t pos2 = (uintptr_t)callee & 0xFFF; register size_t pos = (pos1 | pos2) & _HF_PERF_BITMAP_BITSZ_MASK; - register bool prev = ATOMIC_BITMAP_SET(covFeedback->bbMapPc, pos); + register bool prev = ATOMIC_BITMAP_SET(globalCovFeedback->bbMapPc, pos); if (!prev) { - ATOMIC_PRE_INC(covFeedback->pidNewPC[my_thread_no]); + ATOMIC_PRE_INC(globalCovFeedback->pidNewPC[my_thread_no]); wmb(); } } @@ -536,11 +583,24 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start for (uint32_t* x = start; x < stop; x++) { uint32_t guardNo = instrumentReserveGuard(1); /* If the corresponding PC was already hit, map this specific guard as uninteresting (0) */ - *x = ATOMIC_GET(covFeedback->pcGuardMap[guardNo]) ? 0U : guardNo; + *x = ATOMIC_GET(globalCovFeedback->pcGuardMap[guardNo]) ? 0U : guardNo; wmb(); } } +/* Map number of visits to an edge into buckets */ +static uint8_t const instrumentCntMap[256] = { + [0] = 0, + [1] = 1U << 0, + [2] = 1U << 1, + [3] = 1U << 2, + [4 ... 5] = 1U << 3, + [6 ... 10] = 1U << 4, + [11 ... 32] = 1U << 5, + [33 ... 64] = 1U << 6, + [65 ... 255] = 1U << 7, +}; + HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { #if defined(__ANDROID__) // ANDROID: Bionic invokes routines that Honggfuzz wraps, before either @@ -570,10 +630,16 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { return; } #endif /* defined(__ANDROID__) */ - if (!ATOMIC_GET(covFeedback->pcGuardMap[*guard])) { - bool prev = ATOMIC_XCHG(covFeedback->pcGuardMap[*guard], true); - if (prev == false) { - ATOMIC_PRE_INC(covFeedback->pidNewEdge[my_thread_no]); + + uint8_t v = ++(localCovFeedback->pcGuardMap[*guard]); + const uint8_t newval = instrumentCntMap[v]; + + if (ATOMIC_GET(globalCovFeedback->pcGuardMap[*guard]) < newval) { + const uint8_t prevval = ATOMIC_POST_OR(globalCovFeedback->pcGuardMap[*guard], newval); + if (prevval == 0) { + ATOMIC_PRE_INC(globalCovFeedback->pidNewEdge[my_thread_no]); + } else if (prevval < newval) { + ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], newval); } wmb(); } @@ -589,9 +655,9 @@ static struct { void instrument8BitCountersCount(void) { rmb(); - ATOMIC_CLEAR(covFeedback->pidTotalPC[my_thread_no]); - ATOMIC_CLEAR(covFeedback->pidTotalEdge[my_thread_no]); - ATOMIC_CLEAR(covFeedback->pidTotalCmp[my_thread_no]); + ATOMIC_CLEAR(globalCovFeedback->pidTotalPC[my_thread_no]); + ATOMIC_CLEAR(globalCovFeedback->pidTotalEdge[my_thread_no]); + ATOMIC_CLEAR(globalCovFeedback->pidTotalCmp[my_thread_no]); uint64_t totalEdge = 0; uint64_t totalCmp = 0; @@ -604,28 +670,17 @@ void instrument8BitCountersCount(void) { continue; } - /* Map number of visits to an edge into buckets */ - static uint8_t const scaleMap[256] = { - [0] = 0, - [1] = 1U << 0, - [2] = 1U << 1, - [3] = 1U << 2, - [4 ... 5] = 1U << 3, - [6 ... 10] = 1U << 4, - [11 ... 32] = 1U << 5, - [33 ... 64] = 1U << 6, - [65 ... 255] = 1U << 7, - }; - const uint8_t newval = scaleMap[v]; + const uint8_t newval = instrumentCntMap[v]; const size_t guard = hf8bitcounters[i].guard + j; /* New hits */ - if (ATOMIC_GET(covFeedback->pcGuardMap[guard]) < newval) { - const uint8_t prevval = ATOMIC_POST_OR(covFeedback->pcGuardMap[guard], newval); + if (ATOMIC_GET(globalCovFeedback->pcGuardMap[guard]) < newval) { + const uint8_t prevval = + ATOMIC_POST_OR(globalCovFeedback->pcGuardMap[guard], newval); if (!prevval) { - ATOMIC_PRE_INC(covFeedback->pidNewEdge[my_thread_no]); + ATOMIC_PRE_INC(globalCovFeedback->pidNewEdge[my_thread_no]); } else if (prevval < newval) { - ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], newval); + ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], newval); } } @@ -639,8 +694,8 @@ void instrument8BitCountersCount(void) { } } - ATOMIC_SET(covFeedback->pidTotalEdge[my_thread_no], totalEdge); - ATOMIC_SET(covFeedback->pidTotalCmp[my_thread_no], totalCmp); + ATOMIC_SET(globalCovFeedback->pidTotalEdge[my_thread_no], totalEdge); + ATOMIC_SET(globalCovFeedback->pidTotalCmp[my_thread_no], totalCmp); wmb(); } @@ -679,10 +734,10 @@ __attribute__((weak)) __thread uintptr_t __sancov_lowest_stack = 0; bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { uintptr_t pos = addr % _HF_PERF_BITMAP_SIZE_16M; - uint32_t prev = ATOMIC_GET(covFeedback->bbMapCmp[pos]); + uint32_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { - ATOMIC_SET(covFeedback->bbMapCmp[pos], v); - ATOMIC_POST_ADD(covFeedback->pidNewCmp[my_thread_no], v - prev); + ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); + ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); wmb(); return true; } @@ -691,14 +746,14 @@ bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { /* Reset the counters of newly discovered edges/pcs/features */ void instrumentClearNewCov() { - ATOMIC_CLEAR(covFeedback->pidNewPC[my_thread_no]); - ATOMIC_CLEAR(covFeedback->pidNewEdge[my_thread_no]); - ATOMIC_CLEAR(covFeedback->pidNewCmp[my_thread_no]); + ATOMIC_CLEAR(globalCovFeedback->pidNewPC[my_thread_no]); + ATOMIC_CLEAR(globalCovFeedback->pidNewEdge[my_thread_no]); + ATOMIC_CLEAR(globalCovFeedback->pidNewCmp[my_thread_no]); wmb(); } void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { - if (!cmpFeedback) { + if (!globalCmpFeedback) { return; } if (len == 0) { @@ -714,7 +769,7 @@ void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { } void instrumentAddConstStr(const char* s) { - if (!cmpFeedback) { + if (!globalCmpFeedback) { return; } if (!instrumentLimitEvery(127)) { @@ -727,7 +782,7 @@ void instrumentAddConstStr(const char* s) { } void instrumentAddConstStrN(const char* s, size_t n) { - if (!cmpFeedback) { + if (!globalCmpFeedback) { return; } if (n == 0) { @@ -743,5 +798,5 @@ void instrumentAddConstStrN(const char* s, size_t n) { } bool instrumentConstAvail(void) { - return (ATOMIC_GET(cmpFeedback) != NULL); + return (ATOMIC_GET(globalCmpFeedback) != NULL); } diff --git a/subproc.c b/subproc.c index 7e2163fd..17b4a603 100644 --- a/subproc.c +++ b/subproc.c @@ -295,6 +295,13 @@ static bool subproc_PrepareExecv(run_t* run) { return false; } + /* The per-thread coverage feedback bitmap */ + if (TEMP_FAILURE_RETRY(dup2(run->perThreadCovFeedbackFd, _HF_PERTHREAD_BITMAP_FD)) == -1) { + PLOG_E("dup2(%d, _HF_CMP_PERTHREAD_FD=%d)", run->perThreadCovFeedbackFd, + _HF_PERTHREAD_BITMAP_FD); + return false; + } + /* Do not try to handle input files with socketfuzzer */ if (!run->global->socketFuzzer.enabled) { /* The input file to _HF_INPUT_FD */ -- cgit v1.2.3 From 3d53cd7b644bfb6ab139d550c5b3b989efc6355d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 10 Apr 2020 16:59:33 +0200 Subject: libhfcommon/util: change an incorrect call for non-x86 archs --- libhfcommon/util.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfcommon/util.h b/libhfcommon/util.h index a6d153b4..ce0c933c 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -82,7 +82,7 @@ __attribute__((always_inline)) static inline bool ATOMIC_BITMAP_SET(uint8_t* add : "Ir"(offset % 8)); return old; #else /* defined(__x86_64__) || defined(__i386__) */ - return (ATOMIC_POST_OR_RELAXED(*addr, mask) & mask); + return (ATOMIC_POST_OR(*addr, mask) & mask); #endif /* defined(__x86_64__) || defined(__i386__) */ } -- cgit v1.2.3 From 49b312a8e4ea923fbd259e95c3e1f02cacb85fdd Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 10 Apr 2020 17:04:07 +0200 Subject: hfuzz-cc: switch back to pc-guards as default instrumentation mode. The 8bitcnt mode was too slow for some targets with big number of edges to instrument --- hfuzz_cc/hfuzz-8bitcnt-clang | 1 + hfuzz_cc/hfuzz-8bitcnt-clang++ | 1 + hfuzz_cc/hfuzz-cc.c | 5 ++++- 3 files changed, 6 insertions(+), 1 deletion(-) create mode 120000 hfuzz_cc/hfuzz-8bitcnt-clang create mode 120000 hfuzz_cc/hfuzz-8bitcnt-clang++ diff --git a/hfuzz_cc/hfuzz-8bitcnt-clang b/hfuzz_cc/hfuzz-8bitcnt-clang new file mode 120000 index 00000000..78d03419 --- /dev/null +++ b/hfuzz_cc/hfuzz-8bitcnt-clang @@ -0,0 +1 @@ +hfuzz-cc \ No newline at end of file diff --git a/hfuzz_cc/hfuzz-8bitcnt-clang++ b/hfuzz_cc/hfuzz-8bitcnt-clang++ new file mode 120000 index 00000000..78d03419 --- /dev/null +++ b/hfuzz_cc/hfuzz-8bitcnt-clang++ @@ -0,0 +1 @@ +hfuzz-cc \ No newline at end of file diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 91f6b7c8..5a0de1ef 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -22,7 +22,7 @@ static bool isCXX = false; static bool isGCC = false; -static bool usePCGuard = false; +static bool usePCGuard = true; static bool hasCmdLineFSanitizeFuzzer = false; /* Embed libhf/.a inside this binary */ @@ -512,6 +512,9 @@ int main(int argc, char** argv) { if (baseNameContains(argv[0], "-pcguard-")) { usePCGuard = true; } + if (baseNameContains(argv[0], "-8bitcnt-")) { + usePCGuard = false; + } hasCmdLineFSanitizeFuzzer = hasFSanitizeFuzzer(argc, argv); if (argc <= 1) { -- cgit v1.2.3 From 24939059148e58a15ffb0cf1f51aea4a15049ac5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 10 Apr 2020 21:30:14 +0200 Subject: libhfuzz/instrument: use hugetlb when available for large mappings --- libhfcommon/files.c | 5 +++++ libhfuzz/instrument.c | 9 +++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index ba2a9dd6..6b003617 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -351,6 +351,8 @@ int files_createSharedMem(size_t sz, const char* name, bool exportmap) { } } #endif /* defined(SHM_ANON) */ + +/* Use regular shm_open */ #if !defined(_HF_ARCH_DARWIN) && !defined(__ANDROID__) /* shm objects under MacOSX are 'a-typical' */ if (fd == -1) { @@ -366,6 +368,8 @@ int files_createSharedMem(size_t sz, const char* name, bool exportmap) { } } #endif /* !defined(_HF_ARCH_DARWIN) && !defined(__ANDROID__) */ + + /* As a last resort, create a file in /tmp */ if (fd == -1) { char template[PATH_MAX]; snprintf(template, sizeof(template), "/tmp/%s.XXXXXX", name); @@ -375,6 +379,7 @@ int files_createSharedMem(size_t sz, const char* name, bool exportmap) { } unlink(template); } + if (TEMP_FAILURE_RETRY(ftruncate(fd, sz)) == -1) { PLOG_W("ftruncate(%d, %zu)", fd, sz); close(fd); diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index d1359d11..8f691b23 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -80,11 +80,16 @@ static void* initialzeTryMapHugeTLB(int fd, size_t sz) { #if defined(_HF_ARCH_LINUX) /* - * Try to map the local structure using HugeTLB maps. It'll be way fatser later to clean it with + * Try to map the local structure using HugeTLB. It'll be way fatser later to clean it with * { ftruncate(fd, 0); ftruncate(fd, size); } */ - mflags = files_getTmpMapFlags(MAP_SHARED | MAP_HUGETLB, /* nocore= */ true); + mflags = files_getTmpMapFlags(MAP_SHARED | MAP_HUGE_2MB, /* nocore= */ true); void* ret = mmap(NULL, sz, PROT_READ | PROT_WRITE, mflags, fd, 0); +#if defined(__x86_64__) || defined(__i386__) + if (ret == MAP_FAILED) { + PLOG_W("mmap(sz=%zu fd=%d flags=MAP_SHARED|MAP_HUGE_2MB) failed", sz, fd); + } +#endif /* defined(__x86_64__) || defined(__i386__) */ if (ret != MAP_FAILED) { return ret; } -- cgit v1.2.3 From 6dca4e0af6a20e63bd4fd4609ea9facb6e4fc8ff Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 11 Apr 2020 01:22:45 +0200 Subject: Implement edge counting for PC-guards as well (in addition to 8-bit-counters --- libhfuzz/instrument.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 8f691b23..ca48b2c1 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -608,13 +608,15 @@ static uint8_t const instrumentCntMap[256] = { HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { #if defined(__ANDROID__) - // ANDROID: Bionic invokes routines that Honggfuzz wraps, before either - // *SAN or Honggfuzz have initialized. Check to see if Honggfuzz - // has initialized -- if not, force *SAN to initialize (otherwise - // _strcmp() will crash, as it is *SAN-instrumented). - // - // Defer all trace_pc_guard activity until trace_pc_guard_init is - // invoked via sancov.module_ctor in the normal process of things. + /* + * ANDROID: Bionic invokes routines that Honggfuzz wraps, before either + * *SAN or Honggfuzz have initialized. Check to see if Honggfuzz + * has initialized -- if not, force *SAN to initialize (otherwise + * _strcmp() will crash, as it is *SAN-instrumented). + * + * Defer all trace_pc_guard activity until trace_pc_guard_init is + * invoked via sancov.module_ctor in the normal process of things. + */ if (!guards_initialized) { void __asan_init(void) __attribute__((weak)); if (__asan_init) { @@ -636,14 +638,14 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { } #endif /* defined(__ANDROID__) */ - uint8_t v = ++(localCovFeedback->pcGuardMap[*guard]); + const uint8_t v = ATOMIC_PRE_INC(localCovFeedback->pcGuardMap[*guard]); const uint8_t newval = instrumentCntMap[v]; if (ATOMIC_GET(globalCovFeedback->pcGuardMap[*guard]) < newval) { - const uint8_t prevval = ATOMIC_POST_OR(globalCovFeedback->pcGuardMap[*guard], newval); - if (prevval == 0) { + const uint8_t oldval = ATOMIC_POST_OR(globalCovFeedback->pcGuardMap[*guard], newval); + if (!oldval) { ATOMIC_PRE_INC(globalCovFeedback->pidNewEdge[my_thread_no]); - } else if (prevval < newval) { + } else if (oldval < newval) { ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], newval); } wmb(); @@ -680,11 +682,10 @@ void instrument8BitCountersCount(void) { /* New hits */ if (ATOMIC_GET(globalCovFeedback->pcGuardMap[guard]) < newval) { - const uint8_t prevval = - ATOMIC_POST_OR(globalCovFeedback->pcGuardMap[guard], newval); - if (!prevval) { + const uint8_t oldval = ATOMIC_POST_OR(globalCovFeedback->pcGuardMap[guard], newval); + if (!oldval) { ATOMIC_PRE_INC(globalCovFeedback->pidNewEdge[my_thread_no]); - } else if (prevval < newval) { + } else if (oldval < newval) { ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], newval); } } -- cgit v1.2.3 From 7d5452f1880a6e2d6f453553c95a152465f3b641 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 11 Apr 2020 02:21:08 +0200 Subject: libhfuzz/instrument: use fallocate to zero memory in the file --- libhfcommon/files.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 6b003617..70eeed87 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -213,7 +213,16 @@ const char* files_basename(const char* path) { return base ? base + 1 : path; } +/* Zero all bytes in the file */ bool files_resetFile(int fd, size_t sz) { +#if defined(_HF_ARCH_LINUX) + if (fallocate(fd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, (off_t)0, (off_t)sz) != -1) { + return true; + } + PLOG_W("fallocate(fd=%d, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, sz=%zu)", fd, sz); +#endif /* defined(_HF_ARCH_LINUX) */ + + /* Fallback mode */ if (ftruncate(fd, (off_t)0) == -1) { PLOG_W("ftruncate(fd=%d, sz=0)", fd); return false; -- cgit v1.2.3 From a41cd68d55d933ec0f2b8dcf69510cc32172366f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 11 Apr 2020 16:00:29 +0200 Subject: libhfuzz: reset the pcguard map locally, as it's faster than fallocate --- fuzz.c | 5 ----- libhfuzz/instrument.c | 4 ++++ libhfuzz/instrument.h | 2 +- libhfuzz/persistent.c | 1 + 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/fuzz.c b/fuzz.c index 52e88942..6f327482 100644 --- a/fuzz.c +++ b/fuzz.c @@ -404,11 +404,6 @@ static void fuzz_fuzzLoop(run_t* run) { run->linux.hwCnts.bbCnt = 0; run->linux.hwCnts.newBBCnt = 0; - if (!files_resetFile(run->perThreadCovFeedbackFd, sizeof(feedback_t))) { - LOG_F("Couldn't reset the per-thread coverage file fd=%d sz=%zu", - run->perThreadCovFeedbackFd, sizeof(feedback_t)); - } - if (!fuzz_fetchInput(run)) { if (run->global->cfg.minimize && fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { fuzz_setTerminating(); diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index ca48b2c1..7b5d62b0 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -224,6 +224,10 @@ __attribute__((weak)) size_t instrumentReserveGuard(size_t cnt) { return base; } +void instrumentResetLocalCovFeedback(void) { + bzero(&(localCovFeedback->pcGuardMap[0]), instrumentReserveGuard(0)); +} + /* Used to limit certain expensive actions, like adding values to dictionaries */ static inline bool instrumentLimitEvery(uint64_t step) { static __thread uint64_t staticCnt = 0; diff --git a/libhfuzz/instrument.h b/libhfuzz/instrument.h index 977d3a28..5ba46725 100644 --- a/libhfuzz/instrument.h +++ b/libhfuzz/instrument.h @@ -28,8 +28,8 @@ #include #include -/* Returns true if the new value is better */ extern void instrument8BitCountersCount(void); +extern void instrumentResetLocalCovFeedback(void); extern unsigned instrumentThreadNo(void); extern bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v); extern void instrumentClearNewCov(); diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c index fb5f6488..334f876d 100644 --- a/libhfuzz/persistent.c +++ b/libhfuzz/persistent.c @@ -60,6 +60,7 @@ void HF_ITER(const uint8_t** buf_ptr, size_t* len_ptr) { extern const char* const LIBHFUZZ_module_memorycmp; extern const char* const LIBHFUZZ_module_instrument; static void HonggfuzzRunOneInput(const uint8_t* buf, size_t len) { + instrumentResetLocalCovFeedback(); int ret = LLVMFuzzerTestOneInput(buf, len); if (ret != 0) { LOG_D("Dereferenced: %s, %s", LIBHFUZZ_module_memorycmp, LIBHFUZZ_module_instrument); -- cgit v1.2.3 From 9a53e73015d33313feee93bec0fb5c6266c0271c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 11 Apr 2020 17:07:35 +0200 Subject: libhfuzz: reset pc-guard-max plus 1 --- libhfuzz/instrument.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 7b5d62b0..4e666d0e 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -225,7 +225,9 @@ __attribute__((weak)) size_t instrumentReserveGuard(size_t cnt) { } void instrumentResetLocalCovFeedback(void) { - bzero(&(localCovFeedback->pcGuardMap[0]), instrumentReserveGuard(0)); + bzero(&(localCovFeedback->pcGuardMap[0]), + HF_MIN(instrumentReserveGuard(0) + 1, _HF_PC_GUARD_MAX - 1)); + wmb(); } /* Used to limit certain expensive actions, like adding values to dictionaries */ @@ -642,7 +644,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { } #endif /* defined(__ANDROID__) */ - const uint8_t v = ATOMIC_PRE_INC(localCovFeedback->pcGuardMap[*guard]); + const uint8_t v = ++(localCovFeedback->pcGuardMap[*guard]); const uint8_t newval = instrumentCntMap[v]; if (ATOMIC_GET(globalCovFeedback->pcGuardMap[*guard]) < newval) { -- cgit v1.2.3 From 92c8819f958932b52291a07a7d87343f06ea00e2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 11 Apr 2020 21:45:57 +0200 Subject: libhfuzz: use ATOMIC_PRE_INC when updating localcovmap --- libhfuzz/instrument.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 4e666d0e..a1892869 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -612,7 +612,7 @@ static uint8_t const instrumentCntMap[256] = { [65 ... 255] = 1U << 7, }; -HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { +HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard_ptr) { #if defined(__ANDROID__) /* * ANDROID: Bionic invokes routines that Honggfuzz wraps, before either @@ -644,18 +644,20 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { } #endif /* defined(__ANDROID__) */ - const uint8_t v = ++(localCovFeedback->pcGuardMap[*guard]); + const uint32_t guard = *guard_ptr; + const uint8_t v = ATOMIC_PRE_INC(localCovFeedback->pcGuardMap[guard]); const uint8_t newval = instrumentCntMap[v]; - if (ATOMIC_GET(globalCovFeedback->pcGuardMap[*guard]) < newval) { - const uint8_t oldval = ATOMIC_POST_OR(globalCovFeedback->pcGuardMap[*guard], newval); + if (ATOMIC_GET(globalCovFeedback->pcGuardMap[guard]) < newval) { + const uint8_t oldval = ATOMIC_POST_OR(globalCovFeedback->pcGuardMap[guard], newval); if (!oldval) { ATOMIC_PRE_INC(globalCovFeedback->pidNewEdge[my_thread_no]); } else if (oldval < newval) { ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], newval); } - wmb(); } + + wmb(); } /* Support up to 256 DSO modules with separate 8bit counters */ -- cgit v1.2.3 From 9c05fe8aac86fd78b07f394fa08d032318777e50 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 11 Apr 2020 23:56:47 +0200 Subject: libhfuzz/instrument: don't evaluate a guard if it's == 0 --- libhfuzz/instrument.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index a1892869..00222318 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -645,6 +645,10 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard_ptr) #endif /* defined(__ANDROID__) */ const uint32_t guard = *guard_ptr; + if (!guard) { + return; + } + const uint8_t v = ATOMIC_PRE_INC(localCovFeedback->pcGuardMap[guard]); const uint8_t newval = instrumentCntMap[v]; -- cgit v1.2.3 From c1b00b5bbb957fb5f5eb7943b46ba15d29298244 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 12 Apr 2020 00:21:36 +0200 Subject: libhfuzz: clear guards if these are no longer interesting --- libhfuzz/instrument.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 00222318..46d79e7c 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -650,6 +650,11 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard_ptr) } const uint8_t v = ATOMIC_PRE_INC(localCovFeedback->pcGuardMap[guard]); + if (v == 0) { + /* This guard has been maxed out. Mark it as uninteresting */ + ATOMIC_CLEAR(*guard_ptr); + } + const uint8_t newval = instrumentCntMap[v]; if (ATOMIC_GET(globalCovFeedback->pcGuardMap[guard]) < newval) { @@ -657,10 +662,9 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard_ptr) if (!oldval) { ATOMIC_PRE_INC(globalCovFeedback->pidNewEdge[my_thread_no]); } else if (oldval < newval) { - ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], newval); + ATOMIC_PRE_INC(globalCovFeedback->pidNewCmp[my_thread_no]); } } - wmb(); } @@ -698,7 +702,7 @@ void instrument8BitCountersCount(void) { if (!oldval) { ATOMIC_PRE_INC(globalCovFeedback->pidNewEdge[my_thread_no]); } else if (oldval < newval) { - ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], newval); + ATOMIC_PRE_INC(globalCovFeedback->pidNewCmp[my_thread_no]); } } -- cgit v1.2.3 From a2d3a2d5d252eb0d84314310b984512f511eb074 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 12 Apr 2020 15:00:17 +0200 Subject: libhfuzz: don't set guards to zero if global guard non-zero --- libhfuzz/instrument.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 46d79e7c..593a94ea 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -225,8 +225,8 @@ __attribute__((weak)) size_t instrumentReserveGuard(size_t cnt) { } void instrumentResetLocalCovFeedback(void) { - bzero(&(localCovFeedback->pcGuardMap[0]), - HF_MIN(instrumentReserveGuard(0) + 1, _HF_PC_GUARD_MAX - 1)); + bzero(localCovFeedback->pcGuardMap, HF_MIN(instrumentReserveGuard(0), _HF_PC_GUARD_MAX)); + wmb(); } @@ -593,10 +593,10 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start for (uint32_t* x = start; x < stop; x++) { uint32_t guardNo = instrumentReserveGuard(1); - /* If the corresponding PC was already hit, map this specific guard as uninteresting (0) */ - *x = ATOMIC_GET(globalCovFeedback->pcGuardMap[guardNo]) ? 0U : guardNo; - wmb(); + *x = guardNo; } + + wmb(); } /* Map number of visits to an edge into buckets */ -- cgit v1.2.3 From b367c34b62c729b78e0e924e2e779938c351ca74 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 15 Apr 2020 12:33:53 +0200 Subject: mangle/input: made speed scoring function much less aggressive because it can mutate input files too much. Also, divide the speed_factor by 5 (not so aggressive), and cap it at 10, and not 15 --- input.c | 14 +++++++------- mangle.c | 6 +++--- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/input.c b/input.c index d204ffd5..f1db4317 100644 --- a/input.c +++ b/input.c @@ -462,22 +462,22 @@ static inline int input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_fa int penalty = 0; { - *speed_factor = input_speedFactor(run, dynfile); - penalty += HF_CAP(*speed_factor, -15, 15); + *speed_factor = HF_CAP(input_speedFactor(run, dynfile) / 3, 0, 15); + penalty += *speed_factor; } { /* Older inputs -> lower chance of being tested */ static const int scaleMap[] = { - [100 ... 200] = -15, - [98 ... 99] = -5, + [100 ... 200] = -10, + [98 ... 99] = -7, [96 ... 97] = -2, [91 ... 95] = -1, [81 ... 90] = 0, [71 ... 80] = 1, [61 ... 70] = 2, [41 ... 60] = 3, - [0 ... 40] = 5, + [0 ... 40] = 4, }; const unsigned percentile = (dynfile->idx * 100) / run->global->io.dynfileqCnt; @@ -486,13 +486,13 @@ static inline int input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_fa { /* If the input wasn't source of other inputs so far, make it less likely to be tested */ - penalty += HF_CAP((2 - (int)dynfile->refs) * 2, -15, 15); + penalty += HF_CAP((1 - (int)dynfile->refs) * 10, -15, 10); } { /* Add penalty for the input being too big - 0 is for 256B inputs */ if (dynfile->size > 0) { - penalty += HF_CAP(((int)util_Log2(dynfile->size) - 8) / 4, -15, 15); + penalty += HF_CAP(((int)util_Log2(dynfile->size) - 8) / 4, -5, 5); } } diff --git a/mangle.c b/mangle.c index 0f367dff..e7f6be38 100644 --- a/mangle.c +++ b/mangle.c @@ -848,12 +848,12 @@ void mangle_mangleContent(run_t* run, int speed_factor) { uint64_t changesCnt = run->global->mutate.mutationsPerRun; - if (speed_factor <= 1) { + if (speed_factor < 5) { changesCnt = util_rndGet(1, run->global->mutate.mutationsPerRun); - } else if (speed_factor <= 3) { + } else if (speed_factor < 10) { changesCnt = run->global->mutate.mutationsPerRun; } else { - changesCnt = HF_MIN(speed_factor, 20); + changesCnt = HF_MIN(speed_factor, 12); changesCnt = HF_MAX(changesCnt, run->global->mutate.mutationsPerRun); } -- cgit v1.2.3 From 075756bea8d1f08eb19d5de18e48d264038b853c Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 15 Apr 2020 19:44:05 +0200 Subject: libhfuzz/performance: lower the reset ratio from 10 to 5 --- libhfuzz/performance.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libhfuzz/performance.c b/libhfuzz/performance.c index d09fa6f9..4dd64633 100644 --- a/libhfuzz/performance.c +++ b/libhfuzz/performance.c @@ -13,8 +13,8 @@ #include "libhfuzz/instrument.h" #define HF_USEC_PER_SEC 1000000 -#define HF_CHECK_INTERVAL_USECS (HF_USEC_PER_SEC * 20) /* Peform check every 20 sec. */ -#define HF_RESET_RATIO 10 /* Reset if currently n times slower that at the beginning */ +#define HF_CHECK_INTERVAL_USECS (HF_USEC_PER_SEC * 20) /* Peform this check every 20 sec. */ +#define HF_RESET_RATIO 5 /* Reset ourselves, if currently n times slower than in the beginning */ static uint64_t iterCnt = 0; static time_t firstInputUSecs = 0; -- cgit v1.2.3 From ca8042f79171a1f093e1cf2877ba052b36325254 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 16 Apr 2020 10:00:01 +0200 Subject: libhfuzz: update total counters for the pc-guard method as well --- fuzz.c | 2 ++ libhfuzz/instrument.c | 27 ++++++++++++++++++--------- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/fuzz.c b/fuzz.c index 6f327482..9d870bab 100644 --- a/fuzz.c +++ b/fuzz.c @@ -210,6 +210,8 @@ static void fuzz_perfFeedback(run_t* run) { ATOMIC_GET(run->global->feedback.covFeedbackMap->pidTotalCmp[run->fuzzNo]); ATOMIC_CLEAR(run->global->feedback.covFeedbackMap->pidTotalCmp[run->fuzzNo]); + rmb(); + int64_t diff0 = (int64_t)run->global->linux.hwCnts.cpuInstrCnt - run->linux.hwCnts.cpuInstrCnt; int64_t diff1 = (int64_t)run->global->linux.hwCnts.cpuBranchCnt - run->linux.hwCnts.cpuBranchCnt; diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 593a94ea..4a914640 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -644,19 +644,27 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard_ptr) } #endif /* defined(__ANDROID__) */ + /* This guard is uninteresting, it was probably maxed out already */ const uint32_t guard = *guard_ptr; if (!guard) { return; } - const uint8_t v = ATOMIC_PRE_INC(localCovFeedback->pcGuardMap[guard]); - if (v == 0) { + if (ATOMIC_GET(localCovFeedback->pcGuardMap[guard]) > 100) { /* This guard has been maxed out. Mark it as uninteresting */ ATOMIC_CLEAR(*guard_ptr); } - const uint8_t newval = instrumentCntMap[v]; + /* Update the total/local counters */ + const uint8_t v = ATOMIC_PRE_INC(localCovFeedback->pcGuardMap[guard]); + if (v == 1) { + ATOMIC_PRE_INC(globalCovFeedback->pidTotalEdge[my_thread_no]); + } else { + ATOMIC_PRE_INC(globalCovFeedback->pidTotalCmp[my_thread_no]); + } + /* Update the new/global counters */ + const uint8_t newval = instrumentCntMap[v]; if (ATOMIC_GET(globalCovFeedback->pcGuardMap[guard]) < newval) { const uint8_t oldval = ATOMIC_POST_OR(globalCovFeedback->pcGuardMap[guard], newval); if (!oldval) { @@ -678,10 +686,6 @@ static struct { void instrument8BitCountersCount(void) { rmb(); - ATOMIC_CLEAR(globalCovFeedback->pidTotalPC[my_thread_no]); - ATOMIC_CLEAR(globalCovFeedback->pidTotalEdge[my_thread_no]); - ATOMIC_CLEAR(globalCovFeedback->pidTotalCmp[my_thread_no]); - uint64_t totalEdge = 0; uint64_t totalCmp = 0; @@ -716,8 +720,8 @@ void instrument8BitCountersCount(void) { } } - ATOMIC_SET(globalCovFeedback->pidTotalEdge[my_thread_no], totalEdge); - ATOMIC_SET(globalCovFeedback->pidTotalCmp[my_thread_no], totalCmp); + ATOMIC_POST_ADD(globalCovFeedback->pidTotalEdge[my_thread_no], totalEdge); + ATOMIC_POST_ADD(globalCovFeedback->pidTotalCmp[my_thread_no], totalCmp); wmb(); } @@ -771,6 +775,11 @@ void instrumentClearNewCov() { ATOMIC_CLEAR(globalCovFeedback->pidNewPC[my_thread_no]); ATOMIC_CLEAR(globalCovFeedback->pidNewEdge[my_thread_no]); ATOMIC_CLEAR(globalCovFeedback->pidNewCmp[my_thread_no]); + + ATOMIC_CLEAR(globalCovFeedback->pidTotalPC[my_thread_no]); + ATOMIC_CLEAR(globalCovFeedback->pidTotalEdge[my_thread_no]); + ATOMIC_CLEAR(globalCovFeedback->pidTotalCmp[my_thread_no]); + wmb(); } -- cgit v1.2.3 From 1f971a6fa304b58f4935f47bedb70edead0e738d Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 16 Apr 2020 11:29:51 +0200 Subject: input: count penalty on the basis of per-input coverage --- honggfuzz.h | 1 + input.c | 43 +++++++++++++++++++++++++++++++++---------- 2 files changed, 34 insertions(+), 10 deletions(-) diff --git a/honggfuzz.h b/honggfuzz.h index fd0b7c5e..dce51b73 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -285,6 +285,7 @@ typedef struct { uint64_t* blacklist; size_t blacklistCnt; bool skipFeedbackOnTimeout; + uint64_t maxCov[4]; dynFileMethod_t dynFileMethod; } feedback; struct { diff --git a/input.c b/input.c index f1db4317..caeafb81 100644 --- a/input.c +++ b/input.c @@ -389,7 +389,11 @@ void input_addDynamicInput(run_t* run) { MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); dynfile->idx = ATOMIC_PRE_INC(run->global->io.dynfileqCnt); - dynfile->cov[3] = dynfile->idx; + + run->global->feedback.maxCov[0] = HF_MAX(run->global->feedback.maxCov[0], dynfile->cov[0]); + run->global->feedback.maxCov[1] = HF_MAX(run->global->feedback.maxCov[1], dynfile->cov[1]); + run->global->feedback.maxCov[2] = HF_MAX(run->global->feedback.maxCov[2], dynfile->cov[2]); + run->global->feedback.maxCov[3] = HF_MAX(run->global->feedback.maxCov[3], dynfile->cov[3]); run->global->io.dynfileqMaxSz = HF_MAX(run->global->io.dynfileqMaxSz, dynfile->size); @@ -466,18 +470,37 @@ static inline int input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_fa penalty += *speed_factor; } + { + /* Inputs with lower total coverage -> lower chance of being tested */ + static const int scaleMap[] = { + [100 ... 200] = -15, + [90 ... 99] = -10, + [80 ... 89] = -7, + [70 ... 79] = -5, + [60 ... 69] = -2, + [50 ... 59] = 0, + [30 ... 49] = 5, + [10 ... 29] = 10, + [0 ... 10] = 15, + }; + + uint64_t maxCov0 = ATOMIC_GET(run->global->feedback.maxCov[0]); + if (maxCov0) { + const unsigned percentile = (dynfile->cov[0] * 100) / maxCov0; + penalty += scaleMap[percentile]; + } + } + { /* Older inputs -> lower chance of being tested */ static const int scaleMap[] = { [100 ... 200] = -10, - [98 ... 99] = -7, - [96 ... 97] = -2, - [91 ... 95] = -1, - [81 ... 90] = 0, - [71 ... 80] = 1, - [61 ... 70] = 2, - [41 ... 60] = 3, - [0 ... 40] = 4, + [98 ... 99] = -5, + [96 ... 97] = -1, + [91 ... 95] = 0, + [81 ... 90] = 1, + [71 ... 80] = 2, + [0 ... 70] = 3, }; const unsigned percentile = (dynfile->idx * 100) / run->global->io.dynfileqCnt; @@ -486,7 +509,7 @@ static inline int input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_fa { /* If the input wasn't source of other inputs so far, make it less likely to be tested */ - penalty += HF_CAP((1 - (int)dynfile->refs) * 10, -15, 10); + penalty += HF_CAP((3 - (int)dynfile->refs) * 3, -15, 10); } { -- cgit v1.2.3 From 69fc8c90c66907cbaf10b296bcdbece267131080 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 16 Apr 2020 19:31:02 +0200 Subject: input: allow for testing specific samples for more time --- honggfuzz.h | 2 ++ input.c | 70 ++++++++++++++++++++++++++++++++++--------------------------- 2 files changed, 41 insertions(+), 31 deletions(-) diff --git a/honggfuzz.h b/honggfuzz.h index dce51b73..456c58a6 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -359,6 +359,8 @@ typedef struct { bool tmOutSignaled; char* args[_HF_ARGS_MAX + 1]; int perThreadCovFeedbackFd; + unsigned triesLeft; + dynfile_t* current; #if !defined(_HF_ARCH_DARWIN) timer_t timerId; #endif // !defined(_HF_ARCH_DARWIN) diff --git a/input.c b/input.c index caeafb81..f989291c 100644 --- a/input.c +++ b/input.c @@ -466,22 +466,22 @@ static inline int input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_fa int penalty = 0; { - *speed_factor = HF_CAP(input_speedFactor(run, dynfile) / 3, 0, 15); + *speed_factor = HF_CAP(input_speedFactor(run, dynfile) / 2, -15, 15); penalty += *speed_factor; } { /* Inputs with lower total coverage -> lower chance of being tested */ - static const int scaleMap[] = { - [100 ... 200] = -15, - [90 ... 99] = -10, - [80 ... 89] = -7, + static const int scaleMap[200] = { + [100 ... 199] = -20, + [90 ... 99] = -15, + [80 ... 89] = -10, [70 ... 79] = -5, [60 ... 69] = -2, [50 ... 59] = 0, - [30 ... 49] = 5, - [10 ... 29] = 10, - [0 ... 10] = 15, + [30 ... 49] = 1, + [11 ... 29] = 3, + [0 ... 10] = 5, }; uint64_t maxCov0 = ATOMIC_GET(run->global->feedback.maxCov[0]); @@ -493,14 +493,14 @@ static inline int input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_fa { /* Older inputs -> lower chance of being tested */ - static const int scaleMap[] = { - [100 ... 200] = -10, - [98 ... 99] = -5, - [96 ... 97] = -1, - [91 ... 95] = 0, - [81 ... 90] = 1, - [71 ... 80] = 2, - [0 ... 70] = 3, + static const int scaleMap[200] = { + [100 ... 199] = -10, + [95 ... 99] = -5, + [91 ... 94] = -1, + [81 ... 90] = 0, + [71 ... 80] = 1, + [41 ... 70] = 2, + [0 ... 40] = 3, }; const unsigned percentile = (dynfile->idx * 100) / run->global->io.dynfileqCnt; @@ -509,13 +509,13 @@ static inline int input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_fa { /* If the input wasn't source of other inputs so far, make it less likely to be tested */ - penalty += HF_CAP((3 - (int)dynfile->refs) * 3, -15, 10); + penalty += HF_CAP((2 - (int)dynfile->refs) * 3, -15, 10); } { - /* Add penalty for the input being too big - 0 is for 256B inputs */ + /* Add penalty for the input being too big - 0 is for 1kB inputs */ if (dynfile->size > 0) { - penalty += HF_CAP(((int)util_Log2(dynfile->size) - 8) / 4, -5, 5); + penalty += HF_CAP(((int)util_Log2(dynfile->size) - 10), -5, 5); } } @@ -523,8 +523,6 @@ static inline int input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_fa } bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { - dynfile_t* current = NULL; - if (ATOMIC_GET(run->global->io.dynfileqCnt) == 0) { LOG_F("The dynamic file corpus is empty. This shouldn't happen"); } @@ -537,23 +535,33 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { run->global->io.dynfileqCurrent = TAILQ_FIRST(&run->global->io.dynfileq); } - current = run->global->io.dynfileqCurrent; + if (run->triesLeft) { + run->triesLeft--; + break; + } + + run->current = run->global->io.dynfileqCurrent; run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); - int skip_factor = input_skipFactor(run, current, &speed_factor); - if (skip_factor <= 0 || (util_rnd64() % skip_factor) == 0) { + int skip_factor = input_skipFactor(run, run->current, &speed_factor); + if (skip_factor <= 0) { + run->triesLeft = -(skip_factor); + break; + } + + if ((util_rnd64() % skip_factor) == 0) { break; } } - input_setSize(run, current->size); - memcpy(run->dynfile->cov, current->cov, sizeof(run->dynfile->cov)); - run->dynfile->idx = current->idx; - run->dynfile->timeExecUSecs = current->timeExecUSecs; - snprintf(run->dynfile->path, sizeof(run->dynfile->path), "%s", current->path); - run->dynfile->src = current; + input_setSize(run, run->current->size); + memcpy(run->dynfile->cov, run->current->cov, sizeof(run->dynfile->cov)); + run->dynfile->idx = run->current->idx; + run->dynfile->timeExecUSecs = run->current->timeExecUSecs; + snprintf(run->dynfile->path, sizeof(run->dynfile->path), "%s", run->current->path); + run->dynfile->src = run->current; run->dynfile->refs = 0; - memcpy(run->dynfile->data, current->data, current->size); + memcpy(run->dynfile->data, run->current->data, run->current->size); if (needs_mangle) { mangle_mangleContent(run, speed_factor); -- cgit v1.2.3 From 26b8d7cc613252ef57dab52aac71df123201af2b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 17 Apr 2020 01:48:25 +0200 Subject: libhfcommon/util: disable util_getProgAddr() for cygwin as it doesn't use ELF --- libhfcommon/util.c | 16 ++++++++-------- sanitizers.c | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index 8733b1f9..b9b29e59 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -27,9 +27,9 @@ #include #include #include -#if !defined(_HF_ARCH_DARWIN) +#if !defined(_HF_ARCH_DARWIN) && !defined(__CYGWIN__) #include -#endif +#endif /* !defined(_HF_ARCH_DARWIN) && !defined(__CYGWIN__) */ #include #include #include @@ -809,7 +809,7 @@ const char* util_sigName(int signo) { return signame; } -#if !defined(_HF_ARCH_DARWIN) +#if !defined(_HF_ARCH_DARWIN) && !defined(__CYGWIN__) static int addrStatic_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { for (size_t i = 0; i < info->dlpi_phnum; i++) { if (info->dlpi_phdr[i].p_type != PT_LOAD) { @@ -896,15 +896,15 @@ static int check64_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, voi bool util_64bitValInBinary(uint32_t v) { return (dl_iterate_phdr(check64_cb, &v) == 1); } -#else /* !defined(_HF_ARCH_DARWIN) */ +#else /* !defined(_HF_ARCH_DARWIN) && !defined(__CYGWIN__) */ /* Darwin doesn't use ELF file format for binaries, so dl_iterate_phdr() cannot be used there */ -lhfc_addr_t util_getProgAddr(const void* addr) { +lhfc_addr_t util_getProgAddr(const void* addr HF_ATTR_UNUSED) { return LHFC_ADDR_NOTFOUND; } -bool util_32bitValInBinary(uint32_t v) { +bool util_32bitValInBinary(uint32_t v HF_ATTR_UNUSED) { return false; } -bool util_64bitValInBinary(uint32_t v) { +bool util_64bitValInBinary(uint32_t v HF_ATTR_UNUSED) { return false; } -#endif /* !defined(_HF_ARCH_DARWIN) */ +#endif /* !defined(_HF_ARCH_DARWIN) && !defined(__CYGWIN__) */ diff --git a/sanitizers.c b/sanitizers.c index 78d8fafc..433feb0b 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -185,7 +185,7 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p } else { char* pLineLC = lineptr; /* Trim leading spaces */ - while (*pLineLC != '\0' && isspace(*pLineLC)) { + while (*pLineLC != '\0' && isspace((int)*pLineLC)) { ++pLineLC; } -- cgit v1.2.3 From 55048ab084058c3b0002085ccfc8363a2b450268 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 17 Apr 2020 02:08:11 +0200 Subject: input: update coverage bucketting map --- input.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/input.c b/input.c index f989291c..dfee12c1 100644 --- a/input.c +++ b/input.c @@ -473,15 +473,14 @@ static inline int input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_fa { /* Inputs with lower total coverage -> lower chance of being tested */ static const int scaleMap[200] = { - [100 ... 199] = -20, - [90 ... 99] = -15, - [80 ... 89] = -10, - [70 ... 79] = -5, - [60 ... 69] = -2, + [95 ... 199] = -15, + [90 ... 94] = -7, + [80 ... 89] = -3, + [60 ... 79] = -1, [50 ... 59] = 0, - [30 ... 49] = 1, - [11 ... 29] = 3, - [0 ... 10] = 5, + [30 ... 49] = 5, + [11 ... 29] = 10, + [0 ... 10] = 15, }; uint64_t maxCov0 = ATOMIC_GET(run->global->feedback.maxCov[0]); -- cgit v1.2.3 From 24ee291017a182c9d2a5c99b0061d642152d75ac Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 17 Apr 2020 09:02:14 +0200 Subject: libhfuzz: fix cygwin build --- libhfcommon/files.c | 2 +- libhfuzz/instrument.c | 10 ++++++++-- libhfuzz/memorycmp.c | 6 ++++-- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 70eeed87..7562c0e4 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -378,7 +378,7 @@ int files_createSharedMem(size_t sz, const char* name, bool exportmap) { } #endif /* !defined(_HF_ARCH_DARWIN) && !defined(__ANDROID__) */ - /* As a last resort, create a file in /tmp */ + /* As the last resort, create a file in /tmp */ if (fd == -1) { char template[PATH_MAX]; snprintf(template, sizeof(template), "/tmp/%s.XXXXXX", name); diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 4a914640..7a226a13 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -24,8 +24,11 @@ #include "libhfcommon/log.h" #include "libhfcommon/util.h" -__attribute__((visibility("hidden"))) __attribute__((used)) -const char* const LIBHFUZZ_module_instrument = "LIBHFUZZ_module_instrument"; +/* Cygwin doesn't support this */ +#if !defined(__CYGWIN__) +__attribute__((visibility("hidden"))) +#endif /* !defined(__CYGWIN__) */ +__attribute__((used)) const char* const LIBHFUZZ_module_instrument = "LIBHFUZZ_module_instrument"; /* * We require SSE4.2 with x86-(32|64) for the 'popcnt', as it's much faster than the software @@ -754,9 +757,12 @@ unsigned instrumentThreadNo(void) { return my_thread_no; } +/* Cygwin has problem with visibility of this symbol */ +#if !defined(__CYGWIN__) /* For some reason -fsanitize=fuzzer-no-link references this symbol */ __attribute__((tls_model("initial-exec"))) __attribute__((weak)) __thread uintptr_t __sancov_lowest_stack = 0; +#endif /* !defined(__CYGWIN__) */ bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { uintptr_t pos = addr % _HF_PERF_BITMAP_SIZE_16M; diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 1f5fc0e3..dd330826 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -10,8 +10,10 @@ #include "libhfcommon/util.h" #include "libhfuzz/instrument.h" -__attribute__((visibility("hidden"))) __attribute__((used)) -const char* const LIBHFUZZ_module_memorycmp = "LIBHFUZZ_module_memorycmp"; +#if !defined(__CYGWIN__) +__attribute__((visibility("hidden"))) +#endif /* !defined(__CYGWIN__) */ +__attribute__((used)) const char* const LIBHFUZZ_module_memorycmp = "LIBHFUZZ_module_memorycmp"; /* * util_getProgAddr() check is quite costly, and it lowers the fuzzing speed typically by a factor -- cgit v1.2.3 From d06843d40a66a77bec658e60b29bb05b3428adc7 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 17 Apr 2020 19:02:23 +0200 Subject: libhfcommon: O_CLOEXEC is not needed with shm_open, and Cygwin doesn't like it anyway --- libhfcommon/files.