2 * Fuzzer to fuzz a file
11 #include <sys/types.h>
14 int main(int argc, char *argv[])
19 int changesPerBuffer = 0;
22 unsigned char buffer[1000000];
28 while((c = getopt(argc,argv,"p:")) != -1){
36 printf("-p value less than 100 is invalid\n");
41 printf(" Needs a file name to fuzz\n");
45 h = open(argv[optind], O_RDWR);
46 flen = lseek(h,0,SEEK_END);
49 printf(" File is too short\n");
53 nbuffers = (flen + sizeof(buffer) - 1) / sizeof(buffer);
55 changesPerBuffer = 1+ (sizeof(buffer) * 8) / prob;
57 printf("Fuzzing file %s. Size %d, probablity 1/%d, changing %d bits in each of %d buffers\n",
58 argv[optind],flen,prob,changesPerBuffer,nbuffers);
62 for(b = 0; b < nbuffers; b++){
63 printf("buffer %d\n",b);
64 lseek(h,b * sizeof(buffer),SEEK_SET);
65 bufsize = read(h,buffer,sizeof(buffer));
66 for(i = 0; i < changesPerBuffer; i++){
67 x = rand() % (sizeof(buffer) * 8);
68 buffer[x >> 3] ^= (1 << (x & 7));
70 lseek(h,b * sizeof(buffer),SEEK_SET);
71 write(h,buffer,bufsize);