Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision

Target

Select target project
  • tobiasm1/swen90006-a2-2020
  • caidychen/swen90006-a2-2020
  • ZEYUWANG1/swen90006-a2-2020
  • SJANEIAD/swen90006-a2-2020
  • xiaotao/swen90006-a2-2020
  • AARETHNA/swen90006-a2-2020
  • Tina_Tang/swen90006-a2-2020
7 results
Select Git revision
Show changes
Commits on Source (22)
import java.io.IOException;
import java.io.FileOutputStream;
import java.io.PrintWriter;
import java.util.Random;
/* a stub for your team's fuzzer */
public class Fuzzer {
private static final String OUTPUT_FILE = "fuzz.txt";
private static Instruction[] INSTRUCTIONS = Instruction.values();
private static PrintWriter pw = null;
private static final int MAX_LINE_LENGTH = 1022;
private static final int MAX_INSTRUCTIONS = 1024;
public static void main(String[] args) throws IOException {
System.out.println(Instruction.getBNF());
int instructionCount = MAX_INSTRUCTIONS;
FileOutputStream out = null;
PrintWriter pw = null;
try {
out = new FileOutputStream(OUTPUT_FILE);
pw = new PrintWriter(out);
/* We just print one instruction.
Hint: you might want to make use of the instruction
grammar which is effectively encoded in Instruction.java */
pw.println("list");
for (int i = 0; i < instructionCount; i++) {
Instruction instruction = getRandomInstruction();
String outputString = instruction.getOpcode();
if (instruction.equals(Instruction.PUSH) || instruction.equals(Instruction.LOAD)
|| instruction.equals(Instruction.REM) || instruction.equals(Instruction.STORE)) {
double spaceType = Math.random();
if(spaceType > 0.8){
outputString += "\t";
}else if(spaceType<=0.75){
outputString += " ";
}
outputString += getRandomName(getRandomInt(0, MAX_LINE_LENGTH - outputString.length() - 1), false);
} else if (instruction.equals(Instruction.SAVE)) {
double spaceType = Math.random();
if(spaceType > 0.8){
outputString += "\t";
}else if(spaceType<=0.75){
outputString += " ";
}
outputString += getRandomName(getRandomInt(0, MAX_LINE_LENGTH - outputString.length() - 5), true);
outputString += ".txt";
}
pw.println(outputString);
}
} catch (Exception e) {
e.printStackTrace(System.err);
System.exit(1);
......@@ -35,4 +60,84 @@ public class Fuzzer {
}
public static Instruction getRandomInstruction() {
int numInstruction = Instruction.values().length;
int index = getRandomInt(0, numInstruction - 1);
return INSTRUCTIONS[index];
}
public static String getRandomName(int maxLenth, boolean isSAVE) {
StringBuffer stringBuffer = new StringBuffer();
int stringType = getRandomInt(0, 3);
switch (stringType) {
case 0:
//Mix arguments
for (int i = 0; i < maxLenth; i++) {
int charType = getRandomInt(0, 3);
long asci = 0;
switch (charType) {
case 0:
asci = Math.round(Math.random() * 25 + 65);
if(Math.random()>0.95)
{
asci=32;
}
stringBuffer.append(String.valueOf((char) asci));
break;
case 1:
asci = Math.round(Math.random() * 25 + 97);
stringBuffer.append(String.valueOf((char) asci));
break;
case 2:
stringBuffer.append(String.valueOf(getRandomInt(0, 9)));
break;
case 3:
asci = getRandomInt(32, 126);
stringBuffer.append(String.valueOf((char) asci));
break;
}
}
break;
case 1:
for (int i = 0; i < maxLenth; i++) {
long asci = 0;
asci = Math.round(Math.random() * 25 + 65);
if(Math.random()>0.95)
{
asci=32;
}
stringBuffer.append(String.valueOf((char) asci));
}
break;
case 2:
boolean isFloat = false;
for (int i = 0; i < maxLenth; i++) {
if(Math.random()>0.970 && !isFloat && !isSAVE)
{
stringBuffer.append(".");
isFloat = true;
}
stringBuffer.append(String.valueOf(getRandomInt(0, 9)));
}
break;
case 3:
for (int i = 0; i < maxLenth; i++) {
long asci = 0;
asci = Math.round(Math.random() * 25 + 97);
stringBuffer.append(String.valueOf((char) asci));
}
break;
default:
break;
}
return stringBuffer.toString();
}
public static int getRandomInt(int min, int max) {
int randomNumber = new Random().nextInt(max + 1 - min) + min;
return randomNumber;
}
}
push 5
store aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
\ No newline at end of file
push 5
+
print
\ No newline at end of file
push 5
store aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
\ No newline at end of file
push 5
-
print
\ No newline at end of file
push 5
store aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab
\ No newline at end of file
......@@ -72,7 +72,10 @@ static void node_print(const node_t *p){
static node_t *node_new(const char *varname, const value_t value){
node_t *new = malloc(sizeof(node_t));
assert(new != NULL && "new: malloc failed");
new->varname = strdup(varname);
//new->varname = strdup(varname);
//vuln-1
new->varname = (char *)malloc(1015 * sizeof(char));
strcpy(new->varname, varname);
assert(new->varname != NULL && "new: strdup varname failed");
new->value = value;
new->left = NULL;
......@@ -109,7 +112,7 @@ static node_t * node_insert(node_t *p, node_t *q){
node_t ** new = NULL;
node_t * const start = p;
while (new == NULL) {
int ret = strcmp(q->varname,p->varname);
int ret = strcmp(q->varname,p->varname);//exchange p and q
if (ret == 0){
assert (q->left == NULL && q->right == NULL && "illegal insertion");
/* edit the node in place */
......
......@@ -473,7 +473,8 @@ static int execute(void){
return -1;
}
if (stack_size() < 2){
//vuln-2
if (stack_size() < 1){
debug_printf("Add from insufficient stack\n");
return -1;
}
......
......@@ -72,7 +72,13 @@ static void node_print(const node_t *p){
static node_t *node_new(const char *varname, const value_t value){
node_t *new = malloc(sizeof(node_t));
assert(new != NULL && "new: malloc failed");
new->varname = strdup(varname);
//new->varname = strdup(varname);
/*---- vuln-3 ----*/
char varname_copy[1015] = {};
strcpy(varname_copy, varname);
new->varname = strdup(varname_copy);
assert(new->varname != NULL && "new: strdup varname failed");
new->value = value;
new->left = NULL;
......
......@@ -182,7 +182,7 @@ static node_t * rem(node_t *p, const char *varname){
return start; // not found
}
const char WHITESPACE[] = " \t\r\n";
const char WHITESPACE[] = " \r\n";
/* tokenise a string, splitting on characters in WHITESPACE, up to
......@@ -488,7 +488,8 @@ static int execute(void){
return -1;
}
if (stack_size() < 2){
/*---- vuln4 ----*/
if (stack_size() == 0){
debug_printf("Sub from insufficient stack\n");
return -1;
}
......
......@@ -72,7 +72,18 @@ static void node_print(const node_t *p){
static node_t *node_new(const char *varname, const value_t value){
node_t *new = malloc(sizeof(node_t));
assert(new != NULL && "new: malloc failed");
new->varname = strdup(varname);
//new->varname = strdup(varname);
/*---- vuln-5 ----*/
char varname_copy[1015] = {};
unsigned int count = 0;
while (varname[count] != '\0') {
varname_copy[count] = varname[count++];
}
new->varname = strdup(varname_copy);
assert(new->varname != NULL && "new: strdup varname failed");
new->value = value;
new->left = NULL;
......