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 7562c0e4..64d71cfa 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -355,8 +355,8 @@ int files_createSharedMem(size_t sz, const char* name, bool exportmap) { /* SHM_ANON is available with some *BSD OSes */ #if defined(SHM_ANON) if (fd == -1) { - if ((fd = shm_open(SHM_ANON, O_RDWR | O_CLOEXEC, 0600)) == -1) { - PLOG_W("shm_open(SHM_ANON, O_RDWR|O_CLOEXEC, 0600)"); + if ((fd = shm_open(SHM_ANON, O_RDWR, 0600)) == -1) { + PLOG_W("shm_open(SHM_ANON, O_RDWR, 0600)"); } } #endif /* defined(SHM_ANON) */ @@ -370,8 +370,8 @@ int files_createSharedMem(size_t sz, const char* name, bool exportmap) { gettimeofday(&tv, NULL); snprintf(tmpname, sizeof(tmpname), "/%s%lx%lx%d", name, (unsigned long)tv.tv_sec, (unsigned long)tv.tv_usec, (int)getpid()); - if ((fd = shm_open(tmpname, O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC, 0600)) == -1) { - PLOG_W("shm_open('%s', O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, 0600)", tmpname); + if ((fd = shm_open(tmpname, O_RDWR | O_CREAT | O_EXCL, 0600)) == -1) { + PLOG_W("shm_open('%s', O_RDWR|O_CREAT|O_EXCL, 0600)", tmpname); } else { shm_unlink(tmpname); } -- cgit v1.2.3 From 7e814ece62d894aab2d7cc40535b5b7b07c2e427 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 17 Apr 2020 19:47:57 +0200 Subject: libhfuzz: don't LOG_F is real_memcmp cannot be resolved --- libhfuzz/instrument.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 7a226a13..77f897c3 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -52,7 +52,6 @@ cmpfeedback_t* globalCmpFeedback = NULL; uint32_t my_thread_no = 0; -extern int __wrap_memcmp(const void* s1, const void* s2, size_t n); int (*libc_memcmp)(const void* s1, const void* s2, size_t n) = memcmp; static void* getsym(const char* sym) { @@ -70,10 +69,8 @@ static void* getsym(const char* sym) { static void initializeLibcFunctions(void) { libc_memcmp = (int (*)(const void* s1, const void* s2, size_t n))getsym("memcmp"); if (!libc_memcmp) { - LOG_F("dlsym(memcmp) failed: %s", dlerror()); - } - if (libc_memcmp == __wrap_memcmp) { - LOG_F("libc_memcmp proxied to __wrap_memcmp"); + LOG_W("dlsym(memcmp) failed: %s", dlerror()); + libc_memcmp = memcmp; } LOG_D("libc_memcmp at %p", libc_memcmp); } -- cgit v1.2.3 From 05faa3ff17affb40580d32614fe5c754eba543a5 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 17 Apr 2020 19:54:55 +0200 Subject: hfuzz-cc: use finline-limit instead of max-inline-insns-single is the latter might not be supported everywhere --- hfuzz_cc/hfuzz-cc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 5a0de1ef..1e2c8d9f 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -314,7 +314,7 @@ static void commonPreOpts(int* j, char** args) { * (and better code coverage estimates) */ if (isGCC) { - args[(*j)++] = "--param max-inline-insns-single=2000"; + args[(*j)++] = "-finline-limit=4000"; } else { args[(*j)++] = "-mllvm"; args[(*j)++] = "-inline-threshold=2000"; -- cgit v1.2.3 From cbfe78c120597951f1a73839b2ac88cffa436e2b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 18 Apr 2020 00:41:38 +0200 Subject: Makefile: switch -param max-inline-insns-single to -finline-limit is more gcc versions support it --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a3eb13f4..d2c2921b 100644 --- a/Makefile +++ b/Makefile @@ -168,7 +168,7 @@ ifeq ($(COMPILER),clang) endif endif ifeq ($(COMPILER),gcc) - ARCH_CFLAGS += --param max-inline-insns-single=2000 + ARCH_CFLAGS += -finline-limit=4000 endif SRCS := $(COMMON_SRCS) $(ARCH_SRCS) -- cgit v1.2.3 From 8890cf9427a698fb84ee30118bc0f3f00881e764 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 19 Apr 2020 02:03:27 +0200 Subject: libhfuzz: use _memcmp as memcmp() by default --- libhfuzz/instrument.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 77f897c3..72afd4d3 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -52,7 +52,20 @@ cmpfeedback_t* globalCmpFeedback = NULL; uint32_t my_thread_no = 0; -int (*libc_memcmp)(const void* s1, const void* s2, size_t n) = memcmp; +static int _memcmp(const void* m1, const void* m2, size_t n) { + const unsigned char* s1 = (const unsigned char*)m1; + const unsigned char* s2 = (const unsigned char*)m2; + + for (size_t i = 0; i < n; i++) { + if (s1[i] != s2[i]) { + return (int)s1[i] - (int)s2[i]; + } + } + + return 0; +} + +int (*libc_memcmp)(const void* s1, const void* s2, size_t n) = _memcmp; static void* getsym(const char* sym) { #if defined(RTLD_NEXT) @@ -70,9 +83,9 @@ static void initializeLibcFunctions(void) { libc_memcmp = (int (*)(const void* s1, const void* s2, size_t n))getsym("memcmp"); if (!libc_memcmp) { LOG_W("dlsym(memcmp) failed: %s", dlerror()); - libc_memcmp = memcmp; + libc_memcmp = _memcmp; } - LOG_D("libc_memcmp at %p", libc_memcmp); + LOG_D("libc_memcmp=%p, (_memcmp=%p, memcmp=%p)", libc_memcmp, _memcmp, memcmp); } static void* initialzeTryMapHugeTLB(int fd, size_t sz) { -- cgit v1.2.3 From 626fb7731c5be6557277e5be5fdc96f7ffc914ec Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 20 Apr 2020 00:07:58 +0200 Subject: move linux.hwCnts to just hwCnts, as these are not linux-specific --- cmdline.c | 18 +++++++++--------- display.c | 14 +++++++------- fuzz.c | 46 ++++++++++++++++++++++------------------------ honggfuzz.c | 2 +- honggfuzz.h | 5 ++--- linux/perf.c | 6 +++--- linux/pt.c | 2 +- 7 files changed, 45 insertions(+), 48 deletions(-) diff --git a/cmdline.c b/cmdline.c index c93d568d..cf04ec31 100644 --- a/cmdline.c +++ b/cmdline.c @@ -394,6 +394,15 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .skipFeedbackOnTimeout = false, .dynFileMethod = _HF_DYNFILE_SOFT, .state = _HF_STATE_UNSET, + .hwCnts = + { + .cpuInstrCnt = 0ULL, + .cpuBranchCnt = 0ULL, + .bbCnt = 0ULL, + .newBBCnt = 0ULL, + .softCntPc = 0ULL, + .softCntCmp = 0ULL, + }, }, .cnts = { @@ -415,15 +424,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .linux = { .exeFd = -1, - .hwCnts = - { - .cpuInstrCnt = 0ULL, - .cpuBranchCnt = 0ULL, - .bbCnt = 0ULL, - .newBBCnt = 0ULL, - .softCntPc = 0ULL, - .softCntCmp = 0ULL, - }, .dynamicCutOffAddr = ~(0ULL), .disableRandomization = true, .ignoreAddr = NULL, diff --git a/display.c b/display.c index dff8cde0..44a11e57 100644 --- a/display.c +++ b/display.c @@ -280,24 +280,24 @@ void display_display(honggfuzz_t* hfuzz) { } if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_INSTR_COUNT) { display_put(" hwi: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, - ATOMIC_GET(hfuzz->linux.hwCnts.cpuInstrCnt)); + ATOMIC_GET(hfuzz->feedback.hwCnts.cpuInstrCnt)); } if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_BRANCH_COUNT) { display_put(" hwb: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, - ATOMIC_GET(hfuzz->linux.hwCnts.cpuBranchCnt)); + ATOMIC_GET(hfuzz->feedback.hwCnts.cpuBranchCnt)); } if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_BTS_EDGE) { display_put(" bts: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, - ATOMIC_GET(hfuzz->linux.hwCnts.bbCnt)); + ATOMIC_GET(hfuzz->feedback.hwCnts.bbCnt)); } if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_IPT_BLOCK) { display_put(" ipt: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, - ATOMIC_GET(hfuzz->linux.hwCnts.bbCnt)); + ATOMIC_GET(hfuzz->feedback.hwCnts.bbCnt)); } if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_SOFT) { - uint64_t softCntPc = ATOMIC_GET(hfuzz->linux.hwCnts.softCntPc); - uint64_t softCntEdge = ATOMIC_GET(hfuzz->linux.hwCnts.softCntEdge); - uint64_t softCntCmp = ATOMIC_GET(hfuzz->linux.hwCnts.softCntCmp); + uint64_t softCntPc = ATOMIC_GET(hfuzz->feedback.hwCnts.softCntPc); + uint64_t softCntEdge = ATOMIC_GET(hfuzz->feedback.hwCnts.softCntEdge); + uint64_t softCntCmp = ATOMIC_GET(hfuzz->feedback.hwCnts.softCntCmp); uint64_t guardNb = ATOMIC_GET(hfuzz->feedback.covFeedbackMap->guardNb); display_put(" edge: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET "/" "%" _HF_NONMON_SEP PRIu64 " [%" PRId64 "%%]", diff --git a/fuzz.c b/fuzz.c index 9d870bab..ee6d852b 100644 --- a/fuzz.c +++ b/fuzz.c @@ -212,37 +212,35 @@ static void fuzz_perfFeedback(run_t* run) { rmb(); - int64_t diff0 = (int64_t)run->global->linux.hwCnts.cpuInstrCnt - run->linux.hwCnts.cpuInstrCnt; - int64_t diff1 = - (int64_t)run->global->linux.hwCnts.cpuBranchCnt - run->linux.hwCnts.cpuBranchCnt; + int64_t diff0 = (int64_t)run->global->feedback.hwCnts.cpuInstrCnt - run->hwCnts.cpuInstrCnt; + int64_t diff1 = (int64_t)run->global->feedback.hwCnts.cpuBranchCnt - run->hwCnts.cpuBranchCnt; /* Any increase in coverage (edge, pc, cmp, hw) counters forces adding input to the corpus */ - if (run->linux.hwCnts.newBBCnt > 0 || softNewPC > 0 || softNewEdge > 0 || softNewCmp > 0 || + if (run->hwCnts.newBBCnt > 0 || softNewPC > 0 || softNewEdge > 0 || softNewCmp > 0 || diff0 < 0 || diff1 < 0) { if (diff0 < 0) { - run->global->linux.hwCnts.cpuInstrCnt = run->linux.hwCnts.cpuInstrCnt; + run->global->feedback.hwCnts.cpuInstrCnt = run->hwCnts.cpuInstrCnt; } if (diff1 < 0) { - run->global->linux.hwCnts.cpuBranchCnt = run->linux.hwCnts.cpuBranchCnt; + run->global->feedback.hwCnts.cpuBranchCnt = run->hwCnts.cpuBranchCnt; } - run->global->linux.hwCnts.bbCnt += run->linux.hwCnts.newBBCnt; - run->global->linux.hwCnts.softCntPc += softNewPC; - run->global->linux.hwCnts.softCntEdge += softNewEdge; - run->global->linux.hwCnts.softCntCmp += softNewCmp; + run->global->feedback.hwCnts.bbCnt += run->hwCnts.newBBCnt; + run->global->feedback.hwCnts.softCntPc += softNewPC; + run->global->feedback.hwCnts.softCntEdge += softNewEdge; + run->global->feedback.hwCnts.softCntCmp += softNewCmp; LOG_I("Sz:%zu Tm:%" _HF_NONMON_SEP PRIu64 "us (i/b/h/e/p/c) New:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 ", Cur:%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64 "/%" PRIu64, run->dynfile->size, util_timeNowUSecs() - run->timeStartedUSecs, - run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, - run->linux.hwCnts.newBBCnt, softNewEdge, softNewPC, softNewCmp, - run->linux.hwCnts.cpuInstrCnt, run->linux.hwCnts.cpuBranchCnt, run->linux.hwCnts.bbCnt, - softCurEdge, softCurPC, softCurCmp); + run->hwCnts.cpuInstrCnt, run->hwCnts.cpuBranchCnt, run->hwCnts.newBBCnt, softNewEdge, + softNewPC, softNewCmp, run->hwCnts.cpuInstrCnt, run->hwCnts.cpuBranchCnt, + run->hwCnts.bbCnt, softCurEdge, softCurPC, softCurCmp); /* Update per-input coverage metrics */ - run->dynfile->cov[0] = softCurEdge + softCurPC + run->linux.hwCnts.bbCnt; + run->dynfile->cov[0] = softCurEdge + softCurPC + run->hwCnts.bbCnt; run->dynfile->cov[1] = softCurCmp; - run->dynfile->cov[2] = run->linux.hwCnts.cpuInstrCnt + run->linux.hwCnts.cpuBranchCnt; + run->dynfile->cov[2] = run->hwCnts.cpuInstrCnt + run->hwCnts.cpuBranchCnt; run->dynfile->cov[3] = run->dynfile->size ? (64 - util_Log2(run->dynfile->size)) : 64; input_addDynamicInput(run); @@ -401,10 +399,10 @@ static void fuzz_fuzzLoop(run_t* run) { run->mutationsPerRun = run->global->mutate.mutationsPerRun; run->tmOutSignaled = false; - run->linux.hwCnts.cpuInstrCnt = 0; - run->linux.hwCnts.cpuBranchCnt = 0; - run->linux.hwCnts.bbCnt = 0; - run->linux.hwCnts.newBBCnt = 0; + run->hwCnts.cpuInstrCnt = 0; + run->hwCnts.cpuBranchCnt = 0; + run->hwCnts.bbCnt = 0; + run->hwCnts.newBBCnt = 0; if (!fuzz_fetchInput(run)) { if (run->global->cfg.minimize && fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { @@ -438,10 +436,10 @@ static void fuzz_fuzzLoopSocket(run_t* run) { run->mutationsPerRun = run->global->mutate.mutationsPerRun; run->tmOutSignaled = false; - run->linux.hwCnts.cpuInstrCnt = 0; - run->linux.hwCnts.cpuBranchCnt = 0; - run->linux.hwCnts.bbCnt = 0; - run->linux.hwCnts.newBBCnt = 0; + run->hwCnts.cpuInstrCnt = 0; + run->hwCnts.cpuBranchCnt = 0; + run->hwCnts.bbCnt = 0; + run->hwCnts.newBBCnt = 0; LOG_I("------------------------------------------------------"); diff --git a/honggfuzz.c b/honggfuzz.c index 2b294b7c..b3a9fa55 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -194,7 +194,7 @@ static void printSummary(honggfuzz_t* hfuzz) { } uint64_t guardNb = ATOMIC_GET(hfuzz->feedback.covFeedbackMap->guardNb); uint64_t branch_percent_cov = - guardNb ? ((100 * ATOMIC_GET(hfuzz->linux.hwCnts.softCntEdge)) / guardNb) : 0; + guardNb ? ((100 * ATOMIC_GET(hfuzz->feedback.hwCnts.softCntEdge)) / guardNb) : 0; struct rusage usage; if (getrusage(RUSAGE_CHILDREN, &usage)) { PLOG_W("getrusage failed"); diff --git a/honggfuzz.h b/honggfuzz.h index 456c58a6..4c774677 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -287,6 +287,7 @@ typedef struct { bool skipFeedbackOnTimeout; uint64_t maxCov[4]; dynFileMethod_t dynFileMethod; + hwcnt_t hwCnts; } feedback; struct { size_t mutationsCnt; @@ -304,7 +305,6 @@ typedef struct { /* For the Linux code */ struct { int exeFd; - hwcnt_t hwCnts; uint64_t dynamicCutOffAddr; bool disableRandomization; void* ignoreAddr; @@ -364,12 +364,12 @@ typedef struct { #if !defined(_HF_ARCH_DARWIN) timer_t timerId; #endif // !defined(_HF_ARCH_DARWIN) + hwcnt_t hwCnts; struct { /* For Linux code */ uint8_t* perfMmapBuf; uint8_t* perfMmapAux; - hwcnt_t hwCnts; int cpuInstrFd; int cpuBranchFd; int cpuIptBtsFd; @@ -379,7 +379,6 @@ typedef struct { /* For NetBSD code */ uint8_t* perfMmapBuf; uint8_t* perfMmapAux; - hwcnt_t hwCnts; int cpuInstrFd; int cpuBranchFd; int cpuIptBtsFd; diff --git a/linux/perf.c b/linux/perf.c index c8eea95b..07a32391 100644 --- a/linux/perf.c +++ b/linux/perf.c @@ -84,7 +84,7 @@ __attribute__((hot)) static inline void arch_perfBtsCount(run_t* run) { register bool prev = ATOMIC_BITMAP_SET(run->global->feedback.covFeedbackMap->bbMapPc, pos); if (!prev) { - run->linux.hwCnts.newBBCnt++; + run->hwCnts.newBBCnt++; } } } @@ -370,8 +370,8 @@ void arch_perfAnalyze(run_t* run) { ioctl(run->linux.cpuIptBtsFd, PERF_EVENT_IOC_RESET, 0); } - run->linux.hwCnts.cpuInstrCnt = instrCount; - run->linux.hwCnts.cpuBranchCnt = branchCount; + run->hwCnts.cpuInstrCnt = instrCount; + run->hwCnts.cpuBranchCnt = branchCount; } bool arch_perfInit(honggfuzz_t* hfuzz HF_ATTR_UNUSED) { diff --git a/linux/pt.c b/linux/pt.c index 1231687f..383b031a 100644 --- a/linux/pt.c +++ b/linux/pt.c @@ -125,7 +125,7 @@ __attribute__((hot)) inline static void perf_ptAnalyzePkt(run_t* run, struct pt_ ip &= _HF_PERF_BITMAP_BITSZ_MASK; register bool prev = ATOMIC_BITMAP_SET(run->global->feedback.covFeedbackMap->bbMapPc, ip); if (!prev) { - run->linux.hwCnts.newBBCnt++; + run->hwCnts.newBBCnt++; } } -- cgit v1.2.3 From d162f1b2cbd6890d95a65cfd794eabafdc1e46a3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 20 Apr 2020 00:29:36 +0200 Subject: input: adjust score based on refs --- input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/input.c b/input.c index dfee12c1..ab9cdad8 100644 --- a/input.c +++ b/input.c @@ -508,7 +508,7 @@ static inline int input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_fa { /* If the input wasn't source of other inputs so far, make it less likely to be tested */ - penalty += HF_CAP((2 - (int)dynfile->refs) * 3, -15, 10); + penalty += HF_CAP((1 - (int)dynfile->refs) * 3, -30, 5); } { -- cgit v1.2.3 From d6217d00865278dbc23829be3b2411698ca79036 Mon Sep 17 00:00:00 2001 From: Paul Grandperrin Date: Wed, 22 Apr 2020 17:50:49 +0200 Subject: Makefile: fix compilation dependency on macOS On a clean tree, when running make, `mac/mach_excServer.c` and `mac/mach_excUser.c` were not yet generated by the `mig` command. They were therefore not included in `ARCH_SRCS` and therefore neither in `SRCS` nor `OBJS` and then were not compiled and not included in the final binary, which made the compilation fail. A previous solution to avoid this problem was to run make twice so that the generated .c files are correctly included in `ARCH_SRCS` at the second run. This patch explicitly adds thoses two files as object file targets when building on macOS and then ajusts compilation targets to make everything build correctly. thanks to @shamatar for reporting the issue: https://github.com/rust-fuzz/honggfuzz-rs/issues/35 --- Makefile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index d2c2921b..ceea1c64 100644 --- a/Makefile +++ b/Makefile @@ -74,7 +74,7 @@ ifeq ($(OS)$(findstring Microsoft,$(KERNEL)),Linux) # matches Linux but excludes else ifeq ($(OS),Darwin) ARCH := DARWIN - ARCH_SRCS := $(sort $(wildcard mac/*.c)) + ARCH_SRCS := $(sort $(wildcard mac/*.c) mac/mach_excServer.c mac/mach_excUser.c) # MacOS-X grep seem to use colors unconditionally GREP_COLOR = --color=never @@ -258,9 +258,11 @@ all: $(BIN) $(HFUZZ_CC_BIN) $(LHFUZZ_ARCH) $(LHFUZZ_SHARED) $(LCOMMON_ARCH) $(LN %.o: %.c $(CC) -c $(CFLAGS) $(CFLAGS_BLOCKS) -o $@ $< -mac/arch.o: mac/arch.c +mac/mach_exc.h mac/mach_excServer.c mac/mach_excServer.h mac/mach_excUser.c &: mig -header mac/mach_exc.h -user mac/mach_excUser.c -sheader mac/mach_excServer.h \ -server mac/mach_excServer.c $(SDK)/usr/include/mach/mach_exc.defs + +mac/arch.o: mac/arch.c mac/mach_exc.h mac/mach_excServer.h $(CC) -c $(CFLAGS) $(CFLAGS_BLOCKS) -o $@ $< %.so: %.c -- cgit v1.2.3 From b19229a948997bcf9203f25a10b9aaaef275df01 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 22 Apr 2020 18:25:07 +0200 Subject: libhfuzz/memory: libxml uses simplified toupper/tolower --- libhfuzz/memorycmp.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index dd330826..658a4952 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -123,7 +123,8 @@ static inline char* HF_strstr(const char* haystack, const char* needle, uintptr_ return NULL; } -static inline char* HF_strcasestr(const char* haystack, const char* needle, uintptr_t addr) { +static inline char* HF_strcasestr( + const char* haystack, const char* needle, int (*cmp_func)(int), uintptr_t addr) { size_t needle_len = __builtin_strlen(needle); if (needle_len == 0) { return (char*)haystack; @@ -132,8 +133,8 @@ static inline char* HF_strcasestr(const char* haystack, const char* needle, uint instrumentAddConstStr(needle); for (size_t i = 0; haystack[i]; i++) { - if (HF_strncasecmp(&haystack[i], needle, needle_len, tolower, /* constfb= */ false, addr) == - 0) { + if (HF_strncasecmp( + &haystack[i], needle, needle_len, cmp_func, /* constfb= */ false, addr) == 0) { return (char*)(&haystack[i]); } } @@ -253,11 +254,11 @@ void __sanitizer_weak_hook_strstr( HF_strstr(haystack, needle, pc); } HF_WEAK_WRAP(char*, strcasestr, const char* haystack, const char* needle) { - return HF_strcasestr(haystack, needle, (uintptr_t)__builtin_return_address(0)); + return HF_strcasestr(haystack, needle, tolower, (uintptr_t)__builtin_return_address(0)); } void __sanitizer_weak_hook_strcasestr( uintptr_t pc, const char* haystack, const char* needle, char* result HF_ATTR_UNUSED) { - HF_strcasestr(haystack, needle, pc); + HF_strcasestr(haystack, needle, tolower, pc); } HF_WEAK_WRAP(int, memcmp, const void* m1, const void* m2, size_t n) { return HF_memcmp(m1, m2, n, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); @@ -303,7 +304,7 @@ HF_WEAK_WRAP(int, ap_cstr_casecmpn, const char* s1, const char* s2, size_t n) { } HF_WEAK_WRAP(const char*, ap_strcasestr, const char* s1, const char* s2) { - return HF_strcasestr(s1, s2, (uintptr_t)__builtin_return_address(0)); + return HF_strcasestr(s1, s2, tolower, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, apr_cstr_casecmp, const char* s1, const char* s2) { @@ -342,6 +343,13 @@ HF_WEAK_WRAP(int32_t, memcmpct, const void* s1, const void* s2, size_t len) { /* * libXML wrappers */ +static int xml_to_upper(int c) { + if (c >= 'a' && c <= 'z') { + return c - 'a' + 'A'; + } + return c; +} + HF_WEAK_WRAP(int, xmlStrncmp, const char* s1, const char* s2, int len) { if (len <= 0) { return 0; @@ -398,7 +406,7 @@ HF_WEAK_WRAP(int, xmlStrcasecmp, const char* s1, const char* s2) { if (s2 == NULL) { return 1; } - return HF_strcasecmp(s1, s2, tolower, (uintptr_t)__builtin_return_address(0)); + return HF_strcasecmp(s1, s2, xml_to_upper, (uintptr_t)__builtin_return_address(0)); } HF_WEAK_WRAP(int, xmlStrncasecmp, const char* s1, const char* s2, int len) { @@ -414,7 +422,7 @@ HF_WEAK_WRAP(int, xmlStrncasecmp, const char* s1, const char* s2, int len) { if (s2 == NULL) { return 1; } - return HF_strncasecmp(s1, s2, (size_t)len, tolower, instrumentConstAvail(), + return HF_strncasecmp(s1, s2, (size_t)len, xml_to_upper, instrumentConstAvail(), (uintptr_t)__builtin_return_address(0)); } @@ -435,7 +443,7 @@ HF_WEAK_WRAP(const char*, xmlStrcasestr, const char* haystack, const char* needl if (needle == NULL) { return NULL; } - return HF_strcasestr(haystack, needle, (uintptr_t)__builtin_return_address(0)); + return HF_strcasestr(haystack, needle, xml_to_upper, (uintptr_t)__builtin_return_address(0)); } /* -- cgit v1.2.3 From 773c933853625912f3566f364d02ba72e963c7d1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 23 Apr 2020 23:22:28 +0200 Subject: all: rename linux/netbsd to arch_linux/arch_netbsd as -std=gnu11 complains about linux as an identifier --- cmdline.c | 36 ++++++++--------- honggfuzz.c | 18 ++++----- honggfuzz.h | 8 ++-- linux/arch.c | 31 +++++++------- linux/perf.c | 125 +++++++++++++++++++++++++++++---------------------------- linux/pt.c | 8 ++-- linux/trace.c | 13 +++--- netbsd/arch.c | 10 ++--- netbsd/trace.c | 10 ++--- report.c | 4 +- 10 files changed, 133 insertions(+), 130 deletions(-) diff --git a/cmdline.c b/cmdline.c index cf04ec31..dcd2c1ff 100644 --- a/cmdline.c +++ b/cmdline.c @@ -229,9 +229,9 @@ static bool cmdlineVerify(honggfuzz_t* hfuzz) { LOG_E("Couldn't test binary for signatures"); return false; } - if (hfuzz->exe.netDriver && hfuzz->linux.useNetNs == HF_MAYBE) { + if (hfuzz->exe.netDriver && hfuzz->arch_linux.useNetNs == HF_MAYBE) { LOG_I("The binary uses netdriver, disabling network namespacing"); - hfuzz->linux.useNetNs = HF_NO; + hfuzz->arch_linux.useNetNs = HF_NO; } if (!hfuzz->exe.fuzzStdin && !hfuzz->exe.persistent && @@ -421,7 +421,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { }, /* Linux code */ - .linux = + .arch_linux = { .exeFd = -1, .dynamicCutOffAddr = ~(0ULL), @@ -439,7 +439,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .useClone = true, }, /* NetBSD code */ - .netbsd = + .arch_netbsd = { .ignoreAddr = NULL, .symsBlFile = NULL, @@ -710,19 +710,19 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { break; #if defined(_HF_ARCH_LINUX) case 0x500: - hfuzz->linux.ignoreAddr = (void*)strtoul(optarg, NULL, 0); + hfuzz->arch_linux.ignoreAddr = (void*)strtoul(optarg, NULL, 0); break; case 0x501: - hfuzz->linux.disableRandomization = false; + hfuzz->arch_linux.disableRandomization = false; break; case 0x503: - hfuzz->linux.dynamicCutOffAddr = strtoull(optarg, NULL, 0); + hfuzz->arch_linux.dynamicCutOffAddr = strtoull(optarg, NULL, 0); break; case 0x504: - hfuzz->linux.symsBlFile = optarg; + hfuzz->arch_linux.symsBlFile = optarg; break; case 0x505: - hfuzz->linux.symsWlFile = optarg; + hfuzz->arch_linux.symsWlFile = optarg; break; case 0x510: hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_INSTR_COUNT; @@ -737,30 +737,30 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { hfuzz->feedback.dynFileMethod |= _HF_DYNFILE_IPT_BLOCK; break; case 0x515: - hfuzz->linux.kernelOnly = true; + hfuzz->arch_linux.kernelOnly = true; break; case 0x530: - hfuzz->linux.useNetNs = cmdlineParseTriState(opts[opt_index].name, optarg); - if (hfuzz->linux.useNetNs == HF_YES) { - hfuzz->linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWNET); + hfuzz->arch_linux.useNetNs = cmdlineParseTriState(opts[opt_index].name, optarg); + if (hfuzz->arch_linux.useNetNs == HF_YES) { + hfuzz->arch_linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWNET); } break; case 0x531: - hfuzz->linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWPID); + hfuzz->arch_linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWPID); break; case 0x532: - hfuzz->linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWIPC); + hfuzz->arch_linux.cloneFlags |= (CLONE_NEWUSER | CLONE_NEWIPC); break; #endif /* defined(_HF_ARCH_LINUX) */ #if defined(_HF_ARCH_NETBSD) case 0x500: - hfuzz->netbsd.ignoreAddr = (void*)strtoul(optarg, NULL, 0); + hfuzz->arch_netbsd.ignoreAddr = (void*)strtoul(optarg, NULL, 0); break; case 0x504: - hfuzz->netbsd.symsBlFile = optarg; + hfuzz->arch_netbsd.symsBlFile = optarg; break; case 0x505: - hfuzz->netbsd.symsWlFile = optarg; + hfuzz->arch_netbsd.symsWlFile = optarg; break; #endif /* defined(_HF_ARCH_NETBSD) */ default: diff --git a/honggfuzz.c b/honggfuzz.c index b3a9fa55..71c712fd 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -371,7 +371,7 @@ int main(int argc, char** argv) { if (hfuzz.feedback.blacklistFile && (input_parseBlacklist(&hfuzz) == false)) { LOG_F("Couldn't parse stackhash blacklist file ('%s')", hfuzz.feedback.blacklistFile); } -#define hfuzzl hfuzz.linux +#define hfuzzl hfuzz.arch_linux if (hfuzzl.symsBlFile && ((hfuzzl.symsBlCnt = files_parseSymbolFilter(hfuzzl.symsBlFile, &hfuzzl.symsBl)) == 0)) { LOG_F("Couldn't parse symbols blacklist file ('%s')", hfuzzl.symsBlFile); @@ -413,18 +413,18 @@ int main(int argc, char** argv) { free(hfuzz.feedback.blacklist); } #if defined(_HF_ARCH_LINUX) - if (hfuzz.linux.symsBl) { - free(hfuzz.linux.symsBl); + if (hfuzz.arch_linux.symsBl) { + free(hfuzz.arch_linux.symsBl); } - if (hfuzz.linux.symsWl) { - free(hfuzz.linux.symsWl); + if (hfuzz.arch_linux.symsWl) { + free(hfuzz.arch_linux.symsWl); } #elif defined(_HF_ARCH_NETBSD) - if (hfuzz.netbsd.symsBl) { - free(hfuzz.netbsd.symsBl); + if (hfuzz.arch_netbsd.symsBl) { + free(hfuzz.arch_netbsd.symsBl); } - if (hfuzz.netbsd.symsWl) { - free(hfuzz.netbsd.symsWl); + if (hfuzz.arch_netbsd.symsWl) { + free(hfuzz.arch_netbsd.symsWl); } #endif if (hfuzz.socketFuzzer.enabled) { diff --git a/honggfuzz.h b/honggfuzz.h index 4c774677..b7a2c190 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -318,7 +318,7 @@ typedef struct { tristate_t useNetNs; bool kernelOnly; bool useClone; - } linux; + } arch_linux; /* For the NetBSD code */ struct { void* ignoreAddr; @@ -328,7 +328,7 @@ typedef struct { const char* symsWlFile; char** symsWl; size_t symsWlCnt; - } netbsd; + } arch_netbsd; } honggfuzz_t; typedef enum { @@ -373,7 +373,7 @@ typedef struct { int cpuInstrFd; int cpuBranchFd; int cpuIptBtsFd; - } linux; + } arch_linux; struct { /* For NetBSD code */ @@ -382,7 +382,7 @@ typedef struct { int cpuInstrFd; int cpuBranchFd; int cpuIptBtsFd; - } netbsd; + } arch_netbsd; } run_t; /* diff --git a/linux/arch.c b/linux/arch.c index 835443c0..605cdc82 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -83,7 +83,7 @@ static pid_t arch_clone(uintptr_t flags) { } pid_t arch_fork(run_t* run) { - pid_t pid = run->global->linux.useClone ? arch_clone(CLONE_UNTRACED | SIGCHLD) : fork(); + pid_t pid = run->global->arch_linux.useClone ? arch_clone(CLONE_UNTRACED | SIGCHLD) : fork(); if (pid == -1) { return pid; } @@ -98,12 +98,12 @@ pid_t arch_fork(run_t* run) { } bool arch_launchChild(run_t* run) { - if ((run->global->linux.cloneFlags & CLONE_NEWNET) && !nsIfaceUp("lo")) { + if ((run->global->arch_linux.cloneFlags & CLONE_NEWNET) && !nsIfaceUp("lo")) { LOG_W("Cannot bring interface 'lo' up"); } /* Try to enable network namespacing if requested */ - if (run->global->linux.useNetNs == HF_MAYBE) { + if (run->global->arch_linux.useNetNs == HF_MAYBE) { if (unshare(CLONE_NEWUSER | CLONE_NEWNET) == -1) { PLOG_D("unshare((CLONE_NEWUSER|CLONE_NEWNS) failed"); } else if (!nsIfaceUp("lo")) { @@ -139,7 +139,7 @@ bool arch_launchChild(run_t* run) { * This might fail in Docker, as Docker blocks __NR_personality. Consequently * it's just a debug warning */ - if (run->global->linux.disableRandomization && + if (run->global->arch_linux.disableRandomization && syscall(__NR_personality, ADDR_NO_RANDOMIZE) == -1) { PLOG_D("personality(ADDR_NO_RANDOMIZE) failed"); } @@ -152,13 +152,14 @@ bool arch_launchChild(run_t* run) { LOG_F("Couldn't stop itself"); } #if defined(__NR_execveat) - syscall(__NR_execveat, run->global->linux.exeFd, "", run->args, environ, AT_EMPTY_PATH); + syscall(__NR_execveat, run->global->arch_linux.exeFd, "", run->args, environ, AT_EMPTY_PATH); #endif /* defined__NR_execveat) */ execve(run->args[0], (char* const*)run->args, environ); int errno_cpy = errno; alarm(1); - LOG_E("execve('%s', fd=%d): %s", run->args[0], run->global->linux.exeFd, strerror(errno_cpy)); + LOG_E("execve('%s', fd=%d): %s", run->args[0], run->global->arch_linux.exeFd, + strerror(errno_cpy)); return false; } @@ -279,7 +280,7 @@ bool arch_archInit(honggfuzz_t* hfuzz) { PLOG_E("File '%s' doesn't seem to be executable", hfuzz->exe.cmdline[0]); return false; } - if ((hfuzz->linux.exeFd = + if ((hfuzz->arch_linux.exeFd = TEMP_FAILURE_RETRY(open(hfuzz->exe.cmdline[0], O_RDONLY | O_CLOEXEC))) == -1) { PLOG_E("Cannot open the executable binary: %s)", hfuzz->exe.cmdline[0]); return false; @@ -306,7 +307,7 @@ bool arch_archInit(honggfuzz_t* hfuzz) { break; } LOG_D("Glibc version:'%s', OK", gversion); - hfuzz->linux.useClone = false; + hfuzz->arch_linux.useClone = false; break; } @@ -374,8 +375,8 @@ bool arch_archInit(honggfuzz_t* hfuzz) { /* Updates the important signal array based on input args */ arch_traceSignalsInit(hfuzz); - if (hfuzz->linux.cloneFlags && unshare(hfuzz->linux.cloneFlags) == -1) { - LOG_E("unshare(%tx)", hfuzz->linux.cloneFlags); + if (hfuzz->arch_linux.cloneFlags && unshare(hfuzz->arch_linux.cloneFlags) == -1) { + LOG_E("unshare(%tx)", hfuzz->arch_linux.cloneFlags); return false; } @@ -383,11 +384,11 @@ bool arch_archInit(honggfuzz_t* hfuzz) { } bool arch_archThreadInit(run_t* run) { - run->linux.perfMmapBuf = NULL; - run->linux.perfMmapAux = NULL; - run->linux.cpuInstrFd = -1; - run->linux.cpuBranchFd = -1; - run->linux.cpuIptBtsFd = -1; + run->arch_linux.perfMmapBuf = NULL; + run->arch_linux.perfMmapAux = NULL; + run->arch_linux.cpuInstrFd = -1; + run->arch_linux.cpuBranchFd = -1; + run->arch_linux.cpuIptBtsFd = -1; if (prctl(PR_SET_CHILD_SUBREAPER, 1UL, 0UL, 0UL, 0UL) == -1) { PLOG_W("prctl(PR_SET_CHILD_SUBREAPER, 1)"); diff --git a/linux/perf.c b/linux/perf.c index 07a32391..b942ccb6 100644 --- a/linux/perf.c +++ b/linux/perf.c @@ -54,7 +54,7 @@ static int32_t perfIntelBtsPerfType = -1; #if defined(PERF_ATTR_SIZE_VER5) __attribute__((hot)) static inline void arch_perfBtsCount(run_t* run) { - struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)run->linux.perfMmapBuf; + struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)run->arch_linux.perfMmapBuf; struct bts_branch { uint64_t from; uint64_t to; @@ -62,20 +62,20 @@ __attribute__((hot)) static inline void arch_perfBtsCount(run_t* run) { }; uint64_t aux_head = ATOMIC_GET(pem->aux_head); - struct bts_branch* br = (struct bts_branch*)run->linux.perfMmapAux; - for (; br < ((struct bts_branch*)(run->linux.perfMmapAux + aux_head)); br++) { + struct bts_branch* br = (struct bts_branch*)run->arch_linux.perfMmapAux; + for (; br < ((struct bts_branch*)(run->arch_linux.perfMmapAux + aux_head)); br++) { /* * Kernel sometimes reports branches from the kernel (iret), we are not interested in that * as it makes the whole concept of unique branch counting less predictable */ - if (run->global->linux.kernelOnly == false && + if (run->global->arch_linux.kernelOnly == false && (__builtin_expect(br->from > 0xFFFFFFFF00000000, false) || __builtin_expect(br->to > 0xFFFFFFFF00000000, false))) { LOG_D("Adding branch %#018" PRIx64 " - %#018" PRIx64, br->from, br->to); continue; } - if (br->from >= run->global->linux.dynamicCutOffAddr || - br->to >= run->global->linux.dynamicCutOffAddr) { + if (br->from >= run->global->arch_linux.dynamicCutOffAddr || + br->to >= run->global->arch_linux.dynamicCutOffAddr) { continue; } @@ -92,7 +92,7 @@ __attribute__((hot)) static inline void arch_perfBtsCount(run_t* run) { static inline void arch_perfMmapParse(run_t* run HF_ATTR_UNUSED) { #if defined(PERF_ATTR_SIZE_VER5) - struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)run->linux.perfMmapBuf; + struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)run->arch_linux.perfMmapBuf; if (pem->aux_head == pem->aux_tail) { return; } @@ -131,7 +131,7 @@ static bool arch_perfCreate(run_t* run, pid_t pid, dynFileMethod_t method, int* struct perf_event_attr pe; memset(&pe, 0, sizeof(struct perf_event_attr)); pe.size = sizeof(struct perf_event_attr); - if (run->global->linux.kernelOnly) { + if (run->global->arch_linux.kernelOnly) { pe.exclude_user = 1; } else { pe.exclude_kernel = 1; @@ -182,9 +182,9 @@ static bool arch_perfCreate(run_t* run, pid_t pid, dynFileMethod_t method, int* return true; } #if defined(PERF_ATTR_SIZE_VER5) - if ((run->linux.perfMmapBuf = mmap(NULL, _HF_PERF_MAP_SZ + getpagesize(), + if ((run->arch_linux.perfMmapBuf = mmap(NULL, _HF_PERF_MAP_SZ + getpagesize(), PROT_READ | PROT_WRITE, MAP_SHARED, *perfFd, 0)) == MAP_FAILED) { - run->linux.perfMmapBuf = NULL; + run->arch_linux.perfMmapBuf = NULL; PLOG_W("mmap(mmapBuf) failed, sz=%zu, try increasing the kernel.perf_event_mlock_kb sysctl " "(up to even 300000000)", (size_t)_HF_PERF_MAP_SZ + getpagesize()); @@ -193,14 +193,14 @@ static bool arch_perfCreate(run_t* run, pid_t pid, dynFileMethod_t method, int* return false; } - struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)run->linux.perfMmapBuf; + struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)run->arch_linux.perfMmapBuf; pem->aux_offset = pem->data_offset + pem->data_size; pem->aux_size = _HF_PERF_AUX_SZ; - if ((run->linux.perfMmapAux = mmap( + if ((run->arch_linux.perfMmapAux = mmap( NULL, pem->aux_size, PROT_READ, MAP_SHARED, *perfFd, pem->aux_offset)) == MAP_FAILED) { - munmap(run->linux.perfMmapBuf, _HF_PERF_MAP_SZ + getpagesize()); - run->linux.perfMmapBuf = NULL; - run->linux.perfMmapAux = NULL; + munmap(run->arch_linux.perfMmapBuf, _HF_PERF_MAP_SZ + getpagesize()); + run->arch_linux.perfMmapBuf = NULL; + run->arch_linux.perfMmapAux = NULL; PLOG_W( "mmap(mmapAuxBuf) failed, try increasing the kernel.perf_event_mlock_kb sysctl (up to " "even 300000000)"); @@ -221,25 +221,26 @@ bool arch_perfOpen(run_t* run) { } if (run->global->feedback.dynFileMethod & _HF_DYNFILE_INSTR_COUNT) { - if (!arch_perfCreate(run, run->pid, _HF_DYNFILE_INSTR_COUNT, &run->linux.cpuInstrFd)) { + if (!arch_perfCreate(run, run->pid, _HF_DYNFILE_INSTR_COUNT, &run->arch_linux.cpuInstrFd)) { LOG_E("Cannot set up perf for pid=%d (_HF_DYNFILE_INSTR_COUNT)", (int)run->pid); goto out; } } if (run->global->feedback.dynFileMethod & _HF_DYNFILE_BRANCH_COUNT) { - if (!arch_perfCreate(run, run->pid, _HF_DYNFILE_BRANCH_COUNT, &run->linux.cpuBranchFd)) { + if (!arch_perfCreate( + run, run->pid, _HF_DYNFILE_BRANCH_COUNT, &run->arch_linux.cpuBranchFd)) { LOG_E("Cannot set up perf for pid=%d (_HF_DYNFILE_BRANCH_COUNT)", (int)run->pid); goto out; } } if (run->global->feedback.dynFileMethod & _HF_DYNFILE_BTS_EDGE) { - if (!arch_perfCreate(run, run->pid, _HF_DYNFILE_BTS_EDGE, &run->linux.cpuIptBtsFd)) { + if (!arch_perfCreate(run, run->pid, _HF_DYNFILE_BTS_EDGE, &run->arch_linux.cpuIptBtsFd)) { LOG_E("Cannot set up perf for pid=%d (_HF_DYNFILE_BTS_EDGE)", (int)run->pid); goto out; } } if (run->global->feedback.dynFileMethod & _HF_DYNFILE_IPT_BLOCK) { - if (!arch_perfCreate(run, run->pid, _HF_DYNFILE_IPT_BLOCK, &run->linux.cpuIptBtsFd)) { + if (!arch_perfCreate(run, run->pid, _HF_DYNFILE_IPT_BLOCK, &run->arch_linux.cpuIptBtsFd)) { LOG_E("Cannot set up perf for pid=%d (_HF_DYNFILE_IPT_BLOCK)", (int)run->pid); goto out; } @@ -248,12 +249,12 @@ bool arch_perfOpen(run_t* run) { return true; out: - close(run->linux.cpuInstrFd); - run->linux.cpuInstrFd = -1; - close(run->linux.cpuBranchFd); - run->linux.cpuBranchFd = -1; - close(run->linux.cpuIptBtsFd); - run->linux.cpuIptBtsFd = -1; + close(run->arch_linux.cpuInstrFd); + run->arch_linux.cpuInstrFd = -1; + close(run->arch_linux.cpuBranchFd); + run->arch_linux.cpuBranchFd = -1; + close(run->arch_linux.cpuIptBtsFd); + run->arch_linux.cpuIptBtsFd = -1; return false; } @@ -263,30 +264,30 @@ void arch_perfClose(run_t* run) { return; } - if (run->linux.perfMmapAux != NULL) { - munmap(run->linux.perfMmapAux, _HF_PERF_AUX_SZ); - run->linux.perfMmapAux = NULL; + if (run->arch_linux.perfMmapAux != NULL) { + munmap(run->arch_linux.perfMmapAux, _HF_PERF_AUX_SZ); + run->arch_linux.perfMmapAux = NULL; } - if (run->linux.perfMmapBuf != NULL) { - munmap(run->linux.perfMmapBuf, _HF_PERF_MAP_SZ + getpagesize()); - run->linux.perfMmapBuf = NULL; + if (run->arch_linux.perfMmapBuf != NULL) { + munmap(run->arch_linux.perfMmapBuf, _HF_PERF_MAP_SZ + getpagesize()); + run->arch_linux.perfMmapBuf = NULL; } if (run->global->feedback.dynFileMethod & _HF_DYNFILE_INSTR_COUNT) { - close(run->linux.cpuInstrFd); - run->linux.cpuInstrFd = -1; + close(run->arch_linux.cpuInstrFd); + run->arch_linux.cpuInstrFd = -1; } if (run->global->feedback.dynFileMethod & _HF_DYNFILE_BRANCH_COUNT) { - close(run->linux.cpuBranchFd); - run->linux.cpuBranchFd = -1; + close(run->arch_linux.cpuBranchFd); + run->arch_linux.cpuBranchFd = -1; } if (run->global->feedback.dynFileMethod & _HF_DYNFILE_BTS_EDGE) { - close(run->linux.cpuIptBtsFd); - run->linux.cpuIptBtsFd = -1; + close(run->arch_linux.cpuIptBtsFd); + run->arch_linux.cpuIptBtsFd = -1; } if (run->global->feedback.dynFileMethod & _HF_DYNFILE_IPT_BLOCK) { - close(run->linux.cpuIptBtsFd); - run->linux.cpuIptBtsFd = -1; + close(run->arch_linux.cpuIptBtsFd); + run->arch_linux.cpuIptBtsFd = -1; } } @@ -300,16 +301,16 @@ bool arch_perfEnable(run_t* run) { } if (run->global->feedback.dynFileMethod & _HF_DYNFILE_INSTR_COUNT) { - ioctl(run->linux.cpuInstrFd, PERF_EVENT_IOC_ENABLE, 0); + ioctl(run->arch_linux.cpuInstrFd, PERF_EVENT_IOC_ENABLE, 0); } if (run->global->feedback.dynFileMethod & _HF_DYNFILE_BRANCH_COUNT) { - ioctl(run->linux.cpuBranchFd, PERF_EVENT_IOC_ENABLE, 0); + ioctl(run->arch_linux.cpuBranchFd, PERF_EVENT_IOC_ENABLE, 0); } if (run->global->feedback.dynFileMethod & _HF_DYNFILE_BTS_EDGE) { - ioctl(run->linux.cpuIptBtsFd, PERF_EVENT_IOC_ENABLE, 0); + ioctl(run->arch_linux.cpuIptBtsFd, PERF_EVENT_IOC_ENABLE, 0); } if (run->global->feedback.dynFileMethod & _HF_DYNFILE_IPT_BLOCK) { - ioctl(run->linux.cpuIptBtsFd, PERF_EVENT_IOC_ENABLE, 0); + ioctl(run->arch_linux.cpuIptBtsFd, PERF_EVENT_IOC_ENABLE, 0); } return true; @@ -319,7 +320,7 @@ static void arch_perfMmapReset(run_t* run) { /* smp_mb() required as per /usr/include/linux/perf_event.h */ wmb(); - struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)run->linux.perfMmapBuf; + struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)run->arch_linux.perfMmapBuf; ATOMIC_SET(pem->data_head, 0); ATOMIC_SET(pem->data_tail, 0); #if defined(PERF_ATTR_SIZE_VER5) @@ -335,39 +336,39 @@ void arch_perfAnalyze(run_t* run) { uint64_t instrCount = 0; if ((run->global->feedback.dynFileMethod & _HF_DYNFILE_INSTR_COUNT) && - run->linux.cpuInstrFd != -1) { - ioctl(run->linux.cpuInstrFd, PERF_EVENT_IOC_DISABLE, 0); - if (files_readFromFd(run->linux.cpuInstrFd, (uint8_t*)&instrCount, sizeof(instrCount)) != - sizeof(instrCount)) { - PLOG_E("read(perfFd='%d') failed", run->linux.cpuInstrFd); + run->arch_linux.cpuInstrFd != -1) { + ioctl(run->arch_linux.cpuInstrFd, PERF_EVENT_IOC_DISABLE, 0); + if (files_readFromFd(run->arch_linux.cpuInstrFd, (uint8_t*)&instrCount, + sizeof(instrCount)) != sizeof(instrCount)) { + PLOG_E("read(perfFd='%d') failed", run->arch_linux.cpuInstrFd); } - ioctl(run->linux.cpuInstrFd, PERF_EVENT_IOC_RESET, 0); + ioctl(run->arch_linux.cpuInstrFd, PERF_EVENT_IOC_RESET, 0); } uint64_t branchCount = 0; if ((run->global->feedback.dynFileMethod & _HF_DYNFILE_BRANCH_COUNT) && - run->linux.cpuBranchFd != -1) { - ioctl(run->linux.cpuBranchFd, PERF_EVENT_IOC_DISABLE, 0); - if (files_readFromFd(run->linux.cpuBranchFd, (uint8_t*)&branchCount, sizeof(branchCount)) != - sizeof(branchCount)) { - PLOG_E("read(perfFd='%d') failed", run->linux.cpuBranchFd); + run->arch_linux.cpuBranchFd != -1) { + ioctl(run->arch_linux.cpuBranchFd, PERF_EVENT_IOC_DISABLE, 0); + if (files_readFromFd(run->arch_linux.cpuBranchFd, (uint8_t*)&branchCount, + sizeof(branchCount)) != sizeof(branchCount)) { + PLOG_E("read(perfFd='%d') failed", run->arch_linux.cpuBranchFd); } - ioctl(run->linux.cpuBranchFd, PERF_EVENT_IOC_RESET, 0); + ioctl(run->arch_linux.cpuBranchFd, PERF_EVENT_IOC_RESET, 0); } if ((run->global->feedback.dynFileMethod & _HF_DYNFILE_BTS_EDGE) && - run->linux.cpuIptBtsFd != -1) { - ioctl(run->linux.cpuIptBtsFd, PERF_EVENT_IOC_DISABLE, 0); + run->arch_linux.cpuIptBtsFd != -1) { + ioctl(run->arch_linux.cpuIptBtsFd, PERF_EVENT_IOC_DISABLE, 0); arch_perfMmapParse(run); arch_perfMmapReset(run); - ioctl(run->linux.cpuIptBtsFd, PERF_EVENT_IOC_RESET, 0); + ioctl(run->arch_linux.cpuIptBtsFd, PERF_EVENT_IOC_RESET, 0); } if ((run->global->feedback.dynFileMethod & _HF_DYNFILE_IPT_BLOCK) && - run->linux.cpuIptBtsFd != -1) { - ioctl(run->linux.cpuIptBtsFd, PERF_EVENT_IOC_DISABLE, 0); + run->arch_linux.cpuIptBtsFd != -1) { + ioctl(run->arch_linux.cpuIptBtsFd, PERF_EVENT_IOC_DISABLE, 0); arch_perfMmapParse(run); arch_perfMmapReset(run); - ioctl(run->linux.cpuIptBtsFd, PERF_EVENT_IOC_RESET, 0); + ioctl(run->arch_linux.cpuIptBtsFd, PERF_EVENT_IOC_RESET, 0); } run->hwCnts.cpuInstrCnt = instrCount; diff --git a/linux/pt.c b/linux/pt.c index 383b031a..21aa25e0 100644 --- a/linux/pt.c +++ b/linux/pt.c @@ -118,7 +118,7 @@ __attribute__((hot)) inline static void perf_ptAnalyzePkt(run_t* run, struct pt_ return; } - if (ip >= run->global->linux.dynamicCutOffAddr) { + if (ip >= run->global->arch_linux.dynamicCutOffAddr) { return; } @@ -130,7 +130,7 @@ __attribute__((hot)) inline static void perf_ptAnalyzePkt(run_t* run, struct pt_ } void arch_ptAnalyze(run_t* run) { - struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)run->linux.perfMmapBuf; + struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)run->arch_linux.perfMmapBuf; uint64_t aux_tail = ATOMIC_GET(pem->aux_tail); uint64_t aux_head = ATOMIC_GET(pem->aux_head); @@ -140,8 +140,8 @@ void arch_ptAnalyze(run_t* run) { struct pt_config ptc; pt_config_init(&ptc); - ptc.begin = &run->linux.perfMmapAux[aux_tail]; - ptc.end = &run->linux.perfMmapAux[aux_head]; + ptc.begin = &run->arch_linux.perfMmapAux[aux_tail]; + ptc.end = &run->arch_linux.perfMmapAux[aux_head]; ptc.cpu = ptCpu; int errcode = pt_cpu_errata(&ptc.errata, &ptc.cpu); diff --git a/linux/trace.c b/linux/trace.c index 77b4f23d..91bb23fe 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -581,9 +581,10 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { " instr: '%s'", pid, si.si_signo, si.si_errno, si.si_code, si.si_addr, pc, crashAddr, instr); - if (!SI_FROMUSER(&si) && pc && crashAddr < (uint64_t)(uintptr_t)run->global->linux.ignoreAddr) { + if (!SI_FROMUSER(&si) && pc && + crashAddr < (uint64_t)(uintptr_t)run->global->arch_linux.ignoreAddr) { LOG_I("Input is interesting (%s), but the si.si_addr is %p (below %p), skipping", - util_sigName(si.si_signo), si.si_addr, run->global->linux.ignoreAddr); + util_sigName(si.si_signo), si.si_addr, run->global->arch_linux.ignoreAddr); return; } @@ -634,9 +635,9 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { * both stackhash and symbol blacklist. Crash is always kept regardless * of the status of uniqueness flag. */ - if (run->global->linux.symsWl) { + if (run->global->arch_linux.symsWl) { char* wlSymbol = arch_btContainsSymbol( - run->global->linux.symsWlCnt, run->global->linux.symsWl, funcCnt, funcs); + run->global->arch_linux.symsWlCnt, run->global->arch_linux.symsWl, funcCnt, funcs); if (wlSymbol != NULL) { saveUnique = false; LOG_D("Whitelisted symbol '%s' found, skipping blacklist checks", wlSymbol); @@ -657,7 +658,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { * Check if backtrace contains blacklisted symbol */ char* blSymbol = arch_btContainsSymbol( - run->global->linux.symsBlCnt, run->global->linux.symsBl, funcCnt, funcs); + run->global->arch_linux.symsBlCnt, run->global->arch_linux.symsBl, funcCnt, funcs); if (blSymbol != NULL) { LOG_I("Blacklisted symbol '%s' found, skipping", blSymbol); ATOMIC_POST_INC(run->global->cnts.blCrashesCnt); @@ -669,7 +670,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { ATOMIC_POST_ADD(run->global->cfg.dynFileIterExpire, _HF_DYNFILE_SUB_MASK); /* Those addresses will be random, so depend on stack-traces for uniqueness */ - if (!run->global->linux.disableRandomization) { + if (!run->global->arch_linux.disableRandomization) { pc = 0UL; crashAddr = 0UL; } diff --git a/netbsd/arch.c b/netbsd/arch.c index ab528557..7e9f8aac 100644 --- a/netbsd/arch.c +++ b/netbsd/arch.c @@ -196,11 +196,11 @@ bool arch_archInit(honggfuzz_t* hfuzz) { } bool arch_archThreadInit(run_t* run) { - run->netbsd.perfMmapBuf = NULL; - run->netbsd.perfMmapAux = NULL; - run->netbsd.cpuInstrFd = -1; - run->netbsd.cpuBranchFd = -1; - run->netbsd.cpuIptBtsFd = -1; + run->arch_netbsd.perfMmapBuf = NULL; + run->arch_netbsd.perfMmapAux = NULL; + run->arch_netbsd.cpuInstrFd = -1; + run->arch_netbsd.cpuBranchFd = -1; + run->arch_netbsd.cpuIptBtsFd = -1; return true; } diff --git a/netbsd/trace.c b/netbsd/trace.c index dc89d5ba..ef434612 100644 --- a/netbsd/trace.c +++ b/netbsd/trace.c @@ -294,10 +294,10 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { info.psi_siginfo.si_addr, pc, instr); if (!SI_FROMUSER(&info.psi_siginfo) && pc && - info.psi_siginfo.si_addr < run->global->netbsd.ignoreAddr) { + info.psi_siginfo.si_addr < run->global->arch_netbsd.ignoreAddr) { LOG_I("Input is interesting (%s), but the si.si_addr is %p (below %p), skipping", util_sigName(info.psi_siginfo.si_signo), info.psi_siginfo.si_addr, - run->global->netbsd.ignoreAddr); + run->global->arch_netbsd.ignoreAddr); return; } @@ -369,9 +369,9 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { * both stackhash and symbol blacklist. Crash is always kept regardless * of the status of uniqueness flag. */ - if (run->global->netbsd.symsWl) { + if (run->global->arch_netbsd.symsWl) { char* wlSymbol = arch_btContainsSymbol( - run->global->netbsd.symsWlCnt, run->global->netbsd.symsWl, funcCnt, funcs); + run->global->arch_netbsd.symsWlCnt, run->global->arch_netbsd.symsWl, funcCnt, funcs); if (wlSymbol != NULL) { saveUnique = false; LOG_D("Whitelisted symbol '%s' found, skipping blacklist checks", wlSymbol); @@ -392,7 +392,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { * Check if backtrace contains blacklisted symbol */ char* blSymbol = arch_btContainsSymbol( - run->global->netbsd.symsBlCnt, run->global->netbsd.symsBl, funcCnt, funcs); + run->global->arch_netbsd.symsBlCnt, run->global->arch_netbsd.symsBl, funcCnt, funcs); if (blSymbol != NULL) { LOG_I("Blacklisted symbol '%s' found, skipping", blSymbol); ATOMIC_POST_INC(run->global->cnts.blCrashesCnt); diff --git a/report.c b/report.c index 6754b199..b0cd38ba 100644 --- a/report.c +++ b/report.c @@ -111,9 +111,9 @@ void report_saveReport(run_t* run) { run->global->exe.externalCommand == NULL ? "NULL" : run->global->exe.externalCommand, run->global->exe.fuzzStdin ? "TRUE" : "FALSE", run->global->timing.tmOut, #if defined(_HF_ARCH_LINUX) - run->global->linux.ignoreAddr, + run->global->arch_linux.ignoreAddr, #elif defined(_HF_ARCH_NETBSD) - run->global->netbsd.ignoreAddr, + run->global->arch_netbsd.ignoreAddr, #endif run->global->exe.asLimit, run->global->exe.rssLimit, run->global->exe.dataLimit, run->global->mutate.dictionaryFile == NULL ? "NULL" : run->global->mutate.dictionaryFile); -- cgit v1.2.3 From d4e93e933dd02c4638024eb77ea21839e187456b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 23 Apr 2020 23:45:05 +0200 Subject: Version 2.2 --- CHANGELOG | 18 ++++++++++++++++++ README.md | 2 +- honggfuzz.h | 2 +- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 2ae4ed19..b40d7bca 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,21 @@ +2020-04-24 - Version 2.2 + - Added 8bitcnt instrumentation - use hfuzz-cc/hfuzz-8bitcnt-(gcc|clang) for that + - PC-guard instrumentation now uses edge counting + - --experimental_const_feedback is now set to true by default + - additional string instrumentation wrappers: glib, lcms + - additional mutators: splicing, changing ascii numbers + - additional integer comparison instrumentation (adding integers to the dynamic dictionary) + - fixed linking with ld.lld + - removed `sanitizer-coverage-prune-blocks` from hfuzz-cc.c + - most mutators have now either overwrite or insert versions + - fixed memory barriers in libhfuzz/ + - implemented skip_factor which dictates how often a given input is fuzzed + - lowered the default timeout to 1 second + - honggfuzz now uses microseconds, instead of milliseconds across the code + - added some new functions to libhfcommon/files + - enabled more aggressive inlining in hfuzz-cc/ + - fixed compilation dependency under MacOS X + 2020-03-03 - Version 2.1 - string/int comparison enabled for targets built with *SAN, but w/o hfuzz-cc - Parallel work made faster by using faster ATOMIC constructs (check first, then update) diff --git a/README.md b/README.md index bd53669d..5f742bac 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte # Code - * Latest stable version: [2.1](https://github.com/google/honggfuzz/releases) + * Latest stable version: [2.2](https://github.com/google/honggfuzz/releases) * [Changelog](https://github.com/google/honggfuzz/blob/master/CHANGELOG) # Features diff --git a/honggfuzz.h b/honggfuzz.h index b7a2c190..13a6f4c3 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -38,7 +38,7 @@ #include "libhfcommon/util.h" #define PROG_NAME "honggfuzz" -#define PROG_VERSION "2.1" +#define PROG_VERSION "2.2" /* Name of the template which will be replaced with the proper name of the file */ #define _HF_FILE_PLACEHOLDER "___FILE___" -- cgit v1.2.3 From 6ec69268c46f67bd7ec06c3156ec28b9a958cf70 Mon Sep 17 00:00:00 2001 From: Kshithij Iyer Date: Fri, 24 Apr 2020 11:40:45 +0530 Subject: Adding title and converting CONTRIBUTING to CONTRIBUTING.md --- CONTRIBUTING | 24 ------------------------ CONTRIBUTING.md | 26 ++++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 24 deletions(-) delete mode 100644 CONTRIBUTING create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING b/CONTRIBUTING deleted file mode 100644 index 1ba85392..00000000 --- a/CONTRIBUTING +++ /dev/null @@ -1,24 +0,0 @@ -Want to contribute? Great! First, read this page (including the small print at the end). - -### Before you contribute -Before we can use your code, you must sign the -[Google Individual Contributor License Agreement](https://developers.google.com/open-source/cla/individual?csw=1) -(CLA), which you can do online. The CLA is necessary mainly because you own the -copyright to your changes, even after your contribution becomes part of our -codebase, so we need your permission to use and distribute your code. We also -need to be sure of various other things—for instance that you'll tell us if you -know that your code infringes on other people's patents. You don't have to sign -the CLA until after you've submitted your code for review and a member has -approved it, but you must do it before we can put your code into our codebase. -Before you start working on a larger contribution, you should get in touch with -us first through the issue tracker with your idea so that we can help out and -possibly guide you. Coordinating up front makes it much easier to avoid -frustration later on. - -### Code reviews -All submissions, including submissions by project members, require review. We -use Github pull requests for this purpose. - -### The small print -Contributions made by corporations are covered by a different agreement than -the one above, the Software Grant and Corporate Contributor License Agreement. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..ef02bca5 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,26 @@ +# How to contribute + +Want to contribute? Great! First, read this page (including the small print at the end). + +### Before you contribute +Before we can use your code, you must sign the +[Google Individual Contributor License Agreement](https://developers.google.com/open-source/cla/individual?csw=1) +(CLA), which you can do online. The CLA is necessary mainly because you own the +copyright to your changes, even after your contribution becomes part of our +codebase, so we need your permission to use and distribute your code. We also +need to be sure of various other things—for instance that you'll tell us if you +know that your code infringes on other people's patents. You don't have to sign +the CLA until after you've submitted your code for review and a member has +approved it, but you must do it before we can put your code into our codebase. +Before you start working on a larger contribution, you should get in touch with +us first through the issue tracker with your idea so that we can help out and +possibly guide you. Coordinating up front makes it much easier to avoid +frustration later on. + +### Code reviews +All submissions, including submissions by project members, require review. We +use Github pull requests for this purpose. + +### The small print +Contributions made by corporations are covered by a different agreement than +the one above, the Software Grant and Corporate Contributor License Agreement. -- cgit v1.2.3 From 2b0de34f44a554fa484291105fe3f3f5379e7247 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 24 Apr 2020 09:48:53 +0200 Subject: libhfnetdriver: use a simpler method to convert sockaddr_un to string --- libhfnetdriver/netdriver.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index a0e7d7b5..80f127c6 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -362,9 +362,8 @@ static bool netDriver_checkIfServerReady(int argc, char **argv) { } LOG_I("Honggfuzz Net Driver (pid=%d): Waiting for the TCP server process to start " - "accepting connections at TCP4/TCP6 port: %hu or at the socket path: '%*s'", - (int)getpid(), tcp_port, - (int)strnlen(sun.sun_path, slen - offsetof(struct sockaddr_un, sun_path)), sun.sun_path); + "accepting connections at TCP4/TCP6 port: %hu or at the socket path: '%s'", + (int)getpid(), tcp_port, files_sockAddrToStr((const struct sockaddr *)&sun, slen)); return false; } -- cgit v1.2.3 From e13b2fc9af214c73b6603b04c9f79e3663577641 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 25 Apr 2020 14:44:30 +0200 Subject: netbsd: netbsd-specific run_t is not needed --- honggfuzz.h | 9 --------- netbsd/arch.c | 6 ------ 2 files changed, 15 deletions(-) diff --git a/honggfuzz.h b/honggfuzz.h index 13a6f4c3..aaa18ece 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -374,15 +374,6 @@ typedef struct { int cpuBranchFd; int cpuIptBtsFd; } arch_linux; - - struct { - /* For NetBSD code */ - uint8_t* perfMmapBuf; - uint8_t* perfMmapAux; - int cpuInstrFd; - int cpuBranchFd; - int cpuIptBtsFd; - } arch_netbsd; } run_t; /* diff --git a/netbsd/arch.c b/netbsd/arch.c index 7e9f8aac..60b15177 100644 --- a/netbsd/arch.c +++ b/netbsd/arch.c @@ -196,11 +196,5 @@ bool arch_archInit(honggfuzz_t* hfuzz) { } bool arch_archThreadInit(run_t* run) { - run->arch_netbsd.perfMmapBuf = NULL; - run->arch_netbsd.perfMmapAux = NULL; - run->arch_netbsd.cpuInstrFd = -1; - run->arch_netbsd.cpuBranchFd = -1; - run->arch_netbsd.cpuIptBtsFd = -1; - return true; } -- cgit v1.2.3 From 0e2669995f80406ecd38bad627062616c4d0c3fe Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 26 Apr 2020 02:31:50 +0200 Subject: docs/usage: fix the markdown --- docs/USAGE.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/USAGE.md b/docs/USAGE.md index 1c14ba83..d925d261 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -255,8 +255,8 @@ Examples: * **SIGSEGV**,**SIGILL**,**SIGBUS**,**SIGABRT**,**SIGFPE** - Description of the signal which terminated the process (when using ptrace() API, it's a signal which was delivered to the process, even if silently discarded) * **PC.0x8056ad7** - Program Counter (PC) value (ptrace() API only), for x86 it's a value of the EIP register (RIP for x86-64) * **STACK.13599d485** - Stack signature (based on stack-tracing) - * **ADDR.0x30333037** - Value of the _siginfo`_`t.si`_`addr_ (see _man 2 signaction_ for more details) (most likely meaningless for SIGABRT) - * **INSTR.mov____0x10(%rbx),%rax`** - Disassembled instruction which was found under the last known PC (Program Counter) (x86, x86-64 architectures only, meaningless for SIGABRT) + * **ADDR.0x30333037** - Value of the ```_siginfo_t.si_addr_``` (see _man 2 signaction_ for more details) (most likely meaningless for SIGABRT) + * **INSTR.mov____0x10(%rbx),%rax** - Disassembled instruction which was found under the last known PC (Program Counter) (x86, x86-64 architectures only, meaningless for SIGABRT) # FAQ # @@ -267,7 +267,7 @@ Examples: * A: The ptrace() API is more flexible when it comes to analyzing a process' crash. wait3/4() syscalls are only able to determine the type of signal which crashed an application and limited resource usage information (see _man wait4_). * Q: **Why isn't there any support for the ptrace() API when compiling under FreeBSD or Mac OS X operating systems**? - * A: These operating systems lack some specific ptrace() operations, including **PT`_`GETREGS** (Mac OS X) and **PT`_`GETSIGINFO**, both of which honggfuzz depends on. If you have any ideas on how to get around this limitation, send us an email or patch. + * A: These operating systems lack some specific ptrace() operations, including ```PT_GETREGS``` (Mac OS X) and ```PT_GETSIGINFO```, both of which honggfuzz depends on. If you have any ideas on how to get around this limitation, send us an email or patch. # LICENSE # -- cgit v1.2.3 From e70cb4915f7424525bfc00d9600ada333307fad1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 26 Apr 2020 09:31:09 +0200 Subject: move mutexes into a separate substruct --- cmdline.c | 9 ++++++--- fuzz.c | 5 ++--- honggfuzz.h | 12 +++++++++--- input.c | 11 +++++------ report.c | 2 +- subproc.c | 3 +-- 6 files changed, 24 insertions(+), 18 deletions(-) diff --git a/cmdline.c b/cmdline.c index dcd2c1ff..95a2422a 100644 --- a/cmdline.c +++ b/cmdline.c @@ -316,7 +316,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .saveUnique = true, .dynfileqMaxSz = 0U, .dynfileqCnt = 0U, - .dynfileq_mutex = PTHREAD_RWLOCK_INITIALIZER, .dynfileqCurrent = NULL, .dynfileq2Current = NULL, .exportFeedback = false, @@ -368,7 +367,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { .useVerifier = false, .exitUponCrash = false, - .report_mutex = PTHREAD_MUTEX_INITIALIZER, .reportFile = NULL, .dynFileIterExpire = 0, .only_printable = false, @@ -384,7 +382,6 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { .covFeedbackMap = NULL, .covFeedbackFd = -1, - .covFeedback_mutex = PTHREAD_MUTEX_INITIALIZER, .cmpFeedbackMap = NULL, .cmpFeedbackFd = -1, .cmpFeedback = true, @@ -419,6 +416,12 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .serverSocket = -1, .clientSocket = -1, }, + .mutex = + { + .dynfileq = PTHREAD_RWLOCK_INITIALIZER, + .feedback = PTHREAD_MUTEX_INITIALIZER, + .report = PTHREAD_MUTEX_INITIALIZER, + }, /* Linux code */ .arch_linux = diff --git a/fuzz.c b/fuzz.c index ee6d852b..585671b2 100644 --- a/fuzz.c +++ b/fuzz.c @@ -92,8 +92,7 @@ static void fuzz_setDynamicMainState(run_t* run) { static uint32_t cnt = 0; ATOMIC_PRE_INC(cnt); - static pthread_mutex_t state_mutex = PTHREAD_MUTEX_INITIALIZER; - MX_SCOPED_LOCK(&state_mutex); + MX_SCOPED_LOCK(&run->global->mutex.state); if (fuzz_getState(run->global) != _HF_STATE_DYNAMIC_DRY_RUN) { /* Already switched out of the Dry Run */ @@ -187,7 +186,7 @@ static void fuzz_perfFeedback(run_t* run) { return; } - MX_SCOPED_LOCK(&run->global->feedback.covFeedback_mutex); + MX_SCOPED_LOCK(&run->global->mutex.feedback); defer { wmb(); }; diff --git a/honggfuzz.h b/honggfuzz.h index aaa18ece..3c8f2fb1 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -209,7 +209,6 @@ typedef struct { bool saveUnique; size_t dynfileqMaxSz; size_t dynfileqCnt; - pthread_rwlock_t dynfileq_mutex; dynfile_t* dynfileqCurrent; dynfile_t* dynfileq2Current; TAILQ_HEAD(dyns_t, _dynfile_t) dynfileq; @@ -263,7 +262,6 @@ typedef struct { bool useVerifier; bool exitUponCrash; const char* reportFile; - pthread_mutex_t report_mutex; size_t dynFileIterExpire; bool only_printable; bool minimize; @@ -277,7 +275,6 @@ typedef struct { fuzzState_t state; feedback_t* covFeedbackMap; int covFeedbackFd; - pthread_mutex_t covFeedback_mutex; cmpfeedback_t* cmpFeedbackMap; int cmpFeedbackFd; bool cmpFeedback; @@ -302,6 +299,15 @@ typedef struct { int serverSocket; int clientSocket; } socketFuzzer; + struct { + pthread_rwlock_t dynfileq; + pthread_mutex_t feedback; + pthread_mutex_t report; + pthread_mutex_t state; + pthread_mutex_t input; + pthread_mutex_t timing; + } mutex; + /* For the Linux code */ struct { int exeFd; diff --git a/input.c b/input.c index ab9cdad8..6e7e6985 100644 --- a/input.c +++ b/input.c @@ -124,8 +124,7 @@ bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) { } bool input_getNext(run_t* run, char fname[PATH_MAX], bool rewind) { - static pthread_mutex_t input_mutex = PTHREAD_MUTEX_INITIALIZER; - MX_SCOPED_LOCK(&input_mutex); + MX_SCOPED_LOCK(&run->global->mutex.input); if (run->global->io.fileCnt == 0U) { LOG_W("No useful files in the input directory"); @@ -386,7 +385,7 @@ void input_addDynamicInput(run_t* run) { } input_generateFileName(dynfile, NULL, dynfile->path); - MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); + MX_SCOPED_RWLOCK_WRITE(&run->global->mutex.dynfileq); dynfile->idx = ATOMIC_PRE_INC(run->global->io.dynfileqCnt); @@ -433,7 +432,7 @@ void input_addDynamicInput(run_t* run) { } bool input_inDynamicCorpus(run_t* run, const char* fname) { - MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); + MX_SCOPED_RWLOCK_WRITE(&run->global->mutex.dynfileq); dynfile_t* iter = NULL; TAILQ_FOREACH_HF(iter, &run->global->io.dynfileq, pointers) { @@ -528,7 +527,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { int speed_factor = 0; for (;;) { - MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); + MX_SCOPED_RWLOCK_WRITE(&run->global->mutex.dynfileq); if (run->global->io.dynfileqCurrent == NULL) { run->global->io.dynfileqCurrent = TAILQ_FIRST(&run->global->io.dynfileq); @@ -578,7 +577,7 @@ size_t input_getRandomInputAsBuf(run_t* run, const uint8_t** buf) { dynfile_t* current = NULL; { - MX_SCOPED_RWLOCK_WRITE(&run->global->io.dynfileq_mutex); + MX_SCOPED_RWLOCK_WRITE(&run->global->mutex.dynfileq); if (run->global->io.dynfileq2Current == NULL) { run->global->io.dynfileq2Current = TAILQ_FIRST(&run->global->io.dynfileq); diff --git a/report.c b/report.c index b0cd38ba..5bfb5ce6 100644 --- a/report.c +++ b/report.c @@ -70,7 +70,7 @@ void report_saveReport(run_t* run) { return; } - MX_SCOPED_LOCK(&run->global->cfg.report_mutex); + MX_SCOPED_LOCK(&run->global->mutex.report); if (reportFD == -1) { char reportFName[PATH_MAX]; diff --git a/subproc.c b/subproc.c index 17b4a603..2ed75b48 100644 --- a/subproc.c +++ b/subproc.c @@ -439,8 +439,7 @@ bool subproc_Run(run_t* run) { int64_t diffUSecs = util_timeNowUSecs() - run->timeStartedUSecs; { - static pthread_mutex_t local_mutex = PTHREAD_MUTEX_INITIALIZER; - MX_SCOPED_LOCK(&local_mutex); + MX_SCOPED_LOCK(&run->global->mutex.timing); if (diffUSecs >= ATOMIC_GET(run->global->timing.timeOfLongestUnitUSecs)) { ATOMIC_SET(run->global->timing.timeOfLongestUnitUSecs, diffUSecs); } -- cgit v1.2.3 From eeed3d6583b4500ae7e31ff98e1d34f4be9c432e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 26 Apr 2020 09:41:28 +0200 Subject: linux/bfd: __block no longer needed --- linux/bfd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux/bfd.c b/linux/bfd.c index 7efcd1a4..abe24515 100644 --- a/linux/bfd.c +++ b/linux/bfd.c @@ -146,7 +146,7 @@ void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num) { bfd_init(); - __block bfd_t bfdParams = { + bfd_t bfdParams = { .bfdh = NULL, .syms = NULL, .dsyms = NULL, -- cgit v1.2.3 From 76385987d72a7496ce65811f64d337cf636aead3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 27 Apr 2020 01:02:11 +0200 Subject: Move defer{} implementation to libhfuzz/util --- honggfuzz.h | 65 ----------------------------------------------------- libhfcommon/util.h | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 65 insertions(+), 66 deletions(-) diff --git a/honggfuzz.h b/honggfuzz.h index 3c8f2fb1..8d23850f 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -382,69 +382,4 @@ typedef struct { } arch_linux; } run_t; -/* - * Go-style defer scoped implementation - * - * When compiled with clang, use: -fblocks -lBlocksRuntime - * - * Example of use: - * - * { - * int fd = open(fname, O_RDONLY); - * if (fd == -1) { - * error(....); - * return; - * } - * defer { close(fd); }; - * ssize_t sz = read(fd, buf, sizeof(buf)); - * ... - * ... - * } - * - */ - -#define __STRMERGE(a, b) a##b -#define _STRMERGE(a, b) __STRMERGE(a, b) -#ifdef __clang__ -#if __has_extension(blocks) -static void __attribute__((unused)) __clang_cleanup_func(void (^*dfunc)(void)) { - (*dfunc)(); -} - -#define defer \ - void (^_STRMERGE(__defer_f_, __COUNTER__))(void) \ - __attribute__((cleanup(__clang_cleanup_func))) __attribute__((unused)) = ^ - -#else /* __has_extension(blocks) */ -#define defer UNIMPLEMENTED - NO - SUPPORT - FOR - BLOCKS - IN - YOUR - CLANG - ENABLED -#endif /* __has_extension(blocks) */ -#else /* !__clang__, e.g.: gcc */ - -#define __block -#define _DEFER(a, count) \ - auto void _STRMERGE(__defer_f_, count)(void* _defer_arg __attribute__((unused))); \ - int _STRMERGE(__defer_var_, count) __attribute__((cleanup(_STRMERGE(__defer_f_, count)))) \ - __attribute__((unused)); \ - void _STRMERGE(__defer_f_, count)(void* _defer_arg __attribute__((unused))) -#define defer _DEFER(a, __COUNTER__) -#endif /* ifdef __clang__ */ - -/* Block scoped mutexes */ -#define MX_SCOPED_LOCK(m) \ - MX_LOCK(m); \ - defer { \ - MX_UNLOCK(m); \ - } - -#define MX_SCOPED_RWLOCK_READ(m) \ - MX_RWLOCK_READ(m); \ - defer { \ - MX_RWLOCK_UNLOCK(m); \ - } -#define MX_SCOPED_RWLOCK_WRITE(m) \ - MX_RWLOCK_WRITE(m); \ - defer { \ - MX_RWLOCK_UNLOCK(m); \ - } - #endif diff --git a/libhfcommon/util.h b/libhfcommon/util.h index ce0c933c..95478d67 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -33,6 +33,71 @@ #include #include +/* + * Go-style defer scoped implementation + * + * If compiled with clang, use: -fblocks -lBlocksRuntime + * + * Example of use: + * + * { + * int fd = open(fname, O_RDONLY); + * if (fd == -1) { + * error(....); + * return; + * } + * defer { close(fd); }; + * ssize_t sz = read(fd, buf, sizeof(buf)); + * ... + * ... + * } + * + */ + +#define __STRMERGE(a, b) a##b +#define _STRMERGE(a, b) __STRMERGE(a, b) +#ifdef __clang__ +#if __has_extension(blocks) +static void __attribute__((unused)) __clang_cleanup_func(void (^*dfunc)(void)) { + (*dfunc)(); +} + +#define defer \ + void (^_STRMERGE(__defer_f_, __COUNTER__))(void) \ + __attribute__((cleanup(__clang_cleanup_func))) __attribute__((unused)) = ^ + +#else /* __has_extension(blocks) */ +#define defer UNIMPLEMENTED - NO - SUPPORT - FOR - BLOCKS - IN - YOUR - CLANG - ENABLED +#endif /* __has_extension(blocks) */ +#else /* !__clang__, e.g.: gcc */ + +#define __block +#define _DEFER(a, count) \ + auto void _STRMERGE(__defer_f_, count)(void* _defer_arg __attribute__((unused))); \ + int _STRMERGE(__defer_var_, count) __attribute__((cleanup(_STRMERGE(__defer_f_, count)))) \ + __attribute__((unused)); \ + void _STRMERGE(__defer_f_, count)(void* _defer_arg __attribute__((unused))) +#define defer _DEFER(a, __COUNTER__) +#endif /* ifdef __clang__ */ + +/* Block scoped mutexes */ +#define MX_SCOPED_LOCK(m) \ + MX_LOCK(m); \ + defer { \ + MX_UNLOCK(m); \ + } + +#define MX_SCOPED_RWLOCK_READ(m) \ + MX_RWLOCK_READ(m); \ + defer { \ + MX_RWLOCK_UNLOCK(m); \ + } +#define MX_SCOPED_RWLOCK_WRITE(m) \ + MX_RWLOCK_WRITE(m); \ + defer { \ + MX_RWLOCK_UNLOCK(m); \ + } + #define HF_STR_LEN 8192 #define HF_STR_LEN_MINUS_1 8191 @@ -89,7 +154,6 @@ __attribute__((always_inline)) static inline bool ATOMIC_BITMAP_SET(uint8_t* add #define HF_MAX(x, y) ((x > y) ? x : y) #define HF_MIN(x, y) ((x < y) ? x : y) #define HF_CAP(v, x, y) HF_MAX(x, HF_MIN(y, v)) - #define util_Log2(v) ((sizeof(unsigned int) * 8) - __builtin_clz((unsigned int)v) - 1) typedef enum { -- cgit v1.2.3 From a696e0ba9cf58e31d006c46a6933f9cd56ee2cf8 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 27 Apr 2020 13:38:24 +0200 Subject: Makefile: switch from c11 to c17 which is default (except 'gnu') for modern gcc/clang --- Makefile | 2 +- honggfuzz.h | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile b/Makefile index ceea1c64..9a668bc8 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,7 @@ LD = $(CC) BIN := honggfuzz HFUZZ_CC_BIN := hfuzz_cc/hfuzz-cc HFUZZ_CC_SRCS := hfuzz_cc/hfuzz-cc.c -COMMON_CFLAGS := -std=c11 -I/usr/local/include -D_GNU_SOURCE -Wall -Wextra -Werror -Wno-format-truncation -Wno-override-init -I. +COMMON_CFLAGS := -std=c17 -I/usr/local/include -D_GNU_SOURCE -Wall -Wextra -Werror -Wno-format-truncation -Wno-override-init -I. COMMON_LDFLAGS := -pthread -lm COMMON_SRCS := $(sort $(wildcard *.c)) CFLAGS ?= -O3 -mtune=native -funroll-loops diff --git a/honggfuzz.h b/honggfuzz.h index 8d23850f..e491df7d 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -360,7 +360,6 @@ typedef struct { bool staticFileTryMore; uint32_t fuzzNo; int persistentSock; - bool waitingForReady; runState_t runState; bool tmOutSignaled; char* args[_HF_ARGS_MAX + 1]; -- cgit v1.2.3 From c7a0199c63210fc03dff9d309087c8ff0356605e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 27 Apr 2020 13:49:13 +0200 Subject: Makefile: use LDFLAGS after OBJS, so the shared library have correct deps --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 9a668bc8..9ef9f35c 100644 --- a/Makefile +++ b/Makefile @@ -290,7 +290,7 @@ $(LHFUZZ_ARCH): $(LHFUZZ_OBJS) $(AR) rcs $(LHFUZZ_ARCH) $(LHFUZZ_OBJS) $(LHFUZZ_SHARED): $(LHFUZZ_OBJS) $(LCOMMON_OBJS) - $(LD) -shared $(LDFLAGS) $(LHFUZZ_OBJS) $(LCOMMON_OBJS) -o $@ + $(LD) -shared $(LHFUZZ_OBJS) $(LCOMMON_OBJS) $(LDFLAGS) -o $@ $(LNETDRIVER_OBJS): $(LNETDRIVER_SRCS) $(CC) -c $(CFLAGS) $(LIBS_CFLAGS) -o $@ $(@:.o=.c) -- cgit v1.2.3 From 6079d30aacddcbb8f371b7f9caec2a3fb974b2b3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 27 Apr 2020 14:09:35 +0200 Subject: mangle: typo --- mangle.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mangle.c b/mangle.c index e7f6be38..3bd97e28 100644 --- a/mangle.c +++ b/mangle.c @@ -857,7 +857,7 @@ void mangle_mangleContent(run_t* run, int speed_factor) { changesCnt = HF_MAX(changesCnt, run->global->mutate.mutationsPerRun); } - /* If last coverage acquisition was mroe than 5 secs ago, use splicing more frequently */ + /* If last coverage acquisition was more than 5 secs ago, use splicing more frequently */ if ((time(NULL) - ATOMIC_GET(run->global->timing.lastCovUpdate)) > 5) { if (util_rnd64() % 2) { mangle_Splice(run, run->global->cfg.only_printable); -- cgit v1.2.3 From f6526968dd3e77ccc80dbd2a5d409ab804de5a4a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 29 Apr 2020 00:41:17 +0200 Subject: Readme --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 5f742bac..2160f0eb 100644 --- a/README.md +++ b/README.md @@ -93,6 +93,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [Heap buffer-overflow in __picoc__](https://gitlab.com/zsaleeba/picoc/issues/44) * Crashes in __OpenCOBOL__: [#1](https://sourceforge.net/p/open-cobol/bugs/586/), [#2](https://sourceforge.net/p/open-cobol/bugs/587/) * DoS in __ProFTPD__: [#1](https://twitter.com/SecReLabs/status/1186548245553483783), [#2](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18217) + * [Multiple security problems in ImageIO (iOS/MacOS)](https://googleprojectzero.blogspot.com/2020/04/fuzzing-imageio.html) * [Memory corruption in __htmldoc__](https://github.com/michaelrsweet/htmldoc/issues/370) * [Memory corruption in __OpenDetex__](https://github.com/pkubowicz/opendetex/issues/60) * [Memory corruption in __Yabasic__](https://github.com/marcIhm/yabasic/issues/36) @@ -157,6 +158,8 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__rcc__: a Rust C compiler](https://github.com/jyn514/rcc#testing) * [__EIP1962Fuzzing__: Fuzzy testing of various EIP1962 implementations](https://github.com/matter-labs/eip1962_fuzzing) * [__wasm-fuzz__: Fuzzing of wasmer](https://github.com/wasmerio/wasm-fuzz/blob/master/honggfuzz.md), [blog post](https://medium.com/wasmer/fuzz-testing-in-webassembly-vms-3a301f982e5a) + * [__P0__: Fuzzing ImageIO](https://googleprojectzero.blogspot.com/2020/04/fuzzing-imageio.html) + * [__TrapFuzz__: by P0](https://github.com/googleprojectzero/p0tools/tree/master/TrapFuzz) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -- cgit v1.2.3 From ee4db6649707904c28718eefa2a1a5f96020602e Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 29 Apr 2020 15:39:38 +0200 Subject: Makefile: move clang-format options to .clang-format --- .clang-format | 6 ++++++ Makefile | 4 +--- 2 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 .clang-format diff --git a/.clang-format b/.clang-format new file mode 100644 index 00000000..2e2fbfa3 --- /dev/null +++ b/.clang-format @@ -0,0 +1,6 @@ +BasedOnStyle: Google +IndentWidth: 4 +ColumnLimit: 100 +AlignAfterOpenBracket: DontAlign +AllowShortFunctionsOnASingleLine: false +AlwaysBreakBeforeMultilineStrings: false diff --git a/Makefile b/Makefile index 9ef9f35c..1907a865 100644 --- a/Makefile +++ b/Makefile @@ -304,9 +304,7 @@ clean: .PHONY: indent indent: - clang-format \ - -style="{BasedOnStyle: Google, IndentWidth: 4, ColumnLimit: 100, AlignAfterOpenBracket: DontAlign, AllowShortFunctionsOnASingleLine: false, AlwaysBreakBeforeMultilineStrings: false}" \ - -i -sort-includes *.c *.h */*.c */*.h + clang-format -i -sort-includes *.c *.h */*.c */*.h .PHONY: depend depend: all -- cgit v1.2.3 From bbb476eec95ad927d6d7d3d367d2b3e38eed3569 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 29 Apr 2020 15:57:06 +0200 Subject: New directives in .clang-format --- .clang-format | 12 +- cmdline.c | 208 ++++++++++++++++---------------- display.c | 70 +++++------ fuzz.c | 84 ++++++------- fuzz.h | 8 +- hfuzz_cc/hfuzz-cc.c | 14 +-- honggfuzz.c | 18 +-- honggfuzz.h | 268 +++++++++++++++++++++--------------------- input.c | 68 +++++------ input.h | 34 +++--- libhfcommon/common.h | 16 +-- libhfcommon/files.c | 12 +- libhfcommon/files.h | 18 +-- libhfcommon/log.c | 18 +-- libhfcommon/log.h | 58 ++++----- libhfcommon/util.c | 14 +-- libhfcommon/util.h | 104 ++++++++-------- libhfnetdriver/netdriver.c | 56 ++++----- libhfnetdriver/netdriver.h | 6 +- libhfuzz/fetch.c | 4 +- libhfuzz/instrument.c | 96 +++++++-------- libhfuzz/instrument.h | 16 +-- libhfuzz/memorycmp.c | 4 +- libhfuzz/performance.c | 12 +- libhfuzz/persistent.c | 10 +- linux/arch.c | 14 +-- linux/bfd.c | 24 ++-- linux/bfd.h | 2 +- linux/perf.c | 26 ++-- linux/pt.c | 14 +-- linux/pt.h | 64 +++++----- linux/trace.c | 90 +++++++------- linux/trace.h | 2 +- linux/unwind.c | 30 ++--- linux/unwind.h | 4 +- mac/arch.c | 48 ++++---- mangle.c | 44 +++---- netbsd/arch.c | 4 +- netbsd/trace.c | 58 ++++----- netbsd/trace.h | 2 +- netbsd/unwind.h | 2 +- posix/arch.c | 28 ++--- sanitizers.c | 64 +++++----- sanitizers.h | 12 +- socketfuzzer.c | 6 +- socketfuzzer.h | 2 +- socketfuzzer/vulnserver_cov.c | 14 +-- subproc.c | 2 +- 48 files changed, 896 insertions(+), 888 deletions(-) diff --git a/.clang-format b/.clang-format index 2e2fbfa3..b2ed423b 100644 --- a/.clang-format +++ b/.clang-format @@ -1,6 +1,14 @@ BasedOnStyle: Google -IndentWidth: 4 -ColumnLimit: 100 AlignAfterOpenBracket: DontAlign +AlignConsecutiveAssignments: true +AlignConsecutiveDeclarations: true +AlignConsecutiveMacros: true +AlignEscapedNewlines: false +AlignOperands: true AllowShortFunctionsOnASingleLine: false AlwaysBreakBeforeMultilineStrings: false +ColumnLimit: 100 +ForEachMacros: + - TAILQ_FOREACH_HF +IndentWidth: 4 +SpacesBeforeTrailingComments: 4 diff --git a/cmdline.c b/cmdline.c index 95a2422a..44b9acc3 100644 --- a/cmdline.c +++ b/cmdline.c @@ -49,7 +49,7 @@ struct custom_option { struct option opt; - const char* descr; + const char* descr; }; static bool checkFor_FILE_PLACEHOLDER(const char* const* args) { @@ -62,8 +62,8 @@ static bool checkFor_FILE_PLACEHOLDER(const char* const* args) { } static bool cmdlineCheckBinaryType(honggfuzz_t* hfuzz) { - int fd; - off_t fileSz; + int fd; + off_t fileSz; uint8_t* map = files_mapFile(hfuzz->exe.cmdline[0], &fileSz, &fd, /* isWriteable= */ false); if (!map) { /* It's not a critical error */ @@ -135,8 +135,8 @@ static void cmdlineUsage(const char* pname, struct custom_option* opts) { } bool cmdlineAddEnv(honggfuzz_t* hfuzz, char* env) { - size_t enveqlen = strlen(env); - const char* eqpos = strchr(env, '='); + size_t enveqlen = strlen(env); + const char* eqpos = strchr(env, '='); if (eqpos) { enveqlen = (uintptr_t)eqpos - (uintptr_t)env + 1; } @@ -291,128 +291,128 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { *hfuzz = (honggfuzz_t){ .threads = { - .threadsFinished = 0, - .threadsMax = ({ + .threadsFinished = 0, + .threadsMax = ({ long ncpus = sysconf(_SC_NPROCESSORS_ONLN); (ncpus <= 1 ? 1 : ncpus / 2); }), .threadsActiveCnt = 0, - .mainThread = pthread_self(), - .mainPid = getpid(), + .mainThread = pthread_self(), + .mainPid = getpid(), }, .io = { - .inputDir = NULL, - .outputDir = NULL, - .inputDirPtr = NULL, - .fileCnt = 0, - .testedFileCnt = 0, - .maxFileSz = 0, - .newUnitsAdded = 0, - .fileExtn = "fuzz", - .workDir = {}, - .crashDir = NULL, - .covDirNew = NULL, - .saveUnique = true, - .dynfileqMaxSz = 0U, - .dynfileqCnt = 0U, - .dynfileqCurrent = NULL, + .inputDir = NULL, + .outputDir = NULL, + .inputDirPtr = NULL, + .fileCnt = 0, + .testedFileCnt = 0, + .maxFileSz = 0, + .newUnitsAdded = 0, + .fileExtn = "fuzz", + .workDir = {}, + .crashDir = NULL, + .covDirNew = NULL, + .saveUnique = true, + .dynfileqMaxSz = 0U, + .dynfileqCnt = 0U, + .dynfileqCurrent = NULL, .dynfileq2Current = NULL, - .exportFeedback = false, + .exportFeedback = false, }, .exe = { - .argc = 0, - .cmdline = NULL, - .nullifyStdio = true, - .fuzzStdin = false, - .externalCommand = NULL, - .postExternalCommand = NULL, + .argc = 0, + .cmdline = NULL, + .nullifyStdio = true, + .fuzzStdin = false, + .externalCommand = NULL, + .postExternalCommand = NULL, .feedbackMutateCommand = NULL, - .persistent = false, - .netDriver = false, - .asLimit = 0U, - .rssLimit = 0U, - .dataLimit = 0U, - .stackLimit = 0U, - .clearEnv = false, - .env_ptrs = {}, - .env_vals = {}, + .persistent = false, + .netDriver = false, + .asLimit = 0U, + .rssLimit = 0U, + .dataLimit = 0U, + .stackLimit = 0U, + .clearEnv = false, + .env_ptrs = {}, + .env_vals = {}, }, .timing = { - .timeStart = time(NULL), - .runEndTime = 0, - .tmOut = 1, - .lastCovUpdate = time(NULL), + .timeStart = time(NULL), + .runEndTime = 0, + .tmOut = 1, + .lastCovUpdate = time(NULL), .timeOfLongestUnitUSecs = 0, - .tmoutVTALRM = false, + .tmoutVTALRM = false, }, .mutate = { - .mutationsMax = 0, - .dictionary = {}, - .dictionaryCnt = 0, - .dictionaryFile = NULL, + .mutationsMax = 0, + .dictionary = {}, + .dictionaryCnt = 0, + .dictionaryFile = NULL, .mutationsPerRun = 5, - .maxInputSz = 0, + .maxInputSz = 0, }, .display = { - .useScreen = true, + .useScreen = true, .lastDisplayUSecs = util_timeNowUSecs(), - .cmdline_txt[0] = '\0', + .cmdline_txt[0] = '\0', }, .cfg = { - .useVerifier = false, - .exitUponCrash = false, - .reportFile = NULL, + .useVerifier = false, + .exitUponCrash = false, + .reportFile = NULL, .dynFileIterExpire = 0, - .only_printable = false, - .minimize = false, - .switchingToFDM = false, + .only_printable = false, + .minimize = false, + .switchingToFDM = false, }, .sanitizer = { - .enable = false, + .enable = false, .del_report = false, }, .feedback = { - .covFeedbackMap = NULL, - .covFeedbackFd = -1, - .cmpFeedbackMap = NULL, - .cmpFeedbackFd = -1, - .cmpFeedback = true, - .blacklistFile = NULL, - .blacklist = NULL, - .blacklistCnt = 0, + .covFeedbackMap = NULL, + .covFeedbackFd = -1, + .cmpFeedbackMap = NULL, + .cmpFeedbackFd = -1, + .cmpFeedback = true, + .blacklistFile = NULL, + .blacklist = NULL, + .blacklistCnt = 0, .skipFeedbackOnTimeout = false, - .dynFileMethod = _HF_DYNFILE_SOFT, - .state = _HF_STATE_UNSET, + .dynFileMethod = _HF_DYNFILE_SOFT, + .state = _HF_STATE_UNSET, .hwCnts = { - .cpuInstrCnt = 0ULL, + .cpuInstrCnt = 0ULL, .cpuBranchCnt = 0ULL, - .bbCnt = 0ULL, - .newBBCnt = 0ULL, - .softCntPc = 0ULL, - .softCntCmp = 0ULL, + .bbCnt = 0ULL, + .newBBCnt = 0ULL, + .softCntPc = 0ULL, + .softCntCmp = 0ULL, }, }, .cnts = { - .mutationsCnt = 0, - .crashesCnt = 0, - .uniqueCrashesCnt = 0, + .mutationsCnt = 0, + .crashesCnt = 0, + .uniqueCrashesCnt = 0, .verifiedCrashesCnt = 0, - .blCrashesCnt = 0, - .timeoutedCnt = 0, + .blCrashesCnt = 0, + .timeoutedCnt = 0, }, .socketFuzzer = { - .enabled = false, + .enabled = false, .serverSocket = -1, .clientSocket = -1, }, @@ -420,37 +420,37 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { { .dynfileq = PTHREAD_RWLOCK_INITIALIZER, .feedback = PTHREAD_MUTEX_INITIALIZER, - .report = PTHREAD_MUTEX_INITIALIZER, + .report = PTHREAD_MUTEX_INITIALIZER, }, /* Linux code */ .arch_linux = { - .exeFd = -1, - .dynamicCutOffAddr = ~(0ULL), + .exeFd = -1, + .dynamicCutOffAddr = ~(0ULL), .disableRandomization = true, - .ignoreAddr = NULL, - .symsBlFile = NULL, - .symsBlCnt = 0, - .symsBl = NULL, - .symsWlFile = NULL, - .symsWlCnt = 0, - .symsWl = NULL, - .cloneFlags = 0, - .useNetNs = HF_MAYBE, - .kernelOnly = false, - .useClone = true, + .ignoreAddr = NULL, + .symsBlFile = NULL, + .symsBlCnt = 0, + .symsBl = NULL, + .symsWlFile = NULL, + .symsWlCnt = 0, + .symsWl = NULL, + .cloneFlags = 0, + .useNetNs = HF_MAYBE, + .kernelOnly = false, + .useClone = true, }, /* NetBSD code */ .arch_netbsd = { .ignoreAddr = NULL, .symsBlFile = NULL, - .symsBlCnt = 0, - .symsBl = NULL, + .symsBlCnt = 0, + .symsBl = NULL, .symsWlFile = NULL, - .symsWlCnt = 0, - .symsWl = NULL, + .symsWlCnt = 0, + .symsWl = NULL, }, }; @@ -539,9 +539,9 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { opts[i] = custom_opts[i].opt; } - enum llevel_t ll = INFO; - const char* logfile = NULL; - int opt_index = 0; + enum llevel_t ll = INFO; + const char* logfile = NULL; + int opt_index = 0; for (;;) { int c = getopt_long( argc, argv, "-?hQvVsuPxf:i:dqe:W:r:c:F:t:R:n:N:l:p:g:E:w:B:zMTS", opts, &opt_index); @@ -614,7 +614,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { break; case 0x10B: hfuzz->socketFuzzer.enabled = true; - hfuzz->timing.tmOut = 0; /* Disable process timeout checks */ + hfuzz->timing.tmOut = 0; /* Disable process timeout checks */ break; case 0x10C: hfuzz->exe.netDriver = true; @@ -645,7 +645,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { break; case 'n': if (optarg[0] == 'a') { - long ncpus = sysconf(_SC_NPROCESSORS_ONLN); + long ncpus = sysconf(_SC_NPROCESSORS_ONLN); hfuzz->threads.threadsMax = (ncpus < 1 ? 1 : ncpus); } else { if (!util_isANumber(optarg)) { @@ -775,7 +775,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { logInitLogFile(logfile, -1, ll); - hfuzz->exe.argc = argc - optind; + hfuzz->exe.argc = argc - optind; hfuzz->exe.cmdline = (const char* const*)&argv[optind]; if (hfuzz->exe.argc <= 0) { LOG_E("No fuzz command provided"); diff --git a/display.c b/display.c index 44a11e57..b0a7535f 100644 --- a/display.c +++ b/display.c @@ -38,20 +38,20 @@ #include "libhfcommon/log.h" #include "libhfcommon/util.h" -#define ESC_CLEAR_ALL "\033[2J" -#define ESC_CLEAR_LINE "\033[2K" -#define ESC_CLEAR_ABOVE "\033[1J" -#define ESC_TERM_RESET "\033c" -#define ESC_NAV(x, y) "\033[" #x ";" #y "H" -#define ESC_BOLD "\033[1m" -#define ESC_RED "\033[31m" -#define ESC_RESET "\033[0m" +#define ESC_CLEAR_ALL "\033[2J" +#define ESC_CLEAR_LINE "\033[2K" +#define ESC_CLEAR_ABOVE "\033[1J" +#define ESC_TERM_RESET "\033c" +#define ESC_NAV(x, y) "\033[" #x ";" #y "H" +#define ESC_BOLD "\033[1m" +#define ESC_RED "\033[31m" +#define ESC_RESET "\033[0m" #define ESC_SCROLL_REGION(x, y) "\033[" #x ";" #y "r" -#define ESC_SCROLL_DISABLE "\033[?7h" -#define ESC_SCROLL_RESET "\033[r" -#define ESC_NAV_DOWN(x) "\033[" #x "B" -#define ESC_NAV_HORIZ(x) "\033[" #x "G" -#define ESC_RESET_SETTINGS "\033[!p" +#define ESC_SCROLL_DISABLE "\033[?7h" +#define ESC_SCROLL_RESET "\033[r" +#define ESC_NAV_DOWN(x) "\033[" #x "B" +#define ESC_NAV_HORIZ(x) "\033[" #x "G" +#define ESC_RESET_SETTINGS "\033[!p" static char displayBuf[1024 * 1024]; static void display_start(void) { @@ -86,10 +86,10 @@ static void display_printKMG(uint64_t val) { } static unsigned getCpuUse(int numCpus) { - static uint64_t prevUserT = 0UL; - static uint64_t prevNiceT = 0UL; + static uint64_t prevUserT = 0UL; + static uint64_t prevNiceT = 0UL; static uint64_t prevSystemT = 0UL; - static uint64_t prevIdleT = 0UL; + static uint64_t prevIdleT = 0UL; FILE* f = fopen("/proc/stat", "re"); if (f == NULL) { @@ -105,15 +105,15 @@ static unsigned getCpuUse(int numCpus) { return 0; } - uint64_t userCycles = (userT - prevUserT); - uint64_t niceCycles = (niceT - prevNiceT); + uint64_t userCycles = (userT - prevUserT); + uint64_t niceCycles = (niceT - prevNiceT); uint64_t systemCycles = (systemT - prevSystemT); - uint64_t idleCycles = (idleT - prevIdleT); + uint64_t idleCycles = (idleT - prevIdleT); - prevUserT = userT; - prevNiceT = niceT; + prevUserT = userT; + prevNiceT = niceT; prevSystemT = systemT; - prevIdleT = idleT; + prevIdleT = idleT; uint64_t allCycles = userCycles + niceCycles + systemCycles + idleCycles; if (allCycles == 0) { @@ -130,11 +130,11 @@ static void getDuration(time_t elapsed_second, char* buf, size_t bufSz) { } unsigned int day, hour, min, second; - day = elapsed_second / 24 / 3600; + day = elapsed_second / 24 / 3600; elapsed_second = elapsed_second - day * 24 * 3600; - hour = elapsed_second / 3600; - min = (elapsed_second - 3600 * hour) / 60; - second = elapsed_second - hour * 3600 - min * 60; + hour = elapsed_second / 3600; + min = (elapsed_second - 3600 * hour) / 60; + second = elapsed_second - hour * 3600 - min * 60; snprintf(buf, bufSz, "%u days %02u hrs %02u mins %02u secs", day, hour, min, second); } @@ -166,10 +166,10 @@ void display_display(honggfuzz_t* hfuzz) { return; } - const time_t curr_sec = time(NULL); - const time_t elapsed_sec = curr_sec - hfuzz->timing.timeStart; - const int64_t curr_time_usecs = util_timeNowUSecs(); - const int64_t elapsed_usecs = curr_time_usecs - hfuzz->display.lastDisplayUSecs; + const time_t curr_sec = time(NULL); + const time_t elapsed_sec = curr_sec - hfuzz->timing.timeStart; + const int64_t curr_time_usecs = util_timeNowUSecs(); + const int64_t elapsed_usecs = curr_time_usecs - hfuzz->display.lastDisplayUSecs; hfuzz->display.lastDisplayUSecs = curr_time_usecs; char lastCovStr[64]; @@ -197,7 +197,7 @@ void display_display(honggfuzz_t* hfuzz) { } static size_t prev_exec_cnt = 0UL; - size_t exec_per_usecs = + size_t exec_per_usecs = elapsed_usecs ? ((curr_exec_cnt - prev_exec_cnt) * 1000000) / elapsed_usecs : 0; prev_exec_cnt = curr_exec_cnt; @@ -295,12 +295,12 @@ void display_display(honggfuzz_t* hfuzz) { ATOMIC_GET(hfuzz->feedback.hwCnts.bbCnt)); } if (hfuzz->feedback.dynFileMethod & _HF_DYNFILE_SOFT) { - uint64_t softCntPc = ATOMIC_GET(hfuzz->feedback.hwCnts.softCntPc); + uint64_t softCntPc = ATOMIC_GET(hfuzz->feedback.hwCnts.softCntPc); uint64_t softCntEdge = ATOMIC_GET(hfuzz->feedback.hwCnts.softCntEdge); - uint64_t softCntCmp = ATOMIC_GET(hfuzz->feedback.hwCnts.softCntCmp); - uint64_t guardNb = ATOMIC_GET(hfuzz->feedback.covFeedbackMap->guardNb); + uint64_t softCntCmp = ATOMIC_GET(hfuzz->feedback.hwCnts.softCntCmp); + uint64_t guardNb = ATOMIC_GET(hfuzz->feedback.covFeedbackMap->guardNb); display_put(" edge: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET "/" - "%" _HF_NONMON_SEP PRIu64 " [%" PRId64 "%%]", + "%" _HF_NONMON_SEP PRIu64 " [%" PRId64 "%%]", softCntEdge, guardNb, guardNb ? ((softCntEdge * 100) / guardNb) : 0); display_put(" pc: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntPc); display_put(" cmp: " ESC_BOLD "%" _HF_NONMON_SEP PRIu64 ESC_RESET, softCntCmp); diff --git a/fuzz.c b/fuzz.c index 585671b2..d55bc567 100644 --- a/fuzz.c +++ b/fuzz.c @@ -127,16 +127,16 @@ static void fuzz_setDynamicMainState(run_t* run) { */ if (run->global->io.dynfileqCnt == 0) { dynfile_t dynfile = { - .size = 0, - .cov = {}, - .idx = 0, - .fd = -1, + .size = 0, + .cov = {}, + .idx = 0, + .fd = -1, .timeExecUSecs = 1, - .path = "[DYNAMIC-0-SIZE]", - .data = (uint8_t*)"", + .path = "[DYNAMIC-0-SIZE]", + .data = (uint8_t*)"", }; dynfile_t* tmp_dynfile = run->dynfile; - run->dynfile = &dynfile; + run->dynfile = &dynfile; input_addDynamicInput(run); run->dynfile = tmp_dynfile; } @@ -273,10 +273,10 @@ static bool fuzz_runVerifier(run_t* run) { LOG_I("Launching verifier for HASH: %" PRIx64 " (iteration: %d out of %d)", run->backtrace, i + 1, _HF_VERIFIER_ITER); run->timeStartedUSecs = util_timeNowUSecs(); - run->backtrace = 0; - run->access = 0; - run->exception = 0; - run->mainWorker = false; + run->backtrace = 0; + run->access = 0; + run->exception = 0; + run->mainWorker = false; if (!subproc_Run(run)) { LOG_F("subproc_Run()"); @@ -389,19 +389,19 @@ static bool fuzz_fetchInput(run_t* run) { static void fuzz_fuzzLoop(run_t* run) { run->timeStartedUSecs = util_timeNowUSecs(); run->crashFileName[0] = '\0'; - run->pc = 0; - run->backtrace = 0; - run->access = 0; - run->exception = 0; - run->report[0] = '\0'; - run->mainWorker = true; - run->mutationsPerRun = run->global->mutate.mutationsPerRun; - run->tmOutSignaled = false; - - run->hwCnts.cpuInstrCnt = 0; + run->pc = 0; + run->backtrace = 0; + run->access = 0; + run->exception = 0; + run->report[0] = '\0'; + run->mainWorker = true; + run->mutationsPerRun = run->global->mutate.mutationsPerRun; + run->tmOutSignaled = false; + + run->hwCnts.cpuInstrCnt = 0; run->hwCnts.cpuBranchCnt = 0; - run->hwCnts.bbCnt = 0; - run->hwCnts.newBBCnt = 0; + run->hwCnts.bbCnt = 0; + run->hwCnts.newBBCnt = 0; if (!fuzz_fetchInput(run)) { if (run->global->cfg.minimize && fuzz_getState(run->global) == _HF_STATE_DYNAMIC_MINIMIZE) { @@ -426,19 +426,19 @@ static void fuzz_fuzzLoop(run_t* run) { static void fuzz_fuzzLoopSocket(run_t* run) { run->timeStartedUSecs = util_timeNowUSecs(); run->crashFileName[0] = '\0'; - run->pc = 0; - run->backtrace = 0; - run->access = 0; - run->exception = 0; - run->report[0] = '\0'; - run->mainWorker = true; - run->mutationsPerRun = run->global->mutate.mutationsPerRun; - run->tmOutSignaled = false; - - run->hwCnts.cpuInstrCnt = 0; + run->pc = 0; + run->backtrace = 0; + run->access = 0; + run->exception = 0; + run->report[0] = '\0'; + run->mainWorker = true; + run->mutationsPerRun = run->global->mutate.mutationsPerRun; + run->tmOutSignaled = false; + + run->hwCnts.cpuInstrCnt = 0; run->hwCnts.cpuBranchCnt = 0; - run->hwCnts.bbCnt = 0; - run->hwCnts.newBBCnt = 0; + run->hwCnts.bbCnt = 0; + run->hwCnts.newBBCnt = 0; LOG_I("------------------------------------------------------"); @@ -462,7 +462,7 @@ static void fuzz_fuzzLoopSocket(run_t* run) { or: it crashed by fuzzing. Restart it too. */ LOG_D("------[ 2.1: Target down, will restart it"); - run->pid = 0; // make subproc_Run() restart it on next iteration + run->pid = 0; // make subproc_Run() restart it on next iteration return; } @@ -478,17 +478,17 @@ static void fuzz_fuzzLoopSocket(run_t* run) { } static void* fuzz_threadNew(void* arg) { - honggfuzz_t* hfuzz = (honggfuzz_t*)arg; + honggfuzz_t* hfuzz = (honggfuzz_t*)arg; unsigned int fuzzNo = ATOMIC_POST_INC(hfuzz->threads.threadsActiveCnt); LOG_I("Launched new fuzzing thread, no. #%u", fuzzNo); run_t run = { - .global = hfuzz, - .pid = 0, - .dynfile = (dynfile_t*)util_Malloc(sizeof(dynfile_t) + hfuzz->io.maxFileSz), - .fuzzNo = fuzzNo, + .global = hfuzz, + .pid = 0, + .dynfile = (dynfile_t*)util_Malloc(sizeof(dynfile_t) + hfuzz->io.maxFileSz), + .fuzzNo = fuzzNo, .persistentSock = -1, - .tmOutSignaled = false, + .tmOutSignaled = false, }; /* Do not try to handle input files with socketfuzzer */ diff --git a/fuzz.h b/fuzz.h index 32409ce7..61dc2bc0 100644 --- a/fuzz.h +++ b/fuzz.h @@ -28,10 +28,10 @@ #include "honggfuzz.h" -extern void fuzz_threadsStart(honggfuzz_t* fuzz); -extern bool fuzz_isTerminating(void); -extern void fuzz_setTerminating(void); -extern bool fuzz_shouldTerminate(void); +extern void fuzz_threadsStart(honggfuzz_t* fuzz); +extern bool fuzz_isTerminating(void); +extern void fuzz_setTerminating(void); +extern bool fuzz_shouldTerminate(void); extern fuzzState_t fuzz_getState(honggfuzz_t* hfuzz); #endif diff --git a/hfuzz_cc/hfuzz-cc.c b/hfuzz_cc/hfuzz-cc.c index 1e2c8d9f..5957d4d1 100644 --- a/hfuzz_cc/hfuzz-cc.c +++ b/hfuzz_cc/hfuzz-cc.c @@ -20,9 +20,9 @@ #define ARGS_MAX 4096 -static bool isCXX = false; -static bool isGCC = false; -static bool usePCGuard = true; +static bool isCXX = false; +static bool isGCC = false; +static bool usePCGuard = true; static bool hasCmdLineFSanitizeFuzzer = false; /* Embed libhf/.a inside this binary */ @@ -206,7 +206,7 @@ static int execCC(int argc, char** argv) { /* It'll point back to the libhfuzz's source tree */ char* getIncPaths(void) { #if !defined(_HFUZZ_INC_PATH) -#error \ +#error \ "You need to define _HFUZZ_INC_PATH to a directory with the directory called 'includes', containing honggfuzz's lib* includes. Typically it'd be the build/sources dir" #endif @@ -223,8 +223,8 @@ static bool getLibPath( return true; } - ptrdiff_t len = (uintptr_t)end - (uintptr_t)start; - uint64_t crc64 = util_CRC64(start, len); + ptrdiff_t len = (uintptr_t)end - (uintptr_t)start; + uint64_t crc64 = util_CRC64(start, len); snprintf(path, PATH_MAX, "/tmp/%s.%d.%" PRIx64 ".a", name, geteuid(), crc64); /* Does the library exist, belongs to the user, and is of expected size? */ @@ -235,7 +235,7 @@ static bool getLibPath( /* If not, create it with atomic rename() */ char template[] = "/tmp/lib.honggfuzz.a.XXXXXX"; - int fd = TEMP_FAILURE_RETRY(mkostemp(template, O_CLOEXEC)); + int fd = TEMP_FAILURE_RETRY(mkostemp(template, O_CLOEXEC)); if (fd == -1) { PLOG_E("mkostemp('%s')", template); return false; diff --git a/honggfuzz.c b/honggfuzz.c index 71c712fd..068bc131 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -46,8 +46,8 @@ #include "socketfuzzer.h" #include "subproc.h" -static int sigReceived = 0; -static bool clearWin = false; +static int sigReceived = 0; +static bool clearWin = false; /* * CygWin/MinGW incorrectly copies stack during fork(), so we need to keep some @@ -103,7 +103,7 @@ static void setupRLimits(void) { LOG_E("RLIMIT_NOFILE max limit < 1024 (%zu). Expect troubles!", (size_t)rlim.rlim_max); return; } - rlim.rlim_cur = MIN(1024, rlim.rlim_max); // we don't need more + rlim.rlim_cur = MIN(1024, rlim.rlim_max); // we don't need more if (setrlimit(RLIMIT_NOFILE, &rlim) == -1) { PLOG_E("Couldn't setrlimit(RLIMIT_NOFILE, cur=%zu/max=%zu)", (size_t)rlim.rlim_cur, (size_t)rlim.rlim_max); @@ -114,12 +114,12 @@ static void setupMainThreadTimer(void) { const struct itimerval it = { .it_value = { - .tv_sec = 1, + .tv_sec = 1, .tv_usec = 0, }, .it_interval = { - .tv_sec = 0, + .tv_sec = 0, .tv_usec = 1000ULL * 200ULL, }, }; @@ -149,7 +149,7 @@ static void setupSignalsPreThreads(void) { struct sigaction sa = { .sa_handler = sigHandler, - .sa_flags = 0, + .sa_flags = 0, }; sigemptyset(&sa.sa_mask); if (sigaction(SIGTERM, &sa, NULL) == -1) { @@ -188,7 +188,7 @@ static void setupSignalsMainThread(void) { static void printSummary(honggfuzz_t* hfuzz) { uint64_t exec_per_sec = 0; - uint64_t elapsed_sec = time(NULL) - hfuzz->timing.timeStart; + uint64_t elapsed_sec = time(NULL) - hfuzz->timing.timeStart; if (elapsed_sec) { exec_per_sec = hfuzz->cnts.mutationsCnt / elapsed_sec; } @@ -198,7 +198,7 @@ static void printSummary(honggfuzz_t* hfuzz) { struct rusage usage; if (getrusage(RUSAGE_CHILDREN, &usage)) { PLOG_W("getrusage failed"); - usage.ru_maxrss = 0; // 0 means something went wrong with rusage + usage.ru_maxrss = 0; // 0 means something went wrong with rusage } #ifdef _HF_ARCH_DARWIN usage.ru_maxrss >>= 20; @@ -235,7 +235,7 @@ static void* signalThread(void* arg) { for (;;) { int sig = 0; - errno = 0; + errno = 0; int ret = sigwait(&ss, &sig); if (ret == EINTR) { continue; diff --git a/honggfuzz.h b/honggfuzz.h index e491df7d..63016e4c 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -37,7 +37,7 @@ #include "libhfcommon/util.h" -#define PROG_NAME "honggfuzz" +#define PROG_NAME "honggfuzz" #define PROG_VERSION "2.2" /* Name of the template which will be replaced with the proper name of the file */ @@ -65,7 +65,7 @@ #define _HF_REPORT_SIZE 32768 /* Perf bitmap size */ -#define _HF_PERF_BITMAP_SIZE_16M (1024U * 1024U * 16U) +#define _HF_PERF_BITMAP_SIZE_16M (1024U * 1024U * 16U) #define _HF_PERF_BITMAP_BITSZ_MASK 0x7FFFFFFULL /* Maximum number of PC guards (=trace-pc-guard) we support */ #define _HF_PC_GUARD_MAX (1024ULL * 1024ULL * 64ULL) @@ -86,7 +86,7 @@ #define _HF_INPUT_FD 1021 /* FD used to pass coverage feedback from the fuzzed process */ #define _HF_COV_BITMAP_FD 1022 -#define _HF_BITMAP_FD _HF_COV_BITMAP_FD /* Old name for _HF_COV_BITMAP_FD */ +#define _HF_BITMAP_FD _HF_COV_BITMAP_FD /* Old name for _HF_COV_BITMAP_FD */ /* FD used to pass data to a persistent process */ #define _HF_PERSISTENT_FD 1023 @@ -111,12 +111,12 @@ static const uint8_t HFReadyTag = 'R'; #define _HF_NONMON_SEP "'" typedef enum { - _HF_DYNFILE_NONE = 0x0, - _HF_DYNFILE_INSTR_COUNT = 0x1, + _HF_DYNFILE_NONE = 0x0, + _HF_DYNFILE_INSTR_COUNT = 0x1, _HF_DYNFILE_BRANCH_COUNT = 0x2, - _HF_DYNFILE_BTS_EDGE = 0x10, - _HF_DYNFILE_IPT_BLOCK = 0x20, - _HF_DYNFILE_SOFT = 0x40, + _HF_DYNFILE_BTS_EDGE = 0x10, + _HF_DYNFILE_IPT_BLOCK = 0x20, + _HF_DYNFILE_SOFT = 0x40, } dynFileMethod_t; typedef struct { @@ -139,20 +139,20 @@ typedef enum { typedef enum { HF_MAYBE = -1, - HF_NO = 0, - HF_YES = 1, + HF_NO = 0, + HF_YES = 1, } tristate_t; struct _dynfile_t { - size_t size; - uint64_t cov[4]; - size_t idx; - int fd; - uint64_t timeExecUSecs; - char path[PATH_MAX]; + size_t size; + uint64_t cov[4]; + size_t idx; + int fd; + uint64_t timeExecUSecs; + char path[PATH_MAX]; struct _dynfile_t* src; - uint32_t refs; - uint8_t* data; + uint32_t refs; + uint8_t* data; TAILQ_ENTRY(_dynfile_t) pointers; }; @@ -165,8 +165,8 @@ struct strings_t { }; typedef struct { - uint8_t pcGuardMap[_HF_PC_GUARD_MAX]; - uint8_t bbMapPc[_HF_PERF_BITMAP_SIZE_16M]; + uint8_t pcGuardMap[_HF_PC_GUARD_MAX]; + uint8_t bbMapPc[_HF_PERF_BITMAP_SIZE_16M]; uint32_t bbMapCmp[_HF_PERF_BITMAP_SIZE_16M]; uint64_t pidNewPC[_HF_THREAD_MAX]; uint64_t pidNewEdge[_HF_THREAD_MAX]; @@ -180,111 +180,111 @@ typedef struct { typedef struct { uint32_t cnt; struct { - uint8_t val[32]; + uint8_t val[32]; uint32_t len; } valArr[1024 * 16]; } cmpfeedback_t; typedef struct { struct { - size_t threadsMax; - size_t threadsFinished; - uint32_t threadsActiveCnt; + size_t threadsMax; + size_t threadsFinished; + uint32_t threadsActiveCnt; pthread_t mainThread; - pid_t mainPid; + pid_t mainPid; pthread_t threads[_HF_THREAD_MAX]; } threads; struct { const char* inputDir; const char* outputDir; - DIR* inputDirPtr; - size_t fileCnt; - size_t testedFileCnt; + DIR* inputDirPtr; + size_t fileCnt; + size_t testedFileCnt; const char* fileExtn; - size_t maxFileSz; - size_t newUnitsAdded; - char workDir[PATH_MAX]; + size_t maxFileSz; + size_t newUnitsAdded; + char workDir[PATH_MAX]; const char* crashDir; const char* covDirNew; - bool saveUnique; - size_t dynfileqMaxSz; - size_t dynfileqCnt; - dynfile_t* dynfileqCurrent; - dynfile_t* dynfileq2Current; + bool saveUnique; + size_t dynfileqMaxSz; + size_t dynfileqCnt; + dynfile_t* dynfileqCurrent; + dynfile_t* dynfileq2Current; TAILQ_HEAD(dyns_t, _dynfile_t) dynfileq; bool exportFeedback; } io; struct { - int argc; + int argc; const char* const* cmdline; - bool nullifyStdio; - bool fuzzStdin; - const char* externalCommand; - const char* postExternalCommand; - const char* feedbackMutateCommand; - bool netDriver; - bool persistent; - uint64_t asLimit; - uint64_t rssLimit; - uint64_t dataLimit; - uint64_t coreLimit; - uint64_t stackLimit; - bool clearEnv; - char* env_ptrs[128]; - char env_vals[128][4096]; - sigset_t waitSigSet; + bool nullifyStdio; + bool fuzzStdin; + const char* externalCommand; + const char* postExternalCommand; + const char* feedbackMutateCommand; + bool netDriver; + bool persistent; + uint64_t asLimit; + uint64_t rssLimit; + uint64_t dataLimit; + uint64_t coreLimit; + uint64_t stackLimit; + bool clearEnv; + char* env_ptrs[128]; + char env_vals[128][4096]; + sigset_t waitSigSet; } exe; struct { - time_t timeStart; - time_t runEndTime; - time_t tmOut; - time_t lastCovUpdate; + time_t timeStart; + time_t runEndTime; + time_t tmOut; + time_t lastCovUpdate; int64_t timeOfLongestUnitUSecs; - bool tmoutVTALRM; + bool tmoutVTALRM; } timing; struct { struct { uint8_t val[256]; - size_t len; + size_t len; } dictionary[1024]; - size_t dictionaryCnt; + size_t dictionaryCnt; const char* dictionaryFile; - size_t mutationsMax; - unsigned mutationsPerRun; - size_t maxInputSz; + size_t mutationsMax; + unsigned mutationsPerRun; + size_t maxInputSz; } mutate; struct { - bool useScreen; - char cmdline_txt[65]; + bool useScreen; + char cmdline_txt[65]; int64_t lastDisplayUSecs; } display; struct { - bool useVerifier; - bool exitUponCrash; + bool useVerifier; + bool exitUponCrash; const char* reportFile; - size_t dynFileIterExpire; - bool only_printable; - bool minimize; - bool switchingToFDM; + size_t dynFileIterExpire; + bool only_printable; + bool minimize; + bool switchingToFDM; } cfg; struct { bool enable; bool del_report; } sanitizer; struct { - fuzzState_t state; - feedback_t* covFeedbackMap; - int covFeedbackFd; - cmpfeedback_t* cmpFeedbackMap; - int cmpFeedbackFd; - bool cmpFeedback; - const char* blacklistFile; - uint64_t* blacklist; - size_t blacklistCnt; - bool skipFeedbackOnTimeout; - uint64_t maxCov[4]; + fuzzState_t state; + feedback_t* covFeedbackMap; + int covFeedbackFd; + cmpfeedback_t* cmpFeedbackMap; + int cmpFeedbackFd; + bool cmpFeedback; + const char* blacklistFile; + uint64_t* blacklist; + size_t blacklistCnt; + bool skipFeedbackOnTimeout; + uint64_t maxCov[4]; dynFileMethod_t dynFileMethod; - hwcnt_t hwCnts; + hwcnt_t hwCnts; } feedback; struct { size_t mutationsCnt; @@ -296,88 +296,88 @@ typedef struct { } cnts; struct { bool enabled; - int serverSocket; - int clientSocket; + int serverSocket; + int clientSocket; } socketFuzzer; struct { pthread_rwlock_t dynfileq; - pthread_mutex_t feedback; - pthread_mutex_t report; - pthread_mutex_t state; - pthread_mutex_t input; - pthread_mutex_t timing; + pthread_mutex_t feedback; + pthread_mutex_t report; + pthread_mutex_t state; + pthread_mutex_t input; + pthread_mutex_t timing; } mutex; /* For the Linux code */ struct { - int exeFd; - uint64_t dynamicCutOffAddr; - bool disableRandomization; - void* ignoreAddr; + int exeFd; + uint64_t dynamicCutOffAddr; + bool disableRandomization; + void* ignoreAddr; const char* symsBlFile; - char** symsBl; - size_t symsBlCnt; + char** symsBl; + size_t symsBlCnt; const char* symsWlFile; - char** symsWl; - size_t symsWlCnt; - uintptr_t cloneFlags; - tristate_t useNetNs; - bool kernelOnly; - bool useClone; + char** symsWl; + size_t symsWlCnt; + uintptr_t cloneFlags; + tristate_t useNetNs; + bool kernelOnly; + bool useClone; } arch_linux; /* For the NetBSD code */ struct { - void* ignoreAddr; + void* ignoreAddr; const char* symsBlFile; - char** symsBl; - size_t symsBlCnt; + char** symsBl; + size_t symsBlCnt; const char* symsWlFile; - char** symsWl; - size_t symsWlCnt; + char** symsWl; + size_t symsWlCnt; } arch_netbsd; } honggfuzz_t; typedef enum { - _HF_RS_UNKNOWN = 0, + _HF_RS_UNKNOWN = 0, _HF_RS_WAITING_FOR_INITIAL_READY = 1, - _HF_RS_WAITING_FOR_READY = 2, - _HF_RS_SEND_DATA = 3, + _HF_RS_WAITING_FOR_READY = 2, + _HF_RS_SEND_DATA = 3, } runState_t; typedef struct { honggfuzz_t* global; - pid_t pid; - int64_t timeStartedUSecs; - char crashFileName[PATH_MAX]; - uint64_t pc; - uint64_t backtrace; - uint64_t access; - int exception; - char report[_HF_REPORT_SIZE]; - bool mainWorker; - unsigned mutationsPerRun; - dynfile_t* dynfile; - bool staticFileTryMore; - uint32_t fuzzNo; - int persistentSock; - runState_t runState; - bool tmOutSignaled; - char* args[_HF_ARGS_MAX + 1]; - int perThreadCovFeedbackFd; - unsigned triesLeft; - dynfile_t* current; + pid_t pid; + int64_t timeStartedUSecs; + char crashFileName[PATH_MAX]; + uint64_t pc; + uint64_t backtrace; + uint64_t access; + int exception; + char report[_HF_REPORT_SIZE]; + bool mainWorker; + unsigned mutationsPerRun; + dynfile_t* dynfile; + bool staticFileTryMore; + uint32_t fuzzNo; + int persistentSock; + runState_t runState; + bool tmOutSignaled; + char* args[_HF_ARGS_MAX + 1]; + int perThreadCovFeedbackFd; + unsigned triesLeft; + dynfile_t* current; #if !defined(_HF_ARCH_DARWIN) timer_t timerId; -#endif // !defined(_HF_ARCH_DARWIN) +#endif // !defined(_HF_ARCH_DARWIN) hwcnt_t hwCnts; struct { /* For Linux code */ uint8_t* perfMmapBuf; uint8_t* perfMmapAux; - int cpuInstrFd; - int cpuBranchFd; - int cpuIptBtsFd; + int cpuInstrFd; + int cpuBranchFd; + int cpuIptBtsFd; } arch_linux; } run_t; diff --git a/input.c b/input.c index 6e7e6985..0c5b0181 100644 --- a/input.c +++ b/input.c @@ -65,7 +65,7 @@ bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz) { size_t fileCnt = 0U; for (;;) { - errno = 0; + errno = 0; struct dirent* entry = readdir(hfuzz->io.inputDirPtr); if (entry == NULL && errno == EINTR) { continue; @@ -132,7 +132,7 @@ bool input_getNext(run_t* run, char fname[PATH_MAX], bool rewind) { } for (;;) { - errno = 0; + errno = 0; struct dirent* entry = readdir(run->global->io.inputDirPtr); if (entry == NULL && errno == EINTR) { continue; @@ -207,8 +207,8 @@ bool input_parseDictionary(honggfuzz_t* hfuzz) { fclose(fDict); }; - char* lineptr = NULL; - size_t n = 0; + char* lineptr = NULL; + size_t n = 0; defer { free(lineptr); }; @@ -237,7 +237,7 @@ bool input_parseDictionary(honggfuzz_t* hfuzz) { } const char* start = strchr(lineptr, '"'); - char* end = strrchr(lineptr, '"'); + char* end = strrchr(lineptr, '"'); if (!start || !end) { LOG_W("Malformed dictionary line '%s', skipping", lineptr); continue; @@ -256,9 +256,9 @@ bool input_parseDictionary(honggfuzz_t* hfuzz) { LOG_D("Parsing dictionary word: '%s'", bufv); - len = util_decodeCString(bufv); + len = util_decodeCString(bufv); size_t dictEntry = ATOMIC_POST_INC(hfuzz->mutate.dictionaryCnt); - len = HF_MIN((size_t)len, sizeof(hfuzz->mutate.dictionary[dictEntry].val)); + len = HF_MIN((size_t)len, sizeof(hfuzz->mutate.dictionary[dictEntry].val)); memcpy(hfuzz->mutate.dictionary[dictEntry].val, bufv, len); hfuzz->mutate.dictionary[dictEntry].len = len; @@ -368,18 +368,18 @@ static bool input_cmpCov(dynfile_t* item1, dynfile_t* item2) { return false; } -#define TAILQ_FOREACH_HF(var, head, field) \ +#define TAILQ_FOREACH_HF(var, head, field) \ for ((var) = TAILQ_FIRST((head)); (var); (var) = TAILQ_NEXT((var), field)) void input_addDynamicInput(run_t* run) { ATOMIC_SET(run->global->timing.lastCovUpdate, time(NULL)); dynfile_t* dynfile = (dynfile_t*)util_Calloc(sizeof(dynfile_t)); - dynfile->size = run->dynfile->size; + dynfile->size = run->dynfile->size; memcpy(dynfile->cov, run->dynfile->cov, sizeof(dynfile->cov)); dynfile->timeExecUSecs = util_timeNowUSecs() - run->timeStartedUSecs; - dynfile->data = (uint8_t*)util_AllocCopy(run->dynfile->data, run->dynfile->size); - dynfile->src = run->dynfile->src; + dynfile->data = (uint8_t*)util_AllocCopy(run->dynfile->data, run->dynfile->size); + dynfile->src = run->dynfile->src; if (run->dynfile->src) { ATOMIC_POST_INC(run->dynfile->src->refs); } @@ -398,7 +398,7 @@ void input_addDynamicInput(run_t* run) { /* Sort it by coverage - put better coverage earlier in the list */ dynfile_t* iter = NULL; - TAILQ_FOREACH_HF(iter, &run->global->io.dynfileq, pointers) { + TAILQ_FOREACH_HF (iter, &run->global->io.dynfileq, pointers) { if (input_cmpCov(dynfile, iter)) { TAILQ_INSERT_BEFORE(iter, dynfile, pointers); break; @@ -435,7 +435,7 @@ bool input_inDynamicCorpus(run_t* run, const char* fname) { MX_SCOPED_RWLOCK_WRITE(&run->global->mutex.dynfileq); dynfile_t* iter = NULL; - TAILQ_FOREACH_HF(iter, &run->global->io.dynfileq, pointers) { + TAILQ_FOREACH_HF (iter, &run->global->io.dynfileq, pointers) { if (strncmp(iter->path, fname, PATH_MAX) == 0) { return true; } @@ -451,7 +451,7 @@ static inline int input_speedFactor(run_t* run, dynfile_t* dynfile) { avg_usecs_per_input /= run->global->threads.threadsMax; /* Cap both vals to 1us-1s */ - avg_usecs_per_input = HF_CAP(avg_usecs_per_input, 1U, 1000000U); + avg_usecs_per_input = HF_CAP(avg_usecs_per_input, 1U, 1000000U); uint64_t sample_usecs = HF_CAP(dynfile->timeExecUSecs, 1U, 1000000U); if (sample_usecs >= avg_usecs_per_input) { @@ -473,13 +473,13 @@ static inline int input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_fa /* Inputs with lower total coverage -> lower chance of being tested */ static const int scaleMap[200] = { [95 ... 199] = -15, - [90 ... 94] = -7, - [80 ... 89] = -3, - [60 ... 79] = -1, - [50 ... 59] = 0, - [30 ... 49] = 5, - [11 ... 29] = 10, - [0 ... 10] = 15, + [90 ... 94] = -7, + [80 ... 89] = -3, + [60 ... 79] = -1, + [50 ... 59] = 0, + [30 ... 49] = 5, + [11 ... 29] = 10, + [0 ... 10] = 15, }; uint64_t maxCov0 = ATOMIC_GET(run->global->feedback.maxCov[0]); @@ -493,12 +493,12 @@ static inline int input_skipFactor(run_t* run, dynfile_t* dynfile, int* speed_fa /* Older inputs -> lower chance of being tested */ static const int scaleMap[200] = { [100 ... 199] = -10, - [95 ... 99] = -5, - [91 ... 94] = -1, - [81 ... 90] = 0, - [71 ... 80] = 1, - [41 ... 70] = 2, - [0 ... 40] = 3, + [95 ... 99] = -5, + [91 ... 94] = -1, + [81 ... 90] = 0, + [71 ... 80] = 1, + [41 ... 70] = 2, + [0 ... 40] = 3, }; const unsigned percentile = (dynfile->idx * 100) / run->global->io.dynfileqCnt; @@ -538,7 +538,7 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { break; } - run->current = run->global->io.dynfileqCurrent; + run->current = run->global->io.dynfileqCurrent; run->global->io.dynfileqCurrent = TAILQ_NEXT(run->global->io.dynfileqCurrent, pointers); int skip_factor = input_skipFactor(run, run->current, &speed_factor); @@ -554,10 +554,10 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { input_setSize(run, run->current->size); memcpy(run->dynfile->cov, run->current->cov, sizeof(run->dynfile->cov)); - run->dynfile->idx = run->current->idx; + run->dynfile->idx = run->current->idx; run->dynfile->timeExecUSecs = run->current->timeExecUSecs; snprintf(run->dynfile->path, sizeof(run->dynfile->path), "%s", run->current->path); - run->dynfile->src = run->current; + run->dynfile->src = run->current; run->dynfile->refs = 0; memcpy(run->dynfile->data, run->current->data, run->current->size); @@ -583,7 +583,7 @@ size_t input_getRandomInputAsBuf(run_t* run, const uint8_t** buf) { run->global->io.dynfileq2Current = TAILQ_FIRST(&run->global->io.dynfileq); } - current = run->global->io.dynfileq2Current; + current = run->global->io.dynfileq2Current; run->global->io.dynfileq2Current = TAILQ_NEXT(run->global->io.dynfileq2Current, pointers); } @@ -608,7 +608,7 @@ static bool input_shouldReadNewFile(run_t* run) { size_t newsz = run->dynfile->size * 2; if (newsz >= run->global->mutate.maxInputSz) { /* That's the largest size for this specific file that will be ever used */ - newsz = run->global->mutate.maxInputSz; + newsz = run->global->mutate.maxInputSz; run->staticFileTryMore = false; } @@ -646,8 +646,8 @@ bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle) { input_setSize(run, fileSz); memset(run->dynfile->cov, '\0', sizeof(run->dynfile->cov)); - run->dynfile->idx = 0; - run->dynfile->src = NULL; + run->dynfile->idx = 0; + run->dynfile->src = NULL; run->dynfile->refs = 0; if (needs_mangle) { diff --git a/input.h b/input.h index 1ea116a2..34defac5 100644 --- a/input.h +++ b/input.h @@ -28,23 +28,23 @@ #include "honggfuzz.h" -extern void input_setSize(run_t* run, size_t sz); -extern bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz); -extern bool input_getNext(run_t* run, char fname[PATH_MAX], bool rewind); -extern bool input_init(honggfuzz_t* hfuzz); -extern bool input_parseDictionary(honggfuzz_t* hfuzz); -extern void input_freeDictionary(honggfuzz_t* hfuzz); -extern bool input_parseBlacklist(honggfuzz_t* hfuzz); -extern bool input_writeCovFile(const char* dir, dynfile_t* dynfile); -extern void input_addDynamicInput(run_t* run); -extern bool input_inDynamicCorpus(run_t* run, const char* fname); -extern void input_renumerateInputs(honggfuzz_t* hfuzz); -extern bool input_prepareDynamicInput(run_t* run, bool needs_mangle); +extern void input_setSize(run_t* run, size_t sz); +extern bool input_getDirStatsAndRewind(honggfuzz_t* hfuzz); +extern bool input_getNext(run_t* run, char fname[PATH_MAX], bool rewind); +extern bool input_init(honggfuzz_t* hfuzz); +extern bool input_parseDictionary(honggfuzz_t* hfuzz); +extern void input_freeDictionary(honggfuzz_t* hfuzz); +extern bool input_parseBlacklist(honggfuzz_t* hfuzz); +extern bool input_writeCovFile(const char* dir, dynfile_t* dynfile); +extern void input_addDynamicInput(run_t* run); +extern bool input_inDynamicCorpus(run_t* run, const char* fname); +extern void input_renumerateInputs(honggfuzz_t* hfuzz); +extern bool input_prepareDynamicInput(run_t* run, bool needs_mangle); extern size_t input_getRandomInputAsBuf(run_t* run, const uint8_t** buf); -extern bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle); -extern bool input_removeStaticFile(const char* dir, const char* name); -extern bool input_prepareExternalFile(run_t* run); -extern bool input_postProcessFile(run_t* run, const char* cmd); -extern bool input_prepareDynamicFileForMinimization(run_t* run); +extern bool input_prepareStaticFile(run_t* run, bool rewind, bool needs_mangle); +extern bool input_removeStaticFile(const char* dir, const char* name); +extern bool input_prepareExternalFile(run_t* run); +extern bool input_postProcessFile(run_t* run, const char* cmd); +extern bool input_prepareDynamicFileForMinimization(run_t* run); #endif /* ifndef _HF_INPUT_H_ */ diff --git a/libhfcommon/common.h b/libhfcommon/common.h index e702bdb8..67a6d378 100644 --- a/libhfcommon/common.h +++ b/libhfcommon/common.h @@ -29,7 +29,7 @@ /* Stringify */ #define HF__XSTR(x) #x -#define HF_XSTR(x) HF__XSTR(x) +#define HF_XSTR(x) HF__XSTR(x) #define HF_ATTR_UNUSED __attribute__((unused)) @@ -43,13 +43,13 @@ /* TEMP_FAILURE_RETRY, but for all OSes */ #ifndef TEMP_FAILURE_RETRY -#define TEMP_FAILURE_RETRY(exp) \ - ({ \ - __typeof(exp) _rc; \ - do { \ - _rc = (exp); \ - } while (_rc == -1 && errno == EINTR); \ - _rc; \ +#define TEMP_FAILURE_RETRY(exp) \ + ({ \ + __typeof(exp) _rc; \ + do { \ + _rc = (exp); \ + } while (_rc == -1 && errno == EINTR); \ + _rc; \ }) #endif /* ifndef TEMP_FAILURE_RETRY */ diff --git a/libhfcommon/files.c b/libhfcommon/files.c index 64d71cfa..c4233eb8 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -247,7 +247,7 @@ size_t files_parseSymbolFilter(const char* srcFile, char*** filterList) { return 0; } - char* lineptr = NULL; + char* lineptr = NULL; size_t symbolsRead = 0, n = 0; for (;;) { if (getline(&lineptr, &n, f) == -1) { @@ -365,7 +365,7 @@ int files_createSharedMem(size_t sz, const char* name, bool exportmap) { #if !defined(_HF_ARCH_DARWIN) && !defined(__ANDROID__) /* shm objects under MacOSX are 'a-typical' */ if (fd == -1) { - char tmpname[PATH_MAX]; + char tmpname[PATH_MAX]; struct timeval tv; gettimeofday(&tv, NULL); snprintf(tmpname, sizeof(tmpname), "/%s%lx%lx%d", name, (unsigned long)tv.tv_sec, @@ -404,8 +404,8 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore, bool return NULL; } - int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); - void* ret = mmap(NULL, sz, PROT_READ | PROT_WRITE, mflags, *fd, 0); + int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); + void* ret = mmap(NULL, sz, PROT_READ | PROT_WRITE, mflags, *fd, 0); if (ret == MAP_FAILED) { PLOG_W("mmap(sz=%zu, fd=%d)", sz, *fd); *fd = -1; @@ -432,7 +432,7 @@ void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore, bool sa_family_t files_sockFamily(int sock) { struct sockaddr addr; - socklen_t addrlen = sizeof(addr); + socklen_t addrlen = sizeof(addr); if (getsockname(sock, &addr, &addrlen) == -1) { PLOG_W("getsockname(sock=%d)", sock); @@ -471,7 +471,7 @@ const char* files_sockAddrToStr(const struct sockaddr* sa, const socklen_t len) } struct sockaddr_un* sun = (struct sockaddr_un*)sa; - int pathlen; + int pathlen; if (sun->sun_path[0] == '\0') { /* Abstract socket diff --git a/libhfcommon/files.h b/libhfcommon/files.h index 21435c64..b0cdebd4 100644 --- a/libhfcommon/files.h +++ b/libhfcommon/files.h @@ -34,26 +34,26 @@ extern ssize_t files_readFileToBufMax(const char* fname, uint8_t* buf, size_t fileMaxSz); extern bool files_writeBufToFile(const char* fname, const uint8_t* buf, size_t fileSz, int flags); extern bool files_writeStrToFile(const char* fname, const char* str, int flags); -extern int files_writeBufToTmpFile(const char* dir, const uint8_t* buf, size_t fileSz, int flags); +extern int files_writeBufToTmpFile(const char* dir, const uint8_t* buf, size_t fileSz, int flags); extern bool files_writeToFd(int fd, const uint8_t* buf, size_t fileSz); extern bool files_writeStrToFd(int fd, const char* str); extern ssize_t files_readFromFd(int fd, uint8_t* buf, size_t fileSz); extern ssize_t files_readFromFdSeek(int fd, uint8_t* buf, size_t fileSz, off_t pos); -extern bool files_writePatternToFd(int fd, off_t size, unsigned char p); +extern bool files_writePatternToFd(int fd, off_t size, unsigned char p); -extern bool files_sendToSocketNB(int fd, const uint8_t* buf, size_t fileSz); -extern bool files_sendToSocket(int fd, const uint8_t* buf, size_t fileSz); +extern bool files_sendToSocketNB(int fd, const uint8_t* buf, size_t fileSz); +extern bool files_sendToSocket(int fd, const uint8_t* buf, size_t fileSz); extern sa_family_t files_sockFamily(int sock); extern const char* files_sockAddrToStr(const struct sockaddr* sa, const socklen_t len); -extern bool files_exists(const char* fname); +extern bool files_exists(const char* fname); extern const char* files_basename(const char* path); -extern bool files_resetFile(int fd, size_t sz); +extern bool files_resetFile(int fd, size_t sz); extern uint8_t* files_mapFile(const char* fname, off_t* fileSz, int* fd, bool isWritable); -extern int files_getTmpMapFlags(int flag, bool nocore); -extern int files_createSharedMem(size_t sz, const char* name, bool exportmap); -extern void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore, bool export); +extern int files_getTmpMapFlags(int flag, bool nocore); +extern int files_createSharedMem(size_t sz, const char* name, bool exportmap); +extern void* files_mapSharedMem(size_t sz, int* fd, const char* name, bool nocore, bool export); extern size_t files_parseSymbolFilter(const char* inFIle, char*** filterList); diff --git a/libhfcommon/log.c b/libhfcommon/log.c index 7cdb1201..58da809c 100644 --- a/libhfcommon/log.c +++ b/libhfcommon/log.c @@ -48,10 +48,10 @@ #define __hf_pid() getpid() #endif -static int hf_log_fd = STDERR_FILENO; -static bool hf_log_fd_isatty = false; -enum llevel_t hf_log_level = INFO; -static pthread_mutex_t log_mutex = PTHREAD_MUTEX_INITIALIZER; +static int hf_log_fd = STDERR_FILENO; +static bool hf_log_fd_isatty = false; +enum llevel_t hf_log_level = INFO; +static pthread_mutex_t log_mutex = PTHREAD_MUTEX_INITIALIZER; __attribute__((constructor)) static void log_init(void) { hf_log_fd = fcntl(hf_log_fd, F_DUPFD_CLOEXEC, 0); @@ -83,7 +83,7 @@ void logInitLogFile(const char* logfile, int fd, enum llevel_t ll) { } void logLog(enum llevel_t ll, const char* fn, int ln, bool perr, const char* fmt, ...) { - int saved_errno = errno; + int saved_errno = errno; char strerr[512]; if (perr == true) { snprintf(strerr, sizeof(strerr), "%s", strerror(saved_errno)); @@ -91,8 +91,8 @@ void logLog(enum llevel_t ll, const char* fn, int ln, bool perr, const char* fmt struct ll_t { const char* descr; const char* prefix; - const bool print_funcline; - const bool print_time; + const bool print_funcline; + const bool print_time; }; static const struct ll_t logLevels[] = { {"F", "\033[7;35m", true, true}, @@ -104,7 +104,7 @@ void logLog(enum llevel_t ll, const char* fn, int ln, bool perr, const char* fmt {"HB", "\033[1m", false, false}, }; - time_t ltstamp = time(NULL); + time_t ltstamp = time(NULL); struct tm utctime; localtime_r(<stamp, &utctime); char timestr[32]; @@ -154,7 +154,7 @@ void logStop(int sig) { } void logRedirectLogFD(int fd) { - hf_log_fd = fd; + hf_log_fd = fd; hf_log_fd_isatty = isatty(hf_log_fd); } diff --git a/libhfcommon/log.h b/libhfcommon/log.h index fd73c830..9f9347c9 100644 --- a/libhfcommon/log.h +++ b/libhfcommon/log.h @@ -30,47 +30,47 @@ enum llevel_t { FATAL = 0, ERROR, WARNING, INFO, DEBUG, HELP, HELP_BOLD }; extern enum llevel_t hf_log_level; -#define LOG_HELP(...) logLog(HELP, __FUNCTION__, __LINE__, false, __VA_ARGS__); +#define LOG_HELP(...) logLog(HELP, __FUNCTION__, __LINE__, false, __VA_ARGS__); #define LOG_HELP_BOLD(...) logLog(HELP_BOLD, __FUNCTION__, __LINE__, false, __VA_ARGS__); -#define LOG_D(...) \ - if (hf_log_level >= DEBUG) { \ - logLog(DEBUG, __FUNCTION__, __LINE__, false, __VA_ARGS__); \ +#define LOG_D(...) \ + if (hf_log_level >= DEBUG) { \ + logLog(DEBUG, __FUNCTION__, __LINE__, false, __VA_ARGS__); \ } -#define LOG_I(...) \ - if (hf_log_level >= INFO) { \ - logLog(INFO, __FUNCTION__, __LINE__, false, __VA_ARGS__); \ +#define LOG_I(...) \ + if (hf_log_level >= INFO) { \ + logLog(INFO, __FUNCTION__, __LINE__, false, __VA_ARGS__); \ } -#define LOG_W(...) \ - if (hf_log_level >= WARNING) { \ - logLog(WARNING, __FUNCTION__, __LINE__, false, __VA_ARGS__); \ +#define LOG_W(...) \ + if (hf_log_level >= WARNING) { \ + logLog(WARNING, __FUNCTION__, __LINE__, false, __VA_ARGS__); \ } -#define LOG_E(...) \ - if (hf_log_level >= ERROR) { \ - logLog(ERROR, __FUNCTION__, __LINE__, false, __VA_ARGS__); \ +#define LOG_E(...) \ + if (hf_log_level >= ERROR) { \ + logLog(ERROR, __FUNCTION__, __LINE__, false, __VA_ARGS__); \ } -#define LOG_F(...) \ - logLog(FATAL, __FUNCTION__, __LINE__, false, __VA_ARGS__); \ +#define LOG_F(...) \ + logLog(FATAL, __FUNCTION__, __LINE__, false, __VA_ARGS__); \ exit(EXIT_FAILURE); -#define PLOG_D(...) \ - if (hf_log_level >= DEBUG) { \ - logLog(DEBUG, __FUNCTION__, __LINE__, true, __VA_ARGS__); \ +#define PLOG_D(...) \ + if (hf_log_level >= DEBUG) { \ + logLog(DEBUG, __FUNCTION__, __LINE__, true, __VA_ARGS__); \ } -#define PLOG_I(...) \ - if (hf_log_level >= INFO) { \ - logLog(INFO, __FUNCTION__, __LINE__, true, __VA_ARGS__); \ +#define PLOG_I(...) \ + if (hf_log_level >= INFO) { \ + logLog(INFO, __FUNCTION__, __LINE__, true, __VA_ARGS__); \ } -#define PLOG_W(...) \ - if (hf_log_level >= WARNING) { \ - logLog(WARNING, __FUNCTION__, __LINE__, true, __VA_ARGS__); \ +#define PLOG_W(...) \ + if (hf_log_level >= WARNING) { \ + logLog(WARNING, __FUNCTION__, __LINE__, true, __VA_ARGS__); \ } -#define PLOG_E(...) \ - if (hf_log_level >= ERROR) { \ - logLog(ERROR, __FUNCTION__, __LINE__, true, __VA_ARGS__); \ +#define PLOG_E(...) \ + if (hf_log_level >= ERROR) { \ + logLog(ERROR, __FUNCTION__, __LINE__, true, __VA_ARGS__); \ } -#define PLOG_F(...) \ - logLog(FATAL, __FUNCTION__, __LINE__, true, __VA_ARGS__); \ +#define PLOG_F(...) \ + logLog(FATAL, __FUNCTION__, __LINE__, true, __VA_ARGS__); \ exit(EXIT_FAILURE); extern void logInitLogFile(const char* logfile, int fd, enum llevel_t ll); diff --git a/libhfcommon/util.c b/libhfcommon/util.c index b9b29e59..542f4fbb 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -96,7 +96,7 @@ char* util_StrDup(const char* s) { } static __thread pthread_once_t rndThreadOnce = PTHREAD_ONCE_INIT; -static __thread uint64_t rndState[2]; +static __thread uint64_t rndState[2]; static void util_rndInitThread(void) { int fd = TEMP_FAILURE_RETRY(open("/dev/urandom", O_RDONLY | O_CLOEXEC)); @@ -117,8 +117,8 @@ static inline uint64_t util_RotL(const uint64_t x, int k) { } static inline uint64_t util_InternalRnd64(void) { - const uint64_t s0 = rndState[0]; - uint64_t s1 = rndState[1]; + const uint64_t s0 = rndState[0]; + uint64_t s1 = rndState[1]; const uint64_t result = s0 + s1; s1 ^= s0; rndState[0] = util_RotL(s0, 55) ^ s1 ^ (s1 << 14); @@ -257,7 +257,7 @@ void util_sleepForMSec(uint64_t msec) { return; } struct timespec ts = { - .tv_sec = msec / 1000U, + .tv_sec = msec / 1000U, .tv_nsec = (msec % 1000U) * 1000000U, }; TEMP_FAILURE_RETRY(nanosleep(&ts, &ts)); @@ -306,7 +306,7 @@ void util_mutexRWUnlock(pthread_rwlock_t* mutex, const char* func, int line) { } int64_t fastArray64Search(uint64_t* array, size_t arraySz, uint64_t key) { - size_t low = 0; + size_t low = 0; size_t high = arraySz - 1; size_t mid; @@ -369,7 +369,7 @@ size_t util_decodeCString(char* s) { case 'x': { if (s[i + 1] && s[i + 2]) { char hex[] = {s[i + 1], s[i + 2], 0}; - s[o] = strtoul(hex, NULL, 16); + s[o] = strtoul(hex, NULL, 16); i += 2; } else { s[o] = s[i]; @@ -673,7 +673,7 @@ uint64_t util_CRC64Rev(const uint8_t* buf, size_t len) { } static const struct { - const int signo; + const int signo; const char* const signame; } sigNames[] = { #if defined(SIGHUP) diff --git a/libhfcommon/util.h b/libhfcommon/util.h index 95478d67..43b034fb 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -55,15 +55,15 @@ */ #define __STRMERGE(a, b) a##b -#define _STRMERGE(a, b) __STRMERGE(a, b) +#define _STRMERGE(a, b) __STRMERGE(a, b) #ifdef __clang__ #if __has_extension(blocks) static void __attribute__((unused)) __clang_cleanup_func(void (^*dfunc)(void)) { (*dfunc)(); } -#define defer \ - void (^_STRMERGE(__defer_f_, __COUNTER__))(void) \ +#define defer \ + void (^_STRMERGE(__defer_f_, __COUNTER__))(void) \ __attribute__((cleanup(__clang_cleanup_func))) __attribute__((unused)) = ^ #else /* __has_extension(blocks) */ @@ -72,63 +72,63 @@ static void __attribute__((unused)) __clang_cleanup_func(void (^*dfunc)(void)) { #else /* !__clang__, e.g.: gcc */ #define __block -#define _DEFER(a, count) \ - auto void _STRMERGE(__defer_f_, count)(void* _defer_arg __attribute__((unused))); \ - int _STRMERGE(__defer_var_, count) __attribute__((cleanup(_STRMERGE(__defer_f_, count)))) \ - __attribute__((unused)); \ +#define _DEFER(a, count) \ + auto void _STRMERGE(__defer_f_, count)(void* _defer_arg __attribute__((unused))); \ + int _STRMERGE(__defer_var_, count) __attribute__((cleanup(_STRMERGE(__defer_f_, count)))) \ + __attribute__((unused)); \ void _STRMERGE(__defer_f_, count)(void* _defer_arg __attribute__((unused))) #define defer _DEFER(a, __COUNTER__) #endif /* ifdef __clang__ */ /* Block scoped mutexes */ -#define MX_SCOPED_LOCK(m) \ - MX_LOCK(m); \ - defer { \ - MX_UNLOCK(m); \ +#define MX_SCOPED_LOCK(m) \ + MX_LOCK(m); \ + defer { \ + MX_UNLOCK(m); \ } -#define MX_SCOPED_RWLOCK_READ(m) \ - MX_RWLOCK_READ(m); \ - defer { \ - MX_RWLOCK_UNLOCK(m); \ +#define MX_SCOPED_RWLOCK_READ(m) \ + MX_RWLOCK_READ(m); \ + defer { \ + MX_RWLOCK_UNLOCK(m); \ } -#define MX_SCOPED_RWLOCK_WRITE(m) \ - MX_RWLOCK_WRITE(m); \ - defer { \ - MX_RWLOCK_UNLOCK(m); \ +#define MX_SCOPED_RWLOCK_WRITE(m) \ + MX_RWLOCK_WRITE(m); \ + defer { \ + MX_RWLOCK_UNLOCK(m); \ } -#define HF_STR_LEN 8192 +#define HF_STR_LEN 8192 #define HF_STR_LEN_MINUS_1 8191 -#define MX_LOCK(m) util_mutexLock(m, __func__, __LINE__) -#define MX_UNLOCK(m) util_mutexUnlock(m, __func__, __LINE__) -#define MX_RWLOCK_READ(m) util_mutexRWLockRead(m, __func__, __LINE__) -#define MX_RWLOCK_WRITE(m) util_mutexRWLockWrite(m, __func__, __LINE__) +#define MX_LOCK(m) util_mutexLock(m, __func__, __LINE__) +#define MX_UNLOCK(m) util_mutexUnlock(m, __func__, __LINE__) +#define MX_RWLOCK_READ(m) util_mutexRWLockRead(m, __func__, __LINE__) +#define MX_RWLOCK_WRITE(m) util_mutexRWLockWrite(m, __func__, __LINE__) #define MX_RWLOCK_UNLOCK(m) util_mutexRWUnlock(m, __func__, __LINE__) /* Atomics */ -#define ATOMIC_GET(x) __atomic_load_n(&(x), __ATOMIC_RELAXED) -#define ATOMIC_SET(x, y) __atomic_store_n(&(x), y, __ATOMIC_RELAXED) -#define ATOMIC_CLEAR(x) __atomic_store_n(&(x), 0, __ATOMIC_RELAXED) +#define ATOMIC_GET(x) __atomic_load_n(&(x), __ATOMIC_RELAXED) +#define ATOMIC_SET(x, y) __atomic_store_n(&(x), y, __ATOMIC_RELAXED) +#define ATOMIC_CLEAR(x) __atomic_store_n(&(x), 0, __ATOMIC_RELAXED) #define ATOMIC_XCHG(x, y) __atomic_exchange_n(&(x), y, __ATOMIC_RELAXED) -#define ATOMIC_PRE_INC(x) __atomic_add_fetch(&(x), 1, __ATOMIC_RELAXED) +#define ATOMIC_PRE_INC(x) __atomic_add_fetch(&(x), 1, __ATOMIC_RELAXED) #define ATOMIC_POST_INC(x) __atomic_fetch_add(&(x), 1, __ATOMIC_RELAXED) -#define ATOMIC_PRE_DEC(x) __atomic_sub_fetch(&(x), 1, __ATOMIC_RELAXED) +#define ATOMIC_PRE_DEC(x) __atomic_sub_fetch(&(x), 1, __ATOMIC_RELAXED) #define ATOMIC_POST_DEC(x) __atomic_fetch_sub(&(x), 1, __ATOMIC_RELAXED) -#define ATOMIC_PRE_ADD(x, y) __atomic_add_fetch(&(x), y, __ATOMIC_RELAXED) +#define ATOMIC_PRE_ADD(x, y) __atomic_add_fetch(&(x), y, __ATOMIC_RELAXED) #define ATOMIC_POST_ADD(x, y) __atomic_fetch_add(&(x), y, __ATOMIC_RELAXED) -#define ATOMIC_PRE_SUB(x, y) __atomic_sub_fetch(&(x), y, __ATOMIC_RELAXED) +#define ATOMIC_PRE_SUB(x, y) __atomic_sub_fetch(&(x), y, __ATOMIC_RELAXED) #define ATOMIC_POST_SUB(x, y) __atomic_fetch_sub(&(x), y, __ATOMIC_RELAXED) -#define ATOMIC_PRE_AND(x, y) __atomic_and_fetch(&(x), y, __ATOMIC_RELAXED) +#define ATOMIC_PRE_AND(x, y) __atomic_and_fetch(&(x), y, __ATOMIC_RELAXED) #define ATOMIC_POST_AND(x, y) __atomic_fetch_and(&(x), y, __ATOMIC_RELAXED) -#define ATOMIC_PRE_OR(x, y) __atomic_or_fetch(&(x), y, __ATOMIC_RELAXED) +#define ATOMIC_PRE_OR(x, y) __atomic_or_fetch(&(x), y, __ATOMIC_RELAXED) #define ATOMIC_POST_OR(x, y) __atomic_fetch_or(&(x), y, __ATOMIC_RELAXED) __attribute__((always_inline)) static inline bool ATOMIC_BITMAP_SET(uint8_t* addr, size_t offset) { @@ -151,15 +151,15 @@ __attribute__((always_inline)) static inline bool ATOMIC_BITMAP_SET(uint8_t* add #endif /* defined(__x86_64__) || defined(__i386__) */ } -#define HF_MAX(x, y) ((x > y) ? x : y) -#define HF_MIN(x, y) ((x < y) ? x : y) +#define HF_MAX(x, y) ((x > y) ? x : y) +#define HF_MIN(x, y) ((x < y) ? x : y) #define HF_CAP(v, x, y) HF_MAX(x, HF_MIN(y, v)) -#define util_Log2(v) ((sizeof(unsigned int) * 8) - __builtin_clz((unsigned int)v) - 1) +#define util_Log2(v) ((sizeof(unsigned int) * 8) - __builtin_clz((unsigned int)v) - 1) typedef enum { LHFC_ADDR_NOTFOUND = 0, - LHFC_ADDR_RO = 1, - LHFC_ADDR_RW = 2, + LHFC_ADDR_RO = 1, + LHFC_ADDR_RW = 2, } lhfc_addr_t; extern void* util_Malloc(size_t sz); @@ -169,33 +169,33 @@ extern void* util_MMap(size_t sz); extern void* util_Realloc(void* ptr, size_t sz); extern uint64_t util_rndGet(uint64_t min, uint64_t max); -extern void util_rndBuf(uint8_t* buf, size_t sz); -extern void util_rndBufPrintable(uint8_t* buf, size_t sz); +extern void util_rndBuf(uint8_t* buf, size_t sz); +extern void util_rndBufPrintable(uint8_t* buf, size_t sz); extern uint64_t util_rnd64(void); -extern uint8_t util_rndPrintable(void); +extern uint8_t util_rndPrintable(void); extern char* util_StrDup(const char* s); -extern int util_ssnprintf(char* str, size_t size, const char* format, ...) +extern int util_ssnprintf(char* str, size_t size, const char* format, ...) __attribute__((format(printf, 3, 4))); -extern int util_vssnprintf(char* str, size_t size, const char* format, va_list ap); -extern bool util_strStartsWith(const char* str, const char* tofind); -extern bool util_isANumber(const char* s); -extern size_t util_decodeCString(char* s); -extern void util_getLocalTime(const char* fmt, char* buf, size_t len, time_t tm); +extern int util_vssnprintf(char* str, size_t size, const char* format, va_list ap); +extern bool util_strStartsWith(const char* str, const char* tofind); +extern bool util_isANumber(const char* s); +extern size_t util_decodeCString(char* s); +extern void util_getLocalTime(const char* fmt, char* buf, size_t len, time_t tm); extern const char* util_sigName(int signo); -extern void util_turnToPrintable(uint8_t* buf, size_t sz); +extern void util_turnToPrintable(uint8_t* buf, size_t sz); extern void util_closeStdio(bool close_stdin, bool close_stdout, bool close_stderr); extern lhfc_addr_t util_getProgAddr(const void* addr); -extern bool util_32bitValInBinary(uint32_t v); -extern bool util_64bitValInBinary(uint32_t v); +extern bool util_32bitValInBinary(uint32_t v); +extern bool util_64bitValInBinary(uint32_t v); extern uint64_t util_hash(const char* buf, size_t len); -extern int64_t fastArray64Search(uint64_t* array, size_t arraySz, uint64_t key); +extern int64_t fastArray64Search(uint64_t* array, size_t arraySz, uint64_t key); extern int64_t util_timeNowUSecs(void); -extern void util_sleepForMSec(uint64_t msec); +extern void util_sleepForMSec(uint64_t msec); extern uint64_t util_getUINT32(const uint8_t* buf); extern uint64_t util_getUINT64(const uint8_t* buf); diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 80f127c6..0549eeea 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -29,20 +29,20 @@ __attribute__((visibility("default"))) __attribute__((used)) const char *const LIBHFNETDRIVER_module_netdriver = _HF_NETDRIVER_SIG; -#define HFND_TCP_PORT_ENV "HFND_TCP_PORT" -#define HFND_SOCK_PATH_ENV "HFND_SOCK_PATH" +#define HFND_TCP_PORT_ENV "HFND_TCP_PORT" +#define HFND_SOCK_PATH_ENV "HFND_SOCK_PATH" #define HFND_SKIP_FUZZING_ENV "HFND_SKIP_FUZZING" static char *initial_server_argv[] = {"fuzzer", NULL}; static struct { - int argc_server; + int argc_server; char **argv_server; struct { struct sockaddr_storage addr; - socklen_t slen; - int type; /* as per man 2 socket */ - int protocol; /* as per man 2 socket */ + socklen_t slen; + int type; /* as per man 2 socket */ + int protocol; /* as per man 2 socket */ } dest_addr; } hfnd_globals = { .argc_server = 1, @@ -63,7 +63,7 @@ static void *netDriver_mainProgram(void *unused HF_ATTR_UNUSED) { } static void netDriver_startOriginalProgramInThread(void) { - pthread_t t; + pthread_t t; pthread_attr_t attr; pthread_attr_init(&attr); @@ -102,7 +102,7 @@ static void netDriver_initNsIfNeeded(void) { } char tmpdir[PATH_MAX] = {}; - int ret = HonggfuzzNetDriverTempdir(tmpdir, sizeof(tmpdir)); + int ret = HonggfuzzNetDriverTempdir(tmpdir, sizeof(tmpdir)); if (ret < 0) { LOG_F("HonggfuzzNetDriverTempdir failed"); } @@ -131,8 +131,8 @@ static void netDriver_bindToRndLoopback(int sock, sa_family_t sa_family) { return; } const struct sockaddr_in bsaddr = { - .sin_family = AF_INET, - .sin_port = htons(0), + .sin_family = AF_INET, + .sin_port = htons(0), .sin_addr.s_addr = htonl((((uint32_t)util_rnd64()) & 0x00FFFFFF) | 0x7F000000), }; if (bind(sock, (struct sockaddr *)&bsaddr, sizeof(bsaddr)) == -1) { @@ -216,7 +216,7 @@ __attribute__((weak)) int HonggfuzzNetDriverArgsForServer( for (int i = 0; i < argc; i++) { if (strcmp(argv[i], "--") == 0) { /* Replace '--' with argv[0] */ - argv[i] = argv[0]; + argv[i] = argv[0]; *server_argc = argc - i; *server_argv = &argv[i]; return i; @@ -250,7 +250,7 @@ __attribute__((weak)) socklen_t HonggfuzzNetDriverServerAddress( static uint16_t netDriver_getTCPPort(int argc, char **argv) { const char *port_str = getenv(HFND_TCP_PORT_ENV); if (port_str) { - errno = 0; + errno = 0; signed long portsl = strtol(port_str, NULL, 0); if (errno != 0) { PLOG_F("Couldn't convert '%s'='%s' to a number", HFND_TCP_PORT_ENV, port_str); @@ -276,7 +276,7 @@ static const char *netDriver_getSockPath(int argc HF_ATTR_UNUSED, char **argv HF } static __thread char path[PATH_MAX] = {}; - const char *sock_path = getenv(HFND_SOCK_PATH_ENV); + const char * sock_path = getenv(HFND_SOCK_PATH_ENV); /* If it starts with '/' it's an absolute path */ if (sock_path && sock_path[0] == '/') { snprintf(path, sizeof(path), "%s", sock_path); @@ -298,8 +298,8 @@ static bool netDriver_connAndAssign( if (fd >= 0) { close(fd); memcpy(&hfnd_globals.dest_addr.addr, addr, slen); - hfnd_globals.dest_addr.slen = slen; - hfnd_globals.dest_addr.type = type; + hfnd_globals.dest_addr.slen = slen; + hfnd_globals.dest_addr.type = type; hfnd_globals.dest_addr.protocol = protocol; return true; } @@ -307,10 +307,10 @@ static bool netDriver_connAndAssign( } static bool netDriver_checkIfServerReady(int argc, char **argv) { - struct sockaddr_storage addr = {.ss_family = AF_UNSPEC}; - int type = SOCK_STREAM; - int protocol = 0; - socklen_t slen = HonggfuzzNetDriverServerAddress(&addr, &type, &protocol); + struct sockaddr_storage addr = {.ss_family = AF_UNSPEC}; + int type = SOCK_STREAM; + int protocol = 0; + socklen_t slen = HonggfuzzNetDriverServerAddress(&addr, &type, &protocol); /* User provided specific destination address */ if (slen > 0) { if (netDriver_connAndAssign((struct sockaddr *)&addr, slen, type, protocol)) { @@ -326,7 +326,7 @@ static bool netDriver_checkIfServerReady(int argc, char **argv) { /* Try to connect to ${HFND_TMP_DIR}/${HFND_DEFAULT_SOCK_PATH} first via a PF_UNIX socket */ struct sockaddr_un sun = { .sun_family = PF_UNIX, - .sun_path = {}, + .sun_path = {}, }; snprintf(sun.sun_path, sizeof(sun.sun_path), "%s", netDriver_getSockPath(argc, argv)); if (netDriver_connAndAssign((const struct sockaddr *)&sun, sizeof(sun), SOCK_STREAM, 0)) { @@ -340,21 +340,21 @@ static bool netDriver_checkIfServerReady(int argc, char **argv) { return true; } #endif /* defined(SOCK_SEQPACKET) */ - /* Next, try TCP4 and TCP6 connections to the localhost */ - const uint16_t tcp_port = netDriver_getTCPPort(argc, argv); - const struct sockaddr_in addr4 = { - .sin_family = PF_INET, - .sin_port = htons(tcp_port), + /* Next, try TCP4 and TCP6 connections to the localhost */ + const uint16_t tcp_port = netDriver_getTCPPort(argc, argv); + const struct sockaddr_in addr4 = { + .sin_family = PF_INET, + .sin_port = htons(tcp_port), .sin_addr.s_addr = htonl(INADDR_LOOPBACK), }; if (netDriver_connAndAssign((const struct sockaddr *)&addr4, sizeof(addr4), SOCK_STREAM, 0)) { return true; } const struct sockaddr_in6 addr6 = { - .sin6_family = PF_INET6, - .sin6_port = htons(tcp_port), + .sin6_family = PF_INET6, + .sin6_port = htons(tcp_port), .sin6_flowinfo = 0, - .sin6_addr = in6addr_loopback, + .sin6_addr = in6addr_loopback, .sin6_scope_id = 0, }; if (netDriver_connAndAssign((const struct sockaddr *)&addr6, sizeof(addr6), SOCK_STREAM, 0)) { diff --git a/libhfnetdriver/netdriver.h b/libhfnetdriver/netdriver.h index bf8b5a5b..c666c6cd 100644 --- a/libhfnetdriver/netdriver.h +++ b/libhfnetdriver/netdriver.h @@ -11,9 +11,9 @@ extern "C" { #endif -#define HFND_TMP_DIR_OLD "/tmp/FUZZ" -#define HFND_TMP_DIR "/tmp/HFND_TMP_DIR" -#define HFND_DEFAULT_TCP_PORT 8080 +#define HFND_TMP_DIR_OLD "/tmp/FUZZ" +#define HFND_TMP_DIR "/tmp/HFND_TMP_DIR" +#define HFND_DEFAULT_TCP_PORT 8080 #define HFND_DEFAULT_SOCK_PATH "socket" /* diff --git a/libhfuzz/fetch.c b/libhfuzz/fetch.c index 42af737e..80275eeb 100644 --- a/libhfuzz/fetch.c +++ b/libhfuzz/fetch.c @@ -22,7 +22,7 @@ __attribute__((visibility("default"))) __attribute__((used)) const char* LIBHFUZZ_module_fetch = _HF_PERSISTENT_SIG; -static const uint8_t* inputFile = NULL; +static const uint8_t* inputFile = NULL; __attribute__((constructor)) static void init(void) { if (fcntl(_HF_INPUT_FD, F_GETFD) == -1 && errno == EBADF) { return; @@ -40,7 +40,7 @@ void HonggfuzzFetchData(const uint8_t** buf_ptr, size_t* len_ptr) { } uint64_t rcvLen; - ssize_t sz = files_readFromFd(_HF_PERSISTENT_FD, (uint8_t*)&rcvLen, sizeof(rcvLen)); + ssize_t sz = files_readFromFd(_HF_PERSISTENT_FD, (uint8_t*)&rcvLen, sizeof(rcvLen)); if (sz == -1) { PLOG_F("readFromFd(fd=%d, size=%zu) failed", _HF_PERSISTENT_FD, sizeof(rcvLen)); } diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 72afd4d3..89ba6ab2 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -46,8 +46,8 @@ __attribute__((used)) const char* const LIBHFUZZ_module_instrument = "LIBHFUZZ_m */ static feedback_t bbMapFb; -feedback_t* globalCovFeedback = &bbMapFb; -feedback_t* localCovFeedback = &bbMapFb; +feedback_t* globalCovFeedback = &bbMapFb; +feedback_t* localCovFeedback = &bbMapFb; cmpfeedback_t* globalCmpFeedback = NULL; uint32_t my_thread_no = 0; @@ -96,7 +96,7 @@ static void* initialzeTryMapHugeTLB(int fd, size_t sz) { * Try to map the local structure using HugeTLB. It'll be way fatser later to clean it with * { ftruncate(fd, 0); ftruncate(fd, size); } */ - mflags = files_getTmpMapFlags(MAP_SHARED | MAP_HUGE_2MB, /* nocore= */ true); + mflags = files_getTmpMapFlags(MAP_SHARED | MAP_HUGE_2MB, /* nocore= */ true); void* ret = mmap(NULL, sz, PROT_READ | PROT_WRITE, mflags, fd, 0); #if defined(__x86_64__) || defined(__i386__) if (ret == MAP_FAILED) { @@ -177,8 +177,8 @@ static bool initializeGlobalCovFeedback(void) { static void initializeInstrument(void) { if (fcntl(_HF_LOG_FD, F_GETFD) != -1) { - enum llevel_t ll = INFO; - const char* llstr = getenv(_HF_LOG_LEVEL_ENV); + enum llevel_t ll = INFO; + const char* llstr = getenv(_HF_LOG_LEVEL_ENV); if (llstr) { ll = atoi(llstr); } @@ -217,14 +217,14 @@ static void initializeInstrument(void) { static __thread pthread_once_t localInitOnce = PTHREAD_ONCE_INIT; -extern void hfuzzInstrumentInit(void); +extern void hfuzzInstrumentInit(void); __attribute__((constructor)) void hfuzzInstrumentInit(void) { pthread_once(&localInitOnce, initializeInstrument); } __attribute__((weak)) size_t instrumentReserveGuard(size_t cnt) { static size_t guardCnt = 1; - size_t base = guardCnt; + size_t base = guardCnt; guardCnt += cnt; if (guardCnt >= _HF_PC_GUARD_MAX) { LOG_F( @@ -326,9 +326,9 @@ HF_REQUIRE_SSE42_POPCNT void hfuzz_trace_pc(uintptr_t pc) { */ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp1_internal( uintptr_t pc, uint8_t Arg1, uint8_t Arg2) { - uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; - register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); - uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); + uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; + register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); + uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); @@ -338,9 +338,9 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp1_internal( HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp2_internal( uintptr_t pc, uint16_t Arg1, uint16_t Arg2) { - uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; - register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); - uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); + uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; + register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); + uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); @@ -350,9 +350,9 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp2_internal( HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp4_internal( uintptr_t pc, uint32_t Arg1, uint32_t Arg2) { - uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; - register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); - uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); + uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; + register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcount(Arg1 ^ Arg2)); + uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); @@ -362,9 +362,9 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp4_internal( HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp8_internal( uintptr_t pc, uint64_t Arg1, uint64_t Arg2) { - uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; - register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcountll(Arg1 ^ Arg2)); - uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); + uintptr_t pos = pc % _HF_PERF_BITMAP_SIZE_16M; + register uint8_t v = ((sizeof(Arg1) * 8) - __builtin_popcountll(Arg1 ^ Arg2)); + uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); @@ -503,9 +503,9 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmp( */ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t* Cases) { for (uint64_t i = 0; i < Cases[0]; i++) { - uintptr_t pos = ((uintptr_t)__builtin_return_address(0) + i) % _HF_PERF_BITMAP_SIZE_16M; - uint8_t v = (uint8_t)Cases[1] - __builtin_popcountll(Val ^ Cases[i + 2]); - uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); + uintptr_t pos = ((uintptr_t)__builtin_return_address(0) + i) % _HF_PERF_BITMAP_SIZE_16M; + uint8_t v = (uint8_t)Cases[1] - __builtin_popcountll(Val ^ Cases[i + 2]); + uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); @@ -529,9 +529,9 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_cmpd( * -fsanitize-coverage=trace-div */ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div8(uint64_t Val) { - uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; - uint8_t v = ((sizeof(Val) * 8) - __builtin_popcountll(Val)); - uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); + uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; + uint8_t v = ((sizeof(Val) * 8) - __builtin_popcountll(Val)); + uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); @@ -540,9 +540,9 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div8(uint64_t Val) { } HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div4(uint32_t Val) { - uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; - uint8_t v = ((sizeof(Val) * 8) - __builtin_popcount(Val)); - uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); + uintptr_t pos = (uintptr_t)__builtin_return_address(0) % _HF_PERF_BITMAP_SIZE_16M; + uint8_t v = ((sizeof(Val) * 8) - __builtin_popcount(Val)); + uint8_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); @@ -556,7 +556,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div4(uint32_t Val) { HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_indir(uintptr_t callee) { register size_t pos1 = (uintptr_t)__builtin_return_address(0) << 12; register size_t pos2 = callee & 0xFFF; - register size_t pos = (pos1 | pos2) & _HF_PERF_BITMAP_BITSZ_MASK; + register size_t pos = (pos1 | pos2) & _HF_PERF_BITMAP_BITSZ_MASK; register bool prev = ATOMIC_BITMAP_SET(globalCovFeedback->bbMapPc, pos); if (!prev) { @@ -573,7 +573,7 @@ __attribute__((weak)) HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_indir_call16( void* callee, void* callee_cache16[] HF_ATTR_UNUSED) { register size_t pos1 = (uintptr_t)__builtin_return_address(0) << 12; register size_t pos2 = (uintptr_t)callee & 0xFFF; - register size_t pos = (pos1 | pos2) & _HF_PERF_BITMAP_BITSZ_MASK; + register size_t pos = (pos1 | pos2) & _HF_PERF_BITMAP_BITSZ_MASK; register bool prev = ATOMIC_BITMAP_SET(globalCovFeedback->bbMapPc, pos); if (!prev) { @@ -585,7 +585,7 @@ __attribute__((weak)) HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_indir_call16( /* * -fsanitize-coverage=trace-pc-guard */ -static bool guards_initialized = false; +static bool guards_initialized = false; HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start, uint32_t* stop) { guards_initialized = true; @@ -606,7 +606,7 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start for (uint32_t* x = start; x < stop; x++) { uint32_t guardNo = instrumentReserveGuard(1); - *x = guardNo; + *x = guardNo; } wmb(); @@ -614,14 +614,14 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard_init(uint32_t* start /* Map number of visits to an edge into buckets */ static uint8_t const instrumentCntMap[256] = { - [0] = 0, - [1] = 1U << 0, - [2] = 1U << 1, - [3] = 1U << 2, - [4 ... 5] = 1U << 3, - [6 ... 10] = 1U << 4, - [11 ... 32] = 1U << 5, - [33 ... 64] = 1U << 6, + [0] = 0, + [1] = 1U << 0, + [2] = 1U << 1, + [3] = 1U << 2, + [4 ... 5] = 1U << 3, + [6 ... 10] = 1U << 4, + [11 ... 32] = 1U << 5, + [33 ... 64] = 1U << 6, [65 ... 255] = 1U << 7, }; @@ -692,26 +692,26 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard_ptr) /* Support up to 256 DSO modules with separate 8bit counters */ static struct { uint8_t* start; - size_t cnt; - size_t guard; + size_t cnt; + size_t guard; } hf8bitcounters[256] = {}; void instrument8BitCountersCount(void) { rmb(); uint64_t totalEdge = 0; - uint64_t totalCmp = 0; + uint64_t totalCmp = 0; for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters) && hf8bitcounters[i].start; i++) { for (size_t j = 0; j < hf8bitcounters[i].cnt; j++) { - const uint8_t v = hf8bitcounters[i].start[j]; + const uint8_t v = hf8bitcounters[i].start[j]; hf8bitcounters[i].start[j] = 0; if (!v) { continue; } const uint8_t newval = instrumentCntMap[v]; - const size_t guard = hf8bitcounters[i].guard + j; + const size_t guard = hf8bitcounters[i].guard + j; /* New hits */ if (ATOMIC_GET(globalCovFeedback->pcGuardMap[guard]) < newval) { @@ -749,7 +749,7 @@ void __sanitizer_cov_8bit_counters_init(char* start, char* end) { for (size_t i = 0; i < ARRAYSIZE(hf8bitcounters); i++) { if (hf8bitcounters[i].start == NULL) { hf8bitcounters[i].start = (uint8_t*)start; - hf8bitcounters[i].cnt = (uintptr_t)end - (uintptr_t)start; + hf8bitcounters[i].cnt = (uintptr_t)end - (uintptr_t)start; hf8bitcounters[i].guard = instrumentReserveGuard(hf8bitcounters[i].cnt); LOG_D("8-bit module initialization %p-%p (count:%zu) at guard %zu", start, end, hf8bitcounters[i].cnt, hf8bitcounters[i].guard); @@ -775,8 +775,8 @@ __attribute__((weak)) __thread uintptr_t __sancov_lowest_stack = 0; #endif /* !defined(__CYGWIN__) */ bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { - uintptr_t pos = addr % _HF_PERF_BITMAP_SIZE_16M; - uint32_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); + uintptr_t pos = addr % _HF_PERF_BITMAP_SIZE_16M; + uint32_t prev = ATOMIC_GET(globalCovFeedback->bbMapCmp[pos]); if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); diff --git a/libhfuzz/instrument.h b/libhfuzz/instrument.h index 5ba46725..374999d4 100644 --- a/libhfuzz/instrument.h +++ b/libhfuzz/instrument.h @@ -28,14 +28,14 @@ #include #include -extern void instrument8BitCountersCount(void); -extern void instrumentResetLocalCovFeedback(void); +extern void instrument8BitCountersCount(void); +extern void instrumentResetLocalCovFeedback(void); extern unsigned instrumentThreadNo(void); -extern bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v); -extern void instrumentClearNewCov(); -extern void instrumentAddConstMem(const void* m, size_t len, bool check_if_ro); -extern void instrumentAddConstStr(const char* s); -extern void instrumentAddConstStrN(const char* s, size_t n); -extern bool instrumentConstAvail(); +extern bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v); +extern void instrumentClearNewCov(); +extern void instrumentAddConstMem(const void* m, size_t len, bool check_if_ro); +extern void instrumentAddConstStr(const char* s); +extern void instrumentAddConstStrN(const char* s, size_t n); +extern bool instrumentConstAvail(); #endif /* ifdef _HF_LIBHFUZZ_INSTRUMENT_H_ */ diff --git a/libhfuzz/memorycmp.c b/libhfuzz/memorycmp.c index 658a4952..b17e4cac 100644 --- a/libhfuzz/memorycmp.c +++ b/libhfuzz/memorycmp.c @@ -198,7 +198,7 @@ static inline char* HF_strcpy(char* dest, const char* src, uintptr_t addr) { /* Define a weak function x, as well as __wrap_x pointing to x */ #define XVAL(x) x -#define HF_WEAK_WRAP(ret, func, ...) \ +#define HF_WEAK_WRAP(ret, func, ...) \ _Pragma(HF__XSTR(weak func = __wrap_##func)) XVAL(ret) XVAL(__wrap_##func)(__VA_ARGS__) /* Typical libc wrappers */ @@ -543,7 +543,7 @@ HF_WEAK_WRAP(bool, g_str_has_suffix, const char* str, const char* suffix) { if (!str || !suffix) { return false; } - size_t str_len = __builtin_strlen(str); + size_t str_len = __builtin_strlen(str); size_t suffix_len = __builtin_strlen(suffix); if (str_len < suffix_len) { return false; diff --git a/libhfuzz/performance.c b/libhfuzz/performance.c index 4dd64633..e983a517 100644 --- a/libhfuzz/performance.c +++ b/libhfuzz/performance.c @@ -12,12 +12,12 @@ #include "libhfcommon/util.h" #include "libhfuzz/instrument.h" -#define HF_USEC_PER_SEC 1000000 +#define HF_USEC_PER_SEC 1000000 #define HF_CHECK_INTERVAL_USECS (HF_USEC_PER_SEC * 20) /* Peform this check every 20 sec. */ -#define HF_RESET_RATIO 5 /* Reset ourselves, if currently n times slower than in the beginning */ +#define HF_RESET_RATIO 5 /* Reset ourselves, if currently n times slower than in the beginning */ -static uint64_t iterCnt = 0; -static time_t firstInputUSecs = 0; +static uint64_t iterCnt = 0; +static time_t firstInputUSecs = 0; static uint64_t initialUSecsPerExec = 0; @@ -32,8 +32,8 @@ static bool performanceInit(void) { uint64_t timeDiffUSecs = util_timeNowUSecs() - firstInputUSecs; if (iterCnt == 5000 || timeDiffUSecs > HF_CHECK_INTERVAL_USECS) { initialUSecsPerExec = timeDiffUSecs / iterCnt; - lastCheckUSecs = util_timeNowUSecs(); - lastCheckIters = iterCnt; + lastCheckUSecs = util_timeNowUSecs(); + lastCheckIters = iterCnt; LOG_I("Thread %u (pid=%d) initial speed set at %" PRIu64 " us/exec", instrumentThreadNo(), (int)getpid(), initialUSecsPerExec); diff --git a/libhfuzz/persistent.c b/libhfuzz/persistent.c index 334f876d..24e2a7a4 100644 --- a/libhfuzz/persistent.c +++ b/libhfuzz/persistent.c @@ -40,7 +40,7 @@ __attribute__((weak)) int LLVMFuzzerTestOneInput( return 0; } -static const uint8_t* inputFile = NULL; +static const uint8_t* inputFile = NULL; __attribute__((constructor)) static void initializePersistent(void) { if (fcntl(_HF_INPUT_FD, F_GETFD) == -1 && errno == EBADF) { return; @@ -59,7 +59,7 @@ void HF_ITER(const uint8_t** buf_ptr, size_t* len_ptr) { extern const char* const LIBHFUZZ_module_memorycmp; extern const char* const LIBHFUZZ_module_instrument; -static void HonggfuzzRunOneInput(const uint8_t* buf, size_t len) { +static void HonggfuzzRunOneInput(const uint8_t* buf, size_t len) { instrumentResetLocalCovFeedback(); int ret = LLVMFuzzerTestOneInput(buf, len); if (ret != 0) { @@ -71,7 +71,7 @@ static void HonggfuzzRunOneInput(const uint8_t* buf, size_t len) { static void HonggfuzzPersistentLoop(void) { for (;;) { - size_t len; + size_t len; const uint8_t* buf; /* Check whether the current benchmark is fast enough, or maybe we should restart it */ @@ -83,7 +83,7 @@ static void HonggfuzzPersistentLoop(void) { } static int HonggfuzzRunFromFile(int argc, char** argv) { - int in_fd = STDIN_FILENO; + int in_fd = STDIN_FILENO; const char* fname = "[STDIN]"; if (argc > 1) { fname = argv[argc - 1]; @@ -98,7 +98,7 @@ static int HonggfuzzRunFromFile(int argc, char** argv) { LOG_I("Usage for fuzzing: honggfuzz -P [flags] -- %s", argv[0]); uint8_t* buf = (uint8_t*)util_Calloc(_HF_INPUT_MAX_SIZE); - ssize_t len = files_readFromFd(in_fd, buf, _HF_INPUT_MAX_SIZE); + ssize_t len = files_readFromFd(in_fd, buf, _HF_INPUT_MAX_SIZE); if (len < 0) { LOG_E("Couldn't read data from stdin: %s", strerror(errno)); free(buf); diff --git a/linux/arch.c b/linux/arch.c index 605cdc82..c5b1b40d 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -178,7 +178,7 @@ void arch_prepareParentAfterFork(run_t* run) { if (run->global->exe.persistent) { const struct f_owner_ex fown = { .type = F_OWNER_TID, - .pid = syscall(__NR_gettid), + .pid = syscall(__NR_gettid), }; if (fcntl(run->persistentSock, F_SETOWN_EX, &fown)) { PLOG_F("fcntl(%d, F_SETOWN_EX)", run->persistentSock); @@ -209,7 +209,7 @@ void arch_prepareParent(run_t* run) { static bool arch_checkWait(run_t* run) { /* All queued wait events must be tested when SIGCHLD was delivered */ for (;;) { - int status; + int status; pid_t pid = TEMP_FAILURE_RETRY(waitpid(-1, &status, __WALL | __WNOTHREAD | WNOHANG)); if (pid == 0) { return false; @@ -250,7 +250,7 @@ void arch_reapChild(run_t* run) { subproc_checkTermination(run); const struct timespec ts = { - .tv_sec = 0ULL, + .tv_sec = 0ULL, .tv_nsec = (1000ULL * 1000ULL * 100ULL), }; /* Return with SIGIO, SIGCHLD */ @@ -293,7 +293,7 @@ bool arch_archInit(honggfuzz_t* hfuzz) { break; } const char* gversion = gnu_get_libc_version(); - int major, minor; + int major, minor; if (sscanf(gversion, "%d.%d", &major, &minor) != 2) { LOG_W("Unknown glibc version:'%s'. Using clone() instead of fork()", gversion); break; @@ -313,7 +313,7 @@ bool arch_archInit(honggfuzz_t* hfuzz) { if (hfuzz->feedback.dynFileMethod != _HF_DYNFILE_NONE) { unsigned long major = 0, minor = 0; - char* p = NULL; + char* p = NULL; /* * Check that Linux kernel is compatible @@ -342,7 +342,7 @@ bool arch_archInit(honggfuzz_t* hfuzz) { return false; } - p = uts.release; + p = uts.release; major = strtoul(p, &p, 10); if (*p++ != '.') { LOG_F("Unsupported kernel version (%s)", uts.release); @@ -386,7 +386,7 @@ bool arch_archInit(honggfuzz_t* hfuzz) { bool arch_archThreadInit(run_t* run) { run->arch_linux.perfMmapBuf = NULL; run->arch_linux.perfMmapAux = NULL; - run->arch_linux.cpuInstrFd = -1; + run->arch_linux.cpuInstrFd = -1; run->arch_linux.cpuBranchFd = -1; run->arch_linux.cpuIptBtsFd = -1; diff --git a/linux/bfd.c b/linux/bfd.c index abe24515..faf35261 100644 --- a/linux/bfd.c +++ b/linux/bfd.c @@ -50,7 +50,7 @@ #endif /* !defined(bfd_get_section_size) */ typedef struct { - bfd* bfdh; + bfd* bfdh; asymbol** syms; asymbol** dsyms; } bfd_t; @@ -132,7 +132,7 @@ void arch_bfdDemangle(funcs_t* funcs, size_t funcCnt) { static struct bfd_section* arch_getSectionForPc(bfd* bfdh, uint64_t pc) { for (struct bfd_section* section = bfdh->sections; section; section = section->next) { uintptr_t vma = (uintptr_t)bfd_get_section_vma(bfdh, section); - uintptr_t sz = (uintptr_t)bfd_get_section_size(section); + uintptr_t sz = (uintptr_t)bfd_get_section_size(section); if ((pc > vma) && (pc < (vma + sz))) { return section; } @@ -147,8 +147,8 @@ void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num) { bfd_init(); bfd_t bfdParams = { - .bfdh = NULL, - .syms = NULL, + .bfdh = NULL, + .syms = NULL, .dsyms = NULL, }; @@ -156,8 +156,8 @@ void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num) { return; } - const char* func; - const char* file; + const char* func; + const char* file; unsigned int line; for (unsigned int i = 0; i < num; i++) { snprintf(funcs[i].func, sizeof(funcs->func), "UNKNOWN"); @@ -220,7 +220,7 @@ void arch_bfdDisasm(pid_t pid, uint8_t* mem, size_t size, char* instr) { disassembler(bfd_get_arch(bfdh), bfd_little_endian(bfdh) ? FALSE : TRUE, 0, NULL); #else disassembler_ftype disassemble = disassembler(bfdh); -#endif // defined(_HD_BFD_GE_2_29) +#endif // defined(_HD_BFD_GE_2_29) if (disassemble == NULL) { LOG_W("disassembler() failed"); bfd_close(bfdh); @@ -229,12 +229,12 @@ void arch_bfdDisasm(pid_t pid, uint8_t* mem, size_t size, char* instr) { struct disassemble_info info; init_disassemble_info(&info, instr, arch_bfdFPrintF); - info.arch = bfd_get_arch(bfdh); - info.mach = bfd_get_mach(bfdh); - info.buffer = mem; + info.arch = bfd_get_arch(bfdh); + info.mach = bfd_get_mach(bfdh); + info.buffer = mem; info.buffer_length = size; - info.section = NULL; - info.endian = bfd_little_endian(bfdh) ? BFD_ENDIAN_LITTLE : BFD_ENDIAN_BIG; + info.section = NULL; + info.endian = bfd_little_endian(bfdh) ? BFD_ENDIAN_LITTLE : BFD_ENDIAN_BIG; disassemble_init_for_target(&info); strcpy(instr, ""); diff --git a/linux/bfd.h b/linux/bfd.h index a1a42678..2d9b19f2 100644 --- a/linux/bfd.h +++ b/linux/bfd.h @@ -33,7 +33,7 @@ #define _HF_INSTR_SZ 64 -#define PACKAGE 1 +#define PACKAGE 1 #define PACKAGE_VERSION 1 #if !defined(_HF_LINUX_NO_BFD) diff --git a/linux/perf.c b/linux/perf.c index b942ccb6..f8aa181b 100644 --- a/linux/perf.c +++ b/linux/perf.c @@ -49,7 +49,7 @@ #define _HF_PERF_MAP_SZ (1024 * 512) #define _HF_PERF_AUX_SZ (1024 * 1024) /* PERF_TYPE for Intel_PT/BTS -1 if none */ -static int32_t perfIntelPtPerfType = -1; +static int32_t perfIntelPtPerfType = -1; static int32_t perfIntelBtsPerfType = -1; #if defined(PERF_ATTR_SIZE_VER5) @@ -61,8 +61,8 @@ __attribute__((hot)) static inline void arch_perfBtsCount(run_t* run) { uint64_t misc; }; - uint64_t aux_head = ATOMIC_GET(pem->aux_head); - struct bts_branch* br = (struct bts_branch*)run->arch_linux.perfMmapAux; + uint64_t aux_head = ATOMIC_GET(pem->aux_head); + struct bts_branch* br = (struct bts_branch*)run->arch_linux.perfMmapAux; for (; br < ((struct bts_branch*)(run->arch_linux.perfMmapAux + aux_head)); br++) { /* * Kernel sometimes reports branches from the kernel (iret), we are not interested in that @@ -141,17 +141,17 @@ static bool arch_perfCreate(run_t* run, pid_t pid, dynFileMethod_t method, int* pe.enable_on_exec = 1; } pe.exclude_hv = 1; - pe.type = PERF_TYPE_HARDWARE; + pe.type = PERF_TYPE_HARDWARE; switch (method) { case _HF_DYNFILE_INSTR_COUNT: LOG_D("Using: PERF_COUNT_HW_INSTRUCTIONS for pid=%d", (int)pid); - pe.config = PERF_COUNT_HW_INSTRUCTIONS; + pe.config = PERF_COUNT_HW_INSTRUCTIONS; pe.inherit = 1; break; case _HF_DYNFILE_BRANCH_COUNT: LOG_D("Using: PERF_COUNT_HW_BRANCH_INSTRUCTIONS for pid=%d", (int)pid); - pe.config = PERF_COUNT_HW_BRANCH_INSTRUCTIONS; + pe.config = PERF_COUNT_HW_BRANCH_INSTRUCTIONS; pe.inherit = 1; break; case _HF_DYNFILE_BTS_EDGE: @@ -160,7 +160,7 @@ static bool arch_perfCreate(run_t* run, pid_t pid, dynFileMethod_t method, int* break; case _HF_DYNFILE_IPT_BLOCK: LOG_D("Using: (Intel PT) type=%" PRIu32 " for pid=%d", perfIntelPtPerfType, (int)pid); - pe.type = perfIntelPtPerfType; + pe.type = perfIntelPtPerfType; pe.config = RTIT_CTL_DISRETC; break; default: @@ -194,8 +194,8 @@ static bool arch_perfCreate(run_t* run, pid_t pid, dynFileMethod_t method, int* } struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)run->arch_linux.perfMmapBuf; - pem->aux_offset = pem->data_offset + pem->data_size; - pem->aux_size = _HF_PERF_AUX_SZ; + pem->aux_offset = pem->data_offset + pem->data_size; + pem->aux_size = _HF_PERF_AUX_SZ; if ((run->arch_linux.perfMmapAux = mmap( NULL, pem->aux_size, PROT_READ, MAP_SHARED, *perfFd, pem->aux_offset)) == MAP_FAILED) { munmap(run->arch_linux.perfMmapBuf, _HF_PERF_MAP_SZ + getpagesize()); @@ -371,19 +371,19 @@ void arch_perfAnalyze(run_t* run) { ioctl(run->arch_linux.cpuIptBtsFd, PERF_EVENT_IOC_RESET, 0); } - run->hwCnts.cpuInstrCnt = instrCount; + run->hwCnts.cpuInstrCnt = instrCount; run->hwCnts.cpuBranchCnt = branchCount; } bool arch_perfInit(honggfuzz_t* hfuzz HF_ATTR_UNUSED) { - static char const intel_pt_path[] = "/sys/bus/event_source/devices/intel_pt/type"; + static char const intel_pt_path[] = "/sys/bus/event_source/devices/intel_pt/type"; static char const intel_bts_path[] = "/sys/bus/event_source/devices/intel_bts/type"; if (files_exists(intel_pt_path)) { uint8_t buf[256]; ssize_t sz = files_readFileToBufMax(intel_pt_path, buf, sizeof(buf) - 1); if (sz > 0) { - buf[sz] = '\0'; + buf[sz] = '\0'; perfIntelPtPerfType = (int32_t)strtoul((char*)buf, NULL, 10); LOG_D("perfIntelPtPerfType = %" PRIu32, perfIntelPtPerfType); } @@ -393,7 +393,7 @@ bool arch_perfInit(honggfuzz_t* hfuzz HF_ATTR_UNUSED) { uint8_t buf[256]; ssize_t sz = files_readFileToBufMax(intel_bts_path, buf, sizeof(buf) - 1); if (sz > 0) { - buf[sz] = '\0'; + buf[sz] = '\0'; perfIntelBtsPerfType = (int32_t)strtoul((char*)buf, NULL, 10); LOG_D("perfIntelBtsPerfType = %" PRIu32, perfIntelBtsPerfType); } diff --git a/linux/pt.c b/linux/pt.c index 21aa25e0..67a84b22 100644 --- a/linux/pt.c +++ b/linux/pt.c @@ -36,9 +36,9 @@ #include struct pt_cpu ptCpu = { - .vendor = pcv_unknown, - .family = 0, - .model = 0, + .vendor = pcv_unknown, + .family = 0, + .model = 0, .stepping = 0, }; @@ -50,7 +50,7 @@ void perf_ptInit(void) { } for (;;) { char k[1024], t[1024], v[1024]; - int ret = fscanf(f, "%1023[^\t]%1023[\t]: %1023[^\n]\n", k, t, v); + int ret = fscanf(f, "%1023[^\t]%1023[\t]: %1023[^\n]\n", k, t, v); if (ret == EOF) { break; } @@ -87,7 +87,7 @@ inline static uint64_t sext(uint64_t val, uint8_t sign) { uint64_t signbit, mask; signbit = 1ull << (sign - 1); - mask = ~0ull << sign; + mask = ~0ull << sign; return val & signbit ? val | mask : val & ~mask; } @@ -141,8 +141,8 @@ void arch_ptAnalyze(run_t* run) { struct pt_config ptc; pt_config_init(&ptc); ptc.begin = &run->arch_linux.perfMmapAux[aux_tail]; - ptc.end = &run->arch_linux.perfMmapAux[aux_head]; - ptc.cpu = ptCpu; + ptc.end = &run->arch_linux.perfMmapAux[aux_head]; + ptc.cpu = ptCpu; int errcode = pt_cpu_errata(&ptc.errata, &ptc.cpu); if (errcode < 0) { diff --git a/linux/pt.h b/linux/pt.h index 55599f35..a15bc94c 100644 --- a/linux/pt.h +++ b/linux/pt.h @@ -33,38 +33,38 @@ extern void perf_ptInit(void); #define BIT(nr) (1UL << (nr)) #endif -#define RTIT_CTL_TRACEEN BIT(0) -#define RTIT_CTL_CYCLEACC BIT(1) -#define RTIT_CTL_OS BIT(2) -#define RTIT_CTL_USR BIT(3) -#define RTIT_CTL_PWR_EVT_EN BIT(4) -#define RTIT_CTL_FUP_ON_PTW BIT(5) -#define RTIT_CTL_CR3EN BIT(7) -#define RTIT_CTL_TOPA BIT(8) -#define RTIT_CTL_MTC_EN BIT(9) -#define RTIT_CTL_TSC_EN BIT(10) -#define RTIT_CTL_DISRETC BIT(11) -#define RTIT_CTL_PTW_EN BIT(12) -#define RTIT_CTL_BRANCH_EN BIT(13) -#define RTIT_CTL_MTC_RANGE_OFFSET 14 -#define RTIT_CTL_MTC_RANGE (0x0full << RTIT_CTL_MTC_RANGE_OFFSET) +#define RTIT_CTL_TRACEEN BIT(0) +#define RTIT_CTL_CYCLEACC BIT(1) +#define RTIT_CTL_OS BIT(2) +#define RTIT_CTL_USR BIT(3) +#define RTIT_CTL_PWR_EVT_EN BIT(4) +#define RTIT_CTL_FUP_ON_PTW BIT(5) +#define RTIT_CTL_CR3EN BIT(7) +#define RTIT_CTL_TOPA BIT(8) +#define RTIT_CTL_MTC_EN BIT(9) +#define RTIT_CTL_TSC_EN BIT(10) +#define RTIT_CTL_DISRETC BIT(11) +#define RTIT_CTL_PTW_EN BIT(12) +#define RTIT_CTL_BRANCH_EN BIT(13) +#define RTIT_CTL_MTC_RANGE_OFFSET 14 +#define RTIT_CTL_MTC_RANGE (0x0full << RTIT_CTL_MTC_RANGE_OFFSET) #define RTIT_CTL_CYC_THRESH_OFFSET 19 -#define RTIT_CTL_CYC_THRESH (0x0full << RTIT_CTL_CYC_THRESH_OFFSET) -#define RTIT_CTL_PSB_FREQ_OFFSET 24 -#define RTIT_CTL_PSB_FREQ (0x0full << RTIT_CTL_PSB_FREQ_OFFSET) -#define RTIT_CTL_ADDR0_OFFSET 32 -#define RTIT_CTL_ADDR0 (0x0full << RTIT_CTL_ADDR0_OFFSET) -#define RTIT_CTL_ADDR1_OFFSET 36 -#define RTIT_CTL_ADDR1 (0x0full << RTIT_CTL_ADDR1_OFFSET) -#define RTIT_CTL_ADDR2_OFFSET 40 -#define RTIT_CTL_ADDR2 (0x0full << RTIT_CTL_ADDR2_OFFSET) -#define RTIT_CTL_ADDR3_OFFSET 44 -#define RTIT_CTL_ADDR3 (0x0full << RTIT_CTL_ADDR3_OFFSET) -#define RTIT_STATUS_FILTEREN BIT(0) -#define RTIT_STATUS_CONTEXTEN BIT(1) -#define RTIT_STATUS_TRIGGEREN BIT(2) -#define RTIT_STATUS_BUFFOVF BIT(3) -#define RTIT_STATUS_ERROR BIT(4) -#define RTIT_STATUS_STOPPED BIT(5) +#define RTIT_CTL_CYC_THRESH (0x0full << RTIT_CTL_CYC_THRESH_OFFSET) +#define RTIT_CTL_PSB_FREQ_OFFSET 24 +#define RTIT_CTL_PSB_FREQ (0x0full << RTIT_CTL_PSB_FREQ_OFFSET) +#define RTIT_CTL_ADDR0_OFFSET 32 +#define RTIT_CTL_ADDR0 (0x0full << RTIT_CTL_ADDR0_OFFSET) +#define RTIT_CTL_ADDR1_OFFSET 36 +#define RTIT_CTL_ADDR1 (0x0full << RTIT_CTL_ADDR1_OFFSET) +#define RTIT_CTL_ADDR2_OFFSET 40 +#define RTIT_CTL_ADDR2 (0x0full << RTIT_CTL_ADDR2_OFFSET) +#define RTIT_CTL_ADDR3_OFFSET 44 +#define RTIT_CTL_ADDR3 (0x0full << RTIT_CTL_ADDR3_OFFSET) +#define RTIT_STATUS_FILTEREN BIT(0) +#define RTIT_STATUS_CONTEXTEN BIT(1) +#define RTIT_STATUS_TRIGGEREN BIT(2) +#define RTIT_STATUS_BUFFOVF BIT(3) +#define RTIT_STATUS_ERROR BIT(4) +#define RTIT_STATUS_STOPPED BIT(5) #endif /* _HF_LINUX_INTEL_PT_LIB */ diff --git a/linux/trace.c b/linux/trace.c index 91bb23fe..aab7e2d4 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -231,36 +231,36 @@ struct user_regs_struct { static struct { const char* descr; - bool important; + bool important; } arch_sigs[_NSIG + 1] = { [0 ...(_NSIG)].important = false, - [0 ...(_NSIG)].descr = "UNKNOWN", + [0 ...(_NSIG)].descr = "UNKNOWN", [SIGTRAP].important = false, - [SIGTRAP].descr = "SIGTRAP", + [SIGTRAP].descr = "SIGTRAP", [SIGILL].important = true, - [SIGILL].descr = "SIGILL", + [SIGILL].descr = "SIGILL", [SIGFPE].important = true, - [SIGFPE].descr = "SIGFPE", + [SIGFPE].descr = "SIGFPE", [SIGSEGV].important = true, - [SIGSEGV].descr = "SIGSEGV", + [SIGSEGV].descr = "SIGSEGV", [SIGBUS].important = true, - [SIGBUS].descr = "SIGBUS", + [SIGBUS].descr = "SIGBUS", [SIGABRT].important = true, - [SIGABRT].descr = "SIGABRT", + [SIGABRT].descr = "SIGABRT", /* Is affected from tmoutVTALRM flag */ [SIGVTALRM].important = false, - [SIGVTALRM].descr = "SIGVTALRM-TMOUT", + [SIGVTALRM].descr = "SIGVTALRM-TMOUT", /* seccomp-bpf kill */ [SIGSYS].important = true, - [SIGSYS].descr = "SIGSYS", + [SIGSYS].descr = "SIGSYS", }; #ifndef SI_FROMUSER @@ -273,11 +273,11 @@ static size_t arch_getProcMem(pid_t pid, uint8_t* buf, size_t len, uint64_t pc) */ const struct iovec local_iov = { .iov_base = buf, - .iov_len = len, + .iov_len = len, }; const struct iovec remote_iov = { .iov_base = (void*)(uintptr_t)pc, - .iov_len = len, + .iov_len = len, }; if (process_vm_readv(pid, &local_iov, 1, &remote_iov, 1, 0) == (ssize_t)len) { return len; @@ -289,12 +289,12 @@ static size_t arch_getProcMem(pid_t pid, uint8_t* buf, size_t len, uint64_t pc) * Ok, let's do it via ptrace() then. * len must be aligned to the sizeof(long) */ - int cnt = len / sizeof(long); + int cnt = len / sizeof(long); size_t memsz = 0; for (int x = 0; x < cnt; x++) { uint8_t* addr = (uint8_t*)(uintptr_t)pc + (int)(x * sizeof(long)); - long ret = ptrace(PTRACE_PEEKDATA, pid, addr, NULL); + long ret = ptrace(PTRACE_PEEKDATA, pid, addr, NULL); if (errno != 0) { PLOG_W("Couldn't PT_READ_D on pid %d, addr: %p", pid, addr); @@ -322,7 +322,7 @@ static size_t arch_getPC(pid_t pid, uint64_t* pc, uint64_t* status_reg HF_ATTR_U #endif const struct iovec pt_iov = { .iov_base = ®s, - .iov_len = sizeof(regs), + .iov_len = sizeof(regs), }; if (ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &pt_iov) == -1L) { @@ -345,8 +345,8 @@ static size_t arch_getPC(pid_t pid, uint64_t* pc, uint64_t* status_reg HF_ATTR_U */ if (pt_iov.iov_len == sizeof(struct user_regs_struct_32)) { struct user_regs_struct_32* r32 = (struct user_regs_struct_32*)®s; - *pc = r32->eip; - *status_reg = r32->eflags; + *pc = r32->eip; + *status_reg = r32->eflags; return pt_iov.iov_len; } @@ -355,8 +355,8 @@ static size_t arch_getPC(pid_t pid, uint64_t* pc, uint64_t* status_reg HF_ATTR_U */ if (pt_iov.iov_len == sizeof(struct user_regs_struct_64)) { struct user_regs_struct_64* r64 = (struct user_regs_struct_64*)®s; - *pc = r64->ip; - *status_reg = r64->flags; + *pc = r64->ip; + *status_reg = r64->flags; return pt_iov.iov_len; } LOG_W("Unknown registers structure size: '%zd'", pt_iov.iov_len); @@ -370,10 +370,10 @@ static size_t arch_getPC(pid_t pid, uint64_t* pc, uint64_t* status_reg HF_ATTR_U if (pt_iov.iov_len == sizeof(struct user_regs_struct_32)) { struct user_regs_struct_32* r32 = (struct user_regs_struct_32*)®s; #ifdef __ANDROID__ - *pc = r32->ARM_pc; + *pc = r32->ARM_pc; *status_reg = r32->ARM_cpsr; #else - *pc = r32->uregs[ARM_pc]; + *pc = r32->uregs[ARM_pc]; *status_reg = r32->uregs[ARM_cpsr]; #endif return pt_iov.iov_len; @@ -384,8 +384,8 @@ static size_t arch_getPC(pid_t pid, uint64_t* pc, uint64_t* status_reg HF_ATTR_U */ if (pt_iov.iov_len == sizeof(struct user_regs_struct_64)) { struct user_regs_struct_64* r64 = (struct user_regs_struct_64*)®s; - *pc = r64->pc; - *status_reg = r64->pstate; + *pc = r64->pc; + *status_reg = r64->pstate; return pt_iov.iov_len; } LOG_W("Unknown registers structure size: '%zd'", pt_iov.iov_len); @@ -398,7 +398,7 @@ static size_t arch_getPC(pid_t pid, uint64_t* pc, uint64_t* status_reg HF_ATTR_U */ if (pt_iov.iov_len == sizeof(struct user_regs_struct_32)) { struct user_regs_struct_32* r32 = (struct user_regs_struct_32*)®s; - *pc = r32->nip; + *pc = r32->nip; return pt_iov.iov_len; } @@ -407,7 +407,7 @@ static size_t arch_getPC(pid_t pid, uint64_t* pc, uint64_t* status_reg HF_ATTR_U */ if (pt_iov.iov_len == sizeof(struct user_regs_struct_64)) { struct user_regs_struct_64* r64 = (struct user_regs_struct_64*)®s; - *pc = r64->nip; + *pc = r64->nip; return pt_iov.iov_len; } @@ -431,7 +431,7 @@ static void arch_getInstrStr(pid_t pid, uint64_t pc, uint64_t status_reg HF_ATTR * which is sizeof(long) on 64bit CPU archs (on most of them, I hope;) */ uint8_t buf[MAX_INSTR_SZ]; - size_t memsz; + size_t memsz; snprintf(instr, _HF_INSTR_SZ, "%s", "[UNKNOWN]"); @@ -460,7 +460,7 @@ static void arch_getInstrStr(pid_t pid, uint64_t pc, uint64_t status_reg HF_ATTR LOG_E("Unknown/Unsupported Android CPU architecture"); #endif - csh handle; + csh handle; cs_err err = cs_open(arch, mode, &handle); if (err != CS_ERR_OK) { LOG_W("Capstone initialization failed: '%s'", cs_strerror(err)); @@ -468,7 +468,7 @@ static void arch_getInstrStr(pid_t pid, uint64_t pc, uint64_t status_reg HF_ATTR } cs_insn* insn; - size_t count = cs_disasm(handle, buf, sizeof(buf), pc, 0, &insn); + size_t count = cs_disasm(handle, buf, sizeof(buf), pc, 0, &insn); if (count < 1) { LOG_W("Couldn't disassemble the assembler instructions' stream: '%s'", @@ -497,17 +497,17 @@ static void arch_traceAnalyzeData(run_t* run, pid_t pid) { free(funcs); }; - uint64_t pc = 0; + uint64_t pc = 0; uint64_t status_reg = 0; - size_t pcRegSz = arch_getPC(pid, &pc, &status_reg); + size_t pcRegSz = arch_getPC(pid, &pc, &status_reg); if (!pcRegSz) { LOG_W("ptrace arch_getPC failed"); return; } - uint64_t crashAddr = 0; - char description[HF_STR_LEN] = {}; - size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, description); + uint64_t crashAddr = 0; + char description[HF_STR_LEN] = {}; + size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, description); if (funcCnt <= 0) { funcCnt = arch_unwindStack(pid, funcs); #if !defined(__ANDROID__) @@ -530,8 +530,8 @@ static void arch_traceAnalyzeData(run_t* run, pid_t pid) { } static void arch_traceSaveData(run_t* run, pid_t pid) { - char instr[_HF_INSTR_SZ] = "\x00"; - siginfo_t si = {}; + char instr[_HF_INSTR_SZ] = "\x00"; + siginfo_t si = {}; if (ptrace(PTRACE_GETSIGINFO, pid, 0, &si) == -1) { PLOG_W("Couldn't get siginfo for pid %d", pid); @@ -543,9 +543,9 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { crashAddr = 0UL; } - uint64_t pc = 0; + uint64_t pc = 0; uint64_t status_reg = 0; - size_t pcRegSz = arch_getPC(pid, &pc, &status_reg); + size_t pcRegSz = arch_getPC(pid, &pc, &status_reg); if (!pcRegSz) { LOG_W("ptrace arch_getPC failed"); return; @@ -559,7 +559,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { free(funcs); }; - char description[HF_STR_LEN] = {}; + char description[HF_STR_LEN] = {}; size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, description); if (funcCnt == 0) { funcCnt = arch_unwindStack(pid, funcs); @@ -671,7 +671,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* Those addresses will be random, so depend on stack-traces for uniqueness */ if (!run->global->arch_linux.disableRandomization) { - pc = 0UL; + pc = 0UL; crashAddr = 0UL; } /* crashAddr (si.si_addr) never makes sense for SIGABRT */ @@ -822,7 +822,7 @@ static bool arch_listThreads(int tasks[], size_t thrSz, int pid) { } size_t count = 0; - DIR* dir = opendir(path); + DIR* dir = opendir(path); if (!dir) { PLOG_E("Couldn't open dir '%s'", path); return false; @@ -832,7 +832,7 @@ static bool arch_listThreads(int tasks[], size_t thrSz, int pid) { }; for (;;) { - errno = 0; + errno = 0; const struct dirent* res = readdir(dir); if (res == NULL && errno != 0) { PLOG_E("Couldn't read contents of '%s'", path); @@ -866,7 +866,7 @@ static bool arch_listThreads(int tasks[], size_t thrSz, int pid) { bool arch_traceWaitForPidStop(pid_t pid) { for (;;) { - int status; + int status; pid_t ret = wait4(pid, &status, __WALL | WUNTRACED, NULL); if (ret == -1 && errno == EINTR) { continue; @@ -962,8 +962,8 @@ void arch_traceSignalsInit(honggfuzz_t* hfuzz) { LOG_I("Sanitizer support enabled. SIGSEGV/SIGBUS/SIGILL/SIGFPE will not be reported, and " "should be handled by *SAN code internally"); arch_sigs[SIGSEGV].important = false; - arch_sigs[SIGBUS].important = false; - arch_sigs[SIGILL].important = false; - arch_sigs[SIGFPE].important = false; + arch_sigs[SIGBUS].important = false; + arch_sigs[SIGILL].important = false; + arch_sigs[SIGFPE].important = false; } } diff --git a/linux/trace.h b/linux/trace.h index 35b2c987..c1413e98 100644 --- a/linux/trace.h +++ b/linux/trace.h @@ -28,7 +28,7 @@ #include "honggfuzz.h" -#define _HF_DYNFILE_SUB_MASK 0xFFFUL // Zero-set two MSB +#define _HF_DYNFILE_SUB_MASK 0xFFFUL // Zero-set two MSB extern bool arch_traceWaitForPidStop(pid_t pid); extern bool arch_traceEnable(run_t* run); diff --git a/linux/unwind.c b/linux/unwind.c index 2c8f7dc4..d106763a 100644 --- a/linux/unwind.c +++ b/linux/unwind.c @@ -56,16 +56,16 @@ static const char* UNW_ER[] = { typedef struct { unsigned long start; unsigned long end; - char perms[6]; + char perms[6]; unsigned long offset; - char dev[8]; + char dev[8]; unsigned long inode; - char name[PATH_MAX]; + char name[PATH_MAX]; } procMap_t; static procMap_t* arch_parsePidMaps(pid_t pid, size_t* mapsCount) { - FILE* f = NULL; - char fProcMaps[PATH_MAX] = {0}; + FILE* f = NULL; + char fProcMaps[PATH_MAX] = {0}; snprintf(fProcMaps, PATH_MAX, "/proc/%d/maps", pid); if ((f = fopen(fProcMaps, "rb")) == NULL) { @@ -76,7 +76,7 @@ static procMap_t* arch_parsePidMaps(pid_t pid, size_t* mapsCount) { fclose(f); }; - *mapsCount = 0; + *mapsCount = 0; procMap_t* mapsList = malloc(sizeof(procMap_t)); if (mapsList == NULL) { PLOG_W("malloc(size='%zu')", sizeof(procMap_t)); @@ -121,7 +121,7 @@ static char* arch_searchMaps(unsigned long addr, size_t mapsCnt, procMap_t* maps #ifndef __ANDROID__ size_t arch_unwindStack(pid_t pid, funcs_t* funcs) { - size_t num_frames = 0, mapsCnt = 0; + size_t num_frames = 0, mapsCnt = 0; procMap_t* mapsList = arch_parsePidMaps(pid, &mapsCnt); defer { free(mapsList); @@ -146,7 +146,7 @@ size_t arch_unwindStack(pid_t pid, funcs_t* funcs) { }; unw_cursor_t c; - int ret = unw_init_remote(&c, as, ui); + int ret = unw_init_remote(&c, as, ui); if (ret < 0) { LOG_E("[pid='%d'] unw_init_remote failed (%s)", pid, UNW_ER[-ret]); return num_frames; @@ -154,8 +154,8 @@ size_t arch_unwindStack(pid_t pid, funcs_t* funcs) { for (num_frames = 0; unw_step(&c) > 0 && num_frames < _HF_MAX_FUNCS; num_frames++) { unw_word_t ip; - char* module = NULL; - ret = unw_get_reg(&c, UNW_REG_IP, &ip); + char* module = NULL; + ret = unw_get_reg(&c, UNW_REG_IP, &ip); if (ret < 0) { LOG_E("[pid='%d'] [%zd] failed to read IP (%s)", pid, num_frames, UNW_ER[-ret]); funcs[num_frames].pc = 0; @@ -174,7 +174,7 @@ size_t arch_unwindStack(pid_t pid, funcs_t* funcs) { #else /* !defined(__ANDROID__) */ size_t arch_unwindStack(pid_t pid, funcs_t* funcs) { - size_t num_frames = 0, mapsCnt = 0; + size_t num_frames = 0, mapsCnt = 0; procMap_t* mapsList = arch_parsePidMaps(pid, &mapsCnt); defer { free(mapsList); @@ -199,16 +199,16 @@ size_t arch_unwindStack(pid_t pid, funcs_t* funcs) { }; unw_cursor_t cursor; - int ret = unw_init_remote(&cursor, as, ui); + int ret = unw_init_remote(&cursor, as, ui); if (ret < 0) { LOG_E("[pid='%d'] unw_init_remote failed (%s)", pid, UNW_ER[-ret]); return num_frames; } do { - char* module = NULL; + char* module = NULL; unw_word_t pc = 0, offset = 0; - char buf[_HF_FUNC_NAME_SZ] = {0}; + char buf[_HF_FUNC_NAME_SZ] = {0}; ret = unw_get_reg(&cursor, UNW_REG_IP, &pc); if (ret < 0) { @@ -237,7 +237,7 @@ size_t arch_unwindStack(pid_t pid, funcs_t* funcs) { // Compared to bfd, line var plays the role of offset from func_name // Reports format is adjusted accordingly to reflect in saved file funcs[num_frames].line = offset; - funcs[num_frames].pc = (void*)pc; + funcs[num_frames].pc = (void*)pc; memcpy(funcs[num_frames].func, buf, sizeof(funcs[num_frames].func)); if (mapsCnt > 0 && (module = arch_searchMaps(pc, mapsCnt, mapsList)) != NULL) { memcpy(funcs[num_frames].module, module, sizeof(funcs[num_frames].module)); diff --git a/linux/unwind.h b/linux/unwind.h index 4e6faed8..734e9341 100644 --- a/linux/unwind.h +++ b/linux/unwind.h @@ -27,7 +27,7 @@ #include "sanitizers.h" extern size_t arch_unwindStack(pid_t pid, funcs_t* funcs); -extern char* arch_btContainsSymbol( - size_t symbolsListSz, char** symbolsList, size_t num_frames, funcs_t* funcs); +extern char* arch_btContainsSymbol( + size_t symbolsListSz, char** symbolsList, size_t num_frames, funcs_t* funcs); #endif diff --git a/mac/arch.c b/mac/arch.c index 9dcae154..976c67cf 100644 --- a/mac/arch.c +++ b/mac/arch.c @@ -102,27 +102,27 @@ static char* g_fuzzer_crash_callstack[PID_MAX + 1]; char g_service_name[256]; struct { - bool important; + bool important; const char* descr; } arch_sigs[NSIG]; __attribute__((constructor)) void arch_initSigs(void) { for (int x = 0; x < NSIG; x++) arch_sigs[x].important = false; - arch_sigs[SIGILL].important = true; - arch_sigs[SIGILL].descr = "SIGILL"; - arch_sigs[SIGFPE].important = true; - arch_sigs[SIGFPE].descr = "SIGFPE"; + arch_sigs[SIGILL].important = true; + arch_sigs[SIGILL].descr = "SIGILL"; + arch_sigs[SIGFPE].important = true; + arch_sigs[SIGFPE].descr = "SIGFPE"; arch_sigs[SIGSEGV].important = true; - arch_sigs[SIGSEGV].descr = "SIGSEGV"; - arch_sigs[SIGBUS].important = true; - arch_sigs[SIGBUS].descr = "SIGBUS"; + arch_sigs[SIGSEGV].descr = "SIGSEGV"; + arch_sigs[SIGBUS].important = true; + arch_sigs[SIGBUS].descr = "SIGBUS"; arch_sigs[SIGABRT].important = true; - arch_sigs[SIGABRT].descr = "SIGABRT"; + arch_sigs[SIGABRT].descr = "SIGABRT"; /* Is affected from tmoutVTALRM flag */ arch_sigs[SIGVTALRM].important = false; - arch_sigs[SIGVTALRM].descr = "SIGVTALRM"; + arch_sigs[SIGVTALRM].descr = "SIGVTALRM"; } const char* exception_to_string(int exception) { @@ -220,9 +220,9 @@ static void arch_analyzeSignal(run_t* run, int status) { /* * Get data from exception handler */ - run->pc = g_fuzzer_crash_information[run->pid].pc; + run->pc = g_fuzzer_crash_information[run->pid].pc; run->exception = g_fuzzer_crash_information[run->pid].exception; - run->access = g_fuzzer_crash_information[run->pid].access; + run->access = g_fuzzer_crash_information[run->pid].access; run->backtrace = g_fuzzer_crash_information[run->pid].backtrace; defer { @@ -336,7 +336,7 @@ void arch_prepareParentAfterFork(run_t* run HF_ATTR_UNUSED) { static bool arch_checkWait(run_t* run) { /* All queued wait events must be tested when SIGCHLD was delivered */ for (;;) { - int status; + int status; pid_t pid = TEMP_FAILURE_RETRY(wait4(run->pid, &status, WNOHANG, NULL)); if (pid == 0) { return false; @@ -378,7 +378,7 @@ void arch_reapChild(run_t* run) { if (run->global->exe.persistent) { struct pollfd pfd = { - .fd = run->persistentSock, + .fd = run->persistentSock, .events = POLLIN, }; int r = poll(&pfd, 1, 250 /* 0.25s */); @@ -483,8 +483,8 @@ bool arch_archInit(honggfuzz_t* hfuzz) { static void write_crash_report(thread_port_t thread, task_port_t task, exception_type_t exception, mach_exception_data_t code, mach_msg_type_number_t code_count, int* flavor, thread_state_t in_state, mach_msg_type_number_t in_state_count) { - NSAutoreleasePool* pool = [[NSAutoreleasePool alloc] init]; - CrashReport* _crashReport = nil; + NSAutoreleasePool* pool = [[NSAutoreleasePool alloc] init]; + CrashReport* _crashReport = nil; _crashReport = [[CrashReport alloc] initWithTask:task exceptionType:exception @@ -496,7 +496,7 @@ static void write_crash_report(thread_port_t thread, task_port_t task, exception threadStateCount:in_state_count]; NSString* crashDescription = [_crashReport description]; - char* description = (char*)[crashDescription UTF8String]; + char* description = (char*)[crashDescription UTF8String]; LOG_D("CrashReport: %s", description); @@ -509,8 +509,8 @@ static void write_crash_report(thread_port_t thread, task_port_t task, exception static uint64_t hash_callstack(thread_port_t thread, task_port_t task, exception_type_t exception, mach_exception_data_t code, mach_msg_type_number_t code_count, int* flavor, thread_state_t in_state, mach_msg_type_number_t in_state_count) { - NSAutoreleasePool* pool = [[NSAutoreleasePool alloc] init]; - CrashReport* _crashReport = nil; + NSAutoreleasePool* pool = [[NSAutoreleasePool alloc] init]; + CrashReport* _crashReport = nil; _crashReport = [[CrashReport alloc] initWithTask:task exceptionType:exception @@ -522,7 +522,7 @@ static uint64_t hash_callstack(thread_port_t thread, task_port_t task, exception threadStateCount:in_state_count]; NSString* crashDescription = [_crashReport description]; - char* description = (char*)[crashDescription UTF8String]; + char* description = (char*)[crashDescription UTF8String]; /* * The callstack begins with the following word @@ -569,7 +569,7 @@ static uint64_t hash_callstack(thread_port_t thread, task_port_t task, exception LOG_W("Too large callstack (%zu bytes), truncating to %d bytes", callstack_size, MAX_CALLSTACK_SIZE); callstack_start[MAX_CALLSTACK_SIZE] = '\0'; - callstack_end = callstack_start + MAX_CALLSTACK_SIZE; + callstack_end = callstack_start + MAX_CALLSTACK_SIZE; } pid_t pid; @@ -590,7 +590,7 @@ static uint64_t hash_callstack(thread_port_t thread, task_port_t task, exception * it's NULL-terminated. */ *callstack_end = '\0'; - *buf = util_StrDup(callstack_start); + *buf = util_StrDup(callstack_start); /* * @@ -630,7 +630,7 @@ static uint64_t hash_callstack(thread_port_t thread, task_port_t task, exception */ uint64_t hash = 0; - char* pos = callstack_start; + char* pos = callstack_start; /* * Go through each line until we run out of lines @@ -724,7 +724,7 @@ kern_return_t catch_mach_exception_raise_state_identity( exception_data[1] = code[1]; mach_exception_data_type_t access_address = exception_data[1]; - run->access = (uint64_t)access_address; + run->access = (uint64_t)access_address; /* * Get a hash of the callstack diff --git a/mangle.c b/mangle.c index 3bd97e28..0e0660b9 100644 --- a/mangle.c +++ b/mangle.c @@ -61,7 +61,7 @@ static inline size_t mangle_getLen(size_t max) { const uint64_t max2 = (uint64_t)max * max; const uint64_t max3 = (uint64_t)max * max * max; - const uint64_t rnd = util_rndGet(1, max2 - 1); + const uint64_t rnd = util_rndGet(1, max2 - 1); uint64_t ret = rnd * rnd; ret /= max3; @@ -100,10 +100,10 @@ static inline void mangle_Move(run_t* run, size_t off_from, size_t off_to, size_ } size_t len_from = run->dynfile->size - off_from; - len = HF_MIN(len, len_from); + len = HF_MIN(len, len_from); size_t len_to = run->dynfile->size - off_to; - len = HF_MIN(len, len_to); + len = HF_MIN(len, len_to); memmove(&run->dynfile->data[off_to], &run->dynfile->data[off_from], len); } @@ -156,13 +156,13 @@ static inline void mangle_UseValue(run_t* run, const uint8_t* val, size_t len, b } static void mangle_MemSwap(run_t* run, bool printable HF_ATTR_UNUSED) { - size_t off1 = mangle_getOffSet(run); + size_t off1 = mangle_getOffSet(run); size_t maxlen1 = run->dynfile->size - off1; - size_t off2 = mangle_getOffSet(run); + size_t off2 = mangle_getOffSet(run); size_t maxlen2 = run->dynfile->size - off2; - size_t len = mangle_getLen(HF_MIN(maxlen1, maxlen2)); + size_t len = mangle_getLen(HF_MIN(maxlen1, maxlen2)); uint8_t* tmpbuf = (uint8_t*)util_Malloc(len); defer { free(tmpbuf); @@ -201,9 +201,9 @@ static void mangle_Bytes(run_t* run, bool printable) { } static void mangle_ByteRepeatOverwrite(run_t* run, bool printable) { - size_t off = mangle_getOffSet(run); + size_t off = mangle_getOffSet(run); size_t destOff = off + 1; - size_t maxSz = run->dynfile->size - destOff; + size_t maxSz = run->dynfile->size - destOff; /* No space to repeat */ if (!maxSz) { @@ -216,9 +216,9 @@ static void mangle_ByteRepeatOverwrite(run_t* run, bool printable) { } static void mangle_ByteRepeatInsert(run_t* run, bool printable) { - size_t off = mangle_getOffSet(run); + size_t off = mangle_getOffSet(run); size_t destOff = off + 1; - size_t maxSz = run->dynfile->size - destOff; + size_t maxSz = run->dynfile->size - destOff; /* No space to repeat */ if (!maxSz) { @@ -227,7 +227,7 @@ static void mangle_ByteRepeatInsert(run_t* run, bool printable) { } size_t len = mangle_getLen(maxSz); - len = mangle_Inflate(run, destOff, len, printable); + len = mangle_Inflate(run, destOff, len, printable); memset(&run->dynfile->data[destOff], run->dynfile->data[off], len); } @@ -241,7 +241,7 @@ static void mangle_Bit(run_t* run, bool printable) { static const struct { const uint8_t val[8]; - const size_t size; + const size_t size; } mangleMagicVals[] = { /* 1B - No endianness */ {"\x00\x00\x00\x00\x00\x00\x00\x00", 1}, @@ -496,7 +496,7 @@ static inline const uint8_t* mangle_FeedbackDict(run_t* run, size_t* len) { return NULL; } cmpfeedback_t* cmpf = run->global->feedback.cmpFeedbackMap; - uint32_t cnt = ATOMIC_GET(cmpf->cnt); + uint32_t cnt = ATOMIC_GET(cmpf->cnt); if (cnt == 0) { return NULL; } @@ -504,7 +504,7 @@ static inline const uint8_t* mangle_FeedbackDict(run_t* run, size_t* len) { cnt = ARRAYSIZE(cmpf->valArr); } uint32_t choice = util_rndGet(0, cnt - 1); - *len = (size_t)ATOMIC_GET(cmpf->valArr[choice].len); + *len = (size_t)ATOMIC_GET(cmpf->valArr[choice].len); if (*len == 0) { return NULL; } @@ -512,7 +512,7 @@ static inline const uint8_t* mangle_FeedbackDict(run_t* run, size_t* len) { } static void mangle_ConstFeedbackDict(run_t* run, bool printable) { - size_t len; + size_t len; const uint8_t* val = mangle_FeedbackDict(run, &len); if (val == NULL) { mangle_Bytes(run, printable); @@ -524,7 +524,7 @@ static void mangle_ConstFeedbackDict(run_t* run, bool printable) { static void mangle_MemSet(run_t* run, bool printable) { size_t off = mangle_getOffSet(run); size_t len = mangle_getLen(run->dynfile->size - off); - int val = printable ? (int)util_rndPrintable() : (int)util_rndGet(0, UINT8_MAX); + int val = printable ? (int)util_rndPrintable() : (int)util_rndGet(0, UINT8_MAX); memset(&run->dynfile->data[off], val, len); } @@ -684,7 +684,7 @@ static void mangle_Shrink(run_t* run, bool printable HF_ATTR_UNUSED) { } size_t off_start = mangle_getOffSet(run); - size_t len = mangle_LenLeft(run, off_start); + size_t len = mangle_LenLeft(run, off_start); if (len == 0) { return; } @@ -693,7 +693,7 @@ static void mangle_Shrink(run_t* run, bool printable HF_ATTR_UNUSED) { } else { len = mangle_getLen(len); } - size_t off_end = off_start + len; + size_t off_end = off_start + len; size_t len_to_move = run->dynfile->size - off_end; mangle_Move(run, off_end, off_start, len_to_move); @@ -722,8 +722,8 @@ static void mangle_ASCIINumChange(run_t* run, bool printable) { return; } - size_t len = HF_MIN(20, run->dynfile->size - off); - char numbuf[21] = {}; + size_t len = HF_MIN(20, run->dynfile->size - off); + char numbuf[21] = {}; strncpy(numbuf, (const char*)&run->dynfile->data[off], len); uint64_t val = (uint64_t)strtoull(numbuf, NULL, 10); @@ -756,14 +756,14 @@ static void mangle_ASCIINumChange(run_t* run, bool printable) { static void mangle_Splice(run_t* run, bool printable) { const uint8_t* buf; - size_t sz = input_getRandomInputAsBuf(run, &buf); + size_t sz = input_getRandomInputAsBuf(run, &buf); if (!sz) { mangle_Bytes(run, printable); return; } size_t remoteOff = mangle_getLen(sz) - 1; - size_t len = mangle_getLen(sz - remoteOff); + size_t len = mangle_getLen(sz - remoteOff); mangle_UseValue(run, &buf[remoteOff], len, printable); } diff --git a/netbsd/arch.c b/netbsd/arch.c index 60b15177..efd8988a 100644 --- a/netbsd/arch.c +++ b/netbsd/arch.c @@ -154,7 +154,7 @@ void arch_reapChild(run_t* run) { if (run->global->exe.persistent) { struct pollfd pfd = { - .fd = run->persistentSock, + .fd = run->persistentSock, .events = POLLIN, }; int r = poll(&pfd, 1, 250 /* 0.25s */); @@ -164,7 +164,7 @@ void arch_reapChild(run_t* run) { } else { /* Return with SIGIO, SIGCHLD */ const struct timespec ts = { - .tv_sec = 0ULL, + .tv_sec = 0ULL, .tv_nsec = (1000ULL * 1000ULL * 250ULL), }; int sig = sigtimedwait(&run->global->exe.waitSigSet, NULL, &ts /* 0.25s */); diff --git a/netbsd/trace.c b/netbsd/trace.c index ef434612..f6fc4451 100644 --- a/netbsd/trace.c +++ b/netbsd/trace.c @@ -82,36 +82,36 @@ static struct { const char* descr; - bool important; + bool important; } arch_sigs[_NSIG + 1] = { [0 ...(_NSIG)].important = false, - [0 ...(_NSIG)].descr = "UNKNOWN", + [0 ...(_NSIG)].descr = "UNKNOWN", [SIGTRAP].important = false, - [SIGTRAP].descr = "SIGTRAP", + [SIGTRAP].descr = "SIGTRAP", [SIGILL].important = true, - [SIGILL].descr = "SIGILL", + [SIGILL].descr = "SIGILL", [SIGFPE].important = true, - [SIGFPE].descr = "SIGFPE", + [SIGFPE].descr = "SIGFPE", [SIGSEGV].important = true, - [SIGSEGV].descr = "SIGSEGV", + [SIGSEGV].descr = "SIGSEGV", [SIGBUS].important = true, - [SIGBUS].descr = "SIGBUS", + [SIGBUS].descr = "SIGBUS", [SIGABRT].important = true, - [SIGABRT].descr = "SIGABRT", + [SIGABRT].descr = "SIGABRT", /* Is affected from tmoutVTALRM flag */ [SIGVTALRM].important = false, - [SIGVTALRM].descr = "SIGVTALRM-TMOUT", + [SIGVTALRM].descr = "SIGVTALRM-TMOUT", /* seccomp-bpf kill */ [SIGSYS].important = true, - [SIGSYS].descr = "SIGSYS", + [SIGSYS].descr = "SIGSYS", }; #ifndef SI_FROMUSER @@ -120,10 +120,10 @@ static struct { static size_t arch_getProcMem(pid_t pid, uint8_t* buf, size_t len, register_t pc) { struct ptrace_io_desc io; - size_t bytes_read; + size_t bytes_read; - bytes_read = 0; - io.piod_op = PIOD_READ_D; + bytes_read = 0; + io.piod_op = PIOD_READ_D; io.piod_len = len; do { @@ -137,7 +137,7 @@ static size_t arch_getProcMem(pid_t pid, uint8_t* buf, size_t len, register_t pc break; } - bytes_read = io.piod_len; + bytes_read = io.piod_len; io.piod_len = len - bytes_read; } while (bytes_read < len); @@ -169,8 +169,8 @@ static void arch_getInstrStr(pid_t pid, lwpid_t lwp, register_t* pc, char* instr * We need a value aligned to 8 * which is sizeof(long) on 64bit CPU archs (on most of them, I hope;) */ - uint8_t buf[MAX_INSTR_SZ]; - size_t memsz; + uint8_t buf[MAX_INSTR_SZ]; + size_t memsz; register_t status_reg = 0; snprintf(instr, _HF_INSTR_SZ, "%s", "[UNKNOWN]"); @@ -193,13 +193,13 @@ static void arch_getInstrStr(pid_t pid, lwpid_t lwp, register_t* pc, char* instr arch = CS_ARCH_X86; mode = CS_MODE_32; #elif defined(__x86_64__) - arch = CS_ARCH_X86; - mode = CS_MODE_64; + arch = CS_ARCH_X86; + mode = CS_MODE_64; #else #error Unsupported CPU architecture #endif - csh handle; + csh handle; cs_err err = cs_open(arch, mode, &handle); if (err != CS_ERR_OK) { LOG_W("Capstone initialization failed: '%s'", cs_strerror(err)); @@ -207,7 +207,7 @@ static void arch_getInstrStr(pid_t pid, lwpid_t lwp, register_t* pc, char* instr } cs_insn* insn; - size_t count = cs_disasm(handle, buf, sizeof(buf), *pc, 0, &insn); + size_t count = cs_disasm(handle, buf, sizeof(buf), *pc, 0, &insn); if (count < 1) { LOG_W("Couldn't disassemble the assembler instructions' stream: '%s'", @@ -232,7 +232,7 @@ static void arch_getInstrStr(pid_t pid, lwpid_t lwp, register_t* pc, char* instr static void arch_traceAnalyzeData(run_t* run, pid_t pid) { ptrace_siginfo_t info; - register_t pc = 0, status_reg = 0; + register_t pc = 0, status_reg = 0; if (ptrace(PT_GET_SIGINFO, pid, &info, sizeof(info)) == -1) { PLOG_W("Couldn't get siginfo for pid %d", pid); @@ -262,7 +262,7 @@ static void arch_traceAnalyzeData(run_t* run, pid_t pid) { if (pc) { /* Manually update major frame PC & frames counter */ funcs[0].pc = (void*)(uintptr_t)pc; - funcCnt = 1; + funcCnt = 1; } else { return; } @@ -279,7 +279,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* Local copy since flag is overridden for some crashes */ bool saveUnique = run->global->io.saveUnique; - char instr[_HF_INSTR_SZ] = "\x00"; + char instr[_HF_INSTR_SZ] = "\x00"; struct ptrace_siginfo info; memset(&info, 0, sizeof(info)); @@ -320,7 +320,7 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { if (pc) { /* Manually update major frame PC & frames counter */ funcs[0].pc = (void*)(uintptr_t)pc; - funcCnt = 1; + funcCnt = 1; } else { saveUnique = false; } @@ -404,8 +404,8 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { ATOMIC_POST_ADD(run->global->cfg.dynFileIterExpire, _HF_DYNFILE_SUB_MASK); void* sig_addr = info.psi_siginfo.si_addr; - pc = 0UL; - sig_addr = NULL; + pc = 0UL; + sig_addr = NULL; /* User-induced signals don't set si.si_addr */ if (SI_FROMUSER(&info.psi_siginfo)) { @@ -454,9 +454,9 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { } static void arch_traceEvent(run_t* run HF_ATTR_UNUSED, pid_t pid) { - ptrace_state_t state; + ptrace_state_t state; ptrace_siginfo_t info; - int sig = 0; + int sig = 0; if (ptrace(PT_GET_SIGINFO, pid, &info, sizeof(info)) == -1) { PLOG_E("ptrace(PT_GET_SIGINFO, pid=%d)", (int)pid); @@ -584,7 +584,7 @@ bool arch_traceWaitForPidStop(pid_t pid) { LOG_D("Waiting for pid=%d to stop", (int)pid); for (;;) { - int status; + int status; pid_t ret = wait4(pid, &status, __WALL | WUNTRACED | WTRAPPED, NULL); if (ret == -1 && errno == EINTR) { continue; diff --git a/netbsd/trace.h b/netbsd/trace.h index 04f63cc6..87d01e40 100644 --- a/netbsd/trace.h +++ b/netbsd/trace.h @@ -28,7 +28,7 @@ #include "honggfuzz.h" -#define _HF_DYNFILE_SUB_MASK 0xFFFUL // Zero-set two MSB +#define _HF_DYNFILE_SUB_MASK 0xFFFUL // Zero-set two MSB extern bool arch_traceWaitForPidStop(pid_t pid); extern bool arch_traceEnable(run_t* run); diff --git a/netbsd/unwind.h b/netbsd/unwind.h index e681f57e..285308f3 100644 --- a/netbsd/unwind.h +++ b/netbsd/unwind.h @@ -30,7 +30,7 @@ #include "sanitizers.h" /* String buffer size for function names in stack traces produced from libunwind */ -#define _HF_FUNC_NAME_SZ 256 // Should be alright for mangled C++ procs too +#define _HF_FUNC_NAME_SZ 256 // Should be alright for mangled C++ procs too extern char* arch_btContainsSymbol( size_t symbolsListSz, char** symbolsList, size_t num_frames, funcs_t* funcs); diff --git a/posix/arch.c b/posix/arch.c index 947dca9f..e342fe84 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -51,30 +51,30 @@ #include "subproc.h" struct { - bool important; + bool important; const char* descr; } arch_sigs[NSIG] = { [0 ...(NSIG - 1)].important = false, - [0 ...(NSIG - 1)].descr = "UNKNOWN", + [0 ...(NSIG - 1)].descr = "UNKNOWN", [SIGILL].important = true, - [SIGILL].descr = "SIGILL", + [SIGILL].descr = "SIGILL", [SIGFPE].important = true, - [SIGFPE].descr = "SIGFPE", + [SIGFPE].descr = "SIGFPE", [SIGSEGV].important = true, - [SIGSEGV].descr = "SIGSEGV", + [SIGSEGV].descr = "SIGSEGV", [SIGBUS].important = true, - [SIGBUS].descr = "SIGBUS", + [SIGBUS].descr = "SIGBUS", [SIGABRT].important = true, - [SIGABRT].descr = "SIGABRT", + [SIGABRT].descr = "SIGABRT", /* Is affected from tmout_vtalrm flag */ [SIGVTALRM].important = false, - [SIGVTALRM].descr = "SIGVTALRM-TMOUT", + [SIGVTALRM].descr = "SIGVTALRM-TMOUT", }; /* @@ -117,10 +117,10 @@ static void arch_analyzeSignal(run_t* run, pid_t pid, int status) { defer { free(funcs); }; - uint64_t pc = 0; - uint64_t crashAddr = 0; - char description[HF_STR_LEN] = {}; - size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, description); + uint64_t pc = 0; + uint64_t crashAddr = 0; + char description[HF_STR_LEN] = {}; + size_t funcCnt = sanitizers_parseReport(run, pid, funcs, &pc, &crashAddr, description); /* * Calculate backtrace callstack hash signature @@ -197,7 +197,7 @@ void arch_prepareParentAfterFork(run_t* fuzzer HF_ATTR_UNUSED) { static bool arch_checkWait(run_t* run) { /* All queued wait events must be tested when SIGCHLD was delivered */ for (;;) { - int status; + int status; pid_t pid = TEMP_FAILURE_RETRY(waitpid(run->pid, &status, WNOHANG)); if (pid == 0) { return false; @@ -239,7 +239,7 @@ void arch_reapChild(run_t* run) { if (run->global->exe.persistent) { struct pollfd pfd = { - .fd = run->persistentSock, + .fd = run->persistentSock, .events = POLLIN, }; int r = poll(&pfd, 1, 250 /* 0.25s */); diff --git a/sanitizers.c b/sanitizers.c index 433feb0b..6509eee6 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -19,18 +19,18 @@ /* * Common sanitizer flags if --sanitizers is enabled */ -#define kSAN_COMMON \ - "symbolize=1:" \ - "detect_leaks=0:" \ - "disable_coredump=0:" \ - "detect_odr_violation=0:" \ - "allocator_may_return_null=1:" \ - "allow_user_segv_handler=0:" \ - "handle_segv=2:" \ - "handle_sigbus=2:" \ - "handle_abort=2:" \ - "handle_sigill=2:" \ - "handle_sigfpe=2:" \ +#define kSAN_COMMON \ + "symbolize=1:" \ + "detect_leaks=0:" \ + "disable_coredump=0:" \ + "detect_odr_violation=0:" \ + "allocator_may_return_null=1:" \ + "allow_user_segv_handler=0:" \ + "handle_segv=2:" \ + "handle_sigbus=2:" \ + "handle_abort=2:" \ + "handle_sigill=2:" \ + "handle_sigfpe=2:" \ "abort_on_error=1" /* --{ ASan }-- */ @@ -50,18 +50,18 @@ #define kLSAN_OPTS kSAN_COMMON /* If no sanitzer support was requested, simply abort() on errors */ -#define kSAN_REGULAR \ - "symbolize=1:" \ - "detect_leaks=0:" \ - "disable_coredump=0:" \ - "detect_odr_violation=0:" \ - "allocator_may_return_null=1:" \ - "allow_user_segv_handler=1:" \ - "handle_segv=0:" \ - "handle_sigbus=0:" \ - "handle_abort=0:" \ - "handle_sigill=0:" \ - "handle_sigfpe=0:" \ +#define kSAN_REGULAR \ + "symbolize=1:" \ + "detect_leaks=0:" \ + "disable_coredump=0:" \ + "detect_odr_violation=0:" \ + "allocator_may_return_null=1:" \ + "allow_user_segv_handler=1:" \ + "handle_segv=0:" \ + "handle_sigbus=0:" \ + "handle_abort=0:" \ + "handle_sigill=0:" \ + "handle_sigfpe=0:" \ "abort_on_error=1" static void sanitizers_AddFlag(honggfuzz_t* hfuzz, const char* env, const char* val) { @@ -110,8 +110,8 @@ static pid_t sanitizers_PidForTid(pid_t pid) { defer { fclose(f); }; - char* lineptr = NULL; - size_t n = 0; + char* lineptr = NULL; + size_t n = 0; defer { free(lineptr); }; @@ -128,7 +128,7 @@ static pid_t sanitizers_PidForTid(pid_t pid) { size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* pc, uint64_t* crashAddr, char description[HF_STR_LEN]) { - char crashReport[PATH_MAX]; + char crashReport[PATH_MAX]; const char* crashReportCpy = crashReport; /* Under Linux the crash is seen in TID, but the sanitizer report is created for PID */ @@ -148,12 +148,12 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p } }; - bool headerFound = false; - bool frameFound = false; - unsigned int frameIdx = 0; + bool headerFound = false; + bool frameFound = false; + unsigned int frameIdx = 0; - char* lineptr = NULL; - size_t n = 0; + char* lineptr = NULL; + size_t n = 0; defer { free(lineptr); }; diff --git a/sanitizers.h b/sanitizers.h index 70b41222..8ca727d1 100644 --- a/sanitizers.h +++ b/sanitizers.h @@ -26,9 +26,9 @@ #define kLOGPREFIX "HF.sanitizer.log" /* String buffer size for function names in stack traces produced from libunwind */ -#define _HF_FUNC_NAME_SZ 256 // Should be alright for mangled C++ procs too -#define _HF_FUNC_NAME_SZ_MINUS_1 255 // For scanf() -#define _HF_MAX_FUNCS 80 +#define _HF_FUNC_NAME_SZ 256 // Should be alright for mangled C++ procs too +#define _HF_FUNC_NAME_SZ_MINUS_1 255 // For scanf() +#define _HF_MAX_FUNCS 80 /* Constant prefix used for single frame crashes stackhash masking */ #define _HF_SINGLE_FRAME_MASK 0xBADBAD0000000000 @@ -58,9 +58,9 @@ typedef struct { size_t line; } funcs_t; -extern bool sanitizers_Init(honggfuzz_t* hfuzz); -extern size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* pc, - uint64_t* crashAddr, char description[HF_STR_LEN]); +extern bool sanitizers_Init(honggfuzz_t* hfuzz); +extern size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* pc, + uint64_t* crashAddr, char description[HF_STR_LEN]); extern uint64_t sanitizers_hashCallstack( run_t* run, funcs_t* funcs, size_t funcCnt, bool enableMasking); diff --git a/socketfuzzer.c b/socketfuzzer.c index 58777424..a598b313 100644 --- a/socketfuzzer.c +++ b/socketfuzzer.c @@ -113,10 +113,10 @@ bool fuzz_notifySocketFuzzerCrash(run_t* run) { } bool setupSocketFuzzer(honggfuzz_t* run) { - int s, len; - socklen_t t; + int s, len; + socklen_t t; struct sockaddr_un local, remote; - char socketPath[512]; + char socketPath[512]; snprintf(socketPath, sizeof(socketPath), "/tmp/honggfuzz_socket.%i", getpid()); if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { diff --git a/socketfuzzer.h b/socketfuzzer.h index 173f24d1..498e7816 100644 --- a/socketfuzzer.h +++ b/socketfuzzer.h @@ -3,7 +3,7 @@ bool fuzz_waitForExternalInput(run_t* run); bool fuzz_prepareSocketFuzzer(run_t* run); -int fuzz_waitforSocketFuzzer(run_t* run); +int fuzz_waitforSocketFuzzer(run_t* run); bool fuzz_notifySocketFuzzerNewCov(honggfuzz_t* hfuzz); bool fuzz_notifySocketFuzzerCrash(run_t* run); diff --git a/socketfuzzer/vulnserver_cov.c b/socketfuzzer/vulnserver_cov.c index cd34efd3..a9d29cb1 100644 --- a/socketfuzzer/vulnserver_cov.c +++ b/socketfuzzer/vulnserver_cov.c @@ -47,8 +47,8 @@ void handleData5(char *data, int len) { void doprocessing(int sock, int serversock) { char data[1024]; - int n = 0; - int len = 0; + int n = 0; + int len = 0; while (1) { bzero(data, sizeof(data)); @@ -95,10 +95,10 @@ void doprocessing(int sock, int serversock) { } int main(int argc, char *argv[]) { - int sockfd, newsockfd, portno, clilen; - char buffer[256]; + int sockfd, newsockfd, portno, clilen; + char buffer[256]; struct sockaddr_in serv_addr, cli_addr; - int n, pid; + int n, pid; if (argc == 2) { portno = atoi(argv[1]); @@ -117,9 +117,9 @@ int main(int argc, char *argv[]) { perror("# vulnserver_cov: setsockopt(SO_REUSEPORT) failed"); bzero((char *)&serv_addr, sizeof(serv_addr)); - serv_addr.sin_family = AF_INET; + serv_addr.sin_family = AF_INET; serv_addr.sin_addr.s_addr = INADDR_ANY; - serv_addr.sin_port = htons(portno); + serv_addr.sin_port = htons(portno); printf("# vulnserver_cov: Listening on port: %i\n", portno); diff --git a/subproc.c b/subproc.c index 2ed75b48..d9939448 100644 --- a/subproc.c +++ b/subproc.c @@ -512,7 +512,7 @@ void subproc_checkTimeLimit(run_t* run) { return; } - int64_t curUSecs = util_timeNowUSecs(); + int64_t curUSecs = util_timeNowUSecs(); int64_t diffUSecs = curUSecs - run->timeStartedUSecs; if (run->tmOutSignaled && (diffUSecs > ((run->global->timing.tmOut + 1) * 1000000))) { -- cgit v1.2.3 From 8bf78b88afe5310f1e9b0a41c1c239588cdf1d98 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 29 Apr 2020 17:39:48 +0200 Subject: honggfuzz.h: initialize input mutex --- cmdline.c | 1 + 1 file changed, 1 insertion(+) diff --git a/cmdline.c b/cmdline.c index 44b9acc3..fdff153f 100644 --- a/cmdline.c +++ b/cmdline.c @@ -421,6 +421,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .dynfileq = PTHREAD_RWLOCK_INITIALIZER, .feedback = PTHREAD_MUTEX_INITIALIZER, .report = PTHREAD_MUTEX_INITIALIZER, + .input = PTHREAD_MUTEX_INITIALIZER, }, /* Linux code */ -- cgit v1.2.3 From bd9671849b18585534ffd063b751a398596b2fca Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 29 Apr 2020 17:42:29 +0200 Subject: honggfuzz.h: initialize timing mutex --- cmdline.c | 1 + 1 file changed, 1 insertion(+) diff --git a/cmdline.c b/cmdline.c index fdff153f..2ecc1af3 100644 --- a/cmdline.c +++ b/cmdline.c @@ -422,6 +422,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .feedback = PTHREAD_MUTEX_INITIALIZER, .report = PTHREAD_MUTEX_INITIALIZER, .input = PTHREAD_MUTEX_INITIALIZER, + .timing = PTHREAD_MUTEX_INITIALIZER, }, /* Linux code */ -- cgit v1.2.3 From 385cfe024dd9d348587d37a7d0104fe4f5fd1e05 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 29 Apr 2020 17:47:51 +0200 Subject: input: rearrange assignments, so they indent better --- input.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/input.c b/input.c index 0c5b0181..b4650d6b 100644 --- a/input.c +++ b/input.c @@ -374,12 +374,12 @@ static bool input_cmpCov(dynfile_t* item1, dynfile_t* item2) { void input_addDynamicInput(run_t* run) { ATOMIC_SET(run->global->timing.lastCovUpdate, time(NULL)); - dynfile_t* dynfile = (dynfile_t*)util_Calloc(sizeof(dynfile_t)); - dynfile->size = run->dynfile->size; - memcpy(dynfile->cov, run->dynfile->cov, sizeof(dynfile->cov)); + dynfile_t* dynfile = (dynfile_t*)util_Calloc(sizeof(dynfile_t)); + dynfile->size = run->dynfile->size; dynfile->timeExecUSecs = util_timeNowUSecs() - run->timeStartedUSecs; dynfile->data = (uint8_t*)util_AllocCopy(run->dynfile->data, run->dynfile->size); dynfile->src = run->dynfile->src; + memcpy(dynfile->cov, run->dynfile->cov, sizeof(dynfile->cov)); if (run->dynfile->src) { ATOMIC_POST_INC(run->dynfile->src->refs); } @@ -553,12 +553,12 @@ bool input_prepareDynamicInput(run_t* run, bool needs_mangle) { } input_setSize(run, run->current->size); - memcpy(run->dynfile->cov, run->current->cov, sizeof(run->dynfile->cov)); run->dynfile->idx = run->current->idx; run->dynfile->timeExecUSecs = run->current->timeExecUSecs; + run->dynfile->src = run->current; + run->dynfile->refs = 0; + memcpy(run->dynfile->cov, run->current->cov, sizeof(run->dynfile->cov)); snprintf(run->dynfile->path, sizeof(run->dynfile->path), "%s", run->current->path); - run->dynfile->src = run->current; - run->dynfile->refs = 0; memcpy(run->dynfile->data, run->current->data, run->current->size); if (needs_mangle) { -- cgit v1.2.3 From 2ffd570b31ca5578fed8ce50621f713ba35d45a2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 29 Apr 2020 18:22:49 +0200 Subject: Makefile: revert to c11 from c17, as not-so-old MacOS systems (via clang) don't know c17 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1907a865..0b39f991 100644 --- a/Makefile +++ b/Makefile @@ -26,7 +26,7 @@ LD = $(CC) BIN := honggfuzz HFUZZ_CC_BIN := hfuzz_cc/hfuzz-cc HFUZZ_CC_SRCS := hfuzz_cc/hfuzz-cc.c -COMMON_CFLAGS := -std=c17 -I/usr/local/include -D_GNU_SOURCE -Wall -Wextra -Werror -Wno-format-truncation -Wno-override-init -I. +COMMON_CFLAGS := -std=c11 -I/usr/local/include -D_GNU_SOURCE -Wall -Wextra -Werror -Wno-format-truncation -Wno-override-init -I. COMMON_LDFLAGS := -pthread -lm COMMON_SRCS := $(sort $(wildcard *.c)) CFLAGS ?= -O3 -mtune=native -funroll-loops -- cgit v1.2.3 From d026bd1fa96a21967433b3e78e500ca33379063f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 29 Apr 2020 18:24:34 +0200 Subject: examples/openssl: don't use -Wl,-z,now as it's not supported under macosx's ld --- examples/openssl/make.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/openssl/make.sh b/examples/openssl/make.sh index 53d4f8d8..42ab803a 100755 --- a/examples/openssl/make.sh +++ b/examples/openssl/make.sh @@ -13,7 +13,7 @@ CXX="$HFUZZ_SRC/hfuzz_cc/hfuzz-clang++" COMMON_FLAGS="-DBORINGSSL_UNSAFE_DETERMINISTIC_MODE -DBORINGSSL_UNSAFE_FUZZER_MODE -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DBN_DEBUG -DLIBRESSL_HAS_TLS1_3 \ -O3 -g -DFuzzerInitialize=LLVMFuzzerInitialize -DFuzzerTestOneInput=LLVMFuzzerTestOneInput \ -I./$DIR/include -I$HFUZZ_SRC/examples/openssl -I$HFUZZ_SRC" -COMMON_LDFLAGS="-lpthread -lz -Wl,-z,now" +COMMON_LDFLAGS="-lpthread -lz" if [ -z "$DIR" ]; then echo "$0" DIR SANITIZE -- cgit v1.2.3 From 2c21cc7d875ab23dbd0bd4adf1161d7f75ffc9b9 Mon Sep 17 00:00:00 2001 From: Kshithij Iyer Date: Thu, 30 Apr 2020 14:26:57 +0530 Subject: Add title and reformat titles in README.md --- README.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 2160f0eb..97e53406 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,15 @@ -# Description +# Honggfuzz + +## Description A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See the [Usage document](https://github.com/google/honggfuzz/blob/master/docs/USAGE.md) for a primer on Honggfuzz use. -# Code +## Code * Latest stable version: [2.2](https://github.com/google/honggfuzz/releases) * [Changelog](https://github.com/google/honggfuzz/blob/master/CHANGELOG) -# Features +## Features * It's __multi-process__ and __multi-threaded__: there's no need to run multiple copies of your fuzzer, as honggfuzz can unlock potential of all your available CPU cores with a single running instance. The file corpus is automatically shared and improved between all fuzzed processes. * It's blazingly fast when the [persistent fuzzing mode](https://github.com/google/honggfuzz/blob/master/docs/PersistentFuzzing.md)) is used. A simple/empty _LLVMFuzzerTestOneInput_ function can be tested with __up to 1mo iterations per second__ on a relatively modern CPU (e.g. i7-6700K). @@ -28,7 +30,7 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte --- -# Requirements +## Requirements * **Linux** - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev), clang-5.0 or higher for software-based coverage modes * **FreeBSD** - gmake, clang-5.0 or newer @@ -38,7 +40,7 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte * **Darwin/OS X** - Xcode 10.8+ * if **Clang/LLVM** is used to compile honggfuzz - link it with the BlocksRuntime Library (libblocksruntime-dev) -# Trophies +## Trophies Honggfuzz has been used to find a few interesting security problems in major software packages; An incomplete list: @@ -110,7 +112,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * crashes in rust-bitcoin/rust-lightning [#1](https://github.com/rust-bitcoin/rust-lightning/commit/a9aa3c37fe182dd266e0faebc788e0c9ee724783) * ... and more -# Projects utilizing or inspired-by Honggfuzz +## Projects utilizing or inspired-by Honggfuzz * [__QuickFuzz__ by CIFASIS](http://quickfuzz.org) * [__OSS-Fuzz__](https://github.com/google/oss-fuzz) @@ -163,7 +165,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) * [_and multiple Rust projecs_](https://github.com/search?q=%22extern+crate+honggfuzz%22&type=Code) -# Contact +## Contact * User mailing list: [honggfuzz@googlegroups.com](mailto:honggfuzz@googlegroups.com), sign up with [this link](https://groups.google.com/forum/#!forum/honggfuzz). -- cgit v1.2.3 From bb470267fb704e2c5ba5d835d20e64767066ff2b Mon Sep 17 00:00:00 2001 From: colinsenner Date: Fri, 1 May 2020 14:34:53 -0700 Subject: Fix verification for blacklist entries. --- input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/input.c b/input.c index b4650d6b..418823fc 100644 --- a/input.c +++ b/input.c @@ -303,7 +303,7 @@ bool input_parseBlacklist(honggfuzz_t* hfuzz) { hfuzz->feedback.blacklist[hfuzz->feedback.blacklistCnt]); /* Verify entries are sorted so we can use interpolation search */ - if (hfuzz->feedback.blacklistCnt > 1) { + if (hfuzz->feedback.blacklistCnt >= 1) { if (hfuzz->feedback.blacklist[hfuzz->feedback.blacklistCnt - 1] > hfuzz->feedback.blacklist[hfuzz->feedback.blacklistCnt]) { LOG_F("Blacklist file not sorted. Use 'tools/createStackBlacklist.sh' to sort " -- cgit v1.2.3 From 86535b929efc3da5f70c76ca61c8f4f86af9d384 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sat, 2 May 2020 10:48:36 +0200 Subject: libhfuzz/instrument: try to use THP for mappings --- libhfuzz/instrument.c | 25 +++++++------------------ 1 file changed, 7 insertions(+), 18 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 89ba6ab2..32ce946a 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -89,27 +89,16 @@ static void initializeLibcFunctions(void) { } static void* initialzeTryMapHugeTLB(int fd, size_t sz) { - int mflags = 0; + int mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); + void* ret = mmap(NULL, sz, PROT_READ | PROT_WRITE, mflags, fd, 0); -#if defined(_HF_ARCH_LINUX) - /* - * Try to map the local structure using HugeTLB. It'll be way fatser later to clean it with - * { ftruncate(fd, 0); ftruncate(fd, size); } - */ - mflags = files_getTmpMapFlags(MAP_SHARED | MAP_HUGE_2MB, /* nocore= */ true); - void* ret = mmap(NULL, sz, PROT_READ | PROT_WRITE, mflags, fd, 0); -#if defined(__x86_64__) || defined(__i386__) - if (ret == MAP_FAILED) { - PLOG_W("mmap(sz=%zu fd=%d flags=MAP_SHARED|MAP_HUGE_2MB) failed", sz, fd); - } -#endif /* defined(__x86_64__) || defined(__i386__) */ - if (ret != MAP_FAILED) { - return ret; +#if defined(MADV_HUGEPAGE) + if (madvise(ret, sz, MADV_HUGEPAGE) == -1) { + PLOG_W("madvise(addr=%p, sz=%zu, MADV_HUGEPAGE) failed", ret, sz); } -#endif /* defined(_HF_ARCH_LINUX) */ +#endif /* defined(MADV_HUGEPAGE) */ - mflags = files_getTmpMapFlags(MAP_SHARED, /* nocore= */ true); - return mmap(NULL, sz, PROT_READ | PROT_WRITE, mflags, fd, 0); + return ret; } static void initializeCmpFeedback(void) { -- cgit v1.2.3 From 6656692ecd35e8b5c4da903e41052699c3cbd57f Mon Sep 17 00:00:00 2001 From: Francis Alexander Date: Sun, 3 May 2020 17:01:32 +0530 Subject: .state Mutex not initialised led to crash in MacOS for honggfuzz 2.2 --- cmdline.c | 1 + 1 file changed, 1 insertion(+) diff --git a/cmdline.c b/cmdline.c index 2ecc1af3..0862d604 100644 --- a/cmdline.c +++ b/cmdline.c @@ -423,6 +423,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .report = PTHREAD_MUTEX_INITIALIZER, .input = PTHREAD_MUTEX_INITIALIZER, .timing = PTHREAD_MUTEX_INITIALIZER, + .state = PTHREAD_MUTEX_INITIALIZER, }, /* Linux code */ -- cgit v1.2.3 From e5f71f297c8c5b1f60b12d87af61da26d59ebccd Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Sun, 3 May 2020 14:04:44 +0200 Subject: make indent --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index 0862d604..dc1500fe 100644 --- a/cmdline.c +++ b/cmdline.c @@ -421,9 +421,9 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .dynfileq = PTHREAD_RWLOCK_INITIALIZER, .feedback = PTHREAD_MUTEX_INITIALIZER, .report = PTHREAD_MUTEX_INITIALIZER, + .state = PTHREAD_MUTEX_INITIALIZER, .input = PTHREAD_MUTEX_INITIALIZER, .timing = PTHREAD_MUTEX_INITIALIZER, - .state = PTHREAD_MUTEX_INITIALIZER, }, /* Linux code */ -- cgit v1.2.3 From 7c881b3c53d207f78bf6a978b4755dab545c5354 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 4 May 2020 13:42:23 +0200 Subject: netbsd: unused arg --- netbsd/arch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netbsd/arch.c b/netbsd/arch.c index efd8988a..9d4c99d1 100644 --- a/netbsd/arch.c +++ b/netbsd/arch.c @@ -195,6 +195,6 @@ bool arch_archInit(honggfuzz_t* hfuzz) { return true; } -bool arch_archThreadInit(run_t* run) { +bool arch_archThreadInit(run_t* run HF_ATTR_UNUSED) { return true; } -- cgit v1.2.3 From 2ca08438236ebcc6b654a566a2d24bf808665c03 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 5 May 2020 15:33:03 +0200 Subject: display: remove unnecessary macro, and add static function --- display.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/display.c b/display.c index b0a7535f..f711a9c5 100644 --- a/display.c +++ b/display.c @@ -21,8 +21,6 @@ * */ -#define _WITH_DPRINTF - #include "display.h" #include @@ -315,7 +313,7 @@ void display_display(honggfuzz_t* hfuzz) { display_stop(); } -void display_fini(void) { +static void display_fini(void) { display_imm(ESC_SCROLL_RESET ESC_NAV_DOWN(500)); } -- cgit v1.2.3 From d4d2618ca6124309f690c52b193d855a8de6b3ed Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 5 May 2020 16:55:52 +0200 Subject: iwyu: use iwyu to fix includes across the code --- Makefile | 19 ++++++++----------- cmdline.c | 5 ++++- cmdline.h | 3 +-- display.c | 4 +++- fuzz.c | 11 ++--------- fuzz.h | 6 ++---- honggfuzz.c | 2 -- honggfuzz.h | 1 + input.c | 5 ++--- input.h | 3 +++ libhfuzz/fetch.c | 4 ---- libhfuzz/fetch.h | 3 +-- libhfuzz/instrument.c | 4 ++-- libhfuzz/instrument.h | 2 +- mangle.c | 7 +++---- report.c | 6 +++--- report.h | 3 +++ sanitizers.c | 8 +++----- sanitizers.h | 4 ++++ 19 files changed, 46 insertions(+), 54 deletions(-) diff --git a/Makefile b/Makefile index 0b39f991..cdcd4d92 100644 --- a/Makefile +++ b/Makefile @@ -374,17 +374,16 @@ install: all # DO NOT DELETE -cmdline.o: cmdline.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h -cmdline.o: display.h libhfcommon/files.h libhfcommon/common.h +cmdline.o: cmdline.h honggfuzz.h libhfcommon/util.h display.h +cmdline.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h cmdline.o: libhfcommon/log.h display.o: display.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h display.o: libhfcommon/log.h fuzz.o: fuzz.h honggfuzz.h libhfcommon/util.h arch.h input.h fuzz.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h -fuzz.o: libhfcommon/log.h mangle.h report.h sanitizers.h socketfuzzer.h -fuzz.o: subproc.h -honggfuzz.o: cmdline.h honggfuzz.h libhfcommon/util.h libhfcommon/common.h -honggfuzz.o: display.h fuzz.h input.h libhfcommon/files.h +fuzz.o: libhfcommon/log.h report.h sanitizers.h socketfuzzer.h subproc.h +honggfuzz.o: cmdline.h honggfuzz.h libhfcommon/util.h display.h fuzz.h +honggfuzz.o: input.h libhfcommon/common.h libhfcommon/files.h honggfuzz.o: libhfcommon/common.h libhfcommon/log.h socketfuzzer.h subproc.h input.o: input.h honggfuzz.h libhfcommon/util.h fuzz.h libhfcommon/common.h input.o: libhfcommon/files.h libhfcommon/common.h libhfcommon/log.h mangle.h @@ -392,10 +391,9 @@ input.o: subproc.h mangle.o: mangle.h honggfuzz.h libhfcommon/util.h input.h mangle.o: libhfcommon/common.h libhfcommon/log.h report.o: report.h honggfuzz.h libhfcommon/util.h sanitizers.h -report.o: libhfcommon/common.h libhfcommon/log.h +report.o: libhfcommon/log.h sanitizers.o: sanitizers.h honggfuzz.h libhfcommon/util.h cmdline.h -sanitizers.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h -sanitizers.o: libhfcommon/log.h +sanitizers.o: libhfcommon/common.h libhfcommon/log.h socketfuzzer.o: socketfuzzer.h honggfuzz.h libhfcommon/util.h socketfuzzer.o: libhfcommon/common.h libhfcommon/files.h libhfcommon/common.h socketfuzzer.o: libhfcommon/log.h libhfcommon/ns.h @@ -419,8 +417,7 @@ libhfnetdriver/netdriver.o: libhfcommon/util.h libhfcommon/common.h libhfnetdriver/netdriver.o: libhfcommon/files.h libhfcommon/common.h libhfnetdriver/netdriver.o: libhfcommon/log.h libhfcommon/ns.h libhfuzz/fetch.o: libhfuzz/fetch.h honggfuzz.h libhfcommon/util.h -libhfuzz/fetch.o: libhfcommon/common.h libhfcommon/files.h -libhfuzz/fetch.o: libhfcommon/common.h libhfcommon/log.h +libhfuzz/fetch.o: libhfcommon/files.h libhfcommon/common.h libhfcommon/log.h libhfuzz/instrument.o: libhfuzz/instrument.h honggfuzz.h libhfcommon/util.h libhfuzz/instrument.o: libhfcommon/common.h libhfcommon/files.h libhfuzz/instrument.o: libhfcommon/common.h libhfcommon/log.h diff --git a/cmdline.c b/cmdline.c index dc1500fe..35d7ba74 100644 --- a/cmdline.c +++ b/cmdline.c @@ -30,15 +30,18 @@ #if defined(_HF_ARCH_LINUX) #include #endif /* defined(_HF_ARCH_LINUX) */ -#include +#include +#include #include #include #include #include +#include #include #include #include #include +#include #include #include "display.h" diff --git a/cmdline.h b/cmdline.h index 60327f3f..a640ad18 100644 --- a/cmdline.h +++ b/cmdline.h @@ -22,11 +22,10 @@ #ifndef _HF_CMDLINE_H_ #define _HF_CMDLINE_H_ +#include #include -#include #include "honggfuzz.h" -#include "libhfcommon/common.h" rlim_t cmdlineParseRLimit(int res, const char* optarg, unsigned long mul); diff --git a/display.c b/display.c index f711a9c5..f0950322 100644 --- a/display.c +++ b/display.c @@ -25,11 +25,13 @@ #include #include -#include #include +#include +#include #include #include #include +#include #include #include "libhfcommon/common.h" diff --git a/fuzz.c b/fuzz.c index d55bc567..cd98cf06 100644 --- a/fuzz.c +++ b/fuzz.c @@ -27,19 +27,13 @@ #include #include #include -#include -#include +#include #include #include +#include #include #include #include -#include -#include -#include -#include -#include -#include #include #include #include @@ -51,7 +45,6 @@ #include "libhfcommon/files.h" #include "libhfcommon/log.h" #include "libhfcommon/util.h" -#include "mangle.h" #include "report.h" #include "sanitizers.h" #include "socketfuzzer.h" diff --git a/fuzz.h b/fuzz.h index 61dc2bc0..24e281ac 100644 --- a/fuzz.h +++ b/fuzz.h @@ -8,7 +8,6 @@ * Copyright 2010-2018 by Google Inc. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. You may obtain * a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 @@ -24,9 +23,8 @@ #ifndef _HF_FUZZ_H_ #define _HF_FUZZ_H_ -#include - -#include "honggfuzz.h" +#include +#include extern void fuzz_threadsStart(honggfuzz_t* fuzz); extern bool fuzz_isTerminating(void); diff --git a/honggfuzz.c b/honggfuzz.c index 068bc131..ebc191e0 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -23,13 +23,11 @@ */ #include -#include #include #include #include #include #include -#include #include #include #include diff --git a/honggfuzz.h b/honggfuzz.h index 63016e4c..a656e1a4 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include diff --git a/input.c b/input.c index b4650d6b..7c49642e 100644 --- a/input.c +++ b/input.c @@ -26,14 +26,13 @@ #include #include #include +#include #include #include #include #include -#include -#include +#include #include -#include #include #include "fuzz.h" diff --git a/input.h b/input.h index 34defac5..eedeccb1 100644 --- a/input.h +++ b/input.h @@ -25,6 +25,9 @@ #define _HF_INPUT_H_ #include +#include +#include +#include #include "honggfuzz.h" diff --git a/libhfuzz/fetch.c b/libhfuzz/fetch.c index 80275eeb..145dbabf 100644 --- a/libhfuzz/fetch.c +++ b/libhfuzz/fetch.c @@ -2,16 +2,12 @@ #include #include -#include -#include #include #include -#include #include #include #include "honggfuzz.h" -#include "libhfcommon/common.h" #include "libhfcommon/files.h" #include "libhfcommon/log.h" diff --git a/libhfuzz/fetch.h b/libhfuzz/fetch.h index e08f33d1..a15d6067 100644 --- a/libhfuzz/fetch.h +++ b/libhfuzz/fetch.h @@ -24,10 +24,9 @@ #ifndef _HF_LIBHFUZZ_FETCH_H_ #define _HF_LIBHFUZZ_FETCH_H_ -#include #include +#include #include -#include extern void HonggfuzzFetchData(const uint8_t** buf_ptr, size_t* len_ptr); extern bool fetchIsInputAvailable(void); diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 32ce946a..51f563c3 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -2,17 +2,17 @@ #include #include -#include #include #include #if defined(_HF_ARCH_LINUX) #include #endif /* defined(_HF_ARCH_LINUX) */ +#include #include #include -#include #include #include +#include #include #include #include diff --git a/libhfuzz/instrument.h b/libhfuzz/instrument.h index 374999d4..791a9f3d 100644 --- a/libhfuzz/instrument.h +++ b/libhfuzz/instrument.h @@ -24,9 +24,9 @@ #ifndef _HF_LIBHFUZZ_INSTRUMENT_H_ #define _HF_LIBHFUZZ_INSTRUMENT_H_ -#include #include #include +#include extern void instrument8BitCountersCount(void); extern void instrumentResetLocalCovFeedback(void); diff --git a/mangle.c b/mangle.c index 0e0660b9..ee25203b 100644 --- a/mangle.c +++ b/mangle.c @@ -26,14 +26,13 @@ #include #include -#include +#include +#include #include #include #include -#include -#include #include -#include +#include #include "input.h" #include "libhfcommon/common.h" diff --git a/report.c b/report.c index 5bfb5ce6..a7f6396e 100644 --- a/report.c +++ b/report.c @@ -26,10 +26,10 @@ #include #include #include -#include +#include #include -#include -#include +#include +#include #include "libhfcommon/common.h" #include "libhfcommon/log.h" diff --git a/report.h b/report.h index 22eaf4e4..c924509a 100644 --- a/report.h +++ b/report.h @@ -24,7 +24,10 @@ #ifndef _HF_REPORT_H_ #define _HF_REPORT_H_ +#include + #include "honggfuzz.h" +#include "libhfcommon/util.h" #include "sanitizers.h" extern void report_saveReport(run_t* run); diff --git a/sanitizers.c b/sanitizers.c index 6509eee6..63ced358 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -1,18 +1,16 @@ #include "sanitizers.h" #include -#include #include +#include +#include #include #include #include -#include -#include -#include +#include #include "cmdline.h" #include "libhfcommon/common.h" -#include "libhfcommon/files.h" #include "libhfcommon/log.h" #include "libhfcommon/util.h" diff --git a/sanitizers.h b/sanitizers.h index 8ca727d1..4a6f397f 100644 --- a/sanitizers.h +++ b/sanitizers.h @@ -20,7 +20,11 @@ #ifndef _HF_SANITIZERS_H_ #define _HF_SANITIZERS_H_ +#include +#include + #include "honggfuzz.h" +#include "libhfcommon/util.h" /* Prefix for sanitizer report files */ #define kLOGPREFIX "HF.sanitizer.log" -- cgit v1.2.3 From 649e48630afce64727e7416e7867d1a302b999d1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 5 May 2020 20:24:41 +0200 Subject: subproc: simpler subproc_StatusToStr()) --- Makefile | 2 +- linux/arch.c | 6 ++---- linux/trace.c | 3 ++- mac/arch.c | 6 ++---- netbsd/arch.c | 6 ++---- posix/arch.c | 6 ++---- subproc.c | 50 ++++++++++++++++++++++++++------------------------ subproc.h | 2 +- 8 files changed, 38 insertions(+), 43 deletions(-) diff --git a/Makefile b/Makefile index cdcd4d92..866021cd 100644 --- a/Makefile +++ b/Makefile @@ -391,7 +391,7 @@ input.o: subproc.h mangle.o: mangle.h honggfuzz.h libhfcommon/util.h input.h mangle.o: libhfcommon/common.h libhfcommon/log.h report.o: report.h honggfuzz.h libhfcommon/util.h sanitizers.h -report.o: libhfcommon/log.h +report.o: libhfcommon/common.h libhfcommon/log.h sanitizers.o: sanitizers.h honggfuzz.h libhfcommon/util.h cmdline.h sanitizers.o: libhfcommon/common.h libhfcommon/log.h socketfuzzer.o: socketfuzzer.h honggfuzz.h libhfcommon/util.h diff --git a/linux/arch.c b/linux/arch.c index c5b1b40d..b5a6b493 100644 --- a/linux/arch.c +++ b/linux/arch.c @@ -222,9 +222,7 @@ static bool arch_checkWait(run_t* run) { PLOG_F("waitpid() failed"); } - char statusStr[4096]; - LOG_D("pid=%d returned with status: %s", pid, - subproc_StatusToStr(status, statusStr, sizeof(statusStr))); + LOG_D("pid=%d returned with status: %s", pid, subproc_StatusToStr(status)); arch_traceAnalyze(run, status, pid); @@ -232,7 +230,7 @@ static bool arch_checkWait(run_t* run) { if (run->global->exe.persistent) { if (!fuzz_isTerminating()) { LOG_W("Persistent mode: pid=%d exited with status: %s", (int)run->pid, - subproc_StatusToStr(status, statusStr, sizeof(statusStr))); + subproc_StatusToStr(status)); } } return true; diff --git a/linux/trace.c b/linux/trace.c index aab7e2d4..33fc5868 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -876,7 +876,8 @@ bool arch_traceWaitForPidStop(pid_t pid) { return false; } if (!WIFSTOPPED(status)) { - LOG_W("PID %d not in a stopped state - status:%d", pid, status); + LOG_W("PID %d not in a stopped state - status:%d (%s)", pid, status, + subproc_StatusToStr(status)); return false; } return true; diff --git a/mac/arch.c b/mac/arch.c index 976c67cf..873dc628 100644 --- a/mac/arch.c +++ b/mac/arch.c @@ -351,15 +351,13 @@ static bool arch_checkWait(run_t* run) { arch_analyzeSignal(run, status); - char statusStr[4096]; - LOG_D("pid=%d returned with status: %s", pid, - subproc_StatusToStr(status, statusStr, sizeof(statusStr))); + LOG_D("pid=%d returned with status: %s", pid, subproc_StatusToStr(status)); if (pid == run->pid && (WIFEXITED(status) || WIFSIGNALED(status))) { if (run->global->exe.persistent) { if (!fuzz_isTerminating()) { LOG_W("Persistent mode: PID %d exited with status: %s", pid, - subproc_StatusToStr(status, statusStr, sizeof(statusStr))); + subproc_StatusToStr(status)); } } return true; diff --git a/netbsd/arch.c b/netbsd/arch.c index 9d4c99d1..f895c122 100644 --- a/netbsd/arch.c +++ b/netbsd/arch.c @@ -127,15 +127,13 @@ static bool arch_checkWait(run_t* run) { arch_traceAnalyze(run, status, pid); - char statusStr[4096]; - LOG_D("pid=%d returned with status: %s", pid, - subproc_StatusToStr(status, statusStr, sizeof(statusStr))); + LOG_D("pid=%d returned with status: %s", pid, subproc_StatusToStr(status)); if (pid == run->pid && (WIFEXITED(status) || WIFSIGNALED(status))) { if (run->global->exe.persistent) { if (!fuzz_isTerminating()) { LOG_W("Persistent mode: PID %d exited with status: %s", pid, - subproc_StatusToStr(status, statusStr, sizeof(statusStr))); + subproc_StatusToStr(status)); } } return true; diff --git a/posix/arch.c b/posix/arch.c index e342fe84..92f135b1 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -210,9 +210,7 @@ static bool arch_checkWait(run_t* run) { PLOG_F("waitpid() failed"); } - char statusStr[4096]; - LOG_D("pid=%d returned with status: %s", pid, - subproc_StatusToStr(status, statusStr, sizeof(statusStr))); + LOG_D("pid=%d returned with status: %s", pid, subproc_StatusToStr(status)); arch_analyzeSignal(run, pid, status); @@ -220,7 +218,7 @@ static bool arch_checkWait(run_t* run) { if (run->global->exe.persistent) { if (!fuzz_isTerminating()) { LOG_W("Persistent mode: pid=%d exited with status: %s", (int)run->pid, - subproc_StatusToStr(status, statusStr, sizeof(statusStr))); + subproc_StatusToStr(status)); } } return true; diff --git a/subproc.c b/subproc.c index d9939448..d6cfca3b 100644 --- a/subproc.c +++ b/subproc.c @@ -47,30 +47,32 @@ extern char** environ; -const char* subproc_StatusToStr(int status, char* str, size_t len) { +const char* subproc_StatusToStr(int status) { + static __thread char str[256]; + if (WIFEXITED(status)) { - snprintf(str, len, "EXITED, exit code: %d", WEXITSTATUS(status)); + snprintf(str, sizeof(str), "EXITED, exit code: %d", WEXITSTATUS(status)); return str; } if (WIFSIGNALED(status)) { - snprintf( - str, len, "SIGNALED, signal: %d (%s)", WTERMSIG(status), strsignal(WTERMSIG(status))); + snprintf(str, sizeof(str), "SIGNALED, signal: %d (%s)", WTERMSIG(status), + strsignal(WTERMSIG(status))); return str; } if (WIFCONTINUED(status)) { - snprintf(str, len, "CONTINUED"); + snprintf(str, sizeof(str), "CONTINUED"); return str; } if (!WIFSTOPPED(status)) { - snprintf(str, len, "UNKNOWN STATUS: %d", status); + snprintf(str, sizeof(str), "UNKNOWN STATUS: %d", status); return str; } /* Must be in a stopped state */ if (WSTOPSIG(status) == (SIGTRAP | 0x80)) { - snprintf(str, len, "STOPPED (linux syscall): %d (%s)", WSTOPSIG(status), + snprintf(str, sizeof(str), "STOPPED (linux syscall): %d (%s)", WSTOPSIG(status), strsignal(WSTOPSIG(status))); return str; } @@ -79,47 +81,47 @@ const char* subproc_StatusToStr(int status, char* str, size_t len) { if (WSTOPSIG(status) == SIGTRAP && __LINUX_WPTRACEEVENT(status) != 0) { switch (__LINUX_WPTRACEEVENT(status)) { case PTRACE_EVENT_FORK: - snprintf(str, len, "EVENT (Linux) - fork - with signal: %d (%s)", WSTOPSIG(status), - strsignal(WSTOPSIG(status))); + snprintf(str, sizeof(str), "EVENT (Linux) - fork - with signal: %d (%s)", + WSTOPSIG(status), strsignal(WSTOPSIG(status))); return str; case PTRACE_EVENT_VFORK: - snprintf(str, len, "EVENT (Linux) - vfork - with signal: %d (%s)", WSTOPSIG(status), - strsignal(WSTOPSIG(status))); + snprintf(str, sizeof(str), "EVENT (Linux) - vfork - with signal: %d (%s)", + WSTOPSIG(status), strsignal(WSTOPSIG(status))); return str; case PTRACE_EVENT_CLONE: - snprintf(str, len, "EVENT (Linux) - clone - with signal: %d (%s)", WSTOPSIG(status), - strsignal(WSTOPSIG(status))); + snprintf(str, sizeof(str), "EVENT (Linux) - clone - with signal: %d (%s)", + WSTOPSIG(status), strsignal(WSTOPSIG(status))); return str; case PTRACE_EVENT_EXEC: - snprintf(str, len, "EVENT (Linux) - exec - with signal: %d (%s)", WSTOPSIG(status), - strsignal(WSTOPSIG(status))); + snprintf(str, sizeof(str), "EVENT (Linux) - exec - with signal: %d (%s)", + WSTOPSIG(status), strsignal(WSTOPSIG(status))); return str; case PTRACE_EVENT_VFORK_DONE: - snprintf(str, len, "EVENT (Linux) - vfork_done - with signal: %d (%s)", + snprintf(str, sizeof(str), "EVENT (Linux) - vfork_done - with signal: %d (%s)", WSTOPSIG(status), strsignal(WSTOPSIG(status))); return str; case PTRACE_EVENT_EXIT: - snprintf(str, len, "EVENT (Linux) - exit - with signal: %d (%s)", WSTOPSIG(status), - strsignal(WSTOPSIG(status))); + snprintf(str, sizeof(str), "EVENT (Linux) - exit - with signal: %d (%s)", + WSTOPSIG(status), strsignal(WSTOPSIG(status))); return str; case PTRACE_EVENT_SECCOMP: - snprintf(str, len, "EVENT (Linux) - seccomp - with signal: %d (%s)", + snprintf(str, sizeof(str), "EVENT (Linux) - seccomp - with signal: %d (%s)", WSTOPSIG(status), strsignal(WSTOPSIG(status))); return str; case PTRACE_EVENT_STOP: - snprintf(str, len, "EVENT (Linux) - stop - with signal: %d (%s)", WSTOPSIG(status), - strsignal(WSTOPSIG(status))); + snprintf(str, sizeof(str), "EVENT (Linux) - stop - with signal: %d (%s)", + WSTOPSIG(status), strsignal(WSTOPSIG(status))); return str; default: - snprintf(str, len, "EVENT (Linux) UNKNOWN (%d): with signal: %d (%s)", + snprintf(str, sizeof(str), "EVENT (Linux) UNKNOWN (%d): with signal: %d (%s)", __LINUX_WPTRACEEVENT(status), WSTOPSIG(status), strsignal(WSTOPSIG(status))); return str; } } #endif /* defined(PTRACE_EVENT_STOP) */ - snprintf( - str, len, "STOPPED with signal: %d (%s)", WSTOPSIG(status), strsignal(WSTOPSIG(status))); + snprintf(str, sizeof(str), "STOPPED with signal: %d (%s)", WSTOPSIG(status), + strsignal(WSTOPSIG(status))); return str; } diff --git a/subproc.h b/subproc.h index b8ebad80..83b83652 100644 --- a/subproc.h +++ b/subproc.h @@ -33,7 +33,7 @@ #define WIFCONTINUED(x) WEXITSTATUS(0) #endif -extern const char* subproc_StatusToStr(int status, char* str, size_t len); +extern const char* subproc_StatusToStr(int status); extern bool subproc_Run(run_t* run); -- cgit v1.2.3 From 7d9f5d91373751b9640b3edf5979513af2775438 Mon Sep 17 00:00:00 2001 From: Joshua Pereyda Date: Thu, 7 May 2020 09:23:00 -0700 Subject: fix -o synonym for --output --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index 35d7ba74..0f7f8e88 100644 --- a/cmdline.c +++ b/cmdline.c @@ -550,7 +550,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { int opt_index = 0; for (;;) { int c = getopt_long( - argc, argv, "-?hQvVsuPxf:i:dqe:W:r:c:F:t:R:n:N:l:p:g:E:w:B:zMTS", opts, &opt_index); + argc, argv, "-?hQvVsuPxf:i:o:dqe:W:r:c:F:t:R:n:N:l:p:g:E:w:B:zMTS", opts, &opt_index); if (c < 0) { break; } -- cgit v1.2.3 From d4e0b1f81f0125b31968a43aa79c50cc4d37f2bb Mon Sep 17 00:00:00 2001 From: Joshua Pereyda Date: Thu, 7 May 2020 09:52:45 -0700 Subject: make --output dir if it doesn't exist, as already done with -W --- cmdline.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cmdline.c b/cmdline.c index 35d7ba74..5fa17e0b 100644 --- a/cmdline.c +++ b/cmdline.c @@ -259,6 +259,11 @@ static bool cmdlineVerify(honggfuzz_t* hfuzz) { return false; } + if (hfuzz->io.outputDir && mkdir(hfuzz->io.outputDir, 0700) == -1 && errno != EEXIST) { + PLOG_E("Couldn't create the output directory '%s'", hfuzz->io.outputDir); + return false; + } + if (strlen(hfuzz->io.workDir) == 0) { if (getcwd(hfuzz->io.workDir, sizeof(hfuzz->io.workDir)) == NULL) { PLOG_W("getcwd() failed. Using '.'"); -- cgit v1.2.3 From 74e7bc161662269b6ff4cdb3e2fdd2ad0bebd69b Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 7 May 2020 19:45:14 +0200 Subject: subproc: simpler subproc_StatusToStr()) #2 --- linux/trace.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/linux/trace.c b/linux/trace.c index 33fc5868..2ea20fd5 100644 --- a/linux/trace.c +++ b/linux/trace.c @@ -747,7 +747,8 @@ static void arch_traceEvent(int status, pid_t pid) { LOG_D( "PID: %d terminated with signal: %lu", pid, (unsigned long)WTERMSIG(event_msg)); } else { - LOG_D("PID: %d exited with unknown status: %lu", pid, event_msg); + LOG_D("PID: %d exited with unknown status: %lu (%s)", pid, event_msg, + subproc_StatusToStr(event_msg)); } } break; default: -- cgit v1.2.3 From 8317fdec700811930a8364bceb5246bccbff5445 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 11 May 2020 15:15:57 +0200 Subject: cmdline: don't use network namepsaces with Linux by default, as certain kernel versions dead-lock during namespace creation/destruction --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index c496ebee..6a59d53a 100644 --- a/cmdline.c +++ b/cmdline.c @@ -448,7 +448,7 @@ bool cmdlineParse(int argc, char* argv[], honggfuzz_t* hfuzz) { .symsWlCnt = 0, .symsWl = NULL, .cloneFlags = 0, - .useNetNs = HF_MAYBE, + .useNetNs = HF_NO, .kernelOnly = false, .useClone = true, }, -- cgit v1.2.3 From a299f3f17074663c0dffba029b2171a0c09d4dee Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 11 May 2020 16:55:59 +0200 Subject: honggfuzz-qemu: Pass -ldl to the linker as it's required by libhfuzz.a --- qemu_mode/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/qemu_mode/Makefile b/qemu_mode/Makefile index f996c180..2b0dbfc9 100644 --- a/qemu_mode/Makefile +++ b/qemu_mode/Makefile @@ -10,7 +10,7 @@ qemu_bin: honggfuzz-qemu/config.status honggfuzz-qemu/config.status: honggfuzz-qemu/ @echo "=== Configuring QEMU for \"$(TARGETS)\" ===" @cd honggfuzz-qemu/ && \ - ./configure --honggfuzz-path="$(PWD)/../" --disable-system --target-list="$(TARGETS)" + LIBS=-ldl ./configure --honggfuzz-path="$(PWD)/../" --disable-system --target-list="$(TARGETS)" honggfuzz-qemu/: @echo "=== Cloning custom QEMU version ===" @@ -19,4 +19,3 @@ honggfuzz-qemu/: clean: @echo "=== Cleaning ===" rm -rf honggfuzz-qemu/ - -- cgit v1.2.3 From 569b7da9d462d45e75bd6c774467c41694341793 Mon Sep 17 00:00:00 2001 From: Adrian Herrera Date: Wed, 13 May 2020 09:28:33 +1000 Subject: dockerfile: set noninteractive This stops tzdata asking you to enter timezones and things --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 4053f36b..020b2eef 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,7 @@ FROM ubuntu:rolling +ENV DEBIAN_FRONTEND noninteractive + RUN apt-get -y update && apt-get install -y \ gcc \ git \ -- cgit v1.2.3 From 6d07ac100852cf8148c324d78516341ea8a088b9 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 18 May 2020 15:18:12 +0200 Subject: remove comparisons to true and to false across the code --- cmdline.c | 2 +- display.c | 2 +- honggfuzz.c | 6 +++--- input.c | 8 ++++---- libhfcommon/files.c | 2 +- libhfcommon/log.c | 4 ++-- linux/bfd.c | 2 +- linux/perf.c | 2 +- posix/arch.c | 4 ++-- sanitizers.c | 2 +- 10 files changed, 17 insertions(+), 17 deletions(-) diff --git a/cmdline.c b/cmdline.c index 6a59d53a..f89bd0aa 100644 --- a/cmdline.c +++ b/cmdline.c @@ -217,7 +217,7 @@ rlim_t cmdlineParseRLimit(int res, const char* optarg, unsigned long mul) { if (strcasecmp(optarg, "def") == 0) { return cur.rlim_cur; } - if (util_isANumber(optarg) == false) { + if (!util_isANumber(optarg)) { LOG_F("RLIMIT %d needs a numeric or 'max'/'def' value ('%s' provided)", res, optarg); } rlim_t val = strtoul(optarg, NULL, 0) * mul; diff --git a/display.c b/display.c index f0950322..f7de29c2 100644 --- a/display.c +++ b/display.c @@ -162,7 +162,7 @@ void display_createTargetStr(honggfuzz_t* hfuzz) { } void display_display(honggfuzz_t* hfuzz) { - if (logIsTTY() == false) { + if (!logIsTTY()) { return; } diff --git a/honggfuzz.c b/honggfuzz.c index ebc191e0..26017da9 100644 --- a/honggfuzz.c +++ b/honggfuzz.c @@ -321,7 +321,7 @@ int main(int argc, char** argv) { } myargs[i] = NULL; - if (cmdlineParse(argc, myargs, &hfuzz) == false) { + if (!cmdlineParse(argc, myargs, &hfuzz)) { LOG_F("Parsing of the cmd-line arguments failed"); } if (hfuzz.io.inputDir && access(hfuzz.io.inputDir, R_OK) == -1) { @@ -362,11 +362,11 @@ int main(int argc, char** argv) { exit(EXIT_FAILURE); } - if (hfuzz.mutate.dictionaryFile && (input_parseDictionary(&hfuzz) == false)) { + if (hfuzz.mutate.dictionaryFile && !input_parseDictionary(&hfuzz)) { LOG_F("Couldn't parse dictionary file ('%s')", hfuzz.mutate.dictionaryFile); } - if (hfuzz.feedback.blacklistFile && (input_parseBlacklist(&hfuzz) == false)) { + if (hfuzz.feedback.blacklistFile && !input_parseBlacklist(&hfuzz)) { LOG_F("Couldn't parse stackhash blacklist file ('%s')", hfuzz.feedback.blacklistFile); } #define hfuzzl hfuzz.arch_linux diff --git a/input.c b/input.c index 2e8d1e7b..513b7ed9 100644 --- a/input.c +++ b/input.c @@ -140,11 +140,11 @@ bool input_getNext(run_t* run, char fname[PATH_MAX], bool rewind) { PLOG_W("readdir_r('%s')", run->global->io.inputDir); return false; } - if (entry == NULL && rewind == false) { + if (entry == NULL && !rewind) { return false; } - if (entry == NULL && rewind == true) { - if (input_getDirStatsAndRewind(run->global) == false) { + if (entry == NULL && rewind) { + if (!input_getDirStatsAndRewind(run->global)) { LOG_E("input_getDirStatsAndRewind('%s')", run->global->io.inputDir); return false; } @@ -185,7 +185,7 @@ bool input_init(honggfuzz_t* hfuzz) { close(dir_fd); return false; } - if (input_getDirStatsAndRewind(hfuzz) == false) { + if (!input_getDirStatsAndRewind(hfuzz)) { hfuzz->io.fileCnt = 0U; LOG_W("input_getDirStatsAndRewind('%s')", hfuzz->io.inputDir); return false; diff --git a/libhfcommon/files.c b/libhfcommon/files.c index c4233eb8..5a7763ec 100644 --- a/libhfcommon/files.c +++ b/libhfcommon/files.c @@ -79,7 +79,7 @@ bool files_writeBufToFile(const char* fname, const uint8_t* buf, size_t fileSz, } bool ret = files_writeToFd(fd, buf, fileSz); - if (ret == false) { + if (!ret) { PLOG_W("Couldn't write '%zu' bytes to file '%s' (fd='%d')", fileSz, fname, fd); unlink(fname); } else { diff --git a/libhfcommon/log.c b/libhfcommon/log.c index 58da809c..4858f6b6 100644 --- a/libhfcommon/log.c +++ b/libhfcommon/log.c @@ -85,7 +85,7 @@ void logInitLogFile(const char* logfile, int fd, enum llevel_t ll) { void logLog(enum llevel_t ll, const char* fn, int ln, bool perr, const char* fmt, ...) { int saved_errno = errno; char strerr[512]; - if (perr == true) { + if (perr) { snprintf(strerr, sizeof(strerr), "%s", strerror(saved_errno)); } struct ll_t { @@ -131,7 +131,7 @@ void logLog(enum llevel_t ll, const char* fn, int ln, bool perr, const char* fmt vdprintf(hf_log_fd, fmt, args); va_end(args); - if (perr == true) { + if (perr) { dprintf(hf_log_fd, ": %s", strerr); } if (hf_log_fd_isatty) { diff --git a/linux/bfd.c b/linux/bfd.c index faf35261..69f4da59 100644 --- a/linux/bfd.c +++ b/linux/bfd.c @@ -152,7 +152,7 @@ void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num) { .dsyms = NULL, }; - if (arch_bfdInit(pid, &bfdParams) == false) { + if (!arch_bfdInit(pid, &bfdParams)) { return; } diff --git a/linux/perf.c b/linux/perf.c index f8aa181b..1dccdbe4 100644 --- a/linux/perf.c +++ b/linux/perf.c @@ -68,7 +68,7 @@ __attribute__((hot)) static inline void arch_perfBtsCount(run_t* run) { * Kernel sometimes reports branches from the kernel (iret), we are not interested in that * as it makes the whole concept of unique branch counting less predictable */ - if (run->global->arch_linux.kernelOnly == false && + if (!run->global->arch_linux.kernelOnly && (__builtin_expect(br->from > 0xFFFFFFFF00000000, false) || __builtin_expect(br->to > 0xFFFFFFFF00000000, false))) { LOG_D("Adding branch %#018" PRIx64 " - %#018" PRIx64, br->from, br->to); diff --git a/posix/arch.c b/posix/arch.c index 92f135b1..c6090b0f 100644 --- a/posix/arch.c +++ b/posix/arch.c @@ -167,8 +167,8 @@ static void arch_analyzeSignal(run_t* run, pid_t pid, int status) { /* If unique crash found, reset dynFile counter */ ATOMIC_CLEAR(run->global->cfg.dynFileIterExpire); - if (files_writeBufToFile(run->crashFileName, run->dynfile->data, run->dynfile->size, - O_CREAT | O_EXCL | O_WRONLY) == false) { + if (!files_writeBufToFile(run->crashFileName, run->dynfile->data, run->dynfile->size, + O_CREAT | O_EXCL | O_WRONLY)) { LOG_E("Couldn't save crash to '%s'", run->crashFileName); } diff --git a/sanitizers.c b/sanitizers.c index 63ced358..4eb1f954 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -268,7 +268,7 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p } } - return (frameFound == false) ? 0 : (frameIdx + 1); + return (!frameFound) ? 0 : (frameIdx + 1); } /* -- cgit v1.2.3 From d083bf81eb1c8a3b2dd702def5281afa5a7f74d2 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Mon, 18 May 2020 18:01:28 +0200 Subject: cmdline: typo --- cmdline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdline.c b/cmdline.c index f89bd0aa..516bc38f 100644 --- a/cmdline.c +++ b/cmdline.c @@ -166,7 +166,7 @@ tristate_t cmdlineParseTriState(const char* optname, const char* optarg) { if (!optarg) { LOG_F("Option '--%s' needs an argument (true|false|maybe)", optname); } - /* Probably '-' belong to the next option */ + /* Probably '-' belongs to the next option */ if (optarg[0] == '-') { LOG_F("Option '--%s' needs an argument (true|false|maybe)", optname); } -- cgit v1.2.3 From 3b32a7d2eb8c48999309b12bd7a3a7200544eb77 Mon Sep 17 00:00:00 2001 From: unknown <2185596822@qq.com> Date: Tue, 26 May 2020 06:45:13 +0800 Subject: add chose when tcp server not return anything --- libhfnetdriver/netdriver.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 0549eeea..5e6cc2be 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -32,7 +32,7 @@ const char *const LIBHFNETDRIVER_module_netdriver = _HF_NETDRIVER_SIG; #define HFND_TCP_PORT_ENV "HFND_TCP_PORT" #define HFND_SOCK_PATH_ENV "HFND_SOCK_PATH" #define HFND_SKIP_FUZZING_ENV "HFND_SKIP_FUZZING" - +//# define NORECVTIME 10 static char *initial_server_argv[] = {"fuzzer", NULL}; static struct { @@ -436,9 +436,20 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { * TCP server to drop the input data, instead of processing it. Use BSS to avoid putting * pressure on the stack size */ +#ifdef NORECVTIME + struct timeval timeout={1,0};//1s + setsockopt(sock,SOL_SOCKET,SO_RCVTIMEO,&timeout,sizeof(timeout)); + clock_t start,end; + start = clock(); +#endif static char b[1024ULL * 1024ULL * 4ULL]; - while (TEMP_FAILURE_RETRY(recv(sock, b, sizeof(b), MSG_WAITALL)) > 0) - ; + while (TEMP_FAILURE_RETRY(recv(sock, b, sizeof(b), MSG_WAITALL)) > 0){ +#ifdef NORECVTIME + end= clock(); + if( ((double)end-start)/CLK_TCK>NORECVTIME) + break; +#endif + } close(sock); -- cgit v1.2.3 From a8cb02e3cea98fe054a24321c594402c9ab933fc Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 26 May 2020 14:57:07 +0200 Subject: make indent --- libhfnetdriver/netdriver.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index 5e6cc2be..b883d234 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -437,18 +437,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { * pressure on the stack size */ #ifdef NORECVTIME - struct timeval timeout={1,0};//1s - setsockopt(sock,SOL_SOCKET,SO_RCVTIMEO,&timeout,sizeof(timeout)); - clock_t start,end; + struct timeval timeout = {1, 0}; // 1s + setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)); + clock_t start, end; start = clock(); -#endif +#endif static char b[1024ULL * 1024ULL * 4ULL]; - while (TEMP_FAILURE_RETRY(recv(sock, b, sizeof(b), MSG_WAITALL)) > 0){ + while (TEMP_FAILURE_RETRY(recv(sock, b, sizeof(b), MSG_WAITALL)) > 0) { #ifdef NORECVTIME - end= clock(); - if( ((double)end-start)/CLK_TCK>NORECVTIME) - break; -#endif + end = clock(); + if (((double)end - start) / CLK_TCK > NORECVTIME) break; +#endif } close(sock); -- cgit v1.2.3 From b36a3657d3402f60e9218c0599623a44bc928e04 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 26 May 2020 15:03:24 +0200 Subject: libhfnetdriver: rewrite the timeout code slightly --- libhfnetdriver/netdriver.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index b883d234..e0d5d21f 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -32,7 +32,11 @@ const char *const LIBHFNETDRIVER_module_netdriver = _HF_NETDRIVER_SIG; #define HFND_TCP_PORT_ENV "HFND_TCP_PORT" #define HFND_SOCK_PATH_ENV "HFND_SOCK_PATH" #define HFND_SKIP_FUZZING_ENV "HFND_SKIP_FUZZING" -//# define NORECVTIME 10 + +/* Define this to use receiving timeouts +#define HFND_RECVTIME 10 +*/ + static char *initial_server_argv[] = {"fuzzer", NULL}; static struct { @@ -431,22 +435,26 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { PLOG_F("shutdown(sock=%d, SHUT_WR)", sock); } +#ifdef HFND_RECVTIME + const struct timeval timeout = {1, 0}; // 1s + if (setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)) == -1) { + PLOG_W("Couldn't set setsockopt(sock, SO_RCVTIMEO, 1s) for fd=%d", sock); + } + time_t start = time(NULL); +#endif + /* * Try to read data from the server, assuming that an early TCP close would sometimes cause the * TCP server to drop the input data, instead of processing it. Use BSS to avoid putting * pressure on the stack size */ -#ifdef NORECVTIME - struct timeval timeout = {1, 0}; // 1s - setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)); - clock_t start, end; - start = clock(); -#endif static char b[1024ULL * 1024ULL * 4ULL]; while (TEMP_FAILURE_RETRY(recv(sock, b, sizeof(b), MSG_WAITALL)) > 0) { -#ifdef NORECVTIME - end = clock(); - if (((double)end - start) / CLK_TCK > NORECVTIME) break; +#ifdef HFND_RECVTIME + time_t end = time(NULL); + if ((end - start) > HFND_RECVTIME) { + break; + } #endif } -- cgit v1.2.3 From 4474f2a01ecfcb07c0b75e33a41817d45fabc92a Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Thu, 28 May 2020 15:01:07 +0200 Subject: libhfnetdriver: rework the timeouts, so more debugging info is printed --- libhfnetdriver/netdriver.c | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/libhfnetdriver/netdriver.c b/libhfnetdriver/netdriver.c index e0d5d21f..72ac3de8 100644 --- a/libhfnetdriver/netdriver.c +++ b/libhfnetdriver/netdriver.c @@ -436,9 +436,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { } #ifdef HFND_RECVTIME - const struct timeval timeout = {1, 0}; // 1s + const struct timeval timeout = {.tv_sec = 1, .tv_usec = 0}; if (setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)) == -1) { - PLOG_W("Couldn't set setsockopt(sock, SO_RCVTIMEO, 1s) for fd=%d", sock); + PLOG_W("Honggfuzz Net Driver (pid=%d): Couldn't set setsockopt(sock=%d, SO_RCVTIMEO, 1s)", + (int)getpid(), sock); } time_t start = time(NULL); #endif @@ -449,13 +450,29 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { * pressure on the stack size */ static char b[1024ULL * 1024ULL * 4ULL]; - while (TEMP_FAILURE_RETRY(recv(sock, b, sizeof(b), MSG_WAITALL)) > 0) { -#ifdef HFND_RECVTIME - time_t end = time(NULL); - if ((end - start) > HFND_RECVTIME) { + for (;;) { + int ret = TEMP_FAILURE_RETRY(recv(sock, b, sizeof(b), MSG_WAITALL)); + if (ret == 0) { break; } +#ifdef HFND_RECVTIME + if (ret == -1 && errno == EWOULDBLOCK) { + time_t end = time(NULL); + if ((end - start) > HFND_RECVTIME) { + LOG_W("Honggfuzz Net Driver (pid=%d): Server didn't close the connection(fd=%d) " + "within %d seconds. Closing it.", + (int)getpid(), sock, HFND_RECVTIME); + break; + } + continue; + } #endif + if (ret == -1) { + PLOG_W("Honggfuzz Net Driver (pid=%d): Connection to the server (sock=%d) closed with " + "error", + (int)getpid(), sock); + break; + } } close(sock); -- cgit v1.2.3 From 19a83f17bc6bdafd1d08cfad14010913ff27f549 Mon Sep 17 00:00:00 2001 From: Kamil Rytarowski Date: Thu, 11 Jun 2020 14:37:57 +0200 Subject: Improve NetBSD compatibility Stop using install -t as it is GNU specific. Replace it with a portable construct. Before reading with ptrace(2) from address 0x0, check whether the VA0 is mappable into the process, as otherwise the ptrace(2) call will return EINVAL. Stop intercepting fork(2) events as they are ignored anyway. Document PTRACE_POSIX_SPAWN events. Use PT_SET_SIGPASS to disable notifying the parent about uninteresting signals. The only interesting ones are crash signals, SIGABRT and SIGSYS. Everything else is directly passed to the traced process. --- Makefile | 9 +++++--- netbsd/trace.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 63 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index 866021cd..00735f89 100644 --- a/Makefile +++ b/Makefile @@ -368,9 +368,12 @@ install: all install -m 755 hfuzz_cc/hfuzz-clang++ $${DESTDIR}$(BIN_PATH) install -m 755 hfuzz_cc/hfuzz-gcc $${DESTDIR}$(BIN_PATH) install -m 755 hfuzz_cc/hfuzz-g++ $${DESTDIR}$(BIN_PATH) - install -m 755 -t $${DESTDIR}$(INC_PATH)/libhfcommon -D includes/libhfcommon/*.h - install -m 755 -t $${DESTDIR}$(INC_PATH)/libhfuzz -D includes/libhfuzz/*.h - install -m 755 -t $${DESTDIR}$(INC_PATH)/libhnetdriver -D includes/libhfnetdriver/*.h + install -d $${DESTDIR}$(INC_PATH)/libhfcommon + install -d $${DESTDIR}$(INC_PATH)/libhfuzz + install -d $${DESTDIR}$(INC_PATH)/libhnetdrive + install -m 755 includes/libhfcommon/*.h $${DESTDIR}$(INC_PATH)/libhfcommon + install -m 755 includes/libhfuzz/*.h $${DESTDIR}$(INC_PATH)/libhfuzz + install -m 755 includes/libhfnetdriver/*.h $${DESTDIR}$(INC_PATH)/libhnetdriver # DO NOT DELETE diff --git a/netbsd/trace.c b/netbsd/trace.c index f6fc4451..6b2c06cf 100644 --- a/netbsd/trace.c +++ b/netbsd/trace.c @@ -32,6 +32,7 @@ #include #include #include +#include #include #include #include @@ -80,6 +81,9 @@ #define MAX_INSTR_SZ 8 #endif +/* + * Keep in sync the important signals with the PT_SET_SIGPASS call. + */ static struct { const char* descr; bool important; @@ -118,10 +122,39 @@ static struct { #define SI_FROMUSER(siptr) ((siptr)->si_code == SI_USER) #endif /* SI_FROMUSER */ +/* + * Check whether VA0 page is mappable into the process address space. + */ +static bool +get_user_va0_disable(void) +{ + static int user_va0_disable = -1; + size_t user_va0_disable_len = sizeof(user_va0_disable); + + if (user_va0_disable == -1) { + if (sysctlbyname("vm.user_va0_disable", + &user_va0_disable, &user_va0_disable_len, NULL, 0) == -1) { + return true; + } + } + + if (user_va0_disable > 0) + return true; + else + return false; +} + static size_t arch_getProcMem(pid_t pid, uint8_t* buf, size_t len, register_t pc) { struct ptrace_io_desc io; size_t bytes_read; + /* + * Check whether the 0x0 virtual address is always invalid, if so + * an attempt of reading from its address will return EINVAL. + */ + if (pc == 0 && get_user_va0_disable() == true) + return 0; + bytes_read = 0; io.piod_op = PIOD_READ_D; io.piod_len = len; @@ -477,7 +510,7 @@ static void arch_traceEvent(run_t* run HF_ATTR_UNUSED, pid_t pid) { break; case TRAP_CHLD: case TRAP_LWP: - /* Child/LWP trap, ignore */ + /* Child/LWP trap, unused */ if (ptrace(PT_GET_PROCESS_STATE, pid, &state, sizeof(state)) != -1) { switch (state.pe_report_event) { case PTRACE_FORK: @@ -490,6 +523,12 @@ static void arch_traceEvent(run_t* run HF_ATTR_UNUSED, pid_t pid) { LOG_D("PID: %d child trap (TRAP_CHLD) : vfork (PTRACE_VFORK_DONE)", (int)pid); break; +#ifdef PTRACE_POSIX_SPAWN + case PTRACE_POSIX_SPAWN: + LOG_D("PID: %d child trap (TRAP_CHLD) : spawn (POSIX_SPAWN)", + (int)pid); + break; +#endif case PTRACE_LWP_CREATE: LOG_E("PID: %d unexpected lwp trap (TRAP_LWP) : create " "(PTRACE_LWP_CREATE)", @@ -615,17 +654,25 @@ bool arch_traceAttach(run_t* run) { return false; } - ptrace_event_t event = { - /* - * NetBSD 8.0 seems to support PTRACE_FORK only: - * .pe_set_event = PTRACE_FORK | PTRACE_VFORK | PTRACE_VFORK_DONE, - */ - .pe_set_event = PTRACE_FORK, - }; - if (ptrace(PT_SET_EVENT_MASK, run->pid, &event, sizeof(event)) == -1) { - PLOG_W("Couldn't ptrace(PT_SET_EVENT_MASK) to pid: %d", (int)run->pid); +#ifdef PT_SET_SIGPASS + /* + * Don't intercept uninteresting signals. + * + * Note that crash signals (SIGSEGV, SIGILL, SIGFPE, SIGBUS, SIGTRAP) for + * real crashes (thus not including: kill(2), raise(2) etc) are never passed + * over and are always directed to the debugger. + * + * Keep in sync with struct arch_sigs[]. + */ + sigset_t set; + sigfillset(&set); + sigdelset(&set, SIGABRT); + sigdelset(&set, SIGSYS); + if (ptrace(PT_SET_SIGPASS, run->pid, &set, sizeof(set)) == -1) { + PLOG_W("Couldn't ptrace(PT_SET_SIGPASS) to pid: %d", (int)run->pid); return false; } +#endif LOG_D("Attached to PID: %d", run->pid); -- cgit v1.2.3 From 5fa5d0a1aecdb422091a3eb723e2aae80c122209 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 17 Jun 2020 09:07:34 +0200 Subject: make indent --- netbsd/trace.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/netbsd/trace.c b/netbsd/trace.c index 6b2c06cf..8519543f 100644 --- a/netbsd/trace.c +++ b/netbsd/trace.c @@ -125,15 +125,13 @@ static struct { /* * Check whether VA0 page is mappable into the process address space. */ -static bool -get_user_va0_disable(void) -{ - static int user_va0_disable = -1; - size_t user_va0_disable_len = sizeof(user_va0_disable); +static bool get_user_va0_disable(void) { + static int user_va0_disable = -1; + size_t user_va0_disable_len = sizeof(user_va0_disable); if (user_va0_disable == -1) { - if (sysctlbyname("vm.user_va0_disable", - &user_va0_disable, &user_va0_disable_len, NULL, 0) == -1) { + if (sysctlbyname( + "vm.user_va0_disable", &user_va0_disable, &user_va0_disable_len, NULL, 0) == -1) { return true; } } @@ -152,8 +150,7 @@ static size_t arch_getProcMem(pid_t pid, uint8_t* buf, size_t len, register_t pc * Check whether the 0x0 virtual address is always invalid, if so * an attempt of reading from its address will return EINVAL. */ - if (pc == 0 && get_user_va0_disable() == true) - return 0; + if (pc == 0 && get_user_va0_disable() == true) return 0; bytes_read = 0; io.piod_op = PIOD_READ_D; @@ -525,8 +522,7 @@ static void arch_traceEvent(run_t* run HF_ATTR_UNUSED, pid_t pid) { break; #ifdef PTRACE_POSIX_SPAWN case PTRACE_POSIX_SPAWN: - LOG_D("PID: %d child trap (TRAP_CHLD) : spawn (POSIX_SPAWN)", - (int)pid); + LOG_D("PID: %d child trap (TRAP_CHLD) : spawn (POSIX_SPAWN)", (int)pid); break; #endif case PTRACE_LWP_CREATE: -- cgit v1.2.3 From 9e34b1bc435462e5e568b0ec079ea0769dfed617 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 23 Jun 2020 15:49:41 +0200 Subject: honggfuzz.h: increase the number of maximum positional args to execve that honggfuzz supports --- honggfuzz.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/honggfuzz.h b/honggfuzz.h index a656e1a4..913852de 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -95,7 +95,7 @@ #define _HF_INPUT_FILE_PATH "/dev/fd/" HF_XSTR(_HF_INPUT_FD) /* Maximum number of supported execve() args */ -#define _HF_ARGS_MAX 512 +#define _HF_ARGS_MAX 2048 /* Message indicating that the fuzzed process is ready for new data */ static const uint8_t HFReadyTag = 'R'; -- cgit v1.2.3 From 420574bddba93af18ed327a443fa074e653604c3 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Tue, 30 Jun 2020 16:24:35 +0200 Subject: readme --- README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 97e53406..4634c6a1 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte Honggfuzz has been used to find a few interesting security problems in major software packages; An incomplete list: - + * Dozens of security problems via the [OSS-Fuzz](https://bugs.chromium.org/p/oss-fuzz/issues/list?q=honggfuzz&can=1) project * [Pre-auth remote crash in __OpenSSH__](https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737) * __Apache HTTPD__ * [Remote crash in __mod\_http2__ • CVE-2017-7659](http://seclists.org/oss-sec/2017/q2/504) @@ -102,6 +102,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [Memory corruption in __Xfig__](https://sourceforge.net/p/mcj/tickets/67/) * [Memory corruption in __LibreOffice__](https://github.com/LibreOffice/core/commit/0754e581b0d8569dd08cf26f88678754f249face) * [Memory corruption in __ATasm__](https://sourceforge.net/p/atasm/bugs/8/) + * [Memory corruption in __LibRaw__](https://github.com/LibRaw/LibRaw/issues/309) * __Rust__: * panic() in regex [#1](https://github.com/rust-lang/regex/issues/464), [#2](https://github.com/rust-lang/regex/issues/465), [#3](https://github.com/rust-lang/regex/issues/465#issuecomment-381412816) * panic() in h2 [#1](https://github.com/carllerche/h2/pull/260), [#2](https://github.com/carllerche/h2/pull/261), [#3](https://github.com/carllerche/h2/pull/262) @@ -160,6 +161,12 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__rcc__: a Rust C compiler](https://github.com/jyn514/rcc#testing) * [__EIP1962Fuzzing__: Fuzzy testing of various EIP1962 implementations](https://github.com/matter-labs/eip1962_fuzzing) * [__wasm-fuzz__: Fuzzing of wasmer](https://github.com/wasmerio/wasm-fuzz/blob/master/honggfuzz.md), [blog post](https://medium.com/wasmer/fuzz-testing-in-webassembly-vms-3a301f982e5a) + * [__propfuzz__: Rust tools to combine coverage-guided fuzzing with property-based testing - from Facebook](https://github.com/facebookincubator/propfuzz) + * [__Bitcoin Core__](https://github.com/Nampu898/btc-2/blob/2af56d6d5c387c3208d3d5aae8d428a3d610446f/doc/fuzzing.md#fuzzing-bitcoin-core-using-honggfuzz) + * [__ESP32-Fuzzing-Framework__: A Fuzzing Framework for ESP32 applications](https://github.com/MaxCamillo/esp32-fuzzing-framework/tree/5130a3c7bf9796fdeb44346eec3dcdc7e507a62b) + * [__Fuzzbench__: Fuzzer Benchmarking As a Service](https://www.fuzzbench.com/) + * [__rumpsyscallfuzz__: NetBSD Rump Kernel fuzzing](https://github.com/adityavardhanpadala/rumpsyscallfuzz) + * [__libnbd__: fuzzing libnbd with honggfuzz](https://github.com/libguestfs/libnbd/commit/329c5235f81ab0d1849946bab5e5c4119b35e140) * [__P0__: Fuzzing ImageIO](https://googleprojectzero.blogspot.com/2020/04/fuzzing-imageio.html) * [__TrapFuzz__: by P0](https://github.com/googleprojectzero/p0tools/tree/master/TrapFuzz) * [__Rust's fuzztest__](https://docs.rs/crate/fuzztest) -- cgit v1.2.3 From 872ab1c0ffedf4b10ed3133d4d043e5474a13e1e Mon Sep 17 00:00:00 2001 From: Kamil Rytarowski Date: Wed, 1 Jul 2020 10:33:09 +0200 Subject: netbsd: Fix PC and SI_ADDR in arch_traceSaveData() --- netbsd/trace.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/netbsd/trace.c b/netbsd/trace.c index 8519543f..f5c5d958 100644 --- a/netbsd/trace.c +++ b/netbsd/trace.c @@ -319,14 +319,20 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { arch_getInstrStr(pid, info.psi_lwpid, &pc, instr); + void* sig_addr = info.psi_siginfo.si_addr; + /* User-induced signals don't set si.si_addr */ + if (SI_FROMUSER(&info.psi_siginfo)) { + sig_addr = NULL; + } + LOG_D("Pid: %d, signo: %d, errno: %d, code: %d, addr: %p, pc: %" PRIxREGISTER ", instr: '%s'", pid, info.psi_siginfo.si_signo, info.psi_siginfo.si_errno, info.psi_siginfo.si_code, - info.psi_siginfo.si_addr, pc, instr); + sig_addr, pc, instr); if (!SI_FROMUSER(&info.psi_siginfo) && pc && - info.psi_siginfo.si_addr < run->global->arch_netbsd.ignoreAddr) { + sig_addr < run->global->arch_netbsd.ignoreAddr) { LOG_I("Input is interesting (%s), but the si.si_addr is %p (below %p), skipping", - util_sigName(info.psi_siginfo.si_signo), info.psi_siginfo.si_addr, + util_sigName(info.psi_siginfo.si_signo), sig_addr, run->global->arch_netbsd.ignoreAddr); return; } @@ -433,15 +439,6 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { /* If non-blacklisted crash detected, zero set two MSB */ ATOMIC_POST_ADD(run->global->cfg.dynFileIterExpire, _HF_DYNFILE_SUB_MASK); - void* sig_addr = info.psi_siginfo.si_addr; - pc = 0UL; - sig_addr = NULL; - - /* User-induced signals don't set si.si_addr */ - if (SI_FROMUSER(&info.psi_siginfo)) { - sig_addr = NULL; - } - /* If dry run mode, copy file with same name into workspace */ if (run->global->mutate.mutationsPerRun == 0U && run->global->cfg.useVerifier) { snprintf(run->crashFileName, sizeof(run->crashFileName), "%s/%s", run->global->io.crashDir, -- cgit v1.2.3 From eb688b67e14b28dd04a0462ae9fac4822d2115b3 Mon Sep 17 00:00:00 2001 From: hen <523416700@qq.com> Date: Thu, 2 Jul 2020 23:01:32 +0800 Subject: delete some wmb calls --- libhfuzz/instrument.c | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 51f563c3..1f97dd37 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -221,7 +221,6 @@ __attribute__((weak)) size_t instrumentReserveGuard(size_t cnt) { } if (ATOMIC_GET(globalCovFeedback->guardNb) < guardCnt) { ATOMIC_SET(globalCovFeedback->guardNb, guardCnt); - wmb(); } return base; } @@ -280,7 +279,6 @@ HF_REQUIRE_SSE42_POPCNT void __cyg_profile_func_enter(void* func, void* caller) register bool prev = ATOMIC_BITMAP_SET(globalCovFeedback->bbMapPc, pos); if (!prev) { ATOMIC_PRE_INC(globalCovFeedback->pidNewPC[my_thread_no]); - wmb(); } } @@ -298,7 +296,6 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_pc_internal(uintptr_t pc) register bool prev = ATOMIC_BITMAP_SET(globalCovFeedback->bbMapPc, ret); if (!prev) { ATOMIC_PRE_INC(globalCovFeedback->pidNewPC[my_thread_no]); - wmb(); } } @@ -321,7 +318,6 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp1_internal( if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); - wmb(); } } @@ -333,7 +329,6 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp2_internal( if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); - wmb(); } } @@ -345,7 +340,6 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp4_internal( if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); - wmb(); } } @@ -357,7 +351,6 @@ HF_REQUIRE_SSE42_POPCNT static inline void hfuzz_trace_cmp8_internal( if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); - wmb(); } } @@ -498,7 +491,6 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); - wmb(); } } } @@ -524,7 +516,6 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div8(uint64_t Val) { if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); - wmb(); } } @@ -535,7 +526,6 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_div4(uint32_t Val) { if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); - wmb(); } } @@ -550,7 +540,6 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_indir(uintptr_t callee) { register bool prev = ATOMIC_BITMAP_SET(globalCovFeedback->bbMapPc, pos); if (!prev) { ATOMIC_PRE_INC(globalCovFeedback->pidNewPC[my_thread_no]); - wmb(); } } @@ -567,7 +556,6 @@ __attribute__((weak)) HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_indir_call16( register bool prev = ATOMIC_BITMAP_SET(globalCovFeedback->bbMapPc, pos); if (!prev) { ATOMIC_PRE_INC(globalCovFeedback->pidNewPC[my_thread_no]); - wmb(); } } @@ -675,7 +663,6 @@ HF_REQUIRE_SSE42_POPCNT void __sanitizer_cov_trace_pc_guard(uint32_t* guard_ptr) ATOMIC_PRE_INC(globalCovFeedback->pidNewCmp[my_thread_no]); } } - wmb(); } /* Support up to 256 DSO modules with separate 8bit counters */ @@ -725,7 +712,6 @@ void instrument8BitCountersCount(void) { ATOMIC_POST_ADD(globalCovFeedback->pidTotalEdge[my_thread_no], totalEdge); ATOMIC_POST_ADD(globalCovFeedback->pidTotalCmp[my_thread_no], totalCmp); - wmb(); } void __sanitizer_cov_8bit_counters_init(char* start, char* end) { @@ -769,7 +755,6 @@ bool instrumentUpdateCmpMap(uintptr_t addr, uint32_t v) { if (prev < v) { ATOMIC_SET(globalCovFeedback->bbMapCmp[pos], v); ATOMIC_POST_ADD(globalCovFeedback->pidNewCmp[my_thread_no], v - prev); - wmb(); return true; } return false; @@ -784,8 +769,6 @@ void instrumentClearNewCov() { ATOMIC_CLEAR(globalCovFeedback->pidTotalPC[my_thread_no]); ATOMIC_CLEAR(globalCovFeedback->pidTotalEdge[my_thread_no]); ATOMIC_CLEAR(globalCovFeedback->pidTotalCmp[my_thread_no]); - - wmb(); } void instrumentAddConstMem(const void* mem, size_t len, bool check_if_ro) { -- cgit v1.2.3 From 2010ba76cd5cc1c0d62bdf2a226d57021ba0e3c1 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Fri, 3 Jul 2020 02:00:39 +0200 Subject: readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4634c6a1..2e2a6871 100644 --- a/README.md +++ b/README.md @@ -87,7 +87,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * Stack corruption issues in the Windows OpenType parser: [#1](https://github.com/xinali/AfdkoFuzz/blob/4eadcb19eacb2fb73e4b0f0b34f382a9331bb3b4/CrashesAnalysis/CrashesAnalysis_3/README.md), [#2](https://github.com/xinali/AfdkoFuzz/blob/master/CVE-2019-1117/README.md), [#3](https://github.com/xinali/AfdkoFuzz/tree/f6d6562dd19403cc5a1f8cef603ee69425b68b20/CVE-2019-1118) * [Infinite loop in __NGINX Unit__](https://github.com/nginx/unit/commit/477e8177b70acb694759e62d830b8a311a736324) * A couple of problems in the [__MATLAB MAT File I/O Library__](https://sourceforge.net/projects/matio): [#1](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#2](https://github.com/tbeu/matio/commit/406438f497931f45fb3edf6de17d3a59a922c257), [#3](https://github.com/tbeu/matio/commit/a55b9c2c01582b712d5a643699a13b5c41687db1), [#4](https://github.com/tbeu/matio/commit/3e6283f37652e29e457ab9467f7738a562594b6b), [#5](https://github.com/tbeu/matio/commit/783ee496a6914df68e77e6019054ad91e8ed6420) - * __Samba__ [tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206), [#2](https://github.com/samba-team/samba/commit/183da1f9fda6f58cdff5cefad133a86462d5942a), [#3](https://github.com/samba-team/samba/commit/33e9021cbee4c17ee2f11d02b99902a742d77293), [#4](https://github.com/samba-team/samba/commit/ac1be895d2501dc79dcff2c1e03549fe5b5a930c), [#5](https://github.com/samba-team/samba/commit/b1eda993b658590ebb0a8225e448ce399946ed83), [#6](https://github.com/samba-team/samba/commit/f7f92803f600f8d302cdbb668c42ca8b186a797f) [CVE-2019-14907](https://www.samba.org/samba/security/CVE-2019-14907.html) + * __Samba__ [tdbdump + tdbtool](http://seclists.org/oss-sec/2018/q2/206), [#2](https://github.com/samba-team/samba/commit/183da1f9fda6f58cdff5cefad133a86462d5942a), [#3](https://github.com/samba-team/samba/commit/33e9021cbee4c17ee2f11d02b99902a742d77293), [#4](https://github.com/samba-team/samba/commit/ac1be895d2501dc79dcff2c1e03549fe5b5a930c), [#5](https://github.com/samba-team/samba/commit/b1eda993b658590ebb0a8225e448ce399946ed83), [#6](https://github.com/samba-team/samba/commit/f7f92803f600f8d302cdbb668c42ca8b186a797f) [CVE-2019-14907](https://www.samba.org/samba/security/CVE-2019-14907.html) [CVE-2020-10745](https://www.samba.org/samba/security/CVE-2020-10745.html) * [Crash in __djvulibre__](https://github.com/barak/djvulibre/commit/89d71b01d606e57ecec2c2930c145bb20ba5bbe3) * [Multiple crashes in __VLC__](https://www.pentestpartners.com/security-blog/double-free-rce-in-vlc-a-honggfuzz-how-to/) * [Buffer overflow in __ClassiCube__](https://github.com/UnknownShadow200/ClassiCube/issues/591) @@ -162,7 +162,7 @@ Honggfuzz has been used to find a few interesting security problems in major sof * [__EIP1962Fuzzing__: Fuzzy testing of various EIP1962 implementations](https://github.com/matter-labs/eip1962_fuzzing) * [__wasm-fuzz__: Fuzzing of wasmer](https://github.com/wasmerio/wasm-fuzz/blob/master/honggfuzz.md), [blog post](https://medium.com/wasmer/fuzz-testing-in-webassembly-vms-3a301f982e5a) * [__propfuzz__: Rust tools to combine coverage-guided fuzzing with property-based testing - from Facebook](https://github.com/facebookincubator/propfuzz) - * [__Bitcoin Core__](https://github.com/Nampu898/btc-2/blob/2af56d6d5c387c3208d3d5aae8d428a3d610446f/doc/fuzzing.md#fuzzing-bitcoin-core-using-honggfuzz) + * [__Bitcoin Core__: fuzzing](https://github.com/Nampu898/btc-2/blob/2af56d6d5c387c3208d3d5aae8d428a3d610446f/doc/fuzzing.md#fuzzing-bitcoin-core-using-honggfuzz) * [__ESP32-Fuzzing-Framework__: A Fuzzing Framework for ESP32 applications](https://github.com/MaxCamillo/esp32-fuzzing-framework/tree/5130a3c7bf9796fdeb44346eec3dcdc7e507a62b) * [__Fuzzbench__: Fuzzer Benchmarking As a Service](https://www.fuzzbench.com/) * [__rumpsyscallfuzz__: NetBSD Rump Kernel fuzzing](https://github.com/adityavardhanpadala/rumpsyscallfuzz) -- cgit v1.2.3 From e1e629961b0c708c2d362f4c855565c92e34936e Mon Sep 17 00:00:00 2001 From: hen <523416700@qq.com> Date: Fri, 3 Jul 2020 17:15:32 +0800 Subject: faster util_32bitValInBinary/util_64bitValInBinary --- libhfcommon/util.c | 177 ++++++++++++++++++++++++++++++++++++++++++++++++++--- libhfcommon/util.h | 2 +- 2 files changed, 171 insertions(+), 8 deletions(-) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index 542f4fbb..c99c798b 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -832,6 +832,29 @@ static int addrStatic_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, lhfc_addr_t util_getProgAddr(const void* addr) { return (lhfc_addr_t)dl_iterate_phdr(addrStatic_cb, (void*)addr); } +static uint64_t * values64InBinary = NULL; +static size_t values64InBinary_size = 0; +static size_t values64InBinary_cap = 0; + +static uint32_t * values32InBinary = NULL; +static size_t values32InBinary_size = 0; +static size_t values32InBinary_cap = 0; + +static int cmp_u64(const void * pa, const void *pb) { + uint64_t a = *(uint64_t*) pa; + uint64_t b = *(uint64_t*) pb; + if (a < b) return -1; + if (a > b) return 1; + return 0; +} + +static int cmp_u32(const void * pa, const void *pb) { + uint32_t a = *(uint32_t*) pa; + uint32_t b = *(uint32_t*) pb; + if (a < b) return -1; + if (a > b) return 1; + return 0; +} static int check32_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { uint32_t v = *(uint32_t*)data; @@ -844,7 +867,7 @@ static int check32_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, voi if (info->dlpi_phdr[i].p_type != PT_LOAD) { continue; } - if (!(info->dlpi_phdr[i].p_flags & PF_R)) { + if (!(info->dlpi_phdr[i].p_flags & PF_W)) { continue; } uint32_t* start = (uint32_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr); @@ -861,10 +884,6 @@ static int check32_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, voi return 0; } -bool util_32bitValInBinary(uint32_t v) { - return (dl_iterate_phdr(check32_cb, &v) == 1); -} - static int check64_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data) { uint64_t v = *(uint64_t*)data; @@ -876,7 +895,7 @@ static int check64_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, voi if (info->dlpi_phdr[i].p_type != PT_LOAD) { continue; } - if (!(info->dlpi_phdr[i].p_flags & PF_R)) { + if (!(info->dlpi_phdr[i].p_flags & PF_W)) { continue; } uint64_t* start = (uint64_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr); @@ -893,7 +912,151 @@ static int check64_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, voi return 0; } -bool util_64bitValInBinary(uint32_t v) { +static int collectValuesInBinary_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data HF_ATTR_UNUSED) { + + for (size_t i = 0; i < info->dlpi_phnum; i++) { + /* Look only in the actual binary, and not in libraries */ + if (info->dlpi_name[0] != '\0') { + continue; + } + if (info->dlpi_phdr[i].p_type != PT_LOAD) { + continue; + } + // collect values from readonly segments + if ((!(info->dlpi_phdr[i].p_flags & PF_R)) || (info->dlpi_phdr[i].p_flags & PF_W)) { + continue; + } + uint32_t* start_32 = (uint32_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr); + uint32_t* end_32 = + (uint32_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr + + HF_MIN(info->dlpi_phdr[i].p_memsz, info->dlpi_phdr[i].p_filesz)); + + for (; start_32 < end_32; start_32++) { + if (*start_32 == 0 || *start_32 == (uint32_t)-1) continue; + // make enough capcity + if (values32InBinary_size > values32InBinary_cap) { + LOG_F("32values size(%zu) > cap(%zu)", values32InBinary_size, values32InBinary_cap); + } + if (values32InBinary_size == values32InBinary_cap) { + if (values32InBinary_cap == 0) { + values32InBinary_cap = 1024; + } + values32InBinary_cap *= 2; + values32InBinary = util_Realloc(values32InBinary, values32InBinary_cap * sizeof(uint32_t)); + } + values32InBinary[values32InBinary_size++] = *start_32; + } + + uint64_t* start_64 = (uint64_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr); + uint64_t* end_64 = + (uint64_t*)(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr + + HF_MIN(info->dlpi_phdr[i].p_memsz, info->dlpi_phdr[i].p_filesz)); + + for (; start_64 < end_64; start_64++) { + if (*start_64 == 0 || *start_64 == (uint64_t)-1) continue; + // make enough capcity + if (values64InBinary_size > values64InBinary_cap) { + LOG_F("64values size(%zu) > cap(%zu)", values64InBinary_size, values64InBinary_cap); + } + if (values64InBinary_size == values64InBinary_cap) { + if (values64InBinary_cap == 0) { + values64InBinary_cap = 1024; + } + values64InBinary_cap *= 2; + values64InBinary = util_Realloc(values64InBinary, values64InBinary_cap * sizeof(uint64_t)); + } + values64InBinary[values64InBinary_size++] = *start_64; + } + } + + return 0; +} + +static void collectValuesInBinary () { + //collect values + dl_iterate_phdr(collectValuesInBinary_cb, NULL); + + //sort values + qsort(values32InBinary, values32InBinary_size, sizeof(uint32_t), cmp_u32); + qsort(values64InBinary, values64InBinary_size, sizeof(uint64_t), cmp_u64); + + //remove duplicated values + if (values32InBinary_size) { + uint32_t previous_value = values32InBinary[0]; + size_t new_size = 1; + for (size_t i = 1; i < values32InBinary_size; i++) { + uint32_t current_value = values32InBinary[i]; + if (current_value != previous_value) { + //a new non-duplicated value + values32InBinary[new_size++] = current_value; + } + previous_value = current_value; + } + values32InBinary_size = new_size; + } + if (values64InBinary_size) { + uint64_t previous_value = values64InBinary[0]; + size_t new_size = 1; + for (size_t i = 1; i < values64InBinary_size; i++) { + uint64_t current_value = values64InBinary[i]; + if (current_value != previous_value) { + //a new non-duplicated value + values64InBinary[new_size++] = current_value; + } + previous_value = current_value; + } + values64InBinary_size = new_size; + } + + //reduce memory + values32InBinary_cap = values32InBinary_size; + values32InBinary = util_Realloc(values32InBinary, values32InBinary_cap * sizeof(uint32_t)); + values64InBinary_cap = values64InBinary_size; + values64InBinary = util_Realloc(values64InBinary, values64InBinary_cap * sizeof(uint64_t)); + +} + +static pthread_once_t collectValuesInBinary_InitOnce = PTHREAD_ONCE_INIT; + +bool util_32bitValInBinary(uint32_t v) { + pthread_once(&collectValuesInBinary_InitOnce, collectValuesInBinary); + //check if it in read-only values + if (values32InBinary_size != 0) { + size_t l = 0, r = values32InBinary_size-1; + //binary search + while (l != r) { + size_t mid = (l + r)/2; + if (values32InBinary[mid] < v) { + l = mid + 1; + } + else { + r = mid; + } + } + if (values32InBinary[l] == v) return true; + } + //check if it's in writable values + return (dl_iterate_phdr(check32_cb, &v) == 1); +} + +bool util_64bitValInBinary(uint64_t v) { + pthread_once(&collectValuesInBinary_InitOnce, collectValuesInBinary); + //check if it in read-only values + if (values64InBinary_size != 0) { + size_t l = 0, r = values64InBinary_size-1; + //binary search + while (l != r) { + size_t mid = (l + r)/2; + if (values64InBinary[mid] < v) { + l = mid + 1; + } + else { + r = mid; + } + } + if (values64InBinary[l] == v) return true; + } + //check if it's in writable values return (dl_iterate_phdr(check64_cb, &v) == 1); } #else /* !defined(_HF_ARCH_DARWIN) && !defined(__CYGWIN__) */ diff --git a/libhfcommon/util.h b/libhfcommon/util.h index 43b034fb..b189e250 100644 --- a/libhfcommon/util.h +++ b/libhfcommon/util.h @@ -189,7 +189,7 @@ extern void util_closeStdio(bool close_stdin, bool close_stdout, bool close_stde extern lhfc_addr_t util_getProgAddr(const void* addr); extern bool util_32bitValInBinary(uint32_t v); -extern bool util_64bitValInBinary(uint32_t v); +extern bool util_64bitValInBinary(uint64_t v); extern uint64_t util_hash(const char* buf, size_t len); extern int64_t fastArray64Search(uint64_t* array, size_t arraySz, uint64_t key); -- cgit v1.2.3 From 71580337c4e1c262bed822f21e558247975f1503 Mon Sep 17 00:00:00 2001 From: hen <523416700@qq.com> Date: Fri, 10 Jul 2020 20:21:20 +0800 Subject: randomize instrumentLimitEvery In old style, if we run in fork-and-exec mode, `staticCnt` will starts from zero for each run. So for example `__sanitizer_cov_trace_cmp4` will only be executed at the 4096th time... If the target is small to have 4096 cmp during execution, `__sanitizer_cov_trace_cmp4` trick will never work. Even if the target is big, the old style is still inbalanced. So just make it random. --- libhfuzz/instrument.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 1f97dd37..957242e5 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -233,10 +233,7 @@ void instrumentResetLocalCovFeedback(void) { /* Used to limit certain expensive actions, like adding values to dictionaries */ static inline bool instrumentLimitEvery(uint64_t step) { - static __thread uint64_t staticCnt = 0; - if (((staticCnt++) % step) == 0) { - return true; - } + if (util_rndGet(0, step) == 0) return true; return false; } -- cgit v1.2.3 From 8541db88ffed037e98e1a4ea047d955cb639ee88 Mon Sep 17 00:00:00 2001 From: Casper Date: Sat, 11 Jul 2020 10:26:48 +0800 Subject: fix inconsistent declaration in header and implementation in source file --- libhfcommon/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index c99c798b..c5d1bf63 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -1067,7 +1067,7 @@ lhfc_addr_t util_getProgAddr(const void* addr HF_ATTR_UNUSED) { bool util_32bitValInBinary(uint32_t v HF_ATTR_UNUSED) { return false; } -bool util_64bitValInBinary(uint32_t v HF_ATTR_UNUSED) { +bool util_64bitValInBinary(uint64_t v HF_ATTR_UNUSED) { return false; } #endif /* !defined(_HF_ARCH_DARWIN) && !defined(__CYGWIN__) */ -- cgit v1.2.3 From 5ec3e56f17dbd767203e2902598c3e3e5f1a64cd Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 22 Jul 2020 21:11:37 +0200 Subject: sanitizers: promote char to unsigned char first for isspace(int) --- sanitizers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sanitizers.c b/sanitizers.c index 4eb1f954..302b6267 100644 --- a/sanitizers.c +++ b/sanitizers.c @@ -183,7 +183,7 @@ size_t sanitizers_parseReport(run_t* run, pid_t pid, funcs_t* funcs, uint64_t* p } else { char* pLineLC = lineptr; /* Trim leading spaces */ - while (*pLineLC != '\0' && isspace((int)*pLineLC)) { + while (*pLineLC != '\0' && isspace((unsigned char)*pLineLC)) { ++pLineLC; } -- cgit v1.2.3 From fb133c8a3972a89a37ce62b28854025304d1504f Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 22 Jul 2020 21:12:08 +0200 Subject: make indent depend --- libhfcommon/util.c | 83 +++++++++++++++++++++++++-------------------------- libhfuzz/instrument.c | 1 - netbsd/trace.c | 6 ++-- 3 files changed, 43 insertions(+), 47 deletions(-) diff --git a/libhfcommon/util.c b/libhfcommon/util.c index c5d1bf63..1d7b9649 100644 --- a/libhfcommon/util.c +++ b/libhfcommon/util.c @@ -832,25 +832,25 @@ static int addrStatic_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, lhfc_addr_t util_getProgAddr(const void* addr) { return (lhfc_addr_t)dl_iterate_phdr(addrStatic_cb, (void*)addr); } -static uint64_t * values64InBinary = NULL; -static size_t values64InBinary_size = 0; -static size_t values64InBinary_cap = 0; +static uint64_t* values64InBinary = NULL; +static size_t values64InBinary_size = 0; +static size_t values64InBinary_cap = 0; -static uint32_t * values32InBinary = NULL; -static size_t values32InBinary_size = 0; -static size_t values32InBinary_cap = 0; +static uint32_t* values32InBinary = NULL; +static size_t values32InBinary_size = 0; +static size_t values32InBinary_cap = 0; -static int cmp_u64(const void * pa, const void *pb) { - uint64_t a = *(uint64_t*) pa; - uint64_t b = *(uint64_t*) pb; +static int cmp_u64(const void* pa, const void* pb) { + uint64_t a = *(uint64_t*)pa; + uint64_t b = *(uint64_t*)pb; if (a < b) return -1; if (a > b) return 1; return 0; } -static int cmp_u32(const void * pa, const void *pb) { - uint32_t a = *(uint32_t*) pa; - uint32_t b = *(uint32_t*) pb; +static int cmp_u32(const void* pa, const void* pb) { + uint32_t a = *(uint32_t*)pa; + uint32_t b = *(uint32_t*)pb; if (a < b) return -1; if (a > b) return 1; return 0; @@ -912,8 +912,8 @@ static int check64_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, voi return 0; } -static int collectValuesInBinary_cb(struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data HF_ATTR_UNUSED) { - +static int collectValuesInBinary_cb( + struct dl_phdr_info* info, size_t size HF_ATTR_UNUSED, void* data HF_ATTR_UNUSED) { for (size_t i = 0; i < info->dlpi_phnum; i++) { /* Look only in the actual binary, and not in libraries */ if (info->dlpi_name[0] != '\0') { @@ -942,7 +942,8 @@ static int collectValuesInBinary_cb(struct dl_phdr_info* info, size_t size HF_AT values32InBinary_cap = 1024; } values32InBinary_cap *= 2; - values32InBinary = util_Realloc(values32InBinary, values32InBinary_cap * sizeof(uint32_t)); + values32InBinary = + util_Realloc(values32InBinary, values32InBinary_cap * sizeof(uint32_t)); } values32InBinary[values32InBinary_size++] = *start_32; } @@ -963,7 +964,8 @@ static int collectValuesInBinary_cb(struct dl_phdr_info* info, size_t size HF_AT values64InBinary_cap = 1024; } values64InBinary_cap *= 2; - values64InBinary = util_Realloc(values64InBinary, values64InBinary_cap * sizeof(uint64_t)); + values64InBinary = + util_Realloc(values64InBinary, values64InBinary_cap * sizeof(uint64_t)); } values64InBinary[values64InBinary_size++] = *start_64; } @@ -972,22 +974,22 @@ static int collectValuesInBinary_cb(struct dl_phdr_info* info, size_t size HF_AT return 0; } -static void collectValuesInBinary () { - //collect values +static void collectValuesInBinary() { + // collect values dl_iterate_phdr(collectValuesInBinary_cb, NULL); - //sort values + // sort values qsort(values32InBinary, values32InBinary_size, sizeof(uint32_t), cmp_u32); qsort(values64InBinary, values64InBinary_size, sizeof(uint64_t), cmp_u64); - //remove duplicated values + // remove duplicated values if (values32InBinary_size) { uint32_t previous_value = values32InBinary[0]; - size_t new_size = 1; + size_t new_size = 1; for (size_t i = 1; i < values32InBinary_size; i++) { uint32_t current_value = values32InBinary[i]; if (current_value != previous_value) { - //a new non-duplicated value + // a new non-duplicated value values32InBinary[new_size++] = current_value; } previous_value = current_value; @@ -996,11 +998,11 @@ static void collectValuesInBinary () { } if (values64InBinary_size) { uint64_t previous_value = values64InBinary[0]; - size_t new_size = 1; + size_t new_size = 1; for (size_t i = 1; i < values64InBinary_size; i++) { uint64_t current_value = values64InBinary[i]; if (current_value != previous_value) { - //a new non-duplicated value + // a new non-duplicated value values64InBinary[new_size++] = current_value; } previous_value = current_value; @@ -1008,55 +1010,52 @@ static void collectValuesInBinary () { values64InBinary_size = new_size; } - //reduce memory + // reduce memory values32InBinary_cap = values32InBinary_size; - values32InBinary = util_Realloc(values32InBinary, values32InBinary_cap * sizeof(uint32_t)); + values32InBinary = util_Realloc(values32InBinary, values32InBinary_cap * sizeof(uint32_t)); values64InBinary_cap = values64InBinary_size; - values64InBinary = util_Realloc(values64InBinary, values64InBinary_cap * sizeof(uint64_t)); - + values64InBinary = util_Realloc(values64InBinary, values64InBinary_cap * sizeof(uint64_t)); } static pthread_once_t collectValuesInBinary_InitOnce = PTHREAD_ONCE_INIT; bool util_32bitValInBinary(uint32_t v) { pthread_once(&collectValuesInBinary_InitOnce, collectValuesInBinary); - //check if it in read-only values + // check if it in read-only values if (values32InBinary_size != 0) { - size_t l = 0, r = values32InBinary_size-1; - //binary search + size_t l = 0, r = values32InBinary_size - 1; + // binary search while (l != r) { - size_t mid = (l + r)/2; + size_t mid = (l + r) / 2; if (values32InBinary[mid] < v) { l = mid + 1; - } - else { + } else { r = mid; } } if (values32InBinary[l] == v) return true; } - //check if it's in writable values + // check if it's in writable values return (dl_iterate_phdr(check32_cb, &v) == 1); } bool util_64bitValInBinary(uint64_t v) { pthread_once(&collectValuesInBinary_InitOnce, collectValuesInBinary); - //check if it in read-only values + // check if it in read-only values if (values64InBinary_size != 0) { - size_t l = 0, r = values64InBinary_size-1; - //binary search + size_t l = 0, r = values64InBinary_size - 1; + // binary search while (l != r) { - size_t mid = (l + r)/2; + size_t mid = (l + r) / 2; if (values64InBinary[mid] < v) { l = mid + 1; - } - else { + } else { r = mid; } } if (values64InBinary[l] == v) return true; } - //check if it's in writable values + // check if it's in writable values return (dl_iterate_phdr(check64_cb, &v) == 1); } #else /* !defined(_HF_ARCH_DARWIN) && !defined(__CYGWIN__) */ diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index 957242e5..21e8ec96 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -708,7 +708,6 @@ void instrument8BitCountersCount(void) { ATOMIC_POST_ADD(globalCovFeedback->pidTotalEdge[my_thread_no], totalEdge); ATOMIC_POST_ADD(globalCovFeedback->pidTotalCmp[my_thread_no], totalCmp); - } void __sanitizer_cov_8bit_counters_init(char* start, char* end) { diff --git a/netbsd/trace.c b/netbsd/trace.c index f5c5d958..2480813a 100644 --- a/netbsd/trace.c +++ b/netbsd/trace.c @@ -329,11 +329,9 @@ static void arch_traceSaveData(run_t* run, pid_t pid) { pid, info.psi_siginfo.si_signo, info.psi_siginfo.si_errno, info.psi_siginfo.si_code, sig_addr, pc, instr); - if (!SI_FROMUSER(&info.psi_siginfo) && pc && - sig_addr < run->global->arch_netbsd.ignoreAddr) { + if (!SI_FROMUSER(&info.psi_siginfo) && pc && sig_addr < run->global->arch_netbsd.ignoreAddr) { LOG_I("Input is interesting (%s), but the si.si_addr is %p (below %p), skipping", - util_sigName(info.psi_siginfo.si_signo), sig_addr, - run->global->arch_netbsd.ignoreAddr); + util_sigName(info.psi_siginfo.si_signo), sig_addr, run->global->arch_netbsd.ignoreAddr); return; } -- cgit v1.2.3 From 5413f0a42e122aeb28f087f4177628b745083ac0 Mon Sep 17 00:00:00 2001 From: Robert Swiecki Date: Wed, 22 Jul 2020 21:51:47 +0200 Subject: Prepare for version 2.3 --- CHANGELOG | 11 +++++++++++ README.md | 2 +- honggfuzz.h | 2 +- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index b40d7bca..4af42c0c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,14 @@ +2020-07-22 - Version 2.3 + - honggfuzz.h - split run_t into substructs + - clang-format options in .clang-format + - added missing mutex initializers + - removed unncessary comparisons to 'true' and 'false' + - improved NetBSD compatibility + - removed unnecessary memory fences (speed ups) + - faster searching through the binary for const 4/8-byte values + - removed unnecessary includes with iwyu + - libhfnetdriver - general improvements around local socket fuzzing and timeouts + 2020-04-24 - Version 2.2 - Added 8bitcnt instrumentation - use hfuzz-cc/hfuzz-8bitcnt-(gcc|clang) for that - PC-guard instrumentation now uses edge counting diff --git a/README.md b/README.md index 2e2a6871..51cb1d0a 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with inte ## Code - * Latest stable version: [2.2](https://github.com/google/honggfuzz/releases) + * Latest stable version: [2.3](https://github.com/google/honggfuzz/releases) * [Changelog](https://github.com/google/honggfuzz/blob/master/CHANGELOG) ## Features diff --git a/honggfuzz.h b/honggfuzz.h index 913852de..9d07fdf4 100644 --- a/honggfuzz.h +++ b/honggfuzz.h @@ -39,7 +39,7 @@ #include "libhfcommon/util.h" #define PROG_NAME "honggfuzz" -#define PROG_VERSION "2.2" +#define PROG_VERSION "2.3" /* Name of the template which will be replaced with the proper name of the file */ #define _HF_FILE_PLACEHOLDER "___FILE___" -- cgit v1.2.3